This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "FusionForge".
The branch, 6.0 has been updated
via 7d3d2f397c43e9a7ec1f7dc4c83d8bb6a86235d9 (commit)
via e09cdbf685aaac178c74c24d482f3c1c9311a6f5 (commit)
via c347cbf2e3d8050f9d102b4ea1466e452b3d70e2 (commit)
from b50f481415c9500fc9a35dc0ada123c1b2da722a (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7d3d2f397c43e9a7ec1f7dc4c83d8bb6a86235d9
Author: Sylvain Beucler <[email protected]>
Date: Mon Mar 23 11:58:09 2015 +0100
web: if we have a separate cert for scm.$host, let's have a separate key as
well; useful if we use existing certificates
diff --git a/src/etc/httpd.conf.d/ssl-on-scm.inc
b/src/etc/httpd.conf.d/ssl-on-scm.inc
index 07e6030..8cf1d53 100644
--- a/src/etc/httpd.conf.d/ssl-on-scm.inc
+++ b/src/etc/httpd.conf.d/ssl-on-scm.inc
@@ -4,8 +4,7 @@
SSLEngine on
SSLCertificateFile ${FF__core__config_path}/ssl-cert-scm.pem
- SSLCertificateKeyFile ${FF__core__config_path}/ssl-cert.key
- # Add extra SSL configuration (e.g. SSLCACertificatePath) here
+ SSLCertificateKeyFile ${FF__core__config_path}/ssl-cert-scm.key
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
diff --git a/src/etc/httpd.conf.d/ssl-on.inc b/src/etc/httpd.conf.d/ssl-on.inc
index 6fc9b93..d1638ee 100644
--- a/src/etc/httpd.conf.d/ssl-on.inc
+++ b/src/etc/httpd.conf.d/ssl-on.inc
@@ -5,7 +5,6 @@
SSLCertificateFile ${FF__core__config_path}/ssl-cert.pem
SSLCertificateKeyFile ${FF__core__config_path}/ssl-cert.key
- # Add extra SSL configuration (e.g. SSLCACertificatePath) here
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh
index cabb9af..1e6f573 100755
--- a/src/post-install.d/web/web.sh
+++ b/src/post-install.d/web/web.sh
@@ -80,9 +80,14 @@ case "$1" in
fi
scm_host=$(forge_get_config scm_host)
- scmcert=$config_path/ssl-cert-scm.pem
- if [ ! -e $scmcert ] ; then
- openssl req -x509 -days 3650 -new -nodes -batch -text -key $key
-subj "/CN=$scm_host" -out $scmcert
+ cert_scm=$config_path/ssl-cert-scm.pem
+ key_scm=$config_path/ssl-cert-scm.key
+ if [ ! -e $key_scm ] ; then
+ openssl genrsa -out $key_scm
+ chmod 600 $key_scm
+ fi
+ if [ ! -e $cert_scm ] ; then
+ openssl req -x509 -days 3650 -new -nodes -batch -text -key $key_scm
-subj "/CN=$scm_host" -out $cert_scm
fi
# Setup Docman/FRS/Forum/Tracker/RSS attachments
commit e09cdbf685aaac178c74c24d482f3c1c9311a6f5
Author: Sylvain Beucler <[email protected]>
Date: Mon Mar 23 11:45:27 2015 +0100
web: merge ssl-on/ssl-really-on, since we generate certs in web.sh, and to
be consistent with ssl-on-scm.inc
diff --git a/src/etc/httpd.conf.d/ssl-on.inc b/src/etc/httpd.conf.d/ssl-on.inc
index 309d2ac..6fc9b93 100644
--- a/src/etc/httpd.conf.d/ssl-on.inc
+++ b/src/etc/httpd.conf.d/ssl-on.inc
@@ -1,8 +1,25 @@
-# SSL is off by default to not provide a false sense of security
-# If/when you have a real SSL certificate, uncomment the "really-on" line and
-# comment out the "off" line.
-
-###Include ${FF__core__config_path}/httpd.conf.d/ssl-off.inc
-# IT DOES BRAKE ALL, PLEASE DON'T COMMIT UNTESTED
-Include ${FF__core__config_path}/httpd.conf.d/ssl-really-on.inc
+# Not using IfModule: the name changes between distros
+# and user can disable SSL in ssl-on.inc
+#<IfModule mod_ssl.c>
+ SSLEngine on
+
+ SSLCertificateFile ${FF__core__config_path}/ssl-cert.pem
+ SSLCertificateKeyFile ${FF__core__config_path}/ssl-cert.key
+ # Add extra SSL configuration (e.g. SSLCACertificatePath) here
+
+ <Files ~ "\.(cgi|shtml)$">
+ SSLOptions +StdEnvVars
+ </Files>
+
+ <Directory "/usr/lib/cgi-bin">
+ SSLOptions +StdEnvVars
+ </Directory>
+
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+#</IfModule>
+<IfModule apache_ssl.c>
+ SSLEnable
+
+ SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
+</IfModule>
diff --git a/src/etc/httpd.conf.d/ssl-really-on.inc
b/src/etc/httpd.conf.d/ssl-really-on.inc
deleted file mode 100644
index 6fc9b93..0000000
--- a/src/etc/httpd.conf.d/ssl-really-on.inc
+++ /dev/null
@@ -1,25 +0,0 @@
-# Not using IfModule: the name changes between distros
-# and user can disable SSL in ssl-on.inc
-#<IfModule mod_ssl.c>
- SSLEngine on
-
- SSLCertificateFile ${FF__core__config_path}/ssl-cert.pem
- SSLCertificateKeyFile ${FF__core__config_path}/ssl-cert.key
- # Add extra SSL configuration (e.g. SSLCACertificatePath) here
-
- <Files ~ "\.(cgi|shtml)$">
- SSLOptions +StdEnvVars
- </Files>
-
- <Directory "/usr/lib/cgi-bin">
- SSLOptions +StdEnvVars
- </Directory>
-
- SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-#</IfModule>
-
-<IfModule apache_ssl.c>
- SSLEnable
-
- SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
-</IfModule>
commit c347cbf2e3d8050f9d102b4ea1466e452b3d70e2
Author: Sylvain Beucler <[email protected]>
Date: Mon Mar 23 11:44:48 2015 +0100
web: remove duplicate conf left-over from itk merge
diff --git a/src/etc/httpd.conf.d/50-vhosts-scm.conf
b/src/etc/httpd.conf.d/50-vhosts-scm.conf
deleted file mode 100644
index 1cd2212..0000000
--- a/src/etc/httpd.conf.d/50-vhosts-scm.conf
+++ /dev/null
@@ -1,19 +0,0 @@
-#
-# Main host
-#
-
-# Used if you have a scm.$web_host domain
-# (serving SCM repos without the main web interface installed)
-
-<VirtualHost *:80>
- Include ${FF__core__config_path}/httpd.conf.d/vhost-scm.inc
- Include ${FF__core__config_path}/httpd.conf.d/block-trace.inc
- Include ${FF__core__config_path}/httpd.conf.d/log.inc
- Include ${FF__core__config_path}/httpd.conf.d/ssl-off.inc
-</VirtualHost>
-<VirtualHost *:443>
- Include ${FF__core__config_path}/httpd.conf.d/vhost-scm.inc
- Include ${FF__core__config_path}/httpd.conf.d/block-trace.inc
- Include ${FF__core__config_path}/httpd.conf.d/log.inc
- Include ${FF__core__config_path}/httpd.conf.d/ssl-on.inc
-</VirtualHost>
-----------------------------------------------------------------------
Summary of changes:
src/etc/httpd.conf.d/50-vhosts-scm.conf | 19 -------------------
src/etc/httpd.conf.d/ssl-on-scm.inc | 3 +--
src/etc/httpd.conf.d/ssl-on.inc | 30 +++++++++++++++++++++++-------
src/etc/httpd.conf.d/ssl-really-on.inc | 25 -------------------------
src/post-install.d/web/web.sh | 11 ++++++++---
5 files changed, 32 insertions(+), 56 deletions(-)
delete mode 100644 src/etc/httpd.conf.d/50-vhosts-scm.conf
delete mode 100644 src/etc/httpd.conf.d/ssl-really-on.inc
hooks/post-receive
--
FusionForge
_______________________________________________
Fusionforge-commits mailing list
[email protected]
http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits
