debian: converge packaging between authentic2 and -multitenant packages (#42305)
* remove db-config usage * renanme authentic2-ctl to authentic2-manage * add systemd service file for authentic2 standalone package * add a force-reload synonym for restart (to comply with lintian) * remove creation of /var/run/$NAME in .postinst and .dirs * usr %p template variable to name RuntimeDirectory in systemd service file * add a /var/lib/authentic2/locale directory to authentic2.dirs * use a WORKERS variable set to 4 in authentic2.init * remove -R flag to chown when setting user rights on /var/lib/authentic2 (to comply with lintian) * add handling of configuration files in /etc/authentic2/settings.d/ * use pybuild instead of python_distutils in rules * fix check on DEFAULT_FROM_EMAIL * rename user from authentic to authentic2
This commit is contained in:
parent
4382dcd634
commit
57d88538f8
|
@ -1,27 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
export AUTHENTIC2_SETTINGS_FILE=/usr/share/authentic2/debian_config.py
|
||||
|
||||
if [ "$(whoami)" != "authentic" ]; then
|
||||
if which sudo >/dev/null; then
|
||||
if sudo -v -u authentic; then
|
||||
sudo -u authentic authentic2-ctl "$@"
|
||||
exit $?
|
||||
fi
|
||||
echo "You must run this script with authentic user"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f /etc/default/authentic2 ]; then
|
||||
. /etc/default/authentic2
|
||||
fi
|
||||
|
||||
if [ -f /etc/authentic2/db.conf ]; then
|
||||
. /etc/authentic2/db.conf
|
||||
fi
|
||||
if [ -f /etc/authentic2/authentic.conf ]; then
|
||||
. /etc/authentic2/authentic.conf
|
||||
fi
|
||||
|
||||
/usr/lib/authentic2/manage.py "$@"
|
|
@ -0,0 +1,31 @@
|
|||
#!/bin/sh
|
||||
|
||||
NAME="authentic2"
|
||||
MANAGE="/usr/lib/authentic2/manage.py"
|
||||
USER=authentic2
|
||||
|
||||
export AUTHENTIC2_SETTINGS_FILE=/usr/lib/authentic2/debian_config.py
|
||||
|
||||
if [ "$(whoami)" != "$USER" ]; then
|
||||
if which sudo >/dev/null; then
|
||||
if sudo -v -u "$USER"; then
|
||||
sudo -u "$USER" authentic2-manage "$@"
|
||||
exit $?
|
||||
fi
|
||||
echo "You must run this script with $USER user"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -f /etc/default/authentic2 ]; then
|
||||
. /etc/default/authentic2
|
||||
fi
|
||||
|
||||
if [ -f /etc/authentic2/db.conf ]; then
|
||||
. /etc/authentic2/db.conf
|
||||
fi
|
||||
if [ -f /etc/authentic2/authentic.conf ]; then
|
||||
. /etc/authentic2/authentic.conf
|
||||
fi
|
||||
|
||||
python ${MANAGE} "$@"
|
|
@ -6,5 +6,4 @@ var/lib/authentic2-multitenant/static
|
|||
var/lib/authentic2-multitenant/collectstatic
|
||||
var/lib/authentic2-multitenant/locale
|
||||
var/lib/authentic2-multitenant/templates
|
||||
var/run/authentic2-multitenant
|
||||
var/log/authentic2-multitenant
|
||||
|
|
|
@ -163,7 +163,7 @@ case "$1" in
|
|||
do_migrate && do_collectstatic
|
||||
log_end_msg $?
|
||||
;;
|
||||
restart)
|
||||
restart|force-reload)
|
||||
#
|
||||
# If the "reload" option is implemented then remove the
|
||||
# 'force-reload' alias
|
||||
|
|
|
@ -36,7 +36,6 @@ case "$1" in
|
|||
fi
|
||||
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_HOME/tenants \
|
||||
/var/lib/$NAME/collectstatic \
|
||||
/var/run/$NAME \
|
||||
/var/log/$NAME
|
||||
/etc/init.d/$NAME update
|
||||
;;
|
||||
|
|
|
@ -21,7 +21,7 @@ ExecReload=/bin/kill -HUP $MAINPID
|
|||
TimeoutStartSec=0
|
||||
PrivateTmp=true
|
||||
Restart=on-failure
|
||||
RuntimeDirectory=authentic2-multitenant
|
||||
RuntimeDirectory=%p
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
#!/bin/sh
|
||||
# config maintainer script for foo-pgsql
|
||||
|
||||
set -e
|
||||
|
||||
# source debconf stuff
|
||||
. /usr/share/debconf/confmodule
|
||||
# source dbconfig-common shell library, and call the hook function
|
||||
if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then
|
||||
. /usr/share/dbconfig-common/dpkg/config.pgsql
|
||||
dbc_go authentic2 $@
|
||||
fi
|
||||
|
||||
#DEBHELPER#
|
|
@ -1,7 +1,7 @@
|
|||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
MAILTO=root
|
||||
|
||||
0 * * * * authentic authentic2-ctl clearsessions
|
||||
5 * * * * authentic authentic2-ctl cleanupauthentic
|
||||
10 * * * * authentic authentic2-ctl sync-ldap-users
|
||||
0 * * * * authentic2 authentic2-manage clearsessions
|
||||
5 * * * * authentic2 authentic2-manage cleanupauthentic
|
||||
10 * * * * authentic2 authentic2-manage sync-ldap-users
|
||||
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
etc/authentic2
|
||||
usr/share/dbconfig-common/scripts/authentic2/install
|
||||
etc/authentic2/settings.d
|
||||
usr/lib/authentic2
|
||||
var/lib/authentic2/media
|
||||
var/lib/authentic2/static
|
||||
var/lib/authentic2/collectstatic
|
||||
var/lib/authentic2/locale
|
||||
var/lib/authentic2/templates
|
||||
var/run/authentic2
|
||||
var/log/authentic2
|
||||
|
|
|
@ -22,12 +22,14 @@ CACHE_DIR=/var/cache/$NAME
|
|||
LOG_DIR=/var/log/$NAME
|
||||
PIDFILE=$PID_DIR/$NAME.pid
|
||||
SCRIPTNAME=/etc/init.d/$NAME
|
||||
MANAGE_SCRIPT=/usr/bin/$NAME-ctl
|
||||
BIND=unix:$PID_DIR/$NAME.sock
|
||||
AUTHENTIC2_SETTINGS_FILE=/usr/share/$NAME/debian_config.py
|
||||
WORKERS=4
|
||||
|
||||
USER=authentic
|
||||
GROUP=authentic
|
||||
export AUTHENTIC2_SETTINGS_FILE=/usr/share/$NAME/debian_config.py
|
||||
MANAGE_SCRIPT=/usr/bin/$NAME-manage
|
||||
|
||||
USER=authentic2
|
||||
GROUP=authentic2
|
||||
|
||||
# Exit if the package is not installed
|
||||
[ -x $DAEMON ] || exit 0
|
||||
|
@ -41,19 +43,11 @@ DAEMON_ARGS="--pid $PIDFILE \
|
|||
--access-logfile $LOG_DIR/gunicorn-access.log \
|
||||
--log-file $LOG_DIR/gunicorn-error.log \
|
||||
--bind=$BIND \
|
||||
--workers=10 \
|
||||
--workers=$WORKERS \
|
||||
--worker-class=sync \
|
||||
--timeout=60 \
|
||||
authentic2.wsgi:application"
|
||||
|
||||
# Load config
|
||||
if [ -f /etc/authentic2/db.conf ]; then
|
||||
. /etc/authentic2/db.conf
|
||||
fi
|
||||
if [ -f /etc/authentic2/authentic.conf ]; then
|
||||
. /etc/authentic2/authentic.conf
|
||||
fi
|
||||
|
||||
# Load the VERBOSE setting and other rcS variables
|
||||
. /lib/init/vars.sh
|
||||
|
||||
|
@ -71,6 +65,21 @@ if [ ! -d $CACHE_DIR ]; then
|
|||
install -d -m 755 -o $USER -g $GROUP $CACHE_DIR
|
||||
fi
|
||||
|
||||
# Load old authentic configuration
|
||||
if [ -f /etc/authentic2/db.conf ]; then
|
||||
. /etc/authentic2/db.conf
|
||||
fi
|
||||
if [ -f /etc/authentic2/authentic.conf ]; then
|
||||
. /etc/authentic2/authentic.conf
|
||||
fi
|
||||
|
||||
# Function collecting static files
|
||||
do_collectstatic() {
|
||||
log_action_msg "Collect static files.."
|
||||
su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT collectstatic -l --noinput"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
||||
#
|
||||
# Function that starts the daemon/service
|
||||
#
|
||||
|
@ -129,22 +138,10 @@ do_reload() {
|
|||
|
||||
do_migrate() {
|
||||
log_action_msg "Applying new migrations .."
|
||||
VERSION=`dpkg-query --show --showformat '${Version}' python-django`
|
||||
if dpkg --compare-versions $VERSION lt 1.7; then
|
||||
su $USER -p -c "$MANAGE_SCRIPT syncdb --migrate --noinput"
|
||||
else
|
||||
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput"
|
||||
fi
|
||||
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
||||
do_collectstatic() {
|
||||
log_action_msg "Collecting static files .."
|
||||
su $USER -p -c "$MANAGE_SCRIPT collectstatic -l --noinput"
|
||||
log_action_msg ".. done"
|
||||
}
|
||||
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
log_daemon_msg "Starting $DESC " "$NAME"
|
||||
|
@ -177,7 +174,7 @@ case "$1" in
|
|||
do_migrate && do_collectstatic
|
||||
log_end_msg $?
|
||||
;;
|
||||
restart)
|
||||
restart|force-reload)
|
||||
log_daemon_msg "Restarting $DESC" "$NAME"
|
||||
do_stop
|
||||
case "$?" in
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
debian/conf/authentic.conf /etc/authentic2
|
||||
debian/conf/nginx-example.conf /etc/authentic2
|
||||
debian/sql/db.conf /usr/share/authentic2/templates
|
||||
debian/authentic2-ctl /usr/bin
|
||||
debian/debian_config.py /usr/share/authentic2
|
||||
debian/authentic2-manage /usr/bin
|
||||
debian/conf/nginx-example.conf /usr/share/authentic2
|
||||
debian/debian_config.py /usr/lib/authentic2
|
||||
|
|
|
@ -6,8 +6,10 @@
|
|||
set -e
|
||||
|
||||
NAME=authentic2
|
||||
AUTHENTIC_USER=authentic
|
||||
AUTHENTIC_GROUP=authentic
|
||||
OLD_AUTHENTIC_USER=authentic
|
||||
OLD_AUTHENTIC_GROUP=authentic
|
||||
AUTHENTIC_USER=authentic2
|
||||
AUTHENTIC_GROUP=authentic2
|
||||
AUTHENTIC_HOME=/var/lib/authentic2
|
||||
AUTHENTIC_SECRET_KEY="$AUTHENTIC_HOME/secret_key"
|
||||
|
||||
|
@ -17,17 +19,30 @@ AUTHENTIC_SECRET_KEY="$AUTHENTIC_HOME/secret_key"
|
|||
case "$1" in
|
||||
configure)
|
||||
if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then
|
||||
echo -n "Adding group $AUTHENTIC_GROUP.." >&2
|
||||
addgroup --quiet --system $AUTHENTIC_GROUP
|
||||
echo "..done" >&2
|
||||
if getent group $OLD_AUTHENTIC_GROUP >/dev/null 2>&1; then
|
||||
echo -n "Renaming group $OLD_AUTHENTIC_GROUP to $AUTHENTIC_GROUP.." >&2
|
||||
groupmod -n $AUTHENTIC_GROUP $OLD_AUTHENTIC_GROUP
|
||||
echo "..done" >&2
|
||||
else
|
||||
echo -n "Adding group $AUTHENTIC_GROUP.." >&2
|
||||
addgroup --quiet --system $AUTHENTIC_GROUP
|
||||
echo "..done" >&2
|
||||
fi
|
||||
fi
|
||||
if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then
|
||||
echo -n "Adding user $AUTHENTIC_USER.." >&2
|
||||
adduser --quiet --system --gecos "Authentic2 daemon" \
|
||||
--ingroup $AUTHENTIC_GROUP \
|
||||
--no-create-home --home $AUTHENTIC_HOME \
|
||||
$AUTHENTIC_USER
|
||||
echo "..done" >&2
|
||||
if getent passwd $OLD_AUTHENTIC_USER >/dev/null 2>&1; then
|
||||
echo -n "Renaming user $OLD_AUTHENTIC_USER to $AUTHENTIC_USER.." >&2
|
||||
usermod -l $AUTHENTIC_USER $OLD_AUTHENTIC_USER
|
||||
echo "..done" >&2
|
||||
else
|
||||
echo -n "Adding user $AUTHENTIC_USER.." >&2
|
||||
adduser --quiet --system --gecos "Authentic2 daemon" \
|
||||
--ingroup $AUTHENTIC_GROUP \
|
||||
--no-create-home --home $AUTHENTIC_HOME \
|
||||
$AUTHENTIC_USER
|
||||
echo "..done" >&2
|
||||
echo "If you currently use a local postgres database with UNIX security, please rename the postgresql user."
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ ! -f $AUTHENTIC_SECRET_KEY ]; then
|
||||
|
@ -35,12 +50,14 @@ case "$1" in
|
|||
echo -n "Converting storage of the secret key.." >&2
|
||||
. /etc/$NAME/secret
|
||||
echo -n "$SECRET_KEY" >"$AUTHENTIC_SECRET_KEY"
|
||||
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_SECRET_KEY
|
||||
rm /etc/$NAME/secret
|
||||
echo "..done" >&2
|
||||
else
|
||||
echo -n "Generating a secret key.." >&2
|
||||
echo -n "`</dev/urandom tr -dc [:alnum:]-_\!\%\^:\; | head -c70`" > "$AUTHENTIC_SECRET_KEY"
|
||||
chmod 0600 $AUTHENTIC_SECRET_KEY
|
||||
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_SECRET_KEY
|
||||
echo "..done" >&2
|
||||
fi
|
||||
fi
|
||||
|
@ -65,19 +82,6 @@ case "$1" in
|
|||
/etc/authentic2/authentic.conf >&2
|
||||
fi
|
||||
|
||||
chown -R $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2/
|
||||
|
||||
# source dbconfig-common shell library, and call the hook function
|
||||
if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then
|
||||
. /usr/share/dbconfig-common/dpkg/postinst.pgsql
|
||||
dbc_generate_include="template:/etc/authentic2/db.conf"
|
||||
dbc_generate_include_args="-o template_infile=/usr/share/authentic2/templates/db.conf -U"
|
||||
dbc_generate_include_owner="root:authentic"
|
||||
dbc_generate_include_perms="640"
|
||||
dbc_pgsql_createdb_encoding="UTF8"
|
||||
dbc_go authentic2 $@
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/authentic2/cert.pem -a ! -f /etc/authentic2/key.pem ]; then
|
||||
echo -n "Generating key material..." >&2
|
||||
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out /etc/authentic2/key.pem >&2
|
||||
|
@ -86,6 +90,16 @@ case "$1" in
|
|||
chmod 640 /etc/authentic2/cert.pem /etc/authentic2/key.pem
|
||||
echo "..done" >&2
|
||||
fi
|
||||
|
||||
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP \
|
||||
$AUTHENTIC_HOME \
|
||||
$AUTHENTIC_HOME/static \
|
||||
$AUTHENTIC_HOME/collectstatic \
|
||||
$AUTHENTIC_HOME/locale \
|
||||
$AUTHENTIC_HOME/media \
|
||||
$AUTHENTIC_HOME/templates \
|
||||
/var/log/$NAME \
|
||||
|
||||
/etc/init.d/$NAME update
|
||||
;;
|
||||
|
||||
|
|
|
@ -6,7 +6,8 @@
|
|||
set -e
|
||||
|
||||
case "$1" in purge)
|
||||
deluser --quiet --system authentic > /dev/null || true
|
||||
deluser --quiet --system authentic2 >/dev/null || true
|
||||
delgroup --quiet --system authentic2 >/dev/null || true
|
||||
rm -f /etc/authentic2/secret
|
||||
rm -rf /var/lib/authentic2/static/*
|
||||
# source debconf stuff
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
[Unit]
|
||||
Description=Authentic 2
|
||||
After=network.target postgresql.service
|
||||
Wants=postgresql.service
|
||||
|
||||
[Service]
|
||||
Environment=AUTHENTIC2_SETTINGS_FILE=/usr/lib/%p/debian_config.py
|
||||
Environment=LANG=C.UTF-8
|
||||
User=authentic2
|
||||
Group=authentic2
|
||||
ExecStartPre=/usr/bin/authentic2-manage migrate --noinput
|
||||
ExecStartPre=/usr/bin/authentic2-manage collectstatic --noinput
|
||||
ExecStart=python2 -m gunicorn.app.wsgiapp \
|
||||
--bind unix:/run/%p/%p.sock \
|
||||
--worker-class=sync \
|
||||
--workers 5 \
|
||||
--timeout=60 \
|
||||
--name %p \
|
||||
authentic2.wsgi:application
|
||||
ExecReload=/bin/kill -HUP $MAINPID
|
||||
TimeoutStartSec=0
|
||||
PrivateTmp=true
|
||||
Restart=on-failure
|
||||
RuntimeDirectory=%p
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
|
@ -1 +1 @@
|
|||
9
|
||||
10
|
||||
|
|
|
@ -1,12 +1,11 @@
|
|||
Source: authentic2
|
||||
Section: python
|
||||
Priority: optional
|
||||
Maintainer: Jerome Schneider <jschneider@entrouvert.com>
|
||||
Maintainer: Benjamin Dauvergne <bdauvergne@entrouvert.com>
|
||||
Build-Depends-Indep: python-all-dev (>= 2.6)
|
||||
Build-Depends: debhelper (>= 9.0), python-setuptools, python-django (>= 1.5), dh-python, dh-systemd
|
||||
Standards-Version: 3.8.3
|
||||
Homepage: http://authentic.labs.libre-entreprise.org
|
||||
X-Python-Version: >= 2.7
|
||||
Build-Depends: debhelper (>= 9.0), python-setuptools, python-django (>= 1:1.11), dh-python, dh-systemd
|
||||
Standards-Version: 3.9.6
|
||||
Homepage: http://dev.entrouvert.org/projects/authentic/
|
||||
|
||||
Package: python-authentic2
|
||||
Architecture: all
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
import glob
|
||||
import os
|
||||
import warnings
|
||||
from authentic2 import logger
|
||||
|
||||
ETC_DIR = '/etc/authentic2/'
|
||||
|
||||
# Add the XForwardedForMiddleware
|
||||
MIDDLEWARE = ('authentic2.middleware.XForwardedForMiddleware',) + MIDDLEWARE
|
||||
|
@ -118,7 +120,6 @@ LOGGING = {
|
|||
|
||||
# Old settings method
|
||||
def extract_settings_from_environ():
|
||||
import os
|
||||
import json
|
||||
from django.core.exceptions import ImproperlyConfigured
|
||||
global MANAGERS, DATABASES, SENTRY_TRANSPORT, SENTRY_DSN, INSTALLED_APPS, \
|
||||
|
@ -296,6 +297,9 @@ if os.path.exists(CONFIG_FILE):
|
|||
with open(CONFIG_FILE) as fd:
|
||||
exec(fd.read())
|
||||
|
||||
# Warn if DEFAULT_FROM_EMAIL is the default value
|
||||
if DEFAULT_FROM_EMAIL == 'webmaster@localhost':
|
||||
for filename in sorted(glob.glob(os.path.join(ETC_DIR, 'settings.d', '*.py'))):
|
||||
exec(open(filename).read())
|
||||
|
||||
# Warn if DEFAULT_FROM_EMAIL is absent
|
||||
if not locals().get('DEFAULT_FROM_EMAIL'):
|
||||
warnings.warn('DEFAULT_FROM_EMAIL must be customized')
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
usr/lib/
|
|
@ -1,12 +1,11 @@
|
|||
#!/usr/bin/make -f
|
||||
|
||||
authentic2=$(CURDIR)/debian/authentic2
|
||||
pythonauthentic2=$(CURDIR)/debian/python-authentic2
|
||||
export PYBUILD_NAME=authentic2
|
||||
export PYBUILD_DISABLE=test
|
||||
|
||||
%:
|
||||
dh $@ --with python2,systemd
|
||||
dh $@ --with python2,systemd --buildsystem=pybuild
|
||||
|
||||
override_dh_install:
|
||||
dh_install
|
||||
mv $(CURDIR)/debian/tmp/usr/bin/authentic2-ctl $(pythonauthentic2)/usr/lib/authentic2/manage.py
|
||||
|
||||
mv $(CURDIR)/debian/python-authentic2/usr/bin/authentic2-ctl $(CURDIR)/debian/python-authentic2/usr/lib/authentic2/manage.py
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
export DATABASE_ENGINE='django.db.backends.postgresql_psycopg2'
|
||||
export DATABASE_NAME='_DBC_DBNAME_'
|
||||
export DATABASE_USER='_DBC_DBUSER_'
|
||||
export DATABASE_PASSWORD='_DBC_DBPASS_'
|
||||
export DATABASE_HOST='localhost'
|
Loading…
Reference in New Issue