[gentoo-commits] repo/gentoo:master commit in: sys-auth/munge/, sys-auth/munge/files/

Wed, 14 Dec 2016 20:44:02 -0800 

commit:     38b6fafecf4a802d0c7d9f6b0a6ddf4c94056220
Author:     Jason A. Donenfeld <zx2c4 <AT> gentoo <DOT> org>
AuthorDate: Thu Dec 15 04:40:30 2016 +0000
Commit:     Jason Donenfeld <zx2c4 <AT> gentoo <DOT> org>
CommitDate: Thu Dec 15 04:42:03 2016 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=38b6fafe

sys-auth/munge: fix lpe, bug 602596

Package-Manager: Portage-2.3.3, Repoman-2.3.1

 sys-auth/munge/files/munged.initd                          | 14 +++++++++-----
 .../{munge-0.5.10-r1.ebuild => munge-0.5.10-r2.ebuild}     |  3 +--
 .../munge/{munge-0.5.11.ebuild => munge-0.5.11-r1.ebuild}  |  1 -
 3 files changed, 10 insertions(+), 8 deletions(-)

diff --git a/sys-auth/munge/files/munged.initd 
b/sys-auth/munge/files/munged.initd
index d1ac230..c53219d 100644
--- a/sys-auth/munge/files/munged.initd
+++ b/sys-auth/munge/files/munged.initd
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2012 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -9,20 +9,24 @@ depend() {
 
 check_key() {
        [ -s "${KEYFILE}" ] && return 0
-       dd if=/dev/urandom bs=1 count=1024 >/etc/munge/munge.key 2>/dev/null || 
return 1
-       chown munge:munge "${KEYFILE}" || return 1
-       chmod 700 "${KEYFILE}" || return 1
+       local old_umask=$(umask)
+       local ret
+       umask 037
+       dd if=/dev/urandom bs=1024 count=1 of="${KEYFILE}" 2>/dev/null; ret=$?
+       umask $old_umask
+       return $ret
 }
 
 start() {
        ebegin "Starting munged"
        if ! check_key; then
-               eerror "Failed to verify/create munge key"
+               eerror "Failed to create munge key"
                eend 1 && exit 1
        fi
        checkpath -d -m 755 -o munge:munge /var/run/munge
        checkpath -d -m 711 -o munge:munge /var/lib/munge
        checkpath -d -m 700 -o munge:munge /var/log/munge
+       checkpath -f -m 640 -o root:munge "${KEYFILE}"
        start-stop-daemon -S /usr/sbin/munged \
                --user munge \
                --group munge \

diff --git a/sys-auth/munge/munge-0.5.10-r1.ebuild 
b/sys-auth/munge/munge-0.5.10-r2.ebuild
similarity index 94%
rename from sys-auth/munge/munge-0.5.10-r1.ebuild
rename to sys-auth/munge/munge-0.5.10-r2.ebuild
index db28eb0..35975e8 100644
--- a/sys-auth/munge/munge-0.5.10-r1.ebuild
+++ b/sys-auth/munge/munge-0.5.10-r2.ebuild
@@ -1,4 +1,4 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2016 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 # $Id$
 
@@ -46,7 +46,6 @@ src_install() {
                rm -rf "${D}"/var/run || die
        fi
 
-       diropts -o munge -g munge -m700
        dodir /etc/munge || die
 
        [ -d "${D}"/etc/init.d ] && rm -r "${D}"/etc/init.d

diff --git a/sys-auth/munge/munge-0.5.11.ebuild 
b/sys-auth/munge/munge-0.5.11-r1.ebuild
similarity index 96%
rename from sys-auth/munge/munge-0.5.11.ebuild
rename to sys-auth/munge/munge-0.5.11-r1.ebuild
index 5ca4865..4736ded 100644
--- a/sys-auth/munge/munge-0.5.11.ebuild
+++ b/sys-auth/munge/munge-0.5.11-r1.ebuild
@@ -51,7 +51,6 @@ src_install() {
                rm -rf "${ED}"/var/run || die
        fi
 
-       [[ ${EUID} = 0 ]] && diropts -o munge -g munge -m700
        dodir /etc/munge
 
        for d in "init.d" "default" "sysconfig"; do

Reply via email to