packaging: bore user run as + perms

someodd · Oct 7, 2024 · 783b746 · 783b746
1 parent cee22fb
commit 783b746
Show file tree

Hide file tree

Showing 5 changed files with 14 additions and 4 deletions.
diff --git a/bore.cabal b/bore.cabal
@@ -5,7 +5,7 @@ cabal-version: 2.2
 -- see: https://github.com/sol/hpack
 
 name:           bore
-version:        0.3.0.0
+version:        0.3.0.1
 synopsis:       Build gopherholes.
 description:    Static site builder, but for gopherholes. Manage phlogs with tags, use the Markdown renderer and Mustache templating system.
 category:       Network

diff --git a/reposcripts/bore.service b/reposcripts/bore.service
@@ -5,8 +5,8 @@ After=network.target
 [Service]
 ExecStart=/usr/local/bin/bore watchServe --source /var/gopher/source --output /var/gopher/output
 Restart=always
-User=nobody
-Group=nogroup
+User=bore
+Group=bore
 
 [Install]
 WantedBy=multi-user.target
diff --git a/reposcripts/bore.toml b/reposcripts/bore.toml
@@ -14,4 +14,4 @@ listenAddress = "::"
 listenPort = 70
 # This is the user the server runs as. This is useful for dropping privileges. The default
 # is the user that started the server, so that can be null. Uncomment to define.
-#user = "nobody"
+user = "bore"
diff --git a/reposcripts/package.sh b/reposcripts/package.sh
@@ -44,6 +44,7 @@ fpm -s dir -t deb -n bore -v ${VERSION} \
     --maintainer "someodd <[email protected]>" \
     --url "http://www.someodd.zip/showcase/bore" \
     --license "GPL" \
+    --after-install ./reposcripts/post-install.sh \
     -p "${OUTPUT_PATH}" \
     -C $TEMPORARY_PKG_DIR \
     usr/local/bin/bore \

diff --git a/reposcripts/post-install.sh b/reposcripts/post-install.sh
@@ -0,0 +1,9 @@
+#!/bin/bash
+# Create the `bore` user without a home directory
+if ! id -u bore &>/dev/null; then
+    useradd --system --no-create-home --shell /usr/sbin/nologin bore
+fi
+
+# Set ownership and permissions for the gopher directories
+chown -R bore:bore /var/gopher/output /var/gopher/source
+chmod -R 755 /var/gopher/output /var/gopher/source