From: Daniel Kahn Gillmor Date: Fri, 1 Apr 2016 16:08:10 -0300 Subject: clean launch_tcpcryptd.sh for debian This launcher script should not try to do things like create new user accounts, or load scripts or binaries from a source directory. This might make sense when people build from source; but once it's installed in a package, just more sensible things. --- launch_tcpcryptd.sh | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/launch_tcpcryptd.sh b/launch_tcpcryptd.sh index 24ce446..f96928c 100755 --- a/launch_tcpcryptd.sh +++ b/launch_tcpcryptd.sh @@ -1,11 +1,11 @@ #!/bin/sh -BASE=`dirname $0` -TCPCRYPTD=$BASE/src/tcpcryptd +LIBRARY=/usr/share/tcpcryptd +TCPCRYPTD=/usr/bin/tcpcryptd DIVERT_PORT=666 PIDFILE=/var/run/tcpcrypt.pid JAIL_DIR=/var/run/tcpcryptd -DAEMON_USER=tcpcryptd +DAEMON_USER=debian-tcpcryptd OSNAME=`uname -s` @@ -26,7 +26,7 @@ else fi start_tcpcryptd() { - LD_LIBRARY_PATH=lib/ $TCPCRYPTD \ + $TCPCRYPTD \ -U $DAEMON_USER \ -J $JAIL_DIR \ -p $DIVERT_PORT \ @@ -43,19 +43,6 @@ init_jail() { echo "Creating jail directory $JAIL_DIR" (umask 077 && mkdir $JAIL_DIR) fi - - id $DAEMON_USER >/dev/null 2>&1 - if [ $? -ne 0 ] - then - echo "Creating user and group '$DAEMON_USER'" - - if [ "$OSNAME" = "Darwin" ] ; then - dscl . create /Users/tcpcryptd UniqueID 666 - dscl . create /Users/tcpcryptd PrimaryGroupID 666 - else - useradd -s /usr/bin/nologin -d / -M -U $DAEMON_USER - fi - fi } ee() { @@ -65,7 +52,7 @@ ee() { set_iptables() { export DAEMON_USER DIVERT_PORT ONLY_PORTS OMIT_PORTS - $BASE/src/iptables.sh start + $LIBRARY/iptables.sh start if [ $? -ne 0 ] then echo "Couldn't set iptables" >&2 @@ -77,14 +64,14 @@ unset_iptables() { echo Removing iptables rules and quitting tcpcryptd... export DAEMON_USER DIVERT_PORT ONLY_PORTS OMIT_PORTS - $BASE/src/iptables.sh stop + $LIBRARY/iptables.sh stop exit } bsd_set_ipfw() { if [ "$OSNAME" = "Darwin" ] ; then - pfctl -Fa -e -f $BASE/src/pf.conf + pfctl -Fa -e -f $LIBRARY/pf.conf return fi