diff options
| author | David Runge | 2018-11-30 19:13:07 +0100 |
|---|---|---|
| committer | David Runge | 2019-02-28 20:41:30 +0100 |
| commit | e17b1cba448e679b63f45e3359d07edf05378510 (patch) | |
| tree | 671d6e6a1a2476bbd0de2a0c44f5a975bda4c863 | |
| parent | 2af4a55d2cb85dc18775dccce426eab6c736a8af (diff) | |
| download | aur-e17b1cba448e679b63f45e3359d07edf05378510.tar.gz | |
librenms.logrotate: Removing, as it's included in source.
librenms.tmpfiles: Renaming.
apache.example.conf: Using FHS compliant paths.
nginx.example.conf: Using FHS compliant log paths.
librenms.sysusers: Do not add librenms to http group, as the shared group for all webapps is unsafe as it allows access to data of other applications.
librenms.tmpfiles: Adding all transient files/folders in FHS compliant paths.
PKGBUILD: Upgrading to 1.48.1. Switching to a FHS compliant setup, in which state files are below /var/lib/librenms, cache is below /var/cache/librenms, logs below /var/log/librenms and configuration below /etc/webapps/librenms.
This adds quite a few manual file installs (as they would otherwise have yolo 755 all over the place or not be required at all). Additionally composer is used in build(), therefore that function is abused to also handle configuration/script modifications.
There are still references of fping6 (Debian only) all over the place, so that has to be setup in the configuration manually. Most notably, this setup moves away from a librenms user, that is in the http group (as that is unsafe), so wsgi setups behind a webserver (or the webserver itself) need to use the proper GID/UID of librenms for all operations towards state files/logs.
| -rw-r--r-- | .SRCINFO | 47 | ||||
| -rw-r--r-- | PKGBUILD | 188 | ||||
| -rw-r--r-- | apache.example.conf | 10 | ||||
| -rw-r--r-- | librenms.logrotate | 11 | ||||
| -rw-r--r-- | librenms.sysusers | 3 | ||||
| -rw-r--r-- | librenms.tmpfile | 3 | ||||
| -rw-r--r-- | librenms.tmpfiles | 30 | ||||
| -rw-r--r-- | nginx.example.conf | 4 |
8 files changed, 199 insertions, 97 deletions
@@ -1,39 +1,40 @@ pkgbase = librenms - pkgdesc = Autodiscovering PHP/MySQL-based network monitoring system. - pkgver = 1.43 + pkgdesc = Autodiscovering PHP/MySQL/SNMP based network monitoring + pkgver = 1.48.1 pkgrel = 1 url = https://www.librenms.org/ arch = any license = GPL3 - depends = php - depends = php-intl - depends = php-gd - depends = php-net-ipv4 - depends = php-net-ipv6 - depends = net-snmp - depends = graphviz - depends = php-snmp - depends = php-mcrypt + makedepends = composer + makedepends = git + makedepends = unzip depends = fping + depends = graphviz depends = imagemagick - depends = whois depends = nmap + depends = php-intl + depends = php-gd + depends = php-snmp + depends = python-memcached + depends = python-mysqlclient depends = rrdtool - depends = git - depends = mysql-python + depends = whois + optdepends = cronie: running librenms cron jobs + optdepends = mariadb: use a local SQL server + optdepends = python-dotenv: for librenms service + optdepends = python-redis: for distributed librenms service backup = etc/webapps/librenms/config.php - source = librenms-1.43.tar.gz::https://github.com/librenms/librenms/archive/1.43.tar.gz - source = librenms.logrotate + backup = etc/webapps/librenms/.env + backup = etc/php/conf.d/librenms.ini + backup = etc/cron.d/librenms source = librenms.sysusers - source = librenms.tmpfile + source = librenms.tmpfiles source = apache.example.conf source = nginx.example.conf - sha256sums = 6f5fc969eae766d894715f703628534b35420ba3b77cc25988abfd522f14cb6c - sha256sums = 4189c171e4edb55ff11c80b313fed6ff4226ddb38f1e7c97e741e59e1c83afb8 - sha256sums = ee2a2d465e01b65863a603406d2bee8858ec488546cb84d5c4fdb3166cc062a3 - sha256sums = ad83d03b8459e87ecd77f9ffebe56ccb9cc2dff1d52ce1151ef79a1e26653361 - sha256sums = aed1a35b2d84f3b40e0d519ccdb56a5929896ae7cfedd3766f5df4b51fac3319 - sha256sums = e1722c586e61e320c2382b2322150e176c61523dccb81eeec6c3d4618819110c + sha512sums = 19fa542b7597adeccdb94add97102a86ba4a238ba44e999c6e8d186cb7d5ed0523893559719e0b8036acd90cdc1a908497c3027ed49b028fba729ed61ad34052 + sha512sums = e462785a695a19ee4104b48ef321e5d597f6e7469c15f362062d8a4eebe2eddca5584e4739046655a448caa7c4402625d88479fae562be859ed3a6e7d4766b23 + sha512sums = 150aa9912d25502d9397f0c4a6831363c79c1603ff65151d4efc0061516ee19586f3cc38f08f9e60530176c103c845d0cc1a46f685cb22c1a8a7cb8db4ab6274 + sha512sums = cde868416a13353290e4063c937e13b029e616abe3416e4e7c906bbd8000f871429546335470bbc2b219c1bcc95d6ee0f79481ee765c7351bbed6487ad42fee4 pkgname = librenms @@ -1,59 +1,147 @@ -# Maintainer: Nils Czernia <nils[at]czserver[dot]de> +# Maintainer: David Runge <dave@sleepmap.de> +# Contributor: Nils Czernia <nils[at]czserver[dot]de> pkgname=librenms -pkgver=1.43 +pkgver=1.48.1 pkgrel=1 -pkgdesc='Autodiscovering PHP/MySQL-based network monitoring system.' +pkgdesc='Autodiscovering PHP/MySQL/SNMP based network monitoring' arch=('any') -url='https://www.librenms.org/' +url="https://www.librenms.org/" license=('GPL3') -depends=( - 'php' 'php-intl' 'php-gd' 'php-net-ipv4' 'php-net-ipv6' 'net-snmp' - 'graphviz' 'php-snmp' 'php-mcrypt' 'fping' 'imagemagick' 'whois' 'nmap' - 'rrdtool' 'git' 'mysql-python' -) -backup=("etc/webapps/${pkgname}/config.php") -source=( - "${pkgname}-${pkgver}.tar.gz::https://github.com/${pkgname}/${pkgname}/archive/${pkgver}.tar.gz" - "librenms.logrotate" - "librenms.sysusers" - "librenms.tmpfile" - "apache.example.conf" - "nginx.example.conf" -) -sha256sums=('6f5fc969eae766d894715f703628534b35420ba3b77cc25988abfd522f14cb6c' - '4189c171e4edb55ff11c80b313fed6ff4226ddb38f1e7c97e741e59e1c83afb8' - 'ee2a2d465e01b65863a603406d2bee8858ec488546cb84d5c4fdb3166cc062a3' - 'ad83d03b8459e87ecd77f9ffebe56ccb9cc2dff1d52ce1151ef79a1e26653361' - 'aed1a35b2d84f3b40e0d519ccdb56a5929896ae7cfedd3766f5df4b51fac3319' - 'e1722c586e61e320c2382b2322150e176c61523dccb81eeec6c3d4618819110c') +depends=('fping' 'graphviz' 'imagemagick' 'nmap' 'php-intl' 'php-gd' 'php-snmp' +'python-memcached' 'python-mysqlclient' 'rrdtool' 'whois') +makedepends=('composer' 'git' 'unzip') +optdepends=('cronie: running librenms cron jobs' + 'mariadb: use a local SQL server' + 'python-dotenv: for librenms service' + 'python-redis: for distributed librenms service') +backup=("etc/webapps/${pkgname}/config.php" + "etc/webapps/${pkgname}/.env" + "etc/php/conf.d/${pkgname}.ini" + "etc/cron.d/${pkgname}") +# TODO: add uwsgi example +source=("${pkgname}.sysusers" + "${pkgname}.tmpfiles" + "apache.example.conf" + "nginx.example.conf") +sha512sums=('19fa542b7597adeccdb94add97102a86ba4a238ba44e999c6e8d186cb7d5ed0523893559719e0b8036acd90cdc1a908497c3027ed49b028fba729ed61ad34052' + 'e462785a695a19ee4104b48ef321e5d597f6e7469c15f362062d8a4eebe2eddca5584e4739046655a448caa7c4402625d88479fae562be859ed3a6e7d4766b23' + '150aa9912d25502d9397f0c4a6831363c79c1603ff65151d4efc0061516ee19586f3cc38f08f9e60530176c103c845d0cc1a46f685cb22c1a8a7cb8db4ab6274' + 'cde868416a13353290e4063c937e13b029e616abe3416e4e7c906bbd8000f871429546335470bbc2b219c1bcc95d6ee0f79481ee765c7351bbed6487ad42fee4') -prepare() { - cd "$srcdir"/${pkgname}-${pkgver} - - sed -i 's/\/opt\/librenms/\/usr\/share\/webapps\/librenms/g' librenms.nonroot.cron - sed -i 's/\/opt\/librenms/\/usr\/share\/webapps\/librenms/g' librenms.cron - - # move logs to /var/log - rm -rf logs - ln -sf /var/log/${pkgname} logs +build(){ + php -d 'extension=gd' /usr/bin/composer create-project --no-dev -n ${pkgname}/${pkgname} ${pkgname}-${pkgver} ${pkgver} + cd "${pkgname}-${pkgver}" + # make cron jobs compatible with package locations + # disable daily.sh (update job) + sed -e 's|/opt/librenms|/usr/share/webapps/librenms|g' \ + -e '/daily.sh/s/^/# /' \ + -i *.cron + # make logrotate file compatible with package locations + sed -e 's|/opt/librenms/logs/|/var/log/librenms/|g' -i "misc/${pkgname}.logrotate" + # make services comptible with package locations + sed -e 's|/opt/librenms|/usr/share/webapps/librenms|g' \ + -i "misc/${pkgname}"*.service + # make helper scripts compatible with package locations + sed -e 's|/opt/librenms|/usr/share/webapps/librenms|g' \ + -i scripts/watchmaillog/* \ + -i scripts/Migration/{Standard_Conversion,XML_Conversion}/* + # create (commented!) open_basedir settings for php + # TODO: This actually needs to be massively extended to allow access to required applications + echo '# open_basedir = ${open_basedir}:/usr/share/webapps/librenms:/etc/webapps/librenms:/proc' > ../"${pkgname}.ini" + # enfore file permissions + find {LibreNMS,app,doc,html,includes,mibs,resources,tests} -type f -exec chmod 644 {} + + find {LibreNMS,app,doc,html,includes,mibs,resources,tests} -type d -exec chmod 755 {} + } package() { - install -d "$pkgdir"/{{etc,usr/share}/webapps/$pkgname,var/log/$pkgname} - install -dm0755 "$pkgdir"/etc/logrotate.d - - cp -R ${pkgname}-${pkgver}/. "$pkgdir"/usr/share/webapps/${pkgname}/ - - install -Dm644 ${pkgname}-${pkgver}/config.php.default "$pkgdir"/etc/webapps/${pkgname}/config.php - ln -s /etc/webapps/${pkgname}/config.php "$pkgdir"/usr/share/webapps/${pkgname}/config.php - - install -D -m644 "${srcdir}"/${pkgname}.logrotate "$pkgdir"/etc/logrotate.d/${pkgname} - install -dm0775 "$pkgdir"/usr/share/webapps/${pkgname}/rrd - - # php.ini - install -dm0755 "$pkgdir"/etc/php/conf.d/ - echo 'open_basedir = ${open_basedir}:/usr/share/webapps/librenms:/etc/webapps/librenms:/proc' > "$pkgdir"/etc/php/conf.d/${pkgname}.ini - - install -D -m644 "$srcdir"/${pkgname}.sysusers "$pkgdir/usr/lib/sysusers.d/${pkgname}.conf" - install -D -m644 "$srcdir"/${pkgname}.tmpfile "$pkgdir/usr/lib/tmpfiles.d/${pkgname}.conf" + cd "${pkgname}-${pkgver}" + # docs + install -vDm 644 {AUTHORS,CHANGELOG,CODE_OF_CONDUCT,CONTRIBUTING,README}.md \ + -t "${pkgdir}/usr/share/doc/${pkgname}" + # examples + install -vDm 644 snmp*.example ../{apache,nginx}.example.conf \ + -t "${pkgdir}/usr/share/doc/${pkgname}/examples" + # cron.d + install -vDm 644 "${pkgname}.nonroot.cron" "${pkgdir}/etc/cron.d/${pkgname}" + # services + install -vDm 644 "misc/${pkgname}"*.service \ + -t "${pkgdir}/usr/lib/systemd/system/" + # files + install -vDm 644 bootstrap/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/bootstrap" + install -vDm 644 config/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/config" + install -vDm 644 contrib/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/contrib" + install -vDm 644 database/factories/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/database/factories" + install -vDm 644 database/migrations/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/database/migrations" + install -vDm 644 database/seeds/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/database/seeds" + install -vDm 644 misc/*.{json,yaml,conf,rss,xml} \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/misc" + install -vDm 644 routes/*.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}/routes" + install -vDm 644 sql-schema/*.sql\ + -t "${pkgdir}/usr/share/webapps/${pkgname}/sql-schema" + cp -av LibreNMS "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av app "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av doc "${pkgdir}/usr/share/doc/${pkgname}/" + cp -av html "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av includes "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av mibs "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av resources "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av scripts "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av tests "${pkgdir}/usr/share/webapps/${pkgname}/" + cp -av vendor "${pkgdir}/usr/share/webapps/${pkgname}/" + # application config + install -vDm 644 config.php.default \ + "${pkgdir}/etc/webapps/${pkgname}/config.php" + ln -sv "/etc/webapps/${pkgname}/config.php" \ + "${pkgdir}/usr/share/webapps/${pkgname}/config.php" + install -vDm 644 .env \ + "${pkgdir}/etc/webapps/${pkgname}/.env" + ln -sv "/etc/webapps/${pkgname}/.env" \ + "${pkgdir}/usr/share/webapps/${pkgname}/.env" + # logrotate.d + install -vDm 644 "misc/${pkgname}.logrotate" \ + "${pkgdir}/etc/logrotate.d/${pkgname}" + # php conf.d + install -vDm 644 "../${pkgname}.ini" -t "${pkgdir}/etc/php/conf.d/" + # sysusers.d + install -vDm 644 ../${pkgname}.sysusers \ + "${pkgdir}/usr/lib/sysusers.d/${pkgname}.conf" + # tmpfiles.d + install -vDm 644 ../${pkgname}.tmpfiles \ + "${pkgdir}/usr/lib/tmpfiles.d/${pkgname}.conf" + # logs + ln -sv "/var/log/${pkgname}" "${pkgdir}/usr/share/webapps/${pkgname}/logs" + # cache + ln -sv "/var/cache/${pkgname}" "${pkgdir}/usr/share/webapps/${pkgname}/cache" + # rrd + ln -sv "/var/lib/${pkgname}/rrd" "${pkgdir}/usr/share/webapps/${pkgname}/rrd" + # bootstrap cache + ln -sv "/var/lib/${pkgname}/bootstrap/cache" \ + "${pkgdir}/usr/share/webapps/${pkgname}/bootstrap/cache" + # storage + ln -sv "/var/lib/${pkgname}/storage" \ + "${pkgdir}/usr/share/webapps/${pkgname}/storage" + # top-level (cron-related) scripts that require executable bit + install -vDm 755 cronic daily.sh {poller,discovery}-wrapper.py \ + {discovery,alerts,poll-billing,billing-calculate,check-services}.php \ + -t "${pkgdir}/usr/share/webapps/${pkgname}" + # scripts that also need executable bit for bizarre reasons (being called + # directly from within the application) + install -vDm 755 {build-base,irc,poller}.php \ + {librenms-service,services-wrapper,snmp-scan}.py \ + {pbin.sh,lnms} \ + -t "${pkgdir}/usr/share/webapps/${pkgname}" + # top-level scripts/files, that don't require executable bit + install -vDm 644 {add{host,user},config_to_json,daily,delhost,dist-pollers,ping,renamehost,syslog,validate}.php \ + build.sql mkdocs.yml webpack.mix.js \ + -t "${pkgdir}/usr/share/webapps/${pkgname}" + # removing unneeded git related files and folders + find "${pkgdir}/usr/share/webapps/${pkgname}/vendor" \ + -iname "*.git*" -exec rm -rvf {} + } diff --git a/apache.example.conf b/apache.example.conf index 4db60991f356..735610ced1b9 100644 --- a/apache.example.conf +++ b/apache.example.conf @@ -1,11 +1,11 @@ <VirtualHost *:80> - DocumentRoot /opt/librenms/html/ + DocumentRoot /usr/share/librenms/html/ ServerName librenms.example.com - CustomLog /opt/librenms/logs/access_log combined - ErrorLog /opt/librenms/logs/error_log + CustomLog /var/log/httpd/access.librenms.log combined + ErrorLog /var/log/httpd/logs/error.librenms.log AllowEncodedSlashes On - <Directory "/opt/librenms/html/"> + <Directory "/usr/share/librenms/html/"> AllowOverride All Options FollowSymLinks MultiViews </Directory> -</VirtualHost>
\ No newline at end of file +</VirtualHost> diff --git a/librenms.logrotate b/librenms.logrotate deleted file mode 100644 index d01232dd6fec..000000000000 --- a/librenms.logrotate +++ /dev/null @@ -1,11 +0,0 @@ -# /etc/logrotate.d/librenms -/var/log/librenms/*log { - su http http - weekly - rotate 6 - compress - delaycompress - missingok - notifempty - create 664 http http -} diff --git a/librenms.sysusers b/librenms.sysusers index 870b03159071..7e1cf913f2e4 100644 --- a/librenms.sysusers +++ b/librenms.sysusers @@ -1,4 +1 @@ -# Type Name ID GECOS Home directory -###################################################################### u librenms - "LibreNMS user" - -m http librenms diff --git a/librenms.tmpfile b/librenms.tmpfile deleted file mode 100644 index 067fd0ba7c71..000000000000 --- a/librenms.tmpfile +++ /dev/null @@ -1,3 +0,0 @@ -d /etc/webapps/librenms/ 0750 librenms http -d /usr/share/webapps/librenms/ 0755 librenms http -d /var/log/librenms/ 0775 librenms http diff --git a/librenms.tmpfiles b/librenms.tmpfiles new file mode 100644 index 000000000000..76e1c38a00d0 --- /dev/null +++ b/librenms.tmpfiles @@ -0,0 +1,30 @@ +z /etc/webapps/librenms/config.php 0640 librenms librenms +z /etc/webapps/librenms/.env 0640 librenms librenms +d %C/librenms/ 0755 librenms librenms +z %C/librenms/* 0644 librenms librenms +d %L/librenms/ 0755 librenms librenms +z %L/librenms/* 0644 librenms librenms +d %S/librenms/ 0750 librenms librenms +z %S/librenms/rrd/ 0755 librenms librenms +z %S/librenms/rrd/* 0640 librenms librenms +d %S/librenms/bootstrap/ 0755 librenms librenms +d %S/librenms/bootstrap/cache/ 0755 librenms librenms +z %S/librenms/bootstrap/cache/* 0640 librenms librenms +d %S/librenms/storage/ 0755 librenms librenms +d %S/librenms/storage/app/ 0755 librenms librenms +d %S/librenms/storage/app/public/ 0755 librenms librenms +z %S/librenms/storage/app/public/* 0640 librenms librenms +d %S/librenms/storage/debugbar/ 0755 librenms librenms +z %S/librenms/storage/debugbar/* 0640 librenms librenms +d %S/librenms/storage/framework/ 0755 librenms librenms +z %S/librenms/storage/framework/* 0755 librenms librenms +d %S/librenms/storage/framework/cache/ 0755 librenms librenms +z %S/librenms/storage/framework/cache/* 0640 librenms librenms +d %S/librenms/storage/framework/sessions/ 0755 librenms librenms +z %S/librenms/storage/framework/sessions/* 0640 librenms librenms +d %S/librenms/storage/framework/testing/ 0755 librenms librenms +z %S/librenms/storage/framework/testing/* 0640 librenms librenms +d %S/librenms/storage/framework/views/ 0755 librenms librenms +z %S/librenms/storage/framework/views/* 0640 librenms librenms +d %S/librenms/storage/logs/ 0755 librenms librenms +z %S/librenms/storage/logs/* 0640 librenms librenms diff --git a/nginx.example.conf b/nginx.example.conf index b0a637f5181c..61160a9ea9b8 100644 --- a/nginx.example.conf +++ b/nginx.example.conf @@ -3,8 +3,8 @@ server { server_name librenms.example.com; root /usr/share/webapps/librenms/html; index index.php; - access_log /usr/share/webapps/librenms/logs/access_log; - error_log /usr/share/webapps/librenms/logs/error_log; + access_log /var/log/nginx/librenms_access.log; + error_log /var/log/nginx/librenms_error.log; location / { try_files $uri $uri/ @librenms; } |