summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJames Le Cuirot <chewi@gentoo.org>2018-01-18 13:39:08 +0000
committerJames Le Cuirot <chewi@gentoo.org>2018-01-18 13:43:48 +0000
commit9605ea072743f9a1a27eaf8437de2a41a263bdaf (patch)
treeb5b417c5b75bdf8f0706e0fda00e8360395cb5d0
parentsys-cluster/kube-controller-manager: Remove old (diff)
downloadgentoo-9605ea072743f9a1a27eaf8437de2a41a263bdaf.tar.gz
gentoo-9605ea072743f9a1a27eaf8437de2a41a263bdaf.tar.bz2
gentoo-9605ea072743f9a1a27eaf8437de2a41a263bdaf.zip
www-apps/tt-rss: Bump to 20180105, security fix, other fixes
* Addresses unsafe use of recursive chown/chmod in the init script whilst also dealing with poor permissions handling that may have led to issues in the past. * Fixes "postgresql" misspelling in the init script. * Fixes logrotate issue using delaycompress directive. * Allows options to be passed to the daemon. Bug: https://bugs.gentoo.org/603518 Closes: https://bugs.gentoo.org/609044 Closes: https://bugs.gentoo.org/620878 Closes: https://bugs.gentoo.org/627048 Closes: https://bugs.gentoo.org/639918 Package-Manager: Portage-2.3.19, Repoman-2.3.6
-rw-r--r--www-apps/tt-rss/Manifest1
-rw-r--r--www-apps/tt-rss/files/permissions25
-rw-r--r--www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt14
-rw-r--r--www-apps/tt-rss/files/postinstall-en-with-daemon.txt2
-rw-r--r--www-apps/tt-rss/files/postinstall-en.txt7
-rw-r--r--www-apps/tt-rss/files/ttrssd.confd-r247
-rw-r--r--www-apps/tt-rss/files/ttrssd.initd-r388
-rw-r--r--www-apps/tt-rss/files/ttrssd.logrotated1
-rw-r--r--www-apps/tt-rss/files/ttrssd.logrotated-r19
-rw-r--r--www-apps/tt-rss/tt-rss-20180105.ebuild84
10 files changed, 271 insertions, 7 deletions
diff --git a/www-apps/tt-rss/Manifest b/www-apps/tt-rss/Manifest
index c04edba0436a..2c45842b727d 100644
--- a/www-apps/tt-rss/Manifest
+++ b/www-apps/tt-rss/Manifest
@@ -1,2 +1,3 @@
DIST tt-rss-20160527.tar.bz2 2064633 BLAKE2B 406c2ff551e2ba616a8f4696d7deaf8a3f85e4f86f0b09f57507af7f4657930f11fc0aa9df467af5ad2c56657d95e12b75bae721da4d86480b06bbbc0ab72744 SHA512 8d482303868a08f4d65ef252f71f66ec3219d4f67e968a026a0302d29930cd5af45cedea81171db2ff0927497079d3bedd8fd70e4e9904f5d9987a92a6dfcb89
DIST tt-rss-20160930.tar.bz2 2072888 BLAKE2B e6ca0a72730cdf9a1106d7098e6a6bfc9bf35f545a67e9b569552644b23543b4168000afe2e5fbf5a1fd81371e72e570e270a77d5345bca5f22d79c1a86409b0 SHA512 d420e7efdf7d17e153ef0aa487a330379afe20fe9e9a6209de40b797d36e425cbcbdf2280eaf5ada8b9bef1ae37146253556ff602bbff22a9a7c311ff525d9e2
+DIST tt-rss-20180105.tar.gz 3070929 BLAKE2B 2370104c70f5381d690a29b216269c749bf1f7c6b925eb9499b741e5df3e686d95fce430a144946fd915414481280b67e6d0c881edcdd13aee0fa344dc0bec3f SHA512 86ceec3646629ad7fd3fde2f3c3237e48ad96bd08b46e73c34c76507d9b17613ea309e1bd5e6e85a0d9eb96029e54b54e5ee367c56aab31be3dcec9169c5ada5
diff --git a/www-apps/tt-rss/files/permissions b/www-apps/tt-rss/files/permissions
new file mode 100644
index 000000000000..a26b87f4e715
--- /dev/null
+++ b/www-apps/tt-rss/files/permissions
@@ -0,0 +1,25 @@
+#!/bin/bash -e
+
+cd "${MY_INSTALLDIR}"
+
+if [[ $1 = install ]]; then
+ # We need to lock down cache/ for the operations below to be
+ # safe. The permissions match the webapp-config defaults but these
+ # can be changed and existing installations may also differ.
+ chown root:root cache/
+ chmod 00755 cache/
+
+ chgrp --no-dereference ttrssd feed-icons/ lock/ cache/*/
+ chmod g+ws feed-icons/ lock/ cache/*/
+
+ # Files within lock/ are exclusively written by the update
+ # daemon. Files within feed-icons/ are always unlinked before
+ # modification. Only cache/ holds files that are modified in place
+ # by both processes and therefore ACLs are required to ensure that
+ # the files themselves are created as group writable.
+ if ! setfacl --modify d:g::rwX cache/*/; then
+ echo "WARNING: ACLs are not available on this filesystem. Either enable them or set TTRSSD_USER to your PHP user in /etc/conf.d/ttrssd to avoid permission issues."
+ elif [[ -n $(find cache/ -type f ! -name ".*" ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then
+ echo "WARNING: Files that are not writable by the ttrssd group found within the cache directory. Either delete them or correct their permissions."
+ fi
+fi
diff --git a/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt b/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt
new file mode 100644
index 000000000000..8c72406d76d2
--- /dev/null
+++ b/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt
@@ -0,0 +1,14 @@
+Please read https://tt-rss.org/wiki/InstallationNotes.
+
+Once you have configured TT-RSS, tweak /etc/conf.d/ttrssd to your
+needs if you have not already done so. If ACLs are unavailable on the
+filesystem you have just installed to then you will need to set
+TTRSSD_USER to your PHP user. When everything is ready, (re)start the
+update daemon like so:
+
+ /etc/init.d/ttrssd restart
+
+This will periodically update your feeds in the background. Add the
+daemon to your default runlevel to start it on every boot:
+
+ rc-update add ttrssd default
diff --git a/www-apps/tt-rss/files/postinstall-en-with-daemon.txt b/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
index 7d269d7165f2..25545842a381 100644
--- a/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
+++ b/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
@@ -1,4 +1,4 @@
-Please read http://tt-rss.org/redmine/projects/tt-rss/wiki/InstallationNotes
+Please read https://tt-rss.org/wiki/InstallationNotes.
Once you have configured TT-RSS, put the path to this instance into
the INSTANCE_DIRS variable in /etc/conf.d/ttrssd. Make sure that
diff --git a/www-apps/tt-rss/files/postinstall-en.txt b/www-apps/tt-rss/files/postinstall-en.txt
index 7b4b279e5be4..67a16111f3d5 100644
--- a/www-apps/tt-rss/files/postinstall-en.txt
+++ b/www-apps/tt-rss/files/postinstall-en.txt
@@ -1,6 +1 @@
-Please read http://tt-rss.org/redmine/projects/tt-rss/wiki/InstallationNotes
-
-With the update to 1.7.0 the 'magpie' RSS parser has been removed.
-That means TT-RSS will use the 'simplepie' parser. If you have been
-using 'magpie' so far, the switch might cause lots of duplicate
-articles - it's a one-time thing for each instance.
+Please read https://tt-rss.org/wiki/InstallationNotes.
diff --git a/www-apps/tt-rss/files/ttrssd.confd-r2 b/www-apps/tt-rss/files/ttrssd.confd-r2
new file mode 100644
index 000000000000..b169b548bb9a
--- /dev/null
+++ b/www-apps/tt-rss/files/ttrssd.confd-r2
@@ -0,0 +1,47 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Space-separated paths of TT-RSS instances that you want to start the
+# update daemon for. If left empty, these will be automatically
+# detected using data from /var/db/webapps/tt-rss. Instances without
+# the update_daemon2.php script present will be skipped.
+#
+# Default:
+# INSTANCE_DIRS=""
+# Example:
+# INSTANCE_DIRS="/some/webhost/htdocs/tt-rss /some/otherwebhost/htdocs/newsreader"
+#
+INSTANCE_DIRS=""
+
+# Path to the log files. One log file will be created for each TT-RSS
+# instance. Update the logrotate file after changing this.
+#
+# Default:
+# LOG_DIR="/var/log/ttrssd"
+#
+LOG_DIR="/var/log/ttrssd"
+
+# User to run the update daemon as. You should not run this as
+# root. If ACLs are unavailable on the filesystem used by the TT-RSS
+# instances then choosing the same user that serves the PHP web
+# interface is recommended to avoid permission issues. You *must* add
+# this user to the ttrssd group. If the PHP user is not the same as
+# the web server user (e.g. apache or nginx) then this user must be
+# added to the ttrssd group too.
+#
+# Default:
+# TTRSSD_USER="ttrssd"
+#
+TTRSSD_USER="ttrssd"
+
+# Additional options to pass to the update daemon. If you want to pass
+# different options to different TT-RSS instances then create symlinks
+# of the ttrssd init.d script (e.g. ttrssd.foo, ttrssd.bar) and
+# configure INSTANCE_DIRS and TTRSSD_OPTS for each of these.
+#
+# Default:
+# TTRSSD_OPTS=""
+# Example:
+# TTRSSD_OPTS="--tasks=1 --interval=300"
+#
+TTRSSD_OPTS=""
diff --git a/www-apps/tt-rss/files/ttrssd.initd-r3 b/www-apps/tt-rss/files/ttrssd.initd-r3
new file mode 100644
index 000000000000..a6f3b8a78ef1
--- /dev/null
+++ b/www-apps/tt-rss/files/ttrssd.initd-r3
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+ need net
+ after postgresql mysql
+}
+
+PID_DIR="/run/ttrssd"
+LOG_DIR=${LOG_DIR:-"/var/log/ttrssd"}
+TTRSSD_USER=${TTRSSD_USER:-"ttrssd"}
+
+setup() {
+ mkdir -p "${PID_DIR}" "${LOG_DIR}" || return 1
+ chown "${TTRSSD_USER}":ttrssd "${LOG_DIR}" || return 1
+}
+
+list_instance_dirs() {
+ if [ -z "${INSTANCE_DIRS}" ]; then
+ cut -d" " -f4 /var/db/webapps/tt-rss/*/installs 2>/dev/null
+ else
+ printf "%s\n" ${INSTANCE_DIRS}
+ fi
+}
+
+instance_dir_to_name() {
+ local name=${1#/}
+ echo ${name//\//--}
+}
+
+start() {
+ setup || return 1
+ local instance_dir instance_name ret=1
+
+ IFS=$'\n'
+ for instance_dir in $(list_instance_dirs); do
+ if [ -d "${instance_dir}" ]; then
+ if [ ! -f "${instance_dir}"/update_daemon2.php ]; then
+ ewarn "TT-RSS instance in ${instance_dir} has no update_daemon2.php script"
+ elif [ ! -f "${instance_dir}"/config.php ]; then
+ eerror "TT-RSS instance in ${instance_dir} is not configured"
+ else
+ instance_name=$(instance_dir_to_name "${instance_dir}")
+ ebegin "Starting TT-RSS update daemon in ${instance_dir}"
+ start-stop-daemon --start --user "${TTRSSD_USER}":ttrssd \
+ --background --wait 2000 \
+ --stdout "${LOG_DIR}/${instance_name}.log" \
+ --stderr "${LOG_DIR}/${instance_name}.log" \
+ --make-pidfile --pidfile "${PID_DIR}/${instance_name}.pid" \
+ --exec /usr/bin/php -- -f "${instance_dir}"/update_daemon2.php \
+ -- ${TTRSSD_OPTS}
+ eend $? && ret=0
+ fi
+ else
+ eerror "TT-RSS instance in ${instance_dir} is missing"
+ fi
+ done
+ unset IFS
+
+ # Succeed if at least one started.
+ return ${ret}
+}
+
+stop() {
+ local instance_dir instance_name
+
+ IFS=$'\n'
+ for instance_dir in $(list_instance_dirs); do
+ instance_name=$(instance_dir_to_name "${instance_dir}")
+
+ [ -f "${PID_DIR}/${instance_name}.pid" ] ||
+ [ -f "${instance_dir}"/update_daemon2.php ] ||
+ continue
+
+ ebegin "Stopping TT-RSS update daemon in ${instance_dir}"
+ start-stop-daemon --stop --retry 5 --pidfile "${PID_DIR}/${instance_name}.pid" \
+ --exec /usr/bin/php -- -f "${instance_dir}"/update_daemon2.php \
+ -- ${TTRSSD_OPTS}
+ eend $?
+
+ rm -f "${instance_dir}"/lock/*.lock
+ done
+ unset IFS
+
+ # Always succeed.
+ return 0
+}
diff --git a/www-apps/tt-rss/files/ttrssd.logrotated b/www-apps/tt-rss/files/ttrssd.logrotated
index 9616a98c3029..2bb0d0c1dd37 100644
--- a/www-apps/tt-rss/files/ttrssd.logrotated
+++ b/www-apps/tt-rss/files/ttrssd.logrotated
@@ -1,5 +1,6 @@
/var/log/ttrssd.log {
daily
+ delaycompress
missingok
notifempty
postrotate
diff --git a/www-apps/tt-rss/files/ttrssd.logrotated-r1 b/www-apps/tt-rss/files/ttrssd.logrotated-r1
new file mode 100644
index 000000000000..c2bf08f75619
--- /dev/null
+++ b/www-apps/tt-rss/files/ttrssd.logrotated-r1
@@ -0,0 +1,9 @@
+/var/log/ttrssd/*.log {
+ daily
+ delaycompress
+ missingok
+ notifempty
+ postrotate
+ /etc/init.d/ttrssd restart > /dev/null
+ endscript
+}
diff --git a/www-apps/tt-rss/tt-rss-20180105.ebuild b/www-apps/tt-rss/tt-rss-20180105.ebuild
new file mode 100644
index 000000000000..9affdac7e139
--- /dev/null
+++ b/www-apps/tt-rss/tt-rss-20180105.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit prefix user webapp
+
+COMMIT="c30f5e18119d1935e8fe6d422053b127e8f4f1b3"
+DESCRIPTION="Tiny Tiny RSS - A web-based news feed (RSS/Atom) aggregator using AJAX"
+HOMEPAGE="https://tt-rss.org/"
+SRC_URI="https://git.tt-rss.org/git/${PN}/archive/${COMMIT}.tar.gz -> ${P}.tar.gz"
+LICENSE="GPL-3"
+KEYWORDS="~amd64 ~arm ~mips ~x86"
+IUSE="+acl daemon +mysqli postgres"
+REQUIRED_USE="|| ( mysqli postgres )"
+
+DEPEND="daemon? ( acl? ( sys-apps/acl ) )"
+
+RDEPEND="${DEPEND}
+ daemon? ( dev-lang/php:*[mysqli?,postgres?,curl,cli,pcntl,pdo] )
+ !daemon? ( dev-lang/php:*[mysqli?,postgres?,curl,pdo] )
+ virtual/httpd-php:*"
+
+DEPEND="!vhosts? ( ${DEPEND} )"
+
+need_httpd_cgi # From webapp.eclass
+
+S="${WORKDIR}/${PN}"
+
+pkg_setup() {
+ webapp_pkg_setup
+
+ if use daemon; then
+ enewgroup ttrssd
+ enewuser ttrssd -1 /bin/sh /dev/null ttrssd
+ fi
+}
+
+src_configure() {
+ hprefixify config.php-dist
+
+ sed -i -r \
+ -e "/'DB_TYPE'/s:,.*:, '$(usex mysqli mysql pgsql)'); // mysql or pgsql:" \
+ -e "/'CHECK_FOR_UPDATES'/s/true/false/" \
+ config.php-dist || die
+}
+
+src_install() {
+ webapp_src_preinst
+
+ insinto "${MY_HTDOCSDIR}"
+ doins -r *
+
+ # When updating, grep the plugins directory for additional CACHE_DIR
+ # instances as they cannot be created later due to permissions.
+ dodir "${MY_HTDOCSDIR}"/cache/starred-images
+
+ local dir
+ for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,feed-icons,lock}/; do
+ webapp_serverowned "${dir#${ED}}"
+ done
+
+ if use daemon; then
+ webapp_hook_script "${FILESDIR}"/permissions
+ webapp_postinst_txt en "${FILESDIR}"/postinstall-en-with-daemon-r1.txt
+
+ newinitd "${FILESDIR}"/ttrssd.initd-r3 ttrssd
+ newconfd "${FILESDIR}"/ttrssd.confd-r2 ttrssd
+
+ insinto /etc/logrotate.d
+ newins "${FILESDIR}"/ttrssd.logrotated-r1 ttrssd
+
+ elog "After upgrading, please restart ttrssd."
+ else
+ webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
+ fi
+
+ webapp_src_install
+}
+
+pkg_postinst() {
+ elog "You need to merge config.php-dist into config.php manually when upgrading."
+ webapp_pkg_postinst
+}