systmkor: 1 main/openntpd: fixes privelege seperation defaults 1 files changed, 8 insertions(+), 7 deletions(-)
Thank you both. Sorry Sören for the miscommunication. For me this raises a question about package management. Should packages possibly have files that they require/depend on but don't necessarily need to own? The /var/empty directory between OpenSSH and OpenNTPD I think is a good example. What are your thoughts? Should we continue this in alpine-devel? --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---
Copy & paste the following snippet into your terminal to import this patchset into git:
curl -s https://lists.alpinelinux.org/~alpine/aports/patches/1086/mbox | git am -3Learn more about email & git
- compiles default privelege seperation user as ntp instead of _ntp - creates required chroot directory /var/empty --- main/openntpd/APKBUILD | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/main/openntpd/APKBUILD b/main/openntpd/APKBUILD index d2de528..9886012 100644 --- a/main/openntpd/APKBUILD +++ b/main/openntpd/APKBUILD @@ -4,14 +4,14 @@ pkgver=5.7_p4 _myver=${pkgver/_/} pkgrel=0 pkgdesc="Lightweight NTP server ported from OpenBSD" -url=http://www.openntpd.org/ +url="http://www.openntpd.org/" install="$pkgname.pre-install $pkgname.pre-upgrade $pkgname.post-upgrade" subpackages="openntpd-doc" -depends= +depends="" makedepends="openssl-dev linux-headers bsd-compat-headers" arch="all" -license=BSD +license="BSD" source=" http://ftp.openbsd.org/pub/OpenBSD/OpenNTPD/openntpd-$_myver.tar.gz openntpd.confd @@ -29,7 +29,6 @@ prepare() { *.patch) msg $i; patch -p1 -i "$srcdir"/$i || return 1;; esac done - sed -i '/NTPD_USER/s:_ntp:ntp:' src/ntpd.h || return 1 } build() { @@ -41,15 +40,17 @@ build() { --localstatedir=/var \ --mandir=/usr/share/man \ --sysconfdir=/etc \ + --with-privsep-user=ntp \ || return 1 make || return 1 } package() { cd "$_builddir" - make install DESTDIR="$pkgdir" - install -Dm755 ../openntpd.initd "$pkgdir/etc/init.d/$pkgname" - install -Dm644 ../openntpd.confd "$pkgdir/etc/conf.d/$pkgname" + make install DESTDIR="$pkgdir" || return 1 + mkdir -p "$pkgdir"/var/empty || return 1 + install -Dm755 "$srcdir"/openntpd.initd "$pkgdir"/etc/init.d/"$pkgname" || return 1 + install -Dm644 "$srcdir"/openntpd.confd "$pkgdir"/etc/conf.d/"$pkgname" || return 1 }
Sören Tempel <soeren@soeren-tempel.net>This would make the OpenNTPD package the owner of /var/empty. I don't think that this is a good idea.Orion Miller <systmkor@gmail.com>Okay, so what are you saying? Because I thought I wrote what you suggested in the last patch. And now you are suggesting to do what you said I should do last time. [1]Sören Tempel <soeren@soeren-tempel.net>No, I suggested to create that directory in the OpenRC service not in the package function. Did you even read your own reference? On 29.08.15, Orion Miller wrote:If you look at the OpenSSH APKBUILD file it creates /var/empty in it's package function. So I'm not sure what you are actually suggesting.Sören Tempel <soeren@soeren-tempel.net>Turns out: OpenSSH creates /var/empty in the package function and it creates it again in the OpenRC service: See: - http://git.alpinelinux.org/cgit/aports/tree/main/openssh/sshd.initd#n39 - http://git.alpinelinux.org/cgit/aports/tree/main/openssh/APKBUILD#n75 I personally believe that this is a fault in the OpenSSH aport. Still the question remains what the best way to create that directory is…I personally dislike the creation of /var/empty in the package() function. Maybe we should simply create that in alpine-baselayout?Natanael Copa <ncopa@alpinelinux.org>I think it is perfectly fine that packages that uses a directory creates it.Natanael Copa <ncopa@alpinelinux.org>I think we should and I just did. Thanks! -nc --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ------ Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---# References [1] Last Patch Discussion On Thu, 27 Aug 2015 10:48:02 -0700 Orion Miller <systmkor@gmail.com> wrote: > > The OpenSSH aports creates the /var/empty directory in its OpenRC > > services[1], maybe it would be a good idea to do that here as well > > for the sake of consistency? > > I thought if I did that it would cause a package ownership > contention over that specific file (i.e. a directory). I'll try it. :D -- keybase.io/systmkor --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---S�ren. --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---
md5sums="9d818a143fbc5d830203fa2f4b4c6a2a openntpd-5.7p4.tar.gz -- 2.4.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---