From: František Dvořák Date: Mon, 10 Mar 2014 15:35:14 +0000 (+0100) Subject: Only log dir owned by rocci, patch and update apache configuration. X-Git-Url: http://scientific.zcu.cz/git/?a=commitdiff_plain;h=772d240da4d77778ec0213d76a5c52fd4eab13f1;p=rOCCI-packaging.git Only log dir owned by rocci, patch and update apache configuration. --- diff --git a/rocci-server/debian/passenger-security.conf b/rocci-server/debian/passenger-security.conf new file mode 100644 index 0000000..cef1235 --- /dev/null +++ b/rocci-server/debian/passenger-security.conf @@ -0,0 +1,3 @@ + +PassengerUserSwitching off + diff --git a/rocci-server/debian/patches/config.patch b/rocci-server/debian/patches/config.patch new file mode 100644 index 0000000..e720a87 --- /dev/null +++ b/rocci-server/debian/patches/config.patch @@ -0,0 +1,21 @@ +diff --git a/examples/etc/apache2/sites-available/occi-ssl b/examples/etc/apache2/sites-available/occi-ssl +index 99bc0d2..61de8be 100644 +--- a/examples/etc/apache2/sites-available/occi-ssl ++++ b/examples/etc/apache2/sites-available/occi-ssl +@@ -42,6 +42,16 @@ + Options -MultiViews + + ++ # user should exist and have write permissions to log directory ++ #PassengerUser rocci ++ #PassengerGroup rocci ++ ++ # log directory ++ #SetEnv ROCCI_SERVER_LOG_DIR /var/log/rocci-server ++ ++ # enhance security ++ #PassengerFriendlyErrorPages off ++ + # configuration for rOCCI-server + ## common + SetEnv ROCCI_SERVER_PROTOCOL https diff --git a/rocci-server/debian/patches/series b/rocci-server/debian/patches/series index 3414ba9..50a695f 100644 --- a/rocci-server/debian/patches/series +++ b/rocci-server/debian/patches/series @@ -1,2 +1,3 @@ bundler.patch unbundle.patch +config.patch diff --git a/rocci-server/debian/rocci-server.dirs b/rocci-server/debian/rocci-server.dirs index 3936561..4b63a12 100644 --- a/rocci-server/debian/rocci-server.dirs +++ b/rocci-server/debian/rocci-server.dirs @@ -1 +1,2 @@ usr/lib/rocci-server +var/log/rocci-server diff --git a/rocci-server/debian/rocci-server.install b/rocci-server/debian/rocci-server.install index d447d57..ad8262f 100644 --- a/rocci-server/debian/rocci-server.install +++ b/rocci-server/debian/rocci-server.install @@ -5,8 +5,6 @@ config usr/lib/rocci-server db usr/lib/rocci-server etc usr/lib/rocci-server lib usr/lib/rocci-server -# XXX: this should be /var/log -log usr/lib/rocci-server public usr/lib/rocci-server spec usr/lib/rocci-server test usr/lib/rocci-server diff --git a/rocci-server/debian/rocci-server.links b/rocci-server/debian/rocci-server.links index 0fa1d3c..b700ea3 100644 --- a/rocci-server/debian/rocci-server.links +++ b/rocci-server/debian/rocci-server.links @@ -1,3 +1,2 @@ -# no FHS support, just point to proper places +# no FHS support, just point to proper place usr/lib/rocci-server/etc etc/rocci-server -usr/lib/rocci-server/log var/log/rocci-server diff --git a/rocci-server/debian/rocci-server.postinst b/rocci-server/debian/rocci-server.postinst index 4a95234..b3aae0f 100644 --- a/rocci-server/debian/rocci-server.postinst +++ b/rocci-server/debian/rocci-server.postinst @@ -7,6 +7,6 @@ if [ "$1" != "configure" -a "$1" != "reconfigure" ]; then exit 0 fi -chown -R rocci:rocci /usr/lib/rocci-server +chown -R rocci:rocci /var/log/rocci-server exit 0 diff --git a/rocci-server/debian/rules b/rocci-server/debian/rules index 1e4d1c1..d8c6220 100755 --- a/rocci-server/debian/rules +++ b/rocci-server/debian/rules @@ -8,6 +8,10 @@ p_name=rocci-server binary: sed examples/etc/apache2/sites-available/occi-ssl \ -e 's,\(DocumentRoot\|Directory\).*\(/public\),\1 /usr/lib/rocci-server\2,i' \ + -e 's,^\(\s*\)#\s*\(PassengerUser\).*,\1\2 rocci,i' \ + -e 's,^\(\s*\)#\s*\(PassengerGroup\).*,\1\2 rocci,i' \ + -e 's,^\(\s*\)#\s*\(SetEnv\s*ROCCI_SERVER_LOG_DIR\).*,\1\2 /var/log/rocci-server,i' \ + -e 's,^\(\s*\)#\s*\(PassengerFriendlyErrorPages\).*,\1\2 off,' \ > debian/occi-ssl dh $@