[crux-commits] ports/contrib (3.6): avahi: added a system user to drop root privliges, wheel group members can now interact with avahi-daemon, use rejmerge

crux at crux.nu crux at crux.nu
Sat Feb 20 09:44:45 UTC 2021


commit 559663a1b83be9bd1134603b63f725c0a9246ccb
Author: Tim Biermann <tbier at posteo.de>
Date:   Fri Feb 19 19:08:16 2021 +0000

    avahi: added a system user to drop root privliges, wheel group members can now interact with avahi-daemon, use rejmerge

diff --git a/avahi/.footprint b/avahi/.footprint
index 1faacc119..dd4e4f274 100644
--- a/avahi/.footprint
+++ b/avahi/.footprint
@@ -71,37 +71,30 @@ drwxr-xr-x	root/root	usr/lib/avahi/
 drwxr-xr-x	root/root	usr/lib/girepository-1.0/
 -rw-r--r--	root/root	usr/lib/girepository-1.0/Avahi-0.6.typelib
 -rw-r--r--	root/root	usr/lib/girepository-1.0/AvahiCore-0.6.typelib
--rw-r--r--	root/root	usr/lib/libavahi-client.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-client.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-client.so -> libavahi-client.so.3.2.9
 lrwxrwxrwx	root/root	usr/lib/libavahi-client.so.3 -> libavahi-client.so.3.2.9
 -rwxr-xr-x	root/root	usr/lib/libavahi-client.so.3.2.9
--rw-r--r--	root/root	usr/lib/libavahi-common.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-common.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-common.so -> libavahi-common.so.3.5.4
 lrwxrwxrwx	root/root	usr/lib/libavahi-common.so.3 -> libavahi-common.so.3.5.4
 -rwxr-xr-x	root/root	usr/lib/libavahi-common.so.3.5.4
--rw-r--r--	root/root	usr/lib/libavahi-core.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-core.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-core.so -> libavahi-core.so.7.1.0
 lrwxrwxrwx	root/root	usr/lib/libavahi-core.so.7 -> libavahi-core.so.7.1.0
 -rwxr-xr-x	root/root	usr/lib/libavahi-core.so.7.1.0
--rw-r--r--	root/root	usr/lib/libavahi-glib.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-glib.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-glib.so -> libavahi-glib.so.1.0.2
 lrwxrwxrwx	root/root	usr/lib/libavahi-glib.so.1 -> libavahi-glib.so.1.0.2
 -rwxr-xr-x	root/root	usr/lib/libavahi-glib.so.1.0.2
--rw-r--r--	root/root	usr/lib/libavahi-gobject.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-gobject.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-gobject.so -> libavahi-gobject.so.0.0.5
 lrwxrwxrwx	root/root	usr/lib/libavahi-gobject.so.0 -> libavahi-gobject.so.0.0.5
 -rwxr-xr-x	root/root	usr/lib/libavahi-gobject.so.0.0.5
--rw-r--r--	root/root	usr/lib/libavahi-libevent.a
 -rwxr-xr-x	root/root	usr/lib/libavahi-libevent.la
 lrwxrwxrwx	root/root	usr/lib/libavahi-libevent.so -> libavahi-libevent.so.1.0.0
 lrwxrwxrwx	root/root	usr/lib/libavahi-libevent.so.1 -> libavahi-libevent.so.1.0.0
 -rwxr-xr-x	root/root	usr/lib/libavahi-libevent.so.1.0.0
--rw-r--r--	root/root	usr/lib/libdns_sd.a
 -rwxr-xr-x	root/root	usr/lib/libdns_sd.la
 lrwxrwxrwx	root/root	usr/lib/libdns_sd.so -> libdns_sd.so.1.0.0
 lrwxrwxrwx	root/root	usr/lib/libdns_sd.so.1 -> libdns_sd.so.1.0.0
diff --git a/avahi/.signature b/avahi/.signature
index d3beeca23..7212c8e20 100644
--- a/avahi/.signature
+++ b/avahi/.signature
@@ -1,8 +1,8 @@
 untrusted comment: verify with /etc/ports/contrib.pub
-RWSagIOpLGJF39oPNixkLCJb0e/QbVjzfMX3C8UoXG3o16AklPygfRA0AsmpuW1bfMLSTKTniQp0zx5WmJItCjJUum3W5zn7CwA=
-SHA256 (Pkgfile) = 71c66d8077a1fe691c1f5f2a95c0bda68049e7ce0044a44a25c2b30a3541555e
-SHA256 (.footprint) = aa8ee19b71233a73a128054c70c616b4fc2fb7fe2d16d90d5c1c4c645b2b14e1
+RWSagIOpLGJF3wWy+nfyLin6g7CponHJSRQh/nHiwMEVj8hCret/BPF8I9hVqcWDYNrU+24lfN8VbqKpuP5qkZb2keDcgL+iOgw=
+SHA256 (Pkgfile) = 12856c3571c0706d6028f125f94d2f137f9b125b907a305f7f27c348f54e8fc0
+SHA256 (.footprint) = 539745708360fcb1f8e2ec7a7dd993750e5d9b03491f436f5341a76b71aef949
 SHA256 (avahi-0.8.tar.gz) = 060309d7a333d38d951bc27598c677af1796934dbd98e1024e7ad8de798fedda
 SHA256 (avahi-0.8-ipv6_race_condition_fix-1.patch) = 218c909581d0ca2c86c8145bb0797050d987a6b0ae3417949dbe2a6d55c49360
-SHA256 (avahi-daemon.rc) = 032e83dd665f95436234309226c11d31231ab4fd7689c9d6cf64efbf8d3db8a3
+SHA256 (avahi-daemon.service) = 27fef1ede68353d75f5848dc23daa2f8f5a38fb2ff0fdd87d9c4309896754e0b
 SHA256 (reverse-move-to-run.patch) = a333bcf15dd3e72ac99b2e883202e7170d2ff27bf61820413235bc9f3c9c2605
diff --git a/avahi/Pkgfile b/avahi/Pkgfile
index 0a70f1105..2e2ebf2b5 100644
--- a/avahi/Pkgfile
+++ b/avahi/Pkgfile
@@ -5,26 +5,30 @@
 
 name=avahi
 version=0.8
-release=2
+release=3
 source=(https://github.com/lathiat/avahi/releases/download/v$version/$name-$version.tar.gz
-  avahi-0.8-ipv6_race_condition_fix-1.patch
-  avahi-daemon.rc reverse-move-to-run.patch)
+  avahi-0.8-ipv6_race_condition_fix-1.patch avahi-daemon.service reverse-move-to-run.patch)
 
 build() {
   cd $name-$version
   patch -Np1 -i $SRC/reverse-move-to-run.patch
   patch -Np1 -i $SRC/avahi-0.8-ipv6_race_condition_fix-1.patch
+
   NOCONFIGURE=1 ./autogen.sh
   ./configure --prefix=/usr \
     --sysconfdir=/etc \
     --localstatedir=/var \
     --with-distro=none \
-    --disable-{gtk,gtk3,qt3,qt4,qt5,python} \
-    --disable-{pygobject,python-dbus,mono,mono-doc,nls} \
-    --enable-compat-libdns_sd
+    --with-autoipd-user=avahi \
+    --with-autoipd-group=avahi \
+    --with-avahi-priv-access-group=wheel \
+    --enable-compat-libdns_sd \
+    --disable-{gtk,gtk3,qt3,qt4,qt5,python,static} \
+    --disable-{pygobject,python-dbus,mono,mono-doc,nls}
   make
   make DESTDIR=$PKG install
 
   ln -s avahi-compat-libdns_sd/dns_sd.h $PKG/usr/include/dns_sd.h
-  install -D -m 0755 $SRC/avahi-daemon.rc $PKG/etc/rc.d/avahi-daemon
+  install -D -m 0755 $SRC/avahi-daemon.service $PKG/etc/rc.d/avahi-daemon
+  mkdir $PKG/var/run/avahi
 }
diff --git a/avahi/avahi-daemon.rc b/avahi/avahi-daemon.rc
deleted file mode 100644
index c23681382..000000000
--- a/avahi/avahi-daemon.rc
+++ /dev/null
@@ -1,36 +0,0 @@
-#!/bin/sh
-#
-# /etc/rc.d/avahi-daemon: start/stop avahi daemon
-#
-
-SSD=/sbin/start-stop-daemon
-PROG=/usr/sbin/avahi-daemon
-PID=/var/run/avahi-daemon/pid
-OPTS="-D"
-
-case $1 in
-	start)
-		$SSD --start --pidfile $PID --exec $PROG -- $OPTS
-		;;
-	stop)
-		$SSD --stop --retry 10 --name avahi-daemon --pidfile $PID
-		;;
-	restart)
-		$0 stop
-		$0 start
-		;;
-	status)
-		$SSD --status --name avahi-daemon --pidfile $PID
-		case $? in
-			0) echo "$PROG is running with pid $(cat $PID)" ;;
-			1) echo "$PROG is not running but the pid file $PID exists" ;;
-			3) echo "$PROG is not running" ;;
-			4) echo "Unable to determine the program status" ;;
-		esac
-		;;
-	*)
-		echo "usage: $0 [start|stop|restart|status]"
-		;;
-esac
-
-# End of file
diff --git a/avahi/avahi-daemon.service b/avahi/avahi-daemon.service
new file mode 100644
index 000000000..4aad2300b
--- /dev/null
+++ b/avahi/avahi-daemon.service
@@ -0,0 +1,38 @@
+#!/bin/sh
+#
+# /etc/rc.d/avahi-daemon: start/stop avahi daemon
+#
+
+SSD=/sbin/start-stop-daemon
+PROG=/usr/sbin/avahi-daemon
+NAME=avahi-daemon
+PID=/var/run/avahi-daemon/pid
+USER=avahi
+OPTS="-D"
+
+case $1 in
+  start)
+    $SSD --start --pidfile $PID --user $USER --exec $PROG -- $OPTS
+    ;;
+  stop)
+    $SSD --stop --retry 10 --name $NAME --pidfile $PID
+    ;;
+  restart)
+    $0 stop
+    $0 start
+    ;;
+  status)
+    $SSD --status --name $NAME --pidfile $PID
+    case $? in
+      0) echo "$PROG is running with pid $(cat $PID)" ;;
+      1) echo "$PROG is not running but the pid file $PID exists" ;;
+      3) echo "$PROG is not running" ;;
+      4) echo "Unable to determine the program status" ;;
+    esac
+    ;;
+  *)
+    echo "usage: $0 [start|stop|restart|status]"
+    ;;
+esac
+
+# End of file
diff --git a/avahi/pre-install b/avahi/pre-install
index 6d6004ee5..89e577220 100644
--- a/avahi/pre-install
+++ b/avahi/pre-install
@@ -1,10 +1,4 @@
 #!/bin/sh
-
-if [ -z "`getent group avahi`" ]; then
-	/usr/sbin/groupadd --system avahi
-fi
-
-if [ -z "`getent passwd avahi`" ]; then
-	/usr/sbin/useradd -r -g avahi -d /etc/avahi -s /bin/false -c "avahi daemon" avahi
-	/usr/bin/passwd -l avahi
-fi
+getent group avahi > /dev/null 2>&1 || groupadd avahi
+getent passwd avahi > /dev/null 2>&1 || useradd -c 'avahi system user' -g avahi -d /var/run/avahi -s /bin/false avahi
+passwd -l avahi > /dev/null


More information about the crux-commits mailing list