From owner-svn-ports-all@FreeBSD.ORG  Wed Dec 12 07:19:42 2012
Return-Path: <owner-svn-ports-all@FreeBSD.ORG>
Delivered-To: svn-ports-all@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
 by hub.freebsd.org (Postfix) with ESMTP id D2765C6E;
 Wed, 12 Dec 2012 07:19:42 +0000 (UTC)
 (envelope-from utisoft@gmail.com)
Received: from mail-bk0-f54.google.com (mail-bk0-f54.google.com
 [209.85.214.54])
 by mx1.freebsd.org (Postfix) with ESMTP id D34428FC12;
 Wed, 12 Dec 2012 07:19:41 +0000 (UTC)
Received: by mail-bk0-f54.google.com with SMTP id je9so121639bkc.13
 for <multiple recipients>; Tue, 11 Dec 2012 23:19:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :cc:content-type;
 bh=kXotNmM/MAUQtdRA0QdWnQL2tVRzFqibgbHkiqJ8Hh0=;
 b=w3mHKjZBp1V1onY+LOTy6FO1fiNxu+OU+GrDVt/CI4zPqmjW/+VZv1UGSQMXNqhfe/
 2C7peikYEHXqnrykFXL8r0GiVCGL5PszRheNRB2nvjwmtre4+7ABtqQ98iN6magerJ4O
 +LHQKUvA+h2C6f84Mn41TNVI5/Hpke5zhvOXIOzVxM27goqXrq/8P/FipdeG3rPzkLuH
 e44FznRJpI+ItDqLmvnL1ks9rFXSdJXGcJYQSzPIx8duKgq8juzHpH2NxUQwIEghkwJt
 GSVFOHBSjxjw3dPr8nVCZ99exW+hA7Uo+/vDf+i7XxtqoUh4X+yvpJPCqVK9TNQ/njME
 /NzQ==
MIME-Version: 1.0
Received: by 10.204.147.22 with SMTP id j22mr17983bkv.66.1355296780717; Tue,
 11 Dec 2012 23:19:40 -0800 (PST)
Received: by 10.204.167.71 with HTTP; Tue, 11 Dec 2012 23:19:40 -0800 (PST)
Received: by 10.204.167.71 with HTTP; Tue, 11 Dec 2012 23:19:40 -0800 (PST)
In-Reply-To: <201212120208.qBC28YTk039216@svn.freebsd.org>
References: <201212120208.qBC28YTk039216@svn.freebsd.org>
Date: Wed, 12 Dec 2012 07:19:40 +0000
Message-ID: <CADLo839Bo86kA2XcMWSDQDnsXk1R2-VKNyyGK=10Hi4kkj6Tfg@mail.gmail.com>
Subject: Re: svn commit: r308734 - in head/net/rtpproxy: . files
From: Chris Rees <utisoft@gmail.com>
To: Maxim Sobolev <sobomax@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Filtered-By: Mailman/MimeDel 2.1.14
Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org,
 ports-committers@freebsd.org
X-BeenThere: svn-ports-all@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: SVN commit messages for the ports tree <svn-ports-all.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-ports-all>
List-Post: <mailto:svn-ports-all@freebsd.org>
List-Help: <mailto:svn-ports-all-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-ports-all>,
 <mailto:svn-ports-all-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Dec 2012 07:19:42 -0000

On 12 Dec 2012 02:08, "Maxim Sobolev" <sobomax@freebsd.org> wrote:
>
> XXX Ports RC script present
> Author: sobomax
> Date: Wed Dec 12 02:08:33 2012
> New Revision: 308734
> URL: http://svnweb.freebsd.org/changeset/ports/308734
>
> Log:
>   Add unprivileged user to run under, so it's more secure.
>
>   Reminded by:    Olle E. Johansson
>
> Added:
>   head/net/rtpproxy/files/
>   head/net/rtpproxy/files/patch-freebsd_rtpproxy.in   (contents, props
changed)
>   head/net/rtpproxy/pkg-install   (contents, props changed)
> Modified:
>   head/net/rtpproxy/Makefile
>
> Modified: head/net/rtpproxy/Makefile
>
==============================================================================
> --- head/net/rtpproxy/Makefile  Wed Dec 12 02:02:55 2012        (r308733)
> +++ head/net/rtpproxy/Makefile  Wed Dec 12 02:08:33 2012        (r308734)
> @@ -7,6 +7,7 @@
>
>  PORTNAME=      rtpproxy
>  PORTVERSION=   1.2.1
> +PORTREVISION=  1
>  CATEGORIES=    net
>  MASTER_SITES=  http://www.rtpproxy.org/chrome/site/
>
> @@ -25,6 +26,9 @@ post-build:
>         ${SED} 's|%%PREFIX%%|${PREFIX}|g ; s|%%RC_SUBR%%|/etc/rc.subr|g' \
>             ${WRKSRC}/freebsd/rtpproxy.in > ${WRKDIR}/rtpproxy
>
> +pre-install:
> +       @PKG_PREFIX=${PREFIX} ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
> +
>  post-install:
>         ${INSTALL_SCRIPT} ${WRKDIR}/rtpproxy ${PREFIX}/etc/rc.d/rtpproxy
>
>
> Added: head/net/rtpproxy/files/patch-freebsd_rtpproxy.in
>
==============================================================================
> --- /dev/null   00:00:00 1970   (empty, because file is newly added)
> +++ head/net/rtpproxy/files/patch-freebsd_rtpproxy.in   Wed Dec 12
02:08:33 2012        (r308734)
> @@ -0,0 +1,17 @@
> +
> +$FreeBSD$
> +
> +--- freebsd/rtpproxy.in.orig
> ++++ freebsd/rtpproxy.in
> +@@ -25,7 +25,10 @@
> +
> + rtpproxy_enable=${rtpproxy_enable:-"NO"}
> + rtpproxy_laddr=${rtpproxy_laddr:-"0.0.0.0"}
> ++rtpproxy_usr=${rtpproxy_usr:-"rtpproxy"}
> ++rtpproxy_grp=${rtpproxy_grp:-"rtpproxy"}
> +
> +-command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid"
> ++command_args="-l ${rtpproxy_laddr} -p /var/run/rtpproxy.pid \
> ++  -u ${rtpproxy_usr}:${rtpproxy_grp}"
> +
> + run_rc_command "${1}"
>
> Added: head/net/rtpproxy/pkg-install
>
==============================================================================
> --- /dev/null   00:00:00 1970   (empty, because file is newly added)
> +++ head/net/rtpproxy/pkg-install       Wed Dec 12 02:08:33 2012
 (r308734)
> @@ -0,0 +1,35 @@
> +#!/bin/sh
> +# $FreeBSD$
> +#
> +
> +if [ "$2" != "PRE-INSTALL" ]; then
> +       exit 0
> +fi
> +
> +RTPPROXY_USER=rtpproxy
> +RTPPROXY_GROUP=${RTPPROXY_USER}
> +RTPPROXY_UID=222
> +RTPPROXY_GID=${RTPPROXY_UID}
> +
> +if ! pw groupshow "${RTPPROXY_GROUP}" 2>/dev/null 1>&2; then
> +       if pw groupadd ${RTPPROXY_GROUP} -g ${RTPPROXY_GID}; then
> +               echo "Added group \"${RTPPROXY_GROUP}\"."
> +       else
> +               echo "Adding group \"${RTPPROXY_GROUP}\" failed..."
> +               exit 1
> +       fi
> +fi
> +
> +if ! pw usershow "${RTPPROXY_USER}" 2>/dev/null 1>&2; then
> +       if pw useradd ${RTPPROXY_USER} -u ${RTPPROXY_UID} -g
${RTPPROXY_GROUP} -h - \
> +               -s "/sbin/nologin" -d "/nonexistent" \
> +               -c "RTP Proxy"; \
> +       then
> +               echo "Added user \"${RTPPROXY_USER}\"."
> +       else
> +               echo "Adding user \"${RTPPROXY_USER}\" failed..."
> +               exit 1
> +       fi
> +fi
> +
> +exit 0

This is the wrong way to create users; please use the USERS and GROUPS
Makefile variables instead.

Chris