the owner of all installed files is a non-root user. This change
affects most packages that require special users or groups by making
them use the specified unprivileged user and group instead.
(1) Add two new variables PKG_GROUPS_VARS and PKG_USERS_VARS to
unprivileged.mk. These two variables are lists of other bmake
variables that define package-specific users and groups. Packages
that have user-settable variables for users and groups, e.g. apache
and APACHE_{USER,GROUP}, courier-mta and COURIER_{USER,GROUP},
etc., should list these variables in PKG_USERS_VARS and PKG_GROUPS_VARS
so that unprivileged.mk can know to set them to ${UNPRIVILEGED_USER}
and ${UNPRIVILEGED_GROUP}.
(2) Modify packages to use PKG_GROUPS_VARS and PKG_USERS_VARS.
Closes PR 32465.
Most Important Changes Since 3.1
* The ZServer has been replaced with the Twisted server. The Twisted
server supports all that the ZServer supporting has well
has HTTP over SSL natively and SFTP (disabled for now because of
error handling problems). Also in the future it brings a
better chance of other non-HTTP related protocols from being
implemented for Zope3, like SMTP-in and IMAP.
ZServer is still supported and will be used if you use the --zserver
when you run mkzopeinstance.
* Added a test browser. The test browser simulates a real Web browser
as much as possible as a Python object. This allows us to
write functional tests the same way the site would be
experienced by the user. This greatly simplifies functional tests,
makes documentation better and even helps analyzing usability. And
of course, it can be used in functional doctests.
* Changed the way returning large results is handled. The
response.write method is no longer supported. Applications can now
simply return files to the publisher.
* Implemented the password managers proposal. Main idea
beside the proposal is a standard way to implement password
encoders/checkers, see
zope.app.authentication.interfaces.IPasswordManager for
details.
+ Added basic password managers: Plain Text, MD5, SHA1.
+ Support for password managers added for ZCML principals
and principals saved in local PrincipalFolers.
+ Added bin/zpasswd command line script which helps to create ZCML
principals.
+ Password managers support integrated into bin/mkzopeinstance.
+ New database generation created for convert local principals to
new format.
* Implemented the language namespace proposal. Now you can
override the browser preferred language through the URL,
like this:
http://site.org/++lang++ru/path
Note: If you want to use a custom IUserPreferredLanguages
adapter and the ++lang++ feature together you should use
zope.app.publisher.browser.CacheableBrowserLanguages adapter as a
base class or at least as example.
* Implemented a new object introspector. Instead of just
providing information of the object's class, the new
introspector focuses on providing information that is specific to
the instance, such as directly provided interfaces and data, for
example attribute values and annotation values.
* Implemented the `devmode` switch for `zope.conf`. When turned on a
ZCML feature called `devmode` is provided. Packages can then
register functionality based on this feature. In Zope 3
itself, the devmode is used to only load the API doc is
devmode; turning off the devmode thus closes a potential
security hole and increases the start time by more than a
second.
* addMenuItem directive supports a `layer` attribute.
* Added a re-implementation of i18n message IDs (now simply
called ``Message``) that is immutable and thus can be treated like
unicode strings with respect to security proxying. This
implementation will replace the old one in upcoming versions.
* Added "test" message catalog for testing i18n. If you specify
++lang++test in a URL, then all translated strings will be
translated to [[domain][message_id], as in "[[zope][Preview]]". Text
without the domain marker isn't translated.
For a complete list of changes see the CHANGES.txt file.