xfs: Changes to 'debian-unstable'
Makefile.in | 2 +-
debian/changelog | 16 ++++++++++++++++
debian/control | 2 +-
debian/patches/02_debian_setup.diff | 8 +++++---
debian/patches/03_debian_piddir.diff | 13 +++++++++++++
debian/patches/series | 1 +
debian/xfs.init | 22 ++++++++++++++++++++--
debian/xfs.postinst.in | 6 ++++++
debian/xfs.postrm.in | 9 +++++++++
9 files changed, 72 insertions(+), 7 deletions(-)
New commits:
commit 0e573557e7835915ff0cd4e77e9004287e9e1706
Author: Thomas Viehmann <tv@beamnet.de>
Date: Fri Oct 10 22:09:30 2008 +0200
Fix fallout from switching to non-privileged user
- Adjust config file to disable logging to file.
We log to syslog, but with this parameter, xfs tries to open
the logfile which fails because we run as nobody.
- postinst: create user debian-xfs for pidfile,
- init: create pidfile dir if necessary, change pifile location,
deal with two possible pidfile locations for stop et al,
- postrm: delete pid directory and user,
- add patch to change pid directory.
Closes: #498823.
diff --git a/Makefile.in b/Makefile.in
index db3abd2..f453242 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -234,7 +234,7 @@ top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
configdir = $(sysconfdir)/X11/fs
FONT_FLAGS = -DFONT_PCF -DFONT_FS -DFONT_SPEEDO
-AM_CPPFLAGS = $(XFS_CFLAGS) -I$(top_srcdir)/include -DXFSPIDDIR=\"/var/run\" \
+AM_CPPFLAGS = $(XFS_CFLAGS) -I$(top_srcdir)/include -DXFSPIDDIR=\"/var/run/xfs\" \
$(FONT_FLAGS) -D_BSD_SOURCE -DFONT_t -DTRANS_SERVER -DTRANS_REOPEN
LDADD = $(XFS_LIBS)
diff --git a/debian/changelog b/debian/changelog
index bfa0f79..34e3422 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+xfs (1:1.0.8-2.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix fallout from switching to non-privileged user:
+ - Adjust config file to disable logging to file.
+ We log to syslog, but with this parameter, xfs tries to open
+ the logfile which fails because we run as nobody.
+ - postinst: create user debian-xfs for pidfile,
+ - init: create pidfile dir if necessary, change pifile location,
+ deal with two possible pidfile locations for stop et al,
+ - postrm: delete pid directory and user,
+ - add patch to change pid directory.
+ Closes: #498823.
+
+ -- Thomas Viehmann <tv@beamnet.de> Thu, 09 Oct 2008 22:32:45 +0200
+
xfs (1:1.0.8-2) unstable; urgency=low
* Add $syslog dependency to the xfs init.d script (closes: #489232).
diff --git a/debian/control b/debian/control
index 0e05b64..800da9a 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,7 @@ Vcs-Browser: http://git.debian.org/?p=pkg-xorg/app/xfs.git
Package: xfs
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: ${shlibs:Depends}, ${misc:Depends}, adduser
Suggests: xfonts-100dpi | xfonts-75dpi, xfonts-base, xfonts-scalable
Description: X font server
xfs is a daemon that listens on a network port and serves X fonts to X
diff --git a/debian/patches/02_debian_setup.diff b/debian/patches/02_debian_setup.diff
index 4e60667..f3958b9 100644
--- a/debian/patches/02_debian_setup.diff
+++ b/debian/patches/02_debian_setup.diff
@@ -8,7 +8,7 @@ Index: a/config.cpp
===================================================================
--- a/config.cpp.orig 2006-03-07 22:09:01.000000000 -0500
+++ b/config.cpp 2006-03-07 22:13:53.000000000 -0500
-@@ -1,15 +1,19 @@
+@@ -1,15 +1,20 @@
XCOMM font server configuration file
XCOMM $Xorg: config.cpp,v 1.3 2000/08/17 19:54:19 cpqbld Exp $
@@ -18,8 +18,10 @@ Index: a/config.cpp
clone-self = on
-use-syslog = off
-catalogue = DEFAULTFONTPATH
-+XCOMM log messages to FSERRORS (if syslog is not used)
- error-file = FSERRORS
++XCOMM log messages to FSERRORS
++XCOMM (Debian xfs uses syslog by default to run as nobody)
+-error-file = FSERRORS
++XCOMM error-file = FSERRORS
+XCOMM log errors using syslog
+use-syslog = on
+XCOMM turn off TCP port listening (Unix domain connections are still permitted)
diff --git a/debian/patches/03_debian_piddir.diff b/debian/patches/03_debian_piddir.diff
new file mode 100644
index 0000000..3178f1d
--- /dev/null
+++ b/debian/patches/03_debian_piddir.diff
@@ -0,0 +1,13 @@
+diff -u xfs-1.0.8~/Makefile.am xfs-1.0.8/Makefile.am
+--- xfs-1.0.8~/Makefile.am 2008-05-16 20:23:17.000000000 +0200
++++ xfs-1.0.8/Makefile.am 2008-10-10 20:10:12.000000000 +0200
+@@ -25,7 +25,7 @@
+
+ FONT_FLAGS = -DFONT_PCF -DFONT_FS -DFONT_SPEEDO
+
+-AM_CPPFLAGS = $(XFS_CFLAGS) -I$(top_srcdir)/include -DXFSPIDDIR=\"/var/run\" \
++AM_CPPFLAGS = $(XFS_CFLAGS) -I$(top_srcdir)/include -DXFSPIDDIR=\"/var/run/xfs\" \
+ $(FONT_FLAGS) -D_BSD_SOURCE -DFONT_t -DTRANS_SERVER -DTRANS_REOPEN
+
+ LDADD = $(XFS_LIBS)
+diff -u xfs-1.0.8~/Makefile.in xfs-1.0.8/Makefile.in
diff --git a/debian/patches/series b/debian/patches/series
index b9be7ba..969eba1 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,2 +1,3 @@
01_xfs_fixes.diff
02_debian_setup.diff
+03_debian_piddir.diff
diff --git a/debian/xfs.init b/debian/xfs.init
index 99a6221..d425785 100644
--- a/debian/xfs.init
+++ b/debian/xfs.init
@@ -36,7 +36,9 @@ set -e
PATH=/bin:/usr/bin:/sbin:/usr/sbin
DAEMON=/usr/bin/xfs
-PIDFILE=/var/run/xfs.pid
+PIDDIR=/var/run/xfs
+PIDFILE=$PIDDIR/xfs.pid
+OLDPIDFILE=/var/run/xfs.pid
UPGRADEFILE=/var/run/xfs.daemon-not-stopped
SOCKET_DIR=/tmp/.font-unix
@@ -61,6 +63,13 @@ set_up_socket_dir () {
echo "done."
}
+set_up_pid_dir () {
+ if [ ! -d "$PIDDIR" ] ; then
+ mkdir $PIDDIR
+ chown debian-xfs $PIDDIR
+ fi
+}
+
stillrunning () {
if expr "$(cat /proc/$DAEMONPID/cmdline 2>/dev/null)" : "$DAEMON" >/dev/null \
2>&1; then
@@ -74,6 +83,14 @@ stillrunning () {
fi
}
+
+# If there is only an old pidfile, use that. note that restart calls the start
+# initscript, so that will use the new pidfile for the new xfs process
+if [ "$1" = "restart" ] || [ "$1" = "reload" ] || [ "$1" = "stop" ] && \
+ [ ! -e $PIDFILE ] && [ -e $OLDPIDFILE ] ; then
+ PIDFILE=$OLDPIDFILE
+fi
+
# If we have upgraded the daemon since we last started it, we can't use the
# --exec argument to start-stop-daemon, because the daemon's inode will have
# changed. The risk here is that in a situation where the daemon died, its
@@ -91,8 +108,9 @@ fi
case "$1" in
start)
set_up_socket_dir
+ set_up_pid_dir
echo -n "Starting X font server: xfs"
- start-stop-daemon --start --quiet $SSD_START_ARGS -- -daemon -user nobody -droppriv \
+ start-stop-daemon --start --quiet $SSD_START_ARGS -- -daemon -user debian-xfs -droppriv \
|| echo -n " already running"
echo "."
;;
diff --git a/debian/xfs.postinst.in b/debian/xfs.postinst.in
index 5248921..5add91e 100644
--- a/debian/xfs.postinst.in
+++ b/debian/xfs.postinst.in
@@ -15,6 +15,12 @@ set -e
THIS_PACKAGE=xfs
THIS_SCRIPT=postinst
+if ! getent passwd debian-$THIS_PACKAGE > /dev/null ; then
+ adduser --quiet --system --disabled-password \
+ --home /nonexistant --no-create-home \
+ --shell /bin/false --group debian-$THIS_PACKAGE
+fi
+
#INCLUDE_SHELL_LIB#
# Registering the init scripts or starting the daemon may cause output to
diff --git a/debian/xfs.postrm.in b/debian/xfs.postrm.in
index 617d4a8..4854582 100644
--- a/debian/xfs.postrm.in
+++ b/debian/xfs.postrm.in
@@ -25,6 +25,15 @@ if [ "$1" = "purge" ]; then
if [ -d /etc/X11/fs ]; then
rm -r /etc/X11/fs
fi
+ if [ -d /var/run/xfs ]; then
+ rm -r /var/run/xfs
+ fi
+ # Remove the user if we are relatively certain that we created it
+ u_home=$(getent passwd debian-$THIS_PACKAGE | cut -d ":" -f 6)
+ u_shell=$(getent passwd debian-$THIS_PACKAGE | cut -d ":" -f 7)
+ if [ "$u_home" = "/nonexistant" ] && [ "$u_shell" = "/bin/false" ] && [ -x /usr/sbin/deluser ] ; then
+ deluser --system --quiet debian-$THIS_PACKAGE
+ fi
fi
if [ "$1" = "abort-upgrade" ]; then
Reply to: