0001-debian-remove-wheezy-support-15966.patch
debian-wheezy/README.Debian | ||
---|---|---|
1 |
Setting up an Authentic server |
|
2 |
============================== |
|
3 | ||
4 |
Go to /etc/authentic2/authentic.conf to configure authentic. |
debian-wheezy/README.source | ||
---|---|---|
1 |
This package uses quilt to patch the upstream source. |
|
2 | ||
3 |
You can find some info on how to generate the patched source, add a new |
|
4 |
modification, and remove an existing modification on: |
|
5 |
/usr/share/doc/quilt/README.source |
|
6 |
debian-wheezy/authentic2-ctl | ||
---|---|---|
1 |
#!/bin/sh |
|
2 | ||
3 |
export AUTHENTIC2_SETTINGS_FILE=/usr/share/authentic2/debian_config.py |
|
4 | ||
5 |
if [ "$(whoami)" != "authentic" ]; then |
|
6 |
if which sudo >/dev/null; then |
|
7 |
if sudo -v -u authentic; then |
|
8 |
sudo -u authentic authentic2-ctl "$@" |
|
9 |
exit $? |
|
10 |
fi |
|
11 |
echo "You must run this script with authentic user" |
|
12 |
exit 1 |
|
13 |
fi |
|
14 |
fi |
|
15 | ||
16 |
if [ -f /etc/default/authentic2 ]; then |
|
17 |
. /etc/default/authentic2 |
|
18 |
fi |
|
19 | ||
20 |
if [ -f /etc/authentic2/db.conf ]; then |
|
21 |
. /etc/authentic2/db.conf |
|
22 |
fi |
|
23 |
if [ -f /etc/authentic2/authentic.conf ]; then |
|
24 |
. /etc/authentic2/authentic.conf |
|
25 |
fi |
|
26 | ||
27 |
/usr/lib/authentic2/manage.py "$@" |
debian-wheezy/authentic2-multitenant.cron.d | ||
---|---|---|
1 |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
2 |
MAILTO=root |
|
3 | ||
4 |
0 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command clearsessions --all-tenants |
|
5 |
5 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command cleanupauthentic --all-tenants |
|
6 |
10 * * * * authentic-multitenant authentic2-multitenant-manage tenant_command sync-ldap-users --all-tenants |
debian-wheezy/authentic2-multitenant.cron.hourly | ||
---|---|---|
1 |
#!/bin/sh |
|
2 | ||
3 |
exit 0 |
debian-wheezy/authentic2-multitenant.dirs | ||
---|---|---|
1 |
etc/authentic2-multitenant |
|
2 |
etc/authentic2-multitenant/settings.d |
|
3 |
usr/lib/authentic2-multitenant |
|
4 |
var/lib/authentic2-multitenant/tenants |
|
5 |
var/lib/authentic2-multitenant/static |
|
6 |
var/lib/authentic2-multitenant/collectstatic |
|
7 |
var/lib/authentic2-multitenant/locale |
|
8 |
var/lib/authentic2-multitenant/templates |
|
9 |
var/run/authentic2-multitenant |
|
10 |
var/log/authentic2-multitenant |
debian-wheezy/authentic2-multitenant.docs | ||
---|---|---|
1 |
AUTHORS.txt |
|
2 |
COPYING |
|
3 |
README |
|
4 |
debian/multitenant/nginx-example.conf |
debian-wheezy/authentic2-multitenant.init | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
### BEGIN INIT INFO |
|
3 |
# Provides: authentic2-multitenant |
|
4 |
# Required-Start: $network $local_fs $syslog |
|
5 |
# Required-Stop: $network $local_fs $syslog |
|
6 |
# Should-Start: postgresql |
|
7 |
# Should-Stop: postgresql |
|
8 |
# Default-Start: 2 3 4 5 |
|
9 |
# Default-Stop: 0 1 6 |
|
10 |
# Short-Description: Authentic2 is a versatile identity provider |
|
11 |
# Description: Authentic2 is a versatile identity provider |
|
12 |
### END INIT INFO |
|
13 | ||
14 |
# Author: Serghei MIHAI <smihai@entrouvert.com> |
|
15 | ||
16 |
PATH=/sbin:/usr/sbin:/bin:/usr/bin |
|
17 |
DESC=authentic2 |
|
18 |
NAME=authentic2-multitenant |
|
19 |
DAEMON=/usr/bin/gunicorn |
|
20 |
PID_DIR=/var/run/$NAME |
|
21 |
CACHE_DIR=/var/cache/$NAME |
|
22 |
LOG_DIR=/var/log/$NAME |
|
23 |
PIDFILE=$PID_DIR/$NAME.pid |
|
24 |
SCRIPTNAME=/etc/init.d/$NAME |
|
25 |
BIND=unix:$PID_DIR/$NAME.sock |
|
26 |
WORKERS=4 |
|
27 | ||
28 |
export AUTHENTIC2_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py |
|
29 |
MANAGE_SCRIPT="/usr/bin/$NAME-manage" |
|
30 | ||
31 |
USER=authentic-multitenant |
|
32 |
GROUP=authentic-multitenant |
|
33 | ||
34 |
# Exit if the package is not installed |
|
35 |
[ -x $DAEMON ] || exit 0 |
|
36 | ||
37 |
# Read configuration variable file if it is present |
|
38 |
[ -r /etc/default/$NAME ] && . /etc/default/$NAME |
|
39 | ||
40 |
DAEMON_ARGS="--pid $PIDFILE \ |
|
41 |
--user $USER --group $GROUP \ |
|
42 |
--daemon \ |
|
43 |
--access-logfile $LOG_DIR/gunicorn-access.log \ |
|
44 |
--log-file $LOG_DIR/gunicorn-error.log \ |
|
45 |
--bind=$BIND \ |
|
46 |
--workers=$WORKERS \ |
|
47 |
--worker-class=sync \ |
|
48 |
--timeout=60 \ |
|
49 |
authentic2.wsgi:application" |
|
50 | ||
51 |
# Load the VERBOSE setting and other rcS variables |
|
52 |
. /lib/init/vars.sh |
|
53 | ||
54 |
# Define LSB log_* functions. |
|
55 |
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. |
|
56 |
. /lib/lsb/init-functions |
|
57 | ||
58 |
# Create pid directory |
|
59 |
if [ ! -d $PID_DIR ]; then |
|
60 |
install -d -m 755 -o $USER -g $GROUP $PID_DIR |
|
61 |
fi |
|
62 | ||
63 |
# Create cache directory |
|
64 |
if [ ! -d $CACHE_DIR ]; then |
|
65 |
install -d -m 755 -o $USER -g $GROUP $CACHE_DIR |
|
66 |
fi |
|
67 | ||
68 |
# Function collecting static files |
|
69 |
do_collectstatic() { |
|
70 |
log_action_msg "Collect static files.." |
|
71 |
su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT collectstatic -l --noinput" |
|
72 |
log_action_msg ".. done" |
|
73 |
} |
|
74 | ||
75 |
# |
|
76 |
# Function that starts the daemon/service |
|
77 |
# |
|
78 |
do_start() |
|
79 |
{ |
|
80 |
# Return |
|
81 |
# 0 if daemon has been started |
|
82 |
# 1 if daemon was already running |
|
83 |
# 2 if daemon could not be started |
|
84 |
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ |
|
85 |
|| return 1 |
|
86 |
start-stop-daemon --start --quiet --exec $DAEMON -- \ |
|
87 |
$DAEMON_ARGS \ |
|
88 |
|| return 2 |
|
89 |
} |
|
90 | ||
91 |
# |
|
92 |
# Function that stops the daemon/service |
|
93 |
# |
|
94 |
do_stop() |
|
95 |
{ |
|
96 |
# Return |
|
97 |
# 0 if daemon has been stopped |
|
98 |
# 1 if daemon was already stopped |
|
99 |
# 2 if daemon could not be stopped |
|
100 |
# other if a failure occurred |
|
101 |
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE |
|
102 |
RETVAL="$?" |
|
103 |
[ "$RETVAL" = 2 ] && return 2 |
|
104 |
# Wait for children to finish too if this is a daemon that forks |
|
105 |
# and if the daemon is only ever run from this initscript. |
|
106 |
# If the above conditions are not satisfied then add some other code |
|
107 |
# that waits for the process to drop all resources that could be |
|
108 |
# needed by services started subsequently. A last resort is to |
|
109 |
# sleep for some time. |
|
110 |
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON |
|
111 |
[ "$?" = 2 ] && return 2 |
|
112 |
# Many daemons don't delete their pidfiles when they exit. |
|
113 |
rm -f $PIDFILE |
|
114 |
return "$RETVAL" |
|
115 |
} |
|
116 | ||
117 |
# |
|
118 |
# Function that sends a SIGHUP to the daemon/service |
|
119 |
# |
|
120 |
do_reload() { |
|
121 |
# |
|
122 |
# If the daemon can reload its configuration without |
|
123 |
# restarting (for example, when it is sent a SIGHUP), |
|
124 |
# then implement that here. |
|
125 |
# |
|
126 |
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` |
|
127 |
return 0 |
|
128 |
} |
|
129 | ||
130 |
do_migrate() { |
|
131 |
log_action_msg "Applying new migrations .." |
|
132 |
su $USER -s /bin/sh -p -c "$MANAGE_SCRIPT migrate_schemas --noinput" |
|
133 |
log_action_msg ".. done" |
|
134 |
} |
|
135 | ||
136 |
case "$1" in |
|
137 |
start) |
|
138 |
log_daemon_msg "Starting $DESC " "$NAME" |
|
139 |
do_start |
|
140 |
case "$?" in |
|
141 |
0|1) log_end_msg 0 ;; |
|
142 |
2) log_end_msg 1 ;; |
|
143 |
esac |
|
144 |
;; |
|
145 |
stop) |
|
146 |
log_daemon_msg "Stopping $DESC" "$NAME" |
|
147 |
do_stop |
|
148 |
case "$?" in |
|
149 |
0|1) log_end_msg 0 ;; |
|
150 |
2) log_end_msg 1 ;; |
|
151 |
esac |
|
152 |
;; |
|
153 |
status) |
|
154 |
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? |
|
155 |
;; |
|
156 |
reload) |
|
157 |
log_daemon_msg "Reloading $DESC" "$NAME" |
|
158 |
do_reload |
|
159 |
log_end_msg $? |
|
160 |
;; |
|
161 |
update) |
|
162 |
log_daemon_msg "Updating $DESC" "$NAME" |
|
163 |
do_migrate && do_collectstatic |
|
164 |
log_end_msg $? |
|
165 |
;; |
|
166 |
restart) |
|
167 |
# |
|
168 |
# If the "reload" option is implemented then remove the |
|
169 |
# 'force-reload' alias |
|
170 |
# |
|
171 |
log_daemon_msg "Restarting $DESC" "$NAME" |
|
172 |
do_stop |
|
173 |
case "$?" in |
|
174 |
0|1) |
|
175 |
do_start |
|
176 |
case "$?" in |
|
177 |
0) log_end_msg 0 ;; |
|
178 |
1) log_end_msg 1 ;; # Old process is still running |
|
179 |
*) log_end_msg 1 ;; # Failed to start |
|
180 |
esac |
|
181 |
;; |
|
182 |
*) |
|
183 |
# Failed to stop |
|
184 |
log_end_msg 1 |
|
185 |
;; |
|
186 |
esac |
|
187 |
;; |
|
188 |
*) |
|
189 |
echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|update}" >&2 |
|
190 |
exit 3 |
|
191 |
;; |
|
192 |
esac |
|
193 |
debian-wheezy/authentic2-multitenant.install | ||
---|---|---|
1 |
debian/multitenant/authentic2-multitenant-manage /usr/bin |
|
2 |
debian/multitenant/config.py /etc/authentic2-multitenant |
|
3 |
debian/multitenant/debian_config.py /usr/lib/authentic2-multitenant |
debian-wheezy/authentic2-multitenant.logrotate | ||
---|---|---|
1 |
/var/log/authentic2-multitenant/*.log { |
|
2 |
weekly |
|
3 |
missingok |
|
4 |
rotate 52 |
|
5 |
compress |
|
6 |
delaycompress |
|
7 |
notifempty |
|
8 |
create 0640 authentic-multitenant adm |
|
9 |
sharedscripts |
|
10 |
postrotate |
|
11 |
[ ! -f /var/run/authentic2-multitenant/authentic2-multitenant.pid ] || kill -HUP `cat /var/run/authentic2-multitenant/authentic2-multitenant.pid` |
|
12 |
endscript |
|
13 |
} |
|
14 |
debian-wheezy/authentic2-multitenant.postinst | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# |
|
3 |
# Postinst script for authentic2 |
|
4 |
# |
|
5 | ||
6 |
set -e |
|
7 | ||
8 |
NAME=authentic2-multitenant |
|
9 |
MANAGE_SCRIPT=$NAME-manage |
|
10 |
AUTHENTIC_USER=authentic-multitenant |
|
11 |
AUTHENTIC_GROUP=authentic-multitenant |
|
12 |
AUTHENTIC_HOME=/var/lib/$NAME |
|
13 |
AUTHENTIC_SECRET_KEY="/etc/$NAME/secret" |
|
14 | ||
15 |
case "$1" in |
|
16 |
configure) |
|
17 |
if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then |
|
18 |
echo -n "Adding group $AUTHENTIC_GROUP.." >&2 |
|
19 |
addgroup --quiet --system $AUTHENTIC_GROUP |
|
20 |
echo "..done" >&2 |
|
21 |
fi |
|
22 |
if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then |
|
23 |
echo -n "Adding user $AUTHENTIC_USER.." >&2 |
|
24 |
adduser --quiet --system --gecos "Authentic2 daemon" \ |
|
25 |
--ingroup $AUTHENTIC_GROUP \ |
|
26 |
--no-create-home --home $AUTHENTIC_HOME \ |
|
27 |
$AUTHENTIC_USER |
|
28 |
echo "..done" >&2 |
|
29 |
fi |
|
30 |
if [ ! -f $AUTHENTIC_SECRET_KEY ]; then |
|
31 |
echo -n "Generating a secret key.." >&2 |
|
32 |
echo -n "`</dev/urandom tr -dc [:alnum:]-_\!\%\^:\; | head -c70`" > "$AUTHENTIC_SECRET_KEY" |
|
33 |
chmod 0640 $AUTHENTIC_SECRET_KEY |
|
34 |
chown root:$AUTHENTIC_USER $AUTHENTIC_SECRET_KEY |
|
35 |
echo "..done" >&2 |
|
36 |
fi |
|
37 |
chown $AUTHENTIC_USER:$AUTHENTIC_GROUP $AUTHENTIC_HOME/tenants \ |
|
38 |
/var/lib/$NAME/collectstatic \ |
|
39 |
/var/run/$NAME \ |
|
40 |
/var/log/$NAME |
|
41 |
/etc/init.d/$NAME update |
|
42 |
;; |
|
43 |
triggered) |
|
44 |
su -s /bin/sh -c "$MANAGE_SCRIPT hobo_deploy --redeploy" $AUTHENTIC_USER |
|
45 |
;; |
|
46 |
reconfigure|abort-upgrade|abort-remove|abort-deconfigure) |
|
47 |
;; |
|
48 | ||
49 |
*) |
|
50 |
echo "postinst called with unknown argument \`$1'" >&2 |
|
51 |
exit 1 |
|
52 |
;; |
|
53 |
esac |
|
54 | ||
55 |
# dh_installdeb will replace this with shell code automatically |
|
56 |
# generated by other debhelper scripts. |
|
57 | ||
58 |
#DEBHELPER# |
|
59 | ||
60 |
exit 0 |
debian-wheezy/authentic2-multitenant.triggers | ||
---|---|---|
1 |
interest-noawait hobo-redeploy |
debian-wheezy/authentic2.config | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# config maintainer script for foo-pgsql |
|
3 | ||
4 |
set -e |
|
5 | ||
6 |
# source debconf stuff |
|
7 |
. /usr/share/debconf/confmodule |
|
8 |
# source dbconfig-common shell library, and call the hook function |
|
9 |
if [ -f /usr/share/dbconfig-common/dpkg/config.pgsql ]; then |
|
10 |
. /usr/share/dbconfig-common/dpkg/config.pgsql |
|
11 |
dbc_go authentic2 $@ |
|
12 |
fi |
|
13 | ||
14 |
#DEBHELPER# |
debian-wheezy/authentic2.cron.d | ||
---|---|---|
1 |
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin |
|
2 |
MAILTO=root |
|
3 | ||
4 |
0 * * * * authentic authentic2-ctl clearsessions |
|
5 |
5 * * * * authentic authentic2-ctl cleanupauthentic |
|
6 |
10 * * * * authentic authentic2-ctl sync-ldap-users |
|
7 |
debian-wheezy/authentic2.cron.hourly | ||
---|---|---|
1 |
#!/bin/sh |
|
2 | ||
3 |
exit 0 |
debian-wheezy/authentic2.dirs | ||
---|---|---|
1 |
etc/authentic2 |
|
2 |
usr/share/dbconfig-common/scripts/authentic2/install |
|
3 |
var/lib/authentic2/media |
|
4 |
var/lib/authentic2/static |
|
5 |
var/lib/authentic2/collectstatic |
|
6 |
var/lib/authentic2/templates |
|
7 |
var/run/authentic2 |
|
8 |
var/log/authentic2 |
debian-wheezy/authentic2.docs | ||
---|---|---|
1 |
AUTHORS.txt |
|
2 |
COPYING |
|
3 |
README |
debian-wheezy/authentic2.init | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
### BEGIN INIT INFO |
|
3 |
# Provides: authentic2 |
|
4 |
# Required-Start: $network $local_fs $syslog |
|
5 |
# Required-Stop: $network $local_fs $syslog |
|
6 |
# Should-Start: postgresql |
|
7 |
# Should-Stop: postgresql |
|
8 |
# Default-Start: 2 3 4 5 |
|
9 |
# Default-Stop: 0 1 6 |
|
10 |
# Short-Description: Authentic2 is a versatile identity provider |
|
11 |
# Description: Authentic2 is a versatile identity provider |
|
12 |
### END INIT INFO |
|
13 | ||
14 |
# Author: Jérôme Schneider <jschneider@entrouvert.com> |
|
15 | ||
16 |
PATH=/sbin:/usr/sbin:/bin:/usr/bin |
|
17 |
DESC=authentic2 |
|
18 |
NAME=authentic2 |
|
19 |
DAEMON=/usr/bin/gunicorn |
|
20 |
PID_DIR=/var/run/$NAME |
|
21 |
CACHE_DIR=/var/cache/$NAME |
|
22 |
LOG_DIR=/var/log/$NAME |
|
23 |
PIDFILE=$PID_DIR/$NAME.pid |
|
24 |
SCRIPTNAME=/etc/init.d/$NAME |
|
25 |
MANAGE_SCRIPT=/usr/bin/$NAME-ctl |
|
26 |
BIND=unix:$PID_DIR/$NAME.sock |
|
27 |
AUTHENTIC2_SETTINGS_FILE=/usr/share/$NAME/debian_config.py |
|
28 | ||
29 |
USER=authentic |
|
30 |
GROUP=authentic |
|
31 | ||
32 |
# Exit if the package is not installed |
|
33 |
[ -x $DAEMON ] || exit 0 |
|
34 | ||
35 |
# Read configuration variable file if it is present |
|
36 |
[ -r /etc/default/$NAME ] && . /etc/default/$NAME |
|
37 | ||
38 |
DAEMON_ARGS="--pid $PIDFILE \ |
|
39 |
--user $USER --group $GROUP \ |
|
40 |
--daemon \ |
|
41 |
--access-logfile $LOG_DIR/gunicorn-access.log \ |
|
42 |
--log-file $LOG_DIR/gunicorn-error.log \ |
|
43 |
--bind=$BIND \ |
|
44 |
--workers=10 \ |
|
45 |
--worker-class=sync \ |
|
46 |
--timeout=60 \ |
|
47 |
authentic2.wsgi:application" |
|
48 | ||
49 |
# Load config |
|
50 |
if [ -f /etc/authentic2/db.conf ]; then |
|
51 |
. /etc/authentic2/db.conf |
|
52 |
fi |
|
53 |
if [ -f /etc/authentic2/authentic.conf ]; then |
|
54 |
. /etc/authentic2/authentic.conf |
|
55 |
fi |
|
56 | ||
57 |
# Load the VERBOSE setting and other rcS variables |
|
58 |
. /lib/init/vars.sh |
|
59 | ||
60 |
# Define LSB log_* functions. |
|
61 |
# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. |
|
62 |
. /lib/lsb/init-functions |
|
63 | ||
64 |
# Create pid directory |
|
65 |
if [ ! -d $PID_DIR ]; then |
|
66 |
install -d -m 755 -o $USER -g $GROUP $PID_DIR |
|
67 |
fi |
|
68 | ||
69 |
# Create cache directory |
|
70 |
if [ ! -d $CACHE_DIR ]; then |
|
71 |
install -d -m 755 -o $USER -g $GROUP $CACHE_DIR |
|
72 |
fi |
|
73 | ||
74 |
# |
|
75 |
# Function that starts the daemon/service |
|
76 |
# |
|
77 |
do_start() |
|
78 |
{ |
|
79 |
# Return |
|
80 |
# 0 if daemon has been started |
|
81 |
# 1 if daemon was already running |
|
82 |
# 2 if daemon could not be started |
|
83 |
export AUTHENTIC2_SETTINGS_FILE |
|
84 |
start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ |
|
85 |
|| return 1 |
|
86 |
start-stop-daemon --start --quiet --exec $DAEMON -- \ |
|
87 |
$DAEMON_ARGS \ |
|
88 |
|| return 2 |
|
89 |
} |
|
90 | ||
91 |
# |
|
92 |
# Function that stops the daemon/service |
|
93 |
# |
|
94 |
do_stop() |
|
95 |
{ |
|
96 |
# Return |
|
97 |
# 0 if daemon has been stopped |
|
98 |
# 1 if daemon was already stopped |
|
99 |
# 2 if daemon could not be stopped |
|
100 |
# other if a failure occurred |
|
101 |
start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE |
|
102 |
RETVAL="$?" |
|
103 |
[ "$RETVAL" = 2 ] && return 2 |
|
104 |
# Wait for children to finish too if this is a daemon that forks |
|
105 |
# and if the daemon is only ever run from this initscript. |
|
106 |
# If the above conditions are not satisfied then add some other code |
|
107 |
# that waits for the process to drop all resources that could be |
|
108 |
# needed by services started subsequently. A last resort is to |
|
109 |
# sleep for some time. |
|
110 |
start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON |
|
111 |
[ "$?" = 2 ] && return 2 |
|
112 |
# Many daemons don't delete their pidfiles when they exit. |
|
113 |
rm -f $PIDFILE |
|
114 |
return "$RETVAL" |
|
115 |
} |
|
116 | ||
117 |
# |
|
118 |
# Function that sends a SIGHUP to the daemon/service |
|
119 |
# |
|
120 |
do_reload() { |
|
121 |
# |
|
122 |
# If the daemon can reload its configuration without |
|
123 |
# restarting (for example, when it is sent a SIGHUP), |
|
124 |
# then implement that here. |
|
125 |
# |
|
126 |
start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name `basename $DAEMON` |
|
127 |
return 0 |
|
128 |
} |
|
129 | ||
130 |
do_migrate() { |
|
131 |
log_action_msg "Applying new migrations .." |
|
132 |
VERSION=`dpkg-query --show --showformat '${Version}' python-django` |
|
133 |
if dpkg --compare-versions $VERSION lt 1.7; then |
|
134 |
su $USER -p -c "$MANAGE_SCRIPT syncdb --migrate --noinput" |
|
135 |
else |
|
136 |
su $USER -p -c "$MANAGE_SCRIPT migrate --noinput" |
|
137 |
fi |
|
138 |
log_action_msg ".. done" |
|
139 |
} |
|
140 | ||
141 |
do_collectstatic() { |
|
142 |
log_action_msg "Collecting static files .." |
|
143 |
su $USER -p -c "$MANAGE_SCRIPT collectstatic -l --noinput" |
|
144 |
log_action_msg ".. done" |
|
145 |
} |
|
146 | ||
147 | ||
148 |
case "$1" in |
|
149 |
start) |
|
150 |
log_daemon_msg "Starting $DESC " "$NAME" |
|
151 |
do_migrate |
|
152 |
do_collectstatic |
|
153 |
do_start |
|
154 |
case "$?" in |
|
155 |
0|1) log_end_msg 0 ;; |
|
156 |
2) log_end_msg 1 ;; |
|
157 |
esac |
|
158 |
;; |
|
159 |
stop) |
|
160 |
log_daemon_msg "Stopping $DESC" "$NAME" |
|
161 |
do_stop |
|
162 |
case "$?" in |
|
163 |
0|1) log_end_msg 0 ;; |
|
164 |
2) log_end_msg 1 ;; |
|
165 |
esac |
|
166 |
;; |
|
167 |
status) |
|
168 |
status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $? |
|
169 |
;; |
|
170 |
reload) |
|
171 |
log_daemon_msg "Reloading $DESC" "$NAME" |
|
172 |
do_reload |
|
173 |
log_end_msg $? |
|
174 |
;; |
|
175 |
update) |
|
176 |
log_daemon_msg "Updating $DESC" "$NAME" |
|
177 |
do_migrate && do_collectstatic |
|
178 |
log_end_msg $? |
|
179 |
;; |
|
180 |
restart) |
|
181 |
log_daemon_msg "Restarting $DESC" "$NAME" |
|
182 |
do_stop |
|
183 |
case "$?" in |
|
184 |
0|1) |
|
185 |
do_start |
|
186 |
case "$?" in |
|
187 |
0) log_end_msg 0 ;; |
|
188 |
1) log_end_msg 1 ;; # Old process is still running |
|
189 |
*) log_end_msg 1 ;; # Failed to start |
|
190 |
esac |
|
191 |
;; |
|
192 |
*) |
|
193 |
# Failed to stop |
|
194 |
log_end_msg 1 |
|
195 |
;; |
|
196 |
esac |
|
197 |
;; |
|
198 |
*) |
|
199 |
echo "Usage: $SCRIPTNAME {start|stop|status|restart|update|reload}" >&2 |
|
200 |
exit 3 |
|
201 |
;; |
|
202 |
esac |
|
203 |
debian-wheezy/authentic2.install | ||
---|---|---|
1 |
debian/conf/authentic.conf /etc/authentic2 |
|
2 |
debian/conf/nginx-example.conf /etc/authentic2 |
|
3 |
debian/sql/db.conf /usr/share/authentic2/templates |
|
4 |
debian/authentic2-ctl /usr/bin |
|
5 |
debian/debian_config.py /usr/share/authentic2 |
debian-wheezy/authentic2.logrotate | ||
---|---|---|
1 |
/var/log/authentic2/*.log { |
|
2 |
weekly |
|
3 |
missingok |
|
4 |
rotate 52 |
|
5 |
compress |
|
6 |
delaycompress |
|
7 |
notifempty |
|
8 |
create 0640 authentic adm |
|
9 |
sharedscripts |
|
10 |
postrotate |
|
11 |
[ ! -f /var/run/authentic2/authentic2.pid ] || kill -HUP `cat /var/run/authentic2/authentic2.pid` |
|
12 |
endscript |
|
13 |
} |
|
14 |
debian-wheezy/authentic2.postinst | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# |
|
3 |
# Postinst script for authentic2 |
|
4 |
# |
|
5 | ||
6 |
set -e |
|
7 | ||
8 |
NAME=authentic2 |
|
9 |
AUTHENTIC_USER=authentic |
|
10 |
AUTHENTIC_GROUP=authentic |
|
11 |
AUTHENTIC_HOME=/var/lib/authentic2 |
|
12 |
AUTHENTIC_SECRET_KEY="$AUTHENTIC_HOME/secret_key" |
|
13 | ||
14 |
# source debconf stuff |
|
15 |
. /usr/share/debconf/confmodule |
|
16 | ||
17 |
case "$1" in |
|
18 |
configure) |
|
19 |
if ! getent group $AUTHENTIC_GROUP > /dev/null 2>&1; then |
|
20 |
echo -n "Adding group $AUTHENTIC_GROUP.." >&2 |
|
21 |
addgroup --quiet --system $AUTHENTIC_GROUP |
|
22 |
echo "..done" >&2 |
|
23 |
fi |
|
24 |
if ! getent passwd $AUTHENTIC_USER > /dev/null 2>&1; then |
|
25 |
echo -n "Adding user $AUTHENTIC_USER.." >&2 |
|
26 |
adduser --quiet --system --gecos "Authentic2 daemon" \ |
|
27 |
--ingroup $AUTHENTIC_GROUP \ |
|
28 |
--no-create-home --home $AUTHENTIC_HOME \ |
|
29 |
$AUTHENTIC_USER |
|
30 |
echo "..done" >&2 |
|
31 |
fi |
|
32 | ||
33 |
if [ ! -f $AUTHENTIC_SECRET_KEY ]; then |
|
34 |
if [ -f /etc/$NAME/secret ]; then |
|
35 |
echo -n "Converting storage of the secret key.." >&2 |
|
36 |
. /etc/$NAME/secret |
|
37 |
echo -n "$SECRET_KEY" >"$AUTHENTIC_SECRET_KEY" |
|
38 |
rm /etc/$NAME/secret |
|
39 |
echo "..done" >&2 |
|
40 |
else |
|
41 |
echo -n "Generating a secret key.." >&2 |
|
42 |
echo -n "`</dev/urandom tr -dc [:alnum:]-_\!\%\^:\; | head -c70`" > "$AUTHENTIC_SECRET_KEY" |
|
43 |
chmod 0600 $AUTHENTIC_SECRET_KEY |
|
44 |
echo "..done" >&2 |
|
45 |
fi |
|
46 |
fi |
|
47 | ||
48 |
if [ -d $AUTHENTIC_HOME/extra-static ]; then |
|
49 |
if [ -d $AUTHENTIC_HOME/static ]; then |
|
50 |
mv $AUTHENTIC_HOME/static $AUTHENTIC_HOME/static.dpkg_old |
|
51 |
fi |
|
52 |
mkdir -p $AUTHENTIC_HOME/static |
|
53 |
echo -n "Migrate old extra-static/ to static/.." >&2 |
|
54 |
mv $AUTHENTIC_HOME/extra-static/* $AUTHENTIC_HOME/static/ |
|
55 |
mv $AUTHENTIC_HOME/extra-static $AUTHENTIC_HOME/extra-static.dpkg_old |
|
56 |
echo "..done" >&2 |
|
57 |
fi |
|
58 | ||
59 |
if [ -f /etc/authentic2/authentic.conf ]; then |
|
60 |
# Fix old configuration file |
|
61 |
sed -i -e '/^\. \/etc\/authentic2\/secret$/d' \ |
|
62 |
-e '/^export *STATIC_ROOT *=/d' \ |
|
63 |
-e '/^. \/etc\/authentic2\/db.conf$/d' \ |
|
64 |
-e '/^# do not remove this line, it imports/d' \ |
|
65 |
/etc/authentic2/authentic.conf >&2 |
|
66 |
fi |
|
67 | ||
68 |
chown -R $AUTHENTIC_USER:$AUTHENTIC_GROUP /var/lib/authentic2/ |
|
69 | ||
70 |
# source dbconfig-common shell library, and call the hook function |
|
71 |
if [ -f /usr/share/dbconfig-common/dpkg/postinst.pgsql ]; then |
|
72 |
. /usr/share/dbconfig-common/dpkg/postinst.pgsql |
|
73 |
dbc_generate_include="template:/etc/authentic2/db.conf" |
|
74 |
dbc_generate_include_args="-o template_infile=/usr/share/authentic2/templates/db.conf -U" |
|
75 |
dbc_generate_include_owner="root:authentic" |
|
76 |
dbc_generate_include_perms="640" |
|
77 |
dbc_pgsql_createdb_encoding="UTF8" |
|
78 |
dbc_go authentic2 $@ |
|
79 |
fi |
|
80 | ||
81 |
if [ ! -f /etc/authentic2/cert.pem -a ! -f /etc/authentic2/key.pem ]; then |
|
82 |
echo -n "Generating key material..." >&2 |
|
83 |
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out /etc/authentic2/key.pem >&2 |
|
84 |
openssl req -x509 -new -out /etc/authentic2/cert.pem -subj '/CN=whocares' -key /etc/authentic2/key.pem -days 3650 >&2 |
|
85 |
chown $AUTHENTIC_USER.$AUTHENTIC_GROUP /etc/authentic2/cert.pem /etc/authentic2/key.pem |
|
86 |
chmod 640 /etc/authentic2/cert.pem /etc/authentic2/key.pem |
|
87 |
echo "..done" >&2 |
|
88 |
fi |
|
89 |
/etc/init.d/$NAME update |
|
90 |
;; |
|
91 | ||
92 |
reconfigure|abort-upgrade|abort-remove|abort-deconfigure) |
|
93 |
;; |
|
94 | ||
95 |
*) |
|
96 |
echo "postinst called with unknown argument \`$1'" >&2 |
|
97 |
exit 1 |
|
98 |
;; |
|
99 |
esac |
|
100 | ||
101 |
db_stop |
|
102 | ||
103 |
# dh_installdeb will replace this with shell code automatically |
|
104 |
# generated by other debhelper scripts. |
|
105 | ||
106 |
#DEBHELPER# |
|
107 | ||
108 |
exit 0 |
debian-wheezy/authentic2.postrm | ||
---|---|---|
1 |
#!/bin/sh |
|
2 |
# postrm script for authentic2 |
|
3 |
# |
|
4 |
# see: dh_installdeb(1) |
|
5 | ||
6 |
set -e |
|
7 | ||
8 |
case "$1" in purge) |
|
9 |
deluser --quiet --system authentic > /dev/null || true |
|
10 |
rm -f /etc/authentic2/secret |
|
11 |
rm -rf /var/lib/authentic2/static/* |
|
12 |
# source debconf stuff |
|
13 |
. /usr/share/debconf/confmodule |
|
14 |
# source dbconfig-common shell library, and call the hook function |
|
15 |
if [ -f /usr/share/dbconfig-common/dpkg/postrm.pgsql ]; then |
|
16 |
. /usr/share/dbconfig-common/dpkg/postrm.pgsql |
|
17 |
dbc_go authentic2 $@ |
|
18 |
fi |
|
19 | ||
20 |
DBCONF=/etc/authentic2/db.conf |
|
21 |
if [ "$1" = "purge" ]; then |
|
22 |
rm -f $DBCONF |
|
23 |
if which ucf >/dev/null 2>&1; then |
|
24 |
ucf --purge $DBCONF |
|
25 |
fi |
|
26 |
fi |
|
27 |
;; |
|
28 | ||
29 |
esac |
|
30 | ||
31 |
# dh_installdeb will replace this with shell code automatically |
|
32 |
# generated by other debhelper scripts. |
|
33 | ||
34 |
#DEBHELPER# |
|
35 | ||
36 |
exit 0 |
debian-wheezy/changelog | ||
---|---|---|
1 |
authentic2 (2.0.2.293.g51cfb00-1) stable; urgency=low |
|
2 | ||
3 |
* Update to last mast commit |
|
4 | ||
5 |
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 06 Aug 2013 10:54:59 +0200 |
|
6 | ||
7 |
authentic2 (2.0.2.292.ga6ad42e-1) stable; urgency=low |
|
8 | ||
9 |
* Update to last mast commit |
|
10 | ||
11 |
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 01 Aug 2013 18:00:18 +0200 |
|
12 | ||
13 |
authentic2 (2.0.2.291.g2b09e18-1) stable; urgency=low |
|
14 | ||
15 |
* Update to last mast commit |
|
16 | ||
17 |
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 01 Aug 2013 17:25:20 +0200 |
|
18 | ||
19 |
authentic2 (2.0.2.289.gce06aec-1) stable; urgency=low |
|
20 | ||
21 |
* Update to last mast commit |
|
22 | ||
23 |
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 01 Aug 2013 17:05:50 +0200 |
|
24 | ||
25 |
authentic2 (2.0.2.232.g37e9606-1) stable; urgency=low |
|
26 | ||
27 |
* Update to last mast commit |
|
28 | ||
29 |
-- Jérôme Schneider <jschneider@entrouvert.com> Fri, 28 Jun 2013 17:24:03 +0200 |
|
30 | ||
31 |
authentic2 (2.0.2.220.gcde5387-2) stable; urgency=low |
|
32 | ||
33 |
* complete configuration file |
|
34 |
* complete apache example |
|
35 | ||
36 |
-- Jérôme Schneider <jschneider@entrouvert.com> Wed, 19 Jun 2013 11:20:20 +0200 |
|
37 | ||
38 |
authentic2 (2.0.2.220.gcde5387-1) stable; urgency=low |
|
39 | ||
40 |
* update to last master commit |
|
41 |
* move manage.py to /usr/lib/authentic2 to follow : |
|
42 |
http://wiki.debian.org/DjangoPackagingDraft |
|
43 | ||
44 |
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 18 Jun 2013 18:02:30 +0200 |
|
45 | ||
46 |
authentic2 (2.0.2.214.g4e64a8e-4) stable; urgency=low |
|
47 | ||
48 |
* authentic.conf: replace ENGINE by DATABASE_ENGINE |
|
49 | ||
50 |
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 18 Jun 2013 16:21:52 +0200 |
|
51 | ||
52 |
authentic2 (2.0.2.214.g4e64a8e-3) unstable; urgency=low |
|
53 | ||
54 |
* change south dependency |
|
55 | ||
56 |
-- Jérôme Schneider <jschneider@entrouvert.com> Tue, 18 Jun 2013 13:42:56 +0200 |
|
57 | ||
58 |
authentic2 (2.0.2.214.g4e64a8e-2) unstable; urgency=low |
|
59 | ||
60 |
* Split into two packages : authentic2 and python-authentic2 |
|
61 |
* Add authentic2 postrm to delete authentic user |
|
62 | ||
63 |
-- Jérôme Schneider <jschneider@entrouvert.com> Sat, 15 Jun 2013 16:09:37 +0200 |
|
64 | ||
65 |
authentic2 (2.0.2.214.g4e64a8e-1) unstable; urgency=low |
|
66 | ||
67 |
* update to last upstream commit |
|
68 | ||
69 |
-- Jérôme Schneider <jschneider@entrouvert.com> Sat, 15 Jun 2013 09:57:51 +0200 |
|
70 | ||
71 |
authentic2 (2.0.2.212.g41b7e09-3) unstable; urgency=low |
|
72 | ||
73 |
* debian: fix postinst |
|
74 | ||
75 |
-- Jérôme Schneider <jschneider@entrouvert.com> Sat, 15 Jun 2013 09:49:30 +0200 |
|
76 | ||
77 |
authentic2 (2.0.2.212.g41b7e09-2) unstable; urgency=low |
|
78 | ||
79 |
* debian: add adduser dependency |
|
80 | ||
81 |
-- Jérôme Schneider <jschneider@entrouvert.com> Fri, 14 Jun 2013 22:14:38 +0200 |
|
82 | ||
83 |
authentic2 (2.0.2.212.g41b7e09-1) stable; urgency=low |
|
84 | ||
85 |
* using environment variables for the configuration |
|
86 | ||
87 |
-- Jérôme Schneider <jschneider@entrouvert.com> Fri, 14 Jun 2013 15:49:31 +0200 |
|
88 | ||
89 |
authentic2 (2.0.2.199.g5ddda2a-1) unstable; urgency=low |
|
90 | ||
91 |
* debian: add mission local_config.py |
|
92 |
* fix setup.py |
|
93 | ||
94 |
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 13 Jun 2013 20:33:09 +0200 |
|
95 | ||
96 |
authentic2 (2.0.2.196.g8409882-1) unstable; urgency=low |
|
97 | ||
98 |
* debian: port to squeeze |
|
99 |
* debian: add an init script |
|
100 |
* debian: add static files |
|
101 | ||
102 |
-- Jérôme Schneider <jschneider@entrouvert.com> Thu, 13 Jun 2013 17:14:30 +0200 |
|
103 | ||
104 |
authentic2 (1.9.0-0) unstable; urgency=low |
|
105 | ||
106 |
* Initial packaging. |
|
107 | ||
108 |
-- Frederic Peters <fpeters@debian.org> Tue, 01 Jun 2010 14:28:56 +0200 |
debian-wheezy/compat | ||
---|---|---|
1 |
7 |
debian-wheezy/conf/authentic.conf | ||
---|---|---|
1 |
# do not remove this line, it imports db configuration from dbconfig-common |
|
2 |
. /etc/authentic2/db.conf |
|
3 |
# do not remove this line, it imports secret which is automatically generated |
|
4 |
. /etc/authentic2/secret |
|
5 | ||
6 |
# Debug |
|
7 |
# export DEBUG=yes |
|
8 | ||
9 |
# Define administrators / managers |
|
10 |
# export ADMINS='admin eo;admin+authentic2@example.com' |
|
11 | ||
12 |
# Database configuration (please use dpkg-reconfigure authentic2) |
|
13 | ||
14 |
# Static root directory |
|
15 |
export STATIC_ROOT='/var/lib/authentic2/static' |
|
16 | ||
17 |
# We are behind a reverse proxy so we accept every hosts |
|
18 |
export ALLOWED_HOSTS='*' |
|
19 | ||
20 |
# You MUST set RSA key here |
|
21 |
# you can generate this key with this commands : |
|
22 |
# openssl genrsa -out saml.key 2048 |
|
23 |
# openssl rsa -in saml.key -pubout -out saml.pub |
|
24 |
export SAML_SIGNATURE_PUBLIC_KEY="`cat /etc/authentic2/cert.pem`" |
|
25 |
export SAML_SIGNATURE_PRIVATE_KEY="`cat /etc/authentic2/key.pem`" |
|
26 | ||
27 |
# Cache configuration |
|
28 |
#export USE_MEMCACHED=yes # required python-memcache memcached |
|
29 | ||
30 |
# Enables some features |
|
31 |
#export IDP_SAML2='yes' |
|
32 |
#export IDP_OPENID='yes' # require package python-openid |
|
33 |
#export IDP_CAS='yes' |
|
34 |
#export AUTH_SAML2='yes' |
|
35 |
#export AUTH_OPENID='yes' # require package python-openid |
|
36 |
#export AUTH_SSL='yes' |
|
37 | ||
38 |
# Sentry / Raven configuration |
|
39 |
#export SENTRY_DSN='' # require package python-raven |
|
40 | ||
41 |
# Email configuration |
|
42 |
#export EMAIL_HOST = 'localhost' |
|
43 |
#esport EMAIL_PORT = 25 |
|
44 |
export EMAIL_SUBJECT_PREFIX='[Authentic2]' |
|
45 |
#export SERVER_EMAIL='admin+authentic2@entrouvert.com' |
|
46 | ||
47 |
debian-wheezy/conf/nginx-example.conf | ||
---|---|---|
1 |
server { |
|
2 |
listen 443; |
|
3 |
server_name authentic.example.fr; |
|
4 | ||
5 |
ssl on; |
|
6 |
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; |
|
7 |
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; |
|
8 | ||
9 |
access_log /var/log/nginx/authentic.example.fr-access.log combined; |
|
10 |
error_log /var/log/nginx/authentic.example.fr-error.log; |
|
11 | ||
12 |
location /static { |
|
13 |
alias /var/lib/authentic2/collectstatic; |
|
14 |
} |
|
15 | ||
16 |
location / { |
|
17 |
proxy_pass http://unix:/var/run/authentic2/authentic2.sock; |
|
18 |
proxy_set_header Host $http_host; |
|
19 |
proxy_set_header X-Forwarded-SSL on; |
|
20 |
proxy_set_header X-Forwarded-Protocol ssl; |
|
21 |
proxy_set_header X-Forwarded-Proto https; |
|
22 |
} |
|
23 |
} |
|
24 | ||
25 |
server { |
|
26 |
listen 80; |
|
27 |
server_name authentic.example.fr; |
|
28 | ||
29 |
access_log /var/log/nginx/authentic.example.fr-access.log combined; |
|
30 |
error_log /var/log/nginx/authentic.example.fr-error.log; |
|
31 | ||
32 |
location /static { |
|
33 |
alias /var/lib/authentic2/collectstatic; |
|
34 |
} |
|
35 | ||
36 |
location / { |
|
37 |
proxy_pass http://unix:/var/run/authentic2/authentic2.sock; |
|
38 |
proxy_set_header Host $http_host; |
|
39 |
} |
|
40 |
} |
|
41 |
debian-wheezy/control | ||
---|---|---|
1 |
Source: authentic2 |
|
2 |
Section: python |
|
3 |
Priority: optional |
|
4 |
Maintainer: Jerome Schneider <jschneider@entrouvert.com> |
|
5 |
Build-Depends-Indep: python-all-dev (>= 2.6) |
|
6 |
Build-Depends: debhelper (>= 8.0), python-setuptools, python-django (>= 1.5), dh-python |
|
7 |
Standards-Version: 3.8.3 |
|
8 |
Homepage: http://authentic.labs.libre-entreprise.org |
|
9 |
X-Python-Version: >= 2.6 |
|
10 | ||
11 |
Package: python-authentic2 |
|
12 |
Architecture: all |
|
13 |
Pre-Depends: python-django (>= 1.8), python-django (<< 1.8), openssl |
|
14 |
Depends: ${misc:Depends}, ${python:Depends}, |
|
15 |
python-requests (>=2.3), |
|
16 |
python-django-model-utils (>= 2.4), |
|
17 |
python-django-admin-tools (>= 0.5.2), |
|
18 |
python-lasso (>= 2.4.1.100), |
|
19 |
python-dnspython (>= 1.10), |
|
20 |
python-django-select2 (>= 5), |
|
21 |
python-gadjo (>= 0.53), |
|
22 |
python-django-tables2 (>= 1), |
|
23 |
python-django-tables2 (<< 1.1), |
|
24 |
python-django-import-export (>= 0.2.7), |
|
25 |
python-djangorestframework (>= 3.3), |
|
26 |
python-markdown (>= 2.1), |
|
27 |
python-ldap (>= 2.4), |
|
28 |
python-six (>= 1.0), |
|
29 |
python-django-filters (>= 1) |
|
30 |
Provides: ${python:Provides} |
|
31 |
Recommends: python-openid, python-ldap |
|
32 |
Suggests: python-raven |
|
33 |
Description: Versatile identity server |
|
34 |
Authentic is a versatile identity provider aiming to address a broad |
|
35 |
range of needs, from simple to complex setups; it has support for many |
|
36 |
protocols and can bridge between them. |
|
37 |
. |
|
38 |
It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) |
|
39 |
implementation of the Liberty Alliance specifications. |
|
40 | ||
41 |
Package: authentic2 |
|
42 |
Architecture: all |
|
43 |
Pre-Depends: python-authentic2 (= ${binary:Version}) |
|
44 |
Depends: ${misc:Depends}, adduser, |
|
45 |
python-psycopg2, |
|
46 |
gunicorn, dbconfig-common, |
|
47 |
debconf | debconf-2.0, ucf |
|
48 |
Recommends: postgresql-client |
|
49 |
Suggests: nginx, postgresql |
|
50 |
Description: Versatile identity server Python module |
|
51 |
Authentic is a versatile identity provider aiming to address a broad |
|
52 |
range of needs, from simple to complex setups; it has support for many |
|
53 |
protocols and can bridge between them. |
|
54 |
. |
|
55 |
It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) |
|
56 |
implementation of the Liberty Alliance specifications. |
|
57 | ||
58 |
Package: authentic2-multitenant |
|
59 |
Architecture: all |
|
60 |
Pre-Depends: python-authentic2 (= ${binary:Version}) |
|
61 |
Depends: ${misc:Depends}, adduser, |
|
62 |
python-psycopg2, |
|
63 |
python-django-tenant-schemas (>= 1.5.2.1), |
|
64 |
python-hobo, |
|
65 |
gunicorn, dbconfig-common, |
|
66 |
debconf | debconf-2.0, ucf |
|
67 |
Recommends: postgresql-client |
|
68 |
Suggests: nginx, postgresql |
|
69 |
Description: Multitenant versatile identity server Python module |
|
70 |
Authentic is a versatile identity provider aiming to address a broad |
|
71 |
range of needs, from simple to complex setups; it has support for many |
|
72 |
protocols and can bridge between them. |
|
73 |
. |
|
74 |
It has support for ID-FF and SAMLv2 thanks to Lasso, a free (GNU GPL) |
|
75 |
implementation of the Liberty Alliance specifications. |
debian-wheezy/copyright | ||
---|---|---|
1 |
This package was debianized by Entr'ouvert (Frédéric Péters and Jérôme Schneider) |
|
2 | ||
3 |
Copyright (C) 2008-2013 Entr'ouvert |
|
4 | ||
5 |
Upstream Authors: Benjamin Dauvergne and Mikaël Ates from Entr'ouvert |
|
6 | ||
7 |
License: |
|
8 | ||
9 |
Core of authentic is entirely under the copyright of Entr'ouvert and distributed |
|
10 |
under the license AGPLv3. |
|
11 | ||
12 |
GNU AFFERO GENERAL PUBLIC LICENSE |
|
13 |
Version 3, 19 November 2007 |
|
14 | ||
15 |
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/> |
|
16 |
Everyone is permitted to copy and distribute verbatim copies |
|
17 |
of this license document, but changing it is not allowed. |
|
18 | ||
19 |
Preamble |
|
20 | ||
21 |
The GNU Affero General Public License is a free, copyleft license for |
|
22 |
software and other kinds of works, specifically designed to ensure |
|
23 |
cooperation with the community in the case of network server software. |
|
24 | ||
25 |
The licenses for most software and other practical works are designed |
|
26 |
to take away your freedom to share and change the works. By contrast, |
|
27 |
our General Public Licenses are intended to guarantee your freedom to |
|
28 |
share and change all versions of a program--to make sure it remains free |
|
29 |
software for all its users. |
|
30 | ||
31 |
When we speak of free software, we are referring to freedom, not |
|
32 |
price. Our General Public Licenses are designed to make sure that you |
|
33 |
have the freedom to distribute copies of free software (and charge for |
|
34 |
them if you wish), that you receive source code or can get it if you |
|
35 |
want it, that you can change the software or use pieces of it in new |
|
36 |
free programs, and that you know you can do these things. |
|
37 | ||
38 |
Developers that use our General Public Licenses protect your rights |
|
39 |
with two steps: (1) assert copyright on the software, and (2) offer |
|
40 |
you this License which gives you legal permission to copy, distribute |
|
41 |
and/or modify the software. |
|
42 | ||
43 |
A secondary benefit of defending all users' freedom is that |
|
44 |
improvements made in alternate versions of the program, if they |
|
45 |
receive widespread use, become available for other developers to |
|
46 |
incorporate. Many developers of free software are heartened and |
|
47 |
encouraged by the resulting cooperation. However, in the case of |
|
48 |
software used on network servers, this result may fail to come about. |
|
49 |
The GNU General Public License permits making a modified version and |
|
50 |
letting the public access it on a server without ever releasing its |
|
51 |
source code to the public. |
|
52 | ||
53 |
The GNU Affero General Public License is designed specifically to |
|
54 |
ensure that, in such cases, the modified source code becomes available |
|
55 |
to the community. It requires the operator of a network server to |
|
56 |
provide the source code of the modified version running there to the |
|
57 |
users of that server. Therefore, public use of a modified version, on |
|
58 |
a publicly accessible server, gives the public access to the source |
|
59 |
code of the modified version. |
|
60 | ||
61 |
An older license, called the Affero General Public License and |
|
62 |
published by Affero, was designed to accomplish similar goals. This is |
|
63 |
a different license, not a version of the Affero GPL, but Affero has |
|
64 |
released a new version of the Affero GPL which permits relicensing under |
|
65 |
this license. |
|
66 | ||
67 |
The precise terms and conditions for copying, distribution and |
|
68 |
modification follow. |
|
69 | ||
70 |
TERMS AND CONDITIONS |
|
71 | ||
72 |
0. Definitions. |
|
73 | ||
74 |
"This License" refers to version 3 of the GNU Affero General Public License. |
|
75 | ||
76 |
"Copyright" also means copyright-like laws that apply to other kinds of |
|
77 |
works, such as semiconductor masks. |
|
78 | ||
79 |
"The Program" refers to any copyrightable work licensed under this |
|
80 |
License. Each licensee is addressed as "you". "Licensees" and |
|
81 |
"recipients" may be individuals or organizations. |
|
82 | ||
83 |
To "modify" a work means to copy from or adapt all or part of the work |
|
84 |
in a fashion requiring copyright permission, other than the making of an |
|
85 |
exact copy. The resulting work is called a "modified version" of the |
|
86 |
earlier work or a work "based on" the earlier work. |
|
87 | ||
88 |
A "covered work" means either the unmodified Program or a work based |
|
89 |
on the Program. |
|
90 | ||
91 |
To "propagate" a work means to do anything with it that, without |
|
92 |
permission, would make you directly or secondarily liable for |
|
93 |
infringement under applicable copyright law, except executing it on a |
|
94 |
computer or modifying a private copy. Propagation includes copying, |
|
95 |
distribution (with or without modification), making available to the |
|
96 |
public, and in some countries other activities as well. |
|
97 | ||
98 |
To "convey" a work means any kind of propagation that enables other |
|
99 |
parties to make or receive copies. Mere interaction with a user through |
|
100 |
a computer network, with no transfer of a copy, is not conveying. |
|
101 | ||
102 |
An interactive user interface displays "Appropriate Legal Notices" |
|
103 |
to the extent that it includes a convenient and prominently visible |
|
104 |
feature that (1) displays an appropriate copyright notice, and (2) |
|
105 |
tells the user that there is no warranty for the work (except to the |
|
106 |
extent that warranties are provided), that licensees may convey the |
|
107 |
work under this License, and how to view a copy of this License. If |
|
108 |
the interface presents a list of user commands or options, such as a |
|
109 |
menu, a prominent item in the list meets this criterion. |
|
110 | ||
111 |
1. Source Code. |
|
112 | ||
113 |
The "source code" for a work means the preferred form of the work |
|
114 |
for making modifications to it. "Object code" means any non-source |
|
115 |
form of a work. |
|
116 | ||
117 |
A "Standard Interface" means an interface that either is an official |
|
118 |
standard defined by a recognized standards body, or, in the case of |
|
119 |
interfaces specified for a particular programming language, one that |
|
120 |
is widely used among developers working in that language. |
|
121 | ||
122 |
The "System Libraries" of an executable work include anything, other |
|
123 |
than the work as a whole, that (a) is included in the normal form of |
|
124 |
packaging a Major Component, but which is not part of that Major |
|
125 |
Component, and (b) serves only to enable use of the work with that |
|
126 |
Major Component, or to implement a Standard Interface for which an |
|
127 |
implementation is available to the public in source code form. A |
|
128 |
"Major Component", in this context, means a major essential component |
|
129 |
(kernel, window system, and so on) of the specific operating system |
|
130 |
(if any) on which the executable work runs, or a compiler used to |
|
131 |
produce the work, or an object code interpreter used to run it. |
|
132 | ||
133 |
The "Corresponding Source" for a work in object code form means all |
|
134 |
the source code needed to generate, install, and (for an executable |
|
135 |
work) run the object code and to modify the work, including scripts to |
|
136 |
control those activities. However, it does not include the work's |
|
137 |
System Libraries, or general-purpose tools or generally available free |
|
138 |
programs which are used unmodified in performing those activities but |
|
139 |
which are not part of the work. For example, Corresponding Source |
|
140 |
includes interface definition files associated with source files for |
|
141 |
the work, and the source code for shared libraries and dynamically |
|
142 |
linked subprograms that the work is specifically designed to require, |
|
143 |
such as by intimate data communication or control flow between those |
|
144 |
subprograms and other parts of the work. |
|
145 | ||
146 |
The Corresponding Source need not include anything that users |
|
147 |
can regenerate automatically from other parts of the Corresponding |
|
148 |
Source. |
|
149 | ||
150 |
The Corresponding Source for a work in source code form is that |
|
151 |
same work. |
|
152 | ||
153 |
2. Basic Permissions. |
|
154 | ||
155 |
All rights granted under this License are granted for the term of |
|
156 |
copyright on the Program, and are irrevocable provided the stated |
|
157 |
conditions are met. This License explicitly affirms your unlimited |
|
158 |
permission to run the unmodified Program. The output from running a |
|
159 |
covered work is covered by this License only if the output, given its |
|
160 |
content, constitutes a covered work. This License acknowledges your |
|
161 |
rights of fair use or other equivalent, as provided by copyright law. |
|
162 | ||
163 |
You may make, run and propagate covered works that you do not |
|
164 |
convey, without conditions so long as your license otherwise remains |
|
165 |
in force. You may convey covered works to others for the sole purpose |
|
166 |
of having them make modifications exclusively for you, or provide you |
|
167 |
with facilities for running those works, provided that you comply with |
|
168 |
the terms of this License in conveying all material for which you do |
|
169 |
not control copyright. Those thus making or running the covered works |
|
170 |
for you must do so exclusively on your behalf, under your direction |
|
171 |
and control, on terms that prohibit them from making any copies of |
|
172 |
your copyrighted material outside their relationship with you. |
|
173 | ||
174 |
Conveying under any other circumstances is permitted solely under |
|
175 |
the conditions stated below. Sublicensing is not allowed; section 10 |
|
176 |
makes it unnecessary. |
|
177 | ||
178 |
3. Protecting Users' Legal Rights From Anti-Circumvention Law. |
|
179 | ||
180 |
No covered work shall be deemed part of an effective technological |
|
181 |
measure under any applicable law fulfilling obligations under article |
|
182 |
11 of the WIPO copyright treaty adopted on 20 December 1996, or |
|
183 |
similar laws prohibiting or restricting circumvention of such |
|
184 |
measures. |
|
185 | ||
186 |
When you convey a covered work, you waive any legal power to forbid |
|
187 |
circumvention of technological measures to the extent such circumvention |
|
188 |
is effected by exercising rights under this License with respect to |
|
189 |
the covered work, and you disclaim any intention to limit operation or |
|
190 |
modification of the work as a means of enforcing, against the work's |
|
191 |
users, your or third parties' legal rights to forbid circumvention of |
|
192 |
technological measures. |
|
193 | ||
194 |
4. Conveying Verbatim Copies. |
|
195 | ||
196 |
You may convey verbatim copies of the Program's source code as you |
|
197 |
receive it, in any medium, provided that you conspicuously and |
|
198 |
appropriately publish on each copy an appropriate copyright notice; |
|
199 |
keep intact all notices stating that this License and any |
|
200 |
non-permissive terms added in accord with section 7 apply to the code; |
|
201 |
keep intact all notices of the absence of any warranty; and give all |
|
202 |
recipients a copy of this License along with the Program. |
|
203 | ||
204 |
You may charge any price or no price for each copy that you convey, |
|
205 |
and you may offer support or warranty protection for a fee. |
|
206 | ||
207 |
5. Conveying Modified Source Versions. |
|
208 | ||
209 |
You may convey a work based on the Program, or the modifications to |
|
210 |
produce it from the Program, in the form of source code under the |
|
211 |
terms of section 4, provided that you also meet all of these conditions: |
|
212 | ||
213 |
a) The work must carry prominent notices stating that you modified |
|
214 |
it, and giving a relevant date. |
|
215 | ||
216 |
b) The work must carry prominent notices stating that it is |
|
217 |
released under this License and any conditions added under section |
|
218 |
7. This requirement modifies the requirement in section 4 to |
|
219 |
"keep intact all notices". |
|
220 | ||
221 |
c) You must license the entire work, as a whole, under this |
|
222 |
License to anyone who comes into possession of a copy. This |
|
223 |
License will therefore apply, along with any applicable section 7 |
|
224 |
additional terms, to the whole of the work, and all its parts, |
|
225 |
regardless of how they are packaged. This License gives no |
|
226 |
permission to license the work in any other way, but it does not |
|
227 |
invalidate such permission if you have separately received it. |
|
228 | ||
229 |
d) If the work has interactive user interfaces, each must display |
|
230 |
Appropriate Legal Notices; however, if the Program has interactive |
|
231 |
interfaces that do not display Appropriate Legal Notices, your |
|
232 |
work need not make them do so. |
|
233 | ||
234 |
A compilation of a covered work with other separate and independent |
|
235 |
works, which are not by their nature extensions of the covered work, |
|
236 |
and which are not combined with it such as to form a larger program, |
|
237 |
in or on a volume of a storage or distribution medium, is called an |
|
238 |
"aggregate" if the compilation and its resulting copyright are not |
|
239 |
used to limit the access or legal rights of the compilation's users |
|
240 |
beyond what the individual works permit. Inclusion of a covered work |
|
241 |
in an aggregate does not cause this License to apply to the other |
|
242 |
parts of the aggregate. |
|
243 | ||
244 |
6. Conveying Non-Source Forms. |
|
245 | ||
246 |
You may convey a covered work in object code form under the terms |
|
247 |
of sections 4 and 5, provided that you also convey the |
|
248 |
machine-readable Corresponding Source under the terms of this License, |
|
249 |
in one of these ways: |
|
250 | ||
251 |
a) Convey the object code in, or embodied in, a physical product |
|
252 |
(including a physical distribution medium), accompanied by the |
|
253 |
Corresponding Source fixed on a durable physical medium |
|
254 |
customarily used for software interchange. |
|
255 | ||
256 |
b) Convey the object code in, or embodied in, a physical product |
|
257 |
(including a physical distribution medium), accompanied by a |
|
258 |
written offer, valid for at least three years and valid for as |
|
259 |
long as you offer spare parts or customer support for that product |
|
260 |
model, to give anyone who possesses the object code either (1) a |
|
261 |
copy of the Corresponding Source for all the software in the |
|
262 |
product that is covered by this License, on a durable physical |
|
263 |
medium customarily used for software interchange, for a price no |
|
264 |
more than your reasonable cost of physically performing this |
|
265 |
conveying of source, or (2) access to copy the |
|
266 |
Corresponding Source from a network server at no charge. |
|
267 | ||
268 |
c) Convey individual copies of the object code with a copy of the |
|
269 |
written offer to provide the Corresponding Source. This |
|
270 |
alternative is allowed only occasionally and noncommercially, and |
|
271 |
only if you received the object code with such an offer, in accord |
|
272 |
with subsection 6b. |
|
273 | ||
274 |
d) Convey the object code by offering access from a designated |
|
275 |
place (gratis or for a charge), and offer equivalent access to the |
|
276 |
Corresponding Source in the same way through the same place at no |
|
277 |
further charge. You need not require recipients to copy the |
|
278 |
Corresponding Source along with the object code. If the place to |
|
279 |
copy the object code is a network server, the Corresponding Source |
|
280 |
may be on a different server (operated by you or a third party) |
|
281 |
that supports equivalent copying facilities, provided you maintain |
|
282 |
clear directions next to the object code saying where to find the |
|
283 |
Corresponding Source. Regardless of what server hosts the |
|
284 |
Corresponding Source, you remain obligated to ensure that it is |
|
285 |
available for as long as needed to satisfy these requirements. |
|
286 | ||
287 |
e) Convey the object code using peer-to-peer transmission, provided |
|
288 |
you inform other peers where the object code and Corresponding |
|
289 |
Source of the work are being offered to the general public at no |
|
290 |
charge under subsection 6d. |
|
291 | ||
292 |
A separable portion of the object code, whose source code is excluded |
|
293 |
from the Corresponding Source as a System Library, need not be |
|
294 |
included in conveying the object code work. |
|
295 | ||
296 |
A "User Product" is either (1) a "consumer product", which means any |
|
297 |
tangible personal property which is normally used for personal, family, |
|
298 |
or household purposes, or (2) anything designed or sold for incorporation |
|
299 |
into a dwelling. In determining whether a product is a consumer product, |
|
300 |
doubtful cases shall be resolved in favor of coverage. For a particular |
|
301 |
product received by a particular user, "normally used" refers to a |
|
302 |
typical or common use of that class of product, regardless of the status |
|
303 |
of the particular user or of the way in which the particular user |
|
304 |
actually uses, or expects or is expected to use, the product. A product |
|
305 |
is a consumer product regardless of whether the product has substantial |
|
306 |
commercial, industrial or non-consumer uses, unless such uses represent |
|
307 |
the only significant mode of use of the product. |
|
308 | ||
309 |
"Installation Information" for a User Product means any methods, |
|
310 |
procedures, authorization keys, or other information required to install |
|
311 |
and execute modified versions of a covered work in that User Product from |
|
312 |
a modified version of its Corresponding Source. The information must |
|
313 |
suffice to ensure that the continued functioning of the modified object |
|
314 |
code is in no case prevented or interfered with solely because |
|
315 |
modification has been made. |
|
316 | ||
317 |
If you convey an object code work under this section in, or with, or |
|
318 |
specifically for use in, a User Product, and the conveying occurs as |
|
319 |
part of a transaction in which the right of possession and use of the |
|
320 |
User Product is transferred to the recipient in perpetuity or for a |
|
321 |
fixed term (regardless of how the transaction is characterized), the |
|
322 |
Corresponding Source conveyed under this section must be accompanied |
|
323 |
by the Installation Information. But this requirement does not apply |
|
324 |
if neither you nor any third party retains the ability to install |
|
325 |
modified object code on the User Product (for example, the work has |
|
326 |
been installed in ROM). |
|
327 | ||
328 |
The requirement to provide Installation Information does not include a |
|
329 |
requirement to continue to provide support service, warranty, or updates |
|
330 |
for a work that has been modified or installed by the recipient, or for |
|
331 |
the User Product in which it has been modified or installed. Access to a |
|
332 |
network may be denied when the modification itself materially and |
|
333 |
adversely affects the operation of the network or violates the rules and |
|
334 |
protocols for communication across the network. |
|
335 | ||
336 |
Corresponding Source conveyed, and Installation Information provided, |
|
337 |
in accord with this section must be in a format that is publicly |
|
338 |
documented (and with an implementation available to the public in |
|
339 |
source code form), and must require no special password or key for |
|
340 |
unpacking, reading or copying. |
|
341 | ||
342 |
7. Additional Terms. |
|
343 | ||
344 |
"Additional permissions" are terms that supplement the terms of this |
|
345 |
License by making exceptions from one or more of its conditions. |
|
346 |
Additional permissions that are applicable to the entire Program shall |
|
347 |
be treated as though they were included in this License, to the extent |
|
348 |
that they are valid under applicable law. If additional permissions |
|
349 |
apply only to part of the Program, that part may be used separately |
|
350 |
under those permissions, but the entire Program remains governed by |
|
351 |
this License without regard to the additional permissions. |
|
352 | ||
353 |
When you convey a copy of a covered work, you may at your option |
|
354 |
remove any additional permissions from that copy, or from any part of |
|
355 |
it. (Additional permissions may be written to require their own |
|
356 |
removal in certain cases when you modify the work.) You may place |
|
357 |
additional permissions on material, added by you to a covered work, |
|
358 |
for which you have or can give appropriate copyright permission. |
|
359 | ||
360 |
Notwithstanding any other provision of this License, for material you |
|
361 |
add to a covered work, you may (if authorized by the copyright holders of |
|
362 |
that material) supplement the terms of this License with terms: |
|
363 | ||
364 |
a) Disclaiming warranty or limiting liability differently from the |
|
365 |
terms of sections 15 and 16 of this License; or |
|
366 | ||
367 |
b) Requiring preservation of specified reasonable legal notices or |
|
368 |
author attributions in that material or in the Appropriate Legal |
|
369 |
Notices displayed by works containing it; or |
|
370 | ||
371 |
c) Prohibiting misrepresentation of the origin of that material, or |
|
372 |
requiring that modified versions of such material be marked in |
|
373 |
reasonable ways as different from the original version; or |
|
374 | ||
375 |
d) Limiting the use for publicity purposes of names of licensors or |
|
376 |
authors of the material; or |
|
377 | ||
378 |
e) Declining to grant rights under trademark law for use of some |
|
379 |
trade names, trademarks, or service marks; or |
|
380 | ||
381 |
f) Requiring indemnification of licensors and authors of that |
|
382 |
material by anyone who conveys the material (or modified versions of |
|
383 |
it) with contractual assumptions of liability to the recipient, for |
|
384 |
any liability that these contractual assumptions directly impose on |
|
385 |
those licensors and authors. |
|
386 | ||
387 |
All other non-permissive additional terms are considered "further |
|
388 |
restrictions" within the meaning of section 10. If the Program as you |
|
389 |
received it, or any part of it, contains a notice stating that it is |
|
390 |
governed by this License along with a term that is a further |
|
391 |
restriction, you may remove that term. If a license document contains |
|
392 |
a further restriction but permits relicensing or conveying under this |
|
393 |
License, you may add to a covered work material governed by the terms |
|
394 |
of that license document, provided that the further restriction does |
|
395 |
not survive such relicensing or conveying. |
|
396 | ||
397 |
If you add terms to a covered work in accord with this section, you |
|
398 |
must place, in the relevant source files, a statement of the |
|
399 |
additional terms that apply to those files, or a notice indicating |
|
400 |
where to find the applicable terms. |
|
401 | ||
402 |
Additional terms, permissive or non-permissive, may be stated in the |
|
403 |
form of a separately written license, or stated as exceptions; |
|
404 |
the above requirements apply either way. |
|
405 | ||
406 |
8. Termination. |
|
407 | ||
408 |
You may not propagate or modify a covered work except as expressly |
|
409 |
provided under this License. Any attempt otherwise to propagate or |
|
410 |
modify it is void, and will automatically terminate your rights under |
|
411 |
this License (including any patent licenses granted under the third |
|
412 |
paragraph of section 11). |
|
413 | ||
414 |
However, if you cease all violation of this License, then your |
|
415 |
license from a particular copyright holder is reinstated (a) |
|
416 |
provisionally, unless and until the copyright holder explicitly and |
|
417 |
finally terminates your license, and (b) permanently, if the copyright |
|
418 |
holder fails to notify you of the violation by some reasonable means |
|
419 |
prior to 60 days after the cessation. |
|
420 | ||
421 |
Moreover, your license from a particular copyright holder is |
|
422 |
reinstated permanently if the copyright holder notifies you of the |
|
423 |
violation by some reasonable means, this is the first time you have |
|
424 |
received notice of violation of this License (for any work) from that |
|
425 |
copyright holder, and you cure the violation prior to 30 days after |
|
426 |
your receipt of the notice. |
|
427 | ||
428 |
Termination of your rights under this section does not terminate the |
|
429 |
licenses of parties who have received copies or rights from you under |
|
430 |
this License. If your rights have been terminated and not permanently |
|
431 |
reinstated, you do not qualify to receive new licenses for the same |
|
432 |
material under section 10. |
|
433 | ||
434 |
9. Acceptance Not Required for Having Copies. |
|
435 | ||
436 |
You are not required to accept this License in order to receive or |
|
437 |
run a copy of the Program. Ancillary propagation of a covered work |
|
438 |
occurring solely as a consequence of using peer-to-peer transmission |
|
439 |
to receive a copy likewise does not require acceptance. However, |
|
440 |
nothing other than this License grants you permission to propagate or |
|
441 |
modify any covered work. These actions infringe copyright if you do |
|
442 |
not accept this License. Therefore, by modifying or propagating a |
|
443 |
covered work, you indicate your acceptance of this License to do so. |
|
444 | ||
445 |
10. Automatic Licensing of Downstream Recipients. |
|
446 | ||
447 |
Each time you convey a covered work, the recipient automatically |
|
448 |
receives a license from the original licensors, to run, modify and |
|
449 |
propagate that work, subject to this License. You are not responsible |
|
450 |
for enforcing compliance by third parties with this License. |
|
451 | ||
452 |
An "entity transaction" is a transaction transferring control of an |
|
453 |
organization, or substantially all assets of one, or subdividing an |
|
454 |
organization, or merging organizations. If propagation of a covered |
|
455 |
work results from an entity transaction, each party to that |
|
456 |
transaction who receives a copy of the work also receives whatever |
|
457 |
licenses to the work the party's predecessor in interest had or could |
|
458 |
give under the previous paragraph, plus a right to possession of the |
|
459 |
Corresponding Source of the work from the predecessor in interest, if |
|
460 |
the predecessor has it or can get it with reasonable efforts. |
|
461 | ||
462 |
You may not impose any further restrictions on the exercise of the |
|
463 |
rights granted or affirmed under this License. For example, you may |
|
464 |
not impose a license fee, royalty, or other charge for exercise of |
|
465 |
rights granted under this License, and you may not initiate litigation |
|
466 |
(including a cross-claim or counterclaim in a lawsuit) alleging that |
|
467 |
any patent claim is infringed by making, using, selling, offering for |
|
468 |
sale, or importing the Program or any portion of it. |
|
469 | ||
470 |
11. Patents. |
|
471 | ||
472 |
A "contributor" is a copyright holder who authorizes use under this |
|
473 |
License of the Program or a work on which the Program is based. The |
|
474 |
work thus licensed is called the contributor's "contributor version". |
|
475 | ||
476 |
A contributor's "essential patent claims" are all patent claims |
|
477 |
owned or controlled by the contributor, whether already acquired or |
|
478 |
hereafter acquired, that would be infringed by some manner, permitted |
|
479 |
by this License, of making, using, or selling its contributor version, |
|
480 |
but do not include claims that would be infringed only as a |
|
481 |
consequence of further modification of the contributor version. For |
|
482 |
purposes of this definition, "control" includes the right to grant |
|
483 |
patent sublicenses in a manner consistent with the requirements of |
|
484 |
this License. |
|
485 | ||
486 |
Each contributor grants you a non-exclusive, worldwide, royalty-free |
|
487 |
patent license under the contributor's essential patent claims, to |
|
488 |
make, use, sell, offer for sale, import and otherwise run, modify and |
|
489 |
propagate the contents of its contributor version. |
|
490 | ||
491 |
In the following three paragraphs, a "patent license" is any express |
|
492 |
agreement or commitment, however denominated, not to enforce a patent |
|
493 |
(such as an express permission to practice a patent or covenant not to |
|
494 |
sue for patent infringement). To "grant" such a patent license to a |
|
495 |
party means to make such an agreement or commitment not to enforce a |
|
496 |
patent against the party. |
|
497 | ||
498 |
If you convey a covered work, knowingly relying on a patent license, |
|
499 |
and the Corresponding Source of the work is not available for anyone |
|
500 |
to copy, free of charge and under the terms of this License, through a |
|
501 |
publicly available network server or other readily accessible means, |
|
502 |
then you must either (1) cause the Corresponding Source to be so |
|
503 |
available, or (2) arrange to deprive yourself of the benefit of the |
|
504 |
patent license for this particular work, or (3) arrange, in a manner |
|
505 |
consistent with the requirements of this License, to extend the patent |
|
506 |
license to downstream recipients. "Knowingly relying" means you have |
|
507 |
actual knowledge that, but for the patent license, your conveying the |
|
508 |
covered work in a country, or your recipient's use of the covered work |
|
509 |
in a country, would infringe one or more identifiable patents in that |
|
510 |
country that you have reason to believe are valid. |
|
511 | ||
512 |
If, pursuant to or in connection with a single transaction or |
|
513 |
arrangement, you convey, or propagate by procuring conveyance of, a |
|
514 |
covered work, and grant a patent license to some of the parties |
|
515 |
receiving the covered work authorizing them to use, propagate, modify |
|
516 |
or convey a specific copy of the covered work, then the patent license |
|
517 |
you grant is automatically extended to all recipients of the covered |
|
518 |
work and works based on it. |
|
519 | ||
520 |
A patent license is "discriminatory" if it does not include within |
|
521 |
the scope of its coverage, prohibits the exercise of, or is |
|
522 |
conditioned on the non-exercise of one or more of the rights that are |
|
523 |
specifically granted under this License. You may not convey a covered |
|
524 |
work if you are a party to an arrangement with a third party that is |
|
525 |
in the business of distributing software, under which you make payment |
|
526 |
to the third party based on the extent of your activity of conveying |
|
527 |
the work, and under which the third party grants, to any of the |
|
528 |
parties who would receive the covered work from you, a discriminatory |
|
529 |
patent license (a) in connection with copies of the covered work |
|
530 |
conveyed by you (or copies made from those copies), or (b) primarily |
|
531 |
for and in connection with specific products or compilations that |
|
532 |
contain the covered work, unless you entered into that arrangement, |
|
533 |
or that patent license was granted, prior to 28 March 2007. |
|
534 | ||
535 |
Nothing in this License shall be construed as excluding or limiting |
|
536 |
any implied license or other defenses to infringement that may |
|
537 |
otherwise be available to you under applicable patent law. |
|
538 | ||
539 |
12. No Surrender of Others' Freedom. |
|
540 | ||
541 |
If conditions are imposed on you (whether by court order, agreement or |
|
542 |
otherwise) that contradict the conditions of this License, they do not |
|
543 |
excuse you from the conditions of this License. If you cannot convey a |
|
544 |
covered work so as to satisfy simultaneously your obligations under this |
|
545 |
License and any other pertinent obligations, then as a consequence you may |
|
546 |
not convey it at all. For example, if you agree to terms that obligate you |
|
547 |
to collect a royalty for further conveying from those to whom you convey |
|
548 |
the Program, the only way you could satisfy both those terms and this |
|
549 |
License would be to refrain entirely from conveying the Program. |
|
550 | ||
551 |
13. Remote Network Interaction; Use with the GNU General Public License. |
|
552 | ||
553 |
Notwithstanding any other provision of this License, if you modify the |
|
554 |
Program, your modified version must prominently offer all users |
|
555 |
interacting with it remotely through a computer network (if your version |
|
556 |
supports such interaction) an opportunity to receive the Corresponding |
|
557 |
Source of your version by providing access to the Corresponding Source |
|
558 |
from a network server at no charge, through some standard or customary |
|
559 |
means of facilitating copying of software. This Corresponding Source |
|
560 |
shall include the Corresponding Source for any work covered by version 3 |
|
561 |
of the GNU General Public License that is incorporated pursuant to the |
|
562 |
following paragraph. |
|
563 | ||
564 |
Notwithstanding any other provision of this License, you have |
|
565 |
permission to link or combine any covered work with a work licensed |
|
566 |
under version 3 of the GNU General Public License into a single |
|
567 |
combined work, and to convey the resulting work. The terms of this |
|
568 |
License will continue to apply to the part which is the covered work, |
|
569 |
but the work with which it is combined will remain governed by version |
|
570 |
3 of the GNU General Public License. |
|
571 | ||
572 |
14. Revised Versions of this License. |
|
573 | ||
574 |
The Free Software Foundation may publish revised and/or new versions of |
|
575 |
the GNU Affero General Public License from time to time. Such new versions |
|
576 |
will be similar in spirit to the present version, but may differ in detail to |
|
577 |
address new problems or concerns. |
|
578 | ||
579 |
Each version is given a distinguishing version number. If the |
|
580 |
Program specifies that a certain numbered version of the GNU Affero General |
|
581 |
Public License "or any later version" applies to it, you have the |
|
582 |
option of following the terms and conditions either of that numbered |
|
583 |
version or of any later version published by the Free Software |
|
584 |
Foundation. If the Program does not specify a version number of the |
|
585 |
GNU Affero General Public License, you may choose any version ever published |
|
586 |
by the Free Software Foundation. |
|
587 | ||
588 |
If the Program specifies that a proxy can decide which future |
|
589 |
versions of the GNU Affero General Public License can be used, that proxy's |
|
590 |
public statement of acceptance of a version permanently authorizes you |
|
591 |
to choose that version for the Program. |
|
592 | ||
593 |
Later license versions may give you additional or different |
|
594 |
permissions. However, no additional obligations are imposed on any |
|
595 |
author or copyright holder as a result of your choosing to follow a |
|
596 |
later version. |
|
597 | ||
598 |
15. Disclaimer of Warranty. |
|
599 | ||
600 |
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY |
|
601 |
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT |
|
602 |
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY |
|
603 |
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, |
|
604 |
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
|
605 |
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM |
|
606 |
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF |
|
607 |
ALL NECESSARY SERVICING, REPAIR OR CORRECTION. |
|
608 | ||
609 |
16. Limitation of Liability. |
|
610 | ||
611 |
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING |
|
612 |
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS |
|
613 |
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY |
|
614 |
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE |
|
615 |
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF |
|
616 |
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD |
|
617 |
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), |
|
618 |
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF |
|
619 |
SUCH DAMAGES. |
|
620 | ||
621 |
17. Interpretation of Sections 15 and 16. |
|
622 | ||
623 |
If the disclaimer of warranty and limitation of liability provided |
|
624 |
above cannot be given local legal effect according to their terms, |
|
625 |
reviewing courts shall apply local law that most closely approximates |
|
626 |
an absolute waiver of all civil liability in connection with the |
|
627 |
Program, unless a warranty or assumption of liability accompanies a |
|
628 |
copy of the Program in return for a fee. |
|
629 | ||
630 |
END OF TERMS AND CONDITIONS |
|
631 | ||
632 |
How to Apply These Terms to Your New Programs |
|
633 | ||
634 |
If you develop a new program, and you want it to be of the greatest |
|
635 |
possible use to the public, the best way to achieve this is to make it |
|
636 |
free software which everyone can redistribute and change under these terms. |
|
637 | ||
638 |
To do so, attach the following notices to the program. It is safest |
|
639 |
to attach them to the start of each source file to most effectively |
|
640 |
state the exclusion of warranty; and each file should have at least |
|
641 |
the "copyright" line and a pointer to where the full notice is found. |
|
642 | ||
643 |
<one line to give the program's name and a brief idea of what it does.> |
|
644 |
Copyright (C) <year> <name of author> |
|
645 | ||
646 |
This program is free software: you can redistribute it and/or modify |
|
647 |
it under the terms of the GNU Affero General Public License as published by |
|
648 |
the Free Software Foundation, either version 3 of the License, or |
|
649 |
(at your option) any later version. |
|
650 | ||
651 |
This program is distributed in the hope that it will be useful, |
|
652 |
but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
653 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
654 |
GNU Affero General Public License for more details. |
|
655 | ||
656 |
You should have received a copy of the GNU Affero General Public License |
|
657 |
along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
658 | ||
659 |
Also add information on how to contact you by electronic and paper mail. |
|
660 | ||
661 |
If your software can interact with users remotely through a computer |
|
662 |
network, you should also make sure that it provides a way for users to |
|
663 |
get its source. For example, if your program is a web application, its |
|
664 |
interface could display a "Source" link that leads users to an archive |
|
665 |
of the code. There are many ways you could offer source, and different |
|
666 |
solutions will be better for different programs; see section 13 for the |
|
667 |
specific requirements. |
|
668 | ||
669 |
You should also get your employer (if you work as a programmer) or school, |
|
670 |
if any, to sign a "copyright disclaimer" for the program, if necessary. |
|
671 |
For more information on this, and how to apply and follow the GNU AGPL, see |
|
672 |
<http://www.gnu.org/licenses/>. |
|
673 | ||
674 |
External modules oath and totp-js modules are licensed under a BSD-like licence. |
|
675 | ||
676 |
OpenID idp module is derived of the project django_openid_provider which is |
|
677 |
distributed under the Apache 2.0 license. |
debian-wheezy/debian_config.py | ||
---|---|---|
1 |
import os |
|
2 |
import warnings |
|
3 |
from authentic2 import logger |
|
4 | ||
5 | ||
6 |
# Add the XForwardedForMiddleware |
|
7 |
MIDDLEWARE_CLASSES = ('authentic2.middleware.XForwardedForMiddleware',) + MIDDLEWARE_CLASSES |
|
8 | ||
9 |
# Debian defaults |
|
10 |
DEBUG = False |
|
11 | ||
12 |
STATIC_ROOT = '/var/lib/authentic2/collectstatic/' |
|
13 |
STATICFILES_DIRS = ('/var/lib/authentic2/static',) + STATICFILES_DIRS |
|
14 |
TEMPLATE_DIRS = ('/var/lib/authentic2/templates',) + TEMPLATE_DIRS |
|
15 |
LOCALE_PATHS = ('/var/lib/authentic2/locale',) + LOCALE_PATHS |
|
16 | ||
17 |
ADMINS = (('root', 'root@localhost'),) |
|
18 | ||
19 |
if os.path.exists('/var/lib/authentic2/secret_key'): |
|
20 |
SECRET_KEY = file('/var/lib/authentic2/secret_key').read() |
|
21 | ||
22 |
LOGGING = { |
|
23 |
'version': 1, |
|
24 |
'disable_existing_loggers': True, |
|
25 |
'filters': { |
|
26 |
'cleaning': { |
|
27 |
'()': 'authentic2.utils.CleanLogMessage', |
|
28 |
}, |
|
29 |
'request_context': { |
|
30 |
'()': 'authentic2.log_filters.RequestContextFilter', |
|
31 |
}, |
|
32 |
'force_debug': { |
|
33 |
'()': 'authentic2.log_filters.ForceDebugFilter', |
|
34 |
} |
|
35 |
}, |
|
36 |
'formatters': { |
|
37 |
'syslog': { |
|
38 |
'format': 'authentic2[%(process)d]: %(ip)s %(user)s %(request_id)s %(levelname)s %(message)s', |
|
39 |
}, |
|
40 |
'syslog_db': { |
|
41 |
'format': 'authentic2[%(process)d]: %(levelname)s %(message)s', |
|
42 |
}, |
|
43 |
}, |
|
44 |
'handlers': { |
|
45 |
'syslog': { |
|
46 |
'level': 'DEBUG', |
|
47 |
'address': '/dev/log', |
|
48 |
'class': 'logging.handlers.SysLogHandler', |
|
49 |
'filters': ['cleaning', 'request_context'], |
|
50 |
'formatter': 'syslog', |
|
51 |
}, |
|
52 |
# remove request_context filter for db log to prevent infinite loop |
|
53 |
# when logging sql query to retrieve the session user |
|
54 |
'syslog_db': { |
|
55 |
'level': 'DEBUG', |
|
56 |
'address': '/dev/log', |
|
57 |
'class': 'logging.handlers.SysLogHandler', |
|
58 |
'filters': ['cleaning'], |
|
59 |
'formatter': 'syslog_db', |
|
60 |
}, |
|
61 |
}, |
|
62 |
'loggers': { |
|
63 |
# even when debugging seeing SQL queries is too much, activate it |
|
64 |
# explicitly using DEBUG_DB |
|
65 |
'django.db': { |
|
66 |
# use a special handler to prevent recursive loop by the RequestContextFilter |
|
67 |
# as it does accesses to the database |
|
68 |
'handlers': ['syslog_db'], |
|
69 |
'level': logger.SettingsLogLevel('INFO', debug_setting='DEBUG_DB'), |
|
70 |
'propagate': False, |
|
71 |
}, |
|
72 |
'django': { |
|
73 |
# Override Django default values |
|
74 |
'handlers': [], |
|
75 |
'level': 'NOTSET', |
|
76 |
'propagate': True, |
|
77 |
}, |
|
78 |
'django.server': { |
|
79 |
# Override Django 1.8 default values |
|
80 |
'handlers': [], |
|
81 |
'level': 'NOTSET', |
|
82 |
'propagate': True, |
|
83 |
}, |
|
84 |
'django.request': { |
|
85 |
# Override Django default values |
|
86 |
'handlers': [], |
|
87 |
'level': 'NOTSET', |
|
88 |
'propagate': True, |
|
89 |
}, |
|
90 |
'django.security': { |
|
91 |
# Override Django default values |
|
92 |
'handlers': [], |
|
93 |
'level': 'NOTSET', |
|
94 |
'propagate': True, |
|
95 |
}, |
|
96 |
# django_select2 outputs debug message at level INFO |
|
97 |
'django_select2': { |
|
98 |
'handlers': [], |
|
99 |
'level': 'WARNING', |
|
100 |
'propagate': True, |
|
101 |
}, |
|
102 |
# lasso has the bad habit of logging everything as errors |
|
103 |
'lasso': { |
|
104 |
'filters': ['force_debug'], |
|
105 |
}, |
|
106 |
'': { |
|
107 |
'handlers': ['syslog'], |
|
108 |
'level': logger.SettingsLogLevel('INFO'), |
|
109 |
}, |
|
110 |
}, |
|
111 |
} |
|
112 | ||
113 | ||
114 |
# Old settings method |
|
115 |
def extract_settings_from_environ(): |
|
116 |
import os |
|
117 |
import json |
|
118 |
from django.core.exceptions import ImproperlyConfigured |
|
119 |
global MANAGERS, DATABASES, SENTRY_DSN, INSTALLED_APPS, \ |
|
120 |
SECURE_PROXY_SSL_HEADER, CACHES, SESSION_ENGINE, \ |
|
121 |
LDAP_AUTH_SETTINGS, RAVEN_CONFIG |
|
122 | ||
123 |
BOOLEAN_ENVS = ( |
|
124 |
'DEBUG', |
|
125 |
'DEBUG_PROPAGATE_EXCEPTIONS', |
|
126 |
'SESSION_EXPIRE_AT_BROWSER_CLOSE', |
|
127 |
'SESSION_COOKIE_SECURE', |
|
128 |
'EMAIL_USE_TLS', |
|
129 |
'USE_X_FORWARDED_HOST', |
|
130 |
'DISCO_SERVICE', |
|
131 |
'DISCO_USE_OF_METADATA', |
|
132 |
'SHOW_DISCO_IN_MD', |
|
133 |
'SSLAUTH_CREATE_USER', |
|
134 |
'PUSH_PROFILE_UPDATES', |
|
135 |
'A2_ACCEPT_EMAIL_AUTHENTICATION', |
|
136 |
'A2_CAN_RESET_PASSWORD', |
|
137 |
'A2_REGISTRATION_CAN_DELETE_ACCOUNT', |
|
138 |
'A2_REGISTRATION_EMAIL_IS_UNIQUE', |
|
139 |
'REGISTRATION_OPEN', |
|
140 |
'A2_AUTH_PASSWORD_ENABLE', |
|
141 |
'SSLAUTH_ENABLE', |
|
142 |
'A2_IDP_SAML2_ENABLE', |
|
143 |
'IDP_OPENID', |
|
144 | ||
145 |
) |
|
146 | ||
147 |
def to_boolean(name, default=True): |
|
148 |
try: |
|
149 |
value = os.environ[name] |
|
150 |
except KeyError: |
|
151 |
return default |
|
152 |
try: |
|
153 |
i = int(value) |
|
154 |
return bool(i) |
|
155 |
except ValueError: |
|
156 |
if value.lower() in ('true', 't', 'y', 'yes'): |
|
157 |
return True |
|
158 |
if value.lower() in ('false', 'f', 'n', 'no'): |
|
159 |
return False |
|
160 |
return default |
|
161 | ||
162 |
for boolean_env in BOOLEAN_ENVS: |
|
163 |
if boolean_env in os.environ: |
|
164 |
globals()[boolean_env] = to_boolean(boolean_env) |
|
165 | ||
166 |
STRING_ENVS = ( |
|
167 |
'STATIC_ROOT', |
|
168 |
'STATIC_URL', |
|
169 |
'A2_OPENED_SESSION_COOKIE_DOMAIN', |
|
170 |
'SESSION_COOKIE_NAME', |
|
171 |
'SESSION_COOKIE_PATH', |
|
172 |
'SESSION_ENGINE', |
|
173 |
'EMAIL_HOST', |
|
174 |
'EMAIL_HOST_USER', |
|
175 |
'EMAIL_HOST_PASSWORD', |
|
176 |
'EMAIL_SUBJECT_PREFIX', |
|
177 |
'SERVER_EMAIL', |
|
178 |
'DEFAULT_FROM_EMAIL', |
|
179 |
'LOGIN_REDIRECT_URL', |
|
180 |
'LOGIN_URL', |
|
181 |
'LOGOUT_URL', |
|
182 |
'SECRET_KEY', |
|
183 |
'DISCO_SERVICE_NAME', |
|
184 |
'SAML_SIGNATURE_PUBLIC_KEY', |
|
185 |
'SAML_SIGNATURE_PRIVATE_KEY', |
|
186 |
'SAML_METADATA_AUTOLOAD', |
|
187 |
'A2_HOMEPAGE_URL', |
|
188 |
) |
|
189 | ||
190 |
for string_env in STRING_ENVS: |
|
191 |
if string_env in os.environ: |
|
192 |
globals()[string_env] = os.environ[string_env] |
|
193 | ||
194 |
PATH_ENVS = ( |
|
195 |
'STATICFILES_DIRS', |
|
196 |
'TEMPLATE_DIRS', |
|
197 |
'LOCALE_PATHS', |
|
198 |
'ALLOWED_HOSTS', |
|
199 |
'INTERNAL_IPS', |
|
200 |
'PASSWORD_HASHERS', |
|
201 |
) |
|
202 | ||
203 |
for path_env in PATH_ENVS: |
|
204 |
if path_env in os.environ: |
|
205 |
old = globals().get(path_env) |
|
206 |
globals()[path_env] = tuple(os.environ[path_env].split(':')) + tuple(old) |
|
207 | ||
208 |
INT_ENVS = ( |
|
209 |
'SESSION_COOKIE_AGE', |
|
210 |
'EMAIL_PORT', |
|
211 |
'AUTHENTICATION_EVENT_EXPIRATION', |
|
212 |
'LOCAL_METADATA_CACHE_TIMEOUT', |
|
213 |
'ACCOUNT_ACTIVATION_DAYS', |
|
214 |
'PASSWORD_RESET_TIMEOUT_DAYS', |
|
215 |
) |
|
216 | ||
217 |
def to_int(name, default): |
|
218 |
try: |
|
219 |
value = os.environ[name] |
|
220 |
return int(value) |
|
221 |
except KeyError: |
|
222 |
return default |
|
223 |
except ValueError: |
|
224 |
raise ImproperlyConfigured('environ variable %s must be an integer' % name) |
|
225 | ||
226 |
for int_env in INT_ENVS: |
|
227 |
if int_env in os.environ: |
|
228 |
try: |
|
229 |
globals()[int_env] = int(os.environ[int_env]) |
|
230 |
except ValueError: |
|
231 |
raise ImproperlyConfigured('environement variable %s must be an integer' % int_env) |
|
232 | ||
233 | ||
234 |
ADMINS = () |
|
235 |
if 'ADMINS' in os.environ: |
|
236 |
ADMINS = filter(None, os.environ.get('ADMINS').split(':')) |
|
237 |
ADMINS = [ admin.split(';') for admin in ADMINS ] |
|
238 |
for admin in ADMINS: |
|
239 |
assert len(admin) == 2, 'ADMINS setting must be a colon separated list of name and emails separated by a semi-colon' |
|
240 |
assert '@' in admin[1], 'ADMINS setting pairs second value must be emails' |
|
241 |
MANAGERS = ADMINS |
|
242 | ||
243 | ||
244 |
for key in os.environ: |
|
245 |
if key.startswith('DATABASE_'): |
|
246 |
prefix, db_key = key.split('_', 1) |
|
247 |
DATABASES['default'][db_key] = os.environ[key] |
|
248 | ||
249 |
if 'SECURE_PROXY_SSL_HEADER' in os.environ: |
|
250 |
SECURE_PROXY_SSL_HEADER = os.environ['SECURE_PROXY_SSL_HEADER'].split(':', 1) |
|
251 | ||
252 |
if 'LDAP_AUTH_SETTINGS' in os.environ: |
|
253 |
try: |
|
254 |
LDAP_AUTH_SETTINGS = json.loads(os.environ['LDAP_AUTH_SETTINGS']) |
|
255 |
except Exception, e: |
|
256 |
raise ImproperlyConfigured('LDAP_AUTH_SETTINGS is not a JSON document', e) |
|
257 | ||
258 |
if 'CACHE_BACKEND' in os.environ: |
|
259 |
CACHES['default'] = json.loads(os.environ['CACHE_BACKEND']) |
|
260 | ||
261 |
if 'USE_MEMCACHED' in os.environ: |
|
262 |
try: |
|
263 |
import memcache |
|
264 |
except: |
|
265 |
raise ImproperlyConfigured('Python memcache library is not installed, please do: pip install memcache') |
|
266 |
CACHES = { |
|
267 |
'default': { |
|
268 |
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', |
|
269 |
'LOCATION': '127.0.0.1:11211', |
|
270 |
'KEY_PREFIX': 'authentic2', |
|
271 |
} |
|
272 |
} |
|
273 |
SESSION_ENGINE = 'django.contrib.sessions.backends.cached_db' |
|
274 | ||
275 |
# add sentry handler if environment contains SENTRY_DSN |
|
276 |
if 'SENTRY_DSN' in os.environ: |
|
277 |
try: |
|
278 |
import raven |
|
279 |
except ImportError: |
|
280 |
raise ImproperlyConfigured('SENTRY_DSN environment variable is set but raven is not installed.') |
|
281 |
SENTRY_DSN = os.environ['SENTRY_DSN'] |
|
282 |
RAVEN_CONFIG = { |
|
283 |
'dsn': SENTRY_DSN, |
|
284 |
} |
|
285 |
INSTALLED_APPS = tuple(INSTALLED_APPS) + ('raven.contrib.django.raven_compat',) |
|
286 | ||
287 |
# extract any key starting with setting |
|
288 |
for key in os.environ: |
|
289 |
if key.startswith('SETTING_'): |
|
290 |
setting_key = key[len('SETTING_'):] |
|
291 |
value = os.environ[key] |
|
292 |
try: |
|
293 |
value = int(value) |
|
294 |
except ValueError: |
|
295 |
pass |
|
296 |
globals()[setting_key] = value |
|
297 | ||
298 |
extract_settings_from_environ() |
|
299 | ||
300 |
CONFIG_FILE = '/etc/authentic2/config.py' |
|
301 |
if os.path.exists(CONFIG_FILE): |
|
302 |
execfile(CONFIG_FILE) |
|
303 | ||
304 |
# Warn if DEFAULT_FROM_EMAIL is the default value |
|
305 |
if DEFAULT_FROM_EMAIL == 'webmaster@localhost': |
|
306 |
warnings.warn('DEFAULT_FROM_EMAIL must be customized') |
debian-wheezy/multitenant/authentic2-multitenant-manage | ||
---|---|---|
1 |
#!/bin/sh |
|
2 | ||
3 |
NAME="authentic2-multitenant" |
|
4 |
MANAGE="/usr/lib/authentic2/manage.py" |
|
5 | ||
6 |
export AUTHENTIC2_SETTINGS_FILE=/usr/lib/$NAME/debian_config.py |
|
7 | ||
8 |
if [ "$(whoami)" != "authentic-multitenant" ]; then |
|
9 |
if which sudo >/dev/null; then |
|
10 |
if sudo -v -u authentic-multitenant; then |
|
11 |
sudo -u authentic-multitenant authentic2-multitenant-manage "$@" |
|
12 |
exit $? |
|
13 |
fi |
|
14 |
echo "You must run this script with authentic-multitenant user" |
|
15 |
exit 1 |
|
16 |
fi |
|
17 |
fi |
|
18 | ||
19 |
python ${MANAGE} "$@" |
debian-wheezy/multitenant/config.py | ||
---|---|---|
1 |
# Configuration for authentic. |
|
2 |
# You can override Authentic default settings here |
|
3 | ||
4 |
# Authentic is a Django application: for the full list of settings and their |
|
5 |
# values, see https://docs.djangoproject.com/en/1.7/ref/settings/ |
|
6 |
# For more information on settings see |
|
7 |
# https://docs.djangoproject.com/en/1.7/topics/settings/ |
|
8 | ||
9 |
# WARNING! Quick-start development settings unsuitable for production! |
|
10 |
# See https://docs.djangoproject.com/en/1.7/howto/deployment/checklist/ |
|
11 | ||
12 |
# This file is sourced by "execfile" from /usr/lib/authentic/debian_config.py |
|
13 | ||
14 |
# SECURITY WARNING: don't run with debug turned on in production! |
|
15 |
DEBUG = False |
|
16 |
TEMPLATE_DEBUG = False |
|
17 | ||
18 |
#ADMINS = ( |
|
19 |
# # ('User 1', 'watchdog@example.net'), |
|
20 |
# # ('User 2', 'janitor@example.net'), |
|
21 |
#) |
|
22 | ||
23 |
# ALLOWED_HOSTS must be correct in production! |
|
24 |
# See https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts |
|
25 |
ALLOWED_HOSTS = [ |
|
26 |
'*', |
|
27 |
] |
|
28 | ||
29 |
# Databases |
|
30 |
# Default: a local database named "authentic" |
|
31 |
# https://docs.djangoproject.com/en/1.7/ref/settings/#databases |
|
32 |
# Warning: don't change ENGINE |
|
33 |
#DATABASES['default']['NAME'] = 'authentic2_multitenant' |
|
34 |
#DATABASES['default']['USER'] = 'authentic-multitenant' |
|
35 |
#DATABASES['default']['PASSWORD'] = '******' |
|
36 |
#DATABASES['default']['HOST'] = 'localhost' |
|
37 |
#DATABASES['default']['PORT'] = '5432' |
|
38 | ||
39 |
LANGUAGE_CODE = 'fr-fr' |
|
40 |
TIME_ZONE = 'Europe/Paris' |
|
41 | ||
42 |
# Sentry / Raven configuration |
|
43 |
#RAVEN_CONFIG = { |
|
44 |
# 'dsn': '', |
|
45 |
#} |
|
46 | ||
47 |
# Email configuration |
|
48 |
#EMAIL_SUBJECT_PREFIX = '[authentic] ' |
|
49 |
#SERVER_EMAIL = 'root@authentic.example.org' |
|
50 |
#DEFAULT_FROM_EMAIL = 'webmaster@authentic.example.org' |
|
51 | ||
52 |
# SMTP configuration |
|
53 |
#EMAIL_HOST = 'localhost' |
|
54 |
#EMAIL_HOST_USER = '' |
|
55 |
#EMAIL_HOST_PASSWORD = '' |
|
56 |
#EMAIL_PORT = 25 |
|
57 | ||
58 |
# HTTPS Security |
|
59 |
#CSRF_COOKIE_SECURE = True |
|
60 |
#SESSION_COOKIE_SECURE = True |
|
61 | ||
62 |
# Idp |
|
63 |
# SAML 2.0 IDP |
|
64 |
#A2_IDP_SAML2_ENABLE = False |
|
65 |
# CAS 1.0 / 2.0 IDP |
|
66 |
#A2_IDP_CAS_ENABLE = False |
|
67 |
# OpenID 1.0 / 2.0 IDP |
|
68 |
#A2_IDP_OPENID_ENABLE = False |
|
69 | ||
70 |
# Authentifications |
|
71 |
#A2_AUTH_PASSWORD_ENABLE = True |
|
72 |
#A2_SSLAUTH_ENABLE = False |
debian-wheezy/multitenant/debian_config.py | ||
---|---|---|
1 |
import os |
|
2 |
from django.utils.translation import ugettext_lazy as _ |
|
3 | ||
4 |
# Debian defaults |
|
5 |
DEBUG = False |
|
6 | ||
7 |
PROJECT_NAME = 'authentic2-multitenant' |
|
8 | ||
9 |
# |
|
10 |
# hobotization (multitenant) |
|
11 |
# |
|
12 |
execfile('/usr/lib/hobo/debian_config_common.py') |
|
13 | ||
14 |
# Add the XForwardedForMiddleware |
|
15 |
MIDDLEWARE_CLASSES = ('authentic2.middleware.XForwardedForMiddleware',) + MIDDLEWARE_CLASSES |
|
16 | ||
17 |
# Add authentic settings loader |
|
18 |
TENANT_SETTINGS_LOADERS = ('hobo.multitenant.settings_loaders.Authentic',) + TENANT_SETTINGS_LOADERS |
|
19 | ||
20 |
# Add authentic2 hobo agent |
|
21 |
INSTALLED_APPS = ('hobo.agent.authentic2',) + INSTALLED_APPS |
|
22 | ||
23 |
LOGGING['filters'].update({ |
|
24 |
'cleaning': { |
|
25 |
'()': 'authentic2.utils.CleanLogMessage', |
|
26 |
}, |
|
27 |
}) |
|
28 | ||
29 |
for handler in LOGGING['handlers'].values(): |
|
30 |
handler.setdefault('filters', []).append('cleaning') |
|
31 |
# django_select2 outputs debug message at level INFO |
|
32 |
LOGGING['loggers']['django_select2'] = { |
|
33 |
'handlers': ['syslog'], |
|
34 |
'level': 'WARNING', |
|
35 |
} |
|
36 | ||
37 |
# Default login's form username label |
|
38 |
A2_USERNAME_LABEL = _('Email') |
|
39 | ||
40 |
# Rest Authentication Class for services access |
|
41 |
REST_FRAMEWORK['DEFAULT_AUTHENTICATION_CLASSES'] += ( |
|
42 |
'authentic2.authentication.Authentic2Authentication', |
|
43 |
'rest_framework.authentication.SessionAuthentication', |
|
44 |
) |
|
45 |
HOBO_ANONYMOUS_SERVICE_USER_CLASS = 'hobo.rest_authentication.AnonymousAuthenticServiceUser' |
|
46 | ||
47 |
# HOBO Skeletons |
|
48 | ||
49 |
HOBO_SKELETONS_DIR = os.path.join(VAR_DIR, 'skeletons') |
|
50 | ||
51 |
CONFIG_FILE='/etc/%s/config.py' % PROJECT_NAME |
|
52 |
if os.path.exists(CONFIG_FILE): |
|
53 |
execfile(CONFIG_FILE) |
|
54 | ||
55 |
# run additional settings snippets |
|
56 |
execfile('/usr/lib/hobo/debian_config_settings_d.py') |
debian-wheezy/multitenant/nginx-example.conf | ||
---|---|---|
1 |
server { |
|
2 |
listen 443; |
|
3 |
server_name authentic.example.fr; |
|
4 | ||
5 |
ssl on; |
|
6 |
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; |
|
7 |
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; |
|
8 | ||
9 |
access_log /var/log/nginx/authentic.example.fr-access.log combined; |
|
10 |
error_log /var/log/nginx/authentic.example.fr-error.log; |
|
11 | ||
12 |
location ~ /static/(.+)$ { |
|
13 |
root /; |
|
14 |
try_files /var/lib/authentic2-multitenant/tenants/$host/static/$1 |
|
15 |
/var/lib/authentic2-multitenant/collectstatic/$1 |
|
16 |
=404; |
|
17 |
} |
|
18 | ||
19 |
location ~ ^/media/(.+)$ { |
|
20 |
alias /var/lib/authentic2-multitenant/tenants/$host/media/$1; |
|
21 |
} |
|
22 | ||
23 |
location / { |
|
24 |
proxy_pass http://unix:/var/run/authentic2-multitenant/authentic2-multitenant.sock; |
|
25 |
proxy_set_header Host $http_host; |
|
26 |
proxy_set_header X-Forwarded-SSL on; |
|
27 |
proxy_set_header X-Forwarded-Protocol ssl; |
|
28 |
proxy_set_header X-Forwarded-Proto https; |
|
29 |
proxy_set_header X-Real-IP $remote_addr; |
|
30 |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; |
|
31 |
} |
|
32 |
} |
|
33 | ||
34 |
server { |
|
35 |
listen 80; |
|
36 |
server_name authentic.example.fr; |
|
37 | ||
38 |
access_log /var/log/nginx/authentic.example.fr-access.log combined; |
|
39 |
error_log /var/log/nginx/authentic.example.fr-error.log; |
|
40 | ||
41 |
return 302 $host$request_uri; |
|
42 |
} |
|
43 |
debian-wheezy/patches/01-hide-oidc-plugins.diff | ||
---|---|---|
1 |
Index: authentic2/setup.py |
|
2 |
=================================================================== |
|
3 |
--- authentic2.orig/setup.py |
|
4 |
+++ authentic2/setup.py |
|
5 |
@@ -127,8 +127,6 @@ setup(name="authentic2", |
|
6 |
'django-mellon', |
|
7 |
'ldaptools', |
|
8 |
'django-jsonfield', |
|
9 |
- 'jwcrypto>=0.3.1,<1', |
|
10 |
- 'cryptography', |
|
11 |
'XStatic-jQuery', |
|
12 |
'XStatic-jquery-ui', |
|
13 |
'xstatic-select2', |
|
14 |
@@ -163,11 +161,9 @@ setup(name="authentic2", |
|
15 |
'authentic2.plugin': [ |
|
16 |
'authentic2-auth-ssl = authentic2.auth2_auth.auth2_ssl:Plugin', |
|
17 |
'authentic2-auth-saml = authentic2_auth_saml:Plugin', |
|
18 |
- 'authentic2-auth-oidc = authentic2_auth_oidc:Plugin', |
|
19 |
'authentic2-idp-saml2 = authentic2.idp.saml:Plugin', |
|
20 |
'authentic2-idp-openid = authentic2_idp_openid:Plugin', |
|
21 |
'authentic2-idp-cas = authentic2_idp_cas:Plugin', |
|
22 |
- 'authentic2-idp-oidc = authentic2_idp_oidc:Plugin', |
|
23 |
'authentic2-provisionning-ldap = authentic2_provisionning_ldap:Plugin', |
|
24 |
], |
|
25 |
}) |
debian-wheezy/patches/series | ||
---|---|---|
1 |
01-hide-oidc-plugins.diff |
debian-wheezy/pycompat | ||
---|---|---|
1 |
2 |
debian-wheezy/pydist-overrides | ||
---|---|---|
1 |
django python-django |
|
2 |
requests python-requests |
|
3 |
django-model-utils python-django-model-utils |
|
4 |
dnspython python-dnspython |
|
5 |
django-select2 python-django-select2 |
|
6 |
django-tables python-django-tables2 |
|
7 |
gadjo python-gadjo |
|
8 |
XStatic python-xstatic |
|
9 |
XStatic_Font_Awesome python-xstatic-font-awesome |
|
10 |
XStatic_jQuery python-xstatic-jquery |
|
11 |
XStatic_jquery_ui python-xstatic-jquery-ui |
|
12 |
django-import-export python-django-import-export |
|
13 |
django-sekizai python-django-sekizai |
|
14 |
six python-six |
|
15 |
pycrypto python-crypto |
|
16 |
ldaptools python-ldaptools |
|
17 |
django-mellon python-django-mellon |
debian-wheezy/python-authentic2.dirs | ||
---|---|---|
1 |
usr/lib/authentic2 |
debian-wheezy/python-authentic2.docs | ||
---|---|---|
1 |
AUTHORS.txt |
|
2 |
COPYING |
debian-wheezy/python-authentic2.install | ||
---|---|---|
1 |
usr/lib/ |
debian-wheezy/rules | ||
---|---|---|
1 |
#!/usr/bin/make -f |
|
2 | ||
3 |
authentic2=$(CURDIR)/debian/authentic2 |
|
4 |
pythonauthentic2=$(CURDIR)/debian/python-authentic2 |
|
5 | ||
6 |
%: |
|
7 |
dh $@ --with python2 |
|
8 | ||
9 |
override_dh_install: |
|
10 |
dh_install |
|
11 |
mv $(CURDIR)/debian/tmp/usr/bin/authentic2-ctl $(pythonauthentic2)/usr/lib/authentic2/manage.py |
|
12 |
debian-wheezy/source/format | ||
---|---|---|
1 |
3.0 (quilt) |
debian-wheezy/sql/db.conf | ||
---|---|---|
1 |
export DATABASE_ENGINE='django.db.backends.postgresql_psycopg2' |
|
2 |
export DATABASE_NAME='_DBC_DBNAME_' |
|
3 |
export DATABASE_USER='_DBC_DBUSER_' |
|
4 |
export DATABASE_PASSWORD='_DBC_DBPASS_' |
|
5 |
export DATABASE_HOST='localhost' |
|
6 |
- |