#!/usr/bin/env sh # SPDX-FileCopyrightText: Daniel Pätzold # SPDX-License-Identifier: AGPL-3.0-or-later # # Central sofwareinstallation script. Should be called from logon-script via sudo and prereserved env #Check for root if [ "$EUID" -ne 0 ]; then echo "Error: Script requires root privileges. It should be executed via logon-script and not standalone." echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Check Token if [ "${DAVTOKEN_USER}." == "." ]; then echo "Error: Script cannot be executed standalone, must be run with a matching sudo rule and needs a prereserved environment from logon-script." echo "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$' echo "Hint: the rule must contain the !authenticate and setenv option to work." echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi #Install or update Nextcloud com.nextcloud.desktopclient.nextcloud echo "Update or install Nextcloud client" /usr/bin/flatpak remote-add --if-not-exists flathub https://dl.flathub.org/repo/flathub.flatpakrepo && \ /usr/bin/flatpak install -y --or-update --noninteractive flathub com.nextcloud.desktopclient.nextcloud && echo "Done Update/Install of Nextcloud." if [[ $? -ne 0 ]]; then echo "" echo "There seems to be a problem with your network connection. Please first check, if your network can be established before reuming." echo "You can press CRTL+C to abort now. Than your data wont be accessible and you need to run \"$0\" again." echo "You can also continue without network. You may need your personal encryptionkey for accessing your data." read -n 1 -s -r -p "Please check Network and press any Key to continue" fi echo "" # Ensure session bus access for Nextcloud (may be blocked by Flatseal or missing from manifest) /usr/bin/flatpak override --system --socket=session-bus com.nextcloud.desktopclient.nextcloud #Do an upgrade of the Base package if its configured and if there are changes chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH} chmod ug+rwX,o=rX -R ${SYSCONFIGPATH} if [[ ! -z "${REPO_URL}" ]]; then echo "Checking for Upgrades on ${REPO_URL} and Branch ${REPO_BRANCH}" REMOTEURL=$( git config --get remote.origin.url ) echo "Remote git URL is ${REMOTEURL}" if [[ "${REMOTEURL}" != "${REPO_URL}" ]]; then echo "This Repo is not on the matching URL, so no update is possible. If you want to change this, check out the docs on how to setup from scratch." else GITBRANCH=$( git rev-parse --abbrev-ref HEAD ) echo "Current branch is ${GITBRANCH}" if [[ "${GITBRANCH}" != "${REPO_BRANCH}" ]]; then echo "This Repo is not on the right branch, so no update is possible." else # Doing upgrade, discarding all local changes frist (is more save than forced pull) echo "Checks have passed, we are now upgrading via git." #Fetch latest commit only (depth=1), reset working tree, purge old history and untracked files git fetch --depth=1 origin ${REPO_BRANCH} && git reset --hard FETCH_HEAD && git -C "${SYSCONFIGPATH}" clean -fd && git gc --prune=now --quiet if [[ $? -ne 0 ]]; then echo "Error: Failure while updating, will continue as is." fi fi fi else echo "REPO_URL is not specified in conf - No Upgrade option available." fi echo "" # At first, sync central configs if they are configured to be synced if [[ ! -z "${DISTCONFIGPATH_SRC}" ]]; then echo "Synced config path was found, doing remote sync." SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${DISTCONFIGPATH_SRC} ${DISTCONFIGPATH} https://${SERVERFQDN_NC}" SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" ) echo "Exec: ${SYNCCMD_HIDDENPW}" echo "Sync Configuration" ${SYNCCMD} >${TEMPDIR}/synccmd_last.log 2>&1 if [[ $? -ne 0 ]]; then echo "Error in sync:" echo "" cat ${TEMPDIR}/synccmd_last.log echo "" echo "Please check if your Token is setup right and for the above Output" read -n 1 -s -r -p "Press any key to continue" echo "" exit 1 fi echo "Sucessfully synced." echo "" # Check, if we are in configure-mode and if so, remove the file and reread the now new synced configuration if [ -f $(dirname "$0")/../config.d/configure.conf ]; then #Check if configuration was obtained by sync if [ -f $(dirname "$0")/../config/setup_system.conf ]; then echo "Existing configuration found in Repository, removing configure-mode and reread the configuration." rm -f $(dirname "$0")/../config.d/configure.conf.bak >/dev/null mv $(dirname "$0")/../config.d/configure.conf $(dirname "$0")/../config.d/configure.conf.bak OLD_REPO_URL="$REPO_URL" OLD_REPO_BRANCH="$REPO_BRANCH" source $(dirname "$0")/setup_system.inc.sh #Compare the Repository URLS after that if [ "$REPO_URL" != "$OLD_REPO_URL" ] || [ "$REPO_BRANCH" != "$OLD_REPO_BRANCH" ]; then echo "The Repository for installation was" echo "$OLD_REPO_URL Branch $OLD_REPO_BRANCH" echo "After reading the config, the Repository has changed to" echo "$REPO_URL Branch $REPO_BRANCH" echo echo "Do you want to create a system specific configuration for the installation Repository, so that" read -r -p "only this system will stay on the Repository for installation? [y/N]: " CREATE_REPO_CONF if [[ "${CREATE_REPO_CONF,,}" == "y" ]]; then echo "export REPO_URL=\"$OLD_REPO_URL\"" >$(dirname "$0")/../config.d/repo.conf echo "export REPO_BRANCH=\"$OLD_REPO_BRANCH\"" >>$(dirname "$0")/../config.d/repo.conf echo "Wrote new $(dirname "$0")/../config.d/repo.conf" fi fi else echo "System is in configure-mode and configuration repository was found and synced, but still not configuration was found" echo "checking file $(dirname "$0")/../config/setup_system.conf" echo "" echo "Please make a copy of system_setup/config.dist/setup_system.conf.dist to config/setup_system.conf and check all settings there." echo "Then rerun the logon script to sync the file to your repository." echo "Press any key to continue" && read -n 1 -s -r && exit 1 fi fi fi #Check if Repository is defined if [ "${CLIENT_SOFTWARE_DST}." == "." ]; then echo "No central softwarerepository defined (CLIENT_SOFTWARE_DST). Skipping sync." else # Then, sync all client_software-files if [[ ! -z "${CLIENT_SOFTWARE_SRC}" ]]; then echo "Syncing central softwarerepository ${CLIENT_SOFTWARE_DST}" # Create Directory if not existent mkdir -p ${CLIENT_SOFTWARE_DST} SYNCCMD="sudo -i /usr/bin/flatpak run --branch=stable --arch=x86_64 --command=nextcloudcmd com.nextcloud.desktopclient.nextcloud -h -u ${DAVTOKEN_USER} -p ${DAVTOKEN_PASS} --path ${CLIENT_SOFTWARE_SRC} ${CLIENT_SOFTWARE_DST} https://${SERVERFQDN_NC}" SYNCCMD_HIDDENPW=$( echo "${SYNCCMD/${DAVTOKEN_PASS}/***HIDDEN***}" ) echo "Exec: ${SYNCCMD_HIDDENPW}" echo "Sync Client Software" ${SYNCCMD} >${TEMPDIR}/synccmd_last.log 2>&1 if [[ $? -ne 0 ]]; then echo "Error in sync:" echo "" cat ${TEMPDIR}/synccmd_last.log echo "" echo "Please check if your Token is setup right and for the above Output" read -n 1 -s -r -p "Press any key to continue" echo "" exit 1 fi echo "Sucessfully synced." fi echo "" # After sync again, restore the rights to all filles. They must be owned by root, changeable by admingroup and readable by otherusers (we are root, so we can change!) chown root:${CLIENTADMINGROUP} -R ${SYSCONFIGPATH} chmod ug+rwX,o=rX -R ${SYSCONFIGPATH} #Make all install.sh executable find ${CLIENT_SOFTWARE_DST} -type f -name install.sh -exec chmod ugo+x {} \; #Run Software setup echo "Running Setup of Software" if [ $1 == "install" ]; then ${CLIENT_SOFTWARE_DST}/install.sh $2 if [ $? -ne 0 ]; then exit 1 fi fi fi echo "" exit 0