1 |
commit: fe0d13da698c205e0d71eff7c1fb5ef12b3b83ca |
2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
3 |
AuthorDate: Sun Sep 3 21:39:40 2017 +0000 |
4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
5 |
CommitDate: Sun Sep 3 21:53:10 2017 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe0d13da |
7 |
|
8 |
net-vpn/peervpn: revbump to 0.044-r4 for bug 629418 |
9 |
|
10 |
Package-Manager: Portage-2.3.8, Repoman-2.3.2 |
11 |
|
12 |
net-vpn/peervpn/files/peervpn.initd | 9 ++------- |
13 |
.../{peervpn-0.044-r3.ebuild => peervpn-0.044-r4.ebuild} | 15 +++++++++++++-- |
14 |
2 files changed, 15 insertions(+), 9 deletions(-) |
15 |
|
16 |
diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd |
17 |
index b02458ae16c..15390d4e866 100644 |
18 |
--- a/net-vpn/peervpn/files/peervpn.initd |
19 |
+++ b/net-vpn/peervpn/files/peervpn.initd |
20 |
@@ -1,9 +1,9 @@ |
21 |
#!/sbin/openrc-run |
22 |
-# Copyright 2016 Gentoo Foundation |
23 |
+# Copyright 2016-2017 Gentoo Foundation |
24 |
# Distributed under the terms of the GNU General Public License v2 |
25 |
|
26 |
description="peervpn server" |
27 |
-pidfile=${pidfile:-"/run/${SVCNAME}/${SVCNAME}.pid"} |
28 |
+pidfile=${pidfile:-"/run/${SVCNAME}.pid"} |
29 |
logfile=${logfile:-"/var/log/${SVCNAME}/${SVCNAME}.log"} |
30 |
user=${SVCNAME} |
31 |
group=${SVCNAME} |
32 |
@@ -18,9 +18,4 @@ start_stop_daemon_args=" |
33 |
|
34 |
depend() { |
35 |
need net |
36 |
- after net |
37 |
-} |
38 |
- |
39 |
-start_pre() { |
40 |
- checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}" |
41 |
} |
42 |
|
43 |
diff --git a/net-vpn/peervpn/peervpn-0.044-r3.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild |
44 |
similarity index 70% |
45 |
rename from net-vpn/peervpn/peervpn-0.044-r3.ebuild |
46 |
rename to net-vpn/peervpn/peervpn-0.044-r4.ebuild |
47 |
index 14ae94d7c02..158c4a4da2b 100644 |
48 |
--- a/net-vpn/peervpn/peervpn-0.044-r3.ebuild |
49 |
+++ b/net-vpn/peervpn/peervpn-0.044-r4.ebuild |
50 |
@@ -42,8 +42,9 @@ src_install() { |
51 |
|
52 |
insinto /etc/${PN} |
53 |
newins peervpn.conf peervpn.conf.example |
54 |
- fowners ${PN}:${PN} /etc/${PN} |
55 |
- fperms 0700 /etc/${PN} |
56 |
+ # read-only group access for bug 629418 |
57 |
+ fowners root:${PN} /etc/${PN} |
58 |
+ fperms 0750 /etc/${PN} |
59 |
|
60 |
newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
61 |
systemd_dounit "${FILESDIR}/${PN}.service" |
62 |
@@ -52,3 +53,13 @@ src_install() { |
63 |
insinto /etc/logrotate.d |
64 |
newins "${FILESDIR}/${PN}.logrotated" "${PN}" |
65 |
} |
66 |
+ |
67 |
+pkg_preinst() { |
68 |
+ if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ |
69 |
+ [[ -d ${EROOT}etc/${PN} && |
70 |
+ $(find "${EROOT}etc/peervpn" ! -user root -print) ]]; then |
71 |
+ ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418" |
72 |
+ chown -R root:${PN} "${EROOT}etc/${PN}" || die |
73 |
+ chmod -R g+rX-w,o-rwx "${EROOT}etc/${PN}" || die |
74 |
+ fi |
75 |
+} |