Skip to content
Snippets Groups Projects
Commit e34b87db authored by Julian's avatar Julian
Browse files

Add Debian repo signing key and install instructions

parent ff54b4a6
No related branches found
No related tags found
No related merge requests found
...@@ -19,7 +19,7 @@ Please note that we refer to Debian packages here and **not** pip packages. ...@@ -19,7 +19,7 @@ Please note that we refer to Debian packages here and **not** pip packages.
- python3-oauthlib - python3-oauthlib
- python3-flask-babel - python3-flask-babel
Some of the dependencies (especially fido2 and flask-oauthlib) changed their API in recent versions, so make sure to install the versions from Debian Buster. Some of the dependencies (especially fido2) changed their API in recent versions, so make sure to install the versions from Debian Buster or Bullseye.
For development, you can also use virtualenv with the supplied `requirements.txt`. For development, you can also use virtualenv with the supplied `requirements.txt`.
## Development ## Development
...@@ -41,12 +41,23 @@ Please note that the mocked LDAP functionality is very limited and many uffd fea ...@@ -41,12 +41,23 @@ Please note that the mocked LDAP functionality is very limited and many uffd fea
## Deployment ## Deployment
You should absolutely never use `pip install uffd` for production deployments. Do not use `pip install uffd` for production deployments!
The dependencies of the pip package roughly represent the versions shipped by Debian stable. The dependencies of the pip package roughly represent the versions shipped by Debian stable.
We do not keep them updated and we do not test the pip package! We do not keep them updated and we do not test the pip package!
The pip package only exists for local testing/development and to help build the Debian package. The pip package only exists for local testing/development and to help build the Debian package.
To deploy to production, use our Debian package. You will get security updates for all dependencies from Debian. We provide packages for Debian stable and oldstable (currently Bullseye and Buster).
Since all dependencies are available in the official package mirrors, you will get security updates for everything but uffd itself from Debian.
To install uffd on Debian Bullseye, add our package mirror to `/etc/sources.list`:
```
deb https://packages.cccv.de/uffd bullseye main
```
Then download [cccv-archive-key.gpg](cccv-archive-key.gpg) and add it to the trusted repository keys in `/etc/apt/trusted.gpg.d/`.
Afterwards run `apt update && apt install uffd` to install the package.
The Debian package uses uwsgi to run uffd and ships an `uffd-admin` to execute flask commands in the correct context. The Debian package uses uwsgi to run uffd and ships an `uffd-admin` to execute flask commands in the correct context.
If you upgrade, make sure to run `flask db upgrade` after every update! The Debian package takes care of this by itself using uwsgi pre start hooks. If you upgrade, make sure to run `flask db upgrade` after every update! The Debian package takes care of this by itself using uwsgi pre start hooks.
For an example uwsgi config, see our [uswgi.ini](uwsgi.ini). You might find our [nginx include file](nginx.include.conf) helpful to setup a web server in front of uwsgi. For an example uwsgi config, see our [uswgi.ini](uwsgi.ini). You might find our [nginx include file](nginx.include.conf) helpful to setup a web server in front of uwsgi.
......
File added
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment