From d24cd494f3dbd12aaae5d77f5dd5608d6c8c6ae9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=B4me=20Lebleu?= Date: Sat, 16 Apr 2016 19:32:18 +0200 Subject: [PATCH] [fix] Update package first install and call some conf_regen hooks with init --- data/hooks/conf_regen/01-yunohost | 19 +++--- data/hooks/conf_regen/02-ssl | 97 ++++++++++++++++++------------- data/hooks/conf_regen/15-nginx | 19 ++++++ debian/postinst | 7 +-- src/yunohost/tools.py | 5 +- 5 files changed, 94 insertions(+), 53 deletions(-) diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost index 27268b5a..0d4f4bce 100755 --- a/data/hooks/conf_regen/01-yunohost +++ b/data/hooks/conf_regen/01-yunohost @@ -2,8 +2,11 @@ set -e -do_pre_regen() { - pending_dir=$1 +do_init_regen() { + if [[ $EUID -ne 0 ]]; then + echo "You must be root to run this script" 1>&2 + exit 1 + fi cd /usr/share/yunohost/templates/yunohost @@ -11,14 +14,14 @@ do_pre_regen() { # set default current_host [[ -f /etc/yunohost/current_host ]] \ - || echo "yunohost.org" | sudo tee /etc/yunohost/current_host + || echo "yunohost.org" > /etc/yunohost/current_host # copy default firewall and services # TODO: update them as needed with upgrades [[ -f /etc/yunohost/firewall.yml ]] \ - || sudo cp firewall.yml /etc/yunohost/firewall.yml + || cp firewall.yml /etc/yunohost/firewall.yml [[ -f /etc/yunohost/services.yml ]] \ - || sudo cp services.yml /etc/yunohost/services.yml + || cp services.yml /etc/yunohost/services.yml # allow users to access /media directory [[ -d /etc/skel/media ]] \ @@ -28,10 +31,10 @@ do_pre_regen() { FORCE=$2 case "$1" in - pre) - do_pre_regen $3 + pre|post) ;; - post) + init) + do_init_regen ;; *) echo "hook called with unknown argument \`$1'" >&2 diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl index c58da53b..74600fc8 100755 --- a/data/hooks/conf_regen/02-ssl +++ b/data/hooks/conf_regen/02-ssl @@ -4,6 +4,59 @@ set -e ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA" +do_init_regen() { + if [[ $EUID -ne 0 ]]; then + echo "You must be root to run this script" 1>&2 + exit 1 + fi + + # create certs and SSL directories + mkdir -p "/etc/yunohost/certs/yunohost.org" + mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} + + # initialize some files + [[ -f "${ssl_dir}/serial" ]] \ + || echo "00" > "${ssl_dir}/serial" + [[ -f "${ssl_dir}/index.txt" ]] \ + || touch "${ssl_dir}/index.txt" + + openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf" + + # create default certificates + if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then + openssl req -x509 -new -config "$openssl_conf" \ + -days 3650 -out "${ssl_dir}/ca/cacert.pem" \ + -keyout "${ssl_dir}/ca/cakey.pem" -nodes -batch 2>&1 + cp "${ssl_dir}/ca/cacert.pem" \ + /etc/yunohost/certs/yunohost.org/ca.pem + ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \ + /etc/ssl/certs/ca-yunohost_crt.pem + update-ca-certificates + fi + + if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then + openssl req -new -config "$openssl_conf" \ + -days 730 -out "${ssl_dir}/certs/yunohost_csr.pem" \ + -keyout "${ssl_dir}/certs/yunohost_key.pem" -nodes -batch 2>&1 + openssl ca -config "$openssl_conf" \ + -days 730 -in "${ssl_dir}/certs/yunohost_csr.pem" \ + -out "${ssl_dir}/certs/yunohost_crt.pem" -batch 2>&1 + + last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1) + chmod 640 "${ssl_dir}/certs/yunohost_key.pem" + chmod 640 "$last_cert" + + cp "${ssl_dir}/certs/yunohost_key.pem" \ + /etc/yunohost/certs/yunohost.org/key.pem + cp "$last_cert" \ + /etc/yunohost/certs/yunohost.org/crt.pem + ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ + /etc/ssl/certs/yunohost_crt.pem + ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ + /etc/ssl/private/yunohost_key.pem + fi +} + do_pre_regen() { pending_dir=$1 @@ -15,46 +68,7 @@ do_pre_regen() { do_post_regen() { regen_conf_files=$1 - sudo mkdir -p "/etc/yunohost/certs/yunohost.org" - sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} - - [[ -f "${ssl_dir}/serial" ]] \ - || (echo "00" | sudo tee "${ssl_dir}/serial") - [[ -f "${ssl_dir}/index.txt" ]] \ - || sudo touch "${ssl_dir}/index.txt" - - if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then - sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \ - -days 3650 -out $ssl_dir/ca/cacert.pem \ - -keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1 - sudo cp $ssl_dir/ca/cacert.pem \ - /etc/yunohost/certs/yunohost.org/ca.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \ - /etc/ssl/certs/ca-yunohost_crt.pem - sudo update-ca-certificates - fi - - if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then - sudo openssl req -new -config $ssl_dir/openssl.cnf \ - -days 730 -out $ssl_dir/certs/yunohost_csr.pem \ - -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1 - sudo openssl ca -config $ssl_dir/openssl.cnf \ - -days 730 -in $ssl_dir/certs/yunohost_csr.pem \ - -out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1 - - last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1) - sudo chmod 640 $ssl_dir/certs/yunohost_key.pem - sudo chmod 640 $last_cert - - sudo cp $ssl_dir/certs/yunohost_key.pem \ - /etc/yunohost/certs/yunohost.org/key.pem - sudo cp $last_cert \ - /etc/yunohost/certs/yunohost.org/crt.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \ - /etc/ssl/certs/yunohost_crt.pem - sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \ - /etc/ssl/private/yunohost_key.pem - fi + # TODO: regenerate certificates if conf changed? } FORCE=$2 @@ -66,6 +80,9 @@ case "$1" in post) do_post_regen $3 ;; + init) + do_init_regen + ;; *) echo "hook called with unknown argument \`$1'" >&2 exit 1 diff --git a/data/hooks/conf_regen/15-nginx b/data/hooks/conf_regen/15-nginx index 2d8f7311..29748fa7 100755 --- a/data/hooks/conf_regen/15-nginx +++ b/data/hooks/conf_regen/15-nginx @@ -2,6 +2,15 @@ set -e +do_init_regen() { + if [[ $EUID -ne 0 ]]; then + echo "You must be root to run this script" 1>&2 + exit 1 + fi + + do_pre_regen "" +} + do_pre_regen() { pending_dir=$1 @@ -14,6 +23,13 @@ do_pre_regen() { # install plain conf files cp plain/* "$nginx_conf_dir" + # probably run with init: just disable default site, restart NGINX and exit + if [[ -z "$pending_dir" ]]; then + rm -f "${nginx_dir}/sites-enabled/default" + service nginx restart + exit 0 + fi + # retrieve variables main_domain=$(cat /etc/yunohost/current_host) domain_list=$(sudo yunohost domain list --output-as plain --quiet) @@ -72,6 +88,9 @@ case "$1" in post) do_post_regen $3 ;; + init) + do_init_regen + ;; *) echo "hook called with unknown argument \`$1'" >&2 exit 1 diff --git a/debian/postinst b/debian/postinst index 34f6cd24..b4453093 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,10 +6,9 @@ do_configure() { rm -rf /var/cache/moulinette/* if [ ! -f /etc/yunohost/installed ]; then - bash /usr/share/yunohost/hooks/conf_regen/01-yunohost True - bash /usr/share/yunohost/hooks/conf_regen/02-ssl True - bash /usr/share/yunohost/hooks/conf_regen/06-slapd True - bash /usr/share/yunohost/hooks/conf_regen/15-nginx True + bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init + bash /usr/share/yunohost/hooks/conf_regen/02-ssl init + bash /usr/share/yunohost/hooks/conf_regen/15-nginx init else echo "Regenerating configuration, this might take a while..." yunohost service regenconf diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 3fcd3dd4..11af8c2d 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -177,6 +177,9 @@ def tools_postinstall(domain, password, ignore_dyndns=False): else: raise MoulinetteError(errno.EPERM, m18n.n('yunohost_already_installed')) + # Regenerate some services at first + service_regen_conf(['slapd'], force=True) + if len(domain.split('.')) >= 3 and not ignore_dyndns: try: r = requests.get('https://dyndns.yunohost.org/domains') @@ -503,4 +506,4 @@ def tools_diagnosis(auth, private=False): # Domains diagnosis['private']['domains'] = domain_list(auth)['domains'] - return diagnosis \ No newline at end of file + return diagnosis