summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Schild <henning@hennsch.de>2019-03-08 10:11:32 +0100
committerThomas Deutschmann <whissi@gentoo.org>2019-03-09 22:22:58 +0100
commitc160095c4aa3aa9b3f7bd355ec8140ec14a956a6 (patch)
tree11ed664968bfec6d0d9ea3c27bb23a1118c76ffc /www-apps
parentdev-python/sphinx-bootstrap-theme-0.6.5: added ~arm, bug 664178 (diff)
downloadgentoo-c160095c4aa3aa9b3f7bd355ec8140ec14a956a6.tar.gz
gentoo-c160095c4aa3aa9b3f7bd355ec8140ec14a956a6.tar.bz2
gentoo-c160095c4aa3aa9b3f7bd355ec8140ec14a956a6.zip
www-apps/radicale: fix file permissions for state directory
The "diropts" was not effective and the folder might have been created with incorrect owner and permissions. As a result anyone might be able to browse the state directory and read contacts/calendars. Move to using fowners/fperms. Introduce a warning to tell users how to fix it. Users that changed permissions on purpose can ignore the warning. Signed-off-by: Henning Schild <henning@hennsch.de> Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>
Diffstat (limited to 'www-apps')
-rw-r--r--www-apps/radicale/radicale-2.1.11-r1.ebuild94
1 files changed, 94 insertions, 0 deletions
diff --git a/www-apps/radicale/radicale-2.1.11-r1.ebuild b/www-apps/radicale/radicale-2.1.11-r1.ebuild
new file mode 100644
index 000000000000..e95f957a111e
--- /dev/null
+++ b/www-apps/radicale/radicale-2.1.11-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6} )
+
+inherit distutils-r1 eutils user
+
+MY_PN="Radicale"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="A simple CalDAV calendar server"
+HOMEPAGE="https://radicale.org/"
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+bcrypt"
+
+RDEPEND="sys-apps/util-linux
+ >=dev-python/vobject-0.9.6[${PYTHON_USEDEP}]
+ >=dev-python/python-dateutil-2.7.3[${PYTHON_USEDEP}]
+ bcrypt? ( dev-python/passlib[bcrypt,${PYTHON_USEDEP}] )"
+
+S=${WORKDIR}/${MY_P}
+
+RDIR=/var/lib/${PN}
+
+pkg_pretend() {
+ if [[ -f ${RDIR}/.props && ${MERGE_TYPE} != buildonly ]]; then
+ eerror "It looks like you have a version 1 database in ${RDIR}."
+ eerror "You must convert this database to version 2 format before upgrading."
+ eerror "You may want to back up the old database before migrating."
+ eerror
+ eerror "If you have kept the Gentoo-default database configuration, this will work:"
+ eerror "1. Stop any running instance of Radicale."
+ eerror "2. Run \`radicale --export-storage ~/radicale-exported\`."
+ eerror "3. Run \`chown -R radicale: ~/radicale-exported\`"
+ eerror "4. Run \`mv \"${RDIR}\" \"${RDIR}.old\"\`."
+ eerror "5. Install Radicale version 2."
+ eerror "6. Run \`mv ~/radicale-exported \"${RDIR}/collections\"\`."
+ eerror
+ eerror "For more details, or if you are have a more complex configuration,"
+ eerror "please see the migration guide: https://radicale.org/1to2/"
+ eerror "If you do a custom migration, please ensure the database is cleaned out of"
+ eerror "${RDIR}, including the hidden .props file."
+ die
+ fi
+}
+
+pkg_setup() {
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 ${RDIR} ${PN}
+}
+
+python_install_all() {
+ rm README* || die
+
+ # init file
+ newinitd "${FILESDIR}"/radicale-r1.init.d radicale
+
+ # directories
+ keepdir ${RDIR}
+ fowners ${PN}:${PN} ${RDIR}
+ fperms 0750 ${RDIR}
+
+ # config file
+ insinto /etc/${PN}
+ doins config logging
+
+ # fcgi and wsgi files
+ exeinto /usr/share/${PN}
+ doexe radicale.fcgi radicale.wsgi
+
+ distutils-r1_python_install_all
+}
+
+pkg_postinst() {
+ local _erdir="${EROOT%/}${RDIR}"
+
+ einfo "A sample WSGI script has been put into ${EROOT%/}/usr/share/${PN}."
+ einfo "You will also find there an example FastCGI script."
+ if [[ $(stat --format="%U:%G:%a" "${_erdir}") != "${PN}:${PN}:750" ]]
+ then
+ ewarn "Unsafe file permissions detected on ${_erdir}. This probably comes"
+ ewarn "from an earlier version of this ebuild."
+ ewarn "To fix run:"
+ ewarn " \`chown -R ${PN}:${PN} ${_erdir}\`"
+ ewarn " \`chmod 0750 ${_erdir}\`"
+ ewarn " \`chmod -R o= ${_erdir}\`"
+ fi
+}