ScriptsCollections/GitHub.webhook-scripts
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Make sure correct user runs the scripts

Browse Source
This commit is contained in:
Clemens Schwaighofer
2025-07-04 11:37:48 +09:00
parent f408d9b0b8
commit 2c1ac5c9bc
2 changed files with 28 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/bin/base_setup.sh
View File

@@ -33,6 +33,11 @@ elif [ "${USE_SUDO}" = "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
echo "SUDO is off, user must exist in system"; echo "SUDO is off, user must exist in system";
error=1; error=1;
fi; fi;
# this script has to be run as root
if [ "$(whoami)" != "root" ]; then
echo "Script must be run as root user";
error=1;
fi;
if [ $error -eq 1 ]; then if [ $error -eq 1 ]; then
exit; exit;
@@ -94,7 +99,8 @@ Host UdonGitJump
Port 37337 Port 37337
EOF EOF
if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then if [ -f "${PEM_BASE}${JUMP_PEM_FILE}" ]; then
cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/; sudo -u "${SUDO_USER}" cp "${PEM_BASE}${JUMP_PEM_FILE}" "${GIT_REPOSITORY_FOLDER}"/.ssh/;
sudo -u "${SUDO_USER}" chmod 600 "${GIT_REPOSITORY_FOLDER}/.ssh/${JUMP_PEM_FILE}"
else else
echo "PEM FILE ${JUMP_PEM_FILE} must be added manually" echo "PEM FILE ${JUMP_PEM_FILE} must be added manually"
fi; fi;
@@ -110,7 +116,7 @@ EOF
"${GIT_REPOSITORY_FOLDER}${WWW_WEBHOOK_INCOMING}" \ "${GIT_REPOSITORY_FOLDER}${WWW_WEBHOOK_INCOMING}" \
"${GIT_REPOSITORY_FOLDER}${WWW_ADMIN}"; "${GIT_REPOSITORY_FOLDER}${WWW_ADMIN}";
# set basic folder rights, clone folder is excluded # set basic folder rights, clone folder is excluded
chmod 700 \ sudo -u "${SUDO_USER}" chmod 700 \
"${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" \ "${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" \
"${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}" \ "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}" \
"${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}" \ "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}" \
@@ -124,8 +130,8 @@ EOF
# Copy files # Copy files
echo "+ Copy basic script and config files"; echo "+ Copy basic script and config files";
# git_pull.sh, init.sh, new_clone.sh, webhook.default.cfg # git_pull.sh, init.sh, new_clone.sh, webhook.default.cfg
cp "${BASE_FOLDER}new_clone.sh" "${BASE_FOLDER}init.sh" "${BASE_FOLDER}git_clone.sh" "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}"; sudo -u "${SUDO_USER}"cp "${BASE_FOLDER}new_clone.sh" "${BASE_FOLDER}init.sh" "${BASE_FOLDER}git_clone.sh" "${GIT_REPOSITORY_FOLDER}${SCRIPT_FOLDER}";
cp "${CONFIG_BASE}/webhook.default.cfg" "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}"; sudo -u "${SUDO_USER}"cp "${CONFIG_BASE}/webhook.default.cfg" "${GIT_REPOSITORY_FOLDER}${CONFIG_FOLDER}";
fi; fi;
# __END__ # __END__

24
src/bin/init.sh
View File

@@ -10,19 +10,26 @@ if [ -f "${CONFIG_BASE}webhook.cfg" ]; then
# shellcheck disable=SC1091 # shellcheck disable=SC1091
source <(grep "=" "${CONFIG_BASE}webhook.cfg" | sed 's/ *= */=/g') source <(grep "=" "${CONFIG_BASE}webhook.cfg" | sed 's/ *= */=/g')
fi; fi;
error=0;
if [ "${USE_SUDO}" != "0" ] && ! id "${SUDO_USER}" &>/dev/null; then if [ "${USE_SUDO}" != "0" ] && ! id "${SUDO_USER}" &>/dev/null; then
echo "sudo user ${SUDO_USER} does not exist"; echo "sudo user ${SUDO_USER} does not exist";
exit; error=1;
fi; fi;
# check that user exist # check that user exist
# check that git exists # check that git exists
if [ -z "$(command -v git)" ]; then if [ -z "$(command -v git)" ]; then
echo "git is not installed"; echo "git is not installed";
exit; error=1;
fi; fi;
GIT_COMMAND_BASE=("git"); GIT_COMMAND_BASE=("git");
if [ -n "${USE_SUDO}" ]; then if [ -n "${USE_SUDO}" ]; then
GIT_COMMAND_BASE=("sudo" "-u" "${SUDO_USER}" "git");. # if we are root -> ok, else we must be SUDO USER
if [ "$(whoami)" = "root" ]; then
GIT_COMMAND_BASE=("sudo" "-u" "${SUDO_USER}" "git");.
elif [ "$(whoami)" != "${SUDO_USER}" ]; then
echo "Script must be run as root or as the ${SUDO_USER}";
error=1;
fi;
fi; fi;
# add trailing slash if not set # add trailing slash if not set
@@ -33,24 +40,29 @@ LOG_FOLDER="log/"
# base folder does not exist # base folder does not exist
if [ ! -d "${GIT_REPOSITORY_FOLDER}" ]; then if [ ! -d "${GIT_REPOSITORY_FOLDER}" ]; then
echo "Base folder: ${GIT_REPOSITORY_FOLDER} not found"; echo "Base folder: ${GIT_REPOSITORY_FOLDER} not found";
exit; error=1;
fi; fi;
# branch name not set # branch name not set
if [ -n "${BRANCH}" ]; then if [ -n "${BRANCH}" ]; then
echo "No branch name given"; echo "No branch name given";
exit; error=1;
fi; fi;
# check that log folder exists # check that log folder exists
if [ ! -d "${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" ]; then if [ ! -d "${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}" ]; then
echo "Log folder does not exist: ${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}"; echo "Log folder does not exist: ${GIT_REPOSITORY_FOLDER}${LOG_FOLDER}";
exit; error=1;
fi; fi;
# check that the base clone folder exists # check that the base clone folder exists
if [ ! -d "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}" ]; then if [ ! -d "${GIT_REPOSITORY_FOLDER}${CLONE_BASE}" ]; then
echo "Clone base folder does not exist: ${GIT_REPOSITORY_FOLDER}${CLONE_BASE}"; echo "Clone base folder does not exist: ${GIT_REPOSITORY_FOLDER}${CLONE_BASE}";
error=1;
fi;
# exit on error
if [ $error -eq 1 ]; then
exit; exit;
fi; fi;