diff options
| author | yalh76 <yalh@yahoo.com> | 2019-03-22 23:59:16 +0100 |
|---|---|---|
| committer | yalh76 <yalh@yahoo.com> | 2019-03-22 23:59:16 +0100 |
| commit | dddaefcd63215f3416e387dcc2cf94b89c73d682 (patch) | |
| tree | f24af8095b598b50d66dea93d9617fc5348f1d5a | |
| parent | 5cd0ad6b49991cf45a74b4a6c9db3e3bb5e4ebb4 (diff) | |
| download | mastodon_ynh-dddaefcd63215f3416e387dcc2cf94b89c73d682.tar.gz mastodon_ynh-dddaefcd63215f3416e387dcc2cf94b89c73d682.tar.bz2 mastodon_ynh-dddaefcd63215f3416e387dcc2cf94b89c73d682.zip | |
adding ynh_add_secure_repos__2
| -rw-r--r-- | conf/ynh_add_secure_repos__2 | 166 | ||||
| -rw-r--r-- | scripts/install | 7 | ||||
| -rw-r--r-- | scripts/remove | 10 | ||||
| -rw-r--r-- | scripts/restore | 8 | ||||
| -rw-r--r-- | scripts/upgrade | 8 |
5 files changed, 180 insertions, 19 deletions
diff --git a/conf/ynh_add_secure_repos__2 b/conf/ynh_add_secure_repos__2 new file mode 100644 index 0000000..51a9f1b --- /dev/null +++ b/conf/ynh_add_secure_repos__2 @@ -0,0 +1,166 @@ +#!/bin/bash + +# Pin a repository. +# +# usage: ynh_pin_repo --package=packages --pin=pin_filter --priority=priority_value [--name=name] [--append] +# | arg: -p, --package - Packages concerned by the pin. Or all, *. +# | arg: -i, --pin - Filter for the pin. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning. +# +ynh_pin_repo () { + # Declare an array to define the options of this helper. + local legacy_args=pirna + declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append ) + local package + local pin + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + package="${package:-*}" + priority=${priority:-50} + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/preferences.d" + echo "Package: $package +Pin: $pin +Pin-Priority: $priority" \ + | $append "/etc/apt/preferences.d/$name" +} + +# Add a repository. +# +# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append] +# | arg: -u, --uri - Uri of the repository. +# | arg: -s, --suite - Suite of the repository. +# | arg: -c, --component - Component of the repository. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable +# uri suite component +# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable +# +ynh_add_repo () { + # Declare an array to define the options of this helper. + local legacy_args=uscna + declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append ) + local uri + local suite + local component + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/sources.list.d" + # Add the new repo in sources.list.d + echo "deb $uri $suite $component" \ + | $append "/etc/apt/sources.list.d/$name.list" +} + +# Add an extra repository correctly, pin it and get the key. +# +# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--name=name] [--append] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -k, --key - url to get the public key. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +ynh_install_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=rkna + declare -Ar args_array=( [r]=repo= [k]=key= [n]=name= [a]=append ) + local repo + local key + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + key=${key:-0} + + if [ $append -eq 1 ] + then + append="--append" + wget_append="tee -a" + else + append="" + wget_append="tee" + fi + + # Split the repository into uri, suite and components. + # Remove "deb " at the beginning of the repo. + repo="${repo#deb }" + + # Get the uri + local uri="$(echo "$repo" | awk '{ print $1 }')" + + # Get the suite + local suite="$(echo "$repo" | awk '{ print $2 }')" + + # Get the components + local component="${repo##$uri $suite }" + + # Add the repository into sources.list.d + ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append + + # Pin the new repo with the default priority, so it won't be used for upgrades. + # Build $pin from the uri without http and any sub path + local pin="${uri#*://}" + pin="${pin%%/*}" + ynh_pin_repo --package="*" --pin="origin \"$pin\"" --name="$name" $append + + # Get the public key for the repo + if [ -n "$key" ] + then + mkdir -p "/etc/apt/trusted.gpg.d" + wget -q "$key" -O - | $wget_append /etc/apt/trusted.gpg.d/$name.gpg + fi + + # Update the list of package with the new repo + ynh_package_update +} + +# Remove an extra repository and the assiociated configuration. +# +# usage: ynh_remove_extra_repo [--name=name] +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_remove_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=n + declare -Ar args_array=( [n]=name= ) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + + ynh_secure_remove "/etc/apt/sources.list.d/$name.list" + ynh_secure_remove "/etc/apt/preferences.d/$name" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" + + # Update the list of package to exclude the old repo + ynh_package_update +} diff --git a/scripts/install b/scripts/install index e57dbab..bf52357 100644 --- a/scripts/install +++ b/scripts/install @@ -92,12 +92,11 @@ if [[ "$arch" = arm* ]]; then apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi -# Install source.list debian package backports & yarn +# Install extra_repo debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://httpredir.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/jessie-backports.list + ynh_install_extra_repo --repo="deb http://httpredir.debian.org/debian jessie-backports main" fi -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_package_update # install nodejs diff --git a/scripts/remove b/scripts/remove index 8880c9c..3436bce 100644 --- a/scripts/remove +++ b/scripts/remove @@ -9,6 +9,7 @@ source _common.sh source /usr/share/yunohost/helpers source ynh_install_ruby +source ynh_add_secure_repos__2 #================================================= # LOAD SETTINGS @@ -77,13 +78,8 @@ ynh_remove_ruby ynh_remove_app_dependencies ynh_remove_nodejs -#================================================= -# REMOVE APT SOURCES -#================================================= -ynh_print_info "Removing apt sources" - -ynh_secure_remove "/etc/apt/sources.list.d/jessie-backports.list" -ynh_secure_remove "/etc/apt/sources.list.d/yarn.list" +ynh_remove_extra_repo jessie-backports +ynh_remove_extra_repo yarn #================================================= # REMOVE APP MAIN DIR diff --git a/scripts/restore b/scripts/restore index 39de26e..c74eadc 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,6 +10,7 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers source ../settings/scripts/ynh_install_ruby +source ../settings/scripts/ynh_add_secure_repos__2 #================================================= # MANAGE SCRIPT FAILURE @@ -86,12 +87,11 @@ if [[ "$arch" = arm* ]]; then apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi -# Install source.list debian package backports & yarn +# Install extra_repo debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://httpredir.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/jessie-backports.list + ynh_install_extra_repo --repo="deb http://httpredir.debian.org/debian jessie-backports main" fi -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_package_update # install nodejs diff --git a/scripts/upgrade b/scripts/upgrade index 87b0432..a210372 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,6 +9,7 @@ source _common.sh source /usr/share/yunohost/helpers source ynh_install_ruby +source ynh_add_secure_repos__2 #================================================= # LOAD SETTINGS @@ -124,12 +125,11 @@ ynh_add_nginx_config #================================================= ynh_print_info "Upgrading dependencies..." -# Install source.list debian package backports & yarn +# Install extra_repo debian package backports & yarn if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://httpredir.debian.org/debian jessie-backports main" | tee /etc/apt/sources.list.d/jessie-backports.list + ynh_install_extra_repo --repo="deb http://httpredir.debian.org/debian jessie-backports main" fi -curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - -echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list +ynh_install_extra_repo --repo="deb https://dl.yarnpkg.com/debian/ stable main" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" ynh_package_update # install nodejs |