Bug 660446 - Luci package neither well maintainable wrt external files (cross-references, values integrity etc.) nor it forms compact/self-contained Python package
Summary: Luci package neither well maintainable wrt external files (cross-references, ...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: luci
Version: 14
Hardware: Unspecified
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jan Pokorný [poki]
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 660895 661123 661137 661248 661260 661375 661386 661498 661508
TreeView+ depends on / blocked
 
Reported: 2010-12-06 19:41 UTC by Jan Pokorný [poki]
Modified: 2010-12-16 18:44 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-12-13 19:36:07 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Bugzilla 660895 0 medium CLOSED Luci is missing logrotate configuration file (rpmlint: log-files-without-logrotate warning) 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661123 0 low CLOSED Luci has config. options that are taken into account while using SASL2 hardcoded while the config. file may be used inst... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661137 0 medium CLOSED Luci configuration files are fragmented into luci.ini and who.ini which is not desired wrt maintainability 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661248 0 medium CLOSED Luci stores run-time data (pid file, cache and sessions data) into /var/lib/luci but /var/run/luci would be more appropr... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661260 0 medium CLOSED Initscript needs some changes to enhance its behaviour, stop rpmlint reporting an error and generally to get it closer t... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661375 0 low CLOSED Luci should make best effort to limit number of warnings connected with self-signed certificate (although warning that t... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661386 0 low CLOSED (RFE) Luci is missing a separated config. file (e.g. /etc/sysconfig/luci) serving for user configuration (luci.ini not p... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661498 0 medium CLOSED Luci creates its specific user/group but they are assigned with concrete ID which is furthermore from a bad range (conve... 2021-02-22 00:41:40 UTC
Red Hat Bugzilla 661508 0 medium CLOSED (RFE) Allow user-configurable period of inactivity after which authenticated session will timeout in luci 2021-02-22 00:41:40 UTC


Description Jan Pokorný [poki] 2010-12-06 19:41:06 UTC 
The fix for this has nothing to do with the provided functionality, it only makes the whole package better maintainable and also provides the possibility to distribute luci as a native Python package (it was originally aimed to be distributable only as RPM so it combined both Python [setuptools] and non-Python worlds [make, sed, install, ...]).
Comment 1 Jan Pokorný [poki] 2010-12-07 14:26:50 UTC 
This should be partially fixed in http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=5b78325596c716055c9c1e64bc4387d4d8fa3ba7

Note that this is only a first step in merging with pkg-update branch which contains more changes related to luci packaging, external files etc. so the rest of these changes will be filed as separated consequent bugs and commited of separated consequent patches.
Comment 2 Jan Pokorný [poki] 2010-12-07 14:53:11 UTC 
I forgot to mention in the message for that commit another changes that have
been made:

- everything sounding like "lucipam" changed respectively to identifiers
  sounding like "sasl2auth" as the original term was a bit misleading
  (rationale: PAM mechanism presumably lies at the very backend of what this
   module uses -- it uses SASL2 library to connecte to saslauthd service and
   if this service is configured in expected way [which is the default on Fedora
   and RHEL 6], the PAM authentication will be used indirectly via this chain)
- implicit patch added and included in the spec file, that ez_setup.py module
  is not used if setuptools Python package not present
  (rationale: while ez_setup can be convenient for people using native Python
  package directly [that's why this is kept in raw sources], it is not desired
  to have anything incl. setuptools ad-hoc downloaded and installed while
  preparing system package [setuptools is in BuildRequires anyway])
Comment 3 Jan Pokorný [poki] 2010-12-08 11:43:01 UTC 
Another change not mentioned in the commit message:

- self-managed certificate no longer stored as two separated files (public
  certificate itself [cacert.pem] and private key [privkey.pem]) +
  concatenation of them in the "combined" PEM file (host.pem) -- now
  only this "combined" file is stored and used which remains fully
  compatible with what luci uses wrt certificates
  - ssl.wrap_socket: supports this "combined" file at least since
    Python 2.6 for which this ability was documented first (but may work
    also for previous versions and this just hadn't been documented for
    them)
  - server (paste) seems to support only this "combined" file (as PEM)

- to bring more light to the matter, this illustration was used in
  irc discussion:

  content(privkey.pem)=A, content(cacert.pem)=B, content(host.pem)=AB;
  using "wrap_socket(certfile=cacert.pem, keyfile=privkey.pem, ...)"
  is semantically equivalent to "wrap_socket(certfile=host.pem, ...)"
Comment 4 Jan Pokorný [poki] 2010-12-08 19:58:48 UTC 
Another change not mentioned before:

- COPYING licence file renewed with fresh version of GPLv2 as obtained
  using 'wget http://www.gnu.org/licenses/gpl-2.0.txt'
  (original version contained strange unprintable characters, a bit
  different address [presumably no longer actual], ...)
Comment 5 Jan Pokorný [poki] 2010-12-08 22:26:18 UTC 
Commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=1026ec43fed3f95bf8a2e902d696016e42c08b14 contains any remaining change from pkg-update and hence is finishing the whole sequence of bugs (see "blocks" field) and respective commits in order to move whole bunch of changes that were made first separately on pkg-update branch of upstream git repo.

(This separation was used to isolate often rapid changes forth and back to stable master branch).
Comment 6 Jan Pokorný [poki] 2010-12-11 12:48:04 UTC 
To test this, there are far too many little things that can be groupped
into these classes:

- ability to prepare correct RPM package
  - this has already been proved to work, but any problem with this
    (such as non-existing file declared in %files section in spec or
    a file completely missing in built RPM so the luci installed from it
    won't run) may still occur, but most of this would be reported by the
    build tools so no active testing necessary (beside the test whether
    installed luci will run)

- files that are created during the first start of luci should be checked
  (in the phase luci is running) for their attributes and ownership,
  especially these:
  - /var/lib/luci/etc/luci.ini:   rw-r----- luci luci
  - /var/lib/luci/data/luci.db:   rw-r----- luci luci
  - /var/lib/luci/certs/host.pem: rw------- luci luci
  - /var/log/luci/luci.log:       rw-r----- luci luci
  - /var/run/luci/cache:          rwxr-x--- luci luci
  - /var/run/luci/sessions:       rwxr-x--- luci luci

On the whole, after installation from such a new RPM based on changes
connected with this bug, luci is expected to have no issue with its start
(especially this phase could fail for many reasons as this part was
partially reworked) and stop (and also with its run, indeed).
Comment 7 Jan Pokorný [poki] 2010-12-16 18:44:40 UTC 
Only a note if this bug is ever manipulated again (e.g. copying for RHEL), there was a small edit in setup.py with commit http://git.fedorahosted.org/git/?p=luci.git;a=commit;h=e432ade2757c0fab9ac4b9e2822c6e63f9897fd9 that should be considered as indivisible part of already stated fixes.
Note You need to log in before you can comment on or make changes to this bug.