-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
First big push, migrating from the private server.
- Loading branch information
Showing
809 changed files
with
125,820 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,2 +1,167 @@ | ||
Bespoke_IO | ||
========== | ||
BeSDS | ||
===== | ||
|
||
This is Bespoke I/O's Bespoke Software Deployment Service (BeSDS), | ||
a web service that builds customized .MSIs of Firefox and Thunderbird for | ||
internal deployment to Windows machines vial Microsoft's SMS or SCCM | ||
enterprise management tools. | ||
|
||
It is available from: | ||
|
||
http://github.com/mhoye/Bespoke_IO | ||
|
||
|
||
The easiest way to try it out is to spin up the included VM in VirtualBox. | ||
It is located in /BeSDS/VM/ and runs the service on port 80. Since the | ||
default passwords for this service are included in that folder in | ||
|
||
/Bespoke_IO/VM/login-info.txt | ||
|
||
You are _strongly discouraged_ from deploying this VM in an internet-facing | ||
capacity without changing the OS' root, databases' root and web services' admin | ||
passwords, as well as doing your own due-diligence security audit. Mike Hoye | ||
and Bespoke I/O take no responsibility for any of the (inevitable, horrible) | ||
consequences of your doing so. | ||
|
||
|
||
## Overview | ||
|
||
BeSDS is a Firefox & Thunderbird customization and deployment tool, derived | ||
from Mozilla's BYOB project. It is a fairly complex, multistack application, | ||
with a number of moving parts. Again, the easiest way to take advantage of | ||
BeSDS is through the included Virtualbox VM running Fedora. | ||
|
||
If you elect to install it on its own machine, the following information | ||
will guide you through a typical installation on a Fedora machine. | ||
|
||
## Installation | ||
|
||
Generally speaking: | ||
|
||
* Prerequisites are: | ||
* MySQL 5.0+ | ||
* PHP 5.3+, with at least the following modules: | ||
* curl, gd, mcrypt, mysql, mysqli | ||
* WiX 3.0 or better | ||
* A recent Wine | ||
* A recent version of Python | ||
|
||
* Filesystem must have: | ||
* Ensure the following directories exist and are writable by the web server: | ||
* `application/cache` | ||
* `application/logs` | ||
* `downloads` | ||
* `workspace` | ||
* BeSDS expects to be in the root folder of the web server wherever it's running, | ||
( http://server/, not http://server/sub/ ). It will not work in a subfolder. | ||
|
||
* MySQL requirements are: | ||
* Create a new database using the current schema: | ||
* `application/config/schema-mysql/current.sql` | ||
* Though `current.sql` should always contain the latest schema, changes to the list of supported | ||
products are also mirrored in the modify-products.sql and modify-products-thunderbird.sql files, | ||
for ease of updating. | ||
|
||
* Application config is: | ||
* All under `application/config` | ||
* Copy `config-local.php-dist` to `config-local.php` and edit to make installation-specific changes. | ||
* The `database.local` structure should be given the MySQL credentials to access the database created in the previous step. | ||
* The `database.shadow` structure should be given the same MySQL credentials as `database.local`, or configured to point at a read-only replica of `database.local`. | ||
* Change the `recaptcha` settings to reflect the domain, public key, and private key data acquired from `recaptcha.net` | ||
* Change the email.* settings to reflect local email environment. | ||
* Set `email.driver` to 'native' if PHP itself is setup to send email | ||
* Set `email.driver` to 'smtp' and update `email.options` if an external SMTP server is to be used. | ||
* Set `core.display_errors` to `FALSE` to prevent verbose error messages | ||
* Set `core.log_threshold` to 0 to disable logging to `application/logs` | ||
* Change `core.site_domain` to the domain name of the web host, deleting the code to guess the domain name for dev servers. | ||
* Copy `repacks.php-dist` to `repacks.php` and edit to make installation-specific changes. | ||
* In particular, the locations of the `downloads` and `workspace` directories can be changed. | ||
|
||
* Create the admin user as follows: | ||
* At the command line, execute this command from the application directory: | ||
* ` php index.php util/createlogin admin someone@somewhere.com admin` | ||
* Replace `someaddress@somewhere.com` with a real email address | ||
* You should see output like the following: | ||
* `Profile ID 1 created for 'admin' with role 'admin'` | ||
* `Password: mnm518x` | ||
* The last line is the temporary password for the admin account - someone should use it and change it immediately. | ||
|
||
|
||
Specifically, installation on a Fedora box goes as follows: | ||
|
||
1. Using the Fedora 16 DVD image (not the LiveCD iso) on an appropriately-sized | ||
box. 4GB disk and 1GB RAM is a reasonable minimum size. | ||
|
||
2. Through the Fedora installer, select a "minimal install" and finish the | ||
installation. | ||
|
||
3. On fedora: # yum install git / | ||
httpd mysql-server / | ||
php php-gd php-mcrypt php-mysql php-getext php-xml php-pear | ||
p7* / | ||
wine | ||
|
||
Note that BeSDS currently requires on PHP 5.3 or earlier. A small amount | ||
of code relies on a deprecated behavior that has been dropped in 5.4. This | ||
will be fixed shortly. | ||
|
||
4. Install the editor of your choice, emacs, vim or nano. | ||
|
||
5. If you installed nano in step four, hang your head, for you have brought | ||
shame to your family and dishonor to your clan. Sack up and learn one | ||
of the other two. | ||
|
||
6. git clone http://github.com/mhoye/Bespoke_IO/ | ||
|
||
7. In Bespoke_IO/application/config/mysql-schema/ you can use the quicksetup | ||
script to quickly install a database called besds and a user called | ||
besds_admin with the appropriate permissions. This will also install | ||
a curtailed list of the available versions of Firefox and Thunderbird, | ||
the most current mainline and extended support versions of each. | ||
|
||
8. Move the entire contents of the newly created Bespoke_IO folder to the | ||
root folder of your web server, usually /var/www/html/ - if you | ||
intend to pull directly from the git repo into production, make | ||
sure to copy over the .git folder as well. Future releases will | ||
have alternative branches for development and production, but at | ||
the moment they do not so this approach is not recommended. | ||
|
||
You will need to configure PHP (in /etc/php.ini) to use short tags | ||
and set the time zone correctly. | ||
|
||
You will need to modify your Apache configuration (httpd.conf) to | ||
"AllowOverride All" in the appropriate place. Be advised that the | ||
risks involved in doing so are your responsibility to understand | ||
and accept before deployment. Likewise, on some systems your default | ||
firewall configuration will need to be modified or disabled. | ||
|
||
Again, the consequences of not knowing what you're doing here are | ||
your responsibility. | ||
|
||
9. In in applications/config, copy the config-local.php-dist file | ||
to config-local.php and open it up in the editor you picked that | ||
wasn't nano. You will need to change the line that references the | ||
core.site_domain (line 3) to be whatever you have named the box, | ||
or at a minimum whatever its IP address is, for it to work. If you | ||
decide to activate mail notifications, by setting that option to | ||
TRUE, you also need to configure the email.options section | ||
correctly. | ||
|
||
10. Finally, in the root folder of your web server, in a terminal, do this: | ||
|
||
php index.php util/createlogin admin person@company.com admin | ||
|
||
This will create an "admin" user on the web service, with the | ||
appropriate permissions, and give you that account's password. You | ||
can log in and change this at your earliest convenience. | ||
|
||
At this point, you should be able to log into BeSDS as a web service, using | ||
the username "admin" and the passwords step 10 provided. | ||
|
||
|
||
|
||
On a personal note, I'd like to thank Mozilla and Seneca/CDOT for the | ||
opportunity to work with some excellent people. It's been an honour and | ||
a great privilege. | ||
|
||
- Mike Hoye, August 2012. |
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
<?php | ||
/** | ||
* Configuration for auth profiles | ||
*/ | ||
$config['secret'] = 'c2Vzc2lvbl9pZHxzOjMyOiJkNmY5NTUw'; | ||
$config['home_url'] = 'profiles/%1$s/'; | ||
$config['cookie_name'] = 'byob_auth_profiles'; | ||
$config['cookie_path'] = '/'; | ||
$config['cookie_domain'] = ''; | ||
$config['cookie_secure'] = false; | ||
$config['cookie_httponly'] = true; | ||
|
||
$config['base_anonymous_role'] = 'guest'; | ||
$config['base_login_role'] = 'member'; | ||
|
||
$config['roles'] = array( | ||
'guest' => 'Guest', | ||
'member' => 'Regular member', | ||
'trusted' => 'Trusted member', | ||
'editor' => 'Editor', | ||
'admin' => 'Administrator' | ||
); | ||
|
||
$acls = new Zend_Acl(); | ||
$config['acls'] = $acls | ||
|
||
->addRole(new Zend_Acl_Role('guest')) | ||
->addRole(new Zend_Acl_Role('member'), 'guest') | ||
->addRole(new Zend_Acl_Role('trusted'), 'member') | ||
->addRole(new Zend_Acl_Role('editor'), 'member') | ||
->addRole(new Zend_Acl_Role('admin'), 'editor') | ||
|
||
// Admins can do anything. | ||
->allow('admin') | ||
|
||
// Search privileges | ||
->add(new Zend_Acl_Resource('search')) | ||
/* ->allow('guest', 'search', array( | ||
'search_repack' | ||
)) */ | ||
->allow('editor', 'search', array( | ||
'search', 'approvalqueue', 'search_repack' | ||
)) | ||
|
||
// Profile privileges | ||
->add(new Zend_Acl_Resource('profiles')) | ||
->allow('member', 'profiles', array( | ||
'view_own', 'edit_own', | ||
)) | ||
|
||
// Repack privileges | ||
->add(new Zend_Acl_Resource('repacks')) | ||
->allow('guest', 'repacks', array( | ||
'view_released', 'download_released', | ||
)) | ||
->allow('member', 'repacks', array( | ||
'create', 'view_own', | ||
'view_own_history', 'view_own_changes', | ||
'edit_own', 'delete_own', | ||
'release_own', 'revert_own', 'cancel_own', | ||
'makepublic_own', 'makeprivate_own', | ||
'locale_selection', 'addon_management', | ||
// added by mhoye - in the BeSDS context, all users are trusted users. | ||
'approve_own', 'auto_approve_own', | ||
'addon_management_xpi_upload', | ||
'edit_distribution_ini', | ||
'certificate_management_pem_upload', | ||
'general_specs', | ||
'thunderbird_general_specs' | ||
|
||
)) | ||
->allow('trusted', 'repacks', array( | ||
'approve_own', 'auto_approve_own' | ||
)) | ||
->allow('editor', 'repacks', array( | ||
'view_unreleased', 'view_history', | ||
'view_changes', 'view_approval_queue', 'view_private', | ||
'see_failed', | ||
'distributionini', 'repackcfg', 'repacklog', 'repackjson', | ||
'edit', 'delete', 'release', | ||
'revert', 'approve', 'reject', | ||
'makepublic', 'makeprivate', | ||
'download_unreleased', | ||
'edit_distribution_ini', | ||
'addon_management_xpi_upload', | ||
'certificate_management_pem_upload', | ||
'general_specs', | ||
'thunderbird_general_specs', | ||
'thunderbird_security', | ||
'thunderbird_ntlm', | ||
'thunderbird_addons', | ||
'thunderbird_lightning', | ||
'thunderbird_chat', | ||
)) | ||
|
||
// ORM Manager admin privileges | ||
->add(new Zend_Acl_Resource('admin')) | ||
|
||
; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
<?php defined('SYSPATH') OR die('No direct access allowed.'); | ||
/** | ||
* @package Cache | ||
* | ||
* Cache settings, defined as arrays, or "groups". If no group name is | ||
* used when loading the cache library, the group named "default" will be used. | ||
* | ||
* Each group can be used independently, and multiple groups can be used at once. | ||
* | ||
* Group Options: | ||
* driver - Cache backend driver. Kohana comes with file, database, and memcache drivers. | ||
* > File cache is fast and reliable, but requires many filesystem lookups. | ||
* > Database cache can be used to cache items remotely, but is slower. | ||
* > Memcache is very high performance, but prevents cache tags from being used. | ||
* | ||
* params - Driver parameters, specific to each driver. | ||
* | ||
* lifetime - Default lifetime of caches in seconds. By default caches are stored for | ||
* thirty minutes. Specific lifetime can also be set when creating a new cache. | ||
* Setting this to 0 will never automatically delete caches. | ||
* | ||
* requests - Average number of cache requests that will processed before all expired | ||
* caches are deleted. This is commonly referred to as "garbage collection". | ||
* Setting this to 0 or a negative number will disable automatic garbage collection. | ||
*/ | ||
$config['default'] = array | ||
( | ||
'driver' => 'file', | ||
'params' => APPPATH.'cache', | ||
'lifetime' => 1800, | ||
'requests' => 1000 | ||
); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
<?php | ||
/** | ||
* Config entries applied when running build queue tasks. | ||
*/ | ||
$config['core.log_threshold'] = 4; | ||
$config['core.display_errors'] = TRUE; |
Oops, something went wrong.