def test_chown_recursive(test_file):
current_uid = os.getuid()
dirname = os.path.dirname(str(test_file))
mkdir(os.path.join(dirname, "new_dir"))
chown(str(dirname), current_uid, recursive=True)
assert os.stat(str(dirname)).st_uid == current_uid
def user_ssh_add_key(username, key, comment):
user = _get_user_for_ssh(username, ["homeDirectory", "uid"])
if not user:
raise Exception("User with username '%s' doesn't exists" % username)
authorized_keys_file = os.path.join(user["homeDirectory"][0], ".ssh",
"authorized_keys")
if not os.path.exists(authorized_keys_file):
# ensure ".ssh" exists
mkdir(os.path.join(user["homeDirectory"][0], ".ssh"),
force=True,
parents=True,
uid=user["uid"][0])
# create empty file to set good permissions
write_to_file(authorized_keys_file, "")
chown(authorized_keys_file, uid=user["uid"][0])
chmod(authorized_keys_file, 0o600)
authorized_keys_content = read_file(authorized_keys_file)
authorized_keys_content += "\n"
authorized_keys_content += "\n"
if comment and comment.strip():
if not comment.lstrip().startswith("#"):
comment = "# " + comment
authorized_keys_content += comment.replace("\n", " ").strip()
authorized_keys_content += "\n"
authorized_keys_content += key.strip()
authorized_keys_content += "\n"
write_to_file(authorized_keys_file, authorized_keys_content)
def _pre_call(name, priority, path, args):
# create the pending conf directory for the category
category_pending_path = os.path.join(PENDING_CONF_DIR, name)
filesystem.mkdir(category_pending_path, 0o755, True, uid="root")
# return the arguments to pass to the script
return pre_args + [
category_pending_path,
]
def test_chmod_recursive(test_file):
dirname = os.path.dirname(str(test_file))
mkdir(os.path.join(dirname, "new_dir"))
permission = 0o721
fpermission = 0o720
chmod(str(dirname), permission, fmode=fpermission, recursive=True)
assert oct(os.stat(str(test_file)).st_mode & 0o777) == oct(fpermission)
assert oct(os.stat(dirname).st_mode & 0o777) == oct(permission)
def test_mkdir_with_parent(tmp_path):
new_path = tmp_path / "new_folder"
mkdir(str(new_path) + "/", parents=True)
assert os.path.isdir(str(new_path))
new_path = tmp_path / "new_parent" / "new_folder"
mkdir(str(new_path), parents=True)
assert os.path.isdir(str(new_path))
def test_legacy_app_failed_install(mocker, secondary_domain):
# This will conflict with the folder that the app
# attempts to create, making the install fail
mkdir("/var/www/legacy_app/", 0o750)
with pytest.raises(YunohostError):
with message(mocker, "app_install_script_failed"):
install_legacy_app(secondary_domain, "/legacy")
assert app_is_not_installed(secondary_domain, "legacy_app")
def _process_regen_conf(system_conf, new_conf=None, save=True):
"""Regenerate a given system configuration file
Replace a given system configuration file by a new one or delete it if
new_conf is None. A backup of the file - keeping its directory tree - will
be done in the backup conf directory before any operation if save is True.
"""
if save:
backup_path = os.path.join(backup_conf_dir, '{0}-{1}'.format(
system_conf.lstrip('/'), time.strftime("%Y%m%d.%H%M%S")))
backup_dir = os.path.dirname(backup_path)
if not os.path.isdir(backup_dir):
filesystem.mkdir(backup_dir, 0755, True)
shutil.copy2(system_conf, backup_path)
logger.info(m18n.n('service_conf_file_backed_up',
conf=system_conf, backup=backup_path))
try:
if not new_conf:
os.remove(system_conf)
logger.info(m18n.n('service_conf_file_removed',
conf=system_conf))
else:
system_dir = os.path.dirname(system_conf)
if not os.path.isdir(system_dir):
filesystem.mkdir(system_dir, 0755, True)
shutil.copyfile(new_conf, system_conf)
logger.info(m18n.n('service_conf_file_updated',
conf=system_conf))
except:
if not new_conf and os.path.exists(system_conf):
logger.warning(m18n.n('service_conf_file_remove_failed',
conf=system_conf),
exc_info=1)
return False
elif new_conf:
try:
copy_succeed = os.path.samefile(system_conf, new_conf)
except:
copy_succeed = False
finally:
if not copy_succeed:
logger.warning(m18n.n('service_conf_file_copy_failed',
conf=system_conf, new=new_conf),
exc_info=1)
return False
return True
def test_mkdir_with_permission(tmp_path, mocker):
# This test only make sense when not being root
if os.getuid() == 0:
return
new_path = tmp_path / "new_folder"
permission = 0o700
mkdir(str(new_path), mode=permission)
assert os.path.isdir(str(new_path))
assert oct(os.stat(str(new_path)).st_mode & 0o777) == oct(permission)
new_path = tmp_path / "new_parent2" / "new_folder"
with pytest.raises(OSError):
mkdir(str(new_path), parents=True, mode=0o000)
def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
list_pending=False):
"""
Regenerate the configuration file(s) for a service
Keyword argument:
names -- Services name to regenerate configuration of
with_diff -- Show differences in case of configuration changes
force -- Override all manual modifications in configuration files
dry_run -- Show what would have been regenerated
list_pending -- List pending configuration files and exit
"""
result = {}
# Return the list of pending conf
if list_pending:
pending_conf = _get_pending_conf(names)
if with_diff:
for service, conf_files in pending_conf.items():
for system_path, pending_path in conf_files.items():
pending_conf[service][system_path] = {
'pending_conf': pending_path,
'diff': _get_files_diff(
system_path, pending_path, True),
}
return pending_conf
# Clean pending conf directory
shutil.rmtree(pending_conf_dir, ignore_errors=True)
filesystem.mkdir(pending_conf_dir, 0755, True)
# Format common hooks arguments
common_args = [1 if force else 0, 1 if dry_run else 0]
# Execute hooks for pre-regen
pre_args = ['pre',] + common_args
def _pre_call(name, priority, path, args):
# create the pending conf directory for the service
service_pending_path = os.path.join(pending_conf_dir, name)
filesystem.mkdir(service_pending_path, 0755, True, uid='admin')
# return the arguments to pass to the script
return pre_args + [service_pending_path,]
pre_result = hook_callback('conf_regen', names, pre_callback=_pre_call)
# Update the services name
names = pre_result['succeed'].keys()
if not names:
raise MoulinetteError(errno.EIO,
m18n.n('service_regenconf_failed',
services=', '.join(pre_result['failed'])))
# Set the processing method
_regen = _process_regen_conf if not dry_run else lambda *a, **k: True
# Iterate over services and process pending conf
for service, conf_files in _get_pending_conf(names).items():
logger.info(m18n.n(
'service_regenconf_pending_applying' if not dry_run else \
'service_regenconf_dry_pending_applying',
service=service))
conf_hashes = _get_conf_hashes(service)
succeed_regen = {}
failed_regen = {}
for system_path, pending_path in conf_files.items():
logger.debug("processing pending conf '%s' to system conf '%s'",
pending_path, system_path)
conf_status = None
regenerated = False
# Get the diff between files
conf_diff = _get_files_diff(
system_path, pending_path, True) if with_diff else None
# Check if the conf must be removed
to_remove = True if os.path.getsize(pending_path) == 0 else False
# Retrieve and calculate hashes
current_hash = conf_hashes.get(system_path, None)
system_hash = _calculate_hash(system_path)
new_hash = None if to_remove else _calculate_hash(pending_path)
# -> system conf does not exists
if not system_hash:
if to_remove:
logger.debug("> system conf is already removed")
os.remove(pending_path)
continue
if not current_hash or force:
if force:
logger.debug("> system conf has been manually removed")
conf_status = 'force-created'
else:
logger.debug("> system conf does not exist yet")
conf_status = 'created'
regenerated = _regen(
system_path, pending_path, save=False)
else:
logger.warning(m18n.n(
'service_conf_file_manually_removed',
conf=system_path))
conf_status = 'removed'
# -> system conf is not managed yet
elif not current_hash:
logger.debug("> system conf is not managed yet")
if system_hash == new_hash:
logger.debug("> no changes to system conf has been made")
conf_status = 'managed'
regenerated = True
elif force and to_remove:
regenerated = _regen(system_path)
conf_status = 'force-removed'
elif force:
regenerated = _regen(system_path, pending_path)
conf_status = 'force-updated'
else:
logger.warning(m18n.n('service_conf_file_not_managed',
conf=system_path))
conf_status = 'unmanaged'
# -> system conf has not been manually modified
elif system_hash == current_hash:
if to_remove:
regenerated = _regen(system_path)
conf_status = 'removed'
elif system_hash != new_hash:
regenerated = _regen(system_path, pending_path)
conf_status = 'updated'
else:
logger.debug("> system conf is already up-to-date")
os.remove(pending_path)
continue
else:
logger.debug("> system conf has been manually modified")
if force:
regenerated = _regen(system_path, pending_path)
conf_status = 'force-updated'
else:
logger.warning(m18n.n(
'service_conf_file_manually_modified',
conf=system_path))
conf_status = 'modified'
# Store the result
conf_result = {'status': conf_status}
if conf_diff is not None:
conf_result['diff'] = conf_diff
if regenerated:
succeed_regen[system_path] = conf_result
conf_hashes[system_path] = new_hash
if os.path.isfile(pending_path):
os.remove(pending_path)
else:
failed_regen[system_path] = conf_result
# Check for service conf changes
if not succeed_regen and not failed_regen:
logger.info(m18n.n('service_conf_up_to_date', service=service))
continue
elif not failed_regen:
logger.success(m18n.n(
'service_conf_updated' if not dry_run else \
'service_conf_would_be_updated',
service=service))
if succeed_regen and not dry_run:
_update_conf_hashes(service, conf_hashes)
# Append the service results
result[service] = {
'applied': succeed_regen,
'pending': failed_regen
}
# Return in case of dry run
if dry_run:
return result
# Execute hooks for post-regen
post_args = ['post',] + common_args
def _pre_call(name, priority, path, args):
# append coma-separated applied changes for the service
if name in result and result[name]['applied']:
regen_conf_files = ','.join(result[name]['applied'].keys())
else:
regen_conf_files = ''
return post_args + [regen_conf_files,]
hook_callback('conf_regen', names, pre_callback=_pre_call)
return result
def backup_restore(auth,
name,
hooks=[],
ignore_hooks=False,
apps=[],
ignore_apps=False,
force=False):
"""
Restore from a local backup archive
Keyword argument:
name -- Name of the local backup archive
hooks -- List of restoration hooks names to execute
ignore_hooks -- Do not execute backup hooks
apps -- List of application names to restore
ignore_apps -- Do not restore apps
force -- Force restauration on an already installed system
"""
# Validate what to restore
if ignore_hooks and ignore_apps:
raise MoulinetteError(errno.EINVAL, m18n.n('restore_action_required'))
# Retrieve and open the archive
info = backup_info(name)
archive_file = info['path']
try:
tar = tarfile.open(archive_file, "r:gz")
except:
logger.debug("cannot open backup archive '%s'",
archive_file,
exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_archive_open_failed'))
# Check temporary directory
tmp_dir = "%s/tmp/%s" % (backup_path, name)
if os.path.isdir(tmp_dir):
logger.debug("temporary directory for restoration '%s' already exists",
tmp_dir)
os.system('rm -rf %s' % tmp_dir)
# Check available disk space
statvfs = os.statvfs(backup_path)
free_space = statvfs.f_frsize * statvfs.f_bavail
if free_space < info['size']:
logger.debug("%dB left but %dB is needed", free_space, info['size'])
raise MoulinetteError(
errno.EIO, m18n.n('not_enough_disk_space', path=backup_path))
def _clean_tmp_dir(retcode=0):
ret = hook_callback('post_backup_restore', args=[tmp_dir, retcode])
if not ret['failed']:
filesystem.rm(tmp_dir, True, True)
else:
logger.warning(m18n.n('restore_cleaning_failed'))
# Extract the tarball
logger.info(m18n.n('backup_extracting_archive'))
tar.extractall(tmp_dir)
tar.close()
# Retrieve backup info
info_file = "%s/info.json" % tmp_dir
try:
with open(info_file, 'r') as f:
info = json.load(f)
except IOError:
logger.debug("unable to load '%s'", info_file, exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
else:
logger.debug("restoring from backup '%s' created on %s", name,
time.ctime(info['created_at']))
# Initialize restauration summary result
result = {
'apps': [],
'hooks': {},
}
# Check if YunoHost is installed
if os.path.isfile('/etc/yunohost/installed'):
logger.warning(m18n.n('yunohost_already_installed'))
if not force:
try:
# Ask confirmation for restoring
i = msignals.prompt(
m18n.n('restore_confirm_yunohost_installed',
answers='y/N'))
except NotImplemented:
pass
else:
if i == 'y' or i == 'Y':
force = True
if not force:
_clean_tmp_dir()
raise MoulinetteError(errno.EEXIST, m18n.n('restore_failed'))
else:
# Retrieve the domain from the backup
try:
with open("%s/conf/ynh/current_host" % tmp_dir, 'r') as f:
domain = f.readline().rstrip()
except IOError:
logger.debug("unable to retrieve current_host from the backup",
exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
logger.debug("executing the post-install...")
tools_postinstall(domain, 'yunohost', True)
# Run system hooks
if not ignore_hooks:
# Filter hooks to execute
hooks_list = set(info['hooks'].keys())
_is_hook_in_backup = lambda h: True
if hooks:
def _is_hook_in_backup(h):
if h in hooks_list:
return True
logger.error(m18n.n('backup_archive_hook_not_exec', hook=h))
return False
else:
hooks = hooks_list
# Check hooks availibility
hooks_filtered = set()
for h in hooks:
if not _is_hook_in_backup(h):
continue
try:
hook_info('restore', h)
except:
tmp_hooks = glob('{:s}/hooks/restore/*-{:s}'.format(
tmp_dir, h))
if not tmp_hooks:
logger.exception(m18n.n('restore_hook_unavailable',
hook=h))
continue
# Add restoration hook from the backup to the system
# FIXME: Refactor hook_add and use it instead
restore_hook_folder = custom_hook_folder + 'restore'
filesystem.mkdir(restore_hook_folder, 755, True)
for f in tmp_hooks:
logger.debug(
"adding restoration hook '%s' to the system "
"from the backup archive '%s'", f, archive_file)
shutil.copy(f, restore_hook_folder)
hooks_filtered.add(h)
if hooks_filtered:
logger.info(m18n.n('restore_running_hooks'))
ret = hook_callback('restore', hooks_filtered, args=[tmp_dir])
result['hooks'] = ret['succeed']
# Add apps restore hook
if not ignore_apps:
# Filter applications to restore
apps_list = set(info['apps'].keys())
apps_filtered = set()
if apps:
for a in apps:
if a not in apps_list:
logger.error(m18n.n('backup_archive_app_not_found', app=a))
else:
apps_filtered.add(a)
else:
apps_filtered = apps_list
for app_instance_name in apps_filtered:
tmp_app_dir = '{:s}/apps/{:s}'.format(tmp_dir, app_instance_name)
tmp_app_bkp_dir = tmp_app_dir + '/backup'
# Parse app instance name and id
# TODO: Use app_id to check if app is installed?
app_id, app_instance_nb = _parse_app_instance_name(
app_instance_name)
# Check if the app is not already installed
if _is_installed(app_instance_name):
logger.error(
m18n.n('restore_already_installed_app',
app=app_instance_name))
continue
# Check if the app has a restore script
app_script = tmp_app_dir + '/settings/scripts/restore'
if not os.path.isfile(app_script):
logger.warning(m18n.n('unrestore_app', app=app_instance_name))
continue
tmp_script = '/tmp/restore_' + app_instance_name
app_setting_path = '/etc/yunohost/apps/' + app_instance_name
logger.info(
m18n.n('restore_running_app_script', app=app_instance_name))
try:
# Copy app settings and set permissions
# TODO: Copy app hooks too
shutil.copytree(tmp_app_dir + '/settings', app_setting_path)
filesystem.chmod(app_setting_path, 0555, 0444, True)
filesystem.chmod(app_setting_path + '/settings.yml', 0400)
# Copy restore script in a tmp file
subprocess.call(['install', '-Dm555', app_script, tmp_script])
# Prepare env. var. to pass to script
env_dict = {}
env_dict["YNH_APP_ID"] = app_id
env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name
env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
env_dict["YNH_APP_BACKUP_DIR"] = tmp_app_bkp_dir
# Execute app restore script
hook_exec(tmp_script,
args=[tmp_app_bkp_dir, app_instance_name],
raise_on_error=True,
chdir=tmp_app_bkp_dir,
env=env_dict)
except:
logger.exception(
m18n.n('restore_app_failed', app=app_instance_name))
# Copy remove script in a tmp file
filesystem.rm(tmp_script, force=True)
app_script = tmp_app_dir + '/settings/scripts/remove'
tmp_script = '/tmp/remove_' + app_instance_name
subprocess.call(['install', '-Dm555', app_script, tmp_script])
# Setup environment for remove script
env_dict_remove = {}
env_dict_remove["YNH_APP_ID"] = app_id
env_dict_remove["YNH_APP_INSTANCE_NAME"] = app_instance_name
env_dict_remove["YNH_APP_INSTANCE_NUMBER"] = str(
app_instance_nb)
# Execute remove script
# TODO: call app_remove instead
if hook_exec(tmp_script,
args=[app_instance_name],
env=env_dict_remove) != 0:
logger.warning(
m18n.n('app_not_properly_removed',
app=app_instance_name))
# Cleaning app directory
shutil.rmtree(app_setting_path, ignore_errors=True)
else:
result['apps'].append(app_instance_name)
finally:
filesystem.rm(tmp_script, force=True)
# Check if something has been restored
if not result['hooks'] and not result['apps']:
_clean_tmp_dir(1)
raise MoulinetteError(errno.EINVAL, m18n.n('restore_nothings_done'))
if result['apps']:
app_ssowatconf(auth)
_clean_tmp_dir()
logger.success(m18n.n('restore_complete'))
return result
def backup_create(name=None, description=None, output_directory=None,
no_compress=False, ignore_hooks=False, hooks=[],
ignore_apps=False, apps=[]):
"""
Create a backup local archive
Keyword arguments:
name -- Name of the backup archive
description -- Short description of the backup
output_directory -- Output directory for the backup
no_compress -- Do not create an archive file
hooks -- List of backup hooks names to execute
ignore_hooks -- Do not execute backup hooks
apps -- List of application names to backup
ignore_apps -- Do not backup apps
"""
# TODO: Add a 'clean' argument to clean output directory
tmp_dir = None
# Validate what to backup
if ignore_hooks and ignore_apps:
raise MoulinetteError(errno.EINVAL,
m18n.n('backup_action_required'))
# Validate and define backup name
timestamp = int(time.time())
if not name:
name = time.strftime('%Y%m%d-%H%M%S')
if name in backup_list()['archives']:
raise MoulinetteError(errno.EINVAL,
m18n.n('backup_archive_name_exists'))
# Validate additional arguments
if no_compress and not output_directory:
raise MoulinetteError(errno.EINVAL,
m18n.n('backup_output_directory_required'))
if output_directory:
output_directory = os.path.abspath(output_directory)
# Check for forbidden folders
if output_directory.startswith(archives_path) or \
re.match(r'^/(|(bin|boot|dev|etc|lib|root|run|sbin|sys|usr|var)(|/.*))$',
output_directory):
raise MoulinetteError(errno.EINVAL,
m18n.n('backup_output_directory_forbidden'))
# Create the output directory
if not os.path.isdir(output_directory):
logger.debug("creating output directory '%s'", output_directory)
os.makedirs(output_directory, 0750)
# Check that output directory is empty
elif no_compress and os.listdir(output_directory):
raise MoulinetteError(errno.EIO,
m18n.n('backup_output_directory_not_empty'))
# Define temporary directory
if no_compress:
tmp_dir = output_directory
else:
output_directory = archives_path
# Create temporary directory
if not tmp_dir:
tmp_dir = "%s/tmp/%s" % (backup_path, name)
if os.path.isdir(tmp_dir):
logger.debug("temporary directory for backup '%s' already exists",
tmp_dir)
filesystem.rm(tmp_dir, recursive=True)
filesystem.mkdir(tmp_dir, 0750, parents=True, uid='admin')
def _clean_tmp_dir(retcode=0):
ret = hook_callback('post_backup_create', args=[tmp_dir, retcode])
if not ret['failed']:
filesystem.rm(tmp_dir, True, True)
else:
logger.warning(m18n.n('backup_cleaning_failed'))
# Initialize backup info
info = {
'description': description or '',
'created_at': timestamp,
'apps': {},
'hooks': {},
}
# Run system hooks
if not ignore_hooks:
# Check hooks availibility
hooks_filtered = set()
if hooks:
for hook in hooks:
try:
hook_info('backup', hook)
except:
logger.error(m18n.n('backup_hook_unknown', hook=hook))
else:
hooks_filtered.add(hook)
if not hooks or hooks_filtered:
logger.info(m18n.n('backup_running_hooks'))
ret = hook_callback('backup', hooks_filtered, args=[tmp_dir])
if ret['succeed']:
info['hooks'] = ret['succeed']
# Save relevant restoration hooks
tmp_hooks_dir = tmp_dir + '/hooks/restore'
filesystem.mkdir(tmp_hooks_dir, 0750, True, uid='admin')
for h in ret['succeed'].keys():
try:
i = hook_info('restore', h)
except:
logger.warning(m18n.n('restore_hook_unavailable',
hook=h), exc_info=1)
else:
for f in i['hooks']:
shutil.copy(f['path'], tmp_hooks_dir)
# Backup apps
if not ignore_apps:
# Filter applications to backup
apps_list = set(os.listdir('/etc/yunohost/apps'))
apps_filtered = set()
if apps:
for a in apps:
if a not in apps_list:
logger.warning(m18n.n('unbackup_app', app=a))
else:
apps_filtered.add(a)
else:
apps_filtered = apps_list
# Run apps backup scripts
tmp_script = '/tmp/backup_' + str(timestamp)
for app_instance_name in apps_filtered:
app_setting_path = '/etc/yunohost/apps/' + app_instance_name
# Check if the app has a backup and restore script
app_script = app_setting_path + '/scripts/backup'
app_restore_script = app_setting_path + '/scripts/restore'
if not os.path.isfile(app_script):
logger.warning(m18n.n('unbackup_app', app=app_instance_name))
continue
elif not os.path.isfile(app_restore_script):
logger.warning(m18n.n('unrestore_app', app=app_instance_name))
tmp_app_dir = '{:s}/apps/{:s}'.format(tmp_dir, app_instance_name)
tmp_app_bkp_dir = tmp_app_dir + '/backup'
logger.info(m18n.n('backup_running_app_script', app=app_instance_name))
try:
# Prepare backup directory for the app
filesystem.mkdir(tmp_app_bkp_dir, 0750, True, uid='admin')
shutil.copytree(app_setting_path, tmp_app_dir + '/settings')
# Copy app backup script in a temporary folder and execute it
subprocess.call(['install', '-Dm555', app_script, tmp_script])
# Prepare env. var. to pass to script
env_dict = {}
app_id, app_instance_nb = _parse_app_instance_name(app_instance_name)
env_dict["YNH_APP_ID"] = app_id
env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name
env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
env_dict["YNH_APP_BACKUP_DIR"] = tmp_app_bkp_dir
hook_exec(tmp_script, args=[tmp_app_bkp_dir, app_instance_name],
raise_on_error=True, chdir=tmp_app_bkp_dir, env=env_dict)
except:
logger.exception(m18n.n('backup_app_failed', app=app_instance_name))
# Cleaning app backup directory
shutil.rmtree(tmp_app_dir, ignore_errors=True)
else:
# Add app info
i = app_info(app_instance_name)
info['apps'][app_instance_name] = {
'version': i['version'],
'name': i['name'],
'description': i['description'],
}
finally:
filesystem.rm(tmp_script, force=True)
# Check if something has been saved
if not info['hooks'] and not info['apps']:
_clean_tmp_dir(1)
raise MoulinetteError(errno.EINVAL, m18n.n('backup_nothings_done'))
# Calculate total size
size = subprocess.check_output(
['du','-sb', tmp_dir]).split()[0].decode('utf-8')
info['size'] = int(size)
# Create backup info file
with open("%s/info.json" % tmp_dir, 'w') as f:
f.write(json.dumps(info))
# Create the archive
if not no_compress:
logger.info(m18n.n('backup_creating_archive'))
archive_file = "%s/%s.tar.gz" % (output_directory, name)
try:
tar = tarfile.open(archive_file, "w:gz")
except:
tar = None
# Create the archives directory and retry
if not os.path.isdir(archives_path):
os.mkdir(archives_path, 0750)
try:
tar = tarfile.open(archive_file, "w:gz")
except:
logger.debug("unable to open '%s' for writing",
archive_file, exc_info=1)
tar = None
else:
logger.debug("unable to open '%s' for writing",
archive_file, exc_info=1)
if tar is None:
_clean_tmp_dir(2)
raise MoulinetteError(errno.EIO,
m18n.n('backup_archive_open_failed'))
tar.add(tmp_dir, arcname='')
tar.close()
# Move info file
os.rename(tmp_dir + '/info.json',
'{:s}/{:s}.info.json'.format(archives_path, name))
# Clean temporary directory
if tmp_dir != output_directory:
_clean_tmp_dir()
logger.success(m18n.n('backup_complete'))
# Return backup info
info['name'] = name
return { 'archive': info }
def backup_restore(auth, name, hooks=[], ignore_hooks=False,
apps=[], ignore_apps=False, force=False):
"""
Restore from a local backup archive
Keyword argument:
name -- Name of the local backup archive
hooks -- List of restoration hooks names to execute
ignore_hooks -- Do not execute backup hooks
apps -- List of application names to restore
ignore_apps -- Do not restore apps
force -- Force restauration on an already installed system
"""
# Validate what to restore
if ignore_hooks and ignore_apps:
raise MoulinetteError(errno.EINVAL,
m18n.n('restore_action_required'))
# Retrieve and open the archive
info = backup_info(name)
archive_file = info['path']
try:
tar = tarfile.open(archive_file, "r:gz")
except:
logger.debug("cannot open backup archive '%s'",
archive_file, exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_archive_open_failed'))
# Check temporary directory
tmp_dir = "%s/tmp/%s" % (backup_path, name)
if os.path.isdir(tmp_dir):
logger.debug("temporary directory for restoration '%s' already exists",
tmp_dir)
os.system('rm -rf %s' % tmp_dir)
# Check available disk space
statvfs = os.statvfs(backup_path)
free_space = statvfs.f_frsize * statvfs.f_bavail
if free_space < info['size']:
logger.debug("%dB left but %dB is needed", free_space, info['size'])
raise MoulinetteError(
errno.EIO, m18n.n('not_enough_disk_space', path=backup_path))
def _clean_tmp_dir(retcode=0):
ret = hook_callback('post_backup_restore', args=[tmp_dir, retcode])
if not ret['failed']:
filesystem.rm(tmp_dir, True, True)
else:
logger.warning(m18n.n('restore_cleaning_failed'))
# Extract the tarball
logger.info(m18n.n('backup_extracting_archive'))
tar.extractall(tmp_dir)
tar.close()
# Retrieve backup info
info_file = "%s/info.json" % tmp_dir
try:
with open(info_file, 'r') as f:
info = json.load(f)
except IOError:
logger.debug("unable to load '%s'", info_file, exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
else:
logger.debug("restoring from backup '%s' created on %s", name,
time.ctime(info['created_at']))
# Initialize restauration summary result
result = {
'apps': [],
'hooks': {},
}
# Check if YunoHost is installed
if os.path.isfile('/etc/yunohost/installed'):
logger.warning(m18n.n('yunohost_already_installed'))
if not force:
try:
# Ask confirmation for restoring
i = msignals.prompt(m18n.n('restore_confirm_yunohost_installed',
answers='y/N'))
except NotImplemented:
pass
else:
if i == 'y' or i == 'Y':
force = True
if not force:
_clean_tmp_dir()
raise MoulinetteError(errno.EEXIST, m18n.n('restore_failed'))
else:
# Retrieve the domain from the backup
try:
with open("%s/conf/ynh/current_host" % tmp_dir, 'r') as f:
domain = f.readline().rstrip()
except IOError:
logger.debug("unable to retrieve current_host from the backup",
exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
logger.debug("executing the post-install...")
tools_postinstall(domain, 'yunohost', True)
# Run system hooks
if not ignore_hooks:
# Filter hooks to execute
hooks_list = set(info['hooks'].keys())
_is_hook_in_backup = lambda h: True
if hooks:
def _is_hook_in_backup(h):
if h in hooks_list:
return True
logger.error(m18n.n('backup_archive_hook_not_exec', hook=h))
return False
else:
hooks = hooks_list
# Check hooks availibility
hooks_filtered = set()
for h in hooks:
if not _is_hook_in_backup(h):
continue
try:
hook_info('restore', h)
except:
tmp_hooks = glob('{:s}/hooks/restore/*-{:s}'.format(tmp_dir, h))
if not tmp_hooks:
logger.exception(m18n.n('restore_hook_unavailable', hook=h))
continue
# Add restoration hook from the backup to the system
# FIXME: Refactor hook_add and use it instead
restore_hook_folder = custom_hook_folder + 'restore'
filesystem.mkdir(restore_hook_folder, 755, True)
for f in tmp_hooks:
logger.debug("adding restoration hook '%s' to the system "
"from the backup archive '%s'", f, archive_file)
shutil.copy(f, restore_hook_folder)
hooks_filtered.add(h)
if hooks_filtered:
logger.info(m18n.n('restore_running_hooks'))
ret = hook_callback('restore', hooks_filtered, args=[tmp_dir])
result['hooks'] = ret['succeed']
# Add apps restore hook
if not ignore_apps:
# Filter applications to restore
apps_list = set(info['apps'].keys())
apps_filtered = set()
if apps:
for a in apps:
if a not in apps_list:
logger.error(m18n.n('backup_archive_app_not_found', app=a))
else:
apps_filtered.add(a)
else:
apps_filtered = apps_list
for app_instance_name in apps_filtered:
tmp_app_dir = '{:s}/apps/{:s}'.format(tmp_dir, app_instance_name)
tmp_app_bkp_dir = tmp_app_dir + '/backup'
# Check if the app is not already installed
if _is_installed(app_instance_name):
logger.error(m18n.n('restore_already_installed_app',
app=app_instance_name))
continue
# Check if the app has a restore script
app_script = tmp_app_dir + '/settings/scripts/restore'
if not os.path.isfile(app_script):
logger.warning(m18n.n('unrestore_app', app=app_instance_name))
continue
tmp_script = '/tmp/restore_' + app_instance_name
app_setting_path = '/etc/yunohost/apps/' + app_instance_name
logger.info(m18n.n('restore_running_app_script', app=app_instance_name))
try:
# Copy app settings and set permissions
shutil.copytree(tmp_app_dir + '/settings', app_setting_path)
filesystem.chmod(app_setting_path, 0555, 0444, True)
filesystem.chmod(app_setting_path + '/settings.yml', 0400)
# Execute app restore script
subprocess.call(['install', '-Dm555', app_script, tmp_script])
# Prepare env. var. to pass to script
env_dict = {}
app_id, app_instance_nb = _parse_app_instance_name(app_instance_name)
env_dict["YNH_APP_ID"] = app_id
env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name
env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
env_dict["YNH_APP_BACKUP_DIR"] = tmp_app_bkp_dir
hook_exec(tmp_script, args=[tmp_app_bkp_dir, app_instance_name],
raise_on_error=True, chdir=tmp_app_bkp_dir, env=env_dict)
except:
logger.exception(m18n.n('restore_app_failed', app=app_instance_name))
# Cleaning app directory
shutil.rmtree(app_setting_path, ignore_errors=True)
else:
result['apps'].append(app_instance_name)
finally:
filesystem.rm(tmp_script, force=True)
# Check if something has been restored
if not result['hooks'] and not result['apps']:
_clean_tmp_dir(1)
raise MoulinetteError(errno.EINVAL, m18n.n('restore_nothings_done'))
if result['apps']:
app_ssowatconf(auth)
_clean_tmp_dir()
logger.success(m18n.n('restore_complete'))
return result
def _process_regen_conf(system_conf, new_conf=None, save=True):
"""Regenerate a given system configuration file
Replace a given system configuration file by a new one or delete it if
new_conf is None. A backup of the file - keeping its directory tree - will
be done in the backup conf directory before any operation if save is True.
"""
if save:
backup_path = os.path.join(
BACKUP_CONF_DIR,
"{0}-{1}".format(
system_conf.lstrip("/"), datetime.utcnow().strftime("%Y%m%d.%H%M%S")
),
)
backup_dir = os.path.dirname(backup_path)
if not os.path.isdir(backup_dir):
filesystem.mkdir(backup_dir, 0o755, True)
shutil.copy2(system_conf, backup_path)
logger.debug(
m18n.n("regenconf_file_backed_up", conf=system_conf, backup=backup_path)
)
try:
if not new_conf:
os.remove(system_conf)
logger.debug(m18n.n("regenconf_file_removed", conf=system_conf))
else:
system_dir = os.path.dirname(system_conf)
if not os.path.isdir(system_dir):
filesystem.mkdir(system_dir, 0o755, True)
shutil.copyfile(new_conf, system_conf)
logger.debug(m18n.n("regenconf_file_updated", conf=system_conf))
except Exception as e:
logger.warning(
"Exception while trying to regenerate conf '%s': %s",
system_conf,
e,
exc_info=1,
)
if not new_conf and os.path.exists(system_conf):
logger.warning(
m18n.n("regenconf_file_remove_failed", conf=system_conf), exc_info=1
)
return False
elif new_conf:
try:
# From documentation:
# Raise an exception if an os.stat() call on either pathname fails.
# (os.stats returns a series of information from a file like type, size...)
copy_succeed = os.path.samefile(system_conf, new_conf)
except Exception:
copy_succeed = False
finally:
if not copy_succeed:
logger.warning(
m18n.n(
"regenconf_file_copy_failed", conf=system_conf, new=new_conf
),
exc_info=1,
)
return False
return True
def test_mkdir_existing_folder(tmp_path):
new_path = tmp_path / "new_folder"
os.makedirs(str(new_path))
with pytest.raises(OSError):
mkdir(str(new_path))
def _pre_call(name, priority, path, args):
# create the pending conf directory for the service
service_pending_path = os.path.join(pending_conf_dir, name)
filesystem.mkdir(service_pending_path, 0755, True, uid='admin')
# return the arguments to pass to the script
return pre_args + [service_pending_path,]
def regen_conf(
operation_logger,
names=[],
with_diff=False,
force=False,
dry_run=False,
list_pending=False,
):
"""
Regenerate the configuration file(s)
Keyword argument:
names -- Categories to regenerate configuration of
with_diff -- Show differences in case of configuration changes
force -- Override all manual modifications in configuration files
dry_run -- Show what would have been regenerated
list_pending -- List pending configuration files and exit
"""
result = {}
# Return the list of pending conf
if list_pending:
pending_conf = _get_pending_conf(names)
if not with_diff:
return pending_conf
for category, conf_files in pending_conf.items():
for system_path, pending_path in conf_files.items():
pending_conf[category][system_path] = {
"pending_conf": pending_path,
"diff": _get_files_diff(system_path, pending_path, True),
}
return pending_conf
if not dry_run:
operation_logger.related_to = [("configuration", x) for x in names]
if not names:
operation_logger.name_parameter_override = "all"
elif len(names) != 1:
operation_logger.name_parameter_override = (
str(len(operation_logger.related_to)) + "_categories"
)
operation_logger.start()
# Clean pending conf directory
if os.path.isdir(PENDING_CONF_DIR):
if not names:
shutil.rmtree(PENDING_CONF_DIR, ignore_errors=True)
else:
for name in names:
shutil.rmtree(os.path.join(PENDING_CONF_DIR, name), ignore_errors=True)
else:
filesystem.mkdir(PENDING_CONF_DIR, 0o755, True)
# Format common hooks arguments
common_args = [1 if force else 0, 1 if dry_run else 0]
# Execute hooks for pre-regen
pre_args = [
"pre",
] + common_args
def _pre_call(name, priority, path, args):
# create the pending conf directory for the category
category_pending_path = os.path.join(PENDING_CONF_DIR, name)
filesystem.mkdir(category_pending_path, 0o755, True, uid="root")
# return the arguments to pass to the script
return pre_args + [
category_pending_path,
]
ssh_explicitly_specified = isinstance(names, list) and "ssh" in names
# By default, we regen everything
if not names:
names = hook_list("conf_regen", list_by="name", show_info=False)["hooks"]
# Dirty hack for legacy code : avoid attempting to regen the conf for
# glances because it got removed ... This is only needed *once*
# during the upgrade from 3.7 to 3.8 because Yunohost will attempt to
# regen glance's conf *before* it gets automatically removed from
# services.yml (which will happens only during the regen-conf of
# 'yunohost', so at the very end of the regen-conf cycle) Anyway,
# this can be safely removed once we're in >= 4.0
if "glances" in names:
names.remove("glances")
# [Optimization] We compute and feed the domain list to the conf regen
# hooks to avoid having to call "yunohost domain list" so many times which
# ends up in wasted time (about 3~5 seconds per call on a RPi2)
from yunohost.domain import domain_list
env = {}
# Well we can only do domain_list() if postinstall is done ...
# ... but hooks that effectively need the domain list are only
# called only after the 'installed' flag is set so that's all good,
# though kinda tight-coupled to the postinstall logic :s
if os.path.exists("/etc/yunohost/installed"):
env["YNH_DOMAINS"] = " ".join(domain_list()["domains"])
pre_result = hook_callback("conf_regen", names, pre_callback=_pre_call, env=env)
# Keep only the hook names with at least one success
names = [
hook
for hook, infos in pre_result.items()
if any(result["state"] == "succeed" for result in infos.values())
]
# FIXME : what do in case of partial success/failure ...
if not names:
ret_failed = [
hook
for hook, infos in pre_result.items()
if any(result["state"] == "failed" for result in infos.values())
]
raise YunohostError("regenconf_failed", categories=", ".join(ret_failed))
# Set the processing method
_regen = _process_regen_conf if not dry_run else lambda *a, **k: True
operation_logger.related_to = []
# Iterate over categories and process pending conf
for category, conf_files in _get_pending_conf(names).items():
if not dry_run:
operation_logger.related_to.append(("configuration", category))
if dry_run:
logger.debug(m18n.n("regenconf_pending_applying", category=category))
else:
logger.debug(m18n.n("regenconf_dry_pending_applying", category=category))
conf_hashes = _get_conf_hashes(category)
succeed_regen = {}
failed_regen = {}
# Here we are doing some weird legacy shit
# The thing is, on some very old or specific setup, the sshd_config file
# was absolutely not managed by the regenconf ...
# But we now want to make sure that this file is managed.
# However, we don't want to overwrite a specific custom sshd_config
# which may make the admin unhappy ...
# So : if the hash for this file does not exists, we set the hash as the
# hash of the pending configuration ...
# That way, the file will later appear as manually modified.
sshd_config = "/etc/ssh/sshd_config"
if (
category == "ssh"
and sshd_config not in conf_hashes
and sshd_config in conf_files
):
conf_hashes[sshd_config] = _calculate_hash(conf_files[sshd_config])
_update_conf_hashes(category, conf_hashes)
# Consider the following scenario:
# - you add a domain foo.bar
# - the regen-conf creates file /etc/dnsmasq.d/foo.bar
# - the admin manually *deletes* /etc/dnsmasq.d/foo.bar
# - the file is now understood as manually deleted because there's the old file hash in regenconf.yml
#
# ... so far so good, that's the expected behavior.
#
# But then:
# - the admin remove domain foo.bar entirely
# - but now the hash for /etc/dnsmasq.d/foo.bar is *still* in
# regenconf.yml and and the file is still flagged as manually
# modified/deleted... And the user cannot even do anything about it
# except removing the hash in regenconf.yml...
#
# Expected behavior: it should forget about that
# hash because dnsmasq's regen-conf doesn't say anything about what's
# the state of that file so it should assume that it should be deleted.
#
# - then the admin tries to *re-add* foo.bar !
# - ... but because the file is still flagged as manually modified
# the regen-conf refuses to re-create the file.
#
# Excepted behavior : the regen-conf should have forgot about the hash
# from earlier and this wouldnt happen.
# ------
# conf_files contain files explicitly set by the current regen conf run
# conf_hashes contain all files known from the past runs
# we compare these to get the list of stale hashes and flag the file as
# "should be removed"
stale_files = set(conf_hashes.keys()) - set(conf_files.keys())
stale_files_with_non_empty_hash = [f for f in stale_files if conf_hashes.get(f)]
for f in stale_files_with_non_empty_hash:
conf_files[f] = None
# </> End discussion about stale file hashes
force_update_hashes_for_this_category = False
for system_path, pending_path in conf_files.items():
logger.debug(
"processing pending conf '%s' to system conf '%s'",
pending_path,
system_path,
)
conf_status = None
regenerated = False
# Get the diff between files
conf_diff = (
_get_files_diff(system_path, pending_path, True) if with_diff else None
)
# Check if the conf must be removed
to_remove = (
True if pending_path and os.path.getsize(pending_path) == 0 else False
)
# Retrieve and calculate hashes
system_hash = _calculate_hash(system_path)
saved_hash = conf_hashes.get(system_path, None)
new_hash = None if to_remove else _calculate_hash(pending_path)
# -> configuration was previously managed by yunohost but should now
# be removed / unmanaged
if system_path in stale_files_with_non_empty_hash:
# File is already deleted, so let's just silently forget about this hash entirely
if not system_hash:
logger.debug("> forgetting about stale file/hash")
conf_hashes[system_path] = None
conf_status = "forget-about-it"
regenerated = True
# Otherwise there's still a file on the system but it's not managed by
# Yunohost anymore... But if user requested --force we shall
# force-erase it
elif force:
logger.debug("> force-remove stale file")
regenerated = _regen(system_path)
conf_status = "force-removed"
# Otherwise, flag the file as manually modified
else:
logger.warning(
m18n.n("regenconf_file_manually_modified", conf=system_path)
)
conf_status = "modified"
# -> system conf does not exists
elif not system_hash:
if to_remove:
logger.debug("> system conf is already removed")
os.remove(pending_path)
conf_hashes[system_path] = None
conf_status = "forget-about-it"
force_update_hashes_for_this_category = True
continue
elif not saved_hash or force:
if force:
logger.debug("> system conf has been manually removed")
conf_status = "force-created"
else:
logger.debug("> system conf does not exist yet")
conf_status = "created"
regenerated = _regen(system_path, pending_path, save=False)
else:
logger.info(
m18n.n("regenconf_file_manually_removed", conf=system_path)
)
conf_status = "removed"
# -> system conf is not managed yet
elif not saved_hash:
logger.debug("> system conf is not managed yet")
if system_hash == new_hash:
logger.debug("> no changes to system conf has been made")
conf_status = "managed"
regenerated = True
elif not to_remove:
# If the conf exist but is not managed yet, and is not to be removed,
# we assume that it is safe to regen it, since the file is backuped
# anyway (by default in _regen), as long as we warn the user
# appropriately.
logger.info(
m18n.n(
"regenconf_now_managed_by_yunohost",
conf=system_path,
category=category,
)
)
regenerated = _regen(system_path, pending_path)
conf_status = "new"
elif force:
regenerated = _regen(system_path)
conf_status = "force-removed"
else:
logger.info(
m18n.n(
"regenconf_file_kept_back",
conf=system_path,
category=category,
)
)
conf_status = "unmanaged"
# -> system conf has not been manually modified
elif system_hash == saved_hash:
if to_remove:
regenerated = _regen(system_path)
conf_status = "removed"
elif system_hash != new_hash:
regenerated = _regen(system_path, pending_path)
conf_status = "updated"
else:
logger.debug("> system conf is already up-to-date")
os.remove(pending_path)
continue
else:
logger.debug("> system conf has been manually modified")
if system_hash == new_hash:
logger.debug("> new conf is as current system conf")
conf_status = "managed"
regenerated = True
elif (
force
and system_path == sshd_config
and not ssh_explicitly_specified
):
logger.warning(m18n.n("regenconf_need_to_explicitly_specify_ssh"))
conf_status = "modified"
elif force:
regenerated = _regen(system_path, pending_path)
conf_status = "force-updated"
else:
logger.warning(
m18n.n("regenconf_file_manually_modified", conf=system_path)
)
conf_status = "modified"
# Store the result
conf_result = {"status": conf_status}
if conf_diff is not None:
conf_result["diff"] = conf_diff
if regenerated:
succeed_regen[system_path] = conf_result
conf_hashes[system_path] = new_hash
if pending_path and os.path.isfile(pending_path):
os.remove(pending_path)
else:
failed_regen[system_path] = conf_result
# Check for category conf changes
if not succeed_regen and not failed_regen:
logger.debug(m18n.n("regenconf_up_to_date", category=category))
continue
elif not failed_regen:
if not dry_run:
logger.success(m18n.n("regenconf_updated", category=category))
else:
logger.success(m18n.n("regenconf_would_be_updated", category=category))
if (succeed_regen or force_update_hashes_for_this_category) and not dry_run:
_update_conf_hashes(category, conf_hashes)
# Append the category results
result[category] = {"applied": succeed_regen, "pending": failed_regen}
# Return in case of dry run
if dry_run:
return result
# Execute hooks for post-regen
post_args = [
"post",
] + common_args
def _pre_call(name, priority, path, args):
# append coma-separated applied changes for the category
if name in result and result[name]["applied"]:
regen_conf_files = ",".join(result[name]["applied"].keys())
else:
regen_conf_files = ""
return post_args + [
regen_conf_files,
]
hook_callback("conf_regen", names, pre_callback=_pre_call, env=env)
operation_logger.success()
return result
def test_mkdir(tmp_path):
new_path = tmp_path / "new_folder"
mkdir(str(new_path))
assert os.path.isdir(str(new_path))
assert oct(os.stat(str(new_path)).st_mode & 0o777) == oct(0o777)