summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2023-02-28 18:00:05 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2023-02-28 18:00:05 +0000
commit54f7d9de36020db4de5e5cbdd8efafaa656d1414 (patch)
tree7e64a77b0110330f4c2bb28f3767d4786b24e8a0
parentAdding upstream version 20221122. (diff)
downloadopen-infrastructure-service-tools-54f7d9de36020db4de5e5cbdd8efafaa656d1414.tar.xz
open-infrastructure-service-tools-54f7d9de36020db4de5e5cbdd8efafaa656d1414.zip
Adding upstream version 20221223.upstream/20221223
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--CHANGELOG.txt10
-rw-r--r--VERSION.txt2
-rw-r--r--apt/Makefile80
-rwxr-xr-xapt/bin/apt-install68
-rwxr-xr-xapt/bin/apt-remove67
-rw-r--r--apt/share/man/Makefile59
-rw-r--r--apt/share/man/apt-install.1.rst123
-rw-r--r--apt/share/man/man.in19
-rwxr-xr-xdehydrated/share/hooks/exit_hook.service-reload3
-rwxr-xr-xgit/bin/git-pull-branches49
-rw-r--r--znuny/Makefile80
-rwxr-xr-xznuny/bin/otrs.Console.pl24
-rwxr-xr-xznuny/bin/otrs.Daemon.pl24
13 files changed, 606 insertions, 2 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 735e15a..5222caa 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -1,3 +1,13 @@
+2022-12-31 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+
+ * Releasing version 20221231.
+
+ [ Daniel Baumann ]
+ * Adding znuny-tools.
+ * Adding git-pull-branches in git-tools.
+ * Completely stop and start apache in dehydrated hook to ensure OCSP renewals.
+ * Adding apt tools.
+
2022-11-22 Daniel Baumann <daniel.baumann@open-infrastructure.net>
* Releasing version 20221122.
diff --git a/VERSION.txt b/VERSION.txt
index 00ec7ae..7a58b9c 100644
--- a/VERSION.txt
+++ b/VERSION.txt
@@ -1 +1 @@
-20221122
+20221223
diff --git a/apt/Makefile b/apt/Makefile
new file mode 100644
index 0000000..6b3744b
--- /dev/null
+++ b/apt/Makefile
@@ -0,0 +1,80 @@
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+SHELL := sh -e
+
+SCRIPTS = bin/*
+
+all: build
+
+test:
+ @echo -n "Checking for syntax errors with sh... "
+ @for SCRIPT in $(SCRIPTS); \
+ do \
+ sh -n $${SCRIPT}; \
+ echo -n "."; \
+ done
+ @echo " done."
+
+ @echo -n "Checking for bashisms... "
+ @if [ -x /usr/bin/checkbashisms ]; \
+ then \
+ for SCRIPT in $(SCRIPTS); \
+ do \
+ checkbashisms -f -x $${SCRIPT}; \
+ echo -n "."; \
+ done; \
+ else \
+ echo "Note: devscripts not installed, skipping checkbashisms."; \
+ fi
+ @echo " done."
+
+ @echo -n "Checking with shellcheck... "
+ @if [ -x /usr/bin/shellcheck ]; \
+ then \
+ for SCRIPT in $(SCRIPTS); \
+ do \
+ shellcheck -e SC2039 $${SCRIPT}; \
+ echo -n "."; \
+ done; \
+ else \
+ echo "Note: shellcheck not installed, skipping shellcheck."; \
+ fi
+ @echo " done."
+
+build:
+
+install: build
+ mkdir -p $(DESTDIR)/usr/bin
+ cp -r bin/* $(DESTDIR)/usr/bin
+
+uninstall:
+ for FILE in bin/*; \
+ do \
+ rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \
+ done
+ rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true
+
+ rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true
+
+clean:
+
+distclean:
+
+reinstall: uninstall install
diff --git a/apt/bin/apt-install b/apt/bin/apt-install
new file mode 100755
index 0000000..2427361
--- /dev/null
+++ b/apt/bin/apt-install
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+PROGRAM="$(basename "${0}")"
+OPTIONS="${*}"
+
+Usage ()
+{
+ echo "Usage: ${PROGRAM} PACKAGE" >&2
+ echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2
+ echo
+ echo "See ${PROGRAM}(1) for more information."
+
+ exit 1
+}
+
+if [ -z "${OPTIONS}" ]
+then
+ Usage
+fi
+
+for OPTION in ${OPTIONS}
+do
+ case "${OPTION}" in
+ -*)
+ # abort if options are trying to be used
+ Usage
+ ;;
+
+ /*)
+ # abort if local deb files are trying to be installed
+ Usage
+ ;;
+
+ .*)
+ # abort if local deb files are trying to be installed
+ echo "Debug: ."
+ Usage
+ ;;
+ esac
+done
+
+# ignore local apt configuration files
+APT_CONFIG=""
+export APT_CONFIG
+
+apt update
+apt install "${OPTIONS}"
diff --git a/apt/bin/apt-remove b/apt/bin/apt-remove
new file mode 100755
index 0000000..655246e
--- /dev/null
+++ b/apt/bin/apt-remove
@@ -0,0 +1,67 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+PROGRAM="$(basename "${0}")"
+OPTIONS="${*}"
+
+Usage ()
+{
+ echo "Usage: ${PROGRAM} PACKAGE" >&2
+ echo "Usage: ${PROGRAM} PACKAGE1 PACKAGE2 ..." >&2
+ echo
+ echo "See ${PROGRAM}(1) for more information."
+
+ exit 1
+}
+
+if [ -z "${OPTIONS}" ]
+then
+ Usage
+fi
+
+for OPTION in ${OPTIONS}
+do
+ case "${OPTION}" in
+ -*)
+ # abort if options are trying to be used
+ Usage
+ ;;
+
+ /*)
+ # abort if local deb files are trying to be installed
+ Usage
+ ;;
+
+ .*)
+ # abort if local deb files are trying to be installed
+ echo "Debug: ."
+ Usage
+ ;;
+ esac
+done
+
+# ignore local apt configuration files
+APT_CONFIG=""
+export APT_CONFIG
+
+apt remove --purge "${OPTIONS}"
diff --git a/apt/share/man/Makefile b/apt/share/man/Makefile
new file mode 100644
index 0000000..a6d6bf2
--- /dev/null
+++ b/apt/share/man/Makefile
@@ -0,0 +1,59 @@
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+# Depends: python3-docutils
+
+RST2MAN = rst2man \
+ --no-datestamp \
+ --no-generator \
+ --strict \
+ --strip-comments \
+ --tab-width=4 \
+ --verbose
+
+VERSION := $(shell cat ../../../VERSION.txt)
+
+SHELL := sh -e
+
+all: build
+
+build: man
+
+man: man.in *.rst
+ @echo -n "Creating manpages... "
+
+ @for FILE in *.rst; \
+ do \
+ cp man.in $$(basename $${FILE} .rst); \
+ $(RST2MAN) $${FILE} | \
+ sed -e '/^.\\" Man page generated/d' \
+ -e '/^.\\" Generated by/d' \
+ -e "s|^\(.TH .*\) \(\"\" \"\"\) |\1 $${VERSION} service-tools |" \
+ >> $$(basename $${FILE} .rst); \
+ echo -n "."; \
+ done
+
+ @echo " done."
+
+clean:
+ rm -f *.[0-9]
+
+distclean: clean
+
+rebuild: clean build
diff --git a/apt/share/man/apt-install.1.rst b/apt/share/man/apt-install.1.rst
new file mode 100644
index 0000000..f446ea9
--- /dev/null
+++ b/apt/share/man/apt-install.1.rst
@@ -0,0 +1,123 @@
+.. Open Infrastructure: service-tools
+
+.. Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+..
+.. SPDX-License-Identifier: GPL-3.0+
+..
+.. This program is free software: you can redistribute it and/or modify
+.. it under the terms of the GNU General Public License as published by
+.. the Free Software Foundation, either version 3 of the License, or
+.. (at your option) any later version.
+..
+.. This program is distributed in the hope that it will be useful,
+.. but WITHOUT ANY WARRANTY; without even the implied warranty of
+.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.. GNU General Public License for more details.
+..
+.. You should have received a copy of the GNU General Public License
+.. along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+===========
+apt-install
+===========
+
+------------------------------------------------------------------------
+securely allow unprivileged users to install packages via apt using sudo
+------------------------------------------------------------------------
+
+:manual section: 1
+:manual group: Open Infrastructure
+
+Synopsis
+========
+
+| **sudo apt-install** PACKAGE
+| **sudo apt-install** PACKAGE1 PACKAGE2 ...
+
+Description
+===========
+
+**apt-install** securely allows unprivileged users to install packages via apt using sudo.
+
+Some background information
+===========================
+
+| **Use case**
+| On managed systems by a group of system administrators, it would be nice to allow
+| unprivileged users to install the packages they like from the pre-configured
+| Debian repositories.
+|
+| **Unsecure via sudo**
+| Traditionally this has been done by granting the unprivileged users to run
+| sudo with e.g.:
+| "user ALL=NOPASSWD: /usr/bin/apt, /usr/bin/apt-get"
+| (see sudoers(5) for information about sudoers, the configuration file for sudo).
+|
+| **Using local apt configuration**
+| Using sudo as above allows for custom apt options to be passed as arguments, e.g.:
+| sudo apt update -o APT::Update::Pre-Invoke::="/bin/sh"
+|
+| Or refering to local apt configuration file:
+| sudo APT_CONFIG=~/apt.conf apt update
+|
+| **Installing local debian packages**
+| Unfortunatly this allows to not just install packages from the repositories,
+| but also to install local packages:
+| sudo apt install ./root-shell.deb
+|
+| Creating a Debian package that contains a wrapper for a root shell or invokes
+| a shell as root during within the maintainer scripts is left to the reader,
+| however, there's a example available here:
+| https://git.open-infrastructure.net/software/root-shell/
+
+| **Using wrapper scripts for apt install and apt remove**
+| The apt-install and apt-remove wrapper drop parameters as well as file and path
+| arguments to ensure only packages from the configured Debian repositories can be
+| installed.
+
+sudo configuration
+==================
+
+| Users can be granted sudo rights for apt-install and apt-remove via sudoers(5):
+| "user ALL=NOPASSWD: /usr/bin/apt-install, /usr/bin/apt-remove"
+
+| It might make sense to also allow unprivileged users to allow updating the system:
+| "user ALL=NOPASSWD: /usr/bin/apt update, /usr/bin/apt upgrade, /usr/bin/apt dist-upgrade"
+
+Warning
+=======
+
+| Granting users local access to a system is always a security risk.
+| Giving local users the ability to install packages even more so.
+
+| While the apt-install and apt-remove wrappers do prevent installing malicious packages,
+| bugs in any of the packages within the configured Debian repositories can be exploited.
+
+See also
+========
+
+| apt(8),
+| sudo(8),
+| sudoers(5)
+
+Homepage
+========
+
+More information about service-tools and the Open Infrastructure project can be
+found on the homepage (https://open-infrastructure.net).
+
+Contact
+=======
+
+Bug reports, feature requests, help, patches, support and everything else are
+welcome on the Open Infrastructure Software Mailing List
+<software@lists.open-infrastructure.net>.
+
+Debian specific bugs can also be reported in the Debian Bug Tracking System
+(https://bugs.debian.org).
+
+Authors
+=======
+
+service-tools were written by Daniel Baumann
+<daniel.baumann@open-infrastructure.net> and others.
diff --git a/apt/share/man/man.in b/apt/share/man/man.in
new file mode 100644
index 0000000..f95ca67
--- /dev/null
+++ b/apt/share/man/man.in
@@ -0,0 +1,19 @@
+.\" Open Infrastructure: service-tools
+.\"
+.\" Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+.\"
+.\" SPDX-License-Identifier: GPL-3.0+
+.\"
+.\" This program is free software: you can redistribute it and/or modify
+.\" it under the terms of the GNU General Public License as published by
+.\" the Free Software Foundation, either version 3 of the License, or
+.\" (at your option) any later version.
+.\"
+.\" This program is distributed in the hope that it will be useful,
+.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
+.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+.\" GNU General Public License for more details.
+.\"
+.\" You should have received a copy of the GNU General Public License
+.\" along with this program. If not, see <https://www.gnu.org/licenses/>.
+.\"
diff --git a/dehydrated/share/hooks/exit_hook.service-reload b/dehydrated/share/hooks/exit_hook.service-reload
index cf297ab..c62c133 100755
--- a/dehydrated/share/hooks/exit_hook.service-reload
+++ b/dehydrated/share/hooks/exit_hook.service-reload
@@ -25,7 +25,8 @@ Run_apache2 ()
{
if grep -Eqrs '^ *SSLCertificateFile' /etc/apache2/sites-enabled
then
- service apache2 reload
+ service apache2 stop
+ service apache2 start
fi
}
diff --git a/git/bin/git-pull-branches b/git/bin/git-pull-branches
new file mode 100755
index 0000000..9effa17
--- /dev/null
+++ b/git/bin/git-pull-branches
@@ -0,0 +1,49 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+CURRENT_BRANCH="$(git branch --show-current)"
+REMOTE_BRANCHES="$(git branch -r | awk '{ print $1 }')"
+
+for REMOTE_BRANCH in ${REMOTE_BRANCHES}
+do
+ BRANCH="$(echo "${REMOTE_BRANCH}" | cut -d/ -f 2-)"
+
+ case "${BRANCH}" in
+ HEAD|"${CURRENT_BRANCH}")
+ continue
+ ;;
+ esac
+
+ if git branch | sed -e 's|\*||' | grep -qs " ${BRANCH}$"
+ then
+ git checkout "${BRANCH}"
+ git pull
+ else
+ git checkout -b "${BRANCH}" "${REMOTE_BRANCH}"
+ fi
+done
+
+if [ "$(git branch --show-current)" != "${CURRENT_BRANCH}" ]
+then
+ git checkout "${CURRENT_BRANCH}"
+fi
diff --git a/znuny/Makefile b/znuny/Makefile
new file mode 100644
index 0000000..6b3744b
--- /dev/null
+++ b/znuny/Makefile
@@ -0,0 +1,80 @@
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+SHELL := sh -e
+
+SCRIPTS = bin/*
+
+all: build
+
+test:
+ @echo -n "Checking for syntax errors with sh... "
+ @for SCRIPT in $(SCRIPTS); \
+ do \
+ sh -n $${SCRIPT}; \
+ echo -n "."; \
+ done
+ @echo " done."
+
+ @echo -n "Checking for bashisms... "
+ @if [ -x /usr/bin/checkbashisms ]; \
+ then \
+ for SCRIPT in $(SCRIPTS); \
+ do \
+ checkbashisms -f -x $${SCRIPT}; \
+ echo -n "."; \
+ done; \
+ else \
+ echo "Note: devscripts not installed, skipping checkbashisms."; \
+ fi
+ @echo " done."
+
+ @echo -n "Checking with shellcheck... "
+ @if [ -x /usr/bin/shellcheck ]; \
+ then \
+ for SCRIPT in $(SCRIPTS); \
+ do \
+ shellcheck -e SC2039 $${SCRIPT}; \
+ echo -n "."; \
+ done; \
+ else \
+ echo "Note: shellcheck not installed, skipping shellcheck."; \
+ fi
+ @echo " done."
+
+build:
+
+install: build
+ mkdir -p $(DESTDIR)/usr/bin
+ cp -r bin/* $(DESTDIR)/usr/bin
+
+uninstall:
+ for FILE in bin/*; \
+ do \
+ rm -f $(DESTDIR)/usr/bin/$$(basename $${FILE}); \
+ done
+ rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/usr/bin || true
+
+ rmdir --ignore-fail-on-non-empty --parents $(DESTDIR) || true
+
+clean:
+
+distclean:
+
+reinstall: uninstall install
diff --git a/znuny/bin/otrs.Console.pl b/znuny/bin/otrs.Console.pl
new file mode 100755
index 0000000..0e72b93
--- /dev/null
+++ b/znuny/bin/otrs.Console.pl
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+sudo -u otrs /usr/share/otrs/bin/otrs.Console.pl ${@}
diff --git a/znuny/bin/otrs.Daemon.pl b/znuny/bin/otrs.Daemon.pl
new file mode 100755
index 0000000..7882d1d
--- /dev/null
+++ b/znuny/bin/otrs.Daemon.pl
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Open Infrastructure: service-tools
+
+# Copyright (C) 2014-2022 Daniel Baumann <daniel.baumann@open-infrastructure.net>
+#
+# SPDX-License-Identifier: GPL-3.0+
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <https://www.gnu.org/licenses/>.
+
+set -e
+
+sudo -u otrs /usr/share/otrs/bin/otrs.Daemon.pl ${@}