openpkg/rc.openpkg@0ba300bdf30a (annotated)
openpkg/rc.openpkg
Mon, 20 Apr 2009 19:22:00 +0200
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Mon, 20 Apr 2009 19:22:00 +0200
- changeset 178
- 0ba300bdf30a
- child 427
- 71503088f51b
- permissions
- -rw-r--r--
Change unfortunate but partly useful overreaching security tradeoff.
The principle of allocating each running process an individual system
user and group can have security benefits, however maintining a plethora
of users, groups, processes, file modes, file permissions, and even
nonportable file ACLs on a host serving from a hundred processes has
some security disadvantages. This tradeoff is even worse for systems
like OpenPKG which benefit from administration transparency through the
use of minimal system intrusion and only three usage privilege levels.
| michael@13 | 1 | #!@l_prefix@/bin/openpkg rc |
| michael@13 | 2 | ## |
| michael@13 | 3 | ## rc.openpkg -- Run-Commands |
| michael@13 | 4 | ## |
| michael@13 | 5 | |
| michael@13 | 6 | %config |
| michael@13 | 7 | openpkg_rc_def="yes" |
| michael@13 | 8 | openpkg_rc_all="$openpkg_rc_def" |
| michael@13 | 9 | openpkg_enable="$openpkg_rc_def" |
| michael@13 | 10 | openpkg_envprio="high" |
| michael@13 | 11 | openpkg_reghour="3" |
| michael@13 | 12 | openpkg_regrand="1" |
| michael@13 | 13 | |
| michael@13 | 14 | %status -o |
| michael@13 | 15 | openpkg_usable="unknown" |
| michael@13 | 16 | openpkg_active="unknown" |
| michael@13 | 17 | echo "openpkg_enable=\"$openpkg_enable\"" |
| michael@13 | 18 | echo "openpkg_usable=\"$openpkg_usable\"" |
| michael@13 | 19 | echo "openpkg_active=\"$openpkg_active\"" |
| michael@13 | 20 | |
| michael@13 | 21 | %info -o |
| michael@13 | 22 | @l_prefix@/bin/openpkg uuid info |
| michael@13 | 23 | |
| michael@13 | 24 | %start -p0 |
| michael@13 | 25 | rcService openpkg enable yes || exit 0 |
| michael@13 | 26 | # update UUID information (in background to not slow down boot sequences) |
| michael@13 | 27 | (nohup @l_prefix@/bin/openpkg uuid update </dev/null >/dev/null 2>&1 &) >/dev/null 2>&1 |
| michael@13 | 28 | |
| michael@13 | 29 | %hourly -u @l_musr@ |
| michael@13 | 30 | rcService openpkg enable yes || exit 0 |
| michael@13 | 31 | # automatic (re-)registration |
| michael@13 | 32 | reregister=0 |
| michael@13 | 33 | # re-register if previously registered |
| michael@13 | 34 | @l_prefix@/bin/openpkg register --printstatus >/dev/null 2>&1 && reregister=1 |
| michael@13 | 35 | # re-register if "openpkg" executable from community series |
| michael@13 | 36 | [ $reregister -eq 0 ] && @l_prefix@/bin/openpkg --license 2>/dev/null \ |
| michael@13 | 37 | | sed -e 'q' | egrep '[0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*-C' >/dev/null && reregister=1 |
| michael@13 | 38 | # re-register if "openpkg release" configured to pull packages directly from openpkg.(org|com|net) |
| michael@13 | 39 | [ $reregister -eq 0 ] && @l_prefix@/bin/openpkg release --fmt='%u' \ |
| michael@13 | 40 | | egrep '^[^:]*://(([^:]*:)?([^@]*@)?)?([^/]*\.)?openpkg\.(com|org|net)/' >/dev/null && reregister=1 |
| michael@13 | 41 | # perform (re-)registration |
| michael@13 | 42 | if [ $reregister -eq 1 ]; then |
| michael@13 | 43 | [ $openpkg_reghour -lt 00 -o $openpkg_reghour -gt 23 ] && openpkg_reghour="3" |
| michael@13 | 44 | now=`date '+%H'` |
| michael@13 | 45 | [ $openpkg_reghour -eq $now ] || exit 0 |
| michael@13 | 46 | [ $openpkg_regrand -lt 01 -o $openpkg_regrand -gt 04 ] && openpkg_regrand="1" |
| michael@13 | 47 | rnd=`expr $RANDOM \* 3600 \* $openpkg_regrand / 32768` |
| michael@13 | 48 | (nohup @l_prefix@/lib/openpkg/bash -c "sleep $rnd; @l_prefix@/bin/openpkg register" </dev/null >/dev/null 2>&1 &) >/dev/null 2>&1 |
| michael@13 | 49 | fi |
| michael@13 | 50 | |
| michael@13 | 51 | %daily -p0 |
| michael@13 | 52 | rcService openpkg enable yes || exit 0 |
| michael@13 | 53 | # update UUID information |
| michael@13 | 54 | @l_prefix@/bin/openpkg uuid update >/dev/null 2>&1 || true |
| michael@13 | 55 | |
| michael@13 | 56 | %env -p0 |
| michael@13 | 57 | rcService openpkg enable yes || exit 0 |
| michael@13 | 58 | |
| michael@13 | 59 | # determine append (low prio) or prepend (high prio) mode |
| michael@13 | 60 | opt_prepend="" |
| michael@13 | 61 | if [ ".$openpkg_envprio" = ".high" ]; then |
| michael@13 | 62 | opt_prepend="-p" |
| michael@13 | 63 | fi |
| michael@13 | 64 | |
| michael@13 | 65 | # make sure the software package executables are found |
| michael@13 | 66 | export PATH |
| michael@13 | 67 | rcPath -a -e PATH \ |
| michael@13 | 68 | /bin /sbin /usr/bin /usr/sbin |
| michael@13 | 69 | rcPath -a ${opt_prepend} PATH \ |
| michael@13 | 70 | @l_prefix@/bin @l_prefix@/sbin \ |
| michael@13 | 71 | @l_prefix@/local/bin @l_prefix@/local/sbin |
| michael@13 | 72 | |
| michael@13 | 73 | # make sure the software package manual pages are found |
| michael@13 | 74 | export MANPATH |
| michael@13 | 75 | rcPath -a -e MANPATH \ |
| michael@13 | 76 | /usr/man /usr/share/man |
| michael@13 | 77 | rcPath -a ${opt_prepend} MANPATH \ |
| michael@13 | 78 | @l_prefix@/man @l_prefix@/local/man |
| michael@13 | 79 | |
| michael@13 | 80 | # make sure the software package info pages are found |
| michael@13 | 81 | export INFOPATH |
| michael@13 | 82 | rcPath -a -e INFOPATH \ |
| michael@13 | 83 | /usr/info /usr/share/info |
| michael@13 | 84 | rcPath -a ${opt_prepend} INFOPATH \ |
| michael@13 | 85 | @l_prefix@/info @l_prefix@/local/info |
| michael@13 | 86 | |
| michael@13 | 87 | # make sure the software package libraries are found |
| michael@13 | 88 | export LD_LIBRARY_PATH |
| michael@13 | 89 | rcPath -a -e LD_LIBRARY_PATH \ |
| michael@13 | 90 | /lib /usr/lib |
| michael@13 | 91 | rcPath -a ${opt_prepend} LD_LIBRARY_PATH \ |
| michael@13 | 92 | @l_prefix@/lib @l_prefix@/local/lib |
| michael@13 | 93 | |
| michael@13 | 94 | # cleanup |
| michael@13 | 95 | unset opt_prepend |
| michael@13 | 96 |
