From 0301e5fb3f97f05cf8e36da8ed2c90bf434f27d6 Mon Sep 17 00:00:00 2001 From: Greg Cymbalski Date: Mon, 27 Jul 2015 21:58:45 -0700 Subject: [PATCH 01/16] small typo correction --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 522c13a..f79f68d 100644 --- a/Makefile +++ b/Makefile @@ -92,4 +92,4 @@ setversion: varcheck ## Check required settings before continuing varcheck: $(if $(PKG_VERSION),,$(error "Variable PKG_VERSION must be set and exported, see basho/node_package readme")) - $(if $(PKG_ID),,$(error "Variable PKK_ID must be set and exported, see basho/node_package readme")) + $(if $(PKG_ID),,$(error "Variable PKG_ID must be set and exported, see basho/node_package readme")) From 8130779640599a841f4f34d0e3573a5a1df5e996 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Wed, 17 Feb 2016 21:41:24 -0500 Subject: [PATCH 02/16] Make sure init.d files are installed as root --- priv/templates/rpm/specfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/templates/rpm/specfile b/priv/templates/rpm/specfile index 5775241..a55a38f 100644 --- a/priv/templates/rpm/specfile +++ b/priv/templates/rpm/specfile @@ -114,7 +114,7 @@ cp -R %{relpath}/data/* \ %{buildroot}%{_localstatedir}/lib/{{package_install_name}} mkdir -p %{buildroot}%{_sysconfdir}/init.d -install -m755 %{_topdir}/init.script %{buildroot}%{_sysconfdir}/init.d/{{package_install_name}} +install -u root -g root -m755 %{_topdir}/init.script %{buildroot}%{_sysconfdir}/init.d/{{package_install_name}} # Needed to work around check-rpaths which seems to be hardcoded into recent # RPM releases From df24d52db4f516b151c85ebd205d37fe511719b1 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Thu, 18 Feb 2016 12:49:24 -0500 Subject: [PATCH 03/16] update to use %defattr% for init.d package to install as root. --- priv/templates/rpm/specfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/priv/templates/rpm/specfile b/priv/templates/rpm/specfile index a55a38f..5cc2a76 100644 --- a/priv/templates/rpm/specfile +++ b/priv/templates/rpm/specfile @@ -114,7 +114,7 @@ cp -R %{relpath}/data/* \ %{buildroot}%{_localstatedir}/lib/{{package_install_name}} mkdir -p %{buildroot}%{_sysconfdir}/init.d -install -u root -g root -m755 %{_topdir}/init.script %{buildroot}%{_sysconfdir}/init.d/{{package_install_name}} +install -m755 %{_topdir}/init.script %{buildroot}%{_sysconfdir}/init.d/{{package_install_name}} # Needed to work around check-rpaths which seems to be hardcoded into recent # RPM releases @@ -176,6 +176,7 @@ exit 0 %{_localstatedir}/lib/{{package_install_name}} %{_localstatedir}/log/{{package_install_name}} %{_localstatedir}/run/{{package_install_name}} +%defattr(-,root,root) %{_sysconfdir}/init.d/{{package_install_name}} %clean From 5925b4ce7d1b1860df382f9c1ea6c8d4f44e8ecb Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Wed, 2 Mar 2016 11:58:01 -0500 Subject: [PATCH 04/16] Move {{bin_or_sbin}} to section owned by root:wheel instead of riak:riak --- priv/templates/fbsd/Makefile | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/priv/templates/fbsd/Makefile b/priv/templates/fbsd/Makefile index 26e7108..df0cea4 100644 --- a/priv/templates/fbsd/Makefile +++ b/priv/templates/fbsd/Makefile @@ -91,8 +91,6 @@ packing_list_files: $(BUILD_STAGE_DIR) echo "@owner {{package_install_user}}" >> +CONTENTS && \ echo "@group {{package_install_group}}" >> +CONTENTS && \ echo "@mode 0755" >> +CONTENTS - cd $(BUILD_STAGE_DIR) && \ - find {{bin_or_sbin}} -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ find lib -type f >> +CONTENTS && \ find lib -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS && \ @@ -102,8 +100,9 @@ packing_list_files: $(BUILD_STAGE_DIR) echo "@group wheel" >> +CONTENTS && \ echo "@mode 0644" >> +CONTENTS && \ find etc -type f >> +CONTENTS && \ - find etc -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS - + find etc -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS && \ + echo "@mode 0755" >> +CONTENTS && \ + find {{bin_or_sbin}} -type f >> +CONTENTS @echo "Packaging /var files" cd $(BUILD_STAGE_DIR) && \ echo "@cwd /var" >> +CONTENTS From 12fee7ab0d143a0998ce8465c5f44907f8899786 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Fri, 4 Mar 2016 22:06:02 +0000 Subject: [PATCH 05/16] make sure /usr/sbin files are also owned by root --- priv/templates/rpm/specfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/templates/rpm/specfile b/priv/templates/rpm/specfile index 5cc2a76..e2ac5c6 100644 --- a/priv/templates/rpm/specfile +++ b/priv/templates/rpm/specfile @@ -172,12 +172,12 @@ exit 0 %{_libdir}/* %dir %{_sysconfdir}/{{package_install_name}} %config(noreplace) %{_sysconfdir}/{{package_install_name}}/* -%{_{{bin_or_sbin}}dir}/* %{_localstatedir}/lib/{{package_install_name}} %{_localstatedir}/log/{{package_install_name}} %{_localstatedir}/run/{{package_install_name}} %defattr(-,root,root) %{_sysconfdir}/init.d/{{package_install_name}} +%{_{{bin_or_sbin}}dir}/* %clean rm -rf %{buildroot} From e8b3ca9421b399dc3f9b29d8ec8f27ad504a60a3 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Mon, 7 Mar 2016 14:02:27 -0500 Subject: [PATCH 06/16] move non-writable files to root:root section of specfile --- priv/templates/rpm/specfile | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/priv/templates/rpm/specfile b/priv/templates/rpm/specfile index e2ac5c6..4acc798 100644 --- a/priv/templates/rpm/specfile +++ b/priv/templates/rpm/specfile @@ -169,15 +169,15 @@ exit 0 # Man pages are optional and might be missing, read from file %files -f additional_files_list %defattr(-,{{package_install_user}},{{package_install_group}}) -%{_libdir}/* -%dir %{_sysconfdir}/{{package_install_name}} -%config(noreplace) %{_sysconfdir}/{{package_install_name}}/* %{_localstatedir}/lib/{{package_install_name}} %{_localstatedir}/log/{{package_install_name}} %{_localstatedir}/run/{{package_install_name}} %defattr(-,root,root) %{_sysconfdir}/init.d/{{package_install_name}} %{_{{bin_or_sbin}}dir}/* +%{_libdir}/* +%dir %{_sysconfdir}/{{package_install_name}} +%config(noreplace) %{_sysconfdir}/{{package_install_name}}/* %clean rm -rf %{buildroot} From 981c495c98686df553ce84d3520a42d319ecdd6d Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Mon, 7 Mar 2016 15:24:26 -0500 Subject: [PATCH 07/16] Updated FreeBSD (old) to install almost everything as root:wheel. --- priv/templates/fbsd/Makefile | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/priv/templates/fbsd/Makefile b/priv/templates/fbsd/Makefile index df0cea4..daed87e 100644 --- a/priv/templates/fbsd/Makefile +++ b/priv/templates/fbsd/Makefile @@ -88,21 +88,18 @@ packing_list_files: $(BUILD_STAGE_DIR) @echo "Packaging /usr/local files" cd $(BUILD_STAGE_DIR) && \ echo "@cwd /usr/local" >> +CONTENTS && \ - echo "@owner {{package_install_user}}" >> +CONTENTS && \ - echo "@group {{package_install_group}}" >> +CONTENTS && \ - echo "@mode 0755" >> +CONTENTS + echo "@owner root" >> +CONTENTS && \ + echo "@group wheel" >> +CONTENTS && \ + echo "@mode 0755" >> +CONTENT cd $(BUILD_STAGE_DIR) && \ find lib -type f >> +CONTENTS && \ find lib -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS && \ - echo "@exec chown -R {{package_install_user}}:{{package_install_group}} {{platform_base_dir}}" >> +CONTENTS + echo "@exec chown -R root:wheel {{platform_base_dir}}" >> +CONTENTS && \ + find {{bin_or_sbin}} -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ - echo "@owner root" >> +CONTENTS && \ - echo "@group wheel" >> +CONTENTS && \ echo "@mode 0644" >> +CONTENTS && \ find etc -type f >> +CONTENTS && \ - find etc -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS && \ - echo "@mode 0755" >> +CONTENTS && \ - find {{bin_or_sbin}} -type f >> +CONTENTS + find etc -d -type d -mindepth 1 -exec echo "@dirrm {}" \; >> +CONTENTS @echo "Packaging /var files" cd $(BUILD_STAGE_DIR) && \ echo "@cwd /var" >> +CONTENTS From dd06ed561934148c9f59bc7b379b23f35c7c7894 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Tue, 8 Mar 2016 20:37:51 -0500 Subject: [PATCH 08/16] Fix install message, and set home directory to {{platform_data_dir}} instead of {{platform_base_dir}} so it's writable for the riak user --- priv/templates/fbsd/+DISPLAY | 2 +- priv/templates/fbsd/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/priv/templates/fbsd/+DISPLAY b/priv/templates/fbsd/+DISPLAY index e268700..7cbf6e3 100644 --- a/priv/templates/fbsd/+DISPLAY +++ b/priv/templates/fbsd/+DISPLAY @@ -1,6 +1,6 @@ Thank you for installing {{package_name}}. -{{package_name}} has been installed in /usr/local owned by user:group {{package_install_user}}:{{package_install_group}} +{{package_name}} has been installed in /usr/local owned by user:group root:wheel The primary directories are: diff --git a/priv/templates/fbsd/Makefile b/priv/templates/fbsd/Makefile index daed87e..dd43252 100644 --- a/priv/templates/fbsd/Makefile +++ b/priv/templates/fbsd/Makefile @@ -57,7 +57,7 @@ packing_list_files: $(BUILD_STAGE_DIR) echo "@name {{package_name}}-$(PKG_VERSION)" >> plist echo "@conflicts {{package_name}}-*" >> plist echo "@exec if ! pw groupshow {{package_install_group}} 2>/dev/null; then pw groupadd {{package_install_group}}; fi" >> plist - echo "@exec if ! pw usershow {{package_install_user}} 2>/dev/null; then pw useradd {{package_install_user}} -g {{package_install_group}} -h - -d {{platform_base_dir}} -s /bin/sh -c \"{{package_install_user_desc}}\"; fi" >> plist + echo "@exec if ! pw usershow {{package_install_user}} 2>/dev/null; then pw useradd {{package_install_user}} -g {{package_install_group}} -h - -d {{platform_data_dir}} -s /bin/sh -c \"{{package_install_user_desc}}\"; fi" >> plist echo "@comment ORIGIN:{{freebsd_package_category}}/{{package_install_name}}" >> plist @echo "Copying Man pages to staging directory" From aaf3e1562247a47efd3eed809bdd3446660cb418 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Wed, 9 Mar 2016 16:20:14 -0500 Subject: [PATCH 09/16] Multiple additional security tightenings: - Changes to make sure we install as many things as possible as root:root or root:wheel, rather than package_install_user:package_install_group. - Updates to make it more clear when using variables that they will be writable by the package_install_user. - Always use `package_data_dir` as home directory for user, as package_base_dir should not be writable or owned by package user and more. Erlang cookie file `.erlang.cookie` is created in the home directory, so it must be writable. --- priv/templates/deb/postinst | 3 --- priv/templates/fbsd/Makefile | 6 +++--- priv/templates/smartos/+DISPLAY | 2 +- priv/templates/smartos/+INSTALL | 14 +++++++------- priv/templates/smartos/Makefile | 24 ++++++++++++------------ priv/templates/smartos/manifest131.xml | 2 +- priv/templates/solaris/preinstall | 2 +- 7 files changed, 25 insertions(+), 28 deletions(-) diff --git a/priv/templates/deb/postinst b/priv/templates/deb/postinst index 1c3d32b..9be3eb9 100755 --- a/priv/templates/deb/postinst +++ b/priv/templates/deb/postinst @@ -26,9 +26,6 @@ for i in lib run log; do chown -R {{package_install_user}}:{{package_install_group}} /var/$i/{{package_install_name}} done -chown -R {{package_install_user}}:{{package_install_group}} /usr/lib/{{package_install_name}} -chown -R {{package_install_user}}:{{package_install_group}} /etc/{{package_install_name}} - chmod 0755 /var/run/{{package_install_name}} /etc/{{package_install_name}} chmod 0644 /etc/{{package_install_name}}/* chmod -R +X /etc/{{package_install_name}} diff --git a/priv/templates/fbsd/Makefile b/priv/templates/fbsd/Makefile index dd43252..ed5c580 100644 --- a/priv/templates/fbsd/Makefile +++ b/priv/templates/fbsd/Makefile @@ -73,9 +73,9 @@ packing_list_files: $(BUILD_STAGE_DIR) {{/package_commands}} echo -n; fi @echo "Scanning data and log directories for empty directories to add" - $(eval DIRS_INSTALL = {{platform_log_dir}}) - $(eval DIRS_INSTALL += $(shell cd $(BUILD_STAGE_DIR) && find $(PDATA_ROOT_DIR) -type d -exec printf "/%s " {} \;)) - for i in $(DIRS_INSTALL); \ + $(eval PACKAGE_USER_WRITABLE_DIRS = {{platform_log_dir}}) + $(eval PACKAGE_USER_WRITABLE_DIRS += $(shell cd $(BUILD_STAGE_DIR) && find $(PDATA_ROOT_DIR) -type d -exec printf "/%s " {} \;)) + for i in $(PACKAGE_USER_WRITABLE_DIRS); \ do \ echo "@exec mkdir -p $$i" >> plist; \ echo "@exec chown -R {{package_install_user}}:{{package_install_group}} $$i" >> plist; \ diff --git a/priv/templates/smartos/+DISPLAY b/priv/templates/smartos/+DISPLAY index 6cdebda..a0f0ad9 100644 --- a/priv/templates/smartos/+DISPLAY +++ b/priv/templates/smartos/+DISPLAY @@ -1,6 +1,6 @@ Thank you for installing {{package_name}}. -{{package_name}} has been installed in {{platform_base_dir}} owned by user:group {{package_install_user}}:{{package_install_group}} +{{package_name}} has been installed in {{platform_base_dir}} owned by user:group root:root The primary directories are: diff --git a/priv/templates/smartos/+INSTALL b/priv/templates/smartos/+INSTALL index a785cd7..aea2de2 100755 --- a/priv/templates/smartos/+INSTALL +++ b/priv/templates/smartos/+INSTALL @@ -1,7 +1,7 @@ #!/bin/sh # Variable that will get replaced by the Makefile dirs_create target -CREATE_DIRS="%DIRS_CREATE%" +PACKAGE_USER_WRITABLE_DIRS="%PACKAGE_USER_WRITABLE_DIRS%" # Config files that could possibly be installed CONFIG_FILES="vm.args app.config advanced.config {{cuttlefish_conf}}" @@ -12,12 +12,12 @@ if [ "$2" = "PRE-INSTALL" ]; then fi if ! getent passwd "{{package_install_user}}" 2>/dev/null 1>&2; then - useradd -g {{package_install_group}} -d {{platform_base_dir}} -s /bin/sh {{package_install_user}} + useradd -g {{package_install_group}} -d {{platform_data_dir}} -s /bin/sh {{package_install_user}} fi # Create var directories outside of +CONTENTS - # Read directories from the CREATE_DIRS variable - for i in $CREATE_DIRS; do + # Read directories from the PACKAGE_USER_WRITABLE_DIRS variable + for i in $PACKAGE_USER_WRITABLE_DIRS; do if [ -d $i ]; then echo "Skipping directory creation of $i, directory already exists" else @@ -42,12 +42,12 @@ if [ "$2" = "POST-INSTALL" ]; then # Ensure proper permissions on {{package_name}} scripts for i in {{#package_commands}}{{name}} {{/package_commands}}; do - chown {{package_install_user}}:{{package_install_group}} {{platform_bin_dir}}/$i + chown root:root {{platform_bin_dir}}/$i chmod 755 {{platform_bin_dir}}/$i done # Ensure proper ownership of lib directory - chown -R {{package_install_user}}:{{package_install_group}} {{platform_lib_dir}} + chown -R root:root {{platform_lib_dir}} chmod -R g+r {{platform_lib_dir}} # Treat new configuration files as new if old ones already exist @@ -68,7 +68,7 @@ if [ "$2" = "POST-INSTALL" ]; then # This shouldn't have to happen in the post-install, but # there is some non-deterministic stuff happening during # install on SmartOS that causes wrong ownership. - chown -R root:{{package_install_group}} {{platform_etc_dir}} + chown -R root:root {{platform_etc_dir}} for i in $CONFIG_FILES; do if [ -f {{platform_etc_dir}}/$i ]; then diff --git a/priv/templates/smartos/Makefile b/priv/templates/smartos/Makefile index e68d9e5..0b440a8 100644 --- a/priv/templates/smartos/Makefile +++ b/priv/templates/smartos/Makefile @@ -127,29 +127,29 @@ packing_list_files: $(BUILD_STAGE_DIR) templates echo "@comment Packing /opt/local/etc files" >> +CONTENTS && \ echo "@cwd /opt/local" >> +CONTENTS && \ echo "@owner root" >> +CONTENTS && \ - echo "@group {{package_install_user}}" >> +CONTENTS && \ + echo "@group root" >> +CONTENTS && \ find etc -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ echo "@comment Packing lib files" >> +CONTENTS && \ echo "@cwd /opt/local" >> +CONTENTS && \ - echo "@owner {{package_install_user}}" >> +CONTENTS && \ - echo "@group {{package_install_group}}" >> +CONTENTS + echo "@owner root" >> +CONTENTS && \ + echo "@group root" >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ find lib -type f >> +CONTENTS && \ - echo "@exec chown -R {{package_install_user}}:{{package_install_group}} {{platform_base_dir}}" >> +CONTENTS + echo "@exec chown -R root:root {{platform_base_dir}}" >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ echo "@comment Packing /usr/local {{bin_or_sbin}} files" >> +CONTENTS && \ - echo "@owner {{package_install_user}}" >> +CONTENTS && \ - echo "@group {{package_install_group}}" >> +CONTENTS && \ + echo "@owner root" >> +CONTENTS && \ + echo "@group root" >> +CONTENTS && \ echo "@mode 0755" >> +CONTENTS && \ find {{bin_or_sbin}} -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ - echo "@owner {{package_install_user}}" >> +CONTENTS && \ - echo "@group {{package_install_group}}" >> +CONTENTS && \ + echo "@owner root" >> +CONTENTS && \ + echo "@group root" >> +CONTENTS && \ find share -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ @@ -167,13 +167,13 @@ packing_list_files: $(BUILD_STAGE_DIR) templates # I feel dirty now. dirs_file: $(BUILD_STAGE_DIR) @echo "Adding data and log directories to directory list" - $(eval DIRS_INSTALL = {{platform_data_dir}}) - $(eval DIRS_INSTALL += {{platform_log_dir}}) + $(eval PACKAGE_USER_WRITABLE_DIRS = {{platform_data_dir}}) + $(eval PACKAGE_USER_WRITABLE_DIRS += {{platform_log_dir}}) @echo "Scanning var directory for any additional install paths" - $(eval DIRS_INSTALL += $(shell cd $(BUILD_STAGE_DIR) && find $(PDATA_ROOT_DIR) -type d -exec printf "/%s " {} \;)) + $(eval PACKAGE_USER_WRITABLE_DIRS += $(shell cd $(BUILD_STAGE_DIR) && find $(PDATA_ROOT_DIR) -type d -exec printf "/%s " {} \;)) cd $(BUILD_STAGE_DIR) && \ cp +INSTALL +INSTALL.tmp && \ - sed -e 's|%DIRS_CREATE%|${DIRS_INSTALL}|' < \ + sed -e 's|%PACKAGE_USER_WRITABLE_DIRS%|${PACKAGE_USER_WRITABLE_DIRS}|' < \ +INSTALL.tmp > +INSTALL && \ rm +INSTALL.tmp diff --git a/priv/templates/smartos/manifest131.xml b/priv/templates/smartos/manifest131.xml index 73ae5fc..f41e5d7 100644 --- a/priv/templates/smartos/manifest131.xml +++ b/priv/templates/smartos/manifest131.xml @@ -16,7 +16,7 @@ - + diff --git a/priv/templates/solaris/preinstall b/priv/templates/solaris/preinstall index 785b71d..0cafd8f 100755 --- a/priv/templates/solaris/preinstall +++ b/priv/templates/solaris/preinstall @@ -9,7 +9,7 @@ fi # create {{package_install_user}} user only if it doesn't already exist getent passwd {{package_install_user}} >/dev/null 2>&1 if [ $? -ne 0 ]; then - useradd -g {{package_install_group}} -d /opt/{{package_install_name}} -s /usr/bin/ksh {{package_install_user}} + useradd -g {{package_install_group}} -d {{platform_data_dir}} -s /usr/bin/ksh {{package_install_user}} usermod -c "{{package_install_user_desc}}" {{package_install_user}} fi From 4a1aacaee4c21999c2d1b3f532a34398a75422f4 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Wed, 9 Mar 2016 19:54:03 -0500 Subject: [PATCH 10/16] New SmartOS version (15.4.0) attempt --- priv/templates/smartos/Makefile | 6 +++++ priv/templates/smartos/manifest154.xml | 37 ++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) create mode 100644 priv/templates/smartos/manifest154.xml diff --git a/priv/templates/smartos/Makefile b/priv/templates/smartos/Makefile index 0b440a8..b014a15 100644 --- a/priv/templates/smartos/Makefile +++ b/priv/templates/smartos/Makefile @@ -42,6 +42,12 @@ OPENSSL_DEP = openssl-1.0.1* GCC_DEP = gcc47-libs>=4.7.0 SMF_MANIFEST = manifest131.xml endif +ifeq ($(PKGSRC_VERSION),2015Q4) # SmartOS 15.4.0 +NCURSES_DEP = ncurses-6* +OPENSSL_DEP = openssl-1.0.2* +GCC_DEP = gcc49-libs>=4.9.3 +SMF_MANIFEST = manifest154.xml +endif # Where we install things (based on vars.config) diff --git a/priv/templates/smartos/manifest154.xml b/priv/templates/smartos/manifest154.xml new file mode 100644 index 0000000..f41e5d7 --- /dev/null +++ b/priv/templates/smartos/manifest154.xml @@ -0,0 +1,37 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + From 79017cd586063a584dc3c1820b8b9a77e39dbbca Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Thu, 10 Mar 2016 08:11:56 -0500 Subject: [PATCH 11/16] Add manifest154.xml to template for SmartOS --- priv/templates/smartos/smartos.template | 1 + 1 file changed, 1 insertion(+) diff --git a/priv/templates/smartos/smartos.template b/priv/templates/smartos/smartos.template index 0365f30..e25729a 100644 --- a/priv/templates/smartos/smartos.template +++ b/priv/templates/smartos/smartos.template @@ -30,5 +30,6 @@ {template, "manifest16.xml", "manifest16.xml"}. {template, "manifest18.xml", "manifest18.xml"}. {template, "manifest131.xml", "manifest131.xml"}. +{template, "manifest154.xml", "manifest154.xml"}. {template, "epmd", "epmd"}. {template, "runner.patch", "runner.patch"}. From dc8a0ea7a60538ff524b6971818250f74727a519 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Thu, 10 Mar 2016 09:02:47 -0500 Subject: [PATCH 12/16] Make etc files root:riak (and only writable by root) --- priv/templates/smartos/+INSTALL | 2 +- priv/templates/smartos/Makefile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/priv/templates/smartos/+INSTALL b/priv/templates/smartos/+INSTALL index aea2de2..8f3a68e 100755 --- a/priv/templates/smartos/+INSTALL +++ b/priv/templates/smartos/+INSTALL @@ -68,7 +68,7 @@ if [ "$2" = "POST-INSTALL" ]; then # This shouldn't have to happen in the post-install, but # there is some non-deterministic stuff happening during # install on SmartOS that causes wrong ownership. - chown -R root:root {{platform_etc_dir}} + chown -R root:{{package_install_group}} {{platform_etc_dir}} for i in $CONFIG_FILES; do if [ -f {{platform_etc_dir}}/$i ]; then diff --git a/priv/templates/smartos/Makefile b/priv/templates/smartos/Makefile index b014a15..cfc13ce 100644 --- a/priv/templates/smartos/Makefile +++ b/priv/templates/smartos/Makefile @@ -133,7 +133,7 @@ packing_list_files: $(BUILD_STAGE_DIR) templates echo "@comment Packing /opt/local/etc files" >> +CONTENTS && \ echo "@cwd /opt/local" >> +CONTENTS && \ echo "@owner root" >> +CONTENTS && \ - echo "@group root" >> +CONTENTS && \ + echo "@group riak" >> +CONTENTS && \ find etc -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \ From f8e5ea10858f909c6a9968f1ed0db3ff67f91ccf Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Sat, 12 Mar 2016 11:00:39 -0500 Subject: [PATCH 13/16] Attempt to more carefully assign ownership to files in Solaris --- priv/templates/solaris/Makefile | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/priv/templates/solaris/Makefile b/priv/templates/solaris/Makefile index 79d4cff..ee7321a 100644 --- a/priv/templates/solaris/Makefile +++ b/priv/templates/solaris/Makefile @@ -50,7 +50,9 @@ prototype: echo "i r.preserve" >> prototype echo '' >> prototype pkgproto rel/{{package_install_name}}={{package_install_name}} >> prototype - sed -e "s/ $(LOGNAME) .*$$/ {{package_install_user}} {{package_install_group}}/" \ + sed -e "s/ $(LOGNAME) .*$$/ root bin/" \ + -e "s/d none {{package_install_name}}\/data \(.*\) $(LOGNAME) \(.*\)/d none {{package_install_name}}\/data \1 {{package_install_user}} {{package_install_group}}/" \ + -e "s/d none {{package_install_name}}\/log \(.*\) $(LOGNAME) \(.*\)/d none {{package_install_name}}\/log \1 {{package_install_user}} {{package_install_group}}/" \ -e 's/f none {{package_install_name}}\/etc/e preserve {{package_install_name}}\/etc/' prototype > prototype.tmp && mv prototype.tmp prototype $(PKGERDIR)/pkgclean: From e47088da8f61ccc851f5d685301b0615acab4464 Mon Sep 17 00:00:00 2001 From: Doug Rohrer Date: Sat, 12 Mar 2016 13:17:28 -0500 Subject: [PATCH 14/16] clean up regular expressions and make them actually work (solaris) --- priv/templates/solaris/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/priv/templates/solaris/Makefile b/priv/templates/solaris/Makefile index ee7321a..70ca865 100644 --- a/priv/templates/solaris/Makefile +++ b/priv/templates/solaris/Makefile @@ -51,8 +51,8 @@ prototype: echo '' >> prototype pkgproto rel/{{package_install_name}}={{package_install_name}} >> prototype sed -e "s/ $(LOGNAME) .*$$/ root bin/" \ - -e "s/d none {{package_install_name}}\/data \(.*\) $(LOGNAME) \(.*\)/d none {{package_install_name}}\/data \1 {{package_install_user}} {{package_install_group}}/" \ - -e "s/d none {{package_install_name}}\/log \(.*\) $(LOGNAME) \(.*\)/d none {{package_install_name}}\/log \1 {{package_install_user}} {{package_install_group}}/" \ + -e "s/\([f|d]\) none {{package_install_name}}\/log\(.*\) \(.*\) root bin/\1 none {{package_install_name}}\/log\2 \3 {{package_install_user}} {{package_install_group}}/" \ + -e "s/\([f|d]\) none {{package_install_name}}\/data\(.*\) \(.*\) root bin/\1 none {{package_install_name}}\/data\2 \3 {{package_install_user}} {{package_install_group}}/" \ -e 's/f none {{package_install_name}}\/etc/e preserve {{package_install_name}}\/etc/' prototype > prototype.tmp && mv prototype.tmp prototype $(PKGERDIR)/pkgclean: From 385bbe6a888fb8ad3d9b049d4b542e1d40f5f0cd Mon Sep 17 00:00:00 2001 From: Nick Marino Date: Thu, 17 Mar 2016 10:19:50 -0400 Subject: [PATCH 15/16] Ensure proper perms on all SMF files for SmartOS I'm not entirely clear on why this is necessary, because it seems like the @owner/@group directives that the Makefile generates should take care of it for us. But this should hopefully fix the issue that Doug and I saw where the SMF files were getting installed as the user that built the package instead of root. --- priv/templates/smartos/+INSTALL | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/priv/templates/smartos/+INSTALL b/priv/templates/smartos/+INSTALL index 8f3a68e..59227f2 100755 --- a/priv/templates/smartos/+INSTALL +++ b/priv/templates/smartos/+INSTALL @@ -86,8 +86,12 @@ if [ "$2" = "POST-INSTALL" ]; then -c "{{package_install_name}} default project" {{package_install_name}} fi + # Ensure proper permissions of SMF files + chown -R root:root /opt/local/share/smf/{{package_install_name}} + chown -R root:root /opt/local/share/smf/{{package_install_name}}-epmd + chmod 755 /opt/local/share/smf/{{package_install_name}}-epmd/{{package_install_name}}-epmd + # Import SMF definitions svccfg import /opt/local/share/smf/{{package_install_name}}-epmd/manifest.xml - chmod 755 /opt/local/share/smf/{{package_install_name}}-epmd/{{package_install_name}}-epmd svccfg import /opt/local/share/smf/{{package_install_name}}/manifest.xml fi From b92e7ba4fe3a25b70e4abc0b5300907795385db4 Mon Sep 17 00:00:00 2001 From: Nick Marino Date: Fri, 18 Mar 2016 10:01:04 -0400 Subject: [PATCH 16/16] Revert hard-coded riak user in smartos makefile --- priv/templates/smartos/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/priv/templates/smartos/Makefile b/priv/templates/smartos/Makefile index cfc13ce..6224c8e 100644 --- a/priv/templates/smartos/Makefile +++ b/priv/templates/smartos/Makefile @@ -133,7 +133,7 @@ packing_list_files: $(BUILD_STAGE_DIR) templates echo "@comment Packing /opt/local/etc files" >> +CONTENTS && \ echo "@cwd /opt/local" >> +CONTENTS && \ echo "@owner root" >> +CONTENTS && \ - echo "@group riak" >> +CONTENTS && \ + echo "@group {{package_install_user}}" >> +CONTENTS && \ find etc -type f >> +CONTENTS cd $(BUILD_STAGE_DIR) && \