| 1 |
commit: dcb995f7f08b66528487fe4e0a16a16bda502572 |
| 2 |
Author: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Tue Jul 18 23:07:19 2017 +0000 |
| 4 |
Commit: Michael Orlitzky <mjo <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Tue Jul 18 23:09:38 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dcb995f7 |
| 7 |
|
| 8 |
net-irc/quassel: new init script revision to prevent privilege escalation. |
| 9 |
|
| 10 |
This commits adds two new files, |
| 11 |
|
| 12 |
* quasselcore.init-r1 |
| 13 |
* quasselcore.conf-r1 |
| 14 |
|
| 15 |
that are as yet unused. The init script has been entirely rewritten to |
| 16 |
use modern features of OpenRC, and uses the default start/stop |
| 17 |
implementations, so it is greatly simplified. |
| 18 |
|
| 19 |
To avoid the "chown" problem in bug 603414, the new init script and |
| 20 |
conf file do not allow changing the quassel user on the fly. Instead, |
| 21 |
the "quassel" user created by the ebuild is used unconditionally. As a |
| 22 |
result, there is no need to fix permissions when the daemon is |
| 23 |
started, and thus no need to change ownership of anything. A further |
| 24 |
permissions-related simplification logs to syslog instead of a file by |
| 25 |
default. Since the daemon runs as a restricted user, that avoids |
| 26 |
another set of permissions (on the log file) that would need to be |
| 27 |
mangled. |
| 28 |
|
| 29 |
Gentoo-Bug: 423145 |
| 30 |
Gentoo-Bug: 603414 |
| 31 |
|
| 32 |
Package-Manager: Portage-2.3.6, Repoman-2.3.1 |
| 33 |
|
| 34 |
net-irc/quassel/files/quasselcore.conf-r1 | 11 +++++++++++ |
| 35 |
net-irc/quassel/files/quasselcore.init-r1 | 22 ++++++++++++++++++++++ |
| 36 |
2 files changed, 33 insertions(+) |
| 37 |
|
| 38 |
diff --git a/net-irc/quassel/files/quasselcore.conf-r1 b/net-irc/quassel/files/quasselcore.conf-r1 |
| 39 |
new file mode 100644 |
| 40 |
index 00000000000..29e14467a8f |
| 41 |
--- /dev/null |
| 42 |
+++ b/net-irc/quassel/files/quasselcore.conf-r1 |
| 43 |
@@ -0,0 +1,11 @@ |
| 44 |
+# Copyright 1999-2017 Gentoo Foundation |
| 45 |
+# Distributed under the terms of the GNU General Public License v2 |
| 46 |
+ |
| 47 |
+# Loglevel Debug|Info|Warning|Error. Default is: Info |
| 48 |
+#LOGLEVEL="Info" |
| 49 |
+ |
| 50 |
+# The address(es) quasselcore will listen on. Default is 0.0.0.0 |
| 51 |
+#LISTEN="0.0.0.0" |
| 52 |
+ |
| 53 |
+# The port quasselcore will listen at. Default is: 4242 |
| 54 |
+#PORT="4242" |
| 55 |
|
| 56 |
diff --git a/net-irc/quassel/files/quasselcore.init-r1 b/net-irc/quassel/files/quasselcore.init-r1 |
| 57 |
new file mode 100644 |
| 58 |
index 00000000000..5976235aafa |
| 59 |
--- /dev/null |
| 60 |
+++ b/net-irc/quassel/files/quasselcore.init-r1 |
| 61 |
@@ -0,0 +1,22 @@ |
| 62 |
+#!/sbin/openrc-run |
| 63 |
+# Copyright 1999-2017 Gentoo Foundation |
| 64 |
+# Distributed under the terms of the GNU General Public License v2 |
| 65 |
+ |
| 66 |
+depend() { |
| 67 |
+ after logger postgres |
| 68 |
+} |
| 69 |
+ |
| 70 |
+LISTEN=${LISTEN:-"0.0.0.0"} |
| 71 |
+LOGLEVEL=${LOGLEVEL:-"Info"} |
| 72 |
+PORT=${PORT:="4242"} |
| 73 |
+ |
| 74 |
+command="/usr/bin/quasselcore" |
| 75 |
+command_args="--configdir=/var/lib/quassel |
| 76 |
+ --listen=${LISTEN} |
| 77 |
+ --loglevel=${LOGLEVEL} |
| 78 |
+ --port=${PORT} |
| 79 |
+ --syslog" |
| 80 |
+command_background="yes" |
| 81 |
+command_user="quassel" |
| 82 |
+description="Quassel Core" |
| 83 |
+pidfile="/run/quassel.pid" |
Archives