Permalink
Browse files

First big push, migrating from the private server.

  • Loading branch information...
1 parent a7128ba commit 896ed40649aac0d845955ba5ddf486d76555f16e @mhoye committed Aug 29, 2012
Showing 809 changed files with 125,820 additions and 2 deletions.
View
169 README.md
@@ -1,2 +1,167 @@
-Bespoke_IO
-==========
+BeSDS
+=====
+
+This is Bespoke I/O's Bespoke Software Deployment Service (BeSDS),
+a web service that builds customized .MSIs of Firefox and Thunderbird for
+internal deployment to Windows machines vial Microsoft's SMS or SCCM
+enterprise management tools.
+
+It is available from:
+
+ http://github.com/mhoye/Bespoke_IO
+
+
+The easiest way to try it out is to spin up the included VM in VirtualBox.
+It is located in /BeSDS/VM/ and runs the service on port 80. Since the
+default passwords for this service are included in that folder in
+
+ /Bespoke_IO/VM/login-info.txt
+
+You are _strongly discouraged_ from deploying this VM in an internet-facing
+capacity without changing the OS' root, databases' root and web services' admin
+passwords, as well as doing your own due-diligence security audit. Mike Hoye
+and Bespoke I/O take no responsibility for any of the (inevitable, horrible)
+consequences of your doing so.
+
+
+## Overview
+
+BeSDS is a Firefox & Thunderbird customization and deployment tool, derived
+from Mozilla's BYOB project. It is a fairly complex, multistack application,
+with a number of moving parts. Again, the easiest way to take advantage of
+BeSDS is through the included Virtualbox VM running Fedora.
+
+If you elect to install it on its own machine, the following information
+will guide you through a typical installation on a Fedora machine.
+
+## Installation
+
+Generally speaking:
+
+* Prerequisites are:
+ * MySQL 5.0+
+ * PHP 5.3+, with at least the following modules:
+ * curl, gd, mcrypt, mysql, mysqli
+ * WiX 3.0 or better
+ * A recent Wine
+ * A recent version of Python
+
+* Filesystem must have:
+ * Ensure the following directories exist and are writable by the web server:
+ * `application/cache`
+ * `application/logs`
+ * `downloads`
+ * `workspace`
+ * BeSDS expects to be in the root folder of the web server wherever it's running,
+ ( http://server/, not http://server/sub/ ). It will not work in a subfolder.
+
+* MySQL requirements are:
+ * Create a new database using the current schema:
+ * `application/config/schema-mysql/current.sql`
+ * Though `current.sql` should always contain the latest schema, changes to the list of supported
+ products are also mirrored in the modify-products.sql and modify-products-thunderbird.sql files,
+ for ease of updating.
+
+* Application config is:
+ * All under `application/config`
+ * Copy `config-local.php-dist` to `config-local.php` and edit to make installation-specific changes.
+ * The `database.local` structure should be given the MySQL credentials to access the database created in the previous step.
+ * The `database.shadow` structure should be given the same MySQL credentials as `database.local`, or configured to point at a read-only replica of `database.local`.
+ * Change the `recaptcha` settings to reflect the domain, public key, and private key data acquired from `recaptcha.net`
+ * Change the email.* settings to reflect local email environment.
+ * Set `email.driver` to 'native' if PHP itself is setup to send email
+ * Set `email.driver` to 'smtp' and update `email.options` if an external SMTP server is to be used.
+ * Set `core.display_errors` to `FALSE` to prevent verbose error messages
+ * Set `core.log_threshold` to 0 to disable logging to `application/logs`
+ * Change `core.site_domain` to the domain name of the web host, deleting the code to guess the domain name for dev servers.
+ * Copy `repacks.php-dist` to `repacks.php` and edit to make installation-specific changes.
+ * In particular, the locations of the `downloads` and `workspace` directories can be changed.
+
+* Create the admin user as follows:
+ * At the command line, execute this command from the application directory:
+ * ` php index.php util/createlogin admin someone@somewhere.com admin`
+ * Replace `someaddress@somewhere.com` with a real email address
+ * You should see output like the following:
+ * `Profile ID 1 created for 'admin' with role 'admin'`
+ * `Password: mnm518x`
+ * The last line is the temporary password for the admin account - someone should use it and change it immediately.
+
+
+Specifically, installation on a Fedora box goes as follows:
+
+1. Using the Fedora 16 DVD image (not the LiveCD iso) on an appropriately-sized
+ box. 4GB disk and 1GB RAM is a reasonable minimum size.
+
+2. Through the Fedora installer, select a "minimal install" and finish the
+ installation.
+
+3. On fedora: # yum install git /
+ httpd mysql-server /
+ php php-gd php-mcrypt php-mysql php-getext php-xml php-pear
+ p7* /
+ wine
+
+ Note that BeSDS currently requires on PHP 5.3 or earlier. A small amount
+ of code relies on a deprecated behavior that has been dropped in 5.4. This
+ will be fixed shortly.
+
+4. Install the editor of your choice, emacs, vim or nano.
+
+5. If you installed nano in step four, hang your head, for you have brought
+ shame to your family and dishonor to your clan. Sack up and learn one
+ of the other two.
+
+6. git clone http://github.com/mhoye/Bespoke_IO/
+
+7. In Bespoke_IO/application/config/mysql-schema/ you can use the quicksetup
+ script to quickly install a database called besds and a user called
+ besds_admin with the appropriate permissions. This will also install
+ a curtailed list of the available versions of Firefox and Thunderbird,
+ the most current mainline and extended support versions of each.
+
+8. Move the entire contents of the newly created Bespoke_IO folder to the
+ root folder of your web server, usually /var/www/html/ - if you
+ intend to pull directly from the git repo into production, make
+ sure to copy over the .git folder as well. Future releases will
+ have alternative branches for development and production, but at
+ the moment they do not so this approach is not recommended.
+
+ You will need to configure PHP (in /etc/php.ini) to use short tags
+ and set the time zone correctly.
+
+ You will need to modify your Apache configuration (httpd.conf) to
+ "AllowOverride All" in the appropriate place. Be advised that the
+ risks involved in doing so are your responsibility to understand
+ and accept before deployment. Likewise, on some systems your default
+ firewall configuration will need to be modified or disabled.
+
+ Again, the consequences of not knowing what you're doing here are
+ your responsibility.
+
+9. In in applications/config, copy the config-local.php-dist file
+ to config-local.php and open it up in the editor you picked that
+ wasn't nano. You will need to change the line that references the
+ core.site_domain (line 3) to be whatever you have named the box,
+ or at a minimum whatever its IP address is, for it to work. If you
+ decide to activate mail notifications, by setting that option to
+ TRUE, you also need to configure the email.options section
+ correctly.
+
+10. Finally, in the root folder of your web server, in a terminal, do this:
+
+ php index.php util/createlogin admin person@company.com admin
+
+ This will create an "admin" user on the web service, with the
+ appropriate permissions, and give you that account's password. You
+ can log in and change this at your earliest convenience.
+
+At this point, you should be able to log into BeSDS as a web service, using
+the username "admin" and the passwords step 10 provided.
+
+
+
+On a personal note, I'd like to thank Mozilla and Seneca/CDOT for the
+opportunity to work with some excellent people. It's been an honour and
+a great privilege.
+
+ - Mike Hoye, August 2012.
Binary file not shown.
@@ -0,0 +1,99 @@
+<?php
+/**
+ * Configuration for auth profiles
+ */
+$config['secret'] = 'c2Vzc2lvbl9pZHxzOjMyOiJkNmY5NTUw';
+$config['home_url'] = 'profiles/%1$s/';
+$config['cookie_name'] = 'byob_auth_profiles';
+$config['cookie_path'] = '/';
+$config['cookie_domain'] = '';
+$config['cookie_secure'] = false;
+$config['cookie_httponly'] = true;
+
+$config['base_anonymous_role'] = 'guest';
+$config['base_login_role'] = 'member';
+
+$config['roles'] = array(
+ 'guest' => 'Guest',
+ 'member' => 'Regular member',
+ 'trusted' => 'Trusted member',
+ 'editor' => 'Editor',
+ 'admin' => 'Administrator'
+);
+
+$acls = new Zend_Acl();
+$config['acls'] = $acls
+
+ ->addRole(new Zend_Acl_Role('guest'))
+ ->addRole(new Zend_Acl_Role('member'), 'guest')
+ ->addRole(new Zend_Acl_Role('trusted'), 'member')
+ ->addRole(new Zend_Acl_Role('editor'), 'member')
+ ->addRole(new Zend_Acl_Role('admin'), 'editor')
+
+ // Admins can do anything.
+ ->allow('admin')
+
+ // Search privileges
+ ->add(new Zend_Acl_Resource('search'))
+ /* ->allow('guest', 'search', array(
+ 'search_repack'
+ )) */
+ ->allow('editor', 'search', array(
+ 'search', 'approvalqueue', 'search_repack'
+ ))
+
+ // Profile privileges
+ ->add(new Zend_Acl_Resource('profiles'))
+ ->allow('member', 'profiles', array(
+ 'view_own', 'edit_own',
+ ))
+
+ // Repack privileges
+ ->add(new Zend_Acl_Resource('repacks'))
+ ->allow('guest', 'repacks', array(
+ 'view_released', 'download_released',
+ ))
+ ->allow('member', 'repacks', array(
+ 'create', 'view_own',
+ 'view_own_history', 'view_own_changes',
+ 'edit_own', 'delete_own',
+ 'release_own', 'revert_own', 'cancel_own',
+ 'makepublic_own', 'makeprivate_own',
+ 'locale_selection', 'addon_management',
+ // added by mhoye - in the BeSDS context, all users are trusted users.
+ 'approve_own', 'auto_approve_own',
+ 'addon_management_xpi_upload',
+ 'edit_distribution_ini',
+ 'certificate_management_pem_upload',
+ 'general_specs',
+ 'thunderbird_general_specs'
+
+ ))
+ ->allow('trusted', 'repacks', array(
+ 'approve_own', 'auto_approve_own'
+ ))
+ ->allow('editor', 'repacks', array(
+ 'view_unreleased', 'view_history',
+ 'view_changes', 'view_approval_queue', 'view_private',
+ 'see_failed',
+ 'distributionini', 'repackcfg', 'repacklog', 'repackjson',
+ 'edit', 'delete', 'release',
+ 'revert', 'approve', 'reject',
+ 'makepublic', 'makeprivate',
+ 'download_unreleased',
+ 'edit_distribution_ini',
+ 'addon_management_xpi_upload',
+ 'certificate_management_pem_upload',
+ 'general_specs',
+ 'thunderbird_general_specs',
+ 'thunderbird_security',
+ 'thunderbird_ntlm',
+ 'thunderbird_addons',
+ 'thunderbird_lightning',
+ 'thunderbird_chat',
+ ))
+
+ // ORM Manager admin privileges
+ ->add(new Zend_Acl_Resource('admin'))
+
+ ;
@@ -0,0 +1,32 @@
+<?php defined('SYSPATH') OR die('No direct access allowed.');
+/**
+ * @package Cache
+ *
+ * Cache settings, defined as arrays, or "groups". If no group name is
+ * used when loading the cache library, the group named "default" will be used.
+ *
+ * Each group can be used independently, and multiple groups can be used at once.
+ *
+ * Group Options:
+ * driver - Cache backend driver. Kohana comes with file, database, and memcache drivers.
+ * > File cache is fast and reliable, but requires many filesystem lookups.
+ * > Database cache can be used to cache items remotely, but is slower.
+ * > Memcache is very high performance, but prevents cache tags from being used.
+ *
+ * params - Driver parameters, specific to each driver.
+ *
+ * lifetime - Default lifetime of caches in seconds. By default caches are stored for
+ * thirty minutes. Specific lifetime can also be set when creating a new cache.
+ * Setting this to 0 will never automatically delete caches.
+ *
+ * requests - Average number of cache requests that will processed before all expired
+ * caches are deleted. This is commonly referred to as "garbage collection".
+ * Setting this to 0 or a negative number will disable automatic garbage collection.
+ */
+$config['default'] = array
+(
+ 'driver' => 'file',
+ 'params' => APPPATH.'cache',
+ 'lifetime' => 1800,
+ 'requests' => 1000
+);
@@ -0,0 +1,6 @@
+<?php
+/**
+ * Config entries applied when running build queue tasks.
+ */
+$config['core.log_threshold'] = 4;
+$config['core.display_errors'] = TRUE;
Oops, something went wrong.

0 comments on commit 896ed40

Please sign in to comment.