[csw-devel] SF.net SVN: gar:[11634] csw/mgar/pkg/apache2/trunk
bdwalton at users.sourceforge.net
bdwalton at users.sourceforge.net
Tue Nov 16 02:41:06 CET 2010
Revision: 11634
http://gar.svn.sourceforge.net/gar/?rev=11634&view=rev
Author: bdwalton
Date: 2010-11-16 01:41:06 +0000 (Tue, 16 Nov 2010)
Log Message:
-----------
apache2: change the way server.{crt,key} are handled to prevent possibly storing sentitive info in /tmp during removal (package upgrade)
Modified Paths:
--------------
csw/mgar/pkg/apache2/trunk/Makefile
csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas
Modified: csw/mgar/pkg/apache2/trunk/Makefile
===================================================================
--- csw/mgar/pkg/apache2/trunk/Makefile 2010-11-15 21:24:47 UTC (rev 11633)
+++ csw/mgar/pkg/apache2/trunk/Makefile 2010-11-16 01:41:06 UTC (rev 11634)
@@ -198,7 +198,7 @@
PKGFILES_CSWap2worker = .*share/doc/ap2_worker.* .*sbin/httpd.worker
PKGFILES_CSWapache2rt = .*share/doc/apache2rt.*
-PROTOTYPE_FILTER = gawk '$$$$3 ~ /apache2\/etc/ && $$$$1 == "f" && $$$$3 !~ /CSW/ && $$$$3 !~ /original/ {$$$$1 = "e"; $$$$2 = "build"}; $$$$3 ~ /server.crt/ { $$$$4 = "0600" }; {print}'
+PROTOTYPE_FILTER = gawk '$$$$3 ~ /apache2\/etc/ && $$$$1 == "f" && $$$$3 !~ /CSW/ && $$$$3 !~ /original/ {$$$$1 = "e"; $$$$2 = "build"}; $$$$3 ~ /server.crt.CSW/ { $$$$1 = "e"; $$$$2 = "build"; $$$$4 = "0600" }; {print}'
include gar/category.mk
@@ -250,7 +250,6 @@
$(abspath $(FILEDIR))/build_cas_template $$f > $$f; \
done )
@echo " => Creating ssl server.crt build CAS template."
- @(cp -p $(WORKDIR)/server.crt.build_cas $(PKGROOT)/$(prefix)/apache2/etc/server.crt; \
- chmod 600 $(PKGROOT)/$(prefix)/apache2/etc/server.crt )
+ @(cp -p $(WORKDIR)/server.crt.build_cas $(PKGROOT)/$(prefix)/apache2/etc/server.crt.CSW; \
+ chmod 600 $(PKGROOT)/$(prefix)/apache2/etc/server.crt.CSW )
@$(MAKECOOKIE)
-
Modified: csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas
===================================================================
--- csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas 2010-11-15 21:24:47 UTC (rev 11633)
+++ csw/mgar/pkg/apache2/trunk/files/server.crt.build_cas 2010-11-16 01:41:06 UTC (rev 11634)
@@ -9,6 +9,10 @@
if [ "$1" = install ]; then
if [ ! -f $PIR/$AP2_CONFDIR/server.crt -a ! -f $PIR/$AP2_CONFDIR/server.key ]; then
echo Generating dummy ssl key and certificate... >&2
+ # this gets captured and placed by the build CAS
+ echo This is a dummy file but still a part of CSWapache2
+ echo Please do not remove.
+
# this is likely overkill for a dummy cert, but why not
cat <<EOF | /usr/sbin/chroot ${PIR} /opt/csw/bin/openssl req -new -newkey rsa:1024 -days 365 -nodes -x509 -keyout $AP2_CONFDIR/server.key -out $AP2_CONFDIR/server.crt >/dev/null 2>&1
TS
@@ -24,7 +28,9 @@
chmod 600 $AP2_CONFDIR/server.key $AP2_CONFDIR/server.crt
chown root:bin $AP2_CONFDIR/server.key $AP2_CONFDIR/server.crt
fi
-else
- # this is so that the build class picks up the file and re-instates it
- cat $PIR/$AP2_CONFDIR/server.crt
fi
+
+# No output on a remove action will see the file purged.
+# As this is server.crt.CSW, that doesn't matter. The
+# real files will be left behind in place whether they
+# are the pretend or replaced with real files by the admin.
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list