[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 83f1971428fa456462ee24ad6f0baab12f1ae8d7

[git@ipfire.org]

[-- Attachment #1: Type: text/plain, Size: 7434 bytes --]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".

The branch, next has been updated
       via  83f1971428fa456462ee24ad6f0baab12f1ae8d7 (commit)
       via  a19f33961c979b8c0b342971950337f7ed486c0d (commit)
       via  5114bcb3cdee18bdb30b71e9e0df2b559b561273 (commit)
      from  4d4760225bb7f2de1df9b38bfa56599c3f935499 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 83f1971428fa456462ee24ad6f0baab12f1ae8d7
Merge: 4d47602 a19f339
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sun Jan 27 15:58:14 2013 +0100

    Merge remote-tracking branch 'ms/axel-fixperms' into next

commit a19f33961c979b8c0b342971950337f7ed486c0d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 26 19:07:17 2013 +0100

    update accelerator: Don't change owner of ALL files in cache.
    
    When a file has been downloaded, all files in the update accelerator
    cache directory have been chowned which causes huge IO load.
    It is only required to set permissions that members of the group
    can delete the files (purge function on the web user interface).
    
    Changing the owner is completely unnecessary as only the squid
    user needs write access and the web server is able to deliver
    any file in the update cache anyways.

commit 5114bcb3cdee18bdb30b71e9e0df2b559b561273
Merge: 5292c03 68e2d32
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date:   Sat Jan 26 18:54:44 2013 +0100

    Merge remote-tracking branch 'stevee/axel-log-fix' into axel-fixperms

-----------------------------------------------------------------------

Summary of changes:
 config/etc/group                   |  2 +-
 config/rootfiles/common/misc-progs |  1 -
 config/rootfiles/core/66/update.sh |  7 +++++++
 config/updxlrator/download         | 17 ++++++++++++-----
 src/misc-progs/Makefile            | 11 ++---------
 5 files changed, 22 insertions(+), 16 deletions(-)

Difference in files:
diff --git a/config/etc/group b/config/etc/group
index 3b155fa..46e4b80 100644
--- a/config/etc/group
+++ b/config/etc/group
@@ -14,7 +14,7 @@ dialout:x:16:
 floppy:x:19:
 tape:x:20:
 utmp:x:22:
-squid:x:23:
+squid:x:23:nobody
 ntp:x:38:
 dip:x:40:
 mysql:x:41:
diff --git a/config/rootfiles/common/misc-progs b/config/rootfiles/common/misc-progs
index 2d6b2e2..d2cf710 100644
--- a/config/rootfiles/common/misc-progs
+++ b/config/rootfiles/common/misc-progs
@@ -33,7 +33,6 @@ usr/local/bin/syslogdctrl
 usr/local/bin/timectrl
 #usr/local/bin/tripwirectrl
 usr/local/bin/updxlratorctrl
-usr/local/bin/updxsetperms
 usr/local/bin/upnpctrl
 usr/local/bin/urlfilterctrl
 usr/local/bin/wirelessctrl
diff --git a/config/rootfiles/core/66/update.sh b/config/rootfiles/core/66/update.sh
index ac4e3ac..d764c43 100644
--- a/config/rootfiles/core/66/update.sh
+++ b/config/rootfiles/core/66/update.sh
@@ -111,6 +111,7 @@ add_to_backup usr/share/terminfo
 add_to_backup etc/sysconfig/lm_sensors
 add_to_backup etc/sysconfig/rc.local
 add_to_backup usr/local/bin/vpn-watch
+add_to_backup usr/local/bin/updxsetperms
 add_to_backup usr/libexec/ipsec
 
 # Backup the files
@@ -126,6 +127,9 @@ if [ $ROOTSPACE -lt 70000 ]; then
 	exit 2
 fi
 
+# Add user nobody to group squid.
+usermod -a -G squid nobody
+
 echo
 echo Update Kernel to $KVER ...
 #
@@ -184,6 +188,9 @@ rm -rf /lib/libncurses*
 rm -f /usr/libexec/ipsec/{pluto,_pluto_adns,whack}
 rm -f /usr/local/bin/vpn-watch
 
+# Remove update accelerator permissions script.
+rm -f /usr/local/bin/updxsetperms
+
 #
 #Extract files
 tar xavf /opt/pakfire/tmp/files* --no-overwrite-dir -p --numeric-owner -C /
diff --git a/config/updxlrator/download b/config/updxlrator/download
index 8b219bc..1624609 100644
--- a/config/updxlrator/download
+++ b/config/updxlrator/download
@@ -49,7 +49,7 @@ $vendorid =~ tr/A-Z/a-z/;
 unless (-d "$repository/download/$vendorid")
 {
 	system("mkdir -p $repository/download/$vendorid");
-	#system("chmod 775 $repository/download/$vendorid");
+	chmod 0775, "$repository/download/$vendorid";
 }
 
 if($restartdl == 0)
@@ -159,13 +159,13 @@ if ($_ == 0)
 	unless (-d "$repository/$vendorid")
 	{
 		system("mkdir -p $repository/$vendorid");
-		#system("chmod 775 $repository/$vendorid");
+		chmod 0775, "$repository/$vendorid";
 	}
 
 	unless (-d "$repository/$vendorid/$uuid")
 	{
 		system("mkdir -p $repository/$vendorid/$uuid");
-		#system("chmod 775 $repository/$vendorid/$uuid");
+		chmod 0775, "$repository/$vendorid/$uuid";
 	}
 
 	&writelog("Moving file to the cache directory: $vendorid/$uuid");
@@ -180,8 +180,15 @@ if ($_ == 0)
 	&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/checkup.log",time);
 	&UPDXLT::setcachestatus("$repository/$vendorid/$uuid/access.log",time);
 
-	system("/usr/local/bin/updxsetperms");
-	#system("chmod 775 $repository/$vendorid/$uuid/*");
+	# Update permissions of all files in the download directory.
+	my @files = (
+		"$repository/$vendorid/$uuid/source.url",
+		"$repository/$vendorid/$uuid/status",
+		"$repository/$vendorid/$uuid/checkup.log",
+		"$repository/$vendorid/$uuid/access.log",
+		"$repository/$vendorid/$uuid/$updatefile"
+	);
+	chmod 0664, @files;
 
 	unlink ("$repository/download/$vendorid/$updatefile.info");
 
diff --git a/src/misc-progs/Makefile b/src/misc-progs/Makefile
index 33d1d66..cc33266 100644
--- a/src/misc-progs/Makefile
+++ b/src/misc-progs/Makefile
@@ -34,17 +34,15 @@ SUID_PROGS = setdmzholes setportfw setxtaccess \
 	smartctrl clamavctrl addonctrl pakfire mpfirectrl wlanapctrl \
 	setaliases urlfilterctrl updxlratorctrl fireinfoctrl rebuildroutes \
 	getconntracktable
-SUID_UPDX = updxsetperms
 
 install : all
 	install -m 755  $(PROGS) /usr/local/bin
 	install -m 4750 -g nobody $(SUID_PROGS) /usr/local/bin
-	install -m 4750 -g squid $(SUID_UPDX) /usr/local/bin
 
-all : $(PROGS) $(SUID_PROGS) $(SUID_UPDX)
+all : $(PROGS) $(SUID_PROGS)
 
 clean : 
-	-rm -f $(PROGS) $(SUID_PROGS) $(SUID_UPDX) *.o core
+	-rm -f $(PROGS) $(SUID_PROGS) *.o core
 
 ######
 
@@ -58,8 +56,6 @@ $(SUID_PROGS): setuid.o
 
 $(PROGS): setuid.o
 
-$(SUID_UPDX): setuid.o
-
 logwatch: logwatch.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ logwatch.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
@@ -153,9 +149,6 @@ wlanapctrl: wlanapctrl.c setuid.o ../install+setup/libsmooth/varval.o
 setaliases: setaliases.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ setaliases.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 
-updxsetperms: updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o
-	$(COMPILE) -I../install+setup/libsmooth/ updxsetperms.c setuid.o ../install+setup/libsmooth/varval.o -o $@
-
 fireinfoctrl: fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o
 	$(COMPILE) -I../install+setup/libsmooth/ fireinfoctrl.c setuid.o ../install+setup/libsmooth/varval.o -o $@
 


hooks/post-receive
--
IPFire 2.x development tree