Index | Thread | Search

From:
Klemens Nanni <kn@openbsd.org>
Subject:
Re: audio/shairport-sync: save config permissions, clearer sndio(7) instructions
To:
ports@openbsd.org, Paul de Weerd <weerd@weirdnet.nl>, Aaron Bieber <aaron@bolddaemon.com>
Date:
Mon, 22 Jan 2024 01:53:40 +0000

Download raw body.

Thread 
On Fri, Jan 19, 2024 at 01:08:37AM +0000, Klemens Nanni wrote:
> Config may contain passwords, but is world-readable.
> I'd say /etc/ files are usually root-owned as well:
> 
>   -rw-r--r--  1 _shairport  _shairport  23340 Jan 19 01:24 /etc/shairport-sync.conf
> 
> Fix it in PLIST;  daemon user's home ownership/permissions stay the same:
> 
>   -rw-r-----  1 root        _shairport  23340 Jan 19 01:53 /etc/shairport-sync.conf
>   drwxr-xr-x  3 _shairport  _shairport    512 Jan 19 01:56 /var/spool/shairport-sync/
> 
> 
> Paul mentioned shairpoint-sync's instructions as reply to spotifyd,
> where I went with less repitition and more precise instructions.
> 
> I suggest syncing with that so copy/paste after install just works.
> Playback on amd64 from an iPhone works for me without further config.
> 
> (Pausing on the remote device crashes the daemon, but that's not news
>  and we're due updating our port, anyways.)
> 
> Feedback? OK?

Rebased after the pause crash fix went in.

Index: Makefile
===================================================================
RCS file: /cvs/ports/audio/shairport-sync/Makefile,v
diff -u -p -r1.4 Makefile
--- Makefile	22 Jan 2024 01:40:28 -0000	1.4
+++ Makefile	22 Jan 2024 01:41:44 -0000
@@ -3,7 +3,7 @@ COMMENT =	AirPlay audio player
 GH_ACCOUNT =	mikebrady
 GH_PROJECT =	shairport-sync
 GH_TAGNAME =	3.3.9
-REVISION =	2
+REVISION =	3
 
 SITES.fix =		https://github.com/mikebrady/shairport-sync/commit/
 # "avoid recursive mutex acquisition in sndio backend" to fix crash on pause
@@ -35,6 +35,9 @@ CONFIGURE_ARGS +=	--with-ssl=openssl \
 			--with-sndio \
 			--with-os=openbsd
 FAKE_FLAGS =		sysconfdir=${PREFIX}/share/examples/shairport-sync
+
+HOME_DIR =		${LOCALSTATEDIR}/spool/${PKGSTEM}
+SUBST_VARS =		HOME_DIR
 
 post-install:
 	mv ${PREFIX}/man/man7/shairport-sync.7 \
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/audio/shairport-sync/pkg/PLIST,v
diff -u -p -r1.2 PLIST
--- pkg/PLIST	1 May 2022 14:00:13 -0000	1.2
+++ pkg/PLIST	22 Jan 2024 01:41:44 -0000
@@ -1,12 +1,17 @@
 @newgroup _shairport:876
-@newuser _shairport:876:876::Shairport-sync Account:/var/spool/shairport-sync:/sbin/nologin
+@newuser _shairport:876:876::Shairport-sync Account:${HOME_DIR}:/sbin/nologin
 @rcscript ${RCDIR}/shairport_sync
+@owner _shairport
+@group _shairport
+@sample ${HOME_DIR}/
+@extraunexec rm -rf ${HOME_DIR}
+@owner
+@group
 @bin bin/shairport-sync
 @man man/man1/shairport-sync.1
 share/doc/pkg-readmes/${PKGSTEM}
 share/examples/shairport-sync/
 share/examples/shairport-sync/shairport-sync.conf
-@owner _shairport
+@mode 0640
 @group _shairport
 @sample ${SYSCONFDIR}/shairport-sync.conf
-@sample /var/spool/shairport-sync/
Index: pkg/README
===================================================================
RCS file: /cvs/ports/audio/shairport-sync/pkg/README,v
diff -u -p -r1.2 README
--- pkg/README	1 May 2022 14:00:13 -0000	1.2
+++ pkg/README	22 Jan 2024 01:41:44 -0000
@@ -8,16 +8,7 @@ boot time, the rc.conf.local(8) pkg_scri
     rcctl enable messagebus avahi_daemon shairport_sync
     rcctl order messagebus avahi_daemon shairport_sync
 
-sndiod(8) concurrent access by shairport-sync(1) and other users
-================================================================
+Follow sndio(7) Authentication if both dedicated and your own user shall be
+able to play audio at the same time, e.g. on a desktop system:
 
-sndiod(8) normally only allows access to audio by a single system user
-at a time. This is done by generating a random authentication token and
-storing it in $HOME/.sndio/cookie when a user first accesses audio,
-providing a limited capability to share with other users by copying
-the token to their home directory.  See AUTHENTICATION in sndio(7) for
-more details.
-
-If you want to share sndiod(8) access with shairport-sync(1) running as
-the default _shairport user, you may copy .sndio/cookie from your user's
-home directory to /var/spool/shairport/.sndio/cookie.
+    install -D -p -o _shairport -m 0600 ~/.sndio/cookie ${HOME_DIR}/.sndio/cookie
Index: pkg/shairport_sync.rc
===================================================================
RCS file: /cvs/ports/audio/shairport-sync/pkg/shairport_sync.rc,v
diff -u -p -r1.1.1.1 shairport_sync.rc
--- pkg/shairport_sync.rc	27 Apr 2022 02:19:25 -0000	1.1.1.1
+++ pkg/shairport_sync.rc	22 Jan 2024 01:41:44 -0000
@@ -6,4 +6,5 @@ daemon_user="_shairport"
 . /etc/rc.d/rc.subr
 
 rc_bg=YES
+
 rc_cmd $1