~alpine/devel

7 3

[alpine-devel] mlocate 0.26 / package group

Leslie P. Polzer | PORT ZERO <polzer@port-zero.com>
Details
Message ID
<5261248C.8080506@port-zero.com>
Sender timestamp
1382098060
DKIM signature
missing
Download raw message
I've picked up the old mlocate package in testing, bumped
it to 0.26 and added subpackages and some more amendments.

For security reasons mlocate should use its own group for
its setgid binary "locate" and its datadir.

Putting chgrp calls into the post-install script is frowned
upon, but the intended group ("locate") does not exist at
build time. Other packages like bind seem to have their groups
defined in /etc/group in the base install.

How should this be handled? I did notice that there is a
group "slocate" in the default install. Should this be used?

  Leslie

-- 
Dipl.Ing.(BA) Leslie P. Polzer | CTO - PORT ZERO
UG (haftungsbeschränkt)
Softwareentwicklung & IT Engineering
Adalbertstraße 7/8
10999 Berlin
Tel.: +49 (0)30 - 69 200 907 - 0
Fax: +49 (0)30 - 69 200 907 - 9
http://www.port-zero.com


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Bartłomiej Piotrowski <b@bpiotrowski.pl>
Details
Message ID
<52612EB0.2050907@bpiotrowski.pl>
In-Reply-To
<5261248C.8080506@port-zero.com> (view parent)
Sender timestamp
1382100656
DKIM signature
missing
Download raw message
On 10/18/2013 02:07 PM, Leslie P. Polzer | PORT ZERO wrote:
> I've picked up the old mlocate package in testing, bumped
> it to 0.26 and added subpackages and some more amendments.
> 
> For security reasons mlocate should use its own group for
> its setgid binary "locate" and its datadir.
> 
> Putting chgrp calls into the post-install script is frowned
> upon, but the intended group ("locate") does not exist at
> build time. Other packages like bind seem to have their groups
> defined in /etc/group in the base install.
> 
> How should this be handled? I did notice that there is a
> group "slocate" in the default install. Should this be used?
> 
>   Leslie
> 


-- 
Bartłomiej Piotrowski
http://bpiotrowski.pl/
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20131018153401.46c317be@ncopa-desktop.alpinelinux.org>
In-Reply-To
<5261248C.8080506@port-zero.com> (view parent)
Sender timestamp
1382103241
DKIM signature
missing
Download raw message
On Fri, 18 Oct 2013 14:07:40 +0200
"Leslie P. Polzer | PORT ZERO" <polzer@port-zero.com> wrote:

> I've picked up the old mlocate package in testing, bumped
> it to 0.26 and added subpackages and some more amendments.
> 
> For security reasons mlocate should use its own group for
> its setgid binary "locate" and its datadir.
> 
> Putting chgrp calls into the post-install script is frowned
> upon, but the intended group ("locate") does not exist at
> build time. Other packages like bind seem to have their groups
> defined in /etc/group in the base install.
> 
> How should this be handled? I did notice that there is a
> group "slocate" in the default install. Should this be used?

I suppose we could rename slocate to 'locate' in the base install which
sounds like a more sensible group name.

In any case, since the group has not been there from before, the
pre-install script should try create the group and ignore errors if it
exists.

Since the dir should be created and set correct permissions by apk the
group needs to exist build time (so we can set permissions in tar
archive)

to do that, add this to the APKBUILD:

pkggroups="locate"

and during package:

package() {
	make install  DESTDIR="$pkgdir" blabla...
	chgrp locate "$pkgdir"/var/lib/the/databasedir
	chmod g+s (or something) "$pkgdir"/var/blah
}
	
The point is that you set ownership and permissions directly from
package().

Then you can verify that it was set correctly with:
  tar -ztvf mlocate-<version>.apk

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Leslie P. Polzer | PORT ZERO <polzer@port-zero.com>
Details
Message ID
<526410C0.5040202@port-zero.com>
In-Reply-To
<20131018153401.46c317be@ncopa-desktop.alpinelinux.org> (view parent)
Sender timestamp
1382289600
DKIM signature
missing
Download raw message
Attached is the new testing/mlocate APKBUILD commit. I'd be grateful for
any feedback.

Thanks to both of you for the hint on pkggroups.

Some more comments:

> I suppose we could rename slocate to 'locate' in the base install which
> sounds like a more sensible group name.

The package uses 'locate' now, as it did before. I agree it would be
sensible to do the rename in the base install.

libc-dev is hardly ever mentioned in makedepends in the aports tree.
Is it always assumed to be available?

The Wiki doesn't seem to mention a preferred indent style for build
files. I've found a mail from Natanael saying he prefers tabs 8 spaces
wide, so that's what I did in the mlocate APKBUILD.

mlocate -- and probably a lot of other packages -- require sed for
adjusting the build process. It is part of busybox in the base install,
but I'm not sure how to handle this properly with the current dependency
system. One possible solution would be having a makedepends on 'sed'
and then have busybox provide this *if* it is compiled with the sed
binary. Difficulties might arise if some sed functionality is required
that doesn't work with busybox sed. Has this topic been discussed before?

I've also learned from the Wiki that "abuild -r" is a very convenient command,
but the built-in help is quite cryptic on this parameter:

> -r  Install missing dependencies from system repository (using sudo)

Which is certainly part of what it does, but far from its full behavior.

Just from reading the documentation I still don't have a clear understanding
how the abuild switches relate to the execution of abuild commands.

  Leslie

-- 
Dipl.Ing.(BA) Leslie P. Polzer | CTO - PORT ZERO
UG (haftungsbeschränkt)
Softwareentwicklung & IT Engineering
Adalbertstraße 7/8
10999 Berlin
Tel.: +49 (0)30 - 69 200 907 - 0
Fax: +49 (0)30 - 69 200 907 - 9
http://www.port-zero.com
Leslie P. Polzer | PORT ZERO <polzer@port-zero.com>
Details
Message ID
<52667ED0.8040600@port-zero.com>
In-Reply-To
<526410C0.5040202@port-zero.com> (view parent)
Sender timestamp
1382448848
DKIM signature
missing
Download raw message
On 10/20/2013 07:20 PM, Leslie P. Polzer | PORT ZERO wrote:

> I've also learned from the Wiki that "abuild -r" is a very convenient command,
> but the built-in help is quite cryptic on this parameter:
> 
>> -r  Install missing dependencies from system repository (using sudo)
> 
> Which is certainly part of what it does, but far from its full behavior.
> 
> Just from reading the documentation I still don't have a clear understanding
> how the abuild switches relate to the execution of abuild commands.

Never mind that, I was a bit confused about it.

  Leslie


-- 
Dipl.Ing.(BA) Leslie P. Polzer | CTO - PORT ZERO
UG (haftungsbeschränkt)
Softwareentwicklung & IT Engineering
Adalbertstraße 7/8
10999 Berlin
Tel.: +49 (0)30 - 69 200 907 - 0
Fax: +49 (0)30 - 69 200 907 - 9
http://www.port-zero.com


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Leslie P. Polzer | PORT ZERO <polzer@port-zero.com>
Details
Message ID
<52682121.4030209@port-zero.com>
In-Reply-To
<526410C0.5040202@port-zero.com> (view parent)
Sender timestamp
1382555937
DKIM signature
missing
Download raw message
On 10/20/2013 07:20 PM, Leslie P. Polzer | PORT ZERO wrote:
> Attached is the new testing/mlocate APKBUILD commit. I'd be grateful for
> any feedback.

I noticed a small omission in makedepends. Patch for this attached, designed
to go on top of the first one.

  Leslie


-- 
Dipl.Ing.(BA) Leslie P. Polzer | CTO - PORT ZERO
UG (haftungsbeschränkt)
Softwareentwicklung & IT Engineering
Adalbertstraße 7/8
10999 Berlin
Tel.: +49 (0)30 - 69 200 907 - 0
Fax: +49 (0)30 - 69 200 907 - 9
http://www.port-zero.com
Natanael Copa <ncopa@alpinelinux.org>
Details
Message ID
<20131028212018.51bf1419@ncopa-laptop.res.nor.wtbts.net>
In-Reply-To
<52682121.4030209@port-zero.com> (view parent)
Sender timestamp
1382991618
DKIM signature
missing
Download raw message
On Wed, 23 Oct 2013 21:18:57 +0200
"Leslie P. Polzer | PORT ZERO" <polzer@port-zero.com> wrote:

> On 10/20/2013 07:20 PM, Leslie P. Polzer | PORT ZERO wrote:
> > Attached is the new testing/mlocate APKBUILD commit. I'd be grateful for
> > any feedback.
> 
> I noticed a small omission in makedepends. Patch for this attached, designed
> to go on top of the first one.
> 
>   Leslie
> 
> 

i squashed it into the previous commit and did som cleanups.

I removed gettext-dev dep and -lang subpackage (so we dont pull in
gettext and save space)

I removed the doc() and lang() subpackages. abuild has defaults for
-doc, -dev and -lang subpackages.

I removed libc-dev dependency. Its a part of build-base and is assumed
to always be there. (same with gnu make, gcc, patch etc)

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Leslie P. Polzer | PORT ZERO <polzer@port-zero.com>
Details
Message ID
<526FA25B.2030407@port-zero.com>
In-Reply-To
<20131028212018.51bf1419@ncopa-laptop.res.nor.wtbts.net> (view parent)
Sender timestamp
1383047771
DKIM signature
missing
Download raw message
On 10/28/2013 09:20 PM, Natanael Copa wrote:

> i squashed it into the previous commit and did som cleanups.

Thanks, I appreciate it!

 
> I removed gettext-dev dep and -lang subpackage (so we dont pull in
> gettext and save space)

I don't get this. How will the base package take up more space if
we generate a separate lang package?


> I removed the doc() and lang() subpackages. abuild has defaults for
> -doc, -dev and -lang subpackages.
> I removed libc-dev dependency. Its a part of build-base and is assumed
> to always be there. (same with gnu make, gcc, patch etc)

Good to know. I will try to make these clearer in the Wiki.

   Leslie


-- 
Dipl.Ing.(BA) Leslie P. Polzer | CTO - PORT ZERO
UG (haftungsbeschränkt)
Softwareentwicklung & IT Engineering
Adalbertstraße 7/8
10999 Berlin
Tel.: +49 (0)30 - 69 200 907 - 0
Fax: +49 (0)30 - 69 200 907 - 9
http://www.port-zero.com


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---
Reply to thread Export thread (mbox)