r96377 MediaWiki - Code Review archive

Repository:	MediaWiki
Revision:	< r96376‎ \| r96377 \| r96378 >
Date:	22:13, 6 September 2011
Author:	aaron
Status:	deferred
Tags:
Comment:	MFT r91703-r95805 from debs/wikimedia-task/appserver
Modified paths:	/branches/hardy/debs/wikimedia-task-appserver (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/apache-sanity-check (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/apache-start (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/authorized_keys (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/check-time (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/debian/changelog (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/debian/postinst (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/debian/postrm (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/debian/rules (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/install-common (deleted) (history) /branches/hardy/debs/wikimedia-task-appserver/mwversionsinuse (added) (history) /branches/hardy/debs/wikimedia-task-appserver/scap-1 (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/scap-1skins (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/scap-2 (modified) (history) /branches/hardy/debs/wikimedia-task-appserver/set-group-write2 (deleted) (history) /branches/hardy/debs/wikimedia-task-appserver/sync-common (modified) (history)

Diff [purge]

Index: branches/hardy/debs/wikimedia-task-appserver/set-group-write2
—	—	@@ -1,9 +0,0 @@
2		~~-#!/bin/bash~~
3		-
4		~~-PATH=/bin:/usr/bin:/sbin:/usr/sbin~~
5		-
6		~~-target1=/var/tmp/texvc~~
7		~~-target2=/apache/common/php-1.17~~
8		-
9		~~-find $target1 -group wikidev -not -perm -020 -perm -200 -exec chmod g+w '{}' ';'~~
10		~~-find $target2 -group wikidev -not -perm -020 -perm -200 -exec chmod g+w '{}' ';'~~
Index: branches/hardy/debs/wikimedia-task-appserver/install-common
—	—	@@ -1,3 +0,0 @@
2		~~-#!/bin/sh~~
3		-
4		~~-cp /var/tmp/texvc/texvc /usr/local/bin/~~
Index: branches/hardy/debs/wikimedia-task-appserver/mwversionsinuse
—	—	@@ -0,0 +1,6 @@
	2	+#!/bin/sh
	3	+# Shell wrapper for the local version of multiversion/activeMWVersions.
	4	+# This script belongs in /usr/bin/ and should be in PATH.
	5	+if ! /usr/local/apache/common-local/multiversion/activeMWVersions "$@"; then
	6	+ exit 1
	7	+fi
Property changes on: branches/hardy/debs/wikimedia-task-appserver/mwversionsinuse
___________________________________________________________________
Added: svn:eol-style
1	8	+ native
Property changes on: branches/hardy/debs/wikimedia-task-appserver/apache-sanity-check
___________________________________________________________________
Added: svn:eol-style
2	9	+ native
Index: branches/hardy/debs/wikimedia-task-appserver/debian/postinst
—	—	@@ -29,6 +29,12 @@
30	30	then
31	31	adduser --system --home /var/www --shell /sbin/nologin --no-create-home --uid 48 --gid 48 --disabled-password apache
32	32	fi
	33	+
	34	+ if ! getent passwd mwdeploy > /dev/null
	35	+ then
	36	+ adduser --system --home /var/www --shell /sbin/nologin --no-create-home --group --disabled-password mwdeploy
	37	+ fi
	38	+
33	39	}
34	40
35	41	case "$1" in
Index: branches/hardy/debs/wikimedia-task-appserver/debian/postrm
—	—	@@ -21,7 +21,9 @@
22	22	purge)
23	23	# Remove apache user
24	24	deluser apache \|\| true
	25	+ deluser mwdeploy \|\| true
25	26	delgroup apache \|\| true
	27	+ delgroup mwdeploy \|\| true
26	28
27	29	# Remove PyBal check user account
28	30	deluser pybal-check
Index: branches/hardy/debs/wikimedia-task-appserver/debian/changelog
—	—	@@ -1,3 +1,10 @@
	2	+wikimedia-task-appserver (1.49) hardy-wikimedia; urgency=low
	3	+ * Backported changes from the 2.x branch:
	4	+
	5	+ * Updated deploy scripts for Heterogeneous Deployment
	6	+ * Added mwdeploy privilege separation.
	7	+ * Merged sync-common and scap-1
	8	+
2	9	wikimedia-task-appserver (1.48) hardy-wikimedia; urgency=low
3	10
4	11	* Backported changes from the 2.x branch:
—	—	@@ -8,9 +15,9 @@
9	16	-- Tim Starling <tstarling@wikimedia.org> Thu, 07 Jul 2011 18:03:23 +1000
10	17
11	18	wikimedia-task-appserver (1.47) hardy-wikimedia; urgency=low
12		-
	19	+
13	20	* Updated sync scripts for MW 11.17
14		-
	21	+
15	22	-- Tim Starling <tstarling@wikimedia.org> Tue, 01 Mar 2011 13:13:43 +1100
16	23
17	24	wikimedia-task-appserver (1.46-2~hardy1) hardy-wikimedia; urgency=low
—	—	@@ -107,7 +114,7 @@
108	115
109	116	wikimedia-task-appserver (1.33) hardy; urgency=low
110	117
111		~~- * Added /mnt/upload5 to the remove list, removed /mnt/upload4 from the~~
	118	+ * Added /mnt/upload5 to the remove list, removed /mnt/upload4 from the
112	119	install list since it's apparently dysfunctional.
113	120
114	121	-- Tim Starling <tstarling@wikimedia.org> Thu, 29 Jan 2009 12:22:40 +1100
—	—	@@ -207,38 +214,38 @@
208	215
209	216	wikimedia-task-appserver (1.17) feisty; urgency=low
210	217
211		~~- * log_errors=On~~
	218	+ * log_errors=On
212	219
213	220	-- Tim Starling <tstarling@wikimedia.org> Wed, 29 Aug 2007 14:08:12 +0000
214	221
215	222	wikimedia-task-appserver (1.16) feisty; urgency=low
216	223
217		~~- * Added /etc/apache2/envvars~~
	224	+ * Added /etc/apache2/envvars
218	225
219	226	-- Tim Starling <tstarling@wikimedia.org> Wed, 29 Aug 2007 00:46:34 +0000
220	227
221	228	wikimedia-task-appserver (1.15) feisty; urgency=low
222	229
223		~~- * No, really, mode 400 for sudoers.~~
	230	+ * No, really, mode 400 for sudoers.
224	231	* Diversion for sudoers
225	232
226	233	-- Tim Starling <tstarling@wikimedia.org> Tue, 28 Aug 2007 23:56:38 +0000
227	234
228	235	wikimedia-task-appserver (1.14) feisty; urgency=low
229	236
230		~~- * Remove conf file diversions on purge, not on remove~~
	237	+ * Remove conf file diversions on purge, not on remove
231	238
232	239	-- Tim Starling <tstarling@wikimedia.org> Tue, 28 Aug 2007 23:15:36 +0000
233	240
234	241	wikimedia-task-appserver (1.13) feisty; urgency=low
235	242
236		~~- * Handle diversions only on install and remove~~
	243	+ * Handle diversions only on install and remove
237	244
238	245	-- Tim Starling <tstarling@wikimedia.org> Tue, 28 Aug 2007 19:38:06 +0000
239	246
240	247	wikimedia-task-appserver (1.12) feisty; urgency=low
241	248
242		~~- * Fixed permissions on /etc/sudoers~~
	249	+ * Fixed permissions on /etc/sudoers
243	250
244	251	-- Tim Starling <tstarling@wikimedia.org> Tue, 28 Aug 2007 19:05:28 +0000
245	252
—	—	@@ -295,25 +302,25 @@
296	303
297	304	wikimedia-task-appserver (1.4) feisty; urgency=low
298	305
299		~~- * Depend on additional X fonts.~~
	306	+ * Depend on additional X fonts.
300	307
301	308	-- River Tarnell <river@wikimedia.org> Sun, 13 May 2007 16:20:43 +0000
302	309
303	310	wikimedia-task-appserver (1.3) feisty; urgency=low
304	311
305		~~- * Automatically add/remove required mounts from amane.~~
	312	+ * Automatically add/remove required mounts from amane.
306	313
307	314	-- River Tarnell <river@wikimedia.org> Sun, 13 May 2007 15:02:35 +0000
308	315
309	316	wikimedia-task-appserver (1.2) feisty; urgency=low
310	317
311		~~- * Depend on some additional packages required for MediaWiki.~~
	318	+ * Depend on some additional packages required for MediaWiki.
312	319
313	320	-- River Tarnell <river@wikimedia.org> Sun, 13 May 2007 08:45:37 +0000
314	321
315	322	wikimedia-task-appserver (1.1) feisty; urgency=low
316	323
317		~~- * Install the required infastructure under /usr/local/apache for sync-* etc.~~
	324	+ * Install the required infastructure under /usr/local/apache for sync-* etc.
318	325
319	326	-- River Tarnell <river@wikimedia.org> Sat, 12 May 2007 19:28:44 +0000
320	327
Index: branches/hardy/debs/wikimedia-task-appserver/debian/rules
—	—	@@ -29,7 +29,7 @@
30	30
31	31	build: build-stamp
32	32
33		~~-build-stamp: configure-stamp~~
	33	+build-stamp: configure-stamp
34	34	dh_testdir
35	35
36	36	touch build-stamp
—	—	@@ -39,20 +39,19 @@
40	40	dh_testroot
41	41	rm -f build-stamp configure-stamp
42	42
43		~~- dh_clean~~
	43	+ dh_clean
44	44
45	45	install: build
46	46	dh_testdir
47	47	dh_testroot
48		~~- dh_clean -k~~
	48	+ dh_clean -k
49	49	dh_installdirs
50	50	dh_link
51		-
	51	+
52	52	# Install sync/check scripts
53	53	install -d -m 0755 $(DESTDIR)/usr/bin
54	54	install -d -m 0755 $(DESTDIR)/usr/sbin
55		~~- install -m 0750 sync-common apache-sanity-check apache-start check-time scap-1skins scap-1 $(DESTDIR)/usr/bin~~
56		~~- install -m 0750 scap-2 set-group-write2 install-common $(DESTDIR)/usr/sbin~~
	55	+ install -m 0755 sync-common apache-sanity-check apache-start check-time scap-1skins scap-1 scap-2 mwversionsinuse $(DESTDIR)/usr/bin
57	56
58	57	install -d -m 0750 $(DESTDIR)/var/lib/pybal-check/.ssh
59	58	install -m 0640 authorized_keys $(DESTDIR)/var/lib/pybal-check/.ssh/authorized_keys
—	—	@@ -65,12 +64,12 @@
66	65	binary-arch: build install
67	66	dh_testdir
68	67	dh_testroot
69		~~- dh_installchangelogs~~
	68	+ dh_installchangelogs
70	69	dh_installdocs
71	70	dh_installexamples
72	71	# dh_install
73	72	# dh_installmenu
74		~~-# dh_installdebconf~~
	73	+# dh_installdebconf
75	74	# dh_installlogrotate
76	75	# dh_installemacsen
77	76	# dh_installpam
Index: branches/hardy/debs/wikimedia-task-appserver/sync-common
—	—	@@ -1,28 +1,3 @@
2	2	#!/bin/sh
3		-#
4		~~-# This is an aggregated version of the scripts called by /home/w/bin/sync-common,~~
5		~~-# not depending on NFS /home.~~
	3	+/usr/bin/scap-1
6	4
7		~~-set -e~~
8		~~-umask 002~~
9		-
10		~~-export PATH=/bin:/usr/bin:/sbin:/usr/sbin~~
11		-
12		~~-# Set ownership~~
13		~~-[ -d /usr/local/apache/common-local/php-1.17 ] \|\| mkdir -p /usr/local/apache/common-local/php-1.17~~
14		~~-find /usr/local/apache/common/php-1.17 -group wikidev -not -perm -020 -perm -200 -exec chmod g+w '{}' ';'~~
15		-
16		~~-# Compile texvc~~
17		~~-echo -n Compiling texvc...~~
18		~~-[ -d /var/tmp/texvc ] \|\| mkdir /var/tmp/texvc~~
19		~~-rsync -r --exclude=.svn/ 10.0.5.8::common/php-1.17/math/ /var/tmp/texvc~~
20		~~-cd /var/tmp/texvc~~
21		~~-make -f Makefile texvc >/dev/null 2>/dev/null && echo ok \|\| echo failed~~
22		~~-sudo /usr/sbin/install-common~~
23		~~-cd -~~
24		~~-rm -rf /var/tmp/texvc~~
25		-
26		~~-# rsync common~~
27		~~-echo -n Copying to `hostname -s`...~~
28		~~-rsync -a --delete '--exclude=**/.svn/lock' 10.0.5.8::common/ /usr/local/apache/common-local~~
29		~~-echo Done.~~
Property changes on: branches/hardy/debs/wikimedia-task-appserver/sync-common
___________________________________________________________________
Added: svn:eol-style
30	5	+ native
Index: branches/hardy/debs/wikimedia-task-appserver/scap-1
—	—	@@ -1,14 +1,20 @@
2	2	#!/bin/sh
3	3
4		~~-# Compile as regular user~~
5		~~-echo -n Compiling texvc...~~
6		~~-[ -d /var/tmp/texvc ] \|\| mkdir /var/tmp/texvc~~
7		~~-rsync -r --exclude=.svn/ 10.0.5.8::common/php-1.17/math/ /var/tmp/texvc~~
8		~~-cd /var/tmp/texvc~~
9		~~-make -f Makefile texvc >/dev/null 2>/dev/null && echo ok \|\| echo failed~~
	4	+if [ ! -d /usr/local/apache/common-local ];then
	5	+ if ! install -d -o mwdeploy -g mwdeploy /usr/local/apache/common-local; then
	6	+ echo "Unable to create common-local, please re-run this script as root."
	7	+ exit 1
	8	+ fi
	9	+fi
10	10
11		~~-# Copy and install as root~~
12		~~-sudo /usr/sbin/scap-2~~
	11	+if [ ! -d /usr/local/apache/uncommon ];then
	12	+ if ! install -d -o mwdeploy -g mwdeploy /usr/local/apache/uncommon; then
	13	+ echo "Unable to create /usr/local/apache/uncommon, please re-run this script as root."
	14	+ exit 1
	15	+ fi
	16	+fi
13	17
	18	+sudo -u mwdeploy /usr/bin/scap-2
	19	+
14	20	echo Done
15	21
Property changes on: branches/hardy/debs/wikimedia-task-appserver/scap-1
___________________________________________________________________
Added: svn:eol-style
16	22	+ native
Index: branches/hardy/debs/wikimedia-task-appserver/scap-2
—	—	@@ -2,12 +2,50 @@
3	3
4	4	PATH=/bin:/usr/bin:/sbin:/usr/sbin:
5	5
6		~~-echo -n Updating php-1.17...~~
7		~~-rsync -a 10.0.5.8::common/php-1.17/ /usr/local/apache/common-local/php-1.17 && echo ok \|\| echo failed~~
	6	+echo -n Copying to `hostname -s`...
	7	+if rsync -a --delete --exclude=**/.svn/lock --no-perms \
	8	+ 10.0.5.8::common/ /usr/local/apache/common-local
	9	+then
	10	+ echo "ok"
	11	+else
	12	+ echo "failed"
	13	+ exit 1
	14	+fi
8	15
9		~~-# Install compiled executables~~
10		~~-/usr/sbin/install-common~~
	16	+# wikiversions.dat just synced above
	17	+mwVersionNums=`mwversionsinuse`
	18	+if [ -z "$mwVersionNums" ]; then
	19	+ echo "Unable to read wikiversions.dat or it is empty"
	20	+ exit 1
	21	+fi
11	22
12		~~-echo -n "Restarting apache... "~~
13		~~-/usr/bin/apache-sanity-check && ( sudo /usr/sbin/apache2ctl stop; sudo killall -9 apache2;sleep 3; sudo /usr/sbin/apache2ctl start )~~
	23	+for mwVerNum in "${mwVersionNums[@]}"
	24	+do
	25	+ echo "MediaWiki $mwVerNum: Compiling texvc..."
	26	+ builddir=`mktemp -dt texvc-build.XXXXXXXXXX`
	27	+ if [ -z "$builddir" ]; then
	28	+ echo "Unable to create temporary directory"
	29	+ exit 1
	30	+ fi
14	31
	32	+ IP=/usr/local/apache/common-local/php-"$mwVerNum"
	33	+ # Math was moved out to an extension in MW 1.18
	34	+ if [ -d $IP/extensions/Math/math ]; then
	35	+ MATHPATH=$IP/extensions/Math/math
	36	+ else
	37	+ MATHPATH=$IP/math
	38	+ fi
	39	+
	40	+ rsync -r --exclude=.svn/ $MATHPATH/ "$builddir"
	41	+ cd "$builddir"
	42	+ if make -f Makefile texvc >/dev/null 2>/dev/null; then
	43	+ echo "ok"
	44	+ install -d /usr/local/apache/uncommon/"$mwVerNum"/bin
	45	+ install -m 755 "$builddir"/texvc /usr/local/apache/uncommon/"$mwVerNum"/bin
	46	+ else
	47	+ echo "failed"
	48	+ exit 1
	49	+ fi
	50	+ rm -r "$builddir"
	51	+ cd /
	52	+done
Property changes on: branches/hardy/debs/wikimedia-task-appserver/scap-2
___________________________________________________________________
Added: svn:eol-style
15	53	+ native
Property changes on: branches/hardy/debs/wikimedia-task-appserver/authorized_keys
___________________________________________________________________
Added: svn:eol-style
16	54	+ native
Property changes on: branches/hardy/debs/wikimedia-task-appserver/check-time
___________________________________________________________________
Added: svn:eol-style
17	55	+ native
Property changes on: branches/hardy/debs/wikimedia-task-appserver/apache-start
___________________________________________________________________
Added: svn:eol-style
18	56	+ native
Index: branches/hardy/debs/wikimedia-task-appserver/scap-1skins
—	—	@@ -1,5 +1,12 @@
2		~~-#!/bin/sh~~
	2	+#!/bin/bash
3	3
4		~~-rsync -a 10.0.5.8::common/php-1.17/skins/ \~~
5		~~- /usr/local/apache/common-local/php-1.17/skins \~~
6		~~- && echo ok \|\| echo failed~~
	4	+mwVersionNums=`mwversionsinuse`
	5	+for mwVerNum in "${mwVersionNums[@]}"
	6	+do
	7	+ sudo -u mwdeploy sh -c "
	8	+ rsync -a --no-perms 10.0.5.8::common/php-$mwVerNum/skins/ \
	9	+ /usr/local/apache/common-local/php-$mwVerNum/skins && \
	10	+ echo ok \|\| \
	11	+ echo failed
	12	+ "
	13	+done
Property changes on: branches/hardy/debs/wikimedia-task-appserver/scap-1skins
___________________________________________________________________
Added: svn:eol-style
7	14	+ native
Property changes on: branches/hardy/debs/wikimedia-task-appserver
___________________________________________________________________
Added: svn:mergeinfo
8	15	Merged /trunk/debs/wikimedia-task-appserver:r91630-96376

Past revisions this follows-up on

Revision	Commit summary	Author	Date
r91703	* Sync script updates for improved privilege separation. A new user (mwdeploy...	tstarling	00:50, 8 July 2011
r95805	eol-style native	aaron	19:08, 30 August 2011

Status & tagging log

01:29, 22 October 2011 Reedy (talk | contribs) changed the status of r96377 [removed: new added: deferred]