parent
64138b3334
commit
947815f59f
@ -288,6 +288,7 @@
|
||||
kresd = 270;
|
||||
rpc = 271;
|
||||
geoip = 272;
|
||||
fcron = 273;
|
||||
|
||||
# When adding a uid, make sure it doesn't match an existing gid. And don't use uids above 399!
|
||||
|
||||
@ -545,6 +546,7 @@
|
||||
kresd = 270;
|
||||
#rpc = 271; # unused
|
||||
#geoip = 272; # unused
|
||||
fcron = 273;
|
||||
|
||||
# When adding a gid, make sure it doesn't match an existing
|
||||
# uid. Users and groups with the same name should have equal
|
||||
|
@ -23,7 +23,8 @@ let
|
||||
allowdeny = target: users:
|
||||
{ source = pkgs.writeText "fcron.${target}" (concatStringsSep "\n" users);
|
||||
target = "fcron.${target}";
|
||||
mode = "600"; # fcron has some security issues.. So I guess this is most safe
|
||||
mode = "644";
|
||||
gid = config.ids.gids.fcron;
|
||||
};
|
||||
|
||||
in
|
||||
@ -89,7 +90,7 @@ in
|
||||
[ (allowdeny "allow" (cfg.allow))
|
||||
(allowdeny "deny" cfg.deny)
|
||||
# see man 5 fcron.conf
|
||||
{ source = pkgs.writeText "fcon.conf" ''
|
||||
{ source = pkgs.writeText "fcron.conf" ''
|
||||
fcrontabs = /var/spool/fcron
|
||||
pidfile = /var/run/fcron.pid
|
||||
fifofile = /var/run/fcron.fifo
|
||||
@ -97,16 +98,40 @@ in
|
||||
fcrondeny = /etc/fcron.deny
|
||||
shell = /bin/sh
|
||||
sendmail = /run/wrappers/bin/sendmail
|
||||
editor = /run/current-system/sw/bin/vi
|
||||
editor = ${pkgs.vim}/bin/vim
|
||||
'';
|
||||
target = "fcron.conf";
|
||||
mode = "0600"; # max allowed is 644
|
||||
gid = config.ids.gids.fcron;
|
||||
mode = "0644";
|
||||
}
|
||||
];
|
||||
|
||||
environment.systemPackages = [ pkgs.fcron ];
|
||||
users.extraUsers.fcron = {
|
||||
uid = config.ids.uids.fcron;
|
||||
home = "/var/spool/fcron";
|
||||
group = "fcron";
|
||||
};
|
||||
users.groups.fcron.gid = config.ids.gids.fcron;
|
||||
|
||||
security.wrappers.fcrontab.source = "${pkgs.fcron.out}/bin/fcrontab";
|
||||
security.wrappers = {
|
||||
fcrontab = {
|
||||
source = "${pkgs.fcron}/bin/fcrontab";
|
||||
owner = "fcron";
|
||||
group = "fcron";
|
||||
setgid = true;
|
||||
};
|
||||
fcrondyn = {
|
||||
source = "${pkgs.fcron}/bin/fcrondyn";
|
||||
owner = "fcron";
|
||||
group = "fcron";
|
||||
setgid = true;
|
||||
};
|
||||
fcronsighup = {
|
||||
source = "${pkgs.fcron}/bin/fcronsighup";
|
||||
group = "fcron";
|
||||
};
|
||||
};
|
||||
systemd.services.fcron = {
|
||||
description = "fcron daemon";
|
||||
after = [ "local-fs.target" ];
|
||||
@ -118,14 +143,17 @@ in
|
||||
};
|
||||
|
||||
preStart = ''
|
||||
${pkgs.coreutils}/bin/mkdir -m 0700 -p /var/spool/fcron
|
||||
${pkgs.coreutils}/bin/mkdir -m 0770 -p /var/spool/fcron
|
||||
${pkgs.coreutils}/bin/chown -R fcron:fcron /var/spool/fcron
|
||||
# load system crontab file
|
||||
${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
|
||||
set -x
|
||||
#${pkgs.fcron}/bin/fcrontab -u systab ${pkgs.writeText "systab" cfg.systab}
|
||||
'';
|
||||
|
||||
serviceConfig.Type = "forking";
|
||||
|
||||
script = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
|
||||
serviceConfig = {
|
||||
Type = "forking";
|
||||
ExecStart = "${pkgs.fcron}/sbin/fcron -m ${toString cfg.maxSerialJobs} ${queuelen}";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,58 +1,61 @@
|
||||
# I've only worked on this till it compiled and worked. So maybe there are some things which should be done but I've missed
|
||||
# restart using 'killall -TERM fcron; fcron -b
|
||||
# use convert-fcrontab to update fcrontab files
|
||||
|
||||
{ stdenv, fetchurl, perl, busybox, vim }:
|
||||
|
||||
stdenv.mkDerivation rec {
|
||||
name = "fcron-3.1.2";
|
||||
name = "fcron-${version}";
|
||||
version = "3.2.1";
|
||||
|
||||
src = fetchurl {
|
||||
url = "http://fcron.free.fr/archives/${name}.src.tar.gz";
|
||||
sha256 = "0p8sn4m3frh2x2llafq2gbcm46rfrn6ck4qi0d0v3ql6mfx9k4hw";
|
||||
sha256 = "0sjz7r050myj6zgixzx3pk5ff819v6b0zfn0q1lkd19jkaix0531";
|
||||
};
|
||||
|
||||
buildInputs = [ perl ];
|
||||
|
||||
patches = [ ./relative-fcronsighup.patch ];
|
||||
|
||||
configureFlags =
|
||||
[ "--with-sendmail=${busybox}/sbin/sendmail"
|
||||
"--with-editor=${vim}/bin/vi" # TODO customizable
|
||||
"--with-bootinstall=no"
|
||||
"--localstatedir=/var"
|
||||
"--sysconfdir=/etc"
|
||||
# fcron would have been default user/grp
|
||||
"--with-username=root"
|
||||
"--with-groupname=root"
|
||||
"--with-rootname=root"
|
||||
"--with-rootgroup=root"
|
||||
"--disable-checks"
|
||||
];
|
||||
|
||||
|
||||
installTargets = "install-staged"; # install does also try to change permissions of /etc/* files
|
||||
|
||||
preConfigure =
|
||||
''
|
||||
sed -i 's@/usr/bin/env perl@${perl}/bin/perl@g' configure script/*
|
||||
# Don't let fcron create the group fcron, nix(os) should do this
|
||||
sed -i '2s@.*@exit 0@' script/user-group
|
||||
|
||||
# --with-bootinstall=no shoud do this, didn't work. So just exit the script before doing anything
|
||||
sed -i '2s@.*@exit 0@' script/boot-install
|
||||
# fcron tries to install pid into system directory on install
|
||||
installFlags = [
|
||||
"ETC=."
|
||||
"PIDDIR=."
|
||||
"PIDFILE=fcron.pid"
|
||||
"REBOOT_LOCK=fcron.reboot"
|
||||
"FIFODIR=."
|
||||
"FIFOFILE=fcron.fifo"
|
||||
"FCRONTABS=."
|
||||
];
|
||||
|
||||
# also don't use chown or chgrp for documentation (or whatever) when installing
|
||||
find -type f | xargs sed -i -e 's@^\(\s\)*chown@\1:@' -e 's@^\(\s\)*chgrp@\1:@'
|
||||
'';
|
||||
preConfigure = ''
|
||||
sed -i 's@/usr/bin/env perl@${perl}/bin/perl@g' configure script/*
|
||||
# Don't let fcron create the group fcron, nix(os) should do this
|
||||
sed -i '2s@.*@exit 0@' script/user-group
|
||||
|
||||
patchPhase =
|
||||
''
|
||||
# don't try to create /etc/fcron.{allow,deny,conf}
|
||||
sed -i -e 's@test -f $(DESTDIR)$(ETC)/fcron.conf @ # @' \
|
||||
-e 's@if test ! -f $(DESTDIR)$(ETC)/fcron.allow@ # @' Makefile.in
|
||||
'';
|
||||
# --with-bootinstall=no shoud do this, didn't work. So just exit the script before doing anything
|
||||
sed -i '2s@.*@exit 0@' script/boot-install
|
||||
|
||||
meta = {
|
||||
# also don't use chown or chgrp for documentation (or whatever) when installing
|
||||
find -type f | xargs sed -i -e 's@^\(\s\)*chown@\1:@' -e 's@^\(\s\)*chgrp@\1:@'
|
||||
'';
|
||||
|
||||
meta = with stdenv.lib; {
|
||||
description="A command scheduler with extended capabilities over cron and anacron";
|
||||
homepage = http://fcron.free.fr;
|
||||
license = stdenv.lib.licenses.gpl2;
|
||||
platforms = stdenv.lib.platforms.all;
|
||||
license = licenses.gpl2;
|
||||
|
||||
};
|
||||
}
|
||||
|
16
pkgs/tools/system/fcron/relative-fcronsighup.patch
Normal file
16
pkgs/tools/system/fcron/relative-fcronsighup.patch
Normal file
@ -0,0 +1,16 @@
|
||||
Use relative fcronsighup to prefer setuid executable over package binary.
|
||||
--- fcron-3.2.1.orig/fcrontab.c 2016-06-26 17:02:48.000000000 +0200
|
||||
+++ fcron-3.2.1/fcrontab.c 2017-03-05 21:54:24.676871335 +0100
|
||||
@@ -154,10 +154,10 @@
|
||||
fcrontab_gid);
|
||||
exit(ERR);
|
||||
}
|
||||
- execl(BINDIREX "/fcronsighup", BINDIREX "/fcronsighup", fcronconf,
|
||||
+ execlp("fcronsighup", "fcronsighup", fcronconf,
|
||||
NULL);
|
||||
|
||||
- error_e("Could not exec " BINDIREX " fcronsighup");
|
||||
+ error_e("Could not exec fcronsighup");
|
||||
exit(ERR);
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user