[prosody/f19] Apply wise permissions on SSL certs and config files

Johan Cwiklinski trasher at fedoraproject.org
Sat Apr 27 21:45:42 UTC 2013 

commit 1618f1410b717372e0ecd09ead04603d998a5f57
Author: Johan Cwiklinski <johan at x-tnd.be>
Date:   Sat Apr 27 23:30:02 2013 +0200

    Apply wise permissions on SSL certs and config files
    
    Also remove empty and useless certs directory in prosody config
    directory.

 prosody.spec           |   12 ++++++++++--
 prosody.sslcerts.patch |   16 ++++++++++++----
 2 files changed, 22 insertions(+), 6 deletions(-)
---
diff --git a/prosody.spec b/prosody.spec
index 6604f2e..f76b8f6 100644
--- a/prosody.spec
+++ b/prosody.spec
@@ -10,7 +10,7 @@
 
 Name:           prosody
 Version:        0.8.2
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Flexible communications server for Jabber/XMPP
 
 Group:          System Environment/Daemons
@@ -133,6 +133,8 @@ fi
 umask 077
 if [ ! -f %{sslkey} ] ; then
 %{_bindir}/openssl genrsa 1024 > %{sslkey} 2> /dev/null
+chown root:%{name} %{sslkey}
+chmod 640 %{sslkey}
 fi
 
 FQDN=`hostname`
@@ -152,6 +154,7 @@ SomeOrganizationalUnit
 ${FQDN}
 root@${FQDN}
 EOF
+chmod 644 %{sslcert}
 fi
 
 
@@ -169,7 +172,7 @@ fi
 %dir %{_libdir}/%{name}
 %{_libdir}/%{name}/*
 %dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/*
+%config(noreplace) %attr(0640, root, %{name}) %{_sysconfdir}/%{name}/*
 %if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
 %{_unitdir}/%{name}.service
@@ -182,6 +185,11 @@ fi
 
 
 %changelog
+* Sat Apr 27 2013 Robert Scheck <robert at fedoraproject.org> - 0.8.2-9
+- Apply wise permissions to %%{_sysconfdir}/%%{name} (#955384)
+- Apply wise permissions to default SSL certificates (#955380)
+- Do not ship %%{_sysconfdir}/%%{name}/certs by default (#955385)
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.2-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/prosody.sslcerts.patch b/prosody.sslcerts.patch
index d5bda62..c1c4faf 100644
--- a/prosody.sslcerts.patch
+++ b/prosody.sslcerts.patch
@@ -1,7 +1,15 @@
-diff -up prosody-0.8.0/Makefile.patch prosody-0.8.0/Makefile
---- prosody-0.8.0/Makefile.patch	2011-04-08 14:27:59.795497482 +0200
-+++ prosody-0.8.0/Makefile	2011-04-08 14:29:51.175569107 +0200
-@@ -32,18 +32,16 @@ install: prosody.install prosodyctl.inst
+diff -up prosody-0.8.2/Makefile.patch prosody-0.8.2/Makefile
+--- prosody-0.8.2/Makefile.patch	2013-04-27 23:21:21.703446153 +0200
++++ prosody-0.8.2/Makefile	2013-04-27 23:22:19.525442335 +0200
+@@ -20,7 +20,6 @@ install: prosody.install prosodyctl.inst
+ 	install -d $(BIN) $(CONFIG) $(MODULES) $(SOURCE)
+ 	install -m750 -d $(DATA)
+ 	install -d $(MAN)/man1
+-	install -d $(CONFIG)/certs
+ 	install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util
+ 	install -m755 ./prosody.install $(BIN)/prosody
+ 	install -m755 ./prosodyctl.install $(BIN)/prosodyctl
+@@ -33,18 +32,16 @@ install: prosody.install prosodyctl.inst
  	install -m644 plugins/*.lua $(MODULES)
  	install -d $(MODULES)/muc
  	install -m644 plugins/muc/* $(MODULES)/muc

More information about the scm-commits mailing list