Skip to content

Commit 2f223b9

Browse files
fly602fly602
committed
feat: dde-api安全整改,优化调整
makefile中入参改用ifneq判断,dde-api安装时创建deepin-daemon用户 Log: dde-api安全整改 PMS: TASK-369021
1 parent f130a30 commit 2f223b9

4 files changed

Lines changed: 13 additions & 14 deletions

File tree

Makefile

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -143,12 +143,12 @@ install-binary:
143143
mkdir -pv ${DESTDIR}${SYSTEMD_SERVICE_DIR}
144144
cp -R misc/systemd/system/*.service ${DESTDIR}${SYSTEMD_SERVICE_DIR}
145145
# 默认不安装 deepin-locale-helper.service,只有显式开启时才保留
146-
if [ "${INSTALL_LOCALE_HELPER}" != "1" ]; then \
147-
rm -f ${DESTDIR}${SYSTEMD_SERVICE_DIR}/deepin-locale-helper.service; \
148-
rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system-services/org.deepin.dde.LocaleHelper1.service; \
149-
rm -f ${DESTDIR}${PREFIX}/share/polkit-1/actions/org.deepin.dde.locale-helper.policy; \
150-
rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system.d/org.deepin.dde.LocaleHelper1.conf; \
151-
fi
146+
ifneq ($(INSTALL_LOCALE_HELPER), 1)
147+
rm -f ${DESTDIR}${SYSTEMD_SERVICE_DIR}/deepin-locale-helper.service;
148+
rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system-services/org.deepin.dde.LocaleHelper1.service;
149+
rm -f ${DESTDIR}${PREFIX}/share/polkit-1/actions/org.deepin.dde.locale-helper.policy;
150+
rm -f ${DESTDIR}${PREFIX}/share/dbus-1/system.d/org.deepin.dde.LocaleHelper1.conf;
151+
endif
152152

153153
mkdir -pv ${DESTDIR}${PREFIX}/share/icons/hicolor
154154
cp -R misc/icons/* ${DESTDIR}${PREFIX}/share/icons/hicolor

debian/rules

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,8 @@ endif
1414
dh $@ --buildsystem=makefile
1515

1616
override_dh_auto_install:
17+
cp -f misc/sysusers/deepin-daemon.conf debian/deepin-daemon.sysusers
18+
dh_installsysusers --name=deepin-daemon
1719
dh_auto_install -- INSTALL_LOCALE_HELPER=1
1820

1921
override_dh_strip:

misc/sysusers/deepin-daemon.conf

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
#Type Name ID GECOS Home directory Shell
2+
u deepin-daemon - "" - -
3+
m deepin-daemon netdev

rpm/dde-api.spec

Lines changed: 2 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -87,18 +87,11 @@ for file in $(find . -iname "*.go" -o -iname "*.c" -o -iname "*.h" -o -iname "*.
8787
cp -pav $file %{buildroot}/%{gopath}/src/%{goipath}/$file
8888
echo "%{gopath}/src/%{goipath}/$file" >> devel.file-list
8989
done
90+
install -D -m 0644 misc/sysusers/deepin-daemon.conf %{buildroot}%{_sysusersdir}/deepin-daemon.conf
9091
%make_install SYSTEMD_SERVICE_DIR="%{_unitdir}" LIBDIR="%{_libexecdir}"
9192
# HOME directory for user deepin-daemon
9293
mkdir -p %{buildroot}%{_sharedstatedir}/deepin-daemon
9394

94-
%pre
95-
getent group deepin-daemon >/dev/null || groupadd -r deepin-daemon
96-
getent passwd deepin-daemon >/dev/null || \
97-
useradd -r -g deepin-daemon -d %{_sharedstatedir}/deepin-daemon\
98-
-s /sbin/nologin \
99-
-c "User of org.deepin.dde.SoundThemePlayer1.service" deepin-daemon
100-
exit 0
101-
10295
%post
10396
%systemd_post deepin-shutdown-sound.service
10497

@@ -124,6 +117,7 @@ exit 0
124117
%{_datadir}/polkit-1/actions/org.deepin.dde.device.unblock-bluetooth-devices.policy
125118
%{_var}/lib/polkit-1/rules.d/org.deepin.dde.device.rules
126119
%attr(-, deepin-daemon, deepin-daemon) %{_sharedstatedir}/deepin-daemon
120+
%{_sysusersdir}/deepin-daemon.conf
127121

128122
%files -n %{name}-devel -f devel.file-list
129123

0 commit comments

Comments
 (0)