Re: 2 issues about zope-* packages
- To: Gregor Hoffleit <flight@debian.org>
- Cc: "Luca - De Whiskey's - De Vitis" <luca@debian.org>, Andrea Fanfani <andrea@debian.org>, Bastian Blank <waldi@debian.org>, Behan Webster <behanw@pobox.com>, Christian Leutloff <leutloff@debian.org>, Debian QA Group <packages@qa.debian.org>, Federico Di Gregorio <fog@debian.org>, "James W. Penny" <jpenny@debian.org>, AJohn Goerzen <jgoerzen@complete.org>
- Subject: Re: 2 issues about zope-* packages
- From: "Tille, Andreas" <TilleA@rki.de>
- Date: Tue, 26 Mar 2002 15:27:13 +0100 (CET)
- Message-id: <[🔎] Pine.LNX.4.43.0203261524150.18884-200000@wr-linux02.rki.ivbb.bund.de>
- In-reply-to: <[🔎] 20020326135550.GB20928@hal.mediasupervision.de>
On Tue, 26 Mar 2002, Gregor Hoffleit wrote:
> If all works well, I might have a working prototype of this NG Zope
> packages at the end of the next week.
Great!
> I would appreciate comments regarding this redesign.
Sounds very good from your description.
> A remaining problem are .zexp products. I don't see any solution at all
> for packaging them so that they get automatically and safely upgraded
> (I could even say: I don't see any reason for packaging them ;-).
I have a quick unreliable hack using wget and some discussion from
the mailing list which I stored manually and which I attached to this
mail.
Suggestion: Why not discussing such issues at debian-python list?
The CC-list is not very handy.
Kind regards
Andreas.
From entheos@entheossoft.com Wed Jan 23 09:19:28 2002
Date: Tue, 22 Jan 2002 09:56:57 -800
From: entheos@entheossoft.com
To: TilleA@rki.de
Cc: zope@zope.org
Subject: Re: Automatically import a zexp
Andreas,
To do this, zope needs to be running. If that is the case, then just copy the .zexp or xml file to the imports directory and make the appropriate xml-rpc call:
http://www.zope.org/Members/Amos/XML-RPC
To make an xml-rpc call without using python look at the bottom of this page:
http://developer.kde.org/documentation/kde2arch/xmlrpc.html
You'll also need to figure out how to do base64 encoding for the password, which is described in Amos' HOWTO above. Using perl for that would make it more debianish, since dpkg (or is it apt) depends on perl.
To bad you aren't doing this TTW - you could use the ZImporter :)
http://www.zope.org/Members/tfarrell/ZImporter/
(It even works with 2.4.3 - I just imported an 18MB xml file TTW)
Any method of doing this when zope is not running will need access to the ZODB code in the Zope/lib/python directory, so that will need to be in the python path, unless you choose to rewrite the ZODB access code for scratch :)
A few thoughts.
Troy
--
Troy Farrell
Developer
Entheos Software
mailto:troy@entheossoft.com
http://www.entheossoft.com
> Hello,
>
> as a Debian maintainer I wonder if there is any clean method to import
> zexp products by a script (not using the import method from a browser).
> The idea is that installing Python products is simple by copying the
> python code to the right place and restart zope. Works fine in the
> Debian postinst script.
> But what to do with zexp products. I tried a very dirty hack like
>
>
>
> ZOPEUSER="<place the name of Zope administrator here>"
> PASSWD="<and his password>"
> ## For sure this is insecure.
> ## You should find a secure way using debconf to maintain this!!!!
>
> IMPORT=<product-name>.zexp
>
> LC_ALL=en_EN
>
> HOST=localhost
> PORT=9673
>
> wget --proxy=off --http-user=${ZOPEUSER} --http-pass=${PASSWD} \
>
> http://${HOST}:${PORT}/Control_Panel/Products/${prod}/manage_importObject?f
> ile=${IMPORT}
>
>
> but I think I really do not have to tell you that this can not be the
> recommended way to go.
>
> Any other idea?
>
> Kind regards
>
> Andreas.
On Tue, 22 Jan 2002 entheos@entheossoft.com wrote:
> To do this, zope needs to be running. If that is the case, then just copy the .zexp or xml file to the imports directory and make the appropriate xml-rpc call:
> http://www.zope.org/Members/Amos/XML-RPC
Might be possible because there is an ITP (Intent To Package) for xmlrpclib
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=115368
> To make an xml-rpc call without using python look at the bottom of this page:
> http://developer.kde.org/documentation/kde2arch/xmlrpc.html
Interesting, too.
> You'll also need to figure out how to do base64 encoding for the password, which is described in Amos' HOWTO above. Using perl for that would make it more debianish, since dpkg (or is it apt) depends on perl.
I really do not have to do it in Perl (by the way apt depends from dpkg
ant thus it implicitely depends from Perl) because if I want to install
something which depends from Zope Python is clearly installed in the
system.
> To bad you aren't doing this TTW - you could use the ZImporter :)
> http://www.zope.org/Members/tfarrell/ZImporter/
> (It even works with 2.4.3 - I just imported an 18MB xml file TTW)
Well, as I said, wget is an option to do this stuff. On the other hand
this pages says:
This does pose some security issues. It is recommended that
after you have imported your site, you remove all instances
of ZImporters.
A possible way would be to ship ZImporter inside the package, move it
into the right place, restart zope, import the zexp product using wget
(if I really understand you right), remove ZImporter product, restart
Zope. All this stuff could be done in the postinst script.
I guess the XML method would be a little bit straightforeward even
if the last approach would be possible in principle
> Any method of doing this when zope is not running will need access to the ZODB code in the Zope/lib/python directory, so that will need to be in the python path, unless you choose to rewrite the ZODB access code for scratch :)
A running Zope can be assumed.
> A few thoughts.
Thanks
Andreas.
From srichter@cbu.edu Wed Jan 23 09:48:50 2002
Date: Wed, 23 Jan 2002 02:36:09 -0600
From: Stephan Richter <srichter@cbu.edu>
To: "Tille, Andreas" <TilleA@rki.de>, Zope user list <zope@zope.org>
Subject: Re: Automatically import a zexp
> > BTW, the easiest way would be to create a distribution of your Zope ZClass
> > product. All you need to do is to drop it in the Products directory and it
> > will be added in the ZODB Products Folder.
>You are completely right. The problem is that we do not talk about *my*
>product but about products like for instance
>
> http://www.zope.org/Members/Barabbas/EventFolder/
>
>Should I ask the upstream author to change this to let the install
>procedure become more easy?
This would be my suggestion. Or you create the distro yourself and provide
the file.
Regards,
Stephan
--
Stephan Richter
CBU - Physics and Chemistry Student
Web2k - Web Design/Development & Technical Project Management
From renfro@tntech.edu Thu Jan 24 13:42:22 2002
Date: Wed, 23 Jan 2002 09:42:32 -0600
From: Mike Renfro <renfro@tntech.edu>
To: zope@zope.org
Subject: Re: Automatically import a zexp
On Tue, Jan 22, 2002 at 06:17:48PM +0100, Oliver Bleutgen wrote:
> > wget --proxy=off --http-user=${ZOPEUSER} --http-pass=${PASSWD} \
> > http://${HOST}:${PORT}/Control_Panel/Products/${prod}/manage_importObject?file=${IMPORT}
> >
> > but I think I really do not have to tell you that this can not be the
> > recommended way to go.
> >
>
> Dumb question, why not? What (linux-) priviledge level does one need to
> install a new package?
> If you think that installing filesystem products the way you described
> is secure, then I don't see why using this shellscript isn't, provided
> it is only readable by the right user(s).
Assuming the server has non-administrative users with login
priveleges, if they run 'ps auxwww' at just the right time, they've
captured all your command line arguments to wget... including your
Zope administrative username and password. Python product installation
doesn't carry that particular risk.
One way to eliminate that possibility would be to use a browser other
than wget, something that can prompt for the administrative username
and password when needed, or read them from a protected file.
--
Mike Renfro / R&D Engineer, Center for Manufacturing Research,
931 372-3601 / Tennessee Technological University -- renfro@tntech.edu
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
From fg@nuxeo.com Mon Jan 28 11:10:00 2002
Date: Mon, 28 Jan 2002 00:03:32 +0000 (UTC)
From: Florent Guillaume <fg@nuxeo.com>
To: zope@zope.org
Newsgroups: local.lists.zope.zope
Subject: Re: Automatically import a zexp
> as a Debian maintainer I wonder if there is any clean method to import
> zexp products by a script (not using the import method from a browser).
> The idea is that installing Python products is simple by copying the
> python code to the right place and restart zope. Works fine in the
> Debian postinst script.
You could simply use something like what load_site is doing, namely:
import ZPublisher.Client
ob=ZPublisher.Client.Object(url, username=user, password=password)
ob.manage_somethingOrOther(id=name, file=open(fname, 'rb'))
Or even, without starting Zope:
import Zope
root = Zope.app()
ob = root.path.to.your.object
ob.manage_blabla
get_transaction().commit()
All untested of course :-)
Florent
--
Florent Guillaume, Nuxeo (Paris, France)
+33 1 40 33 79 10 http://nuxeo.com mailto:fg@nuxeo.com
_______________________________________________
Zope maillist - Zope@zope.org
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
Reply to: