X-Original-To: alpine-devel@lists.alpinelinux.org
Delivered-To: alpine-devel@mail.alpinelinux.org
Received: from dal-a2.localdomain (unknown [74.117.189.115])
	by mail.alpinelinux.org (Postfix) with ESMTP id 9557FDC0223
	for <alpine-devel@lists.alpinelinux.org>; Fri, 18 Oct 2013 08:24:01 +0000 (UTC)
Received: from ncopa-desktop.alpinelinux.org (3.203.202.84.customer.cdi.no [84.202.203.3])
	(using SSLv3 with cipher ECDHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: ncopa@tanael.org)
	by dal-a2.localdomain (Postfix) with ESMTPSA id 2DC8EBC337D;
	Fri, 18 Oct 2013 13:34:05 +0000 (UTC)
Date: Fri, 18 Oct 2013 15:34:01 +0200
From: Natanael Copa <ncopa@alpinelinux.org>
To: "Leslie P. Polzer | PORT ZERO" <polzer@port-zero.com>
Cc: alpine-devel@lists.alpinelinux.org
Subject: Re: [alpine-devel] mlocate 0.26 / package group
Message-ID: <20131018153401.46c317be@ncopa-desktop.alpinelinux.org>
In-Reply-To: <5261248C.8080506@port-zero.com>
References: <5261248C.8080506@port-zero.com>
X-Mailer: Claws Mail 3.9.2 (GTK+ 2.24.20; x86_64-alpine-linux-uclibc)
X-Mailinglist: alpine-devel
Precedence: list
List-Id: Alpine Development <alpine-devel.lists.alpinelinux.org>
List-Unsubscribe: 
	<mailto:alpine-devel+unsubscribe@lists.alpinelinux.org?subject=unsubscribe>
List-Post: <mailto:alpine-devel@lists.alpinelinux.org>
List-Help: <mailto:alpine-devel+help@lists.alpinelinux.org?subject=help>
List-Subscribe: 
	<mailto:alpine-devel+subscribe@lists.alpinelinux.org?subject=subscribe>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

On Fri, 18 Oct 2013 14:07:40 +0200
"Leslie P. Polzer | PORT ZERO" <polzer@port-zero.com> wrote:

> I've picked up the old mlocate package in testing, bumped
> it to 0.26 and added subpackages and some more amendments.
> 
> For security reasons mlocate should use its own group for
> its setgid binary "locate" and its datadir.
> 
> Putting chgrp calls into the post-install script is frowned
> upon, but the intended group ("locate") does not exist at
> build time. Other packages like bind seem to have their groups
> defined in /etc/group in the base install.
> 
> How should this be handled? I did notice that there is a
> group "slocate" in the default install. Should this be used?

I suppose we could rename slocate to 'locate' in the base install which
sounds like a more sensible group name.

In any case, since the group has not been there from before, the
pre-install script should try create the group and ignore errors if it
exists.

Since the dir should be created and set correct permissions by apk the
group needs to exist build time (so we can set permissions in tar
archive)

to do that, add this to the APKBUILD:

pkggroups="locate"

and during package:

package() {
	make install  DESTDIR="$pkgdir" blabla...
	chgrp locate "$pkgdir"/var/lib/the/databasedir
	chmod g+s (or something) "$pkgdir"/var/blah
}
	
The point is that you set ownership and permissions directly from
package().

Then you can verify that it was set correctly with:
  tar -ztvf mlocate-<version>.apk

Thanks!

-nc


---
Unsubscribe:  alpine-devel+unsubscribe@lists.alpinelinux.org
Help:         alpine-devel+help@lists.alpinelinux.org
---