From bf66d2f3f4ff202cc4cfc1d4c8248a83a998f986 Mon Sep 17 00:00:00 2001 From: Paul Paradise Date: Tue, 6 Sep 2011 11:09:47 -0700 Subject: [PATCH] Fixes for debian packaging - Fix upstart init script to not have syntax error - Add rundeck user at package installation time. - Fix startup script to properly change to rundeck user - Set permissions dynamically at package installation to use rundeck user - Use pidfile so we can run more than one java process through start-stop-daemon --- packaging/debroot/DEBIAN/control | 2 +- packaging/debroot/DEBIAN/postinst | 85 ++++++++++++++++++++++++ packaging/debroot/DEBIAN/postrm | 63 ++++++++++++++++++ packaging/debroot/etc/init/rundeckd.conf | 4 +- 4 files changed, 151 insertions(+), 3 deletions(-) create mode 100755 packaging/debroot/DEBIAN/postinst create mode 100755 packaging/debroot/DEBIAN/postrm diff --git a/packaging/debroot/DEBIAN/control b/packaging/debroot/DEBIAN/control index 6f3d001b647..6ec4f71e205 100644 --- a/packaging/debroot/DEBIAN/control +++ b/packaging/debroot/DEBIAN/control @@ -3,7 +3,7 @@ Version: 1.3 Section: utils Priority: optional Architecture: all -Depends: openssh-client, openjdk-6-jdk +Depends: openssh-client, openjdk-6-jdk, adduser (>= 3.11) Maintainer: Noah Campbell Description: No ordinary wooden deck. You can build a bon fire on this deck. Rundeck provides a single console for dispatching commands across many diff --git a/packaging/debroot/DEBIAN/postinst b/packaging/debroot/DEBIAN/postinst new file mode 100755 index 00000000000..05af4949573 --- /dev/null +++ b/packaging/debroot/DEBIAN/postinst @@ -0,0 +1,85 @@ +#!/bin/sh + +set -e + +setperm() { + local user="$1" + local group="$2" + local mode="$3" + local file="$4" + shift 4 + + # Only do something when no setting exists - if it was set, then it's already + # been unpacked using the appropriate ownership and permissions. + if ! dpkg-statoverride --list "$file" >/dev/null 2>&1; then + chown "$user":"$group" "$file" + chmod "$mode" "$file" + fi +} + +case "$1" in + configure) + # If the package has default file it could be sourced, so that + # the local admin can overwrite the defaults + + [ -f "/etc/default/rundeck" ] && . /etc/default/rundeck + + # Sane defaults: + + [ -z "$SERVER_HOME" ] && SERVER_HOME=/var/lib/rundeck + [ -z "$SERVER_USER" ] && SERVER_USER=rundeck + [ -z "$SERVER_NAME" ] && SERVER_NAME="Rundeck user account" + [ -z "$SERVER_GROUP" ] && SERVER_GROUP=rundeck + + # create user to avoid running server as root + # 1. create group if not existing + if ! getent group | grep -q "^$SERVER_GROUP:" ; then + echo -n "Adding group $SERVER_GROUP.." + addgroup --quiet --system $SERVER_GROUP 2>/dev/null ||true + echo "..done" + fi + # 2. create homedir if not existing + test -d $SERVER_HOME || mkdir $SERVER_HOME + # 3. create user if not existing + if ! getent passwd | grep -q "^$SERVER_USER:"; then + echo -n "Adding system user $SERVER_USER.." + adduser --quiet \ + --system \ + --ingroup $SERVER_GROUP \ + --no-create-home \ + --disabled-password \ + $SERVER_USER 2>/dev/null || true + echo "..done" + fi + + # 4. adjust passwd entry + usermod -c "$SERVER_NAME" \ + -d $SERVER_HOME \ + -g $SERVER_GROUP \ + $SERVER_USER + + # 5. adjust file and directory permissions + setperm rundeck rundeck 0750 /var/lib/rundeck/work + setperm rundeck rundeck 0750 /var/lib/rundeck/data + setperm rundeck adm 2751 /var/lib/rundeck/logs + setperm rundeck rundeck 0750 /var/lib/rundeck/var/tmp + setperm rundeck rundeck 0750 /var/rundeck + setperm rundeck rundeck 0750 /var/rundeck/projects + setperm rundeck adm 2751 /var/log/rundeck + for file in `find /etc/rundeck -type f`; do + setperm rundeck rundeck 0640 $file + done + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + : + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/packaging/debroot/DEBIAN/postrm b/packaging/debroot/DEBIAN/postrm new file mode 100755 index 00000000000..871e405a535 --- /dev/null +++ b/packaging/debroot/DEBIAN/postrm @@ -0,0 +1,63 @@ +#!/bin/sh + +set -e + +case "$1" in + remove) + : + ;; + + purge) + # find first and last SYSTEM_UID numbers + for LINE in `grep SYSTEM_UID /etc/adduser.conf | grep -v "^#"`; do + case $LINE in + FIRST_SYSTEM_UID*) + FIST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` + ;; + LAST_SYSTEM_UID*) + LAST_SYSTEM_UID=`echo $LINE | cut -f2 -d '='` + ;; + *) + ;; + esac + done + # Remove system account if necessary + CREATEDUSER="server_user" + if [ -n "$FIST_SYSTEM_UID" ] && [ -n "$LAST_SYSTEM_UID" ]; then + if USERID=`getent passwd $CREATEDUSER | cut -f 3 -d ':'`; then + if [ -n "$USERID" ]; then + if [ "$FIST_SYSTEM_UID" -le "$USERID" ] && \ + [ "$USERID" -le "$LAST_SYSTEM_UID" ]; then + echo -n "Removing $CREATEDUSER system user.." + deluser --quiet $CREATEDUSER || true + echo "..done" + fi + fi + fi + fi + # Remove system group if necessary + CREATEDGROUP=server_group + FIRST_USER_GID=`grep ^USERS_GID /etc/adduser.conf | cut -f2 -d '='` + if [ -n "$FIST_USER_GID" ]; then + if GROUPGID=`getent group $CREATEDGROUP | cut -f 3 -d ':'`; then + if [ -n "$GROUPGID" ]; then + if [ "$FIST_USER_GID" -gt "$GROUPGID" ]; then + echo -n "Removing $CREATEDGROUP group.." + delgroup --only-if-empty $CREATEDGROUP || true + echo "..done" + fi + fi + fi + fi + ;; + + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/packaging/debroot/etc/init/rundeckd.conf b/packaging/debroot/etc/init/rundeckd.conf index 4d152f32c53..9f348129e57 100644 --- a/packaging/debroot/etc/init/rundeckd.conf +++ b/packaging/debroot/etc/init/rundeckd.conf @@ -14,5 +14,5 @@ respawn limit 10 30 script . /etc/rundeck/profile - exec su -c rundeck ${JAVA_HOME:-/usr}/bin/java ${RDECK_JVM} -cp ${BOOTSTRAP_CP}:/etc/rundeck com.dtolabs.rundeck.RunServer /etc/rundeck 4440 -end-script + exec start-stop-daemon --start --make-pidfile --pidfile /var/run/rundeckd.pid --chuid rundeck --exec "${JAVA_HOME:-/usr}/bin/java" -- ${RDECK_JVM} -cp ${BOOTSTRAP_CP}:/etc/rundeck com.dtolabs.rundeck.RunServer /etc/rundeck 4440 +end script