INN commit: trunk (3 files)

INN Commit Russ_Allbery at isc.org
Sat Sep 15 07:24:07 UTC 2007


    Date: Saturday, September 15, 2007 @ 00:24:06
  Author: iulius
Revision: 7672

  * Sync the order of the parameters in innconf.h and inn.conf.pod.
  * Remove nnrp*auth from the list of parameters.  They are now
    only mentioned as obsolete in the beginning of the section.
  * Add a history section in inn.conf.pod.
  * Add a subsection for SSL and TLS support since it affects
    both reading and posting.

Modified:
  trunk/doc/pod/inn.conf.pod
  trunk/include/inn/innconf.h
  trunk/samples/inn.conf.in

-----------------------+
 doc/pod/inn.conf.pod  |  240 +++++++++++++++++++++++++-----------------------
 include/inn/innconf.h |   38 ++++---
 samples/inn.conf.in   |   11 +-
 3 files changed, 152 insertions(+), 137 deletions(-)

Modified: doc/pod/inn.conf.pod
===================================================================
--- doc/pod/inn.conf.pod	2007-09-14 22:08:45 UTC (rev 7671)
+++ doc/pod/inn.conf.pod	2007-09-15 07:24:06 UTC (rev 7672)
@@ -153,6 +153,15 @@
 Note that you will generally need to put double quotes ("") around this
 value if you set it, since IPv6 addresses contain colons.
 
+=item I<dontrejectfiltered>
+
+Normally innd(8) rejects incoming articles when directed to do so by any
+enabled article filters (Perl or Python).  However, this parameter causes
+such articles I<not> to be rejected; instead filtering can be applied on
+outbound articles.  If this parameter is set, all articles will be
+accepted on the local machine, but articles rejected by the filter will
+I<not> be fed to any peers specified in F<newsfeeds> with the C<Af> flag.
+
 =item I<hiscachesize>
 
 If set to a value other than C<0>, a hash of recently received message IDs
@@ -306,17 +315,34 @@
 before expiring articles that still haven't been sent.  The default value
 is C<10> and probably doesn't need to be changed.
 
-=item I<dontrejectfiltered>
+=back
 
-Normally innd(8) rejects incoming articles when directed to do so by any
-enabled article filters (Perl or Python).  However, this parameter causes
-such articles I<not> to be rejected; instead filtering can be applied on
-outbound articles.  If this parameter is set, all articles will be
-accepted on the local machine, but articles rejected by the filter will
-I<not> be fed to any peers specified in F<newsfeeds> with the C<Af> flag.
+=head2 History Settings
 
+The following parameter affect the history database.
+
+=over 4
+
+=item I<hismethod>
+
+Which history storage method to use.  The only currently supported
+value is C<hisv6>.  There is no default value; this parameter must
+be set.
+
+=over 4
+
+=item C<hisv6>
+
+Stores history data in the INN history v6 format:  history(5) text
+file and a number of dbz(3) database files; this may be in true history
+v6 format, or tagged hash format, depending on the build
+options.  Separation of these two is a project which has not yet been
+undertaken.
+
 =back
 
+=back
+
 =head2 Article Storage
 
 These parameters affect how articles are stored on disk.
@@ -355,6 +381,16 @@
 groups in innd(8) under CONTROL MESSAGES.)  This is a boolean value and
 the default is false.
 
+=item I<nfswriter>
+
+For servers writing articles, determine whether the article spool is
+on NFS storage.  If set, INN attempts to flush articles to the spool
+in a more timely manner, rather than relying on the operating system
+to flush things such as the CNFS article bitmaps.  You should only set
+this parameter if you are attempting to use a shared NFS spool on a
+machine acting as a single writer within a cluster.  This is a boolean
+value and the default is false.
+
 =item I<overcachesize>
 
 How many cache slots to reserve for open overview files.  If INN is
@@ -406,24 +442,6 @@
 
 =back
 
-=item I<hismethod>
-
-Which history storage method to use.  The only currently supported
-value is C<hisv6>.  There is no default value; this parameter must
-be set.
-
-=over 4
-
-=item C<hisv6>
-
-Stores history data in the INN history v6 format:  history(5) text
-file and a number of dbz(3) database files; this may be in true history
-v6 format, or tagged hash format, depending on the build
-options.  Separation of these two is a project which has not yet been
-undertaken.
-
-=back
-
 =item I<storeonxref>
 
 If set to true, articles will be stored based on the newsgroup names in
@@ -473,50 +491,6 @@
 in order (innfeed(8) can have problems with this in the event of a
 backlog).  This is a boolean value and the default is false.
 
-=item I<nfswriter>
-
-For servers writing articles, determine whether the article spool is
-on NFS storage.  If set, INN attempts to flush articles to the spool
-in a more timely manner, rather than relying on the operating system
-to flush things such as the CNFS article bitmaps.  You should only set
-this parameter if you are attempting to use a shared NFS spool on a
-machine acting as a single writer within a cluster.  This is a boolean
-value and the default is false.
-
-=item I<nfsreader>
-
-For servers reading articles, determine whether the article spool is
-on NFS storage.  If set, INN will attempt to force articles and
-overviews to be read directly from the NFS spool rather than from
-cached copies.  You should only set this parameter if you are
-attempting to use a shared NFS spool on a machine acting a reader a
-cluster.  This is a boolean value and the default is false.
-
-=item I<nfsreaderdelay>
-
-For servers reading articles, determine whether the article spool is
-on NFS storage.  If I<nfsreader> is set, INN will use the value of
-I<nfsreaderdelay> to delay the apparent arrival time of articles to
-clients by this amount; this value should be tuned based on the NFS
-cache timeouts locally.  This default is 60 (1 minute).
-
-=item I<msgidcachesize>
-
-How many cache slots to reserve for Message ID to storage token
-translations.  When serving overview data to clients (NEWNEWS, XOVER
-etc.), nnrpd(8) can cache the storage token associated with a Message
-ID and save the cost of looking it up in the history file; for some
-configurations setting this parameter can save more than 90% of the
-wall clock time for a session.  The default value is 10000.
-
-=item I<tradindexedmmap>
-
-Whether to attempt to mmap() tradindexed overviews articles.  Setting
-this to true will give better performance on most systems, but some
-systems have problems with mmap().  If this is set to false, overviews
-will be read into memory before being sent to readers.  This is a
-boolean value and the default is true.
-
 =back
 
 =head2 Reading
@@ -525,6 +499,11 @@
 used by nnrpd(8).  There are some special sets of settings that are broken
 out separately after the initial alphabetized list.
 
+Note that the two parameters I<nnrpperlauth> and I<nnrppythonauth> are now
+obsolete; see "Changes to Perl Authentication Support for nnrpd" in
+F<doc/hook-perl> and "Changes to Python Authentication and Access Control
+Support for nnrpd" in F<doc/hook-python> for more information.
+
 =over 4
 
 =item I<allownewnews>
@@ -562,6 +541,32 @@
 closing them.  The default value is C<10> (ten seconds), which may need to
 be increased if many clients connect via slow network links.
 
+=item I<msgidcachesize>
+
+How many cache slots to reserve for Message ID to storage token
+translations.  When serving overview data to clients (NEWNEWS, XOVER
+etc.), nnrpd(8) can cache the storage token associated with a Message
+ID and save the cost of looking it up in the history file; for some
+configurations setting this parameter can save more than 90% of the
+wall clock time for a session.  The default value is 10000.
+
+=item I<nfsreader>
+
+For servers reading articles, determine whether the article spool is
+on NFS storage.  If set, INN will attempt to force articles and
+overviews to be read directly from the NFS spool rather than from
+cached copies.  You should only set this parameter if you are
+attempting to use a shared NFS spool on a machine acting a reader a
+cluster.  This is a boolean value and the default is false.
+
+=item I<nfsreaderdelay>
+
+For servers reading articles, determine whether the article spool is
+on NFS storage.  If I<nfsreader> is set, INN will use the value of
+I<nfsreaderdelay> to delay the apparent arrival time of articles to
+clients by this amount; this value should be tuned based on the NFS
+cache timeouts locally.  This default is 60 (1 minute).
+
 =item I<nnrpdcheckart>
 
 Whether B<nnrpd> should check the existence of an article before listing
@@ -573,16 +578,12 @@
 number of "article is missing" errors seen by the client.  This is a
 boolean value and the default is true.
 
-=item I<nnrpperlauth>
+=item I<nnrpdloadlimit>
 
-This parameter is now obsolete; see "Changes to Perl Authentication
-Support for nnrpd" in F<doc/hook-perl>.
+If set to a value other than C<0>, connections to nnrpd will be refused
+if the system load average is higher than this value.  The default value
+is C<16>.
 
-=item I<nnrppythonauth>
-
-This parameter is now obsolete; see "Changes to Python Authentication and
-Access Control Support for nnrpd" in F<doc/hook-python>.
-
 =item I<noreader>
 
 Normally, innd(8) will fork a copy of nnrpd(8) for all incoming
@@ -608,46 +609,14 @@
 clients listed in F<nnrpd.track> is recorded.  This is a boolean value and
 the default is false.
 
-=item I<nnrpdloadlimit>
+=item I<tradindexedmmap>
 
-If set to a value other than C<0>, connections to nnrpd will be refused
-if the system load average is higher than this value.  The default value
-is C<16>.
+Whether to attempt to mmap() tradindexed overviews articles.  Setting
+this to true will give better performance on most systems, but some
+systems have problems with mmap().  If this is set to false, overviews
+will be read into memory before being sent to readers.  This is a
+boolean value and the default is true.
 
-=item I<tlscafile>
-
-The path to a file containing certificate authority root certificates,
-used to present a trust chain to an SSL or TLS client.  This parameter is
-only used if nnrpd is built with TLS support.  There is no default value.
-
-=item I<tlscapath>
-
-The path to a directory containing certificate authority root
-certificates.  Each file in the directory should contain one CA
-certificate, and the name of the file should be the CA subject name hash
-value.  See the OpenSSL documentation for more information.  This
-parameter is only used if nnrpd is built with TLS support.  There is no
-default value.
-
-=item I<tlscertfile>
-
-The path to a file containing the server certificate to present to SSL or
-TLS clients.  This parameter is only used if nnrpd is built with TLS
-support.  The default value is I<pathnews>/lib/cert.pem.
-
-=item I<tlskeyfile>
-
-The path to a file containing the encryption key for the server
-certificate named in I<tlscertfile>.  This may be the same as
-I<tlscertfile> if, when you created the certificate, you put the key in
-the same file (if, for example, you gave the same file name to both the
-B<-out> and B<-keyout> options to C<openssl req>).  This parameter is only
-used if nnrpd is built with TLS support.  The default value is
-I<pathnews>/lib/key.pem.
-
-This file must only be readable by the news user or nnrpd will refuse to
-use it.
-
 =back
 
 INN has optional support for generating keyword information automatically
@@ -883,6 +852,47 @@
 
 =back
 
+Finally, here are the parameters used by nnrpd(8) to provide SSL and TLS
+support:
+
+=over 4
+
+=item I<tlscafile>
+
+The path to a file containing certificate authority root certificates,
+used to present a trust chain to an SSL or TLS client.  This parameter is
+only used if nnrpd is built with TLS support.  There is no default value.
+
+=item I<tlscapath>
+
+The path to a directory containing certificate authority root
+certificates.  Each file in the directory should contain one CA
+certificate, and the name of the file should be the CA subject name hash
+value.  See the OpenSSL documentation for more information.  This
+parameter is only used if nnrpd is built with TLS support.  There is no
+default value.
+
+=item I<tlscertfile>
+
+The path to a file containing the server certificate to present to SSL or
+TLS clients.  This parameter is only used if nnrpd is built with TLS
+support.  The default value is I<pathnews>/lib/cert.pem.
+
+=item I<tlskeyfile>
+
+The path to a file containing the encryption key for the server
+certificate named in I<tlscertfile>.  This may be the same as
+I<tlscertfile> if, when you created the certificate, you put the key in
+the same file (if, for example, you gave the same file name to both the
+B<-out> and B<-keyout> options to C<openssl req>).  This parameter is only
+used if nnrpd is built with TLS support.  The default value is
+I<pathnews>/lib/key.pem.
+
+This file must only be readable by the news user or nnrpd will refuse to
+use it.
+
+=back
+
 =head2 Monitoring
 
 These parameters control the behavior of innwatch(8), the program that

Modified: include/inn/innconf.h
===================================================================
--- include/inn/innconf.h	2007-09-14 22:08:45 UTC (rev 7671)
+++ include/inn/innconf.h	2007-09-15 07:24:06 UTC (rev 7672)
@@ -24,7 +24,7 @@
     char *innflags;             /* Flags to pass to innd on startup */
     char *mailcmd;              /* Command to send report/control type mail */
     char *mta;                  /* MTA for mailing to moderators, innmail */
-    char *pathhost;             /* Entry for the Path line */
+    char *pathhost;             /* Entry for the Path: line */
     char *server;               /* Default server to connect to */
 
     /* Feed Configuration */
@@ -38,7 +38,7 @@
     long linecountfuzz;         /* Check linecount and reject if off by more */
     long maxartsize;            /* Reject articles bigger than this */
     long maxconnections;        /* Max number of incoming NNTP connections */
-    char *pathalias;            /* Prepended Host for the Path line */
+    char *pathalias;            /* Prepended Host for the Path: line */
     bool pgpverify;             /* Verify control messages with pgpverify? */
     long port;                  /* Which port innd should listen on */
     bool refusecybercancels;    /* Reject message IDs with "<cancel."? */
@@ -58,13 +58,13 @@
     bool enableoverview;        /* Store overview info for articles? */
     bool groupbaseexpiry;       /* Do expiry by newsgroup? */
     bool mergetogroups;         /* Refile articles from to.* into to */
-    bool nfswriter;		/* Use NFS writer functionality */
+    bool nfswriter;             /* Use NFS writer functionality */
     long overcachesize;         /* fd size cache for tradindexed */
     char *ovgrouppat;           /* Newsgroups to store overview for */
     char *ovmethod;             /* Which overview method to use */
     bool storeonxref;           /* SMstore use Xref to detemine class? */
     bool useoverchan;           /* overchan write the overview, not innd? */
-    bool wireformat;            /* Store tradspool artilces in wire format? */
+    bool wireformat;            /* Store tradspool articles in wire format? */
     bool xrefslave;             /* Act as a slave of another server? */
 
     /* Reading */
@@ -76,7 +76,7 @@
     bool nfsreader;             /* Use NFS reader functionality */
     long nfsreaderdelay;        /* Delay applied to article arrival */
     bool nnrpdcheckart;         /* Check article existence before returning? */
-    long nnrpdloadlimit;	/* Maximum getloadvg() we allow */
+    long nnrpdloadlimit;        /* Maximum getloadvg() we allow */
     bool noreader;              /* Refuse to fork nnrpd for readers? */
     bool readerswhenstopped;    /* Allow nnrpd when server is paused */
     bool readertrack;           /* Use the reader tracking system? */
@@ -86,7 +86,7 @@
     bool keywords;              /* Generate keywords in overview? */
     long keyartlimit;           /* Max article size for keyword generation */
     long keylimit;              /* Max allocated space for keywords */
-    long keymaxwords;           /* Max count of interesting works */
+    long keymaxwords;           /* Max count of interesting words */
 
     /* Posting */
     bool addnntppostingdate;    /* Add NNTP-Posting-Date: to posts */
@@ -102,12 +102,6 @@
     char *organization;         /* Data for the Organization: header */
     bool spoolfirst;            /* Spool all posted articles? */
     bool strippostcc;           /* Strip To:, Cc: and Bcc: from posts */
-#ifdef HAVE_SSL
-    char *tlscafile;            /* Path to a certificate authority file */
-    char *tlscapath;            /* Path to a directory of CA certificates */
-    char *tlscertfile;          /* Path to the SSL certificate to use */
-    char *tlskeyfile;           /* Path to the key for the certificate */
-#endif /* HAVE_SSL */
 
     /* Posting -- Exponential Backoff */
     bool backoffauth;           /* Backoff by user, not IP address */
@@ -117,6 +111,14 @@
     long backoffpostslow;       /* Lower time limit for slow posting */
     long backofftrigger;        /* Number of postings before triggered */
 
+    /* Reading and posting -- SSL and TLS support */
+#ifdef HAVE_SSL
+    char *tlscafile;            /* Path to a certificate authority file */
+    char *tlscapath;            /* Path to a directory of CA certificates */
+    char *tlscertfile;          /* Path to the SSL certificate to use */
+    char *tlskeyfile;           /* Path to the key for the certificate */
+#endif /* HAVE_SSL */
+
     /* Monitoring */
     bool doinnwatch;            /* Start innwatch from rc.news? */
     long innwatchbatchspace;    /* Minimum free space in pathoutgoing */
@@ -140,16 +142,18 @@
     long nntpactsync;           /* Checkpoint log after this many articles */
     bool nntplinklog;           /* Put storage token into the log? */
     long status;                /* Status file update interval */
+    char *stathist;             /* Filename for history profiler outputs */
     long timer;                 /* Performance monitoring interval */
-    char *stathist;		/* Filename for history profiler outputs */
 
     /* System Tuning */
     long badiocount;            /* Failure count before dropping channel */
     long blockbackoff;          /* Multiplier for sleep in EAGAIN writes */
     long chaninacttime;         /* Wait before noticing inactive channels */
     long chanretrytime;         /* How long before channel restarts */
+    long datamovethreshold;     /* Threshold to extend buffer or move data */
     long icdsynccount;          /* Articles between active & history updates */
     long keepmmappedthreshold;  /* Threshold for keeping mmap in buffindexed */
+    long maxcmdreadsize;        /* Max NNTP command read size used by innd */
     long maxforks;              /* Give up after this many fork failure */
     long nicekids;              /* Child processes get niced to this */
     long nicenewnews;           /* If NEWNEWS command is used, nice to this */
@@ -157,13 +161,11 @@
     long pauseretrytime;        /* Seconds before seeing if pause is ended */
     long peertimeout;           /* How long peers can be inactive */
     long rlimitnofile;          /* File descriptor limit to set */
-    long maxcmdreadsize;        /* max NNTP command read size used by innd */
-    long datamovethreshold;     /* threshold no to extend buffer for ever */
 
     /* Paths */
-    char *patharchive;          /* Archived news. */
-    char *patharticles;         /* Articles. */
-    char *pathbin;              /* News binaries. */
+    char *patharchive;          /* Archived news */
+    char *patharticles;         /* Articles */
+    char *pathbin;              /* News binaries */
     char *pathcontrol;          /* Path to control message handlers */
     char *pathdb;               /* News database files */
     char *pathetc;              /* News configuration files */

Modified: samples/inn.conf.in
===================================================================
--- samples/inn.conf.in	2007-09-14 22:08:45 UTC (rev 7671)
+++ samples/inn.conf.in	2007-09-15 07:24:06 UTC (rev 7672)
@@ -83,10 +83,6 @@
 noreader:               false
 readerswhenstopped:     false
 readertrack:            false
-#tlscafile:
-#tlscapath:
-#tlscertfile:           @libdir@/cert.pem
-#tlskeyfile:            @libdir@/key.pem 
 tradindexedmmap:        true
 
 # Reading -- Keyword Support
@@ -124,6 +120,13 @@
 backoffpostslow:        1
 backofftrigger:         10000
 
+# Reading and posting -- SSL and TLS support
+
+#tlscafile:
+#tlscapath:
+#tlscertfile:           @libdir@/cert.pem
+#tlskeyfile:            @libdir@/key.pem
+
 # Monitoring
 
 doinnwatch:             true



More information about the inn-committers mailing list