- switch to using the built-in privilege dropping

- provide a better default config - fix some bugs when using the control program
2010-07-26 18:11:42 +00:00 · 2010-07-26 18:11:42 +00:00 · a4ee5e60a6
commit a4ee5e60a6
parent 291e5adb3e
8 changed files with 81 additions and 62 deletions
--- a/net/prosody/Makefile
+++ b/net/prosody/Makefile
@ -1,10 +1,10 @@
-# $OpenBSD: Makefile,v 1.6 2010/07/26 01:25:54 jolan Exp $
+# $OpenBSD: Makefile,v 1.7 2010/07/26 18:11:42 jolan Exp $

 SHARED_ONLY=	Yes

 COMMENT=	communications server for Jabber/XMPP written in Lua
 DISTNAME=	prosody-0.7.0
-REVISION=	0
+REVISION=	1
 CATEGORIES=	net
 MASTER_SITES=	http://prosody.im/downloads/source/

@ -25,7 +25,6 @@ LIB_DEPENDS=	idn::devel/libidn \
 RUN_DEPENDS+=	::archivers/luazlib \
 		::devel/luaevent \
 		::devel/luafs \
-		::devel/luaposix \
 		::security/luasec \
 		::textproc/luaexpat
 WANTLIB+=	crypto
@ -47,5 +46,6 @@ post-install:
 		${WRKBUILD}/README.OpenBSD
 	${INSTALL_DATA} ${WRKBUILD}/README.OpenBSD ${WRKSRC}/README \
 		${PREFIX}/share/doc/prosody
+	touch ${PREFIX}/share/examples/prosody/prosody.log

 .include <bsd.port.mk>
--- a/net/prosody/files/README.OpenBSD
+++ b/net/prosody/files/README.OpenBSD
@ -10,11 +10,12 @@ Using Prosody in an OpenBSD environment

   to your liking.

-2) Prosody has been modified to use privilege dropping.  As such, you
-   will need to initially start prosody as root:
+2) Prosody uses privilege dropping.  As such, you will need to initially
+   start prosody as root via prosodyctl:

-   # /usr/local/sbin/prosody
+   # /usr/local/sbin/prosodyctl start

-   And likewise for using the prosodyctl command:
+   You should now be able to start adding users:
+
+   # /usr/local/sbin/prosodyctl adduser username@domain.tld

-   # /usr/local/sbin/prosodyctl adduser me@my.domain
--- a/net/prosody/patches/patch-prosody
+++ b/net/prosody/patches/patch-prosody
@ -1,23 +0,0 @@
-$OpenBSD: patch-prosody,v 1.1.1.1 2009/09/06 18:40:57 jolan Exp $
--- prosody.orig	Wed Jul 29 12:54:55 2009
-+++ prosody	Sun Sep  6 11:28:57 2009
-@@ -7,6 +7,19 @@
- -- COPYING file in the source package for more information.
- --
- 
-+require("posix")
-+
-+user = posix.getpasswd()
-+if user.uid ~= 0 then
-+	io.stderr:write("prosody must be started as root to drop privileges\n")
-+	os.exit(1)
-+end
-+
-+posix.setpid("U", "638")
-+posix.setpid("u", "638")
-+posix.setpid("G", "638")
-+posix.setpid("g", "638")
-+
- -- Will be modified by configure script if run --
- 
- CFG_SOURCEDIR=os.getenv("PROSODY_SRCDIR");
--- a/net/prosody/patches/patch-prosody_cfg_lua_dist
+++ b/net/prosody/patches/patch-prosody_cfg_lua_dist
@ -1,12 +1,40 @@
-$OpenBSD: patch-prosody_cfg_lua_dist,v 1.1 2010/07/25 23:42:25 jolan Exp $
+$OpenBSD: patch-prosody_cfg_lua_dist,v 1.2 2010/07/26 18:11:42 jolan Exp $
 --- prosody.cfg.lua.dist.orig	Sat Jun 12 19:23:02 2010
-+++ prosody.cfg.lua.dist	Sun Jul 25 18:17:33 2010
-@@ -24,7 +24,7 @@ admins = { }
+++ prosody.cfg.lua.dist	Mon Jul 26 12:56:05 2010
+@@ -22,8 +22,18 @@
+ -- Example: admins = { "user1@example.com", "user2@example.net" }
+ admins = { }
 
+-- Drop privileges
+prosody_user = "_prosody"
+prosody_group = "_prosody"
+
+-- Enable POSIX-only options
+daemonize = true
+pidfile = "/var/prosody/prosody.pid"
+
 -- Enable use of libevent for better performance under high load
 -- For more information see: http://prosody.im/doc/libevent
---use_libevent = true;
-+use_libevent = true;
+
+--XXX libevent + daemonize don't work together for some reason
+ --use_libevent = true;
 
 -- This is the list of modules Prosody will load on startup.
- -- It looks for mod_modulename.lua in the plugins folder, so make sure that exists too.
+@@ -54,7 +64,7 @@ modules_enabled = {
+ 		"register"; -- Allow users to register on this server using a client and change passwords
+ 
+ 	-- Other specific functionality
+-		--"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
+ 		--"console"; -- Opens admin telnet interface on localhost port 5582
+ 		--"bosh"; -- Enable BOSH clients, aka "Jabber over HTTP"
+ 		--"httpserver"; -- Serve static files from a directory over HTTP
+@@ -90,7 +100,7 @@ ssl = {
+ 
+ -- Logging configuration
+ -- For advanced logging see http://prosody.im/doc/logging
+-log = "prosody.log";
+log = "/var/prosody/prosody.log"
+ debug = false; -- Log debug messages?
+ 
+ ----------- Virtual hosts -----------
--- a/net/prosody/patches/patch-prosodyctl
+++ b/net/prosody/patches/patch-prosodyctl
@ -1,23 +0,0 @@
-$OpenBSD: patch-prosodyctl,v 1.1.1.1 2009/09/06 18:40:57 jolan Exp $
--- prosodyctl.orig	Wed Jul 29 12:54:55 2009
-+++ prosodyctl	Sun Sep  6 11:30:04 2009
-@@ -9,6 +9,19 @@
- 
- -- prosodyctl - command-line controller for Prosody XMPP server
- 
-+require("posix")
-+
-+user = posix.getpasswd()
-+if user.uid ~= 0 then
-+	io.stderr:write("prosodyctl must be started as root to drop privileges\n")
-+	os.exit(1)
-+end
-+
-+posix.setpid("U", "638")
-+posix.setpid("u", "638")
-+posix.setpid("G", "638")
-+posix.setpid("g", "638")
-+
- -- Will be modified by configure script if run --
- 
- CFG_SOURCEDIR=nil;
--- a/net/prosody/patches/patch-util-src_signal_c
+++ b/net/prosody/patches/patch-util-src_signal_c
@ -0,0 +1,21 @@
+$OpenBSD: patch-util-src_signal_c,v 1.1 2010/07/26 18:11:42 jolan Exp $
+--- util-src/signal.c.orig	Sat Jun 12 19:23:02 2010
+++ util-src/signal.c	Mon Jul 26 12:23:25 2010
+@@ -326,7 +326,7 @@ static int l_raise(lua_State *L)
+   return 1;
+ }
+ 
+-#if defined _POSIX_SOURCE || (defined(sun) || defined(__sun))
+#if defined _POSIX_SOURCE || (defined(sun) || defined(__sun)) || defined(__OpenBSD__)
+ 
+ /* define some posix only functions */
+ 
+@@ -373,7 +373,7 @@ static int l_kill(lua_State *L)
+ static const struct luaL_Reg lsignal_lib[] = {
+   {"signal", l_signal},
+   {"raise", l_raise},
+-#if defined _POSIX_SOURCE || (defined(sun) || defined(__sun))
+#if defined _POSIX_SOURCE || (defined(sun) || defined(__sun)) || defined(__OpenBSD__)
+   {"kill", l_kill},
+ #endif
+   {NULL, NULL}
--- a/net/prosody/patches/patch-util_prosodyctl_lua
+++ b/net/prosody/patches/patch-util_prosodyctl_lua
@ -0,0 +1,12 @@
+$OpenBSD: patch-util_prosodyctl_lua,v 1.1 2010/07/26 18:11:42 jolan Exp $
+--- util/prosodyctl.lua.orig	Sat Jun 12 19:23:02 2010
+++ util/prosodyctl.lua	Mon Jul 26 10:48:24 2010
+@@ -110,7 +110,7 @@ function start()
+ 	if not CFG_SOURCEDIR then
+ 		os.execute("./prosody");
+ 	else
+-		os.execute(CFG_SOURCEDIR.."/../../bin/prosody");
+		os.execute(CFG_SOURCEDIR.."/../../sbin/prosody");
+ 	end
+ 	return true;
+ end
--- a/net/prosody/pkg/PLIST
+++ b/net/prosody/pkg/PLIST
@ -1,4 +1,4 @@
-@comment $OpenBSD: PLIST,v 1.3 2010/07/25 23:42:25 jolan Exp $
+@comment $OpenBSD: PLIST,v 1.4 2010/07/26 18:11:42 jolan Exp $
@newgroup _prosody:638
@newuser _prosody:638:_prosody:daemon:prosody user:/nonexistent:/sbin/nologin
 %%SHARED%%
@ -116,7 +116,10 @@ share/examples/prosody/certs/localhost.key
@sample ${SYSCONFDIR}/prosody/certs/localhost.key
 share/examples/prosody/prosody.cfg.lua
@sample ${SYSCONFDIR}/prosody/prosody.cfg.lua
-@mode 770
@owner _prosody
@group _prosody
+@mode 770
@sample /var/prosody/
+share/examples/prosody/prosody.log
+@mode 660
+@sample /var/prosody/prosody.log