Bug#695756: unblock: ample/0.5.7-7
Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock
Please unblock package ample
The new version moves the pidfile to /var/run/ample.pid and drops
privileges in ample itself (instead of via start-stop-daemon), both to
fix #689769)
Debdiff is attached.
unblock ample/0.5.7-7
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (990, 'testing'), (600, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 3.3.4-1-suspendconsole (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
diff -u ample-0.5.7/debian/init.d ample-0.5.7/debian/init.d
--- ample-0.5.7/debian/init.d
+++ ample-0.5.7/debian/init.d
@@ -17,8 +17,8 @@
DESC="AMPLE mp3 server"
NAME=ample
DAEMON=/usr/bin/$NAME
-DAEMON_ARGS="-c /etc/ample/ample.conf -i /var/run/ample/$NAME.pid"
-PIDFILE=/var/run/ample/$NAME.pid
+DAEMON_ARGS="-c /etc/ample/ample.conf -i /var/run/$NAME.pid"
+PIDFILE=/var/run/$NAME.pid
SCRIPTNAME=/etc/init.d/$NAME
# Exit if the package is not installed
@@ -36,29 +36,22 @@
fi
if [ "$DEFUSER" -a "$DEFGROUP" ] ; then
- CHUID="--chuid $DEFUSER:$DEFGROUP"
+ DAEMON_ARGS="$DAEMON_ARGS -u $DEFUSER -g $DEFGROUP"
fi
test "$STARTAMPLE" = yes || exit 0
. /lib/lsb/init-functions
-if ! [ -d /var/run/ample ] ; then
- mkdir -p /var/run/ample || true
- if [ -d /var/run/ample ] ; then
- chown ${DEFUSER:-nobody}:${DEFGROUP:-nogroup} /var/run/ample
- fi
-fi
-
do_start()
{
# Return
# 0 if daemon has been started
# 1 if daemon was already running
# 2 if daemon could not be started
- start-stop-daemon --start $CHUID --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+ start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
|| return 1
- start-stop-daemon --start $CHUID --pidfile $PIDFILE --exec $DAEMON -- \
+ start-stop-daemon --start --pidfile $PIDFILE --exec $DAEMON -- \
$DAEMON_ARGS \
|| return 2
}
diff -u ample-0.5.7/debian/changelog ample-0.5.7/debian/changelog
--- ample-0.5.7/debian/changelog
+++ ample-0.5.7/debian/changelog
@@ -1,3 +1,12 @@
+ample (0.5.7-7) unstable; urgency=low
+
+ * QA upload.
+ * Move pidfile to /var/run/ample.pid (Closes: #689769)
+ * Drop privileges in ample, not with start-stop-daemon, so that pidfile can
+ be created without being owned by nobody:nogroup.
+
+ -- Michael Stapelberg <stapelberg@debian.org> Tue, 04 Dec 2012 22:05:44 +0100
+
ample (0.5.7-6.1) unstable; urgency=low
* Non-maintainer upload.
diff -u ample-0.5.7/debian/postrm ample-0.5.7/debian/postrm
--- ample-0.5.7/debian/postrm
+++ ample-0.5.7/debian/postrm
@@ -3,12 +3,7 @@
set -e
case "$1" in
- purge|remove)
- if [ -d /var/run/ample ]; then
- rmdir /var/run/ample || true
- fi
- ;;
- upgrade|abort-upgrade|failed-upgrade|abort-install|disapper)
+ purge|remove|upgrade|abort-upgrade|failed-upgrade|abort-install|disapper)
;;
*)
diff -u ample-0.5.7/debian/control ample-0.5.7/debian/control
--- ample-0.5.7/debian/control
+++ ample-0.5.7/debian/control
@@ -1,7 +1,7 @@
Source: ample
Section: sound
Priority: optional
-Maintainer: Rene Mayorga <rmayorga@debian.org.sv>
+Maintainer: Debian QA Group <packages@qa.debian.org>
Build-Depends: debhelper (>= 7), libwrap0-dev, quilt, lsb-base (>= 3.0-6)
Standards-Version: 3.8.0
Homepage: http://ample.sourceforge.net
diff -u ample-0.5.7/debian/patches/series ample-0.5.7/debian/patches/series
--- ample-0.5.7/debian/patches/series
+++ ample-0.5.7/debian/patches/series
@@ -4,2 +4,3 @@
add_pidfile_option.patch
+add_user_group.patch
#add_i_option_to_manpage.patch
only in patch2:
unchanged:
--- ample-0.5.7.orig/debian/patches/add_user_group.patch
+++ ample-0.5.7/debian/patches/add_user_group.patch
@@ -0,0 +1,80 @@
+diff --git i/src/ample.c w/src/ample.c
+index da14086..622a152 100644
+--- i/src/ample.c
++++ w/src/ample.c
+@@ -54,6 +54,8 @@
+ int allow_severity = LOG_INFO;
+ int deny_severity = LOG_WARNING;
+ #endif
++#include <pwd.h>
++#include <grp.h>
+
+
+ #include "ample.h"
+@@ -502,6 +504,23 @@ main(int argc, char *argv[])
+ /**/
+
+ preparelog();
++
++ if(gconf.group) {
++ struct group *pwent = getgrnam(gconf.group);
++ if (pwent == NULL)
++ die("No such group");
++ if (setgid(pwent->gr_gid) != 0)
++ die("Could not setgid()");
++ }
++
++ if(gconf.user) {
++ struct passwd *pwent = getpwnam(gconf.user);
++ if (pwent == NULL)
++ die("No such user");
++ if (setuid(pwent->pw_uid) != 0)
++ die("Could not change to specified user");
++ }
++
+ if(!gconf.inetd)
+ logmsg("Ample/%s started\n", AMPLE_VERSION);
+
+diff --git i/src/ample.h w/src/ample.h
+index 68f0f90..297f9d7 100644
+--- i/src/ample.h
++++ w/src/ample.h
+@@ -37,6 +37,8 @@ struct global_config {
+ char * serveraddress;
+ char * filter;
+ char * pidfile;
++ char * user;
++ char * group;
+ };
+
+ struct childstat {
+diff --git i/src/configuration.c w/src/configuration.c
+index 97f5cbb..7fd1feb 100644
+--- i/src/configuration.c
++++ w/src/configuration.c
+@@ -679,10 +679,10 @@ setcmdopt(int argc, char * argv[])
+ {NULL, 0, NULL, 0}
+ };
+
+- while((c = getopt_long(argc, argv, "p:oc:nf:m:hd::ti:v", longopts, &i))
++ while((c = getopt_long(argc, argv, "p:oc:nf:m:hd::ti:vu:g:", longopts, &i))
+ != -1) {
+ #else
+- while((c = getopt(argc, argv, "p:oc:nf:m:hd::ti:v")) != -1) {
++ while((c = getopt(argc, argv, "p:oc:nf:m:hd::ti:vu:g:")) != -1) {
+ #endif
+ switch(c) {
+ case 'p':
+@@ -723,6 +723,12 @@ setcmdopt(int argc, char * argv[])
+ case 'i':
+ gconf.pidfile = strdup(optarg);
+ break;
++ case 'u':
++ gconf.user = strdup(optarg);
++ break;
++ case 'g':
++ gconf.group = strdup(optarg);
++ break;
+ default:
+ usage(TRUE);
+ }
Reply to: