The homedir of the user running salt must be outside of the /srv/salt

hierarchy because content of that path is available to all minions; so move it to /var/salt . Rename _salt-master to _salt for consistency. discussed with "viq" While here, drop rc_pre() from the minion and syndir rc.d(8) scripts, they are not needed.
2014-06-17 12:30:39 +00:00 · 2014-06-17 12:30:39 +00:00 · 6551f3fb89
commit 6551f3fb89
parent c8fba05282
6 changed files with 20 additions and 18 deletions
--- a/sysutils/salt/Makefile
+++ b/sysutils/salt/Makefile
@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.13 2014/06/16 07:30:38 ajacoutot Exp $
+# $OpenBSD: Makefile,v 1.14 2014/06/17 12:30:39 ajacoutot Exp $

 # optional dependencies
 # https://github.com/saltstack/salt/blob/develop/doc/conf.py#L37
@ -17,6 +17,7 @@ COMMENT =		remote execution and configuration management system

 MODPY_EGG_VERSION =	2014.1.5
 DISTNAME =		salt-${MODPY_EGG_VERSION}
+REVISION =		0

 CATEGORIES =		sysutils net devel

--- a/sysutils/salt/patches/patch-conf_master
+++ b/sysutils/salt/patches/patch-conf_master
@ -1,4 +1,4 @@
-$OpenBSD: patch-conf_master,v 1.3 2014/05/27 14:12:43 ajacoutot Exp $
+$OpenBSD: patch-conf_master,v 1.4 2014/06/17 12:30:39 ajacoutot Exp $
 --- conf/master.orig	Mon May  5 18:47:41 2014
 +++ conf/master	Tue May 27 15:52:13 2014
@@ -24,7 +24,7 @@
@ -6,7 +6,7 @@ $OpenBSD: patch-conf_master,v 1.3 2014/05/27 14:12:43 ajacoutot Exp $
 # the job cache, which must be deleted if this user is changed.  If the
 # modified files cause conflicts set verify_env to False.
 -#user: root
-+user: _salt-master
+user: _salt
 
 # Max open files
 # Each minion connecting to the master uses AT LEAST one file descriptor, the
--- a/sysutils/salt/pkg/PLIST
+++ b/sysutils/salt/pkg/PLIST
@ -1,10 +1,12 @@
-@comment $OpenBSD: PLIST,v 1.10 2014/06/15 10:08:14 ajacoutot Exp $
+@comment $OpenBSD: PLIST,v 1.11 2014/06/17 12:30:39 ajacoutot Exp $
+@ask-update salt-<2014.1.5p0 Make sure the _salt-master user does not exist
@comment needs a homedir to store ssh keys for GitFS
@newgroup _salt:722
-@newuser _salt-master:722:722:daemon:Salt master Daemon:/srv/salt:/sbin/nologin
+@newuser _salt:722:722:daemon:SaltStack Daemon:/var/salt:/sbin/nologin
@extraunexec rm -rf ${SYSCONFDIR}/salt/{master.d,minion.d,minion_id,pki}
@extraunexec rm -rf /var/cache/salt
@extraunexec rm -rf /var/log/salt
+@extraunexec rm -rf /var/salt/.*
 bin/salt
 bin/salt-call
 bin/salt-cloud
@ -1132,6 +1134,13 @@ share/examples/salt/minion
@sample ${SYSCONFDIR}/salt/minion
 share/examples/salt/roster
@sample ${SYSCONFDIR}/salt/roster
+@mode 0750
+@owner _salt
+@group _salt
+@sample /var/salt/
+@mode
+@owner
+@group
@rcscript ${RCDIR}/salt_master
@rcscript ${RCDIR}/salt_minion
@rcscript ${RCDIR}/salt_syndic
--- a/sysutils/salt/pkg/salt_master.rc
+++ b/sysutils/salt/pkg/salt_master.rc
@ -1,13 +1,13 @@
 #!/bin/sh
 #
-# $OpenBSD: salt_master.rc,v 1.2 2014/05/27 14:12:43 ajacoutot Exp $
+# $OpenBSD: salt_master.rc,v 1.3 2014/06/17 12:30:39 ajacoutot Exp $

 daemon="${TRUEPREFIX}/bin/salt-master -d"

 . /etc/rc.d/rc.subr

 rc_pre() {
-	install -o _salt-master -d /var/run/salt/
+	install -o _salt -g _salt -d /var/run/salt/
 }

 pexp="${MODPY_BIN} ${daemon}${daemon_flags:+ ${daemon_flags}}"
--- a/sysutils/salt/pkg/salt_minion.rc
+++ b/sysutils/salt/pkg/salt_minion.rc
@ -1,15 +1,11 @@
 #!/bin/sh
 #
-# $OpenBSD: salt_minion.rc,v 1.2 2014/05/27 14:12:43 ajacoutot Exp $
+# $OpenBSD: salt_minion.rc,v 1.3 2014/06/17 12:30:39 ajacoutot Exp $

 daemon="${TRUEPREFIX}/bin/salt-minion -d"

 . /etc/rc.d/rc.subr

-rc_pre() {
-	install -o _salt-master -d /var/run/salt/
-}
-
 pexp="${MODPY_BIN} ${daemon}${daemon_flags:+ ${daemon_flags}}"
 rc_reload=NO

--- a/sysutils/salt/pkg/salt_syndic.rc
+++ b/sysutils/salt/pkg/salt_syndic.rc
@ -1,16 +1,12 @@
 #!/bin/sh
 #
-# $OpenBSD: salt_syndic.rc,v 1.1 2014/05/27 14:12:43 ajacoutot Exp $
+# $OpenBSD: salt_syndic.rc,v 1.2 2014/06/17 12:30:39 ajacoutot Exp $

 daemon="${TRUEPREFIX}/bin/salt-syndic -d"
-daemon_flags="-u _salt-master"
+daemon_flags="-u _salt"

 . /etc/rc.d/rc.subr

-rc_pre() {
-	install -o _salt-master -d /var/run/salt/
-}
-
 pexp="${MODPY_BIN} ${daemon}${daemon_flags:+ ${daemon_flags}}"
 rc_reload=NO