diff options
author | Galen Sampson | 2013-03-19 23:35:10 -0700 |
---|---|---|
committer | Galen Sampson | 2013-03-19 23:35:10 -0700 |
commit | 254846bb8bd95306bb8193f053065b994535d860 (patch) | |
tree | a3882b83757d2f8ba66ce525ca366c6a0419c2ed | |
download | aur-254846bb8bd95306bb8193f053065b994535d860.tar.gz |
Initial package of Apache Traffic Server 3.2.4.
-rw-r--r-- | .SRCINFO | 81 | ||||
-rw-r--r-- | .gitignore | 5 | ||||
-rw-r--r-- | PKGBUILD | 121 | ||||
-rw-r--r-- | config.layout.patch | 26 | ||||
-rw-r--r-- | proxy_Main.patch | 12 | ||||
-rw-r--r-- | trafficserver.changelog | 4 | ||||
-rw-r--r-- | trafficserver.git-75d3566.patch | 42 | ||||
-rw-r--r-- | trafficserver.git-c9a2e06.patch | 128 | ||||
-rw-r--r-- | trafficserver.install | 11 | ||||
-rw-r--r-- | trafficserver.service.in.patch | 11 | ||||
-rw-r--r-- | trafficserver.tmpfiles | 1 |
11 files changed, 442 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..3a53d3598983 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,81 @@ +pkgbase = trafficserver + pkgdesc = Apache Traffic Server + pkgver = 3.2.4 + pkgrel = 1 + url = http://trafficserver.apache.org/ + install = trafficserver.install + changelog = trafficserver.changelog + arch = i686 + arch = x86_64 + license = Apache + makedepends = flex + depends = openssl + depends = tcl + depends = hwloc + backup = etc/trafficserver/congestion.config + backup = etc/trafficserver/logs_xml.config + backup = etc/trafficserver/hosting.config + backup = etc/trafficserver/parent.config + backup = etc/trafficserver/records.config + backup = etc/trafficserver/socks.config + backup = etc/trafficserver/trafficserver-release + backup = etc/trafficserver/splitdns.config + backup = etc/trafficserver/vaddrs.config + backup = etc/trafficserver/ae_ua.config + backup = etc/trafficserver/cluster.config + backup = etc/trafficserver/storage.config + backup = etc/trafficserver/mgr.cnf + backup = etc/trafficserver/volume.config + backup = etc/trafficserver/plugin.db + backup = etc/trafficserver/icp.config + backup = etc/trafficserver/update.config + backup = etc/trafficserver/remap.config + backup = etc/trafficserver/ssl_multicert.config + backup = etc/trafficserver/cache.config + backup = etc/trafficserver/body_factory/default/access#ssl_forbidden + backup = etc/trafficserver/body_factory/default/transcoding#unsupported + backup = etc/trafficserver/body_factory/default/request#syntax_error + backup = etc/trafficserver/body_factory/default/connect#failed_connect + backup = etc/trafficserver/body_factory/default/default + backup = etc/trafficserver/body_factory/default/response#bad_version + backup = etc/trafficserver/body_factory/default/interception#no_host + backup = etc/trafficserver/body_factory/default/cache#not_in_cache + backup = etc/trafficserver/body_factory/default/response#bad_response + backup = etc/trafficserver/body_factory/default/request#scheme_unsupported + backup = etc/trafficserver/body_factory/default/connect#dns_failed + backup = etc/trafficserver/body_factory/default/README + backup = etc/trafficserver/body_factory/default/redirect#moved_temporarily + backup = etc/trafficserver/body_factory/default/timeout#activity + backup = etc/trafficserver/body_factory/default/timeout#inactivity + backup = etc/trafficserver/body_factory/default/access#denied + backup = etc/trafficserver/body_factory/default/cache#read_error + backup = etc/trafficserver/body_factory/default/request#no_content_length + backup = etc/trafficserver/body_factory/default/request#cycle_detected + backup = etc/trafficserver/body_factory/default/access#proxy_auth_required + backup = etc/trafficserver/body_factory/default/.body_factory_info + backup = etc/trafficserver/body_factory/default/urlrouting#no_mapping + backup = etc/trafficserver/body_factory/default/request#no_host + backup = etc/trafficserver/body_factory/default/connect#hangup + backup = etc/trafficserver/body_factory/default/congestion#retryAfter + backup = etc/trafficserver/body_factory/default/access#redirect_url + backup = etc/trafficserver/plugin.config + backup = etc/trafficserver/stats.config.xml + backup = etc/trafficserver/log_hosts.config + backup = etc/trafficserver/ip_allow.config + source = http://apache.tradebit.com/pub/trafficserver/trafficserver-3.2.4.tar.bz2 + source = trafficserver.tmpfiles + source = config.layout.patch + source = trafficserver.git-c9a2e06.patch + source = trafficserver.git-75d3566.patch + source = proxy_Main.patch + source = trafficserver.service.in.patch + md5sums = 5ce8f59d608896ae56e9053ff86bb40c + md5sums = fc8ab2b6d01e22fb376832fb13137db1 + md5sums = 9ca01c6833ebbde4644a255c8bf802ce + md5sums = f395175164b2d8de90535e42ae1de72b + md5sums = f774f8454bec9422ac1af5445625a6b5 + md5sums = ec6be0b8e2ab575bcd077993809061b0 + md5sums = 74ba08091f580f8984eee8db0f7e4d27 + +pkgname = trafficserver + diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000000..a69137762987 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +src/ +pkg/ +trafficserver-*.pkg.tar.xz +trafficserver-*.tar.bz2 +.*.swp diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..5fdada15fa8c --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,121 @@ +# Maintainer: Galen Sampson <galen.sampson at gmail dot com> +pkgname=trafficserver +pkgver=3.2.4 +pkgrel=1 +pkgdesc="Apache Traffic Server" +url="http://trafficserver.apache.org/" +license=('Apache') +arch=('i686' 'x86_64') +depends=('openssl' 'tcl' 'hwloc') +makedepends=('flex') + +source=( + 'http://apache.tradebit.com/pub/trafficserver/trafficserver-3.2.4.tar.bz2' + 'trafficserver.tmpfiles' + 'config.layout.patch' + 'trafficserver.git-c9a2e06.patch' + 'trafficserver.git-75d3566.patch' + 'proxy_Main.patch' + 'trafficserver.service.in.patch') +md5sums=( + '5ce8f59d608896ae56e9053ff86bb40c' + 'fc8ab2b6d01e22fb376832fb13137db1' + '9ca01c6833ebbde4644a255c8bf802ce' + 'f395175164b2d8de90535e42ae1de72b' + 'f774f8454bec9422ac1af5445625a6b5' + 'ec6be0b8e2ab575bcd077993809061b0' + '74ba08091f580f8984eee8db0f7e4d27') + +install=trafficserver.install +changelog=trafficserver.changelog + +backup=( + 'etc/trafficserver/congestion.config' + 'etc/trafficserver/logs_xml.config' + 'etc/trafficserver/hosting.config' + 'etc/trafficserver/parent.config' + 'etc/trafficserver/records.config' + 'etc/trafficserver/socks.config' + 'etc/trafficserver/trafficserver-release' + 'etc/trafficserver/splitdns.config' + 'etc/trafficserver/vaddrs.config' + 'etc/trafficserver/ae_ua.config' + 'etc/trafficserver/cluster.config' + 'etc/trafficserver/storage.config' + 'etc/trafficserver/mgr.cnf' + 'etc/trafficserver/volume.config' + 'etc/trafficserver/plugin.db' + 'etc/trafficserver/icp.config' + 'etc/trafficserver/update.config' + 'etc/trafficserver/remap.config' + 'etc/trafficserver/ssl_multicert.config' + 'etc/trafficserver/cache.config' + 'etc/trafficserver/body_factory/default/access#ssl_forbidden' + 'etc/trafficserver/body_factory/default/transcoding#unsupported' + 'etc/trafficserver/body_factory/default/request#syntax_error' + 'etc/trafficserver/body_factory/default/connect#failed_connect' + 'etc/trafficserver/body_factory/default/default' + 'etc/trafficserver/body_factory/default/response#bad_version' + 'etc/trafficserver/body_factory/default/interception#no_host' + 'etc/trafficserver/body_factory/default/cache#not_in_cache' + 'etc/trafficserver/body_factory/default/response#bad_response' + 'etc/trafficserver/body_factory/default/request#scheme_unsupported' + 'etc/trafficserver/body_factory/default/connect#dns_failed' + 'etc/trafficserver/body_factory/default/README' + 'etc/trafficserver/body_factory/default/redirect#moved_temporarily' + 'etc/trafficserver/body_factory/default/timeout#activity' + 'etc/trafficserver/body_factory/default/timeout#inactivity' + 'etc/trafficserver/body_factory/default/access#denied' + 'etc/trafficserver/body_factory/default/cache#read_error' + 'etc/trafficserver/body_factory/default/request#no_content_length' + 'etc/trafficserver/body_factory/default/request#cycle_detected' + 'etc/trafficserver/body_factory/default/access#proxy_auth_required' + 'etc/trafficserver/body_factory/default/.body_factory_info' + 'etc/trafficserver/body_factory/default/urlrouting#no_mapping' + 'etc/trafficserver/body_factory/default/request#no_host' + 'etc/trafficserver/body_factory/default/connect#hangup' + 'etc/trafficserver/body_factory/default/congestion#retryAfter' + 'etc/trafficserver/body_factory/default/access#redirect_url' + 'etc/trafficserver/plugin.config' + 'etc/trafficserver/stats.config.xml' + 'etc/trafficserver/log_hosts.config' + 'etc/trafficserver/ip_allow.config') + +build() { + cd "${pkgname}-${pkgver}" + patch -Np0 -u -i ../config.layout.patch + patch -Np1 -u -i ../trafficserver.git-c9a2e06.patch + patch -Np1 -u -i ../trafficserver.git-75d3566.patch + patch -Np0 -u -i ../proxy_Main.patch + patch -Np0 -u -i ../trafficserver.service.in.patch + ./configure --with-user=tserver --enable-layout=Arch + make +} + +check() { + cd "${srcdir}"/"${pkgname}-${pkgver}" + make check +} + +package() +{ + cd "${srcdir}"/"${pkgname}-${pkgver}" + make install DESTDIR="${pkgdir}" + + # Remove libtool files + rm -f "${pkgdir}"/usr/lib/libtsmgmt.la + rm -f "${pkgdir}"/usr/lib/libtsutil.la + rm -f "${pkgdir}"/usr/lib/trafficserver/regex_remap.la + rm -f "${pkgdir}"/usr/lib/trafficserver/conf_remap.la + rm -f "${pkgdir}"/usr/lib/trafficserver/stats_over_http.la + rm -f "${pkgdir}"/usr/lib/trafficserver/header_filter.la + + rm -rf "${pkgdir}"/run + + install -D -m 644 "${srcdir}"/trafficserver.tmpfiles \ + "${pkgdir}"/usr/lib/tmpfiles.d/trafficserver.conf + + install -D -m 644 \ + "${srcdir}"/"${pkgname}-${pkgver}"/rc/trafficserver.service \ + "${pkgdir}"/usr/lib/systemd/system/trafficserver.service +} diff --git a/config.layout.patch b/config.layout.patch new file mode 100644 index 000000000000..344385783902 --- /dev/null +++ b/config.layout.patch @@ -0,0 +1,26 @@ +--- config.layout.orig 2013-03-16 13:21:39.475213473 -0700 ++++ config.layout 2013-03-16 13:34:04.501781685 -0700 +@@ -257,3 +257,23 @@ + logdir: ${prefix}/logs+ + cachedir: ${datadir} + </Layout> ++ ++<Layout Arch> ++ prefix: /usr ++ exec_prefix: ${prefix} ++ bindir: ${exec_prefix}/bin ++ sbindir: ${exec_prefix}/sbin ++ libdir: ${exec_prefix}/lib ++ libexecdir: ${libdir}+ ++ infodir: ${prefix}/share/info ++ mandir: ${prefix}/share/man ++ sysconfdir: /etc+ ++ datadir: ${prefix}/share+ ++ docdir: ${prefix}/share/doc+ ++ installbuilddir: ${datadir}/build ++ includedir: ${prefix}/include ++ localstatedir: /run ++ runtimedir: /run+ ++ logdir: /var/log+ ++ cachedir: /var/lib+ ++</Layout> diff --git a/proxy_Main.patch b/proxy_Main.patch new file mode 100644 index 000000000000..670188999b7d --- /dev/null +++ b/proxy_Main.patch @@ -0,0 +1,12 @@ +--- proxy/Main.cc.orig 2013-03-16 00:18:53.518050709 -0700 ++++ proxy/Main.cc 2013-03-16 00:19:48.221925918 -0700 +@@ -1310,7 +1310,8 @@ + + char *buf = (char *)ats_malloc(buflen); + +- if (0 != geteuid() && 0 == getuid()) seteuid(0); // revert euid if possible. ++ if (0 != geteuid() && 0 == getuid()) ++ NOWARN_UNUSED_RETURN(seteuid(0)); // revert euid if possible. + if (0 != geteuid()) { + // Not root so can't change user ID. Logging isn't operational yet so + // we have to write directly to stderr. Perhaps this should be fatal? diff --git a/trafficserver.changelog b/trafficserver.changelog new file mode 100644 index 000000000000..3ce2688158f1 --- /dev/null +++ b/trafficserver.changelog @@ -0,0 +1,4 @@ +2013-03-16 Galen Sampson <youremail@domain.com> + + * 3.24-1 : + Initial package. diff --git a/trafficserver.git-75d3566.patch b/trafficserver.git-75d3566.patch new file mode 100644 index 000000000000..ca9b2940080d --- /dev/null +++ b/trafficserver.git-75d3566.patch @@ -0,0 +1,42 @@ +From 2bee0a2f0359e5d7cebdb4e2178a5154c75d3566 Mon Sep 17 00:00:00 2001 +From: Zhao Yongming <ming.zym@gmail.com> +Date: Sat, 15 Sep 2012 16:13:13 +0800 +Subject: [PATCH] make clang happy on security concern + +--- + mgmt/api/INKMgmtAPI.cc | 4 ++-- + mgmt/tools/ConfigAPI.cc | 3 ++- + 2 files changed, 4 insertions(+), 3 deletions(-) + +diff --git a/mgmt/api/INKMgmtAPI.cc b/mgmt/api/INKMgmtAPI.cc +index 17d8afc..a047911 100644 +--- a/mgmt/api/INKMgmtAPI.cc ++++ b/mgmt/api/INKMgmtAPI.cc +@@ -2436,8 +2436,8 @@ closeAllFds() + // to root + if (getuid() != 0) { // if not super user, need to upgrade to root + //printf("before upgrade:current uid%d, euid %d\n", getuid(), geteuid()); fflush(stdout); +- seteuid(0); +- setreuid(0, 0); ++ if(seteuid(0) != 0 || setreuid(0, 0) != 0) ++ perror("[closeAllFds] unable to restore root privilege."); + //printf("after upgrade:current uid %d, euid %d\n", getuid(), geteuid()); fflush(stdout); + } + +diff --git a/mgmt/tools/ConfigAPI.cc b/mgmt/tools/ConfigAPI.cc +index 85666e4..a0444e0 100644 +--- a/mgmt/tools/ConfigAPI.cc ++++ b/mgmt/tools/ConfigAPI.cc +@@ -807,7 +807,8 @@ Config_RestoreNetConfig(char *file) + ats_free(TagValue); + } + +- setreuid(old_euid, old_euid); //happens only for floppy config ++ if(setreuid(old_euid, old_euid) != 0) ++ perror("Config_RestoreNetConfig set old uid failed: "); //happens only for floppy config + return 0; + } + +-- +1.7.9 + diff --git a/trafficserver.git-c9a2e06.patch b/trafficserver.git-c9a2e06.patch new file mode 100644 index 000000000000..a8b21d11f936 --- /dev/null +++ b/trafficserver.git-c9a2e06.patch @@ -0,0 +1,128 @@ +From dccdd5a4453828f1befa1bb121d045c50c9a2e06 Mon Sep 17 00:00:00 2001 +From: =?utf8?q?Igor=20Gali=C4=87?= <i.galic@brainsware.org> +Date: Thu, 13 Sep 2012 14:24:04 +0200 +Subject: [PATCH] clang's cecker says this is a security issue + +I say it's dead code. +--- + mgmt/tools/ConfigAPI.cc | 24 ------------------------ + mgmt/tools/ConfigAPI.h | 4 ---- + mgmt/tools/SysAPI.cc | 37 ------------------------------------- + mgmt/tools/SysAPI.h | 4 ---- + 4 files changed, 0 insertions(+), 69 deletions(-) + +diff --git a/mgmt/tools/ConfigAPI.cc b/mgmt/tools/ConfigAPI.cc +index 19afe7a..85666e4 100644 +--- a/mgmt/tools/ConfigAPI.cc ++++ b/mgmt/tools/ConfigAPI.cc +@@ -636,30 +636,6 @@ Config_SetNTP_Off(void) + return Time_SetNTP_Off(); + } + +-int +-Config_User_Root(int *old_euid) +-{ +- return Sys_User_Root(old_euid); +-} +- +-int +-Config_User_Inktomi(int euid) +-{ +- return Sys_User_Inktomi(euid); +-} +- +-int +-Config_Grp_Root(int *old_egid) +-{ +- return Sys_Grp_Root(old_egid); +-} +- +-int +-Config_Grp_Inktomi(int egid) +-{ +- return Sys_Grp_Inktomi(egid); +-} +- + #if defined(linux) + int + Config_DisableInterface(char *eth) +diff --git a/mgmt/tools/ConfigAPI.h b/mgmt/tools/ConfigAPI.h +index 62da925..00303b1 100644 +--- a/mgmt/tools/ConfigAPI.h ++++ b/mgmt/tools/ConfigAPI.h +@@ -85,9 +85,5 @@ extern int Config_GetXmlTagValue(char *XmlTagName, char **XmlTagValue, char *Xml + extern int Config_SetSMTP_Server(char *server); + extern int Config_GetSMTP_Server(char *server); + extern int Config_FloppyNetRestore(); +-extern int Config_User_Root(int *old_euid); +-extern int Config_User_Inktomi(int euid); +-extern int Config_Grp_Root(int *old_egid); +-extern int Config_Grp_Inktomi(int egid); + extern int Config_DisableInterface(char *eth); + #endif // _CONFIG_API_H +diff --git a/mgmt/tools/SysAPI.cc b/mgmt/tools/SysAPI.cc +index 5dd9498..37f80b6 100644 +--- a/mgmt/tools/SysAPI.cc ++++ b/mgmt/tools/SysAPI.cc +@@ -1184,43 +1184,6 @@ Net_DisableInterface(char *interface) + + #endif /* linux */ + +-int +-Sys_User_Root(int *old_euid) +-{ +- +- *old_euid = getuid(); +- seteuid(0); +- setreuid(0, 0); +- +- return 0; +-} +- +-int +-Sys_User_Inktomi(int euid) +-{ +-// bug 50394 - preserve saved uid as root, +-// while changing effiective and real uid to input parameter value +- setreuid(euid, 0); +- seteuid(euid); +- return 0; +-} +- +-int +-Sys_Grp_Root(int *old_egid) +-{ +- *old_egid = getegid(); +- setregid(0, *old_egid); +- return 0; +-} +- +-int +-Sys_Grp_Inktomi(int egid) +-{ +- setregid(egid, egid); +- return 0; +-} +- +- + + + bool +diff --git a/mgmt/tools/SysAPI.h b/mgmt/tools/SysAPI.h +index 3417518..aead11c 100644 +--- a/mgmt/tools/SysAPI.h ++++ b/mgmt/tools/SysAPI.h +@@ -74,10 +74,6 @@ extern int Time_GetNTP_Status(char *status, size_t status_len); + extern int Time_SetNTP_Off(void); + extern int Net_GetSMTP_Server(char *server); + extern int Net_SetSMTP_Server(char *server); +-extern int Sys_User_Root(int *old_euid); +-extern int Sys_User_Inktomi(int euid); +-extern int Sys_Grp_Root(int *old_egid); +-extern int Sys_Grp_Inktomi(int egid); + extern int Net_DisableInterface(char *interface); + + #endif // _SYS_API_H +-- +1.7.9 + diff --git a/trafficserver.install b/trafficserver.install new file mode 100644 index 000000000000..3fe5491daac0 --- /dev/null +++ b/trafficserver.install @@ -0,0 +1,11 @@ +pre_install() { + getent group tserver &>/dev/null || groupadd -g 499 tserver >/dev/null + getent passwd tserver &>/dev/null || useradd -u 499 \ + -d /var/lib/trafficserver -g tserver -s /bin/false tserver >/dev/null +} + +post_remove() { + getent passwd tserver &>/dev/null && userdel tserver >/dev/null + getent group tserver &>/dev/null && groupdel tserver >/dev/null + true +} diff --git a/trafficserver.service.in.patch b/trafficserver.service.in.patch new file mode 100644 index 000000000000..8a674b81c0d7 --- /dev/null +++ b/trafficserver.service.in.patch @@ -0,0 +1,11 @@ +--- rc/trafficserver.service.in.orig 2013-03-16 14:11:06.317750280 -0700 ++++ rc/trafficserver.service.in 2013-03-16 14:12:18.471699935 -0700 +@@ -4,7 +4,7 @@ + + [Service] + Type=simple +-EnvironmentFile=-/etc/sysconfig/trafficserver ++EnvironmentFile=-/etc/conf.d/trafficserver + PIDFile=@exp_runtimedir@/cop.pid + ExecStart=@exp_bindir@/traffic_cop $TC_DAEMON_ARGS + ExecReload=@exp_bindir@/traffic_line -x diff --git a/trafficserver.tmpfiles b/trafficserver.tmpfiles new file mode 100644 index 000000000000..be32ab3ff1da --- /dev/null +++ b/trafficserver.tmpfiles @@ -0,0 +1 @@ +d /run/trafficserver 750 tserver tserver |