svn commit: r466726 - in branches/2018Q2: . sysutils/logstash6 sysutils/logstash6/files
Mark Felder
feld at FreeBSD.org
Sat Apr 7 14:02:09 UTC 2018
Author: feld
Date: Sat Apr 7 14:02:07 2018
New Revision: 466726
URL: https://svnweb.freebsd.org/changeset/ports/466726
Log:
MFH: r466725
sysutils/logstash6: Run as non-root by default
- Added logstash user/group
Modified:
branches/2018Q2/GIDs
branches/2018Q2/UIDs
branches/2018Q2/sysutils/logstash6/Makefile
branches/2018Q2/sysutils/logstash6/files/logstash.in
Directory Properties:
branches/2018Q2/ (props changed)
Modified: branches/2018Q2/GIDs
==============================================================================
--- branches/2018Q2/GIDs Sat Apr 7 14:01:22 2018 (r466725)
+++ branches/2018Q2/GIDs Sat Apr 7 14:02:07 2018 (r466726)
@@ -827,13 +827,13 @@ chronyd:*:849:
# free: 884
# free: 885
# free: 886
-# free: 887
+pdagent:*:887:
vuls:*:888:
mattermost:*:889:
matterircd:*:890:
# free: 891
# free: 892
-# free: 893
+logstash:*:893:
arangodb:*:894:
snmptt:*:895:
istat:*:896:
Modified: branches/2018Q2/UIDs
==============================================================================
--- branches/2018Q2/UIDs Sat Apr 7 14:01:22 2018 (r466725)
+++ branches/2018Q2/UIDs Sat Apr 7 14:02:07 2018 (r466726)
@@ -833,13 +833,13 @@ archiva:*:871:871::0:0:Apache Archiva Daemon:/nonexist
# free: 884
# free: 885
# free: 886
-# free: 887
+pdagent:*:887:887::0:0:PagerDuty Agent:/nonexistent:/usr/sbin/nologin
vuls:*:888:888::0:0:VULnerability Scanner:/var/db/vuls:/usr/sbin/nologin
mattermost:*:889:889::0:0:Mattermost:/usr/local/www/mattermost:/usr/sbin/nologin
matterircd:*:890:890::0:0:Matterircd User:/nonexistent:/usr/sbin/nologin
# free: 891
# free: 892
-# free: 893
+logstash:*:893:893::0:0:Logstash user:/nonexistent:/usr/sbin/nologin
arangodb:*:894:894::0:0:ArangoDB pseudo-user:/var/db/arangodb:/usr/sbin/nologin
snmptt:*:895:895::0:0:SNMPTT User:/var/spool/snmptt:/usr/sbin/nologin
istat:*:896:896::0:0:istatserver user:/nonexistent:/usr/sbin/nologin
Modified: branches/2018Q2/sysutils/logstash6/Makefile
==============================================================================
--- branches/2018Q2/sysutils/logstash6/Makefile Sat Apr 7 14:01:22 2018 (r466725)
+++ branches/2018Q2/sysutils/logstash6/Makefile Sat Apr 7 14:02:07 2018 (r466726)
@@ -3,7 +3,7 @@
PORTNAME= logstash
PORTVERSION= 6.2.2
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= sysutils java
MASTER_SITES= http://artifacts.elastic.co/downloads/logstash/
PKGNAMESUFFIX= 6
@@ -25,6 +25,9 @@ JAVA_VERSION= 1.8+
JAVA_RUN= yes
NO_BUILD= yes
+USERS= logstash
+GROUPS= logstash
+
LOGSTASH_DIR= ${PREFIX}/${PORTNAME}
USE_RC_SUBR= logstash
@@ -35,7 +38,7 @@ SUB_LIST= JAVA_HOME=${JAVA_HOME} \
LOGSTASH_HOME=${LOGSTASH_HOME}
LOGSTASH_CONF_FILES= jvm.options log4j2.properties logstash.yml pipelines.yml
-LOGSTASH_JRUBY_SUBDIR= vendor/jruby/bin
+LOGSTASH_JRUBY_SUBDIR= vendor/jruby/bin
LOGSTASH_JRUBY_BIN_FILES= ast irb jirb jruby jruby.sh rdoc testrb gem \
jgem jirb_swing jruby.bash jrubyc rake ri
@@ -65,7 +68,7 @@ post-install:
.endfor
${FIND} -s ${STAGEDIR}${PREFIX}/logstash -not -type d | ${SORT} | \
${SED} -e 's#^${STAGEDIR}${PREFIX}/##' >> ${TMPPLIST}
- ${ECHO} "@dir logstash/data" >> ${TMPPLIST}
+ ${ECHO} "@dir(logstash,logstash,) logstash/data" >> ${TMPPLIST}
${ECHO} "@dir logstash/vendor/bundle/jruby/2.3.0/build_info" >> ${TMPPLIST}
${ECHO} "@dir logstash/vendor/bundle/jruby/2.3.0/cache" >> ${TMPPLIST}
${ECHO} "@dir logstash/vendor/bundle/jruby/2.3.0/doc" >> ${TMPPLIST}
Modified: branches/2018Q2/sysutils/logstash6/files/logstash.in
==============================================================================
--- branches/2018Q2/sysutils/logstash6/files/logstash.in Sat Apr 7 14:01:22 2018 (r466725)
+++ branches/2018Q2/sysutils/logstash6/files/logstash.in Sat Apr 7 14:02:07 2018 (r466726)
@@ -55,6 +55,8 @@ load_rc_config ${name}
logdir="/var/log"
: ${logstash_enable="NO"}
+: ${logstash_user="logstash"}
+: ${logstash_group="logstash"}
: ${logstash_home="%%LOGSTASH_HOME%%"}
: ${logstash_config="%%ETCDIR%%"}
: ${logstash_log="YES"}
@@ -96,10 +98,10 @@ PATH=/usr/local/bin:$PATH
logstash_precmd()
{
- /usr/bin/install -d -o root -g wheel -m 755 ${pidfile%/*}
- /usr/bin/install -d -o root -g wheel -m 755 ${logstash_log_dir}
- /usr/bin/install -d -o root -g wheel -m 755 /var/db/logstash
- /usr/bin/install -d -o root -g wheel -m 755 /var/run/logstash
+ /usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${pidfile%/*}
+ /usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 ${logstash_log_dir}
+ /usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/db/logstash
+ /usr/bin/install -d -o ${logstash_user} -g ${logstash_group} -m 755 /var/run/logstash
}
configtest()
More information about the svn-ports-all
mailing list