Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Shellcheck : Fix hooks/ #2017

Open
wants to merge 12 commits into
base: dev
Choose a base branch
from
2 changes: 1 addition & 1 deletion .github/workflows/shellcheck.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ name: Run Shellcheck on push and PR

on:
push:
branches: [ "dev" ]
pull_request:

jobs:
Expand All @@ -28,5 +29,4 @@ jobs:
tests/test_helpers.v2.d
helpers/vendor
src/vendor
hooks
helpers
3 changes: 2 additions & 1 deletion hooks/backup/05-conf_ldap
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
3 changes: 2 additions & 1 deletion hooks/backup/17-data_home
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
3 changes: 2 additions & 1 deletion hooks/backup/18-data_multimedia
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
3 changes: 2 additions & 1 deletion hooks/backup/20-conf_ynh_settings
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
3 changes: 2 additions & 1 deletion hooks/backup/21-conf_ynh_certs
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
3 changes: 2 additions & 1 deletion hooks/backup/23-data_mail
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,10 @@
#

# Exit hook on subcommand error or unset variable
set -eu
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

# Backup destination
Expand Down
6 changes: 6 additions & 0 deletions hooks/backup/50-conf_manually_modified_files
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,13 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

# Exit hook on subcommand error or unset variable
set -Eeuo pipefail

# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

ynh_abort_if_errors
YNH_CWD="${YNH_BACKUP_DIR%/}/conf/manually_modified_files"
mkdir -p "$YNH_CWD"
Expand Down
53 changes: 27 additions & 26 deletions hooks/conf_regen/01-yunohost
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

set -e
# Exit hook on subcommand error or unset variable
set -Eeuo pipefail

base_folder_and_perm_init() {

Expand Down Expand Up @@ -226,26 +227,26 @@ do_pre_regen() {

cd /usr/share/yunohost/conf/yunohost

mkdir -p $pending_dir/etc/systemd/system
mkdir -p $pending_dir/etc/cron.d/
mkdir -p $pending_dir/etc/cron.daily/
mkdir -p "$pending_dir/etc/systemd/system"
mkdir -p "$pending_dir/etc/cron.d/"
mkdir -p "$pending_dir/etc/cron.daily/"

# add cron job for diagnosis to be ran at 7h and 19h + a random delay between
# 0 and 20min, meant to avoid every instances running their diagnosis at
# exactly the same time, which may overload the diagnosis server.
cat > $pending_dir/etc/cron.d/yunohost-diagnosis << EOF
cat > "$pending_dir/etc/cron.d/yunohost-diagnosis" << EOF
SHELL=/bin/bash
0 7,19 * * * root : YunoHost Automatic Diagnosis; sleep \$((RANDOM\\%1200)); yunohost diagnosis run --email > /dev/null 2>/dev/null || echo "Running the automatic diagnosis failed miserably"
EOF

# Cron job that upgrade the app list everyday
cat > $pending_dir/etc/cron.daily/yunohost-fetch-apps-catalog << EOF
cat > "$pending_dir/etc/cron.daily/yunohost-fetch-apps-catalog" << EOF
#!/bin/bash
sleep \$((RANDOM%3600)); yunohost tools update apps > /dev/null
EOF

# Cron job that renew lets encrypt certificates if there's any that needs renewal
cat > $pending_dir/etc/cron.daily/yunohost-certificate-renew << EOF
cat > "$pending_dir/etc/cron.daily/yunohost-certificate-renew" << EOF
#!/bin/bash
yunohost domain cert renew --email
EOF
Expand All @@ -254,7 +255,7 @@ EOF
# - delay between 0 and 60 secs to spread the check over a 1 min window
# - do not run the command if some process already has the lock, to avoid queuing hundreds of commands...
if ls -l /etc/yunohost/dyndns/K*.key 2> /dev/null; then
cat > $pending_dir/etc/cron.d/yunohost-dyndns << EOF
cat > "$pending_dir/etc/cron.d/yunohost-dyndns" << EOF
SHELL=/bin/bash
# Every 10 minutes,
# - (sleep random 60 is here to spread requests over a 1-min window)
Expand All @@ -265,22 +266,22 @@ SHELL=/bin/bash
EOF
else
# (Delete cron if no dyndns domain found)
touch $pending_dir/etc/cron.d/yunohost-dyndns
touch "$pending_dir/etc/cron.d/yunohost-dyndns"
fi

# Skip ntp if inside a container (inspired from the conf of systemd-timesyncd)
if systemctl | grep -q 'ntp.service'; then
mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/
cat > ${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf << EOF
mkdir -p "$pending_dir/etc/systemd/system/ntp.service.d/"
cat > "$pending_dir/etc/systemd/system/ntp.service.d/ynh-override.conf" << EOF
[Unit]
ConditionCapability=CAP_SYS_TIME
ConditionVirtualization=!container
EOF
fi

# Make nftable conflict with yunohost-firewall
mkdir -p ${pending_dir}/etc/systemd/system/nftables.service.d/
cat > ${pending_dir}/etc/systemd/system/nftables.service.d/ynh-override.conf << EOF
mkdir -p "$pending_dir/etc/systemd/system/nftables.service.d/"
cat > "$pending_dir/etc/systemd/system/nftables.service.d/ynh-override.conf" << EOF
[Unit]
# yunohost-firewall and nftables conflict with each other
Conflicts=yunohost-firewall.service
Expand All @@ -289,22 +290,22 @@ ConditionPathExists=!/etc/systemd/system/multi-user.target.wants/yunohost-firewa
EOF

# Don't suspend computer on LidSwitch
mkdir -p ${pending_dir}/etc/systemd/logind.conf.d/
cat > ${pending_dir}/etc/systemd/logind.conf.d/ynh-override.conf << EOF
mkdir -p "$pending_dir/etc/systemd/logind.conf.d/"
cat > "$pending_dir/etc/systemd/logind.conf.d/ynh-override.conf" << EOF
[Login]
HandleLidSwitch=ignore
HandleLidSwitchDocked=ignore
HandleLidSwitchExternalPower=ignore
EOF

cp yunohost-api.service ${pending_dir}/etc/systemd/system/yunohost-api.service
cp yunohost-portal-api.service ${pending_dir}/etc/systemd/system/yunohost-portal-api.service
cp yunohost-firewall.service ${pending_dir}/etc/systemd/system/yunohost-firewall.service
cp yunoprompt.service ${pending_dir}/etc/systemd/system/yunoprompt.service
cp proc-hidepid.service ${pending_dir}/etc/systemd/system/proc-hidepid.service
cp yunohost-api.service "$pending_dir/etc/systemd/system/yunohost-api.service"
cp yunohost-portal-api.service "$pending_dir/etc/systemd/system/yunohost-portal-api.service"
cp yunohost-firewall.service "$pending_dir/etc/systemd/system/yunohost-firewall.service"
cp yunoprompt.service "$pending_dir/etc/systemd/system/yunoprompt.service"
cp proc-hidepid.service "$pending_dir/etc/systemd/system/proc-hidepid.service"

mkdir -p ${pending_dir}/etc/dpkg/origins/
cp dpkg-origins ${pending_dir}/etc/dpkg/origins/yunohost
mkdir -p "$pending_dir/etc/dpkg/origins/"
cp dpkg-origins "$pending_dir/etc/dpkg/origins/yunohost"

# Remove legacy hackish/clumsy nodejs autoupdate which ends up filling up space with ambiguous upgrades >_>
touch "/etc/cron.daily/node_update"
Expand Down Expand Up @@ -342,7 +343,7 @@ do_post_regen() {
find /etc/cron.*/yunohost-* -type f -exec chown root:root {} \;

for USER in $(yunohost user list --quiet --output-as json | jq -r '.users | .[] | .username'); do
[ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- /home/$USER
[ ! -e "/home/$USER" ] || setfacl -m g:all_users:--- "/home/$USER"
done

# Misc configuration / state files
Expand Down Expand Up @@ -373,12 +374,12 @@ do_post_regen() {
if [[ "$regen_conf_files" =~ "yunoprompt.service" ]]; then
systemctl daemon-reload
action=$([[ -e /etc/systemd/system/yunoprompt.service ]] && echo 'enable' || echo 'disable')
systemctl $action yunoprompt --quiet --now
systemctl "$action" yunoprompt --quiet --now
fi
if [[ "$regen_conf_files" =~ "proc-hidepid.service" ]]; then
systemctl daemon-reload
action=$([[ -e /etc/systemd/system/proc-hidepid.service ]] && echo 'enable' || echo 'disable')
systemctl $action proc-hidepid --quiet --now
systemctl "$action" proc-hidepid --quiet --now
fi

systemctl enable yunohost-portal-api.service --quiet
Expand All @@ -396,4 +397,4 @@ do_post_regen() {
fi
}

do_$1_regen ${@:2}
"do_$1_regen" "${*:2}"
13 changes: 7 additions & 6 deletions hooks/conf_regen/02-ssl
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

set -e
# Exit hook on subcommand error or unset variable
set -Eeuo pipefail

ssl_dir="/usr/share/yunohost/ssl"
template_dir="/usr/share/yunohost/conf/ssl"
Expand Down Expand Up @@ -54,7 +55,7 @@ regen_local_ca() {
-keyout ca/cakey.pem \
-nodes \
-batch \
-subj /CN=${domain}/O=${domain%.*} 2>&1
-subj "/CN=${domain}/O=${domain%.*}" 2>&1

chmod 640 ca/cacert.pem
chmod 640 ca/cakey.pem
Expand Down Expand Up @@ -141,11 +142,11 @@ do_post_regen() {
chmod o+r ${ssl_dir}/certs/yunohost_crt.pem

if [[ "$current_local_ca_domain" != "$main_domain" ]]; then
regen_local_ca $main_domain
regen_local_ca "$main_domain"
# Idk how useful this is, but this was in the previous python code (domain.main_domain())
ln -sf /etc/yunohost/certs/$main_domain/crt.pem /etc/ssl/certs/yunohost_crt.pem
ln -sf /etc/yunohost/certs/$main_domain/key.pem /etc/ssl/private/yunohost_key.pem
ln -sf "/etc/yunohost/certs/$main_domain/crt.pem" /etc/ssl/certs/yunohost_crt.pem
ln -sf "/etc/yunohost/certs/$main_domain/key.pem" /etc/ssl/private/yunohost_key.pem
fi
}

do_$1_regen ${@:2}
"do_$1_regen" "${*:2}"
7 changes: 5 additions & 2 deletions hooks/conf_regen/03-ssh
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@

set -e

. /usr/share/yunohost/helpers
# Source YNH helpers
# shellcheck source=../../helpers/helpers
source /usr/share/yunohost/helpers

do_pre_regen() {
pending_dir=$1
Expand All @@ -44,6 +46,7 @@ do_post_regen() {
regen_conf_files=$1

# If no file changed, there's nothing to do

[[ -n "$regen_conf_files" ]] || return 0

# Enforce permissions for /etc/ssh/sshd_config
Expand All @@ -53,4 +56,4 @@ do_post_regen() {
systemctl restart ssh
}

do_$1_regen ${@:2}
"do_$1_regen" "${*:2}"
46 changes: 27 additions & 19 deletions hooks/conf_regen/06-slapd
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,8 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#

set -e
# Exit hook on subcommand error or unset variable
set -Eeuo pipefail

tmp_backup_dir_file="/root/slapd-backup-dir.txt"

Expand Down Expand Up @@ -101,13 +102,14 @@ do_pre_regen() {
rm -f "$tmp_backup_dir_file"

# Define if we need to migrate from hdb to mdb
curr_backend=$(grep '^database' /etc/ldap/slapd.conf 2> /dev/null | awk '{print $2}')
if [ -e /etc/ldap/slapd.conf ] && [ -n "$curr_backend" ] \
&& [ $curr_backend != 'mdb' ]; then
backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
mkdir -p "$backup_dir"
slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
echo "$backup_dir" > "$tmp_backup_dir_file"
if [ -e /etc/ldap/slapd.conf ]; then
curr_backend=$(grep '^database' /etc/ldap/slapd.conf | awk '{print $2}')
if [ "$curr_backend" != 'mdb' ]; then
backup_dir="/var/backups/dc=yunohost,dc=org-${curr_backend}-$(date +%s)"
mkdir -p "$backup_dir"
slapcat -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
echo "$backup_dir" > "$tmp_backup_dir_file"
fi
fi

# create needed directories
Expand All @@ -121,8 +123,8 @@ do_pre_regen() {
cp -a ldap.conf "$ldap_dir"
cp -a sudo.ldif mailserver.ldif permission.ldif "$schema_dir"

mkdir -p ${pending_dir}/etc/systemd/system/slapd.service.d/
cp systemd-override.conf ${pending_dir}/etc/systemd/system/slapd.service.d/ynh-override.conf
mkdir -p "$pending_dir/etc/systemd/system/slapd.service.d/"
cp systemd-override.conf "$pending_dir/etc/systemd/system/slapd.service.d/ynh-override.conf"

install -D -m 644 slapd.default "${pending_dir}/etc/default/slapd"
}
Expand All @@ -139,7 +141,9 @@ do_post_regen() {

# Fix weird scenarios where /etc/sudo-ldap.conf doesn't exists (yet is supposed to be
# created by the sudo-ldap package) : https://github.com/YunoHost/issues/issues/2091
[ -e /etc/sudo-ldap.conf ] || ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
if [ ! -e /etc/sudo-ldap.conf ]; then
ln -s /etc/ldap/ldap.conf /etc/sudo-ldap.conf
fi

# If we changed the systemd ynh-override conf
if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/slapd.service.d/ynh-override.conf$"; then
Expand All @@ -162,19 +166,23 @@ objectClass: top"
nscd -i group
fi

[ -z "$regen_conf_files" ] && exit 0
if [ -z "$regen_conf_files" ]; then
exit 0
fi

# regenerate LDAP config directory from slapd.conf
echo "Regenerate LDAP config directory from config.ldif"
_regenerate_slapd_conf

# If there's a backup, re-import its data
backup_dir=$(cat "$tmp_backup_dir_file" 2> /dev/null || true)
if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
# regenerate LDAP config directory and import database as root
echo "Import the database using slapadd"
slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
chown -R openldap:openldap /var/lib/ldap 2>&1
if [ -f "$tmp_backup_dir_file" ]; then
backup_dir=$(cat "$tmp_backup_dir_file")
if [[ -n "$backup_dir" && -f "${backup_dir}/dc=yunohost-dc=org.ldif" ]]; then
# regenerate LDAP config directory and import database as root
echo "Import the database using slapadd"
slapadd -F /etc/ldap/slapd.d -b dc=yunohost,dc=org -l "${backup_dir}/dc=yunohost-dc=org.ldif"
chown -R openldap:openldap /var/lib/ldap 2>&1
fi
fi

echo "Running slapdindex"
Expand All @@ -184,4 +192,4 @@ objectClass: top"
systemctl force-reload slapd
}

do_$1_regen ${@:2}
"do_$1_regen" "${*:2}"
Loading
Loading