* [gentoo-dev] Web Application installations
@ 2003-07-23 4:13 Andrew Cowie
2003-07-23 5:17 ` Max Kalika
0 siblings, 1 reply; 9+ messages in thread
From: Andrew Cowie @ 2003-07-23 4:13 UTC (permalink / raw
To: gentoo-dev
I'm writing an ebuild to install a piece of software which is a
web-based application. Is there a The-Gentoo-Way (tm) place to put such
things?
Debian's answer to this is /var/www; Gentoo's appears to be /home/httpd,
but I'm not sure if that was just someone's idea of a good place for it,
or a practice that is expected to harden up as policy.
Or is there a setting in /etc/conf.d I should be leveraging?
AfC
--
Andrew Frederick Cowie
Operational Dynamics Consulting Pty Ltd
Australia +61 2 9977 6866 North America +1 646 270 5376
http://www.operationaldynamics.com/
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 4:13 [gentoo-dev] Web Application installations Andrew Cowie
@ 2003-07-23 5:17 ` Max Kalika
2003-07-23 6:17 ` Andrew Cowie
0 siblings, 1 reply; 9+ messages in thread
From: Max Kalika @ 2003-07-23 5:17 UTC (permalink / raw
To: Andrew Cowie, gentoo-dev
Quoting Andrew Cowie <andrew@operationaldynamics.com>:
> I'm writing an ebuild to install a piece of software which is a
> web-based application. Is there a The-Gentoo-Way (tm) place to put such
> things?
I actually have an eclass in the works to simplify this a great deal. It
is almost done and I'll post it here for review. I've ported over most of
the Horde apps to use this eclass in my local tree as an excersize and let
me tell you, installing (and upgrading) Horde is actually pleasant now.
--mk
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 5:17 ` Max Kalika
@ 2003-07-23 6:17 ` Andrew Cowie
2003-07-23 8:31 ` Robin H.Johnson
0 siblings, 1 reply; 9+ messages in thread
From: Andrew Cowie @ 2003-07-23 6:17 UTC (permalink / raw
To: gentoo-dev
On Wed, 2003-07-23 at 15:17, Max Kalika wrote:
> I've ported over most of
> the Horde apps to use this eclass in my local tree as an exercise and let
> me tell you, installing (and upgrading) Horde is actually pleasant now.
Oh, yeah, I can see that. The app I have in mind is dotProject (also a
PHP web app)
Web Application installations ARE a bit more complex than just `make
install` the program:
a) installing PHP app (ok, this is relatively straight forward - you
just unpack tarball somewhere and ta-da, but one *does* need to know
where to put it)
b) ensure you've got all the dependencies. (Yuk).
c) configure application [not so optional, but in Gentoo you are
expected to do this on your own; also applies to:]
d) install DB tables [optional, depends on which DB you're running, etc,
etc... could guess from USE flags, but who wants an app just madly
crashing around creating tables, especially when config may not be in
place and when, if an upgrade, tables all ready exist]
"Where to put it" does have slightly broader implications. Under the
machine's default DocumentRoot seems a good idea, but there are many
instances where one wants to make a separate virtual host for the
installation, or, or....
Is there a way that that can be automated too? I suspect not, without
going to something like linux-control-center or debconf or some similar
craziness]
Certainly as a first approximation, "sub directory of machine default
DocRoot" seems a not bad place to start, but I'm curious what others
think we should practice as I can think of numerous objections to this.
AfC
--
Andrew Frederick Cowie
Operational Dynamics Consulting Pty Ltd
Australia +61 2 9977 6866 North America +1 646 270 5376
http://www.operationaldynamics.com/
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 6:17 ` Andrew Cowie
@ 2003-07-23 8:31 ` Robin H.Johnson
2003-07-23 12:27 ` Don Seiler
2003-07-24 2:18 ` Aron Griffis
0 siblings, 2 replies; 9+ messages in thread
From: Robin H.Johnson @ 2003-07-23 8:31 UTC (permalink / raw
To: Andrew Cowie; +Cc: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2953 bytes --]
On Wed, Jul 23, 2003 at 04:17:40PM +1000, Andrew Cowie wrote:
> On Wed, 2003-07-23 at 15:17, Max Kalika wrote:
> > I've ported over most of the Horde apps to use this eclass in my
> > local tree as an exercise and let me tell you, installing (and
> > upgrading) Horde is actually pleasant now.
> Oh, yeah, I can see that. The app I have in mind is dotProject (also a
> PHP web app)
>
> Web Application installations ARE a bit more complex than just `make
> install` the program:
>
> a) installing PHP app (ok, this is relatively straight forward - you
> just unpack tarball somewhere and ta-da, but one *does* need to know
> where to put it)
> "Where to put it" does have slightly broader implications. Under the
> machine's default DocumentRoot seems a good idea, but there are many
> instances where one wants to make a separate virtual host for the
> installation, or, or....
> Certainly as a first approximation, "sub directory of machine default
> DocRoot" seems a not bad place to start, but I'm curious what others
> think we should practice as I can think of numerous objections to this.
After the 1.4 release (maybe before, depending on how busy I am with
work), there will be a migration of all web applications to install
somewhere like /usr/share/webapp/${P} (maybe ${PF})
You will then be able to create instances of the package by having that
/usr/share/webapp/${P} in PHP's include path, and all you do is have the
configuration files in your instance directory, enabling you to have as
many instances as you want, securely, with only one set of main files,
even accross virtual hosts.
Config files probably be in /etc/webapp/${P} which will be symlinked to
from wherever you have the instance. This is to protect them, but I am
not 100% if this will be needed with the instances.
> b) ensure you've got all the dependencies. (Yuk).
Easy with Gentoo. RDEPEND=... for most webapps.
> c) configure application [not so optional, but in Gentoo you are
> expected to do this on your own; also applies to:]
see what the phpMyAdmin ebuild does for making this REALLY good.
> d) install DB tables [optional, depends on which DB you're running, etc,
> etc... could guess from USE flags, but who wants an app just madly
> crashing around creating tables, especially when config may not be in
> place and when, if an upgrade, tables all ready exist]
Again, see the phpMyAdmin ebuild.
> Is there a way that that can be automated too? I suspect not, without
> going to something like linux-control-center or debconf or some similar
> craziness]
I don't know if you have played with zope-config, but expect something
like that for the web application setup.
--
Robin Hugh Johnson
E-Mail : robbat2@orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 8:31 ` Robin H.Johnson
@ 2003-07-23 12:27 ` Don Seiler
2003-07-23 14:12 ` Max Kalika
2003-07-24 2:18 ` Aron Griffis
1 sibling, 1 reply; 9+ messages in thread
From: Don Seiler @ 2003-07-23 12:27 UTC (permalink / raw
To: Andrew Cowie, gentoo-dev
Very interesting idea. Is there a sort of web-app herd? What about
having a net-webapp category? Anyway I definitely want to stay apprised
of any changes in this area.
Thanks,
Don.
On Wed, Jul 23, 2003 at 01:31:52AM -0700, Robin H.Johnson wrote:
> On Wed, Jul 23, 2003 at 04:17:40PM +1000, Andrew Cowie wrote:
> > On Wed, 2003-07-23 at 15:17, Max Kalika wrote:
> > > I've ported over most of the Horde apps to use this eclass in my
> > > local tree as an exercise and let me tell you, installing (and
> > > upgrading) Horde is actually pleasant now.
> > Oh, yeah, I can see that. The app I have in mind is dotProject (also a
> > PHP web app)
> >
> > Web Application installations ARE a bit more complex than just `make
> > install` the program:
> >
> > a) installing PHP app (ok, this is relatively straight forward - you
> > just unpack tarball somewhere and ta-da, but one *does* need to know
> > where to put it)
> > "Where to put it" does have slightly broader implications. Under the
> > machine's default DocumentRoot seems a good idea, but there are many
> > instances where one wants to make a separate virtual host for the
> > installation, or, or....
> > Certainly as a first approximation, "sub directory of machine default
> > DocRoot" seems a not bad place to start, but I'm curious what others
> > think we should practice as I can think of numerous objections to this.
> After the 1.4 release (maybe before, depending on how busy I am with
> work), there will be a migration of all web applications to install
> somewhere like /usr/share/webapp/${P} (maybe ${PF})
>
> You will then be able to create instances of the package by having that
> /usr/share/webapp/${P} in PHP's include path, and all you do is have the
> configuration files in your instance directory, enabling you to have as
> many instances as you want, securely, with only one set of main files,
> even accross virtual hosts.
>
> Config files probably be in /etc/webapp/${P} which will be symlinked to
> from wherever you have the instance. This is to protect them, but I am
> not 100% if this will be needed with the instances.
>
> > b) ensure you've got all the dependencies. (Yuk).
> Easy with Gentoo. RDEPEND=... for most webapps.
>
> > c) configure application [not so optional, but in Gentoo you are
> > expected to do this on your own; also applies to:]
> see what the phpMyAdmin ebuild does for making this REALLY good.
>
> > d) install DB tables [optional, depends on which DB you're running, etc,
> > etc... could guess from USE flags, but who wants an app just madly
> > crashing around creating tables, especially when config may not be in
> > place and when, if an upgrade, tables all ready exist]
> Again, see the phpMyAdmin ebuild.
>
> > Is there a way that that can be automated too? I suspect not, without
> > going to something like linux-control-center or debconf or some similar
> > craziness]
> I don't know if you have played with zope-config, but expect something
> like that for the web application setup.
>
> --
> Robin Hugh Johnson
> E-Mail : robbat2@orbis-terrarum.net
> Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
> ICQ# : 30269588 or 41961639
> GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 12:27 ` Don Seiler
@ 2003-07-23 14:12 ` Max Kalika
2003-07-23 18:07 ` Max Kalika
0 siblings, 1 reply; 9+ messages in thread
From: Max Kalika @ 2003-07-23 14:12 UTC (permalink / raw
To: Don Seiler, Andrew Cowie, gentoo-dev
Quoting Don Seiler <rizzo@gentoo.org>:
> Very interesting idea. Is there a sort of web-app herd? What about
> having a net-webapp category? Anyway I definitely want to stay apprised
> of any changes in this area.
I asked about the net-webapp category before but everyone was busy and I
didn't hear anything. I am completely for this.
In response to Robin's breakdown of how webapps are to be installed, this
is exactly what my eclass does. If you have a chance, can you please take
a look at:
<http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.eclass?r=1
..4>
The man page is here:
<http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.5.txt?r=1.
1>
And some example ebuilds are here:
<http://68.6.36.243:81/chora/co.php/portage/net-www/horde/horde-2.2.3.ebuil
d?r=1.1>
<http://68.6.36.243:81/chora/co.php/portage/net-www/horde-imp/horde-imp-3.2
..1.ebuild?r=1.1>
Both of these ebuild generate extra parameters for their individual apache
configuration blocks which look like this:
php_flag safe_mode off
php_flag magic_quotes_gpc off
php_flag magic_quotes_runtime off
php_flag register_globals off
php_flag file_uploads on
php_value upload_max_filesize 50M
php_value include_path /usr/lib/horde-pear
--mk
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 14:12 ` Max Kalika
@ 2003-07-23 18:07 ` Max Kalika
0 siblings, 0 replies; 9+ messages in thread
From: Max Kalika @ 2003-07-23 18:07 UTC (permalink / raw
To: gentoo-dev
Quoting Max Kalika <max@gentoo.org>:
Sorry folks, somehow the link copy/paste got borked. Here are correct
links...
> Eclass
http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.eclass?r=1.4
> The man page is here:
http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.5.txt?r=1.1
> And some example ebuilds are here:
http://68.6.36.243:81/chora/co.php/portage/net-www/horde/horde-2.2.3.ebuild
?r=1.1
http://68.6.36.243:81/chora/co.php/portage/net-www/horde-imp/horde-imp-3.2.
1.ebuild?r=1.1
--mk
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-23 8:31 ` Robin H.Johnson
2003-07-23 12:27 ` Don Seiler
@ 2003-07-24 2:18 ` Aron Griffis
2003-07-24 2:55 ` Robin H.Johnson
1 sibling, 1 reply; 9+ messages in thread
From: Aron Griffis @ 2003-07-24 2:18 UTC (permalink / raw
To: gentoo-dev; +Cc: Andrew Cowie
Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT]
> After the 1.4 release (maybe before, depending on how busy I am with
> work), there will be a migration of all web applications to install
> somewhere like /usr/share/webapp/${P} (maybe ${PF})
This doesn't sound right to me since /usr should be mountable read-only.
Don't many/most web applications need to be able to write to their
installation area? I personally like the Debian solution of /var/www
Aron
--
gentoo-dev@gentoo.org mailing list
^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations
2003-07-24 2:18 ` Aron Griffis
@ 2003-07-24 2:55 ` Robin H.Johnson
0 siblings, 0 replies; 9+ messages in thread
From: Robin H.Johnson @ 2003-07-24 2:55 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2436 bytes --]
On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote:
> Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT]
> > After the 1.4 release (maybe before, depending on how busy I am with
> > work), there will be a migration of all web applications to install
> > somewhere like /usr/share/webapp/${P} (maybe ${PF})
>
> This doesn't sound right to me since /usr should be mountable read-only.
> Don't many/most web applications need to be able to write to their
> installation area? I personally like the Debian solution of /var/www
I agree totally with keeping /usr read-only during normal system use.
Very few applications do write their directories, and those that do are
in the great majority of cases broken. This is because this requires that their
directories have permissions suitable for the webserver to write to
them.
ALL of /usr/share/webapp will be chown root.root, with mode 755 for
directories, and 644 for files.
Under my solution the application THINKS it is running in the instance
directory.
The key thing is this inside the .htaccess file for each instance:
php_value include_path ".:/usr/share/webapp/${P}"
Then they have whatever access to . and read-only to
/usr/share/webapp/${P}.
Say a web application requires a config file 'config.php'.
You could then have two instances
/var/www/site1/webapp/
/var/www/site2/webapp/
Where each directory contains only two files, 'config.php' and '.htaccess'.
Now even if somebody were to break in and get your PHP to run arbitrary
code, their damage would be limited to those two files (and anything
else the apache user has permissions to, which does NOT include the
actual webapp.
If you wanted to seriously customize an instance, all that would be
needed would be to copy the file from /usr/share/webapp/${P} to your
instance directory, and modify the copy in your instance directory.
In my entire time as a PHP programmer, I have seen only one instance
where an application really needed access to a local directory to write
files, and that was only because of a shortcoming in the API used, that
could not send data directly but had to build it on disk (PDF creation
stuff).
--
Robin Hugh Johnson
E-Mail : robbat2@orbis-terrarum.net
Home Page : http://www.orbis-terrarum.net/?l=people.robbat2
ICQ# : 30269588 or 41961639
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2003-07-24 2:55 UTC | newest]
Thread overview: 9+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2003-07-23 4:13 [gentoo-dev] Web Application installations Andrew Cowie
2003-07-23 5:17 ` Max Kalika
2003-07-23 6:17 ` Andrew Cowie
2003-07-23 8:31 ` Robin H.Johnson
2003-07-23 12:27 ` Don Seiler
2003-07-23 14:12 ` Max Kalika
2003-07-23 18:07 ` Max Kalika
2003-07-24 2:18 ` Aron Griffis
2003-07-24 2:55 ` Robin H.Johnson
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox