14 files changed, 526 insertions, 0 deletions

diff --git a/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
new file mode 100644
index 000000000..5f2860e84
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/change-secure_chroot_dir.patch
@@ -0,0 +1,55 @@
+vsftpd: change default value of secure_chroot_dir
+
+Upstream-Status: Pending
+
+Change secure_chroot_dir pointing to a volatile directory.
+
+Signed-off-by: Ming Liu <ming.liu@windriver.com>
+---
+ INSTALL       |    6 +++---
+ tunables.c    |    2 +-
+ vsftpd.conf.5 |    2 +-
+ 3 files changed, 5 insertions(+), 5 deletions(-)
+
+diff -urpN a/INSTALL b/INSTALL
+--- a/INSTALL   2013-09-13 10:23:57.504972397 +0800
++++ b/INSTALL   2013-09-13 10:25:25.664971779 +0800
+@@ -27,11 +27,11 @@ user in case it does not already exist. 
+ [root@localhost root]# useradd nobody
+ useradd: user nobody exists
+ 
+-2b) vsftpd needs the (empty) directory /usr/share/empty in the default
++2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default
+ configuration. Add this directory in case it does not already exist. e.g.:
+ 
+-[root@localhost root]# mkdir /usr/share/empty/
+-mkdir: cannot create directory `/usr/share/empty': File exists
++[root@localhost root]# mkdir /var/run/vsftpd/empty/
++mkdir: cannot create directory `/var/run/vsftpd/empty': File exists
+ 
+ 2c) For anonymous FTP, you will need the user "ftp" to exist, and have a
+ valid home directory (which is NOT owned or writable by the user "ftp").
+diff -urpN a/tunables.c b/tunables.c
+--- a/tunables.c        2013-09-13 10:26:29.554972817 +0800
++++ b/tunables.c        2013-09-13 10:27:18.104972210 +0800
+@@ -254,7 +254,7 @@ tunables_load_defaults()
+   /* -rw------- */
+   tunable_chown_upload_mode = 0600;
+ 
+-  install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir);
++  install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir);
+   install_str_setting("ftp", &tunable_ftp_username);
+   install_str_setting("root", &tunable_chown_username);
+   install_str_setting("/var/log/xferlog", &tunable_xferlog_file);
+diff -urpN a/vsftpd.conf.5 b/vsftpd.conf.5
+--- a/vsftpd.conf.5     2013-09-13 10:09:33.774972462 +0800
++++ b/vsftpd.conf.5     2013-09-13 10:10:41.914971989 +0800
+@@ -969,7 +969,7 @@ This option should be the name of a dire
+ directory should not be writable by the ftp user. This directory is used
+ as a secure chroot() jail at times vsftpd does not require filesystem access.
+ 
+-Default: /usr/share/empty
++Default: /var/run/vsftpd/empty
+ .TP
+ .B ssl_ciphers
+ This option can be used to select which SSL ciphers vsftpd will allow for
diff --git a/meta-networking/recipes-daemons/vsftpd/files/init b/meta-networking/recipes-daemons/vsftpd/files/init
new file mode 100755
index 000000000..d0ec010dc
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/init
@@ -0,0 +1,41 @@
+#!/bin/sh
+DAEMON=/usr/sbin/vsftpd
+NAME=vsftpd
+DESC="FTP Server"
+ARGS=""
+FTPDIR=/var/lib/ftp
+
+test -f $DAEMON || exit 0
+
+set -e
+
+case "$1" in
+    start)
+        echo -n "* starting $DESC: $NAME... "
+        if ! test -d $FTPDIR; then
+            mkdir -p $FTPDIR/in
+            chown ftp $FTPDIR -R
+            chmod a-w $FTPDIR
+            chmod u+w $FTPDIR/in
+        fi
+        start-stop-daemon -S -b -x $DAEMON -- $ARGS
+        echo "done."
+        ;;
+    stop)
+        echo -n "* stopping $DESC: $NAME... "
+        start-stop-daemon -K -x $DAEMON
+        echo "done."
+        ;;
+    restart)
+        echo "* restarting $DESC: $NAME... "
+        $0 stop
+        $0 start
+        echo "done."
+        ;;
+    *)
+        echo "Usage: $0 {start|stop|restart}"
+        exit 1
+        ;;
+esac
+
+exit 0
diff --git a/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
new file mode 100644
index 000000000..8a602ba37
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/volatiles.99_vsftpd
@@ -0,0 +1 @@
+d root root 0755 /var/run/vsftpd/empty none
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
new file mode 100644
index 000000000..bb1929480
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.conf
@@ -0,0 +1,139 @@
+# Example config file /etc/vsftpd.conf
+#
+# The default compiled in settings are fairly paranoid. This sample file
+# loosens things up a bit, to make the ftp daemon more usable.
+# Please see vsftpd.conf.5 for all compiled in defaults.
+#
+# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
+# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
+# capabilities.
+
+# run standalone
+listen=YES
+
+# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
+anonymous_enable=NO
+#
+# Uncomment this to allow local users to log in.
+local_enable=YES
+#
+# Uncomment this to enable any form of FTP write command.
+write_enable=YES
+#
+# Default umask for local users is 077. You may wish to change this to 022,
+# if your users expect that (022 is used by most other ftpd's)
+local_umask=022
+#
+# Uncomment this to allow the anonymous FTP user to upload files. This only
+# has an effect if the above global write enable is activated. Also, you will
+# obviously need to create a directory writable by the FTP user.
+#anon_upload_enable=YES
+#
+# Uncomment this if you want the anonymous FTP user to be able to create
+# new directories.
+#anon_mkdir_write_enable=YES
+#
+# Activate directory messages - messages given to remote users when they
+# go into a certain directory.
+dirmessage_enable=YES
+#
+# Activate logging of uploads/downloads.
+xferlog_enable=YES
+#
+# Make sure PORT transfer connections originate from port 20 (ftp-data).
+connect_from_port_20=YES
+#
+# If you want, you can arrange for uploaded anonymous files to be owned by
+# a different user. Note! Using "root" for uploaded files is not
+# recommended!
+#chown_uploads=YES
+#chown_username=whoever
+#
+# You may override where the log file goes if you like. The default is shown
+# below.
+#xferlog_file=/var/log/vsftpd.log
+#
+# If you want, you can have your log file in standard ftpd xferlog format
+xferlog_std_format=YES
+#
+# You may change the default value for timing out an idle session.
+#idle_session_timeout=600
+#
+# You may change the default value for timing out a data connection.
+#data_connection_timeout=120
+#
+# It is recommended that you define on your system a unique user which the
+# ftp server can use as a totally isolated and unprivileged user.
+#nopriv_user=ftp
+#
+# Enable this and the server will recognise asynchronous ABOR requests. Not
+# recommended for security (the code is non-trivial). Not enabling it,
+# however, may confuse older FTP clients.
+#async_abor_enable=YES
+#
+# By default the server will pretend to allow ASCII mode but in fact ignore
+# the request. Turn on the below options to have the server actually do ASCII
+# mangling on files when in ASCII mode.
+# Beware that turning on ascii_download_enable enables malicious remote parties
+# to consume your I/O resources, by issuing the command "SIZE /big/file" in
+# ASCII mode.
+# These ASCII options are split into upload and download because you may wish
+# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
+# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
+# on the client anyway..
+#ascii_upload_enable=YES
+#ascii_download_enable=YES
+#
+# You may fully customise the login banner string:
+#ftpd_banner=Welcome to blah FTP service.
+#
+# You may specify a file of disallowed anonymous e-mail addresses. Apparently
+# useful for combatting certain DoS attacks.
+#deny_email_enable=YES
+# (default follows)
+#banned_email_file=/etc/vsftpd.banned_emails
+#
+# You may specify an explicit list of local users to chroot() to their home
+# directory. If chroot_local_user is YES, then this list becomes a list of
+# users to NOT chroot().
+#chroot_list_enable=YES
+# (default follows)
+#chroot_list_file=/etc/vsftpd.chroot_list
+#
+# You may activate the "-R" option to the builtin ls. This is disabled by
+# default to avoid remote users being able to cause excessive I/O on large
+# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
+# the presence of the "-R" option, so there is a strong case for enabling it.
+#ls_recurse_enable=YES
+#
+# This string is the name of the PAM service vsftpd will use.
+pam_service_name=vsftpd
+#
+# This option is examined if userlist_enable is activated. If you set this
+# setting to NO, then users will be denied login  unless  they are  explicitly 
+# listed  in the file specified by userlist_file.  When login is denied, the 
+# denial is issued before the user is asked for a password.
+userlist_deny=YES
+#
+# If enabled, vsftpd will load a list of usernames, from the filename given by
+# userlist_file.  If a user tries to log in using  a  name in  this  file,  they
+# will be denied before they are asked for a password. This may be useful in 
+# preventing cleartext passwords being transmitted. See also userlist_deny.
+userlist_enable=YES
+#
+# If enabled,  vsftpd  will display directory listings with the time in your
+# local time zone. The default is to display GMT. The times returned by the
+# MDTM FTP command are also affected by this option.
+use_localtime=YES
+#
+# If set to YES, local users will be (by default) placed in a chroot() jail in
+# their home directory after login.  Warning: This  option has  security  
+# implications,  especially  if  the users have upload permission, or shell access.
+# Only enable if you know what you are doing.  Note that these security implications
+# are not vsftpd specific. They apply to all FTP daemons which offer to put 
+# local  users in chroot() jails.
+chroot_local_user=YES
+#
+allow_writeable_chroot=YES
+#
+tcp_wrappers=YES
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers
new file mode 100644
index 000000000..096142f5d
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.ftpusers
@@ -0,0 +1,15 @@
+# Users that are not allowed to login via ftp
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.service b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.service
new file mode 100644
index 000000000..e27102026
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.service
@@ -0,0 +1,9 @@
+[Unit]
+Description=Vsftpd ftp daemon
+After=network.target
+
+[Service]
+ExecStart=@SBINDIR@/vsftpd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list
new file mode 100644
index 000000000..d283e3d26
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/files/vsftpd.user_list
@@ -0,0 +1,20 @@
+# vsftpd userlist
+# If userlist_deny=NO, only allow users in this file
+# If userlist_deny=YES (default), never allow users in this file, and
+# do not even prompt for a password.
+# Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
+# for users that are denied.
+root
+bin
+daemon
+adm
+lp
+sync
+shutdown
+halt
+mail
+news
+uucp
+operator
+games
+nobody
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-destdir.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-destdir.patch
new file mode 100644
index 000000000..1980d09fd
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-destdir.patch
@@ -0,0 +1,44 @@
+Use DESTDIR within install to allow installing under a prefix
+
+Upstream-Status: Pending
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -24,21 +24,21 @@
+        $(CC) -o vsftpd $(OBJS) $(LINK) $(LIBS)
+ 
+ install:
+-       if [ -x /usr/local/sbin ]; then \
+-               $(INSTALL) -m 755 vsftpd /usr/local/sbin/vsftpd; \
++       if [ -x ${DESTDIR}/usr/local/sbin ]; then \
++               $(INSTALL) -m 755 vsftpd ${DESTDIR}/usr/local/sbin/vsftpd; \
+        else \
+-               $(INSTALL) -m 755 vsftpd /usr/sbin/vsftpd; fi
+-       if [ -x /usr/local/man ]; then \
+-               $(INSTALL) -m 644 vsftpd.8 /usr/local/man/man8/vsftpd.8; \
+-               $(INSTALL) -m 644 vsftpd.conf.5 /usr/local/man/man5/vsftpd.conf.5; \
+-       elif [ -x /usr/share/man ]; then \
+-               $(INSTALL) -m 644 vsftpd.8 /usr/share/man/man8/vsftpd.8; \
+-               $(INSTALL) -m 644 vsftpd.conf.5 /usr/share/man/man5/vsftpd.conf.5; \
++               $(INSTALL) -m 755 vsftpd ${DESTDIR}/usr/sbin/vsftpd; fi
++       if [ -x ${DESTDIR}/usr/local/man ]; then \
++               $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/local/man/man8/vsftpd.8; \
++               $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/local/man/man5/vsftpd.conf.5; \
++       elif [ -x ${DESTDIR}/usr/share/man ]; then \
++               $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/share/man/man8/vsftpd.8; \
++               $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/share/man/man5/vsftpd.conf.5; \
+        else \
+-               $(INSTALL) -m 644 vsftpd.8 /usr/man/man8/vsftpd.8; \
+-               $(INSTALL) -m 644 vsftpd.conf.5 /usr/man/man5/vsftpd.conf.5; fi
+-       if [ -x /etc/xinetd.d ]; then \
+-               $(INSTALL) -m 644 xinetd.d/vsftpd /etc/xinetd.d/vsftpd; fi
++               $(INSTALL) -m 644 vsftpd.8 ${DESTDIR}/usr/man/man8/vsftpd.8; \
++               $(INSTALL) -m 644 vsftpd.conf.5 ${DESTDIR}/usr/man/man5/vsftpd.conf.5; fi
++       if [ -x ${DESTDIR}/etc/xinetd.d ]; then \
++               $(INSTALL) -m 644 xinetd.d/vsftpd ${DESTDIR}/etc/xinetd.d/vsftpd; fi
+ 
+ clean:
+        rm -f *.o *.swp vsftpd
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-libs.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-libs.patch
new file mode 100644
index 000000000..9a10f722f
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-libs.patch
@@ -0,0 +1,21 @@
+Hardcode LIBS instead of using a script to determine available libs
+
+We want to avoid this dynamic detection so we have a deterministic
+build.
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -5,7 +5,7 @@
+ #CFLAGS = -g
+ CFLAGS =       -O2 -Wall -W -Wshadow #-pedantic -Werror -Wconversion
+ 
+-LIBS   =       `./vsf_findlibs.sh`
++LIBS   =       -lssl -lcrypto -lnsl -lresolv
+ LINK   =       -Wl,-s
+ 
+ OBJS   =       main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-strip.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-strip.patch
new file mode 100644
index 000000000..fd3160037
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/makefile-strip.patch
@@ -0,0 +1,17 @@
+Disable stripping at link time
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
+
+diff --git a/Makefile b/Makefile
+--- a/Makefile
++++ b/Makefile
+@@ -9,7 +9,6 @@ CFLAGS  =       -O2 -fPIE -fstack-protector --param=ssp-buffer-size=4 \
+        #-pedantic -Wconversion
+ 
+ LIBS   =       -lssl -lcrypto -lnsl -lresolv
+-LINK   =       -Wl,-s
+ LDFLAGS        =       -fPIE -pie -Wl,-z,relro -Wl,-z,now
+ 
+ OBJS   =       main.o utility.o prelogin.o ftpcmdio.o postlogin.o privsock.o \
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch
new file mode 100644
index 000000000..fdcf3a02b
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam-with-tcp_wrappers.patch
@@ -0,0 +1,17 @@
+Disable PAM
+
+Upstream-Status: Inappropriate [config]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+diff -ur vsftpd-2.0.1_org/builddefs.h vsftpd-2.0.1_patch/builddefs.h
+--- vsftpd-2.0.1_org/builddefs.h        2004-07-02 16:36:59.000000000 +0200
++++ vsftpd-2.0.1_patch/builddefs.h      2004-07-21 09:34:49.044900488 +0200
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+ 
+ #define VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam.patch
new file mode 100644
index 000000000..cf0d68e27
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/nopam.patch
@@ -0,0 +1,16 @@
+Disable PAM
+
+Upstream-Status: Inappropriate [config]
+
+diff -ur vsftpd-2.0.1_org/builddefs.h vsftpd-2.0.1_patch/builddefs.h
+--- vsftpd-2.0.1_org/builddefs.h        2004-07-02 16:36:59.000000000 +0200
++++ vsftpd-2.0.1_patch/builddefs.h      2004-07-21 09:34:49.044900488 +0200
+@@ -2,7 +2,7 @@
+ #define VSF_BUILDDEFS_H
+ 
+ #undef VSF_BUILD_TCPWRAPPERS
+-#define VSF_BUILD_PAM
++#undef VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+ #endif /* VSF_BUILDDEFS_H */
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch
new file mode 100644
index 000000000..69745b3a1
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd-3.0.2/vsftpd-tcp_wrappers-support.patch
@@ -0,0 +1,25 @@
+Enable tcp_wrapper.
+
+Upstream-Status: Inappropriate [configuration]
+
+Signed-off-by: Roy.Li <rongqing.li@windriver.com>
+---
+ builddefs.h |    2 +-
+ 1 files changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/builddefs.h b/builddefs.h
+index e908352..0106d1a 100644
+--- a/builddefs.h
++++ b/builddefs.h
+@@ -1,7 +1,7 @@
+ #ifndef VSF_BUILDDEFS_H
+ #define VSF_BUILDDEFS_H
+ 
+-#undef VSF_BUILD_TCPWRAPPERS
++#define VSF_BUILD_TCPWRAPPERS
+ #define VSF_BUILD_PAM
+ #undef VSF_BUILD_SSL
+ 
+-- 
+1.7.1
+
diff --git a/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.2.bb b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.2.bb
new file mode 100644
index 000000000..e4d65eea6
--- /dev/null
+++ b/meta-networking/recipes-daemons/vsftpd/vsftpd_3.0.2.bb
@@ -0,0 +1,106 @@
+SUMMARY = "Very Secure FTP server"
+HOMEPAGE = "https://security.appspot.com/vsftpd.html"
+SECTION = "network"
+LICENSE = "GPLv2"
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271"
+
+DEPENDS = "libcap openssl"
+
+SRC_URI = "https://security.appspot.com/downloads/vsftpd-${PV}.tar.gz \
+           file://makefile-destdir.patch \
+           file://makefile-libs.patch \
+           file://makefile-strip.patch \
+           file://init \
+           file://vsftpd.conf \
+           file://vsftpd.user_list \
+           file://vsftpd.ftpusers \
+           file://change-secure_chroot_dir.patch \
+           file://volatiles.99_vsftpd \
+           file://vsftpd.service \
+"
+
+LIC_FILES_CHKSUM = "file://COPYING;md5=a6067ad950b28336613aed9dd47b1271 \
+                        file://COPYRIGHT;md5=04251b2eb0f298dae376d92454f6f72e \
+                        file://LICENSE;md5=654df2042d44b8cac8a5654fc5be63eb"
+SRC_URI[md5sum] = "8b00c749719089401315bd3c44dddbb2"
+SRC_URI[sha256sum] = "be46f0e2c5528fe021fafc8dab1ecfea0c1f183063a06977f8537fcd0b195e56"
+
+
+PACKAGECONFIG ??= "tcp-wrappers"
+PACKAGECONFIG[tcp-wrappers] = ",,tcp-wrappers"
+SRC_URI +="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://vsftpd-tcp_wrappers-support.patch', '', d)}"
+
+DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
+RDEPENDS_${PN} += "${@base_contains('DISTRO_FEATURES', 'pam', 'pam-plugin-listfile', '', d)}"
+PAMLIB = "${@base_contains('DISTRO_FEATURES', 'pam', '-L${STAGING_BASELIBDIR} -lpam', '', d)}"
+NOPAM_SRC ="${@base_contains('PACKAGECONFIG', 'tcp-wrappers', 'file://nopam-with-tcp_wrappers.patch', 'file://nopam.patch', d)}"
+SRC_URI += "${@base_contains('DISTRO_FEATURES', 'pam', '', '${NOPAM_SRC}', d)}"
+
+inherit update-rc.d useradd systemd
+
+CONFFILES_${PN} = "${sysconfdir}/vsftpd.conf"
+LDFLAGS_append =" -lcrypt -lcap"
+
+do_configure() {
+    # Fix hardcoded /usr, /etc, /var mess.
+    cat tunables.c|sed s:\"/usr:\"${prefix}:g|sed s:\"/var:\"${localstatedir}:g \
+    |sed s:\"/etc:\"${sysconfdir}:g > tunables.c.new
+    mv tunables.c.new tunables.c
+}
+
+do_compile() {
+   oe_runmake "LIBS=-L${STAGING_LIBDIR} -lcrypt -lcap ${PAMLIB} -lwrap"
+}
+
+do_install() {
+    install -d ${D}${sbindir}
+    install -d ${D}${mandir}/man8
+    install -d ${D}${mandir}/man5
+    oe_runmake 'DESTDIR=${D}' install
+    install -d ${D}${sysconfdir}
+    install -m 600 ${WORKDIR}/vsftpd.conf ${D}${sysconfdir}/vsftpd.conf
+    install -d ${D}${sysconfdir}/init.d/
+    install -m 755 ${WORKDIR}/init ${D}${sysconfdir}/init.d/vsftpd
+    install -d ${D}/${sysconfdir}/default/volatiles
+    install -m 644 ${WORKDIR}/volatiles.99_vsftpd ${D}/${sysconfdir}/default/volatiles/99_vsftpd
+
+    install -m 600 ${WORKDIR}/vsftpd.ftpusers ${D}${sysconfdir}/
+    install -m 600 ${WORKDIR}/vsftpd.user_list ${D}${sysconfdir}/
+    if ! test -z "${PAMLIB}" ; then
+        install -d ${D}${sysconfdir}/pam.d/
+        cp ${S}/RedHat/vsftpd.pam ${D}${sysconfdir}/pam.d/vsftpd
+        sed -i "s:/lib/security:${base_libdir}/security:" ${D}${sysconfdir}/pam.d/vsftpd
+        sed -i "s:ftpusers:vsftpd.ftpusers:" ${D}${sysconfdir}/pam.d/vsftpd
+    fi
+    if ${@base_contains('DISTRO_FEATURES', 'systemd', 'true', 'false', d)}; then
+        install -d ${D}${sysconfdir}/tmpfiles.d
+        echo "d /var/run/vsftpd/empty 0755 root root -" \
+        > ${D}${sysconfdir}/tmpfiles.d/${BPN}.conf
+    fi
+
+    # Install systemd unit files
+    install -d ${D}${systemd_unitdir}/system
+    install -m 0644 ${WORKDIR}/vsftpd.service ${D}${systemd_unitdir}/system
+    sed -i -e 's#@SBINDIR@#${sbindir}#g' ${D}${systemd_unitdir}/system/vsftpd.service
+}
+
+INITSCRIPT_PACKAGES = "${PN}"
+INITSCRIPT_NAME_${PN} = "vsftpd"
+INITSCRIPT_PARAMS_${PN} = "defaults 80"
+
+USERADD_PACKAGES = "${PN}"
+USERADD_PARAM_${PN} = "--system --home-dir /var/lib/ftp --no-create-home -g ftp \
+                       --shell /bin/false ftp "
+GROUPADD_PARAM_${PN} = "-r ftp"
+
+SYSTEMD_SERVICE_${PN} = "vsftpd.service"
+
+pkg_postinst_${PN}() {
+    if [ -z "$D" ]; then
+        if type systemd-tmpfiles >/dev/null; then
+            systemd-tmpfiles --create
+        elif [ -e ${sysconfdir}/init.d/populate-volatile.sh ]; then
+            ${sysconfdir}/init.d/populate-volatile.sh update
+        fi
+    fi
+}