Rename forgehook-backend -> forgehook-db
This commit is contained in:
parent
4350e43141
commit
3608b19641
|
@ -153,7 +153,7 @@ Currently, only `git-build` is supported as trigger. More may come in the future
|
||||||
|
|
||||||
## Databases
|
## Databases
|
||||||
|
|
||||||
Databases are simple programs storing information about repository ownership, secrets and subscriptions. They may operate over an SQL or LDAP database, as long as they respect the `forgehook` CLI interface described [here](docs/cli.md). Database configuration is systemwide and there is only one database at any given moment (`/usr/local/bin/forgehook-db`) (TODO: rename forgehook-backend to forgehook-db)
|
Databases are simple programs storing information about repository ownership, secrets and subscriptions. They may operate over an SQL or LDAP database, as long as they respect the `forgehook` CLI interface described [here](docs/cli.md). Database configuration is systemwide and there is only one database at any given moment (`/usr/local/bin/forgehook-db`).
|
||||||
|
|
||||||
The provided reference implementation for a forgehook database is a flat-file database managed by bash scripts, located in `databases/unix.sh`, and documented [here](docs/unix.md).
|
The provided reference implementation for a forgehook database is a flat-file database managed by bash scripts, located in `databases/unix.sh`, and documented [here](docs/unix.md).
|
||||||
|
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
#! /bin/bash
|
#! /bin/bash
|
||||||
|
|
||||||
# Auto-detect owner of forgehook-backend on current system
|
# Auto-detect owner of forgehook-db on current system
|
||||||
# stat has different syntax on various system so we use find
|
# stat has different syntax on various system so we use find
|
||||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
owner=$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')
|
||||||
if [[ $? != 0 ]]; then
|
if [[ $? != 0 ]]; then
|
||||||
echo "FATAL ERROR: forgehook-backend not found in /usr/local/bin"
|
echo "FATAL ERROR: forgehook-db not found in /usr/local/bin"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Start the backend escalating privileges to its owner
|
# Start the backend escalating privileges to its owner
|
||||||
# TODO: introduce timeout on a dummy sudo to check sudo rules
|
# TODO: introduce timeout on a dummy sudo to check sudo rules
|
||||||
# are setup properly
|
# are setup properly
|
||||||
sudo -u "$owner" forgehook-backend $@
|
sudo -u "$owner" forgehook-db $@
|
||||||
|
|
|
@ -202,6 +202,7 @@ secret_cmd() {
|
||||||
|
|
||||||
owner="$(cat $db/."$rhex".owner)"
|
owner="$(cat $db/."$rhex".owner)"
|
||||||
if [[ "$owner" != "$user" ]]; then
|
if [[ "$owner" != "$user" ]]; then
|
||||||
|
# TODO: when running with group forgehook, we don't exit because it's an endpoint asking
|
||||||
echo "ERROR: Repository $r is owned by $owner"
|
echo "ERROR: Repository $r is owned by $owner"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
13
setup.sh
13
setup.sh
|
@ -6,9 +6,10 @@ DEST="/usr/local/bin"
|
||||||
|
|
||||||
# TODO: Make trigger configurable
|
# TODO: Make trigger configurable
|
||||||
TRIGGER=./backends/git-build
|
TRIGGER=./backends/git-build
|
||||||
|
DATABASE=./databases/unix
|
||||||
|
|
||||||
# Autodetect forgehook user if it's already setup
|
# Autodetect forgehook user if it's already setup
|
||||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
owner=$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')
|
||||||
if [[ $? = 0 ]]; then
|
if [[ $? = 0 ]]; then
|
||||||
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
||||||
else
|
else
|
||||||
|
@ -47,9 +48,9 @@ sudo cp bin/forgehook $DEST
|
||||||
sudo chown "$owner:$owner" $DEST/forgehook
|
sudo chown "$owner:$owner" $DEST/forgehook
|
||||||
|
|
||||||
# Only $owner can execute
|
# Only $owner can execute
|
||||||
sudo cp bin/forgehook-backend $DEST
|
sudo cp $DATABASE $DEST
|
||||||
sudo chown "$owner:$owner" $DEST/forgehook-backend
|
sudo chown "$owner:$owner" $DEST/forgehook-db
|
||||||
sudo chmod 744 $DEST/forgehook-backend
|
sudo chmod 744 $DEST/forgehook-db
|
||||||
|
|
||||||
# Only root should execute
|
# Only root should execute
|
||||||
sudo cp bin/forgehook-notify $DEST/forgehook-notify
|
sudo cp bin/forgehook-notify $DEST/forgehook-notify
|
||||||
|
@ -65,10 +66,10 @@ echo "[setup.sh] Installed forgehook to $DEST for $owner"
|
||||||
|
|
||||||
# Auto setup sudo rules
|
# Auto setup sudo rules
|
||||||
SUDO_SETUP=0
|
SUDO_SETUP=0
|
||||||
if ! sudo grep "forgehook-backend" /etc/sudoers > /dev/null; then
|
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
|
||||||
SUDO_SETUP=1
|
SUDO_SETUP=1
|
||||||
# Need to open a dedicated shell through sudo or we don't have permissions
|
# Need to open a dedicated shell through sudo or we don't have permissions
|
||||||
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-backend >> /etc/sudoers"
|
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
|
||||||
fi
|
fi
|
||||||
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
|
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
|
||||||
SUDO_SETUP=1
|
SUDO_SETUP=1
|
||||||
|
|
Reference in New Issue