initial commit

2018-09-04 18:16:47 +02:00 · 2018-09-04 18:16:47 +02:00 · a6d7cf16e1
commit a6d7cf16e1
10 changed files with 156 additions and 0 deletions
--- a/debian/changelog
+++ b/debian/changelog
@ -0,0 +1,7 @@
+publik-common (0.1) jessie; urgency=medium
+
+  * Create consistent system users for Publik
+  * Add recommends on entrouvert-archive-keyring, entrouvert-repository and
+    locales
+
+ -- Christophe Siraut <csiraut@entrouvert.com>  Tue, 04 Sep 2018 17:15:19 +0200
--- a/debian/compat
+++ b/debian/compat
@ -0,0 +1 @@
+9
--- a/debian/control
+++ b/debian/control
@ -0,0 +1,16 @@
+Source: publik-common
+Maintainer: Christophe Siraut <csiraut@entrouvert.com>
+Section: admin
+Priority: optional
+Build-Depends: debhelper (>= 9)
+Standards-Version: 4.1.3
+
+Package: publik-common
+Architecture: all
+Depends: ${misc:Depends}, python3:any
+Recommends: entrouvert-archive-keyring,
+            entrouvert-repository,
+            locales
+Description: basic configuration and utilities for running a Publik server
+ This package provides basic configuration and utilities for running a
+ standalone or clustered Publik system.
--- a/debian/copyright
+++ b/debian/copyright
@ -0,0 +1,25 @@
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Upstream-Name: publik-common
+Source: https://www.entrouvert.com
+
+Files: *
+Copyright: 2018 Christophe Siraut <csiraut@entrouvert.com>
+           2018 Entrouvert Admins <admin@entrouvert.com>
+License: GPL-3.0+
+
+License: GPL-3.0+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation, either version 3 of the License, or
+ (at your option) any later version.
+ .
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ GNU General Public License for more details.
+ .
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
+ .
+ On Debian systems, the complete text of the GNU General
+ Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -0,0 +1,7 @@
+[DEFAULT]
+cleaner = fakeroot debian/rules clean
+builder = debuild -us -uc
+
+[buildpackage]
+export-dir = ../build-area
+
--- a/debian/install
+++ b/debian/install
@ -0,0 +1,2 @@
+publik-create-users /usr/bin
+
--- a/debian/postinst
+++ b/debian/postinst
@ -0,0 +1,40 @@
+#!/bin/sh
+# postinst script for dummy
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see https://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+    configure)
+        publik-create-users
+    ;;
+
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
--- a/debian/rules
+++ b/debian/rules
@ -0,0 +1,5 @@
+#!/usr/bin/make -f
+export PYBUILD_NAME=publik-common
+
+%:
+	dh $@
--- a/debian/source/format
+++ b/debian/source/format
@ -0,0 +1 @@
+3.0 (native)
--- a/52
+++ b/52
@ -0,0 +1,52 @@
+#!/usr/bin/python3
+# publik-create-users
+# 2018 Entr'ouvert
+
+import subprocess
+
+userlist = {
+    'hobo': {'uid': '2101'},
+    'authentic-multitenant': {'uid': '2102'},
+    'wcs': {'uid': '2103'},
+    'wcs-au-quotidien': {'uid': '2104'},
+    'passerelle': {'uid': '2105'},
+    'combo': {'uid': '2106'},
+    'fargo': {'uid': '2107'},
+    'welco': {'uid': '2108'},
+    'chrono': {'uid': '2109'},
+    'corbo': {'uid': '2110'},
+    'bijoe': {'uid': '2111'},
+    'mandayejs': {'uid': '2112'}
+    }
+
+def run(cmd, check=True):
+    # when dropping jessie and python3.4 support better use:
+    # rr = subprocess.run(cmd, stdout=PIPE, shell=True, check=check)
+    # return (rr.returncode, rr.stdout)
+    try:
+        output = subprocess.check_output(cmd, shell=True)
+        return (0, output)
+    except subprocess.CalledProcessError:
+        if check:
+            raise(Exception('Command failed: "{}"'.format(cmd)))
+        else:
+            return (1, None)
+
+for user, data in userlist.items():
+    uid = data.get('uid')
+    rc, ou = run('getent group {}'.format(user), check=False)
+    if rc == 0:
+        current_uid = ou.decode().split(':')[2]
+        if current_uid != uid:
+            raise(Exception('{} uid does not match'.format(user)))
+    else:
+        run('addgroup --system --gid {} {}'.format(uid, user))
+
+
+    rc, ou = run('getent passwd {}'.format(user), check=False)
+    if rc == 0:
+        uid = ou.decode().split(':')[2]
+        if uid != uid:
+            raise(Exception('{} uid does not match'.format(user)))
+    else:
+        run('adduser --disabled-password --system --uid {uid} --gecos "{user} daemon" --ingroup {user} --no-create-home --home /var/lib/{user} {user}'.format(user=user, uid=uid))