From 17f28552af10e72a221a0be16417249852774f1b Mon Sep 17 00:00:00 2001
From: Sergey Poznyakoff <gray@gnu.org.ua>
Date: Sun, 3 Jan 2010 12:01:19 +0200
Subject: Update docs.

* etc/wydawca.rc: Update.
* doc/wydawca.texi: Update.
---
 doc/wydawca.texi |   2 +-
 etc/wydawca.rc   | 157 ++++++++++++++++++++++++++++++++++---------------------
 2 files changed, 97 insertions(+), 62 deletions(-)

diff --git a/doc/wydawca.texi b/doc/wydawca.texi
index c3a91f8..ab18e47 100644
--- a/doc/wydawca.texi
+++ b/doc/wydawca.texi
@@ -1930,7 +1930,7 @@ all the directories below the build tree to 777 before creating
 the tarball.  This constitutes a security hole (see CVE-2009-4029[1],
 for more details).
 
-Please, rebuild the package using a newer Automake (v. 1.11.2 or newer)
+Please, rebuild the package using a newer Automake (at least v. 1.11.1)
 and resubmit.
 _EOF_
     cat <<_EOF_
diff --git a/etc/wydawca.rc b/etc/wydawca.rc
index e4e7b47..04e7be9 100644
--- a/etc/wydawca.rc
+++ b/etc/wydawca.rc
@@ -15,7 +15,7 @@
    with wydawca. If not, see <http://www.gnu.org/licenses/>. */
 
 /* Configure logging via syslog.
-   For more info, run `info wydawca syslog'.
+ * For more info, run `info wydawca syslog'.
  */	
 syslog {
   facility local1;
@@ -24,7 +24,7 @@ syslog {
 }
 
 /* Enable statistics output at the end of the run.
-   For more info, run `info wydawca statistics'.
+ * For more info, run `info wydawca statistics'.
  */
 statistics all;
 
@@ -35,7 +35,7 @@ file-sweep-time "1 hour";
 umask 022;
 
 /* Set the name of the tar binary. This is optional.
-   See `info wydawca archivation', for more info.
+ * See `info wydawca archivation', for more info.
  */	 
 tar-program "/bin/tar";
 
@@ -50,8 +50,8 @@ sql default {
 }
 
 /* Configure dictionaries. 
-   Run `info wydawca dictionaries', for the detailed description of these.
-   The provided ones use Savane database structure.
+ * Run `info wydawca dictionaries', for the detailed description of these.
+ * The provided ones use Savane database structure.
  */
 
 dictionary project-owner {
@@ -80,7 +80,7 @@ dictionary project-uploader {
 }
 	
 /* Configure email notifications
-   See `info wydawca notification', for a description.
+ * See `info wydawca notification', for a description.
  */
 
 admin-address "root@localhost";
@@ -119,13 +119,13 @@ EOT;
 # Notify the user about successful uploads
 notify-event {
   event success;
-  recipient user;
   message <<EOT
+To: ${email:user}
 Subject: Upload of ${project} successful
 
 Upload of ${project} to ${dir} finished successfully. Files uploaded:
 
-${triplet:upload}
+${triplet:upload}$-
 
 Regards,
 Wydawca
@@ -136,14 +136,14 @@ EOT;
 # Notify project admin about a successful upload.
 notify-event {
   event success;
-  recipient owner;
   message <<EOT
+To: ${email:owner}
 Subject: Upload of ${project} successful
 
 ${user:real-name} (${user:email}) successfully uploaded files
 for ${project} to ${dir}. Files uploaded:
 
-${triplet:upload}
+${triplet:upload}$-
 
 Regards,
 Wydawca
@@ -151,18 +151,19 @@ The Project Submission Robot
 EOT;
 }
 
-# Notify project admin, if someone non authorized attempted to upload some
-# files for the project they run.
+/* Notify project admin, if someone non authorized attempted to upload some
+ * files for the project they run.
+ */
 notify-event {
   event bad-ownership;
-  recipient owner;
   message <<EOT
+To: ${email:owner}
 Subject: Suspicious upload of ${project}
 
 Someone not authorized to make releases for ${project}
 has attempted to upload the following files to ${dir}:
 
-${triplet:full}
+${triplet:full}$-
 
 This upload has been ignored and the files removed. The person who attempted
 the upload was ${user:real-name}, user name ${user:name}, email ${user:email}.
@@ -176,47 +177,20 @@ The Project Submission Robot
 EOT;
 }
 
-# Notify the user (submitter), if the directive signature does not match
-# his record.
-# It may be a good idea not to notify users about such events, just to
-# stay on a safe side. Notifying project admins (see below) should be quite
-# enough.
-notify-event {
-  event bad-directive-signature;
-  recipient user;
-  message <<EOT
-Subject: Suspicious upload of ${project}
-
-Someone (apparently you), has tried to make a release for ${project}.
-However, the signature of the directive file was wrong, which looks
-suspicious. The person uploaded the following files:
-
-${triplet:full}
-
-This upload has been ignored and the files removed. If it was you who
-attempted this upload, please make sure you use the right PGP key and
-try again. If not, please let us know as soon as possible, so we can
-track down the person trying to make believe he is you.
-
-Regards,
-Wydawca
-The Project Submission Robot
-EOT;
-}
-
-# Notify the project admin, if submitted directive signature did not match
-# submitter record.
+/* Notify the project admin, if submitted directive signature did not match
+ * any of the submitter records.
+ */
 notify-event {
   event bad-directive-signature;
-  recipient owner;
   message <<EOT
+To: ${email:owner}
 Subject: Suspicious upload of ${project}
 
 ${user:real-name} (${user:email}) has tried to make a release
 for ${project}. However, the signature of the directive file was wrong,
 which looks suspicious. The person uploaded the following files:
 
-${triplet:full}
+${triplet:full}$-
 
 This upload has been ignored and the files removed.
 
@@ -226,22 +200,23 @@ The Project Submission Robot
 EOT;
 }
 
-# Notify the user (submitter), if the detached signature does not match
-# his record.
-# It may be a good idea not to notify users about such events, just to
-# stay on a safe side. Notifying project admins (see below) should be quite
-# enough.
+/* Notify the user (submitter), if the detached signature did not match
+ * his record.
+ * It may be a good idea not to notify users about such events, just to
+ * stay on a safe side. Notifying project admins (see below) should be quite
+ * enough.
+ */
 notify-event {
   event bad-detached-signature;
-  recipient user;
   message <<EOT
+To: ${email:user}
 Subject: Suspicious upload of ${project}
 
 Someone (apparently you), has tried to make a release for ${project}.
 However, the detached signature signature was wrong, which looks
 suspicious. The person uploaded the following files:
 
-${triplet:full}
+${triplet:full}$-
 
 This upload has been ignored and the files removed. If it was you who
 attempted this upload, please make sure you use the right PGP key and
@@ -254,19 +229,20 @@ The Project Submission Robot
 EOT;
 }
 
-# Notify the project admin, if submitted detached signature did not match
-# submitter record.
+/* Notify the project admin, if submitted detached signature did not match
+ * submitter record.
+ */
 notify-event {
   event bad-detached-signature;
-  recipient owner;
   message <<EOT
+To: ${email:owner}
 Subject: Suspicious upload of ${project}
 
 ${user:real-name} (${user:email}) has tried to make a release
 for ${project}. However, the detached signature file was wrong,
 which looks suspicious. The person uploaded the following files:
 
-${triplet:full}
+${triplet:full}$-
 
 This upload has been ignored and the files removed.
 
@@ -276,11 +252,70 @@ The Project Submission Robot
 EOT;
 }
 
-/* Configure distribution spools.
-   A spool defines where to look for input triplets, and where to
-   copy uploaded files.
+/* Notify both the submitter and the project owner about uploads
+ * that did not pass distribution verification (see check-script below).
+ * The X-Wydawca-Uploader header supplies additional information for the
+ * project owner about the user who did the upload.
+ */
+notify-event {
+  event check-failure;
+  message <<EOT
+To: ${email:user}
+Cc: ${email:owner}
+Subject: ${triplet:dist} rejected
+X-Wydawca-Uploader: "${user:real-name}" (${user:name}) <${user:email}>
+
+Your upload of ${triplet:dist} has been rejected by the distribution
+verification procedure with the following diagnostics:
+
+${check:diagn}$-
+
+Please fix the tarball and resubmit.
 
-   See `info wydawca spool', for a detailed explanation.
+Regards,
+Wydawca
+The Project Submission Robot
+EOT;
+}
+
+/* Make sure the distributed tarball does not contain a security hole
+ * described in CVE-2009-4029. Reject it, if it does.
+ * See `info wydawca verification', for a description of check-script.
+ *
+ * Note: this script relies on GNU tar and grep.
+ */
+check-script <<EOT
+case ${WYDAWCA_DIST_FILE} in
+*.tar|*.tar.*)
+  if tar -xOf ${WYDAWCA_DIST_FILE} --occurrence=1 \
+      --wildcards --no-wildcards-match-slash '*/Makefile.in' | \
+      grep -q 'perm -777'; then
+    fmt <<_EOF_
+The top-level Makefile.in in ${WYDAWCA_DIST_FILE} changes mode of
+all the directories below the build tree to 777 before creating the tarball.
+This constitutes a security hole (see CVE-2009-4029[1], for more details).
+
+Please, rebuild the package using a newer Automake (at least v. 1.11.1)
+and resubmit.
+_EOF_
+    cat <<_EOF_
+--
+[1] http://article.gmane.org/gmane.comp.sysutils.autotools.announce/131
+_EOF_
+    exit 1
+  fi
+  ;;
+*)
+  ;;
+esac
+exit 0
+EOT;
+
+/* Configure distribution spools.
+ * A spool defines where to look for input triplets, and where to
+ * copy uploaded files.
+ *
+ * See `info wydawca spool', for a detailed explanation.
  */
 
 spool download {
-- 
cgit v1.2.1