зеркало из https://github.com/mozilla/gecko-dev.git
Add INSTALL instructions to explain how to secure tinderbox via apache and change permissions to secure tinderbox locally.
Bug #339688 r=bear
This commit is contained in:
Родитель
d909ffb77e
Коммит
bc69ec38b5
|
@ -0,0 +1,79 @@
|
||||||
|
#
|
||||||
|
# Tinderbox INSTALL guide
|
||||||
|
#
|
||||||
|
|
||||||
|
|
||||||
|
This is a quick guide for installing the tinderbox server.
|
||||||
|
|
||||||
|
|
||||||
|
1) If you want to track checkins with tinderbox, you will need to
|
||||||
|
install bonsai first.
|
||||||
|
|
||||||
|
2) In order to tighten access to the tinderbox files, you will need to
|
||||||
|
create a tinderbox user & group for exclusive use by the tinderbox server.
|
||||||
|
Add the mail user to your tinderbox group so that build logs can be
|
||||||
|
processed.
|
||||||
|
|
||||||
|
3) Checkout the latest copy of the tinderbox server:
|
||||||
|
cd /builds/cvs && cvs -z3 co mozilla/webtools/tinderbox
|
||||||
|
|
||||||
|
4) Edit the tinderbox Makefile and set the variables in the
|
||||||
|
SERVER_CONFIGURATION as appropriate. Let's assume that you set:
|
||||||
|
TINDERBOX_DIR=/var/www/html/tinderbox
|
||||||
|
TINDERBOX_USER=tinderbox
|
||||||
|
TINDERBOX_GROUP=tinderbox
|
||||||
|
vi mozilla/webtools/tinderbox/Makefile
|
||||||
|
|
||||||
|
5) Install the tinderbox server into the system directory
|
||||||
|
sudo make -C mozilla/webtools/tinderbox install
|
||||||
|
|
||||||
|
6) Edit your webserver configuration file and setup the virtual server
|
||||||
|
for your tinderbox as well as limit permissions to certain sensitive files.
|
||||||
|
vi /etc/httpd/conf/httpd.conf
|
||||||
|
|
||||||
|
# Example Virtual host entry for tinderbox for apache 2.0.x
|
||||||
|
# Replace 'company.com' with your company and '/var/www/html' with the
|
||||||
|
# actual location of your tinderbox installation
|
||||||
|
#
|
||||||
|
<VirtualHost *:80>
|
||||||
|
ServerName tinderbox.company.com
|
||||||
|
ServerAlias tinderbox
|
||||||
|
DocumentRoot /var/www/html
|
||||||
|
SuexecUserGroup tinderbox tinderbox
|
||||||
|
RewriteEngine On
|
||||||
|
RewriteRule ^/$ http://tinderbox.company.com/tinderbox/ [R,L,NE]
|
||||||
|
<Directory /var/www/html/tinderbox/>
|
||||||
|
Options FollowSymLinks ExecCGI
|
||||||
|
AllowOverride None
|
||||||
|
AddHandler cgi-script .cgi
|
||||||
|
</Directory>
|
||||||
|
# Deny access to private tree data
|
||||||
|
<Directory /var/www/html/tinderbox/*/>
|
||||||
|
<FilesMatch "^(ignorebuilds.pl|scrapebuilds|treedata).pl$">
|
||||||
|
Deny from all
|
||||||
|
</FilesMatch>
|
||||||
|
<FilesMatch "\.(dat)$">
|
||||||
|
Deny from all
|
||||||
|
</FilesMatch>
|
||||||
|
</Directory>
|
||||||
|
<Directory /var/www/html/tinderbox/data>
|
||||||
|
Deny from all
|
||||||
|
</Directory>
|
||||||
|
</VirtualHost>
|
||||||
|
# End tinderbox apache configuration
|
||||||
|
|
||||||
|
7) Add an email alias for 'tinderbox-daemon' on the local server and pipe
|
||||||
|
all mail through the handemail.pl script.
|
||||||
|
Assuming that you're using sendmail, add the following line to /etc/aliases
|
||||||
|
|
||||||
|
tinderbox-daemon: "|/var/www/html/tinderbox/handlemail.pl /var/www/html/tinderbox"
|
||||||
|
|
||||||
|
If sendmail uses smrsh, you may need to create a symlink under /etc/smrsh.
|
||||||
|
ln -sf /var/www/html/tinderbox/handlemail.pl /etc/smrsh/handlemail.pl
|
||||||
|
|
||||||
|
8) Restart apache and go to http://tinderbox.company.com/tinderbox/ .
|
||||||
|
Click on 'Administer' and enter the information for your new tinderbox tree.
|
||||||
|
|
||||||
|
9) pull the tinderbox client source and start sending build reports
|
||||||
|
to tinderbox-daemon@<tinderbox.server>
|
||||||
|
(cd /builds/cvs && cvs -z3 co mozilla/tools/tinderbox )
|
|
@ -31,11 +31,13 @@
|
||||||
# Then "make install" should copy the files to the tinderbox location
|
# Then "make install" should copy the files to the tinderbox location
|
||||||
# specified by TINDERBOX_DIR
|
# specified by TINDERBOX_DIR
|
||||||
|
|
||||||
|
# Begin SERVER_CONFIGURATION
|
||||||
|
|
||||||
#TINDERBOX_DIR = /var/www/html/tinderbox
|
#TINDERBOX_DIR = /var/www/html/tinderbox
|
||||||
#BONSAI_DIR = /var/www/html/bonsai
|
#BONSAI_DIR = /var/www/html/bonsai
|
||||||
#BONSAI_URL = /bonsai
|
#BONSAI_URL = /bonsai
|
||||||
|
|
||||||
# Set these if you want to tighten permissions
|
# Set these to the user/group that will run the tinderbox processes
|
||||||
#TINDERBOX_USER = tinderbox
|
#TINDERBOX_USER = tinderbox
|
||||||
#TINDERBOX_GROUP = tinderbox
|
#TINDERBOX_GROUP = tinderbox
|
||||||
|
|
||||||
|
@ -44,43 +46,57 @@
|
||||||
#PERL = /usr/bin/perl
|
#PERL = /usr/bin/perl
|
||||||
#UUDECODE = /usr/bin/uudecode
|
#UUDECODE = /usr/bin/uudecode
|
||||||
|
|
||||||
|
# End SERVER_CONFIGURATION
|
||||||
|
|
||||||
ALL_UTILS = GZIP PERL UUDECODE
|
ALL_UTILS = GZIP PERL UUDECODE
|
||||||
|
|
||||||
|
EXE_FILES = \
|
||||||
|
addimage.cgi \
|
||||||
|
addnote.cgi \
|
||||||
|
admintree.cgi \
|
||||||
|
buildwho.pl \
|
||||||
|
clean.pl \
|
||||||
|
doadmin.cgi \
|
||||||
|
fixupimages.pl \
|
||||||
|
handlemail.pl \
|
||||||
|
processbuild.pl \
|
||||||
|
showbuilds.cgi \
|
||||||
|
showimages.cgi \
|
||||||
|
showlog.cgi \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
FILES = \
|
FILES = \
|
||||||
Backwards.pm \
|
Backwards.pm \
|
||||||
addimage.cgi \
|
ep_mac.pl \
|
||||||
addnote.cgi \
|
ep_unix.pl \
|
||||||
admintree.cgi \
|
ep_windows.pl \
|
||||||
buildwho.pl \
|
header.pl \
|
||||||
clean.pl \
|
imagelog.pl \
|
||||||
doadmin.cgi \
|
tbglobals.pl \
|
||||||
ep_mac.pl \
|
viewvc.pl \
|
||||||
ep_unix.pl \
|
Empty.html \
|
||||||
ep_windows.pl \
|
faq.html \
|
||||||
fixupimages.pl \
|
index.html \
|
||||||
handlemail.pl \
|
examples/buildit.config \
|
||||||
header.pl \
|
examples/mozilla-unix.pl \
|
||||||
imagelog.pl \
|
examples/mozilla-windows.pl \
|
||||||
processbuild.pl \
|
$(NULL)
|
||||||
showbuilds.cgi \
|
|
||||||
showimages.cgi \
|
|
||||||
showlog.cgi \
|
|
||||||
tbglobals.pl \
|
|
||||||
Empty.html \
|
|
||||||
faq.html \
|
|
||||||
index.html \
|
|
||||||
examples/buildit.config \
|
|
||||||
examples/mozilla-unix.pl \
|
|
||||||
examples/mozilla-windows.pl
|
|
||||||
|
|
||||||
PICS = \
|
PICS = \
|
||||||
1afi003r.gif \
|
1afi003r.gif \
|
||||||
star.gif
|
star.gif \
|
||||||
|
$(NULL)
|
||||||
|
|
||||||
# Sanity check
|
# Sanity check
|
||||||
ifeq (,$(strip $(TINDERBOX_DIR)))
|
ifeq (,$(strip $(TINDERBOX_DIR)))
|
||||||
$(error TINDERBOX_DIR must be set to the tinderbox install location)
|
$(error TINDERBOX_DIR must be set to the tinderbox install location)
|
||||||
endif
|
endif
|
||||||
|
ifeq (,$(strip $(TINDERBOX_USER)))
|
||||||
|
$(error TINDERBOX_USER must be set to the user that the tinderbox processes run as)
|
||||||
|
endif
|
||||||
|
ifeq (,$(strip $(TINDERBOX_GROUP)))
|
||||||
|
$(error TINDERBOX_GROUP must be set to the group that the tinderbox processes run as)
|
||||||
|
endif
|
||||||
|
|
||||||
ifeq (,$(strip $(BONSAI_DIR)))
|
ifeq (,$(strip $(BONSAI_DIR)))
|
||||||
$(error BONSAI_DIR must be set for bonsai support to work)
|
$(error BONSAI_DIR must be set for bonsai support to work)
|
||||||
|
@ -93,7 +109,7 @@ install:
|
||||||
$(foreach u,$(ALL_UTILS),$(if $($u),,$(error $u must be set to the full path of the utility)))
|
$(foreach u,$(ALL_UTILS),$(if $($u),,$(error $u must be set to the full path of the utility)))
|
||||||
mkdir -p $(TINDERBOX_DIR)/examples
|
mkdir -p $(TINDERBOX_DIR)/examples
|
||||||
set -e ; \
|
set -e ; \
|
||||||
for I in $(FILES); do \
|
for I in $(FILES) $(EXE_FILES); do \
|
||||||
echo Installing $$I && \
|
echo Installing $$I && \
|
||||||
sed -e s#/usr/bonsaitools/bin/perl#$(PERL)#g \
|
sed -e s#/usr/bonsaitools/bin/perl#$(PERL)#g \
|
||||||
-e s#/tools/ns/bin/perl5#$(PERL)#g \
|
-e s#/tools/ns/bin/perl5#$(PERL)#g \
|
||||||
|
@ -103,21 +119,18 @@ install:
|
||||||
-e s#/d/webdocs/projects/bonsai#$(BONSAI_DIR)#g \
|
-e s#/d/webdocs/projects/bonsai#$(BONSAI_DIR)#g \
|
||||||
-e s#\.\./bonsai#$(BONSAI_URL)#g \
|
-e s#\.\./bonsai#$(BONSAI_URL)#g \
|
||||||
$$I > $(TINDERBOX_DIR)/$$I && \
|
$$I > $(TINDERBOX_DIR)/$$I && \
|
||||||
chmod 755 $(TINDERBOX_DIR)/$$I; \
|
chmod 644 $(TINDERBOX_DIR)/$$I; \
|
||||||
done
|
done
|
||||||
|
chmod 755 $(addprefix $(TINDERBOX_DIR)/,$(EXE_FILES))
|
||||||
set -e ; \
|
set -e ; \
|
||||||
for I in $(PICS); do \
|
for I in $(PICS); do \
|
||||||
echo Installing $$I && \
|
echo Installing $$I && \
|
||||||
cp $$I $(TINDERBOX_DIR) && \
|
cp $$I $(TINDERBOX_DIR) && \
|
||||||
chmod 755 $(TINDERBOX_DIR)/$$I; \
|
chmod 644 $(TINDERBOX_DIR)/$$I; \
|
||||||
done
|
done
|
||||||
mkdir -p $(TINDERBOX_DIR)/data
|
mkdir -p $(TINDERBOX_DIR)/data
|
||||||
ifneq (,$(TINDERBOX_USER)$(TINDERBOX_GROUP))
|
|
||||||
chown -R $(TINDERBOX_USER) $(TINDERBOX_DIR)
|
chown -R $(TINDERBOX_USER) $(TINDERBOX_DIR)
|
||||||
chgrp -R $(TINDERBOX_GROUP) $(TINDERBOX_DIR)
|
chgrp -R $(TINDERBOX_GROUP) $(TINDERBOX_DIR)
|
||||||
chmod 755 $(TINDERBOX_DIR)
|
chmod 755 $(TINDERBOX_DIR)
|
||||||
chmod 775 $(TINDERBOX_DIR)/data
|
chmod 770 $(TINDERBOX_DIR)/data
|
||||||
else
|
chmod 770 $(TINDERBOX_DIR)/examples
|
||||||
chmod 777 $(TINDERBOX_DIR)
|
|
||||||
chmod 777 $(TINDERBOX_DIR)/data
|
|
||||||
endif
|
|
||||||
|
|
|
@ -23,8 +23,9 @@
|
||||||
|
|
||||||
require 'tbglobals.pl';
|
require 'tbglobals.pl';
|
||||||
|
|
||||||
umask 0666;
|
umask 002;
|
||||||
$perm = "0775"; # Permission of created files & dirs
|
$perm = "0660"; # Permission of created files
|
||||||
|
$dir_perm = "0770"; # Permission of created dirs
|
||||||
|
|
||||||
# Process the form arguments
|
# Process the form arguments
|
||||||
%form = ();
|
%form = ();
|
||||||
|
@ -124,10 +125,10 @@ sub create_tree {
|
||||||
$bonsaitreename = $form{'bonsaitreename'};
|
$bonsaitreename = $form{'bonsaitreename'};
|
||||||
|
|
||||||
if( -r $treename ){
|
if( -r $treename ){
|
||||||
chmod(oct($perm), $treename);
|
chmod(oct($dir_perm), $treename);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
mkdir( $treename, oct($perm)) || die "<h1> Cannot mkdir $treename</h1>";
|
mkdir( $treename, oct($dir_perm)) || die "<h1> Cannot mkdir $treename</h1>";
|
||||||
}
|
}
|
||||||
open( F, ">$treename/treedata.pl" );
|
open( F, ">$treename/treedata.pl" );
|
||||||
print F "\$cvs_module='$modulename';\n";
|
print F "\$cvs_module='$modulename';\n";
|
||||||
|
|
|
@ -23,7 +23,7 @@
|
||||||
use Time::Local;
|
use Time::Local;
|
||||||
require 'tbglobals.pl'; # for $gzip
|
require 'tbglobals.pl'; # for $gzip
|
||||||
|
|
||||||
umask 0;
|
umask 002;
|
||||||
|
|
||||||
if ($ARGV[0] eq '--check-mail') {
|
if ($ARGV[0] eq '--check-mail') {
|
||||||
$only_check_mail = 1;
|
$only_check_mail = 1;
|
||||||
|
|
|
@ -24,6 +24,8 @@ require 'tbglobals.pl';
|
||||||
require 'imagelog.pl';
|
require 'imagelog.pl';
|
||||||
require 'header.pl';
|
require 'header.pl';
|
||||||
|
|
||||||
|
umask 002;
|
||||||
|
|
||||||
# Process the form arguments
|
# Process the form arguments
|
||||||
%form = ();
|
%form = ();
|
||||||
&split_cgi_args();
|
&split_cgi_args();
|
||||||
|
|
Загрузка…
Ссылка в новой задаче