Bug#769965: minetest: please support init.d scripts and a global configuration file
Martin Quinson
martin.quinson at loria.fr
Tue Nov 18 21:27:13 UTC 2014
On Tue, Nov 18, 2014 at 06:24:13PM +0100, Markus Koschany wrote:
> On 18.11.2014 12:23, Martin Quinson wrote:
> > Woot, many thanks for these changes! I'll try to fill the TODO a bit
> > further to seek your help on the other points ;)
>
> Ok, but I'm not cheap. :P
Actually, the main thing would be to upload a new version of
libcppjson to fix that bug that affects minetest. But the upstream
package seems to be rather different in the new versions, so I'm
afraid that we will need to repackage it from scratch. Not necessary a
big deal but I did not find the time to do so so far.
I am the packager of a mod which has a new upstream release, but
that's actually a pre-release of the next stable so I'm just waiting
for upstream here.
I'm not sure that packaging more mods would make much sense at this
point. What do you think?
The ubuntu bugs may need some triage, but I don't know how to modify
them. Some of them are so old that they probably just need to be
closed. I just reported ubuntu's #1379551 to upstream on their IRC.
Oh, and I forgot. I'm not solvent ;-)
> > I have one main question about the server started automatically. Will
> > it be given a specific user id? I would not certify the security of
> > that server, and I'd like to sandbox it as much as possible. I plan
> > since a long time to check how to do that, but you have just solved
> > all my questions but this one.
>
> I'm still testing the server in a real environment for my gaming
> project, linuxiuvat.de and the server appears to be working fine. The
> unprivileged system user is called Debian-minetest. This user is
> automatically created in postinst. The shell is set to /bin/false. The
> current setup is comparable to our openarena-server package. The home
> directory is /var/games/minetest-server and it is owned by that user and
> group games. I think this ensures reasonable security from our side and
> these measures are used by other multiplayer servers in the archive too.
That's exactly the kind of things I was hopping to hear, thanks.
> > Could you please check your changes to see if they are the most secure
> > ones, ie the ones that do not trust the server program but sandbox it
> > the most, please ?
>
> I think I have already taken care of all necessary configuration steps.
> I can't really tell how secure the Minetest server currently is but I am
> sure that the server uses sane default values now.
If so, I'd be glad to upload a new version as soon as you merge your
changes to master.
> I also plan to provide a .service and .socket file for systemd in the
> future as soon as I have more time to test them.
That would be another TODO-- for me ;)
Thanks, Mt.
--
Those are my principles, and if you don't like them... well, I have others.
-- Groucho Marx
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-games-devel/attachments/20141118/3183a034/attachment.sig>
More information about the Pkg-games-devel
mailing list