[Pkg-voip-commits] r5886 - in /rtpproxy/trunk/debian: changelog control patches/ patches/drop-privs-before-creating-socket patches/series rtpproxy.default rtpproxy.init rtpproxy.postinst rules
marcusb-guest at alioth.debian.org
marcusb-guest at alioth.debian.org
Sun Jun 22 18:09:59 UTC 2008
Author: marcusb-guest
Date: Sun Jun 22 18:09:59 2008
New Revision: 5886
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=5886
Log:
* Run as user rtpproxy instead of root.
* Do not return failure in stop command of init script if the daemon is
not running.
Added:
rtpproxy/trunk/debian/patches/
rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
rtpproxy/trunk/debian/patches/series
rtpproxy/trunk/debian/rtpproxy.postinst
Modified:
rtpproxy/trunk/debian/changelog
rtpproxy/trunk/debian/control
rtpproxy/trunk/debian/rtpproxy.default
rtpproxy/trunk/debian/rtpproxy.init
rtpproxy/trunk/debian/rules
Modified: rtpproxy/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/changelog?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/changelog (original)
+++ rtpproxy/trunk/debian/changelog Sun Jun 22 18:09:59 2008
@@ -1,8 +1,10 @@
rtpproxy (1.1-2) UNRELEASED; urgency=low
- * NOT RELEASED YET
+ * Run as user rtpproxy instead of root.
+ * Do not return failure in stop command of init script if the daemon is
+ not running.
- -- Mark Purcell <msp at debian.org> Sat, 21 Jun 2008 16:57:14 +1000
+ -- Marcus Better <marcus at better.se> Sun, 22 Jun 2008 18:05:55 +0000
rtpproxy (1.1-1) unstable; urgency=low
Modified: rtpproxy/trunk/debian/control
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/control?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/control (original)
+++ rtpproxy/trunk/debian/control Sun Jun 22 18:09:59 2008
@@ -3,16 +3,16 @@
Priority: optional
Maintainer: Debian VoIP Team <pkg-voip-maintainers at lists.alioth.debian.org>
Uploaders: Mark Purcell <msp at debian.org>, Kilian Krause <kilian at debian.org>, Marcus Better <marcus at better.se>
-Build-Depends: debhelper (>= 5), autotools-dev, autoconf, automake1.10, xsltproc, docbook-xsl, docbook-xml
+Build-Depends: debhelper (>= 5), quilt, autotools-dev, autoconf, automake1.10, xsltproc, docbook-xsl, docbook-xml
Build-Conflicts: autoconf2.13, automake1.4
Standards-Version: 3.7.3
Homepage: http://www.rtpproxy.org
Vcs-Svn: svn://svn.debian.org/pkg-voip/rtpproxy/trunk/
-Vcs-Browser: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/?op=log
+Vcs-Browser: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/
Package: rtpproxy
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}
+Depends: adduser, ${shlibs:Depends}, ${misc:Depends}
Suggests: ser | openser
Description: Relay for Real-time Transport Protocol (RTP) media streams
A high-performance media relay for RTP streams that can work together
Added: rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket (added)
+++ rtpproxy/trunk/debian/patches/drop-privs-before-creating-socket Sun Jun 22 18:09:59 2008
@@ -1,0 +1,32 @@
+--- a/main.c
++++ b/main.c
+@@ -683,6 +683,14 @@ main(int argc, char **argv)
+
+ init_config(&cf, argc, argv);
+
++ if (cf.run_uname != NULL || cf.run_gname != NULL) {
++ if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
++ rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
++ "can't switch to requested user/group");
++ exit(1);
++ }
++ }
++
+ controlfd = init_controlfd(&cf);
+
+ #if !defined(__solaris__)
+@@ -718,14 +726,6 @@ main(int argc, char **argv)
+ signal(SIGUSR1, fatsignal);
+ signal(SIGUSR2, fatsignal);
+
+- if (cf.run_uname != NULL || cf.run_gname != NULL) {
+- if (drop_privileges(&cf, cf.run_uname, cf.run_gname) != 0) {
+- rtpp_log_ewrite(RTPP_LOG_ERR, cf.glog,
+- "can't switch to requested user/group");
+- exit(1);
+- }
+- }
+-
+ cf.pfds[0].fd = controlfd;
+ cf.pfds[0].events = POLLIN;
+ cf.pfds[0].revents = 0;
Added: rtpproxy/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/patches/series?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/patches/series (added)
+++ rtpproxy/trunk/debian/patches/series Sun Jun 22 18:09:59 2008
@@ -1,0 +1,1 @@
+
Modified: rtpproxy/trunk/debian/rtpproxy.default
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.default?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.default (original)
+++ rtpproxy/trunk/debian/rtpproxy.default Sun Jun 22 18:09:59 2008
@@ -1,10 +1,9 @@
-# Defaults for rtpproxy initscript
-# sourced by /etc/init.d/rtpproxy
-# installed at /etc/default/rtpproxy by the maintainer scripts
+# Defaults for rtpproxy
-#
-# This is a POSIX shell fragment
-#
+# The control socket.
+#CONTROL_SOCK="unix:/var/run/rtpproxy/rtpproxy.sock"
+# To listen on an UDP socket, uncomment this line:
+#CONTROL_SOCK=udp:127.0.0.1:22222
-# Additional options that are passed to the Daemon.
-DAEMON_OPTS="-l 0.0.0.0 -s udp:127.0.0.1:22222"
+# Additional options that are passed to the daemon.
+EXTRA_OPTS=""
Modified: rtpproxy/trunk/debian/rtpproxy.init
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.init?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.init (original)
+++ rtpproxy/trunk/debian/rtpproxy.init Sun Jun 22 18:09:59 2008
@@ -10,15 +10,27 @@
### END INIT INFO
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
-DAEMON=/usr/sbin/rtpproxy
NAME=rtpproxy
-DESC=rtpproxy
+DESC="RTP relay"
+DAEMON=/usr/sbin/$NAME
+USER=$NAME
+GROUP=$USER
+PIDFILE="/var/run/$NAME/$NAME.pid"
+PIDFILE_DIR=`dirname $PIDFILE`
+CONTROL_SOCK="unix:$PIDFILE_DIR/$NAME.sock"
test -x $DAEMON || exit 0
-# Include rtpproxy defaults if available
-if [ -f /etc/default/rtpproxy ] ; then
- . /etc/default/rtpproxy
+# Include defaults if available
+if [ -f /etc/default/$NAME ] ; then
+ . /etc/default/$NAME
+fi
+
+DAEMON_OPTS="-s $CONTROL_SOCK -u $USER:$GROUP -p $PIDFILE $EXTRA_OPTS"
+
+if [ ! -d "$PIDFILE_DIR" ];then
+ mkdir "$PIDFILE_DIR"
+ chown $USER:$GROUP "$PIDFILE_DIR"
fi
set -e
@@ -26,45 +38,23 @@
case "$1" in
start)
echo -n "Starting $DESC: "
- start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid \
- --exec $DAEMON -- $DAEMON_OPTS
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
- start-stop-daemon --stop --quiet --pidfile /var/run/$NAME.pid \
- --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
echo "$NAME."
;;
- #reload)
- #
- # If the daemon can reload its config files on the fly
- # for example by sending it SIGHUP, do it here.
- #
- # If the daemon responds to changes in its config file
- # directly anyway, make this a do-nothing entry.
- #
- # echo "Reloading $DESC configuration files."
- # start-stop-daemon --stop --signal 1 --quiet --pidfile \
- # /var/run/$NAME.pid --exec $DAEMON
- #;;
restart|force-reload)
- #
- # If the "reload" option is implemented, move the "force-reload"
- # option to the "reload" entry above. If not, "force-reload" is
- # just the same as "restart".
- #
echo -n "Restarting $DESC: "
- start-stop-daemon --stop --quiet --pidfile \
- /var/run/$NAME.pid --exec $DAEMON
+ start-stop-daemon --stop --quiet --oknodo --pidfile $PIDFILE --exec $DAEMON
sleep 1
- start-stop-daemon --start --quiet --pidfile \
- /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- $DAEMON_OPTS
echo "$NAME."
;;
*)
N=/etc/init.d/$NAME
- # echo "Usage: $N {start|stop|restart|reload|force-reload}" >&2
echo "Usage: $N {start|stop|restart|force-reload}" >&2
exit 1
;;
Added: rtpproxy/trunk/debian/rtpproxy.postinst
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rtpproxy.postinst?rev=5886&op=file
==============================================================================
--- rtpproxy/trunk/debian/rtpproxy.postinst (added)
+++ rtpproxy/trunk/debian/rtpproxy.postinst Sun Jun 22 18:09:59 2008
@@ -1,0 +1,11 @@
+#!/bin/sh -e
+
+case "$1" in
+ configure)
+ if ! id rtpproxy > /dev/null 2>&1 ; then
+ adduser --system --no-create-home --group rtpproxy
+ fi
+ ;;
+esac
+
+#DEBHELPER#
Modified: rtpproxy/trunk/debian/rules
URL: http://svn.debian.org/wsvn/pkg-voip/rtpproxy/trunk/debian/rules?rev=5886&op=diff
==============================================================================
--- rtpproxy/trunk/debian/rules (original)
+++ rtpproxy/trunk/debian/rules Sun Jun 22 18:09:59 2008
@@ -1,4 +1,6 @@
#!/usr/bin/make -f
+
+include /usr/share/quilt/quilt.make
export DEB_HOST_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE)
export DEB_BUILD_GNU_TYPE ?= $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE)
@@ -30,7 +32,7 @@
configure:
autoreconf --force --install
-configure-stamp: configure
+configure-stamp: patch configure
dh_testdir
rm -f config.sub config.guess
ln -sf /usr/share/misc/config.sub .
@@ -48,7 +50,7 @@
$(MAKE)
touch build-stamp
-clean:
+clean: unpatch
dh_testdir
dh_testroot
-rm -f build-stamp configure-stamp
More information about the Pkg-voip-commits
mailing list