From 8941d07b8b8d6d3a6c001f36b4f931111ad18cb4 Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Tue, 16 Jun 2015 07:45:53 +0100 Subject: vyatta-cfg-system: prevent deletion of system based post-hook symlinks Any system based symlinks installed in the /etc/commit/post-hooks.d directory were being deleted on either the initial start of the system or subsequent reboots. This commit resolves this by excluding these from the deletion process, while still tidying up other non system symlinks. This is required for bug #538 (enhancement request) to function as intended and also enables the Vyatta bug fix 4718 (enhancement), to log successful commits to syslog with commit type and user name, commited on February 2012! Bug #576 http://bugzilla.vyos.net/show_bug.cgi?id=576 --- scripts/rl-system.init | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/scripts/rl-system.init b/scripts/rl-system.init index fac5fbc1..6a2b8d25 100755 --- a/scripts/rl-system.init +++ b/scripts/rl-system.init @@ -210,8 +210,17 @@ start () { # note that this approach only supports hooks that are "configured", # i.e., it does not support hooks that need to always be present. cpostdir=$(cli-shell-api getPostCommitHookDir) + + # exclude commits hooks from vyatta-cfg + excluded="10vyatta-log-commit.pl 99vyos-user-postcommit-hooks" + if [ -d "$cpostdir" ]; then - rm -f $cpostdir/* + for f in $cpostdir/* + do + if [[ ! $excluded =~ $(basename $f) ]]; then + rm -f $cpostdir/$(basename $f) + fi + done fi ## Clear out apt config file--it will be filled in by config load -- cgit v1.2.3 From 97747570f9c16439c6286e142971b73d952b58a9 Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Tue, 16 Jun 2015 07:48:15 +0100 Subject: vyatta-cfg-system: update dh_gencontrol with new development build flag --- debian/rules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/rules b/debian/rules index 96038c44..4f9e89fa 100755 --- a/debian/rules +++ b/debian/rules @@ -96,7 +96,7 @@ binary-indep: build install dh_compress dh_fixperms dh_installdeb - if [ -f "../.VYATTA_DEV_BUILD" ]; then \ + if [ -f "../.VYOS_DEV_BUILD" ]; then \ dh_gencontrol -- -v999.dev $(SUBSTVARS); \ else \ dh_gencontrol $(SUBSTVARS); \ -- cgit v1.2.3 From 115be5c819f94eac468faf217d16fe36c436f9f0 Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Tue, 16 Jun 2015 07:49:06 +0100 Subject: 0.20.44+vyos2+lithium30 --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 30ad5b68..54a49a6e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +vyatta-cfg-system (0.20.44+vyos2+lithium30) unstable; urgency=low + + [ Alex Harpin ] + * vyatta-cfg-system: prevent deletion of system based post-hook symlinks + * vyatta-cfg-system: update dh_gencontrol with new development build flag + + -- Alex Harpin Tue, 16 Jun 2015 07:48:49 +0100 + vyatta-cfg-system (0.20.44+vyos2+lithium29) unstable; urgency=low [ Alex Harpin ] -- cgit v1.2.3 From f1d2641cfe05663d825eefc3bf4f8ba4d08f630b Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Mon, 22 Jun 2015 21:14:13 +0100 Subject: Revert "vyatta-cfg-system: prevent deletion of all user authentication" This reverts commit 593899accdff03af23e6bb6c7189ad4ed05a4d8e. This commit reintroduced the inability to delete a user configured on the system, which was resolved in bug #557. Reverting this for the time being until a better fix can be implemented. --- .../login/user/node.tag/authentication/encrypted-password/node.def | 3 --- .../system/login/user/node.tag/authentication/public-keys/node.def | 4 ---- 2 files changed, 7 deletions(-) diff --git a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def index a8b3ee54..29ad14a8 100644 --- a/templates/system/login/user/node.tag/authentication/encrypted-password/node.def +++ b/templates/system/login/user/node.tag/authentication/encrypted-password/node.def @@ -9,6 +9,3 @@ syntax:expression: ($VAR(@) == "*" || $VAR(@) == "!" \ || ( pattern $VAR(@) "^\\$5\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{43}$" ) \ || ( pattern $VAR(@) "^\\$6\\$[a-zA-Z0-9\./]*\\$[a-zA-Z0-9\./]{86}$" )) \ ; "Not a valid encrypted password for user $VAR(../../@)" - -delete:expression: $VAR(../public-keys) != "" - ; "either user encrypted password or public keys must be set" \ No newline at end of file diff --git a/templates/system/login/user/node.tag/authentication/public-keys/node.def b/templates/system/login/user/node.tag/authentication/public-keys/node.def index d813fb9e..245e7197 100644 --- a/templates/system/login/user/node.tag/authentication/public-keys/node.def +++ b/templates/system/login/user/node.tag/authentication/public-keys/node.def @@ -7,7 +7,3 @@ commit:expression: $VAR(./type/) != "" ; \ "Must configure public key type for $VAR(@)" commit:expression: $VAR(./key/) != "" ; \ "Must configure public key value for $VAR(@)" - -delete:expression: ($VAR(../encrypted-password) != "" && - $VAR(../encrypted-password/@) != "!") - ; "either user encrypted password or public keys must be set" \ No newline at end of file -- cgit v1.2.3 From 06073474594426a2da5cb9907fc7587df56c0c23 Mon Sep 17 00:00:00 2001 From: Alex Harpin Date: Mon, 22 Jun 2015 21:21:08 +0100 Subject: 0.20.44+vyos2+lithium31 --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 54a49a6e..4c4fb96f 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +vyatta-cfg-system (0.20.44+vyos2+lithium31) unstable; urgency=low + + [ Alex Harpin ] + * Revert "vyatta-cfg-system: prevent deletion of all user authentication" + + -- Alex Harpin Mon, 22 Jun 2015 21:20:41 +0100 + vyatta-cfg-system (0.20.44+vyos2+lithium30) unstable; urgency=low [ Alex Harpin ] -- cgit v1.2.3