diff options
author | jmmv <jmmv> | 2006-02-21 16:09:16 +0000 |
---|---|---|
committer | jmmv <jmmv> | 2006-02-21 16:09:16 +0000 |
commit | baed0b09d7262243c47cf8d647872ad18a8a45f1 (patch) | |
tree | fe9734d3755978c624aead7b26cd97cb62b0e831 | |
parent | da0c2740be11477f1fa7d20892e400ae9e6ebad0 (diff) | |
download | pkgsrc-baed0b09d7262243c47cf8d647872ad18a8a45f1.tar.gz |
Adapt to recent changes in monotone as the current package does not work
appropriately otherwise.
- The server keypair is now stored and read from ${PKG_SYSCONFDIR}/keys
instead of being inside the database.
- Provide and use two files (read-permissions and write-permissions) to
set up netsync's access control.
- During monotone-server-init, run monotone under the unprivileged user
so that it creates files in the correct places (if any).
- Add a note to monotone-server-init to let the user ensure that the
UID and GID are correct. (I always get them wrong otherwise.)
- Make the rc.d script print a "divisory" line in the log file so that
different sections are easy to distinguish.
Bump PKGREVISION to 2.
-rw-r--r-- | devel/monotone-server/Makefile | 19 | ||||
-rw-r--r-- | devel/monotone-server/PLIST | 4 | ||||
-rw-r--r-- | devel/monotone-server/files/hooks.conf | 26 | ||||
-rw-r--r-- | devel/monotone-server/files/monotone-server-init.sh | 38 | ||||
-rw-r--r-- | devel/monotone-server/files/monotone.sh | 13 | ||||
-rw-r--r-- | devel/monotone-server/files/read-permissions | 7 | ||||
-rw-r--r-- | devel/monotone-server/files/write-permissions | 2 |
7 files changed, 72 insertions, 37 deletions
diff --git a/devel/monotone-server/Makefile b/devel/monotone-server/Makefile index 59c55ba2425..84e680cc502 100644 --- a/devel/monotone-server/Makefile +++ b/devel/monotone-server/Makefile @@ -1,8 +1,8 @@ -# $NetBSD: Makefile,v 1.15 2006/02/05 23:08:48 joerg Exp $ +# $NetBSD: Makefile,v 1.16 2006/02/21 16:09:16 jmmv Exp $ # DISTNAME= monotone-server-0.25 -PKGREVISION= 1 +PKGREVISION= 2 CATEGORIES= devel MASTER_SITES= # empty DISTFILES= # empty @@ -21,6 +21,8 @@ WRKSRC= ${WRKDIR} RCD_SCRIPTS= monotone PKG_SYSCONFSUBDIR= monotone-server +OWN_DIRS_PERMS= ${PKG_SYSCONFDIR}/keys \ + ${MONOTONE_USER} ${MONOTONE_GROUP} 700 BUILD_DEFS+= MONOTONE_GROUP MONOTONE_USER @@ -31,6 +33,12 @@ CONF_FILES_PERMS= ${EXAMPLEDIR}/branches.conf \ CONF_FILES_PERMS+= ${EXAMPLEDIR}/hooks.conf \ ${PKG_SYSCONFDIR}/hooks.conf \ ${MONOTONE_USER} ${MONOTONE_GROUP} 600 +CONF_FILES_PERMS+= ${EXAMPLEDIR}/read-permissions \ + ${PKG_SYSCONFDIR}/read-permissions \ + ${MONOTONE_USER} ${MONOTONE_GROUP} 600 +CONF_FILES_PERMS+= ${EXAMPLEDIR}/write-permissions \ + ${PKG_SYSCONFDIR}/write-permissions \ + ${MONOTONE_USER} ${MONOTONE_GROUP} 600 PKG_USERS= ${MONOTONE_USER}:${MONOTONE_GROUP}::Monotone\ dedicated\ server:${VARBASE}/monotone:${SH} PKG_GROUPS= ${MONOTONE_GROUP} @@ -52,7 +60,8 @@ FILES_SUBST+= MONOTONE_USER=${MONOTONE_USER:Q} INSTALLATION_DIRS= sbin do-extract: -.for f in branches.conf hooks.conf monotone-server-init.sh +.for f in branches.conf hooks.conf monotone-server-init.sh read-permissions \ + write-permissions ${CP} ${FILESDIR}/${f} ${WRKSRC} .endfor @@ -62,5 +71,9 @@ do-install: ${INSTALL_DATA_DIR} ${EXAMPLEDIR} ${INSTALL_DATA} ${WRKSRC}/branches.conf ${EXAMPLEDIR}/branches.conf ${INSTALL_DATA} ${WRKSRC}/hooks.conf ${EXAMPLEDIR}/hooks.conf + ${INSTALL_DATA} ${WRKSRC}/read-permissions \ + ${EXAMPLEDIR}/read-permissions + ${INSTALL_DATA} ${WRKSRC}/write-permissions \ + ${EXAMPLEDIR}/write-permissions .include "../../mk/bsd.pkg.mk" diff --git a/devel/monotone-server/PLIST b/devel/monotone-server/PLIST index 66bd20400c9..4418dd476c7 100644 --- a/devel/monotone-server/PLIST +++ b/devel/monotone-server/PLIST @@ -1,6 +1,8 @@ -@comment $NetBSD: PLIST,v 1.2 2005/05/02 20:33:59 reed Exp $ +@comment $NetBSD: PLIST,v 1.3 2006/02/21 16:09:16 jmmv Exp $ sbin/monotone-server-init share/examples/monotone-server/branches.conf share/examples/monotone-server/hooks.conf +share/examples/monotone-server/read-permissions +share/examples/monotone-server/write-permissions share/examples/rc.d/monotone @dirrm share/examples/monotone-server diff --git a/devel/monotone-server/files/hooks.conf b/devel/monotone-server/files/hooks.conf index 47874fd687c..11f0f78047c 100644 --- a/devel/monotone-server/files/hooks.conf +++ b/devel/monotone-server/files/hooks.conf @@ -1,30 +1,12 @@ --- $NetBSD: hooks.conf,v 1.3 2005/08/13 11:19:44 jmmv Exp $ +-- $NetBSD: hooks.conf,v 1.4 2006/02/21 16:09:16 jmmv Exp $ -- -- This file belongs to the monotone-server package. This is the typical -- ~/.monotonerc configuration file, but is system-wide. -- function get_passphrase(identity) --- if (identity == "PUT_KEYNAME_HERE") then --- return "PUT_PASSPHRASE_HERE" --- end - return false -end - -function get_netsync_read_permitted (branch, identity) --- if (branch == "net.example.project1") then --- if (identity == nil) then return true end --- if (identity == "user1@example.org") then return true end --- end --- if (branch == "net.example.project2.subbranch") then --- if (identity == "user1@example.org") then return true end --- if (identity == "user2@example.org") then return true end --- end - return false -end - -function get_netsync_write_permitted (identity) --- if (identity == "user1@example.org") then return true end --- if (identity == "user2@example.org") then return true end + if (identity == "PUT_KEYNAME_HERE") then + return "PUT_PASSPHRASE_HERE" + end return false end diff --git a/devel/monotone-server/files/monotone-server-init.sh b/devel/monotone-server/files/monotone-server-init.sh index 8dd4ed60492..f3433ace9ea 100644 --- a/devel/monotone-server/files/monotone-server-init.sh +++ b/devel/monotone-server/files/monotone-server-init.sh @@ -1,6 +1,6 @@ #!@SH@ # -# $NetBSD: monotone-server-init.sh,v 1.2 2006/02/20 16:54:42 jmmv Exp $ +# $NetBSD: monotone-server-init.sh,v 1.3 2006/02/21 16:09:16 jmmv Exp $ # progname=$(basename $0) @@ -17,6 +17,21 @@ if [ $(id -u) -ne 0 ]; then fi cat <<EOF +The following user and group will be used to run the monotone server +process under a restricted account: + + User name \`${MONOTONE_USER}', UID \``id -u monotone`' + Group name \`${MONOTONE_GROUP}', GID \``id -g monotone`' + +If either the UID or the GID are inappropriate, please abort this +script now, correct them and restart the utility so that all the +files are created with the correct ownerships. + +Press RETURN to continue or CTRL-C to abort. +EOF +read key + +cat <<EOF The monotone package is currently configured to use the ${VARBASE}/monotone directory to hold the public database. You may now change this default path to something else that is @@ -65,7 +80,8 @@ fi cd ${home} echo "Initializing database: \`${home}/monotone.db'" -${MONOTONE} --db=monotone.db db init +su - ${MONOTONE_USER} -c "${MONOTONE} --confdir=${PKG_SYSCONFDIR} \ + --db=monotone.db db init" cat <<EOF @@ -76,9 +92,12 @@ you can forget about it (assuming you have a safe copy). EOF -${MONOTONE} --db=monotone.db genkey ${keyname} -${MONOTONE} --db=monotone.db pubkey ${keyname} >${keyname}-public -${MONOTONE} --db=monotone.db privkey ${keyname} >${keyname}-private +su - ${MONOTONE_USER} -c "${MONOTONE} --confdir=${PKG_SYSCONFDIR} \ + --db=monotone.db genkey ${keyname}" +su - ${MONOTONE_USER} -c "${MONOTONE} --confdir=${PKG_SYSCONFDIR} \ + --db=monotone.db pubkey ${keyname} >${keyname}-public" +su - ${MONOTONE_USER} -c "${MONOTONE} --confdir=${PKG_SYSCONFDIR} \ + --db=monotone.db privkey ${keyname} >${keyname}-private" chown ${MONOTONE_USER}:${MONOTONE_GROUP} monotone.db \ ${keyname}-public ${keyname}-private @@ -90,17 +109,18 @@ cat <<EOF Initialization process finished! -You should now backup the following files and store them in a safe place -in case you need to reconstruct the database from scratch: +You should now backup the following file and store it in a safe place. +It contains the key pair that authenticates your server: - ${home}/${keyname}-public - ${home}/${keyname}-private + ${PKG_SYSCONFDIR}/keys/${keyname} At last, edit the following files to finish the configuration of your new server: ${PKG_SYSCONFDIR}/branches.conf ${PKG_SYSCONFDIR}/hooks.conf + ${PKG_SYSCONFDIR}/read-permissions + ${PKG_SYSCONFDIR}/write-permissions Once finished, use the installed rc.d script (monotone) to start the dedicated server process. diff --git a/devel/monotone-server/files/monotone.sh b/devel/monotone-server/files/monotone.sh index e5cc8bf127a..e875a7015a6 100644 --- a/devel/monotone-server/files/monotone.sh +++ b/devel/monotone-server/files/monotone.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: monotone.sh,v 1.2 2005/12/02 17:56:25 jmmv Exp $ +# $NetBSD: monotone.sh,v 1.3 2006/02/21 16:09:16 jmmv Exp $ # # PROVIDE: monotone # REQUIRE: DAEMON @@ -23,13 +23,22 @@ name="monotone" rcvar=${name} command="@PREFIX@/bin/monotone" command_args="--norc \ - --rcfile=@PKG_SYSCONFDIR@/hooks.conf \ + --confdir=@PKG_SYSCONFDIR@ \ --db=${monotone_home}/monotone.db \ + --rcfile=@PKG_SYSCONFDIR@/hooks.conf \ serve ${monotone_branches} \ >>${monotone_home}/monotone.log 2>&1 &" +required_dirs="@PKG_SYSCONFDIR@/keys" required_files="@PKG_SYSCONFDIR@/branches.conf \ @PKG_SYSCONFDIR@/hooks.conf \ + @PKG_SYSCONFDIR@/read-permissions \ + @PKG_SYSCONFDIR@/write-permissions \ ${monotone_home}/monotone.db" +start_precmd="monotone_start_precmd" + +monotone_start_precmd() { + echo "=> Session started at `date`" >>${monotone_home}/monotone.log +} load_rc_config $name run_rc_command "$1" diff --git a/devel/monotone-server/files/read-permissions b/devel/monotone-server/files/read-permissions new file mode 100644 index 00000000000..d08200aa005 --- /dev/null +++ b/devel/monotone-server/files/read-permissions @@ -0,0 +1,7 @@ +pattern "net.example.project.{private,security}*" +allow "joe@example.net" +allow "jim@example.net" + +comment "everyone can read these branches" +pattern "net.example.{public,project}*" +allow "*" diff --git a/devel/monotone-server/files/write-permissions b/devel/monotone-server/files/write-permissions new file mode 100644 index 00000000000..1b138c7fc6c --- /dev/null +++ b/devel/monotone-server/files/write-permissions @@ -0,0 +1,2 @@ +joe@example.net +jim@example.net |