From 01d8e592f75f73055d85f46c6b89a3d06820c0d2 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 25 Jun 2020 22:39:45 +0200 Subject: [PATCH] [enh] do not run composer as root --- scripts/experimental_helpers/ynh_composer__2 | 23 ++++++++++++++------ scripts/install | 15 +++++-------- scripts/upgrade | 10 ++++----- 3 files changed, 27 insertions(+), 21 deletions(-) diff --git a/scripts/experimental_helpers/ynh_composer__2 b/scripts/experimental_helpers/ynh_composer__2 index 6f9676b..6b1c315 100644 --- a/scripts/experimental_helpers/ynh_composer__2 +++ b/scripts/experimental_helpers/ynh_composer__2 @@ -2,42 +2,48 @@ # Execute a command with Composer # -# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands" -# | arg: -v, --phpversion - PHP version to use with composer +# usage: ynh_composer_exec [--user=app] [--phpversion=phpversion] [--workdir=$final_path] --commands="commands" +# | arg: -u, --user - User to execute composer with. +# | arg: -v, --phpversion - PHP version to use with composer. # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. # | arg: -c, --commands - Commands to execute. ynh_composer_exec () { # Declare an array to define the options of this helper. - local legacy_args=vwc - declare -Ar args_array=( [v]=phpversion= [w]=workdir= [c]=commands= ) + local legacy_args=uvwc + declare -Ar args_array=( [u]=user= [v]=phpversion= [w]=workdir= [c]=commands= ) + local user local phpversion local workdir local commands # Manage arguments with getopts ynh_handle_getopts_args "$@" + user="${user:-$app}" workdir="${workdir:-$final_path}" phpversion="${phpversion:-$YNH_PHP_VERSION}" COMPOSER_HOME="$workdir/.composer" \ - php${phpversion} "$workdir/composer.phar" $commands \ + exec_as $user php${phpversion} "$workdir/composer.phar" $commands \ -d "$workdir" --no-interaction } # Install and initialize Composer in the given directory # # usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] +# | arg: -u, --user - User to execute composer with. # | arg: -v, --phpversion - PHP version to use with composer # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. # | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include ynh_install_composer () { # Declare an array to define the options of this helper. local legacy_args=vwa - declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args=) + declare -Ar args_array=( [u]=user= [v]=phpversion= [w]=workdir= [a]=install_args=) + local user local phpversion local workdir local install_args # Manage arguments with getopts ynh_handle_getopts_args "$@" + user="${user:-$app}" workdir="${workdir:-$final_path}" phpversion="${phpversion:-$YNH_PHP_VERSION}" install_args="${install_args:-}" @@ -47,7 +53,10 @@ ynh_install_composer () { php${phpversion} -- --install-dir="$workdir" \ || ynh_die "Unable to install Composer." + # Making sure workdir is writable + chown -R $user: $workdir + # update dependencies to create composer.lock - ynh_composer_exec --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \ + ynh_composer_exec --user=$user --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \ || ynh_die "Unable to update core dependencies with Composer." } diff --git a/scripts/install b/scripts/install index 39705ad..cac165b 100644 --- a/scripts/install +++ b/scripts/install @@ -141,25 +141,22 @@ ynh_add_swap --size=$swap_needed #================================================= ynh_script_progression --message="Installing composer dependencies..." -ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$final_path" +ynh_exec_warn_less ynh_install_composer --user=$app --phpversion="$phpversion" --workdir="$final_path" # Set Flarum version -ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require flarum/core:$core_version --prefer-lowest --no-update" +ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require flarum/core:$core_version --prefer-lowest --no-update" # Require SSOwat extension -ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require tituspijean/flarum-ext-auth-ssowat:$ssowat_version --no-update" +ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require tituspijean/flarum-ext-auth-ssowat:$ssowat_version --no-update" # Update and download dependencies -ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="update" +ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="update" #================================================= # FLARUM POST-INSTALL #================================================= ynh_script_progression --message="Configuring Flarum..." --weight=2 -# Making sure it is writable -chown -R $app: $final_path - # Copy the configuration.yml to working directory finalflarumconf="$final_path/configuration.yml" cp ../conf/configuration.yml $finalflarumconf @@ -201,14 +198,14 @@ ynh_mysql_execute_as_root --sql="$sql_command" --database=$db_name case $language in fr) ynh_script_progression --message="Installing French extension..." --weight=2 - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require qiaeru/lang-french" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require qiaeru/lang-french" activate_flarum_extension $db_name "qiaeru-lang-french" sql_command="UPDATE \`settings\` SET \`value\` = 'fr' WHERE \`settings\`.\`key\` = 'default_locale'" ynh_mysql_execute_as_root --sql="$sql_command" --database=$db_name ;; de) ynh_script_progression --message="Installing German extension..." --weight=2 - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require cbmainz/flarum-de" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require cbmainz/flarum-de" activate_flarum_extension $db_name "cbmainz-de" sql_command="UPDATE \`settings\` SET \`value\` = 'de' WHERE \`settings\`.\`key\` = 'default_locale'" ynh_mysql_execute_as_root --sql="$sql_command" --database=$db_name diff --git a/scripts/upgrade b/scripts/upgrade index e511689..c71ac3b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -217,13 +217,13 @@ then chown -R $app:www-data $final_path # Install Composer and Flarum - ynh_install_composer --phpversion=$phpversion --workdir=$final_path + ynh_install_composer --user=$app --phpversion=$phpversion --workdir=$final_path # Perform migrations and clear cache pushd $final_path ynh_script_progression --message="Upgrading Flarum and its extensions..." --weight=1 - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require tituspijean/flarum-ext-auth-ssowat:$ssowat_version --no-update" - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require flarum/core:$core_version --prefer-dist --update-no-dev -a --update-with-all-dependencies" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require tituspijean/flarum-ext-auth-ssowat:$ssowat_version --no-update" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require flarum/core:$core_version --prefer-dist --update-no-dev -a --update-with-all-dependencies" exec_as $app php$phpversion flarum migrate exec_as $app php$phpversion flarum cache:clear popd @@ -247,14 +247,14 @@ fi case $language in fr) ynh_script_progression --message="Installing French extension..." --weight=2 - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require qiaeru/lang-french" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require qiaeru/lang-french" activate_flarum_extension $db_name "qiaeru-lang-french" sql_command="UPDATE \`settings\` SET \`value\` = 'fr' WHERE \`settings\`.\`key\` = 'default_locale'" ynh_mysql_execute_as_root "$sql_command" $db_name ;; de) ynh_script_progression --message="Installing German extension..." --weight=2 - ynh_composer_exec --phpversion=$phpversion --workdir=$final_path --commands="require cbmainz/flarum-de" + ynh_composer_exec --user=$app --phpversion=$phpversion --workdir=$final_path --commands="require cbmainz/flarum-de" activate_flarum_extension $db_name "cbmainz-de" sql_command="UPDATE \`settings\` SET \`value\` = 'de' WHERE \`settings\`.\`key\` = 'default_locale'" ynh_mysql_execute_as_root "$sql_command" $db_name