# HG changeset patch
# User Heiko Schlittermann (JUMPER) <hs@schlittermann.de>
# Date 1314918805 -7200
# Node ID 1267d8034336d8de8f05b8a5dc668d8263002b9b
# Parent  3572ec238dc133b4e9e18379b76447c864915d5c
apache and certs

diff -r 3572ec238dc1 -r 1267d8034336 debian/MISC/apache/littlebird-tc
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/MISC/apache/littlebird-tc	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,63 @@
+# Note: all lines following a # debconf line are managed
+# by debconf. If you want to take control, just remove the
+# # debconf line.
+
+<VirtualHost *:80>
+    # debconf: ServerAdmin {{serveradmin}}
+    ServerAdmin webmaster@example.com
+    # debconf: ServerName {{servername}}
+    ServerName www.example.com
+    # debconf: Redirect permanent / https://{{servername}}/
+    Redirect permanent / https://www.example.com/
+</VirtualHost>
+
+<IfModule mod_ssl.c>
+    <VirtualHost _default_:443>
+
+        # debconf: ServerAdmin {{serveradmin}}
+        ServerAdmin webmaster@example.com
+        # debconf: ServerName {{servername}}
+        ServerName www.example.com
+
+        DocumentRoot /srv/www/littlebird/TrustCenter/public
+        <Directory /srv/www/littlebird/TrustCenter/public>
+            RewriteEngine On
+            RewriteCond %{REQUEST_FILENAME} -s [OR]
+            RewriteCond %{REQUEST_FILENAME} -l [OR]
+            RewriteCond %{REQUEST_FILENAME} -d
+            RewriteRule ^.*$ - [NC,L]
+            RewriteRule ^.*$ index.php [NC,L]
+            AllowOverride All
+            Order allow,deny
+            allow from all
+        </Directory>
+
+        SSLEngine on
+        # debconf: SSLCertificateFile {{crt}}
+        SSLCertificateFile /etc/ssl/certs/www.example.com-crt.pem
+        # debconf: SSLCertificateKeyFile {{key}}
+        SSLCertificateKeyFile /etc/ssl/key/www.example.com-key.pem
+
+        SSLOptions +ExportCertData
+
+        SSLVerifyClient require
+        SSLVerifyDepth 2
+        SSLCACertificateFile /srv/www/littlebird/CA/certs/Trustcenter_CA_LB.pem
+        SSLCADNRequestFile   /srv/www/littlebird/CA/certs/Trustcenter_CA.pem
+        <Location /css>
+            SSLVerifyClient none
+        </Location>
+        <Location /js>
+            SSLVerifyClient none
+        </Location>
+        <Location /images>
+            SSLVerifyClient none
+        </Location>
+
+        LogLevel warn
+        # debconf: ErrorLog ${APACHE_LOG_DIR}/{{servername}}/error.log
+        ErrorLog ${APACHE_LOG_DIR}/www.example.com/error.log
+        # debconf: CustomLog ${APACHE_LOG_DIR}/{{servername}}/access.log combined
+        CustomLog ${APACHE_LOG_DIR}/www.example.com/access.log combined
+    </VirtualHost>
+</IfModule>
diff -r 3572ec238dc1 -r 1267d8034336 debian/MISC/mysql/littlebird-tc-core.cnf
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/MISC/mysql/littlebird-tc-core.cnf	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,2 @@
+[mysql]
+default-character-set = utf8
diff -r 3572ec238dc1 -r 1267d8034336 debian/changelog
--- a/debian/changelog	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/changelog	Fri Sep 02 01:13:25 2011 +0200
@@ -1,3 +1,15 @@
+littlebird (2011072500-29) stable; urgency=low
+
+  * apache config and cert creation work now
+
+ -- Heiko Schlittermann <hs@schlittermann.de>  Fri, 02 Sep 2011 01:12:43 +0200
+
+littlebird (2011072500-18) stable; urgency=low
+
+  * php configuration 
+
+ -- Heiko Schlittermann <hs@schlittermann.de>  Thu, 01 Sep 2011 15:14:03 +0200
+
 littlebird (2011072500-17) stable; urgency=low
 
   * database handling seems to be better than ever before.
diff -r 3572ec238dc1 -r 1267d8034336 debian/control
--- a/debian/control	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/control	Fri Sep 02 01:13:25 2011 +0200
@@ -2,7 +2,7 @@
 Section: unknown
 Priority: extra
 Maintainer: Heiko Schlittermann <hs@schlittermann.de>
-Build-Depends: debhelper (>= 7.0.50~), rsync, bash
+Build-Depends: debhelper (>= 7.0.50~)
 Standards-Version: 3.8.4
 Homepage: <insert the upstream URL, if relevant>
 #Vcs-Git: git://git.debian.org/collab-maint/littlebird.git
@@ -24,7 +24,7 @@
 Architecture: all
 Depends: ${shlibs:Depends}, ${misc:Depends}, littlebird-tc-common (>= ${source:Version}), 
 	littlebird-tc-common (>= ${source:Version}), 
-	zend-server-php-5.3, php-5.3-loader-zend-server, bash
+	zend-server-php-5.3, php-5.3-loader-zend-server, php5-cli
 Recommends: littlebird-tc-sql (>= ${source:Version})
 Provides: littlebird-tc
 Description: littlebird trustcenter core
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-core.config
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/littlebird-tc-core.config	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,23 @@
+#! /bin/sh
+set -e
+. /usr/share/debconf/confmodule
+
+prefix=littlebird-tc
+
+db_input critical $prefix/web/servername || true
+db_go || true
+
+db_get $prefix/web/servername && servername="${RET:-example.com}" || true
+
+domain=`echo $servername | tr . ' ' | fmt -1 | tail -n 2 | fmt -1000 | tr ' ' .`
+serveradmin="webmaster@$domain"
+
+db_set $prefix/web/serveradmin "$serveradmin" || true
+db_set $prefix/web/crt "/etc/ssl/certs/$servername-crt.pem" || true
+db_set $prefix/web/key "/etc/ssl/key/$servername-key.pem" || true
+
+db_input medium $prefix/web/serveradmin || true
+db_input medium $prefix/web/crt || true
+db_input medium $prefix/web/key || true
+
+db_go || true
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-core.install
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/littlebird-tc-core.install	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,3 @@
+LittleBird/encoded/LittleBird-Test/{CA,library,TrustCenter} /srv/www/littlebird
+debian/MISC/mysql/littlebird-tc-core.cnf /etc/mysql/conf.d
+debian/MISC/apache/littlebird-tc /etc/apache2/conf.d
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-core.postinst
--- a/debian/littlebird-tc-core.postinst	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/littlebird-tc-core.postinst	Fri Sep 02 01:13:25 2011 +0200
@@ -3,6 +3,7 @@
 # postinst script for littlebird
 #
 # see: dh_installdeb(1)
+. /usr/share/debconf/confmodule
 
 set -e
 
@@ -26,6 +27,88 @@
     chown -R :www-data "$DIR"
     chmod -R g+w "$DIR"
 
+    # Timezone in /usr/local/zend/etc/php.ini
+    f=/usr/local/zend/etc/php.ini
+    perl -pi -e 's{^;?\s*(date\.timezone\s*=).*$}{$1 "Europe/Berlin"}' $f
+
+    # not sure if this conforms to policy: changing another packages
+    # config files
+    if test -d /etc/php5/cli; then
+	echo "# linking php.ini to zend" >&2
+	( set -e
+	  cd /etc/php5/cli
+	  s=/usr/local/zend/etc/conf.php.ini
+	  if test `readlink -f php.ini` != `readlink -f $s`
+	  then
+	      rm -vf php.ini
+	      ln -vs $s php.ini
+	  fi
+	)
+    fi
+
+    if test -d "/etc/php5/conf.d"; then
+	echo "# linkin other zend inis" >&2
+	( set -e
+	  cd /etc/php5/conf.d
+	  for p in mysqli.ini curl.ini mcrypt.ini gd.ini
+	  do
+	    s=/usr/local/zend/etc/conf.d/$p
+	    if test `readlink -f $p` != `readlink -f $s`
+	    then
+		rm -vf $p
+		ln -vs $s .
+	    fi
+	  done
+	 )
+    fi
+
+
+    # apache configuration
+    db_get littlebird-tc/web/servername && servername="$RET" || true
+    db_get littlebird-tc/web/serveradmin && serveradmin="$RET" || true
+    db_get littlebird-tc/web/crt && crt="$RET" || true
+    db_get littlebird-tc/web/key && key="$RET" || true
+
+    # snakeoil certificate
+    if test "$crt" && test "$key" && ! test -f "$crt" && ! test -f "$key"; then
+	mkdir -p `dirname $crt`
+	mkdir -p `dirname $key`
+	openssl req -new -x509 -days 10 -subj "/O=DEMO/CN=$servername" \
+	    -out "$crt" -keyout "$key" -nodes
+    fi
+
+    # tweak the config file, but just the lines following a magical
+    # debconf line
+    perl - serveradmin="$serveradmin" servername="$servername" \
+	   crt="$crt" key="$key" <<'_'
+	use strict;
+	use warnings;
+	my $mark = '# debconf:';
+	my %o;
+	foreach (@ARGV) { my ($k, $v) = split /=/, $_, 2; $o{$k} = $v; }
+	open(F, "+</etc/apache2/conf.d/littlebird-tc") or die;
+        $_ = join "", <F>;
+	s|^(([ \t]*?)# debconf: (.*?){{(.*?)}}(.*?)\n).*?\n|$1$2$3$o{$4}$5\n|migs;
+	seek(F, 0, 0);
+	print(F $_);
+	truncate(F, tell F);
+	close(F);
+_
+
+    # need log dir(s)
+    ( . /etc/apache2/envvars
+      file=`perl -ne '/^\s*errorlog\s+(\S+)/i&&print "$1\n"' /etc/apache2/conf.d/littlebird-tc`
+      dir=`eval dirname "$file"`
+      mkdir -p "$dir"
+      file=`perl -ne '/^\s*customlog\s+(\S+)/i&&print "$1\n"' /etc/apache2/conf.d/littlebird-tc`
+      dir=`eval dirname "$file"`
+      mkdir -p "$dir"
+    )
+
+
+    invoke-rc.d apache2 reload 1>&1
+    echo >&2
+
     ;;
 
     abort-upgrade|abort-remove|abort-deconfigure)
@@ -40,6 +123,6 @@
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.
 
-#DEBHELPER#
+
 
 exit 0
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-core.templates
--- a/debian/littlebird-tc-core.templates	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/littlebird-tc-core.templates	Fri Sep 02 01:13:25 2011 +0200
@@ -1,3 +1,18 @@
+Template: littlebird-tc-core/TITLE
+Type: title
+Description: The littlebird trust center core package.
+
+Template: littlebird-tc/web/servername
+Type: string
+Description: The hostname we use to connect to the web server.
+ To connect to the web service we need a hostname. Please enter
+ the name of the host, the clients will try to connect to. 
+ The name should match the CN of your SSL certificate.
+
+Template: littlebird-tc/web/serveradmin
+Type: string
+Description: Mail address of the (web) server admin.
+
 Template: littlebird-tc/removal
 Type: note
 Description: The database needs to be cleaned!?
@@ -7,3 +22,15 @@
  Please think about it, if you need to remove ANY traces,
  you should consider dropping the database. Contact your friendly
  database admin for doing it :-)
+
+Template: littlebird-tc/web/crt
+Type: string
+Description: pathname of the SSL certificate file
+ The HTTPS server uses an SSL certificate. Where is or where 
+ will be the certificate file located?
+
+Template: littlebird-tc/web/key
+Type: string
+Description: pathname of the SSL certificate key file
+ The HTTPS server uses an SSL certificate. Where is or where 
+ will be the certificate *KEY* file located?
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-sql.install
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/littlebird-tc-sql.install	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,1 @@
+LittleBird/encoded/LittleBird-Test/Database/. /usr/share/littlebird/tc-sql
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-sql.postinst
--- a/debian/littlebird-tc-sql.postinst	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/littlebird-tc-sql.postinst	Fri Sep 02 01:13:25 2011 +0200
@@ -20,6 +20,8 @@
 
 _mysql() { mysql -h"$host" -u"$adminuser" -p"$adminpass" "$@"; }
 
+tmp=`mktemp`
+trap "rm -f $tmp" EXIT INT QUIT TERM
 
 case "$1" in
     configure)
@@ -33,10 +35,14 @@
 		db_get littlebird-tc/db/name && name="$RET" || true
 
 		# check admin access
-		_mysql -e "" mysql || {
-		    echo "Access to mysql database failed!" >&2
+		if ! _mysql -e "" mysql 2>$tmp; then
+		    db_subst littlebird-tc/db/failure message "`cat $tmp`" || true
+		    db_subst littlebird-tc/db/failure name "$name" || true
+		    db_subst littlebird-tc/db/failure host "$host" || true
+		    db_input critical littlebird-tc/db/failure || true
+		    db_go || true
 		    exit 1
-		}
+		fi
 
 		if _mysql -e "" "$name" 2>/dev/null; then
 		    db_subst littlebird-tc/db/exists name "$name" || true
diff -r 3572ec238dc1 -r 1267d8034336 debian/littlebird-tc-sql.templates
--- a/debian/littlebird-tc-sql.templates	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/littlebird-tc-sql.templates	Fri Sep 02 01:13:25 2011 +0200
@@ -4,7 +4,7 @@
 
 Template: littlebird-tc/db/have-admin
 Type: boolean
-Default: yes
+Default: no
 Description: Do you have the data to access your database server as admin?
  During the package configuration (postinst) we need to connect
  to your database server and setup the littlebird schema, install
@@ -30,9 +30,19 @@
  in the debconf database.)
 
 Template: littlebird-tc/db/exists
-Type: note
+Type: error
 Description: The database "${name}" exists already.
  Since the database "${name}" seems to exist already, we will not
  start any attempt to do anything.
  .
  Sorry, if this is not what you expected.
+
+Template: littlebird-tc/db/failure
+Type: error
+Description: Admin access to database failed.
+ We cannot access the database "${name}" on host "${host}".
+ The excuse we got:
+ .
+ ${message}
+ .
+ Sorry, if this is not what you expected.
diff -r 3572ec238dc1 -r 1267d8034336 debian/patches/debian-changes-2011072500-18
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/debian/patches/debian-changes-2011072500-18	Fri Sep 02 01:13:25 2011 +0200
@@ -0,0 +1,51 @@
+Description: Upstream changes introduced in version 2011072500-18
+ This patch has been created by dpkg-source during the package build.
+ Here's the last changelog entry, hopefully it gives details on why
+ those changes were made:
+ .
+ littlebird (2011072500-18) stable; urgency=low
+ .
+   * php configuration
+ .
+ The person named in the Author field signed this changelog entry.
+Author: Heiko Schlittermann <hs@schlittermann.de>
+
+---
+The information above should follow the Patch Tagging Guidelines, please
+checkout http://dep.debian.net/deps/dep3/ to learn about the format. Here
+are templates for supplementary fields that you might want to add:
+
+Origin: <vendor|upstream|other>, <url of original patch>
+Bug: <url in upstream bugtracker>
+Bug-Debian: http://bugs.debian.org/<bugnumber>
+Bug-Ubuntu: https://launchpad.net/bugs/<bugnumber>
+Forwarded: <no|not-needed|url proving that it has been forwarded>
+Reviewed-By: <name and email of someone who approved the patch>
+Last-Update: <YYYY-MM-DD>
+
+--- littlebird-2011072500.orig/LittleBird/encoded/LittleBird-Test/Database/install_test_iteration_2011-06.sh
++++ littlebird-2011072500/LittleBird/encoded/LittleBird-Test/Database/install_test_iteration_2011-06.sh
+@@ -2,7 +2,7 @@
+ # leichte Anpassungen durch hs@schlittermann.de
+ # Aufruf wie immer, dann werden die bisherigen Angaben *root* und das bisherige
+ # Passwort verwendet. Oder
+-# install_test_iteration_2011-06.sh DB_HOST DB_NAME DB_ADMINUSER DB_ADMINPASS DB_USER DB_PASS
++# install_test_iteration_2011-06.sh [options|--help]
+ 
+ # ACHTUNG: DIE DATENBANK WIRD KOMPLETT GEERDET!
+ 
+@@ -42,13 +42,13 @@ while true; do
+ 	--help)	    cat <<_HELP
+ Usage: $0 [options]
+        Options are
++       --replacing=s   The version of the package being replaced ($REPLACING).
+        --host=s        The address of the database host ($DB_HOST).
+        --db=s          The name of the database to be used ($DB_NAME).
+        --adminuser=s   The name of the SUPER user on the db server ($DB_ADMINUSER).
+        --adminpass=s   The password for the user above ($DB_ADMINPASS).
+        --user=s        The name of the user for NORMAL db operations ($DB_USER).
+        --pass=s        The password for the user above ($DB_PASS).
+-       --replacing=s   The version of the package being replaced ($REPLACING).
+ _HELP
+ 		    exit;;
+ 	--)	    break;;
diff -r 3572ec238dc1 -r 1267d8034336 debian/patches/series
--- a/debian/patches/series	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/patches/series	Fri Sep 02 01:13:25 2011 +0200
@@ -1,3 +1,4 @@
 debian-changes-2011072500-8
 debian-changes-2011072500-14
 debian-changes-2011072500-17
+debian-changes-2011072500-18
diff -r 3572ec238dc1 -r 1267d8034336 debian/rules
--- a/debian/rules	Thu Sep 01 12:28:28 2011 +0200
+++ b/debian/rules	Fri Sep 02 01:13:25 2011 +0200
@@ -7,24 +7,11 @@
 # This special exception was added by Craig Small in version 0.37 of dh-make.
 
 # Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-SHELL=/bin/bash
-
-core=debian/littlebird-tc-core
-sql=debian/littlebird-tc-sql
-
+export DH_VERBOSE=1
 
 %:
 	dh $@ 
 
-override_dh_auto_install:
-	# tc core -> ${core}
-	install -d -m 0755 ${core}/srv/www/littlebird
-	rsync -a LittleBird/encoded/LittleBird-Test/{CA,library,TrustCenter} ${core}/srv/www/littlebird/
-	# tc sql -> ${sql}
-	install -d -m 0755 ${sql}/usr/share/littlebird/tc-sql/
-	rsync -a LittleBird/encoded/LittleBird-Test/Database/ ${sql}/usr/share/littlebird/tc-sql/
-
+# to speed up things during build process
 override_dh_strip: ; true
 override_dh_shlibdeps: ; true