diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-02-28 18:00:05 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2023-02-28 18:00:05 +0000 |
commit | 54f7d9de36020db4de5e5cbdd8efafaa656d1414 (patch) | |
tree | 7e64a77b0110330f4c2bb28f3767d4786b24e8a0 | |
parent | Adding upstream version 20221122. (diff) | |
download | open-infrastructure-service-tools-54f7d9de36020db4de5e5cbdd8efafaa656d1414.tar.xz open-infrastructure-service-tools-54f7d9de36020db4de5e5cbdd8efafaa656d1414.zip |
Adding upstream version 20221223.upstream/20221223
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r-- | CHANGELOG.txt | 10 | ||||
-rw-r--r-- | VERSION.txt | 2 | ||||
-rw-r--r-- | apt/Makefile | 80 | ||||
-rwxr-xr-x | apt/bin/apt-install | 68 | ||||
-rwxr-xr-x | apt/bin/apt-remove | 67 | ||||
-rw-r--r-- | apt/share/man/Makefile | 59 | ||||
-rw-r--r-- | apt/share/man/apt-install.1.rst | 123 | ||||
-rw-r--r-- | apt/share/man/man.in | 19 | ||||
-rwxr-xr-x | dehydrated/share/hooks/exit_hook.service-reload | 3 | ||||
-rwxr-xr-x | git/bin/git-pull-branches | 49 | ||||
-rw-r--r-- | znuny/Makefile | 80 | ||||
-rwxr-xr-x | znuny/bin/otrs.Console.pl | 24 | ||||
-rwxr-xr-x | znuny/bin/otrs.Daemon.pl | 24 |
13 files changed, 606 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 735e15a..5222caa 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,3 +1,13 @@ +2022-12-31 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20221231. + + [ Daniel Baumann ] + * Adding znuny-tools. + * Adding git-pull-branches in git-tools. + * Completely stop and start apache in dehydrated hook to ensure OCSP renewals. + * Adding apt tools. + 2022-11-22 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20221122. diff --git a/VERSION.txt b/VERSION.txt index 00ec7ae..7a58b9c 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20221122 +20221223 diff --git a/apt/Makefile b/apt/Makefile new file mode 100644 index 0000000..6b3744b --- /dev/null +++ b/apt/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/apt/bin/apt-install b/apt/bin/apt-install new file mode 100755 index 0000000..2427361 --- /dev/null +++ b/apt/bin/apt-install @@ -0,0 +1,68 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROGRAM="$(basename "${0}")" +OPTIONS="${*}" + +Usage () +{ + echo "Usage: ${PROGRAM} PACKAGE" >&2 + echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2 + echo + echo "See ${PROGRAM}(1) for more information." + + exit 1 +} + +if [ -z "${OPTIONS}" ] +then + Usage +fi + +for OPTION in ${OPTIONS} +do + case "${OPTION}" in + -*) + # abort if options are trying to be used + Usage + ;; + + /*) + # abort if local deb files are trying to be installed + Usage + ;; + + .*) + # abort if local deb files are trying to be installed + echo "Debug: ." + Usage + ;; + esac +done + +# ignore local apt configuration files +APT_CONFIG="" +export APT_CONFIG + +apt update +apt install "${OPTIONS}" diff --git a/apt/bin/apt-remove b/apt/bin/apt-remove new file mode 100755 index 0000000..655246e --- /dev/null +++ b/apt/bin/apt-remove @@ -0,0 +1,67 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROGRAM="$(basename "${0}")" +OPTIONS="${*}" + +Usage () +{ + echo "Usage: ${PROGRAM} PACKAGE" >&2 + echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2 + echo + echo "See ${PROGRAM}(1) for more information." + + exit 1 +} + +if [ -z "${OPTIONS}" ] +then + Usage +fi + +for OPTION in ${OPTIONS} +do + case "${OPTION}" in + -*) + # abort if options are trying to be used + Usage + ;; + + /*) + # abort if local deb files are trying to be installed + Usage + ;; + + .*) + # abort if local deb files are trying to be installed + echo "Debug: ." + Usage + ;; + esac +done + +# ignore local apt configuration files +APT_CONFIG="" +export APT_CONFIG + +apt remove --purge "${OPTIONS}" diff --git a/apt/share/man/Makefile b/apt/share/man/Makefile new file mode 100644 index 0000000..a6d6bf2 --- /dev/null +++ b/apt/share/man/Makefile @@ -0,0 +1,59 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +# Depends: python3-docutils + +RST2MAN = rst2man \ + --no-datestamp \ + --no-generator \ + --strict \ + --strip-comments \ + --tab-width=4 \ + --verbose + +VERSION := $(shell cat ../../../VERSION.txt) + +SHELL := sh -e + +all: build + +build: man + +man: man.in *.rst + @echo -n "Creating manpages... " + + @for FILE in *.rst; \ + do \ + cp man.in $$(basename $${FILE} .rst); \ + $(RST2MAN) $${FILE} | \ + sed -e '/^.\\" Man page generated/d' \ + -e '/^.\\" Generated by/d' \ + -e "s|^\(.TH .*\) \(\"\" \"\"\) |\1 $${VERSION} service-tools |" \ + >> $$(basename $${FILE} .rst); \ + echo -n "."; \ + done + + @echo " done." + +clean: + rm -f *.[0-9] + +distclean: clean + +rebuild: clean build diff --git a/apt/share/man/apt-install.1.rst b/apt/share/man/apt-install.1.rst new file mode 100644 index 0000000..f446ea9 --- /dev/null +++ b/apt/share/man/apt-install.1.rst @@ -0,0 +1,123 @@ +.. Open Infrastructure: service-tools + +.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +=========== +apt-install +=========== + +------------------------------------------------------------------------ +securely allow unprivileged users to install packages via apt using sudo +------------------------------------------------------------------------ + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **sudo apt-install** PACKAGE +| **sudo apt-install** PACKAGE1 PACKAGE2 ... + +Description +=========== + +**apt-install** securely allows unprivileged users to install packages via apt using sudo. + +Some background information +=========================== + +| **Use case** +| On managed systems by a group of system administrators, it would be nice to allow +| unprivileged users to install the packages they like from the pre-configured +| Debian repositories. +| +| **Unsecure via sudo** +| Traditionally this has been done by granting the unprivileged users to run +| sudo with e.g.: +| "user ALL=NOPASSWD: /usr/bin/apt, /usr/bin/apt-get" +| (see sudoers(5) for information about sudoers, the configuration file for sudo). +| +| **Using local apt configuration** +| Using sudo as above allows for custom apt options to be passed as arguments, e.g.: +| sudo apt update -o APT::Update::Pre-Invoke::="/bin/sh" +| +| Or refering to local apt configuration file: +| sudo APT_CONFIG=~/apt.conf apt update +| +| **Installing local debian packages** +| Unfortunatly this allows to not just install packages from the repositories, +| but also to install local packages: +| sudo apt install ./root-shell.deb +| +| Creating a Debian package that contains a wrapper for a root shell or invokes +| a shell as root during within the maintainer scripts is left to the reader, +| however, there's a example available here: +| https://git.open-infrastructure.net/software/root-shell/ + +| **Using wrapper scripts for apt install and apt remove** +| The apt-install and apt-remove wrapper drop parameters as well as file and path +| arguments to ensure only packages from the configured Debian repositories can be +| installed. + +sudo configuration +================== + +| Users can be granted sudo rights for apt-install and apt-remove via sudoers(5): +| "user ALL=NOPASSWD: /usr/bin/apt-install, /usr/bin/apt-remove" + +| It might make sense to also allow unprivileged users to allow updating the system: +| "user ALL=NOPASSWD: /usr/bin/apt update, /usr/bin/apt upgrade, /usr/bin/apt dist-upgrade" + +Warning +======= + +| Granting users local access to a system is always a security risk. +| Giving local users the ability to install packages even more so. + +| While the apt-install and apt-remove wrappers do prevent installing malicious packages, +| bugs in any of the packages within the configured Debian repositories can be exploited. + +See also +======== + +| apt(8), +| sudo(8), +| sudoers(5) + +Homepage +======== + +More information about service-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +service-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/apt/share/man/man.in b/apt/share/man/man.in new file mode 100644 index 0000000..f95ca67 --- /dev/null +++ b/apt/share/man/man.in @@ -0,0 +1,19 @@ +.\" Open Infrastructure: service-tools +.\" +.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.\" +.\" SPDX-License-Identifier: GPL-3.0+ +.\" +.\" This program is free software: you can redistribute it and/or modify +.\" it under the terms of the GNU General Public License as published by +.\" the Free Software Foundation, either version 3 of the License, or +.\" (at your option) any later version. +.\" +.\" This program is distributed in the hope that it will be useful, +.\" but WITHOUT ANY WARRANTY; without even the implied warranty of +.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.\" GNU General Public License for more details. +.\" +.\" You should have received a copy of the GNU General Public License +.\" along with this program. If not, see <https://www.gnu.org/licenses/>. +.\" diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload index cf297ab..c62c133 100755 --- a/dehydrated/share/hooks/exit_hook.service-reload +++ b/dehydrated/share/hooks/exit_hook.service-reload @@ -25,7 +25,8 @@ Run_apache2 () { if grep -Eqrs '^ *SSLCertificateFile' /etc/apache2/sites-enabled then - service apache2 reload + service apache2 stop + service apache2 start fi } diff --git a/git/bin/git-pull-branches b/git/bin/git-pull-branches new file mode 100755 index 0000000..9effa17 --- /dev/null +++ b/git/bin/git-pull-branches @@ -0,0 +1,49 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +CURRENT_BRANCH="$(git branch --show-current)" +REMOTE_BRANCHES="$(git branch -r | awk '{ print $1 }')" + +for REMOTE_BRANCH in ${REMOTE_BRANCHES} +do + BRANCH="$(echo "${REMOTE_BRANCH}" | cut -d/ -f 2-)" + + case "${BRANCH}" in + HEAD|"${CURRENT_BRANCH}") + continue + ;; + esac + + if git branch | sed -e 's|\*||' | grep -qs " ${BRANCH}$" + then + git checkout "${BRANCH}" + git pull + else + git checkout -b "${BRANCH}" "${REMOTE_BRANCH}" + fi +done + +if [ "$(git branch --show-current)" != "${CURRENT_BRANCH}" ] +then + git checkout "${CURRENT_BRANCH}" +fi diff --git a/znuny/Makefile b/znuny/Makefile new file mode 100644 index 0000000..6b3744b --- /dev/null +++ b/znuny/Makefile @@ -0,0 +1,80 @@ +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +SHELL := sh -e + +SCRIPTS = bin/* + +all: build + +test: + @echo -n "Checking for syntax errors with sh... " + @for SCRIPT in $(SCRIPTS); \ + do \ + sh -n $${SCRIPT}; \ + echo -n "."; \ + done + @echo " done." + + @echo -n "Checking for bashisms... " + @if [ -x /usr/bin/checkbashisms ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + checkbashisms -f -x $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: devscripts not installed, skipping checkbashisms."; \ + fi + @echo " done." + + @echo -n "Checking with shellcheck... " + @if [ -x /usr/bin/shellcheck ]; \ + then \ + for SCRIPT in $(SCRIPTS); \ + do \ + shellcheck -e SC2039 $${SCRIPT}; \ + echo -n "."; \ + done; \ + else \ + echo "Note: shellcheck not installed, skipping shellcheck."; \ + fi + @echo " done." + +build: + +install: build + mkdir -p $(DESTDIR)/usr/bin + cp -r bin/* $(DESTDIR)/usr/bin + +uninstall: + for FILE in bin/*; \ + do \ + rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \ + done + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true + + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true + +clean: + +distclean: + +reinstall: uninstall install diff --git a/znuny/bin/otrs.Console.pl b/znuny/bin/otrs.Console.pl new file mode 100755 index 0000000..0e72b93 --- /dev/null +++ b/znuny/bin/otrs.Console.pl @@ -0,0 +1,24 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +sudo -u otrs /usr/share/otrs/bin/otrs.Console.pl ${@} diff --git a/znuny/bin/otrs.Daemon.pl b/znuny/bin/otrs.Daemon.pl new file mode 100755 index 0000000..7882d1d --- /dev/null +++ b/znuny/bin/otrs.Daemon.pl @@ -0,0 +1,24 @@ +#!/bin/sh + +# Open Infrastructure: service-tools + +# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +sudo -u otrs /usr/share/otrs/bin/otrs.Daemon.pl ${@} |