[gentoo-commits] repo/gentoo:master commit in: www-apps/radicale/

["Thomas Deutschmann" <whissi@gentoo.org>]

commit:     c160095c4aa3aa9b3f7bd355ec8140ec14a956a6
Author:     Henning Schild <henning <AT> hennsch <DOT> de>
AuthorDate: Fri Mar  8 09:11:32 2019 +0000
Commit:     Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Mar  9 21:22:58 2019 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c160095c

www-apps/radicale: fix file permissions for state directory

The "diropts" was not effective and the folder might have been created
with incorrect owner and permissions. As a result anyone might be able
to browse the state directory and read contacts/calendars.

Move to using fowners/fperms. Introduce a warning to tell users how to
fix it. Users that changed permissions on purpose can ignore the warning.

Signed-off-by: Henning Schild <henning <AT> hennsch.de>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>

 www-apps/radicale/radicale-2.1.11-r1.ebuild | 94 +++++++++++++++++++++++++++++
 1 file changed, 94 insertions(+)

diff --git a/www-apps/radicale/radicale-2.1.11-r1.ebuild b/www-apps/radicale/radicale-2.1.11-r1.ebuild
new file mode 100644
index 00000000000..e95f957a111
--- /dev/null
+++ b/www-apps/radicale/radicale-2.1.11-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6} )
+
+inherit distutils-r1 eutils user
+
+MY_PN="Radicale"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="A simple CalDAV calendar server"
+HOMEPAGE="https://radicale.org/"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+bcrypt"
+
+RDEPEND="sys-apps/util-linux
+	>=dev-python/vobject-0.9.6[${PYTHON_USEDEP}]
+	>=dev-python/python-dateutil-2.7.3[${PYTHON_USEDEP}]
+	bcrypt? ( dev-python/passlib[bcrypt,${PYTHON_USEDEP}] )"
+
+S=${WORKDIR}/${MY_P}
+
+RDIR=/var/lib/${PN}
+
+pkg_pretend() {
+	if [[ -f ${RDIR}/.props && ${MERGE_TYPE} != buildonly ]]; then
+		eerror "It looks like you have a version 1 database in ${RDIR}."
+		eerror "You must convert this database to version 2 format before upgrading."
+		eerror "You may want to back up the old database before migrating."
+		eerror
+		eerror "If you have kept the Gentoo-default database configuration, this will work:"
+		eerror "1. Stop any running instance of Radicale."
+		eerror "2. Run \`radicale --export-storage ~/radicale-exported\`."
+		eerror "3. Run \`chown -R radicale: ~/radicale-exported\`"
+		eerror "4. Run \`mv \"${RDIR}\" \"${RDIR}.old\"\`."
+		eerror "5. Install Radicale version 2."
+		eerror "6. Run \`mv ~/radicale-exported \"${RDIR}/collections\"\`."
+		eerror
+		eerror "For more details, or if you are have a more complex configuration,"
+		eerror "please see the migration guide: https://radicale.org/1to2/"
+		eerror "If you do a custom migration, please ensure the database is cleaned out of"
+		eerror "${RDIR}, including the hidden .props file."
+		die
+	fi
+}
+
+pkg_setup() {
+	enewgroup ${PN}
+	enewuser ${PN} -1 -1 ${RDIR} ${PN}
+}
+
+python_install_all() {
+	rm README* || die
+
+	# init file
+	newinitd "${FILESDIR}"/radicale-r1.init.d radicale
+
+	# directories
+	keepdir ${RDIR}
+	fowners ${PN}:${PN} ${RDIR}
+	fperms 0750 ${RDIR}
+
+	# config file
+	insinto /etc/${PN}
+	doins config logging
+
+	# fcgi and wsgi files
+	exeinto /usr/share/${PN}
+	doexe radicale.fcgi radicale.wsgi
+
+	distutils-r1_python_install_all
+}
+
+pkg_postinst() {
+	local _erdir="${EROOT%/}${RDIR}"
+
+	einfo "A sample WSGI script has been put into ${EROOT%/}/usr/share/${PN}."
+	einfo "You will also find there an example FastCGI script."
+	if [[ $(stat --format="%U:%G:%a" "${_erdir}") != "${PN}:${PN}:750" ]]
+	then
+		ewarn "Unsafe file permissions detected on ${_erdir}. This probably comes"
+		ewarn "from an earlier version of this ebuild."
+		ewarn "To fix run:"
+		ewarn "  \`chown -R ${PN}:${PN} ${_erdir}\`"
+		ewarn "  \`chmod 0750 ${_erdir}\`"
+		ewarn "  \`chmod -R o= ${_erdir}\`"
+	fi
+}