mirrors/gentoo-ebuilds
3
0
Fork 0
mirror of https://anongit.gentoo.org/git/repo/gentoo.git synced 2025-07-21 22:53:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
gentoo-ebuilds/net-vpn/gsocket/files/gsocket-1.4.43-gs-init-secret.patch
Florian Schmaus fe4841044d
net-vpn/gsocket: new package (from ::guru), add 1.4.43, 9999 
Based on the ::guru ebuild by Daichi Yamamoto.

Signed-off-by: Florian Schmaus <flow@gentoo.org>
2024-05-29 10:31:48 +02:00

160 lines
5.1 KiB
Diff
Raw Permalink Blame History

From 9601745f3f75eea748ec93f90b1b1a3023b6514d Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 28 May 2024 11:08:31 +0200
Subject: [PATCH 1/5] gs-init-secret: add new script
The gs-init-secret script can be used to securely initialize a file
containing a gsocket secret.
---
tools/Makefile.am | 2 +-
tools/gs-init-secret | 33 +++++++++++++++++++++++++++++++++
2 files changed, 34 insertions(+), 1 deletion(-)
create mode 100755 tools/gs-init-secret
diff --git a/tools/Makefile.am b/tools/Makefile.am
index 805fedd..9af4df0 100755
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@@ -38,7 +38,7 @@ gs_netcat_SOURCES = 4_gs-netcat.c utils.c socks.c console.c ids.c event_mgr.c pk
gs_netcat_LDADD = ../lib/libgsocket.a @LDADD_STATIC@
gs_netcat_CFLAGS = @CFLAGS_STATIC@
-dist_bin_SCRIPTS = blitz gs-sftp gs-mount gsocket
+dist_bin_SCRIPTS = blitz gs-sftp gs-mount gsocket gs-init-secret
gsocket_uchroot_dso_so_0_SOURCES = gsocket_uchroot_dso.c
gsocket_uchroot_dso_so_0_CFLAGS = -shared -fPIC
diff --git a/tools/gs-init-secret b/tools/gs-init-secret
new file mode 100755
index 0000000..f2782f1
--- /dev/null
+++ b/tools/gs-init-secret
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -eu
+
+if [[ $# -eq 2 ]]; then
+ >&2 echo "ERROR: Must provide exactly one argument"
+ exit 1
+fi
+
+SECRET_FILE="${1}"
+
+if [[ -f "${SECRET_FILE}" ]]; then
+ SECRET_FILE_PERMS="$(stat -c %a "${SECRET_FILE}")"
+ if [[ ${SECRET_FILE_PERMS} != [0-9][0-9]0 ]]; then
+ >&2 echo "ERROR: ${SECRET_FILE} has world-permissions set (${SECRET_FILE_PERMS})"
+ exit 1
+ fi
+
+ exit
+fi
+
+TARGET_DIR="$(dirname "${SECRET_FILE}")"
+if [[ ! -d "${TARGET_DIR}" ]]; then
+ mkdir -p "${TARGET_DIR}"
+fi
+
+MY_TMPDIR=$(mktemp -d --tmpdir="${TMPDIR:-/tmp}")
+trap 'rm -rf ${MY_TMPDIR}' EXIT
+
+SECRET_FILE_TMP="${MY_TMPDIR}/secret"
+
+gs-netcat -g > "${SECRET_FILE_TMP}"
+
+install --mode=400 "${SECRET_FILE_TMP}" "${SECRET_FILE}"
From 756a515a116b5e13f6b5ba95ebbee676d34bfbd8 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 28 May 2024 11:10:53 +0200
Subject: [PATCH 2/5] gs-root-shell.service: use gs-init-secret
---
examples/systemd-root-shell/gs-root-shell.service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/examples/systemd-root-shell/gs-root-shell.service b/examples/systemd-root-shell/gs-root-shell.service
index 5b0e9a1..278de73 100644
--- a/examples/systemd-root-shell/gs-root-shell.service
+++ b/examples/systemd-root-shell/gs-root-shell.service
@@ -7,7 +7,8 @@ Type=simple
Restart=always
RestartSec=10
WorkingDirectory=/root
-ExecStart=gs-netcat -k /etc/systemd/gs-root-shell-key.txt -il
+ExecStartPre=gs-init-secret /etc/gsocket/gs-root-shell-key
+ExecStart=gs-netcat -k /etc/gsocket/gs-root-shell-key -il
[Install]
WantedBy=multi-user.target
From 5e72debc560cc18e36d9066653fba864a366b4c3 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 28 May 2024 11:11:43 +0200
Subject: [PATCH 3/5] gs-root-shell.service: drop Type=simple, as it is the
default
---
examples/systemd-root-shell/gs-root-shell.service | 1 -
1 file changed, 1 deletion(-)
diff --git a/examples/systemd-root-shell/gs-root-shell.service b/examples/systemd-root-shell/gs-root-shell.service
index 278de73..92a9814 100644
--- a/examples/systemd-root-shell/gs-root-shell.service
+++ b/examples/systemd-root-shell/gs-root-shell.service
@@ -3,7 +3,6 @@ Description=Global Socket Root Shell
After=network.target
[Service]
-Type=simple
Restart=always
RestartSec=10
WorkingDirectory=/root
From 9aa3a85656e8917720568a9b019cc774636b9d23 Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 28 May 2024 11:12:17 +0200
Subject: [PATCH 4/5] gs-root-shell.service: set RestartSteps=10 and cap
restart delays at 30min
---
examples/systemd-root-shell/gs-root-shell.service | 2 ++
1 file changed, 2 insertions(+)
diff --git a/examples/systemd-root-shell/gs-root-shell.service b/examples/systemd-root-shell/gs-root-shell.service
index 92a9814..5d52050 100644
--- a/examples/systemd-root-shell/gs-root-shell.service
+++ b/examples/systemd-root-shell/gs-root-shell.service
@@ -5,6 +5,8 @@ After=network.target
[Service]
Restart=always
RestartSec=10
+RestartSteps=10
+RestartMaxDelaySec=30m
WorkingDirectory=/root
ExecStartPre=gs-init-secret /etc/gsocket/gs-root-shell-key
ExecStart=gs-netcat -k /etc/gsocket/gs-root-shell-key -il
From 24eb0d5606bbe38a4b401394933f4dbe9b851a5c Mon Sep 17 00:00:00 2001
From: Florian Schmaus <flo@geekplace.eu>
Date: Tue, 28 May 2024 11:13:14 +0200
Subject: [PATCH 5/5] gs-root-shell.service: configure service to await
network-online.target
---
examples/systemd-root-shell/gs-root-shell.service | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/examples/systemd-root-shell/gs-root-shell.service b/examples/systemd-root-shell/gs-root-shell.service
index 5d52050..439890e 100644
--- a/examples/systemd-root-shell/gs-root-shell.service
+++ b/examples/systemd-root-shell/gs-root-shell.service
@@ -1,6 +1,7 @@
[Unit]
Description=Global Socket Root Shell
-After=network.target
+After=network-online.target
+Wants=network-online.target
[Service]
Restart=always
Reference in a new issue View git blame Copy permalink