YunoHost-Apps/librephotos_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/librephotos_ynh.git synced 2024-09-03 19:36:12 +02:00
Code Issues Activity Actions

Don't run Python as root

Browse source
This commit is contained in:
Jules Bertholet 2021-03-29 21:42:04 -04:00
parent 3b5b527e26
commit a84ad788d4
4 changed files with 36 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hooks/post_user_create
View file

@ -9,8 +9,7 @@ mail=$2
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
pushd $final_path/backend pushd $final_path/backend
source $final_path/backend/venv/bin/activate sudo -u $app $final_path/bin/librephotos-cli shell <<< "
$final_path/bin/librephotos-cli shell <<< "
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
User = get_user_model() User = get_user_model()
try: try:

3
hooks/post_user_delete
View file

@ -9,8 +9,7 @@ purge=$2
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
pushd $final_path/backend pushd $final_path/backend
source $final_path/backend/venv/bin/activate sudo -u $app $final_path/bin/librephotos-cli shell <<< "
$final_path/bin/librephotos-cli shell <<< "
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
User = get_user_model() User = get_user_model()
try: try:

32
scripts/install
View file

@ -141,15 +141,15 @@ usermod -d $data_path $app 2>&1
ynh_script_progression --message="Initializing backend Python virtualenv..." --weight=60 ynh_script_progression --message="Initializing backend Python virtualenv..." --weight=60
pushd $final_path/backend || ynh_die pushd $final_path/backend || ynh_die
python3 -m venv $final_path/backend/venv chown -R $app:$app $final_path/backend
source $final_path/backend/venv/bin/activate sudo -u $app python3 -m venv $final_path/backend/venv
python3 -m pip install -U wheel pip setuptools sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U wheel pip setuptools
python3 -m pip install torch==1.7.1+cpu torchvision==0.8.2+cpu -f https://download.pytorch.org/whl/torch_stable.html 2>&1 sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U torch==1.7.1+cpu torchvision==0.8.2+cpu -f https://download.pytorch.org/whl/torch_stable.html 2>&1
python3 -m pip install --install-option="--no" --install-option="DLIB_USE_CUDA" --install-option="--no" --install-option="USE_AVX_INSTRUCTIONS" --install-option="--no" --install-option="USE_SSE4_INSTRUCTIONS" dlib sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --install-option="--no" --install-option="DLIB_USE_CUDA" --install-option="--no" --install-option="USE_AVX_INSTRUCTIONS" --install-option="--no" --install-option="USE_SSE4_INSTRUCTIONS" dlib
python3 -m pip install --requirement $final_path/backend/requirements.txt sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --requirement $final_path/backend/requirements.txt
python3 -m pip install --requirement $final_path/backend/requirements-ynh.txt sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --requirement $final_path/backend/requirements-ynh.txt
python3 -m spacy download en_core_web_sm sudo -u $app $final_path/backend/venv/bin/python -m spacy download en_core_web_sm
deactivate 'dummy_arg' chown -R root:root $final_path/backend
popd || ynh_die popd || ynh_die
#================================================= #=================================================
@ -194,6 +194,10 @@ for file in $final_path/bin/*; do
ynh_replace_string -m "librephotos-backend.env" -r "librephotos.env" -f $file ynh_replace_string -m "librephotos-backend.env" -r "librephotos.env" -f $file
ynh_replace_special_string -m 'su - -s $(which bash) librephotos << EOF' -r '' -f $file ynh_replace_special_string -m 'su - -s $(which bash) librephotos << EOF' -r '' -f $file
ynh_replace_special_string -m 'EOF' -r '' -f $file ynh_replace_special_string -m 'EOF' -r '' -f $file
ynh_replace_string -m "python" -r "$final_path/backend/venv/bin/python" -f $file
ynh_replace_string -m "gunicorn" -r "$final_path/backend/venv/bin/gunicorn" -f $file
ynh_replace_string -m "$final_path/backend/venv/bin/$final_path/backend/venv/bin/python" -r "$final_path/backend/venv/bin/python" -f $file
ynh_replace_string -m "$final_path/backend/venv/bin/$final_path/backend/venv/bin/gunicorn" -r "$final_path/backend/venv/bin/gunicorn" -f $file
ynh_store_file_checksum --file="$file" ynh_store_file_checksum --file="$file"
done done
@ -203,13 +207,12 @@ done
ynh_script_progression --message="Finalizing database..." --weight=1 ynh_script_progression --message="Finalizing database..." --weight=1
pushd $final_path || ynh_die pushd $final_path || ynh_die
python3 -m venv $final_path/backend/venv chown -R root:$app $final_path
source $final_path/backend/venv/bin/activate sudo -u $app $final_path/bin/librephotos-upgrade
$final_path/bin/librephotos-upgrade sudo -u $app $final_path/bin/librephotos-createadmin "$admin" "$(ynh_user_get_info $admin 'mail')" $(ynh_string_random -l 64)
$final_path/bin/librephotos-createadmin "$admin" "$(ynh_user_get_info $admin 'mail')" $(ynh_string_random -l 64)
for username in $(ynh_user_list); do for username in $(ynh_user_list); do
user_email=$(ynh_user_get_info --username="$username" --key=mail) user_email=$(ynh_user_get_info --username="$username" --key=mail)
$final_path/bin/librephotos-cli shell <<< " sudo -u $app $final_path/bin/librephotos-cli shell <<< "
from django.contrib.auth import get_user_model from django.contrib.auth import get_user_model
User = get_user_model() User = get_user_model()
try: try:
@ -220,6 +223,7 @@ except User.DoesNotExist:
User.objects.create_user('$username', email='$user_email', scan_directory='/home/yunohost.multimedia/$username/Picture') User.objects.create_user('$username', email='$user_email', scan_directory='/home/yunohost.multimedia/$username/Picture')
" "
done done
chown -R root:root $final_path
popd || ynh_die popd || ynh_die
#================================================= #=================================================

28
scripts/upgrade
View file

@ -126,15 +126,15 @@ usermod -d $data_path $app 2>&1
ynh_script_progression --message="Upgrading backend Python virtualenv..." --weight=50 ynh_script_progression --message="Upgrading backend Python virtualenv..." --weight=50
pushd $final_path/backend || ynh_die pushd $final_path/backend || ynh_die
python3 -m venv $final_path/backend/venv chown -R $app:$app $final_path/backend
source $final_path/backend/venv/bin/activate sudo -u $app python3 -m venv $final_path/backend/venv
python3 -m pip install -U wheel pip setuptools sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U wheel pip setuptools
python3 -m pip install -U torch==1.7.1+cpu torchvision==0.8.2+cpu -f https://download.pytorch.org/whl/torch_stable.html 2>&1 sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U torch==1.7.1+cpu torchvision==0.8.2+cpu -f https://download.pytorch.org/whl/torch_stable.html 2>&1
python3 -m pip install -U --install-option="--no" --install-option="DLIB_USE_CUDA" --install-option="--no" --install-option="USE_AVX_INSTRUCTIONS" --install-option="--no" --install-option="USE_SSE4_INSTRUCTIONS" dlib sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --install-option="--no" --install-option="DLIB_USE_CUDA" --install-option="--no" --install-option="USE_AVX_INSTRUCTIONS" --install-option="--no" --install-option="USE_SSE4_INSTRUCTIONS" dlib
python3 -m pip install -U --requirement $final_path/backend/requirements.txt sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --requirement $final_path/backend/requirements.txt
python3 -m pip install -U --requirement $final_path/backend/requirements-ynh.txt sudo -u $app $final_path/backend/venv/bin/pip --cache-dir $final_path/backend/.cache/pip install -U --requirement $final_path/backend/requirements-ynh.txt
python3 -m spacy download en_core_web_sm sudo -u $app $final_path/backend/venv/bin/python -m spacy download en_core_web_sm
deactivate 'dummy_arg' chown -R root:root $final_path/backend
popd || ynh_die popd || ynh_die
#================================================= #=================================================
@ -179,6 +179,10 @@ for file in $final_path/bin/*; do
ynh_replace_string -m "librephotos-backend.env" -r "librephotos.env" -f $file ynh_replace_string -m "librephotos-backend.env" -r "librephotos.env" -f $file
ynh_replace_special_string -m 'su - -s $(which bash) librephotos << EOF' -r '' -f $file ynh_replace_special_string -m 'su - -s $(which bash) librephotos << EOF' -r '' -f $file
ynh_replace_special_string -m 'EOF' -r '' -f $file ynh_replace_special_string -m 'EOF' -r '' -f $file
ynh_replace_string -m "python" -r "$final_path/backend/venv/bin/python" -f $file
ynh_replace_string -m "gunicorn" -r "$final_path/backend/venv/bin/gunicorn" -f $file
ynh_replace_string -m "$final_path/backend/venv/bin/$final_path/backend/venv/bin/python" -r "$final_path/backend/venv/bin/python" -f $file
ynh_replace_string -m "$final_path/backend/venv/bin/$final_path/backend/venv/bin/gunicorn" -r "$final_path/backend/venv/bin/gunicorn" -f $file
ynh_store_file_checksum --file="$file" ynh_store_file_checksum --file="$file"
done done
@ -188,9 +192,9 @@ done
ynh_script_progression --message="Finalizing database..." --weight=1 ynh_script_progression --message="Finalizing database..." --weight=1
pushd $final_path || ynh_die pushd $final_path || ynh_die
python3 -m venv $final_path/backend/venv chown -R root:$app $final_path
source $final_path/backend/venv/bin/activate sudo -u $app $final_path/bin/librephotos-upgrade
$final_path/bin/librephotos-upgrade chown -R root:root $final_path
popd || ynh_die popd || ynh_die
#================================================= #=================================================