CVS commit: pkgsrc/chat/prosody

["Pierre Pronchery" <khorben%netbsd.org@localhost>]

Module Name:    pkgsrc
Committed By:   khorben
Date:           Thu Aug 11 15:41:30 UTC 2022

Modified Files:
        pkgsrc/chat/prosody: Makefile

Log Message:
prosody: support Lua 5.4 and improve security

The changes here are:

* prosody can be built with Lua 5.4 (as recommended since the 0.12
  series), also thanks to lua-unbound being available for Lua 5.4
* the prosody user's home directory is back to the default /nonexistent
  (prosody finds its own data directory nonetheless, as it is a
  compile-time option)
* the corresponding directories created (data directory, PID directory,
  logging) do not seem to actually require write access (or not anymore)

These last two changes together get rid of the security report "user
prosody home directory is group writable" from the daily insecurity
checks on NetBSD.

Tested on NetBSD/amd64.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 pkgsrc/chat/prosody/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/chat/prosody/Makefile
diff -u pkgsrc/chat/prosody/Makefile:1.41 pkgsrc/chat/prosody/Makefile:1.42
--- pkgsrc/chat/prosody/Makefile:1.41   Wed Jul 27 01:53:40 2022
+++ pkgsrc/chat/prosody/Makefile        Thu Aug 11 15:41:30 2022
@@ -1,6 +1,7 @@
-# $NetBSD: Makefile,v 1.41 2022/07/27 01:53:40 khorben Exp $
+# $NetBSD: Makefile,v 1.42 2022/08/11 15:41:30 khorben Exp $
 
 DISTNAME=              prosody-0.12.1
+PKGREVISION=           1
 CATEGORIES=            chat
 MASTER_SITES=          https://prosody.im/downloads/source/
 
@@ -19,7 +20,7 @@ HAS_CONFIGURE=                yes
 USE_LANGUAGES=         c
 BUILD_DEFS+=           VARBASE
 
-LUA_VERSIONS_ACCEPTED= 52 51
+LUA_VERSIONS_ACCEPTED= 54 52 51
 
 .include "../../mk/bsd.prefs.mk"
 
@@ -29,9 +30,9 @@ PROSODY_DATA?=                ${VARBASE}/db/prosody
 PROSODY_LOG?=          ${VARBASE}/log/prosody
 PROSODY_RUN?=          ${VARBASE}/run/prosody
 
-OWN_DIRS_PERMS+=       ${PROSODY_DATA} ${PROSODY_USER} ${PROSODY_GROUP} 0770
-OWN_DIRS_PERMS+=       ${PROSODY_LOG} ${PROSODY_USER} ${PROSODY_GROUP} 0770
-OWN_DIRS_PERMS+=       ${PROSODY_RUN} ${PROSODY_USER} ${PROSODY_GROUP} 0770
+OWN_DIRS_PERMS+=       ${PROSODY_DATA} ${PROSODY_USER} ${PROSODY_GROUP} 0750
+OWN_DIRS_PERMS+=       ${PROSODY_LOG} ${PROSODY_USER} ${PROSODY_GROUP} 0750
+OWN_DIRS_PERMS+=       ${PROSODY_RUN} ${PROSODY_USER} ${PROSODY_GROUP} 0750
 MAKE_DIRS+=            ${PKG_SYSCONFDIR}/certs
 
 PKG_USERS_VARS=                        PROSODY_USER
@@ -39,7 +40,6 @@ PKG_GROUPS_VARS=              PROSODY_GROUP
 PKG_GROUPS=                    ${PROSODY_GROUP}
 PKG_USERS=                     ${PROSODY_USER}:${PROSODY_GROUP}
 PKG_GECOS.${PROSODY_USER}=     Prosody daemon user
-PKG_HOME.${PROSODY_USER}=      ${PROSODY_DATA}
 PKG_SHELL.${PROSODY_USER}=     ${NOLOGIN}
 
 PKG_SYSCONFSUBDIR=     ${PKGBASE}