Browse Source

No need to sudo all over the place

Alexandre Aubin 6 years ago
parent
commit
ed60b7782a
6 changed files with 80 additions and 80 deletions
  1. 40 40
      scripts/_common.sh
  2. 1 1
      scripts/helpers
  3. 10 10
      scripts/install
  4. 16 16
      scripts/remove
  5. 6 6
      scripts/restore
  6. 7 7
      scripts/upgrade

+ 40 - 40
scripts/_common.sh

@@ -33,7 +33,7 @@ to_logs() {
 # Experimental helpers
 # Cf. https://github.com/YunoHost-Apps/Experimental_helpers/blob/72b0bc77c68d4a4a2bf4e95663dbc05e4a762a0a/ynh_read_manifest/ynh_read_manifest
 read_json () {
-    sudo python3 -c "import sys, json;print(json.load(open('$1'))['$2'])"
+    python3 -c "import sys, json;print(json.load(open('$1'))['$2'])"
 }
 
 # Experimental helper
@@ -72,7 +72,7 @@ function ynh_systemctl()
   local LOCKFILE="/var/run/moulinette_yunohost.lock"
 
   # Launch the action
-  sudo systemctl "$ACTION" "$SERVICE" &
+  systemctl "$ACTION" "$SERVICE" &
   local SYSCTLACTION=$!
 
   # Save and release the lock...
@@ -142,7 +142,7 @@ ynh_app_package_version () {
 #
 # To force an upgrade, even if the package is up to date,
 # you have to set the variable YNH_FORCE_UPGRADE before.
-# example: sudo YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
+# example: YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
 #
 # usage: ynh_abort_if_up_to_date
 ynh_abort_if_up_to_date () {
@@ -179,70 +179,70 @@ function vpnclient_deploy_files_and_services()
     ynh_system_user_create ${sysuser}
   fi
 
-  # Ensure the system user has enough sudo permissions
-  sudo install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
+  # Ensure the system user has enough permissions
+  install -b -o root -g root -m 0440 ../conf/sudoers.conf /etc/sudoers.d/${app}_ynh
   ynh_replace_string "__VPNCLIENT_SYSUSER__" "${sysuser}" /etc/sudoers.d/${app}_ynh
 
   # Install IPv6 scripts
-  sudo install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
-  sudo install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
+  install -o root -g root -m 0755 ../conf/ipv6_expanded /usr/local/bin/
+  install -o root -g root -m 0755 ../conf/ipv6_compressed /usr/local/bin/
 
   # Install command-line cube file loader
-  sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-loadcubefile.sh /usr/local/bin/
+  install -o root -g root -m 0755 ../conf/ynh-vpnclient-loadcubefile.sh /usr/local/bin/
 
   # Copy confs
-  sudo mkdir -pm 0755 /var/log/nginx/
-  sudo chown root:${sysuser} /etc/openvpn/
-  sudo chmod 775 /etc/openvpn/
-  sudo mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
-
-  sudo install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
-  sudo install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
-  sudo install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
-  sudo install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf
-  sudo install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
-  sudo install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
+  mkdir -pm 0755 /var/log/nginx/
+  chown root:${sysuser} /etc/openvpn/
+  chmod 775 /etc/openvpn/
+  mkdir -pm 0755 /etc/yunohost/hooks.d/post_iptable_rules/
+
+  install -b -o root -g ${sysuser} -m 0664 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl
+  install -o root -g root -m 0644 ../conf/openvpn_client.conf.tpl /etc/openvpn/client.conf.tpl.restore
+  install -b -o root -g root -m 0644 ../conf/nginx_vpnadmin.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+  install -b -o root -g root -m 0644 ../conf/phpfpm_vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf
+  install -b -o root -g root -m 0755 ../conf/hook_post-iptable-rules /etc/yunohost/hooks.d/90-vpnclient.tpl
+  install -b -o root -g root -m 0644 ../conf/openvpn@.service /etc/systemd/system/
 
   # Copy web sources
-  sudo mkdir -pm 0755 /var/www/${app}/
-  sudo cp -a ../sources/* /var/www/${app}/
+  mkdir -pm 0755 /var/www/${app}/
+  cp -a ../sources/* /var/www/${app}/
 
-  sudo chown -R root: /var/www/${app}/
-  sudo chmod -R 0644 /var/www/${app}/*
-  sudo find /var/www/${app}/ -type d -exec chmod +x {} \;
+  chown -R root: /var/www/${app}/
+  chmod -R 0644 /var/www/${app}/*
+  find /var/www/${app}/ -type d -exec chmod +x {} \;
 
   # Create certificates directory
-  sudo mkdir -pm 0770 /etc/openvpn/keys/
-  sudo chown root:${sysuser} /etc/openvpn/keys/
+  mkdir -pm 0770 /etc/openvpn/keys/
+  chown root:${sysuser} /etc/openvpn/keys/
 
   #=================================================
   # NGINX CONFIGURATION
   #=================================================
 
-  sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
-  sudo sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
-  sudo sed "s|<TPL:PHP_NAME>|${app}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+  sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+  sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
+  sed "s|<TPL:PHP_NAME>|${app}|g" -i "/etc/nginx/conf.d/${domain}.d/${app}.conf"
 
   #=================================================
   # PHP-FPM CONFIGURATION
   #=================================================
 
-  sudo sed "s|<TPL:PHP_NAME>|${app}|g" -i /etc/php5/fpm/pool.d/${app}.conf
-  sudo sed "s|<TPL:PHP_USER>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
-  sudo sed "s|<TPL:PHP_GROUP>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
-  sudo sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/${app}.conf
+  sed "s|<TPL:PHP_NAME>|${app}|g" -i /etc/php5/fpm/pool.d/${app}.conf
+  sed "s|<TPL:PHP_USER>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
+  sed "s|<TPL:PHP_GROUP>|${sysuser}|g" -i /etc/php5/fpm/pool.d/${app}.conf
+  sed "s|<TPL:NGINX_REALPATH>|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/${app}.conf
 
   # Fix sources
-  sudo sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i /var/www/${app}/config.php
+  sed "s|<TPL:NGINX_LOCATION>|${path_url}|g" -i /var/www/${app}/config.php
 
   # Copy init script
-  sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
-  sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
+  install -o root -g root -m 0755 ../conf/ynh-vpnclient /usr/local/bin/
+  install -o root -g root -m 0644 ../conf/ynh-vpnclient.service /etc/systemd/system/
 
   # Copy checker timer
-  sudo install -o root -g root -m 0755 ../conf/ynh-vpnclient-checker.sh /usr/local/bin/
-  sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.service /etc/systemd/system/
-  sudo install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.timer /etc/systemd/system/
+  install -o root -g root -m 0755 ../conf/ynh-vpnclient-checker.sh /usr/local/bin/
+  install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.service /etc/systemd/system/
+  install -o root -g root -m 0644 ../conf/ynh-vpnclient-checker.timer /etc/systemd/system/
 
-  sudo systemctl daemon-reload
+  systemctl daemon-reload
 }

+ 1 - 1
scripts/helpers

@@ -18,7 +18,7 @@ function ynh_systemctl()
   local LOCKFILE="/var/run/moulinette_yunohost.lock"
 
   # Launch the action
-  sudo systemctl "$ACTION" "$SERVICE" &
+  systemctl "$ACTION" "$SERVICE" &
   local SYSCTLACTION=$!
 
   # Save and release the lock...

+ 10 - 10
scripts/install

@@ -78,20 +78,20 @@ vpnclient_deploy_files_and_services "${domain}" "${app}"
 # Set default inits
 # The boot order of these services are important, so they are disabled by default
 # and the ynh-vpnclient service handles them.
-sudo systemctl disable openvpn
-sudo systemctl stop openvpn
+systemctl disable openvpn
+systemctl stop openvpn
 
-sudo systemctl enable php5-fpm
-sudo systemctl restart php5-fpm
+systemctl enable php5-fpm
+systemctl restart php5-fpm
 
-sudo systemctl reload nginx
+systemctl reload nginx
 
-sudo systemctl enable ynh-vpnclient
-sudo yunohost service add ynh-vpnclient
+systemctl enable ynh-vpnclient
+yunohost service add ynh-vpnclient
 
 ynh_systemctl start ynh-vpnclient-checker.service
-sudo systemctl enable ynh-vpnclient-checker.service
+systemctl enable ynh-vpnclient-checker.service
 ynh_systemctl start ynh-vpnclient-checker.timer
-sudo systemctl enable ynh-vpnclient-checker.timer
+systemctl enable ynh-vpnclient-checker.timer
 
-sudo yunohost app ssowatconf
+yunohost app ssowatconf

+ 16 - 16
scripts/remove

@@ -36,35 +36,35 @@ domain=$(ynh_app_setting_get $app domain)
 #=================================================
 # The End
 ynh_systemctl stop ynh-vpnclient-checker.service
-sudo systemctl disable ynh-vpnclient-checker.service
+systemctl disable ynh-vpnclient-checker.service
 ynh_systemctl stop ynh-vpnclient-checker.timer && sleep 1
-sudo systemctl disable ynh-vpnclient-checker.timer
+systemctl disable ynh-vpnclient-checker.timer
 ynh_systemctl stop ynh-vpnclient
-sudo systemctl disable ynh-vpnclient
-sudo yunohost service remove ynh-vpnclient
-sudo ynh_secure_remove /etc/systemd/system/ynh-vpnclient* /usr/local/bin/ynh-vpnclient*
-sudo ynh_secure_remove /tmp/.ynh-vpnclient-*
+systemctl disable ynh-vpnclient
+yunohost service remove ynh-vpnclient
+ynh_secure_remove /etc/systemd/system/ynh-vpnclient* /usr/local/bin/ynh-vpnclient*
+ynh_secure_remove /tmp/.ynh-vpnclient-*
 
 # Remove confs
-sudo ynh_secure_remove /etc/openvpn/client.conf{.tpl,.tpl.restore,}
-sudo ynh_secure_remove /etc/nginx/conf.d/${domain}.d/${app}.conf
-sudo ynh_secure_remove /etc/php5/fpm/pool.d/${app}.conf
-sudo ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl
-sudo ynh_secure_remove /etc/systemd/system/openvpn@.service
+ynh_secure_remove /etc/openvpn/client.conf{.tpl,.tpl.restore,}
+ynh_secure_remove /etc/nginx/conf.d/${domain}.d/${app}.conf
+ynh_secure_remove /etc/php5/fpm/pool.d/${app}.conf
+ynh_secure_remove /etc/yunohost/hooks.d/90-vpnclient.tpl
+ynh_secure_remove /etc/systemd/system/openvpn@.service
 
 # Remove certificates
-sudo ynh_secure_remove /etc/openvpn/keys/
+ynh_secure_remove /etc/openvpn/keys/
 
 # Remove packages
 ynh_remove_app_dependencies
 
 # Restart services
-sudo systemctl restart php5-fpm
-sudo systemctl reload nginx
+systemctl restart php5-fpm
+systemctl reload nginx
 
 # Remove sources
-sudo ynh_secure_remove "/var/www/${app}/"
+ynh_secure_remove "/var/www/${app}/"
 
 # Removed system user
 ynh_system_user_delete ${app}
-sudo ynh_secure_remove "/etc/sudoers.d/${app}_ynh"
+ynh_secure_remove "/etc/sudoers.d/${app}_ynh"

+ 6 - 6
scripts/restore

@@ -26,12 +26,12 @@ sysuser="vpnclient" # XXX hard-coded variable
 
 backup_dir="${1}/apps/vpnclient"
 
-sudo mkdir -p /etc/openvpn/
-sudo cp -a "${backup_dir}/keys/" /etc/openvpn/
-sudo cp -a "${backup_dir}/client.conf.tpl" /etc/openvpn/
-sudo chown -R root:${sysuser} /etc/openvpn/keys/
+mkdir -p /etc/openvpn/
+cp -a "${backup_dir}/keys/" /etc/openvpn/
+cp -a "${backup_dir}/client.conf.tpl" /etc/openvpn/
+chown -R root:${sysuser} /etc/openvpn/keys/
 
-gitcommit=$(sudo grep revision /etc/yunohost/apps/vpnclient/status.json | sed 's/.*"revision": "\([^"]\+\)".*/\1/')
+gitcommit=$(grep revision /etc/yunohost/apps/vpnclient/status.json | sed 's/.*"revision": "\([^"]\+\)".*/\1/')
 tmpdir=$(mktemp -dp /tmp/ vpnclient-restore-XXXXX)
 
 git clone https://github.com/labriqueinternet/vpnclient_ynh.git "${tmpdir}/"
@@ -40,4 +40,4 @@ git --work-tree "${tmpdir}/" --git-dir "${tmpdir}/.git/" reset --hard "${gitcomm
 cd "${tmpdir}/scripts/"
 bash ./upgrade 
 
-sudo rm -r "${tmpdir}/"
+rm -r "${tmpdir}/"

+ 7 - 7
scripts/upgrade

@@ -27,13 +27,13 @@ server_name=$(ynh_app_setting_get $app server_name)
 
 # Apply renaming that occured in v1.2.0 ("vpnadmin" -> "${app}")
 if [ -f /etc/nginx/conf.d/${domain}.d/vpnadmin.conf ]; then
-  sudo sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
-  sudo sed "s|vpnadmin.sock|${app}.sock|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
+  sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
+  sed "s|vpnadmin.sock|${app}.sock|g" -i "/etc/nginx/conf.d/${domain}.d/vpnadmin.conf"
   mv /etc/nginx/conf.d/${domain}.d/vpnadmin.conf /etc/nginx/conf.d/${domain}.d/${app}.conf
 fi
 if [ -f /etc/php5/fpm/pool.d/vpnadmin.conf ]; then
-  sudo sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf
-  sudo sed "s|vpnadmin.sock|${app}.sock|g" -i  /etc/php5/fpm/pool.d/vpnadmin.conf
+  sed "s|/var/www/vpnadmin/|/var/www/${app}/|g" -i /etc/php5/fpm/pool.d/vpnadmin.conf
+  sed "s|vpnadmin.sock|${app}.sock|g" -i  /etc/php5/fpm/pool.d/vpnadmin.conf
   mv /etc/php5/fpm/pool.d/vpnadmin.conf /etc/php5/fpm/pool.d/${app}.conf
 fi
 test -d /var/www/vpnadmin && mv /var/www/vpnadmin /var/www/${app}
@@ -70,14 +70,14 @@ ynh_install_app_dependencies "$pkg_dependencies"
 
 # Keep a copy of existing config files before overwriting them
 tmpdir=$(mktemp -d /tmp/vpnclient-upgrade-XXX)
-sudo cp -r /etc/openvpn/client* ${tmpdir}
+cp -r /etc/openvpn/client* ${tmpdir}
 
 # Deploy files from package
 vpnclient_deploy_files_and_services "${domain}" "${app}"
 
 # Restore previously existing config files
-sudo cp -r ${tmpdir}/client* /etc/openvpn/
-sudo ynh_secure_remove ${tmpdir}
+cp -r ${tmpdir}/client* /etc/openvpn/
+ynh_secure_remove ${tmpdir}
 
 #=================================================
 # RELOAD RELEVANT SERVICES