[arch-commits] Commit in syslog-ng/trunk (5 files)
Dave Reisner
dreisner at archlinux.org
Tue Oct 11 15:31:29 UTC 2011
Date: Tuesday, October 11, 2011 @ 11:31:29
Author: dreisner
Revision: 140266
upgpkg: syslog-ng 3.3.1-1
upstream release 3.3.1
- remove patches
- fixup error in rc.d script
- move PID file to /run
- update config for 3.3 syntax
- remove log_fifo_size (defaults to 10000 now)
- long_hostnames(off) => chain_hostnames(off)
- distribute systemd service file via buildsys
Modified:
syslog-ng/trunk/PKGBUILD
syslog-ng/trunk/syslog-ng.conf
syslog-ng/trunk/syslog-ng.rc
Deleted:
syslog-ng/trunk/cap_syslog.patch
syslog-ng/trunk/non-blocking-systemd-fds.patch
--------------------------------+
PKGBUILD | 63 +++++--------
cap_syslog.patch | 178 ---------------------------------------
non-blocking-systemd-fds.patch | 32 -------
syslog-ng.conf | 6 -
syslog-ng.rc | 5 -
5 files changed, 31 insertions(+), 253 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-10-11 14:15:08 UTC (rev 140265)
+++ PKGBUILD 2011-10-11 15:31:29 UTC (rev 140266)
@@ -4,8 +4,8 @@
# Maintainer: Aaron Griffin <aaron at archlinux.org>
pkgname=syslog-ng
-pkgver=3.2.4
-pkgrel=3
+pkgver=3.3.1
+pkgrel=1
pkgdesc="Next-generation syslogd with advanced networking and filtering capabilities"
arch=('i686' 'x86_64')
license=('GPL2')
@@ -18,49 +18,38 @@
options=('!libtool')
backup=('etc/syslog-ng/modules.conf' 'etc/syslog-ng/scl.conf' \
'etc/syslog-ng/syslog-ng.conf' 'etc/logrotate.d/syslog-ng')
-source=(http://www.balabit.com/downloads/files/syslog-ng/sources/${pkgver}/source/${pkgname}_${pkgver}.tar.gz
- non-blocking-systemd-fds.patch
- syslog-ng.conf syslog-ng.logrotate syslog-ng.rc cap_syslog.patch)
-md5sums=('5995f7dad0053a478b60a63f6f754203'
- '25e43afe51eb2223c25168e3c3e7aaf6'
- '344dddfff946300f5576b13a7e8ea19f'
- '735636090be4582885974542d2a75855'
- '39f41dc7cee7efc6250adc5e970ca7a7'
- 'bd317a7fb2339a39b8adcf8fdcd20396')
-sha1sums=('ff732f7223bd2bd0424d4b9028b523cf62133af1'
- '73b83deae9a8b945dfb13adf331e6bf6f119b83e'
- 'b9eb8c61f7cccda543fc5c97fe1d40a8d15e713f'
+source=("http://www.balabit.com/downloads/files/syslog-ng/sources/$pkgver/source/${pkgname}_$pkgver.tar.gz"
+ syslog-ng.conf
+ syslog-ng.logrotate
+ syslog-ng.rc)
+sha1sums=('f084d66754c7fa1eada56946f77ef3066faa27a1'
+ '98074e0facfc6ef036202662cc86d04b38a2c142'
'ac997b25d7d8e69e66782d3771a0e12aff55ae7f'
- 'a1b59b2bde30dfb00907d1c77f3071b910a40401'
- '20991412f2e82e12cbf272a414974ff135fb1981')
+ 'a6ad26912b5bcbe1b47b003309945d733613b98f')
build() {
- cd "${srcdir}/${pkgname}-${pkgver}"
+ cd "$srcdir/$pkgname-$pkgver"
- # fix #22555 for kernels >=2.6.38
- patch -p1 -i ../cap_syslog.patch
-
- # fix systemd blocking FD bug
- # https://bugzilla.balabit.com/show_bug.cgi?id=125
- patch -Np1 < "$srcdir/non-blocking-systemd-fds.patch"
-
- ./configure --prefix=/usr --sysconfdir=/etc/syslog-ng \
- --libexecdir=/usr/lib --localstatedir=/var/lib/syslog-ng \
- --enable-tcp-wrapper \
- --with-pidfile-dir=/var/run \
+ ./configure \
+ --prefix=/usr \
+ --sysconfdir=/etc/syslog-ng \
+ --libexecdir=/usr/lib \
+ --localstatedir=/var/lib/syslog-ng \
+ --with-pidfile-dir=/run \
--disable-spoof-source \
- --disable-tcp-wrapper \
- --enable-systemd
+ --enable-systemd \
+ --with-systemdsystemunitdir=/lib/systemd/system
make
}
package() {
- cd "${srcdir}/${pkgname}-${pkgver}"
- make DESTDIR="${pkgdir}" install
- install -dm755 "${pkgdir}/var/lib/syslog-ng" "${pkgdir}/etc/syslog-ng/patterndb.d"
- install -Dm644 "${srcdir}/syslog-ng.conf" "${pkgdir}/etc/syslog-ng/syslog-ng.conf"
- install -Dm644 "${srcdir}/syslog-ng.logrotate" "${pkgdir}/etc/logrotate.d/syslog-ng"
- install -Dm755 "${srcdir}/syslog-ng.rc" "${pkgdir}/etc/rc.d/syslog-ng"
- install -Dm644 "doc/examples/syslog-ng.service" "$pkgdir/lib/systemd/system/syslog-ng.service"
+ cd "$srcdir/$pkgname-$pkgver"
+
+ make DESTDIR="$pkgdir" install
+
+ install -dm755 "$pkgdir/var/lib/syslog-ng" "$pkgdir/etc/syslog-ng/patterndb.d"
+ install -Dm644 "$srcdir/syslog-ng.conf" "$pkgdir/etc/syslog-ng/syslog-ng.conf"
+ install -Dm644 "$srcdir/syslog-ng.logrotate" "$pkgdir/etc/logrotate.d/syslog-ng"
+ install -Dm755 "$srcdir/syslog-ng.rc" "$pkgdir/etc/rc.d/syslog-ng"
}
Deleted: cap_syslog.patch
===================================================================
--- cap_syslog.patch 2011-10-11 14:15:08 UTC (rev 140265)
+++ cap_syslog.patch 2011-10-11 15:31:29 UTC (rev 140266)
@@ -1,178 +0,0 @@
-From ae0ff59d9a761c2fda8a19b0c05e0e05c59bae57 Mon Sep 17 00:00:00 2001
-From: Balazs Scheidler <bazsi at balabit.hu>
-Date: Thu, 12 May 2011 13:11:58 +0200
-Subject: [PATCH] Use CAP_SYSLOG instead of CAP_SYS_ADMIN, if available.
-
-If cap_syslog exists, the kernel will complain (once) that we only
-have cap_sys_admin. Additionally, using cap_syslog instead of
-cap_sys_admin significantly lowers the unneeded privs we are
-using.
-
-Upon startup, syslog-ng will detect whether CAP_SYSLOG is available,
-and use capabilities based on that finding. This detection will also
-have a side-effect, which will make it so that
-g_process_cap_modify(CAP_SYSLOG) will fall back to CAP_SYS_ADMIN, if
-CAP_SYSLOG support was not detected.
-
-Thanks to Andrew Morgan for pointing out a nice way to detect whether
-the kernel has CAP_SYSLOG. Original code by Serge Hallyn, with minor
-changes based on Balazs Scheidler's review by Gergely Nagy.
-
-Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
-Signed-off-by: Gergely Nagy <algernon at balabit.hu>
-Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
----
- lib/gprocess.c | 27 +++++++++++++++++++++++++++
- lib/gprocess.h | 6 ++++++
- modules/affile/affile.c | 2 +-
- syslog-ng/main.c | 38 ++++++++++++++++++++++++++++++--------
- 4 files changed, 64 insertions(+), 9 deletions(-)
-
-diff --git a/lib/gprocess.c b/lib/gprocess.c
-index 38bcb12..e2159fc 100644
---- a/lib/gprocess.c
-+++ b/lib/gprocess.c
-@@ -98,6 +98,7 @@ static gint startup_result_pipe[2] = { -1, -1 };
- static gint init_result_pipe[2] = { -1, -1 };
- static GProcessKind process_kind = G_PK_STARTUP;
- static gboolean stderr_present = TRUE;
-+static int have_capsyslog = FALSE;
-
- /* global variables */
- static struct
-@@ -216,6 +217,13 @@ g_process_cap_modify(int capability, int onoff)
- if (!process_opts.caps)
- return TRUE;
-
-+ /*
-+ * if libcap or kernel doesn't support cap_syslog, then resort to
-+ * cap_sys_admin
-+ */
-+ if (capability == CAP_SYSLOG && (!have_capsyslog || CAP_SYSLOG == -1))
-+ capability = CAP_SYS_ADMIN;
-+
- caps = cap_get_proc();
- if (!caps)
- return FALSE;
-@@ -297,6 +305,25 @@ g_process_cap_restore(cap_t r)
- return;
- }
-
-+gboolean
-+g_process_check_cap_syslog(void)
-+{
-+ int ret;
-+
-+ if (have_capsyslog)
-+ return TRUE;
-+
-+ if (CAP_SYSLOG == -1)
-+ return FALSE;
-+
-+ ret = prctl(PR_CAPBSET_READ, CAP_SYSLOG);
-+ if (ret == -1)
-+ return FALSE;
-+
-+ have_capsyslog = TRUE;
-+ return TRUE;
-+}
-+
- #endif
-
- /**
-diff --git a/lib/gprocess.h b/lib/gprocess.h
-index a6dd7c4..1bdd719 100644
---- a/lib/gprocess.h
-+++ b/lib/gprocess.h
-@@ -46,6 +46,10 @@ gboolean g_process_cap_modify(int capability, int onoff);
- cap_t g_process_cap_save(void);
- void g_process_cap_restore(cap_t r);
-
-+#ifndef CAP_SYSLOG
-+#define CAP_SYSLOG -1
-+#endif
-+
- #else
-
- typedef gpointer cap_t;
-@@ -71,6 +75,8 @@ void g_process_set_argv_space(gint argc, gchar **argv);
- void g_process_set_use_fdlimit(gboolean use);
- void g_process_set_check(gint check_period, gboolean (*check_fn)(void));
-
-+gboolean g_process_check_cap_syslog(void);
-+
- void g_process_start(void);
- void g_process_startup_failed(guint ret_num, gboolean may_exit);
- void g_process_startup_ok(void);
-diff --git a/modules/affile/affile.c b/modules/affile/affile.c
-index ce343cd..bb8aa75 100644
---- a/modules/affile/affile.c
-+++ b/modules/affile/affile.c
-@@ -59,7 +59,7 @@ affile_open_file(gchar *name, gint flags,
- if (privileged)
- {
- g_process_cap_modify(CAP_DAC_READ_SEARCH, TRUE);
-- g_process_cap_modify(CAP_SYS_ADMIN, TRUE);
-+ g_process_cap_modify(CAP_SYSLOG, TRUE);
- }
- else
- {
-diff --git a/syslog-ng/main.c b/syslog-ng/main.c
-index 9880c1f..02f17b6 100644
---- a/syslog-ng/main.c
-+++ b/syslog-ng/main.c
-@@ -363,6 +363,33 @@ version(void)
- ON_OFF_STR(ENABLE_PACCT_MODULE));
- }
-
-+#if ENABLE_LINUX_CAPS
-+#define BASE_CAPS "cap_net_bind_service,cap_net_broadcast,cap_net_raw," \
-+ "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p "
-+
-+static void
-+setup_caps (void)
-+{
-+ static gchar *capsstr_syslog = BASE_CAPS "cap_syslog=ep";
-+ static gchar *capsstr_sys_admin = BASE_CAPS "cap_sys_admin=ep";
-+
-+ /* Set up the minimal privilege we'll need
-+ *
-+ * NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always
-+ * indicate readability. Enabling/disabling cap_sys_admin on every poll
-+ * invocation seems to be too expensive. So I enable it for now.
-+ */
-+ if (g_process_check_cap_syslog())
-+ g_process_set_caps(capsstr_syslog);
-+ else
-+ g_process_set_caps(capsstr_sys_admin);
-+}
-+#else
-+
-+#define setup_caps()
-+
-+#endif
-+
- int
- main(int argc, char *argv[])
- {
-@@ -374,14 +401,9 @@ main(int argc, char *argv[])
- z_mem_trace_init("syslog-ng.trace");
-
- g_process_set_argv_space(argc, (gchar **) argv);
--
-- /* NOTE: polling /proc/kmsg requires cap_sys_admin, otherwise it'll always
-- * indicate readability. Enabling/disabling cap_sys_admin on every poll
-- * invocation seems to be too expensive. So I enable it for now. */
--
-- g_process_set_caps("cap_net_bind_service,cap_net_broadcast,cap_net_raw,"
-- "cap_dac_read_search,cap_dac_override,cap_chown,cap_fowner=p "
-- "cap_sys_admin=ep");
-+
-+ setup_caps();
-+
- ctx = g_option_context_new("syslog-ng");
- g_process_add_option_group(ctx);
- msg_add_option_group(ctx);
---
-1.7.6.1
-
Deleted: non-blocking-systemd-fds.patch
===================================================================
--- non-blocking-systemd-fds.patch 2011-10-11 14:15:08 UTC (rev 140265)
+++ non-blocking-systemd-fds.patch 2011-10-11 15:31:29 UTC (rev 140266)
@@ -1,32 +0,0 @@
-From 2f214c4f87d944aa28d53e331a67b1fd88d9840f Mon Sep 17 00:00:00 2001
-From: Balazs Scheidler <bazsi at balabit.hu>
-Date: Wed, 22 Jun 2011 12:50:53 +0200
-Subject: [PATCH] systemd: make sure the acquired fd is in non-blocking mode
-
-The fd acquired from systemd is in blocking mode, and syslog-ng
-didn't explicitly set it to non-blocking, causing syslog-ng
-to stall. This patch changes that, explicitly enables
-O_NONBLOCK and O_CLOEXEC on systemd acquired fds.
-
-Reported-By: Enrico Scholz <enrico.scholz at informatik.tu-chemnitz.de>
-Signed-off-by: Balazs Scheidler <bazsi at balabit.hu>
----
- modules/afsocket/afunix.c | 2 ++
- 1 files changed, 2 insertions(+), 0 deletions(-)
-
-diff --git a/modules/afsocket/afunix.c b/modules/afsocket/afunix.c
-index cd9c205..9a4e37b 100644
---- a/modules/afsocket/afunix.c
-+++ b/modules/afsocket/afunix.c
-@@ -108,6 +108,8 @@ afunix_sd_acquire_socket(AFSocketSourceDriver *s, gint *result_fd)
-
- if (*result_fd != -1)
- {
-+ g_fd_set_nonblock(*result_fd, TRUE);
-+ g_fd_set_cloexec(*result_fd, TRUE);
- msg_verbose("Acquired systemd socket",
- evt_tag_str("filename", self->filename),
- evt_tag_int("systemd-sock-fd", *result_fd),
---
-1.7.5.4
-
Modified: syslog-ng.conf
===================================================================
--- syslog-ng.conf 2011-10-11 14:15:08 UTC (rev 140265)
+++ syslog-ng.conf 2011-10-11 15:31:29 UTC (rev 140266)
@@ -1,4 +1,4 @@
- at version: 3.2
+ at version: 3.3
#
# /etc/syslog-ng/syslog-ng.conf
#
@@ -7,8 +7,8 @@
stats_freq (0);
flush_lines (0);
time_reopen (10);
- log_fifo_size (1000);
- long_hostnames(off);
+ log_fifo_size (10000);
+ chain_hostnames (off);
use_dns (no);
use_fqdn (no);
create_dirs (no);
Modified: syslog-ng.rc
===================================================================
--- syslog-ng.rc 2011-10-11 14:15:08 UTC (rev 140265)
+++ syslog-ng.rc 2011-10-11 15:31:29 UTC (rev 140266)
@@ -5,7 +5,6 @@
checkconfig() {
if ! syslog-ng -s -f /etc/syslog-ng/syslog-ng.conf; then
- stat_busy "Configuration error. Please fix your config file (/etc/syslog-ng/syslog-ng.conf)."
stat_fail
exit 1
fi
@@ -14,7 +13,7 @@
pidfile=/run/syslog-ng.pid
if [[ -r $pidfile ]]; then
read -r PID < "$pidfile"
- if [[ ! -d /proc/$PID ]]; then
+ if [[ $PID && ! -d /proc/$PID ]]; then
# stale pidfile
unset PID
rm -f "$pidfile"
@@ -25,7 +24,7 @@
start)
stat_busy "Starting Syslog-NG"
checkconfig
- if [[ -z "$PID" ]] && /usr/sbin/syslog-ng; then
+ if [[ -z $PID ]] && /usr/sbin/syslog-ng; then
add_daemon syslog-ng
stat_done
else
More information about the arch-commits
mailing list