From owner-svn-src-projects@FreeBSD.ORG Sun Jan 27 07:22:47 2013 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id BC90D104; Sun, 27 Jan 2013 07:22:47 +0000 (UTC) (envelope-from linimon@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 9819132C; Sun, 27 Jan 2013 07:22:47 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.5/8.14.5) with ESMTP id r0R7MlFI037645; Sun, 27 Jan 2013 07:22:47 GMT (envelope-from linimon@svn.freebsd.org) Received: (from linimon@localhost) by svn.freebsd.org (8.14.5/8.14.5/Submit) id r0R7Ml1e037643; Sun, 27 Jan 2013 07:22:47 GMT (envelope-from linimon@svn.freebsd.org) Message-Id: <201301270722.r0R7Ml1e037643@svn.freebsd.org> From: Mark Linimon Date: Sun, 27 Jan 2013 07:22:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r245975 - in projects/portbuild: admin/conf conf X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Jan 2013 07:22:47 -0000 Author: linimon (doc,ports committer) Date: Sun Jan 27 07:22:46 2013 New Revision: 245975 URL: http://svnweb.freebsd.org/changeset/base/245975 Log: Move README.dotunnel and apache.conf away from the portbuild user and over to the admin user. This is required for security reasons. Added: projects/portbuild/admin/conf/README.dotunnel - copied unchanged from r245972, projects/portbuild/conf/README.dotunnel projects/portbuild/admin/conf/apache.conf - copied unchanged from r245972, projects/portbuild/conf/apache.conf Deleted: projects/portbuild/conf/README.dotunnel projects/portbuild/conf/apache.conf Copied: projects/portbuild/admin/conf/README.dotunnel (from r245972, projects/portbuild/conf/README.dotunnel) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/conf/README.dotunnel Sun Jan 27 07:22:46 2013 (r245975, copy of r245972, projects/portbuild/conf/README.dotunnel) @@ -0,0 +1,31 @@ +Various package build nodes require us to set up TCP tunnels to talk +to them. (Some systems don't pass certain ports; some systems have +firewalls; some systems have multiple nodes on one IP address.) + +These have always been hardcoded in crontab lines of the form "while true; +do ; done". Other than the magic hardcoding, +there's a problem with this. When the tunnel command exits, such as if +the host suddenly becoming unreachable, it doesn't send mail -- instead +it just accumulates a huge file in /var/spool/clientmqueue which never +gets sent. To add insult to injury, /var is on our root partition. + +To cure these problems, we now have + + /var/portbuild/conf//dotunnel.XXX + +where XXX corresponds to one line in the old crontab. Each script sets +up one tunnel, sends mail to the user(s) in + + /var/portbuild//portbuild.conf + +once the command exits, and then sleeps. + +Why not put it in /var/portbuild/ you ask? That directory is +propogated to all nodes for that arch. This would be a security leak. +The intention is that none of the dotunnel files will be checked into +CVS. + +Final note: each script figures out which arch it is for by fiddling +with its $0, so invoke it with its full pathname. + +mcl Copied: projects/portbuild/admin/conf/apache.conf (from r245972, projects/portbuild/conf/apache.conf) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/portbuild/admin/conf/apache.conf Sun Jan 27 07:22:46 2013 (r245975, copy of r245972, projects/portbuild/conf/apache.conf) @@ -0,0 +1,50 @@ +DocumentRoot "/var/portbuild/www" + +# filter magic to decompress bzip2 logs - pav@ +LoadModule ext_filter_module libexec/apache22/mod_ext_filter.so +ExtFilterDefine BUNZIP2 mode=output intype=application/x-bzip2 outtype=text/plain cmd=/usr/bin/bunzip2 + + + Order allow,deny + Allow from all + Options FollowSymLinks + AllowOverride None + #Redirect permanent /index.html http://pointyhat.freebsd.org/errorlogs/ + + +Alias /errorlogs/ /var/portbuild/errorlogs/ + + + Order allow,deny + Allow from all + Options FollowSymLinks Indexes +# Added kk 030222 + Options +IncludesNoExec + AddHandler server-parsed .shtml + DirectoryIndex index.shtml index.html +# filter magic to decompress bzip2 logs - pav@ + Options +MultiViews + AddOutputFilterByType BUNZIP2 application/x-bzip2 + + +Alias /ganglia/ "/usr/local/www/ganglia/" + + + Order allow,deny + Allow from all + Options Indexes FollowSymlinks MultiViews + AllowOverride None + AddType text/html php + #AddType application/x-httpd-php .php + #AddType application/x-httpd-php-source .phps + addhandler php5-script .php + DirectoryIndex index.php + + +# sometimes useful as a playpen +# +# Order allow,deny +# Allow from all +# Options Indexes FollowSymlinks MultiViews +# AllowOverride None +#