5 years agofwtool: filterHosts fixes fwtool-ipv6 release_20180419
Clinton Ebadi [Fri, 20 Apr 2018 01:22:13 +0000 (21:22 -0400)]
fwtool: filterHosts fixes

* Use FQDN for domtool nodes in case they have IPv6 addresses
* Allow ferm variables in hosts lists (for `$WEBNODES')
* Split and :::1 rules (filterHosts will remove the one we
  don't want)

5 years agofwtool: generate rules in primary input/output chain
Clinton Ebadi [Fri, 20 Apr 2018 00:22:41 +0000 (20:22 -0400)]
fwtool: generate rules in primary input/output chain

Using a single chain integrates with Puppet better, allowing it to
manage chains by default and fwtool rules being added to a pair of
explicitly unmanaged chains. If ferm is managing the entire firewall,
there's not much clarity lost over jumping to external user chains.

Adds a comment with the username to input/output rules as
well (missing from input before).

5 years agofwtool: initial ipv6 support and puppet integration
Clinton Ebadi [Thu, 19 Apr 2018 05:27:08 +0000 (01:27 -0400)]
fwtool: initial ipv6 support and puppet integration

Not the prettiest, but it works.

Just duplicates the firewall between ipv4 and ipv6, making sure to
filter out any hostnames that aren't resolvable in each domain.

ProxiedServer doesn't work over IPv6 yet due to nodes not having that
information, will need to be fixed for proxied web services to work.

domtool-publish has a new action, firewallpuppet, that will reload the
firewall for our new setup (and fall back to just reloading ferm on
the current one). Further work is required for puppet; we are purging
unmanaged chains and will need to move all rules into a single chain
instead of jumping to a different chain per user.

5 years agofwtool: allow multiple nodes per rule
Clinton Ebadi [Thu, 19 Apr 2018 05:23:58 +0000 (01:23 -0400)]
fwtool: allow multiple nodes per rule

5 years agoworker: add runOutput function
Clinton Ebadi [Thu, 19 Apr 2018 05:20:49 +0000 (01:20 -0400)]
worker: add runOutput function

similar to shellOutput, but uses Unix.execute directly instead of
using bash, and returns both the return status and any output

5 years agodomain: export validIpv6 and validIp
Clinton Ebadi [Thu, 19 Apr 2018 05:20:10 +0000 (01:20 -0400)]
domain: export validIpv6 and validIp

5 years agohcoop: disable gibran as dns server release_20180418
Clinton Ebadi [Thu, 19 Apr 2018 02:19:32 +0000 (22:19 -0400)]
hcoop: disable gibran as dns server

server not quite ready

5 years agohcoop: new server quag.hcoop.net
Clinton Ebadi [Thu, 19 Apr 2018 02:17:10 +0000 (22:17 -0400)]
hcoop: new server quag.hcoop.net

Runs fwtool

5 years agoadd new server `gibran'
Clinton Ebadi [Tue, 17 Apr 2018 03:17:23 +0000 (23:17 -0400)]
add new server `gibran'

Enable as DNS server for admins for testing

5 years agolib/moin: update for 1.9.9, fix config order
Clinton Ebadi [Tue, 17 Apr 2018 03:16:30 +0000 (23:16 -0400)]
lib/moin: update for 1.9.9, fix config order

User provided config must go after moin ScriptAlias on "/", otherwise
user aliases will never match.

5 years agomail: fix vmailpasswd compilation warnings
Clinton Ebadi [Sat, 14 Apr 2018 04:51:42 +0000 (00:51 -0400)]
mail: fix vmailpasswd compilation warnings

5 years agoconfig: warn that changing localRoot will not work currently
Clinton Ebadi [Sat, 14 Apr 2018 04:49:10 +0000 (00:49 -0400)]
config: warn that changing localRoot will not work currently

5 years agoadd bin/ to repository
Clinton Ebadi [Sat, 14 Apr 2018 04:48:28 +0000 (00:48 -0400)]
add bin/ to repository

needed for build to succeed, exclusion was an oversight

5 years agocreate /var/domtool on install
Clinton Ebadi [Sat, 14 Apr 2018 04:26:25 +0000 (00:26 -0400)]
create /var/domtool on install

And warn that changing localRoot won't work, yet.

5 years agoadd rules to install systemd units
Clinton Ebadi [Sat, 14 Apr 2018 03:49:17 +0000 (23:49 -0400)]
add rules to install systemd units

5 years agoopenssl: fix building with openssl 1.1 and later
Clinton Ebadi [Mon, 9 Apr 2018 23:06:38 +0000 (19:06 -0400)]
openssl: fix building with openssl 1.1 and later

Patch provided by Robin Templeton <robin@hcoop.net>

6 years agoweb_apps: don't instantiate php5 in wordPress release_20170131-1
Clinton Ebadi [Wed, 1 Feb 2017 02:30:31 +0000 (21:30 -0500)]
web_apps: don't instantiate php5 in wordPress

interferes with fastcgi / hasn't been needed since the ancient times

6 years agoapache: improved fastScriptAlias
Clinton Ebadi [Wed, 1 Feb 2017 02:22:16 +0000 (21:22 -0500)]
apache: improved fastScriptAlias

Implementation using Alias + <Location> proved unworkable -- Apache
has an obnoxious property wherein Aliases are first match and
Locations are last match, causing all sorts of exciting
side-effects (e.g. having to add a `<Location>SetHandler
None</Location>' afterward for any aliases that otherwise would have

A directory + file match however works and does not cause strange
alias behavior.

Also fix not stripping trailing `/' when setting up wrapper.

6 years agoapache: pass script to fastcgi wrapper release_20170127-2
Clinton Ebadi [Tue, 31 Jan 2017 06:10:23 +0000 (01:10 -0500)]
apache: pass script to fastcgi wrapper

6 years agoapache: fix missing newline in fastScriptAlias release_20170127-1
Clinton Ebadi [Tue, 31 Jan 2017 06:08:58 +0000 (01:08 -0500)]
apache: fix missing newline in fastScriptAlias

6 years agoapache: Implement fastcgi alias support release_20170131
Clinton Ebadi [Tue, 31 Jan 2017 05:46:25 +0000 (00:46 -0500)]
apache: Implement fastcgi alias support

New directive `fastScriptAlias from to' works like `scriptAlias' but
using mod_fcgid.

6 years agowebapps/moin: inject custom config before moin config
Clinton Ebadi [Tue, 31 Jan 2017 05:50:52 +0000 (00:50 -0500)]
webapps/moin: inject custom config before moin config

In Apache land, first matching alias wins and we're aliasing `/' to
moin so injecting user config after that deprives them of the ability
to customize aliases. Reverse configuration so they stand a chance.

6 years agoapache: limit php-fastcgi to php
Clinton Ebadi [Tue, 31 Jan 2017 05:52:43 +0000 (00:52 -0500)]
apache: limit php-fastcgi to php

AddHandler to php extensions instead of making the php wrapper the
default mod_fcgid wrapper to avoid weird/insecure behavior.

Also fix `phpVersion' action.

6 years agoapache: fastcgi config core, implement php5-cgi fastcgi release_20170127
Clinton Ebadi [Sun, 29 Jan 2017 03:21:30 +0000 (22:21 -0500)]
apache: fastcgi config core, implement php5-cgi fastcgi

New fastcgi wrapper configuration to set up environment for user to
run fastcgi scripts.

Implemented support for using fastcgi with php5-cgi using version 6
since it does not exist in the real world. phpFastCgiWrapper is site
specific and should set whatever php environment variables are needed
and exec php5-cgi. This does not work with php-fpm, only old-style
php5-cgi in fastcgi mode with mod_fcgid.

todo: general fastcgi directives

6 years agoapache: core directive AllowEncodedSlashes release_20161211
Clinton Ebadi [Mon, 12 Dec 2016 04:15:05 +0000 (23:15 -0500)]
apache: core directive AllowEncodedSlashes

Allow members to set the safe NoDecode mode instead of unequivocally
rejecting URLs with encoded slashes. "On" is not supported because we do
not want to allow encoded urls to access arbitrary directories (not sure
if it's paranoia, but the apache docs discourage it).


7 years agohcoop: remove hopper from config release_20160927
Clinton Ebadi [Wed, 28 Sep 2016 02:02:08 +0000 (22:02 -0400)]
hcoop: remove hopper from config

8 years agolib: add binding for new notfound mod_rewrite flag
Clinton Ebadi [Thu, 22 Oct 2015 03:26:36 +0000 (23:26 -0400)]
lib: add binding for new notfound mod_rewrite flag

8 years agoAdd 404 to possible redirect codes in mod_rewrite
Joseph Yaworski [Wed, 21 Oct 2015 22:23:21 +0000 (18:23 -0400)]
Add 404 to possible redirect codes in mod_rewrite

8 years agohcoop: update library defaults
Clinton Ebadi [Thu, 22 Oct 2015 03:12:05 +0000 (23:12 -0400)]
hcoop: update library defaults

deleuze is no more

8 years agoRemove deleuze from configuration release_20150901
Clinton Ebadi [Wed, 2 Sep 2015 00:20:05 +0000 (20:20 -0400)]
Remove deleuze from configuration

8 years agomailman: temporarily disable suexec, allow access to public archives release_20150524
Clinton Ebadi [Sun, 24 May 2015 23:38:32 +0000 (19:38 -0400)]
mailman: temporarily disable suexec, allow access to public archives

Debian Jessie suexec + mailman aren't playing nicely with each other
-- leave suexec disabled for now. Apache 2.4 also needs "require all
granted" to allow any access to a directory -- added for the public
list archives folder.

8 years agodoc: correct apache docs link for allow/deny/order release_20150523-1
Clinton Ebadi [Sat, 23 May 2015 19:55:39 +0000 (15:55 -0400)]
doc: correct apache docs link for allow/deny/order

8 years agomod_proxy: add retry=0 to ProxyPass release_20150523
Clinton Ebadi [Sat, 23 May 2015 17:50:57 +0000 (13:50 -0400)]
mod_proxy: add retry=0 to ProxyPass

Wheezy's apache will not retry a backend for 60s after two failures,
which results in surprising behavior for members used to the behavior
on previous apache versions.

8 years agodoc: rename proxy/url to match other modules
Clinton Ebadi [Sat, 23 May 2015 17:45:47 +0000 (13:45 -0400)]
doc: rename proxy/url to match other modules

8 years agoautodoc: fix css and image paths to automatically use ssl
Clinton Ebadi [Fri, 22 May 2015 13:50:54 +0000 (09:50 -0400)]
autodoc: fix css and image paths to automatically use ssl

hcoop.net is ssl-only now and the css cannot be loaded from
http://. Use a relative path instead.

8 years agoFix typo in config release_20150515-1
Clinton Ebadi [Fri, 15 May 2015 19:37:14 +0000 (15:37 -0400)]
Fix typo in config

8 years agoMove mailman to mccarthy.hcoop.net release_20150515
Clinton Ebadi [Fri, 15 May 2015 19:33:13 +0000 (15:33 -0400)]
Move mailman to mccarthy.hcoop.net

8 years agodon't complain about $user.daemon missing a domtool dir
Clinton Ebadi [Fri, 15 May 2015 18:32:30 +0000 (14:32 -0400)]
don't complain about $user.daemon missing a domtool dir

Not committed to this yet, but current hcoop.daemon exists with no
path or other permissions simply to allow queries to domtool and
management of vmail accounts. Ignore lack of .domtool directory.

8 years agoEnable mccarthy as mailnode for all users release_20150514
Clinton Ebadi [Thu, 14 May 2015 05:04:12 +0000 (01:04 -0400)]
Enable mccarthy as mailnode for all users

8 years agoSet fritz as default DNS master, make deleuze a default slave release_20150512
Clinton Ebadi [Tue, 12 May 2015 22:30:33 +0000 (18:30 -0400)]
Set fritz as default DNS master, make deleuze a default slave

ns1.hcoop.net is moving to fritz, set as default internalMaster. Keep
deleuze as a default slave for transition as some members are using
deleuze.hcoop.net at their registrar.

8 years agoAdd mccarthy, enable for mail use by users with priv mail
Clinton Ebadi [Tue, 12 May 2015 22:24:27 +0000 (18:24 -0400)]
Add mccarthy, enable for mail use by users with priv mail

8 years agosystemd service files for server/slave
Clinton Ebadi [Sat, 18 Apr 2015 22:25:37 +0000 (18:25 -0400)]
systemd service files for server/slave

Welcome to the future, whether we like or not.

Service files should provide functionality similar to the current init
scripts. Current no service monitoring is implemented (if possible,
regularly `domtool-admin ping'ing service and restarting if no response
would be nice).

/var/log/domtool.log is gone, replaced by use of the system journal.

8 years agoAdd ProxyPreserveHost apache directive release_20150304
Clinton Ebadi [Wed, 4 Mar 2015 06:38:47 +0000 (01:38 -0500)]
Add ProxyPreserveHost apache directive
* Link other proxy directives to apache docs while I'm at it.

8 years agoAdd fritz as a dns node and enable as a slave release_20141231
Clinton Ebadi [Thu, 1 Jan 2015 04:19:51 +0000 (23:19 -0500)]
Add fritz as a dns node and enable as a slave

Master DNS will be moving to fritz in the near future.

8 years agoUpdate proxy.dtl with new proxy_reverse_target type
Clinton Ebadi [Thu, 1 Jan 2015 04:13:47 +0000 (23:13 -0500)]
Update proxy.dtl with new proxy_reverse_target type

9 years agoRelease release_20141124
Clinton Ebadi [Tue, 25 Nov 2014 01:24:33 +0000 (20:24 -0500)]

9 years agoSupport ! as a ProxyPass target
Clinton Ebadi [Tue, 25 Nov 2014 01:24:21 +0000 (20:24 -0500)]
Support ! as a ProxyPass target

Reported by notd, ProxyPass can take ! to indicate not to proxy
anything under a path. Split proxy_target and proxy_reverse_target
types since ProxyPassReverse does not allow ! as a target.

9 years agoRelease release_20141006-1
Clinton Ebadi [Tue, 7 Oct 2014 03:21:57 +0000 (23:21 -0400)]

9 years agoportal: return success/failure of changing vmail password
Clinton Ebadi [Tue, 7 Oct 2014 03:17:40 +0000 (23:17 -0400)]
portal: return success/failure of changing vmail password

I hear it's useful to tell the difference between failure and success.

9 years agoRelease release_20141006
Clinton Ebadi [Mon, 6 Oct 2014 04:13:45 +0000 (00:13 -0400)]

9 years agoapt: Handle Description-en replacing Description in apt-cache output
Clinton Ebadi [Mon, 6 Oct 2014 04:13:29 +0000 (00:13 -0400)]
apt: Handle Description-en replacing Description in apt-cache output

Ideally we'd care about languages other than English, but this works.

9 years agoRelease release_20141005
Clinton Ebadi [Mon, 6 Oct 2014 03:45:12 +0000 (23:45 -0400)]

9 years agoreset error state before generating basis library
Clinton Ebadi [Mon, 6 Oct 2014 03:44:32 +0000 (23:44 -0400)]
reset error state before generating basis library

Errors occuring during publishing in the dispatcher can leak into the
next run. Reset the error state in basis to avoid returning an empty
basis library now that it is evaluated at each MsgConfig.

This may be the wrong solution -- not sure why errors get to hang
around after a run anyway.

9 years agoscripts: Fix lazy chown syntax
Clinton Ebadi [Mon, 6 Oct 2014 03:16:04 +0000 (23:16 -0400)]
scripts: Fix lazy chown syntax

user.group doesn't work when user has a dot in it. Use : in
domtool-addcert, and update other scripts for consistency.

9 years agovmailpasswd: fix bad interpreter
Clinton Ebadi [Mon, 6 Oct 2014 03:14:38 +0000 (23:14 -0400)]
vmailpasswd: fix bad interpreter

9 years agoportal: Use readLine and not getPass when stdin is not a terminal
Clinton Ebadi [Mon, 6 Oct 2014 03:14:25 +0000 (23:14 -0400)]
portal: Use readLine and not getPass when stdin is not a terminal

It is way harder than neccessary to make the portal call
domtool-portal when it spews output. Just assume input produced via a
pipe is from a program that knows what it is doing.

9 years agoclient: function to check if stdin is a tty
Clinton Ebadi [Mon, 6 Oct 2014 03:13:06 +0000 (23:13 -0400)]
client: function to check if stdin is a tty

9 years agoClient.getPass: catch syserror inval when detecting non-tty use
Clinton Ebadi [Sun, 5 Oct 2014 00:48:39 +0000 (20:48 -0400)]
Client.getPass: catch syserror inval when detecting non-tty use

libc in Debian before Jessie returns einval instead of enotty

9 years agoRemove mccarthy as node before release release_20140509
Clinton Ebadi [Fri, 9 May 2014 09:50:34 +0000 (05:50 -0400)]
Remove mccarthy as node before release

It's not actually ready yet, and we have to release now.

9 years agoChange DefaultAliasSource to $user@hcoop.net, add defaultMailUser extern
Clinton Ebadi [Fri, 9 May 2014 09:43:31 +0000 (05:43 -0400)]
Change DefaultAliasSource to $user@hcoop.net, add defaultMailUser extern

 * The type checker can be annoying, but I am not capable of the feats
   of hacking required to make it expand externs at type checking
   time (nor am I certain that's even a good idea)
 * Feature idea: allow binding a name passed to registerFunction in
   multiple `extern val' declarations. Extern already assumes the
   extern will be correctly type, so there's no additional peril.

9 years agoClient.getpass: allow use on non-tty devices
Clinton Ebadi [Fri, 9 May 2014 08:41:29 +0000 (04:41 -0400)]
Client.getpass: allow use on non-tty devices

Warn user the password will be echoed just in case. This allows
getpass to be used with input piped to it (e.g. from the hcoop members

9 years agoAdd vmail command for changing password when you know the current password
Clinton Ebadi [Fri, 9 May 2014 08:40:31 +0000 (04:40 -0400)]
Add vmail command for changing password when you know the current password

Not 100% sure if this the best way, but the members portal was tied to
*the* mail node, which is not good to begin with, and breaks when
there are multiple mail nodes.

 * Replaces vmailpasswd.c, which is an awful program (passed password on
   the command line revealing it to `ps' and only supports a local
   filesystem userdb).
 * Restricted to users with the priv `vmail' for now, and only used by
   the portal. Not much worth in exposing generally it seems (vmail
   users cannot login to any shell machines, at least at hcoop)
 * Includes helper python program to run crypt() (better than C at
 * New function to parse the userdb into a StringMap (a better
   approach is possible, similar to the Vmail.list). Will be used to
   compile the database for Dovecot later.
 * New binary `domtool-portal' to expose replacement vmailpasswd command

9 years agoManage spamassassin preferences in shared space
Clinton Ebadi [Tue, 6 May 2014 23:54:09 +0000 (19:54 -0400)]
Manage spamassassin preferences in shared space

9 years agoDisentangle vmail from the mail node, Prepare for dovecot support
Clinton Ebadi [Tue, 6 May 2014 23:52:41 +0000 (19:52 -0400)]
Disentangle vmail from the mail node, Prepare for dovecot support

* Use new Slave.run and Connect.commandWorker where possible
* Always reload vmail db in worker, never in dispatcher
* Move non-courier-specific configuration variables to Config.Vmail.
  The master userdb is still managed using courier-authlib-userdb.
* Manage vmail db in afs, syncing as needed.

9 years agodomtool-config: print errors on stderr, return failure code, export vmaildb
Clinton Ebadi [Tue, 6 May 2014 23:20:29 +0000 (19:20 -0400)]
domtool-config: print errors on stderr, return failure code, export vmaildb

9 years agoSlave.run: run a command using Unix.execute
Clinton Ebadi [Tue, 6 May 2014 23:19:17 +0000 (19:19 -0400)]
Slave.run: run a command using Unix.execute

Similar to Slave.shell, only it passes the arguments list directly to

9 years agoConnection utilities (or: copying and pasting code is bad)
Clinton Ebadi [Tue, 6 May 2014 23:17:46 +0000 (19:17 -0400)]
Connection utilities (or: copying and pasting code is bad)

Finally get around to factoring out functions to connect to the
dispatcher, connect to a worker, and send a "simple" message to
workers (one where MsgOk/MsgError are the only valid replies).

9 years agomod_auth_kerb: Enabled KDC Verification and Negotiate
Clinton Ebadi [Fri, 2 May 2014 03:47:31 +0000 (23:47 -0400)]
mod_auth_kerb: Enabled KDC Verification and Negotiate

Every <Location> that enables kerberos auth has to include the
keytab/service declarations. Since we're verifying the KDC, allow
gssapi negotiate.

9 years agoAdd mccarthy as admin web server and mail node
Clinton Ebadi [Tue, 29 Apr 2014 07:14:11 +0000 (03:14 -0400)]
Add mccarthy as admin web server and mail node

9 years agoNew `make install_serverslave' target, don't use sudo in make install_{server,slave}
Clinton Ebadi [Tue, 29 Apr 2014 07:10:21 +0000 (03:10 -0400)]
New `make install_serverslave' target, don't use sudo in make install_{server,slave}

The dispatcher node is likely also running a worker node, and both
must be stopped before installation or else one of them segfaults when
its binary is overwritten.

9 years agoFix domtool-addcert for when user running is not in `wheel'
Clinton Ebadi [Tue, 29 Apr 2014 01:12:44 +0000 (21:12 -0400)]
Fix domtool-addcert for when user running is not in `wheel'

Domtool on deleuze assumed admin users would be in group
`wheel'. This is no longer true. Instead, make the CA readable only by
root, generate the new keys and certs into a non-afs temp directory,
and then move everything into afs afterward.

9 years agoUnify web_node/default_node, and provide a default for WebPlaces
Clinton Ebadi [Mon, 28 Apr 2014 23:23:43 +0000 (19:23 -0400)]
Unify web_node/default_node, and provide a default for WebPlaces

9 years agoFix typo in defaults
Clinton Ebadi [Mon, 28 Apr 2014 23:23:26 +0000 (19:23 -0400)]
Fix typo in defaults

9 years agoMove more bind config into domtool, remove hardcoded /var/domtool references release_20140428
Clinton Ebadi [Sun, 27 Apr 2014 07:47:41 +0000 (03:47 -0400)]
Move more bind config into domtool, remove hardcoded /var/domtool references

dns_master_node and dns_slave_nodes do not need to be defined in SML,
and were removed.

Instead of checking Config.Bind.masterNode and skipping generating a
zone file on bind slaves, don't generate the incorrect soa.conf at
all (same effect, but the correct way).

9 years agoEvaluate `val' and `var' bindings in the environment in which they were defined
Clinton Ebadi [Sun, 27 Apr 2014 02:11:24 +0000 (22:11 -0400)]
Evaluate `val' and `var' bindings in the environment in which they were defined

Until this change, you could create a program such as:

  val mine : your_domain = "mydomain.org";
  val not_mine = mine;
  val mine = "not-my-domain.org";

  dom not_mine with end;

And domtool would happily configure "not-mydomain.org" for you.

9 years agoReduce toplevel environment decls and allow them in user config
Clinton Ebadi [Sun, 27 Apr 2014 01:19:29 +0000 (21:19 -0400)]
Reduce toplevel environment decls and allow them in user config

The root of the dynamic environment is passed separately to Eval.exec'
to allow user config to re-declare dynamics (like regular vals). This
uncovered (and perpetuates) a bug with process DVal/DEnv:

  val foo = "foo";
  val bar = foo;
  val foo = "bar";

When bar is expanded, it now has the value "bar" instead of
"foo", which is wrong.

9 years agomerge toplevel-dynamic-environment
Clinton Ebadi [Sat, 26 Apr 2014 00:05:10 +0000 (20:05 -0400)]
merge toplevel-dynamic-environment

9 years agoExample config file for a single-machine development setup config-cleanup
Clinton Ebadi [Sat, 26 Apr 2014 00:01:51 +0000 (20:01 -0400)]
Example config file for a single-machine development setup

9 years agobootstrap: run server to add first user
Clinton Ebadi [Fri, 25 Apr 2014 23:25:13 +0000 (19:25 -0400)]
bootstrap: run server to add first user

9 years agodomtool-config: export truststore
Clinton Ebadi [Fri, 25 Apr 2014 23:19:48 +0000 (19:19 -0400)]
domtool-config: export truststore

9 years agoRemove Config.{dispatcher,defaultNode}
Clinton Ebadi [Fri, 25 Apr 2014 22:58:03 +0000 (18:58 -0400)]
Remove Config.{dispatcher,defaultNode}

defaultNode was punned to dispatcherName, and dispatcher relied on
other values in the file. I.e. you had to set all three to change the
dispatcher! Consolidate all into dispatcherName.

9 years agoBuild domtool-config by default
Clinton Ebadi [Fri, 25 Apr 2014 22:02:31 +0000 (18:02 -0400)]
Build domtool-config by default

9 years agoboostrap: fail on error, create cert for local machine
Clinton Ebadi [Fri, 25 Apr 2014 22:02:12 +0000 (18:02 -0400)]
boostrap: fail on error, create cert for local machine

9 years agobootstrap: ensure ca config exists before continuing
Clinton Ebadi [Fri, 25 Apr 2014 22:01:34 +0000 (18:01 -0400)]
bootstrap: ensure ca config exists before continuing

9 years agodomtool-adduser: use domtool-config to find ca
Clinton Ebadi [Fri, 25 Apr 2014 21:48:42 +0000 (17:48 -0400)]
domtool-adduser: use domtool-config to find ca

9 years agodomtool-addcert: use domtool-config, support non-afs cert/key dirs
Clinton Ebadi [Fri, 25 Apr 2014 21:32:50 +0000 (17:32 -0400)]
domtool-addcert: use domtool-config, support non-afs cert/key dirs

Removed `chown -R domtool.nogroup' calls since they are meaningless in
afs and incorrect on normal file systems. chown -R the key dir to the
user.nogroup unless `-unsafe' is passed, which allows the creation of
useless keys (the user running the script can read the key instead of
the intended user, which is ok for development).

Still needs improvement.

9 years agoscripts: use getent instead of hardcoding an afs homedir
Clinton Ebadi [Fri, 25 Apr 2014 21:10:37 +0000 (17:10 -0400)]
scripts: use getent instead of hardcoding an afs homedir

9 years agoScripts to bootstrap a development domtool environment
Clinton Ebadi [Fri, 25 Apr 2014 21:10:07 +0000 (17:10 -0400)]
Scripts to bootstrap a development domtool environment

9 years agodomtool-config: dump nodes, site domain, and certificate paths
Clinton Ebadi [Thu, 24 Apr 2014 05:39:26 +0000 (01:39 -0400)]
domtool-config: dump nodes, site domain, and certificate paths

9 years agoAdd caDir and move serialDir into Config.Bind
Clinton Ebadi [Thu, 24 Apr 2014 05:39:11 +0000 (01:39 -0400)]
Add caDir and move serialDir into Config.Bind

9 years agoInclude CONFIG_CORE signature in domtool.cfs and fix webbw build
Clinton Ebadi [Thu, 24 Apr 2014 05:38:11 +0000 (01:38 -0400)]
Include CONFIG_CORE signature in domtool.cfs and fix webbw build

9 years agoInitial domtool-config tool
Clinton Ebadi [Wed, 16 Apr 2014 17:46:33 +0000 (13:46 -0400)]
Initial domtool-config tool

Query static configuration information from domtool at run time. Will
be used for new installation bootstrap and make install.

9 years agoMakefile improvements
Clinton Ebadi [Wed, 16 Apr 2014 07:59:05 +0000 (03:59 -0400)]
Makefile improvements

* Respect CFLAGS
* Require DEBUG=1 instead of just DEBUG being set
* Add TC=1 to instruct mlton to only type check
* BUILD32, in theory, could be used to build 32-bit binaries with
  mlton on a 32-bit host, but is not working currently

9 years agoFactor path prefixes into ConfigCore structure
Clinton Ebadi [Wed, 16 Apr 2014 07:57:24 +0000 (03:57 -0400)]
Factor path prefixes into ConfigCore structure

Not fully worked out yet, but this is the first step toward making it
easier to relocate domtool.

9 years agoAdd \\ config argument to moinMoin and wordPress
Clinton Ebadi [Tue, 15 Apr 2014 04:08:46 +0000 (00:08 -0400)]
Add \\ config argument to moinMoin and wordPress

9 years agoMove domtool-server from deleuze to fritz release_20140409
Clinton Ebadi [Wed, 9 Apr 2014 22:39:57 +0000 (18:39 -0400)]
Move domtool-server from deleuze to fritz

9 years agodomtool-doc: fake privs toplevel-dynamic-environment
Clinton Ebadi [Wed, 9 Apr 2014 21:28:35 +0000 (17:28 -0400)]
domtool-doc: fake privs

With environment defaults in the basis library, permissions need to be
faked to allow typechecking of your_FOO refinement types to succeed.

9 years agoAllow faking your_{user,path,group} and homedir
Clinton Ebadi [Wed, 9 Apr 2014 21:26:59 +0000 (17:26 -0400)]
Allow faking your_{user,path,group} and homedir

Autodoc hates the your_FOO refinement types, and I see no reason why
users wouldn't want to fake these values if they are already faking
domain permissions. Additionally, set the homedir to /tmp if the user
is unset and we're faking privs.

9 years agoAnnotate defaults
Clinton Ebadi [Wed, 9 Apr 2014 21:24:28 +0000 (17:24 -0400)]
Annotate defaults

9 years agoAutodoc support for default env var declarations
Clinton Ebadi [Wed, 9 Apr 2014 21:24:02 +0000 (17:24 -0400)]
Autodoc support for default env var declarations