From 6d136c491b40cab368d8cff6e59de2e645b85310 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Mon, 10 Mar 2008 11:39:12 -0700 Subject: [PATCH 1/7] * Bah. Not perfect but we need to get an rpm out. --- fas/setup.py | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) diff --git a/fas/setup.py b/fas/setup.py index 542a93c..9834e0c 100644 --- a/fas/setup.py +++ b/fas/setup.py @@ -66,22 +66,45 @@ class Build(_build, object): f.close() super(Build, self).run() +### FIXME: This method breaks eggs. +# Unfortunately, instead of eggs being built by putting together package *.py +# files and data sanely at the last minute, they are built by putting them +# together in the build step. This makes it extremely hard to put the +# separate pieces together in different places depending on what type of +# install we're doing. +# +# We can work around this by using package_data for static as eggs expect and +# then overriding install to install static in the correct place. +# +# Eventually someone needs to rewrite egg generation to tag files into +# separate groups (module, script, data, documentation, test) and put them +# into the final package format in the correct place. +# +# For some reason, the install-data switch also doesn't propogate to the build +# script. So if we invoke install without --skip-build the app.cfg that is +# installed is also broken. Grr.... + class InstallData(_install_data, object): def finalize_options(self): '''Override to emulate setuptools in the default case. install_data => install_dir ''' - print 'DEBUG:', self.install_dir, '#' + self.temp_lib = None + self.temp_data = None + self.temp_prefix = None haveInstallDir = self.install_dir self.set_undefined_options('install', - ('install_lib', 'install_dir'), + ('install_data', 'temp_data'), + ('install_lib', 'temp_lib'), + ('prefix', 'temp_prefix'), ('root', 'root'), ('force', 'force'), ) - if not haveInstallDir: - # We set this above, now we need to add the module subdirectory to - # make it truly correct. - self.install_dir = os.path.join(self.install_dir, 'fas') + if not self.install_dir: + if self.temp_data == self.root + self.temp_prefix: + self.install_dir = os.path.join(self.temp_lib, 'fas') + else: + self.install_dir = self.temp_data setup( name=NAME, From 54d2f3591c1c0d9b482b25ccd82c735816f2fb13 Mon Sep 17 00:00:00 2001 From: Toshio Kuratomi Date: Mon, 10 Mar 2008 12:24:21 -0700 Subject: [PATCH 2/7] * Initial spec file. Update TODO with setup.py problems we have to work around in the spec file. --- fas/TODO | 6 +++++ fas/fas.spec | 71 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 fas/fas.spec diff --git a/fas/TODO b/fas/TODO index d0f9c65..a8e9669 100644 --- a/fas/TODO +++ b/fas/TODO @@ -6,3 +6,9 @@ Nice-to-have things: * fas/group.py: Easy searching within groups (and sponsor/admin interface) * fas/aliases.py: An easy interface to manage mail aliases + + * setup.py: + - Fix installing in all scenarios: bdist_egg, install, and + install --install-data='/usr/share/fas' + - Install fas.cfg + - Install start-fas to the correct directory diff --git a/fas/fas.spec b/fas/fas.spec new file mode 100644 index 0000000..32f7756 --- /dev/null +++ b/fas/fas.spec @@ -0,0 +1,71 @@ +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} + +Name: fas +Version: 0.1 +Release: 1%{?dist} +Summary: Fedora Account System + +Group: Development/Languages +License: GPLv2 +URL: https://fedorahosted.org/fas2/ +Source0: https://fedorahosted.org/releases/f/e/fedora-infrastructure/ +BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) + +BuildArch: noarch +BuildRequires: python-devel +BuildRequires: setuptools-devel +Requires: TurboGears >= 1.0.4 +Requires: python-sqlalchemy >= 0.4 +Requires: python-turbomail +Requires: python-fedora-infrastructure >= 0.2.99.2 + +%description +The Fedora Account System is a web application that manages the accounts of +Fedora Project Contributors. It's built in TurboGears and comes with a json +API for querying against remotely. + +The python-fedora-infrastructure package has a TurboGears identity provider +that works with the Account System. + +%package clients +Summary: Clients for the Fedora Account System +Group: Applications/System +Requires: python-fedora +Requires: rhpl + +%description -n clients +Additional scripts that work as clients to the accounts system. + +%prep +%setup -q + + +%build +%{__python} setup.py build --install-data='%{_datadir}/fas' + +%install +rm -rf $RPM_BUILD_ROOT +%{__python} setup.py install -O1 --skip-build --install-data='%{_datadir}/fas' --root $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT%{_sbindir} +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir} +mv $RPM_BUILD_ROOT%{_bindir}/start-fas $RPM_BUILD_ROOT%{_sbindir} +# Unreadable by others because it's going to contain a database password. +install -m 0600 fas.cfg $RPM_BUILD_ROOT%{_sysconfdir} + +%clean +rm -rf $RPM_BUILD_ROOT + + +%files +%defattr(-,root,root,-) +%doc README TODO COPYING fas2.sql +%{python_sitelib}/* +%{_sbindir}/start-fas +%config(noreplace) %{_sysconfdir}/* + +%files -n clients +%{_bindir}/* + +%changelog +* Mon Mar 10 2008 Toshio Kuratomi - 0.1-1 +- Initial Build. From aeb9bb514226a973e70face021e5ce7aee11a39b Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Mon, 10 Mar 2008 15:29:58 -0400 Subject: [PATCH 3/7] Fix http/https problem on pt3. --- fas/fas.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fas/fas.cfg b/fas/fas.cfg index 7328608..e557ea0 100644 --- a/fas/fas.cfg +++ b/fas/fas.cfg @@ -83,7 +83,7 @@ tg.strict_parameters = True server.webpath='/accounts' base_url_filter.on = True base_url_filter.use_x_forwarded_host = True -base_url_filter.base_url = "http://localhost:8088/accounts" +base_url_filter.base_url = "https://publictest3.fedoraproject.org/accounts" # Make the session cookie only return to the host over an SSL link # Disabled for testing. From bfed13e28790c29b502b328ababdfd18704495d5 Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Mon, 10 Mar 2008 15:33:11 -0400 Subject: [PATCH 4/7] Hopefully, this will fix that password change problem. --- fas/fas/model.py | 1 + 1 file changed, 1 insertion(+) diff --git a/fas/fas/model.py b/fas/fas/model.py index 4664b5c..6305726 100644 --- a/fas/fas/model.py +++ b/fas/fas/model.py @@ -487,6 +487,7 @@ mapper(BugzillaQueue, BugzillaQueueTable, properties = { mapper(Requests, RequestsTable, properties = { 'person': relation(People, backref='requests') }) +mapper(Log, LogTable) # TurboGears Identity mapper(Visit, visits_table) From f702604cbfd50fdee713a3f60f743fe721b05eca Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Mon, 10 Mar 2008 15:35:41 -0400 Subject: [PATCH 5/7] Change test password for pt3. --- fas/fas.cfg | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fas/fas.cfg b/fas/fas.cfg index e557ea0..f97e224 100644 --- a/fas/fas.cfg +++ b/fas/fas.cfg @@ -52,7 +52,7 @@ mail.encoding = 'utf-8' # If you have sqlite, here's a simple default to get you started # in development -sqlalchemy.dburi="postgres://fedora:bunbunbun@localhost/fas2" +sqlalchemy.dburi="postgres://fedora:test@localhost/fas2" sqlalchemy.echo=True # if you are using a database or table type without transactions From da40376e02c5fe242b83dc95f72d4936b1081456 Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Mon, 10 Mar 2008 16:05:57 -0400 Subject: [PATCH 6/7] Kill import * --- fas/fas/user.py | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/fas/fas/user.py b/fas/fas/user.py index 08b0ffc..cf8bb4e 100644 --- a/fas/fas/user.py +++ b/fas/fas/user.py @@ -12,12 +12,14 @@ import StringIO import crypt import random import subprocess +from OpenSSL import crypto from fas.model import People from fas.model import PersonEmails from fas.model import EmailPurposes from fas.model import Log +from fas import openssl_fas from fas.auth import * #from fas.user_email import Email, NonFedoraEmail @@ -491,22 +493,21 @@ Please go to https://admin.fedoraproject.org/fas/ to change it. @identity.require(turbogears.identity.not_anonymous()) @expose(template="genshi-text:fas.templates.user.cert", format="text", content_type='text/plain; charset=utf-8') def gencert(self): - from fas.openssl_fas import * username = turbogears.identity.current.user_name person = People.by_username(username) person.certificate_serial = person.certificate_serial + 1 - pkey = createKeyPair(TYPE_RSA, 1024); + pkey = openssl_fas.createKeyPair(openssl_fas.TYPE_RSA, 1024); digest = config.get('openssl_digest') expire = config.get('openssl_expire') cafile = config.get('openssl_ca_file') - cakey = retrieve_key_from_file(cafile) - cacert = retrieve_cert_from_file(cafile) + cakey = openssl_fas.retrieve_key_from_file(cafile) + cacert = openssl_fas.retrieve_cert_from_file(cafile) - req = createCertRequest(pkey, digest=digest, + req = openssl_fas.createCertRequest(pkey, digest=digest, C=config.get('openssl_c'), ST=config.get('openssl_st'), L=config.get('openssl_l'), @@ -516,7 +517,7 @@ Please go to https://admin.fedoraproject.org/fas/ to change it. emailAddress=person.emails['primary'], ) - cert = createCertificate(req, (cacert, cakey), person.certificate_serial, (0, expire), digest='md5') + cert = openssl_fas.createCertificate(req, (cacert, cakey), person.certificate_serial, (0, expire), digest='md5') certdump = crypto.dump_certificate(crypto.FILETYPE_PEM, cert) keydump = crypto.dump_privatekey(crypto.FILETYPE_PEM, pkey) return dict(cert=certdump, key=keydump) From ffa2fce72487f2ab7c6a1da43fe0448d7a80e55c Mon Sep 17 00:00:00 2001 From: Ricky Zhou Date: Mon, 10 Mar 2008 16:11:32 -0400 Subject: [PATCH 7/7] Just in case. --- fas/fas/auth.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/fas/fas/auth.py b/fas/fas/auth.py index fad4a96..b6b0a9f 100644 --- a/fas/fas/auth.py +++ b/fas/fas/auth.py @@ -20,8 +20,8 @@ def isAdmin(person): else: return False except KeyError: - print '%s - Your admin group could not be found!' % admingroup return False + return False def canAdminGroup(person, group): ''' @@ -81,6 +81,7 @@ def signedCLAPrivs(person): return False except KeyError: return False + return False def clickedCLAPrivs(person): ''' @@ -94,6 +95,7 @@ def clickedCLAPrivs(person): return False except KeyError: return False + return False def canEditUser(person, target): '''