This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a (commit) via b38c334a25047dc89f6448a2debe15fc930e7fd0 (commit) via 1413006b5b3bbb80ff017c2a966454e530c0e9aa (commit) from 9aefd1ed07eee7d83e5b274d4a83240811f9e091 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a Author: Erik Kapfer erik.kapfer@ipfire.org Date: Fri Jul 6 05:57:59 2018 +0200
OpenVPN: Deleted mtu-disc completely since it has been dropped.
Signed-off-by: Erik Kapfer erik.kapfer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit b38c334a25047dc89f6448a2debe15fc930e7fd0 Author: Matthias Fischer matthias.fischer@ipfire.org Date: Mon Jul 9 20:53:45 2018 +0200
clamav: Update to 0.100.1
For details see: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
Signed-off-by: Matthias Fischer matthias.fischer@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 1413006b5b3bbb80ff017c2a966454e530c0e9aa Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Jul 10 18:32:20 2018 +0100
aws: Create "setup" user to run setup
Amazon does not permit that a user logs in as root directly. Instead they insist on using sudo.
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/common/setup | 2 ++ html/cgi-bin/ovpnmain.cgi | 17 ++--------------- lfs/clamav | 6 +++--- src/initscripts/helper/aws-setup | 32 ++++++++++++++++++++------------ src/setup/Makefile.am | 8 ++++++++ src/setup/run-setup | 4 ++++ src/setup/sudo/setup | 2 ++ 7 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 src/setup/run-setup create mode 100644 src/setup/sudo/setup
Difference in files: diff --git a/config/rootfiles/common/setup b/config/rootfiles/common/setup index c5bd361a5..5da99c1cf 100644 --- a/config/rootfiles/common/setup +++ b/config/rootfiles/common/setup @@ -1,4 +1,6 @@ +etc/sudoers.d/setup usr/bin/probenic.sh +usr/bin/run-setup usr/sbin/setup usr/share/locale/ar/LC_MESSAGES/setup.mo usr/share/locale/ca/LC_MESSAGES/setup.mo diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index f06e7cf03..976300fc7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -271,7 +271,7 @@ sub writeserverconf { print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push "route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}"\n";
- # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500. + # Check if we are using mssfix, fragment and set the corretct mtu of 1500. # If we doesn't use one of them, we can use the configured mtu value. if ($sovpnsettings{'MSSFIX'} eq 'on') { print CONF "tun-mtu 1500\n"; } @@ -2183,15 +2183,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";} } - if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') || - ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') || - ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) { - if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) { - if ($tunmtu eq '1500' ) { - print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; - } - } - } # Check host certificate if X509 is RFC3280 compliant. # If not, old --ns-cert-type directive will be used. # If appropriate key usage extension exists, new --remote-cert-tls directive will be used. @@ -2272,7 +2263,7 @@ else print CLIENTCONF "dev tun\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
- # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # Check if we are using fragment, mssfix and set MTU to 1500 # or use configured value. if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { print CLIENTCONF "tun-mtu 1500\r\n"; } @@ -3378,7 +3369,6 @@ my $complzoactive; my $mssfixactive; my $authactive; my $n2nfragment; -my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]); my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto = split(/-/, $n2nproto2[1]); my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]); @@ -3414,7 +3404,6 @@ $n2nremsub[2] =~ s/\n|\r//g; $n2nlocalsub[2] =~ s/\n|\r//g; $n2nfragment[1] =~ s/\n|\r//g; $n2nmgmt[2] =~ s/\n|\r//g; -$n2nmtudisc[1] =~ s/\n|\r//g; $n2ncipher[1] =~ s/\n|\r//g; $n2nauth[1] =~ s/\n|\r//g; chomp ($complzoactive); @@ -3491,7 +3480,6 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[29] = $n2nport[1]; $confighash{$key}[30] = $complzoactive; $confighash{$key}[31] = $n2ntunmtu[1]; - $confighash{$key}[38] = $n2nmtudisc[1]; $confighash{$key}[39] = $n2nauth[1]; $confighash{$key}[40] = $n2ncipher[1]; $confighash{$key}[41] = 'disabled'; @@ -3531,7 +3519,6 @@ foreach my $dkey (keys %confighash) { <tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr> - <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr> <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr> diff --git a/lfs/clamav b/lfs/clamav index 7623801fb..c0612f1aa 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@
include Config
-VER = 0.100.0 +VER = 0.100.1
THISAPP = clamav-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = clamav -PAK_VER = 38 +PAK_VER = 39
DEPS = ""
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 93e8efb489c2afdfca73703b76c24e01 +$(DL_FILE)_MD5 = 0f653df0480eebcd828939e8db9f0443
install : $(TARGET)
diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup index f4ec45d90..0ae727c3f 100644 --- a/src/initscripts/helper/aws-setup +++ b/src/initscripts/helper/aws-setup @@ -84,19 +84,27 @@ import_aws_configuration() { echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings fi
- # Import SSH keys - local line - for line in $(get "public-keys/"); do - local key_no="${line%=*}" - - local key="$(get public-keys/${key_no}/openssh-key)" - if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then - mkdir -p /root/.ssh - chmod 700 /root/.ssh + # Create setup user + if ! getent passwd setup &>/dev/null; then + useradd -r setup -s /usr/bin/run-setup -g nobody -m + fi
- echo "${key}" >> /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - fi + # Import SSH keys + local user + for user in /root /home/setup; do + local line + for line in $(get "public-keys/"); do + local key_no="${line%=*}" + + local key="$(get public-keys/${key_no}/openssh-key)" + if [ -n "${key}" ] && ! grep -q "^${key}$" "${user}/.ssh/authorized_keys" 2>/dev/null; then + mkdir -p "${user}/.ssh" + chmod 700 "${user}/.ssh" + + echo "${key}" >> "${user}/.ssh/authorized_keys" + chmod 600 "${user}/.ssh/authorized_keys" + fi + done done
# Import any DNS server settings diff --git a/src/setup/Makefile.am b/src/setup/Makefile.am index 0ead63195..b06d20bf1 100644 --- a/src/setup/Makefile.am +++ b/src/setup/Makefile.am @@ -25,11 +25,16 @@ AM_CFLAGS = $(OUR_CFLAGS) AM_CXXFLAGS = $(OUR_CXXFLAGS) AM_LDFLAGS = $(OUR_LDFLAGS)
+sudodir = /etc/sudoers.d + bin_SCRIPTS = sbin_PROGRAMS =
#- setup -----------------------------------------------------------------------
+bin_SCRIPTS += \ + run-setup + sbin_PROGRAMS += \ setup
@@ -56,3 +61,6 @@ setup_LDADD = \
bin_SCRIPTS += \ probenic.sh + +sudo_DATA = \ + sudo/setup diff --git a/src/setup/run-setup b/src/setup/run-setup new file mode 100644 index 000000000..07b04cf43 --- /dev/null +++ b/src/setup/run-setup @@ -0,0 +1,4 @@ +#!/bin/bash + +# Runs setup and tries to gain root privileges +exec sudo setup diff --git a/src/setup/sudo/setup b/src/setup/sudo/setup new file mode 100644 index 000000000..a3bbd7b62 --- /dev/null +++ b/src/setup/sudo/setup @@ -0,0 +1,2 @@ +# The setup is allowed to run the setup command +setup ALL=(ALL) NOPASSWD: /usr/sbin/setup
hooks/post-receive -- IPFire 2.x development tree