commit fef2e2abed21c0a7238e7824d3e733eb379244cb Author: Ximin Luo infinity0@gmx.com Date: Fri Sep 13 15:09:13 2013 +0100

populate /etc/flashproxy during post-install, including generating keys --- facilitator/INSTALL | 8 +++++++ facilitator/Makefile.am | 38 +++++++++++++++++++++++++++++---- facilitator/conf/fp-facilitator | 27 ----------------------- facilitator/conf/reg-email.pass | 3 +++ facilitator/configure.ac | 1 + facilitator/doc/facilitator-howto.txt | 18 +--------------- facilitator/examples/fp-facilitator | 27 +++++++++++++++++++++++ 7 files changed, 74 insertions(+), 48 deletions(-)

diff --git a/facilitator/INSTALL b/facilitator/INSTALL index b6e0882..34004f4 100644 --- a/facilitator/INSTALL +++ b/facilitator/INSTALL @@ -16,6 +16,14 @@ It also installs System V init files to /etc/init.d/. The pre/post-install scripts create a user for the daemon to as, and sets up the initscripts in the default system runlevels.

+They also generate a RSA key in /etc/flashproxy/reg-daemon.{key,pub}. +You will have to edit flashproxy-reg-email (in the client package) and +copy the contents of reg-daemon.pub into the appropriate place. +TODO(infinity0): find a better solution for this. + +You should also edit /etc/flashproxy/reg-email.pass to contain your +app-specific Gmail password; see doc/gmail-setup.txt for instructions. + Uninstall.

# make pre-remove uninstall post-remove diff --git a/facilitator/Makefile.am b/facilitator/Makefile.am index 200053a..44c0442 100644 --- a/facilitator/Makefile.am +++ b/facilitator/Makefile.am @@ -4,6 +4,8 @@ fpfacilitatoruser = @fpfacilitatoruser@ initscriptdir = $(sysconfdir)/init.d exampledir = $(docdir)/examples appenginedir = $(pkgdatadir)/appengine +pkgconfdir = $(sysconfdir)/flashproxy +appengineconfdir = $(pkgconfdir)/reg-appengine

# automake PLVs

@@ -11,8 +13,9 @@ dist_bin_SCRIPTS = facilitator facilitator-email-poller facilitator-reg-daemon f initscript_SCRIPTS = init.d/facilitator init.d/facilitator-email-poller init.d/facilitator-reg-daemon

dist_doc_DATA = doc/appengine-howto.txt doc/facilitator-howto.txt doc/gmail-howto.txt README -dist_example_DATA = conf/fp-facilitator +dist_example_DATA = examples/fp-facilitator conf/reg-email.pass dist_appengine_DATA = appengine/app.yaml appengine/config.go appengine/fp-reg.go appengine/README +appengineconf_DATA = appengine/config.go

dist_TESTS = facilitator-test

@@ -33,6 +36,7 @@ pre-install: which adduser >/dev/null 2>&1 && \ adduser --quiet \ --system \ + --group \ --disabled-password \ --home $(sysconfdir)/flashproxy \ --no-create-home \ @@ -45,24 +49,50 @@ pre-install: --shell /bin/false \ $(fpfacilitatoruser) ; }

-post-install: +post-install-secrets: + install -m 600 /dev/null $(pkgconfdir)/reg-daemon.key + openssl genrsa 2048 | tee $(pkgconfdir)/reg-daemon.key | \ + openssl rsa -pubout > $(pkgconfdir)/reg-daemon.pub + install -m 600 $(exampledir)/reg-email.pass $(pkgconfdir)/reg-email.pass + chown $(fpfacilitatoruser): $(pkgconfdir)/reg-daemon.key + chown $(fpfacilitatoruser): $(pkgconfdir)/reg-email.pass + +post-install-symlinks: + for i in fp-reg.go app.yaml README; do \ + $(LN_S) -f $(appenginedir)/$$i $(appengineconfdir)/$$i; \ + done + +post-install-daemon: for i in facilitator facilitator-email-poller facilitator-reg-daemon; do \ update-rc.d $$i defaults; \ invoke-rc.d $$i start; \ done

-pre-remove: +post-install: post-install-secrets post-install-symlinks post-install-daemon + +pre-remove-daemon: for i in facilitator facilitator-email-poller facilitator-reg-daemon; do \ invoke-rc.d $$i stop; \ done

+pre-remove-symlinks: + rm -rf $(appengineconfdir) + +pre-remove-secrets: + rm -f $(pkgconfdir)/reg-* + +pre-remove: pre-remove-daemon pre-remove-symlinks pre-remove-secrets + post-remove: + : # deluser does actually remove the group as well id -u $(fpfacilitatoruser) >/dev/null 2>&1 && { \ which deluser >/dev/null 2>&1 && \ deluser --quiet \ --system \ $(fpfacilitatoruser) || \ userdel \ - $(fpfacilitatoruser) ; } + $(fpfacilitatoruser) ; } || true

.PHONY: pre-install post-install pre-remove post-remove +.PHONY: post-install-secrets post-install-symlinks post-install-daemon +.PHONY: pre-remove-daemon pre-remove-symlinks pre-remove-secrets diff --git a/facilitator/conf/fp-facilitator b/facilitator/conf/fp-facilitator deleted file mode 100644 index 125d0cc..0000000 --- a/facilitator/conf/fp-facilitator +++ /dev/null @@ -1,27 +0,0 @@ -# This is an example apache2 config for serving the facilitator. -# -# You can edit this file according to the instructions below, then copy it to -# /etc/apache2/sites-available/fp-facilitator, or wherever is appropriate. Then -# you can run `a2ensite fp-facilitator` to enable it. -# -<VirtualHost *:443> - # Update this with your hostname! - ServerName fp-facilitator.example.com - DocumentRoot /dev/null - # Make sure the path below matchs where you installed the facilitator. - ScriptAliasMatch ^(.*) /usr/bin/facilitator.cgi$1 - MaxClients 256 - - CustomLog ${APACHE_LOG_DIR}/fp-access.log common - ErrorLog ${APACHE_LOG_DIR}/fp-error.log - LogLevel warn - SSLEngine on - - # Manually install your certificate to the following location. - SSLCertificateFile /etc/apache2/fp-facilitator.pem - # If you got an intermediate certificate, uncomment the following line - # and install the certificate to that location too. - #SSLCertificateChainFile /etc/apache2/fp-intermediate.pem - - Header add Strict-Transport-Security "max-age=15768000" -</VirtualHost> diff --git a/facilitator/conf/reg-email.pass b/facilitator/conf/reg-email.pass new file mode 100644 index 0000000..d1a58f7 --- /dev/null +++ b/facilitator/conf/reg-email.pass @@ -0,0 +1,3 @@ +Replace the contents of this file with your application-specific password for +your Gmail account - *not* your account password. You may see gmail-setup.txt in +this package's documentation for instructions on how to set this up. diff --git a/facilitator/configure.ac b/facilitator/configure.ac index 3b74de5..386c20f 100644 --- a/facilitator/configure.ac +++ b/facilitator/configure.ac @@ -10,4 +10,5 @@ AC_CONFIG_FILES([Makefile init.d/facilitator-email-poller init.d/facilitator-reg-daemon])

+AC_PROG_LN_S AC_OUTPUT diff --git a/facilitator/doc/facilitator-howto.txt b/facilitator/doc/facilitator-howto.txt index 6da8783..3a853ef 100644 --- a/facilitator/doc/facilitator-howto.txt +++ b/facilitator/doc/facilitator-howto.txt @@ -97,7 +97,7 @@ Edit /etc/apache2/ports.conf and comment out the port 80 configuration. # NameVirtualHost *:80 # Listen 80

-Edit conf/fp-facilitator as per the instructions given in that file, and +Edit examples/fp-facilitator as per the instructions given in that file, and install it to /etc/apache2/sites-available/fp-facilitator or whatever is appropriate for your apache2 installation.

@@ -125,19 +125,3 @@ Copy the new fp-facilitator.pem to the facilitator server as /etc/apache2/fp-facilitator.pem.

# /etc/init.d/apache2 restart - -=== Email poller setup - -The facilitator-email-poller program requires a password that is used to -log in to the designated Gmail account. See the file gmail-howto.txt for -instructions on setting up a Gmail account. After you've set up the -account and have the password, save it to a file reg-email.pass and make -it not readable or writable by anyone but its owner. - - # chmod 600 /etc/flashproxy/reg-email.pass - -Install reg-email.pass to /etc/flashproxy to match what the init script -expects. - - # update-rc.d facilitator-email-poller defaults - # /etc/init.d/facilitator-email-poller start diff --git a/facilitator/examples/fp-facilitator b/facilitator/examples/fp-facilitator new file mode 100644 index 0000000..125d0cc --- /dev/null +++ b/facilitator/examples/fp-facilitator @@ -0,0 +1,27 @@ +# This is an example apache2 config for serving the facilitator. +# +# You can edit this file according to the instructions below, then copy it to +# /etc/apache2/sites-available/fp-facilitator, or wherever is appropriate. Then +# you can run `a2ensite fp-facilitator` to enable it. +# +<VirtualHost *:443> + # Update this with your hostname! + ServerName fp-facilitator.example.com + DocumentRoot /dev/null + # Make sure the path below matchs where you installed the facilitator. + ScriptAliasMatch ^(.*) /usr/bin/facilitator.cgi$1 + MaxClients 256 + + CustomLog ${APACHE_LOG_DIR}/fp-access.log common + ErrorLog ${APACHE_LOG_DIR}/fp-error.log + LogLevel warn + SSLEngine on + + # Manually install your certificate to the following location. + SSLCertificateFile /etc/apache2/fp-facilitator.pem + # If you got an intermediate certificate, uncomment the following line + # and install the certificate to that location too. + #SSLCertificateChainFile /etc/apache2/fp-intermediate.pem + + Header add Strict-Transport-Security "max-age=15768000" +</VirtualHost>