Date: Sun, 27 Jan 2013 07:22:47 +0000 (UTC) From: Mark Linimon <linimon@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r245975 - in projects/portbuild: admin/conf conf Message-ID: <201301270722.r0R7Ml1e037643@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: linimon (doc,ports committer) Date: Sun Jan 27 07:22:46 2013 New Revision: 245975 URL: http://svnweb.freebsd.org/changeset/base/245975 Log: Move README.dotunnel and apache.conf away from the portbuild user and over to the admin user. This is required for security reasons. Added: projects/portbuild/admin/conf/README.dotunnel - copied unchanged from r245972, projects/portbuild/conf/README.dotunnel projects/portbuild/admin/conf/apache.conf - copied unchanged from r245972, projects/portbuild/conf/apache.conf Deleted: projects/portbuild/conf/README.dotunnel projects/portbuild/conf/apache.conf Copied: projects/portbuild/admin/conf/README.dotunnel (from r245972, projects/portbuild/conf/README.dotunnel) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/conf/README.dotunnel Sun Jan 27 07:22:46 2013 (r245975, copy of r245972, projects/portbuild/conf/README.dotunnel) @@ -0,0 +1,31 @@ +Various package build nodes require us to set up TCP tunnels to talk +to them. (Some systems don't pass certain ports; some systems have +firewalls; some systems have multiple nodes on one IP address.) + +These have always been hardcoded in crontab lines of the form "while true; +do <hardcoded-tunnel-stuff>; done". Other than the magic hardcoding, +there's a problem with this. When the tunnel command exits, such as if +the host suddenly becoming unreachable, it doesn't send mail -- instead +it just accumulates a huge file in /var/spool/clientmqueue which never +gets sent. To add insult to injury, /var is on our root partition. + +To cure these problems, we now have + + /var/portbuild/conf/<arch>/dotunnel.XXX + +where XXX corresponds to one line in the old crontab. Each script sets +up one tunnel, sends mail to the user(s) in + + /var/portbuild/<arch>/portbuild.conf + +once the command exits, and then sleeps. + +Why not put it in /var/portbuild/<arch> you ask? That directory is +propogated to all nodes for that arch. This would be a security leak. +The intention is that none of the dotunnel files will be checked into +CVS. + +Final note: each script figures out which arch it is for by fiddling +with its $0, so invoke it with its full pathname. + +mcl Copied: projects/portbuild/admin/conf/apache.conf (from r245972, projects/portbuild/conf/apache.conf) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/conf/apache.conf Sun Jan 27 07:22:46 2013 (r245975, copy of r245972, projects/portbuild/conf/apache.conf) @@ -0,0 +1,50 @@ +DocumentRoot "/var/portbuild/www" + +# filter magic to decompress bzip2 logs - pav@ +LoadModule ext_filter_module libexec/apache22/mod_ext_filter.so +ExtFilterDefine BUNZIP2 mode=output intype=application/x-bzip2 outtype=text/plain cmd=/usr/bin/bunzip2 + +<Directory /var/portbuild/www> + Order allow,deny + Allow from all + Options FollowSymLinks + AllowOverride None + #Redirect permanent /index.html http://pointyhat.freebsd.org/errorlogs/ +</Directory> + +Alias /errorlogs/ /var/portbuild/errorlogs/ + +<Directory /var/portbuild/errorlogs> + Order allow,deny + Allow from all + Options FollowSymLinks Indexes +# Added kk 030222 + Options +IncludesNoExec + AddHandler server-parsed .shtml + DirectoryIndex index.shtml index.html +# filter magic to decompress bzip2 logs - pav@ + Options +MultiViews + AddOutputFilterByType BUNZIP2 application/x-bzip2 +</Directory> + +Alias /ganglia/ "/usr/local/www/ganglia/" + +<Directory "/usr/local/www/ganglia"> + Order allow,deny + Allow from all + Options Indexes FollowSymlinks MultiViews + AllowOverride None + AddType text/html php + #AddType application/x-httpd-php .php + #AddType application/x-httpd-php-source .phps + addhandler php5-script .php + DirectoryIndex index.php +</Directory> + +# sometimes useful as a playpen +#<Directory /var/portbuild/www/studies> +# Order allow,deny +# Allow from all +# Options Indexes FollowSymlinks MultiViews +# AllowOverride None +#</Directory>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201301270722.r0R7Ml1e037643>