[CVS] OpenPKG: openpkg-src/bacula/ bacula.spec

Fri, 07 Oct 2005 04:56:09 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /v/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   07-Oct-2005 13:56:09
  Branch: HEAD                             Handle: 2005100712560900

  Modified files:
    openpkg-src/bacula      bacula.spec

  Log:
    as discussioned, OpenPKG user/group ownerships should be built-time
    options to not allow circumvent the security design decisions of
    packages. If different user/groups are necessary because of access
    restrictions and environment constraints, either a local package
    modification should be made or some setuid/setgid-wrappers locally
    installed, etc

  Summary:
    Revision    Changes     Path
    1.14        +16 -18     openpkg-src/bacula/bacula.spec
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/bacula/bacula.spec
  ============================================================================
  $ cvs diff -u -r1.13 -r1.14 bacula.spec
  --- openpkg-src/bacula/bacula.spec    1 Oct 2005 19:34:07 -0000       1.13
  +++ openpkg-src/bacula/bacula.spec    7 Oct 2005 11:56:09 -0000       1.14
  @@ -39,12 +39,10 @@
   Group:        System
   License:      GPL
   Version:      %{V_bacula}
  -Release:      20051001
  +Release:      20051007
   
   #   package options
   %option       with_server       yes
  -%option       with_user         %{l_rusr}
  -%option       with_group        %{l_rgrp}
   %option       with_ssl          yes
   %option       with_wrap         no
   %option       with_dvd          no
  @@ -169,10 +167,10 @@
       LDFLAGS="%{l_ldflags}" \
       ./configure \
           --prefix=%{l_prefix} \
  -        --with-dir-user=%{with_user} \
  -        --with-dir-group=%{with_group} \
  -        --with-sd-user=%{with_user} \
  -        --with-sd-group=%{with_group} \
  +        --with-dir-user=%{l_rusr} \
  +        --with-dir-group=%{l_rgrp} \
  +        --with-sd-user=%{l_rusr} \
  +        --with-sd-group=%{l_rgrp} \
           --with-fd-user=%{l_susr} \
           --with-fd-group=%{l_sgrp} \
           --disable-conio \
  @@ -282,21 +280,21 @@
       #   determine installation files
       %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
           %{l_files_std} \
  -        '%attr(700,%{with_user},%{with_group}) %{l_prefix}/var/bacula' \
  -        '%attr(700,%{with_user},%{with_group}) %{l_prefix}/var/bacula/run' \
  -        '%attr(700,%{with_user},%{with_group}) 
%{l_prefix}/var/bacula/run/subsys' \
  -        '%attr(-,-,%{with_group}) %{l_prefix}/libexec/bacula/dvd-freespace' \
  -        '%attr(-,-,%{with_group}) %{l_prefix}/libexec/bacula/dvd-writepart' \
  -        '%attr(-,-,%{with_group}) %{l_prefix}/libexec/bacula/mtx-changer' \
  -        '%attr(-,-,%{with_group}) 
%{l_prefix}/libexec/bacula/make_catalog_backup' \
  -        '%attr(-,-,%{with_group}) 
%{l_prefix}/libexec/bacula/delete_catalog_backup'\
  +        '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula' \
  +        '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula/run' \
  +        '%attr(700,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bacula/run/subsys' \
  +        '%attr(-,-,%{l_rgrp}) %{l_prefix}/libexec/bacula/dvd-freespace' \
  +        '%attr(-,-,%{l_rgrp}) %{l_prefix}/libexec/bacula/dvd-writepart' \
  +        '%attr(-,-,%{l_rgrp}) %{l_prefix}/libexec/bacula/mtx-changer' \
  +        '%attr(-,-,%{l_rgrp}) 
%{l_prefix}/libexec/bacula/make_catalog_backup' \
  +        '%attr(-,-,%{l_rgrp}) 
%{l_prefix}/libexec/bacula/delete_catalog_backup'\
           '%config(noreplace) %{l_prefix}/etc/bacula/bacula-sd.conf' \
           '%config(noreplace) %{l_prefix}/etc/bacula/bacula-fd.conf' \
           '%config(noreplace) %{l_prefix}/etc/bacula/bacula-dir.conf' \
           '%config(noreplace) %{l_prefix}/etc/bacula/bconsole.conf' \
  -        '%attr(640,-,%{with_group}) %{l_prefix}/etc/bacula/bacula-sd.conf' \
  +        '%attr(640,-,%{l_rgrp}) %{l_prefix}/etc/bacula/bacula-sd.conf' \
           '%attr(640,-,-)             %{l_prefix}/etc/bacula/bacula-fd.conf' \
  -        '%attr(640,-,%{with_group}) %{l_prefix}/etc/bacula/bacula-dir.conf' \
  +        '%attr(640,-,%{l_rgrp}) %{l_prefix}/etc/bacula/bacula-dir.conf' \
           '%attr(640,-,-)             %{l_prefix}/etc/bacula/bconsole.conf' \
   %if "%{with_wxconsole}" == "yes"
           '%config(noreplace) %{l_prefix}/etc/bacula/wx-console.conf' \
  @@ -318,7 +316,7 @@
       if [ ! -f $RPM_INSTALL_PREFIX/var/bacula/bacula.db ]; then
           $RPM_INSTALL_PREFIX/libexec/bacula/make_bacula_tables
           chmod 600 $RPM_INSTALL_PREFIX/var/bacula/bacula.db
  -        chown %{with_user}:%{with_group} 
$RPM_INSTALL_PREFIX/var/bacula/bacula.db
  +        chown %{l_rusr}:%{l_rgrp} $RPM_INSTALL_PREFIX/var/bacula/bacula.db
       fi
   
       #   generate default passwords
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     openpkg-cvs@openpkg.org

Reply via email to