Tille, Andreas wrote:
Hello,
as a Debian maintainer I wonder if there is any clean method to import zexp products by a script (not using the import method from a browser). The idea is that installing Python products is simple by copying the python code to the right place and restart zope. Works fine in the Debian postinst script. But what to do with zexp products. I tried a very dirty hack like
ZOPEUSER="<place the name of Zope administrator here>" PASSWD="<and his password>" ## For sure this is insecure. ## You should find a secure way using debconf to maintain this!!!!
IMPORT=<product-name>.zexp
LC_ALL=en_EN
HOST=localhost PORT=9673
wget --proxy=off --http-user=${ZOPEUSER} --http-pass=${PASSWD} \ http://${HOST}:${PORT}/Control_Panel/Products/${prod}/manage_importObject?file=${IMPORT}
but I think I really do not have to tell you that this can not be the recommended way to go.
Dumb question, why not? What (linux-) priviledge level does one need to install a new package? If you think that installing filesystem products the way you described is secure, then I don't see why using this shellscript isn't, provided it is only readable by the right user(s). If you are able to install products, you can vaporize zope's security anyway AFAIK, so I don't see why this should be more insecure. cheers, oliver