Previously mentioned debdiff attached.
diff -u openacs-5.5.1+dfsg/debian/control openacs-5.5.1+dfsg/debian/control
--- openacs-5.5.1+dfsg/debian/control
+++ openacs-5.5.1+dfsg/debian/control
@@ -13,7 +13,7 @@
Package: openacs
Architecture: all
Depends: ${misc:Depends}, aolserver4-daemon (>= 4.5.1-11), aolserver4-nspostgres, aolserver4-nssha1, postgresql-client, adduser, tclthread (>= 1:2.6.5-3), tcllib,
- tcl (>= 8.4), wwwconfig-common, debconf, xotcl, aolserver4-xotcl, imagemagick, zip, unzip, tdom (>= 0.8.3~20080525)
+ tcl (>= 8.4), wwwconfig-common, debconf, xotcl, aolserver4-xotcl, imagemagick, zip, unzip, tdom (>= 0.8.3~20080525), ucf
Suggests: postgresql, daemontools, daemontools-run
Description: toolkit for building community-oriented web applications
OpenACS (Open Architecture Community System) is a toolkit for building
diff -u openacs-5.5.1+dfsg/debian/changelog openacs-5.5.1+dfsg/debian/changelog
--- openacs-5.5.1+dfsg/debian/changelog
+++ openacs-5.5.1+dfsg/debian/changelog
@@ -1,3 +1,17 @@
+openacs (5.5.1+dfsg-2+wheezy1) testing-proposed-updates; urgency=low
+
+ * Fixed local config management. Closes: #688566
+ - Updated README.Debian
+ - Autogenerated config.local file with database
+ local settings.
+ - Added openacs.preinst file with a fix for old
+ postinst modified config.tcl.
+ - Importing old config.tcl or config.local database settings.
+ - Fixed config.local permissions in postinst.
+ * Fixed aolserver restart call in postrm.
+
+ -- Hector Romojaro <hromoj...@dia.uned.es> Sat, 29 Sep 2012 01:10:34 +0200
+
openacs (5.5.1+dfsg-2) unstable; urgency=high
* Fixed severe vulnerability in the api-browser: it was possible to pass
diff -u openacs-5.5.1+dfsg/debian/postinst openacs-5.5.1+dfsg/debian/postinst
--- openacs-5.5.1+dfsg/debian/postinst
+++ openacs-5.5.1+dfsg/debian/postinst
@@ -60,8 +60,6 @@
# Read debconf and edit the config file accordingly
get_config
- db_stop
- exec 0<&1
# Care about the repository
repository=/var/lib/openacs
@@ -93,7 +91,7 @@
dbadmpass=$dba_password
dbuser=$dbu_name
dbpass=$dbu_password
-
+
# is the database server available? Then create the user.
. /usr/share/wwwconfig-common/pgsql-createuser.sh > /dev/null
if [ "$status" = "error" ]
@@ -147,10 +145,31 @@
fi
fi
- # Modify config.tcl with debconf values
- dbuser=$dbu_name
- dbpass=$dbu_password
- sed -i "/^ set db_host/,/^ set db_user/d;s/## Debconf changes (DO NOT EDIT BYHAND) ##/&\n set db_host $dbserver\n set db_password \"$dbpass\"\n set db_port \"5432\"\n set db_user $dbuser/" /etc/openacs/config.tcl
+ # Create /etc/openacs/config.local file with debconf
+ # values, and manage with ucf.
+ # Create file
+ localconfigtmp=$(mktemp)
+ localconfig="/etc/openacs/config.local"
+ cat > $localconfigtmp <<EOF
+# Local OpenACS database settings.
+db_host=${dbserver}
+db_password=${dbu_password}
+db_port=5432
+db_user=${dbu_name}
+EOF
+ # Install file
+ if [ -d /etc/openacs -a -f $localconfigtmp ]; then
+ previous_localconfig=false
+ if [ -f $localconfig ]; then previous_localconfig=true; fi
+ ucf --debconf-ok $localconfigtmp $localconfig || cp -f $localconfigtmp $localconfig
+ ucfr openacs $localconfig
+ # Set permissions only if there is no previous config.local file.
+ if ! $previous_localconfig; then
+ chmod 640 $localconfig
+ chown root:www-data $localconfig
+ fi
+ rm -f $localconfigtmp
+ fi
# Install plpgsql on database and enable compatibility options
dbuser=$dba_name
@@ -163,7 +182,7 @@
" > $sqlfile
. /usr/share/wwwconfig-common/pgsql-exec.sh
rm -f $sqlfile
-
+
# Restart aolserver
invoke-rc.d aolserver4 restart
@@ -201,6 +220,8 @@
#DEBHELPER#
+db_stop
+
exit 0
diff -u openacs-5.5.1+dfsg/debian/config openacs-5.5.1+dfsg/debian/config
--- openacs-5.5.1+dfsg/debian/config
+++ openacs-5.5.1+dfsg/debian/config
@@ -6,6 +6,31 @@
db_version 2.0
db_capb backup
+# Manage old configuration.
+if [ -f /etc/openacs/config.tcl.old_version ] || [ -f /etc/openacs/config.local ]; then
+
+ # Previous or equal to 5.5.1+dfsg-2
+ if [ -f /etc/openacs/config.tcl.old_version ]; then
+ old_configfile=$(mktemp)
+ # Retrieve old values
+ sed -n '/## Debconf changes/,/## End Debconf/p;' /etc/openacs/config.tcl.old_version | sed 's/^[ \t]*set\ //;/^\#/d;s/db_host/db_host=/;s/db_password/db_password=/;s/db_user/db_user=/;s/=[ \t]*/=/;' > $old_configfile
+ fi
+
+ # After 5.5.1+dfsg-2
+ if [ -f /etc/openacs/config.local ]; then
+ old_configfile=/etc/openacs/config.local
+ fi
+
+ # Feed debconf with them
+ db_set openacs/db_host $(grep "^db_host" $old_configfile | sed s/^db_host=//)
+ db_set openacs/dbu_name $(grep "^db_user" $old_configfile | sed s/^db_user=//)
+ db_set openacs/dbu_password "$(grep "^db_password" $old_configfile | sed 's/^db_password=//;s/\"//g')"
+ db_set openacs/dbu_confirm "$(grep "^db_password" $old_configfile | sed 's/^db_password=//;s/\"//g')"
+
+ # Delete old files if needed
+ if [ -f /etc/openacs/config.tcl.old_version ]; then rm -f /etc/openacs/config.tcl.old_version $old_configfile; fi
+fi
+
# Reset passwords if reconfigure
if [ "$1" = "reconfigure" ] ; then
db_reset openacs/dba_password
@@ -119 +143,0 @@
-
diff -u openacs-5.5.1+dfsg/debian/README.Debian openacs-5.5.1+dfsg/debian/README.Debian
--- openacs-5.5.1+dfsg/debian/README.Debian
+++ openacs-5.5.1+dfsg/debian/README.Debian
@@ -30,6 +30,8 @@
The address and port that OpenACS will listen on can be configured
in /etc/aolserver4/conf.d/openacs.sh.
+Local database settings can be found in /etc/openacs/config.local.
+
- Grant OpenACS user access on PostgreSQL
-----------------------------------------
diff -u openacs-5.5.1+dfsg/debian/postrm openacs-5.5.1+dfsg/debian/postrm
--- openacs-5.5.1+dfsg/debian/postrm
+++ openacs-5.5.1+dfsg/debian/postrm
@@ -15,14 +15,17 @@
purge)
. /usr/share/debconf/confmodule
db_version 2.0
-
- rm -rf /usr/share/openacs
- ucf --purge /etc/openacs/config.tcl
- ucf --purge /etc/openacs/openacs.sh
- rm -rf /etc/openacs
- rm -rf /var/lib/openacs
- rm -f /etc/aolserver4/conf.d/openacs.tcl /etc/aolserver4/conf.d/openacs.sh
- rm -rf /var/log/aolserver4/openacs
+ rm -rf /usr/share/openacs
+ rm -rf /etc/openacs /var/lib/openacs /var/log/aolserver4/openacs
+ if which ucf >/dev/null; then
+ ucf --purge /etc/openacs/config.local
+ fi
+ if which ucfr >/dev/null; then
+ ucfr --purge openacs /etc/openacs/config.local
+ fi
+ rm -f /etc/aolserver4/conf.d/openacs.tcl /etc/aolserver4/conf.d/openacs.sh
+ # Start aolserver after removal
+ [ -f /var/run/aolserver4/openacs.pid ] && invoke-rc.d aolserver4 restart
;;
remove)
@@ -30,6 +33,8 @@
db_version 2.0
rm -rf /usr/share/openacs
+ # Restart aolserver after removal, only if it's already running
+ [ -f /var/run/aolserver4/openacs.pid ] && invoke-rc.d aolserver4 restart
;;
upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
diff -u openacs-5.5.1+dfsg/debian/patches/config.dpatch openacs-5.5.1+dfsg/debian/patches/config.dpatch
--- openacs-5.5.1+dfsg/debian/patches/config.dpatch
+++ openacs-5.5.1+dfsg/debian/patches/config.dpatch
@@ -5,9 +5,9 @@
## DP: Adaptation of config.tcl and daemontools/run to debian install.
@DPATCH@
-diff -urNad trunk~/etc/config.tcl trunk/etc/config.tcl
---- trunk~/etc/config.tcl 2009-03-31 19:14:52.000000000 +0200
-+++ trunk/etc/config.tcl 2009-10-16 01:08:48.000000000 +0200
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' 5.5.1+dfsg-2+wheezy2~/etc/config.tcl 5.5.1+dfsg-2+wheezy2/etc/config.tcl
+--- 5.5.1+dfsg-2+wheezy2~/etc/config.tcl 2009-03-31 19:14:52.000000000 +0200
++++ 5.5.1+dfsg-2+wheezy2/etc/config.tcl 2012-12-31 08:57:27.000000000 +0100
@@ -9,25 +9,27 @@
######################################################################
@@ -45,19 +45,22 @@
#---------------------------------------------------------------------
# which database do you want? postgres or oracle
-@@ -38,9 +40,8 @@
+@@ -38,9 +40,11 @@
if { $database eq "oracle" } {
set db_password "mysitepassword"
} else {
- set db_host localhost
- set db_port ""
- set db_user $server
-+## Debconf changes (DO NOT EDIT BYHAND) ##
-+## End Debconf Changes ###################
++ # Defined in /etc/openacs/config.local
++ set db_host [exec grep "^db_host" /etc/openacs/config.local | sed s/^db_host=//]
++ set db_password [exec grep "^db_password" /etc/openacs/config.local | sed s/^db_password=//]
++ set db_port [exec grep "^db_port" /etc/openacs/config.local | sed s/^db_port=//]
++ set db_user [exec grep "^db_user" /etc/openacs/config.local | sed s/^db_user=//]
}
#---------------------------------------------------------------------
-@@ -85,7 +86,7 @@
+@@ -85,7 +89,7 @@
ns_param maxbackup 5
ns_param debug $debug
# ns_param mailhost localhost
@@ -66,7 +69,7 @@
# setting to Unicode by default
# see http://dqd.com/~mayoff/encoding-doc.html
ns_param HackContentType 1
-@@ -100,7 +101,7 @@
+@@ -100,7 +104,7 @@
ns_section ns/threads
ns_param mutexmeter true ;# measure lock contention
# The per-thread stack size must be a multiple of 8k for AOLServer to run under MacOS X
@@ -75,7 +78,7 @@
#
# MIME types.
-@@ -569,7 +570,7 @@
+@@ -569,7 +573,7 @@
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
@@ -84,7 +87,7 @@
}
ns_section ns/db/pool/pool2
-@@ -588,7 +589,7 @@
+@@ -588,7 +592,7 @@
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
@@ -93,7 +96,7 @@
}
ns_section ns/db/pool/pool3
-@@ -607,7 +608,7 @@
+@@ -607,7 +611,7 @@
ns_param driver postgres
ns_param datasource ${db_host}:${db_port}:${db_name}
ns_param user $db_user
@@ -102,7 +105,7 @@
}
ns_section ns/server/${server}/db
-@@ -662,7 +663,7 @@
+@@ -662,7 +666,7 @@
}
# nsthread library which should become standard in 5.3
@@ -111,9 +114,9 @@
if {[ns_info version] >= 4.5} {
ns_limits set default -maxupload [ns_config ns/server/${server}/module/nssock maxinput]
-diff -urNad trunk~/etc/daemontools/run trunk/etc/daemontools/run
---- trunk~/etc/daemontools/run 2008-01-14 10:35:56.000000000 +0100
-+++ trunk/etc/daemontools/run 2009-10-16 01:06:22.000000000 +0200
+diff -urNad '--exclude=CVS' '--exclude=.svn' '--exclude=.git' '--exclude=.arch' '--exclude=.hg' '--exclude=_darcs' '--exclude=.bzr' 5.5.1+dfsg-2+wheezy2~/etc/daemontools/run 5.5.1+dfsg-2+wheezy2/etc/daemontools/run
+--- 5.5.1+dfsg-2+wheezy2~/etc/daemontools/run 2008-01-14 10:35:56.000000000 +0100
++++ 5.5.1+dfsg-2+wheezy2/etc/daemontools/run 2012-12-31 08:57:27.000000000 +0100
@@ -9,7 +9,11 @@
# see http://openacs.org/forums/message-view?message_id=176100
sleep 4
only in patch2:
unchanged:
--- openacs-5.5.1+dfsg.orig/debian/openacs.preinst
+++ openacs-5.5.1+dfsg/debian/openacs.preinst
@@ -0,0 +1,38 @@
+#!/bin/sh
+
+set -e
+
+case "$1" in
+
+install|upgrade)
+ # If we're upgrading from 5.5.1+dfsg-2 or earlier, we have to
+ # deal with config.tcl which was marked as a conffile and
+ # modified by postinst script.
+ #
+ # If the file was not modified by the user, then we can restore
+ # it to its initial state (before running postinst and modify it
+ # with debconf values) by deleting the modified lines.
+ #
+ # See Bug #688566
+ #
+ if dpkg --compare-versions "$2" le-nl "5.5.1+dfsg-2"
+ then
+ # First, make a copy so we can get the old config values
+ cp /etc/openacs/config.tcl /etc/openacs/config.tcl.old_version
+ # Reset config.tcl to its primordial state
+ sed -i '/set db_host/,/set db_user/d' /etc/openacs/config.tcl
+ fi
+ ;;
+
+abort-upgrade)
+ ;;
+
+*)
+ echo "preinst called with unknown argument '$1'" >&2
+ exit 1
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
