[PATCH 1/9] chiark live tree fixes including proposed sites bugfix

Ian Jackson ijackson at chiark.greenend.org.uk
Thu Jul 12 20:40:20 BST 2012

Ian Jackson writes ("[PATCH 1/9] chiark live tree fixes including proposed sites bugfix"):
> These patches are in ~secnet/secnet-live.git on chiark:
> I'm proposing these additional patches to sort out some problems with
> the way I was using `include':
>  7/9 make-secnet-sites: Do newline-trimming in pline()
>  8/9 make-secnet-sites: In -u mode, output file "dereferences" include directives
>  9/9] make-secnet-sites: Do not permit "include" in simple sites files

These patches are going to be in 0.3.0~beta1.

> In particular, Steve was complaining that the generated sites file
> contained an "include" directive which (a) means you can't process it
> with any released version of secnet and (b) anyway a normal site admin
> running make-secnet-sites should not have to trust the sites file
> (to the extent of having to scrutinise it for includes).

This seems to work.

> I don't have time right now but in a test copy of ~secnet/sgo-vpn I
> ran this
>   USERV_USER=ian USERV_GROUP=ian-rela ~/things/Fvpn/secnet.git/make-secnet-sites -u header groupfiles newsites ian-rela </dev/null
> and it seemed to do the right thing.
> The file "newsites" is below.

I ran
  userv secnet vpnsites ian-rela </dev/null
  userv secnet chiarkvpnsites ian-rela </u/ian/vpn-site-zealot
to get it to regenerate the sites files and it seems to have done the
right thing.  In particular the sgo-vpn/sites file now contains the
expected contents, no include directive, and can be processed by
make-secnet-sites into something that looks about right.

Steve: it would be good if you could manage to take a look at this
before we actually want to release 0.3.0, which ought to be fairly
soon given the security bugs in 0.2.x.


More information about the sgo-software-discuss mailing list