From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gentoo-commits+bounces-1318588-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by finch.gentoo.org (Postfix) with ESMTPS id 589E0158041
	for <garchives@archives.gentoo.org>; Mon,  6 Sep 2021 12:00:21 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 623D6E07F1;
	Mon,  6 Sep 2021 12:00:19 +0000 (UTC)
Received: from smtp.gentoo.org (woodpecker.gentoo.org [140.211.166.183])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by pigeon.gentoo.org (Postfix) with ESMTPS id 233D9E07F1
	for <gentoo-commits@lists.gentoo.org>; Mon,  6 Sep 2021 12:00:19 +0000 (UTC)
Received: from oystercatcher.gentoo.org (oystercatcher.gentoo.org [148.251.78.52])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.gentoo.org (Postfix) with ESMTPS id CD53233BED9
	for <gentoo-commits@lists.gentoo.org>; Mon,  6 Sep 2021 12:00:17 +0000 (UTC)
Received: from localhost.localdomain (localhost [IPv6:::1])
	by oystercatcher.gentoo.org (Postfix) with ESMTP id 2AFCF96
	for <gentoo-commits@lists.gentoo.org>; Mon,  6 Sep 2021 12:00:16 +0000 (UTC)
From: "Marc Schiffbauer" <mschiff@gentoo.org>
To: gentoo-commits@lists.gentoo.org
Content-Transfer-Encoding: 8bit
Content-type: text/plain; charset=UTF-8
Reply-To: gentoo-dev@lists.gentoo.org, "Marc Schiffbauer" <mschiff@gentoo.org>
Message-ID: <1630929564.cee394d24645d97a6904df90fd0ab960de4367ef.mschiff@gentoo>
Subject: [gentoo-commits] repo/gentoo:master commit in: app-backup/bareos/, app-backup/bareos/files/
X-VCS-Repository: repo/gentoo
X-VCS-Files: app-backup/bareos/bareos-18.2.10-r1.ebuild app-backup/bareos/bareos-18.2.10-r2.ebuild app-backup/bareos/bareos-19.2.10-r1.ebuild app-backup/bareos/bareos-19.2.10-r2.ebuild app-backup/bareos/bareos-20.0.2-r1.ebuild app-backup/bareos/bareos-20.0.2-r2.ebuild app-backup/bareos/files/bareos-dir.initd app-backup/bareos/files/bareos-sd.initd
X-VCS-Directories: app-backup/bareos/files/ app-backup/bareos/
X-VCS-Committer: mschiff
X-VCS-Committer-Name: Marc Schiffbauer
X-VCS-Revision: cee394d24645d97a6904df90fd0ab960de4367ef
X-VCS-Branch: master
Date: Mon,  6 Sep 2021 12:00:16 +0000 (UTC)
Precedence: bulk
List-Post: <mailto:gentoo-commits@lists.gentoo.org>
List-Help: <mailto:gentoo-commits+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-commits+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-commits+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-commits.gentoo.org>
X-BeenThere: gentoo-commits@lists.gentoo.org
X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply
X-Archives-Salt: bd0743c7-e477-43b2-90be-419fa23af575
X-Archives-Hash: 0c709bd5071530bc7e061b3611730391

commit:     cee394d24645d97a6904df90fd0ab960de4367ef
Author:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
AuthorDate: Mon Sep  6 11:58:41 2021 +0000
Commit:     Marc Schiffbauer <mschiff <AT> gentoo <DOT> org>
CommitDate: Mon Sep  6 11:59:24 2021 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cee394d2

app-backup/bareos: add workaround for #631598

Bug: https://bugs.gentoo.org/631598
Package-Manager: Portage-3.0.20, Repoman-3.0.3
Signed-off-by: Marc Schiffbauer <mschiff <AT> gentoo.org>

 ...{bareos-18.2.10-r1.ebuild => bareos-18.2.10-r2.ebuild} |  0
 ...{bareos-19.2.10-r1.ebuild => bareos-19.2.10-r2.ebuild} |  0
 .../{bareos-20.0.2-r1.ebuild => bareos-20.0.2-r2.ebuild}  |  0
 app-backup/bareos/files/bareos-dir.initd                  | 15 ++++++++++++---
 app-backup/bareos/files/bareos-sd.initd                   | 15 ++++++++++++---
 5 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/app-backup/bareos/bareos-18.2.10-r1.ebuild b/app-backup/bareos/bareos-18.2.10-r2.ebuild
similarity index 100%
rename from app-backup/bareos/bareos-18.2.10-r1.ebuild
rename to app-backup/bareos/bareos-18.2.10-r2.ebuild

diff --git a/app-backup/bareos/bareos-19.2.10-r1.ebuild b/app-backup/bareos/bareos-19.2.10-r2.ebuild
similarity index 100%
rename from app-backup/bareos/bareos-19.2.10-r1.ebuild
rename to app-backup/bareos/bareos-19.2.10-r2.ebuild

diff --git a/app-backup/bareos/bareos-20.0.2-r1.ebuild b/app-backup/bareos/bareos-20.0.2-r2.ebuild
similarity index 100%
rename from app-backup/bareos/bareos-20.0.2-r1.ebuild
rename to app-backup/bareos/bareos-20.0.2-r2.ebuild

diff --git a/app-backup/bareos/files/bareos-dir.initd b/app-backup/bareos/files/bareos-dir.initd
index 9f17f212e4a..462ff07843a 100644
--- a/app-backup/bareos/files/bareos-dir.initd
+++ b/app-backup/bareos/files/bareos-dir.initd
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 depend() {
@@ -8,14 +8,23 @@ depend() {
 
 start() {
 	ebegin "Starting bareos director"
-	checkpath -d -m 0750 -o root:bareos /run/bareos
+	# g+w until #631598 is resolved
+	checkpath -d -m 0770 -o root:bareos /run/bareos
 	start-stop-daemon --start --quiet --exec /usr/sbin/bareos-dir \
 		-- ${DIR_OPTIONS}
+	# harden pid file until #631598 is resolved
+	ewaitfile 10 /run/bareos/bareos-dir.9101.pid
+	chown root:bareos /run/bareos/bareos-dir.9101.pid
 	eend $?
 }
 
 stop() {
 	ebegin "Stopping bareos director"
-	start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.*.pid
+	# check pid file until #631598 is resolved
+	if [[ $(stat -c %U /run/bareos/bareos-dir.9101.pid) != "root" ]]; then
+		eerror "SECURITY ALERT: pid file is not root owned anymore?! (see #631598)"
+	else
+		start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-dir.9101.pid
+	fi
 	eend $?
 }

diff --git a/app-backup/bareos/files/bareos-sd.initd b/app-backup/bareos/files/bareos-sd.initd
index 4f7fbcb52bf..97b9ccdc92f 100644
--- a/app-backup/bareos/files/bareos-sd.initd
+++ b/app-backup/bareos/files/bareos-sd.initd
@@ -1,5 +1,5 @@
 #!/sbin/openrc-run
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2021 Gentoo Authors
 # Distributed under the terms of the GNU General Public License v2
 
 depend() {
@@ -8,14 +8,23 @@ depend() {
 
 start() {
 	ebegin "Starting bareos storage daemon"
-	checkpath -d -m 0750 -o root:bareos /run/bareos
+	# g+w until #631598 is resolved
+	checkpath -d -m 0770 -o root:bareos /run/bareos
 	start-stop-daemon --start --quiet --exec /usr/sbin/bareos-sd \
 		-- ${SD_OPTIONS}
+	# harden pid file until #631598 is resolved
+	ewaitfile 10 /run/bareos/bareos-sd.9103.pid
+	chown root:bareos /run/bareos/bareos-sd.9103.pid
 	eend $?
 }
 
 stop() {
 	ebegin "Stopping bareos storage daemon"
-	start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-sd.*.pid 
+	# check pid file until #631598 is resolved
+	if [[ $(stat -c %U /run/bareos/bareos-sd.9103.pid) != "root" ]]; then
+		eerror "SECURITY ALERT: pid file is not root owned anymore?! (see #631598)"
+	else
+		start-stop-daemon --stop --quiet --pidfile /run/bareos/bareos-sd.9103.pid
+	fi
 	eend $?
 }