Skip to content
Snippets Groups Projects
Commit c465729b authored by Jakub Jirutka's avatar Jakub Jirutka :flag_ua:
Browse files

community/seatd: move seatd-launch into subpackage 

seatd-launch needs SUID to be useful. SUID binaries are a security
risk and this very binary had a vulnerability allowing privilege
escalation (CVE-2021-41387)!

seatd-launch is not necessary for using seatd and libseat, so the
user should have an option to NOT install it on their system.
parent 7d13351c
No related merge requests found
Hide whitespace changes
Inline Side-by-side
community/seatd/APKBUILD
+ 12
4
View file @ c465729b
# Contributor: Leo <thinkabit.ukim@gmail.com>
# Contributor: Jakub Jirutka <jakub@jirutka.cz>
# Maintainer: Michał Polański <michal@polanski.me>
pkgname=seatd
pkgver=0.6.2
......@@ -6,12 +7,12 @@ pkgrel=1
pkgdesc="Minimal seat management daemon"
url="https://sr.ht/~kennylevinsen/seatd/"
license="MIT"
arch="all !ppc64le !mips64" # build failure
options="suid"
arch="all !ppc64le !mips64" # build failure
options="suid" # needed for seatd-launch
pkggroups="seat"
install="$pkgname.pre-install"
install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade"
makedepends="meson scdoc elogind-dev linux-headers"
subpackages="libseat:libs libseat-dev $pkgname-doc $pkgname-openrc"
subpackages="libseat:libs libseat-dev $pkgname-launch $pkgname-doc $pkgname-openrc"
source="$pkgname-$pkgver.tar.gz::https://git.sr.ht/~kennylevinsen/seatd/archive/$pkgver.tar.gz
$pkgname.initd
$pkgname.confd
......@@ -52,6 +53,13 @@ dev() {
pkgdesc="Universal seat management library (development files)"
}
launch() {
pkgdesc="Command to start a process with its own seatd instance (SUID binary)"
depends="$pkgname"
amove usr/bin/seatd-launch
}
sha512sums="
47e3aec819f43e72913be1cac2c0db26287f1ef8ecc738845d3591b3e2b4fee3441ac50ea45ac75a5da774e5305a18a02b8375f76f71644c8c07e95bcad52762 seatd-0.6.2.tar.gz
b742d0cee3f6cc2145af310423fbf4de7eb4f072dee14d0a7c65e8d91f435ad4293651307c23ab0d29d124b430b2ed7d9287ce732841304c91ce38b94cf4091d seatd.initd
......
community/seatd/seatd.post-install 0 → 100644
+ 7
0
View file @ c465729b
#!/bin/sh
cat >&2 <<EOF
* If you need seatd-launch SUID binary, install it: apk add cmd:seatd-launch.
EOF
exit 0
community/seatd/seatd.post-upgrade 0 → 100644
+ 14
0
View file @ c465729b
#!/bin/sh
ver_old=$2
if [ "$(apk version -t "$ver_old" '0.6.2-r1')" = '<' ]; then
cat >&2 <<-EOF
*
* seatd-launch has been moved to a separate subpackage. If you use it, run:
* apk add cmd:seatd-launch.
*
EOF
fi
exit 0
  • Michał Polański @mpolanski ·
    Developer

    While I have no objections to the changes, I'd appreciate a merge request with them for a review. @jirutka

  • Jakub Jirutka :flag_ua: @jirutka ·
    Author Developer

    I’m sorry about that. I’ll keep that in mind for next time.

0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment