From efe43b27b5b333a0c003ecdfe1668268c00d66cf Mon Sep 17 00:00:00 2001
From: "Brian S. Stephan" <bss@incorporeal.org>
Date: Tue, 11 Apr 2023 19:31:02 -0500
Subject: [PATCH] don't put unrealircd's pidfile where unrealircd could write
 it

---
 net-irc/unrealircd/files/unrealircd.confd-r5 | 37 ++++++++++++++++++++
 net-irc/unrealircd/files/unrealircd.initd-r4 |  9 +----
 net-irc/unrealircd/files/unrealircd.tmpfiles |  1 -
 net-irc/unrealircd/unrealircd-6.0.7.ebuild   |  6 ++--
 4 files changed, 41 insertions(+), 12 deletions(-)
 create mode 100644 net-irc/unrealircd/files/unrealircd.confd-r5

diff --git a/net-irc/unrealircd/files/unrealircd.confd-r5 b/net-irc/unrealircd/files/unrealircd.confd-r5
new file mode 100644
index 0000000..a19733a
--- /dev/null
+++ b/net-irc/unrealircd/files/unrealircd.confd-r5
@@ -0,0 +1,37 @@
+# Copyright 1999-2021 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# Where to chroot to
+# Uncomment this line for chrooting
+#UNREALIRCD_CHROOT="/var/chroot/ircd"
+UNREALIRCD_CHROOT=""
+
+# Which configuration file to load instead of unrealircd.conf. If you
+# want to run multiple instances of unrealircd, you must edit
+# files::pidfile to match UNREALIRCD_PIDFILE. You should also ensure
+# that files::tunefile is different for each unrealircd instance. See
+# https://www.unrealircd.org/docs/Configuration#Files_block
+#
+# To support multiple instances of unrealircd, you may create symlinks
+# in /etc/init.d pointing to /etc/init.d/unrealircd. It is recommended
+# that the scheme unrealircd.${instance_name} be used. For each
+# instance, you may make a copy of this file with the appropriate name
+# to override default options specific to that instance.
+UNREALIRCD_CONF="${UNREALIRCD_CHROOT}/etc/unrealircd/${SVCNAME}.conf"
+
+# The path where unrealircd is configured to create its pidfile.
+UNREALIRCD_PIDFILE="${UNREALIRCD_CHROOT}/run/${SVCNAME}.pid"
+
+# extra options to pass to unrealircd ...
+# You should not specify the -f option here; use
+# UNREALIRCD_CONF instead.
+#
+# [-h servername]
+# [-p portnumber]
+# [-x loglevel]
+# [-t] (to enable debug output)
+UNREALIRCD_OPTS=""
+
+# Extra flags to pass to start-stop-daemon. When initially
+# debugging, removing --quiet may help.
+UNREALIRCD_SSD_OPTS="--quiet"
diff --git a/net-irc/unrealircd/files/unrealircd.initd-r4 b/net-irc/unrealircd/files/unrealircd.initd-r4
index d7398a5..29b3bc3 100644
--- a/net-irc/unrealircd/files/unrealircd.initd-r4
+++ b/net-irc/unrealircd/files/unrealircd.initd-r4
@@ -4,7 +4,7 @@
 
 # Defaults
 : ${UNREALIRCD_CONF:=/etc/unrealircd/${SVCNAME}.conf}
-: ${UNREALIRCD_PIDFILE:=/run/unrealircd/${SVCNAME#unreal}.pid}
+: ${UNREALIRCD_PIDFILE:=/run/${SVCNAME#unreal}.pid}
 
 # Convenience variable for the chroot bits, not actually user-controllable via conf.d
 UNREALIRCD_USER="unrealircd"
@@ -42,14 +42,7 @@ depend() {
 	provide ircd
 }
 
-# It is unsafe for the unrealircd user to be able to write to its own
-# PID file, since root will be sending e.g. kill signals to the PID
-# listed in that file. Ensure that we overwrite the ownership and
-# permissions on /run/unrealircd from previous init scripts.
 start_pre() {
-	# commented out pending information about where to do pidfile vs. socket stuff
-	# checkpath --directory --owner root:root --mode 0700 "${UNREALIRCD_CHROOT}"/run/unrealircd
-
 	checkconfig || return $?
 }
 
diff --git a/net-irc/unrealircd/files/unrealircd.tmpfiles b/net-irc/unrealircd/files/unrealircd.tmpfiles
index 37afe71..8aed34b 100644
--- a/net-irc/unrealircd/files/unrealircd.tmpfiles
+++ b/net-irc/unrealircd/files/unrealircd.tmpfiles
@@ -1,2 +1 @@
 d /run/unrealircd 755 unrealircd unrealircd
-
diff --git a/net-irc/unrealircd/unrealircd-6.0.7.ebuild b/net-irc/unrealircd/unrealircd-6.0.7.ebuild
index e8ef8a0..c40b00a 100644
--- a/net-irc/unrealircd/unrealircd-6.0.7.ebuild
+++ b/net-irc/unrealircd/unrealircd-6.0.7.ebuild
@@ -71,7 +71,7 @@ src_configure() {
 		--with-logdir="${EPREFIX}"/var/log/${PN} \
 		--with-modulesdir="${EPREFIX}/usr/$(get_libdir)"/${PN}/modules \
 		--without-privatelibdir \
-		--with-pidfile="${EPREFIX}"/run/${PN}/ircd.pid \
+		--with-pidfile="${EPREFIX}"/run/${PN}.pid \
 		--with-tmpdir="${EPREFIX}"/var/lib/${PN}/tmp \
 		--with-maxconnections=1024 \
 		--with-nick-history=2000 \
@@ -82,7 +82,7 @@ src_configure() {
 		--with-system-sodium \
 		--with-system-jansson \
 		--enable-dynamic-linking \
-		--with-controlfile="${EPREFIX}"/run/${PN}/unrealircd.ctl \
+		--with-controlfile="${EPREFIX}"/run/${PN}/${PN}.ctl \
 		--enable-ssl="${EPREFIX}"/usr \
 		$(use_enable curl libcurl "${EPREFIX}"/usr) \
 		$(use_with !operoverride no-operoverride) \
@@ -122,7 +122,7 @@ src_install() {
 	einstalldocs
 
 	newinitd "${FILESDIR}"/${PN}.initd-r4 ${PN}
-	newconfd "${FILESDIR}"/${PN}.confd-r4 ${PN}
+	newconfd "${FILESDIR}"/${PN}.confd-r5 ${PN}
 
 	# config should be read-only
 	fperms -R 0640 /etc/${PN}