Start rename to forgehook
This commit is contained in:
parent
2024563034
commit
1d3740227b
|
@ -1,14 +1,14 @@
|
|||
#! /bin/bash
|
||||
|
||||
# Auto-detect owner of webhook-backend on current system
|
||||
# Auto-detect owner of forgehook-backend on current system
|
||||
# stat has different syntax on various system so we use find
|
||||
owner=$(find /usr/local/bin/webhook-backend -maxdepth 0 -printf '%u')
|
||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
||||
if [[ $? != 0 ]]; then
|
||||
echo "FATAL ERROR: webhook-backend not found in /usr/local/bin"
|
||||
echo "FATAL ERROR: forgehook-backend not found in /usr/local/bin"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Start the backend escalating privileges to its owner
|
||||
# TODO: introduce timeout on a dummy sudo to check sudo rules
|
||||
# are setup properly
|
||||
sudo -u "$owner" webhook-backend $@
|
||||
sudo -u "$owner" forgehook-backend $@
|
|
@ -1,5 +1,6 @@
|
|||
#! /bin/bash
|
||||
|
||||
# TODO: replace with ~/database
|
||||
db="$HOME/webhooks"
|
||||
|
||||
# Make sure we don't fallback to a simple "*.foo" when no files matched the glob pattern
|
||||
|
@ -66,7 +67,7 @@ add_cmd() {
|
|||
# Check if the repository is already registered
|
||||
if [ -f "$db/.$rhex.owner" ]; then
|
||||
# If it is, we try to subscribe instead
|
||||
echo "[webhook] This repository is already registered, subscribing to it."
|
||||
echo "[forgehook] This repository is already registered, subscribing to it."
|
||||
subscribe_cmd "$r"
|
||||
exit $?
|
||||
fi
|
||||
|
@ -94,7 +95,7 @@ add_cmd() {
|
|||
secret="$2"
|
||||
fi
|
||||
echo "$secret" > $db/."$rhex".secret
|
||||
echo "[webhook] Your secret for $r is now:"
|
||||
echo "[forgehook] Your secret for $r is now:"
|
||||
echo "$secret"
|
||||
subscribe_cmd "$r"
|
||||
}
|
||||
|
@ -134,7 +135,7 @@ remove_cmd() {
|
|||
rm $db/."$rhex".secret
|
||||
# Do not fail if there are no more subscriptions
|
||||
rm -f $db/"$rhex".*
|
||||
echo "[webhook] Successfully removed $r"
|
||||
echo "[forgehook] Successfully removed $r"
|
||||
}
|
||||
|
||||
subscribe_cmd() {
|
||||
|
@ -148,18 +149,18 @@ subscribe_cmd() {
|
|||
|
||||
if [ ! -f $db/."$rhex".owner ]; then
|
||||
echo "ERROR: Repository $r hasn't been added yet, maybe try:"
|
||||
echo "webhook add \"$r\""
|
||||
echo "forgehook add \"$r\""
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -f $db/"$rhex"."$user" ]; then
|
||||
echo "[webhook] You are already subscribed to $r"
|
||||
echo "[forgehook] You are already subscribed to $r"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
touch $db/"$rhex"."$user"
|
||||
owner="$(cat $db/."$rhex".owner)"
|
||||
echo "[webhook] Subscribed to $r (owner: $owner)"
|
||||
echo "[forgehook] Subscribed to $r (owner: $owner)"
|
||||
}
|
||||
|
||||
unsubscribe_cmd() {
|
||||
|
@ -172,7 +173,7 @@ unsubscribe_cmd() {
|
|||
rhex="$(from_url "$r")"
|
||||
|
||||
if [ ! -f $db/."$rhex".owner ]; then
|
||||
echo "ERROR: Repository $r hasn't been added yet, cannot unsubscribe. Run webhook without argument to list your repositories"
|
||||
echo "ERROR: Repository $r hasn't been added yet, cannot unsubscribe. Run forgehook without argument to list your repositories"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -182,7 +183,7 @@ unsubscribe_cmd() {
|
|||
fi
|
||||
|
||||
rm $db/"$rhex"."$user"
|
||||
echo "[webhook] Successfully unsubscribed from $r"
|
||||
echo "[forgehook] Successfully unsubscribed from $r"
|
||||
}
|
||||
|
||||
secret_cmd() {
|
||||
|
@ -195,7 +196,7 @@ secret_cmd() {
|
|||
rhex="$(from_url "$r")"
|
||||
|
||||
if [ ! -f $db/."$rhex".owner ]; then
|
||||
echo "ERROR: Repository $r hasn't been added yet. Run webhook without argument to list your repositories"
|
||||
echo "ERROR: Repository $r hasn't been added yet. Run forgehook without argument to list your repositories"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
@ -208,7 +209,7 @@ secret_cmd() {
|
|||
if [ $# -gt 1 ]; then
|
||||
secret="$2"
|
||||
echo "$secret" > "$db/.$rhex.secret"
|
||||
echo "[webhook] Your secret for $r is now:"
|
||||
echo "[forgehook] Your secret for $r is now:"
|
||||
echo "$secret"
|
||||
exit 0
|
||||
fi
|
|
@ -3,8 +3,9 @@
|
|||
if [[ $EUID != 0 ]]; then
|
||||
# We're not root... yet!
|
||||
# Let's not forget to define the db while we have forgehook $USER
|
||||
# TODO: replace with ~/database
|
||||
db=$HOME/webhooks
|
||||
sudo webhook-run $@
|
||||
sudo forgehook-run $@
|
||||
exit $?
|
||||
fi
|
||||
|
||||
|
@ -15,7 +16,7 @@ fi
|
|||
|
||||
# We only take one argument!
|
||||
if [[ $# != 1 ]]; then
|
||||
echo "FATAL ERROR: webhook-run can't deal with $# argument(s) (BUG)"
|
||||
echo "FATAL ERROR: forgehook-run can't deal with $# argument(s) (BUG)"
|
||||
[[ $# != 0 ]] && echo "Found arguments: "$@""
|
||||
exit 1
|
||||
fi
|
||||
|
@ -35,5 +36,5 @@ for i in $db/"$rhex".*; do
|
|||
user="$(basename "$i")"
|
||||
user="${user#$rhex.}"
|
||||
|
||||
sudo -u "$user" webhook-run-backend "$1"
|
||||
sudo -u "$user" forgehook-run-backend "$1"
|
||||
done
|
41
setup.sh
41
setup.sh
|
@ -5,7 +5,7 @@
|
|||
DEST="/usr/local/bin"
|
||||
|
||||
# Autodetect forgehook user if it's already setup
|
||||
owner=$(find /usr/local/bin/webhook-backend -maxdepth 0 -printf '%u')
|
||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
||||
if [[ $? = 0 ]]; then
|
||||
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
||||
else
|
||||
|
@ -20,10 +20,7 @@ else
|
|||
fi
|
||||
|
||||
# TODO: Detect if user has UID > 1000 so if it's a real user we refuse to setup
|
||||
# and try to escalate to generate a dedicated account. Maybe also check for ownership
|
||||
# of $DEST/webhook so if there's already a setup we escalate privileges to this user
|
||||
# for setup?
|
||||
|
||||
# and try to escalate to generate a dedicated account.
|
||||
# Please don't run me as root!
|
||||
if [[ $EUID = 0 ]]; then
|
||||
# TODO: Setup prompt to ask for new user to create and destination folder
|
||||
|
@ -34,35 +31,35 @@ fi
|
|||
# TODO: Check we can escalade privileges
|
||||
|
||||
# Everyone can execute (user-facing wrapper)
|
||||
sudo cp webhook $DEST
|
||||
sudo chown "$owner:$owner" $DEST/webhook
|
||||
sudo cp forgehook $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook
|
||||
|
||||
# Only $owner can execute
|
||||
sudo cp webhook-backend $DEST
|
||||
sudo chown "$owner:$owner" $DEST/webhook-backend
|
||||
sudo chmod 744 $DEST/webhook-backend
|
||||
sudo cp forgehook-backend $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook-backend
|
||||
sudo chmod 744 $DEST/forgehook-backend
|
||||
|
||||
# Only root should execute
|
||||
sudo cp webhook-run $DEST
|
||||
sudo chown "$owner:$owner" $DEST/webhook-run
|
||||
sudo chmod 744 $DEST/webhook-run
|
||||
sudo cp forgehook-run $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook-run
|
||||
sudo chmod 744 $DEST/forgehook-run
|
||||
|
||||
# Everyone can execute (wrapper script for build manager such as git-build)
|
||||
sudo cp webhook-run-backend $DEST
|
||||
sudo chown "$owner:$owner" $DEST/webhook-run-backend
|
||||
sudo chmod 755 $DEST/webhook-run-backend
|
||||
sudo cp forgehook-run-backend $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook-run-backend
|
||||
sudo chmod 755 $DEST/forgehook-run-backend
|
||||
|
||||
echo "[setup.sh] Installed webhook to $DEST for $owner"
|
||||
echo "[setup.sh] Installed forgehook to $DEST for $owner"
|
||||
|
||||
# Auto setup sudo rules
|
||||
SUDO_SETUP=0
|
||||
if ! sudo grep "webhook-backend" /etc/sudoers > /dev/null; then
|
||||
if ! sudo grep "forgehook-backend" /etc/sudoers > /dev/null; then
|
||||
SUDO_SETUP=1
|
||||
sudo echo "ALL ALL=($owner) NOPASSWD: /usr/local/bin/webhook-backend" >> /etc/sudoers
|
||||
sudo echo "ALL ALL=($owner) NOPASSWD: /usr/local/bin/forgehook-backend" >> /etc/sudoers
|
||||
fi
|
||||
if ! sudo grep "webhook-run" /etc/sudoers > /dev/null; then
|
||||
if ! sudo grep "forgehook-run" /etc/sudoers > /dev/null; then
|
||||
SUDO_SETUP=1
|
||||
sudo echo "$owner ALL=NOPASSWD: /usr/local/bin/webhook-run" >> /etc/sudoers
|
||||
sudo echo "$owner ALL=NOPASSWD: /usr/local/bin/forgehook-run" >> /etc/sudoers
|
||||
fi
|
||||
|
||||
[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for webhook"
|
||||
[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"
|
||||
|
|
Reference in New Issue