64 lines
1.6 KiB
Bash
64 lines
1.6 KiB
Bash
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
source ./lib.sh
|
||
|
||
log "Update-Wrapper & Sudoers …"
|
||
|
||
# Pfade
|
||
WRAPPER="/usr/local/sbin/mw-update"
|
||
LOGFILE="/var/log/mailwolt-update.log"
|
||
STATEDIR="/var/lib/mailwolt/update"
|
||
SUDOERS="/etc/sudoers.d/mailwolt-update"
|
||
UPDATE_SCRIPT="/mailwolt-installer/scripts/update.sh"
|
||
|
||
# State/Log vorbereiten
|
||
install -d -m 0755 "$(dirname "$LOGFILE")"
|
||
install -d -m 0755 "$STATEDIR"
|
||
: > "$LOGFILE" || true
|
||
chmod 0644 "$LOGFILE"
|
||
|
||
# Wrapper erzeugen
|
||
cat > "$WRAPPER" <<'EOF'
|
||
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
LOG="/var/log/mailwolt-update.log"
|
||
STATE_DIR="/var/lib/mailwolt/update"
|
||
SCRIPT="/mailwolt-installer/scripts/update.sh"
|
||
|
||
install -d -m 0755 "$STATE_DIR"
|
||
echo "running" > "$STATE_DIR/state"
|
||
|
||
{
|
||
echo "===== $(date -Is) :: Update gestartet ====="
|
||
if [[ -x "$SCRIPT" ]]; then
|
||
"$SCRIPT"
|
||
rc=$?
|
||
else
|
||
echo "[!] $SCRIPT nicht gefunden oder nicht ausführbar"
|
||
rc=127
|
||
fi
|
||
echo "===== $(date -Is) :: Update beendet (rc=$rc) ====="
|
||
echo "$rc" > "$STATE_DIR/rc"
|
||
echo "done" > "$STATE_DIR/state"
|
||
exit "$rc"
|
||
} | tee -a "$LOG"
|
||
EOF
|
||
chmod 0755 "$WRAPPER"
|
||
chown root:root "$WRAPPER"
|
||
|
||
# Sudoers erlauben, dass www-data & mailwolt den Wrapper ohne PW starten dürfen
|
||
cat > "$SUDOERS" <<'EOF'
|
||
Defaults!/usr/local/sbin/mw-update !requiretty
|
||
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mw-update
|
||
mailwolt ALL=(root) NOPASSWD: /usr/local/sbin/mw-update
|
||
EOF
|
||
chown root:root "$SUDOERS"
|
||
chmod 440 "$SUDOERS"
|
||
|
||
if ! visudo -c -f "$SUDOERS" >/dev/null 2>&1; then
|
||
echo "[!] Ungültiger sudoers-Eintrag in $SUDOERS – entferne Datei."
|
||
rm -f "$SUDOERS"
|
||
fi
|
||
|
||
log "[✓] Update-Wrapper bereit: $WRAPPER" |