net-vpn/peervpn: revbump to 0.044-r4 for bug 629418

Package-Manager: Portage-2.3.8, Repoman-2.3.2

2 files changed, 15 insertions, 9 deletions

diff --git a/net-vpn/peervpn/files/peervpn.initd b/net-vpn/peervpn/files/peervpn.initd
index b02458ae16ca..15390d4e8666 100644
--- a/net-vpn/peervpn/files/peervpn.initd
+++ b/net-vpn/peervpn/files/peervpn.initd
@@ -1,9 +1,9 @@
 #!/sbin/openrc-run
-# Copyright 2016 Gentoo Foundation
+# Copyright 2016-2017 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
 
 description="peervpn server"
-pidfile=${pidfile:-"/run/${SVCNAME}/${SVCNAME}.pid"}
+pidfile=${pidfile:-"/run/${SVCNAME}.pid"}
 logfile=${logfile:-"/var/log/${SVCNAME}/${SVCNAME}.log"}
 user=${SVCNAME}
 group=${SVCNAME}
@@ -18,9 +18,4 @@ start_stop_daemon_args="
 
 depend() {
 	need net
-	after net
-}
-
-start_pre() {
-	checkpath -d -m 0755 -o "${user}":"${group}" "${pidfile%/*}"
 }
diff --git a/net-vpn/peervpn/peervpn-0.044-r3.ebuild b/net-vpn/peervpn/peervpn-0.044-r4.ebuild
index 14ae94d7c02f..158c4a4da2b0 100644
--- a/net-vpn/peervpn/peervpn-0.044-r3.ebuild
+++ b/net-vpn/peervpn/peervpn-0.044-r4.ebuild
@@ -42,8 +42,9 @@ src_install() {
 
 	insinto /etc/${PN}
 	newins peervpn.conf peervpn.conf.example
-	fowners ${PN}:${PN} /etc/${PN}
-	fperms 0700 /etc/${PN}
+	# read-only group access for bug 629418
+	fowners root:${PN} /etc/${PN}
+	fperms 0750 /etc/${PN}
 
 	newinitd "${FILESDIR}/${PN}.initd" "${PN}"
 	systemd_dounit "${FILESDIR}/${PN}.service"
@@ -52,3 +53,13 @@ src_install() {
 	insinto /etc/logrotate.d
 	newins "${FILESDIR}/${PN}.logrotated" "${PN}"
 }
+
+pkg_preinst() {
+	if ! has_version '>=net-vpn/peervpn-0.044-r4' && \
+		[[ -d ${EROOT}etc/${PN} &&
+		$(find "${EROOT}etc/peervpn" ! -user root -print) ]]; then
+		ewarn "Tightening '${EROOT}etc/${PN}' permissions for bug 629418"
+		chown -R root:${PN} "${EROOT}etc/${PN}" || die
+		chmod -R g+rX-w,o-rwx "${EROOT}etc/${PN}" || die
+	fi
+}