Commit be1e168f authored by Patrick J Cherry's avatar Patrick J Cherry
Browse files

merge

parents 10a6a4ed e730ca05
...@@ -16,7 +16,7 @@ Building The Packages ...@@ -16,7 +16,7 @@ Building The Packages
You should be able to build all packages via : You should be able to build all packages via :
rake all make all
Once you're done you'll see a bunch of .deb files in the current Once you're done you'll see a bunch of .deb files in the current
directory. Failures are going to be hard to spot, so do look over directory. Failures are going to be hard to spot, so do look over
...@@ -24,20 +24,4 @@ Building The Packages ...@@ -24,20 +24,4 @@ Building The Packages
(Mostly failures will be due to lack of build-dependencies.) (Mostly failures will be due to lack of build-dependencies.)
Changing branches
-----------------
This repo contains branches.
* lenny
* lenny-backports
* default
The default branch is currently tracking Debian squeeze. To changes branches run
hg update -C lenny
and substitute lenny for the branch you want.
...@@ -12,7 +12,7 @@ AVAILABLE_BUILD_ARCH=["amd64", "i386"] ...@@ -12,7 +12,7 @@ AVAILABLE_BUILD_ARCH=["amd64", "i386"]
CLEAN.add %w(Release.asc Packages.new Sources.new Release.new *-stamp) CLEAN.add %w(Release.asc Packages.new Sources.new Release.new *-stamp)
CLOBBER.add %w(Packages Sources Packages.gz Sources.gz Release Release.gpg *.deb *.tar.gz *.build *.diff.gz *.dsc *.changes) CLOBBER.add %w(Packages Sources Packages.gz Sources.gz Release Release.gpg *.deb *.tar.gz *.build *.diff.gz *.dsc *.changes)
DISTRO = File.basename(FileUtils.pwd) DISTRO = "lenny"
# #
# Monkey patch rake to output on stdout like normal people # Monkey patch rake to output on stdout like normal people
...@@ -95,7 +95,7 @@ def upstream_version(debian_version) ...@@ -95,7 +95,7 @@ def upstream_version(debian_version)
$2 $2
end end
task :default => [:all] task :default => [:build]
desc "Verify integrity of packages using lintian" desc "Verify integrity of packages using lintian"
task :lintian => ["lintian-stamp"] task :lintian => ["lintian-stamp"]
...@@ -145,7 +145,7 @@ rule '.gz' => [ proc {|t| t.sub(/.gz$/,"") } ] do |t| ...@@ -145,7 +145,7 @@ rule '.gz' => [ proc {|t| t.sub(/.gz$/,"") } ] do |t|
end end
desc "Generate Release.gpg" desc "Generate Release.gpg"
task :all => [ "Release.gpg" ] task :build => [ "Release.gpg" ]
desc "Generate Packages file" desc "Generate Packages file"
file "Packages" => package_changess do |t| file "Packages" => package_changess do |t|
...@@ -314,33 +314,36 @@ rsync_args = %w( ...@@ -314,33 +314,36 @@ rsync_args = %w(
rsync_excludes = %w(*/ Makefile Rakefile TODO README .hgignore AUTOBUILD .hgtags) rsync_excludes = %w(*/ Makefile Rakefile TODO README .hgignore AUTOBUILD .hgtags)
hg_number = `hg id -n -r tip`.chomp hg_number = `hg id -i -r tip`.chomp
release = "current" htdocs_home = File.join(ENV['HOME'],"htdocs",DISTRO)
file "#{ENV['HOME']}/htdocs/#{hg_number}/Release.gpg" => "Release.gpg" do |t| file "#{htdocs_home}/#{hg_number}/Release.gpg" => "Release.gpg" do |t|
cmd = %w(rsync) + rsync_args cmd = %w(rsync) + rsync_args
rsync_excludes.each do |ex| rsync_excludes.each do |ex|
cmd << "--exclude '#{ex}'" cmd << "--exclude '#{ex}'"
end end
sh "#{cmd.join(" ")} --times $PWD/ #{ENV['HOME']}/htdocs/#{hg_number}" sh "#{cmd.join(" ")} --times $PWD/ #{htdocs_home}/#{hg_number}"
rm "#{ENV['HOME']}/htdocs/#{release}" rm "#{htdocs_home}/latest" if File.exists?("#{htdocs_home}/latest")
end end
file "#{ENV["HOME"]}/htdocs/#{release}" => "#{ENV['HOME']}/htdocs/#{hg_number}/Release.gpg" do |t| file "#{htdocs_home}/latest" => "#{htdocs_home}/#{hg_number}/Release.gpg" do |t|
sh "cd #{ENV["HOME"]}/htdocs && ln -sf #{hg_number} #{release}" sh "cd #{htdocs_home} && ln -sf #{hg_number} latest"
end end
AVAILABLE_BUILD_ARCH.each do |arch| AVAILABLE_BUILD_ARCH.each do |arch|
file "#{ENV["HOME"]}/htdocs/#{release}/#{arch}" => "#{ENV["HOME"]}/htdocs/#{release}" do |t| file "#{htdocs_home}/latest/#{arch}" => "#{htdocs_home}/latest" do |t|
sh "cd #{t.prerequisites.first} && ln -sf . #{arch}" sh "cd #{t.prerequisites.first} && ln -sf . #{arch}"
end end
end end
desc "Upload packages to the local tree" desc "Upload packages to the local tree"
task "upload" => AVAILABLE_BUILD_ARCH.collect{|arch| "#{ENV["HOME"]}/htdocs/#{release}/#{arch}"} task "upload" => AVAILABLE_BUILD_ARCH.collect{|arch| "#{htdocs_home}/latest/#{arch}"}
desc "Upload packages to mirror. !DANGER!" desc "Upload packages to mirror. !DANGER!"
task "upload-live" => ["#{ENV['HOME']}/htdocs/lenny"] + AVAILABLE_BUILD_ARCH.collect{|arch| "#{ENV["HOME"]}/htdocs/lenny/#{arch}"} do |t| task "upload-live" => ["#{htdocs_home}/lenny"] + AVAILABLE_BUILD_ARCH.collect{|arch| "#{htdocs_home}/lenny/#{arch}"} do |t|
sh "rsync -Pr --delete #{t.prerequisites.first}/ repo@mirroir.sh:htdocs/symbiosis/lenny/" sh "rsync -Pr --delete #{t.prerequisites.first}/ repo@mirroir.sh:htdocs/symbiosis/lenny/"
end end
desc "Complete build cycle"
task "clean_build_and_upload" => %w(clobber build upload)
####
##
#
# DO NOT EDIT THIS FILE - CHANGES WILL BE OVERWRITTEN
#
# This file is automatically generated from the template located at
# /etc/symbiosis/apache.d/ssl.template.erb
#
# If you absolutely MUST make changes, then please apply them to
# the master template file. Then run the following command to
# make them live:
#
# create-ssl-sites --force --verbose
#
##
###
##
#
# For SSL documenation please consult:
#
# http://symbiosis.bytemark.co.uk/docs/ch-ssl-hosting.html
#
##
###
NameVirtualHost <%= ip %>:443
<VirtualHost <%= ip %>:443>
ServerName <%= domain %>
ServerAlias www.<%= domain %>
SSLEngine On
#
# The certificate, key, and intermediate bundle (if needed)
#
<%= certificate %>
<%= bundle %>
#
# Sane SSL ciphers.
#
SSLCipherSuite ALL:!LOW:!SSLv2:!EXP:!aNULL
#
# And some options
#
SSLOptions +StrictRequire
#
# This is the directory people are redirected to
# if their site is empty.
#
Alias /bytemark/ "/usr/share/symbiosis-static/"
<Directory "/usr/share/symbiosis-static/">
DirectoryIndex index.html
AllowOverride None
</Directory>
#
# Allow users to override settings via .htaccess
#
<Directory <%=domain_directory%> >
AllowOverride all
</Directory>
#
# And this makes that redirection happen.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /bytemark/
</LocationMatch>
#
# The document root
#
DocumentRoot <%= domain_directory %>/public/htdocs
#
# General CGI Handling
#
ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
#
# We need to log the virtual hostname the incoming request was
# made against, so that the cron-job in /etc/cron.daily may generate
# statistics for each domain.
#
ErrorLog /var/log/apache2/<%= domain %>.ssl.error.log
CustomLog /var/log/apache2/<%= domain %>.ssl.access.log combined
</VirtualHost>
NameVirtualHost <%= ip %>:80
<VirtualHost <%= ip %>:80>
<% if mandatory_ssl? %>
#
# All accesses redirect to the HTTPS version of
# the site.
#
Redirect / https://<%= domain %>/
<% else %>
#
# This is the directory people are redirected to
# if their site is empty.
#
Alias /bytemark/ "/usr/share/symbiosis-static/"
<Directory "/usr/share/symbiosis-static/">
DirectoryIndex index.html
AllowOverride None
</Directory>
#
# Allow users to override settings via .htaccess
#
<Directory <%=domain_directory%> >
AllowOverride all
</Directory>
#
# And this makes that redirection happen.
#
<LocationMatch "^/+$">
Options -Indexes
ErrorDocument 403 /bytemark/
</LocationMatch>
#
# The document root
#
DocumentRoot <%= domain_directory %>/public/htdocs/
#
# General CGI Handling
#
ScriptAlias /cgi-bin/ <%= domain_directory %>/public/cgi-bin/
<Location /cgi-bin>
Options +ExecCGI
</Location>
#
# We need to log the virtual hostname the incoming request was
# made against, so that the cron-job in /etc/cron.daily may generate
# statistics for each domain.
#
ErrorLog /var/log/apache2/<%= domain %>.error.log
CustomLog /var/log/apache2/<%= domain %>.access.log combined
<% end %>
</VirtualHost>
#!/usr/bin/ruby
#
# NAME
#
# create-ssl-sites -- Auto-configure SSL sites
#
# SYNOPSIS
#
# General Options:
#
# --force Force the re-creation of all SSL sites.
# --template Specify an alternative template file to read.
#
# Help Options:
#
# --help Show the help information for this script.
# --verbose Show debugging information.
#
# DETAILS
#
# This script is designed to iterate over the domains hosted
# upon a Symbiosis system, and configure Apache to listen appropriate
# when a domain is configured for SSL hosting and not yet configured.
#
# AUTHOR
#
# Steve Kemp <steve@bytemark.co.uk>
#
require 'erb'
require 'getoptlong'
require 'symbiosis/domains.rb'
#
# A helper class which copes with SSL-domains.
#
#
class SSLConfiguration
#
# The domain this object is working with.
#
attr_reader :domain
#
# Constructor.
#
def initialize( domain )
@domain = domain
end
#
# Is SSL enabled for the domain?
#
# SSL is enabled if we have:
#
# /srv/$domain/config/ip
#
# And one of:
#
# /srv/$domain/config/ssl.key
# /srv/$doamin/config/ssl.combined
#
def ssl_enabled?
#
# SSL is never enabled unless we have /config/ip
#
if ( ! File.exists?( "/srv/#{@domain}/config/ip" ) )
return false
end
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) ||
File.exists?( "/srv/#{@domain}/config/ssl.combined" ) )
true
else
false
end
end
#
# Is there an Apache site enabled for this domain?
#
def site_enabled?
File.exists?( "/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
#
# Do we redirect to the SSL only version of this site?
#
def mandatory_ssl?
if ( File.exists?( "/srv/#{@domain}/config/ssl-only" ) )
true
else
false
end
end
#
# Remove the apache file.
#
def remove_site
if ( File.exists?( "/etc/apache2/sites-enabled/#{@domain}.ssl" ) )
File.unlink( "/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
if ( File.exists?( "/etc/apache2/sites-available/#{@domain}.ssl" ) )
File.unlink( "/etc/apache2/sites-available/#{@domain}.ssl" )
end
end
#
# Get the IP for this domain.
#
def ip
File.open("/srv/#{@domain}/config/ip"){|fh| fh.readlines}.first.chomp
end
#
# Return the bundle configuration to use, if any.
#
def bundle
if ( File.exists?( "/srv/#{@domain}/config/ssl.bundle" ) )
"SSLCertificateChainFile /srv/#{@domain}/config/ssl.bundle"
else
""
end
end
#
# Return the certificate file
#
def certificate
if ( File.exists?( "/srv/#{@domain}/config/ssl.combined" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.combined"
end
#
# OK we might have the combined values in "ssl.key", or we might
# have "ssl.key" + "ssl.cert"
#
# If both the latter exist we'll treat them separately.
#
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) &&
File.exists?( "/srv/#{@domain}/config/ssl.cert" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.key\nSSLCertificateKeyFile /srv/#{@domain}/config/ssl.cert"
end
#
# We hope like hell we have ssl.key which is a combined one.
#
if ( File.exists?( "/srv/#{@domain}/config/ssl.key" ) )
return "SSLCertificateFile /srv/#{@domain}/config/ssl.key"
end
""
end
#
# Update Apache to create a site for this domain.
#
def create_ssl_site( tf = nil )
#
# If we have no template file use the default.
#
tf = "/etc/symbiosis/apache.d/ssl.template.erb" if ( tf.nil?)
#
# Read the template file.
#
content = File.open( tf, "r" ).read()
#
# Create a template object.
#
template = ERB.new( content )
#
# Write out to sites-enabled
#
File.open( "/etc/apache2/sites-available/#{@domain}.ssl", "w" ) do |file|
file.write template.result(binding)
end
#
# Now link in the file
#
File.symlink( "/etc/apache2/sites-available/#{@domain}.ssl",
"/etc/apache2/sites-enabled/#{@domain}.ssl" )
end
#
# Does the SSL site need updating because a file is more
# recent than the generated Apache site?
#
def outdated?
#
# creation time of the (previously generated) SSL-site.
#
site = File.mtime( "/etc/apache2/sites-available/#{@domain}.ssl" )
#
# For each configuration file see if it is more recent
#
files = %w( ssl.combined ssl.key ssl.bundle ip )
files.each do |file|
if ( File.exists?( "/srv/#{@domain}/config/#{file}" ) )
mtime = File.mtime("/srv/#{@domain}/config/#{file}" )
if ( mtime > site )
return true
end
end
end
false
end
end
#
# Entry point to the code
#
if __FILE__ == $0 then
$FORCE = false
$HELP = false
$TEMPLATE = nil
$VERBOSE = false
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--verbose', '-v', GetoptLong::NO_ARGUMENT ],
[ '--template', '-t', GetoptLong::REQUIRED_ARGUMENT ],
[ '--force', '-f', GetoptLong::NO_ARGUMENT ]
)
opts.each do |opt, arg|
case opt
when '--help'
$HELP = true
when '--verbose'
$VERBOSE = true
when '--template'
$TEMPLATE = arg
when '--force'
$FORCE = true
end
end
#
# CAUTION! Here be quality kode.
#
if $HELP
# Open the file, stripping the shebang line
lines = File.open(__FILE__){|fh| fh.readlines}[2..-1]
lines.each do |line|
line.chomp!
break if line.empty?
puts line[2..-1].to_s
end
exit 0
end
#
# Do we need to restart apache?
#
$RESTART=false
#
# For each domain.
#
helper = Symbiosis::Domains.new()
helper.domains.each do |domain|
puts "Domain: #{domain} " if ( $VERBOSE )
#
# Create a helper for the domain.
#
helper = SSLConfiguration.new( domain )
#
# If SSL is not enabled then we can skip
#
if ( helper.ssl_enabled? )
puts "\tSSL is enabled" if ( $VERBOSE )
#