archive_hook.sh/setup.sh

#! /bin/bash

# TODO: currently setup.sh assumes you're a sudoer, not root

DEST="/usr/local/bin"

# TODO: Make trigger configurable
TRIGGER=./triggers/git-build
DATABASE=./databases/unix

# Autodetect forgehook user if it's already setup
owner=$(find /usr/local/bin/forgehook -maxdepth 0 -printf '%u')
if [[ $? = 0 ]]; then
    echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
else
    # OK it's not setup yet, maybe try a user from argument?
    if [ $# -gt 0 ]; then
        owner="$1"
        echo "[setup.sh] Setup for user $owner"
    else
        # Default value
        owner="forgehook"
        echo "[setup.sh] No setup user found. Using default value $owner"
    fi
fi

# If the user doesn't exist, create it
if ! id -u "$owner" > /dev/null 2>&1; then
    # We need to create the forgehook user
    echo "[setup.sh] User $owner doesn't exist yet. Creating it."
    sudo useradd --create-home --shell /bin/bash --user-group --system --home-dir /opt/forgehook "$owner"
fi

# TODO: Check we can escalade privileges

# Everyone can execute (user-facing wrapper)
sudo cp bin/forgehook $DEST
sudo chown "$owner:$owner" $DEST/forgehook

# Only $owner can execute
sudo cp $DATABASE $DEST/forgehook-db
sudo chown "$owner:$owner" $DEST/forgehook-db
sudo chmod 744 $DEST/forgehook-db

# Only root should execute
sudo cp bin/forgehook-notify $DEST/forgehook-notify
sudo chown "$owner:$owner" $DEST/forgehook-notify
sudo chmod 744 $DEST/forgehook-notify

# Everyone can execute (wrapper script for build manager such as git-build)
sudo cp $TRIGGER $DEST/forgehook-trigger
sudo chown "$owner:$owner" $DEST/forgehook-trigger
sudo chmod 755 $DEST/forgehook-trigger

echo "[setup.sh] Installed forgehook to $DEST for $owner"

# Auto setup sudo rules
SUDO_SETUP=0
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
    SUDO_SETUP=1
    # Need to open a dedicated shell through sudo or we don't have permissions
    sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
fi
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
    SUDO_SETUP=1
    # TODO: permission for forgehook-notify should belong to group, not user so we can give
    # permission to run notifications without having access to database for 3rd party tools
    # if you need a tool that has access to db please run it as forgehook user!
    sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
fi

[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"
User-facing scripts 2020-04-26 22:08:08 +00:00			`#! /bin/bash`

Introduce webhook-backend-run and make sure scripts are user-agnostic 2020-04-27 14:27:45 +00:00			`# TODO: currently setup.sh assumes you're a sudoer, not root`

User-facing scripts 2020-04-26 22:08:08 +00:00			`DEST="/usr/local/bin"`
Configurable forgehook user 2020-04-27 15:02:11 +00:00
Rename forgehook-run-backend -> forgehook-trigger 2020-04-28 09:26:19 +00:00			`# TODO: Make trigger configurable`
Renaming stuff 2020-04-28 09:39:44 +00:00			`TRIGGER=./triggers/git-build`
Rename forgehook-backend -> forgehook-db 2020-04-28 09:36:29 +00:00			`DATABASE=./databases/unix`
Move things in subfolders 2020-04-27 15:58:17 +00:00
Configurable forgehook user 2020-04-27 15:02:11 +00:00			`# Autodetect forgehook user if it's already setup`
Fix some names 2020-04-28 09:54:52 +00:00			`owner=$(find /usr/local/bin/forgehook -maxdepth 0 -printf '%u')`
Configurable forgehook user 2020-04-27 15:02:11 +00:00			`if [[ $? = 0 ]]; then`
			`echo "[setup.sh] Found existing setup owned by user $owner. Using this user."`
			`else`
			`# OK it's not setup yet, maybe try a user from argument?`
			`if [ $# -gt 0 ]; then`
			`owner="$1"`
			`echo "[setup.sh] Setup for user $owner"`
			`else`
setup: create user when needed and fix sudo autosetup 2020-04-27 15:52:06 +00:00			`# Default value`
Configurable forgehook user 2020-04-27 15:02:11 +00:00			`owner="forgehook"`
			`echo "[setup.sh] No setup user found. Using default value $owner"`
			`fi`
			`fi`
User-facing scripts 2020-04-26 22:08:08 +00:00
setup: create user when needed and fix sudo autosetup 2020-04-27 15:52:06 +00:00			`# If the user doesn't exist, create it`
			`if ! id -u "$owner" > /dev/null 2>&1; then`
			`# We need to create the forgehook user`
			`echo "[setup.sh] User $owner doesn't exist yet. Creating it."`
			`sudo useradd --create-home --shell /bin/bash --user-group --system --home-dir /opt/forgehook "$owner"`
			`fi`

Configurable forgehook user 2020-04-27 15:02:11 +00:00			`# TODO: Check we can escalade privileges`

Introduce webhook-backend-run and make sure scripts are user-agnostic 2020-04-27 14:27:45 +00:00			`# Everyone can execute (user-facing wrapper)`
Move things in subfolders 2020-04-27 15:58:17 +00:00			`sudo cp bin/forgehook $DEST`
Start rename to forgehook 2020-04-27 15:23:42 +00:00			`sudo chown "$owner:$owner" $DEST/forgehook`
Introduce webhook-backend-run and make sure scripts are user-agnostic 2020-04-27 14:27:45 +00:00
			`# Only $owner can execute`
Fix some names 2020-04-28 09:54:52 +00:00			`sudo cp $DATABASE $DEST/forgehook-db`
Rename forgehook-backend -> forgehook-db 2020-04-28 09:36:29 +00:00			`sudo chown "$owner:$owner" $DEST/forgehook-db`
			`sudo chmod 744 $DEST/forgehook-db`
User-facing scripts 2020-04-26 22:08:08 +00:00
Introduce webhook-backend-run and make sure scripts are user-agnostic 2020-04-27 14:27:45 +00:00			`# Only root should execute`
Rename forgehook-run -> forgehook-notify 2020-04-28 09:31:49 +00:00			`sudo cp bin/forgehook-notify $DEST/forgehook-notify`
			`sudo chown "$owner:$owner" $DEST/forgehook-notify`
			`sudo chmod 744 $DEST/forgehook-notify`
User-facing scripts 2020-04-26 22:08:08 +00:00
Introduce webhook-backend-run and make sure scripts are user-agnostic 2020-04-27 14:27:45 +00:00			`# Everyone can execute (wrapper script for build manager such as git-build)`
Rename forgehook-run-backend -> forgehook-trigger 2020-04-28 09:26:19 +00:00			`sudo cp $TRIGGER $DEST/forgehook-trigger`
			`sudo chown "$owner:$owner" $DEST/forgehook-trigger`
			`sudo chmod 755 $DEST/forgehook-trigger`
User-facing scripts 2020-04-26 22:08:08 +00:00
Start rename to forgehook 2020-04-27 15:23:42 +00:00			`echo "[setup.sh] Installed forgehook to $DEST for $owner"`
User-facing scripts 2020-04-26 22:08:08 +00:00
Auto-sudo setup and better messages 2020-04-27 15:08:33 +00:00			`# Auto setup sudo rules`
			`SUDO_SETUP=0`
Rename forgehook-backend -> forgehook-db 2020-04-28 09:36:29 +00:00			`if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then`
Auto-sudo setup and better messages 2020-04-27 15:08:33 +00:00			`SUDO_SETUP=1`
setup: create user when needed and fix sudo autosetup 2020-04-27 15:52:06 +00:00			`# Need to open a dedicated shell through sudo or we don't have permissions`
Rename forgehook-backend -> forgehook-db 2020-04-28 09:36:29 +00:00			`sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"`
User-facing scripts 2020-04-26 22:08:08 +00:00			`fi`
Rename forgehook-run -> forgehook-notify 2020-04-28 09:31:49 +00:00			`if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then`
Auto-sudo setup and better messages 2020-04-27 15:08:33 +00:00			`SUDO_SETUP=1`
Rename forgehook-run -> forgehook-notify 2020-04-28 09:31:49 +00:00			`# TODO: permission for forgehook-notify should belong to group, not user so we can give`
			`# permission to run notifications without having access to database for 3rd party tools`
			`# if you need a tool that has access to db please run it as forgehook user!`
			`sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"`
Auto-sudo setup and better messages 2020-04-27 15:08:33 +00:00			`fi`

Start rename to forgehook 2020-04-27 15:23:42 +00:00			`[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"`