%define PACKAGE_NAME deegree-owsproxy %define SERVICE owsproxy %define PACKAGE_VERSION 2.3pre %define release 6gp %define DIST opensuse-10.3 %define manifest %{_builddir}/%{name}-%{version}-%{release}.manifest Summary: Deegree OWSProxy is a security proxy to secure GDI-services. Name: %{PACKAGE_NAME} Version: %{PACKAGE_VERSION} Release: %{release} Source0: %{PACKAGE_NAME}-%{PACKAGE_VERSION}-%{release}.tar.gz License: See LICENSE.txt Group: Development/Libraries BuildRoot: %{_tmppath}/%{PACKAGE_NAME}-%{PACKAGE_VERSION}-%{release}-buildroot Prefix: %{_prefix} Requires: postgresql-server Provides: osaas-client Requires: osaas-server PreReq: gispatcher-integration-owsproxy Requires: tomcat55 Requires: java-1_5_0-sun #BuildRequires: perl, grep Vendor: Intevation GmbH Url: http://deegree.org %description Deegree OWSProxy is a security proxy to secure GDI-services. OWSProxy secured geospatial geodata infrastructures using a transprent proxy method. This package also includes an OSAAS-client to log all OWS-requests to an accounting-database. %prep %setup -q -n %{PACKAGE_NAME}-%{PACKAGE_VERSION}-%{release} %build %install cd deegree/%{SERVICE}/rpm %makeinstall # __os_install_post is implicitly expanded after the # %install section... do it now, and then disable it, # so all work is done before building manifest. %{?__os_install_post} %define __os_install_post %{nil} # build the file list automagically into %{manifest} cd $RPM_BUILD_ROOT rm -f %{manifest} find . -type d \ | sed '1,2d;s,^\.,\%attr(-\,root\,root) \%dir ,' >> %{manifest} find . -type f ! -name "*.xml" \ | sed 's,^\.,\%attr(-\,root\,root) ,' >> %{manifest} find . -type l \ | sed 's,^\.,\%attr(-\,root\,root) ,' >> %{manifest} find . -type f -name "*.xml" \ | sed 's,^\.,\%config(noreplace) ,' >> %{manifest} %post if [ "$1" == "1" ] ; then # first install PKGNAME=%{PACKAGE_NAME} TOMCATDIR=/opt/gispatcher/%{SERVICE}/webapps/%{SERVICE} PWD="/tmp/bla$$.log" PGDB="/tmp/blub$$.sql" #echo "Database name? " #read dbname dbname=gispatcher_owsproxy_sec #echo "Database username?" #read dbuser dbuser=gispatcher_owsproxy_sec #echo "Admin password?" #read adminpassword adminpassword=`perl -e 'use strict; my $len = shift; my @chr = qw( a b c d e f g h i j k l m n o p q r s t u v w x y z A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9); srand; print $chr[rand(@chr)] while ($len--);' 8` #echo "WMS URL?" #read wmsurl wmsurl=http://demo.intevation.org/cgi-bin/frida-wms user_exists=`su -c "echo \"SELECT count(usename) from pg_user WHERE usename='$dbuser'\" | psql -S -t postgres" postgres ` if [ $user_exists == "1" ] then # dbuser exists already NOP=NOP else # dbuser has to be created su postgres -c "createuser -SDRl ${dbuser}" > /dev/null fi echo "ALTER USER ${dbuser} ENCRYPTED PASSWORD '$adminpassword';" > ${PWD} # TODO: the password has to be stored in # /etc/defaults/gispatcher/owsproxy and taken from there if it # exists. Right now we are in the "all-static" scenario. As just # a temporary workaround in the meantime without /etc/defaults/*, # only the first time this RPM is installed, the password is # changed and mailed to the administrator. sed -i "s|@password@|${adminpassword}|" ${TOMCATDIR}/WEB-INF/conf/security/wmspolicy.xml mail -s 'deegree-owsproxy database password changed' root << EOF Dear administrator, the password of the database $dbname, to be accessed via the user '$dbuser' created the following password for you: $adminpassword If you want to change the password, please make sure that you change it at the following places: * within the PostgreSQL-database ($dbname) * in ${TOMCATDIR}/WEB-INF/conf/security/wmspolicy.xml The above files also include the database-connection, if you like to change the settings entirely. Make sure that your PostgreSQL-Server is able to accept connections over TCP/IP, at least from localhost. Please check the entry 'listen_adresses = localhost' in your postgresql.conf. Additionally you need to include the following line into your pg_hba.conf file to accept jdbc-connections # GISpatcher-OWSProxy-Database-configuration host ${dbname} ${dbuser} 127.0.0.1/32 md5 If you like to use the OSAAS-accounting-system, your need to configure the parameters in * ${TOMCATDIR}/WEB-INF/web.xml to reflect your OSAAS-configuration. Currently the system does not log anything to osaas. Best regards The GISpatcher-team EOF db_exists=`su -c "echo \"SELECT count(datname) from pg_database WHERE datname='$dbname'\" | psql -S -t postgres" postgres ` if [ $db_exists == "1" ] then # Database exists already NOP=NOP else # Database has to be created su postgres -c "createdb -O ${dbuser} ${dbname}" >/dev/null #TODO: This SQL file has to be provided by the RPM!!! echo "SET ROLE TO '${dbuser}';" > ${PGDB} cat /usr/share/doc/${PKGNAME}/create-security-postgres.sql >> ${PGDB} su postgres -c "psql ${dbname} -f ${PWD}" > /dev/null 2>&1 su postgres -c "psql ${dbname} -f ${PGDB}" > /dev/null 2>&1 rm -f ${PWD} ${PGDB} fi fi # end of first install-block if [ "$1" == "2" ] ; then # upgrade of the package # start the service again in order to get the new files loaded by the # tomcat /etc/init.d/%{SERVICE} start fi %pre if [ "$1" == "2" ] ; then # upgrade the package # stop the tomcat befor updating /etc/init.d/%{SERVICE} stop fi # make sure, that a postgres-server is running, otherwise start the service to proceed if [ "$1" == "1" ] ; then # fresh install if [ ! -e /var/lib/pgsql/data/postmaster.pid ] ; then # start service /etc/init.d/postgresql start fi # end of postgres-running-test fi %preun if [ "$1" == "0" ] ; then # remove the package if [ -e /var/run/owsproxy.pid ] ; then # stop tomcat before removing the %{SERVICE} /etc/init.d/%{SERVICE} stop fi fi %clean rm -rf $RPM_BUILD_ROOT %files -f %{manifest} %defattr(-,root,root) %changelog * Wed Dec 22 2011 Bjoern Schilberg - Fixed Bug in issue #418: Added validation of optional parameters. * Wed Nov 16 2011 Bjoern Schilberg - Fixed Issue #4: Added Separate rights for GetMap and GetFeatureInfo. - Fixed Issue #290: Fixed problems with WMS 1.3.0 requests. - Fixed Issue #300: Added validation of SLD-requests. - Fixed Issue #417: Added maxWidth and maxHeight restrictions. - Fixed Issue #418: Added validation of optional parameters. * Wed Sep 22 2010 Bjoern Schilberg - Fixed Issue #80: applied issue80-3.patch to deegree owsproxy in order to rewrite LegendURL in GetCapabilities-responses. * Mon Mar 22 2010 Stephan Holl - minor changes in source-tarball, creating a new number for transparency. * Mon Mar 22 2010 Stephan Holl - Fixed Issue #73: applied simpleproxyservlet.diff to deegree owsproxy in order to suppress user and passwords in Requeststring, when logging to OSAAS and requesting to cascaded WMS-service - Fixed Issue #94: Logging of timestamps (Requires an updated osaas-server-package RPM > 1.0.0-4+gp, if loggin should be possible) * Mon Dec 14 2009 Stephan Holl - included a fix for not sending username and password through to the secured WMS-server. - some adoptions to the configuration regarding the removement of credentials. * Mon Dec 01 2008 Stephan Holl - updated to upstream-version 2.3pre (r15164) - included OSAAS-Description * Mon Nov 17 2008 Stephan Holl - added preun-stuff - added %config-macro so that configurations are not overwritten - start postgres if not already started. * Fri Oct 31 2008 Stephan Holl - initial creation of this spec-file