treewide: install configs with INSTALL_CONF (0600)

Use INSTALL_CONF instead of INSTALL_DATA to install configuration files under /etc with correct permissions. This improves security by ensuring config files are not world-readable. INSTALL_DATA sets mode 0644, while INSTALL_CONF sets mode 0600. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
2025-12-20 02:18:57 +08:00 · 2025-06-16 22:40:05 +02:00
parent 58070aa6c1
commit 03a13710ea
7 changed files with 15 additions and 15 deletions
--- a/batmand/Makefile
+++ b/batmand/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=batmand
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://git.open-mesh.org/batmand.git
@@ -47,7 +47,7 @@ define Package/batmand/install
 	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/config $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/batmand $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/etc/init.d/batmand $(1)/etc/init.d
-	$(INSTALL_DATA) ./files/etc/config/batmand $(1)/etc/config
+	$(INSTALL_CONF) ./files/etc/config/batmand $(1)/etc/config
 endef

 define Package/batmand/conffiles
--- a/bmx7/Makefile
+++ b/bmx7/Makefile
@@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=bmx7
 PKG_VERSION:=2024.06.11
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz

@@ -116,7 +116,7 @@ define Package/bmx7-uci-config/install
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/$(MAKE_PATH)/lib/bmx7_uci_config/bmx7_config.so \
 		$(1)/usr/lib/bmx7_config.so
 	$(INSTALL_BIN) ./files/etc/init.d/bmx7 $(1)/etc/init.d/bmx7
-	$(INSTALL_DATA) ./files/etc/config/bmx7 $(1)/etc/config/bmx7
+	$(INSTALL_CONF) ./files/etc/config/bmx7 $(1)/etc/config/bmx7
 endef

 define Package/bmx7-iwinfo/install
--- a/luci-app-olsrd2/Makefile
+++ b/luci-app-olsrd2/Makefile
@@ -3,7 +3,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=luci-app-olsrd2
 PKG_VERSION:=0.2.6
-PKG_RELEASE:=16
+PKG_RELEASE:=17
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)

 include $(INCLUDE_DIR)/package.mk
@@ -41,7 +41,7 @@ define Package/$(PKG_NAME)/install
 	$(INSTALL_DATA) ./htdocs/cgi-bin-olsrd2-neigh.html $(1)/www
 	$(INSTALL_DATA) ./htdocs/luci-static/resources/view/olsrd2/* $(1)/www/luci-static/resources/view/olsrd2
 	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DATA) ./root/etc/config/* $(1)/etc/config
+	$(INSTALL_CONF) ./root/etc/config/* $(1)/etc/config
 	$(INSTALL_DIR) $(1)/usr/share/ucitrack
 	$(INSTALL_DATA) ./root/usr/share/ucitrack/luci-app-olsrd2.json $(1)/usr/share/ucitrack
 	$(INSTALL_DIR) $(1)/usr/libexec/rpcd
--- a/naywatch/Makefile
+++ b/naywatch/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=naywatch
 PKG_VERSION:=1
-PKG_RELEASE:=7
+PKG_RELEASE:=8

 PKG_MAINTAINER:=Nick Hainke <vincent@systemli.org>
 PKG_LICENSE:=GPL-2.0-only
@@ -44,7 +44,7 @@ define Package/naywatch/install
 	$(INSTALL_DIR) $(1)/usr/bin
 	$(INSTALL_BIN) ./files/naywatch.sh $(1)/usr/bin/naywatch
 	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DATA) ./files/naywatch.config $(1)/etc/config/naywatch
+	$(INSTALL_CONF) ./files/naywatch.config $(1)/etc/config/naywatch
 endef

 $(eval $(call BuildPackage,naywatch))
--- a/olsrd/Makefile
+++ b/olsrd/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=olsrd
 PKG_SOURCE_DATE:=2024-06-09
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/OLSR/olsrd.git
@@ -192,8 +192,8 @@ define Package/olsrd/install
 	$(INSTALL_DIR) $(1)/lib/functions
 	$(INSTALL_DATA) ./files/olsrd.sh $(1)/lib/functions/olsrd.sh
 	$(INSTALL_DIR) $(1)/etc/config
-	$(INSTALL_DATA) ./files/olsrd.config $(1)/etc/config/olsrd
-	$(INSTALL_DATA) ./files/olsrd6.config $(1)/etc/config/olsrd6
+	$(INSTALL_CONF) ./files/olsrd.config $(1)/etc/config/olsrd
+	$(INSTALL_CONF) ./files/olsrd6.config $(1)/etc/config/olsrd6
 	$(INSTALL_DIR) $(1)/usr/sbin
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/olsrd $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/etc/init.d
--- a/opennds/Makefile
+++ b/opennds/Makefile
@@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=opennds
 PKG_VERSION:=10.3.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/opennds/opennds/tar.gz/v$(PKG_VERSION)?
@@ -53,7 +53,7 @@ define Package/opennds/install
 	$(INSTALL_DIR) $(1)/usr/lib/opennds
 	$(CP) $(PKG_BUILD_DIR)/resources/splash.css $(1)/etc/opennds/htdocs/
 	$(CP) $(PKG_BUILD_DIR)/resources/splash.jpg $(1)/etc/opennds/htdocs/images/
-	$(CP) $(PKG_BUILD_DIR)/linux_openwrt/opennds/files/etc/config/opennds $(1)/etc/config/
+	$(INSTALL_CONF) $(PKG_BUILD_DIR)/linux_openwrt/opennds/files/etc/config/opennds $(1)/etc/config/
 	$(CP) $(PKG_BUILD_DIR)/linux_openwrt/opennds/files/etc/config/opennds $(1)/etc/opennds/config.uci
 	$(CP) $(PKG_BUILD_DIR)/linux_openwrt/opennds/files/etc/init.d/opennds $(1)/etc/init.d/
 	$(CP) $(PKG_BUILD_DIR)/linux_openwrt/opennds/files/etc/uci-defaults/40_opennds $(1)/etc/uci-defaults/
--- a/vis/Makefile
+++ b/vis/Makefile
@@ -8,7 +8,7 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=vis
-PKG_RELEASE:=9
+PKG_RELEASE:=10

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2013-04-07
@@ -46,7 +46,7 @@ define Package/vis/install
 	$(INSTALL_DIR) $(1)/usr/sbin $(1)/etc/config $(1)/etc/init.d
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/vis $(1)/usr/sbin/
 	$(INSTALL_BIN) ./files/etc/init.d/vis $(1)/etc/init.d
-	$(INSTALL_DATA) ./files/etc/config/vis $(1)/etc/config
+	$(INSTALL_CONF) ./files/etc/config/vis $(1)/etc/config
 endef

 define Package/vis/conffiles