subject:"\[gentoo\-commits\] repo\/gentoo\:master commit in\: www\-apps\/tt\-rss\/files\/, www\-apps\/tt\-rss\/"

[gentoo-commits] repo/gentoo:master commit in: www-apps/tt-rss/files/, www-apps/tt-rss/

2023-09-17 Thread James Le Cuirot

commit: 291c589208abc5bb0b304c80d1316347747731e5
Author: James Le Cuirot  gentoo  org>
AuthorDate: Sun Sep 17 21:31:03 2023 +
Commit: James Le Cuirot  gentoo  org>
CommitDate: Sun Sep 17 21:32:48 2023 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=291c5892

www-apps/tt-rss: Bump snapshot to 20230901, PHP 8.2, improve permissions

You are now instructed to always add the PHP user the ttrssd group, unless
everything is to run as the web server user. This was necessary before, but my
earlier wording was ambiguous, if not entirely wrong.

The config.php file permissions are now also locked down to secure the database
credentials. It was previously world-readable.

Signed-off-by: James Le Cuirot  gentoo.org>

 www-apps/tt-rss/Manifest   |  2 +-
 www-apps/tt-rss/files/permissions-r1   | 23 ++-
 www-apps/tt-rss/files/tt-rss-no-chmod.patch| 44 +-
 www-apps/tt-rss/files/ttrssd.confd-r2  |  9 ++---
 ...-rss-20220218.ebuild => tt-rss-20230901.ebuild} | 14 +++
 www-apps/tt-rss/tt-rss-.ebuild | 16 +---
 6 files changed, 54 insertions(+), 54 deletions(-)

diff --git a/www-apps/tt-rss/Manifest b/www-apps/tt-rss/Manifest
index e407e317a278..da200b684ec8 100644
--- a/www-apps/tt-rss/Manifest
+++ b/www-apps/tt-rss/Manifest
@@ -1 +1 @@
-DIST tt-rss-20220218.tar.gz 9916433 BLAKE2B 
318969b6e5156842079bf68c4ea614e5e60e21d8caa46b1a78f2cef051904da30e5091838f6e10f6f610d8ee39c7922137aeb60b7cd5004cabc1d2cdf65edfa8
 SHA512 
38a81dd737462724bc52ca3915350c175abe548cd566a4f9a5e1d5efda9287d0666e9348e5b13dd20549360501de5b0bfb659292fb650f7a60fdab8b63cf8202
+DIST tt-rss-20230901.tar.xz 5368876 BLAKE2B 
af7dc8c7003f9bd83f656a1596458302eb29b7f27428e38e9cbc7fdeb0b920079622b577e5e578069d8475c265061efeb23648da621ad66263370a748512d49c
 SHA512 
02111c89a3dc8fbf94be38d87fa90770eaaa644672aeeb7c1ece3ac7137c5a4f2f0f4412319bd887305f365fc7da9bfe3f644495a5655e8a351ecdae97a04d35

diff --git a/www-apps/tt-rss/files/permissions-r1 
b/www-apps/tt-rss/files/permissions-r1
index e50b4406646d..0ca420e97beb 100644
--- a/www-apps/tt-rss/files/permissions-r1
+++ b/www-apps/tt-rss/files/permissions-r1
@@ -3,22 +3,27 @@
 cd "${MY_INSTALLDIR}"
 
 if [[ $1 = install ]]; then
+   # Ensure database credentials are secure.
+   [[ -e config.php ]] || touch config.php
+   chown --no-dereference "${VHOST_SERVER_UID}":ttrssd config.php
+   chmod 00440 config.php
+
# We need to lock down cache/ for the operations below to be
# safe. The permissions match the webapp-config defaults but these
# can be changed and existing installations may also differ.
chown root:root cache/
chmod 00755 cache/
 
-   chgrp --no-dereference ttrssd feed-icons/ lock/ cache/*/
-   chmod g+ws feed-icons/ lock/ cache/*/
+   chgrp --no-dereference ttrssd lock/ cache/*/
+   chmod g+ws lock/ cache/*/
 
-   # Files within lock/ are exclusively written by the update daemon.
-   # feed-icons/ and cache/ holds files that are modified in place by both
-   # processes and therefore ACLs are required to ensure that the files
-   # themselves are created as group writable.
-   if ! setfacl --modify d:g::rwX feed-icons/ cache/*/; then
+   # Files within lock/ are exclusively written by the update daemon. 
cache/
+   # subdirectories hold files that are modified in place by both 
processes and
+   # therefore ACLs are required to ensure that the files themselves are
+   # created as group writable.
+   if ! setfacl --modify d:g::rwX cache/*/; then
echo "WARNING: ACLs are not available on this filesystem. 
Either enable them or set TTRSSD_USER to your PHP user in /etc/conf.d/ttrssd to 
avoid permission issues."
-   elif [[ -n $(find feed-icons/ cache/ -type f ! -name ".*" ! -name 
index.html ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then
-   echo "WARNING: Files that are not writable by the ttrssd group 
found within the cache or feed-icons directories. Either delete them or correct 
their permissions."
+   elif [[ -n $(find cache/ -type f ! -name ".*" ! -name index.html ! \( 
-group ttrssd -perm -020 \) -print -quit) ]]; then
+   echo "WARNING: Files that are not writable by the ttrssd group 
found within the cache directory. Either delete them or correct their 
permissions."
fi
 fi

diff --git a/www-apps/tt-rss/files/tt-rss-no-chmod.patch 
b/www-apps/tt-rss/files/tt-rss-no-chmod.patch
index e51e66eaed22..4dd41af4bb12 100644
--- a/www-apps/tt-rss/files/tt-rss-no-chmod.patch
+++ b/www-apps/tt-rss/files/tt-rss-no-chmod.patch
@@ -1,26 +1,18 @@
-These files may be written and then updated by the web interface user or the
-update daemon user, so they need to be group writeable. We enforce this with
-ACLs rather than chmod though.
-
-diff --color -Naur a/classes/pref/feeds.php

[gentoo-commits] repo/gentoo:master commit in: www-apps/tt-rss/files/, www-apps/tt-rss/

2022-06-22 Thread James Le Cuirot

commit: 62e7ee4bf96b14a426a9b05738b00f84bbcb979d
Author: James Le Cuirot  gentoo  org>
AuthorDate: Wed Jun 22 21:49:50 2022 +
Commit: James Le Cuirot  gentoo  org>
CommitDate: Wed Jun 22 21:49:50 2022 +
URL:https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=62e7ee4b

www-apps/tt-rss: Update no-chmod patch for 

Thanks to ppn for the patch.

Closes: https://bugs.gentoo.org/853139
Signed-off-by: James Le Cuirot  gentoo.org>

 www-apps/tt-rss/files/tt-rss-no-chmod-r2.patch | 26 ++
 www-apps/tt-rss/tt-rss-.ebuild |  2 +-
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/www-apps/tt-rss/files/tt-rss-no-chmod-r2.patch 
b/www-apps/tt-rss/files/tt-rss-no-chmod-r2.patch
new file mode 100644
index ..05de80b127c5
--- /dev/null
+++ b/www-apps/tt-rss/files/tt-rss-no-chmod-r2.patch
@@ -0,0 +1,26 @@
+These files may be written and then updated by the web interface user or the
+update daemon user, so they need to be group writeable. We enforce this with
+ACLs rather than chmod though.
+
+diff -Naur a/classes/pref/feeds.php b/classes/pref/feeds.php
+--- a/classes/pref/feeds.php   2022-02-18 13:44:03.0 +
 b/classes/pref/feeds.php   2022-02-19 15:37:55.000723992 +
+@@ -490,7 +490,6 @@
+
+   if (file_exists($new_filename)) 
unlink($new_filename);
+   if (rename($tmp_file, $new_filename)) {
+-  chmod($new_filename, 0644);
+
+   $feed->set([
+   'favicon_avg_color' => 
null,
+diff -Naur a/classes/rssutils.php b/classes/rssutils.php
+--- a/classes/rssutils.php 2022-06-20 09:37:43.205998915 +
 b/classes/rssutils.php 2022-06-20 09:38:01.002279039 +
+@@ -1758,7 +1758,6 @@
+ 
+   fwrite($fp, $contents);
+   fclose($fp);
+-  chmod($icon_file, 0644);
+   clearstatcache();
+ 
+   return $icon_file;

diff --git a/www-apps/tt-rss/tt-rss-.ebuild 
b/www-apps/tt-rss/tt-rss-.ebuild
index e91fad7a3c67..89e1ba0ce816 100644
--- a/www-apps/tt-rss/tt-rss-.ebuild
+++ b/www-apps/tt-rss/tt-rss-.ebuild
@@ -51,7 +51,7 @@ DEPEND="
 need_httpd_cgi # From webapp.eclass
 
 PATCHES=(
-   "${FILESDIR}"/${PN}-no-chmod.patch
+   "${FILESDIR}"/${PN}-no-chmod-r2.patch
 )
 
 src_install() {

[gentoo-commits] repo/gentoo:master commit in: www-apps/tt-rss/files/, www-apps/tt-rss/

[gentoo-commits] repo/gentoo:master commit in: www-apps/tt-rss/files/, www-apps/tt-rss/

2 matches

Site Navigation

Mail list logo

Footer information