[prosody/el6] Apply wise permissions on SSL certs and config files
Johan Cwiklinski
trasher at fedoraproject.org
Sat Apr 27 22:28:06 UTC 2013
commit ee8eba351f3c3b3f459f637181f3a7eb9e5164c0
Author: Johan Cwiklinski <johan at x-tnd.be>
Date: Sat Apr 27 23:30:02 2013 +0200
Apply wise permissions on SSL certs and config files
Also remove empty and useless certs directory in prosody config
directory.
Conflicts:
prosody.spec
Conflicts:
prosody.spec
prosody.spec | 12 ++++++++++--
prosody.sslcerts.patch | 16 ++++++++++++----
2 files changed, 22 insertions(+), 6 deletions(-)
---
diff --git a/prosody.spec b/prosody.spec
index cd89789..5d55916 100644
--- a/prosody.spec
+++ b/prosody.spec
@@ -10,7 +10,7 @@
Name: prosody
Version: 0.8.2
-Release: 5%{?dist}
+Release: 6%{?dist}
Summary: Flexible communications server for Jabber/XMPP
Group: System Environment/Daemons
@@ -135,6 +135,8 @@ fi
umask 077
if [ ! -f %{sslkey} ] ; then
%{_bindir}/openssl genrsa 1024 > %{sslkey} 2> /dev/null
+chown root:%{name} %{sslkey}
+chmod 640 %{sslkey}
fi
FQDN=`hostname`
@@ -154,6 +156,7 @@ SomeOrganizationalUnit
${FQDN}
root@${FQDN}
EOF
+chmod 644 %{sslcert}
fi
@@ -175,7 +178,7 @@ fi
%dir %{_libdir}/%{name}
%{_libdir}/%{name}/*
%dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/*
+%config(noreplace) %attr(0640, root, %{name}) %{_sysconfdir}/%{name}/*
%if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
%config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
%{_unitdir}/%{name}.service
@@ -188,6 +191,11 @@ fi
%changelog
+* Sat Apr 27 2013 Robert Scheck <robert at fedoraproject.org> - 0.8.2-6
+- Apply wise permissions to %%{_sysconfdir}/%%{name} (#955384)
+- Apply wise permissions to default SSL certificates (#955380)
+- Do not ship %%{_sysconfdir}/%%{name}/certs by default (#955385)
+
* Mon May 07 2012 Johan Cwiklinski <johan AT x-tnd DOT be> 0.8.2-5
- Missing rhel %%ifs
- Change the way SSL certificate is generated
diff --git a/prosody.sslcerts.patch b/prosody.sslcerts.patch
index d5bda62..c1c4faf 100644
--- a/prosody.sslcerts.patch
+++ b/prosody.sslcerts.patch
@@ -1,7 +1,15 @@
-diff -up prosody-0.8.0/Makefile.patch prosody-0.8.0/Makefile
---- prosody-0.8.0/Makefile.patch 2011-04-08 14:27:59.795497482 +0200
-+++ prosody-0.8.0/Makefile 2011-04-08 14:29:51.175569107 +0200
-@@ -32,18 +32,16 @@ install: prosody.install prosodyctl.inst
+diff -up prosody-0.8.2/Makefile.patch prosody-0.8.2/Makefile
+--- prosody-0.8.2/Makefile.patch 2013-04-27 23:21:21.703446153 +0200
++++ prosody-0.8.2/Makefile 2013-04-27 23:22:19.525442335 +0200
+@@ -20,7 +20,6 @@ install: prosody.install prosodyctl.inst
+ install -d $(BIN) $(CONFIG) $(MODULES) $(SOURCE)
+ install -m750 -d $(DATA)
+ install -d $(MAN)/man1
+- install -d $(CONFIG)/certs
+ install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util
+ install -m755 ./prosody.install $(BIN)/prosody
+ install -m755 ./prosodyctl.install $(BIN)/prosodyctl
+@@ -33,18 +32,16 @@ install: prosody.install prosodyctl.inst
install -m644 plugins/*.lua $(MODULES)
install -d $(MODULES)/muc
install -m644 plugins/muc/* $(MODULES)/muc
More information about the scm-commits
mailing list