[PATCH 1/9] chiark live tree fixes including proposed sites bugfix
Ian Jackson
ijackson at chiark.greenend.org.uk
Thu Jul 12 20:40:20 BST 2012
Ian Jackson writes ("[PATCH 1/9] chiark live tree fixes including proposed sites bugfix"):
> These patches are in ~secnet/secnet-live.git on chiark:
...
> I'm proposing these additional patches to sort out some problems with
> the way I was using `include':
> 7/9 make-secnet-sites: Do newline-trimming in pline()
> 8/9 make-secnet-sites: In -u mode, output file "dereferences" include directives
> 9/9] make-secnet-sites: Do not permit "include" in simple sites files
These patches are going to be in 0.3.0~beta1.
> In particular, Steve was complaining that the generated sites file
> contained an "include" directive which (a) means you can't process it
> with any released version of secnet and (b) anyway a normal site admin
> running make-secnet-sites should not have to trust the sites file
> (to the extent of having to scrutinise it for includes).
This seems to work.
> I don't have time right now but in a test copy of ~secnet/sgo-vpn I
> ran this
> USERV_USER=ian USERV_GROUP=ian-rela ~/things/Fvpn/secnet.git/make-secnet-sites -u header groupfiles newsites ian-rela </dev/null
> and it seemed to do the right thing.
>
> The file "newsites" is below.
I ran
userv secnet vpnsites ian-rela </dev/null
and
userv secnet chiarkvpnsites ian-rela </u/ian/vpn-site-zealot
to get it to regenerate the sites files and it seems to have done the
right thing. In particular the sgo-vpn/sites file now contains the
expected contents, no include directive, and can be processed by
make-secnet-sites into something that looks about right.
Steve: it would be good if you could manage to take a look at this
before we actually want to release 0.3.0, which ought to be fairly
soon given the security bugs in 0.2.x.
Ian.
More information about the sgo-software-discuss
mailing list