From 520c56c490e94c6a9b66b8e2c5cf4320e88d19cc Mon Sep 17 00:00:00 2001
From: "N. Harrison Ripps" <hripps@redhat.com>
Date: Mon, 23 Jul 2012 11:13:42 -0400
Subject: [PATCH] Added templatizing info and patch file to package

---
 .openshift/README.md      |  25 +++++++
 .openshift/template.patch | 133 ++++++++++++++++++++++++++++++++++++++
 README.md                 |   2 +-
 3 files changed, 159 insertions(+), 1 deletion(-)
 create mode 100644 .openshift/README.md
 create mode 100644 .openshift/template.patch

diff --git a/.openshift/README.md b/.openshift/README.md
new file mode 100644
index 0000000..6265e00
--- /dev/null
+++ b/.openshift/README.md
@@ -0,0 +1,25 @@
+# Django Template for OpenShift
+
+## Template App Information
+Product: Django  
+Version: 1.4  
+Source:  https://github.com/django/django.git  
+Commit:  2591fb8d4c0246f68b79554976c012039df75359
+
+## Maintenance
+This folder contains a diff file that includes the changes made to the
+stock Django app in order to make it OpenShift-Template-ready. If
+you are a maintainer tasked with updating the Django template, you
+may be able to use this patch file on the updated Django code to
+automatically reapply these changes.
+
+Here are the steps involved:
+
+1. Under the 'wsgi' directory, apply any patches required to update the 'openshift' Django app.
+2. From the template root directory, run 'git apply --check .openshift/template.patch' to test for patching problems.
+3. Next run 'git am --signoff < .openshift/template.patch' to apply the patch to the template.
+
+If this process succeeds, then the changes have been automatically
+applied. Otherwise it may be necessary to manually apply the
+changes. If the base package has changed enough, you may need to
+re-audit the base code and generate a new patch file.
diff --git a/.openshift/template.patch b/.openshift/template.patch
new file mode 100644
index 0000000..1f22aca
--- /dev/null
+++ b/.openshift/template.patch
@@ -0,0 +1,133 @@
+From 2b49faba38b8ceb8abe639b5f7ec022a59f47ce0 Mon Sep 17 00:00:00 2001
+From: "N. Harrison Ripps" <hripps@redhat.com>
+Date: Mon, 23 Jul 2012 11:05:13 -0400
+Subject: [PATCH] Added changes to templatize the quick start.
+
+---
+ wsgi/openshift/openshiftlibs.py |   81 +++++++++++++++++++++++++++++++++++++++
+ wsgi/openshift/settings.py      |   14 ++++++-
+ 2 files changed, 93 insertions(+), 2 deletions(-)
+ create mode 100644 wsgi/openshift/openshiftlibs.py
+
+diff --git a/wsgi/openshift/openshiftlibs.py b/wsgi/openshift/openshiftlibs.py
+new file mode 100644
+index 0000000..a11e0e5
+--- /dev/null
++++ b/wsgi/openshift/openshiftlibs.py
+@@ -0,0 +1,81 @@
++#!/usr/bin/env python
++import hashlib, inspect, os, random, sys
++
++# Gets the secret token provided by OpenShift 
++# or generates one (this is slightly less secure, but good enough for now)
++def get_openshift_secret_token():
++    token = os.getenv('OPENSHIFT_SECRET_TOKEN')
++    name  = os.getenv('OPENSHIFT_APP_NAME')
++    uuid  = os.getenv('OPENSHIFT_APP_UUID')
++    if token is not None:
++        return token
++    elif (name is not None and uuid is not None):
++        return hashlib.sha256(name + '-' + uuid).hexdigest()
++    return None
++
++# Loop through all provided variables and generate secure versions
++# If not running on OpenShift, returns defaults and logs an error message
++#
++# This function calls secure_function and passes an array of:
++#  {
++#    'hash':     generated sha hash,
++#    'variable': name of variable,
++#    'original': original value
++#  }
++def openshift_secure(default_keys, secure_function = 'make_secure_key'):
++    # Attempts to get secret token
++    my_token = get_openshift_secret_token()
++
++    # Only generate random values if on OpenShift
++    my_list  = default_keys
++    
++    if my_token is not None:
++        # Loop over each default_key and set the new value
++        for key, value in default_keys.iteritems():
++            # Create hash out of token and this key's name
++            sha = hashlib.sha256(my_token + '-' + key).hexdigest()
++            # Pass a dictionary so we can add stuff without breaking existing calls
++            vals = { 'hash': sha, 'variable': key, 'original': value }
++            # Call user specified function or just return hash
++            my_list[key] = sha
++            if secure_function is not None:
++                # Pick through the global and local scopes to find the function.
++                possibles = globals().copy()
++                possibles.update(locals())
++                supplied_function = possibles.get(secure_function)
++                if not supplied_function:
++                    raise Exception("Cannot find supplied security function")
++                else:
++                    my_list[key] = supplied_function(vals)
++    else:
++        calling_file = inspect.stack()[1][1]
++        if os.getenv('OPENSHIFT_REPO_DIR'):
++            base = os.getenv('OPENSHIFT_REPO_DIR')
++            calling_file.replace(base,'')
++        sys.stderr.write("OPENSHIFT WARNING: Using default values for secure variables, please manually modify in " + calling_file + "\n")
++
++    return my_list
++
++
++# This function transforms default keys into per-deployment random keys;
++def make_secure_key(key_info):
++	hashcode = key_info['hash']
++	key      = key_info['variable']
++	original = key_info['original']
++	
++	chars = '0123456789abcdef'
++
++	# Use the hash to seed the RNG
++	random.seed(int("0x" + hashcode[:8], 0))
++
++    # Create a random string the same length as the default
++	rand_key = ''
++	for _ in range(len(original)):
++		rand_pos = random.randint(0,len(chars))
++		rand_key += chars[rand_pos:(rand_pos+1)]
++
++	# Reset the RNG
++	random.seed()
++
++	# Set the value
++	return rand_key
+diff --git a/wsgi/openshift/settings.py b/wsgi/openshift/settings.py
+index 842669e..2f44079 100644
+--- a/wsgi/openshift/settings.py
++++ b/wsgi/openshift/settings.py
+@@ -1,6 +1,6 @@
+ # -*- coding: utf-8 -*-
+ # Django settings for openshift project.
+-import os
++import imp, os
+ 
+ # a setting to determine whether we are running on OpenShift
+ ON_OPENSHIFT = False
+@@ -104,8 +104,18 @@ STATICFILES_FINDERS = (
+     #'django.contrib.staticfiles.finders.DefaultStorageFinder',
+ )
+ 
++# Make a dictionary of default keys
++default_keys = { 'SECRET_KEY': 'vm4rl5*ymb@2&d_(gc$gb-^twq9w(u69hi--%$5xrh!xk(t%hw' }
++
++# Replace default keys with dynamic values if we are in OpenShift
++use_keys = default_keys
++if ON_OPENSHIFT:
++    imp.find_module('openshiftlibs')
++    import openshiftlibs
++    use_keys = openshiftlibs.openshift_secure(default_keys)
++
+ # Make this unique, and don't share it with anybody.
+-SECRET_KEY = 'vm4rl5*ymb@2&d_(gc$gb-^twq9w(u69hi--%$5xrh!xk(t%hw'
++SECRET_KEY = use_keys['SECRET_KEY']
+ 
+ # List of callables that know how to import templates from various sources.
+ TEMPLATE_LOADERS = (
+-- 
+1.7.5.4
+
diff --git a/README.md b/README.md
index 520385e..b97bdb9 100644
--- a/README.md
+++ b/README.md
@@ -43,7 +43,7 @@ Add this upstream repo
     git remote add upstream -m master git://github.com/openshift/django-example.git
     git pull -s recursive -X theirs upstream master
 
-Set your Django admin password
+Set your Django admin password. (Django must be installed on your dev system for this to work; 'sudo yum install Django' will do this for Fedora and RHEL)
 
     cd wsgi/openshift
     ./manage.py changepassword admin