Hello community, here is the log from the commit of package hawk for openSUSE:Factory checked in at 2015-11-10 10:03:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/hawk (Old) and /work/SRC/openSUSE:Factory/.hawk.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "hawk" Changes: -------- --- /work/SRC/openSUSE:Factory/hawk/hawk.changes 2015-10-20 00:08:57.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.hawk.new/hawk.changes 2015-11-10 10:03:43.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Nov 09 02:40:13 UTC 2015 - [email protected] + +- Update to version 1.0.0+git.1447036727.bf6a6e2: + + Swap certificate and private key if inverted (bsc#954159) + +------------------------------------------------------------------- Old: ---- hawk-1.0.0+git.1445255377.eeccb4a.tar.bz2 New: ---- hawk-1.0.0+git.1447036727.bf6a6e2.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ hawk.spec ++++++ --- /var/tmp/diff_new_pack.GDnuae/_old 2015-11-10 10:03:44.000000000 +0100 +++ /var/tmp/diff_new_pack.GDnuae/_new 2015-11-10 10:03:44.000000000 +0100 @@ -39,7 +39,7 @@ Summary: HA Web Konsole License: GPL-2.0 and Apache-2.0 Group: %{pkg_group} -Version: 1.0.0+git.1445255377.eeccb4a +Version: 1.0.0+git.1447036727.bf6a6e2 Release: 0 Url: http://www.clusterlabs.org/wiki/Hawk Source: %{name}-%{version}.tar.bz2 ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.GDnuae/_old 2015-11-10 10:03:44.000000000 +0100 +++ /var/tmp/diff_new_pack.GDnuae/_new 2015-11-10 10:03:44.000000000 +0100 @@ -1,4 +1,4 @@ <servicedata> <service name="tar_scm"> <param name="url">git://github.com/ClusterLabs/hawk.git</param> - <param name="changesrevision">eeccb4aa0dac18792f6d4061d077ebac7f4a112e</param></service></servicedata> \ No newline at end of file + <param name="changesrevision">bf6a6e2cf923aca33c6dcfdae8332be2cc81b05d</param></service></servicedata> \ No newline at end of file ++++++ hawk-1.0.0+git.1445255377.eeccb4a.tar.bz2 -> hawk-1.0.0+git.1447036727.bf6a6e2.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-1.0.0+git.1445255377.eeccb4a/chef/cookbooks/hawk/templates/default/systemd.service.erb new/hawk-1.0.0+git.1447036727.bf6a6e2/chef/cookbooks/hawk/templates/default/systemd.service.erb --- old/hawk-1.0.0+git.1445255377.eeccb4a/chef/cookbooks/hawk/templates/default/systemd.service.erb 2015-10-19 14:02:34.000000000 +0200 +++ new/hawk-1.0.0+git.1447036727.bf6a6e2/chef/cookbooks/hawk/templates/default/systemd.service.erb 2015-11-09 03:40:06.000000000 +0100 @@ -17,12 +17,12 @@ Environment="HAWK_WORKERS=2" Environment="HAWK_LISTEN=0.0.0.0" Environment="HAWK_PORT=3000" -Environment="HAWK_KEY=/vagrant/hawk/tmp/hawk.pem" -Environment="HAWK_CERT=/vagrant/hawk/tmp/hawk.key" +Environment="HAWK_KEY=/vagrant/hawk/tmp/hawk.key" +Environment="HAWK_CERT=/vagrant/hawk/tmp/hawk.pem" # Run ExecStartPre with root-permissions PermissionsStartOnly=true -ExecStartPre=/srv/www/hawk/bin/generate-ssl-cert +ExecStartPre=/vagrant/hawk/bin/generate-ssl-cert ExecStart=/usr/bin/puma -C /vagrant/hawk/config/puma.rb ExecStop=/usr/bin/pumactl -S /vagrant/hawk/tmp/pids/puma.state stop ExecReload=/usr/bin/pumactl -S /vagrant/hawk/tmp/pids/puma.state restart diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-1.0.0+git.1445255377.eeccb4a/hawk/bin/generate-ssl-cert new/hawk-1.0.0+git.1447036727.bf6a6e2/hawk/bin/generate-ssl-cert --- old/hawk-1.0.0+git.1445255377.eeccb4a/hawk/bin/generate-ssl-cert 2015-10-19 14:02:34.000000000 +0200 +++ new/hawk-1.0.0+git.1447036727.bf6a6e2/hawk/bin/generate-ssl-cert 2015-11-09 03:40:06.000000000 +0100 @@ -51,13 +51,33 @@ cert_file=/etc/ssl/certs/hawk.pem [ -n "$HAWK_CERT" ] && cert_file=$HAWK_CERT -log_file=$(dirname $0)/../log/certificate.log +log_file=$(dirname "$0")/../log/certificate.log -[ -e "$cert_key_file" ] && [ -e $cert_file ] && exit 0 +# Hawk had a strange pair of bugs: generate-ssl-cert will sometimes +# generate the key in the .pem file and the certificate in the .key +# file. The service file would also look for the key in the .pem file +# and vice versa. To work around this, we check and swap the files +# both before and after generation. (bsc#954159) +swap_key_certificate() { + if [ -e "$cert_key_file" ] && [ -e "$cert_file" ]; then + if head -1 <"$cert_key_file" | grep "CERTIFICATE" >/dev/null; then + if head -1 <"$cert_file" | grep "PRIVATE KEY" >/dev/null; then + mv -f -- "$cert_key_file" "$cert_file.$$" + mv -f -- "$cert_file" "$cert_key_file.$$" + mv -f -- "$cert_key_file.$$" "$cert_key_file" + mv -f -- "$cert_file.$$" "$cert_file" + fi + fi + fi +} + +swap_key_certificate + +[ -e "$cert_key_file" ] && [ -e "$cert_file" ] && exit 0 echo "No SSL certificate found. Creating one now." -mkdir -p $(dirname $cert_key_file) -mkdir -p $(dirname $cert_file) +mkdir -p "$(dirname "$cert_key_file")" +mkdir -p "$(dirname "$cert_file")" old_mask=$(umask) umask 137 @@ -67,7 +87,7 @@ [ -z "$CN" ] && CN=$(hostname) [ -z "$CN" ] && CN=localhost -$openssl_bin req -newkey rsa:2048 -x509 -nodes -days 1095 -batch -config /dev/fd/0 -out $cert_file -keyout $cert_key_file >$log_file 2>&1 <<CONF +$openssl_bin req -x509 -sha256 -nodes -days 1095 -newkey rsa:2048 -batch -config /dev/fd/0 -keyout "$cert_key_file" -out "$cert_file" >"$log_file" 2>&1 <<CONF [req] distinguished_name = user_dn prompt = no @@ -82,12 +102,13 @@ rc=$? if [ $rc -eq 0 ]; then - [ -x "$c_rehash_bin" ] && $c_rehash_bin $(dirname $cert_file) >/dev/null 2>&1 + swap_key_certificate + [ -x "$c_rehash_bin" ] && $c_rehash_bin "$(dirname "$cert_file")" >/dev/null 2>&1 else echo "Could not generate certificate. Please see $log_file for details" fi -chown root:haclient $cert_key_file $cert_file +chown root:haclient "$cert_key_file" "$cert_file" -umask $old_mask +umask "$old_mask" exit $rc diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-1.0.0+git.1445255377.eeccb4a/scripts/hawk.service.bundle_gems.in new/hawk-1.0.0+git.1447036727.bf6a6e2/scripts/hawk.service.bundle_gems.in --- old/hawk-1.0.0+git.1445255377.eeccb4a/scripts/hawk.service.bundle_gems.in 2015-10-19 14:02:34.000000000 +0200 +++ new/hawk-1.0.0+git.1447036727.bf6a6e2/scripts/hawk.service.bundle_gems.in 2015-11-09 03:40:06.000000000 +0100 @@ -19,8 +19,8 @@ Environment="HAWK_WORKERS=1" Environment="HAWK_LISTEN=0.0.0.0" Environment="HAWK_PORT=7630" -Environment="HAWK_KEY=/etc/hawk/hawk.pem" -Environment="HAWK_CERT=/etc/hawk/hawk.key" +Environment="HAWK_KEY=/etc/hawk/hawk.key" +Environment="HAWK_CERT=/etc/hawk/hawk.pem" EnvironmentFile=-/etc/sysconfig/hawk # Run ExecStartPre with root-permissions diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/hawk-1.0.0+git.1445255377.eeccb4a/scripts/hawk.service.in new/hawk-1.0.0+git.1447036727.bf6a6e2/scripts/hawk.service.in --- old/hawk-1.0.0+git.1445255377.eeccb4a/scripts/hawk.service.in 2015-10-19 14:02:34.000000000 +0200 +++ new/hawk-1.0.0+git.1447036727.bf6a6e2/scripts/hawk.service.in 2015-11-09 03:40:06.000000000 +0100 @@ -18,8 +18,8 @@ Environment="HAWK_WORKERS=1" Environment="HAWK_LISTEN=0.0.0.0" Environment="HAWK_PORT=7630" -Environment="HAWK_KEY=/etc/hawk/hawk.pem" -Environment="HAWK_CERT=/etc/hawk/hawk.key" +Environment="HAWK_KEY=/etc/hawk/hawk.key" +Environment="HAWK_CERT=/etc/hawk/hawk.pem" EnvironmentFile=-/etc/sysconfig/hawk # Run ExecStartPre with root-permissions
