From f0b132281241bcfdc38be62dd79324b78a4972f2 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Tue, 1 May 2018 11:29:25 +0200 Subject: Use latest PostgreSQL helpers --- scripts/_common.sh | 176 +++++++++++++++++++++++++++++++++++++++-------------- 1 file changed, 132 insertions(+), 44 deletions(-) (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index 39b0631..dce035f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,73 +1,161 @@ #!/bin/bash -# Create a db without password +#================================================= # -# usage: ynh_mysql_create_user user -# | arg: user - the user name to create -ynh_psql_create_db_without_password() { - db=$1 - sudo su -c "psql" postgres <<< \ - "CREATE USER $db CREATEDB;" +# POSTGRES HELPERS +# +# Point of contact : Jean-Baptiste Holcroft +#================================================= + +# Create a master password and set up global settings +# Please always call this script in install and restore scripts +# +# usage: ynh_psql_test_if_first_run + +ynh_psql_test_if_first_run() { + if [ -f /etc/yunohost/psql ]; + then + echo "PostgreSQL is already installed, no need to create master password" + else + pgsql=$(ynh_string_random) + pg_hba="" + echo "$pgsql" >> /etc/yunohost/psql + + if [ -e /etc/postgresql/9.4/ ] + then + pg_hba=/etc/postgresql/9.4/main/pg_hba.conf + elif [ -e /etc/postgresql/9.6/ ] + then + pg_hba=/etc/postgresql/9.6/main/pg_hba.conf + else + ynh_die "postgresql shoud be 9.4 or 9.6" + fi + + systemctl start postgresql + sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres + + # force all user to connect to local database using passwords + # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF + # Note: we can't use peer since YunoHost create users with nologin + # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user + sed -i '/local\s*all\s*all\s*peer/i \ + local all all password' "$pg_hba" + systemctl enable postgresql + systemctl reload postgresql + fi } -# Create a user +# Open a connection as a user # -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -# | arg: pwd - the password to identify user by -ynh_psql_create_user() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1} WITH PASSWORD '${2}';" +# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" +# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql +# +# usage: ynh_psql_connect_as user pwd [db] +# | arg: user - the user name to connect as +# | arg: pwd - the user password +# | arg: db - the database to connect to +ynh_psql_connect_as() { + user="$1" + pwd="$2" + db="$3" + sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db" } -# Create a user without password +# # Execute a command as root user # -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -ynh_psql_create_user_without_password() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1};" +# usage: ynh_psql_execute_as_root sql [db] +# | arg: sql - the SQL command to execute +# | arg: db - the database to connect to +ynh_psql_execute_as_root () { + sql="$1" + sudo --login --user=postgres psql <<< "$sql" +} + +# Execute a command from a file as root user +# +# usage: ynh_psql_execute_file_as_root file [db] +# | arg: file - the file containing SQL commands +# | arg: db - the database to connect to +ynh_psql_execute_file_as_root() { + file="$1" + db="$2" + sudo --login --user=postgres psql "$db" < "$file" } -# Create a database and grant optionnaly privilegies to a user +# Create a database, an user and its password. Then store the password in the app's config # -# usage: ynh_mysql_create_db db [user [pwd]] +# After executing this helper, the password of the created database will be available in $db_pwd +# It will also be stored as "psqlpwd" into the app settings. +# +# usage: ynh_psql_setup_db user name [pwd] +# | arg: user - Owner of the database +# | arg: name - Name of the database +# | arg: pwd - Password of the database. If not given, a password will be generated +ynh_psql_setup_db () { + db_user="$1" + app="$1" + db_name="$2" + new_db_pwd=$(ynh_string_random) # Generate a random password + # If $3 is not given, use new_db_pwd instead for db_pwd. + db_pwd="${3:-$new_db_pwd}" + ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database + ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config +} + +# Create a database and grant privilegies to a user +# +# usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create # | arg: user - the user to grant privilegies -# | arg: pwd - the password to identify user by +# | arg: pwd - the user password ynh_psql_create_db() { - db=$1 - # grant all privilegies to user - if [[ $# -gt 1 ]]; then - ynh_psql_create_user ${2} "${3}" - sudo su -c "createdb -O ${2} $db" postgres - else - sudo su -c "createdb $db" postgres - fi - + db="$1" + user="$2" + pwd="$3" + ynh_psql_create_user "$user" "$pwd" + sudo --login --user=postgres createdb --owner="$user" "$db" } -# Drop a role +# Drop a database # -# usage: ynh_mysql_drop_role db +# usage: ynh_psql_drop_db db # | arg: db - the database name to drop -ynh_psql_drop_role() { - sudo su -c "psql" postgres <<< \ - "DROP ROLE ${1};" +# | arg: user - the user to drop +ynh_psql_remove_db() { + db="$1" + user="$2" + sudo --login --user=postgres dropdb "$db" + ynh_psql_drop_user "$user" } -# Drop a database +# Dump a database # -# usage: ynh_mysql_drop_db db -# | arg: db - the database name to drop -ynh_psql_drop_db() { - sudo su -c "dropdb ${1}" postgres +# example: ynh_psql_dump_db 'roundcube' > ./dump.sql +# +# usage: ynh_psql_dump_db db +# | arg: db - the database name to dump +# | ret: the psqldump output +ynh_psql_dump_db() { + db="$1" + sudo --login --user=postgres pg_dump "$db" +} + + +# Create a user +# +# usage: ynh_psql_create_user user pwd [host] +# | arg: user - the user name to create +ynh_psql_create_user() { + user="$1" + pwd="$2" + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres } # Drop a user # -# usage: ynh_mysql_drop_user user +# usage: ynh_psql_drop_user user # | arg: user - the user name to drop ynh_psql_drop_user() { - sudo su -c "dropuser ${1}" postgres + user="$1" + sudo --login --user=postgres dropuser "$user" } -- cgit v1.2.3-70-g09d2 From 69ddc4592be8122630130eda748ccaf85f4355a4 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Tue, 1 May 2018 18:48:06 +0200 Subject: Add helpers (multi-file systemd and exec_as) --- scripts/_common.sh | 14 ++++++ scripts/_future.sh | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 scripts/_future.sh (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index dce035f..7d4f823 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,19 @@ #!/bin/bash + +# Execute a command as another user +# usage: exec_as USER COMMAND [ARG ...] +exec_as() { + local user=$1 + shift 1 + + if [[ $user = $(whoami) ]]; then + eval "$@" + else + sudo --login --user="$user" "$@" + fi +} + #================================================= # # POSTGRES HELPERS diff --git a/scripts/_future.sh b/scripts/_future.sh new file mode 100644 index 0000000..82f255c --- /dev/null +++ b/scripts/_future.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_add_systemd_config () { + local service_name="${1:-$app}" + + finalsystemdconf="/etc/systemd/system/$service_name.service" + ynh_backup_if_checksum_is_different "$finalsystemdconf" + sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__APP__" "$app" "$finalsystemdconf" + fi + ynh_store_file_checksum "$finalsystemdconf" + + sudo chown root: "$finalsystemdconf" + sudo systemctl enable $service_name + sudo systemctl daemon-reload +} + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_remove_systemd_config () { + local service_name="${1:-$app}" + + local finalsystemdconf="/etc/systemd/system/$service_name.service" + if [ -e "$finalsystemdconf" ]; then + sudo systemctl stop $service_name + sudo systemctl disable $service_name + ynh_secure_remove "$finalsystemdconf" + sudo systemctl daemon-reload + fi +} + + +# LOCAL ADDITION: +# save file locally if not in the cache +# +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source () { + local dest_dir=$1 + local src_id=${2:-app} # If the argument is not given, source_id equals "app" + + # Load value from configuration file (see above for a small doc about this file + # format) + local src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + + # Default value + src_sumprg=${src_sumprg:-sha256sum} + src_in_subdir=${src_in_subdir:-true} + src_format=${src_format:-tar.gz} + src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]') + if [ "$src_filename" = "" ] ; then + src_filename="${src_id}.${src_format}" + fi + local local_src="/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}/${src_filename}" + + # if cache file exists and the checksum isn't good, download it again + # if not, just download the file + + if test -e "$local_src" + then + echo "${src_sum} ${local_src}" | ${src_sumprg} -c --status \ + || wget -nv -O $local_src $src_url + else + mkdir -p "/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}" + wget -nv -O $local_src $src_url + fi + cp $local_src $src_filename + + # Check the control sum + echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \ + || ynh_die "Corrupt source" + + # Extract source into the app dir + mkdir -p "$dest_dir" + if [ "$src_format" = "zip" ] + then + # Zip format + # Using of a temp directory, because unzip doesn't manage --strip-components + if $src_in_subdir ; then + local tmp_dir=$(mktemp -d) + unzip -quo $src_filename -d "$tmp_dir" + cp -a $tmp_dir/*/. "$dest_dir" + ynh_secure_remove "$tmp_dir" + else + unzip -quo $src_filename -d "$dest_dir" + fi + else + local strip="" + if $src_in_subdir ; then + strip="--strip-components 1" + fi + if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then + tar -xf $src_filename -C "$dest_dir" $strip + else + ynh_die "Archive format unrecognized." + fi + fi + + # Apply patches + if (( $(find $YNH_CWD/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then + local old_dir=$(pwd) + (cd "$dest_dir" \ + && for p in $YNH_CWD/../sources/patches/${src_id}-*.patch; do \ + patch -p1 < $p; done) \ + || ynh_die "Unable to apply patches" + cd $old_dir + fi + + # Add supplementary files + if test -e "$YNH_CWD/../sources/extra_files/${src_id}"; then + cp -a $YNH_CWD/../sources/extra_files/$src_id/. "$dest_dir" + fi +} + -- cgit v1.2.3-70-g09d2