Hello community, here is the log from the commit of package webyast-base for openSUSE:Factory checked in at 2013-01-29 14:48:36 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/webyast-base (Old) and /work/SRC/openSUSE:Factory/.webyast-base.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "webyast-base", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/webyast-base/webyast-base.changes 2012-11-25 14:36:26.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.webyast-base.new/webyast-base.changes 2013-01-29 14:48:39.000000000 +0100 @@ -1,0 +2,99 @@ +Fri Jan 25 10:42:45 CET 2013 - [email protected] + +- add polkit-default-privs to buildrequires for 12.3 and newer + +------------------------------------------------------------------- +Mon Jan 21 17:14:30 UTC 2013 - [email protected] + +- move the base system status file after update from Webyast 1.2 to + the new location to avoid running it again +- 0.3.42 + +------------------------------------------------------------------- +Mon Jan 21 12:15:35 UTC 2013 - [email protected] + +- branding-default - make sure /var/lib/webyast is present before + touching restart file there (needed in update from 1.2) +- 0.3.41 + +------------------------------------------------------------------- +Thu Jan 17 12:33:37 UTC 2013 - [email protected] + +- fixed conflict dependency for webyast-software-* packages +- 0.3.40 + +------------------------------------------------------------------- +Thu Jan 17 10:46:37 UTC 2013 - [email protected] + +- conflict with all old Webyast 1.2 plugins (to force upgrade) +- 0.3.39 + +------------------------------------------------------------------- +Wed Jan 16 19:30:24 UTC 2013 - [email protected] + +- webyast user needs write permissions to db/ +- 0.3.38 + +------------------------------------------------------------------- +Wed Jan 16 13:11:04 UTC 2013 - [email protected] + +- move Webyast SSL certificates to the new location when updating + from Webyast 1.2 +- removed sqlite3 dependency (included in rubygem-sqlite3) +- added needed sqlite3 gem version to Gemfile +- 0.3.37 + +------------------------------------------------------------------- +Tue Jan 15 14:36:30 UTC 2013 - [email protected] + +- updated dependencies to force package update +- fixed file permissions differences reported by "rpm -V" +- 0.3.36 + +------------------------------------------------------------------- +Thu Jan 10 13:27:28 UTC 2013 - [email protected] + +- security fixes: disable mass loading in Account, activate + forgery protection in ApplicationController +- 0.3.35 + +------------------------------------------------------------------- +Tue Jan 8 11:58:39 UTC 2013 - [email protected] + +- make sure /srv/www/webyast/public/assets/manifest.yml is readable + for webyast user (bnc#797206) +- 0.3.34 + +------------------------------------------------------------------- +Wed Jan 2 14:34:56 UTC 2013 - [email protected] + +- rcwebyast - update assets at Webyast start (needed when + installing/updating via plain rpm) +- 0.3.33 + +------------------------------------------------------------------- +Tue Dec 18 09:54:56 UTC 2012 - [email protected] + +- permission fix: make db/production.sqlite3 readable only for + webyast user (to prevent from accessing the authentication tokens + stored there) +- 0.3.32 + +------------------------------------------------------------------- +Wed Dec 12 15:21:32 UTC 2012 - [email protected] + +- 0.3.31 + +------------------------------------------------------------------- +Wed Dec 5 12:59:11 UTC 2012 - [email protected] + +- fixed initializing session secret (for signing cookies) at the + first start (bnc#792632) + +------------------------------------------------------------------- +Wed Nov 28 17:46:21 UTC 2012 - [email protected] + +- control panel - logout after 2 hours timeout (bnc#789742) +- 0.3.30 + +------------------------------------------------------------------- New: ---- update_webyast_service ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ webyast-base.spec ++++++ --- /var/tmp/diff_new_pack.ywVLKm/_old 2013-01-29 14:48:41.000000000 +0100 +++ /var/tmp/diff_new_pack.ywVLKm/_new 2013-01-29 14:48:41.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package webyast-base # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: webyast-base -Version: 0.3.29 +Version: 0.3.42 Release: 0 Provides: yast2-webservice = %{version} Obsoletes: yast2-webservice < %{version} @@ -52,14 +52,13 @@ Requires: yast2-core >= 2.17.30.1 %endif Requires: check-create-certificate -Requires: nginx >= 1.0 -Requires: rubygem-passenger-nginx +Requires: nginx >= 1.0.15 +Requires: rubygem-passenger-nginx >= 3.0.14 Requires: rubygem-ruby-dbus -Requires: sqlite3 Requires: syslog-ng Requires: yast2-dbus-server -Requires: rubygem-webyast-rake-tasks >= 0.2 +Requires: rubygem-webyast-rake-tasks >= 0.3.5 Requires: webyast-base-branding PreReq: rubygem-bundler # 634404 @@ -72,9 +71,48 @@ PreReq: PolicyKit, rubygem-polkit PreReq: rubygem-rake < 0.9 %endif -PreReq: rubygem-sqlite3 +PreReq: rubygem-sqlite3 >= 1.3.6 PreReq: rubygem-rails-3_2 >= 3.2.3 PreReq: rubygem-fast_gettext, rubygem-gettext_i18n_rails + +# conflict with all old Webyast-1.2 plugins (to force upgrade) +Conflicts: webyast-activedirectory-ui < 0.3.0 +Conflicts: webyast-firewall-ui < 0.3.0 +Conflicts: webyast-ldap-ui < 0.3.0 +Conflicts: webyast-licenses-ui < 0.3.0 +Conflicts: webyast-mail-ui < 0.3.0 +Conflicts: webyast-network-ui < 0.3.0 +Conflicts: webyast-reboot-ui < 0.3.0 +Conflicts: webyast-registration-ui < 0.3.0 +Conflicts: webyast-roles-ui < 0.3.0 +Conflicts: webyast-root-user-ui < 0.3.0 +Conflicts: webyast-services-ui < 0.3.0 +Conflicts: webyast-slms-ui < 0.3.0 +Conflicts: webyast-software-ui <= 0.3.20 +Conflicts: webyast-status-ui < 0.3.0 +Conflicts: webyast-time-ui < 0.3.0 +Conflicts: webyast-users-ui < 0.3.0 + +Conflicts: webyast-activedirectory-ws < 0.3.0 +Conflicts: webyast-firewall-ws < 0.3.0 +Conflicts: webyast-firstboot-ws < 0.3.0 +Conflicts: webyast-kerberos-ws < 0.3.0 +Conflicts: webyast-ldap-ws < 0.3.0 +Conflicts: webyast-licenses-ws < 0.3.0 +Conflicts: webyast-mail-ws < 0.3.0 +Conflicts: webyast-network-ws < 0.3.0 +Conflicts: webyast-ntp-ws < 0.3.0 +Conflicts: webyast-reboot-ws < 0.3.0 +Conflicts: webyast-registration-ws < 0.3.0 +Conflicts: webyast-roles-ws < 0.3.0 +Conflicts: webyast-root-user-ws < 0.3.0 +Conflicts: webyast-services-ws < 0.3.0 +Conflicts: webyast-slms-ws < 0.3.0 +Conflicts: webyast-software-ws <= 0.3.20 +Conflicts: webyast-status-ws < 0.3.0 +Conflicts: webyast-time-ws < 0.3.0 +Conflicts: webyast-users-ws < 0.3.0 + Url: http://en.opensuse.org/Portal:WebYaST Summary: WebYaST - base components License: LGPL-2.1 and GPL-2.0 and Apache-2.0 @@ -93,6 +131,7 @@ Source13: control_panel.yml Source14: config.yml Source15: config.yml.new +Source16: update_webyast_service BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: pkg-config @@ -103,9 +142,8 @@ BuildRequires: dbus-1 BuildRequires: rubygem-rails-3_2 BuildRequires: rubygem-ruby-dbus -BuildRequires: rubygem-sqlite3 -BuildRequires: rubygem-webyast-rake-tasks >= 0.2 -BuildRequires: sqlite3 +BuildRequires: rubygem-sqlite3 >= 1.3.6 +BuildRequires: rubygem-webyast-rake-tasks >= 0.3.5 %if 0%{?suse_version} == 0 || %suse_version > 1110 BuildRequires: polkit BuildRequires: rubygem-polkit1 @@ -114,6 +152,9 @@ BuildRequires: PolicyKit BuildRequires: rubygem-polkit %endif +%if 0%{?suse_version} > 1220 +BuildRequires: polkit-default-privs +%endif # the testsuite is run during build BuildRequires: nginx >= 1.0 BuildRequires: rubygem-builder-3_0 @@ -350,6 +391,15 @@ # for basesystem setup (firstboot) mkdir -p $RPM_BUILD_ROOT%{webyast_vardir}/basesystem +# install restart script +install -m 0755 %SOURCE16 $RPM_BUILD_ROOT/usr/sbin/ + +# restart Webyast at the end of the transaction +%create_restart_script + +# create restart script for *-branding subpackage +ln -s /usr/sbin/update_webyast_service $RPM_BUILD_ROOT/var/adm/update-scripts/webyast-base-branding-default-%version-%release-update + #--------------------------------------------------------------- %clean rm -rf $RPM_BUILD_ROOT @@ -381,6 +431,12 @@ echo "/usr/sbin/rcwebyast restart" >> %name-%version-%release-1 fi fi + + # move the current SSL certificates to the new location + if [ -f /etc/lighttpd/certs/webyast.pem ]; then + mkdir -p /etc/nginx/certs + mv /etc/lighttpd/certs/webyast* /etc/nginx/certs + fi fi #We are switching from lighttpd to nginx. So lighttpd has to be killed #at first @@ -426,8 +482,9 @@ %if %suse_version <= 1110 export WEBYAST_POLICYKIT='true' %endif -RAILS_ENV=production rake db:migrate -chown -R %{webyast_user}: db +(umask 0077; RAILS_ENV=production rake db:migrate) +chown %{webyast_user}: db/*.sqlite3 +chmod o-r db/production.sqlite3 chown -R %{webyast_user}: /var/log/webyast chmod -R o-r /var/log/webyast echo "Database is ready" @@ -451,6 +508,13 @@ fi fi +# move the base system status to avoid running it after update +if [ -f /var/lib/yastws/basesystem/finish ]; then + mv /var/lib/yastws/basesystem/finish /var/lib/webyast/basesystem/ +fi + +%restart_webyast + #--------------------------------------------------------------- %preun %stop_on_removal %{webyast_service} @@ -466,7 +530,9 @@ %restart_on_update %{webyast_service} %post branding-default -%webyast_update_assets +# make sure the directory exists +mkdir -p /var/lib/webyast +%restart_webyast %postun branding-default %webyast_update_assets @@ -483,12 +549,16 @@ %attr(-,%{webyast_user},%{webyast_user}) %dir %{pkg_home}/cache %attr(-,%{webyast_user},%{webyast_user}) %dir %{_var}/log/%{webyast_user} +# include the restart script +%restart_script_name +%attr(755,root,root) /usr/sbin/update_webyast_service + #logrotate configuration file %config(noreplace) /etc/logrotate.d/webyast.lr.conf %dir %{_datadir}/webyast -%dir %attr(-,%{webyast_user},root) /var/lib/webyast -%dir %{webyast_dir}/db +%dir %attr(-,root,root) /var/lib/webyast +%attr(-,%{webyast_user},%{webyast_user}) %dir %{webyast_dir}/db %{webyast_dir}/locale %{webyast_dir}/app %{webyast_dir}/db/migrate @@ -541,6 +611,7 @@ %config /etc/sysconfig/SuSEfirewall2.d/services/webyast %config /usr/share/%{webyast_polkit_dir}/org.opensuse.yast.permissions.policy +%config %{webyast_dir}/config/initializers/secret_token.rb %config %{webyast_dir}/config/environment.rb %config(noreplace) /etc/yast_user_roles %config %{_sysconfdir}/init.d/%{webyast_service} @@ -575,6 +646,8 @@ %exclude %{webyast_dir}/public/assets/*.js %exclude %{webyast_dir}/public/assets/*.js.gz %exclude %{webyast_dir}/public/assets/manifest.yml.base +# restart script +/var/adm/update-scripts/webyast-base-branding-default-%version-%release-update #--------------------------------------------------------------- ++++++ rcwebyast ++++++ --- /var/tmp/diff_new_pack.ywVLKm/_old 2013-01-29 14:48:41.000000000 +0100 +++ /var/tmp/diff_new_pack.ywVLKm/_new 2013-01-29 14:48:41.000000000 +0100 @@ -124,6 +124,7 @@ else exit 6; fi; } PID_FILE=/var/run/webyast.pid +RESTART_FILE="/var/lib/webyast/restart" CERTIFICATEFILE=/etc/nginx/certs/webyast.pem CERTKEYFILE=/etc/nginx/certs/webyast.key @@ -207,11 +208,20 @@ rc_status -v rc_exit fi - sed -i 's/9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1/'"$SECRET"/ /srv/www/webyast/config/environment.rb + sed -i 's/a25bdf1cfcaea649ced4549e9d2b2b6ad4cf077badc774ca034a7ba57ae17f6e1185ed07bcc4ac20fb2d062d2afa975024fca03ede7b4c5002ca68386caa27a0/'"$SECRET"/ /srv/www/webyast/config/initializers/secret_token.rb # clear cache (drop possibly obsoleted values) (cd /srv/www/webyast/ && rake -s tmp:cache:clear) + # restart file present - do some additional update actions + # (Webyast was probably installed/updated by plain RPM) + if [ -f $RESTART_FILE ]; then + # TODO: use /usr/sbin/update_webyast_service (but fix possible endless loop) + (umask 0033 && cd /srv/www/webyast/ && rake -s -f lib/tasks/assets.rake assets:join_manifests) + + rm $RESTART_FILE + fi + ## Start daemon with startproc(8). If this fails ## the return value is set appropriately by startproc. /sbin/startproc -p $PID_FILE $NGINX_BIN -c $NGINX_CONFIG ++++++ update_webyast_service ++++++ #!/bin/sh # This is a shared script for updating and restarting webyast after package update. # The restart is done via an update script which symlinks to this file. RESTART_FILE="/var/lib/webyast/restart" WEBYAST_DIR="/srv/www/webyast" # restart file and Webyast initscript present if [ -f $RESTART_FILE ]; then cd $WEBYAST_DIR # update assets - use assets.rake file directly for faster loading rake -f lib/tasks/assets.rake assets:join_manifests # update Gemfile if test -f "Gemfile" ; then bundle update fi cd - # restart Webyast if it is running /etc/init.d/webyast try-restart # remove the restart file so this script is called just once rm -f $RESTART_FILE fi ++++++ www.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/Gemfile new/www/Gemfile --- old/www/Gemfile 2012-10-12 12:59:54.000000000 +0200 +++ new/www/Gemfile 2013-01-17 11:16:46.000000000 +0100 @@ -9,7 +9,7 @@ gem 'devise_unix2_chkpwd_authenticatable' gem 'cancan' -gem "sqlite3" +gem "sqlite3", '>= 1.3.6' gem 'haml' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/assets/stylesheets/webyast.css new/www/app/assets/stylesheets/webyast.css --- old/www/app/assets/stylesheets/webyast.css 2012-11-01 13:28:06.000000000 +0100 +++ new/www/app/assets/stylesheets/webyast.css 2012-11-30 12:18:05.000000000 +0100 @@ -120,22 +120,11 @@ font-size: 16px; font-weight: bold; padding: 14px; - position: absolute; - right: 0; - left: 0; - top: 0; text-align: center; - z-index: 100000; color: #333333; background-color: #feefb3; border-top: 2px solid #999999; border-bottom: 2px solid #999999; } - #timeoutMessage img { - left: 0; - margin: 2px 1em 0; - position: absolute; - top: 0px; - float: left; } #content { min-width: 640px; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/controllers/application_controller.rb new/www/app/controllers/application_controller.rb --- old/www/app/controllers/application_controller.rb 2012-11-01 13:28:06.000000000 +0100 +++ new/www/app/controllers/application_controller.rb 2013-01-10 14:27:20.000000000 +0100 @@ -29,6 +29,8 @@ before_filter :set_gettext_locale before_filter :base_system + protect_from_forgery + # controllers allowed to be called when the base setup has not been finished yet SYSTEM_CONTROLLERS = ["controlpanel", "notifier", "sessions"] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/controllers/restdoc_controller.rb new/www/app/controllers/restdoc_controller.rb --- old/www/app/controllers/restdoc_controller.rb 2012-08-29 09:27:53.000000000 +0200 +++ new/www/app/controllers/restdoc_controller.rb 2012-12-12 16:18:31.000000000 +0100 @@ -18,7 +18,8 @@ class RestdocController < ApplicationController - caches_action :index, :show + caches_action :index, :cache_path => Proc.new {"webyast_restdoc_index_#{FastGettext.locale}"}, :layout => false + caches_action :show, :layout => false def index @restdocs = Restdoc.find :all diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/models/account.rb new/www/app/models/account.rb --- old/www/app/models/account.rb 2012-09-25 09:15:21.000000000 +0200 +++ new/www/app/models/account.rb 2013-01-10 14:27:20.000000000 +0100 @@ -20,6 +20,8 @@ # timeout for valid auth token # use the same time as for session time out TOKEN_AUTH_TIMEOUT = Devise.timeout_in + # nothing can be changed by massloading + attr_accessible [] devise :unix2_chkpwd_authenticatable, :timeoutable, :token_authenticatable diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/views/controlpanel/index.html.erb new/www/app/views/controlpanel/index.html.erb --- old/www/app/views/controlpanel/index.html.erb 2012-11-01 13:28:06.000000000 +0100 +++ new/www/app/views/controlpanel/index.html.erb 2012-11-30 12:18:05.000000000 +0100 @@ -24,6 +24,12 @@ <% status_present = WebyastEngine.find "Status" %> <% patches_present = WebyastEngine.find "Software" %> +<% content_for :head do %> + <% javascript_tag do -%> + <%# logout after 2 hours timeout, the usuall session timeout doesn't work here because of the periodic AJAX status calls -%> + setTimeout(function(){window.location.assign('/accounts/sign_out');}, 2*60*60*1000); + <% end %> +<% end %> <% if status_present && display_status %> <% content_for :head do %> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/views/layouts/application.html.erb new/www/app/views/layouts/application.html.erb --- old/www/app/views/layouts/application.html.erb 2012-11-01 13:28:06.000000000 +0100 +++ new/www/app/views/layouts/application.html.erb 2012-12-13 15:05:16.000000000 +0100 @@ -54,6 +54,22 @@ </script> <% end %> + <%= javascript_tag do -%> + // display session expiration warning + setTimeout(function() { + $('#timeoutMessage').slideDown('slow'); + var int_id = setInterval(function() { + var rem = parseInt($('#timeout_counter').text()) - 1; + if (rem == 0) { + clearInterval(int_id); + $('#timeoutMessage').text(<%= jss _("Your session has expired, please reload the page and relogin.") -%>); + } else { + $('#timeout_counter').text(rem); + } + }, 1000); + }, (2*60*60*1000 - 120)); + <% end %> + <title><%= _("WebYaST") %></title> <%= yield :head %> @@ -78,6 +94,12 @@ </div> </noscript> + <div id="timeoutMessage"> + <%= image_tag "warning.png", :class => 'mvalign' %> + <%= _("You will be logged off in") %> <span id="timeout_counter">120</span> <%= _("seconds due to session timeout. ")-%> + <%= image_tag "warning.png", :class => 'mvalign' %> + </div> + <div id="header" class="clearfix"> <% appliance_label = ControlPanelConfig.read 'appliance_label', _("My Appliance") %> <% appliance_label = appliance_label.strip %> @@ -118,11 +140,6 @@ <h1><%= appliance_label %></h1> </div> - <div id="timeoutMessage"> - <%= link_to(image_tag("webyast-logo.png", :width=>"130", :height=>"42", :style=>"margin-top:4px;", :alt =>"webyast"),"/" )%> - <%= _("You will be logged off in")-%><span id="counter"><!-- countdown --></span><%= _("seconds due to session timeout. ")-%> - </div> - <div id="content"> <!-- here both flash and dynamic notifications should be added --> <div id="flash-messages" class="alpha"> @@ -163,7 +180,7 @@ </div> <div id="footer"> - <div class="copy">© 2009-2012 Novell, Inc.</div> + <div class="copy">© 2009-2013 Novell, Inc.</div> </div> <div id="page_overlay" class="overlay"></div> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/config/initializers/session_store.rb new/www/config/initializers/session_store.rb --- old/www/config/initializers/session_store.rb 2012-08-14 13:27:08.000000000 +0200 +++ new/www/config/initializers/session_store.rb 2012-12-12 12:42:22.000000000 +0100 @@ -16,18 +16,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA #++ - -# config.action_controller.session = { -# :key => '_yast-api_session', -# # It is overwritten during install time (bnc#550635), do not change key # RORSCAN_INL -# :secret => '9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1' -# } - Webyast::Application.config.session_store :cookie_store, :key=> '_webyast_session' -#Rails.application.config.cookie_secret = '9d11bfc98abcf9799082d9c34ec94dc1cc926f0f1bf4bea8c440b497d96b14c1f712c8784d0303ee7dd69e382c3e5e4d38d4c56d1b619eae7acaa6516cd733b1' - -# Use the database for sessions instead of the cookie-based default, -# which shouldn't be used to store highly confidential information -# (create the session table with "rails generate session_migration") -# Webyast::Application.config.session_store :active_record_store diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/lib/base.rb new/www/lib/base.rb --- old/www/lib/base.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/lib/base.rb 2012-12-04 08:40:47.000000000 +0100 @@ -89,7 +89,7 @@ next if !whitelist.blank? && !(whitelist.include?(k.to_sym)) blacklist = self.class.protected_attributes next if !blacklist.blank? && blacklist.include?(k.to_sym) - send("#{k}=", v) if self.respond_to?(k) + send("#{k}=", v) if self.respond_to?(:"#{k}=") end end -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
