94 lines
2.3 KiB
Bash
94 lines
2.3 KiB
Bash
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
source ./lib.sh
|
||
|
||
log "Update-Wrapper & Sudoers …"
|
||
|
||
WRAPPER="/usr/local/sbin/mw-update"
|
||
LOGFILE="/var/log/mailwolt-update.log"
|
||
STATEDIR="/var/lib/mailwolt/update"
|
||
SUDOERS="/etc/sudoers.d/mailwolt-update"
|
||
|
||
# Kandidaten: wo liegt update.sh?
|
||
CANDIDATES=(
|
||
/opt/mailwolt-installer/scripts/update.sh
|
||
/mailwolt-installer/scripts/update.sh
|
||
/usr/local/lib/mailwolt/update.sh
|
||
)
|
||
|
||
# State/Log vorbereiten
|
||
install -d -m 0755 "$(dirname "$LOGFILE")"
|
||
install -d -m 0755 "$STATEDIR"
|
||
: > "$LOGFILE" || true
|
||
chmod 0644 "$LOGFILE"
|
||
|
||
# Wrapper erzeugen
|
||
cat > "$WRAPPER" <<'EOF'
|
||
#!/usr/bin/env bash
|
||
set -euo pipefail
|
||
|
||
LOG="/var/log/mailwolt-update.log"
|
||
STATE_DIR="/var/lib/mailwolt/update"
|
||
|
||
CANDIDATES=(
|
||
/opt/mailwolt-installer/scripts/update.sh
|
||
/mailwolt-installer/scripts/update.sh
|
||
/usr/local/lib/mailwolt/update.sh
|
||
)
|
||
|
||
SCRIPT=""
|
||
for p in "${CANDIDATES[@]}"; do
|
||
if [[ -x "$p" ]]; then SCRIPT="$p"; break; fi
|
||
# falls nicht executable, aber lesbar: über bash ausführen
|
||
if [[ -f "$p" && -r "$p" ]]; then SCRIPT="$p"; break; fi
|
||
done
|
||
|
||
install -d -m 0755 "$STATE_DIR"
|
||
echo "running" > "$STATE_DIR/state"
|
||
|
||
{
|
||
echo "===== $(date -Is) :: Update gestartet ====="
|
||
if [[ -z "$SCRIPT" ]]; then
|
||
echo "[!] update.sh nicht gefunden oder nicht ausführbar"
|
||
rc=127
|
||
else
|
||
if [[ "$(id -u)" -ne 0 ]]; then
|
||
echo "[!] Bitte als root ausführen"
|
||
rc=1
|
||
else
|
||
# Env aus REQUEST durchreichen (falls via sudo aufgerufen)
|
||
# und Script starten; wenn nicht executable → über bash starten
|
||
if [[ -x "$SCRIPT" ]]; then
|
||
"$SCRIPT"
|
||
else
|
||
bash "$SCRIPT"
|
||
fi
|
||
rc=$?
|
||
fi
|
||
fi
|
||
echo "===== $(date -Is) :: Update beendet (rc=$rc) ====="
|
||
echo "$rc" > "$STATE_DIR/rc"
|
||
echo "done" > "$STATE_DIR/state"
|
||
exit "$rc"
|
||
} | tee -a "$LOG"
|
||
EOF
|
||
|
||
chmod 0755 "$WRAPPER"
|
||
chown root:root "$WRAPPER"
|
||
|
||
# Sudoers: www-data (Laravel) & mailwolt dürfen den Wrapper laufen lassen
|
||
cat > "$SUDOERS" <<'EOF'
|
||
Defaults!/usr/local/sbin/mw-update !requiretty
|
||
www-data ALL=(root) NOPASSWD: /usr/local/sbin/mw-update
|
||
mailwolt ALL=(root) NOPASSWD: /usr/local/sbin/mw-update
|
||
EOF
|
||
|
||
chown root:root "$SUDOERS"
|
||
chmod 440 "$SUDOERS"
|
||
|
||
if ! visudo -c -f "$SUDOERS" >/dev/null 2>&1; then
|
||
echo "[!] Ungültiger sudoers-Eintrag in $SUDOERS – entferne Datei."
|
||
rm -f "$SUDOERS"
|
||
fi
|
||
|
||
log "[✓] Update-Wrapper bereit: $WRAPPER" |