diff --git a/debian-wheezy/README.Debian b/debian-wheezy/README.Debian deleted file mode 100644 index 8f0358392..000000000 --- a/debian-wheezy/README.Debian +++ /dev/null @@ -1,4 +0,0 @@ -Setting up an Authentic server -============================== - -Go to /etc/authentic2/authentic.conf to configure authentic. diff --git a/debian-wheezy/README.source b/debian-wheezy/README.source deleted file mode 100644 index 51d3bced9..000000000 --- a/debian-wheezy/README.source +++ /dev/null @@ -1,6 +0,0 @@ -This package uses quilt to patch the upstream source. - -You can find some info on how to generate the patched source, add a new -modification, and remove an existing modification on: - /usr/share/doc/quilt/README.source - diff --git a/debian-wheezy/authentic2-ctl b/debian-wheezy/authentic2-ctl deleted file mode 100644 index 0143c13cf..000000000 --- a/debian-wheezy/authentic2-ctl +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -export AUTHENTIC2_SETTINGS_FILE=/usr/share/authentic2/debian_config.py - -if [ "$(whoami)" != "authentic" ]; then - if which sudo >/dev/null; then - if sudo -v -u authentic; then - sudo -u authentic authentic2-ctl "$@" - exit $? - fi - echo "You must run this script with authentic user" - exit 1 - fi -fi - -if [ -f /etc/default/authentic2 ]; then - . /etc/default/authentic2 -fi - -if [ -f /etc/authentic2/db.conf ]; then - . /etc/authentic2/db.conf -fi -if [ -f /etc/authentic2/authentic.conf ]; then - . /etc/authentic2/authentic.conf -fi - -/usr/lib/authentic2/manage.py "$@" diff --git a/debian-wheezy/authentic2-multitenant.cron.d b/debian-wheezy/authentic2-multitenant.cron.d deleted file mode 100644 index b6a6f8a83..000000000 --- a/debian-wheezy/authentic2-multitenant.cron.d +++ /dev/null @@ -1,6 +0,0 @@ -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root - -0 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command clearsessions --all-tenants -5 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command cleanupauthentic --all-tenants -10 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command sync-ldap-users --all-tenants diff --git a/debian-wheezy/authentic2-multitenant.cron.hourly b/debian-wheezy/authentic2-multitenant.cron.hourly deleted file mode 100644 index c52d3c26b..000000000 --- a/debian-wheezy/authentic2-multitenant.cron.hourly +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exit 0 diff --git a/debian-wheezy/authentic2-multitenant.dirs b/debian-wheezy/authentic2-multitenant.dirs deleted file mode 100644 index c05b015b2..000000000 --- a/debian-wheezy/authentic2-multitenant.dirs +++ /dev/null @@ -1,10 +0,0 @@ -etc/authentic2-multitenant -etc/authentic2-multitenant/settings.d -usr/lib/authentic2-multitenant -var/lib/authentic2-multitenant/tenants -var/lib/authentic2-multitenant/static -var/lib/authentic2-multitenant/collectstatic -var/lib/authentic2-multitenant/locale -var/lib/authentic2-multitenant/templates -var/run/authentic2-multitenant -var/log/authentic2-multitenant diff --git a/debian-wheezy/authentic2-multitenant.docs b/debian-wheezy/authentic2-multitenant.docs deleted file mode 100644 index a9c629d26..000000000 --- a/debian-wheezy/authentic2-multitenant.docs +++ /dev/null @@ -1,4 +0,0 @@ -AUTHORS.txt -COPYING -README -debian/multitenant/nginx-example.conf diff --git a/debian-wheezy/authentic2-multitenant.init b/debian-wheezy/authentic2-multitenant.init deleted file mode 100644 index 9c6b7b745..000000000 --- a/debian-wheezy/authentic2-multitenant.init +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: authentic2-multitenant -# Required-Start: $network $local_fs $syslog -# Required-Stop: $network $local_fs $syslog -# Should-Start: postgresql -# Should-Stop: postgresql -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Authentic2 is a versatile identity provider -# Description: Authentic2 is a versatile identity provider -### END INIT INFO - -# Author: Serghei MIHAI - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC=authentic2 -NAME=authentic2-multitenant -DAEMON=/usr/bin/gunicorn -PID_DIR=/var/run/$NAME -CACHE_DIR=/var/cache/$NAME -LOG_DIR=/var/log/$NAME -PIDFILE=$PID_DIR/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME -BIND=unix:$PID_DIR/$NAME.sock -WORKERS=4 - -export AUTHENTIC2_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py -MANAGE_SCRIPT="/usr/bin/$NAME-manage" - -USER=authentic-multitenant -GROUP=authentic-multitenant - -# Exit if the package is not installed -[ -x $DAEMON ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -DAEMON_ARGS="--pid $PIDFILE \ ---user $USER --group $GROUP \ ---daemon \ ---access-logfile $LOG_DIR/gunicorn-access.log \ ---log-file $LOG_DIR/gunicorn-error.log \ ---bind=$BIND \ ---workers=$WORKERS \ ---worker-class=sync \ ---timeout=60 \ -authentic2.wsgi:application" - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# Create pid directory -if [ ! -d $PID_DIR ]; then - install -d -m 755 -o $USER -g $GROUP $PID_DIR -fi - -# Create cache directory -if [ ! -d $CACHE_DIR ]; then - install -d -m 755 -o $USER -g $GROUP $CACHE_DIR -fi - -# Function collecting static files -do_collectstatic() { - log_action_msg "Collect static files.." - su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT collectstatic -l --noinput" - log_action_msg ".. done" -} - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` - return 0 -} - -do_migrate() { - log_action_msg "Applying new migrations .." - su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT migrate_schemas --noinput" - log_action_msg ".. done" -} - -case "$1" in - start) - log_daemon_msg "Starting $DESC " "$NAME" - do_start - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - reload) - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - update) - log_daemon_msg "Updating $DESC" "$NAME" - do_migrate && do_collectstatic - log_end_msg $? - ;; - restart) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|update}" >&2 - exit 3 - ;; -esac - diff --git a/debian-wheezy/authentic2-multitenant.install b/debian-wheezy/authentic2-multitenant.install deleted file mode 100644 index 6200681c9..000000000 --- a/debian-wheezy/authentic2-multitenant.install +++ /dev/null @@ -1,3 +0,0 @@ -debian/multitenant/authentic2-multitenant-manage /usr/bin -debian/multitenant/config.py /etc/authentic2-multitenant -debian/multitenant/debian_config.py /usr/lib/authentic2-multitenant diff --git a/debian-wheezy/authentic2-multitenant.logrotate b/debian-wheezy/authentic2-multitenant.logrotate deleted file mode 100644 index 574f38b08..000000000 --- a/debian-wheezy/authentic2-multitenant.logrotate +++ /dev/null @@ -1,14 +0,0 @@ -/var/log/authentic2-multitenant/*.log { - weekly - missingok - rotate 52 - compress - delaycompress - notifempty - create 0640 authentic-multitenant adm - sharedscripts - postrotate - [ ! -f /var/run/authentic2-multitenant/authentic2-multitenant.pid ] || kill -HUP `cat /var/run/authentic2-multitenant/authentic2-multitenant.pid` - endscript -} - diff --git a/debian-wheezy/authentic2-multitenant.postinst b/debian-wheezy/authentic2-multitenant.postinst deleted file mode 100644 index 7fa6e6b49..000000000 --- a/debian-wheezy/authentic2-multitenant.postinst +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# -# Postinst script for authentic2 -# - -set -e - -NAME=authentic2-multitenant -MANAGE_SCRIPT=$NAME-manage -AUTHENTIC_USER=authentic-multitenant -AUTHENTIC_GROUP=authentic-multitenant -AUTHENTIC_HOME=/var/lib/$NAME -AUTHENTIC_SECRET_KEY="/etc/$NAME/secret" - -case "$1" in - configure) - if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then - echo -n "Adding group $AUTHENTIC_GROUP.." >&2 - addgroup --quiet --system $AUTHENTIC_GROUP - echo "..done" >&2 - fi - if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then - echo -n "Adding user $AUTHENTIC_USER.." >&2 - adduser --quiet --system --gecos "Authentic2 daemon" \ - --ingroup $AUTHENTIC_GROUP \ - --no-create-home --home $AUTHENTIC_HOME \ - $AUTHENTIC_USER - echo "..done" >&2 - fi - if [ ! -f $AUTHENTIC_SECRET_KEY ]; then - echo -n "Generating a secret key.." >&2 - echo -n "` "$AUTHENTIC_SECRET_KEY" - chmod 0640 $AUTHENTIC_SECRET_KEY - chown root:$AUTHENTIC_USER $AUTHENTIC_SECRET_KEY - echo "..done" >&2 - fi - chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_HOME/tenants \ - /var/lib/$NAME/collectstatic \ - /var/run/$NAME \ - /var/log/$NAME - /etc/init.d/$NAME update - ;; - triggered) - su -s /bin/sh -c "$MANAGE_SCRIPT hobo_deploy --redeploy" $AUTHENTIC_USER - ;; - reconfigure|abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian-wheezy/authentic2-multitenant.triggers b/debian-wheezy/authentic2-multitenant.triggers deleted file mode 100644 index 718b66722..000000000 --- a/debian-wheezy/authentic2-multitenant.triggers +++ /dev/null @@ -1 +0,0 @@ -interest-noawait hobo-redeploy diff --git a/debian-wheezy/authentic2.config b/debian-wheezy/authentic2.config deleted file mode 100644 index a378c62f7..000000000 --- a/debian-wheezy/authentic2.config +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/sh -# config maintainer script for foo-pgsql - -set -e - -# source debconf stuff -. /usr/share/debconf/confmodule -# source dbconfig-common shell library, and call the hook function -if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/config.pgsql - dbc_go authentic2 $@ -fi - -#DEBHELPER# diff --git a/debian-wheezy/authentic2.cron.d b/debian-wheezy/authentic2.cron.d deleted file mode 100644 index c652b01a3..000000000 --- a/debian-wheezy/authentic2.cron.d +++ /dev/null @@ -1,7 +0,0 @@ -PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin -MAILTO=root - -0 * * * * authentic authentic2-ctl clearsessions -5 * * * * authentic authentic2-ctl cleanupauthentic -10 * * * * authentic authentic2-ctl sync-ldap-users - diff --git a/debian-wheezy/authentic2.cron.hourly b/debian-wheezy/authentic2.cron.hourly deleted file mode 100644 index c52d3c26b..000000000 --- a/debian-wheezy/authentic2.cron.hourly +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -exit 0 diff --git a/debian-wheezy/authentic2.dirs b/debian-wheezy/authentic2.dirs deleted file mode 100644 index 9430e6b41..000000000 --- a/debian-wheezy/authentic2.dirs +++ /dev/null @@ -1,8 +0,0 @@ -etc/authentic2 -usr/share/dbconfig-common/scripts/authentic2/install -var/lib/authentic2/media -var/lib/authentic2/static -var/lib/authentic2/collectstatic -var/lib/authentic2/templates -var/run/authentic2 -var/log/authentic2 diff --git a/debian-wheezy/authentic2.docs b/debian-wheezy/authentic2.docs deleted file mode 100644 index 2ed64dcef..000000000 --- a/debian-wheezy/authentic2.docs +++ /dev/null @@ -1,3 +0,0 @@ -AUTHORS.txt -COPYING -README diff --git a/debian-wheezy/authentic2.init b/debian-wheezy/authentic2.init deleted file mode 100644 index cd7645ee2..000000000 --- a/debian-wheezy/authentic2.init +++ /dev/null @@ -1,203 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: authentic2 -# Required-Start: $network $local_fs $syslog -# Required-Stop: $network $local_fs $syslog -# Should-Start: postgresql -# Should-Stop: postgresql -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Authentic2 is a versatile identity provider -# Description: Authentic2 is a versatile identity provider -### END INIT INFO - -# Author: Jérôme Schneider - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC=authentic2 -NAME=authentic2 -DAEMON=/usr/bin/gunicorn -PID_DIR=/var/run/$NAME -CACHE_DIR=/var/cache/$NAME -LOG_DIR=/var/log/$NAME -PIDFILE=$PID_DIR/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME -MANAGE_SCRIPT=/usr/bin/$NAME-ctl -BIND=unix:$PID_DIR/$NAME.sock -AUTHENTIC2_SETTINGS_FILE=/usr/share/$NAME/debian_config.py - -USER=authentic -GROUP=authentic - -# Exit if the package is not installed -[ -x $DAEMON ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -DAEMON_ARGS="--pid $PIDFILE \ ---user $USER --group $GROUP \ ---daemon \ ---access-logfile $LOG_DIR/gunicorn-access.log \ ---log-file $LOG_DIR/gunicorn-error.log \ ---bind=$BIND \ ---workers=10 \ ---worker-class=sync \ ---timeout=60 \ -authentic2.wsgi:application" - -# Load config -if [ -f /etc/authentic2/db.conf ]; then - . /etc/authentic2/db.conf -fi -if [ -f /etc/authentic2/authentic.conf ]; then - . /etc/authentic2/authentic.conf -fi - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# Create pid directory -if [ ! -d $PID_DIR ]; then - install -d -m 755 -o $USER -g $GROUP $PID_DIR -fi - -# Create cache directory -if [ ! -d $CACHE_DIR ]; then - install -d -m 755 -o $USER -g $GROUP $CACHE_DIR -fi - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - export AUTHENTIC2_SETTINGS_FILE - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ - || return 1 - start-stop-daemon --start --quiet --exec $DAEMON -- \ - $DAEMON_ARGS \ - || return 2 -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -# -# Function that sends a SIGHUP to the daemon/service -# -do_reload() { - # - # If the daemon can reload its configuration without - # restarting (for example, when it is sent a SIGHUP), - # then implement that here. - # - start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` - return 0 -} - -do_migrate() { - log_action_msg "Applying new migrations .." - VERSION=`dpkg-query --show --showformat '${Version}' python-django` - if dpkg --compare-versions $VERSION lt 1.7; then - su $USER -p -c "$MANAGE_SCRIPT syncdb --migrate --noinput" - else - su $USER -p -c "$MANAGE_SCRIPT migrate --noinput" - fi - log_action_msg ".. done" -} - -do_collectstatic() { - log_action_msg "Collecting static files .." - su $USER -p -c "$MANAGE_SCRIPT collectstatic -l --noinput" - log_action_msg ".. done" -} - - -case "$1" in - start) - log_daemon_msg "Starting $DESC " "$NAME" - do_migrate - do_collectstatic - do_start - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - stop) - log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) log_end_msg 0 ;; - 2) log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - reload) - log_daemon_msg "Reloading $DESC" "$NAME" - do_reload - log_end_msg $? - ;; - update) - log_daemon_msg "Updating $DESC" "$NAME" - do_migrate && do_collectstatic - log_end_msg $? - ;; - restart) - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|update|reload}" >&2 - exit 3 - ;; -esac - diff --git a/debian-wheezy/authentic2.install b/debian-wheezy/authentic2.install deleted file mode 100644 index a4d2c1166..000000000 --- a/debian-wheezy/authentic2.install +++ /dev/null @@ -1,5 +0,0 @@ -debian/conf/authentic.conf /etc/authentic2 -debian/conf/nginx-example.conf /etc/authentic2 -debian/sql/db.conf /usr/share/authentic2/templates -debian/authentic2-ctl /usr/bin -debian/debian_config.py /usr/share/authentic2 diff --git a/debian-wheezy/authentic2.logrotate b/debian-wheezy/authentic2.logrotate deleted file mode 100644 index 56a597ca6..000000000 --- a/debian-wheezy/authentic2.logrotate +++ /dev/null @@ -1,14 +0,0 @@ -/var/log/authentic2/*.log { - weekly - missingok - rotate 52 - compress - delaycompress - notifempty - create 0640 authentic adm - sharedscripts - postrotate - [ ! -f /var/run/authentic2/authentic2.pid ] || kill -HUP `cat /var/run/authentic2/authentic2.pid` - endscript -} - diff --git a/debian-wheezy/authentic2.postinst b/debian-wheezy/authentic2.postinst deleted file mode 100644 index ecb33cab5..000000000 --- a/debian-wheezy/authentic2.postinst +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/sh -# -# Postinst script for authentic2 -# - -set -e - -NAME=authentic2 -AUTHENTIC_USER=authentic -AUTHENTIC_GROUP=authentic -AUTHENTIC_HOME=/var/lib/authentic2 -AUTHENTIC_SECRET_KEY="$AUTHENTIC_HOME/secret_key" - -# source debconf stuff -. /usr/share/debconf/confmodule - -case "$1" in - configure) - if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then - echo -n "Adding group $AUTHENTIC_GROUP.." >&2 - addgroup --quiet --system $AUTHENTIC_GROUP - echo "..done" >&2 - fi - if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then - echo -n "Adding user $AUTHENTIC_USER.." >&2 - adduser --quiet --system --gecos "Authentic2 daemon" \ - --ingroup $AUTHENTIC_GROUP \ - --no-create-home --home $AUTHENTIC_HOME \ - $AUTHENTIC_USER - echo "..done" >&2 - fi - - if [ ! -f $AUTHENTIC_SECRET_KEY ]; then - if [ -f /etc/$NAME/secret ]; then - echo -n "Converting storage of the secret key.." >&2 - . /etc/$NAME/secret - echo -n "$SECRET_KEY" >"$AUTHENTIC_SECRET_KEY" - rm /etc/$NAME/secret - echo "..done" >&2 - else - echo -n "Generating a secret key.." >&2 - echo -n "` "$AUTHENTIC_SECRET_KEY" - chmod 0600 $AUTHENTIC_SECRET_KEY - echo "..done" >&2 - fi - fi - - if [ -d $AUTHENTIC_HOME/extra-static ]; then - if [ -d $AUTHENTIC_HOME/static ]; then - mv $AUTHENTIC_HOME/static $AUTHENTIC_HOME/static.dpkg_old - fi - mkdir -p $AUTHENTIC_HOME/static - echo -n "Migrate old extra-static/ to static/.." >&2 - mv $AUTHENTIC_HOME/extra-static/* $AUTHENTIC_HOME/static/ - mv $AUTHENTIC_HOME/extra-static $AUTHENTIC_HOME/extra-static.dpkg_old - echo "..done" >&2 - fi - - if [ -f /etc/authentic2/authentic.conf ]; then - # Fix old configuration file - sed -i -e '/^\. \/etc\/authentic2\/secret$/d' \ - -e '/^export *STATIC_ROOT *=/d' \ - -e '/^. \/etc\/authentic2\/db.conf$/d' \ - -e '/^# do not remove this line, it imports/d' \ - /etc/authentic2/authentic.conf >&2 - fi - - chown -R $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2/ - - # source dbconfig-common shell library, and call the hook function - if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postinst.pgsql - dbc_generate_include="template:/etc/authentic2/db.conf" - dbc_generate_include_args="-o template_infile=/usr/share/authentic2/templates/db.conf -U" - dbc_generate_include_owner="root:authentic" - dbc_generate_include_perms="640" - dbc_pgsql_createdb_encoding="UTF8" - dbc_go authentic2 $@ - fi - - if [ ! -f /etc/authentic2/cert.pem -a ! -f /etc/authentic2/key.pem ]; then - echo -n "Generating key material..." >&2 - openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out /etc/authentic2/key.pem >&2 - openssl req -x509 -new -out /etc/authentic2/cert.pem -subj '/CN=whocares' -key /etc/authentic2/key.pem -days 3650 >&2 - chown $AUTHENTIC_USER.$AUTHENTIC_GROUP /etc/authentic2/cert.pem /etc/authentic2/key.pem - chmod 640 /etc/authentic2/cert.pem /etc/authentic2/key.pem - echo "..done" >&2 - fi - /etc/init.d/$NAME update - ;; - - reconfigure|abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -db_stop - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian-wheezy/authentic2.postrm b/debian-wheezy/authentic2.postrm deleted file mode 100644 index b283b7f11..000000000 --- a/debian-wheezy/authentic2.postrm +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# postrm script for authentic2 -# -# see: dh_installdeb(1) - -set -e - -case "$1" in purge) - deluser --quiet --system authentic > /dev/null || true - rm -f /etc/authentic2/secret - rm -rf /var/lib/authentic2/static/* - # source debconf stuff - . /usr/share/debconf/confmodule - # source dbconfig-common shell library, and call the hook function - if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then - . /usr/share/dbconfig-common/dpkg/postrm.pgsql - dbc_go authentic2 $@ - fi - - DBCONF=/etc/authentic2/db.conf - if [ "$1" = "purge" ]; then - rm -f $DBCONF - if which ucf >/dev/null 2>&1; then - ucf --purge $DBCONF - fi - fi - ;; - -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff --git a/debian-wheezy/changelog b/debian-wheezy/changelog deleted file mode 100644 index 204e1088d..000000000 --- a/debian-wheezy/changelog +++ /dev/null @@ -1,108 +0,0 @@ -authentic2 (2.0.2.293.g51cfb00-1) stable; urgency=low - - * Update to last mast commit - - -- Jérôme Schneider Tue, 06 Aug 2013 10:54:59 +0200 - -authentic2 (2.0.2.292.ga6ad42e-1) stable; urgency=low - - * Update to last mast commit - - -- Jérôme Schneider Thu, 01 Aug 2013 18:00:18 +0200 - -authentic2 (2.0.2.291.g2b09e18-1) stable; urgency=low - - * Update to last mast commit - - -- Jérôme Schneider Thu, 01 Aug 2013 17:25:20 +0200 - -authentic2 (2.0.2.289.gce06aec-1) stable; urgency=low - - * Update to last mast commit - - -- Jérôme Schneider Thu, 01 Aug 2013 17:05:50 +0200 - -authentic2 (2.0.2.232.g37e9606-1) stable; urgency=low - - * Update to last mast commit - - -- Jérôme Schneider Fri, 28 Jun 2013 17:24:03 +0200 - -authentic2 (2.0.2.220.gcde5387-2) stable; urgency=low - - * complete configuration file - * complete apache example - - -- Jérôme Schneider Wed, 19 Jun 2013 11:20:20 +0200 - -authentic2 (2.0.2.220.gcde5387-1) stable; urgency=low - - * update to last master commit - * move manage.py to /usr/lib/authentic2 to follow : - http://wiki.debian.org/DjangoPackagingDraft - - -- Jérôme Schneider Tue, 18 Jun 2013 18:02:30 +0200 - -authentic2 (2.0.2.214.g4e64a8e-4) stable; urgency=low - - * authentic.conf: replace ENGINE by DATABASE_ENGINE - - -- Jérôme Schneider Tue, 18 Jun 2013 16:21:52 +0200 - -authentic2 (2.0.2.214.g4e64a8e-3) unstable; urgency=low - - * change south dependency - - -- Jérôme Schneider Tue, 18 Jun 2013 13:42:56 +0200 - -authentic2 (2.0.2.214.g4e64a8e-2) unstable; urgency=low - - * Split into two packages : authentic2 and python-authentic2 - * Add authentic2 postrm to delete authentic user - - -- Jérôme Schneider Sat, 15 Jun 2013 16:09:37 +0200 - -authentic2 (2.0.2.214.g4e64a8e-1) unstable; urgency=low - - * update to last upstream commit - - -- Jérôme Schneider Sat, 15 Jun 2013 09:57:51 +0200 - -authentic2 (2.0.2.212.g41b7e09-3) unstable; urgency=low - - * debian: fix postinst - - -- Jérôme Schneider Sat, 15 Jun 2013 09:49:30 +0200 - -authentic2 (2.0.2.212.g41b7e09-2) unstable; urgency=low - - * debian: add adduser dependency - - -- Jérôme Schneider Fri, 14 Jun 2013 22:14:38 +0200 - -authentic2 (2.0.2.212.g41b7e09-1) stable; urgency=low - - * using environment variables for the configuration - - -- Jérôme Schneider Fri, 14 Jun 2013 15:49:31 +0200 - -authentic2 (2.0.2.199.g5ddda2a-1) unstable; urgency=low - - * debian: add mission local_config.py - * fix setup.py - - -- Jérôme Schneider Thu, 13 Jun 2013 20:33:09 +0200 - -authentic2 (2.0.2.196.g8409882-1) unstable; urgency=low - - * debian: port to squeeze - * debian: add an init script - * debian: add static files - - -- Jérôme Schneider Thu, 13 Jun 2013 17:14:30 +0200 - -authentic2 (1.9.0-0) unstable; urgency=low - - * Initial packaging. - - -- Frederic Peters Tue, 01 Jun 2010 14:28:56 +0200 diff --git a/debian-wheezy/compat b/debian-wheezy/compat deleted file mode 100644 index 7f8f011eb..000000000 --- a/debian-wheezy/compat +++ /dev/null @@ -1 +0,0 @@ -7 diff --git a/debian-wheezy/conf/authentic.conf b/debian-wheezy/conf/authentic.conf deleted file mode 100644 index a4bfe14c2..000000000 --- a/debian-wheezy/conf/authentic.conf +++ /dev/null @@ -1,45 +0,0 @@ -# do not remove this line, it imports db configuration from dbconfig-common -. /etc/authentic2/db.conf -# do not remove this line, it imports secret which is automatically generated -. /etc/authentic2/secret - -# Debug -# export DEBUG=yes - -# Define administrators / managers -# export ADMINS='admin eo;admin+authentic2@example.com' - -# Database configuration (please use dpkg-reconfigure authentic2) - -# Static root directory -export STATIC_ROOT='/var/lib/authentic2/static' - -# We are behind a reverse proxy so we accept every hosts -export ALLOWED_HOSTS='*' - -# You MUST set RSA key here -# you can generate this key with this commands : -# openssl genrsa -out saml.key 2048 -# openssl rsa -in saml.key -pubout -out saml.pub -export SAML_SIGNATURE_PUBLIC_KEY="`cat /etc/authentic2/cert.pem`" -export SAML_SIGNATURE_PRIVATE_KEY="`cat /etc/authentic2/key.pem`" - -# Cache configuration -#export USE_MEMCACHED=yes # required python-memcache memcached - -# Enables some features -#export IDP_SAML2='yes' -#export IDP_CAS='yes' -#export AUTH_SAML2='yes' -#export AUTH_SSL='yes' - -# Sentry / Raven configuration -#export SENTRY_DSN='' # require package python-raven - -# Email configuration -#export EMAIL_HOST = 'localhost' -#esport EMAIL_PORT = 25 -export EMAIL_SUBJECT_PREFIX='[Authentic2]' -#export SERVER_EMAIL='admin+authentic2@entrouvert.com' - - diff --git a/debian-wheezy/conf/nginx-example.conf b/debian-wheezy/conf/nginx-example.conf deleted file mode 100644 index 62e7df4f4..000000000 --- a/debian-wheezy/conf/nginx-example.conf +++ /dev/null @@ -1,41 +0,0 @@ -server { - listen 443; - server_name authentic.example.fr; - - ssl on; - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - - access_log /var/log/nginx/authentic.example.fr-access.log combined; - error_log /var/log/nginx/authentic.example.fr-error.log; - - location /static { - alias /var/lib/authentic2/collectstatic; - } - - location / { - proxy_pass http://unix:/var/run/authentic2/authentic2.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - } -} - -server { - listen 80; - server_name authentic.example.fr; - - access_log /var/log/nginx/authentic.example.fr-access.log combined; - error_log /var/log/nginx/authentic.example.fr-error.log; - - location /static { - alias /var/lib/authentic2/collectstatic; - } - - location / { - proxy_pass http://unix:/var/run/authentic2/authentic2.sock; - proxy_set_header Host $http_host; - } -} - diff --git a/debian-wheezy/control b/debian-wheezy/control deleted file mode 100644 index b80392289..000000000 --- a/debian-wheezy/control +++ /dev/null @@ -1,74 +0,0 @@ -Source: authentic2 -Section: python -Priority: optional -Maintainer: Jerome Schneider -Build-Depends-Indep: python-all-dev (>= 2.6) -Build-Depends: debhelper (>= 8.0), python-setuptools, python-django (>= 1.5), dh-python -Standards-Version: 3.8.3 -Homepage: http://authentic.labs.libre-entreprise.org -X-Python-Version: >= 2.6 - -Package: python-authentic2 -Architecture: all -Pre-Depends: python-django (>= 1.8), python-django (<< 1.8), openssl -Depends: ${misc:Depends}, ${python:Depends}, - python-requests (>=2.3), - python-django-model-utils (>= 2.4), - python-lasso (>= 2.4.1.100), - python-dnspython (>= 1.10), - python-django-select2 (>= 5), - python-gadjo (>= 0.53), - python-django-tables2 (>= 1), - python-django-tables2 (<< 1.1), - python-django-import-export (>= 0.2.7), - python-djangorestframework (>= 3.3), - python-markdown (>= 2.1), - python-ldap (>= 2.4), - python-six (>= 1.0), - python-django-filters (>= 1) -Provides: ${python:Provides} -Recommends: python-ldap -Suggests: python-raven -Description: Versatile identity server - Authentic is a versatile identity provider aiming to address a broad - range of needs, from simple to complex setups; it has support for many - protocols and can bridge between them. - . - It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) - implementation of the Liberty Alliance specifications. - -Package: authentic2 -Architecture: all -Pre-Depends: python-authentic2 (= ${binary:Version}) -Depends: ${misc:Depends}, adduser, - python-psycopg2, - gunicorn, dbconfig-common, - debconf | debconf-2.0, ucf -Recommends: postgresql-client -Suggests: nginx, postgresql -Description: Versatile identity server Python module - Authentic is a versatile identity provider aiming to address a broad - range of needs, from simple to complex setups; it has support for many - protocols and can bridge between them. - . - It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) - implementation of the Liberty Alliance specifications. - -Package: authentic2-multitenant -Architecture: all -Pre-Depends: python-authentic2 (= ${binary:Version}) -Depends: ${misc:Depends}, adduser, - python-psycopg2, - python-django-tenant-schemas (>= 1.5.2.1), - python-hobo, - gunicorn, dbconfig-common, - debconf | debconf-2.0, ucf -Recommends: postgresql-client -Suggests: nginx, postgresql -Description: Multitenant versatile identity server Python module - Authentic is a versatile identity provider aiming to address a broad - range of needs, from simple to complex setups; it has support for many - protocols and can bridge between them. - . - It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) - implementation of the Liberty Alliance specifications. diff --git a/debian-wheezy/copyright b/debian-wheezy/copyright deleted file mode 100644 index 8d4ee23fb..000000000 --- a/debian-wheezy/copyright +++ /dev/null @@ -1,674 +0,0 @@ -This package was debianized by Entr'ouvert (Frédéric Péters and Jérôme Schneider) - -Copyright (C) 2008-2013 Entr'ouvert - -Upstream Authors: Benjamin Dauvergne and Mikaël Ates from Entr'ouvert - -License: - -Core of authentic is entirely under the copyright of Entr'ouvert and distributed -under the license AGPLv3. - - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for the -specific requirements. - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU AGPL, see -. - -External modules oath and totp-js modules are licensed under a BSD-like licence. diff --git a/debian-wheezy/debian_config.py b/debian-wheezy/debian_config.py deleted file mode 100644 index 88ce2769f..000000000 --- a/debian-wheezy/debian_config.py +++ /dev/null @@ -1,310 +0,0 @@ -import os -import warnings -from authentic2 import logger - - -# Add the XForwardedForMiddleware -MIDDLEWARE_CLASSES = ('authentic2.middleware.XForwardedForMiddleware',) + MIDDLEWARE_CLASSES - -# Debian defaults -DEBUG = False - -STATIC_ROOT = '/var/lib/authentic2/collectstatic/' -STATICFILES_DIRS = ('/var/lib/authentic2/static',) + STATICFILES_DIRS -TEMPLATE_DIRS = ('/var/lib/authentic2/templates',) + TEMPLATE_DIRS -LOCALE_PATHS = ('/var/lib/authentic2/locale',) + LOCALE_PATHS - -ADMINS = (('root', 'root@localhost'),) - -if os.path.exists('/var/lib/authentic2/secret_key'): - SECRET_KEY = file('/var/lib/authentic2/secret_key').read() - -LOGGING = { - 'version': 1, - 'disable_existing_loggers': True, - 'filters': { - 'cleaning': { - '()': 'authentic2.utils.CleanLogMessage', - }, - 'request_context': { - '()': 'authentic2.log_filters.RequestContextFilter', - }, - 'force_debug': { - '()': 'authentic2.log_filters.ForceDebugFilter', - } - }, - 'formatters': { - 'syslog': { - 'format': 'authentic2[%(process)d]: %(ip)s %(user)s %(request_id)s %(levelname)s %(message)s', - }, - 'syslog_db': { - 'format': 'authentic2[%(process)d]: %(levelname)s %(message)s', - }, - }, - 'handlers': { - 'syslog': { - 'level': 'DEBUG', - 'address': '/dev/log', - 'class': 'logging.handlers.SysLogHandler', - 'filters': ['cleaning', 'request_context'], - 'formatter': 'syslog', - }, - # remove request_context filter for db log to prevent infinite loop - # when logging sql query to retrieve the session user - 'syslog_db': { - 'level': 'DEBUG', - 'address': '/dev/log', - 'class': 'logging.handlers.SysLogHandler', - 'filters': ['cleaning'], - 'formatter': 'syslog_db', - }, - }, - 'loggers': { - # even when debugging seeing SQL queries is too much, activate it - # explicitly using DEBUG_DB - 'django.db': { - # use a special handler to prevent recursive loop by the RequestContextFilter - # as it does accesses to the database - 'handlers': ['syslog_db'], - 'level': logger.SettingsLogLevel('INFO', debug_setting='DEBUG_DB'), - 'propagate': False, - }, - 'django': { - # Override Django default values - 'handlers': [], - 'level': 'NOTSET', - 'propagate': True, - }, - 'django.server': { - # Override Django 1.8 default values - 'handlers': [], - 'level': 'NOTSET', - 'propagate': True, - }, - 'django.request': { - # Override Django default values - 'handlers': [], - 'level': 'NOTSET', - 'propagate': True, - }, - 'django.security': { - # Override Django default values - 'handlers': [], - 'level': 'NOTSET', - 'propagate': True, - }, - # django_select2 outputs debug message at level INFO - 'django_select2': { - 'handlers': [], - 'level': 'WARNING', - 'propagate': True, - }, - # lasso has the bad habit of logging everything as errors - 'Lasso': { - 'filters': ['force_debug'], - }, - 'libxml2': { - 'filters': ['force_debug'], - }, - 'libxmlsec': { - 'filters': ['force_debug'], - }, - '': { - 'handlers': ['syslog'], - 'level': logger.SettingsLogLevel('INFO'), - }, - }, -} - - -# Old settings method -def extract_settings_from_environ(): - import os - import json - from django.core.exceptions import ImproperlyConfigured - global MANAGERS, DATABASES, SENTRY_DSN, INSTALLED_APPS, \ - SECURE_PROXY_SSL_HEADER, CACHES, SESSION_ENGINE, \ - LDAP_AUTH_SETTINGS, RAVEN_CONFIG - - BOOLEAN_ENVS = ( - 'DEBUG', - 'DEBUG_PROPAGATE_EXCEPTIONS', - 'SESSION_EXPIRE_AT_BROWSER_CLOSE', - 'SESSION_COOKIE_SECURE', - 'EMAIL_USE_TLS', - 'USE_X_FORWARDED_HOST', - 'DISCO_SERVICE', - 'DISCO_USE_OF_METADATA', - 'SHOW_DISCO_IN_MD', - 'SSLAUTH_CREATE_USER', - 'PUSH_PROFILE_UPDATES', - 'A2_ACCEPT_EMAIL_AUTHENTICATION', - 'A2_CAN_RESET_PASSWORD', - 'A2_REGISTRATION_CAN_DELETE_ACCOUNT', - 'A2_REGISTRATION_EMAIL_IS_UNIQUE', - 'REGISTRATION_OPEN', - 'A2_AUTH_PASSWORD_ENABLE', - 'SSLAUTH_ENABLE', - 'A2_IDP_SAML2_ENABLE', - ) - - def to_boolean(name, default=True): - try: - value = os.environ[name] - except KeyError: - return default - try: - i = int(value) - return bool(i) - except ValueError: - if value.lower() in ('true', 't', 'y', 'yes'): - return True - if value.lower() in ('false', 'f', 'n', 'no'): - return False - return default - - for boolean_env in BOOLEAN_ENVS: - if boolean_env in os.environ: - globals()[boolean_env] = to_boolean(boolean_env) - - STRING_ENVS = ( - 'STATIC_ROOT', - 'STATIC_URL', - 'A2_OPENED_SESSION_COOKIE_DOMAIN', - 'SESSION_COOKIE_NAME', - 'SESSION_COOKIE_PATH', - 'SESSION_ENGINE', - 'EMAIL_HOST', - 'EMAIL_HOST_USER', - 'EMAIL_HOST_PASSWORD', - 'EMAIL_SUBJECT_PREFIX', - 'SERVER_EMAIL', - 'DEFAULT_FROM_EMAIL', - 'LOGIN_REDIRECT_URL', - 'LOGIN_URL', - 'LOGOUT_URL', - 'SECRET_KEY', - 'DISCO_SERVICE_NAME', - 'SAML_SIGNATURE_PUBLIC_KEY', - 'SAML_SIGNATURE_PRIVATE_KEY', - 'SAML_METADATA_AUTOLOAD', - 'A2_HOMEPAGE_URL', - ) - - for string_env in STRING_ENVS: - if string_env in os.environ: - globals()[string_env] = os.environ[string_env] - - PATH_ENVS = ( - 'STATICFILES_DIRS', - 'TEMPLATE_DIRS', - 'LOCALE_PATHS', - 'ALLOWED_HOSTS', - 'INTERNAL_IPS', - 'PASSWORD_HASHERS', - ) - - for path_env in PATH_ENVS: - if path_env in os.environ: - old = globals().get(path_env) - globals()[path_env] = tuple(os.environ[path_env].split(':')) + tuple(old) - - INT_ENVS = ( - 'SESSION_COOKIE_AGE', - 'EMAIL_PORT', - 'AUTHENTICATION_EVENT_EXPIRATION', - 'LOCAL_METADATA_CACHE_TIMEOUT', - 'ACCOUNT_ACTIVATION_DAYS', - 'PASSWORD_RESET_TIMEOUT_DAYS', - ) - - def to_int(name, default): - try: - value = os.environ[name] - return int(value) - except KeyError: - return default - except ValueError: - raise ImproperlyConfigured('environ variable %s must be an integer' % name) - - for int_env in INT_ENVS: - if int_env in os.environ: - try: - globals()[int_env] = int(os.environ[int_env]) - except ValueError: - raise ImproperlyConfigured('environement variable %s must be an integer' % int_env) - - - ADMINS = () - if 'ADMINS' in os.environ: - ADMINS = filter(None, os.environ.get('ADMINS').split(':')) - ADMINS = [ admin.split(';') for admin in ADMINS ] - for admin in ADMINS: - assert len(admin) == 2, 'ADMINS setting must be a colon separated list of name and emails separated by a semi-colon' - assert '@' in admin[1], 'ADMINS setting pairs second value must be emails' - MANAGERS = ADMINS - - - for key in os.environ: - if key.startswith('DATABASE_'): - prefix, db_key = key.split('_', 1) - DATABASES['default'][db_key] = os.environ[key] - - if 'SECURE_PROXY_SSL_HEADER' in os.environ: - SECURE_PROXY_SSL_HEADER = os.environ['SECURE_PROXY_SSL_HEADER'].split(':', 1) - - if 'LDAP_AUTH_SETTINGS' in os.environ: - try: - LDAP_AUTH_SETTINGS = json.loads(os.environ['LDAP_AUTH_SETTINGS']) - except Exception, e: - raise ImproperlyConfigured('LDAP_AUTH_SETTINGS is not a JSON document', e) - - if 'CACHE_BACKEND' in os.environ: - CACHES['default'] = json.loads(os.environ['CACHE_BACKEND']) - - if 'USE_MEMCACHED' in os.environ: - try: - import memcache - except: - raise ImproperlyConfigured('Python memcache library is not installed, please do: pip install memcache') - CACHES = { - 'default': { - 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', - 'LOCATION': '127.0.0.1:11211', - 'KEY_PREFIX': 'authentic2', - } - } - SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' - - # add sentry handler if environment contains SENTRY_DSN - if 'SENTRY_DSN' in os.environ: - try: - import raven - except ImportError: - raise ImproperlyConfigured('SENTRY_DSN environment variable is set but raven is not installed.') - SENTRY_DSN = os.environ['SENTRY_DSN'] - RAVEN_CONFIG = { - 'dsn': SENTRY_DSN, - } - INSTALLED_APPS = tuple(INSTALLED_APPS) + ('raven.contrib.django.raven_compat',) - - # extract any key starting with setting - for key in os.environ: - if key.startswith('SETTING_'): - setting_key = key[len('SETTING_'):] - value = os.environ[key] - try: - value = int(value) - except ValueError: - pass - globals()[setting_key] = value - -extract_settings_from_environ() - -CONFIG_FILE = '/etc/authentic2/config.py' -if os.path.exists(CONFIG_FILE): - execfile(CONFIG_FILE) - -# Warn if DEFAULT_FROM_EMAIL is the default value -if DEFAULT_FROM_EMAIL == 'webmaster@localhost': - warnings.warn('DEFAULT_FROM_EMAIL must be customized') diff --git a/debian-wheezy/multitenant/authentic2-multitenant-manage b/debian-wheezy/multitenant/authentic2-multitenant-manage deleted file mode 100644 index 6730481c0..000000000 --- a/debian-wheezy/multitenant/authentic2-multitenant-manage +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh - -NAME="authentic2-multitenant" -MANAGE="/usr/lib/authentic2/manage.py" - -export AUTHENTIC2_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py - -if [ "$(whoami)" != "authentic-multitenant" ]; then - if which sudo >/dev/null; then - if sudo -v -u authentic-multitenant; then - sudo -u authentic-multitenant authentic2-multitenant-manage "$@" - exit $? - fi - echo "You must run this script with authentic-multitenant user" - exit 1 - fi -fi - -python ${MANAGE} "$@" diff --git a/debian-wheezy/multitenant/config.py b/debian-wheezy/multitenant/config.py deleted file mode 100644 index 2b228db7c..000000000 --- a/debian-wheezy/multitenant/config.py +++ /dev/null @@ -1,70 +0,0 @@ -# Configuration for authentic. -# You can override Authentic default settings here - -# Authentic is a Django application: for the full list of settings and their -# values, see https://docs.djangoproject.com/en/1.7/ref/settings/ -# For more information on settings see -# https://docs.djangoproject.com/en/1.7/topics/settings/ - -# WARNING! Quick-start development settings unsuitable for production! -# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ - -# This file is sourced by "execfile" from /usr/lib/authentic/debian_config.py - -# SECURITY WARNING: don't run with debug turned on in production! -DEBUG = False -TEMPLATE_DEBUG = False - -#ADMINS = ( -# # ('User 1', 'watchdog@example.net'), -# # ('User 2', 'janitor@example.net'), -#) - -# ALLOWED_HOSTS must be correct in production! -# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts -ALLOWED_HOSTS = [ - '*', -] - -# Databases -# Default: a local database named "authentic" -# https://docs.djangoproject.com/en/1.7/ref/settings/#databases -# Warning: don't change ENGINE -#DATABASES['default']['NAME'] = 'authentic2_multitenant' -#DATABASES['default']['USER'] = 'authentic-multitenant' -#DATABASES['default']['PASSWORD'] = '******' -#DATABASES['default']['HOST'] = 'localhost' -#DATABASES['default']['PORT'] = '5432' - -LANGUAGE_CODE = 'fr-fr' -TIME_ZONE = 'Europe/Paris' - -# Sentry / Raven configuration -#RAVEN_CONFIG = { -# 'dsn': '', -#} - -# Email configuration -#EMAIL_SUBJECT_PREFIX = '[authentic] ' -#SERVER_EMAIL = 'root@authentic.example.org' -#DEFAULT_FROM_EMAIL = 'webmaster@authentic.example.org' - -# SMTP configuration -#EMAIL_HOST = 'localhost' -#EMAIL_HOST_USER = '' -#EMAIL_HOST_PASSWORD = '' -#EMAIL_PORT = 25 - -# HTTPS Security -#CSRF_COOKIE_SECURE = True -#SESSION_COOKIE_SECURE = True - -# Idp -# SAML 2.0 IDP -#A2_IDP_SAML2_ENABLE = False -# CAS 1.0 / 2.0 IDP -#A2_IDP_CAS_ENABLE = False - -# Authentifications -#A2_AUTH_PASSWORD_ENABLE = True -#A2_SSLAUTH_ENABLE = False diff --git a/debian-wheezy/multitenant/debian_config.py b/debian-wheezy/multitenant/debian_config.py deleted file mode 100644 index 53cedacc1..000000000 --- a/debian-wheezy/multitenant/debian_config.py +++ /dev/null @@ -1,56 +0,0 @@ -import os -from django.utils.translation import ugettext_lazy as _ - -# Debian defaults -DEBUG = False - -PROJECT_NAME = 'authentic2-multitenant' - -# -# hobotization (multitenant) -# -execfile('/usr/lib/hobo/debian_config_common.py') - -# Add the XForwardedForMiddleware -MIDDLEWARE_CLASSES = ('authentic2.middleware.XForwardedForMiddleware',) + MIDDLEWARE_CLASSES - -# Add authentic settings loader -TENANT_SETTINGS_LOADERS = ('hobo.multitenant.settings_loaders.Authentic',) + TENANT_SETTINGS_LOADERS - -# Add authentic2 hobo agent -INSTALLED_APPS = ('hobo.agent.authentic2',) + INSTALLED_APPS - -LOGGING['filters'].update({ - 'cleaning': { - '()': 'authentic2.utils.CleanLogMessage', - }, -}) - -for handler in LOGGING['handlers'].values(): - handler.setdefault('filters', []).append('cleaning') -# django_select2 outputs debug message at level INFO -LOGGING['loggers']['django_select2'] = { - 'handlers': ['syslog'], - 'level': 'WARNING', -} - -# Default login's form username label -A2_USERNAME_LABEL = _('Email') - -# Rest Authentication Class for services access -REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] += ( - 'authentic2.authentication.Authentic2Authentication', - 'rest_framework.authentication.SessionAuthentication', -) -HOBO_ANONYMOUS_SERVICE_USER_CLASS = 'hobo.rest_authentication.AnonymousAuthenticServiceUser' - -# HOBO Skeletons - -HOBO_SKELETONS_DIR = os.path.join(VAR_DIR, 'skeletons') - -CONFIG_FILE='/etc/%s/config.py' % PROJECT_NAME -if os.path.exists(CONFIG_FILE): - execfile(CONFIG_FILE) - -# run additional settings snippets -execfile('/usr/lib/hobo/debian_config_settings_d.py') diff --git a/debian-wheezy/multitenant/nginx-example.conf b/debian-wheezy/multitenant/nginx-example.conf deleted file mode 100644 index 3dd071cd3..000000000 --- a/debian-wheezy/multitenant/nginx-example.conf +++ /dev/null @@ -1,43 +0,0 @@ -server { - listen 443; - server_name authentic.example.fr; - - ssl on; - ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; - ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; - - access_log /var/log/nginx/authentic.example.fr-access.log combined; - error_log /var/log/nginx/authentic.example.fr-error.log; - - location ~ /static/(.+)$ { - root /; - try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1 - /var/lib/authentic2-multitenant/collectstatic/$1 - =404; - } - - location ~ ^/media/(.+)$ { - alias /var/lib/authentic2-multitenant/tenants/$host/media/$1; - } - - location / { - proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock; - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-SSL on; - proxy_set_header X-Forwarded-Protocol ssl; - proxy_set_header X-Forwarded-Proto https; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - } -} - -server { - listen 80; - server_name authentic.example.fr; - - access_log /var/log/nginx/authentic.example.fr-access.log combined; - error_log /var/log/nginx/authentic.example.fr-error.log; - - return 302 $host$request_uri; -} - diff --git a/debian-wheezy/patches/01-hide-oidc-plugins.diff b/debian-wheezy/patches/01-hide-oidc-plugins.diff deleted file mode 100644 index 6ac75b74a..000000000 --- a/debian-wheezy/patches/01-hide-oidc-plugins.diff +++ /dev/null @@ -1,24 +0,0 @@ -Index: authentic2/setup.py -=================================================================== ---- authentic2.orig/setup.py -+++ authentic2/setup.py -@@ -127,8 +127,6 @@ setup(name="authentic2", - 'django-mellon', - 'ldaptools', - 'django-jsonfield', -- 'jwcrypto>=0.3.1,<1', -- 'cryptography', - 'XStatic-jQuery', - 'XStatic-jquery-ui', - 'xstatic-select2', -@@ -163,10 +161,8 @@ setup(name="authentic2", - 'authentic2.plugin': [ - 'authentic2-auth-ssl = authentic2.auth2_auth.auth2_ssl:Plugin', - 'authentic2-auth-saml = authentic2_auth_saml:Plugin', -- 'authentic2-auth-oidc = authentic2_auth_oidc:Plugin', - 'authentic2-idp-saml2 = authentic2.idp.saml:Plugin', - 'authentic2-idp-cas = authentic2_idp_cas:Plugin', -- 'authentic2-idp-oidc = authentic2_idp_oidc:Plugin', - 'authentic2-provisionning-ldap = authentic2_provisionning_ldap:Plugin', - ], - }) diff --git a/debian-wheezy/patches/series b/debian-wheezy/patches/series deleted file mode 100644 index a4a89439a..000000000 --- a/debian-wheezy/patches/series +++ /dev/null @@ -1 +0,0 @@ -01-hide-oidc-plugins.diff diff --git a/debian-wheezy/pycompat b/debian-wheezy/pycompat deleted file mode 100644 index 0cfbf0888..000000000 --- a/debian-wheezy/pycompat +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/debian-wheezy/pydist-overrides b/debian-wheezy/pydist-overrides deleted file mode 100644 index d9d44d45a..000000000 --- a/debian-wheezy/pydist-overrides +++ /dev/null @@ -1,17 +0,0 @@ -django python-django -requests python-requests -django-model-utils python-django-model-utils -dnspython python-dnspython -django-select2 python-django-select2 -django-tables python-django-tables2 -gadjo python-gadjo -XStatic python-xstatic -XStatic_Font_Awesome python-xstatic-font-awesome -XStatic_jQuery python-xstatic-jquery -XStatic_jquery_ui python-xstatic-jquery-ui -django-import-export python-django-import-export -django-sekizai python-django-sekizai -six python-six -pycrypto python-crypto -ldaptools python-ldaptools -django-mellon python-django-mellon diff --git a/debian-wheezy/python-authentic2.dirs b/debian-wheezy/python-authentic2.dirs deleted file mode 100644 index 7f3441af9..000000000 --- a/debian-wheezy/python-authentic2.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/lib/authentic2 diff --git a/debian-wheezy/python-authentic2.docs b/debian-wheezy/python-authentic2.docs deleted file mode 100644 index 85fc97e5c..000000000 --- a/debian-wheezy/python-authentic2.docs +++ /dev/null @@ -1,2 +0,0 @@ -AUTHORS.txt -COPYING diff --git a/debian-wheezy/python-authentic2.install b/debian-wheezy/python-authentic2.install deleted file mode 100644 index 2964de614..000000000 --- a/debian-wheezy/python-authentic2.install +++ /dev/null @@ -1 +0,0 @@ -usr/lib/ diff --git a/debian-wheezy/rules b/debian-wheezy/rules deleted file mode 100755 index 73a1148b7..000000000 --- a/debian-wheezy/rules +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/make -f - -authentic2=$(CURDIR)/debian/authentic2 -pythonauthentic2=$(CURDIR)/debian/python-authentic2 - -%: - dh $@ --with python2 - -override_dh_install: - dh_install - mv $(CURDIR)/debian/tmp/usr/bin/authentic2-ctl $(pythonauthentic2)/usr/lib/authentic2/manage.py - diff --git a/debian-wheezy/source/format b/debian-wheezy/source/format deleted file mode 100644 index 163aaf8d8..000000000 --- a/debian-wheezy/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/debian-wheezy/sql/db.conf b/debian-wheezy/sql/db.conf deleted file mode 100644 index 4b4df01d7..000000000 --- a/debian-wheezy/sql/db.conf +++ /dev/null @@ -1,5 +0,0 @@ -export DATABASE_ENGINE='django.db.backends.postgresql_psycopg2' -export DATABASE_NAME='_DBC_DBNAME_' -export DATABASE_USER='_DBC_DBUSER_' -export DATABASE_PASSWORD='_DBC_DBPASS_' -export DATABASE_HOST='localhost' diff --git a/debian-jessie/README.Debian b/debian/README.Debian similarity index 100% rename from debian-jessie/README.Debian rename to debian/README.Debian diff --git a/debian-jessie/README.source b/debian/README.source similarity index 100% rename from debian-jessie/README.source rename to debian/README.source diff --git a/debian-jessie/authentic2-ctl b/debian/authentic2-ctl similarity index 100% rename from debian-jessie/authentic2-ctl rename to debian/authentic2-ctl diff --git a/debian-jessie/authentic2-multitenant.cron.d b/debian/authentic2-multitenant.cron.d similarity index 100% rename from debian-jessie/authentic2-multitenant.cron.d rename to debian/authentic2-multitenant.cron.d diff --git a/debian-jessie/authentic2-multitenant.cron.hourly b/debian/authentic2-multitenant.cron.hourly similarity index 100% rename from debian-jessie/authentic2-multitenant.cron.hourly rename to debian/authentic2-multitenant.cron.hourly diff --git a/debian-jessie/authentic2-multitenant.dirs b/debian/authentic2-multitenant.dirs similarity index 100% rename from debian-jessie/authentic2-multitenant.dirs rename to debian/authentic2-multitenant.dirs diff --git a/debian-jessie/authentic2-multitenant.docs b/debian/authentic2-multitenant.docs similarity index 100% rename from debian-jessie/authentic2-multitenant.docs rename to debian/authentic2-multitenant.docs diff --git a/debian-jessie/authentic2-multitenant.init b/debian/authentic2-multitenant.init similarity index 100% rename from debian-jessie/authentic2-multitenant.init rename to debian/authentic2-multitenant.init diff --git a/debian-jessie/authentic2-multitenant.install b/debian/authentic2-multitenant.install similarity index 100% rename from debian-jessie/authentic2-multitenant.install rename to debian/authentic2-multitenant.install diff --git a/debian-jessie/authentic2-multitenant.logrotate b/debian/authentic2-multitenant.logrotate similarity index 100% rename from debian-jessie/authentic2-multitenant.logrotate rename to debian/authentic2-multitenant.logrotate diff --git a/debian-jessie/authentic2-multitenant.postinst b/debian/authentic2-multitenant.postinst similarity index 100% rename from debian-jessie/authentic2-multitenant.postinst rename to debian/authentic2-multitenant.postinst diff --git a/debian-jessie/authentic2-multitenant.triggers b/debian/authentic2-multitenant.triggers similarity index 100% rename from debian-jessie/authentic2-multitenant.triggers rename to debian/authentic2-multitenant.triggers diff --git a/debian-jessie/authentic2.config b/debian/authentic2.config similarity index 100% rename from debian-jessie/authentic2.config rename to debian/authentic2.config diff --git a/debian-jessie/authentic2.cron.d b/debian/authentic2.cron.d similarity index 100% rename from debian-jessie/authentic2.cron.d rename to debian/authentic2.cron.d diff --git a/debian-jessie/authentic2.cron.hourly b/debian/authentic2.cron.hourly similarity index 100% rename from debian-jessie/authentic2.cron.hourly rename to debian/authentic2.cron.hourly diff --git a/debian-jessie/authentic2.dirs b/debian/authentic2.dirs similarity index 100% rename from debian-jessie/authentic2.dirs rename to debian/authentic2.dirs diff --git a/debian-jessie/authentic2.docs b/debian/authentic2.docs similarity index 100% rename from debian-jessie/authentic2.docs rename to debian/authentic2.docs diff --git a/debian-jessie/authentic2.init b/debian/authentic2.init similarity index 100% rename from debian-jessie/authentic2.init rename to debian/authentic2.init diff --git a/debian-jessie/authentic2.install b/debian/authentic2.install similarity index 100% rename from debian-jessie/authentic2.install rename to debian/authentic2.install diff --git a/debian-jessie/authentic2.logrotate b/debian/authentic2.logrotate similarity index 100% rename from debian-jessie/authentic2.logrotate rename to debian/authentic2.logrotate diff --git a/debian-jessie/authentic2.postinst b/debian/authentic2.postinst similarity index 100% rename from debian-jessie/authentic2.postinst rename to debian/authentic2.postinst diff --git a/debian-jessie/authentic2.postrm b/debian/authentic2.postrm similarity index 100% rename from debian-jessie/authentic2.postrm rename to debian/authentic2.postrm diff --git a/debian-jessie/changelog b/debian/changelog similarity index 100% rename from debian-jessie/changelog rename to debian/changelog diff --git a/debian-jessie/compat b/debian/compat similarity index 100% rename from debian-jessie/compat rename to debian/compat diff --git a/debian-jessie/conf/authentic.conf b/debian/conf/authentic.conf similarity index 100% rename from debian-jessie/conf/authentic.conf rename to debian/conf/authentic.conf diff --git a/debian-jessie/conf/nginx-example.conf b/debian/conf/nginx-example.conf similarity index 100% rename from debian-jessie/conf/nginx-example.conf rename to debian/conf/nginx-example.conf diff --git a/debian-jessie/control b/debian/control similarity index 100% rename from debian-jessie/control rename to debian/control diff --git a/debian-jessie/copyright b/debian/copyright similarity index 100% rename from debian-jessie/copyright rename to debian/copyright diff --git a/debian-jessie/debian_config.py b/debian/debian_config.py similarity index 100% rename from debian-jessie/debian_config.py rename to debian/debian_config.py diff --git a/debian-jessie/multitenant/authentic2-multitenant-manage b/debian/multitenant/authentic2-multitenant-manage similarity index 100% rename from debian-jessie/multitenant/authentic2-multitenant-manage rename to debian/multitenant/authentic2-multitenant-manage diff --git a/debian-jessie/multitenant/config.py b/debian/multitenant/config.py similarity index 100% rename from debian-jessie/multitenant/config.py rename to debian/multitenant/config.py diff --git a/debian-jessie/multitenant/debian_config.py b/debian/multitenant/debian_config.py similarity index 100% rename from debian-jessie/multitenant/debian_config.py rename to debian/multitenant/debian_config.py diff --git a/debian-jessie/multitenant/nginx-example.conf b/debian/multitenant/nginx-example.conf similarity index 100% rename from debian-jessie/multitenant/nginx-example.conf rename to debian/multitenant/nginx-example.conf diff --git a/debian-jessie/pydist-overrides b/debian/pydist-overrides similarity index 100% rename from debian-jessie/pydist-overrides rename to debian/pydist-overrides diff --git a/debian-jessie/python-authentic2.dirs b/debian/python-authentic2.dirs similarity index 100% rename from debian-jessie/python-authentic2.dirs rename to debian/python-authentic2.dirs diff --git a/debian-jessie/python-authentic2.docs b/debian/python-authentic2.docs similarity index 100% rename from debian-jessie/python-authentic2.docs rename to debian/python-authentic2.docs diff --git a/debian-jessie/python-authentic2.install b/debian/python-authentic2.install similarity index 100% rename from debian-jessie/python-authentic2.install rename to debian/python-authentic2.install diff --git a/debian-jessie/rules b/debian/rules similarity index 100% rename from debian-jessie/rules rename to debian/rules diff --git a/debian-jessie/source/format b/debian/source/format similarity index 100% rename from debian-jessie/source/format rename to debian/source/format diff --git a/debian-jessie/sql/db.conf b/debian/sql/db.conf similarity index 100% rename from debian-jessie/sql/db.conf rename to debian/sql/db.conf