[Pkg-cvs-commits] r50 - in /trunk: README.Debian changelog config
postinst postrm
93sam at users.alioth.debian.org
93sam at users.alioth.debian.org
Sat Dec 23 23:35:44 CET 2006
Author: 93sam
Date: Sat Dec 23 23:35:44 2006
New Revision: 50
URL: http://svn.debian.org/wsvn/?sc=1&rev=50
Log:
* Don't attempt to manage the pserver in inetd.conf beyond initial
installation; add an entry in README.Debian for this. Closes: #403334
* Remove bash-ism in postrm.
Modified:
trunk/README.Debian
trunk/changelog
trunk/config
trunk/postinst
trunk/postrm
Modified: trunk/README.Debian
URL: http://svn.debian.org/wsvn/trunk/README.Debian?rev=50&op=diff
==============================================================================
--- trunk/README.Debian (original)
+++ trunk/README.Debian Sat Dec 23 23:35:44 2006
@@ -118,3 +118,31 @@ user1:passwd4:
user3:passwd5:local_user6
-- Steve McIntyre <93sam at debian.org> Sun, 20 Aug 2006 01:54:08 +0100
+
+Running pserver from inetd
+~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+From version 1.12.13-6 and later, the cvs package will no longer
+attempt to automatically manage the cvspserver inetd entry as it used
+to. Most cvs client users do not want to use the pserver at all, and
+upstream have long considered the pserver to be a security risk for
+anything except anonymous use. Also, tracking and configuring the
+user's wishes in inetd.conf in a policy-compliant manner seems to be
+actually impossible.
+
+At initial installation *only*, the cvs package will therefore ask the
+user if the pserver should be run from inetd and configure
+accordingly. At package removal time, this entry will be
+removed. Otherwise, any configuration will need to be done directly by
+the user. For reference, a typical entry in inetd.conf would be:
+
+cvspserver stream tcp nowait.400 root /usr/sbin/tcpd /usr/sbin/cvs-pserver
+
+The number 400 in the "nowait.400" section above configures the
+allowed respawn rate in inetd, in invocations per minute. The default
+value for the respawn rate is 40; if you expect to use the pserver a
+lot (e.g. for large checkins or via scripts), it is recommended that
+you add this piece of configuration also, maybe using an even larger
+value.
+
+ -- Steve McIntyre <93sam at debian.org> Sat, 23 Dec 2006 21:35:08 +0000
Modified: trunk/changelog
URL: http://svn.debian.org/wsvn/trunk/changelog?rev=50&op=diff
==============================================================================
--- trunk/changelog (original)
+++ trunk/changelog Sat Dec 23 23:35:44 2006
@@ -1,12 +1,15 @@
cvs (1:1.12.13-6) unstable; urgency=high
- * High urgency upload to fix a serious bug before etch.
+ * High urgency upload to fix 2 serious bugs before etch.
* Fix unaligned access causing SIGBUS on sparc. Thanks to Julien Cristau
for the patch. (closes: #402745).
* Updated Spanish debconf translation, thanks to Javier
Fernández-Sanguino Peña. Closes: #403418,#344565.
+ * Don't attempt to manage the pserver in inetd.conf beyond initial
+ installation; add an entry in README.Debian for this. Closes: #403334
+ * Remove bash-ism in postrm.
- -- Steve McIntyre <93sam at debian.org> Mon, 18 Dec 2006 00:56:13 +0000
+ -- Steve McIntyre <93sam at debian.org> Sat, 23 Dec 2006 21:41:17 +0000
cvs (1:1.12.13-5) unstable; urgency=low
Modified: trunk/config
URL: http://svn.debian.org/wsvn/trunk/config?rev=50&op=diff
==============================================================================
--- trunk/config (original)
+++ trunk/config Sat Dec 23 23:35:44 2006
@@ -17,9 +17,18 @@ if [ -f /etc/cvs-cron.conf ]; then
fi
set -e
+# Iff we're being installed for the first time and the user has
+# asked for cvs to be run from inetd, call update-inetd. update-inetd
+# doesn't give us enough information to be able to do this reliably
+# at any other time (see #403334)
+if [ "$2"x = ""x ] && [ -x /usr/sbin/update-inetd ] ; then
+ configure_pserver=yes
+else
+ configure_pserver=no
+fi
+
# This function reads the current configuration from the config file
# (or rather, the variables sourced above)
-
set_debconf() {
if [ "$REPOS" ]; then
db_set cvs/repositories "$REPOS" || true
@@ -197,8 +206,17 @@ setup_pserver ()
if [ -z "$REPOS" ]; then
return
fi
+ if [ $configure_pserver = "yes" ] ; then
db_input medium cvs/pserver ||:
db_go ||:
+ db_input low cvs/pserver_setspawnlimit ||:
+ db_go ||:
+ db_get cvs/pserver_setspawnlimit
+ if [ "$RET" = "true" ]; then
+ db_input low cvs/pserver_spawnlimit ||:
+ db_go ||:
+ fi
+ fi
db_get cvs/pserver
if [ "$RET" = "true" ]; then
db_input low cvs/pserver_repos ||:
@@ -220,13 +238,6 @@ setup_pserver ()
db_endblock
db_go ||:
fi
- db_input low cvs/pserver_setspawnlimit ||:
- db_go ||:
- db_get cvs/pserver_setspawnlimit
- if [ "$RET" = "true" ]; then
- db_input low cvs/pserver_spawnlimit ||:
- db_go ||:
- fi
fi
}
Modified: trunk/postinst
URL: http://svn.debian.org/wsvn/trunk/postinst?rev=50&op=diff
==============================================================================
--- trunk/postinst (original)
+++ trunk/postinst Sat Dec 23 23:35:44 2006
@@ -45,7 +45,6 @@ if [ "$1" = "configure" ]; then
fi
# setup /etc/cvs-cron.conf and /etc/cvs-pserver.conf
-
db_get cvs/rotatehistory || true
set_addifmissing /etc/cvs-cron.conf ROT_HIST "\"$RET\""
ROT_HIST="$RET"
@@ -85,12 +84,6 @@ if [ "$1" = "configure" ]; then
done
fi
- # Then it's pserver's turn:
- if test -x /usr/sbin/update-inetd; then
- db_get cvs/pserver ||:
- if test "$RET" = "true"; then
- # --multi might be necessary (see Bug #121922)
- /usr/sbin/update-inetd --multi --remove "cvspserver.*"
db_get cvs/repositories || true
REPOS="$RET"
ALLOWROOT=""
@@ -119,25 +112,29 @@ if [ "$1" = "configure" ]; then
fi
done
IFS="$OLDIFS"
- db_get cvs/pserver_setspawnlimit ||:
- if [ "$RET" = "false" ]; then
- NOWAIT="nowait"
- else
- db_get cvs/pserver_spawnlimit ||:
- NOWAIT="nowait.$RET"
- fi
set_addifmissing /etc/cvs-cron.conf "# Please use : to separate the repositories"
- set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_REPOS \
- "\"$ALLOWROOT\""
+ set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_REPOS "\"$ALLOWROOT\""
set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_REPOS "/cvs"
set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_LIMIT_MEM "hard"
set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_LIMIT_DATA "hard"
set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_LIMIT_CORE "0"
set_addifmissing /etc/cvs-pserver.conf CVS_PSERV_LIMIT_CPU "hard"
- /usr/sbin/update-inetd --group OTHER --add \
- "cvspserver stream tcp $NOWAIT root /usr/sbin/tcpd /usr/sbin/cvs-pserver"
+
+ # Iff we're being installed for the first time and the user has
+ # asked for cvs to be run from inetd, call update-inetd. update-inetd
+ # doesn't give us enough information to be able to do this reliably
+ # at any other time (see #403334)
+ if [ "$2"x = ""x ] && [ -x /usr/sbin/update-inetd ] ; then
+ db_get cvs/pserver
+ if [ "$RET" = "true" ] ; then
+ db_get cvs/pserver_setspawnlimit
+ if [ "$RET" = "false" ]; then
+ NOWAIT="nowait"
else
- /usr/sbin/update-inetd --disable cvspserver
+ db_get cvs/pserver_spawnlimit
+ NOWAIT="nowait.$RET"
+ fi
+ /usr/sbin/update-inetd --group OTHER --add "cvspserver stream tcp $NOWAIT root /usr/sbin/tcpd /usr/sbin/cvs-pserver"
fi
fi
fi
Modified: trunk/postrm
URL: http://svn.debian.org/wsvn/trunk/postrm?rev=50&op=diff
==============================================================================
--- trunk/postrm (original)
+++ trunk/postrm Sat Dec 23 23:35:44 2006
@@ -2,7 +2,7 @@
# $Debian$
-if [ "$1" = "remove" -a -x /usr/sbin/update-inetd ]; then
+if [ "$1" = "remove" ] && [ -x /usr/sbin/update-inetd ]; then
update-inetd --remove "^cvspserver"
fi
if [ "$1" = "purge" ]; then
More information about the Pkg-cvs-commits
mailing list