From: Thierry Parmentelat <thierry.parmentelat@inria.fr>
Date: Fri, 7 Feb 2014 15:09:26 +0000 (+0100)
Subject: ironing out issues during very first install
X-Git-Tag: myslice-0.3-0~2^2~7
X-Git-Url: http://git.onelab.eu/?a=commitdiff_plain;h=a11e7b0d7951b328f0f07ffedd679128d7bb8586;p=myslice.git

ironing out issues during very first install
---

diff --git a/apache/APACHE.notes b/apache/APACHE.notes
index 7c77e4bd..d3c55e0c 100644
--- a/apache/APACHE.notes
+++ b/apache/APACHE.notes
@@ -14,7 +14,7 @@ A few notes and caveats must be outlined though below; see also unfold-init-ssl.
 * all the local material for this deployment gets into /etc/unfold/
 
 * I could not find a way to have client-auth without server auth;
-  this is totally weird, and stupid, but just so
+  this is totally weird, and stupid, but that's how it is
   so there is a need to install a (probably self-signed) cert 
   and related key in 
 /etc/unfold/myslice.cert
diff --git a/apache/unfold-init-ssl.sh b/apache/unfold-init-ssl.sh
index 74c1c32a..69be3283 100755
--- a/apache/unfold-init-ssl.sh
+++ b/apache/unfold-init-ssl.sh
@@ -10,6 +10,8 @@ trusted_roots=/etc/unfold/trusted_roots
 key=/etc/unfold/myslice.key
 cert=/etc/unfold/myslice.cert
 
+# provide a hostname as the first arg to this command 
+# (otherwise we use hostname)
 if [[ -n "$@" ]] ; then hostname=$1; shift; else hostname=$(hostname); fi
 
 function init_trusted_roots () {
diff --git a/debian/unfold.install b/debian/unfold.install
index 9730d70c..fb542506 100644
--- a/debian/unfold.install
+++ b/debian/unfold.install
@@ -12,3 +12,5 @@ apache/unfold.wsgi /usr/share/unfold/apache/
 apache/unfold.conf /etc/apache2/sites-available
 manage.py usr/share/unfold/
 usr/bin/unfold-init-ssl.sh
+etc/unfold/trusted_roots
+var/unfold
diff --git a/debian/unfold.postinst b/debian/unfold.postinst
index f307b319..f0ecf8c7 100644
--- a/debian/unfold.postinst
+++ b/debian/unfold.postinst
@@ -1,4 +1,6 @@
 #!/bin/bash
+# tmp - (or?)
+set -x
 # if this requires a service to be running, add something like this
 # update-rc.d unfold defaults
 [ -d /var/unfold ] || mkdir /var/unfold
@@ -9,6 +11,8 @@ chmod -R 700 /var/unfold
 /usr/share/unfold/manage.py migrate
 # enable required stuff
 a2enmod ssl
-a2dissite default
+a2dissite default || :
 a2ensite unfold.conf
+# create a server-side cert/key and passes on gids to rehash them
+unfold-init-ssl.sh
 service apache2 restart