From 169b082ff376ba3906844b0d2e8dada43d72c8fb Mon Sep 17 00:00:00 2001
From: Henrik Riomar <henrik.riomar@gmail.com>
Date: Mon, 1 Nov 2021 09:27:37 +0100
Subject: [PATCH 1/2] main/doas: fix perms of /etc/doas.d

Fix perms of /etc/doas.d to match the perms of /etc/sudoers.d
---
 main/doas/APKBUILD          | 2 +-
 main/doas/doas.post-install | 4 ++--
 main/doas/doas.post-upgrade | 9 +++++++--
 3 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/main/doas/APKBUILD b/main/doas/APKBUILD
index 9b5f49fc77b4..73b8a9948e77 100644
--- a/main/doas/APKBUILD
+++ b/main/doas/APKBUILD
@@ -1,7 +1,7 @@
 # Maintainer: Drew DeVault <sir@cmpwn.com>
 pkgname=doas
 pkgver=6.8.1
-pkgrel=6
+pkgrel=7
 pkgdesc="OpenBSD's temporary privilege escalation tool"
 url="https://github.com/Duncaen/OpenDoas"
 arch="all"
diff --git a/main/doas/doas.post-install b/main/doas/doas.post-install
index 46518437c2ef..e27cf4ad38f2 100755
--- a/main/doas/doas.post-install
+++ b/main/doas/doas.post-install
@@ -1,6 +1,6 @@
 #!/bin/sh
 
-[ -d /etc/doas.d ] || mkdir /etc/doas.d
+[ -d /etc/doas.d ] || install -d -m 0750 /etc/doas.d
 [ -e /etc/doas.d/doas.conf ] && exit 0
 
 cat << _EOF_ >/etc/doas.d/doas.conf
@@ -27,4 +27,4 @@ cat << _EOF_ >&2
  * /etc/doas.d/doas.conf and a symlink was installed in its
  * place.  For more information about the new doas configuration
  * directory, consult doas.d(5).
-_EOF_
\ No newline at end of file
+_EOF_
diff --git a/main/doas/doas.post-upgrade b/main/doas/doas.post-upgrade
index 46518437c2ef..362ac4ae2cbe 100755
--- a/main/doas/doas.post-upgrade
+++ b/main/doas/doas.post-upgrade
@@ -1,6 +1,11 @@
 #!/bin/sh
 
-[ -d /etc/doas.d ] || mkdir /etc/doas.d
+[ -d /etc/doas.d ] || install -d -m 0750 /etc/doas.d
+# fix perms when upgrading from 6.8.1-r6
+if [ -d /etc/doas.d ] && [ "$(stat -c "%a" /etc/doas.d)" = "755" ]; then
+	chmod 0750 /etc/doas.d
+fi
+
 [ -e /etc/doas.d/doas.conf ] && exit 0
 
 cat << _EOF_ >/etc/doas.d/doas.conf
@@ -27,4 +32,4 @@ cat << _EOF_ >&2
  * /etc/doas.d/doas.conf and a symlink was installed in its
  * place.  For more information about the new doas configuration
  * directory, consult doas.d(5).
-_EOF_
\ No newline at end of file
+_EOF_
-- 
GitLab


From 6e08ade3f8cabdf6bece0e8456307060c164acce Mon Sep 17 00:00:00 2001
From: Henrik Riomar <henrik.riomar@gmail.com>
Date: Mon, 1 Nov 2021 10:29:38 +0100
Subject: [PATCH 2/2] main/doas: fix a migration bug from /etc/doas.conf to
 /etc/doas.d/doas.conf

If /etc/doas.conf is a symlink from an older install we should not run
the migration code again
---
 main/doas/doas.post-install | 6 ++++--
 main/doas/doas.post-upgrade | 6 ++++--
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/main/doas/doas.post-install b/main/doas/doas.post-install
index e27cf4ad38f2..26a63aa22506 100755
--- a/main/doas/doas.post-install
+++ b/main/doas/doas.post-install
@@ -9,11 +9,13 @@ cat << _EOF_ >/etc/doas.d/doas.conf
 # previous location, /etc/doas.conf, automatically.
 _EOF_
 
-[ -e /etc/doas.conf ] && cat /etc/doas.conf >> /etc/doas.d/doas.conf
-[ -e /etc/doas.conf ] || cat << _EOF_ >> /etc/doas.d/doas.conf
+if [ -f /etc/doas.conf ]; then
+	cat /etc/doas.conf >> /etc/doas.d/doas.conf
+	cat << _EOF_ >> /etc/doas.d/doas.conf
 # Please see /usr/share/doc/doas/doas.conf.example in the doas-doc
 # package for configuration examples.
 _EOF_
+fi
 
 # install compatibility symlink
 rm -f /etc/doas.conf
diff --git a/main/doas/doas.post-upgrade b/main/doas/doas.post-upgrade
index 362ac4ae2cbe..731b3511cada 100755
--- a/main/doas/doas.post-upgrade
+++ b/main/doas/doas.post-upgrade
@@ -14,11 +14,13 @@ cat << _EOF_ >/etc/doas.d/doas.conf
 # previous location, /etc/doas.conf, automatically.
 _EOF_
 
-[ -e /etc/doas.conf ] && cat /etc/doas.conf >> /etc/doas.d/doas.conf
-[ -e /etc/doas.conf ] || cat << _EOF_ >> /etc/doas.d/doas.conf
+if [ -f /etc/doas.conf ]; then
+	cat /etc/doas.conf >> /etc/doas.d/doas.conf
+	cat << _EOF_ >> /etc/doas.d/doas.conf
 # Please see /usr/share/doc/doas/doas.conf.example in the doas-doc
 # package for configuration examples.
 _EOF_
+fi
 
 # install compatibility symlink
 rm -f /etc/doas.conf
-- 
GitLab