From: Phil Dibowitz <firstname.lastname@example.org> Trac: Refs #131 * If a directory is in auth_system_homedirs, auth shouldn't touch it in any way * auth needs to respect a 0 in min_root_keys Signed-off-by: Phil Dibowitz <email@example.com>
From: Phil Dibowitz <firstname.lastname@example.org> Trac: Refs #128 Doh, PhilFail. The existing exclude functionality does work here, I had a PEBKAC. Thanks to Chet for pushing me on this. This removes that one small part from the last commit. Signed-off-by: Phil Dibowitz <email@example.com>
…svn internal files From: Phil Dibowitz <firstname.lastname@example.org> Trac: Refs #127, #128 - Various places are trying to log with 'warn' which isn't valid and causes spine to crash instead of log the warning - While I was in various files fixing logging, I fixed " -> ' in a few places. - We ignore .svn for config keys, but not overlays. My ignoring voer overlays is not as agressive on overlays as config keys because that would break stuff, I just want to be able to do --croot with my checkout directory without dropping .svn dirs everywhere. From: Phil Dibowitz <email@example.com>
From: Chet Burgess <firstname.lastname@example.org> Trac: Refs #117 Versions of TT prior to 2.19 were catching -search in a key as a form of function call to the complex key parsers in spine. This seems to be fixed with 2.19 and later. Updating the spec file to require 2.19 or later. Signed-off-by: Chet Burgess <email@example.com>
From: Chet Burgess <firstname.lastname@example.org> Trac: Refs #107 Same as changes to spine_2_1 branch, but now on trunk. The introduction of simple_exec caused a few problems. Most noteably the fact that the logic for detectin dryrun and intert functions was incorrect such that command always ran in dryrun mode even if inert was set to 0. After fixing this I discoverd a number of other issues around the fact that commands were no longer running during dryrun mode even when they needed to. More information on a file by file basis. M trunk/lib/Spine/Util.pm -do_rsync needs to support inert since it can be called in cases that need to run even during dryrun -Fixed typo wraper => wrapper -exec_command was only used by RestartServices, updated RestartService to just use simple_exec directly. Checked the existing TM data tree and found no uses of the exec_command function in templates. M trunk/lib/Spine/Util/Exec.pm -Fixed detection of dryrun mode (c_dryrun not dryrun). -_readlines would error if we were in dryrun, no returns undef if we are running in dryrun mode. M trunk/lib/Spine/Plugin/Overlay.pm -Call do_rsync with inert=1 when copying the content of c_root to the temp overlay. M trunk/lib/Spine/Plugin/RestartServices.pm -Call simple_exec directly instead of exec_command. Signed-off-by: Chet Burgess <email@example.com>
From: Jeff Schroeder <firstname.lastname@example.org> Trac: Refs #106 Harmless patch to make --quiet truly quiet. Signed-off-by: Jeff Schroeder <email@example.com> Signed-off-by: Rafi Khardalian
Trac: Refs #4 - Added support for --quiet mode to support future tools which may need it. - Modified quick_template to call spine-mgmt using --quiet. Signed-off-by: Rafi Khardalian
From: Chet Burgess <firstname.lastname@example.org> Trac: Refs #47 -Cleanup the formating of the spec file to be a bit cleaner -Remove the hard dependency on perl Sys::Syslog 0.18 or later. Now that we call openlog the issues with older Sys:Syslog implementations appear to be largely irrelevant. Signed-off-by: Chet Burgess <email@example.com>
From: Chet Burgess <firstname.lastname@example.org> Trac: Refs #47 Original patch was applied poorly in changeset:284. The original patch from Jeff was correct, my patching and merging of other changes results in a few missing changes and some bad white space formating. Signed-off-by: Chet Burgess <email@example.com>
From: Chet Burgess <firstname.lastname@example.org> Trac: Refs #102 -Turn off Auth, RPMPackageManager, TweakStartup, and SystemHarden in the default config because they can damage a system if the config tree is not configured properly. -Create new profiles (FullWithAPT, FirstBootFullWithAPT) that include the full set of plugins with the RPMPackageManager to support old default configurations. Signed-off-by: Chet Burgess <email@example.com>
Trac: Refs #101 - Fix to prevent service restarts from being triggered during a dryrun.
Author: Jeff Schroeder <firstname.lastname@example.org> Trac: Refs #47 General cleanups and move to the perl configball publisher - Switch from the python to the pure perl and faster configball publisher - Make the spec file actually build an rpm without erroring out on Fedora - Change spine-fsball-publisher to spine-publisher - Root config files in /etc/spine-mgmt Signed-off-by: Chet Burgess <email@example.com>
Author: Chet Burges Trac: Refs #96 Rename the spine binary to spine-mgmt. Rename most references of spine to spine-mgmt. Move config files to /etc/spine-mgmt/ Note: Yet another commit message form. Hopefully the subject at the top will make the messages look cleaner in RSS readers. Signed-off-by: Chet Burgess <firstname.lastname@example.org>
Trac: Refs #95 Spine::Register::load_plugin always returns SPINE_SUCCESS instead of the actual rc value generated from attempting to laod the plugins. Signed-off-by: Chet Burgess <email@example.com>
…if desired. - Force privfiles call to return an array, #refs 90
… is doing. SystemHarden will now print an informative message telling you it is running.
Data.pm calls syslog() without calling openlog(), which Sys::Syslog considers a no-no. This spine-config now calls openlog and closelog. Additionally openlog is called with user configurable options for facility, syslog opts, and the ident string. These can be configured in the config file under the Spine section using SyslogIdent, SyslogFacility, and SyslogOptions. Patch provided by Alexander Toth (atoth).
Use lstat instead of stat in order to ensure we are testing the permissions of the symlink and not the underlying file. The underlying file should be caught about the search anyway. Additionally log if we encounter a symlink with the SUID and/or SGID bit set as we can't reliably change the permissions of the symlink.
SystemInfo will now look for a key called network_path that provides the path to where the the network directory is located. If the key is not present the code will default to simply "network" (the current behavior). The network_path key will need to be placed in the spine_internal directory as SystemInfo runs during the DISCOVERY/populate phase before the tree is parsed.