[gentoo-commits] repo/gentoo:master commit in: www-apps/tt-rss/, www-apps/tt-rss/files/

["James Le Cuirot" <chewi@gentoo.org>]

commit:     9605ea072743f9a1a27eaf8437de2a41a263bdaf
Author:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
AuthorDate: Thu Jan 18 13:39:08 2018 +0000
Commit:     James Le Cuirot <chewi <AT> gentoo <DOT> org>
CommitDate: Thu Jan 18 13:43:48 2018 +0000
URL:        https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9605ea07

www-apps/tt-rss: Bump to 20180105, security fix, other fixes

* Addresses unsafe use of recursive chown/chmod in the init script
  whilst also dealing with poor permissions handling that may have led
  to issues in the past.
* Fixes "postgresql" misspelling in the init script.
* Fixes logrotate issue using delaycompress directive.
* Allows options to be passed to the daemon.

Bug: https://bugs.gentoo.org/603518
Closes: https://bugs.gentoo.org/609044
Closes: https://bugs.gentoo.org/620878
Closes: https://bugs.gentoo.org/627048
Closes: https://bugs.gentoo.org/639918
Package-Manager: Portage-2.3.19, Repoman-2.3.6

 www-apps/tt-rss/Manifest                           |  1 +
 www-apps/tt-rss/files/permissions                  | 25 ++++++
 .../tt-rss/files/postinstall-en-with-daemon-r1.txt | 14 ++++
 .../tt-rss/files/postinstall-en-with-daemon.txt    |  2 +-
 www-apps/tt-rss/files/postinstall-en.txt           |  7 +-
 www-apps/tt-rss/files/ttrssd.confd-r2              | 47 ++++++++++++
 www-apps/tt-rss/files/ttrssd.initd-r3              | 88 ++++++++++++++++++++++
 www-apps/tt-rss/files/ttrssd.logrotated            |  1 +
 .../{ttrssd.logrotated => ttrssd.logrotated-r1}    |  3 +-
 www-apps/tt-rss/tt-rss-20180105.ebuild             | 84 +++++++++++++++++++++
 10 files changed, 264 insertions(+), 8 deletions(-)

diff --git a/www-apps/tt-rss/Manifest b/www-apps/tt-rss/Manifest
index c04edba0436..2c45842b727 100644
--- a/www-apps/tt-rss/Manifest
+++ b/www-apps/tt-rss/Manifest
@@ -1,2 +1,3 @@
 DIST tt-rss-20160527.tar.bz2 2064633 BLAKE2B 406c2ff551e2ba616a8f4696d7deaf8a3f85e4f86f0b09f57507af7f4657930f11fc0aa9df467af5ad2c56657d95e12b75bae721da4d86480b06bbbc0ab72744 SHA512 8d482303868a08f4d65ef252f71f66ec3219d4f67e968a026a0302d29930cd5af45cedea81171db2ff0927497079d3bedd8fd70e4e9904f5d9987a92a6dfcb89
 DIST tt-rss-20160930.tar.bz2 2072888 BLAKE2B e6ca0a72730cdf9a1106d7098e6a6bfc9bf35f545a67e9b569552644b23543b4168000afe2e5fbf5a1fd81371e72e570e270a77d5345bca5f22d79c1a86409b0 SHA512 d420e7efdf7d17e153ef0aa487a330379afe20fe9e9a6209de40b797d36e425cbcbdf2280eaf5ada8b9bef1ae37146253556ff602bbff22a9a7c311ff525d9e2
+DIST tt-rss-20180105.tar.gz 3070929 BLAKE2B 2370104c70f5381d690a29b216269c749bf1f7c6b925eb9499b741e5df3e686d95fce430a144946fd915414481280b67e6d0c881edcdd13aee0fa344dc0bec3f SHA512 86ceec3646629ad7fd3fde2f3c3237e48ad96bd08b46e73c34c76507d9b17613ea309e1bd5e6e85a0d9eb96029e54b54e5ee367c56aab31be3dcec9169c5ada5

diff --git a/www-apps/tt-rss/files/permissions b/www-apps/tt-rss/files/permissions
new file mode 100644
index 00000000000..a26b87f4e71
--- /dev/null
+++ b/www-apps/tt-rss/files/permissions
@@ -0,0 +1,25 @@
+#!/bin/bash -e
+
+cd "${MY_INSTALLDIR}"
+
+if [[ $1 = install ]]; then
+	# We need to lock down cache/ for the operations below to be
+	# safe. The permissions match the webapp-config defaults but these
+	# can be changed and existing installations may also differ.
+	chown root:root cache/
+	chmod 00755 cache/
+
+	chgrp --no-dereference ttrssd feed-icons/ lock/ cache/*/
+	chmod g+ws feed-icons/ lock/ cache/*/
+
+	# Files within lock/ are exclusively written by the update
+	# daemon. Files within feed-icons/ are always unlinked before
+	# modification. Only cache/ holds files that are modified in place
+	# by both processes and therefore ACLs are required to ensure that
+	# the files themselves are created as group writable.
+	if ! setfacl --modify d:g::rwX cache/*/; then
+		echo "WARNING: ACLs are not available on this filesystem. Either enable them or set TTRSSD_USER to your PHP user in /etc/conf.d/ttrssd to avoid permission issues."
+	elif [[ -n $(find cache/ -type f ! -name ".*" ! \( -group ttrssd -perm -020 \) -print -quit) ]]; then
+		echo "WARNING: Files that are not writable by the ttrssd group found within the cache directory. Either delete them or correct their permissions."
+	fi
+fi

diff --git a/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt b/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt
new file mode 100644
index 00000000000..8c72406d76d
--- /dev/null
+++ b/www-apps/tt-rss/files/postinstall-en-with-daemon-r1.txt
@@ -0,0 +1,14 @@
+Please read https://tt-rss.org/wiki/InstallationNotes.
+
+Once you have configured TT-RSS, tweak /etc/conf.d/ttrssd to your
+needs if you have not already done so. If ACLs are unavailable on the
+filesystem you have just installed to then you will need to set
+TTRSSD_USER to your PHP user. When everything is ready, (re)start the
+update daemon like so:
+
+  /etc/init.d/ttrssd restart
+
+This will periodically update your feeds in the background. Add the
+daemon to your default runlevel to start it on every boot:
+
+  rc-update add ttrssd default

diff --git a/www-apps/tt-rss/files/postinstall-en-with-daemon.txt b/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
index 7d269d7165f..25545842a38 100644
--- a/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
+++ b/www-apps/tt-rss/files/postinstall-en-with-daemon.txt
@@ -1,4 +1,4 @@
-Please read http://tt-rss.org/redmine/projects/tt-rss/wiki/InstallationNotes
+Please read https://tt-rss.org/wiki/InstallationNotes.
 
 Once you have configured TT-RSS, put the path to this instance into
 the INSTANCE_DIRS variable in /etc/conf.d/ttrssd. Make sure that

diff --git a/www-apps/tt-rss/files/postinstall-en.txt b/www-apps/tt-rss/files/postinstall-en.txt
index 7b4b279e5be..67a16111f3d 100644
--- a/www-apps/tt-rss/files/postinstall-en.txt
+++ b/www-apps/tt-rss/files/postinstall-en.txt
@@ -1,6 +1 @@
-Please read http://tt-rss.org/redmine/projects/tt-rss/wiki/InstallationNotes
-
-With the update to 1.7.0 the 'magpie' RSS parser has been removed.
-That means TT-RSS will use the 'simplepie' parser. If you have been 
-using 'magpie' so far, the switch might cause lots of duplicate
-articles - it's a one-time thing for each instance.
+Please read https://tt-rss.org/wiki/InstallationNotes.

diff --git a/www-apps/tt-rss/files/ttrssd.confd-r2 b/www-apps/tt-rss/files/ttrssd.confd-r2
new file mode 100644
index 00000000000..b169b548bb9
--- /dev/null
+++ b/www-apps/tt-rss/files/ttrssd.confd-r2
@@ -0,0 +1,47 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+# Space-separated paths of TT-RSS instances that you want to start the
+# update daemon for. If left empty, these will be automatically
+# detected using data from /var/db/webapps/tt-rss. Instances without
+# the update_daemon2.php script present will be skipped.
+#
+# Default:
+#  INSTANCE_DIRS=""
+# Example:
+#  INSTANCE_DIRS="/some/webhost/htdocs/tt-rss /some/otherwebhost/htdocs/newsreader"
+#
+INSTANCE_DIRS=""
+
+# Path to the log files. One log file will be created for each TT-RSS
+# instance. Update the logrotate file after changing this.
+#
+# Default:
+#  LOG_DIR="/var/log/ttrssd"
+#
+LOG_DIR="/var/log/ttrssd"
+
+# User to run the update daemon as. You should not run this as
+# root. If ACLs are unavailable on the filesystem used by the TT-RSS
+# instances then choosing the same user that serves the PHP web
+# interface is recommended to avoid permission issues. You *must* add
+# this user to the ttrssd group. If the PHP user is not the same as
+# the web server user (e.g. apache or nginx) then this user must be
+# added to the ttrssd group too.
+#
+# Default:
+#  TTRSSD_USER="ttrssd"
+#
+TTRSSD_USER="ttrssd"
+
+# Additional options to pass to the update daemon. If you want to pass
+# different options to different TT-RSS instances then create symlinks
+# of the ttrssd init.d script (e.g. ttrssd.foo, ttrssd.bar) and
+# configure INSTANCE_DIRS and TTRSSD_OPTS for each of these.
+#
+# Default:
+#  TTRSSD_OPTS=""
+# Example:
+#  TTRSSD_OPTS="--tasks=1 --interval=300"
+#
+TTRSSD_OPTS=""

diff --git a/www-apps/tt-rss/files/ttrssd.initd-r3 b/www-apps/tt-rss/files/ttrssd.initd-r3
new file mode 100644
index 00000000000..a6f3b8a78ef
--- /dev/null
+++ b/www-apps/tt-rss/files/ttrssd.initd-r3
@@ -0,0 +1,88 @@
+#!/sbin/openrc-run
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+depend() {
+	need net
+	after postgresql mysql
+}
+
+PID_DIR="/run/ttrssd"
+LOG_DIR=${LOG_DIR:-"/var/log/ttrssd"}
+TTRSSD_USER=${TTRSSD_USER:-"ttrssd"}
+
+setup() {
+	mkdir -p "${PID_DIR}" "${LOG_DIR}" || return 1
+	chown "${TTRSSD_USER}":ttrssd "${LOG_DIR}" || return 1
+}
+
+list_instance_dirs() {
+	if [ -z "${INSTANCE_DIRS}" ]; then
+		cut -d" " -f4 /var/db/webapps/tt-rss/*/installs 2>/dev/null
+	else
+		printf "%s\n" ${INSTANCE_DIRS}
+	fi
+}
+
+instance_dir_to_name() {
+	local name=${1#/}
+	echo ${name//\//--}
+}
+
+start() {
+	setup || return 1
+	local instance_dir instance_name ret=1
+
+	IFS=$'\n'
+	for instance_dir in $(list_instance_dirs); do
+		if [ -d "${instance_dir}" ]; then
+			if [ ! -f "${instance_dir}"/update_daemon2.php ]; then
+				ewarn "TT-RSS instance in ${instance_dir} has no update_daemon2.php script"
+			elif [ ! -f "${instance_dir}"/config.php ]; then
+				eerror "TT-RSS instance in ${instance_dir} is not configured"
+			else
+				instance_name=$(instance_dir_to_name "${instance_dir}")
+				ebegin "Starting TT-RSS update daemon in ${instance_dir}"
+				start-stop-daemon --start --user "${TTRSSD_USER}":ttrssd \
+								  --background --wait 2000 \
+								  --stdout "${LOG_DIR}/${instance_name}.log" \
+								  --stderr "${LOG_DIR}/${instance_name}.log" \
+								  --make-pidfile --pidfile "${PID_DIR}/${instance_name}.pid" \
+								  --exec /usr/bin/php -- -f "${instance_dir}"/update_daemon2.php \
+								  -- ${TTRSSD_OPTS}
+				eend $? && ret=0
+			fi
+		else
+			eerror "TT-RSS instance in ${instance_dir} is missing"
+		fi
+	done
+	unset IFS
+
+	# Succeed if at least one started.
+	return ${ret}
+}
+
+stop() {
+	local instance_dir instance_name
+
+	IFS=$'\n'
+	for instance_dir in $(list_instance_dirs); do
+		instance_name=$(instance_dir_to_name "${instance_dir}")
+
+		[ -f "${PID_DIR}/${instance_name}.pid" ] ||
+			[ -f "${instance_dir}"/update_daemon2.php ] ||
+			continue
+
+		ebegin "Stopping TT-RSS update daemon in ${instance_dir}"
+		start-stop-daemon --stop --retry 5 --pidfile "${PID_DIR}/${instance_name}.pid" \
+						  --exec /usr/bin/php -- -f "${instance_dir}"/update_daemon2.php \
+						  -- ${TTRSSD_OPTS}
+		eend $?
+
+		rm -f "${instance_dir}"/lock/*.lock
+	done
+	unset IFS
+
+	# Always succeed.
+	return 0
+}

diff --git a/www-apps/tt-rss/files/ttrssd.logrotated b/www-apps/tt-rss/files/ttrssd.logrotated
index 9616a98c302..2bb0d0c1dd3 100644
--- a/www-apps/tt-rss/files/ttrssd.logrotated
+++ b/www-apps/tt-rss/files/ttrssd.logrotated
@@ -1,5 +1,6 @@
 /var/log/ttrssd.log {
 	daily
+	delaycompress
 	missingok
 	notifempty
 	postrotate

diff --git a/www-apps/tt-rss/files/ttrssd.logrotated b/www-apps/tt-rss/files/ttrssd.logrotated-r1
similarity index 71%
copy from www-apps/tt-rss/files/ttrssd.logrotated
copy to www-apps/tt-rss/files/ttrssd.logrotated-r1
index 9616a98c302..c2bf08f7561 100644
--- a/www-apps/tt-rss/files/ttrssd.logrotated
+++ b/www-apps/tt-rss/files/ttrssd.logrotated-r1
@@ -1,5 +1,6 @@
-/var/log/ttrssd.log {
+/var/log/ttrssd/*.log {
 	daily
+	delaycompress
 	missingok
 	notifempty
 	postrotate

diff --git a/www-apps/tt-rss/tt-rss-20180105.ebuild b/www-apps/tt-rss/tt-rss-20180105.ebuild
new file mode 100644
index 00000000000..9affdac7e13
--- /dev/null
+++ b/www-apps/tt-rss/tt-rss-20180105.ebuild
@@ -0,0 +1,84 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=6
+
+inherit prefix user webapp
+
+COMMIT="c30f5e18119d1935e8fe6d422053b127e8f4f1b3"
+DESCRIPTION="Tiny Tiny RSS - A web-based news feed (RSS/Atom) aggregator using AJAX"
+HOMEPAGE="https://tt-rss.org/"
+SRC_URI="https://git.tt-rss.org/git/${PN}/archive/${COMMIT}.tar.gz -> ${P}.tar.gz"
+LICENSE="GPL-3"
+KEYWORDS="~amd64 ~arm ~mips ~x86"
+IUSE="+acl daemon +mysqli postgres"
+REQUIRED_USE="|| ( mysqli postgres )"
+
+DEPEND="daemon? ( acl? ( sys-apps/acl ) )"
+
+RDEPEND="${DEPEND}
+	daemon? ( dev-lang/php:*[mysqli?,postgres?,curl,cli,pcntl,pdo] )
+	!daemon? ( dev-lang/php:*[mysqli?,postgres?,curl,pdo] )
+	virtual/httpd-php:*"
+
+DEPEND="!vhosts? ( ${DEPEND} )"
+
+need_httpd_cgi # From webapp.eclass
+
+S="${WORKDIR}/${PN}"
+
+pkg_setup() {
+	webapp_pkg_setup
+
+	if use daemon; then
+		enewgroup ttrssd
+		enewuser ttrssd -1 /bin/sh /dev/null ttrssd
+	fi
+}
+
+src_configure() {
+	hprefixify config.php-dist
+
+	sed -i -r \
+		-e "/'DB_TYPE'/s:,.*:, '$(usex mysqli mysql pgsql)'); // mysql or pgsql:" \
+		-e "/'CHECK_FOR_UPDATES'/s/true/false/" \
+		config.php-dist || die
+}
+
+src_install() {
+	webapp_src_preinst
+
+	insinto "${MY_HTDOCSDIR}"
+	doins -r *
+
+	# When updating, grep the plugins directory for additional CACHE_DIR
+	# instances as they cannot be created later due to permissions.
+	dodir "${MY_HTDOCSDIR}"/cache/starred-images
+
+	local dir
+	for dir in "${ED}${MY_HTDOCSDIR}"/{cache/*,feed-icons,lock}/; do
+		webapp_serverowned "${dir#${ED}}"
+	done
+
+	if use daemon; then
+		webapp_hook_script "${FILESDIR}"/permissions
+		webapp_postinst_txt en "${FILESDIR}"/postinstall-en-with-daemon-r1.txt
+
+		newinitd "${FILESDIR}"/ttrssd.initd-r3 ttrssd
+		newconfd "${FILESDIR}"/ttrssd.confd-r2 ttrssd
+
+		insinto /etc/logrotate.d
+		newins "${FILESDIR}"/ttrssd.logrotated-r1 ttrssd
+
+		elog "After upgrading, please restart ttrssd."
+	else
+		webapp_postinst_txt en "${FILESDIR}"/postinstall-en.txt
+	fi
+
+	webapp_src_install
+}
+
+pkg_postinst() {
+	elog "You need to merge config.php-dist into config.php manually when upgrading."
+	webapp_pkg_postinst
+}