Malin/WPIQ
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Properly download and set repositories's gpg keys

Browse Source
This commit is contained in:
VirtuBox
2024-06-07 14:53:50 +02:00
parent 07ce93bdf8
commit 0f6a53efc6
4 changed files with 82 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

69
install
View File

@@ -222,7 +222,6 @@ wo_install_dep() {
# add php repository gpg key # add php repository gpg key
curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb curl -sSLo /tmp/debsuryorg-archive-keyring.deb https://packages.sury.org/debsuryorg-archive-keyring.deb
dpkg -i /tmp/debsuryorg-archive-keyring.deb && rm -f /tmp/debsuryorg-archive-keyring.deb dpkg -i /tmp/debsuryorg-archive-keyring.deb && rm -f /tmp/debsuryorg-archive-keyring.deb
sh -c 'echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
fi fi
locale-gen en locale-gen en
# enable unattended upgades # enable unattended upgades
@@ -232,13 +231,59 @@ wo_install_dep() {
} }
wo_download_gpg_keys() { wo_download_gpg_keys() {
local wo_distro_version
wo_distro_version=$(lsb_release -rs | grep -oE '[0-9]+')
local wo_linux_distro
wo_linux_distro=$(lsb_release -is)
# create directories
mkdir -p /usr/share/keyrings /etc/apt/keyrings
# redis gpg key # redis gpg key
curl -fsSL https://packages.redis.io/gpg | gpg --dearmor | tee /usr/share/keyrings/redis-archive-keyring.gpg >/dev/null 2>&1 curl -fsSL https://packages.redis.io/gpg | gpg --dearmor | tee /usr/share/keyrings/redis-archive-keyring.gpg >/dev/null 2>&1
# mariadb # mariadb
mkdir -p /etc/apt/keyrings
curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp' curl -o /etc/apt/keyrings/mariadb-keyring.pgp 'https://mariadb.org/mariadb_release_signing_key.pgp'
# nginx
if [ "$wo_linux_distro" == "Debian" ]; then
curl -fsSL "https://download.opensuse.org/repositories/home:virtubox:WordOps/Debian_$wo_distro_version/Release.key" | gpg --dearmor | tee /usr/share/keyrings/wordops-archive-keyring.gpg >/dev/null 2>&1
fi
if [ "$wo_linux_distro" == "Raspbian" ]; then
curl -fsSL "https://download.opensuse.org/repositories/home:virtubox:WordOps/Raspbian_$wo_distro_version/Release.key" | gpg --dearmor | tee /usr/share/keyrings/wordops-archive-keyring.gpg >/dev/null 2>&1
fi
}
wo_update_repo() {
local wo_linux_codename
wo_linux_codename=$(lsb_release -sc)
if [ -f /etc/apt/sources.list.d/wo-repo.list ]; then
# properly define sury repository
if grep -q sury /etc/apt/sources.list.d/wo-repo.list; then
echo "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] https://packages.sury.org/php/ $wo_linux_codename main" >/etc/apt/sources.list.d/php.list
fi
# properly define mariadb repository
if grep -q mariadb /etc/apt/sources.list.d/wo-repo.list; then
mariadb_repo=$(grep mariadb /etc/apt/sources.list.d/wo-repo.list | awk -F\ '{ print $3 }')
echo "deb [signed-by=/etc/apt/keyrings/mariadb-keyring.pgp] $mariadb_repo $wo_linux_codename main" >/etc/apt/sources.list.d/mariadb.list
fi
# properly define redis repository
if grep -q redis /etc/apt/sources.list.d/wo-repo.list; then
echo "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] https://packages.redis.io/deb $wo_linux_codename main" >/etc/apt/sources.list.d/redis.list
fi
# properly define WordOps nginx repository
if grep -q WordOps /etc/apt/sources.list.d/wo-repo.list; then
wo_repo=$(grep WordOps /etc/apt/sources.list.d/wo-repo.list | awk -F\ '{ print $2 }')
echo "deb [signed-by=/usr/share/keyrings/wordops-archive-keyring.gpg] $wo_repo /" >/etc/apt/sources.list.d/wordops.list
fi
# cleanup wo-repo.list
if grep -Eqv "WordOps|mariadb|sury|redis" /etc/apt/sources.list.d/wo-repo.list; then
rm -f /etc/apt/sources.list.d/wo-repo.list
else
clean_wo_repo=$(grep -Ev "WordOps|mariadb|sury|redis" /etc/apt/sources.list.d/wo-repo.list)
echo "$clean_wo_repo" >/etc/apt/sources.list.d/wo-repo.list
fi
fi
} }
wo_timesync() { wo_timesync() {
@@ -763,12 +808,6 @@ wo_init() {
### ###
if [ -z "$wo_travis" ]; then if [ -z "$wo_travis" ]; then
# import easyengine opensusebuildservice gpg key to avoid issues with packages update
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3050ac3cd2ae6f03 >/dev/null 2>&1
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0xF1656F24C74CD1D8 >/dev/null 2>&1
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys cf0b928cded64f3b >/dev/null 2>&1
# fix digitalocean mariadb repository issue
sed -i 's/sfo1.mirrors.digitalocean.com\/mariadb/mariadb.mirrors.ovh.net\/MariaDB/' /etc/apt/sources.list.d/*.list >/dev/null 2>&1
if [ -f /etc/apt/preferences.d/MariaDB.pref ]; then if [ -f /etc/apt/preferences.d/MariaDB.pref ]; then
sed -i 's/sfo1.mirrors.digitalocean.com/mariadb.mirrors.ovh.net/' /etc/apt/preferences.d/MariaDB.pref >/dev/null 2>&1 sed -i 's/sfo1.mirrors.digitalocean.com/mariadb.mirrors.ovh.net/' /etc/apt/preferences.d/MariaDB.pref >/dev/null 2>&1
fi fi
@@ -786,14 +825,19 @@ wo_init() {
if ! command_exists jq; then if ! command_exists jq; then
apt-get install jq -qq >/dev/null 2>&1 apt-get install jq -qq >/dev/null 2>&1
fi fi
if ! command_exists gpg; then
apt-get install gpg -qq >/dev/null 2>&1
fi
fi fi
if [ "$wo_force_install" = "y" ]; then if [ "$wo_force_install" = "y" ]; then
[ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; } [ ! -f "$HOME/.gitconfig" ] && { bash -c 'echo -e "[user]\n\tname = $USER\n\temail = root@$HOSTNAME.local" > $HOME/.gitconfig'; }
fi fi
if [ -f ./setup.py ]; then if [ -f ./setup.py ]; then
readonly wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print $2}' 2>&1) readonly wo_version_new
wo_version_new=$(grep "version='" setup.py | awk -F "'" '{print $2}' 2>&1)
else else
readonly wo_version_new=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/WordOps/WordOps/releases/latest 2>&1 | jq -r '.tag_name') readonly wo_version_new
wo_version_new=$(curl -m 5 --retry 3 -sL https://api.github.com/repos/WordOps/WordOps/releases/latest 2>&1 | jq -r '.tag_name')
fi fi
echo "" echo ""
@@ -821,12 +865,13 @@ wo_git_secure_path() {
# create required directories # create required directories
wo_dir_init wo_dir_init
# install lsb_release, curl and display header # install lsb_release, curl, gpg and display header
wo_init wo_init
# define main variables # define main variables
wo_init_variables wo_init_variables
# remove old repositories # remove old repositories
_run wo_clean_repo _run wo_clean_repo
_run wo_download_gpg_keys
if [ -z "$wo_force_install" ]; then if [ -z "$wo_force_install" ]; then
# check distribution support # check distribution support
@@ -846,6 +891,7 @@ else
_run wo_woconf _run wo_woconf
_run wo_fix_kernel _run wo_fix_kernel
_run wo_php_fix _run wo_php_fix
_run wo_update_repo
# 2 - Migration from EEv3 # 2 - Migration from EEv3
else else
if [ -x /usr/local/bin/ee ]; then if [ -x /usr/local/bin/ee ]; then
@@ -861,7 +907,6 @@ else
fi fi
_run wo_install_dep "Installing wo dependencies" _run wo_install_dep "Installing wo dependencies"
_run wo_download_gpg_keys
_run wo_timesync _run wo_timesync
# skip steps if travis # skip steps if travis
if [ -z "$wo_travis" ]; then if [ -z "$wo_travis" ]; then

42
wo/cli/plugins/stack_pref.py
View File

@@ -46,11 +46,7 @@ def pre_pref(self, apt_packages):
else: else:
wo_mysql_repo_conf = WOVar.wo_mysql_repo wo_mysql_repo_conf = WOVar.wo_mysql_repo
# APT repositories # APT repositories
WORepo.add(self, repo_url=wo_mysql_repo_conf) WORepo.add(self, repo_url=wo_mysql_repo_conf, repo_name="mariadb")
WORepo.add_key(self, '0xcbcb082a1bb943db',
keyserver='keyserver.ubuntu.com')
WORepo.add_key(self, '0xF1656F24C74CD1D8',
keyserver='keyserver.ubuntu.com')
if ("mariadb-server" in apt_packages and if ("mariadb-server" in apt_packages and
not os.path.exists('/etc/mysql/conf.d/my.cnf')): not os.path.exists('/etc/mysql/conf.d/my.cnf')):
# generate random 24 characters root password # generate random 24 characters root password
@@ -77,13 +73,10 @@ def pre_pref(self, apt_packages):
WORepo.add(self, ppa=WOVar.wo_nginx_repo) WORepo.add(self, ppa=WOVar.wo_nginx_repo)
Log.debug(self, 'Adding ppa for Nginx') Log.debug(self, 'Adding ppa for Nginx')
else: else:
if not WOFileUtils.grepcheck( if not os.path.exists('/etc/apt/sources.list.d/wordops.list'):
self, '/etc/apt/sources.list/wo-repo.list',
'WordOps'):
Log.info(self, "Adding repository for NGINX, please wait...") Log.info(self, "Adding repository for NGINX, please wait...")
Log.debug(self, 'Adding repository for Nginx') Log.debug(self, 'Adding repository for Nginx')
WORepo.add(self, repo_url=WOVar.wo_nginx_repo) WORepo.add(self, repo_url=WOVar.wo_nginx_repo, repo_name="wordops")
WORepo.add_key(self, WOVar.wo_nginx_key)
# add php repository # add php repository
if (('php7.3-fpm' in apt_packages) or if (('php7.3-fpm' in apt_packages) or
@@ -108,34 +101,15 @@ def pre_pref(self, apt_packages):
'PHP.pref', mode='w', 'PHP.pref', mode='w',
encoding='utf-8') as php_pref_file: encoding='utf-8') as php_pref_file:
php_pref_file.write(php_pref) php_pref_file.write(php_pref)
if not WOFileUtils.grepcheck( if not os.path.exists('/etc/apt/sources.list.d/php.list'):
self, '/etc/apt/sources.list.d/wo-repo.list',
'packages.sury.org'):
Log.debug(self, 'Adding repo_url of php for debian') Log.debug(self, 'Adding repo_url of php for debian')
Log.info(self, "Adding repository for PHP, please wait...") Log.info(self, "Adding repository for PHP, please wait...")
WORepo.add(self, repo_url=WOVar.wo_php_repo) WORepo.add(self, repo_url=WOVar.wo_php_repo, repo_name="php")
Log.debug(self, 'Adding deb.sury GPG key')
WORepo.add_key(self, WOVar.wo_php_key)
# add redis repository # add redis repository
if set(WOVar.wo_redis).issubset(set(apt_packages)): if set(WOVar.wo_redis).issubset(set(apt_packages)):
if not WOFileUtils.grepcheck( if not os.path.exists('/etc/apt/sources.list.d/redis.list'):
self, '/etc/apt/sources.list/wo-repo.list', WORepo.add(self, repo_url=WOVar.wo_redis_repo, repo_name="redis")
'redis.io') and not (WOVar.wo_platform_codename == 'noble'):
Log.info(self, "Adding repository for Redis, please wait...")
WORepo.add(self, repo_url=WOVar.wo_redis_repo)
WORepo.download_key(self, WOVar.wo_redis_key_url)
# nano
if 'nano' in apt_packages:
if WOVar.wo_platform_codename == 'buster':
if (not WOFileUtils.grepcheck(
self, '/etc/apt/sources.list/wo-repo.list',
'WordOps')):
Log.info(self,
"Adding repository for Nano, please wait...")
Log.debug(self, 'Adding repository for Nano')
WORepo.add_key(self, WOVar.wo_nginx_key)
WORepo.add(self, repo_url=WOVar.wo_nginx_repo)
def post_pref(self, apt_packages, packages, upgrade=False): def post_pref(self, apt_packages, packages, upgrade=False):

7
wo/core/apt_repo.py
View File

@@ -13,7 +13,7 @@ class WORepo():
"""Initialize """ """Initialize """
pass pass
def add(self, repo_url=None, ppa=None): def add(self, repo_url=None, ppa=None, repo_name=None):
""" """
This function used to add apt repositories and or ppa's This function used to add apt repositories and or ppa's
If repo_url is provided adds repo file to If repo_url is provided adds repo file to
@@ -24,8 +24,9 @@ class WORepo():
""" """
if repo_url is not None: if repo_url is not None:
repo_file_path = ("/etc/apt/sources.list.d/" + if repo_name is not None:
WOVar().wo_repo_file) repo_file_path = ("/etc/apt/sources.list.d/" +
f"{repo_name}.list")
try: try:
if not os.path.isfile(repo_file_path): if not os.path.isfile(repo_file_path):
with open(repo_file_path, with open(repo_file_path,

30
wo/core/variables.py
View File

@@ -118,10 +118,7 @@ class WOVar():
# Nginx repo and packages # Nginx repo and packages
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_nginx_repo = "ppa:wordops/nginx-wo" wo_nginx_repo = "ppa:wordops/nginx-wo"
wo_extra_repo = (
"deb http://download.opensuse.org"
"/repositories/home:/virtubox:"
"/WordOps/xUbuntu_{0}/ /".format(wo_platform_version))
else: else:
if wo_distro == 'debian': if wo_distro == 'debian':
if wo_platform_codename == 'buster': if wo_platform_codename == 'buster':
@@ -138,10 +135,10 @@ class WOVar():
elif wo_platform_codename == 'bookworm': elif wo_platform_codename == 'bookworm':
wo_deb_repo = "Raspbian_12" wo_deb_repo = "Raspbian_12"
# debian/raspbian nginx repository # debian/raspbian nginx repository
wo_nginx_repo = ("deb http://download.opensuse.org" wo_nginx_repo = ("deb [signed-by=/usr/share/keyrings/wordops-archive-keyring.gpg] "
"/repositories/home:" "http://download.opensuse.org"
"/virtubox:/WordOps/{0}/ /" f"/repositories/home:/virtubox:/WordOps/{wo_deb_repo}/ /")
.format(wo_deb_repo)) wo_nginx_key = (f"https://download.opensuse.org/repositories/home:virtubox:WordOps/{wo_deb_repo}/Release.key")
wo_nginx = ["nginx-custom", "nginx-wo"] wo_nginx = ["nginx-custom", "nginx-wo"]
wo_nginx_key = 'FB898660' wo_nginx_key = 'FB898660'
@@ -190,24 +187,23 @@ class WOVar():
wo_clamav = ["clamav", "clamav-freshclam"] wo_clamav = ["clamav", "clamav-freshclam"]
# APT repositories # APT repositories
wo_mysql_repo = ("deb [arch=amd64,arm64,ppc64el] " wo_mysql_repo = ("deb [signed-by=/etc/apt/keyrings/mariadb-keyring.pgp] "
"http://mariadb.mirrors.ovh.net/MariaDB/repo/" "http://mariadb.mirrors.ovh.net/MariaDB/repo/"
"{version}/{distro} {codename} main" f"{mariadb_ver}/{wo_distro} {wo_platform_codename} main")
.format(version=mariadb_ver, mariadb_repo_key = "https://mariadb.org/mariadb_release_signing_key.pgp"
distro=wo_distro,
codename=wo_platform_codename))
if wo_distro == 'ubuntu': if wo_distro == 'ubuntu':
wo_php_repo = "ppa:ondrej/php" wo_php_repo = "ppa:ondrej/php"
wo_goaccess_repo = ("ppa:alex-p/goaccess") wo_goaccess_repo = ("ppa:alex-p/goaccess")
else: else:
wo_php_repo = ( wo_php_repo = (
"deb https://packages.sury.org/php/ {codename} main" "deb [signed-by=/usr/share/keyrings/deb.sury.org-php.gpg] "
.format(codename=wo_platform_codename)) f"https://packages.sury.org/php/ {wo_platform_codename} main")
wo_php_key = '95BD4743' wo_php_key = '95BD4743'
wo_redis_key_url = "https://packages.redis.io/gpg" wo_redis_key_url = "https://packages.redis.io/gpg"
wo_redis_repo = ("deb https://packages.redis.io/deb {codename} main" wo_redis_repo = (
.format(codename=wo_platform_codename)) "deb [signed-by=/usr/share/keyrings/redis-archive-keyring.gpg] "
f"https://packages.redis.io/deb {wo_platform_codename} main")
wo_redis = ['redis-server'] wo_redis = ['redis-server']