From e72ad6a9f947366507caec228970806dc2ac2efe Mon Sep 17 00:00:00 2001 From: tron Date: Sat, 16 Feb 2013 15:10:46 +0000 Subject: Security and usablity enhancements of the "gmediaserver" package: 1.) Run the daemon as an unprivileged user. 2.) Add support for a configuration file which can be used to specify the shared directories and extra options. 3.) Re-write the startup script to work on platforms other than NetBSD. --- multimedia/gmediaserver/Makefile | 30 +++++++++- multimedia/gmediaserver/PLIST | 3 +- multimedia/gmediaserver/files/gmediaserver.conf | 15 +++++ multimedia/gmediaserver/files/gmediaserver.sh | 73 ++++++++++++++++++++++--- 4 files changed, 110 insertions(+), 11 deletions(-) create mode 100644 multimedia/gmediaserver/files/gmediaserver.conf (limited to 'multimedia') diff --git a/multimedia/gmediaserver/Makefile b/multimedia/gmediaserver/Makefile index 3b7b4eac8f8..45c71e0f5ca 100644 --- a/multimedia/gmediaserver/Makefile +++ b/multimedia/gmediaserver/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.7 2012/10/08 09:21:01 asau Exp $ +# $NetBSD: Makefile,v 1.8 2013/02/16 15:10:46 tron Exp $ DISTNAME= gmediaserver-0.13.0 -PKGREVISION= 4 +PKGREVISION= 5 CATEGORIES= multimedia net MASTER_SITES= http://download.savannah.gnu.org/releases/gmediaserver/ @@ -18,8 +18,34 @@ USE_PKGLOCALEDIR= yes CONFIGURE_ARGS+= --with-id3lib=${BUILDLINK_PREFIX.id3lib} CONFIGURE_ARGS+= --with-libupnp=${BUILDLINK_PREFIX.libupnp} +EGDIR= share/examples/gmediaserver +CFGNAME= gmediaserver.conf +CFGFILE= ${PKG_SYSCONFDIR}/${CFGNAME} + +CONF_FILES= ${PREFIX}/${EGDIR}/${CFGNAME} ${CFGFILE} +INSTALLATION_DIRS+= ${EGDIR} +OWN_DIRS_PERMS+= ${VARBASE}/gmediaserver ${GMEDIA_USER} \ + ${GMEDIA_GROUP} 750 RCD_SCRIPTS= gmediaserver +GMEDIA_USER?= gmedia +GMEDIA_GROUP?= gmedia + +PKG_GROUPS_VARS+= GMEDIA_GROUP +PKG_USERS_VARS+= GMEDIA_USER + +PKG_GROUPS= ${GMEDIA_GROUP} +PKG_USERS= ${GMEDIA_USER}:${GMEDIA_GROUP} +PKG_GECOS.${GMEDIA_USER}= GMediaServer pseudo-user +PKG_SHELL.${GMEDIA_USER}= ${SH} + +BUILD_DEFS+= VARBASE +FILES_SUBST+= CFGFILE=${CFGFILE:Q} +FILES_SUBST+= GMEDIA_GROUP=${GMEDIA_GROUP:Q} GMEDIA_USER=${GMEDIA_USER:Q} + +post-install: + ${INSTALL_DATA} ${FILESDIR}/${CFGNAME} ${DESTDIR}${PREFIX}/${EGDIR} + .include "../../audio/id3lib/buildlink3.mk" .include "../../audio/taglib/buildlink3.mk" .include "../../converters/libiconv/buildlink3.mk" diff --git a/multimedia/gmediaserver/PLIST b/multimedia/gmediaserver/PLIST index 5ea62df6cc0..9162494c010 100644 --- a/multimedia/gmediaserver/PLIST +++ b/multimedia/gmediaserver/PLIST @@ -1,6 +1,7 @@ -@comment $NetBSD: PLIST,v 1.1.1.1 2010/05/20 04:27:33 obache Exp $ +@comment $NetBSD: PLIST,v 1.2 2013/02/16 15:10:46 tron Exp $ bin/gmediaserver info/gmediaserver.info man/man1/gmediaserver.1 +share/examples/gmediaserver/gmediaserver.conf share/examples/rc.d/gmediaserver share/locale/sv/LC_MESSAGES/gmediaserver.mo diff --git a/multimedia/gmediaserver/files/gmediaserver.conf b/multimedia/gmediaserver/files/gmediaserver.conf new file mode 100644 index 00000000000..7d05c47ff5f --- /dev/null +++ b/multimedia/gmediaserver/files/gmediaserver.conf @@ -0,0 +1,15 @@ +# $NetBSD: gmediaserver.conf,v 1.1 2013/02/16 15:10:46 tron Exp $ +# +# Configuration file for GMediaServer +# + +# +# Extra options which should be passed to GMediaServer. Please see +# "man 1 gmediaserver" for a full list of options +# +#options="-i wm0 --profile=ps3" + +# +# The list of directories with files that should be made available. +# +#directories="/video" diff --git a/multimedia/gmediaserver/files/gmediaserver.sh b/multimedia/gmediaserver/files/gmediaserver.sh index b89230507e8..9b9a86565b0 100644 --- a/multimedia/gmediaserver/files/gmediaserver.sh +++ b/multimedia/gmediaserver/files/gmediaserver.sh @@ -1,6 +1,6 @@ #!@RCD_SCRIPTS_SHELL@ # -# $NetBSD: gmediaserver.sh,v 1.1.1.1 2010/05/20 04:27:33 obache Exp $ +# $NetBSD: gmediaserver.sh,v 1.2 2013/02/16 15:10:46 tron Exp $ # # PROVIDE: gmediaserver # REQUIRE: DAEMON @@ -8,12 +8,69 @@ . /etc/rc.subr name="gmediaserver" -rcvar=${name} +rcvar="${name}" command="@PREFIX@/bin/${name}" -pidfile="@VARBASE@/run/${name}.pid" -command_args="-b --pid-file=${pidfile}" -exra_commands="reload" -sig_reload=-USER1 +pidfile="@VARBASE@/gmediaserver/${name}.pid" +command_flags="-b --pid-file=${pidfile} -o @VARBASE@/${name}/${name}.log" +required_files="@CFGFILE@" +start_cmd="gmediaserver_start" +extra_commands="rescan" +rescan_cmd="gmediaserver_rescan" -load_rc_config ${name} -run_rc_command "$1" +gmediaserver_start() +{ + directories=/nonexistent + options= + if [ -f "@CFGFILE@" ]; then + . "@CFGFILE@" + fi + @ECHO@ "Starting ${name}." + @SU@ @GMEDIA_USER@ -c "$command" $command_flags $options $directories +} + +gmediaserver_rescan() +{ + if [ -f "${pidfile}" ] ; then + @ECHO@ "Signalling ${name} to rescan directories." + kill -USR1 `@CAT@ "${pidfile}"` + fi +} + +if [ -f /etc/rc.subr -a -f /etc/rc.conf -a -f /etc/rc.d/DAEMON ]; then + load_rc_config ${name} + run_rc_command "$1" +else + if [ -f /etc/rc.conf ]; then + . /etc/rc.conf + fi + case $1 in + start) + gmediaserver_start + ;; + + stop) + if [ -f "${pidfile}" ] ; then + @ECHO@ "Stopping ${name}." + kill `@CAT@ "${pidfile}"` + else + @ECHO@ "${name} not running?" + exit 1 + fi + ;; + + restart) + "$0" stop + exec "$0" start + ;; + + rescan) + gmediaserver_rescan + ;; + + *) + @ECHO@ "Usage: $0 {start|stop|restart|rescan}" 1>&2 + exit 64 + ;; + + esac +fi -- cgit v1.2.3