* [PATCH 0/6] Patchset for fixing errors surfaced in Core Update 157 (testing)
@ 2021-05-21 13:40 Peter Müller
2021-05-21 13:40 ` [PATCH 1/6] Core Update 157: Apply changed SSH configurations Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:40 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1339 bytes --]
This patchset fixes various errors in Core Update 157 (testing, see:
https://blog.ipfire.org/post/ipfire-2-25-core-update-157-available-for-testing)
which surfaced on my testing machine.
While the forgotten application of the SSH configuration is tedious, the forgotten
shipment of the backup CGI files are more serious, since this is necessary to fix
#12619. This was my fault, and rebuilding the Core Update will be necessary to
include this fix.
Peter Müller (6):
Core Update 157: Apply changed SSH configurations
Core Update 157: Ship backup package to apply changed permissions
pppd: Explicitly ship pppd shared object files
Core Update 157: Delete shared object files leftover from pppd 2.4.8
nagios-plugins: Set SUID bit for plugins which need it to function
properly
Icinga: Do not ship event handlers for Nagios
config/rootfiles/common/ppp | 24 +++++++++++-----------
config/rootfiles/core/157/filelists/backup | 1 +
config/rootfiles/core/157/update.sh | 7 +++++++
config/rootfiles/packages/icinga | 2 +-
lfs/icinga | 2 +-
lfs/nagios-plugins | 9 +++++++-
6 files changed, 30 insertions(+), 15 deletions(-)
create mode 120000 config/rootfiles/core/157/filelists/backup
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 1/6] Core Update 157: Apply changed SSH configurations
2021-05-21 13:40 [PATCH 0/6] Patchset for fixing errors surfaced in Core Update 157 (testing) Peter Müller
@ 2021-05-21 13:40 ` Peter Müller
2021-05-21 13:41 ` [PATCH 2/6] Core Update 157: Ship backup package to apply changed permissions Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:40 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 807 bytes --]
This is necessary to fix SSH not starting after upgrading to Core Update
157 unless it's settings are manually written via the WebUI.
Reported-by: Erik Kapfer <ummeegge(a)ipfire.org>
Reported-by: Tom Rymes <tom(a)rymes.net>
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/core/157/update.sh | 3 +++
1 file changed, 3 insertions(+)
diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh
index ce7b6f5bf..a53aa0759 100644
--- a/config/rootfiles/core/157/update.sh
+++ b/config/rootfiles/core/157/update.sh
@@ -97,6 +97,9 @@ extract_files
# update linker config
ldconfig
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
# Update Language cache
/usr/local/bin/update-lang-cache
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 2/6] Core Update 157: Ship backup package to apply changed permissions
2021-05-21 13:40 ` [PATCH 1/6] Core Update 157: Apply changed SSH configurations Peter Müller
@ 2021-05-21 13:41 ` Peter Müller
2021-05-21 13:41 ` [PATCH 3/6] pppd: Explicitly ship pppd shared object files Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:41 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 785 bytes --]
This is required as "backup" itself does not gets updated automatically,
contrary to it's LFS file suggesting by having a "PAK_VER" number.
In order to fix #12619, it is therefore necessary to ship the backup
files with Core Update 157.
Partially fixes: #12619
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/core/157/filelists/backup | 1 +
1 file changed, 1 insertion(+)
create mode 120000 config/rootfiles/core/157/filelists/backup
diff --git a/config/rootfiles/core/157/filelists/backup b/config/rootfiles/core/157/filelists/backup
new file mode 120000
index 000000000..38e28a8b4
--- /dev/null
+++ b/config/rootfiles/core/157/filelists/backup
@@ -0,0 +1 @@
+../../../common/backup
\ No newline at end of file
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 3/6] pppd: Explicitly ship pppd shared object files
2021-05-21 13:41 ` [PATCH 2/6] Core Update 157: Ship backup package to apply changed permissions Peter Müller
@ 2021-05-21 13:41 ` Peter Müller
2021-05-21 13:41 ` [PATCH 4/6] Core Update 157: Delete shared object files leftover from pppd 2.4.8 Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:41 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1590 bytes --]
These are needed by pppd, but were not previously shipped as such.
Instead, since their parent directory at /usr/lib/pppd/${version}/ was
not commented out, we implicitly shipped the entire directory.
This patch does not change our behaviour in the end, but makes things
more transparent to developers.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/common/ppp | 24 ++++++++++++------------
1 file changed, 12 insertions(+), 12 deletions(-)
diff --git a/config/rootfiles/common/ppp b/config/rootfiles/common/ppp
index 8d0af69c4..d61fdf811 100644
--- a/config/rootfiles/common/ppp
+++ b/config/rootfiles/common/ppp
@@ -38,18 +38,18 @@ etc/ppp/standardloginscript
#usr/include/pppd/upap.h
usr/lib/pppd
usr/lib/pppd/2.4.9
-#usr/lib/pppd/2.4.9/minconn.so
-#usr/lib/pppd/2.4.9/openl2tp.so
-#usr/lib/pppd/2.4.9/passprompt.so
-#usr/lib/pppd/2.4.9/passwordfd.so
-#usr/lib/pppd/2.4.9/pppoatm.so
-#usr/lib/pppd/2.4.9/pppoe.so
-#usr/lib/pppd/2.4.9/pppol2tp.so
-#usr/lib/pppd/2.4.9/radattr.so
-#usr/lib/pppd/2.4.9/radius.so
-#usr/lib/pppd/2.4.9/radrealms.so
-#usr/lib/pppd/2.4.9/rp-pppoe.so
-#usr/lib/pppd/2.4.9/winbind.so
+usr/lib/pppd/2.4.9/minconn.so
+usr/lib/pppd/2.4.9/openl2tp.so
+usr/lib/pppd/2.4.9/passprompt.so
+usr/lib/pppd/2.4.9/passwordfd.so
+usr/lib/pppd/2.4.9/pppoatm.so
+usr/lib/pppd/2.4.9/pppoe.so
+usr/lib/pppd/2.4.9/pppol2tp.so
+usr/lib/pppd/2.4.9/radattr.so
+usr/lib/pppd/2.4.9/radius.so
+usr/lib/pppd/2.4.9/radrealms.so
+usr/lib/pppd/2.4.9/rp-pppoe.so
+usr/lib/pppd/2.4.9/winbind.so
usr/sbin/chat
usr/sbin/pppd
usr/sbin/pppdump
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 4/6] Core Update 157: Delete shared object files leftover from pppd 2.4.8
2021-05-21 13:41 ` [PATCH 3/6] pppd: Explicitly ship pppd shared object files Peter Müller
@ 2021-05-21 13:41 ` Peter Müller
2021-05-21 13:42 ` [PATCH 5/6] nagios-plugins: Set SUID bit for plugins which need it to function properly Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:41 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 628 bytes --]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/core/157/update.sh | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/config/rootfiles/core/157/update.sh b/config/rootfiles/core/157/update.sh
index a53aa0759..94b10723f 100644
--- a/config/rootfiles/core/157/update.sh
+++ b/config/rootfiles/core/157/update.sh
@@ -124,6 +124,10 @@ rm -f \
/usr/lib/dma-mbox-create \
/usr/lib/openssh/ssh-keysign
+# Delete orphaned pppd 2.4.8 shared object files
+rm -rf \
+ /usr/lib/pppd/2.4.8/
+
# Start services
/etc/init.d/sshd restart
/etc/init.d/apache restart
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 5/6] nagios-plugins: Set SUID bit for plugins which need it to function properly
2021-05-21 13:41 ` [PATCH 4/6] Core Update 157: Delete shared object files leftover from pppd 2.4.8 Peter Müller
@ 2021-05-21 13:42 ` Peter Müller
2021-05-21 13:42 ` [PATCH 6/6] Icinga: Do not ship event handlers for Nagios Peter Müller
0 siblings, 1 reply; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:42 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 994 bytes --]
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
lfs/nagios-plugins | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lfs/nagios-plugins b/lfs/nagios-plugins
index d35a94bbe..cdf1910b0 100644
--- a/lfs/nagios-plugins
+++ b/lfs/nagios-plugins
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = nagios-plugins
-PAK_VER = 5
+PAK_VER = 6
DEPS =
@@ -92,4 +92,11 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Prevent Nagios plugins from being owned (and hence writeable) by "nobody"
chown root:root -R /usr/lib/nagios/plugins
+ # Unfortunately, some of these plugins need the SUID bit to do their work properly
+ chmod +s \
+ /usr/lib/nagios/plugins/check_dhcp \
+ /usr/lib/nagios/plugins/check_icmp \
+ /usr/lib/nagios/plugins/check_ide_smart \
+ /usr/lib/nagios/plugins/check_ping
+
@$(POSTBUILD)
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
* [PATCH 6/6] Icinga: Do not ship event handlers for Nagios
2021-05-21 13:42 ` [PATCH 5/6] nagios-plugins: Set SUID bit for plugins which need it to function properly Peter Müller
@ 2021-05-21 13:42 ` Peter Müller
0 siblings, 0 replies; 7+ messages in thread
From: Peter Müller @ 2021-05-21 13:42 UTC (permalink / raw)
To: development
[-- Attachment #1: Type: text/plain, Size: 1549 bytes --]
These are owned (hence being writable) by "nobody", posing a potential
security risk. Since the files itself were already exluded from being
shipped, their parent directory should be as well.
This patch should reduce the amount of executable files being owned by
nobody to zero after upgrading to Core Update 157. Due to complexity
reasons, not all applications available in Pakfire could be tested,
though, so your mileage may vary.
Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org>
---
config/rootfiles/packages/icinga | 2 +-
lfs/icinga | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/config/rootfiles/packages/icinga b/config/rootfiles/packages/icinga
index f81ba9db2..000be6346 100644
--- a/config/rootfiles/packages/icinga
+++ b/config/rootfiles/packages/icinga
@@ -25,7 +25,7 @@ usr/bin/icinga
usr/bin/icingastats
#usr/lib/icinga
usr/lib/icinga/p1.pl
-usr/lib/nagios/plugins/eventhandlers
+#usr/lib/nagios/plugins/eventhandlers
#usr/lib/nagios/plugins/eventhandlers/disable_active_service_checks
#usr/lib/nagios/plugins/eventhandlers/disable_notifications
#usr/lib/nagios/plugins/eventhandlers/distributed-monitoring
diff --git a/lfs/icinga b/lfs/icinga
index 6534722ac..456f66388 100644
--- a/lfs/icinga
+++ b/lfs/icinga
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = icinga
-PAK_VER = 4
+PAK_VER = 5
DEPS = nagios-plugins
--
2.26.2
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2021-05-21 13:42 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-21 13:40 [PATCH 0/6] Patchset for fixing errors surfaced in Core Update 157 (testing) Peter Müller
2021-05-21 13:40 ` [PATCH 1/6] Core Update 157: Apply changed SSH configurations Peter Müller
2021-05-21 13:41 ` [PATCH 2/6] Core Update 157: Ship backup package to apply changed permissions Peter Müller
2021-05-21 13:41 ` [PATCH 3/6] pppd: Explicitly ship pppd shared object files Peter Müller
2021-05-21 13:41 ` [PATCH 4/6] Core Update 157: Delete shared object files leftover from pppd 2.4.8 Peter Müller
2021-05-21 13:42 ` [PATCH 5/6] nagios-plugins: Set SUID bit for plugins which need it to function properly Peter Müller
2021-05-21 13:42 ` [PATCH 6/6] Icinga: Do not ship event handlers for Nagios Peter Müller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox