# # # patch "README" # from [846761e92b7854df88c898ef505bff71e65434e6] # to [6e0effd2fb2288a12a55acf8a413b9997add514b] # # patch "install" # from [b50dab4e64f94c31414fed846c80b92527f3d514] # to [294e6c72c43d967227ff776e559131097a3cb0fd] # # patch "www/common.php" # from [8d94d25c7e2f62e7cd3d46b647093c3da37e640b] # to [80a3b636f5be49cace64be55e4d2460717184eba] # ============================================================ --- README 846761e92b7854df88c898ef505bff71e65434e6 +++ README 6e0effd2fb2288a12a55acf8a413b9997add514b @@ -1,62 +1,23 @@ -make symlinks - Set up a couple of symlinks -make acl user=www-data - Give the www-data user (or replace this with whichever user the - webserver is) rwx permissions to the directories it stores data in. -make owner user=www-data - Give the www-data user ownership of some files in www/ that it needs - to be able to symlink to. -make setup user=www-data - All of the above. +Install +------- -make usher - Modified usher that uses the project database for a server list, - and uses the same config file as the web interface. +Make sure you have postgresql, libpqxx, php-pgsql, mod_python, and mod_php. +make usher.webhost + +./install + createdb psql -f schema.sql setup database, if not done as the webserver user, that user will need - permission to read/insert/update. + permission to read/insert/update/delete. If you want the reset script to work, you need permission to delete. -skel/keys - put your server keypair here -cp hostconfig.dist hostconfig - and then update to match your local setup +About +----- +This is a server for shared, public monotone hosting. It has a web frontend +for general project management, and provides web-based history browsing with +viewmtn. The project repositories are identified by hostname: if the server is +example.net, the 'foobar' project repository will be at foobar.example.net . -cp www/viewmtn/config.py.example www/viewmtn/config.py - and then update to match your local setup - -* add a cron job to occasionally run prunegraphs.sh in the install - directory - -common.php - make sure that $conffile points to the hostconfig file - -* Make sure all dns addresses *. map to an address that the - usher is listening on. - -usher hostconfig - There's a modified usher that uses the same config file and - takes the server list from a database - - - -skel/ Some useful files - -www/ Make this accessible to your webserver -www/viewmtn/ viewmtn install, modified slightly - -sessions/ A directory where session cookie files are saved. -projects/*/ Project-specific (internal) -www/projects/*/ Project-specific (web-available) -graphs/ viewmtn graph cache - These four need to be +rw for the webserver. - Also, the webserver needs to be able to symlink from - www/projects/ to www/{project.php,admin.php,viewmtn/}. - This probably means that those have to be owned by the - webserver, since apache likes to only follow symlinks - that are owned by the same user as the target file. - -hostconfig config file ============================================================ --- install b50dab4e64f94c31414fed846c80b92527f3d514 +++ install 294e6c72c43d967227ff776e559131097a3cb0fd @@ -32,6 +32,9 @@ if ! [ -d /etc/$NAME ]; then mkdir $CONFDIR/ + dd if=/dev/random of=$CONFDIR/secfile bs=1 count=64 + chgrp $WEBUSER $CONFDIR/secfile + chmod 0400 $CONFDIR/secfile cp hostconfig.dist $CONFDIR/hostconfig cp skel/monotonerc $CONFDIR/ sed -i "s!DBROTATE!$BINDIR/update-viewmtn-db.sh!" $CONFDIR/monotonerc ============================================================ --- www/common.php 8d94d25c7e2f62e7cd3d46b647093c3da37e640b +++ www/common.php 80a3b636f5be49cace64be55e4d2460717184eba @@ -57,20 +57,12 @@ $json = new Services_JSON(); function mktok($username, $shapass, $t) { - $secfile = dirname(__FILE__) . "/../sessions/secfile"; - if (!is_file($secfile)) { - $dat = ""; - foreach (array("/dev/random", "/dev/urandom") as $fn) { - $fd = fopen($fn, "rb"); - if ($fd) { - $dat = $dat . fread($fd, 20); - fclose($fd); - } - } - file_put_contents($secfile, $dat); - chmod($secfile, 0400); + $secfile = $confdir . "/secfile"; + $sstr = ""; + if (is_file($secfile)) { + $sstr = file_get_contents($secfile); } - return sha1($username . $shapass . $t . file_get_contents($secfile)); + return sha1($username . $shapass . $t . $sstr); } if ($_REQUEST['username'] && $_REQUEST['password']) {