Re: audio/shairport-sync: save config permissions, clearer sndio(7) instructions
On Mon, Jan 22, 2024 at 01:53:40AM +, Klemens Nanni wrote:
| > Paul mentioned shairpoint-sync's instructions as reply to spotifyd,
| > where I went with less repitition and more precise instructions.
I did, and then I wanted to look into this but basically was too busy
with other things .. sorry Klemens.
| ===
| RCS file: /cvs/ports/audio/shairport-sync/pkg/README,v
| diff -u -p -r1.2 README
| --- pkg/README1 May 2022 14:00:13 - 1.2
| +++ pkg/README22 Jan 2024 01:41:44 -
| @@ -8,16 +8,7 @@ boot time, the rc.conf.local(8) pkg_scri
| rcctl enable messagebus avahi_daemon shairport_sync
| rcctl order messagebus avahi_daemon shairport_sync
|
| -sndiod(8) concurrent access by shairport-sync(1) and other users
| -
| +Follow sndio(7) Authentication if both dedicated and your own user shall be
| +able to play audio at the same time, e.g. on a desktop system:
|
| -sndiod(8) normally only allows access to audio by a single system user
| -at a time. This is done by generating a random authentication token and
| -storing it in $HOME/.sndio/cookie when a user first accesses audio,
| -providing a limited capability to share with other users by copying
| -the token to their home directory. See AUTHENTICATION in sndio(7) for
| -more details.
| -
| -If you want to share sndiod(8) access with shairport-sync(1) running as
| -the default _shairport user, you may copy .sndio/cookie from your user's
| -home directory to /var/spool/shairport/.sndio/cookie.
| +install -D -p -o _shairport -m 0600 ~/.sndio/cookie
${HOME_DIR}/.sndio/cookie
I like this change. Don't have much skin in the game (not the port's
maintainer, and I've got things working on my system already) but I
think this makes more sense.
Paul
--
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
http://www.weirdnet.nl/
Re: audio/shairport-sync: save config permissions, clearer sndio(7) instructions
On Fri, Jan 19, 2024 at 01:08:37AM +, Klemens Nanni wrote:
> Config may contain passwords, but is world-readable.
> I'd say /etc/ files are usually root-owned as well:
>
> -rw-r--r-- 1 _shairport _shairport 23340 Jan 19 01:24
> /etc/shairport-sync.conf
>
> Fix it in PLIST; daemon user's home ownership/permissions stay the same:
>
> -rw-r- 1 root_shairport 23340 Jan 19 01:53
> /etc/shairport-sync.conf
> drwxr-xr-x 3 _shairport _shairport512 Jan 19 01:56
> /var/spool/shairport-sync/
>
>
> Paul mentioned shairpoint-sync's instructions as reply to spotifyd,
> where I went with less repitition and more precise instructions.
>
> I suggest syncing with that so copy/paste after install just works.
> Playback on amd64 from an iPhone works for me without further config.
>
> (Pausing on the remote device crashes the daemon, but that's not news
> and we're due updating our port, anyways.)
>
> Feedback? OK?
Rebased after the pause crash fix went in.
Index: Makefile
===
RCS file: /cvs/ports/audio/shairport-sync/Makefile,v
diff -u -p -r1.4 Makefile
--- Makefile22 Jan 2024 01:40:28 - 1.4
+++ Makefile22 Jan 2024 01:41:44 -
@@ -3,7 +3,7 @@ COMMENT = AirPlay audio player
GH_ACCOUNT = mikebrady
GH_PROJECT = shairport-sync
GH_TAGNAME = 3.3.9
-REVISION = 2
+REVISION = 3
SITES.fix =https://github.com/mikebrady/shairport-sync/commit/
# "avoid recursive mutex acquisition in sndio backend" to fix crash on pause
@@ -35,6 +35,9 @@ CONFIGURE_ARGS += --with-ssl=openssl \
--with-sndio \
--with-os=openbsd
FAKE_FLAGS = sysconfdir=${PREFIX}/share/examples/shairport-sync
+
+HOME_DIR = ${LOCALSTATEDIR}/spool/${PKGSTEM}
+SUBST_VARS = HOME_DIR
post-install:
mv ${PREFIX}/man/man7/shairport-sync.7 \
Index: pkg/PLIST
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/PLIST,v
diff -u -p -r1.2 PLIST
--- pkg/PLIST 1 May 2022 14:00:13 - 1.2
+++ pkg/PLIST 22 Jan 2024 01:41:44 -
@@ -1,12 +1,17 @@
@newgroup _shairport:876
-@newuser _shairport:876:876::Shairport-sync
Account:/var/spool/shairport-sync:/sbin/nologin
+@newuser _shairport:876:876::Shairport-sync Account:${HOME_DIR}:/sbin/nologin
@rcscript ${RCDIR}/shairport_sync
+@owner _shairport
+@group _shairport
+@sample ${HOME_DIR}/
+@extraunexec rm -rf ${HOME_DIR}
+@owner
+@group
@bin bin/shairport-sync
@man man/man1/shairport-sync.1
share/doc/pkg-readmes/${PKGSTEM}
share/examples/shairport-sync/
share/examples/shairport-sync/shairport-sync.conf
-@owner _shairport
+@mode 0640
@group _shairport
@sample ${SYSCONFDIR}/shairport-sync.conf
-@sample /var/spool/shairport-sync/
Index: pkg/README
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/README,v
diff -u -p -r1.2 README
--- pkg/README 1 May 2022 14:00:13 - 1.2
+++ pkg/README 22 Jan 2024 01:41:44 -
@@ -8,16 +8,7 @@ boot time, the rc.conf.local(8) pkg_scri
rcctl enable messagebus avahi_daemon shairport_sync
rcctl order messagebus avahi_daemon shairport_sync
-sndiod(8) concurrent access by shairport-sync(1) and other users
-
+Follow sndio(7) Authentication if both dedicated and your own user shall be
+able to play audio at the same time, e.g. on a desktop system:
-sndiod(8) normally only allows access to audio by a single system user
-at a time. This is done by generating a random authentication token and
-storing it in $HOME/.sndio/cookie when a user first accesses audio,
-providing a limited capability to share with other users by copying
-the token to their home directory. See AUTHENTICATION in sndio(7) for
-more details.
-
-If you want to share sndiod(8) access with shairport-sync(1) running as
-the default _shairport user, you may copy .sndio/cookie from your user's
-home directory to /var/spool/shairport/.sndio/cookie.
+install -D -p -o _shairport -m 0600 ~/.sndio/cookie
${HOME_DIR}/.sndio/cookie
Index: pkg/shairport_sync.rc
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/shairport_sync.rc,v
diff -u -p -r1.1.1.1 shairport_sync.rc
--- pkg/shairport_sync.rc 27 Apr 2022 02:19:25 - 1.1.1.1
+++ pkg/shairport_sync.rc 22 Jan 2024 01:41:44 -
@@ -6,4 +6,5 @@ daemon_user="_shairport"
. /etc/rc.d/rc.subr
rc_bg=YES
+
rc_cmd $1
audio/shairport-sync: save config permissions, clearer sndio(7) instructions
Config may contain passwords, but is world-readable.
I'd say /etc/ files are usually root-owned as well:
-rw-r--r-- 1 _shairport _shairport 23340 Jan 19 01:24
/etc/shairport-sync.conf
Fix it in PLIST; daemon user's home ownership/permissions stay the same:
-rw-r- 1 root_shairport 23340 Jan 19 01:53
/etc/shairport-sync.conf
drwxr-xr-x 3 _shairport _shairport512 Jan 19 01:56
/var/spool/shairport-sync/
Paul mentioned shairpoint-sync's instructions as reply to spotifyd,
where I went with less repitition and more precise instructions.
I suggest syncing with that so copy/paste after install just works.
Playback on amd64 from an iPhone works for me without further config.
(Pausing on the remote device crashes the daemon, but that's not news
and we're due updating our port, anyways.)
Feedback? OK?
Index: Makefile
===
RCS file: /cvs/ports/audio/shairport-sync/Makefile,v
diff -u -p -r1.3 Makefile
--- Makefile5 Oct 2022 14:54:23 - 1.3
+++ Makefile19 Jan 2024 00:51:56 -
@@ -3,7 +3,7 @@ COMMENT = AirPlay audio player
GH_ACCOUNT = mikebrady
GH_PROJECT = shairport-sync
GH_TAGNAME = 3.3.9
-REVISION = 1
+REVISION = 2
CATEGORIES = audio
@@ -30,6 +30,9 @@ CONFIGURE_ARGS += --with-ssl=openssl \
--with-sndio \
--with-os=openbsd
FAKE_FLAGS = sysconfdir=${PREFIX}/share/examples/shairport-sync
+
+HOME_DIR = ${LOCALSTATEDIR}/spool/${PKGSTEM}
+SUBST_VARS = HOME_DIR
post-install:
mv ${PREFIX}/man/man7/shairport-sync.7 \
Index: pkg/PLIST
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/PLIST,v
diff -u -p -r1.2 PLIST
--- pkg/PLIST 1 May 2022 14:00:13 - 1.2
+++ pkg/PLIST 19 Jan 2024 00:45:59 -
@@ -1,12 +1,17 @@
@newgroup _shairport:876
-@newuser _shairport:876:876::Shairport-sync
Account:/var/spool/shairport-sync:/sbin/nologin
+@newuser _shairport:876:876::Shairport-sync Account:${HOME_DIR}:/sbin/nologin
@rcscript ${RCDIR}/shairport_sync
+@owner _shairport
+@group _shairport
+@sample ${HOME_DIR}/
+@extraunexec rm -rf ${HOME_DIR}
+@owner
+@group
@bin bin/shairport-sync
@man man/man1/shairport-sync.1
share/doc/pkg-readmes/${PKGSTEM}
share/examples/shairport-sync/
share/examples/shairport-sync/shairport-sync.conf
-@owner _shairport
+@mode 0640
@group _shairport
@sample ${SYSCONFDIR}/shairport-sync.conf
-@sample /var/spool/shairport-sync/
Index: pkg/README
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/README,v
diff -u -p -r1.2 README
--- pkg/README 1 May 2022 14:00:13 - 1.2
+++ pkg/README 19 Jan 2024 00:43:28 -
@@ -8,16 +8,7 @@ boot time, the rc.conf.local(8) pkg_scri
rcctl enable messagebus avahi_daemon shairport_sync
rcctl order messagebus avahi_daemon shairport_sync
-sndiod(8) concurrent access by shairport-sync(1) and other users
-
+Follow sndio(7) Authentication if both dedicated and your own user shall be
+able to play audio at the same time, e.g. on a desktop system:
-sndiod(8) normally only allows access to audio by a single system user
-at a time. This is done by generating a random authentication token and
-storing it in $HOME/.sndio/cookie when a user first accesses audio,
-providing a limited capability to share with other users by copying
-the token to their home directory. See AUTHENTICATION in sndio(7) for
-more details.
-
-If you want to share sndiod(8) access with shairport-sync(1) running as
-the default _shairport user, you may copy .sndio/cookie from your user's
-home directory to /var/spool/shairport/.sndio/cookie.
+install -D -p -o _shairport -m 0600 ~/.sndio/cookie
${HOME_DIR}/.sndio/cookie
Index: pkg/shairport_sync.rc
===
RCS file: /cvs/ports/audio/shairport-sync/pkg/shairport_sync.rc,v
diff -u -p -r1.1.1.1 shairport_sync.rc
--- pkg/shairport_sync.rc 27 Apr 2022 02:19:25 - 1.1.1.1
+++ pkg/shairport_sync.rc 19 Jan 2024 00:40:41 -
@@ -6,4 +6,5 @@ daemon_user="_shairport"
. /etc/rc.d/rc.subr
rc_bg=YES
+
rc_cmd $1
