[PR PATCH] i2pd: restrict /etc/i2pd permissions

[PR PATCH] i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1352 bytes --]

There is a new pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages i2pd
https://github.com/void-linux/void-packages/pull/42409

i2pd: restrict /etc/i2pd permissions
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42409.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-i2pd-42409.patch --]
[-- Type: text/x-diff, Size: 1058 bytes --]

From 3a25e8c6725e351212e448fa974e044b30d271fa Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 12:00:26 +0100
Subject: [PATCH] i2pd: restrict /etc/i2pd permissions

It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information
---
 srcpkgs/i2pd/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/i2pd/template b/srcpkgs/i2pd/template
index 91e085f41aca..c79aefa38a0f 100644
--- a/srcpkgs/i2pd/template
+++ b/srcpkgs/i2pd/template
@@ -1,7 +1,7 @@
 # Template file for 'i2pd'
 pkgname=i2pd
 version=2.46.0
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="USE_UPNP=yes"
 makedepends="zlib-devel boost-devel openssl-devel miniupnpc-devel
@@ -19,7 +19,9 @@ conf_files="
  /etc/i2pd/tunnels.conf"
 system_accounts="_i2pd"
 _i2pd_homedir="/var/lib/i2pd"
-make_dirs="/var/lib/i2pd 0700 _i2pd _i2pd"
+make_dirs="
+	/var/lib/i2pd 0700 _i2pd _i2pd
+	/etc/i2pd 0700 _i2pd _i2pd"
 
 case "${XBPS_TARGET_MACHINE}" in
 	x86_64*) ;;

Re: [PR PATCH] [Updated] i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages i2pd
https://github.com/void-linux/void-packages/pull/42409

i2pd: restrict /etc/i2pd permissions
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42409.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-i2pd-42409.patch --]
[-- Type: text/x-diff, Size: 1058 bytes --]

From 411b6476fab143e387d880a6ccbf99e315fbbe64 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 12:00:26 +0100
Subject: [PATCH] i2pd: restrict /etc/i2pd permissions

It's not a good idea to have /etc/i2pd/*.conf world-readable since
it may contain sensitive information
---
 srcpkgs/i2pd/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/i2pd/template b/srcpkgs/i2pd/template
index 91e085f41aca..c79aefa38a0f 100644
--- a/srcpkgs/i2pd/template
+++ b/srcpkgs/i2pd/template
@@ -1,7 +1,7 @@
 # Template file for 'i2pd'
 pkgname=i2pd
 version=2.46.0
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="USE_UPNP=yes"
 makedepends="zlib-devel boost-devel openssl-devel miniupnpc-devel
@@ -19,7 +19,9 @@ conf_files="
  /etc/i2pd/tunnels.conf"
 system_accounts="_i2pd"
 _i2pd_homedir="/var/lib/i2pd"
-make_dirs="/var/lib/i2pd 0700 _i2pd _i2pd"
+make_dirs="
+	/var/lib/i2pd 0700 _i2pd _i2pd
+	/etc/i2pd 0700 _i2pd _i2pd"
 
 case "${XBPS_TARGET_MACHINE}" in
 	x86_64*) ;;

Re: [PR PATCH] [Updated] i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages i2pd
https://github.com/void-linux/void-packages/pull/42409

i2pd: restrict /etc/i2pd permissions
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42409.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-i2pd-42409.patch --]
[-- Type: text/x-diff, Size: 1059 bytes --]

From e8d8d079d7ddec1df8530463fc3533b69047d2c2 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 12:00:26 +0100
Subject: [PATCH] i2pd: restrict /etc/i2pd permissions

It's not a good idea to have /etc/i2pd/*.conf world-readable since
it may contain sensitive information.
---
 srcpkgs/i2pd/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/i2pd/template b/srcpkgs/i2pd/template
index 91e085f41aca..c79aefa38a0f 100644
--- a/srcpkgs/i2pd/template
+++ b/srcpkgs/i2pd/template
@@ -1,7 +1,7 @@
 # Template file for 'i2pd'
 pkgname=i2pd
 version=2.46.0
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="USE_UPNP=yes"
 makedepends="zlib-devel boost-devel openssl-devel miniupnpc-devel
@@ -19,7 +19,9 @@ conf_files="
  /etc/i2pd/tunnels.conf"
 system_accounts="_i2pd"
 _i2pd_homedir="/var/lib/i2pd"
-make_dirs="/var/lib/i2pd 0700 _i2pd _i2pd"
+make_dirs="
+	/var/lib/i2pd 0700 _i2pd _i2pd
+	/etc/i2pd 0700 _i2pd _i2pd"
 
 case "${XBPS_TARGET_MACHINE}" in
 	x86_64*) ;;

Re: i2pd: restrict /etc/i2pd permissions

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 424 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/42409#issuecomment-1455234612

Comment:
This and https://github.com/void-linux/void-packages/pull/42408 should probably not make the directory writable by the less privileged user.
Keep the directory owned by root and only add the group of the less privileged user with read permissions, like `/etc/i2pd 0750 root _i2pd`.

Re: i2pd: restrict /etc/i2pd permissions

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 479 bytes --]

New comment by Duncaen on void-packages repository

https://github.com/void-linux/void-packages/pull/42409#issuecomment-1455234612

Comment:
This and https://github.com/void-linux/void-packages/pull/42408 should probably not make the directory writable by the less privileged user.
Keep the directory owned by root and only add the group of the less privileged user with read permissions, like `/etc/i2pd 0750 root _i2pd`.

Also indention with a single space instead of tabs.

Re: [PR PATCH] [Updated] i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages i2pd
https://github.com/void-linux/void-packages/pull/42409

i2pd: restrict /etc/i2pd permissions
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42409.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-i2pd-42409.patch --]
[-- Type: text/x-diff, Size: 1056 bytes --]

From b98dd04f92ec1ef49f441b16cd67a60048f745aa Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 12:00:26 +0100
Subject: [PATCH] i2pd: restrict /etc/i2pd permissions

It's not a good idea to have /etc/i2pd/*.conf world-readable since
it may contain sensitive information.
---
 srcpkgs/i2pd/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/i2pd/template b/srcpkgs/i2pd/template
index 91e085f41aca..9dcc4c3a67bd 100644
--- a/srcpkgs/i2pd/template
+++ b/srcpkgs/i2pd/template
@@ -1,7 +1,7 @@
 # Template file for 'i2pd'
 pkgname=i2pd
 version=2.46.0
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="USE_UPNP=yes"
 makedepends="zlib-devel boost-devel openssl-devel miniupnpc-devel
@@ -19,7 +19,9 @@ conf_files="
  /etc/i2pd/tunnels.conf"
 system_accounts="_i2pd"
 _i2pd_homedir="/var/lib/i2pd"
-make_dirs="/var/lib/i2pd 0700 _i2pd _i2pd"
+make_dirs="
+/var/lib/i2pd 0700 _i2pd _i2pd
+/etc/i2pd 0750 root _i2pd"
 
 case "${XBPS_TARGET_MACHINE}" in
 	x86_64*) ;;

Re: i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 223 bytes --]

New comment by steinex on void-packages repository

https://github.com/void-linux/void-packages/pull/42409#issuecomment-1455749406

Comment:
Fixed here and in https://github.com/void-linux/void-packages/pull/42408, thanks!

Re: [PR PATCH] [Updated] i2pd: restrict /etc/i2pd permissions

[steinex]

[-- Attachment #1: Type: text/plain, Size: 1357 bytes --]

There is an updated pull request by steinex against master on the void-packages repository

https://github.com/steinex/void-packages i2pd
https://github.com/void-linux/void-packages/pull/42409

i2pd: restrict /etc/i2pd permissions
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->


A patch file from https://github.com/void-linux/void-packages/pull/42409.patch is attached

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-i2pd-42409.patch --]
[-- Type: text/x-diff, Size: 1058 bytes --]

From 49f7337b62d81ef6797e11fd64fd5f132925e812 Mon Sep 17 00:00:00 2001
From: Frank Steinborn <steinex@nognu.de>
Date: Thu, 23 Feb 2023 12:00:26 +0100
Subject: [PATCH] i2pd: restrict /etc/i2pd permissions

It's not a good idea to have /etc/i2pd/*.conf world-readable since
it may contain sensitive information.
---
 srcpkgs/i2pd/template | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/srcpkgs/i2pd/template b/srcpkgs/i2pd/template
index 91e085f41aca..b882412f2828 100644
--- a/srcpkgs/i2pd/template
+++ b/srcpkgs/i2pd/template
@@ -1,7 +1,7 @@
 # Template file for 'i2pd'
 pkgname=i2pd
 version=2.46.0
-revision=1
+revision=2
 build_style=gnu-makefile
 make_build_args="USE_UPNP=yes"
 makedepends="zlib-devel boost-devel openssl-devel miniupnpc-devel
@@ -19,7 +19,9 @@ conf_files="
  /etc/i2pd/tunnels.conf"
 system_accounts="_i2pd"
 _i2pd_homedir="/var/lib/i2pd"
-make_dirs="/var/lib/i2pd 0700 _i2pd _i2pd"
+make_dirs="
+ /var/lib/i2pd 0700 _i2pd _i2pd
+ /etc/i2pd 0750 root _i2pd"
 
 case "${XBPS_TARGET_MACHINE}" in
 	x86_64*) ;;

Re: [PR PATCH] [Merged]: i2pd: restrict /etc/i2pd permissions

[Duncaen]

[-- Attachment #1: Type: text/plain, Size: 1204 bytes --]

There's a merged pull request on the void-packages repository

i2pd: restrict /etc/i2pd permissions
https://github.com/void-linux/void-packages/pull/42409

Description:
It's not a good idea to have /etc/i2pd/*.conf world-readable since it may contain sensitive information

<!-- Uncomment relevant sections and delete options which are not applicable -->

#### Testing the changes
- I tested the changes in this PR: **YES**

<!--
#### New package
- This new package conforms to the [package requirements](https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#package-requirements): **YES**|**NO**
-->

<!-- Note: If the build is likely to take more than 2 hours, please add ci skip tag as described in
https://github.com/void-linux/void-packages/blob/master/CONTRIBUTING.md#continuous-integration
and test at least one native build and, if supported, at least one cross build.
Ignore this section if this PR is not skipping CI.
-->
<!--
#### Local build testing
- I built this PR locally for my native architecture, (ARCH-LIBC)
- I built this PR locally for these architectures (if supported. mark crossbuilds):
  - aarch64-musl
  - armv7l
  - armv6l-musl
-->