moinsetup

Changeset

72:8c91950a62f8
2013-02-24 Paul Boddie raw files shortlog changelog graph Simplified the mechanism providing different post-installation scripts. Added a SELinux post-installation script template. Tidied up filesystem ACL support detection and temporary file creation.
moinsetup.py (file)
     1.1 --- a/moinsetup.py	Fri Jan 11 00:31:06 2013 +0100
     1.2 +++ b/moinsetup.py	Sun Feb 24 19:45:26 2013 +0100
     1.3 @@ -86,8 +86,12 @@
     1.4  RewriteRule ^(.*) %(url_path_tr)s/moin.cgi/$1 [PT,L,QSA]
     1.5  """
     1.6  
     1.7 +
     1.8 +
     1.9  # Post-setup templates.
    1.10  
    1.11 +# ACL-capable filesystem modifications.
    1.12 +
    1.13  postsetup_setfacl = """\
    1.14  #!/bin/sh
    1.15  
    1.16 @@ -113,6 +117,8 @@
    1.17  fi
    1.18  """
    1.19  
    1.20 +# Conventional owner/group permissions.
    1.21 +
    1.22  postsetup_chown_chmod = """\
    1.23  #!/bin/sh
    1.24  
    1.25 @@ -140,6 +146,27 @@
    1.26  fi
    1.27  """
    1.28  
    1.29 +# SELinux file type modifications.
    1.30 +
    1.31 +postsetup_semanage = """\
    1.32 +#!/bin/sh
    1.33 +
    1.34 +semanage fcontext -a -t httpd_sys_content_t "%(common_dir)s(/.*)?"
    1.35 +"""
    1.36 +
    1.37 +postsetup_semanage_extra = """\
    1.38 +semanage fcontext -a -t httpd_sys_content_t "%(htdocs_dir)s(/.*)?"
    1.39 +"""
    1.40 +
    1.41 +postsetup_semanage_logs = """\
    1.42 +"""
    1.43 +
    1.44 +postinst_scripts = {
    1.45 +    "chown"     : ("moinsetup-post-chown.sh", postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs),
    1.46 +    "setfacl"   : ("moinsetup-post-setfacl.sh", postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs),
    1.47 +    "semanage"  : ("moinsetup-post-semanage.sh", postsetup_semanage, postsetup_semanage_extra, postsetup_semanage_logs),
    1.48 +    }
    1.49 +
    1.50  # Utility functions.
    1.51  
    1.52  def readfile(filename):
    1.53 @@ -759,6 +786,23 @@
    1.54  
    1.55          return directories
    1.56  
    1.57 +    def _get_temp_filename(self):
    1.58 +        fd, temp_filename = tempfile.mkstemp(dir=self.common_dir)
    1.59 +        os.close(fd)
    1.60 +        return temp_filename
    1.61 +
    1.62 +    def have_setfacl(self):
    1.63 +
    1.64 +        "Work out whether setfacl works."
    1.65 +
    1.66 +        temp_filename = self._get_temp_filename()
    1.67 +
    1.68 +        try:
    1.69 +            return os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % {
    1.70 +                "web_user" : self.web_user, "file" : temp_filename}) == 0
    1.71 +        finally:
    1.72 +            remove(temp_filename)
    1.73 +
    1.74      # Main methods.
    1.75  
    1.76      def setup(self):
    1.77 @@ -1075,30 +1119,16 @@
    1.78  
    1.79          "Write a post-install script with additional actions."
    1.80  
    1.81 -        # Work out whether setfacl works.
    1.82 -
    1.83 -        fd, temp_filename = tempfile.mkstemp(dir=self.common_dir)
    1.84 -        os.close(fd)
    1.85 -
    1.86 -        have_setfacl = os.system("setfacl -m user:%(web_user)s:r %(file)s > /dev/null 2>&1" % {
    1.87 -            "web_user" : self.web_user, "file" : temp_filename}) == 0
    1.88 -
    1.89 -        remove(temp_filename)
    1.90 -
    1.91          # Create the scripts.
    1.92  
    1.93          this_user = os.environ["USER"]
    1.94 -        postinst_scripts = "moinsetup-post-chown.sh", "moinsetup-post-setfacl.sh"
    1.95  
    1.96          vars = {}
    1.97          vars.update(Installation.__dict__)
    1.98          vars.update(self.__dict__)
    1.99          vars.update(locals())
   1.100  
   1.101 -        for postinst_script, start, extra, logs in [
   1.102 -            (postinst_scripts[0], postsetup_chown_chmod, postsetup_chown_extra, postsetup_chown_logs),
   1.103 -            (postinst_scripts[1], postsetup_setfacl, postsetup_setfacl_extra, postsetup_setfacl_logs)
   1.104 -            ]:
   1.105 +        for postinst_script, start, extra, logs in postinst_scripts.values():
   1.106  
   1.107              s = start % vars
   1.108              s += extra % vars
   1.109 @@ -1107,11 +1137,13 @@
   1.110              writefile(postinst_script, s)
   1.111              chmod(postinst_script, 0755)
   1.112  
   1.113 -        if have_setfacl:
   1.114 -            note("Run %s to set file ownership and permissions.\n"
   1.115 -                "If this somehow fails..." % postinst_scripts[1])
   1.116 +        if self.have_setfacl():
   1.117 +            note("Run %s to set file access permissions.\n"
   1.118 +                "If this somehow fails..." % postinst_scripts["setfacl"][0])
   1.119  
   1.120 -        note("Run %s as root to set file ownership and permissions." % postinst_scripts[0])
   1.121 +        note("Run %s as root to set file ownership and permissions." % postinst_scripts["chown"][0])
   1.122 +
   1.123 +        note("Run %s as root to set SELinux permissions, if applicable." % postinst_scripts["semanage"][0])
   1.124  
   1.125      # Accessory methods.
   1.126