When the */plinth/static* configuration is above */plinth*, it doesn't
work. Move it below the */plinth* configuration so static files will
be served correctly.
These changes should make it easier to customize standard Plinth file
locations for other distributions going forward. Most of the defaults
have been removed from *cfg.py*: we now assume that your plinth.config
file contains all the data we need. This may turn out to be a bad
decision (not everybody retains a copy of the original config file).
I've also reorganized *plinth.sample.config* to separate the
directories from the files they're storing. This should be the file
distributions patch in order to customize file locations per their
preferred file organization.
Previously, the cfg.base_href variable was never set (it's not even in
the sample.config file!). Now, Plinth uses the specified root
directory (from the *--server_dir* argument) in each URL reference.
There's no point to having two copies of what's essentially the same
file. In the long term, this means the distributions will need to
patch out cfg.py directories instead of plinth.sample.fhs.config. So,
if diff plinth.sample.config plinth.sample.fhs.config reveals
anything relevant, put that in your patch.
Turns out, that was a terrible idea.
Putting privilegedactions in actions/ meant that we tried to interpret
it during startup (along with other similarly silly bugs). The
fastest way to fix this issue is to merely revert it.
Changes:
1. Remove local minified copies of html5shiv, modernizr, and jquery.
2. Add symlinks to system copies of minified modernizr and jquery. These are installed by libjs-modernizr and libjs-jquery.
3. In apache configuration, change DocumentRoot from plinth/static to just plinth.
4. Add permissions for /static location.
This allow us to handle all the Plinth setup in one package. I've
added one change from Pere's original commit: we disable Apache's
default site. If the default site is enabled, Plinth doesn't load
correctly (we get 404 errors).
Plinth has been moved from plinth.(server).local to (server)/plinth.
*plinth.py* has been updated to take a new *--server_dir* argument,
which *share/init.d/plinth* now provides. *plinth.sample.config* has
also been updated.
Actually, the whole package has been moved to a more Debian-friendly
configuration. *share/apache2/plinth.conf* has been updated to
reflect the standard Debian directories. It seems to make more sense
this way, as (other than FreedomMaker, which now uses this package
anyway) no other tools or derivatives use this system. The
configuration can be patched out by other distributions easily enough.
I'm sure there are still some exploits in the code, but there are
certainly fewer now. Instead of just executing whatever arguments are
passed into privilegedactions.privilegedaction_run, we now limit the
actions that can be run in the following ways:
- Only actions that exist in the actions directory can be executed.
Attempting to run the action "echo; rm -rf /" will look for a file
named "actions/echo; rm -rf /", of which there are none.
- Shell literals are escaped: attempting to run the "echo" action with
options like "'hi'; rm -rf /") will echo "'hi'; rm -rf /".
- It is difficult to interact with the spawned process through this
interface. We can't control whether the spawned process allows
interaction.
The details of the contract are included in privilegedactions.py, and
this contract is tested in privilegedactions_test.py.
