On Fri Oct 03, 2003 at 01:01:07AM +0200, Oden Eriksson wrote: Oden.. nice to see, but you didn't install it in a good way.
You have include/ exposed, which would have been fine for 0.2.3 or earlier, but the layout should really be something like: /var/www/anthill rather than /var/www/html/anthill. Then you just expose /var/www/anthill/html (ie. via an Alias or a symlink), but you keep include/, etc/, etc. unexposed and entirely unreachable for maximum security. I can fix this a little later on if you like (or you can). I'm not on the cooker list anymore so you'll have to cc me. Thanks for the packaging tho... =) > [Contrib-RPM] > > -=-=-=- > Name : anthill Relocations: (not relocateable) > Version : 0.2.4 Vendor: MandrakeSoft > Release : 2mdk Build Date: Fri Oct 3 00:04:32 2003 > Install Date: (not installed) Build Host: klama.mandrake.org > Group : System/Servers Source RPM: (none) > Size : 359465 License: GPL > Signature : DSA/SHA1, Fri Oct 3 00:04:32 2003, Key ID 6a8743b0604aa4e4 > Packager : Oden Eriksson <[EMAIL PROTECTED]> > URL : http://anthill.vmlinuz.ca/ > Summary : Bug tracking database system written in PHP > Description : > Anthill is a bug tracking database system written in PHP. It > provides the standard bug tracking features such as: user logins, > summary reports, submitting bugs, querying bugs, various severity > and status levels. It also provides some unique features, such as > a template system, and multi-lingual support. > > Buildarchs: noarch > > > -=-=-=- > Oden Eriksson <[EMAIL PROTECTED]> 0.2.4-2mdk > > - arrgh!, forgot about some crucial dirs... > > -=-=-=- > E: anthill unknown-key GPG#604aa4e4 > > -=-=-=- > anthill.spec changed > --- anthill-0.2.4-1mdk.src.rpm/anthill.spec 2003-10-03 01:01:06.000000000 +0200 > +++ anthill-0.2.4-2mdk.src.rpm/anthill.spec 2003-10-03 01:01:06.000000000 +0200 > @@ -1,6 +1,6 @@ > %define name anthill > %define version 0.2.4 > -%define release 1mdk > +%define release 2mdk > %define languages de es fi fr il nl pl ru zh > > > @@ -37,7 +37,6 @@ > install -d %{buildroot}/var/www/html/%{name}/images > install -d %{buildroot}/var/www/html/%{name}/include > > - > install -m0644 html/*.php %{buildroot}/var/www/html/%{name}/ > install -m0644 html/*.css %{buildroot}/var/www/html/%{name}/ > install -m0644 html/images/*.png %{buildroot}/var/www/html/%{name}/images/ > @@ -45,7 +44,6 @@ > install -m0644 include/.htaccess %{buildroot}/var/www/html/%{name}/include/ > install -m0644 include/*.php %{buildroot}/var/www/html/%{name}/include/ > > - > for i in %languages; do > install -d %{buildroot}/var/www/html/%{name}/backend/language/$i/LC_MESSAGES > install -m0644 html/backend/language/$i/LC_MESSAGES/* \ > @@ -54,7 +52,6 @@ > > install -m0644 html/backend/language/Anthill.pot > %{buildroot}/var/www/html/%{name}/backend/language/ > > - > install -d %{buildroot}/var/www/html/%{name}/backend/template/blue > install -d %{buildroot}/var/www/html/%{name}/backend/template/default > > @@ -62,6 +59,11 @@ > install -m0644 html/backend/template/blue/* > %{buildroot}/var/www/html/%{name}/backend/template/blue/ > install -m0644 html/backend/template/default/* > %{buildroot}/var/www/html/%{name}/backend/template/default > > +install -d %{buildroot}/var/www/html/%{name}/shadow > +install -d %{buildroot}/var/www/html/%{name}/tmp > +install -d %{buildroot}/var/www/html/%{name}/gpg > +install -d %{buildroot}/var/www/html/%{name}/attachments > + > %clean > [ "%{buildroot}" != "/" ] && rm -rf %{buildroot} > > @@ -70,8 +72,15 @@ > %doc etc/* contrib CHANGES README README.html THANKS TODO > %config(noreplace) %attr(0644,root,root) /var/www/html/%{name}/include.php > %config(noreplace) %attr(0644,root,root) > /var/www/html/%{name}/include/config.inc.php > +%dir %attr(0777,apache,apache) /var/www/html/%{name}/shadow > +%dir %attr(0777,apache,apache) /var/www/html/%{name}/tmp > +%dir %attr(0777,apache,apache) /var/www/html/%{name}/gpg > +%dir %attr(0777,apache,apache) /var/www/html/%{name}/attachments > /var/www/html/%{name} > > %changelog > +* Thu Oct 02 2003 Oden Eriksson <[EMAIL PROTECTED]> 0.2.4-2mdk > +- arrgh!, forgot about some crucial dirs... > + > * Thu Oct 02 2003 Oden Eriksson <[EMAIL PROTECTED]> 0.2.4-1mdk > - initial cooker contrib > > > -- > http://www.mandrake-linux.com/en/cookerdevel.php3 -- MandrakeSoft Security; http://www.mandrakesecure.net/ Online Security Resource Book; http://linsec.ca/ "lynx -source http://linsec.ca/vdanen.asc | gpg --import" {FE6F2AFD : 88D8 0D23 8D4B 3407 5BD7 66F9 2043 D0E5 FE6F 2AFD}
pgp00000.pgp
Description: PGP signature
