The Doctor's to-do list: Difference between revisions

Stuff will be stricken out as I finish it. If anyone wants to jump in and help me with this, by all means do so, just put your initials at the end so I know who did what.

In no particular order, this is the stuff I want to accomplish over Labor Day weekend:

• Figure out a good build configuration for nginx
  • tentative: ./configure --prefix=/usr --conf-path=/etc/nginx --pid-path=/var/run --user=www --group=www --with-http_ssl_module --http-fastcgi-temp-path=/tmp/fastcgi_temp --with-cpu-opt=pentium --without-http_empty_gif_module, --with-http_stub_status_module
• Test that particular build of nginx against a couple of PHP apps.
• Modify the existing nginx .Slackbuild script with the configuration I work out.
• Build nginx packages and check them into SVN.
• Figure out a good PHP build configuration that
  • for optimal FastCGI compatibility, needs to be >= v5.3.3. We've got this covered with the .Slackbuild for Slackware v13.37.
  • runs under FastCGI
  • includes SQLite
  • includes MySQL
• Test that particular build of PHP against a couple of apps.
• Write a .Slackbuild script for PHP with the configuration I work out.
• Build PHP packages and check them into SVN.
  • Use the Slackware v.13.37 .Slackbuild script as a base
  • ./configure options:
    • EXTENSION_DIR=/usr/lib${LIBDIRSUFFIX}/php/extensions
    • CFLAGS="$SLKCFLAGS"
    • --prefix=/usr --libdir=/usr/lib${LIBDIRSUFFIX} --with-libdir=lib${LIBDIRSUFFIX} --sysconfdir=/etc --disable-safe-mode --disable-magic-quotes --enable-zend-multibyte --enable-mbregex --enable-tokenizer=shared --with-config-file-scan-dir=/etc/php --with-config-file-path=/etc/httpd --enable-mod_charset --with-layout=PHP --enable-sigchild --enable-xml --with-libxml-dir=/usr --enable-simplexml --enable-filter --disable-debug --with-openssl=shared --with-pcre-regex=/usr --with-zlib=shared,/usr --enable-bcmath=shared --with-bz2=shared,/usr --enable-calendar=shared --enable-ctype=shared --with-curl=shared --with-curlwrappers --with-mcrypt=/usr --enable-dba=shared --with-gdbm=/usr --with-db4=/usr --enable-exif=shared --enable-ftp=shared --with-gd=shared --with-jpeg-dir=/usr --with-png-dir=/usr --with-zlib-dir=/usr --with-xpm-dir=/usr --with-freetype-dir=/usr --with-t1lib=/usr --enable-gd-native-ttf --enable-gd-jis-conv --with-gettext=shared,/usr --with-gmp=shared,/usr --with-iconv=shared --with-imap-ssl=/usr --with-imap=$IMAPLIBDIR --with-ldap=shared --enable-mbstring=shared --enable-hash --with-mysql=shared,mysqlnd --with-mysqli=shared,mysqlnd --with-mysql-sock=/var/run/mysql/mysql.sock --enable-pdo=shared --with-pdo-mysql=shared,mysqlnd --with-pdo-sqlite=shared,/usr --with-pspell=shared,/usr --with-enchant=shared,/usr --with-mm=/usr --enable-shmop=shared --with-snmp=shared,/usr --enable-soap=shared --enable-sockets --with-sqlite=shared --with-sqlite3=shared --enable-sqlite-utf8 --with-regex=php --enable-sysvmsg --enable-sysvsem --enable-sysvshm --enable-wddx=shared --with-xsl=shared,/usr --enable-zip=shared --with-tsrm-pthreads --enable-shared=yes --enable-static=no --with-gnu-ld --with-pic --build=$ARCH-slackware-linux
    • replace the "Make the Apache2 module version of PHP" code with "make the nginx module version of PHP" code
  • Need to remove IMAP support.
  • Need to rewrite the destination for the module because we're building against nginx and not Apache. The .Slackbuild is going to require serious modifications.
  • Need to configure so that it's
    • optimized for small-ish systems
    • hardened!
• Set up an account on the Porteus forums and post the link to our SVN repo.
• Develop a configuration for nginx that
  • is lightweight
  • somewhat optimized
  • modular, so that each app has its own included config file
  • hardened
• Write a web app for the control panel that
  • Can start and stop nginx on demand
  • store its configuration in a database
  • move sub-config files for nginx that represent PHP apps into and out of the /etc/nginx/conf.d directory
  • force nginx to reload its config files every time an app is (de-)configured
• Get OpenSSL working in nginx
• Write an initscript that
  • checks for the presence of a node's SSL cert
  • terminates if one is found
  • generates one using the IPv6 address of the node as its hostname if one isn't found
• Set Porteus up to set its hostname to the IPv6 address of the node.
• Write a PHP app that
  • displays a "Hello, User!" message
  • displays links to apps hosted on the node which happen to be active
  • removes links to apps hosted on the node that are deactivated
    • I don't know PHP... can we find someone who does?
    • Would have to reference the SQLite database which keeps track of the active and inactive web apps and modifies the output accordingly
  • has to be mobile-friendly
• Install crypto.cat on my development instance
  • requires PHP
  • will need its UI tweaked to be more mobile-friendly
  • Create a crypto.cat Porteus package and check it into SVN
• Install etherpad-lite on my development instance
  • requires node.js, for which there exists a Slackpack
    • build a Slackpack of node.js, convert into Porteus package, check everything into SVN
  • write an initscript that can start up crypto.cat when called but not at boot
  • will have to be controlled by the control panel, store its configuration in a database
  • write a sub-config file for nginx that passes through the /pad URL to localhost:9001
  • requires NPM
    • that will need to be packaged and checked in separately, I think.
    • run it in verbose mode to keep an eye on it
    • if it installs more stuff, we should bundle the whole mess into the NPM Porteus package
  • really should run as an unprivileged user
  • really should listen on the loopback interface only
  • pay attention to the reverse-proxy howto for nginx!
  • have to start it by hand a few times to figure out how to automate and package it
• install status.neet on my development instance
  • requires PHP, MySQL
  • nginx must have URL rewriting available
  • PHP must have support for Curl, XMLwriter, MySQL, GD, mbstring, gettext (all required for status.net), SQLite (to read configuration databases)
  • nginx installation instructions!
  • will need to pre-configure it for security and usability
  • need to make the mobile skin the default and erase the others to free up disk space
  • will need to write a sub-config file for nginx
  • configure for longer messages - 560 characters? 700 characters
  • configure to make it easy to set up accounts on a node - no e-mail verification
  • enable image upload and display
• Write a dependency manager for apps
  • some web apps require MySQL, some don't
  • only start MySQL if it's not running already for the ones that don't
• Write a web app that (de-)configures gateway mode for babeld. I think it's a matter of pushing a route to 0.0.0.0 or not, have to read up on it.
• Convert the Slackware MySQL package into a Porteus package.
  • We do not want the embedded build!
  • ./configure options the .Slackbuild script uses to compile
    • --prefix=/usr --libdir=/usr/lib${LIBDIRSUFFIX} --with-mysqld-user=mysql --with-unix-socket-path=/var/run/mysql/mysql.sock --localstatedir=/var/lib/mysql --mandir=/usr/man --infodir=/usr/info --enable-assembler --without-debug --enable-thread-safe-client --with-extra-charsets=complex --with-ssl=/usr --enable-largefile --with-innodb --with-readline --build=$ARCH-slackware-linux
  • Looks good to me. We can just convert the Slackware v13.37 package into a Porteus package.
  • Need to pre-configure MySQL for small-ish systems
  • Need to pre-harden MySQL
  • Change the default password to something else.
  • Need to pre-create accounts, databases for all web apps and give them strong passwords. They need to be ready to go when they're started up.