Commit 195f20cc authored by anarcat's avatar anarcat

Merge branch 'debian' into 6.x-1.x

parents 0ce5c6ea 6d20fb6c
build-area
Aegir for Debian
----------------
This is part of the Aegir suite. This package takes care of installing
the provision file in the proper location so it's seen by Drush and sets
up some directories and the aegir user. Once this package is installed,
the frontend can be installed with the aegir-hostmaster package, or
the following command:
su -u aegir -c 'drush hostmaster-install'
Aegir is installed under /var/aegir. I haven't gone through the trouble
of separating the directories to follow the FHS, as Aegir doesn't
support this well yet.
To migrate to this package, you need to first remove
/var/aegir/.drush/provision (this package will stop processing if it
finds it), then install the package, which should find the necessary
aliases and goods to do its own hostmaster-migrate. This procedure
will only work from 0.4-alpha9 and above:
rm -rf /var/aegir/.drush/provision
apt-get install aegir-provision
-- Antoine Beaupré <anarcat@koumbit.org>, Wed, 24 Nov 2010 02:40:34 -0500
Here are the parts missing in this package.
Critical stuff
==============
This shouldn't be used or published until this is fixed.
* (nil)
Debian policy compliance issues
===============================
* comply with the FHS by not installing in /var/aegir (that is the
sole lintian override we have)
the proper way to do this is to follow the webapps policies:
http://webapps-common.alioth.debian.org/draft/html/
* respect the PHP policy:
http://webapps-common.alioth.debian.org/draft-php/html/
* do not duplicate code with Drupal, to respect section 4.13 of the
policy: "Debian packages should not make use of these [...] copies
unless the included package is explicitly intended to be used in
this way. If the included code is already in the Debian archive in
the form of a library, the Debian packaging should ensure that
binary packages reference the libraries already in Debian and the
convenience copy is not used. If the included code is not already
in Debian, it should be packaged separately as a prerequisite if
possible." The main reason for this is that "Having multiple copies
of the same code in Debian is inefficient, often creates either
static linking or shared library conflicts, and, most importantly,
increases the difficulty of handling security vulnerabilities in
the duplicated code."
How to handle the drupal6 package code duplication
--------------------------------------------------
It could be argued that this is not necessary, as "the included
package is explicitely intended to be used this way": one could say
that Drupal is *not* intended to be installed system-wide and that it
is OK to create third-party distributions by copying the code of the
Drupal core.
One could also argue that we don't actually *ship* Drupal in the
package, but merely manage copies of the code, the same way the
flashplugin-nonfree package operates. This is the approach we are
currently taking.
But let's say for the sake of argument that we need to comply with
section 4.13, how the heck do we do this?
Daniel Kahn Gillmor (dkg) suggested two alternative approaches for
this problem. One is the "trac" package approach, where no instance of
trac is setup on install, and the admin has to create its own
instances with provided scripts. On upgrade, the instances are not
upgraded and the admin has to upgrade the databases manually. The
instances however, already use the new provided code.
The second approach is the way the postgresql package works. When
postgresql is installed, it sets up a new instance automatically and
then on *minor* upgrades, that instance is automatically updated. On
major upgrades, those instances are not touched and the admin has to
manually perform the upgrade.
This would mean that we would make a Debian package to ship the
hostmaster code within /usr/share/drupal6/profiles directory. We would
then create a "platform" out of the drupal6 directory and install the
Aegir frontend in there. When Drupal6 would get upgraded, we would run
drush updatedb directly in there instead of our regular
hostmaster-migrate, which would be used only for major (Aegir 1.0 ->
2.0, which updates to drupal7, for example) upgrades. The biggest
problem I see with this is that then the drupal6 package could be
upgraded without Aegir's knowledge and updatedb wouldn't be ran.
This also seems like a significant amount of work.
Nice to have stuff
==================
* deal with /var/aegir after purge?
* use a minimal rules file:
/usr/share/doc/debhelper/examples/rules.tiny
* sign the md5s of hostmaster and friends so we have a trust path in
the packaging again
#! /bin/sh
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ]; then
set -x
fi
db_input high aegir/master_ssh_key || true
db_input high aegir/master_mountpoint || true
db_go
var/aegir
var/aegir/config
var/aegir/platforms
#!/bin/sh
# postinst script for provision
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ]; then
set -x
fi
# when changing this, change the regex in the sed replacement below
VARLIB="/var/aegir"
case "$1" in
configure)
# add a aegir user if one does not already exist
if ! getent passwd aegir >/dev/null ; then
echo "adding aegir user..."
adduser --quiet --system --no-create-home --group \
--home "$VARLIB" \
--shell '/bin/bash' \
--gecos 'Aegir user,,,' \
aegir
fi
adduser --quiet aegir www-data
if [ -d /etc/sudoers.d ]; then
ucf --debconf-ok /usr/share/doc/aegir-cluster-slave/examples/example.sudoers /etc/sudoers.d/aegir
ucfr aegir-provision /etc/sudoers.d/aegir
chmod 440 /etc/sudoers.d/aegir
else
echo "running an older version of sudo"
echo "copy content of /usr/share/doc/aegir-provision/examples/example.sudoers into /etc/sudoers for aegir to run properly"
fi
# fix permissions on installed directories
chown aegir:aegir "$VARLIB" "$VARLIB/config"
# make sure we have apache configs settled in, for remote headless aegir servers
touch $VARLIB/config/apache.conf
chown aegir:aegir "$VARLIB/config/apache.conf"
ln -sf $VARLIB/config/apache.conf /etc/apache2/conf.d/aegir.conf
a2enmod ssl rewrite
apache2ctl graceful
db_get "aegir/master_ssh_key"
SSH_KEY="$RET"
if ! [ -z "$SSH_KEY" ]; then
if ! grep -q "$SSH_KEY" $VARLIB/.ssh/authorized_keys; then
mkdir -p $VARLIB/.ssh
echo "$SSH_KEY" >> $VARLIB/.ssh/authorized_keys
chown aegir:aegir $VARLIB/.ssh $VARLIB/.ssh/authorized_keys
chmod 700 $VARLIB/.ssh
chmod 600 $VARLIB/.ssh/authorized_keys
fi
fi
db_get "aegir/master_mountpoint"
MOUNT="$RET"
if ! [ -z "$MOUNT" ]; then
if grep -q "$VARLIB/platforms" /etc/fstab ; then
if ! grep -q "$MOUNT.*$VARLIB/platforms" /etc/fstab ; then
sed -i.dpkg-orig "/\/var\\/aegir\\/platforms/s#^.*\$#$MOUNT $VARLIB/platforms nfs rw 0 0#" /etc/fstab
echo "installed new fstab, original kept in /etc/fstab.dpkg-orig"
echo "for the changes to take effect, the $VARLIB/platforms directory need to be remounted"
echo "this may require a reboot"
fi
else
cp /etc/fstab /etc/fstab.dpkg-orig
echo "$MOUNT $VARLIB/platforms nfs rw 0 0" >> /etc/fstab
echo "installed new fstab, original kept in /etc/fstab.dpkg-orig"
fi
if ! mount | grep -q $VARLIB/platforms; then
mount $VARLIB/platforms
fi
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#!/bin/sh
# postrm script for provision
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postrm> `remove'
# * <postrm> `purge'
# * <old-postrm> `upgrade' <new-version>
# * <new-postrm> `failed-upgrade' <old-version>
# * <new-postrm> `abort-install'
# * <new-postrm> `abort-install' <old-version>
# * <new-postrm> `abort-upgrade' <old-version>
# * <disappearer's-postrm> `disappear' <overwriter>
# <overwriter-version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ] ; then
set -x
fi
case "$1" in
purge)
# delete the aegir user
# http://wiki.debian.org/AccountHandlingInMaintainerScripts
if which deluser >/dev/null 2>&1 ; then
deluser --quiet --system aegir > /dev/null || true
else
echo >&2 "not removing aegir system account because deluser command was not found"
fi
# unregister sudo config file
ucf --purge /etc/sudoers.d/aegir
rm -f /etc/sudoers.d/aegir
rm -f /var/aegir/config/apache.conf
db_get "aegir/master_ssh_key"
SSH_KEY="$RET"
sed -i.dpkg-orig "s#$SSH_KEY##" /var/aegir/.ssh/authorized_keys
sed -i.dpkg-orig '/\/var\/aegir\/platforms/d' /etc/fstab
;;
remove|upgrade|abort-install|disappear)
# now all in prerm
;;
abort-upgrade|failed-upgrade)
# nothing to do here, especially: don't remove the configs!!
true
;;
*)
echo "postrm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#!/bin/sh
# prerm script for #PACKAGE#
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <prerm> `remove'
# * <old-prerm> `upgrade' <new-version>
# * <new-prerm> `failed-upgrade' <old-version>
# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
# * <deconfigured's-prerm> `deconfigure' `in-favour'
# <package-being-installed> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
case "$1" in
remove|upgrade|deconfigure)
# unregister apache config
( rm /etc/apache2/conf.d/aegir.conf > /dev/null 2>&1 && invoke-rc.d apache2 force-reload ) || true
umount /var/aegir/platforms || true
;;
failed-upgrade)
;;
*)
echo "prerm called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
Template:aegir/master_ssh_key
Type: string
Description: Public SSH key of the master server
This is the public SSH key of the Aegir user on the master server.
.
If this is changed, it will simply be *added* to the
/var/aegir/.ssh/authorized_keys file, the previous key will not be
removed.
.
If this is left empty, no key will be added to that file.
Template:aegir/master_mountpoint
Type: string
Description: Mountpoint of the master server
Enter here the location of the remote filesystem the slave should
mount. This should look something like this:
.
master.example.com:/var/aegir/platforms
.
This will be mounted to /var/aegir/platforms.
.
Enter nothing if you do not want this package to meddle with your
/etc/fstab.
#! /bin/sh
set -e
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ] || [ ! -z "$DEBUG" ]; then
set -x
fi
if su -s /bin/sh aegir -c 'drush @hostmaster status' 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then
# there's already an install, do not go around asking silly questions
db_fget aegir/makefile "seen" || true
if [ "$RET" = "false" ]; then
# ... except if that makefile question was never asked, in
# which case we're probably upgrading from a custom install,
# so we need to ask for the custom install makefile
db_fset aegir/makefile "seen" "false" || true
db_input medium aegir/makefile || true
db_go
fi
exit 0
fi
db_input medium aegir/email ||true
db_input high aegir/site || true
db_get aegir/email
if [ -z "$RET" ]; then
db_set aegir/email "aegir@`hostname -f`"
fi
db_get aegir/site
if [ -z "$RET" ]; then
db_set aegir/site `hostname -f`
fi
db_input low aegir/makefile || true
db_input low aegir/db_host || true
db_input low aegir/db_user || true
# if we got here, it means aegir is not installed and we forgot the
# root password, ask for it again
db_fset aegir/db_password "seen" "false" || true
db_input high aegir/db_password || true
db_go
#!/bin/sh
# postinst script for hostmaster
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ] || [ ! -z "$DEBUG" ]; then
set -x
fi
VARLIB="/var/aegir"
case "$1" in
configure)
# fetch the version number from the makefile. the line we're looking for looks like this
# projects[hostmaster][download][url] = "http://files.aegirproject.org/hostmaster-0.4-beta1.tgz"
# this obviously doesn't work for git releases
VERSION=`sed -n '/^version/{s/^.*= *//;p}' /usr/share/drush/commands/provision/provision.info`
FLAGS="--yes"
if [ "$DPKG_DEBUG" = "developer" ] || [ ! -z "$DEBUG" ]; then
FLAGS="$FLAGS --debug"
fi
db_get "aegir/makefile"
if [ ! -z "$RET" ]; then
FLAGS="$FLAGS --makefile='$RET'"
fi
TEMPFILE=`tempfile`
su -s /bin/sh aegir -c 'drush --pipe @hostmaster status | egrep "site_uri|drupal_root"' >> $TEMPFILE || true
if grep -q 'site_uri' $TEMPFILE; then
db_stop
. $TEMPFILE
echo "Aegir frontend (@hostmaster) site detected in $drupal_root"
# make those paths canonical to make sure we can compare correctly
NEW_PLATFORM=`readlink -f "$VARLIB/hostmaster-$VERSION"`
drupal_root=`readlink -f $drupal_root`
if [ -d "$NEW_PLATFORM" ] && [ "$drupal_root" = "$NEW_PLATFORM" ]; then
echo "it seems to be the same version as the one we're trying to install, not upgrading"
else
# get the platform alias before we upgrade
# ugly, but not accessible programatically
platform=`sed -n "/platform/{s/^.* => '//;s/'.*$//;p}" $VARLIB/.drush/hostmaster.alias.drushrc.php`
echo "upgrading the frontend from $drupal_root to $NEW_PLATFORM"
cd "$drupal_root"
su -s /bin/sh aegir -c "drush hostmaster-migrate $FLAGS '$site_uri' '$NEW_PLATFORM'"
echo "upgrade finished, old platform $platform left in $drupal_root"
fi
else
db_get "aegir/site"
if [ ! -z "$RET" ]; then
site_uri="$RET"
fi
db_get "aegir/db_host"
AEGIR_DB_HOST="$RET"
db_get "aegir/db_user"
AEGIR_DB_USER="$RET"
db_get "aegir/db_password"
AEGIR_DB_PASS="$RET"
db_get "aegir/email"
EMAIL="$RET"
db_go
db_reset aegir/db_password || true
db_fset aegir/db_password "seen" "true" || true
db_stop
if [ -d $VARLIB/.drush/provision ]; then
echo "existing provision in $VARLIB/.drush/provision detected, move away and try again"
exit 1
fi
echo "installing the Aegir frontend (Drupal with the hostmaster profile), please wait..."
# pass data through JSON
su aegir -c "cd $VARLIB && drush hostmaster-install $FLAGS --backend $site_uri | drush backend-parse" <<EOF
{ "yes": 1,
"version": "$VERSION",
"aegir_db_host": "$AEGIR_DB_HOST",
"aegir_db_user": "$AEGIR_DB_USER",
"aegir_db_pass": "$AEGIR_DB_PASS",
"client_email": "$EMAIL"
}
EOF
fi
rm -f $TEMPFILE
# this will ensure that this script aborts if the site can't be bootstrapped
if su -s /bin/sh aegir -c 'drush @hostmaster status' 2>&1 | grep -q 'Drupal bootstrap.*Successful'; then
echo 'Aegir frontend bootstrap correctly, operation was a success!'
else
echo 'Aegir frontend failed to bootstrap, something went wrong!'
echo 'Look at the log above for clues or run with DPKG_DEBUG=developer'
exit 1
fi
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
Template:aegir/site
Type: string
Description: URL of the hostmaster frontend:
This is the main URL under which Aegir will be controlled. A Virtual
Host and Drupal website with the Aegir frontend modules
("hostmaster") will be created for that domain.
.
Leave empty to use the default (the domain of this machine).
Template:aegir/db_host
Type: string
Default: localhost
Description: Database server hostname:
This is the hostname at which the database server is available.
Template:aegir/db_user
Type: string
Default: root
Description: Database server user:
This should be a root MySQL user.
Template:aegir/db_password
Type: password
Description: Database server password:
The password for the root MySQL user.
Template:aegir/email
Type: string
Description: Main client email:
This is the email that will receive confirmations for created sites and so on.
Template:aegir/makefile
Type: string
Description: Makefile used to create the platform:
The makefile passed to drush_make to create the hostmaster
platform. Note that this needs specific modules and profiles for the
frontend to work correctly, be careful in changing this from the
default.
.
If this is left empty, Aegir will use its internal makefile.
usr/share/drush/commands/provision
var/aegir
var/aegir/config
usr/share/lintian/overrides
example.sudoers
example
aegir-provision: non-standard-dir-in-var var/aegir/
#!/bin/sh
# postinst script for provision
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <postinst> `abort-remove'
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
# Source debconf library.
. /usr/share/debconf/confmodule
if [ "$DPKG_DEBUG" = "developer" ] || [ ! -z "$DEBUG" ]; then
set -x
fi
VARLIB="/var/aegir"
case "$1" in
configure)
# add a aegir user if one does not already exist
if ! getent passwd aegir >/dev/null ; then
echo "adding aegir user..."
adduser --quiet --system --no-create-home --group \
--home "$VARLIB" \
--shell '/bin/bash' \
--gecos 'Aegir user,,,' \
aegir
fi
adduser --quiet aegir www-data
if [ -d /etc/sudoers.d ]; then
ucf --debconf-ok /usr/share/doc/aegir-provision/examples/example.sudoers /etc/sudoers.d/aegir
ucfr aegir-provision /etc/sudoers.d/aegir
chmod 440 /etc/sudoers.d/aegir
else
echo "running an older version of sudo"
echo "copy content of /usr/share/doc/aegir-provision/examples/example.sudoers into /etc/sudoers for aegir to run properly"
fi
# fix permissions on installed directories
chown aegir:aegir "$VARLIB" "$VARLIB/config"
# make sure we have apache configs settled in, for remote headless aegir servers
touch $VARLIB/config/apache.conf
chown aegir:aegir "$VARLIB/config/apache.conf"
ln -sf $VARLIB/config/apache.conf /etc/apache2/conf.d/aegir.conf
a2enmod ssl rewrite
apache2ctl graceful
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts.
#DEBHELPER#
exit 0
#!/bin/sh
# postrm script for provision
#
# see: dh_installdeb(1)