Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Added the missing index rewrites. They are used for sorting the issues,
and they were not working, because nginx needs it to be an absolute regex,
ending in $ for it to work, otherwise it replaces the index files finding
logic.

We don't use any and the template is the same as for normal extensions
so it's wrong anways.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

The task rewrites were not working because the location regex was
matching only up to the task id.

CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as
nginx instead of root. logrotate creates the proper log files
already so nginx doesn't need write permissions to those directories.

Added some more rewrites to the flyspray role. Changed from using
try_files (they are meant to static first, then dynamic). Nginx
locations can only deal in absolute URL's, so they all need to have
/ in front of them.

Initial work on the flyspray rewrites. The tasks rewrites are working.

When cloning the empty repository for the first time, there can't
be a setup directory, otherwise the clone will fail. We check if
the user was created on that run or not and don't create the setup
directory in that case.

The setup directory for flyspray is present on our git, so, instead of being
deleted after the installation, it remains on the repository. To avoid issues
with it, it has permissions 000 when not in use. But, for cloning, it is
required to have write permissions. So, we do this permission juggling before
cloning.

roles/flyspray: Initial work on flyspray PHP support. Redirects are needed in order for flyspray to run.

roles/flyspray: Changed the flyspray user from php-flyspray to flyspray and made the template of the php-fpm.conf to follow.

roles/flyspray: Remove duplicated register and created a task to enable and start the php-fpm@flyspray.socket.

roles/flyspray: Create a setting for the user flyspray uses and change tasks accordingly. Also created a task to deploy the php-fpm configuration.

roles/flyspray: Continuing the work on flyspray. We have the tasks.yml installing and configuring flyspray with nginx, still left to do the php-fpm service.

roles/flyspray: Initial work on the flyspray role. Created a vault for the db password and a defaults file.

CVE-2016-1247 is a symlink attack on the log dir of nginx since a
reopening of the logs (triggered by logrotate) opens the logs as nginx
instead of root. logrotate creates the proper log files already so
nginx doesn't need write permissions to those directories.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

The config is based on my personal one, but stripped of many
unnecessary parts. It's an initial config to get a somewhat useable
root shell on our server.

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

Signed-off-by: Florian Pritz <bluewind@xinu.at>

https://lists.archlinux.org/pipermail/aur-general/2017-January/033168.html



Signed-off-by: Florian Pritz <bluewind@xinu.at>