svn commit: r482392 - in head: . security/hitch security/hitch/files

Thu Oct 18 23:36:13 UTC 2018

Author: zi
Date: Thu Oct 18 23:36:11 2018
New Revision: 482392
URL: https://svnweb.freebsd.org/changeset/ports/482392

Log:
  - Use hitch user/group instead of nobody/nobody
  
  PR:		232411
  Submitted by:	grahamyvr at gmail.com

Modified:
  head/GIDs
  head/UIDs
  head/UPDATING
  head/security/hitch/Makefile
  head/security/hitch/files/hitch.conf.sample
  head/security/hitch/files/hitch.in

Modified: head/GIDs
==============================================================================

--- head/GIDs	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/GIDs	Thu Oct 18 23:36:11 2018	(r482392)
@@ -753,7 +753,7 @@ clickhouse:*:800:
 # free: 810
 # free: 811
 foreman_proxy:*:812:
-# free: 813
+hitch:*:813:
 puppet:*:814:
 uchiwa:*:815:
 # free: 816

Modified: head/UIDs
==============================================================================
--- head/UIDs	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/UIDs	Thu Oct 18 23:36:11 2018	(r482392)
@@ -759,7 +759,7 @@ clickhouse:*:800:800::0:0:ClickHouse Daemon:/var/db/cl
 # free: 810
 # free: 811
 foreman_proxy:*:812:812::0:0:Foreman Smart Proxy:/usr/local/share/foreman-proxy:/usr/sbin/nologin
-# free: 813
+hitch:*:813:813::0:0:Hitch TLS Proxy:/nonexistent:/usr/sbin/nologin
 puppet:*:814:814::0:0:Puppet Daemon:/nonexistent:/usr/sbin/nologin
 uchiwa:*:815:815::0:0:Uchiwa Dashboard:/nonexistent:/usr/sbin/nologin
 # free: 816

Modified: head/UPDATING
==============================================================================
--- head/UPDATING	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/UPDATING	Thu Oct 18 23:36:11 2018	(r482392)
@@ -5,6 +5,15 @@ they are unavoidable.
 You should get into the habit of checking this file for changes each time
 you update your ports collection, before attempting any port upgrades.
 
+20181018:
+  AFFECTS: users of security/hitch
+  AUTHOR: zi at FreeBSD.org
+
+  Hitch has been updated to run as the hitch user/group, instead of the
+  previous default of nobody/nobody.  You should review your hitch
+  configuration to ensure that everything has been updated to reflect
+  this change.
+
 20181014:
   AFFECTS: users of sysutils/ansible
   AUTHOR: lifanov at FreeBSD.org

Modified: head/security/hitch/Makefile
==============================================================================
--- head/security/hitch/Makefile	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/security/hitch/Makefile	Thu Oct 18 23:36:11 2018	(r482392)
@@ -3,7 +3,7 @@
 
 PORTNAME=		hitch
 PORTVERSION=		1.4.8
-PORTREVISION=		1
+PORTREVISION=		2
 CATEGORIES=		security
 MASTER_SITES=		http://hitch-tls.org/source/ \
 			ZI
@@ -16,8 +16,8 @@ LICENSE=		BSD2CLAUSE
 BUILD_DEPENDS=		rst2man:textproc/py-docutils
 LIB_DEPENDS=		libev.so:devel/libev
 
-USERS=			nobody
-GROUPS=			nobody
+USERS=			hitch
+GROUPS=			hitch
 
 USES=			pkgconfig ssl
 GNU_CONFIGURE=		yes

Modified: head/security/hitch/files/hitch.conf.sample
==============================================================================
--- head/security/hitch/files/hitch.conf.sample	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/security/hitch/files/hitch.conf.sample	Thu Oct 18 23:36:11 2018	(r482392)
@@ -68,12 +68,12 @@ chroot = ""
 # Set uid after binding a socket
 #
 # type: string
-user = "nobody"
+user = "hitch"
 
 # Set gid after binding a socket
 #
 # type: string
-group = "nobody"
+group = "hitch"
 
 # Quiet execution, report only error messages
 #

Modified: head/security/hitch/files/hitch.in
==============================================================================
--- head/security/hitch/files/hitch.in	Thu Oct 18 23:29:50 2018	(r482391)
+++ head/security/hitch/files/hitch.in	Thu Oct 18 23:36:11 2018	(r482392)
@@ -30,8 +30,8 @@ load_rc_config $name
 
 : ${hitch_enable="NO"}
 : ${hitch_config="%%PREFIX%%/etc/hitch.conf"}
-: ${hitch_huser:=nobody}
-: ${hitch_hgroup:=nobody}
+: ${hitch_huser:=hitch}
+: ${hitch_hgroup:=hitch}
 
 command="%%PREFIX%%/sbin/hitch"
 command_args="--daemon -u ${hitch_huser} -g ${hitch_hgroup} -s --config=${hitch_config}"
