https://bugzilla.redhat.com/show_bug.cgi?id=2393738 Maxwell G <maxwell@xxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |maxwell@xxxxxxx --- Comment #14 from Maxwell G <maxwell@xxxxxxx> --- (Drive by suggestion about the config file. Thanks Mikel for the detailed review!) The smtprelay.ini is 0644, but I assume it has sensitive data (i.e., mail server credentials) and shouldn't be world readable. I suppose the proper solution would be to make it `%attr(0640,root,smtprelay)`. Also, I see an `allowed_users` option is allowed which could point to another config file. Would it make sense to store smtprelay.ini in /etc/smtprelay instead of the parent /etc directory so, if needed, users could drop that additional file in the same directory? ``` diff --git a/smtprelay.spec b/smtprelay.spec index 9bb231e..d02022e 100644 --- a/smtprelay.spec +++ b/smtprelay.spec @@ -54,11 +54,16 @@ export GO_LDFLAGS="-X main.appVersion=%{version} \ %install %go_vendor_license_install -c %{S:2} +# Binary install -m 0755 -vd %{buildroot}%{_bindir} install -m 0755 -vp %{gobuilddir}/bin/* %{buildroot}%{_bindir}/ +# Config file install -m 0755 -vd %{buildroot}%{_sysconfdir} -install -m 0755 -vp smtprelay.ini %{buildroot}%{_sysconfdir}/ -install -D -p -m 0640 %{S:3} %{buildroot}%{_unitdir}/smtprelay.service +install -m 0750 -vd %{buildroot}%{_sysconfdir}/smtprelay +install -m 0640 -vp smtprelay.ini %{buildroot}/%{_sysconfdir}/smtprelay +# Systemd unit and sysusers +install -D -p -m 0644 %{S:3} %{buildroot}%{_unitdir}/smtprelay.service +install -D -p -m 0644 %{S:4} %{buildroot}%{_sysusersdir}/smtprelay.conf %check %go_vendor_license_check -c %{S:2} @@ -82,7 +87,9 @@ install -D -p -m 0640 %{S:3} %{buildroot}%{_unitdir}/smtprelay.service %license vendor/modules.txt %doc README.md SECURITY.md %{_bindir}/smtprelay -%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/smtprelay.ini +%dir %attr(0750,root,smtprelay) %config(noreplace) %{_sysconfdir}/smtprelay +%attr(0640,root,smtprelay) %config(noreplace) %{_sysconfdir}/smtprelay/smtprelay.ini +%{_sysusersdir}/smtprelay.conf %{_unitdir}/smtprelay.service %changelog ``` -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2393738 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-spam&short_desc=Report%20of%20Bug%202393738%23c14 -- _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
