1.1 --- a/moinsetup.py Fri Jan 11 00:31:06 2013 +0100
1.2 +++ b/moinsetup.py Sun Feb 24 19:45:26 2013 +0100
1.3 @@ -86,8 +86,12 @@
1.4 RewriteRule ^(.*) %(url_path_tr)s/moin.cgi/$1 [PT,L,QSA]
1.5 """
1.6
1.7 +
1.8 +
1.9 # Post-setup templates.
1.10
1.11 +# ACL-capable filesystem modifications.
1.12 +
1.13 postsetup_setfacl = """\
1.14 #!/bin/sh
1.15
1.16 @@ -113,6 +117,8 @@
1.17 fi
1.18 """
1.19
1.20 +# Conventional owner/group permissions.
1.21 +
1.22 postsetup_chown_chmod = """\
1.23 #!/bin/sh
1.24
1.25 @@ -140,6 +146,27 @@
1.26 fi
1.27 """
1.28
1.29 +# SELinux file type modifications.
1.30 +
1.31 +postsetup_semanage = """\
1.32 +#!/bin/sh
1.33 +
1.34 +semanage fcontext -a -t httpd_sys_content_t "%(common_dir)s(/.*)?"
1.35 +"""
1.36 +
1.37 +postsetup_semanage_extra = """\
1.38 +semanage fcontext -a -t httpd_sys_content_t "%(htdocs_dir)s(/.*)?"
1.39 +"""
1.40 +
1.41 +postsetup_semanage_logs = """\
1.42 +"""
1.43 +
1.44 +postinst_scripts = {
1.45 + "chown" : ("moinsetup-post-chown.sh", postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs),
1.46 + "setfacl" : ("moinsetup-post-setfacl.sh", postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs),
1.47 + "semanage" : ("moinsetup-post-semanage.sh", postsetup_semanage, postsetup_semanage_extra, postsetup_semanage_logs),
1.48 + }
1.49 +
1.50 # Utility functions.
1.51
1.52 def readfile(filename):
1.53 @@ -759,6 +786,23 @@
1.54
1.55 return directories
1.56
1.57 + def _get_temp_filename(self):
1.58 + fd, temp_filename = tempfile.mkstemp(dir=self.common_dir)
1.59 + os.close(fd)
1.60 + return temp_filename
1.61 +
1.62 + def have_setfacl(self):
1.63 +
1.64 + "Work out whether setfacl works."
1.65 +
1.66 + temp_filename = self._get_temp_filename()
1.67 +
1.68 + try:
1.69 + return os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % {
1.70 + "web_user" : self.web_user, "file" : temp_filename}) == 0
1.71 + finally:
1.72 + remove(temp_filename)
1.73 +
1.74 # Main methods.
1.75
1.76 def setup(self):
1.77 @@ -1075,30 +1119,16 @@
1.78
1.79 "Write a post-install script with additional actions."
1.80
1.81 - # Work out whether setfacl works.
1.82 -
1.83 - fd, temp_filename = tempfile.mkstemp(dir=self.common_dir)
1.84 - os.close(fd)
1.85 -
1.86 - have_setfacl = os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % {
1.87 - "web_user" : self.web_user, "file" : temp_filename}) == 0
1.88 -
1.89 - remove(temp_filename)
1.90 -
1.91 # Create the scripts.
1.92
1.93 this_user = os.environ["USER"]
1.94 - postinst_scripts = "moinsetup-post-chown.sh", "moinsetup-post-setfacl.sh"
1.95
1.96 vars = {}
1.97 vars.update(Installation.__dict__)
1.98 vars.update(self.__dict__)
1.99 vars.update(locals())
1.100
1.101 - for postinst_script, start, extra, logs in [
1.102 - (postinst_scripts[0], postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs),
1.103 - (postinst_scripts[1], postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs)
1.104 - ]:
1.105 + for postinst_script, start, extra, logs in postinst_scripts.values():
1.106
1.107 s = start % vars
1.108 s += extra % vars
1.109 @@ -1107,11 +1137,13 @@
1.110 writefile(postinst_script, s)
1.111 chmod(postinst_script, 0755)
1.112
1.113 - if have_setfacl:
1.114 - note("Run %s to set file ownership and permissions.\n"
1.115 - "If this somehow fails..." % postinst_scripts[1])
1.116 + if self.have_setfacl():
1.117 + note("Run %s to set file access permissions.\n"
1.118 + "If this somehow fails..." % postinst_scripts["setfacl"][0])
1.119
1.120 - note("Run %s as root to set file ownership and permissions." % postinst_scripts[0])
1.121 + note("Run %s as root to set file ownership and permissions." % postinst_scripts["chown"][0])
1.122 +
1.123 + note("Run %s as root to set SELinux permissions, if applicable." % postinst_scripts["semanage"][0])
1.124
1.125 # Accessory methods.
1.126