This is an automated email from the ASF dual-hosted git repository. vatamane pushed a commit to branch monstermunch in repository https://gitbox.apache.org/repos/asf/couchdb-pkg.git
commit ac7b530a4759aaf44ada904776b651d4ba0aa6f4 Author: Robert Newson <[email protected]> AuthorDate: Thu Feb 24 14:01:36 2022 +0000 Don't allow 'monster' as cookie value in debconf --- README-SNAP.md | 2 +- debian/couchdb.config | 27 +++++++++++++++++++++------ debian/couchdb.postinst | 13 +++++++++++-- debian/couchdb.templates | 11 ++++++++++- 4 files changed, 43 insertions(+), 10 deletions(-) diff --git a/README-SNAP.md b/README-SNAP.md index 0eed800..3ee137c 100644 --- a/README-SNAP.md +++ b/README-SNAP.md @@ -249,7 +249,7 @@ In the very rare case you need to connect to the couchdb server, a remsh script provided. You need to specify both the name of the server and the cookie, even if you are using the default. ```bash -/snap/bin/couchdb.remsh -n couchdb@localhost -c monster +/snap/bin/couchdb.remsh -n couchdb@localhost -c $COOKIE ``` # Building this snap <a name="building"></a> diff --git a/debian/couchdb.config b/debian/couchdb.config index 7eb301d..df9518c 100755 --- a/debian/couchdb.config +++ b/debian/couchdb.config @@ -62,13 +62,29 @@ promptbind() { done } +promptcookie() { + while :; do + RET="" + db_input high couchdb/cookie || true + db_go + db_get couchdb/cookie + if [ -z "$RET" ]; then + db_input critical couchdb/no_cookie + db_fset couchdb/cookie seen false + elif [ "$RET" = "monster" ]; then + db_input critical couchdb/no_cookie_monsters + db_fset couchdb/cookie seen false + else + break + fi + done +} + # if they exist, make current settings debconf's defaults if [ -e /opt/couchdb/etc/vm.args ] ; then cookie="$(grep '^-setcookie' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)" nodename="$(grep '^-name' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)" - if [ "${cookie}" != "monster" ]; then - db_set couchdb/cookie "${cookie}" - fi + db_set couchdb/cookie "${cookie}" if [ "${nodename}" != "[email protected]" ]; then db_set couchdb/nodename "${nodename}" fi @@ -102,7 +118,7 @@ none) ;; standalone) db_fset couchdb/nodename seen false - db_fset couchdb/cookie seen false + promptcookie promptbind w.x.y.z # still prompt for password promptpass @@ -113,8 +129,7 @@ clustered) fi db_input high couchdb/nodename || true db_go - db_input high couchdb/cookie || true - db_go + promptcookie # do not allow binding to loopback in clustered mode promptbind 127.0.0.1 promptpass diff --git a/debian/couchdb.postinst b/debian/couchdb.postinst index 8ee939b..efc4659 100644 --- a/debian/couchdb.postinst +++ b/debian/couchdb.postinst @@ -157,6 +157,17 @@ case $1 in false fi + # Set the cookie + db_get couchdb/cookie && cookie="$RET" + + # change existing setcookie line if present + sed -i "s/^[# ]*-setcookie.*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args + + # add setcookie line if not present + if ! grep -q '^-setcookie' /opt/couchdb/etc/vm.args; then + echo "-setcookie ${cookie}" >> /opt/couchdb/etc/vm.args + fi + # set inet_dist_use_interface default if not present if ! grep -q '^-kernel inet_dist_use_interface' /opt/couchdb/etc/vm.args; then echo "-kernel inet_dist_use_interface '{127,0,0,1}'" >> /opt/couchdb/etc/vm.args @@ -180,10 +191,8 @@ case $1 in ;; clustered) db_get couchdb/nodename && nodename="$RET" - db_get couchdb/cookie && cookie="$RET" sed -i "s/^-name .*$/-name ${nodename}/" /opt/couchdb/etc/vm.args - sed -i "s/^-setcookie .*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args setbindaddress diff --git a/debian/couchdb.templates b/debian/couchdb.templates index 3acdccd..336df16 100644 --- a/debian/couchdb.templates +++ b/debian/couchdb.templates @@ -37,7 +37,6 @@ _Description: CouchDB Erlang node name: Template: couchdb/cookie Type: string -Default: monster _Description: CouchDB Erlang magic cookie: A CouchDB node has an Erlang magic cookie value set at startup. . @@ -104,3 +103,13 @@ _Description: Remove all CouchDB databases? The /var/lib/couchdb directory containing all CouchDB databases will be removed. This will also clear the stored node name for this machine, and remove the couchdb user and group. + +Template: couchdb/no_cookie_monsters +Type: error +_Description: Cookie input error + The Erlang cookie cannot be set to 'monster'. Please try again. + +Template: couchdb/no_cookie +Type: error +_Description: Cookie input error + The Erlang cookie cannot be empty. Please try again.
