diff --git a/MANIFEST.in b/MANIFEST.in index 1e77ddd..0bfd32c 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,12 +1,12 @@ -recursive-include debian changelog compat control copyright pycompat rules -recursive-include debian *.dirs *.install *.init *.docs *.manpages -recursive-include debian *.apache2 *.conf *.preinst +recursive-include debian changelog compat control copyright rules +recursive-include debian *.apache2 *.conf *.docs *.install *.init +recursive-include debian *.lintian-overrides *.manpages *.preinst recursive-include debian/source format -recursive-include doc/man *.[1-9] +recursive-include doc/man *.1 recursive-include radius * recursive-include test *.py multitest -recursive-include tls .placeholder README *.crt *.key *.pem +recursive-include tls README *.crt *.key *.pem recursive-include web * prune debian/tmp prune debian/mediaproxy-* -include INSTALL LICENSE MANIFEST.in TODO build_inplace config.ini.sample +include INSTALL LICENSE MANIFEST.in TODO build_inplace diff --git a/debian/compat b/debian/compat index ec63514..b4de394 100644 --- a/debian/compat +++ b/debian/compat @@ -1 +1 @@ -9 +11 diff --git a/debian/control b/debian/control index 3e5d13a..bdd489d 100644 --- a/debian/control +++ b/debian/control @@ -1,122 +1,105 @@ Source: mediaproxy Section: net Priority: optional Maintainer: Dan Pascu -Uploaders: Adrian Georgescu -Build-Depends: debhelper (>= 9), dh-apache2, dh-python, python-all-dev (>= 2.7), python-all-dbg (>= 2.7), libnetfilter-conntrack-dev (>= 0.0.89), iptables-dev (>=1.4.3) +Uploaders: Tijmen de Mes +Build-Depends: debhelper (>= 11), dh-apache2, dh-python, python-all-dev, python-all-dbg, libnetfilter-conntrack-dev, iptables-dev Standards-Version: 3.9.8 Package: mediaproxy-common Architecture: any -Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends}, iptables (>= 1.4.3 ), python-application (>= 1.2.8), python-cjson, python-gnutls (>= 3.0.0), python-twisted-core (>= 2.5.0), python-twisted-names, python-zope.interface -Recommends: python-pyrad (>= 1.1), python-sqlobject +Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends}, + iptables, + python-application (>= 2.8.0), + python-cjson, + python-gnutls (>= 3.0.0), + python-pyrad, + python-sqlobject, + python-twisted-core, + python-twisted-names, + python-zope.interface Description: MediaProxy common files MediaProxy is a distributed far end NAT traversal solution for media streams of SIP calls. MediaProxy has a dispatcher running on the same host as the OpenSIPS SIP proxy and multiple media relays distributed over the network. The media relays work by manipulating conntrack rules in the Linux kernel to create paths that forward the media streams between the 2 SIP user agents participating in the call. Because it avoids copying stream data between kernel and user space like other implementations, MediaProxy can handle many more media streams at a time, being limited only by the network interface bandwidth and the Linux kernel network layer processing speed. . MediaProxy features secure encrypted communication between the dispatcher and the relays, advanced accounting capabilities using multiple backends, support for any combination of audio and video streams, realtime statistics, T.38 fax support as well as automatic load balancing and redundancy among the active relays. . This package includes files common to all MediaProxy packages. -Package: mediaproxy-common-dbg -Architecture: any -Priority: extra -Section: debug -Depends: ${shlibs:Depends}, ${misc:Depends}, mediaproxy-common (= ${binary:Version}) -Recommends: python-all-dbg -Description: MediaProxy common files (debug version) - MediaProxy is a distributed far end NAT traversal solution for media streams - of SIP calls. MediaProxy has a dispatcher running on the same host as the - OpenSIPS SIP proxy and multiple media relays distributed over the network. - The media relays work by manipulating conntrack rules in the Linux kernel to - create paths that forward the media streams between the 2 SIP user agents - participating in the call. Because it avoids copying stream data between - kernel and user space like other implementations, MediaProxy can handle many - more media streams at a time, being limited only by the network interface - bandwidth and the Linux kernel network layer processing speed. - . - MediaProxy features secure encrypted communication between the dispatcher - and the relays, advanced accounting capabilities using multiple backends, - support for any combination of audio and video streams, realtime statistics, - T.38 fax support as well as automatic load balancing and redundancy among - the active relays. - . - This package includes files common to all MediaProxy packages. - Package: mediaproxy-dispatcher Architecture: all Depends: ${python:Depends}, ${misc:Depends}, mediaproxy-common (>= ${source:Version}), lsb-base Description: MediaProxy dispatcher for OpenSIPS MediaProxy is a distributed far end NAT traversal solution for media streams of SIP calls. MediaProxy has a dispatcher running on the same host as the OpenSIPS SIP proxy and multiple media relays distributed over the network. The media relays work by manipulating conntrack rules in the Linux kernel to create paths that forward the media streams between the 2 SIP user agents participating in the call. Because it avoids copying stream data between kernel and user space like other implementations, MediaProxy can handle many more media streams at a time, being limited only by the network interface bandwidth and the Linux kernel network layer processing speed. . MediaProxy features secure encrypted communication between the dispatcher and the relays, advanced accounting capabilities using multiple backends, support for any combination of audio and video streams, realtime statistics, T.38 fax support as well as automatic load balancing and redundancy among the active relays. . This package provides the MediaProxy dispatcher. Package: mediaproxy-relay Architecture: all Depends: ${python:Depends}, ${misc:Depends}, mediaproxy-common (>= ${source:Version}), lsb-base Description: MediaProxy relay for OpenSIPS MediaProxy is a distributed far end NAT traversal solution for media streams of SIP calls. MediaProxy has a dispatcher running on the same host as the OpenSIPS SIP proxy and multiple media relays distributed over the network. The media relays work by manipulating conntrack rules in the Linux kernel to create paths that forward the media streams between the 2 SIP user agents participating in the call. Because it avoids copying stream data between kernel and user space like other implementations, MediaProxy can handle many more media streams at a time, being limited only by the network interface bandwidth and the Linux kernel network layer processing speed. . MediaProxy features secure encrypted communication between the dispatcher and the relays, advanced accounting capabilities using multiple backends, support for any combination of audio and video streams, realtime statistics, T.38 fax support as well as automatic load balancing and redundancy among the active relays. . This package provides the MediaProxy relay. Package: mediaproxy-web-sessions Architecture: all -Depends: ${misc:Depends}, libapache2-mod-php | libapache2-mod-php5 +Depends: ${misc:Depends}, libapache2-mod-php Description: MediaProxy sessions web view MediaProxy is a distributed far end NAT traversal solution for media streams of SIP calls. MediaProxy has a dispatcher running on the same host as the OpenSIPS SIP proxy and multiple media relays distributed over the network. The media relays work by manipulating conntrack rules in the Linux kernel to create paths that forward the media streams between the 2 SIP user agents participating in the call. Because it avoids copying stream data between kernel and user space like other implementations, MediaProxy can handle many more media streams at a time, being limited only by the network interface bandwidth and the Linux kernel network layer processing speed. . MediaProxy features secure encrypted communication between the dispatcher and the relays, advanced accounting capabilities using multiple backends, support for any combination of audio and video streams, realtime statistics, T.38 fax support as well as automatic load balancing and redundancy among the active relays. . This package provides a simple web page to display active media sessions. diff --git a/debian/mediaproxy-common.dirs b/debian/mediaproxy-common.dirs deleted file mode 100644 index 68c4cf7..0000000 --- a/debian/mediaproxy-common.dirs +++ /dev/null @@ -1,3 +0,0 @@ -etc/mediaproxy/radius -etc/mediaproxy/tls -usr/share/doc/mediaproxy-common/tls diff --git a/debian/mediaproxy-common.docs b/debian/mediaproxy-common.docs index 724e084..e845566 100644 --- a/debian/mediaproxy-common.docs +++ b/debian/mediaproxy-common.docs @@ -1,2 +1 @@ README -TODO diff --git a/debian/mediaproxy-common.install b/debian/mediaproxy-common.install index e81f5f8..9d106bc 100644 --- a/debian/mediaproxy-common.install +++ b/debian/mediaproxy-common.install @@ -1,4 +1,3 @@ +etc usr/lib -radius/dictionary etc/mediaproxy/radius -tls/.placeholder etc/mediaproxy/tls -tls/* usr/share/doc/mediaproxy-common/tls +tls usr/share/doc/mediaproxy-common diff --git a/debian/mediaproxy-common.lintian-overrides b/debian/mediaproxy-common.lintian-overrides new file mode 100644 index 0000000..9b7e8d6 --- /dev/null +++ b/debian/mediaproxy-common.lintian-overrides @@ -0,0 +1,2 @@ +# This file may contain passwords. +mediaproxy-common: non-standard-file-perm etc/mediaproxy/config.ini 0600 != 0644 diff --git a/debian/mediaproxy-dispatcher.dirs b/debian/mediaproxy-dispatcher.dirs deleted file mode 100644 index e772481..0000000 --- a/debian/mediaproxy-dispatcher.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/bin diff --git a/debian/mediaproxy-dispatcher.docs b/debian/mediaproxy-dispatcher.docs index 724e084..e845566 100644 --- a/debian/mediaproxy-dispatcher.docs +++ b/debian/mediaproxy-dispatcher.docs @@ -1,2 +1 @@ README -TODO diff --git a/debian/mediaproxy-relay.dirs b/debian/mediaproxy-relay.dirs deleted file mode 100644 index e772481..0000000 --- a/debian/mediaproxy-relay.dirs +++ /dev/null @@ -1 +0,0 @@ -usr/bin diff --git a/debian/mediaproxy-relay.docs b/debian/mediaproxy-relay.docs index 724e084..e845566 100644 --- a/debian/mediaproxy-relay.docs +++ b/debian/mediaproxy-relay.docs @@ -1,2 +1 @@ README -TODO diff --git a/debian/mediaproxy-web-sessions.dirs b/debian/mediaproxy-web-sessions.dirs deleted file mode 100644 index 8e08494..0000000 --- a/debian/mediaproxy-web-sessions.dirs +++ /dev/null @@ -1,2 +0,0 @@ -etc/mediaproxy/web -usr/share/mediaproxy diff --git a/debian/pycompat b/debian/pycompat deleted file mode 100644 index 0cfbf08..0000000 --- a/debian/pycompat +++ /dev/null @@ -1 +0,0 @@ -2 diff --git a/debian/pyversions b/debian/pyversions deleted file mode 100644 index 3ad2293..0000000 --- a/debian/pyversions +++ /dev/null @@ -1 +0,0 @@ -2.7- diff --git a/debian/rules b/debian/rules index 084971e..70e2f8f 100644 --- a/debian/rules +++ b/debian/rules @@ -1,32 +1,23 @@ #!/usr/bin/make -f #export DH_VERBOSE=1 %: - dh $@ --with python2,apache2 + dh $@ --with python2,apache2 --buildsystem=pybuild override_dh_clean: dh_clean rm -rf build dist MANIFEST +override_dh_auto_install: + dh_auto_install + mv debian/tmp/etc/mediaproxy/config.ini.sample debian/tmp/etc/mediaproxy/config.ini + override_dh_install: - # common - install -m 644 config.ini.sample debian/mediaproxy-common/etc/mediaproxy/config.ini - # dispatcher - install -D -m 755 media-dispatcher debian/tmp/usr/bin/media-dispatcher - sed --in-place 's,/usr/bin/env python,/usr/bin/python,' debian/tmp/usr/bin/media-dispatcher - # relay - install -D -m 755 media-relay debian/tmp/usr/bin/media-relay - sed --in-place 's,/usr/bin/env python,/usr/bin/python,' debian/tmp/usr/bin/media-relay - # web sessions + dh_install install -D -m 644 web/config/media_sessions.conf.sample debian/mediaproxy-web-sessions/etc/mediaproxy/web/media_sessions.conf - # install the debug extensions to -dbg package - dh_install "debian/tmp/usr/lib/python*/*-packages/mediaproxy/interfaces/system/*_d.so" -p mediaproxy-common-dbg - # Continue with regular dh_install - dh_install -X"*_d.so" -override_dh_strip: - # Stripped symbols go into -dbg package - dh_strip --dbg-package=mediaproxy-common-dbg +override_dh_fixperms: + dh_fixperms + chmod 600 debian/mediaproxy-common/etc/mediaproxy/config.ini -.PHONY: override_dh_clean override_dh_install override_dh_strip diff --git a/setup.py b/setup.py index 09048e2..e448388 100644 --- a/setup.py +++ b/setup.py @@ -1,53 +1,54 @@ #!/usr/bin/python import re import sys import mediaproxy from distutils.core import setup, Extension # Get the title and description from README readme = open('README').read() title, description = re.findall(r'^\s*([^\n]+)\s+(.*)$', readme, re.DOTALL)[0] # media-relay is not supported on non-linux platforms # if sys.platform == 'linux2': scripts = ['media-relay', 'media-dispatcher'] ext_modules = [Extension(name='mediaproxy.interfaces.system._conntrack', sources=['mediaproxy/interfaces/system/_conntrack.c'], libraries=['netfilter_conntrack', 'ip4tc'], define_macros=[('MODULE_VERSION', mediaproxy.__version__)])] else: print('WARNING: skipping the media relay component as this is a non-linux platform') scripts = ['media-dispatcher'] ext_modules = [] setup( name='mediaproxy', version=mediaproxy.__version__, description=title, long_description=description, url='http://www.ag-projects.com/MediaProxy.html', author='AG Projects', author_email='support@ag-projects.com', license='GPLv2', platforms=['Linux'], classifiers=[ 'Development Status :: 5 - Production/Stable', 'Intended Audience :: Service Providers', 'License :: GNU General Public License (GPLv2)', 'Operating System :: POSIX :: Linux', 'Programming Language :: Python', 'Programming Language :: C' ], packages=['mediaproxy', 'mediaproxy.configuration', 'mediaproxy.interfaces', 'mediaproxy.interfaces.accounting', 'mediaproxy.interfaces.system'], + data_files=[('/etc/mediaproxy', ['config.ini.sample']), ('/etc/mediaproxy/radius', ['radius/dictionary']), ('/etc/mediaproxy/tls', ['tls/README'])], scripts=scripts, ext_modules=ext_modules ) diff --git a/tls/.placeholder b/tls/.placeholder deleted file mode 100644 index 76cb8d0..0000000 --- a/tls/.placeholder +++ /dev/null @@ -1,2 +0,0 @@ -# DO NOT EDIT OR REMOVE -# This file is a simple placeholder to keep dpkg from removing this directory diff --git a/tls/README b/tls/README index 756cb04..e647980 100644 --- a/tls/README +++ b/tls/README @@ -1,42 +1,58 @@ -The certificates in this directory are provided only as samples to make it -easy for someone to try out MediaProxy for testing/evaluation purposes or to -have an example of what the certificates need to contain. +Certificates used by the mediaproxy components: + +ca.pem - Certificate authority +crl.pem - Certificate revocation list +dispatcher.crt - Media dispatcher certificate +dispatcher.key - Media dispatcher private key +relay.crt - Media relay certificate +relay.key - Media relay private key + + +IMPORTANT NOTE: + +The certificates that come with mediaproxy are provided as samples, which are +only meant to be used for testing/evaluation purposes or to serve as examples +for what the certificates need to contain. Do _NOT_ use them in a production environment, as anyone who has downloaded mediaproxy will be able to connect to your servers using them. +The included certificates can either be found in the source tree in the tls +subdirectory or in /usr/share/doc/mediaproxy-common/tls (on a Debian/Ubuntu +system; on other Linux distributions the path might be different). + To generate your own certificates, we recommend you use tinyca available at https://opsec.eu/src/tinyca/ or directly available as a Debian package. Using tinyca, you should first generate a certificate authority. Next you should go to the Preferences menu and edit the OpenSSL configuration. There in the "Server Certificate Settings" change "Netscape Certificate Type" to "SSL Server, SSL Client" and press OK. Next go to the Certificates tab and then press the New button on the toolbar. Choose "Create Key and Certificate (Server)" to generate the certificate and private key for the MediaProxy dispatcher. Repeat the same to generate the certificate and private key for the MediaProxy relay. Next export your dispatcher certificate in PEM format to dispatcher.crt (do not include the private key in it), and the dispatcher private key in PEM format to dispatcher.key (also do not include the certificate with it and select to save it without a passphrase). Repeat the same for the relay, but this time name the file relay.crt and relay.key. You also need to export the certificate authority in PEM format to ca.pem as well as the CRL list into crl.pem. Then you can use all the exported certificates and private keys by placing them in /etc/mediaproxy/tls/ (or /path-to-mediaproxy/tls for a stand alone installation). Additionally you can configure passport entries for the dispatcher and the relay in config.ini to perform extra checks on the certificates (like for example checking the subject organization or the common name) to take advantage of improved security. The CA, CRL, certificates and private keys must be named like below (names are not configurable, only the path where they reside can be configured): ca.pem, crl.pem, dispatcher.crt, dispatcher.key, relay.crt, relay.key The names are self explanatory.