Clean up debian/ directory, enable upstart.

svn path=/branches/tk377/; revision=5027

1 files changed, 50 insertions, 304 deletions

diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py
index 777f4618..a388c067 100644
--- a/buildtools/debian-package-skeleton.py
+++ b/buildtools/debian-package-skeleton.py
@@ -188,159 +188,82 @@ License: SSLeay
  [including the GNU Public Licence.]
 ''')
 
-with open('debian/postinst.ex', "wb") as f:
+with open('debian/rpki-ca.install', "wb") as f:
   f.write('''\
-#!/bin/sh
-# postinst script for rpki-rp
-#
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postinst> `configure' <most-recently-configured-version>
-#        * <old-postinst> `abort-upgrade' <new version>
-#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
-#          <new-version>
-#        * <postinst> `abort-remove'
-#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
-#          <failed-install-package> <version> `removing'
-#          <conflicting-package> <version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    configure)
-    ;;
-
-    abort-upgrade|abort-remove|abort-deconfigure)
-    ;;
-
-    *)
-        echo "postinst called with unknown argument \\`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
+etc/rpki.conf.sample
+etc/rpki/apache.conf
+etc/rpki/settings.py
+usr/lib
+usr/sbin
+usr/share
 ''')
 
-with open('debian/postrm.ex', "wb") as f:
+with open('debian/rpki-ca.lintian-overrides', "wb") as f:
   f.write('''\
-#!/bin/sh
-# postrm script for rpki-rp
+# The RPKI code requires a copy of the OpenSSL library with both the
+# CMS code and RFC 3779 code enabled.  All recent versions of OpenSSL
+# include this code, but it's not enabled on all platforms.  On Ubuntu
+# 12.04 LTS, the RFC 3779 code is disabled.  So we take the least bad
+# of our several bad options, and carefully link against a private
+# copy of the OpenSSL crypto library built with the options we need,
+# with all the voodoo necessary to avoid conflicts with, eg, the
+# OpenSSL shared libraries that are already linked into Python.
 #
-# see: dh_installdeb(1)
-
-set -e
-
-# summary of how this script can be called:
-#        * <postrm> `remove'
-#        * <postrm> `purge'
-#        * <old-postrm> `upgrade' <new-version>
-#        * <new-postrm> `failed-upgrade' <old-version>
-#        * <new-postrm> `abort-install'
-#        * <new-postrm> `abort-install' <old-version>
-#        * <new-postrm> `abort-upgrade' <old-version>
-#        * <disappearer's-postrm> `disappear' <overwriter>
-#          <overwriter-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
-    ;;
-
-    *)
-        echo "postrm called with unknown argument \\`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
+# It would be totally awesome if the OpenSSL package maintainers were
+# to enable the RFC 3779 code for us, but I'm not holding my breath.
+#
+# In the meantime, we need to tell lintian to allow this nasty hack.
 
-exit 0
+rpki-ca: embedded-library
 ''')
 
-with open('debian/preinst.ex', "wb") as f:
+with open('debian/rpki-ca.postinst', "wb") as f:
   f.write('''\
 #!/bin/sh
-# preinst script for rpki-rp
+# postinst script for rpki-ca
 #
 # see: dh_installdeb(1)
 
 set -e
 
-# summary of how this script can be called:
-#        * <new-preinst> `install'
-#        * <new-preinst> `install' <old-version>
-#        * <new-preinst> `upgrade' <old-version>
-#        * <old-preinst> `abort-upgrade' <new-version>
-# for details, see http://www.debian.org/doc/debian-policy/ or
-# the debian-policy package
-
-
-case "$1" in
-    install|upgrade)
-    ;;
-
-    abort-upgrade)
-    ;;
-
-    *)
-        echo "preinst called with unknown argument \\`$1'" >&2
-        exit 1
-    ;;
-esac
-
-# dh_installdeb will replace this with shell code automatically
-# generated by other debhelper scripts.
-
-#DEBHELPER#
-
-exit 0
-''')
-
-with open('debian/prerm.ex', "wb") as f:
-  f.write('''\
-#!/bin/sh
-# prerm script for rpki-rp
-#
-# see: dh_installdeb(1)
+setup_rpkid_user() {
+    if ! getent passwd rpkid >/dev/null
+    then
+	useradd -g rpkid -M -N -d /nonexistent -s /sbin/nologin -c "RPKI certification authority engine(s)" rpkid
+    fi
+}
 
-set -e
+setup_rpkid_group() {
+    if ! getent group rpkid >/dev/null
+    then
+	groupadd rpkid
+    fi
+}
 
 # summary of how this script can be called:
-#        * <prerm> `remove'
-#        * <old-prerm> `upgrade' <new-version>
-#        * <new-prerm> `failed-upgrade' <old-version>
-#        * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
-#        * <deconfigured's-prerm> `deconfigure' `in-favour'
-#          <package-being-installed> <version> `removing'
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
 #          <conflicting-package> <version>
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 
 
 case "$1" in
-    remove|upgrade|deconfigure)
+    configure)
+	setup_rpkid_group
+	setup_rpkid_user
     ;;
 
-    failed-upgrade)
+    abort-upgrade|abort-remove|abort-deconfigure)
     ;;
 
     *)
-        echo "prerm called with unknown argument \\`$1'" >&2
+        echo "postinst called with unknown argument \\`$1'" >&2
         exit 1
     ;;
 esac
@@ -353,171 +276,7 @@ esac
 exit 0
 ''')
 
-with open('debian/rpki-ca.init.d.ex', "wb") as f:
-  f.write('''\
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          rpki-ca
-# Required-Start:    $network $local_fs
-# Required-Stop:
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: <Enter a short description of the sortware>
-# Description:       <Enter a long description of the software>
-#                    <...>
-#                    <...>
-### END INIT INFO
-
-# Author: Rob Austein <sra@hactrn.net>
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC=rpki-ca             # Introduce a short description here
-NAME=rpki-ca             # Introduce the short server's name here
-DAEMON=/usr/sbin/rpki-ca # Introduce the server's location here
-DAEMON_ARGS=""             # Arguments to run the daemon with
-PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Exit if the package is not installed
-[ -x $DAEMON ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
-. /lib/lsb/init-functions
-
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
-	# Return
-	#   0 if daemon has been started
-	#   1 if daemon was already running
-	#   2 if daemon could not be started
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \\
-		|| return 1
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \\
-		$DAEMON_ARGS \\
-		|| return 2
-	# Add code here, if necessary, that waits for the process to be ready
-	# to handle requests from services started subsequently which depend
-	# on this one.  As a last resort, sleep for some time.
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
-	# Return
-	#   0 if daemon has been stopped
-	#   1 if daemon was already stopped
-	#   2 if daemon could not be stopped
-	#   other if a failure occurred
-	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	# Wait for children to finish too if this is a daemon that forks
-	# and if the daemon is only ever run from this initscript.
-	# If the above conditions are not satisfied then add some other code
-	# that waits for the process to drop all resources that could be
-	# needed by services started subsequently.  A last resort is to
-	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-	[ "$?" = 2 ] && return 2
-	# Many daemons don't delete their pidfiles when they exit.
-	rm -f $PIDFILE
-	return "$RETVAL"
-}
-
-case "$1" in
-  start)
-    [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
-    do_start
-    case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-  ;;
-  stop)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-	do_stop
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  status)
-       status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
-       ;;
-  restart|force-reload)
-	#
-	# If the "reload" option is implemented then remove the
-	# 'force-reload' alias
-	#
-	log_daemon_msg "Restarting $DESC" "$NAME"
-	do_stop
-	case "$?" in
-	  0|1)
-		do_start
-		case "$?" in
-			0) log_end_msg 0 ;;
-			1) log_end_msg 1 ;; # Old process is still running
-			*) log_end_msg 1 ;; # Failed to start
-		esac
-		;;
-	  *)
-	  	# Failed to stop
-		log_end_msg 1
-		;;
-	esac
-	;;
-  *)
-	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
-	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
-	exit 3
-	;;
-esac
-
-:
-''')
-
-with open('debian/rpki-ca.install', "wb") as f:
-  f.write('''\
-etc/rpki/apache.conf
-etc/rpki/settings.py
-usr/lib
-usr/sbin
-usr/share
-''')
-
-with open('debian/rpki-ca.lintian-overrides', "wb") as f:
-  f.write('''\
-# The RPKI code requires a copy of the OpenSSL library with both the
-# CMS code and RFC 3779 code enabled.  All recent versions of OpenSSL
-# include this code, but it's not enabled on all platforms.  On Ubuntu
-# 12.04 LTS, the RFC 3779 code is disabled.  So we take the least bad
-# of our several bad options, and carefully link against a private
-# copy of the OpenSSL crypto library built with the options we need,
-# with all the voodoo necessary to avoid conflicts with, eg, the
-# OpenSSL shared libraries that are already linked into Python.
-#
-# It would be totally awesome if the OpenSSL package maintainers were
-# to enable the RFC 3779 code for us, but I'm not holding my breath.
-#
-# In the meantime, we need to tell lintian to allow this nasty hack.
-
-rpki-ca: embedded-library
-''')
-
-with open('debian/rpki-ca.upstart.ex', "wb") as f:
+with open('debian/rpki-ca.upstart', "wb") as f:
   f.write('''\
 # RPKI CA Service
 
@@ -536,8 +295,8 @@ stop on stopping mysql
 pre-start script
     if test -f /etc/rpki.conf
     then
-        install -m 755 -o rpki -g rpki -d /var/run/rpki
-	sudo -u rpki /usr/sbin/rpki-start-servers
+        install -m 755 -o rpkid -g rpkid -d /var/run/rpki
+	sudo -u rpkid /usr/sbin/rpki-start-servers
     else
 	stop
 	exit 0
@@ -738,22 +497,9 @@ export DH_VERBOSE=1
 
 %:
 	dh $@ --with python2
-#	dh $@ 
-
-# Getting the RP package working is more urgent than getting the CA
-# package working, so skip stuff that's only needed for the CA package
-# for now.
-#
-# Get rid of this overide once we start testing builds of multiple
-# binary packages from a single source package.
-#
-# We'll want to keep --disable-target-installation to avoid trying to
-# do things during make install which really need to be done in
-# rpki-rp.postinst.
 
 override_dh_auto_configure:
 	dh_auto_configure -- --disable-target-installation
-#	dh_auto_configure -- --disable-ca-tools --disable-target-installation
 ''')
 
 os.makedirs('debian/source')