diff --git a/client_software/.gitignore b/client_software/.gitignore new file mode 100644 index 0000000..699e140 --- /dev/null +++ b/client_software/.gitignore @@ -0,0 +1 @@ +.sync_*.db diff --git a/client_software/0010_nextcloud_desktopclient/install.sh b/client_software/0010_nextcloud_desktopclient/install.sh new file mode 100755 index 0000000..1ff066e --- /dev/null +++ b/client_software/0010_nextcloud_desktopclient/install.sh @@ -0,0 +1,79 @@ +#!/usr/bin/env sh +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Sofwareinstallation script for Nextcloud Desktop +# +echo "Setup Nextcloud- Sync" + +#Check for root +if [ "$EUID" -ne 0 ]; then + echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo." + exit 1 +fi + +#Check Token +if [ "${DAVTOKEN_USER}." == "." ]; then + echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit." + exit 1 +fi + +#Check if Option is Configured to use Nextcloud Desktop Data- Sync +if [ "${CLIENT_DATA_DST}." == "." ]; then + echo "CLIENT_DATA_DST not set, skipping setup of Nextcloud Desktop sync of Data-Directory" + exit 0 +fi + +#Local Vars +BASECMD="/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloud com.nextcloud.desktopclient.nextcloud" +SYNCCMD="$BASECMD --userid ${DAVTOKEN_USER} --apppassword ${DAVTOKEN_PASS} --localdirpath ${CLIENT_DATA_DST} --remotedirpath ${CLIENT_DATA_SRC} --serverurl https://${SERVERFQDN_NC}" +SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" ) + +#Check if Nextcloud was already setup +if grep -q "localPath=${CLIENT_DATA_DST}" "/${SUDO_HOME}/.var/app/com.nextcloud.desktopclient.nextcloud/config/Nextcloud/nextcloud.cfg"; then + SETUP_NEEDED="0" +else + SETUP_NEEDED="1" +fi + +#Remove Nextcloud from autostart - if it was started befor the ecrypted mount, i will never sync and always throw an error that the local dir is missing +if [ -f "$SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop" ]; then + echo "Remove Autostart Nextcloud" + rm $SUDO_HOME/.config/autostart/com.nextcloud.desktopclient.nextcloud.desktop + #Stopping Nextcloud + su -c "$BASECMD --quit 1>/dev/null 2>/dev/null" $SUDO_USER + sleep 5 +fi + +if [ $SETUP_NEEDED = "0" ]; then + echo "Nextcloud was already setup, skipping configure and starting Service" + echo "If you want to reset, please delete the Folder [HOME]/.var/app/com.nextcloud.desktopclient.nextcloud manually." + echo "Command: rm -ri ~/.var/app/com.nextcloud.desktopclient.nextcloud/" + su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER + exit $? +fi + +#No check for installed Nextcloud needed, because it will be installed by calling script sync_client_software.sh + +echo "Syncing Files from remote ${CLIENT_DATA_SRC} to local ${CLIENT_DATA_DST}" +if [ -d "${CLIENT_DATA_DST}" ]; then + echo "Old unsynced Foler ${CLIENT_DATA_DST} was found, renaming to ${CLIENT_DATA_DST}_bak." + mv "${CLIENT_DATA_DST}" "${CLIENT_DATA_DST}_bak" +fi +su -c "mkdir -p ${CLIENT_DATA_DST}" $SUDO_USER +#Cleanup Nextcloud Configuration completely, while otherwise, the configure will not work +echo "Remove $SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud" +rm -rif "$SUDO_HOME/.var/app/com.nextcloud.desktopclient.nextcloud" + +#echo "Exec as $SUDO_USER: ${SYNCCMD}" +echo "Exec as $SUDO_USER: ${SYNCCMD_HIDDENPW}" +su -c "${SYNCCMD}" $SUDO_USER +if [ $? -ne 0 ]; then + echo "=========== !!! ========================" + echo "Error: It looks like this did not work!" + echo "Please check the above output!" + exit 1 +fi +# Now start Nextcloud +su -c "nohup ${BASECMD} 1>/dev/null 2>/dev/null &" $SUDO_USER +echo "Done Setup of Nextcloud." diff --git a/client_software/0030_desktop/Firefox.desktop b/client_software/0030_desktop/Firefox.desktop new file mode 100644 index 0000000..6785c03 --- /dev/null +++ b/client_software/0030_desktop/Firefox.desktop @@ -0,0 +1,17 @@ +[Desktop Entry] +Comment[de_DE]= +Comment= +Exec=/opt/sys_config/system_setup/mozilla_starter.sh firefox run +GenericName[de_DE]= +GenericName= +Icon=firefox +MimeType= +Name[de_DE]=Firefox +Name=Firefox +Path=/opt/sys_config/system_setup +StartupNotify=true +Terminal=true +TerminalOptions= +Type=Application +X-KDE-SubstituteUID=false +X-KDE-Username= diff --git a/client_software/0030_desktop/Thunderbird.desktop b/client_software/0030_desktop/Thunderbird.desktop new file mode 100644 index 0000000..c23afff --- /dev/null +++ b/client_software/0030_desktop/Thunderbird.desktop @@ -0,0 +1,17 @@ +[Desktop Entry] +Comment[de_DE]= +Comment= +Exec=/opt/sys_config/system_setup/mozilla_starter.sh thunderbird run +GenericName[de_DE]= +GenericName= +Icon=thunderbird +MimeType= +Name[de_DE]=Thunderbird +Name=Thunderbird +Path=/opt/sys_config/system_setup +StartupNotify=true +Terminal=true +TerminalOptions= +Type=Application +X-KDE-SubstituteUID=false +X-KDE-Username= diff --git a/client_software/0030_desktop/install.sh b/client_software/0030_desktop/install.sh new file mode 100755 index 0000000..966cf48 --- /dev/null +++ b/client_software/0030_desktop/install.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env sh +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Sofwareinstallation script for Nextcloud Talk. +# + +#Check for root +if [ "$EUID" -ne 0 ]; then + echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo." + exit 1 +fi + +cp -n *.desktop $SUDO_HOME/Schreibtisch +chown $SUDO_USER:$SUDO_USER $SUDO_HOME/Schreibtisch/*.desktop diff --git a/client_software/0110_nextcloud_talk_app/.gitignore b/client_software/0110_nextcloud_talk_app/.gitignore new file mode 100644 index 0000000..66b3739 --- /dev/null +++ b/client_software/0110_nextcloud_talk_app/.gitignore @@ -0,0 +1 @@ +Nextcloud.Talk-linux-x64.flatpak diff --git a/client_software/0110_nextcloud_talk_app/com.nextcloud.talk.desktop b/client_software/0110_nextcloud_talk_app/com.nextcloud.talk.desktop new file mode 100644 index 0000000..5f75a53 --- /dev/null +++ b/client_software/0110_nextcloud_talk_app/com.nextcloud.talk.desktop @@ -0,0 +1,10 @@ +[Desktop Entry] +Categories=Network;InstantMessaging;Chat;VideoConference; +Comment=Official desktop client for Nextcloud Talk +Exec=/usr/bin/flatpak run --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk @@u %U @@ +GenericName=Video and Chat Communication +Icon=com.nextcloud.talk +Name=Nextcloud Talk +StartupNotify=true +Type=Application +X-Flatpak=com.nextcloud.talk diff --git a/client_software/0110_nextcloud_talk_app/install.sh b/client_software/0110_nextcloud_talk_app/install.sh new file mode 100755 index 0000000..0a12181 --- /dev/null +++ b/client_software/0110_nextcloud_talk_app/install.sh @@ -0,0 +1,38 @@ +#!/usr/bin/env sh +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Sofwareinstallation script for Nextcloud Talk. +# + +#Check for root +if [ "$EUID" -ne 0 ]; then + echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo." + exit 1 +fi + +FILENAME="Nextcloud.Talk-linux-x64.flatpak" +SCRIPTPATH="$( cd -- "$(dirname "$0")" >/dev/null 2>&1 ; pwd -P )" +if [ ${SCRIPTPATH::2} == "//" ]; then + SCRIPTPATH=${SCRIPTPATH:1} +fi +echo "Getting new Version online and saving File to ${SCRIPTPATH}/${FILENAME}" +wget -q -P ${SCRIPTPATH} --timestamping https://github.com/nextcloud-releases/talk-desktop/releases/latest/download/${FILENAME} + +# Not needed: Package has no Version, but internal Commit should be automagically detected, see "flatpak list -d" +#INSTINFO=$( /usr/bin/flatpak list --columns=app,version | grep com.nextcloud.talk ) + +#Hint: If this fails, try to remove and Download the File again + +# Install or update Talk - always in Superuser- Mode +# As User you may install Talk in userspace (with -u), but you cannot update the runtime org.freedesktop.Platform/x86_64/XX.YY +# So it does not make any sense to install as user +/usr/bin/flatpak install -y --or-update --noninteractive --bundle ${SCRIPTPATH}/${FILENAME} && echo Done Install of ${FILENAME} + +#TODO: Check if Talk is installed - if not, exit 1 + +exit 0 + +#Start App - is not working, always quits with that shell +#nohup /usr/bin/flatpak run -u --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk --background >/dev/null & +#/usr/bin/flatpak run -u --branch=stable --arch=x86_64 --command=electron-wrapper --file-forwarding com.nextcloud.talk --background @@u %U @@ >/dev/null 2>&1 & diff --git a/client_software/README.md b/client_software/README.md new file mode 100644 index 0000000..20b2f74 --- /dev/null +++ b/client_software/README.md @@ -0,0 +1,7 @@ +Central Software installation script Repository +Must be executed from script ../sync_client_software.sh + +The install script here will check for the right environment, and execute the install.sh script in each directory. + +Be sure to name the directories to get sorted the right way. +E.g. you may use all base installations with directories beginning with numbers < 0100 and all additional apps with numbers > 0100 diff --git a/client_software/install.sh b/client_software/install.sh new file mode 100755 index 0000000..ece4cb2 --- /dev/null +++ b/client_software/install.sh @@ -0,0 +1,46 @@ +#!/usr/bin/env sh +# SPDX-FileCopyrightText: Daniel Pätzold +# SPDX-License-Identifier: AGPL-3.0-or-later +# +# Central sofwareinstallation script. Should be called from ""/sys_config/system_setup/sync_client_software.sh install" +# +if [ "$EUID" -ne 0 ] || [ "$SUDO_USER." == "." ]; then + echo "Error: Script requires root privileges and a sudo environment." + exit 1 +fi + +#Check Token +if [ "${DAVTOKEN_USER}." == "." ]; then + echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script." + echo "To get executed without password prompt, use the NOPASSWD rule in sudo. In FreeIPA you can use the sudo-option !authenticate in the sudo rule." + echo "Additionally add the sudo command to the rule: ^\/sys_config\/system_setup\/sync_client_software\.sh.*$" + echo "Press any key to continue" && read -n 1 -s -r && exit 1 +fi + +echo "Installing additional Software." +for DIR in $(ls -d /${SCRIPTPATH}/*/ | sort); # list directories in the form "/tmp/dirname/" +do + DIR=${DIR%*/} # remove the trailing "/" + if [ -f "${DIR}/install.sh" ]; then + echo "*** ==================== ***" + echo "*** Installing ${DIR##*/} ***" # print everything after the final "/" + cd ${DIR} + ${DIR}/install.sh + if [ $? -ne 0 ]; then + echo "*** ==================== ***" + echo "Some Error in script, will not continue. Please check." + echo "Press any key to continue." + read -n 1 -s -r + cd ${SCRIPTPATH} + exit 1 + fi + echo "*** ==================== ***" + fi +done +cd ${SCRIPTPATH} + +#Last, remove unused Flatpak- Runtimes and unused Data +echo "Removing unused Flatpak- Data." +flatpak uninstall --unused -y +su -c "flatpak uninstall --delete-data -y" $SUDO_USER +echo "Sucessfully Installed Software." diff --git a/system_setup/logon_script.sh b/system_setup/logon_script.sh index ce54ce2..944d9ec 100755 --- a/system_setup/logon_script.sh +++ b/system_setup/logon_script.sh @@ -14,7 +14,7 @@ elog_add "Logging to File ${LOGFILE}" if [ "$EUID" -eq 0 ]; then elog_add "Error: Cannot run this script as root." - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #TODO C: Check if Desktop is KDE/Plasma and support other Displays @@ -22,51 +22,62 @@ fi kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo if [ $? -ne 0 ]; then elog_add "This script should be run in KDE- Desktop. The setup of kwriteconfig5 has failed. Please check, if you are using KDE." - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Copy current Version of Autostart-Entry +rm -f "${HOME}/.config/autostart/logon_script.sh.desktop" cp "${SCRIPTPATH}/logon_script.sh.desktop" "${HOME}/.config/autostart" if [ $? -ne 0 ]; then elog_add "Failed to setup autostart- entry. Check your installation of these scripts." - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi # Mount the private Directory -if [ ${IPAVAULTUSE} == "true" ]; then - ./mount_ecrypt_home.sh -else - ./mount_nocrypt_home.sh -fi +elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh" if [ $? -ne 0 ]; then elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available." + elog_add "The script was searched by SYSCONFIGPATH in directory ${SYSCONFIGPATH}, please check if your setup is correct." elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}" - echo "Press any key to continue" - read -n 1 -s -r - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Get WEBDAV TOKEN from Nextcloud get_nc_token +if [ $? -ne 0 ]; then + elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available." + echo "Press any key to continue" && read -n 1 -s -r && exit 1 +fi elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}" #Install Software -elog_add "===" -elog_add "Update and install client Software" -# Without sudoers-rule for run without asking for password, it won't run and quit complaining about not askpass utilities found -# Hint: To get this working, create a new ipa rule with options "!authenticate" and "setenv" -# And also add the following sudo-rule: "^\/sys_config\/system_setup\/sync_client_software\.sh.*$" -/usr/bin/sudo -A --preserve-env /sys_config/system_setup/sync_client_software.sh install 2>&1 | tee ${LOGFILE} -a | grep -v askpass -INST_RET=$? -INST_OUT=$( cat ${LOGFILE} ) -if [[ $INST_RET -ne 0 ]]; then - if [[ $INST_OUT == *"askpass"* ]]; then - elog_add "Not doing Software Updates, as your user is not allowed to execute the script without a password." - elog_add "If you want to change this, make a FreeIPA sudoers rule for the script sync_client_software.sh with !authenticate for you and become a member." - else - elog_add "*** Error executing software sync and install, please check your output! ***" - # TODO: This is not working due to the above Command. Redesign command to make it work - exit 1 +elog_add "" +elog_add "Update and install client software" + +# First, check the sudo rule +elog_add "Check the matching client rule:" +#Somewhat strange sudo -l will ask for password instead of just checking if the rule can be found, so it needs -n to be silent +# The behaviour will be: +# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0 +# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the +# error "a password is needed" an retno is 1 +# If there is no sudo rule at all, it will only set retno to 1 +elog_add_command "/usr/bin/sudo -n -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh" +if [[ $RETNO -ne 0 ]]; then + elog_add "Error was no $RETNO" + elog_add "No matching IPA rule found for this user, so the user is not allowed to install software, skipping this." + elog_add "If you want to change: Please check the sudo rules in ipa and your group membership." + elog_add "Hint: the rule must contain the !authenticate and setenv option to work." + elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' +else + elog_add "Matching Sudo rule found." + elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install" + #ERRTXT=$( { /usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install > >(tee -a ${LOGFILE}); } 2>&1 ) + #ERR=$? + if [[ $RETNO -ne 0 ]]; then + elog_add "Errorcode was $RETNO" + elog_add "Error executing software sync and install, please check your output!" + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi fi diff --git a/system_setup/logon_script.sh.desktop b/system_setup/logon_script.sh.desktop index dcd8438..8a61511 100755 --- a/system_setup/logon_script.sh.desktop +++ b/system_setup/logon_script.sh.desktop @@ -1,19 +1,7 @@ #!/usr/bin/env xdg-open [Desktop Entry] -Comment[de_DE]= -Comment= -Exec=/usr/bin/konsole --fullscreen --hide-tabbar --hide-menubar -e /sys_config/system_setup/logon_script.sh -GenericName[de_DE]= -GenericName= +Exec=/usr/bin/konsole --fullscreen --hide-tabbar --hide-menubar -e /opt/sys_config/system_setup/logon_script.sh Icon=application-x-shellscript -MimeType= -Name[de_DE]=logon_script.sh Name=logon_script.sh -Path=/sys_config/system_setup -StartupNotify=true -Terminal=false -TerminalOptions= Type=Application X-KDE-AutostartScript=true -X-KDE-SubstituteUID=false -X-KDE-Username= diff --git a/system_setup/mount_ecrypt_home.sh b/system_setup/mount_ecrypt_home.sh index 9395692..ebf7eba 100755 --- a/system_setup/mount_ecrypt_home.sh +++ b/system_setup/mount_ecrypt_home.sh @@ -19,6 +19,22 @@ if [ $? -eq 0 ]; then exit 0 fi +if [ ${IPAVAULTUSE} == "false" ]; then + #No encryption configured, will warn, but will continue + echo "Warning: Encryption is turned off by configuration (IPAVAULTUSE is set to false)!" + echo "This makes your private data readable by anyone having access to the harddrive. Will continue, but this is not safe!" + echo + mkdir -p ${DECRYPTEDDATADIR} + RETNO=$? + if [ ${RETNO} -eq 0 ]; then + echo "Private Directory set to ${DECRYPTEDDATADIR}" + else + echo "Error setting up Directory ${DECRYPTEDDATADIR}" + fi + ENCKEY="" + exit ${RETNO} +fi + #Test for connectivity curl -I https://${SERVERFQDN_IPA}/ipa/session/json >/dev/null 2>&1 if [ $? -ne 0 ]; then diff --git a/system_setup/mount_nocrypt_home.sh b/system_setup/mount_nocrypt_home.sh deleted file mode 100755 index 46be30f..0000000 --- a/system_setup/mount_nocrypt_home.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# SPDX-FileCopyrightText: Daniel Pätzold -# SPDX-License-Identifier: AGPL-3.0-or-later -# -# 30.12.2025 - Currently, the basic Encryption- System of FreeIPA is NOT WORKING due to failing KRA- Install at FreeIPA -# I created an Issue for that: https://github.com/dogtagpki/pki/issues/5242 -# So we will skip encryption completely! - -source $(dirname "$0")/setup_system.inc.sh -EXECDIR=$(pwd) - -#Check if Directory is alread mounted -grep ${DECRYPTEDDATADIR} /etc/mtab >/dev/null -if [ $? -eq 0 ]; then - #Directory is already mounted - echo "It looks like the directory is already mounted. Not mounting again." - exit 0 -fi - -#Setup and use encrypted filesystem -if [ ! -d "${DECRYPTEDDATADIR}" ]; then - #Key has been obtained, but no Directory was created till know - echo "First Setup of encryption: Creating new Directories now" - mkdir -p ${DECRYPTEDDATADIR} - if [ $? -eq 0 ]; then - echo "Sucessfully mounted encrypted private Directory ${DECRYPTEDDATADIR}" - exit 0 - else - echo "Errorcode ${RETAVAL}" - exit 1 - fi -fi diff --git a/system_setup/setup_system.conf.dist b/system_setup/setup_system.conf.dist index fe42a83..927917a 100644 --- a/system_setup/setup_system.conf.dist +++ b/system_setup/setup_system.conf.dist @@ -6,7 +6,7 @@ export TLDOMAIN=domain.tld export DOMAIN=clients.${TLDOMAIN} export SERVERFQDN_IPA=ipa.${TLDOMAIN} # Needs to be the IPA- Server export SERVERFQDN_NC=nextcloud.${TLDOMAIN} -export SYSCONFIGPATH="/sys_config" +export SYSCONFIGPATH="/opt/sys_config" export INSTALLDOCS="https://gitea.dtext.online/obel1x/fedora-OEMDRV/src/branch/main/README.md" export CLIENTADMINGROUP="clientadmins" @@ -19,8 +19,8 @@ fi export FQDN=${HOSTNM}.${DOMAIN} #Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide) -export CLIENT_SOFTWARE_DST="/opt/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty -export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" +export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty +export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from #Secure File Encryption #Needs a running KRA- Service on FreeIPA diff --git a/system_setup/setup_system.inc.sh b/system_setup/setup_system.inc.sh index d9498a2..d9b387c 100644 --- a/system_setup/setup_system.inc.sh +++ b/system_setup/setup_system.inc.sh @@ -14,11 +14,11 @@ # fi # return 0 #} -if [ ! -f $(pwd)/setup_system.conf ]; then +if [ ! -f $(dirname "$0")/setup_system.conf ]; then echo "System configuration not found. Please make a copy of setup_system.conf.dist, name it setup_system.conf and check the settings in it before running." - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi -source $(pwd)/setup_system.conf +source $(dirname "$0")/setup_system.conf #Check if the Data- Directory is encrypted check_data_isecrypted() { @@ -32,11 +32,21 @@ check_data_isecrypted() { # Functions for logging elog_init() { + #Create a new logfile and put some text in it echo $@ | tee ${LOGFILE} } elog_add() { + #Append some text to the logile echo $@ | tee ${LOGFILE} -a } +elog_add_command() { + #Run a command, capture all output (STD and ERR) to the logfile AND in variable RETTXT AND output to screen + #Returns the exit value of the command in $? and in RETNO + RETTXT=$( { $@ > >(tee -a ${LOGFILE}); } 2> >(tee -a ${LOGFILE}) ) + RETNO=$? + echo "${RETTXT}" + return ${RETNO} +} # Will set variable DAVTOKEN_USER and DAVTOKEN_PASS to the stored value or get a new one get_nc_token() { diff --git a/system_setup/sync_client_software.sh b/system_setup/sync_client_software.sh index a2e85a1..15e8867 100755 --- a/system_setup/sync_client_software.sh +++ b/system_setup/sync_client_software.sh @@ -9,15 +9,15 @@ source $(dirname "$0")/setup_system.inc.sh #Check for root if [ "$EUID" -ne 0 ]; then echo "Error: Script requires root privileges. It should be executed via logon-script and not standalone." - exit 1 + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Check Token if [ "${DAVTOKEN_USER}." == "." ]; then - echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script." - echo "To get executed without password prompt, use the NOPASSWD rule in sudo. In FreeIPA you can use the sudo-option !authenticate in the sudo rule." - echo "Additionally add the sudo command to the rule: ^\/sys_config\/system_setup\/sync_client_software\.sh.*$" - exit 1 + echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environement from logon-script." + elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' + elog_add "Hint: the rule must contain the !authenticate and setenv option to work." + echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Check if Repository is defined