[prosody] Apply wise permissions on SSL certs and config files
Johan Cwiklinski
trasher at fedoraproject.org
Sat Apr 27 21:31:58 UTC 2013
commit 7083ae937f7278adffac732392556b1fa0bef38c
Author: Johan Cwiklinski <johan at x-tnd.be>
Date: Sat Apr 27 23:30:02 2013 +0200
Apply wise permissions on SSL certs and config files
Also remove empty and useless certs directory in prosody config
directory.
prosody.spec | 12 ++++++++++--
prosody.sslcerts.patch | 16 ++++++++++++----
2 files changed, 22 insertions(+), 6 deletions(-)
---
diff --git a/prosody.spec b/prosody.spec
index 6604f2e..f76b8f6 100644
--- a/prosody.spec
+++ b/prosody.spec
@@ -10,7 +10,7 @@
Name: prosody
Version: 0.8.2
-Release: 8%{?dist}
+Release: 9%{?dist}
Summary: Flexible communications server for Jabber/XMPP
Group: System Environment/Daemons
@@ -133,6 +133,8 @@ fi
umask 077
if [ ! -f %{sslkey} ] ; then
%{_bindir}/openssl genrsa 1024 > %{sslkey} 2> /dev/null
+chown root:%{name} %{sslkey}
+chmod 640 %{sslkey}
fi
FQDN=`hostname`
@@ -152,6 +154,7 @@ SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
+chmod 644 %{sslcert}
fi
@@ -169,7 +172,7 @@ fi
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/*
%dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/*
+%config(noreplace) %attr(0640, root, %{name}) %{_sysconfdir}/%{name}/*
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
%{_unitdir}/%{name}.service
@@ -182,6 +185,11 @@ fi
%changelog
+* Sat Apr 27 2013 Robert Scheck <robert at fedoraproject.org> - 0.8.2-9
+- Apply wise permissions to %%{_sysconfdir}/%%{name} (#955384)
+- Apply wise permissions to default SSL certificates (#955380)
+- Do not ship %%{_sysconfdir}/%%{name}/certs by default (#955385)
+
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.2-8
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
diff --git a/prosody.sslcerts.patch b/prosody.sslcerts.patch
index d5bda62..c1c4faf 100644
--- a/prosody.sslcerts.patch
+++ b/prosody.sslcerts.patch
@@ -1,7 +1,15 @@
-diff -up prosody-0.8.0/Makefile.patch prosody-0.8.0/Makefile
---- prosody-0.8.0/Makefile.patch 2011-04-08 14:27:59.795497482 +0200
-+++ prosody-0.8.0/Makefile 2011-04-08 14:29:51.175569107 +0200
-@@ -32,18 +32,16 @@ install: prosody.install prosodyctl.inst
+diff -up prosody-0.8.2/Makefile.patch prosody-0.8.2/Makefile
+--- prosody-0.8.2/Makefile.patch 2013-04-27 23:21:21.703446153 +0200
++++ prosody-0.8.2/Makefile 2013-04-27 23:22:19.525442335 +0200
+@@ -20,7 +20,6 @@ install: prosody.install prosodyctl.inst
+ install -d $(BIN) $(CONFIG) $(MODULES) $(SOURCE)
+ install -m750 -d $(DATA)
+ install -d $(MAN)/man1
+- install -d $(CONFIG)/certs
+ install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util
+ install -m755 ./prosody.install $(BIN)/prosody
+ install -m755 ./prosodyctl.install $(BIN)/prosodyctl
+@@ -33,18 +32,16 @@ install: prosody.install prosodyctl.inst
install -m644 plugins/*.lua $(MODULES)
install -d $(MODULES)/muc
install -m644 plugins/muc/* $(MODULES)/muc
More information about the scm-commits
mailing list