[Freedombox-pkg-team] Bug#873946: freedombox-setup: Cleanup setup steps based on Plinth changes
Sunil Mohan Adapa
sunil at medhas.org
Fri Sep 1 13:38:55 UTC 2017
Package: freedombox-setup
Version: 0.10
Severity: normal
Tags: patch
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Currently, Plinth is undergoing changes to move a lot of setup steps into
Plinth. This will eliminate the need for many steps in freedombox-setup.
Attached patch is a work-in-progress patch to indicate the kind of cleanups
that may be done on freedombox-setup after these changes. Note that both the
packages should depend on particular versions with these changes (using Depends
and Breaks to avoid circular dependencies).
This patch is somewhat aggressive. While the first-run can be completely
removed without question, same is not true setup process. However, what
remains in setup step is so minimal that it does not warrant an extra
FreedomBox install complication. So, with this patch I suggest removing
functionalities of etckeeper and provide source temporarily in order to gain
the huge advantage of simplification of the FreedomBox install/setup process.
- -- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IN.UTF-8, LC_CTYPE=en_IN.UTF-8 (charmap=UTF-8), LANGUAGE=en_IN.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAlmpYusRHHN1bmlsQG1l
ZGhhcy5vcmcACgkQQ+oc/wqnxfJhahAAgbhTVkCHrbG5oPUQj1RQqHrjiBeVDuJr
FQv+F4Pa/OvPrrdQOUW54jCt9VP9QC87y2cxXVU6j5gxzZ7290oOC0t1Q0yOSiPy
NH9X6wZ1629ywTd6tmat1rphWlmPFLTANZTJlKeR4ZWUB/MnIaH5f2jT2wbgI0lC
Y1503luAfAGlwiBKjAQJnOMGQPFQekibpsgEUwtWSBskA0DO7My+oTChuXY429jg
vPy5ACMkSLH+GBSqFwwj7dv8RvLpzEDGbmudb+Ry5+GQJDgrG66XleyEo+ut62f4
V4vm3kIsl3tjsVYnL1+DhMC8pFFkUYShIDlSucNoF01J1UHahiIuGsotQTS9W5YB
vq6D29nXw+UE+eLRJQdS47SjXwgsdrNGLd+E0SKHOXkvXHjXArmRQ45u9dCbhgaO
whDtvZxtyGcfHXweHW4WncB7VG8sjXDlb+F16Q5PjZ0vK12hSq7GIjjbARphLMFU
vaeNYv43sWmscu2lse4SNw1y9kUjukmJ5umg3a5ZjLcEC5Czc6jPGO2zherZxatf
9mdcec90ahPOgu0Pm5fa7TpDUlVsOex79zsKSIbPh9XnlhswVnrJBHs7hI8EjAK6
232MPuywB/e7r7kHv5m4KF2h74UJc/agB1igrZR3bUBqDkKnZ5yFrRyGkcD9lFOb
0zxK4ysd8rw=
=hE65
-----END PGP SIGNATURE-----
-------------- next part --------------
>From c7b26d6e2df98ae97b0ed4263bc3d94d98ec0bee Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil at medhas.org>
Date: Fri, 1 Sep 2017 18:41:33 +0530
Subject: [PATCH] WIP: Move most setup steps to Plinth
Signed-off-by: Sunil Mohan Adapa <sunil at medhas.org>
---
debian/freedombox-setup.freedombox-first-run.init | 64 ------------
debian/freedombox-setup.install | 3 -
debian/freedombox-setup.maintscript | 1 +
debian/rules | 3 -
debian/tests/control | 2 -
debian/tests/test-run-setup | 15 ---
first-run.d/05_network | 119 ----------------------
first-run.d/10_ssh-keys | 12 ---
first-run.d/40_apache2 | 8 --
setup | 29 ------
setup.d/01_etckeeper-pre | 15 ---
setup.d/90_apache2 | 44 --------
setup.d/98_next-is-first-run | 7 --
setup.d/99_etckeeper | 7 --
setup.d/99_provide-source | 28 -----
setup.d/99_zmessage | 22 ----
16 files changed, 1 insertion(+), 378 deletions(-)
delete mode 100755 debian/freedombox-setup.freedombox-first-run.init
delete mode 100644 debian/tests/control
delete mode 100755 debian/tests/test-run-setup
delete mode 100755 first-run.d/05_network
delete mode 100755 first-run.d/10_ssh-keys
delete mode 100755 first-run.d/40_apache2
delete mode 100755 setup
delete mode 100755 setup.d/01_etckeeper-pre
delete mode 100755 setup.d/90_apache2
delete mode 100755 setup.d/98_next-is-first-run
delete mode 100755 setup.d/99_etckeeper
delete mode 100755 setup.d/99_provide-source
delete mode 100755 setup.d/99_zmessage
diff --git a/debian/freedombox-setup.freedombox-first-run.init b/debian/freedombox-setup.freedombox-first-run.init
deleted file mode 100755
index bb8cd96..0000000
--- a/debian/freedombox-setup.freedombox-first-run.init
+++ /dev/null
@@ -1,64 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides: freedombox-first-run
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Required-Start: $network $remote_fs $syslog
-# Required-Stop: $remote_fs $syslog
-# Should-Start: firewalld tor haveged
-# Short-Description: Finish Freedombox install after first boot
-# Description:
-# Script to complete the post-install process on first FBX boot.
-### END INIT INFO
-
-RUNONCE=/var/lib/freedombox/first-run-enable
-LOGFILE=/var/log/freedombox-first-run.log
-
-if [ ! -e $RUNONCE ]
-then
- exit
-fi
-
-. /lib/lsb/init-functions
-
-exec > $LOGFILE 2>&1
-
-etckeeper_commit() {
- if type etckeeper > /dev/null 2>&1 ; then
- HOME=/root etckeeper commit -m "$1"
- fi
-}
-
-mark_complete() {
- # Prevent this initial configuration script from running again.
-
- log_action_begin_msg "Marking first-run complete"
- mkdir -p "${RUNONCE%/*}"
- rm -f $RUNONCE
- log_action_end_msg 0
-}
-
-case "$1" in
- start)
- etckeeper_commit "Status before first-run on first boot."
-
- for f in /usr/lib/freedombox/first-run.d/* ; do
- $f
- done
-
- etckeeper_commit "Status after first-run on first boot."
-
- # the last things we do before quitting.
- mark_complete
-
- # we're done, reboot.
- reboot
- ;;
- stop|restart|force-reload)
- # Do nothing
- ;;
- *)
- log_success_msg "Usage: /etc/init.d/first-run {start}"
- exit 1
- ;;
-esac
diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install
index 4b94d12..fe3d1a6 100644
--- a/debian/freedombox-setup.install
+++ b/debian/freedombox-setup.install
@@ -1,6 +1,3 @@
-setup usr/lib/freedombox
-setup.d usr/lib/freedombox
-first-run.d usr/lib/freedombox
data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available
data/etc/avahi/services/*.service etc/avahi/services
data/etc/sudoers.d/freedombox etc/sudoers.d
diff --git a/debian/freedombox-setup.maintscript b/debian/freedombox-setup.maintscript
index d29ba4d..c8875c5 100644
--- a/debian/freedombox-setup.maintscript
+++ b/debian/freedombox-setup.maintscript
@@ -1,4 +1,5 @@
mv_conffile /etc/init.d/first-run /etc/init.d/freedombox-first-run 0.0.43
+rm_conffile /etc/init.d/freedombox-first-run 0.10
rm_conffile /etc/init.d/proxy 0.0.43
rm_conffile /etc/init.d/freedombox-client-proxy 0.0.44
rm_conffile /etc/init.d/freedombox-create-uap0 0.9.2~
diff --git a/debian/rules b/debian/rules
index c9211e2..9cb08f8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,6 +1,3 @@
#!/usr/bin/make -f
%:
dh $@ --with python3
-
-override_dh_installinit:
- dh_installinit --no-start --name=freedombox-first-run -u"start 20 2 3 4 5 ."
diff --git a/debian/tests/control b/debian/tests/control
deleted file mode 100644
index 0ba14fa..0000000
--- a/debian/tests/control
+++ /dev/null
@@ -1,2 +0,0 @@
-Tests: test-run-setup
-Restrictions: needs-root, breaks-testbed, allow-stderr
diff --git a/debian/tests/test-run-setup b/debian/tests/test-run-setup
deleted file mode 100755
index dbc6e23..0000000
--- a/debian/tests/test-run-setup
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Make sure running the test do not modify the users setup, and that
-# git can work even when no HOME is set.
-HOME="$(mktemp -d)"
-export HOME
-
-# Don't page systemd output, so error details are shown in log.
-export SYSTEMD_PAGER=cat
-
-/usr/lib/freedombox/setup
-
-rm -rf "${HOME}"
diff --git a/first-run.d/05_network b/first-run.d/05_network
deleted file mode 100755
index c019e2d..0000000
--- a/first-run.d/05_network
+++ /dev/null
@@ -1,119 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Configure networking for all wired and wireless devices.
-#
-# Creates network-manager connections.
-
-function get-interfaces {
- # XXX: Sorting of interfaces is non-numeric
- WIRED_IFACES=$(nmcli --terse --fields type,device device | grep "^ethernet:" | cut -d: -f2 | sort)
- NO_OF_WIRED_IFACES=$(echo $WIRED_IFACES | wc -w)
-
- WIRELESS_IFACES=$(nmcli --terse --fields type,device device | grep "^wifi:" | cut -d: -f2 | sort)
- NO_OF_WIRELESS_IFACES=$(echo $WIRELESS_IFACES | wc -w)
-}
-
-function configure-regular-interface {
- local interface="$1"
- local zone="$2"
- local connection_name="FreedomBox WAN"
-
- # Create n-m connection for a regular interface
- nmcli con add con-name "$connection_name" ifname "$interface" type ethernet
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone "$zone"
-
- echo "Configured interface '$interface' for '$zone' use as '$connection_name'."
-}
-
-function configure-shared-interface {
- local interface="$1"
- local connection_name="FreedomBox LAN $interface"
-
- # Create n-m connection for eth1
- nmcli con add con-name "$connection_name" ifname "$interface" type ethernet
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone internal
-
- # Configure this interface to be shared with other computers.
- # - Self-assign an address and network
- # - Start and manage DNS server (dnsmasq)
- # - Start and manage DHCP server (dnsmasq)
- # - Register address with mDNS
- # - Add firewall rules for NATing from this interface
- nmcli con modify "$connection_name" ipv4.method shared
-
- echo "Configured interface '$interface' for shared use as '$connection_name'."
-}
-
-function configure-wireless-interface {
- local interface="$1"
- local connection_name="FreedomBox $interface"
- local ssid="FreedomBox$interface"
- local secret="freedombox123"
-
- nmcli con add con-name "$connection_name" ifname "$interface" type wifi ssid "$ssid"
- nmcli con modify "$connection_name" connection.autoconnect TRUE
- nmcli con modify "$connection_name" connection.zone internal
- nmcli con modify "$connection_name" ipv4.method shared
- nmcli con modify "$connection_name" wifi.mode ap
- nmcli con modify "$connection_name" wifi-sec.key-mgmt wpa-psk
- nmcli con modify "$connection_name" wifi-sec.psk "$secret"
-
- echo "Configured interface '$interface' for shared use as '$connection_name'."
-}
-
-function multi-wired-setup {
- local first_interface="$1"
- shift
- local remaining_interfaces="$@"
-
- configure-regular-interface "$first_interface" external
-
- for interface in $remaining_interfaces
- do
- configure-shared-interface "$interface"
- done
-}
-
-function one-wired-setup {
- local interface="$1"
-
- case $NO_OF_WIRELESS_IFACES in
- "0")
- configure-regular-interface "$interface" internal
- ;;
- *)
- configure-regular-interface "$interface" external
- ;;
- esac
-}
-
-function wireless-setup {
- local interfaces="$@"
-
- for interface in $interfaces
- do
- configure-wireless-interface "$interface"
- done
-}
-
-echo "Setting up network configuration..."
-get-interfaces
-
-case $NO_OF_WIRED_IFACES in
- "0")
- echo "No wired interfaces detected."
- ;;
- "1")
- one-wired-setup $WIRED_IFACES
- ;;
- *)
- multi-wired-setup $WIRED_IFACES
-esac
-
-wireless-setup $WIRELESS_IFACES
-
-echo "Done setting up network configuration."
diff --git a/first-run.d/10_ssh-keys b/first-run.d/10_ssh-keys
deleted file mode 100755
index aeacb96..0000000
--- a/first-run.d/10_ssh-keys
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/bin/sh
-
-set -e
-
-. /lib/lsb/init-functions
-
-log_action_begin_msg "Creating SSH keys"
-if dpkg-reconfigure openssh-server ; then
- log_action_end_msg 0
-else
- log_action_end_msg 1
-fi
diff --git a/first-run.d/40_apache2 b/first-run.d/40_apache2
deleted file mode 100755
index ff77c0d..0000000
--- a/first-run.d/40_apache2
+++ /dev/null
@@ -1,8 +0,0 @@
-#!/bin/sh
-#
-# Make sure every machine have their own unique SSL certificate, even
-# if it is a snake oil one.
-
-set -e
-
-make-ssl-cert generate-default-snakeoil --force-overwrite
diff --git a/setup b/setup
deleted file mode 100755
index 0d268bd..0000000
--- a/setup
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/sh
-
-set -e # Exit on error
-
-at_exit() {
- if $policyd ; then
- rm -f /usr/sbin/policy-rc.d
- fi
- policyd=false
-}
-
-# Make sure configuring packages do not start any services. Also make
-# sure we remove policy-rc.d only if we created it.
-trap at_exit HUP INT TERM EXIT
-if [ ! -e /usr/sbin/policy-rc.d ] ; then
- cat > /usr/sbin/policy-rc.d <<EOF
-#!/bin/sh
-exit 101
-EOF
- chmod a+rx /usr/sbin/policy-rc.d
- policyd=true
-else
- policyd=false
-fi
-
-for f in /usr/lib/freedombox/setup.d/* ; do
- echo "running $f"
- $f
-done
diff --git a/setup.d/01_etckeeper-pre b/setup.d/01_etckeeper-pre
deleted file mode 100755
index 0aef4b4..0000000
--- a/setup.d/01_etckeeper-pre
+++ /dev/null
@@ -1,15 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Avoid etckeeper problem (refuses to commit) because git picked a
-# email address with an empty domain.
-if which etckeeper > /dev/null 2>&1 && \
- [ ! -e /etc/mailname ] &&
- [ -z "$(git config --global --get user.email)" ] ; then
- echo "info: Setting git user.email."
- git config --global user.email "root at localhost"
- etckeeper commit -m "Status before freedombox-setup run."
-else
- echo "info: Not setting git user.email."
-fi
diff --git a/setup.d/90_apache2 b/setup.d/90_apache2
deleted file mode 100755
index 696b620..0000000
--- a/setup.d/90_apache2
+++ /dev/null
@@ -1,44 +0,0 @@
-#!/bin/sh
-#
-# Configure Apache for FBX.
-
-set -e
-
-echo "Configuring Apache..."
-
-# enable non-multithreaded Apache worker model as there a many PHP
-# applications.
-a2dismod mpm_event
-a2dismod mpm_worker
-a2enmod mpm_prefork
-
-# enable miscellaneous modules.
-a2enmod rewrite
-
-# enable GnuTLS
-a2dismod ssl
-a2enmod gnutls
-
-# enable mod_alias for RedirectMatch
-a2enmod alias
-
-# enable mod_headers for HSTS
-a2enmod headers
-
-# enable some critical modules to avoid restart while installing
-# Plinth applications.
-a2enmod php7.0
-a2enmod cgi
-a2enmod authnz_ldap
-
-# enable users to share files uploaded to ~/public_html
-a2enmod userdir
-
-# setup freedombox site
-a2enconf freedombox
-
-a2ensite 000-default
-a2dissite default-ssl
-a2ensite default-tls
-
-echo "Done configuring Apache."
diff --git a/setup.d/98_next-is-first-run b/setup.d/98_next-is-first-run
deleted file mode 100755
index 81ae649..0000000
--- a/setup.d/98_next-is-first-run
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -e
-
-# Tell init.d/first-run to do its stuff on the next boot.
-mkdir -p /var/lib/freedombox
-touch /var/lib/freedombox/first-run-enable
diff --git a/setup.d/99_etckeeper b/setup.d/99_etckeeper
deleted file mode 100755
index 1e86b92..0000000
--- a/setup.d/99_etckeeper
+++ /dev/null
@@ -1,7 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if type etckeeper > /dev/null 2>&1 ; then
- etckeeper commit -m "Status after freedombox-setup run."
-fi
diff --git a/setup.d/99_provide-source b/setup.d/99_provide-source
deleted file mode 100755
index fbb8d8e..0000000
--- a/setup.d/99_provide-source
+++ /dev/null
@@ -1,28 +0,0 @@
-#!/bin/sh
-#
-# Make sure generated images complies with licenses requiring the
-# source to be available, by providing the source of every package
-# used.
-
-set -e
-
-if [ 'true' = "$SOURCE" ] ; then
- echo "Adding source packages to file system"
-else
- echo "Not adding source packages to filesystem (SOURCE=false)"
- exit 0
-fi
-
-targetdir=/usr/src/packages
-
-echo "Adding source packages to filesystem in $targetdir"
-apt-get update || true
-dpkg --get-selections > /tmp/selections
-mkdir -p $targetdir
-cd $targetdir
-
-cut -f 1 < /tmp/selections | \
- cut -d ':' -f 1 > /tmp/packages
-apt-get source -m --download-only `cat /tmp/packages`
-
-rm /tmp/selections /tmp/packages
diff --git a/setup.d/99_zmessage b/setup.d/99_zmessage
deleted file mode 100755
index df821bd..0000000
--- a/setup.d/99_zmessage
+++ /dev/null
@@ -1,22 +0,0 @@
-#!/bin/sh
-
-set -e
-
-cat <<EOF
-
-===================================================================
-FreedomBox setup completed
-===================================================================
-
-Please note:
-
-- For server security, all users except 'root', 'fbx' and those in
- 'admin' and 'sudo' groups will be denied console/GUI login access.
- This is recommended for the security of various services running on
- FreedomBox. Please edit /etc/security/access.conf if you wish to
- remove or alter this restriction. Also see 'man access.conf'.
-
-- You need to reboot before using FreedomBox to allow first run
- operations to finish.
-===================================================================
-EOF
--
2.11.0
More information about the Freedombox-pkg-team
mailing list