YunoHost-Apps/mygpo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/mygpo_ynh.git synced 2024-09-03 19:55:52 +02:00
Code Issues Activity Actions

Don't run Python as root

Browse source 
We don't want to give code from the internet that hasn't been reviewed more privileges than it needs
This commit is contained in:
Jules Bertholet 2021-03-30 00:29:43 -04:00
parent 79de807fcd
commit eff624b855
3 changed files with 24 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hooks/post_user_delete
View file

@ -11,7 +11,7 @@ env_path=$final_path/envs/prod
pushd $final_path
source $final_path/venv/bin/activate
envdir $env_path python3 $final_path/manage.py shell <<< "
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py shell <<< "
from django.contrib.auth import get_user_model
User = get_user_model()
try:

24
scripts/install
View file

@ -150,24 +150,24 @@ echo $staff_token > $env_path/STAFF_TOKEN
ynh_script_progression --message="Initializing Python virtualenv..." --weight=20
pushd $final_path || ynh_die
python3 -m venv $final_path/venv
source $final_path/venv/bin/activate
python3 -m pip install -U wheel pip setuptools
python3 -m pip install --requirement $final_path/requirements.txt
python3 -m pip install --requirement $final_path/requirements-setup.txt
python3 -m pip install --requirement $final_path/requirements-ynh.txt
deactivate 'dummy_arg'
chown -R $app:$app $final_path
sudo -u $app python3 -m venv $final_path/venv
sudo -u $app $final_path/venv/bin/python -m pip install -U wheel pip setuptools
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements.txt
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-setup.txt
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-ynh.txt
chown -R root:root $final_path
popd || ynh_die
#=================================================
# INITIALIZE DATABASE
#=================================================
pushd $final_path || ynh_die
source $final_path/venv/bin/activate
envdir $env_path python3 $final_path/manage.py makemigrations
envdir $env_path python3 $final_path/manage.py migrate
envdir $env_path python3 $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0
deactivate 'dummy_arg'
chown -R root:$app $final_path
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py makemigrations
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py migrate
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0
chown -R root:root $final_path
popd || ynh_die
#=================================================

21
scripts/upgrade
View file

@ -98,12 +98,13 @@ ynh_system_user_create --username=$app
ynh_script_progression --message="Upgrading Python virtualenv..." --weight=2
pushd $final_path || ynh_die
source $final_path/venv/bin/activate
python3 -m pip install -U wheel pip setuptools
python3 -m pip install -U --requirement $final_path/requirements.txt
python3 -m pip install -U --requirement $final_path/requirements-setup.txt
python3 -m pip install -U --requirement $final_path/requirements-ynh.txt
deactivate 'dummy_arg'
chown -R $app:$app $final_path
sudo -u $app python3 -m venv $final_path/venv
sudo -u $app $final_path/venv/bin/python -m pip install -U wheel pip setuptools
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements.txt
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-setup.txt
sudo -u $app $final_path/venv/bin/python -m pip install -U --requirement $final_path/requirements-ynh.txt
chown -R root:root $final_path
popd || ynh_die
#=================================================
@ -112,10 +113,10 @@ popd || ynh_die
ynh_script_progression --message="Performing database migrations..." --weight=2
pushd $final_path || ynh_die
source $final_path/venv/bin/activate
envdir $final_path/envs/prod python3 $final_path/manage.py makemigrations
envdir $final_path/envs/prod python3 $final_path/manage.py migrate
deactivate 'dummy_arg'
chown -R root:$app $final_path
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py makemigrations
sudo -u $app $final_path/venv/bin/envdir $env_path python3 $final_path/manage.py migrate
chown -R root:root $final_path
popd || ynh_die
#=================================================