openwrt-packages/net/cgi-io/Makefile

#
# Copyright (C) 2015 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=cgi-io
PKG_RELEASE:=19

PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/cgi-io.git
PKG_SOURCE_DATE:=2020-10-27
PKG_SOURCE_VERSION:=ab4c3471b26179b6e1decfb6ca27c4a87df9a0a4
PKG_MIRROR_HASH:=fb1ca916aeb75a58f3ca003556aa7516d30e5d868000fc00929ca4c4bf336b0e
CMAKE_INSTALL:=1

PKG_LICENSE:=GPL-2.0-or-later
PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>

include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk

define Package/cgi-io
  SECTION:=net
  CATEGORY:=Network
  SUBMENU:=Web Servers/Proxies
  DEPENDS:=+libubox +libubus
  TITLE:=CGI utility for handling up/downloading of files
endef

define Package/cgi-io/description
  This package contains an cgi utility that is useful for up/downloading files
endef

define Package/cgi-io/install
	$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/
	$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec
	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload
	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-download
	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup
	$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-exec
endef

$(eval $(call BuildPackage,cgi-io))
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00			`#`
			`# Copyright (C) 2015 OpenWrt.org`
			`#`
			`# This is free software, licensed under the GNU General Public License v2.`
			`# See /LICENSE for more information.`
			`#`

			`include $(TOPDIR)/rules.mk`

			`PKG_NAME:=cgi-io`
cgi-io: fix compilation against uClibc Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2020-02-27 12:38:15 +01:00			`PKG_RELEASE:=19`
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00
cgi-io: move into out of tree project No functional changes, just moved the sources into out of tree project[1] so it's going to be easier to do CI with unit testing, fuzzing etc. 1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-11 14:54:55 +02:00			`PKG_SOURCE_PROTO:=git`
			`PKG_SOURCE_URL=$(PROJECT_GIT)/project/cgi-io.git`
cgi-io: update to version 2020-10-27 Contains following list of changes: ab4c3471b261 tests: add cram based unit tests 7b4e3241e1bd tests: add cgi-io built with clang sanitizers 21831f45d16d Disable session ACLs during unit testing 2f525417b5df Add initial GitLab CI support 57f1c4f18cb6 Add .gitignore 09f9ac5066ee Fix off-by-one in postdecode_fields ed8ce0d5d28b Add fuzzing of utility functions a61581819800 Add fuzzing of multipart_parser 6b0615b728ed Refactor utility functions into static library a0ed2c9a7a72 Fix clang compiler errors 232659da19a4 Fix possible NULL dereference 8e5719b37a67 Fix warnings reported by clang-10 static analyzer b99aa8a64cca Remove Makefile Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-27 23:08:00 +01:00			`PKG_SOURCE_DATE:=2020-10-27`
			`PKG_SOURCE_VERSION:=ab4c3471b26179b6e1decfb6ca27c4a87df9a0a4`
			`PKG_MIRROR_HASH:=fb1ca916aeb75a58f3ca003556aa7516d30e5d868000fc00929ca4c4bf336b0e`
cgi-io: move into out of tree project No functional changes, just moved the sources into out of tree project[1] so it's going to be easier to do CI with unit testing, fuzzing etc. 1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-11 14:54:55 +02:00			`CMAKE_INSTALL:=1`
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00
cgi-io: move into out of tree project No functional changes, just moved the sources into out of tree project[1] so it's going to be easier to do CI with unit testing, fuzzing etc. 1. https://git.openwrt.org/?p=project/cgi-io.git;a=shortlog Signed-off-by: Petr Štetiar <ynezz@true.cz> 2020-10-11 14:54:55 +02:00			`PKG_LICENSE:=GPL-2.0-or-later`
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00			`PKG_MAINTAINER:=John Crispin <blogic@openwrt.org>`

			`include $(INCLUDE_DIR)/package.mk`
treewide: back to cmake.mk Ninja was merged to base and therefore we can now use normal cmake.mk Signed-off-by: Rosen Penev <rosenp@gmail.com> 2021-06-11 01:27:06 +02:00			`include $(INCLUDE_DIR)/cmake.mk`
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00
			`define Package/cgi-io`
			`SECTION:=net`
			`CATEGORY:=Network`
			`SUBMENU:=Web Servers/Proxies`
			`DEPENDS:=+libubox +libubus`
			`TITLE:=CGI utility for handling up/downloading of files`
			`endef`

			`define Package/cgi-io/description`
			`This package contains an cgi utility that is useful for up/downloading files`
			`endef`

			`define Package/cgi-io/install`
			`$(INSTALL_DIR) $(1)/usr/libexec $(1)/www/cgi-bin/`
			`$(INSTALL_BIN) $(PKG_BUILD_DIR)/cgi-io $(1)/usr/libexec`
cgi-io: use different acl scopes for path and command permissions Use the `cgi-io` scope to check for permission to execute the requested command (`upload`, `backup`) and the `file` scope to check path permissions. The reasoning of this change is that `cgi-io` is usually used in conjunction with `rpcd-mod-file` to transfer large file data out of band and `rpcd-mod-file` already uses the `file` scope to manage file path access permissions. After this change, both `rpc-mod-file` and `cgi-io` can share the same path acl rules. Write access to a path can be granted by using an ubus call in the following form: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/var/lib/uploads/*", "write" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2019-09-13 06:52:21 +02:00			`$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-upload`
cgi-io: add download operation Add a new `cgi-download` applet which allows to retrieve the contents of regular files or block devices. In order to initiate a transfer, a POST request in x-www-form-urlencoded format must be sent to the applet, with one field "sessionid" holding the login session and another field "path" containing the file path to download. Further optional fields are "filename" which - if present - will cause the download applet to set a Content-Dispostition header and "mimetype" which allows to let the applet respond with a specific type instead of the default "application/octet-stream". Below is an example for the required acl rules to grant download access to files or block devices: ubus call session grant '{ "ubus_rpc_session": "...", "scope": "cgi-io", "objects": [ [ "download", "read" ] ] }' ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/etc/config/", "read" ], [ "/dev/mtdblock", "read" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2019-09-13 07:23:25 +02:00			`$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-download`
cgi-io: Fix bug The installation name is inconsistent with the code Signed-off-by: Jianhui Zhao <jianhuizhao329@gmail.com> 2019-05-30 04:03:29 +02:00			`$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-backup`
cgi-io: implement exec action Implement a new "cgi-exec" applet which allows to invoke remote commands and stream their stdandard output back to the client via HTTP. This is needed in cases where large amounts of data or binary encoded contents such as tar archives need to be transferred, which are unsuitable to be transported via ubus directly. The exec call is guarded by the same ACL semantics as rpcd's file plugin, means in order to be able to execute a command remotely, the ubus session identified by the given session ID must have read access to the "exec" function of the "cgi-io" scope and an explicit "exec" permission rule for the invoked command in the "file" scope. In order to initiate a transfer, a POST request in x-www-form-urlencoded format must be sent to the applet, with one field "sessionid" holding the login session and another field "command" specifiying the commandline to invoke. Further optional fields are "filename" which - if present - will cause the download applet to set a Content-Dispostition header and "mimetype" which allows to let the applet respond with a specific type instead of the default "application/octet-stream". Below is an example for the required ACL rules to grant exec access to both the "date" and "iptables" commands. The "date" rule specifies the base name of the executable and thus allows invocation with arbitrary parameters while the latter "iptables" rule merely allows one specific set of arguments which must appear exactly in the given order. ubus call session grant '{ "ubus_rpc_session": "...", "scope": "cgi-io", "objects": [ [ "exec", "read" ] ] }' ubus call session grant '{ "ubus_rpc_session": "...", "scope": "file", "objects": [ [ "/bin/date", "exec" ], [ "/usr/sbin/iptables -n -v -L", "exec" ] ] }' Signed-off-by: Jo-Philipp Wich <jo@mein.io> 2019-12-13 09:08:51 +01:00			`$(LN) ../../usr/libexec/cgi-io $(1)/www/cgi-bin/cgi-exec`
cgi-io: add a small helper cgi that can be used by RPCD based UIs Signed-off-by: John Crispin <blogic@openwrt.org> 2015-10-01 17:34:13 +02:00			`endef`

			`$(eval $(call BuildPackage,cgi-io))`