# HG changeset patch # User Paul Boddie # Date 1361731526 -3600 # Node ID 8c91950a62f814f49655f5fce871480132915ef5 # Parent 0163e7e5f96296c3a86061ddec5020482bda5d61 Simplified the mechanism providing different post-installation scripts. Added a SELinux post-installation script template. Tidied up filesystem ACL support detection and temporary file creation. diff -r 0163e7e5f962 -r 8c91950a62f8 moinsetup.py --- a/moinsetup.py Fri Jan 11 00:31:06 2013 +0100 +++ b/moinsetup.py Sun Feb 24 19:45:26 2013 +0100 @@ -86,8 +86,12 @@ RewriteRule ^(.*) %(url_path_tr)s/moin.cgi/$1 [PT,L,QSA] """ + + # Post-setup templates. +# ACL-capable filesystem modifications. + postsetup_setfacl = """\ #!/bin/sh @@ -113,6 +117,8 @@ fi """ +# Conventional owner/group permissions. + postsetup_chown_chmod = """\ #!/bin/sh @@ -140,6 +146,27 @@ fi """ +# SELinux file type modifications. + +postsetup_semanage = """\ +#!/bin/sh + +semanage fcontext -a -t httpd_sys_content_t "%(common_dir)s(/.*)?" +""" + +postsetup_semanage_extra = """\ +semanage fcontext -a -t httpd_sys_content_t "%(htdocs_dir)s(/.*)?" +""" + +postsetup_semanage_logs = """\ +""" + +postinst_scripts = { + "chown" : ("moinsetup-post-chown.sh", postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs), + "setfacl" : ("moinsetup-post-setfacl.sh", postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs), + "semanage" : ("moinsetup-post-semanage.sh", postsetup_semanage, postsetup_semanage_extra, postsetup_semanage_logs), + } + # Utility functions. def readfile(filename): @@ -759,6 +786,23 @@ return directories + def _get_temp_filename(self): + fd, temp_filename = tempfile.mkstemp(dir=self.common_dir) + os.close(fd) + return temp_filename + + def have_setfacl(self): + + "Work out whether setfacl works." + + temp_filename = self._get_temp_filename() + + try: + return os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % { + "web_user" : self.web_user, "file" : temp_filename}) == 0 + finally: + remove(temp_filename) + # Main methods. def setup(self): @@ -1075,30 +1119,16 @@ "Write a post-install script with additional actions." - # Work out whether setfacl works. - - fd, temp_filename = tempfile.mkstemp(dir=self.common_dir) - os.close(fd) - - have_setfacl = os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % { - "web_user" : self.web_user, "file" : temp_filename}) == 0 - - remove(temp_filename) - # Create the scripts. this_user = os.environ["USER"] - postinst_scripts = "moinsetup-post-chown.sh", "moinsetup-post-setfacl.sh" vars = {} vars.update(Installation.__dict__) vars.update(self.__dict__) vars.update(locals()) - for postinst_script, start, extra, logs in [ - (postinst_scripts[0], postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs), - (postinst_scripts[1], postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs) - ]: + for postinst_script, start, extra, logs in postinst_scripts.values(): s = start % vars s += extra % vars @@ -1107,11 +1137,13 @@ writefile(postinst_script, s) chmod(postinst_script, 0755) - if have_setfacl: - note("Run %s to set file ownership and permissions.\n" - "If this somehow fails..." % postinst_scripts[1]) + if self.have_setfacl(): + note("Run %s to set file access permissions.\n" + "If this somehow fails..." % postinst_scripts["setfacl"][0]) - note("Run %s as root to set file ownership and permissions." % postinst_scripts[0]) + note("Run %s as root to set file ownership and permissions." % postinst_scripts["chown"][0]) + + note("Run %s as root to set SELinux permissions, if applicable." % postinst_scripts["semanage"][0]) # Accessory methods.