From 5ec4f783e19a167a9fb40e71b132fc510b040958 Mon Sep 17 00:00:00 2001
From: Georgy Yakovlev <gyakovlev@gentoo.org>
Date: Sat, 15 Jan 2022 04:42:05 -0800
Subject: net-nds/gssproxy: create clients dir too, secure permissions

Signed-off-by: Georgy Yakovlev <gyakovlev@gentoo.org>
---
 net-nds/gssproxy/files/gssproxy           |  3 +-
 net-nds/gssproxy/gssproxy-0.8.4-r1.ebuild | 89 ------------------------------
 net-nds/gssproxy/gssproxy-0.8.4-r2.ebuild | 92 +++++++++++++++++++++++++++++++
 3 files changed, 94 insertions(+), 90 deletions(-)
 delete mode 100644 net-nds/gssproxy/gssproxy-0.8.4-r1.ebuild
 create mode 100644 net-nds/gssproxy/gssproxy-0.8.4-r2.ebuild

(limited to 'net-nds')

diff --git a/net-nds/gssproxy/files/gssproxy b/net-nds/gssproxy/files/gssproxy
index 34e4983b384f..83c594402258 100644
--- a/net-nds/gssproxy/files/gssproxy
+++ b/net-nds/gssproxy/files/gssproxy
@@ -12,5 +12,6 @@ depend() {
 
 start_pre() {
 	checkpath -d -m 0755 /var/lib/gssproxy
-	checkpath -d -m 0755 /var/lib/gssproxy/rcache
+	checkpath -d -m 0700 /var/lib/gssproxy/clients
+	checkpath -d -m 0700 /var/lib/gssproxy/rcache
 }
diff --git a/net-nds/gssproxy/gssproxy-0.8.4-r1.ebuild b/net-nds/gssproxy/gssproxy-0.8.4-r1.ebuild
deleted file mode 100644
index df211a14dbf6..000000000000
--- a/net-nds/gssproxy/gssproxy-0.8.4-r1.ebuild
+++ /dev/null
@@ -1,89 +0,0 @@
-# Copyright 1999-2022 Gentoo Authors
-# Distributed under the terms of the GNU General Public License v2
-
-EAPI=7
-
-DESCRIPTION="daemon to proxy GSSAPI context establishment and channel handling"
-HOMEPAGE="https://github.com/gssapi/gssproxy"
-SRC_URI="https://github.com/gssapi/${PN}/releases/download/v${PV}/${P}.tar.gz"
-
-LICENSE="BSD-1"
-SLOT="0"
-KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86"
-IUSE="debug selinux systemd hardened"
-
-COMMON_DEPEND=">=dev-libs/libverto-0.2.2
-	>=dev-libs/ding-libs-0.6.1
-	virtual/krb5
-	selinux? ( sys-libs/libselinux )"
-RDEPEND="${COMMON_DEPEND}
-	selinux? ( sec-policy/selinux-gssproxy )"
-# We need xml stuff to build the man pages, and people really want/need
-# the man pages for this package :). #585200
-BDEPEND="
-	app-text/docbook-xml-dtd:4.4
-	dev-libs/libxslt
-	virtual/pkgconfig
-"
-
-# Many requirements to run tests, including running slapd as root, hence
-# unfeasible.
-RESTRICT="test"
-
-# pkg_setup() {
-# 	# Here instead of flag-logic in DEPEND, since virtual/krb5 does not
-# 	# allow to specify the openldap use flag, which heimdal doesn't
-# 	# support.
-# 	# Using mit-krb5 explicitly because heimdal doesn't install kerberos
-# 	# schemata required for the tests of gss-proxy.
-# 	if use test && ! has_version "app-crypt/mit-krb5[openldap]"; then
-# 		eerror "Tests of this package require the kerberos schemata installed from app-crypt/mit-krb5[openldap]."
-# 		die "Tests enabled but no app-crypt/mit-krb5[openldap] being installed."
-# 	fi
-# }
-
-# Was required in 0.7.0 to fix the schema- and slapd-path. Reason for
-# comment: see RESTRICT comment
-# src_prepare() {
-# 	default
-# 	# The tests look for kerberos schemata in the documentation
-# 	# directory of krb5, however these are installed in /etc/openldap
-# 	# and only if the openldap useflag is supplied
-# 	sed -i \
-# 		-e 's#/usr/share/doc/krb5-server-ldap*#/etc/openldap/schema#' \
-# 		-e "s#\(subprocess.Popen..\"\)slapd#\1/usr/$(get_libdir)/openldap/slapd#" \
-# 		"${S}/tests/testlib.py" || die
-# }
-
-src_configure() {
-	local myeconfargs=(
-		# The build assumes localstatedir is /var and takes care of
-		# using all the right subdirs itself.
-		"--localstatedir=${EPREFIX}/var"
-		"--with-os=gentoo"
-		"--with-initscript=$(usex systemd systemd none)"
-		"$(use_with selinux)"
-		"$(use_with debug gssidebug)"
-		"$(use_with hardened hardening)"
-	)
-
-	econf "${myeconfargs[@]}"
-}
-
-src_install() {
-	default
-	# This is a plugin module, so no need for la file.
-	find "${ED}"/usr -name proxymech.la -delete || die
-
-	doinitd "${FILESDIR}"/gssproxy
-	insinto /etc/gssproxy
-	doins examples/*.conf
-	insinto /etc/gss/mech.d
-	newins examples/mech gssproxy.conf
-
-	keepdir /var/lib/gssproxy
-	keepdir /var/lib/gssproxy/rcache
-
-	# The build installs a bunch of empty dirs, so prune them.
-	find "${ED}" -depth -type d -empty -delete || die
-}
diff --git a/net-nds/gssproxy/gssproxy-0.8.4-r2.ebuild b/net-nds/gssproxy/gssproxy-0.8.4-r2.ebuild
new file mode 100644
index 000000000000..cdf4adce1dfb
--- /dev/null
+++ b/net-nds/gssproxy/gssproxy-0.8.4-r2.ebuild
@@ -0,0 +1,92 @@
+# Copyright 1999-2022 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+DESCRIPTION="daemon to proxy GSSAPI context establishment and channel handling"
+HOMEPAGE="https://github.com/gssapi/gssproxy"
+SRC_URI="https://github.com/gssapi/${PN}/releases/download/v${PV}/${P}.tar.gz"
+
+LICENSE="BSD-1"
+SLOT="0"
+KEYWORDS="~alpha amd64 ~arm ~arm64 ~hppa ~ia64 ~mips ppc ppc64 ~s390 ~sparc x86"
+IUSE="debug selinux systemd hardened"
+
+COMMON_DEPEND=">=dev-libs/libverto-0.2.2
+	>=dev-libs/ding-libs-0.6.1
+	virtual/krb5
+	selinux? ( sys-libs/libselinux )"
+RDEPEND="${COMMON_DEPEND}
+	selinux? ( sec-policy/selinux-gssproxy )"
+# We need xml stuff to build the man pages, and people really want/need
+# the man pages for this package :). #585200
+BDEPEND="
+	app-text/docbook-xml-dtd:4.4
+	dev-libs/libxslt
+	virtual/pkgconfig
+"
+
+# Many requirements to run tests, including running slapd as root, hence
+# unfeasible.
+RESTRICT="test"
+
+# pkg_setup() {
+# 	# Here instead of flag-logic in DEPEND, since virtual/krb5 does not
+# 	# allow to specify the openldap use flag, which heimdal doesn't
+# 	# support.
+# 	# Using mit-krb5 explicitly because heimdal doesn't install kerberos
+# 	# schemata required for the tests of gss-proxy.
+# 	if use test && ! has_version "app-crypt/mit-krb5[openldap]"; then
+# 		eerror "Tests of this package require the kerberos schemata installed from app-crypt/mit-krb5[openldap]."
+# 		die "Tests enabled but no app-crypt/mit-krb5[openldap] being installed."
+# 	fi
+# }
+
+# Was required in 0.7.0 to fix the schema- and slapd-path. Reason for
+# comment: see RESTRICT comment
+# src_prepare() {
+# 	default
+# 	# The tests look for kerberos schemata in the documentation
+# 	# directory of krb5, however these are installed in /etc/openldap
+# 	# and only if the openldap useflag is supplied
+# 	sed -i \
+# 		-e 's#/usr/share/doc/krb5-server-ldap*#/etc/openldap/schema#' \
+# 		-e "s#\(subprocess.Popen..\"\)slapd#\1/usr/$(get_libdir)/openldap/slapd#" \
+# 		"${S}/tests/testlib.py" || die
+# }
+
+src_configure() {
+	local myeconfargs=(
+		# The build assumes localstatedir is /var and takes care of
+		# using all the right subdirs itself.
+		"--localstatedir=${EPREFIX}/var"
+		"--with-os=gentoo"
+		"--with-initscript=$(usex systemd systemd none)"
+		"$(use_with selinux)"
+		"$(use_with debug gssidebug)"
+		"$(use_with hardened hardening)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_install() {
+	default
+	# This is a plugin module, so no need for la file.
+	find "${ED}"/usr -name proxymech.la -delete || die
+
+	doinitd "${FILESDIR}"/gssproxy
+	insinto /etc/gssproxy
+	doins examples/*.conf
+	insinto /etc/gss/mech.d
+	newins examples/mech gssproxy.conf
+
+	keepdir /var/lib/gssproxy
+	keepdir /var/lib/gssproxy/clients
+	keepdir /var/lib/gssproxy/rcache
+	fperms 0700 /var/lib/gssproxy/clients
+	fperms 0700 /var/lib/gssproxy/rcache
+
+	# The build installs a bunch of empty dirs, so prune them.
+	find "${ED}" -depth -type d -empty -delete || die
+}
-- 
cgit v1.2.3-65-gdbad