Sebastian Kemper [Sat, 16 May 2020 12:30:39 +0000 (14:30 +0200)]
apache: revisit suEXEC setup
When adding suEXEC to the apache package, Alpine's package [1] served as
a template. Not enough attention was paid to the details.
Alpine uses a different layout. So for OpenWrt to use /var/www as
DocumentRoot does not make sense. /var is also volatile on OpenWrt. This
commit removes the configure argument. The default is htdocsdir.
This also does away with uidmin/gidmin 99. The default is 100, which is
fine.
Finally, the suexec binary is moved from /usr/sbin to
/usr/lib/apache2/suexec_dir. Upstream recommends installing suexec with
"4750" (see [2]) and the group set to the user's group. While that would
be possible, it would cause a few headaches on OpenWrt. The group would
need to be changed first in a post-install script and a call to chmod
would need to be made afterward, to make the binary SUID again.
It's easier to hide the SUID binary away from others in a directory.
This way we don't need to use chmod in the post-install script.
mini_snmpd: Add sysDescr option.
Some monitoring tools will run into errors when sysDescr field is empty. This was the case for cacti 1.2.8 that i'm using to monitor my network. Ideally the sysDescr field would contain some information from the overview of luci, e.g. the Model, Firmware and Kernel-Version fields, but i am stranger to OpenWRT, so I'm unable to do that.
Jeffery To [Thu, 14 May 2020 09:45:18 +0000 (17:45 +0800)]
golang: Set/reset default platform options for target Go compiler
Because the first stage for building target Go is actually a host build,
the default platform options (GO386, GOARM, etc.) are detected from the
host. These values are written to a source file and kept when building
the second stage.
This modifies this source file to set the appropriate values for the
target platform, and reset values for other platforms to their
cross-compiling / most compatible defaults.
Daniel Engberg [Thu, 14 May 2020 08:45:46 +0000 (10:45 +0200)]
admin/netdata: Update to 1.22.1
Update netdata to 1.22.1
Disable cloud functionality
Shoehorn patches from FreeBSD's ports repo
Remove cloud notifications and netdata's self-update feature
json-c is no longer optional
modemmanager: allow specifying list of authentication protocols
ModemManager allows specifying which are the authentication protocols
to be used during the user/password context authentication with the
peer.
This protocol update allows users to provide a new 'allowedauth'
option in the interface configuration, which is then used in two
different places:
* It is sent to ModemManager in the --simple-connect call so that
modems with a network interface can perform the authentication
using their own vendor-specific protocol.
* If the connection is done using PPP, this list of protocols is used
to configure the pppd call.
If the new 'allowedauth' option is not given, all auth protocols are
implicitly allowed.
Peter Stadler [Tue, 12 May 2020 09:00:00 +0000 (11:00 +0200)]
nginx: do not reduce max processes
Use the upstream value for NGX_MAX_PROCESSES (=1024) again.
So it is safe to use `worker_processes auto;` (which sets it to
the number of CPUs). Also use this directive in the conf instead
of calculating the number in the init and passing it as argument.
Sebastian Kemper [Mon, 11 May 2020 20:55:24 +0000 (22:55 +0200)]
mariadb: switch init to mysqld_safe and mysqladmin
mysqld_safe is the recommended way to start the server on non-systemd
systems ([1]). For instance, it has a crash detection with auto-restart
function, can update ulimits, setup core files, set the niceness of the
server etc. It looks like it could also be helpful when trying to set up
clusters. It's maintained upstream and adding it means we don't need to
add these features into our init script.
mysqld_safe is a script itself, so it's added to conffiles in case users
want to edit it.
It can't be run under procd, so the init script is converted to a normal
System V type. To stop the server and to reload the privileges tables
mysqladmin is used. To that end mysqladmin is moved into the server
package.
While changing the init script, the Debian init script was used for
ideas. It wasn't copied verbatim and adapted a bit here and there.
Thanks to whoever wrote it!
This commit removes the support for starting the service as a user other
than "mariadb". This makes the init script simpler. If anybody wants to
play around with the user then it's up to them to fix the permissions.
Sebastian Kemper [Mon, 11 May 2020 20:28:06 +0000 (22:28 +0200)]
mariadb: update auth_pam handling
With INSTALL_PAMDIR undefined some items necessary for the auth_pam
module aren't built. This adds the define so that configuration and
shared object become available.
This commit also tightens up the installation of the SUID tool. The
directory it is copied into gets created on the build host already with
u=rwx,g=rx,o=, so it cannot be accessed on target, except by root. The
post-install script then changes group ownership of the directory to the
"mariadb" group only if the directory is really a directory and owned by
"root:root".
Sebastian Kemper [Mon, 11 May 2020 20:14:54 +0000 (22:14 +0200)]
mariadb: install config files readable for all
Until now $(INSTALL_CONF) is used for configuration files that go into
/etc/mysql. This commit replaces that with $(INSTALL_DATA). The
configuration files are not only parsed by the server, but also by the
clients (which can be anybody).
This also removes a comment about a cron job from one of the
configuration files. There is no cron job.
libssh2: switch default to OpenSSL and fix depends
All packages in the tree that depend on libssh2 _and_ have their own
dependency on a TLS library, depend on OpenSSL by default. It makes
sense for the libssh2 package to default to OpenSSL as well. This way it
does not pull in a second TLS library.
Also, the OpenSSL dependency is changed to
"+!LIBSSH2_MBEDTLS:libopenssl", which fixes build issues in case libssh2
is not selected but built anyway.
And last, Config.in file is removed and its content added to the
Makefile instead.