Mailinglist Archive: opensuse (1702 mails)
| < Previous | Next > |
Re: [opensuse] Update Hylafax 4.4 to 6.03 with src.rpm on OpenSuSE 10.3
- From: "David C. Rankin" <drankinatty@xxxxxxxxxxxxxxxxxx>
- Date: Tue, 8 Sep 2009 17:46:12 -0500
- Message-id: <200909081746.12255.drankinatty@xxxxxxxxxxxxxxxxxx>
On Friday 04 September 2009 09:33:19 am Philipp Thomas wrote:
I set avantfax up as a normal web app with its own directory definition in
/etc/apache2/httpd.conf.local. I can't stand they way they want it to function
as a virtual host. That would be a pain. I just put avantfax in
/srv/www/avantfax and give it the following definition in httpd.conf.local:
#
## AvantFax secure fax system directory
#
Alias /avantfax/ "/srv/www/avantfax/"
Alias /avantfax "/srv/www/avantfax/"
<Directory "/srv/www/avantfax">
Options -Indexes +FollowSymLinks
AllowOverride AuthConfig Options FileInfo Limit
# Address rewrite for secure connection in not local
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^192\.168\.6\.
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>
# Authenticate if not local
AuthType Basic
AuthName "Restricted_files"
AuthBasicProvider dbm
AuthDBMType DB
AuthDBMUserFile /usr/local/lib/apache2/dcraccess
Require valid-user
Order allow,deny
Allow from 192.168.61.
Satisfy Any
</Directory>
Of course, the default packaging configuration would not include the
https
rewrite for non-local addresses or the dbm access restrictions. However, those
options should be made available with some sort of install script because the
additional security provided is very much worth the installation of mod-
rewrite and setup of a dbm database.
This will require more study on my part :-(
I completely disable these in my config. Instead, I use the following
sudoers
entries.
wwwrun ALL= NOPASSWD: /usr/sbin/faxdeluser, /usr/sbin/faxadduser -u * -p * *
That way, the only way permissions given to wwwrun are faxdeluser and
faxadduser. Bouncing or halting the server is reserved for normal management
by ssh.
This is where managing avantfax as a normal web app helps. All you need
is
the "chkconfig hylafax on" and "chkconfig apache2 on" and avantfax is
available. If the user isn't starting them to begin with, then hylafax and
avantfax wouldn't be of any use.
I have an opensuse specific config for avantfax that configures:
/srv/www/avantfax/includes/config.php
/srv/www/avantfax/includes/local_config.php
+1 Being out of step with the rest of the Linux distros and the
packager
itself makes it near impossible to stick to the "pristine" source rpm
philosophy.
Regardless of the amount of work these two packages need to be packaged
for
openSuSE, it is 100% worth the effort. These applications are fantastic and
epitomize the elegant way open-source creates vital solutions to real world
business application needs. HylaFAX is the #1 fax solution for Linux and
Avantfax provides an excellent web interface for fax management.
There is something to be said for being able to sit in a Tokyo airport
and
fax a document from openOffice via your fax server in Texas with nothing more
than the push of a button on your laptop or to receive a pdf of a document
that was faxed to your office just minutes before either by email or download
(your choice). ;-)
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
* David C. Rankin (drankinatty@xxxxxxxxxxxxxxxxxx) [20090904 14:45]:
I'll work on packaging it. How hard can it be? It's just a web app and
only requires modifications 3 files in /var/spool/hylafax/...
I've taken a (a bit cursory) look at avantfax myself and I'd say it needs
some *major* work:
1) There is no place you could possibly move the whole avantfax
directory. Simply moving it to something like /var/www is impossible! It
looks like several directories are needed, some of them below /usr/lib,
others below /var/lib and /var/cache and so on. *Then* you need to
adapt the php scripts to the changed paths.
I set avantfax up as a normal web app with its own directory definition in
/etc/apache2/httpd.conf.local. I can't stand they way they want it to function
as a virtual host. That would be a pain. I just put avantfax in
/srv/www/avantfax and give it the following definition in httpd.conf.local:
#
## AvantFax secure fax system directory
#
Alias /avantfax/ "/srv/www/avantfax/"
Alias /avantfax "/srv/www/avantfax/"
<Directory "/srv/www/avantfax">
Options -Indexes +FollowSymLinks
AllowOverride AuthConfig Options FileInfo Limit
# Address rewrite for secure connection in not local
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} !^192\.168\.6\.
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R,L]
</IfModule>
# Authenticate if not local
AuthType Basic
AuthName "Restricted_files"
AuthBasicProvider dbm
AuthDBMType DB
AuthDBMUserFile /usr/local/lib/apache2/dcraccess
Require valid-user
Order allow,deny
Allow from 192.168.61.
Satisfy Any
</Directory>
Of course, the default packaging configuration would not include the
https
rewrite for non-local addresses or the dbm access restrictions. However, those
options should be made available with some sort of install script because the
additional security provided is very much worth the installation of mod-
rewrite and setup of a dbm database.
2) Replacing files from hylafax with symlinks to avantfax replacements is
a no-go for rpm packages. The name of the scripts to call must be made
configurable *in Hylafax*.
This will require more study on my part :-(
3) Having a sudoers entry for HTTPDUSER that includes /sbin/reboot and
/sbin/halt will earn you some discussion with our security folks.
I completely disable these in my config. Instead, I use the following
sudoers
entries.
wwwrun ALL= NOPASSWD: /usr/sbin/faxdeluser, /usr/sbin/faxadduser -u * -p * *
That way, the only way permissions given to wwwrun are faxdeluser and
faxadduser. Bouncing or halting the server is reserved for normal management
by ssh.
4) You can't simply start all services you need from an rpm package.
IMNSHO the only clean solution would be an init script that depends
on all services that avantfax needs but otherwise does nothing more
than report status.
This is where managing avantfax as a normal web app helps. All you need
is
the "chkconfig hylafax on" and "chkconfig apache2 on" and avantfax is
available. If the user isn't starting them to begin with, then hylafax and
avantfax wouldn't be of any use.
5) As we don't have any means for interactive installation a rather
extensive README needs to be written that explains the user what
and how to configure.
I have an opensuse specific config for avantfax that configures:
/srv/www/avantfax/includes/config.php
/srv/www/avantfax/includes/local_config.php
I hope SuSE will see fit to use var/spool/hylafax instead of using a
/custom directory and being out of sync with the rest of the Linux
/community.
+1 Being out of step with the rest of the Linux distros and the
packager
itself makes it near impossible to stick to the "pristine" source rpm
philosophy.
Hylafax currently needs a new maintainer, which can be anyone from the
community. This maintainer could change the default to
/var/spool/hylafax , though he would have to regard the update path.
Philipp
Regardless of the amount of work these two packages need to be packaged
for
openSuSE, it is 100% worth the effort. These applications are fantastic and
epitomize the elegant way open-source creates vital solutions to real world
business application needs. HylaFAX is the #1 fax solution for Linux and
Avantfax provides an excellent web interface for fax management.
There is something to be said for being able to sit in a Tokyo airport
and
fax a document from openOffice via your fax server in Texas with nothing more
than the push of a button on your laptop or to receive a pdf of a document
that was faxed to your office just minutes before either by email or download
(your choice). ;-)
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |