Index: installers/debian/dotlrn/config =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/config,v diff -u -r1.2 -r1.3 --- installers/debian/dotlrn/config 1 Apr 2008 10:35:41 -0000 1.2 +++ installers/debian/dotlrn/config 18 Sep 2008 18:29:35 -0000 1.3 @@ -7,7 +7,7 @@ db_capb backup STATE=1 -while [ "$STATE" != 0 -a "$STATE" != 12 ] +while [ "$STATE" != 0 -a "$STATE" != 13 ] do case "$STATE" in 1) @@ -17,6 +17,7 @@ if [ ! -z "$RET" ]; then STATE=2 fi + pg_host="$RET" else STATE=1 fi @@ -73,6 +74,7 @@ if [ ! -z "$RET" ]; then STATE=7 fi + pg_user="$RET" else STATE=2 fi @@ -97,7 +99,18 @@ if [ "$RET" != "$CONFIRM" ]; then STATE=9 else - STATE=10 + # Check if host is localhost, user is not www-data and password is not null, + # to change the postgresql access permissions properly. + if { [ "$pg_host" = "localhost" ] && [ "$pg_user" != "www-data" ]; } then + STATE=10 + if [ "A$RET" != "A" ]; then + pg_pass_blank="false" + else + pg_pass_blank="true" + fi + else + STATE=11 + fi fi else STATE=6 @@ -110,7 +123,21 @@ STATE=6 ;; - 10) + + 10) db_input critical dotlrn/pg_grant_access || true + db_go + db_get dotlrn/pg_grant_access || true + if [ "$RET" = false ]; then + if [ "$pg_pass_blank" = "true" ]; then + db_input critical dotlrn/pg_grant_access_manual_blank_pass || true + else + db_input critical dotlrn/pg_grant_access_manual || true + fi + fi + STATE=11 + ;; + + 11) # Check if tsearch tables exists dbname=template1 db_get dotlrn/db_host @@ -137,13 +164,13 @@ err=1 echo $error fi - STATE=11 + STATE=12 ;; - 11) + 12) db_input critical dotlrn/create_tables || true db_go - STATE=12 + STATE=13 ;; esac done Index: installers/debian/dotlrn/control =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/control,v diff -u -r1.9 -r1.10 --- installers/debian/dotlrn/control 6 Aug 2008 06:08:54 -0000 1.9 +++ installers/debian/dotlrn/control 18 Sep 2008 18:29:35 -0000 1.10 @@ -9,7 +9,7 @@ Package: dotlrn Architecture: all Depends: ${misc:Depends}, aolserver4, aolserver4-nscache, aolserver4-nspostgres, aolserver4-nssha1, postgresql-client, adduser, tclthread (>= 1:2.6.5-3), tcllib, tcl8.4, wwwconfig-common, debconf, xotcl, aolserver4-xotcl, imagemagick, zip, unzip, tdom (>= 0.8.3~20080525) -Recommends: postgresql, daemontools-installer +Recommends: postgresql, daemontools, daemontools-run Description: E-learning and digital communities software based on OpenACS dotLRN is a complete open source LMS with a sophisticated portal system that integrates tools for course and content administration and Index: installers/debian/dotlrn/dotlrn.lintian-overrides =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/dotlrn.lintian-overrides,v diff -u -r1.1 -r1.2 --- installers/debian/dotlrn/dotlrn.lintian-overrides 3 Apr 2008 12:58:23 -0000 1.1 +++ installers/debian/dotlrn/dotlrn.lintian-overrides 18 Sep 2008 18:29:35 -0000 1.2 @@ -20,3 +20,5 @@ dotlrn: script-not-executable ./usr/share/dotlrn/packages/acs-core-docs/www/files/svgroup.txt dotlrn: script-not-executable ./usr/share/dotlrn/packages/acs-developer-support/www/doc/editlocal.sh.txt dotlrn: script-not-executable ./usr/share/dotlrn/packages/acs-core-docs/www/files/deploy +# config.tcl stores passwords and needs secure permissions +dotlrn: non-standard-file-perm etc/dotlrn/config.tcl 0640 != 0644 Index: installers/debian/dotlrn/postinst =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/postinst,v diff -u -r1.7 -r1.8 --- installers/debian/dotlrn/postinst 6 Aug 2008 06:08:54 -0000 1.7 +++ installers/debian/dotlrn/postinst 18 Sep 2008 18:29:35 -0000 1.8 @@ -39,6 +39,13 @@ db_get dotlrn/dbu_password dbu_password="$RET" + + db_get dotlrn/pg_grant_access + if [ ! -z "$RET" ]; then + grant_access="$RET" + else + grant_access="false" + fi } db_not_installed() { @@ -85,7 +92,7 @@ dbadmin=$dba_name dbadmpass=$dba_password dbuser=$dbu_name - dbpass=$dbu_password + dbpass=$dbu_password . /usr/share/wwwconfig-common/pgsql-createuser.sh if [ "$status" = "error" ] @@ -100,8 +107,44 @@ echo $error fi + # Modify the pg_hba.conf to grant dotlrn user access to postgresql + # 1- Do we want to do that? + if [ "$grant_access" = true ]; then + + # 2- Where is the pg_hba.conf from this database instance? + dbuser=$dba_name + dbpass=$dba_password + . /usr/share/wwwconfig-common/pgsql.get + pg_hba_file=$($pgsqlcmd -c "SELECT * from pg_settings where name='hba_file';" 2>/dev/null | grep hba | cut -d\| -f2) + pg_version=$(echo "$pg_hba_file" | cut -d\/ -f4) + if [ "$status" = "error" ] + then + err=1 + echo $error + else + # 3- Modify the file + # Select connection method + if [ "A$dbu_password" != "A" ]; then + # No Blank Password + pg_conn_method="md5" + else + # Blank Password + pg_conn_method="trust" + fi + # Delete all lines between ## dotLRN ... ## and ########### from previous configurations. + # Insert connection line after the first local connection line (the postgres user connection line). + sed -i "/^## dotLRN package debconf changes (DO NOT EDIT BYHAND) ##/,/^#########################################################/d;1,/^local/{ + /^local/a ## dotLRN package debconf changes (DO NOT EDIT BYHAND) ##\nlocal dotlrn $dbu_name $pg_conn_method\n######################################################### +} " $pg_hba_file + + # 4-Reload postgresql conf + /etc/init.d/postgresql-"$pg_version" reload + fi + fi + # Modify config.tcl with debconf values - + dbuser=$dbu_name + dbpass=$dbu_password sed -i "/^ set db_host/,/^ set db_user/d;s/## Debconf changes (DO NOT EDIT BYHAND) ##/&\n set db_host $dbserver\n set db_password \"$dbpass\"\n set db_port \"5432\"\n set db_user $dbuser/" /etc/dotlrn/config.tcl # Install plpgsql on database and enable compatibility options Index: installers/debian/dotlrn/rules =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/rules,v diff -u -r1.5 -r1.6 --- installers/debian/dotlrn/rules 26 Jun 2008 11:22:09 -0000 1.5 +++ installers/debian/dotlrn/rules 18 Sep 2008 18:29:35 -0000 1.6 @@ -69,7 +69,7 @@ dh_link dh_compress dh_fixperms - + chmod o-rwx debian/dotlrn/etc/dotlrn/config.tcl # config.tcl stores passwords!! dh_installdeb dh_gencontrol dh_md5sums Index: installers/debian/dotlrn/templates =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/templates,v diff -u -r1.6 -r1.7 --- installers/debian/dotlrn/templates 4 Apr 2008 11:52:55 -0000 1.6 +++ installers/debian/dotlrn/templates 18 Sep 2008 18:29:35 -0000 1.7 @@ -69,3 +69,29 @@ . After configure, you can change IP and port to listen on /etc/dotlrn/config.tcl. + +Template: dotlrn/pg_grant_access +Type: boolean +_Description: Do you want debconf to grant dotLRN user access on postgresql? + Debconf can modify the postgresql configuration to allow access + to the dotLRN user by modifying the pg_hba.conf file. + +Template: dotlrn/pg_grant_access_manual_blank_pass +Type: note +_Description: Grant dotLRN user access on postgresql + To grant access manually, you have to edit the + /etc/postgresql/8.X/main/pg_hba.conf file, adding a line + like this (replace "user" for your doLRN user): + . + # TYPE DATABASE USER CIDR-ADDRESS METHOD + local dotlrn user trust. + +Template: dotlrn/pg_grant_access_manual +Type: note +_Description: Grant dotLRN user access on postgresql + To grant access manually, you have to edit the + /etc/postgresql/8.X/main/pg_hba.conf file, adding a line + like this (replace "user" for your dotlrn user): + . + # TYPE DATABASE USER CIDR-ADDRESS METHOD + local dotlrn user md5. Index: installers/debian/dotlrn/patches/config.dpatch =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/patches/config.dpatch,v diff -u -r1.6 -r1.7 --- installers/debian/dotlrn/patches/config.dpatch 6 Aug 2008 06:08:54 -0000 1.6 +++ installers/debian/dotlrn/patches/config.dpatch 18 Sep 2008 18:29:35 -0000 1.7 @@ -6,8 +6,8 @@ @DPATCH@ diff -urNad dotlrn-2.4.0~/etc/config.tcl dotlrn-2.4.0/etc/config.tcl ---- dotlrn-2.4.0~/etc/config.tcl 2008-02-01 04:24:30.000000000 +0100 -+++ dotlrn-2.4.0/etc/config.tcl 2008-08-04 11:32:24.000000000 +0200 +--- dotlrn-2.4.0~/etc/config.tcl 2008-09-04 14:43:05.000000000 +0200 ++++ dotlrn-2.4.0/etc/config.tcl 2008-09-18 19:43:37.000000000 +0200 @@ -24,10 +24,11 @@ # started by root, and, in AOLserver 4, the run script have a # '-b address' flag which matches the address according to settings (above) @@ -52,6 +52,33 @@ # # MIME types. +@@ -569,7 +570,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/db/pool/pool2 +@@ -588,7 +589,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/db/pool/pool3 +@@ -607,7 +608,7 @@ + ns_param driver postgres + ns_param datasource ${db_host}:${db_port}:${db_name} + ns_param user $db_user +- ns_param password "" ++ ns_param password $db_password + } + + ns_section ns/server/${server}/db @@ -659,9 +660,7 @@ } @@ -71,8 +98,8 @@ \ No newline at end of file +} diff -urNad dotlrn-2.4.0~/etc/daemontools/run dotlrn-2.4.0/etc/daemontools/run ---- dotlrn-2.4.0~/etc/daemontools/run 2008-01-14 10:35:56.000000000 +0100 -+++ dotlrn-2.4.0/etc/daemontools/run 2008-08-04 11:32:52.000000000 +0200 +--- dotlrn-2.4.0~/etc/daemontools/run 2008-09-04 14:43:05.000000000 +0200 ++++ dotlrn-2.4.0/etc/daemontools/run 2008-09-18 19:43:37.000000000 +0200 @@ -9,7 +9,7 @@ # see http://openacs.org/forums/message-view?message_id=176100 sleep 4 Index: installers/debian/dotlrn/po/templates.pot =================================================================== RCS file: /usr/local/cvsroot/installers/debian/dotlrn/po/templates.pot,v diff -u -r1.2 -r1.3 --- installers/debian/dotlrn/po/templates.pot 4 Apr 2008 11:52:55 -0000 1.2 +++ installers/debian/dotlrn/po/templates.pot 18 Sep 2008 18:29:35 -0000 1.3 @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "Report-Msgid-Bugs-To: dotlrn @packages.debian.org\n" -"POT-Creation-Date: 2008-04-04 12:35+0200\n" +"POT-Creation-Date: 2008-09-18 19:46+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" @@ -177,3 +177,59 @@ "After configure, you can change IP and port to listen on /etc/dotlrn/config." "tcl." msgstr "" + +#. Type: boolean +#. Description +#: ../templates:12001 +msgid "Do you want debconf to grant dotLRN user access on postgresql?" +msgstr "" + +#. Type: boolean +#. Description +#: ../templates:12001 +msgid "" +"Debconf can modify the postgresql configuration to allow access to the " +"dotLRN user by modifying the pg_hba.conf file." +msgstr "" + +#. Type: note +#. Description +#. Type: note +#. Description +#: ../templates:13001 ../templates:14001 +msgid "Grant dotLRN user access on postgresql" +msgstr "" + +#. Type: note +#. Description +#: ../templates:13001 +msgid "" +"To grant access manually, you have to edit the /etc/postgresql/8.X/main/" +"pg_hba.conf file, adding a line like this (replace \"user\" for your doLRN " +"user):" +msgstr "" + +#. Type: note +#. Description +#: ../templates:13001 +msgid "" +" # TYPE DATABASE USER CIDR-ADDRESS METHOD\n" +" local dotlrn user trust." +msgstr "" + +#. Type: note +#. Description +#: ../templates:14001 +msgid "" +"To grant access manually, you have to edit the /etc/postgresql/8.X/main/" +"pg_hba.conf file, adding a line like this (replace \"user\" for your dotlrn " +"user):" +msgstr "" + +#. Type: note +#. Description +#: ../templates:14001 +msgid "" +" # TYPE DATABASE USER CIDR-ADDRESS METHOD\n" +" local dotlrn user md5." +msgstr ""