unbrot/fedora-OEMDRV
1
0
Fork 0
forked from obel1x/fedora-OEMDRV
Code Pull Requests Activity
Files
536bf095d48a731294690c2b67481c8a6083d073
fedora-OEMDRV/system_setup/logon_script.sh
T
Daniel unbrot Pätzold 536bf095d4 Cosmetic changes
2026-05-08 13:20:37 +02:00

226 lines
9.9 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# SPDX-FileCopyrightText: Daniel Pätzold
# SPDX-License-Identifier: AGPL-3.0-or-later
#
# User logon script for KDE Environement
#
source $(dirname "$0")/setup_system.inc.sh
elog_init "User Logon Script"
elog_add "=================="
elog_add ""
elog_add `date`
elog_add "Logging to File ${LOGFILE}"
if [ "$EUID" -eq 0 ]; then
elog_add "Error: Cannot run this script as root."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
# Check DNS resolution before proceeding - logon depends on IPA and Nextcloud being reachable
_dns_target="${SERVERFQDN_IPA}"
while ! getent hosts "${_dns_target}" >/dev/null 2>&1; do
elog_add "Warning: DNS resolution failed for ${_dns_target} - network or DNS not ready."
echo ""
echo "Warning: DNS resolution failed for ${_dns_target}."
echo "Please check your network connection and DNS settings before continuing."
echo ""
printf " [R]etry [C]ontinue anyway [Q]uit: "
read -r _dns_choice
case "${_dns_choice}" in
[Cc]) elog_add "Continuing despite DNS failure (user choice)."; break ;;
[Qq]) elog_add "Script aborted by user due to DNS failure."; exit 1 ;;
*) elog_add "Retrying DNS check for ${_dns_target}..." ;;
esac
done
#Check for needed python-modules
#For WEBDAV
python -c "import webdav3">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Installing pip module webdav3"
pip install webdavclient3>/dev/null
fi
#For IPA (system package python3-ipaclient, cannot be pip-installed)
python -c "import ipalib">/dev/null 2>&1
if [[ $? -ne 0 ]]; then
echo "Error: python3-ipaclient is not installed. Please install it via: sudo dnf install python3-ipaclient"
fi
if [ "${XDG_CURRENT_DESKTOP}" = "KDE" ]; then
# Start each session empty (not restoring previous apps) - avoids stale mounts and autostart conflicts
kwriteconfig5 --file ksmserverrc --group General --key loginMode 2 >/dev/null 2>&1
# Make kdesu use sudo
kwriteconfig5 --file kdesurc --group super-user-command --key super-user-command sudo >/dev/null 2>&1
fi
# Mount the private Directory
elog_add_command "${SYSCONFIGPATH}/system_setup/mount_ecrypt_home.sh"
if [ $? -ne 0 ]; then
elog_add "Some Error when running/mounting private Directory, cannot continue. Your Data will not be available."
elog_add "If the File was not found: The mount script was searched in directory ${SYSCONFIGPATH} which is defined by SYSCONFIGPATH in your config."
elog_add "Please check if your setup is correct."
elog_add "If you want to redo this script here, execute ${SCRIPTPATH}/${SCRIPTNAME}"
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
#Get WEBDAV TOKEN from Nextcloud
get_nc_token
if [ $? -ne 0 ]; then
elog_add "Some Error when getting WEBDAV token. Cannot continue. Your Data will not be available."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
elog_add "Successfully obtained Token for User ${DAVTOKEN_USER}"
#Install Software
elog_add ""
elog_add "Update and install client software"
#Set global to enable git
git config --global --add safe.directory /opt/sys_config
# Pre check for old configuration parameters, will be removed in the future
if [ ! -z "${CLIENT_SOFTWARE_DST}" ] || [ ! -z "${CLIENT_SOFTWARE_SRC}" ]; then
elog_add " ===================="
elog_add ""
elog_add "WARNING: Your company/setup has still CLIENT_SOFTWARE_DST or CLIENT_SOFTWARE_SRC set."
elog_add "These parameters are obsolete and must be removed! The new parameters are CLIENT_SOFTWARE_CUST_DST and CLIENT_SOFTWARE_CUST_SRC"
elog_add "as the software repository has been split into customer software and distributed software."
elog_add "Please try to relog first. If this problem reoccures, contact your system admins to correct it."
elog_add "Will continue with the new path. Press any key to continue."
elog_add ""
elog_add " ===================="
read -n 1 -s -r
fi
# First, check the sudo rule
elog_add "Check the matching client rule:"
#Somewhat strange "sudo -l" will *sometimes* ask for password instead of just checking if the rule can be found, so it needs -n to be silent
# The behaviour will be:
# A. If "sudo -l" wants a password (some installations!):
# If a matching rule with !authenticate is found, no passwd will be asked and retno is 0
# If there is a rule matching with no !authenticate, then a password would be asked. This is prevented, so there will only be the
# error "a password is needed" an retno is 1
# If there is no sudo rule at all, it will only set retno to 1
#-> Anyway, returning > 0 means the user is not allowed to run sw installation, which is fine. Print Message and skip installation.
#
# B. If "sudo -l" doesn't not want a password, then
# RETNO = 0 , but the Output of "sudo -l -l" must als be checked, if there is an Option !authenticate in the returnung string, otherwise a failed installation cannot be
# divided from a missing sudo-rule
#
elog_add_command_subshell "/usr/bin/sudo -n -l -l ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
if [[ $RETNO -ne 0 ]]; then
elog_add "Error was no $RETNO"
elog_add "No matching IPA sudo rule found for the setup- script of this user, so the user is not allowed to run software setup."
elog_add "This will not work, because necessary steps cannot be executed."
elog_add "Please check the sudo rules in ipa and your group membership to make this work."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW setup."
echo "Press any key to continue" && read -n 1 -s -r && exit 1
else
# Check, if the rule is with Option !authenticate
if [[ $RETTXT != *"!authenticate"* ]]; then
elog_add "The above IPA rule found for this user and the install script, but it has not the right options to be executed without password."
elog_add "Hint: the rule must contain the !authenticate and setenv option to work."
elog_add "A matching sudo rule could look like this: "'^'${SYSCONFIGPATH////'\/'}'\/system_setup\/sync_client_software\.sh.*$'
elog_add "Skipping SW Install."
else
# Rule seems to be ok, executing script
elog_add "Matching Sudo rule found."
elog_add ""
elog_add "Running ${SYSCONFIGPATH}/system_setup/sync_client_software.sh"
elog_add_command "/usr/bin/sudo -n --preserve-env ${SYSCONFIGPATH}/system_setup/sync_client_software.sh install $1"
if [[ $RETNO -ne 0 ]]; then
elog_add "Errorcode was $RETNO"
elog_add "Error executing software sync and install, please check your output!"
echo "Press any key to continue" && read -n 1 -s -r && exit 1
fi
fi
fi
#Anyway run user scripts if existent
elog_add "Running scripts in user- context."
#1. Run the scripts, that are delivered by the package maintainers
elog_add "Pre installed scripts"
for DIR in $(ls -d ${SYSCONFIGPATH}/client_software/*/ | sort); # list directories in the form "/tmp/dirname/"
do
DIR=${DIR%*/} # remove the trailing "/"
if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
#search for string in dir
elog_add "Skipping ${DIR} while not in search parameter ( $1 )."
continue
fi
if [ -f "${DIR}/user_run.sh" ]; then
elog_add " >>> Running ${DIR}/user_run.sh"
cd ${DIR}
elog_add_command "${DIR}/user_run.sh"
if [ $? -ne 0 ]; then
elog_add " ===================="
elog_add "Some Error in script, will not continue. Please check."
elog_add "Press any key to continue."
read -n 1 -s -r
exit 1
fi
elog_add " ===================="
fi
done
elog_add "Done running pre installed scripts"
#2. Run the scripts, that are delivered by the package maintainers
# To run scripts, the tepository path must always be set right (but maybe empty, which is fine)
if [ "${CLIENT_SOFTWARE_CUST_DST}" != "${SYSCONFIGPATH}/client_software_cust" ]; then
echo "Error in config: Required parameter CLIENT_SOFTWARE_CUST_DST is missing or set wrong."
echo "Please relog and if the problem reoccures, contact your system admins to correct the Values."
read -n 1 -s -r -p "Press any key to continue"
else
elog_add "Running company delivered scripts in ${CLIENT_SOFTWARE_CUST_DST}"
for DIR in $(ls -d ${CLIENT_SOFTWARE_CUST_DST}/*/ | sort); # list directories in the form "/tmp/dirname/"
do
DIR=${DIR%*/} # remove the trailing "/"
if [[ "$1." != "." ]] && [[ "${DIR}" != *"$1"* ]]; then
#search for string in dir
elog_add "Skipping ${DIR} while not in search parameter ( $1 )."
continue
fi
if [ -f "${DIR}/user_run.sh" ]; then
elog_add " >>> Running ${DIR}/user_run.sh"
cd ${DIR}
elog_add_command "${DIR}/user_run.sh"
if [ $? -ne 0 ]; then
elog_add " ===================="
elog_add "Some Error in script, will not continue. Please check."
elog_add "Press any key to continue."
read -n 1 -s -r
exit 1
fi
elog_add " ===================="
fi
done
elog_add "Done running company scripts"
fi
elog_add "Completed user scripts."
elog_add ""
# Remove unused flatpak user installed software and data
flatpak uninstall --unused -y --user
flatpak uninstall --delete-data -y
#SYNC Firefox + Thunderbird Profile
if [ ! -z "${PROFILE_FIREFOX_SRC}" ]; then
${SYSCONFIGPATH}/system_setup/mozilla_starter.sh firefox sync
fi
if [ $? -eq 0 ] && [ ! -z "${PROFILE_TB_SRC}" ]; then
${SYSCONFIGPATH}/system_setup/mozilla_starter.sh thunderbird sync
if [ $? -eq 0 ]; then
elog_add "Successfully synced Mozilla profiles (log in another file)."
fi
fi
elog_add "Sucessfully run logon script (Wait 3 seconds)"
sleep 3
#read -n 1 -s -r -p "Press any key to continue"
#echo ""
exit 0
View Git Blame Copy Permalink