Date: Wed, 13 Jul 2016 22:24:57 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 211098] mail/postsrsd should not create / install postsrsd.secret for package Message-ID: <bug-211098-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D211098 Bug ID: 211098 Summary: mail/postsrsd should not create / install postsrsd.secret for package Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: 000.fbsd@quip.cz CC: ports@bsdserwis.com CC: ports@bsdserwis.com Flags: maintainer-feedback?(ports@bsdserwis.com) postsrsd.secret is used as secret key and should be different for each inst= all. It is now created in package build time and saved in package.=20 It means everybody installing postsrsd from official FreeBSD package has the same postsrsd.secret key! I think it is better to not create it at build time but in rc script on the first run. Something like this in postsrsd_prepcmd () if [ ! -f ${postsrsd_secret} ] ; then dd if=3D/dev/urandom bs=3D18 count=3D1 2> /dev/null | b64encode 1 | sed= -n '2p' > ${postsrsd_secret} fi --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-211098-13>