15739395 reduce console noise from sysrepo method script
16292464 reduce console noise from depot method script
16298908 pkgfmt errors in pkg.p5m and depot.p5m
--- a/src/pkg/Makefile Wed Feb 06 13:39:47 2013 -0800
+++ b/src/pkg/Makefile Mon Feb 11 11:40:02 2013 +1300
@@ -69,6 +69,7 @@
PYTHONPATH=$(PKGROOT)/usr/lib/python2.6/vendor-packages
PKG = $(PKGCMDENV) pkg
PKGDEPEND = $(PKGCMDENV) pkgdepend
+PKGFMT = $(PKGCMDENV) pkgfmt
PKGLINT = $(PKGCMDENV) pkglint
PKGMOGRIFY = $(PKGCMDENV) pkgmogrify
PKGREPO = $(PKGCMDENV) pkgrepo
@@ -114,6 +115,9 @@
clobber: clean
rm -rf $(PKGDEST) Makefile.link
+pkgfmt:
+ $(PKGFMT) -c manifests/*.p5m
+
# Pass SVr4 package production off to its own makefile
svr4:
$(MAKE) -f Makefile.svr4 _svr4
@@ -122,7 +126,7 @@
mkdir -p $@
# Finalize the repository
-repository-metadata: publish-pkgs
+repository-metadata: pkgfmt publish-pkgs
$(PKGREPO) -s $(PKGDEST)/repo refresh
publish-pkgs: $(PKGDEST)/repo .WAIT $(PUBLIFESTS)
--- a/src/pkg/manifests/package:pkg.p5m Wed Feb 06 13:39:47 2013 -0800
+++ b/src/pkg/manifests/package:pkg.p5m Mon Feb 11 11:40:02 2013 +1300
@@ -210,8 +210,8 @@
file path=lib/svc/manifest/application/pkg/pkg-mdns.xml
file path=lib/svc/manifest/application/pkg/pkg-server.xml
dir path=lib/svc/method
+file path=lib/svc/method/svc-pkg-mdns
file path=lib/svc/method/svc-pkg-server
-file path=lib/svc/method/svc-pkg-mdns
dir path=usr
dir path=usr/bin
file path=usr/bin/pkg
--- a/src/pkg/manifests/package:pkg:depot.p5m Wed Feb 06 13:39:47 2013 -0800
+++ b/src/pkg/manifests/package:pkg:depot.p5m Mon Feb 11 11:40:02 2013 +1300
@@ -32,9 +32,9 @@
dir path=etc/pkg
dir path=etc/pkg/depot
dir path=etc/pkg/depot/conf.d
+file path=etc/pkg/depot/depot.conf.mako
file path=etc/pkg/depot/depot_httpd.conf.mako
file path=etc/pkg/depot/depot_index.py pkg.tmp.autopyc=false
-file path=etc/pkg/depot/depot.conf.mako
dir path=lib
dir path=lib/svc
dir path=lib/svc/manifest
@@ -54,10 +54,11 @@
dir path=var/cache/pkg/depot owner=pkg5srv
dir path=var/log
dir path=var/log/pkg
-dir path=var/log/pkg/depot
+dir path=var/log/pkg/depot owner=pkg5srv
# we deliver 0-byte log file stubs
-file path=var/log/pkg/depot/access_log preserve=true
-file path=var/log/pkg/depot/error_log preserve=true
+file path=var/log/pkg/depot/access_log owner=pkg5srv mode=0644 preserve=true
+file path=var/log/pkg/depot/error_log owner=pkg5srv mode=0644 preserve=true
+file path=var/log/pkg/depot/rewrite.log owner=pkg5srv mode=0644 preserve=true
license cr_Oracle license=cr_Oracle
#
# The manual dependency on apache results from our calling apachectl from
--- a/src/pkg/manifests/package:pkg:system-repository.p5m Wed Feb 06 13:39:47 2013 -0800
+++ b/src/pkg/manifests/package:pkg:system-repository.p5m Mon Feb 11 11:40:02 2013 +1300
@@ -55,10 +55,11 @@
dir path=var/cache/pkg/sysrepo owner=pkg5srv
dir path=var/log
dir path=var/log/pkg
-dir path=var/log/pkg/sysrepo
+dir path=var/log/pkg/sysrepo owner=pkg5srv
# we deliver 0-byte log file stubs
-file path=var/log/pkg/sysrepo/access_log preserve=renamenew
-file path=var/log/pkg/sysrepo/error_log preserve=renamenew
+file path=var/log/pkg/sysrepo/access_log owner=pkg5srv mode=0644 preserve=true
+file path=var/log/pkg/sysrepo/error_log owner=pkg5srv mode=0644 preserve=true
+file path=var/log/pkg/sysrepo/rewrite.log owner=pkg5srv mode=0644 preserve=true
license cr_Oracle license=cr_Oracle
#
# The manual dependency on apache results from our calling apachectl from
--- a/src/setup.py Wed Feb 06 13:39:47 2013 -0800
+++ b/src/setup.py Mon Feb 11 11:40:02 2013 +1300
@@ -373,6 +373,7 @@
sysrepo_log_stubs = [
'util/apache2/sysrepo/logs/access_log',
'util/apache2/sysrepo/logs/error_log',
+ 'util/apache2/sysrepo/logs/rewrite.log',
]
depot_files = [
'util/apache2/depot/depot.conf.mako',
@@ -382,6 +383,7 @@
depot_log_stubs = [
'util/apache2/depot/logs/access_log',
'util/apache2/depot/logs/error_log',
+ 'util/apache2/depot/logs/rewrite.log',
]
# The apache-based depot includes an shtml file we add to the resource dir
web_files.append((os.path.join(resource_dir, "web"),
--- a/src/svc/pkg-depot.xml Wed Feb 06 13:39:47 2013 -0800
+++ b/src/svc/pkg-depot.xml Mon Feb 11 11:40:02 2013 +1300
@@ -59,9 +59,9 @@
</dependency>
<!--
- We must wait for pkg/server instances to come online, since
- any readonly, non-standalone instances contribute to the
- configuration of pkg/depot.
+ We must wait for pkg/server instances to come online,
+ since any readonly, non-standalone instances
+ contribute to the configuration of pkg/depot.
-->
<dependency name='pkg-server'
grouping='require_all'
@@ -84,23 +84,44 @@
value='svc:/system/filesystem/autofs:default'/>
</dependency>
+ <!-- The following methods use the 'all' privilege when
+ run, but drop privileges once they are no longer
+ needed using ppriv -s. We need 'all' privileges to
+ write to /system/volatile. -->
<exec_method
type='method'
name='start'
exec='/lib/svc/method/svc-pkg-depot start'
- timeout_seconds='60' />
+ timeout_seconds='60'>
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv' privileges='all' />
+ </method_context>
+ </exec_method>
+ <!-- basic,net_privaddr are suffient for 'stop' -->
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/svc-pkg-depot stop'
- timeout_seconds='60' />
+ timeout_seconds='60'>
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv'
+ privileges='basic,net_privaddr' />
+ </method_context>
+ </exec_method>
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/svc-pkg-depot refresh'
- timeout_seconds='60' />
+ timeout_seconds='60'>
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv' privileges='all' />
+ </method_context>
+ </exec_method>
<property_group name='config' type='application'>
<stability value='Evolving' />
--- a/src/svc/pkg-system-repository.xml Wed Feb 06 13:39:47 2013 -0800
+++ b/src/svc/pkg-system-repository.xml Mon Feb 11 11:40:02 2013 +1300
@@ -19,7 +19,7 @@
CDDL HEADER END
- Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2011, 2013 Oracle and/or its affiliates. All rights reserved.
NOTE: This service manifest is not editable; its contents will
be overwritten by package or patch operations, including
@@ -71,23 +71,47 @@
value='svc:/system/filesystem/autofs:default'/>
</dependency>
+ <!-- The following methods use the 'all' privilege when
+ run, but drop privileges once they are no longer
+ needed using ppriv -s. We need 'all' privileges to
+ write to /system/volatile. -->
<exec_method
type='method'
name='start'
exec='/lib/svc/method/svc-pkg-sysrepo start'
- timeout_seconds='60' />
+ timeout_seconds='60'>
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv' privileges='all' />
+ </method_context>
+ </exec_method>
+
+ <!-- basic,net_privaddr are suffient for 'stop' -->
<exec_method
type='method'
name='stop'
exec='/lib/svc/method/svc-pkg-sysrepo stop'
- timeout_seconds='60' />
+ timeout_seconds='60' >
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv'
+ privileges='basic,net_privaddr' />
+ </method_context>
+ </exec_method>
+
<exec_method
type='method'
name='refresh'
exec='/lib/svc/method/svc-pkg-sysrepo refresh'
- timeout_seconds='60' />
+ timeout_seconds='60' >
+ <method_context>
+ <method_credential user='pkg5srv'
+ group='pkg5srv' privileges='all' />
+ </method_context>
+ </exec_method>
+
<property_group name='config' type='application'>
<stability value='Evolving' />
@@ -101,7 +125,7 @@
<!-- Where we store runtime versions of our
configuration -->
<propval name='runtime_dir' type='astring'
- value='/system/volatile/pkg/sysrepo' />
+ value='/system/volatile/pkg/sysrepo' />
<!-- Where we store our Mako templates for generating
runtime configuration -->
<propval name='template_dir' type='astring'
--- a/src/svc/svc-pkg-depot Wed Feb 06 13:39:47 2013 -0800
+++ b/src/svc/svc-pkg-depot Mon Feb 11 11:40:02 2013 +1300
@@ -145,12 +145,11 @@
# megabytes, being nice about scheduling and removing
# empty directories if necessary.
interval=$((60 * 24 * 14))
- /usr/bin/su pkg5srv \
- -c "/usr/apache2/2.2/bin/htcacheclean \
+ /usr/apache2/2.2/bin/htcacheclean \
-d${interval} -i -l ${depot_cache_max}M -n \
-p ${depot_cache_dir} \
-P ${depot_cache_dir}/../depot_htcacheclean.pid \
- -t"
+ -t
check_failure $? "htcacheclean failed to run cleanly"
fi
}
@@ -226,6 +225,8 @@
"start")
cmd="start"
run_depot
+ # drop privileges now that we've written our configuration
+ /usr/bin/ppriv -s E=basic,net_privaddr
run_htcacheclean
emsg=$(/usr/bin/printf ${FAILED_TO_RUN} start)
${HTTPD} -f ${depot_runtime_dir}/depot_httpd.conf \
@@ -236,6 +237,8 @@
"refresh")
cmd="graceful"
run_depot
+ # drop privileges now that we've written our configuration
+ /usr/bin/ppriv -s E=basic,net_privaddr
kill_htcacheclean
run_htcacheclean
emsg=$(/usr/bin/printf ${FAILED_TO_RUN} refresh)
--- a/src/svc/svc-pkg-sysrepo Wed Feb 06 13:39:47 2013 -0800
+++ b/src/svc/svc-pkg-sysrepo Mon Feb 11 11:40:02 2013 +1300
@@ -20,7 +20,7 @@
# CDDL HEADER END
#
#
-# Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+# Copyright (c) 2011, 2013 Oracle and/or its affiliates. All rights reserved.
#
. /lib/svc/share/smf_include.sh
@@ -105,11 +105,11 @@
# nice about scheduling and removing empty directories if
# necessary.
interval=$((60 * 24 * 14))
- /usr/bin/su pkg5srv -c "/usr/apache2/2.2/bin/htcacheclean \
+ /usr/apache2/2.2/bin/htcacheclean \
-d${interval} -i -l ${SYSREPO_CACHE_MAX}M -n \
-p ${SYSREPO_CACHE_DIR} \
-P ${SYSREPO_CACHE_DIR}/../sysrepo_htcacheclean.pid \
- -t"
+ -t
check_failure $? "htcacheclean failed to run cleanly"
fi
}
@@ -172,6 +172,8 @@
"start")
cmd="start"
run_sysrepo
+ # drop privileges now that we've written our configuration
+ /usr/bin/ppriv -s E=basic,net_privaddr $$
run_htcacheclean
${HTTPD} -f ${SYSREPO_RUNTIME_DIR}/sysrepo_httpd.conf \
${STARTUP_OPTIONS} -k ${cmd} 2>&1
@@ -180,6 +182,8 @@
"refresh")
cmd="graceful"
run_sysrepo
+ # drop privileges now that we've written our configuration
+ /usr/bin/ppriv -s E=basic,net_privaddr $$
/usr/bin/pkill -USR1 -ox zoneproxyd
kill_htcacheclean
run_htcacheclean
--- a/src/svc/zoneproxyd.xml Wed Feb 06 13:39:47 2013 -0800
+++ b/src/svc/zoneproxyd.xml Mon Feb 11 11:40:02 2013 +1300
@@ -2,7 +2,7 @@
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
- Copyright (c) 2011, Oracle and/or its affiliates. All rights reserved.
+ Copyright (c) 2011, 2013 Oracle and/or its affiliates. All rights reserved.
CDDL HEADER START
@@ -72,7 +72,8 @@
exec='/usr/lib/zones/zoneproxyd'
timeout_seconds='300'>
<method_context>
- <method_credential user='root'/>
+ <method_credential user='pkg5srv'
+ privileges='all' />
</method_context>
</exec_method>
@@ -82,7 +83,7 @@
exec=':kill'
timeout_seconds='300'>
<method_context>
- <method_credential user='root'/>
+ <method_credential user='pkg5srv' />
</method_context>
</exec_method>