73 lines
2.5 KiB
Bash
Executable File
73 lines
2.5 KiB
Bash
Executable File
#! /bin/bash
|
|
|
|
# TODO: currently setup.sh assumes you're a sudoer, not root
|
|
|
|
DEST="/usr/local/bin"
|
|
|
|
# TODO: Make trigger configurable
|
|
TRIGGER=./triggers/git-build
|
|
DATABASE=./databases/unix
|
|
|
|
# Autodetect forgehook user if it's already setup
|
|
owner=$(find /usr/local/bin/forgehook -maxdepth 0 -printf '%u')
|
|
if [[ $? = 0 ]]; then
|
|
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
|
|
else
|
|
# OK it's not setup yet, maybe try a user from argument?
|
|
if [ $# -gt 0 ]; then
|
|
owner="$1"
|
|
echo "[setup.sh] Setup for user $owner"
|
|
else
|
|
# Default value
|
|
owner="forgehook"
|
|
echo "[setup.sh] No setup user found. Using default value $owner"
|
|
fi
|
|
fi
|
|
|
|
# If the user doesn't exist, create it
|
|
if ! id -u "$owner" > /dev/null 2>&1; then
|
|
# We need to create the forgehook user
|
|
echo "[setup.sh] User $owner doesn't exist yet. Creating it."
|
|
sudo useradd --create-home --shell /bin/bash --user-group --system --home-dir /opt/forgehook "$owner"
|
|
fi
|
|
|
|
# TODO: Check we can escalade privileges
|
|
|
|
# Everyone can execute (user-facing wrapper)
|
|
sudo cp bin/forgehook $DEST
|
|
sudo chown "$owner:$owner" $DEST/forgehook
|
|
|
|
# Only $owner can execute
|
|
sudo cp $DATABASE $DEST/forgehook-db
|
|
sudo chown "$owner:$owner" $DEST/forgehook-db
|
|
sudo chmod 744 $DEST/forgehook-db
|
|
|
|
# Only root should execute
|
|
sudo cp bin/forgehook-notify $DEST/forgehook-notify
|
|
sudo chown "$owner:$owner" $DEST/forgehook-notify
|
|
sudo chmod 744 $DEST/forgehook-notify
|
|
|
|
# Everyone can execute (wrapper script for build manager such as git-build)
|
|
sudo cp $TRIGGER $DEST/forgehook-trigger
|
|
sudo chown "$owner:$owner" $DEST/forgehook-trigger
|
|
sudo chmod 755 $DEST/forgehook-trigger
|
|
|
|
echo "[setup.sh] Installed forgehook to $DEST for $owner"
|
|
|
|
# Auto setup sudo rules
|
|
SUDO_SETUP=0
|
|
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
|
|
SUDO_SETUP=1
|
|
# Need to open a dedicated shell through sudo or we don't have permissions
|
|
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
|
|
fi
|
|
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
|
|
SUDO_SETUP=1
|
|
# TODO: permission for forgehook-notify should belong to group, not user so we can give
|
|
# permission to run notifications without having access to database for 3rd party tools
|
|
# if you need a tool that has access to db please run it as forgehook user!
|
|
sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
|
|
fi
|
|
|
|
[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"
|