~alpine/aports

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[alpine-aports] [PATCH] main/openntpd: fixes privelege seperation defaults

Details
Message ID
<1440630224-14407-1-git-send-email-systmkor@gmail.com>
Sender timestamp
1440630224
DKIM signature
missing
Download raw message
Patch: +3 -1
 - compiles default privelege seperation user as ntp instead of _ntp
 - creates required chroot directory /var/empty in .pre-install script
---
 main/openntpd/APKBUILD             | 3 ++-
 main/openntpd/openntpd.pre-install | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/main/openntpd/APKBUILD b/main/openntpd/APKBUILD
index d2de528..fd68e84 100644
--- a/main/openntpd/APKBUILD
+++ b/main/openntpd/APKBUILD
@@ -2,7 +2,7 @@
pkgname=openntpd
pkgver=5.7_p4
_myver=${pkgver/_/}
pkgrel=0
pkgrel=1
pkgdesc="Lightweight NTP server ported from OpenBSD"
url=http://www.openntpd.org/
install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
@@ -41,6 +41,7 @@ build() {
		--localstatedir=/var \
		--mandir=/usr/share/man \
		--sysconfdir=/etc \
		--with-privsep-user=ntp \
		|| return 1
	make || return 1
}
diff --git a/main/openntpd/openntpd.pre-install b/main/openntpd/openntpd.pre-install
index 0b2be06..36778a9 100644
--- a/main/openntpd/openntpd.pre-install
+++ b/main/openntpd/openntpd.pre-install
@@ -2,6 +2,7 @@

# this user should be included in alpine-baselayout-1.2.
# included here for backward compability.
mkdir -p /var/empty
adduser -H -h /var/empty -s /sbin/nologin -D ntp  2>/dev/null

exit 0
-- 
2.4.1



---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Orion Miller <systmkor@gmail.com>
Details
Message ID
<CAPQg+vqfu=hG_r5pLe6aFrVMSzPeUGt4zNHYWFswD1pi77MSWQ@mail.gmail.com>
In-Reply-To
<20150827092423.GA11801@francium.lan> (view parent)
Sender timestamp
1440697682
DKIM signature
missing
Download raw message
> The prepare function still substitutes _ntp with ntp in src/ntpd.h I
> am assuming that this is no longer necessary? If so then please
> remove the sed(1) invocation from the prepare function.

I'll try removing the sed call in the prepare function and verify that
OpenNTPD still works.

> The OpenSSH aports creates the /var/empty directory in its OpenRC
> services[1], maybe it would be a good idea to do that here as well for
> the sake of consistency?

I thought if I did that it would cause a package ownership
contention over that specific file (i.e. a directory). I'll try it. :D

-- 
keybase.io/systmkor


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Details
Message ID
<20150827092423.GA11801@francium.lan>
In-Reply-To
<1440630224-14407-1-git-send-email-systmkor@gmail.com> (view parent)
Sender timestamp
1440667463
DKIM signature
missing
Download raw message
On 26.08.15, systmkor wrote:
>  - compiles default privelege seperation user as ntp instead of _ntp
>  - creates required chroot directory /var/empty in .pre-install script
> ---
>  main/openntpd/APKBUILD             | 3 ++-
>  main/openntpd/openntpd.pre-install | 1 +
>  2 files changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/main/openntpd/APKBUILD b/main/openntpd/APKBUILD
> index d2de528..fd68e84 100644
> --- a/main/openntpd/APKBUILD
> +++ b/main/openntpd/APKBUILD
> @@ -2,7 +2,7 @@
>  pkgname=openntpd
>  pkgver=5.7_p4
>  _myver=${pkgver/_/}
> -pkgrel=0
> +pkgrel=1
>  pkgdesc="Lightweight NTP server ported from OpenBSD"
>  url=http://www.openntpd.org/
>  install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade"
> @@ -41,6 +41,7 @@ build() {
>  		--localstatedir=/var \
>  		--mandir=/usr/share/man \
>  		--sysconfdir=/etc \
> +		--with-privsep-user=ntp \
>  		|| return 1
>  	make || return 1
>  }
> diff --git a/main/openntpd/openntpd.pre-install b/main/openntpd/openntpd.pre-install

The prepare function still substitutes _ntp with ntp in src/ntpd.h I am
assuming that this is no longer necessary? If so then please remove the
sed(1) invocation from the prepare function.

> index 0b2be06..36778a9 100644
> --- a/main/openntpd/openntpd.pre-install
> +++ b/main/openntpd/openntpd.pre-install
> @@ -2,6 +2,7 @@
>
>  # this user should be included in alpine-baselayout-1.2.
>  # included here for backward compability.
> +mkdir -p /var/empty
>  adduser -H -h /var/empty -s /sbin/nologin -D ntp  2>/dev/null
>
>  exit 0

The OpenSSH aports creates the /var/empty directory in its OpenRC
services[1], maybe it would be a good idea to do that here as well for
the sake of consistency?

[1]: http://git.alpinelinux.org/cgit/aports/tree/main/openssh/sshd.initd#n39

Sören.


---
Unsubscribe:  alpine-aports+unsubscribe@lists.alpinelinux.org
Help:         alpine-aports+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)