dev-db/postgresql: Eselect and security related fixes

Dependency bumped on app-eselect/eselect-postgresql to 2.0. Some of its work has been shifted into the ebuild as the files/links don’t change until this package is reemerge, unmerged, or updated. Security issues addressed in the initscripts per bugs 603716 and 603720. Bugs: 603716, 603720 Package-Manager: portage-2.3.0
author: Aaron W. Swenson <titanofold@gentoo.org> 2017-04-17 09:09:56 -0400
committer: Aaron W. Swenson <titanofold@gentoo.org> 2017-04-17 11:40:58 -0400
commit: f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7 (patch)
tree: faa755f42c3a4faaef7f3e90bfb6d1f3e899d9df /dev-db/postgresql/files
parent: app-eselect/eselect-postgresql: Bug Fixes and Enhancements (diff)
download: gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.tar.gz
gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.tar.bz2
gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.zip
4 files changed, 441 insertions, 0 deletions
diff --git a/dev-db/postgresql/files/postgresql.confd-9.2 b/dev-db/postgresql/files/postgresql.confd-9.2
new file mode 100644
index 000000000000..7753eeae3a89
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql.confd-9.2
@@ -0,0 +1,65 @@
+# Directory that contains the unix socket. Created and controlled by
+# the related initscript. The directory created will be owned
+# root:postgres with mode 1775.
+#
+# /run/postgresql is the default directory.
+PG_SOCKET_DIRECTORY="/run/postgresql"
+
+# Which port and socket to bind PostgreSQL
+PGPORT="5432"
+
+# How long to wait for server to start in seconds
+START_TIMEOUT=10
+
+# NICE_QUIT ignores new connections and wait for clients to disconnect from
+# server before shutting down. NICE_TIMEOUT in seconds determines how long to
+# wait for this to succeed.
+NICE_TIMEOUT=60
+
+# Forecfully disconnect clients from server and shut down. This is performed
+# after NICE_QUIT. Terminated client connections have their open transactions
+# rolled back.
+# Set RUDE_QUIT to "NO" to disable. RUDE_TIMEOUT in seconds.
+RUDE_QUIT="YES"
+RUDE_TIMEOUT=30
+
+# If the server still fails to shutdown, you can force it to quit by setting
+# this to YES and a recover-run will execute on the next startup.
+# Set FORCE_QUIT to "YES" to enable. FORCE_TIMEOUT in seconds.
+FORCE_QUIT="NO"
+FORCE_TIMEOUT=2
+
+# Extra options to run postmaster with, e.g.:
+# -N is the maximal number of client connections
+# -B is the number of shared buffers and has to be at least 2x the value for -N
+# Please read the man-page to postmaster for more options. Many of these
+# options can be set directly in the configuration file.
+#PGOPTS="-N 512 -B 1024"
+
+# Pass extra environment variables. If you have to export environment variables
+# for the database process, this can be done here.
+# Don't forget to escape quotes.
+#PG_EXTRA_ENV="PGPASSFILE=\"/path/to/.pgpass\""
+
+##############################################################################
+#
+# The following values should not be arbitrarily changed.
+#
+# `emerge --config dev-db/postgresql:@SLOT@' uses these values to
+# determine where to create the data directory, where to place the
+# configuration files, and any additional options to pass to initdb.
+#
+# The initscript also uses these variables to inform PostgreSQL where to find
+# its data directory and configuration files.
+#
+##############################################################################
+
+# Location of configuration files
+PGDATA="/etc/postgresql-@SLOT@/"
+
+# Where the data directory is located/to be created
+DATA_DIR="/var/lib/postgresql/@SLOT@/data"
+
+# Additional options to pass to initdb.
+# See `man initdb' for available options.
+PG_INITDB_OPTS="--encoding=UTF8"
diff --git a/dev-db/postgresql/files/postgresql.confd-9.3 b/dev-db/postgresql/files/postgresql.confd-9.3
new file mode 100644
index 000000000000..8b6d2a097285
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql.confd-9.3
@@ -0,0 +1,65 @@
+# Comma-separated list of directories that contain a unix
+# socket. Created and controlled by the related initscript. The
+# directories created will be owned root:postgres with mode 1775.
+#
+# /run/postgresql is the default directory.
+PG_SOCKET_DIRECTORIES="/run/postgresql"
+
+# Which port and socket to bind PostgreSQL
+PGPORT="5432"
+
+# How long to wait for server to start in seconds
+START_TIMEOUT=10
+
+# NICE_QUIT ignores new connections and wait for clients to disconnect from
+# server before shutting down. NICE_TIMEOUT in seconds determines how long to
+# wait for this to succeed.
+NICE_TIMEOUT=60
+
+# Forecfully disconnect clients from server and shut down. This is performed
+# after NICE_QUIT. Terminated client connections have their open transactions
+# rolled back.
+# Set RUDE_QUIT to "NO" to disable. RUDE_TIMEOUT in seconds.
+RUDE_QUIT="YES"
+RUDE_TIMEOUT=30
+
+# If the server still fails to shutdown, you can force it to quit by setting
+# this to YES and a recover-run will execute on the next startup.
+# Set FORCE_QUIT to "YES" to enable. FORCE_TIMEOUT in seconds.
+FORCE_QUIT="NO"
+FORCE_TIMEOUT=2
+
+# Extra options to run postmaster with, e.g.:
+# -N is the maximal number of client connections
+# -B is the number of shared buffers and has to be at least 2x the value for -N
+# Please read the man-page to postmaster for more options. Many of these
+# options can be set directly in the configuration file.
+#PGOPTS="-N 512 -B 1024"
+
+# Pass extra environment variables. If you have to export environment variables
+# for the database process, this can be done here.
+# Don't forget to escape quotes.
+#PG_EXTRA_ENV="PGPASSFILE=\"/path/to/.pgpass\""
+
+##############################################################################
+#
+# The following values should not be arbitrarily changed.
+#
+# `emerge --config dev-db/postgresql:@SLOT@' uses these values to
+# determine where to create the data directory, where to place the
+# configuration files, and any additional options to pass to initdb.
+#
+# The initscript also uses these variables to inform PostgreSQL where to find
+# its data directory and configuration files.
+#
+##############################################################################
+
+# Location of configuration files
+PGDATA="/etc/postgresql-@SLOT@/"
+
+# Where the data directory is located/to be created
+DATA_DIR="/var/lib/postgresql/@SLOT@/data"
+
+# Additional options to pass to initdb.
+# See `man initdb' for available options.
+PG_INITDB_OPTS="--encoding=UTF8"
diff --git a/dev-db/postgresql/files/postgresql.init-9.2 b/dev-db/postgresql/files/postgresql.init-9.2
new file mode 100755
index 000000000000..0b257049008f
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql.init-9.2
@@ -0,0 +1,153 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands="reload promote"
+
+PG_CTL="/usr/@LIBDIR@/postgresql-@SLOT@/bin/pg_ctl"
+
+description="PostgreSQL @SLOT@ -- the world's most advanced open source database --
+${RC_SERVICE} is a wrapper around pg_ctl with additional administrative checks
+and convenience"
+
+get_config() {
+    [ -f "${PGDATA%/}/postgresql.conf" ] || return 1
+
+    eval echo $(sed -e 's:#.*::' "${PGDATA%/}/postgresql.conf" \
+        | awk '$1 == "'$1'" { print ($2 == "=" ? $3 : $2) }')
+}
+
+depend() {
+    use net
+    provide postgresql
+
+    if [ "$(get_config log_destination)" = "syslog" ]; then
+        use logger
+    fi
+}
+
+configured_port=$(get_config port)
+: ${configured_port:=${PGPORT}}
+
+checkconfig() {
+    # Check that DATA_DIR has been set
+    if [ -z "${DATA_DIR}" ] ; then
+        eerror "DATA_DIR not set"
+        eerror "HINT: Perhaps you need to update /etc/conf.d/postgresql-@SLOT@"
+        return 1
+    fi
+
+    # Check that DATA_DIR exists
+    if [ ! -d "${DATA_DIR}" ] ; then
+        eerror "Directory not found: ${DATA_DIR}"
+        eerror "HINT: Ensure that DATA_DIR points to the right path."
+        eerror "HINT: Or perhaps you need to create the database cluster:"
+        eerror "    emerge --config dev-db/postgresql:@SLOT@"
+        return 1
+    fi
+
+    # Check for the existence of PostgreSQL's config files, and set the
+    # proper mode and ownership.
+    # Only three files should be checked as potentially other files
+    # may be in PGDATA that should not be touched.
+    local file
+    for file in postgresql pg_hba pg_ident ; do
+        file="${PGDATA%/}/${file}.conf"
+        if [ -f "${file}" ] ; then
+            checkpath -f -m 0600 -o postgres:postgres "${file}"
+        else
+            eerror "${file} not found"
+            eerror "HINT: mv ${DATA_DIR%/}/*.conf ${PGDATA}"
+            return 1
+        fi
+    done
+
+    # Set the proper permission for the socket path and create it if
+    # it doesn't exist.
+    checkpath -d -m 1775 -o root:postgres "${PG_SOCKET_DIRECTORY}"
+    if [ -e "${PG_SOCKET_DIRECTORY%/}/.s.PGSQL.${configured_port}" ] ; then
+        eerror "Socket conflict."
+        eerror "A server is already listening on:"
+        eerror "    ${PG_SOCKET_DIRECTORY%/}/.s.PGSQL.${configured_port}"
+        eerror "HINT: Change PGPORT to listen on a different socket."
+        return 1
+    fi
+}
+
+start() {
+    checkconfig || return 1
+
+    ebegin "Starting PostgreSQL @SLOT@"
+
+    rm -f "${DATA_DIR%/}/postmaster.pid"
+
+    su - postgres -c \
+       "PGPORT=${configured_port} ${PG_EXTRA_ENV} ${PG_CTL} start \
+           -s -w -t ${START_TIMEOUT} -l ${DATA_DIR%/}/postmaster.log \
+           -D ${PGDATA} \
+           -o '--data-directory=${DATA_DIR} \
+               --unix-socket-directory=${PG_SOCKET_DIRECTORY} \
+               ${PGOPTS}'"
+
+    local retval=$?
+
+    if [ $retval -ne 0 ] ; then
+        eerror "Check the log for a possible explanation of the above error."
+        eerror "The log may be located at:"
+        eerror "    ${DATA_DIR%/}/postmaster.log"
+        eerror "Or wherever you configured PostgreSQL @SLOT@ to log."
+    fi
+
+    eend $retval
+}
+
+stop() {
+    local seconds=$(( ${NICE_TIMEOUT} + ${RUDE_TIMEOUT} + ${FORCE_TIMEOUT} ))
+    ebegin "Stopping PostgreSQL @SLOT@ (this can take up to ${seconds} seconds)"
+
+    su - postgres -c \
+       "${PG_CTL} stop -t ${NICE_TIMEOUT} -s -D ${DATA_DIR} -m smart"
+    local retval=$?
+
+    if [ "${RUDE_QUIT}" != "NO" -a ${retval} -ne 0 ] ; then
+        einfo "Previous attempt failed. Trying RUDE_QUIT."
+        su - postgres -c \
+           "${PG_CTL} stop -t ${RUDE_TIMEOUT} -s -D ${DATA_DIR} -m fast"
+        retval=$?
+    fi
+
+    if [ "${FORCE_QUIT}" = "YES" -a ${retval} -ne 0 ] ; then
+        einfo "Previous step failed. Trying FORCE_QUIT."
+        ewarn "A recover-run might be executed on next startup."
+        su - postgres -c \
+           "${PG_CTL} stop -t ${FORCE_TIMEOUT} -s -D ${DATA_DIR} -m immediate"
+        retval=$?
+    fi
+
+    eend ${retval}
+}
+
+status() {
+    ebegin "Checking PostgreSQL @SLOT@ status"
+    su - postgres -c "${PG_CTL} status -D ${DATA_DIR}"
+    eend $?
+}
+
+description_reload="Simply sends the postgres process a SIGHUP signal, causing
+           it to reread its configuration files (postgresql.conf, pg_hba.conf,
+           etc.). This allows changing of configuration-file options that do not
+           require a complete restart to take effect."
+reload() {
+    ebegin "Reloading PostgreSQL @SLOT@ configuration"
+    su - postgres -c "${PG_CTL} reload -s -D ${DATA_DIR}"
+    eend $?
+}
+
+description_promote="If the server is in standby, it is commanded to exit
+            recovery and begin read-write operations."
+promote() {
+    ebegin "Promoting PostgreSQL @SLOT@"
+    su - postgres -c "${PG_CTL} promote -s -D ${DATA_DIR}"
+    eend $?
+}
diff --git a/dev-db/postgresql/files/postgresql.init-9.3-r1 b/dev-db/postgresql/files/postgresql.init-9.3-r1
new file mode 100755
index 000000000000..b7a08990bf64
--- /dev/null
+++ b/dev-db/postgresql/files/postgresql.init-9.3-r1
@@ -0,0 +1,158 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Id$
+
+extra_started_commands="reload promote"
+
+PG_CTL="/usr/@LIBDIR@/postgresql-@SLOT@/bin/pg_ctl"
+
+description="PostgreSQL @SLOT@ -- the world's most advanced open source database --
+${RC_SERVICE} is a wrapper around pg_ctl with additional administrative checks
+and convenience"
+
+get_config() {
+    [ -f "${PGDATA%/}/postgresql.conf" ] || return 1
+
+    eval echo $(sed -e 's:#.*::' "${PGDATA%/}/postgresql.conf" \
+        | awk '$1 == "'$1'" { print ($2 == "=" ? $3 : $2) }')
+}
+
+depend() {
+    use net
+    provide postgresql
+
+    if [ "$(get_config log_destination)" = "syslog" ]; then
+        use logger
+    fi
+}
+
+configured_port=$(get_config port)
+: ${configured_port:=${PGPORT}}
+
+checkconfig() {
+    # Check that DATA_DIR has been set
+    if [ -z "${DATA_DIR}" ] ; then
+        eerror "DATA_DIR not set"
+        eerror "HINT: Perhaps you need to update /etc/conf.d/postgresql-@SLOT@"
+        return 1
+    fi
+
+    # Check that DATA_DIR exists
+    if [ ! -d "${DATA_DIR}" ] ; then
+        eerror "Directory not found: ${DATA_DIR}"
+        eerror "HINT: Ensure that DATA_DIR points to the right path."
+        eerror "HINT: Or perhaps you need to create the database cluster:"
+        eerror "    emerge --config dev-db/postgresql:@SLOT@"
+        return 1
+    fi
+
+    # Check for the existence of PostgreSQL's config files, and set the
+    # proper mode and ownership.
+    # Only three files should be checked as potentially other files
+    # may be in PGDATA that should not be touched.
+    local file
+    for file in postgresql pg_hba pg_ident ; do
+        file="${PGDATA%/}/${file}.conf"
+        if [ -f "${file}" ] ; then
+            checkpath -f -m 0600 -o postgres:postgres "${file}"
+        else
+            eerror "${file} not found"
+            eerror "HINT: mv ${DATA_DIR%/}/*.conf ${PGDATA}"
+            return 1
+        fi
+    done
+
+    # Set the proper permission for the socket paths and create it if
+    # it doesn't exist.
+    set -f; IFS=','
+    local s
+    for s in ${PG_SOCKET_DIRECTORIES}; do
+        checkpath -d -m 1775 -o root:postgres "${s}"
+        if [ -e "${s%/}/.s.PGSQL.${configured_port}" ] ; then
+            eerror "Socket conflict."
+            eerror "A server is already listening on:"
+            eerror "    ${s%/}/.s.PGSQL.${configured_port}"
+            eerror "HINT: Change PGPORT to listen on a different socket."
+            return 1
+        fi
+    done
+    set +f; unset IFS
+}
+
+start() {
+    checkconfig || return 1
+
+    ebegin "Starting PostgreSQL @SLOT@"
+
+    rm -f "${DATA_DIR%/}/postmaster.pid"
+
+    su - postgres -c \
+       "PGPORT=${configured_port} ${PG_EXTRA_ENV} ${PG_CTL} start \
+           -s -w -t ${START_TIMEOUT} -l ${DATA_DIR%/}/postmaster.log \
+           -D ${PGDATA} \
+           -o '--data-directory=${DATA_DIR} \
+               --unix-socket-directories=${PG_SOCKET_DIRECTORIES} \
+               ${PGOPTS}'"
+
+    local retval=$?
+
+    if [ $retval -ne 0 ] ; then
+        eerror "Check the log for a possible explanation of the above error."
+        eerror "The log may be located at:"
+        eerror "    ${DATA_DIR%/}/postmaster.log"
+        eerror "Or wherever you configured PostgreSQL @SLOT@ to log."
+    fi
+
+    eend $retval
+}
+
+stop() {
+    local seconds=$(( ${NICE_TIMEOUT} + ${RUDE_TIMEOUT} + ${FORCE_TIMEOUT} ))
+    ebegin "Stopping PostgreSQL @SLOT@ (this can take up to ${seconds} seconds)"
+
+    su - postgres -c \
+       "${PG_CTL} stop -t ${NICE_TIMEOUT} -s -D ${DATA_DIR} -m smart"
+    local retval=$?
+
+    if [ "${RUDE_QUIT}" != "NO" -a ${retval} -ne 0 ] ; then
+        einfo "Previous attempt failed. Trying RUDE_QUIT."
+        su - postgres -c \
+           "${PG_CTL} stop -t ${RUDE_TIMEOUT} -s -D ${DATA_DIR} -m fast"
+        retval=$?
+    fi
+
+    if [ "${FORCE_QUIT}" = "YES" -a ${retval} -ne 0 ] ; then
+        einfo "Previous step failed. Trying FORCE_QUIT."
+        ewarn "A recover-run might be executed on next startup."
+        su - postgres -c \
+           "${PG_CTL} stop -t ${FORCE_TIMEOUT} -s -D ${DATA_DIR} -m immediate"
+        retval=$?
+    fi
+
+    eend ${retval}
+}
+
+status() {
+    ebegin "Checking PostgreSQL @SLOT@ status"
+    su - postgres -c "${PG_CTL} status -D ${DATA_DIR}"
+    eend $?
+}
+
+description_reload="Simply sends the postgres process a SIGHUP signal, causing
+           it to reread its configuration files (postgresql.conf, pg_hba.conf,
+           etc.). This allows changing of configuration-file options that do not
+           require a complete restart to take effect."
+reload() {
+    ebegin "Reloading PostgreSQL @SLOT@ configuration"
+    su - postgres -c "${PG_CTL} reload -s -D ${DATA_DIR}"
+    eend $?
+}
+
+description_promote="If the server is in standby, it is commanded to exit
+            recovery and begin read-write operations."
+promote() {
+    ebegin "Promoting PostgreSQL @SLOT@"
+    su - postgres -c "${PG_CTL} promote -s -D ${DATA_DIR}"
+    eend $?
+}
author	Aaron W. Swenson <titanofold@gentoo.org>	2017-04-17 09:09:56 -0400
committer	Aaron W. Swenson <titanofold@gentoo.org>	2017-04-17 11:40:58 -0400
commit	f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7 (patch)
tree	faa755f42c3a4faaef7f3e90bfb6d1f3e899d9df /dev-db/postgresql/files
parent	app-eselect/eselect-postgresql: Bug Fixes and Enhancements (diff)
download	gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.tar.gz gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.tar.bz2 gentoo-f1b07f8816c2f0346d07468bdb4c5b9ce4ffada7.zip