[arch-commits] Commit in tinyproxy/trunk (4 files)
Daniel Micay
thestinger at nymeria.archlinux.org
Fri Apr 11 20:02:24 UTC 2014
Date: Friday, April 11, 2014 @ 22:02:23
Author: thestinger
Revision: 109219
upgpkg: tinyproxy 1.8.3-8
* use the syslog support to log to the journal, avoiding a log directory/file
* run as tinyproxy:tinyproxy instead of nobody:nobody, to avoid being
vulnerable to other processes running as nobody
* add glibc dependency to make namcap happy
Sadly, PrivateDevices=yes is not possible due to using syslog.
Added:
tinyproxy/trunk/config.patch
Modified:
tinyproxy/trunk/PKGBUILD
tinyproxy/trunk/tinyproxy.install
tinyproxy/trunk/tinyproxy.tmpfiles.conf
-------------------------+
PKGBUILD | 22 +++++++++++++---------
config.patch | 31 +++++++++++++++++++++++++++++++
tinyproxy.install | 20 ++++++++++++++++++--
tinyproxy.tmpfiles.conf | 2 +-
4 files changed, 63 insertions(+), 12 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2014-04-11 19:25:53 UTC (rev 109218)
+++ PKGBUILD 2014-04-11 20:02:23 UTC (rev 109219)
@@ -1,24 +1,33 @@
# $Id$
# Maintainer: Lukas Fleischer <archlinux at cryptocrack dot de>
+# Contributor: Daniel Micay <danielmicay at gmail.com>
# Contributor: Andrea Zucchelli <zukka77 at gmail.com>
pkgname=tinyproxy
pkgver=1.8.3
-pkgrel=7
+pkgrel=8
pkgdesc='A light-weight HTTP proxy daemon for POSIX operating systems.'
arch=('i686' 'x86_64')
url='https://banu.com/tinyproxy/'
license=('GPL')
+depends=(glibc)
makedepends=('asciidoc')
install="${pkgname}.install"
backup=('etc/tinyproxy/tinyproxy.conf')
source=("https://banu.com/pub/${pkgname}/1.8/${pkgname}-${pkgver}.tar.bz2"
'tinyproxy.tmpfiles.conf'
- 'tinyproxy.service')
+ 'tinyproxy.service'
+ config.patch)
md5sums=('292ac51da8ad6ae883d4ebf56908400d'
- '3c2764578f26581346fe312da0519a3e'
- '41938243faca487a14beeee5114f244e')
+ 'b747d0f253ba7bb3f604e69a35a278bf'
+ '41938243faca487a14beeee5114f244e'
+ '9739e020c40abefd6e921e9cff854f35')
+prepare() {
+ cd $pkgname-$pkgver
+ patch -p0 -i ../config.patch
+}
+
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
@@ -33,11 +42,6 @@
make DESTDIR="${pkgdir}" install
install -Dm0644 "${srcdir}/tinyproxy.tmpfiles.conf" "${pkgdir}/usr/lib/tmpfiles.d/tinyproxy.conf"
- install -dm0755 -o nobody -g nobody "${pkgdir}/var/log/${pkgname}"
-
- # Provide sane defaults
- sed -i '/^#Listen/a\Listen 127.0.0.1' "${pkgdir}/etc/tinyproxy/tinyproxy.conf"
-
install -Dm0644 "${srcdir}/tinyproxy.service" \
"${pkgdir}/usr/lib/systemd/system/tinyproxy.service"
}
Added: config.patch
===================================================================
--- config.patch (rev 0)
+++ config.patch 2014-04-11 20:02:23 UTC (rev 109219)
@@ -0,0 +1,31 @@
+--- etc/tinyproxy.conf.in 2010-03-03 04:37:24.000000000 -0500
++++ etc/tinyproxy.conf.in.arch 2014-04-11 15:43:53.340725405 -0400
+@@ -12,8 +12,8 @@
+ # as the root user. Either the user or group name or the UID or GID
+ # number may be used.
+ #
+-User nobody
+-Group nobody
++User tinyproxy
++Group tinyproxy
+
+ #
+ # Port: Specify the port which tinyproxy will listen on. Please note
+@@ -27,7 +27,7 @@
+ # only one. If this is commented out, tinyproxy will bind to all
+ # interfaces present.
+ #
+-#Listen 192.168.0.1
++Listen 127.0.0.1
+
+ #
+ # Bind: This allows you to specify which interface will be used for
+@@ -99,7 +99,7 @@
+ # option must not be enabled if the Logfile directive is being used.
+ # These two directives are mutually exclusive.
+ #
+-#Syslog On
++Syslog On
+
+ #
+ # LogLevel:
Modified: tinyproxy.install
===================================================================
--- tinyproxy.install 2014-04-11 19:25:53 UTC (rev 109218)
+++ tinyproxy.install 2014-04-11 20:02:23 UTC (rev 109219)
@@ -1,9 +1,25 @@
post_install() {
- if [ ! -d /var/run/tinyproxy ]; then
- install -dm0770 -o nobody -g nobody /var/run/tinyproxy
+ getent group tinyproxy &>/dev/null || groupadd -g 186 tinyproxy >/dev/null
+ getent passwd tinyproxy &>/dev/null || useradd -u 186 -g tinyproxy -d / \
+ -c 'HTTP proxy daemon' \
+ -s /bin/nologin \
+ tinyproxy >/dev/null
+ if [ ! -d /run/tinyproxy ]; then
+ install -dm0770 -o tinyproxy -g tinyproxy /run/tinyproxy
fi
}
post_upgrade() {
post_install "$@"
+
+ if [[ $(vercmp $2 1.8.3-7) -le 0 ]]; then
+ post_install
+ chown -R tinyproxy:tinyproxy /run/tinyproxy
+ fi
}
+
+post_remove() {
+ getent passwd tinyproxy &>/dev/null && userdel tinyproxy >/dev/null
+ getent group tinyproxy &>/dev/null && groupdel tinyproxy >/dev/null
+ true
+}
Modified: tinyproxy.tmpfiles.conf
===================================================================
--- tinyproxy.tmpfiles.conf 2014-04-11 19:25:53 UTC (rev 109218)
+++ tinyproxy.tmpfiles.conf 2014-04-11 20:02:23 UTC (rev 109219)
@@ -1 +1 @@
-d /var/run/tinyproxy 0770 nobody nobody -
+d /run/tinyproxy 0770 tinyproxy tinyproxy -
More information about the arch-commits
mailing list