PR#12: Misc. fixes for jicofo - jitsi-rpm

jitsi-rpm

#12 Misc. fixes for jicofo

Merged 4 years ago by lcts. Opened 4 years ago by felfert.

Unknown source fix-jicofo-config-permissions into main

Misc. fixes for jicofo

Fritz Elfert • 4 years ago

966a502

jicofo/jicofo.service

file modified

+3 -3

		`@@ -7,7 +7,7 @@`
		`SuccessExitStatus=143`
		`EnvironmentFile=/etc/jicofo/config`
		`User=jicofo`
		`- ExecStart=/usr/share/jicofo/jicofo.sh --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} ${JICOFO_OPTS}`
		`+ ExecStart=/usr/libexec/jicofo --host=${JICOFO_HOST} --domain=${JICOFO_HOSTNAME} --port=${JICOFO_PORT} --user_name=${JICOFO_AUTH_USER} --user_domain=${JICOFO_AUTH_DOMAIN} ${JICOFO_OPTS}`
		`WorkingDirectory=~`

		`# Hardening`
		`@@ -19,8 +19,8 @@`
		`ProtectKernelTunables=yes`
		`ProtectControlGroups=yes`
		`ProtectSystem=strict`
		`- # whitelist writing to rundir and config dir`
		`- ReadWritePaths=/run/jicofo /etc/jicofo`
		`+ # whitelist writing to rundir`
		`+ ReadWritePaths=/run/jicofo`

		`[Install]`
		`WantedBy=multi-user.target`

jicofo/jicofo.sh

file added

+28

		`@@ -0,0 +1,28 @@`
		`+ #!/bin/bash`
		`+`
		`+ if [[ "$1" == "--help" \|\| $# -lt 1 ]]; then`
		`+ echo -e "Usage:"`
		`+ echo -e "$0 [OPTIONS], where options can be:"`
		`+ echo -e "\t--host=HOST\t sets the hostname of the XMPP server (default: domain, if domain is set, localhost otherwise)"`
		`+ echo -e "\t--domain=DOMAIN\t sets the XMPP domain"`
		`+ echo -e "\t--port=PORT\t sets the port of the XMPP server (default: 5347)"`
		`+ echo -e "\t--subdomain=SUBDOMAIN\t sets the sub-domain used to bind focus XMPP component (default: focus)"`
		`+ echo -e "\t--secret=SECRET\t sets the shared secret used to authenticate focus component to the XMPP server"`
		`+ echo -e "\t--user_domain=DOMAIN\t specifies the name of XMPP domain used by the focus user to login."`
		`+ echo -e "\t--user_name=USERNAME\t specifies the username used by the focus XMPP user to login. (default: focus@user_domain)"`
		`+ echo -e "\t--user_password=PASSWORD\t specifies the password used by focus XMPP user to login. If not provided then focus user will use anonymous authentication method."`
		`+ echo`
		`+ echo -e "\tSECRET and PASSWORD can alternatively be set via the environment variables JICOFO_SECRET and JICOFO_AUTH_PASSWORD respectively."`
		`+ echo`
		`+ exit 1`
		`+ fi`
		`+`
		`+ if [ -z "$JICOFO_MAX_MEMORY" ]; then JICOFO_MAX_MEMORY=3072m; fi`
		`+`
		`+ cp /etc/jicofo/sip-communicator.properties ~/`
		`+ exec java -Xmx$JICOFO_MAX_MEMORY \`
		`+ -XX:+HeapDumpOnOutOfMemoryError \`
		`+ -XX:HeapDumpPath=/tmp \`
		`+ -Djdk.tls.ephemeralDHKeySize=2048 \`
		`+ $JAVA_SYS_PROPS \`
		`+ -jar /usr/share/jicofo/jicofo.jar $@`

jicofo/jicofo.spec

file modified

+10 -4

		`@@ -15,10 +15,12 @@`
		`Source4: %{name}.sysusers`
		`Source5: %{name}.tmpfiles`
		`Source6: README.fedora`
		`+ Source7: jicofo.sh`
		`Patch1: 0001-log-to-syslog.patch`

		`BuildArch: noarch`
		`BuildRequires: maven`
		`+ BuildRequires: maven-local`
		`BuildRequires: java-openjdk-devel`
		`BuildRequires: systemd-rpm-macros`

		`@@ -52,6 +54,8 @@`
		`#-- PREP, BUILD & INSTALL -----------------------------------------------------#`
		`%prep`
		`%autosetup -p1 -n %{name}-stable-%{project}-meet_%{project_version}`
		`+ %pom_xpath_inject //pom:manifest \`
		`+ '<addClasspath>true</addClasspath><useUniqueVersions>false</useUniqueVersions><classpathPrefix>lib</classpathPrefix><mainClass>org.jitsi.jicofo.Main</mainClass>'`

		`%build`
		`# build & copy dependencies`
		`@@ -64,7 +68,8 @@`
		`# program`
		`install -D -m 644 -t %{buildroot}%{_datadir}/%{name}/lib/ target/dependency/*`
		`install -m 644 target/%{name}-%{version}.jar %{buildroot}%{_datadir}/%{name}/%{name}.jar`
		`- install -m 755 resources/%{name}.sh %{buildroot}%{_datadir}/%{name}/%{name}.sh`
		`+ # install -m 755 resources/%{name}.sh %{buildroot}%{_datadir}/%{name}/%{name}.sh`
		`+ install -D -m 755 %{SOURCE7} %{buildroot}%{_libexecdir}/%{name}`

		`# config`
		`install -D -m 640 -t %{buildroot}%{_sysconfdir}/%{name}/ lib/logging.properties`
		`@@ -103,9 +108,10 @@`

		`# package files/dirs`
		`%{_datadir}/%{name}/`
		`- %dir %attr(0700,%{user},root) %{_sysconfdir}/%{name}/`
		`- %config(noreplace) %attr(0644,%{user},root) %{_sysconfdir}/%{name}/*`
		`- %dir %attr(0755,%{user},%{user}) %{_rundir}/%{name}/`
		`+ %{_libexecdir}/%{name}`
		`+ %dir %attr(0750,root,%{user}) %{_sysconfdir}/%{name}/`
		`+ %config(noreplace) %attr(0649,root,%{user}) %{_sysconfdir}/%{name}/*`
		`+ %dir %attr(0700,%{user},%{user}) %{_rundir}/%{name}/`

		`# system config`
		`%{_unitdir}/%{name}.service`

jicofo/jicofo.tmpfiles

file modified

+3 -3

		`@@ -1,5 +1,5 @@`
		`# create rundir`
		`- d /run/jicofo 0755 jicofo jicofo -`
		`+ d /run/jicofo 0700 jicofo jicofo -`
		`# ensure correct permissions for all files in config dir`
		`- Z /etc/jicofo 0640 jicofo jicofo`
		`- z /etc/jicofo 0750 jicofo jicofo`
		`+ Z /etc/jicofo 0640 root jicofo`
		`+ z /etc/jicofo 0750 root jicofo`

felfert commented 4 years ago

Fixed permissions for config dir
Set classpath and mainclass in jar manifest
Use own shell wrapper in the proper location at /usr/libexec in
order to accomodate above changes.

Fixes #1
Fixes (partially) #5