lldpd: bump to v0.6.1, enable privilege separation and chrooting
authorJo-Philipp Wich <jow@openwrt.org>
Fri, 12 Oct 2012 11:58:19 +0000 (11:58 +0000)
committerJo-Philipp Wich <jow@openwrt.org>
Fri, 12 Oct 2012 11:58:19 +0000 (11:58 +0000)
SVN-Revision: 33729

package/network/services/lldpd/Makefile
package/network/services/lldpd/files/lldpd.init
package/network/services/lldpd/patches/001-no-multiuser.patch [deleted file]
package/network/services/lldpd/patches/002-no-stack-protector.patch

index 0e62e35338e587cf5d78ce98c2cf1baff90b8fb7..2a9954cff16ad08702440eac63489c24eb137870 100644 (file)
@@ -8,12 +8,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=lldpd
-PKG_VERSION:=0.6.0
+PKG_VERSION:=0.6.1
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://media.luffy.cx/files/lldpd
-PKG_MD5SUM:=77279577e3b6d85a33dc0afe7c960b27
+PKG_MD5SUM:=d2f9ae67e0bcce0206a3a501a81d0738
 
 PKG_MAINTAINER:=Jo-Philipp Wich <jow@openwrt.org>
 
@@ -43,8 +43,9 @@ endef
 define Package/lldpd/install
        $(INSTALL_DIR) $(1)/etc/init.d
        $(INSTALL_DIR) $(1)/etc/config
-       $(INSTALL_DIR) $(1)/usr/sbin
-       $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+       $(INSTALL_DIR) $(1)/usr/lib $(1)/usr/sbin
+       $(CP) $(PKG_INSTALL_DIR)/usr/sbin/lldp{ctl,d} $(1)/usr/sbin/
+       $(CP) $(PKG_INSTALL_DIR)/usr/lib/liblldpctl.so* $(1)/usr/lib/
        $(INSTALL_BIN) ./files/lldpd.init $(1)/etc/init.d/lldpd
        $(INSTALL_DATA) ./files/lldpd.config $(1)/etc/config/lldpd
 endef
@@ -53,4 +54,9 @@ define Package/lldpd/conffiles
 /etc/config/lldpd
 endef
 
+CONFIGURE_ARGS += \
+       --with-privsep-user=lldp \
+       --with-privsep-group=lldp \
+       --with-privsep-chroot=/var/run/lldp
+
 $(eval $(call BuildPackage,lldpd))
index 5d34283883c3517fdd2185d0602e42269b563763..0ef64e08e6c73347397bf7f9320b70c9d1335e61 100644 (file)
@@ -26,6 +26,12 @@ start() {
        [ $enable_sonmp -gt 0 ] && append args '-s'
        [ $enable_edp -gt 0 ] && append args '-e'
 
+        user_exists  lldp 121 || user_add  lldp 121 129
+        group_exists lldp 129 || group_add lldp 129
+
+       mkdir -p /var/run/lldp
+       chown lldp:lldp /var/run/lldp
+
        service_start /usr/sbin/lldpd $args \
                ${lldp_class:+ -M $lldp_class}
 
@@ -37,4 +43,5 @@ start() {
 
 stop() {
        service_stop /usr/sbin/lldpd
+       rm -f /var/run/lldpd.socket /var/run/lldpd.pid
 }
diff --git a/package/network/services/lldpd/patches/001-no-multiuser.patch b/package/network/services/lldpd/patches/001-no-multiuser.patch
deleted file mode 100644 (file)
index 5f216c4..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
---- a/src/priv.c
-+++ b/src/priv.c
-@@ -518,12 +518,14 @@ priv_init(char *chrootdir)
-               fatal("[priv]: unable to create socket pair for privilege separation");
-       /* Get users */
-+      /*
-       if ((user = getpwnam(PRIVSEP_USER)) == NULL)
-               fatal("[priv]: no " PRIVSEP_USER " user for privilege separation");
-       uid = user->pw_uid;
-       if ((group = getgrnam(PRIVSEP_GROUP)) == NULL)
-               fatal("[priv]: no " PRIVSEP_GROUP " group for privilege separation");
-       gid = group->gr_gid;
-+      */
-       /* Spawn off monitor */
-       if ((monitored = fork()) < 0)
-@@ -534,17 +536,17 @@ priv_init(char *chrootdir)
-               if (RUNNING_ON_VALGRIND)
-                       LLOG_WARNX("[priv]: running on valgrind, keep privileges");
-               else {
--                      if (chroot(chrootdir) == -1)
--                              fatal("[priv]: unable to chroot");
--                      if (chdir("/") != 0)
-+                      /*if (chroot(chrootdir) == -1)
-+                              fatal("[priv]: unable to chroot");*/
-+                      if (chdir("/tmp") != 0)
-                               fatal("[priv]: unable to chdir");
-                       gidset[0] = gid;
--                      if (setresgid(gid, gid, gid) == -1)
-+                      /*if (setresgid(gid, gid, gid) == -1)
-                               fatal("[priv]: setresgid() failed");
-                       if (setgroups(1, gidset) == -1)
-                               fatal("[priv]: setgroups() failed");
-                       if (setresuid(uid, uid, uid) == -1)
--                              fatal("[priv]: setresuid() failed");
-+                              fatal("[priv]: setresuid() failed");*/
-               }
-               remote = pair[0];
-               close(pair[1]);
index 0a0c6fbb690247234d6f618cdf54146b8e75e3ad..dc861bac648a612f1e1ce39927822d3622e7d6d6 100644 (file)
@@ -1,6 +1,6 @@
 --- a/configure.ac
 +++ b/configure.ac
-@@ -48,7 +48,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
+@@ -62,7 +62,6 @@ AX_CFLAGS_GCC_OPTION([-Wformat])
  AX_CFLAGS_GCC_OPTION([-Wformat-security])
  AX_CFLAGS_GCC_OPTION([-Wcast-align])
  AX_CFLAGS_GCC_OPTION([-Winline])