bruce guenter has recently released a new implementation of cron dubbed bcron. http://untroubled.org/bcron This is bcron, a new cron system designed with secure operations in mind. To do this, the system is divided into several seperate programs, each responsible for a seperate task, with strictly controlled communications between them. The user interface is a drop-in replacement for similar systems (such as vixie-cron), but the internals differ greatly. -- http://untroubled.org/bcron/bcron.html
Created attachment 56374 [details] sys-process/bcron-0.08.ebuild this is still a little rough... - bcron needs some pretty hefty permissions on /var/spool/cron (0700 cron:cron) - the run scripts are not put into place (just copied to /usr/share/doc) as bcron _does_ handle the system crontabs /etc/crontab and /etc/cron.d the default comment in the cron eclass needs a patch :)
Created attachment 56376 [details] sys-process/bcron/files/crontab basically a copy from vixie-cron...
Created attachment 56377 [details] sys-process/bcron/metadata.xml
Looks promising. I'll have a read through the source and check it for pam / selinux friendliness.
I assume we'll want to let bcron handle /etc/conf.d instead of running run-crons?
well, there are lots of ebuilds which put stuff in cron.{hourly|daily|...} so i think those need to be run... AFAIK vixie-cron handles both cron.d AND run-crons (yeah - the ebuild does not install the /etc/crontab)
bah dont worry about me. had a brainfart and mixed up cron.d with cron.hourly, etc
Meh. Ok, I can't take this one, the djb crapware isn't playing nice with the rest of my system.
i've committed sys-process/bcron-0.09 the other day. if you have no objections, i'll join the cron herd and maintain bcron. outstanding issues: - write a paragraph for the cron guide - as bcron also handles system crontabs, this has to be honored in the cron.eclass (cron_pkg_postinst) i welcome your input.
alrighty - unmasked bcron and joined the cron herd proposal: the following patch to the cron.eclass diff -u -b -B -r1.9 cron.eclass --- cron.eclass 6 Sep 2005 04:20:02 -0000 1.9 +++ cron.eclass 10 Jun 2006 16:03:45 -0000 @@ -134,8 +134,8 @@ cron_pkg_postinst() { echo - # vixie is the only daemon that has a true system crontab - if [[ "${PN}" != "vixie-cron" ]] ; then + # vixie and bcron are the only crons that have a true system crontab + if [ "${PN}" != "vixie-cron" -a "${PN}" != "bcron" ] ; then einfo "To activate /etc/cron.{hourly|daily|weekly|monthly} please run:" einfo " crontab /etc/crontab" einfo
rather than hardcoding this crap in the eclass, why not make the ebuild declare whether it supports an /etc/cron.*/ setup bcron: CRON_TIME_DIRS="no" cron.eclass: if [[ ${CRON_TIME_DIRS} != "no" ]] ; then einfo "To activate /etc/cron.{hourly|daily|weekly|monthly} ....
yeah - good idea! CRON_SYSTEM_CRONTAB would probably fit the bill better... (only bcron and vixie-cron support a system crontab (/etc/crontab) while the others install the system crontab as root's crontab - hence they have to run crontab /etc/crontab as root IIRC) anyone volunteering to make these changes for vixie-cron? BTW what is the difference between [ and [[ (or why is [[ not the same as test test)?
i have added CRON_SYSTEM_CRONTAB="yes" to the bcron ebuild and propose the following patch for the cron.eclass: ================ Index: cron.eclass =================================================================== RCS file: /var/cvsroot/gentoo-x86/eclass/cron.eclass,v retrieving revision 1.9 diff -u -b -B -r1.9 cron.eclass --- cron.eclass 6 Sep 2005 04:20:02 -0000 1.9 +++ cron.eclass 19 Oct 2006 09:12:24 -0000 @@ -134,8 +134,8 @@ cron_pkg_postinst() { echo - # vixie is the only daemon that has a true system crontab - if [[ "${PN}" != "vixie-cron" ]] ; then + # vixie and bcron are the only daemons that have a true system crontab + if [[ "${CRON_SYSTEM_CRONTAB:-no}" != "yes" ]] ; then einfo "To activate /etc/cron.{hourly|daily|weekly|monthly} please run:" einfo " crontab /etc/crontab" einfo ================ for this to work the line CRON_SYSTEM_CRONTAB="yes" has to be added to all vixie-cron ebuilds. in fact, this has to be done before the above patch is applied to the cron.eclass. feedback, comments, flames? thanks
added CRON_SYSTEM_CRONTAB="yes" to all vixie-cron ebuilds in cvs. the abovementioned change to the cron eclass is about to be committed.
Any plans to mark this stable? I'm only asking because of bug 197248; we don't recommend that users use ~arch packages in our documentation. Not if it can possibly be avoided.
everything done here, whats left is keywording and stable marking... will open a new bug for that, though.
