.gitignore

@@ -1,9 +1,21 @@
+# If you update this file, please also update the extend-diff-ignore option
+# in debian/source/options.
+
 __pycache__/
-*.pyc
 /venv/
+/dist/
+/build/
+/*.egg-info/
 .vscode/
 *.o
 *.so
 .idea/
 /docs/*.1
 /docs/*.5
+/debian/ceo/
+/debian/ceod/
+/debian/tmp/
+/debian/ceo.substvars
+/debian/files
+/debian/.debhelper/
+/debian/debhelper-build-stamp

Makefile

@@ -0,0 +1,33 @@
+SCDFILES = $(wildcard docs/*.scd)
+MANPAGES = $(patsubst docs/%.scd,docs/%,${SCDFILES})
+CEO_HOME = /var/lib/ceo
+
+all: build
+
+build: docs venv
+
+venv:
+	python3 -m venv venv && \
+	  . venv/bin/activate && \
+	  pip install -r dev-requirements.txt && \
+	  pip install -r requirements.txt && \
+	  python setup.py install
+
+install:
+	@# Prepare the virtualenv to be moved (dangerous!)
+	@# Make sure you don't have '|' in your paths
+	grep -IRl $(CURDIR)/venv venv | \
+	  xargs perl -pe 's|\Q$(CURDIR)/venv\E|$(CEO_HOME)/venv|g' -i
+	mkdir -p $(DESTDIR)$(CEO_HOME)
+	mv venv $(DESTDIR)$(CEO_HOME)
+
+docs:
+	for file in ${SCDFILES} ; do \
+	  scdoc < $$file > `echo $$file | grep -oP '.*(?=\.scd$$)'` ; \
+	done
+
+clean:
+	rm -f ${MANPAGES}
+	rm -rf venv
+
+.PHONY: all build docs clean venv install

README.md

@@ -222,3 +222,42 @@ curl --negotiate -u : --service-name ceod --delegation always \
     -d '{"uid":"test_1","cn":"Test One","given_name":"Test","sn":"One","program":"Math","terms":["s2021"]}' \
     -X POST http://phosphoric-acid:9987/api/members
 ```
+
+## Packaging
+First, I strongly recommend running the build in a Docker/Podman
+container to avoid screwing up your main system:
+```sh
+podman run -it --name pyceo-packaging -v "$PWD":"$PWD" -w "$PWD" debian:buster bash
+```
+Here are some of the prerequisites you'll need to build the deb files:
+```sh
+apt install devscripts debhelper git-buildpackage
+```
+Make sure to also install all of the packages in the 'Build-Depends' section in debian/control.
+
+Make sure you git commit your changes *before* building the packages.
+
+To build unsigned packages:
+```sh
+gbp buildpackage --git-ignore-new --git-upstream-tree=BRANCH --git-upstream-branch=master -uc -us
+```
+
+To build signed packages (for uploading), you need to have your GPG key ready, and it should also
+be in the CSC mirror keyring.
+Once you have done that, replace '-uc -us' by '-k<your_gpg_key_id>', e.g.
+```sh
+gbp buildpackage --git-ignore-new --git-upstream-tree=BRANCH --git-upstream-branch=master -k8E5568ABB0CF96BC367806ED127923BE10DA48DC
+```
+This will create a bunch of files (deb, dsc, tar.gz, etc.) in the parent directory.
+
+To clean the packages:
+```sh
+rm ../*.{xz,gz,dsc,build,buildinfo,changes,deb}
+```
+
+### Uploading
+Ask a syscom member for their dupload.conf file, and place it in your ~/.dupload.conf.
+Then, from a CSC machine, upload the changes file from the parent directory, e.g.
+```
+dupload ceo_1.0.0-buster1_amd64.changes
+```

VERSION.txt

@@ -0,0 +1 @@
+1.0.0

ceo/__main__.py

@@ -1,4 +1,3 @@
-import importlib.resources
 import os
 import socket
 import sys
@@ -17,12 +16,14 @@ def register_services():
     baseComponent = component.getGlobalSiteManager()
 
     # Config
-    # This is a hack to determine if we're in the dev env or not
-    if socket.getfqdn().endswith('.csclub.internal'):
-        with importlib.resources.path('tests', 'ceo_dev.ini') as p:
-            config_file = p.__fspath__()
+    if 'CEO_CONFIG' in os.environ:
+        config_file = os.environ['CEO_CONFIG']
     else:
-        config_file = os.environ.get('CEO_CONFIG', '/etc/csc/ceo.ini')
+        # This is a hack to determine if we're in the dev env or not
+        if socket.getfqdn().endswith('.csclub.internal'):
+            config_file = './tests/ceo_dev.ini'
+        else:
+            config_file = '/etc/csc/ceo.ini'
     cfg = Config(config_file)
     baseComponent.registerUtility(cfg, IConfig)
 

clear_cache.sh

@@ -1,3 +1,3 @@
 #!/bin/sh
-find ceo* -type d -name __pycache__ -execdir rm -r '{}' \;
+find ceo ceod ceo_common tests -type d -name __pycache__ -execdir rm -r '{}' \;
 rm -rf .pytest_cache

debian/.gitignore

@@ -0,0 +1,9 @@
+/ceo.substvars
+/ceo-common
+/ceo-clients
+/ceo-daemon
+/ceo-python
+/files
+/*.debhelper
+/*.debhelper.log
+/*.substvars

debian/ceo-common.install

@@ -0,0 +1 @@
+/var/lib/ceo

debian/ceo.install

@@ -0,0 +1 @@
+etc/ceo.ini etc/csc

debian/ceo.links

@@ -0,0 +1 @@
+/var/lib/ceo/venv/bin/ceo /usr/bin/ceo

debian/ceo.manpages

@@ -0,0 +1,2 @@
+docs/ceo.1
+docs/ceo.ini.5

debian/ceod.install

@@ -0,0 +1,2 @@
+etc/ceod.ini etc/csc
+etc/default/ceod etc/default

debian/ceod.manpages

@@ -0,0 +1 @@
+docs/ceod.ini.5

debian/ceod.postinst

@@ -0,0 +1,2 @@
+#!/bin/sh
+chmod 600 /etc/csc/ceod.ini

debian/ceod.service

@@ -0,0 +1,16 @@
+[Unit]
+Description=CSC Electronic Office daemon
+Documentation=https://git.csclub.uwaterloo.ca/public/pyceo
+Requires=network.target
+After=network.target
+
+[Service]
+Type=exec
+EnvironmentFile=/etc/default/ceod
+WorkingDirectory=/var/lib/ceo
+ExecStart=/var/lib/ceo/venv/bin/gunicorn $GUNICORN_ARGS 'ceod.api:create_app()'
+# TODO: once the mail container is no longer running in LXC, we should add
+# some security protections here, like ProtectSystem.
+
+[Install]
+WantedBy=multi-user.target

debian/changelog

@@ -0,0 +1,745 @@
+ceo (1.0.0-buster1) buster; urgency=high
+
+  * Use new ceo with python3
+
+ -- Max Erenberg <merenber@csclub.uwaterloo.ca>  Tue, 26 Oct 2021 22:20:03 -0400
+
+ceo (0.7.1-buster1) buster; urgency=medium
+
+  * Update mailman path to use virtualenv
+
+ -- Max Erenberg <merenber@csclub.uwaterloo.ca>  Tue, 18 May 2021 01:45:49 -0400
+
+ceo (0.7.0-buster1) buster; urgency=medium
+
+  * Set userPassword field in LDAP for SASL authentication
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Fri, 07 May 2021 21:44:02 -0400
+
+ceo (0.6.0-buster1.2) buster; urgency=medium
+
+  * Decrease minimum username length from 3 to 2
+
+ -- Max Erenberg <merenber@csclub.uwaterloo.ca>  Sun, 02 May 2021 18:02:31 -0400
+
+ceo (0.6.0-buster1.1) buster; urgency=medium
+
+  * Use Mailman 3 instead of Mailman 2
+
+ -- Max Erenberg <merenber@csclub.uwaterloo.ca>  Sun, 11 Apr 2021 21:54:06 -0400
+
+ceo (0.6.0-stretch1) stretch; urgency=high
+
+  * Move adduser and mail operations to phosphoric-acid due to decommissioning
+    of aspartame
+
+  * Packaging for stretch
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Sun, 21 Mar 2021 23:04:05 -0400
+
+ceo (0.6.0-buster1) buster; urgency=high
+
+  * Move adduser and mail operations to phosphoric-acid due to decommissioning
+    of aspartame
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Sun, 21 Mar 2021 22:39:05 -0400
+
+ceo (0.5.28-bionic1.1) bionic; urgency=medium
+
+  * Packaging for bionic
+
+ -- Jennifer Zhou <c7zou@csclub.uwaterloo.ca>  Sun, 21 Oct 2018 21:38:57 -0400
+
+ceo (0.5.28-buster1) buster; urgency=medium
+
+  * Package for buster
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Sun, 15 Apr 2018 14:31:08 -0400
+
+ceo (0.5.28-xenial1) xenial; urgency=medium
+
+  * Build for xenial
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Tue, 02 May 2017 00:24:45 -0400
+
+ceo (0.5.28-jessie1) jessie; urgency=medium
+
+  * Build for jessie
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Tue, 02 May 2017 00:16:31 -0400
+
+ceo (0.5.28-stretch1) stretch; urgency=medium
+
+  * Check for host (IPv4 or IPV6) or MX record when verying valid email
+    addresses
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Wed, 01 May 2017 13:07:21 -0500
+
+ceo (0.5.27-stretch1) stretch; urgency=medium
+
+  * Build for stretch
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Wed, 11 Jan 2017 16:07:21 -0500
+
+ceo (0.5.27jessie2) jessie; urgency=low
+
+  * Include library as a dependency
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Sat, 20 Feb 2016 15:54:29 -0500
+
+ceo (0.5.27trusty2) trusty; urgency=medium
+
+  * Include library as a dependency
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Sat, 20 Feb 2016 15:57:18 -0500
+
+ceo (0.5.27trusty1) trusty; urgency=high
+
+  * Resolved issue from previous release which resulted in CEO not launching
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Fri, 19 Feb 2016 23:38:41 -0500
+
+ceo (0.5.27jessie1) jessie; urgency=high
+
+  * Resolved issue from previous release which resulted in CEO not launching
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Fri, 19 Feb 2016 23:38:41 -0500
+
+ceo (0.5.27jessie) jessie; urgency=medium
+
+  * "Library" now launches "librarian"
+
+ -- Felix Bauckholt <fbauckho@csclub.uwaterloo.ca>  Fri, 19 Feb 2016 22:12:25 -0500
+
+ceo (0.5.26trusty) trusty; urgency=medium
+
+  * "Library" now launches "librarian"
+
+ -- Felix Bauckholt <fbauckho@csclub.uwaterloo.ca>  Fri, 19 Feb 2016 22:07:37 -0500
+
+ceo (0.5.26) jessie; urgency=medium
+
+  * Repackage for jessie
+  * Fix build for latest package versions
+
+ -- Zachary Seguin <ztseguin@csclub.uwaterloo.ca>  Wed, 11 Nov 2015 22:39:49 -0500
+
+ceo (0.5.25jessie0) jessie; urgency=low
+
+  * Replace mention of the safe with the cup.
+  * Remind users that club accounts are free.
+
+ -- Sean Hunt <scshunt@csclub.uwaterloo.ca>  Tue, 22 Jul 2014 14:20:16 -0400
+
+ceo (0.5.24ubuntu5) saucy; urgency=low
+
+  * Packaging for saucy.
+
+ -- Sean Hunt <scshunt@csclub.uwaterloo.ca>  Thu, 05 Dec 2013 15:59:17 -0500
+
+ceo (0.5.24jessie0) jessie; urgency=low
+
+  * Packaging for jessie.
+
+ -- Luqman Aden <laden@csclub.uwaterloo.ca>  Thu, 10 Oct 2013 21:51:26 -0400
+
+ceo (0.5.24squeeze0) oldstable; urgency=low
+
+  * Rebuild for squeeze, since a wheezy package was accepted there by accident.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Mon, 16 Sep 2013 08:33:58 -0400
+
+ceo (0.5.24) stable; urgency=low
+
+  * Fix bug introduced in Kerberos change.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Mon, 16 Sep 2013 08:28:51 -0400
+
+ceo (0.5.23) stable; urgency=low
+
+  * Stable is now wheezy; rebuild.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Sat, 07 Sep 2013 11:59:24 -0400
+
+ceo (0.5.22) stable; urgency=low
+
+  * Drop support for Kerberos LDAP backend; this is not the current CSC setup.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Sat, 07 Sep 2013 11:45:33 -0400
+
+ceo (0.5.21) testing; urgency=low
+
+  * Build with older protoc-c for compatibility with squeeze.
+
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Tue, 28 May 2013 11:14:36 -0400
+
+ceo (0.5.20) testing; urgency=low
+
+  * Work around bug in libgssapi 2.0.25 present in wheezy.
+
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Tue, 28 May 2013 10:45:09 -0400
+
+ceo (0.5.19ubuntu2) quantal; urgency=low
+
+  * Packaging for quantal.
+
+ -- Owen Michael Smith <omsmith@gwem.csclub.uwaterloo.ca>  Sat, 25 May 2013 19:46:52 -0400
+
+ceo (0.5.19ubuntu1) precise; urgency=low
+
+  * Added precise package with changes
+
+ -- Sarah Harvey <sharvey@csclub.uwaterloo.ca>  Wed, 06 Feb 2013 23:44:18 -0500
+
+ceo (0.5.19) stable; urgency=low
+
+  * Updated mail, adduser host to be aspartame, not ginseng (following filesystem migration)
+
+ -- Sarah Harvey <sharvey@csclub.uwaterloo.ca>  Wed, 06 Feb 2013 23:36:46 -0500
+
+ceo (0.5.18ubuntu1) precise; urgency=low
+
+  * Added precise package with changes.
+
+ -- Sarah Harvey <sharvey@csclub.uwaterloo.ca>  Wed, 12 Sep 2012 08:42:02 -0400
+
+ceo (0.5.18) stable; urgency=low
+
+  * Updated mailman host to be mail, not caffeine (following mail container migration)
+
+ -- Sarah Harvey <sharvey@csclub.uwaterloo.ca>  Mon, 10 Sep 2012 19:06:16 -0400
+
+ceo (0.5.17ubuntu2) precise; urgency=low
+
+  * Accidentally merged in broken changes. Fixing.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Thu, 26 Apr 2012 15:19:03 -0400
+
+ceo (0.5.17) stable; urgency=low
+
+  * Change behavior of ceod to add Kerberos principal,
+  * as opposed to changing principal password.
+
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Fri, 16 Mar 2012 15:27:35 -0400
+
+ceo (0.5.16) stable; urgency=low
+
+  * Fix CEO for CMC by allow mailman to be disabled.
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Sat, 17 Sep 2011 16:36:01 -0400
+
+ceo (0.5.14) stable; urgency=low
+
+  * Add support for sending a welcome message.
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Fri, 26 Aug 2011 00:59:08 -0400
+
+ceo (0.5.13) stable; urgency=low
+
+  * Fix Mailman path
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Mon, 09 May 2011 19:12:09 -0400
+
+ceo (0.5.12) stable; urgency=low
+
+  * Change sudoRunAs to sudoRunAsUser.
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Sun, 13 Mar 2011 03:24:30 -0400
+
+ceo (0.5.11) stable; urgency=low
+
+  * Fix library check in and search bug introduced in 0.5.9+nmu1.
+
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Fri, 04 Mar 2011 16:52:32 -0500
+
+ceo (0.5.10) stable; urgency=low
+
+  * Fix squeeze build warnings
+  * Add m4burns to debian/control
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Fri, 04 Mar 2011 00:47:09 -0500
+
+ceo (0.5.9+nmu1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Fix library book search page to display message when no books are found.
+
+ -- Marc Burns <m4burns@csclub.uwaterloo.ca>  Mon, 28 Feb 2011 13:00:24 -0500
+
+ceo (0.5.9) stable; urgency=low
+
+  * Fix build for squeeze.
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Thu, 14 Oct 2010 14:22:04 -0400
+
+ceo (0.5.8+nmu1) stable; urgency=low
+
+  * fixed bug reported by jdonland
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Sun, 26 Sep 2010 22:32:50 -0400
+
+ceo (0.5.8) stable; urgency=low
+
+  * tab support in most forms (note that the tab key is already bound for the LDAP lookup fields)
+  * new members can be added for multiple terms without going through renewal
+  * fix for the squeeze version of urwid
+  * new members are automatically added to csc-general
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Sat, 25 Sep 2010 01:04:02 -0400
+
+ceo (0.5.7+nmu4) stable; urgency=low
+
+  * Non-maintainer upload.
+  * add Office Manager position to positions list
+
+ -- Jeremy Roman <jbroman@csclub.uwaterloo.ca>  Tue, 14 Sep 2010 18:19:50 -0400
+
+ceo (0.5.7+nmu3) stable; urgency=low
+
+  * Added phpmyadmin to mysql info file generated by CEO
+
+ -- Michael Ellis <me@michaelellis.ca>  Thu, 19 Aug 2010 14:06:16 -0400
+
+ceo (0.5.7+nmu2) stable; urgency=low
+
+  * Removed the need for separate entries to manage office and syscom
+  * Added check to ensure group is valid
+
+ -- Michael Ellis <me@michaelellis.ca>  Fri, 18 Jun 2010 21:29:48 -0400
+
+ceo (0.5.7+nmu1) stable; urgency=low
+
+  * Non-maintainer upload.
+  * Removed uwdir lookup for expired accounts emailing
+
+ -- Michael Ellis <m2ellis@caffeine.csclub.uwaterloo.ca>  Tue, 18 May 2010 18:18:02 -0400
+
+ceo (0.5.7) stable; urgency=low
+
+  [ Michael Spang ]
+  * Fix expiredaccounts
+
+  [ Michael Ellis ]
+  * Reworded expired account email. Club rep accounts can be renewed for
+    free (as usual).
+
+  [ Michael Spang ]
+  * Readd quota support
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Sun, 09 May 2010 02:10:48 -0400
+
+ceo (0.5.6) stable; urgency=low
+
+  [ Michael Spang ]
+  * Fix use of freopen
+  * Fix auth for mysql database creation
+
+  [ Jeremy Brandon Roman ]
+  * added ability to use first letter of menu items
+
+  [ Michael Spang ]
+  * Remove ternary operators
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Sun, 20 Dec 2009 13:45:48 -0500
+
+ceo (0.5.5) stable; urgency=low
+
+  * Add missing dependency on python-mysql
+  * Add CLI version of mysql thing
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Mon, 02 Nov 2009 20:34:52 +0000
+
+ceo (0.5.4) stable; urgency=low
+
+  * Switch from SCTP to TCP
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Mon, 02 Nov 2009 03:04:52 +0000
+
+ceo (0.5.3) stable; urgency=low
+
+  * Fix gss error reporting bug
+  * Clarify email forwarding upon renewal
+  * Fail fast if not authenticated
+  * Encrypt all post-auth ceoc<->ceod communication
+  * Improve error handling when writing
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Sat, 24 Oct 2009 14:49:51 -0400
+
+ceo (0.5.2) stable; urgency=low
+
+  * Clarify search operation in menu
+  * Move some code
+  * Fix segfault
+  * Write mysql file to ~club
+  * Kill mathsoclist
+  * Blacklist orphaned/expired from updateprograms
+  * Add status thing
+  * Force redraw after status thing
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Wed, 16 Sep 2009 18:32:56 -0400
+
+ceo (0.5.1) stable; urgency=low
+
+  * Add mysql magic.
+  * Add email forwarding magic.
+  * Labels on the menu.
+
+ -- Michael Spang <mspang@csclub.uwaterloo.ca>  Wed, 09 Sep 2009 17:54:49 -0400
+
+ceo (0.5.0) stable; urgency=low
+
+  * Add ceo daemon.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Thu, 30 Jul 2009 00:19:42 -0400
+
+ceo (0.4.24) stable; urgency=low
+
+  * Bump standards version.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Wed, 29 Jul 2009 07:31:24 -0400
+
+ceo (0.4.23) stable; urgency=low
+
+  * CEO library now only finds books that are signed out as being overdue.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Wed, 11 Mar 2009 03:30:01 -0500
+
+ceo (0.4.22) stable; urgency=low
+
+  * CEO now closes window when it should.  (Sorry)
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Wed, 11 Mar 2009 02:25:01 -0500
+
+ceo (0.4.21) stable; urgency=low
+
+  * CEO Library can now add boox.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Wed, 11 Mar 2009 02:09:01 -0500
+
+ceo (0.4.20) stable; urgency=low
+
+  * Update kadmin headers
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Tue, 24 Feb 2009 16:08:12 -0500
+
+ceo (0.4.19) stable; urgency=low
+
+  * Rebuild for lenny.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Tue, 17 Feb 2009 22:23:30 -0500
+
+ceo (0.4.18) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Added new search function, and books now display due dates.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Wed, 29 Jan 2009 01:04:00 -0500
+
+ceo (0.4.17) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Books can now be returned!!!  Yay!
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Thu, 15 Jan 2009 23:42:00 -0500
+
+ceo (0.4.16) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Fixed error in calling of members.current
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Thu, 15 Jan 2009 22:40:00 -0500
+
+ceo (0.4.15) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Fixed incorrect usage of members.registered in library
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Thu, 15 Jan 2009 19:10:00 -0500
+
+ceo (0.4.14) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Corrected members.registered() to account for
+    non-existent members.
+  * Corrected overdue search.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Thu, 15 Jan 2009 18:40:00 -0500
+
+ceo (0.4.13) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Add user validation to library system
+  * Add search function to library
+  * Can search for overdue books.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Thu, 15 Jan 2009 17:00:00 -0500
+
+ceo (0.4.12) stable; urgency=low
+
+  [ Michael Gregson ]
+  * Rewrite library system.
+  * Support for book checkout and return on sqlobject backends
+  * We dont die when not having LDAP to connect to.
+
+ -- Michael Gregson <mgregson@csclub.uwaterloo.ca>  Wed, 14 Jan 2009 19:38:00 -0400
+
+ceo (0.4.11) stable; urgency=low
+
+  [ David Bartley ]
+  * Add library path to config
+
+  [ Nick Guenther ]
+  * library backend, initial version
+  * Library GUI is coming, but awkwardsadface
+  * CEO notifies of it's connect attempt (since if LDAP is being sad
+    then CEO hangs without any indication of why)
+  * Search works whoooo
+  * We've gone from not having a library, to having a basic library that
+    almost works! There's kinks and the code could be cleaner in places,
+    but it's a really decent start for only a day's work. yayyyy python
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Mon, 02 Jun 2008 23:49:09 -0400
+
+ceo (0.4.10) stable; urgency=low
+
+  [ David Bartley ]
+  * Always call deauth
+  * Add configurable refquota support
+
+  [ Michael Spang ]
+  * Auth as ceo/admin for zfsaddhomedir
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Wed, 28 May 2008 02:01:53 -0400
+
+ceo (0.4.9) stable; urgency=low
+
+  * Move mathsoc regex and exception userid's into config
+  * Import sys
+  * Fix help text
+  * Use refquota instead of quota
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Thu, 15 May 2008 22:14:50 -0400
+
+ceo (0.4.8) stable; urgency=low
+
+  * No point in recommending quota anymore
+  * Add help for command-line ceo
+  * Drop memberUid support; all groups use uniqueMember now
+  * Simplify help
+  * Improve help message
+  * Add mathsoclist command
+  * Add term argument to mathsoclist
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Thu, 24 Apr 2008 19:57:12 -0400
+
+ceo (0.4.7) stable; urgency=low
+
+  [ David Bartley ]
+  * Add zfsaddhomedir
+
+  [ Michael Spang ]
+  * Initialize program name in openlog
+  * Whitespace fix
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Tue, 25 Mar 2008 14:13:36 -0400
+
+ceo (0.4.6) stable; urgency=low
+
+  * Fix off-by-one error
+  * Search menu bug fix
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Sat, 15 Mar 2008 02:13:25 -0400
+
+ceo (0.4.5) stable; urgency=low
+
+  * Don't offer to update to an empty program
+  * It's doubtful that a user would need to mount a floppy disk
+  * Add library stubs and refactor menu creation
+  * Add inactive command
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Mon, 10 Mar 2008 00:35:09 -0400
+
+ceo (0.4.4) stable; urgency=low
+
+  [ David Bartley ]
+  * Added console app
+  * Install ceo.console
+  * Set params=[] by default in ldapi.search
+  * Add list_all and uid2dn; make list_* return {dn:...} instead of
+    {uid:...}
+  * Implement updateprogram (interactively updates program from uwldap)
+  * Sort memberlist
+  * Add office staff to floppy group
+  * Refactor uwldap constants
+  * Implement expired account emails
+  * Add expired-account and notify-hook to git
+  * Send to both uwdir email and csclub email
+  * Fix bug in group management
+  * Refactor console code
+
+  [ Michael Spang ]
+  * Fix magic
+  * Fix magic, really
+  * Actually do magic, tested this time
+  * Fix use of club settings in addmember
+  * Fix use of member UID range in addclub
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Fri, 25 Jan 2008 20:36:42 -0500
+
+ceo (0.4.3) stable; urgency=low
+
+  * Add cro to positions
+  * Fix typo
+  * Fix group modification code
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Tue, 08 Jan 2008 19:58:19 -0500
+
+ceo (0.4.2) stable; urgency=low
+
+  [ David Bartley ]
+  * Add password prompt
+  * Only allow 3 password attempts
+  * Remove extraneous whitespace
+  * Add tab completion for userid fields
+  * Clarify group failure
+  * Improve exception handling
+  * Improved tab-completion
+  * Add sudo entry to ldap when creating clubs
+
+  [ Michael Spang ]
+  * Reorganize build process
+  * Reorganize namespace
+  * Use python-ldap directly in members
+  * Cleanup warnings: unused imports, etc
+  * Better error handling in the gui
+  * Fix list by term and list by name
+  * Display "Connecting..." during gui startup
+  * Remove chfn and chsh and allow shell changes in the gui
+  * Enlarge the shells list
+  * Don't try to install chsh and chfn
+  * Remove python-pam dependency
+  * Remove ceoquery
+  * Add manpages and remove TODO
+  * Allow init of MemberException with no arguments
+  * Remove obsolete function ceo_add_club()
+  * POSIX ACL support in addhomedir and addclub
+  * Add club representative support
+  * Show "Rep Terms" when displaying member
+  * Conditionally shows terms
+  * Add git-buildpackage configuration
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Mon, 24 Dec 2007 13:41:27 -0500
+
+ceo (0.4.1) stable; urgency=low
+
+  * Minor fixes
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Wed, 12 Dec 2007 03:40:17 -0500
+
+ceo (0.4.0) stable; urgency=low
+
+  * New release
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Wed, 12 Dec 2007 03:07:05 -0500
+
+ceo (0.3.9) stable; urgency=low
+
+  * New release
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Mon, 10 Dec 2007 03:56:06 -0500
+
+ceo (0.3.3) stable; urgency=low
+
+  * Add club and group modify page
+  * Add sasl support
+  * Complete group and position management
+  * Remove ceo-old
+  * Fix bugs
+
+ -- David Bartley <dtbartle@csclub.uwaterloo.ca>  Wed, 21 Nov 2007 20:56:14 -0500
+
+ceo (0.3.2) unstable; urgency=low
+
+  [ Michael Spang ]
+  * Fix CEO group add for rfc2307bis
+
+  [ David Bartley ]
+  * Add 'search by group'
+  * Lookup name and program based on uwdir id
+  * Add group and position management
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Wed, 21 Nov 2007 17:21:40 -0500
+
+ceo (0.3.1) unstable; urgency=low
+
+  * addhomedir: invalidate nscd tables
+  * ceo-urwid: add create club account menuitem
+  * Add urwid to dependencies
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Fri,  5 Oct 2007 10:16:41 -0400
+
+ceo (0.3.0) unstable; urgency=low
+
+  * Add experimental urwid-based GUI
+  * Rip out studentid support
+  * Unbreak termusers in ceoquery
+  * Increase widths of UI windows
+  * PgSQL to LDAP transition
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Tue, 25 Sep 2007 04:00:10 -0400
+
+ceo (0.2.4) unstable; urgency=low
+
+  * Added csc.schema.
+  * Vim-style keybindings for CEO menus.
+  * Bug fix: call setreuid(euid, euid) in csc-chfn and csc-chsh.
+  * Bug fix: run less in "secure" mode.
+  * Renamed package to ceo.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Mon, 28 May 2007 02:05:28 -0400
+
+csc (0.2.3) unstable; urgency=low
+
+  * Added "ceoquery", a utility to retrieve lists of members and users.
+  * Added "csc-chsh" and "csc-chfn" utilities.
+  * Bug fix: build_gecos() did not include enough commas between fields.
+  * Member attributes are now added to LDAP as well as the PgSQL database.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Sun, 18 Feb 2007 21:35:28 -0500
+
+csc (0.2.2) unstable; urgency=low
+
+  * Added "addhomedir", a utility to create home directories for new users.
+  * Bug fix: CEO still referenced an exception that changed name in 0.2.
+  * Documentation updates.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Mon, 29 Jan 2007 01:47:31 -0500
+
+csc (0.2.1) unstable; urgency=low
+
+  * Documentation updates only
+  * Added docs/GIT-HOWTO and docs/INSTALLING
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Sun, 28 Jan 2007 01:24:37 -0500
+
+csc (0.2) unstable; urgency=low
+
+  * Tests added to most Python modules.
+  * Split configuration files.
+  * Added maintainer scripts to manage permissions during install and purge.
+  * Added functions for use by tools planned for next release (chfn, etc).
+  * Added support for account "repair", which will recreate LDAP entries
+    and principals if necessary.
+  * The recreate account menu option in ceo is now active.
+  * Replaced instances of "== None" and "!= None" with "is None" and
+    "is not None", respectively (thanks to: Nick Guenther).
+  * Renamed terms.valid() to terms.validate() (thanks to: Nick Guenther).
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Fri, 26 Jan 2007 20:10:14 -0500
+
+csc (0.1) unstable; urgency=low
+
+  * Initial Release.
+
+ -- Michael Spang <mspang@uwaterloo.ca>  Thu, 28 Dec 2006 04:07:03 -0500
+

debian/compat

@@ -0,0 +1 @@
+10

debian/control

@@ -0,0 +1,59 @@
+Source: ceo
+Maintainer: Systems Committee <syscom@csclub.uwaterloo.ca>
+Section: admin
+Priority: optional
+Standards-Version: 4.3.0
+Vcs-Git: https://git.csclub.uwaterloo.ca/public/pyceo.git
+Uploaders: Max Erenberg <merenber@csclub.uwaterloo.ca>
+Build-Depends: debhelper (>= 12.1.1),
+    python3-dev (>= 3.7),
+    python3-venv (>= 3.7),
+    libkrb5-dev (>= 1.17),
+    libpq-dev (>= 11.13),
+    libfreetype6-dev (>= 2.2.1),
+    libimagequant-dev (>= 2.11.10),
+    libjpeg62-turbo-dev (>= 1.3.1),
+    liblcms2-dev (>= 2.2+git20110628),
+    libtiff5-dev (>= 4.0.3),
+    libwebp-dev (>= 0.5.1),
+    libwebpdemux2 (>= 0.5.1),
+    libwebpmux3 (>= 0.6.1-2),
+    zlib1g-dev (>= 1:1.1.4),
+    scdoc (>= 1.9)
+
+Package: ceo-common
+Architecture: amd64
+Depends: python3 (>= 3.7),
+    krb5-user (>= 1.17),
+    libkrb5-3 (>= 1.17),
+    libpq5 (>= 11.13),
+    libfreetype6 (>= 2.2.1),
+    libimagequant0 (>= 2.11.10),
+    libjpeg62-turbo (>= 1.3.1),
+    liblcms2-2 (>= 2.2+git20110628),
+    libtiff5 (>= 4.0.3),
+    libwebp6 (>= 0.5.1),
+    libwebpdemux2 (>= 0.5.1),
+    libwebpmux3 (>= 0.6.1-2),
+    zlib1g (>= 1:1.2),
+    ${python3:Depends},
+    ${misc:Depends}
+Description: CSC Electronic Office common files
+ This package contains the common files for the CSC Electronic Office.
+
+Package: ceo
+Architecture: amd64
+Replaces: ceo-python, ceo-clients
+Conflicts: ceo-python, ceo-clients
+Depends: ceo-common (>= 1.0.0), ${misc:Depends}
+Description: CSC Electronic Office client
+ This package contains the command line interface and text
+ user interface clients for the CSC Electronic Office.
+
+Package: ceod
+Architecture: amd64
+Replaces: ceo-daemon
+Conflicts: ceo-daemon
+Depends: ceo-common (>= 1.0.0), ${misc:Depends}
+Description: CSC Electronic Office daemon
+ This package contains the daemon for the CSC Electronic Office.

debian/copyright

@@ -0,0 +1,29 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: pyceo
+Upstream-Contact: Systems Committee <syscom@csclub.uwaterloo.ca>
+Source: https://git.csclub.uwaterloo.ca/public/pyceo.git
+
+Files: *
+Copyright: 2021 Systems Committee <syscom@csclub.uwaterloo.ca>
+License: MIT
+
+License: MIT
+ Copyright 2021 Systems Committee
+
+ Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights to
+use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
+of the Software, and to permit persons to whom the Software is furnished to do
+so, subject to the following conditions:
+
+ The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

debian/rules

@@ -0,0 +1,11 @@
+#!/usr/bin/make -f
+
+%:
+	dh $@
+
+override_dh_strip:
+
+override_dh_shlibdeps:
+
+override_dh_systemd_start:
+	dh_systemd_start --no-start ceod.service

debian/source/format

@@ -0,0 +1 @@
+3.0 (quilt)

debian/source/options

@@ -0,0 +1 @@
+extend-diff-ignore = "^(venv/|docs/.+\.\d$|dist/|.+\.egg-info/|build/|\.vscode/|\.idea/)|__pycache__/|(^|/)\..+"

docs/ceo.ini.5.scd

@@ -13,23 +13,23 @@ ceo.ini - configuration file for ceo
 ceo.ini is an INI file with various sections which control the behaviour of *ceo*(1).
 
 # DEFAULTS SECTION
-	_base_domain_++
+	_base\_domain_++
 	The domain name of CSC. Should be set to 'csclub.uwaterloo.ca'.
 
-	_uw_domain_++
+	_uw\_domain_++
 	The domain of UW. Should be set to 'uwaterloo.ca'.
 
 # CEOD SECTION
-	_admin_host_++
+	_admin\_host_++
 	The host with the ceod/admin Kerberos key.
 
-	_database_host_++
+	_database\_host_++
 	The host with the root password for MySQL and PostgreSQL.
 
-	_mailman_host_++
+	_mailman\_host_++
 	The host running Mailman.
 
-	_use_https_++
+	_use\_https_++
 	Whether to use HTTPS when connecting to ceod. Should be set to 'true'.
 
 	_port_++

docs/ceod.ini.5.scd

@@ -13,59 +13,59 @@ ceod.ini - configuration file for ceod
 ceod.ini is an INI file with various sections which control the behaviour of ceod.
 
 # DEFAULTS SECTION
-	_base_domain_++
+	_base\_domain_++
 	The domain name of CSC. Should be set to 'csclub.uwaterloo.ca'.
 
 # CEOD SECTION
-	_admin_host_++
+	_admin\_host_++
 	The host with the ceod/admin Kerberos key.
 
-	_fs_root_host_++
+	_fs\_root\_host_++
 	The host without NFS root squashing.
 
-	_database_host_++
+	_database\_host_++
 	The host with the root password for MySQL and PostgreSQL.
 
-	_mailman_host_++
+	_mailman\_host_++
 	The host running Mailman.
 
-	_use_https_++
+	_use\_https_++
 	Whether to use HTTPS when connecting to ceod. Should be set to 'true'.
 
 	_port_++
 	The port on which ceod is listening.
 
 # LDAP SECTION
-	_admin_principal_++
+	_admin\_principal_++
 	The Kerberos principal which ceod should use for *kadmin*(1).
 
-	_server_url_++
+	_server\_url_++
 	The primary CSC LDAP server URL.
 
-	_sasl_realm_++
+	_sasl\_realm_++
 	The CSC SASL realm for LDAP. Should be 'CSCLUB.UWATERLOO.CA'.
 
-	_users_base_++
+	_users\_base_++
 	The LDAP OU where users are stored.
 
-	_groups_base_++
+	_groups\_base_++
 	The LDAP OU where groups are stored.
 
-	_sudo_base_++
+	_sudo\_base_++
 	The LDAP OU where *sudo*(8) roles are stored.
 
 # UWLDAP SECTION
-	_server_url_++
+	_server\_url_++
 	The UW LDAP server URL.
 
 	_base_++
 	The LDAP OU where users are stored in the UW LDAP.
 
 # MEMBERS SECTION
-	_min_id_++
+	_min\_id_++
 	The minimum UID number for members.
 
-	_max_id_++
+	_max\_id_++
 	The maximum UID number for members.
 
 	_home_++
@@ -75,10 +75,10 @@ ceod.ini is an INI file with various sections which control the behaviour of ceo
 	The skeleton directory for new members.
 
 # CLUBS SECTION
-	_min_id_++
+	_min\_id_++
 	The minimum UID number for club accounts.
 
-	_max_id_++
+	_max\_id_++
 	The maximum UID number for club accounts.
 
 	_home_++
@@ -88,23 +88,23 @@ ceod.ini is an INI file with various sections which control the behaviour of ceo
 	The skeleton directory for new club accounts.
 
 # MAIL SECTION
-	_smtp_url_++
+	_smtp\_url_++
 	The SMTP URL where ceod should send emails.
 
-	_smtp_starttls_++
+	_smtp\_starttls_++
 	Whether ceod should use STARTTLS with the SMTP server or not.
 
 # MAILMAN3 SECTION
-	_api_base_url_++
+	_api\_base\_url_++
 	The base URL of the Mailman 3 API.
 
-	_api_username_++
+	_api\_username_++
 	The username to use when authenticating to the Mailman 3 API via HTTP Basic Auth.
 
-	_api_password_++
+	_api\_password_++
 	The password to use when authenticating to the Mailman 3 API via HTTP Basic Auth.
 
-	_new_member_list_++
+	_new\_member\_list_++
 	The mailing list to which new members should be subscribed.
 
 # AUXILIARY GROUPS SECTION

etc/ceo.ini

@@ -0,0 +1,24 @@
+[DEFAULT]
+base_domain = csclub.uwaterloo.ca
+uw_domain = uwaterloo.ca
+
+[ceod]
+# this is the host with the ceod/admin Kerberos key
+admin_host = phosphoric-acid
+# this is the host with root access to the databases
+database_host = caffeine
+# this is the host which can make API requests to Mailman
+mailman_host = mail
+use_https = true
+port = 9987
+
+[positions]
+required = president,vice-president,sysadmin
+available = president,vice-president,treasurer,secretary,
+            sysadmin,cro,librarian,imapd,webmaster,offsck
+
+[mysql]
+host = caffeine
+
+[postgresql]
+host = caffeine

etc/ceod.ini

@@ -0,0 +1,74 @@
+[DEFAULT]
+base_domain = csclub.uwaterloo.ca
+
+[ceod]
+# this is the host with the ceod/admin Kerberos key
+admin_host = phosphoric-acid
+# this is the host with NFS no_root_squash
+fs_root_host = phosphoric-acid
+# this is the host with root access to the databases
+database_host = caffeine
+# this is the host which can make API requests to Mailman
+mailman_host = mail
+use_https = true
+port = 9987
+
+[ldap]
+admin_principal = ceod/admin
+server_url = ldaps://auth1.csclub.uwaterloo.ca
+sasl_realm = CSCLUB.UWATERLOO.CA
+users_base = ou=People,dc=csclub,dc=uwaterloo,dc=ca
+groups_base = ou=Group,dc=csclub,dc=uwaterloo,dc=ca
+sudo_base = ou=SUDOers,dc=csclub,dc=uwaterloo,dc=ca
+
+[uwldap]
+server_url = ldaps://uwldap.uwaterloo.ca
+base = dc=uwaterloo,dc=ca
+
+[members]
+min_id = 20001
+max_id = 29999
+home = /users
+skel = /users/skel
+
+[clubs]
+min_id = 30001
+max_id = 39999
+home = /users
+skel = /users/skel
+
+[mail]
+smtp_url = smtps://mail.csclub.uwaterloo.ca
+smtp_starttls = false
+
+[mailman3]
+# This is only used on the mailman_host.
+api_base_url = http://localhost:8001/3.1
+api_username = REPLACE_ME
+api_password = REPLACE_ME
+new_member_list = csc-general
+
+[auxiliary groups]
+syscom = office,staff,adm,src,git
+office = cdrom,audio,video,www
+
+[auxiliary mailing lists]
+syscom = syscom,syscom-alerts,syscom-moderators,packages,git,ceo
+exec = exec,exec-moderators
+
+[positions]
+required = president,vice-president,sysadmin
+available = president,vice-president,treasurer,secretary,
+            sysadmin,cro,librarian,imapd,webmaster,offsck
+
+[mysql]
+# This is only used on the database_host.
+username = REPLACE_ME
+password = REPLACE_ME
+host = localhost
+
+[postgresql]
+# This is only used on the database_host.
+username = REPLACE_ME
+password = REPLACE_ME
+host = localhost

etc/default/ceod

@@ -0,0 +1 @@
+GUNICORN_ARGS="-w 2 -b 0.0.0.0:9987 --access-logfile - --certfile /etc/ssl/private/csclub-wildcard-chain.crt --keyfile /etc/ssl/private/csclub-wildcard.key"

one_time_scripts/inetorgperson.py

@@ -5,8 +5,6 @@ This is a script which converts each user record in CSC LDAP from the
 information from UWLDAP.
 
 GSSAPI is used for LDAP authentication, so make sure to run `kinit` first.
-Also, make sure to run this script from the top-level of the git directory
-(see the sys.path hack below).
 """
 import sys
 import traceback
@@ -16,8 +14,8 @@ import ldap3
 # modify as necessary
 LDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
 LDAP_MEMBERS_BASE = "ou=People,dc=csclub,dc=uwaterloo,dc=ca"
-UWLDAP_URI = "ldaps://auth1.csclub.uwaterloo.ca"
-UWLDAP_MEMBERS_BASE = "ou=UWLDAP,dc=csclub,dc=uwaterloo,dc=ca"
+UWLDAP_URI = "ldaps://uwldap.uwaterloo.ca"
+UWLDAP_MEMBERS_BASE = "dc=uwaterloo,dc=ca"
 
 csc_conn = ldap3.Connection(
     LDAP_URI, authentication=ldap3.SASL, sasl_mechanism=ldap3.KERBEROS,

one_time_scripts/mail_local_addresses.py

@@ -3,8 +3,6 @@
 This is a script which adds the mailLocalAddress to all members.
 
 GSSAPI is used for LDAP authentication, so make sure to run `kinit` first.
-Also, make sure to run this script from the top-level of the git directory
-(see the sys.path hack below).
 """
 import ldap3
 

requirements.txt

@@ -2,6 +2,7 @@ asciimatics==1.13.0
 click==8.0.1
 Flask==2.0.1
 gssapi==1.6.14
+gunicorn==20.1.0
 Jinja2==3.0.1
 ldap3==2.9.1
 requests==2.26.0
@@ -9,4 +10,4 @@ requests-gssapi==1.2.3
 zope.component==5.0.1
 zope.interface==5.4.0
 mysql-connector-python==8.0.26
-psycopg2==2.9.1
+psycopg2==2.9.1

setup.py

@@ -0,0 +1,32 @@
+from setuptools import setup, find_packages
+
+requirements = [line.strip() for line in open('requirements.txt')]
+test_requirements = [line.strip() for line in open('dev-requirements.txt')]
+long_description = open('README.md').read()
+version = open('VERSION.txt').read().strip()
+
+setup(
+    name='ceo',
+    version=version,
+    description='CSC Electronic Office',
+    long_description=long_description,
+    long_description_content_type='text/markdown',
+    url='https://git.csclub.uwaterloo.ca/public/pyceo.git',
+    author='CSC Systems Committee',
+    author_email='syscom@csclub.uwaterloo.ca',
+    classifiers=[
+        'Programming Language :: Python :: 3',
+        'License :: OSI Approved :: MIT License',
+        'Operating System :: POSIX :: Linux',
+        'Topic :: System :: Systems Administration',
+    ],
+    license='MIT',
+    keywords='csc, syscom, admin, ldap, kerberos',
+    packages=find_packages(),
+    python_requires='>=3.7',
+    install_requires=requirements,
+    tests_require=test_requirements,
+    entry_points={
+        'console_scripts': ['ceo=ceo.__main__:main'],
+    },
+)