From: Thierry Parmentelat Date: Fri, 7 Feb 2014 15:09:26 +0000 (+0100) Subject: ironing out issues during very first install X-Git-Tag: myslice-0.3-0~2^2~7 X-Git-Url: http://git.onelab.eu/?p=myslice.git;a=commitdiff_plain;h=a11e7b0d7951b328f0f07ffedd679128d7bb8586 ironing out issues during very first install --- diff --git a/apache/APACHE.notes b/apache/APACHE.notes index 7c77e4bd..d3c55e0c 100644 --- a/apache/APACHE.notes +++ b/apache/APACHE.notes @@ -14,7 +14,7 @@ A few notes and caveats must be outlined though below; see also unfold-init-ssl. * all the local material for this deployment gets into /etc/unfold/ * I could not find a way to have client-auth without server auth; - this is totally weird, and stupid, but just so + this is totally weird, and stupid, but that's how it is so there is a need to install a (probably self-signed) cert and related key in /etc/unfold/myslice.cert diff --git a/apache/unfold-init-ssl.sh b/apache/unfold-init-ssl.sh index 74c1c32a..69be3283 100755 --- a/apache/unfold-init-ssl.sh +++ b/apache/unfold-init-ssl.sh @@ -10,6 +10,8 @@ trusted_roots=/etc/unfold/trusted_roots key=/etc/unfold/myslice.key cert=/etc/unfold/myslice.cert +# provide a hostname as the first arg to this command +# (otherwise we use hostname) if [[ -n "$@" ]] ; then hostname=$1; shift; else hostname=$(hostname); fi function init_trusted_roots () { diff --git a/debian/unfold.install b/debian/unfold.install index 9730d70c..fb542506 100644 --- a/debian/unfold.install +++ b/debian/unfold.install @@ -12,3 +12,5 @@ apache/unfold.wsgi /usr/share/unfold/apache/ apache/unfold.conf /etc/apache2/sites-available manage.py usr/share/unfold/ usr/bin/unfold-init-ssl.sh +etc/unfold/trusted_roots +var/unfold diff --git a/debian/unfold.postinst b/debian/unfold.postinst index f307b319..f0ecf8c7 100644 --- a/debian/unfold.postinst +++ b/debian/unfold.postinst @@ -1,4 +1,6 @@ #!/bin/bash +# tmp - (or?) +set -x # if this requires a service to be running, add something like this # update-rc.d unfold defaults [ -d /var/unfold ] || mkdir /var/unfold @@ -9,6 +11,8 @@ chmod -R 700 /var/unfold /usr/share/unfold/manage.py migrate # enable required stuff a2enmod ssl -a2dissite default +a2dissite default || : a2ensite unfold.conf +# create a server-side cert/key and passes on gids to rehash them +unfold-init-ssl.sh service apache2 restart