dev-db/pgagent: new revision with a dedicated "pgagent" user.

The pgagent daemon used to run as root, which can be dangerous. That
system user is used to execute the database jobs, meaning that a
non-root user with permission to schedule pgagent jobs could gain
root. This new revision creates a dedicated "pgagent" system user,
and the new init script launches the daemon as that user.

An ewarn lets users know that some migration work may be needed.

Gentoo-Bug: 537264

Package-Manager: Portage-2.3.6, Repoman-2.3.1

2 files changed, 100 insertions, 0 deletions

diff --git a/dev-db/pgagent/files/pgagent.initd-r1 b/dev-db/pgagent/files/pgagent.initd-r1
new file mode 100644
index 000000000000..a555006d3bd2
--- /dev/null
+++ b/dev-db/pgagent/files/pgagent.initd-r1
@@ -0,0 +1,31 @@
+#!/sbin/openrc-run
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+command="/usr/bin/pgagent"
+command_user="pgagent"
+
+# If pgagent daemonizes itself, it won't write a PID file and
+# we have to work a little harder to stop() it. So let it run
+# in the foreground, and have OpenRC manage its PID file.
+command_args="-f
+              -t ${PGA_POLL}
+              -r ${PGA_RETRY}
+              -s ${PGA_LOG}
+              -l ${PGA_LEVEL}
+              hostaddr=${PG_HOST}
+              dbname=${PG_DBNAME}
+              user=${PG_USER}"
+
+command_background="true"
+pidfile="/run/pgagent.pid"
+
+depend() {
+    use net
+    need postgresql
+}
+
+start_pre() {
+    # The log file needs to be writable by the daemon user.
+    checkpath --file --owner root:pgagent --mode 0660 "${PGA_LOG}"
+}
diff --git a/dev-db/pgagent/pgagent-3.4.0-r2.ebuild b/dev-db/pgagent/pgagent-3.4.0-r2.ebuild
new file mode 100644
index 000000000000..9f44b6fff0f9
--- /dev/null
+++ b/dev-db/pgagent/pgagent-3.4.0-r2.ebuild
@@ -0,0 +1,69 @@
+# Copyright 1999-2017 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+CMAKE_IN_SOURCE_BUILD=1
+WX_GTK_VER="3.0"
+
+inherit cmake-utils user wxwidgets
+
+MY_PN=${PN/a/A}
+
+KEYWORDS="~amd64 ~x86"
+
+DESCRIPTION="${MY_PN} is a job scheduler for PostgreSQL"
+HOMEPAGE="http://www.pgadmin.org/download/pgagent.php"
+SRC_URI="mirror://postgresql/pgadmin3/release/${PN}/${MY_PN}-${PV}-Source.tar.gz"
+LICENSE="POSTGRESQL GPL-2"
+SLOT="0"
+IUSE=""
+
+RDEPEND="dev-db/postgresql:*
+		 x11-libs/wxGTK:${WX_GTK_VER}"
+DEPEND="${RDEPEND}"
+
+S="${WORKDIR}/${MY_PN}-${PV}-Source"
+
+src_prepare() {
+	default
+	sed -e "s:share):share/${P}):" \
+		-i CMakeLists.txt || die "failed to patch CMakeLists.txt"
+	sed -i -e '/SET(WX_VERSION "2.8")/d' CMakeLists.txt || die
+}
+
+src_configure() {
+	if has_version "x11-libs/wxGTK[X]"; then
+		need-wxwidgets unicode
+	else
+		need-wxwidgets base-unicode
+	fi
+	mycmakeargs=( "-DSTATIC_BUILD:BOOLEAN=FALSE"
+				  "-DWX_VERSION=${WX_GTK_VER}" )
+	cmake-utils_src_configure
+}
+
+src_install() {
+	cmake-utils_src_install
+
+	newinitd "${FILESDIR}/pgagent.initd-r1" "${PN}"
+	newconfd "${FILESDIR}/pgagent.confd" "${PN}"
+
+	rm "${ED}"/usr/{LICENSE,README} || die "failed to remove useless docs"
+}
+
+pkg_preinst() {
+	# This user needs a real shell, and the daemon will use the
+	# ~/.pgpass file from its home directory.
+	enewuser pgagent -1 /bin/bash /home/pgagent
+}
+
+pkg_postinst() {
+	if [[ -n "${REPLACING_VERSIONS}" ]]; then
+		# This warning can be removed around a year after this version
+		# goes stable.
+		ewarn 'pgAgent now runs as a dedicated "pgagent" user (as'
+		ewarn 'opposed to root). You may need to move your /root/.pgpass'
+		ewarn 'file to /home/pgagent/.pgpass, and the new user will'
+		ewarn 'need permissions on any paths that it will access.'
+	fi
+}