summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-06-13 07:57:06 +0000
committerjsdelfino <jsdelfino@13f79535-47bb-0310-9956-ffa450edef68>2011-06-13 07:57:06 +0000
commiteb7ad1a0241d049f10c9e62a8eb4d9e1dd3000a9 (patch)
tree0284fdb498571add89832977f6875a44557608e2
parentc53f08af43a87119f9307fe7bc48303299c9beed (diff)
Add configuration and script to enable mod-security 2.6.0.
git-svn-id: http://svn.us.apache.org/repos/asf/tuscany@1135046 13f79535-47bb-0310-9956-ffa450edef68
-rw-r--r--sca-cpp/trunk/configure.ac35
-rwxr-xr-xsca-cpp/trunk/modules/edit/ssl-start4
-rw-r--r--sca-cpp/trunk/modules/http/Makefile.am13
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-conf9
-rwxr-xr-xsca-cpp/trunk/modules/http/httpd-ssl-conf5
-rwxr-xr-xsca-cpp/trunk/modules/http/mod-security-conf190
-rwxr-xr-xsca-cpp/trunk/ubuntu/ubuntu-bin-all-image9
-rwxr-xr-xsca-cpp/trunk/ubuntu/ubuntu-bin-image75
-rwxr-xr-xsca-cpp/trunk/ubuntu/ubuntu-dev-image41
-rwxr-xr-xsca-cpp/trunk/ubuntu/ubuntu-install29
-rwxr-xr-xsca-cpp/trunk/ubuntu/ubuntu-install-all30
-rwxr-xr-xsca-cpp/trunk/ubuntu/uec2-bin-image23
-rwxr-xr-xsca-cpp/trunk/ubuntu/uec2-dev-image23
13 files changed, 466 insertions, 20 deletions
diff --git a/sca-cpp/trunk/configure.ac b/sca-cpp/trunk/configure.ac
index 4d713a5c93..49c7c3e663 100644
--- a/sca-cpp/trunk/configure.ac
+++ b/sca-cpp/trunk/configure.ac
@@ -507,7 +507,7 @@ if test "${want_openid}" = "true"; then
# Configure path to mod-auth-openid
AC_MSG_CHECKING([for mod-auth-openid])
- AC_ARG_WITH([mod-auth-openid], [AC_HELP_STRING([--with-mod-auth-openid=PATH], [path to installed mod-auth-openid [default=/usr]])], [
+ AC_ARG_WITH([mod-auth-openid], [AC_HELP_STRING([--with-mod-auth-openid=PATH], [path to installed mod-auth-openid [default=/usr/local]])], [
MODAUTHOPENID_PREFIX="${withval}"
AC_MSG_RESULT("${withval}")
], [
@@ -561,6 +561,39 @@ else
AM_CONDITIONAL([WANT_OAUTH], false)
fi
+# Enable support for modsecurity.
+AC_MSG_CHECKING([whether to enable mod-security support])
+AC_ARG_ENABLE(mod-security, [AS_HELP_STRING([--enable-mod-security], [enable mod-security support [default=no]])],
+[ case "${enableval}" in
+ no)
+ AC_MSG_RESULT(no)
+ ;;
+ *)
+ AC_MSG_RESULT(yes)
+ want_modsecurity=true
+ ;;
+ esac ],
+[ AC_MSG_RESULT(no)])
+if test "${want_modsecurity}" = "true"; then
+
+ # Configure path to mod-security
+ AC_MSG_CHECKING([for mod-security])
+ AC_ARG_WITH([mod-security], [AC_HELP_STRING([--with-mod-security=PATH], [path to installed mod-security [default=/usr/local]])], [
+ MODSECURITY_PREFIX="${withval}"
+ AC_MSG_RESULT("${withval}")
+ ], [
+ MODSECURITY_PREFIX="/usr/local/"
+ AC_MSG_RESULT(/usr/local)
+ ])
+ AC_SUBST(MODSECURITY_PREFIX)
+
+ AM_CONDITIONAL([WANT_MODSECURITY], true)
+ AC_DEFINE([WANT_MODSECURITY], 1, [enable mod-security support])
+
+else
+ AM_CONDITIONAL([WANT_MODSECURITY], false)
+fi
+
# Enable support for Google AppEngine.
AC_MSG_CHECKING([whether to enable Google AppEngine support])
AC_ARG_ENABLE(gae, [AS_HELP_STRING([--enable-gae], [enable Google AppEngine support [default=no]])],
diff --git a/sca-cpp/trunk/modules/edit/ssl-start b/sca-cpp/trunk/modules/edit/ssl-start
index 1c85c74b5b..5b982f45ff 100755
--- a/sca-cpp/trunk/modules/edit/ssl-start
+++ b/sca-cpp/trunk/modules/edit/ssl-start
@@ -38,6 +38,10 @@ jsprefix=`readlink -f $here/../js`
../../modules/http/open-auth-conf tmp
../../modules/http/passwd-auth-conf tmp john john
../../modules/http/passwd-auth-conf tmp jane jane
+../../modules/http/passwd-auth-conf tmp admin admin
+
+# Configure mod-security
+../../modules/http/mod-security-conf tmp
# Configure Python component support
../../modules/server/server-conf tmp
diff --git a/sca-cpp/trunk/modules/http/Makefile.am b/sca-cpp/trunk/modules/http/Makefile.am
index a47b83fbf0..f6e95b3996 100644
--- a/sca-cpp/trunk/modules/http/Makefile.am
+++ b/sca-cpp/trunk/modules/http/Makefile.am
@@ -21,7 +21,7 @@ incl_HEADERS = *.hpp
incldir = $(prefix)/include/modules/http
dist_mod_SCRIPTS = httpd-conf httpd-addr httpd-start httpd-stop httpd-restart ssl-ca-conf ssl-cert-conf ssl-cert-find httpd-ssl-conf basic-auth-conf cert-auth-conf form-auth-conf open-auth-conf passwd-auth-conf group-auth-conf proxy-conf proxy-ssl-conf proxy-member-conf proxy-ssl-member-conf vhost-conf vhost-ssl-conf tunnel-ssl-conf httpd-worker-conf httpd-event-conf
-moddir=$(prefix)/modules/http
+moddir = $(prefix)/modules/http
curl_test_SOURCES = curl-test.cpp
curl_test_LDFLAGS = -lxml2 -lcurl -lmozjs
@@ -59,6 +59,17 @@ httpd-modules.prefix: $(top_builddir)/config.status
curl.prefix: $(top_builddir)/config.status
echo ${CURL_PREFIX} >curl.prefix
+if WANT_MODSECURITY
+
+modsecurity.prefix: $(top_builddir)/config.status
+ echo ${MODSECURITY_PREFIX} >modsecurity.prefix
+
+dist_modsecurity_SCRIPTS = mod-security-conf
+modsecurity_DATA = modsecurity.prefix
+modsecuritydir = $(prefix)/modules/http
+
+endif
+
dist_noinst_SCRIPTS = httpd-test http-test proxy-test
noinst_PROGRAMS = curl-test curl-get curl-connect
TESTS = httpd-test http-test proxy-test
diff --git a/sca-cpp/trunk/modules/http/httpd-conf b/sca-cpp/trunk/modules/http/httpd-conf
index 7c9190d08c..199eec8301 100755
--- a/sca-cpp/trunk/modules/http/httpd-conf
+++ b/sca-cpp/trunk/modules/http/httpd-conf
@@ -61,6 +61,7 @@ Group $group
ServerSignature Off
ServerTokens Prod
Timeout 45
+RequestReadTimeout header=20-40,MinRate=500 body=20,MinRate=500
LimitRequestBody 1048576
HostNameLookups Off
@@ -132,6 +133,12 @@ SetEnvIfNoCase Request_URI \.(?:gif|jpe?g|png)$ no-gzip dont-vary
Header append Vary User-Agent env=!dont-vary
</Location>
+# Enable per client bandwidth rate limt
+<Location />
+SetOutputFilter RATE_LIMIT
+SetEnv rate-limit 400
+</Location>
+
# Listen on HTTP port
Listen $listen
@@ -200,10 +207,12 @@ LoadModule socache_shmcb_module ${modules_prefix}/modules/mod_socache_shmcb.so
LoadModule rewrite_module ${modules_prefix}/modules/mod_rewrite.so
LoadModule mime_module ${modules_prefix}/modules/mod_mime.so
LoadModule status_module ${modules_prefix}/modules/mod_status.so
+LoadModule info_module ${modules_prefix}/modules/mod_info.so
LoadModule asis_module ${modules_prefix}/modules/mod_asis.so
LoadModule negotiation_module ${modules_prefix}/modules/mod_negotiation.so
LoadModule dir_module ${modules_prefix}/modules/mod_dir.so
LoadModule setenvif_module ${modules_prefix}/modules/mod_setenvif.so
+LoadModule env_module ${modules_prefix}/modules/mod_env.so
<IfModule !log_config_module>
LoadModule log_config_module ${modules_prefix}/modules/mod_log_config.so
</IfModule>
diff --git a/sca-cpp/trunk/modules/http/httpd-ssl-conf b/sca-cpp/trunk/modules/http/httpd-ssl-conf
index 5882a18cb4..9933d1c7d9 100755
--- a/sca-cpp/trunk/modules/http/httpd-ssl-conf
+++ b/sca-cpp/trunk/modules/http/httpd-ssl-conf
@@ -69,6 +69,11 @@ HostnameLookups on
Require user admin
</Location>
+<Location /server-info>
+SetHandler server-info
+HostnameLookups on
+Require user admin
+</Location>
</VirtualHost>
EOF
diff --git a/sca-cpp/trunk/modules/http/mod-security-conf b/sca-cpp/trunk/modules/http/mod-security-conf
new file mode 100755
index 0000000000..f988163cf4
--- /dev/null
+++ b/sca-cpp/trunk/modules/http/mod-security-conf
@@ -0,0 +1,190 @@
+#!/bin/sh
+
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Generate a minimal mod-security configuration.
+here=`readlink -f $0`; here=`dirname $here`
+mkdir -p $1
+root=`readlink -f $1`
+
+modules_prefix=`cat $here/httpd-modules.prefix`
+modsecurity_prefix=`cat $here/modsecurity.prefix`
+
+mkdir -p $root/tmp
+
+cat >>$root/conf/modules.conf <<EOF
+# Generated by: mod-security-conf $*
+# Load support for mod-security
+LoadModule unique_id_module ${modules_prefix}/modules/mod_unique_id.so
+LoadModule security2_module $modsecurity_prefix/lib/mod_security2.so
+
+EOF
+
+cat >>$root/conf/httpd.conf <<EOF
+# Generated by: mod-security-conf $*
+# Enable mod-security
+Include conf/mod-security.conf
+
+EOF
+
+cat >$root/conf/mod-security.conf <<EOF
+# Generated by: mod-security-conf $*
+# Enable mod-security rules
+SecRuleEngine On
+SecDefaultAction "phase:2,pass,log"
+
+#SecDebugLog $root/logs//modsec_debug_log
+#SecDebugLogLevel 3
+
+# Allow mod-security to access request bodies
+SecRequestBodyAccess On
+SecRule REQUEST_HEADERS:Content-Type "text/xml" "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+SecRule REQUEST_HEADERS:Content-Type "application/xml" "phase:1,t:none,t:lowercase,pass,nolog,ctl:requestBodyProcessor=XML"
+SecRequestBodyLimit 13107200
+SecRequestBodyNoFilesLimit 131072
+SecRequestBodyInMemoryLimit 131072
+SecRequestBodyLimitAction Reject
+
+# Verify that we've correctly processed the request body
+SecRule REQBODY_ERROR "!@eq 0" "phase:2,t:none,log,deny,status:400,msg:'Failed to parse request body.',logdata:'%{reqbody_error_msg}',severity:2"
+
+# By default be strict with what we accept in multipart/form-data request body
+SecRule MULTIPART_STRICT_ERROR "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart request body failed strict validation: \
+PE %{REQBODY_PROCESSOR_ERROR}, \
+BQ %{MULTIPART_BOUNDARY_QUOTED}, \
+BW %{MULTIPART_BOUNDARY_WHITESPACE}, \
+DB %{MULTIPART_DATA_BEFORE}, \
+DA %{MULTIPART_DATA_AFTER}, \
+HF %{MULTIPART_HEADER_FOLDING}, \
+LF %{MULTIPART_LF_LINE}, \
+SM %{MULTIPART_SEMICOLON_MISSING}, \
+IQ %{MULTIPART_INVALID_QUOTING}, \
+IH %{MULTIPART_INVALID_HEADER_FOLDING}, \
+IH %{MULTIPART_FILE_LIMIT_EXCEEDED}'"
+
+# Did we see anything that might be a boundary?
+SecRule MULTIPART_UNMATCHED_BOUNDARY "!@eq 0" "phase:2,t:none,log,deny,status:44,msg:'Multipart parser detected a possible unmatched boundary.'"
+
+# Avoid a potential RegEx DoS condition
+SecPcreMatchLimit 1000
+SecPcreMatchLimitRecursion 1000
+SecRule TX:/^MSC_/ "!@streq 0" "phase:2,t:none,deny,msg:'ModSecurity internal error flagged: %{MATCHED_VAR_NAME}'"
+
+# Detect slow DoS attacks
+SecRule RESPONSE_STATUS "@streq 408" "phase:5,t:none,nolog,pass, setvar:ip.slow_dos_counter=+1,expirevar:ip.slow_dos_counter=60"
+SecRule IP:SLOW_DOS_COUNTER "@gt 5" "phase:1,t:none,log,drop, msg:'Client Connection Dropped due to high # of slow DoS alerts'"
+SecWriteStateLimit 50
+
+# Allow mod-security to access response bodies
+SecResponseBodyAccess On
+SecResponseBodyMimeType text/plain text/html text/xml application/xml
+SecResponseBodyLimit 524288
+SecResponseBodyLimitAction ProcessPartial
+
+# The location where mod-security stores temporary files
+SecTmpDir $root/tmp/
+SecDataDir $root/tmp/
+
+# Enable mod-security audit
+SecAuditEngine RelevantOnly
+SecAuditLogRelevantStatus "^(?:5|4(?!04))"
+SecAuditLogParts ABIJDEFHKZ
+SecAuditLogType Serial
+SecAuditLog $root/logs/modsec_audit_log
+
+# Use & as application/x-www-form-urlencoded parameter separator
+SecArgumentSeparator &
+
+# Settle on version 0 (zero) cookies.
+SecCookieFormat 0
+
+# Enable anomaly scoring
+SecAction "phase:1,id:'981206',t:none,nolog,pass,setvar:tx.anomaly_score_blocking=on"
+SecAction "phase:1,id:'981207',t:none,nolog,pass, \
+setvar:tx.critical_anomaly_score=5, \
+setvar:tx.error_anomaly_score=4, \
+setvar:tx.warning_anomaly_score=3, \
+setvar:tx.notice_anomaly_score=2"
+SecAction "phase:1,id:'981208',t:none,nolog,pass,setvar:tx.inbound_anomaly_score_level=5"
+SecAction "phase:1,id:'981209',t:none,nolog,pass,setvar:tx.outbound_anomaly_score_level=4"
+
+# Paranoid mode
+SecAction "phase:1,id:'981210',t:none,nolog,pass,setvar:tx.paranoid_mode=0"
+
+# HTTP policy settings
+SecAction "phase:1,id:'981211',t:none,nolog,pass,setvar:tx.max_num_args=255"
+SecAction "phase:1,t:none,nolog,pass,setvar:tx.arg_name_length=100"
+SecAction "phase:1,t:none,nolog,pass,setvar:tx.arg_length=400"
+SecAction "phase:1,t:none,nolog,pass,setvar:tx.total_arg_length=64000"
+SecAction "phase:1,t:none,nolog,pass,setvar:tx.max_file_size=1048576"
+SecAction "phase:1,t:none,nolog,pass,setvar:tx.combined_file_sizes=1048576"
+SecAction "phase:1,id:'981212',t:none,nolog,pass, \
+setvar:'tx.allowed_methods=GET HEAD POST PUT OPTIONS DELETE CONNECT', \
+setvar:'tx.allowed_request_content_type=application/x-www-form-urlencoded multipart/form-data text/xml application/xml application/json application/json-rpc application/atom+xml', \
+setvar:'tx.allowed_http_versions=HTTP/0.9 HTTP/1.0 HTTP/1.1', \
+setvar:'tx.restricted_extensions=.asa/ .asax/ .ascx/ .axd/ .backup/ .bak/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .com/ .config/ .conf/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dll/ .dos/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .ini/ .key/ .licx/ .lnk/ .log/ .mdb/ .old/ .pass/ .pdb/ .pol/ .printer/ .pwd/ .resources/ .resx/ .sql/ .sys/ .vb/ .vbs/ .vbproj/ .vsdisco/ .webinfo/ .xsd/ .xsx/', \
+setvar:'tx.restricted_headers=/Proxy-Connection/ /Lock-Token/ /Content-Range/ /Translate/ /via/ /if/'"
+
+# Brute force protection
+SecAction "phase:1,id:'981214',t:none,nolog,pass, \
+setvar:'tx.brute_force_protected_urls=/login', \
+setvar:'tx.brute_force_burst_time_slice=60', \
+setvar:'tx.brute_force_counter_threshold=10', \
+setvar:'tx.brute_force_block_timeout=300'"
+
+# DoS protection
+SecAction "phase:1,id:'981215',t:none,nolog,pass, \
+setvar:'tx.dos_burst_time_slice=60', \
+setvar:'tx.dos_counter_threshold=100', \
+setvar:'tx.dos_block_timeout=600'"
+
+# Check UTF-8 encoding
+SecAction "phase:1,id:'981216',t:none,nolog,pass,setvar:tx.crs_validate_utf8_encoding=1"
+
+# Global and IP collections
+SecRule REQUEST_HEADERS:User-Agent "^(.*)$" "phase:1,id:'981217',t:none,pass,nolog,t:sha1,t:hexEncode,setvar:tx.ua_hash=%{matched_var}"
+SecRule REQUEST_HEADERS:x-forwarded-for "^\b(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})\b" "phase:1,id:'981225',t:none,pass,nolog,capture,setvar:tx.real_ip=%{tx.1}"
+SecRule &TX:REAL_IP "!@eq 0" "phase:1,id:'981226',t:none,pass,nolog,initcol:global=global,initcol:ip=%{tx.real_ip}_%{tx.ua_hash}"
+SecRule &TX:REAL_IP "@eq 0" "phase:1,id:'981218',t:none,pass,nolog,initcol:global=global,initcol:ip=%{remote_addr}_%{tx.ua_hash}"
+
+# Include all base mod-security CRS rules
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_20_protocol_violations.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_41_xss_attacks.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_50_outbound.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_35_bad_robots.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_47_common_exceptions.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_60_correlation.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_40_generic_attacks.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_21_protocol_anomalies.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_30_http_policy.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_49_inbound_blocking.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_45_trojans.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_59_outbound_blocking.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_23_request_limits.conf
+Include ${modsecurity_prefix}/base_rules/modsecurity_crs_42_tight_security.conf
+
+# Include some optional mod-security CRS rules
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_10_ignore_static.conf
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_13_xml_enabler.conf
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_25_cc_known.conf
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_42_comment_spam.conf
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_47_skip_outbound_checks.conf
+Include ${modsecurity_prefix}/optional_rules/modsecurity_crs_55_application_defects.conf
+EOF
+
diff --git a/sca-cpp/trunk/ubuntu/ubuntu-bin-all-image b/sca-cpp/trunk/ubuntu/ubuntu-bin-all-image
index 12bd22b841..cbd465dcdc 100755
--- a/sca-cpp/trunk/ubuntu/ubuntu-bin-all-image
+++ b/sca-cpp/trunk/ubuntu/ubuntu-bin-all-image
@@ -34,7 +34,7 @@ sudo chgrp $g /mnt/tuscany
cd /mnt/tuscany
# Install core dev tools
-sudo apt-get -y install wget git-core subversion autoconf automake libtool g++
+sudo apt-get -y install wget git-core subversion autoconf pkg-config automake libtool g++
if [ "$?" != "0" ]; then
exit $?
fi
@@ -53,11 +53,6 @@ sudo apt-get -y install autoconf2.13 zip
if [ "$?" != "0" ]; then
exit $?
fi
-# Required by Apache Axis2/C
-sudo apt-get -y install pkg-config
-if [ "$?" != "0" ]; then
- exit $?
-fi
# Required by Apache Qpid/C++
sudo apt-get -y install libboost-dev libboost-program-options-dev libboost-filesystem-dev uuid-dev
if [ "$?" != "0" ]; then
@@ -68,7 +63,7 @@ sudo apt-get -y install openjdk-6-jdk
if [ "$?" != "0" ]; then
exit $?
fi
-# Require by HTML Tidy
+# Required by HTML Tidy
sudo apt-get -y install cvs
if [ "$?" != "0" ]; then
exit $?
diff --git a/sca-cpp/trunk/ubuntu/ubuntu-bin-image b/sca-cpp/trunk/ubuntu/ubuntu-bin-image
new file mode 100755
index 0000000000..bda42d9596
--- /dev/null
+++ b/sca-cpp/trunk/ubuntu/ubuntu-bin-image
@@ -0,0 +1,75 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Install a complete distribution, the required system tools and libraries,
+# the runtime dependencies and the Tuscany SCA runtime on a fresh Ubuntu Server
+# 10.10 image.
+
+# Display commands as they are executed
+set -x
+
+# First update the system
+sudo apt-get update
+
+# Create install directory
+u=`id -un`
+g=`id -gn`
+sudo mkdir -p /mnt/tuscany
+sudo chown $u /mnt/tuscany
+sudo chgrp $g /mnt/tuscany
+cd /mnt/tuscany
+
+# Install core dev tools
+sudo apt-get -y install wget git-core subversion autoconf pkg-config automake libtool g++
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by Apache HTTP server
+sudo apt-get -y install libssl-dev libpcre3-dev
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by Memcached
+sudo apt-get -y install libevent-dev
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by TraceMonkey
+sudo apt-get -y install autoconf2.13 zip
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by HTML Tidy
+sudo apt-get -y install cvs
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by Apache Thrift
+sudo apt-get -y install bison flex python-dev libboost-dev libboost-filesystem-dev
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+# Required by Facebook Scribe
+sudo apt-get -y install gawk
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+
+# Download and install the Tuscany runtime
+wget http://people.apache.org/~jsdelfino/tuscany/test/tuscany-sca-cpp-1.0.tar.gz
+tar xzf tuscany-sca-cpp-1.0.tar.gz
+
diff --git a/sca-cpp/trunk/ubuntu/ubuntu-dev-image b/sca-cpp/trunk/ubuntu/ubuntu-dev-image
new file mode 100755
index 0000000000..733d912dfb
--- /dev/null
+++ b/sca-cpp/trunk/ubuntu/ubuntu-dev-image
@@ -0,0 +1,41 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Install a complete distribution, the required system tools and libraries,
+# the runtime dependencies and the Tuscany SCA runtime on a fresh Ubuntu
+# Server 10.10 image.
+
+# Display commands as they are executed
+set -x
+
+# First update the system
+sudo apt-get update
+
+# Create install directory
+u=`id -un`
+g=`id -gn`
+sudo mkdir -p /mnt/tuscany
+sudo chown $u /mnt/tuscany
+sudo chgrp $g /mnt/tuscany
+cd /mnt/tuscany
+
+# Download and run install script
+sudo apt-get -y install wget
+wget http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/ubuntu/ubuntu-install
+chmod +x ./ubuntu-install
+./ubuntu-install
+
diff --git a/sca-cpp/trunk/ubuntu/ubuntu-install b/sca-cpp/trunk/ubuntu/ubuntu-install
index 43acc82dc3..3b73ff7d71 100755
--- a/sca-cpp/trunk/ubuntu/ubuntu-install
+++ b/sca-cpp/trunk/ubuntu/ubuntu-install
@@ -26,7 +26,7 @@ set -x
build=`pwd`
# Install core dev tools
-sudo apt-get -y install wget git-core subversion autoconf automake libtool g++
+sudo apt-get -y install wget git-core subversion autoconf pkg-config automake libtool g++
if [ "$?" != "0" ]; then
exit $?
fi
@@ -202,8 +202,27 @@ if [ "$?" != "0" ]; then
fi
cd $build
+# Build mod_security
+wget http://cdnetworks-us-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.0/modsecurity-apache_2.6.0.tar.gz
+tar xzf modsecurity-apache_2.6.0.tar.gz
+cd modsecurity-apache_2.6.0
+./configure --prefix=$build/modsecurity-apache-2.6.0-bin --with-apxs=$build/httpd-2.3.10-bin/bin/apxs --with-apr=$build/apr-1.4.x-bin/bin/apr-2-config --with-apu=$build/apr-1.4.x-bin/bin/apr-2-config --with-libxml=$build/libxml2-2.7.7-bin --with-curl=$build/curl-7.19.5-bin LIBS="-L$build/expat-2.0.1-bin/lib -R$build/expat-2.0.1-bin/lib"
+make
+make install
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+cd $build
+wget http://cdnetworks-us-1.dl.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.0.tar.gz
+tar xzf modsecurity-crs_2.2.0.tar.gz
+cp -R $build/modsecurity-crs_2.2.0/base_rules $build/modsecurity-apache-2.6.0-bin
+cp -R $build/modsecurity-crs_2.2.0/optional_rules $build/modsecurity-apache-2.6.0-bin
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+
# Build Apache Thrift
-sudo apt-get -y install bison flex python-dev
+sudo apt-get -y install bison flex python-dev libboost-dev libboost-filesystem-dev
if [ "$?" != "0" ]; then
exit $?
fi
@@ -270,7 +289,7 @@ cd $build
git clone git://git.apache.org/tuscany-sca-cpp.git
cd tuscany-sca-cpp
./bootstrap
-./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.4.2-bin --enable-threads --enable-python --with-libxml2=$build/libxml2-2.7.7-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
+./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.4.2-bin --enable-threads --enable-python --with-libxml2=$build/libxml2-2.7.7-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin --enable-mod-security --with-mod-security=$build/modsecurity-apache-2.6.0-bin
make
make install
if [ "$?" != "0" ]; then
@@ -279,8 +298,8 @@ fi
cd $build
# Create src archive
-tar czf tuscany-sca-cpp-all-1.0-src.tar.gz apache-libcloud-incubating-0.4.2 apache-libcloud-incubating-0.4.2.tar.bz2 apr-1.4.x apr-1.4.x-bin curl-7.19.5 curl-7.19.5-bin curl-7.19.5.tar.gz expat-2.0.1 expat-2.0.1-bin expat-2.0.1.tar.gz htmltidy-bin httpd-2.3.10 httpd-2.3.10-alpha.tar.gz httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1 liboauth-0.9.1-bin liboauth-0.9.1.tar.gz libopkele libopkele-bin libstrophe libstrophe-bin libxml2-2.7.7 libxml2-2.7.7-bin libxml2-sources-2.7.7.tar.gz memcached-1.4.5 memcached-1.4.5-bin memcached-1.4.5.tar.gz mod_auth_openid mod-auth-openid-bin nuvem scribe scribe-2.2-bin scribe-2.2.tar.gz thrift-0.2.0 thrift-0.2.0-bin thrift-0.2.0-incubating.tar.gz tidy tinycdb-0.77 tinycdb-0.77-bin tinycdb_0.77.tar.gz tracemonkey-bin tracemonkey-e4364736e170 tracemonkey-e4364736e170.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin
+tar czf tuscany-sca-cpp-1.0-src.tar.gz apache-libcloud-incubating-0.4.2 apache-libcloud-incubating-0.4.2.tar.bz2 apr-1.4.x apr-1.4.x-bin curl-7.19.5 curl-7.19.5-bin curl-7.19.5.tar.gz expat-2.0.1 expat-2.0.1-bin expat-2.0.1.tar.gz htmltidy-bin httpd-2.3.10 httpd-2.3.10-alpha.tar.gz httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1 liboauth-0.9.1-bin liboauth-0.9.1.tar.gz libopkele libopkele-bin libstrophe libstrophe-bin libxml2-2.7.7 libxml2-2.7.7-bin libxml2-sources-2.7.7.tar.gz memcached-1.4.5 memcached-1.4.5-bin memcached-1.4.5.tar.gz mod_auth_openid mod-auth-openid-bin modsecurity-apache_2.6.0 modsecurity-apache-2.6.0-bin modsecurity-apache_2.6.0.tar.gz modsecurity-crs_2.2.0 modsecurity-crs_2.2.0.tar.gz nuvem scribe scribe-2.2-bin scribe-2.2.tar.gz thrift-0.2.0 thrift-0.2.0-bin thrift-0.2.0-incubating.tar.gz tidy tinycdb-0.77 tinycdb-0.77-bin tinycdb_0.77.tar.gz tracemonkey-bin tracemonkey-e4364736e170 tracemonkey-e4364736e170.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin
# Create bin archive
-tar czf tuscany-sca-cpp-all-1.0.tar.gz apr-1.4.x-bin curl-7.19.5-bin expat-2.0.1-bin htmltidy-bin httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1-bin libopkele-bin libstrophe-bin libxml2-2.7.7-bin memcached-1.4.5-bin mod-auth-openid-bin nuvem/nuvem-parallel scribe-2.2-bin thrift-0.2.0-bin tinycdb-0.77-bin tracemonkey-bin tuscany-sca-cpp tuscany-sca-cpp-bin
+tar czf tuscany-sca-cpp-1.0.tar.gz apr-1.4.x-bin curl-7.19.5-bin expat-2.0.1-bin htmltidy-bin httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1-bin libopkele-bin libstrophe-bin libxml2-2.7.7-bin memcached-1.4.5-bin mod-auth-openid-bin modsecurity-apache-2.6.0-bin nuvem/nuvem-parallel scribe-2.2-bin thrift-0.2.0-bin tinycdb-0.77-bin tracemonkey-bin tuscany-sca-cpp tuscany-sca-cpp-bin
diff --git a/sca-cpp/trunk/ubuntu/ubuntu-install-all b/sca-cpp/trunk/ubuntu/ubuntu-install-all
index 52bdd80600..861d21f538 100755
--- a/sca-cpp/trunk/ubuntu/ubuntu-install-all
+++ b/sca-cpp/trunk/ubuntu/ubuntu-install-all
@@ -26,7 +26,7 @@ set -x
build=`pwd`
# Install core dev tools
-sudo apt-get -y install wget git-core subversion autoconf automake libtool g++
+sudo apt-get -y install wget git-core subversion autoconf pkg-config automake libtool g++
if [ "$?" != "0" ]; then
exit $?
fi
@@ -143,7 +143,6 @@ wget http://googleappengine.googlecode.com/files/google_appengine_1.4.0.zip
unzip google_appengine_1.4.0.zip
# Build Apache Axis2/C
-sudo apt-get -y install pkg-config
if [ "$?" != "0" ]; then
exit $?
fi
@@ -257,6 +256,25 @@ if [ "$?" != "0" ]; then
fi
cd $build
+# Build mod_security
+wget http://cdnetworks-us-1.dl.sourceforge.net/project/mod-security/modsecurity-apache/2.6.0/modsecurity-apache_2.6.0.tar.gz
+tar xzf modsecurity-apache_2.6.0.tar.gz
+cd modsecurity-apache_2.6.0
+./configure --prefix=$build/modsecurity-apache-2.6.0-bin --with-apxs=$build/httpd-2.3.10-bin/bin/apxs --with-apr=$build/apr-1.4.x-bin/bin/apr-2-config --with-apu=$build/apr-1.4.x-bin/bin/apr-2-config --with-libxml=$build/libxml2-2.7.7-bin --with-curl=$build/curl-7.19.5-bin LIBS="-L$build/expat-2.0.1-bin/lib -R$build/expat-2.0.1-bin/lib"
+make
+make install
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+cd $build
+wget http://cdnetworks-us-1.dl.sourceforge.net/project/mod-security/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.0.tar.gz
+tar xzf modsecurity-crs_2.2.0.tar.gz
+cp -R $build/modsecurity-crs_2.2.0/base_rules $build/modsecurity-apache-2.6.0-bin
+cp -R $build/modsecurity-crs_2.2.0/optional_rules $build/modsecurity-apache-2.6.0-bin
+if [ "$?" != "0" ]; then
+ exit $?
+fi
+
# Build PostgreSQL
sudo apt-get -y install libreadline-dev
if [ "$?" != "0" ]; then
@@ -274,7 +292,7 @@ fi
cd $build
# Build Apache Thrift
-sudo apt-get -y install bison flex python-dev
+sudo apt-get -y install bison flex python-dev libboost-dev libboost-filesystem-dev
if [ "$?" != "0" ]; then
exit $?
fi
@@ -341,7 +359,7 @@ cd $build
git clone git://git.apache.org/tuscany-sca-cpp.git
cd tuscany-sca-cpp
./bootstrap
-./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.4.2-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.6 --enable-sqldb --with-pgsql=$build/postgresql-9.0.3-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin
+./configure --prefix=$build/tuscany-sca-cpp-bin --with-curl=$build/curl-7.19.5-bin --with-apr=$build/apr-1.4.x-bin --with-httpd=$build/httpd-2.3.10-bin --with-memcached=$build/memcached-1.4.5-bin --with-tinycdb=$build/tinycdb-0.77-bin --with-js-include=$build/tracemonkey-bin/include/js --with-js-lib=$build/tracemonkey-bin/lib --with-libcloud=$build/libcloud-0.4.2-bin --enable-threads --enable-python --enable-gae --with-gae=$build/google_appengine --enable-java --with-java=/usr/lib/jvm/java-6-openjdk --enable-webservice --with-libxml2=$build/libxml2-2.7.7-bin --with-axis2c=$build/axis2c-1.6.0-bin --enable-queue --with-qpidc=$build/qpidc-0.6-bin --enable-chat --with-libstrophe=$build/libstrophe-bin --with-vysper=$build/vysper-0.6 --enable-sqldb --with-pgsql=$build/postgresql-9.0.3-bin --enable-log --with-thrift=$build/thrift-0.2.0-bin --with-scribe=$build/scribe-2.2-bin --enable-openid --with-mod-auth-openid=$build/mod-auth-openid-bin --enable-oauth --with-liboauth=$build/liboauth-0.9.1-bin --enable-mod-security --with-mod-security=$build/modsecurity-apache-2.6.0-bin
make
make install
if [ "$?" != "0" ]; then
@@ -350,8 +368,8 @@ fi
cd $build
# Create src archive
-tar czf tuscany-sca-cpp-all-1.0-src.tar.gz apache-libcloud-incubating-0.4.2 apache-libcloud-incubating-0.4.2.tar.bz2 apr-1.4.x apr-1.4.x-bin axis2c-1.6.0-bin axis2c-src-1.6.0 axis2c-src-1.6.0.tar.gz curl-7.19.5 curl-7.19.5-bin curl-7.19.5.tar.gz expat-2.0.1 expat-2.0.1-bin expat-2.0.1.tar.gz google_appengine google_appengine_1.4.0.zip htmltidy-bin httpd-2.3.10 httpd-2.3.10-alpha.tar.gz httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1 liboauth-0.9.1-bin liboauth-0.9.1.tar.gz libopkele libopkele-bin libstrophe libstrophe-bin libxml2-2.7.7 libxml2-2.7.7-bin libxml2-sources-2.7.7.tar.gz memcached-1.4.5 memcached-1.4.5-bin memcached-1.4.5.tar.gz mod_auth_openid mod-auth-openid-bin nuvem postgresql-9.0.3 postgresql-9.0.3-bin postgresql-9.0.3.tar.gz qpidc-0.6 qpidc-0.6-bin qpid-cpp-0.6.tar.gz scribe scribe-2.2-bin scribe-2.2.tar.gz thrift-0.2.0 thrift-0.2.0-bin thrift-0.2.0-incubating.tar.gz tidy tinycdb-0.77 tinycdb-0.77-bin tinycdb_0.77.tar.gz tracemonkey-bin tracemonkey-e4364736e170 tracemonkey-e4364736e170.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin vysper-0.6 vysper-0.6-bin.tar.gz
+tar czf tuscany-sca-cpp-all-1.0-src.tar.gz apache-libcloud-incubating-0.4.2 apache-libcloud-incubating-0.4.2.tar.bz2 apr-1.4.x apr-1.4.x-bin axis2c-1.6.0-bin axis2c-src-1.6.0 axis2c-src-1.6.0.tar.gz curl-7.19.5 curl-7.19.5-bin curl-7.19.5.tar.gz expat-2.0.1 expat-2.0.1-bin expat-2.0.1.tar.gz google_appengine google_appengine_1.4.0.zip htmltidy-bin httpd-2.3.10 httpd-2.3.10-alpha.tar.gz httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1 liboauth-0.9.1-bin liboauth-0.9.1.tar.gz libopkele libopkele-bin libstrophe libstrophe-bin libxml2-2.7.7 libxml2-2.7.7-bin libxml2-sources-2.7.7.tar.gz memcached-1.4.5 memcached-1.4.5-bin memcached-1.4.5.tar.gz mod_auth_openid mod-auth-openid-bin modsecurity-apache_2.6.0 modsecurity-apache-2.6.0-bin modsecurity-apache_2.6.0.tar.gz modsecurity-crs_2.2.0 modsecurity-crs_2.2.0.tar.gz nuvem postgresql-9.0.3 postgresql-9.0.3-bin postgresql-9.0.3.tar.gz qpidc-0.6 qpidc-0.6-bin qpid-cpp-0.6.tar.gz scribe scribe-2.2-bin scribe-2.2.tar.gz thrift-0.2.0 thrift-0.2.0-bin thrift-0.2.0-incubating.tar.gz tidy tinycdb-0.77 tinycdb-0.77-bin tinycdb_0.77.tar.gz tracemonkey-bin tracemonkey-e4364736e170 tracemonkey-e4364736e170.tar.gz tuscany-sca-cpp tuscany-sca-cpp-bin vysper-0.6 vysper-0.6-bin.tar.gz
# Create bin archive
-tar czf tuscany-sca-cpp-all-1.0.tar.gz apr-1.4.x-bin axis2c-1.6.0-bin curl-7.19.5-bin expat-2.0.1-bin google_appengine htmltidy-bin httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1-bin libopkele-bin libstrophe-bin libxml2-2.7.7-bin memcached-1.4.5-bin mod-auth-openid-bin nuvem/nuvem-parallel postgresql-9.0.3-bin qpidc-0.6-bin scribe-2.2-bin thrift-0.2.0-bin tinycdb-0.77-bin tracemonkey-bin tuscany-sca-cpp tuscany-sca-cpp-bin vysper-0.6
+tar czf tuscany-sca-cpp-all-1.0.tar.gz apr-1.4.x-bin axis2c-1.6.0-bin curl-7.19.5-bin expat-2.0.1-bin google_appengine htmltidy-bin httpd-2.3.10-bin libcloud-0.4.2-bin liboauth-0.9.1-bin libopkele-bin libstrophe-bin libxml2-2.7.7-bin memcached-1.4.5-bin mod-auth-openid-bin modsecurity-apache-2.6.0-bin nuvem/nuvem-parallel postgresql-9.0.3-bin qpidc-0.6-bin scribe-2.2-bin thrift-0.2.0-bin tinycdb-0.77-bin tracemonkey-bin tuscany-sca-cpp tuscany-sca-cpp-bin vysper-0.6
diff --git a/sca-cpp/trunk/ubuntu/uec2-bin-image b/sca-cpp/trunk/ubuntu/uec2-bin-image
new file mode 100755
index 0000000000..fbcbe091b5
--- /dev/null
+++ b/sca-cpp/trunk/ubuntu/uec2-bin-image
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Install a Tuscany image on an EC2 instance
+host=$1
+
+# Download and execute Tuscany SCA install script
+ssh -i $HOME/.ec2/ec2-keypair.pem ubuntu@$host "wget http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/ubuntu/ubuntu-bin-image; chmod 700 ./ubuntu-bin-image; ./ubuntu-bin-image"
+
diff --git a/sca-cpp/trunk/ubuntu/uec2-dev-image b/sca-cpp/trunk/ubuntu/uec2-dev-image
new file mode 100755
index 0000000000..206443a7ae
--- /dev/null
+++ b/sca-cpp/trunk/ubuntu/uec2-dev-image
@@ -0,0 +1,23 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Build a Tuscany image on an EC2 instance
+host=$1
+
+# Download and execute Tuscany SCA install script
+ssh -i $HOME/.ec2/ec2-keypair.pem ubuntu@$host "wget http://svn.apache.org/repos/asf/tuscany/sca-cpp/trunk/ubuntu/ubuntu-dev-image; chmod 700 ./ubuntu-dev-image; ./ubuntu-dev-image"
+