[Pkg-erlang-commits] r1434 - yaws/trunk/debian

Sun May 13 09:20:24 UTC 2012

Author: sgolovan
Date: 2012-05-13 09:20:23 +0000 (Sun, 13 May 2012)
New Revision: 1434

Added:
   yaws/trunk/debian/yaws.links
Modified:
   yaws/trunk/debian/changelog
   yaws/trunk/debian/control
   yaws/trunk/debian/yaws.default
   yaws/trunk/debian/yaws.init
   yaws/trunk/debian/yaws.postinst
Log:
[yaws]
  * Switched to long options in init.d script because the short ones aren't
    documented anymore.
  * Added a short notice on how to bind to a privileged port in yaws.default
    file comments.
  * Change Yaws config files permissions only if the local admin didn't
    override them using dpkg-statoverride.
  * Switched to the snakeoil SSL certificate from generating a new one in
    postinstallation script.


Modified: yaws/trunk/debian/changelog
===================================================================

--- yaws/trunk/debian/changelog	2012-05-06 18:05:40 UTC (rev 1433)
+++ yaws/trunk/debian/changelog	2012-05-13 09:20:23 UTC (rev 1434)
@@ -1,8 +1,15 @@
-yaws (1.92-3) UNRELEASED; urgency=low
+yaws (1.92-3) unstable; urgency=low
 
-  * NOT RELEASED YET
+  * Switched to long options in init.d script because the short ones aren't
+    documented anymore.
+  * Added a short notice on how to bind to a privileged port in yaws.default
+    file comments.
+  * Change Yaws config files permissions only if the local admin didn't
+    override them using dpkg-statoverride.
+  * Switched to the snakeoil SSL certificate from generating a new one in
+    postinstallation script.
 
- -- Sergei Golovan <sgolovan at debian.org>  Wed, 22 Feb 2012 10:49:21 +0400
+ -- Sergei Golovan <sgolovan at debian.org>  Sun, 13 May 2012 11:16:37 +0400
 
 yaws (1.92-2) unstable; urgency=low
 

Modified: yaws/trunk/debian/control
===================================================================
--- yaws/trunk/debian/control	2012-05-06 18:05:40 UTC (rev 1433)
+++ yaws/trunk/debian/control	2012-05-13 09:20:23 UTC (rev 1434)
@@ -15,7 +15,7 @@
 Package: yaws
 Architecture: all
 Provides: httpd, httpd-cgi
-Depends: erlang-yaws (>= ${binary:Version}), adduser, openssl, ${misc:Depends}
+Depends: erlang-yaws (>= ${binary:Version}), adduser, ssl-cert, ${misc:Depends}
 Suggests: yaws-doc, yaws-chat, yaws-mail, yaws-wiki, yaws-yapp
 Description: High performance HTTP 1.1 webserver written in Erlang
  Yaws is a high performance HTTP 1.1 webserver written in Erlang. It is a 

Modified: yaws/trunk/debian/yaws.default
===================================================================
--- yaws/trunk/debian/yaws.default	2012-05-06 18:05:40 UTC (rev 1433)
+++ yaws/trunk/debian/yaws.default	2012-05-13 09:20:23 UTC (rev 1434)
@@ -8,7 +8,9 @@
 
 # Default user which runs yaws web server.
 # If you want yaws to listen privileged port 80, set it to root
-# or install fd_server from http://jungerl.sourceforge.net/
+# or grant the capability for binding to privileged ports via
+# setcap 'cap_net_bind_service=+ep' /usr/lib/erlang/erts-*/bin/beam
+# (and/or beam.smp)
 YAWS_USER=yaws
 
 # Default yaws daemon id (when it starts from init script).
@@ -16,6 +18,6 @@
 YAWS_ID=debian_yaws
 
 # Additional options that are passed to the Daemon.
-# -heart restarts the daemon if it crashes
-DAEMON_OPTS="-heart"
+# --heart restarts the daemon if it crashes
+DAEMON_OPTS="--heart"
 

Modified: yaws/trunk/debian/yaws.init
===================================================================
--- yaws/trunk/debian/yaws.init	2012-05-06 18:05:40 UTC (rev 1433)
+++ yaws/trunk/debian/yaws.init	2012-05-13 09:20:23 UTC (rev 1434)
@@ -22,7 +22,7 @@
 
 PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
 DAEMON=/usr/bin/yaws
-NAME="yaws web server"
+NAME="Yaws web server"
 DESC=yaws
 YAWS_USER=yaws
 YAWS_USER_HOME=/var/cache/yaws
@@ -38,16 +38,16 @@
 daemon()
 {
     cd $YAWS_USER_HOME
-    script="$DAEMON -I $YAWS_ID $@"
+    script="$DAEMON --id $YAWS_ID $@"
     su $YAWS_USER -c "$script"
 }
 
 start()
 {
-    daemon -D $DAEMON_OPTS
+    daemon --daemon $DAEMON_OPTS
 
     cnt=0
-    while ! (daemon -S >/dev/null || test $? = 3) ; do
+    while ! (daemon --status >/dev/null || test $? = 3) ; do
 	echo -n .
 	cnt=`expr $cnt + 1`
 	if [ $cnt -ge 10 ] ; then
@@ -60,10 +60,10 @@
 
 stop()
 {
-    daemon -s >/dev/null || test $? = 3
+    daemon --stop >/dev/null || test $? = 3
 
     cnt=0
-    while ! (daemon -S >/dev/null || test $? = 3) ; do
+    while ! (daemon --status >/dev/null || test $? = 3) ; do
 	echo -n .
 	cnt=`expr $cnt + 1`
 	if [ $cnt -ge 10 ] ; then
@@ -86,11 +86,11 @@
 	echo "$NAME."
     ;;
     status)
-	daemon -S
+	daemon --status
     ;;
     reload|force-reload)
 	echo "Reloading $DESC configuration files."
-	daemon -h
+	daemon --hup
     ;;
     restart)
 	echo -n "Restarting $DESC: "

Added: yaws/trunk/debian/yaws.links
===================================================================
--- yaws/trunk/debian/yaws.links	                        (rev 0)
+++ yaws/trunk/debian/yaws.links	2012-05-13 09:20:23 UTC (rev 1434)
@@ -0,0 +1,2 @@
+etc/ssl/certs/ssl-cert-snakeoil.pem	etc/yaws/yaws-cert.pem
+etc/ssl/private/ssl-cert-snakeoil.key	etc/yaws/yaws-key.pem

Modified: yaws/trunk/debian/yaws.postinst
===================================================================
--- yaws/trunk/debian/yaws.postinst	2012-05-06 18:05:40 UTC (rev 1433)
+++ yaws/trunk/debian/yaws.postinst	2012-05-13 09:20:23 UTC (rev 1434)
@@ -30,16 +30,21 @@
 	usermod --home /var/cache/yaws --move-home yaws >/dev/null 2>/dev/null
 
 	# Fixing config directory permissions
-	chown root:yaws /etc/yaws
-	chmod 750 /etc/yaws
+	for d in yaws yaws/conf.avail yaws/conf.d ; do
+	    if ! dpkg-statoverride --list /etc/$d >/dev/null; then
+		chown root:yaws /etc/$d
+		chmod 750 /etc/$d
+	    fi
+	done
 
 	# Yaws configs may contain sensitive information (passwords)
-	chown root:yaws /etc/yaws/yaws.conf
-	chmod 640 /etc/yaws/yaws.conf
+	for f in /etc/yaws/yaws.conf /etc/yaws/conf.avail/*.conf ; do
+	    if ! dpkg-statoverride --list $f >/dev/null; then
+		chown root:yaws $f
+		chmod 640 $f
+	    fi
+	done
 
-	chown -R root:yaws /etc/yaws/conf.avail
-	chmod 640 /etc/yaws/conf.avail/*
-
 	# Create config symlinks
 	# Do it only if it's a fresh install or upgrade from version
 	# less than 1.66-2 (which is the first version with multiple
@@ -54,32 +59,15 @@
 	    done
 	fi
 
-	# Making /etc/yaws/yaws-cert.pem and /etc/yaws/yaws-key.pem
-	# if they do not exist.
-	( cd /etc/yaws
-	if [ ! -f yaws-cert.pem ] || [ ! -f yaws-key.pem ] ; then
-	    HOST=$(hostname -s 2>/dev/null || echo localhost)
-	    DOMAIN=$(hostname -d 2>/dev/null || echo localdomain)
-	    openssl req -new -x509 -days 365 -nodes \
-			-out yaws-cert.pem \
-			-keyout yaws-key.pem > /dev/null 2>&1 <<+++
-.
-.
-.
-$DOMAIN
-$HOST
-localhost
-root@$HOST.$DOMAIN
-+++
-	    echo "Created /etc/yaws/yaws-cert.pem and /etc/yaws/yaws-key.pem for localhost ONLY"
-	fi )
 
-	# Make yaws certificates readable only by the server
-	chown root:yaws /etc/yaws/*.pem
-	chmod 640 /etc/yaws/*.pem
+	# Adding yaws user to the ssl-cert group to use the snakeoil
+	# SSL certificate
 
-	# Only user yaws and root are allowed to create
-	# yaws control files
+	if getent group ssl-cert >/dev/null ; then
+	    adduser --quiet yaws ssl-cert
+	fi
+
+	# Only user yaws and root are allowed to create yaws control files
 	chown -R yaws:yaws /var/cache/yaws
 	chmod 750 /var/cache/yaws
 


