Merge branch 'fac-build'

Conflicts:
	Makefile
	facilitator/Makefile
	facilitator/facilitator-test.py
	facilitator/init.d/facilitator.in

Makefile

@@ -78,13 +78,19 @@ test: check
 check:
 	$(MAKE_CLIENT) check
 	$(PYTHON) setup-common.py test
-	cd facilitator && ./facilitator-test
-	cd proxy && ./flashproxy-test.js
+
+
+test-full: test
+	cd facilitator && \
+	  { test -x ./config.status && ./config.status || \
+	  { test -x ./configure || ./autogen.sh; } && ./configure; } \
+	  && make && make check
+	cd proxy && make test
 
 force-dist:
 	rm -rf $(DISTDIR) $(DISTDIR).zip
 
 force-dist-exe:
 	rm -rf $(DISTDIR_W32) $(DISTDIR_W32).zip $(PY2EXE_TMPDIR)
 
-.PHONY: all dist sign dist-exe sign-exe clean distclean test check force-dist force-dist-exe
+.PHONY: all dist sign dist-exe sign-exe clean distclean test check test-full force-dist force-dist-exe

facilitator/.gitignore

@@ -0,0 +1,28 @@
+# files build by autogen.sh
+/aclocal.m4
+/autom4te.cache
+/configure
+/depcomp
+/install-sh
+/missing
+/test-driver
+/Makefile.in
+
+# files built by ./configure
+/init.d/facilitator
+/init.d/facilitator-email-poller
+/init.d/facilitator-reg-daemon
+/Makefile
+/config.status
+/config.log
+
+# files built by make
+/examples/fp-facilitator.conf
+
+# files for binary-distribution
+/flashproxy-facilitator-*.tar.*
+
+# files output by test-driver
+test*.log
+*test.log
+*test.trs

facilitator/INSTALL

@@ -0,0 +1,27 @@
+Install the dependencies.
+
+	$ apt-get install make openssl python-m2crypto
+	$ apt-get install automake autoconf # if running from git
+
+Configure and install.
+
+	$ ./autogen.sh # if running from git or ./configure doesn't otherwise exist
+	$ ./configure --localstatedir=/var/local --enable-initscripts && make
+	# make pre-install install post-install
+
+This installs facilitator.cgi, facilitator, facilitator-email-poller,
+facilitator-reg-daemon, facilitator-reg, and fac.py to /usr/local/bin.
+It also installs System V init files to /etc/init.d/.
+
+The pre/post-install scripts create a user for the daemon to as, and
+sets up the initscripts in the default system runlevels. They also
+generate a RSA key in /usr/local/etc/flashproxy/reg-daemon.{key,pub}.
+
+Uninstall.
+
+	# make pre-remove uninstall post-remove
+
+This will leave behind some config files (e.g. secret keys and passwords). To
+get rid of those too, run this instead:
+
+	# make pre-purge uninstall post-purge

facilitator/Makefile.am

@@ -0,0 +1,140 @@
+# our own variables
+
+fpfacilitatoruser = @fpfacilitatoruser@
+initconfdir = @initconfdir@
+# TODO(infinity0): switch this to @cgibindir@ once we replace fac.py with
+# flashproxy-common, so that we install facilitator.cgi in the right place
+cgibindir = @bindir@
+
+# unfortunately sysvinit does not support having initscripts in /usr/local/etc
+# yet, so we have to hard code a path here. :(
+initscriptdir = /etc/init.d
+exampledir = $(docdir)/examples
+appenginedir = $(pkgdatadir)/appengine
+pkgconfdir = $(sysconfdir)/flashproxy
+appengineconfdir = $(pkgconfdir)/reg-appspot
+
+# automake PLVs
+
+dist_bin_SCRIPTS = facilitator facilitator-email-poller facilitator-reg-daemon facilitator-reg fac.py
+dist_cgibin_SCRIPTS = facilitator.cgi
+if DO_INITSCRIPTS
+initscript_SCRIPTS = init.d/facilitator init.d/facilitator-email-poller init.d/facilitator-reg-daemon
+dist_initconf_DATA = default/facilitator default/facilitator-email-poller default/facilitator-reg-daemon
+endif
+
+dist_doc_DATA = doc/appspot-howto.txt doc/facilitator-design.txt doc/email-howto.txt doc/http-howto.txt doc/server-howto.txt README
+dist_example_DATA = examples/fp-facilitator.conf examples/reg-email.pass
+dist_appengine_DATA = appengine/app.yaml appengine/config.go appengine/fp-reg.go appengine/README
+appengineconf_DATA = appengine/config.go
+CLEANFILES = examples/fp-facilitator.conf
+EXTRA_DIST = examples/fp-facilitator.conf.in $(TESTS)
+
+TESTS = facilitator-test.py
+# see http://www.gnu.org/software/automake/manual/html_node/Parallel-Test-Harness.html#index-TEST_005fEXTENSIONS
+TEST_EXTENSIONS = .py
+PY_LOG_COMPILER = $(PYTHON)
+AM_TESTS_ENVIRONMENT = PYTHONPATH='$(srcdir)'; export PYTHONPATH;
+AM_PY_LOG_FLAGS =
+
+# AC_CONFIG_FILES doesn't fully-expand directory variables
+# see http://www.gnu.org/software/automake/manual/automake.html#Scripts
+subst_vars = sed -e 's,[@]cgibindir[@],$(cgibindir),g'
+
+# our own targets
+
+examples/fp-facilitator.conf: examples/fp-facilitator.conf.in Makefile
+# mkdir needed for out-of-source build
+	mkdir -p $$(dirname "$@")
+	$(subst_vars) "$<" > "$@"
+
+# The {pre,post}-{install,remove} targets are just given as reference, and
+# ought to be separate scripts as part of your distro's installation process.
+# They are intentionally not linked to the install target since they require
+# root access and *must not be run* for fake/staged installs, e.g. when giving
+# non-standard directories to ./configure or DESTDIR to make.
+
+pre-install: meta-install-sanity install-user
+post-install: meta-install-sanity install-secrets install-symlinks install-daemon
+pre-remove: meta-install-sanity remove-daemon remove-symlinks
+post-remove: meta-install-sanity
+pre-purge: pre-remove remove-secrets
+post-purge: post-remove remove-user
+
+meta-install-sanity:
+	test "x$(DESTDIR)" = "x" || { echo >&2 \
+	  "don't run {pre,post}-{install,remove} when DESTDIR is set"; false; }
+
+install-user:
+	id -u $(fpfacilitatoruser) >/dev/null 2>&1 || { \
+	which adduser >/dev/null 2>&1 && \
+	  adduser --quiet \
+	    --system \
+	    --group \
+	    --disabled-password \
+	    --home $(sysconfdir)/flashproxy \
+	    --no-create-home \
+	    --shell /bin/false \
+	    $(fpfacilitatoruser) || \
+	  useradd \
+	    --system \
+	    --home $(sysconfdir)/flashproxy \
+	    -M \
+	    --shell /bin/false \
+	    $(fpfacilitatoruser) ; }
+
+remove-user:
+	: # deluser does actually remove the group as well
+	id -u $(fpfacilitatoruser) >/dev/null 2>&1 && { \
+	which deluser >/dev/null 2>&1 && \
+	  deluser --quiet \
+	    --system \
+	    $(fpfacilitatoruser) || \
+	  userdel \
+	    $(fpfacilitatoruser) ; } || true
+
+install-secrets:
+	test -f $(pkgconfdir)/reg-daemon.key || { \
+	  install -m 600 /dev/null $(pkgconfdir)/reg-daemon.key && \
+	  openssl genrsa 2048 | tee $(pkgconfdir)/reg-daemon.key | \
+	  openssl rsa -pubout > $(pkgconfdir)/reg-daemon.pub; }
+	test -f $(pkgconfdir)/reg-email.pass || { \
+	  install -m 600 /dev/null $(pkgconfdir)/reg-email.pass && \
+	  cat $(exampledir)/reg-email.pass > $(pkgconfdir)/reg-email.pass; }
+
+remove-secrets:
+	rm -f $(pkgconfdir)/reg-*
+
+install-symlinks:
+	for i in fp-reg.go app.yaml README; do \
+	  $(LN_S) -f $(appenginedir)/$$i $(appengineconfdir)/$$i; \
+	done
+
+remove-symlinks:
+	rm -rf $(appengineconfdir)
+
+# initscripts: assume that if the user wanted to install them, then they also
+# wanted to configure them, and that the system supports them. if this isn't the
+# case then either (a) they are doing a staged install for another system and
+# shouldn't be running {pre,post}-{install,remove} or (b) they shouldn't have
+# told us to install initscripts for their system that doesn't support it.
+
+install-daemon:
+if DO_INITSCRIPTS
+	for i in facilitator facilitator-email-poller facilitator-reg-daemon; do \
+	  update-rc.d $$i defaults; \
+	  invoke-rc.d $$i start; \
+	done
+endif
+
+remove-daemon:
+if DO_INITSCRIPTS
+	for i in facilitator facilitator-email-poller facilitator-reg-daemon; do \
+	  invoke-rc.d $$i stop; \
+	  update-rc.d $$i remove; \
+	done
+endif
+
+.PHONY: pre-install post-install pre-remove post-remove pre-purge post-purge
+.PHONY: install-user install-secrets install-symlinks install-daemon
+.PHONY: remove-user remove-secrets remove-symlinks remove-daemon

facilitator/README

@@ -1,3 +1,33 @@
-This directory contains files needed to run a flash proxy facilitator.
-Normal users don't need any of these files. For instructions on setting
-up a facilitator, see doc/facilitator-howto.txt.
+This package contains files needed to run a flashproxy facilitator.
+Normal users who just want to bypass censorship, should use the
+flashproxy-client package instead.
+
+For instructions on building/installing this package from source, see
+INSTALL. (This should only be necessary if your distro does not already
+integrate this package into its repositories.)
+
+The flashproxy config directory is installation-dependant, usually at
+/etc/flashproxy or /usr/local/etc/flashproxy. You are strongly
+recommended to keep this on encrypted storage.
+
+The main backends, facilitator and facilitator-reg-daemon, are installed
+as system services, and you should be able to configure them in the
+appropriate place for your system (e.g. /etc/default/facilitator for a
+Debian-based system using initscripts).
+
+Each installation has its own public-private keypair, stored in the
+flashproxy config directory. You will need to securely distribute the
+public key (reg-daemon.pub) to your users - e.g. by publishing it
+somewhere, signed by your own PGP key.
+
+There are three supported helper rendezvous methods: HTTP, email, and
+appspot. Each helper method may require additional manual configuration
+and might also depend on other helper methods; see the corresponding
+doc/x-howto.txt for more details. At a very minimum, you must configure
+and enable the HTTP method, since that also serves the browser proxies.
+
+For suggestions on configuring a dedicated facilitator machine, see
+doc/server-howto.txt.
+
+For documentation on the design of the facilitator components, see
+doc/facilitator-design.txt.

facilitator/appengine/README

@@ -1,11 +1,11 @@
 This is the server-side code that runs on Google App Engine for the
 "appspot" registration method.
 
-See doc/appengine-howto.txt for information about setting up an
+See doc/appspot-howto.txt for information about setting up an
 application.
 
-To run with the development server:
-$ ~/google_appengine/dev_appserver.py appengine/
+To run locally using the development server:
+$ ~/google_appengine/dev_appserver.py .
 
 To upload a new version:
-$ torify ~/google_appengine/appcfg.py update appengine/
+$ torify ~/google_appengine/appcfg.py -A $YOUR_APP_ID update .

facilitator/appengine/app.yaml

@@ -1,4 +1,5 @@
-application: fp-reg-a
+# override this with appcfg.py -A $YOUR_APP_ID
+application: facilitator-registration-example
 version: 1
 runtime: go
 api_version: go1

facilitator/appengine/config.go

@@ -0,0 +1,5 @@
+package fp_reg
+
+// host[:port] of the facilitator you want to register with
+// for example, fp-facilitator.org
+const FP_FACILITATOR = ""

facilitator/appengine/fp-reg.go

@@ -10,8 +10,6 @@ import (
 	"appengine/urlfetch"
 )
 
-const BASE = "https://fp-facilitator.org/reg/"
-
 func robotsTxtHandler(w http.ResponseWriter, r *http.Request) {
 	w.Header().Set("Content-Type", "text/plain; charset=utf-8")
 	w.Write([]byte("User-agent: *\nDisallow:\n"))
@@ -33,7 +31,7 @@ func regHandler(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	client := urlfetch.Client(appengine.NewContext(r))
-	resp, err := client.Get(BASE + blob)
+	resp, err := client.Get("https://" + FP_FACILITATOR + "/reg/" + blob)
 	if err != nil {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
@@ -51,4 +49,7 @@ func init() {
 	http.HandleFunc("/robots.txt", robotsTxtHandler)
 	http.HandleFunc("/ip", ipHandler)
 	http.HandleFunc("/reg/", regHandler)
+	if FP_FACILITATOR == "" {
+		panic("FP_FACILITATOR empty; did you forget to edit config.go?")
+	}
 }

facilitator/autogen.sh

@@ -0,0 +1,2 @@
+#!/bin/sh
+autoreconf -if

facilitator/configure.ac

@@ -0,0 +1,49 @@
+AC_PREREQ([2.68])
+AC_INIT([flashproxy-facilitator], [1.3])
+AM_INIT_AUTOMAKE([-Wall -Werror foreign])
+
+AC_ARG_VAR(fpfacilitatoruser, [the user/group for the facilitator to run as])
+fpfacilitatoruser="${fpfacilitatoruser:-fp-facilitator}"
+
+# check that we want to install initscripts. don't bother checking that they
+# are supported, since we might be doing a staged install on a different system.
+# disabled by default since it ignores ${prefix} so `make distcheck` would fail
+AC_ARG_ENABLE([initscripts],
+	[AS_HELP_STRING([--enable-initscripts],
+		[install and configure sysvinit-style initscripts (default no)])],
+	[do_initscripts=yes], [do_initscripts=])
+AM_CONDITIONAL([DO_INITSCRIPTS], [test "x$do_initscripts" = xyes])
+
+AC_ARG_VAR(initconfdir, [directory for initscripts configuration, if enabled])
+# Try to detect the appropriate conf dir. Several systems have both /etc/default
+# and /etc/sysconfig but latter is always primary.
+if test "x$do_initscripts" = xyes; then
+if test "x$initconfdir" = x; then
+AC_CHECK_FILE(/etc/conf.d, [initconfdir='$(sysconfdir)/conf.d}'], [# Gentoo/Arch
+AC_CHECK_FILE(/etc/sysconfig, [initconfdir='$(sysconfdir)/sysconfig'], [# RedHat/Fedora/Slax/Mandriva/SuSE
+AC_CHECK_FILE(/etc/default, [initconfdir='$(sysconfdir)/default'], [# Debian/Ubuntu
+AC_MSG_ERROR([could not determine system initscripts config dir; please set initconfdir manually.])])])])
+fi
+fi
+
+# Try to detect cgi-bin directory, falling back to $(libexec) if not found
+# from http://wiki.apache.org/httpd/DistrosDefaultLayout
+AC_ARG_VAR(cgibindir, [directory for CGI executables])
+if test "x$cgibindir" = x; then
+AC_CHECK_FILE(/usr/lib/cgi-bin, [cgibindir='$(libdir)/cgi-bin'], [
+AC_CHECK_FILE(/var/www/cgi-bin, [cgibindir='/var/www/cgi-bin'], [
+AC_CHECK_FILE(/srv/httpd/cgi-bin, [cgibindir='/srv/httpd/cgi-bin'], [
+AC_MSG_WARN([could not determine system CGI executables dir, using \$(libexecdir); set cgibindir to override.])
+cgibindir='$(libexecdir)'
+])])])
+fi
+
+AC_PROG_LN_S
+AM_PATH_PYTHON
+
+AC_CONFIG_FILES([Makefile
+	init.d/facilitator
+	init.d/facilitator-email-poller
+	init.d/facilitator-reg-daemon])
+
+AC_OUTPUT

facilitator/default/facilitator

@@ -0,0 +1,11 @@
+# Change to "yes" to run the service.
+RUN_DAEMON="no"
+
+# Uncomment this to log potentially sensitive information from your users.
+# This may be useful for debugging or diagnosing functional problems, but
+# should be avoided in a high-risk environment.
+#UNSAFE_LOGGING="yes"
+
+# Set the port for this service to listen on.
+# If not set, uses the default (9002).
+#PORT=9002