From da3d9f9658932ae5abe8d2911a159d50d3462ae1ccd03c06edce94ffcdd981b3 Mon Sep 17 00:00:00 2001 From: Axel Braun Date: Mon, 7 Mar 2022 14:13:59 +0000 Subject: [PATCH 1/2] Accepting request 959950 from Application:ERP:GNUHealth:4.0 version bump OBS-URL: https://build.opensuse.org/request/show/959950 OBS-URL: https://build.opensuse.org/package/show/Application:ERP:GNUHealth:Factory/trytond?expand=0&rev=136 --- ...lds.diff => Update_changed_fields_6.0.diff | 15 +- fix_werkzeug.patch | 38 -- fix_werkzeug_2.x.patch | 30 +- openSUSE-trytond-setup | 324 ++++++++++++++++++ revert_werkzeug_setup.patch | 12 - tryton-server.README.openSUSE | 19 +- trytond-5.0.44.tar.gz | 3 - trytond-5.0.44.tar.gz.asc | 12 - trytond-6.0.16.tar.gz | 3 + trytond-6.0.16.tar.gz.asc | 12 + trytond.changes | 16 + trytond.conf | 274 +++++++++------ trytond.conf.example | 143 -------- trytond.spec | 52 +-- 14 files changed, 582 insertions(+), 371 deletions(-) rename Update_changed_fields.diff => Update_changed_fields_6.0.diff (84%) delete mode 100644 fix_werkzeug.patch create mode 100644 openSUSE-trytond-setup delete mode 100644 revert_werkzeug_setup.patch delete mode 100644 trytond-5.0.44.tar.gz delete mode 100644 trytond-5.0.44.tar.gz.asc create mode 100644 trytond-6.0.16.tar.gz create mode 100644 trytond-6.0.16.tar.gz.asc delete mode 100644 trytond.conf.example diff --git a/Update_changed_fields.diff b/Update_changed_fields_6.0.diff similarity index 84% rename from Update_changed_fields.diff rename to Update_changed_fields_6.0.diff index 93bd3d4..f881e01 100644 --- a/Update_changed_fields.diff +++ b/Update_changed_fields_6.0.diff @@ -8,20 +8,19 @@ index c1dde99f19ae579d3d84d0e9f75272ea857f86f1..b57f1c710aefb7579d4edd9d07baad30 +from trytond.config import config + - from . import __version__ - from .tools import grouped_slice - from .transaction import Transaction -@@ -19,6 +21,9 @@ logger = logging.getLogger(__name__) - CDATA_START = re.compile('^\s*\<\!\[cdata\[', re.IGNORECASE) - CDATA_END = re.compile('\]\]\>\s*$', re.IGNORECASE) + from trytond import __version__ + from trytond.pyson import PYSONEncoder, CONTEXT + from trytond.tools import grouped_slice +@@ -19,6 +19,8 @@ + CDATA_START = re.compile(r'^\s*\<\!\[cdata\[', re.IGNORECASE) + CDATA_END = re.compile(r'\]\]\>\s*$', re.IGNORECASE) +_update_changed_fields = config.getboolean('optional', + 'update_changed_fields', default=True) -+ class DummyTagHandler: """Dubhandler implementing empty methods. Will be used when whe -@@ -668,11 +673,18 @@ class TrytondXmlHandler(sax.handler.ContentHandler): +@@ -666,11 +671,18 @@ class TrytondXmlHandler(sax.handler.ContentHandler): # if they are not false in a boolean context (ie None, # False, {} or []) if db_field != expected_value and (db_field or expected_value): diff --git a/fix_werkzeug.patch b/fix_werkzeug.patch deleted file mode 100644 index 0632b27..0000000 --- a/fix_werkzeug.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -U 3 -dHrN -- a/trytond/wsgi.py b/trytond/wsgi.py ---- a/trytond/wsgi.py 2021-02-12 10:14:41.000000000 +0100 -+++ b/trytond/wsgi.py 2021-02-15 12:37:50.432511576 +0100 -@@ -10,13 +10,23 @@ - from werkzeug.wrappers import Response - from werkzeug.routing import Map, Rule - from werkzeug.exceptions import abort, HTTPException, InternalServerError --from werkzeug.contrib.fixers import ProxyFix -+try: -+ from werkzeug.middleware.proxy_fix import ProxyFix -+ -+ def NumProxyFix(app, num_proxies): -+ return ProxyFix(app, -+ x_for=num_proxies, x_proto=num_proxies, x_host=num_proxies, -+ x_port=num_proxies, x_prefix=num_proxies) -+except ImportError: -+ from werkzeug.contrib.fixers import ProxyFix as NumProxyFix - try: - from werkzeug.security import safe_join - except ImportError: - safe_join = posixpath.join -- --from werkzeug.wsgi import SharedDataMiddleware -+try: -+ from werkzeug.middleware.shared_data import SharedDataMiddleware -+except ImportError: -+ from werkzeug.wsgi import SharedDataMiddleware - - import wrapt - -@@ -157,6 +167,6 @@ - app.wsgi_app = SharedDataMiddlewareIndex(app.wsgi_app, static_files) - num_proxies = config.getint('web', 'num_proxies') - if num_proxies: -- app.wsgi_app = ProxyFix(app.wsgi_app, num_proxies=num_proxies) -+ app.wsgi_app = NumProxyFix(app.wsgi_app, num_proxies) - import trytond.protocols.dispatcher - import trytond.bus diff --git a/fix_werkzeug_2.x.patch b/fix_werkzeug_2.x.patch index 9acc5b7..0fc88a1 100644 --- a/fix_werkzeug_2.x.patch +++ b/fix_werkzeug_2.x.patch @@ -1,54 +1,52 @@ -diff -U 3 -dHrN -- a/trytond/protocols/wrappers.py b/trytond/protocols/wrappers.py ---- a/trytond/protocols/wrappers.py 2019-08-11 19:34:43.000000000 +0200 -+++ b/trytond/protocols/wrappers.py 2021-07-27 15:59:38.213817153 +0200 -@@ -8,7 +8,6 @@ +--- a/trytond/protocols/wrappers.py ++++ b/trytond/protocols/wrappers.py +@@ -12,7 +12,6 @@ + from http import client as HTTPStatus from werkzeug.wrappers import Request as _Request, Response - from werkzeug.utils import cached_property -from werkzeug.http import wsgi_to_bytes, bytes_to_wsgi from werkzeug.datastructures import Authorization from werkzeug.exceptions import abort, HTTPException -@@ -84,7 +83,8 @@ +@@ -113,7 +112,8 @@ def parse_authorization_header(value): if not value: return - value = wsgi_to_bytes(value) + if not isinstance(value, bytes): -+ value = value.encode('latin1') ++ value = value.encode('latin1') try: auth_type, auth_info = value.split(None, 1) auth_type = auth_type.lower() -@@ -98,9 +98,9 @@ +@@ -127,9 +127,9 @@ except Exception: return return Authorization('session', { - 'username': bytes_to_wsgi(username), -+ 'username': username.decode("latin1"), ++ 'username': username.decode("latin1"), 'userid': userid, - 'session': bytes_to_wsgi(session), -+ 'session': session.decode("latin1"), ++ 'session': session.decode("latin1"), }) -@@ -171,16 +171,17 @@ +@@ -214,16 +214,16 @@ pool = Pool() UserApplication = pool.get('res.user.application') - authorization = wsgi_to_bytes(request.headers['Authorization']) -+ authorization = request.headers['Authorization'] ++ authorization = request.headers['Authorization'] try: auth_type, auth_info = authorization.split(None, 1) auth_type = auth_type.lower() except ValueError: - abort(401) + abort(HTTPStatus.UNAUTHORIZED) - if auth_type != b'bearer': + if auth_type != 'bearer': - abort(403) + abort(HTTPStatus.FORBIDDEN) - application = UserApplication.check(bytes_to_wsgi(auth_info), name) + application = UserApplication.check(auth_info, name) -+ if not application: - abort(403) + abort(HTTPStatus.FORBIDDEN) transaction = Transaction() diff --git a/openSUSE-trytond-setup b/openSUSE-trytond-setup new file mode 100644 index 0000000..edd68fb --- /dev/null +++ b/openSUSE-trytond-setup @@ -0,0 +1,324 @@ +#!/bin/bash + +# Trytond installation script for openSUSE +# Version agnostic to Tryton (more or less) + +############################################################################## +# +# Tryto Server Installer for openSUSE +# +# Copyright (C) 2021 Axel Braun +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +############################################################################## + +#----------------------------------------------------------------------------- +# Change log +#----------------------------------------------------------------------------- +# V 0.33 20210803 Axel Initial version +#----------------------------------------------------------------------------- +# Variables declaration +#----------------------------------------------------------------------------- + +#Tryton Server installer for openSUSE version +VERSION="0.33" + +# Colors constants +NONE="$(tput sgr0)" +RED="$(tput setaf 1)" +GREEN="$(tput setaf 2)" +YELLOW="\n$(tput setaf 3)" +WHITE="\n$(tput setaf 7)" + +# Params +#ROOT_PW="root" +DB_NAME="Tryton6" +DB_ADMIN_PWD="admin" +DB_USER="tryton" +DB_CONFIG="/var/lib/pgsql/data/pg_hba.conf" +GH_START="y" + +#----------------------------------------------------------------------------- +# Functions +#----------------------------------------------------------------------------- + +message() +{ + local UTC="$(date -u +'%Y-%m-%d %H:%M:%S')" + + case $1 in + ERROR ) echo -e "\e[00;31m${UTC} [ERROR] $2\e[00m";; + WARNING ) echo -e "\e[0;33m${UTC} [WARNING] $2\e[m" ;; + INFO ) echo -e "\e[0;36m${UTC} [INFO] $2\e[m" ;; + esac +} + +help() +{ + cat << EOF + +This is Tryton Server Setup for openSUSE ${VERSION} + +usage: `basename $0` command + +Command: + + version : Show version + setup : Setup a Tryton Server + help : shows this message + +EOF + exit 0 +} + +show_version () { + case $1 in + version) message "INFO" "This is the Tryton Server setup for openSUSE V ${VERSION}"; exit 0;; + esac + +} + +bailout() { + message "INFO" "Bailing out !" + message "INFO" "Cleaning up temporary file" + rm -rf /tmp/pw + exit 1 +} + +#----------------------------------------------------------------------------- +# go-ahead: perform update +#----------------------------------------------------------------------------- + +go_ahead() { + +# login as root, start postgres + +echo "Starting database...." + +systemctl start postgresql || bailout + +echo "Database started" + +# su -postgres || bailout +#then as postgres, and change parameter + +echo "Changing postgres trust method" + +sudo -u postgres sed -i -e 's/\(\(local\|host\).*all.*all.*\)\(peer\|ident\)/\1trust/g' ${DB_CONFIG} || bailout + +echo "Postgres trust method changed" + +echo "Create database user" +#create user +sudo -u postgres psql -c "CREATE USER ${DB_USER} WITH SUPERUSER;" + +echo "Database user created" + +echo "Creating database ${DB_NAME}" +# create database +sudo -u postgres createdb ${DB_NAME} --encoding='UTF8' --owner=${DB_USER} || bailout + +echo "Database created" +#exit as postgres +#exit + +echo "Restarting database" + +systemctl restart postgresql || bailout + +# login as user tryton +#su tryton -s /bin/bash + +echo "Initializing database - this may take a while" + +echo ${DB_ADMIN_PWD} > /tmp/pw || bailout + +sudo -u tryton env TRYTONPASSFILE=/tmp/pw trytond-admin -c /etc/tryton/trytond.conf --all -d ${DB_NAME} --password || bailout + +rm /tmp/pw || bailout + + +if [ $GH_START = "y" ]; then +echo "Enabling Tryton Server at boot time" + +systemctl enable postgresql +systemctl enable trytond + +# ...and start trytond in that case +systemctl start trytond + +fi + +echo "All done" +message "WARNING" "Please review your setup before using the system in production!" + +} + +#----------------------------------------------------------------------------- +# Call user parameter +#----------------------------------------------------------------------------- + +get_root_pw() { + Y='' + read -p "Please enter root-password [$ROOT_PW] " Y + + if [ ! -e $Y ]; then + ROOT_PW=$Y + fi + message "INFO" "root-password is $ROOT_PW" +} + +get_db_name() { + Y='' + read -p "Please enter name for new database [$DB_NAME] " Y + if [ ! -e $Y ]; then + DB_NAME=$Y + fi + message "INFO" "DB-Name is $DB_NAME" +} + +get_db_admin() { + Y='' + read -p "Please enter admin-password for new database [$DB_ADMIN_PWD] " Y + if [ ! -e $Y ]; then + DB_ADMIN_PWD=$Y + fi + message "INFO" "DB Admin password is $DB_ADMIN_PWD" +} + +get_db_user() { + Y='' + read -p "Please enter database user [$DB_USER] " Y + if [ ! -e $Y ]; then + DB_USER=$Y + fi + message "INFO" "DB User is $DB_USER" +} + +get_db_file() { + Y='' + read -p "Please enter database config file [$DB_CONFIG] " Y + if [ ! -e $Y ]; then + DB_CONFIG=$Y + fi + message "INFO" "DB config path & file $DB_CONFIG" +} + +get_GH_start() { + Y='' + read -p "Shall Tryton Server start automatically? [$GH_START] " Y + if [ ! -e $Y ]; then + GH_START=$Y + fi + message "INFO" "Tryton Server start at boot $GH_START" +} + + +#----------------------------------------------------------------------------- +# verify input +#----------------------------------------------------------------------------- + +verify_input() { + echo ; + message "INFO" "DB Name is ..............$DB_NAME" + message "INFO" "DB Admin password is ....$DB_ADMIN_PWD" + message "INFO" "DB User is ..............$DB_USER" + message "INFO" "DB config path & file is $DB_CONFIG" + message "INFO" "Server start at boot.... $GH_START" + read -p "Are these values correct? [y]es/[n]o/[a]bort " VAL + +} + +#----------------------------------------------------------------------------- +# Install +#----------------------------------------------------------------------------- + +setup() { + +# check is it runs as root + wai=`whoami` + + if [ $wai != "root" ]; then + message "ERROR" " This script must run as user 'root'" + bailout + fi + + VAL="n" + message "INFO" "Starting Tryton Server setup for openSUSE V ${VERSION} ..." + message "INFO" "If the value displayed is OK, just hit to confirm" + + while [ ${VAL} != "y" ]; do + # (1) Get root password +# get_root_pw + + # (2) get Database name + get_db_name + + # (3) change login + get_db_admin + + message "WARNING" "Change the following parameter only if you know what you are doing..." + + # (4) DB user + get_db_user + + # (5) DB config file and path + get_db_file + + # (6) enable GNUHealth at start? + get_GH_start + + # (7) check if all are valid + verify_input + + # request input until all is OK: + if [ -e ${VAL} ]; then + message "ERROR" "Please enter y, n or a" + verify_input + else + + if [ ${VAL} = "y" ]; then + go_ahead + exit 0 + fi + if [ ${VAL} = "a" ]; then + exit 1 + fi + fi + done + +} + +#----------------------------------------------------------------------------- +# Parse command line +#----------------------------------------------------------------------------- + + +parse_command_line() +{ + if [ $# -eq 0 ]; then + help + fi + + case $1 in + version) show_version $@;; + update-deps) install_python_dependencies $@;; + setup) setup $@;; + help) help;; + *) echo $1: Unrecognized command; exit 1;; + esac +} + +parse_command_line "$@" diff --git a/revert_werkzeug_setup.patch b/revert_werkzeug_setup.patch deleted file mode 100644 index fc50520..0000000 --- a/revert_werkzeug_setup.patch +++ /dev/null @@ -1,12 +0,0 @@ ---- a/setup.py -+++ b/setup.py -@@ -108,7 +108,7 @@ - 'python-dateutil', - 'polib', - 'python-sql >= 0.5', -- 'werkzeug < 1.0', -+ 'werkzeug', - 'wrapt', - 'passlib >= 1.7.0', - ], - diff --git a/tryton-server.README.openSUSE b/tryton-server.README.openSUSE index 2497dd7..d8e72bb 100644 --- a/tryton-server.README.openSUSE +++ b/tryton-server.README.openSUSE @@ -1,11 +1,24 @@ tryton-server for openSUSE ========================== +Note for GNU Health 4.0 /Tryton 6.0 and above: +When installing GNU Health 4.0 or higher, note that dependency on postgresql-server is now 'Recommends'. +This helps keeping the installation lean when running Postgresql on a separate server. +If you are using --no-recommends for installation, you need to install postgresql-server additionally. +If you install with recommendations, postgresql-server is installed automatically. + How to get it running (Without reading the instructions) ======================================================== You have already installed the package trytond and found this documentation. Good. +An easy way to set-up a trton server is to use +sudo openSUSE-trytond-setup + +Just answer the questions and the script does the steps, that are detailed below, for you. + +Setup in detail: + 1) Log in as root and start the database > su > systemctl start postgresql @@ -105,8 +118,8 @@ Preparing the Tryton server * Setting up the Tryton server (trytond): - The openSUSE package comes with a working configuration example, see - /usr/share/doc/packages/trytond/trytond.conf.example + The openSUSE package comes with a working configuration, see + /etc/tryton/trytond.conf It contains all settings for a locally running database and manual database configuration. @@ -236,7 +249,7 @@ Now, you're finished with the system setup. Please be aware of the following thi * Only the same major version of Tryton client and Tryton server can connect. - -- Axel Braun MON Jun 11 10:27:14 UTC 2018 + -- Axel Braun Wed Aug 4 14:27:11 UTC 2021 This file is based on tryton-server.README.Debian diff --git a/trytond-5.0.44.tar.gz b/trytond-5.0.44.tar.gz deleted file mode 100644 index b3ef1e6..0000000 --- a/trytond-5.0.44.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:fea00a36f8d279f4d48fc458f824b4791596c91844397090f74e92f01adfad02 -size 661565 diff --git a/trytond-5.0.44.tar.gz.asc b/trytond-5.0.44.tar.gz.asc deleted file mode 100644 index b2a4667..0000000 --- a/trytond-5.0.44.tar.gz.asc +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN PGP SIGNATURE----- -Version: GnuPG v2 - -iQEzBAABCgAdFiEEdP/VdIYNMe45RAljV09u/05HdRcFAmH5aqAACgkQV09u/05H -dRe1Agf/aEs72XXkbooX4WEPZv8MwMzYXfGc/2Rp2yWMDlSLp37EqhfouYyaE2yI -Ae3uLZv+I6DTWPYSANFXakpOr0auPrVSvI12z5KcQ7A5dga9Gm3hxYCdmwaXthfp -/tUHAS6WTo1nzbI2SUnxSOFu9N8RZXiPoM7L2m2vHckP6yaFsr0oLuHbRf+Y1hPP -w8D/grArlyxCMMrxv0IQuF9TrNUtTV5p7vjFlpH5+vZT5C1QG6Dn3fAAzi1YI0jv -oZ9kZWH8QslAYg1S0ZkO+3/Pn6n89GVcLvwliIFdbRf+a7g6Tnsr6Mn9WMxv83RW -FsWim8WDhe0RDhKuEpGBE+mTo0CFjQ== -=sKp7 ------END PGP SIGNATURE----- diff --git a/trytond-6.0.16.tar.gz b/trytond-6.0.16.tar.gz new file mode 100644 index 0000000..64ea726 --- /dev/null +++ b/trytond-6.0.16.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:ce268bdedb064fddc372111105bca3398e29ba865d474a39b6c51a7f647add74 +size 852998 diff --git a/trytond-6.0.16.tar.gz.asc b/trytond-6.0.16.tar.gz.asc new file mode 100644 index 0000000..f5e0039 --- /dev/null +++ b/trytond-6.0.16.tar.gz.asc @@ -0,0 +1,12 @@ +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v2 + +iQEzBAABCgAdFiEEdP/VdIYNMe45RAljV09u/05HdRcFAmIeZEQACgkQV09u/05H +dReYnAf/RB4xHXSexCK7Fr6z5T5l1B07hM6nZJiNvexG3xlQ5Xo/KuAt//2ytJ7D +Nh+JXLC+yQpQtKcw6fHqVxTxEVXgFzKzdRbLdIZ4+jBIaDgRvbL0WcE8tG0oqHGB +v/R/17/122qFC042ILa8gi7MM6wD47Uc8bpdcLeoowHrpwEvc7rjVPeWTAlKIs4h +JcsdSp2MjEc912myZ6vDoh2UoaglaRRS3R4Z4Ik8YCEck1+kOoBaX/vlsTnnO85F +rcB6FINSSvEkia49olDgDPXpwjCD0hH2cG2tIinMj6dw69Gzhy6o3IrEveT3LfiB +Xxkye4s8sqAUdRYeBQ7UGRq4jXBMJw== +=Q4LH +-----END PGP SIGNATURE----- diff --git a/trytond.changes b/trytond.changes index 8b6d085..fe723f4 100644 --- a/trytond.changes +++ b/trytond.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Wed Mar 2 11:33:56 UTC 2022 - Axel Braun + +- Version 6.0.16 - Security Bugfix Release + * python3-defusedxml added + +------------------------------------------------------------------- +Fri Feb 18 17:13:07 UTC 2022 - Axel Braun + +- Version 6.0.15 - Bugfix Release + +------------------------------------------------------------------- +Sat Feb 12 17:19:18 UTC 2022 - Axel Braun + +- Version bump to Tryton 6.0 series + ------------------------------------------------------------------- Tue Feb 1 19:22:53 UTC 2022 - Axel Braun diff --git a/trytond.conf b/trytond.conf index 62e35cf..43737b1 100644 --- a/trytond.conf +++ b/trytond.conf @@ -3,44 +3,7 @@ # This file contains the most common settings for trytond (Defaults # are commented). # For more information read -# /usr/share/doc/packages/trytond - -[database] -# Database related settings - -# The URI to connect to the SQL database (following RFC-3986) -# uri = database://username:password@host:port/ -# (Internal default: sqlite:// (i.e. a local SQLite database)) -# -# PostgreSQL via Unix domain sockets -# (e.g. PostgreSQL database running on the same machine (localhost)) -#uri = postgresql://tryton:tryton@/ -# -# Postgres running on the same machine: - -uri = postgresql:/// - -# PostgreSQL via TCP/IP -# (e.g. connecting to a PostgreSQL database running on a remote machine or -# by means of md5 authentication. Needs PostgreSQL to be configured to accept -# those connections (pg_hba.conf).) -#uri = postgresql://tryton:tryton@localhost:5432/ - -# The path to the directory where the Tryton Server stores files. -# The server must have write permissions to this directory. -# (Internal default: /var/lib/trytond) -path = /var/lib/tryton - -# Shall available databases be listed in the client? -#list = True - -# The number of retries of the Tryton Server when there are errors -# in a request to the database -#retry = 5 - -# The primary language, that is used to store entries in translatable -# fields into the database. -#language = en +# https://docs.tryton.org/projects/server/en/latest/topics/configuration.html#topics-configuration [web] # Settings for the web interface @@ -65,9 +28,75 @@ listen = [::]:8000 # The number of proxy servers in front of trytond. #num_proxies = 0 -[webdav] -# The port on which the webdav server listens -#listen = [::]:8080 +# The cache timeout in seconds. +#cache_timeout = 12h + +# The list (one per line) of origins allowed for Cross-Origin Resource sharing. +# https://en.wikipedia.org/wiki/Cross-origin_resource_sharing +#cors = + +# The base URL without a path for avatar URL. +#avatar_base = '' + +[database] +# Database related settings + +# The URI to connect to the SQL database (following RFC-3986) +# uri = database://username:password@host:port/?param1=value1¶m2=value2 +# (Internal default: sqlite:// (i.e. a local SQLite database)) +# +# A list of parameters supported by PostgreSQL can be found in the documentation. +# https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-PARAMKEYWORDS + +# PostgreSQL via Unix domain sockets +# (e.g. PostgreSQL database running on the same machine (localhost)) +#uri = postgresql://tryton:tryton@/ +# +# Postgres running on the same machine: + +uri = postgresql:/// + +# PostgreSQL via TCP/IP +# (e.g. connecting to a PostgreSQL database running on a remote machine or +# by means of md5 authentication. Needs PostgreSQL to be configured to accept +# those connections (pg_hba.conf).) +#uri = postgresql://tryton:tryton@localhost:5432/ + +# SQLite +# The URI is defined as sqlite:// +# If the name of the database is :memory:, the parameter mode will be set to memory +# thus using a pure in-memory database. +# The recognized query parameters can be found in SQLite’s documentation. +# https://www.sqlite.org/uri.html#recognized_query_parameters + +# The path to the directory where the Tryton Server stores files. +# The server must have write permissions to this directory. +# (Internal default: /var/lib/trytond) +path = /var/lib/tryton + +# Shall available databases be listed in the client? +#list = True + +# The number of retries of the Tryton Server when there are errors +# in a request to the database +#retry = 5 + +# The primary language, that is used to store entries in translatable +# fields into the database. +#language = en + +# avatar_filestore +# This configuration value indicates whether the avatars should be stored in the +# trytond.filestore (True) or the database (False). +#avatar_filestore = False + +# avatar_prefix +# The prefix to use with the FileStore to store avatars. +# Default: None + +# default_name +# The name of the database to use for operations without a database name. +# Default: template1 for PostgreSQL, :memory: for SQLite. [request] # The maximum size in bytes for unauthenticated requests (zero means no limit). @@ -76,8 +105,40 @@ listen = [::]:8000 # The maximum size in bytes of an authenticated request (zero means no limit). #max_size_authenticated = 2GB +[cache] +# Various cache size settings + +# The number of different models kept in the cache per transaction. +#model = 200 + +# The number of loaded records kept in the cache. It can also be changed +# locally using the _record_cache_size key in Transaction.context. +#record = 2000 + +# The number of fields to load with eager Field.loading. +#field = 100 + +# The minimum number of seconds between two cleanings of the cache. +#clean_timeout = 300 + +[queue] +# Activate asynchronous processing of the tasks. Otherwise they are performed at the end of the requests. +#worker = False + +# The number of days after which processed tasks are removed. +#clean_days = 30 + +[table] +# This section allows to override the default generated table name for a ModelSQL. +# The main goal is to bypass limitation on the name length of the database backend. +# For example: +#account.invoice.line = acc_inv_line +#account.invoice.tax = acc_inv_tax + [ssl] -# SSL settings +# SSL settings +# Note: It is recommended to delegate the SSL support to a proxy. +# # Activation of SSL for all available protocols. # Uncomment the following settings for key and certificate. # SSL is activated by defining privatekey. @@ -88,14 +149,42 @@ listen = [::]:8000 # The path to the certificate #certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem +[email] +# Mail settings +# Note: Email settings can be tested with the trytond-admin command + +# The SMTP-URI to connect to the SMTP server. +# Available protocols are: +# - smtp: simple SMTP +# - smtp+tls: SMTP with STARTTLS +# - smtps: SMTP with SSL +# +# The uri accepts the following additional parameters: +# local_hostname: used as FQDN of the local host in the HELO/EHLO commands, +# if omited it will use the value of socket.getfqdn(). + +# timeout: A number of seconds used as timeout for blocking operations. +# A socket.timeout will be raised when exceeded. If omited the default timeout will be used. + +#uri = smtp://localhost:25 + +# Defines the default From address (using RFC-822) for emails sent by Tryton. +#from = "Company Inc" + [session] # Session settings -# A comma separated list of login methods to use for user authentication. -# By default, Tryton supports only the password method which compares the -# password entered by the user against a stored hash. -# Other modules may define other methods (please refer to their documentation). -# The methods are tested following the order of the list. +# A comma separated list of the authentication methods to try when attempting to verify a user’s +# identity. Each method is tried in turn, following the order of the list, until one succeeds. +# In order to allow multi-factor authentication, individual methods can be combined +# together using a plus (+) symbol. +# Example +#authentications = password+sms, ldap +# By default, Tryton only supports the password method. This method compares the +# password entered by the user against a stored hash of the user’s password. +# Other modules can define additional authentication methods, please refer to +# their documentation for more information. +#Default: #authentications = password # The time (in seconds) until a session expires. @@ -139,19 +228,6 @@ listen = [::]:8000 # If no path is set, Tryton will use the schemes `bcrypt` or `pbkdf2_sha512`. #passlib = None -[email] -# Mail settings - -# The URI to connect to the SMTP server. -# Available protocols are: -# - smtp: simple SMTP -# - smtp+tls: SMTP with STARTTLS -# - smtps: SMTP with SSL -#uri = smtp://localhost:25 - -# The From address used by the Tryton Server to send emails. -#from = tryton@localhost - [attachment] # Defines how to store the attachments # A boolean value to store attachment in the FileStore. @@ -164,6 +240,9 @@ listen = [::]:8000 # Allow clients to subscribe to bus channels (Boolean). #allow_subscribe = False +# If set, redirects bus requests to the host URL. +#url_host = + # The time (in seconds) to keep the connection to the client open # when using long polling for bus messages. #long_polling_timeout = 300 @@ -172,61 +251,31 @@ listen = [::]:8000 # before being discarded. #cache_timeout = 300 -# The timeout (in seconds) for the select call when listening -# on a channel. -#select_timeout = 5 +[html] +# The URL pointing to TinyMCE editor. +#src = https://cloud.tinymce.com/stable/tinymce.min.js -# Let the worker queue handle bus messages -#queue = False +# The space separated list of TinyMCE plugins to load. It can be overridden for +# specific models and fields using the names: plugins-- or plugins-. +#plugins = `` -# Define the class to use when queue is set to True -#class = trytond.bus.LongPollingBus +# The JSON list of CSS files to load. It can be overridden for specific models +# and fields using the names: css-- or css-. +#css = [] +# The class to add on the body. It can be overridden for specific models and +# fields using the names: class-- or class-. +#class = '' -# Special Settings -[cache] -# Various cache size settings - -# The number of different models kept in the cache per transaction. -#model = 200 - -# The number of loaded records kept in the cache. It can also be changed -# locally using the _record_cache_size key in Transaction.context. -#record = 2000 - -# The number of fields to load with eager Field.loading. -#field = 100 - -# The minimum number of seconds between two cleanings of the cache. -#clean_timeout = 300 - -[queue] -# Activate asynchronous processing of the tasks. Otherwise they are performed at the end of the requests. -#worker = False - -[table] -# This section allows to override the default generated table names. The main purpose -# is to bypass name length limitations of a database backend. -# Examples: -#account.invoice.line = acc_inv_line -#account.invoice.tax = acc_inv_tax - - -# Module settings +[wsgi middleware] +# The section lists the WSGI middleware class to load. Each middleware can be +# configured with a section named wsgi containing args and kwargs options. +#Example: +#[wsgi middleware] +#ie = werkzeug.contrib.fixers.InternetExplorerFix # -# Some modules are reading configuration parameters from this -# configuration file. These settings only apply when those modules -# are installed. -# -[account_fr_chorus] -# The private key to communicate with the chorus service. -#privatekey = - -# The certficate to communicate with the chorus service. -#certificate = - -# Target URL of the Chorus service -#url = https://chorus-pro.gouv.fr:5443 +#[wsgi ie] +#kwargs={'fix_attach': False} [ldap_authentication] # The LDAP URL to connect to the server following RFC-2255. @@ -279,3 +328,8 @@ listen = [::]:8000 # Warning: This setting can not be lowered once a database is created. #price_decimal = 4 +# only needed by GNU Health: +[webdav] +# The port on which the webdav server listens +#listen = [::]:8080 + diff --git a/trytond.conf.example b/trytond.conf.example deleted file mode 100644 index 43751b7..0000000 --- a/trytond.conf.example +++ /dev/null @@ -1,143 +0,0 @@ -# /etc/tryton/trytond.conf - Configuration file for Tryton Server (trytond) -# -# This file contains the most common settings for trytond (Defaults -# are commented). -# For more information read -# /usr/share/doc/packages/trytond - -[database] -# Database related settings - -# The URI to connect to the SQL database (following RFC-3986) -# uri = database://username:password@host:port/ -# (Internal default: sqlite:// (i.e. a local SQLite database)) -# -# PostgreSQL via Unix domain sockets -# (e.g. PostgreSQL database running on the same machine (localhost)) -#uri = postgresql://tryton:tryton@/ -# -#Default setting for a local postgres database - -uri = postgresql:/// - -# -# PostgreSQL via TCP/IP -# (e.g. connecting to a PostgreSQL database running on a remote machine or -# by means of md5 authentication. Needs PostgreSQL to be configured to accept -# those connections (pg_hba.conf).) -#uri = postgresql://tryton:tryton@localhost:5432/ - -# The path to the directory where the Tryton Server stores files. -# The server must have write permissions to this directory. -# (Internal default: /var/lib/trytond) -path = /var/lib/tryton - -# Shall available databases be listed in the client? -#list = True - -# The number of retries of the Tryton Server when there are errors -# in a request to the database -#retry = 5 - -# The primary language, that is used to store entries in translatable -# fields into the database. -#language = en_US - -[ssl] -# SSL settings -# Activation of SSL for all available protocols. -# Uncomment the following settings for key and certificate -# to enable SSL. - -# The path to the private key -#privatekey = /etc/ssl/private/ssl-cert-snakeoil.key - -# The path to the certificate -#certificate = /etc/ssl/certs/ssl-cert-snakeoil.pem - -[jsonrpc] -# Settings for the JSON-RPC network interface - -# The IP/host and port number of the interface -# (Internal default: localhost:8000) -# -# Listen on all interfaces (IPv4) - -listen = 0.0.0.0:8000 - -# -# Listen on all interfaces (IPv4 and IPv6) -#listen = [::]:8000 - -# The hostname for this interface -#hostname = - -# The root path to retrieve data for GET requests -#data = jsondata - -[xmlrpc] -# Settings for the XML-RPC network interface - -# The IP/host and port number of the interface -#listen = localhost:8069 - -[webdav] -# Settings for the WebDAV network interface - -# The IP/host and port number of the interface -#listen = localhost:8080 - -[session] -# Session settings - -# The time (in seconds) until an inactive session expires -#timeout = 3600 - -# The server administration password used by the client for -# the execution of database management tasks. It is encrypted -# using using the Unix crypt(3) routine. A password can be -# generated using the following command line (on one line): -# $ python -c 'import getpass,crypt,random,string; \ -# print crypt.crypt(getpass.getpass(), \ -# "".join(random.sample(string.ascii_letters + string.digits, 8)))' -# Example password with 'admin' -super_pwd = jkUbZGvFNeugk - -[email] -# Mail settings - -# The URI to connect to the SMTP server. -# Available protocols are: -# - smtp: simple SMTP -# - smtp+tls: SMTP with STARTTLS -# - smtps: SMTP with SSL -#uri = smtp://localhost:25 - -# The From address used by the Tryton Server to send emails. -#from = tryton@localhost - -[report] -# Report settings - -# Unoconv parameters for connection to the unoconv service. -#unoconv = pipe,name=trytond;urp;StarOffice.ComponentContext - -# Module settings -# -# Some modules are reading configuration parameters from this -# configuration file. These settings only apply when those modules -# are installed. -# -#[ldap_authentication] -# The URI to connect to the LDAP server. -#uri = ldap://host:port/dn?attributes?scope?filter?extensions -# A basic default URL could look like -#uri = ldap://localhost:389/ - -[web] -# Path for the web-frontend -#root = /usr/lib/node-modules/tryton-sao - -[webdav] -# The port on which the webdav server listens -listen = [::]:8080 diff --git a/trytond.spec b/trytond.spec index 2aa4d93..4ec46d5 100644 --- a/trytond.spec +++ b/trytond.spec @@ -1,7 +1,7 @@ # # spec file for package trytond # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2021 SUSE LLC # Copyright (c) 2015-2022 Dr. Axel Braun # # All modifications and additions to the file contributed by third parties @@ -17,10 +17,10 @@ # -%define majorver 5.0 +%define majorver 6.0 %define base_name tryton Name: trytond -Version: %{majorver}.44 +Version: %{majorver}.16 Release: 0 Summary: An Enterprise Resource Planning (ERP) system License: GPL-3.0-or-later @@ -28,48 +28,49 @@ Group: Productivity/Office/Management URL: https://www.tryton.org/ Source0: http://downloads.tryton.org/%{majorver}/%{name}-%{version}.tar.gz Source1: tryton-server.README.openSUSE -Source2: trytond.conf.example Source3: %{name}.conf Source4: %{name}_log.conf Source5: http://downloads.tryton.org/%{majorver}/%{name}-%{version}.tar.gz.asc Source6: https://keybase.io/cedrickrier/pgp_keys.asc?fingerprint=7C5A4360F6DF81ABA91FD54D6FF50AFE03489130#/%{name}.keyring +Source7: openSUSE-trytond-setup Source20: %{name}.service -Patch0: fix_werkzeug.patch -Patch1: revert_werkzeug_setup.patch -Patch2: fix_werkzeug_2.x.patch -Patch3: Update_changed_fields.diff +Patch0: fix_werkzeug_2.x.patch +Patch1: Update_changed_fields_6.0.diff BuildRequires: fdupes -BuildRequires: python-rpm-macros BuildRequires: python3-Werkzeug BuildRequires: python3-bcrypt BuildRequires: python3-lxml >= 2.0 -BuildRequires: python3-psycopg2 +BuildRequires: python3-psycopg2 >= 2.5.4 BuildRequires: python3-pydot3 -BuildRequires: python3-python-sql +BuildRequires: python3-python-sql >= 0.5 BuildRequires: python3-setuptools BuildRequires: python3-wrapt Requires: html2text Requires: libreoffice-pyuno -Requires: postgresql-server +Requires: python3-defusedxml Requires: python3-Genshi Requires: python3-Levenshtein -Requires: python3-Sphinx +Requires: python3-Pillow +Requires: python3-weasyprint Requires: python3-Werkzeug Requires: python3-bcrypt Requires: python3-dateutil +Requires: python3-gevent Requires: python3-lxml -Requires: python3-mock Requires: python3-passlib >= 1.7.0 Requires: python3-polib Requires: python3-psycopg2 >= 2.5.4 -Requires: python3-python-sql >= 0.4 +Requires: python3-python-sql >= 0.5 Requires: python3-relatorio >= 0.7.0 -Requires: python3-simpleeval +Requires: python3-pydot Requires: python3-wrapt Requires: unoconv Requires(pre): %{_sbindir}/groupadd Requires(pre): %{_sbindir}/useradd +# Database may run on a different machine, so a hard requirement is not ideal +Recommends: postgresql-server + BuildArch: noarch %{?systemd_ordering} @@ -83,17 +84,15 @@ security. %prep %setup -q cp %{SOURCE1} . -cp %{SOURCE2} . -%patch0 -p1 -%patch1 -p1 -%patch3 -p1 #Werkzeug2 is not compatible with Werkzeug 1.x, so we need a conditional patch echo 0%{?suse_version} %if 0%{?suse_version} >= 1550 -%patch2 -p1 +%patch0 -p1 %endif +%patch1 -p1 + %build %python3_build @@ -105,6 +104,9 @@ mkdir -p %{buildroot}%{_sysconfdir}/%{base_name} install -p -m 640 %{SOURCE3} %{buildroot}%{_sysconfdir}/%{base_name}/%{name}.conf install -p -m 640 %{SOURCE4} %{buildroot}%{_sysconfdir}/%{base_name}/%{name}_log.conf +mkdir -p -m 755 %{buildroot}%{_bindir} +install -p -m 755 %{S:7} %{buildroot}%{_bindir}/openSUSE-trytond-setup + mkdir -p %{buildroot}%{_unitdir} install -p -m 644 %{SOURCE20} %{buildroot}%{_unitdir}/%{name}.service @@ -129,13 +131,11 @@ getent passwd tryton > /dev/null || %{_sbindir}/useradd -r -g tryton \ %files %license LICENSE -%doc README tryton-server.README.openSUSE trytond.conf.example doc/* +%doc README.rst tryton-server.README.openSUSE doc/* %{python3_sitelib}/* %dir %{_sysconfdir}/%{base_name} -%{_bindir}/%{name} -%{_bindir}/%{name}-admin -%{_bindir}/%{name}-cron -%{_bindir}/%{name}-worker +%{_bindir}/openSUSE-trytond-setup +%{_bindir}/%{name}* %{_unitdir}/%{name}.service %attr(640,root,tryton) %config(noreplace)%{_sysconfdir}/%{base_name}/%{name}.conf %attr(640,root,tryton) %config(noreplace)%{_sysconfdir}/%{base_name}/%{name}_log.conf From cf695e79905a94515b952ce352a946918c1bad3976a96f9660f2aa90b078fe8f Mon Sep 17 00:00:00 2001 From: Axel Braun Date: Mon, 21 Mar 2022 20:44:21 +0000 Subject: [PATCH 2/2] - on special request of our facory check script, we add the patches between tryton 5 and 6: * revert_werkzeug_setup.patch is being deleted * Update_changed_fields_6.0.diff is being added * Update_changed_fields.diff is being deleted * fix_werkzeug.patch is being deleted OBS-URL: https://build.opensuse.org/package/show/Application:ERP:GNUHealth:Factory/trytond?expand=0&rev=137 --- trytond.changes | 9 +++++++++ trytond.spec | 8 ++++---- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/trytond.changes b/trytond.changes index fe723f4..65dfb94 100644 --- a/trytond.changes +++ b/trytond.changes @@ -1,3 +1,12 @@ +------------------------------------------------------------------- +Mon Mar 7 14:27:27 UTC 2022 - Axel Braun + +- on special request of our facory check script, we add the patches between tryton 5 and 6: + * revert_werkzeug_setup.patch is being deleted + * Update_changed_fields_6.0.diff is being added + * Update_changed_fields.diff is being deleted + * fix_werkzeug.patch is being deleted + ------------------------------------------------------------------- Wed Mar 2 11:33:56 UTC 2022 - Axel Braun diff --git a/trytond.spec b/trytond.spec index 4ec46d5..e507d0f 100644 --- a/trytond.spec +++ b/trytond.spec @@ -1,7 +1,7 @@ # # spec file for package trytond # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2022 SUSE LLC # Copyright (c) 2015-2022 Dr. Axel Braun # # All modifications and additions to the file contributed by third parties @@ -48,22 +48,22 @@ BuildRequires: python3-wrapt Requires: html2text Requires: libreoffice-pyuno -Requires: python3-defusedxml Requires: python3-Genshi Requires: python3-Levenshtein Requires: python3-Pillow -Requires: python3-weasyprint Requires: python3-Werkzeug Requires: python3-bcrypt Requires: python3-dateutil +Requires: python3-defusedxml Requires: python3-gevent Requires: python3-lxml Requires: python3-passlib >= 1.7.0 Requires: python3-polib Requires: python3-psycopg2 >= 2.5.4 +Requires: python3-pydot Requires: python3-python-sql >= 0.5 Requires: python3-relatorio >= 0.7.0 -Requires: python3-pydot +Requires: python3-weasyprint Requires: python3-wrapt Requires: unoconv Requires(pre): %{_sbindir}/groupadd