[Rt-commit] [svn] r1125 - rt/branches/rt-3.1
jesse at pallas.eruditorum.org
jesse at pallas.eruditorum.org
Mon Jun 21 15:39:30 EDT 2004
Author: jesse
Date: Mon Jun 21 15:39:29 2004
New Revision: 1125
Modified:
rt/branches/rt-3.1/ (props changed)
rt/branches/rt-3.1/README
rt/branches/rt-3.1/UPGRADING
rt/branches/rt-3.1/configure.ac
rt/branches/rt-3.1/releng.cnf
Log:
----------------------------------------------------------------------
r1949 at tinbook: jesse | 2004-06-21T18:09:01.019869Z
----------------------------------------------------------------------
r1950 at tinbook: jesse | 2004-06-21T19:36:16.853567Z
Bumping to RT 3.2.0rc1
----------------------------------------------------------------------
Modified: rt/branches/rt-3.1/README
==============================================================================
--- rt/branches/rt-3.1/README (original)
+++ rt/branches/rt-3.1/README Mon Jun 21 15:39:29 2004
@@ -34,10 +34,7 @@
Jesse Vincent
Best Practical Solutions, LLC
- March 2004
-
-
-
+ June 2004
REQUIRED PACKAGES:
@@ -45,13 +42,17 @@
o Perl 5.8.3 or later (http://www.perl.com).
- Perl versions prior to 5.8.3 contain bugs that could result in data
- corruption. We recommend strongly that you use 5.8.3 or newer.
+ Perl versions prior to 5.8.3 contain bugs that could result
+ in data corruption. We recommend strongly that you use 5.8.3
+ or newer. RT may function with perl 5.8.0 and later, but
+ is unsupported in that configuration.
o A DB backend; MySQL is recommended ( http://www.mysql.com )
Currently supported: Mysql 4.0.13 or later.
Postgres 7.2 or later.
Oracle 9iR2.
+ Beta-quality support for Informix and SQLite is also available.
+
o Apache version 1.3.x or 2.x (http://httpd.apache.org)
with mod_perl -- (http://perl.apache.org )
@@ -96,57 +97,61 @@
./configure --help to see the list of options
./configure (with the flags you want)
-3 Satisfy RT's myriad dependencies.
+3 Make sure that RT has everything it needs to run:
-3.1 Check for compliance:
-
- perl sbin/rt-test-dependencies \
- --with-<databasename> --with-<web-environment>
+3.1 Check for missing dependencies:
- databasename is one of: mysql, postgres, oracle
- web-environment is one of: fastcgi, modperl1, modperl2
+ make testdeps
3.2 If there are unsatisfied dependencies, install them by hand or run:
- perl sbin/rt-test-dependencies \
- --with-<databasename> --with-<web-environment> --install
-
+ make fixdeps
3.3 Check to make sure everything was installed properly:
+
+ make testdeps
- perl sbin/rt-test-dependencies \
- --with-<databasename> --with-<web-environment>
+ It might sometimes be necessary to run "make fixdeps" several times
+ to install all necessary perl modules.
4 Create a group called 'rt'
5a FOR A NEW INSTALLATION:
As root, type:
- make install (replace "make" with the local name for
- Make, if you need to)
-
+ make install
make initialize-database
-
If the make fails, type:
make dropdb
and start over from step 5a
5b FOR UPGRADING: (Within the RT 3.x series)
-
Read through the UPGRADING document included in this distribution.
- It may contain important instructions for updating your database
+ It may contain important instructions which will help you upgrade
+ RT safely.
As root, type:
- make upgrade (replace "make" with the local name for
- Make, if you need to)
+ make upgrade
This will build new binaries, config files and libraries without
overwriting your RT database.
-
- It may then instruct you to update your RT system database objects
+
+ You may also need to update RT's database. To find out, type:
+
+ ls etc/upgrade
+
+ For each item in that directory whose name is greater than
+ your previously installed RT version, run:
+ /opt/rt3/sbin/rt-setup-database --action schema \
+ --datadir etc/upgrade/<version>
+ /opt/rt3/sbin/rt-setup-database --action acl \
+ --datadir etc/upgrade/<version>
+ /opt/rt3/sbin/rt-setup-database --action insert \
+ --datadir etc/upgrade/<version>
+
5c FOR UPGRADING: (From RT 2.0.x)
@@ -176,12 +181,14 @@
THE WEB INTERFACE
-----------------
-RT's web interface is based around HTML::Mason, which works best with the mod_perl
-perl interpreter within Apache httpd. Alternatively, support for the FastCGI
-(and plain CGI) interface is also provided as 'bin/mason_handler.fcgi'.
+RT's web interface is based around HTML::Mason, which works well with
+the mod_perl perl interpreter within Apache httpd and FastCGI
+
+mod_perl
+--------
-Apache
- You'll need to add a few lines to your httpd.conf telling it about RT:
+To install RT with mod_perl, you'll need to add a few lines to your
+Apache configuration file telling it about RT:
<VirtualHost your.ip.address>
ServerName your.rt.server.hostname
@@ -204,11 +211,44 @@
</Location>
</VirtualHost>
+FastCGI
+-------
+
+Installation with FastCGI is a little bit more complex and is documented
+in detail at http://wiki.bestpractical.com/index.cgi?FastCGIConfiguration
+
+In the most basic configuration, you can set up your webserver to run
+as a user who is a member of the "rt" unix group so that the FastCGI script
+can read RT's configuration file. It's important to understand the security
+implications of this configuration, which are discussed in the document
+mentioned above.
+
+To install RT with FastCGI, you'll need to add a few lines to your
+Apache configuration file telling it about RT:
+
+<VirtualHost rt.example.com>
+
+ # Pass through requests to display images
+ Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
+
+ # Tell FastCGI to put its temporary files somewhere sane.
+ FastCgiIpcDir /tmp
+
+ FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
+
+ AddHandler fastcgi-script fcgi
+ ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
+
+</VirtualHost>
+
SETTING UP THE MAIL GATEWAY
---------------------------
+RT can accept incoming email using a simple program run as a "pipe"
+by your mail server.
+
An alias for the initial queue will need to be made in either your
global mail aliases file (if you are using NIS) or locally on your
machine.
@@ -249,14 +289,15 @@
To keep up to date on the latest RT tips, techniques and extensions,
you probably want to join the rt-users mailing list. Send a message to:
- rt-users-request at lists.fsck.com
+ rt-users-request at lists.bestpractical.com
With the body of the message consisting of only the word:
subscribe
If you're interested in hacking on RT, you'll want to subscribe to
-rt-devel at lists.fsck.com. Subscribe to it with instructions similar to
+rt-devel at lists.bestpractical.com. Subscribe to it with instructions
+similar to
those above.
Address questions about the stable release to the rt-users list, and
@@ -273,13 +314,3 @@
You'll find screenshots, a pointer to the current version of RT, contributed
patches, and lots of other great stuff.
-
-
-TROUBLESHOOTING
----------------
-
-If the solution to the problem you're running into isn't obvious and you've
-checked the FAQ, feel free to send mail to rt-users at fsck.com (for released
-versions of RT) or rt-devel at fsck.com (for development versions).
-
-Thanks!
Modified: rt/branches/rt-3.1/UPGRADING
==============================================================================
--- rt/branches/rt-3.1/UPGRADING (original)
+++ rt/branches/rt-3.1/UPGRADING Mon Jun 21 15:39:29 2004
@@ -1,5 +1,11 @@
UPGRADING
+Detailed information about upgrading can be found in the README file.
+This document is intended to supplement the instructions in that file.
+
+Additional information about upgrading from specific versions of RT is
+contained below.
+
*******
WARNING
*******
@@ -10,14 +16,159 @@
*******
-Detailed information about upgrading can be found in the README file.
-
-Additional information about upgrading from specific versions of RT is
-contained below.
UPGRADING FROM 3.0.x - Changes:
+
+= Rights changes =
+
Now, if you want RT to automatically create new users upon ticket
submission, you MUST grant 'Everyone' the right to create tickets.
Granting this right only to "Unprivileged Users" is now insufficient.
+
+= FastCGI configuration =
+
+This section is a snapshot of the documentation available at:
+
+http://wiki.bestpractical.com/index.cgi?FastCGIConfiguration
+
+It's worth checking out that resource if these instructions don't
+work right for you
+
+
+RT 3.2 includes a signficant change to the FastCGI handler. It is
+no longer "setgid" to the RT group. Perl's setid support has been
+deprecated for the last several releases and a number of platforms
+don't bundle the "sperl" or "suidperl" executable by default.
+Additionally, when perl is run SetUID or SetGID, the interpreter
+is automatically switched into /taint mode/, in which all incoming
+data, no matter the source is considered suspect. At first, this
+seems like a great idea. But perl's taint mode is a big sledgehammer
+used to hit small nails. Many perl libraries aren't tested in taint
+mode and will fail when least expected. Moving away from a SetGID
+FastCGI handler will enable more users to have a smoother RT
+experience. It does require some changes in how you set up and
+configure RT.
+
+Beginning with RT 3.2, you have several choices about how to configure
+RT to run as a FastCGI:
+
+
+== Install RT as the user your webserver runs as ==
+
+Pros: Very easy to configure
+
+Cons: Your webserver has access to RT's private database password
+
+
+=== How To
+
+When installing RT, run:
+
+ ./configure --with-web-user="webuser" --with-web-group="webgroup" \
+ --with-rt-user="webuser" --with-rt-group="webgroup"
+
+(Don't forget to include other configuration options that matter to you)
+
+If you're using apache, you'll want to add something like the following
+to your httpd.conf:
+
+ <VirtualHost rt.example.com>
+
+ # Pass through requests to display images
+ Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
+
+ # Tell FastCGI to put its temporary files somewhere sane.
+ FastCgiIpcDir /tmp
+
+ FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
+
+ AddHandler fastcgi-script fcgi
+ ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
+
+ </VirtualHost>
+
+
+== Make your webserver user a member of the "rt" group ==
+
+Pros: Easy to configure
+
+Cons: Your webserver has access to RT's private database password
+
+
+=== How To
+
+Install RT normally. Add whichever user your webserver runs as
+(whatever you set --with-web-user to) to the "rt" group (whatever
+you set --with-rt-group to) in /etc/groups.
+
+To find out what user your webserver runs as, look for the line
+
+ User some-user-name
+
+in your apache httpd.conf. Common values are www, www-data, web and nobody.
+
+
+
+== Run RT using _suexec_ or a similar mechanism
+
+
+Pros: More secure
+
+Cons: Sometimes very difficult to configure
+
+Apache's _suexec_ utility allows you run CGI programs as specific
+users. Because that's a relatively heavy responsibility, it's very,
+very conservative about what it's willing to do for you. On top of
+that, Apache's mod_fastcgi plugin doesn't respect all of suexec's
+features. While suexec is designed to execute CGI scripts in a
+given virtual host's !DocumentRoot, It can only execute FastCGI
+scripts in the system's *main* !DocumentRoot.
+
+This means you have to copy the RT FastCGI handler into your main
+!DocumentRoot
+
+The following example !VirtualHost will run RT as a FastCGI on
+Apache 1.3 on a Debian Linux server.
+
+
+ <VirtualHost rt.example.com>
+
+ DocumentRoot /opt/rt3/share/html
+
+ # Set the rt user and group as the executing user for this virtual host
+ User rt
+ Group rt
+
+
+ # Pass through requests to display images
+ Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
+
+ # Tell FastCGI to put its temporary files somewhere sane.
+ FastCgiIpcDir /tmp
+
+ # Tell FastCGI that it should use apache's "suexec" binary to call any
+ # FastCGI script.
+ # This is a GLOBAL setting
+ FastCgiWrapper /usr/lib/apache/suexec
+
+ # You need to copy the rt mason_handler.fcgi into a directory inside
+ # the main server DocumentRoot
+ # That directory must be owned by the user and group that will execute
+ # the FastCGI script
+ # In this case, that directory is /var/www/rt
+
+ # To find the local DocumentRoot, run "suexec -V" as root and look for the
+ # -D DOC_ROOT parameter.
+
+ # Apache 1.3 discards the user and group parameters on the FastCgiServer
+ # line. Apache 2.0 requires them.
+
+ FastCgiServer /var/www/rt/mason_handler.fcgi -idle-timeout 120 -user rt -group rt
+
+ AddHandler fastcgi-script fcgi
+ ScriptAlias / /var/www/rt/mason_handler.fcgi/
+
+ </VirtualHost>
+
Modified: rt/branches/rt-3.1/configure.ac
==============================================================================
--- rt/branches/rt-3.1/configure.ac (original)
+++ rt/branches/rt-3.1/configure.ac Mon Jun 21 15:39:29 2004
@@ -78,11 +78,11 @@
dnl DB_TYPE
AC_ARG_WITH(db-type,
AC_HELP_STRING([--with-db-type=TYPE],
- [sort of database RT will use (default: mysql) (mysql, Pg, Oracle and Informix are valid)]),
+ [sort of database RT will use (default: mysql) (mysql, Pg, Oracle, Informix and SQLite are valid)]),
DB_TYPE=$withval,
DB_TYPE=mysql)
if test "$DB_TYPE" != 'mysql' -a "$DB_TYPE" != 'Pg' -a "$DB_TYPE" != 'SQLite' -a "$DB_TYPE" != 'Oracle' -a "$DB_TYPE" != 'Informix' -a "$DB_TYPE" != 'Sybase' ; then
- AC_MSG_ERROR([Only Oracle, Informix, Pg and mysql are valid db types])
+ AC_MSG_ERROR([Only Oracle, Informix, Pg, mysql and SQLite are valid db types])
fi
AC_SUBST(DB_TYPE)
Modified: rt/branches/rt-3.1/releng.cnf
==============================================================================
--- rt/branches/rt-3.1/releng.cnf (original)
+++ rt/branches/rt-3.1/releng.cnf Mon Jun 21 15:39:29 2004
@@ -1,5 +1,5 @@
PRODUCT = rt
-TAG = 3.1.17
+TAG = 3.2.0rc1
CANONICAL_REPO = svn+ssh://svn.bestpractical.com/svn/bps-public/rt/
TAGS = tags/
TRUNK = branches/rt-3.1/
More information about the Rt-commit
mailing list