Date: Tuesday, October 11, 2011 @ 11:31:29 Author: dreisner Revision: 140266
upgpkg: syslog-ng 3.3.1-1 upstream release 3.3.1 - remove patches - fixup error in rc.d script - move PID file to /run - update config for 3.3 syntax - remove log_fifo_size (defaults to 10000 now) - long_hostnames(off) => chain_hostnames(off) - distribute systemd service file via buildsys Modified: syslog-ng/trunk/PKGBUILD syslog-ng/trunk/syslog-ng.conf syslog-ng/trunk/syslog-ng.rc Deleted: syslog-ng/trunk/cap_syslog.patch syslog-ng/trunk/non-blocking-systemd-fds.patch --------------------------------+ PKGBUILD | 63 +++++-------- cap_syslog.patch | 178 --------------------------------------- non-blocking-systemd-fds.patch | 32 ------- syslog-ng.conf | 6 - syslog-ng.rc | 5 - 5 files changed, 31 insertions(+), 253 deletions(-) Modified: PKGBUILD =================================================================== --- PKGBUILD 2011-10-11 14:15:08 UTC (rev 140265) +++ PKGBUILD 2011-10-11 15:31:29 UTC (rev 140266) @@ -4,8 +4,8 @@ # Maintainer: Aaron Griffin <[email protected]> pkgname=syslog-ng -pkgver=3.2.4 -pkgrel=3 +pkgver=3.3.1 +pkgrel=1 pkgdesc="Next-generation syslogd with advanced networking and filtering capabilities" arch=('i686' 'x86_64') license=('GPL2') @@ -18,49 +18,38 @@ options=('!libtool') backup=('etc/syslog-ng/modules.conf' 'etc/syslog-ng/scl.conf' \ 'etc/syslog-ng/syslog-ng.conf' 'etc/logrotate.d/syslog-ng') -source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz - non-blocking-systemd-fds.patch - syslog-ng.conf syslog-ng.logrotate syslog-ng.rc cap_syslog.patch) -md5sums=('5995f7dad0053a478b60a63f6f754203' - '25e43afe51eb2223c25168e3c3e7aaf6' - '344dddfff946300f5576b13a7e8ea19f' - '735636090be4582885974542d2a75855' - '39f41dc7cee7efc6250adc5e970ca7a7' - 'bd317a7fb2339a39b8adcf8fdcd20396') -sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1' - '73b83deae9a8b945dfb13adf331e6bf6f119b83e' - 'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f' +source=("http://www.balabit.com/downloads/files/syslog-ng/sources/$pkgver/source/${pkgname}_$pkgver.tar.gz"; + syslog-ng.conf + syslog-ng.logrotate + syslog-ng.rc) +sha1sums=('f084d66754c7fa1eada56946f77ef3066faa27a1' + '98074e0facfc6ef036202662cc86d04b38a2c142' 'ac997b25d7d8e69e66782d3771a0e12aff55ae7f' - 'a1b59b2bde30dfb00907d1c77f3071b910a40401' - '20991412f2e82e12cbf272a414974ff135fb1981') + 'a6ad26912b5bcbe1b47b003309945d733613b98f') build() { - cd "${srcdir}/${pkgname}-${pkgver}" + cd "$srcdir/$pkgname-$pkgver" - # fix #22555 for kernels >=2.6.38 - patch -p1 -i ../cap_syslog.patch - - # fix systemd blocking FD bug - # https://bugzilla.balabit.com/show_bug.cgi?id=125 - patch -Np1 < "$srcdir/non-blocking-systemd-fds.patch" - - ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \ - --libexecdir=/usr/lib --localstatedir=/var/lib/syslog-ng \ - --enable-tcp-wrapper \ - --with-pidfile-dir=/var/run \ + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc/syslog-ng \ + --libexecdir=/usr/lib \ + --localstatedir=/var/lib/syslog-ng \ + --with-pidfile-dir=/run \ --disable-spoof-source \ - --disable-tcp-wrapper \ - --enable-systemd + --enable-systemd \ + --with-systemdsystemunitdir=/lib/systemd/system make } package() { - cd "${srcdir}/${pkgname}-${pkgver}" - make DESTDIR="${pkgdir}" install - install -dm755 "${pkgdir}/var/lib/syslog-ng" "${pkgdir}/etc/syslog-ng/patterndb.d" - install -Dm644 "${srcdir}/syslog-ng.conf" "${pkgdir}/etc/syslog-ng/syslog-ng.conf" - install -Dm644 "${srcdir}/syslog-ng.logrotate" "${pkgdir}/etc/logrotate.d/syslog-ng" - install -Dm755 "${srcdir}/syslog-ng.rc" "${pkgdir}/etc/rc.d/syslog-ng" - install -Dm644 "doc/examples/syslog-ng.service" "$pkgdir/lib/systemd/system/syslog-ng.service" + cd "$srcdir/$pkgname-$pkgver" + + make DESTDIR="$pkgdir" install + + install -dm755 "$pkgdir/var/lib/syslog-ng" "$pkgdir/etc/syslog-ng/patterndb.d" + install -Dm644 "$srcdir/syslog-ng.conf" "$pkgdir/etc/syslog-ng/syslog-ng.conf" + install -Dm644 "$srcdir/syslog-ng.logrotate" "$pkgdir/etc/logrotate.d/syslog-ng" + install -Dm755 "$srcdir/syslog-ng.rc" "$pkgdir/etc/rc.d/syslog-ng" } Deleted: cap_syslog.patch =================================================================== --- cap_syslog.patch 2011-10-11 14:15:08 UTC (rev 140265) +++ cap_syslog.patch 2011-10-11 15:31:29 UTC (rev 140266) @@ -1,178 +0,0 @@ -From ae0ff59d9a761c2fda8a19b0c05e0e05c59bae57 Mon Sep 17 00:00:00 2001 -From: Balazs Scheidler <[email protected]> -Date: Thu, 12 May 2011 13:11:58 +0200 -Subject: [PATCH] Use CAP_SYSLOG instead of CAP_SYS_ADMIN, if available. - -If cap_syslog exists, the kernel will complain (once) that we only -have cap_sys_admin. Additionally, using cap_syslog instead of -cap_sys_admin significantly lowers the unneeded privs we are -using. - -Upon startup, syslog-ng will detect whether CAP_SYSLOG is available, -and use capabilities based on that finding. This detection will also -have a side-effect, which will make it so that -g_process_cap_modify(CAP_SYSLOG) will fall back to CAP_SYS_ADMIN, if -CAP_SYSLOG support was not detected. - -Thanks to Andrew Morgan for pointing out a nice way to detect whether -the kernel has CAP_SYSLOG. Original code by Serge Hallyn, with minor -changes based on Balazs Scheidler's review by Gergely Nagy. - -Signed-off-by: Serge Hallyn <[email protected]> -Signed-off-by: Gergely Nagy <[email protected]> -Signed-off-by: Balazs Scheidler <[email protected]> ---- - lib/gprocess.c | 27 +++++++++++++++++++++++++++ - lib/gprocess.h | 6 ++++++ - modules/affile/affile.c | 2 +- - syslog-ng/main.c | 38 ++++++++++++++++++++++++++++++-------- - 4 files changed, 64 insertions(+), 9 deletions(-) - -diff --git a/lib/gprocess.c b/lib/gprocess.c -index 38bcb12..e2159fc 100644 ---- a/lib/gprocess.c -+++ b/lib/gprocess.c -@@ -98,6 +98,7 @@ static gint startup_result_pipe[2] = { -1, -1 }; - static gint init_result_pipe[2] = { -1, -1 }; - static GProcessKind process_kind = G_PK_STARTUP; - static gboolean stderr_present = TRUE; -+static int have_capsyslog = FALSE; - - /* global variables */ - static struct -@@ -216,6 +217,13 @@ g_process_cap_modify(int capability, int onoff) - if (!process_opts.caps) - return TRUE; - -+ /* -+ * if libcap or kernel doesn't support cap_syslog, then resort to -+ * cap_sys_admin -+ */ -+ if (capability == CAP_SYSLOG && (!have_capsyslog || CAP_SYSLOG == -1)) -+ capability = CAP_SYS_ADMIN; -+ - caps = cap_get_proc(); - if (!caps) - return FALSE; -@@ -297,6 +305,25 @@ g_process_cap_restore(cap_t r) - return; - } - -+gboolean -+g_process_check_cap_syslog(void) -+{ -+ int ret; -+ -+ if (have_capsyslog) -+ return TRUE; -+ -+ if (CAP_SYSLOG == -1) -+ return FALSE; -+ -+ ret = prctl(PR_CAPBSET_READ, CAP_SYSLOG); -+ if (ret == -1) -+ return FALSE; -+ -+ have_capsyslog = TRUE; -+ return TRUE; -+} -+ - #endif - - /** -diff --git a/lib/gprocess.h b/lib/gprocess.h -index a6dd7c4..1bdd719 100644 ---- a/lib/gprocess.h -+++ b/lib/gprocess.h -@@ -46,6 +46,10 @@ gboolean g_process_cap_modify(int capability, int onoff); - cap_t g_process_cap_save(void); - void g_process_cap_restore(cap_t r); - -+#ifndef CAP_SYSLOG -+#define CAP_SYSLOG -1 -+#endif -+ - #else - - typedef gpointer cap_t; -@@ -71,6 +75,8 @@ void g_process_set_argv_space(gint argc, gchar **argv); - void g_process_set_use_fdlimit(gboolean use); - void g_process_set_check(gint check_period, gboolean (*check_fn)(void)); - -+gboolean g_process_check_cap_syslog(void); -+ - void g_process_start(void); - void g_process_startup_failed(guint ret_num, gboolean may_exit); - void g_process_startup_ok(void); -diff --git a/modules/affile/affile.c b/modules/affile/affile.c -index ce343cd..bb8aa75 100644 ---- a/modules/affile/affile.c -+++ b/modules/affile/affile.c -@@ -59,7 +59,7 @@ affile_open_file(gchar *name, gint flags, - if (privileged) - { - g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE); -- g_process_cap_modify(CAP_SYS_ADMIN, TRUE); -+ g_process_cap_modify(CAP_SYSLOG, TRUE); - } - else - { -diff --git a/syslog-ng/main.c b/syslog-ng/main.c -index 9880c1f..02f17b6 100644 ---- a/syslog-ng/main.c -+++ b/syslog-ng/main.c -@@ -363,6 +363,33 @@ version(void) - ON_OFF_STR(ENABLE_PACCT_MODULE)); - } - -+#if ENABLE_LINUX_CAPS -+#define BASE_CAPS "cap_net_bind_service,cap_net_broadcast,cap_net_raw," \ -+ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p " -+ -+static void -+setup_caps (void) -+{ -+ static gchar *capsstr_syslog = BASE_CAPS "cap_syslog=ep"; -+ static gchar *capsstr_sys_admin = BASE_CAPS "cap_sys_admin=ep"; -+ -+ /* Set up the minimal privilege we'll need -+ * -+ * NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always -+ * indicate readability. Enabling/disabling cap_sys_admin on every poll -+ * invocation seems to be too expensive. So I enable it for now. -+ */ -+ if (g_process_check_cap_syslog()) -+ g_process_set_caps(capsstr_syslog); -+ else -+ g_process_set_caps(capsstr_sys_admin); -+} -+#else -+ -+#define setup_caps() -+ -+#endif -+ - int - main(int argc, char *argv[]) - { -@@ -374,14 +401,9 @@ main(int argc, char *argv[]) - z_mem_trace_init("syslog-ng.trace"); - - g_process_set_argv_space(argc, (gchar **) argv); -- -- /* NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always -- * indicate readability. Enabling/disabling cap_sys_admin on every poll -- * invocation seems to be too expensive. So I enable it for now. */ -- -- g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw," -- "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p " -- "cap_sys_admin=ep"); -+ -+ setup_caps(); -+ - ctx = g_option_context_new("syslog-ng"); - g_process_add_option_group(ctx); - msg_add_option_group(ctx); --- -1.7.6.1 - Deleted: non-blocking-systemd-fds.patch =================================================================== --- non-blocking-systemd-fds.patch 2011-10-11 14:15:08 UTC (rev 140265) +++ non-blocking-systemd-fds.patch 2011-10-11 15:31:29 UTC (rev 140266) @@ -1,32 +0,0 @@ -From 2f214c4f87d944aa28d53e331a67b1fd88d9840f Mon Sep 17 00:00:00 2001 -From: Balazs Scheidler <[email protected]> -Date: Wed, 22 Jun 2011 12:50:53 +0200 -Subject: [PATCH] systemd: make sure the acquired fd is in non-blocking mode - -The fd acquired from systemd is in blocking mode, and syslog-ng -didn't explicitly set it to non-blocking, causing syslog-ng -to stall. This patch changes that, explicitly enables -O_NONBLOCK and O_CLOEXEC on systemd acquired fds. - -Reported-By: Enrico Scholz <[email protected]> -Signed-off-by: Balazs Scheidler <[email protected]> ---- - modules/afsocket/afunix.c | 2 ++ - 1 files changed, 2 insertions(+), 0 deletions(-) - -diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c -index cd9c205..9a4e37b 100644 ---- a/modules/afsocket/afunix.c -+++ b/modules/afsocket/afunix.c -@@ -108,6 +108,8 @@ afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd) - - if (*result_fd != -1) - { -+ g_fd_set_nonblock(*result_fd, TRUE); -+ g_fd_set_cloexec(*result_fd, TRUE); - msg_verbose("Acquired systemd socket", - evt_tag_str("filename", self->filename), - evt_tag_int("systemd-sock-fd", *result_fd), --- -1.7.5.4 - Modified: syslog-ng.conf =================================================================== --- syslog-ng.conf 2011-10-11 14:15:08 UTC (rev 140265) +++ syslog-ng.conf 2011-10-11 15:31:29 UTC (rev 140266) @@ -1,4 +1,4 @@ -@version: 3.2 +@version: 3.3 # # /etc/syslog-ng/syslog-ng.conf # @@ -7,8 +7,8 @@ stats_freq (0); flush_lines (0); time_reopen (10); - log_fifo_size (1000); - long_hostnames(off); + log_fifo_size (10000); + chain_hostnames (off); use_dns (no); use_fqdn (no); create_dirs (no); Modified: syslog-ng.rc =================================================================== --- syslog-ng.rc 2011-10-11 14:15:08 UTC (rev 140265) +++ syslog-ng.rc 2011-10-11 15:31:29 UTC (rev 140266) @@ -5,7 +5,6 @@ checkconfig() { if ! syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf; then - stat_busy "Configuration error. Please fix your config file (/etc/syslog-ng/syslog-ng.conf)." stat_fail exit 1 fi @@ -14,7 +13,7 @@ pidfile=/run/syslog-ng.pid if [[ -r $pidfile ]]; then read -r PID < "$pidfile" - if [[ ! -d /proc/$PID ]]; then + if [[ $PID && ! -d /proc/$PID ]]; then # stale pidfile unset PID rm -f "$pidfile" @@ -25,7 +24,7 @@ start) stat_busy "Starting Syslog-NG" checkconfig - if [[ -z "$PID" ]] && /usr/sbin/syslog-ng; then + if [[ -z $PID ]] && /usr/sbin/syslog-ng; then add_daemon syslog-ng stat_done else
