X-Original-To: alpine-aports@mail.alpinelinux.org Delivered-To: alpine-aports@mail.alpinelinux.org Received: from mail.alpinelinux.org (dallas-a1.alpinelinux.org [127.0.0.1]) by mail.alpinelinux.org (Postfix) with ESMTP id D5E14DC107D for ; Thu, 27 Aug 2015 09:24:27 +0000 (UTC) Received: from lithium.8pit.net (lithium.8pit.net [141.101.32.65]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mail.alpinelinux.org (Postfix) with ESMTPS id 5D712DC0579 for ; Thu, 27 Aug 2015 09:24:26 +0000 (UTC) Received: from localhost (ip5f5ac8d9.dynamic.kabel-deutschland.de [95.90.200.217]); by lithium.8pit.net (OpenSMTPD) with ESMTPSA id d73774f9; TLS version=TLSv1/SSLv3 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO; for ; Thu, 27 Aug 2015 11:24:24 +0200 (CEST) Date: Thu, 27 Aug 2015 11:24:23 +0200 From: =?iso-8859-1?Q?S=F6ren?= Tempel To: alpine-aports@lists.alpinelinux.org Subject: Re: [alpine-aports] [PATCH] main/openntpd: fixes privelege seperation defaults Message-ID: <20150827092423.GA11801@francium.lan> References: <1440630224-14407-1-git-send-email-systmkor@gmail.com> X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <1440630224-14407-1-git-send-email-systmkor@gmail.com> User-Agent: Mutt/1.5.23 (2014-03-12) X-Virus-Scanned: ClamAV using ClamSMTP On 26.08.15, systmkor wrote: > - compiles default privelege seperation user as ntp instead of _ntp > - creates required chroot directory /var/empty in .pre-install script > --- > main/openntpd/APKBUILD | 3 ++- > main/openntpd/openntpd.pre-install | 1 + > 2 files changed, 3 insertions(+), 1 deletion(-) >=20 > diff --git a/main/openntpd/APKBUILD b/main/openntpd/APKBUILD > index d2de528..fd68e84 100644 > --- a/main/openntpd/APKBUILD > +++ b/main/openntpd/APKBUILD > @@ -2,7 +2,7 @@ > pkgname=3Dopenntpd > pkgver=3D5.7_p4 > _myver=3D${pkgver/_/} > -pkgrel=3D0 > +pkgrel=3D1 > pkgdesc=3D"Lightweight NTP server ported from OpenBSD" > url=3Dhttp://www.openntpd.org/ > install=3D"$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgra= de" > @@ -41,6 +41,7 @@ build() { > --localstatedir=3D/var \ > --mandir=3D/usr/share/man \ > --sysconfdir=3D/etc \ > + --with-privsep-user=3Dntp \ > || return 1 > make || return 1 > } > diff --git a/main/openntpd/openntpd.pre-install b/main/openntpd/openntpd.= pre-install The prepare function still substitutes _ntp with ntp in src/ntpd.h I am assuming that this is no longer necessary? If so then please remove the sed(1) invocation from the prepare function. > index 0b2be06..36778a9 100644 > --- a/main/openntpd/openntpd.pre-install > +++ b/main/openntpd/openntpd.pre-install > @@ -2,6 +2,7 @@ > > # this user should be included in alpine-baselayout-1.2. > # included here for backward compability. > +mkdir -p /var/empty > adduser -H -h /var/empty -s /sbin/nologin -D ntp 2>/dev/null > > exit 0 The OpenSSH aports creates the /var/empty directory in its OpenRC services[1], maybe it would be a good idea to do that here as well for the sake of consistency? [1]: http://git.alpinelinux.org/cgit/aports/tree/main/openssh/sshd.initd#n39 S=F6ren. --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---