From mboxrd@z Thu Jan 1 00:00:00 1970 From: git@ipfire.org To: ipfire-scm@lists.ipfire.org Subject: [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a Date: Tue, 10 Jul 2018 18:40:58 +0100 Message-ID: <20180710174059.817031081BD8@git01.ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============4632513637704935897==" List-Id: --===============4632513637704935897== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a (commit) via b38c334a25047dc89f6448a2debe15fc930e7fd0 (commit) via 1413006b5b3bbb80ff017c2a966454e530c0e9aa (commit) from 9aefd1ed07eee7d83e5b274d4a83240811f9e091 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a Author: Erik Kapfer Date: Fri Jul 6 05:57:59 2018 +0200 OpenVPN: Deleted mtu-disc completely since it has been dropped. =20 Signed-off-by: Erik Kapfer Signed-off-by: Michael Tremer commit b38c334a25047dc89f6448a2debe15fc930e7fd0 Author: Matthias Fischer Date: Mon Jul 9 20:53:45 2018 +0200 clamav: Update to 0.100.1 =20 For details see: https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html =20 Signed-off-by: Matthias Fischer Signed-off-by: Michael Tremer commit 1413006b5b3bbb80ff017c2a966454e530c0e9aa Author: Michael Tremer Date: Tue Jul 10 18:32:20 2018 +0100 aws: Create "setup" user to run setup =20 Amazon does not permit that a user logs in as root directly. Instead they insist on using sudo. =20 Signed-off-by: Michael Tremer ----------------------------------------------------------------------- Summary of changes: config/rootfiles/common/setup | 2 ++ html/cgi-bin/ovpnmain.cgi | 17 ++--------------- lfs/clamav | 6 +++--- src/initscripts/helper/aws-setup | 32 ++++++++++++++++++++------------ src/setup/Makefile.am | 8 ++++++++ src/setup/run-setup | 4 ++++ src/setup/sudo/setup | 2 ++ 7 files changed, 41 insertions(+), 30 deletions(-) create mode 100644 src/setup/run-setup create mode 100644 src/setup/sudo/setup Difference in files: diff --git a/config/rootfiles/common/setup b/config/rootfiles/common/setup index c5bd361a5..5da99c1cf 100644 --- a/config/rootfiles/common/setup +++ b/config/rootfiles/common/setup @@ -1,4 +1,6 @@ +etc/sudoers.d/setup usr/bin/probenic.sh +usr/bin/run-setup usr/sbin/setup usr/share/locale/ar/LC_MESSAGES/setup.mo usr/share/locale/ca/LC_MESSAGES/setup.mo diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi index f06e7cf03..976300fc7 100644 --- a/html/cgi-bin/ovpnmain.cgi +++ b/html/cgi-bin/ovpnmain.cgi @@ -271,7 +271,7 @@ sub writeserverconf { print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n"; #print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{= 'GREEN_NETMASK'}\"\n"; =20 - # Check if we are using mssfix, fragment or mtu-disc and set the corretc= t mtu of 1500. + # Check if we are using mssfix, fragment and set the corretct mtu of 150= 0. # If we doesn't use one of them, we can use the configured mtu value. if ($sovpnsettings{'MSSFIX'} eq 'on')=20 { print CONF "tun-mtu 1500\n"; } @@ -2183,15 +2183,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){ if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment= $confighash{$cgiparams{'KEY'}}[24]\n";} if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix= \n";} } - if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') || - ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') || - ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) { - if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams= {'KEY'}}[24] eq '')) { - if ($tunmtu eq '1500' ) { - print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n"; - } - } - } # Check host certificate if X509 is RFC3280 compliant. # If not, old --ns-cert-type directive will be used. # If appropriate key usage extension exists, new --remote-cert-tls direct= ive will be used. @@ -2272,7 +2263,7 @@ else print CLIENTCONF "dev tun\r\n"; print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n"; =20 - # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500 + # Check if we are using fragment, mssfix and set MTU to 1500 # or use configured value. if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' ) { print CLIENTCONF "tun-mtu 1500\r\n"; } @@ -3378,7 +3369,6 @@ my $complzoactive; my $mssfixactive; my $authactive; my $n2nfragment; -my @n2nmtudisc =3D split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]); my @n2nproto2 =3D split(/ /, (grep { /^proto/ } @firen2nconf)[0]); my @n2nproto =3D split(/-/, $n2nproto2[1]); my @n2nport =3D split(/ /, (grep { /^port/ } @firen2nconf)[0]); @@ -3414,7 +3404,6 @@ $n2nremsub[2] =3D~ s/\n|\r//g; $n2nlocalsub[2] =3D~ s/\n|\r//g; $n2nfragment[1] =3D~ s/\n|\r//g; $n2nmgmt[2] =3D~ s/\n|\r//g; -$n2nmtudisc[1] =3D~ s/\n|\r//g; $n2ncipher[1] =3D~ s/\n|\r//g; $n2nauth[1] =3D~ s/\n|\r//g; chomp ($complzoactive); @@ -3491,7 +3480,6 @@ foreach my $dkey (keys %confighash) { $confighash{$key}[29] =3D $n2nport[1]; $confighash{$key}[30] =3D $complzoactive; $confighash{$key}[31] =3D $n2ntunmtu[1]; - $confighash{$key}[38] =3D $n2nmtudisc[1]; $confighash{$key}[39] =3D $n2nauth[1]; $confighash{$key}[40] =3D $n2ncipher[1]; $confighash{$key}[41] =3D 'disabled'; @@ -3531,7 +3519,6 @@ foreach my $dkey (keys %confighash) { MSSFIX:$confighas= h{$key}[23] Fragment:$configh= ash{$key}[24] $Lang::tr{'MTU'}$= confighash{$key}[31] - $Lang::tr{'ovpn mtu-disc'}$confighash{$key}[38] Management Port $= confighash{$key}[22] $Lang::tr{'ovpn hmac'}:<= td>$confighash{$key}[39] $Lang::tr{'cipher'}<= b>$confighash{$key}[40] diff --git a/lfs/clamav b/lfs/clamav index 7623801fb..c0612f1aa 100644 --- a/lfs/clamav +++ b/lfs/clamav @@ -24,7 +24,7 @@ =20 include Config =20 -VER =3D 0.100.0 +VER =3D 0.100.1 =20 THISAPP =3D clamav-$(VER) DL_FILE =3D $(THISAPP).tar.gz @@ -32,7 +32,7 @@ DL_FROM =3D $(URL_IPFIRE) DIR_APP =3D $(DIR_SRC)/$(THISAPP) TARGET =3D $(DIR_INFO)/$(THISAPP) PROG =3D clamav -PAK_VER =3D 38 +PAK_VER =3D 39 =20 DEPS =3D "" =20 @@ -48,7 +48,7 @@ objects =3D $(DL_FILE) =20 $(DL_FILE) =3D $(DL_FROM)/$(DL_FILE) =20 -$(DL_FILE)_MD5 =3D 93e8efb489c2afdfca73703b76c24e01 +$(DL_FILE)_MD5 =3D 0f653df0480eebcd828939e8db9f0443 =20 install : $(TARGET) =20 diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-se= tup index f4ec45d90..0ae727c3f 100644 --- a/src/initscripts/helper/aws-setup +++ b/src/initscripts/helper/aws-setup @@ -84,19 +84,27 @@ import_aws_configuration() { echo "DOMAINNAME=3D${hostname#*.}" >> /var/ipfire/main/settings fi =20 - # Import SSH keys - local line - for line in $(get "public-keys/"); do - local key_no=3D"${line%=3D*}" - - local key=3D"$(get public-keys/${key_no}/openssh-key)" - if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/d= ev/null; then - mkdir -p /root/.ssh - chmod 700 /root/.ssh + # Create setup user + if ! getent passwd setup &>/dev/null; then + useradd -r setup -s /usr/bin/run-setup -g nobody -m + fi =20 - echo "${key}" >> /root/.ssh/authorized_keys - chmod 600 /root/.ssh/authorized_keys - fi + # Import SSH keys + local user + for user in /root /home/setup; do + local line + for line in $(get "public-keys/"); do + local key_no=3D"${line%=3D*}" + + local key=3D"$(get public-keys/${key_no}/openssh-key)" + if [ -n "${key}" ] && ! grep -q "^${key}$" "${user}/.ssh/authorized_keys"= 2>/dev/null; then + mkdir -p "${user}/.ssh" + chmod 700 "${user}/.ssh" + + echo "${key}" >> "${user}/.ssh/authorized_keys" + chmod 600 "${user}/.ssh/authorized_keys" + fi + done done =20 # Import any DNS server settings diff --git a/src/setup/Makefile.am b/src/setup/Makefile.am index 0ead63195..b06d20bf1 100644 --- a/src/setup/Makefile.am +++ b/src/setup/Makefile.am @@ -25,11 +25,16 @@ AM_CFLAGS =3D $(OUR_CFLAGS) AM_CXXFLAGS =3D $(OUR_CXXFLAGS) AM_LDFLAGS =3D $(OUR_LDFLAGS) =20 +sudodir =3D /etc/sudoers.d + bin_SCRIPTS =3D sbin_PROGRAMS =3D =20 #- setup -------------------------------------------------------------------= ---- =20 +bin_SCRIPTS +=3D \ + run-setup + sbin_PROGRAMS +=3D \ setup =20 @@ -56,3 +61,6 @@ setup_LDADD =3D \ =20 bin_SCRIPTS +=3D \ probenic.sh + +sudo_DATA =3D \ + sudo/setup diff --git a/src/setup/run-setup b/src/setup/run-setup new file mode 100644 index 000000000..07b04cf43 --- /dev/null +++ b/src/setup/run-setup @@ -0,0 +1,4 @@ +#!/bin/bash + +# Runs setup and tries to gain root privileges +exec sudo setup diff --git a/src/setup/sudo/setup b/src/setup/sudo/setup new file mode 100644 index 000000000..a3bbd7b62 --- /dev/null +++ b/src/setup/sudo/setup @@ -0,0 +1,2 @@ +# The setup is allowed to run the setup command +setup ALL=3D(ALL) NOPASSWD: /usr/sbin/setup hooks/post-receive -- IPFire 2.x development tree --===============4632513637704935897==--