[Pkg-zope-developers] Re: [pmachard@debian.org: Fixed in NMU of zopectl 0.3.4.2]

[Derrick 'dman' Hudson]

--SUOF0GtieIMvvwua
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 25, 2004 at 11:25:29PM +0000, Thaddeus H. Black wrote:
| This message is to Derrick and Pierre, with copy
| to several others.
|=20
| I wrote this nonsense:
|=20
| > Pierre, it looks to me as though Georg, in trying to get around
| > the -1.1 postinst problem, might somehow inadvertently manually
| > have created a file named "/var/lib/zope/instance/default/access".
| > This is supposed to be a directory not a file.
|=20
| Georg was right.  I was wrong.  As Derrick
| points out, it should be a file not a directory.

| A question for Derrick.  If the file exists but is empty ("touch
| $access"), then Zope installs without complaint.  But an empty file
| there is not acceptable, is it?  Must an initial/emergency username
| ("Admin") and password not be installed, for Zope to be usable and
| secure?  Feel free to elaborate.

Zope handles the access file being empty, non-existent, or otherwise
unreadable gracefully.  These conditions don't really affect zope at
all.  It will still run as usual.  (see belo

The initial/emergency user must be installed for a new zope to be
usable.  It is needed to bootstrap a new site -- the server will
prompt for sufficient credentials before allowing access to the
management interface and creating "real" user accounts.  This initial
user is the only set of credentials zope will recognize until
additional accounts are created via the management interface.  Once
the adminstrator has created a real user, the intial user ('access'
file) can be removed with no ill side-effects.  If some sort of
emergency recovery is necessary, the file can be (re-)created.

| Pierre, I believe that the root of the problem---and perhaps the key
| to really fixing and closing six or seven zope{ctl,} bugs over the
| past year---is in that ZopeCTL.py has not heretofore been able to
| parse and to act correctly on the new Zope account configuration in
| /etc/zopectlrc.  This is what I believe.  David Coe had tried to
| work around the problem in an earlier NMU.  David's workaround was
| worth a try, but unfortunately it has only led to new bug reports.
| I no longer believe that we can work around this problem; we must
| fix it.  This is why I have tunneled into ZopeCTL.py and zpasswd.py,
| finishing the unfinished code in there.  This is why the RC bug
| #251038 had stayed open so long: it was not essentially a packaging
| problem; it had no easy fix.

Here's some history you (Thaddeus and Pierre specifically) probably
don't know but which complicates the package.  Zope used to only
support one site ("instance") at a time.  The directory /var/lib/zope
contained all of the site-local data.  This is the way the version of
zope in woody is.  More recently (though quite a while ago) support
for multiple instances was added.  With multiple instances, the
site-local data is stored in /var/lib/zope/<name>/ where <name> is the
name of the instance.  These instance directories contain a bin/
directory with start/stop scripts.  These start/stop scripts set all
the environtment necessary for the software (in /usr/lib) to locate
the data.  In this manner one machine can have one copy of the
software installed, but running in two separate processes with two
separate underlying data stores.  The complexity is migrating the
single-instance /var/lib/zope on woody machines to the default
instance /var/lib/zope/default for sarge.  Several versions of the
package had various glitches with the automatic transition (it was a
while ago and I don't remember the details, but the BTS archives
probably still have the records).

FWIW newer versions of zope come with a zopectl script and a
'mkinstance' script as well.  The debian zopectl script was created
before the upstream implementation became available.  Perhaps the
upstream version should be included (backported, if necessary) instead
of putting effort into a duplicate solution.

HTH,
-D

--=20
Love is not affectionate feeling, but a steady wish for the loved
person's ultimate good as far as it can be obtained.
    --C.S. Lewis
=20
www: http://dman13.dyndns.org/~dman/            jabber: dman@dman13.dyndns.=
org

--SUOF0GtieIMvvwua
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBL+6aiB6vp1xAVUARAh64AKCp1NTQHyvREsUusuSDZKKVfSbXEwCfftas
I3mSQt6OR7/zqLXVzDsHElo=
=GeGq
-----END PGP SIGNATURE-----

--SUOF0GtieIMvvwua--