Changeset 1259
- Timestamp:
- Jul 9, 2009, 3:48:21 PM (15 years ago)
- Location:
- trunk
- Files:
-
- 3 deleted
- 25 edited
- 9 copied
Legend:
- Unmodified
- Added
- Removed
-
trunk
-
Property
svn:mergeinfo
set to
False
/branches/fc11-dev merged eligible
-
Property
svn:mergeinfo
set to
False
-
trunk/server/common/patches/httpd-2.2.x-sni.patch
r1115 r1259 971 971 Index: httpd-2.2.11/docs/manual/mod/mod_ssl.html.en 972 972 =================================================================== 973 --- httpd-2.2.11/docs/manual/mod/mod_ssl.html.en (revision 768863)974 +++ httpd-2.2.11/docs/manual/mod/mod_ssl.html.en (working copy)973 --- httpd-2.2.11/docs/manual/mod/mod_ssl.html.en 2008-08-20 19:02:48.000000000 -0400 974 +++ httpd-2.2.11/docs/manual/mod/mod_ssl.html.en 2009-06-03 05:33:23.000000000 -0400 975 975 @@ -75,6 +75,7 @@ to provide the cryptography engine.</p> 976 976 <li><img alt="" src="../images/down.gif" /> <a href="#sslrequiressl">SSLRequireSSL</a></li> … … 1026 1026 +<p class="apache">Copyright 2009 The Apache Software Foundation.<br />Licensed under the <a href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a>.</p> 1027 1027 <p class="menu"><a href="../mod/">Modules</a> | <a href="../mod/directives.html">Directives</a> | <a href="../faq/">FAQ</a> | <a href="../glossary.html">Glossary</a> | <a href="../sitemap.html">Sitemap</a></p></div> 1028 </body></html> 1028 -</body></html> 1029 \ No newline at end of file 1030 +</body></html> -
trunk/server/common/patches/httpd-suexec-scripts.patch
r1169 r1259 45 45 APACHE_HELP_STRING(--with-suexec-docroot,SuExec root directory),[ 46 46 AC_DEFINE_UNQUOTED(AP_DOC_ROOT, "$withval", [SuExec root directory] ) ] ) 47 --- httpd-2.2. 2/support/suexec.c.old 2006-04-21 21:53:06.000000000 -040048 +++ httpd-2.2. 2/support/suexec.c 2007-05-22 10:32:04.000000000 -040047 --- httpd-2.2.11/support/suexec.c.old 2008-11-30 10:47:31.000000000 -0500 48 +++ httpd-2.2.11/support/suexec.c 2009-06-08 09:02:17.000000000 -0400 49 49 @@ -30,6 +30,9 @@ 50 50 * … … 57 57 #include "ap_config.h" 58 58 #include "suexec.h" 59 @@ -46,6 +4 8,7 @@59 @@ -46,6 +49,7 @@ 60 60 #include <stdio.h> 61 61 #include <stdarg.h> … … 65 65 #ifdef HAVE_PWD_H 66 66 #include <pwd.h> 67 @@ -95,6 +9 8,7 @@67 @@ -95,6 +99,7 @@ 68 68 { 69 69 /* variable name starts with */ … … 146 146 clean_env(); 147 147 + setenv("JAVA_TOOL_OPTIONS", "-Xmx128M", 1); /* scripts.mit.edu local hack */ 148 148 149 149 prog = argv[0]; 150 150 /* 151 @@ -350,6 +4 06,20 @@151 @@ -350,6 +414,20 @@ 152 152 #endif /*_OSD_POSIX*/ 153 153 … … 170 170 * or attempts to back up out of the current directory, 171 171 * to protect against attacks. If any are 172 @@ -371,6 +44 1,7 @@172 @@ -371,6 +449,7 @@ 173 173 userdir = 1; 174 174 } … … 178 178 * Error out if the target username is invalid. 179 179 */ 180 @@ -45 0,7 +521,7 @@180 @@ -452,7 +531,7 @@ 181 181 * Error out if attempt is made to execute as root or as 182 182 * a UID less than AP_UID_MIN. Tsk tsk. … … 187 187 exit(107); 188 188 } 189 @@ -48 2,6 +553,21 @@189 @@ -484,6 +563,21 @@ 190 190 log_err("failed to setuid (%ld: %s)\n", uid, cmd); 191 191 exit(110); … … 209 209 /* 210 210 * Get the current working directory, as well as the proper 211 @@ -50 4,6 +588,21 @@211 @@ -506,6 +600,21 @@ 212 212 log_err("cannot get docroot information (%s)\n", target_homedir); 213 213 exit(112); … … 231 231 else { 232 232 if (((chdir(AP_DOC_ROOT)) != 0) || 233 @@ -53 0,15 +629,17 @@233 @@ -532,15 +641,17 @@ 234 234 /* 235 235 * Error out if cwd is writable by others. … … 250 250 exit(117); 251 251 } 252 @@ -54 6,10 +647,12 @@252 @@ -548,10 +659,12 @@ 253 253 /* 254 254 * Error out if the program is writable by others. … … 263 263 /* 264 264 * Error out if the file is setuid or setgid. 265 @@ -56 3,6 +666,7 @@265 @@ -565,6 +678,7 @@ 266 266 * Error out if the target name/group is different from 267 267 * the name/group of the cwd or the program. … … 271 271 (gid != dir_info.st_gid) || 272 272 (uid != prg_info.st_uid) || 273 @@ -57 4,12 +678,14@@273 @@ -576,16 +690,33 @@ 274 274 prg_info.st_uid, prg_info.st_gid); 275 275 exit(120); … … 287 287 exit(121); 288 288 } 289 @@ -606,6 +711,21 @@290 exit(122);291 }292 289 293 290 + if (is_static_extension(cmd)) { 294 291 + argv[2] = STATIC_CAT_PATH; 295 292 + execv(STATIC_CAT_PATH, &argv[2]); 296 + 297 + 293 + log_err("(%d)%s: static_cat exec failed (%s)\n", errno, strerror(errno), argv[2]); 294 + exit(255); 298 295 + } 299 296 + if (is_php_extension(cmd)) { … … 302 299 + argv[2] = "-f"; 303 300 + execv(PHP_PATH, &argv[1]); 304 + 305 + 306 + } 307 + 308 /*309 * Execute the command, replacing our image with its own.310 * /301 + log_err("(%d)%s: php exec failed (%s)\n", errno, strerror(errno), argv[2]); 302 + exit(255); 303 + } 304 + 305 #ifdef AP_SUEXEC_UMASK 306 /* 307 * umask() uses inverse logic; bits are CLEAR for allowed access. -
trunk/server/common/patches/openafs-scripts.patch
r1134 r1259 127 127 short multiPage; /* count of multi-page getpages in progress */ 128 128 #endif 129 + boolapache_access; /* whether or not Apache has access to a file */129 + int apache_access; /* whether or not Apache has access to a file */ 130 130 }; 131 131 -
trunk/server/doc/install-howto.sh
r1237 r1259 8 8 9 9 boot=${1:$(cat /scripts-boot-count)} 10 11 # XXX: let 'branch' be the current svn branch you are on 10 12 11 13 doreboot() { … … 53 55 54 56 cd /srv 55 svn co svn://$source_server/ trunkrepository57 svn co svn://$source_server/$branch repository 56 58 57 59 sed -i 's/^(# *)*store-passwords.*/store-passwords = no/' /root/.subversion/config … … 67 69 # Run "make install-deps" to install various prereqs. Nonstandard 68 70 # deps are in /mit/scripts/rpm. 71 YUM install -y make 69 72 make install-deps 70 73 … … 74 77 # Check out the scripts /etc configuration 75 78 cd /root 76 svn co svn://scripts.mit.edu/trunk/server/fedora/config/etc etc 79 svn co svn://scripts.mit.edu/$branch/server/fedora/config/etc etc 80 # backslash to make us not use the alias 77 81 \cp -a etc / 78 82 83 # NOTE: You will have just lost DNS resolution and the abilit 84 # to do password SSH in 85 86 service named start 87 chkconfig named on 88 89 # XXX: This sometimes doesn't exist, but it really sucks if it 90 # does exist. So check for it. 79 91 # yum remove nss_ldap, because nss-ldapd conflicts with it 92 93 # In the case of the Kerberos libraries, you'll be told that 94 # there are conflicting files with the 64-bit versions of the packages, 95 # which we scriptsify. You'll have to use --force to install those 96 # rpms despite the conflicts. After doing that, you may want to 97 # install the corresponding 64-bit scriptsified versions again, just 98 # to be safe in case the 32-bit versions overwrite files that differ. 99 # When you try this, it will complain that you already have the same 100 # version installed; again, you'll need to use --force to do it anyway. 101 102 # We need yumdownloader to force some RPMs 103 # XXX: This might be wrong. Sanity check what packages ou 104 # have when done 105 YUM install -y yum-utils 106 yumdownloader krb5-libs 107 # XXX: These version numbers are hardcoded, need some cli-fu to generalize 108 rpm -i krb5-libs-*.i586.rpm 109 rpm -U --force krb5-libs-*.scripts.1138.x86_64.rpm 80 110 81 111 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base 82 112 YUM install -y scripts-base 83 113 84 # Rebuild mit-zephyr on a 32-bit machine, like the one at Joe's home. 114 # Install mit-zephyr 115 YUM install -y mit-zephyr 85 116 86 117 # Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up 87 118 # anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way 88 # that makes it hang forever. 89 90 # Install and configure bind 91 # - env NSS_NONLOCAL_IGNORE=1 yum install bind 92 # - chkconfig named on 93 # - service named start 119 # that makes it hang forever. (This is why we're using YUM, not yum) 94 120 95 121 # Reload the iptables config to take down the restrictive firewall 96 #service iptables restart122 service iptables restart 97 123 98 124 # Copy over root's dotfiles from one of the other machines. 125 # Perhaps a useful change is to remove the default aliases 126 # On 2009-07-01, the dotfiles to transfer where: 127 # .bashrc .ldapvirc .screenrc .ssh (<- directory) .vimrc 128 # Trying to scp from server to server won't work, as scp 129 # will attempt to negotiate a server-to-server connection. 130 # Instead, scp to your trusted machine as a temporary file, 131 # and then push to the other server 99 132 100 133 # Replace rsyslog with syslog-ng by doing: 101 # # rpm -e --nodeps rsyslog 102 # # yum install syslog-ng 103 104 # Install various dependencies of the scripts system, including syslog-ng, 105 # glibc-devel.i586, python-twisted-core, mod_fcgid, nrpe, nagios-plugins-all. 134 rpm -e --nodeps rsyslog 135 YUM install -y syslog-ng 136 chkconfig syslog-ng on 137 138 # Install various dependencies of the scripts system, including 139 # glibc-devel.i586 (ezyang: already installed for me), 140 # python-twisted-core (ditto), mod_fcgid, nrpe, nagios-plugins-all. 141 YUM install -y mod_fcgid 142 YUM install -y nrpe 143 YUM install -y nagios-plugins-all 106 144 107 145 # Disable NetworkManager with chkconfig NetworkManager off. Configure … … 109 147 # traffic over the back end. Make sure that chkconfig reports "network" on, so 110 148 # that the network will still be configured at next boot. 149 # ezyang: For me, NetworkManager was not installed at this point, and 150 # we had already done the basic config for networking front end and 151 # back end (because I wanted ssh access, and not just conserver access) 111 152 112 153 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing … … 114 155 # /afs:/usr/vice/cache:10000000 115 156 # Also fix ThisCell to contain athena.mit.edu in both directories 157 echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo 158 # ezyang: ThisCell on b-k and c-w don't have anything special 159 # written here 116 160 117 161 # Figure out why Zephyr isn't working. Most recently, it was because there 118 162 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one 163 YUM erase -y mit-zephyr 164 # mit-zephyr has a spurious dependency on mit-krb-config 165 yumdownloader mit-zephyr.i386 166 # if deps change, this breaks 167 YUM install -y libXaw.i586 libXext.i586 libXmu.i586 ncurses-libs.i586 readline.i58 168 rpm -i --nodeps mit-zephyr-2.1-6-linux.i386.rpm 119 169 120 170 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs … … 125 175 # install the rest of the things it really does depend on. This will 126 176 # include a bunch of 32-bit rpms; go ahead and install the .i586 versions 127 # of them. In the case of the Kerberos libraries, you'll be told that 128 # there are conflicting files with the 64-bit versions of the packages, 129 # which we scriptsify. You'll have to use --force to install those 130 # rpms despite the conflicts. After doing that, you may want to 131 # install the corresponding 64-bit scriptsified versions again, just 132 # to be safe in case the 32-bit versions overwrite files that differ. 133 # When you try this, it will complain that you already have the same 134 # version installed; again, you'll need to use --force to do it anyway. 135 # Yuck. 177 # of them. 178 YUM install -y athena-base 179 YUM install -y athena-lprng 180 yumdownloader athena-lprng-misc 181 # ezyang: I couldn't find any deps for this that existed in the repos 182 # You might get a "find: `/usr/athena/info': No such file or directory" 183 # error; this is fine 184 rpm -i --nodeps athena-lprng-misc-9.4-0.i386.rpm 136 185 137 186 # Install the full list of RPMs that users expect to be on the 138 # scripts.mit.edu servers. See server/doc/rpm and 139 # server/doc/rpm_snapshot. (Note that this is only a snapshot, and not 140 # all packages may in fact be in use.) 187 # scripts.mit.edu servers. 188 189 # ezyang: Running the below I got file conflicts. To fix (since I had 190 # botched steps above), I manually compared package lists and installed 191 # them. If you've done the krb5 setup originally correctly, then 192 # write down what you had to do here. 193 yumdownloader krb5-devel 194 rpm -i --force krb5-devel-*.i586.rpm 195 rpm -U --force krb5-devel-*.scripts.1138.x86_64.rpm 196 yumdownloader krb5-server 197 rpm -i --force krb5-server-*.scripts.1138.x86_64.rpm 198 199 200 # on another server, run: 201 rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt 202 # arrange for packages.txt to be passed to the server, then run: 203 # notice that yum is not capitalized 204 # Also notice skip-broken 205 cat packages.txt | NSS_NONLOCAL_IGNORE=1 xargs yum install -y --skip-broken 141 206 142 207 # Check which packages are installed on your new server that are not … … 144 209 # on the new machine. Otherwise, aside from bloat, you may end up 145 210 # with undesirable things for security, like sendmail. 211 rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > newpackages.txt 212 diff -u packages.txt newpackages.txt | less 213 # if all went well, you'll probably see multiple kernel versions 214 # as the only diff 215 # ezyang: I got exim installed as another package 146 216 147 217 # Check out the scripts /usr/vice/etc configuration … … 164 234 # Then on the server you're installing, 165 235 # cat perl-packages.txt | perl -MCPAN -e shell 236 export PERL_MM_USE_DEFAULT=1 237 # XXX: Some interactive gobbeldygook 238 cpan 239 o conf prerequisites_policy follow 240 o conf commit 241 # on a reference server 242 perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > perl-packages.txt 243 # arrange for perl-packages.txt to be transferred to server 244 cat perl-packages.txt | perl -MCPAN -e shell 166 245 167 246 # Install the Python eggs and Ruby gems and PEAR/PECL doohickeys that are on 168 247 # the other scripts.mit.edu servers and do not have RPMs. 248 # The general mode of operation will be to run the "list" command 249 # on both servers, see what the differences are, check if those diffs 250 # are packaged up as rpms, and install them (rpm if possible, native otherwise) 169 251 # - Look at /usr/lib/python2.6/site-packages and 170 252 # /usr/lib64/python2.6/site-packages for Python eggs and modules. 253 # There will be a lot of gunk that was installed from packages; 254 # easy-install.pth will tell you what was easy_installed. 171 255 # First use 'yum search' to see if the relevant package is now available 172 256 # as an RPM, and install that if it is. If not, then use easy_install. 173 257 # - Look at `gem list` for Ruby gems. 174 258 # Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'. 259 # ezyang: rspec-rails depends on rspec, and will override the Yum 260 # package, so... don't use that RPM yet 175 261 # - Look at `pear list` for Pear fruits (or whatever they're called). 176 262 # Yet again, 'yum search' for RPMs before resorting to 'pear install'. Note 177 263 # that for things in the beta repo, you'll need 'pear install package-beta'. 264 # (you might get complaints about the php_scripts module; ignore them) 178 265 # - Look at `pecl list` for PECL things. 'yum search', and if you must, 179 266 # 'pecl install' needed items. 180 181 # echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 267 # Automating this... will require a lot of batonning between 268 # the servers. Probably best way to do it is to write an actual 269 # script. 270 271 # Setup some Python config 272 echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth 182 273 183 274 # Install the credentials. There are a lot of things to remember here: 275 # o This will be different if you're setting up our build/update server. 184 276 # o You probably installed the machine keytab long ago 277 ls -l /etc/krb5.keytab 185 278 # o Use ktutil to combine the host/scripts.mit.edu and 186 279 # host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in 187 280 # the keytab. Do not use 'k5srvutil change' on the combined keytab 188 # or you'll break the other servers. 281 # or you'll break the other servers. (real servers only) 189 282 # o The daemon.scripts keytab 190 # o The SSL cert private key 191 # o The LDAP password for the signup process 192 # o The SQL password for the signup process 193 # o The LDAP keytab for this server, which will be used later 194 # o Replace the ssh host keys with the ones common to all scripts servers 195 # o You'll install an LDAP certificate signed by the scripts CA later 283 ls -l /etc/daemon.keytab 284 # o The SSL cert private key (real servers only) 285 # o The LDAP password for the signup process (real servers only) 286 # o The SQL password for the signup process (real servers only) 287 # o The LDAP keytab for this server, which will be used later (real servers only) 288 # o Replace the ssh host keys with the ones common to all scripts servers (real servers only) 289 # o You'll install an LDAP certificate signed by the scripts CA later (real servers only) 196 290 # o Make sure root's .k5login is correct 197 # o Make sure logview's .k5login is correct 291 cat /root/.k5login 292 # o Make sure logview's .k5login is correct (real servers only) 198 293 199 294 # If you are setting up a test server, pay attention to 200 295 # /etc/sysconfig/network-scripts and do not bind scripts' IP address. 201 # You will also need to modify /etc/ldap.conf, /etc/nss-ldapd.conf, 202 # /etc/openldap/ldap.conf, and /etc/httpd/conf.d/vhost_ldap.conf to 203 # use scripts.mit.edu instead of localhost. 296 # You will also need to modify: 297 # o /etc/ldap.conf 298 # add: host scripts.mit.edu 299 # o /etc/nss-ldapd.conf 300 # replace: uri ***** 301 # with: uri ldap://scripts.mit.edu/ 302 # o /etc/openldap/ldap.conf 303 # add: URI ldap://scripts.mit.edu/ 304 # BASE dc=scripts,dc=mit,dc=edu 305 # o /etc/httpd/conf.d/vhost_ldap.conf 306 # replace: VhostLDAPUrl **** 307 # with: VhostLDAPUrl "ldap://scripts.mit.edu/ou=VirtualHosts,dc=scripts,dc=mit,dc=edu" 308 # to use scripts.mit.edu instead of localhost. 309 # XXX: someone should write sed scripts to do this 310 311 # If you are setting up a test server, afsagent's cronjob will attempt 312 # to be renewing with the wrong credentials (daemon.scripts). Change this: 313 vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu 204 314 205 315 # Install fedora-ds-base and set up replication (see ./HOWTO-SETUP-LDAP … … 209 319 # boot. Run chkconfig to make sure the set of services to be run is 210 320 # correct. 211 212 # cd /etc/postfix; postmap virtual 213 # Otherwise postfix will appear to work, but actually not deliver mail 321 chkconfig dirsrv on 322 chkconfig nslcd on 323 chkconfig nscd on 324 chkconfig postfix on 325 chkconfig httpd on 326 327 # Postfix doesn't actually deliver mail; fix this 328 cd /etc/postfix 329 postmap virtual 214 330 215 331 # Run fmtutil-sys --all, which does something that makes TeX work. 332 fmtutil-sys --all 333 # ezyang: I got errors on xetex 216 334 217 335 # Ensure that PHP isn't broken: 218 # # mkdir /tmp/sessions 219 # # chmod 01777 /tmp/sessions 336 mkdir /tmp/sessions 337 chmod 01777 /tmp/sessions 338 339 # Ensure that fcgid isn't broken: 340 chmod 755 /var/run/httpd 341 # ezyang: The below didn't exist for me 342 chmod 755 /var/run/httpd/mod_fcgid 343 chmod 755 /var/run/mod_fcgid 344 345 # Fix etc by making sure none of our config files got overwritten 346 cd /etc 347 svn status | grep M 348 # ezyang: I had to revert krb5.conf, nsswitch.conf and sysconfig/openafs 220 349 221 350 # Reboot the machine to restore a consistent state, in case you 222 351 # changed anything. 352 # ezyang: When I rebooted, the following things happened: 353 # o Starting kdump failed (this is ok) 354 # o postfix mailbombed us 355 # o firstboot configuration screen popped up (ignored; manually will do 356 # chkconfig after the fact) 223 357 224 358 # (Optional) Beat your head against a wall. … … 226 360 # Possibly perform other steps that I've neglected to put in this 227 361 # document. 362 # o In the first install of not-backward, ThisCell got clobbered, resulting 363 # in trying to get tickets from openafs.org. Not sure when it got 364 # clobbered -- ezyang 365 # o For some reason, syslog-ng wasn't turning on automatically, so we weren't 366 # getting spew 367 368 # Some info about changing hostnames: it appears to be in: 369 # o /etc/sysconfig/network 370 # o your lvm thingies; probably don't need to edit -
trunk/server/fedora/Makefile
r1235 r1259 19 19 # See /COPYRIGHT in this repository for more information. 20 20 21 upstream_yum = krb5 httpd openssh p ysvn php21 upstream_yum = krb5 httpd openssh php 22 22 upstream = openafs $(upstream_yum) 23 oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i 386 whoisd mit-zephyr nss-ldapd nss-ldapd.i386 athrun php_scripts scripts-base23 oursrc = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr nss-ldapd nss-ldapd.i586 athrun php_scripts scripts-base 24 24 allsrc = $(upstream) $(oursrc) 25 25 oursrcdir = ${PWD}/../common/oursrc … … 127 127 $(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_')' 128 128 129 $(filter %.i 386,$(oursrc)): %.i386: setup129 $(filter %.i586,$(oursrc)): %.i586: setup 130 130 PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \ 131 setarch i 386 rpmbuild $(rpmbuild_args) --target=i386 --define="_lib lib" -bb ${tmp_specs}/$**.spec131 setarch i586 rpmbuild $(rpmbuild_args) --target=i586 --define="_lib lib" -bb ${tmp_specs}/$**.spec 132 132 133 $(filter-out %.i 386,$(oursrc)): %: setup133 $(filter-out %.i586,$(oursrc)): %: setup 134 134 PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \ 135 135 rpmbuild $(rpmbuild_args) -bb ${tmp_specs}/$**.spec … … 179 179 180 180 # The following packages are needed for our packages 181 basic-deps = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i 386 glibc-devel libtool libgcc.i386182 oursrc-deps = hesinfo openldap-clients php-devel181 basic-deps = kernel-devel rpm-build rpmdevtools gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586 182 oursrc-deps = hesinfo openldap-clients openldap-devel.i586 php-devel 183 183 httpdmods-deps = httpd-devel 184 184 httpd-deps = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel 185 krb5-deps = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex 185 krb5-deps = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex 186 186 openafs-deps = pam-devel automake 187 mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i386 hesiod.i386 libXt.i386 #compat-readline43 188 openssh-deps = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth gobject-devel pango-devel cairo-devel libedit-devel nss-devel 187 mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i586 hesiod.i586 libXt.i586 #compat-readline43 188 openssh-deps = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth pango-devel cairo-devel libedit-devel nss-devel fipscheck-devel 189 php-deps = bzip2-devel curl-devel gmp-devel libstdc++-devel sqlite-devel gcc-c++ libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel libXpm-devel libjpeg-devel t1lib-devel libmcrypt-devel mhash-devel libtidy-devel freetds-devel aspell-devel recode-devel 189 190 install-deps: 190 yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) 191 yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) $(php-deps) 191 192 rpm -ivh ftp://ftp.muug.mb.ca/mirror/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm 192 193 # rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm -
trunk/server/fedora/config/etc/httpd/conf/httpd.conf
r1164 r1259 260 260 261 261 RLimitCPU 300 300 262 RLimitMEM 536870912 536870912262 RLimitMEM 1342177280 1342177280 263 263 RLimitNPROC 4096 4096 264 264 -
trunk/server/fedora/config/etc/logrotate.d/httpd
r180 r1259 6 6 sharedscripts 7 7 postrotate 8 /bin/kill -HUP `cat /var/run/httpd .pid 2>/dev/null` 2> /dev/null || true8 /bin/kill -HUP `cat /var/run/httpd/httpd.pid 2>/dev/null` 2> /dev/null || true 9 9 endscript 10 10 } -
trunk/server/fedora/config/etc/munin/munin-node.conf
r847 r1259 5 5 log_level 4 6 6 log_file /var/log/munin/munin-node.log 7 port 49498 7 pid_file /var/run/munin/munin-node.pid 8 9 9 background 1 10 10 setseid 1 11 11 12 # Which port to bind to;13 host *14 12 user munin 15 13 group munin … … 23 21 ignore_file \.dpkg-(tmp|new|old|dist)$ 24 22 ignore_file \.rpm(save|new)$ 23 ignore_file \.pod$ 25 24 26 25 # Set this if the client doesn't report the correct hostname when 27 26 # telnetting to localhost, port 4949 28 27 # 29 #host_name ppc2.fedora.redhat.com28 #host_name x86-3.fedora.phx.redhat.com 30 29 31 30 # A list of addresses that are allowed to connect. This must be a … … 37 36 allow ^18\.187\.1\.128$ 38 37 allow ^18\.181\.0\.65$ 38 39 # Which address to bind to; 40 host * 41 # host 127.0.0.1 42 43 # And which port 44 port 4949 45 -
trunk/server/fedora/config/etc/munin/plugin-conf.d/munin-node
r865 r1259 1 # This file is used to configure how the plugins are invoked. 2 # Place in /etc/munin/plugin-conf.d/ or corresponding directory. 1 3 # 2 # This file contains configuration options for the plugins. Three3 # options are understood by munin-node itself:4 # PLEASE NOTE: Changes in the plugin-conf.d directory are only 5 # read at munin-node startup, so restart at any changes. 4 6 # 5 # 6 # 7 # 8 # 9 # env.<variable># Sets <variable> in the plugin's environment, see the10 # 11 # 7 # user <user> # Set the user to run the plugin as 8 # group <group> # Set the group to run the plugin as 9 # command <command> # Run <command> instead of the plugin. %c 10 # expands to what would normally be run. 11 # env.<variable> <value> # Sets <variable> in the plugin's environment, see the 12 # individual plugins to find out which variables they 13 # care about. 12 14 # 13 15 # -
trunk/server/fedora/config/etc/nagios/nrpe.cfg
r982 r1259 3 3 # Written by: Ethan Galstad (nagios@nagios.org) 4 4 # 5 # Last Modified: 02-23-20065 # Last Modified: 11-23-2007 6 6 # 7 7 # NOTES: … … 12 12 13 13 14 # LOG FACILITY 15 # The syslog facility that should be used for logging purposes. 16 17 log_facility=daemon 18 19 20 14 21 # PID FILE 15 22 # The name of the file in which the NRPE daemon should write it's process ID … … 35 42 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd 36 43 37 #server_address=1 92.168.1.144 #server_address=127.0.0.1 38 45 39 46 … … 45 52 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd 46 53 47 nrpe_user=n agios54 nrpe_user=nrpe 48 55 49 56 … … 55 62 # NOTE: This option is ignored if NRPE is running under either inetd or xinetd 56 63 57 nrpe_group=n agios64 nrpe_group=nrpe 58 65 59 66 … … 125 132 126 133 command_timeout=60 134 135 136 137 # CONNECTION TIMEOUT 138 # This specifies the maximum number of seconds that the NRPE daemon will 139 # wait for a connection to be established before exiting. This is sometimes 140 # seen where a network problem stops the SSL being established even though 141 # all network sessions are connected. This causes the nrpe daemons to 142 # accumulate, eating system resources. Do not set this too low. 143 144 connection_timeout=300 127 145 128 146 … … 176 194 # examples only! 177 195 196 178 197 # The following examples use hardcoded command arguments... 179 198 180 199 #command[check_users]=/usr/lib64/nagios/plugins/check_users -w 5 -c 10 181 200 #command[check_load]=/usr/lib64/nagios/plugins/check_load -w 15,10,5 -c 30,25,20 182 #command[check_disk1]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hda1 183 #command[check_disk2]=/usr/lib64/nagios/plugins/check_disk -w 20 -c 10 -p /dev/hdb1 201 #command[check_hda1]=/usr/lib64/nagios/plugins/check_disk -w 20% -c 10% -p /dev/hda1 184 202 #command[check_zombie_procs]=/usr/lib64/nagios/plugins/check_procs -w 5 -c 10 -s Z 185 203 #command[check_total_procs]=/usr/lib64/nagios/plugins/check_procs -w 150 -c 200 204 186 205 187 206 # The following examples allow user-supplied arguments and can 188 207 # only be used if the NRPE daemon was compiled with support for 189 208 # command arguments *AND* the dont_blame_nrpe directive in this 190 # config file is set to '1'... 209 # config file is set to '1'. This poses a potential security risk, so 210 # make sure you read the SECURITY file before doing this. 191 211 192 212 command[check_users]=/usr/lib64/nagios/plugins/check_users -w $ARG1$ -c $ARG2$ -
trunk/server/fedora/config/etc/nscd.conf
r879 r1259 35 35 max-threads 128 36 36 server-user nscd 37 # stat-user nocpulse37 # stat-user somebody 38 38 debug-level 0 39 39 #31 -
trunk/server/fedora/config/etc/printcap
r39 r1259 1 # This file was automatically generated by cupsd(8) from the 2 # /etc/cups/printers.conf file. All changes to this file 3 # will be lost. -
trunk/server/fedora/config/etc/security/limits.conf
r1165 r1259 27 27 # - cpu - max CPU time (MIN) 28 28 # - nproc - max number of processes 29 # - as - address space limit 29 # - as - address space limit (KB) 30 30 # - maxlogins - max number of logins for this user 31 31 # - maxsyslogins - max number of logins on the system … … 34 34 # - sigpending - max number of pending signals 35 35 # - msgqueue - max memory used by POSIX message queues (bytes) 36 # - nice - max nice priority allowed to raise to 36 # - nice - max nice priority allowed to raise to values: [-20, 19] 37 37 # - rtprio - max realtime priority 38 38 # … … 41 41 42 42 # No limits for root 43 root - 43 root - 44 scripts-build - 44 45 45 46 # For everyone else, 46 * soft core 0 47 * - rss 524268 48 * - data 1048576 49 * - as 1048576 47 * soft core 0 48 * - rss 524268 49 * - data 1048576 50 * - as 1310720 51 52 #* soft core 0 50 53 #* hard rss 10000 51 54 #@student hard nproc 20 -
trunk/server/fedora/config/etc/sudoers
r914 r1259 34 34 35 35 ## Updating the locate database 36 Cmnd_Alias LOCATE = /usr/ sbin/updatedb36 Cmnd_Alias LOCATE = /usr/bin/updatedb 37 37 38 38 ## Storage -
trunk/server/fedora/config/etc/sysconfig/openafs
r1020 r1259 10 10 Sulphur) 11 11 /usr/bin/fs sysname 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;; 12 Leonidas) 13 /usr/bin/fs sysname 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;; 12 14 *) 13 15 echo "Warning: unknown platform. AFS sysname not set." -
trunk/server/fedora/config/etc/syslog-ng/syslog-ng.conf
r817 r1259 6 6 # See syslog-ng(8) and syslog-ng.conf(5) for more information. 7 7 # 8 # 20000925 gb@sysfive.com9 #10 # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 10 Aug 200211 # - for Red Hat 7.312 # - totally do away with klogd13 # - add message "kernel:" as is done with klogd.14 #15 # Updated by Frank Crawford (<Frank.Crawford@ac3.com.au>) - 22 Aug 200216 # - use the log_prefix option as per Balazs Scheidler's email17 #18 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 05 Apr 200319 # - corrected filters 'f_filter2' and 'f_filter6'20 # these filters were only allowing messages of one specific21 # priority level; they should be allowing messages from that22 # priority and upper levels.23 #24 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 25 Jan 200525 # - Don't sync the d_mail destination26 #27 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 01 Feb 200528 # - /proc/kmsg is a file not a pipe.29 # (https://lists.balabit.hu/pipermail/syslog-ng/2005-February/006963.html)30 #31 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 31 May 200732 # - increase the number of unix-stream max-connections (syslog-ng 2.0.4)33 #34 # Updated by Jose Pedro Oliveira (<jpo at di.uminho.pt>) - 26 July 200735 # - revert previous unix-stream max-connections change36 # (the new unix-stream max-connections default in syslog-ng 2.0.5 is 256)37 #38 8 39 9 options { 40 41 42 43 44 45 46 47 10 sync (0); 11 time_reopen (10); 12 log_fifo_size (1000); 13 long_hostnames (off); 14 use_dns (no); 15 use_fqdn (no); 16 create_dirs (no); 17 keep_hostname (yes); 48 18 }; 49 19 50 20 source s_sys { 51 file ("/proc/kmsg" log_prefix("kernel: ")); 52 unix-stream ("/dev/log"); 53 internal(); 54 # udp(ip(0.0.0.0) port(514)); 55 # tcp(ip(0.0.0.0) port(514)); 21 file ("/proc/kmsg" log_prefix("kernel: ")); 22 unix-stream ("/dev/log"); 23 internal(); 24 # udp(ip(0.0.0.0) port(514)); 56 25 }; 57 26 … … 63 32 destination d_boot { file("/var/log/boot.log"); }; 64 33 destination d_cron { file("/var/log/cron"); }; 34 #destination d_kern { file("/var/log/kern"); }; 65 35 destination d_mlal { usertty("*"); }; 66 36 … … 68 38 #destination d_watch { program("/usr/local/libexec/watch-syslog.py"); }; 69 39 70 #filter f_filter1 { facility(kern); }; 71 filter f_filter2 { level(info..emerg) and 72 not facility(mail,authpriv,cron); }; 73 filter f_filter3 { facility(authpriv); }; 74 filter f_filter4 { facility(mail); }; 75 filter f_filter5 { level(emerg); }; 76 filter f_filter6 { facility(uucp) or 77 (facility(news) and level(crit..emerg)); }; 78 filter f_filter7 { facility(local7); }; 79 filter f_filter8 { facility(cron); }; 40 #filter f_kernel { facility(kern); }; 41 filter f_default { level(info..emerg) and 42 not (facility(mail) 43 or facility(authpriv) 44 or facility(cron)); }; 45 filter f_auth { facility(authpriv); }; 46 filter f_mail { facility(mail); }; 47 filter f_emergency { level(emerg); }; 48 filter f_news { facility(uucp) or 49 (facility(news) 50 and level(crit..emerg)); }; 51 filter f_boot { facility(local7); }; 52 filter f_cron { facility(cron); }; 80 53 81 54 filter f_oom { facility(kern) and (match("Out of memory:") or match("Killed process")); }; 82 55 83 #log { source(s_sys); filter(f_filter1); destination(d_cons); }; 84 log { source(s_sys); filter(f_filter2); destination(d_mesg); }; 85 log { source(s_sys); filter(f_filter3); destination(d_auth); }; 86 log { source(s_sys); filter(f_filter4); destination(d_mail); }; 87 log { source(s_sys); filter(f_filter5); destination(d_mlal); }; 88 log { source(s_sys); filter(f_filter6); destination(d_spol); }; 89 log { source(s_sys); filter(f_filter7); destination(d_boot); }; 90 log { source(s_sys); filter(f_filter8); destination(d_cron); }; 56 #log { source(s_sys); filter(f_kernel); destination(d_cons); }; 57 #log { source(s_sys); filter(f_kernel); destination(d_kern); }; 58 log { source(s_sys); filter(f_default); destination(d_mesg); }; 59 log { source(s_sys); filter(f_auth); destination(d_auth); }; 60 log { source(s_sys); filter(f_mail); destination(d_mail); }; 61 log { source(s_sys); filter(f_emergency); destination(d_mlal); }; 62 log { source(s_sys); filter(f_news); destination(d_spol); }; 63 log { source(s_sys); filter(f_boot); destination(d_boot); }; 64 log { source(s_sys); filter(f_cron); destination(d_cron); }; 91 65 92 log { source(s_sys); filter(f_ filter3); destination(d_zroot); };93 #log { source(s_sys); filter(f_ filter2); destination(d_watch); };66 log { source(s_sys); filter(f_auth); destination(d_zroot); }; 67 #log { source(s_sys); filter(f_default); destination(d_watch); }; 94 68 log { source(s_sys); filter(f_oom); destination(d_zroot); }; 95 69 96 # vim: set ai ts=4 sw=4 sts=4et:70 # vim:ft=syslog-ng:ai:si:ts=4:sw=4:et: -
trunk/server/fedora/config/etc/yum.repos.d/scripts.repo
r866 r1259 1 1 [scripts] 2 2 name=Scripts 3 baseurl=http://web.mit.edu/scripts/rpm /3 baseurl=http://web.mit.edu/scripts/rpm-fc11/ 4 4 enabled=1 5 5 gpgcheck=0 -
trunk/server/fedora/specs/httpd.spec.patch
r1035 r1259 1 --- httpd.spec.orig 2009-03- 28 13:32:47.000000000 -04002 +++ httpd.spec 2009-0 3-28 14:20:15.000000000 -04003 @@ - 6,7 +6,7 @@1 --- httpd.spec.orig 2009-03-17 09:12:22.000000000 -0400 2 +++ httpd.spec 2009-06-03 05:05:30.000000000 -0400 3 @@ -7,7 +7,7 @@ 4 4 Summary: Apache HTTP Server 5 5 Name: httpd 6 Version: 2.2.1 07 -Release: 1%{?dist}8 +Release: 1%{?dist}.scripts.%{scriptsversion}6 Version: 2.2.11 7 -Release: 8 8 +Release: 8.scripts.%{scriptsversion} 9 9 URL: http://httpd.apache.org/ 10 10 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz 11 11 Source1: index.html 12 @@ -5 4,6 +54,12 @@12 @@ -56,6 +56,12 @@ 13 13 Conflicts: pcre < 4.0 14 Requires: httpd-tools = %{version}-%{release} 14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap 15 15 16 16 +Provides: scripts-httpd … … 23 23 The Apache HTTP Server is a powerful, efficient, and extensible 24 24 web server. 25 @@ -10 0,6 +106,7 @@25 @@ -102,6 +108,7 @@ 26 26 BuildRequires: openssl-devel, distcache-devel 27 27 Requires(post): openssl >= 0.9.7f-4, /bin/cat … … 31 31 32 32 %description -n mod_ssl 33 @@ -1 27,6 +134,11 @@33 @@ -130,6 +137,11 @@ 34 34 # Patch in vendor/release string 35 35 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1 … … 43 43 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'` 44 44 if test "x${vmmn}" != "x%{mmn}"; then 45 @@ -17 5,10 +187,12 @@45 @@ -178,10 +190,12 @@ 46 46 --with-apr=%{_prefix} --with-apr-util=%{_prefix} \ 47 47 --enable-suexec --with-suexec \ -
trunk/server/fedora/specs/krb5.spec.patch
r1069 r1259 1 --- krb5.spec.o ld 2009-04-08 06:26:23.000000000 -04002 +++ krb5.spec 2009-0 4-08 06:29:20.000000000 -04001 --- krb5.spec.orig 2009-04-07 15:17:07.000000000 -0400 2 +++ krb5.spec 2009-06-03 04:47:31.000000000 -0400 3 3 @@ -16,7 +16,7 @@ 4 4 Summary: The Kerberos network authentication system. 5 5 Name: krb5 6 6 Version: 1.6.3 7 -Release: 16%{?dist}8 +Release: 16%{?dist}.scripts.%{scriptsversion}7 -Release: 20%{?dist} 8 +Release: 20%{?dist}.scripts.%{scriptsversion} 9 9 # Maybe we should explode from the now-available-to-everybody tarball instead? 10 10 # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar 11 11 Source0: krb5-%{version}.tar.gz 12 @@ -10 5,6 +105,8 @@13 Patch8 2: krb5-CVE-2009-0846.patch14 Patch8 3: krb5-CVE-2009-0847.patch12 @@ -106,6 +106,8 @@ 13 Patch83: krb5-CVE-2009-0846.patch 14 Patch84: krb5-CVE-2009-0847.patch 15 15 16 16 +Patch1000: krb5-kuserok-scripts.patch 17 17 + 18 License: MIT , freely distributable.18 License: MIT 19 19 URL: http://web.mit.edu/kerberos/www/ 20 20 Group: System Environment/Libraries 21 @@ -14 6,6 +148,7 @@21 @@ -147,6 +149,7 @@ 22 22 Group: System Environment/Libraries 23 23 Prereq: grep, /sbin/ldconfig, sh-utils … … 27 27 %description libs 28 28 Kerberos is a network authentication system. The krb5-libs package 29 @@ -1 389,6 +1392,7 @@30 %patch8 1-p1 -b .CVE-2009-0844-0845-231 %patch8 2-p1 -b .CVE-2009-084632 %patch8 3-p1 -b .CVE-2009-084729 @@ -1413,6 +1416,7 @@ 30 %patch82 -p1 -b .CVE-2009-0844-0845-2 31 %patch83 -p1 -b .CVE-2009-0846 32 %patch84 -p1 -b .CVE-2009-0847 33 33 +%patch1000 -p1 -b .kuserok 34 34 cp src/krb524/README README.krb524 -
trunk/server/fedora/specs/nss-ldapd.spec.patch
r1132 r1259 1 1 --- nss-ldapd.spec.orig 2009-03-30 04:33:50.000000000 -0400 2 +++ nss-ldapd.spec 2009-0 5-24 18:39:15.000000000 -04002 +++ nss-ldapd.spec 2009-06-03 03:18:49.000000000 -0400 3 3 @@ -19,18 +19,19 @@ 4 4 … … 55 55 %files 56 56 %defattr(-,root,root) 57 @@ -104, 11 +99,12@@57 @@ -104,7 +99,6 @@ 58 58 %doc %{_mandir}/man8/* 59 59 %config(noreplace) %attr(640,root,root) /etc/nss-ldapd.conf … … 63 63 /usr/sbin/nslcd 64 64 65 %changelog 66 +* Sun May 24 2009 Anders Kaseorg <andersk@mit.edu> - 0.6.8-2.1 67 +- Update for Fedora again. 68 * Wed Mar 25 2009 rhafer@suse.de 69 - Updated to 0.6.8: 70 * the nss-ldapd.conf was created world-readable which could cause 71 @@ -129,6 +125,10 @@ 65 @@ -129,6 +123,10 @@ 72 66 - Adjust config file permissions upon update, to fix world-readable 73 67 /etc/nss-ldapd.conf as created by older versions -
trunk/server/fedora/specs/openafs.spec.patch
r1079 r1259 1 --- openafs.spec.orig 2009-0 4-08 08:17:00.000000000 -04002 +++ openafs.spec 2009-0 4-14 04:32:44.000000000 -04001 --- openafs.spec.orig 2009-06-03 04:16:03.000000000 -0400 2 +++ openafs.spec 2009-06-12 02:05:57.000000000 -0400 3 3 @@ -8,7 +8,7 @@ 4 4 # for beta/rc releases make pkgrel 0.X.<tag> … … 10 10 %if %{?osvers:0}%{!?osvers:1} 11 11 %define osvers 1 12 @@ -261,6 +261,1 1@@12 @@ -261,6 +261,14 @@ 13 13 %endif 14 14 ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64 … … 18 18 +Patch1002: openafs-pts-encrypt.patch 19 19 +Patch1003: openafs-localcsdb.patch 20 +Patch1004: openafs-delta-dprintf-rename-20090427.patch 21 +Patch1005: openafs-numsysnames.patch 22 +Patch1006: openafs-delta-linux26-defer-cred-changing-20090511.patch 20 23 + 21 24 # http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/... 22 25 Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2 23 26 Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2 24 @@ -343,6 +3 48,7 @@27 @@ -343,6 +351,7 @@ 25 28 %if %{build_userspace} 26 29 … … 30 33 31 34 %if %{fedorakmod} 32 @@ -403,6 +4 09,7 @@35 @@ -403,6 +412,7 @@ 33 36 34 37 %if %{build_authlibs} … … 38 41 Group: Networking/Filesystems 39 42 40 @@ -419,6 +42 6,7 @@43 @@ -419,6 +429,7 @@ 41 44 %endif 42 45 … … 46 49 Requires: openafs-authlibs = %{PACKAGE_VERSION} 47 50 %endif 48 @@ -437,6 +44 5,7 @@51 @@ -437,6 +448,7 @@ 49 52 libraries. 50 53 … … 54 57 Group: Development/Filesystems 55 58 56 @@ -465,6 +47 4,7 @@59 @@ -465,6 +477,7 @@ 57 60 administrators. 58 61 … … 62 65 Group: Networking/Filesystems 63 66 Provides: openafs-kernel = %{PACKAGE_VERSION} 64 @@ -514,6 +52 4,7 @@67 @@ -514,6 +527,7 @@ 65 68 66 69 %if %{krb5support} … … 70 73 Requires: openafs = %{PACKAGE_VERSION} 71 74 Group: Networking/Filesystems 72 @@ -540,7 +55 1,7 @@75 @@ -540,7 +554,7 @@ 73 76 %if %{build_modules} 74 77 … … 79 82 %else 80 83 81 @@ -699,6 +71 0,10@@84 @@ -699,6 +713,13 @@ 82 85 83 86 # Patch openafs to build a kernel module named "openafs" instead of "libafs" … … 87 90 +%patch1002 -p1 -b .pts-encrypt 88 91 +%patch1003 -p1 -b .localcsdb 92 +%patch1004 -p1 -b .dprintf 93 +%patch1005 -p1 -b .numsysnames 94 +%patch1006 -p1 -b .defercredchanging 89 95 90 96 ############################################################################## -
trunk/server/fedora/specs/openssh.spec.patch
r926 r1259 1 --- openssh.spec .orig 2009-01-01 21:06:01.000000000 -05002 +++ openssh.spec 2009-0 1-01 22:52:02.000000000 -05001 --- openssh.spec-pristine 2009-07-01 18:55:04.579034598 -0400 2 +++ openssh.spec 2009-07-01 18:49:33.068037580 -0400 3 3 @@ -63,7 +63,7 @@ 4 Summary: The OpenSSHimplementation of SSH protocol versions 1 and 24 Summary: An open source implementation of SSH protocol versions 1 and 2 5 5 Name: openssh 6 Version: 5. 1p17 -Release: 3%{?dist}%{?rescue_rel}8 +Release: 3%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}6 Version: 5.2p1 7 -Release: 2%{?dist}%{?rescue_rel} 8 +Release: 2%{?dist}%{?rescue_rel}.scripts.%{scriptsversion} 9 9 URL: http://www.openssh.com/portable.html 10 10 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz 11 11 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc 12 @@ -74,6 +74, 7@@12 @@ -74,6 +74,8 @@ 13 13 Source1: openssh-nukeacss.sh 14 14 Source2: sshd.pam 15 15 Source3: sshd.init 16 16 +Patch1000: openssh-5.0p1-multihomed.patch 17 Patch0: openssh-5.1p1-redhat.patch 17 +Patch1001: openssh-4.7p1-gssapi-name-in-env.patch 18 Patch0: openssh-5.2p1-redhat.patch 18 19 Patch2: openssh-5.1p1-skip-initial.patch 19 20 Patch3: openssh-3.8.1p1-krb5-config.patch 20 @@ -1 59,6 +160,7 @@21 @@ -160,6 +162,7 @@ 21 22 Requires(post): chkconfig >= 0.9, /sbin/service 22 23 Requires(pre): /usr/sbin/useradd … … 26 27 %package askpass 27 28 Summary: A passphrase dialog for OpenSSH and X 28 @@ -2 32,6 +234,8@@29 %patch6 3 -p1 -b .bannerlen30 %patch6 4 -p1 -b .compat-sessions29 @@ -229,6 +232,9 @@ 30 %patch62 -p1 -b .manpage 31 %patch65 -p1 -b .fips 31 32 32 33 +%patch1000 -p1 -b .multihomed 34 +%patch1001 -p1 -b .gssapi-env 33 35 + 34 36 autoreconf -
trunk/server/fedora/specs/php.spec.patch
r1091 r1259 1 --- php.spec.orig 2009-04- 23 11:58:08.000000000 -04002 +++ php.spec 2009-0 4-23 12:00:32.000000000 -04001 --- php.spec.orig 2009-04-15 09:24:35.000000000 -0400 2 +++ php.spec 2009-06-03 05:40:37.000000000 -0400 3 3 @@ -7,7 +7,7 @@ 4 4 Summary: PHP scripting language for creating dynamic web sites … … 10 10 Group: Development/Languages 11 11 URL: http://www.php.net/ 12 @@ -3 8,6 +38,10 @@12 @@ -39,6 +39,10 @@ 13 13 Patch60: php-5.2.7-tests-dashn.patch 14 14 Patch61: php-5.0.4-tests-wddx.patch … … 21 21 22 22 BuildRequires: bzip2-devel, curl-devel >= 7.9, db4-devel, gmp-devel 23 @@ - 374,6 +378,8 @@23 @@ -404,6 +408,8 @@ 24 24 %patch60 -p1 -b .tests-dashn 25 25 %patch61 -p1 -b .tests-wddx -
trunk/server/fedora/specs/scripts-base.spec
r1236 r1259 9 9 Source: %{name}.tar.gz 10 10 BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root 11 Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, scripts-p ysvn, scripts-php, php_scripts11 Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, scripts-php, php_scripts 12 12 %define debug_package %{nil} 13 13
Note: See TracChangeset
for help on using the changeset viewer.