diff --git a/install b/install index 85a4e04..3f83a7e 100755 --- a/install +++ b/install @@ -222,7 +222,6 @@ wo_install_dep() { # add php repository gpg key curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb dpkg -i /tmp/debsuryorg-archive-keyring.deb && rm -f /tmp/debsuryorg-archive-keyring.deb - sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list' fi locale-gen en # enable unattended upgades @@ -232,13 +231,59 @@ wo_install_dep() { } wo_download_gpg_keys() { + local wo_distro_version + wo_distro_version=$(lsb_release -rs | grep -oE '[0-9]+') + local wo_linux_distro + wo_linux_distro=$(lsb_release -is) + + # create directories + mkdir -p /usr/share/keyrings /etc/apt/keyrings + # redis gpg key curl -fsSL https://packages.redis.io/gpg | gpg --dearmor | tee /usr/share/keyrings/redis-archive-keyring.gpg >/dev/null 2>&1 # mariadb - mkdir -p /etc/apt/keyrings curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp' + # nginx + if [ "$wo_linux_distro" == "Debian" ]; then + curl -fsSL "https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_$wo_distro_version/Release.key" | gpg --dearmor | tee /usr/share/keyrings/wordops-archive-keyring.gpg >/dev/null 2>&1 + fi + if [ "$wo_linux_distro" == "Raspbian" ]; then + curl -fsSL "https://download.opensuse.org/repositories/home:virtubox:WordOps/Raspbian_$wo_distro_version/Release.key" | gpg --dearmor | tee /usr/share/keyrings/wordops-archive-keyring.gpg >/dev/null 2>&1 + fi +} + +wo_update_repo() { + local wo_linux_codename + wo_linux_codename=$(lsb_release -sc) + if [ -f /etc/apt/sources.list.d/wo-repo.list ]; then + # properly define sury repository + if grep -q sury /etc/apt/sources.list.d/wo-repo.list; then + echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $wo_linux_codename main" >/etc/apt/sources.list.d/php.list + fi + # properly define mariadb repository + if grep -q mariadb /etc/apt/sources.list.d/wo-repo.list; then + mariadb_repo=$(grep mariadb /etc/apt/sources.list.d/wo-repo.list | awk -F\ '{ print $3 }') + echo "deb [signed-by=/etc/apt/keyrings/mariadb-keyring.pgp] $mariadb_repo $wo_linux_codename main" >/etc/apt/sources.list.d/mariadb.list + fi + # properly define redis repository + if grep -q redis /etc/apt/sources.list.d/wo-repo.list; then + echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $wo_linux_codename main" >/etc/apt/sources.list.d/redis.list + fi + # properly define WordOps nginx repository + if grep -q WordOps /etc/apt/sources.list.d/wo-repo.list; then + wo_repo=$(grep WordOps /etc/apt/sources.list.d/wo-repo.list | awk -F\ '{ print $2 }') + echo "deb [signed-by=/usr/share/keyrings/wordops-archive-keyring.gpg] $wo_repo /" >/etc/apt/sources.list.d/wordops.list + fi + # cleanup wo-repo.list + if grep -Eqv "WordOps|mariadb|sury|redis" /etc/apt/sources.list.d/wo-repo.list; then + rm -f /etc/apt/sources.list.d/wo-repo.list + else + clean_wo_repo=$(grep -Ev "WordOps|mariadb|sury|redis" /etc/apt/sources.list.d/wo-repo.list) + echo "$clean_wo_repo" >/etc/apt/sources.list.d/wo-repo.list + fi + fi } wo_timesync() { @@ -763,12 +808,6 @@ wo_init() { ### if [ -z "$wo_travis" ]; then - # import easyengine opensusebuildservice gpg key to avoid issues with packages update - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3050ac3cd2ae6f03 >/dev/null 2>&1 - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xF1656F24C74CD1D8 >/dev/null 2>&1 - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys cf0b928cded64f3b >/dev/null 2>&1 - # fix digitalocean mariadb repository issue - sed -i 's/sfo1.mirrors.digitalocean.com\/mariadb/mariadb.mirrors.ovh.net\/MariaDB/' /etc/apt/sources.list.d/*.list >/dev/null 2>&1 if [ -f /etc/apt/preferences.d/MariaDB.pref ]; then sed -i 's/sfo1.mirrors.digitalocean.com/mariadb.mirrors.ovh.net/' /etc/apt/preferences.d/MariaDB.pref >/dev/null 2>&1 fi @@ -786,14 +825,19 @@ wo_init() { if ! command_exists jq; then apt-get install jq -qq >/dev/null 2>&1 fi + if ! command_exists gpg; then + apt-get install gpg -qq >/dev/null 2>&1 + fi fi if [ "$wo_force_install" = "y" ]; then [ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; } fi if [ -f ./setup.py ]; then - readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print $2}' 2>&1) + readonly wo_version_new + wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print $2}' 2>&1) else - readonly wo_version_new=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/WordOps/WordOps/releases/latest 2>&1 | jq -r '.tag_name') + readonly wo_version_new + wo_version_new=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/WordOps/WordOps/releases/latest 2>&1 | jq -r '.tag_name') fi echo "" @@ -821,12 +865,13 @@ wo_git_secure_path() { # create required directories wo_dir_init -# install lsb_release, curl and display header +# install lsb_release, curl, gpg and display header wo_init # define main variables wo_init_variables # remove old repositories _run wo_clean_repo +_run wo_download_gpg_keys if [ -z "$wo_force_install" ]; then # check distribution support @@ -846,6 +891,7 @@ else _run wo_woconf _run wo_fix_kernel _run wo_php_fix + _run wo_update_repo # 2 - Migration from EEv3 else if [ -x /usr/local/bin/ee ]; then @@ -861,7 +907,6 @@ else fi _run wo_install_dep "Installing wo dependencies" - _run wo_download_gpg_keys _run wo_timesync # skip steps if travis if [ -z "$wo_travis" ]; then diff --git a/wo/cli/plugins/stack_pref.py b/wo/cli/plugins/stack_pref.py index f2a2491..2c9944c 100644 --- a/wo/cli/plugins/stack_pref.py +++ b/wo/cli/plugins/stack_pref.py @@ -46,11 +46,7 @@ def pre_pref(self, apt_packages): else: wo_mysql_repo_conf = WOVar.wo_mysql_repo # APT repositories - WORepo.add(self, repo_url=wo_mysql_repo_conf) - WORepo.add_key(self, '0xcbcb082a1bb943db', - keyserver='keyserver.ubuntu.com') - WORepo.add_key(self, '0xF1656F24C74CD1D8', - keyserver='keyserver.ubuntu.com') + WORepo.add(self, repo_url=wo_mysql_repo_conf, repo_name="mariadb") if ("mariadb-server" in apt_packages and not os.path.exists('/etc/mysql/conf.d/my.cnf')): # generate random 24 characters root password @@ -77,13 +73,10 @@ def pre_pref(self, apt_packages): WORepo.add(self, ppa=WOVar.wo_nginx_repo) Log.debug(self, 'Adding ppa for Nginx') else: - if not WOFileUtils.grepcheck( - self, '/etc/apt/sources.list/wo-repo.list', - 'WordOps'): + if not os.path.exists('/etc/apt/sources.list.d/wordops.list'): Log.info(self, "Adding repository for NGINX, please wait...") Log.debug(self, 'Adding repository for Nginx') - WORepo.add(self, repo_url=WOVar.wo_nginx_repo) - WORepo.add_key(self, WOVar.wo_nginx_key) + WORepo.add(self, repo_url=WOVar.wo_nginx_repo, repo_name="wordops") # add php repository if (('php7.3-fpm' in apt_packages) or @@ -108,34 +101,15 @@ def pre_pref(self, apt_packages): 'PHP.pref', mode='w', encoding='utf-8') as php_pref_file: php_pref_file.write(php_pref) - if not WOFileUtils.grepcheck( - self, '/etc/apt/sources.list.d/wo-repo.list', - 'packages.sury.org'): + if not os.path.exists('/etc/apt/sources.list.d/php.list'): Log.debug(self, 'Adding repo_url of php for debian') Log.info(self, "Adding repository for PHP, please wait...") - WORepo.add(self, repo_url=WOVar.wo_php_repo) - Log.debug(self, 'Adding deb.sury GPG key') - WORepo.add_key(self, WOVar.wo_php_key) + WORepo.add(self, repo_url=WOVar.wo_php_repo, repo_name="php") + # add redis repository if set(WOVar.wo_redis).issubset(set(apt_packages)): - if not WOFileUtils.grepcheck( - self, '/etc/apt/sources.list/wo-repo.list', - 'redis.io') and not (WOVar.wo_platform_codename == 'noble'): - Log.info(self, "Adding repository for Redis, please wait...") - WORepo.add(self, repo_url=WOVar.wo_redis_repo) - WORepo.download_key(self, WOVar.wo_redis_key_url) - - # nano - if 'nano' in apt_packages: - if WOVar.wo_platform_codename == 'buster': - if (not WOFileUtils.grepcheck( - self, '/etc/apt/sources.list/wo-repo.list', - 'WordOps')): - Log.info(self, - "Adding repository for Nano, please wait...") - Log.debug(self, 'Adding repository for Nano') - WORepo.add_key(self, WOVar.wo_nginx_key) - WORepo.add(self, repo_url=WOVar.wo_nginx_repo) + if not os.path.exists('/etc/apt/sources.list.d/redis.list'): + WORepo.add(self, repo_url=WOVar.wo_redis_repo, repo_name="redis") def post_pref(self, apt_packages, packages, upgrade=False): diff --git a/wo/core/apt_repo.py b/wo/core/apt_repo.py index e260e4f..5abb9ff 100644 --- a/wo/core/apt_repo.py +++ b/wo/core/apt_repo.py @@ -13,7 +13,7 @@ class WORepo(): """Initialize """ pass - def add(self, repo_url=None, ppa=None): + def add(self, repo_url=None, ppa=None, repo_name=None): """ This function used to add apt repositories and or ppa's If repo_url is provided adds repo file to @@ -24,8 +24,9 @@ class WORepo(): """ if repo_url is not None: - repo_file_path = ("/etc/apt/sources.list.d/" + - WOVar().wo_repo_file) + if repo_name is not None: + repo_file_path = ("/etc/apt/sources.list.d/" + + f"{repo_name}.list") try: if not os.path.isfile(repo_file_path): with open(repo_file_path, diff --git a/wo/core/variables.py b/wo/core/variables.py index 5b32eba..da46857 100644 --- a/wo/core/variables.py +++ b/wo/core/variables.py @@ -118,10 +118,7 @@ class WOVar(): # Nginx repo and packages if wo_distro == 'ubuntu': wo_nginx_repo = "ppa:wordops/nginx-wo" - wo_extra_repo = ( - "deb http://download.opensuse.org" - "/repositories/home:/virtubox:" - "/WordOps/xUbuntu_{0}/ /".format(wo_platform_version)) + else: if wo_distro == 'debian': if wo_platform_codename == 'buster': @@ -138,10 +135,10 @@ class WOVar(): elif wo_platform_codename == 'bookworm': wo_deb_repo = "Raspbian_12" # debian/raspbian nginx repository - wo_nginx_repo = ("deb http://download.opensuse.org" - "/repositories/home:" - "/virtubox:/WordOps/{0}/ /" - .format(wo_deb_repo)) + wo_nginx_repo = ("deb [signed-by=/usr/share/keyrings/wordops-archive-keyring.gpg] " + "http://download.opensuse.org" + f"/repositories/home:/virtubox:/WordOps/{wo_deb_repo}/ /") + wo_nginx_key = (f"https://download.opensuse.org/repositories/home:virtubox:WordOps/{wo_deb_repo}/Release.key") wo_nginx = ["nginx-custom", "nginx-wo"] wo_nginx_key = 'FB898660' @@ -190,24 +187,23 @@ class WOVar(): wo_clamav = ["clamav", "clamav-freshclam"] # APT repositories - wo_mysql_repo = ("deb [arch=amd64,arm64,ppc64el] " + wo_mysql_repo = ("deb [signed-by=/etc/apt/keyrings/mariadb-keyring.pgp] " "http://mariadb.mirrors.ovh.net/MariaDB/repo/" - "{version}/{distro} {codename} main" - .format(version=mariadb_ver, - distro=wo_distro, - codename=wo_platform_codename)) + f"{mariadb_ver}/{wo_distro} {wo_platform_codename} main") + mariadb_repo_key = "https://mariadb.org/mariadb_release_signing_key.pgp" if wo_distro == 'ubuntu': wo_php_repo = "ppa:ondrej/php" wo_goaccess_repo = ("ppa:alex-p/goaccess") else: wo_php_repo = ( - "deb https://packages.sury.org/php/ {codename} main" - .format(codename=wo_platform_codename)) + "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] " + f"https://packages.sury.org/php/ {wo_platform_codename} main") wo_php_key = '95BD4743' wo_redis_key_url = "https://packages.redis.io/gpg" - wo_redis_repo = ("deb https://packages.redis.io/deb {codename} main" - .format(codename=wo_platform_codename)) + wo_redis_repo = ( + "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] " + f"https://packages.redis.io/deb {wo_platform_codename} main") wo_redis = ['redis-server']