robert pushed to prosody (el6). "Apply wise permissions on SSL certs and config files (..more)"

notifications at fedoraproject.org notifications at fedoraproject.org
Sat Apr 18 14:27:27 UTC 2015 

>From 7083ae937f7278adffac732392556b1fa0bef38c Mon Sep 17 00:00:00 2001
From: Johan Cwiklinski <johan at x-tnd.be>
Date: Sat, 27 Apr 2013 23:30:02 +0200
Subject: Apply wise permissions on SSL certs and config files

Also remove empty and useless certs directory in prosody config
directory.

diff --git a/prosody.spec b/prosody.spec
index 6604f2e..f76b8f6 100644
--- a/prosody.spec
+++ b/prosody.spec
@@ -10,7 +10,7 @@
 
 Name:           prosody
 Version:        0.8.2
-Release:        8%{?dist}
+Release:        9%{?dist}
 Summary:        Flexible communications server for Jabber/XMPP
 
 Group:          System Environment/Daemons
@@ -133,6 +133,8 @@ fi
 umask 077
 if [ ! -f %{sslkey} ] ; then
 %{_bindir}/openssl genrsa 1024 > %{sslkey} 2> /dev/null
+chown root:%{name} %{sslkey}
+chmod 640 %{sslkey}
 fi
 
 FQDN=`hostname`
@@ -152,6 +154,7 @@ SomeOrganizationalUnit
 ${FQDN}
 root@${FQDN}
 EOF
+chmod 644 %{sslcert}
 fi
 
 
@@ -169,7 +172,7 @@ fi
 %dir %{_libdir}/%{name}
 %{_libdir}/%{name}/*
 %dir %{_sysconfdir}/%{name}
-%config(noreplace) %{_sysconfdir}/%{name}/*
+%config(noreplace) %attr(0640, root, %{name}) %{_sysconfdir}/%{name}/*
 %if 0%{?fedora} >= 15 || 0%{?rhel} >= 7
 %config(noreplace) %{_sysconfdir}/tmpfiles.d/%{name}.conf
 %{_unitdir}/%{name}.service
@@ -182,6 +185,11 @@ fi
 
 
 %changelog
+* Sat Apr 27 2013 Robert Scheck <robert at fedoraproject.org> - 0.8.2-9
+- Apply wise permissions to %%{_sysconfdir}/%%{name} (#955384)
+- Apply wise permissions to default SSL certificates (#955380)
+- Do not ship %%{_sysconfdir}/%%{name}/certs by default (#955385)
+
 * Thu Feb 14 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 0.8.2-8
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
 
diff --git a/prosody.sslcerts.patch b/prosody.sslcerts.patch
index d5bda62..c1c4faf 100644
--- a/prosody.sslcerts.patch
+++ b/prosody.sslcerts.patch
@@ -1,7 +1,15 @@
-diff -up prosody-0.8.0/Makefile.patch prosody-0.8.0/Makefile
---- prosody-0.8.0/Makefile.patch	2011-04-08 14:27:59.795497482 +0200
-+++ prosody-0.8.0/Makefile	2011-04-08 14:29:51.175569107 +0200
-@@ -32,18 +32,16 @@ install: prosody.install prosodyctl.inst
+diff -up prosody-0.8.2/Makefile.patch prosody-0.8.2/Makefile
+--- prosody-0.8.2/Makefile.patch	2013-04-27 23:21:21.703446153 +0200
++++ prosody-0.8.2/Makefile	2013-04-27 23:22:19.525442335 +0200
+@@ -20,7 +20,6 @@ install: prosody.install prosodyctl.inst
+ 	install -d $(BIN) $(CONFIG) $(MODULES) $(SOURCE)
+ 	install -m750 -d $(DATA)
+ 	install -d $(MAN)/man1
+-	install -d $(CONFIG)/certs
+ 	install -d $(SOURCE)/core $(SOURCE)/net $(SOURCE)/util
+ 	install -m755 ./prosody.install $(BIN)/prosody
+ 	install -m755 ./prosodyctl.install $(BIN)/prosodyctl
+@@ -33,18 +32,16 @@ install: prosody.install prosodyctl.inst
  	install -m644 plugins/*.lua $(MODULES)
  	install -d $(MODULES)/muc
  	install -m644 plugins/muc/* $(MODULES)/muc
-- 
cgit v0.10.2


	http://pkgs.fedoraproject.org/cgit/prosody.git/commit/?h=el6&id=7083ae937f7278adffac732392556b1fa0bef38c

More information about the scm-commits mailing list