forge
/
archive_hook.sh
Archived
1
0
Fork 0
Code Issues 4 Pull Requests Releases Wiki Activity
This repository has been archived on 2022-02-23. You can view files and clone it, but cannot push or open issues or pull requests.
archive_hook.sh/setup.sh

73 lines
2.5 KiB
Bash
Executable File
Raw Permalink Blame History

#! /bin/bash
# TODO: currently setup.sh assumes you're a sudoer, not root
DEST="/usr/local/bin"
# TODO: Make trigger configurable
TRIGGER=./triggers/git-build
DATABASE=./databases/unix
# Autodetect forgehook user if it's already setup
owner=$(find /usr/local/bin/forgehook -maxdepth 0 -printf '%u')
if [[ $? = 0 ]]; then
echo "[setup.sh] Found existing setup owned by user $owner. Using this user."
else
# OK it's not setup yet, maybe try a user from argument?
if [ $# -gt 0 ]; then
owner="$1"
echo "[setup.sh] Setup for user $owner"
else
# Default value
owner="forgehook"
echo "[setup.sh] No setup user found. Using default value $owner"
fi
fi
# If the user doesn't exist, create it
if ! id -u "$owner" > /dev/null 2>&1; then
# We need to create the forgehook user
echo "[setup.sh] User $owner doesn't exist yet. Creating it."
sudo useradd --create-home --shell /bin/bash --user-group --system --home-dir /opt/forgehook "$owner"
fi
# TODO: Check we can escalade privileges
# Everyone can execute (user-facing wrapper)
sudo cp bin/forgehook $DEST
sudo chown "$owner:$owner" $DEST/forgehook
# Only $owner can execute
sudo cp $DATABASE $DEST/forgehook-db
sudo chown "$owner:$owner" $DEST/forgehook-db
sudo chmod 744 $DEST/forgehook-db
# Only root should execute
sudo cp bin/forgehook-notify $DEST/forgehook-notify
sudo chown "$owner:$owner" $DEST/forgehook-notify
sudo chmod 744 $DEST/forgehook-notify
# Everyone can execute (wrapper script for build manager such as git-build)
sudo cp $TRIGGER $DEST/forgehook-trigger
sudo chown "$owner:$owner" $DEST/forgehook-trigger
sudo chmod 755 $DEST/forgehook-trigger
echo "[setup.sh] Installed forgehook to $DEST for $owner"
# Auto setup sudo rules
SUDO_SETUP=0
if ! sudo grep "forgehook-db" /etc/sudoers > /dev/null; then
SUDO_SETUP=1
# Need to open a dedicated shell through sudo or we don't have permissions
sudo sh -c "echo ALL ALL=\("$owner"\) NOPASSWD: /usr/local/bin/forgehook-db >> /etc/sudoers"
fi
if ! sudo grep "forgehook-notify" /etc/sudoers > /dev/null; then
SUDO_SETUP=1
# TODO: permission for forgehook-notify should belong to group, not user so we can give
# permission to run notifications without having access to database for 3rd party tools
# if you need a tool that has access to db please run it as forgehook user!
sudo sh -c "echo "$owner" ALL=NOPASSWD: /usr/local/bin/forgehook-notify >> /etc/sudoers"
fi
[[ $SUDO_SETUP = 1 ]] && echo "[setup.sh] sudo rules have been installed for forgehook"
Reference in New Issue View Git Blame Copy Permalink