clawdie/colibri
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 33

fix(rc): make colibri_daemon script live-copy safe (Sam & Codex)

Browse source 
Make the FreeBSD rc.d source safe to copy directly onto the live USB: avoid rc.subr's *_program command override, avoid double privilege drop via daemon(8) -u, and keep pid/socket chmod fixes in the source script.\n\nChecks: sh -n packaging/freebsd/colibri_daemon.in; git diff --check.
This commit is contained in:
Sam & Claude 2026-06-14 22:08:54 +02:00
parent 4e1437ae9d
commit 7d239053ed
1 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
packaging/freebsd/colibri_daemon.in
View file

@ -4,8 +4,9 @@
# #
# colibri-daemon runs in the FOREGROUND — it does not self-daemonize or write a # colibri-daemon runs in the FOREGROUND — it does not self-daemonize or write a
# pidfile. rc.d runs it under daemon(8), which backgrounds it, writes the # pidfile. rc.d runs it under daemon(8), which backgrounds it, writes the
# child pidfile (colibri-daemon PID), restarts on crash, drops privileges to # child pidfile (colibri-daemon PID), restarts on crash, and redirects
# the colibri user, and redirects stdout/stderr (tracing) to a logfile. # stdout/stderr (tracing) to a logfile. rc.subr performs the privilege drop
# through ${name}_user.
# #
# Setup (one-time, as root): # Setup (one-time, as root):
# pw groupadd colibri # pw groupadd colibri
@ -37,7 +38,7 @@ load_rc_config $name
: ${colibri_daemon_enable:="NO"} : ${colibri_daemon_enable:="NO"}
: ${colibri_daemon_user:="colibri"} : ${colibri_daemon_user:="colibri"}
: ${colibri_daemon_group:="colibri"} : ${colibri_daemon_group:="colibri"}
: ${colibri_daemon_program:="/usr/local/bin/colibri-daemon"} : ${colibri_daemon_binary:="/usr/local/bin/colibri-daemon"}
: ${colibri_daemon_data_dir:="/var/db/colibri"} : ${colibri_daemon_data_dir:="/var/db/colibri"}
: ${colibri_daemon_run_dir:="/var/run/colibri"} : ${colibri_daemon_run_dir:="/var/run/colibri"}
: ${colibri_daemon_socket:="${colibri_daemon_run_dir}/colibri.sock"} : ${colibri_daemon_socket:="${colibri_daemon_run_dir}/colibri.sock"}
@ -54,11 +55,13 @@ supervisor_pidfile="${colibri_daemon_run_dir}/colibri-daemon-supervisor.pid"
# Run colibri-daemon under daemon(8): # Run colibri-daemon under daemon(8):
# -P supervisor pidfile (the daemon(8) parent — used by stop) # -P supervisor pidfile (the daemon(8) parent — used by stop)
# -p child pidfile (writes colibri-daemon PID — used by start/status) # -p child pidfile (writes colibri-daemon PID — used by start/status)
# -r restart on crash, -t process title, -u drop to the colibri user, # -r restart on crash, -t process title,
# -o append stdout/stderr to log. # -o append stdout/stderr to log.
# rc.subr already runs the command as ${colibri_daemon_user}; do not also pass
# daemon(8) -u or daemon(8) will try to drop privileges a second time.
command="/usr/sbin/daemon" command="/usr/sbin/daemon"
command_args="-P ${supervisor_pidfile} -p ${pidfile} -r -t ${name} -u ${colibri_daemon_user} \ command_args="-P ${supervisor_pidfile} -p ${pidfile} -r -t ${name} \
-o ${colibri_daemon_logfile} ${colibri_daemon_program}" -o ${colibri_daemon_logfile} ${colibri_daemon_binary}"
# Use the child's process name so rc.subr can find the right process via the # Use the child's process name so rc.subr can find the right process via the
# child pidfile. Using the daemon(8) supervisor path would collide with # child pidfile. Using the daemon(8) supervisor path would collide with
@ -101,6 +104,8 @@ colibri_daemon_poststart()
if [ -S "${colibri_daemon_socket}" ]; then if [ -S "${colibri_daemon_socket}" ]; then
echo "colibri-daemon socket ready after ${waited}s" echo "colibri-daemon socket ready after ${waited}s"
chmod 644 "${pidfile}" 2>/dev/null || true
chmod 660 "${colibri_daemon_socket}" 2>/dev/null || true
else else
echo "WARNING: colibri-daemon socket not ready after ${timeout}s" echo "WARNING: colibri-daemon socket not ready after ${timeout}s"
fi fi