movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-12 20:55:31 +03:00
Code Issues Projects Releases Packages Wiki Activity

fcron: 3.1.2 -> 3.2.1

Browse source 
fixes #23320 #23413
This commit is contained in:
Jörg Thalheim 2017-03-05 22:40:01 +01:00
parent 64138b3334
commit 947815f59f
No known key found for this signature in database
GPG key ID: CA4106B8D7CC79FA
4 changed files with 86 additions and 37 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/modules/misc/ids.nix
View file

@ -288,6 +288,7 @@
kresd = 270; kresd = 270;
rpc = 271; rpc = 271;
geoip = 272; geoip = 272;
fcron = 273;
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399! # When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
@ -545,6 +546,7 @@
kresd = 270; kresd = 270;
#rpc = 271; # unused #rpc = 271; # unused
#geoip = 272; # unused #geoip = 272; # unused
fcron = 273;
# When adding a gid, make sure it doesn't match an existing # When adding a gid, make sure it doesn't match an existing
# uid. Users and groups with the same name should have equal # uid. Users and groups with the same name should have equal

48
nixos/modules/services/scheduling/fcron.nix
View file

@ -23,7 +23,8 @@ let
allowdeny = target: users: allowdeny = target: users:
{ source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users); { source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users);
target = "fcron.${target}"; target = "fcron.${target}";
mode = "600"; # fcron has some security issues.. So I guess this is most safe mode = "644";
gid = config.ids.gids.fcron;
}; };
in in
@ -89,7 +90,7 @@ in
[ (allowdeny "allow" (cfg.allow)) [ (allowdeny "allow" (cfg.allow))
(allowdeny "deny" cfg.deny) (allowdeny "deny" cfg.deny)
# see man 5 fcron.conf # see man 5 fcron.conf
{ source = pkgs.writeText "fcon.conf" '' { source = pkgs.writeText "fcron.conf" ''
fcrontabs = /var/spool/fcron fcrontabs = /var/spool/fcron
pidfile = /var/run/fcron.pid pidfile = /var/run/fcron.pid
fifofile = /var/run/fcron.fifo fifofile = /var/run/fcron.fifo
@ -97,16 +98,40 @@ in
fcrondeny = /etc/fcron.deny fcrondeny = /etc/fcron.deny
shell = /bin/sh shell = /bin/sh
sendmail = /run/wrappers/bin/sendmail sendmail = /run/wrappers/bin/sendmail
editor = /run/current-system/sw/bin/vi editor = ${pkgs.vim}/bin/vim
''; '';
target = "fcron.conf"; target = "fcron.conf";
mode = "0600"; # max allowed is 644 gid = config.ids.gids.fcron;
mode = "0644";
} }
]; ];
environment.systemPackages = [ pkgs.fcron ]; environment.systemPackages = [ pkgs.fcron ];
users.extraUsers.fcron = {
uid = config.ids.uids.fcron;
home = "/var/spool/fcron";
group = "fcron";
};
users.groups.fcron.gid = config.ids.gids.fcron;
security.wrappers.fcrontab.source = "${pkgs.fcron.out}/bin/fcrontab"; security.wrappers = {
fcrontab = {
source = "${pkgs.fcron}/bin/fcrontab";
owner = "fcron";
group = "fcron";
setgid = true;
};
fcrondyn = {
source = "${pkgs.fcron}/bin/fcrondyn";
owner = "fcron";
group = "fcron";
setgid = true;
};
fcronsighup = {
source = "${pkgs.fcron}/bin/fcronsighup";
group = "fcron";
};
};
systemd.services.fcron = { systemd.services.fcron = {
description = "fcron daemon"; description = "fcron daemon";
after = [ "local-fs.target" ]; after = [ "local-fs.target" ];
@ -118,14 +143,17 @@ in
}; };
preStart = '' preStart = ''
${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron ${pkgs.coreutils}/bin/mkdir -m 0770 -p /var/spool/fcron
${pkgs.coreutils}/bin/chown -R fcron:fcron /var/spool/fcron
# load system crontab file # load system crontab file
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab} set -x
#${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
''; '';
serviceConfig.Type = "forking"; serviceConfig = {
Type = "forking";
script = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}"; ExecStart = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
};
}; };
}; };
} }

57
pkgs/tools/system/fcron/default.nix
View file

@ -1,58 +1,61 @@
# I've only worked on this till it compiled and worked. So maybe there are some things which should be done but I've missed
# restart using 'killall -TERM fcron; fcron -b # restart using 'killall -TERM fcron; fcron -b
# use convert-fcrontab to update fcrontab files # use convert-fcrontab to update fcrontab files
{ stdenv, fetchurl, perl, busybox, vim }: { stdenv, fetchurl, perl, busybox, vim }:
stdenv.mkDerivation rec { stdenv.mkDerivation rec {
name = "fcron-3.1.2"; name = "fcron-${version}";
version = "3.2.1";
src = fetchurl { src = fetchurl {
url = "http://fcron.free.fr/archives/${name}.src.tar.gz"; url = "http://fcron.free.fr/archives/${name}.src.tar.gz";
sha256 = "0p8sn4m3frh2x2llafq2gbcm46rfrn6ck4qi0d0v3ql6mfx9k4hw"; sha256 = "0sjz7r050myj6zgixzx3pk5ff819v6b0zfn0q1lkd19jkaix0531";
}; };
buildInputs = [ perl ]; buildInputs = [ perl ];
patches = [ ./relative-fcronsighup.patch ];
configureFlags = configureFlags =
[ "--with-sendmail=${busybox}/sbin/sendmail" [ "--with-sendmail=${busybox}/sbin/sendmail"
"--with-editor=${vim}/bin/vi" # TODO customizable "--with-editor=${vim}/bin/vi" # TODO customizable
"--with-bootinstall=no" "--with-bootinstall=no"
"--localstatedir=/var"
"--sysconfdir=/etc" "--sysconfdir=/etc"
# fcron would have been default user/grp
"--with-username=root"
"--with-groupname=root"
"--with-rootname=root" "--with-rootname=root"
"--with-rootgroup=root" "--with-rootgroup=root"
"--disable-checks" "--disable-checks"
]; ];
installTargets = "install-staged"; # install does also try to change permissions of /etc/* files installTargets = "install-staged"; # install does also try to change permissions of /etc/* files
preConfigure =
''
sed -i 's@/usr/bin/env perl@${perl}/bin/perl@g' configure script/*
# Don't let fcron create the group fcron, nix(os) should do this
sed -i '2s@.*@exit 0@' script/user-group
# --with-bootinstall=no shoud do this, didn't work. So just exit the script before doing anything # fcron tries to install pid into system directory on install
sed -i '2s@.*@exit 0@' script/boot-install installFlags = [
"ETC=."
"PIDDIR=."
"PIDFILE=fcron.pid"
"REBOOT_LOCK=fcron.reboot"
"FIFODIR=."
"FIFOFILE=fcron.fifo"
"FCRONTABS=."
];
# also don't use chown or chgrp for documentation (or whatever) when installing preConfigure = ''
find -type f | xargs sed -i -e 's@^\(\s\)*chown@\1:@' -e 's@^\(\s\)*chgrp@\1:@' sed -i 's@/usr/bin/env perl@${perl}/bin/perl@g' configure script/*
''; # Don't let fcron create the group fcron, nix(os) should do this
sed -i '2s@.*@exit 0@' script/user-group
patchPhase = # --with-bootinstall=no shoud do this, didn't work. So just exit the script before doing anything
'' sed -i '2s@.*@exit 0@' script/boot-install
# don't try to create /etc/fcron.{allow,deny,conf}
sed -i -e 's@test -f $(DESTDIR)$(ETC)/fcron.conf @ # @' \
-e 's@if test ! -f $(DESTDIR)$(ETC)/fcron.allow@ # @' Makefile.in
'';
meta = { # also don't use chown or chgrp for documentation (or whatever) when installing
find -type f | xargs sed -i -e 's@^\(\s\)*chown@\1:@' -e 's@^\(\s\)*chgrp@\1:@'
'';
meta = with stdenv.lib; {
description="A command scheduler with extended capabilities over cron and anacron"; description="A command scheduler with extended capabilities over cron and anacron";
homepage = http://fcron.free.fr; homepage = http://fcron.free.fr;
license = stdenv.lib.licenses.gpl2; license = licenses.gpl2;
platforms = stdenv.lib.platforms.all;
}; };
} }

16
pkgs/tools/system/fcron/relative-fcronsighup.patch Normal file
View file

@ -0,0 +1,16 @@
Use relative fcronsighup to prefer setuid executable over package binary.
--- fcron-3.2.1.orig/fcrontab.c 2016-06-26 17:02:48.000000000 +0200
+++ fcron-3.2.1/fcrontab.c 2017-03-05 21:54:24.676871335 +0100
@@ -154,10 +154,10 @@
fcrontab_gid);
exit(ERR);
}
- execl(BINDIREX "/fcronsighup", BINDIREX "/fcronsighup", fcronconf,
+ execlp("fcronsighup", "fcronsighup", fcronconf,
NULL);
- error_e("Could not exec " BINDIREX " fcronsighup");
+ error_e("Could not exec fcronsighup");
exit(ERR);
break;