You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@couchdb.apache.org by va...@apache.org on 2022/04/27 20:43:13 UTC

[couchdb-pkg] 02/07: Don't allow 'monster' as cookie value in debconf

This is an automated email from the ASF dual-hosted git repository.

vatamane pushed a commit to branch monstermunch
in repository https://gitbox.apache.org/repos/asf/couchdb-pkg.git

commit ac7b530a4759aaf44ada904776b651d4ba0aa6f4
Author: Robert Newson <rn...@apache.org>
AuthorDate: Thu Feb 24 14:01:36 2022 +0000

    Don't allow 'monster' as cookie value in debconf
---
 README-SNAP.md           |  2 +-
 debian/couchdb.config    | 27 +++++++++++++++++++++------
 debian/couchdb.postinst  | 13 +++++++++++--
 debian/couchdb.templates | 11 ++++++++++-
 4 files changed, 43 insertions(+), 10 deletions(-)

diff --git a/README-SNAP.md b/README-SNAP.md
index 0eed800..3ee137c 100644
--- a/README-SNAP.md
+++ b/README-SNAP.md
@@ -249,7 +249,7 @@ In the very rare case you need to connect to the couchdb server, a remsh script
 provided. You need to specify both the name of the server and the cookie, even if
 you are using the default. 
 ```bash
-/snap/bin/couchdb.remsh -n couchdb@localhost -c monster
+/snap/bin/couchdb.remsh -n couchdb@localhost -c $COOKIE
 ```
 # Building this snap <a name="building"></a>
 
diff --git a/debian/couchdb.config b/debian/couchdb.config
index 7eb301d..df9518c 100755
--- a/debian/couchdb.config
+++ b/debian/couchdb.config
@@ -62,13 +62,29 @@ promptbind() {
   done
 }
 
+promptcookie() {
+    while :; do
+        RET=""
+        db_input high couchdb/cookie || true
+        db_go
+        db_get couchdb/cookie
+        if [ -z "$RET" ]; then
+            db_input critical couchdb/no_cookie
+            db_fset couchdb/cookie seen false
+        elif [ "$RET" = "monster" ]; then
+            db_input critical couchdb/no_cookie_monsters
+            db_fset couchdb/cookie seen false
+        else
+            break
+        fi
+    done
+}
+
 # if they exist, make current settings debconf's defaults
 if [ -e /opt/couchdb/etc/vm.args ] ; then
   cookie="$(grep '^-setcookie' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)"
   nodename="$(grep '^-name' /opt/couchdb/etc/vm.args | cut -d ' ' -f 2 | stripwhitespace)"
-  if [ "${cookie}" != "monster" ]; then 
-    db_set couchdb/cookie "${cookie}"
-  fi
+  db_set couchdb/cookie "${cookie}"
   if [ "${nodename}" != "couchdb@127.0.0.1" ]; then
     db_set couchdb/nodename "${nodename}"
   fi
@@ -102,7 +118,7 @@ none)
   ;;
 standalone)
   db_fset couchdb/nodename seen false
-  db_fset couchdb/cookie seen false
+  promptcookie
   promptbind w.x.y.z
   # still prompt for password
   promptpass
@@ -113,8 +129,7 @@ clustered)
   fi
   db_input high couchdb/nodename || true
   db_go
-  db_input high couchdb/cookie || true
-  db_go
+  promptcookie
   # do not allow binding to loopback in clustered mode
   promptbind 127.0.0.1
   promptpass
diff --git a/debian/couchdb.postinst b/debian/couchdb.postinst
index 8ee939b..efc4659 100644
--- a/debian/couchdb.postinst
+++ b/debian/couchdb.postinst
@@ -157,6 +157,17 @@ case $1 in
       false
     fi
 
+    # Set the cookie
+    db_get couchdb/cookie && cookie="$RET"
+
+    # change existing setcookie line if present
+    sed -i "s/^[# ]*-setcookie.*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args
+
+    # add setcookie line if not present
+    if ! grep -q '^-setcookie' /opt/couchdb/etc/vm.args; then
+        echo "-setcookie ${cookie}" >> /opt/couchdb/etc/vm.args
+    fi
+
     # set inet_dist_use_interface default if not present
     if ! grep -q '^-kernel inet_dist_use_interface' /opt/couchdb/etc/vm.args; then
         echo "-kernel inet_dist_use_interface '{127,0,0,1}'" >> /opt/couchdb/etc/vm.args
@@ -180,10 +191,8 @@ case $1 in
       ;;
       clustered)
         db_get couchdb/nodename && nodename="$RET"
-        db_get couchdb/cookie && cookie="$RET"
 
         sed -i "s/^-name .*$/-name ${nodename}/" /opt/couchdb/etc/vm.args
-        sed -i "s/^-setcookie .*$/-setcookie ${cookie}/" /opt/couchdb/etc/vm.args
 
         setbindaddress
 
diff --git a/debian/couchdb.templates b/debian/couchdb.templates
index 3acdccd..336df16 100644
--- a/debian/couchdb.templates
+++ b/debian/couchdb.templates
@@ -37,7 +37,6 @@ _Description: CouchDB Erlang node name:
 
 Template: couchdb/cookie
 Type: string
-Default: monster
 _Description: CouchDB Erlang magic cookie:
  A CouchDB node has an Erlang magic cookie value set at startup.
  .
@@ -104,3 +103,13 @@ _Description: Remove all CouchDB databases?
  The /var/lib/couchdb directory containing all CouchDB databases will
  be removed. This will also clear the stored node name for this machine,
  and remove the couchdb user and group.
+
+Template: couchdb/no_cookie_monsters
+Type: error
+_Description: Cookie input error
+ The Erlang cookie cannot be set to 'monster'. Please try again.
+
+Template: couchdb/no_cookie
+Type: error
+_Description: Cookie input error
+ The Erlang cookie cannot be empty. Please try again.