This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 6a0868472f76b05936bf571ffb5e61bdb4e5f9bb (commit) via 86b85e6e5300e5dabded7ba2bf78fac04f443e26 (commit) via 81d774856061df1a4029264ff50acad50b3bf03a (commit) via 98fe558a9890d5a070b2f0540f0724faeef91baa (commit) via ef0d695fe450619103b3248eda39992dfaae79c7 (commit) via cdfe238b7eb4a69b48d0f3251afce0b3564f702d (commit) via 172334166678d04894cf32eb8eda65148c2e6506 (commit) via fddc3ac8220191e0ecbe7d2b99c3edfb3dd091da (commit) via 2da105c2101b954ab99a3e5120ba9b8b48912267 (commit) via da3efef2683061027d41ee9c45da41caa8875ab2 (commit) via 26d6a9afc449ac32635b37042f4c4b5d68f46899 (commit) via 94234825157b13c9e1debcb7d901181b4c765465 (commit) via 1a011e61c7e92a77dc6ed0df00bd3ae3dcd116a7 (commit) via d9b8f00edea15f80d1819373140868117ec90e3b (commit) via 579d794a2f846a5ef4ce98cada64f553df365f5c (commit) from d3d2a06f30ed3a2676df7b3e6376973cfc6ee036 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 6a0868472f76b05936bf571ffb5e61bdb4e5f9bb Merge: 86b85e6 81d7748 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 23:05:22 2011 +0100
Merge remote-tracking branch 'stevee/freeradius'
commit 86b85e6e5300e5dabded7ba2bf78fac04f443e26 Merge: ef0d695 26d6a9a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 23:05:17 2011 +0100
Merge remote-tracking branch 'stevee/tmpfiles'
commit 81d774856061df1a4029264ff50acad50b3bf03a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 22:55:19 2011 +0100
freeradius: Splitt package, add scriptlets.
* Splitt package into server and utils packages. * Add systemd scriptlet * Remove deprecated dependency to "make". In the past we used it for initial certificate generation. Now we do this with a script in the systemd file.
Fixes #281
commit 98fe558a9890d5a070b2f0540f0724faeef91baa Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 22:00:18 2011 +0100
freeradius: Rework package.
* Run daemon as user/group radiusd * Add logfiles * Remove a lot of unneeded stuff, like unsopported conf file or development headers. * Create tmpfiles folder.
Reference #281 Fixes #280
commit ef0d695fe450619103b3248eda39992dfaae79c7 Merge: cdfe238 1a011e6 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 22:26:37 2011 +0100
Merge remote-tracking branch 'stevee/initscripts'
commit cdfe238b7eb4a69b48d0f3251afce0b3564f702d Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 21:10:41 2011 +0100
openssh: Fix weird configuration files.
Configuration files were not recognized as those and had invalid options.
commit 172334166678d04894cf32eb8eda65148c2e6506 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 21:05:41 2011 +0100
freeradius: Update to 2.1.12.
Reference #281.
commit fddc3ac8220191e0ecbe7d2b99c3edfb3dd091da Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 20:38:04 2011 +0100
radvd: Create tmpfiles in package.
References #280.
commit 2da105c2101b954ab99a3e5120ba9b8b48912267 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 20:37:42 2011 +0100
pdns-recursor: Create tmpfiles in package.
References #280.
commit da3efef2683061027d41ee9c45da41caa8875ab2 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Nov 1 20:35:50 2011 +0100
lldpd: Update to 0.5.4.
The os-release patch was accepted upstream.
References #280.
commit 26d6a9afc449ac32635b37042f4c4b5d68f46899 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 19:29:49 2011 +0100
named: Create tmpfiles in package.
Reference #280
commit 94234825157b13c9e1debcb7d901181b4c765465 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 19:08:45 2011 +0100
lighttpd: Add scriptlet for systemd, fix tmpfiles directory.
Also ship directories from tmpfiles with the package.
Reference #280
commit 1a011e61c7e92a77dc6ed0df00bd3ae3dcd116a7 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 13:17:01 2011 +0100
initscripts: Add /etc/rc.local.
This file allows own instructions and will be executed at the end of the boot process.
Fixes #273
commit d9b8f00edea15f80d1819373140868117ec90e3b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 13:00:54 2011 +0100
initscripts: Remove sysctl.conf from package.
The network settings from that file will be done by the network package.
commit 579d794a2f846a5ef4ce98cada64f553df365f5c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Tue Nov 1 12:58:23 2011 +0100
initscript: Cleanup package.
* Removed obsolate functions file. * Removed deprecated /etc/sysconfig files.
-----------------------------------------------------------------------
Summary of changes: bind/bind.nm | 23 ++- bind/named.tmpfiles | 2 +- freeradius/freeradius.nm | 146 ++++++++--- freeradius/freeradius.tmpfiles | 2 +- .../patches/freeradius-2.1.6-cert-config.patch | 68 ----- freeradius/patches/freeradius-cert-config.patch | 62 +++++ freeradius/systemd/freeradius.service | 8 +- initscripts/functions | 284 -------------------- initscripts/initscripts.nm | 35 ++- initscripts/rc.local | 4 + initscripts/sysconfig/clock | 1 - initscripts/sysconfig/createfiles | 28 -- initscripts/sysconfig/modules | 21 -- initscripts/sysconfig/network | 1 - initscripts/sysconfig/rc | 52 ---- initscripts/sysconfig/rc.local | 27 -- initscripts/sysconfig/rc.site | 71 ----- initscripts/sysctl.conf | 28 -- initscripts/systemd/rc-local.service | 15 + lighttpd/lighttpd.nm | 56 ++++- lighttpd/lighttpd.tmpfiles | 2 +- lldpd/lldpd.nm | 46 +++- lldpd/lldpd.tmpfiles | 2 +- lldpd/patches/lldpd-0.52.x-os-release.patch | 92 ------- lldpd/systemd/lldpd.service | 3 +- openssh/openssh.nm | 14 +- openssh/sshd_config | 117 -------- pdns-recursor/pdns-recursor.nm | 25 ++- radvd/radvd.nm | 29 ++- radvd/radvd.tmpfiles | 2 +- 30 files changed, 384 insertions(+), 882 deletions(-) delete mode 100644 freeradius/patches/freeradius-2.1.6-cert-config.patch create mode 100644 freeradius/patches/freeradius-cert-config.patch delete mode 100644 initscripts/functions create mode 100644 initscripts/rc.local delete mode 100644 initscripts/sysconfig/clock delete mode 100644 initscripts/sysconfig/createfiles delete mode 100644 initscripts/sysconfig/modules delete mode 100644 initscripts/sysconfig/network delete mode 100644 initscripts/sysconfig/rc delete mode 100644 initscripts/sysconfig/rc.local delete mode 100644 initscripts/sysconfig/rc.site delete mode 100644 initscripts/sysctl.conf create mode 100644 initscripts/systemd/rc-local.service delete mode 100644 lldpd/patches/lldpd-0.52.x-os-release.patch delete mode 100644 openssh/sshd_config
Difference in files: diff --git a/bind/bind.nm b/bind/bind.nm index 92290af..2799b0e 100644 --- a/bind/bind.nm +++ b/bind/bind.nm @@ -5,7 +5,7 @@
name = bind version = 9.8.1 -release = 2 +release = 3
groups = Networking/Tools url = http://www.isc.org/products/BIND/ @@ -62,6 +62,7 @@ build libidn-devel pkg-config openssl-devel + shadow-utils end
configure_options += \ @@ -97,6 +98,9 @@ build libtoolize -c -f aclocal -I m4 --force autoconf -f + + # Create user and group for /run directory. + %{create_user} end
install @@ -150,9 +154,19 @@ build ln -svf ../../lib/libirs-export.so.80 %{BUILDROOT}/usr/lib/libirs-export.so ln -svf ../../lib/libisccfg-export.so.82 %{BUILDROOT}/usr/lib/libisccfg-export.so ln -svf ../../lib/libisc-export.so.83 %{BUILDROOT}/usr/lib/libisc-export.so + + # Create /run/named. + mkdir -pv %{BUILDROOT}/run/named + chown -Rv named.named %{BUILDROOT}/run/named/ end end
+create_user + getent group named >/dev/null || /usr/sbin/groupadd -r named + getent passwd named >/dev/null || /usr/sbin/useradd -r -g named \ + -d /var/named -c "User for bind DNS server" -s /sbin/nologin named +end + packages package %{name} requires @@ -163,12 +177,7 @@ packages prerequires += shadow-utils
script prein - # Create unprivileged user and group. - getent group named > /dev/null || groupadd -r named - getent passwd named > /dev/null || \ - useradd -r -g named -d /var/named -s /sbin/nologin \ - -c "User for bind DNS server" named - exit 0 + %{create_user} end
# XXX Add systemd scriptlet if a service file becomes available diff --git a/bind/named.tmpfiles b/bind/named.tmpfiles index 8a7fa49..640a656 100644 --- a/bind/named.tmpfiles +++ b/bind/named.tmpfiles @@ -1 +1 @@ -d /var/run/named 0755 named named - +d /run/named 0755 named named - diff --git a/freeradius/freeradius.nm b/freeradius/freeradius.nm index e780786..62b7289 100644 --- a/freeradius/freeradius.nm +++ b/freeradius/freeradius.nm @@ -4,8 +4,8 @@ ###############################################################################
name = freeradius-server -version = 2.1.9 -release = 2 +version = 2.1.12 +release = 3
groups = System/Daemons url = http://www.freeradius.org @@ -13,14 +13,14 @@ license = GPLv2+ and LGPLv2+ summary = High-performance and highly configurable free RADIUS server.
description - The FreeRADIUS Server Project is a high performance and highly \ - configurable GPL'd free RADIUS server. \ - FreeRADIUS is an Internet authentication daemon, which implements \ - the RADIUS protocol, as defined in RFC 2865. It allows \ + The FreeRADIUS Server Project is a high performance and highly + configurable GPL'd free RADIUS server. + FreeRADIUS is an Internet authentication daemon, which implements + the RADIUS protocol, as defined in RFC 2865. It allows Network Access Servers to perform authentication for dial-up users. end
-source_dl = +source_dl = ftp://ftp.freeradius.org/pub/freeradius/
build requires @@ -30,50 +30,126 @@ build libtool-devel openssl-devel perl + shadow-utils end
- build - ./configure \ - %{CONFIGURE_ARCH} \ - --prefix=/usr \ - --sysconfdir=/etc \ - --libdir=/usr/lib/freeradius \ - --localstatedir=/var \ - --with-system-libtool \ - --with-threads \ - --with-thread-pool \ - --disable-ltdl-install \ - --with-gnu-ld \ - --without-rlm_eap_ikev2 \ - --without-rlm_sql_iodbc \ - --without-rlm_sql_firebird \ - --without-rlm_sql_db2 \ - --without-rlm_sql_oracle - - make LIBTOOL="libtool --tag=CC" #%{PARALLELISMFLAGS} + PARALLELISMFLAGS = # Disabled + + configure_options +=\ + %{CONFIGURE_ARCH} \ + --sysconfdir=/etc \ + --libdir=/usr/lib/freeradius \ + --localstatedir=/var \ + --with-system-libtool \ + --with-threads \ + --with-thread-pool \ + --disable-ltdl-install \ + --with-gnu-ld \ + --without-rlm_eap_ikev2 \ + --without-rlm_sql_iodbc \ + --without-rlm_sql_firebird \ + --without-rlm_sql_db2 \ + --without-rlm_sql_oracle + + prepare_cmds + %{create_user} end
+ make_build_targets = LINK_MODE=-pie + install - R=%{BUILDROOT} make install - end + make install R=%{BUILDROOT} + + # Change freeradius user and group. + perl -i -pe 's/^#user =.*$/user = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf + perl -i -pe 's/^#group =.*$/group = radiusd/' %{BUILDROOT}/etc/raddb/radiusd.conf + + # Create emty logfiles. + mkdir -pv %{BUILDROOT}/var/log/radius/radacct + touch %{BUILDROOT}/var/log/radius/{radutmp,radius.log} + chown -Rv radiusd.radiusd %{BUILDROOT}/var/log/radius/ + + # Create tmpfiles folder. + mkdir -pv %{BUILDROOT}/run/radiusd + chown -Rv radiusd.radiusd %{BUILDROOT}/run/radiusd/ + + # Remove unneeded stuff. + rm -vf %{BUILDROOT}/usr/sbin/rc.radiusd + rm -rvf %{BUILDROOT}/etc/raddb/sql/ + rm -rvf %{BUILDROOT}/var/run/ + + # Remove header files, we don't ship a devel package. + rm -rvf %{BUILDROOT}/usr/include/
- install_cmds - mkdir -pv %{BUILDROOT}/etc/logrotate.d/ - cp -vf %{DIR_SOURCE}/logrotate/freeradius %{BUILDROOT}/etc/logrotate.d/ + # remove unsupported config file. + rm -vf %{BUILDROOT}/etc/raddb/experimental.conf + + # Fix permissions. + chown -Rv root.radiusd %{BUILDROOT}/etc/raddb end end
+create_user + getent group radiusd >/dev/null || /usr/sbin/groupadd -r radiusd + getent passwd radiusd >/dev/null || /usr/sbin/useradd -r -g radiusd \ + -d /var/lib/radiusd -s /sbin/nologin radiusd +end + quality-agent whitelist_rpath /usr/lib/freeradius end end
-# Generate certificates after installation -# Command: cd /etc/raddb/certs/ && make Makefile - packages package %{name} - requires = make + configfiles + /etc/raddb/radiusd.conf + end + + prerequires = shadow-utils systemd-units + + script prein + %{create_user} + end + + script postin + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + /bin/systemctl --no-reload disable freeradius.service >/dev/null 2>&1 || : + /bin/systemctl stop freeradius.service >/dev/null 2>&1 || : + end + + script postup + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl try-restart freeradius.service >/dev/null 2>&1 || : + end + end + + package freeradius-utils + summary = FreeRADIUS utilities. + description + Additional utilities to configure and manage FreeRADUIS + Servers. + end + + files + /usr/bin/* + /usr/share/man/man1/radclient.1 + /usr/share/man/man1/radeapclient.1 + /usr/share/man/man1/radlast.1 + /usr/share/man/man1/radtest.1 + /usr/share/man/man1/radwho.1 + /usr/share/man/man1/radzap.1 + /usr/share/man/man1/smbencrypt.1 + /usr/share/man/man5/checkrad.5 + /usr/share/man/man8/radconf2xml.8 + /usr/share/man/man8/radcrypt.8 + /usr/share/man/man8/radsniff.8 + /usr/share/man/man8/radsqlrelay.8 + /usr/share/man/man8/rlm_ippool_tool.8 + end end end diff --git a/freeradius/freeradius.tmpfiles b/freeradius/freeradius.tmpfiles index f06f7f3..613d008 100644 --- a/freeradius/freeradius.tmpfiles +++ b/freeradius/freeradius.tmpfiles @@ -1,2 +1,2 @@ -d /var/run/radiusd 0750 root root - +d /run/radiusd 0750 radiusd radiusd
diff --git a/freeradius/patches/freeradius-2.1.6-cert-config.patch b/freeradius/patches/freeradius-2.1.6-cert-config.patch deleted file mode 100644 index 8390beb..0000000 --- a/freeradius/patches/freeradius-2.1.6-cert-config.patch +++ /dev/null @@ -1,68 +0,0 @@ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/ca.cnf freeradius-server-2.1.8/raddb/certs/ca.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/ca.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/ca.cnf 2010-01-08 12:35:23.000000000 -0500 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -Only in freeradius-server-2.1.8/raddb/certs: ca.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/client.cnf freeradius-server-2.1.8/raddb/certs/client.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/client.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/client.cnf 2010-01-08 12:35:37.000000000 -0500 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -Only in freeradius-server-2.1.8/raddb/certs: client.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/certs/server.cnf freeradius-server-2.1.8/raddb/certs/server.cnf ---- freeradius-server-2.1.8.orig/raddb/certs/server.cnf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/certs/server.cnf 2010-01-08 12:35:05.000000000 -0500 -@@ -14,9 +14,9 @@ - RANDFILE = $dir/.rand - name_opt = ca_default - cert_opt = ca_default --default_days = 365 -+default_days = 60 - default_crl_days = 30 --default_md = md5 -+default_md = sha1 - preserve = no - policy = policy_match - -Only in freeradius-server-2.1.8/raddb/certs: server.cnf~ -diff -r -u freeradius-server-2.1.8.orig/raddb/eap.conf freeradius-server-2.1.8/raddb/eap.conf ---- freeradius-server-2.1.8.orig/raddb/eap.conf 2009-12-30 10:44:35.000000000 -0500 -+++ freeradius-server-2.1.8/raddb/eap.conf 2010-01-08 12:36:04.000000000 -0500 -@@ -251,15 +251,6 @@ - cipher_list = "DEFAULT" - - # -- -- # This configuration entry should be deleted -- # once the server is running in a normal -- # configuration. It is here ONLY to make -- # initial deployments easier. -- # -- make_cert_command = "${certdir}/bootstrap" -- -- # - # Session resumption / fast reauthentication - # cache. - # -Only in freeradius-server-2.1.8/raddb: eap.conf~ diff --git a/freeradius/patches/freeradius-cert-config.patch b/freeradius/patches/freeradius-cert-config.patch new file mode 100644 index 0000000..9967a15 --- /dev/null +++ b/freeradius/patches/freeradius-cert-config.patch @@ -0,0 +1,62 @@ +diff -r -u freeradius-server-2.1.12.orig/raddb/certs/ca.cnf freeradius-server-2.1.12/raddb/certs/ca.cnf +--- freeradius-server-2.1.12.orig/raddb/certs/ca.cnf 2011-09-07 06:59:21.000000000 -0400 ++++ freeradius-server-2.1.12/raddb/certs/ca.cnf 2011-09-07 10:28:28.000000000 -0400 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +diff -r -u freeradius-server-2.1.12.orig/raddb/certs/client.cnf freeradius-server-2.1.12/raddb/certs/client.cnf +--- freeradius-server-2.1.12.orig/raddb/certs/client.cnf 2011-09-07 06:59:21.000000000 -0400 ++++ freeradius-server-2.1.12/raddb/certs/client.cnf 2011-09-07 10:28:28.000000000 -0400 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +diff -r -u freeradius-server-2.1.12.orig/raddb/certs/server.cnf freeradius-server-2.1.12/raddb/certs/server.cnf +--- freeradius-server-2.1.12.orig/raddb/certs/server.cnf 2011-09-07 06:59:21.000000000 -0400 ++++ freeradius-server-2.1.12/raddb/certs/server.cnf 2011-09-07 10:28:28.000000000 -0400 +@@ -14,9 +14,9 @@ + RANDFILE = $dir/.rand + name_opt = ca_default + cert_opt = ca_default +-default_days = 365 ++default_days = 60 + default_crl_days = 30 +-default_md = md5 ++default_md = sha1 + preserve = no + policy = policy_match + +diff -r -u freeradius-server-2.1.12.orig/raddb/eap.conf freeradius-server-2.1.12/raddb/eap.conf +--- freeradius-server-2.1.12.orig/raddb/eap.conf 2011-09-07 06:59:21.000000000 -0400 ++++ freeradius-server-2.1.12/raddb/eap.conf 2011-09-07 10:28:28.000000000 -0400 +@@ -281,7 +281,11 @@ + # for the server to print out an error message, + # and refuse to start. + # +- make_cert_command = "${certdir}/bootstrap" ++ # Redhat RPM's run the bootstrap certificate creation ++ # as part of the RPM install (not upgrade), therefore ++ # the make_cert_command is commented out. ++ # ++ #make_cert_command = "${certdir}/bootstrap" + + # + # Elliptical cryptography configuration +Only in freeradius-server-2.1.12/raddb: eap.conf.orig diff --git a/freeradius/systemd/freeradius.service b/freeradius/systemd/freeradius.service index 0bdae0d..4f86f21 100644 --- a/freeradius/systemd/freeradius.service +++ b/freeradius/systemd/freeradius.service @@ -1,11 +1,13 @@ [Unit] -Description=Freeradius Server +Description=FreeRADIUS Server After=network.target
[Service] -ExecStart=/usr/sbin/radiusd -f -d /etc/radvd/freeradius.conf +ExecStartPre=/etc/raddb/certs/bootstrap +ExecStartPre=/usr/sbin/radiusd -C +ExecStart=/usr/sbin/radiusd -f -d /etc/raddb +ExecReload=/usr/sbin/radiusd -C ExecReload=/bin/kill -HUP $MAINPID -ExecPostStop=/bin/rm -vf /var/run/radiusd/radiusd.sock
[Install] WantedBy=multi-user.target diff --git a/initscripts/functions b/initscripts/functions deleted file mode 100644 index c5451ff..0000000 --- a/initscripts/functions +++ /dev/null @@ -1,284 +0,0 @@ -#!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007, 2008 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# -# Partly based on scripts by DJ Lucas - dj@linuxfromscratch.org -# - -# Distro Information -DISTRO="$(</etc/system-release)" # The distro name -DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address - -# This sets default terminal options. -# stty sane - this has been removed as nobody recalls -# the reason for it in the first place - if no problems arize, -# then it will be removed completely at a later date. - -# Setup default values for the environment -umask 022 - -# If we boot, we should only allow the -# use tools that are available in /bin:/sbin -if [ -n "${UPSTART_JOB}" ]; then - PATH="/bin:/sbin" -fi - -# Find current screen size -if [ -z "${COLUMNS}" ]; then - COLUMNS=$(stty size) - COLUMNS=${COLUMNS##* } -fi - -# When using remote connections, such as a serial port, stty size returns 0 -if [ "${COLUMNS}" = "0" ]; then - COLUMNS=80 -fi - -## Measurements for positioning result messages -COL=$((${COLUMNS} - 8)) -WCOL=$((${COL} - 2)) - -# Set Cursur Position Commands, used via echo -e -SET_COL="\033[${COL}G" # at the $COL char -SET_WCOL="\033[${WCOL}G" # at the $WCOL char -CURS_UP="\033[1A\033[0G" # Up one line, at the 0'th char - -# Normal colors -CLR_NORM_BLK="\033[0;30m" # black -CLR_NORM_RED="\033[0;31m" # red -CLR_NORM_GRN="\033[0;32m" # green -CLR_NORM_YEL="\033[0;33m" # yellow -CLR_NORM_BLU="\033[0;34m" # blue -CLR_NORM_MAG="\033[0;35m" # magenta -CLR_NORM_CYN="\033[0;36m" # cyan -CLR_NORM_WHT="\033[0;37m" # white -CLR_NORM_GRY="\033[0;39m" # grey - -# Emphased colors -CLR_BOLD_BLK="\033[1;30m" # black -CLR_BOLD_RED="\033[1;31m" # red -CLR_BOLD_GRN="\033[1;32m" # green -CLR_BOLD_YEL="\033[1;33m" # yellow -CLR_BOLD_BLU="\033[1;34m" # blue -CLR_BOLD_MAG="\033[1;35m" # magenta -CLR_BOLD_CYN="\033[1;36m" # cyan -CLR_BOLD_WHT="\033[1;37m" # white -CLR_BOLD_GRY="\033[1;39m" # grey - -# Background colors -CLR_BACK_BLK="\033[40m" # black -CLR_BACK_RED="\033[41m" # red -CLR_BACK_GRN="\033[42m" # green -CLR_BACK_YEL="\033[43m" # yellow -CLR_BACK_BLU="\033[44m" # blue -CLR_BACK_MAG="\033[45m" # magenta -CLR_BACK_CYN="\033[46m" # cyan -CLR_BACK_WHT="\033[47m" # white - -# Action colors -BOLD=$CLR_BOLD_GRY -DONE=$CLR_BOLD_GRN -SKIP=$CLR_BOLD_BLU -WARN=$CLR_BOLD_MAG -FAIL=$CLR_BOLD_RED -NORMAL=$CLR_NORM_GRY - -# Color hooks -BRACKET_L="${CLR_BOLD_BLU}[${NORMAL}" -BRACKET_R="${CLR_BOLD_BLU}]${NORMAL}" - -# Define custom colors used in messages printed to the screen -BRACKET=${CLR_BOLD_BLU} # Blue -FAILURE=${CLR_BOLD_RED} # Red -INFO=${CLR_BOLD_CYN} # Cyan -NORMAL=${CLR_NORM_GRY} # Grey -SUCCESS=${CLR_BOLD_GRN} # Green -WARNING=${CLR_BOLD_YEL} # Yellow - -# Prefix boot messages for easier reading on framebuffer consoles -PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} " -PREFIX_WARNING="${WARNING}**${NORMAL} " -PREFIX_FAILURE="${FAILURE}***${NORMAL}" - -welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}" -welcome_message_length=$((${#DISTRO} + 11)) - -# Error message displayed when a script's exit value is not zero -print_error_msg() { - # ${link} and ${error_value} are defined by the rc script - echo -e "${FAILURE}FAILURE: You should not be reading this error message." - echo -e "" - echo -e -n "${FAILURE}It means that an unforseen error took place in" - echo -e -n "${INFO} ${link}" - echo -e "${FAILURE}," - echo -e "${FAILURE}which exited with a return value of ${error_value}." - echo -e "" - echo -e -n "${FAILURE}If you are able to track this error down to a bug" - echo -e "${FAILURE}in one of the files" - echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, " - echo -e -n "${FAILURE}please be so kind to inform us at " - echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}" - echo -e "" - echo -e "${INFO}Press Enter to continue..." - echo -e "${NORMAL}" - read ENTER -} - -################################################################################ -# log_success_msg() # -# Usage: log_success_msg [$MESSAGE | "message"] # -# # -# Purpose: Print a successful status message to the screen and optionally # -# a boot log file. # -# # -# Inputs: accepts one string value, either a quoted string or optionally # -# the value of $MESSAGE if set in the running environment. # -# # -# Return values: Not used # -################################################################################ -log_success_msg() { - echo -n -e "${PREFIX_SUCCESS}${INDENT}${@}" - echo -e "${SET_COL}${BRACKET}[${SUCCESS} OK ${BRACKET}]${NORMAL}" -} - -################################################################################ -# log_failure_msg() # -# Usage: log_failure_msg [$MESSAGE | "message"] # -# # -# Purpose: Print a failure status message to the screen and optionally # -# a boot log file. # -# # -# Inputs: accepts one string value, either a quoted string or optionally # -# the value of $MESSAGE if set in the running environment. # -# # -# Return values: Not used # -################################################################################ -log_failure_msg() { - echo -n -e "${PREFIX_FAILURE}${INDENT}${@}" - echo -e "${SET_COL}${BRACKET}[${FAILURE} FAIL ${BRACKET}]${NORMAL}" -} - -################################################################################ -# log_warning_msg() # -# Usage: log_warning_msg [$MESSAGE | "message"] # -# # -# Purpose: Print a warning status message to the screen and optionally # -# a boot log file. # -# # -# Inputs: accepts one string value, either a quoted string or optionally # -# the value of $MESSAGE if set in the running environment. # -# # -# Return values: Not used # -################################################################################ -log_warning_msg() { - echo -n -e "${PREFIX_WARNING}${INDENT}${@}" - echo -e "${SET_COL}${BRACKET}[${WARNING} WARN ${BRACKET}]${NORMAL}" -} - -############################## evaluate_retval() ############################### -# evaluate_retval requires that you pass exactly one evaluation parameter of # -# (start, stop, other) based on the previous action that is being evaluated. # -# This function is intended for use with start_daemon and killproc to # -# interpret the LSB exit codes properly, othewise the checks only for success # -# or failure. # -################################################################################ -evaluate_retval() { - local error_value="${?}" - - # Handle LSB defined return values - case "${1}" in - start) - case "${error_value}" in - 0) - log_success_msg "Starting ${MESSAGE} " - return "${error_value}" - ;; - 2) - log_failure_msg "Starting ${MESSAGE} Error: Invalid argument!" - return "${error_value}" - ;; - 5) - log_failure_msg "Starting ${MESSAGE} Error: Not available!" - return "${error_value}" - ;; - *) - log_failure_msg "Starting ${MESSAGE} Error: General failure!" - return "${error_value}" - ;; - esac - ;; - - stop) - case "${error_value}" in - 0) - log_success_msg "Stopping ${MESSAGE} " - return "${error_value}" - ;; - 2) - log_failure_msg "Stopping ${MESSAGE} Error: Invalid argument!" - return "${error_value}" - ;; - 5) - log_failure_msg "Stopping ${MESSAGE} Error: Not available!" - return "${error_value}" - ;; - 7) - log_warning_msg "Stopping ${MESSAGE} Warning: Not running!" - return "${error_value}" - ;; - *) - log_failure_msg "Stopping ${MESSAGE} Error: General failure!" - return "${error_value}" - ;; - esac - ;; - - force-reload) - message="Forcefully reloading " - ;; - - reload) - message="Reloading " - ;; - - restart) - message="Restarting " - ;; - - try-restart) - message="Trying restart " - ;; - - standard) - # $message or $MESSAGE must be set, but not both in order - # to use the 'standard' target. - ;; - esac - - # Print messages for the generic force-reload, reload, restart, - # and try-restart targets - if [ "${error_value}" = "0" ]; then - log_success_msg "${message}${MESSAGE} " - return "${error_value}" - else - log_failure_msg "${message}${MESSAGE} " - return "${error_value}" - fi -} diff --git a/initscripts/initscripts.nm b/initscripts/initscripts.nm index dce2238..08850f8 100644 --- a/initscripts/initscripts.nm +++ b/initscripts/initscripts.nm @@ -6,7 +6,7 @@ name = initscripts epoch = 1 version = 2.99 -release = 8 +release = 11
groups = Base System/Boot url = @@ -44,16 +44,8 @@ build install cd src && make install clean DESTDIR=%{BUILDROOT}
- mkdir -pv %{BUILDROOT}/etc/{init,sysconfig} - - cp -vf %{DIR_SOURCE}/functions %{BUILDROOT}/etc/init/ - - for i in %{DIR_SOURCE}/sysconfig/*; do - install -v -m 644 $i %{BUILDROOT}/etc/sysconfig/ - done - chmod -v 755 %{BUILDROOT}/etc/sysconfig/rc.local - - cp -vf %{DIR_SOURCE}/sysctl.conf %{BUILDROOT}/etc + # Install rc.local + install -v -m 755 %{DIR_SOURCE}/rc.local %{BUILDROT}/etc/rc.local
# Install udev rules mkdir -pv %{BUILDROOT}/lib/udev/rules.d/ @@ -77,6 +69,10 @@ packages util-linux end
+ configfiles + /etc/rc.local + end + prerequires = coreutils shadow-utils
script prein @@ -88,6 +84,23 @@ packages chown root:utmp /var/log/{b,w}tmp /var/run/utmp chmod 664 /var/log/wtmp /var/run/utmp chmod 600 /var/log/btmp + + # Just search for new unit files that were just installed. + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + + # Enable rc.local as default. + /bin/systemctl --no-reload enable rc-local.service >/dev/null 2>&1 || : + end + + # Disable the service that is to be removed and stop it if it is still running. + script preun + /bin/systemctl --no-reload disable rc-local.service >/dev/null 2>&1 || : + /bin/systemctl stop rc-local.service >/dev/null 2>&1 || : + end + + # Just tell systemd that unitfiles have been removed. + script postun + /bin/systemctl daemon-reload >/dev/null 2>&1 || : end end end diff --git a/initscripts/rc.local b/initscripts/rc.local new file mode 100644 index 0000000..0bd2d37 --- /dev/null +++ b/initscripts/rc.local @@ -0,0 +1,4 @@ +#!/bin/sh +# +# This script will be executed at the end of the boot process. +# You can put your own initialization stuff in here. diff --git a/initscripts/sysconfig/clock b/initscripts/sysconfig/clock deleted file mode 100644 index 99132e1..0000000 --- a/initscripts/sysconfig/clock +++ /dev/null @@ -1 +0,0 @@ -UTC=no diff --git a/initscripts/sysconfig/createfiles b/initscripts/sysconfig/createfiles deleted file mode 100644 index 8d1f89d..0000000 --- a/initscripts/sysconfig/createfiles +++ /dev/null @@ -1,28 +0,0 @@ -######################################################################## -# Begin /etc/sysconfig/createfiles -# -# Description : Createfiles script config file -# -# Authors : -# -# Version : 00.00 -# -# Notes : The syntax of this file is as follows: -# if type is equal to "file" or "dir" -# <filename> <type> <permissions> <user> <group> -# if type is equal to "dev" -# <filename> <type> <permissions> <user> <group> <devtype> <major> <minor> -# -# <filename> is the name of the file which is to be created -# <type> is either file, dir, or dev. -# file creates a new file -# dir creates a new directory -# dev creates a new device -# <devtype> is either block, char or pipe -# block creates a block device -# char creates a character deivce -# pipe creates a pipe, this will ignore the <major> and <minor> fields -# <major> and <minor> are the major and minor numbers used for the device. -######################################################################## - -# End /etc/sysconfig/createfiles diff --git a/initscripts/sysconfig/modules b/initscripts/sysconfig/modules deleted file mode 100644 index d6fc14c..0000000 --- a/initscripts/sysconfig/modules +++ /dev/null @@ -1,21 +0,0 @@ -######################################################################## -# Begin /etc/sysconfig/modules -# -# Description : Module auto-loading configuration -# -# Authors : -# -# Version : 00.00 -# -# Notes : The syntax of this file is as follows: -# <module> [<arg1> <arg2> ...] -# -# Each module should be on it's own line, and any options that you want -# passed to the module should follow it. The line deliminator is either -# a space or a tab. -######################################################################## - -# For dialin with pppd -ppp_generic - -# End /etc/sysconfig/modules diff --git a/initscripts/sysconfig/network b/initscripts/sysconfig/network deleted file mode 100644 index 45e537e..0000000 --- a/initscripts/sysconfig/network +++ /dev/null @@ -1 +0,0 @@ -HOSTNAME=ipfire.localdomain diff --git a/initscripts/sysconfig/rc b/initscripts/sysconfig/rc deleted file mode 100644 index ffb70d9..0000000 --- a/initscripts/sysconfig/rc +++ /dev/null @@ -1,52 +0,0 @@ -# Begin /etc/sysconfig/rc - -# Author: DJ Lucas - dj@linuxfromscratch.org -# Version: 1.0 LSB V.3.1 - -# Global variable inherited by initscripts are in caps -# Local variables for the rc script are in lowercase - -# Source site specific rc configuration -. /etc/sysconfig/rc.site - -# This sets default terminal options. -# stty sane - this has been removed as nobody recalls -# the reason for it in the first place - if no problems arize, -# then it will be removed completely at a later date. - -# Setup default values for the environment -umask 022 -PATH="/bin:/sbin" - -# Find current screen size -if [ -z "${COLUMNS}" ]; then - COLUMNS=$(stty size) - COLUMNS=${COLUMNS##* } -fi - -# When using remote connections, such as a serial port, stty size returns 0 -if [ "${COLUMNS}" = "0" ]; then - COLUMNS=80 -fi - -## Measurements for positioning result messages -COL=$((${COLUMNS} - 8)) -WCOL=$((${COL} - 2)) - -# Set Cursur Position Commands, used via echo -e -SET_COL="\033[${COL}G" # at the $COL char -SET_WCOL="\033[${WCOL}G" # at the $WCOL char -CURS_UP="\033[1A\033[0G" # Up one line, at the 0'th char - -# Bootlogging and interactive startup require a valid tempfs mount -# if this mount is not present, disable them -if [ "${TEMPFS_MOUNT}" = "" -o ! -d "${TEMPFS_MOUNT}" ]; then - TEMPFS_MOUNT="" - iprompt="" - BOOTLOG_ENAB="" -fi - -# Export the environment variables so they are inherited by the scripts -export PATH SET_COL SET_WCOL CURS_UP TEMPFS_MOUNT BOOTLOG_ENAB RUNLEVEL - -# End /etc/sysconfig/rc diff --git a/initscripts/sysconfig/rc.local b/initscripts/sysconfig/rc.local deleted file mode 100644 index 90347d7..0000000 --- a/initscripts/sysconfig/rc.local +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -############################################################################### -# # -# IPFire.org - A linux based firewall # -# Copyright (C) 2007 Michael Tremer & Christian Schmidt # -# # -# This program is free software: you can redistribute it and/or modify # -# it under the terms of the GNU General Public License as published by # -# the Free Software Foundation, either version 3 of the License, or # -# (at your option) any later version. # -# # -# This program is distributed in the hope that it will be useful, # -# but WITHOUT ANY WARRANTY; without even the implied warranty of # -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # -# GNU General Public License for more details. # -# # -# You should have received a copy of the GNU General Public License # -# along with this program. If not, see http://www.gnu.org/licenses/. # -# # -############################################################################### -# Used for private calls after boot # -############################################################################### - -# power button shutdown -if grep -q '^button' /proc/modules ; then - head -1 /proc/acpi/event | grep -q 'button/power PWRF' && init 0 & -fi diff --git a/initscripts/sysconfig/rc.site b/initscripts/sysconfig/rc.site deleted file mode 100644 index 82b7cc7..0000000 --- a/initscripts/sysconfig/rc.site +++ /dev/null @@ -1,71 +0,0 @@ -# Set base directory information -RC_BASE="/etc" -RC_FUNCTIONS="${RC_BASE}/init.d/ipfire-functions" - -# Location of network device scripts and config files -NETWORK_SCRIPTS="/etc/init.d/networking" -NETWORK_DEVICES="/etc/sysconfig/network-devices" - -# Directory to store boot process accounting information -# Used for boot logging and interactive flag when rootfs -# is not writable -TEMPFS_MOUNT="${RC_BASE}/init.d/boottemp" - -# Bootlogging (requires a tempfs mount) -BOOTLOG_ENAB="yes" - -# Distro Information -DISTRO="$(cat /etc/system-release)" # The distro name -DISTRO_CONTACT="http://bugtracker.ipfire.org" # Bug report address -DISTRO_MINI="ipfire" # Short name used in filenames for distro config - -# Define custom colors used in messages printed to the screen -BRACKET="\033[1;34m" # Blue -FAILURE="\033[1;31m" # Red -INFO="\033[1;36m" # Cyan -NORMAL="\033[0;39m" # Grey -SUCCESS="\033[1;32m" # Green -WARNING="\033[1;33m" # Yellow - -# Prefix boot messages for easier reading on framebuffer consoles -PREFIX_SUCCESS=" ${SUCCESS}*${NORMAL} " -PREFIX_WARNING="${WARNING}**${NORMAL} " -PREFIX_FAILURE="${FAILURE}***${NORMAL}" - -# Export varialbles so that they are inherited by the initscripts -export RC_BASE RC_FUNCTIONS TEMPFS_MOUNT BOOTLOG_ENAB -export NETWORK_DEVICES NETWORK_SCRIPTS -export DISTRO DISTRO_CONTACT DISTRO_MINI -export BRACKET FAILURE INFO NORMAL SUCCESS WARNING -export PREFIX_SUCCESS PREFIX_WARNING PREFIX_FAILURE - -# Interactive startup -iprompt="yes" # Wether to display the interactive boot promp -itime="2" # The ammount of time (in seconds) to display the prompt -dlen="$(( 11 + ${#DISTRO} ))" # The total length of the distro welcome string -ilen="38" # The total length of the interactive message -welcome_message="Welcome to ${INFO}${DISTRO}${NORMAL}" -i_message="Press '${FAILURE}I${NORMAL}' to enter interactive startup" - -# Error message displayed when a script's exit value is not zero -print_error_msg() -{ - # ${link} and ${error_value} are defined by the rc script - echo -e "${FAILURE}FAILURE: You should not be reading this error message." - echo -e "" - echo -e -n "${FAILURE}It means that an unforseen error took place in" - echo -e -n "${INFO} ${link}" - echo -e "${FAILURE}," - echo -e "${FAILURE}which exited with a return value of ${error_value}." - echo -e "" - echo -e -n "${FAILURE}If you are able to track this error down to a bug" - echo -e "${FAILURE}in one of the files" - echo -e -n "provided by ${INFO}${DISTRO}${FAILURE}, " - echo -e -n "${FAILURE}please be so kind to inform us at " - echo -e "${INFO}${DISTRO_CONTACT}${FAILURE}.${NORMAL}" - echo -e "" - echo -e "${INFO}Press Enter to continue..." - echo -e "${NORMAL}" - read ENTER -} - diff --git a/initscripts/sysctl.conf b/initscripts/sysctl.conf deleted file mode 100644 index 25d8c92..0000000 --- a/initscripts/sysctl.conf +++ /dev/null @@ -1,28 +0,0 @@ -net.ipv4.ip_forward = 1 -net.ipv4.ip_dynaddr = 1 -net.ipv4.icmp_echo_ignore_broadcasts = 1 -net.ipv4.icmp_ignore_bogus_error_responses = 1 - -net.ipv4.tcp_sack = 0 -net.ipv4.tcp_timestamps = 0 -net.ipv4.tcp_syncookies = 1 -net.ipv4.tcp_fin_timeout = 30 -net.ipv4.tcp_window_scaling = 0 -net.ipv4.tcp_syn_retries = 3 -net.ipv4.tcp_synack_retries = 3 - -net.ipv4.conf.default.rp_filter = 0 -net.ipv4.conf.default.accept_redirects = 0 -net.ipv4.conf.default.accept_source_route = 0 -net.ipv4.conf.default.log_martians = 1 - -net.ipv4.conf.all.rp_filter = 0 -net.ipv4.conf.all.accept_redirects = 0 -net.ipv4.conf.all.accept_source_route = 0 -net.ipv4.conf.all.log_martians = 1 - -# IPv6 settings -net.ipv6.conf.default.forwarding = 1 -net.ipv6.conf.default.autoconf = 0 - -kernel.printk = 1 4 1 7 diff --git a/initscripts/systemd/rc-local.service b/initscripts/systemd/rc-local.service new file mode 100644 index 0000000..04daed0 --- /dev/null +++ b/initscripts/systemd/rc-local.service @@ -0,0 +1,15 @@ +[Unit] +Description=/etc/rc.local Compatiblity +ConditionFileIsExecuteable=/etc/rc.local +Requires=multi-user.target +After=multi-user.target network.target + +[Service] +Type=forking +ExecStart=/etc/rc.local +TimeoutSec=0 +StandardOutput=tty +RemainAfterExit=yes + +[Install] +WantedBy=multi-user.target diff --git a/lighttpd/lighttpd.nm b/lighttpd/lighttpd.nm index 9d4ce5c..1fb927d 100644 --- a/lighttpd/lighttpd.nm +++ b/lighttpd/lighttpd.nm @@ -5,7 +5,8 @@
name = lighttpd version = 1.4.29 -release = 1 +ver_major = 1.4 +release = 2
maintainer = Michael Tremer michael.tremer@ipfire.org groups = Networking/Webservers @@ -14,15 +15,15 @@ license = BSD summary = Lightning fast webserver with light system requirements.
description - Secure, fast, compliant and very flexible web-server which has been optimized \ - for high-performance environments. It has a very low memory footprint compared \ - to other webservers and takes care of cpu-load. Its advanced feature-set \ - (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make \ - it the perfect webserver-software for every server that is suffering load \ + Secure, fast, compliant and very flexible web-server which has been optimized + for high-performance environments. It has a very low memory footprint compared + to other webservers and takes care of cpu-load. Its advanced feature-set + (FastCGI, CGI, Auth, Output-Compression, URL-Rewriting and many more) make + it the perfect webserver-software for every server that is suffering load problems. end
-source_dl = +source_dl = http://download.lighttpd.net/lighttpd/releases-%%7Bver_major%7D.x/
build requires @@ -32,6 +33,7 @@ build openssl-devel pcre-devel pkg-config + shadow-utils zlib-devel end
@@ -40,19 +42,55 @@ build --with-ldap \ --with-openssl
+ prepare_cmds + %{create_user} + end + install_cmds mkdir -pv %{BUILDROOT}/etc cp -vf %{DIR_SOURCE}/%{name}.conf %{BUILDROOT}/etc/%{name}.conf
mkdir -pv %{BUILDROOT}/var/log/%{name} touch %{BUILDROOT}/var/log/%{name}/{access,error}.log - chown nobody.nobody -R %{BUILDROOT}/var/log/%{name} + chown lighttpd.lighttpd -R %{BUILDROOT}/var/log/%{name} mkdir -pv %{BUILDROOT}/var/cache/lighttpd/compress - chown nobody.nobody -Rv %{BUILDROOT}/var/cache/lighttpd/ + chown lighttpd.lighttpd -Rv %{BUILDROOT}/var/cache/lighttpd/ + + mkdir -pv %{BUILDROOT}/run/lighttpd + chown lighttpd.lighttpd -Rv %{BUILDROOT}/run/lighttpd/ end end
+create_user + getent group lighttpd >/dev/null || /usr/sbin/groupadd -r lighttpd + getent passwd lighttpd >/dev/null || /usr/sbin/useradd -r -g lighttpd \ + -d /var/www/lighttpd -s /sbin/nologin lighttpd +end + packages package %{name} + configfiles + /etc/lighttpd.conf + end + + prerequires = shadow-utils systemd-units + + script prein + %{create_user} + end + + script postin + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + /bin/systemctl --no-reload disable lighttpd.service >/dev/null 2>&1 || : + /bin/systemctl stop lighttpd.service >/dev/null 2>&1 || : + end + + script postup + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl try-restart lighttpd.service >/dev/null 2>&1 || : + end end end diff --git a/lighttpd/lighttpd.tmpfiles b/lighttpd/lighttpd.tmpfiles index b1fdefd..4ba7262 100644 --- a/lighttpd/lighttpd.tmpfiles +++ b/lighttpd/lighttpd.tmpfiles @@ -1 +1 @@ -d /var/run/lighttpd 0750 lighttpd lighttpd - +d /run/lighttpd 0750 lighttpd lighttpd - diff --git a/lldpd/lldpd.nm b/lldpd/lldpd.nm index 271e9ad..3521db8 100644 --- a/lldpd/lldpd.nm +++ b/lldpd/lldpd.nm @@ -4,8 +4,8 @@ ###############################################################################
name = lldpd -version = 0.5.2 -release = 5 +version = 0.5.4 +release = 1
groups = Networking/Tools url = https://trac.luffy.cx/lldpd/ @@ -13,7 +13,7 @@ license = GPL summary = Utilities for the Link Layer Discovery Protocol.
description - The LLDPD project aims to provide a comprehensive implementation of \ + The LLDPD project aims to provide a comprehensive implementation of the IEEE standard 802.1AB Link Layer Discovery Protocol. end
@@ -23,6 +23,7 @@ build requires libxml2-devel pkg-config + shadow-utils zlib-devel end
@@ -30,9 +31,48 @@ build --with-xml \ --with-privsep-user=lldpd \ --with-privsep-group=lldpd + + prepare_cmds + %{create_user} + end + + install_cmds + # Create tmp directory. + mkdir -pv -m 700 %{BUILDROOT}/run/lldpd + chown -v lldpd.lldpd %{BUILDROOT}/run/lldpd + end +end + +create_user + getent group lldpd >/dev/null || groupadd -r lldpd + getent passwd lldpd >/dev/null || \ + useradd -r -g lldpd -d / -s /sbin/nologin lldpd end
packages package %{name} + prerequires = shadow-utils systemd-units + + script prein + %{create_user} + end + + script postin + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script preun + /bin/systemctl --no-reload disable lldpd.service >/dev/null 2>&1 || : + /bin/systemctl stop lldpd.service >/dev/null 2>&1 || : + end + + script postun + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + end + + script postup + /bin/systemctl daemon-reload >/dev/null 2>&1 || : + /bin/systemctl try-restart lldpd.service >/dev/null 2>&1 || : + end end end diff --git a/lldpd/lldpd.tmpfiles b/lldpd/lldpd.tmpfiles index 0e95b5a..5e3af54 100644 --- a/lldpd/lldpd.tmpfiles +++ b/lldpd/lldpd.tmpfiles @@ -1 +1 @@ -d /var/run/lldpd 0700 lldpd lldpd - +d /run/lldpd 0700 lldpd lldpd - diff --git a/lldpd/patches/lldpd-0.52.x-os-release.patch b/lldpd/patches/lldpd-0.52.x-os-release.patch deleted file mode 100644 index 3d45fee..0000000 --- a/lldpd/patches/lldpd-0.52.x-os-release.patch +++ /dev/null @@ -1,92 +0,0 @@ -commit ae87586a12eaf4e8329b88f6e0c629e7b14f27bc -Author: Michael Tremer michael.tremer@ipfire.org -Date: Sat May 28 14:29:33 2011 +0200 - - Add support to read /etc/os-release for system information. - - /etc/os-release is introduced with systemd which will be in all the - major distributions, soon. For backwards-compatibility, the lsb_release - method is still there and will be used if no /etc/os-release is available. - -diff --git a/src/lldpd.c b/src/lldpd.c -index b19af11..1641f13 100644 ---- a/src/lldpd.c -+++ b/src/lldpd.c -@@ -89,6 +89,7 @@ static void lldpd_decode(struct lldpd *, char *, int, - static void lldpd_update_chassis(struct lldpd_chassis *, - const struct lldpd_chassis *); - static char *lldpd_get_lsb_release(void); -+static char *lldpd_get_os_release(void); - #ifdef ENABLE_LLDPMED - static void lldpd_med(struct lldpd_chassis *); - #endif -@@ -553,6 +554,46 @@ lldpd_get_lsb_release() { - return NULL; - } - -+/* Same like lldpd_get_lsb_release but reads /etc/os-release for PRETTY_NAME=. */ -+static char * -+lldpd_get_os_release() { -+ static char release[1024]; -+ -+ FILE *fp = fopen("/etc/os-release", "r"); -+ if (!fp) { -+ LLOG_WARN("Could not open /etc/os-release to read system information"); -+ return NULL; -+ } -+ -+ char line[1024]; -+ char *key, *val; -+ -+ while ((fgets(line, 1024, fp) != NULL)) { -+ key = strtok(line, "="); -+ val = strtok(NULL, "="); -+ -+ if (strncmp(key, "PRETTY_NAME", 1024) == 0) { -+ strncpy(release, val, 1024); -+ break; -+ } -+ } -+ fclose(fp); -+ -+ /* Remove trailing newline and all " in the string. */ -+ char *ptr1 = release; -+ char *ptr2 = release; -+ while (*ptr1 != 0) { -+ if ((*ptr1 == '"') || (*ptr1 == '\n')) { -+ ++ptr1; -+ } else { -+ *ptr2++ = *ptr1++; -+ } -+ } -+ *ptr2 = 0; -+ -+ return release; -+} -+ - int - lldpd_callback_add(struct lldpd *cfg, int fd, void(*fn)(CALLBACK_SIG), void *data) - { -@@ -889,7 +930,7 @@ lldpd_update_localchassis(struct lldpd *cfg) - fatal("failed to set full system description"); - } else { - if (cfg->g_advertise_version) { -- if (asprintf(&LOCAL_CHASSIS(cfg)->c_descr, "%s%s %s %s", -+ if (asprintf(&LOCAL_CHASSIS(cfg)->c_descr, "%s %s %s %s", - cfg->g_lsb_release?cfg->g_lsb_release:"", - un.sysname, un.release, un.machine) - == -1) -@@ -1189,7 +1230,12 @@ lldpd_main(int argc, char *argv[]) - close(pid); - } - -- lsb_release = lldpd_get_lsb_release(); -+ /* Try to read system information from /etc/os-release if possible. -+ Fall back to lsb_release for compatibility. */ -+ lsb_release = lldpd_get_os_release(); -+ if (!lsb_release) { -+ lsb_release = lldpd_get_lsb_release(); -+ } - - priv_init(PRIVSEP_CHROOT); - diff --git a/lldpd/systemd/lldpd.service b/lldpd/systemd/lldpd.service index 49b454b..fed63a5 100644 --- a/lldpd/systemd/lldpd.service +++ b/lldpd/systemd/lldpd.service @@ -5,7 +5,8 @@ After=network.target [Service] RemainAfterExit=yes ExecStartPre=/sbin/modprobe 8021q -ExecStart=/usr/sbin/lldpd -c +ExecStart=/usr/sbin/lldpd -d -c +Restart=on-failure
[Install] WantedBy=multi-user.target diff --git a/openssh/openssh.nm b/openssh/openssh.nm index 2555f7e..59bdc3c 100644 --- a/openssh/openssh.nm +++ b/openssh/openssh.nm @@ -5,7 +5,7 @@
name = openssh version = 5.9p1 -release = 1 +release = 2
groups = Application/Internet url = http://www.openssh.com/portable.html @@ -81,8 +81,8 @@ build end
install_cmds - mkdir -pv %{BUILDROOT}/etc/ssh - cp -vf %{DIR_SOURCE}/sshd_config %{BUILDROOT}/etc/ssh/sshd_config + # Disable GSS API authentication because KRB5 is required for that. + sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
# Install scriptfile for key generation install -m 754 %{DIR_SOURCE}/ssh-keygen %{BUILDROOT}/usr/lib/openssh/ @@ -121,6 +121,10 @@ packages /usr/share/man/cat5/ssh_config.5 /usr/share/man/cat8/ssh-pkcs11-helper.8 end + + configfiles + /etc/ssh/ssh_config + end end package openssh-server @@ -145,6 +149,10 @@ packages /var/lib/sshd end
+ configfiles + /etc/ssh/sshd_config + end + prerequires = shadow-utils systemd-units
script prein diff --git a/openssh/sshd_config b/openssh/sshd_config deleted file mode 100644 index dbf3228..0000000 --- a/openssh/sshd_config +++ /dev/null @@ -1,117 +0,0 @@ -# This is the sshd server system-wide configuration file. See -# sshd_config(5) for more information. - -# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin - -# The strategy used for options in the default sshd_config shipped with -# OpenSSH is to specify options with their default value where -# possible, but leave them commented. Uncommented options change a -# default value. - -Port 22 -#AddressFamily any -#ListenAddress 0.0.0.0 -#ListenAddress :: - -# Disable legacy (protocol version 1) support in the server for new -# installations. In future the default will change to require explicit -# activation of protocol 1 -Protocol 2 - -# HostKey for protocol version 1 -#HostKey /etc/ssh/ssh_host_key -# HostKeys for protocol version 2 -#HostKey /etc/ssh/ssh_host_rsa_key -#HostKey /etc/ssh/ssh_host_dsa_key - -# Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 1h -#ServerKeyBits 1024 - -# Logging -# obsoletes QuietMode and FascistLogging -#SyslogFacility AUTH -#LogLevel INFO - -# Authentication: - -LoginGraceTime 30s -#PermitRootLogin yes -#StrictModes yes -#MaxAuthTries 6 -#MaxSessions 10 - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys - -# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts -#RhostsRSAAuthentication no -# similar for protocol version 2 -#HostbasedAuthentication no -# Change to yes if you don't trust ~/.ssh/known_hosts for -# RhostsRSAAuthentication and HostbasedAuthentication -IgnoreUserKnownHosts yes -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes - -# To disable tunneled clear text passwords, change to no here! -PasswordAuthentication yes -#PermitEmptyPasswords no - -# Change to no to disable s/key passwords -ChallengeResponseAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes -#KerberosGetAFSToken no - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes - -#AllowAgentForwarding yes -AllowTcpForwarding yes -#GatewayPorts no -X11Forwarding no -#X11DisplayOffset 10 -#X11UseLocalhost yes -#PrintMotd yes -#PrintLastLog yes -#TCPKeepAlive yes -#UseLogin no -#UsePrivilegeSeparation yes -#PermitUserEnvironment no -#Compression delayed -#ClientAliveInterval 0 -#ClientAliveCountMax 3 -#UseDNS yes -#PidFile /var/run/sshd.pid -MaxStartups 5 -#PermitTunnel no -#ChrootDirectory none - -# no default banner path -#Banner none - -# override default of no subsystems -Subsystem sftp /usr/lib/openssh/sftp-server - -# Example of overriding settings on a per-user basis -#Match User anoncvs -# X11Forwarding no -# AllowTcpForwarding no -# ForceCommand cvs server diff --git a/pdns-recursor/pdns-recursor.nm b/pdns-recursor/pdns-recursor.nm index 80f2952..bc0b950 100644 --- a/pdns-recursor/pdns-recursor.nm +++ b/pdns-recursor/pdns-recursor.nm @@ -5,7 +5,7 @@
name = pdns-recursor version = 3.3 -release = 5 +release = 6
groups = Networking/DNS url = http://powerdns.com/ @@ -17,7 +17,7 @@ description package if you need a dns cache for your network. end
-source_dl = +source_dl = http://downloads.powerdns.com/releases/ sources = %{thisapp}.tar.bz2
build @@ -25,6 +25,11 @@ build gcc-c++ boost-devel lua-devel + shadow-utils + end + + prepare_cmds + %{create_user} end
build @@ -47,9 +52,20 @@ build
# Create folder for chroot mkdir -pv %{BUILDROOT}/var/lib/pdns-recursor + + # Create directory for socket and stuff. + mkdir -pv %{BUILDROOT}/run/pdns-recursor + chown -v pdns-recursor.pdns-recursor %{BUILDROOT}/run/pdns-recursor end end
+create_user + getent group pdns-recursor >/dev/null || groupadd -r pdns-recursor + getent passwd pdns-recursor >/dev/null || \ + useradd -r -g pdns-recursor -d /var/lib/pdns-recursor -s /sbin/nologin \ + pdns-recursor +end + packages package %{name} configfiles @@ -59,10 +75,7 @@ packages prerequires = shadow-utils systemd-units
script prein - getent group pdns-recursor >/dev/null || groupadd -r pdns-recursor - getent passwd pdns-recursor >/dev/null || \ - useradd -r -g pdns-recursor -d /var/lib/pdns-recursor -s /sbin/nologin \ - pdns-recursor + %{create_user} end
script postin diff --git a/radvd/radvd.nm b/radvd/radvd.nm index 0835bd2..932c991 100644 --- a/radvd/radvd.nm +++ b/radvd/radvd.nm @@ -5,7 +5,7 @@
name = radvd version = 1.8.3 -release = 3 +release = 4
groups = System/Daemons url = http://www.litech.org/radvd/ @@ -28,6 +28,7 @@ build flex flex-devel bison + shadow-utils end
configure_options += \ @@ -35,8 +36,25 @@ build --with-pidfile=/run/radvd/radvd.pid
prepare_cmds + %{create_user} + sed -e "s/-lfl/-lfl_pic/g" -i Makefile.* end + + install_cmds + mkdir -pv -m 750 %{BUILDROOT}/run/radvd + chown -v radvd.radvd %{BUILDROOT}/run/radvd + end +end + +create_user + getent group radvd >/dev/null || groupadd -r radvd + + # The radvd user also needs to be in the wheel group to get access to + # /proc. + getent passwd radvd >/dev/null || \ + useradd -r -g radvd -G wheel -d / -s /sbin/nologin \ + -c "User for the Router Advertisement daemon." radvd end
packages @@ -46,14 +64,7 @@ packages prerequires += shadow-utils
script prein - getent group radvd >/dev/null || groupadd -r radvd - - # The radvd user also needs to be in the wheel group to get access to - # /proc. - getent passwd radvd >/dev/null || \ - useradd -r -g radvd -G wheel -d / -s /sbin/nologin \ - -c "User for the Router Advertisement daemon." radvd - exit 0 + %{create_user} end
# Just search for new unit files that were just installed. diff --git a/radvd/radvd.tmpfiles b/radvd/radvd.tmpfiles index 8bab232..c2a3047 100644 --- a/radvd/radvd.tmpfiles +++ b/radvd/radvd.tmpfiles @@ -1,2 +1,2 @@ -d /var/run/radvd 0750 radvd radvd - +d /run/radvd 0750 radvd radvd -
hooks/post-receive -- IPFire 3.x development tree