aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Jirutka <jakub@jirutka.cz>2019-11-09 22:51:43 +0100
committerJakub Jirutka <jakub@jirutka.cz>2019-11-09 22:59:07 +0100
commit9fcc748e66782e79571331fc7c349030fa43781d (patch)
tree4becc1f3dab4e3843d2441463d2d74e8c4b7deef
parent057f53d99c55b6e44b6a6f77973e536d3ce97d57 (diff)
downloadaports-9fcc748e66782e79571331fc7c349030fa43781d.tar.bz2
aports-9fcc748e66782e79571331fc7c349030fa43781d.tar.xz
main/pgpool: run as postgres user, not as root
-rw-r--r--main/pgpool/APKBUILD11
-rw-r--r--main/pgpool/pgpool.initd3
-rw-r--r--main/pgpool/pgpool.pre-install10
3 files changed, 20 insertions, 4 deletions
diff --git a/main/pgpool/APKBUILD b/main/pgpool/APKBUILD
index 36b41666c6..f710b5d5f1 100644
--- a/main/pgpool/APKBUILD
+++ b/main/pgpool/APKBUILD
@@ -9,7 +9,9 @@ url="https://www.pgpool.net/"
arch="all"
license="BSD"
makedepends="postgresql-dev linux-headers"
-install="$pkgname.post-upgrade"
+pkgusers="postgres"
+pkggroups="postgres"
+install="$pkgname.pre-install $pkgname.post-upgrade"
subpackages="$pkgname-openrc $pkgname-doc $pkgname-static $pkgname-dev"
source="$pkgname-$pkgver.tar.gz::https://www.pgpool.net/download.php?f=$_pkgname-$pkgver.tar.gz
$pkgname.initd
@@ -44,10 +46,13 @@ check() {
package() {
make DESTDIR="$pkgdir" install
+ touch "$pkgdir"/etc/$pkgname/pool_passwd
+
install -m755 -D "$srcdir"/$pkgname.initd "$pkgdir"/etc/init.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.confd "$pkgdir"/etc/conf.d/$pkgname
install -m644 -D "$srcdir"/$pkgname.logrotated "$pkgdir"/etc/logrotate.d/$pkgname
- install -d -m755 "$pkgdir"/var/log/$pkgname
+
+ install -d -o "$pkgusers" -g "$pkggroups" -m755 "$pkgdir"/var/log/$pkgname
}
doc() {
@@ -63,7 +68,7 @@ doc() {
}
sha512sums="6e6d5cb40efd5357b5c428dedf71d7a772c23becc397d0ece86134b9d32d4911933d7d92f7e6e5fde8cf37efed74f44c4c9d1ab782994750e8d9e99e24603863 pgpool-4.1.0.tar.gz
-da8739d36cb5e5a28885d6a3a2e21dc47ba8cec218470a622ec7d82cab4137b027ae6c63f01ec3b85636fec8bdbf91525e4d854c4b1d21e74294f8a0730f1711 pgpool.initd
+71b8239b1b29e2c4a8312b300122ced1452bbe60fc7937e80172c7c5e3d6be71e5aee58f6d3d687b0e35df6ccdc27125a12ae9098f7c2d07e76b8103abca3556 pgpool.initd
0e40a681b068ce5c7f03c342c1217b170601a507cacdf120b9a308df65f2065e6085b292a393802d1955079f7ec434a412e6d871f688ad83bc33fa34aca37cfe pgpool.confd
c9aa2ea9484ed29cb57cdff4004fa9dd4780d73c69db3378effb2e0ecd3ae178771c6a847a28e1a9cc6492ada4321584afb92c9b592119fb11898b42191f22b1 pgpool.logrotated
37e8314f2dab6889c35edb679906db3997c4d5eba704a7337ff82926d400f2ab780103b6a162b1effa74c0d7f8d6655b62cddd2017d3ea7a5de5f370871ab088 musl-compat.patch
diff --git a/main/pgpool/pgpool.initd b/main/pgpool/pgpool.initd
index 1881a1a593..effd4a75f2 100644
--- a/main/pgpool/pgpool.initd
+++ b/main/pgpool/pgpool.initd
@@ -1,5 +1,6 @@
#!/sbin/openrc-run
+: ${command_user:="postgres:postgres"}
: ${config_file:="/etc/pgpool/pgpool.conf"}
: ${hba_file:="/etc/pgpool/pool_hba.conf"}
: ${key_file:="/etc/pgpool/pool_key"}
@@ -30,5 +31,5 @@ depend() {
start_pre() {
# pgpool creates /run/pgpool/pgpool.pid file even with --dont-detach. >_<
- checkpath -d -m 0755 /run/pgpool
+ checkpath -d -m 0750 -o "$command_user" /run/pgpool
}
diff --git a/main/pgpool/pgpool.pre-install b/main/pgpool/pgpool.pre-install
new file mode 100644
index 0000000000..dd34706224
--- /dev/null
+++ b/main/pgpool/pgpool.pre-install
@@ -0,0 +1,10 @@
+#!/bin/sh
+
+# Fixed GID/UID values as this users was previously included in the
+# default /etc/passwd as shipped by main/alpine-baselayout.
+
+addgroup -g 70 -S postgres 2>/dev/null
+adduser -u 70 -S -D -H -h /var/lib/postgresql -g "Postgres user" \
+ -s /bin/sh -G postgres postgres 2>/dev/null
+
+exit 0