[CVS] OpenPKG: openpkg-src/bind/ bind.spec rc.bind

Tue, 04 May 2004 08:45:42 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Ralf S. Engelschall
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-src                      Date:   04-May-2004 17:45:42
  Branch: HEAD                             Handle: 2004050416454200

  Modified files:
    openpkg-src/bind        bind.spec rc.bind

  Log:
    revamp run-time and filesystem user/group setup: BIND now runs under
    the restricted user/group id (instead of root) for increased security

  Summary:
    Revision    Changes     Path
    1.88        +5  -7      openpkg-src/bind/bind.spec
    1.19        +2  -4      openpkg-src/bind/rc.bind
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-src/bind/bind.spec
  ============================================================================
  $ cvs diff -u -r1.87 -r1.88 bind.spec
  --- openpkg-src/bind/bind.spec        4 May 2004 14:47:55 -0000       1.87
  +++ openpkg-src/bind/bind.spec        4 May 2004 15:45:42 -0000       1.88
  @@ -254,12 +254,9 @@
       #   determine the installed files
       %{l_rpmtool} files -v -ofiles -r$RPM_BUILD_ROOT \
           %{l_files_std} \
  -        '%config %attr(600,%{l_susr},%{l_sgrp}) %{l_prefix}/etc/bind/*.conf' \
  -        '%config %attr(600,%{l_susr},%{l_sgrp}) %{l_prefix}/etc/bind/named.db/*' \
  -        '%config %attr(700,%{l_susr},%{l_sgrp}) 
%{l_prefix}/etc/bind/named.db/db.root.sh' \
  -        '%dir %attr(700,%{l_susr},%{l_sgrp}) %{l_prefix}/etc/bind' \
  -        '%dir %attr(700,%{l_susr},%{l_sgrp}) %{l_prefix}/etc/bind/named.db' \
  -        '%dir %attr(-,%{l_susr},%{l_mgrp}) %{l_prefix}/var/bind'
  +        '%config %attr(640,%{l_musr},%{l_rgrp}) %{l_prefix}/etc/bind/*.conf' \
  +        '%config %{l_prefix}/etc/bind/named.db/*' \
  +        '%dir %attr(-,%{l_rusr},%{l_rgrp}) %{l_prefix}/var/bind'
   
   %files -f files
   
  @@ -273,7 +270,8 @@
             echo "Please be patient, this takes a non-deterministic amount of time."
           ) | %{l_rpmtool} msg -b -t notice
           $RPM_INSTALL_PREFIX/sbin/rndc-confgen -a
  -        chown %{l_musr}:%{l_mgrp} $RPM_INSTALL_PREFIX/etc/bind/rndc.key
  +        chown %{l_musr}:%{l_rgrp} $RPM_INSTALL_PREFIX/etc/bind/rndc.key
  +        chmod 640 $RPM_INSTALL_PREFIX/etc/bind/rndc.key
       fi
   
       #   after upgrade, restart service
  @@ .
  patch -p0 <<'@@ .'
  Index: openpkg-src/bind/rc.bind
  ============================================================================
  $ cvs diff -u -r1.18 -r1.19 rc.bind
  --- openpkg-src/bind/rc.bind  22 Jul 2003 13:33:36 -0000      1.18
  +++ openpkg-src/bind/rc.bind  4 May 2004 15:45:42 -0000       1.19
  @@ -24,7 +24,7 @@
   %start -p 100 -u @l_susr@
       rcService bind enable yes || exit 0
       rcService bind active yes && exit 0
  -    @l_prefix@/sbin/named ${bind_flags}
  +    @l_prefix@/sbin/named -u @l_rusr@ ${bind_flags}
   
   %stop -p 100 -u @l_susr@
       rcService bind enable yes || exit 0
  @@ -44,11 +44,9 @@
   
   %daily -u @l_susr@
       rcService bind enable yes || exit 0
  -
  -    #   rotate logfile
       shtool rotate -f \
           -n ${bind_log_numfiles} -s ${bind_log_minsize} -d \
  -        -z ${bind_log_complevel} -m 644 -o @l_susr@ -g @l_mgrp@ \
  +        -z ${bind_log_complevel} -m 644 -o @l_rusr@ -g @l_rgrp@ \
           -P "${bind_log_prolog}" \
           -E "${bind_log_epilog} && rc bind reload" \
           @l_prefix@/var/bind/named.log
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to