| 1 |
commit: fe0d13da698c205e0d71eff7c1fb5ef12b3b83ca |
| 2 |
Author: Zac Medico <zmedico <AT> gentoo <DOT> org> |
| 3 |
AuthorDate: Sun Sep 3 21:39:40 2017 +0000 |
| 4 |
Commit: Zac Medico <zmedico <AT> gentoo <DOT> org> |
| 5 |
CommitDate: Sun Sep 3 21:53:10 2017 +0000 |
| 6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fe0d13da |
| 7 |
|
| 8 |
net-vpn/peervpn: revbump to 0.044-r4 for bug 629418 |
| 9 |
|
| 10 |
Package-Manager: Portage-2.3.8, Repoman-2.3.2 |
| 11 |
|
| 12 |
net-vpn/peervpn/files/peervpn.initd | 9 ++------- |
| 13 |
.../{peervpn-0.044-r3.ebuild => peervpn-0.044-r4.ebuild} | 15 +++++++++++++-- |
| 14 |
2 files changed, 15 insertions(+), 9 deletions(-) |
| 15 |
|
| 16 |
diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd |
| 17 |
index b02458ae16c..15390d4e866 100644 |
| 18 |
--- a/net-vpn/peervpn/files/peervpn.initd |
| 19 |
+++ b/net-vpn/peervpn/files/peervpn.initd |
| 20 |
@@ -1,9 +1,9 @@ |
| 21 |
#!/sbin/openrc-run |
| 22 |
-# Copyright 2016 Gentoo Foundation |
| 23 |
+# Copyright 2016-2017 Gentoo Foundation |
| 24 |
# Distributed under the terms of the GNU General Public License v2 |
| 25 |
|
| 26 |
description="peervpn server" |
| 27 |
-pidfile=${pidfile:-"/run/${SVCNAME}/${SVCNAME}.pid"} |
| 28 |
+pidfile=${pidfile:-"/run/${SVCNAME}.pid"} |
| 29 |
logfile=${logfile:-"/var/log/${SVCNAME}/${SVCNAME}.log"} |
| 30 |
user=${SVCNAME} |
| 31 |
group=${SVCNAME} |
| 32 |
@@ -18,9 +18,4 @@ start_stop_daemon_args=" |
| 33 |
|
| 34 |
depend() { |
| 35 |
need net |
| 36 |
- after net |
| 37 |
-} |
| 38 |
- |
| 39 |
-start_pre() { |
| 40 |
- checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}" |
| 41 |
} |
| 42 |
|
| 43 |
diff --git a/net-vpn/peervpn/peervpn-0.044-r3.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild |
| 44 |
similarity index 70% |
| 45 |
rename from net-vpn/peervpn/peervpn-0.044-r3.ebuild |
| 46 |
rename to net-vpn/peervpn/peervpn-0.044-r4.ebuild |
| 47 |
index 14ae94d7c02..158c4a4da2b 100644 |
| 48 |
--- a/net-vpn/peervpn/peervpn-0.044-r3.ebuild |
| 49 |
+++ b/net-vpn/peervpn/peervpn-0.044-r4.ebuild |
| 50 |
@@ -42,8 +42,9 @@ src_install() { |
| 51 |
|
| 52 |
insinto /etc/${PN} |
| 53 |
newins peervpn.conf peervpn.conf.example |
| 54 |
- fowners ${PN}:${PN} /etc/${PN} |
| 55 |
- fperms 0700 /etc/${PN} |
| 56 |
+ # read-only group access for bug 629418 |
| 57 |
+ fowners root:${PN} /etc/${PN} |
| 58 |
+ fperms 0750 /etc/${PN} |
| 59 |
|
| 60 |
newinitd "${FILESDIR}/${PN}.initd" "${PN}" |
| 61 |
systemd_dounit "${FILESDIR}/${PN}.service" |
| 62 |
@@ -52,3 +53,13 @@ src_install() { |
| 63 |
insinto /etc/logrotate.d |
| 64 |
newins "${FILESDIR}/${PN}.logrotated" "${PN}" |
| 65 |
} |
| 66 |
+ |
| 67 |
+pkg_preinst() { |
| 68 |
+ if ! has_version '>=net-vpn/peervpn-0.044-r4' && \ |
| 69 |
+ [[ -d ${EROOT}etc/${PN} && |
| 70 |
+ $(find "${EROOT}etc/peervpn" ! -user root -print) ]]; then |
| 71 |
+ ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418" |
| 72 |
+ chown -R root:${PN} "${EROOT}etc/${PN}" || die |
| 73 |
+ chmod -R g+rX-w,o-rwx "${EROOT}etc/${PN}" || die |
| 74 |
+ fi |
| 75 |
+} |
Archives