[arch-commits] Commit in polipo/trunk (PKGBUILD polipo.install polipo.service)
Daniel Micay
thestinger at nymeria.archlinux.org
Fri Apr 11 03:50:45 UTC 2014
Date: Friday, April 11, 2014 @ 05:50:44
Author: thestinger
Revision: 109175
upgpkg: polipo 1.0.4.1-11
run as polipo:polipo, not nobody:nobody
Using the nobody user is insecure, because it makes the service vulnerable to
anything else running as the nobody user.
Modified:
polipo/trunk/PKGBUILD
polipo/trunk/polipo.install
polipo/trunk/polipo.service
----------------+
PKGBUILD | 6 +++---
polipo.install | 30 +++++++++++++++++++++++++++++-
polipo.service | 2 +-
3 files changed, 33 insertions(+), 5 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-11 03:34:30 UTC (rev 109174)
+++ PKGBUILD 2014-04-11 03:50:44 UTC (rev 109175)
@@ -8,7 +8,7 @@
pkgname=polipo
pkgver=1.0.4.1
-pkgrel=10
+pkgrel=11
pkgdesc="A small and fast caching web proxy."
arch=('i686' 'x86_64')
url="http://www.pps.jussieu.fr/~jch/software/polipo/"
@@ -19,7 +19,7 @@
source=("http://freehaven.net/~chrisd/polipo/polipo-$pkgver.tar.gz"
polipo.service)
md5sums=('bfc5c85289519658280e093a270d6703'
- 'db95d3ac8e571dcb81c02fbb6600ba28')
+ 'bec010ab5e49e6bdb65a825f11333cfd')
build() {
cd "$srcdir/$pkgname-$pkgver"
@@ -45,7 +45,7 @@
# install systemd service
install -Dm 644 "$srcdir/polipo.service" "$pkgdir/usr/lib/systemd/system/polipo.service"
- install -dm 700 "$pkgdir/var/cache/polipo"
+ install -dm 700 -o 185 -g 185 "$pkgdir/var/cache/polipo"
}
# vim:set ts=2 sw=2 et:
Modified: polipo.install
===================================================================
--- polipo.install 2014-04-11 03:34:30 UTC (rev 109174)
+++ polipo.install 2014-04-11 03:50:44 UTC (rev 109175)
@@ -1,15 +1,37 @@
infodir=/usr/share/info
filelist=(polipo.info)
+create_polipo_user() {
+ getent group polipo &>/dev/null || groupadd -g 185 polipo >/dev/null
+ getent passwd polipo &>/dev/null || useradd -u 185 -g polipo \
+ -d /var/cache/polipo \
+ -c 'Caching web proxy' \
+ -s /bin/nologin polipo >/dev/null
+}
+
post_install() {
[ -x usr/bin/install-info ] || return 0
for file in ${filelist[@]}; do
install-info $infodir/$file $infodir/dir 2> /dev/null
done
- chown -R nobody:nobody /var/cache/polipo 2> /dev/null
+ create_polipo_user
}
post_upgrade() {
+ if [[ $(vercmp $2 1.0.4.1-11) -le 0 ]]; then
+ echo Stopping polipo service in order to modify the user/group.
+ systemctl stop polipo
+
+ # in case the user/group were already created as recommended by the wiki
+ userdel polipo &>/dev/null
+ groupdel polipo &>/dev/null
+
+ create_polipo_user
+ chown -R 185:185 /var/cache/polipo
+
+ echo You may now restart the polipo service.
+ fi
+
post_install $1
}
@@ -20,4 +42,10 @@
done
}
+post_remove() {
+ getent passwd polipo &>/dev/null && userdel polipo >/dev/null
+ getent group polipo &>/dev/null && groupdel polipo >/dev/null
+ true
+}
+
# vim:set ts=2 sw=2 et:
Modified: polipo.service
===================================================================
--- polipo.service 2014-04-11 03:34:30 UTC (rev 109174)
+++ polipo.service 2014-04-11 03:50:44 UTC (rev 109175)
@@ -4,7 +4,7 @@
[Service]
ExecStart=/usr/bin/polipo
-User=nobody
+User=polipo
[Install]
WantedBy=multi-user.target
More information about the arch-commits
mailing list