forked from fossology/fossology
-
Notifications
You must be signed in to change notification settings - Fork 0
/
fo-postinstall.in
331 lines (285 loc) · 11.2 KB
/
fo-postinstall.in
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
#!/bin/bash
# FOSSology postinstall script
# Copyright (C) 2008-2013 Hewlett-Packard Development Company, L.P.
# Copyright (C) 2015 Siemens AG
#
# This script is for things that need to be done on the runtime system
# after we've installed the bits on the filesystem. It needs to be
# idempotent, meaning that running it repeatedly will still do the
# right thing, regardless of the success of previous runs.
## Options parsing and setup
# parse options
# set -x
OPTS=`getopt -o adwseolch --long agent,database,web-only,scheduler-only,everything,overwrite,licenseref,common,help -n 'fo-postinstall' -- "$@"`
if [ $? != 0 ]; then
echo "ERROR: Bad option specified."
OPTS="--help"
fi
eval set -- "$OPTS"
# if no options or just -o then do everything
if [ "$OPTS" = " --" -o "$OPTS" = " -o --" ]; then
EVERYTHING=1
fi
while true; do
case "$1" in
-a|--agent) AGENT=1; shift;;
-d|--database) DATABASE=1; shift;;
-w|--web-only) WEBONLY=1; shift;;
-s|--scheduler-only) SCHEDULERONLY=1; shift;;
-e|--everything) EVERYTHING=1; shift;;
-o|--overwrite) OVERWRITE=1; shift;;
-l|--licenseref) LICENSEREF=1; shift;;
-c|--common) COMMON=1; shift;;
-h|--help)
echo "Usage: fo-postinstall [options]";
echo " -a or --agent : agent specific actions"
echo " -d or --database : Create the FOSSology database"
echo " -w or --web-only : web interface specific actions"
echo " -s or --scheduler-only : scheduler specific actions"
echo " -e or --everything : all actions, default"
echo " -o or --overwrite : overwrite config files with new versions"
echo " -l or --licenseref : update the license_ref table with fossology supplied licenses"
echo " -c or --common : common actions"
echo " -h or --help : this help text"
echo " Special options"
echo " --web-only : web, but exclude normal agent actions"
echo " --scheduler-only : scheduler, but exclude normal agent actions"
exit;;
--) shift; break;;
*) echo "Error: option $1 not recognised"; exit 1;;
esac
done
# the scheduler and web machines needs the agent stuff done too
if [ $SCHEDULER ]; then
SCHEDULERONLY=1
fi
if [ $EVERYTHING ]; then
echo "*** Running postinstall for everything ***"
COMMON=1
SCHEDULERONLY=1
AGENT=1
DATABASE=1
WEBONLY=1
LICENSEREF=1
fi
onlyAllowedAsRoot() \{
# This must run as root.
if [ `id -u` != "0" ] ; then
echo "ERROR: fo-postinstall must run as root."
echo "Aborting."
exit 1
fi
\}
readConfigVal() \{
local line="$1"
local key="$2"
local out="$3"
[[ "$out" =~ ^[a-zA-Z]+$ ]] || \{ echo "FATAL: bad parameters to readConfigVal: $@"; exit 1; \}
if [[ $line =~ ^[[:space:]]*${key}[[:space:]]*\=[[:space:]]*([^[:space:]\']*) ]]; then
eval "$out='$\{BASH_REMATCH[1]\}'"
fi
\}
setValueInSection() \{
echo "NOTE: writing $2=$3 in section $4 of $1"
sed -e "s/\[$4\]/[$4]\n$2=$3/" -i.bak "$1"
\}
confFile="{$SYSCONFDIR}/fossology.conf"
if [ -e "$confFile" ] ; then
while read line; do
readConfigVal "$line" path REPO
readConfigVal "$line" PROJECTGROUP PROJECTGROUP
done < "$confFile"
[[ $PROJECTGROUP =~ ^[a-z0-9]*$ ]] || \{ echo "ERROR: bad value for PROJECTGROUP in config"; exit 2; \}
else
echo "ERROR: Cannot find $confFile"
exit 1
fi
if [ $COMMON ]; then
onlyAllowedAsRoot
echo "*** Running postinstall for common actions***"
## check path to repo
[[ $REPO ]] || \{
echo "ERROR: path is not set in $confFile"
exit 1
\}
## set default PROJECTGROUP if not set
[[ $PROJECTGROUP ]] || \{
setValueInSection "$confFile" PROJECTGROUP {$PROJECTGROUP} 'DIRECTORIES'
PROJECTGROUP="{$PROJECTGROUP}"
\}
## create user and group
# Because we are doing these by name, in the multi-machine install case
# we may end up with uid/gid being different across machines. This will
# either need to be fixed by hand or with NFSv4 you can use rpc.idmapd
# to do uid/gid mapping. More details will be provided in the multi-machine
# documentation.
# Make sure the user and group exist, if not then create
echo "*** Creating user and group ***"
# check for group
if grep -q "^$PROJECTGROUP:" /etc/group; then
echo "NOTE: group '$PROJECTGROUP' already exists, good."
else
# use addgroup if it exists since it supports --system
if [ -f /usr/sbin/addgroup -a ! -L /usr/sbin/addgroup ]; then
addgroup --system $PROJECTGROUP
else
groupadd $PROJECTGROUP
fi
if [ "$?" != "0" ] ; then
echo "ERROR: Unable to create group '$PROJECTGROUP'"
exit 1
else
echo "NOTE: group '$PROJECTGROUP' created"
fi
fi
# check for user
if grep -q "^{$PROJECTUSER}:" /etc/passwd; then
echo "NOTE: user '{$PROJECTUSER}' already exists, good."
USERSHELL=`grep "^{$PROJECTUSER}:" /etc/passwd |cut -d: -f 7`
if [ "$USERSHELL" = "/bin/false" ]; then
echo "ERROR: {$PROJECTUSER} shell must be a real shell"
exit 1
fi
USERHOME=`grep "^{$PROJECTUSER}:" /etc/passwd |cut -d: -f 6`
if [ "$USERHOME" != "/home/{$PROJECTUSER}" ]; then
echo "NOTE: change user '{$PROJECTUSER}' homedir from $USERHOME to /home/{$PROJECTUSER}."
mkdir -p /home/{$PROJECTUSER}
chown {$PROJECTUSER}:{$PROJECTUSER} /home/{$PROJECTUSER}
usermod -d /home/{$PROJECTUSER} {$PROJECTUSER}
fi
else
# ensure that the full parent path of the HOME exists first
mkdir -p $\{REPO%/*/*\}
# use adduser if it exists since it supports --system, but
# not if it's a symlink (probably to /usr/sbin/useradd)
if [ -f /usr/sbin/adduser -a ! -L /usr/sbin/adduser ]; then
adduser --gecos "{$PROJECT}" --ingroup $PROJECTGROUP --system \
--shell /bin/bash {$PROJECTUSER}
else
useradd -c "{$PROJECT}" -g $PROJECTGROUP -m \
-s /bin/bash {$PROJECTUSER}
fi
if [ "$?" != "0" ] ; then
echo "ERROR: Unable to create user '{$PROJECTUSER}'"
exit 1
else
echo "NOTE: user '{$PROJECTUSER}' created"
fi
fi
## check for existance/ownership/permissions of needed directories
echo "*** Making sure needed dirs exist with right ownership/permissions ***"
if [ ! -d "{$PROJECTSTATEDIR}" ] ; then
mkdir -m 2775 -p "{$PROJECTSTATEDIR}"
fi
chown root:$PROJECTGROUP {$PROJECTSTATEDIR}
chmod 2775 {$PROJECTSTATEDIR}
if [ ! -d "{$PROJECTSTATEDIR}/agents" ] ; then
mkdir -m 2775 -p "{$PROJECTSTATEDIR}/agents"
fi
chown root:$PROJECTGROUP {$PROJECTSTATEDIR}/agents
chmod 2775 {$PROJECTSTATEDIR}/agents
if [ ! -d "{$CACHEDIR}" ] ; then
mkdir -p "{$CACHEDIR}"
else
echo "*** clearing file cache ***"
rm -rf {$CACHEDIR}/*
fi
chown root:$PROJECTGROUP {$CACHEDIR}
chmod 2775 {$CACHEDIR}
if [ ! -d "$REPO" ] ; then
mkdir -p "$REPO"
else
echo "NOTE: Repository already exists at $REPO"
fi
chown {$PROJECTUSER}:$PROJECTGROUP $REPO
chmod 2770 $REPO
# make sure the parent dir has the right permissions too
chown {$PROJECTUSER}:$PROJECTGROUP $\{REPO%/*\}
chmod 2770 $\{REPO%/*\}
# make install sets Db.conf's mode to 660, but can't chgrp it because
# the group doesn't exist until we create it above. So chgrp now
chgrp $PROJECTGROUP {$SYSCONFDIR}/Db.conf || echo "ERROR: failed to chgrp {$SYSCONFDIR}/Db.conf"
echo "NOTE: Running the PostgreSQL vacuum and analyze command can result in a large database performance improvement. We suggest that you either configure postgres to run its autovacuum and autoanalyze daemons, or maintagent -D in a cron job, or run Admin > Maintenance on a regular basis. Admin > Dashboard will show you the last time vacuum and analyze have been run."
fi
[[ $PROJECTGROUP ]] || \{ echo "PROJECTGROUP is not set"; exit 2; \}
if [ $WEBONLY ]; then
echo "*** Running postinstall for web-only actions***"
LICENSEREF=1
fi
########################################################################
if [ $DATABASE ]; then
{$LIBEXECDIR}/dbcreate
fi # end of DATABASE
if [ $LICENSEREF ]; then
echo "*** update the database and license_ref table ***"
{$LIBEXECDIR}/fossinit.php -l -c {$SYSCONFDIR}
fi # end of license reference
########################################################################
if [ $AGENT ]; then
onlyAllowedAsRoot
# change all files ownership to {$PROJECTUSER}:$PROJECTGROUP
chown -R {$PROJECTUSER}:$PROJECTGROUP {$MODDIR}
#chmod u+s {$MODDIR}/scheduler/agent/fo_scheduler
#chmod g+s {$MODDIR}/scheduler/agent/fo_scheduler
chown -R {$PROJECTUSER}:$PROJECTGROUP {$LIBEXECDIR}
chown -R {$PROJECTUSER}:$PROJECTGROUP {$SYSCONFDIR}
#chown -f {$PROJECTUSER}:$PROJECTGROUP /etc/cron.d/fossology
#chown -f {$PROJECTUSER}:$PROJECTGROUP /etc/init.d/fossology
#chown -f {$PROJECTUSER}:$PROJECTGROUP {$BINDIR}/departition
#chown -f {$PROJECTUSER}:$PROJECTGROUP {$BINDIR}/cp2foss
#chown -f {$PROJECTUSER}:$PROJECTGROUP {$BINDIR}/fossjobs
#chown -f {$PROJECTUSER}:$PROJECTGROUP {$BINDIR}/schema-export
chown -f {$PROJECTUSER}:$PROJECTGROUP {$INCLUDEDIR}/libfossology.h
chown -f {$PROJECTUSER}:$PROJECTGROUP {$MAN1DIR}/cp2foss.1
chown -f {$PROJECTUSER}:$PROJECTGROUP {$MAN1DIR}/fossjobs.1
{$LIBEXECDIR}/fo_dbcheck.php -c {$SYSCONFDIR}
if [ $? != 0 ] ; then
echo "FATAL: unable to connect to database, please check {$SYSCONFDIR}/Db.conf"
exit 1
fi
echo "Database connectivity is good."
fi # end of AGENT
########################################################################
if [ $SCHEDULERONLY ]; then
onlyAllowedAsRoot
echo "*** Setting up scheduler ***"
# Create the scheduler log directory.
if [ -f {$LOGDIR} ] ; then
# Must be a directory and not a file
rm -f {$LOGDIR}
fi
if [ ! -d {$LOGDIR} ] ; then
mkdir -p {$LOGDIR}
fi
chown -R {$PROJECTUSER}:$PROJECTGROUP {$LOGDIR}
chmod 2775 {$LOGDIR}
find {$LOGDIR} -type f | while read i ; do chmod 660 "$i" ; done
fi # end of SCHEDULERONLY
########################################################################
if [ $WEBONLY ]; then
onlyAllowedAsRoot
if [ $LICENSEREF == 0 ] ; then
echo "*** Initializing database tables ***"
{$LIBEXECDIR}/fossinit.php -c {$SYSCONFDIR}
fi
echo "*** Setting up the web interface ***"
# See if web server user exists, if so add to the group.
# check for www-data (Debian, etc)
grep -q "^www-data:" /etc/passwd
if [ $? == 0 ] ; then
echo "NOTE: Adding user www-data to group $PROJECTGROUP"
# this is smart enough to not add multiple times so it's ok to repeat
usermod -G $PROJECTGROUP -a www-data
fi
# check for apache (RHEL/CentOS, etc)
grep -q "^apache:" /etc/passwd
if [ $? == 0 ] ; then
echo "NOTE: Adding user apache to group $PROJECTGROUP"
# this is smart enough to not add multiple times so it's ok to repeat
usermod -G $PROJECTGROUP -a apache
fi
/etc/init.d/apache2 reload
fi # end of WEBONLY
########################################################################
echo "FOSSology postinstall complete, but sure to complete the remaining"
echo " steps in the INSTALL instructions."