obel1x/fedora-OEMDRV
0
0
Fork 1
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

configure.sh wizard, install improvements, encryption fixes, branch support #19

Merged
obel1x merged 22 commits from devel into main 2026-04-30 18:36:59 +02:00
Conversation 0 Commits 22 Files Changed 11
+161 -75
11 changed files with 161 additions and 75 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 9ce4686a2b - Show all commits
.gitignore
+1
View File
@@ -9,5 +9,6 @@ config/skel.tar.zst
config/.sync_*.db config/.sync_*.db
config/.sync_*.db config/.sync_*.db
config.d/*.conf config.d/*.conf
config.d/*.sys
ks_pc_prof/* ks_pc_prof/*
ks.cfg ks.cfg
client_software/0020_nextcloud_mozilla_pre/user_run.sh
+1 -1
View File
@@ -28,7 +28,7 @@ if not 'DAVTOKEN_USER' in environ:
sys.exit(1) sys.exit(1)
options = { options = {
'webdav_hostname': "https://nextcloud.obel1x.de/remote.php/dav/files/" + environ['DAVTOKEN_USER'], 'webdav_hostname': "https://" + environ['SERVERFQDN_NC'] + "/remote.php/dav/files/" + environ['DAVTOKEN_USER'],
'webdav_login': environ['DAVTOKEN_USER'], 'webdav_login': environ['DAVTOKEN_USER'],
'webdav_password': environ['DAVTOKEN_PASS'] 'webdav_password': environ['DAVTOKEN_PASS']
} }
config/setup_system.conf.dist
+14 -11
View File
@@ -12,22 +12,25 @@ export INSTALLDOCS="https://gitea.dtext.online/obel1x/fedora-OEMDRV/src/branch/m
export UPGRADEURL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git" export UPGRADEURL="https://gitea.dtext.online/obel1x/fedora-OEMDRV.git"
export UPGRADEBRANCH="main" export UPGRADEBRANCH="main"
#Group, that will have sudo rights on the client
export CLIENTADMINGROUP="clientadmins"
# Method to determine Unique Hostname / FQDN of the Client. May be replaced by your needs
if [ "$EUID" -eq 0 ]; then
export HOSTNM="pc-$( dmidecode -t system | grep -i 'UUID' | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' | sed 's/[^0-9a-z]*//g' | xargs|tail -c 13)"
else
export HOSTNM=$( hostname -s )
fi
export FQDN=${HOSTNM}.${DOMAIN}
#Configuration Files - maybe syned with your companies settings #Configuration Files - maybe syned with your companies settings
export SYSCONFIGPATH="/opt/sys_config" export SYSCONFIGPATH="/opt/sys_config"
export DISTCONFIGPATH="/opt/sys_config/config" export DISTCONFIGPATH="/opt/sys_config/config"
export DISTCONFIGPATH_SRC="/Shared/sw_geteilt/client_settings" export DISTCONFIGPATH_SRC="/Shared/sw_geteilt/client_settings"
#Group, that will have sudo rights on the client
export CLIENTADMINGROUP="clientadmins"
# Method to determine Unique Hostname / FQDN of the Client. May be replaced by your needs
#Should always had been set by install.sh and should be there anyway.
#if [ ! -r ${SYSCONFIGPATH}/config.d/machine_uuid.sys ]; then
#elif [ "$EUID" -eq 0 ]; then
# export HOSTNM="pc-$( dmidecode -t system | grep -i 'UUID' | sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' | sed 's/[^0-9a-z]*//g' | xargs|tail -c 13)"
#else
# export HOSTNM=$( hostname -s )
#fi
export HOSTNM="pc-$( cat /opt/sys_config/config.d/machine_uuid.sys )"
export FQDN=${HOSTNM}.${DOMAIN}
#Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide) #Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide)
export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty
export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from
install.md
+14 -1
View File
@@ -1,4 +1,4 @@
# OEMDRV Bootstrap — install.sh # OEMDRV Bootstrap — install.sh + install_from_repo.sh
the script `./system_setup/install.sh` prepares a target machine for automated Fedora deployment. It shrinks an existing partition to carve out a dedicated **OEMDRV** partition, which Anaconda/Kickstart will detect automatically during installation. the script `./system_setup/install.sh` prepares a target machine for automated Fedora deployment. It shrinks an existing partition to carve out a dedicated **OEMDRV** partition, which Anaconda/Kickstart will detect automatically during installation.
@@ -26,6 +26,19 @@ curl -fsSL https://gitea.dtext.online/obel1x/fedora-OEMDRV/raw/branch/main/syste
sudo bash /tmp/install.sh sudo bash /tmp/install.sh
``` ```
## Run directly from another repository
If you are on another fork or branch and you want to test your changes, do:
```bash
export REPO_URL="https://yourgitserver.tld/.../fedora-OEMDRV.git"
export REPO_BRANCH="anotherbranch"
curl -fsSL ${REPO_URL%.git}/raw/branch/${REPO_BRANCH:-main}/system_setup/install.sh -o /tmp/install.sh
sudo -E bash /tmp/install.sh
```
That way, install.sh should know what to pull.
## After the script completes ## After the script completes
Configure your environment before running any installation: Configure your environment before running any installation:
ks_base_profiles/cinnamon_fullsetup.cfg
+2 -3
View File
@@ -82,9 +82,8 @@ authselect enable-feature with-fingerprint
# Generated using Blivet version 3.12.1 # Generated using Blivet version 3.12.1
ignoredisk --only-use=sda ignoredisk --only-use=sda,nvme0n1
# Partition clearing information # Partition clearing information - do NOT USE --initlabel !
#clearpart --none --initlabel
clearpart --none clearpart --none
autopart --type=btrfs autopart --type=btrfs
ks_base_profiles/kde_fullsetup.cfg
+2 -3
View File
@@ -93,9 +93,8 @@ nss-pam-ldapd
authselect enable-feature with-fingerprint authselect enable-feature with-fingerprint
# Generated using Blivet version 3.12.1 # Generated using Blivet version 3.12.1
ignoredisk --only-use=sda ignoredisk --only-use=sda,nvme0n1
# Partition clearing information # Partition clearing information - do NOT USE --initlabel !
#clearpart --none --initlabel
clearpart --none clearpart --none
autopart --type=btrfs autopart --type=btrfs
system_setup/configure.sh
+74 -41
View File
@@ -49,15 +49,84 @@ do_configure() {
echo "" echo ""
echo "=== System Configuration ===" echo "=== System Configuration ==="
echo "Press Enter to keep the current value, or type a new one." echo "Press Enter to keep the current value, or type a new one."
echo ""
source "$CONF_FILE" source "$CONF_FILE"
VARS=("TLDOMAIN" "DOMAIN" "SERVERFQDN_IPA" "SERVERFQDN_NC" "CLIENTADMINGROUP" "IPAVAULTUSE" ) VARS=("TLDOMAIN" "SERVERFQDN_IPA" "DOMAIN" "SERVERFQDN_NC" "IPAVAULTUSE" "IPAVAULTNAME" "DISTCONFIGPATH_SRC" "CLIENTADMINGROUP" )
for ELE in "${VARS[@]}" for ELE in "${VARS[@]}"
do do
new_ELE=$(prompt_value "${ELE}" "${!ELE}") while true; do
set_conf_var "${ELE}" "${new_ELE}" echo ""
source "$CONF_FILE" new_ELE=$(prompt_value "${ELE}" "${!ELE}")
set_conf_var "${ELE}" "${new_ELE}"
source "$CONF_FILE"
REPEAT_TEST=1
case ${ELE} in
"SERVERFQDN_NC") echo "=== Testing: Nextcloud server ==="
NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null)
if echo "$NC_STATUS" | grep -q '"installed":true'; then
NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+')
echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})."
REPEAT_TEST=0
else
echo ""
echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server."
echo " Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected."
read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
if [[ "${ans,,}" == "q" ]]; then
echo "Quitting."
exit 1
fi
fi
;;
"SERVERFQDN_IPA") echo "=== Testing: FreeIPA server ==="
IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
"https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null)
if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then
echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}."
REPEAT_TEST=0
else
echo ""
echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server."
echo " https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}"
read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
if [[ "${ans,,}" == "q" ]]; then
echo "Quitting."
exit 1
fi
fi
;;
"DOMAIN") echo "=== Testing: IPA Domain DNS records ==="
if ! command -v dig &>/dev/null; then
echo "WARNING: 'dig' not found; skipping DNS check."
REPEAT_TEST=0
else
LDAP_SRV=$(dig +short SRV "_ldap._tcp.${DOMAIN}" 2>/dev/null)
KRB_TXT=$(dig +short TXT "_kerberos.${DOMAIN}" 2>/dev/null)
KDC_SRV=$(dig +short SRV "_kerberos._udp.${DOMAIN}" 2>/dev/null)
if [[ -n "$LDAP_SRV" && -n "$KRB_TXT" ]]; then
REALM=$(echo "$KRB_TXT" | tr -d '"')
echo "IPA domain confirmed: ${DOMAIN}"
echo " Kerberos realm : ${REALM}"
[[ -n "$KDC_SRV" ]] && echo " KDC SRV : ${KDC_SRV}"
REPEAT_TEST=0
else
echo ""
[[ -z "$LDAP_SRV" ]] && echo "WARNING: No _ldap._tcp.${DOMAIN} SRV record found."
[[ -z "$KRB_TXT" ]] && echo "WARNING: No _kerberos.${DOMAIN} TXT record found."
echo " '${DOMAIN}' does not appear to be a valid IPA domain."
read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
if [[ "${ans,,}" == "q" ]]; then
echo "Quitting."
exit 1
fi
fi
fi
;;
*) REPEAT_TEST=0
;;
esac
[[ $REPEAT_TEST == 0 ]] && break
done
done done
echo "" echo ""
@@ -67,42 +136,6 @@ do_configure() {
while true; do while true; do
do_configure do_configure
echo ""
echo "=== Testing: Nextcloud server ==="
NC_STATUS=$(curl -fsSL "https://${SERVERFQDN_NC}/status.php" 2>/dev/null)
if echo "$NC_STATUS" | grep -q '"installed":true'; then
NC_VERSION=$(echo "$NC_STATUS" | grep -oP '(?<="versionstring":")[^"]+')
echo "Nextcloud confirmed at ${SERVERFQDN_NC} (version ${NC_VERSION})."
else
echo ""
echo "WARNING: '${SERVERFQDN_NC}' does not appear to be a valid Nextcloud server."
echo " Could not reach https://${SERVERFQDN_NC}/status.php or response was unexpected."
read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
if [[ "${ans,,}" == "q" ]]; then
echo "Quitting."
exit 1
fi
continue
fi
echo ""
echo "=== Testing: FreeIPA server ==="
IPA_CODE=$(curl -s -o /dev/null -w "%{http_code}" \
"https://${SERVERFQDN_IPA}/ipa/session/json" 2>/dev/null)
if [[ "$IPA_CODE" == "200" || "$IPA_CODE" == "401" ]]; then
echo "FreeIPA server confirmed at ${SERVERFQDN_IPA}."
else
echo ""
echo "WARNING: '${SERVERFQDN_IPA}' does not appear to be a valid FreeIPA server."
echo " https://${SERVERFQDN_IPA}/ipa/session/json returned: ${IPA_CODE:-no response}"
read -rp "Start configuration again (a) or quit (q)? [a/q]: " ans
if [[ "${ans,,}" == "q" ]]; then
echo "Quitting."
exit 1
fi
continue
fi
echo "" echo ""
echo "=== Select Kickstart Profile ===" echo "=== Select Kickstart Profile ==="
KS_DIR="${SCRIPTDIR}/../ks_base_profiles" KS_DIR="${SCRIPTDIR}/../ks_base_profiles"
system_setup/install.sh
+41 -7
View File
@@ -14,7 +14,8 @@ SHRINK_MIB=4096
OEMDRV_LABEL="OEMDRV" OEMDRV_LABEL="OEMDRV"
MOUNT_POINT="/opt/sys_config" MOUNT_POINT="/opt/sys_config"
MOUNT_OPTS="compress=zstd:6" MOUNT_OPTS="compress=zstd:6"
REPO_URL="${1:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}" REPO_URL="${REPO_URL:-https://gitea.dtext.online/obel1x/fedora-OEMDRV.git}"
REPO_BRANCH="${REPO_BRANCH:-main}"
MIN_FREE_MIB=$(( SHRINK_MIB + 512 )) # require 512 MiB headroom above the shrink size MIN_FREE_MIB=$(( SHRINK_MIB + 512 )) # require 512 MiB headroom above the shrink size
# ── Helpers ─────────────────────────────────────────────────────────────────── # ── Helpers ───────────────────────────────────────────────────────────────────
@@ -28,11 +29,37 @@ require_root() {
} }
check_tools() { check_tools() {
declare -A tool_pkg=(
[lsblk]="util-linux" [blkid]="util-linux"
[parted]="parted" [partprobe]="parted"
[mkfs.btrfs]="btrfs-progs" [git]="git"
[e2fsck]="e2fsprogs" [resize2fs]="e2fsprogs"
[tune2fs]="e2fsprogs"
)
local missing=() local missing=()
for tool in lsblk blkid parted partprobe mkfs.btrfs git e2fsck resize2fs tune2fs; do for tool in lsblk blkid parted partprobe mkfs.btrfs git e2fsck resize2fs tune2fs; do
command -v "$tool" >/dev/null 2>&1 || missing+=("$tool") command -v "$tool" >/dev/null 2>&1 || missing+=("$tool")
done done
[[ ${#missing[@]} -eq 0 ]] || die "Missing required tools: ${missing[*]}" [[ ${#missing[@]} -eq 0 ]] && return 0
echo "Missing required tools: ${missing[*]}"
local pkgs=()
for tool in "${missing[@]}"; do
local pkg="${tool_pkg[$tool]}"
[[ " ${pkgs[*]} " != *" $pkg "* ]] && pkgs+=("$pkg")
done
read -r -p " Install missing packages (${pkgs[*]}) with dnf? [y/N]: " ans
if [[ "${ans,,}" == "y" ]]; then
dnf install -y "${pkgs[@]}" || die "Package installation failed."
local still_missing=()
for tool in "${missing[@]}"; do
command -v "$tool" >/dev/null 2>&1 || still_missing+=("$tool")
done
[[ ${#still_missing[@]} -eq 0 ]] || die "Still missing after install: ${still_missing[*]}"
else
die "Missing required tools: ${missing[*]}"
fi
} }
# Returns 0 if the remote install.sh matches this script's checksum, # Returns 0 if the remote install.sh matches this script's checksum,
@@ -43,7 +70,7 @@ check_repo_url() {
tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX) tmpdir=$(mktemp -d /tmp/oemdrv_repocheck.XXXXXX)
if ! curl -fsSL "${REPO_URL%.git}/raw/branch/main/system_setup/install.sh" \ if ! curl -fsSL "${REPO_URL%.git}/raw/branch/${REPO_BRANCH}/system_setup/install.sh" \
-o "$tmpdir/install.sh" 2>/dev/null; then -o "$tmpdir/install.sh" 2>/dev/null; then
rm -rf "$tmpdir" rm -rf "$tmpdir"
return 1 return 1
@@ -267,13 +294,13 @@ info "Verifying repository URL..."
check_repo_url check_repo_url
case $? in case $? in
1) echo 1) echo
echo "WARNING: '$REPO_URL' is not a reachable git repository." echo "WARNING: '$REPO_URL' branch '${REPO_BRANCH}' is not a reachable git repository."
read -r -p " Continue anyway? [y/N]: " ans read -r -p " Continue anyway? [y/N]: " ans
[[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; } [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
;; ;;
2) echo 2) echo
echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'" echo "WARNING: The checksum of this script does not match 'system_setup/install.sh'"
echo " at '$REPO_URL'." echo " at '$REPO_URL' branch '${REPO_BRANCH}'."
echo " You may be running an outdated or modified version of install.sh." echo " You may be running an outdated or modified version of install.sh."
read -r -p " Continue anyway? [y/N]: " ans read -r -p " Continue anyway? [y/N]: " ans
[[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; } [[ "${ans,,}" == "y" ]] || { echo "Aborted."; exit 0; }
@@ -470,8 +497,15 @@ mount -o "$MOUNT_OPTS" "$OEMDRV_DEV" "$MOUNT_POINT" || die "mount failed."
info "Cloning $REPO_URL into $MOUNT_POINT..." info "Cloning $REPO_URL into $MOUNT_POINT..."
cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT." cd "$MOUNT_POINT" || die "Cannot cd to $MOUNT_POINT."
git clone --progress --depth 1 "$REPO_URL" . || die "git clone failed." git clone --progress --depth 1 -b $REPO_BRANCH "$REPO_URL" . || die "git clone failed."
chmod o=rwX . -R # to make changes to the configuration possible after install
# Write hardware UUID to a user-readable per-machine file
dmidecode -t system | grep -i 'UUID' \
| sed 's/UUID: //' | tr '[:upper:]' '[:lower:]' \
| sed 's/[^0-9a-z]*//g' | xargs | tail -c 13 \
> "./config.d/machine_uuid.sys"
chmod o=rwX . -R # to make changes to the configuration possible after install
# ── Done ────────────────────────────────────────────────────────────────────── # ── Done ──────────────────────────────────────────────────────────────────────
system_setup/mount_ecrypt_home.sh
+6 -5
View File
@@ -80,19 +80,20 @@ else
fi fi
fi fi
if [ "${ENCKEY}." == "." ]; then if [ "${ENCKEY}." == "." ]; then
echo "Some Error while fetching your Credentials. This should not happen. Quit." echo "Some Error while fetching your IPA Vault Key. This should not happen. Quit."
rm /var/tmp/IPAVAULTKEY.txt rm /var/tmp/IPAVAULTKEY.txt
exit 2 exit 2
fi fi
echo "Sucessfuly obtained IPA vault fileencryption key."
#Setup and use encrypted filesystem #Setup and use encrypted filesystem
if [ ! -d "${DECRYPTEDDATADIR}" ]; then if [ ! -d "${DECRYPTEDDATADIR}" ] || [ ! -f "${HOME}/.config/gocryptfs/gocryptfs.conf" ]; then
#Key has been obtained, but no Directory was created till know #Key has been obtained, but no Directory was created till know
echo "First Setup of encryption: Creating new Directories now" echo "First Setup of encryption: Creating new Directories now"
mkdir -p ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} ${HOME}/.config/gocryptfs mkdir -p ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} ${HOME}/.config/gocryptfs
gocryptfs -init -passfile /var/tmp/IPAVAULTKEY.txt -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} >/dev/null gocryptfs -init -allow_other -passfile /var/tmp/IPAVAULTKEY.txt -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} >/dev/null
fi fi
gocryptfs -noprealloc -passfile /var/tmp/IPAVAULTKEY.txt -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null gocryptfs -noprealloc -allow_other -passfile /var/tmp/IPAVAULTKEY.txt -config ${HOME}/.config/gocryptfs/gocryptfs.conf ${ENCRYPTEDDATADIR} ${DECRYPTEDDATADIR} >/dev/null
RETVAL=$? RETVAL=$?
rm /var/tmp/IPAVAULTKEY.txt rm /var/tmp/IPAVAULTKEY.txt
cd ${EXECDIR} cd ${EXECDIR}
@@ -100,6 +101,6 @@ if [ ${RETVAL} -eq 0 ]; then
echo "Sucessfully mounted encrypted private Directory ${DECRYPTEDDATADIR}" echo "Sucessfully mounted encrypted private Directory ${DECRYPTEDDATADIR}"
exit 0 exit 0
else else
echo "Errorcode ${RETAVAL}" echo "Errorcode ${RETVAL}"
exit 1 exit 1
fi fi
system_setup/setup_system_full.sh
+5 -2
View File
@@ -67,7 +67,7 @@ ExecStart=/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run
#ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400 #ExecStart=-/sbin/agetty --noclear -n -l "/bin/sh ${SCRIPTPATH}/${SCRIPTNAME} firstrun_run" %I 38400
# user interaction in tty8 # user interaction in tty8
StandardInput=tty StandardInput=tty
TTYPath=/dev/tty2 TTYPath=/dev/tty8
TTYReset=yes TTYReset=yes
TTYVHangup=yes TTYVHangup=yes
@@ -132,6 +132,9 @@ install_sw()
#Make KDE single click #Make KDE single click
echo -e "[KDE]\nSingleClick=true" | tee -a /etc/xdg/kdeglobals echo -e "[KDE]\nSingleClick=true" | tee -a /etc/xdg/kdeglobals
#Make encryption accessible for root
echo "user_allow_other" >>/etc/fuse.conf
#Set openh264 enabled #Set openh264 enabled
dnf config-manager setopt fedora-cisco-openh264.enabled=1 dnf config-manager setopt fedora-cisco-openh264.enabled=1
@@ -142,7 +145,7 @@ install_sw()
ipa_register_host() ipa_register_host()
{ {
#Integrate this PC into Domain #Integrate this PC into Domain
chvt 2 chvt 8
#Check if IPA is already Configured #Check if IPA is already Configured
echo "Checking for existing IPA- Setup." echo "Checking for existing IPA- Setup."
if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then if ( grep -q "${FQDN}" /etc/ipa/default.conf ); then
system_setup/sync_client_software.sh
+1 -1
View File
@@ -12,7 +12,7 @@ fi
#Check Token #Check Token
if [ "${DAVTOKEN_USER}." == "." ]; then if [ "${DAVTOKEN_USER}." == "." ]; then
echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environement from logon-script." echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script."
echo "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' echo "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
echo "Hint: the rule must contain the !authenticate and setenv option to work." echo "Hint: the rule must contain the !authenticate and setenv option to work."
echo "Press any key to continue" && read -n 1 -s -r && exit 1 echo "Press any key to continue" && read -n 1 -s -r && exit 1