This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "FusionForge".
The branch, 6.1 has been updated via e983552c3d41314fc973284bfcf3afd4d70e1c61 (commit) via 0c03a762b3e3a9d69052a14c3d3b7e8a67aa50b4 (commit) from 815863e1cd1154d115aada4692618d53b5f28f41 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=e983552c3d41314fc973284bfcf3afd4d70e1c61 commit e983552c3d41314fc973284bfcf3afd4d70e1c61 Author: Franck Villaume <franck.villa...@trivialdev.com> Date: Sun Feb 11 13:05:10 2018 +0100 use bash -e when needed. tabs vs. space diff --git a/src/plugins/scmsvn/bin/install.sh b/src/plugins/scmsvn/bin/install.sh index 0d9c152..c49d9e1 100755 --- a/src/plugins/scmsvn/bin/install.sh +++ b/src/plugins/scmsvn/bin/install.sh @@ -1,8 +1,6 @@ -#!/bin/bash +#!/bin/bash -e # Configure Subversion -set -e - source $(forge_get_config source_path)/post-install.d/common/service.inc if [ $(id -u) != 0 ] ; then diff --git a/src/post-install.d/common/ini.sh b/src/post-install.d/common/ini.sh index 4646311..16d2661 100755 --- a/src/post-install.d/common/ini.sh +++ b/src/post-install.d/common/ini.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e # Post-install .ini configuration, params vary for each install # (all other .ini configuration is done at install time) # @@ -19,106 +19,104 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - source_path=$(forge_get_config source_path) config_path=$(forge_get_config config_path) case "$1" in - configure) - # Distros may want to install new conffiles using tools such as ucf(1) - DESTDIR=$2 - mkdir -m 755 -p $DESTDIR$config_path/config.ini.d/ + configure) + # Distros may want to install new conffiles using tools such as ucf(1) + DESTDIR=$2 + mkdir -m 755 -p $DESTDIR$config_path/config.ini.d/ + + # TODO: support 'db_get @PACKAGE@/shared/web_host' ? + hostname=$(hostname -f || hostname) + if [ ! -e $DESTDIR$config_path/config.ini.d/post-install.ini ]; then \ + sed $source_path/templates/post-install.ini \ + -e "s,@web_host@,$hostname," -e "s,@bin_dir@,$source_path/bin," \ + > $DESTDIR$config_path/config.ini.d/post-install.ini; \ + fi + + # Get current values in case we're updating the Debian conf via ucf(1) + database_host=$(forge_get_config database_host) + database_port=$(forge_get_config database_port) + database_name=$(forge_get_config database_name) + database_user=$(forge_get_config database_user) + database_password=$(forge_get_config database_password) + database_password_mta=$(forge_get_config database_password_mta) + database_password_ssh_akc=$(forge_get_config database_password_ssh_akc) + session_key=$(forge_get_config session_key) + + if [ -z $database_host ]; then + database_host=127.0.0.1 + fi + if [ -z $database_port ]; then + database_port=5432 + fi + if [ -z $database_name ]; then + database_name=fusionforge + fi + if [ -z $database_user ]; then + database_user=fusionforge + fi - # TODO: support 'db_get @PACKAGE@/shared/web_host' ? - hostname=$(hostname -f || hostname) - if [ ! -e $DESTDIR$config_path/config.ini.d/post-install.ini ]; then \ - sed $source_path/templates/post-install.ini \ - -e "s,@web_host@,$hostname," -e "s,@bin_dir@,$source_path/bin," \ - > $DESTDIR$config_path/config.ini.d/post-install.ini; \ - fi + # Don't overwrite existing config (e.g. previous or Puppet-generated) + if [ ! -e $DESTDIR$config_path/config.ini.d/post-install-secrets.ini ]; then + if [ -z "$database_password" ]; then + database_password=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) + fi + if [ -z "$database_password_mta" ]; then + database_password_mta=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) + fi - # Get current values in case we're updating the Debian conf via ucf(1) - database_host=$(forge_get_config database_host) - database_port=$(forge_get_config database_port) - database_name=$(forge_get_config database_name) - database_user=$(forge_get_config database_user) - database_password=$(forge_get_config database_password) - database_password_mta=$(forge_get_config database_password_mta) - database_password_ssh_akc=$(forge_get_config database_password_ssh_akc) - session_key=$(forge_get_config session_key) - - if [ -z $database_host ]; then - database_host=127.0.0.1 - fi - if [ -z $database_port ]; then - database_port=5432 - fi - if [ -z $database_name ]; then - database_name=fusionforge - fi - if [ -z $database_user ]; then - database_user=fusionforge - fi - - # Don't overwrite existing config (e.g. previous or Puppet-generated) - if [ ! -e $DESTDIR$config_path/config.ini.d/post-install-secrets.ini ]; then - if [ -z "$database_password" ]; then - database_password=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) - fi - if [ -z "$database_password_mta" ]; then - database_password_mta=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) - fi + # Generate session key here for simplificy + if [ -z "$session_key" ]; then + session_key=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) + fi - # Generate session key here for simplificy - if [ -z "$session_key" ]; then - session_key=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) - fi + # Create config file + sed $source_path/templates/post-install-secrets.ini \ + -e "s,@database_host@,$database_host," \ + -e "s,@database_port@,$database_port," \ + -e "s,@database_name@,$database_name," \ + -e "s,@database_user@,$database_user," \ + > $DESTDIR$config_path/config.ini.d/post-install-secrets.ini + chmod 600 $DESTDIR$config_path/config.ini.d/post-install-secrets.ini + sed -i -e '/^@secrets@/ { ' -e 'ecat' -e 'd }' \ + $DESTDIR$config_path/config.ini.d/post-install-secrets.ini <<-EOF + session_key=$session_key + database_password=$database_password + database_password_mta=$database_password_mta + EOF + fi - # Create config file - sed $source_path/templates/post-install-secrets.ini \ - -e "s,@database_host@,$database_host," \ - -e "s,@database_port@,$database_port," \ - -e "s,@database_name@,$database_name," \ - -e "s,@database_user@,$database_user," \ - > $DESTDIR$config_path/config.ini.d/post-install-secrets.ini - chmod 600 $DESTDIR$config_path/config.ini.d/post-install-secrets.ini - sed -i -e '/^@secrets@/ { ' -e 'ecat' -e 'd }' \ - $DESTDIR$config_path/config.ini.d/post-install-secrets.ini <<-EOF - session_key=$session_key - database_password=$database_password - database_password_mta=$database_password_mta - EOF - fi - - # Special conf for AuthorizedKeysCommand (chown'd in post-install.d/shell/shell.sh) - if [ ! -e $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini ]; then - if [ -z "$database_password_ssh_akc" ]; then - database_password_ssh_akc=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) - fi - cat <<-EOF > $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini - [core] - database_host=$database_host - database_port=$database_port - database_name=$database_name - database_user_ssh_akc=${database_user}_ssh_akc - database_password_ssh_akc=$database_password_ssh_akc - EOF - chmod 600 $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini - fi - ;; + # Special conf for AuthorizedKeysCommand (chown'd in post-install.d/shell/shell.sh) + if [ ! -e $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini ]; then + if [ -z "$database_password_ssh_akc" ]; then + database_password_ssh_akc=$((head -c100 /dev/urandom; date +"%s:%N") | md5sum | cut -d' ' -f1) + fi + cat <<-EOF > $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini + [core] + database_host=$database_host + database_port=$database_port + database_name=$database_name + database_user_ssh_akc=${database_user}_ssh_akc + database_password_ssh_akc=$database_password_ssh_akc + EOF + chmod 600 $DESTDIR$config_path/config.ini.d/post-install-secrets-ssh_akc.ini + fi + ;; - remove) - ;; + remove) + ;; - purge) - # note: can't be called from Debian's postrm - rely on ucfq(1) - cd $config_path/config.ini.d/ - rm -f post-install.ini post-install-secrets.ini post-install-secrets-ssh_akc.ini - ;; + purge) + # note: can't be called from Debian's postrm - rely on ucfq(1) + cd $config_path/config.ini.d/ + rm -f post-install.ini post-install-secrets.ini post-install-secrets-ssh_akc.ini + ;; - *) - echo "Usage: $0 {configure|purge}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|purge}" + exit 1 + ;; esac diff --git a/src/post-install.d/common/plugin.sh b/src/post-install.d/common/plugin.sh index 1d416d2..271faf8 100755 --- a/src/post-install.d/common/plugin.sh +++ b/src/post-install.d/common/plugin.sh @@ -24,68 +24,68 @@ config_path=$(forge_get_config config_path) apache_service=$(forge_get_config apache_service) if [ ! -d $source_path/plugins/$1 ]; then - echo "Unknown plugin '$1'" - exit 1 + echo "Unknown plugin '$1'" + exit 1 fi case "$2" in - configure) - $source_path/post-install.d/web/web.sh update-defines + configure) + $source_path/post-install.d/web/web.sh update-defines - # Enable plugin - $source_path/bin/forge pluginActivate $1 + # Enable plugin + $source_path/bin/forge pluginActivate $1 - # Run plugin-specific DB upgrade - if [ -x $source_path/post-install.d/db/upgrade.php ]; then - $source_path/post-install.d/db/upgrade.php $1 - fi + # Run plugin-specific DB upgrade + if [ -x $source_path/post-install.d/db/upgrade.php ]; then + $source_path/post-install.d/db/upgrade.php $1 + fi - # Run plugin-specific install - if [ -x $source_path/plugins/$1/bin/install.sh ]; then - echo "Running $source_path/plugins/$1/bin/install.sh configure" - $source_path/plugins/$1/bin/install.sh configure - fi + # Run plugin-specific install + if [ -x $source_path/plugins/$1/bin/install.sh ]; then + echo "Running $source_path/plugins/$1/bin/install.sh configure" + $source_path/plugins/$1/bin/install.sh configure + fi - # Restart Apache if new conffiles were added - if [ -d $source_path/plugins/$1/etc/httpd.conf.d/ ]; then - if [ $is_docker -gt 0 ]; then - killall httpd || true - else - service $apache_service reload >/dev/null || true - fi - fi - ;; + # Restart Apache if new conffiles were added + if [ -d $source_path/plugins/$1/etc/httpd.conf.d/ ]; then + if [ $is_docker -gt 0 ]; then + killall httpd || true + else + service $apache_service reload >/dev/null || true + fi + fi + ;; - triggered) - # Run plugin-specific triggered (e.g. mediawiki) - if [ -x $source_path/plugins/$1/bin/install.sh ]; then - echo "Running $source_path/plugins/$1/bin/install.sh triggered" - $source_path/plugins/$1/bin/install.sh triggered "$3" - fi - ;; + triggered) + # Run plugin-specific triggered (e.g. mediawiki) + if [ -x $source_path/plugins/$1/bin/install.sh ]; then + echo "Running $source_path/plugins/$1/bin/install.sh triggered" + $source_path/plugins/$1/bin/install.sh triggered "$3" + fi + ;; - remove) - # Remove plugin symlink in source_path/www/plugins/ - # TODO: dependencies issues on removal - #$source_path/bin/forge pluginDeactivate $1 + remove) + # Remove plugin symlink in source_path/www/plugins/ + # TODO: dependencies issues on removal + #$source_path/bin/forge pluginDeactivate $1 - # Run plugin-specific remove - if [ -x $source_path/plugins/$1/bin/install.sh ]; then - echo "Running $source_path/plugins/$1/bin/install.sh remove" - $source_path/plugins/$1/bin/install.sh remove - fi - ;; + # Run plugin-specific remove + if [ -x $source_path/plugins/$1/bin/install.sh ]; then + echo "Running $source_path/plugins/$1/bin/install.sh remove" + $source_path/plugins/$1/bin/install.sh remove + fi + ;; - purge) - # note: can't be called from Debian's postrm - rely on ucfq(1) - cd $source_path/plugins/$1/etc/ - for i in $(ls httpd.conf.d/*); do - rm -f $config_path/$i - done - ;; + purge) + # note: can't be called from Debian's postrm - rely on ucfq(1) + cd $source_path/plugins/$1/etc/ + for i in $(ls httpd.conf.d/*); do + rm -f $config_path/$i + done + ;; - *) - echo "Usage: $0 plugin_name configure|triggered|remove|purge" - exit 1 - ;; + *) + echo "Usage: $0 plugin_name configure|triggered|remove|purge" + exit 1 + ;; esac diff --git a/src/post-install.d/common/service.inc b/src/post-install.d/common/service.inc index 3e7958e..dfaee4e 100644 --- a/src/post-install.d/common/service.inc +++ b/src/post-install.d/common/service.inc @@ -20,15 +20,15 @@ # Debian-specific behavior for Policy Nazis # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=789778 if [ -e /etc/debian_version ]; then - service () { - invoke-rc.d $@ - ret=$? - if [ $ret -ne 0 ]; then - # Work-around invoke-rc.d's silence on error.. - echo "invoke-rc.d: error $ret running '$@'" - return $ret - fi - } + service () { + invoke-rc.d $@ + ret=$? + if [ $ret -ne 0 ]; then + # Work-around invoke-rc.d's silence on error.. + echo "invoke-rc.d: error $ret running '$@'" + return $ret + fi + } fi # Tests: diff --git a/src/post-install.d/common/systasksd.sh b/src/post-install.d/common/systasksd.sh index 5060f4b..b4a4c03 100755 --- a/src/post-install.d/common/systasksd.sh +++ b/src/post-install.d/common/systasksd.sh @@ -21,32 +21,32 @@ . $(forge_get_config source_path)/post-install.d/common/service.inc case "$1" in - configure) - if [ -x /sbin/chkconfig ]; then - chkconfig fusionforge-systasksd on - else - update-rc.d fusionforge-systasksd defaults - fi - # not 'start' as systemd will no-op if systasksd started and exited - service fusionforge-systasksd restart - ;; + configure) + if [ -x /sbin/chkconfig ]; then + chkconfig fusionforge-systasksd on + else + update-rc.d fusionforge-systasksd defaults + fi + # not 'start' as systemd will no-op if systasksd started and exited + service fusionforge-systasksd restart + ;; - remove) - service fusionforge-systasksd stop - if [ -x /sbin/chkconfig ]; then - chkconfig --del fusionforge-systasksd - else - update-rc.d fusionforge-systasksd remove - fi - ;; + remove) + service fusionforge-systasksd stop + if [ -x /sbin/chkconfig ]; then + chkconfig --del fusionforge-systasksd + else + update-rc.d fusionforge-systasksd remove + fi + ;; - purge) - rm -f $(forge_get_config log_path)/systasksd.stdout - rm -f $(forge_get_config log_path)/systasksd.stderr - ;; + purge) + rm -f $(forge_get_config log_path)/systasksd.stdout* + rm -f $(forge_get_config log_path)/systasksd.stderr* + ;; - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|remove|purge}" + exit 1 + ;; esac diff --git a/src/post-install.d/common/user.sh b/src/post-install.d/common/user.sh index 0d4f325..f0cd0c7 100755 --- a/src/post-install.d/common/user.sh +++ b/src/post-install.d/common/user.sh @@ -22,25 +22,25 @@ system_user=$(forge_get_config system_user) data_path=$(forge_get_config data_path) case "$1" in - configure) - # TODO: specify the role of this user and its permissions - # Currently used in: plugin-scmbzr, plugin-moinmoin, ??? - if ! getent passwd $system_user >/dev/null; then - useradd $system_user -s /bin/false -M -d $data_path - fi - ;; + configure) + # TODO: specify the role of this user and its permissions + # Currently used in: plugin-scmbzr, plugin-moinmoin, ??? + if ! getent passwd $system_user >/dev/null; then + useradd $system_user -s /bin/false -M -d $data_path + fi + ;; - remove) - ;; + remove) + ;; - purge) - # note: can't be called from Debian's postrm - reproduced there - userdel $system_user - # *not* removing $data_path automatically, let's play safe - ;; + purge) + # note: can't be called from Debian's postrm - reproduced there + userdel $system_user + # *not* removing $data_path automatically, let's play safe + ;; - *) - echo "Usage: $0 {configure|purge}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|purge}" + exit 1 + ;; esac diff --git a/src/post-install.d/db/db.sh b/src/post-install.d/db/db.sh index 1c4a5c5..e293d85 100755 --- a/src/post-install.d/db/db.sh +++ b/src/post-install.d/db/db.sh @@ -21,17 +21,17 @@ source_path=$(forge_get_config source_path) case "$1" in - configure) - $(dirname $0)/upgrade-conf.sh $2 - $source_path/post-install.d/db/server.sh configure - $source_path/post-install.d/db/populate.sh - ;; - remove) - $source_path/post-install.d/db/server.sh remove - ;; - # no purge) because we don't want to remove *data* (not conf) automatically - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + configure) + $(dirname $0)/upgrade-conf.sh $2 + $source_path/post-install.d/db/server.sh configure + $source_path/post-install.d/db/populate.sh + ;; + remove) + $source_path/post-install.d/db/server.sh remove + ;; + # no purge) because we don't want to remove *data* (not conf) automatically + *) + echo "Usage: $0 {configure|remove}" + exit 1 + ;; esac diff --git a/src/post-install.d/db/populate.sh b/src/post-install.d/db/populate.sh index 97c3690..273fc9b 100755 --- a/src/post-install.d/db/populate.sh +++ b/src/post-install.d/db/populate.sh @@ -30,28 +30,28 @@ database_password_ssh_akc=$(forge_get_config database_password_ssh_akc) source_path=$(forge_get_config source_path) if [ -z "$database_name" ]; then - echo "Cannot get database_name" - exit 1 + echo "Cannot get database_name" + exit 1 fi # Create database if ! su - postgres -c 'psql -At -l' | grep "^$database_name|" >/dev/null; then - su - postgres -c "createdb --template template0 --encoding UNICODE $database_name" - echo "CREATE EXTENSION IF NOT EXISTS plpgsql" | su - postgres -c "psql $database_name" + su - postgres -c "createdb --template template0 --encoding UNICODE $database_name" + echo "CREATE EXTENSION IF NOT EXISTS plpgsql" | su - postgres -c "psql $database_name" fi # Create DB user if ! su - postgres -c 'psql -At -c \\du' | grep "^$database_user|" >/dev/null; then - su - postgres -c "createuser -SDR $database_user" + su - postgres -c "createuser -SDR $database_user" fi if ! su - postgres -c 'psql -At -c \\du' | grep "^${database_user}_nss|" >/dev/null; then - su - postgres -c "createuser -SDR ${database_user}_nss" + su - postgres -c "createuser -SDR ${database_user}_nss" fi if ! su - postgres -c 'psql -At -c \\du' | grep "^${database_user}_mta|" >/dev/null; then - su - postgres -c "createuser -SDR ${database_user}_mta" + su - postgres -c "createuser -SDR ${database_user}_mta" fi if ! su - postgres -c 'psql -At -c \\du' | grep "^${database_user}_ssh_akc|" >/dev/null; then - su - postgres -c "createuser -SDR ${database_user}_ssh_akc" + su - postgres -c "createuser -SDR ${database_user}_ssh_akc" fi database_password_quoted=$(echo $database_password | sed -e "s/'/''/") database_password_mta_quoted=$(echo $database_password_mta | sed -e "s/'/''/") @@ -74,8 +74,8 @@ EOF # Database init if ! su - postgres -c "psql $database_name -c 'SELECT COUNT(*) FROM users;'" >/dev/null 2>&1; then - echo "Importing initial database..." - psql -h $database_host -p $database_port -U $database_user $database_name < $source_path/db/1-fusionforge-init.sql >/dev/null + echo "Importing initial database..." + psql -h $database_host -p $database_port -U $database_user $database_name < $source_path/db/1-fusionforge-init.sql >/dev/null fi # Database upgrade @@ -94,14 +94,14 @@ EOF # Admin user req="SELECT COUNT(*) FROM users WHERE user_name='admin'" if [ "$(echo $req | su - postgres -c "psql -At $database_name")" != "1" ]; then - psql -h $database_host -p $database_port -U $database_user $database_name <<EOF >/dev/null + psql -h $database_host -p $database_port -U $database_user $database_name <<EOF >/dev/null INSERT INTO users (user_name, realname, firstname, lastname, email, unix_pw, status, theme_id) VALUES ('admin', 'Forge Admin', 'Forge', 'Admin', 'root@localhost.localdomain', 'INVALID', 'A', (SELECT theme_id FROM themes WHERE dirname='funky')); EOF - forge_make_admin admin # set permissions - # Note: no password defined yet + forge_make_admin admin # set permissions + # Note: no password defined yet fi rm -f $PGPASSFILE diff --git a/src/post-install.d/db/server.sh b/src/post-install.d/db/server.sh index 8e47347..87165a1 100755 --- a/src/post-install.d/db/server.sh +++ b/src/post-install.d/db/server.sh @@ -24,75 +24,74 @@ database_name=$(forge_get_config database_name) database_user=$(forge_get_config database_user) case "$1" in - configure) - # Create default configuration files if needed - if [ -e /etc/redhat-release ]; then - if type postgresql-setup >/dev/null 2>&1; then - postgresql-setup initdb >/dev/null || true - else - service postgresql initdb >/dev/null || true # deprecated in Fedora - fi - chkconfig postgresql on - fi - if [ -e /etc/SuSE-release ]; then - service postgresql start # creates initial db - chkconfig postgresql on - fi + configure) + # Create default configuration files if needed + if [ -e /etc/redhat-release ]; then + if type postgresql-setup >/dev/null 2>&1; then + postgresql-setup initdb >/dev/null || true + else + service postgresql initdb >/dev/null || true # deprecated in Fedora + fi + chkconfig postgresql on + fi + if [ -e /etc/SuSE-release ]; then + service postgresql start # creates initial db + chkconfig postgresql on + fi - pg_hba=$(ls /etc/postgresql/*/*/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf 2>/dev/null | tail -1) - pg_conf=$(ls /etc/postgresql/*/*/postgresql.conf /var/lib/pgsql/data/postgresql.conf 2>/dev/null | tail -1) + pg_hba=$(ls /etc/postgresql/*/*/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf 2>/dev/null | tail -1) + pg_conf=$(ls /etc/postgresql/*/*/postgresql.conf /var/lib/pgsql/data/postgresql.conf 2>/dev/null | tail -1) - if [ -z "$pg_hba" ]; then - echo "Cannot find pg_hba.conf" - exit 1 - fi + if [ -z "$pg_hba" ]; then + echo "Cannot find pg_hba.conf" + exit 1 + fi + # Configure connection + # Preprend configuration block + if ! grep -q '^### BEGIN FUSIONFORGE BLOCK' $pg_hba; then + sed -i -e '1ecat' $pg_hba <<-EOF + ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT + ### END FUSIONFORGE BLOCK -- DO NOT EDIT + EOF + fi + # Replace configuration block + sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/ { ' -e 'ecat' -e 'd }' $pg_hba <<-EOF + ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT + # single-host configuration + local $database_name ${database_user}_nss trust + local $database_name ${database_user}_mta md5 + local $database_name ${database_user}_ssh_akc md5 + # multi-host configuration + host $database_name ${database_user}_nss 0.0.0.0/0 trust + host $database_name ${database_user}_mta 0.0.0.0/0 md5 + host $database_name ${database_user}_ssh_akc 0.0.0.0/0 md5 + host $database_name all 0.0.0.0/0 md5 + ### END FUSIONFORGE BLOCK -- DO NOT EDIT + EOF - # Configure connection - # Preprend configuration block - if ! grep -q '^### BEGIN FUSIONFORGE BLOCK' $pg_hba; then - sed -i -e '1ecat' $pg_hba <<-EOF - ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT - ### END FUSIONFORGE BLOCK -- DO NOT EDIT - EOF - fi - # Replace configuration block - sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/ { ' -e 'ecat' -e 'd }' $pg_hba <<-EOF - ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT - # single-host configuration - local $database_name ${database_user}_nss trust - local $database_name ${database_user}_mta md5 - local $database_name ${database_user}_ssh_akc md5 - # multi-host configuration - host $database_name ${database_user}_nss 0.0.0.0/0 trust - host $database_name ${database_user}_mta 0.0.0.0/0 md5 - host $database_name ${database_user}_ssh_akc 0.0.0.0/0 md5 - host $database_name all 0.0.0.0/0 md5 - ### END FUSIONFORGE BLOCK -- DO NOT EDIT - EOF + # Multi-host connection + restart=0 + if ! grep -q '^listen_addresses\b' $pg_conf; then + echo "listen_addresses='0.0.0.0'" >> $pg_conf + restart=1 + fi - # Multi-host connection - restart=0 - if ! grep -q '^listen_addresses\b' $pg_conf; then - echo "listen_addresses='0.0.0.0'" >> $pg_conf - restart=1 - fi + if [ $restart = 1 ] || ! service postgresql status >/dev/null; then + service postgresql restart + else + service postgresql reload + fi + ;; - if [ $restart = 1 ] || ! service postgresql status >/dev/null; then - service postgresql restart - else - service postgresql reload - fi - ;; - - remove) - if [ -e "$pg_hba" ]; then - sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/d' $pg_hba - fi - ;; + remove) + if [ -e "$pg_hba" ]; then + sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/d' $pg_hba + fi + ;; - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|remove}" + exit 1 + ;; esac diff --git a/src/post-install.d/db/upgrade-conf.sh b/src/post-install.d/db/upgrade-conf.sh index 3048c71..eb4ad7b 100755 --- a/src/post-install.d/db/upgrade-conf.sh +++ b/src/post-install.d/db/upgrade-conf.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e # Upgrade PostgreSQL configuration # # Copyright (C) 2014 Inria (Sylvain Beucler) @@ -18,13 +18,11 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - PREVVER=${1:-0.0} # 5.3 -> 6.0 if [ $(php -r "print version_compare('$PREVVER', '5.3.50');") -eq -1 ]; then - pg_hba=$(ls /etc/postgresql/*/*/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf 2>/dev/null | tail -1) - database_name=$(forge_get_config database_name) - sed -i $pg_hba -e 's/\(^### \(BEGIN\|END\)\) GFORGE BLOCK/\1 FUSIONFORGE BLOCK/' + pg_hba=$(ls /etc/postgresql/*/*/pg_hba.conf /var/lib/pgsql/data/pg_hba.conf 2>/dev/null | tail -1) + database_name=$(forge_get_config database_name) + sed -i $pg_hba -e 's/\(^### \(BEGIN\|END\)\) GFORGE BLOCK/\1 FUSIONFORGE BLOCK/' fi diff --git a/src/post-install.d/ftp/ftp.sh b/src/post-install.d/ftp/ftp.sh index 82e6a57..cbc7f0b 100755 --- a/src/post-install.d/ftp/ftp.sh +++ b/src/post-install.d/ftp/ftp.sh @@ -1,4 +1,4 @@ -#! /bin/bash +#! /bin/bash -e # Configure FTP server # # Copyright 2017, Franck Villaume - TrivialDev @@ -18,61 +18,59 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - . $(forge_get_config source_path)/post-install.d/common/service.inc vsftpdconffile=$(ls /etc/vsftpd.conf /etc/vsftpd/vsftpd.conf 2>/dev/null | tail -1) #Debian: /etc/vsftpd.conf #CentOS: /etc/vsftpd/vsftpd.conf configure_ftpd() { - sed -i -e 's/^anonymous_enable=.*$/anonymous_enable=NO/' $vsftpdconffile - sed -i -e 's/^#ftpd_banner=.*$/ftpd_banner=Welcome to FusionForge FTP server/' $vsftpdconffile - sed -i -e 's/^#chroot_local_user=.*$/chroot_local_user=YES/' $vsftpdconffile - if [[ ! -n $is_docker ]]; then - if [[ -z `grep 'background=NO' $vsftpdconffile` ]];then - echo 'background=NO' >> $vsftpdconffile - fi - fi + sed -i -e 's/^anonymous_enable=.*$/anonymous_enable=NO/' $vsftpdconffile + sed -i -e 's/^#ftpd_banner=.*$/ftpd_banner=Welcome to FusionForge FTP server/' $vsftpdconffile + sed -i -e 's/^#chroot_local_user=.*$/chroot_local_user=YES/' $vsftpdconffile + if [[ ! -n $is_docker ]]; then + if [[ -z `grep 'background=NO' $vsftpdconffile` ]];then + echo 'background=NO' >> $vsftpdconffile + fi + fi } remove_ftpd() { - sed -i -e 's/^anonymous_enable=NO.*$/anonymous_enable=YES/' $vsftpdconffile - sed -i -e 's/^ftpd_banner=Welcome.*$/#ftpd_banner=Welcome to blah FTP service./' $vsftpdconffile - sed -i -e 's/^chroot_local_user=YES.*$/#chroot_local_user=NO/' $vsftpdconffile - if [[ ! -n $is_docker ]]; then - if [[ ! -z `grep 'background=NO' $vsftpdconffile` ]];then - sed -i '$d' $vsftpdconffile - fi - fi + sed -i -e 's/^anonymous_enable=NO.*$/anonymous_enable=YES/' $vsftpdconffile + sed -i -e 's/^ftpd_banner=Welcome.*$/#ftpd_banner=Welcome to blah FTP service./' $vsftpdconffile + sed -i -e 's/^chroot_local_user=YES.*$/#chroot_local_user=NO/' $vsftpdconffile + if [[ ! -n $is_docker ]]; then + if [[ ! -z `grep 'background=NO' $vsftpdconffile` ]];then + sed -i '$d' $vsftpdconffile + fi + fi } restart_ftp_service() { - if [[ ! -n $is_docker ]]; then - killall vsftpd >/dev/null 2>&1 - else - service vsftpd restart - fi + if [[ ! -n $is_docker ]]; then + killall vsftpd >/dev/null 2>&1 + else + service vsftpd restart + fi } # Main case "$1" in - rawconfigure) - configure_ftpd - ;; - configure) - configure_ftpd - restart_ftp_service - ;; - remove) - remove_ftpd - restart_ftp_service - ;; - purge) - ;; - *) - echo "Usage: $0 {configure|rawconfigure|remove|purge}" - exit 1 - ;; + rawconfigure) + configure_ftpd + ;; + configure) + configure_ftpd + restart_ftp_service + ;; + remove) + remove_ftpd + restart_ftp_service + ;; + purge) + ;; + *) + echo "Usage: $0 {configure|rawconfigure|remove|purge}" + exit 1 + ;; esac diff --git a/src/post-install.d/lists/lists.sh b/src/post-install.d/lists/lists.sh index b8f6d34..1446fa2 100755 --- a/src/post-install.d/lists/lists.sh +++ b/src/post-install.d/lists/lists.sh @@ -20,32 +20,32 @@ source_path=$(forge_get_config source_path) case "$1" in - configure) - # Managed by mailman, but referencing it to document where it is: - # echo "Use 'mmsitepass' to set the Mailman master password" - # echo "Cf. /var/lib/mailman/data/adm.pw" + configure) + # Managed by mailman, but referencing it to document where it is: + # echo "Use 'mmsitepass' to set the Mailman master password" + # echo "Cf. /var/lib/mailman/data/adm.pw" - # Normally defined in per-list config, but needed e.g. in default empty archives page - lists_host=$(forge_get_config lists_host) - sed -i -e "s/^DEFAULT_EMAIL_HOST.*/DEFAULT_EMAIL_HOST = '$lists_host'/" \ - -e "s/^DEFAULT_URL_HOST.*/DEFAULT_URL_HOST = '$lists_host'/" \ - -e "s|^DEFAULT_URL_PATTERN.*|DEFAULT_URL_PATTERN = 'http://%s/mailman/'|" \ - /etc/mailman/mm_cfg.py + # Normally defined in per-list config, but needed e.g. in default empty archives page + lists_host=$(forge_get_config lists_host) + sed -i -e "s/^DEFAULT_EMAIL_HOST.*/DEFAULT_EMAIL_HOST = '$lists_host'/" \ + -e "s/^DEFAULT_URL_HOST.*/DEFAULT_URL_HOST = '$lists_host'/" \ + -e "s|^DEFAULT_URL_PATTERN.*|DEFAULT_URL_PATTERN = 'http://%s/mailman/'|" \ + /etc/mailman/mm_cfg.py - # Detect mailman cgi-bin installation - mailman_cgi_dir=$( \ - (echo '/autodetection_failed'; - ls -d /usr/lib/mailman/cgi-bin /usr/lib/cgi-bin/mailman 2>/dev/null) \ - | tail -1) - ln -nfs $mailman_cgi_dir $source_path/lists/cgi-bin - ;; + # Detect mailman cgi-bin installation + mailman_cgi_dir=$( \ + (echo '/autodetection_failed'; + ls -d /usr/lib/mailman/cgi-bin /usr/lib/cgi-bin/mailman 2>/dev/null) \ + | tail -1) + ln -nfs $mailman_cgi_dir $source_path/lists/cgi-bin + ;; - remove) - rm -f $source_path/lists/cgi-bin - ;; + remove) + rm -f $source_path/lists/cgi-bin + ;; - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|remove}" + exit 1 + ;; esac diff --git a/src/post-install.d/mta-exim4/mta-exim4.sh b/src/post-install.d/mta-exim4/mta-exim4.sh index 5af94ae..fcc97d7 100755 --- a/src/post-install.d/mta-exim4/mta-exim4.sh +++ b/src/post-install.d/mta-exim4/mta-exim4.sh @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/bash -e # Configure Exim4 for FusionForge+Mailman # # Christian Bayle, Roland Mas, debian-sf @@ -20,8 +20,6 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - . $(forge_get_config source_path)/post-install.d/common/service.inc #### @@ -30,56 +28,56 @@ set -e cfgs_exim4_main='' cfgs_exim4_router='' if [ -e /etc/exim4/exim4.conf.template ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf.template" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf.template" + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf.template" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf.template" fi if [ -e /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs" - # + /etc/exim4/conf.d/router/01_fusionforge_forwards entirely generated + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs" + # + /etc/exim4/conf.d/router/01_fusionforge_forwards entirely generated fi if [ -e /etc/exim4/exim4.conf ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf" + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf" fi if [ -e /etc/exim/exim.conf ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim/exim.conf" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim/exim.conf" + cfgs_exim4_main="$cfgs_exim4_main /etc/exim/exim.conf" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim/exim.conf" fi case "$1" in - configure) - $(dirname $0)/upgrade-conf.sh $2 - - users_host=$(forge_get_config users_host) - lists_host=$(forge_get_config lists_host) - pgsock='/var/run/postgresql/.s.PGSQL.5432' - if [ -e '/etc/redhat-release' ]; then pgsock='/tmp/.s.PGSQL.5432'; fi - database_name=$(forge_get_config database_name) - database_user=$(forge_get_config database_user) - database_password_mta=$(forge_get_config database_password_mta) - - # Redirect "noreply" mail to the bit bucket (if need be) - if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then - if ! grep -q '^noreply:' /etc/aliases ; then - echo 'noreply: :blackhole:' >> /etc/aliases - fi - fi - - # Main configuration: list of local domains - for i in $cfgs_exim4_main; do - sed -i '/:FUSIONFORGE_DOMAINS/! s/^domainlist local_domains.*/&:FUSIONFORGE_DOMAINS/' $i - if ! grep -q '^FUSIONFORGE_DOMAINS=' $i; then - chmod 600 $i - sed -i '/^domainlist local_domains/ecat' $i <<EOF + configure) + $(dirname $0)/upgrade-conf.sh $2 + + users_host=$(forge_get_config users_host) + lists_host=$(forge_get_config lists_host) + pgsock='/var/run/postgresql/.s.PGSQL.5432' + if [ -e '/etc/redhat-release' ]; then pgsock='/tmp/.s.PGSQL.5432'; fi + database_name=$(forge_get_config database_name) + database_user=$(forge_get_config database_user) + database_password_mta=$(forge_get_config database_password_mta) + + # Redirect "noreply" mail to the bit bucket (if need be) + if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then + if ! grep -q '^noreply:' /etc/aliases ; then + echo 'noreply: :blackhole:' >> /etc/aliases + fi + fi + + # Main configuration: list of local domains + for i in $cfgs_exim4_main; do + sed -i '/:FUSIONFORGE_DOMAINS/! s/^domainlist local_domains.*/&:FUSIONFORGE_DOMAINS/' $i + if ! grep -q '^FUSIONFORGE_DOMAINS=' $i; then + chmod 600 $i + sed -i '/^domainlist local_domains/ecat' $i <<EOF hide pgsql_servers = ($pgsock)/mail/Debian-exim/bogus:($pgsock)/$database_name/${database_user}_mta/${database_password_mta} FUSIONFORGE_DOMAINS=$users_host:$lists_host EOF - fi - done + fi + done - # Router configuration - block=$(mktemp) - cat <<EOF > $block + # Router configuration + block=$(mktemp) + cat <<EOF > $block ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT ### # You may move this block around to accomodate your local needs as long as you # keep it in the Directors Configuration section (between the second and the @@ -183,51 +181,51 @@ forward_for_fusionforge_lists_unsubscribe: group = nogroup ### END FUSIONFORGE BLOCK -- DO NOT EDIT EOF - # Stand-alone file: - if [ -d /etc/exim4/conf.d/router/ ]; then - cp $block /etc/exim4/conf.d/router/01_fusionforge_forwards - fi - # Add the same in the unsplit big file(s) - for i in $cfgs_exim4_router; do - if ! grep -q '^### BEGIN FUSIONFORGE BLOCK' $i; then - sed -i -e '/^begin routers$/ {' -e 'ecat' -e 'd }' $i <<-EOF - begin routers - ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT ### - ### END FUSIONFORGE BLOCK ### - EOF - fi - sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/ { ' \ - -e 'ecat' -e 'd }' $i < $block - done - rm -f $block - - service exim4 restart - ;; - - remove) - if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then - sed -i -e '/^noreply:/d' /etc/aliases - fi - - # main conf - database_name=$(forge_get_config database_name) - for i in $cfgs_exim4_main; do - sed -i -e '/^FUSIONFORGE_DOMAINS=/d' \ - -e "/^hide pgsql_servers = .*$database_name.*/d" \ - -e '/domainlist local_domains.*/ s/:FUSIONFORGE_DOMAINS//' $i - done - - # routers - for i in $cfgs_exim4_router; do - sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/d' $i - done - rm -f /etc/exim4/conf.d/router/01_fusionforge_forwards - - service exim4 restart - ;; - - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + # Stand-alone file: + if [ -d /etc/exim4/conf.d/router/ ]; then + cp $block /etc/exim4/conf.d/router/01_fusionforge_forwards + fi + # Add the same in the unsplit big file(s) + for i in $cfgs_exim4_router; do + if ! grep -q '^### BEGIN FUSIONFORGE BLOCK' $i; then + sed -i -e '/^begin routers$/ {' -e 'ecat' -e 'd }' $i <<-EOF + begin routers + ### BEGIN FUSIONFORGE BLOCK -- DO NOT EDIT ### + ### END FUSIONFORGE BLOCK ### + EOF + fi + sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/ { ' \ + -e 'ecat' -e 'd }' $i < $block + done + rm -f $block + + service exim4 restart + ;; + + remove) + if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then + sed -i -e '/^noreply:/d' /etc/aliases + fi + + # main conf + database_name=$(forge_get_config database_name) + for i in $cfgs_exim4_main; do + sed -i -e '/^FUSIONFORGE_DOMAINS=/d' \ + -e "/^hide pgsql_servers = .*$database_name.*/d" \ + -e '/domainlist local_domains.*/ s/:FUSIONFORGE_DOMAINS//' $i + done + + # routers + for i in $cfgs_exim4_router; do + sed -i -e '/^### BEGIN FUSIONFORGE BLOCK/,/^### END FUSIONFORGE BLOCK/d' $i + done + rm -f /etc/exim4/conf.d/router/01_fusionforge_forwards + + service exim4 restart + ;; + + *) + echo "Usage: $0 {configure|remove}" + exit 1 + ;; esac diff --git a/src/post-install.d/mta-exim4/upgrade-conf.sh b/src/post-install.d/mta-exim4/upgrade-conf.sh index 726a8b2..9f73f0e 100755 --- a/src/post-install.d/mta-exim4/upgrade-conf.sh +++ b/src/post-install.d/mta-exim4/upgrade-conf.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e # Upgrade Exim4 configuration # # Copyright (C) 2014 Inria (Sylvain Beucler) @@ -18,45 +18,43 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - PREVVER=${1:-0.0} # 5.3 -> 6.0 if [ $(php -r "print version_compare('$PREVVER', '5.3.50');") -eq -1 ]; then - if [ -e /etc/exim4/conf.d/router/01_gforge_forwards ]; then - mv /etc/exim4/conf.d/router/01_gforge_forwards \ - /etc/exim4/conf.d/router/01_fusionforge_forwards - fi - sed -i '/^### Next line inserted by GForge/d' /etc/aliases + if [ -e /etc/exim4/conf.d/router/01_gforge_forwards ]; then + mv /etc/exim4/conf.d/router/01_gforge_forwards \ + /etc/exim4/conf.d/router/01_fusionforge_forwards + fi + sed -i '/^### Next line inserted by GForge/d' /etc/aliases - cfgs_exim4_main='' - cfgs_exim4_router='' - if [ -e /etc/exim4/exim4.conf.template ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf.template" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf.template" - fi - if [ -e /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs" - # + /etc/exim4/conf.d/router/01_fusionforge_forwards entirely generated - fi - if [ -e /etc/exim4/exim4.conf ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf" - fi - if [ -e /etc/exim/exim.conf ]; then - cfgs_exim4_main="$cfgs_exim4_main /etc/exim/exim.conf" - cfgs_exim4_router="$cfgs_exim4_router /etc/exim/exim.conf" - fi + cfgs_exim4_main='' + cfgs_exim4_router='' + if [ -e /etc/exim4/exim4.conf.template ]; then + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf.template" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf.template" + fi + if [ -e /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs ]; then + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs" + # + /etc/exim4/conf.d/router/01_fusionforge_forwards entirely generated + fi + if [ -e /etc/exim4/exim4.conf ]; then + cfgs_exim4_main="$cfgs_exim4_main /etc/exim4/exim4.conf" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim4/exim4.conf" + fi + if [ -e /etc/exim/exim.conf ]; then + cfgs_exim4_main="$cfgs_exim4_main /etc/exim/exim.conf" + cfgs_exim4_router="$cfgs_exim4_router /etc/exim/exim.conf" + fi - for i in $cfgs_exim4_main; do - # De-configure so it can be properly re-configured with new db auth - sed -i $i \ - -e '/^GFORGE_DOMAINS=/d' \ - -e '/^hide pgsql_servers =/d' \ - -e '/domainlist local_domains.*/ s/:GFORGE_DOMAINS//' - done - for i in $cfgs_exim4_router; do - sed -i -e 's/\(^# \(BEGIN\|END\)\) GFORGE BLOCK/\1 FUSIONFORGE BLOCK/' $i - done + for i in $cfgs_exim4_main; do + # De-configure so it can be properly re-configured with new db auth + sed -i $i \ + -e '/^GFORGE_DOMAINS=/d' \ + -e '/^hide pgsql_servers =/d' \ + -e '/domainlist local_domains.*/ s/:GFORGE_DOMAINS//' + done + for i in $cfgs_exim4_router; do + sed -i -e 's/\(^# \(BEGIN\|END\)\) GFORGE BLOCK/\1 FUSIONFORGE BLOCK/' $i + done fi diff --git a/src/post-install.d/mta-postfix/mta-postfix.sh b/src/post-install.d/mta-postfix/mta-postfix.sh index e31c4dd..9b48ee5 100755 --- a/src/post-install.d/mta-postfix/mta-postfix.sh +++ b/src/post-install.d/mta-postfix/mta-postfix.sh @@ -1,4 +1,4 @@ -#! /bin/bash +#! /bin/bash -e # Configure Postfix for FusionForge+Mailman # # Christian Bayle, Roland Mas @@ -20,85 +20,83 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - users_host=$(forge_get_config users_host) lists_host=$(forge_get_config lists_host) function postfix_append_config { - param=$1 - append_val=$2 + param=$1 + append_val=$2 - prev_val=$(postconf -h $param) - if ! echo $prev_val | grep -q "$append_val"; then - if [ -z "$prev_val" ]; then - postconf -e $param="$append_val" - else - postconf -e $param="$prev_val, $append_val" + prev_val=$(postconf -h $param) + if ! echo $prev_val | grep -q "$append_val"; then + if [ -z "$prev_val" ]; then + postconf -e $param="$append_val" + else + postconf -e $param="$prev_val, $append_val" + fi fi - fi } case "$1" in - configure) - $(dirname $0)/upgrade-conf.sh $2 + configure) + $(dirname $0)/upgrade-conf.sh $2 - # Init postfix configuration if missing - if [ ! -e /etc/postfix/main.cf ]; then - cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf - fi + # Init postfix configuration if missing + if [ ! -e /etc/postfix/main.cf ]; then + cp /usr/share/postfix/main.cf.debian /etc/postfix/main.cf + fi - # Redirect "noreply" mail to the bit bucket (if need be) - if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then - if ! grep -q '^noreply:' /etc/aliases ; then - echo 'noreply: /dev/null' >> /etc/aliases - fi - fi + # Redirect "noreply" mail to the bit bucket (if need be) + if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then + if ! grep -q '^noreply:' /etc/aliases ; then + echo 'noreply: /dev/null' >> /etc/aliases + fi + fi - # Destination - postfix_append_config 'mydestination' $users_host - postfix_append_config 'relay_domains' $lists_host + # Destination + postfix_append_config 'mydestination' $users_host + postfix_append_config 'relay_domains' $lists_host - # Mailman - echo "$lists_host mailman:" > /etc/postfix/fusionforge-lists-transport - postmap /etc/postfix/fusionforge-lists-transport - postfix_append_config 'transport_maps' 'hash:/etc/postfix/fusionforge-lists-transport' - postconf -e mailman_destination_recipient_limit=1 + # Mailman + echo "$lists_host mailman:" > /etc/postfix/fusionforge-lists-transport + postmap /etc/postfix/fusionforge-lists-transport + postfix_append_config 'transport_maps' 'hash:/etc/postfix/fusionforge-lists-transport' + postconf -e mailman_destination_recipient_limit=1 - # Users aliases - database link - touch /etc/postfix/fusionforge-users.cf - chown root:postfix /etc/postfix/fusionforge-users.cf - chmod 640 /etc/postfix/fusionforge-users.cf # database password - cat > /etc/postfix/fusionforge-users.cf <<-EOF - hosts = unix:/var/run/postgresql - user = $(forge_get_config database_user)_mta - password = $(forge_get_config database_password_mta) - dbname = $(forge_get_config database_name) - domain = $users_host - query = SELECT email FROM mta_users WHERE login = '%u' - EOF - postfix_append_config 'virtual_alias_maps' 'proxy:pgsql:/etc/postfix/fusionforge-users.cf' + # Users aliases - database link + touch /etc/postfix/fusionforge-users.cf + chown root:postfix /etc/postfix/fusionforge-users.cf + chmod 640 /etc/postfix/fusionforge-users.cf # database password + cat > /etc/postfix/fusionforge-users.cf <<-EOF + hosts = unix:/var/run/postgresql + user = $(forge_get_config database_user)_mta + password = $(forge_get_config database_password_mta) + dbname = $(forge_get_config database_name) + domain = $users_host + query = SELECT email FROM mta_users WHERE login = '%u' + EOF + postfix_append_config 'virtual_alias_maps' 'proxy:pgsql:/etc/postfix/fusionforge-users.cf' - # Configuration automatically reloaded through 'postconf' - ;; - - remove) - if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then - sed -i -e '/^noreply:/d' /etc/aliases - fi - rm -f /etc/postfix/fusionforge-lists-transport /etc/postfix/fusionforge-lists-transport.db - postconf -e transport_maps="$(postconf -h transport_maps \ - | sed "s|\(, *\)\?hash:/etc/postfix/fusionforge-lists-transport||")" - postconf -e virtual_alias_maps="$(postconf -h virtual_alias_maps \ - | sed "s|\(, *\)\?proxy:pgsql:/etc/postfix/fusionforge-users.cf||")" - postconf -e relay_domains="$(postconf -h relay_domains | sed "s/\(, *\)\?$lists_host//")" - postconf -e mydestination="$(postconf -h mydestination | sed "s/\(, *\)\?$users_host//")" + # Configuration automatically reloaded through 'postconf' + ;; + + remove) + if [ "$(forge_get_config noreply_to_bitbucket)" != 'no' ] ; then + sed -i -e '/^noreply:/d' /etc/aliases + fi + rm -f /etc/postfix/fusionforge-lists-transport /etc/postfix/fusionforge-lists-transport.db + postconf -e transport_maps="$(postconf -h transport_maps \ + | sed "s|\(, *\)\?hash:/etc/postfix/fusionforge-lists-transport||")" + postconf -e virtual_alias_maps="$(postconf -h virtual_alias_maps \ + | sed "s|\(, *\)\?proxy:pgsql:/etc/postfix/fusionforge-users.cf||")" + postconf -e relay_domains="$(postconf -h relay_domains | sed "s/\(, *\)\?$lists_host//")" + postconf -e mydestination="$(postconf -h mydestination | sed "s/\(, *\)\?$users_host//")" - # Configuration automatically reloaded through 'postconf' - ;; + # Configuration automatically reloaded through 'postconf' + ;; - *) - echo "Usage: $0 {configure|remove}" - exit 1 - ;; + *) + echo "Usage: $0 {configure|remove}" + exit 1 + ;; esac diff --git a/src/post-install.d/mta-postfix/upgrade-conf.sh b/src/post-install.d/mta-postfix/upgrade-conf.sh index 212b8f5..31f5fd5 100755 --- a/src/post-install.d/mta-postfix/upgrade-conf.sh +++ b/src/post-install.d/mta-postfix/upgrade-conf.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e # Upgrade Postfix configuration # # Copyright (C) 2014 Inria (Sylvain Beucler) @@ -18,18 +18,16 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - PREVVER=${1:-0.0} # 5.3 -> 6.0 if [ $(php -r "print version_compare('$PREVVER', '5.3.50');") -eq -1 ]; then - rm -f $(forge_get_config data_path)/etc/postfix-transport* - if [ -e /etc/postfix/main.cf ]; then - sed -i /etc/postfix/main.cf \ - -e '/^### BEGIN GFORGE BLOCK/,/^### END GFORGE BLOCK/d' \ - -e '/^### GFORGE ADDITION.*/d' \ - -e 's|proxy:pgsql:pgsql_gforge_users|proxy:pgsql:/etc/postfix/fusionforge-users.cf|' \ - -e "s,hash:$(forge_get_config data_path)/etc/postfix-transport,hash:/etc/postfix/fusionforge-lists-transport," - fi + rm -f $(forge_get_config data_path)/etc/postfix-transport* + if [ -e /etc/postfix/main.cf ]; then + sed -i /etc/postfix/main.cf \ + -e '/^### BEGIN GFORGE BLOCK/,/^### END GFORGE BLOCK/d' \ + -e '/^### GFORGE ADDITION.*/d' \ + -e 's|proxy:pgsql:pgsql_gforge_users|proxy:pgsql:/etc/postfix/fusionforge-users.cf|' \ + -e "s,hash:$(forge_get_config data_path)/etc/postfix-transport,hash:/etc/postfix/fusionforge-lists-transport," + fi fi diff --git a/src/post-install.d/shell/shell.sh b/src/post-install.d/shell/shell.sh index 9167fb2..4b29354 100755 --- a/src/post-install.d/shell/shell.sh +++ b/src/post-install.d/shell/shell.sh @@ -1,4 +1,4 @@ -#! /bin/bash +#! /bin/bash -e # Configure NSS+PostgreSQL shell access # # Copyright (C) 2014, 2015 Inria (Sylvain Beucler) @@ -18,8 +18,6 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - . $(forge_get_config source_path)/post-install.d/common/service.inc db_name=$(forge_get_config database_name) @@ -37,15 +35,15 @@ DESTDIR=$3 mkdir -m 755 -p $DESTDIR/etc/ # Check/Modify /etc/libnss-pgsql.conf -configure_libnss_pgsql(){ - hostconf='' - case "$db_host" in - 127.*|localhost.*|localhost) ;; # 'local' - *) hostconf="host=$db_host" ;; # 'host' - esac - if [ ! -s $DESTDIR/etc/nss-pgsql.conf ]; then - gid=$(forge_get_config users_default_gid) - cat > $DESTDIR/etc/nss-pgsql.conf <<EOF +configure_libnss_pgsql() { + hostconf='' + case "$db_host" in + 127.*|localhost.*|localhost) ;; # 'local' + *) hostconf="host=$db_host" ;; # 'host' + esac + if [ ! -s $DESTDIR/etc/nss-pgsql.conf ]; then + gid=$(forge_get_config users_default_gid) + cat > $DESTDIR/etc/nss-pgsql.conf <<EOF ### NSS Configuration for FusionForge #----------------- DB connection @@ -63,9 +61,9 @@ getgrgid = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_user #allgroups = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups groups_dyn = SELECT ug.gid FROM nss_usergroups ug, nss_passwd p WHERE ug.uid = p.uid AND p.login = \$1 AND ug.gid <> \$2 EOF - fi - if [ ! -s $DESTDIR/etc/nss-pgsql-root.conf ]; then - cat > $DESTDIR/etc/nss-pgsql-root.conf <<EOF + fi + if [ ! -s $DESTDIR/etc/nss-pgsql-root.conf ]; then + cat > $DESTDIR/etc/nss-pgsql-root.conf <<EOF ### NSS Configuration for FusionForge #----------------- DB connection @@ -75,137 +73,131 @@ shadowconnectionstring = user=$db_user_nss dbname=$db_name $hostconf shadowbyname = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd WHERE login = \$1 shadow = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn, '' AS shadow_inact, '' AS shadow_expire, '' AS shadow_flag FROM nss_passwd EOF - fi + fi - chmod 644 $DESTDIR/etc/nss-pgsql.conf - chmod 600 $DESTDIR/etc/nss-pgsql-root.conf - chown root:root $DESTDIR/etc/nss-pgsql-root.conf + chmod 644 $DESTDIR/etc/nss-pgsql.conf + chmod 600 $DESTDIR/etc/nss-pgsql-root.conf + chown root:root $DESTDIR/etc/nss-pgsql-root.conf } -purge_libnss_pgsql(){ - rm -f /etc/nss-pgsql.conf /etc/nss-pgsql-root.conf +purge_libnss_pgsql() { + rm -f /etc/nss-pgsql.conf /etc/nss-pgsql-root.conf } configure_pam() { - # Collaborative umask 0022 -> 0002 - if ! grep -q '^session\s*optional\s*pam_umask.so.*' /etc/pam.d/sshd; then - echo 'session optional pam_umask.so umask=002 # FusionForge' >> /etc/pam.d/sshd - fi + # Collaborative umask 0022 -> 0002 + if ! grep -q '^session\s*optional\s*pam_umask.so.*' /etc/pam.d/sshd; then + echo 'session optional pam_umask.so umask=002 # FusionForge' >> /etc/pam.d/sshd + fi } remove_pam() { - sed -i -e '/.* # FusionForge/d' /etc/pam.d/sshd + sed -i -e '/.* # FusionForge/d' /etc/pam.d/sshd } # Modify /etc/nsswitch.conf # Not using UCF since we're sed-ing an existing file -configure_nsswitch() -{ - if ! grep -q '^passwd:.*pgsql' /etc/nsswitch.conf ; then - perl -pi -e "s/^(passwd:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf - fi - if ! grep -q '^group:.*pgsql' /etc/nsswitch.conf ; then - perl -pi -e "s/^(group:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf - fi - if ! grep -q '^shadow:.*pgsql' /etc/nsswitch.conf ; then - perl -pi -e "s/^(shadow:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf - fi +configure_nsswitch() { + if ! grep -q '^passwd:.*pgsql' /etc/nsswitch.conf ; then + perl -pi -e "s/^(passwd:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf + fi + if ! grep -q '^group:.*pgsql' /etc/nsswitch.conf ; then + perl -pi -e "s/^(group:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf + fi + if ! grep -q '^shadow:.*pgsql' /etc/nsswitch.conf ; then + perl -pi -e "s/^(shadow:[^#\n]*)([^\n]*)/\1 pgsql \2#Added by FusionForge install\n#Comment by FusionForge install#\1\2/gs" /etc/nsswitch.conf + fi } # Revert /etc/nsswitch.conf -remove_nsswitch() -{ - sed -i -e '/^.*#Added by FusionForge install/d' /etc/nsswitch.conf - sed -i -e 's/#Comment by FusionForge install#//' /etc/nsswitch.conf +remove_nsswitch() { + sed -i -e '/^.*#Added by FusionForge install/d' /etc/nsswitch.conf + sed -i -e 's/#Comment by FusionForge install#//' /etc/nsswitch.conf } -configure_nscd() -{ - if [ -e /etc/redhat-release ]; then - chkconfig nscd on - service nscd start - fi +configure_nscd() { + if [ -e /etc/redhat-release ]; then + chkconfig nscd on + service nscd start + fi } -configure_sshd() -{ - if ! getent passwd ${system_user_ssh_akc} >/dev/null; then - useradd ${system_user_ssh_akc} -s /bin/false -M -d /nonexistent - fi - - # Deal with CentOS 6's early patch - user_cmd=AuthorizedKeysCommandUser - if [ -f /etc/redhat-release ]; then - os_version=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)) - if [ "$os_version" = "6" ]; then - user_cmd=AuthorizedKeysCommandRunAs +configure_sshd() { + if ! getent passwd ${system_user_ssh_akc} >/dev/null; then + useradd ${system_user_ssh_akc} -s /bin/false -M -d /nonexistent + fi + + # Deal with CentOS 6's early patch + user_cmd=AuthorizedKeysCommandUser + if [ -f /etc/redhat-release ]; then + os_version=$(rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)) + if [ "$os_version" = "6" ]; then + user_cmd=AuthorizedKeysCommandRunAs + fi + fi + # Add placeholder if necessary + if ! grep -qw '^AuthorizedKeysCommand' /etc/ssh/sshd_config; then + echo 'AuthorizedKeysCommand replace_me' >> /etc/ssh/sshd_config + fi + if ! grep -qw "^$user_cmd" /etc/ssh/sshd_config; then + echo "$user_cmd replace_me" >> /etc/ssh/sshd_config fi - fi - # Add placeholder if necessary - if ! grep -qw '^AuthorizedKeysCommand' /etc/ssh/sshd_config; then - echo 'AuthorizedKeysCommand replace_me' >> /etc/ssh/sshd_config - fi - if ! grep -qw "^$user_cmd" /etc/ssh/sshd_config; then - echo "$user_cmd replace_me" >> /etc/ssh/sshd_config - fi - # Configure SSH daemon - cmd=$(forge_get_config source_path)/bin/ssh_akc.php - sed -i -e "s,^AuthorizedKeysCommand .*,AuthorizedKeysCommand $cmd," /etc/ssh/sshd_config - sed -i -e "s,^$user_cmd .*,$user_cmd ${system_user_ssh_akc}," /etc/ssh/sshd_config - - chown ${system_user_ssh_akc} \ - $(forge_get_config config_path)/config.ini.d/post-install-secrets-ssh_akc.ini - - # Fix "Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /usr/local/share" - dir=$cmd - while [ "$dir" != '/' ]; do - dir=$(dirname $dir) - if [ -n "$(find $dir -maxdepth 0 -perm -g+w)" ]; then chmod g-w $dir; fi - done + # Configure SSH daemon + cmd=$(forge_get_config source_path)/bin/ssh_akc.php + sed -i -e "s,^AuthorizedKeysCommand .*,AuthorizedKeysCommand $cmd," /etc/ssh/sshd_config + sed -i -e "s,^$user_cmd .*,$user_cmd ${system_user_ssh_akc}," /etc/ssh/sshd_config + + chown ${system_user_ssh_akc} \ + $(forge_get_config config_path)/config.ini.d/post-install-secrets-ssh_akc.ini + + # Fix "Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /usr/local/share" + dir=$cmd + while [ "$dir" != '/' ]; do + dir=$(dirname $dir) + if [ -n "$(find $dir -maxdepth 0 -perm -g+w)" ]; then chmod g-w $dir; fi + done } -restart_ssh_service() -{ - service $(forge_get_config ssh_service) restart +restart_ssh_service() { + service $(forge_get_config ssh_service) restart } -remove_sshd() -{ - sed -i -e "/^AuthorizedKeysCommand.*/d" /etc/ssh/sshd_config - userdel $system_user_ssh_akc +remove_sshd() { + sed -i -e "/^AuthorizedKeysCommand.*/d" /etc/ssh/sshd_config + userdel $system_user_ssh_akc } # Main case "$1" in - rawconfigure) - $(dirname $0)/upgrade-conf.sh $2 - configure_libnss_pgsql - configure_nsswitch - configure_pam - configure_sshd - ;; - configure) - $(dirname $0)/upgrade-conf.sh $2 - configure_libnss_pgsql - configure_nsswitch - configure_nscd - configure_pam - configure_sshd - restart_ssh_service - ;; - remove) - remove_nsswitch - remove_pam - remove_sshd - restart_ssh_service - ;; - purge) - # note: can't be called from Debian's postrm - rely on ucfq(1) - purge_libnss_pgsql - ;; - *) - echo "Usage: $0 {configure|rawconfigure|remove|purge}" - exit 1 - ;; + rawconfigure) + $(dirname $0)/upgrade-conf.sh $2 + configure_libnss_pgsql + configure_nsswitch + configure_pam + configure_sshd + ;; + configure) + $(dirname $0)/upgrade-conf.sh $2 + configure_libnss_pgsql + configure_nsswitch + configure_nscd + configure_pam + configure_sshd + restart_ssh_service + ;; + remove) + remove_nsswitch + remove_pam + remove_sshd + restart_ssh_service + ;; + purge) + # note: can't be called from Debian's postrm - rely on ucfq(1) + purge_libnss_pgsql + ;; + *) + echo "Usage: $0 {configure|rawconfigure|remove|purge}" + exit 1 + ;; esac diff --git a/src/post-install.d/shell/upgrade-conf.sh b/src/post-install.d/shell/upgrade-conf.sh index 897b763..99cf1bd 100755 --- a/src/post-install.d/shell/upgrade-conf.sh +++ b/src/post-install.d/shell/upgrade-conf.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/bin/bash -e # Upgrade NSS+PostgreSQL configuration # # Copyright (C) 2014 Inria (Sylvain Beucler) @@ -18,11 +18,9 @@ # with FusionForge; if not, write to the Free Software Foundation, Inc., # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. -set -e - PREVVER=${1:-0.0} # 5.3 -> 6.0 if [ $(php -r "print version_compare('$PREVVER', '5.3.50');") -eq -1 ]; then - sed -i -e 's/\(#.*\)GForge/\1FusionForge/' /etc/nsswitch.conf + sed -i -e 's/\(#.*\)GForge/\1FusionForge/' /etc/nsswitch.conf fi diff --git a/src/post-install.d/web/web.sh b/src/post-install.d/web/web.sh index 0f2ac09..9070a00 100755 --- a/src/post-install.d/web/web.sh +++ b/src/post-install.d/web/web.sh @@ -25,161 +25,161 @@ config_path=$(forge_get_config config_path) data_path=$(forge_get_config data_path) case "$1" in - # Update configuration values in Apache define directives - # Also called from common/plugin.sh - update-defines) - cd $config_path/httpd.conf.d/ - t=$(mktemp 00-defines.conf.XXXXXX) # mod=0600 - ( - echo "# This file is autogenerated, do not edit" - echo "# Run '$0 $1' to refresh this file" - echo "# Configuration variables are obtained from $config_path/config.ini and $config_path/config.ini.d/*.ini" - echo - for i in $(grep --only-matching --no-filename '\${FF__[^}]*}' *|sort -u) ; do - section=$(echo $i|sed -e 's/.*__\(.*\)__.*/\1/') - variable=$(echo $i|sed -e 's/.*__.*__\(.*\)\}/\1/') - echo "Define FF__${section}__${variable} \"$(forge_get_config $variable $section)\"" - done - ) > $t - mv $t 00-defines.conf - ;; - - rawconfigure) - $0 update-defines - - # '${FF__core__config_path}' not yet available in the top-level config file, so generate it: - # (unless it was manually emptied, meaning sites will be individually enabled e.g. via Puppet) - if [ ! -e $config_path/httpd.conf -o -s $config_path/httpd.conf ]; then - cat > $config_path/httpd.conf <<-EOF - # Include all FusionForge-related configuration files - Include $config_path/httpd.conf.d/*.conf - EOF - fi - - apache_user=$(forge_get_config apache_user) - apache_group=$(forge_get_config apache_group) - apache_service=$(forge_get_config apache_service) - - if [ -x /usr/sbin/a2ensite ]; then - ln -nfs $config_path/httpd.conf /etc/apache2/sites-available/fusionforge.conf - a2ensite fusionforge.conf - elif [ -e /etc/redhat-release ]; then - ln -nfs $config_path/httpd.conf /etc/httpd/conf.d/fusionforge.conf - else - echo "*** Note: please install $config_path/httpd.conf in your Apache configuration" - fi - - # Generate SSL certs if needed - web_host=$(forge_get_config web_host) - cert=$config_path/ssl-cert.pem - key=$config_path/ssl-cert.key - if [ ! -e $key ] ; then - openssl genrsa -out $key - chmod 600 $key - fi - if [ ! -e $cert ] ; then - openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$web_host" -out $cert - fi - - scm_host=$(forge_get_config scm_host) - cert_scm=$config_path/ssl-cert-scm.pem - key_scm=$config_path/ssl-cert-scm.key - if [ ! -e $key_scm ] ; then - openssl genrsa -out $key_scm - chmod 600 $key_scm - fi - if [ ! -e $cert_scm ] ; then - openssl req -x509 -days 3650 -new -nodes -batch -text -key $key_scm -subj "/CN=$scm_host" -out $cert_scm - fi - - # Setup Docman/FRS/Forum/Tracker/RSS attachments - # (not done in 'make install' because e.g. dpkg ignores existing dirs, cf. DP10.9[1]) - chown $apache_user: $data_path/docman/ - chown $apache_user: $data_path/docman/review/ - chown $apache_user: $data_path/download/ - chown $apache_user: $data_path/forum/ - chown $apache_user: $data_path/forum/pending/ - chown $apache_user: $data_path/tracker/ - chown $apache_user: $data_path/rss/ - - # Plugins activation from the web UI - chown $apache_user: $source_path/www/plugins/ - - # Enable required modules - if [ -x /usr/sbin/a2enmod ]; then - a2enmod version 2>/dev/null || true # opensuse.. - a2enmod macro - a2enmod php7.0 || a2enmod php5 - a2enmod ssl - a2enmod env - a2enmod headers - a2enmod rewrite - a2enmod alias - a2enmod dir - a2enmod vhost_alias - a2enmod cgi # ViewVC bootstrap, gitweb, mailman - #a2enmod proxy - #a2enmod proxy_http - a2enmod authz_groupfile - a2enmod dav - else - if ! [ -e /etc/httpd/conf.modules.d/00-macro.conf ] ; then - echo "LoadModule macro_module modules/mod_macro.so" > /etc/httpd/conf.modules.d/00-macro.conf - fi - if [ -e /etc/httpd/conf.modules.d/00-mpm-itk.conf ] \ - && ! grep -q ^LoadModule.mpm_itk_module /etc/httpd/conf.modules.d/00-mpm-itk.conf ; then - sed -i -e s/^#LoadModule/LoadModule/ /etc/httpd/conf.modules.d/00-mpm-itk.conf - fi - fi - - # Enable mpm-itk on RH/CentOS - - if [ -x /usr/sbin/a2dissite ]; then - a2dissite 000-default - fi - # Prevent double NameVirtualHost warning - if [ -e /etc/apache2/ports.conf ]; then - sed -i 's/^NameVirtualHost \*:80/#&/' /etc/apache2/ports.conf - fi - ;; - - configure) - $0 rawconfigure - $0 servicerestart - ;; - - servicerestart) - apache_service=$(forge_get_config apache_service) - # Start web server on boot - if [ -x /sbin/chkconfig ]; then - chkconfig $apache_service on - fi - # Refresh configuration - if service $apache_service status >/dev/null; then - service $apache_service reload - else - service $apache_service restart - fi - ;; - - remove) - if [ -x /usr/sbin/a2ensite ]; then - a2dissite fusionforge.conf - rm -f /etc/apache2/sites-available/fusionforge.conf - elif [ -e /etc/redhat-release ]; then - rm /etc/httpd/conf.d/fusionforge.conf - fi - rm $config_path/httpd.conf $config_path/httpd.conf.d/00-defines.conf - ;; - - purge) - log_path=$(forge_get_config log_path) - rm -f $log_path/access.log - rm -f $log_path/awstats.log - ;; - - *) - echo "Usage: $0 {configure|remove|purge|update-defines|servicerestart|rawconfigure}" - exit 1 - ;; + # Update configuration values in Apache define directives + # Also called from common/plugin.sh + update-defines) + cd $config_path/httpd.conf.d/ + t=$(mktemp 00-defines.conf.XXXXXX) # mod=0600 + ( + echo "# This file is autogenerated, do not edit" + echo "# Run '$0 $1' to refresh this file" + echo "# Configuration variables are obtained from $config_path/config.ini and $config_path/config.ini.d/*.ini" + echo + for i in $(grep --only-matching --no-filename '\${FF__[^}]*}' *|sort -u) ; do + section=$(echo $i|sed -e 's/.*__\(.*\)__.*/\1/') + variable=$(echo $i|sed -e 's/.*__.*__\(.*\)\}/\1/') + echo "Define FF__${section}__${variable} \"$(forge_get_config $variable $section)\"" + done + ) > $t + mv $t 00-defines.conf + ;; + + rawconfigure) + $0 update-defines + + # '${FF__core__config_path}' not yet available in the top-level config file, so generate it: + # (unless it was manually emptied, meaning sites will be individually enabled e.g. via Puppet) + if [ ! -e $config_path/httpd.conf -o -s $config_path/httpd.conf ]; then + cat > $config_path/httpd.conf <<-EOF + # Include all FusionForge-related configuration files + Include $config_path/httpd.conf.d/*.conf + EOF + fi + + apache_user=$(forge_get_config apache_user) + apache_group=$(forge_get_config apache_group) + apache_service=$(forge_get_config apache_service) + + if [ -x /usr/sbin/a2ensite ]; then + ln -nfs $config_path/httpd.conf /etc/apache2/sites-available/fusionforge.conf + a2ensite fusionforge.conf + elif [ -e /etc/redhat-release ]; then + ln -nfs $config_path/httpd.conf /etc/httpd/conf.d/fusionforge.conf + else + echo "*** Note: please install $config_path/httpd.conf in your Apache configuration" + fi + + # Generate SSL certs if needed + web_host=$(forge_get_config web_host) + cert=$config_path/ssl-cert.pem + key=$config_path/ssl-cert.key + if [ ! -e $key ] ; then + openssl genrsa -out $key + chmod 600 $key + fi + if [ ! -e $cert ] ; then + openssl req -x509 -days 3650 -new -nodes -batch -text -key $key -subj "/CN=$web_host" -out $cert + fi + + scm_host=$(forge_get_config scm_host) + cert_scm=$config_path/ssl-cert-scm.pem + key_scm=$config_path/ssl-cert-scm.key + if [ ! -e $key_scm ] ; then + openssl genrsa -out $key_scm + chmod 600 $key_scm + fi + if [ ! -e $cert_scm ] ; then + openssl req -x509 -days 3650 -new -nodes -batch -text -key $key_scm -subj "/CN=$scm_host" -out $cert_scm + fi + + # Setup Docman/FRS/Forum/Tracker/RSS attachments + # (not done in 'make install' because e.g. dpkg ignores existing dirs, cf. DP10.9[1]) + chown $apache_user: $data_path/docman/ + chown $apache_user: $data_path/docman/review/ + chown $apache_user: $data_path/download/ + chown $apache_user: $data_path/forum/ + chown $apache_user: $data_path/forum/pending/ + chown $apache_user: $data_path/tracker/ + chown $apache_user: $data_path/rss/ + + # Plugins activation from the web UI + chown $apache_user: $source_path/www/plugins/ + + # Enable required modules + if [ -x /usr/sbin/a2enmod ]; then + a2enmod version 2>/dev/null || true # opensuse.. + a2enmod macro + a2enmod php7.0 || a2enmod php5 + a2enmod ssl + a2enmod env + a2enmod headers + a2enmod rewrite + a2enmod alias + a2enmod dir + a2enmod vhost_alias + a2enmod cgi # ViewVC bootstrap, gitweb, mailman + #a2enmod proxy + #a2enmod proxy_http + a2enmod authz_groupfile + a2enmod dav + else + if ! [ -e /etc/httpd/conf.modules.d/00-macro.conf ] ; then + echo "LoadModule macro_module modules/mod_macro.so" > /etc/httpd/conf.modules.d/00-macro.conf + fi + if [ -e /etc/httpd/conf.modules.d/00-mpm-itk.conf ] \ + && ! grep -q ^LoadModule.mpm_itk_module /etc/httpd/conf.modules.d/00-mpm-itk.conf ; then + sed -i -e s/^#LoadModule/LoadModule/ /etc/httpd/conf.modules.d/00-mpm-itk.conf + fi + fi + + # Enable mpm-itk on RH/CentOS + + if [ -x /usr/sbin/a2dissite ]; then + a2dissite 000-default + fi + # Prevent double NameVirtualHost warning + if [ -e /etc/apache2/ports.conf ]; then + sed -i 's/^NameVirtualHost \*:80/#&/' /etc/apache2/ports.conf + fi + ;; + + configure) + $0 rawconfigure + $0 servicerestart + ;; + + servicerestart) + apache_service=$(forge_get_config apache_service) + # Start web server on boot + if [ -x /sbin/chkconfig ]; then + chkconfig $apache_service on + fi + # Refresh configuration + if service $apache_service status >/dev/null; then + service $apache_service reload + else + service $apache_service restart + fi + ;; + + remove) + if [ -x /usr/sbin/a2ensite ]; then + a2dissite fusionforge.conf + rm -f /etc/apache2/sites-available/fusionforge.conf + elif [ -e /etc/redhat-release ]; then + rm /etc/httpd/conf.d/fusionforge.conf + fi + rm $config_path/httpd.conf $config_path/httpd.conf.d/00-defines.conf + ;; + + purge) + log_path=$(forge_get_config log_path) + rm -f $log_path/access.log* + rm -f $log_path/awstats.log + ;; + + *) + echo "Usage: $0 {configure|remove|purge|update-defines|servicerestart|rawconfigure}" + exit 1 + ;; esac https://scm.fusionforge.org/anonscm/gitweb/?p=fusionforge/fusionforge.git;a=commitdiff;h=0c03a762b3e3a9d69052a14c3d3b7e8a67aa50b4 commit 0c03a762b3e3a9d69052a14c3d3b7e8a67aa50b4 Author: Franck Villaume <franck.villa...@trivialdev.com> Date: Sun Feb 11 11:57:45 2018 +0100 space vs. tabs diff --git a/src/db/20150404-scmperms.php b/src/db/20150404-scmperms.php index 34e3d1a..96b9698 100644 --- a/src/db/20150404-scmperms.php +++ b/src/db/20150404-scmperms.php @@ -31,10 +31,10 @@ $verbose = (count($argv) > 1 and $argv[1] == '--verbose'); // (avoids querying nss for all groups, which sometimes fails due to // transient sql/network error or deleted projects) $res = db_query_params("SELECT name, group_id, gid, perm_val AS anon FROM nss_groups - LEFT JOIN pfo_role_setting ON (nss_groups.group_id = pfo_role_setting.ref_id - AND pfo_role_setting.role_id=$1 AND pfo_role_setting.section_name=$2) - WHERE gid < $3 - ORDER BY name", array(1, 'scm', 20000)); + LEFT JOIN pfo_role_setting ON (nss_groups.group_id = pfo_role_setting.ref_id + AND pfo_role_setting.role_id=$1 AND pfo_role_setting.section_name=$2) + WHERE gid < $3 + ORDER BY name", array(1, 'scm', 20000)); // Store everything in RAM to avoid a 3h-long SQL connection while ($row = db_fetch_array($res)) @@ -43,42 +43,42 @@ while ($row = db_fetch_array($res)) $svnroot = forge_get_config('repos_path', 'scmsvn'); $gitroot = forge_get_config('repos_path', 'scmgit'); foreach ($groups as $group) { - $gname = $group['name']; - $gid_ro = $group['group_id'] + $SYS->GID_ADD_SCMRO; - $gid_rw = $group['group_id'] + $SYS->GID_ADD_SCMRW; - if ($verbose) print "$gname\n"; - - $repo = "$svnroot/$gname"; - if (is_dir($repo)) { - chmod($repo, $group['anon'] ? 02755 : 02750); - system("chown -Rh root:{$gid_rw} $repo"); - system("chown -h root:{$gid_ro} $repo"); - system("find $repo/* -type d -print0 | xargs -r -0 chmod 2775"); - system("chmod -R g+rwX,o+rX-w $repo/*"); - } - $repo = '/nonexistent'; // for safety + $gname = $group['name']; + $gid_ro = $group['group_id'] + $SYS->GID_ADD_SCMRO; + $gid_rw = $group['group_id'] + $SYS->GID_ADD_SCMRW; + if ($verbose) print "$gname\n"; - $projroot = "$gitroot/$gname"; - if (is_dir("$projroot")) { - chmod($projroot, $group['anon'] ? 02755 : 02750); + $repo = "$svnroot/$gname"; + if (is_dir($repo)) { + chmod($repo, $group['anon'] ? 02755 : 02750); + system("chown -Rh root:{$gid_rw} $repo"); + system("chown -h root:{$gid_ro} $repo"); + system("find $repo/* -type d -print0 | xargs -r -0 chmod 2775"); + system("chmod -R g+rwX,o+rX-w $repo/*"); + } + $repo = '/nonexistent'; // for safety - if (is_dir("$projroot/users")) { - chmod("$projroot/users", 00755); - foreach (glob("$projroot/users/*") as $userrepo) { + $projroot = "$gitroot/$gname"; + if (is_dir("$projroot")) { + chmod($projroot, $group['anon'] ? 02755 : 02750); + + if (is_dir("$projroot/users")) { + chmod("$projroot/users", 00755); + foreach (glob("$projroot/users/*") as $userrepo) { if (is_dir($userrepo)) { $matches = preg_match(":/users/([^/]+)/:", $userrepo); $user = $matches[1]; system("chown -hR $user:root $userrepo"); system("chmod -R g+rX-sw,o+rX-w $userrepo"); } - } - } + } + } - system("chown -h root:{$gid_ro} $projroot"); - system("chown -Rh root:{$gid_rw} $projroot/*.git"); - system("find $projroot/*.git -type d -print0 | xargs -r -0 chmod 2775"); - system("chmod -R g+rwX,o+rX-w $projroot/*.git"); - } + system("chown -h root:{$gid_ro} $projroot"); + system("chown -Rh root:{$gid_rw} $projroot/*.git"); + system("find $projroot/*.git -type d -print0 | xargs -r -0 chmod 2775"); + system("chmod -R g+rwX,o+rX-w $projroot/*.git"); + } } echo "SUCCESS\n"; ----------------------------------------------------------------------- Summary of changes: src/db/20150404-scmperms.php | 62 ++--- src/plugins/scmsvn/bin/install.sh | 4 +- src/post-install.d/common/ini.sh | 182 +++++++------- src/post-install.d/common/plugin.sh | 104 ++++---- src/post-install.d/common/service.inc | 18 +- src/post-install.d/common/systasksd.sh | 50 ++-- src/post-install.d/common/user.sh | 36 +-- src/post-install.d/db/db.sh | 26 +- src/post-install.d/db/populate.sh | 26 +- src/post-install.d/db/server.sh | 127 +++++----- src/post-install.d/db/upgrade-conf.sh | 10 +- src/post-install.d/ftp/ftp.sh | 80 +++---- src/post-install.d/lists/lists.sh | 48 ++-- src/post-install.d/mta-exim4/mta-exim4.sh | 172 +++++++------- src/post-install.d/mta-exim4/upgrade-conf.sh | 70 +++--- src/post-install.d/mta-postfix/mta-postfix.sh | 128 +++++----- src/post-install.d/mta-postfix/upgrade-conf.sh | 20 +- src/post-install.d/shell/shell.sh | 228 +++++++++--------- src/post-install.d/shell/upgrade-conf.sh | 6 +- src/post-install.d/web/web.sh | 314 ++++++++++++------------- 20 files changed, 842 insertions(+), 869 deletions(-) hooks/post-receive -- FusionForge _______________________________________________ Fusionforge-commits mailing list Fusionforge-commits@lists.fusionforge.org http://lists.fusionforge.org/cgi-bin/mailman/listinfo/fusionforge-commits