Tools
Записки программиста, обо всем и ни о чем. Но, наверное, больше профессионального.
2015-02-27
СТО
Posted by Valentin at 18:52 6 comments
Labels: driving
2015-02-25
The Game
Posted by Valentin at 01:12 0 comments
Labels: movie
2015-02-24
Naudoc/Zope
Posted by Valentin at 01:05 0 comments
Labels: Zope(Plone)
2015-02-23
The Star Chamber
Posted by Valentin at 01:29 0 comments
Labels: movie
Curiously Recurring Template Pattern
template <class T> class base{}; class derived : public base<derived> {};
template<typename D> struct base { void foo() {static_cast<D*>(this)->bar();} }; struct derived : base<derived> { void bar(); };
Posted by Valentin at 01:12 0 comments
Labels: citation, programming
2015-02-22
The Grapes of Wrath
Posted by Valentin at 19:29 0 comments
Labels: movie
2015-02-19
Регистрация ТС в ГИБДД
Posted by Valentin at 11:30 0 comments
2015-02-11
Установили Naudoc, теперь его надо доточить
su -l nano /etc/logrotate.d/zope /opt/naudoc/log/*.log { # daily weekly missingok rotate 5 compress delaycompress notifempty sharedscripts postrotate [ -f /opt/naudoc/var/Z2.pid ] && kill -USR2 `cat /opt/naudoc/var/Z2.pid` endscript }
su -l wget https://bitbucket.org/pypa/setuptools/raw/bootstrap-py24/ez_setup.py /opt/python24/bin/python ez_setup.py
aptitude install mysql-client libmysqlclient-dev /opt/python24/bin/easy_install mysql-python
su -l aptitude install libldap-dev openldap-utils slapd aptitude install libsasl2-dev libsasl2-modules /opt/python24/bin/easy_install pyasn1 /opt/python24/bin/easy_install pyasn1_modules wget https://pypi.python.org/packages/source/p/python-ldap/python-ldap-2.4.18.tar.gz#md5=9bee878cc3582d7184b0a48083446efb tar xvzf python-ldap-2.4.18.tar.gz cd python-ldap-2.4.18
find / -iname "*ldap*.h" /usr/include/ldap.h find / -iname "*ldap*.a" /usr/lib/x86_64-linux-gnu/libldap.a
diff -u setup.cfg.orig setup.cfg --- setup.cfg.orig 2014-11-27 00:32:55.989686001 +0300 +++ setup.cfg 2014-11-27 00:36:11.937686000 +0300 @@ -1,10 +1,10 @@ [_ldap] -library_dirs = /opt/openldap/lib64 /usr/lib +library_dirs = /opt/openldap/lib64 /usr/lib /usr/lib/x86_64-linux-gnu include_dirs = /opt/openldap/include /usr/include/sasl /usr/include defines = HAVE_SASL HAVE_TLS HAVE_LIBLDAP_R extra_compile_args = extra_objects = -libs = ldap_r +libs = ldap_r lber sasl2 ssl crypto [install] compile = 1
/opt/python24/bin/python setup.py clean --all /opt/python24/bin/python setup.py build /opt/python24/bin/python setup.py install
service zope2.10 stop; service zope2.10 start
nano /opt/naudoc/Products/CMFNauTools/Config.py EnableFSStorage = 1
service zope2.10 stop; service zope2.10 start
find /opt/naudoc/var/docs/
su -l nano /etc/apt/sources.list deb http://cdn.debian.net/debian/ wheezy main contrib non-free deb-src http://cdn.debian.net/debian/ wheezy main contrib non-free deb http://security.debian.org/ wheezy/updates main contrib non-free deb-src http://security.debian.org/ wheezy/updates main contrib non-free deb http://cdn.debian.net/debian/ wheezy-updates main contrib non-free deb-src http://cdn.debian.net/debian/ wheezy-updates main contrib non-free
aptitude update aptitude install apache2-mpm-itk apache2 openssl libapache2-mod-fcgid aptitude install libapache2-mod-fastcgi
a2dissite default cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/naudoc-ssl.conf a2ensite naudoc-ssl.conf a2enmod ssl a2enmod fastcgi a2enmod rewrite
mkdir -p /etc/ssl/localcerts openssl req -newkey rsa:2048 -x509 -days 3650 -nodes -out /etc/ssl/localcerts/apache.pem -keyout /etc/ssl/localcerts/apache.key -subj "/C=RU/ST=Moscow/L=Moscow/O=Mycompany/OU=Mycompany DMS/CN=mydomain.net" chmod 600 /etc/ssl/localcerts/apache*
nano /etc/apache2/sites-available/naudoc-ssl.conf ServerName mydomain.net <IfModule mod_ssl.c> NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin webmaster@localhost ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCertificateFile /etc/ssl/localcerts/apache.pem SSLCertificateKeyFile /etc/ssl/localcerts/apache.key DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all </Directory> <Directory "/var/www/naudoc"> Order allow,deny Allow from all Options FollowSymLinks Includes ExecCGI AllowOverride All SetHandler fastcgi-script </Directory> FastCgiExternalServer /var/www/naudoc -socket /var/run/zope.soc -idle-timeout 600 -pass-header Authorization RewriteEngine on RewriteRule !^/dms/(.*) /dms/ [R] RewriteRule ^/dms/docs/(.*) /var/www/naudoc/docs/$1 RewriteRule ^/dms/(.*) /var/www/naudoc/docs/$1 <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
nano /etc/apache2/ports.conf <IfModule mod_ssl.c> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule>
nano /opt/naudoc/etc/zope.conf #… модифицированные строки, весь файл слишком велик для полного цитирования <fast-cgi> address /var/run/zope.soc </fast-cgi> #...
service zope2.10 stop; service zope2.10 start service apache2 stop; service apache2 start
netstat -ltupn curl -k https://localhost/ openssl s_client -connect mydomain.net:443 -state -debug apache2 -v Server version: Apache/2.2.22 (Debian) Server built: Jul 24 2014 15:34:03
su -l mkdir -p ~/CA && cd $_ openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout ca.key -x509 -days 3650 \ -subj "/C=RU/ST=Moscow/L=Moscow/O=Portal/OU=DMS/CN=Portal CA/emailAddress=naudoc@dms.ru" \ -out ca.crt # посмотреть данные ключа и сертификата openssl rsa -noout -text -in ca.key|less openssl x509 -noout -text -in ca.crt|less
nano ca.config [ ca ] default_ca = CA_CLIENT # При подписи сертификатов # использовать секцию CA_CLIENT [ CA_CLIENT ] dir = ./db # Каталог для служебных файлов certs = $dir/certs # Каталог для сертификатов new_certs_dir = $dir/newcerts # Каталог для новых сертификатов database = $dir/index.txt # Файл с базой данных # подписанных сертификатов serial = $dir/serial # Файл содержащий серийный номер # сертификата (в шестнадцатиричном формате) certificate = ./ca.crt # Файл сертификата CA private_key = ./ca.key # Файл закрытого ключа CA default_days = 365 # Срок действия подписываемого # сертификата default_crl_days = 365 # Срок действия CRL (см. $4) default_md = sha256 # Алгоритм подписи policy = policy_anything # Название секции с описанием # политики в отношении данных сертификата [ policy_anything ] countryName = optional # Код страны - не обязателен stateOrProvinceName = optional # ...... localityName = optional # ...... organizationName = optional # ...... organizationalUnitName = optional # ...... emailAddress = optional # ...... commonName = supplied # ...... - обязателен
mkdir db mkdir db/certs mkdir db/newcerts touch db/index.txt echo "01" > db/serial
openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout apache.key -days 3650\ -subj "/C=RU/ST=Moscow/L=Moscow/O=Portal/OU=DMS/CN=mydomain.net" \ -out apache.csr # посмотреть данные ключа и запроса openssl rsa -noout -text -in apache.key|less openssl req -noout -text -in apache.csr|less
openssl ca -config ca.config -in apache.csr -out apache.crt -batch -days 3650 cp ./db/newcerts/01.pem ./apache.pem # посмотреть данные сертификата openssl x509 -noout -text -in apache.crt|less # отозвать сертификат openssl ca -config ca.config -revoke apache.pem # or openssl ca -config ca.config -revoke apache.crt
openssl pkcs12 -export -in apache.crt -inkey apache.key \ -certfile ca.crt -out apache.p12 -passout pass:secret
su -l pushd ~/CA openssl req -new -sha256 -newkey rsa:4096 -nodes -keyout valik.key -days 3650\ -subj "/C=RU/ST=Moscow/L=Moscow/O=Portal/OU=DMS/CN=vasnake@gmail.com/emailAddress=vasnake@gmail.com" \ -out valik.csr openssl ca -config ca.config -in valik.csr -out valik.crt -batch -days 3650 openssl pkcs12 -export -in valik.crt -inkey valik.key \ -certfile ca.crt -out valik.p12 -passout pass:secret chmod -R 600 ../CA echo "cert in attachment" | mutt -a "valik.p12" -s "portal keys" -- vasnake@gmail.com
openssl ca -gencrl -config ca.config -out ca.crl # посмотреть openssl crl -in ca.crl -text -noout|less chmod -R 600 ../CA
cp apache.crt /etc/ssl/localcerts/apache.crt cp apache.key /etc/ssl/localcerts/apache.key cp ca.crt /etc/ssl/localcerts/ca.crt cp ca.crl /etc/ssl/localcerts/ca.crl
nano /etc/apache2/sites-available/naudoc-ssl.conf ServerName mydomain.net <IfModule mod_ssl.c> NameVirtualHost *:443 <VirtualHost *:443> ServerAdmin webmaster@localhost DocumentRoot /var/www <Directory /> Options FollowSymLinks AllowOverride None </Directory> <Directory /var/www/> Options Indexes FollowSymLinks MultiViews AllowOverride None Order allow,deny allow from all SSLRequireSSL SSLVerifyClient require SSLRequire %{SSL_CLIENT_I_DN_O} eq "Portal" \ and %{SSL_CLIENT_I_DN_OU} in {"DMS", "IT"} # Журнал ошибок Апача показал # ERROR request body exceeds maximum size (131072) for SSL buffer # при попытке сохранить на сервер объемный шаблон документа, поэтому: SSLRenegBufferSize 10485760 </Directory> <Directory "/var/www/naudoc"> Order allow,deny Allow from all Options FollowSymLinks Includes ExecCGI AllowOverride All SetHandler fastcgi-script </Directory> FastCgiExternalServer /var/www/naudoc -socket /var/run/zope.soc -idle-timeout 600 -pass-header Authorization RewriteEngine on RewriteRule !^/dms/(.*) /dms/ [R] RewriteRule ^/dms/docs/(.*) /var/www/naudoc/docs/$1 RewriteRule ^/dms/(.*) /var/www/naudoc/docs/$1 ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined SSLEngine on SSLCACertificateFile /etc/ssl/localcerts/ca.crt SSLCARevocationFile /etc/ssl/localcerts/ca.crl SSLCertificateFile /etc/ssl/localcerts/apache.crt SSLCertificateKeyFile /etc/ssl/localcerts/apache.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory /usr/lib/cgi-bin> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown </VirtualHost> </IfModule>
nano /etc/iptables.up.rules # Generated by iptables-save v1.4.14 on Sun Nov 23 03:00:39 2014 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [12:2680] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 55 --name DEFAULT --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name DEFAULT --rsource -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT # Completed on Sun Nov 23 03:00:39 2014 # EOF bash /root/disable_fw.sh bash /etc/network/if-pre-up.d/iptables
nano /etc/apache2/ports.conf Listen 80 <IfModule mod_ssl.c> Listen 443 </IfModule> <IfModule mod_gnutls.c> Listen 443 </IfModule> # EOF cp /etc/apache2/sites-available/default /etc/apache2/sites-available/naudoc.conf nano /etc/apache2/sites-available/naudoc.conf ServerName mydomain.net NameVirtualHost *:80 <VirtualHost *:80> Redirect permanent / https://mydomain.net/ </VirtualHost> # EOF a2ensite naudoc.conf service apache2 stop; service apache2 start
Posted by Valentin at 11:30 0 comments
Labels: HTTP. Apache, linux, Naudoc, ssl/tls, sysadm, Zope(Plone)
2015-02-10
Авторынок
Posted by Valentin at 11:30 2 comments
Labels: driving
2015-02-09
Как ставить Zope 2.10.7 и Naudoc 6 на Debian 7 amd64
su -l tar xvzf /home/valik/t/NauDoc-6/egenix-mx-base-3.2.7.tar.gz pushd /home/valik/t/NauDoc-6/egenix-mx-base-3.2.7 script -t 2>~/egenix.time ~/egenix.script /opt/python24/bin/python setup.py install
su -l adduser zope mkdir /opt/zope chown zope /opt/zope mkdir /opt/naudoc chown zope /opt/naudoc
su -l zope tar zxf /home/valik/t/NauDoc-6/Zope-2.10.7-final.tgz pushd /home/zope/Zope-2.10.7-final script -t 2>~/zope.time ~/zope.script ./configure --prefix=/opt/zope --with-python=/opt/python24/bin/python make clean make make install /opt/python24/bin/python /opt/zope/bin/mkzopeinstance.py --dir=/opt/naudoc
nano /opt/naudoc/etc/zope.conf ... default-zpublisher-encoding windows-1251 effective-user zope
cd ~ mkdir nd cd nd unzip /home/valik/t/NauDoc-6/NauDoc-6.zip cp -R Products/* /opt/naudoc/Products/ cp -R var/Data.fs /opt/naudoc/var/ cp -R lib/* /opt/naudoc/lib/ cp -R Extensions/* /opt/naudoc/Extensions/
pushd /opt/naudoc/Products/TextIndexNG2/ script -t 2>~/zope.time -a ~/zope.script /opt/python24/bin/python setup.py build su -l pushd /opt/naudoc/Products/TextIndexNG2/ /opt/python24/bin/python setup.py install
su -l zope /opt/naudoc/bin/zopectl start
SOFTWARE_HOME /opt/zope/lib/python ZOPE_HOME /opt/zope INSTANCE_HOME /opt/naudoc CLIENT_HOME /opt/naudoc/var
product_version 6.4.1
su -l aptitude install libjpeg62-dev libjpeg62 zlib1g-dev zlib1g libfreetype6 libfreetype6-dev liblcms1 liblcms1-dev wget http://effbot.org/downloads/Imaging-1.1.7.tar.gz tar xvzf Imaging-1.1.7.tar.gz cd Imaging-1.1.7/
nano setup.py ... JPEG_ROOT = '/usr/lib/x86_64-linux-gnu'
script -t 2>~/pil.time ~/pil.script /opt/python24/bin/python setup.py clean rm -f *.so PIL/*.so /opt/python24/bin/python setup.py build_ext -i /opt/python24/bin/python selftest.py /opt/python24/bin/python setup.py install
PIL 1.1.7 SETUP SUMMARY -------------------------------------------------------------------- version 1.1.7 platform linux3 2.4.4 (#10, Nov 25 2014, 19:16:43) [GCC 4.7.2] -------------------------------------------------------------------- --- TKINTER support available --- JPEG support available --- ZLIB (PNG/ZIP) support available --- FREETYPE2 support available --- LITTLECMS support available
aptitude install libpng12-0 libpng12-0-dev aptitude install libwmf-bin libwmf-dev aptitude install wv libwv-dev aptitude install xlhtml aptitude install unrtf aptitude install xpdf xpdf-utils aptitude install graphviz graphviz-dev libgraphviz-dev python-pygraphviz
dpkg --get-selections > ~/installed-software.log
aptitude install $(cat ~/installed-software.log | awk '{print $1}')
tar -zcvf ~/zope-backup.tgz /opt/zope tar -zcvf ~/naudoc-backup.tgz /opt/naudoc
nano /etc/init.d/zope2.10
#!/bin/sh ### BEGIN INIT INFO # Provides: zope2.10 # Required-Start: $syslog $remote_fs $network # Required-Stop: $syslog $remote_fs $network # Should-Start: $remote_fs # Should-Stop: $remote_fs # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Start zope2.10 instances # Description: Start the instance /opt/naudoc/bin/zopectl ### END INIT INFO ZVER=2.10 INSTANCES='naudoc' [ -d /opt/naudoc -a -d /opt/zope ] || exit 0 . /lib/lsb/init-functions if [ -f "/etc/default/zope$ZVER" ]; then . /etc/default/zope$ZVER fi if [ "$INSTANCES" = "NONE" -o "$INSTANCES" = "" ]; then INSTANCES='' log_warning_msg "Zope$ZVER: instances have been disabled, edit /etc/default/zope$ZVER to enable them." elif [ "$INSTANCES" = "ALL" ]; then INSTANCES='*' fi case "$1" in start|stop|restart) p=''; [ "$1" = "stop" ] && p='p' if [ -n "$INSTANCES" ]; then cd /opt for i in $INSTANCES ; do if [ "$i" = "*" ]; then log_success_msg "Zope$ZVER: no instances found." break elif [ ! -d "$i" ]; then continue fi if [ -x /opt/$i/bin/zopectl ] ; then log_begin_msg "Zope$ZVER: ${1}${p}ing $i instance" /opt/$i/bin/zopectl $1 >/dev/null 2>&1 log_end_msg $? else log_warning_msg "Zope$ZVER: skipping $i (old/purged)" fi done fi ;; force-reload) echo "Zope$ZVER doesn't support force-reload, use restart instead." ;; *) echo "Usage: /etc/init.d/zope$ZVER {start|stop|restart|force-reload}" exit 1 ;; esac exit 0 |
chmod +x /etc/init.d/zope2.10 chkconfig --add zope2.10
Posted by Valentin at 11:30 2 comments
Labels: linux, Naudoc, python, Zope(Plone)