diff -pruN 0.20180719-3/CHANGELOG 0.20220715-1/CHANGELOG --- 0.20180719-3/CHANGELOG 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/CHANGELOG 2022-07-16 00:50:18.000000000 +0000 @@ -1,3 +1,28 @@ +ikiwiki-hosting (0.20220715) upstream; urgency=medium + + * Avoid directly running init scripts, instead use the service command. + * Avoid running apache2ctl graceful which may start an apache process + outside of systemd control (see bug #927302). + (But note that certbot still uses apache2ctl graceful.) + * As ssh RSA keys are being deprecated in an upcoming ssh release, + the gitpush plugin will generate a Ed25519 key for the site if one does + not yet exist. + * The gitpush plugin, when listing the site's ssh keys, will list all + available public keys, rather than just one. + * Fix anonymous git push to branchable sites, which has been broken + since 2018 by a git behavior change. + * Fix ACL setting in ikisite enable to come after chmod, which otherwise + would mess up the ACLs and break anonymous git push. + * Added hostname_stopwords config that can be used to prevent use of + particular words in names of sites. + * ikisite enable, ikisite letsencrypt: When a fullchain file is available, + use it for apache's SSLCertificateFile, and do not use the chain file. + This avoids a problem with leteencrypt and apache where apache serves + up 2 copies of the certificate, one from the cert file, and one from + the fullchain file, which confuses some SSL clients. + + -- Joey Hess Fri, 15 Jul 2022 20:49:28 -0400 + ikiwiki-hosting (0.20180719) upstream; urgency=medium [ Joey Hess ] diff -pruN 0.20180719-3/debian/changelog 0.20220715-1/debian/changelog --- 0.20180719-3/debian/changelog 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/changelog 2022-08-01 09:16:10.000000000 +0000 @@ -1,3 +1,25 @@ +ikiwiki-hosting (0.20220715-1) unstable; urgency=medium + + * New upstream release + * Drop patches, included upstream + * d/p/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch: + Add patch to fix build-time tests + * Use Testsuite: autopkgtest-pkg-perl. + Recent versions of autodep8 will append our debian/tests/control to the + one they generate, so we no longer need to replicate what autodep8 would + have produced. + * Add some Lintian overrides + * Use recommended debhelper compat level 13 + - Add misc:Pre-Depends to all packages + - Stop overriding dh_missing, the default is now --fail-missing + * d/ikiwiki-hosting-web.service, + d/p/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch: + Use a native systemd unit for the git daemon. + This avoids dispatching through a shell script during system boot. + * d/tests/create-delete: Assert that the gitweb service is available + + -- Simon McVittie Mon, 01 Aug 2022 10:16:10 +0100 + ikiwiki-hosting (0.20180719-3) unstable; urgency=medium * d/control: Depend on gcc | clang | tcc, not on generic c-compiler. diff -pruN 0.20180719-3/debian/compat 0.20220715-1/debian/compat --- 0.20180719-3/debian/compat 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/compat 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -11 diff -pruN 0.20180719-3/debian/control 0.20220715-1/debian/control --- 0.20180719-3/debian/control 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/control 2022-08-01 09:16:10.000000000 +0000 @@ -2,16 +2,19 @@ Source: ikiwiki-hosting Section: admin Priority: optional Build-Depends: - debhelper (>= 11~), + debhelper-compat (= 13), ikiwiki, Maintainer: Simon McVittie Standards-Version: 4.4.1 Vcs-Git: https://salsa.debian.org/debian/ikiwiki-hosting.git Vcs-Browser: https://salsa.debian.org/debian/ikiwiki-hosting Homepage: https://ikiwiki-hosting.branchable.com/ +Testsuite: autopkgtest-pkg-perl Package: ikiwiki-hosting-common Architecture: all +Pre-Depends: + ${misc:Pre-Depends}, Depends: ${misc:Depends}, ${perl:Depends}, @@ -26,6 +29,8 @@ Description: ikiwiki hosting: common fil Package: ikiwiki-hosting-dns Architecture: all +Pre-Depends: + ${misc:Pre-Depends}, Depends: bind9, ikiwiki-hosting-common, @@ -43,6 +48,8 @@ Description: ikiwiki hosting: dns server Package: ikiwiki-hosting-web Architecture: any +Pre-Depends: + ${misc:Pre-Depends}, Depends: acl, adduser, diff -pruN 0.20180719-3/debian/ikiwiki-hosting-web.lintian-overrides 0.20220715-1/debian/ikiwiki-hosting-web.lintian-overrides --- 0.20180719-3/debian/ikiwiki-hosting-web.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/debian/ikiwiki-hosting-web.lintian-overrides 2022-08-01 09:16:10.000000000 +0000 @@ -0,0 +1,6 @@ +# Non-FHS but used on all Debian systems, e.g. by dpkg +non-standard-dir-in-var [var/backups/] +# Not documentation +package-contains-documentation-outside-usr-share-doc [usr/share/gitweb/robots.txt] +# These don't really need to be run as-is +script-not-executable [etc/ikiwiki-hosting/autosetup/*.setup] diff -pruN 0.20180719-3/debian/ikiwiki-hosting-web.service 0.20220715-1/debian/ikiwiki-hosting-web.service --- 0.20180719-3/debian/ikiwiki-hosting-web.service 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/debian/ikiwiki-hosting-web.service 2022-08-01 09:16:10.000000000 +0000 @@ -0,0 +1,14 @@ +[Unit] +Description=ikiwiki-hosting git service + +[Service] +# git daemon is run in virtual host mode, so for git://example.com/*, +# it looks in /var/lib/ikiwiki-hosting-web/git/example.com +# %H needs to be escaped as %%H to pass it through systemd into git-daemon +ExecStart=/usr/lib/git-core/git-daemon --reuseaddr --interpolated-path=/var/lib/ikiwiki-hosting-web/git/%%H +User=ikiwiki-anon +Group=ikiwiki-anon +Restart=on-failure + +[Install] +WantedBy=multi-user.target diff -pruN 0.20180719-3/debian/patches/Avoid-directly-running-init-scripts-instead-use-the-servi.patch 0.20220715-1/debian/patches/Avoid-directly-running-init-scripts-instead-use-the-servi.patch --- 0.20180719-3/debian/patches/Avoid-directly-running-init-scripts-instead-use-the-servi.patch 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/patches/Avoid-directly-running-init-scripts-instead-use-the-servi.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,113 +0,0 @@ -From: Joey Hess -Date: Wed, 17 Apr 2019 11:12:06 -0400 -Subject: Avoid directly running init scripts, - instead use the service command. - -For one thing, service is standard and may be more portable. - -But the real reason is I have seen apache2 processes somehow end up not -running in the apache2 cgroup, and so it seems that somehow something that -is restarting it doesn't end up using systemctl. That breaks eg, the -preiodic reloads of apache2 to see new letsencrypt certs. - -/etc/init.d/apache uses the lsb init-functions, which normally when -loaded realize systemd is in use and bypass the usual init script code. - -HOWEVER, in /lib/lsb/init-functions.d/40-systemd there is this mess: - - # Redirect SysV init scripts when executed by the user - if [ $PPID -ne 1 ] && [ -z "${SYSTEMCTL_SKIP_REDIRECT:-}" ]; then - case $(readlink -f "$executable") in - /etc/init.d/*) - # If the state is not-found, this might be a newly installed SysV init - # script where systemd-sysv-generator has not been run yet. - [ "$state" != "not-found" ] || [ "$(id -u)" != 0 ] || systemctl --no-ask-password daemon-reload - - _use_systemctl=1 - # Some services can't reload through the .service file, - # but can through the init script. - if [ "$(systemctl -p CanReload --value show $service 2>/dev/null)" = "no" ] && [ "${argument:-}" = "reload" ]; then - _use_systemctl=0 - fi - -If that doesn't set _use_systemctl=1, systemctl will not be used and the -old init script code will be run. It might kill the apache2 processes -owned by systemd and start up the daemon in some other control group -(possibly cron's when a cron job ran the init script). - -Seems unlikely that PPID would be 1 for a cron job. It's at least -theoretically posible that the init script might not exist in -/etc/init.d, if apache happens to get upgraded just as a cron job is -running its init script and dpkg doesn't update the conffile -atomically. Or perhaps systemctl -p CanReload is for whatever reason -no at some point in time. - -Whatever it is, it must only happen intermittently, because -the ikiwiki-hosting-web-daily cron job contained a -/etc/init.d/apache2 reload -and yet apache was not restarted for months on our server. So at least -most of the time that must have been trying to restart it via systemctl -and failing because it had already escaped its control. - -My takeaway is that this is almost certianly why we're getting apache2 -processes outside the control of systemd, and the best way to avoid it, -short of tracking down whatever the bug is, is to avoid running init -scripts by hand and use systemctl, or something that runs it. - -(Only other possibility might be that some admin did something stupid -like manually killing and starting apache, but I can find no evidence of -that in the logs.) - -Hopefully using `service` will avoid the problem. It detects systemd in a -less byzantine way and should always use systemctl for start and stop. -Although, for reload, it does also check systemctl -p CanReload and falls -back to running the init script, so if that is somehow the root cause it -would still be a problem. - -(cherry picked from commit 27927bfd630dfb09fed9d27b2c9ed37e90c0eaa3) ---- - CHANGELOG | 6 ++++++ - ikidns | 2 +- - ikiwiki-hosting-web-daily | 2 +- - 3 files changed, 8 insertions(+), 2 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index 2c0b54f..a1b3358 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,3 +1,9 @@ -+ikiwiki-hosting (0.20180720) UNRELEASED; urgency=medium -+ -+ * Avoid directly running init scripts, instead use the service command. -+ -+ -- Joey Hess Wed, 17 Apr 2019 11:03:52 -0400 -+ - ikiwiki-hosting (0.20180719) upstream; urgency=medium - - [ Joey Hess ] -diff --git a/ikidns b/ikidns -index 7cf6e29..6afe5a9 100755 ---- a/ikidns -+++ b/ikidns -@@ -115,7 +115,7 @@ sub setupbind { - close NAMED_CONF_OUT || error "close named.conf.tmp: $!"; - shell("mv", "-f", "/etc/bind/named.conf.local.tmp", "/etc/bind/named.conf.local"); - -- shell("/etc/init.d/bind9", "restart"); -+ shell("service", "bind9", "restart"); - } - - sub meta_letsencrypt { -diff --git a/ikiwiki-hosting-web-daily b/ikiwiki-hosting-web-daily -index a10f4a0..ea7fd96 100755 ---- a/ikiwiki-hosting-web-daily -+++ b/ikiwiki-hosting-web-daily -@@ -20,7 +20,7 @@ for site in $(ikisite list); do - done - - # Reload apache so it will start logging to the new site log files. --/etc/init.d/apache2 reload -+service apache2 reload - - # Request and renew any Lets Encrypt certs as needed. - ikisite maintaincerts diff -pruN 0.20180719-3/debian/patches/Avoid-running-apache2ctl-graceful-which-may-restart-apach.patch 0.20220715-1/debian/patches/Avoid-running-apache2ctl-graceful-which-may-restart-apach.patch --- 0.20180719-3/debian/patches/Avoid-running-apache2ctl-graceful-which-may-restart-apach.patch 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/patches/Avoid-running-apache2ctl-graceful-which-may-restart-apach.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,128 +0,0 @@ -From: Joey Hess -Date: Wed, 17 Apr 2019 12:00:08 -0400 -Subject: Avoid running apache2ctl graceful which may restart apache, - instead use the service command -MIME-Version: 1.0 -Content-Type: text/plain; charset="utf-8" -Content-Transfer-Encoding: 8bit - -Following on from 27927bfd630dfb09fed9d27b2c9ed37e90c0eaa3, I reproduced -the problem again and it looked like this: - - CGroup: / - ├─init.scope - │ └─1 /lib/systemd/systemd --system --deserialize 25 - └─system.slice - ├─ssh.service - │ ├─ 640 /usr/sbin/apache2 -k graceful - │ ├─ 816 /usr/sbin/apache2 -k graceful - │ ├─ 1133 /usr/sbin/apache2 -k graceful - │ ├─ 1140 /usr/sbin/apache2 -k graceful - │ ├─ 1298 /usr/sbin/apache2 -k graceful - │ ├─ 1599 /usr/sbin/apache2 -k graceful - -There were dozens of the processes which had all been started in a small amount -of time. I was upgrading ikiwiki-hosting at the time, so it seems likely that -ikisite ran it for each of the dozens of sites. Seems to point the finger at -apache2ctl graceful, but I don't reproduce the problem running it manually. - -My guess is that, in some circumstances, apache2ctl graceful fails to -talk to the currently running apache daemon, and so I guess proceeds to -kill it and starts a new one, thus escaping the systemd cgroup. - -If so, this change should avoid that, while keeping the graceful detection of -broken apache configs. - -(cherry picked from commit 49956083ada2efe59ddf497182e7e1d2717b2a49) ---- - CHANGELOG | 2 ++ - ikisite | 35 ++++++++++++++++++++++++++++------- - 2 files changed, 30 insertions(+), 7 deletions(-) - -diff --git a/CHANGELOG b/CHANGELOG -index a1b3358..612c0b4 100644 ---- a/CHANGELOG -+++ b/CHANGELOG -@@ -1,6 +1,8 @@ - ikiwiki-hosting (0.20180720) UNRELEASED; urgency=medium - - * Avoid directly running init scripts, instead use the service command. -+ * Avoid running apache2ctl graceful which may restart apache, instead use -+ the service command. - - -- Joey Hess Wed, 17 Apr 2019 11:03:52 -0400 - -diff --git a/ikisite b/ikisite -index 6407289..aa47342 100755 ---- a/ikisite -+++ b/ikisite -@@ -1689,8 +1689,7 @@ sub enable { - } - - # reload apache config -- eval { shell("apache2ctl", "graceful") }; -- if ($@) { -+ if (! apache_reload_graceful()) { - # avoid leaving apache in a broken state - foreach my $site (keys %setup) { - if (apache_before_2_4()) { -@@ -1700,9 +1699,6 @@ sub enable { - shell("a2dissite", $site); - } - } -- -- shell("apache2ctl", "graceful"); -- error "apache2ctl graceful failed"; - } - - enabledns($hostname); -@@ -1850,7 +1846,7 @@ sub disable { - $reload=1; - } - } -- shell("apache2ctl", "graceful") if $reload && ! $options{temporary}; -+ apache_reload_graceful() if $reload && ! $options{temporary}; - - return 1; - } -@@ -2008,7 +2004,7 @@ sub maintaincerts { - # own. - if ($inuse && ! -e "/etc/cron.d/certbot") { - eval { shell("certbot", "renew", "--non-interactive", "--quiet") }; -- eval { shell("apache2ctl", "graceful") }; -+ apache_reload_graceful(); - } - - return 1; -@@ -3308,6 +3304,31 @@ sub nsupdate { - chdir "/"; - } - -+# checks apache config, only reloading apache if the config is legal to -+# prevent a bad config leaving it not running -+# -+# returns false if the config is bad; the caller should then revert -+# whatever changes it made -+sub apache_reload_graceful { -+ if (shell_exitcode("apache2ctl", "configtest") == 0) { -+ # Use service rather than letting apache2ctl graceful -+ # reload apache, because the latter has been observed -+ # sometimes stopping apache and starting it again under a -+ # different cgroup than the one systemd keeps apache in. -+ eval { shell("service", "apache2", "reload") }; -+ if ($@) { -+ return 0; -+ } -+ else { -+ return 1; -+ } -+ } -+ else { -+ return 0; -+ } -+} -+ -+ - sub loadsetup_safe { - my $setupfile=shift; - diff -pruN 0.20180719-3/debian/patches/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch 0.20220715-1/debian/patches/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch --- 0.20180719-3/debian/patches/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/debian/patches/ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch 2022-08-01 09:16:10.000000000 +0000 @@ -0,0 +1,29 @@ +From: Simon McVittie +Date: Sun, 31 Jul 2022 18:06:58 +0100 +Subject: ikiwiki-hosting.conf: Indicate that systemd unit needs to be in sync + +Signed-off-by: Simon McVittie +--- + ikiwiki-hosting.conf | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/ikiwiki-hosting.conf b/ikiwiki-hosting.conf +index 9c8fce2..ec91e83 100644 +--- a/ikiwiki-hosting.conf ++++ b/ikiwiki-hosting.conf +@@ -84,9 +84,15 @@ wildcard_ssl_cert_dir=/etc/ikiwiki-hosting/keys/wildcard + #useradd_basedir=/some/other/home + + # Git daemon looks for vhosts in this directory. ++# If using the systemd unit, this also needs to be set in ++# ikiwiki-hosting-web.service or a drop-in file ++# ikiwiki-hosting-web.service.d/*.conf + gitdaemondir=/var/lib/ikiwiki-hosting-web/git + + # Git daemon runs as this user. ++# If using the systemd unit, this also needs to be set as User and Group in ++# ikiwiki-hosting-web.service or a drop-in file ++# ikiwiki-hosting-web.service.d/*.conf + gitdaemonuser=ikiwiki-anon + + # Long-lived log, records site create and deletion only, for accounting. diff -pruN 0.20180719-3/debian/patches/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch 0.20220715-1/debian/patches/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch --- 0.20180719-3/debian/patches/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/debian/patches/makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch 2022-08-01 09:16:10.000000000 +0000 @@ -0,0 +1,35 @@ +From: Simon McVittie +Date: Sat, 30 Jul 2022 13:43:10 +0100 +Subject: makesite test: Use ikiwiki-hosting.conf from source tree + +/etc/ikiwiki-hosting typically won't exist at build-time, causing the +call to readconfig in the makesite plugin to fail during build-time +tests in environments where ikiwiki-hosting is not installed yet. +Resolve this by using the copy in the source tree. + +Fixes: a49f0e0d "Added hostname_stopwords config" +Signed-off-by: Simon McVittie +Forwarded: https://ikiwiki-hosting.branchable.com/bugs/makesite_test_fails_if_ikiwiki-hosting_is_not_installed/ +--- + t/makesite.t | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/t/makesite.t b/t/makesite.t +index 0a83a3e..6bdd3b9 100755 +--- a/t/makesite.t ++++ b/t/makesite.t +@@ -2,9 +2,14 @@ + use strict; + use warnings; + no warnings 'redefine'; ++use IkiWiki; + use IkiWiki::Plugin::makesite; ++use Cwd qw(getcwd); + use Test::More 'no_plan'; + ++my $installed = $ENV{INSTALLED_TESTS}; ++$config{ikisite_conffile} = getcwd.'/ikiwiki-hosting.conf' unless $installed; ++ + # Synthetic test functions. + sub IkiWiki::Hosting::site_addresses { + return "2.2.2.2", "fe80::4878:f:21a:2"; diff -pruN 0.20180719-3/debian/patches/series 0.20220715-1/debian/patches/series --- 0.20180719-3/debian/patches/series 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/patches/series 2022-08-01 09:16:10.000000000 +0000 @@ -1,3 +1,2 @@ -Avoid-directly-running-init-scripts-instead-use-the-servi.patch -Avoid-running-apache2ctl-graceful-which-may-restart-apach.patch -shut-up-apache2ctl-configtest-output.patch +makesite-Use-ikiwiki-hosting.conf-from-source-tree.patch +ikiwiki-hosting.conf-Indicate-that-systemd-unit-needs-to-.patch diff -pruN 0.20180719-3/debian/patches/shut-up-apache2ctl-configtest-output.patch 0.20220715-1/debian/patches/shut-up-apache2ctl-configtest-output.patch --- 0.20180719-3/debian/patches/shut-up-apache2ctl-configtest-output.patch 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/patches/shut-up-apache2ctl-configtest-output.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,22 +0,0 @@ -From: Joey Hess -Date: Wed, 17 Apr 2019 12:15:06 -0400 -Subject: shut up apache2ctl configtest output - -(cherry picked from commit 75032c8fe4b12163a9b1f8470cc876be36a778d1) ---- - ikisite | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ikisite b/ikisite -index aa47342..306577f 100755 ---- a/ikisite -+++ b/ikisite -@@ -3310,7 +3310,7 @@ sub nsupdate { - # returns false if the config is bad; the caller should then revert - # whatever changes it made - sub apache_reload_graceful { -- if (shell_exitcode("apache2ctl", "configtest") == 0) { -+ if (shell_exitcode("sh", "-c", "apache2ctl configtest >/dev/null 2>/dev/null") == 0) { - # Use service rather than letting apache2ctl graceful - # reload apache, because the latter has been observed - # sometimes stopping apache and starting it again under a diff -pruN 0.20180719-3/debian/rules 0.20220715-1/debian/rules --- 0.20180719-3/debian/rules 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/rules 2022-08-01 09:16:10.000000000 +0000 @@ -8,6 +8,3 @@ include /usr/share/dpkg/default.mk override_dh_auto_build: dh_auto_build -- CFLAGS="$(CFLAGS)" - -override_dh_missing: - dh_missing --fail-missing diff -pruN 0.20180719-3/debian/tests/control 0.20220715-1/debian/tests/control --- 0.20180719-3/debian/tests/control 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/tests/control 2022-08-01 09:16:10.000000000 +0000 @@ -1,13 +1,3 @@ -Test-Command: /usr/share/pkg-perl-autopkgtest/runner build-deps -Depends: @, @builddeps@, pkg-perl-autopkgtest - -Test-Command: /usr/share/pkg-perl-autopkgtest/runner runtime-deps -Depends: @, pkg-perl-autopkgtest - -Test-Command: /usr/share/pkg-perl-autopkgtest/runner runtime-deps-and-recommends -Depends: @, pkg-perl-autopkgtest -Restrictions: needs-recommends - Tests: create-delete -Depends: ikiwiki-hosting-web +Depends: ikiwiki-hosting-web, libfile-slurp-perl, libnss-wrapper Restrictions: allow-stderr, isolation-container, needs-root diff -pruN 0.20180719-3/debian/tests/create-delete 0.20220715-1/debian/tests/create-delete --- 0.20180719-3/debian/tests/create-delete 2022-07-10 17:10:46.000000000 +0000 +++ 0.20220715-1/debian/tests/create-delete 2022-08-01 09:16:10.000000000 +0000 @@ -4,10 +4,12 @@ use warnings; use strict; use Cwd qw(getcwd); -#use File::Slurp; +use File::Slurp; use File::stat; use Test::More; +chdir($ENV{AUTOPKGTEST_TMP}) or die "chdir: $!\n"; + # This assumes that ikiwiki-hosting.conf still has prefix_e=example.com. ok(! system(qw(ikisite create foo.example.com --admin=root@localhost))); ok(-d '/home/e-foo'); @@ -19,6 +21,34 @@ chomp $uid; my $stat = stat('/home/e-foo'); is($stat->uid, $uid); +ok(! system('getent passwd "$(id -nu)" > passwd')); +ok(! system('getent group "$(id -ng)" > group')); +write_file('hosts', <&2')); + ok(-f 'source/.gitignore') +}; + ok(! system(qw(ikisite delete foo.example.com))); ok(! -e '/home/e-foo'); diff -pruN 0.20180719-3/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails/comment_1_b84b1d68127a81e9fb1837b2bd9aea03._comment 0.20220715-1/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails/comment_1_b84b1d68127a81e9fb1837b2bd9aea03._comment --- 0.20180719-3/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails/comment_1_b84b1d68127a81e9fb1837b2bd9aea03._comment 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails/comment_1_b84b1d68127a81e9fb1837b2bd9aea03._comment 2022-07-16 00:50:18.000000000 +0000 @@ -0,0 +1,16 @@ +[[!comment format=mdwn + username="joey" + subject="""comment 1""" + date="2019-10-02T15:50:38Z" + content=""" +The patch seems to not detect the undefined value, so it will still crash. + +Compare: + + perl -e 'use warnings; use strict; foreach my $foo (@{ undef() }) { print $foo }' + Can't use an undefined value as an ARRAY reference at -e line 1. + + perl -e 'use warnings; use strict; my $l=@{ undef() } ; foreach my $foo (@{$l}) { print $foo }' + Can't use an undefined value as an ARRAY reference at -e line 1. + +"""]] diff -pruN 0.20180719-3/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails.mdwn 0.20220715-1/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails.mdwn --- 0.20180719-3/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails.mdwn 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/doc/bugs/controlpanel_crashes_when_ikisite-wrapper_fails.mdwn 2022-07-16 00:50:18.000000000 +0000 @@ -39,3 +39,5 @@ index c55a97d..37981f1 100644 ... no? --[[anarcat]] + +> ping! there's a [[!taglink patch]] here. :) -- [[anarcat]] diff -pruN 0.20180719-3/doc/news/version_0.20160123.mdwn 0.20220715-1/doc/news/version_0.20160123.mdwn --- 0.20180719-3/doc/news/version_0.20160123.mdwn 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/doc/news/version_0.20160123.mdwn 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -ikiwiki-hosting 0.20160123 released with [[!toggle text="these changes"]] -[[!toggleable text=""" - * Fix the escaping of `{` in HostingAutomator by also escaping the `}`, - fixing a regression that broke `ikisite create`"""]] diff -pruN 0.20180719-3/doc/news/version_0.20180719.mdwn 0.20220715-1/doc/news/version_0.20180719.mdwn --- 0.20180719-3/doc/news/version_0.20180719.mdwn 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/doc/news/version_0.20180719.mdwn 2022-07-16 00:50:18.000000000 +0000 @@ -0,0 +1,14 @@ +ikiwiki-hosting 0.20180719 released with [[!toggle text="these changes"]] +[[!toggleable text=""" + * [ Joey Hess ] + * ikisite: Deleting per-domain letsencrypt cert when a wildcard cert + exists was too dangerous and buggy, including sometimes deleting the + letsencrypt wildcard cert. Removed that behavior; any per-domain cert + will be used in preference to the wildcard cert. + * Further fix to IkiWiki::Hosting for syslog name change. + (Fixes ikidns) + * ikidns: Fix typo in letsencrypt command. + * [ Simon McVittie ] + * debian: Pass dpkg-buildflags CFLAGS to make + * debian: Override dh\_missing to detect any files that are installed by + dh\_auto\_install but not packaged"""]] \ No newline at end of file diff -pruN 0.20180719-3/doc/todo/avoid_third_checkout_of_source_for_setup_branch.mdwn 0.20220715-1/doc/todo/avoid_third_checkout_of_source_for_setup_branch.mdwn --- 0.20180719-3/doc/todo/avoid_third_checkout_of_source_for_setup_branch.mdwn 1970-01-01 00:00:00.000000000 +0000 +++ 0.20220715-1/doc/todo/avoid_third_checkout_of_source_for_setup_branch.mdwn 2022-07-16 00:50:18.000000000 +0000 @@ -0,0 +1,6 @@ +The setup branch is checked out into a site user's home directory, and this +means that ~/.git is another copy of the source, on top of the two in +source/.git and source.git. This can use a lot of space, although often +nothing pulls updates to mater into that repo if lucky. + +git has ways now to avoid this problem, eg multiple worktrees. --[[Joey]] diff -pruN 0.20180719-3/ikidns 0.20220715-1/ikidns --- 0.20180719-3/ikidns 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/ikidns 2022-07-16 00:50:18.000000000 +0000 @@ -115,7 +115,7 @@ sub setupbind { close NAMED_CONF_OUT || error "close named.conf.tmp: $!"; shell("mv", "-f", "/etc/bind/named.conf.local.tmp", "/etc/bind/named.conf.local"); - shell("/etc/init.d/bind9", "restart"); + shell("service", "bind9", "restart"); } sub meta_letsencrypt { diff -pruN 0.20180719-3/ikisite 0.20220715-1/ikisite --- 0.20180719-3/ikisite 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/ikisite 2022-07-16 00:50:18.000000000 +0000 @@ -1018,6 +1018,7 @@ sub ssl_file { sub ssl_cert_file { ssl_file("crt", @_) } sub ssl_key_file { ssl_file("key", @_) } sub ssl_chain_file { ssl_file("chain", @_) } +sub ssl_fullchain_file { ssl_file("fullchain", @_) } sub is_letsencrypt_link { my $file=shift; @@ -1545,12 +1546,7 @@ sub enable { # git-daemon-export-ok. symlink(repository($hostname), $dest); } - # Allow git-daemon to read and write to the repo via ACL. - readconfig(); - eval { shell("setfacl", "-R", "-m", "d:g:$config{gitdaemonuser}:rwX,d:g:$user:rwX,g:$config{gitdaemonuser}:rwX,g:$user:rwX", "$home/source.git") }; - if ($@) { - print STDERR "warning: setfacl failed, anonpush will not work (perhaps the filesystem is not mounted with option 'acl'?)\n"; - } + # Create file if site currently allows branching. # The branchable plugin will also create/remove it # as needed when the setting is changed. @@ -1566,6 +1562,16 @@ sub enable { unlink($flagfile); chmod(02750, "$home/source.git") || error "chmod $home/source.git: $!"; } + + # Allow git-daemon to read and write to the repo via ACL. + # This has to come after any chmod of the source.git + # directory, as such chmods will mess up the ACL this sets + # up. + readconfig(); + eval { shell("setfacl", "-R", "-m", "d:g:$config{gitdaemonuser}:rwX,d:g:$user:rwX,g:$config{gitdaemonuser}:rwX,g:$user:rwX", "$home/source.git") }; + if ($@) { + print STDERR "warning: setfacl failed, anonpush will not work (perhaps the filesystem is not mounted with option 'acl'?)\n"; + } # Setup gitweb. # An environment variable to points gitweb to @@ -1689,8 +1695,7 @@ sub enable { } # reload apache config - eval { shell("apache2ctl", "graceful") }; - if ($@) { + if (! apache_reload_graceful()) { # avoid leaving apache in a broken state foreach my $site (keys %setup) { if (apache_before_2_4()) { @@ -1700,9 +1705,6 @@ sub enable { shell("a2dissite", $site); } } - - shell("apache2ctl", "graceful"); - error "apache2ctl graceful failed"; } enabledns($hostname); @@ -1718,6 +1720,7 @@ sub domain_template_vars { my $ssl_cert_file=ssl_cert_file($hostname, $domain); my $ssl_key_file=ssl_key_file($hostname, $domain); my $ssl_chain_file=ssl_chain_file($hostname, $domain); + my $ssl_fullchain_file=ssl_fullchain_file($hostname, $domain); # Check that any user provided key file is not password protected, # as that makes apache startup hang. (Also checks that it's valid.) if (-e $ssl_key_file) { @@ -1729,6 +1732,7 @@ sub domain_template_vars { $ssl_key_file=''; $ssl_cert_file=''; $ssl_chain_file=''; + $ssl_fullchain_file=''; } } @@ -1739,9 +1743,12 @@ sub domain_template_vars { $ssl_cert_file="$wilddir/cert.pem"; $ssl_key_file="$wilddir/privkey.pem"; if (-e "$wilddir/fullchain.pem") { - $ssl_chain_file="$wilddir/fullchain.pem"; + $ssl_fullchain_file="$wilddir/fullchain.pem"; + } + else { + $ssl_fullchain_file=''; } - elsif (-e "$wilddir/chain.pem") { + if (-e "$wilddir/chain.pem") { $ssl_chain_file="$wilddir/chain.pem"; } else { @@ -1762,6 +1769,12 @@ sub domain_template_vars { ssl_chain => 1, ); } + if (-e $ssl_fullchain_file) { + push @ssl_template_vars, ( + ssl_fullchain_file => $ssl_fullchain_file, + ssl_fullchain => 1, + ); + } # This is the url that alias urls redirect to. my $redirurl=$mainurl->clone; @@ -1850,7 +1863,7 @@ sub disable { $reload=1; } } - shell("apache2ctl", "graceful") if $reload && ! $options{temporary}; + apache_reload_graceful() if $reload && ! $options{temporary}; return 1; } @@ -1923,7 +1936,12 @@ sub letsencrypt { my $chain=ssl_chain_file($hostname, $host, 1); if (! is_letsencrypt_link($chain)) { $madechange=1; - shell("ln", "-sf", "$livedir/fullchain.pem", $chain); + shell("ln", "-sf", "$livedir/chain.pem", $chain); + } + my $fullchain=ssl_fullchain_file($hostname, $host, 1); + if (! is_letsencrypt_link($fullchain)) { + $madechange=1; + shell("ln", "-sf", "$livedir/fullchain.pem", $fullchain); } } else { @@ -1969,7 +1987,7 @@ sub letsnotencrypt { sub remove_letsencrypt_cert { my $hostname=shift; foreach my $url (urllist(username($hostname))) { - foreach my $f (ssl_cert_file($hostname, $url->host), ssl_key_file($hostname, $url->host), ssl_chain_file($hostname, $url->host)) { + foreach my $f (ssl_cert_file($hostname, $url->host), ssl_key_file($hostname, $url->host), ssl_chain_file($hostname, $url->host), ssl_fullchain_file($hostname, $url->host)) { if (is_letsencrypt_link($f)) { unlink($f); } @@ -2008,7 +2026,7 @@ sub maintaincerts { # own. if ($inuse && ! -e "/etc/cron.d/certbot") { eval { shell("certbot", "renew", "--non-interactive", "--quiet") }; - eval { shell("apache2ctl", "graceful") }; + apache_reload_graceful(); } return 1; @@ -3308,6 +3326,31 @@ sub nsupdate { chdir "/"; } +# checks apache config, only reloading apache if the config is legal to +# prevent a bad config leaving it not running +# +# returns false if the config is bad; the caller should then revert +# whatever changes it made +sub apache_reload_graceful { + if (shell_exitcode("sh", "-c", "apache2ctl configtest >/dev/null 2>/dev/null") == 0) { + # Use service rather than letting apache2ctl graceful + # reload apache, because the latter has been observed + # sometimes stopping apache and starting it again under a + # different cgroup than the one systemd keeps apache in. + eval { shell("service", "apache2", "reload") }; + if ($@) { + return 0; + } + else { + return 1; + } + } + else { + return 0; + } +} + + sub loadsetup_safe { my $setupfile=shift; diff -pruN 0.20180719-3/IkiWiki/Plugin/branchable.pm 0.20220715-1/IkiWiki/Plugin/branchable.pm --- 0.20180719-3/IkiWiki/Plugin/branchable.pm 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/IkiWiki/Plugin/branchable.pm 2022-07-16 00:50:18.000000000 +0000 @@ -70,7 +70,7 @@ sub checkconfig { if ($config{anonpush}) { my $repo=find_git_repository(); if (defined $repo) { - $config{git_test_receive_wrapper}="$repo/hooks/pre-receive"; + $config{git_test_receive_wrapper}="$repo/hooks/pre-receive.wrapper"; } else { $config{anonpush}=0; @@ -174,6 +174,27 @@ sub setbranchable { } if (defined $repo && $config{anonpush}) { + # Ikiwiki will be running as the site's username, + my $username=(getpwuid($<))[0]; + # Write the pre-receive hook, which in turn runs the + # wrapper, which runs ikiwiki. + # This extra shell script is not suid, so when git-daemon + # is receiving a push and runs it, it's run as the same + # user git-daemon uses. This allows it to fix the ACL + # temp directory so that the ikisite user can access it. + my $hook = "$repo/hooks/pre-receive"; + if (-e "$hook.wrapper") { + open (my $fh, ">", $hook) || die $!; + print $fh "#!/bin/sh\n"; + print $fh "set -e\n"; + print $fh "if [ -n \"\$GIT_QUARANTINE_PATH\" ] && [ -d \"\$GIT_QUARANTINE_PATH\" ]; then\n"; + print $fh "\tsetfacl -m 'u:$username:rx' \"\$GIT_QUARANTINE_PATH\"\n"; + print $fh "fi\n"; + print $fh "exec $hook.wrapper\n"; + close $fh; + chmod(0755, $hook) || error "chmod $hook: $!"; + } + # Allow git daemon to push. system("cd $repo && git config daemon.receivepack true"); } @@ -182,6 +203,7 @@ sub setbranchable { # Delete unnecesary hook for speed. if (defined $repo) { unlink("$repo/hooks/pre-receive"); + unlink("$repo/hooks/pre-receive.wrapper"); } } } diff -pruN 0.20180719-3/IkiWiki/Plugin/gitpush.pm 0.20220715-1/IkiWiki/Plugin/gitpush.pm --- 0.20180719-3/IkiWiki/Plugin/gitpush.pm 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/IkiWiki/Plugin/gitpush.pm 2022-07-16 00:50:18.000000000 +0000 @@ -57,7 +57,7 @@ sub savestate { eval q{use POSIX; POSIX::nice(10)}; # Ensure we have a ssh key generated to use. - IkiWiki::Plugin::ikiwikihosting::get_ssh_public_key(); + IkiWiki::Plugin::ikiwikihosting::get_ssh_public_keys(); # Avoid ssh host key checking prompts. $ENV{GIT_SSH}="iki-ssh-unsafe"; diff -pruN 0.20180719-3/IkiWiki/Plugin/ikiwikihosting.pm 0.20220715-1/IkiWiki/Plugin/ikiwikihosting.pm --- 0.20180719-3/IkiWiki/Plugin/ikiwikihosting.pm 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/IkiWiki/Plugin/ikiwikihosting.pm 2022-07-16 00:50:18.000000000 +0000 @@ -102,7 +102,9 @@ sub sessioncgi ($$) { } elsif ($cgi->param("do") eq "sshkey") { print "Content-Type: text/plain\n\n"; - print readfile(get_ssh_public_key())."\n"; + foreach my $f (get_ssh_public_keys()) { + print readfile($f)."\n"; + } exit 0; } } @@ -471,23 +473,20 @@ sub handlechangedsetup { exit; } -# Returns path of ssh public key. -# If no key exists, one is created. (Can be a little slow.) -sub get_ssh_public_key { - my @keys; - my $findkeys=sub { @keys=glob("$ENV{HOME}/.ssh/id_*.pub") }; - $findkeys->(); - if (! @keys) { - my $ret=system("ssh-keygen", "-q", "-t", "rsa", - "-f", "$ENV{HOME}/.ssh/id_rsa", +# Returns paths of ssh public keys. +# If no ed25519 key exists, one is created. (Can be a little slow.) +sub get_ssh_public_keys { + if (! -e "$ENV{HOME}/.ssh/id_ed25519.pub") { + system("ssh-keygen", "-q", "-t", "ed25519", + "-f", "$ENV{HOME}/.ssh/id_ed25519", "-N", "", "-C", $config{wikiname}); - $findkeys->(); - if ($ret !=0 || ! @keys) { - error "ssh-keygen failed"; - } } - return shift(@keys); + my @keys=glob("$ENV{HOME}/.ssh/id_*.pub"); + if (! @keys) { + error "ssh-keygen failed"; + } + return @keys; } sub analog_report ($$) { diff -pruN 0.20180719-3/IkiWiki/Plugin/makesite.pm 0.20220715-1/IkiWiki/Plugin/makesite.pm --- 0.20180719-3/IkiWiki/Plugin/makesite.pm 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/IkiWiki/Plugin/makesite.pm 2022-07-16 00:50:18.000000000 +0000 @@ -408,6 +408,15 @@ sub gen_hostnames { error "illegal defaultdomain"; } + IkiWiki::Hosting::readconfig(); + if (defined $config{"hostname_stopwords"}) { + foreach my $stopword (split ' ', $config{"hostname_stopwords"}) { + if ($hostname =~/\Q$stopword\E/) { + error "illegal hostname"; + } + } + } + if (! defined $internal_hostname) { # Base internal hostname on what the user entered, but with # anything problimatic munged. If they entered a FQDN like diff -pruN 0.20180719-3/ikiwiki-hosting.conf 0.20220715-1/ikiwiki-hosting.conf --- 0.20180719-3/ikiwiki-hosting.conf 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/ikiwiki-hosting.conf 2022-07-16 00:50:18.000000000 +0000 @@ -113,3 +113,7 @@ accountinglog=/var/log/ikiwiki-hosting/a #welcome_redir="ikiwiki.cgi?page=index&do=edit&welcome=welcome" # Where to send a user on a newly created blog. #welcome_redir_blog="ikiwiki.cgi?page=posts/first_post&do=edit&welcome=welcomeblog" + +# To prevent making sites that contain particular words in their names, +# list the words here, separated by spaces. Use lower case. +#hostname_stopwords="" diff -pruN 0.20180719-3/ikiwiki-hosting-web-daily 0.20220715-1/ikiwiki-hosting-web-daily --- 0.20180719-3/ikiwiki-hosting-web-daily 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/ikiwiki-hosting-web-daily 2022-07-16 00:50:18.000000000 +0000 @@ -20,7 +20,7 @@ for site in $(ikisite list); do done # Reload apache so it will start logging to the new site log files. -/etc/init.d/apache2 reload +service apache2 reload # Request and renew any Lets Encrypt certs as needed. ikisite maintaincerts diff -pruN 0.20180719-3/templates/apache-sitealias.tmpl 0.20220715-1/templates/apache-sitealias.tmpl --- 0.20180719-3/templates/apache-sitealias.tmpl 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/templates/apache-sitealias.tmpl 2022-07-16 00:50:18.000000000 +0000 @@ -27,11 +27,15 @@ ServerName :443 SSLEngine on + + SSLCertificateFile + SSLCertificateFile - SSLCertificateKeyFile - + SSLCertificateChainFile + + SSLCertificateKeyFile SuexecUserGroup diff -pruN 0.20180719-3/templates/apache-site.tmpl 0.20220715-1/templates/apache-site.tmpl --- 0.20180719-3/templates/apache-site.tmpl 2018-07-19 14:04:22.000000000 +0000 +++ 0.20220715-1/templates/apache-site.tmpl 2022-07-16 00:50:18.000000000 +0000 @@ -63,11 +63,15 @@ ServerName :443 SSLEngine on + + SSLCertificateFile + SSLCertificateFile - SSLCertificateKeyFile - + SSLCertificateChainFile + + SSLCertificateKeyFile