lighttpd php open_basedir management with better pihole.log isolation

author: max.bra 2016-03-01 12:46:10 +0100
committer: max.bra 2016-03-01 12:46:10 +0100
commit: 07d68137e10d3262885e2808800870293cfc5536 (patch)
tree: 2bc93e1658e6f67052ea403575e39edc7d87cb3a
parent: a28a069e2e28b51bedca579bc20014626bc42610 (diff)
download: aur-07d68137e10d3262885e2808800870293cfc5536.tar.gz
8 files changed, 22 insertions, 20 deletions
diff --git a/.SRCINFO b/.SRCINFO
index b7cc86c25a2d..9dafdab2ad5d 100644
--- a/.SRCINFO
+++ b/.SRCINFO
@@ -1,9 +1,9 @@
 # Generated by mksrcinfo v8
-# Mon Feb 29 21:06:45 UTC 2016
+# Tue Mar  1 11:46:10 UTC 2016
 pkgbase = pi-hole-server
 	pkgdesc = The Pi-hole is an advertising-aware DNS/Web server. Arch adaptation for lan wide DNS server.
 	pkgver = 2.5.3
-	pkgrel = 2
+	pkgrel = 3
 	url = https://github.com/jacobsalmela/pi-hole
 	install = pi-hole-server.install
 	arch = any
@@ -30,13 +30,13 @@ pkgbase = pi-hole-server
 	md5sums = 30dbf80661c93668f7215e2c708693dc
 	md5sums = bca9867ebc3f93e92a522c4968d8fb56
 	md5sums = 791c86996377ceca23d1459ea0fd5cd6
-	md5sums = fd607f890103e97e480d814a5dfbee5b
-	md5sums = 06bb49cf66cc1db8be5e476a54b1e933
-	md5sums = 29aab2a7cdc82097b719935c01698777
-	md5sums = 564f47c5cfab0a1b7b010ddbcf8e3b84
+	md5sums = cba1675593bb43c94a35aabe8a210efa
+	md5sums = fc7852b5deb952335c0ebbf4ee61cb8c
+	md5sums = 5fce8b696b1d82050d87a3f8f19c0aea
+	md5sums = 008d6cb6a8ea389d22cbb969c62b0c80
 	md5sums = 09a4bb7aef7bbe1a1f4c6c85c1fd48b4
 	md5sums = d42a864f88299998f8233c0bc0dd093d
-	md5sums = 0a4921a2f655c5f178460aed0d6df068
+	md5sums = 7b9925a4516d91cd4282f181a4b4e473
 	md5sums = 291d3c95e445fe65caf40c3605efd186
 	md5sums = d41d8cd98f00b204e9800998ecf8427e
 	md5sums = d41d8cd98f00b204e9800998ecf8427e
diff --git a/PKGBUILD b/PKGBUILD
index c8c216fb8181..ecea9af03a0d 100644
--- a/PKGBUILD
+++ b/PKGBUILD
@@ -3,7 +3,7 @@
 pkgname=pi-hole-server
 _pkgname=pi-hole
 pkgver=2.5.3
-pkgrel=2
+pkgrel=3
 _wwwpkgname=AdminLTE
 _wwwpkgver=1.1.3
 pkgdesc='The Pi-hole is an advertising-aware DNS/Web server. Arch adaptation for lan wide DNS server.'
@@ -31,13 +31,13 @@ source=(https://github.com/$_pkgname/$_pkgname/archive/v$pkgver.tar.gz
 md5sums=('30dbf80661c93668f7215e2c708693dc'
          'bca9867ebc3f93e92a522c4968d8fb56'
          '791c86996377ceca23d1459ea0fd5cd6'
-         'fd607f890103e97e480d814a5dfbee5b'
-         '06bb49cf66cc1db8be5e476a54b1e933'
-         '29aab2a7cdc82097b719935c01698777'
-         '564f47c5cfab0a1b7b010ddbcf8e3b84'
+         'cba1675593bb43c94a35aabe8a210efa'
+         'fc7852b5deb952335c0ebbf4ee61cb8c'
+         '5fce8b696b1d82050d87a3f8f19c0aea'
+         '008d6cb6a8ea389d22cbb969c62b0c80'
          '09a4bb7aef7bbe1a1f4c6c85c1fd48b4'
          'd42a864f88299998f8233c0bc0dd093d'
-         '0a4921a2f655c5f178460aed0d6df068'
+         '7b9925a4516d91cd4282f181a4b4e473'
          '291d3c95e445fe65caf40c3605efd186'
          'd41d8cd98f00b204e9800998ecf8427e'
          'd41d8cd98f00b204e9800998ecf8427e')
@@ -53,7 +53,7 @@ prepare() {
   sed -i '/\$SUDO cp \/etc\/.pihole\/adlists.default \/etc\/pihole\/adlists.default/d' "$srcdir"/$_pkgname-$pkgver/gravity.sh
 
   # change log location in admin php interface and scripts
-  sed -i 's|/var/log/pihole.log|/run/log/pihole.log|' "$srcdir"/$_pkgname-$pkgver/advanced/Scripts/chronometer.sh
+  sed -i 's|/var/log/pihole.log|/run/log/pihole/pihole.log|' "$srcdir"/$_pkgname-$pkgver/advanced/Scripts/chronometer.sh
 
   # original toilet is in aur, enter figlet
   sed -i 's|		toilet -f small -F gay Pi-hole|		figlet Pi-hole|' "$srcdir"/$_pkgname-$pkgver/advanced/Scripts/chronometer.sh
@@ -68,7 +68,7 @@ prepare() {
   sed -i 's|/usr/local/bin/|/usr/bin/|' "$srcdir"/$_wwwpkgname-$_wwwpkgver/api.php
 
   # change log location in admin php interface
-  sed -i 's|/var/log/pihole.log|/run/log/pihole.log|' "$srcdir"/$_wwwpkgname-$_wwwpkgver/data.php
+  sed -i 's|/var/log/pihole.log|/run/log/pihole/pihole.log|' "$srcdir"/$_wwwpkgname-$_wwwpkgver/data.php
 
   # since we don't directly install from git...
   sed -i '/<b>Pi-hole Version <\/b> /,+1d' "$srcdir"/$_wwwpkgname-$_wwwpkgver/footer.php
diff --git a/dnsmasq.complete b/dnsmasq.complete
index 71feaf8b222d..4f89d36a82fe 100644
--- a/dnsmasq.complete
+++ b/dnsmasq.complete
@@ -37,7 +37,7 @@ cache-size=10000
 # For debugging purposes, log each DNS query as it passes through
 # dnsmasq.
 log-queries
-log-facility=/run/log/pihole.log
+log-facility=/run/log/pihole/pihole.log
 
 # Normally responses which come from /etc/hosts and the DHCP lease
 # file have Time-To-Live set as zero, which conventionally means
diff --git a/dnsmasq.include b/dnsmasq.include
index 4fb1c1a8984f..8f26600b8141 100644
--- a/dnsmasq.include
+++ b/dnsmasq.include
@@ -1,5 +1,5 @@
 addn-hosts=/etc/pihole/gravity.list
 cache-size=10000
 log-queries
-log-facility=/run/log/pihole.log
+log-facility=/run/log/pihole/pihole.log
 log-async
diff --git a/lighttpd.conf b/lighttpd.conf
index d84422d707e5..20ef341ac698 100644
--- a/lighttpd.conf
+++ b/lighttpd.conf
@@ -24,7 +24,7 @@ mimetype.assign		= (
 fastcgi.server = ( 
     ".php" => (
         "localhost" => ( 
-            "bin-path" => "/usr/bin/php-cgi",
+            "bin-path" => "/usr/bin/php-cgi -d open_basedir=/srv/http/pihole:/etc/pihole:/run/log/pihole",
             "socket" => "/tmp/php-fastcgi.sock",
             "broken-scriptfilename" => "enable",
             "max-procs" => 4, 
diff --git a/pi-hole-logtruncate.service b/pi-hole-logtruncate.service
index 76cd7c83068d..551de078f31d 100644
--- a/pi-hole-logtruncate.service
+++ b/pi-hole-logtruncate.service
@@ -3,7 +3,7 @@ Description=Reset dnsmasq/pi-hole query log
 
 [Service]
 Type=oneshot
-ExecStart=/usr/bin/truncate -s 0 /run/log/pihole.log
+ExecStart=/usr/bin/truncate -s 0 /run/log/pihole/pihole.log
 Nice=19
 IOSchedulingClass=best-effort
 IOSchedulingPriority=7
diff --git a/pi-hole-server.install b/pi-hole-server.install
index 715ed1caee02..4209eb522046 100644
--- a/pi-hole-server.install
+++ b/pi-hole-server.install
@@ -1,6 +1,7 @@
 post_install() {
   cat <<- EOF
     ==> please read configuration instructions at /usr/share/doc/pihole/configuration
+    ==> ver. 2.5.3-3: dnsmasq and lighttpd conf files are changed, please repeat the installation steps
     ==> first install/update run...
 EOF
   chown -R http.http /srv/http/pihole
diff --git a/pi-hole.tmpfile b/pi-hole.tmpfile
index 25a7fb6af1a9..b1c6add835e7 100644
--- a/pi-hole.tmpfile
+++ b/pi-hole.tmpfile
@@ -1 +1,2 @@
-f /run/log/pihole.log 0644 dnsmasq root - -
+d /run/log/pihole 0755 dnsmasq root - -
+f /run/log/pihole/pihole.log 0644 dnsmasq root - -
author	max.bra	2016-03-01 12:46:10 +0100
committer	max.bra	2016-03-01 12:46:10 +0100
commit	07d68137e10d3262885e2808800870293cfc5536 (patch)
tree	2bc93e1658e6f67052ea403575e39edc7d87cb3a
parent	a28a069e2e28b51bedca579bc20014626bc42610 (diff)
download	aur-07d68137e10d3262885e2808800870293cfc5536.tar.gz