-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathDEPS.debian
120 lines (102 loc) · 5.43 KB
/
DEPS.debian
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
[ -d /var/cache/git ] || mkdir -p /var/cache/git
(cd /var/cache/git; git-clone git://github.com/fapestniegd/pkild.git)
################################################################################
# Prerequisites: (debian lenny)
apt-get install -y dh-make-perl \
libcatalyst-perl libcatalyst-modules-perl \
libcatalyst-modules-extra-perl \
libnet-ldap-perl libnet-ldap-server-perl \
libconvert-asn1-perl libmoose-perl
# The following assume you're ${CWD} is the top-level pkild app...
#cd /var/cache/git/pkild
cd /path/to/pkild
# Catalyst-Plugin-Authentication-Store-LDAP (for authentication/authorization against LDAP)
bin/cpan2deb http://backpan.perl.org/authors/id/K/KA/KARMAN/Net-LDAP-Server-Test-0.08.tar.gz
dpkg -i /opt/local/src/CPAN/libnet-ldap-server-test-perl_0.08-1_all.deb
# Building the latest Catalyst-Authentication-Store-LDAP results in:
# Content Encoding Error
# The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.
#bin/cpan2deb http://cpan.mirrors.hoobly.com/authors/id/K/KA/KARMAN/Catalyst-Authentication-Store-LDAP-1.006.tar.gz
#dpkg -i /opt/local/src/CPAN/libcatalyst-authentication-store-ldap-perl_1.006-1_all.deb
# So:
bin/cpan2deb http://backpan.perl.org/authors/id/K/KA/KARMAN/Catalyst-Authentication-Store-LDAP-0.1005.tar.gz
dpkg -i /opt/local/src/CPAN/libcatalyst-authentication-store-ldap-perl_0.1005-1_all.deb
# or
# put instructions for apt repository here...
bin/cpan2deb http://search.cpan.org/CPAN/authors/id/A/AG/AGRUNDMA/Catalyst-Plugin-RequireSSL-0.06.tar.gz
dpkg -i /opt/local/src/CPAN/libcatalyst-plugin-requiressl-perl_0.06-1_all.deb
# (you should really push these to your custom apt repo)
# Catalyst::Model::File (to access the certificates)
# included in squeeze:
# bin/cpan2deb http://search.cpan.org/CPAN/authors/id/G/GR/GRODITI/Catalyst-Component-InstancePerContext-0.001001.tar.gz
# dpkg -i /opt/local/src/CPAN/libcatalyst-component-instancepercontext-perl_0.001001-1_all.deb
bin/cpan2deb http://search.cpan.org/CPAN/authors/id/A/AS/ASH/Catalyst-Model-File-0.08.tar.gz
dpkg -i /opt/local/src/CPAN/libcatalyst-model-file-perl_0.08-1_all.deb
# copy the Config.yaml.template to Config.yaml and replace the [% LDAP_<variables> %] manally
# OR
# Create the Config.yaml from the Config.yaml.template with:
bin/secret-init # -> creates /usr/local/bin/secret where the LDAP password is cached.
bin/local_config
# Test the application with:
script/pkild_server.pl
################################################################################
# Adding to Apache
# You'll need to install the ssl server too as this application forces SSL
# The "RequireSSL: Disabling SSL redirection while running under
# Catalyst::Engine::HTTP" feature just makes it hang
################################################################################
apt-get install -y apache2-mpm-prefork libapache2-mod-perl2 \
libcatalyst-engine-apache-perl perlmagick \
libcatalyst-modules-extra-perl libcatalyst-modules-perl \
libcatalyst-perl \
libcatalyst-view-tt-perl libhtml-prototype-perl
#libcatalyst-plugin-session-fastmmap-perl \ # not in squeeze?
# Copy it to where apache will expect it to be:
#if [ ! -d /var/cache/git ];then
# mkdir -p /var/cache/git
# (cd /var/cache/git; git clone git://github.com/fapestniegd/pkild.git )
#else
# (cd /var/cache/git/pkild; git pull)
#fi
################################################################################
# apache setup (from a fresh install)
################################################################################
# if you don't have a certificate...
apt-get install -y ssl-cert
# OR
bin/gpg-init
bin/ca_tree-init
# and edit the default-ssl below appropriately
(cd /etc/apache2/sites-enabled; ln -s ../sites-available/default-ssl 001-ssl)
(cd /etc/apache2/mods-enabled; ln -s ../mods-available/ssl.load)
(cd /etc/apache2/mods-enabled; ln -s ../mods-available/ssl.conf)
################################################################################
# Just the config stuff
################################################################################
# httpd.conf (ssl and non-ssl)
# (Outside of VirtualHost block (main section))
PerlSwitches -I/var/cache/git/pkild/lib
PerlModule pkild
#<VirtualHost..>
<Location /pkild>
SetHandler modperl
PerlResponseHandler pkild
</Location>
#</VirtualHost..>
# to forward to /pkild/ if /pkild is given
mkdir /var/www/pkild
# bounce it
/etc/init.d/apache2 restart
# You will also need to set the permissions on the root_dir defined in dirconfig.yaml
# such that it's writeable by the uid that apache runs as.
mkdir -p /var/lib/pkild/certificate_authority/
chown www-data:www-data /var/lib/pkild/certificate_authority/
# if not, apache creates it creates it as root: /*FIXME*/
################################################################################
# Thoughts
################################################################################
Create:
Root Certificate Authority
Intermediate Certificate Authority
host_certificate
Intermediate Certificate Authority