[vsftpd] Daemonize

inetd start -> SysVinit ("almost LSB compliant")

meta-oe/recipes-core/busybox/busybox-1.23.1/inetd.conf

@@ -18,4 +18,3 @@
 #daytime	dgram	udp6	wait	root	internal
 #time		stream	tcp6	nowait	root	internal
 #time		dgram	udp6	wait	root	internal
-ftp		stream	tcp6	nowait	root	/usr/sbin/vsftpd	vsftpd

meta-oe/recipes-core/busybox/busybox_1.23.1.bbappend

@@ -1,4 +1,4 @@
-PR .= ".18"
+PR .= ".19"
 PACKAGE_ARCH = "${MACHINE_ARCH}"
 
 SRC_URI += " \

meta-oe/recipes-daemons/vsftpd/vsftpd-3.0.2/ftp.service

@@ -0,0 +1,9 @@
+<?xml version="1.0" standalone='no'?>
+<!DOCTYPE service-group SYSTEM "avahi-service.dtd">
+<service-group>
+	<name replace-wildcards="yes">FTP file server on %h</name>
+	<service>
+		<type>_ftp._tcp</type>
+		<port>21</port>
+	</service>
+</service-group>

meta-oe/recipes-daemons/vsftpd/vsftpd-3.0.2/init.vsftpd

@@ -0,0 +1,47 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: vsftpd
+# Default-Start:  2345
+# Default-Stop:   016
+# Short-Description: Very Secure Ftp Daemon
+# Description: vsftpd is a Very Secure FTP daemon. It was written completely from
+#              scratch
+### END INIT INFO
+
+DAEMON=/usr/sbin/vsftpd
+NAME=vsftpd
+DESC="FTP Server"
+ARGS=""
+AVAHI="/etc/avahi/services/ftp"
+
+test -f $DAEMON || exit 0
+
+set -e
+
+case "$1" in
+    start)
+        echo -n "* starting $DESC: $NAME... "
+        start-stop-daemon -S -b -x $DAEMON -- $ARGS
+	[ -e ${AVAHI}.disabled ] && mv ${AVAHI}.disabled ${AVAHI}.service
+        echo "done."
+        ;;
+    stop)
+        echo -n "* stopping $DESC: $NAME... "
+        start-stop-daemon -K -x $DAEMON
+	[ -e ${AVAHI}.service ] && mv ${AVAHI}.service ${AVAHI}.disabled
+        echo "done."
+        ;;
+    restart)
+        echo "* restarting $DESC: $NAME... "
+        $0 stop || true
+        $0 start
+	[ -e ${AVAHI}.disabled ] && mv ${AVAHI}.disabled ${AVAHI}.service
+        echo "done."
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart}"
+        exit 1
+        ;;
+esac
+
+exit 0

meta-oe/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd.chroot_list

@@ -0,0 +1 @@
+root

meta-oe/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd.conf

@@ -10,6 +10,7 @@
 
 # run standalone
 listen=NO
+listen_ipv6=YES
 
 # No PAM sessions to save resources
 session_support=NO
@@ -99,9 +100,9 @@ xferlog_std_format=YES
 # You may specify an explicit list of local users to chroot() to their home
 # directory. If chroot_local_user is YES, then this list becomes a list of
 # users to NOT chroot().
-#chroot_list_enable=YES
+chroot_list_enable=YES
 # (default follows)
-#chroot_list_file=/etc/vsftpd.chroot_list
+chroot_list_file=/etc/vsftpd.chroot_list
 #
 # You may activate the "-R" option to the builtin ls. This is disabled by
 # default to avoid remote users being able to cause excessive I/O on large
@@ -135,14 +136,15 @@ use_localtime=YES
 # Only enable if you know what you are doing.  Note that these security implications
 # are not vsftpd specific. They apply to all FTP daemons which offer to put 
 # local  users in chroot() jails.
-chroot_local_user=NO
+chroot_local_user=YES
 #
 allow_writeable_chroot=YES
 #
 tcp_wrappers=NO
 
-local_root=/
-
 # Enable FXP
 pasv_promiscuous=YES
 port_promiscuous=YES
+
+# Allow users w/o shell access
+check_shell=NO

meta-oe/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd@.service

@@ -0,0 +1,5 @@
+[Unit]
+
+[Service]
+ExecStart=-/usr/sbin/vsftpd
+StandardInput=socket

meta-oe/recipes-daemons/vsftpd/vsftpd_3.0.2.bb

@@ -3,11 +3,9 @@ HOMEPAGE = "https://security.appspot.com/vsftpd.html"
 SECTION = "network"
 LICENSE = "GPLv2"
 LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
-PR = "r4"
+PR = "r5"
 
 DEPENDS = "libcap openssl"
-DEPENDS += "virtual/inetd"
-RDEPENDS_${PN} += "virtual/inetd"
 
 SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
            file://makefile-destdir.patch \

meta-oe/recipes-daemons/vsftpd/vsftpd_3.0.2.bbappend

@@ -0,0 +1,66 @@
+SRC_URI += "file://vsftpd.chroot_list \
+            file://init.vsftpd \
+            file://ftp.service \
+           "
+PR .= ".1"
+
+inherit update-rc.d
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME_${PN} = "${PN}"
+INITSCRIPT_PARAMS = "defaults"
+
+CONFFILES_${PN} += "${sysconfdir}/vsftpd.chroot_list"
+
+do_install_append() {
+    install -m 600 ${WORKDIR}/vsftpd.chroot_list ${D}${sysconfdir}/vsftpd.chroot_list
+    mkdir -p ${D}${sysconfdir}/init.d
+    install -m 755 ${WORKDIR}/init.vsftpd ${D}${sysconfdir}/init.d/vsftpd
+    mkdir -p ${D}${sysconfdir}/avahi/services
+    install -m 644 ${WORKDIR}/ftp.service ${D}${sysconfdir}/avahi/services
+    if ! test -z ${PAMLIB} ; then
+	grep -v 'pam_shells.so' ${D}${sysconfdir}/pam.d/vsftpd > $D/tmp/vsftpd
+	mv $D/tmp/vsftpd ${D}${sysconfdir}/pam.d/vsftpd
+    fi
+}
+
+pkg_preinst_${PN}_prepend() {
+#!/bin/sh
+
+# Remove ftp inetd.conf entries
+if [ -z "$D" -a -f "/etc/inetd.conf" ]; then
+	grep -vE '^[#\s]*(21|ftp)' $D/etc/inetd.conf > $D/tmp/inetd.tmp
+	mv $D/tmp/inetd.tmp $D/etc/inetd.conf
+fi
+
+if [ -z "$D" -a -f "/etc/init.d/inetd.busybox" ]; then
+	# Restart the internet superserver
+	/etc/init.d/inetd.busybox restart
+fi
+
+if [ -z "$D" -a -f "/etc/vsftpd.conf" ]; then
+	echo "Existing user modified configs might make vsftpd fail to start!"
+	echo "Renaming config file /etc/vsftpd.conf to /etc/vsftpd.conf-user ..."
+	mv /etc/vsftpd.conf /etc/vsftpd.conf-user
+fi
+}
+
+pkg_postinst_${PN}_prepend() {
+#!/bin/sh
+
+if [ -n "$D" ]; then
+	grep -qE '^kids:' $D/etc/passwd
+	if [[ $? -ne 0 ]] ; then
+		echo 'kids:x:500:500:Linux User,,,:/media:/bin/false' >> $D/etc/passwd
+		echo 'kids:!:16560:0:99999:7:::' >> $D/etc/shadow
+	fi
+fi
+
+if [ -z "$D" ]; then
+	grep -qE '^kids:' /etc/passwd
+	if [[ $? -ne 0 ]] ; then
+		adduser -h /media -s /bin/false -H -D -u 500 kids 2>/dev/null || adduser -h /media -s /bin/false -H -D kids
+	fi
+
+fi
+}