[Freeipa-devel] Web UI refactoring effort ready for review
Alexander Bokovoy
abokovoy at redhat.com
Wed Apr 24 16:03:18 UTC 2013
On Wed, 24 Apr 2013, Petr Vobornik wrote:
>I've implemented the remaining work. Pushed to the private repo.
>
>>Know problems & remaining work
>>------------------------------
>>1. Change generation of plugin index to dynamical instead of rpm-post
>
>The plugin index (plugins.js) is generated by wsgi script. New dir
>was created: /usr/share/ipa/wsgi to store the script. It has the same
>attributes as migration dir.
>Plugins.js should be located in /usr/share/ipa/ui/js/freeipa/ dir.
>New rewrite rule was added in order to make it work. It has a nice
>side effect that one could not find out that the file is dynamically
>generated.
1. We should not elevate privileges to wsgi script. Instead, one could
do plugin list regeneration by running pre-start script in ipa systemd
unit. Alternatively, we can add ipa-js-plugins.service unit that is run
one-off and is required by ipa.service.
2. /usr/share/ipa/wsgi is wrong. In long term Fedora is moving to make
/usr/share read-only.
I'd rather moved it to /var/cache/ipa/wsgi. wsgi process already knows
how to reach to /var/cache/ipa/sessions so we are good from SELinux
perspective as well.
--
/ Alexander Bokovoy
More information about the Freeipa-devel
mailing list