From 63c538a19438eaac23dd6b627f00d5ceee0e43fa Mon Sep 17 00:00:00 2001 From: Roland Mas Date: Fri, 19 Aug 2011 13:04:06 +0000 Subject: [PATCH] Merged from 5.1: "More bits" from Olivier --- .gitattributes | 2 ++ src/deb-specific/install-db.sh | 2 +- src/debian/README.source | 3 ++- src/debian/changelog | 13 ++++++++++--- .../dsf-helper/dbpasswd-variables.config | 17 +++++++++++++---- src/debian/dsf-helper/ucf-choices.templates | 17 +++++++++++++++++ src/debian/dsf-in/common.postinst | 16 +++++++++++++--- .../dsf-in/db-postgresql.postinst.dsfh-in | 14 +++++++++++++- src/debian/dsf-in/db-postgresql.prerm | 3 ++- .../dsf-in/db-postgresql.templates.dsfh-in | 2 ++ src/debian/dsf-in/shell-postgresql.postinst | 18 ++++++++++++++++++ src/debian/dsf-in/shell-postgresql.prerm | 7 +++++-- src/debian/dsf-in/web-apache2.postinst.dsfh-in | 2 +- src/debian/rules | 2 +- src/docs/README.NSS-pgsql | 2 +- src/etc/README.httpd-conf-d-flavours | 8 ++++++++ src/etc/httpd.conf.d/secrets.inc | 7 +++++-- src/packaging/control/011meta-minimal | 2 +- src/utils/install-nsspgsql.sh | 9 +++++---- src/utils/manage-apache-config.sh | 13 ++++++++++++- 20 files changed, 132 insertions(+), 27 deletions(-) create mode 100644 src/debian/dsf-helper/ucf-choices.templates create mode 100644 src/etc/README.httpd-conf-d-flavours diff --git a/.gitattributes b/.gitattributes index 277a98e731..f5db8b0231 100644 --- a/.gitattributes +++ b/.gitattributes @@ -629,6 +629,7 @@ src/deb-specific/user_dump_update.pl svneol=native#text/x-perl src/debian/NEWS.Debian -text src/debian/README.source -text src/debian/compat -text +src/debian/dsf-helper/ucf-choices.templates -text src/debian/dsf-in/plugin-mailman.postrm -text src/debian/dsf-in/plugin-mailman.preinst -text src/debian/dsf-in/plugin-scmbzr.init.d -text @@ -707,6 +708,7 @@ src/docs/docbook/docbook/user_guide/user_guide.xml svneol=native#text/xml src/docs/fusionforge.doxygen -text src/docs/list_of_public_fusionforge -text src/etc/README -text +src/etc/README.httpd-conf-d-flavours -text src/etc/config.ini-fhs -text src/etc/config.ini-opt -text src/etc/config.ini-usrlocal -text diff --git a/src/deb-specific/install-db.sh b/src/deb-specific/install-db.sh index 14b208a16d..34e480bb09 100755 --- a/src/deb-specific/install-db.sh +++ b/src/deb-specific/install-db.sh @@ -116,7 +116,7 @@ case "$target" in rm -f $cur cur=$(mktemp /tmp/$pattern) - perl -e "open F, \"${pg_hba_dir}/pg_hba.conf.gforge-new\" or die \$!; undef \$/; \$l=; \$l=~ s/^### BEGIN GFORGE BLOCK -- DO NOT EDIT.*### END GFORGE BLOCK -- DO NOT EDIT\$/### BEGIN GFORGE BLOCK -- DO NOT EDIT\nlocal $db_name $db_user md5\nlocal $db_name ${db_user}_nss trust\nlocal $db_name list ident\nlocal $db_name ${db_user}_mta md5\n### END GFORGE BLOCK -- DO NOT EDIT/ms; print \$l;" > $cur + perl -e "open F, \"${pg_hba_dir}/pg_hba.conf.gforge-new\" or die \$!; undef \$/; \$l=; \$l=~ s/^### BEGIN GFORGE BLOCK -- DO NOT EDIT.*### END GFORGE BLOCK -- DO NOT EDIT\$/### BEGIN GFORGE BLOCK -- DO NOT EDIT\n# user which is used by libnss to access the DB (see \/etc\/nss-pgsql.conf)\nlocal $db_name ${db_user}_nss trust\nlocal $db_name list ident\nlocal $db_name ${db_user}_mta md5\n### END GFORGE BLOCK -- DO NOT EDIT/ms; print \$l;" > $cur cat $cur > ${pg_hba_dir}/pg_hba.conf.gforge-new rm -f $cur diff --git a/src/debian/README.source b/src/debian/README.source index 9c537f89c2..bc8864efe6 100644 --- a/src/debian/README.source +++ b/src/debian/README.source @@ -15,6 +15,7 @@ i.e. the source package's diffs include "non packaging" changes outside debian/ too, as direct patches to upstream sources. More precisely : + - fusionforge-5.1-4 is in sync with upstream SVN contents as of rev. 14120; - fusionforge-5.1-3 is in sync with upstream SVN contents as of rev. 14089; - fusionforge-5.1-2 is in sync with upstream SVN contents as of rev. 14087; - fusionforge-5.1-1 is in sync with upstream SVN contents as of rev. 14081. @@ -28,4 +29,4 @@ The following may provide more details on variations between the upstream main version and Debian's packaging : http://patch-tracker.debian.org/package/fusionforge - -- Olivier Berger , Fri, 12 Aug 2011 13:33:32 +0200 + -- Olivier Berger , Tue, 16 Aug 2011 17:14:45 +0200 diff --git a/src/debian/changelog b/src/debian/changelog index 5e0a30787c..11cf726137 100644 --- a/src/debian/changelog +++ b/src/debian/changelog @@ -6,9 +6,16 @@ fusionforge (5.1.50~) UNRELEASED; urgency=low fusionforge (5.1-4+) UNRELEASED; urgency=low - * - - -- Roland Mas Tue, 16 Aug 2011 16:32:30 +0200 + [ Olivier Berger ] + * Better document in README.source how the package is build vs upstream + SVN repo. + * Manage pg_hba.conf with custom ucf template that should be less + ambiguous, including a proper default value. + * Use explicit db host connection on 127.0.0.1 in order to avoid some + changes in pg_hba.conf. + * Fix bits around ucf (using ucfr / ucfq) + + -- Olivier Berger Wed, 17 Aug 2011 13:04:43 +0200 fusionforge (5.1-4) unstable; urgency=low diff --git a/src/debian/dsf-helper/dbpasswd-variables.config b/src/debian/dsf-helper/dbpasswd-variables.config index eb3ad6d28b..59807cbe80 100644 --- a/src/debian/dsf-helper/dbpasswd-variables.config +++ b/src/debian/dsf-helper/dbpasswd-variables.config @@ -1,11 +1,20 @@ #- beginning of included section from dbpasswd-variables.config db_fget @PACKAGE@/shared/db_password seen || true if [ "$RET" = "false" ]; then - db_set @PACKAGE@/shared/db_password $(gen_random_pw) + pw=$(gen_random_pw) + if [ -e /etc/gforge/config.ini.d/debian-install-secrets.ini ]; then + pw=$(grep '^database_password=' /etc/gforge/config.ini.d/debian-install-secrets.ini | sed 's/database_password=//') + echo "Since you asked not to see all the debconf questions, I reused the" + echo "password for the database that was already set in " + echo "/etc/gforge/config.ini.d/debian-install-secrets.ini." + echo "Use it if you want to have a peek at the database by hand." + else + echo "Since you asked not to see all the debconf questions, I generated a random" + echo "password for the database. Use it if you want to have a peek at the" + echo "database by hand. It is '$pw'." + fi + db_set @PACKAGE@/shared/db_password $pw db_get @PACKAGE@/shared/db_password || true - echo "Since you asked not to see all the debconf questions, I generated a random" - echo "password for the database. Use it if you want to have a peek at the" - echo "database by hand. It is '${RET}'." ; db_fset @PACKAGE@/shared/db_password seen true fi diff --git a/src/debian/dsf-helper/ucf-choices.templates b/src/debian/dsf-helper/ucf-choices.templates new file mode 100644 index 0000000000..de849ba16e --- /dev/null +++ b/src/debian/dsf-helper/ucf-choices.templates @@ -0,0 +1,17 @@ +# These templates have been reviewed by the debian-l10n-english +# team +# +# If modifications/additions/rewording are needed, please ask +# debian-l10n-english@lists.debian.org for advice. +# +# Even minor modifications require translation updates and such +# changes should be coordinated with translators and reviewers. + +Template: @PACKAGE@/ucfchangeprompt +Type: select +__Choices: install the new version configured by @PACKAGE@, keep the local version currently installed, show the differences between the versions, show a side-by-side difference between the versions, start a new shell to examine the situation +Choices-C: install_new, keep_current, diff, sdiff, shell +Default: install_new +_Description: What do you want to do about configuration file ${BASENAME}? + The configuration file ${FILE} needs to be modified by @PACKAGE@, + whereas it is also a configuration file of the postgresql package. diff --git a/src/debian/dsf-in/common.postinst b/src/debian/dsf-in/common.postinst index 87c91298e6..0e39fd166b 100644 --- a/src/debian/dsf-in/common.postinst +++ b/src/debian/dsf-in/common.postinst @@ -58,8 +58,13 @@ EOF fi if [ ! -e /etc/gforge/config.ini.d/debian-install-secrets.ini ] ; then t=$(mktemp /etc/gforge/config.ini.d/debian-install-secrets.ini.XXXXXX) - db_get @PACKAGE@/shared/db_password || true - pw=$RET + pw= + db_fget @PACKAGE@/shared/db_password seen || true + seen="$RET" + if [ "$seen" = "true" ]; then + db_get @PACKAGE@/shared/db_password || true + pw=$RET + fi if [ "$pw" = "" ] ; then if [ -c /dev/urandom ]; then # ...using /dev/urandom when possible pw=$(dd if=/dev/urandom count=1 bs=16 2> /dev/null | md5sum | cut -c-32) @@ -79,8 +84,13 @@ EOF ; You can edit the values here or move them to other files. ; These values should not go into world-readable files! +; ATTENTION : these configuration variables may not be used directly +; by the PHP scripts run by apache. +; See contents of secrets.inc which is loaded by Apache conf files too + [core] -database_host="" +; 127.0.0.1 instead of "" in order to avoid the need to modifying pg_hba.conf +database_host=127.0.0.1 database_name=gforge database_user=gforge database_port=5432 diff --git a/src/debian/dsf-in/db-postgresql.postinst.dsfh-in b/src/debian/dsf-in/db-postgresql.postinst.dsfh-in index facce9d3e7..bf405ee646 100644 --- a/src/debian/dsf-in/db-postgresql.postinst.dsfh-in +++ b/src/debian/dsf-in/db-postgresql.postinst.dsfh-in @@ -58,7 +58,19 @@ case "$1" in # Patch DB configuration files /usr/share/@OLDPACKAGE@/bin/install-db.sh configure-files - ucf --debconf-ok ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new ${pg_hba_dir}/pg_hba.conf + + # At first, the pg_hba.conf file is not yet handled by ucf, so + # we don't display the usual template, but instead a custom + # one (fusionforge/ucfchangeprompt) + ucf_package=`ucfq -w ${pg_hba_dir}/pg_hba.conf | cut -d ':' -f 2` + if [ "x$ucf_package" != "x@OLDPACKAGE@-db-postgresql" ] + then + ucf --debconf-ok --debconf-template fusionforge/ucfchangeprompt ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new ${pg_hba_dir}/pg_hba.conf + else + ucf --debconf-ok ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new ${pg_hba_dir}/pg_hba.conf + fi + # register it with ucfr/ucfq so that next time the normal ucf template is used, in case of user changes (or another package's) + ucfr @OLDPACKAGE@-db-postgresql /etc/postgresql/9.0/main/pg_hba.conf rm ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new # Make sure the database accepts connections from these new users diff --git a/src/debian/dsf-in/db-postgresql.prerm b/src/debian/dsf-in/db-postgresql.prerm index 0951a201b5..6b114bc046 100644 --- a/src/debian/dsf-in/db-postgresql.prerm +++ b/src/debian/dsf-in/db-postgresql.prerm @@ -14,7 +14,7 @@ then pg_version=`pg_lsclusters | grep 5432 | grep online | cut -d' ' -f1` if [ "x$pg_version" != "x" ] then - export pg_hba_dir=/etc/postgresql/${pg_version}/main/ + export pg_hba_dir=/etc/postgresql/${pg_version}/main else echo "No database found online on port 5432" echo "Couldn't initialize or upgrade @OLDPACKAGE@ database." @@ -53,6 +53,7 @@ case "$1" in ucf --debconf-ok ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new ${pg_hba_dir}/pg_hba.conf rm ${pg_hba_dir}/pg_hba.conf.@OLDPACKAGE@-new ucf --purge ${pg_hba_dir}/pg_hba.conf + ucfr --purge @OLDPACKAGE@-db-postgresql ${pg_hba_dir}/pg_hba.conf pg_name=postgresql-$pg_version # Trying "postgresql" init script... diff --git a/src/debian/dsf-in/db-postgresql.templates.dsfh-in b/src/debian/dsf-in/db-postgresql.templates.dsfh-in index cb89884a14..5831e1ecb0 100644 --- a/src/debian/dsf-in/db-postgresql.templates.dsfh-in +++ b/src/debian/dsf-in/db-postgresql.templates.dsfh-in @@ -55,3 +55,5 @@ _Description: Password confirmation: #DSFHELPER:web-variables# #DSFHELPER:groupid-variables# + +#DSFHELPER:ucf-choices# diff --git a/src/debian/dsf-in/shell-postgresql.postinst b/src/debian/dsf-in/shell-postgresql.postinst index 912e7f5a04..8d51abb4cc 100644 --- a/src/debian/dsf-in/shell-postgresql.postinst +++ b/src/debian/dsf-in/shell-postgresql.postinst @@ -29,9 +29,27 @@ case "$1" in configure) # Patch NSS configuration files /usr/share/@OLDPACKAGE@/bin/install-nsspgsql.sh configure-files + + # There's probably no /etc/nss-pgsql.conf yet (none provided by default with libnss-pgsql2) + if [ ! -f /etc/nss-pgsql.conf ]; then + # Install default version, identical to the one managed with ucf : ucf won't prompt us this time + cp /etc/nss-pgsql.conf.gforge-new /etc/nss-pgsql.conf + fi ucf --debconf-ok /etc/nss-pgsql.conf.@OLDPACKAGE@-new /etc/nss-pgsql.conf + ucfr @OLDPACKAGE@-shell-postgresql /etc/nss-pgsql.conf + + # There's probably no /etc/nss-pgsql.conf yet (none provided by default with libnss-pgsql2) + if [ ! -f /etc/nss-pgsql-root.conf ]; then + # Install default version, identical to the one managed with ucf : ucf won't prompt this time + cp /etc/nss-pgsql-root.conf.@OLDPACKAGE@-new /etc/nss-pgsql-root.conf + fi ucf --debconf-ok /etc/nss-pgsql-root.conf.@OLDPACKAGE@-new /etc/nss-pgsql-root.conf + ucfr @OLDPACKAGE@-shell-postgresql /etc/nss-pgsql-root.conf + + # There should be a nsswitch.conf, so we have to manage it ucf --debconf-ok /etc/nsswitch.conf.@OLDPACKAGE@-new /etc/nsswitch.conf + ucfr @OLDPACKAGE@-shell-postgresql /etc/nsswitch.conf + rm /etc/nss-pgsql.conf.@OLDPACKAGE@-new rm /etc/nss-pgsql-root.conf.@OLDPACKAGE@-new rm /etc/nsswitch.conf.@OLDPACKAGE@-new diff --git a/src/debian/dsf-in/shell-postgresql.prerm b/src/debian/dsf-in/shell-postgresql.prerm index 9a032b7f2d..e3dcc49f16 100644 --- a/src/debian/dsf-in/shell-postgresql.prerm +++ b/src/debian/dsf-in/shell-postgresql.prerm @@ -29,9 +29,12 @@ case "$1" in rm /etc/nss-pgsql.conf.@OLDPACKAGE@-new rm /etc/nss-pgsql-root.conf.@OLDPACKAGE@-new rm /etc/nsswitch.conf.@OLDPACKAGE@-new - ucf --purge /etc/libnss-pgsql.conf - ucf --purge /etc/libnss-pgsql-root.conf + ucf --purge /etc/nss-pgsql.conf + ucfr --purge @OLDPACKAGE@-shell-postgresql /etc/nss-pgsql.conf + ucf --purge /etc/nss-pgsql-root.conf + ucfr --purge @OLDPACKAGE@-shell-postgresql /etc/nss-pgsql-root.conf ucf --purge /etc/nsswitch.conf + ucfr --purge @OLDPACKAGE@-shell-postgresql /etc/nsswitch.conf # Clean debconf after ourselves db_stop diff --git a/src/debian/dsf-in/web-apache2.postinst.dsfh-in b/src/debian/dsf-in/web-apache2.postinst.dsfh-in index e6236ce780..2e27e51ae7 100644 --- a/src/debian/dsf-in/web-apache2.postinst.dsfh-in +++ b/src/debian/dsf-in/web-apache2.postinst.dsfh-in @@ -83,7 +83,7 @@ case "$1" in if [ -e /etc/apache2/conf.d/@OLDPACKAGE@.httpd.conf ] ; then rm -f /etc/apache2/conf.d/@OLDPACKAGE@.httpd.conf fi - if [ -d /etc/apache2/sites-available ] && [ ! -e /etc/apache2/sites-available/@OLDPACKAGE@ ] ; then + if [ -d /etc/apache2/sites-available ] && [ ! -h /etc/apache2/sites-available/@OLDPACKAGE@ ] ; then ln -s /etc/@OLDPACKAGE@/httpd.conf /etc/apache2/sites-available/@OLDPACKAGE@ fi a2ensite @OLDPACKAGE@ diff --git a/src/debian/rules b/src/debian/rules index f4dd4880be..0924a7940d 100755 --- a/src/debian/rules +++ b/src/debian/rules @@ -160,7 +160,7 @@ build: patch remove-binary-files debian/po/templates.pot conffiles # Build gettext *.mo files utils/manage-translations.sh build -# Build FHS-compatible Apache config files +# Build FHS-compatible Apache config files (generates contents of etc/httpd.conf.d-fhs/ etc.) utils/manage-apache-config.sh build # Preprocess files with DSF-Helper diff --git a/src/docs/README.NSS-pgsql b/src/docs/README.NSS-pgsql index 541bf5d49a..e09be3176e 100644 --- a/src/docs/README.NSS-pgsql +++ b/src/docs/README.NSS-pgsql @@ -37,7 +37,7 @@ common ones are: /lib/libnss_hesiod.so.X implements `hesiod' source for glibc2 /lib/libnss_nis.so.X implements `nis' source for glibc2 /lib/libnss_nisplus.so.2 implements `nisplus' source for glibc 2.1 -the one we uses is: +the one we use is: /lib/libnss_pgsql.so.2.0.0 Configuration files: diff --git a/src/etc/README.httpd-conf-d-flavours b/src/etc/README.httpd-conf-d-flavours new file mode 100644 index 0000000000..87ab76ff7a --- /dev/null +++ b/src/etc/README.httpd-conf-d-flavours @@ -0,0 +1,8 @@ +The different httpd.conf.d-*/ directories are *generated* out of +contents of httpd.conf.d/. + +See src/utils/manage-apache-config.sh + +Please make modifications in the source files inside httpd.conf.d/. + +-- Olivier Berger diff --git a/src/etc/httpd.conf.d/secrets.inc b/src/etc/httpd.conf.d/secrets.inc index 1a08abc3f5..1a288cbf11 100644 --- a/src/etc/httpd.conf.d/secrets.inc +++ b/src/etc/httpd.conf.d/secrets.inc @@ -1,5 +1,8 @@ -#RequestHeader unset GForgeDbhost -#RequestHeader append GForgeDbhost "{core/database_host}" +# Settings for configuration variables that are normally kept in a configuration file unreadable to www-data +# Restart Apache after changing these + +RequestHeader unset GForgeDbhost +RequestHeader append GForgeDbhost "{core/database_host}" RequestHeader unset GForgeDbport RequestHeader append GForgeDbport "{core/database_port}" diff --git a/src/packaging/control/011meta-minimal b/src/packaging/control/011meta-minimal index 294951e66e..c860e9b9a9 100644 --- a/src/packaging/control/011meta-minimal +++ b/src/packaging/control/011meta-minimal @@ -3,5 +3,5 @@ Architecture: all Conflicts: sourceforge, @OLDPACKAGE@-cvs, @OLDPACKAGE@-common (<< ${source:Version}), @OLDPACKAGE@ Replaces: @OLDPACKAGE@ Provides: @OLDPACKAGE@ -Depends: debconf (>= 1.0.32) | debconf-2.0, ucf, @OLDPACKAGE@-common (=${source:Version}), @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, ${misc:Depends} +Depends: debconf (>= 1.0.32) | debconf-2.0, ucf, @OLDPACKAGE@-common (>=${source:Version}), @OLDPACKAGE@-web-apache2 | @OLDPACKAGE@-web, @OLDPACKAGE@-db-postgresql | @OLDPACKAGE@-db, ${misc:Depends} Description: FusionForge collaborative development tool - minimal metapackage diff --git a/src/utils/install-nsspgsql.sh b/src/utils/install-nsspgsql.sh index 065320adec..b80bdb2550 100755 --- a/src/utils/install-nsspgsql.sh +++ b/src/utils/install-nsspgsql.sh @@ -1,6 +1,6 @@ #! /bin/bash # -# Configure LDAP for GForge +# Configure NSS for PostGreSQL for GForge # Christian Bayle, Roland Mas # Initially written for debian-sf (Sourceforge for Debian) # Adapted as time went by for Gforge then for FusionForge @@ -37,13 +37,14 @@ modify_pam_pgsql(){ # echo "Nothing to do" } -# Check/Modify /etc/libnss-ldap.conf +# Check/Modify /etc/libnss-pgsql.conf configure_libnss_pgsql(){ cat > /etc/nss-pgsql.conf.gforge-new < httpd.conf.d-fhs/$(basename $i) done - + + # /opt like paths mkdir -p httpd.conf.d-opt for i in httpd.conf.d/*.inc httpd.conf.d/*.conf ; do sed -e 's,{core/config_path},/etc/gforge,g' \ @@ -43,6 +53,7 @@ case $1 in $i > httpd.conf.d-opt/$(basename $i) done + # /usr/local like paths mkdir -p httpd.conf.d-usrlocal for i in httpd.conf.d/*.inc httpd.conf.d/*.conf ; do sed -e 's,{core/config_path},/etc/gforge,g' \ -- 2.30.2