Changeset 1693


Ignore:
Timestamp:
Oct 23, 2010, 8:07:08 AM (13 years ago)
Author:
ezyang
Message:
Merge Fedora 13 development back to trunk.
Location:
trunk
Files:
10 deleted
47 edited
7 copied

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/locker/bin

  • trunk/locker/bin/scripts-remove

  • trunk/locker/bin/signup-minimal

  • trunk/locker/bin/signup-sql

  • trunk/locker/deploy/bin

  • trunk/locker/deploy/bin/onathena

    • Property svn:mergeinfo deleted
  • trunk/locker/deploy/bin/rails

    • Property svn:mergeinfo deleted
  • trunk/locker/deploy/bin/trac

    • Property svn:mergeinfo deleted
  • trunk/locker/deploy/bin/turbogears

    • Property svn:mergeinfo deleted
  • trunk/locker/sql/bin/save-password

  • trunk/server/common/oursrc/accountadm

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/accountadm/Makefile.in

    r1376 r1693  
    1111
    1212admof: admof.c
    13         $(CC) $(CPPFLAGS) $(CFLAGS) $< -L/usr/lib/afs -L/usr/lib64/afs -lprot -lauth -lrxkad -lubik -laudit -lsys -lrx -llwp -lsys -lafsutil -lcom_err -lresolv -lkrb5 -ldes -lkrb4 -o $@
     13        $(CC) $(CPPFLAGS) $(CFLAGS) $< -L/usr/lib/afs -L/usr/lib64/afs -lprot -lauth -lrxkad -lubik -laudit -lsys -lrx -llwp -lsys -lafsutil -lcom_err -lresolv -lkrb5 -ldes -o $@
    1414
    1515install:
  • trunk/server/common/oursrc/accountadm/admof.c

    r1601 r1693  
    3030#include <afs/afsutil.h>
    3131#include <krb5.h>
    32 #include <kerberosIV/krb.h>
    3332#include <stdbool.h>
    3433#include <syslog.h>
     34
     35#define ANAME_SZ 40
     36#define REALM_SZ 40
     37#define INST_SZ 40
     38#define MAX_K_NAME_SZ (ANAME_SZ + INST_SZ + REALM_SZ + 2)
    3539
    3640extern int pioctl(char *, afs_int32, struct ViceIoctl *, afs_int32);
     
    117121    if (krb5_524_conv_principal(context, principal, pname, pinst, prealm) != 0)
    118122        die("internal error: krb5_524_conv_principal failed\n");
    119     if (kname_unparse(user, pname, pinst,
    120                       strcmp(prealm, realm_list[0]) == 0 ? NULL : prealm) != 0)
    121         die("internal error: kname_unparse failed\n");
     123
     124    krb5_data realm = *krb5_princ_realm(context, principal);
     125    if (realm.length > REALM_SZ - 1)
     126        realm.length = REALM_SZ - 1;
     127    if (strlen(realm_list[0]) == realm.length &&
     128        memcmp(realm.data, realm_list[0], realm.length) == 0)
     129        snprintf(user, MAX_K_NAME_SZ, "%s%s%s",
     130                 pname, pinst[0] ? "." : "", pinst);
     131    else
     132        snprintf(user, MAX_K_NAME_SZ, "%s%s%s@%.*s",
     133                 pname, pinst[0] ? "." : "", pinst, realm.length, realm.data);
    122134
    123135    krb5_free_principal(context, principal);
  • trunk/server/common/oursrc/athrun

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/execsys

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/execsys/execsys-binfmt

  • trunk/server/common/oursrc/httpdmods

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/logview

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/php_scripts/php_scripts-config.m4

  • trunk/server/common/oursrc/tokensys

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/oursrc/whoisd

    • Property svn:ignore set to
      configure
      autom4te.cache
  • trunk/server/common/patches/krb5-kuserok-scripts.patch

    r1069 r1693  
    3636     FILE *fp;
    3737     char kuser[MAX_USERNAME];
    38 @@ -79,70 +79,35 @@
     38@@ -79,71 +79,35 @@
    3939     char linebuf[BUFSIZ];
    4040     char *newline;
     
    7272-       return(FALSE);
    7373-    }
     74-    set_cloexec_file(fp);
    7475-    /*
    7576-     * For security reasons, the .k5login file must be owned either by
  • trunk/server/common/patches/openafs-scripts.patch

    r1509 r1693  
    134134--- openafs-1.4/src/afs/afs_osi_pag.c
    135135+++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
    136 @@ -51,6 +51,8 @@
     136@@ -49,6 +49,8 @@
    137137 #endif
    138138 /* Local variables */
     
    143143  * Pags are implemented as follows: the set of groups whose long
    144144  * representation is '41XXXXXX' hex are used to represent the pags.
    145 @@ -458,6 +460,15 @@
     145@@ -449,6 +451,15 @@
    146146        av->uid = acred->cr_ruid;       /* default when no pag is set */
    147147 #endif
     
    156156+    }
    157157+
    158      av->initd = 0;
    159158     return 0;
    160159 }
     160 
    161161diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    162162--- openafs-1.4/src/afs/afs_pioctl.c
  • trunk/server/doc/install-fedora

    r1612 r1693  
    22----------------------------------------
    33
    4 1. Create the LVS partitions that the Scripts guest will use.
     4We use Kickstart to to initial Fedora configuration.  Installing a new
     5vanilla machine is as easy as:
    56
    6 Our classic setup is 50GB for the main, root partition (/) and
    7 10GB for our swap.  You can consult what things look like
    8 by using `lvdisplay`.  Our naming convention is server-name-root
    9 and server-name-swap.
     7    xm create scripts-server machine_name=$MACHINE install=fXX && console $MACHINE
    108
    11 Creating new LVS partitions is done with `lvcreate`:
     9The only prompt (near the beginning of the install process) should be
     10for the root password, and at the end, when it asks you to reboot.
     11Say yes, and the machine will power down, and then restart without
     12the install parameter:
    1213
    13     # Example values:
    14     # SERVERNAME=whole-enchilada
    15     # HOSTNAME=jay-leno
    16     lvcreate -n $SERVERNAME-root $HOSTNAME --size 50.00G
    17     lvcreate -n $SERVERNAME-swap $HOSTNAME --size 10.00G
    18 
    19 2. Acquire the network installation media for Fedora.
    20 
    21 Normally, you would download an ISO and kick off an installation
    22 by burning it to a CD and booting off of that.  Since we would like
    23 to make as minimal a Fedora install as possible, we use a different
    24 method. [XXX: Why do we actually do it this way?  It seems kind
    25 of convoluted]
    26 
    27 First, we need to create an appropriate installation directory,
    28 which contains the necessary kernel images and bootstrapping code.
    29 Navigate to a Fedora mirrors website, and find the correct release
    30 from the linux/releases directory, then grab the contents of
    31 Fedora/x86_64/os/isolinux.  For example, getting the Fedora 13 installer
    32 from mirrors.mit.edu would be:
    33 
    34     mkdir ~/f13-install
    35     cd ~/f13-install
    36     wget -r -nd ftp://mirrors.mit.edu/fedora/linux/releases/13/Fedora/x86_64/os/isolinux/
    37 
    38 You can then spin up a Xen image for installation with:
    39 
    40     xm create scripts-server machine_name=$HOSTNAME install=f13
    41 
    42 Note that the -install suffix was dropped.  Get a console with `xm
    43 console`.
    44 
    45 3. Tell Fedora where to get the real installer.
    46 
    47 You will now be in a curses installer interface.  Since you are doing
    48 a network install, you will need to configure your network and specify
    49 the URL to install.  Find the static hostname that you are planning
    50 to install to and get its information with:
    51 
    52     stella $HOSTNAME
    53 
    54 Manually configure its IP, disabling IPv6 for now [XXX I don't know how
    55 to configure that].  The network mask is 16, and you can check
    56 '/etc/resolv.conf' if you don't remember what MIT's DNS servers are.
    57 
    58 It will then ask you for an installation image.  Continuing with our
    59 F13 mirrors.mit.edu, the URL will look something like:
    60 
    61     ftp://mirrors.mit.edu/fedora/linux/releases/13/Fedora/x86_64/os
    62 
    63 4. Use VNC
    64 
    65 At this point, Fedora will ask you whether or not you want to use VNC
    66 to continue the installation.  Because Scripts has an unusual disk
    67 image setup, you will want to answer yes. [XXX: Unfortunately, this puts
    68 the VNC session on MITnet, so make sure you use a good password, and
    69 we should figure out to make it not do that].  Grab your favorite
    70 VNC client and login to $HOSTNAME:1
    71 
    72 5. Installation in VNC
    73 
    74 5.1. Disks to use
    75 
    76 We don't have any exotic devices (we did that at the host level,
    77 recall), so you can use normal configuration.  The scripts-server Xen
    78 configuration will have automatically selected the LVS partitions you
    79 created in Step 1, and you want both of them.
    80 
    81 5.2. Host
    82 
    83 The default hostname is all caps: we use lower-case, so lower-case the
    84 name before proceeding.
    85 
    86 5.3. Timezone
    87 
    88 Self explanatory
    89 
    90 5.4. Root password
    91 
    92 Use Scripts root password for a real install, and fake password
    93 otherwise. [XXX: Insecure over VNC? Argh!]
    94 
    95 5.5 Formatting the disks
    96 
    97 You can find out what our existing setup looks like by consulting
    98 '/etc/fstab'.
    99 
    100 Select Custom, and select both disks for formatting.  Setup the larger
    101 disk as the boot partition.  Configure the partitions as follows:
    102 
    103     50GB
    104         Standard Partition
    105         Mount Point: /
    106         File System Type: ext3 (the default as of F13 is ext4, which
    107             cannot be mounted by the hosts and thus should not be used!)
    108         Additional Size Options: Fill to maximum allowable size (the
    109             Size parameter will not do anything in that case)
    110         Force to be primary partition
    111     10GB
    112         Standard Partition
    113         File System Type: swap
    114         Additional Size Options: Fill to maximum allowable size
    115 
    116 5.6 Bootloader
    117 
    118 Defaults are fine.
    119 
    120 5.7 Installation
    121 
    122 Do a minimal install (we will proceed to install the packages we care
    123 about), and add the normal F13 repository (testing and updates will be
    124 added when we bring in our /etc configuration).  Similarly, we will
    125 install the software we want later, so there is no need to do that now.
    126 
    127 5.8 Reboot
    128 
    129 When the install finishes, it will ask you to reboot.  This is fine, but
    130 since we created the VM image with install, upon reboot it will ask us
    131 to install again.  Let it reboot, then destroy the virtual machine.
    132 
    133     xm destroy $SERVERNAME
    134 
    135 6. New World Order
    136 
    137 Start up the VM without the install flag:
    138 
    139     xm create scripts-server machine_name=$SERVERNAME
    140 
    141 Use xm console to get a terminal, and proceed with the official install
    142 instructions.
    143 
    144     xm console $SERVERNAME
     14    xm create scripts-server machine_name=$MACHINE && console $MACHINE
  • trunk/server/doc/install-howto.sh

    r1687 r1693  
    11# This document is a how-to for installing a Fedora scripts.mit.edu server.
     2# It is semi-vaguely in the form of a shell script, but is not really
     3# runnable as it stands.
    24
    35set -e -x
    46
    5 [ -e /scripts-boot-count ] || echo 0 > /scripts-boot-count
    6 
    7 source_server="old-faithful.mit.edu"
    8 
    9 boot=${1:$(cat /scripts-boot-count)}
    10 
    11 # XXX: let 'branch' be the current svn branch you are on
    12 
    13 doreboot() {
    14     echo $(( $boot + 1 )) > /scripts-boot-count;
    15     shutdown -r now "Rebooting for step $(cat /scripts-boot-count)"
    16 }
    17 
    18 YUM() {
    19     NSS_NONLOCAL_IGNORE=1 yum "$@"
    20 }
    21 
    22 # Helper files for the install are located in server/fedora/config.
    23 
    24 # Start with a normal install of Fedora.
    25 
    26 if [ $boot = 0 ]; then
    27 # When the initial configuration screen comes up, under "Firewall
    28 # configuration", disable the firewall, and under "System services", leave
    29 # enabled (as of Fedora 9) acpid, anacron, atd, cpuspeed, crond,
    30 # firstboot, fuse, haldaemon, ip6tables, iptables, irqbalance,
    31 # kerneloops, mdmonitor, messagebus, microcode_ctl, netfs, network, nscd, ntpd,
    32 # sshd, udev-post, and nothing else.
    33     echo "--disabled" > /etc/sysconfig/system-config-firewall
    34     for i in NetworkManager avahi-daemon bluetooth cups isdn nfslock nfs pcscd restorecond rpcbind rpcgssd rpcidmapd sendmail; do
    35         chkconfig "$i" off
    36     done
    37 
    38 # Turn on network, so we can connect at boot
    39 chkconfig network on
    40 
    41 # Edit /etc/selinux/config so it has SELINUX=disabled and reboot.
    42     sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
    43     doreboot
    44 fi
    45 
    46 if [ $boot = 1 ]; then
    47 # Create a scripts-build user account, and set up rpm to build in
    48 # $HOME by doing a
    49 # cp config/home/scripts-build/.rpmmacros /home/scripts-build/
    50 # (If you just use the default setup, it will generate packages
    51 # in /usr/src/redhat.)
    52     adduser scripts-build
     7# Some commands should be run as the scripts-build user, not root.
     8
     9alias asbuild="sudo -u scripts-build"
     10
     11# Old versions of this install document advised setting
     12# NSS_NONLOCAL_IGNORE=1 anytime you're setting up anything, e.g. using
     13# yum, warning that useradd will query LDAP in a stupid way that makes
     14# it hang forever.  As of Fedora 13, this does not seem to be a problem,
     15# so it's been removed from the instructions.  If an install is hanging,
     16# though, try adding NSS_NONLOCAL_IGNORE.
     17
     18# This is actually just "pick an active scripts server".  It can't be
     19# scripts.mit.edu because our networking config points that domain
     20# at localhost, and if our server is not setup at that point things
     21# will break.
     22source_server="cats-whiskers.mit.edu"
     23
     24# 'branch' is the current svn branch you are on.  You want to
     25# use trunk if your just installing a new server, and branches/fcXX-dev
     26# if your preparing a server on a new Fedora release.
     27branch="trunk"
     28
     29# 'server' is the public hostname of your server, for SCP'ing files
     30# to and from.
     31server=YOUR-SERVER-NAME-HERE
     32
     33# Start with a Scripts kickstarted install of Fedora (install-fedora)
     34
     35# Take updates, reboot if there's a kernel update.
     36
     37    yum update
     38
     39# Get rid of network manager
     40    yum remove NetworkManager
    5341
    5442# Check out the scripts.mit.edu svn repository. Configure svn not to cache
    5543# credentials.
    5644
    57     YUM install -y subversion
    58 
    59     cd /srv
    60     svn co svn://$source_server/$branch repository
    61 
    62     sed -i 's/^(# *)*store-passwords.*/store-passwords = no/' /root/.subversion/config
    63     sed -i 's/^(# *)*store-auth-creds.*/store-auth-creds = no/' /root/.subversion/config
    64 # The same tweaks should be made on /home/scripts-build/.subversion/config
    65 # once it exists (do something with svn as scripts-build)
    66 
    67     chown -R scripts-build /srv/repository
    68 
    69 # cd to server/fedora in the svn repository.
    70     cd /srv/repository/server/fedora
    71 
    72 # Run "make install-deps" to install various prereqs.  Nonstandard
    73 # deps are in /mit/scripts/rpm.
    74     YUM install -y make
    75     make install-deps
    76 
    77 # Install bind
    78     YUM install -y bind
     45# Copy over root's dotfiles from one of the other machines.
     46# Perhaps a useful change is to remove the default aliases
     47    cd /root
     48    ls -l .bashrc
     49    ls -l .ldapvirc
     50    ls -l .screenrc
     51    ls -l .ssh
     52    ls -l .vimrc
     53    ls -l .k5login
     54    # Trying to scp from server to server won't work, as scp
     55    # will attempt to negotiate a server-to-server connection.
     56    # Instead, scp to your trusted machine as a temporary file,
     57    # and then push to the other server
     58scp -r root@$source_server:~/{.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} .
     59scp -r {.bashrc,.ldapvirc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~
     60
     61# Install the initial set of credentials (to get Kerberized logins once
     62# krb5 is installed).  Otherwise, SCP'ing things in will be annoying.
     63#   o You probably installed the machine keytab long ago
     64    ls -l /etc/krb5.keytab
     65#     Use ktutil to combine the host/scripts.mit.edu and
     66#     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
     67#     the keytab.  Do not use 'k5srvutil change' on the combined keytab
     68#     or you'll break the other servers. (real servers only).  Be
     69#     careful about writing out the keytab: if you write it to an
     70#     existing file the keys will just get appended.  The correct
     71#     credential list should look like:
     72#       ktutil:  l
     73#       slot KVNO Principal
     74#       ---- ---- ---------------------------------------------------------------------
     75#          1    5 host/old-faithful.mit.edu@ATHENA.MIT.EDU
     76#          2    3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU
     77#          3    2      host/scripts.mit.edu@ATHENA.MIT.EDU
     78#   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
     79    ls -l /etc/ssh/*key*
     80#     You can do that with:
     81scp root@$source_server:/etc/ssh/*key* .
     82scp *key* root@$server:/etc/ssh/
     83    service sshd reload
    7984
    8085# Check out the scripts /etc configuration
     86    # backslash to make us not use the alias
    8187    cd /root
    82     svn co svn://scripts.mit.edu/$branch/server/fedora/config/etc etc
    83     # backslash to make us not use the alias
    8488    \cp -a etc /
     89    chmod 0440 /etc/sudoers
    8590
    8691# NOTE: You will have just lost DNS resolution and the ability
     
    9095# you have named.
    9196
    92     service named start
    93     chkconfig named on
    94 
    95 # In the case of the Kerberos libraries, you'll be told that
    96 # there are conflicting files with the 64-bit versions of the packages,
    97 # which we scriptsify.  You'll have to use --force to install those
    98 # rpms despite the conflicts.  After doing that, you may want to
    99 # install the corresponding 64-bit scriptsified versions again, just
    100 # to be safe in case the 32-bit versions overwrite files that differ.
    101 # When you try this, it will complain that you already have the same
    102 # version installed; again, you'll need to use --force to do it anyway.
    103 
    104 # We need yumdownloader to force some RPMs
    105     # XXX: This might be wrong. Sanity check what packages ou
    106     # have when done
    107     YUM install -y yum-utils
    108     yumdownloader krb5-libs
    109     # XXX: These version numbers are hardcoded, need some cli-fu to generalize
    110     rpm -i krb5-libs-*.i586.rpm
    111     rpm -U --force krb5-libs-*.scripts.1138.x86_64.rpm
    112 
    113 # env NSS_NONLOCAL_IGNORE=1 yum install scripts-base
    114     YUM install -y scripts-base
    115 
    116 # Remember to set NSS_NONLOCAL_IGNORE=1 anytime you're setting up
    117 # anything, e.g. using yum. Otherwise useradd will query LDAP in a stupid way
    118 # that makes it hang forever. (This is why we're using YUM, not yum)
    119 
    120 # Reload the iptables config to take down the restrictive firewall
    121     service iptables restart
    122 
    123 # Copy over root's dotfiles from one of the other machines.
    124 # Perhaps a useful change is to remove the default aliases
    125     # On 2009-07-01, the dotfiles to transfer where:
    126     #   .bashrc .ldapvirc (<- HAS PRIVILEDGED DATA)
    127     #   .screenrc .ssh (<- directory) .vimrc
    128     # Trying to scp from server to server won't work, as scp
    129     # will attempt to negotiate a server-to-server connection.
    130     # Instead, scp to your trusted machine as a temporary file,
    131     # and then push to the other server
    132     # You'll need some way to authenticate to the server, and since
    133     # password logins are disabled, you'll need some way of
    134     # temporarily giving yourself credentials.  On a test server,
    135     # reenabling password authentication is ok: frob /etc/pam.d/sshd
    136     # and reverse apply r1068.
     97# NOTE: You can get password SSH back by editing /etc/ssh/sshd_config (allow
     98# password auth) and /etc/pam.d/sshd (comment out the first three auth
     99# lines).  However, you should have the Kerberos credentials in place
     100# so as soon as you install the full set of Scripts packages, you'll get
     101# Kerberized logins.
     102
     103# Make sure network is working.  If this is a new server name, you'll
     104# need to add it to /etc/hosts and
     105# /etc/sysconfig/network-scripts/route-eth1.  Kickstart should have
     106# configured eth0 and eth1 correctly; use service network restart
     107# to add the new routes in route-eth1.
     108    service network restart
     109    route
     110    ifconfig
     111    cat /etc/hosts
     112    cat /etc/sysconfig/network-scripts/route-eth1
     113
     114# This is the point at which you should start updating scriptsified
     115# packages for a new Fedora release.  Consult 'upgrade-tips' for more
     116# information.
     117    yum install -y scripts-base
     118    # Some of these packages are naughty and clobber some of our files
     119    cd /etc
     120    svn revert resolv.conf hosts sysconfig/openafs
    137121
    138122# Replace rsyslog with syslog-ng by doing:
    139123    rpm -e --nodeps rsyslog
    140     YUM install -y syslog-ng
     124    yum install -y syslog-ng
    141125    chkconfig syslog-ng on
    142126
    143 # Install various dependencies of the scripts system, including
    144 # glibc-devel.i586 (ezyang: already installed for me),
    145 # python-twisted-core (ditto), mod_fcgid, nrpe, nagios-plugins-all.
    146     YUM install -y mod_fcgid
    147     YUM install -y nrpe
    148     YUM install -y nagios-plugins-all
    149 
    150 # Disable NetworkManager with chkconfig NetworkManager off. Configure
    151 # networking on the front end and back end, and the routing table to send
    152 # traffic over the back end. Make sure that chkconfig reports "network" on, so
    153 # that the network will still be configured at next boot.
    154 # ezyang: For me, NetworkManager was not installed at this point, and
    155 # we had already done the basic config for networking front end and
    156 # back end (because I wanted ssh access, and not just conserver access)
    157 
    158 # Fix the openafs /usr/vice/etc <-> /etc/openafs mapping by changing
    159 #  /usr/vice/etc/cacheinfo to contain:
    160 #       /afs:/usr/vice/cache:10000000
    161 # Also fix ThisCell to contain athena.mit.edu in both directories
    162 # WARNING: if you're installing a test server, this needs to be much
    163 # smaller; the max filesize on XVM is 10GB.  Pick something like
    164 # 500000
     127# Fix the openafs /usr/vice/etc <-> /etc/openafs mapping.
    165128    echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
    166     # ezyang: ThisCell on b-k and c-w don't have anything special
    167     # written here
    168 # If you're making a test server, some of the AFS parameters are
    169 # kind of retarded (and if you're low on disk space, will actually
    170 # exhaust our inodes).
    171 # Edit the parameters in /etc/sysconfig/openafs
    172 
    173 # Figure out why Zephyr isn't working. Most recently, it was because there
    174 # was a 64-bit RPM installed; remove it and install Joe's 32-bit one
    175     YUM erase -y mit-zephyr
    176     # mit-zephyr has a spurious dependency on mit-krb-config
    177     yumdownloader mit-zephyr.i386
    178     # if deps change, this breaks
    179     YUM install -y libXaw.i586 libXext.i586 libXmu.i586 ncurses-libs.i586 readline.i586
    180     rpm -i --nodeps mit-zephyr-2.1-6-linux.i386.rpm
    181     # test if it worked by sending an un-authed message
    182     zwrite -d -c scripts -i test
    183 
    184 # Install the athena-base, athena-lprng, and athena-lprng-misc RPMs
    185 # from the Athena 9 build (these are present in our yum repo).  Note
    186 # that you will have to use --nodeps for at least one of the lprng
    187 # ones because it thinks it needs the Athena hesiod RPM.  It doesn't
    188 # really.  Before doing this, run it without --nodeps and arrange to
    189 # install the rest of the things it really does depend on.  This will
    190 # include a bunch of 32-bit rpms; go ahead and install the .i586 versions
    191 # of them.
    192     YUM install -y athena-base
    193     YUM install -y athena-lprng
    194     yumdownloader athena-lprng-misc
    195     # ezyang: I couldn't find any deps for this that existed in the repos
    196     # You might get a "find: `/usr/athena/info': No such file or directory"
    197     # error; this is fine
    198     rpm -i --nodeps athena-lprng-misc-9.4-0.i386.rpm
     129    echo "athena.mit.edu" > /usr/vice/etc/ThisCell
     130
     131# [TEST SERVER] If you're installing a test server, this needs to be
     132# much smaller; the max filesize on XVM is 10GB.  Pick something like
     133# 500000. Also, some of the AFS parameters are kind of retarded (and if
     134# you're low on disk space, will actually exhaust our inodes).  Edit
     135# these parameters in /etc/sysconfig/openafs
     136
     137# Test that zephyr is working
     138    chkconfig zhm on
     139    service zhm start
     140    echo 'Test!' | zwrite -d -c scripts -i test
    199141
    200142# Install the full list of RPMs that users expect to be on the
    201143# scripts.mit.edu servers.
    202 
    203 # on another server, run:
    204144rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > packages.txt
    205145# arrange for packages.txt to be passed to the server, then run:
    206     # notice that yum is not capitalized
    207     # Also notice skip-broken
    208     cat packages.txt | NSS_NONLOCAL_IGNORE=1 xargs yum install -y --skip-broken
     146# --skip-broken will (usually) prevent you from having to sit through
     147# several minutes of dependency resolution until it decides that
     148# it can't install /one/ package.
     149    yum install -y --skip-broken $(cat packages.txt)
    209150
    210151# Check which packages are installed on your new server that are not
     
    212153# on the new machine.  Otherwise, aside from bloat, you may end up
    213154# with undesirable things for security, like sendmail.
    214     rpm -qa --queryformat "%{Name}.%{Arch}\n" | sort > newpackages.txt
    215     diff -u packages.txt newpackages.txt  | less
    216     # if all went well, you'll probably see multiple kernel versions
    217     # as the only diff
    218     # ezyang: I got exim installed as another package
     155    rpm -qa --queryformat "%{Name}.%{Arch}\n" | grep -v kernel | sort > newpackages.txt
     156    diff -u packages.txt newpackages.txt | grep -v kernel | less
    219157    # here's a cute script that removes all extra packages
    220     diff -u packages.txt newpackages.txt  | grep '+' | cut -c2- | grep -v "@" | grep -v "++" | xargs yum erase -y
     158    yum erase -y $(grep -Fxvf packages.txt newpackages.txt)
     159
     160# We need an upstream version of cgi which we've packaged ourselves, but
     161# it doesn't work with the haskell-platform package which expects
     162# explicit versions.  So temporarily rpm -e the package, and then
     163# install it again after you install haskell-platform.  [Note: You
     164# probably won't need this in Fedora 15 or something, when the Haskell
     165# Platform gets updated.]
     166    rpm -e ghc-cgi-devel ghc-cgi
     167    yum install -y haskell-platform
     168    yumdownloader ghc-cgi
     169    yumdownloader ghc-cgi-devel
     170    rpm -i ghc-cgi*1.8.1*.rpm
    221171
    222172# Check out the scripts /usr/vice/etc configuration
    223     cd /root
    224     mkdir vice
    225     cd vice
    226     svn co svn://scripts.mit.edu/trunk/server/fedora/config/usr/vice/etc etc
     173    cd /root/vice
    227174    \cp -a etc /usr/vice
    228175
    229176# Install the full list of perl modules that users expect to be on the
    230177# scripts.mit.edu servers.
    231 # - export PERL_MM_USE_DEFAULT=1
    232 # - Run 'cpan', accept the default configuration, and do 'o conf
    233 #   prerequisites_policy follow'.
    234 # - Parse the output of perldoc -u perllocal | grep head2 on an existing
    235 #   server, and "notest install" them from the cpan prompt.
    236 # TO DO THIS:
    237 # On another server, run:
    238 # perldoc -u perllocal | grep head2 | cut -f 3 -d '<' | cut -f 1 -d '|' | sort -u | perl -ne 'chomp; print "notest install $_\n" if system("rpm -q --whatprovides \"perl($_)\" >/dev/null 2>/dev/null")' > /mit/scripts/config/perl-packages.txt
    239 # Then on the server you're installing,
    240 #    cat perl-packages.txt | perl -MCPAN -e shell
     178    cd /root
    241179    export PERL_MM_USE_DEFAULT=1
    242     # XXX: Some interactive gobbeldygook
    243     cpan
     180    cpan # this is interactive, enter the next two lines
    244181        o conf prerequisites_policy follow
    245182        o conf commit
     
    257194#           /usr/lib64/python2.6/site-packages for Python eggs and modules.
    258195#   There will be a lot of gunk that was installed from packages;
    259 #   easy-install.pth will tell you what was easy_installed.
     196#   easy-install.pth in /usr/lib/ will tell you what was easy_installed.
    260197#   First use 'yum search' to see if the relevant package is now available
    261198#   as an RPM, and install that if it is.  If not, then use easy_install.
     
    263200#   want to be able to write to ~/.python-eggs.  (Also makes sourcediving
    264201#   easier.)
     202    cat /usr/lib/python2.6/site-packages/easy-install.pth
    265203# - Look at `gem list` for Ruby gems.
    266204#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
    267205#       ezyang: rspec-rails depends on rspec, and will override the Yum
    268206#       package, so... don't use that RPM yet
     207gem list --no-version > gem.txt
     208    gem install $(gem list --no-version | grep -Fxvf - gem.txt)
    269209# - Look at `pear list` for Pear fruits (or whatever they're called).
    270210#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
    271211#   that for things in the beta repo, you'll need 'pear install package-beta'.
    272212#   (you might get complaints about the php_scripts module; ignore them)
     213pear list | tail -n +4 | cut -f 1 -d " " > pear.txt
     214    pear config-set preferred_state beta
     215    pear channel-update pear.php.net
     216    pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt)
    273217# - Look at `pecl list` for PECL things.  'yum search', and if you must,
    274218#   'pecl install' needed items. If it doesn't work, try 'pear install
    275219#   pecl/foo' or 'pecl install foo-beta' or those two combined.
    276     # Automating this... will require a lot of batonning between
    277     # the servers. Probably best way to do it is to write an actual
    278     # script.
     220pecl list | tail -n +4 | cut -f 1 -d " " > pecl.txt
     221    pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt)
    279222
    280223# Setup some Python config
    281224    echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
    282225
    283 # Install the credentials.  There are a lot of things to remember here:
    284 #   o This will be different if you're setting up our build/update server.
    285 #   o You probably installed the machine keytab long ago
    286     ls -l /etc/krb5.keytab
    287 #   o Use ktutil to combine the host/scripts.mit.edu and
    288 #     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
    289 #     the keytab.  Do not use 'k5srvutil change' on the combined keytab
    290 #     or you'll break the other servers. (real servers only)
    291 #   o The daemon.scripts keytab
     226# Install the credentials.  There are a lot of things to remember here.
     227# Be sure to make sure the permissions match up (ls -l on an existing
     228# server!).
     229scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,daemon.keytab,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} .
     230scp daemon.keytab signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc
     231scp scripts.key root@$server:/etc/pki/tls/private
     232scp .k5login root@$server:/home/logview
     233    chown afsagent:afsagent /etc/daemon.keytab
     234#   o The daemon.scripts keytab (will be daemon.scripts-test for test)
    292235    ls -l /etc/daemon.keytab
    293236#   o The SSL cert private key (real servers only)
     237    ls -l /etc/pki/tls/private/scripts.key
    294238#   o The LDAP password for the signup process (real servers only)
    295 #   o The SQL password for the signup process (real servers only)
     239    ls -l /etc/signup-ldap-pw
    296240#   o The whoisd password (real servers only)
    297 #   o The LDAP keytab for this server, which will be used later (real servers only)
    298 #   o Replace the ssh host keys with the ones common to all scripts servers (real servers only)
    299 #   o You'll install an LDAP certificate signed by the scripts CA later (real servers only)
    300 #   o Make sure root's .k5login is correct
    301     cat /root/.k5login
     241    ls -l /etc/whoisd-password
    302242#   o Make sure logview's .k5login is correct (real servers only)
    303 
    304 # If you are setting up a test server, pay attention to
     243    cat /home/logview/.k5login
     244
     245# Spin up OpenAFS.  This will fail if there's been a new kernel since
     246# when you last tried.  In that case, you can hold on till later to
     247# start OpenAFS.  This will take a little bit of time;
     248    service openafs-client start
     249
     250# Check that fs sysname is correct.  You should see, among others,
     251# 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you
     252# probably did a distro upgrade and should update /etc/sysconfig/openafs.
     253    fs sysname
     254
     255# [TEST SERVER] If you are setting up a test server, pay attention to
    305256# /etc/sysconfig/network-scripts and do not bind scripts' IP address.
    306257# You will also need to modify:
     
    322273# XXX: someone should write sed scripts to do this
    323274
    324 # If you are setting up a test server, afsagent's cronjob will attempt
    325 # to be renewing with the wrong credentials (daemon.scripts). Change this:
     275# [TEST SERVER] If you are setting up a test server, afsagent's cronjob
     276# will attempt to be renewing with the wrong credentials
     277# (daemon.scripts). Change this:
    326278    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    327279
    328 # Install 389-ds-base and set up replication (see ./HOWTO-SETUP-LDAP
    329 #   and ./389-ds-enable-ssl-and-kerberos.diff).
     280# Set up replication (see ./install-ldap).
     281# You'll need the LDAP keytab for this server: be sure to chown it
     282# fedora-ds after you create the fedora-ds user
     283    ls -l /etc/dirsrv/keytab
     284    cat install-ldap
    330285
    331286# Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
    332287# boot. Run chkconfig to make sure the set of services to be run is
    333288# correct.
     289    service nslcd start
     290    service nscd start
     291    service postfix start
     292    service httpd start
    334293    chkconfig dirsrv on
    335294    chkconfig nslcd on
     
    341300    chkconfig nrpe on
    342301
     302# Check sql user credentials (needs to be done after LDAP is setup)
     303    chown sql /etc/sql-mit-edu.cfg.php
     304
    343305# Postfix doesn't actually deliver mail; fix this
    344306    cd /etc/postfix
     
    349311
    350312# Run fmtutil-sys --all, which does something that makes TeX work.
     313# (Note: this errors on XeTeX which is ok.)
    351314    fmtutil-sys --all
    352     # ezyang: I got errors on xetex
    353315
    354316# Ensure that PHP isn't broken:
     
    356318    chmod 01777 /tmp/sessions
    357319
    358 # Ensure fcgid isn't broken
    359     chmod 755 /var/run/mod_fcgid # ezyang: I suspect this is no longer necessary
     320# Ensure fcgid isn't broken (should be 755)
     321    ls -ld /var/run/mod_fcgid
    360322
    361323# Fix etc by making sure none of our config files got overwritten
    362324    cd /etc
    363     svn status | grep M
    364     # ezyang: I had to revert krb5.conf (not with latest), nsswitch.conf and sysconfig/openafs
     325    svn status -q
     326    # Some usual candidates for clobbering include nsswitch.conf and
     327    # sysconfig/openafs
    365328
    366329# ThisCell got clobbered, replace it with athena.mit.edu
     
    368331
    369332# Reboot the machine to restore a consistent state, in case you
    370 # changed anything.
    371     # ezyang: When I rebooted, the following things happened:
    372     #   o Starting kdump failed (this is ok)
    373     #   o postfix mailbombed us
    374     #   o firstboot configuration screen popped up (ignored; manually will do
    375     #     chkconfig after the fact)
    376 
    377 # (Optional) Beat your head against a wall.
    378 
    379 # Possibly perform other steps that I've neglected to put in this
    380 # document.
    381 #   o For some reason, syslog-ng wasn't turning on automatically, so we weren't
    382 #     getting spew
    383 
    384 # Some info about changing hostnames: it appears to be in:
     333# changed anything. (Note: Starting kdump fails (this is ok))
     334
     335# [OPTIONAL] Your machine's hostname is baked in at install time;
     336# in the rare case you need to change it: it appears to be in:
    385337#   o /etc/sysconfig/network
    386338#   o your lvm thingies; probably don't need to edit
    387339
    388 # More stuff for test servers
     340# [TEST SERVER] More stuff for test servers
    389341#   - You need a self-signed SSL cert.  Generate with:
    390342    openssl req -new -x509 -keyout /etc/pki/tls/private/scripts.key -out /etc/pki/tls/certs/scripts.cert -nodes
     
    394346#     be an accepted vhost name
    395347#   - Look at the old test server and see what config changes are floating around
     348
     349# XXX: our SVN checkout should be updated to use scripts.mit.edu
     350# (repository and etc) once serving actually works.
     351    cd /etc
     352    svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     353    cd /usr/vice/etc
     354    svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     355    cd /srv/repository
     356    asbuild svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     357    asbuild svn up # verify scripts.mit.edu works
  • trunk/server/doc/install-xen

    r1241 r1693  
    4343    git clone ssh://scripts@scripts.mit.edu/mit/scripts/git/xen.git /etc/xen
    4444
     45# setup conserver
     46    cat /etc/conserver/console.cf # add the correct entires here
     47    visudo # add conservr to sudoers list with:
     48        conservr ALL=(ALL) NOPASSWD: /usr/sbin/xm console *
  • trunk/server/doc/kernel-build-howto

    r630 r1693  
    1919[root@old-faithful ~]# rpm -ivh kernel-vanilla{,-devel}-2.6.23.8-28.scripts1.fc7.x86_64.rpm
    2020
     21You can build kernel-firmware, which is a bunch of binary blobs for
     22hardware, by running the mock build with --arch=noarch.
     23
    2124<Build kmod-openafs>
    2225
  • trunk/server/doc/package-build-howto

    r1558 r1693  
    146146      overwrite any changes you made in place).
    147147
     148Tips
     149====
     150
     151    * Don't try to build a 32-bit package without building the 64-bit
     152      package as well.
  • trunk/server/fedora

    • Property svn:ignore set to
      .dload
      download_stamp
      rpmbuild
  • trunk/server/fedora/Makefile

    r1590 r1693  
    1919# See /COPYRIGHT in this repository for more information.
    2020
    21 upstream_yum    = krb5 krb5.i586 httpd openssh shadow-utils libpng ghostscript
     21upstream_yum    = krb5 krb5.i686 httpd openssh
    2222hackage         = MonadCatchIO-mtl-0.3.0.1 cgi-3001.1.8.1 unix-handle-0.0.0
    2323upstream_hackage = ghc-MonadCatchIO-mtl ghc-cgi ghc-unix-handle
    24 upstream        = openafs $(upstream_yum) $(upstream_hackage) moira cluster-glue heartbeat pacemaker
    25 oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i586 whoisd mit-zephyr athrun php_scripts scripts-wizard scripts-base scripts-static-cat
     24upstream        = openafs $(upstream_yum) $(upstream_hackage) moira cluster-glue heartbeat pacemaker zephyr zephyr.i686 python-zephyr
     25oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i686 whoisd athrun php_scripts scripts-wizard scripts-base scripts-static-cat
    2626allsrc          = $(upstream) $(oursrc)
    2727oursrcdir       = ${PWD}/../common/oursrc
     
    4040server_url      = "http://web.mit.edu/scripts/src"
    4141server_arch     = "fedora.stable"
    42 openafs_url     = "http://dl.openafs.org/dl/openafs/1.4.11/openafs-1.4.11-1.1.1.src.rpm"
     42#openafs_url    = "http://dl.openafs.org/dl/openafs/1.4.12/openafs-1.4.12-1.1.2.src.rpm"
     43openafs_url     = "file:///home/scripts-build/mock-local/openafs-1.4.12-1.0.pre3.src.rpm"
    4344clusterglue_url = "http://kojipkgs.fedoraproject.org/packages/cluster-glue/1.0/0.11.b79635605337.hg.fc12/src/cluster-glue-1.0-0.11.b79635605337.hg.fc12.src.rpm"
    4445heartbeat_url   = "http://kojipkgs.fedoraproject.org/packages/heartbeat/3.0.0/0.5.0daab7da36a8.hg.fc12/src/heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.src.rpm"
    4546pacemaker_url   = "http://kojipkgs.fedoraproject.org/packages/pacemaker/1.0.5/5.fc12/src/pacemaker-1.0.5-5.fc12.src.rpm"
    46 
    47 PKG             = $(patsubst %.i586,%,$@)
     47zephyr_url      = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.tar.gz"
     48
     49PKG             = $(patsubst %.i686,%,$@)
    4850
    4951.PHONY: minimal-clean
     
    5961clean: minimal-clean
    6062        rm -rf $(out_rpms) $(out_srpms) $(out_sbin)
     63        rm -f download_stamp
    6164
    6265mkdir-tree:
     
    6669
    6770download: download_stamp
    68 download_stamp: | SRPMS/mit-zephyr-2.1-6.src.rpm
     71download_stamp:
    6972        @mkdir -p $(dload); \
    7073        #wget -qO- -nv $(server_url)/$(server_arch) | xargs make
     
    7477        wget -P $(dload) $(heartbeat_url)
    7578        wget -P $(dload) $(pacemaker_url)
     79        wget -P $(dload) $(zephyr_url)
    7680        cd $(tmp_src) && wget -nd -r -l1 -np -A.orig.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-moira/
    7781        cabal update
    7882        cabal fetch $(hackage)
    7983        cp -a $(hackage:%=~/.cabal/packages/*/*/*/%.tar.gz) $(tmp_src)
     84        spectool -g -R $(specs)/python-zephyr.spec
    8085        touch download_stamp
    8186
     
    139144$(oursrc): rpmbuild_args += --define 'scriptsversion $(shell svnversion ${oursrcdir}/$** | tr ':' '_' | sed -e 's/-.*/0.uncommitted/')'
    140145
    141 $(filter %.i586,$(oursrc)): %.i586: setup
     146$(filter %.i686,$(oursrc)): %.i686: setup
    142147        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    143148        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    144         /usr/bin/mock -r scripts-fc11-i386 --arch=i586 ${rpmbuild_args} --define="_lib lib" -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    145 
    146 $(filter-out %.i586,$(oursrc)): %: setup
     149        /usr/bin/mock -r scripts-fc13-i386 --arch=i686 ${rpmbuild_args} --define="_lib lib" -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     150
     151$(filter-out %.i686,$(oursrc)): %: setup
    147152        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    148153        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    149         /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     154        /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    150155
    151156$(upstream) openafs-kernel: rpmbuild_args += --define 'scriptsversion $(shell svnversion ${patches} | tr ':' '_')'
    152157
    153 $(filter %.i586,$(upstream)): %.i586: setup patch-specs
    154         rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    155         /usr/bin/mock -r scripts-fc11-i386 --arch=i586 ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    156 
    157 $(filter-out %.i586,$(upstream)): %: setup patch-specs
    158         rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    159         /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     158$(filter %.i686,$(upstream)): %.i686: setup patch-specs
     159        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
     160        /usr/bin/mock -r scripts-fc13-i386 --arch=i686 ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     161
     162$(filter-out %.i686,$(upstream)): %: setup patch-specs
     163        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
     164        /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    160165
    161166openafs-kernel: setup
    162167        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    163168        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/openafs*.spec
    164         /usr/bin/mock -r scripts-fc11-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/openafs*.src.rpm | head -1`
     169        /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/openafs*.src.rpm | head -1`
    165170
    166171#sort -n sorts "2.6.25-1" later than "2.6.25.1-1", so it's Wrong
     
    172177openafs-kernel: rpmbuild_args += $(openafs_rpmbuild_args) --define "build_userspace 0" --define "build_modules 1"
    173178
    174 suexec: #install-srpms
    175         @rm -rf ${tmp_src}/httpd-2*/; \
    176         tar zxvf ${tmp_src}/httpd-2*.tar.gz; \
    177         cd httpd-2*; \
    178         patch -p1 < ${patches}/httpd-suexec-scripts.patch; \
    179         autoreconf; \
    180         ./configure --prefix=/etc/httpd --with-suexec-userdir=web_scripts --with-suexec-caller=apache --with-suexec-uidmin=50 --with-suexec-gidmin=50 --with-suexec-docroot=/ --with-suexec-trusteddir=/usr/libexec/scripts-trusted; \
    181         pushd support; \
    182         mkdir -p ${out_sbin}; make suexec && cp suexec ${out_sbin}; \
    183         popd; \
    184         rm -rf httpd-2*; \
    185         echo; \
    186         echo "suexec binary written to ${out_sbin}."; \
    187         echo "Run 'make install-suexec' as root to install it.";
    188 
    189 install-suexec:
    190         install -m 4510 -o 0 -g apache ${out_sbin}/suexec /usr/sbin/;
    191 
    192179frob-openafs:
    193180        @if [ ! -d "/etc/openafs/" ]; then \
     
    199186
    200187# The following packages are needed for our packages
    201 basic-deps      = kernel-devel rpm-build rpmdevtools mock gcc autoconf patch krb5-workstation glibc-devel.i586 glibc-devel libtool libgcc.i586
    202 oursrc-deps     = hesinfo openldap-clients openldap-devel.i586 php-devel
     188basic-deps      = kernel-devel rpm-build rpmdevtools mock gcc autoconf patch krb5-workstation glibc-devel.i686 glibc-devel libtool libgcc.i686
     189oursrc-deps     = hesinfo openldap-clients openldap-devel.i686 php-devel
    203190httpdmods-deps  = httpd-devel
    204191httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
    205 krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex
     192krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex libss-devel rsh
    206193openafs-deps    = pam-devel automake
    207 mit-zephyr-deps = readline-devel hesiod-devel hesiod-devel.i586 hesiod.i586 libXt.i586 #compat-readline43
     194moira-deps      = e2fsprogs-devel
     195zephyr-deps     = hesiod-devel libss-devel krb5-devel readline-devel
    208196openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth pango-devel cairo-devel libedit-devel nss-devel fipscheck-devel
    209197php-deps        = bzip2-devel curl-devel gmp-devel libstdc++-devel sqlite-devel gcc-c++ libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel libXpm-devel libjpeg-devel t1lib-devel libmcrypt-devel mhash-devel libtidy-devel freetds-devel aspell-devel recode-devel
    210198haskell-deps    = cabal-install
    211199install-deps:
    212         yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(mit-zephyr-deps) $(openssh-deps) $(php-deps) $(haskell-deps)
    213         rpm -ivh http://kojipkgs.fedoraproject.org/packages/compat-readline43/4.3/3/i386/compat-readline43-4.3-3.i386.rpm
     200        yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(moira-deps) $(zephyr-deps) $(openssh-deps) $(php-deps) $(haskell-deps)
     201# XXX: We need to figure out what's going on with compat-readline43
     202#       rpm -ivh http://kojipkgs.fedoraproject.org/packages/compat-readline43/4.3/3/i386/compat-readline43-4.3-3.i386.rpm
    214203#       rpm -ivh http://download.fedora.redhat.com/pub/fedora/linux/core/6/i386/os/Fedora/RPMS/compat-readline43-4.3-3.i386.rpm
    215204
  • trunk/server/fedora/config/etc

  • trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf

    r1267 r1693  
    11ServerName scripts.mit.edu
    2 ServerAlias scripts 18.181.0.43 scripts-vhosts.mit.edu scripts-vhosts 18.181.0.46 scripts-test.mit.edu scripts-test 18.181.0.229 better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.181.0.57 old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.181.0.53 bees-knees.mit.edu bees-knees b-k.mit.edu b-k sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.167 cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.181.0.228 pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.181.0.237 busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.181.0.234 real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.181.0.235 localhost 127.0.0.1 ::1
     2ServerAlias scripts 18.181.0.43 scripts-vhosts.mit.edu scripts-vhosts 18.181.0.46 scripts-test.mit.edu scripts-test 18.181.0.229 better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.181.0.57 old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.181.0.53 bees-knees.mit.edu bees-knees b-k.mit.edu b-k sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.167 cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.181.0.228 pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.181.0.237 busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.181.0.234 real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.181.0.235 w-e whole-enchilada w-e.mit.edu whole-enchilada.mit.edu 18.181.0.236 localhost 127.0.0.1 ::1
  • trunk/server/fedora/config/etc/postfix/main.cf

    r1443 r1693  
    1717recipient_delimiter = +
    1818inet_interfaces = all
    19 readme_directory = /usr/share/doc/postfix-2.5.6/README_FILES
    20 sample_directory = /usr/share/doc/postfix-2.5.6/samples
     19readme_directory = /usr/share/doc/postfix-2.7.0/README_FILES
     20sample_directory = /usr/share/doc/postfix-2.7.0/samples
    2121sendmail_path = /usr/sbin/sendmail
    2222html_directory = no
  • trunk/server/fedora/config/etc/ssh/sshd_config

    r1267 r1693  
    55GSSAPIAuthentication yes
    66GSSAPICleanupCredentials yes
     7GSSAPIStrictAcceptorCheck no
    78UsePAM yes
    89AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
  • trunk/server/fedora/config/etc/sysconfig/openafs

    r1259 r1693  
    1212          Leonidas)
    1313            /usr/bin/fs sysname 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
     14          Goddard)
     15            /usr/bin/fs sysname 'amd64_fedora13_scripts' 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora13' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
    1416          *)
    1517            echo "Warning: unknown platform. AFS sysname not set."
  • trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl

    r1584 r1693  
    115115        } elsif ($message =~ m|^ *nrpe .* COMMAND=/etc/nagios/check_ldap_mmr.real$|) {
    116116        } elsif ($message =~ m|^ *root : TTY=|) {
     117        } elsif ($message =~ m|^Set /proc/self/oom_adj to 0|) {
    117118        } else {
    118119            sendmsg($message, "scripts-spew");
  • trunk/server/fedora/config/etc/yum.repos.d/scripts.repo

    r1424 r1693  
    11[scripts]
    22name=Scripts
    3 baseurl=http://web.mit.edu/scripts/rpm-fc11/
     3baseurl=http://web.mit.edu/scripts/rpm-fc13/
    44enabled=1
    55gpgcheck=0
     
    77[scripts-testing]
    88name=Scripts Testing
    9 baseurl=http://web.mit.edu/scripts/rpm-fc11-testing/
     9baseurl=http://web.mit.edu/scripts/rpm-fc13-testing/
    1010enabled=0
    1111gpgcheck=0
  • trunk/server/fedora/specs/ghc-MonadCatchIO-mtl.spec

    r1590 r1693  
    11%global pkg_name MonadCatchIO-mtl
    22
    3 %bcond_without doc
    4 %bcond_without prof
     3%global common_summary Haskell %{pkg_name} library
    54
    6 # ghc does not emit debug information
     5%global common_description A %{pkg_name} library for Haskell.
     6
     7# add any Haskell library dependencies here:
     8%global ghc_pkg_deps ghc-mtl-devel
     9
     10# add any foreign library dependencies here:
     11#%%global ghc_pkg_c_deps @CDEP1@-devel
     12
     13%bcond_without shared
     14
     15# debuginfo is not useful for ghc
    716%global debug_package %{nil}
    817
     
    1019Version:        0.3.0.1
    1120Release:        0.%{scriptsversion}%{?dist}
    12 Summary:        Haskell %{pkg_name} library
     21Summary:        %{common_summary}
    1322
    14 Group:          Development/Libraries
     23Group:          System Environment/Libraries
    1524License:        BSD
    1625URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     
    1928# fedora ghc archs:
    2029ExclusiveArch:  %{ix86} x86_64 ppc alpha
    21 BuildRequires:  ghc, ghc-rpm-macros
    22 %if %{with doc}
    23 BuildRequires:  ghc-doc
    24 %endif
    25 %if %{with prof}
    26 BuildRequires:  ghc-prof
    27 %endif
     30BuildRequires:  ghc, ghc-doc, ghc-prof
     31BuildRequires:  ghc-rpm-macros >= 0.7.0
     32%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
     33%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
    2834
    2935%description
    30 This package provides the Haskell %{pkg_name} library for ghc.
    31 
    32 
    33 %package devel
    34 Summary:        Haskell %{pkg_name} library
    35 Group:          Development/Libraries
    36 Requires:       ghc = %{ghc_version}
    37 Requires(post): ghc = %{ghc_version}
    38 Requires(preun): ghc = %{ghc_version}
    39 
    40 %description devel
    41 This package contains the development files for %{name}
    42 built for ghc-%{ghc_version}.
    43 
    44 
    45 %if %{with doc}
    46 %package doc
    47 Summary:        Documentation for %{name}
    48 Group:          Development/Libraries
    49 Requires:       ghc-doc = %{ghc_version}
    50 Requires(post): ghc-doc = %{ghc_version}
    51 Requires(postun): ghc-doc = %{ghc_version}
    52 
    53 %description doc
    54 This package contains development documentation files for
    55 the %{name} library.
     36%{common_description}
     37%if %{with shared}
     38This package provides the shared library.
    5639%endif
    5740
    5841
    59 %if %{with prof}
    60 %package prof
    61 Summary:        Profiling libraries for %{name}
    62 Group:          Development/Libraries
    63 Requires:       %{name}-devel = %{version}-%{release}
    64 Requires:       ghc-prof = %{ghc_version}
    65 
    66 %description prof
    67 This package contains profiling libraries for %{name}
    68 built for ghc-%{ghc_version}.
    69 %endif
     42%{?ghc_lib_package}
    7043
    7144
     
    7548
    7649%build
    77 %cabal_configure --ghc %{?with_prof:-p}
    78 %cabal build
    79 %if %{with doc}
    80 %cabal haddock
    81 %endif
    82 %ghc_gen_scripts
     50%ghc_lib_build
    8351
    8452
    8553%install
    8654rm -rf $RPM_BUILD_ROOT
    87 %cabal_install
    88 %ghc_install_scripts
    89 %ghc_gen_filelists %{name}
     55%ghc_lib_install
    9056
    9157
     
    9460
    9561
    96 %post devel
    97 %ghc_register_pkg
    98 
    99 
    100 %if %{with doc}
    101 %post doc
    102 %ghc_reindex_haddock
    103 %endif
    104 
    105 
    106 %preun devel
    107 if [ "$1" -eq 0 ] ; then
    108   %ghc_unregister_pkg
    109 fi
    110 
    111 
    112 %if %{with doc}
    113 %postun doc
    114 if [ "$1" -eq 0 ] ; then
    115   %ghc_reindex_haddock
    116 fi
    117 %endif
    118 
    119 
    120 %files devel -f %{name}-devel.files
    121 %defattr(-,root,root,-)
    122 #%{_docdir}/%{name}-%{version}
    123 
    124 
    125 %if %{with doc}
    126 %files doc -f %{name}-doc.files
    127 %defattr(-,root,root,-)
    128 %endif
    129 
    130 
    131 %if %{with prof}
    132 %files prof -f %{name}-prof.files
    133 %defattr(-,root,root,-)
    134 %endif
    135 
    136 
    13762%changelog
    138 * Mon Mar 15 2010 Anders Kaseorg <andersk@mit.edu> - 0.3.0.1-0
    139 - initial packaging for Fedora automatically generated by cabal2spec
     63* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.3.0.1-0
     64- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/ghc-cgi.spec

    r1590 r1693  
    11%global pkg_name cgi
    22
    3 %bcond_without doc
    4 %bcond_without prof
     3%global common_summary Haskell %{pkg_name} library
    54
    6 # ghc does not emit debug information
     5%global common_description A %{pkg_name} library for Haskell.
     6
     7# add any Haskell library dependencies here:
     8%global ghc_pkg_deps ghc-network-devel, ghc-parsec-devel, ghc-mtl-devel, ghc-MonadCatchIO-mtl-devel, ghc-xhtml-devel
     9
     10# add any foreign library dependencies here:
     11#%%global ghc_pkg_c_deps @CDEP1@-devel
     12
     13%bcond_without shared
     14
     15# debuginfo is not useful for ghc
    716%global debug_package %{nil}
    817
     
    1019Version:        3001.1.8.1
    1120Release:        0.%{scriptsversion}%{?dist}
    12 Summary:        Haskell %{pkg_name} library
     21Summary:        %{common_summary}
    1322
    14 Group:          Development/Libraries
     23Group:          System Environment/Libraries
    1524License:        BSD
    1625URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     
    1928# fedora ghc archs:
    2029ExclusiveArch:  %{ix86} x86_64 ppc alpha
    21 BuildRequires:  ghc, ghc-rpm-macros, ghc-MonadCatchIO-mtl-devel
    22 %if %{with doc}
    23 BuildRequires:  ghc-doc, ghc-MonadCatchIO-mtl-doc
    24 %endif
    25 %if %{with prof}
    26 BuildRequires:  ghc-prof, ghc-MonadCatchIO-mtl-prof
    27 %endif
     30BuildRequires:  ghc, ghc-doc, ghc-prof
     31BuildRequires:  ghc-rpm-macros >= 0.7.0
     32%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
     33%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
    2834
    2935%description
    30 This package provides the Haskell %{pkg_name} library for ghc.
    31 
    32 
    33 %package devel
    34 Summary:        Haskell %{pkg_name} library
    35 Group:          Development/Libraries
    36 Requires:       ghc = %{ghc_version}, ghc-MonadCatchIO-mtl-devel
    37 Requires(post): ghc = %{ghc_version}, ghc-MonadCatchIO-mtl-devel
    38 Requires(preun): ghc = %{ghc_version}, ghc-MonadCatchIO-mtl-devel
    39 
    40 %description devel
    41 This package contains the development files for %{name}
    42 built for ghc-%{ghc_version}.
    43 
    44 
    45 %if %{with doc}
    46 %package doc
    47 Summary:        Documentation for %{name}
    48 Group:          Development/Libraries
    49 Requires:       ghc-doc = %{ghc_version}, ghc-MonadCatchIO-mtl-doc
    50 Requires(post): ghc-doc = %{ghc_version}, ghc-MonadCatchIO-mtl-doc
    51 Requires(postun): ghc-doc = %{ghc_version}, ghc-MonadCatchIO-mtl-doc
    52 
    53 %description doc
    54 This package contains development documentation files for
    55 the %{name} library.
     36%{common_description}
     37%if %{with shared}
     38This package provides the shared library.
    5639%endif
    5740
    5841
    59 %if %{with prof}
    60 %package prof
    61 Summary:        Profiling libraries for %{name}
    62 Group:          Development/Libraries
    63 Requires:       %{name}-devel = %{version}-%{release}
    64 Requires:       ghc-prof = %{ghc_version}, ghc-MonadCatchIO-mtl-prof
    65 
    66 %description prof
    67 This package contains profiling libraries for %{name}
    68 built for ghc-%{ghc_version}.
    69 %endif
     42%{?ghc_lib_package}
    7043
    7144
     
    7548
    7649%build
    77 %cabal_configure --ghc %{?with_prof:-p}
    78 %cabal build
    79 %if %{with doc}
    80 %cabal haddock
    81 %endif
    82 %ghc_gen_scripts
     50%ghc_lib_build
    8351
    8452
    8553%install
    8654rm -rf $RPM_BUILD_ROOT
    87 %cabal_install
    88 %ghc_install_scripts
    89 %ghc_gen_filelists %{name}
     55%ghc_lib_install
    9056
    9157
     
    9460
    9561
    96 %post devel
    97 %ghc_register_pkg
    98 
    99 
    100 %if %{with doc}
    101 %post doc
    102 %ghc_reindex_haddock
    103 %endif
    104 
    105 
    106 %preun devel
    107 if [ "$1" -eq 0 ] ; then
    108   %ghc_unregister_pkg
    109 fi
    110 
    111 
    112 %if %{with doc}
    113 %postun doc
    114 if [ "$1" -eq 0 ] ; then
    115   %ghc_reindex_haddock
    116 fi
    117 %endif
    118 
    119 
    120 %files devel -f %{name}-devel.files
    121 %defattr(-,root,root,-)
    122 %{_docdir}/%{name}-%{version}
    123 
    124 
    125 %if %{with doc}
    126 %files doc -f %{name}-doc.files
    127 %defattr(-,root,root,-)
    128 %endif
    129 
    130 
    131 %if %{with prof}
    132 %files prof -f %{name}-prof.files
    133 %defattr(-,root,root,-)
    134 %endif
    135 
    136 
    13762%changelog
    138 * Mon Mar 15 2010 Anders Kaseorg <andersk@mit.edu> - 3001.1.8.1-0
    139 - initial packaging for Fedora automatically generated by cabal2spec
     63* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 3001.1.8.1-0
     64- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/ghc-unix-handle.spec

    r1590 r1693  
    11%global pkg_name unix-handle
    22
    3 %bcond_without doc
    4 %bcond_without prof
     3%global common_summary Haskell %{pkg_name} library
    54
    6 # ghc does not emit debug information
     5%global common_description A %{pkg_name} library for Haskell.
     6
     7# add any Haskell library dependencies here:
     8#%%global ghc_pkg_deps ghc-@DEP1@-devel, ghc-@DEP2@-devel
     9
     10# add any foreign library dependencies here:
     11#%%global ghc_pkg_c_deps @CDEP1@-devel
     12
     13%bcond_without shared
     14
     15# debuginfo is not useful for ghc
    716%global debug_package %{nil}
    817
     
    1019Version:        0.0.0
    1120Release:        0.%{scriptsversion}%{?dist}
    12 Summary:        Haskell %{pkg_name} library
     21Summary:        %{common_summary}
    1322
    14 Group:          Development/Libraries
     23Group:          System Environment/Libraries
    1524License:        BSD
    1625URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     
    1928# fedora ghc archs:
    2029ExclusiveArch:  %{ix86} x86_64 ppc alpha
    21 BuildRequires:  ghc, ghc-rpm-macros
    22 %if %{with doc}
    23 BuildRequires:  ghc-doc
    24 %endif
    25 %if %{with prof}
    26 BuildRequires:  ghc-prof
    27 %endif
     30BuildRequires:  ghc, ghc-doc, ghc-prof
     31BuildRequires:  ghc-rpm-macros >= 0.7.0
     32%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
     33%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
    2834
    2935%description
    30 This package provides the Haskell %{pkg_name} library for ghc.
    31 
    32 
    33 %package devel
    34 Summary:        Haskell %{pkg_name} library
    35 Group:          Development/Libraries
    36 Requires:       ghc = %{ghc_version}
    37 Requires(post): ghc = %{ghc_version}
    38 Requires(preun): ghc = %{ghc_version}
    39 
    40 %description devel
    41 This package contains the development files for %{name}
    42 built for ghc-%{ghc_version}.
    43 
    44 
    45 %if %{with doc}
    46 %package doc
    47 Summary:        Documentation for %{name}
    48 Group:          Development/Libraries
    49 Requires:       ghc-doc = %{ghc_version}
    50 Requires(post): ghc-doc = %{ghc_version}
    51 Requires(postun): ghc-doc = %{ghc_version}
    52 
    53 %description doc
    54 This package contains development documentation files for
    55 the %{name} library.
     36%{common_description}
     37%if %{with shared}
     38This package provides the shared library.
    5639%endif
    5740
    5841
    59 %if %{with prof}
    60 %package prof
    61 Summary:        Profiling libraries for %{name}
    62 Group:          Development/Libraries
    63 Requires:       %{name}-devel = %{version}-%{release}
    64 Requires:       ghc-prof = %{ghc_version}
    65 
    66 %description prof
    67 This package contains profiling libraries for %{name}
    68 built for ghc-%{ghc_version}.
    69 %endif
     42%{?ghc_lib_package}
    7043
    7144
     
    7548
    7649%build
    77 %cabal_configure --ghc %{?with_prof:-p}
    78 %cabal build
    79 %if %{with doc}
    80 %cabal haddock
    81 %endif
    82 %ghc_gen_scripts
     50%ghc_lib_build
    8351
    8452
    8553%install
    8654rm -rf $RPM_BUILD_ROOT
    87 %cabal_install
    88 %ghc_install_scripts
    89 %ghc_gen_filelists %{name}
     55%ghc_lib_install
    9056
    9157
     
    9460
    9561
    96 %post devel
    97 %ghc_register_pkg
    98 
    99 
    100 %if %{with doc}
    101 %post doc
    102 %ghc_reindex_haddock
    103 %endif
    104 
    105 
    106 %preun devel
    107 if [ "$1" -eq 0 ] ; then
    108   %ghc_unregister_pkg
    109 fi
    110 
    111 
    112 %if %{with doc}
    113 %postun doc
    114 if [ "$1" -eq 0 ] ; then
    115   %ghc_reindex_haddock
    116 fi
    117 %endif
    118 
    119 
    120 %files devel -f %{name}-devel.files
    121 %defattr(-,root,root,-)
    122 %{_docdir}/%{name}-%{version}
    123 
    124 
    125 %if %{with doc}
    126 %files doc -f %{name}-doc.files
    127 %defattr(-,root,root,-)
    128 %endif
    129 
    130 
    131 %if %{with prof}
    132 %files prof -f %{name}-prof.files
    133 %defattr(-,root,root,-)
    134 %endif
    135 
    136 
    13762%changelog
    138 * Mon Mar 15 2010 Anders Kaseorg <andersk@mit.edu> - 0.0.0-0
    139 - initial packaging for Fedora automatically generated by cabal2spec
     63* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.0.0-0
     64- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/httpd.spec.patch

    r1607 r1693  
    1 --- httpd.spec.orig     2010-08-26 21:00:40.771666965 -0400
    2 +++ httpd.spec  2010-08-26 21:01:56.601668199 -0400
     1--- httpd.spec.orig     2010-07-27 11:55:33.000000000 -0400
     2+++ httpd.spec  2010-09-06 20:45:28.000000000 -0400
    33@@ -7,7 +7,7 @@
    44 Summary: Apache HTTP Server
    55 Name: httpd
    6  Version: 2.2.15
    7 -Release: 1%{?dist}.1
    8 +Release: 1%{?dist}.1.scripts.%{scriptsversion}
     6 Version: 2.2.16
     7-Release: 1%{?dist}
     8+Release: 1%{?dist}.scripts.%{scriptsversion}
    99 URL: http://httpd.apache.org/
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
     
    3333 %description devel
    3434 The httpd-devel package contains the APXS binary and other files
    35 @@ -102,6 +111,7 @@
     35@@ -103,6 +112,7 @@
    3636 Requires(post): openssl >= 0.9.7f-4, /bin/cat
    3737 Requires(pre): httpd
     
    4141 
    4242 %description -n mod_ssl
    43 @@ -129,6 +139,13 @@
     43@@ -130,6 +140,13 @@
    4444 # Patch in vendor/release string
    4545 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    5555 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5656 if test "x${vmmn}" != "x%{mmn}"; then
    57 @@ -177,10 +194,12 @@
     57@@ -178,10 +195,12 @@
    5858         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    5959        --enable-suexec --with-suexec \
  • trunk/server/fedora/specs/krb5.spec.patch

    r1562 r1693  
    1 --- krb5.spec.orig      2010-05-18 14:16:44.000000000 -0400
    2 +++ krb5.spec   2010-05-20 10:20:32.000000000 -0400
    3 @@ -16,7 +16,7 @@
    4  Summary: The Kerberos network authentication system.
     1--- rpmbuild/SPECS/krb5.spec.orig       2010-08-25 11:36:57.000000000 -0400
     2+++ rpmbuild/SPECS/krb5.spec    2010-09-12 20:47:47.000000000 -0400
     3@@ -10,7 +10,7 @@
     4 Summary: The Kerberos network authentication system
    55 Name: krb5
    6  Version: 1.6.3
    7 -Release: 31%{?dist}
    8 +Release: 31%{?dist}.scripts.%{scriptsversion}
     6 Version: 1.7.1
     7-Release: 13%{?dist}
     8+Release: 13%{?dist}.scripts.%{scriptsversion}
    99 # Maybe we should explode from the now-available-to-everybody tarball instead?
    10  # http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
     10 # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
    1111 Source0: krb5-%{version}.tar.gz
    12 @@ -114,6 +114,8 @@
    13  Patch88: krb5-1.6.1-cs22427.patch
    14  Patch89: krb5-CVE-2010-1321-1.6.1.patch
     12@@ -92,6 +92,8 @@
     13 Patch103: krb5-1.7.1-24139.patch
     14 Patch104: krb5-1.7.1-explife.patch
    1515 
    1616+Patch1000: krb5-kuserok-scripts.patch
     
    1919 URL: http://web.mit.edu/kerberos/www/
    2020 Group: System Environment/Libraries
    21 @@ -155,6 +157,7 @@
     21@@ -136,6 +138,7 @@
     22 %package libs
     23 Summary: The shared libraries used by Kerberos 5
    2224 Group: System Environment/Libraries
    23  Prereq: grep, /sbin/ldconfig, sh-utils
    24  Obsoletes: krb5-configs
    2525+Provides: scripts-krb5-libs
    2626 
    2727 %description libs
    2828 Kerberos is a network authentication system. The krb5-libs package
    29 @@ -1478,6 +1481,7 @@
    30  %patch87 -p0 -b .kpasswd_ipv6
    31  %patch88 -p0 -b .cs22427
    32  %patch89 -p1 -b .CVE-2010-1321
     29@@ -1654,6 +1657,7 @@
     30 %patch102 -p1 -b .CVE-2010-1321
     31 %patch103 -p1 -b .24139
     32 %patch104 -p0 -b .explife
    3333+%patch1000 -p1 -b .kuserok
    34  cp src/krb524/README README.krb524
    3534 gzip doc/*.ps
    3635 
     36 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
  • trunk/server/fedora/specs/openafs.spec.patch

    r1555 r1693  
    1 --- openafs.spec.orig
    2 +++ openafs.spec
     1--- openafs.spec.orig   2010-09-10 18:21:53.000000000 -0400
     2+++ openafs.spec        2010-09-10 18:34:30.000000000 -0400
    33@@ -8,7 +8,7 @@
    44 # for beta/rc releases make pkgrel 0.X.<tag>
    55 # for real releases make pkgrel 1 (or more for extra releases)
    66 #%define pkgrel 0.1.rc1
    7 -%define pkgrel 1.1
    8 +%define pkgrel 1.1.99scripts.%{scriptsversion}
     7-%define pkgrel 0.pre3
     8+%define pkgrel 0.pre3.99scripts.%{scriptsversion}
    99 
    1010 %if %{?osvers:0}%{!?osvers:1}
    1111 %define osvers 1
    12 @@ -261,6 +261,11 @@
     12@@ -261,6 +261,10 @@
    1313 %endif
    1414 ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64
     
    1717+Patch1003: openafs-localcsdb.patch
    1818+Patch1005: openafs-numsysnames.patch
    19 +Patch1006: openafs-release-glock.patch
    2019+
    2120 #    http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/...
    2221 Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2
    2322 Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2
    24 @@ -343,6 +348,7 @@
     23@@ -343,6 +347,7 @@
    2524 %if %{build_userspace}
    2625 
    2726 %package client
    2827+Provides: scripts-openafs-client
    29  Requires: binutils, openafs = %{PACKAGE_VERSION}
     28 Requires: binutils, openafs = %{version}
    3029 
    3130 %if %{fedorakmod}
    32 @@ -403,6 +409,7 @@
     31@@ -403,6 +408,7 @@
    3332 
    3433 %if %{build_authlibs}
     
    3837 Group: Networking/Filesystems
    3938 
    40 @@ -419,6 +426,7 @@
     39@@ -419,6 +425,7 @@
    4140 %endif
    4241 
     
    4443+Provides: scripts-openafs-authlibs-devel
    4544 %if %{build_authlibs}
    46  Requires: openafs-authlibs = %{PACKAGE_VERSION}
     45 Requires: openafs-authlibs = %{version}
    4746 %endif
    48 @@ -437,6 +445,7 @@
     47@@ -437,6 +444,7 @@
    4948 libraries.
    5049 
     
    5453 Group: Development/Filesystems
    5554 
    56 @@ -465,6 +474,7 @@
     55@@ -465,6 +473,7 @@
    5756 administrators.
    5857 
     
    6160 Summary: OpenAFS Kernel Module source tree
    6261 Group: Networking/Filesystems
    63  Provides: openafs-kernel = %{PACKAGE_VERSION}
    64 @@ -514,6 +524,7 @@
     62 Provides: openafs-kernel = %{version}
     63@@ -514,6 +523,7 @@
    6564 
    6665 %if %{krb5support}
     
    6867+Provides: scripts-openafs-krb5
    6968 Summary: OpenAFS programs to use with krb5
    70  Requires: openafs = %{PACKAGE_VERSION}
     69 Requires: openafs = %{version}
    7170 Group: Networking/Filesystems
    72 @@ -540,7 +551,7 @@
     71@@ -540,7 +550,7 @@
    7372 %if %{build_modules}
    7473 
     
    7978 %else
    8079 
    81 @@ -699,6 +710,10 @@
     80@@ -699,6 +709,9 @@
    8281 
    8382 # Patch openafs to build a kernel module named "openafs" instead of "libafs"
     
    8685+%patch1003 -p1 -b .localcsdb
    8786+%patch1005 -p1 -b .numsysnames
    88 +%patch1006 -p1 -b .release-glock
    8987 
    9088 ##############################################################################
    9189 #
    92 @@ -1209,7 +1224,7 @@
    93  rm -rf $RPM_BUILD_ROOT%{_sbindir}/kdump*
    94  
    95  # remove man pages from programs deleted above
    96 -for f in 1/dlog 1/dpass 1/livesys 1/xstat_cm_test 1/xstat_fs_test 8/kdb 8/kpwvalid 8/xfs_size_check 1/package_test 5/package 8/package ; do
    97 +for f in 1/compile_et 1/dlog 1/dpass 1/livesys 1/xstat_cm_test 1/xstat_fs_test 8/kdb 8/kpwvalid 8/xfs_size_check 1/package_test 5/package 8/package ; do
    98    rm -f $RPM_BUILD_ROOT%{_mandir}/man$f.*
    99  done
    100  
    101 @@ -1569,7 +1584,6 @@
    102  %{_libdir}/librxstat.a
    103  %{_libdir}/libubik.a
    104  %{_mandir}/man1/rxgen.*
    105 -%{_mandir}/man1/compile_et.*
    106  
    107  %if %{build_dkmspkg}
    108  %files -n dkms-%{name}
  • trunk/server/fedora/specs/openssh.spec.patch

    r1531 r1693  
    1 --- openssh.spec.orig   2010-03-30 02:27:53.000000000 -0400
    2 +++ openssh.spec        2010-03-30 02:30:09.000000000 -0400
    3 @@ -63,7 +63,7 @@
     1--- openssh.spec.orig   2010-05-31 06:20:02.000000000 -0400
     2+++ openssh.spec        2010-09-06 21:53:21.000000000 -0400
     3@@ -74,7 +74,7 @@
    44 Summary: An open source implementation of SSH protocol versions 1 and 2
    55 Name: openssh
    6  Version: 5.2p1
    7 -Release: 6%{?dist}%{?rescue_rel}
    8 +Release: 6%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}
     6 Version: 5.4p1
     7-Release: %{openssh_rel}%{?dist}%{?rescue_rel}
     8+Release: %{openssh_rel}%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}
    99 URL: http://www.openssh.com/portable.html
     10 #URL1: http://pamsshagentauth.sourceforge.net
    1011 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
    11  #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
    12 @@ -74,6 +74,8 @@
    13  Source1: openssh-nukeacss.sh
    14  Source2: sshd.pam
     12@@ -88,6 +88,7 @@
    1513 Source3: sshd.init
    16 +Patch1000: openssh-5.0p1-multihomed.patch
     14 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
     15 Source5: pam_ssh_agent-rmheaders
    1716+Patch1001: openssh-4.7p1-gssapi-name-in-env.patch
    18  Patch0: openssh-5.2p1-redhat.patch
    19  Patch2: openssh-5.1p1-skip-initial.patch
    20  Patch3: openssh-3.8.1p1-krb5-config.patch
    21 @@ -161,6 +163,7 @@
     17 Patch0: openssh-5.4p1-redhat.patch
     18 Patch2: openssh-5.3p1-skip-initial.patch
     19 Patch4: openssh-5.2p1-vendor.patch
     20@@ -175,6 +177,7 @@
    2221 Requires(post): chkconfig >= 0.9, /sbin/service
    2322 Requires(pre): /usr/sbin/useradd
     
    2726 %package askpass
    2827 Summary: A passphrase dialog for OpenSSH and X
    29 @@ -231,6 +234,9 @@
    30  %patch65 -p1 -b .fips
    31  %patch67 -p1 -b .selabel
     28@@ -267,6 +270,8 @@
     29 %patch75 -p1 -b .dso
     30 %patch76 -p1 -b .bz595935
    3231 
    33 +%patch1000 -p1 -b .multihomed
    3432+%patch1001 -p1 -b .gssapi-env
    3533+
  • trunk/server/fedora/specs/scripts-base.spec

    r1507 r1693  
    99Source: %{name}.tar.gz
    1010BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root
    11 Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, php_scripts, scripts-shadow-utils
     11Requires: accountadm, execsys, scripts-kmod-openafs, scripts-krb5-libs, scripts-httpd, scripts-mod_ssl, openafs, scripts-openafs-client, scripts-openafs-authlibs, scripts-openafs-devel, scripts-openafs-krb5, openafs-docs, scripts-openssh-server, sql-signup, tokensys, whoisd, logview, nss-ldapd, php_scripts, zephyr, httpdmods, nss_nonlocal, nss_nonlocal.i686
    1212%define debug_package %{nil}
    1313
  • trunk/server/fedora/specs/scripts-static-cat.spec

    r1590 r1693  
     1# link with shared libs
     2# andersk: Disabled for 3x faster startup speed.
     3#%%bcond_without dynamic
     4
    15# ghc does not emit debug information
    26%global debug_package %{nil}
     
    1418# fedora ghc archs:
    1519ExclusiveArch:  %{ix86} x86_64 ppc alpha
    16 BuildRequires:  ghc, ghc-rpm-macros, ghc-cgi-devel >= 3001.1.8, ghc-MonadCatchIO-mtl-devel, ghc-unix-handle-devel
     20BuildRequires:  ghc
     21BuildRequires:  ghc-rpm-macros >= 0.7.0
     22BuildRequires:  ghc-cgi-devel >= 3001.1.8, ghc-MonadCatchIO-mtl-devel, ghc-unix-handle-devel
    1723
    1824%description
     
    2531
    2632%build
    27 %cabal_configure --ghc
    28 %cabal build
     33%ghc_bin_build
    2934
    3035
    3136%install
    3237rm -rf $RPM_BUILD_ROOT
    33 %cabal_install
     38%ghc_bin_install
    3439
    3540
     
    4449
    4550%changelog
    46 * Sun Mar 14 2010 Anders Kaseorg <andersk@mit.edu> - 0.0-0
    47 - initial packaging for Fedora automatically generated by cabal2spec
     51* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.0-0
     52- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
Note: See TracChangeset for help on using the changeset viewer.