aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorsobomax <sobomax@FreeBSD.org>2012-12-12 10:08:33 +0800
committersobomax <sobomax@FreeBSD.org>2012-12-12 10:08:33 +0800
commitd54972a7020d8a69ac6fe2aac5cd783432302ec0 (patch)
tree9cf39a2f03d3cd327f0806a93c4a08ee93aafbb7
parent0c6e90eec0eaaad96fcd70fba7fe8f7dd12d485c (diff)
downloadfreebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.tar.gz
freebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.tar.zst
freebsd-ports-gnome-d54972a7020d8a69ac6fe2aac5cd783432302ec0.zip
Add unprivileged user to run under, so it's more secure.
Reminded by: Olle E. Johansson
-rw-r--r--net/rtpproxy/Makefile4
-rw-r--r--net/rtpproxy/files/patch-freebsd_rtpproxy.in17
-rw-r--r--net/rtpproxy/pkg-install35
3 files changed, 56 insertions, 0 deletions
diff --git a/net/rtpproxy/Makefile b/net/rtpproxy/Makefile
index 1eff737b8214..1c16c3908bac 100644
--- a/net/rtpproxy/Makefile
+++ b/net/rtpproxy/Makefile
@@ -7,6 +7,7 @@
PORTNAME= rtpproxy
PORTVERSION= 1.2.1
+PORTREVISION= 1
CATEGORIES= net
MASTER_SITES= http://www.rtpproxy.org/chrome/site/
@@ -25,6 +26,9 @@ post-build:
${SED} 's|%%PREFIX%%|${PREFIX}|g ; s|%%RC_SUBR%%|/etc/rc.subr|g' \
${WRKSRC}/freebsd/rtpproxy.in > ${WRKDIR}/rtpproxy
+pre-install:
+ @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
+
post-install:
${INSTALL_SCRIPT} ${WRKDIR}/rtpproxy ${PREFIX}/etc/rc.d/rtpproxy
diff --git a/net/rtpproxy/files/patch-freebsd_rtpproxy.in b/net/rtpproxy/files/patch-freebsd_rtpproxy.in
new file mode 100644
index 000000000000..c315780927bf
--- /dev/null
+++ b/net/rtpproxy/files/patch-freebsd_rtpproxy.in
@@ -0,0 +1,17 @@
+
+$FreeBSD$
+
+--- freebsd/rtpproxy.in.orig
++++ freebsd/rtpproxy.in
+@@ -25,7 +25,10 @@
+
+ rtpproxy_enable=${rtpproxy_enable:-"NO"}
+ rtpproxy_laddr=${rtpproxy_laddr:-"0.0.0.0"}
++rtpproxy_usr=${rtpproxy_usr:-"rtpproxy"}
++rtpproxy_grp=${rtpproxy_grp:-"rtpproxy"}
+
+-command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid"
++command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid \
++ -u ${rtpproxy_usr}:${rtpproxy_grp}"
+
+ run_rc_command "${1}"
diff --git a/net/rtpproxy/pkg-install b/net/rtpproxy/pkg-install
new file mode 100644
index 000000000000..58954e7a3963
--- /dev/null
+++ b/net/rtpproxy/pkg-install
@@ -0,0 +1,35 @@
+#!/bin/sh
+# $FreeBSD$
+#
+
+if [ "$2" != "PRE-INSTALL" ]; then
+ exit 0
+fi
+
+RTPPROXY_USER=rtpproxy
+RTPPROXY_GROUP=${RTPPROXY_USER}
+RTPPROXY_UID=222
+RTPPROXY_GID=${RTPPROXY_UID}
+
+if ! pw groupshow "${RTPPROXY_GROUP}" 2>/dev/null 1>&2; then
+ if pw groupadd ${RTPPROXY_GROUP} -g ${RTPPROXY_GID}; then
+ echo "Added group \"${RTPPROXY_GROUP}\"."
+ else
+ echo "Adding group \"${RTPPROXY_GROUP}\" failed..."
+ exit 1
+ fi
+fi
+
+if ! pw usershow "${RTPPROXY_USER}" 2>/dev/null 1>&2; then
+ if pw useradd ${RTPPROXY_USER} -u ${RTPPROXY_UID} -g ${RTPPROXY_GROUP} -h - \
+ -s "/sbin/nologin" -d "/nonexistent" \
+ -c "RTP Proxy"; \
+ then
+ echo "Added user \"${RTPPROXY_USER}\"."
+ else
+ echo "Adding user \"${RTPPROXY_USER}\" failed..."
+ exit 1
+ fi
+fi
+
+exit 0