Introduce client_software_cust

For customer setups, the software repository was split into client_software and client_software_cust.

Obsoleted sync for client_software.

.gitignore

@@ -1,12 +1,14 @@
 .Trash*
 *.kdev4
 .kdev4/*
-client_software/.sync_*.db
-client_software/setup_system.conf
+ks_pc_prof/*
+ks.cfg
 config/*
 !config/README.md
 config.d/*.conf
 config.d/*.sys
 config.d/*.bak
-ks_pc_prof/*
-ks.cfg
+client_software/.sync_*.db
+client_software/setup_system.conf
+client_software_cust/*
+!client_software_cust/README.md

client_software/0010_kwallet/install.sh

@@ -18,13 +18,13 @@ echo "Setup KWallet Password- Service."
 
 #Check for root
 if [ "$EUID" -ne 0 ]; then
-    echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
+    echo "Error: Script requires root."
     exit 1
 fi
 
 #Check Token
 if [ "${DAVTOKEN_USER}." == "." ]; then
-    echo "Error: Script cannot be executed standalone and needs a prereserved Environment. Quit."
+    echo "Error: Script cannot be executed standalone and needs a prereserved environment from sync_client_software.sh. Quit."
     exit 1
 fi
 

client_software/0010_kwallet/user_run.sh

@@ -1,6 +1,13 @@
 #!/bin/bash
 # Restart and test Kwallet- Service
 
+#Check Token
+if [ "${DAVTOKEN_USER}." == "." ]; then
+    echo "Error: Script cannot be executed standalone and needs a prereserved environment from sync_client_software.sh. Quit."
+    exit 1
+fi
+
+
 # Vars
 WALLETAPPID="sys_config_wallet_script"
 WALLETNAME="kdewallet"

client_software/0110_nextcloud_talk_app/install.sh

@@ -7,7 +7,13 @@
 
 #Check for root
 if [ "$EUID" -ne 0 ]; then
-    echo "Error: Script requires root. Please check if ${SCRIPTPATH}/${SCRIPTNAME} is in sudoers rules and if you are a member. And if executed via sudo."
+    echo "Error: Script requires root."
+    exit 1
+fi
+
+#Check Token
+if [ "${DAVTOKEN_USER}." == "." ]; then
+    echo "Error: Script cannot be executed standalone and needs a prereserved environment from sync_client_software.sh. Quit."
     exit 1
 fi
 

client_software/README.md

@@ -1,7 +1,9 @@
-Central Software installation script Repository
-Must be executed from script ../sync_client_software.sh
+# Pre installed software installation script repository
 
-The install script here will check for the right environment, and execute the install.sh script in each directory.
+Contains Packages to install and setup at user logon first.
+Each package is in one directory and may include two scripts which will be called from user logon script:
 
-Be sure to name the directories to get sorted the right way.
-E.g. you may use all base installations with directories beginning with numbers < 0100 and all additional apps with numbers > 0100
+- install.sh - will be called with root- privileges to install software or other administrative tasks
+- user_run.sh - will get executed after all admins scripts had been executed in user context to setup user configs ad data
+
+The execution will be sorted by directory name.

client_software/install.sh

@@ -2,51 +2,12 @@
 # SPDX-FileCopyrightText: Daniel Pätzold
 # SPDX-License-Identifier: AGPL-3.0-or-later
 #
-# Central sofwareinstallation script. Should be called from ""/sys_config/system_setup/sync_client_software.sh install"
-# If P1 is given, only installs will be executed, that are containing the P1 string in their dirname
+# Obsolete Script
+# Will get removed completely, its only here to advise the user to update and rerun the logon_script
 #
-if [ "$EUID" -ne 0 ] || [ "$SUDO_USER." == "." ]; then
-    echo "Error: Script requires root privileges and a sudo environment."
-    exit 1
-fi
 
-#Check Token
-if [ "${DAVTOKEN_USER}." == "." ]; then
-    echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script."
-    echo "To get executed without password prompt, use the NOPASSWD rule in sudo. In FreeIPA you can use the sudo-option !authenticate in the sudo rule."
-    echo "Additionally add the sudo command to the rule: ^\/sys_config\/system_setup\/sync_client_software\.sh.*$"
-    echo "Press any key to continue" && read -n 1 -s -r && exit 1
-fi
-
-echo "Installing additional Software."
-for DIR in $(ls -d ${CLIENT_SOFTWARE_DST}/*/ | sort);     # list directories in the form "/tmp/dirname/"
-do
-    DIR=${DIR%*/}      # remove the trailing "/"
-    if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
-      #search for string in dir
-      echo "Skipping ${DIR} while not in search parameter ( $1 )."
-      continue
-    fi
-    if [ -f "${DIR}/install.sh" ]; then
-        echo "*** ==================== ***"
-        echo "*** Installing ${DIR##*/} ***" # print everything after the final "/"
-        cd ${DIR}
-        ${DIR}/install.sh
-        if [ $? -ne 0 ]; then
-          echo "*** ==================== ***"
-          echo "Some Error in script, will not continue. Please check."
-          echo "Press any key to continue."
-          read -n 1 -s -r
-          cd ${SCRIPTPATH}
-          exit 1
-        fi
-        echo "*** ==================== ***"
-    fi
-done
-cd ${SCRIPTPATH}
-
-#Last, remove unused Flatpak- Runtimes and unused Data
-echo "Removing unused Flatpak- Data."
-flatpak uninstall --unused -y
-su -c "flatpak uninstall --delete-data -y" $SUDO_USER
-echo "Sucessfully Installed Software."
+echo " ==================== "
+echo "Obsolete Script $0 called. Please update via git (should have been done already, check above!) and rerun the logon_script by relogon again."
+echo "This Message should disappear then. Press any key to continue."
+read -n 1 -s -r
+exit 1

client_software/user_run.sh

@@ -2,43 +2,12 @@
 # SPDX-FileCopyrightText: Daniel Pätzold
 # SPDX-License-Identifier: AGPL-3.0-or-later
 #
-# Running user scripts after install (as user, not root)
-# If P1 is given, only scripts will be executed, that are containing the P1 string in their dirname
+# Obsolete Script
+# Will get removed completely, its only here to advise the user to update and rerun the logon_script
 #
 
-#Check Token
-if [ "${DAVTOKEN_USER}." == "." ]; then
-    echo "Error: Script cannot be executed standalone and needs a prereserved environement from logon-script."
-    echo "Press any key to continue" && read -n 1 -s -r && exit 1
-fi
-
-echo "Running user scripts in software."
-for DIR in $(ls -d ${CLIENT_SOFTWARE_DST}/*/ | sort);     # list directories in the form "/tmp/dirname/"
-do
-    DIR=${DIR%*/}      # remove the trailing "/"
-    if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
-      #search for string in dir
-      echo "Skipping ${DIR} while not in search parameter ( $1 )."
-      continue
-    fi
-    if [ -f "${DIR}/user_run.sh" ]; then
-        echo "*** ==================== ***"
-        echo "*** Running ${DIR##*/} ***" # print everything after the final "/"
-        cd ${DIR}
-        ${DIR}/user_run.sh
-        if [ $? -ne 0 ]; then
-          echo "*** ==================== ***"
-          echo "Some Error in script, will not continue. Please check."
-          echo "Press any key to continue."
-          read -n 1 -s -r
-          cd ${SCRIPTPATH}
-          exit 1
-        fi
-        echo "*** ==================== ***"
-    fi
-done
-echo "Completed user scripts in software."
-
-cd ${SCRIPTPATH}
-exit 0
-
+echo " ==================== "
+echo "Obsolete Script $0 called. Please update via git (should have been done already, check above!) and rerun the logon_script by relogon again."
+echo "This Message should disappear then. Press any key to continue."
+read -n 1 -s -r
+exit 1

client_software_cust/README.md

@@ -0,0 +1,14 @@
+# Companys Software Repository
+
+This Repository contains the software of you company, which is delivered by your company admins.
+All files here despite this README ar not traked by git and are not part of installation packages.
+Your Company is completely free to add files to it.
+Your Company is encouraged to setup its own git repository
+
+The scripts will be run at logon time after the scripts of the predefined software has been installed.
+Each package is in one directory and may include two scripts which will be called from user logon script:
+
+- install.sh - will be called with root- privileges to install software or other administrative tasks
+- user_run.sh - will get executed after all admins scripts had been executed in user context to setup user configs ad data
+
+The execution will be sorted by directory name.

config.d/README.md

@@ -1,4 +1,4 @@
 # Local config Files
 
-You may have .conf files in here, which will be not be touched by anything and will be sourced by the scripts to overwrite any of the settings in setup_system.conf.dist
-The syntax should be same as setup_system.conf.dist
+You may have SYSTEM specific .conf files in here, which will be not be touched by anything and will be sourced by the scripts to overwrite any of the settings in setup_system.conf.dist.
+Don't use this folder for special settings of your company. It is only for the PC itself if it is configured in another way as all others. The syntax should be same as setup_system.conf.dist

system_setup/config.dist/setup_system.conf.dist

@@ -31,8 +31,13 @@ fi
 export FQDN=${HOSTNM}.${DOMAIN}
 
 #Additional Client-Software- Repository-Folder in Nextcloud (Shared Folder / Systemwide)
-export CLIENT_SOFTWARE_DST="/opt/sys_config/client_software" # Optional. If you don't have a Folder that should always be synced, leave this empty
-export CLIENT_SOFTWARE_SRC="/Shared/sw_geteilt/client_software" Set to the Nextcloud directory where the software should come from
+export CLIENT_SOFTWARE_CUST_DST="${SYSCONFIGPATH}/client_software_cust" # Required. Must not be changed!
+export CLIENT_SOFTWARE_CUST_SRC="/Shared/sw_geteilt/client_software_cust" # Set to the Nextcloud directory where the software should come from
+
+# OBSOLETE / OLD Variables for packaged files under client_software. Those files will not be synced to NC any more!
+# if still set, they will cause sync to complain about it
+unset CLIENT_SOFTWARE_DST
+unset CLIENT_SOFTWARE_SRC
 
 #Secure File Encryption
 #Needs a running KRA- Service on FreeIPA

system_setup/logon_script.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # SPDX-FileCopyrightText: Daniel Pätzold
 # SPDX-License-Identifier: AGPL-3.0-or-later
 #
@@ -57,8 +57,9 @@ fi
 # Mount the private Directory
 elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"
 if [ $? -ne 0 ]; then
-    elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
-    elog_add "The script was searched by SYSCONFIGPATH in directory ${SYSCONFIGPATH}, please check if your setup is correct."
+    elog_add "Some Error when running/mounting private Directory, cannot continue. Your Data will not be available."
+    elog_add "If the File was not found: The mount script was searched in directory ${SYSCONFIGPATH} which is defined by SYSCONFIGPATH in your config."
+    elog_add "Please check if your setup is correct."
     elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}"
     echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
@@ -66,7 +67,7 @@ fi
 #Get WEBDAV TOKEN from Nextcloud
 get_nc_token
 if [ $? -ne 0 ]; then
-    elog_add "Some Error when mounting private Directory, cannot continue. Your Data will not be available."
+    elog_add "Some Error when getting WEBDAV token. Cannot continue. Your Data will not be available."
     echo "Press any key to continue" && read -n 1 -s -r && exit 1
 fi
 elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}"
@@ -78,6 +79,17 @@ elog_add "Update and install client software"
 #Set global to enable git
 git config --global --add safe.directory /opt/sys_config
 
+# Pre check for old configuration parameters, will be removed in the future
+if [ ! -z "${CLIENT_SOFTWARE_DST}" ] || [ ! -z "${CLIENT_SOFTWARE_SRC}" ]; then
+    elog_add " ===================="
+    elog_add "WARNING: Your company/setup has still CLIENT_SOFTWARE_DST or CLIENT_SOFTWARE_SRC set."
+    elog_add "These parameters are obsolete and must be removed! The new parameters are CLIENT_SOFTWARE_CUST_DST and CLIENT_SOFTWARE_CUST_SRC"
+    elog_add "as the software repository has been split into customer software and distributed software."
+    elog_add "Please try to relog first. If this problem reoccures, contact your system admins to correct it."
+    elog_add "Will continue with the new path. Press any key to continue."
+    read -n 1 -s -r
+fi
+
 # First, check the sudo rule
 elog_add "Check the matching client rule:"
 #Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent
@@ -116,8 +128,6 @@ else
         elog_add ""
         elog_add "Running client software sync..."
         elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install $1"
-        #ERRTXT=$( { /usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install > >(tee -a ${LOGFILE}); } 2>&1 )
-        #ERR=$?
         if [[ $RETNO -ne 0 ]]; then
             elog_add "Errorcode was $RETNO"
             elog_add "Error executing software sync and install, please check your output!"
@@ -125,18 +135,77 @@ else
         fi
     fi
 fi
-echo ""
 
 #Anyway run user scripts if existent
-elog_add_command "${CLIENT_SOFTWARE_DST}/user_run.sh $1"
-if [ $? -ne 0 ]; then
-    exit 1
+#elog_add_command "${CLIENT_SOFTWARE_DST}/user_run.sh $1"
+elog_add "Running all software scripts in user- context."
+#1. Run the scripts, that are delivered by the package maintainers
+elog_add "Pre Installed scripts"
+for DIR in $(ls -d ${SYSCONFIGPATH}/client_software/*/ | sort);     # list directories in the form "/tmp/dirname/"
+do
+    DIR=${DIR%*/}      # remove the trailing "/"
+    if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
+      #search for string in dir
+      elog_add "Skipping ${DIR} while not in search parameter ( $1 )."
+      continue
+    fi
+    if [ -f "${DIR}/user_run.sh" ]; then
+        elog_add " >>> Running ${DIR}/user_run.sh"
+        cd ${DIR}
+        elog_add_command "${DIR}/user_run.sh"
+        if [ $? -ne 0 ]; then
+          elog_add " ===================="
+          elog_add "Some Error in script, will not continue. Please check."
+          elog_add "Press any key to continue."
+          read -n 1 -s -r
+          exit 1
+        fi
+        elog_add " ===================="
+    fi
+done
+#2. Run the scripts, that are delivered by the package maintainers
+if [ -d "${CLIENT_SOFTWARE_CUST_DST}" ]; then
+  elog_add "Company delivered scripts in ${CLIENT_SOFTWARE_CUST_DST}"
+  for DIR in $(ls -d ${CLIENT_SOFTWARE_CUST_DST}/*/ | sort);     # list directories in the form "/tmp/dirname/"
+  do
+    DIR=${DIR%*/}      # remove the trailing "/"
+    if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
+      #search for string in dir
+      elog_add "Skipping ${DIR} while not in search parameter ( $1 )."
+      continue
+    fi
+    if [ -f "${DIR}/user_run.sh" ]; then
+        elog_add " >>> Running ${DIR}/user_run.sh"
+        cd ${DIR}
+        elog_add_command "${DIR}/user_run.sh"
+        if [ $? -ne 0 ]; then
+          elog_add " ===================="
+          elog_add "Some Error in script, will not continue. Please check."
+          elog_add "Press any key to continue."
+          read -n 1 -s -r
+          exit 1
+        fi
+        elog_add " ===================="
+    fi
+  done
 fi
+elog_add "Completed user scripts in software."
 elog_add  ""
 
+# Remove unused flatpak user installed software and data
+flatpak uninstall --unused -y --user
+flatpak uninstall --delete-data -y
+
 #SYNC Firefox + Thunderbird Profile
-${SYSCONFIGPATH}/system_setup/mozilla_starter.sh firefox sync && ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh thunderbird sync
-elog_add "Successfully synced Mozilla profiles (log in another file)."
+if [ ! -z "${PROFILE_FIREFOX_SRC}" ]; then
+    ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh firefox sync
+fi
+if [ $? -eq 0 ] && [ ! -z "${PROFILE_TB_SRC}" ]; then
+    ${SYSCONFIGPATH}/system_setup/mozilla_starter.sh thunderbird sync
+    if [ $? -eq 0 ]; then
+        elog_add "Successfully synced Mozilla profiles (log in another file)."
+    fi
+fi
 
 elog_add "Sucessfully run logon script (Wait 3 seconds)"
 sleep 3

system_setup/sync_client_software.sh

@@ -130,16 +130,51 @@ if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then
     fi
 fi
 
-#Check if Repository is defined
-if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then
-    echo "No central softwarerepository defined (CLIENT_SOFTWARE_DST). Skipping sync."
+echo "Running all software scripts in admin- context."
+# Run pre installed scripts in client_software
+echo "Running pre installed scripts first."
+for DIR in $(ls -d ${SYSCONFIGPATH}/client_software/*/ | sort); do
+  DIR=${DIR%*/}      # remove the trailing "/"
+  if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
+    #search for string in dir
+    echo "Skipping ${DIR} while not in search parameter ( $1 )."
+    continue
+  fi
+  if [ -f "${DIR}/install.sh" ]; then
+    echo " ===================="
+    echo " >>> Running ${DIR}/install.sh"
+    cd ${DIR}
+    ${DIR}/install.sh
+    if [ $? -ne 0 ]; then
+      echo " ===================="
+      echo "Some Error in script, will not continue. Please check."
+      echo "Press any key to continue."
+      read -n 1 -s -r
+      exit 1
+    fi
+    echo " ===================="
+  fi
+done
+echo "Sucessfully installed pre-defined software."
+echo
+
+# Repository must be the right path (but maybe empty, which is fine)
+if [ "${CLIENT_SOFTWARE_CUST_DST}" != "${SYSCONFIGPATH}/client_software_cust" ]; then
+    echo "Error in config: Required parameter CLIENT_SOFTWARE_CUST_DST is missing or set wrong."
+    echo "Please relog and if the problem reoccures, contact your system admins to correct the Values."
+    read -n 1 -s -r -p "Press any key to continue"
+    echo ""
+    exit 1
 else
   # Then, sync all client_software-files
-  if [[ ! -z "${CLIENT_SOFTWARE_SRC}" ]]; then
-    echo "Syncing central softwarerepository ${CLIENT_SOFTWARE_DST}"
+  if [[ -z "${CLIENT_SOFTWARE_CUST_SRC}" ]]; then
+    echo "No customer software sync is defined, skipping sync"
+    echo "${CLIENT_SOFTWARE_CUST_DST} with ${CLIENT_SOFTWARE_CUST_SRC}"
+  else
+    echo "Syncing customer software repository ${CLIENT_SOFTWARE_CUST_DST}"
     # Create Directory if not existent
-    mkdir -p ${CLIENT_SOFTWARE_DST}
-    SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}"
+    mkdir -p ${CLIENT_SOFTWARE_CUST_DST}
+    SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_CUST_SRC} ${CLIENT_SOFTWARE_CUST_DST} https://${SERVERFQDN_NC}"
     SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" )
     echo "Exec: ${SYNCCMD_HIDDENPW}"
     echo "Sync Client Software"
@@ -155,23 +190,47 @@ else
         exit 1
     fi
     echo "Sucessfully synced."
-  fi
-  echo ""
 
-  # After sync again, restore the rights to all filles. They must be owned by root, changeable by admingroup and readable by otherusers (we are root, so we can change!)
-  chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
-  chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
-  #Make all install.sh executable
-  find ${CLIENT_SOFTWARE_DST} -type f -name install.sh -exec chmod ugo+x {} \;
-
-  #Run Software setup
-  echo "Running Setup of Software"
-  if [ $1 == "install" ]; then
-    ${CLIENT_SOFTWARE_DST}/install.sh $2
-    if [ $? -ne 0 ]; then
-        exit 1
-    fi
+    # After sync again, restore the rights to all filles. They must be owned by root, changeable by admingroup and readable by otherusers (we are root, so we can change!)
+    chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH}
+    chmod ug+rwX,o=rX -R ${SYSCONFIGPATH}
   fi
 fi
+echo
+
+#Run customer setup
+if [ ! -z "${CLIENT_SOFTWARE_CUST_DST}" ]; then
+  echo "Running all software scripts in admin- context."
+  #Make all install.sh executable
+  find ${CLIENT_SOFTWARE_CUST_DST} -type f -name install.sh -exec chmod ugo+x {} \;
+  for DIR in $(ls -d ${CLIENT_SOFTWARE_CUST_DST}/*/ | sort); do
+    DIR=${DIR%*/}      # remove the trailing "/"
+    if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
+      #search for string in dir
+      echo "Skipping ${DIR} while not in search parameter ( $1 )."
+      continue
+    fi
+    if [ -f "${DIR}/install.sh" ]; then
+        echo " ===================="
+        echo " >>> Running ${DIR}/install.sh"
+        cd ${DIR}
+        ${DIR}/install.sh
+        if [ $? -ne 0 ]; then
+          echo " ===================="
+          echo "Some Error in script, will not continue. Please check."
+          echo "Press any key to continue."
+          read -n 1 -s -r
+          exit 1
+        fi
+        echo " ===================="
+    fi
+  done
+fi
+
+#Last, remove unused Flatpak- Runtimes and unused Data
+echo "Removing unused Flatpak- Data."
+flatpak uninstall --unused -y
+
+echo "Sucessfully installed software."
 echo ""
 exit 0