[gentoo-commits] repo/gentoo:master commit in: net-irc/quassel/files/

[Michael Orlitzky]

commit:     dcb995f7f08b66528487fe4e0a16a16bda502572
Author:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
AuthorDate: Tue Jul 18 23:07:19 2017 +0000
Commit:     Michael Orlitzky <mjo <AT> gentoo <DOT> org>
CommitDate: Tue Jul 18 23:09:38 2017 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dcb995f7

net-irc/quassel: new init script revision to prevent privilege escalation.

This commits adds two new files,

 * quasselcore.init-r1
 * quasselcore.conf-r1

that are as yet unused. The init script has been entirely rewritten to
use modern features of OpenRC, and uses the default start/stop
implementations, so it is greatly simplified.

To avoid the "chown" problem in bug 603414, the new init script and
conf file do not allow changing the quassel user on the fly. Instead,
the "quassel" user created by the ebuild is used unconditionally. As a
result, there is no need to fix permissions when the daemon is
started, and thus no need to change ownership of anything. A further
permissions-related simplification logs to syslog instead of a file by
default. Since the daemon runs as a restricted user, that avoids
another set of permissions (on the log file) that would need to be
mangled.

Gentoo-Bug: 423145
Gentoo-Bug: 603414

Package-Manager: Portage-2.3.6, Repoman-2.3.1

 net-irc/quassel/files/quasselcore.conf-r1 | 11 +++++++++++
 net-irc/quassel/files/quasselcore.init-r1 | 22 ++++++++++++++++++++++
 2 files changed, 33 insertions(+)

diff --git a/net-irc/quassel/files/quasselcore.conf-r1 
b/net-irc/quassel/files/quasselcore.conf-r1
new file mode 100644
index 00000000000..29e14467a8f
--- /dev/null
+++ b/net-irc/quassel/files/quasselcore.conf-r1
@@ -0,0 +1,11 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Loglevel Debug|Info|Warning|Error. Default is: Info
+#LOGLEVEL="Info"
+
+# The address(es) quasselcore will listen on. Default is 0.0.0.0
+#LISTEN="0.0.0.0"
+
+# The port quasselcore will listen at. Default is: 4242
+#PORT="4242"

diff --git a/net-irc/quassel/files/quasselcore.init-r1 
b/net-irc/quassel/files/quasselcore.init-r1
new file mode 100644
index 00000000000..5976235aafa
--- /dev/null
+++ b/net-irc/quassel/files/quasselcore.init-r1
@@ -0,0 +1,22 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+       after logger postgres
+}
+
+LISTEN=${LISTEN:-"0.0.0.0"}
+LOGLEVEL=${LOGLEVEL:-"Info"}
+PORT=${PORT:="4242"}
+
+command="/usr/bin/quasselcore"
+command_args="--configdir=/var/lib/quassel
+       --listen=${LISTEN}
+       --loglevel=${LOGLEVEL}
+       --port=${PORT}
+       --syslog"
+command_background="yes"
+command_user="quassel"
+description="Quassel Core"
+pidfile="/run/quassel.pid"