diff options
| -rw-r--r-- | debian/changelog | 2 | ||||
| -rw-r--r-- | debian/control | 11 | ||||
| -rw-r--r-- | debian/netdata-data.links | 14 | ||||
| -rw-r--r-- | debian/netdata.install | 1 | ||||
| -rw-r--r-- | debian/netdata.postrm | 2 | ||||
| -rw-r--r-- | debian/netdata.service | 15 | ||||
| -rw-r--r-- | debian/patches/0001-linked-js-css-fonts-removed-from-make.patch | 72 | ||||
| -rw-r--r-- | debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch | 72 | ||||
| -rw-r--r-- | debian/patches/series | 2 | ||||
| -rwxr-xr-x | debian/rules | 14 | ||||
| -rw-r--r-- | debian/watch | 2 |
11 files changed, 172 insertions, 35 deletions
diff --git a/debian/changelog b/debian/changelog index dcd590864..87d6723a8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -netdata (1.2.0-1) UNRELEASED; urgency=low +netdata (1.2.0+dfsg-1) UNRELEASED; urgency=low [ Federico Ceratto ] * Initial release (Closes: #819661) diff --git a/debian/control b/debian/control index f25e03e2a..c8908178e 100644 --- a/debian/control +++ b/debian/control @@ -9,6 +9,7 @@ Build-Depends: debhelper (>= 9), dh-systemd (>= 1.5), dpkg-dev (>= 1.13.19), pkg-config, + uuid-dev, zlib1g-dev Standards-Version: 3.9.8 Homepage: https://github.com/firehol/netdata @@ -19,12 +20,12 @@ Package: netdata Architecture: any Multi-Arch: no Depends: adduser, - fonts-font-awesome, + fonts-font-awesome (>= 4.6), libcap2-bin (>= 1:2.0), - libjs-bootstrap, - libjs-d3, - libjs-jquery, - libjs-raphael, + libjs-bootstrap (>= 3.3.6), + libjs-d3 (>= 3.5.17), + libjs-jquery (>= 1.12), + libjs-raphael (>= 2.1.0), lsb-base (>= 3.1-23.2), netdata-data, ${misc:Depends}, diff --git a/debian/netdata-data.links b/debian/netdata-data.links index cbba848ce..fa6aeab1e 100644 --- a/debian/netdata-data.links +++ b/debian/netdata-data.links @@ -1,8 +1,12 @@ #libjs-bootstrap /usr/share/javascript/bootstrap/js/bootstrap.min.js usr/share/netdata/web/lib/bootstrap.min.js +/usr/share/javascript/bootstrap/fonts/glyphicons-halflings-regular.eot usr/share/netdata/web/fonts/glyphicons-halflings-regular.eot +/usr/share/javascript/bootstrap/fonts/glyphicons-halflings-regular.svg usr/share/netdata/web/fonts/glyphicons-halflings-regular.svg /usr/share/javascript/bootstrap/fonts/glyphicons-halflings-regular.ttf usr/share/netdata/web/fonts/glyphicons-halflings-regular.ttf -/usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/share/netdata/css/bootstrap-theme.min.css -/usr/share/javascript/bootstrap/css/bootstrap.min.css usr/share/netdata/css/bootstrap.min.css +/usr/share/javascript/bootstrap/fonts/glyphicons-halflings-regular.woff usr/share/netdata/web/fonts/glyphicons-halflings-regular.woff +/usr/share/javascript/bootstrap/fonts/glyphicons-halflings-regular.woff2 usr/share/netdata/web/fonts/glyphicons-halflings-regular.woff2 +/usr/share/javascript/bootstrap/css/bootstrap-theme.min.css usr/share/netdata/web/css/bootstrap-theme.min.css +/usr/share/javascript/bootstrap/css/bootstrap.min.css usr/share/netdata/web/css/bootstrap.min.css #libjs-jquery /usr/share/javascript/jquery/jquery.min.js usr/share/netdata/web/lib/jquery-1.12.0.min.js #libjs-d3 @@ -11,5 +15,9 @@ /usr/share/javascript/raphael/raphael.min.js usr/share/netdata/web/lib/raphael-min.js #fonts-font-awesome /usr/share/fonts-font-awesome/fonts/FontAwesome.otf usr/share/netdata/web/fonts/FontAwesome.otf +/usr/share/fonts-font-awesome/fonts/fontawesome-webfont.eot usr/share/netdata/web/fonts/fontawesome-webfont.eot +/usr/share/fonts-font-awesome/fonts/fontawesome-webfont.svg usr/share/netdata/web/fonts/fontawesome-webfont.svg /usr/share/fonts-font-awesome/fonts/fontawesome-webfont.ttf usr/share/netdata/web/fonts/fontawesome-webfont.ttf -/usr/share/fonts-font-awesome/css/font-awesome.min.css usr/share/netdata/css/font-awesome.min.css +/usr/share/fonts-font-awesome/fonts/fontawesome-webfont.woff usr/share/netdata/web/fonts/fontawesome-webfont.woff +/usr/share/fonts-font-awesome/fonts/fontawesome-webfont.woff2 usr/share/netdata/web/fonts/fontawesome-webfont.woff2 +/usr/share/fonts-font-awesome/css/font-awesome.min.css usr/share/netdata/web/css/font-awesome.min.css diff --git a/debian/netdata.install b/debian/netdata.install index 97091ff78..2999224dc 100644 --- a/debian/netdata.install +++ b/debian/netdata.install @@ -6,3 +6,4 @@ usr/lib/*/netdata/plugins.d/charts.d.dryrun-helper.sh usr/lib/*/netdata/plugins.d/charts.d.plugin usr/lib/*/netdata/plugins.d/loopsleepms.sh.inc usr/lib/*/netdata/plugins.d/tc-qos-helper.sh +usr/lib/*/netdata/plugins.d/cgroup-name.sh diff --git a/debian/netdata.postrm b/debian/netdata.postrm index 1e4677f86..d45bb0ad7 100644 --- a/debian/netdata.postrm +++ b/debian/netdata.postrm @@ -7,7 +7,7 @@ case "$1" in ;; purge) - for dir_name in /var/cache/netdata /var/lib/netdata /var/lib/netdata/www; do + for dir_name in /var/cache/netdata /var/lib/netdata /usr/share/netdata/web; do if dpkg-statoverride --list | grep -qw "$dir_name"; then dpkg-statoverride --remove "$dir_name" fi diff --git a/debian/netdata.service b/debian/netdata.service index 59ca57546..c4f30e0bb 100644 --- a/debian/netdata.service +++ b/debian/netdata.service @@ -10,27 +10,22 @@ Wants=network-online.target ConditionPathExists=/etc/netdata/netdata.conf [Service] -Type=forking -#PIDFile=/run/netdata.pid -PIDFile=/var/run/netdata/netdata.pid +Type=simple Environment="netdata_LOG_LOCATION=/var/log/netdata/log" -ExecStart=/usr/sbin/netdata +ExecStart=/usr/sbin/netdata -nd ExecReload=/usr/sbin/netdata reload -#ExecStop=/bin/kill -SIGTERM $MAINPID -ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry=TERM/5/KILL/5 --pidfile /run/netdata.pid -TimeoutStopSec=30 +TimeoutStopSec=10 KillMode=mixed +KillSignal=SIGTERM -EnvironmentFile=-/etc/default/%p User=netdata +Group=netdata PermissionsStartOnly=true Restart=on-abnormal RestartSec=2s LimitNOFILE=65536 WorkingDirectory=/tmp -User=root -Group=root # Hardening # AppArmorProfile=system_netdata diff --git a/debian/patches/0001-linked-js-css-fonts-removed-from-make.patch b/debian/patches/0001-linked-js-css-fonts-removed-from-make.patch new file mode 100644 index 000000000..d3e860180 --- /dev/null +++ b/debian/patches/0001-linked-js-css-fonts-removed-from-make.patch @@ -0,0 +1,72 @@ +From: Lennart Weller <lhw@ring0.de> +Date: Wed, 25 May 2016 13:15:40 +0200 +Subject: linked js/css/fonts removed from make + +--- + web/Makefile.am | 27 --------------------------- + 1 file changed, 27 deletions(-) + +diff --git a/web/Makefile.am b/web/Makefile.am +index 174ef22..6a33a1e 100644 +--- a/web/Makefile.am ++++ b/web/Makefile.am +@@ -20,59 +20,32 @@ dist_web_DATA = \ + version.txt \ + $(NULL) + +-webolddir=$(webdir)/old +-dist_webold_DATA = \ +- old/datasource.html \ +- old/index.html \ +- old/index.js \ +- old/netdata.js \ +- old/theme.css \ +- $(NULL) +- + weblibdir=$(webdir)/lib + dist_weblib_DATA = \ + lib/dygraph-combined.js \ + lib/dygraph-smooth-plotter.js \ +- lib/jquery-1.12.0.min.js \ + lib/jquery.peity.min.js \ + lib/jquery.sparkline.min.js \ + lib/morris.min.js \ +- lib/raphael-min.js \ + lib/jquery.easypiechart.min.js \ + lib/jquery.nanoscroller.min.js \ +- lib/bootstrap.min.js \ + lib/ElementQueries.js \ + lib/ResizeSensor.js \ + lib/bootstrap-toggle.min.js \ + lib/c3.min.js \ +- lib/d3.min.js \ + lib/gauge.min.js \ + $(NULL) + + webcssdir=$(webdir)/css + dist_webcss_DATA = \ + css/morris.css \ +- css/bootstrap.min.css \ +- css/bootstrap-theme.min.css \ + css/bootstrap.slate.min.css \ +- css/font-awesome.min.css \ + css/bootstrap-toggle.min.css \ + css/c3.min.css \ + $(NULL) + + webfontsdir=$(webdir)/fonts + dist_webfonts_DATA = \ +- fonts/glyphicons-halflings-regular.eot \ +- fonts/glyphicons-halflings-regular.svg \ +- fonts/glyphicons-halflings-regular.ttf \ +- fonts/glyphicons-halflings-regular.woff \ +- fonts/glyphicons-halflings-regular.woff2 \ +- fonts/FontAwesome.otf \ +- fonts/fontawesome-webfont.eot \ +- fonts/fontawesome-webfont.svg \ +- fonts/fontawesome-webfont.ttf \ +- fonts/fontawesome-webfont.woff \ +- fonts/fontawesome-webfont.woff2 \ + $(NULL) + + webimagesdir=$(webdir)/images diff --git a/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch new file mode 100644 index 000000000..1bcb6978e --- /dev/null +++ b/debian/patches/0002-remove-file-serve-ownership-restrictions-for-root.patch @@ -0,0 +1,72 @@ +From: Lennart Weller <lhw@ring0.de> +Date: Wed, 25 May 2016 13:43:32 +0200 +Subject: remove file serve ownership restrictions for root + +--- + src/web_client.c | 22 +++++++++++----------- + 1 file changed, 11 insertions(+), 11 deletions(-) + +diff --git a/src/web_client.c b/src/web_client.c +index 601dda0..3582c33 100644 +--- a/src/web_client.c ++++ b/src/web_client.c +@@ -331,33 +331,33 @@ int mysendfile(struct web_client *w, char *filename) + snprintfz(webfilename, FILENAME_MAX, "%s/%s", web_dir, filename); + + // check if the file exists +- struct stat stat; +- if(lstat(webfilename, &stat) != 0) { ++ struct stat wstat; ++ if(stat(webfilename, &wstat) != 0) { + debug(D_WEB_CLIENT_ACCESS, "%llu: File '%s' is not found.", w->id, webfilename); + buffer_sprintf(w->response.data, "File '%s' does not exist, or is not accessible.", webfilename); + return 404; + } + + // check if the file is owned by expected user +- if(stat.st_uid != web_files_uid()) { +- error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, stat.st_uid, web_files_uid()); ++ if(wstat.st_uid != web_files_uid() && wstat.st_uid != 0) { ++ error("%llu: File '%s' is owned by user %d (expected user %d). Access Denied.", w->id, webfilename, wstat.st_uid, web_files_uid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; + } + + // check if the file is owned by expected group +- if(stat.st_gid != web_files_gid()) { +- error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, stat.st_gid, web_files_gid()); ++ if(wstat.st_gid != web_files_gid() && wstat.st_gid != 0) { ++ error("%llu: File '%s' is owned by group %d (expected group %d). Access Denied.", w->id, webfilename, wstat.st_gid, web_files_gid()); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; + } + +- if((stat.st_mode & S_IFMT) == S_IFDIR) { ++ if((wstat.st_mode & S_IFMT) == S_IFDIR) { + snprintfz(webfilename, FILENAME_MAX, "%s/index.html", filename); + return mysendfile(w, webfilename); + } + +- if((stat.st_mode & S_IFMT) != S_IFREG) { ++ if(!((wstat.st_mode & S_IFMT) & (S_IFREG | S_IFLNK))) { + error("%llu: File '%s' is not a regular file. Access Denied.", w->id, webfilename); + buffer_sprintf(w->response.data, "Access to file '%s' is not permitted.", webfilename); + return 403; +@@ -403,14 +403,14 @@ int mysendfile(struct web_client *w, char *filename) + else if(strstr(filename, ".icns") != NULL) w->response.data->contenttype = CT_IMAGE_ICNS; + else w->response.data->contenttype = CT_APPLICATION_OCTET_STREAM; + +- debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, stat.st_size, w->ifd, w->ofd); ++ debug(D_WEB_CLIENT_ACCESS, "%llu: Sending file '%s' (%ld bytes, ifd %d, ofd %d).", w->id, webfilename, wstat.st_size, w->ifd, w->ofd); + + w->mode = WEB_CLIENT_MODE_FILECOPY; + w->wait_receive = 1; + w->wait_send = 0; + buffer_flush(w->response.data); +- w->response.rlen = stat.st_size; +- w->response.data->date = stat.st_mtim.tv_sec; ++ w->response.rlen = wstat.st_size; ++ w->response.data->date = wstat.st_mtim.tv_sec; + + return 200; + } diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..3d3711728 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,2 @@ +0001-linked-js-css-fonts-removed-from-make.patch +0002-remove-file-serve-ownership-restrictions-for-root.patch diff --git a/debian/rules b/debian/rules index 040eb35dc..576b77c17 100755 --- a/debian/rules +++ b/debian/rules @@ -14,17 +14,6 @@ export DEB_LDFLAGS_MAINT_APPEND = -Wl,--as-needed MULTIARCH_INSTALL = debian/netdata.postinst -EXISTING_LINKS = $(WEB)lib/bootstrap.min.js \ - $(WEB)fonts/glyphicons-halflings-regular.ttf \ - $(WEB)css/bootstrap-theme.min.css \ - $(WEB)css/bootstrap.min.css \ - $(WEB)lib/jquery-1.12.0.min.js \ - $(WEB)lib/d3.min.js \ - $(WEB)lib/raphael-min.js \ - $(WEB)fonts/FontAwesome.otf \ - $(WEB)fonts/fontawesome-webfont.ttf \ - $(WEB)css/font-awesome.min.css - %: # For jessie and beyond # @@ -48,9 +37,6 @@ override_dh_install: $(MULTIARCH_INSTALL) # Remove unneeded .keep files # find "$(TOP)" -name .keep -exec rm '{}' ';' - rm -rf $(TOP)-data/usr/share/netdata/web/old - - rm -f $(EXISTING_LINKS) # Update postinst to set correct group for www files on installation. # Should probably be dpkg-statoverride really, but that gets *really* diff --git a/debian/watch b/debian/watch index 665850db0..7a03e785b 100644 --- a/debian/watch +++ b/debian/watch @@ -1,3 +1,3 @@ version=3 -opts=pgpsigurlmangle=s/$/.asc/ \ +opts=pgpsigurlmangle=s/$/.asc/,dversionmangle=s/\+(debian|dfsg|ds|deb)(\.\d+)?$// \ https://firehol.org/download/netdata/releases/v(\d\S*)/ netdata-(\d\S*)\.(?:zip|tgz|tbz|txz|(?:tar\.(?:gz|bz2|xz))) |