Received: from out1.migadu.com (out1.migadu.com [91.121.223.63]) by nld3-dev1.alpinelinux.org (Postfix) with ESMTPS id 2D2157812FE for <~alpine/aports@lists.alpinelinux.org>; Wed, 6 Apr 2022 08:21:47 +0000 (UTC) X-Report-Abuse: Please report any abuse attempt to abuse@migadu.com and include these headers. DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cmpwn.com; s=key1; t=1649232854; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=0zJu2FoU6H6LkvG5L/aQw+pTJMwvxXU3d095VQLAkt4=; b=SPFzSGzjBqzq3fVzLkqtnXtqwC+VP/MSSql9sBUZToV7JgGCE8941VnsnmLqZcSI8u6aln 4Sl6jx+82CgsomHNiqAhMzIcruInVGPg/1MTaeRGlTmyR2sxdhh5gwIyHS2n3TKoWQKgMD 7RsU+YO1nXk5CYuZvoNfqrUI6QnCmci1KthdNI5qY+H51NQY1muJCXC5KT5OeSDVZEdsq9 rk3dMCMdRNZtgQkR8bK3ge1/n22nrhMfu7AoOkFAmfXBht7LmkeU764QUCKSg6iknpUYoS fqcA4HHjBtCeo0n/Dsj6STSoBem2WHOl9QJbhYk74p7RaQw5cKaHgpA4Ok7xtQ== From: Drew DeVault To: ~alpine/aports@lists.alpinelinux.org Cc: Drew DeVault Subject: [PATCH 1/2] main/bitlbee: modernize package Date: Wed, 6 Apr 2022 10:13:58 +0200 Message-Id: <20220406081359.28748-1-sir@cmpwn.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Migadu-Flow: FLOW_OUT X-Migadu-Auth-User: cmpwn.com Configures the service to run as a non-root user with the supervisor daemon pre-configured for daemon mode. --- main/bitlbee/APKBUILD | 22 +++- main/bitlbee/bitlbee.conf | 180 +++++++++++++++++++++++++++++++ main/bitlbee/bitlbee.confd | 11 +- main/bitlbee/bitlbee.initd | 32 ++---- main/bitlbee/bitlbee.pre-install | 4 + 5 files changed, 214 insertions(+), 35 deletions(-) create mode 100644 main/bitlbee/bitlbee.conf create mode 100644 main/bitlbee/bitlbee.pre-install diff --git a/main/bitlbee/APKBUILD b/main/bitlbee/APKBUILD index 7daf428e07..3d68b707e4 100644 --- a/main/bitlbee/APKBUILD +++ b/main/bitlbee/APKBUILD @@ -2,7 +2,7 @@ # Maintainer: Sheila Aman pkgname=bitlbee pkgver=3.6 -pkgrel=2 +pkgrel=3 pkgdesc="An IRC to other chat networks gateway" url="https://www.bitlbee.org/" arch="all" @@ -10,9 +10,13 @@ options="!check" # no test suite license="GPL-2.0-or-later" makedepends="python3 glib-dev gnutls-dev libotr-dev" subpackages="$pkgname-dev $pkgname-doc $pkgname-otr $pkgname-openrc" +install="$pkgname.pre-install" +pkgusers="bitlbee" +pkggroups="bitlbee" source="http://get.bitlbee.org/src/bitlbee-$pkgver.tar.gz $pkgname.initd $pkgname.confd + bitlbee.conf " build() { @@ -29,13 +33,18 @@ build() { package() { make DESTDIR="$pkgdir" install install-etc install-dev + mv "$pkgdir"/usr/sbin "$pkgdir"/usr/bin install -m755 -D "$srcdir"/$pkgname.initd \ "$pkgdir"/etc/init.d/$pkgname install -m644 -D "$srcdir"/$pkgname.confd \ "$pkgdir"/etc/conf.d/$pkgname + mkdir -p "$pkgdir"/var/lib/bitlbee - chown nobody:nobody "$pkgdir"/var/lib/bitlbee + chown bitlbee:bitlbee "$pkgdir"/var/lib/bitlbee + + install -m644 -D "$srcdir"/bitlbee.conf \ + "$pkgdir"/etc/bitlbee/bitlbee.conf } otr() { @@ -43,6 +52,9 @@ otr() { mv "$pkgdir"/usr/lib/bitlbee "$subpkgdir"/usr/lib } -sha512sums="ccbf0f23e228de2de147241f36f59744b2256cba958e2fabfba0cfa60935e55bbb7d7e20fffa54da9a345e55ffa9ca82cb62e9b99dc738ba35c6e268c6561a8d bitlbee-3.6.tar.gz -300c3445b9be6dac41bbd6d3a3ef5b871668743d4ea68dd779962d7af941cdaac61cb7c61e7ab2610bffac6dd9accc7ef9590593aef45e6930e2f49abaf9bf40 bitlbee.initd -d86e85eecafe080d331034cfc0b1f38d8e5582772d1e1d7175d14b396e1ce3dfd1b94e8ee97ef54b85181b3eacf39bacd378a1da5014515ed909554708907991 bitlbee.confd" +sha512sums=" +ccbf0f23e228de2de147241f36f59744b2256cba958e2fabfba0cfa60935e55bbb7d7e20fffa54da9a345e55ffa9ca82cb62e9b99dc738ba35c6e268c6561a8d bitlbee-3.6.tar.gz +5d79b8c827eba2c11c0d2135ee94c01322afcd841fb47456311322d5fc7a7d671cac7b9eee0adee7f3f10612a4ebb9ebfc8600a428a1e0c54034f730310f92c1 bitlbee.initd +0253a7758588b276217d74ed43f7772906a1d5e6a58ffe532b8495ab5509e88ea32f77887b9a23e1da5ceeeecaff83e5ef8d6a08e9041a049f4f78f4379fd053 bitlbee.confd +325d5d37dddaaa651de5615038cf73422b6f81e590df4bb2917aa2bc470247ad6334f43f309e667f063e6c73d3f71e1132bf61552ec84c26f5bd5369cf01ebc1 bitlbee.conf +" diff --git a/main/bitlbee/bitlbee.conf b/main/bitlbee/bitlbee.conf new file mode 100644 index 0000000000..da93519167 --- /dev/null +++ b/main/bitlbee/bitlbee.conf @@ -0,0 +1,180 @@ +## BitlBee default configuration file +## +## Comments are marked like this. The rest of the file is INI-style. The +## comments should tell you enough about what all settings mean. +## + +[settings] + +## RunMode: +## +## Inetd -- Run from inetd (default) +## Daemon -- Run as a stand-alone daemon, serving all users from one process. +## This saves memory if there are more users, the downside is that when one +## user hits a crash-bug, all other users will also lose their connection. +## ForkDaemon -- Run as a stand-alone daemon, but keep all clients in separate +## child processes. This should be pretty safe and reliable to use instead +## of inetd mode. +## +RunMode = Daemon + +## User: +## +## If BitlBee is started by root as a daemon, it can drop root privileges, +## and change to the specified user. +## +# User = bitlbee + +## DaemonPort/DaemonInterface: +## +## For daemon mode, you can specify on what interface and port the daemon +## should be listening for connections. +## +DaemonInterface = 127.0.0.1 +DaemonPort = 6667 + +## ClientInterface: +## +## If for any reason, you want BitlBee to use a specific address/interface +## for outgoing traffic (IM connections, HTTP(S), etc.), set it here. +## +# ClientInterface = 0.0.0.0 + +## AuthMode +## +## Open -- Accept connections from anyone, use NickServ for user authentication. +## (default) +## Closed -- Require authorization (using the PASS command during login) before +## allowing the user to connect at all. +## Registered -- Only allow registered users to use this server; this disables +## the register- and the account command until the user identifies itself. +## +# AuthMode = Open + +## AuthBackend +## +## By default, the authentication data for a user is stored in the storage +## backend. If you want to authenticate against another authentication system +## (e.g. ldap), you can specify that here. +## +## Beware that this disables password changes and causes passwords for the +## accounts people create to be stored in plain text instead of encrypted with +## their bitlbee password. +## +## Currently available backends: +## +## - storage (internal storage) +## - pam (Linux PAM authentication) +## - ldap (LDAP server configured in the openldap settings) +# +# AuthBackend = storage +# + +## AuthPassword +## +## Password the user should enter when logging into a closed BitlBee server. +## You can also have a BitlBee-style MD5 hash here. Format: "md5:", followed +## by a hash as generated by "bitlbee -x hash ". +## +# AuthPassword = ItllBeBitlBee ## Heh.. Our slogan. ;-) +## or +# AuthPassword = md5:gzkK0Ox/1xh+1XTsQjXxBJ571Vgl + +## OperPassword +## +## Password that unlocks access to special operator commands. +## +# OperPassword = ChangeMe! +## or +# OperPassword = md5:I0mnZbn1t4R731zzRdDN2/pK7lRX + +## AllowAccountAdd +## +## Whether to allow registered and identified users to add new accounts using +## 'account add' +## +# AllowAccountAdd 1 + +## HostName +## +## Normally, BitlBee gets a hostname using getsockname(). If you have a nicer +## alias for your BitlBee daemon, you can set it here and BitlBee will identify +## itself with that name instead. +## +# HostName = localhost + +## MotdFile +## +## Specify an alternative MOTD (Message Of The Day) file. Default value depends +## on the --etcdir argument to configure. +## +# MotdFile = /etc/bitlbee/motd.txt + +## ConfigDir +## +## Specify an alternative directory to store all the per-user configuration +## files. (.nicks/.accounts) +## +# ConfigDir = /var/lib/bitlbee + +## Ping settings +## +## BitlBee can send PING requests to the client to check whether it's still +## alive. This is not very useful on local servers, but it does make sense +## when most clients connect to the server over a real network interface. +## (Public servers) Pinging the client will make sure lost clients are +## detected and cleaned up sooner. +## +## PING requests are sent every PingInterval seconds. If no PONG reply has +## been received for PingTimeOut seconds, BitlBee aborts the connection. +## +## To disable the pinging, set at least one of these to 0. +## +# PingInterval = 180 +# PingTimeOut = 300 + +## Using proxy servers for outgoing connections +## +## If you're running BitlBee on a host which is behind a restrictive firewall +## and a proxy server, you can tell BitlBee to use that proxy server here. +## The setting has to be a URL, formatted like one of these examples: +## +## (Obviously, the username and password are optional) +## +# Proxy = http://john:doe@proxy.localnet.com:8080 +# Proxy = socks4://socksproxy.localnet.com +# Proxy = socks5://socksproxy.localnet.com + +## Protocols offered by bitlbee +## +## As recompiling may be quite unpractical for some people, this option +## allows to remove the support of protocol, even if compiled in. If +## nothing is given, there are no restrictions. +## +# Protocols = jabber yahoo + +## Trusted CAs +## +## Path to a file containing a list of trusted certificate authorities used in +## the verification of server certificates. +## +## Uncomment this and make sure the file actually exists and contains all +## certificate authorities you're willing to accept (default value should +## work on at least Debian/Ubuntu systems with the "ca-certificates" package +## installed). As long as the line is commented out, SSL certificate +## verification is completely disabled. +## +## The location of this file may be different on other distros/OSes. For +## example, try /etc/ssl/ca-bundle.pem on OpenSUSE. +## +# CAfile = /etc/ssl/certs/ca-certificates.crt + +[defaults] + +## Here you can override the defaults for some per-user settings. Users are +## still able to override your defaults, so this is not a way to restrict +## your users... + +## To enable private mode by default, for example: + +## private = 1 diff --git a/main/bitlbee/bitlbee.confd b/main/bitlbee/bitlbee.confd index 99f308cd97..bba4f213ad 100644 --- a/main/bitlbee/bitlbee.confd +++ b/main/bitlbee/bitlbee.confd @@ -1,9 +1,2 @@ -# Sample conf.d file for alpine linux - -# -# Specify daemon options here. -# - -PORT="6667" -OPTS="-F" - +# To override the default user: +# bitlbee_user=bitlbee diff --git a/main/bitlbee/bitlbee.initd b/main/bitlbee/bitlbee.initd index 79a439393d..a620c4b61d 100644 --- a/main/bitlbee/bitlbee.initd +++ b/main/bitlbee/bitlbee.initd @@ -1,29 +1,19 @@ #!/sbin/openrc-run - -name=bitlbee -daemon=/usr/sbin/$name - -. /etc/conf.d/$name +name="bitlbee" +description="bitlbee irc service" +supervisor=supervise-daemon +BITLBEE_USER=${BITLBEE_USER:-bitlbee} +LOGS=/var/log/bitlbee.log +supervise_daemon_args="-1 $LOGS -2 $LOGS" +command="/usr/bin/bitlbee" +command_args="-n" +command_user="$BITLBEE_USER:$BITLBEE_USER" depend() { need net after firewall } -start() { - ebegin "Starting ${name}" - start-stop-daemon --start --quiet \ - --pidfile /var/run/${name}.pid \ - --user nobody:nobody \ - --exec ${daemon} -- ${PORT} ${OPTS} - eend $? +start_pre() { + checkpath -f "$LOGS" -m 644 -o "$BITLBEE_USER:$BITLBEE_USER" } - -stop() { - ebegin "Stopping ${name}" - start-stop-daemon --stop --signal 9 --quiet \ - --pidfile /var/run/$name.pid \ - --exec ${daemon} - eend $? -} - diff --git a/main/bitlbee/bitlbee.pre-install b/main/bitlbee/bitlbee.pre-install new file mode 100644 index 0000000000..1ef3e01690 --- /dev/null +++ b/main/bitlbee/bitlbee.pre-install @@ -0,0 +1,4 @@ +#!/bin/sh +grep '^bitlbee:' /etc/group >/dev/null || addgroup -S bitlbee 2>/dev/null +grep '^bitlbee:' /etc/passwd >/dev/null || adduser -SDh/var/lib/bitlbee \ + -s/sbin/nologin -Gbitlbee -gbitlbee bitlbee bitlbee 2>/dev/null -- 2.35.1