gnunet: improve packaging and set fix permissions on firstrun

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

net/gnunet/files/gnunet.init

@@ -6,17 +6,47 @@ STOP=10
 
 USE_PROCD=1
 PROG=/usr/lib/gnunet/libexec/gnunet-service-arm
-CONFIGFILE=/var/run/gnunet/gnunet.conf
+
+GNUNET_HOME=/var/run/gnunet
+CONFIGFILE=$GNUNET_HOME/gnunet.conf
+SUID_ROOT_HELPERS="exit nat-server nat-client transport-bluetooth transport-wlan vpn"
+
+chmodown_execbin() {
+	execname=/usr/lib/gnunet/libexec/gnunet-$1
+	if [ -x $execname ]; then
+		chmod $2 $execname
+		[ "$3" ] && chown $3 $execname
+	fi
+}
+
+fix_libexec_permissions() {
+	[ -e /usr/share/gnunet/.permfix ] && return
+	for helper in $SUID_ROOT_HELPERS; do
+		chmodown_execbin helper-$helper u+s
+	done
+	chmodown_execbin helper-dns 4750 root:gnunetdns
+	chmodown_execbin service-dns 2750 root:gnunetdns
+
+	touch /usr/share/gnunet/.permfix
+}
+
+prepare_config() {
+	mkdir -p $GNUNET_HOME
+	chown gnunet:gnunet $GNUNET_HOME
+	chmod 0750 $GNUNET_HOME
+	touch $CONFIGFILE
+	chown root:gnunet $CONFIGFILE
+	chmod 0640 $CONFIGFILE
+	gnunet-config -c /tmp/run/gnunet/gnunet.conf -s PATHS -o GNUNET_HOME -V $GNUNET_HOME
+	defaultservices=$( gnunet-config -c /tmp/run/gnunet/gnunet.conf -s arm -o DEFAULTSERVICES )
+	defaultservices="$defaultservices gns2dns"
+	gnunet-config -c /tmp/run/gnunet/gnunet.conf -s arm -o DEFAULTSERVICES -V "$defaultservices"
+}
 
 start_service() {
-	if [ ! -e /var/run/gnunet ]; then
-		mkdir -p /var/run/gnunet
-		chmod 0750 /var/run/gnunet
-		chown gnunet:gnunet /var/run/gnunet
-		touch $CONFIGFILE
-		chown gnunet:gnunet $CONFIGFILE
-		chmod 0600 $CONFIGFILE
-	fi
+	fix_libexec_permissions
+	[ ! -e $GNUNET_HOME ] && prepare_config
+
 	procd_open_instance
 	procd_set_param user gnunet
 	procd_set_param command $PROG -c $CONFIGFILE