From c9440800df4e27dc709cf2b82bac885263472b71 Mon Sep 17 00:00:00 2001
From: Sebastian Kippe <sebastian@kip.pe>
Date: Sun, 30 Aug 2020 17:48:52 +0200
Subject: [PATCH] Update vendored cookbooks for mediawiki

---
 cookbooks/composer/LICENSE                    | 21 ++++++
 cookbooks/mysql/metadata.rb                   | 20 ++++++
 .../apparmor/ubuntu-14.04/usr.sbin.mysqld.erb | 47 +++++++++++++
 .../apparmor/ubuntu-16.04/usr.sbin.mysqld.erb | 68 +++++++++++++++++++
 .../apparmor/ubuntu-18.04/usr.sbin.mysqld.erb | 68 +++++++++++++++++++
 cookbooks/php/metadata.rb                     | 19 ++++++
 6 files changed, 243 insertions(+)
 create mode 100644 cookbooks/composer/LICENSE
 create mode 100644 cookbooks/mysql/metadata.rb
 create mode 100644 cookbooks/mysql/templates/default/apparmor/ubuntu-14.04/usr.sbin.mysqld.erb
 create mode 100644 cookbooks/mysql/templates/default/apparmor/ubuntu-16.04/usr.sbin.mysqld.erb
 create mode 100644 cookbooks/mysql/templates/default/apparmor/ubuntu-18.04/usr.sbin.mysqld.erb
 create mode 100644 cookbooks/php/metadata.rb

diff --git a/cookbooks/composer/LICENSE b/cookbooks/composer/LICENSE
new file mode 100644
index 0000000..fb1d16c
--- /dev/null
+++ b/cookbooks/composer/LICENSE
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2012-2017 David Joos
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
diff --git a/cookbooks/mysql/metadata.rb b/cookbooks/mysql/metadata.rb
new file mode 100644
index 0000000..78a50fc
--- /dev/null
+++ b/cookbooks/mysql/metadata.rb
@@ -0,0 +1,20 @@
+name              'mysql'
+maintainer        'Sous Chefs'
+maintainer_email  'help@sous-chefs.org'
+license           'Apache-2.0'
+description       'Provides mysql_service, mysql_config, and mysql_client resources'
+source_url        'https://github.com/sous-chefs/mysql'
+issues_url        'https://github.com/sous-chefs/mysql/issues'
+chef_version      '>= 12.7'
+version           '8.7.3'
+
+%w(redhat centos scientific oracle).each do |el|
+  supports el, '>= 6.0'
+end
+
+supports 'amazon'
+supports 'fedora'
+supports 'debian', '>= 7.0'
+supports 'ubuntu', '>= 14.04'
+supports 'opensuseleap'
+supports 'suse', '>= 12.0'
diff --git a/cookbooks/mysql/templates/default/apparmor/ubuntu-14.04/usr.sbin.mysqld.erb b/cookbooks/mysql/templates/default/apparmor/ubuntu-14.04/usr.sbin.mysqld.erb
new file mode 100644
index 0000000..19ddbf5
--- /dev/null
+++ b/cookbooks/mysql/templates/default/apparmor/ubuntu-14.04/usr.sbin.mysqld.erb
@@ -0,0 +1,47 @@
+# vim:syntax=apparmor
+# Last Modified: Tue Jun 19 17:37:30 2007
+#include <tunables/global>
+
+/usr/sbin/mysqld {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+  #include <abstractions/mysql>
+  #include <abstractions/winbind>
+
+  capability dac_override,
+  capability sys_resource,
+  capability setgid,
+  capability setuid,
+
+  network tcp,
+
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+
+  /etc/mysql/*.pem r,
+  /etc/mysql/conf.d/ r,
+  /etc/mysql/conf.d/* r,
+  /etc/mysql/*.cnf r,
+  /usr/lib/mysql/plugin/ r,
+  /usr/lib/mysql/plugin/*.so* mr,
+  /usr/sbin/mysqld mr,
+  /usr/share/mysql/** r,
+  /var/log/mysql.log rw,
+  /var/log/mysql.err rw,
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwk,
+  /var/log/mysql/ r,
+  /var/log/mysql/* rw,
+  /var/run/mysqld/mysqld.pid rw,
+  /var/run/mysqld/mysqld.sock w,
+  /var/run/mysqld/mysqld.sock.lock rw,
+  /run/mysqld/mysqld.pid rw,
+  /run/mysqld/mysqld.sock w,
+  /run/mysqld/mysqld.sock.lock rw,
+
+  /sys/devices/system/cpu/ r,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.mysqld>
+}
diff --git a/cookbooks/mysql/templates/default/apparmor/ubuntu-16.04/usr.sbin.mysqld.erb b/cookbooks/mysql/templates/default/apparmor/ubuntu-16.04/usr.sbin.mysqld.erb
new file mode 100644
index 0000000..2619e7d
--- /dev/null
+++ b/cookbooks/mysql/templates/default/apparmor/ubuntu-16.04/usr.sbin.mysqld.erb
@@ -0,0 +1,68 @@
+# vim:syntax=apparmor
+# Last Modified: Tue Feb 09 15:28:30 2016
+#include <tunables/global>
+
+/usr/sbin/mysqld {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+  #include <abstractions/mysql>
+  #include <abstractions/winbind>
+
+# Allow system resource access
+  /sys/devices/system/cpu/ r,
+  capability sys_resource,
+  capability dac_override,
+  capability setuid,
+  capability setgid,
+
+# Allow network access
+  network tcp,
+
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+
+# Allow config access
+  /etc/mysql/** r,
+
+# Allow pid, socket, socket lock file access
+  /var/run/mysqld/mysqld.pid rw,
+  /var/run/mysqld/mysqld.sock rw,
+  /var/run/mysqld/mysqld.sock.lock rw,
+  /run/mysqld/mysqld.pid rw,
+  /run/mysqld/mysqld.sock rw,
+  /run/mysqld/mysqld.sock.lock rw,
+
+# Allow execution of server binary
+  /usr/sbin/mysqld mr,
+  /usr/sbin/mysqld-debug mr,
+
+# Allow plugin access
+  /usr/lib/mysql/plugin/ r,
+  /usr/lib/mysql/plugin/*.so* mr,
+
+# Allow error msg and charset access
+  /usr/share/mysql/ r,
+  /usr/share/mysql/** r,
+
+# Allow data dir access
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwk,
+
+# Allow data files dir access
+  /var/lib/mysql-files/ r,
+  /var/lib/mysql-files/** rwk,
+
+# Allow keyring dir access
+  /var/lib/mysql-keyring/ r,
+  /var/lib/mysql-keyring/** rwk,
+
+# Allow log file access
+  /var/log/mysql.err rw,
+  /var/log/mysql.log rw,
+  /var/log/mysql/ r,
+  /var/log/mysql/** rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.mysqld>
+}
diff --git a/cookbooks/mysql/templates/default/apparmor/ubuntu-18.04/usr.sbin.mysqld.erb b/cookbooks/mysql/templates/default/apparmor/ubuntu-18.04/usr.sbin.mysqld.erb
new file mode 100644
index 0000000..2619e7d
--- /dev/null
+++ b/cookbooks/mysql/templates/default/apparmor/ubuntu-18.04/usr.sbin.mysqld.erb
@@ -0,0 +1,68 @@
+# vim:syntax=apparmor
+# Last Modified: Tue Feb 09 15:28:30 2016
+#include <tunables/global>
+
+/usr/sbin/mysqld {
+  #include <abstractions/base>
+  #include <abstractions/nameservice>
+  #include <abstractions/user-tmp>
+  #include <abstractions/mysql>
+  #include <abstractions/winbind>
+
+# Allow system resource access
+  /sys/devices/system/cpu/ r,
+  capability sys_resource,
+  capability dac_override,
+  capability setuid,
+  capability setgid,
+
+# Allow network access
+  network tcp,
+
+  /etc/hosts.allow r,
+  /etc/hosts.deny r,
+
+# Allow config access
+  /etc/mysql/** r,
+
+# Allow pid, socket, socket lock file access
+  /var/run/mysqld/mysqld.pid rw,
+  /var/run/mysqld/mysqld.sock rw,
+  /var/run/mysqld/mysqld.sock.lock rw,
+  /run/mysqld/mysqld.pid rw,
+  /run/mysqld/mysqld.sock rw,
+  /run/mysqld/mysqld.sock.lock rw,
+
+# Allow execution of server binary
+  /usr/sbin/mysqld mr,
+  /usr/sbin/mysqld-debug mr,
+
+# Allow plugin access
+  /usr/lib/mysql/plugin/ r,
+  /usr/lib/mysql/plugin/*.so* mr,
+
+# Allow error msg and charset access
+  /usr/share/mysql/ r,
+  /usr/share/mysql/** r,
+
+# Allow data dir access
+  /var/lib/mysql/ r,
+  /var/lib/mysql/** rwk,
+
+# Allow data files dir access
+  /var/lib/mysql-files/ r,
+  /var/lib/mysql-files/** rwk,
+
+# Allow keyring dir access
+  /var/lib/mysql-keyring/ r,
+  /var/lib/mysql-keyring/** rwk,
+
+# Allow log file access
+  /var/log/mysql.err rw,
+  /var/log/mysql.log rw,
+  /var/log/mysql/ r,
+  /var/log/mysql/** rw,
+
+  # Site-specific additions and overrides. See local/README for details.
+  #include <local/usr.sbin.mysqld>
+}
diff --git a/cookbooks/php/metadata.rb b/cookbooks/php/metadata.rb
new file mode 100644
index 0000000..112a8c9
--- /dev/null
+++ b/cookbooks/php/metadata.rb
@@ -0,0 +1,19 @@
+name 'php'
+maintainer 'Sous Chefs'
+maintainer_email 'help@sous-chefs.org'
+license 'Apache-2.0'
+description 'Installs and maintains php and php modules'
+source_url 'https://github.com/sous-chefs/php'
+issues_url 'https://github.com/sous-chefs/php/issues'
+chef_version '>= 14.0'
+version '8.0.0'
+
+depends 'yum-epel'
+
+supports 'amazon', '>= 2.0'
+supports 'centos', '>= 7.0'
+supports 'debian', '>= 9.0'
+supports 'oracle', '>= 7.0'
+supports 'redhat', '>= 7.0'
+supports 'scientific', '>= 7.0'
+supports 'ubuntu', '>= 16.04'