Rename forgehook-backend -> forgehook-db
This commit is contained in:
parent
4350e43141
commit
3608b19641
|
@ -153,7 +153,7 @@ Currently, only `git-build` is supported as trigger. More may come in the future
|
|||
|
||||
## Databases
|
||||
|
||||
Databases are simple programs storing information about repository ownership, secrets and subscriptions. They may operate over an SQL or LDAP database, as long as they respect the `forgehook` CLI interface described [here](docs/cli.md). Database configuration is systemwide and there is only one database at any given moment (`/usr/local/bin/forgehook-db`) (TODO: rename forgehook-backend to forgehook-db)
|
||||
Databases are simple programs storing information about repository ownership, secrets and subscriptions. They may operate over an SQL or LDAP database, as long as they respect the `forgehook` CLI interface described [here](docs/cli.md). Database configuration is systemwide and there is only one database at any given moment (`/usr/local/bin/forgehook-db`).
|
||||
|
||||
The provided reference implementation for a forgehook database is a flat-file database managed by bash scripts, located in `databases/unix.sh`, and documented [here](docs/unix.md).
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
#! /bin/bash
|
||||
|
||||
# Auto-detect owner of forgehook-backend on current system
|
||||
# Auto-detect owner of forgehook-db on current system
|
||||
# stat has different syntax on various system so we use find
|
||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
||||
owner=$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')
|
||||
if [[ $? != 0 ]]; then
|
||||
echo "FATAL ERROR: forgehook-backend not found in /usr/local/bin"
|
||||
echo "FATAL ERROR: forgehook-db not found in /usr/local/bin"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Start the backend escalating privileges to its owner
|
||||
# TODO: introduce timeout on a dummy sudo to check sudo rules
|
||||
# are setup properly
|
||||
sudo -u "$owner" forgehook-backend $@
|
||||
sudo -u "$owner" forgehook-db $@
|
||||
|
|
|
@ -202,6 +202,7 @@ secret_cmd() {
|
|||
|
||||
owner="$(cat $db/."$rhex".owner)"
|
||||
if [[ "$owner" != "$user" ]]; then
|
||||
# TODO: when running with group forgehook, we don't exit because it's an endpoint asking
|
||||
echo "ERROR: Repository $r is owned by $owner"
|
||||
exit 1
|
||||
fi
|
13
setup.sh
13
setup.sh
|
@ -6,9 +6,10 @@ DEST="/usr/local/bin"
|
|||
|
||||
# TODO: Make trigger configurable
|
||||
TRIGGER=./backends/git-build
|
||||
DATABASE=./databases/unix
|
||||
|
||||
# Autodetect forgehook user if it's already setup
|
||||
owner=$(find /usr/local/bin/forgehook-backend -maxdepth 0 -printf '%u')
|
||||
owner=$(find /usr/local/bin/forgehook-db -maxdepth 0 -printf '%u')
|
||||
if [[ $? = 0 ]]; then
|
||||
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
||||
else
|
||||
|
@ -47,9 +48,9 @@ sudo cp bin/forgehook $DEST
|
|||
sudo chown "$owner:$owner" $DEST/forgehook
|
||||
|
||||
# Only $owner can execute
|
||||
sudo cp bin/forgehook-backend $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook-backend
|
||||
sudo chmod 744 $DEST/forgehook-backend
|
||||
sudo cp $DATABASE $DEST
|
||||
sudo chown "$owner:$owner" $DEST/forgehook-db
|
||||
sudo chmod 744 $DEST/forgehook-db
|
||||
|
||||
# Only root should execute
|
||||
sudo cp bin/forgehook-notify $DEST/forgehook-notify
|
||||
|
@ -65,10 +66,10 @@ echo "[setup.sh] Installed forgehook to $DEST for $owner"
|
|||
|
||||
# Auto setup sudo rules
|
||||
SUDO_SETUP=0
|
||||
if ! sudo grep "forgehook-backend" /etc/sudoers > /dev/null; then
|
||||
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
|
||||
SUDO_SETUP=1
|
||||
# Need to open a dedicated shell through sudo or we don't have permissions
|
||||
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-backend >> /etc/sudoers"
|
||||
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
|
||||
fi
|
||||
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
|
||||
SUDO_SETUP=1
|
||||
|
|
Reference in New Issue