diff options
| -rw-r--r-- | www-apps/tt-rss/Manifest | 2 | ||||
| -rw-r--r-- | www-apps/tt-rss/files/permissions-r1 | 23 | ||||
| -rw-r--r-- | www-apps/tt-rss/files/tt-rss-no-chmod.patch | 44 | ||||
| -rw-r--r-- | www-apps/tt-rss/files/ttrssd.confd-r2 | 9 | ||||
| -rw-r--r-- | www-apps/tt-rss/tt-rss-20230901.ebuild (renamed from www-apps/tt-rss/tt-rss-20220218.ebuild) | 14 | ||||
| -rw-r--r-- | www-apps/tt-rss/tt-rss-99999999.ebuild | 16 |
6 files changed, 54 insertions, 54 deletions
diff --git a/www-apps/tt-rss/Manifest b/www-apps/tt-rss/Manifest index e407e317a278..da200b684ec8 100644 --- a/www-apps/tt-rss/Manifest +++ b/www-apps/tt-rss/Manifest @@ -1 +1 @@ -DIST tt-rss-20220218.tar.gz 9916433 BLAKE2B 318969b6e5156842079bf68c4ea614e5e60e21d8caa46b1a78f2cef051904da30e5091838f6e10f6f610d8ee39c7922137aeb60b7cd5004cabc1d2cdf65edfa8 SHA512 38a81dd737462724bc52ca3915350c175abe548cd566a4f9a5e1d5efda9287d0666e9348e5b13dd20549360501de5b0bfb659292fb650f7a60fdab8b63cf8202 +DIST tt-rss-20230901.tar.xz 5368876 BLAKE2B af7dc8c7003f9bd83f656a1596458302eb29b7f27428e38e9cbc7fdeb0b920079622b577e5e578069d8475c265061efeb23648da621ad66263370a748512d49c SHA512 02111c89a3dc8fbf94be38d87fa90770eaaa644672aeeb7c1ece3ac7137c5a4f2f0f4412319bd887305f365fc7da9bfe3f644495a5655e8a351ecdae97a04d35 diff --git a/www-apps/tt-rss/files/permissions-r1 b/www-apps/tt-rss/files/permissions-r1 index e50b4406646d..0ca420e97beb 100644 --- a/www-apps/tt-rss/files/permissions-r1 +++ b/www-apps/tt-rss/files/permissions-r1 @@ -3,22 +3,27 @@ cd "${MY_INSTALLDIR}" if [[ $1 = install ]]; then + # Ensure database credentials are secure. + [[ -e config.php ]] || touch config.php + chown --no-dereference "${VHOST_SERVER_UID}":ttrssd config.php + chmod 00440 config.php + # We need to lock down cache/ for the operations below to be # safe. The permissions match the webapp-config defaults but these # can be changed and existing installations may also differ. chown root:root cache/ chmod 00755 cache/ - chgrp --no-dereference ttrssd feed-icons/ lock/ cache/*/ - chmod g+ws feed-icons/ lock/ cache/*/ + chgrp --no-dereference ttrssd lock/ cache/*/ + chmod g+ws lock/ cache/*/ - # Files within lock/ are exclusively written by the update daemon. - # feed-icons/ and cache/ holds files that are modified in place by both - # processes and therefore ACLs are required to ensure that the files - # themselves are created as group writable. - if ! setfacl --modify d:g::rwX feed-icons/ cache/*/; then + # Files within lock/ are exclusively written by the update daemon. cache/ + # subdirectories hold files that are modified in place by both processes and + # therefore ACLs are required to ensure that the files themselves are + # created as group writable. + if ! setfacl --modify d:g::rwX cache/*/; then echo "WARNING: ACLs are not available on this filesystem. Either enable them or set TTRSSD_USER to your PHP user in /etc/conf.d/ttrssd to avoid permission issues." - elif [[ -n $(find feed-icons/ cache/ -type f ! -name ".*" ! -name index.html ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then - echo "WARNING: Files that are not writable by the ttrssd group found within the cache or feed-icons directories. Either delete them or correct their permissions." + elif [[ -n $(find cache/ -type f ! -name ".*" ! -name index.html ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then + echo "WARNING: Files that are not writable by the ttrssd group found within the cache directory. Either delete them or correct their permissions." fi fi diff --git a/www-apps/tt-rss/files/tt-rss-no-chmod.patch b/www-apps/tt-rss/files/tt-rss-no-chmod.patch index e51e66eaed22..4dd41af4bb12 100644 --- a/www-apps/tt-rss/files/tt-rss-no-chmod.patch +++ b/www-apps/tt-rss/files/tt-rss-no-chmod.patch @@ -1,26 +1,18 @@ -These files may be written and then updated by the web interface user or the -update daemon user, so they need to be group writeable. We enforce this with -ACLs rather than chmod though. - -diff --color -Naur a/classes/pref/feeds.php b/classes/pref/feeds.php ---- a/classes/pref/feeds.php 2022-02-18 13:44:03.000000000 +0000 -+++ b/classes/pref/feeds.php 2022-02-19 15:37:55.000723992 +0000 -@@ -490,7 +490,6 @@ - - if (file_exists($new_filename)) unlink($new_filename); - if (rename($tmp_file, $new_filename)) { -- chmod($new_filename, 0644); - - $feed->set([ - 'favicon_avg_color' => null, -diff --color -Naur a/classes/rssutils.php b/classes/rssutils.php ---- a/classes/rssutils.php 2022-02-18 13:44:03.000000000 +0000 -+++ b/classes/rssutils.php 2022-02-19 15:37:40.393312123 +0000 -@@ -1728,7 +1728,6 @@ - - fwrite($fp, $contents); - fclose($fp); -- chmod($icon_file, 0644); - clearstatcache(); - - return $icon_file; +diff --git a/plugins/cache_starred_images/init.php b/plugins/cache_starred_images/init.php +index 208eafde9..05b5a1a93 100755 +--- a/plugins/cache_starred_images/init.php ++++ b/plugins/cache_starred_images/init.php +@@ -24,11 +24,8 @@ class Cache_Starred_Images extends Plugin { + $this->cache = DiskCache::instance("starred-images"); + $this->cache_status = DiskCache::instance("starred-images.status-files"); + +- if ($this->cache->make_dir()) +- chmod($this->cache->get_dir(), 0777); +- +- if ($this->cache_status->make_dir()) +- chmod($this->cache_status->get_dir(), 0777); ++ $this->cache->make_dir(); ++ $this->cache_status->make_dir(); + + if (!$this->cache->exists(".no-auto-expiry")) + $this->cache->put(".no-auto-expiry", ""); diff --git a/www-apps/tt-rss/files/ttrssd.confd-r2 b/www-apps/tt-rss/files/ttrssd.confd-r2 index b169b548bb9a..7546d096d08b 100644 --- a/www-apps/tt-rss/files/ttrssd.confd-r2 +++ b/www-apps/tt-rss/files/ttrssd.confd-r2 @@ -1,4 +1,4 @@ -# Copyright 1999-2018 Gentoo Foundation +# Copyright 1999-2023 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 # Space-separated paths of TT-RSS instances that you want to start the @@ -24,10 +24,9 @@ LOG_DIR="/var/log/ttrssd" # User to run the update daemon as. You should not run this as # root. If ACLs are unavailable on the filesystem used by the TT-RSS # instances then choosing the same user that serves the PHP web -# interface is recommended to avoid permission issues. You *must* add -# this user to the ttrssd group. If the PHP user is not the same as -# the web server user (e.g. apache or nginx) then this user must be -# added to the ttrssd group too. +# interface is recommended to avoid permission issues. Either way, you +# *must* add these users to the ttrssd group unless everything is +# running as the web server user (e.g. apache or nginx). # # Default: # TTRSSD_USER="ttrssd" diff --git a/www-apps/tt-rss/tt-rss-20220218.ebuild b/www-apps/tt-rss/tt-rss-20230901.ebuild index 720630a250db..284e1f60ac70 100644 --- a/www-apps/tt-rss/tt-rss-20220218.ebuild +++ b/www-apps/tt-rss/tt-rss-20230901.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -7,13 +7,13 @@ inherit webapp DESCRIPTION="Tiny Tiny RSS - A web-based news feed (RSS/Atom) aggregator using AJAX" HOMEPAGE="https://tt-rss.org/" -SRC_URI="https://dev.gentoo.org/~chewi/distfiles/${P}.tar.gz" # Upstream git frontend blocks wget? +SRC_URI="https://dev.gentoo.org/~chewi/distfiles/${P}.tar.xz" LICENSE="GPL-3" KEYWORDS="~amd64 ~arm ~arm64 ~mips ~x86" IUSE="+acl daemon gd +mysqli postgres" REQUIRED_USE="|| ( mysqli postgres )" -PHP_SLOTS="8.0 7.4" +PHP_SLOTS="8.2" PHP_USE="gd?,mysqli?,postgres?,curl,fileinfo,intl,json(+),pdo,unicode,xml" php_rdepend() { @@ -62,12 +62,12 @@ src_install() { insinto "${MY_HTDOCSDIR}" doins -r * - # When updating, grep the plugins directory for additional CACHE_DIR - # instances as they cannot be created later due to permissions. - dodir "${MY_HTDOCSDIR}"/cache/starred-images + # When updating, grep the code for additional DiskCache::instances as they + # cannot be created later due to permissions. + keepdir "${MY_HTDOCSDIR}"/cache/{feed-icons,starred-images} local dir - for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,feed-icons,lock}/; do + for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,lock}/; do webapp_serverowned "${dir#${ED}}" done diff --git a/www-apps/tt-rss/tt-rss-99999999.ebuild b/www-apps/tt-rss/tt-rss-99999999.ebuild index a821a1e6edb9..668d1007ed48 100644 --- a/www-apps/tt-rss/tt-rss-99999999.ebuild +++ b/www-apps/tt-rss/tt-rss-99999999.ebuild @@ -1,4 +1,4 @@ -# Copyright 1999-2022 Gentoo Authors +# Copyright 1999-2023 Gentoo Authors # Distributed under the terms of the GNU General Public License v2 EAPI=8 @@ -13,7 +13,7 @@ SLOT="${PV}" # Single live slot. IUSE="+acl daemon gd +mysqli postgres" REQUIRED_USE="|| ( mysqli postgres )" -PHP_SLOTS="8.1 8.0 7.4" +PHP_SLOTS="8.2" PHP_USE="gd?,mysqli?,postgres?,curl,fileinfo,intl,json(+),pdo,unicode,xml" php_rdepend() { @@ -50,18 +50,22 @@ DEPEND=" need_httpd_cgi # From webapp.eclass +PATCHES=( + "${FILESDIR}"/${PN}-no-chmod.patch +) + src_install() { webapp_src_preinst insinto "${MY_HTDOCSDIR}" doins -r * - # When updating, grep the plugins directory for additional CACHE_DIR - # instances as they cannot be created later due to permissions. - dodir "${MY_HTDOCSDIR}"/cache/starred-images + # When updating, grep the code for additional DiskCache::instances as they + # cannot be created later due to permissions. + keepdir "${MY_HTDOCSDIR}"/cache/{feed-icons,starred-images} local dir - for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,feed-icons,lock}/; do + for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,lock}/; do webapp_serverowned "${dir#${ED}}" done |