* [gentoo-dev] Web Application installations @ 2003-07-23 4:13 Andrew Cowie 2003-07-23 5:17 ` Max Kalika 0 siblings, 1 reply; 9+ messages in thread From: Andrew Cowie @ 2003-07-23 4:13 UTC (permalink / raw To: gentoo-dev I'm writing an ebuild to install a piece of software which is a web-based application. Is there a The-Gentoo-Way (tm) place to put such things? Debian's answer to this is /var/www; Gentoo's appears to be /home/httpd, but I'm not sure if that was just someone's idea of a good place for it, or a practice that is expected to harden up as policy. Or is there a setting in /etc/conf.d I should be leveraging? AfC -- Andrew Frederick Cowie Operational Dynamics Consulting Pty Ltd Australia +61 2 9977 6866 North America +1 646 270 5376 http://www.operationaldynamics.com/ -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 4:13 [gentoo-dev] Web Application installations Andrew Cowie @ 2003-07-23 5:17 ` Max Kalika 2003-07-23 6:17 ` Andrew Cowie 0 siblings, 1 reply; 9+ messages in thread From: Max Kalika @ 2003-07-23 5:17 UTC (permalink / raw To: Andrew Cowie, gentoo-dev Quoting Andrew Cowie <andrew@operationaldynamics.com>: > I'm writing an ebuild to install a piece of software which is a > web-based application. Is there a The-Gentoo-Way (tm) place to put such > things? I actually have an eclass in the works to simplify this a great deal. It is almost done and I'll post it here for review. I've ported over most of the Horde apps to use this eclass in my local tree as an excersize and let me tell you, installing (and upgrading) Horde is actually pleasant now. --mk -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 5:17 ` Max Kalika @ 2003-07-23 6:17 ` Andrew Cowie 2003-07-23 8:31 ` Robin H.Johnson 0 siblings, 1 reply; 9+ messages in thread From: Andrew Cowie @ 2003-07-23 6:17 UTC (permalink / raw To: gentoo-dev On Wed, 2003-07-23 at 15:17, Max Kalika wrote: > I've ported over most of > the Horde apps to use this eclass in my local tree as an exercise and let > me tell you, installing (and upgrading) Horde is actually pleasant now. Oh, yeah, I can see that. The app I have in mind is dotProject (also a PHP web app) Web Application installations ARE a bit more complex than just `make install` the program: a) installing PHP app (ok, this is relatively straight forward - you just unpack tarball somewhere and ta-da, but one *does* need to know where to put it) b) ensure you've got all the dependencies. (Yuk). c) configure application [not so optional, but in Gentoo you are expected to do this on your own; also applies to:] d) install DB tables [optional, depends on which DB you're running, etc, etc... could guess from USE flags, but who wants an app just madly crashing around creating tables, especially when config may not be in place and when, if an upgrade, tables all ready exist] "Where to put it" does have slightly broader implications. Under the machine's default DocumentRoot seems a good idea, but there are many instances where one wants to make a separate virtual host for the installation, or, or.... Is there a way that that can be automated too? I suspect not, without going to something like linux-control-center or debconf or some similar craziness] Certainly as a first approximation, "sub directory of machine default DocRoot" seems a not bad place to start, but I'm curious what others think we should practice as I can think of numerous objections to this. AfC -- Andrew Frederick Cowie Operational Dynamics Consulting Pty Ltd Australia +61 2 9977 6866 North America +1 646 270 5376 http://www.operationaldynamics.com/ -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 6:17 ` Andrew Cowie @ 2003-07-23 8:31 ` Robin H.Johnson 2003-07-23 12:27 ` Don Seiler 2003-07-24 2:18 ` Aron Griffis 0 siblings, 2 replies; 9+ messages in thread From: Robin H.Johnson @ 2003-07-23 8:31 UTC (permalink / raw To: Andrew Cowie; +Cc: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 2953 bytes --] On Wed, Jul 23, 2003 at 04:17:40PM +1000, Andrew Cowie wrote: > On Wed, 2003-07-23 at 15:17, Max Kalika wrote: > > I've ported over most of the Horde apps to use this eclass in my > > local tree as an exercise and let me tell you, installing (and > > upgrading) Horde is actually pleasant now. > Oh, yeah, I can see that. The app I have in mind is dotProject (also a > PHP web app) > > Web Application installations ARE a bit more complex than just `make > install` the program: > > a) installing PHP app (ok, this is relatively straight forward - you > just unpack tarball somewhere and ta-da, but one *does* need to know > where to put it) > "Where to put it" does have slightly broader implications. Under the > machine's default DocumentRoot seems a good idea, but there are many > instances where one wants to make a separate virtual host for the > installation, or, or.... > Certainly as a first approximation, "sub directory of machine default > DocRoot" seems a not bad place to start, but I'm curious what others > think we should practice as I can think of numerous objections to this. After the 1.4 release (maybe before, depending on how busy I am with work), there will be a migration of all web applications to install somewhere like /usr/share/webapp/${P} (maybe ${PF}) You will then be able to create instances of the package by having that /usr/share/webapp/${P} in PHP's include path, and all you do is have the configuration files in your instance directory, enabling you to have as many instances as you want, securely, with only one set of main files, even accross virtual hosts. Config files probably be in /etc/webapp/${P} which will be symlinked to from wherever you have the instance. This is to protect them, but I am not 100% if this will be needed with the instances. > b) ensure you've got all the dependencies. (Yuk). Easy with Gentoo. RDEPEND=... for most webapps. > c) configure application [not so optional, but in Gentoo you are > expected to do this on your own; also applies to:] see what the phpMyAdmin ebuild does for making this REALLY good. > d) install DB tables [optional, depends on which DB you're running, etc, > etc... could guess from USE flags, but who wants an app just madly > crashing around creating tables, especially when config may not be in > place and when, if an upgrade, tables all ready exist] Again, see the phpMyAdmin ebuild. > Is there a way that that can be automated too? I suspect not, without > going to something like linux-control-center or debconf or some similar > craziness] I don't know if you have played with zope-config, but expect something like that for the web application setup. -- Robin Hugh Johnson E-Mail : robbat2@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 [-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 8:31 ` Robin H.Johnson @ 2003-07-23 12:27 ` Don Seiler 2003-07-23 14:12 ` Max Kalika 2003-07-24 2:18 ` Aron Griffis 1 sibling, 1 reply; 9+ messages in thread From: Don Seiler @ 2003-07-23 12:27 UTC (permalink / raw To: Andrew Cowie, gentoo-dev Very interesting idea. Is there a sort of web-app herd? What about having a net-webapp category? Anyway I definitely want to stay apprised of any changes in this area. Thanks, Don. On Wed, Jul 23, 2003 at 01:31:52AM -0700, Robin H.Johnson wrote: > On Wed, Jul 23, 2003 at 04:17:40PM +1000, Andrew Cowie wrote: > > On Wed, 2003-07-23 at 15:17, Max Kalika wrote: > > > I've ported over most of the Horde apps to use this eclass in my > > > local tree as an exercise and let me tell you, installing (and > > > upgrading) Horde is actually pleasant now. > > Oh, yeah, I can see that. The app I have in mind is dotProject (also a > > PHP web app) > > > > Web Application installations ARE a bit more complex than just `make > > install` the program: > > > > a) installing PHP app (ok, this is relatively straight forward - you > > just unpack tarball somewhere and ta-da, but one *does* need to know > > where to put it) > > "Where to put it" does have slightly broader implications. Under the > > machine's default DocumentRoot seems a good idea, but there are many > > instances where one wants to make a separate virtual host for the > > installation, or, or.... > > Certainly as a first approximation, "sub directory of machine default > > DocRoot" seems a not bad place to start, but I'm curious what others > > think we should practice as I can think of numerous objections to this. > After the 1.4 release (maybe before, depending on how busy I am with > work), there will be a migration of all web applications to install > somewhere like /usr/share/webapp/${P} (maybe ${PF}) > > You will then be able to create instances of the package by having that > /usr/share/webapp/${P} in PHP's include path, and all you do is have the > configuration files in your instance directory, enabling you to have as > many instances as you want, securely, with only one set of main files, > even accross virtual hosts. > > Config files probably be in /etc/webapp/${P} which will be symlinked to > from wherever you have the instance. This is to protect them, but I am > not 100% if this will be needed with the instances. > > > b) ensure you've got all the dependencies. (Yuk). > Easy with Gentoo. RDEPEND=... for most webapps. > > > c) configure application [not so optional, but in Gentoo you are > > expected to do this on your own; also applies to:] > see what the phpMyAdmin ebuild does for making this REALLY good. > > > d) install DB tables [optional, depends on which DB you're running, etc, > > etc... could guess from USE flags, but who wants an app just madly > > crashing around creating tables, especially when config may not be in > > place and when, if an upgrade, tables all ready exist] > Again, see the phpMyAdmin ebuild. > > > Is there a way that that can be automated too? I suspect not, without > > going to something like linux-control-center or debconf or some similar > > craziness] > I don't know if you have played with zope-config, but expect something > like that for the web application setup. > > -- > Robin Hugh Johnson > E-Mail : robbat2@orbis-terrarum.net > Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 > ICQ# : 30269588 or 41961639 > GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 12:27 ` Don Seiler @ 2003-07-23 14:12 ` Max Kalika 2003-07-23 18:07 ` Max Kalika 0 siblings, 1 reply; 9+ messages in thread From: Max Kalika @ 2003-07-23 14:12 UTC (permalink / raw To: Don Seiler, Andrew Cowie, gentoo-dev Quoting Don Seiler <rizzo@gentoo.org>: > Very interesting idea. Is there a sort of web-app herd? What about > having a net-webapp category? Anyway I definitely want to stay apprised > of any changes in this area. I asked about the net-webapp category before but everyone was busy and I didn't hear anything. I am completely for this. In response to Robin's breakdown of how webapps are to be installed, this is exactly what my eclass does. If you have a chance, can you please take a look at: <http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.eclass?r=1 ..4> The man page is here: <http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.5.txt?r=1. 1> And some example ebuilds are here: <http://68.6.36.243:81/chora/co.php/portage/net-www/horde/horde-2.2.3.ebuil d?r=1.1> <http://68.6.36.243:81/chora/co.php/portage/net-www/horde-imp/horde-imp-3.2 ..1.ebuild?r=1.1> Both of these ebuild generate extra parameters for their individual apache configuration blocks which look like this: php_flag safe_mode off php_flag magic_quotes_gpc off php_flag magic_quotes_runtime off php_flag register_globals off php_flag file_uploads on php_value upload_max_filesize 50M php_value include_path /usr/lib/horde-pear --mk -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 14:12 ` Max Kalika @ 2003-07-23 18:07 ` Max Kalika 0 siblings, 0 replies; 9+ messages in thread From: Max Kalika @ 2003-07-23 18:07 UTC (permalink / raw To: gentoo-dev Quoting Max Kalika <max@gentoo.org>: Sorry folks, somehow the link copy/paste got borked. Here are correct links... > Eclass http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.eclass?r=1.4 > The man page is here: http://68.6.36.243:81/chora/co.php/portage/eclass/apache-webapp.5.txt?r=1.1 > And some example ebuilds are here: http://68.6.36.243:81/chora/co.php/portage/net-www/horde/horde-2.2.3.ebuild ?r=1.1 http://68.6.36.243:81/chora/co.php/portage/net-www/horde-imp/horde-imp-3.2. 1.ebuild?r=1.1 --mk -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-23 8:31 ` Robin H.Johnson 2003-07-23 12:27 ` Don Seiler @ 2003-07-24 2:18 ` Aron Griffis 2003-07-24 2:55 ` Robin H.Johnson 1 sibling, 1 reply; 9+ messages in thread From: Aron Griffis @ 2003-07-24 2:18 UTC (permalink / raw To: gentoo-dev; +Cc: Andrew Cowie Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT] > After the 1.4 release (maybe before, depending on how busy I am with > work), there will be a migration of all web applications to install > somewhere like /usr/share/webapp/${P} (maybe ${PF}) This doesn't sound right to me since /usr should be mountable read-only. Don't many/most web applications need to be able to write to their installation area? I personally like the Debian solution of /var/www Aron -- gentoo-dev@gentoo.org mailing list ^ permalink raw reply [flat|nested] 9+ messages in thread
* Re: [gentoo-dev] Web Application installations 2003-07-24 2:18 ` Aron Griffis @ 2003-07-24 2:55 ` Robin H.Johnson 0 siblings, 0 replies; 9+ messages in thread From: Robin H.Johnson @ 2003-07-24 2:55 UTC (permalink / raw To: gentoo-dev [-- Attachment #1: Type: text/plain, Size: 2436 bytes --] On Wed, Jul 23, 2003 at 10:18:40PM -0400, Aron Griffis wrote: > Robin H.Johnson wrote: [Wed Jul 23 2003, 04:31:52AM EDT] > > After the 1.4 release (maybe before, depending on how busy I am with > > work), there will be a migration of all web applications to install > > somewhere like /usr/share/webapp/${P} (maybe ${PF}) > > This doesn't sound right to me since /usr should be mountable read-only. > Don't many/most web applications need to be able to write to their > installation area? I personally like the Debian solution of /var/www I agree totally with keeping /usr read-only during normal system use. Very few applications do write their directories, and those that do are in the great majority of cases broken. This is because this requires that their directories have permissions suitable for the webserver to write to them. ALL of /usr/share/webapp will be chown root.root, with mode 755 for directories, and 644 for files. Under my solution the application THINKS it is running in the instance directory. The key thing is this inside the .htaccess file for each instance: php_value include_path ".:/usr/share/webapp/${P}" Then they have whatever access to . and read-only to /usr/share/webapp/${P}. Say a web application requires a config file 'config.php'. You could then have two instances /var/www/site1/webapp/ /var/www/site2/webapp/ Where each directory contains only two files, 'config.php' and '.htaccess'. Now even if somebody were to break in and get your PHP to run arbitrary code, their damage would be limited to those two files (and anything else the apache user has permissions to, which does NOT include the actual webapp. If you wanted to seriously customize an instance, all that would be needed would be to copy the file from /usr/share/webapp/${P} to your instance directory, and modify the copy in your instance directory. In my entire time as a PHP programmer, I have seen only one instance where an application really needed access to a local directory to write files, and that was only because of a shortcoming in the API used, that could not send data directly but had to build it on disk (PDF creation stuff). -- Robin Hugh Johnson E-Mail : robbat2@orbis-terrarum.net Home Page : http://www.orbis-terrarum.net/?l=people.robbat2 ICQ# : 30269588 or 41961639 GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 [-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --] ^ permalink raw reply [flat|nested] 9+ messages in thread
end of thread, other threads:[~2003-07-24 2:55 UTC | newest] Thread overview: 9+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2003-07-23 4:13 [gentoo-dev] Web Application installations Andrew Cowie 2003-07-23 5:17 ` Max Kalika 2003-07-23 6:17 ` Andrew Cowie 2003-07-23 8:31 ` Robin H.Johnson 2003-07-23 12:27 ` Don Seiler 2003-07-23 14:12 ` Max Kalika 2003-07-23 18:07 ` Max Kalika 2003-07-24 2:18 ` Aron Griffis 2003-07-24 2:55 ` Robin H.Johnson
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox