From 1d6c1025d8d5fa9787fa3632bc7bc1fa357e62f1 Mon Sep 17 00:00:00 2001
From: Jakub Jirutka <jakub@jirutka.cz>
Date: Fri, 27 Jul 2018 14:40:29 +0200
Subject: community/roundcubemail: more secure privileges, prefer php-fpm

If the user want to run Roundcube with "traditional", quite insecure
and silly method by running PHP apps with web server (e.g. Apache2
mod_php) under web server's user, (s)he still can, but have to change
group of config files or add web server's user to group roundcube.
This is announced by message in post-upgrade script.

The -openrc subpackage is now installed by default when openrc is
installed, which should promote running Roundcube using php-fpm.
---
 community/roundcubemail/APKBUILD | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

(limited to 'community/roundcubemail/APKBUILD')

diff --git a/community/roundcubemail/APKBUILD b/community/roundcubemail/APKBUILD
index a72dadb73d..618976dc37 100644
--- a/community/roundcubemail/APKBUILD
+++ b/community/roundcubemail/APKBUILD
@@ -35,8 +35,13 @@ makedepends="$_depends_managesieve"
 pkgusers="roundcube"
 pkggroups="$pkgusers"
 options="!check"  # no tests provided
-install="$pkgname.pre-install $pkgname.post-install $pkgname.post-upgrade
-	$pkgname-openrc.post-install $pkgname-pgsql.post-install"
+install="$pkgname.pre-install
+	$pkgname.post-install
+	$pkgname.post-upgrade
+	$pkgname-installer.post-install
+	$pkgname-openrc.post-install
+	$pkgname-pgsql.post-install
+	"
 subpackages="$pkgname-installer $pkgname-openrc $pkgname-doc"
 source="https://github.com/roundcube/$pkgname/releases/download/$pkgver/$pkgname-$pkgver-complete.tar.gz
 	fix-dirs.patch
@@ -115,7 +120,7 @@ package() {
 	mv ./$_destdir/config ./etc/roundcube
 	mkdir ./etc/roundcube/plugins
 
-	install -m 644 -o roundcube -g roundcube \
+	install -m 640 -g roundcube \
 		"$srcdir"/config.inc.php ./etc/roundcube/
 
 	local file; for file in CHANGELOG INSTALL README.md UPGRADING; do
@@ -149,6 +154,7 @@ installer() {
 }
 
 openrc() {
+	default_openrc
 	pkgdesc="OpenRC init script that runs Roundcube with php-fpm"
 	depends="$pkgname=$pkgver-r$pkgrel $_php-fpm"
 
-- 
cgit v1.2.3