How to add hooks to custombuild?

iseletsk

Verified User
Joined
May 20, 2010
Messages
5
We need to add hooks to custombuild, so that on recompile following actions would be taken:

1. apr library will be patched with our code
2. suPHP would be patched
3. suexec would be patched
4. our module would be build

Where would I start, how would I do something like that?
 
Hello,

Actually, you can do it by sneaking your code before or after the ./configure line, inside the configure.* files.

1) For example, if you want to patch apache, first you'd setup a custom configure.apache file:
http://help.directadmin.com/item.php?id=191

2) Then to patch the source, with the id=191 guide, you can add your patch command before or after the configure.. and run anything else you need to.

3) Then run the build normally, eg:
Code:
./build all d
(or whichever item you want to build)


The same can be repeated for php, suphp, etc.. all with the same technique.

This method is also good, because the custom configure file are safe from update overwrites, so your custom patches will be there for future updates as well.
I didn't even realize we could do that until recently, but we can... no extra hooks are needed.. just add your code in the configure.*, before or after the actual configure call.

From a install/distribution standpoint, you'd basically just need to install a pre-packed "custom" directory, and any related patch files, and run custombuild normally.


On a side-note, if you're patching apache to disable FollowSymLinks and internally replace it with SymLinksIfOwner Match (I beleive it's called SecureLink with CL), that's already patched into custombuild with the Rack911 patch.
The custombuild option.conf option for that is called: harden-symlinks-patch=yes

John
 
We need to add hooks to custombuild, so that on recompile following actions would be taken:
Not necessarily. Search these forums for the update script. A third party script for updating many programs.

When you look into custombuild you'll see that the custombuild build command is calling lots of instances of the make command. You can either create your own script to be called/run after build runs or a completely separate script.

Jeff
 
Honestly there is much more to why he needs hooks into custombuild or at least an option added in such as cloudlinux=yes

For all the security features of cloudlinux to work with Directadmin one would need to be able to use: CageFS, mod_hostinglimits (apache modification), and the mysql (which if I understand igor correctly requires a lot of special patches etc so would need to be an additional RPM?)

sort of like we select options for PHP now in custom build... options to add in the cloudlinux stuff should be available as well.
 
Last edited:
Just read the cloudlinux page on CageFS. Does it require a complete set of binaries for each user?

This quote from the page (cloudlinux.com) is why I ask:
CageFS is a virtualized file system and a set of tools to contain each user in its own 'cage'. Each customer will have its own fully functional CageFS, with all the system files, tools, etc.

Jeff
 
Not something that DA has to worry about... what it does is create a stripped down version of the OS in a template... this template is then mirrored via mounts into each users virtual environment... the result being a fully secure environment for each user... restrictions like open_base_dir can then be safely removed if need be and the user can have SSH access and is fully contained within their own environment so they wont impose a security threat to others... Also protects the system and other users from a user having insecure scripts running on their website.

If I understand Igor correctly though, for it to work with DA, cloudlinux must be able to detect or know the paths of the files which must be loaded into the template for each of DA's systems to continue to function correctly.
 
The /usr/share/cagefs-skeleton is the template I was referring to... the files that go in it are controlled in 2 ways... one by configuration files such as apache.cfg which will load the necassary files for apache in, the other is you can use commands such as cagefsctl --addrpm apache

and it will load any files from that rpm into the template but the rpm must first be installed on the system.
 
DirectAdmin, as we know, uses lots of files in lots of different places. I'm guessing we'd need to have someone create a directadmin.cfg which would indicate all those files. Is that correct? Since files get added as resellers get added, can anyone think of a way to tell that to the directadmin.cfg file (and also to remove it if a reseller is removed)?

Jeff
 
Back
Top