diff options
Diffstat (limited to 'main/utmps')
| -rw-r--r-- | main/utmps/0001-add-stub-utmp.h.patch | 2 | ||||
| -rw-r--r-- | main/utmps/APKBUILD | 59 | ||||
| -rw-r--r-- | main/utmps/btmpd.initd | 24 | ||||
| -rw-r--r-- | main/utmps/btmpd.logrotate | 6 | ||||
| -rw-r--r-- | main/utmps/setup-utmp | 65 | ||||
| -rw-r--r-- | main/utmps/utmp-init.initd | 21 | ||||
| -rw-r--r-- | main/utmps/utmp-prepare.initd | 25 | ||||
| -rw-r--r-- | main/utmps/utmpd.initd | 21 | ||||
| -rw-r--r-- | main/utmps/utmps.pre-install | 2 | ||||
| -rw-r--r-- | main/utmps/wtmpd.initd | 22 | ||||
| -rw-r--r-- | main/utmps/wtmpd.logrotate | 6 |
11 files changed, 221 insertions, 32 deletions
diff --git a/main/utmps/0001-add-stub-utmp.h.patch b/main/utmps/0001-add-stub-utmp.h.patch index 292df34f3d5..74e6a92468c 100644 --- a/main/utmps/0001-add-stub-utmp.h.patch +++ b/main/utmps/0001-add-stub-utmp.h.patch @@ -23,7 +23,7 @@ index 0000000..ccd0cee + +/* Unused, but some packages require this macro to be present */ +#define UTMP_FILE UTMPX_FILE -+#define WTMP_FILE "/run/utmps/wtmp" ++#define WTMP_FILE "/var/log/wtmp" +#define UTMP_FILENAME UTMP_FILE +#define WTMP_FILENAME WTMP_FILE +#define _PATH_UTMP UTMP_FILE diff --git a/main/utmps/APKBUILD b/main/utmps/APKBUILD index 5fdcd4311bb..a011c9d3a32 100644 --- a/main/utmps/APKBUILD +++ b/main/utmps/APKBUILD @@ -1,20 +1,34 @@ # Contributor: Laurent Bercot <ska-devel@skarnet.org> # Maintainer: Laurent Bercot <ska-devel@skarnet.org> pkgname=utmps -pkgver=0.1.0.0 -pkgrel=0 +# NOTE: If you're upgrading to a new version that fixes some security +# vulnerability, rebuild the following aports: +# - busybox +# - dropbear +# - mingetty +# - openssh +# - util-linux +pkgver=0.1.2.2 +pkgrel=1 pkgdesc="A secure utmp/wtmp implementation" -url="https://skarnet.org/software/$pkgname/" +url=https://skarnet.org/software/utmps/ arch="all" options="!check" # No test suite license="ISC" -depends="s6-ipcserver" -makedepends="skalibs-dev>=2.10.0.0" -subpackages="$pkgname-static $pkgname-dev $pkgname-doc $pkgname-openrc" -source="https://skarnet.org/software/$pkgname/$pkgname-$pkgver.tar.gz +depends="s6-ipcserver>=2.12" +depends_static="skalibs-static" +makedepends="skalibs-dev>=2.14" +subpackages="$pkgname-static $pkgname-libs $pkgname-dev $pkgname-doc $pkgname-openrc" +source="https://skarnet.org/software/utmps/utmps-$pkgver.tar.gz + utmp-prepare.initd utmpd.initd wtmpd.initd + btmpd.initd + utmp-init.initd + setup-utmp utmps.pc + wtmpd.logrotate + btmpd.logrotate 0001-add-stub-utmp.h.patch" install="utmps.pre-install" @@ -30,21 +44,38 @@ build() { --disable-allstatic \ --libdir=/usr/lib \ --libexecdir="/lib/$pkgname" \ + --with-lib=/usr/lib \ --with-dynlib=/lib make } package() { make DESTDIR="$pkgdir" install - install -D "$srcdir/utmpd.initd" "$pkgdir/etc/init.d/utmpd" - install -D "$srcdir/wtmpd.initd" "$pkgdir/etc/init.d/wtmpd" - install -D -m 0644 "$srcdir/utmps.pc" "$pkgdir/usr/lib/pkgconfig/utmps.pc" + + install -D -m755 "$srcdir/utmp-prepare.initd" "$pkgdir/etc/init.d/utmp-prepare" + install -D -m755 "$srcdir/utmpd.initd" "$pkgdir/etc/init.d/utmpd" + install -D -m755 "$srcdir/wtmpd.initd" "$pkgdir/etc/init.d/wtmpd" + install -D -m755 "$srcdir/btmpd.initd" "$pkgdir/etc/init.d/btmpd" + install -D -m755 "$srcdir/utmp-init.initd" "$pkgdir/etc/init.d/utmp-init" + install -D -m644 "$srcdir/wtmpd.logrotate" "$pkgdir/etc/logrotate.d/wtmpd" + install -D -m644 "$srcdir/btmpd.logrotate" "$pkgdir/etc/logrotate.d/btmpd" + install -D -m755 "$srcdir/setup-utmp" "$pkgdir/sbin/setup-utmp" + install -D -m644 "$srcdir/utmps.pc" "$pkgdir/usr/lib/pkgconfig/utmps.pc" + mkdir -p "$pkgdir/usr/share/doc" cp -a "$builddir/doc" "$pkgdir/usr/share/doc/$pkgname" } -sha512sums="f8d246897690829fccc6e4a4e1bfbbbacd10d337863dacb6966f62cffc166d61c49db1ac83d51aa023e571a5d62f81cf030fa439eb8e3fe742e427764f18adcf utmps-0.1.0.0.tar.gz -35be6238b7cfad909cfd624ca1e04909a3eca7ebd0f4fc8f4692c0db04a3b9cb2786190dfb9b35aeeaffbbf735a38664bdeaf197e5bcb10547e0392adc86dd14 utmpd.initd -c2059a4758b0e5f556c3022e9da4f99cd383a61395f8a9fb1c963a8abb89ed6bfac9476c9a6cab3cc30333ea8483860d0dd8f1ba45db575b3fb231171bbedb4f wtmpd.initd +sha512sums=" +57a73658ecb947af9dfad7a5e2931660ad1b8fa61d36c803c373e8aba13e9afa8398c1522765f5ea2b5df87d942cea17062faf30f589afa6acc744ff3ae4a409 utmps-0.1.2.2.tar.gz +05d730a7ac770e91617a9db2b250c818f7733a3cbba3e539dbea23efeea71f65b059ec7778648bbedc2a6ac3b7907ac49d786cdadcfb716b29d8e9ce514d0f3a utmp-prepare.initd +c939657b36512ab092c51d45978fda6bb8d206f7295f733ef05c1bbce5ae68ea9bd3979e6c99bf8bf569363764467b85d68d61968a11903395c9561c6c82d59c utmpd.initd +248c60c4f769a311f8167a38473e0de34aa2f73286552bc9344ba46558badcaa0f7d2fee282f31a031df242e474bef1e86e6527a7fd190d76600136bee851182 wtmpd.initd +c1bd4cc6b0ca88e59b6de4ba79e1a108ac717e88b3e7036e04abbeab6ec9593c63006fad8c0e7149d652928a9473fdc2b8417940a6db95f3b6c7070c272eb3db btmpd.initd +d817c43b47893777b88f8e7c20fa6294a096cfa060f22f6355add4202c86c420fe2a8be83982786c05410add5268e5d8e558105ef4105f40b83e0ce00dcc46f1 utmp-init.initd +b6249ae817641b93aaa37842efe4fe6f9055f1fe4581edbc94f037e5d63b01ebd31136fb3cbf563c887ecd8f4764a5a92d351ca6f63e24e8e6bb423a2d5196ff setup-utmp 15347bd95f7e69409fb5849eeca0632d3e7cdd0ad6113ab89d9f6554ebce01996522783f3f4a29877fd0f74607a5367af8483396f70d075315c4f17acc182f5e utmps.pc -40dc8c013ca76fd7e4580d88d399d89409ecf525f69b6660b4bcfbae3c729f1450df333c268fc8422ed934911a3bb992774c6a60b62d06e6d62381db9f761344 0001-add-stub-utmp.h.patch" +5ade986bbed30ea82b8806a3d7a0ab09a7203fb8e4c9b8785e2d549973b33644a51c522cc8891a09d5016d4b47bf848224d10d0b9834a4c77929e68c7b95d293 wtmpd.logrotate +e085ca6d4ad3817dccb7de7f7feafad586ef567b7f81fcb7ffaf1cec75a0bc18a2023cfe0761f125d4a21975e4754d235e9bd54ed2246f9c1f17607fc0cb00de btmpd.logrotate +0512f0daa216919a886e6a8e5a73db1d29acd66d929f38d5df40bd55f0d446402610c59da12688b75c3c1230af9b1929793ed8bfc9b4593851bf496fc0a8d835 0001-add-stub-utmp.h.patch +" diff --git a/main/utmps/btmpd.initd b/main/utmps/btmpd.initd new file mode 100644 index 00000000000..b9acc7296a6 --- /dev/null +++ b/main/utmps/btmpd.initd @@ -0,0 +1,24 @@ +#!/sbin/openrc-run +# Copyright 2020-2021 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +name=btmpd +description="utmps daemon for the btmp service" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.btmpd-socket utmps-wtmpd btmp" +command_user=utmp +command_background=yes +directory=/var/log/btmpd +pidfile=/run/utmps/btmpd.pid + +depend() { + need localmount utmp-prepare + after bootmisc + before networking +} + +start_pre() { + checkpath -d -o utmp:utmp -m 0755 /run/utmps + checkpath -d -o utmp:utmp -m 2755 /var/log/btmpd +} diff --git a/main/utmps/btmpd.logrotate b/main/utmps/btmpd.logrotate new file mode 100644 index 00000000000..b681d90dc62 --- /dev/null +++ b/main/utmps/btmpd.logrotate @@ -0,0 +1,6 @@ +/var/log/btmpd/btmp { + missingok + monthly + create 0644 utmp utmp + rotate 3 +} diff --git a/main/utmps/setup-utmp b/main/utmps/setup-utmp new file mode 100644 index 00000000000..031b1a637fb --- /dev/null +++ b/main/utmps/setup-utmp @@ -0,0 +1,65 @@ +#!/bin/sh -e + +prog="${0##*/}" +y=true + +cleanup () { + if test "$1" -ge 10 ; then + rc-service -i -s utmp-init stop + fi + if test "$1" -ge 9 ; then + rc-service -i -s btmpd stop + fi + if test "$1" -ge 8 ; then + rc-service -i -s wtmpd stop + fi + if test "$1" -ge 7 ; then + rc-service -i -s utmpd stop + fi + if test "$1" -ge 6 ; then + rc-service -i -s utmp-prepare stop + fi + if test "$1" -ge 5 ; then + rc-update delete utmp-init boot || : + fi + if test "$1" -ge 4 ; then + rc-update delete btmpd boot || : + fi + if test "$1" -ge 3 ; then + rc-update delete wtmpd boot || : + fi + if test "$1" -ge 2 ; then + rc-update delete utmpd boot || : + fi + if test "$1" -ge 1 ; then + rc-update delete utmp-prepare boot || : + fi +} + +while getopts 'yn' opt ; do + case "$opt" in + y) y=true ;; + n) y=false ;; + ?) echo "$prog: usage: $prog [ -y | -n ]" 1>&2 ; exit 100 ;; + esac + shift +done + +if $y ; then + rc-update add utmp-prepare boot || { cleanup 0 ; exit 1 ; } + rc-update add utmpd boot || { cleanup 1 ; exit 1 ; } + rc-update add wtmpd boot || { cleanup 2 ; exit 1 ; } + rc-update add btmpd boot || { cleanup 3 ; exit 1 ; } + rc-update add utmp-init boot || { cleanup 4 ; exit 1 ; } + rc-service utmp-prepare start || { cleanup 5 ; exit 1 ; } + rc-service utmpd start || { cleanup 6 ; exit 1 ; } + rc-service wtmpd start || { cleanup 7 ; exit 1 ; } + rc-service btmpd start || { cleanup 8 ; exit 1 ; } + # We don't run utmp-init because it's not boot time. + # : rc-service utmp-init start || { cleanup 9 ; exit 1 ; } + echo "$prog: utmps services are now enabled. Use $prog -n to disable them." 1>&2 + echo "$prog: note that user accounting may not be accurate until the next reboot." 1>&2 +else + cleanup 10 + echo "$prog: utmps services are disabled. Use $prog -y to reenable them." 1>&2 +fi diff --git a/main/utmps/utmp-init.initd b/main/utmps/utmp-init.initd new file mode 100644 index 00000000000..acb4dbe5dfe --- /dev/null +++ b/main/utmps/utmp-init.initd @@ -0,0 +1,21 @@ +#!/sbin/openrc-run +# Copyright 2020-2022 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +description="clearing and initialization of the utmp database" + +depend() { + need utmp-prepare utmpd wtmpd + before networking + after clock +} + +start() { + # Create an empty utmp file + checkpath -F -f -m 0644 -o utmp:utmp /run/utmps/utmp + + # Write the initial records as sysvinit/busybox init would do. + # 20018 = 256 * 'N' + '2'. Don't ask. + utmps-write -t 2000 -uw -l reboot -p 0 -h "$(uname -r)" -- '~~' BOOT_TIME '~' + utmps-write -t 2000 -uw -l runlevel -p 20018 -h "$(uname -r)" -- '~~' RUN_LVL '~' +} diff --git a/main/utmps/utmp-prepare.initd b/main/utmps/utmp-prepare.initd new file mode 100644 index 00000000000..9f61249eaa8 --- /dev/null +++ b/main/utmps/utmp-prepare.initd @@ -0,0 +1,25 @@ +#!/sbin/openrc-run +# Copyright 2020-2022 Laurent Bercot for Alpine Linux +# Distributed under the terms of the ISC License. +# +description="preparation of the utmp databases" + +depend() { + before networking + after clock +} + +start() { + if ! test -L /var/log/utmp || test "$(readlink /var/log/utmp)" != /run/utmps/utmp ; then + rm -f /var/log/utmp + ln -s /run/utmps/utmp /var/log/utmp + fi + if ! test -L /var/log/wtmp || test "$(readlink /var/log/wtmp)" != wtmpd/wtmp ; then + rm -f /var/log/wtmp + ln -s wtmpd/wtmp /var/log/wtmp + fi + if ! test -L /var/log/btmp || test "$(readlink /var/log/btmp)" != btmpd/btmp ; then + rm -f /var/log/btmp + ln -s btmpd/btmp /var/log/btmp + fi +} diff --git a/main/utmps/utmpd.initd b/main/utmps/utmpd.initd index 2d4b43e1691..d04c6b93573 100644 --- a/main/utmps/utmpd.initd +++ b/main/utmps/utmpd.initd @@ -1,18 +1,23 @@ #!/sbin/openrc-run -# Copyright 2020 Laurent Bercot for Alpine Linux +# Copyright 2020-2021 Laurent Bercot for Alpine Linux # Distributed under the terms of the ISC License. # - -name=utmpd +name="utmpd" description="utmps daemon for the utmp service" -command=s6-ipcserver -command_args=".utmpd-socket utmps-utmpd" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.utmpd-socket utmps-utmpd" command_user=utmp -command_background=true +command_background=yes directory=/run/utmps pidfile=/run/utmps/utmpd.pid +depend() { + need utmp-prepare + after bootmisc + before networking +} + start_pre() { - mkdir -p -m 0755 /run/utmps - chown utmp:utmp /run/utmps + checkpath -d -o utmp:utmp -m 0755 /run/utmps } diff --git a/main/utmps/utmps.pre-install b/main/utmps/utmps.pre-install index 10b5b31ff06..fd7b522bcfd 100644 --- a/main/utmps/utmps.pre-install +++ b/main/utmps/utmps.pre-install @@ -1,5 +1,5 @@ #!/bin/sh addgroup -S utmp 2>/dev/null -adduser -S -D -H -s /bin/false -G utmp -g utmp utmp 2>/dev/null +adduser -S -D -H -s /sbin/nologin -G utmp -g utmp utmp 2>/dev/null exit 0 diff --git a/main/utmps/wtmpd.initd b/main/utmps/wtmpd.initd index e317d0e647b..8d3f6245ad9 100644 --- a/main/utmps/wtmpd.initd +++ b/main/utmps/wtmpd.initd @@ -1,18 +1,24 @@ #!/sbin/openrc-run -# Copyright 2020 Laurent Bercot for Alpine Linux +# Copyright 2020-2021 Laurent Bercot for Alpine Linux # Distributed under the terms of the ISC License. # - name=wtmpd description="utmps daemon for the wtmp service" -command=s6-ipcserver -command_args=".wtmpd-socket utmps-wtmpd" + +command=/bin/s6-ipcserver +command_args="/run/utmps/.wtmpd-socket utmps-wtmpd wtmp" command_user=utmp -command_background=true -directory=/run/utmps +command_background=yes +directory=/var/log/wtmpd pidfile=/run/utmps/wtmpd.pid +depend() { + need localmount utmp-prepare + after bootmisc + before networking +} + start_pre() { - mkdir -p -m 0755 /run/utmps - chown utmp:utmp /run/utmps + checkpath -d -o utmp:utmp -m 0755 /run/utmps + checkpath -d -o utmp:utmp -m 2755 /var/log/wtmpd } diff --git a/main/utmps/wtmpd.logrotate b/main/utmps/wtmpd.logrotate new file mode 100644 index 00000000000..bb23536e415 --- /dev/null +++ b/main/utmps/wtmpd.logrotate @@ -0,0 +1,6 @@ +/var/log/wtmpd/wtmp { + missingok + monthly + create 0644 utmp utmp + rotate 3 +} |