[Pkg-voip-commits] r5886 - in /rtpproxy/trunk/debian: changelog control patches/ patches/drop-privs-before-creating-socket patches/series rtpproxy.default rtpproxy.init rtpproxy.postinst rules

marcusb-guest at alioth.debian.org marcusb-guest at alioth.debian.org
Sun Jun 22 18:09:59 UTC 2008 

Author: marcusb-guest
Date: Sun Jun 22 18:09:59 2008
New Revision: 5886

URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5886
Log:
* Run as user rtpproxy instead of root.
* Do not return failure in stop command of init script if the daemon is
  not running.

Added:
    rtpproxy/trunk/debian/patches/
    rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
    rtpproxy/trunk/debian/patches/series
    rtpproxy/trunk/debian/rtpproxy.postinst
Modified:
    rtpproxy/trunk/debian/changelog
    rtpproxy/trunk/debian/control
    rtpproxy/trunk/debian/rtpproxy.default
    rtpproxy/trunk/debian/rtpproxy.init
    rtpproxy/trunk/debian/rules

Modified: rtpproxy/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/changelog?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/changelog (original)
+++ rtpproxy/trunk/debian/changelog Sun Jun 22 18:09:59 2008
@@ -1,8 +1,10 @@
 rtpproxy (1.1-2) UNRELEASED; urgency=low
 
-  * NOT RELEASED YET
+  * Run as user rtpproxy instead of root.
+  * Do not return failure in stop command of init script if the daemon is
+    not running.
 
- -- Mark Purcell <msp at debian.org>  Sat, 21 Jun 2008 16:57:14 +1000
+ -- Marcus Better <marcus at better.se>  Sun, 22 Jun 2008 18:05:55 +0000
 
 rtpproxy (1.1-1) unstable; urgency=low
 

Modified: rtpproxy/trunk/debian/control
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/control?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/control (original)
+++ rtpproxy/trunk/debian/control Sun Jun 22 18:09:59 2008
@@ -3,16 +3,16 @@
 Priority: optional
 Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
 Uploaders: Mark Purcell <msp at debian.org>, Kilian Krause <kilian at debian.org>, Marcus Better <marcus at better.se>
-Build-Depends: debhelper (>= 5), autotools-dev, autoconf, automake1.10, xsltproc, docbook-xsl, docbook-xml
+Build-Depends: debhelper (>= 5), quilt, autotools-dev, autoconf, automake1.10, xsltproc, docbook-xsl, docbook-xml
 Build-Conflicts: autoconf2.13, automake1.4
 Standards-Version: 3.7.3
 Homepage: http://www.rtpproxy.org
 Vcs-Svn: svn://svn.debian.org/pkg-voip/rtpproxy/trunk/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/?op=log
+Vcs-Browser: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/
 
 Package: rtpproxy
 Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: adduser, ${shlibs:Depends}, ${misc:Depends}
 Suggests: ser | openser
 Description: Relay for Real-time Transport Protocol (RTP) media streams
  A high-performance media relay for RTP streams that can work together

Added: rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket (added)
+++ rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket Sun Jun 22 18:09:59 2008
@@ -1,0 +1,32 @@
+--- a/main.c
++++ b/main.c
+@@ -683,6 +683,14 @@ main(int argc, char **argv)
+ 
+     init_config(&cf, argc, argv);
+ 
++    if (cf.run_uname != NULL || cf.run_gname != NULL) {
++	if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
++	    rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
++	      "can't switch to requested user/group");
++	    exit(1);
++	}
++    }
++
+     controlfd = init_controlfd(&cf);
+ 
+ #if !defined(__solaris__)
+@@ -718,14 +726,6 @@ main(int argc, char **argv)
+     signal(SIGUSR1, fatsignal);
+     signal(SIGUSR2, fatsignal);
+ 
+-    if (cf.run_uname != NULL || cf.run_gname != NULL) {
+-	if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
+-	    rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
+-	      "can't switch to requested user/group");
+-	    exit(1);
+-	}
+-    }
+-
+     cf.pfds[0].fd = controlfd;
+     cf.pfds[0].events = POLLIN;
+     cf.pfds[0].revents = 0;

Added: rtpproxy/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/series?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/series (added)
+++ rtpproxy/trunk/debian/patches/series Sun Jun 22 18:09:59 2008
@@ -1,0 +1,1 @@
+

Modified: rtpproxy/trunk/debian/rtpproxy.default
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.default?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.default (original)
+++ rtpproxy/trunk/debian/rtpproxy.default Sun Jun 22 18:09:59 2008
@@ -1,10 +1,9 @@
-# Defaults for rtpproxy initscript
-# sourced by /etc/init.d/rtpproxy
-# installed at /etc/default/rtpproxy by the maintainer scripts
+# Defaults for rtpproxy
 
-#
-# This is a POSIX shell fragment
-#
+# The control socket.
+#CONTROL_SOCK="unix:/var/run/rtpproxy/rtpproxy.sock"
+# To listen on an UDP socket, uncomment this line:
+#CONTROL_SOCK=udp:127.0.0.1:22222
 
-# Additional options that are passed to the Daemon.
-DAEMON_OPTS="-l 0.0.0.0 -s udp:127.0.0.1:22222"
+# Additional options that are passed to the daemon.
+EXTRA_OPTS=""

Modified: rtpproxy/trunk/debian/rtpproxy.init
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.init?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.init (original)
+++ rtpproxy/trunk/debian/rtpproxy.init Sun Jun 22 18:09:59 2008
@@ -10,15 +10,27 @@
 ### END INIT INFO
 
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/rtpproxy
 NAME=rtpproxy
-DESC=rtpproxy
+DESC="RTP relay"
+DAEMON=/usr/sbin/$NAME
+USER=$NAME
+GROUP=$USER
+PIDFILE="/var/run/$NAME/$NAME.pid"
+PIDFILE_DIR=`dirname $PIDFILE`
+CONTROL_SOCK="unix:$PIDFILE_DIR/$NAME.sock"
 
 test -x $DAEMON || exit 0
 
-# Include rtpproxy defaults if available
-if [ -f /etc/default/rtpproxy ] ; then
-	. /etc/default/rtpproxy
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+	. /etc/default/$NAME
+fi
+
+DAEMON_OPTS="-s $CONTROL_SOCK -u $USER:$GROUP -p $PIDFILE $EXTRA_OPTS"
+
+if [ ! -d "$PIDFILE_DIR" ];then
+	mkdir "$PIDFILE_DIR"
+    chown $USER:$GROUP "$PIDFILE_DIR"
 fi
 
 set -e
@@ -26,45 +38,23 @@
 case "$1" in
   start)
 	echo -n "Starting $DESC: "
-	start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
-		--exec $DAEMON -- $DAEMON_OPTS
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
 	echo "$NAME."
 	;;
   stop)
 	echo -n "Stopping $DESC: "
-	start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
-		--exec $DAEMON
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
 	echo "$NAME."
 	;;
-  #reload)
-	#
-	#	If the daemon can reload its config files on the fly
-	#	for example by sending it SIGHUP, do it here.
-	#
-	#	If the daemon responds to changes in its config file
-	#	directly anyway, make this a do-nothing entry.
-	#
-	# echo "Reloading $DESC configuration files."
-	# start-stop-daemon --stop --signal 1 --quiet --pidfile \
-	#	/var/run/$NAME.pid --exec $DAEMON
-  #;;
   restart|force-reload)
-	#
-	#	If the "reload" option is implemented, move the "force-reload"
-	#	option to the "reload" entry above. If not, "force-reload" is
-	#	just the same as "restart".
-	#
 	echo -n "Restarting $DESC: "
-	start-stop-daemon --stop --quiet --pidfile \
-		/var/run/$NAME.pid --exec $DAEMON
+	start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
 	sleep 1
-	start-stop-daemon --start --quiet --pidfile \
-		/var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
 	echo "$NAME."
 	;;
   *)
 	N=/etc/init.d/$NAME
-	# echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
 	echo "Usage: $N {start|stop|restart|force-reload}" >&2
 	exit 1
 	;;

Added: rtpproxy/trunk/debian/rtpproxy.postinst
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.postinst?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.postinst (added)
+++ rtpproxy/trunk/debian/rtpproxy.postinst Sun Jun 22 18:09:59 2008
@@ -1,0 +1,11 @@
+#!/bin/sh -e
+
+case "$1" in
+    configure)
+	if ! id rtpproxy > /dev/null 2>&1 ; then
+	    adduser --system --no-create-home --group rtpproxy
+	fi
+    ;;
+esac
+
+#DEBHELPER#

Modified: rtpproxy/trunk/debian/rules
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rules?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rules (original)
+++ rtpproxy/trunk/debian/rules Sun Jun 22 18:09:59 2008
@@ -1,4 +1,6 @@
 #!/usr/bin/make -f
+
+include /usr/share/quilt/quilt.make
 
 export DEB_HOST_GNU_TYPE   ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
 export DEB_BUILD_GNU_TYPE  ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
@@ -30,7 +32,7 @@
 configure:
 	autoreconf --force --install
 
-configure-stamp: configure
+configure-stamp: patch configure
 	dh_testdir
 	rm -f config.sub config.guess
 	ln -sf /usr/share/misc/config.sub .
@@ -48,7 +50,7 @@
 	$(MAKE)
 	touch build-stamp
 
-clean:
+clean: unpatch
 	dh_testdir
 	dh_testroot
 	-rm -f build-stamp configure-stamp

More information about the Pkg-voip-commits mailing list