Name: argeo-freed
-Version: 2.1.0
+Version: 2.1.1
Release: 1%{?dist}
Summary: Enrollment into a FREEd compatible domain
%description
+%package cms
+Summary: FREEd Argeo CMS services
+Requires: argeo-cms
+
+%package cms-user
+Summary: FREEd Argeo CMS user services
+Requires: argeo-cms
+
+%description cms
+
%package libreswan
Summary: FREEd extensions to libreswan
Requires: libreswan
%build
%install
+mkdir -p %{buildroot}%{_bindir}
+cp -a ./usr/bin/* %{buildroot}%{_bindir}
+
mkdir -p %{buildroot}%{_sysconfdir}
-cp -a ./etc/ipsec.d %{buildroot}%{_sysconfdir}
+cp -a ./etc/* %{buildroot}%{_sysconfdir}
+
+mkdir -p %{buildroot}%{_datadir}
+cp -a ./usr/share/* %{buildroot}%{_datadir}
mkdir -p %{buildroot}%{_unitdir}
cp -a ./usr/lib/systemd/system/* %{buildroot}%{_unitdir}
+mkdir -p %{buildroot}%{_userunitdir}
+cp -a ./usr/lib/systemd/user/* %{buildroot}%{_userunitdir}
+
mkdir -p %{buildroot}%{_libexecdir}
cp -a ./usr/libexec/ipsec %{buildroot}%{_libexecdir}
+%files cms
+%attr(755, root, root) %{_bindir}/argeo
+%attr(755, root, root) %{_bindir}/jshc
+
+%{_sysconfdir}/argeo.d
+%{_datadir}/argeo
+%{_unitdir}/argeo@.service
+
+%files cms-user
+%{_sysconfdir}/argeo.user.d
+%{_userunitdir}/argeo@.service
+
%files libreswan
%attr(755, root, root) %{_libexecdir}/ipsec
%{_unitdir}/freed-onresume.service
%{_unitdir}/freed-onsuspend.service
+%post cms
+%systemd_post argeo@.service
+
+%preun cms
+%systemd_preun argeo@.service
+
+%postun cms
+%systemd_postun argeo@.service
+
+%post cms-user
+%systemd_user_post argeo@.service
+
+%preun cms-user
+%systemd_user_preun argeo@.service
+
+%postun cms-user
+%systemd_user_postun argeo@.service
+
%post roaming-client
%systemd_post freed-ipsec-roaming@.service
%systemd_post freed-onresume.service
--- /dev/null
+./etc/argeo.user.d/* ./etc/argeo.user.d
+./usr/lib/systemd/user/argeo@.service ./usr/lib/systemd/user
--- /dev/null
+./usr/bin/argeo ./usr/bin
+./usr/bin/jshc ./usr/bin
+
+./etc/argeo.d/* ./etc/argeo.d
+
+./usr/lib/systemd/system/argeo@.service ./usr/lib/systemd/system
+
+./usr/share/argeo/* ./usr/share/argeo
--- /dev/null
+#!/bin/sh
+
+# see https://www.debian.org/doc/manuals/securing-debian-manual/bpp-lower-privs.en.html
+
+case "$1" in
+ install|upgrade)
+
+ # If the package has default file it could be sourced, so that
+ # the local admin can overwrite the defaults
+
+ [ -f "/etc/default/freed" ] && . /etc/default/freed
+
+ # Sane defaults:
+
+ [ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/freed
+ [ -z "$SERVER_USER" ] && SERVER_USER=freed
+ [ -z "$SERVER_NAME" ] && SERVER_NAME="FREEd Apps"
+ [ -z "$SERVER_GROUP" ] && SERVER_GROUP=freed
+
+ # create user to avoid running server as root
+ # 1. create group if not existing
+ if ! getent group $SERVER_GROUP | grep -q "^$SERVER_GROUP:" ; then
+ echo -n "Adding group $SERVER_GROUP.."
+ addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true
+ echo "..done"
+ else
+ echo "System group '$SERVER_GROUP' already exists"
+ fi
+ # 2. create homedir if not existing
+ test -d $SERVER_HOME || mkdir $SERVER_HOME
+ # 3. create user if not existing
+ if ! getent passwd $SERVER_USER | grep -q "^$SERVER_USER:"; then
+ echo -n "Adding system user $SERVER_USER.."
+ adduser --quiet \
+ --system \
+ --ingroup $SERVER_GROUP \
+ --no-create-home \
+ --disabled-password \
+ $SERVER_USER 2>/dev/null || true
+ echo "..done"
+ # 4. adjust passwd entry
+ usermod -c "$SERVER_NAME" \
+ -d $SERVER_HOME \
+ -g $SERVER_GROUP \
+ $SERVER_USER
+ else
+ echo "System user '$SERVER_USER' already exists"
+ fi
+ # 5. adjust file and directory permissions
+ if ! dpkg-statoverride --list $SERVER_HOME >/dev/null
+ then
+ chown -R $SERVER_USER:adm $SERVER_HOME
+ chmod u=rwx,g=rxs,o= $SERVER_HOME
+ fi
+ ;;
+ *)
+esac
-argeo-freed (2.1.0) unstable; urgency=medium
+argeo-freed (2.1.1) testing; urgency=medium
* Initial release
Standards-Version: 4.5.1
Rules-Requires-Root: no
+Package: argeo-freed-cms
+Architecture: all
+Depends: ${misc:Depends}, adduser, argeo-cms
+Conflicts: argeo-init
+Description: FREEd Argeo CMS services
+ FREEd Argeo CMS services
+
+Package: argeo-freed-cms-user
+Architecture: all
+Depends: ${misc:Depends}, argeo-cms
+Conflicts: argeo-init
+Description: FREEd Argeo CMS user services
+ FREEd Argeo CMS user services
+
Package: argeo-freed-libreswan
Architecture: all
Depends: ${misc:Depends}, libreswan
--- /dev/null
+-agentlib:jdwp=transport=dt_socket,server=y,suspend=y,address=127.0.0.1:8000
\ No newline at end of file
--- /dev/null
+-Dcom.sun.management.jmxremote.port=8099 -Dcom.sun.management.jmxremote.rmi.port=8099 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=<hostname>
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+java -Dorg.argeo.api.cli.rootCommand=$0 -jar /usr/share/a2/org.argeo.cms/org.argeo.cms.cli.2.3.jar "$@"
\ No newline at end of file
--- /dev/null
+#!/bin/sh
+java -Xms32m -Xmx64m -jar /usr/share/a2/org.argeo.cms/org.argeo.cms.jshell.2.3.jar "$@"
\ No newline at end of file
--- /dev/null
+[Unit]
+Description=Argeo node %I
+After=network-online.target
+Wants=postgresql.service
+
+[Service]
+Type=simple
+
+User=freed
+Group=freed
+
+StateDirectory=argeo.d/%I
+LogsDirectory=argeo.d/%I
+ConfigurationDirectory=argeo.d/%I
+CacheDirectory=argeo.d/%I
+WorkingDirectory=/var/lib/argeo.d/%I
+
+ExecStart=java \
+-Dosgi.configuration.cascaded=true \
+-Dosgi.sharedConfiguration.area=/etc/argeo.d/%I/ \
+-Dosgi.sharedConfiguration.area.readOnly=true \
+-Dosgi.configuration.area=${STATE_DIRECTORY}/state/ \
+-Dosgi.instance.area=${STATE_DIRECTORY}/data/ \
+-Dargeo.node.repo.indexesBase=${CACHE_DIRECTORY}/indexes \
+-Dorg.osgi.framework.system.packages.extra=sun.security.internal.spec,sun.security.provider,com.sun.net.httpserver,com.sun.jndi.ldap,com.sun.jndi.ldap.sasl,com.sun.jndi.dns,com.sun.security.jgss,com.sun.nio.file,com.sun.nio.sctp \
+-Declipse.ignoreApp=true \
+-Dosgi.noShutdown=true \
+-Dorg.eclipse.equinox.http.jetty.autostart=false \
+@/etc/argeo.d/jvm.args \
+@${CONFIGURATION_DIRECTORY}/jvm.args \
+@/usr/share/argeo/jvm.args
+
+# Exit codes of the JVM when SIGTERM or SIGINT have been caught:
+SuccessExitStatus=143 130
+
+CPUAccounting=true
+MemoryAccounting=true
+TasksAccounting=true
+IOAccounting=true
+IPAccounting=true
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+[Unit]
+Description=Argeo user node %I
+
+[Service]
+Type=simple
+StateDirectory=argeo.d/%I
+LogsDirectory=argeo.d/%I
+ConfigurationDirectory=argeo.d/%I
+CacheDirectory=argeo.d/%I
+#WorkingDirectory=
+
+ExecStart=java \
+-Dosgi.configuration.cascaded=true \
+-Dosgi.sharedConfiguration.area=/etc/argeo.user.d/%I/ \
+-Dosgi.sharedConfiguration.area.readOnly=true \
+-Dosgi.configuration.area=${STATE_DIRECTORY}/state/ \
+-Dosgi.instance.area=${STATE_DIRECTORY}/data/ \
+-Dargeo.node.repo.indexesBase=${CACHE_DIRECTORY}/indexes \
+-Dorg.osgi.framework.system.packages.extra=sun.security.internal.spec,sun.security.provider,com.sun.net.httpserver,com.sun.jndi.ldap,com.sun.jndi.ldap.sasl,com.sun.jndi.dns,com.sun.security.jgss,com.sun.nio.file,com.sun.nio.sctp \
+-Declipse.ignoreApp=true \
+-Dosgi.noShutdown=true \
+-Dorg.eclipse.equinox.http.jetty.autostart=false \
+-Djava.library.path=/usr/lib/a2/swt/rcp/org.argeo.tp.swt/ \
+@/etc/argeo.user.d/jvm.args \
+@/etc/argeo.user.d/%I/jvm.args \
+@/usr/share/argeo/jvm.args
+# Exit codes of the JVM when SIGTERM or SIGINT have been caught:
+SuccessExitStatus=143 130
+
+[Install]
+WantedBy=multi-user.target
--- /dev/null
+
+# 389 Directory Server
+sudo dscreate from-file argeo-slapd.inf
+sudo dsconf -D "cn=Directory Manager" ldap://localhost backend import <backend> <path to LDIF file>
+
+# PostgreSQL
+sudo postgresql-setup initdb
+sudo systemctl start postgresql
+sudo -u postgres psql < argeo-pgsql-setup.sql
--- /dev/null
+grant {
+ permission java.security.AllPermission;
+};
\ No newline at end of file
--- /dev/null
+CREATE USER argeo WITH PASSWORD 'argeo';
+CREATE DATABASE argeo WITH OWNER argeo;
--- /dev/null
+[general]
+[slapd]
+instance_name = argeo
+root_dn = cn=Directory Manager
+root_password = argeoargeo
+
+[backend-userroot]
+create_suffix_entry = True
+suffix = dc=example,dc=com
\ No newline at end of file
--- /dev/null
+-cp /usr/share/a2/osgi/equinox/org.argeo.tp.osgi/org.eclipse.osgi.3.18.jar:/usr/share/a2/org.argeo.cms/org.argeo.init.2.3.jar org.argeo.init.Service
\ No newline at end of file
projects / gpl / argeo-freed.git / commitdiff