[Bug 211098] mail/postsrsd should not create / install postsrsd.secret for package
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Wed Jul 13 22:24:57 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=211098
Bug ID: 211098
Summary: mail/postsrsd should not create / install
postsrsd.secret for package
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: 000.fbsd at quip.cz
CC: ports at bsdserwis.com
CC: ports at bsdserwis.com
Flags: maintainer-feedback?(ports at bsdserwis.com)
postsrsd.secret is used as secret key and should be different for each install.
It is now created in package build time and saved in package.
It means everybody installing postsrsd from official FreeBSD package has the
same postsrsd.secret key!
I think it is better to not create it at build time but in rc script on the
first run.
Something like this in postsrsd_prepcmd ()
if [ ! -f ${postsrsd_secret} ] ; then
dd if=/dev/urandom bs=18 count=1 2> /dev/null | b64encode 1 | sed -n '2p' >
${postsrsd_secret}
fi
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list