diff options
| -rwxr-xr-x | configure | 105 | ||||
| -rw-r--r-- | configure.ac | 104 | ||||
| -rw-r--r-- | rpkid/Makefile.in | 57 | ||||
| -rw-r--r-- | rpkid/portal-gui/rpki.wsgi | 9 |
4 files changed, 214 insertions, 61 deletions
@@ -626,6 +626,8 @@ WSGI_DAEMON_PROCESS OPENSSL_SO_GLOB OPENSSL_CONFIG_COMMAND TOP_LEVEL_SUBDIRS +WSGI_PYTHON_EGG_CACHE_USER +WSGI_PYTHON_EGG_CACHE_DIR SETUP_PY_INSTALL_LAYOUT RPKID_INSTALL_TARGETS RTR_ORIGIN_INSTALL_TARGETS @@ -723,6 +725,7 @@ enable_rp_tools enable_target_installation enable_wsgi_daemon_mode enable_python_install_layout +enable_wsgi_python_egg_cache enable_python enable_django enable_rpki_rtr @@ -1357,10 +1360,12 @@ Optional Features: --disable-rp-tools Don't build any of the relying party tools --disable-target-installation Don't perform final target installation - --enable-wsgi-daemon-mode=user:group + --enable-wsgi-daemon-mode=user[:group] Run the web portal as a separate process --enable-python-install-layout=layout Specify Python --install-layout + --enable-wsgi-python-egg-cache=dir[:user] + Set up PYTHON_EGG_CACHE in wsgi wrapper --disable-python (Obsolete, do not use) --disable-django (Obsolete, do not use) --disable-rpki-rtr (Obsolete, do not use) @@ -2462,6 +2467,13 @@ else enable_python_install_layout=auto fi +# Check whether --enable-wsgi_python_egg_cache was given. +if test "${enable_wsgi_python_egg_cache+set}" = set; then : + enableval=$enable_wsgi_python_egg_cache; +else + enable_wsgi_python_egg_cache=auto +fi + @@ -4470,7 +4482,7 @@ case $enable_rcynic_jail in RCYNIC_JAIL_DIRS='${RCYNIC_DIR}/bin ${RCYNIC_DIR}/dev ${RCYNIC_DIR}/etc' if test "X$host_os" = "Xlinux" then - RCYNIC_JAIL_DIRS="RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' + RCYNIC_JAIL_DIRS="$RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' fi ;; no) @@ -4891,6 +4903,61 @@ $as_echo "$use_install_layout $SETUP_PY_INSTALL_LAYOUT" >&6; } fi +# Figure out whether we're going to want a PYTHON_EGG_CACHE directory. +# This is mostly just a pass through to rpkigui-apache-confgen and rpki.wsgi +# via rpki.autoconf. + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we need rpki.wgi to use a Python egg cache" >&5 +$as_echo_n "checking whether we need rpki.wgi to use a Python egg cache... " >&6; } + +save_IFS="$IFS" +IFS=':' read WSGI_PYTHON_EGG_CACHE_DIR WSGI_PYTHON_EGG_CACHE_USER <<_EOF +$enable_wsgi_python_egg_cache +_EOF +IFS="$save_IFS" + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" = "Xauto" +then + case $host_os in + freebsd*) WSGI_PYTHON_EGG_CACHE_DIR=yes;; + *) WSGI_PYTHON_EGG_CACHE_DIR=no;; + esac +fi + +case $WSGI_PYTHON_EGG_CACHE_DIR in +yes) + WSGI_PYTHON_EGG_CACHE_DIR='${datarootdir}/rpki/python-eggs' + ;; +no) + WSGI_PYTHON_EGG_CACHE_DIR='' + ;; +esac + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" != "X" && + test "X$WSGI_PYTHON_EGG_CACHE_USER" = "X" +then + case $host_os in + freebsd*) WSGI_PYTHON_EGG_CACHE_USER="www";; + linux*) WSGI_PYTHON_EGG_CACHE_USER="www-data";; + esac +fi + + + + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" = "X" +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +elif test "X$WSGI_PYTHON_EGG_CACHE_USER" != "X" +then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WSGI_PYTHON_EGG_CACHE_DIR (user $WSGI_PYTHON_EGG_CACHE_USER)" >&5 +$as_echo "$WSGI_PYTHON_EGG_CACHE_DIR (user $WSGI_PYTHON_EGG_CACHE_USER)" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $WSGI_PYTHON_EGG_CACHE_DIR" >&5 +$as_echo "$WSGI_PYTHON_EGG_CACHE_DIR" >&6; } +fi + # Figure out which parts of this package we have to build. TOP_LEVEL_SUBDIRS="h" @@ -4971,26 +5038,30 @@ fi if test $build_ca_tools = yes then - if test "$enable_wsgi_daemon_mode" != no - then - if test "$enable_wsgi_daemon_mode" = yes; then - as_fn_error $? "You must specify the user to run the wsgi process as with --enable-wsgi-daemon-mode=USER" "$LINENO" 5 - fi - save_IFS="$IFS" - IFS=':' read user group <<_EOF + ac_config_files="$ac_config_files rpkid/Makefile rpkid/tests/Makefile rpkid/portal-gui/Makefile" + +fi + +if test $build_ca_tools = yes && + test "X$enable_wsgi_daemon_mode" = "Xyes" +then + as_fn_error $? "You must specify the user to run the wsgi process as with --enable-wsgi-daemon-mode=USER" "$LINENO" 5 +fi + +if test $build_ca_tools = yes && + test "X$enable_wsgi_daemon_mode" != "Xno" +then + save_IFS="$IFS" + IFS=':' read user group <<_EOF $enable_wsgi_daemon_mode _EOF - IFS="$save_IFS" - WSGI_DAEMON_PROCESS="WSGIDaemonProcess rpkigui user=$user ${group:+group=}${group} display-name=%{GROUP}" + IFS="$save_IFS" + WSGI_DAEMON_PROCESS="WSGIDaemonProcess rpkigui user=$user ${group:+group=}${group} display-name=%{GROUP}" - WSGI_PROCESS_GROUP="WSGIProcessGroup rpkigui" + WSGI_PROCESS_GROUP="WSGIProcessGroup rpkigui" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: running mod_wsgi in daemon mode with user \"$user\" and group \"${group:-default}\"" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: running mod_wsgi in daemon mode with user \"$user\" and group \"${group:-default}\"" >&5 $as_echo "running mod_wsgi in daemon mode with user \"$user\" and group \"${group:-default}\"" >&6; } - fi - - ac_config_files="$ac_config_files rpkid/Makefile rpkid/tests/Makefile rpkid/portal-gui/Makefile" - fi # Now that we're finally done with all the conditional changes to diff --git a/configure.ac b/configure.ac index 31b61d09..2b0b5e98 100644 --- a/configure.ac +++ b/configure.ac @@ -32,14 +32,15 @@ fi # Put the user option stuff up front. -AC_ARG_WITH([system_openssl], [AS_HELP_STRING([--with-system-openssl], [Link against system copy of OpenSSL])], [], [with_system_openssl=auto]) -AC_ARG_ENABLE([rcynic_jail], [AS_HELP_STRING([--enable-rcynic-jail], [Run rcynic in chroot jail])], [], [enable_rcynic_jail=no]) -AC_ARG_ENABLE([openssl_asm], [AS_HELP_STRING([--disable-openssl-asm], [Don't let OpenSSL build assembler code])], [], [enable_openssl_asm=auto]) -AC_ARG_ENABLE([ca_tools], [AS_HELP_STRING([--disable-ca-tools], [Don't build any of the CA tools])], [], [enable_ca_tools=yes]) -AC_ARG_ENABLE([rp_tools], [AS_HELP_STRING([--disable-rp-tools], [Don't build any of the relying party tools])], [], [enable_rp_tools=yes]) -AC_ARG_ENABLE([target_installation], [AS_HELP_STRING([--disable-target-installation], [Don't perform final target installation])], [], [enable_target_installation=yes]) -AC_ARG_ENABLE([wsgi_daemon_mode], [AS_HELP_STRING([--enable-wsgi-daemon-mode=user[:group]], [Run the web portal as a separate process])], [], [enable_wsgi_daemon_mode=no]) -AC_ARG_ENABLE([python_install_layout], [AS_HELP_STRING([--enable-python-install-layout=layout], [Specify Python --install-layout])], [], [enable_python_install_layout=auto]) +AC_ARG_WITH([system_openssl], [AS_HELP_STRING([--with-system-openssl], [Link against system copy of OpenSSL])], [], [with_system_openssl=auto]) +AC_ARG_ENABLE([rcynic_jail], [AS_HELP_STRING([--enable-rcynic-jail], [Run rcynic in chroot jail])], [], [enable_rcynic_jail=no]) +AC_ARG_ENABLE([openssl_asm], [AS_HELP_STRING([--disable-openssl-asm], [Don't let OpenSSL build assembler code])], [], [enable_openssl_asm=auto]) +AC_ARG_ENABLE([ca_tools], [AS_HELP_STRING([--disable-ca-tools], [Don't build any of the CA tools])], [], [enable_ca_tools=yes]) +AC_ARG_ENABLE([rp_tools], [AS_HELP_STRING([--disable-rp-tools], [Don't build any of the relying party tools])], [], [enable_rp_tools=yes]) +AC_ARG_ENABLE([target_installation], [AS_HELP_STRING([--disable-target-installation], [Don't perform final target installation])], [], [enable_target_installation=yes]) +AC_ARG_ENABLE([wsgi_daemon_mode], [AS_HELP_STRING([--enable-wsgi-daemon-mode=user[[:group]]], [Run the web portal as a separate process])], [], [enable_wsgi_daemon_mode=no]) +AC_ARG_ENABLE([python_install_layout], [AS_HELP_STRING([--enable-python-install-layout=layout], [Specify Python --install-layout])], [], [enable_python_install_layout=auto]) +AC_ARG_ENABLE([wsgi_python_egg_cache], [AS_HELP_STRING([--enable-wsgi-python-egg-cache=dir[[:user]]], [Set up PYTHON_EGG_CACHE in wsgi wrapper])], [], [enable_wsgi_python_egg_cache=auto]) AC_ARG_VAR([RCYNIC_DIR], [Where to put output files from rcynic and rtr-origin; also controls jail location for --enable-rcynic-jail]) AC_ARG_VAR([APACHE_VERSION], [Version of Apache httpd, mostly used on FreeBSD where it determines some of the directory names]) @@ -305,7 +306,7 @@ case $enable_rcynic_jail in RCYNIC_JAIL_DIRS='${RCYNIC_DIR}/bin ${RCYNIC_DIR}/dev ${RCYNIC_DIR}/etc' if test "X$host_os" = "Xlinux" then - RCYNIC_JAIL_DIRS="RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' + RCYNIC_JAIL_DIRS="$RCYNIC_JAIL_DIRS "'${RCYNIC_DIR}/lib ${RCYNIC_DIR}/lib64 ${RCYNIC_DIR}/usr/lib' fi ;; no) @@ -678,6 +679,57 @@ then AC_SUBST(SETUP_PY_INSTALL_LAYOUT) fi +# Figure out whether we're going to want a PYTHON_EGG_CACHE directory. +# This is mostly just a pass through to rpkigui-apache-confgen and rpki.wsgi +# via rpki.autoconf. + +AC_MSG_CHECKING([whether we need rpki.wgi to use a Python egg cache]) + +save_IFS="$IFS" +IFS=':' read WSGI_PYTHON_EGG_CACHE_DIR WSGI_PYTHON_EGG_CACHE_USER <<_EOF +$enable_wsgi_python_egg_cache +_EOF +IFS="$save_IFS" + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" = "Xauto" +then + case $host_os in + freebsd*) WSGI_PYTHON_EGG_CACHE_DIR=yes;; + *) WSGI_PYTHON_EGG_CACHE_DIR=no;; + esac +fi + +case $WSGI_PYTHON_EGG_CACHE_DIR in +yes) + WSGI_PYTHON_EGG_CACHE_DIR='${datarootdir}/rpki/python-eggs' + ;; +no) + WSGI_PYTHON_EGG_CACHE_DIR='' + ;; +esac + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" != "X" && + test "X$WSGI_PYTHON_EGG_CACHE_USER" = "X" +then + case $host_os in + freebsd*) WSGI_PYTHON_EGG_CACHE_USER="www";; + linux*) WSGI_PYTHON_EGG_CACHE_USER="www-data";; + esac +fi + +AC_SUBST(WSGI_PYTHON_EGG_CACHE_DIR) +AC_SUBST(WSGI_PYTHON_EGG_CACHE_USER) + +if test "X$WSGI_PYTHON_EGG_CACHE_DIR" = "X" +then + AC_MSG_RESULT([no]) +elif test "X$WSGI_PYTHON_EGG_CACHE_USER" != "X" +then + AC_MSG_RESULT([$WSGI_PYTHON_EGG_CACHE_DIR (user $WSGI_PYTHON_EGG_CACHE_USER)]) +else + AC_MSG_RESULT([$WSGI_PYTHON_EGG_CACHE_DIR]) +fi + # Figure out which parts of this package we have to build. TOP_LEVEL_SUBDIRS="h" @@ -759,22 +811,28 @@ fi if test $build_ca_tools = yes then - if test "$enable_wsgi_daemon_mode" != no - then - if test "$enable_wsgi_daemon_mode" = yes; then - AC_MSG_ERROR([You must specify the user to run the wsgi process as with --enable-wsgi-daemon-mode=USER]) - fi - save_IFS="$IFS" - IFS=':' read user group <<_EOF + AC_CONFIG_FILES([rpkid/Makefile + rpkid/tests/Makefile + rpkid/portal-gui/Makefile]) +fi + +if test $build_ca_tools = yes && + test "X$enable_wsgi_daemon_mode" = "Xyes" +then + AC_MSG_ERROR([You must specify the user to run the wsgi process as with --enable-wsgi-daemon-mode=USER]) +fi + +if test $build_ca_tools = yes && + test "X$enable_wsgi_daemon_mode" != "Xno" +then + save_IFS="$IFS" + IFS=':' read user group <<_EOF $enable_wsgi_daemon_mode _EOF - IFS="$save_IFS" - AC_SUBST(WSGI_DAEMON_PROCESS, "WSGIDaemonProcess rpkigui user=$user ${group:+group=}${group} display-name=%{GROUP}") - AC_SUBST(WSGI_PROCESS_GROUP, "WSGIProcessGroup rpkigui") - AC_MSG_RESULT([running mod_wsgi in daemon mode with user "$user" and group "${group:-default}"]) - fi - - AC_CONFIG_FILES([rpkid/Makefile rpkid/tests/Makefile rpkid/portal-gui/Makefile]) + IFS="$save_IFS" + AC_SUBST(WSGI_DAEMON_PROCESS, "WSGIDaemonProcess rpkigui user=$user ${group:+group=}${group} display-name=%{GROUP}") + AC_SUBST(WSGI_PROCESS_GROUP, "WSGIProcessGroup rpkigui") + AC_MSG_RESULT([running mod_wsgi in daemon mode with user "$user" and group "${group:-default}"]) fi # Now that we're finally done with all the conditional changes to diff --git a/rpkid/Makefile.in b/rpkid/Makefile.in index ae777e25..bdca9105 100644 --- a/rpkid/Makefile.in +++ b/rpkid/Makefile.in @@ -28,10 +28,12 @@ abs_top_srcdir = @abs_top_srcdir@ abs_top_builddir= @abs_top_builddir@ srcdir = @srcdir@ -WSGI_DAEMON_PROCESS = @WSGI_DAEMON_PROCESS@ -WSGI_PROCESS_GROUP = @WSGI_PROCESS_GROUP@ -RCYNIC_HTML_DIR = @RCYNIC_HTML_DIR@ -APACHE_VERSION = @APACHE_VERSION@ +WSGI_DAEMON_PROCESS = @WSGI_DAEMON_PROCESS@ +WSGI_PROCESS_GROUP = @WSGI_PROCESS_GROUP@ +RCYNIC_HTML_DIR = @RCYNIC_HTML_DIR@ +APACHE_VERSION = @APACHE_VERSION@ +WSGI_PYTHON_EGG_CACHE_DIR = @WSGI_PYTHON_EGG_CACHE_DIR@ +WSGI_PYTHON_EGG_CACHE_USER = @WSGI_PYTHON_EGG_CACHE_USER@ RPKID_INSTALL_TARGETS = @RPKID_INSTALL_TARGETS@ @@ -186,21 +188,23 @@ clean:: rm -f examples/rpki.conf rpki/autoconf.py: Makefile - @echo 'Generating $@'; \ - (echo '# Automatically generated. DO NOT EDIT.'; \ - echo ; \ - echo 'bindir = "${bindir}"'; \ - echo 'datarootdir = "${datarootdir}"'; \ - echo 'localstatedir = "${localstatedir}"'; \ - echo 'sbindir = "${sbindir}"'; \ - echo 'sharedstatedir = "${sharedstatedir}"'; \ - echo 'sysconfdir = "${sysconfdir}"'; \ - echo 'libexecdir = "${libexecdir}"'; \ - echo ; \ - echo 'WSGI_DAEMON_PROCESS = "${WSGI_DAEMON_PROCESS}"'; \ - echo 'WSGI_PROCESS_GROUP = "${WSGI_PROCESS_GROUP}"'; \ - echo 'RCYNIC_HTML_DIR = "${RCYNIC_HTML_DIR}"'; \ - echo 'APACHE_VERSION = "${APACHE_VERSION}"'; \ + @echo 'Generating $@'; \ + (echo '# Automatically generated. DO NOT EDIT.'; \ + echo ; \ + echo 'bindir = "${bindir}"'; \ + echo 'datarootdir = "${datarootdir}"'; \ + echo 'localstatedir = "${localstatedir}"'; \ + echo 'sbindir = "${sbindir}"'; \ + echo 'sharedstatedir = "${sharedstatedir}"'; \ + echo 'sysconfdir = "${sysconfdir}"'; \ + echo 'libexecdir = "${libexecdir}"'; \ + echo ; \ + echo 'WSGI_DAEMON_PROCESS = "${WSGI_DAEMON_PROCESS}"'; \ + echo 'WSGI_PROCESS_GROUP = "${WSGI_PROCESS_GROUP}"'; \ + echo 'RCYNIC_HTML_DIR = "${RCYNIC_HTML_DIR}"'; \ + echo 'APACHE_VERSION = "${APACHE_VERSION}"'; \ + echo 'WSGI_PYTHON_EGG_CACHE_DIR = "${WSGI_PYTHON_EGG_CACHE_DIR}"'; \ + echo 'WSGI_PYTHON_EGG_CACHE_USER = "${WSGI_PYTHON_EGG_CACHE_USER}"'; \ ) > $@ clean:: @@ -219,15 +223,28 @@ clean:: rm -f setup_autoconf.py setup_autoconf.pyc install-postconf: \ - install-user install-conf install-apache install-mysql install-django install-bpki install-cron + install-user install-egg-cache install-conf install-apache install-mysql install-django install-bpki install-cron # This should create user "rpkid" and group "rpkid", but as we have # not yet tested our ability to run in such a configuration, this # would be a little premature. Can steal Makefile code for this from # rcynic when we're ready to do something with it. + install-user: @true +# This is only necessary on some platforms (currently FreeBSD, +# due to shortcomings in the way that Python eggs are installed +# as system libraries). + +install-egg-cache: + @if test 'X${WSGI_PYTHON_EGG_CACHE_DIR}' != X && test ! -d '${WSGI_PYTHON_EGG_CACHE_DIR}'; then \ + mkdir -v '${WSGI_PYTHON_EGG_CACHE_DIR}'; \ + if test 'X${WSGI_PYTHON_EGG_CACHE_USER}' != X; then \ + chown '${WSGI_PYTHON_EGG_CACHE_USER}' '${WSGI_PYTHON_EGG_CACHE_DIR}'; \ + fi; \ + fi + # We used to play the FreeBSD game of copying rpki.conf.sample to # rpki.conf on install and removing rpki.conf if it's identical to # rpki.conf.sample in uninstall, but that turns out to work poorly diff --git a/rpkid/portal-gui/rpki.wsgi b/rpkid/portal-gui/rpki.wsgi index a01bf8f7..72ba75ac 100644 --- a/rpkid/portal-gui/rpki.wsgi +++ b/rpkid/portal-gui/rpki.wsgi @@ -22,7 +22,8 @@ import os import rpki.autoconf os.environ['DJANGO_SETTINGS_MODULE'] = 'rpki.gui.default_settings' -# needed for local_settings.py + +# Needed for local_settings.py sys.path.insert(1, rpki.autoconf.sysconfdir + '/rpki') # Kludge to disable use of setproctitle in rpki.log. For reasons @@ -32,6 +33,12 @@ sys.path.insert(1, rpki.autoconf.sysconfdir + '/rpki') # what this is about, just disable setproctitle in WSGI case for now. os.environ['DISABLE_SETPROCTITLE'] = 'yes' +# Kludge to set PYTHON_EGG_CACHE, mostly for FreeBSD where the ports +# system installs Python eggs in their zipped format and expects each +# user application to unpack them into its own egg cache. +if not os.environ.get('PYTHON_EGG_CACHE') and rpki.autoconf.WSGI_PYTHON_EGG_CACHE_DIR: + os.environ['PYTHON_EGG_CACHE'] = rpki.autoconf.WSGI_PYTHON_EGG_CACHE_DIR + import django.core.handlers.wsgi application = django.core.handlers.wsgi.WSGIHandler() |