ref: refs/heads/master
commit a5c5b7481e4422e4aefbad6f1703458bc956d745
Author: Duncan Mac-Vicar P
Date: Tue Jul 21 13:21:08 2009 +0200
consistency, package/ for everything
---
dist/.distrc | 11 -
dist/cleanurl-v5.lua | 28 --
dist/lighttpd.conf | 444 --------------------
dist/modules.conf | 172 --------
dist/org.opensuse.yast.permissions.policy | 31 --
dist/policyKit-rights.rb | 97 -----
dist/rails.include | 35 --
dist/yast.conf | 10 -
dist/yast2-webservice.changes | 31 --
dist/yast2-webservice.spec | 198 ---------
dist/yast_user_roles | 11 -
dist/yastws | 348 ---------------
webservice/package/cleanurl-v5.lua | 28 ++
webservice/package/lighttpd.conf | 444 ++++++++++++++++++++
webservice/package/modules.conf | 172 ++++++++
.../package/org.opensuse.yast.permissions.policy | 31 ++
webservice/package/policyKit-rights.rb | 97 +++++
webservice/package/rails.include | 35 ++
webservice/package/yast.conf | 10 +
webservice/package/yast2-webservice.changes | 31 ++
webservice/package/yast2-webservice.spec | 198 +++++++++
webservice/package/yast_user_roles | 11 +
webservice/package/yastws | 348 +++++++++++++++
23 files changed, 1405 insertions(+), 1416 deletions(-)
diff --git a/dist/.distrc b/dist/.distrc
deleted file mode 100644
index ad8f211..0000000
--- a/dist/.distrc
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/bin/bash
-
-: ${OSCOPTS:="-A https://api.opensuse.org"}
-: ${PROJECT:=openSUSE:Tools:Unstable}
-: ${PACKAGE:=obs-server-svn}
-: ${TARGET:=openSUSE_10.2}
-: ${ARCH:=i586}
-: ${SPECFILE:=obs-server.spec}
-# files from $PWD that are not part of the distribution, one on a line
-: ${EXCLUDES:=}
-: ${SVNDIR:=../../buildservice}
diff --git a/dist/cleanurl-v5.lua b/dist/cleanurl-v5.lua
deleted file mode 100644
index 4656861..0000000
--- a/dist/cleanurl-v5.lua
+++ /dev/null
@@ -1,28 +0,0 @@
--- little helper function
-function file_exists(path)
- local attr = lighty.stat(path)
- if (attr and attr["is_file"]) then
- return true
- else
- return false
- end
-end
-
--- the magic ;)
-if (not file_exists(lighty.env["physical.path"])) then
- -- file does not exist. check if we have a cached version
- lighty.env["physical.path"] = lighty.env["physical.path"] .. ".html"
-
- if (not file_exists(lighty.env["physical.path"])) then
- -- file still missing. pass it to the fastcgi backend
- lighty.env["uri.path"] = "/dispatch.fcgi"
- lighty.env["physical.rel-path"] = lighty.env["uri.path"]
- lighty.env["request.orig-uri"] = lighty.env["request.uri"]
- lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"]
- end
-end
--- fallthrough will put it back into the lighty request loop
--- that means we get the 304 handling for free. ;)
-
--- debugging code
--- print ("final file is " .. lighty.env["physical.path"])
diff --git a/dist/lighttpd.conf b/dist/lighttpd.conf
deleted file mode 100644
index c8bbbf4..0000000
--- a/dist/lighttpd.conf
+++ /dev/null
@@ -1,444 +0,0 @@
-#######################################################################
-##
-## /etc/lighttpd/lighttpd.conf
-##
-## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
-##
-#######################################################################
-
-
-#######################################################################
-##
-## Some Variable definition which will make chrooting easier.
-##
-## if you add a variable here. Add the corresponding variable in the
-## chroot example aswell.
-##
-var.log_root = "/var/log/yastws"
-var.server_root = "/srv/www"
-var.state_dir = "/var/run"
-var.home_dir = "/var/lib/yastws"
-var.conf_dir = "/etc/yastws"
-
-##
-## run the server chrooted.
-##
-## This requires root permissions during startup.
-##
-## If you run Chrooted set the the variables to directories relative to
-## the chroot dir.
-##
-## example chroot configuration:
-##
-#var.log_root = "/logs"
-#var.server_root = "/"
-#var.state_dir = "/run"
-#var.home_dir = "/lib/lighttpd"
-#var.vhosts_dir = "/vhosts"
-#var.conf_dir = "/etc"
-#
-#server.chroot = "/srv/www"
-
-##
-## Some additional variables to make the configuration easier
-##
-
-##
-## Base directory for all virtual hosts
-##
-## used in:
-## /etc/lighttpd/conf.d/evhost.conf
-## /etc/lighttpd/conf.d/simple_vhost.conf
-## vhosts.d/vhosts.template
-##
-var.vhosts_dir = server_root + "/vhosts"
-
-##
-## Cache for mod_compress
-##
-## used in:
-## /etc/lighttpd/conf.d/compress.conf
-##
-var.cache_dir = "/var/cache/lighttpd"
-
-##
-## Base directory for sockets.
-##
-## used in:
-## /etc/lighttpd/conf.d/fastcgi.conf
-## /etc/lighttpd/conf.d/scgi.conf
-##
-var.socket_dir = home_dir + "/sockets"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Load the modules.
-include "modules.conf"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Basic Configuration
-## ---------------------
-##
-#server.port = 80
-server.port = 8080
-
-##
-## Use IPv6?
-##
-#server.use-ipv6 = "enable"
-server.use-ipv6 = "disable"
-
-##
-## bind to a specific IP
-##
-server.bind = "localhost"
-
-##
-## configration for IPv4 and IPv6 on localhost
-##
-# use IPv6
-#server.use-ipv6 = "enable"
-#server.use-ipv6 = "enable"
-# create socket for IPv4 localhost
-#$SERVER["socket"] == "127.0.0.1:8080" {
-#}
-# create socket for IPv6 localhost
-#$SERVER["socket"] == "[::1]:8080" {
-#}
-
-
-
-##
-## Run as a different username/groupname.
-## This requires root permissions during startup.
-##
-server.username = "yastws"
-server.groupname = "yastws"
-
-##
-## enable core files.
-##
-#server.core-files = "disable"
-
-##
-## Document root
-##
-server.document-root = server_root + "/htdocs"
-
-##
-## The value for the "Server:" response field.
-##
-## It would be nice to keep it at "lighttpd".
-##
-#server.tag = "lighttpd"
-
-##
-## store a pid file
-##
-server.pid-file = state_dir + "/yastws.pid"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Logging Options
-## ------------------
-##
-## all logging options can be overwritten per vhost.
-##
-## Path to the error log file
-##
-server.errorlog = log_root + "/error.log"
-
-##
-## If you want to log to syslog you have to unset the
-## server.errorlog setting and uncomment the next line.
-##
-#server.errorlog-use-syslog = "enable"
-
-##
-## Access log config
-##
-include "../../etc/lighttpd/conf.d/access_log.conf"
-
-##
-## The debug options are moved into their own file.
-## see /etc/lighttpd/conf.d/debug.conf for various options for request debugging.
-##
-include "../../etc/lighttpd/conf.d/debug.conf"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Tuning/Performance
-## --------------------
-##
-## corresponding documentation:
-## http://www.lighttpd.net/documentation/performance.html
-##
-## set the event-handler (read the performance section in the manual)
-##
-## possible options on linux are:
-##
-## select
-## poll
-## linux-sysepoll
-##
-## linux-sysepoll is recommended on kernel 2.6.
-##
-server.event-handler = "linux-sysepoll"
-
-##
-## The basic network interface for all platforms at the syscalls read()
-## and write(). Every modern OS provides its own syscall to help network
-## servers transfer files as fast as possible
-##
-## linux-sendfile - is recommended for small files.
-## writev - is recommended for sending many large files
-##
-server.network-backend = "linux-sendfile"
-
-##
-## As lighttpd is a single-threaded server, its main resource limit is
-## the number of file descriptors, which is set to 1024 by default (on
-## most systems).
-##
-## If you are running a high-traffic site you might want to increase this
-## limit by setting server.max-fds.
-##
-## Changing this setting requires root permissions on startup. see
-## server.username/server.groupname.
-##
-## By default lighttpd would not change the operation system default.
-## But setting it to 2048 is a better default for busy servers.
-##
-server.max-fds = 2048
-
-##
-## Stat() call caching.
-##
-## lighttpd can utilize FAM/Gamin to cache stat call.
-##
-## possible values are:
-## disable, simple or fam.
-##
-server.stat-cache-engine = "simple"
-
-##
-## Fine tuning for the request handling
-##
-## max-connections == max-fds/2 (maybe /3)
-## means the other file handles are used for fastcgi/files
-##
-server.max-connections = 1024
-
-##
-## How many seconds to keep a keep-alive connection open,
-## until we consider it idle.
-##
-## Default: 5
-##
-#server.max-keep-alive-idle = 5
-
-##
-## How many keep-alive requests until closing the connection.
-##
-## Default: 16
-##
-#server.max-keep-alive-requests = 16
-
-##
-## Maximum size of a request in kilobytes.
-## By default it is unlimited (0).
-##
-## Uploads to your server cant be larger than this value.
-##
-#server.max-request-size = 0
-
-##
-## Time to read from a socket before we consider it idle.
-##
-## Default: 60
-##
-#server.max-read-idle = 60
-
-##
-## Time to write to a socket before we consider it idle.
-##
-## Default: 360
-##
-#server.max-write-idle = 360
-
-##
-## Traffic Shaping
-## -----------------
-##
-## see /usr/share/doc/lighttpd/traffic-shaping.txt
-##
-## Values are in kilobyte per second.
-##
-## Keep in mind that a limit below 32kB/s might actually limit the
-## traffic to 32kB/s. This is caused by the size of the TCP send
-## buffer.
-##
-## per server:
-##
-#server.kbytes-per-second = 128
-
-##
-## per connection:
-##
-#connection.kbytes-per-second = 32
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Filename/File handling
-## ------------------------
-
-##
-## files to check for if .../ is requested
-## index-file.names = ( "index.php", "index.rb", "index.html",
-## "index.htm", "default.htm" )
-##
-index-file.names += (
- "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
-)
-
-##
-## deny access the file-extensions
-##
-## ~ is for backupfiles from vi, emacs, joe, ...
-## .inc is often used for code includes which should in general not be part
-## of the document-root
-url.access-deny = ( "~", ".inc" )
-
-##
-## disable range requests for pdf files
-## workaround for a bug in the Acrobat Reader plugin.
-##
-$HTTP["url"] =~ "\.pdf$" {
- server.range-requests = "disable"
-}
-
-##
-## url handling modules (rewrite, redirect)
-##
-#url.rewrite = ( "^/$" => "/server-status" )
-#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
-
-##
-## both rewrite/redirect support back reference to regex conditional using %n
-##
-#$HTTP["host"] =~ "^www\.(.*)" {
-# url.redirect = ( "^/(.*)" => "http://%1/$1" )
-#}
-
-##
-## which extensions should not be handle via static-file transfer
-##
-## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
-##
-static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
-
-##
-## error-handler for status 404
-##
-#server.error-handler-404 = "/error-handler.html"
-#server.error-handler-404 = "/error-handler.php"
-
-##
-## Format: <errorfile-prefix><status-code>.html
-## -> ..../status-404.html for 'File not found'
-##
-#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
-
-##
-## mimetype mapping
-##
-include "../../etc/lighttpd/conf.d/mime.conf"
-
-##
-## directory listing configuration
-##
-include "../../etc/lighttpd/conf.d/dirlisting.conf"
-
-##
-## Should lighttpd follow symlinks?
-##
-server.follow-symlink = "enable"
-
-##
-## force all filenames to be lowercase?
-##
-#server.force-lowercase-filenames = "disable"
-
-##
-## defaults to /var/tmp as we assume it is a local harddisk
-##
-server.upload-dirs = ( "/var/tmp" )
-
-##
-#######################################################################
-
-
-#######################################################################
-##
-## SSL Support
-## -------------
-##
-## To enable SSL for the whole server you have to provide a valid
-## certificate and have to enable the SSL engine.::
-##
-## ssl.engine = "enable"
-## ssl.pemfile = "/path/to/server.pem"
-##
-## The HTTPS protocol does not allow you to use name-based virtual
-## hosting with SSL. If you want to run multiple SSL servers with
-## one lighttpd instance you must use IP-based virtual hosting: ::
-##
-## $SERVER["socket"] == "10.0.0.1:443" {
-## ssl.engine = "enable"
-## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
-## server.name = "www.example.com"
-##
-## server.document-root = "/srv/www/vhosts/example.com/www/"
-## }
-##
-
-## If you have a .crt and a .key file, cat them together into a
-## single PEM file:
-## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
-## > /etc/ssl/private/lighttpd.pem
-##
-#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
-
-##
-## optionally pass the CA certificate here.
-##
-##
-#ssl.ca-file = ""
-
-##
-#######################################################################
-
-#######################################################################
-##
-## custom includes like vhosts.
-##
-#include "/etc/lighttpd/conf.d/config.conf"
-include_shell "cat /etc/yastws/vhosts.d/*.conf"
-##
-#######################################################################
diff --git a/dist/modules.conf b/dist/modules.conf
deleted file mode 100644
index 58a2718..0000000
--- a/dist/modules.conf
+++ /dev/null
@@ -1,172 +0,0 @@
-#######################################################################
-##
-## Modules to load
-## -----------------
-##
-## at least mod_access and mod_accesslog should be loaded
-## all other module should only be loaded if really neccesary
-##
-## - saves some time
-## - saves memory
-##
-## the default module set contains:
-##
-## "mod_indexfile", "mod_dirlisting", "mod_staticfile"
-##
-## you dont have to include those modules in your list
-##
-## Modules, which are pulled in via conf.d/*.conf
-##
-## NOTE: the order of modules is important.
-##
-## - mod_accesslog -> conf.d/access_log.conf
-## - mod_compress -> conf.d/compress.conf
-## - mod_status -> conf.d/status.conf
-## - mod_webdav -> conf.d/webdav.conf
-## - mod_cml -> conf.d/cml.conf
-## - mod_evhost -> conf.d/evhost.conf
-## - mod_simple_vhost -> conf.d/simple_vhost.conf
-## - mod_mysql_vhost -> conf.d/mysql_vhost.conf
-## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf
-## - mod_userdir -> conf.d/userdir.conf
-## - mod_rrdtool -> conf.d/rrdtool.conf
-## - mod_ssi -> conf.d/ssi.conf
-## - mod_cgi -> conf.d/cgi.conf
-## - mod_scgi -> conf.d/scgi.conf
-## - mod_fastcgi -> conf.d/fastcgi.conf
-## - mod_proxy -> conf.d/proxy.conf
-## - mod_secdownload -> conf.d/secdownload.conf
-## - mod_expire -> conf.d/expire.conf
-##
-
-server.modules = (
- "mod_access",
-# "mod_alias",
-# "mod_auth",
-# "mod_evasive",
-# "mod_redirect",
- "mod_rewrite",
-# "mod_setenv",
-# "mod_usertrack",
-)
-
-##
-#######################################################################
-
-#######################################################################
-##
-## Config for various Modules
-##
-
-##
-## mod_ssi
-##
-#include "/etc/lighttpd/conf.d/ssi.conf"
-
-##
-## mod_status
-##
-#include "/etc/lighttpd/conf.d/status.conf"
-
-##
-## mod_webdav
-##
-#include "/etc/lighttpd/conf.d/webdav.conf"
-
-##
-## mod_compress
-##
-#include "/etc/lighttpd/conf.d/compress.conf"
-
-##
-## mod_userdir
-##
-#include "/etc/lighttpd/conf.d/userdir.conf"
-
-##
-## mod_magnet
-##
-include "../../etc/lighttpd/conf.d/magnet.conf"
-
-##
-## mod_cml
-##
-#include "/etc/lighttpd/conf.d/cml.conf"
-
-##
-## mod_rrdtool
-##
-#include "/etc/lighttpd/conf.d/rrdtool.conf"
-
-##
-## mod_proxy
-##
-#include "/etc/lighttpd/conf.d/proxy.conf"
-
-##
-## mod_expire
-##
-#include "/etc/lighttpd/conf.d/expire.conf"
-
-##
-## mod_secdownload
-##
-#include "/etc/lighttpd/conf.d/secdownload.conf"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## CGI modules
-##
-
-##
-## SCGI (mod_scgi)
-##
-#include "/etc/lighttpd/conf.d/scgi.conf"
-
-##
-## FastCGI (mod_fastcgi)
-##
-include "../../etc/lighttpd/conf.d/fastcgi.conf"
-
-##
-## plain old CGI (mod_cgi)
-##
-#include "/etc/lighttpd/conf.d/cgi.conf"
-
-##
-#######################################################################
-
-#######################################################################
-##
-## VHost Modules
-##
-## Only load ONE of them!
-## ========================
-##
-
-##
-## You can use conditionals for vhosts aswell.
-##
-## see http://www.lighttpd.net/documentation/configuration.html
-##
-
-##
-## mod_evhost
-##
-#include "/etc/lighttpd/conf.d/evhost.conf"
-
-##
-## mod_simple_vhost
-##
-#include "/etc/lighttpd/conf.d/simple_vhost.conf"
-
-##
-## mod_mysql_vhost
-##
-#include "/etc/lighttpd/conf.d/mysql_vhost.conf"
-
-##
-#######################################################################
diff --git a/dist/org.opensuse.yast.permissions.policy b/dist/org.opensuse.yast.permissions.policy
deleted file mode 100644
index 98d4b6d..0000000
--- a/dist/org.opensuse.yast.permissions.policy
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE policyconfig PUBLIC
- "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
- "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
-<policyconfig>
-
- <vendor>YaST Webservice Project</vendor>
- http://en.opensuse.org/YAST
-
-
-
- <action id="org.opensuse.yast.permissions.read">
- <description>Reading user permissions</description>
- <message>Authentication is required to read user permissions</message>
- <defaults>
- no
- no
- </defaults>
- </action>
- <action id="org.opensuse.yast.permissions.write">
- <description>Setting user permissions</description>
- <message>Authentication is required to set user permissions</message>
- <defaults>
- no
- no
- </defaults>
- </action>
-
-</policyconfig>
\ No newline at end of file
diff --git a/dist/policyKit-rights.rb b/dist/policyKit-rights.rb
deleted file mode 100644
index e3e780d..0000000
--- a/dist/policyKit-rights.rb
+++ /dev/null
@@ -1,97 +0,0 @@
-#!/usr/bin/ruby
-#
-# policyKit-rights.rb
-#
-# show, grant and revoke policies for YaST webservice
-#
-# run: ruby policyKit-rights.rb
-#
-#
-require 'fileutils'
-require 'getoptlong'
-
-$debug = 0
-
-def usage why
- STDERR.puts why
- STDERR.puts "Usage: policyKit-rights.rb --user <user> --action (show|grant|revoke)"
- STDERR.puts "NOTE: This program should be run by user root"
- STDERR.puts ""
- STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
- STDERR.puts "In order to grant/revoke single rights use:"
- STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
- STDERR.puts ""
- STDERR.puts "In order to show all possible permissions use:"
- STDERR.puts "polkit-action"
- exit 1
-end
-
-options = GetoptLong.new(
- [ "--user", GetoptLong::REQUIRED_ARGUMENT ],
- [ "--action", GetoptLong::REQUIRED_ARGUMENT ]
-)
-
-user = nil
-action = nil
-
-
-begin
-options.each do |opt, arg|
- case opt
- when "--user": user = arg
- when "--action": action = arg
- when "--debug": $debug += 1
- else
- STDERR.puts "Ignoring unrecognized option #{opt}"
- end
-end
-rescue
-end
-
-$debug = nil if $debug == 0
-
-usage "excessive arguments" unless ARGV.empty?
-usage "--user parameter missing" unless user
-usage "--action parameter (show|grant|revoke) missing" unless action
-
-begin
- SuseString = "org.opensuse.yast"
- if action == "grant"
- IO.popen( "polkit-action", 'r+' ) do |pipe|
- loop do
- break if pipe.eof?
- l = pipe.read
- policies = l.split("\n")
- policies.each do |policy|
- if policy.include? SuseString and not policy.include? ".scr"
- STDOUT.puts "granting: #{policy}"
- command = "polkit-auth --user " + user + " --grant " + policy
- system (command)
- end
- end
- end
- end
- else
- command = "polkit-auth --user " + user + " --explicit"
- IO.popen( command, 'r+' ) do |pipe|
- loop do
- break if pipe.eof?
- l = pipe.read
- case action
- when "show"
- STDOUT.puts l
- when "revoke"
- policies = l.split("\n")
- policies.each do |policy|
- if policy.include? SuseString and not policy.include? ".scr"
- STDOUT.puts "revoking: #{policy}"
- command = "polkit-auth --user " + user + " --revoke " + policy
- system (command)
- end
- end
- end
- end
- end
- end
-end
-
diff --git a/dist/rails.include b/dist/rails.include
deleted file mode 100644
index 76c35e5..0000000
--- a/dist/rails.include
+++ /dev/null
@@ -1,35 +0,0 @@
-#
-# usage:
-# $HTTP["host"] == "someapp.opensuse.org" {
-# rails_app = "someapp"
-# rails_root = "/srv/www/opensuse/someapp"
-# rails_procs = 4
-# # production/development are typical values here
-# rails_mode = "production"
-# include "vhosts.d/rails.inc"
-# }
-
- #
- # quick fix for security bug in rails 1.1
- #
- url.rewrite-once = ( "^/(app|components|config|db|doc|lib|log|public|script|test|tmp|vendor)/" => "/index.html" )
- url.rewrite += ("^/apidocs(/|)$" => "/apidocs/html/index.html")
- magnet.attract-physical-path-to = ( conf_dir + "/cleanurl-v5.lua" )
- accesslog.filename = log_root + "/obs-" + rails_app + "-access.log"
- rails_tmp = rails_root + "/tmp"
-
- server.document-root = rails_root + "/public"
- fastcgi.server = ( ".fcgi" =>
- ( rails_app =>
- ( "socket" => rails_tmp + "/sockets/fcgi.socket",
- "bin-path" => server.document-root + "/dispatch.fcgi",
- "bin-environment" => (
- "RAILS_ENV" => rails_mode,
- "TMP" => rails_tmp
- ),
- "max-procs" => rails_procs,
- "idle-timeout" => 3600,
- )
- )
- )
-
diff --git a/dist/yast.conf b/dist/yast.conf
deleted file mode 100644
index fc29f02..0000000
--- a/dist/yast.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-$HTTP["host"] =~ "." {
- rails_app = "yast"
- rails_root = "/srv/www/yastws"
- rails_procs = 1
- # production/development are typical values here
- rails_mode = "development"
- log_root = "/srv/www/yastws/log"
-
- include "vhosts.d/rails.inc"
-}
diff --git a/dist/yast2-webservice.changes b/dist/yast2-webservice.changes
deleted file mode 100644
index fdd5ed6..0000000
--- a/dist/yast2-webservice.changes
+++ /dev/null
@@ -1,31 +0,0 @@
--------------------------------------------------------------------
-Fri May 15 15:14:45 CEST 2009 - schubi@suse.de
-
-- new interface definitions
-- Testcase mechanism
-- plugin machanism
-- reset version to 0.0.1
-
--------------------------------------------------------------------
-Tue Mar 31 13:11:49 CEST 2009 - schubi@suse.de
-
-- remove not needed activeRecords like user, patches,...
-- version 1.0.1-1
-
--------------------------------------------------------------------
-Thu Jan 29 18:09:45 CET 2009 - schubi@suse.de
-
-- removed old layout stuff, bugfixes, update doc
-- version 1.0.0-2
-
--------------------------------------------------------------------
-Wed Oct 22 17:04:50 CEST 2008 - schubi@suse.de
-
-- added policies
-- some API changes
-
--------------------------------------------------------------------
-Tue Sep 9 13:43:29 CEST 2008 - schubi@suse.de
-
-- initial
-
diff --git a/dist/yast2-webservice.spec b/dist/yast2-webservice.spec
deleted file mode 100644
index 79b7481..0000000
--- a/dist/yast2-webservice.spec
+++ /dev/null
@@ -1,198 +0,0 @@
-#
-# spec file for package yast2-webservice (Version 0.1)
-#
-# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
-# This file and all modifications and additions to the pristine
-# package are under the same license as the package itself.
-#
-# Please submit bugfixes or comments via http://bugs.opensuse.org/
-#
-
-
-Name: yast2-webservice
-Requires: yast2-core >= 2.18.3, lighttpd-mod_magnet, ruby-fcgi, ruby-dbus, sqlite, avahi-utils
-Conflicts: gamin
-PreReq: lighttpd, PolicyKit, PackageKit, rubygem-rake, rubygem-sqlite3, rubygem-rails-2_3, ruby-rpam, ruby-polkit
-License: MIT
-Group: Productivity/Networking/Web/Utilities
-Autoreqprov: on
-Version: 0.0.1
-Release: 0
-Summary: YaST2 - Webservice
-Source: www.tar.bz2
-Source1: yast.conf
-Source2: rails.include
-Source3: cleanurl-v5.lua
-Source4: org.opensuse.yast.permissions.policy
-Source5: policyKit-rights.rb
-Source6: yast_user_roles
-Source7: lighttpd.conf
-Source8: modules.conf
-Source9: yastws
-BuildRoot: %{_tmppath}/%{name}-%{version}-build
-BuildRequires: ruby-devel, pkg-config, rubygem-relevance-rcov, rubygem-mocha
-# if we run the tests during build, we need most of Requires here too,
-# except for deployment specific stuff
-BuildRequires: yast2-core, ruby-dbus, sqlite, avahi-utils dbus-1
-BuildRequires: PolicyKit, PackageKit, rubygem-rake, rubygem-sqlite3, rubygem-rails-2_3, ruby-rpam, ruby-polkit
-BuildArch: noarch
-
-#
-%define pkg_user yastws
-%define pkg_home /var/lib/%{pkg_user}
-#
-
-
-%description
-YaST2 - Webservice - REST based interface of YaST.
-Authors:
---------
- Duncan Mac-Vicar Prett
- Klaus Kaempf
- Bjoern Geuken
- Stefan Schubert
-
-%prep
-%setup -q -n www
-
-%build
-
-%install
-
-#
-# Install all web and frontend parts.
-#
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/
-cp -a * $RPM_BUILD_ROOT/srv/www/%{pkg_user}/
-rm $RPM_BUILD_ROOT/srv/www/%{pkg_user}/log/*
-
-%{__install} -d -m 0755 \
- %{buildroot}%{pkg_home}/sockets/ \
- %{buildroot}%{pkg_home}/cache/ \
- %{buildroot}%{_sbindir} \
- %{buildroot}%{_var}/log/%{pkg_user}
-#
-# init script
-#
-%{__install} -D -m 0755 %SOURCE9 \
- %{buildroot}%{_sysconfdir}/init.d/%{pkg_user}
-%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_user} %{buildroot}%{_sbindir}/rc%{pkg_user}
-#
-
-# configure lighttpd web service
-mkdir -p $RPM_BUILD_ROOT/etc/yastws/vhosts.d/
-install -m 0644 %SOURCE1 $RPM_BUILD_ROOT/etc/yastws/vhosts.d/
-install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/etc/yastws/vhosts.d/rails.inc
-install -m 0644 %SOURCE3 $RPM_BUILD_ROOT/etc/yastws/
-install -m 0644 %SOURCE7 $RPM_BUILD_ROOT/etc/yastws/
-install -m 0644 %SOURCE8 $RPM_BUILD_ROOT/etc/yastws/
-
-# Policies
-mkdir -p $RPM_BUILD_ROOT/usr/share/PolicyKit/policy
-install -m 0644 %SOURCE4 $RPM_BUILD_ROOT/usr/share/PolicyKit/policy/
-mkdir -p $RPM_BUILD_ROOT/etc/yastws/tools
-install -m 0644 %SOURCE5 $RPM_BUILD_ROOT/etc/yastws/tools
-install -m 0644 %SOURCE6 $RPM_BUILD_ROOT/etc/
-
-# create empty tmp directory
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/cache
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/pids
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/sessions
-mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/sockets
-
-
-%clean
-rm -rf $RPM_BUILD_ROOT
-
-%pre
-#
-# e.g. adding user
-#
-/usr/sbin/groupadd -r %{pkg_user} &>/dev/null ||:
-/usr/sbin/useradd -g %{pkg_user} -s /bin/false -r -c "User for YaST-Webservice" -d %{pkg_home} %{pkg_user} &>/dev/null ||:
-
-%post
-#installing lighttpd server
-test -r /usr/sbin/yastws || { echo "Creating link /usr/sbin/yastws";
- ln -s /usr/sbin/lighttpd /usr/sbin/yastws; }
-%fillup_and_insserv %{pkg_user}
-#
-#granting permissions for yastws
-#
-/usr/bin/polkit-auth --user yastws --grant org.freedesktop.packagekit.system-update >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.freedesktop.policykit.read >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.read >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.write >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.execute >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.dir >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.registeragent >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unregisteragent >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unmountagent >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.error >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unregisterallagents >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.registernewagents >& /dev/null || :
-/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.module-manager.import >& /dev/null || :
-#
-# granting all permissions for root
-#
-/etc/yastws/tools/policyKit-rights.rb --user root --action grant >& /dev/null || :
-#
-# create database
-#
-cd srv/www/%{pkg_user}
-chown yastws: db db/*.sqlite* db/schema.rb
-# it writes to the log, don't leave it to root
-su %{pkg_user} -s /bin/sh -c "rake db:migrate"
-
-%preun
-%stop_on_removal %{pkg_user}
-
-%postun
-%restart_on_update %{pkg_user}
-%{insserv_cleanup}
-#remove link
-if test -r /usr/sbin/yastws ; then
- echo "/usr/sbin/yastws already removed"
-else
- echo "Removing link /usr/sbin/yastws";
- rm /usr/sbin/yastws
-fi
-
-%files
-%defattr(-,root,root)
-%dir /etc/yastws
-%dir /srv/www/yastws
-%dir /etc/yastws/tools
-%dir /etc/yastws/vhosts.d
-%dir /usr/share/PolicyKit
-%dir /usr/share/PolicyKit/policy
-%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}
-%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}/sockets
-%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}/cache
-%attr(-,%{pkg_user},%{pkg_user}) %dir %{_var}/log/%{pkg_user}
-
-/srv/www/yastws/app
-/srv/www/yastws/db
-/srv/www/yastws/doc
-/srv/www/yastws/lib
-/srv/www/yastws/public
-/srv/www/yastws/Rakefile
-/srv/www/yastws/script
-/srv/www/yastws/test
-/srv/www/yastws/config
-/srv/www/yastws/vendor
-%attr(755,root,root) %config /etc/yastws/tools/policyKit-rights.rb
-%attr(755,root,root) /srv/www/yastws/start.sh
-%doc /srv/www/yastws/README
-%attr(-,%{pkg_user},%{pkg_user}) /srv/www/yastws/log
-%attr(-,%{pkg_user},%{pkg_user}) /srv/www/yastws/tmp
-%config(noreplace) /etc/yastws/vhosts.d/yast.conf
-%config(noreplace) /etc/yastws/lighttpd.conf
-%config /etc/yastws/vhosts.d/rails.inc
-%config /etc/yastws/cleanurl-v5.lua
-%config /etc/yastws/modules.conf
-%config /usr/share/PolicyKit/policy/org.opensuse.yast.permissions.policy
-%config(noreplace) /etc/yast_user_roles
-%config(noreplace) %{_sysconfdir}/init.d/%{pkg_user}
-%{_sbindir}/rc%{pkg_user}
diff --git a/dist/yast_user_roles b/dist/yast_user_roles
deleted file mode 100644
index c3f16aa..0000000
--- a/dist/yast_user_roles
+++ /dev/null
@@ -1,11 +0,0 @@
-#
-# file : /etc/yast_user_roles
-#
-# This file describes roles of a user accounts for the YaST Webservice
-# "user accounts": System account which is accessable e.g. via PAM.
-# "roles" : Describes user accounts for which policies have
-# been generated
-#
-# Format: <user> ,,...<role n>
-#
-root schubi
diff --git a/dist/yastws b/dist/yastws
deleted file mode 100755
index 37ea612..0000000
--- a/dist/yastws
+++ /dev/null
@@ -1,348 +0,0 @@
-#! /bin/sh
-# Copyright (c) 1995-2009 SUSE Linux AG, Nuernberg, Germany.
-# All rights reserved.
-#
-# Author: Kurt Garloff, Stefan Schubert
-# Please send feedback to http://www.suse.de/feedback/
-#
-# /etc/init.d/yastws
-# and its symbolic link
-# /(usr/)sbin/rcyastws
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation; either version 2 of the License, or
-# (at your option) any later version.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program; if not, write to the Free Software
-# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
-#
-# Template system startup script for some example service/daemon yastws
-#
-# LSB compatible service control script; see http://www.linuxbase.org/spec/
-#
-# Note: This template uses functions rc_XXX defined in /etc/rc.status on
-# UnitedLinux (UL) based Linux distributions. If you want to base your
-# script on this template and ensure that it works on non UL based LSB
-# compliant Linux distributions, you either have to provide the rc.status
-# functions from UL or change the script to work without them.
-#
-### BEGIN INIT INFO
-# Provides: yastws
-# Required-Start: $syslog $remote_fs
-# Should-Start: $time ypbind sendmail yastwc
-# Required-Stop: $syslog $remote_fs
-# Should-Stop: $time ypbind sendmail yastwc
-# Default-Start: 3 5
-# Default-Stop: 0 1 2 6
-# Short-Description: yastws
-# Description: Start yastws
-### END INIT INFO
-#
-# Any extensions to the keywords given above should be preceeded by
-# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
-#
-# Notes on Required-Start/Should-Start:
-# * There are two different issues that are solved by Required-Start
-# and Should-Start
-# (a) Hard dependencies: This is used by the runlevel editor to determine
-# which services absolutely need to be started to make the start of
-# this service make sense. Example: nfsserver should have
-# Required-Start: $portmap
-# Also, required services are started before the dependent ones.
-# The runlevel editor will warn about such missing hard dependencies
-# and suggest enabling. During system startup, you may expect an error,
-# if the dependency is not fulfilled.
-# (b) Specifying the init script ordering, not real (hard) dependencies.
-# This is needed by insserv to determine which service should be
-# started first (and at a later stage what services can be started
-# in parallel). The tag Should-Start: is used for this.
-# It tells, that if a service is available, it should be started
-# before. If not, never mind.
-# * When specifying hard dependencies or ordering requirements, you can
-# use names of services (contents of their Provides: section)
-# or pseudo names starting with a $. The following ones are available
-# according to LSB (1.1):
-# $local_fs all local file systems are mounted
-# (most services should need this!)
-# $remote_fs all remote file systems are mounted
-# (note that /usr may be remote, so
-# many services should Require this!)
-# $syslog system logging facility up
-# $network low level networking (eth card, ...)
-# $named hostname resolution available
-# $netdaemons all network daemons are running
-# The $netdaemons pseudo service has been removed in LSB 1.2.
-# For now, we still offer it for backward compatibility.
-# These are new (LSB 1.2):
-# $time the system time has been set correctly
-# $portmap SunRPC portmapping service available
-# UnitedLinux extensions:
-# $ALL indicates that a script should be inserted
-# at the end
-# * The services specified in the stop tags
-# (Required-Stop/Should-Stop)
-# specify which services need to be still running when this service
-# is shut down. Often the entries there are just copies or a subset
-# from the respective start tag.
-# * Should-Start/Stop are now part of LSB as of 2.0,
-# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
-# insserv does support both variants.
-# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
-# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
-# a startup script should default to be enabled after installation.
-# It's not used by insserv.
-#
-# Note on runlevels:
-# 0 - halt/poweroff 6 - reboot
-# 1 - single user 2 - multiuser without network exported
-# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
-#
-# Note on script names:
-# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
-# A registry has been set up to manage the init script namespace.
-# http://www.lanana.org/
-# Please use the names already registered or register one or use a
-# vendor prefix.
-
-
-# Check for missing binaries (stale symlinks should not happen)
-# Note: Special treatment of stop for LSB conformance
-LIGHTTPD_BIN=/usr/sbin/yastws
-test -x $LIGHTTPD_BIN || { echo "$LIGHTTPD_BIN not installed";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 5; fi; }
-
-# Check for existence of needed config file and read it
-LIGHTTPD_CONFIG=/etc/yastws/lighttpd.conf
-test -r $LIGHTTPD_CONFIG || { echo "$LIGHTTPD_CONFIG not existing";
- if [ "$1" = "stop" ]; then exit 0;
- else exit 6; fi; }
-
-#
-# Activate/Deactivate AVAHI
-#
-DOMAIN="$(domainname)"
-if [ "$DOMAIN" = "" ]; then
- HOSTNAME="$(hostname)"
-else
- HOSTNAME="$(hostname).$DOMAIN"
-fi
-
-function avahi_stop () {
- RUNNING=$(ps ux | grep avahi-publish-service | grep yastws | grep $HOSTNAME >/dev/null)
- if [ $? = 0 ]; then
- kill $(ps ux | grep avahi-publish-service | grep yastws | grep $HOSTNAME | awk '" " { print $2 }') >/dev/null
- fi
-}
-function avahi_announce () {
- PORT="$(netstat -npl|grep yastws| grep tcp| awk '{print $4}'| awk -F : '{print $NF}')"
- HTTPS="$(grep -v '#' /etc/yastws/lighttpd.conf|grep ssl.engine|grep enable )"
- PROTOCOL="https"
- if [ "$HTTPS" = "" ]; then
- PROTOCOL="http"
- fi
- RUNNING=$(netstat -ap|grep yastws|grep localhost >/dev/null)
- if [ $? = 1 ]; then
- if [ -x /usr/bin/avahi-publish-service ]; then
- if [ -f /var/run/avahi-daemon/pid ]; then
- avahi-publish-service "YaST Webservice $PROTOCOL://$HOSTNAME:$PORT" _yastws._tcp $PORT >/dev/null 2>/dev/null &
- fi
- fi
- fi
-}
-
-
-PID_FILE=/var/run/yastws.pid
-IGNORE_FILE=/var/run/yastwc.pid
-
-#only for beeing sure....
-if ps -C yastwc >/dev/null; then
- ps -C yastwc|grep yastwc|cut -c -6 >$IGNORE_FILE
- IGNORE_FILE_SIZE="$(stat -c "%s" $IGNORE_FILE)"
- IGNORE_FILE_ENTRIES="$(wc -l $IGNORE_FILE|cut -c -1)"
- if [ $IGNORE_FILE_SIZE -eq 0 ]; then
- echo "$IGNORE_FILE has no entry --> removing"
- rm $IGNORE_FILE
- fi
-else
- if test -s $IGNORE_FILE ; then
- rm $IGNORE_FILE
- fi
-fi
-if ps -C yastws >/dev/null; then
- ps -C yastws|grep yastws|cut -c -6 >$PID_FILE
- PID_FILE_SIZE="$(stat -c "%s" $PID_FILE)"
- PID_FILE_ENTRIES="$(wc -l $PID_FILE|cut -c -1)"
- if [ $PID_FILE_SIZE -eq 0 ]; then
- echo "$PID_FILE has no entry --> removing"
- rm $PID_FILE
- fi
-else
- if test -s $PID_FILE ; then
- rm $PID_FILE
- fi
-fi
-
-
-# Source LSB init functions
-# providing start_daemon, killproc, pidofproc,
-# log_success_msg, log_failure_msg and log_warning_msg.
-# This is currently not used by UnitedLinux based distributions and
-# not needed for init scripts for UnitedLinux only. If it is used,
-# the functions from rc.status should not be sourced or used.
-#. /lib/lsb/init-functions
-
-# Shell functions sourced from /etc/rc.status:
-# rc_check check and set local and overall rc status
-# rc_status check and set local and overall rc status
-# rc_status -v be verbose in local rc status and clear it afterwards
-# rc_status -v -r ditto and clear both the local and overall rc status
-# rc_status -s display "skipped" and exit with status 3
-# rc_status -u display "unused" and exit with status 3
-# rc_failed set local and overall rc status to failed
-# rc_failed <num> set local and overall rc status to <num>
-# rc_reset clear both the local and overall rc status
-# rc_exit exit appropriate to overall rc status
-# rc_active checks whether a service is activated by symlinks
-. /etc/rc.status
-
-# Reset status of this service
-rc_reset
-
-# Return values acc. to LSB for all commands but status:
-# 0 - success
-# 1 - generic or unspecified error
-# 2 - invalid or excess argument(s)
-# 3 - unimplemented feature (e.g. "reload")
-# 4 - user had insufficient privileges
-# 5 - program is not installed
-# 6 - program is not configured
-# 7 - program is not running
-# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
-#
-# Note that starting an already running service, stopping
-# or restarting a not-running service as well as the restart
-# with force-reload (in case signaling is not supported) are
-# considered a success.
-
-case "$1" in
- start)
- if test -s $PID_FILE ; then
- #already running
- echo ""
- else
- ## Start daemon with startproc(8). If this fails
- ## the return value is set appropriately by startproc.
- if test -s $IGNORE_FILE ; then
- startproc -i $IGNORE_FILE $LIGHTTPD_BIN -f $LIGHTTPD_CONFIG
- else
- startproc $LIGHTTPD_BIN -f $LIGHTTPD_CONFIG
- fi
- # Remember status and be verbose
- rc_status -v
-
- # Make it public if it is needed (AVAHI)
- avahi_announce
- fi
- ;;
- stop)
- echo -n "Shutting down yastws "
- ## Stop daemon with killproc(8) and if this fails
- ## killproc sets the return value according to LSB.
- killproc -TERM -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
-
- # Remember status and be verbose
- rc_status -v
-
- # Kill /usr/lib/YaST2/bin/SCR_dbus_server cause it is not needed anymore
- killproc /usr/lib/YaST2/bin/SCR_dbus_server
-
- #Stopping AVAHI
- avahi_stop
- ;;
- try-restart|condrestart)
- ## Do a restart only if the service was active before.
- ## Note: try-restart is now part of LSB (as of 1.9).
- ## RH has a similar command named condrestart.
- if test "$1" = "condrestart"; then
- echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
- fi
- $0 status
- if test $? = 0; then
- $0 restart
- else
- rc_reset # Not running is not a failure.
- fi
- # Remember status and be quiet
- rc_status
- ;;
- restart)
- ## Stop the service and regardless of whether it was
- ## running or not, start it again.
- $0 stop
- $0 start
-
- # Remember status and be quiet
- rc_status
- ;;
- force-reload)
- ## Signal the daemon to reload its config. Most daemons
- ## do this on signal 1 (SIGHUP).
- ## If it does not support it, restart.
-
- echo -n "Reload service yastws "
- ## if it supports it:
- killproc -HUP -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
- #touch /var/run/lighttpd.pid
- rc_status -v
-
- ## Otherwise:
- #$0 try-restart
- #rc_status
- ;;
- reload)
- ## Like force-reload, but if daemon does not support
- ## signaling, do nothing (!)
-
- # If it supports signaling:
- echo -n "Reload service yastws "
- killproc -HUP -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
- #touch /var/run/lighttpd.pid
- rc_status -v
-
- ## Otherwise if it does not support reload:
- #rc_failed 3
- #rc_status -v
- ;;
- status)
- echo -n "Checking for service yastws "
- ## Check status with checkproc(8), if process is running
- ## checkproc will return with exit status 0.
-
- # Return value is slightly different for the status command:
- # 0 - service up and running
- # 1 - service dead, but /var/run/ pid file exists
- # 2 - service dead, but /var/lock/ lock file exists
- # 3 - service not running (unused)
- # 4 - service status unknown :-(
- # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
-
- # NOTE: checkproc returns LSB compliant status values.
- checkproc -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
- # NOTE: rc_status knows that we called this init script with
- # "status" option and adapts its messages accordingly.
- rc_status -v
- ;;
- *)
- echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
- exit 1
- ;;
-esac
-rc_exit
diff --git a/webservice/package/cleanurl-v5.lua b/webservice/package/cleanurl-v5.lua
new file mode 100644
index 0000000..4656861
--- /dev/null
+++ b/webservice/package/cleanurl-v5.lua
@@ -0,0 +1,28 @@
+-- little helper function
+function file_exists(path)
+ local attr = lighty.stat(path)
+ if (attr and attr["is_file"]) then
+ return true
+ else
+ return false
+ end
+end
+
+-- the magic ;)
+if (not file_exists(lighty.env["physical.path"])) then
+ -- file does not exist. check if we have a cached version
+ lighty.env["physical.path"] = lighty.env["physical.path"] .. ".html"
+
+ if (not file_exists(lighty.env["physical.path"])) then
+ -- file still missing. pass it to the fastcgi backend
+ lighty.env["uri.path"] = "/dispatch.fcgi"
+ lighty.env["physical.rel-path"] = lighty.env["uri.path"]
+ lighty.env["request.orig-uri"] = lighty.env["request.uri"]
+ lighty.env["physical.path"] = lighty.env["physical.doc-root"] .. lighty.env["physical.rel-path"]
+ end
+end
+-- fallthrough will put it back into the lighty request loop
+-- that means we get the 304 handling for free. ;)
+
+-- debugging code
+-- print ("final file is " .. lighty.env["physical.path"])
diff --git a/webservice/package/lighttpd.conf b/webservice/package/lighttpd.conf
new file mode 100644
index 0000000..c8bbbf4
--- /dev/null
+++ b/webservice/package/lighttpd.conf
@@ -0,0 +1,444 @@
+#######################################################################
+##
+## /etc/lighttpd/lighttpd.conf
+##
+## check /etc/lighttpd/conf.d/*.conf for the configuration of modules.
+##
+#######################################################################
+
+
+#######################################################################
+##
+## Some Variable definition which will make chrooting easier.
+##
+## if you add a variable here. Add the corresponding variable in the
+## chroot example aswell.
+##
+var.log_root = "/var/log/yastws"
+var.server_root = "/srv/www"
+var.state_dir = "/var/run"
+var.home_dir = "/var/lib/yastws"
+var.conf_dir = "/etc/yastws"
+
+##
+## run the server chrooted.
+##
+## This requires root permissions during startup.
+##
+## If you run Chrooted set the the variables to directories relative to
+## the chroot dir.
+##
+## example chroot configuration:
+##
+#var.log_root = "/logs"
+#var.server_root = "/"
+#var.state_dir = "/run"
+#var.home_dir = "/lib/lighttpd"
+#var.vhosts_dir = "/vhosts"
+#var.conf_dir = "/etc"
+#
+#server.chroot = "/srv/www"
+
+##
+## Some additional variables to make the configuration easier
+##
+
+##
+## Base directory for all virtual hosts
+##
+## used in:
+## /etc/lighttpd/conf.d/evhost.conf
+## /etc/lighttpd/conf.d/simple_vhost.conf
+## vhosts.d/vhosts.template
+##
+var.vhosts_dir = server_root + "/vhosts"
+
+##
+## Cache for mod_compress
+##
+## used in:
+## /etc/lighttpd/conf.d/compress.conf
+##
+var.cache_dir = "/var/cache/lighttpd"
+
+##
+## Base directory for sockets.
+##
+## used in:
+## /etc/lighttpd/conf.d/fastcgi.conf
+## /etc/lighttpd/conf.d/scgi.conf
+##
+var.socket_dir = home_dir + "/sockets"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Load the modules.
+include "modules.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Basic Configuration
+## ---------------------
+##
+#server.port = 80
+server.port = 8080
+
+##
+## Use IPv6?
+##
+#server.use-ipv6 = "enable"
+server.use-ipv6 = "disable"
+
+##
+## bind to a specific IP
+##
+server.bind = "localhost"
+
+##
+## configration for IPv4 and IPv6 on localhost
+##
+# use IPv6
+#server.use-ipv6 = "enable"
+#server.use-ipv6 = "enable"
+# create socket for IPv4 localhost
+#$SERVER["socket"] == "127.0.0.1:8080" {
+#}
+# create socket for IPv6 localhost
+#$SERVER["socket"] == "[::1]:8080" {
+#}
+
+
+
+##
+## Run as a different username/groupname.
+## This requires root permissions during startup.
+##
+server.username = "yastws"
+server.groupname = "yastws"
+
+##
+## enable core files.
+##
+#server.core-files = "disable"
+
+##
+## Document root
+##
+server.document-root = server_root + "/htdocs"
+
+##
+## The value for the "Server:" response field.
+##
+## It would be nice to keep it at "lighttpd".
+##
+#server.tag = "lighttpd"
+
+##
+## store a pid file
+##
+server.pid-file = state_dir + "/yastws.pid"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Logging Options
+## ------------------
+##
+## all logging options can be overwritten per vhost.
+##
+## Path to the error log file
+##
+server.errorlog = log_root + "/error.log"
+
+##
+## If you want to log to syslog you have to unset the
+## server.errorlog setting and uncomment the next line.
+##
+#server.errorlog-use-syslog = "enable"
+
+##
+## Access log config
+##
+include "../../etc/lighttpd/conf.d/access_log.conf"
+
+##
+## The debug options are moved into their own file.
+## see /etc/lighttpd/conf.d/debug.conf for various options for request debugging.
+##
+include "../../etc/lighttpd/conf.d/debug.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Tuning/Performance
+## --------------------
+##
+## corresponding documentation:
+## http://www.lighttpd.net/documentation/performance.html
+##
+## set the event-handler (read the performance section in the manual)
+##
+## possible options on linux are:
+##
+## select
+## poll
+## linux-sysepoll
+##
+## linux-sysepoll is recommended on kernel 2.6.
+##
+server.event-handler = "linux-sysepoll"
+
+##
+## The basic network interface for all platforms at the syscalls read()
+## and write(). Every modern OS provides its own syscall to help network
+## servers transfer files as fast as possible
+##
+## linux-sendfile - is recommended for small files.
+## writev - is recommended for sending many large files
+##
+server.network-backend = "linux-sendfile"
+
+##
+## As lighttpd is a single-threaded server, its main resource limit is
+## the number of file descriptors, which is set to 1024 by default (on
+## most systems).
+##
+## If you are running a high-traffic site you might want to increase this
+## limit by setting server.max-fds.
+##
+## Changing this setting requires root permissions on startup. see
+## server.username/server.groupname.
+##
+## By default lighttpd would not change the operation system default.
+## But setting it to 2048 is a better default for busy servers.
+##
+server.max-fds = 2048
+
+##
+## Stat() call caching.
+##
+## lighttpd can utilize FAM/Gamin to cache stat call.
+##
+## possible values are:
+## disable, simple or fam.
+##
+server.stat-cache-engine = "simple"
+
+##
+## Fine tuning for the request handling
+##
+## max-connections == max-fds/2 (maybe /3)
+## means the other file handles are used for fastcgi/files
+##
+server.max-connections = 1024
+
+##
+## How many seconds to keep a keep-alive connection open,
+## until we consider it idle.
+##
+## Default: 5
+##
+#server.max-keep-alive-idle = 5
+
+##
+## How many keep-alive requests until closing the connection.
+##
+## Default: 16
+##
+#server.max-keep-alive-requests = 16
+
+##
+## Maximum size of a request in kilobytes.
+## By default it is unlimited (0).
+##
+## Uploads to your server cant be larger than this value.
+##
+#server.max-request-size = 0
+
+##
+## Time to read from a socket before we consider it idle.
+##
+## Default: 60
+##
+#server.max-read-idle = 60
+
+##
+## Time to write to a socket before we consider it idle.
+##
+## Default: 360
+##
+#server.max-write-idle = 360
+
+##
+## Traffic Shaping
+## -----------------
+##
+## see /usr/share/doc/lighttpd/traffic-shaping.txt
+##
+## Values are in kilobyte per second.
+##
+## Keep in mind that a limit below 32kB/s might actually limit the
+## traffic to 32kB/s. This is caused by the size of the TCP send
+## buffer.
+##
+## per server:
+##
+#server.kbytes-per-second = 128
+
+##
+## per connection:
+##
+#connection.kbytes-per-second = 32
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Filename/File handling
+## ------------------------
+
+##
+## files to check for if .../ is requested
+## index-file.names = ( "index.php", "index.rb", "index.html",
+## "index.htm", "default.htm" )
+##
+index-file.names += (
+ "index.xhtml", "index.html", "index.htm", "default.htm", "index.php"
+)
+
+##
+## deny access the file-extensions
+##
+## ~ is for backupfiles from vi, emacs, joe, ...
+## .inc is often used for code includes which should in general not be part
+## of the document-root
+url.access-deny = ( "~", ".inc" )
+
+##
+## disable range requests for pdf files
+## workaround for a bug in the Acrobat Reader plugin.
+##
+$HTTP["url"] =~ "\.pdf$" {
+ server.range-requests = "disable"
+}
+
+##
+## url handling modules (rewrite, redirect)
+##
+#url.rewrite = ( "^/$" => "/server-status" )
+#url.redirect = ( "^/wishlist/(.+)" => "http://www.example.com/$1" )
+
+##
+## both rewrite/redirect support back reference to regex conditional using %n
+##
+#$HTTP["host"] =~ "^www\.(.*)" {
+# url.redirect = ( "^/(.*)" => "http://%1/$1" )
+#}
+
+##
+## which extensions should not be handle via static-file transfer
+##
+## .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+##
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".scgi" )
+
+##
+## error-handler for status 404
+##
+#server.error-handler-404 = "/error-handler.html"
+#server.error-handler-404 = "/error-handler.php"
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+##
+#server.errorfile-prefix = "/srv/www/htdocs/errors/status-"
+
+##
+## mimetype mapping
+##
+include "../../etc/lighttpd/conf.d/mime.conf"
+
+##
+## directory listing configuration
+##
+include "../../etc/lighttpd/conf.d/dirlisting.conf"
+
+##
+## Should lighttpd follow symlinks?
+##
+server.follow-symlink = "enable"
+
+##
+## force all filenames to be lowercase?
+##
+#server.force-lowercase-filenames = "disable"
+
+##
+## defaults to /var/tmp as we assume it is a local harddisk
+##
+server.upload-dirs = ( "/var/tmp" )
+
+##
+#######################################################################
+
+
+#######################################################################
+##
+## SSL Support
+## -------------
+##
+## To enable SSL for the whole server you have to provide a valid
+## certificate and have to enable the SSL engine.::
+##
+## ssl.engine = "enable"
+## ssl.pemfile = "/path/to/server.pem"
+##
+## The HTTPS protocol does not allow you to use name-based virtual
+## hosting with SSL. If you want to run multiple SSL servers with
+## one lighttpd instance you must use IP-based virtual hosting: ::
+##
+## $SERVER["socket"] == "10.0.0.1:443" {
+## ssl.engine = "enable"
+## ssl.pemfile = "/etc/ssl/private/www.example.com.pem"
+## server.name = "www.example.com"
+##
+## server.document-root = "/srv/www/vhosts/example.com/www/"
+## }
+##
+
+## If you have a .crt and a .key file, cat them together into a
+## single PEM file:
+## $ cat /etc/ssl/private/lighttpd.key /etc/ssl/certs/lighttpd.crt \
+## > /etc/ssl/private/lighttpd.pem
+##
+#ssl.pemfile = "/etc/ssl/private/lighttpd.pem"
+
+##
+## optionally pass the CA certificate here.
+##
+##
+#ssl.ca-file = ""
+
+##
+#######################################################################
+
+#######################################################################
+##
+## custom includes like vhosts.
+##
+#include "/etc/lighttpd/conf.d/config.conf"
+include_shell "cat /etc/yastws/vhosts.d/*.conf"
+##
+#######################################################################
diff --git a/webservice/package/modules.conf b/webservice/package/modules.conf
new file mode 100644
index 0000000..58a2718
--- /dev/null
+++ b/webservice/package/modules.conf
@@ -0,0 +1,172 @@
+#######################################################################
+##
+## Modules to load
+## -----------------
+##
+## at least mod_access and mod_accesslog should be loaded
+## all other module should only be loaded if really neccesary
+##
+## - saves some time
+## - saves memory
+##
+## the default module set contains:
+##
+## "mod_indexfile", "mod_dirlisting", "mod_staticfile"
+##
+## you dont have to include those modules in your list
+##
+## Modules, which are pulled in via conf.d/*.conf
+##
+## NOTE: the order of modules is important.
+##
+## - mod_accesslog -> conf.d/access_log.conf
+## - mod_compress -> conf.d/compress.conf
+## - mod_status -> conf.d/status.conf
+## - mod_webdav -> conf.d/webdav.conf
+## - mod_cml -> conf.d/cml.conf
+## - mod_evhost -> conf.d/evhost.conf
+## - mod_simple_vhost -> conf.d/simple_vhost.conf
+## - mod_mysql_vhost -> conf.d/mysql_vhost.conf
+## - mod_trigger_b4_dl -> conf.d/trigger_b4_dl.conf
+## - mod_userdir -> conf.d/userdir.conf
+## - mod_rrdtool -> conf.d/rrdtool.conf
+## - mod_ssi -> conf.d/ssi.conf
+## - mod_cgi -> conf.d/cgi.conf
+## - mod_scgi -> conf.d/scgi.conf
+## - mod_fastcgi -> conf.d/fastcgi.conf
+## - mod_proxy -> conf.d/proxy.conf
+## - mod_secdownload -> conf.d/secdownload.conf
+## - mod_expire -> conf.d/expire.conf
+##
+
+server.modules = (
+ "mod_access",
+# "mod_alias",
+# "mod_auth",
+# "mod_evasive",
+# "mod_redirect",
+ "mod_rewrite",
+# "mod_setenv",
+# "mod_usertrack",
+)
+
+##
+#######################################################################
+
+#######################################################################
+##
+## Config for various Modules
+##
+
+##
+## mod_ssi
+##
+#include "/etc/lighttpd/conf.d/ssi.conf"
+
+##
+## mod_status
+##
+#include "/etc/lighttpd/conf.d/status.conf"
+
+##
+## mod_webdav
+##
+#include "/etc/lighttpd/conf.d/webdav.conf"
+
+##
+## mod_compress
+##
+#include "/etc/lighttpd/conf.d/compress.conf"
+
+##
+## mod_userdir
+##
+#include "/etc/lighttpd/conf.d/userdir.conf"
+
+##
+## mod_magnet
+##
+include "../../etc/lighttpd/conf.d/magnet.conf"
+
+##
+## mod_cml
+##
+#include "/etc/lighttpd/conf.d/cml.conf"
+
+##
+## mod_rrdtool
+##
+#include "/etc/lighttpd/conf.d/rrdtool.conf"
+
+##
+## mod_proxy
+##
+#include "/etc/lighttpd/conf.d/proxy.conf"
+
+##
+## mod_expire
+##
+#include "/etc/lighttpd/conf.d/expire.conf"
+
+##
+## mod_secdownload
+##
+#include "/etc/lighttpd/conf.d/secdownload.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## CGI modules
+##
+
+##
+## SCGI (mod_scgi)
+##
+#include "/etc/lighttpd/conf.d/scgi.conf"
+
+##
+## FastCGI (mod_fastcgi)
+##
+include "../../etc/lighttpd/conf.d/fastcgi.conf"
+
+##
+## plain old CGI (mod_cgi)
+##
+#include "/etc/lighttpd/conf.d/cgi.conf"
+
+##
+#######################################################################
+
+#######################################################################
+##
+## VHost Modules
+##
+## Only load ONE of them!
+## ========================
+##
+
+##
+## You can use conditionals for vhosts aswell.
+##
+## see http://www.lighttpd.net/documentation/configuration.html
+##
+
+##
+## mod_evhost
+##
+#include "/etc/lighttpd/conf.d/evhost.conf"
+
+##
+## mod_simple_vhost
+##
+#include "/etc/lighttpd/conf.d/simple_vhost.conf"
+
+##
+## mod_mysql_vhost
+##
+#include "/etc/lighttpd/conf.d/mysql_vhost.conf"
+
+##
+#######################################################################
diff --git a/webservice/package/org.opensuse.yast.permissions.policy b/webservice/package/org.opensuse.yast.permissions.policy
new file mode 100644
index 0000000..98d4b6d
--- /dev/null
+++ b/webservice/package/org.opensuse.yast.permissions.policy
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE policyconfig PUBLIC
+ "-//freedesktop//DTD PolicyKit Policy Configuration 1.0//EN"
+ "http://www.freedesktop.org/standards/PolicyKit/1.0/policyconfig.dtd">
+<policyconfig>
+
+ <vendor>YaST Webservice Project</vendor>
+ http://en.opensuse.org/YAST
+
+<!--
+Rights for setting/getting user permissions
+-->
+
+ <action id="org.opensuse.yast.permissions.read">
+ <description>Reading user permissions</description>
+ <message>Authentication is required to read user permissions</message>
+ <defaults>
+ no
+ no
+ </defaults>
+ </action>
+ <action id="org.opensuse.yast.permissions.write">
+ <description>Setting user permissions</description>
+ <message>Authentication is required to set user permissions</message>
+ <defaults>
+ no
+ no
+ </defaults>
+ </action>
+
+</policyconfig>
\ No newline at end of file
diff --git a/webservice/package/policyKit-rights.rb b/webservice/package/policyKit-rights.rb
new file mode 100644
index 0000000..e3e780d
--- /dev/null
+++ b/webservice/package/policyKit-rights.rb
@@ -0,0 +1,97 @@
+#!/usr/bin/ruby
+#
+# policyKit-rights.rb
+#
+# show, grant and revoke policies for YaST webservice
+#
+# run: ruby policyKit-rights.rb
+#
+#
+require 'fileutils'
+require 'getoptlong'
+
+$debug = 0
+
+def usage why
+ STDERR.puts why
+ STDERR.puts "Usage: policyKit-rights.rb --user <user> --action (show|grant|revoke)"
+ STDERR.puts "NOTE: This program should be run by user root"
+ STDERR.puts ""
+ STDERR.puts "This call grant/revoke ALL permissions for the YaST Webservice."
+ STDERR.puts "In order to grant/revoke single rights use:"
+ STDERR.puts "polkit-auth --user <user> (--grant|-revoke) <policyname>"
+ STDERR.puts ""
+ STDERR.puts "In order to show all possible permissions use:"
+ STDERR.puts "polkit-action"
+ exit 1
+end
+
+options = GetoptLong.new(
+ [ "--user", GetoptLong::REQUIRED_ARGUMENT ],
+ [ "--action", GetoptLong::REQUIRED_ARGUMENT ]
+)
+
+user = nil
+action = nil
+
+
+begin
+options.each do |opt, arg|
+ case opt
+ when "--user": user = arg
+ when "--action": action = arg
+ when "--debug": $debug += 1
+ else
+ STDERR.puts "Ignoring unrecognized option #{opt}"
+ end
+end
+rescue
+end
+
+$debug = nil if $debug == 0
+
+usage "excessive arguments" unless ARGV.empty?
+usage "--user parameter missing" unless user
+usage "--action parameter (show|grant|revoke) missing" unless action
+
+begin
+ SuseString = "org.opensuse.yast"
+ if action == "grant"
+ IO.popen( "polkit-action", 'r+' ) do |pipe|
+ loop do
+ break if pipe.eof?
+ l = pipe.read
+ policies = l.split("\n")
+ policies.each do |policy|
+ if policy.include? SuseString and not policy.include? ".scr"
+ STDOUT.puts "granting: #{policy}"
+ command = "polkit-auth --user " + user + " --grant " + policy
+ system (command)
+ end
+ end
+ end
+ end
+ else
+ command = "polkit-auth --user " + user + " --explicit"
+ IO.popen( command, 'r+' ) do |pipe|
+ loop do
+ break if pipe.eof?
+ l = pipe.read
+ case action
+ when "show"
+ STDOUT.puts l
+ when "revoke"
+ policies = l.split("\n")
+ policies.each do |policy|
+ if policy.include? SuseString and not policy.include? ".scr"
+ STDOUT.puts "revoking: #{policy}"
+ command = "polkit-auth --user " + user + " --revoke " + policy
+ system (command)
+ end
+ end
+ end
+ end
+ end
+ end
+end
+
diff --git a/webservice/package/rails.include b/webservice/package/rails.include
new file mode 100644
index 0000000..76c35e5
--- /dev/null
+++ b/webservice/package/rails.include
@@ -0,0 +1,35 @@
+#
+# usage:
+# $HTTP["host"] == "someapp.opensuse.org" {
+# rails_app = "someapp"
+# rails_root = "/srv/www/opensuse/someapp"
+# rails_procs = 4
+# # production/development are typical values here
+# rails_mode = "production"
+# include "vhosts.d/rails.inc"
+# }
+
+ #
+ # quick fix for security bug in rails 1.1
+ #
+ url.rewrite-once = ( "^/(app|components|config|db|doc|lib|log|public|script|test|tmp|vendor)/" => "/index.html" )
+ url.rewrite += ("^/apidocs(/|)$" => "/apidocs/html/index.html")
+ magnet.attract-physical-path-to = ( conf_dir + "/cleanurl-v5.lua" )
+ accesslog.filename = log_root + "/obs-" + rails_app + "-access.log"
+ rails_tmp = rails_root + "/tmp"
+
+ server.document-root = rails_root + "/public"
+ fastcgi.server = ( ".fcgi" =>
+ ( rails_app =>
+ ( "socket" => rails_tmp + "/sockets/fcgi.socket",
+ "bin-path" => server.document-root + "/dispatch.fcgi",
+ "bin-environment" => (
+ "RAILS_ENV" => rails_mode,
+ "TMP" => rails_tmp
+ ),
+ "max-procs" => rails_procs,
+ "idle-timeout" => 3600,
+ )
+ )
+ )
+
diff --git a/webservice/package/yast.conf b/webservice/package/yast.conf
new file mode 100644
index 0000000..fc29f02
--- /dev/null
+++ b/webservice/package/yast.conf
@@ -0,0 +1,10 @@
+$HTTP["host"] =~ "." {
+ rails_app = "yast"
+ rails_root = "/srv/www/yastws"
+ rails_procs = 1
+ # production/development are typical values here
+ rails_mode = "development"
+ log_root = "/srv/www/yastws/log"
+
+ include "vhosts.d/rails.inc"
+}
diff --git a/webservice/package/yast2-webservice.changes b/webservice/package/yast2-webservice.changes
new file mode 100644
index 0000000..fdd5ed6
--- /dev/null
+++ b/webservice/package/yast2-webservice.changes
@@ -0,0 +1,31 @@
+-------------------------------------------------------------------
+Fri May 15 15:14:45 CEST 2009 - schubi@suse.de
+
+- new interface definitions
+- Testcase mechanism
+- plugin machanism
+- reset version to 0.0.1
+
+-------------------------------------------------------------------
+Tue Mar 31 13:11:49 CEST 2009 - schubi@suse.de
+
+- remove not needed activeRecords like user, patches,...
+- version 1.0.1-1
+
+-------------------------------------------------------------------
+Thu Jan 29 18:09:45 CET 2009 - schubi@suse.de
+
+- removed old layout stuff, bugfixes, update doc
+- version 1.0.0-2
+
+-------------------------------------------------------------------
+Wed Oct 22 17:04:50 CEST 2008 - schubi@suse.de
+
+- added policies
+- some API changes
+
+-------------------------------------------------------------------
+Tue Sep 9 13:43:29 CEST 2008 - schubi@suse.de
+
+- initial
+
diff --git a/webservice/package/yast2-webservice.spec b/webservice/package/yast2-webservice.spec
new file mode 100644
index 0000000..79b7481
--- /dev/null
+++ b/webservice/package/yast2-webservice.spec
@@ -0,0 +1,198 @@
+#
+# spec file for package yast2-webservice (Version 0.1)
+#
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# This file and all modifications and additions to the pristine
+# package are under the same license as the package itself.
+#
+# Please submit bugfixes or comments via http://bugs.opensuse.org/
+#
+
+
+Name: yast2-webservice
+Requires: yast2-core >= 2.18.3, lighttpd-mod_magnet, ruby-fcgi, ruby-dbus, sqlite, avahi-utils
+Conflicts: gamin
+PreReq: lighttpd, PolicyKit, PackageKit, rubygem-rake, rubygem-sqlite3, rubygem-rails-2_3, ruby-rpam, ruby-polkit
+License: MIT
+Group: Productivity/Networking/Web/Utilities
+Autoreqprov: on
+Version: 0.0.1
+Release: 0
+Summary: YaST2 - Webservice
+Source: www.tar.bz2
+Source1: yast.conf
+Source2: rails.include
+Source3: cleanurl-v5.lua
+Source4: org.opensuse.yast.permissions.policy
+Source5: policyKit-rights.rb
+Source6: yast_user_roles
+Source7: lighttpd.conf
+Source8: modules.conf
+Source9: yastws
+BuildRoot: %{_tmppath}/%{name}-%{version}-build
+BuildRequires: ruby-devel, pkg-config, rubygem-relevance-rcov, rubygem-mocha
+# if we run the tests during build, we need most of Requires here too,
+# except for deployment specific stuff
+BuildRequires: yast2-core, ruby-dbus, sqlite, avahi-utils dbus-1
+BuildRequires: PolicyKit, PackageKit, rubygem-rake, rubygem-sqlite3, rubygem-rails-2_3, ruby-rpam, ruby-polkit
+BuildArch: noarch
+
+#
+%define pkg_user yastws
+%define pkg_home /var/lib/%{pkg_user}
+#
+
+
+%description
+YaST2 - Webservice - REST based interface of YaST.
+Authors:
+--------
+ Duncan Mac-Vicar Prett
+ Klaus Kaempf
+ Bjoern Geuken
+ Stefan Schubert
+
+%prep
+%setup -q -n www
+
+%build
+
+%install
+
+#
+# Install all web and frontend parts.
+#
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/
+cp -a * $RPM_BUILD_ROOT/srv/www/%{pkg_user}/
+rm $RPM_BUILD_ROOT/srv/www/%{pkg_user}/log/*
+
+%{__install} -d -m 0755 \
+ %{buildroot}%{pkg_home}/sockets/ \
+ %{buildroot}%{pkg_home}/cache/ \
+ %{buildroot}%{_sbindir} \
+ %{buildroot}%{_var}/log/%{pkg_user}
+#
+# init script
+#
+%{__install} -D -m 0755 %SOURCE9 \
+ %{buildroot}%{_sysconfdir}/init.d/%{pkg_user}
+%{__ln_s} -f %{_sysconfdir}/init.d/%{pkg_user} %{buildroot}%{_sbindir}/rc%{pkg_user}
+#
+
+# configure lighttpd web service
+mkdir -p $RPM_BUILD_ROOT/etc/yastws/vhosts.d/
+install -m 0644 %SOURCE1 $RPM_BUILD_ROOT/etc/yastws/vhosts.d/
+install -m 0644 %SOURCE2 $RPM_BUILD_ROOT/etc/yastws/vhosts.d/rails.inc
+install -m 0644 %SOURCE3 $RPM_BUILD_ROOT/etc/yastws/
+install -m 0644 %SOURCE7 $RPM_BUILD_ROOT/etc/yastws/
+install -m 0644 %SOURCE8 $RPM_BUILD_ROOT/etc/yastws/
+
+# Policies
+mkdir -p $RPM_BUILD_ROOT/usr/share/PolicyKit/policy
+install -m 0644 %SOURCE4 $RPM_BUILD_ROOT/usr/share/PolicyKit/policy/
+mkdir -p $RPM_BUILD_ROOT/etc/yastws/tools
+install -m 0644 %SOURCE5 $RPM_BUILD_ROOT/etc/yastws/tools
+install -m 0644 %SOURCE6 $RPM_BUILD_ROOT/etc/
+
+# create empty tmp directory
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/cache
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/pids
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/sessions
+mkdir -p $RPM_BUILD_ROOT/srv/www/%{pkg_user}/tmp/sockets
+
+
+%clean
+rm -rf $RPM_BUILD_ROOT
+
+%pre
+#
+# e.g. adding user
+#
+/usr/sbin/groupadd -r %{pkg_user} &>/dev/null ||:
+/usr/sbin/useradd -g %{pkg_user} -s /bin/false -r -c "User for YaST-Webservice" -d %{pkg_home} %{pkg_user} &>/dev/null ||:
+
+%post
+#installing lighttpd server
+test -r /usr/sbin/yastws || { echo "Creating link /usr/sbin/yastws";
+ ln -s /usr/sbin/lighttpd /usr/sbin/yastws; }
+%fillup_and_insserv %{pkg_user}
+#
+#granting permissions for yastws
+#
+/usr/bin/polkit-auth --user yastws --grant org.freedesktop.packagekit.system-update >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.freedesktop.policykit.read >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.read >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.write >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.execute >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.dir >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.registeragent >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unregisteragent >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unmountagent >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.error >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.unregisterallagents >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.scr.registernewagents >& /dev/null || :
+/usr/bin/polkit-auth --user yastws --grant org.opensuse.yast.module-manager.import >& /dev/null || :
+#
+# granting all permissions for root
+#
+/etc/yastws/tools/policyKit-rights.rb --user root --action grant >& /dev/null || :
+#
+# create database
+#
+cd srv/www/%{pkg_user}
+chown yastws: db db/*.sqlite* db/schema.rb
+# it writes to the log, don't leave it to root
+su %{pkg_user} -s /bin/sh -c "rake db:migrate"
+
+%preun
+%stop_on_removal %{pkg_user}
+
+%postun
+%restart_on_update %{pkg_user}
+%{insserv_cleanup}
+#remove link
+if test -r /usr/sbin/yastws ; then
+ echo "/usr/sbin/yastws already removed"
+else
+ echo "Removing link /usr/sbin/yastws";
+ rm /usr/sbin/yastws
+fi
+
+%files
+%defattr(-,root,root)
+%dir /etc/yastws
+%dir /srv/www/yastws
+%dir /etc/yastws/tools
+%dir /etc/yastws/vhosts.d
+%dir /usr/share/PolicyKit
+%dir /usr/share/PolicyKit/policy
+%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}
+%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}/sockets
+%attr(-,%{pkg_user},%{pkg_user}) %dir %{pkg_home}/cache
+%attr(-,%{pkg_user},%{pkg_user}) %dir %{_var}/log/%{pkg_user}
+
+/srv/www/yastws/app
+/srv/www/yastws/db
+/srv/www/yastws/doc
+/srv/www/yastws/lib
+/srv/www/yastws/public
+/srv/www/yastws/Rakefile
+/srv/www/yastws/script
+/srv/www/yastws/test
+/srv/www/yastws/config
+/srv/www/yastws/vendor
+%attr(755,root,root) %config /etc/yastws/tools/policyKit-rights.rb
+%attr(755,root,root) /srv/www/yastws/start.sh
+%doc /srv/www/yastws/README
+%attr(-,%{pkg_user},%{pkg_user}) /srv/www/yastws/log
+%attr(-,%{pkg_user},%{pkg_user}) /srv/www/yastws/tmp
+%config(noreplace) /etc/yastws/vhosts.d/yast.conf
+%config(noreplace) /etc/yastws/lighttpd.conf
+%config /etc/yastws/vhosts.d/rails.inc
+%config /etc/yastws/cleanurl-v5.lua
+%config /etc/yastws/modules.conf
+%config /usr/share/PolicyKit/policy/org.opensuse.yast.permissions.policy
+%config(noreplace) /etc/yast_user_roles
+%config(noreplace) %{_sysconfdir}/init.d/%{pkg_user}
+%{_sbindir}/rc%{pkg_user}
diff --git a/webservice/package/yast_user_roles b/webservice/package/yast_user_roles
new file mode 100644
index 0000000..c3f16aa
--- /dev/null
+++ b/webservice/package/yast_user_roles
@@ -0,0 +1,11 @@
+#
+# file : /etc/yast_user_roles
+#
+# This file describes roles of a user accounts for the YaST Webservice
+# "user accounts": System account which is accessable e.g. via PAM.
+# "roles" : Describes user accounts for which policies have
+# been generated
+#
+# Format: <user> ,,...<role n>
+#
+root schubi
diff --git a/webservice/package/yastws b/webservice/package/yastws
new file mode 100755
index 0000000..37ea612
--- /dev/null
+++ b/webservice/package/yastws
@@ -0,0 +1,348 @@
+#! /bin/sh
+# Copyright (c) 1995-2009 SUSE Linux AG, Nuernberg, Germany.
+# All rights reserved.
+#
+# Author: Kurt Garloff, Stefan Schubert
+# Please send feedback to http://www.suse.de/feedback/
+#
+# /etc/init.d/yastws
+# and its symbolic link
+# /(usr/)sbin/rcyastws
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+#
+# Template system startup script for some example service/daemon yastws
+#
+# LSB compatible service control script; see http://www.linuxbase.org/spec/
+#
+# Note: This template uses functions rc_XXX defined in /etc/rc.status on
+# UnitedLinux (UL) based Linux distributions. If you want to base your
+# script on this template and ensure that it works on non UL based LSB
+# compliant Linux distributions, you either have to provide the rc.status
+# functions from UL or change the script to work without them.
+#
+### BEGIN INIT INFO
+# Provides: yastws
+# Required-Start: $syslog $remote_fs
+# Should-Start: $time ypbind sendmail yastwc
+# Required-Stop: $syslog $remote_fs
+# Should-Stop: $time ypbind sendmail yastwc
+# Default-Start: 3 5
+# Default-Stop: 0 1 2 6
+# Short-Description: yastws
+# Description: Start yastws
+### END INIT INFO
+#
+# Any extensions to the keywords given above should be preceeded by
+# X-VendorTag- (X-UnitedLinux- X-SuSE- for us) according to LSB.
+#
+# Notes on Required-Start/Should-Start:
+# * There are two different issues that are solved by Required-Start
+# and Should-Start
+# (a) Hard dependencies: This is used by the runlevel editor to determine
+# which services absolutely need to be started to make the start of
+# this service make sense. Example: nfsserver should have
+# Required-Start: $portmap
+# Also, required services are started before the dependent ones.
+# The runlevel editor will warn about such missing hard dependencies
+# and suggest enabling. During system startup, you may expect an error,
+# if the dependency is not fulfilled.
+# (b) Specifying the init script ordering, not real (hard) dependencies.
+# This is needed by insserv to determine which service should be
+# started first (and at a later stage what services can be started
+# in parallel). The tag Should-Start: is used for this.
+# It tells, that if a service is available, it should be started
+# before. If not, never mind.
+# * When specifying hard dependencies or ordering requirements, you can
+# use names of services (contents of their Provides: section)
+# or pseudo names starting with a $. The following ones are available
+# according to LSB (1.1):
+# $local_fs all local file systems are mounted
+# (most services should need this!)
+# $remote_fs all remote file systems are mounted
+# (note that /usr may be remote, so
+# many services should Require this!)
+# $syslog system logging facility up
+# $network low level networking (eth card, ...)
+# $named hostname resolution available
+# $netdaemons all network daemons are running
+# The $netdaemons pseudo service has been removed in LSB 1.2.
+# For now, we still offer it for backward compatibility.
+# These are new (LSB 1.2):
+# $time the system time has been set correctly
+# $portmap SunRPC portmapping service available
+# UnitedLinux extensions:
+# $ALL indicates that a script should be inserted
+# at the end
+# * The services specified in the stop tags
+# (Required-Stop/Should-Stop)
+# specify which services need to be still running when this service
+# is shut down. Often the entries there are just copies or a subset
+# from the respective start tag.
+# * Should-Start/Stop are now part of LSB as of 2.0,
+# formerly SUSE/Unitedlinux used X-UnitedLinux-Should-Start/-Stop.
+# insserv does support both variants.
+# * X-UnitedLinux-Default-Enabled: yes/no is used at installation time
+# (%fillup_and_insserv macro in %post of many RPMs) to specify whether
+# a startup script should default to be enabled after installation.
+# It's not used by insserv.
+#
+# Note on runlevels:
+# 0 - halt/poweroff 6 - reboot
+# 1 - single user 2 - multiuser without network exported
+# 3 - multiuser w/ network (text mode) 5 - multiuser w/ network and X11 (xdm)
+#
+# Note on script names:
+# http://www.linuxbase.org/spec/refspecs/LSB_1.3.0/gLSB/gLSB/scrptnames.html
+# A registry has been set up to manage the init script namespace.
+# http://www.lanana.org/
+# Please use the names already registered or register one or use a
+# vendor prefix.
+
+
+# Check for missing binaries (stale symlinks should not happen)
+# Note: Special treatment of stop for LSB conformance
+LIGHTTPD_BIN=/usr/sbin/yastws
+test -x $LIGHTTPD_BIN || { echo "$LIGHTTPD_BIN not installed";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 5; fi; }
+
+# Check for existence of needed config file and read it
+LIGHTTPD_CONFIG=/etc/yastws/lighttpd.conf
+test -r $LIGHTTPD_CONFIG || { echo "$LIGHTTPD_CONFIG not existing";
+ if [ "$1" = "stop" ]; then exit 0;
+ else exit 6; fi; }
+
+#
+# Activate/Deactivate AVAHI
+#
+DOMAIN="$(domainname)"
+if [ "$DOMAIN" = "" ]; then
+ HOSTNAME="$(hostname)"
+else
+ HOSTNAME="$(hostname).$DOMAIN"
+fi
+
+function avahi_stop () {
+ RUNNING=$(ps ux | grep avahi-publish-service | grep yastws | grep $HOSTNAME >/dev/null)
+ if [ $? = 0 ]; then
+ kill $(ps ux | grep avahi-publish-service | grep yastws | grep $HOSTNAME | awk '" " { print $2 }') >/dev/null
+ fi
+}
+function avahi_announce () {
+ PORT="$(netstat -npl|grep yastws| grep tcp| awk '{print $4}'| awk -F : '{print $NF}')"
+ HTTPS="$(grep -v '#' /etc/yastws/lighttpd.conf|grep ssl.engine|grep enable )"
+ PROTOCOL="https"
+ if [ "$HTTPS" = "" ]; then
+ PROTOCOL="http"
+ fi
+ RUNNING=$(netstat -ap|grep yastws|grep localhost >/dev/null)
+ if [ $? = 1 ]; then
+ if [ -x /usr/bin/avahi-publish-service ]; then
+ if [ -f /var/run/avahi-daemon/pid ]; then
+ avahi-publish-service "YaST Webservice $PROTOCOL://$HOSTNAME:$PORT" _yastws._tcp $PORT >/dev/null 2>/dev/null &
+ fi
+ fi
+ fi
+}
+
+
+PID_FILE=/var/run/yastws.pid
+IGNORE_FILE=/var/run/yastwc.pid
+
+#only for beeing sure....
+if ps -C yastwc >/dev/null; then
+ ps -C yastwc|grep yastwc|cut -c -6 >$IGNORE_FILE
+ IGNORE_FILE_SIZE="$(stat -c "%s" $IGNORE_FILE)"
+ IGNORE_FILE_ENTRIES="$(wc -l $IGNORE_FILE|cut -c -1)"
+ if [ $IGNORE_FILE_SIZE -eq 0 ]; then
+ echo "$IGNORE_FILE has no entry --> removing"
+ rm $IGNORE_FILE
+ fi
+else
+ if test -s $IGNORE_FILE ; then
+ rm $IGNORE_FILE
+ fi
+fi
+if ps -C yastws >/dev/null; then
+ ps -C yastws|grep yastws|cut -c -6 >$PID_FILE
+ PID_FILE_SIZE="$(stat -c "%s" $PID_FILE)"
+ PID_FILE_ENTRIES="$(wc -l $PID_FILE|cut -c -1)"
+ if [ $PID_FILE_SIZE -eq 0 ]; then
+ echo "$PID_FILE has no entry --> removing"
+ rm $PID_FILE
+ fi
+else
+ if test -s $PID_FILE ; then
+ rm $PID_FILE
+ fi
+fi
+
+
+# Source LSB init functions
+# providing start_daemon, killproc, pidofproc,
+# log_success_msg, log_failure_msg and log_warning_msg.
+# This is currently not used by UnitedLinux based distributions and
+# not needed for init scripts for UnitedLinux only. If it is used,
+# the functions from rc.status should not be sourced or used.
+#. /lib/lsb/init-functions
+
+# Shell functions sourced from /etc/rc.status:
+# rc_check check and set local and overall rc status
+# rc_status check and set local and overall rc status
+# rc_status -v be verbose in local rc status and clear it afterwards
+# rc_status -v -r ditto and clear both the local and overall rc status
+# rc_status -s display "skipped" and exit with status 3
+# rc_status -u display "unused" and exit with status 3
+# rc_failed set local and overall rc status to failed
+# rc_failed <num> set local and overall rc status to <num>
+# rc_reset clear both the local and overall rc status
+# rc_exit exit appropriate to overall rc status
+# rc_active checks whether a service is activated by symlinks
+. /etc/rc.status
+
+# Reset status of this service
+rc_reset
+
+# Return values acc. to LSB for all commands but status:
+# 0 - success
+# 1 - generic or unspecified error
+# 2 - invalid or excess argument(s)
+# 3 - unimplemented feature (e.g. "reload")
+# 4 - user had insufficient privileges
+# 5 - program is not installed
+# 6 - program is not configured
+# 7 - program is not running
+# 8--199 - reserved (8--99 LSB, 100--149 distrib, 150--199 appl)
+#
+# Note that starting an already running service, stopping
+# or restarting a not-running service as well as the restart
+# with force-reload (in case signaling is not supported) are
+# considered a success.
+
+case "$1" in
+ start)
+ if test -s $PID_FILE ; then
+ #already running
+ echo ""
+ else
+ ## Start daemon with startproc(8). If this fails
+ ## the return value is set appropriately by startproc.
+ if test -s $IGNORE_FILE ; then
+ startproc -i $IGNORE_FILE $LIGHTTPD_BIN -f $LIGHTTPD_CONFIG
+ else
+ startproc $LIGHTTPD_BIN -f $LIGHTTPD_CONFIG
+ fi
+ # Remember status and be verbose
+ rc_status -v
+
+ # Make it public if it is needed (AVAHI)
+ avahi_announce
+ fi
+ ;;
+ stop)
+ echo -n "Shutting down yastws "
+ ## Stop daemon with killproc(8) and if this fails
+ ## killproc sets the return value according to LSB.
+ killproc -TERM -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
+
+ # Remember status and be verbose
+ rc_status -v
+
+ # Kill /usr/lib/YaST2/bin/SCR_dbus_server cause it is not needed anymore
+ killproc /usr/lib/YaST2/bin/SCR_dbus_server
+
+ #Stopping AVAHI
+ avahi_stop
+ ;;
+ try-restart|condrestart)
+ ## Do a restart only if the service was active before.
+ ## Note: try-restart is now part of LSB (as of 1.9).
+ ## RH has a similar command named condrestart.
+ if test "$1" = "condrestart"; then
+ echo "${attn} Use try-restart ${done}(LSB)${attn} rather than condrestart ${warn}(RH)${norm}"
+ fi
+ $0 status
+ if test $? = 0; then
+ $0 restart
+ else
+ rc_reset # Not running is not a failure.
+ fi
+ # Remember status and be quiet
+ rc_status
+ ;;
+ restart)
+ ## Stop the service and regardless of whether it was
+ ## running or not, start it again.
+ $0 stop
+ $0 start
+
+ # Remember status and be quiet
+ rc_status
+ ;;
+ force-reload)
+ ## Signal the daemon to reload its config. Most daemons
+ ## do this on signal 1 (SIGHUP).
+ ## If it does not support it, restart.
+
+ echo -n "Reload service yastws "
+ ## if it supports it:
+ killproc -HUP -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
+ #touch /var/run/lighttpd.pid
+ rc_status -v
+
+ ## Otherwise:
+ #$0 try-restart
+ #rc_status
+ ;;
+ reload)
+ ## Like force-reload, but if daemon does not support
+ ## signaling, do nothing (!)
+
+ # If it supports signaling:
+ echo -n "Reload service yastws "
+ killproc -HUP -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
+ #touch /var/run/lighttpd.pid
+ rc_status -v
+
+ ## Otherwise if it does not support reload:
+ #rc_failed 3
+ #rc_status -v
+ ;;
+ status)
+ echo -n "Checking for service yastws "
+ ## Check status with checkproc(8), if process is running
+ ## checkproc will return with exit status 0.
+
+ # Return value is slightly different for the status command:
+ # 0 - service up and running
+ # 1 - service dead, but /var/run/ pid file exists
+ # 2 - service dead, but /var/lock/ lock file exists
+ # 3 - service not running (unused)
+ # 4 - service status unknown :-(
+ # 5--199 reserved (5--99 LSB, 100--149 distro, 150--199 appl.)
+
+ # NOTE: checkproc returns LSB compliant status values.
+ checkproc -p $PID_FILE -i $IGNORE_FILE $LIGHTTPD_BIN
+ # NOTE: rc_status knows that we called this init script with
+ # "status" option and adapts its messages accordingly.
+ rc_status -v
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}"
+ exit 1
+ ;;
+esac
+rc_exit
--
To unsubscribe, e-mail: yast-commit+unsubscribe@opensuse.org
For additional commands, e-mail: yast-commit+help@opensuse.org