The second version of this patch avoids being generous with file permissions, as Stefan pointed out that /var/ipfire/ipblocklist/sources must not be writable to "nobody".
Therefore, the needed files ("settings" and "modify") are prepared during the Core Upgrade and LFS file, and equipped with appropriate permissions.
Fixes: #12917 Cc: Stefan Schantl stefan.schantl@ipfire.org Signed-off-by: Peter Müller peter.mueller@ipfire.org --- config/rootfiles/core/170/update.sh | 4 ++++ lfs/ipblocklist-sources | 2 ++ 2 files changed, 6 insertions(+)
diff --git a/config/rootfiles/core/170/update.sh b/config/rootfiles/core/170/update.sh index b6b66f3f1..9d16f4a32 100644 --- a/config/rootfiles/core/170/update.sh +++ b/config/rootfiles/core/170/update.sh @@ -164,6 +164,10 @@ ldconfig mkdir -pv /var/lib/ipblocklist chown nobody:nobody /var/lib/ipblocklist
+# Create necessary files for IPBlocklist and set their ownership accordingly (#12917) +touch /var/ipfire/ipblocklist/{settings,modified} +chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified} + # Rebuild fcrontab from scratch /usr/bin/fcrontab -z
diff --git a/lfs/ipblocklist-sources b/lfs/ipblocklist-sources index 30b9e94a4..d0ce30350 100644 --- a/lfs/ipblocklist-sources +++ b/lfs/ipblocklist-sources @@ -49,5 +49,7 @@ $(TARGET) : @$(PREBUILD) mkdir -p /var/ipfire/ipblocklist install -v -m 0644 $(DIR_SRC)/config/ipblocklist/sources /var/ipfire/ipblocklist + touch /var/ipfire/ipblocklist/{settings,modified} + chown nobody:nobody /var/ipfire/ipblocklist/{settings,modified}
@$(POSTBUILD)