regenconf: more factorizing in yunohost hook

2024-09-03 20:06:10 +02:00 · 2024-02-03 20:00:13 +01:00 · 2024-02-03 20:00:13 +01:00 · 6958ea3b0f
commit 6958ea3b0f
parent a47321e1bc
1 changed files with 42 additions and 34 deletions
--- a/hooks/conf_regen/01-yunohost
+++ b/hooks/conf_regen/01-yunohost
@ -24,6 +24,8 @@ base_folder_and_perm_init() {
    # Portal folders #
    ##################

+    getent passwd ynh-portal &>/dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group ynh-portal
+
    mkdir -p /etc/yunohost/portal
    chmod 500 /etc/yunohost/portal
    chown ynh-portal:ynh-portal /etc/yunohost/portal
@ -36,9 +38,9 @@ base_folder_and_perm_init() {
    chown ynh-portal:root /var/log/yunohost-portalapi.log
    chmod 600 /var/log/yunohost-portalapi.log

-    ###################
-    # Sessions folder #
-    ###################
+    ###############################
+    # Sessions folder and secrets #
+    ###############################

    # Portal
    mkdir -p /var/cache/yunohost-portal/sessions
@ -52,6 +54,24 @@ base_folder_and_perm_init() {
    chown root:root /var/cache/yunohost/sessions
    chmod 700 /var/cache/yunohost/sessions

+    if test -e /etc/yunohost/installed
+    then
+        # Initialize session secrets
+        # Obviously we only do this in the post_regen, ie during the postinstall, because we don't want every pre-installed instance to have the same secret
+        if [ ! -e /etc/yunohost/.admin_cookie_secret ]; then
+            dd if=/dev/urandom bs=1 count=1000 2>/dev/null | tr --complement --delete 'A-Za-z0-9' | head -c 64 > /etc/yunohost/.admin_cookie_secret
+        fi
+        chown root:root /etc/yunohost/.admin_cookie_secret
+        chmod 400 /etc/yunohost/.admin_cookie_secret
+
+        if [ ! -e /etc/yunohost/.ssowat_cookie_secret ]; then
+            # NB: we need this to be exactly 32 char long, because it is later used as a key for AES256
+            dd if=/dev/urandom bs=1 count=1000 2>/dev/null | tr --complement --delete 'A-Za-z0-9' | head -c 32 > /etc/yunohost/.ssowat_cookie_secret
+        fi
+        chown ynh-portal:root /etc/yunohost/.ssowat_cookie_secret
+        chmod 400 /etc/yunohost/.ssowat_cookie_secret
+    fi
+
    ##################
    # Domain folders #
    ##################
@ -93,7 +113,16 @@ base_folder_and_perm_init() {
    mkdir -p /home/yunohost.backup/archives
    chmod 770 /home/yunohost.backup
    chmod 770 /home/yunohost.backup/archives
-    chown root:root /home/yunohost.backup/archives # This is later changed to root:admins once the admins group exists
+
+    if test -e /etc/yunohost/installed
+    then
+        # The admins group only exist after the postinstall
+        chown root:admins /home/yunohost.backup
+        chown root:admins /home/yunohost.backup/archives
+    else
+        chown root:root /home/yunohost.backup
+        chown root:root /home/yunohost.backup/archives
+    fi

    ########
    # Misc #
@ -107,14 +136,21 @@ base_folder_and_perm_init() {
    chown root:root /var/cache/yunohost
    chmod 700 /var/cache/yunohost

+    [ ! -e /var/www/.well-known/ynh-diagnosis/ ] || chmod 775 /var/www/.well-known/ynh-diagnosis/
+
+    if test -e /etc/yunohost/installed
+    then
+        setfacl -m g:all_users:--- /var/www
+        setfacl -m g:all_users:--- /var/log/nginx
+        setfacl -m g:all_users:--- /etc/yunohost
+        setfacl -m g:all_users:--- /etc/ssowat
+    fi
 }

 do_init_regen() {

    cd /usr/share/yunohost/conf/yunohost

-    getent passwd ynh-portal &>/dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group ynh-portal
-
    base_folder_and_perm_init

    # Empty ssowat json persistent conf
@ -258,37 +294,9 @@ EOF
 do_post_regen() {
    regen_conf_files=$1

-    # Initialize session secrets
-    # Obviously we only do this in the post_regen, ie during the postinstall, because we don't want every pre-installed instance to have the same secret
-    if [ ! -e /etc/yunohost/.admin_cookie_secret ]; then
-        dd if=/dev/urandom bs=1 count=1000 2>/dev/null | tr --complement --delete 'A-Za-z0-9' | head -c 64 > /etc/yunohost/.admin_cookie_secret
-    fi
-    chown root:root /etc/yunohost/.admin_cookie_secret
-    chmod 400 /etc/yunohost/.admin_cookie_secret
-
-    getent passwd ynh-portal &>/dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group ynh-portal
-    if [ ! -e /etc/yunohost/.ssowat_cookie_secret ]; then
-        # NB: we need this to be exactly 32 char long, because it is later used as a key for AES256
-        dd if=/dev/urandom bs=1 count=1000 2>/dev/null | tr --complement --delete 'A-Za-z0-9' | head -c 32 > /etc/yunohost/.ssowat_cookie_secret
-    fi
-    chown ynh-portal:root /etc/yunohost/.ssowat_cookie_secret
-    chmod 400 /etc/yunohost/.ssowat_cookie_secret
-
    # Re-mkdir / apply permission to all basic folders etc
    base_folder_and_perm_init

-    # Only doing this once postinstall is done such that the admins group exist
-    chown root:admins /home/yunohost.backup
-    chown root:admins /home/yunohost.backup/archives
-
-    # Same here, all_users only exist after posinstall
-    setfacl -m g:all_users:--- /var/www
-    setfacl -m g:all_users:--- /var/log/nginx
-    setfacl -m g:all_users:--- /etc/yunohost
-    setfacl -m g:all_users:--- /etc/ssowat
-
-    [ ! -e /var/www/.well-known/ynh-diagnosis/ ] || chmod 775 /var/www/.well-known/ynh-diagnosis/
-
    # Legacy log tree structure
    if [ ! -e /var/log/yunohost/operations ] && [ -d /var/log/yunohost/categories/operation ] && [ ! -L /var/log/yunohost/categories/operation ]
    then