Changeset 1259


Ignore:
Timestamp:
Jul 9, 2009, 3:48:21 PM (13 years ago)
Author:
mitchb
Message:
Reintegrate branches/fc11-dev (r1121:1258) to trunk
Location:
trunk
Files:
3 deleted
25 edited
9 copied

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/server/common/patches/httpd-2.2.x-sni.patch

    r1115 r1259  
    971971Index: httpd-2.2.11/docs/manual/mod/mod_ssl.html.en
    972972===================================================================
    973 --- httpd-2.2.11/docs/manual/mod/mod_ssl.html.en        (revision 768863)
    974 +++ httpd-2.2.11/docs/manual/mod/mod_ssl.html.en        (working copy)
     973--- httpd-2.2.11/docs/manual/mod/mod_ssl.html.en        2008-08-20 19:02:48.000000000 -0400
     974+++ httpd-2.2.11/docs/manual/mod/mod_ssl.html.en        2009-06-03 05:33:23.000000000 -0400
    975975@@ -75,6 +75,7 @@ to provide the cryptography engine.</p>
    976976 <li><img alt="" src="../images/down.gif" /> <a href="#sslrequiressl">SSLRequireSSL</a></li>
     
    10261026+<p class="apache">Copyright 2009 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p>
    10271027 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div>
    1028  </body></html>
     1028-</body></html>
     1029\ No newline at end of file
     1030+</body></html>
  • trunk/server/common/patches/httpd-suexec-scripts.patch

    r1169 r1259  
    4545 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[
    4646   AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] )
    47 --- httpd-2.2.2/support/suexec.c.old    2006-04-21 21:53:06.000000000 -0400
    48 +++ httpd-2.2.2/support/suexec.c        2007-05-22 10:32:04.000000000 -0400
     47--- httpd-2.2.11/support/suexec.c.old   2008-11-30 10:47:31.000000000 -0500
     48+++ httpd-2.2.11/support/suexec.c       2009-06-08 09:02:17.000000000 -0400
    4949@@ -30,6 +30,9 @@
    5050  *
     
    5757 #include "ap_config.h"
    5858 #include "suexec.h"
    59 @@ -46,6 +48,7 @@
     59@@ -46,6 +49,7 @@
    6060 #include <stdio.h>
    6161 #include <stdarg.h>
     
    6565 #ifdef HAVE_PWD_H
    6666 #include <pwd.h>
    67 @@ -95,6 +98,7 @@
     67@@ -95,6 +99,7 @@
    6868 {
    6969     /* variable name starts with */
     
    146146     clean_env();
    147147+    setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */
    148 
     148 
    149149     prog = argv[0];
    150150     /*
    151 @@ -350,6 +406,20 @@
     151@@ -350,6 +414,20 @@
    152152 #endif /*_OSD_POSIX*/
    153153 
     
    170170      * or attempts to back up out of the current directory,
    171171      * to protect against attacks.  If any are
    172 @@ -371,6 +441,7 @@
     172@@ -371,6 +449,7 @@
    173173         userdir = 1;
    174174     }
     
    178178      * Error out if the target username is invalid.
    179179      */
    180 @@ -450,7 +521,7 @@
     180@@ -452,7 +531,7 @@
    181181      * Error out if attempt is made to execute as root or as
    182182      * a UID less than AP_UID_MIN.  Tsk tsk.
     
    187187         exit(107);
    188188     }
    189 @@ -482,6 +553,21 @@
     189@@ -484,6 +563,21 @@
    190190         log_err("failed to setuid (%ld: %s)\n", uid, cmd);
    191191         exit(110);
     
    209209     /*
    210210      * Get the current working directory, as well as the proper
    211 @@ -504,6 +588,21 @@
     211@@ -506,6 +600,21 @@
    212212             log_err("cannot get docroot information (%s)\n", target_homedir);
    213213             exit(112);
     
    231231     else {
    232232         if (((chdir(AP_DOC_ROOT)) != 0) ||
    233 @@ -530,15 +629,17 @@
     233@@ -532,15 +641,17 @@
    234234     /*
    235235      * Error out if cwd is writable by others.
     
    250250         exit(117);
    251251     }
    252 @@ -546,10 +647,12 @@
     252@@ -548,10 +659,12 @@
    253253     /*
    254254      * Error out if the program is writable by others.
     
    263263     /*
    264264      * Error out if the file is setuid or setgid.
    265 @@ -563,6 +666,7 @@
     265@@ -565,6 +678,7 @@
    266266      * Error out if the target name/group is different from
    267267      * the name/group of the cwd or the program.
     
    271271         (gid != dir_info.st_gid) ||
    272272         (uid != prg_info.st_uid) ||
    273 @@ -574,12 +678,14 @@
     273@@ -576,16 +690,33 @@
    274274                 prg_info.st_uid, prg_info.st_gid);
    275275         exit(120);
     
    287287         exit(121);
    288288     }
    289 @@ -606,6 +711,21 @@
    290        exit(122);
    291      }
    292289 
    293290+    if (is_static_extension(cmd)) {
    294291+        argv[2] = STATIC_CAT_PATH;
    295292+        execv(STATIC_CAT_PATH, &argv[2]);
    296 +       log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]);
    297 +       exit(255);
     293+        log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]);
     294+        exit(255);
    298295+    }
    299296+    if (is_php_extension(cmd)) {
     
    302299+        argv[2] = "-f";
    303300+        execv(PHP_PATH, &argv[1]);
    304 +       log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]);
    305 +       exit(255);
    306 +    }
    307 +
    308      /*
    309       * Execute the command, replacing our image with its own.
    310       */
     301+        log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]);
     302+        exit(255);
     303+    }
     304+
     305 #ifdef AP_SUEXEC_UMASK
     306     /*
     307      * umask() uses inverse logic; bits are CLEAR for allowed access.
  • trunk/server/common/patches/openafs-scripts.patch

    r1134 r1259  
    127127     short multiPage;           /* count of multi-page getpages in progress */
    128128 #endif
    129 +    bool apache_access;                /* whether or not Apache has access to a file */
     129+    int apache_access;         /* whether or not Apache has access to a file */
    130130 };
    131131 
  • trunk/server/doc/install-howto.sh

    r1237 r1259  
    88
    99boot=${1:$(cat /scripts-boot-count)}
     10
     11# XXX: let 'branch' be the current svn branch you are on
    1012
    1113doreboot() {
     
    5355
    5456    cd /srv
    55     svn co svn://$source_server/trunk repository
     57    svn co svn://$source_server/$branch repository
    5658
    5759    sed -i 's/^(# *)*store-passwords.*/store-passwords = no/' /root/.subversion/config
     
    6769# Run "make install-deps" to install various prereqs.  Nonstandard
    6870# deps are in /mit/scripts/rpm.
     71    YUM install -y make
    6972    make install-deps
    7073
     
    7477# Check out the scripts /etc configuration
    7578    cd /root
    76     svn co svn://scripts.mit.edu/trunk/server/fedora/config/etc etc
     79    svn co svn://scripts.mit.edu/$branch/server/fedora/config/etc etc
     80    # backslash to make us not use the alias
    7781    \cp -a etc /
    7882
     83# NOTE: You will have just lost DNS resolution and the abilit
     84# to do password SSH in
     85
     86    service named start
     87    chkconfig named on
     88
     89# XXX: This sometimes doesn't exist, but it really sucks if it
     90# does exist. So check for it.
    7991# yum remove nss_ldap, because nss-ldapd conflicts with it
     92
     93# In the case of the Kerberos libraries, you'll be told that
     94# there are conflicting files with the 64-bit versions of the packages,
     95# which we scriptsify.  You'll have to use --force to install those
     96# rpms despite the conflicts.  After doing that, you may want to
     97# install the corresponding 64-bit scriptsified versions again, just
     98# to be safe in case the 32-bit versions overwrite files that differ.
     99# When you try this, it will complain that you already have the same
     100# version installed; again, you'll need to use --force to do it anyway.
     101
     102# We need yumdownloader to force some RPMs
     103    # XXX: This might be wrong. Sanity check what packages ou
     104    # have when done
     105    YUM install -y yum-utils
     106    yumdownloader krb5-libs
     107    # XXX: These version numbers are hardcoded, need some cli-fu to generalize
     108    rpm -i krb5-libs-*.i586.rpm
     109    rpm -U --force krb5-libs-*.scripts.1138.x86_64.rpm
    80110
    81111# env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
    82112    YUM install -y scripts-base
    83113
    84 # Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home.
     114# Install mit-zephyr
     115    YUM install -y mit-zephyr
    85116
    86117# Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
    87118# anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
    88 # that makes it hang forever.
    89 
    90 # Install and configure bind
    91 # - env NSS_NONLOCAL_IGNORE=1 yum install bind
    92 # - chkconfig named on
    93 # - service named start
     119# that makes it hang forever. (This is why we're using YUM, not yum)
    94120
    95121# Reload the iptables config to take down the restrictive firewall
    96 # service iptables restart
     122    service iptables restart
    97123
    98124# Copy over root's dotfiles from one of the other machines.
     125# Perhaps a useful change is to remove the default aliases
     126    # On 2009-07-01, the dotfiles to transfer where:
     127    #   .bashrc .ldapvirc .screenrc .ssh (<- directory) .vimrc
     128    # Trying to scp from server to server won't work, as scp
     129    # will attempt to negotiate a server-to-server connection.
     130    # Instead, scp to your trusted machine as a temporary file,
     131    # and then push to the other server
    99132
    100133# Replace rsyslog with syslog-ng by doing:
    101 # # rpm -e --nodeps rsyslog
    102 # # yum install syslog-ng
    103 
    104 # Install various dependencies of the scripts system, including syslog-ng,
    105 # glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all.
     134    rpm -e --nodeps rsyslog
     135    YUM install -y syslog-ng
     136    chkconfig syslog-ng on
     137
     138# Install various dependencies of the scripts system, including
     139# glibc-devel.i586 (ezyang: already installed for me),
     140# python-twisted-core (ditto), mod_fcgid, nrpe, nagios-plugins-all.
     141    YUM install -y mod_fcgid
     142    YUM install -y nrpe
     143    YUM install -y nagios-plugins-all
    106144
    107145# Disable NetworkManager with chkconfig NetworkManager off. Configure
     
    109147# traffic over the back end. Make sure that chkconfig reports "network" on, so
    110148# that the network will still be configured at next boot.
     149# ezyang: For me, NetworkManager was not installed at this point, and
     150# we had already done the basic config for networking front end and
     151# back end (because I wanted ssh access, and not just conserver access)
    111152
    112153# Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
     
    114155#       /afs:/usr/vice/cache:10000000
    115156# Also fix ThisCell to contain athena.mit.edu in both directories
     157    echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
     158    # ezyang: ThisCell on b-k and c-w don't have anything special
     159    # written here
    116160
    117161# Figure out why Zephyr isn't working. Most recently, it was because there
    118162# was a 64-bit RPM installed; remove it and install Joe's 32-bit one
     163    YUM erase -y mit-zephyr
     164    # mit-zephyr has a spurious dependency on mit-krb-config
     165    yumdownloader mit-zephyr.i386
     166    # if deps change, this breaks
     167    YUM install -y libXaw.i586 libXext.i586 libXmu.i586 ncurses-libs.i586 readline.i58
     168    rpm -i --nodeps mit-zephyr-2.1-6-linux.i386.rpm
    119169
    120170# Install the athena-base, athena-lprng, and athena-lprng-misc RPMs
     
    125175# install the rest of the things it really does depend on.  This will
    126176# include a bunch of 32-bit rpms; go ahead and install the .i586 versions
    127 # of them.  In the case of the Kerberos libraries, you'll be told that
    128 # there are conflicting files with the 64-bit versions of the packages,
    129 # which we scriptsify.  You'll have to use --force to install those
    130 # rpms despite the conflicts.  After doing that, you may want to
    131 # install the corresponding 64-bit scriptsified versions again, just
    132 # to be safe in case the 32-bit versions overwrite files that differ.
    133 # When you try this, it will complain that you already have the same
    134 # version installed; again, you'll need to use --force to do it anyway.
    135 # Yuck.
     177# of them.
     178    YUM install -y athena-base
     179    YUM install -y athena-lprng
     180    yumdownloader athena-lprng-misc
     181    # ezyang: I couldn't find any deps for this that existed in the repos
     182    # You might get a "find: `/usr/athena/info': No such file or directory"
     183    # error; this is fine
     184    rpm -i --nodeps athena-lprng-misc-9.4-0.i386.rpm
    136185
    137186# Install the full list of RPMs that users expect to be on the
    138 # scripts.mit.edu servers.  See server/doc/rpm and
    139 # server/doc/rpm_snapshot.  (Note that this is only a snapshot, and not
    140 # all packages may in fact be in use.)
     187# scripts.mit.edu servers.
     188
     189# ezyang: Running the below I got file conflicts. To fix (since I had
     190# botched steps above), I manually compared package lists and installed
     191# them.  If you've done the krb5 setup originally correctly, then
     192# write down what you had to do here.
     193    yumdownloader krb5-devel
     194    rpm -i --force krb5-devel-*.i586.rpm
     195    rpm -U --force krb5-devel-*.scripts.1138.x86_64.rpm
     196    yumdownloader krb5-server
     197    rpm -i --force krb5-server-*.scripts.1138.x86_64.rpm
     198
     199
     200# on another server, run:
     201rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt
     202# arrange for packages.txt to be passed to the server, then run:
     203    # notice that yum is not capitalized
     204    # Also notice skip-broken
     205    cat packages.txt | NSS_NONLOCAL_IGNORE=1 xargs yum install -y --skip-broken
    141206
    142207# Check which packages are installed on your new server that are not
     
    144209# on the new machine.  Otherwise, aside from bloat, you may end up
    145210# with undesirable things for security, like sendmail.
     211    rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > newpackages.txt
     212    diff -u packages.txt newpackages.txt  | less
     213    # if all went well, you'll probably see multiple kernel versions
     214    # as the only diff
     215    # ezyang: I got exim installed as another package
    146216
    147217# Check out the scripts /usr/vice/etc configuration
     
    164234# Then on the server you're installing,
    165235#    cat perl-packages.txt | perl -MCPAN -e shell
     236    export PERL_MM_USE_DEFAULT=1
     237    # XXX: Some interactive gobbeldygook
     238    cpan
     239        o conf prerequisites_policy follow
     240        o conf commit
     241# on a reference server
     242perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > perl-packages.txt
     243# arrange for perl-packages.txt to be transferred to server
     244    cat perl-packages.txt | perl -MCPAN -e shell
    166245
    167246# Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on
    168247# the other scripts.mit.edu servers and do not have RPMs.
     248# The general mode of operation will be to run the "list" command
     249# on both servers, see what the differences are, check if those diffs
     250# are packaged up as rpms, and install them (rpm if possible, native otherwise)
    169251# - Look at /usr/lib/python2.6/site-packages and
    170252#           /usr/lib64/python2.6/site-packages for Python eggs and modules.
     253#   There will be a lot of gunk that was installed from packages;
     254#   easy-install.pth will tell you what was easy_installed.
    171255#   First use 'yum search' to see if the relevant package is now available
    172256#   as an RPM, and install that if it is.  If not, then use easy_install.
    173257# - Look at `gem list` for Ruby gems.
    174258#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
     259#       ezyang: rspec-rails depends on rspec, and will override the Yum
     260#       package, so... don't use that RPM yet
    175261# - Look at `pear list` for Pear fruits (or whatever they're called).
    176262#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
    177263#   that for things in the beta repo, you'll need 'pear install package-beta'.
     264#   (you might get complaints about the php_scripts module; ignore them)
    178265# - Look at `pecl list` for PECL things.  'yum search', and if you must,
    179266#   'pecl install' needed items.
    180 
    181 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
     267    # Automating this... will require a lot of batonning between
     268    # the servers. Probably best way to do it is to write an actual
     269    # script.
     270
     271# Setup some Python config
     272    echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
    182273
    183274# Install the credentials.  There are a lot of things to remember here:
     275#   o This will be different if you're setting up our build/update server.
    184276#   o You probably installed the machine keytab long ago
     277    ls -l /etc/krb5.keytab
    185278#   o Use ktutil to combine the host/scripts.mit.edu and
    186279#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
    187280#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
    188 #     or you'll break the other servers.
     281#     or you'll break the other servers. (real servers only)
    189282#   o The daemon.scripts keytab
    190 #   o The SSL cert private key
    191 #   o The LDAP password for the signup process
    192 #   o The SQL password for the signup process
    193 #   o The LDAP keytab for this server, which will be used later
    194 #   o Replace the ssh host keys with the ones common to all scripts servers
    195 #   o You'll install an LDAP certificate signed by the scripts CA later
     283    ls -l /etc/daemon.keytab
     284#   o The SSL cert private key (real servers only)
     285#   o The LDAP password for the signup process (real servers only)
     286#   o The SQL password for the signup process (real servers only)
     287#   o The LDAP keytab for this server, which will be used later (real servers only)
     288#   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
     289#   o You'll install an LDAP certificate signed by the scripts CA later (real servers only)
    196290#   o Make sure root's .k5login is correct
    197 #   o Make sure logview's .k5login is correct
     291    cat /root/.k5login
     292#   o Make sure logview's .k5login is correct (real servers only)
    198293
    199294# If you are setting up a test server, pay attention to
    200295# /etc/sysconfig/network-scripts and do not bind scripts' IP address.
    201 # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf,
    202 # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to
    203 # use scripts.mit.edu instead of localhost.
     296# You will also need to modify:
     297#   o /etc/ldap.conf
     298#       add: host scripts.mit.edu
     299#   o /etc/nss-ldapd.conf
     300#       replace: uri *****
     301#       with: uri ldap://scripts.mit.edu/
     302#   o /etc/openldap/ldap.conf
     303#       add: URI ldap://scripts.mit.edu/
     304#            BASE dc=scripts,dc=mit,dc=edu
     305#   o /etc/httpd/conf.d/vhost_ldap.conf
     306#       replace: VhostLDAPUrl ****
     307#       with: VhostLDAPUrl "ldap://scripts.mit.edu/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu"
     308# to use scripts.mit.edu instead of localhost.
     309# XXX: someone should write sed scripts to do this
     310
     311# If you are setting up a test server, afsagent's cronjob will attempt
     312# to be renewing with the wrong credentials (daemon.scripts). Change this:
     313    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    204314
    205315# Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
     
    209319# boot. Run chkconfig to make sure the set of services to be run is
    210320# correct.
    211 
    212 # cd /etc/postfix; postmap virtual
    213 # Otherwise postfix will appear to work, but actually not deliver mail
     321    chkconfig dirsrv on
     322    chkconfig nslcd on
     323    chkconfig nscd on
     324    chkconfig postfix on
     325    chkconfig httpd on
     326
     327# Postfix doesn't actually deliver mail; fix this
     328    cd /etc/postfix
     329    postmap virtual
    214330
    215331# Run fmtutil-sys --all, which does something that makes TeX work.
     332    fmtutil-sys --all
     333    # ezyang: I got errors on xetex
    216334
    217335# Ensure that PHP isn't broken:
    218 # # mkdir /tmp/sessions
    219 # # chmod 01777 /tmp/sessions
     336    mkdir /tmp/sessions
     337    chmod 01777 /tmp/sessions
     338
     339# Ensure that fcgid isn't broken:
     340    chmod 755 /var/run/httpd
     341    # ezyang: The below didn't exist for me
     342    chmod 755 /var/run/httpd/mod_fcgid
     343    chmod 755 /var/run/mod_fcgid
     344
     345# Fix etc by making sure none of our config files got overwritten
     346    cd /etc
     347    svn status | grep M
     348    # ezyang: I had to revert krb5.conf, nsswitch.conf and sysconfig/openafs
    220349
    221350# Reboot the machine to restore a consistent state, in case you
    222351# changed anything.
     352    # ezyang: When I rebooted, the following things happened:
     353    #   o Starting kdump failed (this is ok)
     354    #   o postfix mailbombed us
     355    #   o firstboot configuration screen popped up (ignored; manually will do
     356    #     chkconfig after the fact)
    223357
    224358# (Optional) Beat your head against a wall.
     
    226360# Possibly perform other steps that I've neglected to put in this
    227361# document.
     362#   o In the first install of not-backward, ThisCell got clobbered, resulting
     363#     in trying to get tickets from openafs.org. Not sure when it got
     364#     clobbered -- ezyang
     365#   o For some reason, syslog-ng wasn't turning on automatically, so we weren't
     366#     getting spew
     367
     368# Some info about changing hostnames: it appears to be in:
     369#   o /etc/sysconfig/network
     370#   o your lvm thingies; probably don't need to edit
  • trunk/server/fedora/Makefile

    r1235 r1259  
    1919# See /COPYRIGHT in this repository for more information.
    2020
    21 upstream_yum    = krb5 httpd openssh pysvn php
     21upstream_yum    = krb5 httpd openssh php
    2222upstream        = openafs $(upstream_yum)
    23 oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i386 whoisd mit-zephyr nss-ldapd nss-ldapd.i386 athrun php_scripts scripts-base
     23oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr nss-ldapd nss-ldapd.i586 athrun php_scripts scripts-base
    2424allsrc          = $(upstream) $(oursrc)
    2525oursrcdir       = ${PWD}/../common/oursrc
     
    127127$(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_')'
    128128
    129 $(filter %.i386,$(oursrc)): %.i386: setup
     129$(filter %.i586,$(oursrc)): %.i586: setup
    130130        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    131         setarch i386 rpmbuild $(rpmbuild_args) --target=i386 --define="_lib lib" -bb ${tmp_specs}/$**.spec
     131        setarch i586 rpmbuild $(rpmbuild_args) --target=i586 --define="_lib lib" -bb ${tmp_specs}/$**.spec
    132132
    133 $(filter-out %.i386,$(oursrc)): %: setup
     133$(filter-out %.i586,$(oursrc)): %: setup
    134134        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    135135        rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/$**.spec
     
    179179
    180180# The following packages are needed for our packages
    181 basic-deps      = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i386 glibc-devel libtool libgcc.i386
    182 oursrc-deps     = hesinfo openldap-clients php-devel
     181basic-deps      = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586
     182oursrc-deps     = hesinfo openldap-clients openldap-devel.i586 php-devel
    183183httpdmods-deps  = httpd-devel
    184184httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
    185 krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex
     185krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex
    186186openafs-deps    = pam-devel automake
    187 mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i386 hesiod.i386 libXt.i386 #compat-readline43
    188 openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth gobject-devel pango-devel cairo-devel libedit-devel nss-devel
     187mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i586 hesiod.i586 libXt.i586 #compat-readline43
     188openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth pango-devel cairo-devel libedit-devel nss-devel fipscheck-devel
     189php-deps        = bzip2-devel curl-devel gmp-devel libstdc++-devel sqlite-devel gcc-c++ libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel libXpm-devel libjpeg-devel t1lib-devel libmcrypt-devel mhash-devel libtidy-devel freetds-devel aspell-devel recode-devel
    189190install-deps:
    190         yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps)
     191        yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) $(php-deps)
    191192        rpm -ivh ftp://ftp.muug.mb.ca/mirror/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm
    192193#       rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm
  • trunk/server/fedora/config/etc/httpd/conf/httpd.conf

    r1164 r1259  
    260260
    261261RLimitCPU 300 300
    262 RLimitMEM 536870912 536870912
     262RLimitMEM 1342177280 1342177280
    263263RLimitNPROC 4096 4096
    264264
  • trunk/server/fedora/config/etc/logrotate.d/httpd

    r180 r1259  
    66    sharedscripts
    77    postrotate
    8         /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true
     8        /bin/kill -HUP `cat /var/run/httpd/httpd.pid 2>/dev/null` 2> /dev/null || true
    99    endscript
    1010}
  • trunk/server/fedora/config/etc/munin/munin-node.conf

    r847 r1259  
    55log_level 4
    66log_file /var/log/munin/munin-node.log
    7 port 4949
    87pid_file /var/run/munin/munin-node.pid
     8
    99background 1
    1010setseid 1
    1111
    12 # Which port to bind to;
    13 host *
    1412user munin
    1513group munin
     
    2321ignore_file \.dpkg-(tmp|new|old|dist)$
    2422ignore_file \.rpm(save|new)$
     23ignore_file \.pod$
    2524
    2625# Set this if the client doesn't report the correct hostname when
    2726# telnetting to localhost, port 4949
    2827#
    29 #host_name ppc2.fedora.redhat.com
     28#host_name x86-3.fedora.phx.redhat.com
    3029
    3130# A list of addresses that are allowed to connect.  This must be a
     
    3736allow ^18\.187\.1\.128$
    3837allow ^18\.181\.0\.65$
     38
     39# Which address to bind to;
     40host *
     41# host 127.0.0.1
     42
     43# And which port
     44port 4949
     45
  • trunk/server/fedora/config/etc/munin/plugin-conf.d/munin-node

    r865 r1259  
     1# This file is used to configure how the plugins are invoked.
     2# Place in /etc/munin/plugin-conf.d/ or corresponding directory.
    13#
    2 # This file contains configuration options for the plugins. Three
    3 # options are understood by munin-node itself:
     4# PLEASE NOTE: Changes in the plugin-conf.d directory are only
     5# read at munin-node startup, so restart at any changes.
    46#
    5 #       user <user>         # Set the user to run the plugin as
    6 #       group <group>       # Set the group to run the plugin as
    7 #       command <command>   # Run <command> instead of the plugin. %c
    8 #                             expands to what would normally be run.
    9  env.<variable>      # Sets <variable> in the plugin's environment, see the
    10 #                         individual plugins to find out which variables they
    11 #                         care about.
     7#  user <user>         # Set the user to run the plugin as
     8#  group <group>       # Set the group to run the plugin as
     9#  command <command>   # Run <command> instead of the plugin. %c
     10#                        expands to what would normally be run.
     11env.<variable> <value> # Sets <variable> in the plugin's environment, see the
     12#                        individual plugins to find out which variables they
     13#                        care about.
    1214#
    1315#
  • trunk/server/fedora/config/etc/nagios/nrpe.cfg

    r982 r1259  
    33# Written by: Ethan Galstad (nagios@nagios.org)
    44#
    5 # Last Modified: 02-23-2006
     5# Last Modified: 11-23-2007
    66#
    77# NOTES:
     
    1212
    1313
     14# LOG FACILITY
     15# The syslog facility that should be used for logging purposes.
     16
     17log_facility=daemon
     18
     19
     20
    1421# PID FILE
    1522# The name of the file in which the NRPE daemon should write it's process ID
     
    3542# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
    3643
    37 #server_address=192.168.1.1
     44#server_address=127.0.0.1
    3845
    3946
     
    4552# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
    4653
    47 nrpe_user=nagios
     54nrpe_user=nrpe
    4855
    4956
     
    5562# NOTE: This option is ignored if NRPE is running under either inetd or xinetd
    5663
    57 nrpe_group=nagios
     64nrpe_group=nrpe
    5865
    5966
     
    125132
    126133command_timeout=60
     134
     135
     136
     137# CONNECTION TIMEOUT
     138# This specifies the maximum number of seconds that the NRPE daemon will
     139# wait for a connection to be established before exiting. This is sometimes
     140# seen where a network problem stops the SSL being established even though
     141# all network sessions are connected. This causes the nrpe daemons to
     142# accumulate, eating system resources. Do not set this too low.
     143
     144connection_timeout=300
    127145
    128146
     
    176194# examples only!
    177195
     196
    178197# The following examples use hardcoded command arguments...
    179198
    180199#command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10
    181200#command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20
    182 #command[check_disk1]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1
    183 #command[check_disk2]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hdb1
     201#command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1
    184202#command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z
    185203#command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200
     204
    186205
    187206# The following examples allow user-supplied arguments and can
    188207# only be used if the NRPE daemon was compiled with support for
    189208# command arguments *AND* the dont_blame_nrpe directive in this
    190 # config file is set to '1'...
     209# config file is set to '1'.  This poses a potential security risk, so
     210# make sure you read the SECURITY file before doing this.
    191211
    192212command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$
  • trunk/server/fedora/config/etc/nscd.conf

    r879 r1259  
    3535        max-threads             128
    3636        server-user             nscd
    37 #       stat-user               nocpulse
     37#       stat-user               somebody
    3838        debug-level             0
    3939#31
  • trunk/server/fedora/config/etc/printcap

    r39 r1259  
     1# This file was automatically generated by cupsd(8) from the
     2# /etc/cups/printers.conf file.  All changes to this file
     3# will be lost.
  • trunk/server/fedora/config/etc/security/limits.conf

    r1165 r1259  
    2727#        - cpu - max CPU time (MIN)
    2828#        - nproc - max number of processes
    29 #        - as - address space limit
     29#        - as - address space limit (KB)
    3030#        - maxlogins - max number of logins for this user
    3131#        - maxsyslogins - max number of logins on the system
     
    3434#        - sigpending - max number of pending signals
    3535#        - msgqueue - max memory used by POSIX message queues (bytes)
    36 #        - nice - max nice priority allowed to raise to
     36#        - nice - max nice priority allowed to raise to values: [-20, 19]
    3737#        - rtprio - max realtime priority
    3838#
     
    4141
    4242# No limits for root
    43 root            -
     43root             -
     44scripts-build    -
    4445
    4546# For everyone else,
    46 *               soft    core            0
    47 *               -       rss             524268
    48 *               -       data            1048576
    49 *               -       as              1048576
     47*                soft    core            0
     48*                -       rss             524268
     49*                -       data            1048576
     50*                -       as              1310720
     51
     52#*               soft    core            0
    5053#*               hard    rss             10000
    5154#@student        hard    nproc           20
  • trunk/server/fedora/config/etc/sudoers

    r914 r1259  
    3434
    3535## Updating the locate database
    36 Cmnd_Alias LOCATE = /usr/sbin/updatedb
     36Cmnd_Alias LOCATE = /usr/bin/updatedb
    3737
    3838## Storage
  • trunk/server/fedora/config/etc/sysconfig/openafs

    r1020 r1259  
    1010          Sulphur)
    1111            /usr/bin/fs sysname 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
     12          Leonidas)
     13            /usr/bin/fs sysname 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
    1214          *)
    1315            echo "Warning: unknown platform. AFS sysname not set."
  • trunk/server/fedora/config/etc/syslog-ng/syslog-ng.conf

    r817 r1259  
    66# See syslog-ng(8) and syslog-ng.conf(5) for more information.
    77#
    8 # 20000925 gb@sysfive.com
    9 #
    10 # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 2002
    11 #   - for Red Hat 7.3
    12 #   - totally do away with klogd
    13 #   - add message "kernel:" as is done with klogd.
    14 #
    15 # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 2002
    16 #   - use the log_prefix option as per Balazs Scheidler's email
    17 #
    18 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 2003
    19 #   - corrected filters 'f_filter2' and 'f_filter6'
    20 #     these filters were only allowing messages of one specific
    21 #     priority level; they should be allowing messages from that
    22 #     priority and upper levels.
    23 #
    24 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 2005
    25 #   - Don't sync the d_mail destination
    26 #
    27 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 2005
    28 #   - /proc/kmsg is a file not a pipe.
    29 #     (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)
    30 #
    31 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 31 May 2007
    32 #   - increase the number of unix-stream max-connections (syslog-ng 2.0.4)
    33 #
    34 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 26 July 2007
    35 #   - revert previous unix-stream max-connections change
    36 #     (the new unix-stream max-connections default in syslog-ng 2.0.5 is 256)
    37 #
    388
    399options {
    40     sync (0);
    41     time_reopen (10);
    42     log_fifo_size (1000);
    43     long_hostnames (off);
    44     use_dns (no);
    45     use_fqdn (no);
    46     create_dirs (no);
    47     keep_hostname (yes);
     10        sync (0);
     11        time_reopen (10);
     12        log_fifo_size (1000);
     13        long_hostnames (off);
     14        use_dns (no);
     15        use_fqdn (no);
     16        create_dirs (no);
     17        keep_hostname (yes);
    4818};
    4919
    5020source s_sys {
    51     file ("/proc/kmsg" log_prefix("kernel: "));
    52     unix-stream ("/dev/log");
    53     internal();
    54     # udp(ip(0.0.0.0) port(514));
    55     # tcp(ip(0.0.0.0) port(514));
     21        file ("/proc/kmsg" log_prefix("kernel: "));
     22        unix-stream ("/dev/log");
     23        internal();
     24        # udp(ip(0.0.0.0) port(514));
    5625};
    5726
     
    6332destination d_boot { file("/var/log/boot.log"); };
    6433destination d_cron { file("/var/log/cron"); };
     34#destination d_kern { file("/var/log/kern"); };
    6535destination d_mlal { usertty("*"); };
    6636
     
    6838#destination d_watch { program("/usr/local/libexec/watch-syslog.py"); };
    6939
    70 #filter f_filter1   { facility(kern); };
    71 filter f_filter2   { level(info..emerg) and
    72                      not facility(mail,authpriv,cron); };
    73 filter f_filter3   { facility(authpriv); };
    74 filter f_filter4   { facility(mail); };
    75 filter f_filter5   { level(emerg); };
    76 filter f_filter6   { facility(uucp) or
    77                      (facility(news) and level(crit..emerg)); };
    78 filter f_filter7   { facility(local7); };
    79 filter f_filter8   { facility(cron); };
     40#filter f_kernel     { facility(kern); };
     41filter f_default    { level(info..emerg) and
     42                        not (facility(mail)
     43                        or facility(authpriv)
     44                        or facility(cron)); };
     45filter f_auth       { facility(authpriv); };
     46filter f_mail       { facility(mail); };
     47filter f_emergency  { level(emerg); };
     48filter f_news       { facility(uucp) or
     49                        (facility(news)
     50                        and level(crit..emerg)); };
     51filter f_boot   { facility(local7); };
     52filter f_cron   { facility(cron); };
    8053
    8154filter f_oom { facility(kern) and (match("Out of memory:") or match("Killed process")); };
    8255
    83 #log { source(s_sys); filter(f_filter1); destination(d_cons); };
    84 log { source(s_sys); filter(f_filter2); destination(d_mesg); };
    85 log { source(s_sys); filter(f_filter3); destination(d_auth); };
    86 log { source(s_sys); filter(f_filter4); destination(d_mail); };
    87 log { source(s_sys); filter(f_filter5); destination(d_mlal); };
    88 log { source(s_sys); filter(f_filter6); destination(d_spol); };
    89 log { source(s_sys); filter(f_filter7); destination(d_boot); };
    90 log { source(s_sys); filter(f_filter8); destination(d_cron); };
     56#log { source(s_sys); filter(f_kernel); destination(d_cons); };
     57#log { source(s_sys); filter(f_kernel); destination(d_kern); };
     58log { source(s_sys); filter(f_default); destination(d_mesg); };
     59log { source(s_sys); filter(f_auth); destination(d_auth); };
     60log { source(s_sys); filter(f_mail); destination(d_mail); };
     61log { source(s_sys); filter(f_emergency); destination(d_mlal); };
     62log { source(s_sys); filter(f_news); destination(d_spol); };
     63log { source(s_sys); filter(f_boot); destination(d_boot); };
     64log { source(s_sys); filter(f_cron); destination(d_cron); };
    9165
    92 log { source(s_sys); filter(f_filter3); destination(d_zroot); };
    93 #log { source(s_sys); filter(f_filter2); destination(d_watch); };
     66log { source(s_sys); filter(f_auth); destination(d_zroot); };
     67#log { source(s_sys); filter(f_default); destination(d_watch); };
    9468log { source(s_sys); filter(f_oom); destination(d_zroot); };
    9569
    96 # vim:set ai ts=4 sw=4 sts=4 et:
     70# vim:ft=syslog-ng:ai:si:ts=4:sw=4:et:
  • trunk/server/fedora/config/etc/yum.repos.d/scripts.repo

    r866 r1259  
    11[scripts]
    22name=Scripts
    3 baseurl=http://web.mit.edu/scripts/rpm/
     3baseurl=http://web.mit.edu/scripts/rpm-fc11/
    44enabled=1
    55gpgcheck=0
  • trunk/server/fedora/specs/httpd.spec.patch

    r1035 r1259  
    1 --- httpd.spec.orig     2009-03-28 13:32:47.000000000 -0400
    2 +++ httpd.spec  2009-03-28 14:20:15.000000000 -0400
    3 @@ -6,7 +6,7 @@
     1--- httpd.spec.orig     2009-03-17 09:12:22.000000000 -0400
     2+++ httpd.spec  2009-06-03 05:05:30.000000000 -0400
     3@@ -7,7 +7,7 @@
    44 Summary: Apache HTTP Server
    55 Name: httpd
    6  Version: 2.2.10
    7 -Release: 1%{?dist}
    8 +Release: 1%{?dist}.scripts.%{scriptsversion}
     6 Version: 2.2.11
     7-Release: 8
     8+Release: 8.scripts.%{scriptsversion}
    99 URL: http://httpd.apache.org/
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
    1111 Source1: index.html
    12 @@ -54,6 +54,12 @@
     12@@ -56,6 +56,12 @@
    1313 Conflicts: pcre < 4.0
    14  Requires: httpd-tools = %{version}-%{release}
     14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
    1515 
    1616+Provides: scripts-httpd
     
    2323 The Apache HTTP Server is a powerful, efficient, and extensible
    2424 web server.
    25 @@ -100,6 +106,7 @@
     25@@ -102,6 +108,7 @@
    2626 BuildRequires: openssl-devel, distcache-devel
    2727 Requires(post): openssl >= 0.9.7f-4, /bin/cat
     
    3131 
    3232 %description -n mod_ssl
    33 @@ -127,6 +134,11 @@
     33@@ -130,6 +137,11 @@
    3434 # Patch in vendor/release string
    3535 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    4343 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    4444 if test "x${vmmn}" != "x%{mmn}"; then
    45 @@ -175,10 +187,12 @@
     45@@ -178,10 +190,12 @@
    4646         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    4747        --enable-suexec --with-suexec \
  • trunk/server/fedora/specs/krb5.spec.patch

    r1069 r1259  
    1 --- krb5.spec.old       2009-04-08 06:26:23.000000000 -0400
    2 +++ krb5.spec   2009-04-08 06:29:20.000000000 -0400
     1--- krb5.spec.orig      2009-04-07 15:17:07.000000000 -0400
     2+++ krb5.spec   2009-06-03 04:47:31.000000000 -0400
    33@@ -16,7 +16,7 @@
    44 Summary: The Kerberos network authentication system.
    55 Name: krb5
    66 Version: 1.6.3
    7 -Release: 16%{?dist}
    8 +Release: 16%{?dist}.scripts.%{scriptsversion}
     7-Release: 20%{?dist}
     8+Release: 20%{?dist}.scripts.%{scriptsversion}
    99 # Maybe we should explode from the now-available-to-everybody tarball instead?
    1010 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
    1111 Source0: krb5-%{version}.tar.gz
    12 @@ -105,6 +105,8 @@
    13  Patch82: krb5-CVE-2009-0846.patch
    14  Patch83: krb5-CVE-2009-0847.patch
     12@@ -106,6 +106,8 @@
     13 Patch83: krb5-CVE-2009-0846.patch
     14 Patch84: krb5-CVE-2009-0847.patch
    1515 
    1616+Patch1000: krb5-kuserok-scripts.patch
    1717+
    18  License: MIT, freely distributable.
     18 License: MIT
    1919 URL: http://web.mit.edu/kerberos/www/
    2020 Group: System Environment/Libraries
    21 @@ -146,6 +148,7 @@
     21@@ -147,6 +149,7 @@
    2222 Group: System Environment/Libraries
    2323 Prereq: grep, /sbin/ldconfig, sh-utils
     
    2727 %description libs
    2828 Kerberos is a network authentication system. The krb5-libs package
    29 @@ -1389,6 +1392,7 @@
    30  %patch81 -p1 -b .CVE-2009-0844-0845-2
    31  %patch82 -p1 -b .CVE-2009-0846
    32  %patch83 -p1 -b .CVE-2009-0847
     29@@ -1413,6 +1416,7 @@
     30 %patch82 -p1 -b .CVE-2009-0844-0845-2
     31 %patch83 -p1 -b .CVE-2009-0846
     32 %patch84 -p1 -b .CVE-2009-0847
    3333+%patch1000 -p1 -b .kuserok
    3434 cp src/krb524/README README.krb524
  • trunk/server/fedora/specs/nss-ldapd.spec.patch

    r1132 r1259  
    11--- nss-ldapd.spec.orig 2009-03-30 04:33:50.000000000 -0400
    2 +++ nss-ldapd.spec      2009-05-24 18:39:15.000000000 -0400
     2+++ nss-ldapd.spec      2009-06-03 03:18:49.000000000 -0400
    33@@ -19,18 +19,19 @@
    44 
     
    5555 %files
    5656 %defattr(-,root,root)
    57 @@ -104,11 +99,12 @@
     57@@ -104,7 +99,6 @@
    5858 %doc %{_mandir}/man8/*
    5959 %config(noreplace) %attr(640,root,root) /etc/nss-ldapd.conf
     
    6363 /usr/sbin/nslcd
    6464 
    65  %changelog
    66 +* Sun May 24 2009 Anders Kaseorg <andersk@mit.edu> - 0.6.8-2.1
    67 +- Update for Fedora again.
    68  * Wed Mar 25 2009 rhafer@suse.de
    69  - Updated to 0.6.8:
    70    * the nss-ldapd.conf was created world-readable which could cause
    71 @@ -129,6 +125,10 @@
     65@@ -129,6 +123,10 @@
    7266 - Adjust config file permissions upon update, to fix world-readable
    7367   /etc/nss-ldapd.conf as created by older versions
  • trunk/server/fedora/specs/openafs.spec.patch

    r1079 r1259  
    1 --- openafs.spec.orig   2009-04-08 08:17:00.000000000 -0400
    2 +++ openafs.spec        2009-04-14 04:32:44.000000000 -0400
     1--- openafs.spec.orig   2009-06-03 04:16:03.000000000 -0400
     2+++ openafs.spec        2009-06-12 02:05:57.000000000 -0400
    33@@ -8,7 +8,7 @@
    44 # for beta/rc releases make pkgrel 0.X.<tag>
     
    1010 %if %{?osvers:0}%{!?osvers:1}
    1111 %define osvers 1
    12 @@ -261,6 +261,11 @@
     12@@ -261,6 +261,14 @@
    1313 %endif
    1414 ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64
     
    1818+Patch1002: openafs-pts-encrypt.patch
    1919+Patch1003: openafs-localcsdb.patch
     20+Patch1004: openafs-delta-dprintf-rename-20090427.patch
     21+Patch1005: openafs-numsysnames.patch
     22+Patch1006: openafs-delta-linux26-defer-cred-changing-20090511.patch
    2023+
    2124 #    http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/...
    2225 Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2
    2326 Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2
    24 @@ -343,6 +348,7 @@
     27@@ -343,6 +351,7 @@
    2528 %if %{build_userspace}
    2629 
     
    3033 
    3134 %if %{fedorakmod}
    32 @@ -403,6 +409,7 @@
     35@@ -403,6 +412,7 @@
    3336 
    3437 %if %{build_authlibs}
     
    3841 Group: Networking/Filesystems
    3942 
    40 @@ -419,6 +426,7 @@
     43@@ -419,6 +429,7 @@
    4144 %endif
    4245 
     
    4649 Requires: openafs-authlibs = %{PACKAGE_VERSION}
    4750 %endif
    48 @@ -437,6 +445,7 @@
     51@@ -437,6 +448,7 @@
    4952 libraries.
    5053 
     
    5457 Group: Development/Filesystems
    5558 
    56 @@ -465,6 +474,7 @@
     59@@ -465,6 +477,7 @@
    5760 administrators.
    5861 
     
    6265 Group: Networking/Filesystems
    6366 Provides: openafs-kernel = %{PACKAGE_VERSION}
    64 @@ -514,6 +524,7 @@
     67@@ -514,6 +527,7 @@
    6568 
    6669 %if %{krb5support}
     
    7073 Requires: openafs = %{PACKAGE_VERSION}
    7174 Group: Networking/Filesystems
    72 @@ -540,7 +551,7 @@
     75@@ -540,7 +554,7 @@
    7376 %if %{build_modules}
    7477 
     
    7982 %else
    8083 
    81 @@ -699,6 +710,10 @@
     84@@ -699,6 +713,13 @@
    8285 
    8386 # Patch openafs to build a kernel module named "openafs" instead of "libafs"
     
    8790+%patch1002 -p1 -b .pts-encrypt
    8891+%patch1003 -p1 -b .localcsdb
     92+%patch1004 -p1 -b .dprintf
     93+%patch1005 -p1 -b .numsysnames
     94+%patch1006 -p1 -b .defercredchanging
    8995 
    9096 ##############################################################################
  • trunk/server/fedora/specs/openssh.spec.patch

    r926 r1259  
    1 --- openssh.spec.orig   2009-01-01 21:06:01.000000000 -0500
    2 +++ openssh.spec        2009-01-01 22:52:02.000000000 -0500
     1--- openssh.spec-pristine       2009-07-01 18:55:04.579034598 -0400
     2+++ openssh.spec        2009-07-01 18:49:33.068037580 -0400
    33@@ -63,7 +63,7 @@
    4  Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
     4 Summary: An open source implementation of SSH protocol versions 1 and 2
    55 Name: openssh
    6  Version: 5.1p1
    7 -Release: 3%{?dist}%{?rescue_rel}
    8 +Release: 3%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}
     6 Version: 5.2p1
     7-Release: 2%{?dist}%{?rescue_rel}
     8+Release: 2%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}
    99 URL: http://www.openssh.com/portable.html
    1010 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
    1111 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
    12 @@ -74,6 +74,7 @@
     12@@ -74,6 +74,8 @@
    1313 Source1: openssh-nukeacss.sh
    1414 Source2: sshd.pam
    1515 Source3: sshd.init
    1616+Patch1000: openssh-5.0p1-multihomed.patch
    17  Patch0: openssh-5.1p1-redhat.patch
     17+Patch1001: openssh-4.7p1-gssapi-name-in-env.patch
     18 Patch0: openssh-5.2p1-redhat.patch
    1819 Patch2: openssh-5.1p1-skip-initial.patch
    1920 Patch3: openssh-3.8.1p1-krb5-config.patch
    20 @@ -159,6 +160,7 @@
     21@@ -160,6 +162,7 @@
    2122 Requires(post): chkconfig >= 0.9, /sbin/service
    2223 Requires(pre): /usr/sbin/useradd
     
    2627 %package askpass
    2728 Summary: A passphrase dialog for OpenSSH and X
    28 @@ -232,6 +234,8 @@
    29  %patch63 -p1 -b .bannerlen
    30  %patch64 -p1 -b .compat-sessions
     29@@ -229,6 +232,9 @@
     30 %patch62 -p1 -b .manpage
     31 %patch65 -p1 -b .fips
    3132 
    3233+%patch1000 -p1 -b .multihomed
     34+%patch1001 -p1 -b .gssapi-env
    3335+
    3436 autoreconf
  • trunk/server/fedora/specs/php.spec.patch

    r1091 r1259  
    1 --- php.spec.orig       2009-04-23 11:58:08.000000000 -0400
    2 +++ php.spec    2009-04-23 12:00:32.000000000 -0400
     1--- php.spec.orig       2009-04-15 09:24:35.000000000 -0400
     2+++ php.spec    2009-06-03 05:40:37.000000000 -0400
    33@@ -7,7 +7,7 @@
    44 Summary: PHP scripting language for creating dynamic web sites
     
    1010 Group: Development/Languages
    1111 URL: http://www.php.net/
    12 @@ -38,6 +38,10 @@
     12@@ -39,6 +39,10 @@
    1313 Patch60: php-5.2.7-tests-dashn.patch
    1414 Patch61: php-5.0.4-tests-wddx.patch
     
    2121 
    2222 BuildRequires: bzip2-devel, curl-devel >= 7.9, db4-devel, gmp-devel
    23 @@ -374,6 +378,8 @@
     23@@ -404,6 +408,8 @@
    2424 %patch60 -p1 -b .tests-dashn
    2525 %patch61 -p1 -b .tests-wddx
  • trunk/server/fedora/specs/scripts-base.spec

    r1236 r1259  
    99Source: %{name}.tar.gz
    1010BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root
    11 Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, scripts-pysvn, scripts-php, php_scripts
     11Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, scripts-php, php_scripts
    1212%define debug_package %{nil}
    1313
Note: See TracChangeset for help on using the changeset viewer.