Summary: Utilities to limit user accounts to specific files using chroot()
Name: jailkit
Version: 2.23
Release: 1%{?dist}
License: Open Source
Group: Applications/System
URL: http://olivier.sessink.nl/jailkit/


Source: http://olivier.sessink.nl/jailkit/jailkit-%{version}.tar.bz2
Patch1: jailkit-2.17-makefile.patch
Patch2: jailkit-jk_init-php.patch
Patch3: jailkit-2.23-nosetuid.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: binutils, gcc, make, autoconf, automake
BuildRequires: glibc-devel
BuildRequires: libcap-devel
BuildRequires: python3, python3-devel
%undefine __brp_mangle_shebangs

%description
Jailkit is a set of utilities to limit user accounts to specific files
using chroot() and or specific commands. Setting up a chroot shell,
a shell limited to some specific command, or a daemon inside a chroot
jail is a lot easier using these utilities.

Jailkit has been in use for a while on CVS servers (in a chroot and
limited to cvs), sftp/scp servers (both in a chroot and limited to
sftp/scp as well as not in a chroot but only limited to sftp/scp),
and also on general servers with accounts where the shell accounts
are in a chroot.

%prep
%setup -q
%patch1 -p0 -b .makefile
%patch2 -p0
%patch3 -p1 

%build
%configure PYTHONINTERPRETER=/usr/bin/python3
%{__make} %{?_smp_mflags}

%install
%{__rm} -rf %{buildroot}
%{__make} install DESTDIR="%{buildroot}"

%{__install} -Dp -m0755 extra/jailkit %{buildroot}%{_initrddir}/jailkit

%post
if [ -w %{_sysconfdir}/shells ] && \
  [ "`grep %{_sbindir}/jk_chrootsh %{_sysconfdir}/shells`" == "" ]
then
  echo "%{_sbindir}/jk_chrootsh" >> %{_sysconfdir}/shells
fi

%postun
sed -i -e "/jk_chrootsh/d" %{_sysconfdir}/shells

%clean
%{__rm} -rf %{buildroot}

%files
%defattr(-, root, root, 0755)
%doc %{_mandir}/man?/*
%config(noreplace) %{_sysconfdir}/jailkit/
%config %{_initrddir}/jailkit
%caps(cap_sys_chroot=ep) %{_sbindir}/jk_chrootsh
%{_sbindir}/jk_jailuser
%{_sbindir}/jk_socketd
%{_sbindir}/jk_check
%{_sbindir}/jk_cp
%{_sbindir}/jk_list
%{_sbindir}/jk_update
%{_sbindir}/jk_chrootlaunch
%{_sbindir}/jk_init
%{_sbindir}/jk_lsh
%caps(cap_sys_chroot=ep) %{_bindir}/jk_uchroot
%{_datadir}/jailkit/

%changelog
* Sat Feb 18 2023 Joe Cooper <joe@virtualmin.com> - 2.23-1
- Remove setuid bit on jk_chrootsh and jk_uchroot (setcap instead)
- Bump rev to latest

* Sun Aug 15 2021 Joe Cooper <joe@virtualmin.com> - 2.22-1
- Bump rev to latest version
- which fixes bogus includesections config in jk_init.ini

* Sat Jan 04 2020 Joe Cooper <joe@virtualmin.com> - 2.21-1
- Bump rev to latest version
- Remove mention of jk_addjailuser (removed upstream)

* Tue May 30 2017 Joe Cooper <joe@virtualmin.com> - 2.19-4
- Patch jk_init.ini to include a php section

* Tue Dec 06 2016 Joe Cooper <joe@virtualmin.com> - 2.19-1
- Update to 2.19
- Apply patch and changes suggested in https://bugzilla.redhat.com/show_bug.cgi?id=967782
- setcap on jk_chrootsh with caps macro

* Wed Jun 02 2010 Steve Huff <shuff@vecna.org> - 2.11-1 - 8843/shuff
- Updated to release 2.11.

* Thu May 15 2008 Dries Verachtert <dries@ulyssis.org> - 2.5-1
- Updated to release 2.5.

* Tue Sep 12 2006 Dag Wieers <dag@wieers.com> - 2.1-1
- Updated to release 2.1.

* Sun Mar 19 2006 Dag Wieers <dag@wieers.com> - 2.0-1
- Updated to release 2.0.

* Fri May 20 2005 Dag Wieers <dag@wieers.com> - 1.3-1
- Initial package. (using DAR)