Instead of always replying with a generic 500 internal server error code,
use more appropriate codes such as 403 to indicate denied permissions.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Add a new `cgi-download` applet which allows to retrieve the contents
of regular files or block devices.
In order to initiate a transfer, a POST request in x-www-form-urlencoded
format must be sent to the applet, with one field "sessionid" holding
the login session and another field "path" containing the file path to
download.
Further optional fields are "filename" which - if present - will cause
the download applet to set a Content-Dispostition header and "mimetype"
which allows to let the applet respond with a specific type instead of
the default "application/octet-stream".
Below is an example for the required acl rules to grant download access
to files or block devices:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "cgi-io",
"objects": [
[ "download", "read" ]
]
}'
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/etc/config/*", "read" ],
[ "/dev/mtdblock*", "read" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Use the `cgi-io` scope to check for permission to execute the requested
command (`upload`, `backup`) and the `file` scope to check path
permissions.
The reasoning of this change is that `cgi-io` is usually used in
conjunction with `rpcd-mod-file` to transfer large file data out
of band and `rpcd-mod-file` already uses the `file` scope to manage
file path access permissions. After this change, both `rpc-mod-file`
and `cgi-io` can share the same path acl rules.
Write access to a path can be granted by using an ubus call in the
following form:
ubus call session grant '{
"ubus_rpc_session": "...",
"scope": "file",
"objects": [
[ "/var/lib/uploads/*", "write" ]
]
}'
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
Go 1.13 added a new -trimpath option to the "go build" command[1] that
removes system paths from compiled executables. This replaces the
previous -trimpath flags.
There are still system paths in the compiled executable (for crti.o and
crtn.o, when cross-compiling); these appear to be stripped during the
packaging process.
[1]: https://golang.org/doc/go1.13#trimpath
Signed-off-by: Jeffery To <jeffery.to@gmail.com>
The `python-mysql` package was updated with PR https://github.com/openwrt/packages/pull/9705
For seahub this was omitted, since the Python dependencies are prefixed
with `python-`, so it was missed during the grep search.
And grepping just for `mysql` yields many results.
Signed-off-by: Alexandru Ardelean <ardeleanalex@gmail.com>
commit 0c090fde68b2 ("scons: move host build tool to a proper place")
has moved scons into the packages feeds, so switch to that package
include and adjust build dependency to a new scons home.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
This patch aims to move scons host build tool into packages feeds, where
this tools belongs. There are currently no packages in the master tree
which would need scons, yet scons is build always as part of host tools,
just in order to satisfy host build dependency of few packages in the
packages feeeds.
Signed-off-by: Petr Štetiar <ynezz@true.cz>
Size reduced from 92878 to 91675 bytes.
CMake added CXX files. Removed those.
Removed ceill patch. ceill is not used anymore.
Removed pkgconfig patch. CMake uses a different file, which does not have
this problem.
Further size reduction to 87938 with LTO.
Removed InstallDev. CMAKE_INSTALL takes care of that.
Added WebP support.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Eliminate patch in favor of configure argument.
Shuffled some stuff around for consistency between packages.
Added PKG_BUILD_PARALLEL for faster compilation.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Fix that KERNEL_CGROUPS is enabled (selected) automatically along with
cgroups-mount
Replace "if PACKAGE_docker-ce" with a menu to avoid circular denpendency
issue involving PACKAGE_docker-ce, PACKAGE_cgroups-mount and
KERNEL_CGRUOPS
docker-ce, lxc: replace KERNEL_LXC_MISC with more specific options
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>