This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".

The branch, next has been updated via c7762365dc67c671b79e8869b617ad2e316bcce5 (commit) via 228bec09bf8245e03193d8d69a0999c7059ac915 (commit) via 6146d1904aad28f0bacbb6986205c28bb7020356 (commit) via 84c5f0d66d5312005a2c7528dbf686dc1968cd10 (commit) via ee3dec50a36c175f0eb4f258855de27051bb76ac (commit) via 5258a65deaba155637d44dba97958b90ed942197 (commit) via c4a451eeadaade76900c0e8f8c6a90502473eada (commit) from 74e5c32e19b3752e64c83a4762c7dacfee532bb6 (commit)

Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.

- Log ----------------------------------------------------------------- commit c7762365dc67c671b79e8869b617ad2e316bcce5 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 16:59:48 2015 +0000

openssl: Update to 1.0.2e

OpenSSL Security Advisory [3 Dec 2015] =======================================

NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE 0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.

BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193) ==================================================================

Severity: Moderate

There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. For example this can occur by default in OpenSSL DHE based SSL/TLS ciphersuites.

This issue affects OpenSSL version 1.0.2.

OpenSSL 1.0.2 users should upgrade to 1.0.2e

This issue was reported to OpenSSL on August 13 2015 by Hanno Böck. The fix was developed by Andy Polyakov of the OpenSSL development team.

Certificate verify crash with missing PSS parameter (CVE-2015-3194) ===================================================================

Severity: Moderate

The signature verification routines will crash with a NULL pointer dereference if presented with an ASN.1 signature using the RSA PSS algorithm and absent mask generation function parameter. Since these routines are used to verify certificate signature algorithms this can be used to crash any certificate verification operation and exploited in a DoS attack. Any application which performs certificate verification is vulnerable including OpenSSL clients and servers which enable client authentication.

This issue affects OpenSSL versions 1.0.2 and 1.0.1.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q

This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne (Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

X509_ATTRIBUTE memory leak (CVE-2015-3195) ==========================================

Severity: Moderate

When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak memory. This structure is used by the PKCS#7 and CMS routines so any application which reads PKCS#7 or CMS data from untrusted sources is affected. SSL/TLS is not affected.

This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.

OpenSSL 1.0.2 users should upgrade to 1.0.2e OpenSSL 1.0.1 users should upgrade to 1.0.1q OpenSSL 1.0.0 users should upgrade to 1.0.0t OpenSSL 0.9.8 users should upgrade to 0.9.8zh

This issue was reported to OpenSSL on November 9 2015 by Adam Langley (Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Race condition handling PSK identify hint (CVE-2015-3196) =========================================================

Severity: Low

If PSK identity hints are received by a multi-threaded client then the values are wrongly updated in the parent SSL_CTX structure. This can result in a race condition potentially leading to a double free of the identify hint data.

This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0 and has not been previously fixed in an OpenSSL 1.0.0 release.

OpenSSL 1.0.2 users should upgrade to 1.0.2d OpenSSL 1.0.1 users should upgrade to 1.0.1p OpenSSL 1.0.0 users should upgrade to 1.0.0t

The fix for this issue can be identified in the OpenSSL git repository by commit ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).

The fix was developed by Dr. Stephen Henson of the OpenSSL development team.

Note ====

As per our previous announcements and our Release Strategy (https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions 1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these versions will be provided after that date. In the absence of significant security issues being identified prior to that date, the 1.0.0t and 0.9.8zh releases will be the last for those versions. Users of these versions are advised to upgrade.

References ==========

URL for this Security Advisory: https://www.openssl.org/news/secadv/20151203.txt

Note: the online version of the advisory may be updated with additional details over time.

For details of OpenSSL severity classifications please see: https://www.openssl.org/about/secpolicy.html

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 228bec09bf8245e03193d8d69a0999c7059ac915 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 16:34:59 2015 +0000

ramdisk: Migrate everything during the update

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 6146d1904aad28f0bacbb6986205c28bb7020356 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 16:03:29 2015 +0000

ramdisk: Avoid copying data if no ramdisk is used

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 84c5f0d66d5312005a2c7528dbf686dc1968cd10 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 14:57:30 2015 +0000

ramdisk: Move crontab back to disk

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit ee3dec50a36c175f0eb4f258855de27051bb76ac Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 14:41:49 2015 +0000

ramdisk: Make usage of ramdisk configurable

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit 5258a65deaba155637d44dba97958b90ed942197 Author: Michael Tremer michael.tremer@ipfire.org Date: Thu Dec 3 14:27:33 2015 +0000

initscripts: functions: Fix indentation

Signed-off-by: Michael Tremer michael.tremer@ipfire.org

commit c4a451eeadaade76900c0e8f8c6a90502473eada Author: Alexander Marx alexander.marx@ipfire.org Date: Thu Dec 3 13:14:23 2015 +0000

Remove ramdisks for RRD databases

Ramdisks are very limited in space and as new graphs are generated for OpenVPN N2N connections, etc. more space is necessary.

This patch will enable ramdisks for all systems with more than 490M of memory and allows the user to force using a ramdisk on systems with less memory.

Signed-off-by: Alexander Marx alexander.marx@ipfire.org Acked-by: Arne Fitzenreiter arne.fitzenreiter@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org

-----------------------------------------------------------------------

Summary of changes: config/rootfiles/common/armv5tel/initscripts | 12 ++- config/rootfiles/common/i586/initscripts | 12 ++- config/rootfiles/common/stage2 | 1 + config/rootfiles/core/96/filelists/files | 8 ++ .../91 => core/96}/filelists/i586/openssl-sse2 | 0 .../{oldcore/92 => core/96}/filelists/openssl | 0 config/rootfiles/core/96/update.sh | 34 ++++++++ lfs/initscripts | 9 ++- lfs/openssl | 8 +- lfs/vnstat | 2 +- src/initscripts/init.d/cleanfs | 31 +++++++- src/initscripts/init.d/collectd | 16 ++-- src/initscripts/init.d/fcron | 1 - src/initscripts/init.d/functions | 82 +++++++++++++++++++ src/initscripts/init.d/tmpfs | 93 ---------------------- src/initscripts/init.d/vnstat | 30 +++++++ 16 files changed, 223 insertions(+), 116 deletions(-) copy config/rootfiles/{oldcore/91 => core/96}/filelists/i586/openssl-sse2 (100%) copy config/rootfiles/{oldcore/92 => core/96}/filelists/openssl (100%) delete mode 100644 src/initscripts/init.d/tmpfs create mode 100755 src/initscripts/init.d/vnstat

Difference in files: diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts index a174c5b..e37a905 100644 --- a/config/rootfiles/common/armv5tel/initscripts +++ b/config/rootfiles/common/armv5tel/initscripts @@ -125,12 +125,13 @@ etc/rc.d/init.d/sysctl etc/rc.d/init.d/sysklogd etc/rc.d/init.d/template #etc/rc.d/init.d/tftpd -etc/rc.d/init.d/tmpfs +#etc/rc.d/init.d/tmpfs #etc/rc.d/init.d/tor etc/rc.d/init.d/udev etc/rc.d/init.d/udev_retry etc/rc.d/init.d/upnpd #etc/rc.d/init.d/vdr +etc/rc.d/init.d/vnstat #etc/rc.d/init.d/vdradmin #etc/rc.d/init.d/vsftpd #etc/rc.d/init.d/watchdog @@ -149,13 +150,14 @@ etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl +etc/rc.d/rc0.d/K51vnstat etc/rc.d/rc0.d/K78snort etc/rc.d/rc0.d/K79leds etc/rc.d/rc0.d/K80network etc/rc.d/rc0.d/K82wlanclient #etc/rc.d/rc0.d/K84bluetooth #etc/rc.d/rc0.d/K85messagebus -etc/rc.d/rc0.d/K85tmpfs +#etc/rc.d/rc0.d/K85tmpfs etc/rc.d/rc0.d/K90sysklogd etc/rc.d/rc0.d/S60sendsignals etc/rc.d/rc0.d/S70localnet @@ -163,7 +165,8 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S01tmpfs +#etc/rc.d/rc3.d/S01tmpfs +etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd #etc/rc.d/rc3.d/S15messagebus #etc/rc.d/rc3.d/S16bluetooth @@ -197,13 +200,14 @@ etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl +etc/rc.d/rc6.d/K51vnstat etc/rc.d/rc6.d/K78snort etc/rc.d/rc6.d/K79leds etc/rc.d/rc6.d/K80network etc/rc.d/rc6.d/K82wlanclient #etc/rc.d/rc6.d/K84bluetooth #etc/rc.d/rc6.d/K85messagebus -etc/rc.d/rc6.d/K85tmpfs +#etc/rc.d/rc6.d/K85tmpfs etc/rc.d/rc6.d/K90sysklogd etc/rc.d/rc6.d/S60sendsignals etc/rc.d/rc6.d/S70mountfs diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts index 84c432a..d5c8f1d 100644 --- a/config/rootfiles/common/i586/initscripts +++ b/config/rootfiles/common/i586/initscripts @@ -126,13 +126,14 @@ etc/rc.d/init.d/sysctl etc/rc.d/init.d/sysklogd etc/rc.d/init.d/template #etc/rc.d/init.d/tftpd -etc/rc.d/init.d/tmpfs +#etc/rc.d/init.d/tmpfs #etc/rc.d/init.d/tor #etc/rc.d/init.d/transmission etc/rc.d/init.d/udev etc/rc.d/init.d/udev_retry etc/rc.d/init.d/upnpd #etc/rc.d/init.d/vdr +etc/rc.d/init.d/vnstat #etc/rc.d/init.d/vdradmin #etc/rc.d/init.d/vsftpd #etc/rc.d/init.d/watchdog @@ -151,13 +152,14 @@ etc/rc.d/rc0.d/K30sshd etc/rc.d/rc0.d/K45random etc/rc.d/rc0.d/K47setclock etc/rc.d/rc0.d/K49cyrus-sasl +etc/rc.d/rc0.d/K51vnstat etc/rc.d/rc0.d/K78snort etc/rc.d/rc0.d/K79leds etc/rc.d/rc0.d/K80network etc/rc.d/rc0.d/K82wlanclient #etc/rc.d/rc0.d/K84bluetooth #etc/rc.d/rc0.d/K85messagebus -etc/rc.d/rc0.d/K85tmpfs +#etc/rc.d/rc0.d/K85tmpfs etc/rc.d/rc0.d/K87acpid etc/rc.d/rc0.d/K90sysklogd etc/rc.d/rc0.d/S60sendsignals @@ -166,7 +168,8 @@ etc/rc.d/rc0.d/S80mountfs etc/rc.d/rc0.d/S90swap etc/rc.d/rc0.d/S99halt #etc/rc.d/rc3.d -etc/rc.d/rc3.d/S01tmpfs +#etc/rc.d/rc3.d/S01tmpfs +etc/rc.d/rc3.d/S01vnstat etc/rc.d/rc3.d/S10sysklogd etc/rc.d/rc3.d/S12acpid #etc/rc.d/rc3.d/S15messagebus @@ -201,13 +204,14 @@ etc/rc.d/rc6.d/K30sshd etc/rc.d/rc6.d/K45random etc/rc.d/rc6.d/K47setclock etc/rc.d/rc6.d/K49cyrus-sasl +etc/rc.d/rc6.d/K51vnstat etc/rc.d/rc6.d/K78snort etc/rc.d/rc6.d/K79leds etc/rc.d/rc6.d/K80network etc/rc.d/rc6.d/K82wlanclient #etc/rc.d/rc6.d/K84bluetooth #etc/rc.d/rc6.d/K85messagebus -etc/rc.d/rc6.d/K85tmpfs +#etc/rc.d/rc6.d/K85tmpfs etc/rc.d/rc6.d/K87acpid etc/rc.d/rc6.d/K90sysklogd etc/rc.d/rc6.d/S60sendsignals diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2 index 4021caf..5b763fd 100644 --- a/config/rootfiles/common/stage2 +++ b/config/rootfiles/common/stage2 @@ -40,6 +40,7 @@ etc/profile.d/term256.sh etc/profile.d/umask.sh etc/resolv.conf etc/securetty +etc/sysconfig/ramdisk etc/sysctl.conf etc/syslog.conf etc/system-release diff --git a/config/rootfiles/core/96/filelists/files b/config/rootfiles/core/96/filelists/files index 9e64edc..63bfa53 100644 --- a/config/rootfiles/core/96/filelists/files +++ b/config/rootfiles/core/96/filelists/files @@ -1,6 +1,14 @@ etc/system-release etc/issue etc/rc.d/init.d/snort +etc/vnstat.conf +etc/rc.d/init.d/cleanfs +etc/rc.d/init.d/collectd +etc/rc.d/init.d/functions +etc/rc.d/init.d/vnstat +etc/rc.d/rc0.d/K51vnstat +etc/rc.d/rc3.d/S01vnstat +etc/rc.d/rc6.d/K51vnstat opt/pakfire/lib/functions.pl usr/sbin/convert-portfw var/ipfire/general-functions.pl diff --git a/config/rootfiles/core/96/filelists/i586/openssl-sse2 b/config/rootfiles/core/96/filelists/i586/openssl-sse2 new file mode 120000 index 0000000..f424713 --- /dev/null +++ b/config/rootfiles/core/96/filelists/i586/openssl-sse2 @@ -0,0 +1 @@ +../../../../common/i586/openssl-sse2 \ No newline at end of file diff --git a/config/rootfiles/core/96/filelists/openssl b/config/rootfiles/core/96/filelists/openssl new file mode 120000 index 0000000..e011a92 --- /dev/null +++ b/config/rootfiles/core/96/filelists/openssl @@ -0,0 +1 @@ +../../../common/openssl \ No newline at end of file diff --git a/config/rootfiles/core/96/update.sh b/config/rootfiles/core/96/update.sh index 7faf4b8..b415337 100644 --- a/config/rootfiles/core/96/update.sh +++ b/config/rootfiles/core/96/update.sh @@ -32,6 +32,25 @@ do done

# Stop services +/etc/init.d/fcron stop +/etc/init.d/collectd stop +qosctrl stop + +# Backup RRDs +if [ -d "/var/log/rrd.bak" ]; then + # Umount ramdisk + umount -l "/var/log/rrd" + rm -f "/var/log/rrd" + + mv "/var/log/rrd.bak/vnstat" "/var/log/vnstat" + mv "/var/log/rrd.bak" "/var/log/rrd" +fi + +# Remove old scripts +rm -f /etc/rc.d/init.d/tmpfs \ + /etc/rc.d/rc0.d/K85tmpfs \ + /etc/rc.d/rc3.d/S01tmpfs \ + /etc/rc.d/rc6.d/K85tmpfs

# Extract files extract_files @@ -39,8 +58,23 @@ extract_files # Update Language cache # /usr/local/bin/update-lang-cache

+# Keep (almost) old ramdisk behaviour +if [ ! -e "/etc/sysconfig/ramdisk" ]; then + echo "RAMDISK_MODE=2" > /etc/sysconfig/ramdisk +fi + +if [ -L "/var/spool/cron" ]; then + rm -f /var/spool/cron + mv /var/log/rrd/cron /var/spool/cron + chown cron:cron /var/spool/cron +fi + # Start services +/etc/init.d/collectd start +/etc/init.d/vnstat start +/etc/init.d/fcron start /etc/init.d/dnsmasq restart +qosctrl start

# This update need a reboot... #touch /var/run/need_reboot diff --git a/lfs/initscripts b/lfs/initscripts index 141fd66..538ea4d 100755 --- a/lfs/initscripts +++ b/lfs/initscripts @@ -61,6 +61,9 @@ $(TARGET) : -rm -rf /etc/init.d ln -svf rc.d/init.d /etc/init.d

+ # Create default ramdisk configuration + echo "RAMDISK_MODE=0" > /etc/sysconfig/ramdisk + for i in $(DIR_SRC)/src/initscripts/init.d/*; do \ install -v -m 754 $$i /etc/rc.d/init.d/; \ done @@ -128,9 +131,6 @@ $(TARGET) : ln -sf ../init.d/random /etc/rc.d/rc3.d/S25random ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local - ln -sf ../init.d/tmpfs /etc/rc.d/rc0.d/K85tmpfs - ln -sf ../init.d/tmpfs /etc/rc.d/rc3.d/S01tmpfs - ln -sf ../init.d/tmpfs /etc/rc.d/rc6.d/K85tmpfs ln -sf ../init.d/mediatomb /etc/rc.d/rc3.d/S98mediatomb ln -sf ../init.d/mediatomb /etc/rc.d/rc0.d/K02mediatomb ln -sf ../init.d/mediatomb /etc/rc.d/rc6.d/K02mediatomb @@ -178,6 +178,9 @@ $(TARGET) : ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall ln -sf ../init.d/network-trigger /etc/rc.d/rcsysinit.d/S90network-trigger ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S92rngd + ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat + ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat + ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat ln -sf ../init.d/wlanclient /etc/rc.d/rc0.d/K82wlanclient ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient diff --git a/lfs/openssl b/lfs/openssl index 153a6b9..1dc24ac 100644 --- a/lfs/openssl +++ b/lfs/openssl @@ -24,7 +24,7 @@

include Config

-VER = 1.0.2d +VER = 1.0.2e

THISAPP = openssl-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -86,7 +86,7 @@ objects = $(DL_FILE)

$(DL_FILE) = $(DL_FROM)/$(DL_FILE)

-$(DL_FILE)_MD5 = 38dd619b2e77cbac69b99f52a053d25a +$(DL_FILE)_MD5 = 2218c1a6f807f7206c11eb3ee3a5ec80

install : $(TARGET)

@@ -127,6 +127,10 @@ ifeq "$(MACHINE)" "i586" cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch endif

+ # With openssl 1.0.2e, pod2mantest is missing + echo -e "#!/bin/bash\necho $$(which pod2man)" > $(DIR_APP)/util/pod2mantest + chmod a+x $(DIR_APP)/util/pod2mantest + # Apply our CFLAGS cd $(DIR_APP) && sed -i Configure \ -e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g" diff --git a/lfs/vnstat b/lfs/vnstat index b8c8b27..1c1333b 100644 --- a/lfs/vnstat +++ b/lfs/vnstat @@ -76,6 +76,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) cd $(DIR_APP) && make all $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes" cd $(DIR_APP) && make install sed -i 's|eth0|green0|g' /etc/vnstat.conf - sed -i 's|/var/lib/vnstat|/var/log/rrd/vnstat|g' /etc/vnstat.conf + sed -i 's|/var/lib/vnstat|/var/log/vnstat|g' /etc/vnstat.conf @rm -rf $(DIR_APP) @$(POSTBUILD) diff --git a/src/initscripts/init.d/cleanfs b/src/initscripts/init.d/cleanfs index e8c8c8b..2d5778d 100644 --- a/src/initscripts/init.d/cleanfs +++ b/src/initscripts/init.d/cleanfs @@ -77,7 +77,36 @@ case "${1}" in rm -rf /var/run ln -s ../run /var/run fi - + # + # create some folders + # + if [ ! -e /var/lock/subsys ]; then + mkdir -p /var/lock/subsys + fi + if [ ! -e /var/lock/time ]; then + mkdir -p /var/lock/time + chown nobody.root /var/lock/time + fi + if [ ! -e /var/run/clamav ]; then + mkdir -p /var/run/clamav + chown clamav:clamav /var/run/clamav + fi + if [ ! -e /var/run/cups ]; then + mkdir -p /var/run/cups + fi + if [ ! -e /var/run/dbus ]; then + mkdir -p /var/run/dbus + fi + if [ ! -e /var/run/mysql ]; then + mkdir -p /var/run/mysql + chown mysql:mysql /var/run/mysql + fi + if [ ! -e /var/run/saslauthd ]; then + mkdir -p /var/run/saslauthd + fi + if [ ! -e /var/log/vnstat ]; then + mkdir -p /var/log/vnstat + fi boot_mesg -n "Cleaning file systems:" ${INFO}

boot_mesg -n " /tmp" ${NORMAL} diff --git a/src/initscripts/init.d/collectd b/src/initscripts/init.d/collectd index 96bd126..e5c3595 100644 --- a/src/initscripts/init.d/collectd +++ b/src/initscripts/init.d/collectd @@ -1,7 +1,6 @@ #!/bin/sh # Begin $rc_base/init.d/collecd

- . /etc/sysconfig/rc . $rc_functions

@@ -13,6 +12,12 @@ fi

case "$1" in start) + if use_ramdisk; then + boot_mesg "Mounting RRD ramdisk..." + mount_ramdisk "${RRDLOG}" + evaluate_retval + fi + # If run from init and collectd alrady started then exit silent if [ "$(basename $0)" != "collectd" ]; then if [ "$(ps -A | grep " collectd$")" != "" ]; then @@ -106,12 +111,9 @@ case "$1" in boot_mesg "Stopping Collection daemon..." killproc /usr/sbin/collectd evaluate_retval - # Save the ramdisk at manual stop but not at shutdown - if [ "$(basename $0)" == "collectd" ]; then - /etc/init.d/tmpfs backup - fi - # sync after backup... - sync + + # Umount the ramdisk (if any) + umount_ramdisk "${RRDLOG}" ;; restart) ${0} stop diff --git a/src/initscripts/init.d/fcron b/src/initscripts/init.d/fcron index 0260d4a..00a70bd 100644 --- a/src/initscripts/init.d/fcron +++ b/src/initscripts/init.d/fcron @@ -13,7 +13,6 @@ case "$1" in start) boot_mesg "Starting fcron..." - chown cron:cron /var/spool/cron loadproc /usr/sbin/fcron -y # remove -y to reenable fcron logging ;; diff --git a/src/initscripts/init.d/functions b/src/initscripts/init.d/functions index e2e058d..fc4d8a4 100644 --- a/src/initscripts/init.d/functions +++ b/src/initscripts/init.d/functions @@ -702,4 +702,86 @@ run_subdir() { done }

+mem_amount() { + local pagesize="$(getconf PAGESIZE)" + local pages="$(getconf _PHYS_PAGES)" + + echo "$(( ${pagesize} * ${pages} / 1024 / 1024 ))" +} + +use_ramdisk() { + eval $(/usr/local/bin/readhash /etc/sysconfig/ramdisk) + + case "${RAMDISK_MODE}" in + # Don't use ramdisk + 0) + return 1 + ;; + + # Always use ramdisk + 1) + return 0 + ;; + + # Automatic mode - use ramdisk if sufficient + # memory is available + 2) + local mem_avail="$(mem_amount)" + + if [ ${mem_avail} -ge 490 ]; then + return 0 + else + return 1 + fi + ;; + + # Fail for everything else + *) + return 2 + ;; + esac +} + +mount_ramdisk() { + local path="${1}" + local path_tmpfs="${path}.tmpfs" + + # Check if the ramdisk is already mounted + if mountpoint "${path}" &>/dev/null; then + return 0 + fi + + # Create ramdisk + mkdir -p "${path_tmpfs}" + mount -t tmpfs none "${path_tmpfs}" + + # Restore ramdisk content + cp -pR "${path}/*" "${path_tmpfs}" + + # Move ramdisk to final destination + mount --move "${path_tmpfs}" "${path}" + rm -f "${path_tmpfs}" +} + +umount_ramdisk() { + local path="${1}" + local path_tmpfs="${path}.tmpfs" + + # Check if a ramdisk is actually mounted + if ! mountpoint "${path}" &>/dev/null; then + return 0 + fi + + # Move the ramdisk + mkdir -p "${path_tmpfs}" + mount --move "${path}" "${path_tmpfs}" + + # Backup ramdisk content + cp -pR "${path_tmpfs}/*" "${path}" + + # Destroy the ramdisk + umount "${path_tmpfs}" + rm -f "${path_tmpfs}" +} + # End $rc_base/init.d/functions diff --git a/src/initscripts/init.d/tmpfs b/src/initscripts/init.d/tmpfs deleted file mode 100644 index 2ee2ffb..0000000 --- a/src/initscripts/init.d/tmpfs +++ /dev/null @@ -1,93 +0,0 @@ -#!/bin/sh -# Begin $rc_base/init.d/tmpfs - -. /etc/sysconfig/rc -. $rc_functions - -eval $(/usr/local/bin/readhash /var/ipfire/main/settings) - -if [ "$RRDLOG" = '' ]; then - RRDLOG=/var/log/rrd -fi - -case "$1" in - start) - $0 restore - if [ ! -e $RRDLOG.bak/vnstat ]; then - mkdir -p $RRDLOG.bak/vnstat - fi - if [ ! -e $RRDLOG/vnstat ]; then - mkdir -p $RRDLOG/vnstat - fi - # - # create some folders - # - if [ ! -e /var/lock/subsys ]; then - mkdir -p /var/lock/subsys - fi - if [ ! -e /var/lock/time ]; then - mkdir -p /var/lock/time - chown nobody.root /var/lock/time - fi - if [ ! -e /var/run/clamav ]; then - mkdir -p /var/run/clamav - chown clamav:clamav /var/run/clamav - fi - if [ ! -e /var/run/cups ]; then - mkdir -p /var/run/cups - fi - if [ ! -e /var/run/dbus ]; then - mkdir -p /var/run/dbus - fi - if [ ! -e /var/run/mysql ]; then - mkdir -p /var/run/mysql - chown mysql:mysql /var/run/mysql - fi - if [ ! -e /var/run/saslauthd ]; then - mkdir -p /var/run/saslauthd - fi - - # - # Move /var/spool/cron to ramdisk and make a symlink - # - if [ ! -L /var/spool/cron ]; then - cp -pR /var/spool/cron /var/log/rrd.bak/cron - mv /var/spool/cron /var/log/rrd/cron - ln -s /var/log/rrd/cron /var/spool/cron - fi - - echo_ok - ;; - stop) - $0 backup - ;; - - backup) - boot_mesg "Save ramdisk..." - cp -pR $RRDLOG/* $RRDLOG.bak/ - evaluate_retval - ;; - restore) - if ! mountpoint $RRDLOG &>/dev/null; then - mount -t tmpfs -o size=64M none "$RRDLOG" - fi - - if [ -e $RRDLOG.bak/cron/new.root ]; then - if [ -e $RRDLOG.bak/cron/root ]; then - rm -f $RRDLOG.bak/cron/new.root - fi - fi - if [ -e $RRDLOG.bak ];then - boot_mesg "Restore ramdisk..." - cp -pR $RRDLOG.bak/* $RRDLOG/ - fi - ;; - - - *) - echo "Usage: $0 {start|stop|backup}" - exit 1 - ;; -esac - -# End $rc_base/init.d/tmpfs diff --git a/src/initscripts/init.d/vnstat b/src/initscripts/init.d/vnstat new file mode 100755 index 0000000..05c35ee --- /dev/null +++ b/src/initscripts/init.d/vnstat @@ -0,0 +1,30 @@ +#!/bin/sh +# Begin $rc_base/init.d/vnstat + +. /etc/sysconfig/rc +. $rc_functions + +eval $(/usr/local/bin/readhash /var/ipfire/main/settings) + +if [ "$VNSTATLOG" = '' ]; then + VNSTATLOG=/var/log/vnstat +fi + +case "$1" in + start) + if use_ramdisk; then + boot_mesg "Mounting vnstat ramdisk..." + mount_ramdisk "${VNSTATLOG}" + evaluate_retval + fi + ;; + stop) + umount_ramdisk "${VNSTATLOG}" + ;; + *) + echo "Usage: $0 {start|stop}" + exit 1 + ;; +esac + +# End $rc_base/init.d/vnstat

hooks/post-receive -- IPFire 2.x development tree