From: git@ipfire.org
To: ipfire-scm@lists.ipfire.org
Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. c7762365dc67c671b79e8869b617ad2e316bcce5
Date: Thu, 03 Dec 2015 18:03:02 +0100 [thread overview]
Message-ID: <20151203170303.02A5E21576@argus.ipfire.org> (raw)
[-- Attachment #1: Type: text/plain, Size: 27474 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via c7762365dc67c671b79e8869b617ad2e316bcce5 (commit)
via 228bec09bf8245e03193d8d69a0999c7059ac915 (commit)
via 6146d1904aad28f0bacbb6986205c28bb7020356 (commit)
via 84c5f0d66d5312005a2c7528dbf686dc1968cd10 (commit)
via ee3dec50a36c175f0eb4f258855de27051bb76ac (commit)
via 5258a65deaba155637d44dba97958b90ed942197 (commit)
via c4a451eeadaade76900c0e8f8c6a90502473eada (commit)
from 74e5c32e19b3752e64c83a4762c7dacfee532bb6 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit c7762365dc67c671b79e8869b617ad2e316bcce5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 16:59:48 2015 +0000
openssl: Update to 1.0.2e
OpenSSL Security Advisory [3 Dec 2015]
=======================================
NOTE: WE ANTICIPATE THAT 1.0.0t AND 0.9.8zh WILL BE THE LAST RELEASES FOR THE
0.9.8 AND 1.0.0 VERSIONS AND THAT NO MORE SECURITY FIXES WILL BE PROVIDED (AS
PER PREVIOUS ANNOUNCEMENTS). USERS ARE ADVISED TO UPGRADE TO LATER VERSIONS.
BN_mod_exp may produce incorrect results on x86_64 (CVE-2015-3193)
==================================================================
Severity: Moderate
There is a carry propagating bug in the x86_64 Montgomery squaring procedure. No
EC algorithms are affected. Analysis suggests that attacks against RSA and DSA
as a result of this defect would be very difficult to perform and are not
believed likely. Attacks against DH are considered just feasible (although very
difficult) because most of the work necessary to deduce information
about a private key may be performed offline. The amount of resources
required for such an attack would be very significant and likely only
accessible to a limited number of attackers. An attacker would
additionally need online access to an unpatched system using the target
private key in a scenario with persistent DH parameters and a private
key that is shared between multiple clients. For example this can occur by
default in OpenSSL DHE based SSL/TLS ciphersuites.
This issue affects OpenSSL version 1.0.2.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
This issue was reported to OpenSSL on August 13 2015 by Hanno
Böck. The fix was developed by Andy Polyakov of the OpenSSL
development team.
Certificate verify crash with missing PSS parameter (CVE-2015-3194)
===================================================================
Severity: Moderate
The signature verification routines will crash with a NULL pointer dereference
if presented with an ASN.1 signature using the RSA PSS algorithm and absent
mask generation function parameter. Since these routines are used to verify
certificate signature algorithms this can be used to crash any certificate
verification operation and exploited in a DoS attack. Any application which
performs certificate verification is vulnerable including OpenSSL clients and
servers which enable client authentication.
This issue affects OpenSSL versions 1.0.2 and 1.0.1.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
This issue was reported to OpenSSL on August 27 2015 by Loïc Jonas Etienne
(Qnective AG). The fix was developed by Dr. Stephen Henson of the OpenSSL
development team.
X509_ATTRIBUTE memory leak (CVE-2015-3195)
==========================================
Severity: Moderate
When presented with a malformed X509_ATTRIBUTE structure OpenSSL will leak
memory. This structure is used by the PKCS#7 and CMS routines so any
application which reads PKCS#7 or CMS data from untrusted sources is affected.
SSL/TLS is not affected.
This issue affects OpenSSL versions 1.0.2 and 1.0.1, 1.0.0 and 0.9.8.
OpenSSL 1.0.2 users should upgrade to 1.0.2e
OpenSSL 1.0.1 users should upgrade to 1.0.1q
OpenSSL 1.0.0 users should upgrade to 1.0.0t
OpenSSL 0.9.8 users should upgrade to 0.9.8zh
This issue was reported to OpenSSL on November 9 2015 by Adam Langley
(Google/BoringSSL) using libFuzzer. The fix was developed by Dr. Stephen
Henson of the OpenSSL development team.
Race condition handling PSK identify hint (CVE-2015-3196)
=========================================================
Severity: Low
If PSK identity hints are received by a multi-threaded client then
the values are wrongly updated in the parent SSL_CTX structure. This can
result in a race condition potentially leading to a double free of the
identify hint data.
This issue was fixed in OpenSSL 1.0.2d and 1.0.1p but has not been previously
listed in an OpenSSL security advisory. This issue also affects OpenSSL 1.0.0
and has not been previously fixed in an OpenSSL 1.0.0 release.
OpenSSL 1.0.2 users should upgrade to 1.0.2d
OpenSSL 1.0.1 users should upgrade to 1.0.1p
OpenSSL 1.0.0 users should upgrade to 1.0.0t
The fix for this issue can be identified in the OpenSSL git repository by commit
ids 3c66a669dfc7 (1.0.2), d6be3124f228 (1.0.1) and 1392c238657e (1.0.0).
The fix was developed by Dr. Stephen Henson of the OpenSSL development team.
Note
====
As per our previous announcements and our Release Strategy
(https://www.openssl.org/about/releasestrat.html), support for OpenSSL versions
1.0.0 and 0.9.8 will cease on 31st December 2015. No security updates for these
versions will be provided after that date. In the absence of significant
security issues being identified prior to that date, the 1.0.0t and 0.9.8zh
releases will be the last for those versions. Users of these versions are
advised to upgrade.
References
==========
URL for this Security Advisory:
https://www.openssl.org/news/secadv/20151203.txt
Note: the online version of the advisory may be updated with additional
details over time.
For details of OpenSSL severity classifications please see:
https://www.openssl.org/about/secpolicy.html
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 228bec09bf8245e03193d8d69a0999c7059ac915
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 16:34:59 2015 +0000
ramdisk: Migrate everything during the update
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6146d1904aad28f0bacbb6986205c28bb7020356
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 16:03:29 2015 +0000
ramdisk: Avoid copying data if no ramdisk is used
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 84c5f0d66d5312005a2c7528dbf686dc1968cd10
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 14:57:30 2015 +0000
ramdisk: Move crontab back to disk
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit ee3dec50a36c175f0eb4f258855de27051bb76ac
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 14:41:49 2015 +0000
ramdisk: Make usage of ramdisk configurable
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 5258a65deaba155637d44dba97958b90ed942197
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Dec 3 14:27:33 2015 +0000
initscripts: functions: Fix indentation
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c4a451eeadaade76900c0e8f8c6a90502473eada
Author: Alexander Marx <alexander.marx(a)ipfire.org>
Date: Thu Dec 3 13:14:23 2015 +0000
Remove ramdisks for RRD databases
Ramdisks are very limited in space and as new graphs
are generated for OpenVPN N2N connections, etc. more
space is necessary.
This patch will enable ramdisks for all systems with more
than 490M of memory and allows the user to force using
a ramdisk on systems with less memory.
Signed-off-by: Alexander Marx <alexander.marx(a)ipfire.org>
Acked-by: Arne Fitzenreiter <arne.fitzenreiter(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/armv5tel/initscripts | 12 ++-
config/rootfiles/common/i586/initscripts | 12 ++-
config/rootfiles/common/stage2 | 1 +
config/rootfiles/core/96/filelists/files | 8 ++
.../91 => core/96}/filelists/i586/openssl-sse2 | 0
.../{oldcore/92 => core/96}/filelists/openssl | 0
config/rootfiles/core/96/update.sh | 34 ++++++++
lfs/initscripts | 9 ++-
lfs/openssl | 8 +-
lfs/vnstat | 2 +-
src/initscripts/init.d/cleanfs | 31 +++++++-
src/initscripts/init.d/collectd | 16 ++--
src/initscripts/init.d/fcron | 1 -
src/initscripts/init.d/functions | 82 +++++++++++++++++++
src/initscripts/init.d/tmpfs | 93 ----------------------
src/initscripts/init.d/vnstat | 30 +++++++
16 files changed, 223 insertions(+), 116 deletions(-)
copy config/rootfiles/{oldcore/91 => core/96}/filelists/i586/openssl-sse2 (100%)
copy config/rootfiles/{oldcore/92 => core/96}/filelists/openssl (100%)
delete mode 100644 src/initscripts/init.d/tmpfs
create mode 100755 src/initscripts/init.d/vnstat
Difference in files:
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index a174c5b..e37a905 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -125,12 +125,13 @@ etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
-etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tmpfs
#etc/rc.d/init.d/tor
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/upnpd
#etc/rc.d/init.d/vdr
+etc/rc.d/init.d/vnstat
#etc/rc.d/init.d/vdradmin
#etc/rc.d/init.d/vsftpd
#etc/rc.d/init.d/watchdog
@@ -149,13 +150,14 @@ etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
+etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K78snort
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
#etc/rc.d/rc0.d/K84bluetooth
#etc/rc.d/rc0.d/K85messagebus
-etc/rc.d/rc0.d/K85tmpfs
+#etc/rc.d/rc0.d/K85tmpfs
etc/rc.d/rc0.d/K90sysklogd
etc/rc.d/rc0.d/S60sendsignals
etc/rc.d/rc0.d/S70localnet
@@ -163,7 +165,8 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S01tmpfs
+#etc/rc.d/rc3.d/S01tmpfs
+etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
#etc/rc.d/rc3.d/S15messagebus
#etc/rc.d/rc3.d/S16bluetooth
@@ -197,13 +200,14 @@ etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
+etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K78snort
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
#etc/rc.d/rc6.d/K84bluetooth
#etc/rc.d/rc6.d/K85messagebus
-etc/rc.d/rc6.d/K85tmpfs
+#etc/rc.d/rc6.d/K85tmpfs
etc/rc.d/rc6.d/K90sysklogd
etc/rc.d/rc6.d/S60sendsignals
etc/rc.d/rc6.d/S70mountfs
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index 84c432a..d5c8f1d 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -126,13 +126,14 @@ etc/rc.d/init.d/sysctl
etc/rc.d/init.d/sysklogd
etc/rc.d/init.d/template
#etc/rc.d/init.d/tftpd
-etc/rc.d/init.d/tmpfs
+#etc/rc.d/init.d/tmpfs
#etc/rc.d/init.d/tor
#etc/rc.d/init.d/transmission
etc/rc.d/init.d/udev
etc/rc.d/init.d/udev_retry
etc/rc.d/init.d/upnpd
#etc/rc.d/init.d/vdr
+etc/rc.d/init.d/vnstat
#etc/rc.d/init.d/vdradmin
#etc/rc.d/init.d/vsftpd
#etc/rc.d/init.d/watchdog
@@ -151,13 +152,14 @@ etc/rc.d/rc0.d/K30sshd
etc/rc.d/rc0.d/K45random
etc/rc.d/rc0.d/K47setclock
etc/rc.d/rc0.d/K49cyrus-sasl
+etc/rc.d/rc0.d/K51vnstat
etc/rc.d/rc0.d/K78snort
etc/rc.d/rc0.d/K79leds
etc/rc.d/rc0.d/K80network
etc/rc.d/rc0.d/K82wlanclient
#etc/rc.d/rc0.d/K84bluetooth
#etc/rc.d/rc0.d/K85messagebus
-etc/rc.d/rc0.d/K85tmpfs
+#etc/rc.d/rc0.d/K85tmpfs
etc/rc.d/rc0.d/K87acpid
etc/rc.d/rc0.d/K90sysklogd
etc/rc.d/rc0.d/S60sendsignals
@@ -166,7 +168,8 @@ etc/rc.d/rc0.d/S80mountfs
etc/rc.d/rc0.d/S90swap
etc/rc.d/rc0.d/S99halt
#etc/rc.d/rc3.d
-etc/rc.d/rc3.d/S01tmpfs
+#etc/rc.d/rc3.d/S01tmpfs
+etc/rc.d/rc3.d/S01vnstat
etc/rc.d/rc3.d/S10sysklogd
etc/rc.d/rc3.d/S12acpid
#etc/rc.d/rc3.d/S15messagebus
@@ -201,13 +204,14 @@ etc/rc.d/rc6.d/K30sshd
etc/rc.d/rc6.d/K45random
etc/rc.d/rc6.d/K47setclock
etc/rc.d/rc6.d/K49cyrus-sasl
+etc/rc.d/rc6.d/K51vnstat
etc/rc.d/rc6.d/K78snort
etc/rc.d/rc6.d/K79leds
etc/rc.d/rc6.d/K80network
etc/rc.d/rc6.d/K82wlanclient
#etc/rc.d/rc6.d/K84bluetooth
#etc/rc.d/rc6.d/K85messagebus
-etc/rc.d/rc6.d/K85tmpfs
+#etc/rc.d/rc6.d/K85tmpfs
etc/rc.d/rc6.d/K87acpid
etc/rc.d/rc6.d/K90sysklogd
etc/rc.d/rc6.d/S60sendsignals
diff --git a/config/rootfiles/common/stage2 b/config/rootfiles/common/stage2
index 4021caf..5b763fd 100644
--- a/config/rootfiles/common/stage2
+++ b/config/rootfiles/common/stage2
@@ -40,6 +40,7 @@ etc/profile.d/term256.sh
etc/profile.d/umask.sh
etc/resolv.conf
etc/securetty
+etc/sysconfig/ramdisk
etc/sysctl.conf
etc/syslog.conf
etc/system-release
diff --git a/config/rootfiles/core/96/filelists/files b/config/rootfiles/core/96/filelists/files
index 9e64edc..63bfa53 100644
--- a/config/rootfiles/core/96/filelists/files
+++ b/config/rootfiles/core/96/filelists/files
@@ -1,6 +1,14 @@
etc/system-release
etc/issue
etc/rc.d/init.d/snort
+etc/vnstat.conf
+etc/rc.d/init.d/cleanfs
+etc/rc.d/init.d/collectd
+etc/rc.d/init.d/functions
+etc/rc.d/init.d/vnstat
+etc/rc.d/rc0.d/K51vnstat
+etc/rc.d/rc3.d/S01vnstat
+etc/rc.d/rc6.d/K51vnstat
opt/pakfire/lib/functions.pl
usr/sbin/convert-portfw
var/ipfire/general-functions.pl
diff --git a/config/rootfiles/core/96/filelists/i586/openssl-sse2 b/config/rootfiles/core/96/filelists/i586/openssl-sse2
new file mode 120000
index 0000000..f424713
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/i586/openssl-sse2
@@ -0,0 +1 @@
+../../../../common/i586/openssl-sse2
\ No newline at end of file
diff --git a/config/rootfiles/core/96/filelists/openssl b/config/rootfiles/core/96/filelists/openssl
new file mode 120000
index 0000000..e011a92
--- /dev/null
+++ b/config/rootfiles/core/96/filelists/openssl
@@ -0,0 +1 @@
+../../../common/openssl
\ No newline at end of file
diff --git a/config/rootfiles/core/96/update.sh b/config/rootfiles/core/96/update.sh
index 7faf4b8..b415337 100644
--- a/config/rootfiles/core/96/update.sh
+++ b/config/rootfiles/core/96/update.sh
@@ -32,6 +32,25 @@ do
done
# Stop services
+/etc/init.d/fcron stop
+/etc/init.d/collectd stop
+qosctrl stop
+
+# Backup RRDs
+if [ -d "/var/log/rrd.bak" ]; then
+ # Umount ramdisk
+ umount -l "/var/log/rrd"
+ rm -f "/var/log/rrd"
+
+ mv "/var/log/rrd.bak/vnstat" "/var/log/vnstat"
+ mv "/var/log/rrd.bak" "/var/log/rrd"
+fi
+
+# Remove old scripts
+rm -f /etc/rc.d/init.d/tmpfs \
+ /etc/rc.d/rc0.d/K85tmpfs \
+ /etc/rc.d/rc3.d/S01tmpfs \
+ /etc/rc.d/rc6.d/K85tmpfs
# Extract files
extract_files
@@ -39,8 +58,23 @@ extract_files
# Update Language cache
# /usr/local/bin/update-lang-cache
+# Keep (almost) old ramdisk behaviour
+if [ ! -e "/etc/sysconfig/ramdisk" ]; then
+ echo "RAMDISK_MODE=2" > /etc/sysconfig/ramdisk
+fi
+
+if [ -L "/var/spool/cron" ]; then
+ rm -f /var/spool/cron
+ mv /var/log/rrd/cron /var/spool/cron
+ chown cron:cron /var/spool/cron
+fi
+
# Start services
+/etc/init.d/collectd start
+/etc/init.d/vnstat start
+/etc/init.d/fcron start
/etc/init.d/dnsmasq restart
+qosctrl start
# This update need a reboot...
#touch /var/run/need_reboot
diff --git a/lfs/initscripts b/lfs/initscripts
index 141fd66..538ea4d 100755
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -61,6 +61,9 @@ $(TARGET) :
-rm -rf /etc/init.d
ln -svf rc.d/init.d /etc/init.d
+ # Create default ramdisk configuration
+ echo "RAMDISK_MODE=0" > /etc/sysconfig/ramdisk
+
for i in $(DIR_SRC)/src/initscripts/init.d/*; do \
install -v -m 754 $$i /etc/rc.d/init.d/; \
done
@@ -128,9 +131,6 @@ $(TARGET) :
ln -sf ../init.d/random /etc/rc.d/rc3.d/S25random
ln -sf ../init.d/random /etc/rc.d/rc6.d/K45random
ln -sf ../../sysconfig/rc.local /etc/rc.d/rc3.d/S98rc.local
- ln -sf ../init.d/tmpfs /etc/rc.d/rc0.d/K85tmpfs
- ln -sf ../init.d/tmpfs /etc/rc.d/rc3.d/S01tmpfs
- ln -sf ../init.d/tmpfs /etc/rc.d/rc6.d/K85tmpfs
ln -sf ../init.d/mediatomb /etc/rc.d/rc3.d/S98mediatomb
ln -sf ../init.d/mediatomb /etc/rc.d/rc0.d/K02mediatomb
ln -sf ../init.d/mediatomb /etc/rc.d/rc6.d/K02mediatomb
@@ -178,6 +178,9 @@ $(TARGET) :
ln -sf ../init.d/firewall /etc/rc.d/rcsysinit.d/S85firewall
ln -sf ../init.d/network-trigger /etc/rc.d/rcsysinit.d/S90network-trigger
ln -sf ../init.d/rngd /etc/rc.d/rcsysinit.d/S92rngd
+ ln -sf ../init.d/vnstat /etc/rc.d/rc3.d/S01vnstat
+ ln -sf ../init.d/vnstat /etc/rc.d/rc0.d/K51vnstat
+ ln -sf ../init.d/vnstat /etc/rc.d/rc6.d/K51vnstat
ln -sf ../init.d/wlanclient /etc/rc.d/rc0.d/K82wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc3.d/S19wlanclient
ln -sf ../init.d/wlanclient /etc/rc.d/rc6.d/K82wlanclient
diff --git a/lfs/openssl b/lfs/openssl
index 153a6b9..1dc24ac 100644
--- a/lfs/openssl
+++ b/lfs/openssl
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.2d
+VER = 1.0.2e
THISAPP = openssl-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -86,7 +86,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 38dd619b2e77cbac69b99f52a053d25a
+$(DL_FILE)_MD5 = 2218c1a6f807f7206c11eb3ee3a5ec80
install : $(TARGET)
@@ -127,6 +127,10 @@ ifeq "$(MACHINE)" "i586"
cd $(DIR_APP) && patch -Np1 < $(DIR_SRC)/src/patches/openssl-1.0.2a_disable_ssse3_for_amd.patch
endif
+ # With openssl 1.0.2e, pod2mantest is missing
+ echo -e "#!/bin/bash\necho \$$(which pod2man)" > $(DIR_APP)/util/pod2mantest
+ chmod a+x $(DIR_APP)/util/pod2mantest
+
# Apply our CFLAGS
cd $(DIR_APP) && sed -i Configure \
-e "s/-O3 -fomit-frame-pointer/$(CFLAGS)/g"
diff --git a/lfs/vnstat b/lfs/vnstat
index b8c8b27..1c1333b 100644
--- a/lfs/vnstat
+++ b/lfs/vnstat
@@ -76,6 +76,6 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make all $(MAKETUNING) LOCAL_CONFIGURE_OPTIONS="--enable-readline=yes"
cd $(DIR_APP) && make install
sed -i 's|eth0|green0|g' /etc/vnstat.conf
- sed -i 's|/var/lib/vnstat|/var/log/rrd/vnstat|g' /etc/vnstat.conf
+ sed -i 's|/var/lib/vnstat|/var/log/vnstat|g' /etc/vnstat.conf
@rm -rf $(DIR_APP)
@$(POSTBUILD)
diff --git a/src/initscripts/init.d/cleanfs b/src/initscripts/init.d/cleanfs
index e8c8c8b..2d5778d 100644
--- a/src/initscripts/init.d/cleanfs
+++ b/src/initscripts/init.d/cleanfs
@@ -77,7 +77,36 @@ case "${1}" in
rm -rf /var/run
ln -s ../run /var/run
fi
-
+ #
+ # create some folders
+ #
+ if [ ! -e /var/lock/subsys ]; then
+ mkdir -p /var/lock/subsys
+ fi
+ if [ ! -e /var/lock/time ]; then
+ mkdir -p /var/lock/time
+ chown nobody.root /var/lock/time
+ fi
+ if [ ! -e /var/run/clamav ]; then
+ mkdir -p /var/run/clamav
+ chown clamav:clamav /var/run/clamav
+ fi
+ if [ ! -e /var/run/cups ]; then
+ mkdir -p /var/run/cups
+ fi
+ if [ ! -e /var/run/dbus ]; then
+ mkdir -p /var/run/dbus
+ fi
+ if [ ! -e /var/run/mysql ]; then
+ mkdir -p /var/run/mysql
+ chown mysql:mysql /var/run/mysql
+ fi
+ if [ ! -e /var/run/saslauthd ]; then
+ mkdir -p /var/run/saslauthd
+ fi
+ if [ ! -e /var/log/vnstat ]; then
+ mkdir -p /var/log/vnstat
+ fi
boot_mesg -n "Cleaning file systems:" ${INFO}
boot_mesg -n " /tmp" ${NORMAL}
diff --git a/src/initscripts/init.d/collectd b/src/initscripts/init.d/collectd
index 96bd126..e5c3595 100644
--- a/src/initscripts/init.d/collectd
+++ b/src/initscripts/init.d/collectd
@@ -1,7 +1,6 @@
#!/bin/sh
# Begin $rc_base/init.d/collecd
-
. /etc/sysconfig/rc
. $rc_functions
@@ -13,6 +12,12 @@ fi
case "$1" in
start)
+ if use_ramdisk; then
+ boot_mesg "Mounting RRD ramdisk..."
+ mount_ramdisk "${RRDLOG}"
+ evaluate_retval
+ fi
+
# If run from init and collectd alrady started then exit silent
if [ "$(basename $0)" != "collectd" ]; then
if [ "$(ps -A | grep " collectd$")" != "" ]; then
@@ -106,12 +111,9 @@ case "$1" in
boot_mesg "Stopping Collection daemon..."
killproc /usr/sbin/collectd
evaluate_retval
- # Save the ramdisk at manual stop but not at shutdown
- if [ "$(basename $0)" == "collectd" ]; then
- /etc/init.d/tmpfs backup
- fi
- # sync after backup...
- sync
+
+ # Umount the ramdisk (if any)
+ umount_ramdisk "${RRDLOG}"
;;
restart)
${0} stop
diff --git a/src/initscripts/init.d/fcron b/src/initscripts/init.d/fcron
index 0260d4a..00a70bd 100644
--- a/src/initscripts/init.d/fcron
+++ b/src/initscripts/init.d/fcron
@@ -13,7 +13,6 @@
case "$1" in
start)
boot_mesg "Starting fcron..."
- chown cron:cron /var/spool/cron
loadproc /usr/sbin/fcron -y
# remove -y to reenable fcron logging
;;
diff --git a/src/initscripts/init.d/functions b/src/initscripts/init.d/functions
index e2e058d..fc4d8a4 100644
--- a/src/initscripts/init.d/functions
+++ b/src/initscripts/init.d/functions
@@ -702,4 +702,86 @@ run_subdir() {
done
}
+mem_amount() {
+ local pagesize="$(getconf PAGESIZE)"
+ local pages="$(getconf _PHYS_PAGES)"
+
+ echo "$(( ${pagesize} * ${pages} / 1024 / 1024 ))"
+}
+
+use_ramdisk() {
+ eval $(/usr/local/bin/readhash /etc/sysconfig/ramdisk)
+
+ case "${RAMDISK_MODE}" in
+ # Don't use ramdisk
+ 0)
+ return 1
+ ;;
+
+ # Always use ramdisk
+ 1)
+ return 0
+ ;;
+
+ # Automatic mode - use ramdisk if sufficient
+ # memory is available
+ 2)
+ local mem_avail="$(mem_amount)"
+
+ if [ ${mem_avail} -ge 490 ]; then
+ return 0
+ else
+ return 1
+ fi
+ ;;
+
+ # Fail for everything else
+ *)
+ return 2
+ ;;
+ esac
+}
+
+mount_ramdisk() {
+ local path="${1}"
+ local path_tmpfs="${path}.tmpfs"
+
+ # Check if the ramdisk is already mounted
+ if mountpoint "${path}" &>/dev/null; then
+ return 0
+ fi
+
+ # Create ramdisk
+ mkdir -p "${path_tmpfs}"
+ mount -t tmpfs none "${path_tmpfs}"
+
+ # Restore ramdisk content
+ cp -pR "${path}/*" "${path_tmpfs}"
+
+ # Move ramdisk to final destination
+ mount --move "${path_tmpfs}" "${path}"
+ rm -f "${path_tmpfs}"
+}
+
+umount_ramdisk() {
+ local path="${1}"
+ local path_tmpfs="${path}.tmpfs"
+
+ # Check if a ramdisk is actually mounted
+ if ! mountpoint "${path}" &>/dev/null; then
+ return 0
+ fi
+
+ # Move the ramdisk
+ mkdir -p "${path_tmpfs}"
+ mount --move "${path}" "${path_tmpfs}"
+
+ # Backup ramdisk content
+ cp -pR "${path_tmpfs}/*" "${path}"
+
+ # Destroy the ramdisk
+ umount "${path_tmpfs}"
+ rm -f "${path_tmpfs}"
+}
+
# End $rc_base/init.d/functions
diff --git a/src/initscripts/init.d/tmpfs b/src/initscripts/init.d/tmpfs
deleted file mode 100644
index 2ee2ffb..0000000
--- a/src/initscripts/init.d/tmpfs
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/bin/sh
-# Begin $rc_base/init.d/tmpfs
-
-. /etc/sysconfig/rc
-. $rc_functions
-
-eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
-
-if [ "$RRDLOG" = '' ]; then
- RRDLOG=/var/log/rrd
-fi
-
-case "$1" in
- start)
- $0 restore
- if [ ! -e $RRDLOG.bak/vnstat ]; then
- mkdir -p $RRDLOG.bak/vnstat
- fi
- if [ ! -e $RRDLOG/vnstat ]; then
- mkdir -p $RRDLOG/vnstat
- fi
- #
- # create some folders
- #
- if [ ! -e /var/lock/subsys ]; then
- mkdir -p /var/lock/subsys
- fi
- if [ ! -e /var/lock/time ]; then
- mkdir -p /var/lock/time
- chown nobody.root /var/lock/time
- fi
- if [ ! -e /var/run/clamav ]; then
- mkdir -p /var/run/clamav
- chown clamav:clamav /var/run/clamav
- fi
- if [ ! -e /var/run/cups ]; then
- mkdir -p /var/run/cups
- fi
- if [ ! -e /var/run/dbus ]; then
- mkdir -p /var/run/dbus
- fi
- if [ ! -e /var/run/mysql ]; then
- mkdir -p /var/run/mysql
- chown mysql:mysql /var/run/mysql
- fi
- if [ ! -e /var/run/saslauthd ]; then
- mkdir -p /var/run/saslauthd
- fi
-
- #
- # Move /var/spool/cron to ramdisk and make a symlink
- #
- if [ ! -L /var/spool/cron ]; then
- cp -pR /var/spool/cron /var/log/rrd.bak/cron
- mv /var/spool/cron /var/log/rrd/cron
- ln -s /var/log/rrd/cron /var/spool/cron
- fi
-
- echo_ok
- ;;
- stop)
- $0 backup
- ;;
-
- backup)
- boot_mesg "Save ramdisk..."
- cp -pR $RRDLOG/* $RRDLOG.bak/
- evaluate_retval
- ;;
- restore)
- if ! mountpoint $RRDLOG &>/dev/null; then
- mount -t tmpfs -o size=64M none "$RRDLOG"
- fi
-
- if [ -e $RRDLOG.bak/cron/new.root ]; then
- if [ -e $RRDLOG.bak/cron/root ]; then
- rm -f $RRDLOG.bak/cron/new.root
- fi
- fi
- if [ -e $RRDLOG.bak ];then
- boot_mesg "Restore ramdisk..."
- cp -pR $RRDLOG.bak/* $RRDLOG/
- fi
- ;;
-
-
- *)
- echo "Usage: $0 {start|stop|backup}"
- exit 1
- ;;
-esac
-
-# End $rc_base/init.d/tmpfs
diff --git a/src/initscripts/init.d/vnstat b/src/initscripts/init.d/vnstat
new file mode 100755
index 0000000..05c35ee
--- /dev/null
+++ b/src/initscripts/init.d/vnstat
@@ -0,0 +1,30 @@
+#!/bin/sh
+# Begin $rc_base/init.d/vnstat
+
+. /etc/sysconfig/rc
+. $rc_functions
+
+eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
+
+if [ "$VNSTATLOG" = '' ]; then
+ VNSTATLOG=/var/log/vnstat
+fi
+
+case "$1" in
+ start)
+ if use_ramdisk; then
+ boot_mesg "Mounting vnstat ramdisk..."
+ mount_ramdisk "${VNSTATLOG}"
+ evaluate_retval
+ fi
+ ;;
+ stop)
+ umount_ramdisk "${VNSTATLOG}"
+ ;;
+ *)
+ echo "Usage: $0 {start|stop}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/vnstat
hooks/post-receive
--
IPFire 2.x development tree
reply other threads:[~2015-12-03 17:03 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151203170303.02A5E21576@argus.ipfire.org \
--to=git@ipfire.org \
--cc=ipfire-scm@lists.ipfire.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox