[PR PATCH] redis: restrict /etc/redis permissions

[PR PATCH] redis: restrict /etc/redis permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1377 bytes --]

There is a new pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages redis
https://github.com/void-linux/void-packages/pull/42408

redis: restrict /etc/redis permissions
It's not a good idea to have /etc/redis/redis.conf world-readable since it may contain sensitive informations like passwords.

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42408.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-redis-42408.patch --]
[-- Type: text/x-diff, Size: 1069 bytes --]

From 58ee38e14e69a27551709248d95c12021fb24ee2 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 11:54:11 +0100
Subject: [PATCH] redis: restrict /etc/redis permissions

It's not a good idea to have /etc/redis/redis.conf world-readable since
it may contain sensitive informations like passwords.
---
 srcpkgs/redis/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/redis/template b/srcpkgs/redis/template
index 0cd5302a434c..1d6890e2d00d 100644
--- a/srcpkgs/redis/template
+++ b/srcpkgs/redis/template
@@ -1,7 +1,7 @@
 # Template file for 'redis'
 pkgname=redis
 version=7.0.8
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="V=1"
 make_check_target="test"
@@ -18,7 +18,9 @@ system_accounts="redis"
 redis_homedir="/var/lib/redis"
 conf_files="/etc/redis/redis.conf"
 
-make_dirs="/var/lib/redis 0700 redis redis"
+make_dirs="
+	/var/lib/redis 0700 redis redis
+	/etc/redis 0700 redis redis"
 
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	make_build_args+=" MALLOC=libc"

Re: [PR PATCH] [Updated] redis: restrict /etc/redis permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1382 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages redis
https://github.com/void-linux/void-packages/pull/42408

redis: restrict /etc/redis permissions
It's not a good idea to have /etc/redis/redis.conf world-readable since it may contain sensitive informations like passwords.

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42408.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-redis-42408.patch --]
[-- Type: text/x-diff, Size: 1066 bytes --]

From 6a954de890a38143b6c7deace65eac2f612eb460 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 11:54:11 +0100
Subject: [PATCH] redis: restrict /etc/redis permissions

It's not a good idea to have /etc/redis/redis.conf world-readable since
it may contain sensitive informations like passwords.
---
 srcpkgs/redis/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/redis/template b/srcpkgs/redis/template
index 0cd5302a434c..30dd8c39a8bd 100644
--- a/srcpkgs/redis/template
+++ b/srcpkgs/redis/template
@@ -1,7 +1,7 @@
 # Template file for 'redis'
 pkgname=redis
 version=7.0.8
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="V=1"
 make_check_target="test"
@@ -18,7 +18,9 @@ system_accounts="redis"
 redis_homedir="/var/lib/redis"
 conf_files="/etc/redis/redis.conf"
 
-make_dirs="/var/lib/redis 0700 redis redis"
+make_dirs="
+/var/lib/redis 0700 redis redis
+/etc/redis 0750 root redis"
 
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	make_build_args+=" MALLOC=libc"

Re: redis: restrict /etc/redis permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 220 bytes --]

New comment by steinex on void-packages repository

https://github.com/void-linux/void-packages/pull/42408#issuecomment-1455750063

Comment:
Fixed like suggested in https://github.com/void-linux/void-packages/pull/42409

Re: [PR PATCH] [Updated] redis: restrict /etc/redis permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1382 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages redis
https://github.com/void-linux/void-packages/pull/42408

redis: restrict /etc/redis permissions
It's not a good idea to have /etc/redis/redis.conf world-readable since it may contain sensitive informations like passwords.

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42408.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-redis-42408.patch --]
[-- Type: text/x-diff, Size: 1068 bytes --]

From 1d448bffe4e18d0b2a486debd6b7823a3866f8a3 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 11:54:11 +0100
Subject: [PATCH] redis: restrict /etc/redis permissions

It's not a good idea to have /etc/redis/redis.conf world-readable since
it may contain sensitive informations like passwords.
---
 srcpkgs/redis/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/redis/template b/srcpkgs/redis/template
index 0cd5302a434c..8e8ac83a965f 100644
--- a/srcpkgs/redis/template
+++ b/srcpkgs/redis/template
@@ -1,7 +1,7 @@
 # Template file for 'redis'
 pkgname=redis
 version=7.0.8
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="V=1"
 make_check_target="test"
@@ -18,7 +18,9 @@ system_accounts="redis"
 redis_homedir="/var/lib/redis"
 conf_files="/etc/redis/redis.conf"
 
-make_dirs="/var/lib/redis 0700 redis redis"
+make_dirs="
+ /var/lib/redis 0700 redis redis
+ /etc/redis 0750 root redis"
 
 if [ "$XBPS_TARGET_LIBC" = "musl" ]; then
 	make_build_args+=" MALLOC=libc"

Re: [PR PATCH] [Merged]: redis: restrict /etc/redis permissions

[leahneukirchen]

[-- Attachment #1: Type: text/plain, Size: 1228 bytes --]

There's a merged pull request on the void-packages repository

redis: restrict /etc/redis permissions
https://github.com/void-linux/void-packages/pull/42408

Description:
It's not a good idea to have /etc/redis/redis.conf world-readable since it may contain sensitive informations like passwords.

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->