* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a
@ 2018-07-10 17:40 git
0 siblings, 0 replies; only message in thread
From: git @ 2018-07-10 17:40 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 9907 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a (commit)
via b38c334a25047dc89f6448a2debe15fc930e7fd0 (commit)
via 1413006b5b3bbb80ff017c2a966454e530c0e9aa (commit)
from 9aefd1ed07eee7d83e5b274d4a83240811f9e091 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Fri Jul 6 05:57:59 2018 +0200
OpenVPN: Deleted mtu-disc completely since it has been dropped.
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit b38c334a25047dc89f6448a2debe15fc930e7fd0
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Jul 9 20:53:45 2018 +0200
clamav: Update to 0.100.1
For details see:
https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1413006b5b3bbb80ff017c2a966454e530c0e9aa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Tue Jul 10 18:32:20 2018 +0100
aws: Create "setup" user to run setup
Amazon does not permit that a user logs in as root directly.
Instead they insist on using sudo.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/common/setup | 2 ++
html/cgi-bin/ovpnmain.cgi | 17 ++---------------
lfs/clamav | 6 +++---
src/initscripts/helper/aws-setup | 32 ++++++++++++++++++++------------
src/setup/Makefile.am | 8 ++++++++
src/setup/run-setup | 4 ++++
src/setup/sudo/setup | 2 ++
7 files changed, 41 insertions(+), 30 deletions(-)
create mode 100644 src/setup/run-setup
create mode 100644 src/setup/sudo/setup
Difference in files:
diff --git a/config/rootfiles/common/setup b/config/rootfiles/common/setup
index c5bd361a5..5da99c1cf 100644
--- a/config/rootfiles/common/setup
+++ b/config/rootfiles/common/setup
@@ -1,4 +1,6 @@
+etc/sudoers.d/setup
usr/bin/probenic.sh
+usr/bin/run-setup
usr/sbin/setup
usr/share/locale/ar/LC_MESSAGES/setup.mo
usr/share/locale/ca/LC_MESSAGES/setup.mo
diff --git a/html/cgi-bin/ovpnmain.cgi b/html/cgi-bin/ovpnmain.cgi
index f06e7cf03..976300fc7 100644
--- a/html/cgi-bin/ovpnmain.cgi
+++ b/html/cgi-bin/ovpnmain.cgi
@@ -271,7 +271,7 @@ sub writeserverconf {
print CONF "server $tempovpnsubnet[0] $tempovpnsubnet[1]\n";
#print CONF "push \"route $netsettings{'GREEN_NETADDRESS'} $netsettings{'GREEN_NETMASK'}\"\n";
- # Check if we are using mssfix, fragment or mtu-disc and set the corretct mtu of 1500.
+ # Check if we are using mssfix, fragment and set the corretct mtu of 1500.
# If we doesn't use one of them, we can use the configured mtu value.
if ($sovpnsettings{'MSSFIX'} eq 'on')
{ print CONF "tun-mtu 1500\n"; }
@@ -2183,15 +2183,6 @@ if ($confighash{$cgiparams{'KEY'}}[3] eq 'net'){
if ($confighash{$cgiparams{'KEY'}}[24] ne '') {print CLIENTCONF "fragment $confighash{$cgiparams{'KEY'}}[24]\n";}
if ($confighash{$cgiparams{'KEY'}}[23] eq 'on') {print CLIENTCONF "mssfix\n";}
}
- if (($confighash{$cgiparams{'KEY'}}[38] eq 'yes') ||
- ($confighash{$cgiparams{'KEY'}}[38] eq 'maybe') ||
- ($confighash{$cgiparams{'KEY'}}[38] eq 'no' )) {
- if (($confighash{$cgiparams{'KEY'}}[23] ne 'on') || ($confighash{$cgiparams{'KEY'}}[24] eq '')) {
- if ($tunmtu eq '1500' ) {
- print CLIENTCONF "mtu-disc $confighash{$cgiparams{'KEY'}}[38]\n";
- }
- }
- }
# Check host certificate if X509 is RFC3280 compliant.
# If not, old --ns-cert-type directive will be used.
# If appropriate key usage extension exists, new --remote-cert-tls directive will be used.
@@ -2272,7 +2263,7 @@ else
print CLIENTCONF "dev tun\r\n";
print CLIENTCONF "proto $vpnsettings{'DPROTOCOL'}\r\n";
- # Check if we are using fragment, mssfix or mtu-disc and set MTU to 1500
+ # Check if we are using fragment, mssfix and set MTU to 1500
# or use configured value.
if ($vpnsettings{FRAGMENT} ne '' && $vpnsettings{DPROTOCOL} ne 'tcp' )
{ print CLIENTCONF "tun-mtu 1500\r\n"; }
@@ -3378,7 +3369,6 @@ my $complzoactive;
my $mssfixactive;
my $authactive;
my $n2nfragment;
-my @n2nmtudisc = split(/ /, (grep { /^mtu-disc/ } @firen2nconf)[0]);
my @n2nproto2 = split(/ /, (grep { /^proto/ } @firen2nconf)[0]);
my @n2nproto = split(/-/, $n2nproto2[1]);
my @n2nport = split(/ /, (grep { /^port/ } @firen2nconf)[0]);
@@ -3414,7 +3404,6 @@ $n2nremsub[2] =~ s/\n|\r//g;
$n2nlocalsub[2] =~ s/\n|\r//g;
$n2nfragment[1] =~ s/\n|\r//g;
$n2nmgmt[2] =~ s/\n|\r//g;
-$n2nmtudisc[1] =~ s/\n|\r//g;
$n2ncipher[1] =~ s/\n|\r//g;
$n2nauth[1] =~ s/\n|\r//g;
chomp ($complzoactive);
@@ -3491,7 +3480,6 @@ foreach my $dkey (keys %confighash) {
$confighash{$key}[29] = $n2nport[1];
$confighash{$key}[30] = $complzoactive;
$confighash{$key}[31] = $n2ntunmtu[1];
- $confighash{$key}[38] = $n2nmtudisc[1];
$confighash{$key}[39] = $n2nauth[1];
$confighash{$key}[40] = $n2ncipher[1];
$confighash{$key}[41] = 'disabled';
@@ -3531,7 +3519,6 @@ foreach my $dkey (keys %confighash) {
<tr><td class='boldbase' nowrap='nowrap'>MSSFIX:</td><td><b>$confighash{$key}[23]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Fragment:</td><td><b>$confighash{$key}[24]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'MTU'}</td><td><b>$confighash{$key}[31]</b></td></tr>
- <tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn mtu-disc'}</td><td><b>$confighash{$key}[38]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>Management Port </td><td><b>$confighash{$key}[22]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'ovpn hmac'}:</td><td><b>$confighash{$key}[39]</b></td></tr>
<tr><td class='boldbase' nowrap='nowrap'>$Lang::tr{'cipher'}</td><td><b>$confighash{$key}[40]</b></td></tr>
diff --git a/lfs/clamav b/lfs/clamav
index 7623801fb..c0612f1aa 100644
--- a/lfs/clamav
+++ b/lfs/clamav
@@ -24,7 +24,7 @@
include Config
-VER = 0.100.0
+VER = 0.100.1
THISAPP = clamav-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -32,7 +32,7 @@ DL_FROM = $(URL_IPFIRE)
DIR_APP = $(DIR_SRC)/$(THISAPP)
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = clamav
-PAK_VER = 38
+PAK_VER = 39
DEPS = ""
@@ -48,7 +48,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 93e8efb489c2afdfca73703b76c24e01
+$(DL_FILE)_MD5 = 0f653df0480eebcd828939e8db9f0443
install : $(TARGET)
diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup
index f4ec45d90..0ae727c3f 100644
--- a/src/initscripts/helper/aws-setup
+++ b/src/initscripts/helper/aws-setup
@@ -84,19 +84,27 @@ import_aws_configuration() {
echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
fi
- # Import SSH keys
- local line
- for line in $(get "public-keys/"); do
- local key_no="${line%=*}"
-
- local key="$(get public-keys/${key_no}/openssh-key)"
- if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
- mkdir -p /root/.ssh
- chmod 700 /root/.ssh
+ # Create setup user
+ if ! getent passwd setup &>/dev/null; then
+ useradd -r setup -s /usr/bin/run-setup -g nobody -m
+ fi
- echo "${key}" >> /root/.ssh/authorized_keys
- chmod 600 /root/.ssh/authorized_keys
- fi
+ # Import SSH keys
+ local user
+ for user in /root /home/setup; do
+ local line
+ for line in $(get "public-keys/"); do
+ local key_no="${line%=*}"
+
+ local key="$(get public-keys/${key_no}/openssh-key)"
+ if [ -n "${key}" ] && ! grep -q "^${key}$" "${user}/.ssh/authorized_keys" 2>/dev/null; then
+ mkdir -p "${user}/.ssh"
+ chmod 700 "${user}/.ssh"
+
+ echo "${key}" >> "${user}/.ssh/authorized_keys"
+ chmod 600 "${user}/.ssh/authorized_keys"
+ fi
+ done
done
# Import any DNS server settings
diff --git a/src/setup/Makefile.am b/src/setup/Makefile.am
index 0ead63195..b06d20bf1 100644
--- a/src/setup/Makefile.am
+++ b/src/setup/Makefile.am
@@ -25,11 +25,16 @@ AM_CFLAGS = $(OUR_CFLAGS)
AM_CXXFLAGS = $(OUR_CXXFLAGS)
AM_LDFLAGS = $(OUR_LDFLAGS)
+sudodir = /etc/sudoers.d
+
bin_SCRIPTS =
sbin_PROGRAMS =
#- setup -----------------------------------------------------------------------
+bin_SCRIPTS += \
+ run-setup
+
sbin_PROGRAMS += \
setup
@@ -56,3 +61,6 @@ setup_LDADD = \
bin_SCRIPTS += \
probenic.sh
+
+sudo_DATA = \
+ sudo/setup
diff --git a/src/setup/run-setup b/src/setup/run-setup
new file mode 100644
index 000000000..07b04cf43
--- /dev/null
+++ b/src/setup/run-setup
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+# Runs setup and tries to gain root privileges
+exec sudo setup
diff --git a/src/setup/sudo/setup b/src/setup/sudo/setup
new file mode 100644
index 000000000..a3bbd7b62
--- /dev/null
+++ b/src/setup/sudo/setup
@@ -0,0 +1,2 @@
+# The setup is allowed to run the setup command
+setup ALL=(ALL) NOPASSWD: /usr/sbin/setup
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-07-10 17:40 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-10 17:40 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 32405d88b0ac820ae74c0a15cc2f805cdcb63a6a git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox