This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 83f1971428fa456462ee24ad6f0baab12f1ae8d7 (commit)
via a19f33961c979b8c0b342971950337f7ed486c0d (commit)
via 5114bcb3cdee18bdb30b71e9e0df2b559b561273 (commit)
from 4d4760225bb7f2de1df9b38bfa56599c3f935499 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 83f1971428fa456462ee24ad6f0baab12f1ae8d7
Merge: 4d47602 a19f339
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jan 27 15:58:14 2013 +0100
Merge remote-tracking branch 'ms/axel-fixperms' into next
commit a19f33961c979b8c0b342971950337f7ed486c0d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 26 19:07:17 2013 +0100
update accelerator: Don't change owner of ALL files in cache.
When a file has been downloaded, all files in the update accelerator
cache directory have been chowned which causes huge IO load.
It is only required to set permissions that members of the group
can delete the files (purge function on the web user interface).
Changing the owner is completely unnecessary as only the squid
user needs write access and the web server is able to deliver
any file in the update cache anyways.
commit 5114bcb3cdee18bdb30b71e9e0df2b559b561273
Merge: 5292c03 68e2d32
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jan 26 18:54:44 2013 +0100
Merge remote-tracking branch 'stevee/axel-log-fix' into axel-fixperms
-----------------------------------------------------------------------
Summary of changes:
config/etc/group | 2 +-
config/rootfiles/common/misc-progs | 1 -
config/rootfiles/core/66/update.sh | 7 +++++++
config/updxlrator/download | 17 ++++++++++++-----
src/misc-progs/Makefile | 11 ++---------
5 files changed, 22 insertions(+), 16 deletions(-)
Difference in files:
diff --git a/config/etc/group b/config/etc/group
index 3b155fa..46e4b80 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -14,7 +14,7 @@ dialout:x:16:
floppy:x:19:
tape:x:20:
utmp:x:22:
-squid:x:23:
+squid:x:23:nobody
ntp:x:38:
dip:x:40:
mysql:x:41:
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 2d6b2e2..d2cf710 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl
usr/local/bin/timectrl
#usr/local/bin/tripwirectrl
usr/local/bin/updxlratorctrl
-usr/local/bin/updxsetperms
usr/local/bin/upnpctrl
usr/local/bin/urlfilterctrl
usr/local/bin/wirelessctrl
diff --git a/config/rootfiles/core/66/update.sh b/config/rootfiles/core/66/update.sh
index ac4e3ac..d764c43 100644
--- a/config/rootfiles/core/66/update.sh
+++ b/config/rootfiles/core/66/update.sh
@@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo
add_to_backup etc/sysconfig/lm_sensors
add_to_backup etc/sysconfig/rc.local
add_to_backup usr/local/bin/vpn-watch
+add_to_backup usr/local/bin/updxsetperms
add_to_backup usr/libexec/ipsec
# Backup the files
@@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then
exit 2
fi
+# Add user nobody to group squid.
+usermod -a -G squid nobody
+
echo
echo Update Kernel to $KVER ...
#
@@ -184,6 +188,9 @@ rm -rf /lib/libncurses*
rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
rm -f /usr/local/bin/vpn-watch
+# Remove update accelerator permissions script.
+rm -f /usr/local/bin/updxsetperms
+
#
#Extract files
tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
diff --git a/config/updxlrator/download b/config/updxlrator/download
index 8b219bc..1624609 100644
--- a/config/updxlrator/download
+++ b/config/updxlrator/download
@@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/;
unless (-d "$repository/download/$vendorid")
{
system("mkdir -p $repository/download/$vendorid");
- #system("chmod 775 $repository/download/$vendorid");
+ chmod 0775, "$repository/download/$vendorid";
}
if($restartdl == 0)
@@ -159,13 +159,13 @@ if ($_ == 0)
unless (-d "$repository/$vendorid")
{
system("mkdir -p $repository/$vendorid");
- #system("chmod 775 $repository/$vendorid");
+ chmod 0775, "$repository/$vendorid";
}
unless (-d "$repository/$vendorid/$uuid")
{
system("mkdir -p $repository/$vendorid/$uuid");
- #system("chmod 775 $repository/$vendorid/$uuid");
+ chmod 0775, "$repository/$vendorid/$uuid";
}
&writelog("Moving file to the cache directory: $vendorid/$uuid");
@@ -180,8 +180,15 @@ if ($_ == 0)
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
- system("/usr/local/bin/updxsetperms");
- #system("chmod 775 $repository/$vendorid/$uuid/*");
+ # Update permissions of all files in the download directory.
+ my @files = (
+ "$repository/$vendorid/$uuid/source.url",
+ "$repository/$vendorid/$uuid/status",
+ "$repository/$vendorid/$uuid/checkup.log",
+ "$repository/$vendorid/$uuid/access.log",
+ "$repository/$vendorid/$uuid/$updatefile"
+ );
+ chmod 0664, @files;
unlink ("$repository/download/$vendorid/$updatefile.info");
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 33d1d66..cc33266 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
getconntracktable
-SUID_UPDX = updxsetperms
install : all
install -m 755 $(PROGS) /usr/local/bin
install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
- install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
+all : $(PROGS) $(SUID_PROGS)
clean :
- -rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
+ -rm -f $(PROGS) $(SUID_PROGS) *.o core
######
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
$(PROGS): setuid.o
-$(SUID_UPDX): setuid.o
-
logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o
setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
- $(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
hooks/post-receive
--
IPFire 2.x development tree