diff --git a/.gitignore b/.gitignore index e0073cf..24c32f2 100644 --- a/.gitignore +++ b/.gitignore @@ -1,9 +1,21 @@ +# If you update this file, please also update the extend-diff-ignore option +# in debian/source/options. + __pycache__/ -*.pyc /venv/ +/dist/ +/build/ +/*.egg-info/ .vscode/ *.o *.so .idea/ /docs/*.1 /docs/*.5 +/debian/ceo/ +/debian/ceod/ +/debian/tmp/ +/debian/ceo.substvars +/debian/files +/debian/.debhelper/ +/debian/debhelper-build-stamp diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..6b90d74 --- /dev/null +++ b/Makefile @@ -0,0 +1,33 @@ +SCDFILES = $(wildcard docs/*.scd) +MANPAGES = $(patsubst docs/%.scd,docs/%,${SCDFILES}) +CEO_HOME = /var/lib/ceo + +all: build + +build: docs venv + +venv: + python3 -m venv venv && \ + . venv/bin/activate && \ + pip install -r dev-requirements.txt && \ + pip install -r requirements.txt && \ + python setup.py install + +install: + @# Prepare the virtualenv to be moved (dangerous!) + @# Make sure you don't have '|' in your paths + grep -IRl $(CURDIR)/venv venv | \ + xargs perl -pe 's|\Q$(CURDIR)/venv\E|$(CEO_HOME)/venv|g' -i + mkdir -p $(DESTDIR)$(CEO_HOME) + mv venv $(DESTDIR)$(CEO_HOME) + +docs: + for file in ${SCDFILES} ; do \ + scdoc < $$file > `echo $$file | grep -oP '.*(?=\.scd$$)'` ; \ + done + +clean: + rm -f ${MANPAGES} + rm -rf venv + +.PHONY: all build docs clean venv install diff --git a/README.md b/README.md index 35fa773..74d310e 100644 --- a/README.md +++ b/README.md @@ -222,3 +222,42 @@ curl --negotiate -u : --service-name ceod --delegation always \ -d '{"uid":"test_1","cn":"Test One","given_name":"Test","sn":"One","program":"Math","terms":["s2021"]}' \ -X POST http://phosphoric-acid:9987/api/members ``` + +## Packaging +First, I strongly recommend running the build in a Docker/Podman +container to avoid screwing up your main system: +```sh +podman run -it --name pyceo-packaging -v "$PWD":"$PWD" -w "$PWD" debian:buster bash +``` +Here are some of the prerequisites you'll need to build the deb files: +```sh +apt install devscripts debhelper git-buildpackage +``` +Make sure to also install all of the packages in the 'Build-Depends' section in debian/control. + +Make sure you git commit your changes *before* building the packages. + +To build unsigned packages: +```sh +gbp buildpackage --git-ignore-new --git-upstream-tree=BRANCH --git-upstream-branch=master -uc -us +``` + +To build signed packages (for uploading), you need to have your GPG key ready, and it should also +be in the CSC mirror keyring. +Once you have done that, replace '-uc -us' by '-k', e.g. +```sh +gbp buildpackage --git-ignore-new --git-upstream-tree=BRANCH --git-upstream-branch=master -k8E5568ABB0CF96BC367806ED127923BE10DA48DC +``` +This will create a bunch of files (deb, dsc, tar.gz, etc.) in the parent directory. + +To clean the packages: +```sh +rm ../*.{xz,gz,dsc,build,buildinfo,changes,deb} +``` + +### Uploading +Ask a syscom member for their dupload.conf file, and place it in your ~/.dupload.conf. +Then, from a CSC machine, upload the changes file from the parent directory, e.g. +``` +dupload ceo_1.0.0-buster1_amd64.changes +``` diff --git a/VERSION.txt b/VERSION.txt new file mode 100644 index 0000000..3eefcb9 --- /dev/null +++ b/VERSION.txt @@ -0,0 +1 @@ +1.0.0 diff --git a/ceo/__main__.py b/ceo/__main__.py index fbc4473..b4dbb57 100644 --- a/ceo/__main__.py +++ b/ceo/__main__.py @@ -1,4 +1,3 @@ -import importlib.resources import os import socket import sys @@ -17,12 +16,14 @@ def register_services(): baseComponent = component.getGlobalSiteManager() # Config - # This is a hack to determine if we're in the dev env or not - if socket.getfqdn().endswith('.csclub.internal'): - with importlib.resources.path('tests', 'ceo_dev.ini') as p: - config_file = p.__fspath__() + if 'CEO_CONFIG' in os.environ: + config_file = os.environ['CEO_CONFIG'] else: - config_file = os.environ.get('CEO_CONFIG', '/etc/csc/ceo.ini') + # This is a hack to determine if we're in the dev env or not + if socket.getfqdn().endswith('.csclub.internal'): + config_file = './tests/ceo_dev.ini' + else: + config_file = '/etc/csc/ceo.ini' cfg = Config(config_file) baseComponent.registerUtility(cfg, IConfig) diff --git a/clear_cache.sh b/clear_cache.sh index 3d70e9d..bffc7ae 100755 --- a/clear_cache.sh +++ b/clear_cache.sh @@ -1,3 +1,3 @@ #!/bin/sh -find ceo* -type d -name __pycache__ -execdir rm -r '{}' \; +find ceo ceod ceo_common tests -type d -name __pycache__ -execdir rm -r '{}' \; rm -rf .pytest_cache diff --git a/debian/.gitignore b/debian/.gitignore new file mode 100644 index 0000000..6ba0e6d --- /dev/null +++ b/debian/.gitignore @@ -0,0 +1,9 @@ +/ceo.substvars +/ceo-common +/ceo-clients +/ceo-daemon +/ceo-python +/files +/*.debhelper +/*.debhelper.log +/*.substvars diff --git a/debian/ceo-common.install b/debian/ceo-common.install new file mode 100644 index 0000000..b3b55a4 --- /dev/null +++ b/debian/ceo-common.install @@ -0,0 +1 @@ +/var/lib/ceo diff --git a/debian/ceo.install b/debian/ceo.install new file mode 100644 index 0000000..5c0d4d0 --- /dev/null +++ b/debian/ceo.install @@ -0,0 +1 @@ +etc/ceo.ini etc/csc diff --git a/debian/ceo.links b/debian/ceo.links new file mode 100644 index 0000000..e5d5cd4 --- /dev/null +++ b/debian/ceo.links @@ -0,0 +1 @@ +/var/lib/ceo/venv/bin/ceo /usr/bin/ceo diff --git a/debian/ceo.manpages b/debian/ceo.manpages new file mode 100644 index 0000000..db5fa5f --- /dev/null +++ b/debian/ceo.manpages @@ -0,0 +1,2 @@ +docs/ceo.1 +docs/ceo.ini.5 diff --git a/debian/ceod.install b/debian/ceod.install new file mode 100644 index 0000000..41564a5 --- /dev/null +++ b/debian/ceod.install @@ -0,0 +1,2 @@ +etc/ceod.ini etc/csc +etc/default/ceod etc/default diff --git a/debian/ceod.manpages b/debian/ceod.manpages new file mode 100644 index 0000000..800bf26 --- /dev/null +++ b/debian/ceod.manpages @@ -0,0 +1 @@ +docs/ceod.ini.5 diff --git a/debian/ceod.postinst b/debian/ceod.postinst new file mode 100755 index 0000000..0ce0d5b --- /dev/null +++ b/debian/ceod.postinst @@ -0,0 +1,2 @@ +#!/bin/sh +chmod 600 /etc/csc/ceod.ini diff --git a/debian/ceod.service b/debian/ceod.service new file mode 100644 index 0000000..cca4e0b --- /dev/null +++ b/debian/ceod.service @@ -0,0 +1,16 @@ +[Unit] +Description=CSC Electronic Office daemon +Documentation=https://git.csclub.uwaterloo.ca/public/pyceo +Requires=network.target +After=network.target + +[Service] +Type=exec +EnvironmentFile=/etc/default/ceod +WorkingDirectory=/var/lib/ceo +ExecStart=/var/lib/ceo/venv/bin/gunicorn $GUNICORN_ARGS 'ceod.api:create_app()' +# TODO: once the mail container is no longer running in LXC, we should add +# some security protections here, like ProtectSystem. + +[Install] +WantedBy=multi-user.target diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..22eb731 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,745 @@ +ceo (1.0.0-buster1) buster; urgency=high + + * Use new ceo with python3 + + -- Max Erenberg Tue, 26 Oct 2021 22:20:03 -0400 + +ceo (0.7.1-buster1) buster; urgency=medium + + * Update mailman path to use virtualenv + + -- Max Erenberg Tue, 18 May 2021 01:45:49 -0400 + +ceo (0.7.0-buster1) buster; urgency=medium + + * Set userPassword field in LDAP for SASL authentication + + -- Zachary Seguin Fri, 07 May 2021 21:44:02 -0400 + +ceo (0.6.0-buster1.2) buster; urgency=medium + + * Decrease minimum username length from 3 to 2 + + -- Max Erenberg Sun, 02 May 2021 18:02:31 -0400 + +ceo (0.6.0-buster1.1) buster; urgency=medium + + * Use Mailman 3 instead of Mailman 2 + + -- Max Erenberg Sun, 11 Apr 2021 21:54:06 -0400 + +ceo (0.6.0-stretch1) stretch; urgency=high + + * Move adduser and mail operations to phosphoric-acid due to decommissioning + of aspartame + + * Packaging for stretch + + -- Zachary Seguin Sun, 21 Mar 2021 23:04:05 -0400 + +ceo (0.6.0-buster1) buster; urgency=high + + * Move adduser and mail operations to phosphoric-acid due to decommissioning + of aspartame + + -- Zachary Seguin Sun, 21 Mar 2021 22:39:05 -0400 + +ceo (0.5.28-bionic1.1) bionic; urgency=medium + + * Packaging for bionic + + -- Jennifer Zhou Sun, 21 Oct 2018 21:38:57 -0400 + +ceo (0.5.28-buster1) buster; urgency=medium + + * Package for buster + + -- Zachary Seguin Sun, 15 Apr 2018 14:31:08 -0400 + +ceo (0.5.28-xenial1) xenial; urgency=medium + + * Build for xenial + + -- Zachary Seguin Tue, 02 May 2017 00:24:45 -0400 + +ceo (0.5.28-jessie1) jessie; urgency=medium + + * Build for jessie + + -- Zachary Seguin Tue, 02 May 2017 00:16:31 -0400 + +ceo (0.5.28-stretch1) stretch; urgency=medium + + * Check for host (IPv4 or IPV6) or MX record when verying valid email + addresses + + -- Zachary Seguin Wed, 01 May 2017 13:07:21 -0500 + +ceo (0.5.27-stretch1) stretch; urgency=medium + + * Build for stretch + + -- Zachary Seguin Wed, 11 Jan 2017 16:07:21 -0500 + +ceo (0.5.27jessie2) jessie; urgency=low + + * Include library as a dependency + + -- Zachary Seguin Sat, 20 Feb 2016 15:54:29 -0500 + +ceo (0.5.27trusty2) trusty; urgency=medium + + * Include library as a dependency + + -- Zachary Seguin Sat, 20 Feb 2016 15:57:18 -0500 + +ceo (0.5.27trusty1) trusty; urgency=high + + * Resolved issue from previous release which resulted in CEO not launching + + -- Zachary Seguin Fri, 19 Feb 2016 23:38:41 -0500 + +ceo (0.5.27jessie1) jessie; urgency=high + + * Resolved issue from previous release which resulted in CEO not launching + + -- Zachary Seguin Fri, 19 Feb 2016 23:38:41 -0500 + +ceo (0.5.27jessie) jessie; urgency=medium + + * "Library" now launches "librarian" + + -- Felix Bauckholt Fri, 19 Feb 2016 22:12:25 -0500 + +ceo (0.5.26trusty) trusty; urgency=medium + + * "Library" now launches "librarian" + + -- Felix Bauckholt Fri, 19 Feb 2016 22:07:37 -0500 + +ceo (0.5.26) jessie; urgency=medium + + * Repackage for jessie + * Fix build for latest package versions + + -- Zachary Seguin Wed, 11 Nov 2015 22:39:49 -0500 + +ceo (0.5.25jessie0) jessie; urgency=low + + * Replace mention of the safe with the cup. + * Remind users that club accounts are free. + + -- Sean Hunt Tue, 22 Jul 2014 14:20:16 -0400 + +ceo (0.5.24ubuntu5) saucy; urgency=low + + * Packaging for saucy. + + -- Sean Hunt Thu, 05 Dec 2013 15:59:17 -0500 + +ceo (0.5.24jessie0) jessie; urgency=low + + * Packaging for jessie. + + -- Luqman Aden Thu, 10 Oct 2013 21:51:26 -0400 + +ceo (0.5.24squeeze0) oldstable; urgency=low + + * Rebuild for squeeze, since a wheezy package was accepted there by accident. + + -- Jeremy Roman Mon, 16 Sep 2013 08:33:58 -0400 + +ceo (0.5.24) stable; urgency=low + + * Fix bug introduced in Kerberos change. + + -- Jeremy Roman Mon, 16 Sep 2013 08:28:51 -0400 + +ceo (0.5.23) stable; urgency=low + + * Stable is now wheezy; rebuild. + + -- Jeremy Roman Sat, 07 Sep 2013 11:59:24 -0400 + +ceo (0.5.22) stable; urgency=low + + * Drop support for Kerberos LDAP backend; this is not the current CSC setup. + + -- Jeremy Roman Sat, 07 Sep 2013 11:45:33 -0400 + +ceo (0.5.21) testing; urgency=low + + * Build with older protoc-c for compatibility with squeeze. + + -- Marc Burns Tue, 28 May 2013 11:14:36 -0400 + +ceo (0.5.20) testing; urgency=low + + * Work around bug in libgssapi 2.0.25 present in wheezy. + + -- Marc Burns Tue, 28 May 2013 10:45:09 -0400 + +ceo (0.5.19ubuntu2) quantal; urgency=low + + * Packaging for quantal. + + -- Owen Michael Smith Sat, 25 May 2013 19:46:52 -0400 + +ceo (0.5.19ubuntu1) precise; urgency=low + + * Added precise package with changes + + -- Sarah Harvey Wed, 06 Feb 2013 23:44:18 -0500 + +ceo (0.5.19) stable; urgency=low + + * Updated mail, adduser host to be aspartame, not ginseng (following filesystem migration) + + -- Sarah Harvey Wed, 06 Feb 2013 23:36:46 -0500 + +ceo (0.5.18ubuntu1) precise; urgency=low + + * Added precise package with changes. + + -- Sarah Harvey Wed, 12 Sep 2012 08:42:02 -0400 + +ceo (0.5.18) stable; urgency=low + + * Updated mailman host to be mail, not caffeine (following mail container migration) + + -- Sarah Harvey Mon, 10 Sep 2012 19:06:16 -0400 + +ceo (0.5.17ubuntu2) precise; urgency=low + + * Accidentally merged in broken changes. Fixing. + + -- Jeremy Roman Thu, 26 Apr 2012 15:19:03 -0400 + +ceo (0.5.17) stable; urgency=low + + * Change behavior of ceod to add Kerberos principal, + * as opposed to changing principal password. + + -- Marc Burns Fri, 16 Mar 2012 15:27:35 -0400 + +ceo (0.5.16) stable; urgency=low + + * Fix CEO for CMC by allow mailman to be disabled. + + -- Michael Spang Sat, 17 Sep 2011 16:36:01 -0400 + +ceo (0.5.14) stable; urgency=low + + * Add support for sending a welcome message. + + -- Jeremy Roman Fri, 26 Aug 2011 00:59:08 -0400 + +ceo (0.5.13) stable; urgency=low + + * Fix Mailman path + + -- Jeremy Roman Mon, 09 May 2011 19:12:09 -0400 + +ceo (0.5.12) stable; urgency=low + + * Change sudoRunAs to sudoRunAsUser. + + -- Michael Spang Sun, 13 Mar 2011 03:24:30 -0400 + +ceo (0.5.11) stable; urgency=low + + * Fix library check in and search bug introduced in 0.5.9+nmu1. + + -- Marc Burns Fri, 04 Mar 2011 16:52:32 -0500 + +ceo (0.5.10) stable; urgency=low + + * Fix squeeze build warnings + * Add m4burns to debian/control + + -- Michael Spang Fri, 04 Mar 2011 00:47:09 -0500 + +ceo (0.5.9+nmu1) stable; urgency=low + + * Non-maintainer upload. + * Fix library book search page to display message when no books are found. + + -- Marc Burns Mon, 28 Feb 2011 13:00:24 -0500 + +ceo (0.5.9) stable; urgency=low + + * Fix build for squeeze. + + -- Michael Spang Thu, 14 Oct 2010 14:22:04 -0400 + +ceo (0.5.8+nmu1) stable; urgency=low + + * fixed bug reported by jdonland + + -- Jeremy Roman Sun, 26 Sep 2010 22:32:50 -0400 + +ceo (0.5.8) stable; urgency=low + + * tab support in most forms (note that the tab key is already bound for the LDAP lookup fields) + * new members can be added for multiple terms without going through renewal + * fix for the squeeze version of urwid + * new members are automatically added to csc-general + + -- Jeremy Roman Sat, 25 Sep 2010 01:04:02 -0400 + +ceo (0.5.7+nmu4) stable; urgency=low + + * Non-maintainer upload. + * add Office Manager position to positions list + + -- Jeremy Roman Tue, 14 Sep 2010 18:19:50 -0400 + +ceo (0.5.7+nmu3) stable; urgency=low + + * Added phpmyadmin to mysql info file generated by CEO + + -- Michael Ellis Thu, 19 Aug 2010 14:06:16 -0400 + +ceo (0.5.7+nmu2) stable; urgency=low + + * Removed the need for separate entries to manage office and syscom + * Added check to ensure group is valid + + -- Michael Ellis Fri, 18 Jun 2010 21:29:48 -0400 + +ceo (0.5.7+nmu1) stable; urgency=low + + * Non-maintainer upload. + * Removed uwdir lookup for expired accounts emailing + + -- Michael Ellis Tue, 18 May 2010 18:18:02 -0400 + +ceo (0.5.7) stable; urgency=low + + [ Michael Spang ] + * Fix expiredaccounts + + [ Michael Ellis ] + * Reworded expired account email. Club rep accounts can be renewed for + free (as usual). + + [ Michael Spang ] + * Readd quota support + + -- Michael Spang Sun, 09 May 2010 02:10:48 -0400 + +ceo (0.5.6) stable; urgency=low + + [ Michael Spang ] + * Fix use of freopen + * Fix auth for mysql database creation + + [ Jeremy Brandon Roman ] + * added ability to use first letter of menu items + + [ Michael Spang ] + * Remove ternary operators + + -- Michael Spang Sun, 20 Dec 2009 13:45:48 -0500 + +ceo (0.5.5) stable; urgency=low + + * Add missing dependency on python-mysql + * Add CLI version of mysql thing + + -- Michael Spang Mon, 02 Nov 2009 20:34:52 +0000 + +ceo (0.5.4) stable; urgency=low + + * Switch from SCTP to TCP + + -- Michael Spang Mon, 02 Nov 2009 03:04:52 +0000 + +ceo (0.5.3) stable; urgency=low + + * Fix gss error reporting bug + * Clarify email forwarding upon renewal + * Fail fast if not authenticated + * Encrypt all post-auth ceoc<->ceod communication + * Improve error handling when writing + + -- Michael Spang Sat, 24 Oct 2009 14:49:51 -0400 + +ceo (0.5.2) stable; urgency=low + + * Clarify search operation in menu + * Move some code + * Fix segfault + * Write mysql file to ~club + * Kill mathsoclist + * Blacklist orphaned/expired from updateprograms + * Add status thing + * Force redraw after status thing + + -- Michael Spang Wed, 16 Sep 2009 18:32:56 -0400 + +ceo (0.5.1) stable; urgency=low + + * Add mysql magic. + * Add email forwarding magic. + * Labels on the menu. + + -- Michael Spang Wed, 09 Sep 2009 17:54:49 -0400 + +ceo (0.5.0) stable; urgency=low + + * Add ceo daemon. + + -- Michael Spang Thu, 30 Jul 2009 00:19:42 -0400 + +ceo (0.4.24) stable; urgency=low + + * Bump standards version. + + -- Michael Spang Wed, 29 Jul 2009 07:31:24 -0400 + +ceo (0.4.23) stable; urgency=low + + * CEO library now only finds books that are signed out as being overdue. + + -- Michael Gregson Wed, 11 Mar 2009 03:30:01 -0500 + +ceo (0.4.22) stable; urgency=low + + * CEO now closes window when it should. (Sorry) + + -- Michael Gregson Wed, 11 Mar 2009 02:25:01 -0500 + +ceo (0.4.21) stable; urgency=low + + * CEO Library can now add boox. + + -- Michael Gregson Wed, 11 Mar 2009 02:09:01 -0500 + +ceo (0.4.20) stable; urgency=low + + * Update kadmin headers + + -- David Bartley Tue, 24 Feb 2009 16:08:12 -0500 + +ceo (0.4.19) stable; urgency=low + + * Rebuild for lenny. + + -- Michael Spang Tue, 17 Feb 2009 22:23:30 -0500 + +ceo (0.4.18) stable; urgency=low + + [ Michael Gregson ] + * Added new search function, and books now display due dates. + + -- Michael Gregson Wed, 29 Jan 2009 01:04:00 -0500 + +ceo (0.4.17) stable; urgency=low + + [ Michael Gregson ] + * Books can now be returned!!! Yay! + + -- Michael Gregson Thu, 15 Jan 2009 23:42:00 -0500 + +ceo (0.4.16) stable; urgency=low + + [ Michael Gregson ] + * Fixed error in calling of members.current + + -- Michael Gregson Thu, 15 Jan 2009 22:40:00 -0500 + +ceo (0.4.15) stable; urgency=low + + [ Michael Gregson ] + * Fixed incorrect usage of members.registered in library + + -- Michael Gregson Thu, 15 Jan 2009 19:10:00 -0500 + +ceo (0.4.14) stable; urgency=low + + [ Michael Gregson ] + * Corrected members.registered() to account for + non-existent members. + * Corrected overdue search. + + -- Michael Gregson Thu, 15 Jan 2009 18:40:00 -0500 + +ceo (0.4.13) stable; urgency=low + + [ Michael Gregson ] + * Add user validation to library system + * Add search function to library + * Can search for overdue books. + + -- Michael Gregson Thu, 15 Jan 2009 17:00:00 -0500 + +ceo (0.4.12) stable; urgency=low + + [ Michael Gregson ] + * Rewrite library system. + * Support for book checkout and return on sqlobject backends + * We dont die when not having LDAP to connect to. + + -- Michael Gregson Wed, 14 Jan 2009 19:38:00 -0400 + +ceo (0.4.11) stable; urgency=low + + [ David Bartley ] + * Add library path to config + + [ Nick Guenther ] + * library backend, initial version + * Library GUI is coming, but awkwardsadface + * CEO notifies of it's connect attempt (since if LDAP is being sad + then CEO hangs without any indication of why) + * Search works whoooo + * We've gone from not having a library, to having a basic library that + almost works! There's kinks and the code could be cleaner in places, + but it's a really decent start for only a day's work. yayyyy python + + -- David Bartley Mon, 02 Jun 2008 23:49:09 -0400 + +ceo (0.4.10) stable; urgency=low + + [ David Bartley ] + * Always call deauth + * Add configurable refquota support + + [ Michael Spang ] + * Auth as ceo/admin for zfsaddhomedir + + -- David Bartley Wed, 28 May 2008 02:01:53 -0400 + +ceo (0.4.9) stable; urgency=low + + * Move mathsoc regex and exception userid's into config + * Import sys + * Fix help text + * Use refquota instead of quota + + -- David Bartley Thu, 15 May 2008 22:14:50 -0400 + +ceo (0.4.8) stable; urgency=low + + * No point in recommending quota anymore + * Add help for command-line ceo + * Drop memberUid support; all groups use uniqueMember now + * Simplify help + * Improve help message + * Add mathsoclist command + * Add term argument to mathsoclist + + -- David Bartley Thu, 24 Apr 2008 19:57:12 -0400 + +ceo (0.4.7) stable; urgency=low + + [ David Bartley ] + * Add zfsaddhomedir + + [ Michael Spang ] + * Initialize program name in openlog + * Whitespace fix + + -- David Bartley Tue, 25 Mar 2008 14:13:36 -0400 + +ceo (0.4.6) stable; urgency=low + + * Fix off-by-one error + * Search menu bug fix + + -- David Bartley Sat, 15 Mar 2008 02:13:25 -0400 + +ceo (0.4.5) stable; urgency=low + + * Don't offer to update to an empty program + * It's doubtful that a user would need to mount a floppy disk + * Add library stubs and refactor menu creation + * Add inactive command + + -- David Bartley Mon, 10 Mar 2008 00:35:09 -0400 + +ceo (0.4.4) stable; urgency=low + + [ David Bartley ] + * Added console app + * Install ceo.console + * Set params=[] by default in ldapi.search + * Add list_all and uid2dn; make list_* return {dn:...} instead of + {uid:...} + * Implement updateprogram (interactively updates program from uwldap) + * Sort memberlist + * Add office staff to floppy group + * Refactor uwldap constants + * Implement expired account emails + * Add expired-account and notify-hook to git + * Send to both uwdir email and csclub email + * Fix bug in group management + * Refactor console code + + [ Michael Spang ] + * Fix magic + * Fix magic, really + * Actually do magic, tested this time + * Fix use of club settings in addmember + * Fix use of member UID range in addclub + + -- Michael Spang Fri, 25 Jan 2008 20:36:42 -0500 + +ceo (0.4.3) stable; urgency=low + + * Add cro to positions + * Fix typo + * Fix group modification code + + -- David Bartley Tue, 08 Jan 2008 19:58:19 -0500 + +ceo (0.4.2) stable; urgency=low + + [ David Bartley ] + * Add password prompt + * Only allow 3 password attempts + * Remove extraneous whitespace + * Add tab completion for userid fields + * Clarify group failure + * Improve exception handling + * Improved tab-completion + * Add sudo entry to ldap when creating clubs + + [ Michael Spang ] + * Reorganize build process + * Reorganize namespace + * Use python-ldap directly in members + * Cleanup warnings: unused imports, etc + * Better error handling in the gui + * Fix list by term and list by name + * Display "Connecting..." during gui startup + * Remove chfn and chsh and allow shell changes in the gui + * Enlarge the shells list + * Don't try to install chsh and chfn + * Remove python-pam dependency + * Remove ceoquery + * Add manpages and remove TODO + * Allow init of MemberException with no arguments + * Remove obsolete function ceo_add_club() + * POSIX ACL support in addhomedir and addclub + * Add club representative support + * Show "Rep Terms" when displaying member + * Conditionally shows terms + * Add git-buildpackage configuration + + -- Michael Spang Mon, 24 Dec 2007 13:41:27 -0500 + +ceo (0.4.1) stable; urgency=low + + * Minor fixes + + -- Michael Spang Wed, 12 Dec 2007 03:40:17 -0500 + +ceo (0.4.0) stable; urgency=low + + * New release + + -- Michael Spang Wed, 12 Dec 2007 03:07:05 -0500 + +ceo (0.3.9) stable; urgency=low + + * New release + + -- Michael Spang Mon, 10 Dec 2007 03:56:06 -0500 + +ceo (0.3.3) stable; urgency=low + + * Add club and group modify page + * Add sasl support + * Complete group and position management + * Remove ceo-old + * Fix bugs + + -- David Bartley Wed, 21 Nov 2007 20:56:14 -0500 + +ceo (0.3.2) unstable; urgency=low + + [ Michael Spang ] + * Fix CEO group add for rfc2307bis + + [ David Bartley ] + * Add 'search by group' + * Lookup name and program based on uwdir id + * Add group and position management + + -- Michael Spang Wed, 21 Nov 2007 17:21:40 -0500 + +ceo (0.3.1) unstable; urgency=low + + * addhomedir: invalidate nscd tables + * ceo-urwid: add create club account menuitem + * Add urwid to dependencies + + -- Michael Spang Fri, 5 Oct 2007 10:16:41 -0400 + +ceo (0.3.0) unstable; urgency=low + + * Add experimental urwid-based GUI + * Rip out studentid support + * Unbreak termusers in ceoquery + * Increase widths of UI windows + * PgSQL to LDAP transition + + -- Michael Spang Tue, 25 Sep 2007 04:00:10 -0400 + +ceo (0.2.4) unstable; urgency=low + + * Added csc.schema. + * Vim-style keybindings for CEO menus. + * Bug fix: call setreuid(euid, euid) in csc-chfn and csc-chsh. + * Bug fix: run less in "secure" mode. + * Renamed package to ceo. + + -- Michael Spang Mon, 28 May 2007 02:05:28 -0400 + +csc (0.2.3) unstable; urgency=low + + * Added "ceoquery", a utility to retrieve lists of members and users. + * Added "csc-chsh" and "csc-chfn" utilities. + * Bug fix: build_gecos() did not include enough commas between fields. + * Member attributes are now added to LDAP as well as the PgSQL database. + + -- Michael Spang Sun, 18 Feb 2007 21:35:28 -0500 + +csc (0.2.2) unstable; urgency=low + + * Added "addhomedir", a utility to create home directories for new users. + * Bug fix: CEO still referenced an exception that changed name in 0.2. + * Documentation updates. + + -- Michael Spang Mon, 29 Jan 2007 01:47:31 -0500 + +csc (0.2.1) unstable; urgency=low + + * Documentation updates only + * Added docs/GIT-HOWTO and docs/INSTALLING + + -- Michael Spang Sun, 28 Jan 2007 01:24:37 -0500 + +csc (0.2) unstable; urgency=low + + * Tests added to most Python modules. + * Split configuration files. + * Added maintainer scripts to manage permissions during install and purge. + * Added functions for use by tools planned for next release (chfn, etc). + * Added support for account "repair", which will recreate LDAP entries + and principals if necessary. + * The recreate account menu option in ceo is now active. + * Replaced instances of "== None" and "!= None" with "is None" and + "is not None", respectively (thanks to: Nick Guenther). + * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther). + + -- Michael Spang Fri, 26 Jan 2007 20:10:14 -0500 + +csc (0.1) unstable; urgency=low + + * Initial Release. + + -- Michael Spang Thu, 28 Dec 2006 04:07:03 -0500 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..b8b9844 --- /dev/null +++ b/debian/control @@ -0,0 +1,59 @@ +Source: ceo +Maintainer: Systems Committee +Section: admin +Priority: optional +Standards-Version: 4.3.0 +Vcs-Git: https://git.csclub.uwaterloo.ca/public/pyceo.git +Uploaders: Max Erenberg +Build-Depends: debhelper (>= 12.1.1), + python3-dev (>= 3.7), + python3-venv (>= 3.7), + libkrb5-dev (>= 1.17), + libpq-dev (>= 11.13), + libfreetype6-dev (>= 2.2.1), + libimagequant-dev (>= 2.11.10), + libjpeg62-turbo-dev (>= 1.3.1), + liblcms2-dev (>= 2.2+git20110628), + libtiff5-dev (>= 4.0.3), + libwebp-dev (>= 0.5.1), + libwebpdemux2 (>= 0.5.1), + libwebpmux3 (>= 0.6.1-2), + zlib1g-dev (>= 1:1.1.4), + scdoc (>= 1.9) + +Package: ceo-common +Architecture: amd64 +Depends: python3 (>= 3.7), + krb5-user (>= 1.17), + libkrb5-3 (>= 1.17), + libpq5 (>= 11.13), + libfreetype6 (>= 2.2.1), + libimagequant0 (>= 2.11.10), + libjpeg62-turbo (>= 1.3.1), + liblcms2-2 (>= 2.2+git20110628), + libtiff5 (>= 4.0.3), + libwebp6 (>= 0.5.1), + libwebpdemux2 (>= 0.5.1), + libwebpmux3 (>= 0.6.1-2), + zlib1g (>= 1:1.2), + ${python3:Depends}, + ${misc:Depends} +Description: CSC Electronic Office common files + This package contains the common files for the CSC Electronic Office. + +Package: ceo +Architecture: amd64 +Replaces: ceo-python, ceo-clients +Conflicts: ceo-python, ceo-clients +Depends: ceo-common (>= 1.0.0), ${misc:Depends} +Description: CSC Electronic Office client + This package contains the command line interface and text + user interface clients for the CSC Electronic Office. + +Package: ceod +Architecture: amd64 +Replaces: ceo-daemon +Conflicts: ceo-daemon +Depends: ceo-common (>= 1.0.0), ${misc:Depends} +Description: CSC Electronic Office daemon + This package contains the daemon for the CSC Electronic Office. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..d0d81b0 --- /dev/null +++ b/debian/copyright @@ -0,0 +1,29 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Upstream-Name: pyceo +Upstream-Contact: Systems Committee +Source: https://git.csclub.uwaterloo.ca/public/pyceo.git + +Files: * +Copyright: 2021 Systems Committee +License: MIT + +License: MIT + Copyright 2021 Systems Committee + + Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights to +use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies +of the Software, and to permit persons to whom the Software is furnished to do +so, subject to the following conditions: + + The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..b0ca371 --- /dev/null +++ b/debian/rules @@ -0,0 +1,11 @@ +#!/usr/bin/make -f + +%: + dh $@ + +override_dh_strip: + +override_dh_shlibdeps: + +override_dh_systemd_start: + dh_systemd_start --no-start ceod.service diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/options b/debian/source/options new file mode 100644 index 0000000..fdd7a05 --- /dev/null +++ b/debian/source/options @@ -0,0 +1 @@ +extend-diff-ignore = "^(venv/|docs/.+\.\d$|dist/|.+\.egg-info/|build/|\.vscode/|\.idea/)|__pycache__/|(^|/)\..+" diff --git a/docs/ceo.ini.5.scd b/docs/ceo.ini.5.scd index 1b823bc..7c6012e 100644 --- a/docs/ceo.ini.5.scd +++ b/docs/ceo.ini.5.scd @@ -13,23 +13,23 @@ ceo.ini - configuration file for ceo ceo.ini is an INI file with various sections which control the behaviour of *ceo*(1). # DEFAULTS SECTION - _base_domain_++ + _base\_domain_++ The domain name of CSC. Should be set to 'csclub.uwaterloo.ca'. - _uw_domain_++ + _uw\_domain_++ The domain of UW. Should be set to 'uwaterloo.ca'. # CEOD SECTION - _admin_host_++ + _admin\_host_++ The host with the ceod/admin Kerberos key. - _database_host_++ + _database\_host_++ The host with the root password for MySQL and PostgreSQL. - _mailman_host_++ + _mailman\_host_++ The host running Mailman. - _use_https_++ + _use\_https_++ Whether to use HTTPS when connecting to ceod. Should be set to 'true'. _port_++ diff --git a/docs/ceod.ini.5.scd b/docs/ceod.ini.5.scd index e713199..d530dec 100644 --- a/docs/ceod.ini.5.scd +++ b/docs/ceod.ini.5.scd @@ -13,59 +13,59 @@ ceod.ini - configuration file for ceod ceod.ini is an INI file with various sections which control the behaviour of ceod. # DEFAULTS SECTION - _base_domain_++ + _base\_domain_++ The domain name of CSC. Should be set to 'csclub.uwaterloo.ca'. # CEOD SECTION - _admin_host_++ + _admin\_host_++ The host with the ceod/admin Kerberos key. - _fs_root_host_++ + _fs\_root\_host_++ The host without NFS root squashing. - _database_host_++ + _database\_host_++ The host with the root password for MySQL and PostgreSQL. - _mailman_host_++ + _mailman\_host_++ The host running Mailman. - _use_https_++ + _use\_https_++ Whether to use HTTPS when connecting to ceod. Should be set to 'true'. _port_++ The port on which ceod is listening. # LDAP SECTION - _admin_principal_++ + _admin\_principal_++ The Kerberos principal which ceod should use for *kadmin*(1). - _server_url_++ + _server\_url_++ The primary CSC LDAP server URL. - _sasl_realm_++ + _sasl\_realm_++ The CSC SASL realm for LDAP. Should be 'CSCLUB.UWATERLOO.CA'. - _users_base_++ + _users\_base_++ The LDAP OU where users are stored. - _groups_base_++ + _groups\_base_++ The LDAP OU where groups are stored. - _sudo_base_++ + _sudo\_base_++ The LDAP OU where *sudo*(8) roles are stored. # UWLDAP SECTION - _server_url_++ + _server\_url_++ The UW LDAP server URL. _base_++ The LDAP OU where users are stored in the UW LDAP. # MEMBERS SECTION - _min_id_++ + _min\_id_++ The minimum UID number for members. - _max_id_++ + _max\_id_++ The maximum UID number for members. _home_++ @@ -75,10 +75,10 @@ ceod.ini is an INI file with various sections which control the behaviour of ceo The skeleton directory for new members. # CLUBS SECTION - _min_id_++ + _min\_id_++ The minimum UID number for club accounts. - _max_id_++ + _max\_id_++ The maximum UID number for club accounts. _home_++ @@ -88,23 +88,23 @@ ceod.ini is an INI file with various sections which control the behaviour of ceo The skeleton directory for new club accounts. # MAIL SECTION - _smtp_url_++ + _smtp\_url_++ The SMTP URL where ceod should send emails. - _smtp_starttls_++ + _smtp\_starttls_++ Whether ceod should use STARTTLS with the SMTP server or not. # MAILMAN3 SECTION - _api_base_url_++ + _api\_base\_url_++ The base URL of the Mailman 3 API. - _api_username_++ + _api\_username_++ The username to use when authenticating to the Mailman 3 API via HTTP Basic Auth. - _api_password_++ + _api\_password_++ The password to use when authenticating to the Mailman 3 API via HTTP Basic Auth. - _new_member_list_++ + _new\_member\_list_++ The mailing list to which new members should be subscribed. # AUXILIARY GROUPS SECTION diff --git a/etc/ceo.ini b/etc/ceo.ini new file mode 100644 index 0000000..a097de0 --- /dev/null +++ b/etc/ceo.ini @@ -0,0 +1,24 @@ +[DEFAULT] +base_domain = csclub.uwaterloo.ca +uw_domain = uwaterloo.ca + +[ceod] +# this is the host with the ceod/admin Kerberos key +admin_host = phosphoric-acid +# this is the host with root access to the databases +database_host = caffeine +# this is the host which can make API requests to Mailman +mailman_host = mail +use_https = true +port = 9987 + +[positions] +required = president,vice-president,sysadmin +available = president,vice-president,treasurer,secretary, + sysadmin,cro,librarian,imapd,webmaster,offsck + +[mysql] +host = caffeine + +[postgresql] +host = caffeine diff --git a/etc/ceod.ini b/etc/ceod.ini new file mode 100644 index 0000000..0c6bc48 --- /dev/null +++ b/etc/ceod.ini @@ -0,0 +1,74 @@ +[DEFAULT] +base_domain = csclub.uwaterloo.ca + +[ceod] +# this is the host with the ceod/admin Kerberos key +admin_host = phosphoric-acid +# this is the host with NFS no_root_squash +fs_root_host = phosphoric-acid +# this is the host with root access to the databases +database_host = caffeine +# this is the host which can make API requests to Mailman +mailman_host = mail +use_https = true +port = 9987 + +[ldap] +admin_principal = ceod/admin +server_url = ldaps://auth1.csclub.uwaterloo.ca +sasl_realm = CSCLUB.UWATERLOO.CA +users_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca +groups_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca +sudo_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca + +[uwldap] +server_url = ldaps://uwldap.uwaterloo.ca +base = dc=uwaterloo,dc=ca + +[members] +min_id = 20001 +max_id = 29999 +home = /users +skel = /users/skel + +[clubs] +min_id = 30001 +max_id = 39999 +home = /users +skel = /users/skel + +[mail] +smtp_url = smtps://mail.csclub.uwaterloo.ca +smtp_starttls = false + +[mailman3] +# This is only used on the mailman_host. +api_base_url = http://localhost:8001/3.1 +api_username = REPLACE_ME +api_password = REPLACE_ME +new_member_list = csc-general + +[auxiliary groups] +syscom = office,staff,adm,src,git +office = cdrom,audio,video,www + +[auxiliary mailing lists] +syscom = syscom,syscom-alerts,syscom-moderators,packages,git,ceo +exec = exec,exec-moderators + +[positions] +required = president,vice-president,sysadmin +available = president,vice-president,treasurer,secretary, + sysadmin,cro,librarian,imapd,webmaster,offsck + +[mysql] +# This is only used on the database_host. +username = REPLACE_ME +password = REPLACE_ME +host = localhost + +[postgresql] +# This is only used on the database_host. +username = REPLACE_ME +password = REPLACE_ME +host = localhost diff --git a/etc/default/ceod b/etc/default/ceod new file mode 100644 index 0000000..60d2b0d --- /dev/null +++ b/etc/default/ceod @@ -0,0 +1 @@ +GUNICORN_ARGS="-w 2 -b 0.0.0.0:9987 --access-logfile - --certfile /etc/ssl/private/csclub-wildcard-chain.crt --keyfile /etc/ssl/private/csclub-wildcard.key" diff --git a/one_time_scripts/inetorgperson.py b/one_time_scripts/inetorgperson.py index a2c9fee..96a34c8 100644 --- a/one_time_scripts/inetorgperson.py +++ b/one_time_scripts/inetorgperson.py @@ -5,8 +5,6 @@ This is a script which converts each user record in CSC LDAP from the information from UWLDAP. GSSAPI is used for LDAP authentication, so make sure to run `kinit` first. -Also, make sure to run this script from the top-level of the git directory -(see the sys.path hack below). """ import sys import traceback @@ -16,8 +14,8 @@ import ldap3 # modify as necessary LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca" LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca" -UWLDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca" -UWLDAP_MEMBERS_BASE = "ou=UWLDAP,dc=csclub,dc=uwaterloo,dc=ca" +UWLDAP_URI = "ldaps://uwldap.uwaterloo.ca" +UWLDAP_MEMBERS_BASE = "dc=uwaterloo,dc=ca" csc_conn = ldap3.Connection( LDAP_URI, authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS, diff --git a/one_time_scripts/mail_local_addresses.py b/one_time_scripts/mail_local_addresses.py index d53b770..27cdcbd 100644 --- a/one_time_scripts/mail_local_addresses.py +++ b/one_time_scripts/mail_local_addresses.py @@ -3,8 +3,6 @@ This is a script which adds the mailLocalAddress to all members. GSSAPI is used for LDAP authentication, so make sure to run `kinit` first. -Also, make sure to run this script from the top-level of the git directory -(see the sys.path hack below). """ import ldap3 diff --git a/requirements.txt b/requirements.txt index 500a245..64c495e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,6 +2,7 @@ asciimatics==1.13.0 click==8.0.1 Flask==2.0.1 gssapi==1.6.14 +gunicorn==20.1.0 Jinja2==3.0.1 ldap3==2.9.1 requests==2.26.0 @@ -9,4 +10,4 @@ requests-gssapi==1.2.3 zope.component==5.0.1 zope.interface==5.4.0 mysql-connector-python==8.0.26 -psycopg2==2.9.1 \ No newline at end of file +psycopg2==2.9.1 diff --git a/setup.py b/setup.py new file mode 100644 index 0000000..1a0dd00 --- /dev/null +++ b/setup.py @@ -0,0 +1,32 @@ +from setuptools import setup, find_packages + +requirements = [line.strip() for line in open('requirements.txt')] +test_requirements = [line.strip() for line in open('dev-requirements.txt')] +long_description = open('README.md').read() +version = open('VERSION.txt').read().strip() + +setup( + name='ceo', + version=version, + description='CSC Electronic Office', + long_description=long_description, + long_description_content_type='text/markdown', + url='https://git.csclub.uwaterloo.ca/public/pyceo.git', + author='CSC Systems Committee', + author_email='syscom@csclub.uwaterloo.ca', + classifiers=[ + 'Programming Language :: Python :: 3', + 'License :: OSI Approved :: MIT License', + 'Operating System :: POSIX :: Linux', + 'Topic :: System :: Systems Administration', + ], + license='MIT', + keywords='csc, syscom, admin, ldap, kerberos', + packages=find_packages(), + python_requires='>=3.7', + install_requires=requirements, + tests_require=test_requirements, + entry_points={ + 'console_scripts': ['ceo=ceo.__main__:main'], + }, +)