From 5cf485f68155bb5f7444712d36cde7bf68d754b6d399085caa4a3e53d6eed1fd Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Wed, 5 Jul 2017 21:56:19 +0000 Subject: [PATCH] Accepting request 507741 from Application:ERP:Tryton:Factory Final version GNU Health 3.2 OBS-URL: https://build.opensuse.org/request/show/507741 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/trytond?expand=0&rev=9 --- tryton-server.README.SUSE | 59 +++++++++++++--------- trytond-3.8.12.tar.gz | 3 -- trytond-4.2.5.tar.gz | 3 ++ trytond.changes | 59 +++++++++------------- trytond.conf | 20 +++----- trytond.conf.example | 12 ++--- trytond.spec | 100 +++++++++++++++++++++----------------- trytond_server.diff | 33 ------------- user_login.patch | 25 ++++++++++ 9 files changed, 156 insertions(+), 158 deletions(-) delete mode 100644 trytond-3.8.12.tar.gz create mode 100644 trytond-4.2.5.tar.gz delete mode 100644 trytond_server.diff create mode 100644 user_login.patch diff --git a/tryton-server.README.SUSE b/tryton-server.README.SUSE index fb8e387..d3044d6 100644 --- a/tryton-server.README.SUSE +++ b/tryton-server.README.SUSE @@ -14,12 +14,15 @@ You have already installed the package trytond and found this documentation. Goo #su postgres #nano /var/lib/pgsql/data/pg_hba.conf + Change the line local all all md5 to local all all trust Save your input. +Save your input. + 3) Create a role for 'tryton' in the database (sill as user postgres) #psql -c "CREATE USER tryton WITH CREATEDB;" @@ -33,7 +36,6 @@ uncomment super_pwd 6) start trytond: #systemctl start trytond -Now the Tryton Server is running. You need a client to connect to it 7) Install the tryton client: #zypper in tryton @@ -41,11 +43,13 @@ Now the Tryton Server is running. You need a client to connect to it 8) Open the tryton client: #tryton go to 'manage profiles' -> add -> name it 'localhost' -> Host: localhost --> you should now see a button to create a database +-> you should now see a selection of available databases + +Note: Fron Tryton Release 4.2 onwards it is not possible anymore to create databases +from the Frontend. You need to do this manually (see below) DONE. - Setup (a bit more in detail) ============================ @@ -70,17 +74,23 @@ We can distinguish two scenarios, to which the following description will refere Note: If PostgreSQL runs on another machine than the Tryton server, make sure you have setup database password authentication. Please refer to the - PostgreSQL manual how to do this. If they run on the same machine, connection - via local sockets is preferred and you are done with the default configuration - of the PostgreSQL package. + PostgreSQL manual how to do this. - If postgres runs locally, you may need to change the configuration file - /var/lib/pgsql/data/pg_hba.conf the line - local all all md5 - to - local all all trust + To allow Tryton Server to connect to postgres, md5 authentication should be used. + In the configuration file /var/lib/pgsql/data/pg_hba.conf change the lines + + # IPv4 local connections: + host all all 127.0.0.1/32 ident + # IPv6 local connections: + host all all ::1/128 ident + + to: + # IPv4 local connections: + host all all 127.0.0.1/32 md5 + # IPv6 local connections: + host all all ::1/128 md5 - Restart the database-server for the changes to take effect. + Restart the server for the changes to take effect. * Creating the database user: @@ -93,7 +103,7 @@ We can distinguish two scenarios, to which the following description will refere psql -c "CREATE USER tryton WITH CREATEDB;" Case 2) - In case 2 the user needs additionally an encrypted password:: + In case 2 the user needs additionally an encrypted password to log into the DB: su postgres psql -c "ALTER ROLE tryton ENCRYPTED PASSWORD 'tryton_password' ;" @@ -130,7 +140,7 @@ Preparing the Tryton server * If the Tryton server is listening on external interfaces, it is highly recommended to enable SSL for the connection. - Note: See https://github.com/mbehrle/tryton/blob/wiki/InstallationonopenSUSE.md#Setting_up_SSL_communication_with_the_Tryton_server + Note: See https://code.google.com/p/tryton/wiki/InstallationonopenSUSE#Setting_up_SSL_communication_with_the_Tryton_server for a description to set up certificates * Restarting trytond: @@ -149,7 +159,7 @@ Now you are ready to connect with a client, e.g. tryton-client. Creating the database for Tryton -------------------------------- -For case 1, manual creation of the database, the following steps are to be performed: +For case 1, manual creation of the database, the folowing steps are to be performed: * Creating the database: @@ -160,8 +170,11 @@ For case 1, manual creation of the database, the following steps are to be perfo (here as default: mydb). * Initializing the database: + + Log in as user tryton: - # /usr/bin/trytond -c /etc/tryton/trytond.conf --all -d mydb + # sudo su tryton -s /bin/bash + # /usr/bin/trytond-admin -c /etc/tryton/trytond.conf --all -d mydb Note: Use the database name you chose in the previous step (here as default: mydb). You will be asked for the admin password for this database. @@ -171,7 +184,7 @@ As result you will have a bare Tryton database with the base modules installed. For case 2, you need to create an encrypted password and enter it in the configuration file as super_pwd -See: http://doc.tryton.org/3.8/trytond/doc/topics/configuration.html +See: http://doc.tryton.org/4.2/trytond/doc/topics/configuration.html Installation of the Webfrontend for tryton (sao) from package @@ -183,8 +196,8 @@ For most openSUSE Flavours tryton-sao is packed. You can install it with You need to edit /etc/tryton/trytond.conf. Installation of tryton-sao follows the standards for nodejs-installations, so the path is within the node-modules: -In the section [jsonrpc], set the data path: - data = /usr/lib/node-modules/tryton-sao +In the section [web], set the path: + root = /usr/lib/node-modules/tryton-sao Now restart trytond. @@ -207,8 +220,8 @@ Now you need to run grunt. make sure it is run from the locally installed versio node_modules/grunt-cli/bin/grunt Last but not least, edit /etc/tryton/trytond.conf -In the section [jsonrpc], set the data path: - data = /srv/tryton-sao/package +In the section [web], set the path: + root = /usr/lib/node-modules/tryton-sao Now restart trytond. @@ -220,7 +233,7 @@ Upgrade version string) you have to update your database(s). After the categorically recommended backup do: - # /usr/bin/trytond -c /etc/tryton/trytond.conf --all -d mydb + # /usr/bin/trytond-admin -c /etc/tryton/trytond.conf --all -d mydb Remember to replace tryton with the name of your database. @@ -262,4 +275,4 @@ Now, you're finished with the system setup. Please be aware of the following thi * Only the same major version of Tryton client and Tryton server can connect. - -- Axel Braun Wed Sep 28 18:35:02 UTC 2016 + -- Axel Braun TUE Jun 20 15:40:04 UTC 2017 diff --git a/trytond-3.8.12.tar.gz b/trytond-3.8.12.tar.gz deleted file mode 100644 index c345bdf..0000000 --- a/trytond-3.8.12.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:bd50056836a6b6bc72d2ae4133b99319c9371aea493b022954541cc1c53298a5 -size 585173 diff --git a/trytond-4.2.5.tar.gz b/trytond-4.2.5.tar.gz new file mode 100644 index 0000000..a951555 --- /dev/null +++ b/trytond-4.2.5.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:de60711cb046eee59f0363e96977ca54bc8f119833339be8f000ad978fe685a2 +size 585937 diff --git a/trytond.changes b/trytond.changes index 07f027d..90d831e 100644 --- a/trytond.changes +++ b/trytond.changes @@ -1,66 +1,55 @@ ------------------------------------------------------------------- -Tue Jun 6 21:12:54 UTC 2017 - axel.braun@gmx.de +Mon Jul 3 09:12:15 UTC 2017 - axel.braun@gmx.de -- Version 3.8.12 +- Version 4.2.5 ------------------------------------------------------------------- -Mon Apr 3 20:06:18 UTC 2017 - axel.braun@gmx.de +Tue Jun 20 16:26:42 UTC 2017 - axel.braun@gmx.de -- Version 3.8.11 +- Patch for user login user_login.patch from GNU Health 3.20 applied + trytond_server.diff removed as not needed anymore ------------------------------------------------------------------- -Tue Mar 14 21:28:23 UTC 2017 - axel.braun@gmx.de +Tue Jun 6 07:50:44 UTC 2017 - axel.braun@gmx.de -- Version 3.8.10 +- Version 4.2.4 ------------------------------------------------------------------- -Fri Feb 17 13:15:22 UTC 2017 - axel.braun@gmx.de +Mon Apr 3 19:36:48 UTC 2017 - axel.braun@gmx.de -- proposal path for sao changed +- Version 4.2.3 ------------------------------------------------------------------- -Sun Dec 18 01:01:12 UTC 2016 - axel.braun@gmx.de +Fri Mar 10 10:24:56 UTC 2017 - axel.braun@gmx.de -- version 3.8.9 - * Sanitize path in file_open (CVE-2016-1242) bsc#1016886 - * Prevent read of user password hash (CVE-2016-1241) bsc#1016885 +- Version 4.2.2 ------------------------------------------------------------------- -Tue Oct 18 19:06:22 UTC 2016 - axel.braun@gmx.de +Fri Jan 6 15:27:55 UTC 2017 - axel.braun@gmx.de -- update of README +- Version 4.2.1 + +------------------------------------------------------------------- +Mon Nov 28 18:22:41 UTC 2016 - axel.braun@gmx.de + +- Tryton Release 4.2 ------------------------------------------------------------------- -Wed Sep 28 18:53:35 UTC 2016 - axel.braun@gmx.de - -- update of trytond.conf and README.SUSE - -------------------------------------------------------------------- -Wed Aug 31 06:15:53 UTC 2016 - axel.braun@gmx.de - -- Version 3.8.8 - -------------------------------------------------------------------- -Wed Aug 24 15:01:13 UTC 2016 - axel.braun@gmx.de - -- License added to package documentation - -------------------------------------------------------------------- -Wed Aug 24 11:27:00 UTC 2016 - jengelh@inai.de +Wed Aug 24 13:52:32 UTC 2016 - axel.braun@gmx.de - Update description - Add missing %service_add_pre and convert open-coded other three scriptlets to %service_*. ------------------------------------------------------------------- -Tue Jul 5 09:43:38 UTC 2016 - axel.braun@gmx.de +Tue Jul 5 09:46:31 UTC 2016 - axel.braun@gmx.de -- version 3.8.6 +- version 4.0.2 -------------------------------------------------------------------- -Thu Jun 30 13:34:19 UTC 2016 - axel.braun@gmx.de +------------------------------------------------------------------- +Tue May 02 10:24:48 UTC 2016 - axel.braun@gmx.de -- changed requirement to python-python-sql +- Tryton Release 4.0 ------------------------------------------------------------------- Mon Mar 28 11:58:39 UTC 2016 - axel.braun@gmx.de diff --git a/trytond.conf b/trytond.conf index c1bfdcf..279e702 100644 --- a/trytond.conf +++ b/trytond.conf @@ -16,17 +16,12 @@ # (e.g. PostgreSQL database running on the same machine (localhost)) #uri = postgresql://tryton:tryton@/ # -# Postgres running on the same machine: - -uri = postgresql:/// - -# -# # PostgreSQL via TCP/IP # (e.g. connecting to a PostgreSQL database running on a remote machine or # by means of md5 authentication. Needs PostgreSQL to be configured to accept # those connections (pg_hba.conf).) -#uri = postgresql://tryton:tryton@localhost:5432/ + +uri = postgresql://tryton:tryton@localhost:5432/ # The path to the directory where the Tryton Server stores files. # The server must have write permissions to this directory. @@ -72,12 +67,7 @@ listen = [::]:8000 #hostname = # The root path to retrieve data for GET requests -# used for SAO as well! -# -#data = /srv/tryton-sao/package -# -# SAO listens on http://localhost:8000 - +#data = jsondata [xmlrpc] # Settings for the XML-RPC network interface @@ -137,3 +127,7 @@ listen = [::]:8000 #uri = ldap://host:port/dn?attributes?scope?filter?extensions # A basic default URL could look like #uri = ldap://localhost:389/ + +[web] +# Path for the web-frontend +#root = /usr/lib/node-modules/tryton-sao diff --git a/trytond.conf.example b/trytond.conf.example index 8c51cc5..bd96e7d 100644 --- a/trytond.conf.example +++ b/trytond.conf.example @@ -15,17 +15,13 @@ # PostgreSQL via Unix domain sockets # (e.g. PostgreSQL database running on the same machine (localhost)) #uri = postgresql://tryton:tryton@/ -# -#Default setting for a local postgres database - -uri = postgresql:/// - # # PostgreSQL via TCP/IP # (e.g. connecting to a PostgreSQL database running on a remote machine or # by means of md5 authentication. Needs PostgreSQL to be configured to accept # those connections (pg_hba.conf).) -#uri = postgresql://tryton:tryton@localhost:5432/ + +uri = postgresql://tryton:tryton@localhost:5432/ # The path to the directory where the Tryton Server stores files. # The server must have write permissions to this directory. @@ -133,3 +129,7 @@ super_pwd = jkUbZGvFNeugk #uri = ldap://host:port/dn?attributes?scope?filter?extensions # A basic default URL could look like #uri = ldap://localhost:389/ + +[web] +# Path for the web-frontend +#root = /usr/lib/node-modules/tryton-sao diff --git a/trytond.spec b/trytond.spec index 9d8a3ab..aa648e1 100644 --- a/trytond.spec +++ b/trytond.spec @@ -2,7 +2,7 @@ # spec file for package trytond # # Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. -# Copyright (c) 2016 Dr. Axel Braun +# Copyright (c) 2015, 2016 Dr. Axel Braun # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,54 +17,60 @@ # -%define majorver 3.8 +%define majorver 4.2 %define base_name tryton Name: trytond -Version: %{majorver}.12 +Version: %{majorver}.5 Release: 0 -Summary: An Enterprise Resource Planning system + +Summary: An Enterprise Resource Planning (ERP) system License: GPL-3.0+ Group: Productivity/Office/Management Url: http://www.tryton.org/ Source0: http://downloads.tryton.org/%{majorver}/%{name}-%{version}.tar.gz +#Patch0: trytond340.patch Source1: tryton-server.README.SUSE Source2: trytond.conf.example Source3: %{name}.conf Source4: %{name}_log.conf -#Source11: %{name}.sysconfig +# GNU Health patch for user login +Patch0: user_login.patch Source20: %{name}.service -Patch0: %{name}_server.diff # List of additional build dependencies BuildRequires: fdupes -BuildRequires: python-devel -BuildRequires: python-lxml -BuildRequires: python-psycopg2 -BuildRequires: python-pydot -BuildRequires: python-python-sql -BuildRequires: python-setuptools -BuildRequires: python-simplejson +BuildRequires: python3-Werkzeug +BuildRequires: python3-bcrypt +BuildRequires: python3-lxml +BuildRequires: python3-psycopg2 +BuildRequires: python3-pydot3 +BuildRequires: python3-python-sql +BuildRequires: python3-setuptools +BuildRequires: python3-simplejson +BuildRequires: python3-wrapt BuildRequires: systemd-rpm-macros -Requires: libreoffice-pyuno Requires: postgresql-server -Requires: python-Genshi -Requires: python-Levenshtein -Requires: python-PyWebDAV -Requires: python-Sphinx -Requires: python-cdecimal -Requires: python-lxml -Requires: python-mock -Requires: python-polib -Requires: python-psycopg2 -Requires: python-py-bcrypt -#Requires: python-pytz -#Requires: python-pyOpenSSL -#Requires: python-egenix-mx-base -Requires: python-python-dateutil -Requires: python-python-sql -Requires: python-relatorio +Requires: python3-Genshi +Requires: python3-lxml +Requires: python3-psycopg2 +#Requires: python3-pytz +#Requires: python3-pyOpenSSL +#Requires: python3-egenix-mx-base +Requires: libreoffice-pyuno +Requires: python3-Levenshtein +Requires: python3-dateutil +Requires: python3-polib +Requires: python3-python-sql +Requires: python3-relatorio Requires: unoconv -Requires(pre): %{_sbindir}/groupadd -Requires(pre): %{_sbindir}/useradd +#Requires: python3-PyWebDAV +Requires: python3-Sphinx +Requires: python3-Werkzeug +Requires: python3-bcrypt +Requires: python3-mock +Requires: python3-simpleeval +Requires: python3-wrapt +Requires(pre): /usr/sbin/groupadd +Requires(pre): /usr/sbin/useradd BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch %{?systemd_requires} @@ -77,24 +83,25 @@ database engine. Tryton provides modularity, scalability and security. %prep -%setup -q -cp %{SOURCE1} . -cp %{SOURCE2} . +%setup -q +cp %{S:1} . +cp %{S:2} . +%patch0 -p0 %build -python setup.py build +python3 setup.py build %install -python setup.py install --prefix=%{_prefix} --root=%{buildroot} --record-rpm=filelist +python3 setup.py install --prefix=%_prefix --root=%buildroot --record-rpm=filelist # only for systemd -mkdir -p %{buildroot}%{_sysconfdir}/%{base_name} -install -p -m 640 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{base_name}/%{name}.conf -install -p -m 640 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{base_name}/%{name}_log.conf +mkdir -p $RPM_BUILD_ROOT%{_sysconfdir}/%{base_name} +install -p -m 640 %{SOURCE3} $RPM_BUILD_ROOT%{_sysconfdir}/%{base_name}/%{name}.conf +install -p -m 640 %{SOURCE4} $RPM_BUILD_ROOT%{_sysconfdir}/%{base_name}/%{name}_log.conf -mkdir -p %{buildroot}%{_unitdir} -install -p -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/%{name}.service +mkdir -p $RPM_BUILD_ROOT%{_unitdir} +install -p -m 644 %{SOURCE20} $RPM_BUILD_ROOT%{_unitdir}/%{name}.service -mkdir -p %{buildroot}%{_localstatedir}/{lib,log}/%{base_name} +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/{lib,log}/%{base_name} %fdupes -s %{buildroot} %pre @@ -113,12 +120,15 @@ getent passwd tryton > /dev/null || %{_sbindir}/useradd -r -g tryton \ %postun %service_del_postun trytond.service -%files +%files +#%files -f filelist %defattr(-,root,root) %doc README tryton-server.README.SUSE trytond.conf.example LICENSE doc/* -%{python_sitelib}/* +%{python3_sitelib}/* %dir %{_sysconfdir}/%{base_name} %{_bindir}/%{name} +%{_bindir}/%{name}-admin +%{_bindir}/%{name}-cron %{_unitdir}/%{name}.service %attr(640,root,tryton) %config(noreplace)%{_sysconfdir}/%{base_name}/%{name}.conf %attr(640,root,tryton) %config(noreplace)%{_sysconfdir}/%{base_name}/%{name}_log.conf diff --git a/trytond_server.diff b/trytond_server.diff deleted file mode 100644 index 08554cf..0000000 --- a/trytond_server.diff +++ /dev/null @@ -1,33 +0,0 @@ -diff -crB a/trytond/res/user.py b/trytond/res/user.py -*** a/trytond/res/user.py 2016-03-08 13:56:41.921761645 +0000 -- --- b/trytond/res/user.py 2016-03-08 13:57:05.931762976 +0000 -*************** -*** 464,476 **** - Return user id if password matches - ''' - LoginAttempt = Pool().get('res.user.login.attempt') -- - time.sleep(2 ** LoginAttempt.count(login) - 1) - user_id, password_hash = cls._get_login(login) - if user_id: - if cls.check_password(password, password_hash): -- - LoginAttempt.remove(login) - return user_id -! LoginAttempt.add(login) - return 0 - - @staticmethod -- --- 464,477 ---- - Return user id if password matches - ''' - LoginAttempt = Pool().get('res.user.login.attempt') - user_id, password_hash = cls._get_login(login) - if user_id: - if cls.check_password(password, password_hash): - return user_id -! -! #Timeout for invalid login attempts -! #TODO : use failed_login_timeout from configuration param. -! time.sleep(3) - return 0 - - @staticmethod diff --git a/user_login.patch b/user_login.patch new file mode 100644 index 0000000..1161381 --- /dev/null +++ b/user_login.patch @@ -0,0 +1,25 @@ +diff -ruN a/user.py b/user.py +--- trytond/res/user.py 2017-06-07 11:24:56.101578719 +0100 ++++ trytond/res/user.py 2017-06-07 11:24:15.136154818 +0100 +@@ -495,7 +495,6 @@ + Return user id if password matches + ''' + LoginAttempt = Pool().get('res.user.login.attempt') +- time.sleep(2 ** LoginAttempt.count(login) - 1) + for method in config.get( + 'session', 'authentications', default='password').split(','): + try: +@@ -505,9 +504,11 @@ + continue + user_id = func(login, parameters) + if user_id: +- LoginAttempt.remove(login) + return user_id +- LoginAttempt.add(login) ++ else: ++ logger.info('Invalid login from : %s', login) ++ time.sleep(3) ++ + + @classmethod + def _login_password(cls, login, parameters):