Changeset 2066


Ignore:
Timestamp:
Nov 22, 2011, 12:45:17 AM (11 years ago)
Author:
achernya
Message:
Merge branches/fc15-dev to trunk
Location:
trunk
Files:
13 deleted
60 edited
25 copied

Legend:

Unmodified
Added
Removed
  • trunk

  • trunk/locker

  • trunk/locker/bin

  • trunk/locker/bin/crontab

    • Property svn:mergeinfo deleted
  • trunk/locker/deploy/bin

  • trunk/locker/deploy/bin/django

  • trunk/locker/deploy/bin/rails

  • trunk/locker/deploy/bin/trac

  • trunk/locker/sql/bin/save-password

  • trunk/server/common/oursrc/execsys/execsys-binfmt

  • trunk/server/common/oursrc/php_scripts/php_scripts-config.m4

  • trunk/server/common/oursrc/tokensys/configure.in

    r38 r2066  
    2424REQUIRE_PATH(aklog)
    2525
     26AC_ARG_WITH(fs,
     27[  --with-fs[=PATH]          fs is located at PATH],[
     28  if test "$withval" != "no" -a "$withval" != "yes"; then
     29    fs_path="$withval"
     30  fi
     31])
     32REQUIRE_PATH(fs)
     33
    2634AC_OUTPUT(Makefile)
    2735AC_OUTPUT(renew)
     36AC_OUTPUT(scripts-afsagent-startup)
  • trunk/server/common/oursrc/tokensys/renew.in

    r1594 r2066  
    22
    33# This script renews afsagent's tickets and tokens.
    4 # It is called by afsagent's crontab every 8 hours.
     4# It is called by systemd on a regular schedule.
    55
    66export KRB5CCNAME=/home/afsagent/krb5cc
  • trunk/server/common/oursrc/whoisd/Makefile.in

    r763 r2066  
    11install:
    22        install -Dpm 644 whoisd.tac ${DESTDIR}@libexecdir@/whoisd.tac
    3         install -Dpm 644 crontab ${DESTDIR}/etc/cron.d/whoisd
     3        install -Dpm 644 scripts-whoisd.service ${DESTDIR}/lib/systemd/system/scripts-whoisd.service
    44
    55clean:
    66        rm -f ${DESTDIR}@libexecdir@/whoisd.tac
    7         rm -f ${DESTDIR}/etc/cron.d/whoisd
     7        rm -f ${DESTDIR}/lib/systemd/system/scripts-whoisd.service
  • trunk/server/common/patches/krb5-kuserok-scripts.patch

    r1693 r2066  
    11# scripts.mit.edu krb5 kuserok patch
    22# Copyright (C) 2006  Tim Abbott <tabbott@mit.edu>
     3#               2011  Alexander Chernyakhovsky <achernya@mit.edu>
    34#
    45# This program is free software; you can redistribute it and/or
     
    1819# See /COPYRIGHT in this repository for more information.
    1920#
    20 --- krb5-1.6.3/src/lib/krb5/os/kuserok.c.old    2009-04-08 06:17:06.000000000 -0400
    21 +++ krb5-1.6.3/src/lib/krb5/os/kuserok.c        2009-04-08 06:17:18.000000000 -0400
    22 @@ -31,6 +31,7 @@
    23  #if !defined(_WIN32)           /* Not yet for Windows */
     21--- krb5-1.9/src/lib/krb5/os/kuserok.c.old      2011-04-16 19:09:58.000000000 -0400
     22+++ krb5-1.9/src/lib/krb5/os/kuserok.c  2011-04-16 19:34:23.000000000 -0400
     23@@ -32,6 +32,7 @@
     24 #if !defined(_WIN32)            /* Not yet for Windows */
    2425 #include <stdio.h>
    2526 #include <pwd.h>
     
    2829 #if defined(_AIX) && defined(_IBMR2)
    2930 #include <sys/access.h>
    30 @@ -71,7 +72,6 @@
     31@@ -51,39 +52,6 @@
     32 enum result { ACCEPT, REJECT, PASS };
     33 
     34 /*
     35- * Find the k5login filename for luser, either in the user's homedir or in a
     36- * configured directory under the username.
     37- */
     38-static krb5_error_code
     39-get_k5login_filename(krb5_context context, const char *luser,
     40-                     const char *homedir, char **filename_out)
     41-{
     42-    krb5_error_code ret;
     43-    char *dir, *filename;
     44-
     45-    *filename_out = NULL;
     46-    ret = profile_get_string(context->profile, KRB5_CONF_LIBDEFAULTS,
     47-                             KRB5_CONF_K5LOGIN_DIRECTORY, NULL, NULL, &dir);
     48-    if (ret != 0)
     49-        return ret;
     50-
     51-    if (dir == NULL) {
     52-        /* Look in the user's homedir. */
     53-        if (asprintf(&filename, "%s/.k5login", homedir) < 0)
     54-            return ENOMEM;
     55-    } else {
     56-        /* Look in the configured directory. */
     57-        if (asprintf(&filename, "%s/%s", dir, luser) < 0)
     58-            ret = ENOMEM;
     59-        profile_release_string(dir);
     60-        if (ret)
     61-            return ret;
     62-    }
     63-    *filename_out = filename;
     64-    return 0;
     65-}
     66-
     67-/*
     68  * Determine whether principal is authorized to log in as luser according to
     69  * the user's k5login file.  Return ACCEPT if the k5login file authorizes the
     70  * principal, PASS if the k5login file does not exist, or REJECT if the k5login
     71@@ -93,13 +61,12 @@
     72 static enum result
     73 k5login_ok(krb5_context context, krb5_principal principal, const char *luser)
    3174 {
    32      struct stat sbuf;
    33      struct passwd *pwd;
    34 -    char pbuf[MAXPATHLEN];
    35      krb5_boolean isok = FALSE;
    36      FILE *fp;
    37      char kuser[MAX_USERNAME];
    38 @@ -79,71 +79,35 @@
    39      char linebuf[BUFSIZ];
    40      char *newline;
    41      int gobble;
     75-    int authoritative = TRUE, gobble;
     76+    int authoritative = TRUE;
     77     enum result result = REJECT;
     78-    char *filename = NULL, *princname = NULL;
     79-    char *newline, linebuf[BUFSIZ], pwbuf[BUFSIZ];
     80-    struct stat sbuf;
     81+    char *princname = NULL;
     82+    char pwbuf[BUFSIZ];
     83     struct passwd pwx, *pwd;
     84-    FILE *fp = NULL;
    4285+    int pid, status;
    4386 
    44      /* no account => no access */
    45      char pwbuf[BUFSIZ];
    46      struct passwd pwx;
     87     if (profile_get_boolean(context->profile, KRB5_CONF_LIBDEFAULTS,
     88                             KRB5_CONF_K5LOGIN_AUTHORITATIVE, NULL, TRUE,
     89@@ -110,46 +77,29 @@
    4790     if (k5_getpwnam_r(luser, &pwx, pwbuf, sizeof(pwbuf), &pwd) != 0)
    48         return(FALSE);
    49 -    (void) strncpy(pbuf, pwd->pw_dir, sizeof(pbuf) - 1);
    50 -    pbuf[sizeof(pbuf) - 1] = '\0';
    51 -    (void) strncat(pbuf, "/.k5login", sizeof(pbuf) - 1 - strlen(pbuf));
     91         goto cleanup;
     92 
     93-    if (get_k5login_filename(context, luser, pwd->pw_dir, &filename) != 0)
     94-        goto cleanup;
    5295-
    53 -    if (access(pbuf, F_OK)) {   /* not accessible */
    54 -       /*
    55 -        * if he's trying to log in as himself, and there is no .k5login file,
    56 -        * let him.  To find out, call
    57 -        * krb5_aname_to_localname to convert the principal to a name
    58 -        * which we can string compare.
    59 -        */
    60 -       if (!(krb5_aname_to_localname(context, principal,
    61 -                                     sizeof(kuser), kuser))
    62 -           && (strcmp(kuser, luser) == 0)) {
    63 -           return(TRUE);
    64 -       }
     96-    if (access(filename, F_OK) != 0) {
     97-        result = PASS;
     98-        goto cleanup;
    6599-    }
    66      if (krb5_unparse_name(context, principal, &princname))
    67         return(FALSE);                  /* no hope of matching */
     100-
     101     if (krb5_unparse_name(context, principal, &princname) != 0)
     102         goto cleanup;
    68103 
    69 -    /* open ~/.k5login */
    70 -    if ((fp = fopen(pbuf, "r")) == NULL) {
    71 -       free(princname);
    72 -       return(FALSE);
    73 -    }
     104-    fp = fopen(filename, "r");
     105-    if (fp == NULL)
     106+    if ((pid = fork()) == -1)
     107         goto cleanup;
    74108-    set_cloexec_file(fp);
    75 -    /*
    76 -     * For security reasons, the .k5login file must be owned either by
    77 -     * the user himself, or by root.  Otherwise, don't grant access.
    78 -     */
    79 -    if (fstat(fileno(fp), &sbuf)) {
    80 -       fclose(fp);
    81 -       free(princname);
    82 -       return(FALSE);
    83 +    if ((pid = fork()) == -1) {
    84 +       free(princname);
    85 +       return(FALSE);
     109-
     110-    /* For security reasons, the .k5login file must be owned either by
     111-     * the user or by root. */
     112-    if (fstat(fileno(fp), &sbuf))
     113-        goto cleanup;
     114-    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid))
     115-        goto cleanup;
     116-
     117-    /* Check each line. */
     118-    while (result != ACCEPT && (fgets(linebuf, sizeof(linebuf), fp) != NULL)) {
     119-        newline = strrchr(linebuf, '\n');
     120-        if (newline != NULL)
     121-            *newline = '\0';
     122-        if (strcmp(linebuf, princname) == 0)
     123-            result = ACCEPT;
     124-        /* Clean up the rest of the line if necessary. */
     125-        if (newline == NULL)
     126-            while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     127+   
     128+    if (pid == 0) {
     129+        char *args[4];
     130+#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
     131+        args[0] = ADMOF_PATH;
     132+        args[1] = (char *) luser;
     133+        args[2] = princname;
     134+        args[3] = NULL;
     135+        execv(ADMOF_PATH, args);
     136+        exit(1);
    86137     }
    87 -    if (sbuf.st_uid != pwd->pw_uid && !FILE_OWNER_OK(sbuf.st_uid)) {
    88 -       fclose(fp);
    89 -       free(princname);
    90 -       return(FALSE);
    91 +    if (pid == 0) {
    92 +       char *args[4];
    93 +#define ADMOF_PATH "/usr/local/sbin/ssh-admof"
    94 +       args[0] = ADMOF_PATH;
    95 +       args[1] = (char *) luser;
    96 +       args[2] = princname;
    97 +       args[3] = NULL;
    98 +       execv(ADMOF_PATH, args);
    99 +       exit(1);
    100      }
    101 -
    102 -    /* check each line */
    103 -    while (!isok && (fgets(linebuf, BUFSIZ, fp) != NULL)) {
    104 -       /* null-terminate the input string */
    105 -       linebuf[BUFSIZ-1] = '\0';
    106 -       newline = NULL;
    107 -       /* nuke the newline if it exists */
    108 -       if ((newline = strchr(linebuf, '\n')))
    109 -           *newline = '\0';
    110 -       if (!strcmp(linebuf, princname)) {
    111 -           isok = TRUE;
    112 -           continue;
    113 -       }
    114 -       /* clean up the rest of the line if necessary */
    115 -       if (!newline)
    116 -           while (((gobble = getc(fp)) != EOF) && gobble != '\n');
     138 
    117139+    if (waitpid(pid, &status, 0) > 0 && WIFEXITED(status) && WEXITSTATUS(status) == 33) {
    118 +       isok=TRUE;
    119      }
     140+        result = ACCEPT;
     141+    }
    120142+   
     143 cleanup:
    121144     free(princname);
    122 -    fclose(fp);
    123      return(isok);
     145-    free(filename);
     146-    if (fp != NULL)
     147-        fclose(fp);
     148     /* If k5login files are non-authoritative, never reject. */
     149     return (!authoritative && result == REJECT) ? PASS : result;
    124150 }
    125  
  • trunk/server/common/patches/openafs-scripts.patch

    r1693 r2066  
    44# and Anders Kaseorg <andersk@mit.edu>
    55# and Edward Z. Yang <ezyang@mit.edu>
     6# and Benjamin Kaduk <kaduk@mit.edu>
     7# and Alexander Chernyakhovsky <achernya@mit.edu>
    68#
    79# This file is available under both the MIT license and the GPL.
     
    4345# See /COPYRIGHT in this repository for more information.
    4446#
    45 diff -ur openafs-1.4/src/afs/afs_analyze.c openafs-1.4+scripts/src/afs/afs_analyze.c
    46 --- openafs-1.4/src/afs/afs_analyze.c
    47 +++ openafs-1.4+scripts/src/afs/afs_analyze.c
    48 @@ -585,7 +585,7 @@
    49                          (afid ? afid->Fid.Volume : 0));
    50         }
    51  
    52 -       if (areq->busyCount > 100) {
    53 +       if (1) {
    54             if (aerrP)
    55                 (aerrP->err_Volume)++;
    56             areq->volumeError = VOLBUSY;
    57 diff -ur openafs-1.4/src/afs/LINUX/osi_vnodeops.c openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
    58 --- openafs-1.4/src/afs/LINUX/osi_vnodeops.c
    59 +++ openafs-1.4+scripts/src/afs/LINUX/osi_vnodeops.c
    60 @@ -896,6 +896,28 @@
     47diff --git a/src/afs/LINUX/osi_vnodeops.c b/src/afs/LINUX/osi_vnodeops.c
     48index 7c7705e..0d0e94f 100644
     49--- a/src/afs/LINUX/osi_vnodeops.c
     50+++ b/src/afs/LINUX/osi_vnodeops.c
     51@@ -904,6 +904,28 @@ afs_linux_dentry_revalidate(struct dentry *dp, int flags)
    6152        /* should we always update the attributes at this point? */
    6253        /* unlikely--the vcache entry hasn't changed */
    6354 
    6455+       /* [scripts] This code makes hardlinks work correctly.
    65 +        *
    66 +        * We want Apache to be able to read a file with hardlinks
    67 +        * named .htaccess and foo to be able to read it via .htaccess
    68 +        * and not via foo, regardless of which name was looked up
    69 +        * (remember, inodes do not have filenames associated with them.)
    70 +        *
    71 +        * It is important that we modify the existing cache entry even
    72 +        * if it is otherwise totally valid and would not be reloaded.
    73 +        * Otherwise, it won't recover from repeatedly reading the same
    74 +        * inode via multiple hardlinks or different names.  Specifically,
    75 +        * Apache will be able to read both names if it was first looked
    76 +        * up (by anyone!) via .htaccess, and neither if it was first
    77 +        * looked up via foo.
    78 +        *
    79 +        * With regards to performance, the strncmp() is bounded by
    80 +        * three characters, so it takes O(3) operations.  If this code
    81 +        * is extended to all static-cat extensions, we'll want to do
    82 +        * some clever hashing using gperf here.
    83 +        */
     56+       *
     57+       * We want Apache to be able to read a file with hardlinks
     58+       * named .htaccess and foo to be able to read it via .htaccess
     59+       * and not via foo, regardless of which name was looked up
     60+       * (remember, inodes do not have filenames associated with them.)
     61+       *
     62+       * It is important that we modify the existing cache entry even
     63+       * if it is otherwise totally valid and would not be reloaded.
     64+       * Otherwise, it won't recover from repeatedly reading the same
     65+       * inode via multiple hardlinks or different names.  Specifically,
     66+       * Apache will be able to read both names if it was first looked
     67+       * up (by anyone!) via .htaccess, and neither if it was first
     68+       * looked up via foo.
     69+       *
     70+       * With regards to performance, the strncmp() is bounded by
     71+       * three characters, so it takes O(3) operations.  If this code
     72+       * is extended to all static-cat extensions, we'll want to do
     73+       * some clever hashing using gperf here.
     74+       */
    8475+       vcp->apache_access = strncmp(dp->d_name.name, ".ht", 3) == 0;
    8576+
     77        dput(parent);
    8678     } else {
    8779 #ifdef notyet
    88         pvcp = VTOAFS(dp->d_parent->d_inode);           /* dget_parent()? */
    89 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
    90 --- openafs-1.4/src/afs/VNOPS/afs_vnop_lookup.c
    91 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_lookup.c
    92 @@ -1572,6 +1572,12 @@
     80diff --git a/src/afs/VNOPS/afs_vnop_access.c b/src/afs/VNOPS/afs_vnop_access.c
     81index eabcfeb..6390850 100644
     82--- a/src/afs/VNOPS/afs_vnop_access.c
     83+++ b/src/afs/VNOPS/afs_vnop_access.c
     84@@ -130,6 +130,15 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     85            dirBits = PRSFS_LOOKUP | PRSFS_READ;
     86            return (arights == (dirBits & arights));
     87        }
     88+       if ( areq->uid == globalpag &&
     89+           !(areq->realuid == avc->f.fid.Fid.Volume) &&
     90+           !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     91+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
     92+           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
     93+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     94+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     95+           return 0;
     96+       }
     97        return (arights == afs_GetAccessBits(avc, arights, areq));
     98     } else {
     99        /* some rights come from dir and some from file.  Specifically, you
     100@@ -183,6 +192,19 @@ afs_AccessOK(struct vcache *avc, afs_int32 arights, struct vrequest *areq,
     101                    fileBits |= PRSFS_READ;
     102            }
     103        }
     104+
     105+       if ( areq->uid == globalpag &&
     106+           !(areq->realuid == avc->f.fid.Fid.Volume) &&
     107+           !((avc->f.anyAccess | arights) == avc->f.anyAccess) &&
     108+           !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
     109+           !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
     110+           !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
     111+               (avc->f.m.Mode == 0100777 || avc->apache_access)) &&
     112+           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
     113+           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
     114+           return 0;
     115+       }
     116+
     117        return ((fileBits & arights) == arights);       /* true if all rights bits are on */
     118     }
     119 }
     120diff --git a/src/afs/VNOPS/afs_vnop_attrs.c b/src/afs/VNOPS/afs_vnop_attrs.c
     121index b3931e5..71ef05c 100644
     122--- a/src/afs/VNOPS/afs_vnop_attrs.c
     123+++ b/src/afs/VNOPS/afs_vnop_attrs.c
     124@@ -88,8 +88,8 @@ afs_CopyOutAttrs(struct vcache *avc, struct vattr *attrs)
     125        }
     126     }
     127 #endif /* AFS_DARWIN_ENV */
     128-    attrs->va_uid = fakedir ? 0 : avc->f.m.Owner;
     129-    attrs->va_gid = fakedir ? 0 : avc->f.m.Group;      /* yeah! */
     130+    attrs->va_uid = fakedir ? 0 : avc->f.fid.Fid.Volume;
     131+    attrs->va_gid = (avc->f.m.Owner == DAEMON_SCRIPTS_PTSID ? avc->f.m.Group : avc->f.m.Owner);
     132 #if defined(AFS_SUN56_ENV)
     133     attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
     134 #elif defined(AFS_DARWIN80_ENV)
     135diff --git a/src/afs/VNOPS/afs_vnop_lookup.c b/src/afs/VNOPS/afs_vnop_lookup.c
     136index 8e7af1c..7e984e9 100644
     137--- a/src/afs/VNOPS/afs_vnop_lookup.c
     138+++ b/src/afs/VNOPS/afs_vnop_lookup.c
     139@@ -1877,6 +1877,12 @@ afs_lookup(OSI_VC_DECL(adp), char *aname, struct vcache **avcp, afs_ucred_t *acr
    93140     }
    94141 
    95142   done:
    96143+    if (tvc) {
    97 +       /* [scripts] check Apache's ability to read this file, so that
    98 +        * we can figure this out on an access() call */
    99 +       tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
     144+    /* [scripts] check Apache's ability to read this file, so that
     145+    * we can figure this out on an access() call */
     146+    tvc->apache_access = strncmp(aname, ".ht", 3) == 0;
    100147+    }
    101148+
     
    103150     if (tname != aname && tname)
    104151        osi_FreeLargeSpace(tname);
    105 diff -ur openafs-1.4/src/afs/afs.h openafs-1.4+scripts/src/afs/afs.h
    106 --- openafs-1.4/src/afs/afs.h
    107 +++ openafs-1.4+scripts/src/afs/afs.h
    108 @@ -208,8 +208,16 @@
    109  #define QTOC(e)            QEntry(e, struct cell, lruq)
    110  #define QTOVH(e)    QEntry(e, struct vcache, vhashq)
     152diff --git a/src/afs/afs.h b/src/afs/afs.h
     153index fcc4c70..0d53af6 100644
     154--- a/src/afs/afs.h
     155+++ b/src/afs/afs.h
     156@@ -233,8 +233,16 @@ struct afs_slotlist {
     157     struct afs_slotlist *next;
     158 };
    111159 
    112160+#define AFSAGENT_UID (101)
     
    123171     afs_int32 flags;           /* things like O_SYNC, O_NONBLOCK go here */
    124172     char initd;                        /* if non-zero, Error fields meaningful */
    125 @@ -743,6 +751,7 @@
     173@@ -887,6 +895,7 @@ struct vcache {
    126174 #ifdef AFS_SUN5_ENV
    127      short multiPage;           /* count of multi-page getpages in progress */
     175     struct afs_q multiPage;    /* list of multiPage_range structs */
    128176 #endif
    129177+    int apache_access;         /* whether or not Apache has access to a file */
     
    131179 
    132180 #define        DONT_CHECK_MODE_BITS    0
    133 diff -ur openafs-1.4/src/afs/afs_osi_pag.c openafs-1.4+scripts/src/afs/afs_osi_pag.c
    134 --- openafs-1.4/src/afs/afs_osi_pag.c
    135 +++ openafs-1.4+scripts/src/afs/afs_osi_pag.c
    136 @@ -49,6 +49,8 @@
     181diff --git a/src/afs/afs_analyze.c b/src/afs/afs_analyze.c
     182index 1834e6d..673a8e6 100644
     183--- a/src/afs/afs_analyze.c
     184+++ b/src/afs/afs_analyze.c
     185@@ -368,7 +368,7 @@ afs_Analyze(struct afs_conn *aconn, afs_int32 acode,
     186                         (afid ? afid->Fid.Volume : 0));
     187        }
     188 
     189-       if (areq->busyCount > 100) {
     190+       if (1) {
     191            if (aerrP)
     192                (aerrP->err_Volume)++;
     193            areq->volumeError = VOLBUSY;
     194diff --git a/src/afs/afs_osi_pag.c b/src/afs/afs_osi_pag.c
     195index c888605..ff5cf2d 100644
     196--- a/src/afs/afs_osi_pag.c
     197+++ b/src/afs/afs_osi_pag.c
     198@@ -49,6 +49,8 @@ afs_uint32 pagCounter = 0;
    137199 #endif
    138200 /* Local variables */
     
    143205  * Pags are implemented as follows: the set of groups whose long
    144206  * representation is '41XXXXXX' hex are used to represent the pags.
    145 @@ -449,6 +451,15 @@
    146         av->uid = acred->cr_ruid;       /* default when no pag is set */
     207@@ -484,6 +486,15 @@ afs_InitReq(struct vrequest *av, afs_ucred_t *acred)
     208        av->uid = afs_cr_uid(acred);    /* default when no pag is set */
    147209 #endif
    148210     }
    149211+
    150 +    av->realuid = acred->cr_ruid;
    151 +    if(!globalpag && acred->cr_ruid == AFSAGENT_UID) {
     212+    av->realuid = afs_cr_uid(acred);
     213+    if(!globalpag && av->realuid == AFSAGENT_UID) {
    152214+      globalpag = av->uid;
    153215+    }
    154 +    else if (globalpag && av->uid == acred->cr_ruid) {
     216+    else if (globalpag && av->uid == av->realuid) {
    155217+      av->uid = globalpag;
    156218+    }
     
    159221 }
    160222 
    161 diff -ur openafs-1.4/src/afs/afs_pioctl.c openafs-1.4+scripts/src/afs/afs_pioctl.c
    162 --- openafs-1.4/src/afs/afs_pioctl.c
    163 +++ openafs-1.4+scripts/src/afs/afs_pioctl.c
    164 @@ -1221,6 +1221,10 @@
    165      struct AFSFetchStatus OutStatus;
     223diff --git a/src/afs/afs_pioctl.c b/src/afs/afs_pioctl.c
     224index f282510..00f1360 100644
     225--- a/src/afs/afs_pioctl.c
     226+++ b/src/afs/afs_pioctl.c
     227@@ -1406,6 +1406,10 @@ DECL_PIOCTL(PSetAcl)
     228     struct rx_connection *rxconn;
    166229     XSTATS_DECLS;
    167230 
    168231+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
    169 +      return EACCES;
     232+       return EACCES;
    170233+    }
    171234+
     
    173236     if (!avc)
    174237        return EINVAL;
    175 @@ -1441,6 +1445,10 @@
     238@@ -1790,6 +1794,10 @@ DECL_PIOCTL(PSetTokens)
    176239     struct vrequest treq;
    177240     afs_int32 flag, set_parent_pag = 0;
     
    184247     if (!afs_resourceinit_flag) {
    185248        return EIO;
    186 @@ -1800,6 +1808,10 @@
    187      afs_int32 iterator;
     249@@ -2231,6 +2239,11 @@ DECL_PIOCTL(PGetTokens)
    188250     int newStyle;
     251     int code = E2BIG;
    189252 
    190253+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID &&
    191 +       areq->realuid != 0 && areq->realuid != SIGNUP_UID)
     254+       areq->realuid != 0 && areq->realuid != SIGNUP_UID) {
    192255+       return EDOM;
     256+    }
    193257+
    194258     AFS_STATCNT(PGetTokens);
    195259     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    196260        return EIO;             /* Inappropriate ioctl for device */
    197 @@ -1883,6 +1895,10 @@
    198      register afs_int32 i;
    199      register struct unixuser *tu;
     261@@ -2341,6 +2354,10 @@ DECL_PIOCTL(PUnlog)
     262     afs_int32 i;
     263     struct unixuser *tu;
    200264 
    201265+    if (areq->uid == globalpag && areq->realuid != AFSAGENT_UID) {
     
    206270     if (!afs_resourceinit_flag)        /* afs daemons haven't started yet */
    207271        return EIO;             /* Inappropriate ioctl for device */
    208 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_access.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    209 --- openafs-1.4/src/afs/VNOPS/afs_vnop_access.c
    210 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_access.c
    211 @@ -118,6 +118,17 @@
    212  
    213      if ((vType(avc) == VDIR) || (avc->states & CForeign)) {
    214         /* rights are just those from acl */
    215 +
    216 +      if ( areq->uid == globalpag &&
    217 +           !(areq->realuid == avc->fid.Fid.Volume) &&
    218 +           !((avc->anyAccess | arights) == avc->anyAccess) &&
    219 +           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == HTTPD_UID) &&
    220 +           !(((arights & ~(PRSFS_LOOKUP|PRSFS_READ)) == 0) && areq->realuid == POSTFIX_UID) &&
    221 +           !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    222 +           !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
    223 +         return 0;
    224 +      }
    225 +
    226         return (arights == afs_GetAccessBits(avc, arights, areq));
    227      } else {
    228         /* some rights come from dir and some from file.  Specifically, you
    229 @@ -171,6 +182,19 @@
    230                     fileBits |= PRSFS_READ;
    231             }
    232         }
    233 +       
    234 +        if ( areq->uid == globalpag &&
    235 +             !(areq->realuid == avc->fid.Fid.Volume) &&
    236 +             !((avc->anyAccess | arights) == avc->anyAccess) &&
    237 +             !(arights == PRSFS_LOOKUP && areq->realuid == HTTPD_UID) &&
    238 +             !(arights == PRSFS_LOOKUP && areq->realuid == POSTFIX_UID) &&
    239 +             !(arights == PRSFS_READ && areq->realuid == HTTPD_UID &&
    240 +                 (avc->m.Mode == 0100777 || avc->apache_access)) &&
    241 +             !(areq->realuid == 0 && PRSFS_USR3 == afs_GetAccessBits(avc, PRSFS_USR3, areq)) &&
    242 +             !((areq->realuid == 0 || areq->realuid == SIGNUP_UID) && PRSFS_USR4 == afs_GetAccessBits(avc, PRSFS_USR4, areq)) ) {
    243 +           return 0;
    244 +        }
    245 +
    246         return ((fileBits & arights) == arights);       /* true if all rights bits are on */
    247      }
    248  }
    249 diff -ur openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    250 --- openafs-1.4/src/afs/VNOPS/afs_vnop_attrs.c
    251 +++ openafs-1.4+scripts/src/afs/VNOPS/afs_vnop_attrs.c
    252 @@ -87,8 +87,8 @@
    253         }
    254      }
    255  #endif /* AFS_DARWIN_ENV */
    256 -    attrs->va_uid = fakedir ? 0 : avc->m.Owner;
    257 -    attrs->va_gid = fakedir ? 0 : avc->m.Group;        /* yeah! */
    258 +    attrs->va_uid = fakedir ? 0 : avc->fid.Fid.Volume;
    259 +    attrs->va_gid = (avc->m.Owner == DAEMON_SCRIPTS_PTSID ? avc->m.Group : avc->m.Owner);
    260  #if defined(AFS_SUN56_ENV)
    261      attrs->va_fsid = avc->v.v_vfsp->vfs_fsid.val[0];
    262  #elif defined(AFS_OSF_ENV)
  • trunk/server/doc/install-fedora

    r1698 r2066  
    66    lvcreate -n $MACHINE-root --size 50.00G $HOST
    77    lvcreate -n $MACHINE-swap --size 10.00G $HOST
     8    lvcreate -n $MACHINE-cache --size 11.00G $HOST
     9
     10/-------------------------------------------------------------------\
     11    Note: If you need to manually format the the swap and cache
     12    partitions (for example, you are migrating a host from 'migrate'),
     13    these commands should work.  If in doubt, consult the kickstart.
     14
     15        # Use fdisk to generate a DOS partition table, and a single
     16        # partition extending the entire volume.
     17        fdisk /dev/$HOST/$MACHINE-swap
     18        fdisk /dev/$HOST/$MACHINE-cache
     19        # Figure out what kpartx is going to make the devices as
     20        # (e.g. $SWAP_DEV and $CACHE_DEV)
     21        kpartx -l /dev/$HOST/$MACHINE-swap
     22        kpartx -l /dev/$HOST/$MACHINE-cache
     23        # Read out the partition tables
     24        kpartx -a /dev/$HOST/$MACHINE-swap
     25        kpartx -a /dev/$HOST/$MACHINE-cache
     26
     27        # FORMAT!
     28        mkswap $SWAP_DEV
     29        mkfs.ext4 -O ^has_journal -m 0 -N 1000000 $CACHE_DEV
     30
     31        # Remove the devices
     32        kpartx -d /dev/$HOST/$MACHINE-swap
     33        kpartx -d /dev/$HOST/$MACHINE-cache
     34\-------------------------------------------------------------------/
     35
     36Make sure that the console has an entry for this host:
     37
     38    vim /etc/conserver/conserver.cf
     39
     40If it doesn't, add:
     41
     42    console $MACHINE {
     43        master $HOST;
     44        include xen;
     45    }
    846
    947We use Kickstart to to initial Fedora configuration.  Installing a new
  • trunk/server/doc/install-howto.sh

    r1961 r2066  
    77# [WIZARD]     Semi-production server that will only have
    88#              daemon.scripts-security-upd bits, among other
    9 #              restricted permissions bits, among other
    10 #              restricted permissions bits, among other
    11 #              restricted permissions bits, among other
    129#              restricted permissions
    1310# [TESTSERVER] Completely untrusted server
    14 
    15 set -e -x
    16 
    17 # Some commands should be run as the scripts-build user, not root.
    18 
    19 alias asbuild="sudo -u scripts-build"
    20 
    21 # Old versions of this install document advised setting
    22 # NSS_NONLOCAL_IGNORE=1 anytime you're setting up anything, e.g. using
    23 # yum, warning that useradd will query LDAP in a stupid way that makes
    24 # it hang forever.  As of Fedora 13, this does not seem to be a problem,
    25 # so it's been removed from the instructions.  If an install is hanging,
    26 # though, try adding NSS_NONLOCAL_IGNORE.
    2711
    2812# This is actually just "pick an active scripts server".  It can't be
     
    4125server=YOUR-SERVER-NAME-HERE
    4226
    43 # Start with a Scripts kickstarted install of Fedora (install-fedora)
    44 
    45 # Take updates, reboot if there's a kernel update.
    46     yum update -y
    47 
    48 # Get rid of network manager
    49     yum remove NetworkManager
    50 
    51 # Copy over root's dotfiles from one of the other machines.
    52 # Perhaps a useful change is to remove the default aliases
    53     cd /root
    54     ls -l .bashrc
    55     ls -l .screenrc
    56     ls -l .ssh
    57     ls -l .vimrc
    58     ls -l .k5login
    59     # [PRODUCTION] This rc file has sensitive data on it and should only
    60     # be pushed onto production servers.
    61     ls -l .ldapvirc
    62     # Trying to scp from server to server won't work, as scp
    63     # will attempt to negotiate a server-to-server connection.
    64     # Instead, scp to your trusted machine as a temporary file,
    65     # and then push to the other server
    66 scp -r root@$source_server:~/{.bashrc,.screenrc,.ssh,.vimrc,.k5login} .
    67 scp -r {.bashrc,.screenrc,.ssh,.vimrc,.k5login} root@$server:~
    68 # [PRODUCTION]
    69 scp root@$source_server:~/.ldapvirc .
    70 scp .ldapvirc root@$server:~
    71 
    72 # Install the initial set of credentials (to get Kerberized logins once
    73 # krb5 is installed).  Otherwise, SCP'ing things in will be annoying.
    74 #   o Install the machine keytab.
    75     ls -l /etc/krb5.keytab
    76 #     Use ktutil to combine the host/scripts.mit.edu and
    77 #     host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
    78 #     the keytab.  Do not use 'k5srvutil change' on the combined keytab
    79 #     or you'll break the other servers. (real servers only).  Be
    80 #     careful about writing out the keytab: if you write it to an
    81 #     existing file the keys will just get appended.  The correct
    82 #     credential list should look like:
    83 #       ktutil:  l
    84 #       slot KVNO Principal
    85 #       ---- ---- ---------------------------------------------------------------------
    86 #          1    5 host/old-faithful.mit.edu@ATHENA.MIT.EDU
    87 #          2    3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU
    88 #          3    2      host/scripts.mit.edu@ATHENA.MIT.EDU
    89 #   o [PRODUCTION] Replace the ssh host keys with the ones common to all
    90 #     scripts servers (real servers only)
    91     ls -l /etc/ssh/*key*
    92 #     You can do that with:
    93 scp root@$source_server:/etc/ssh/*key* .
    94 scp *key* root@$server:/etc/ssh/
    95     service sshd reload
    96 
    97 # Check out the scripts /etc configuration
    98     # backslash to make us not use the alias
    99     cd /root
    100     \cp -a etc /
    101     chmod 0440 /etc/sudoers
    102 
     27# ----------------------------->8--------------------------------------
     28#                       FIRST TIME INSTRUCTIONS
     29#
    10330# [PRODUCTION] If this is the first time you've installed this hostname,
    10431# you will need to update a bunch of files to add support for it. These
     
    12047#   o Set up Nagios monitoring on sipb-noc for the host
    12148#   o Set up the host as in the pool on r-b/r-b /etc/heartbeat/ldirectord.cf
    122     XXX TODO COMMANDS
    123 
    124 # NOTE: You will have just lost DNS resolution and the ability
    125 # to do password SSH in.  If you managed to botch this step without
    126 # having named setup, you can do a quick fix by frobbing /etc/resolv.conf
    127 # with a non 127.0.0.1 address for the DNS server.  Be sure to revert it once
    128 # you have named.
    129 
    130 # NOTE: You can get password SSH back by editing /etc/ssh/sshd_config (allow
    131 # password auth) and /etc/pam.d/sshd (comment out the first three auth
    132 # lines).  However, you should have the Kerberos credentials in place
    133 # so as soon as you install the full set of Scripts packages, you'll get
    134 # Kerberized logins.
    135 
    136 # Make sure network is working.  If this is a new server name, you'll
    137 # need to add it to /etc/hosts and
    138 # /etc/sysconfig/network-scripts/route-eth1.  Kickstart should have
     49#   o Update locker/etc/known_hosts
     50#
     51# You will also need to prepare the keytabs for credit-card.  In particular,
     52# use ktutil to combine the host/scripts.mit.edu and
     53# host/scripts-vhosts.mit.edu keys with host/this-server.mit.edu in
     54# the keytab.  Do not use 'k5srvutil change' on the combined keytab
     55# or you'll break the other servers. (real servers only).  Be
     56# careful about writing out the keytab: if you write it to an
     57# existing file the keys will just get appended.  The correct
     58# credential list should look like:
     59#   ktutil:  l
     60#   slot KVNO Principal
     61#   ---- ---- ---------------------------------------------------------------------
     62#      1    5 host/old-faithful.mit.edu@ATHENA.MIT.EDU
     63#      2    3 host/scripts-vhosts.mit.edu@ATHENA.MIT.EDU
     64#      3    2      host/scripts.mit.edu@ATHENA.MIT.EDU
     65#
     66# The LDAP keytab should be by itself, so be sure to delete it and
     67# put it in its own file.
     68
     69# ----------------------------->8--------------------------------------
     70#                      INFINITE INSTALLATION
     71
     72# Start with a Scripts kickstarted install of Fedora (install-fedora)
     73
     74# Take updates, reboot if there's a kernel update.
     75    yum update -y
     76
     77# Get rid of network manager (XXX figure out to make kickstarter do
     78# this for us)
     79    yum remove NetworkManager
     80
     81# Make sure sendmail isn't installed
     82    yum remove sendmail
     83
     84# Check out the scripts /etc configuration
     85    cd /root
     86    \cp -a etc /
     87    chmod 0440 /etc/sudoers
     88
     89# Make sure network is working.  Kickstart should have
    13990# configured eth0 and eth1 correctly; use service network restart
    140 # to add the new routes in route-eth1.
    141     service network restart
     91# to add the new routes from etc in route-eth1.
     92    systemctl restart network.service
     93    # Check everything worked:
    14294    route
    14395    ifconfig
     
    151103    # Some of these packages are naughty and clobber some of our files
    152104    cd /etc
    153     svn revert resolv.conf hosts sysconfig/openafs
     105    svn revert resolv.conf hosts sysconfig/openafs nsswitch.conf
    154106
    155107# Replace rsyslog with syslog-ng by doing:
    156108    rpm -e --nodeps rsyslog
    157109    yum install -y syslog-ng
    158     chkconfig syslog-ng on
    159 
    160 # [PRODUCTION/WIZARD] Fix the openafs /usr/vice/etc <-> /etc/openafs
    161 # mapping.
    162     echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
    163     echo "athena.mit.edu" > /usr/vice/etc/ThisCell
    164 
    165 # [TESTSERVER] If you're installing a test server, this needs to be
    166 # much smaller; the max filesize on XVM is 10GB.  Pick something like
    167 # 500000. Also, some of the AFS parameters are kind of retarded (and if
    168 # you're low on disk space, will actually exhaust our inodes).  Edit
    169 # these parameters in /etc/sysconfig/openafs
    170     echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo
    171     XXX TODO COMMANDS
    172 
    173 # Test that zephyr is working
    174     chkconfig zhm on
    175     service zhm start
    176     echo 'Test!' | zwrite -d -c scripts -i test
     110    systemctl enable syslog-ng.service
    177111
    178112# Install the full list of RPMs that users expect to be on the
     
    184118# it can't install /one/ package.
    185119    yum install -y --skip-broken $(cat packages.txt)
    186 
    187 # Make sure sendmail isn't installed
    188     yum remove sendmail
    189120
    190121# Check which packages are installed on your new server that are not
     
    204135# explicit versions.  So temporarily rpm -e the package, and then
    205136# install it again after you install haskell-platform.  [Note: You
    206 # probably won't need this in Fedora 15 or something, when the Haskell
     137# probably won't need this in Fedora 17 or something, when the Haskell
    207138# Platform gets updated.]
    208139    rpm -e ghc-cgi-devel ghc-cgi
     
    212143    rpm -i ghc-cgi*1.8.1*.rpm
    213144
    214 # Check out the scripts /usr/vice/etc configuration
    215     cd /root/vice
    216     \cp -a etc /usr/vice
     145# ----------------------------->8--------------------------------------
     146#                      SPHEROID SHENANIGANS
     147
     148# Note: Since ultimately we'd like to move away from using per-language
     149# package manager and all of these be RPMs, it is of questionable
     150# importance how much /good/ automation for these is necessary.
     151
     152# Warning: For a new release, we're supposed to check if Fedora has
     153# packaged up the RPM.  Unfortunately we don't really have good incants
     154# for this.
    217155
    218156# Install the full list of perl modules that users expect to be on the
     
    242180#   want to be able to write to ~/.python-eggs.  (Also makes sourcediving
    243181#   easier.)
    244 cat /usr/lib/python2.6/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt
     182# 'easy_install AuthKit jsonlib2 pygit'
     183cat /usr/lib/python2.7/site-packages/easy-install.pth | grep "^./" | cut -c3- | cut -f1 -d- > egg.txt
    245184    cat egg.txt | xargs easy_install -Z
     185
    246186# - Look at `gem list` for Ruby gems.
    247187#   Again, use 'yum search' and prefer RPMs, but failing that, 'gem install'.
    248188#       ezyang: rspec-rails depends on rspec, and will override the Yum
    249189#       package, so... don't use that RPM yet
     190# XXX This doesn't do the right thing for old version gems
    250191gem list --no-version > gem.txt
    251192    gem install $(gem list --no-version | grep -Fxvf - gem.txt)
     193    # Also, we need to install the old rails version
     194    gem install -v=2.3.5 rails
     195
    252196# - Look at `pear list` for Pear fruits (or whatever they're called).
    253197#   Yet again, 'yum search' for RPMs before resorting to 'pear install'.  Note
     
    258202    pear channel-update pear.php.net
    259203    pear install $(pear list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pear.txt)
     204
    260205# - Look at `pecl list` for PECL things.  'yum search', and if you must,
    261206#   'pecl install' needed items. If it doesn't work, try 'pear install
     
    264209    pecl install --nodeps $(pecl list | tail -n +4 | cut -f 1 -d " " | grep -Fxvf - pecl.txt)
    265210
    266 # Setup some Python config
    267     echo 'import site, os.path; site.addsitedir(os.path.expanduser("~/lib/python2.6/site-packages"))' > /usr/lib/python2.6/site-packages/00scripts-home.pth
    268 
    269 # [PRODUCTION] Install the credentials.  There are a lot of things to
    270 # remember here.  Be sure to make sure the permissions match up (ls -l
    271 # on an existing server!).
    272 scp root@$source_server:{/etc/{sql-mit-edu.cfg.php,pki/tls/private/scripts.key,signup-ldap-pw,whoisd-password},/home/logview/.k5login} .
    273 scp signup-ldap-pw whoisd-password sql-mit-edu.cfg.php root@$server:/etc
    274 scp scripts.key root@$server:/etc/pki/tls/private
    275 scp .k5login root@$server:/home/logview
    276 #   o The SSL cert private key (real servers only)
    277     ls -l /etc/pki/tls/private/scripts.key
    278 #   o The LDAP password for the signup process (real servers only)
    279     ls -l /etc/signup-ldap-pw
    280 #   o The whoisd password (real servers only)
    281     ls -l /etc/whoisd-password
    282 #   o Make sure logview's .k5login is correct (real servers only)
    283     cat /home/logview/.k5login
    284 
    285 # All types of servers will have an /etc/daemon.keytab file, however,
    286 # different types of server will have different credentials in this
    287 # keytab.
    288 #   [PRODUCTION] daemon.scripts
    289 #   [WIZARD]     daemon.scripts-security-upd
    290 #   [TESTSERVER] daemon.scripts-test
    291 k5srvutil list -f daemon.keytab
    292 scp daemon.keytab root@$server:/etc
    293     chown afsagent:afsagent /etc/daemon.keytab
    294 #   o The daemon.scripts keytab (will be daemon.scripts-test for test)
    295     ls -l /etc/daemon.keytab
    296 
    297 # Spin up OpenAFS.  This will fail if there's been a new kernel since
    298 # when you last tried.  In that case, you can hold on till later to
    299 # start OpenAFS.  This will take a little bit of time;
    300     service openafs-client start
    301 # Then, check that fs sysname is correct.  You should see, among others,
    302 # 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's not, you
    303 # probably did a distro upgrade and should update /etc/sysconfig/openafs.
     211# ----------------------------->8--------------------------------------
     212#                       INFINITE CONFIGURATION
     213
     214# Create fedora-ds user (needed for credit-card)
     215useradd -u 103 -r -d /var/lib/dirsrv fedora-ds
     216
     217# Run credit-card to clone in credentials and make things runabble
     218python host.py push $server
     219
     220# This is superseded by credit-card, but only for [PRODUCTION]
     221# Don't use credit-card on [WIZARD]: it will put in the wrong creds!
     222#
     223#   # All types of servers will have an /etc/daemon.keytab file, however,
     224#   # different types of server will have different credentials in this
     225#   # keytab.
     226#   #   [PRODUCTION] daemon.scripts
     227#   #   [WIZARD]     daemon.scripts-security-upd
     228#   #   [TESTSERVER] daemon.scripts-test
     229
     230# [PRODUCTION/WIZARD] Fix the openafs /usr/vice/etc <-> /etc/openafs
     231# mapping.
     232    echo "/afs:/usr/vice/cache:10000000" > /usr/vice/etc/cacheinfo
     233    echo "athena.mit.edu" > /usr/vice/etc/ThisCell
     234# [TESTSERVER] If you're installing a test server, this needs to be
     235# much smaller; the max filesize on XVM is 10GB.  Pick something like
     236# 500000. Also, some of the AFS parameters are kind of retarded (and if
     237# you're low on disk space, will actually exhaust our inodes).  Edit
     238# these parameters in /etc/sysconfig/openafs (but wait, that won't
     239# work, will it...)
     240    echo "/afs:/usr/vice/cache:500000" > /usr/vice/etc/cacheinfo
     241    vim /etc/sysconfig/openafs
     242
     243# Test that zephyr is working
     244    systemctl enable zhm.service
     245    systemctl start zhm.service
     246    echo 'Test!' | zwrite -d -c scripts -i test
     247
     248# Check out the scripts /usr/vice/etc configuration
     249    cd /root/vice
     250    \cp -a etc /usr/vice
     251
     252# [PRODUCTION] Set up replication (see ./install-ldap).
     253# You'll need the LDAP keytab for this server: be sure to chown it
     254# fedora-ds after you create the fedora-ds user
     255    ls -l /etc/dirsrv/keytab
     256    cat install-ldap
     257
     258# Enable lots of services
     259    systemctl enable openafs-client.service
     260    systemctl enable dirsrv.service
     261    systemctl enable nslcd.service
     262    systemctl enable nscd.service
     263    systemctl enable postfix.service
     264    systemctl enable nrpe.service
     265    systemctl enable httpd.service # not for [WIZARD]
     266
     267    systemctl start openafs-client.service
     268    systemctl start dirsrv.service
     269    systemctl start nslcd.service
     270    systemctl start nscd.service
     271    systemctl start postfix.service
     272    systemctl start nrpe.service
     273    systemctl start httpd.service # not for [WIZARD]
     274
     275# Note about OpenAFS: Check that fs sysname is correct.  You should see,
     276# among others, 'amd64_fedoraX_scripts' (vary X) and 'scripts'. If it's
     277# not, you probably did a distro upgrade and should update
     278# /etc/sysconfig/openafs (XXX this is wrong: figuring out new
     279# systemd world order).
    304280    fs sysname
     281
     282# Postfix doesn't actually deliver mail; fix this
     283    cd /etc/postfix
     284    postmap virtual
     285
     286# Munin might not be monitoring packages that were installed after it
     287    munin-node-configure --suggest --shell | sh
     288
     289# Run fmtutil-sys --all, which does something that makes TeX work.
     290# (Note: this errors on XeTeX which is ok.)
     291    fmtutil-sys --all
     292
     293# Ensure that PHP isn't broken:
     294    mkdir /tmp/sessions
     295    chmod 01777 /tmp/sessions
     296    # XXX: this seems to get deleted if tmp gets cleaned up, so we
     297    # might need something a little better (maybe init script.)
     298
     299# Fix etc by making sure none of our config files got overwritten
     300    cd /etc
     301    svn status -q
     302    # Some usual candidates for clobbering include nsswitch.conf,
     303    # resolv.conf and sysconfig/openafs
     304    # [WIZARD/TEST] Remember that changes you made should not get
     305    # reverted!
     306
     307# Reboot the machine to restore a consistent state, in case you
     308# changed anything. (Note: Starting kdump fails (this is ok))
     309
     310# When all is said and done, fix up the Subversion checkouts
     311    cd /etc
     312    svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     313    cd /usr/vice/etc
     314    svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     315    cd /srv/repository
     316    # Some commands should be run as the scripts-build user, not root.
     317    alias asbuild="sudo -u scripts-build"
     318    asbuild svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
     319    asbuild svn up # verify scripts.mit.edu works
     320
     321# ------------------------------->8-------------------------------
     322#                ADDENDA AND MISCELLANEOUS THINGS
     323
     324# [OPTIONAL] Your machine's hostname is baked in at install time;
     325# in the rare case you need to change it: it appears to be in:
     326#   o /etc/sysconfig/network
     327#   o your lvm thingies; probably don't need to edit
    305328
    306329# [WIZARD/TESTSERVER] If you are setting up a non-production server,
     
    337360    vim /home/afsagent/renew # replace all mentions of daemon.scripts.mit.edu
    338361
    339 # [PRODUCTION] Set up replication (see ./install-ldap).
    340 # You'll need the LDAP keytab for this server: be sure to chown it
    341 # fedora-ds after you create the fedora-ds user
    342     ls -l /etc/dirsrv/keytab
    343     cat install-ldap
    344 
    345 # Make the services dirsrv, nslcd, nscd, postfix, and httpd start at
    346 # boot. Run chkconfig to make sure the set of services to be run is
    347 # correct.
    348     service nslcd start
    349     service nscd start
    350     service postfix start
    351     chkconfig nslcd on
    352     chkconfig nscd on
    353     chkconfig postfix on
    354 
    355 # [PRODUCTION]
    356     chkconfig dirsrv on
    357 
    358 # [PRODUCTION/TESTSERVER]
    359 # (Maybe WIZARD too once we start doing strange things to autoupgrade
    360 # installs behind firewalls.)
    361     service httpd start # will fail if AFS is not running
    362     chkconfig httpd on
    363 
    364 # nrpe is required for nagios alerts
    365     chkconfig nrpe on
    366 
    367 # [PRODUCTION] Check sql user credentials (needs to be done after LDAP
    368 # is setup)
    369     chown sql /etc/sql-mit-edu.cfg.php
    370 
    371 # Postfix doesn't actually deliver mail; fix this
    372     cd /etc/postfix
    373     postmap virtual
    374 
    375 # Munin might not be monitoring packages that were installed after it
    376     munin-node-configure --suggest --shell | sh
    377 
    378 # Run fmtutil-sys --all, which does something that makes TeX work.
    379 # (Note: this errors on XeTeX which is ok.)
    380     fmtutil-sys --all
    381 
    382 # Ensure that PHP isn't broken:
    383     mkdir /tmp/sessions
    384     chmod 01777 /tmp/sessions
    385     # XXX: this seems to get deleted if tmp gets cleaned up, so we
    386     # might need something a little better (maybe init script.)
    387 
    388 # Ensure fcgid isn't broken (should be 755)
    389     ls -ld /var/run/mod_fcgid
    390 
    391 # Fix etc by making sure none of our config files got overwritten
    392     cd /etc
    393     svn status -q
    394     # Some usual candidates for clobbering include nsswitch.conf and
    395     # sysconfig/openafs
    396     # [WIZARD/TEST] Remember that changes you made should not get
    397     # reverted!
    398 
    399 # ThisCell got clobbered, replace it with athena.mit.edu
    400     echo "athena.mit.edu" > /usr/vice/etc/ThisCell
    401 
    402 # Reboot the machine to restore a consistent state, in case you
    403 # changed anything. (Note: Starting kdump fails (this is ok))
    404 
    405 # [OPTIONAL] Your machine's hostname is baked in at install time;
    406 # in the rare case you need to change it: it appears to be in:
    407 #   o /etc/sysconfig/network
    408 #   o your lvm thingies; probably don't need to edit
    409 
    410362# [TESTERVER]
    411363#   - You need a self-signed SSL cert or Apache will refuse to start
     
    420372#     be an accepted vhost name
    421373#   - Look at the old test server and see what config changes are floating around
    422 
    423 # XXX: our SVN checkout should be updated to use scripts.mit.edu
    424 # (repository and etc) once serving actually works.
    425     cd /etc
    426     svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
    427     cd /usr/vice/etc
    428     svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
    429     cd /srv/repository
    430     asbuild svn switch --relocate svn://$source_server/ svn://scripts.mit.edu/
    431     asbuild svn up # verify scripts.mit.edu works
  • trunk/server/doc/install-ldap

    r1986 r2066  
    1 To set up a new LDAP server:
    2 
    3 - Install the RPM 389-ds-base with yum (these are installed by kickstart
    4   these days, so these two steps are probably not necessary)
    5   root# yum install -y 389-ds-base
    6   root# yum install -y policycoreutils-python
    7   root# yum install -y ldapvi
    8 - We want to run the directory server as its own user, so create fedora-ds
    9   root# useradd -r -d /var/lib/dirsrv fedora-ds
    10 - Temporarily move away the existing slapd-scripts folder
    11   root# mv /etc/dirsrv/slapd-scripts{,.bak}
    12 - root# /usr/sbin/setup-ds.pl
    13     - Choose a typical install
    14     - Tell it to use the fedora-ds user and group
    15     - Directory server identifier: scripts
    16         Needed to remove this from the config file first
    17     - Suffix: dc=scripts,dc=mit,dc=edu
    18     - Input directory manager password
    19       (this can be found in  ~/.ldapvirc)
    20 - Move the schema back
    21   root# cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts
    22   root# rm -Rf /etc/dirsrv/slapd-scripts.bak
    23 - Turn dirsrv off: service dirsrv stop
    24 - Apply the following configuration changes.  If you're editing
    25   dse.ldif, you don't want dirsrv to be on, otherwise it will
    26   overwrite your changes. [XXX: show how to do these changes with
    27   dsconf, which is the "blessed" method]
     1# To set up a new LDAP server:
     2
     3# Temporarily move away the existing slapd-scripts folder
     4mv /etc/dirsrv/slapd-scripts{,.bak}
     5
     6# Setup directory server
     7/usr/sbin/setup-ds.pl
     8#   - Choose a typical install
     9#   - Tell it to use the fedora-ds user and group
     10#   - Directory server identifier: scripts
     11#   - Suffix: dc=scripts,dc=mit,dc=edu
     12#   - Input directory manager password
     13#     (this can be found in  ~/.ldapvirc)
     14
     15# Move the schema back
     16cp -R /etc/dirsrv/slapd-scripts.bak/{.svn,*} /etc/dirsrv/slapd-scripts
     17rm -Rf /etc/dirsrv/slapd-scripts.bak
     18
     19# Turn dirsrv off:
     20systemctl stop dirsrv.service
     21
     22# Apply the following configuration changes.  If you're editing
     23# dse.ldif, you don't want dirsrv to be on, otherwise it will
     24# overwrite your changes. [XXX: show how to do these changes with
     25# dsconf, which is the "blessed" method, although it seems
     26# dsconf only exists for Red Hat]
     27
     28vim /etc/dirsrv/slapd-scripts/dse.ldif
     29<<<EOF
    2830
    2931# Inside cn=config.  These changes definitely require a restart.
    30 nsslapd-ldapifilepath: /var/run/slapd-scripts.socket
    3132nsslapd-ldapilisten: on
    3233nsslapd-syntaxcheck: off
     34
     35# We need to turn off syntax check because our schema is wrong and too
     36# restrictive on some value. This should get fixed.
    3337
    3438# Add these blocks
     
    4650nsSaslMapFilterTemplate: (objectClass=posixAccount)
    4751
    48 - Put LDAP keytab (ldap/hostname.mit.edu) in /etc/dirsrv/keytab.  Make
    49   sure you chown/chgrp it to be readable by fedora-ds
    50 - Uncomment and modify in /etc/sysconfig/dirsrv: KRB5_KTNAME=/etc/dirsrv/keytab ; export KRB5_KTNAME
    51 - chown fedora-ds:fedora-ds /var/run/dirsrv
    52 - chown fedora-ds /etc/dirsrv/keytab
    53 - /sbin/service dirsrv start
    54 - Use ldapvi -b cn=config to add these indexes (8 of them):
     52EOF;
     53
     54systemctl start dirsrv.service
     55
     56ldapvi -b cn=config
     57# Add these indexes (8 of them):
     58
     59<<<EOF
    5560
    5661add cn=apacheServerName, cn=index, cn=userRoot, cn=ldbm database, cn=plugins, cn=config
     
    117122nsIndexType: eq
    118123nsIndexType: pres
     124
     125EOF;
    119126
    120127- Build the indexes for all the fields:
     
    181188
    182189  Here's how you do it.
     190
     191  NOTE: There's this spiffy new tool MMR hammer which automates some of
     192  this process.  Check the "MMR Hammer" sections to see how.  Install it
     193  here:  https://github.com/ezyang/mmr-hammer
    183194
    184195    0. Tell -c scripts not to go off and reboot servers until you're
     
    209220nsDS5ReplicaBindDN: uid=ldap/old-faithful.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    210221nsDS5ReplicaBindDN: uid=ldap/shining-armor.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
     222nsDS5ReplicaBindDN: uid=ldap/golden-egg.mit.edu,ou=People,dc=scripts,dc=mit,dc=edu
    211223nsds5ReplicaPurgeDelay: 604800
    212224nsds5ReplicaLegacyConsumer: off
     
    223235       for just $MASTER.
    224236
     237       REMEMBER: You need to use FOO.mit.edu for the names!  Otherwise you will get
     238       unauthorized errors.
     239
    225240add uid=ldap/$MASTER,ou=People,dc=scripts,dc=mit,dc=edu
    226241uid: ldap/$MASTER
     
    245260       risky step of the process; see below for help debugging problems.
    246261
    247        WARNING: There is a known bug doing full updates from 1.2.6 to
    248        1.2.6, see https://bugzilla.redhat.com/show_bug.cgi?id=637852
     262       MMR Hammer: mmr-hammer -h $MASTER init agreements $SLAVE
     263
     264        ldapvi -b cn=\"dc=scripts,dc=mit,dc=edu\",cn=mapping\ tree,cn=config
    249265
    250266add cn="GSSAPI Replication to $SLAVE", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
     
    268284    If it fails with LDAP Error 49, check /var/log/dirsrv on $MASTER
    269285    for more information.  It might be because fedora-ds can't read
    270     /etc/dirsrv/keytab
     286    /etc/dirsrv/keytab or because you setup the account on the SLAVE
     287    incorrectly.
    271288
    272289    6. Replicate in the other direction.  On $MASTER, add $SLAVE
    273290    as a nsDS5ReplicaBindDN in cn=replica,cn="dc=scripts,dc=mit,dc=edu",cn=mapping tree,cn=config
    274     Also, add an account for $SLAVE
     291    Also, add an account for $SLAVE if it doesn't exist already.
    275292
    276293add uid=ldap/$SLAVE,ou=People,dc=scripts,dc=mit,dc=edu
     
    280297
    281298    On $SLAVE,
     299
     300       MMR Hammer: mmr-hammer -h $SLAVE init agreements $MASTER
    282301
    283302add cn="GSSAPI Replication to $MASTER", cn=replica, cn="dc=scripts,dc=mit,dc=edu", cn=mapping tree, cn=config
     
    308327    new server.
    309328
     329    With MMR hammer, that's something like:
     330
     331        for i in $SERVER_NAMES; do mmr-hammer -h $i init agreements $SERVER_NAMES; done
     332
    310333    8. If at this point you look at the new server's changelog with
    311334    cl-dump (preferably /mit/scripts/admin/cl-dump.pl, to not prompt you
     
    316339    also good for making sure the replication agreements actually work.
    317340
     341    With MMR hammer, that's something like:
     342
     343        for i in $SERVER_NAMES; do mmr-hammer -h $i test; sleep 20; done
     344
    318345Troubleshooting
    319346===============
  • trunk/server/doc/package-build-howto

    r1712 r2066  
    5050
    5151  * # Rebuild the repo metadata to include the new packages.
    52     cd /mit/scripts/rpm-fc[RELEASE]
     52    cd /mit/scripts/yum-repos/rpm-fc[RELEASE]
    5353    # If you have a trusted machine:
    54     createrepo .
     54    createrepo -d .
    5555    # Otherwise, on a scripts server, as root:
    5656    mkdir /root/repodata-YYYYMMDD # Or any suitable temp directory
    57     createrepo -o /root/repodata-YYYYMMDD .
     57    createrepo -d -o /root/repodata-YYYYMMDD .
    5858    # Then from your trusted machine
    5959    krootscp -r root@[BUILD-SERVER]:/root/repodata-YYYYMMDD /mit/scripts/rpm-fc[RELEASE]
  • trunk/server/doc/upgrade-tips

    r1695 r2066  
    159159/mit/scripts/rpm-fcXX-testing) needs to be made.  It's quite simple;
    160160all you need to do is copy the RPMs from the build server to there
    161 (probably going through a trusted machine, since you don't want to
    162 put your root tickets on a server.)  When you're done, run `createrepo`
     161(probably going through a trusted machine, since you don't want to put
     162your root tickets on a server.)  When you're done, run `createrepo -d`
    163163on the directory.
    164164
     
    197197hysterical raisins we still refer to our 32-bit builds as i386.
    198198[XXX: Maybe this should change]
     199
     200Until we decide that the performance impact is negligible, any new PHP
     201extensions other than the few we’ve whitelisted should be disabled by
     202emptying their .ini files in /etc/php.d.
     203
     2048. Sending announcements
     205------------------------
     206
     207Once development work has finished, we need to allow users to test
     208their websites on the new servers.
     209
     210    SIPB Internal Testing: Send an email to scripts-team@mit.edu
     211    and -c sipb notifying them of testing procedure and known
     212    issues.
     213
     214    General Testing:
  • trunk/server/fedora/Makefile

    r2001 r2066  
    1919# See /COPYRIGHT in this repository for more information.
    2020
    21 upstream_yum    = krb5 krb5.i686 httpd openssh curl redland-bindings
    22 hackage         = MonadCatchIO-mtl-0.3.0.1 cgi-3001.1.8.1 unix-handle-0.0.0
     21upstream_yum    = krb5 krb5.i686 httpd openssh redland-bindings rubygems
     22hackage         = MonadCatchIO-mtl-0.3.0.2 cgi-3001.1.8.2 unix-handle-0.0.0
    2323upstream_hackage = ghc-MonadCatchIO-mtl ghc-cgi ghc-unix-handle
    24 upstream        = openafs $(upstream_yum) $(upstream_hackage) moira cluster-glue heartbeat pacemaker zephyr zephyr.i686 python-zephyr athena-aclocal discuss
     24upstream        = openafs $(upstream_yum) $(upstream_hackage) moira zephyr zephyr.i686 python-zephyr athena-aclocal discuss
    2525oursrc          = execsys tokensys accountadm httpdmods logview sql-signup nss_nonlocal nss_nonlocal.i686 whoisd athrun php_scripts scripts-wizard scripts-base scripts-static-cat
    2626allsrc          = $(upstream) $(oursrc)
     
    4040server_url      = "http://web.mit.edu/scripts/src"
    4141server_arch     = "fedora.stable"
    42 #openafs_url    = "http://dl.openafs.org/dl/openafs/1.4.12/openafs-1.4.12-1.1.2.src.rpm"
    43 openafs_url     = "http://web.mit.edu/~scripts/yum-repos/rpm-fc13/openafs-1.4.12.1-1.0.pre3.src.rpm"
    44 clusterglue_url = "http://kojipkgs.fedoraproject.org/packages/cluster-glue/1.0/0.11.b79635605337.hg.fc12/src/cluster-glue-1.0-0.11.b79635605337.hg.fc12.src.rpm"
    45 heartbeat_url   = "http://kojipkgs.fedoraproject.org/packages/heartbeat/3.0.0/0.5.0daab7da36a8.hg.fc12/src/heartbeat-3.0.0-0.5.0daab7da36a8.hg.fc12.src.rpm"
    46 pacemaker_url   = "http://kojipkgs.fedoraproject.org/packages/pacemaker/1.0.5/5.fc12/src/pacemaker-1.0.5-5.fc12.src.rpm"
    47 zephyr_url      = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.tar.gz"
     42openafs_url     = "http://dl.openafs.org/dl/openafs/1.6.0/openafs-1.6.0-1.src.rpm"
     43zephyr_url      = "http://zephyr.1ts.org/export/HEAD/distribution/zephyr-3.0.1.tar.gz"
    4844
    4945PKG             = $(patsubst %.i686,%,$@)
     
    7470        cd $(dload) && yumdownloader --disablerepo=scripts --source $(upstream_yum)
    7571        wget -P $(dload) $(openafs_url)
    76         wget -P $(dload) $(clusterglue_url)
    77         wget -P $(dload) $(heartbeat_url)
    78         wget -P $(dload) $(pacemaker_url)
    7972        wget -P $(dload) $(zephyr_url)
    8073        cd $(tmp_src) && wget -nd -r -l1 -np -A.orig.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-moira/
    81         cd $(tmp_src) && wget -nd -r -l1 -np -A.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-aclocal/
    82         cd $(tmp_src) && wget -nd -r -l1 -np -A.orig.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-discuss/
    83         cp $(oursrcdir)/discuss/* $(tmp_src)
    8474        cabal update
    8575        cabal fetch $(hackage)
     
    8878        touch download_stamp
    8979
     80        cd $(tmp_src) && wget -nd -r -l1 -np -A.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-aclocal/
     81        cd $(tmp_src) && wget -nd -r -l1 -np -A.orig.tar.gz http://debathena.mit.edu/apt/pool/debathena/d/debathena-discuss/
     82        cp $(oursrcdir)/discuss/* $(tmp_src)
    9083%.src.rpm:
    9184        wget -q -nv -N -B $(server_url) -nd -nH -P $(dload) $(server_url)/$*.src.rpm
     
    10194        cp ${specs}/*.spec $(tmp_specs)
    10295
     96# Remove old .orig files so we're not mislead
    10397patch-specs: install-srpms
    10498        @cd ${tmp_specs}; \
    10599        list=`ls ${specs}/*.spec.patch`; \
     100        rm -f *.orig; \
     101        rm -f *.spec.~*~; \
    106102        for i in $$list; do \
    107                 patch < $$i; \
     103                patch -bV numbered < $$i; \
    108104        done; \
    109105        list2=`svn ls ${oursrcdir}`; \
     
    150146        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    151147        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    152         /usr/bin/mock -r scripts-fc13-i386 --arch=i686 ${rpmbuild_args} --define="_lib lib" -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     148        /usr/bin/mock -r scripts-fc15-i386 --arch=i686 ${rpmbuild_args} --define="_lib lib" -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    153149
    154150$(filter-out %.i686,$(oursrc)): %: setup
    155151        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    156152        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    157         /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     153        /usr/bin/mock -r scripts-fc15-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    158154
    159155$(upstream) openafs-kernel: rpmbuild_args += --define 'scriptsversion $(shell svnversion ${patches} | tr ':' '_')'
     
    161157$(filter %.i686,$(upstream)): %.i686: setup patch-specs
    162158        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    163         /usr/bin/mock -r scripts-fc13-i386 --arch=i686 ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     159        /usr/bin/mock -r scripts-fc15-i386 --arch=i686 ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    164160
    165161$(filter-out %.i686,$(upstream)): %: setup patch-specs
    166162        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/${PKG}.spec
    167         /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
     163        /usr/bin/mock -r scripts-fc15-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/${PKG}-[0-9]*.src.rpm | head -1`
    168164
    169165openafs-kernel: setup
    170166        PATH="/usr/kerberos/sbin:/usr/kerberos/bin:/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin" \
    171167        rpmbuild ${rpmbuild_args} -bs ${tmp_specs}/openafs*.spec
    172         /usr/bin/mock -r scripts-fc13-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/openafs*.src.rpm | head -1`
     168        /usr/bin/mock -r scripts-fc15-`uname -m` ${rpmbuild_args} -v --rebuild `ls -t ${out_srpms}/openafs*.src.rpm | head -1`
    173169
    174170#sort -n sorts "2.6.25-1" later than "2.6.25.1-1", so it's Wrong
     
    188184        fi
    189185
    190 # The following packages are needed for our packages
    191 basic-deps      = kernel-devel rpm-build rpmdevtools mock gcc autoconf patch krb5-workstation glibc-devel.i686 glibc-devel libtool libgcc.i686
    192 oursrc-deps     = hesinfo openldap-clients openldap-devel.i686 php-devel
    193 httpdmods-deps  = httpd-devel
    194 httpd-deps      = xmlto db4-devel expat-devel zlib-devel libselinux-devel apr-devel apr-util-devel pcre-devel openssl-devel distcache-devel
    195 krb5-deps       = bison ncurses-devel texinfo keyutils-libs-devel texinfo-tex texlive-latex libss-devel rsh
    196 openafs-deps    = pam-devel automake
    197 moira-deps      = e2fsprogs-devel
    198 zephyr-deps     = hesiod-devel libss-devel krb5-devel readline-devel
    199 openssh-deps    = gtk2-devel libX11-devel autoconf automake openssl-devel perl zlib-devel audit-libs-devel util-linux groff man pam-devel tcp_wrappers-devel krb5-devel libselinux-devel audit-libs xauth pango-devel cairo-devel libedit-devel nss-devel fipscheck-devel
    200 php-deps        = bzip2-devel curl-devel gmp-devel libstdc++-devel sqlite-devel gcc-c++ libc-client-devel mysql-devel postgresql-devel unixODBC-devel libxml2-devel net-snmp-devel libxslt-devel libxml2-devel libXpm-devel libjpeg-devel t1lib-devel libmcrypt-devel mhash-devel libtidy-devel freetds-devel aspell-devel recode-devel
    201 haskell-deps    = cabal-install
    202 install-deps:
    203         yum -y install $(basic-deps) $(oursrc-deps) $(httpdmods-deps) $(httpd-deps) $(krb5-deps) $(openafs-deps) $(moira-deps) $(zephyr-deps) $(openssh-deps) $(php-deps) $(haskell-deps)
    204186# XXX: We need to figure out what's going on with compat-readline43
    205187#       rpm -ivh http://kojipkgs.fedoraproject.org/packages/compat-readline43/4.3/3/i386/compat-readline43-4.3-3.i386.rpm
     
    207189
    208190fedora:
    209         make install-deps
    210191        make upstream
    211192        rpm -ivh $(out_rpms)/`uname -m`/openafs-devel*.rpm
  • trunk/server/fedora/config/etc/cron.d/slapdagent

    r1716 r2066  
    11KRB5CCNAME=/var/run/dirsrv/krb5cc
    22MAILTO=scripts-root@mit.edu
    3 0 */3 * * * fedora-ds /usr/kerberos/bin/kinit -k -t /etc/dirsrv/keytab ldap/$(hostname)
     30 */3 * * * fedora-ds /usr/bin/kinit -k -t /etc/dirsrv/keytab ldap/$(hostname)
  • trunk/server/fedora/config/etc/hosts

    r1684 r2066  
    181818.181.0.234    busy-beaver.mit.edu busy-beaver scripts7.mit.edu scripts7
    191918.181.0.235    real-mccoy.mit.edu real-mccoy scripts8.mit.edu scripts8
    20 18.181.0.135    shining-armor.mit.edu shining-armor # scripts9.mit.edu scripts9
     2018.181.0.135    shining-armor.mit.edu shining-armor scripts9.mit.edu scripts9
     2118.181.0.141    golden-egg.mit.edu golden-egg scripts10.mit.edu scripts10
    2122
    2223172.21.0.57     better-mousetrap.mit.edu
     
    2930172.21.0.235    real-mccoy.mit.edu
    3031172.21.0.135    shining-armor.mit.edu
     32172.21.0.141    golden-egg.mit.edu
  • trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf

    r1483 r2066  
    11Alias /__scripts/heartbeat /afs/athena.mit.edu/contrib/scripts/web_scripts/heartbeat
    2 Alias /__scripts/django/media /usr/lib/python2.6/site-packages/django/contrib/admin/media
     2Alias /__scripts/django/media /usr/lib/python2.7/site-packages/django/contrib/admin/media
    33Alias /__scripts /afs/athena.mit.edu/contrib/scripts/www
    44
     
    99</Directory>
    1010
    11 <Directory /usr/lib/python2.6/site-packages/django/contrib/admin/media>
     11<Directory /usr/lib/python2.7/site-packages/django/contrib/admin/media>
    1212    <Files *>
    1313        SetHandler none
  • trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost-names.conf

    r1700 r2066  
    11ServerName scripts.mit.edu
    2 ServerAlias scripts 18.181.0.43 scripts-vhosts.mit.edu scripts-vhosts 18.181.0.46 scripts-test.mit.edu scripts-test 18.181.0.229 better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.181.0.57 old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.181.0.53 bees-knees.mit.edu bees-knees b-k.mit.edu b-k sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.167 cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.181.0.228 whole-enchilada.mit.edu whole-enchilada w-e.mit.edu w-e scripts5.mit.edu scripts5 18.181.0.236 pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.181.0.237 busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.181.0.234 real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.181.0.235 shining-armor.mit.edu shining-armor s-a.mit.edu s-a scripts9.mit.edu scripts9 18.181.0.135 localhost 127.0.0.1 ::1
     2ServerAlias \
     3    scripts 18.181.0.43 \
     4    scripts-vhosts.mit.edu scripts-vhosts 18.181.0.46 \
     5    scripts-test.mit.edu scripts-test 18.181.0.229 \
     6    better-mousetrap.mit.edu better-mousetrap b-m.mit.edu b-m scripts1.mit.edu scripts1 18.181.0.57 \
     7    old-faithful.mit.edu old-faithful o-f.mit.edu o-f scripts2.mit.edu scripts2 18.181.0.53 \
     8    bees-knees.mit.edu bees-knees b-k.mit.edu b-k sx-blade-4.mit.edu sx-blade-4 scripts3.mit.edu scripts3 18.181.0.167 \
     9    cats-whiskers.mit.edu cats-whiskers c-w.mit.edu c-w scripts4.mit.edu scripts4 18.181.0.228 \
     10    whole-enchilada.mit.edu whole-enchilada w-e.mit.edu w-e scripts5.mit.edu scripts5 18.181.0.236 \
     11    pancake-bunny.mit.edu pancake-bunny p-b.mit.edu p-b scripts6.mit.edu scripts6 18.181.0.237 \
     12    busy-beaver.mit.edu busy-beaver b-b.mit.edu b-b scripts7.mit.edu scripts7 18.181.0.234 \
     13    real-mccoy.mit.edu real-mccoy r-m.mit.edu r-m scripts8.mit.edu scripts8 18.181.0.235 \
     14    shining-armor.mit.edu shining-armor s-a.mit.edu s-a scripts9.mit.edu scripts9 18.181.0.135 \
     15    golden-egg.mit.edu golden-egg g-e.mit.edu g-e scripts10.mit.edu scripts10 18.181.0.141 \
     16    localhost 127.0.0.1 ::1
  • trunk/server/fedora/config/etc/httpd/conf.d/scripts-vhost.conf

    r811 r2066  
    11DocumentRoot /afs/athena.mit.edu/contrib/scripts/web_scripts/home
    22SuExecUserGroup scripts users
     3UserDir enabled
    34UserDir web_scripts
    45# Comment the following line out to take the machine out of the LVS pool
  • trunk/server/fedora/config/etc/krb5.conf

    r708 r2066  
    11[libdefaults]
     2        allow_weak_crypto = true
    23        default_realm = ATHENA.MIT.EDU
    34# The following krb5.conf variables are only for MIT Kerberos.
  • trunk/server/fedora/config/etc/php.d/_scripts.ini

    r1362 r2066  
    33cgi.force_redirect = 0
    44memory_limit = 1024M
     5date.timezone = America/New_York
  • trunk/server/fedora/config/etc/php.d/tidy.ini

    r813 r2066  
    1 
  • trunk/server/fedora/config/etc/pki/tls/certs/nudelta.pem

  • trunk/server/fedora/config/etc/postfix/main.cf

    r1868 r2066  
    1717recipient_delimiter = +
    1818inet_interfaces = all
    19 readme_directory = /usr/share/doc/postfix-2.7.4/README_FILES
    20 sample_directory = /usr/share/doc/postfix-2.7.4/samples
     19readme_directory = /usr/share/doc/postfix-2.8.5/README_FILES
     20sample_directory = /usr/share/doc/postfix-2.8.5/samples
    2121sendmail_path = /usr/sbin/sendmail
    2222html_directory = no
  • trunk/server/fedora/config/etc/rc.d/rc.local

    • Property svn:executable set to *
    r227 r2066  
    33touch /var/lock/subsys/local
    44
    5 if [ -r "/afs/athena.mit.edu" ]; then
    6         /sbin/service postfix start
    7 fi
    8 
    95/bin/mkdir -pm 1773 /tmp/sessions
  • trunk/server/fedora/config/etc/scripts/allowed-setugid.list

    r1917 r2066  
    1 /bin/ping
    2 /bin/ping6
    31/sbin/pam_timestamp_check
    42/sbin/unix_chkpwd
  • trunk/server/fedora/config/etc/ssh/shosts.equiv

    r1702 r2066  
    88shining-armor.mit.edu
    99whole-enchilada.mit.edu
     10golden-egg.mit.edu
    1011172.21.0.53
    1112172.21.0.57
     
    1718172.21.0.135
    1819172.21.0.236
     20172.21.0.141
  • trunk/server/fedora/config/etc/ssh/ssh_known_hosts

    r1703 r2066  
    88whole-enchilada.mit.edu,whole-enchilada,w-e.mit.edu,w-e,scripts5.mit.edu,scripts5,18.181.0.236,172.21.0.236 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
    99shining-armor.mit.edu,shining-armor,s-a.mit.edu,s-a,scripts9.mit.edu,scripts9,18.181.0.135,172.21.0.135 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
     10golden-egg.mit.edu.golden-egg,g-e.mit.edu,g-e,scripts10.mit.edu,scripts10,18.181.0.141,172.21.0.141 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuEpkEgaIgjK7F1gV81lLSYTwSqIZX/9IJs37VaJCsJFv3D86uuJSdfI3Y94fPn2OH6AxfdaqGNksVdi27mKQfzvCB4ogjQgxmM391MIDLd+izZDY0YvCb4DqJLMJUpX49cNUMkj+/rJg1O0K2w/lb8DGr7wdoLSPKCUJNJv5WMMDxpFL253lPELsmnds4T+R6LpTt6W9+FalHl84me51sEjV9PbmhcTaNwuoJStAjhrKPfgHHDIKNyCUvaVkoHPXEsdzz00yY7i57djyZlzPV/jM7LKar+Xw2LB0Z3098IQcdbD8zmz2DdakPTlShxavNPC6kZDZ3WVqziC+bszaSQ==
  • trunk/server/fedora/config/etc/ssh/sshd_config

    r1703 r2066  
    2020IgnoreRhosts yes
    2121IgnoreUserKnownHosts yes
    22 DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu root@cats-whiskers.mit.edu root@pancake-bunny.mit.edu root@busy-beaver.mit.edu root@real-mccoy.mit.edu root@whole-enchilada.mit.edu root@shining-armor.mit.edu
     22DenyUsers root@old-faithful.mit.edu root@better-mousetrap.mit.edu root@bees-knees.mit.edu root@cats-whiskers.mit.edu root@pancake-bunny.mit.edu root@busy-beaver.mit.edu root@real-mccoy.mit.edu root@whole-enchilada.mit.edu root@shining-armor.mit.edu root@golden-egg.mit.edu
  • trunk/server/fedora/config/etc/sysconfig/dirsrv

    r1716 r2066  
    3232# slapdagent cronjob) -- geofft 30 October 2010
    3333KRB5CCNAME=/var/run/dirsrv/krb5cc; export KRB5CCNAME
    34 /usr/kerberos/bin/kinit -k -t "$KRB5_KTNAME" ldap/"$(hostname)"
     34/usr/bin/kinit -k -t "$KRB5_KTNAME" ldap/"$(hostname)"
    3535chown --reference="$KRB5_KTNAME" "$KRB5CCNAME"
    3636
  • trunk/server/fedora/config/etc/sysconfig/httpd

    r759 r2066  
    2121#
    2222#HTTPD_LANG=C
     23
     24#
     25# When stopping the server a 10 second timeout is allowed before
     26# forcibly terminating the parent process (with a SIGKILL signal).
     27# To allow a longer delay, set the STOP_TIMEOUT variable.
     28#
     29#STOP_TIMEOUT=10
     30#
  • trunk/server/fedora/config/etc/sysconfig/network-scripts/route-eth1

    r1789 r2066  
    121218.181.0.235 via 172.21.0.235
    131318.181.0.135 via 172.21.0.135
     1418.181.0.141 via 172.21.0.141
  • trunk/server/fedora/config/etc/sysconfig/openafs

    r1993 r2066  
    11AFSD_ARGS="-afsdb -dynroot -fakestat-all -stat 25000 -daemons 100 -volumes 4000 -files 400000 -chunksize 19"
    22BOSSERVER_ARGS=
    3 
    4 postinit () {
    5         /sbin/sysctl -q afs.GCPAGs=0
    6         /usr/bin/fs setcrypt on
    7         case "$(lsb_release -cs)" in
    8           Moonshine)
    9             /usr/bin/fs sysname 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora7' 'amd64_linux26' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' 'i386_linux1' ;;
    10           Sulphur)
    11             /usr/bin/fs sysname 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
    12           Leonidas)
    13             /usr/bin/fs sysname 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
    14           Goddard)
    15             /usr/bin/fs sysname 'amd64_fedora13_scripts' 'amd64_fedora11_scripts' 'amd64_fedora9_scripts' 'amd64_fedora7_scripts' 'scripts' 'amd64_fedora13' 'amd64_fedora11' 'amd64_fedora9' 'amd64_fedora7' 'amd64_linux26' 'i386_deb50' 'i386_deb40' 'i386_rhel4' 'i386_rhel3' 'i386_rh9' 'i386_linux26' 'i386_linux24' 'i386_linux22' 'i386_linux3' 'i386_linux2' ;;
    16           *)
    17             echo "Warning: unknown platform. AFS sysname not set."
    18         esac
    19         /usr/bin/fs setcell -nosuid -c athena
    20 }
    21 AFS_POST_INIT=postinit
  • trunk/server/fedora/config/etc/sysconfig/sysstat

    r72 r2066  
    1 # How long to keep log files (days), maximum is a month
     1# sysstat-9.0.6.1 configuration file.
     2
     3# How long to keep log files (in days).
     4# If value is greater than 28, then log files are kept in
     5# multiple directories, one for each month.
    26HISTORY=30
     7
     8# Compress (using gzip or bzip2) sa and sar files older than (in days):
     9COMPRESSAFTER=10
     10
     11# Parameters for system activity collector (see sadc man-page) which
     12# are used for the generation of log files
     13SADC_OPTIONS="-S DISK"
  • trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl

    r1747 r2066  
    3232sub buildKeyMap($) {
    3333    my ($file) = @_;
    34     open (KEYS, $file) or warn "Couldn't open $file: $!";
     34    open (KEYS, $file) or (warn "Couldn't open $file: $!\n" and return);
    3535    while (<KEYS>) {
    3636        chomp;
     
    5858buildKeyMap("/root/.ssh/authorized_keys2");
    5959
    60 while (1) {
    61     my @message = scalar(<>);
     60my @message;
     61
     62while (my $line = <>) {
     63    @message = $line;
    6264    eval {
    6365        local $SIG{ALRM} = sub { die "alarm\n" }; # NB: \n required
     
    8082        } elsif ($message =~ m|Root (\S+) shell|) {
    8183            sendmsg($message);
    82         } elsif ($message =~ m|session \S+ for user (\S+)|) {
    83             sendmsg($message) if exists $USERS{$1};
     84        } elsif ($message =~ m|pam_unix\(([^:]+):session\): session \S+ for user (\S+)|) {
     85            sendmsg($message) if $1 ne "cron" and exists $USERS{$2};
    8486        } elsif ($message =~ m|^Found matching (\w+) key: (\S+)|) {
    8587            if ($sshkeys{$2}) {
     
    117119        } elsif ($message =~ m|^ *root : TTY=|) {
    118120        } elsif ($message =~ m|^Set /proc/self/oom_adj to |) {
     121        } elsif ($message =~ m|^fatal: mm_request_receive: read: Connection reset by peer$|) {
    119122        } else {
    120123            sendmsg($message, "scripts-spew");
  • trunk/server/fedora/config/etc/syslog-ng/syslog-ng.conf

    r1259 r2066  
     1@version:3.2
     2
    13# syslog-ng configuration file.
    24#
     
    810
    911options {
    10         sync (0);
     12        flush_lines (0);
    1113        time_reopen (10);
    1214        log_fifo_size (1000);
     
    1618        create_dirs (no);
    1719        keep_hostname (yes);
     20        stats_freq (0);
    1821};
    1922
    2023source s_sys {
    21         file ("/proc/kmsg" log_prefix("kernel: "));
     24        file ("/proc/kmsg" program_override("kernel: "));
    2225        unix-stream ("/dev/log");
    2326        internal();
     
    2831destination d_mesg { file("/var/log/messages"); };
    2932destination d_auth { file("/var/log/secure"); };
    30 destination d_mail { file("/var/log/maillog" sync(10)); };
     33destination d_mail { file("/var/log/maillog" flush_lines(10)); };
    3134destination d_spol { file("/var/log/spooler"); };
    3235destination d_boot { file("/var/log/boot.log"); };
  • trunk/server/fedora/config/etc/yum.conf

    r1722 r2066  
    99plugins=1
    1010metadata_expire=1800
    11 installonlypkgs=kernel kernel-devel kmod-openafs
     11installonlypkgs=kernel kernel-devel kmod-openafs ghc-cgi ghc-cgi-devel
    1212
    1313# PUT YOUR REPOS HERE OR IN separate files named file.repo
  • trunk/server/fedora/config/etc/yum.repos.d/scripts.repo

    r1888 r2066  
    11[scripts]
    22name=Scripts
    3 baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc13/
     3baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc15/
    44enabled=1
    55gpgcheck=0
     
    77[scripts-testing]
    88name=Scripts Testing
    9 baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc13-testing/
     9baseurl=http://web.mit.edu/scripts/yum-repos/rpm-fc15-testing/
    1010enabled=0
    1111gpgcheck=0
  • trunk/server/fedora/config/etc/yum/post-actions/statoverride.action

    r1926 r2066  
    2222/usr/bin/write:install:chmod ug-s /usr/bin/write
    2323/usr/bin/Xorg:install:chmod ug-s /usr/bin/Xorg
    24 /usr/kerberos/bin/ksu:install:chmod ug-s /usr/kerberos/bin/ksu
     24/usr/bin/ksu:install:chmod ug-s /usr/bin/ksu
    2525/usr/lib64/nspluginwrapper/plugin-config:install:chmod ug-s /usr/lib64/nspluginwrapper/plugin-config
    2626/usr/lib64/vte/gnome-pty-helper:install:chmod ug-s /usr/lib64/vte/gnome-pty-helper
     27/usr/libexec/kde4/kpac_dhcp_helper:install:chmod ug-s /usr/libexec/kde4/kpac_dhcp_helper
    2728/usr/sbin/ccreds_chkpwd:install:chmod ug-s /usr/sbin/ccreds_chkpwd
    2829/usr/sbin/userisdnctl:install:chmod ug-s /usr/sbin/userisdnctl
    2930/usr/sbin/usernetctl:install:chmod ug-s /usr/sbin/usernetctl
     31/usr/bin/pkexec:install:chmod ug-s /usr/bin/pkexec
  • trunk/server/fedora/specs/ghc-MonadCatchIO-mtl.spec

    r1693 r2066  
     1# For Haskell Packaging Guidelines see:
     2# - https://fedoraproject.org/wiki/Packaging:Haskell
     3# - https://fedoraproject.org/wiki/PackagingDrafts/Haskell
     4
    15%global pkg_name MonadCatchIO-mtl
    26
     7# common part of summary for all the subpackages
    38%global common_summary Haskell %{pkg_name} library
    49
     10# main description used for all the subpackages
    511%global common_description A %{pkg_name} library for Haskell.
    612
    7 # add any Haskell library dependencies here:
     13# Haskell library dependencies (used for buildrequires and devel/prof subpkg requires)
    814%global ghc_pkg_deps ghc-mtl-devel
    915
    10 # add any foreign library dependencies here:
     16# foreign library dependencies (used for buildrequires and devel subpkg requires)
    1117#%%global ghc_pkg_c_deps @CDEP1@-devel
    1218
    13 %bcond_without shared
    14 
    15 # debuginfo is not useful for ghc
    16 %global debug_package %{nil}
    17 
    1819Name:           ghc-%{pkg_name}
    19 Version:        0.3.0.1
     20Version:        0.3.0.2
    2021Release:        0.%{scriptsversion}%{?dist}
    2122Summary:        %{common_summary}
     
    2324Group:          System Environment/Libraries
    2425License:        BSD
    25 URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     26URL:            http://hackage.haskell.org/package/%{pkg_name}
    2627Source0:        http://hackage.haskell.org/packages/archive/%{pkg_name}/%{version}/%{pkg_name}-%{version}.tar.gz
    27 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
    2828# fedora ghc archs:
    29 ExclusiveArch:  %{ix86} x86_64 ppc alpha
     29ExclusiveArch:  %{ix86} x86_64 ppc alpha sparcv9
    3030BuildRequires:  ghc, ghc-doc, ghc-prof
    31 BuildRequires:  ghc-rpm-macros >= 0.7.0
     31# macros for building haskell packages
     32BuildRequires:  ghc-rpm-macros >= 0.7.3
     33BuildRequires:  hscolour
    3234%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
    3335%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
     
    3537%description
    3638%{common_description}
    37 %if %{with shared}
    38 This package provides the shared library.
    39 %endif
    40 
    41 
    42 %{?ghc_lib_package}
    4339
    4440
     
    5248
    5349%install
    54 rm -rf $RPM_BUILD_ROOT
    5550%ghc_lib_install
    5651
    5752
    58 %clean
    59 rm -rf $RPM_BUILD_ROOT
     53# define the devel and prof subpkgs, devel post[un] scripts, and filelists:
     54# ghc-%pkg_name{,devel,prof}.files
     55%ghc_lib_package
    6056
    6157
    6258%changelog
     59* Mon May  2 2011 Alexander Chernyakhovsky <achernya@mit.edu> - 0.3.0.2-0
     60- regenerated packaging with cabal2spec-0.22.5
     61
    6362* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.3.0.1-0
    6463- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/ghc-cgi.spec

    r1693 r2066  
     1# For Haskell Packaging Guidelines see:
     2# - https://fedoraproject.org/wiki/Packaging:Haskell
     3# - https://fedoraproject.org/wiki/PackagingDrafts/Haskell
     4
    15%global pkg_name cgi
    26
     7# common part of summary for all the subpackages
    38%global common_summary Haskell %{pkg_name} library
    49
     10# main description used for all the subpackages
    511%global common_description A %{pkg_name} library for Haskell.
    612
    7 # add any Haskell library dependencies here:
     13# Haskell library dependencies (used for buildrequires and devel/prof subpkg requires)
    814%global ghc_pkg_deps ghc-network-devel, ghc-parsec-devel, ghc-mtl-devel, ghc-MonadCatchIO-mtl-devel, ghc-xhtml-devel
    915
    10 # add any foreign library dependencies here:
     16# foreign library dependencies (used for buildrequires and devel subpkg requires)
    1117#%%global ghc_pkg_c_deps @CDEP1@-devel
    1218
    13 %bcond_without shared
    14 
    15 # debuginfo is not useful for ghc
    16 %global debug_package %{nil}
    17 
    1819Name:           ghc-%{pkg_name}
    19 Version:        3001.1.8.1
     20Version:        3001.1.8.2
    2021Release:        0.%{scriptsversion}%{?dist}
    2122Summary:        %{common_summary}
     
    2324Group:          System Environment/Libraries
    2425License:        BSD
    25 URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     26URL:            http://hackage.haskell.org/package/%{pkg_name}
    2627Source0:        http://hackage.haskell.org/packages/archive/%{pkg_name}/%{version}/%{pkg_name}-%{version}.tar.gz
    27 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
    2828# fedora ghc archs:
    29 ExclusiveArch:  %{ix86} x86_64 ppc alpha
     29ExclusiveArch:  %{ix86} x86_64 ppc alpha sparcv9
    3030BuildRequires:  ghc, ghc-doc, ghc-prof
    31 BuildRequires:  ghc-rpm-macros >= 0.7.0
     31# macros for building haskell packages
     32BuildRequires:  ghc-rpm-macros >= 0.7.3
     33BuildRequires:  hscolour
    3234%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
    3335%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
     
    3537%description
    3638%{common_description}
    37 %if %{with shared}
    38 This package provides the shared library.
    39 %endif
    40 
    41 
    42 %{?ghc_lib_package}
    4339
    4440
     
    5248
    5349%install
    54 rm -rf $RPM_BUILD_ROOT
    5550%ghc_lib_install
    5651
    5752
    58 %clean
    59 rm -rf $RPM_BUILD_ROOT
     53# define the devel and prof subpkgs, devel post[un] scripts, and filelists:
     54# ghc-%pkg_name{,devel,prof}.files
     55%ghc_lib_package
    6056
    6157
    6258%changelog
     59* Mon May  2 2011 Alexander Chernyakhovsky <achernya@mit.edu> - 3001.1.8.2-0
     60- regenerated packaging with cabal2spec-0.22.5
     61
    6362* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 3001.1.8.1-0
    6463- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/ghc-unix-handle.spec

    r1693 r2066  
     1# For Haskell Packaging Guidelines see:
     2# - https://fedoraproject.org/wiki/Packaging:Haskell
     3# - https://fedoraproject.org/wiki/PackagingDrafts/Haskell
     4
    15%global pkg_name unix-handle
    26
     7# common part of summary for all the subpackages
    38%global common_summary Haskell %{pkg_name} library
    49
     10# main description used for all the subpackages
    511%global common_description A %{pkg_name} library for Haskell.
    612
    7 # add any Haskell library dependencies here:
     13# Haskell library dependencies (used for buildrequires and devel/prof subpkg requires)
    814#%%global ghc_pkg_deps ghc-@DEP1@-devel, ghc-@DEP2@-devel
    915
    10 # add any foreign library dependencies here:
     16# foreign library dependencies (used for buildrequires and devel subpkg requires)
    1117#%%global ghc_pkg_c_deps @CDEP1@-devel
    12 
    13 %bcond_without shared
    14 
    15 # debuginfo is not useful for ghc
    16 %global debug_package %{nil}
    1718
    1819Name:           ghc-%{pkg_name}
     
    2324Group:          System Environment/Libraries
    2425License:        BSD
    25 URL:            http://hackage.haskell.org/cgi-bin/hackage-scripts/package/%{pkg_name}
     26URL:            http://hackage.haskell.org/package/%{pkg_name}
    2627Source0:        http://hackage.haskell.org/packages/archive/%{pkg_name}/%{version}/%{pkg_name}-%{version}.tar.gz
    27 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
    2828# fedora ghc archs:
    29 ExclusiveArch:  %{ix86} x86_64 ppc alpha
     29ExclusiveArch:  %{ix86} x86_64 ppc alpha sparcv9
    3030BuildRequires:  ghc, ghc-doc, ghc-prof
    31 BuildRequires:  ghc-rpm-macros >= 0.7.0
     31# macros for building haskell packages
     32BuildRequires:  ghc-rpm-macros >= 0.7.3
     33BuildRequires:  hscolour
    3234%{?ghc_pkg_deps:BuildRequires:  %{ghc_pkg_deps}, %(echo %{ghc_pkg_deps} | sed -e "s/\(ghc-[^, ]\+\)-devel/\1-doc,\1-prof/g")}
    3335%{?ghc_pkg_c_deps:BuildRequires:  %{ghc_pkg_c_deps}}
     
    3537%description
    3638%{common_description}
    37 %if %{with shared}
    38 This package provides the shared library.
    39 %endif
    40 
    41 
    42 %{?ghc_lib_package}
    4339
    4440
     
    5248
    5349%install
    54 rm -rf $RPM_BUILD_ROOT
    5550%ghc_lib_install
    5651
    5752
    58 %clean
    59 rm -rf $RPM_BUILD_ROOT
     53# define the devel and prof subpkgs, devel post[un] scripts, and filelists:
     54# ghc-%pkg_name{,devel,prof}.files
     55%ghc_lib_package
    6056
    6157
    6258%changelog
     59* Mon May  2 2011 Alexander Chernyakhovsky <achernya@mit.edu> - 0.0.0-0
     60- regenerated packaging with cabal2spec-0.22.5
     61
    6362* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.0.0-0
    6463- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/httpd.spec.patch

    r1738 r2066  
    1 --- httpd.spec.orig     2010-10-27 08:26:15.000000000 -0400
    2 +++ httpd.spec  2010-11-18 18:20:43.000000000 -0500
    3 @@ -7,7 +7,7 @@
     1--- httpd.spec.orig     2011-09-13 09:43:36.000000000 -0400
     2+++ httpd.spec  2011-11-05 20:57:13.910145847 -0400
     3@@ -8,7 +8,7 @@
    44 Summary: Apache HTTP Server
    55 Name: httpd
    6  Version: 2.2.17
    7 -Release: 1%{?dist}.1
    8 +Release: 1%{?dist}.1.scripts.%{scriptsversion}
     6 Version: 2.2.21
     7-Release: 1%{?dist}
     8+Release: 1%{?dist}.scripts.%{scriptsversion}
    99 URL: http://httpd.apache.org/
    1010 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
    1111 Source1: index.html
    12 @@ -55,6 +55,14 @@
    13  Conflicts: pcre < 4.0
    14  Requires: httpd-tools = %{version}-%{release}, apr-util-ldap
     12@@ -54,6 +54,15 @@
     13 Provides: httpd-mmn = %{mmn}, httpd-mmn = %{mmnisa}
     14 Requires: httpd-tools = %{version}-%{release}, apr-util-ldap, systemd-units
    1515 
    16 +Provides: scripts-httpd
     16+Provides: scripts-httpd = %{version}-%{release}
    1717+Patch1000: httpd-suexec-scripts.patch
    1818+Patch1003: httpd-2.2.x-mod_status-security.patch
     
    2121+Patch1006: httpd-suexec-cloexec.patch
    2222+Patch1007: httpd-fixup-vhost.patch
     23+Patch1008: httpd-sysv-deps.patch
    2324+
    2425 %description
    2526 The Apache HTTP Server is a powerful, efficient, and extensible
    2627 web server.
    27 @@ -65,6 +73,7 @@
     28@@ -64,6 +73,7 @@
    2829 Obsoletes: secureweb-devel, apache-devel, stronghold-apache-devel
    2930 Requires: apr-devel, apr-util-devel, pkgconfig
    3031 Requires: httpd = %{version}-%{release}
    31 +Provides: scripts-httpd-devel
     32+Provides: scripts-httpd-devel = %{version}-%{release}
    3233 
    3334 %description devel
    3435 The httpd-devel package contains the APXS binary and other files
    35 @@ -103,6 +112,7 @@
    36  Requires(post): openssl >= 0.9.7f-4, /bin/cat
     36@@ -102,6 +112,7 @@
     37 Requires(post): openssl, /bin/cat
    3738 Requires(pre): httpd
    38  Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmn}
     39 Requires: httpd = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
    3940+Provides: scripts-mod_ssl
    4041 Obsoletes: stronghold-mod_ssl
    4142 
    4243 %description -n mod_ssl
    43 @@ -130,6 +140,13 @@
     44@@ -110,6 +121,11 @@
     45 Security (TLS) protocols.
     46 
     47 %prep
     48+
     49+# Horrible hack to patch the httpd.init file
     50+cd $RPM_SOURCE_DIR
     51+%patch1008 -p1 -b .sysv-deps
     52+
     53 %setup -q
     54 %patch1 -p1 -b .apctl
     55 %patch2 -p1 -b .apxs
     56@@ -128,6 +144,13 @@
    4457 # Patch in vendor/release string
    4558 sed "s/@RELEASE@/%{vstring}/" < %{PATCH20} | patch -p1
     
    5568 vmmn=`echo MODULE_MAGIC_NUMBER_MAJOR | cpp -include include/ap_mmn.h | sed -n '/^2/p'`
    5669 if test "x${vmmn}" != "x%{mmn}"; then
    57 @@ -177,10 +194,12 @@
     70@@ -175,10 +198,12 @@
    5871         --with-apr=%{_prefix} --with-apr-util=%{_prefix} \
    5972        --enable-suexec --with-suexec \
  • trunk/server/fedora/specs/krb5.spec.patch

    r1819 r2066  
    1 --- krb5.spec.orig      2011-04-13 14:56:35.000000000 -0400
    2 +++ krb5.spec   2011-04-27 02:52:07.000000000 -0400
    3 @@ -10,7 +10,7 @@
     1--- krb5.spec.orig      2011-11-16 12:37:32.246736120 -0500
     2+++ krb5.spec   2011-11-16 12:42:47.134740975 -0500
     3@@ -6,7 +6,7 @@
    44 Summary: The Kerberos network authentication system
    55 Name: krb5
    6  Version: 1.7.1
    7 -Release: 19%{?dist}
    8 +Release: 19%{?dist}.scripts.%{scriptsversion}
     6 Version: 1.9.1
     7-Release: 14%{?dist}
     8+Release: 14%{?dist}.scripts.%{scriptsversion}
    99 # Maybe we should explode from the now-available-to-everybody tarball instead?
    10  # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7.1-signed.tar
     10 # http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.1-signed.tar
    1111 Source0: krb5-%{version}.tar.gz
    12 @@ -98,6 +98,8 @@
    13  Patch109: krb5-1.7.1-paren.patch
    14  Patch110: 2011-004-patch-r18.txt
     12@@ -65,6 +65,8 @@
     13 Patch89: krb5-1.9.1-sendto_poll3.patch
     14 Patch90: krb5-1.9-MITKRB5-SA-2011-006.patch
    1515 
    1616+Patch1000: krb5-kuserok-scripts.patch
     
    1919 URL: http://web.mit.edu/kerberos/www/
    2020 Group: System Environment/Libraries
    21 @@ -142,6 +144,7 @@
     21@@ -114,6 +116,7 @@
    2222 %package libs
    2323 Summary: The shared libraries used by Kerberos 5
     
    2727 %description libs
    2828 Kerberos is a network authentication system. The krb5-libs package
    29 @@ -1696,6 +1699,7 @@
    30  %patch108 -p1 -b .2011-003
    31  %patch109 -p1 -b .paren
    32  %patch110 -p1 -b .2011-004
     29@@ -221,6 +224,7 @@
     30 %patch88 -p1 -b .crossrealm
     31 %patch89 -p1 -b .sendto_poll3
     32 %patch90 -p1 -b .2011-006
    3333+%patch1000 -p1 -b .kuserok
    3434 gzip doc/*.ps
  • trunk/server/fedora/specs/openafs-include-xstat.spec.patch

    r2014 r2066  
    1 --- openafs.spec.orig   2011-10-19 16:05:41.000000000 -0400
    2 +++ openafs.spec        2011-10-19 16:10:06.000000000 -0400
    3 @@ -1115,7 +1115,7 @@
     1--- openafs.spec.orig   2011-11-04 23:50:34.842221577 -0400
     2+++ openafs.spec        2011-11-04 23:52:00.538590290 -0400
     3@@ -1103,7 +1103,7 @@
    44 
    55 # create list of man pages that go in the 'openafs' package
    66 /bin/ls $RPM_BUILD_ROOT%{_mandir}/man1 \
    7 -       |egrep '^afs|^fs|^kas|^klog|kapasswd|pagsh|^pts|^rxdebug|scout|^sys|tokens|translate|udebug|unlog|^uss|^vos' \
    8 +       |egrep '^afs|^fs|^kas|^klog|kapasswd|pagsh|^pts|^rxdebug|scout|^sys|tokens|translate|^xstat|udebug|unlog|^uss|^vos' \
     7-       |egrep '^afs|^fs|^kas|^klog|kapasswd|pagsh|^pts|^restorevol|^rxdebug|scout|^sys|tokens|translate|udebug|unlog|^uss|^vos' \
     8+       |egrep '^afs|^fs|^kas|^klog|kapasswd|pagsh|^pts|^restorevol|^rxdebug|scout|^sys|tokens|translate|^xstat|udebug|unlog|^uss|^vos' \
     9        |egrep -v '^afs_compile_et' \
    910        >openafs-man1files
    1011 
    11  /bin/ls $RPM_BUILD_ROOT%{_mandir}/man5 \
    12 @@ -1145,6 +1145,8 @@
     12@@ -1134,6 +1134,8 @@
    1313 %{_bindir}/tokens
    1414 %{_bindir}/tokens.krb
     
    1919 %{_bindir}/unlog
    2020 %{_sbindir}/backup
    21 @@ -1196,7 +1198,7 @@
     21@@ -1184,7 +1186,7 @@
    2222 done
    2323 
     
    2828 done
    2929 
    30 @@ -1208,7 +1210,7 @@
     30@@ -1196,7 +1198,7 @@
    3131 rm -rf $RPM_BUILD_ROOT%{_sbindir}/kdump*
    3232 
  • trunk/server/fedora/specs/openafs.spec.patch

    r1693 r2066  
    1 --- openafs.spec.orig   2010-09-10 18:21:53.000000000 -0400
    2 +++ openafs.spec        2010-09-10 18:34:30.000000000 -0400
    3 @@ -8,7 +8,7 @@
    4  # for beta/rc releases make pkgrel 0.X.<tag>
     1--- rpmbuild/SPECS/openafs.spec
     2+++ rpmbuild/SPECS/openafs.spec.~3~     2011-11-20 20:13:52.211673609 -0500
     3@@ -4,7 +4,7 @@
     4 %define pkgvers 1.6.0
     5 # for beta/rc releases make pkgrel 0.<tag>
    56 # for real releases make pkgrel 1 (or more for extra releases)
    6  #%define pkgrel 0.1.rc1
    7 -%define pkgrel 0.pre3
    8 +%define pkgrel 0.pre3.99scripts.%{scriptsversion}
     7-%define pkgrel 1
     8+%define pkgrel 1.99.scripts.%{scriptsversion}
    99 
    10  %if %{?osvers:0}%{!?osvers:1}
    11  %define osvers 1
    12 @@ -261,6 +261,10 @@
    13  %endif
     10 %{!?fedorakmod: %define fedorakmod 1}
     11 %{!?build_dkmspkg: %define build_dkmspkg 1}
     12@@ -237,6 +237,14 @@
     13 
    1414 ExclusiveArch: %{ix86} x86_64 ia64 s390 s390x sparc64 ppc ppc64
    1515 
    1616+Patch1000: openafs-scripts.patch
    17 +Patch1003: openafs-localcsdb.patch
    18 +Patch1005: openafs-numsysnames.patch
     17+Patch1001: openafs-localcsdb.patch
     18+Patch1002: openafs-systemd.patch
     19+Patch1003: openafs-systemd-crond.patch
     20+Patch1004: openafs-linux-3.1-rcu.patch
     21+Patch1005: openafs-linux-3.1-fsync.patch
     22+Patch1006: openafs-linux-3.1-zalloc.patch
    1923+
    2024 #    http://dl.openafs.org/dl/openafs/candidate/%{afsvers}/...
    2125 Source0: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-src.tar.bz2
    2226 Source1: http://www.openafs.org/dl/openafs/%{afsvers}/openafs-%{afsvers}-doc.tar.bz2
    23 @@ -343,6 +347,7 @@
     27@@ -316,6 +324,7 @@
    2428 %if %{build_userspace}
    2529 
     
    2933 
    3034 %if %{fedorakmod}
    31 @@ -403,6 +408,7 @@
     35@@ -376,6 +385,7 @@
    3236 
    3337 %if %{build_authlibs}
     
    3741 Group: Networking/Filesystems
    3842 
    39 @@ -419,6 +425,7 @@
     43@@ -392,6 +402,7 @@
    4044 %endif
    4145 
     
    4347+Provides: scripts-openafs-authlibs-devel
    4448 %if %{build_authlibs}
    45  Requires: openafs-authlibs = %{version}
     49 Requires: openafs-authlibs = %{version}-%{release}
    4650 %endif
    47 @@ -437,6 +444,7 @@
     51@@ -410,6 +421,7 @@
    4852 libraries.
    4953 
     
    5256 Summary: OpenAFS Development Libraries and Headers
    5357 Group: Development/Filesystems
    54  
    55 @@ -465,6 +473,7 @@
     58 Requires: openafs = %{version}-%{release}
     59@@ -439,6 +451,7 @@
    5660 administrators.
    5761 
     
    6165 Group: Networking/Filesystems
    6266 Provides: openafs-kernel = %{version}
    63 @@ -514,6 +523,7 @@
     67@@ -488,6 +501,7 @@
    6468 
    6569 %if %{krb5support}
     
    6973 Requires: openafs = %{version}
    7074 Group: Networking/Filesystems
    71 @@ -540,7 +550,7 @@
     75@@ -514,7 +528,7 @@
    7276 %if %{build_modules}
    7377 
     
    7882 %else
    7983 
    80 @@ -699,6 +709,9 @@
     84@@ -671,6 +685,15 @@
     85 #%setup -q -n %{srcdir}
     86 %setup -q -b 1 -n %{srcdir}
    8187 
    82  # Patch openafs to build a kernel module named "openafs" instead of "libafs"
    83  %patch0 -p1 -b .kmod26
     88+# Apply the Scripts patch
    8489+%patch1000 -p1 -b .scripts
    85 +%patch1003 -p1 -b .localcsdb
    86 +%patch1005 -p1 -b .numsysnames
    87  
     90+%patch1001 -p1 -b .localcsdb
     91+%patch1002 -p1 -b .systemd
     92+%patch1003 -p1 -b .systemd-crond
     93+%patch1004 -p1 -b .rcu
     94+%patch1005 -p1 -b .fsync
     95+%patch1006 -p1 -b .zalloc
     96+
    8897 ##############################################################################
    8998 #
     99 # building
     100@@ -1212,6 +1235,13 @@
     101 rm -f $RPM_BUILD_ROOT%{_libdir}/libafsrpc.so
     102 rm -f $RPM_BUILD_ROOT%{_libdir}/libafsauthent.so.*
     103 rm -f $RPM_BUILD_ROOT%{_libdir}/libafsrpc.so.*
     104+%else
     105+chmod +x $RPM_BUILD_ROOT%{_libdir}/libafsauthent.so
     106+chmod +x $RPM_BUILD_ROOT%{_libdir}/libafsrpc.so
     107+chmod +x $RPM_BUILD_ROOT%{_libdir}/libafsauthent.so.*
     108+chmod +x $RPM_BUILD_ROOT%{_libdir}/libafsrpc.so.*
     109+chmod +x $RPM_BUILD_ROOT%{_libdir}/libkopenafs.so
     110+chmod +x $RPM_BUILD_ROOT%{_libdir}/libkopenafs.so.*
     111 %endif
     112 
     113 %endif
  • trunk/server/fedora/specs/openssh.spec.patch

    r1739 r2066  
    11--- openssh.spec.orig   2010-05-31 06:20:02.000000000 -0400
    22+++ openssh.spec        2010-09-06 21:53:21.000000000 -0400
    3 @@ -74,7 +74,7 @@
     3@@ -78,7 +78,7 @@
    44 Summary: An open source implementation of SSH protocol versions 1 and 2
    55 Name: openssh
    6  Version: 5.4p1
    7 -Release: %{openssh_rel}%{?dist}%{?rescue_rel}
    8 +Release: %{openssh_rel}%{?dist}%{?rescue_rel}.scripts.%{scriptsversion}
     6 Version: %{openssh_ver}
     7-Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1
     8+Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1.scripts.%{scriptsversion}
    99 URL: http://www.openssh.com/portable.html
    1010 #URL1: http://pamsshagentauth.sourceforge.net
    1111 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
    12 @@ -88,6 +88,8 @@
     12@@ -92,6 +92,7 @@
    1313 Source3: sshd.init
    1414 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
    1515 Source5: pam_ssh_agent-rmheaders
    1616+Patch1001: openssh-4.7p1-gssapi-name-in-env.patch
    17 +Patch1002: openssh-no-spurious-correct-key-incorrect-host-messages.patch
    18  Patch0: openssh-5.4p1-redhat.patch
    19  Patch2: openssh-5.3p1-skip-initial.patch
    20  Patch4: openssh-5.2p1-vendor.patch
    21 @@ -175,6 +178,7 @@
    22  Requires(post): chkconfig >= 0.9, /sbin/service
     17
     18 Patch100: openssh-5.6p1-wIm.patch
     19 Patch0: openssh-5.6p1-redhat.patch
     20@@ -207,6 +209,7 @@
    2321 Requires(pre): /usr/sbin/useradd
    2422 Requires: pam >= 1.0.1-3
     23 Requires: fipscheck-lib%{_isa} >= 1.3.0
    2524+Provides: scripts-openssh-server
    2625 
    27  %package askpass
    28  Summary: A passphrase dialog for OpenSSH and X
    29 @@ -267,6 +271,9 @@
    30  %patch75 -p1 -b .dso
    31  %patch76 -p1 -b .bz595935
     26 %if %{ldap}
     27 %package ldap
     28@@ -323,6 +326,8 @@
     29 %patch80 -p1 -b .biguid
     30 %patch81 -p1 -b .clientloop
    3231 
    3332+%patch1001 -p1 -b .gssapi-env
    34 +%patch1002 -p1 -b .no-spurious-correct-key-incorrect-host-messages
    3533+
    3634 autoreconf
    37  
    38  %build
     35 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
     36 autoreconf
     37
  • trunk/server/fedora/specs/redland-bindings.spec.patch

    r2001 r2066  
    1 --- redland-bindings.spec       2011-10-12 14:51:58.000000000 -0400
    2 +++ redland-bindings-php.spec   2011-10-13 10:15:24.000000000 -0400
     1--- redland-bindings.spec.old   2011-10-12 14:51:58.000000000 -0400
     2+++ redland-bindings.spec       2011-10-13 10:15:24.000000000 -0400
    33@@ -1,6 +1,6 @@
    44 Name:           redland-bindings
    5  Version:        1.0.7.1
    6 -Release:        1%{?dist}
    7 +Release:        1%{?dist}.scripts.%{scriptsversion}
     5 Version:        1.0.11.1
     6-Release:        6%{?dist}
     7+Release:        6%{?dist}.scripts.%{scriptsversion}
    88 Summary:        Redland RDF Application Framework API Bindings
    99 
  • trunk/server/fedora/specs/scripts-base.spec

    r1815 r2066  
    2121Requires: scripts-openafs-krb5
    2222Requires: scripts-openssh-server
     23Requires: scripts-static-cat
     24Requires: scripts-rubygems
    2325Requires: sql-signup
    2426Requires: tokensys
  • trunk/server/fedora/specs/scripts-static-cat.spec

    r1693 r2066  
    1 # link with shared libs
    2 # andersk: Disabled for 3x faster startup speed.
    3 #%%bcond_without dynamic
    4 
    5 # ghc does not emit debug information
    6 %global debug_package %{nil}
     1# For Haskell Packaging Guidelines see:
     2# - https://fedoraproject.org/wiki/Packaging:Haskell
     3# - https://fedoraproject.org/wiki/PackagingDrafts/Haskell
    74
    85Name:           scripts-static-cat
     
    1512URL:            http://scripts.mit.edu/
    1613Source0:        %{name}.tar.gz
    17 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
    1814# fedora ghc archs:
    19 ExclusiveArch:  %{ix86} x86_64 ppc alpha
    20 BuildRequires:  ghc
     15ExclusiveArch:  %{ix86} x86_64 ppc alpha sparcv9
     16BuildRequires:  ghc-devel
     17# macros for building haskell packages
    2118BuildRequires:  ghc-rpm-macros >= 0.7.0
    2219BuildRequires:  ghc-cgi-devel >= 3001.1.8, ghc-MonadCatchIO-mtl-devel, ghc-unix-handle-devel
     
    3532
    3633%install
    37 rm -rf $RPM_BUILD_ROOT
    3834%ghc_bin_install
    39 
    40 
    41 %clean
    42 rm -rf $RPM_BUILD_ROOT
    4335
    4436
     
    4941
    5042%changelog
     43* Mon May  2 2011 Alexander Chernyakhovsky <achernya@mit.edu> - 0.0-0
     44- regenerated packaging with cabal2spec-0.22.5
     45
    5146* Thu Sep  9 2010 Anders Kaseorg <andersk@mit.edu> - 0.0-0
    5247- initial packaging for Fedora automatically generated by cabal2spec-0.22.1
  • trunk/server/fedora/specs/tokensys.spec

    r1594 r2066  
    1010BuildRoot: %{_tmppath}/%(%{__id_u} -n)-%{name}-%{version}-root
    1111%define debug_package %{nil}
    12 Prereq: /usr/kerberos/bin/kinit, /usr/bin/aklog
     12Prereq: /usr/bin/kinit, /usr/bin/aklog
     13Requires(post): systemd-units
     14Requires(preun): systemd-units
     15Requires(postun): systemd-units
     16BuildRequires: systemd-units
    1317
    1418%description
     
    1721Contains:
    1822 - A shell script for renewing the scripts AFS credentials <renew>
    19  - A crontab for calling the renew script <crontab>
     23 - A shell script for configuring scripts AFS <scripts-afsagent-startup>
     24 - systemd units for running the above
    2025See http://scripts.mit.edu/wiki for more information.
    2126
     
    2429
    2530%build
    26 ./configure --with-kinit=/usr/kerberos/bin/kinit --with-aklog=/usr/bin/aklog
     31./configure --with-kinit=/usr/bin/kinit --with-aklog=/usr/bin/aklog --with-fs=/usr/bin/fs
    2732
    2833%install
    2934[ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
    3035install -D renew $RPM_BUILD_ROOT/home/afsagent/renew
    31 install -D crontab $RPM_BUILD_ROOT/etc/cron.d/afsagent
     36install -D scripts-afsagent-startup $RPM_BUILD_ROOT/usr/local/libexec/scripts-afsagent-startup
     37install -D scripts-afsagent-startup.service $RPM_BUILD_ROOT%{_unitdir}/scripts-afsagent-startup.service
     38install -D scripts-afsagent.service $RPM_BUILD_ROOT%{_unitdir}/scripts-afsagent.service
     39install -D scripts-afsagent.timer $RPM_BUILD_ROOT%{_unitdir}/scripts-afsagent.timer
    3240
    3341%clean
     
    3543
    3644%files
    37 %defattr(0600, root, root)
    38 /etc/cron.d/afsagent
     45%defattr(0644,root,root)
     46%{_unitdir}/*.service
     47%{_unitdir}/*.timer
    3948%defattr(0755, afsagent, afsagent)
    4049/home/afsagent/renew
     50/usr/local/libexec/scripts-afsagent-startup
    4151
    4252%pre
     
    4454useradd -u 101 -g 101 afsagent || [ $? -eq 9 ]
    4555
     56%post
     57/bin/systemctl enable scripts-afsagent-startup.service >/dev/null 2>&1 || :
     58/bin/systemctl enable scripts-afsagent.service >/dev/null 2>&1 || :
     59/bin/systemctl enable scripts-afsagent.timer >/dev/null 2>&1 || :
     60
     61if [ $1 -eq 1 ] ; then
     62    # Initial installation
     63    /bin/systemctl daemon-reload >/dev/null 2>&1 || :
     64fi
     65
     66%preun
     67if [ $1 -eq 0 ] ; then
     68    # Package removal, not upgrade
     69    /bin/systemctl --no-reload disable scripts-afsagent-startup.service > /dev/null 2>&1 || :
     70    /bin/systemctl --no-reload disable scripts-afsagent.service > /dev/null 2>&1 || :
     71    /bin/systemctl --no-reload disable scripts-afsagent.timer > /dev/null 2>&1 || :
     72    /bin/systemctl stop scripts-afsagent-startup.service > /dev/null 2>&1 || :
     73    /bin/systemctl stop scripts-afsagent.service > /dev/null 2>&1 || :
     74    /bin/systemctl stop scripts-afsagent.timer > /dev/null 2>&1 || :
     75fi
     76
    4677%postun
     78/bin/systemctl daemon-reload >/dev/null 2>&1 || :
     79if [ $1 -ge 1 ] ; then
     80    # Package upgrade, not uninstall
     81    /bin/systemctl try-restart scripts-afsagent.service >/dev/null 2>&1 || :
     82fi
     83
    4784if [ "$1" = "0" ] ; then
    4885   userdel -r afsagent
     
    5087
    5188%changelog
     89* Mon Nov 21 2011  Quentin Smith <quentin@mit.edu>
     90- add systemd units
     91- remove crontab
     92
    5293* Tue Aug 17 2010  Geoffrey Thomas <geofft@mit.edu>
    5394- aklog csail as well
  • trunk/server/fedora/specs/whoisd.spec

    r927 r2066  
    1 Summary:        whoisd for <scripts.mit.edu> (virtualhost aware)
    2 Group:                  Applications/System
    3 Name:           whoisd
    4 Version:        0.%{scriptsversion}
    5 Release:        0
    6 Vendor:                 The scripts.mit.edu Team (scripts@mit.edu)
    7 URL:                    http://scripts.mit.edu
    8 License:        GPL
    9 Source0:        %{name}.tar.gz
    10 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
     1Summary:   whoisd for <scripts.mit.edu> (virtualhost aware)
     2Group:     Applications/System
     3Name:      whoisd
     4Version:   0.%{scriptsversion}
     5Release:   1
     6Vendor:    The scripts.mit.edu Team (scripts@mit.edu)
     7URL:       http://scripts.mit.edu
     8License:   GPL
     9Source0:   %{name}.tar.gz
     10
    1111%define debug_package %{nil}
    1212
    13 #BuildRequires:  make
    14 Requires:       python-twisted-core
     13Requires:      python-twisted-core
     14BuildRequires: systemd-units
     15
     16Requires(post):   systemd-units
     17Requires(preun):  systemd-units
     18Requires(postun): systemd-units
     19Requires(post):   systemd-sysv
    1520
    1621%description
     
    2429
    2530%install
    26 [ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
    2731make install DESTDIR=$RPM_BUILD_ROOT exec_prefix=/usr/local
    2832
    29 %clean
    30 [ $RPM_BUILD_ROOT != / ] && rm -rf $RPM_BUILD_ROOT
     33%post
     34if [ $1 -eq 1 ] ; then
     35    # Initial installation
     36    /bin/systemctl enable scripts-whoisd.service >/dev/null 2>&1 || :
     37fi
     38
     39%preun
     40if [ $1 -eq 0 ]; then
     41    /bin/systemctl --no-reload disable scripts-whoisd.service >/dev/null 2>&1 || :
     42    /bin/systemctl stop scripts-whoisd.service > /dev/null 2>&1 || :
     43fi
     44
     45%postun
     46/bin/systemctl daemon-reload >/dev/null 2>&1 || :
     47if [ $1 -ge 1 ]; then
     48    /bin/systemctl try-restart scripts-whoisd.service >/dev/null 2>&1 || :
     49fi
    3150
    3251%files
    3352%defattr(0644,root,root,-)
    3453/usr/local/libexec/whoisd.tac
    35 %defattr(0600,root,root)
    36 /etc/cron.d/whoisd
     54%defattr(0644,root,root)
     55/lib/systemd/system/scripts-whoisd.service
    3756
    3857%changelog
     58* Thu Aug 25 2011 Alexander Chernyakhovsky <achernya@mit.edu> 0-1
     59- package systemd service file
    3960
    4061* Tue Jun 03 2008 Joe Presbrey <presbrey@mit.edu> 0.00
  • trunk/server/fedora/specs/zephyr.spec

    r1693 r2066  
    11Name:           zephyr
    2 Version:        3.0
     2Version:        3.0.1
    33Release:        0.%{scriptsversion}%{?dist}
    44Summary:        Client programs for the Zephyr real-time messaging system
     
    7171make %{?_smp_mflags}
    7272
    73 
    7473%install
    7574rm -rf $RPM_BUILD_ROOT
     
    8079install -m755 zhm.init \
    8180        $RPM_BUILD_ROOT%{_initddir}/zhm
    82 
     81# Make RPM's Provide: searcher actually search the .so files! A recent
     82# change in how RPM detects Provides automatically means that only
     83# files that are executable get searched. Without this hack, all of
     84# the zephyr client tools are Requires: libzephyr.so.4 which is never
     85# Provides:, leading to uninstallable RPMS. This can be removed when
     86# zephyr starts installing the libraries with mode 755 rather than
     87# 644. (Zephyr #79)
     88chmod a+x $RPM_BUILD_ROOT%{_libdir}/libzephyr.so.*
    8389
    8490%post
     
    139145
    140146%changelog
     147* Sat Apr 16 2011 Alexander Chernyakhovsky <achernya@mit.edu> 3.0.1-0
     148- Zephyr 3.0.1
     149
    141150* Sun Sep 19 2010 Anders Kaseorg <andersk@mit.edu> - 3.0-0
    142151- Decrease version below a hypothetical Fedora package.
Note: See TracChangeset for help on using the changeset viewer.