This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, next has been updated via 83f1971428fa456462ee24ad6f0baab12f1ae8d7 (commit) via a19f33961c979b8c0b342971950337f7ed486c0d (commit) via 5114bcb3cdee18bdb30b71e9e0df2b559b561273 (commit) from 4d4760225bb7f2de1df9b38bfa56599c3f935499 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 83f1971428fa456462ee24ad6f0baab12f1ae8d7 Merge: 4d47602 a19f339 Author: Michael Tremer michael.tremer@ipfire.org Date: Sun Jan 27 15:58:14 2013 +0100
Merge remote-tracking branch 'ms/axel-fixperms' into next
commit a19f33961c979b8c0b342971950337f7ed486c0d Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 26 19:07:17 2013 +0100
update accelerator: Don't change owner of ALL files in cache.
When a file has been downloaded, all files in the update accelerator cache directory have been chowned which causes huge IO load. It is only required to set permissions that members of the group can delete the files (purge function on the web user interface).
Changing the owner is completely unnecessary as only the squid user needs write access and the web server is able to deliver any file in the update cache anyways.
commit 5114bcb3cdee18bdb30b71e9e0df2b559b561273 Merge: 5292c03 68e2d32 Author: Michael Tremer michael.tremer@ipfire.org Date: Sat Jan 26 18:54:44 2013 +0100
Merge remote-tracking branch 'stevee/axel-log-fix' into axel-fixperms
-----------------------------------------------------------------------
Summary of changes: config/etc/group | 2 +- config/rootfiles/common/misc-progs | 1 - config/rootfiles/core/66/update.sh | 7 +++++++ config/updxlrator/download | 17 ++++++++++++----- src/misc-progs/Makefile | 11 ++--------- 5 files changed, 22 insertions(+), 16 deletions(-)
Difference in files: diff --git a/config/etc/group b/config/etc/group index 3b155fa..46e4b80 100644 --- a/config/etc/group +++ b/config/etc/group @@ -14,7 +14,7 @@ dialout:x:16: floppy:x:19: tape:x:20: utmp:x:22: -squid:x:23: +squid:x:23:nobody ntp:x:38: dip:x:40: mysql:x:41: diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs index 2d6b2e2..d2cf710 100644 --- a/config/rootfiles/common/misc-progs +++ b/config/rootfiles/common/misc-progs @@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl usr/local/bin/timectrl #usr/local/bin/tripwirectrl usr/local/bin/updxlratorctrl -usr/local/bin/updxsetperms usr/local/bin/upnpctrl usr/local/bin/urlfilterctrl usr/local/bin/wirelessctrl diff --git a/config/rootfiles/core/66/update.sh b/config/rootfiles/core/66/update.sh index ac4e3ac..d764c43 100644 --- a/config/rootfiles/core/66/update.sh +++ b/config/rootfiles/core/66/update.sh @@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo add_to_backup etc/sysconfig/lm_sensors add_to_backup etc/sysconfig/rc.local add_to_backup usr/local/bin/vpn-watch +add_to_backup usr/local/bin/updxsetperms add_to_backup usr/libexec/ipsec
# Backup the files @@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then exit 2 fi
+# Add user nobody to group squid. +usermod -a -G squid nobody + echo echo Update Kernel to $KVER ... # @@ -184,6 +188,9 @@ rm -rf /lib/libncurses* rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack} rm -f /usr/local/bin/vpn-watch
+# Remove update accelerator permissions script. +rm -f /usr/local/bin/updxsetperms + # #Extract files tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C / diff --git a/config/updxlrator/download b/config/updxlrator/download index 8b219bc..1624609 100644 --- a/config/updxlrator/download +++ b/config/updxlrator/download @@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/; unless (-d "$repository/download/$vendorid") { system("mkdir -p $repository/download/$vendorid"); - #system("chmod 775 $repository/download/$vendorid"); + chmod 0775, "$repository/download/$vendorid"; }
if($restartdl == 0) @@ -159,13 +159,13 @@ if ($_ == 0) unless (-d "$repository/$vendorid") { system("mkdir -p $repository/$vendorid"); - #system("chmod 775 $repository/$vendorid"); + chmod 0775, "$repository/$vendorid"; }
unless (-d "$repository/$vendorid/$uuid") { system("mkdir -p $repository/$vendorid/$uuid"); - #system("chmod 775 $repository/$vendorid/$uuid"); + chmod 0775, "$repository/$vendorid/$uuid"; }
&writelog("Moving file to the cache directory: $vendorid/$uuid"); @@ -180,8 +180,15 @@ if ($_ == 0) &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time); &UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
- system("/usr/local/bin/updxsetperms"); - #system("chmod 775 $repository/$vendorid/$uuid/*"); + # Update permissions of all files in the download directory. + my @files = ( + "$repository/$vendorid/$uuid/source.url", + "$repository/$vendorid/$uuid/status", + "$repository/$vendorid/$uuid/checkup.log", + "$repository/$vendorid/$uuid/access.log", + "$repository/$vendorid/$uuid/$updatefile" + ); + chmod 0664, @files;
unlink ("$repository/download/$vendorid/$updatefile.info");
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile index 33d1d66..cc33266 100644 --- a/src/misc-progs/Makefile +++ b/src/misc-progs/Makefile @@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \ smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \ setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \ getconntracktable -SUID_UPDX = updxsetperms
install : all install -m 755 $(PROGS) /usr/local/bin install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin - install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX) +all : $(PROGS) $(SUID_PROGS)
clean : - -rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core + -rm -f $(PROGS) $(SUID_PROGS) *.o core
######
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
$(PROGS): setuid.o
-$(SUID_UPDX): setuid.o - logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o - $(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@ - fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o $(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
hooks/post-receive -- IPFire 2.x development tree