Hello community, here is the log from the commit of package cacti for openSUSE:Factory checked in at 2020-05-28 09:20:41 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cacti (Old) and /work/SRC/openSUSE:Factory/.cacti.new.3606 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cacti" Thu May 28 09:20:41 2020 rev:32 rq:809673 version:1.2.12 Changes: -------- --- /work/SRC/openSUSE:Factory/cacti/cacti.changes 2020-05-08 23:08:41.206271024 +0200 +++ /work/SRC/openSUSE:Factory/.cacti.new.3606/cacti.changes 2020-05-28 09:21:54.457497536 +0200 @@ -1,0 +2,18 @@ +Mon May 11 12:23:32 UTC 2020 - Lars Vogdt <[email protected]> + +- switch from cron to systemd timers (boo#1115436): + + cacti-cron.timer + + cacti-cron.service +- introduce rpmlintrc for obvious false positives from rpmlint + + cacti-rpmlintrc +- use fdupes to reduce amount of needed/wasted space +- re-introduce RPM Group to avoid huge rpmlint complains on 15.1 +- remove .gitignore and .gitattributes files (not needed) +- avoid potential root escalation on systems with fs.protected_hardlinks=0 + (boo#1154087): handle directory permissions in file section instead + of using chown during post installation +- rewrote apache configuration to get rid of .htaccess files and + explicitely disable directory permissions per default + (only allow a limited, well-known set of directories) + +------------------------------------------------------------------- New: ---- cacti-cron.service cacti-cron.timer cacti-rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cacti.spec ++++++ --- /var/tmp/diff_new_pack.O9dz5v/_old 2020-05-28 09:21:55.237499257 +0200 +++ /var/tmp/diff_new_pack.O9dz5v/_new 2020-05-28 09:21:55.241499266 +0200 @@ -21,17 +21,28 @@ %else %define cacti_dir %{apache_datadir}/cacti %endif + +%if 0%{?suse_version} >= 01230 +%bcond_without systemd +%else +%bcond_with systemd +%endif + Name: cacti Version: 1.2.12 Release: 0 Summary: Web Front-End to Monitor System Data via RRDtool License: GPL-2.0-or-later +Group: System/Monitoring URL: http://www.cacti.net/ Source0: http://www.cacti.net/downloads/%{name}-%{version}.tar.gz Source1: %{name}.cron Source2: %{name}-httpd.conf Source3: %{name}.logrotate Source4: %{name}-httpd.conf.default +Source5: %{name}-cron.service +Source6: %{name}-cron.timer +Source10: cacti-rpmlintrc # PATCH-FIX-UPSTREAM cacti-config.patch Patch0: %{name}-config.patch BuildRequires: apache-rpm-macros @@ -51,9 +62,9 @@ Requires: rrdtool Conflicts: cacti-spine < %{version} Conflicts: cacti-spine > %{version} -Provides: cacti-system -Obsoletes: cacti-PA < %{version} -Provides: cacti-PA = %{version} +Provides: cacti-system = %{version}-%{release} +Obsoletes: cacti-PA < %{version}-%{release} +Provides: cacti-PA = %{version}-%{release} BuildArch: noarch %if 0%{?suse_version} BuildRequires: apache2-devel @@ -61,8 +72,14 @@ BuildRequires: httpd-devel %endif %if 0%{?suse_version} +BuildRequires: fdupes +%if %{with systemd} +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +%else BuildRequires: cron Requires: cron +%endif Requires: mod_php_any >= 7.0 Requires: php-sockets >= 7.0 %endif @@ -83,6 +100,7 @@ %package doc Summary: Documentation for Cacti +Group: System/Monitoring Requires: %{name} = %{version} %description doc @@ -100,8 +118,15 @@ %setup -q %patch0 -p1 -#delete the *.orig files +#delete some files find . -type f -name "*\.orig" -exec rm {} \; +find . -type f -name .gitignore -delete +find . -type f -name .gitattributes -delete +find . -type f -name .htaccess -delete + +# fix env interpreter lines +sed -i 's|/usr/bin/env perl|%{_bindir}/perl|g' scripts/*.pl +sed -i 's|/usr/bin/env php|%{_bindir}/php|g' include/vendor/cldr-to-gettext-plural-rules/bin/export-plural-rules %build #nothing to build @@ -132,10 +157,17 @@ install -m 0755 cli/* %{buildroot}%{cacti_dir}/cli install -m 0644 *.sql %{buildroot}%{cacti_dir} +%if %{with systemd} +install -Dm644 %{SOURCE6} %{buildroot}%{_unitdir}/%{name}-cron.timer +sed -e "s;__CACTIDIR__;%{cacti_dir};g" \ + -e "s;__APACHEUSER__;%{apache_user};g" \ + %{SOURCE5} > %{buildroot}%{_unitdir}/%{name}-cron.service +%else # cron task install -d -m 0755 %{buildroot}%{_sysconfdir}/cron.d sed -e "s;__CACTIDIR__;%{cacti_dir};g" -e "s;__APACHEUSER__;%{apache_user};g" \ %{SOURCE1} > %{buildroot}%{_sysconfdir}/cron.d/%{name} +%endif # apache2 config %if 0%{?suse_version} @@ -167,17 +199,38 @@ find %{buildroot}%{cacti_dir} -type f ! -name config.php | sed -e 's|'%{buildroot}'||' >> %{name}.list ln -sf %{_localstatedir}/log/%{name} %{buildroot}%{cacti_dir}/log +%if 0%{?suse_version} +%fdupes %{buildroot} +%endif + +%if %{with systemd} %post -chown -R %{apache_user}:%{apache_group} %{cacti_dir}/rra +%service_add_post %{name}-cron.timer + +%pre +%service_add_pre %{name}-cron.timer + +%preun +%service_del_preun %{name}-cron.timer + +%postun +%service_del_postun %{name}-cron.timer +%endif %files -f %{name}.list %license LICENSE %doc README.md %attr(-,%{apache_user},%{apache_group}) %dir %{_localstatedir}/lib/%{name} %attr(-,%{apache_user},%{apache_group}) %dir %{_localstatedir}/log/%{name} +%attr(-,%{apache_user},%{apache_group}) %{cacti_dir}/rra %attr(-,%{apache_user},%{apache_group}) %{cacti_dir}/log %config(noreplace) %{cacti_dir}/include/config.php +%if %{with systemd} +%{_unitdir}/%{name}-cron.service +%{_unitdir}/%{name}-cron.timer +%else %config(noreplace) %{_sysconfdir}/cron.d/%{name} +%endif %config(noreplace) %{_sysconfdir}/logrotate.d/%{name} %if 0%{?suse_version} %if 0%{?suse_version} <= 1210 ++++++ cacti-cron.service ++++++ [Unit] Description=Automated poller.php call for cacti [Service] Type=oneshot User=__APACHEUSER__ ExecStart=/bin/bash -ce "/usr/bin/php -f __CACTIDIR__/poller.php 1>/dev/null 2>&1" ++++++ cacti-cron.timer ++++++ [Unit] Description=Automated timer for cacti poller.php [Timer] OnCalendar=*:0/5 AccuracySec=12h Persistent=true [Install] WantedBy=timers.target ++++++ cacti-httpd.conf.default ++++++ --- /var/tmp/diff_new_pack.O9dz5v/_old 2020-05-28 09:21:55.313499424 +0200 +++ /var/tmp/diff_new_pack.O9dz5v/_new 2020-05-28 09:21:55.313499424 +0200 @@ -18,32 +18,14 @@ </IfModule> <Directory __CACTIDIR__> - Options None + DirectoryIndex index.php + Options +FollowSymLinks + AllowOverride none # Access Control # Default to only allow connections from localhost - <IfModule mod_version.c> - <IfVersion < 2.4> - Order deny,allow - Deny from all - Allow from localhost - </IfVersion> - <IfVersion >= 2.4> - <IfModule mod_authz_core.c> - Require all denied - Require local - </IfModule> - <IfModule mod_access_compat.c> - Order deny,allow - Deny from all - Allow from localhost - </IfModule> - </IfVersion> - </IfModule> - <IfModule !mod_version.c> - Require all denied - Require local - </IfModule> + Require all denied + Require local # Authentication Settings # Uncomment and apply to add Basic Authentication @@ -64,49 +46,27 @@ </IfModule> </IfDefine> </IfDefine> - </Directory> - <Directory __CACTIDIR__/cli> - AllowOverride none - <IfModule mod_version.c> - <IfVersion < 2.4> - Order deny,allow - Deny from all - </IfVersion> - <IfVersion >= 2.4> - <IfModule mod_authz_core.c> - Require all denied - </IfModule> - <IfModule mod_access_compat.c> - Order deny,allow - Deny from all - </IfModule> - </IfVersion> - </IfModule> - <IfModule !mod_version.c> - Require all denied + <IfModule mod_php7.c> + php_flag magic_quotes_gpc Off + php_flag short_open_tag On + php_flag register_globals Off + php_flag register_argc_argv On + php_flag track_vars On + # this setting is necessary for some locales + php_value mbstring.func_overload 0 + php_value include_path . </IfModule> </Directory> - <Directory __CACTIDIR__/rra> - AllowOverride none - <IfModule mod_version.c> - <IfVersion < 2.4> - Order deny,allow - Deny from all - </IfVersion> - <IfVersion >= 2.4> - <IfModule mod_authz_core.c> - Require all denied - </IfModule> - <IfModule mod_access_compat.c> - Order deny,allow - Deny from all - </IfModule> - </IfVersion> - </IfModule> - <IfModule !mod_version.c> + <DirectoryMatch ^__CACTIDIR__/(docs|images|include|install)> + Require all granted + <Files config.php> Require all denied - </IfModule> + </Files> + </Directory> + + <Directory __CACTIDIR__/*/> + Require all denied </Directory> </IfDefine> ++++++ cacti-rpmlintrc ++++++ # the following lines are for the cron job that is used to # run administrative tasks in cacti addFilter("suse-missing-rclink cacti-cron"); addFilter("systemd-service-without-service_add_post cacti-cron.service"); addFilter("systemd-service-without-service_add_pre cacti-cron.service"); addFilter("systemd-service-without-service_del_postun cacti-cron.service"); addFilter("systemd-service-without-service_del_preun cacti-cron.service"); # no lib: rpmlint false positive addFilter("explicit-lib-dependency php-zlib");
