Commit be1e168f authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

merge

parents 10a6a4ed e730ca05
......@@ -16,7 +16,7 @@ Building The Packages
You should be able to build all packages via :
rake all
make all
Once you're done you'll see a bunch of .deb files in the current
directory. Failures are going to be hard to spot, so do look over
......@@ -24,20 +24,4 @@ Building The Packages
(Mostly failures will be due to lack of build-dependencies.)
Changing branches
-----------------
This repo contains branches.
* lenny
* lenny-backports
* default
The default branch is currently tracking Debian squeeze. To changes branches run
hg update -C lenny
and substitute lenny for the branch you want.
......@@ -12,7 +12,7 @@ AVAILABLE_BUILD_ARCH=["amd64", "i386"]
CLEAN.add %w(Release.asc Packages.new Sources.new Release.new *-stamp)
CLOBBER.add %w(Packages Sources Packages.gz Sources.gz Release Release.gpg *.deb *.tar.gz *.build *.diff.gz *.dsc *.changes)
DISTRO = File.basename(FileUtils.pwd)
DISTRO = "lenny"
#
# Monkey patch rake to output on stdout like normal people
......@@ -95,7 +95,7 @@ def upstream_version(debian_version)
$2
end
task :default => [:all]
task :default => [:build]
desc "Verify integrity of packages using lintian"
task :lintian => ["lintian-stamp"]
......@@ -145,7 +145,7 @@ rule '.gz' => [ proc {|t| t.sub(/.gz$/,"") } ] do |t|
end
desc "Generate Release.gpg"
task :all => [ "Release.gpg" ]
task :build => [ "Release.gpg" ]
desc "Generate Packages file"
file "Packages" => package_changess do |t|
......@@ -314,33 +314,36 @@ rsync_args = %w(
rsync_excludes = %w(*/ Makefile Rakefile TODO README .hgignore AUTOBUILD .hgtags)
hg_number = `hg id -n -r tip`.chomp
release = "current"
hg_number = `hg id -i -r tip`.chomp
htdocs_home = File.join(ENV['HOME'],"htdocs",DISTRO)
file "#{ENV['HOME']}/htdocs/#{hg_number}/Release.gpg" => "Release.gpg" do |t|
file "#{htdocs_home}/#{hg_number}/Release.gpg" => "Release.gpg" do |t|
cmd = %w(rsync) + rsync_args
rsync_excludes.each do |ex|
cmd << "--exclude '#{ex}'"
end
sh "#{cmd.join(" ")} --times $PWD/ #{ENV['HOME']}/htdocs/#{hg_number}"
rm "#{ENV['HOME']}/htdocs/#{release}"
sh "#{cmd.join(" ")} --times $PWD/ #{htdocs_home}/#{hg_number}"
rm "#{htdocs_home}/latest" if File.exists?("#{htdocs_home}/latest")
end
file "#{ENV["HOME"]}/htdocs/#{release}" => "#{ENV['HOME']}/htdocs/#{hg_number}/Release.gpg" do |t|
sh "cd #{ENV["HOME"]}/htdocs && ln -sf #{hg_number} #{release}"
file "#{htdocs_home}/latest" => "#{htdocs_home}/#{hg_number}/Release.gpg" do |t|
sh "cd #{htdocs_home} && ln -sf #{hg_number} latest"
end
AVAILABLE_BUILD_ARCH.each do |arch|
file "#{ENV["HOME"]}/htdocs/#{release}/#{arch}" => "#{ENV["HOME"]}/htdocs/#{release}" do |t|
file "#{htdocs_home}/latest/#{arch}" => "#{htdocs_home}/latest" do |t|
sh "cd #{t.prerequisites.first} && ln -sf . #{arch}"
end
end
desc "Upload packages to the local tree"
task "upload" => AVAILABLE_BUILD_ARCH.collect{|arch| "#{ENV["HOME"]}/htdocs/#{release}/#{arch}"}
task "upload" => AVAILABLE_BUILD_ARCH.collect{|arch| "#{htdocs_home}/latest/#{arch}"}
desc "Upload packages to mirror. !DANGER!"
task "upload-live" => ["#{ENV['HOME']}/htdocs/lenny"] + AVAILABLE_BUILD_ARCH.collect{|arch| "#{ENV["HOME"]}/htdocs/lenny/#{arch}"} do |t|
task "upload-live" => ["#{htdocs_home}/lenny"] + AVAILABLE_BUILD_ARCH.collect{|arch| "#{htdocs_home}/lenny/#{arch}"} do |t|
sh "rsync -Pr --delete #{t.prerequisites.first}/ repo@mirroir.sh:htdocs/symbiosis/lenny/"
end
desc "Complete build cycle"
task "clean_build_and_upload" => %w(clobber build upload)
####
##
#
# DO NOT EDIT THIS FILE - CHANGES WILL BE OVERWRITTEN
#
# This file is automatically generated from the template located at
# /etc/symbiosis/apache.d/ssl.template.erb
#
# If you absolutely MUST make changes, then please apply them to
# the master template file. Then run the following command to
# make them live:
#
# create-ssl-sites --force --verbose
#
##
###
##
#
# For SSL documenation please consult:
#
# http://symbiosis.bytemark.co.uk/docs/ch-ssl-hosting.html
#
##
###
NameVirtualHost <%= ip %>:443
<VirtualHost <%= ip %>:443>
ServerName <%= domain %>
ServerAlias www.<%= domain %>
SSLEngine On
#
# The certificate, key, and intermediate bundle (if needed)
#
<%= certificate %>
<%= bundle %>
#
# Sane SSL ciphers.
#
SSLCipherSuite ALL:!LOW:!SSLv2:!EXP:!aNULL
#
# And some options
#
SSLOptions +StrictRequire
#
# This is the directory people are redirected to
# if their site is empty.
#
Alias /bytemark/ "/usr/share/symbiosis-static/"
<Directory "/usr/share/symbiosis-static/">
DirectoryIndex index.html
AllowOverride None
</Directory>
#
# Allow users to override settings via .htaccess
#
<Directory <%=domain_directory%> >
AllowOverride all
</Directory>
#
# And this makes that redirection happen.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /bytemark/
</LocationMatch>
#
# The document root
#
DocumentRoot <%= domain_directory %>/public/htdocs
#
# General CGI Handling
#
ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
#
# We need to log the virtual hostname the incoming request was
# made against, so that the cron-job in /etc/cron.daily may generate
# statistics for each domain.
#
ErrorLog /var/log/apache2/<%= domain %>.ssl.error.log
CustomLog /var/log/apache2/<%= domain %>.ssl.access.log combined
</VirtualHost>
NameVirtualHost <%= ip %>:80
<VirtualHost <%= ip %>:80>
<% if mandatory_ssl? %>
#
# All accesses redirect to the HTTPS version of
# the site.
#
Redirect / https://<%= domain %>/
<% else %>
#
# This is the directory people are redirected to
# if their site is empty.
#
Alias /bytemark/ "/usr/share/symbiosis-static/"
<Directory "/usr/share/symbiosis-static/">
DirectoryIndex index.html
AllowOverride None
</Directory>
#
# Allow users to override settings via .htaccess
#
<Directory <%=domain_directory%> >
AllowOverride all
</Directory>
#
# And this makes that redirection happen.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /bytemark/
</LocationMatch>
#
# The document root
#
DocumentRoot <%= domain_directory %>/public/htdocs/
#
# General CGI Handling
#
ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
#
# We need to log the virtual hostname the incoming request was
# made against, so that the cron-job in /etc/cron.daily may generate
# statistics for each domain.
#
ErrorLog /var/log/apache2/<%= domain %>.error.log
CustomLog /var/log/apache2/<%= domain %>.access.log combined
<% end %>
</VirtualHost>
#!/usr/bin/ruby
#
# NAME
#
# create-ssl-sites -- Auto-configure SSL sites
#
# SYNOPSIS
#
# General Options:
#
# --force Force the re-creation of all SSL sites.
# --template Specify an alternative template file to read.
#
# Help Options:
#
# --help Show the help information for this script.
# --verbose Show debugging information.
#
# DETAILS
#
# This script is designed to iterate over the domains hosted
# upon a Symbiosis system, and configure Apache to listen appropriate
# when a domain is configured for SSL hosting and not yet configured.
#
# AUTHOR
#
# Steve Kemp <steve@bytemark.co.uk>
#
require 'erb'
require 'getoptlong'
require 'symbiosis/domains.rb'
#
# A helper class which copes with SSL-domains.
#
#
class SSLConfiguration
#
# The domain this object is working with.
#
attr_reader :domain
#
# Constructor.
#
def initialize( domain )
@domain = domain
end
#
# Is SSL enabled for the domain?
#
# SSL is enabled if we have:
#
# /srv/$domain/config/ip
#
# And one of:
#
# /srv/$domain/config/ssl.key
# /srv/$doamin/config/ssl.combined
#
def ssl_enabled?
#
# SSL is never enabled unless we have /config/ip
#
if ( ! File.exists?( "/srv/#{@domain}/config/ip" ) )
return false
end
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) ||
File.exists?( "/srv/#{@domain}/config/ssl.combined" ) )
true
else
false
end
end
#
# Is there an Apache site enabled for this domain?
#
def site_enabled?
File.exists?( "/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
#
# Do we redirect to the SSL only version of this site?
#
def mandatory_ssl?
if ( File.exists?( "/srv/#{@domain}/config/ssl-only" ) )
true
else
false
end
end
#
# Remove the apache file.
#
def remove_site
if ( File.exists?( "/etc/apache2/sites-enabled/#{@domain}.ssl" ) )
File.unlink( "/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
if ( File.exists?( "/etc/apache2/sites-available/#{@domain}.ssl" ) )
File.unlink( "/etc/apache2/sites-available/#{@domain}.ssl" )
end
end
#
# Get the IP for this domain.
#
def ip
File.open("/srv/#{@domain}/config/ip"){|fh| fh.readlines}.first.chomp
end
#
# Return the bundle configuration to use, if any.
#
def bundle
if ( File.exists?( "/srv/#{@domain}/config/ssl.bundle" ) )
"SSLCertificateChainFile /srv/#{@domain}/config/ssl.bundle"
else
""
end
end
#
# Return the certificate file
#
def certificate
if ( File.exists?( "/srv/#{@domain}/config/ssl.combined" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.combined"
end
#
# OK we might have the combined values in "ssl.key", or we might
# have "ssl.key" + "ssl.cert"
#
# If both the latter exist we'll treat them separately.
#
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) &&
File.exists?( "/srv/#{@domain}/config/ssl.cert" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.key\nSSLCertificateKeyFile /srv/#{@domain}/config/ssl.cert"
end
#
# We hope like hell we have ssl.key which is a combined one.
#
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.key"
end
""
end
#
# Update Apache to create a site for this domain.
#
def create_ssl_site( tf = nil )
#
# If we have no template file use the default.
#
tf = "/etc/symbiosis/apache.d/ssl.template.erb" if ( tf.nil?)
#
# Read the template file.
#
content = File.open( tf, "r" ).read()
#
# Create a template object.
#
template = ERB.new( content )
#
# Write out to sites-enabled
#
File.open( "/etc/apache2/sites-available/#{@domain}.ssl", "w" ) do |file|
file.write template.result(binding)
end
#
# Now link in the file
#
File.symlink( "/etc/apache2/sites-available/#{@domain}.ssl",
"/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
#
# Does the SSL site need updating because a file is more
# recent than the generated Apache site?
#
def outdated?
#
# creation time of the (previously generated) SSL-site.
#
site = File.mtime( "/etc/apache2/sites-available/#{@domain}.ssl" )
#
# For each configuration file see if it is more recent
#
files = %w( ssl.combined ssl.key ssl.bundle ip )
files.each do |file|
if ( File.exists?( "/srv/#{@domain}/config/#{file}" ) )
mtime = File.mtime("/srv/#{@domain}/config/#{file}" )
if ( mtime > site )
return true
end
end
end
false
end
end
#
# Entry point to the code
#
if __FILE__ == $0 then
$FORCE = false
$HELP = false
$TEMPLATE = nil
$VERBOSE = false
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
[ '--template', '-t', GetoptLong::REQUIRED_ARGUMENT ],
[ '--force', '-f', GetoptLong::NO_ARGUMENT ]
)
opts.each do |opt, arg|
case opt
when '--help'
$HELP = true
when '--verbose'
$VERBOSE = true
when '--template'
$TEMPLATE = arg
when '--force'
$FORCE = true
end
end
#
# CAUTION! Here be quality kode.
#
if $HELP
# Open the file, stripping the shebang line
lines = File.open(__FILE__){|fh| fh.readlines}[2..-1]
lines.each do |line|
line.chomp!
break if line.empty?
puts line[2..-1].to_s
end
exit 0
end
#
# Do we need to restart apache?
#
$RESTART=false
#
# For each domain.
#
helper = Symbiosis::Domains.new()
helper.domains.each do |domain|
puts "Domain: #{domain} " if ( $VERBOSE )
#
# Create a helper for the domain.
#
helper = SSLConfiguration.new( domain )
#
# If SSL is not enabled then we can skip
#
if ( helper.ssl_enabled? )
puts "\tSSL is enabled" if ( $VERBOSE )
#
# If there is already a site enabled we only
# need to touch it if one of the SSL-files is more
# recent than the generated file.
#
# e.g. User adds /config/ssl.combined and a site
# is generated but broken because a mandatory bundle is missing.
#
if ( helper.site_enabled? )
puts "\tSite already present" if ( $VERBOSE )
if ( $FORCE || ( helper.outdated? ) )
if ( $FORCE )
puts "\tForcing re-creation due to --force" if ( $VERBOSE )
else
puts "\tRecreating as it is older than the input file(s)" if ( $VERBOSE )
end
helper.remove_site()
helper.create_ssl_site( $TEMPLATE )
$RESTART = true
else
puts "\tLeaving as-is" if ( $VERBOSE )
end
else
puts "\tSite not already present" if ( $VERBOSE )