Index: installers/debian/openacs/config =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/config,v diff -u -r1.1 -r1.2 --- installers/debian/openacs/config 4 Apr 2008 14:10:31 -0000 1.1 +++ installers/debian/openacs/config 18 Sep 2008 17:42:25 -0000 1.2 @@ -7,7 +7,7 @@ db_capb backup STATE=1 -while [ "$STATE" != 0 -a "$STATE" != 12 ] +while [ "$STATE" != 0 -a "$STATE" != 13 ] do case "$STATE" in 1) @@ -17,6 +17,7 @@ if [ ! -z "$RET" ]; then STATE=2 fi + pg_host="$RET" else STATE=1 fi @@ -73,6 +74,7 @@ if [ ! -z "$RET" ]; then STATE=7 fi + pg_user="$RET" else STATE=2 fi @@ -97,7 +99,18 @@ if [ "$RET" != "$CONFIRM" ]; then STATE=9 else - STATE=10 + # Check if host is localhost, user is not www-data and password is not null, + # to change the postgresql access permissions properly. + if { [ "$pg_host" = "localhost" ] && [ "$pg_user" != "www-data" ]; } then + STATE=10 + if [ "A$RET" != "A" ]; then + pg_pass_blank="false" + else + pg_pass_blank="true" + fi + else + STATE=11 + fi fi else STATE=6 @@ -110,7 +123,21 @@ STATE=6 ;; - 10) + + 10) db_input critical openacs/pg_grant_access || true + db_go + db_get openacs/pg_grant_access || true + if [ "$RET" = false ]; then + if [ "$pg_pass_blank" = "true" ]; then + db_input critical openacs/pg_grant_access_manual_blank_pass || true + else + db_input critical openacs/pg_grant_access_manual || true + fi + fi + STATE=11 + ;; + + 11) # Check if tsearch tables exists dbname=template1 db_get openacs/db_host @@ -137,13 +164,13 @@ err=1 echo $error fi - STATE=11 + STATE=12 ;; - 11) + 12) db_input critical openacs/create_tables || true db_go - STATE=12 + STATE=13 ;; esac done Index: installers/debian/openacs/control =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/control,v diff -u -r1.6 -r1.7 --- installers/debian/openacs/control 6 Aug 2008 06:08:24 -0000 1.6 +++ installers/debian/openacs/control 18 Sep 2008 17:42:25 -0000 1.7 @@ -9,7 +9,7 @@ Package: openacs Architecture: all Depends: ${misc:Depends}, aolserver4, aolserver4-nscache, aolserver4-nspostgres, aolserver4-nssha1, postgresql-client, adduser, tclthread (>= 1:2.6.5-3), tcllib, tcl8.4, wwwconfig-common, debconf, xotcl, aolserver4-xotcl, imagemagick, zip, unzip, tdom (>= 0.8.3~20080525) -Recommends: postgresql, daemontools-installer +Recommends: postgresql, daemontools, daemontools-run Description: Open Architecture Community System OpenACS (Open Architecture Community System) is a toolkit for building scalable, community-oriented web applications. Index: installers/debian/openacs/openacs.lintian-overrides =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/openacs.lintian-overrides,v diff -u -r1.1 -r1.2 --- installers/debian/openacs/openacs.lintian-overrides 4 Apr 2008 14:10:31 -0000 1.1 +++ installers/debian/openacs/openacs.lintian-overrides 18 Sep 2008 17:42:25 -0000 1.2 @@ -20,3 +20,5 @@ openacs: script-not-executable ./usr/share/openacs/packages/acs-core-docs/www/files/svgroup.txt openacs: script-not-executable ./usr/share/openacs/packages/acs-developer-support/www/doc/editlocal.sh.txt openacs: script-not-executable ./usr/share/openacs/packages/acs-core-docs/www/files/deploy +# Override config.tcl modes because the file store passwords. +openacs: non-standard-file-perm etc/openacs/config.tcl 0640 != 0644 Index: installers/debian/openacs/postinst =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/postinst,v diff -u -r1.2 -r1.3 --- installers/debian/openacs/postinst 6 Aug 2008 06:08:24 -0000 1.2 +++ installers/debian/openacs/postinst 18 Sep 2008 17:42:25 -0000 1.3 @@ -39,6 +39,13 @@ db_get openacs/dbu_password dbu_password="$RET" + + db_get openacs/pg_grant_access + if [ ! -z "$RET" ]; then + grant_access="$RET" + else + grant_access="false" + fi } db_not_installed() { @@ -85,7 +92,7 @@ dbadmin=$dba_name dbadmpass=$dba_password dbuser=$dbu_name - dbpass=$dbu_password + dbpass=$dbu_password . /usr/share/wwwconfig-common/pgsql-createuser.sh if [ "$status" = "error" ] @@ -100,18 +107,46 @@ echo $error fi + # Modify the pg_hba.conf to grant openacs user access to postgresql + # 1- Do we want to do that? + if [ "$grant_access" = true ]; then + + # 2- Where is the pg_hba.conf from this database instance? + dbuser=$dba_name + dbpass=$dba_password + . /usr/share/wwwconfig-common/pgsql.get + pg_hba_file=$($pgsqlcmd -c "SELECT * from pg_settings where name='hba_file';" 2>/dev/null | grep hba | cut -d\| -f2) + pg_version=$(echo "$pg_hba_file" | cut -d\/ -f4) + if [ "$status" = "error" ] + then + err=1 + echo $error + else + # 3- Modify the file + # Select connection method + if [ "A$dbu_password" != "A" ]; then + # No Blank Password + pg_conn_method="md5" + else + # Blank Password + pg_conn_method="trust" + fi + # Delete all lines between ## Openacs ... ## and ########### from previous configurations. + # Insert connection line after the first local connection line (the postgres user connection line). + sed -i "/^## Openacs package debconf changes (DO NOT EDIT BYHAND) ##/,/^##########################################################/d;1,/^local/{ + /^local/a ## Openacs package debconf changes (DO NOT EDIT BYHAND) ##\nlocal openacs $dbu_name $pg_conn_method\n########################################################## +} " $pg_hba_file + + # 4-Reload postgresql conf + /etc/init.d/postgresql-"$pg_version" reload + fi + fi + # Modify config.tcl with debconf values - + dbuser=$dbu_name + dbpass=$dbu_password sed -i "/^ set db_host/,/^ set db_user/d;s/## Debconf changes (DO NOT EDIT BYHAND) ##/&\n set db_host $dbserver\n set db_password \"$dbpass\"\n set db_port \"5432\"\n set db_user $dbuser/" /etc/openacs/config.tcl - # Install tsearch2 - #. /usr/share/wwwconfig-common/pgsql-exec.sh - #if [ "$status" = "error" ] - #then - # err=1 - # echo $error - #fi - # Install plpgsql on database and enable compatibility options dbuser=$dba_name dbpass=$dba_password Index: installers/debian/openacs/rules =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/rules,v diff -u -r1.3 -r1.4 --- installers/debian/openacs/rules 26 Jun 2008 11:20:22 -0000 1.3 +++ installers/debian/openacs/rules 18 Sep 2008 17:42:25 -0000 1.4 @@ -63,12 +63,11 @@ debian/openacs/usr/share/openacs/packages/acs-templating/www/resources/htmlarea/examples/test.cgi \ debian/openacs/usr/share/openacs/packages/acs-templating/www/resources/htmlarea/plugins/SpellChecker/spell-check-logic.cgi \ debian/openacs/usr/share/openacs/packages/acs-templating/www/resources/xinha-nightly/plugins/SpellChecker/spell-check-logic.cgi - dh_installdebconf dh_link dh_compress dh_fixperms - + chmod o-rwx debian/openacs/etc/openacs/config.tcl # config.tcl stores passwords!! dh_installdeb dh_gencontrol dh_md5sums Index: installers/debian/openacs/templates =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/templates,v diff -u -r1.1 -r1.2 --- installers/debian/openacs/templates 4 Apr 2008 14:10:31 -0000 1.1 +++ installers/debian/openacs/templates 18 Sep 2008 17:42:25 -0000 1.2 @@ -69,3 +69,30 @@ . After configure, you can change IP and port to listen on /etc/openacs/config.tcl. + +Template: openacs/pg_grant_access +Type: boolean +_Description: Do you want debconf to grant openacs user access on postgresql? + Debconf can modify the postgresql configuration to allow access + to the openacs user by modifying the pg_hba.conf file. + +Template: openacs/pg_grant_access_manual_blank_pass +Type: note +_Description: Grant openacs user access on postgresql + To grant access manually, you have to edit the + /etc/postgresql/8.X/main/pg_hba.conf file, adding a line + like this (replace "user" for your openacs user): + . + # TYPE DATABASE USER CIDR-ADDRESS METHOD + local openacs user trust. + +Template: openacs/pg_grant_access_manual +Type: note +_Description: Grant openacs user access on postgresql + To grant access manually, you have to edit the + /etc/postgresql/8.X/main/pg_hba.conf file, adding a line + like this (replace "user" for your openacs user): + . + # TYPE DATABASE USER CIDR-ADDRESS METHOD + local openacs user md5. + Index: installers/debian/openacs/patches/config.dpatch =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/patches/config.dpatch,v diff -u -r1.4 -r1.5 --- installers/debian/openacs/patches/config.dpatch 6 Aug 2008 06:08:24 -0000 1.4 +++ installers/debian/openacs/patches/config.dpatch 18 Sep 2008 17:42:25 -0000 1.5 @@ -6,8 +6,8 @@ @DPATCH@ diff -urNad openacs-5.4.2~/etc/config.tcl openacs-5.4.2/etc/config.tcl ---- openacs-5.4.2~/etc/config.tcl 2008-06-27 19:26:12.000000000 +0200 -+++ openacs-5.4.2/etc/config.tcl 2008-08-04 12:56:29.000000000 +0200 +--- openacs-5.4.2~/etc/config.tcl 2008-08-07 09:39:40.000000000 +0200 ++++ openacs-5.4.2/etc/config.tcl 2008-09-04 14:39:07.000000000 +0200 @@ -24,10 +24,11 @@ # started by root, and, in AOLserver 4, the run script have a # '-b address' flag which matches the address according to settings (above) @@ -53,6 +53,33 @@ # # MIME types. +@@ -569,7 +569,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/db/pool/pool2 +@@ -588,7 +588,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/db/pool/pool3 +@@ -607,7 +607,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/server/${server}/db @@ -659,9 +659,7 @@ } @@ -72,8 +99,8 @@ \ No newline at end of file +} diff -urNad openacs-5.4.2~/etc/daemontools/run openacs-5.4.2/etc/daemontools/run ---- openacs-5.4.2~/etc/daemontools/run 2008-06-27 19:26:12.000000000 +0200 -+++ openacs-5.4.2/etc/daemontools/run 2008-08-04 12:52:34.000000000 +0200 +--- openacs-5.4.2~/etc/daemontools/run 2008-08-07 09:39:40.000000000 +0200 ++++ openacs-5.4.2/etc/daemontools/run 2008-09-04 14:37:35.000000000 +0200 @@ -9,7 +9,7 @@ # see http://openacs.org/forums/message-view?message_id=176100 sleep 4 Index: installers/debian/openacs/po/templates.pot =================================================================== RCS file: /usr/local/cvsroot/installers/debian/openacs/po/templates.pot,v diff -u -r1.1 -r1.2 --- installers/debian/openacs/po/templates.pot 4 Apr 2008 14:10:31 -0000 1.1 +++ installers/debian/openacs/po/templates.pot 18 Sep 2008 17:42:25 -0000 1.2 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: openacs @packages.debian.org\n" -"POT-Creation-Date: 2008-04-04 16:07+0200\n" +"POT-Creation-Date: 2008-09-17 20:48+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -177,3 +177,52 @@ "After configure, you can change IP and port to listen on /etc/openacs/config." "tcl." msgstr "" + +#. Type: boolean +#. Description +#: ../templates:12001 +msgid "Do you want debconf to grant openacs user access on postgresql?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:12001 +msgid "" +"Debconf can modify the postgresql configuration to allow access to the " +"openacs user by modifying the pg_hba.conf file." +msgstr "" + +#. Type: note +#. Description +#. Type: note +#. Description +#: ../templates:13001 ../templates:14001 +msgid "Grant openacs user access on postgresql" +msgstr "" + +#. Type: note +#. Description +#. Type: note +#. Description +#: ../templates:13001 ../templates:14001 +msgid "" +"To grant access manually, you have to edit the /etc/postgresql/8.X/main/" +"pg_hba.conf file, adding a line like this (replace \"user\" for your openacs " +"user):" +msgstr "" + +#. Type: note +#. Description +#: ../templates:13001 +msgid "" +" # TYPE DATABASE USER CIDR-ADDRESS METHOD\n" +" local openacs user trust." +msgstr "" + +#. Type: note +#. Description +#: ../templates:14001 +msgid "" +" # TYPE DATABASE USER CIDR-ADDRESS METHOD\n" +" local openacs user md5." +msgstr ""