From 5d0e25ca1eceacec14b763ff25acd9039c66a814 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Mon, 16 Jun 2014 18:48:23 +0200 Subject: [PATCH 1/6] initial import --- changelog | 5 ++ compat | 1 + control | 20 ++++++ dirs | 4 ++ init.d | 164 +++++++++++++++++++++++++++++++++++++++++++++++ install | 1 + local_config.py | 42 ++++++++++++ postinst | 65 +++++++++++++++++++ pydist-overrides | 2 + rules | 19 ++++++ source/format | 1 + 11 files changed, 324 insertions(+) create mode 100644 changelog create mode 100644 compat create mode 100644 control create mode 100644 dirs create mode 100755 init.d create mode 100644 install create mode 100644 local_config.py create mode 100644 postinst create mode 100644 pydist-overrides create mode 100755 rules create mode 100644 source/format diff --git a/changelog b/changelog new file mode 100644 index 0000000..49569e1 --- /dev/null +++ b/changelog @@ -0,0 +1,5 @@ +mandaye-cud (0.1-1) stable; urgency=medium + + * Initial release + + -- Jérôme Schneider Tue, 03 Jun 2014 19:00:37 +0200 diff --git a/compat b/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/compat @@ -0,0 +1 @@ +7 diff --git a/control b/control new file mode 100644 index 0000000..0e4c410 --- /dev/null +++ b/control @@ -0,0 +1,20 @@ +Source: mandaye-cud +Maintainer: Jerome Schneider +Section: python +Priority: optional +Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 7.4.3) +Standards-Version: 3.9.1 +X-Python-Version: current + +Package: mandaye-cud +Architecture: all +Depends: ${misc:Depends}, ${python:Depends}, + python-mandaye (>= 0.8), + python-beautifulsoup (>= 3.1), + python-crypto (>= 2.6), + python-lasso (>= 2.4.0), + python-psycopg2, + gunicorn (>= 0.17) +Recommends: postgresql, python-raven +Description: CUD Mandaye project, modular authentification reverse proxy + diff --git a/dirs b/dirs new file mode 100644 index 0000000..89ef421 --- /dev/null +++ b/dirs @@ -0,0 +1,4 @@ +etc/mandaye-cud +etc/mandaye-cud/certs +etc/mandaye-cud/sites-available +etc/mandaye-cud/sites-enabled diff --git a/init.d b/init.d new file mode 100755 index 0000000..5887678 --- /dev/null +++ b/init.d @@ -0,0 +1,164 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: mandaye-cud +# Required-Start: $network $local_fs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: authentication reverse proxy for CUD +# Description: authentication reverse proxy for CUD +### END INIT INFO + +# Author: Jérôme Schneider + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +NAME=mandaye-cud +DAEMON=/usr/bin/gunicorn +PID_DIR=/var/run/mandaye-cud +PIDFILE=/var/run/mandaye-cud/$NAME.pid +LOG_DIR=/var/log/mandaye-cud +SCRIPTNAME=/etc/init.d/$NAME + +USER=mandaye-cud +GROUP=mandaye-cud + +DAEMON_ARGS="--pid $PIDFILE \ +--user $USER --group $GROUP \ +--daemon \ +--access-logfile $LOG_DIR/gunicorn-access.log \ +--log-file $LOG_DIR/gunicorn-error.log \ +--bind=unix:$PID_DIR/$NAME.sock \ +--workers=5 \ +--worker-class=sync \ +--timeout=60 \ +mandaye_cud.wsgi:application" + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Create pid directory +[ ! -d $PID_DIR ] && mkdir $PID_DIR && chown $USER:$GROUP $PID_DIR + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME + return 0 +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + diff --git a/install b/install new file mode 100644 index 0000000..ec4ba1f --- /dev/null +++ b/install @@ -0,0 +1 @@ +debian/local_config.py /etc/mandaye-cud/ diff --git a/local_config.py b/local_config.py new file mode 100644 index 0000000..6c04e77 --- /dev/null +++ b/local_config.py @@ -0,0 +1,42 @@ +## SQL Backend config +# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html +# rfc 1738 https://tools.ietf.org/html/rfc1738 +# dialect+driver://username:password@host:port/database +db_url = 'postgresql://mandaye-cud@/mandaye_cud' + +## Logging configuration +debug = False + +# Configuration directory +config_root = '/etc/mandaye-cud/sites-enabled' +# Static folder +static_root = '/usr/share/mandaye-cud/static' +# Data directory +data_dir = '/var/lib/mandaye-cud/data' + +# Raven Sentry configuration +raven_dsn = None + +## Email notification configuration +email_notification = False +smtp_host = 'localhost' +smtp_port = 25 +email_from = 'admin+mandaye-cud@entrouvert.com' +email_to = ['admin+mandaye-cud@entrouvert.com'] + + +## Session configuration +# http://beaker.readthedocs.org/en/latest/configuration.html#options-for-sessions-and-caching +session_opts = { + 'session.type': 'file', + 'session.cookie_expires': True, + 'session.timeout': 3600, + 'session.data_dir': '/var/lib/mandaye-cud/sessions' +} + +## Encrypt service provider passwords with a secret +# You should install pycypto to use this feature +encrypt_sp_password = True +# Must be a 16, 24, or 32 bytes long +encrypt_secret = 'CHANGEME' + diff --git a/postinst b/postinst new file mode 100644 index 0000000..59f86a4 --- /dev/null +++ b/postinst @@ -0,0 +1,65 @@ +#!/bin/sh +# +# Postinst script for mandaye-cud +# + +set -e + +NAME=mandaye-cud +USER=$NAME +GROUP=$NAME +HOME=/var/lib/$NAME + +case "$1" in + configure) + if ! getent group $GROUP > /dev/null 2>&1; then + echo -n "Adding group $GROUP.." + addgroup --quiet --system $GROUP + echo "..done" + fi + if ! getent passwd $USER > /dev/null 2>&1; then + echo -n "Adding user $USER.." + adduser --quiet --system --gecos "Mandaye CUD daemon" \ + --ingroup $GROUP \ + --no-create-home --home $HOME \ + $USER + echo "..done" + fi + if [ ! -f /etc/mandaye-cud/certs/saml.crt -a ! -f /etc/mandaye-cud/certs/saml.key ]; then + echo -n "Generating key material..." >&2 + openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out /etc/mandaye-cud/certs/saml.key >&2 + openssl req -x509 -new -out /etc/mandaye-cud/certs/saml.crt -subj '/CN=whocares' -key /etc/mandaye-cud/certs/saml.key -days 3650 >&2 + chown root:$GROUP /etc/mandaye-cud/certs/saml.crt /etc/mandaye-cud/certs/saml.key + chmod 640 /etc/mandaye-cud/certs/saml.crt /etc/mandaye-cud/certs/saml.key + echo "..done" >&2 + fi + + echo -n "Fixing permissions.." + chown $USER:$GROUP /var/lib/$NAME /var/run/$NAME /var/log/$NAME + chown $USER:$GROUP /var/lib/$NAME/data /var/lib/$NAME/sessions + echo "..done" + + if [ -z "$2" ]; then + echo "Please create your database :" + echo "su $USER -p -c '/usr/bin/mandaye_cud_manager --createdb'" + fi + ;; + + reconfigure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff --git a/pydist-overrides b/pydist-overrides new file mode 100644 index 0000000..d10358f --- /dev/null +++ b/pydist-overrides @@ -0,0 +1,2 @@ +mandaye python-mandaye +pycrypto python-crypto diff --git a/rules b/rules new file mode 100755 index 0000000..d7cb374 --- /dev/null +++ b/rules @@ -0,0 +1,19 @@ +#!/usr/bin/make -f + +BUILD_DIR=$(CURDIR)/debian/mandaye-cud + +%: + dh $@ --with python2 + +override_dh_install: + dh_install + for ver in $(shell pyversions -vr); do \ + ln -s /etc/mandaye-cud/local_config.py $(BUILD_DIR)/usr/lib/python$$ver/dist-packages/mandaye_cud/; \ + done + install -d -m 0755 $(BUILD_DIR)/var/lib/mandaye-cud + install -d -m 0755 $(BUILD_DIR)/var/lib/mandaye-cud/data + install -d -m 0750 $(BUILD_DIR)/var/lib/mandaye-cud/sessions + install -d -m 0755 $(BUILD_DIR)/var/run/mandaye-cud + install -d -m 0755 $(BUILD_DIR)/var/log/mandaye-cud + install -d -m 0755 $(BUILD_DIR)/usr/share/mandaye-cud + cp -R mandaye_cud/static $(BUILD_DIR)/usr/share/mandaye-cud diff --git a/source/format b/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) From 696b0256d186328ce33c45bb02a056c557bd17b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Tue, 17 Jun 2014 16:31:35 +0200 Subject: [PATCH 2/6] Initial release is 0.0.1 and not 0.1 --- changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/changelog b/changelog index 49569e1..b41bf71 100644 --- a/changelog +++ b/changelog @@ -1,4 +1,4 @@ -mandaye-cud (0.1-1) stable; urgency=medium +mandaye-cud (0.0.1-1) stable; urgency=medium * Initial release From aca600dcb9a1e686de80664038fbaf7a3735a350 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Fri, 5 Sep 2014 19:30:58 +0200 Subject: [PATCH 3/6] update to use last mandaye configuration --- config.ini | 27 +++++++++++++++++++++++++++ control | 4 +++- dirs | 6 ++++++ install | 2 +- local_config.py | 42 ------------------------------------------ rules | 9 --------- 6 files changed, 37 insertions(+), 53 deletions(-) create mode 100644 config.ini delete mode 100644 local_config.py diff --git a/config.ini b/config.ini new file mode 100644 index 0000000..54b715f --- /dev/null +++ b/config.ini @@ -0,0 +1,27 @@ +[database] +; http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html +url: postgresql://mandaye-cud@/mandaye-cud + +[dirs] +config_root: /etc/mandaye-cud/sites-enabled +data_dir: /var/lib/mandaye-cud/data +static_root: /usr/share/mandaye-cud/static + +[debug] +debug: false +use_long_trace: true +log_debug: false +; you need to install python-raven for this feature +sentry_dsn: + +[template_vars] +idp_url: https://idp-cud.dev.entrouvert.org + +[session] + file, dbm, memory or memcached +; ; if memcached you need to install python-memcached and memcached +type: memcached +url: 127.0.0.1:11211 +cookie_expires: true +timeout: 3600 +data_dir: /var/lib/mandaye-cud/sessions diff --git a/control b/control index 0e4c410..16b5e3a 100644 --- a/control +++ b/control @@ -9,11 +9,13 @@ X-Python-Version: current Package: mandaye-cud Architecture: all Depends: ${misc:Depends}, ${python:Depends}, - python-mandaye (>= 0.8), + python-mandaye (>= 0.9), python-beautifulsoup (>= 3.1), python-crypto (>= 2.6), python-lasso (>= 2.4.0), + python-memcache, python-psycopg2, + memcached, gunicorn (>= 0.17) Recommends: postgresql, python-raven Description: CUD Mandaye project, modular authentification reverse proxy diff --git a/dirs b/dirs index 89ef421..d25c3da 100644 --- a/dirs +++ b/dirs @@ -2,3 +2,9 @@ etc/mandaye-cud etc/mandaye-cud/certs etc/mandaye-cud/sites-available etc/mandaye-cud/sites-enabled +var/lib/mandaye-cud +var/lib/mandaye-cud/data +var/lib/mandaye-cud/sessions +var/log/mandaye-cud +var/run/mandaye-cud +usr/share/mandaye-cud diff --git a/install b/install index ec4ba1f..b52e46f 100644 --- a/install +++ b/install @@ -1 +1 @@ -debian/local_config.py /etc/mandaye-cud/ +debian/config.ini /etc/mandaye-cud/ diff --git a/local_config.py b/local_config.py deleted file mode 100644 index 6c04e77..0000000 --- a/local_config.py +++ /dev/null @@ -1,42 +0,0 @@ -## SQL Backend config -# http://docs.sqlalchemy.org/en/rel_0_7/core/engines.html -# rfc 1738 https://tools.ietf.org/html/rfc1738 -# dialect+driver://username:password@host:port/database -db_url = 'postgresql://mandaye-cud@/mandaye_cud' - -## Logging configuration -debug = False - -# Configuration directory -config_root = '/etc/mandaye-cud/sites-enabled' -# Static folder -static_root = '/usr/share/mandaye-cud/static' -# Data directory -data_dir = '/var/lib/mandaye-cud/data' - -# Raven Sentry configuration -raven_dsn = None - -## Email notification configuration -email_notification = False -smtp_host = 'localhost' -smtp_port = 25 -email_from = 'admin+mandaye-cud@entrouvert.com' -email_to = ['admin+mandaye-cud@entrouvert.com'] - - -## Session configuration -# http://beaker.readthedocs.org/en/latest/configuration.html#options-for-sessions-and-caching -session_opts = { - 'session.type': 'file', - 'session.cookie_expires': True, - 'session.timeout': 3600, - 'session.data_dir': '/var/lib/mandaye-cud/sessions' -} - -## Encrypt service provider passwords with a secret -# You should install pycypto to use this feature -encrypt_sp_password = True -# Must be a 16, 24, or 32 bytes long -encrypt_secret = 'CHANGEME' - diff --git a/rules b/rules index d7cb374..4de1354 100755 --- a/rules +++ b/rules @@ -7,13 +7,4 @@ BUILD_DIR=$(CURDIR)/debian/mandaye-cud override_dh_install: dh_install - for ver in $(shell pyversions -vr); do \ - ln -s /etc/mandaye-cud/local_config.py $(BUILD_DIR)/usr/lib/python$$ver/dist-packages/mandaye_cud/; \ - done - install -d -m 0755 $(BUILD_DIR)/var/lib/mandaye-cud - install -d -m 0755 $(BUILD_DIR)/var/lib/mandaye-cud/data - install -d -m 0750 $(BUILD_DIR)/var/lib/mandaye-cud/sessions - install -d -m 0755 $(BUILD_DIR)/var/run/mandaye-cud - install -d -m 0755 $(BUILD_DIR)/var/log/mandaye-cud - install -d -m 0755 $(BUILD_DIR)/usr/share/mandaye-cud cp -R mandaye_cud/static $(BUILD_DIR)/usr/share/mandaye-cud From 614aa1ed5c6a6f995a358dc591d86438fff39481 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Fri, 5 Sep 2014 19:50:28 +0200 Subject: [PATCH 4/6] config: fix default configuration --- config.ini | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/config.ini b/config.ini index 54b715f..96739b4 100644 --- a/config.ini +++ b/config.ini @@ -18,8 +18,8 @@ sentry_dsn: idp_url: https://idp-cud.dev.entrouvert.org [session] - file, dbm, memory or memcached -; ; if memcached you need to install python-memcached and memcached +; file, dbm, memory or memcached +; if memcached you need to install python-memcached and memcached type: memcached url: 127.0.0.1:11211 cookie_expires: true From c308fbe46bb27dba0023ee5e2a0c9f82dd4be6f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Mon, 27 Oct 2014 18:34:59 +0100 Subject: [PATCH 5/6] update debian for the new settings system --- init.d | 4 ++++ install | 1 + mandaye_cud_manager | 22 ++++++++++++++++++++++ rules | 2 ++ 4 files changed, 29 insertions(+) create mode 100644 mandaye_cud_manager diff --git a/init.d b/init.d index 5887678..a96bdc5 100755 --- a/init.d +++ b/init.d @@ -18,6 +18,7 @@ PID_DIR=/var/run/mandaye-cud PIDFILE=/var/run/mandaye-cud/$NAME.pid LOG_DIR=/var/log/mandaye-cud SCRIPTNAME=/etc/init.d/$NAME +MANDAYE_CONFIG_FILES=/etc/$NAME/config.ini USER=mandaye-cud GROUP=mandaye-cud @@ -49,6 +50,9 @@ mandaye_cud.wsgi:application" # Depend on lsb-base (>= 3.0-6) to ensure that this file is present. . /lib/lsb/init-functions +# environment for wsgi & settings +export MANDAYE_CONFIG_FILES + # # Function that starts the daemon/service # diff --git a/install b/install index b52e46f..bd1af80 100644 --- a/install +++ b/install @@ -1 +1,2 @@ debian/config.ini /etc/mandaye-cud/ +debian/mandaye_cud_manager /usr/bin/ diff --git a/mandaye_cud_manager b/mandaye_cud_manager new file mode 100644 index 0000000..ea342de --- /dev/null +++ b/mandaye_cud_manager @@ -0,0 +1,22 @@ +#!/bin/sh + +NAME=mandaye-cud +MANAGER="/usr/lib/$NAME/manager.py --config=/etc/$NAME/config.ini" + +# check user +if test x$1 = x"--forceuser" +then + shift +elif test $(id -un) != "$NAME" +then + echo "error: must use $0 with user ${NAME}" + exit 1 +fi + +if test $# -eq 0 +then + python ${MANAGER} --help + exit 1 +fi + +python ${MANAGER} "$@" diff --git a/rules b/rules index 4de1354..b2bf6ad 100755 --- a/rules +++ b/rules @@ -7,4 +7,6 @@ BUILD_DIR=$(CURDIR)/debian/mandaye-cud override_dh_install: dh_install + mv $(BUILD_DIR)/usr/bin/server.py $(BUILD_DIR)/usr/lib/mandaye-cud + mv $(BUILD_DIR)/usr/bin/manager.py $(BUILD_DIR)/usr/lib/mandaye-cud cp -R mandaye_cud/static $(BUILD_DIR)/usr/share/mandaye-cud From 67daf5ecd78eda2f3c4da0eaa4da49d631e433d4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Schneider?= Date: Tue, 28 Oct 2014 09:35:38 +0100 Subject: [PATCH 6/6] debian: fixes server.py and manager.py installation --- dirs | 1 + rules | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/dirs b/dirs index d25c3da..cf49c19 100644 --- a/dirs +++ b/dirs @@ -7,4 +7,5 @@ var/lib/mandaye-cud/data var/lib/mandaye-cud/sessions var/log/mandaye-cud var/run/mandaye-cud +usr/lib/mandaye-cud usr/share/mandaye-cud diff --git a/rules b/rules index b2bf6ad..4f437bb 100755 --- a/rules +++ b/rules @@ -7,6 +7,6 @@ BUILD_DIR=$(CURDIR)/debian/mandaye-cud override_dh_install: dh_install - mv $(BUILD_DIR)/usr/bin/server.py $(BUILD_DIR)/usr/lib/mandaye-cud - mv $(BUILD_DIR)/usr/bin/manager.py $(BUILD_DIR)/usr/lib/mandaye-cud + mv $(BUILD_DIR)/usr/bin/server.py $(BUILD_DIR)/usr/lib/mandaye-cud/server.py + mv $(BUILD_DIR)/usr/bin/manager.py $(BUILD_DIR)/usr/lib/mandaye-cud/manager.py cp -R mandaye_cud/static $(BUILD_DIR)/usr/share/mandaye-cud