[arch-commits] Commit in tinyproxy/trunk (4 files)

Daniel Micay thestinger at nymeria.archlinux.org
Fri Apr 11 20:02:24 UTC 2014 

    Date: Friday, April 11, 2014 @ 22:02:23
  Author: thestinger
Revision: 109219

upgpkg: tinyproxy 1.8.3-8

* use the syslog support to log to the journal, avoiding a log directory/file
* run as tinyproxy:tinyproxy instead of nobody:nobody, to avoid being
  vulnerable to other processes running as nobody
* add glibc dependency to make namcap happy

Sadly, PrivateDevices=yes is not possible due to using syslog.

Added:
  tinyproxy/trunk/config.patch
Modified:
  tinyproxy/trunk/PKGBUILD
  tinyproxy/trunk/tinyproxy.install
  tinyproxy/trunk/tinyproxy.tmpfiles.conf

-------------------------+
 PKGBUILD                |   22 +++++++++++++---------
 config.patch            |   31 +++++++++++++++++++++++++++++++
 tinyproxy.install       |   20 ++++++++++++++++++--
 tinyproxy.tmpfiles.conf |    2 +-
 4 files changed, 63 insertions(+), 12 deletions(-)

Modified: PKGBUILD
===================================================================
--- PKGBUILD	2014-04-11 19:25:53 UTC (rev 109218)
+++ PKGBUILD	2014-04-11 20:02:23 UTC (rev 109219)
@@ -1,24 +1,33 @@
 # $Id$
 # Maintainer: Lukas Fleischer <archlinux at cryptocrack dot de>
+# Contributor: Daniel Micay <danielmicay at gmail.com>
 # Contributor: Andrea Zucchelli <zukka77 at gmail.com>
 
 pkgname=tinyproxy
 pkgver=1.8.3
-pkgrel=7
+pkgrel=8
 pkgdesc='A light-weight HTTP proxy daemon for POSIX operating systems.'
 arch=('i686' 'x86_64')
 url='https://banu.com/tinyproxy/'
 license=('GPL')
+depends=(glibc)
 makedepends=('asciidoc')
 install="${pkgname}.install"
 backup=('etc/tinyproxy/tinyproxy.conf')
 source=("https://banu.com/pub/${pkgname}/1.8/${pkgname}-${pkgver}.tar.bz2"
         'tinyproxy.tmpfiles.conf'
-        'tinyproxy.service')
+        'tinyproxy.service'
+        config.patch)
 md5sums=('292ac51da8ad6ae883d4ebf56908400d'
-         '3c2764578f26581346fe312da0519a3e'
-         '41938243faca487a14beeee5114f244e')
+         'b747d0f253ba7bb3f604e69a35a278bf'
+         '41938243faca487a14beeee5114f244e'
+         '9739e020c40abefd6e921e9cff854f35')
 
+prepare() {
+  cd $pkgname-$pkgver
+  patch -p0 -i ../config.patch
+}
+
 build() {
   cd "${srcdir}/${pkgname}-${pkgver}"
 
@@ -33,11 +42,6 @@
   make DESTDIR="${pkgdir}" install
   install -Dm0644 "${srcdir}/tinyproxy.tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/tinyproxy.conf"
 
-  install -dm0755 -o nobody -g nobody "${pkgdir}/var/log/${pkgname}"
-
-  # Provide sane defaults
-  sed -i '/^#Listen/a\Listen 127.0.0.1' "${pkgdir}/etc/tinyproxy/tinyproxy.conf"
-
   install -Dm0644 "${srcdir}/tinyproxy.service" \
     "${pkgdir}/usr/lib/systemd/system/tinyproxy.service"
 }

Added: config.patch
===================================================================
--- config.patch	                        (rev 0)
+++ config.patch	2014-04-11 20:02:23 UTC (rev 109219)
@@ -0,0 +1,31 @@
+--- etc/tinyproxy.conf.in	2010-03-03 04:37:24.000000000 -0500
++++ etc/tinyproxy.conf.in.arch	2014-04-11 15:43:53.340725405 -0400
+@@ -12,8 +12,8 @@
+ # as the root user. Either the user or group name or the UID or GID
+ # number may be used.
+ #
+-User nobody
+-Group nobody
++User tinyproxy
++Group tinyproxy
+ 
+ #
+ # Port: Specify the port which tinyproxy will listen on.  Please note
+@@ -27,7 +27,7 @@
+ # only one. If this is commented out, tinyproxy will bind to all
+ # interfaces present.
+ #
+-#Listen 192.168.0.1
++Listen 127.0.0.1
+ 
+ #
+ # Bind: This allows you to specify which interface will be used for
+@@ -99,7 +99,7 @@
+ # option must not be enabled if the Logfile directive is being used.
+ # These two directives are mutually exclusive.
+ #
+-#Syslog On
++Syslog On
+ 
+ #
+ # LogLevel: 

Modified: tinyproxy.install
===================================================================
--- tinyproxy.install	2014-04-11 19:25:53 UTC (rev 109218)
+++ tinyproxy.install	2014-04-11 20:02:23 UTC (rev 109219)
@@ -1,9 +1,25 @@
 post_install() {
-  if [ ! -d /var/run/tinyproxy ]; then
-    install -dm0770 -o nobody -g nobody /var/run/tinyproxy
+  getent group tinyproxy &>/dev/null || groupadd -g 186 tinyproxy >/dev/null
+  getent passwd tinyproxy &>/dev/null || useradd -u 186 -g tinyproxy -d / \
+                                                 -c 'HTTP proxy daemon' \
+                                                 -s /bin/nologin \
+                                                 tinyproxy >/dev/null
+  if [ ! -d /run/tinyproxy ]; then
+    install -dm0770 -o tinyproxy -g tinyproxy /run/tinyproxy
   fi
 }
 
 post_upgrade() {
   post_install "$@"
+
+  if [[ $(vercmp $2 1.8.3-7) -le 0 ]]; then
+    post_install
+    chown -R tinyproxy:tinyproxy /run/tinyproxy
+  fi
 }
+
+post_remove() {
+  getent passwd tinyproxy &>/dev/null && userdel tinyproxy >/dev/null
+  getent group tinyproxy &>/dev/null && groupdel tinyproxy >/dev/null
+  true
+}

Modified: tinyproxy.tmpfiles.conf
===================================================================
--- tinyproxy.tmpfiles.conf	2014-04-11 19:25:53 UTC (rev 109218)
+++ tinyproxy.tmpfiles.conf	2014-04-11 20:02:23 UTC (rev 109219)
@@ -1 +1 @@
-d /var/run/tinyproxy 0770 nobody nobody -
+d /run/tinyproxy 0770 tinyproxy tinyproxy -

More information about the arch-commits mailing list