forge
/
archive_hook.sh
Archived
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity

Rename forgehook-run -> forgehook-notify

This commit is contained in:
southerntofu 2020-04-28 11:31:49 +02:00
parent bef0f0dd25
commit 2c011a71df
3 changed files with 15 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -115,7 +115,7 @@ There are two [entry points](https://en.wikipedia.org/wiki/Entry_point) for the
- a user running the `forgehook` script to manage their subscriptions/secrets
- an endpoint running `forgehook-notify` (TODO: rename forgehook-run to forgehook-notify) to announce a legitimate update was received for a remote
- an endpoint running `forgehook-notify` to announce a legitimate update was received for a remote
`forgehook-notify` takes the URL of the updated repository as argument, checks for current user subscription, and runs the trigger backend `/usr/local/bin/forgehook-trigger-backend` as each user currently subscribed. The forgehook CLI interface is further described [here](docs/cli.md).
@ -160,3 +160,7 @@ The provided reference implementation for a forgehook database is a flat-file da
# Security
TODO: Explain sudo tricks and suggest everyone should read the code in its entirely because it's brief
# FAQ
See [docs/faq.md](docs/faq.md)

4
bin/forgehook-run → bin/forgehook-notify
View File

@ -5,7 +5,7 @@ if [[ $EUID != 0 ]]; then
# Let's not forget to define the db while we have forgehook $USER
# TODO: replace with ~/database
db=$HOME/webhooks
sudo forgehook-run $@
sudo forgehook-notify $@
exit $?
fi
@ -16,7 +16,7 @@ fi
# We only take one argument!
if [[ $# != 1 ]]; then
echo "FATAL ERROR: forgehook-run can't deal with $# argument(s) (BUG)"
echo "FATAL ERROR: forgehook-notify can't deal with $# argument(s) (BUG)"
[[ $# != 0 ]] && echo "Found arguments: "$@""
exit 1
fi

13
setup.sh
View File

@ -52,9 +52,9 @@ sudo chown "$owner:$owner" $DEST/forgehook-backend
sudo chmod 744 $DEST/forgehook-backend
# Only root should execute
sudo cp bin/forgehook-run $DEST
sudo chown "$owner:$owner" $DEST/forgehook-run
sudo chmod 744 $DEST/forgehook-run
sudo cp bin/forgehook-notify $DEST/forgehook-notify
sudo chown "$owner:$owner" $DEST/forgehook-notify
sudo chmod 744 $DEST/forgehook-notify
# Everyone can execute (wrapper script for build manager such as git-build)
sudo cp $TRIGGER $DEST/forgehook-trigger
@ -70,9 +70,12 @@ if ! sudo grep "forgehook-backend" /etc/sudoers > /dev/null; then
# Need to open a dedicated shell through sudo or we don't have permissions
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-backend >> /etc/sudoers"
fi
if ! sudo grep "forgehook-run" /etc/sudoers > /dev/null; then
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
SUDO_SETUP=1
sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-run >> /etc/sudoers"
# TODO: permission for forgehook-notify should belong to group, not user so we can give
# permission to run notifications without having access to database for 3rd party tools
# if you need a tool that has access to db please run it as forgehook user!
sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
fi
[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"