commit: c160095c4aa3aa9b3f7bd355ec8140ec14a956a6
Author: Henning Schild <henning <AT> hennsch <DOT> de>
AuthorDate: Fri Mar 8 09:11:32 2019 +0000
Commit: Thomas Deutschmann <whissi <AT> gentoo <DOT> org>
CommitDate: Sat Mar 9 21:22:58 2019 +0000
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c160095c
www-apps/radicale: fix file permissions for state directory
The "diropts" was not effective and the folder might have been created
with incorrect owner and permissions. As a result anyone might be able
to browse the state directory and read contacts/calendars.
Move to using fowners/fperms. Introduce a warning to tell users how to
fix it. Users that changed permissions on purpose can ignore the warning.
Signed-off-by: Henning Schild <henning <AT> hennsch.de>
Signed-off-by: Thomas Deutschmann <whissi <AT> gentoo.org>
www-apps/radicale/radicale-2.1.11-r1.ebuild | 94 +++++++++++++++++++++++++++++
1 file changed, 94 insertions(+)
diff --git a/www-apps/radicale/radicale-2.1.11-r1.ebuild
b/www-apps/radicale/radicale-2.1.11-r1.ebuild
new file mode 100644
index 00000000000..e95f957a111
--- /dev/null
+++ b/www-apps/radicale/radicale-2.1.11-r1.ebuild
@@ -0,0 +1,94 @@
+# Copyright 1999-2018 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+PYTHON_COMPAT=( python{3_4,3_5,3_6} )
+
+inherit distutils-r1 eutils user
+
+MY_PN="Radicale"
+MY_P="${MY_PN}-${PV}"
+
+DESCRIPTION="A simple CalDAV calendar server"
+HOMEPAGE="https://radicale.org/";
+SRC_URI="mirror://pypi/${MY_PN:0:1}/${MY_PN}/${MY_P}.tar.gz"
+
+LICENSE="GPL-3+"
+SLOT="0"
+KEYWORDS="~amd64 ~x86"
+IUSE="+bcrypt"
+
+RDEPEND="sys-apps/util-linux
+ >=dev-python/vobject-0.9.6[${PYTHON_USEDEP}]
+ >=dev-python/python-dateutil-2.7.3[${PYTHON_USEDEP}]
+ bcrypt? ( dev-python/passlib[bcrypt,${PYTHON_USEDEP}] )"
+
+S=${WORKDIR}/${MY_P}
+
+RDIR=/var/lib/${PN}
+
+pkg_pretend() {
+ if [[ -f ${RDIR}/.props && ${MERGE_TYPE} != buildonly ]]; then
+ eerror "It looks like you have a version 1 database in ${RDIR}."
+ eerror "You must convert this database to version 2 format
before upgrading."
+ eerror "You may want to back up the old database before
migrating."
+ eerror
+ eerror "If you have kept the Gentoo-default database
configuration, this will work:"
+ eerror "1. Stop any running instance of Radicale."
+ eerror "2. Run \`radicale --export-storage
~/radicale-exported\`."
+ eerror "3. Run \`chown -R radicale: ~/radicale-exported\`"
+ eerror "4. Run \`mv \"${RDIR}\" \"${RDIR}.old\"\`."
+ eerror "5. Install Radicale version 2."
+ eerror "6. Run \`mv ~/radicale-exported
\"${RDIR}/collections\"\`."
+ eerror
+ eerror "For more details, or if you are have a more complex
configuration,"
+ eerror "please see the migration guide:
https://radicale.org/1to2/";
+ eerror "If you do a custom migration, please ensure the
database is cleaned out of"
+ eerror "${RDIR}, including the hidden .props file."
+ die
+ fi
+}
+
+pkg_setup() {
+ enewgroup ${PN}
+ enewuser ${PN} -1 -1 ${RDIR} ${PN}
+}
+
+python_install_all() {
+ rm README* || die
+
+ # init file
+ newinitd "${FILESDIR}"/radicale-r1.init.d radicale
+
+ # directories
+ keepdir ${RDIR}
+ fowners ${PN}:${PN} ${RDIR}
+ fperms 0750 ${RDIR}
+
+ # config file
+ insinto /etc/${PN}
+ doins config logging
+
+ # fcgi and wsgi files
+ exeinto /usr/share/${PN}
+ doexe radicale.fcgi radicale.wsgi
+
+ distutils-r1_python_install_all
+}
+
+pkg_postinst() {
+ local _erdir="${EROOT%/}${RDIR}"
+
+ einfo "A sample WSGI script has been put into
${EROOT%/}/usr/share/${PN}."
+ einfo "You will also find there an example FastCGI script."
+ if [[ $(stat --format="%U:%G:%a" "${_erdir}") != "${PN}:${PN}:750" ]]
+ then
+ ewarn "Unsafe file permissions detected on ${_erdir}. This
probably comes"
+ ewarn "from an earlier version of this ebuild."
+ ewarn "To fix run:"
+ ewarn " \`chown -R ${PN}:${PN} ${_erdir}\`"
+ ewarn " \`chmod 0750 ${_erdir}\`"
+ ewarn " \`chmod -R o= ${_erdir}\`"
+ fi
+}
