| Summary: | mail/postsrsd: Should not create / install postsrsd.secret for package | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Ports & Packages | Reporter: | Miroslav Lachman <000.fbsd> | ||||||
| Component: | Individual Port(s) | Assignee: | Steve Wills <swills> | ||||||
| Status: | Closed FIXED | ||||||||
| Severity: | Affects Many People | CC: | ports, swills | ||||||
| Priority: | --- | Keywords: | needs-qa | ||||||
| Version: | Latest | Flags: | ports:
maintainer-feedback+
koobs: merge-quarterly? |
||||||
| Hardware: | Any | ||||||||
| OS: | Any | ||||||||
| Attachments: |
|
||||||||
Maybe this one is better / simpler / more efficient:
tr -cd "[:alnum:]_" < /dev/urandom | head -c 24 > ${postsrsd_secret}
Created attachment 172531 [details]
create postsrsd.secrete from rc script
Attached is patch changing rc.d/postsrsd to generate postsrsd.secret on the first run (if /usr/local/etc/postsrsd.secret doesn't exist)
Removed postsrsd.secret from plist
And removed set(GENERATE_SRS_SECRET "@GENERATE_SRS_SECRET@") from postinstall.cmake.in
Please test this.
Built fine in my poudrier:
[00:00:19] ====>> [01][00:00:04] Status for build mail/postsrsd: package
[00:00:19] ====>> [01][00:00:04] Finished build of mail/postsrsd: Success
[00:00:19] ====>> Stopping 1 builders
10_3_amd64-default-global-job-01: removed
10_3_amd64-default-global-job-01-n: removed
[00:00:20] ====>> Creating pkgng repository
Creating repository in /tmp/packages: 100%
Packing files for repository: 100%
[00:00:22] ====>> Committing packages to repository
[00:00:22] ====>> Removing old packages
[00:00:22] ====>> Built ports: mail/postsrsd
[10_3_amd64-default-global] [2016-07-14_21h02m50s] [committing:] Queued: 1 Built: 1 Failed: 0 Skipped: 0 Ignored: 0 Tobuild: 0 Time: 00:00:21
Comment on attachment 172531 [details]
create postsrsd.secrete from rc script
My version of rc script doesn't work, I overlooked that variable $postsrsd_secret is modified to value "-s /usr/local/etc/postsrsd.secret"
Created attachment 172549 [details]
newer patch with bigger changes in rc script
I did bigger changes to simplify rc script.
I tested it better than previous patch but please do your test before commit.
Comment on attachment 172549 [details]
newer patch with bigger changes in rc script
Thank you for your work. Now rc script will look much better :-)
OK, I will test it on my servers. Comment on attachment 172549 [details]
newer patch with bigger changes in rc script
OK. I can approve this patch.
A commit references this bug: Author: swills Date: Mon Feb 27 14:52:13 UTC 2017 New revision: 434961 URL: https://svnweb.freebsd.org/changeset/ports/434961 Log: mail/postsrsd: Update to 1.4, avoid secret in pkg Update to 1.4 (1) While here, avoid creating postsrsd.secret in package and improve rc script (2) PR: 211098 (2) PR: 217340 (1) Submitted by: Miroslav Lachman (2) Submitted by: Peter Putzer (1) Approved by: Krzysztof <ports@bsdserwis.com> (maintainer) (1)(2) Changes: head/mail/postsrsd/Makefile head/mail/postsrsd/distinfo head/mail/postsrsd/files/patch-CMakeLists.txt head/mail/postsrsd/files/patch-postinstall.cmake.in head/mail/postsrsd/files/patch-srs2.c head/mail/postsrsd/files/patch-srs2.h head/mail/postsrsd/files/postsrsd.in Committed, thanks! |
postsrsd.secret is used as secret key and should be different for each install. It is now created in package build time and saved in package. It means everybody installing postsrsd from official FreeBSD package has the same postsrsd.secret key! I think it is better to not create it at build time but in rc script on the first run. Something like this in postsrsd_prepcmd () if [ ! -f ${postsrsd_secret} ] ; then dd if=/dev/urandom bs=18 count=1 2> /dev/null | b64encode 1 | sed -n '2p' > ${postsrsd_secret} fi