diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..b722d9b --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +scrutiny (0-0) unstable; urgency=low + + * Initial release + + -- Frederic Peters Wed, 18 Nov 2015 15:05:16 +0100 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +7 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..24c706a --- /dev/null +++ b/debian/control @@ -0,0 +1,24 @@ +Source: scrutiny +Maintainer: Frederic Peters +Section: python +Priority: optional +Build-Depends: python-setuptools (>= 0.6b3), python-all (>= 2.6.6-3), debhelper (>= 7) +Standards-Version: 3.9.6 +X-Python-Version: >= 2.7 + +Package: python-scrutiny +Architecture: all +Depends: ${misc:Depends}, ${python:Depends}, + python-django (>= 1.7), + python-gadjo +Recommends: python-django-mellon +Description: Tracker of installed modules + +Package: scrutiny +Architecture: all +Depends: ${misc:Depends}, + python-scrutiny (= ${binary:Version}), + python-psycopg2, + gunicorn +Recommends: nginx, postgresql +Description: Tracker of installed modules diff --git a/debian/debian_config.py b/debian/debian_config.py new file mode 100644 index 0000000..fc02a3c --- /dev/null +++ b/debian/debian_config.py @@ -0,0 +1,40 @@ +# This file is sourced by "execfile" from scrutiny.settings + +import os + +PROJECT_NAME = 'scrutiny' + +DEBUG = False +TEMPLATE_DEBUG = False + +SECRET_KEY = file('/etc/%s/secret' % PROJECT_NAME).read() + +ADMINS = ( + ('Tous', 'root@localhost'), +) + +EMAIL_SUBJECT_PREFIX = '[%s] ' % PROJECT_NAME + +ETC_DIR = '/etc/%s' % PROJECT_NAME +VAR_DIR = '/var/lib/%s' % PROJECT_NAME + +# collecstatic destination +STATIC_ROOT = os.path.join(VAR_DIR, 'collectstatic') + +# Browsers may ensure that cookies are only sent under an HTTPS connection +CSRF_COOKIE_SECURE = True +SESSION_COOKIE_SECURE = True +SESSION_EXPIRE_AT_BROWSER_CLOSER = True +SESSION_COOKIE_AGE = 36000 # 10h + +DATABASES = { + 'default': { + 'ENGINE': 'django.db.backends.postgresql_psycopg2', + 'NAME': PROJECT_NAME, + } +} + +# +# local settings +# +execfile(os.path.join(ETC_DIR, 'settings.py')) diff --git a/debian/python-scrutiny.dirs b/debian/python-scrutiny.dirs new file mode 100644 index 0000000..7b24e98 --- /dev/null +++ b/debian/python-scrutiny.dirs @@ -0,0 +1 @@ +/usr/lib/scrutiny diff --git a/debian/python-scrutiny.docs b/debian/python-scrutiny.docs new file mode 100644 index 0000000..2e3abae --- /dev/null +++ b/debian/python-scrutiny.docs @@ -0,0 +1,2 @@ +COPYING +README diff --git a/debian/python-scrutiny.install b/debian/python-scrutiny.install new file mode 100644 index 0000000..dfb9f56 --- /dev/null +++ b/debian/python-scrutiny.install @@ -0,0 +1,2 @@ +usr/bin/manage.py /usr/lib/scrutiny +usr/lib/python2*/*-packages diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..de1bd88 --- /dev/null +++ b/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ --with python2 diff --git a/debian/scrutiny-manage b/debian/scrutiny-manage new file mode 100755 index 0000000..c6f0ad6 --- /dev/null +++ b/debian/scrutiny-manage @@ -0,0 +1,25 @@ +#!/bin/sh + +NAME=scrutiny +MANAGE=/usr/lib/$NAME/manage.py + +# load Debian default configuration +export SCRUTINY_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py + +# check user +if test x$1 = x"--forceuser" +then + shift +elif test $(id -un) != "$NAME" +then + echo "error: must use $0 with user ${NAME}" + exit 1 +fi + +if test $# -eq 0 +then + python ${MANAGE} help + exit 1 +fi + +python ${MANAGE} "$@" diff --git a/debian/scrutiny.dirs b/debian/scrutiny.dirs new file mode 100644 index 0000000..45b4706 --- /dev/null +++ b/debian/scrutiny.dirs @@ -0,0 +1,5 @@ +/etc/scrutiny +/usr/lib/scrutiny +/var/lib/scrutiny/collectstatic +/var/lib/scrutiny/tenants +/var/log/scrutiny diff --git a/debian/scrutiny.docs b/debian/scrutiny.docs new file mode 100644 index 0000000..2e3abae --- /dev/null +++ b/debian/scrutiny.docs @@ -0,0 +1,2 @@ +COPYING +README diff --git a/debian/scrutiny.init b/debian/scrutiny.init new file mode 100644 index 0000000..62473be --- /dev/null +++ b/debian/scrutiny.init @@ -0,0 +1,195 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: scrutiny +# Required-Start: $network $local_fs $remote_fs $syslog +# Required-Stop: $network $local_fs $remote_fs $syslog +# Should-start: postgresql +# Should-stop: postgresql +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Portal Management System +# Description: Portal Management System +### END INIT INFO + +# Author: Entr'ouvert + +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC="Tracker of installed modules" +NAME=scrutiny +DAEMON=/usr/bin/gunicorn +RUN_DIR=/run/$NAME +PIDFILE=$RUN_DIR/$NAME.pid +LOG_DIR=/var/log/$NAME +SCRIPTNAME=/etc/init.d/$NAME +BIND=unix:$RUN_DIR/$NAME.sock +WORKERS=5 +TIMEOUT=30 + +SCRUTINY_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py +MANAGE_SCRIPT="/usr/bin/$NAME-manage" + +USER=$NAME +GROUP=$NAME + +# Exit if the package is not installed +[ -x $MANAGE_SCRIPT ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +DAEMON_ARGS=${DAEMON_ARGS:-"--pid $PIDFILE \ +--user $USER --group $GROUP \ +--daemon \ +--access-logfile $LOG_DIR/gunicorn-access.log \ +--log-file $LOG_DIR/gunicorn-error.log \ +--bind=$BIND \ +--workers=$WORKERS \ +--worker-class=sync \ +--timeout=$TIMEOUT \ +--name $NAME \ +$NAME.wsgi:application"} + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# Create /run directory +if [ ! -d $RUN_DIR ]; then + install -d -m 755 -o $USER -g $GROUP $RUN_DIR +fi + +# environment for wsgi +export SCRUTINY_SETTINGS_FILE + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + || return 1 + start-stop-daemon --start --quiet --exec $DAEMON -- \ + $DAEMON_ARGS \ + || return 2 +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` + return 0 +} + +do_migrate() { + log_action_msg "Applying migrations (migrate_schemas).." + su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT migrate_schemas" + log_action_msg "done" +} + +do_collectstatic() { + log_action_msg "Collect static files (collectstatic).." + su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT collectstatic --noinput" + log_action_msg "done" +} + +case "$1" in + start) + log_daemon_msg "Starting $DESC " "$NAME" + do_migrate + do_collectstatic + do_start + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + stop) + log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + log_daemon_msg "Reloading $DESC" "$NAME" + do_collectstatic + do_migrate + do_reload + log_end_msg $? + ;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_migrate + do_collectstatic + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload}" >&2 + exit 3 + ;; +esac diff --git a/debian/scrutiny.install b/debian/scrutiny.install new file mode 100644 index 0000000..1ce7a46 --- /dev/null +++ b/debian/scrutiny.install @@ -0,0 +1,3 @@ +debian/scrutiny-manage /usr/bin +debian/settings.py /etc/scrutiny +debian/debian_config.py /usr/lib/scrutiny diff --git a/debian/scrutiny.postinst b/debian/scrutiny.postinst new file mode 100644 index 0000000..1a0b96b --- /dev/null +++ b/debian/scrutiny.postinst @@ -0,0 +1,44 @@ +#! /bin/sh + +set -e + +NAME="scrutiny" +USER=$NAME +GROUP=$NAME +CONFIG_DIR="/etc/$NAME" + +case "$1" in + configure) + + # make sure the administrative user exists + if ! getent passwd $USER >/dev/null; then + adduser --disabled-password --quiet --system \ + --no-create-home --home /var/lib/$NAME \ + --gecos "$NAME user" --group $USER + fi + # ensure dirs ownership + chown $USER:$GROUP /var/log/$NAME + chown $USER:$GROUP /var/lib/$NAME/collectstatic + chown $USER:$GROUP /var/lib/$NAME/tenants + # create a secret file + SECRET_FILE=$CONFIG_DIR/secret + if [ ! -f $SECRET_FILE ]; then + echo -n "Generating Django secret..." >&2 + cat /dev/urandom | tr -dc [:alnum:]-_\!\%\^:\; | head -c70 > $SECRET_FILE + chown root:$GROUP $SECRET_FILE + chmod 0440 $SECRET_FILE + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/settings.py b/debian/settings.py new file mode 100644 index 0000000..45b036a --- /dev/null +++ b/debian/settings.py @@ -0,0 +1,55 @@ +# Configuration for scrutiny. +# You can override Scrutiny default settings here + +# Scrutiny is a Django application: for the full list of settings and their +# values, see https://docs.djangoproject.com/en/1.7/ref/settings/ +# For more information on settings see +# https://docs.djangoproject.com/en/1.7/topics/settings/ + +# WARNING! Quick-start development settings unsuitable for production! +# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ + +# This file is sourced by "execfile" from /usr/lib/scrutiny/debian_config.py + +# SECURITY WARNING: don't run with debug turned on in production! +DEBUG = False +TEMPLATE_DEBUG = False + +#ADMINS = ( +# # ('User 1', 'watchdog@example.net'), +# # ('User 2', 'janitor@example.net'), +#) + +# ALLOWED_HOSTS must be correct in production! +# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts +ALLOWED_HOSTS = [ + '*', +] + +# Databases +# Default: a local database named "scrutiny" +# https://docs.djangoproject.com/en/1.7/ref/settings/#databases +# Warning: don't change ENGINE +# DATABASES['default']['NAME'] = 'scrutiny' +# DATABASES['default']['USER'] = 'scrutiny' +# DATABASES['default']['PASSWORD'] = '******' +# DATABASES['default']['HOST'] = 'localhost' +# DATABASES['default']['PORT'] = '5432' + +LANGUAGE_CODE = 'fr-fr' +TIME_ZONE = 'Europe/Paris' + +# Email configuration +# EMAIL_SUBJECT_PREFIX = '[scrutiny] ' +# SERVER_EMAIL = 'root@scrutiny.example.org' +# DEFAULT_FROM_EMAIL = 'webmaster@scrutiny.example.org' + +# SMTP configuration +# EMAIL_HOST = 'localhost' +# EMAIL_HOST_USER = '' +# EMAIL_HOST_PASSWORD = '' +# EMAIL_PORT = 25 + +# HTTPS Security +# CSRF_COOKIE_SECURE = True +# SESSION_COOKIE_SECURE = True