[cherokee] - New upstream release (1.0.8) - Init script overhaul - Relevant changes since 1.0.6: - NEW: Enhance
Lorenzo Villani
arbiter at fedoraproject.org
Sun Aug 29 14:23:18 UTC 2010
commit 5f319b41ed14a883db9c4403f6480eb650ae3e5d
Author: Lorenzo Villani <lvillani at binaryhelix.net>
Date: Sun Aug 29 16:20:17 2010 +0200
- New upstream release (1.0.8)
- Init script overhaul
- Relevant changes since 1.0.6:
- NEW: Enhanced 'Header' rule match
- NEW: Improved extensions rule
- FIX: SSL/TLS works with Firefox again
- FIX: Better SSL/TLS connection close
- FIX: Range requests work better now
- FIX: Hot-linking wizard w/o Referer
- FIX: Hot-linking wizard usability
- FIX: Minor CSS fix in the default dirlist theme
- FIX: POST management issue
- FIX: PHP wizard, better configuration
- FIX: admin, unresponsive button
- DOC: Misc improvements
- i18n: French translation updated
.gitignore | 1 +
01-drop-privileges.patch | 13 ++++
cherokee.init | 144 ++++++++++++++++++++++++++++++----------------
cherokee.spec | 34 ++++++++++-
sources | 2 +-
5 files changed, 141 insertions(+), 53 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index d5fd851..3ac4955 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
cherokee-1.0.4.tar.gz
cherokee-1.0.6.tar.gz
+/cherokee-1.0.8.tar.gz
diff --git a/01-drop-privileges.patch b/01-drop-privileges.patch
new file mode 100644
index 0000000..7284a19
--- /dev/null
+++ b/01-drop-privileges.patch
@@ -0,0 +1,13 @@
+Index: cherokee-1.0.8/cherokee.conf.sample.pre
+===================================================================
+--- cherokee-1.0.8.orig/cherokee.conf.sample.pre
++++ cherokee-1.0.8/cherokee.conf.sample.pre
+@@ -18,6 +18,8 @@ server!keepalive_max_requests = 500
+ server!server_tokens = full
+ server!panic_action = %prefix%/bin/cherokee-panic
+ server!pid_file = %localstatedir%/run/cherokee.pid
++server!group = cherokee
++server!user = cherokee
+
+ # Default virtual server
+ #
diff --git a/cherokee.init b/cherokee.init
old mode 100644
new mode 100755
index 29b8710..f8ffbb0
--- a/cherokee.init
+++ b/cherokee.init
@@ -1,68 +1,114 @@
#!/bin/sh
#
-# cherokee Startup script for the Apache HTTP Server
+# cherokee Startup script for the Cherokee web server.
#
# chkconfig: - 95 05
-# description: Cherokee is ligth Web Server system
-# config: /etc/cherokee/cherokee.conf
-# pidfile: /var/run/cherokee.pid
-# Default-Start: 345
+# description: Cherokee is lightweight web server.
#
-# Source function library
+### BEGIN INIT INFO
+# Provides:
+# Required-Start:
+# Required-Stop:
+# Should-Start:
+# Should-Stop:
+# Default-Start: 3 4 5
+# Default-Stop:
+# Short-Description:
+# Description:
+### END INIT INFO
+
+# Source function library.
. /etc/rc.d/init.d/functions
-NAME=cherokee
-BASE=/usr/sbin/$NAME
-DAEMON="-d"
-CONF="/etc/cherokee/cherokee.conf"
-PIDFILE="/var/run/$NAME.pid"
+exec="/usr/sbin/cherokee"
+prog="cherokee"
+config="/etc/cherokee/cherokee.conf"
+pidfile="/var/run/cherokee.pid"
-# Check that $BASE exists.
-[ -f $BASE ] || exit 0
+# [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
-# Source networking configuration.
+# No network? No cherokee.
. /etc/sysconfig/network
-
-# Check that networking is up.
[ ${NETWORKING} = "no" ] && exit 0
-RETVAL=0
-# See how we were called.
+lockfile=/var/lock/subsys/$prog
+
+start() {
+ [ -x $exec ] || exit 5
+ [ -f $config ] || exit 6
+ echo -n $"Starting $prog: "
+ daemon --pidfile $pidfile $exec -d -C $config
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && touch $lockfile
+ return $retval
+}
+
+stop() {
+ echo -n $"Stopping $prog: "
+ killproc -p $pidfile $prog
+ retval=$?
+ echo
+ [ $retval -eq 0 ] && rm -f $lockfile
+ return $retval
+}
+
+restart() {
+ stop
+ start
+}
+
+reload() {
+ echo -n $"Reloading $prog: "
+ killproc -p $pidfile $prog -HUP
+ retval=$?
+ echo
+ return $retval
+}
+
+force_reload() {
+ restart
+}
+
+rh_status() {
+ # run checks to determine if the service is running or use generic status
+ status $prog
+}
+
+rh_status_q() {
+ rh_status >/dev/null 2>&1
+}
+
+
case "$1" in
- start)
- if [ -n "`/sbin/pidof $NAME`" ]; then
- echo -n $"$NAME: already running"
- echo ""
- exit $RETVAL
- fi
- echo -n "Starting Cherokee service: "
- $BASE --config=$CONF $DAEMON pidfile $PIDFILE >&/dev/null
- /sbin/pidof $NAME >&/dev/null && success || failure
- RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && touch /var/lock/subsys/cherokee
+ start)
+ rh_status_q && exit 0
+ $1
+ ;;
+ stop)
+ rh_status_q || exit 0
+ $1
;;
- stop)
- echo -n "Shutting down Cherokee service: "
- killproc $BASE
- RETVAL=$?
- echo
- [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/cherokee
+ restart)
+ $1
;;
- restart|reload)
- $0 stop
- $0 start
- RETVAL=$?
+ reload)
+ rh_status_q || exit 7
+ $1
;;
- status)
- status $BASE
- RETVAL=$?
+ force-reload)
+ force_reload
;;
- *)
- echo "Usage: $NAME {start|stop|restart|reload|status}"
- exit 1
+ status)
+ rh_status
+ ;;
+ condrestart|try-restart)
+ rh_status_q || exit 0
+ restart
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|status|restart|condrestart|try-restart|reload|force-reload}"
+ exit 2
esac
-
-exit $RETVAL
-
+exit $?
diff --git a/cherokee.spec b/cherokee.spec
index 2214b6e..ac9a49d 100644
--- a/cherokee.spec
+++ b/cherokee.spec
@@ -11,7 +11,7 @@ ExcludeArch: ppc
%endif
Name: cherokee
-Version: 1.0.6
+Version: 1.0.8
Release: 1%{?dist}
Summary: Flexible and Fast Webserver
@@ -23,6 +23,9 @@ BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Source1: %{name}.init
Source2: %{name}.logrotate
+# Drop privileges to cherokee:cherokee after startup
+Patch0: 01-drop-privileges.patch
+
BuildRequires: openssl-devel pam-devel mysql-devel pcre
# BuildRequires: pcre-devel
BuildRequires: gettext
@@ -55,6 +58,7 @@ This package holds the development files for cherokee.
%prep
%setup -q
+%patch0 -p1 -b .privs
%build
%configure --with-wwwroot=%{_var}/www/%{name} --enable-tls=openssl --enable-pthreads --enable-trace --disable-static --disable-rpath
@@ -82,6 +86,9 @@ make install DESTDIR=%{buildroot}
-e 's#log/%{name}\.error#log/%{name}/error_log#' \
%{buildroot}%{_sysconfdir}/%{name}/cherokee.conf.perf_sample
+touch %{buildroot}%{_var}/log/%{name}/access_log \
+ %{buildroot}%{_var}/log/%{name}/error_log
+
find %{buildroot}%{_libdir} -name *.la -exec rm -rf {} \;
mv ChangeLog ChangeLog.iso8859-1
@@ -137,8 +144,11 @@ fi
%{_libdir}/lib%{name}-*.so.*
%{_datadir}/locale/*/LC_MESSAGES/cherokee.mo
%{_datadir}/%{name}
-# logs are written as root. no need to give perms to the cherokee user.
%dir %{_var}/log/%{name}/
+# Since we drop privileges to cherokee:cherokee, change permissions on these
+# log files.
+%attr (-,%{name},%{name}) %{_var}/log/%{name}/error_log
+%attr (-,%{name},%{name}) %{_var}/log/%{name}/access_log
%dir %attr(-,%{name},%{name}) %{_var}/lib/%{name}/
%doc AUTHORS ChangeLog COPYING INSTALL README
%doc %{_datadir}/doc/%{name}
@@ -169,7 +179,25 @@ fi
%changelog
-* Fri Aug 6 2010 lvillani <lvillani at enterprise.binaryhelix.net> 1.0.6-1
+* Sun Aug 29 2010 Lorenzo Villani <lvillani at binaryhelix.net> - 1.0.8-1
+- New upstream release (1.0.8)
+- Init script overhaul
+- Relevant changes since 1.0.6:
+- NEW: Enhanced 'Header' rule match
+- NEW: Improved extensions rule
+- FIX: SSL/TLS works with Firefox again
+- FIX: Better SSL/TLS connection close
+- FIX: Range requests work better now
+- FIX: Hot-linking wizard w/o Referer
+- FIX: Hot-linking wizard usability
+- FIX: Minor CSS fix in the default dirlist theme
+- FIX: POST management issue
+- FIX: PHP wizard, better configuration
+- FIX: admin, unresponsive button
+- DOC: Misc improvements
+- i18n: French translation updated
+
+* Fri Aug 6 2010 Lorenzo Villani <lvillani at enterprise.binaryhelix.net> 1.0.6-1
- Relevant changes since 1.0.4
- NEW: Much better UTF-8 encoding
- NEW: Templates support slicing now (as in Python str)
diff --git a/sources b/sources
index e79eb6b..e6a1592 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-685d7f0319a27ff3b2d49f0f490d31ef cherokee-1.0.6.tar.gz
+12117a80c2a970173bd32660439c2db0 cherokee-1.0.8.tar.gz
More information about the scm-commits
mailing list