From cb3c0c95b314dcc3f4c8a18f095ab8828833466b Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 3 Feb 2013 22:27:01 +0000 Subject: Wrapped debian skeleton. svn path=/branches/tk377/; revision=5023 --- buildtools/debian-package-skeleton.py | 751 ++++++++++++++++++++++++++++++++++ 1 file changed, 751 insertions(+) create mode 100644 buildtools/debian-package-skeleton.py (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py new file mode 100644 index 00000000..43042d72 --- /dev/null +++ b/buildtools/debian-package-skeleton.py @@ -0,0 +1,751 @@ +# Generated by wrap-tree.py. Needs hacking for things like +# maintaining the debian/changelog file, but at least this gets all +# the debian/ubuntu stuff to date into the repository. + +import os + +os.makedirs('debian') + +with open('debian/changelog', "wb") as f: + f.write('''\ +rpki (0.4976) UNRELEASED; urgency=low + + * Test update to changelog. + + -- Rob Austein Tue, 22 Jan 2013 02:50:01 -0500 + +rpki (0.4968) UNRELEASED; urgency=low + + * Initial Release. + + -- Rob Austein Tue, 15 Jan 2013 13:29:54 -0500 +''') + +with open('debian/compat', "wb") as f: + f.write('''\ +8 +''') + +with open('debian/control', "wb") as f: + f.write('''\ +Source: rpki +Priority: extra +Maintainer: Rob Austein +Build-Depends: debhelper (>= 8.0.0), autotools-dev, xsltproc, python (>= 2.7), python-all-dev, python-setuptools, python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml +Standards-Version: 3.9.3 +Homepage: http://trac.rpki.net/ +Vcs-Svn: http://subvert-rpki.hactrn.net/ +Vcs-Browser: http://trac.rpki.net/browser + +Package: rpki-rp +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.7), rrdtool, rsync +Description: rpki.net relying party tools + "Relying party" validation tools from the rpki.net toolkit. + See the online documentation at http://rpki.net/. + +Package: rpki-ca +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, xsltproc, python (>= 2.7), python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml +Description: rpki.net certification authority tools + "Certification authority" tools for issuing RPKI certificates and + related objects using the rpki.net toolkit. + See the online documentation at http://rpki.net/. +''') + +with open('debian/copyright', "wb") as f: + f.write('''\ +Format: http://dep.debian.net/deps/dep5 +Upstream-Name: rpki +Source: http://rpki.net/ + + +Files: * +Copyright: 2006-2008 American Registry for Internet Numbers + 2009-2013 Internet Systems Consortium + 2010-2013 SPARTA, Inc. +License: ISC + + +Files: openssl/openssl-*.tar.gz +Copyright: 1998-2012 The OpenSSL Project + 1995-1998 Eric A. Young, Tim J. Hudson +License: OpenSSL and SSLeay + + +License: ISC + Permission to use, copy, modify, and distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + PERFORMANCE OF THIS SOFTWARE. + + +License: OpenSSL + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + . + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + . + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + . + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + . + 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + licensing@OpenSSL.org. + . + 5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + . + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + . + THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + . + This product includes cryptographic software written by Eric Young + (eay@cryptsoft.com). This product includes software written by Tim + Hudson (tjh@cryptsoft.com). + + +License: SSLeay + This library is free for commercial and non-commercial use as long as + the following conditions are aheared to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + . + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the rouines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + . + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU Public Licence.] +''') + +with open('debian/postinst.ex', "wb") as f: + f.write('''\ +#!/bin/sh +# postinst script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/postrm.ex', "wb") as f: + f.write('''\ +#!/bin/sh +# postrm script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/preinst.ex', "wb") as f: + f.write('''\ +#!/bin/sh +# preinst script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `install' +# * `install' +# * `upgrade' +# * `abort-upgrade' +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + install|upgrade) + ;; + + abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/prerm.ex', "wb") as f: + f.write('''\ +#!/bin/sh +# prerm script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/rpki-ca.init.d.ex', "wb") as f: + f.write('''\ +#!/bin/sh +### BEGIN INIT INFO +# Provides: rpki-ca +# Required-Start: $network $local_fs +# Required-Stop: +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: +# Description: +# <...> +# <...> +### END INIT INFO + +# Author: Rob Austein + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +PATH=/sbin:/usr/sbin:/bin:/usr/bin +DESC=rpki-ca # Introduce a short description here +NAME=rpki-ca # Introduce the short server's name here +DAEMON=/usr/sbin/rpki-ca # Introduce the server's location here +DAEMON_ARGS="" # Arguments to run the daemon with +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME + +# Exit if the package is not installed +[ -x $DAEMON ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \\ + || return 1 + start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \\ + $DAEMON_ARGS \\ + || return 2 + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: +''') + +with open('debian/rpki-ca.install', "wb") as f: + f.write('''\ +etc/rpki/apache.conf +etc/rpki/settings.py +usr/lib +usr/sbin +usr/share +''') + +with open('debian/rpki-ca.lintian-overrides', "wb") as f: + f.write('''\ +# The RPKI code requires a copy of the OpenSSL library with both the +# CMS code and RFC 3779 code enabled. All recent versions of OpenSSL +# include this code, but it's not enabled on all platforms. On Ubuntu +# 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad +# of our several bad options, and carefully link against a private +# copy of the OpenSSL crypto library built with the options we need, +# with all the voodoo necessary to avoid conflicts with, eg, the +# OpenSSL shared libraries that are already linked into Python. +# +# It would be totally awesome if the OpenSSL package maintainers were +# to enable the RFC 3779 code for us, but I'm not holding my breath. +# +# In the meantime, we need to tell lintian to allow this nasty hack. + +rpki-ca: embedded-library +''') + +with open('debian/rpki-ca.upstart.ex', "wb") as f: + f.write('''\ +# RPKI CA Service + +description "RPKI CA Servers" +author "Rob Austein " + +# This is almost certainly wrong. Suggestions on how to improve this +# welcome, but please first read the Python code to understand what it +# is doing. + +# Our only real dependency is on mysqld. + +start on started mysql +stop on stopping mysql + +pre-start script + install -m 755 -o rpki -g rpki -d /var/run/rpki + sudo -u rpki /usr/sbin/rpki-start-servers +end script + +post-stop script + for i in rpkid pubd irdbd rootd + do + [ -f /var/run/rpki/$i.pid ] && kill `/bin/cat /var/run/rpki/$i.pid` + done +end script +''') + +with open('debian/rpki-rp.install', "wb") as f: + f.write('''\ +etc/rcynic.conf +etc/rpki/trust-anchors +usr/bin +var/rcynic +''') + +with open('debian/rpki-rp.lintian-overrides', "wb") as f: + f.write('''\ +# The RPKI code requires a copy of the OpenSSL library with both the +# CMS code and RFC 3779 code enabled. All recent versions of OpenSSL +# include this code, but it's not enabled on all platforms. On Ubuntu +# 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad +# of our several bad options, and carefully link against a private +# copy of the OpenSSL crypto library built with the options we need, +# with all the voodoo necessary to avoid conflicts with, eg, the +# OpenSSL shared libraries that are already linked into Python. +# +# It would be totally awesome if the OpenSSL package maintainers were +# to enable the RFC 3779 code for us, but I'm not holding my breath. +# +# In the meantime, we need to tell lintian to allow this nasty hack. + +rpki-rp: embedded-library + +# /var/rcynic is where we have been keeping this for years. We could change +# but all the documentation says /var/rcynic. Maybe some day we will +# figure out a politically correct place to put this, for now stick +# with what the documentation leads the user to expect. + +rpki-rp: non-standard-dir-in-var +''') + +with open('debian/rpki-rp.postinst', "wb") as f: + f.write('''\ +#!/bin/sh +# postinst script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +setup_rcynic_ownership() { + chown rcynic:rcynic /var/rcynic/data /var/rcynic/rpki-rtr +} + +setup_rcynic_user() { + if ! getent passwd rcynic >/dev/null + then + useradd -g rcynic -M -N -d /var/rcynic -s /sbin/nologin -c "RPKI validation system" rcynic + fi +} + +setup_rcynic_group() { + if ! getent group rcynic >/dev/null + then + groupadd rcynic + fi +} + +# We want to pick a *random* minute for rcynic to run, to spread load +# on repositories, which is why we don't just use a package crontab. + +setup_rcynic_cron() { + crontab -l -u rcynic 2>/dev/null | + awk -v t=`hexdump -n 2 -e '"%u\\n"' /dev/urandom` ' + BEGIN { cmd = "exec /usr/bin/rcynic-cron" } + $0 !~ cmd { print } + END { printf "%u * * * *\\t%s\\n", t % 60, cmd } + ' | + crontab -u rcynic - +} + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + setup_rcynic_group + setup_rcynic_user + setup_rcynic_ownership + setup_rcynic_cron + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/rpki-rp.prerm', "wb") as f: + f.write('''\ +#!/bin/sh +# prerm script for rpki-rp +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `upgrade' +# * `failed-upgrade' +# * `remove' `in-favour' +# * `deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove) + + crontab -l -u rcynic 2>/dev/null | awk ' + $0 !~ "exec /usr/bin/rcynic-cron" { + line[++n] = $0; + } + END { + if (n) + for (i = 1; i <= n; i++) + print line[i] | "crontab -u rcynic -"; + else + system("crontab -u rcynic -r"); + }' + ;; + + upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \\`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 +''') + +with open('debian/rules', "wb") as f: + f.write('''\ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +export DH_VERBOSE=1 + +%: + dh $@ --with python2 +# dh $@ + +# Getting the RP package working is more urgent than getting the CA +# package working, so skip stuff that's only needed for the CA package +# for now. +# +# Get rid of this overide once we start testing builds of multiple +# binary packages from a single source package. +# +# We'll want to keep --disable-target-installation to avoid trying to +# do things during make install which really need to be done in +# rpki-rp.postinst. + +override_dh_auto_configure: + dh_auto_configure -- --disable-target-installation +# dh_auto_configure -- --disable-ca-tools --disable-target-installation +''') + +os.makedirs('debian/source') + +with open('debian/source/format', "wb") as f: + f.write('''\ +3.0 (native) +''') -- cgit v1.2.3 From 1e2bfc38278f05b2dab3005c2ca1f611e9503687 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 4 Feb 2013 05:36:12 +0000 Subject: Tweak directory ownerships on Debian install, and add a few more bits to rpki-ca.upstart while we're at it. svn path=/branches/tk377/; revision=5025 --- buildtools/debian-package-skeleton.py | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index 43042d72..777f4618 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -528,20 +528,29 @@ author "Rob Austein " # welcome, but please first read the Python code to understand what it # is doing. -# Our only real dependency is on mysqld. +# Our only real dependencies are on mysqld and our config file. start on started mysql stop on stopping mysql pre-start script - install -m 755 -o rpki -g rpki -d /var/run/rpki - sudo -u rpki /usr/sbin/rpki-start-servers + if test -f /etc/rpki.conf + then + install -m 755 -o rpki -g rpki -d /var/run/rpki + sudo -u rpki /usr/sbin/rpki-start-servers + else + stop + exit 0 + fi end script post-stop script for i in rpkid pubd irdbd rootd do - [ -f /var/run/rpki/$i.pid ] && kill `/bin/cat /var/run/rpki/$i.pid` + if test -f /var/run/rpki/$i.pid + then + kill `cat /var/run/rpki/$i.pid` + fi done end script ''') @@ -590,7 +599,11 @@ with open('debian/rpki-rp.postinst', "wb") as f: set -e setup_rcynic_ownership() { - chown rcynic:rcynic /var/rcynic/data /var/rcynic/rpki-rtr + install -o rcynic -g rcynic -d /var/rcynic/data /var/rcynic/rpki-rtr /var/rcynic/rpki-rtr + if test -d /var/www + then + install -o rcynic -g rcynic -d /var/www/rcynic + fi } setup_rcynic_user() { -- cgit v1.2.3 From 25210d8595a821183ba32847c6735ad84791ea8c Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 5 Feb 2013 00:12:49 +0000 Subject: Clean up debian/ directory, enable upstart. svn path=/branches/tk377/; revision=5027 --- buildtools/debian-package-skeleton.py | 354 +++++----------------------------- 1 file changed, 50 insertions(+), 304 deletions(-) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index 777f4618..a388c067 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -188,159 +188,82 @@ License: SSLeay [including the GNU Public Licence.] ''') -with open('debian/postinst.ex', "wb") as f: +with open('debian/rpki-ca.install', "wb") as f: f.write('''\ -#!/bin/sh -# postinst script for rpki-rp -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - configure) - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \\`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 +etc/rpki.conf.sample +etc/rpki/apache.conf +etc/rpki/settings.py +usr/lib +usr/sbin +usr/share ''') -with open('debian/postrm.ex', "wb") as f: +with open('debian/rpki-ca.lintian-overrides', "wb") as f: f.write('''\ -#!/bin/sh -# postrm script for rpki-rp +# The RPKI code requires a copy of the OpenSSL library with both the +# CMS code and RFC 3779 code enabled. All recent versions of OpenSSL +# include this code, but it's not enabled on all platforms. On Ubuntu +# 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad +# of our several bad options, and carefully link against a private +# copy of the OpenSSL crypto library built with the options we need, +# with all the voodoo necessary to avoid conflicts with, eg, the +# OpenSSL shared libraries that are already linked into Python. # -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \\`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# +# It would be totally awesome if the OpenSSL package maintainers were +# to enable the RFC 3779 code for us, but I'm not holding my breath. +# +# In the meantime, we need to tell lintian to allow this nasty hack. -exit 0 +rpki-ca: embedded-library ''') -with open('debian/preinst.ex', "wb") as f: +with open('debian/rpki-ca.postinst', "wb") as f: f.write('''\ #!/bin/sh -# preinst script for rpki-rp +# postinst script for rpki-ca # # see: dh_installdeb(1) set -e -# summary of how this script can be called: -# * `install' -# * `install' -# * `upgrade' -# * `abort-upgrade' -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - install|upgrade) - ;; - - abort-upgrade) - ;; - - *) - echo "preinst called with unknown argument \\`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 -''') - -with open('debian/prerm.ex', "wb") as f: - f.write('''\ -#!/bin/sh -# prerm script for rpki-rp -# -# see: dh_installdeb(1) +setup_rpkid_user() { + if ! getent passwd rpkid >/dev/null + then + useradd -g rpkid -M -N -d /nonexistent -s /sbin/nologin -c "RPKI certification authority engine(s)" rpkid + fi +} -set -e +setup_rpkid_group() { + if ! getent group rpkid >/dev/null + then + groupadd rpkid + fi +} # summary of how this script can be called: -# * `remove' -# * `upgrade' -# * `failed-upgrade' -# * `remove' `in-favour' -# * `deconfigure' `in-favour' -# `removing' +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package case "$1" in - remove|upgrade|deconfigure) + configure) + setup_rpkid_group + setup_rpkid_user ;; - failed-upgrade) + abort-upgrade|abort-remove|abort-deconfigure) ;; *) - echo "prerm called with unknown argument \\`$1'" >&2 + echo "postinst called with unknown argument \\`$1'" >&2 exit 1 ;; esac @@ -353,171 +276,7 @@ esac exit 0 ''') -with open('debian/rpki-ca.init.d.ex', "wb") as f: - f.write('''\ -#!/bin/sh -### BEGIN INIT INFO -# Provides: rpki-ca -# Required-Start: $network $local_fs -# Required-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: -# Description: -# <...> -# <...> -### END INIT INFO - -# Author: Rob Austein - -# PATH should only include /usr/* if it runs after the mountnfs.sh script -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC=rpki-ca # Introduce a short description here -NAME=rpki-ca # Introduce the short server's name here -DAEMON=/usr/sbin/rpki-ca # Introduce the server's location here -DAEMON_ARGS="" # Arguments to run the daemon with -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x $DAEMON ] || exit 0 - -# Read configuration variable file if it is present -[ -r /etc/default/$NAME ] && . /etc/default/$NAME - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - # Return - # 0 if daemon has been started - # 1 if daemon was already running - # 2 if daemon could not be started - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \\ - || return 1 - start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \\ - $DAEMON_ARGS \\ - || return 2 - # Add code here, if necessary, that waits for the process to be ready - # to handle requests from services started subsequently which depend - # on this one. As a last resort, sleep for some time. -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - # Return - # 0 if daemon has been stopped - # 1 if daemon was already stopped - # 2 if daemon could not be stopped - # other if a failure occurred - start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME - RETVAL="$?" - [ "$RETVAL" = 2 ] && return 2 - # Wait for children to finish too if this is a daemon that forks - # and if the daemon is only ever run from this initscript. - # If the above conditions are not satisfied then add some other code - # that waits for the process to drop all resources that could be - # needed by services started subsequently. A last resort is to - # sleep for some time. - start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON - [ "$?" = 2 ] && return 2 - # Many daemons don't delete their pidfiles when they exit. - rm -f $PIDFILE - return "$RETVAL" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: -''') - -with open('debian/rpki-ca.install', "wb") as f: - f.write('''\ -etc/rpki/apache.conf -etc/rpki/settings.py -usr/lib -usr/sbin -usr/share -''') - -with open('debian/rpki-ca.lintian-overrides', "wb") as f: - f.write('''\ -# The RPKI code requires a copy of the OpenSSL library with both the -# CMS code and RFC 3779 code enabled. All recent versions of OpenSSL -# include this code, but it's not enabled on all platforms. On Ubuntu -# 12.04 LTS, the RFC 3779 code is disabled. So we take the least bad -# of our several bad options, and carefully link against a private -# copy of the OpenSSL crypto library built with the options we need, -# with all the voodoo necessary to avoid conflicts with, eg, the -# OpenSSL shared libraries that are already linked into Python. -# -# It would be totally awesome if the OpenSSL package maintainers were -# to enable the RFC 3779 code for us, but I'm not holding my breath. -# -# In the meantime, we need to tell lintian to allow this nasty hack. - -rpki-ca: embedded-library -''') - -with open('debian/rpki-ca.upstart.ex', "wb") as f: +with open('debian/rpki-ca.upstart', "wb") as f: f.write('''\ # RPKI CA Service @@ -536,8 +295,8 @@ stop on stopping mysql pre-start script if test -f /etc/rpki.conf then - install -m 755 -o rpki -g rpki -d /var/run/rpki - sudo -u rpki /usr/sbin/rpki-start-servers + install -m 755 -o rpkid -g rpkid -d /var/run/rpki + sudo -u rpkid /usr/sbin/rpki-start-servers else stop exit 0 @@ -738,22 +497,9 @@ export DH_VERBOSE=1 %: dh $@ --with python2 -# dh $@ - -# Getting the RP package working is more urgent than getting the CA -# package working, so skip stuff that's only needed for the CA package -# for now. -# -# Get rid of this overide once we start testing builds of multiple -# binary packages from a single source package. -# -# We'll want to keep --disable-target-installation to avoid trying to -# do things during make install which really need to be done in -# rpki-rp.postinst. override_dh_auto_configure: dh_auto_configure -- --disable-target-installation -# dh_auto_configure -- --disable-ca-tools --disable-target-installation ''') os.makedirs('debian/source') -- cgit v1.2.3 From a44a83c31a03614e9ec0b590782802c8672383d9 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Tue, 5 Feb 2013 04:41:02 +0000 Subject: Run daemons as root for now, come back to permission issues when everything else works as expected. svn path=/branches/tk377/; revision=5028 --- buildtools/debian-package-skeleton.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index a388c067..19c64b8a 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -293,10 +293,29 @@ start on started mysql stop on stopping mysql pre-start script - if test -f /etc/rpki.conf + if test -f /etc/rpki.conf && + test -f /usr/share/rpki/ca.cer && + test -f /usr/share/rpki/irbe.cer && + test -f /usr/share/rpki/irdbd.cer && + test -f /usr/share/rpki/rpkid.cer && + test -f /usr/share/rpki/rpkid.key then install -m 755 -o rpkid -g rpkid -d /var/run/rpki - sudo -u rpkid /usr/sbin/rpki-start-servers + + # This should be running as user rpkid, but I haven't got all + # the pesky details worked out yet. Most testing to date has + # either been all under a single non-root user or everything + # as root, so, eg, running "rpkic initialize" as root will not + # leave things in a sane state for rpkid running as user + # rpkid. + # + # In the interest of debugging the rest of this before trying + # to break new ground, run daemons as root for the moment, + # with the intention of coming back to fix this later. + # + #sudo -u rpkid /usr/sbin/rpki-start-servers + /usr/sbin/rpki-start-servers + else stop exit 0 -- cgit v1.2.3 From 9016fc3c7ca5ba922f039c1b67fcf70f7384155a Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Mon, 18 Feb 2013 06:58:51 +0000 Subject: debuild et al are picky about format of email addresses. For some reason debuild now cares about "make test" failing (which it always has on package builds, because of MySQL setup requirements, but debuild used to ignore that), so tweak rules to skip the test suite. svn path=/branches/tk377/; revision=5040 --- buildtools/debian-package-skeleton.py | 3 +++ 1 file changed, 3 insertions(+) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index 19c64b8a..6eff5946 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -519,6 +519,9 @@ export DH_VERBOSE=1 override_dh_auto_configure: dh_auto_configure -- --disable-target-installation + +override_dh_auto_test: + @true ''') os.makedirs('debian/source') -- cgit v1.2.3 From 427d4111add9209a86339b5bace8809c6d4f72fa Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Fri, 22 Feb 2013 03:48:54 +0000 Subject: Hack to use pip to install recent versions of Django and South. Probably should be replaced by our own APT repository at some point, but this seems to work. svn path=/branches/tk377/; revision=5054 --- buildtools/debian-package-skeleton.py | 275 +++++++++++++++++++++++++++++++++- 1 file changed, 273 insertions(+), 2 deletions(-) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index 6eff5946..12e07e84 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -8,6 +8,227 @@ os.makedirs('debian') with open('debian/changelog', "wb") as f: f.write('''\ +rpki (0.5051) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Thu, 21 Feb 2013 01:17:22 -0000 + +rpki (0.5047) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Wed, 20 Feb 2013 08:31:58 -0000 + +rpki (0.5045) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Wed, 20 Feb 2013 01:31:40 -0000 + +rpki (0.5042) UNRELEASED; urgency=low + * Get rid of silly "r" prefix on version number for FreeBSD + packages, among other reasons so that we can have the same version + numbers on FreeBSD and Ubuntu, doh. + -- sra Tue, 19 Feb 2013 02:20:28 -0000 + +rpki (0.5041) UNRELEASED; urgency=low + * Install generated debian/changelog, now that we generate ones that + debuild accepts. + -- sra Mon, 18 Feb 2013 07:17:57 -0000 + +rpki (0.5040) UNRELEASED; urgency=low + * debuild et al are picky about format of email addresses. + + For some reason debuild now cares about "make test" failing (which + it always has on package builds, because of MySQL setup + requirements, but debuild used to ignore that), so tweak rules to + skip the test suite. + -- sra Mon, 18 Feb 2013 06:58:51 -0000 + +rpki (0.5039) UNRELEASED; urgency=low + * Script to automate debian/changelogs. + -- sra Mon, 18 Feb 2013 05:46:00 -0000 + +rpki (0.5038) UNRELEASED; urgency=low + * Add rc.d script. + -- sra Sun, 17 Feb 2013 10:05:49 -0000 + +rpki (0.5037) UNRELEASED; urgency=low + * Debug pkg-plist generation. + -- sra Mon, 11 Feb 2013 05:27:59 -0000 + +rpki (0.5036) UNRELEASED; urgency=low + * pkg-plist generation hacks. + -- sra Mon, 11 Feb 2013 03:04:05 -0000 + +rpki (0.5035) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Mon, 11 Feb 2013 02:25:18 -0000 + +rpki (0.5034) UNRELEASED; urgency=low + * Add --disable-rp-tools, for package building. + -- sra Mon, 11 Feb 2013 02:18:42 -0000 + +rpki (0.5030) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Tue, 05 Feb 2013 21:04:06 -0000 + +rpki (0.5028) UNRELEASED; urgency=low + * Run daemons as root for now, come back to permission issues when + everything else works as expected. + -- sra Tue, 05 Feb 2013 04:41:02 -0000 + +rpki (0.5027) UNRELEASED; urgency=low + * Clean up debian/ directory, enable upstart. + -- sra Tue, 05 Feb 2013 00:12:49 -0000 + +rpki (0.5026) UNRELEASED; urgency=low + * Install sample rpki.conf, since we don't (yet?) have a good way to + generate one automatically during installation. Installation + dialog is probably not the right way to go, some kind of setup + wizard script for the user to run after installation is probably a + better bet. + -- sra Mon, 04 Feb 2013 23:09:34 -0000 + +rpki (0.5025) UNRELEASED; urgency=low + * Tweak directory ownerships on Debian install, and add a few more + bits to rpki-ca.upstart while we're at it. + -- sra Mon, 04 Feb 2013 05:36:12 -0000 + +rpki (0.5024) UNRELEASED; urgency=low + * Allow naming tree(s) on command line. + -- sra Mon, 04 Feb 2013 05:31:03 -0000 + +rpki (0.5023) UNRELEASED; urgency=low + * Wrapped debian skeleton. + -- sra Sun, 03 Feb 2013 22:27:01 -0000 + +rpki (0.5022) UNRELEASED; urgency=low + * Helper for generating package skeletons. + -- sra Sun, 03 Feb 2013 22:15:47 -0000 + +rpki (0.5021) UNRELEASED; urgency=low + * Checkpoint. + -- sra Sun, 03 Feb 2013 17:02:21 -0000 + +rpki (0.5020) UNRELEASED; urgency=low + * Change default location of rcynic-html output on FreeBSD to track + the current FreeBSD Apache default, silly though that location may + be. Thanks, Jay! + -- sra Sun, 03 Feb 2013 16:41:33 -0000 + +rpki (0.5019) UNRELEASED; urgency=low + * Don't try to run rcynic-html if parent output directory doesn't + exist. + -- sra Sun, 03 Feb 2013 16:36:45 -0000 + +rpki (0.5018) UNRELEASED; urgency=low + * Doh, don't put in generated rcynic.conf. + -- sra Sun, 03 Feb 2013 16:25:18 -0000 + +rpki (0.5017) UNRELEASED; urgency=low + * Cleanup + -- sra Sun, 03 Feb 2013 05:38:42 -0000 + +rpki (0.5016) UNRELEASED; urgency=low + * Seems /var/run is a temporary filesystem on some platforms. + -- sra Sun, 03 Feb 2013 02:07:39 -0000 + +rpki (0.5015) UNRELEASED; urgency=low + * Typo in pkg-deinstall. + -- sra Sat, 02 Feb 2013 19:46:33 -0000 + +rpki (0.5014) UNRELEASED; urgency=low + * Exit without whining when another process holds the lock. + -- sra Sat, 02 Feb 2013 19:08:34 -0000 + +rpki (0.5013) UNRELEASED; urgency=low + * Wire installed location of scan_roas into installed rtr-origin, so + that we can stop fighting with FreeBSD's odd habit of installing + packaged software in /usr/local/bin while excluding /usr/local/bin + from the default $PATH in system cron jobs and shell scripts. + -- sra Sat, 02 Feb 2013 19:02:11 -0000 + +rpki (0.5012) UNRELEASED; urgency=low + * Need rsync as both build and runtime dependency. + -- sra Sat, 02 Feb 2013 08:34:30 -0000 + +rpki (0.5011) UNRELEASED; urgency=low + * OK, now I know why nobody ever uses "install -C". + -- sra Sat, 02 Feb 2013 08:19:35 -0000 + +rpki (0.5010) UNRELEASED; urgency=low + * rcynic requires rsync, doh. + -- sra Sat, 02 Feb 2013 07:56:31 -0000 + +rpki (0.5009) UNRELEASED; urgency=low + * Fun with DESTDIR. + -- sra Sat, 02 Feb 2013 07:22:08 -0000 + +rpki (0.5008) UNRELEASED; urgency=low + * Beat FreeBSD packaging stuff with a club. Might be working now. + -- sra Sat, 02 Feb 2013 06:58:53 -0000 + +rpki (0.5007) UNRELEASED; urgency=low + * Whoops, ac_* variables are lowercase this week. + -- sra Sat, 02 Feb 2013 06:58:27 -0000 + +rpki (0.5006) UNRELEASED; urgency=low + * Doh, write TAL configuration to correct file. + -- sra Sat, 02 Feb 2013 05:37:46 -0000 + +rpki (0.5005) UNRELEASED; urgency=low + * etc/rc.d/rcynic is only for jails, so it's not in the port + anymore. + -- sra Sat, 02 Feb 2013 05:29:03 -0000 + +rpki (0.5004) UNRELEASED; urgency=low + * Whack FreeBSD port skeleton to track recent changes. + -- sra Sat, 02 Feb 2013 05:00:27 -0000 + +rpki (0.5003) UNRELEASED; urgency=low + * First round of fixes to installation targets. + -- sra Sat, 02 Feb 2013 04:15:51 -0000 + +rpki (0.5002) UNRELEASED; urgency=low + * Finally ready to start testing new rcynic install code. + -- sra Fri, 01 Feb 2013 21:50:18 -0000 + +rpki (0.5001) UNRELEASED; urgency=low + * Checkpoint + -- sra Fri, 01 Feb 2013 18:38:48 -0000 + +rpki (0.5000) UNRELEASED; urgency=low + * Cleanup. + -- sra Fri, 01 Feb 2013 13:22:19 -0000 + +rpki (0.4999) UNRELEASED; urgency=low + * chown() lock file to rcynic user when creating it as root. + -- sra Fri, 01 Feb 2013 05:08:08 -0000 + +rpki (0.4998) UNRELEASED; urgency=low + * Add rcynic-cron. + -- sra Fri, 01 Feb 2013 03:17:34 -0000 + +rpki (0.4997) UNRELEASED; urgency=low + * Merge from trunk. + -- sra Thu, 31 Jan 2013 22:10:02 -0000 + +rpki (0.4995) UNRELEASED; urgency=low + * Checkpoint + -- sra Thu, 31 Jan 2013 21:56:29 -0000 + +rpki (0.4989) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Thu, 31 Jan 2013 05:04:39 -0000 + +rpki (0.4988) UNRELEASED; urgency=low + * Checkpoint + -- sra Thu, 31 Jan 2013 05:03:04 -0000 + +rpki (0.4980) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Fri, 25 Jan 2013 07:41:00 -0000 + +rpki (0.4978) UNRELEASED; urgency=low + * Pull from trunk. + -- sra Fri, 25 Jan 2013 05:09:38 -0000 + rpki (0.4976) UNRELEASED; urgency=low * Test update to changelog. @@ -28,10 +249,20 @@ with open('debian/compat', "wb") as f: with open('debian/control', "wb") as f: f.write('''\ +# Dependencies on python-pip are a temporary hack, so that we can +# install recent versions of django and south during Singapore +# hackathon without messing about with setting up our own apt +# repository. In the longer run, the dependencies on python-pip +# should go away, and we should dependencies on python-django and +# python-south with the right version numbers. +# +# Also see the pip install stuff in rpki-ca.postinst, which is part of +# the same kludge. + Source: rpki Priority: extra Maintainer: Rob Austein -Build-Depends: debhelper (>= 8.0.0), autotools-dev, xsltproc, python (>= 2.7), python-all-dev, python-setuptools, python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml +Build-Depends: debhelper (>= 8.0.0), autotools-dev, xsltproc, python (>= 2.7), python-all-dev, python-setuptools, python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-vobject, python-yaml Standards-Version: 3.9.3 Homepage: http://trac.rpki.net/ Vcs-Svn: http://subvert-rpki.hactrn.net/ @@ -46,7 +277,7 @@ Description: rpki.net relying party tools Package: rpki-ca Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, xsltproc, python (>= 2.7), python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-django, python-vobject, python-yaml +Depends: ${shlibs:Depends}, ${misc:Depends}, xsltproc, python (>= 2.7), python-pip, python-lxml, libxml2-utils, mysql-client, mysql-server, python-mysqldb, python-vobject, python-yaml Description: rpki.net certification authority tools "Certification authority" tools for issuing RPKI certificates and related objects using the rpki.net toolkit. @@ -240,6 +471,44 @@ setup_rpkid_group() { fi } +# This is kind of sick, but the versions of Django and and South that +# ship with Ubuntu 12.04 LTS are too old, so we need to install from +# PyPi if we can. If the user has already done that, great, otherwise +# we try to do it here. Clearly this is not what we want in the long +# run, but neither rae the OpenSSL library hacks. +# +# Basic approach here is copied from what we do in configure.ac. + +maybe_install_django() { + if python -c 'import sys, django; sys.exit(0 if django.VERSION < (1, 3, 7) else 1)' 2>/dev/null + then + echo 1>&2 "Unusable version of Django installed, please uninstall it then try again" + exit 1 + fi + + if ! python -c 'import django' 2>/dev/null && + ! pip install django==1.3.7 + then + echo 1>&2 "Unable to install usable version of Django, sorry" + exit 1 + fi +} + +maybe_install_south() { + if python -c 'import sys, south; sys.exit(0 if map(int,south.__version__.split(".")) < [0, 7, 6] else 1)' 2>/dev/null + then + echo 1>&2 "Unusable version of South installed, please uninstall it then try again" + exit 1 + fi + + if ! python -c 'import south' 2>/dev/null && + ! pip install South==0.7.6 + then + echo 1>&2 "Unable to install usable version of Django, sorry" + exit 1 + fi +} + # summary of how this script can be called: # * `configure' # * `abort-upgrade' @@ -257,6 +526,8 @@ case "$1" in configure) setup_rpkid_group setup_rpkid_user + maybe_install_django + maybe_install_south ;; abort-upgrade|abort-remove|abort-deconfigure) -- cgit v1.2.3 From f419595c47e338978c3263d22085e75d452f7283 Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sat, 23 Feb 2013 13:25:46 +0000 Subject: Add dependency on xinetd. svn path=/branches/tk377/; revision=5057 --- buildtools/debian-package-skeleton.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index 12e07e84..e872b768 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -270,7 +270,7 @@ Vcs-Browser: http://trac.rpki.net/browser Package: rpki-rp Architecture: any -Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.7), rrdtool, rsync +Depends: ${shlibs:Depends}, ${misc:Depends}, python (>= 2.7), rrdtool, rsync, xinetd Description: rpki.net relying party tools "Relying party" validation tools from the rpki.net toolkit. See the online documentation at http://rpki.net/. -- cgit v1.2.3 From 1fd335a1a460b754b191ebb3988782512c42f3ee Mon Sep 17 00:00:00 2001 From: Rob Austein Date: Sun, 24 Feb 2013 04:52:32 +0000 Subject: Debug xinetd setup. svn path=/branches/tk377/; revision=5061 --- buildtools/debian-package-skeleton.py | 38 +++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) (limited to 'buildtools/debian-package-skeleton.py') diff --git a/buildtools/debian-package-skeleton.py b/buildtools/debian-package-skeleton.py index e872b768..e169fd2c 100644 --- a/buildtools/debian-package-skeleton.py +++ b/buildtools/debian-package-skeleton.py @@ -8,6 +8,38 @@ os.makedirs('debian') with open('debian/changelog', "wb") as f: f.write('''\ +rpki (0.5059) UNRELEASED; urgency=low + * Not using MANIFEST.in. + -- sra Sun, 24 Feb 2013 03:24:07 -0000 + +rpki (0.5060) UNRELEASED; urgency=low + * First build, then install, doh. + -- sra Sun, 24 Feb 2013 03:33:30 -0000 + +rpki (0.5059) UNRELEASED; urgency=low + * Not using MANIFEST.in. + -- sra Sun, 24 Feb 2013 03:24:07 -0000 + +rpki (0.5058) UNRELEASED; urgency=low + * inetd/xinetd listener for rpki-rtr on source code installation, + also needed for Ubuntu package. + -- sra Sun, 24 Feb 2013 03:22:00 -0000 + +rpki (0.5057) UNRELEASED; urgency=low + * Add dependency on xinetd. + -- sra Sat, 23 Feb 2013 13:25:46 -0000 + +rpki (0.5056) UNRELEASED; urgency=low + * More post-installation: add rpki-rtr listener to /etc/services and + /etc/inetd.conf, create a few missing directories. + -- sra Sat, 23 Feb 2013 12:22:10 -0000 + +rpki (0.5054) UNRELEASED; urgency=low + * Hack to use pip to install recent versions of Django and South. + Probably should be replaced by our own APT repository at some + point, but this seems to work. + -- sra Fri, 22 Feb 2013 03:48:54 -0000 + rpki (0.5051) UNRELEASED; urgency=low * Pull from trunk. -- sra Thu, 21 Feb 2013 01:17:22 -0000 @@ -608,6 +640,7 @@ with open('debian/rpki-rp.install', "wb") as f: f.write('''\ etc/rcynic.conf etc/rpki/trust-anchors +etc/xinetd.d/rpki-rtr usr/bin var/rcynic ''') @@ -682,6 +715,10 @@ setup_rcynic_cron() { crontab -u rcynic - } +setup_rpki_rtr_listener() { + killall -HUP xinetd +} + # summary of how this script can be called: # * `configure' # * `abort-upgrade' @@ -701,6 +738,7 @@ case "$1" in setup_rcynic_user setup_rcynic_ownership setup_rcynic_cron + setup_rpki_rtr_listener ;; abort-upgrade|abort-remove|abort-deconfigure) -- cgit v1.2.3