Mail archive
alpine-devel

Re: [alpine-devel] mlocate 0.26 / package group

From: Natanael Copa <ncopa_at_alpinelinux.org>
Date: Fri, 18 Oct 2013 15:34:01 +0200

On Fri, 18 Oct 2013 14:07:40 +0200
"Leslie P. Polzer | PORT ZERO" <polzer_at_port-zero.com> wrote:

> I've picked up the old mlocate package in testing, bumped
> it to 0.26 and added subpackages and some more amendments.
>
> For security reasons mlocate should use its own group for
> its setgid binary "locate" and its datadir.
>
> Putting chgrp calls into the post-install script is frowned
> upon, but the intended group ("locate") does not exist at
> build time. Other packages like bind seem to have their groups
> defined in /etc/group in the base install.
>
> How should this be handled? I did notice that there is a
> group "slocate" in the default install. Should this be used?

I suppose we could rename slocate to 'locate' in the base install which
sounds like a more sensible group name.

In any case, since the group has not been there from before, the
pre-install script should try create the group and ignore errors if it
exists.

Since the dir should be created and set correct permissions by apk the
group needs to exist build time (so we can set permissions in tar
archive)

to do that, add this to the APKBUILD:

pkggroups="locate"

and during package:

package() {
        make install DESTDIR="$pkgdir" blabla...
        chgrp locate "$pkgdir"/var/lib/the/databasedir
        chmod g+s (or something) "$pkgdir"/var/blah
}
        
The point is that you set ownership and permissions directly from
package().

Then you can verify that it was set correctly with:
  tar -ztvf mlocate-<version>.apk

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe_at_lists.alpinelinux.org
Help:         alpine-devel+help_at_lists.alpinelinux.org
---
Received on Fri Oct 18 2013 - 15:34:01 UTC