def create_module(self, package_version, vhost_root, server_files, server_dirs): temp_dir = tempfile.mkdtemp() OUT.info('Creating SELinux modules') cleaned_version = re.match(r'(?P<version>[0-9]*\.[0-9]*(?:\.[0-9]*)?)', package_version).group('version') for policy in self.policy_types: base_dir = os.path.join(temp_dir, policy) os.mkdir(base_dir) with open(os.path.join(base_dir, '{}.te'.format(self.policy_name)), 'w') as te_file: te_file.write('policy_module({},{})\n'.format(self.policy_name, cleaned_version)) te_file.write('require {\n') te_file.write(' type httpd_sys_rw_content_t;\n') te_file.write('}') with open(os.path.join(base_dir, '{}.fc'.format(self.policy_name)), 'w') as fc_file: for files in server_files: fc_file.write('{} gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)\n'.format(SELinux.filename_re_escape(os.path.join(vhost_root, files.rstrip('\n'))))) for dirs in server_dirs: fc_file.write('{}(/.*)? gen_context(system_u:object_r:httpd_sys_rw_content_t,s0)\n'.format(SELinux.filename_re_escape(os.path.join(vhost_root, dirs.rstrip('\n'))))) if subprocess.call(['make', '-s', '-C', base_dir, '-f', os.path.join('/usr/share/selinux', policy, 'include/Makefile'), '{}.pp'.format(self.policy_name)]): if not os.path.isfile(os.path.join('/usr/share/selinux', policy, 'include/Makefile')): OUT.die('Policy {} is not supported, please fix your configuration'.format(policy)) OUT.die('Unable to create {} SELinux module for {} @ {}'.format(policy, self.package_name, self.vhost_hostname)) OUT.info('Installing SELinux modules') try: for policy in self.policy_types: if subprocess.call(['semodule', '-s', policy, '-i', os.path.join(temp_dir, policy, '{}.pp'.format(self.policy_name))]): OUT.die('Unable to install {} SELinux module for {} @ {}'.format(policy, self.package_name, self.vhost_hostname)) except IOError: OUT.die('"semodule" was not found, please check you SELinux installation') shutil.rmtree(temp_dir)
def write(self): ''' Write the contents file. ''' dbpath = self.appdb() if not dbpath: OUT.die('No package specified!') self.check_installdir() values = [' '.join(i) for i in list(self.__content.values())] if not self.__p: try: fd = os.open(self.appdb(), os.O_WRONLY | os.O_CREAT, self.__perm(0o600)) os.write(fd, ('\n'.join(values)).encode('utf-8')) os.close(fd) except Exception as e: OUT.warn('Failed to write content file ' + dbpath + '!\n' + 'Error was: ' + str(e)) else: OUT.info('Would have written content file ' + dbpath + '!')
def listinstalls(self): ''' Outputs a list of what has been installed so far. ''' loc = self.read_db() if not loc and self.__v: OUT.die('No virtual installs found!') keys = sorted(loc) for j in keys: # The verbose output is meant to be readable for the user if self.__v: OUT.info('Installs for ' + '-'.join(j.split('/')), 4) for i in loc[j]: if self.__v: # The verbose output is meant to be readable for # the user OUT.info(' ' + i[3].strip(), 1) else: # This is a simplified form for the webapp.eclass print(i[3].strip())
def remove(self, entry): ''' Decide whether to delete something - and then go ahead and do so Just like portage, we only remove files that have not changed from when we installed them. If the timestamp or checksum is different, we leave the file in place. Inputs entry - file/dir/sym to remove ''' OUT.debug('Trying to remove file', 6) # okay, deal with the file | directory | symlink removeable = self.__content.get_canremove(entry) if not removeable: # Remove directory or file. # Report if we are only pretending if self.__p: OUT.info(' pretending to remove: ' + entry) # try to remove the entry try: entry_type = self.__content.etype(entry) if self.__content.etype(entry) == 'dir': # its a directory -> rmdir if not self.__p: os.rmdir(entry) else: # its a file -> unlink if not self.__p: os.unlink(entry) except: # Report if there is a problem OUT.notice('!!! ' + self.__content.epath(entry)) return if self.__v and not self.__p: # Report successful deletion OUT.notice('<<< ' + entry_type + ' ' * (5 - len(entry_type)) + self.__content.epath(entry)) self.__content.delete(entry) return True else: OUT.notice(removeable) return False
def clean(self): self.file_behind_flag = False OUT.debug('Basic server clean', 7) self.file_behind_flag |= self.__del.remove_files() self.file_behind_flag |= self.__del.remove_dirs() OUT.info('Any files or directories listed above must be removed b' 'y hand') # okay, let's finish off # # we don't need the contents file anymore self.file_behind_flag |= not self.__content.kill() # right - we need to run the hook scripts now # if they fail, we don't actually care # run the hooks self.__ebuild.run_hooks('clean', self) # do we need the dotconfig file? # # if the .webapp file is the only one in the dir, we believe # that we can remove it self.__dotconfig.kill() # is the installation directory empty? if not os.listdir(self.__destd) and os.path.isdir(self.__destd): if not self.__p: os.rmdir(self.__destd) else: OUT.notice('--- ' + self.__destd) # update the list of installs self.__db.remove(self.__destd) # Remove the selinux module if self.__selinux is not None: self.__selinux.remove_module() # did we leave anything behind? if self.file_behind_flag: OUT.warn('Remove whatever is listed above by hand')
def clean(self): self.file_behind_flag = False OUT.debug('Basic server clean', 7) self.file_behind_flag |= self.__del.remove_files() self.file_behind_flag |= self.__del.remove_dirs() OUT.info('Any files or directories listed above must be removed b' 'y hand') # okay, let's finish off # # we don't need the contents file anymore self.file_behind_flag |= not self.__content.kill() # right - we need to run the hook scripts now # if they fail, we don't actually care # run the hooks self.__ebuild.run_hooks('clean', self) # do we need the dotconfig file? # # if the .webapp file is the only one in the dir, we believe # that we can remove it self.__dotconfig.kill() # is the installation directory empty? if not os.listdir(self.__destd) and os.path.isdir(self.__destd): if not self.__p: os.rmdir(self.__destd) else: OUT.notice('--- ' + self.__destd) # update the list of installs self.__db.remove(self.__destd) # did we leave anything behind? if self.file_behind_flag: OUT.warn('Remove whatever is listed above by hand')
def kill(self): ''' Remove the contents file.''' if not self.__p: try: dbpath = self.appdb() self.check_installdir() os.unlink(dbpath) self.__content = {} return True except: OUT.warn('Failed to remove ' + self.appdb() + '!') return False else: OUT.info('Would have removed ' + self.appdb()) return True
def write(self, category, package, version, host, original_installdir, user_group): ''' Output the .webapp file, that tells us in future what has been installed into this directory. ''' self.__data['WEB_CATEGORY'] = category self.__data['WEB_PN'] = package self.__data['WEB_PVR'] = version self.__data['WEB_INSTALLEDBY'] = pwd.getpwuid(os.getuid())[0] self.__data['WEB_INSTALLEDDATE'] = strftime('%Y-%m-%d %H:%M:%S') self.__data['WEB_INSTALLEDFOR'] = user_group self.__data['WEB_HOSTNAME'] = host self.__data['WEB_INSTALLDIR'] = original_installdir info = ['# ' + self.__file, '# config file for this copy of ' + package + '-' + version, '#', '# automatically created by Gentoo\'s webapp-config', '# do NOT edit this file by hand', '',] for i in self.__tokens: info.append(i + '="' + self.__data[i] + '"') if not self.__p: try: fd = os.open(self.__dot_config(), os.O_WRONLY | os.O_CREAT, self.__perm(0o600)) os.write(fd, ('\n'.join(info)).encode('utf-8')) os.close(fd) except Exception as e: OUT.die('Unable to write to ' + self.__dot_config() + '\nError was: ' + str(e)) else: OUT.info('Would have written the following information into ' + self.__dot_config() + ':\n' + '\n'.join(info))
def add(self, installdir, user, group): ''' Add a record to the list of virtual installs. installdir - the installation directory ''' if not installdir: OUT.die('The installation directory must be specified!') if not str(user): OUT.die('Please specify a valid user!') if not str(group): OUT.die('Please specify a valid group!') OUT.debug('Adding install record', 6) dbpath = self.appdb() if not dbpath: OUT.die('No package specified!') if not self.__p and not os.path.isdir(os.path.dirname(dbpath)): os.makedirs(os.path.dirname(dbpath), self.__dir_perm(0o755)) fd = None if not self.__p: fd = os.open(dbpath, os.O_WRONLY | os.O_APPEND | os.O_CREAT, self.__file_perm(0o600)) entry = str(int(time.time())) + ' ' + str(user) + ' ' + str(group)\ + ' ' + installdir + '\n' OUT.debug('New record', 7) if not self.__p: os.write(fd, (entry).encode('utf-8')) os.close(fd) else: OUT.info('Pretended to append installation ' + installdir) OUT.info('Entry:\n' + entry)
def mkdirs(self, directory = '', current_type = ''): ''' Create a set of directories Inputs directory - the directory within the source hierarchy ''' sd = self.__sourced + '/' + directory real_dir = re.compile('/+').sub('/', self.__ws.appdir() + '/' + self.__sourced + '/' + directory) OUT.debug('Creating directories', 6) if not self.__ws.source_exists(sd): OUT.warn(self.__ws.package_name() + ' does not install any files from ' + real_dir + '; skipping') return OUT.info(' Installing from ' + real_dir) for i in self.__ws.get_source_directories(sd): OUT.debug('Handling directory', 7) # create directory first next_type = self.mkdir(directory + '/' + i, current_type) # then recurse into the directory self.mkdirs(directory + '/' + i, next_type) for i in self.__ws.get_source_files(sd): OUT.debug('Handling file', 7) # handle the file self.mkfile(directory + '/' + i, current_type)
def reportpackageavail(self): ''' This is a simple wrapper around packageavail() that outputs user-friendly error messages if an error occurs Cannot test the rest, do not want to die. ''' OUT.info('Do we have ' + self.package_name() + ' available?') available = self.packageavail() if available == 0: OUT.info(' Yes, we do') if available == 1: OUT.die(' Please emerge ' + self.package_name() + ' first.') if available == 3: OUT.die(' ' + self.package_name() + ' is not compatible with ' 'webapp-config.\nIf it should be, report this at ' + wrapper.bugs_link)
def mkdirs(self, directory=''): ''' Create a set of directories Inputs directory - the directory within the source hierarchy ''' sd = self.__sourced + '/' + directory real_dir = re.compile('/+').sub( '/', self.__ws.appdir() + '/' + self.__sourced + '/' + directory) OUT.debug('Creating directories', 6) if not self.__ws.source_exists(sd): OUT.warn(self.__ws.package_name() + ' does not install any files from ' + real_dir + '; skipping') return OUT.info(' Installing from ' + real_dir) for i in self.__ws.get_source_directories(sd): OUT.debug('Handling directory', 7) # create directory first self.mkdir(directory + '/' + i) # then recurse into the directory self.mkdirs(directory + '/' + i) for i in self.__ws.get_source_files(sd): OUT.debug('Handling file', 7) # handle the file self.mkfile(directory + '/' + i)
def kill(self): ''' Remove the dot config file.''' empty = self.is_empty() OUT.debug('Trying to removing .webapp file', 7) if not empty: if not self.__p: try: os.unlink(self.__dot_config()) except: OUT.warn('Failed to remove ' + self.__dot_config() + '!') return False else: OUT.info('Would have removed ' + self.__dot_config()) return True else: OUT.notice('--- ' + empty) return False
def write(self): ''' Write the contents file. A short test: >>> import os.path >>> here = os.path.dirname(os.path.realpath(__file__)) >>> a = Contents(here + '/tests/testfiles/contents/', ... package = 'test', version = '1.0', ... pretend = True) >>> a.read() >>> OUT.color_off() >>> a.write() #doctest: +ELLIPSIS * Would have written content file .../tests/testfiles/contents//.webapp-test-1.0! ''' dbpath = self.appdb() if not dbpath: OUT.die('No package specified!') self.check_installdir() values = [' '.join(i) for i in self.__content.values()] if not self.__p: try: fd = os.open(self.appdb(), os.O_WRONLY | os.O_CREAT, self.__perm(0o600)) os.write(fd, ('\n'.join(values)).encode('utf-8')) os.close(fd) except Exception as e: OUT.warn('Failed to write content file ' + dbpath + '!\n' + 'Error was: ' + str(e)) else: OUT.info('Would have written content file ' + dbpath + '!')
def upgrade(self, new_category, new_package, new_version): # I have switched the order of upgrades # we are now removing the olde app and then installing the new one # I am not sure why it was the other way around before # and this way seems more intuitive and also has the benefit # of working -- rl03 # first remove the older app OUT.info('Removing old version ' + self.__dotconfig.packagename()) self.clean() # now install the new one self.__content.set_category(new_category) self.__content.set_version(new_version) self.__content.set_package(new_package) self.__db.set_category(new_category) self.__db.set_version(new_version) self.__db.set_package(new_package) self.install(True)
def mkfile(self, filename, current_type): ''' This is what we are all about. No more games - lets take a file from the master image of the web-based app, and make it available inside the install directory. filename - name of the file ''' OUT.debug('Creating file', 6) dst_name = self.__destd + '/' + filename file_type = self.__ws.filetype(self.__sourced + '/' + filename, current_type) OUT.debug('File type determined', 7) # are we overwriting an existing file? OUT.debug('Check for existing file', 7) if os.path.exists(dst_name): OUT.debug('File in the way!', 7) my_canremove = True # o-oh - we're going to be overwriting something that already # exists # If we are upgrading, check if the file can be removed if self.__u: my_canremove = self.__remove.remove(self.__destd, filename) # Config protected file definitely cannot be removed elif file_type[0:6] == 'config': my_canremove = False if not my_canremove: # not able to remove the file # or # file is config-protected dst_name = self.__protect.get_protectedname(self.__destd, filename) OUT.notice('^o^ hiding ' + filename) self.config_protected_dirs.append(self.__destd + '/' + os.path.dirname(filename)) OUT.debug('Hiding config protected file', 7) else: # it's a file we do not know about - so get rid # of it anyway # # this behaviour here *is* by popular request # personally, I'm not comfortable with it -- Stuart if not self.__p: if os.path.isdir(dst_name): os.rmdir(dst_name) else: os.unlink(dst_name) else: OUT.info(' would have removed "' + dst_name + '" s' 'ince it is in the way for the current instal' 'l. It should not be present in that location' '!') # if we get here, we can get on with the business of making # the file available (user, group, perm) = self.__perm['file'][file_type] my_contenttype = '' src_name = self.__ws.appdir() + '/' + self.__sourced + '/' + filename # Fix the paths src_name = re.compile('/+').sub('/', src_name) dst_name = re.compile('/+').sub('/', dst_name) OUT.debug('Creating File', 7) # this is our default file type # # we link in (soft and hard links are supported) # if we're allowed to # # some applications (/me points at PHP scripts) # won't run if symlinked in. # so we now support copying files in too # # default behaviour is to hard link (if we can), and # to copy if we cannot # # if the user wants symlinks, then the user has to # use the new '--soft' option if file_type == 'virtual' or os.path.islink(src_name): if self.__link_type == 'soft': try: OUT.debug('Trying to softlink', 8) if not self.__p: if self.__v: print("\n>>> SOFTLINKING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.symlink(src_name, dst_name) my_contenttype = 'sym' except Exception as e: if self.__v: OUT.warn('Failed to softlink (' + str(e) + ')') elif self.__link_type == 'copy': try: OUT.debug('Trying to copy files directly', 8) if not self.__p: if self.__v: print("\n>>> COPYING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") shutil.copy(src_name, dst_name) my_contenttype = 'file' except Exception as e: if self.__v: OUT.warn('Failed to copy (' + str(e) + ')') elif os.path.islink(src_name): try: OUT.debug('Trying to copy symlink', 8) if not self.__p: if self.__v: print("\n>>> SYMLINK COPY: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.symlink(os.readlink(src_name), dst_name) my_contenttype = 'sym' except Exception as e: if self.__v: OUT.warn('Failed copy symlink (' + str(e) + ')') else: try: OUT.debug('Trying to hardlink', 8) if not self.__p: if self.__v: print("\n>>> HARDLINKING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.link(src_name, dst_name) my_contenttype = 'file' except Exception as e: if self.__v: OUT.warn('Failed to hardlink (' + str(e) + ')') if not my_contenttype: if not self.__p: if self.__v: print("\n>>> COPYING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") shutil.copy(src_name, dst_name) my_contenttype = 'file' if not self.__p and not os.path.islink(src_name): old_perm = os.stat(src_name)[stat.ST_MODE] & 511 os.chown(dst_name, user, group) os.chmod(dst_name, perm(old_perm)) self.__content.add(my_contenttype, file_type, self.__destd, filename, dst_name, self.__relative) return file_type
def install(self, upgrade=False): self.config_protected_dirs = [] OUT.debug('Basic server install', 7) # The root of the virtual install location needs to exist if not os.path.isdir(self.__destd) and not self.__p: OUT.debug('Directory missing', 7) dir = self.__destd dirs = [] while dir != EPREFIX + '/': dirs.insert(0, dir) dir = os.path.dirname(dir) a = self.__perm['dir']['install-owned'][2]('0755') OUT.debug('Strange') # Create the directories for i in dirs: if not os.path.isdir(i): os.mkdir(i) os.chmod(i, self.__perm['dir']['install-owned'][2]('0755')) os.chown(i, self.__perm['dir']['install-owned'][0], self.__perm['dir']['install-owned'][1]) if self.__v: OUT.info(' Creating installation directory: ' + i) # Create the handler for installing self.__flags['relative'] = True wa = WebappAdd(self.__sourced, self.__destd, self.__perm, self.__handler, self.__flags) self.__add = wa OUT.info('Installing ' + self.__ws.package_name() + '...') # we need to create the directories to place our files in # and we need to copy in the files OUT.info(' Creating required directories', 1) OUT.info(' Linking in required files', 1) OUT.info(' This can take several minutes for larger apps', 1) self.__add.mkdirs() self.config_protected_dirs += self.__add.config_protected_dirs # Create the second handler for installing the root files self.__flags['relative'] = False wa = WebappAdd(self.__hostroot, self.__vhostroot, self.__perm, self.__handler, self.__flags) self.__add = wa self.__add.mkdirs() self.config_protected_dirs += self.__add.config_protected_dirs OUT.info(' Files and directories installed', 1) self.__dotconfig.write( self.__ws.category, self.__ws.pn, self.__ws.pvr, self.__flags['host'], self.__flags['orig'], str(self.__perm['file']['config-owned'][0]) + ':' + str(self.__perm['file']['config-owned'][1]), ) self.__db.add(self.__destd, self.__perm['file']['config-owned'][0], self.__perm['file']['config-owned'][1]) # run the hooks self.__ebuild.run_hooks('install', self) # show the post-installation instructions if not upgrade: self.__ebuild.show_postinst(self) else: self.__ebuild.show_postupgrade(self) # to finish, we need to tell the user if they need to run # etc-update or not if self.config_protected_dirs: # work out whether this directory is part of the # CONFIG_PROTECT list or not self.__protect.how_to_update(self.config_protected_dirs) self.__content.write() # and we're done OUT.info('Install completed - success', 1)
def add(self, dsttype, ctype, destination, path, real_path, relative = True): ''' Add an entry to the contents file. Just like Portage, when we install an app, we create a contents file to say what we installed and when. We use this contents file to help us safely remove & upgrade apps. CONTENTS file format: <what> <rel> <type> <filename> <timestamp> <sum> [<optional>] where <what> is one of dir|sym|file|hardlink <rel> is 1 for relative filenames, 0 for absolute filenames <type> is one of server-owned|default-owned|config-owned|virtual <timestamp> is the timestamp when the file was installed <sum> is the md5sum of the file (this is 0 for directories and symlinks) <filename> is the actual name of the file we have installed <optional> is additional data that depends upon <what> NOTE: Filenames used to be on the end of the line. This made the old bash version more complicated, and prone to failure. So I have moved the filename into the middle of the line. -- Stuart Portage uses absolute names for its files, dirs, and symlinks. We do not. In theory, you can move a directory containing a web-based app, and a) the app itself will not break, and b) webapp-config will still work on that directory for upgrades and cleans. Position-independence *is* a design constraint that all future changes to this script need to honour. Inputs: dsttype - type to add (one of dir|sym|file|hardlink) ctype - internal webapp-config type - (server-owned | config-owned | virtual) destination - install dir (normally $G_INSTALLDIR) path - filename inside 'destination' real_path - for config-protected files realpath =! path (and this is important for md5) relative - 1 for storing a relative filename, 0 otherwise OUT.color_off() import os.path here = os.path.dirname(os.path.realpath(__file__)) One for pretending: a = Contents(here + '/tests/testfiles/contents/app/', ... package = 'test', version = '1.0', ... pretend = True) And this one is for real: b = Contents(here + '/tests/testfiles/contents/app/', ... package = 'test', version = '1.0') Pretend to add a file: a.add('file', 'config-owned', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/test1', relative = True) * pretending to add: file 1 config-owned "test1" Lets not pretend this time: b.add('file', 'config-owned', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/test1', relative = True) b.entry(here + '/tests/testfiles/contents/app/test1') #doctest: +ELLIPSIS 'file 1 config-owned "test1" ... d8e8fca2dc0f896fd7cb4cb0031ba249 ' Lets produce an error with a file that does not exist: b.add('file', 'config-owned', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/nothere', relative = True) #doctest: +ELLIPSIS * Cannot access file .../tests/testfiles/contents/app/nothere to add it as installation content. This should not happen! Other file types: b.add('hardlink', 'config-owned', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/test2', relative = True) b.entry(here + '/tests/testfiles/contents/app/test2') #doctest: +ELLIPSIS 'file 1 config-owned "test2" ... d8e8fca2dc0f896fd7cb4cb0031ba249 ' b.add('dir', 'default-owned', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/dir1', relative = True) b.entry(here + '/tests/testfiles/contents/app/dir1') #doctest: +ELLIPSIS 'dir 1 default-owned "dir1" ... 0 ' b.add('dir', 'default-owned', destination = here + '/tests/testfiles/contents/app', ... path = '/dir1', ... relative = False) b.entry(here + '/tests/testfiles/contents/app/dir1') #doctest: +ELLIPSIS 'dir 0 default-owned ".../tests/testfiles/contents/app/dir1" ... 0 ' Q: Is the full link to the target what we want? A: Yes, since the link will still be ok even if we move the directory. b.add('sym', 'virtual', ... destination = here + '/tests/testfiles/contents/app/', ... path = '/test3', relative = True) b.entry(here + '/tests/testfiles/contents/app/test3') #doctest: +ELLIPSIS 'sym 1 virtual "test3" ... 0 .../tests/testfiles/contents/app/test1' b.db_print() #doctest: +ELLIPSIS file 1 config-owned "test1" ... d8e8fca2dc0f896fd7cb4cb0031ba249 file 1 config-owned "test2" ... d8e8fca2dc0f896fd7cb4cb0031ba249 sym 1 virtual "test3" ... 0 .../tests/testfiles/contents/app/test1 dir 0 default-owned ".../tests/testfiles/contents/app/dir1" ... 0 ''' OUT.debug('Adding entry to content dictionary', 6) # Build the full path that we use as index in the contents list while path[0] == '/': path = path[1:] while destination[-1] == '/': destination = destination[:-1] entry = destination + '/' + path # special case - we don't add entries for '.' if os.path.basename(entry) == '.': return if (not self.__p and not os.path.islink(entry) and (not os.path.exists(entry) or not os.access(entry, os.R_OK))): OUT.warn('Cannot access file ' + entry + ' to add it as' ' installation content. This should not happen!') return allowed_types = { 'file' : [ 'file', self.file_md5, self.file_null ], 'hardlink': [ 'file', self.file_md5, self.file_null ], 'dir' : [ 'dir', self.file_zero, self.file_null ], 'sym' : [ 'sym', self.file_zero, self.file_link ], } if not dsttype in allowed_types.keys(): OUT.die('Oops, webapp-config bug. "dsttype" is ' + dsttype) # Generate handler for file attributes a = allowed_types[dsttype] # For absolute entries the path must match the entry if not relative: path = entry OUT.debug('Adding entry', 7) # report if pretending if self.__p: OUT.info(' pretending to add: ' + ' '.join([dsttype, str(int(relative)), ctype, '"' + path + '"'])) else: # Only the path is enclosed in quotes, NOT the link targets self.__content[entry] = [ a[0], str(int(relative)), ctype, '"' + path + '"', self.file_time(entry), a[1](real_path), a[2](entry)] if self.__v: msg = path if msg[0] == "/": msg = self.__root + msg msg = self.__re.sub('/', msg) OUT.notice('>>> ' + a[0] + ' ' * (4 - len(a[0])) + ' (' \ + ctype + ') ' + msg)
fi, fo, fe = os.popen3(cmd) fi.close() result_lines = fo.readlines() error_lines = fe.readlines() fo.close() fe.close() if error_lines: for i in error_lines: OUT.warn(i) return ' '.join(result_lines) else: OUT.die("Unknown package manager: " + pm) if __name__ == '__main__': OUT.info('\nPACKAGE MANAGER WRAPPER') OUT.info('---------------\n') if package_installed('=app-admin/webapp-config-' + WCVERSION, 'portage'): a = 'YES' else: a = 'NO' OUT.info('package_installed("webapp-config-' + WCVERSION + '") : ' + a + '\n') OUT.info('config_protect : ' + config_protect('app-admin','webapp-config',WCVERSION,'portage')) OUT.info('protect_prefix : ' + protect_prefix) OUT.info('update_command : ' + update_command) OUT.info('bugs_link : ' + bugs_link)
def remove_module(self): OUT.info('Removing SELinux modules') for policy in self.policy_types: if subprocess.call(['semodule', '-s', policy, '-r', self.policy_name]): OUT.warn('Unable to remove {} SELinux module for {} @ {}'.format(policy, self.package_name, self.vhost_hostname))
def add(self, dsttype, ctype, destination, path, real_path, relative=True): ''' Add an entry to the contents file. Just like Portage, when we install an app, we create a contents file to say what we installed and when. We use this contents file to help us safely remove & upgrade apps. CONTENTS file format: <what> <rel> <type> <filename> <timestamp> <sum> [<optional>] where <what> is one of dir|sym|file|hardlink <rel> is 1 for relative filenames, 0 for absolute filenames <type> is one of server-owned|default-owned|config-owned|virtual <timestamp> is the timestamp when the file was installed <sum> is the md5sum of the file (this is 0 for directories and symlinks) <filename> is the actual name of the file we have installed <optional> is additional data that depends upon <what> NOTE: Filenames used to be on the end of the line. This made the old bash version more complicated, and prone to failure. So I have moved the filename into the middle of the line. -- Stuart Portage uses absolute names for its files, dirs, and symlinks. We do not. In theory, you can move a directory containing a web-based app, and a) the app itself will not break, and b) webapp-config will still work on that directory for upgrades and cleans. Position-independence *is* a design constraint that all future changes to this script need to honour. Inputs: dsttype - type to add (one of dir|sym|file|hardlink) ctype - internal webapp-config type - (server-owned | config-owned | virtual) destination - install dir (normally $G_INSTALLDIR) path - filename inside 'destination' real_path - for config-protected files realpath =! path (and this is important for md5) relative - 1 for storing a relative filename, 0 otherwise ''' OUT.debug('Adding entry to content dictionary', 6) # Build the full path that we use as index in the contents list while path[0] == '/': path = path[1:] while destination[-1] == '/': destination = destination[:-1] entry = destination + '/' + path # special case - we don't add entries for '.' if os.path.basename(entry) == '.': return if (not self.__p and not os.path.islink(entry) and (not os.path.exists(entry) or not os.access(entry, os.R_OK))): OUT.warn('Cannot access file ' + entry + ' to add it as' ' installation content. This should not happen!') return allowed_types = { 'file': ['file', self.file_md5, self.file_null], 'hardlink': ['file', self.file_md5, self.file_null], 'dir': ['dir', self.file_zero, self.file_null], 'sym': ['sym', self.file_zero, self.file_link], } if not dsttype in list(allowed_types.keys()): OUT.die('Oops, webapp-config bug. "dsttype" is ' + dsttype) # Generate handler for file attributes a = allowed_types[dsttype] # For absolute entries the path must match the entry if not relative: path = entry OUT.debug('Adding entry', 7) # report if pretending if self.__p: OUT.info(' pretending to add: ' + ' '.join( [dsttype, str(int(relative)), ctype, '"' + path + '"'])) else: # Only the path is enclosed in quotes, NOT the link targets self.__content[entry] = [ a[0], str(int(relative)), ctype, '"' + path + '"', self.file_time(entry), a[1](real_path), a[2](entry) ] if self.__v: msg = path if msg[0] == "/": msg = self.__root + msg msg = self.__re.sub('/', msg) OUT.notice('>>> ' + a[0] + ' ' * (4 - len(a[0])) + ' (' \ + ctype + ') ' + msg)
def mkfile(self, filename): ''' This is what we are all about. No more games - lets take a file from the master image of the web-based app, and make it available inside the install directory. filename - name of the file ''' OUT.debug('Creating file', 6) dst_name = self.__destd + '/' + filename file_type = self.__ws.filetype(self.__sourced + '/' + filename) OUT.debug('File type determined', 7) # are we overwriting an existing file? OUT.debug('Check for existing file', 7) if os.path.exists(dst_name): OUT.debug('File in the way!', 7) my_canremove = True # o-oh - we're going to be overwriting something that already # exists # If we are upgrading, check if the file can be removed if self.__u: my_canremove = self.__remove.remove(self.__destd, filename) # Config protected file definitely cannot be removed elif file_type[0:6] == 'config': my_canremove = False if not my_canremove: # not able to remove the file # or # file is config-protected dst_name = self.__protect.get_protectedname( self.__destd, filename) OUT.notice('^o^ hiding ' + filename) self.config_protected_dirs.append(self.__destd + '/' + os.path.dirname(filename)) OUT.debug('Hiding config protected file', 7) else: # it's a file we do not know about - so get rid # of it anyway # # this behaviour here *is* by popular request # personally, I'm not comfortable with it -- Stuart if not self.__p: if os.path.isdir(dst_name): os.rmdir(dst_name) else: os.unlink(dst_name) else: OUT.info(' would have removed "' + dst_name + '" s' 'ince it is in the way for the current instal' 'l. It should not be present in that location' '!') # if we get here, we can get on with the business of making # the file available (user, group, perm) = self.__perm['file'][file_type] my_contenttype = '' src_name = self.__ws.appdir() + '/' + self.__sourced + '/' + filename # Fix the paths src_name = re.compile('/+').sub('/', src_name) dst_name = re.compile('/+').sub('/', dst_name) OUT.debug('Creating File', 7) # this is our default file type # # we link in (soft and hard links are supported) # if we're allowed to # # some applications (/me points at PHP scripts) # won't run if symlinked in. # so we now support copying files in too # # default behaviour is to hard link (if we can), and # to copy if we cannot # # if the user wants symlinks, then the user has to # use the new '--soft' option if file_type == 'virtual' or os.path.islink(src_name): if self.__link_type == 'soft': try: OUT.debug('Trying to softlink', 8) if not self.__p: if self.__v: print("\n>>> SOFTLINKING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.symlink(src_name, dst_name) my_contenttype = 'sym' except Exception as e: if self.__v: OUT.warn('Failed to softlink (' + str(e) + ')') elif self.__link_type == 'copy': try: OUT.debug('Trying to copy files directly', 8) if not self.__p: if self.__v: print("\n>>> COPYING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") shutil.copy(src_name, dst_name) my_contenttype = 'file' except Exception as e: if self.__v: OUT.warn('Failed to copy (' + str(e) + ')') elif os.path.islink(src_name): try: OUT.debug('Trying to copy symlink', 8) if not self.__p: if self.__v: print("\n>>> SYMLINK COPY: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.symlink(os.readlink(src_name), dst_name) my_contenttype = 'sym' except Exception as e: if self.__v: OUT.warn('Failed copy symlink (' + str(e) + ')') else: try: OUT.debug('Trying to hardlink', 8) if not self.__p: if self.__v: print("\n>>> HARDLINKING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") os.link(src_name, dst_name) my_contenttype = 'file' except Exception as e: if self.__v: OUT.warn('Failed to hardlink (' + str(e) + ')') if not my_contenttype: if not self.__p: if self.__v: print("\n>>> COPYING FILE: ") print(">>> Source: " + src_name + "\n>>> Destination: " + dst_name + "\n") shutil.copy(src_name, dst_name) my_contenttype = 'file' if not self.__p and not os.path.islink(src_name): old_perm = os.stat(src_name)[stat.ST_MODE] & 511 os.chown(dst_name, user, group) os.chmod(dst_name, perm(old_perm)) self.__content.add(my_contenttype, file_type, self.__destd, filename, dst_name, self.__relative)
def install(self, upgrade = False): self.config_protected_dirs = [] OUT.debug('Basic server install', 7) # The root of the virtual install location needs to exist if not os.path.isdir(self.__destd) and not self.__p: OUT.debug('Directory missing', 7) dir = self.__destd dirs = [] while dir != '/': dirs.insert(0, dir) dir = os.path.dirname(dir) a = self.__perm['dir']['install-owned'][2]('0755') OUT.debug('Strange') # Create the directories for i in dirs: if not os.path.isdir(i): os.mkdir(i) os.chmod(i, self.__perm['dir']['install-owned'][2]('0755')) os.chown(i, self.__perm['dir']['install-owned'][0], self.__perm['dir']['install-owned'][1]) if self.__v: OUT.info(' Creating installation directory: ' + i) # Create the handler for installing self.__flags['relative'] = True wa = WebappAdd(self.__sourced, self.__destd, self.__perm, self.__handler, self.__flags) self.__add = wa OUT.info('Installing ' + self.__ws.package_name() + '...') # we need to create the directories to place our files in # and we need to copy in the files OUT.info(' Creating required directories', 1) OUT.info(' Linking in required files', 1) OUT.info(' This can take several minutes for larger apps', 1) self.__add.mkdirs() self.config_protected_dirs += self.__add.config_protected_dirs # Create the second handler for installing the root files self.__flags['relative'] = False wa = WebappAdd(self.__hostroot, self.__vhostroot, self.__perm, self.__handler, self.__flags) self.__add = wa self.__add.mkdirs() self.config_protected_dirs += self.__add.config_protected_dirs OUT.info(' Files and directories installed', 1) self.__dotconfig.write(self.__ws.category, self.__ws.pn, self.__ws.pvr, self.__flags['host'], self.__flags['orig'], str(self.__perm['file']['config-owned'][0]) + ':' + str(self.__perm['file']['config-owned'][1]),) self.__db.add(self.__destd, self.__perm['file']['config-owned'][0], self.__perm['file']['config-owned'][1]) # run the hooks self.__ebuild.run_hooks('install', self) # show the post-installation instructions if not upgrade: self.__ebuild.show_postinst(self) else: self.__ebuild.show_postupgrade(self) # to finish, we need to tell the user if they need to run # etc-update or not if self.config_protected_dirs: # work out whether this directory is part of the # CONFIG_PROTECT list or not self.__protect.how_to_update(self.config_protected_dirs) self.__content.write() # and we're done OUT.info('Install completed - success', 1)
def add(self, dsttype, ctype, destination, path, real_path, relative = True): ''' Add an entry to the contents file. Just like Portage, when we install an app, we create a contents file to say what we installed and when. We use this contents file to help us safely remove & upgrade apps. CONTENTS file format: <what> <rel> <type> <filename> <timestamp> <sum> [<optional>] where <what> is one of dir|sym|file|hardlink <rel> is 1 for relative filenames, 0 for absolute filenames <type> is one of server-owned|default-owned|config-owned|virtual <timestamp> is the timestamp when the file was installed <sum> is the md5sum of the file (this is 0 for directories and symlinks) <filename> is the actual name of the file we have installed <optional> is additional data that depends upon <what> NOTE: Filenames used to be on the end of the line. This made the old bash version more complicated, and prone to failure. So I have moved the filename into the middle of the line. -- Stuart Portage uses absolute names for its files, dirs, and symlinks. We do not. In theory, you can move a directory containing a web-based app, and a) the app itself will not break, and b) webapp-config will still work on that directory for upgrades and cleans. Position-independence *is* a design constraint that all future changes to this script need to honour. Inputs: dsttype - type to add (one of dir|sym|file|hardlink) ctype - internal webapp-config type - (server-owned | config-owned | virtual) destination - install dir (normally $G_INSTALLDIR) path - filename inside 'destination' real_path - for config-protected files realpath =! path (and this is important for md5) relative - 1 for storing a relative filename, 0 otherwise ''' OUT.debug('Adding entry to content dictionary', 6) # Build the full path that we use as index in the contents list while path[0] == '/': path = path[1:] while destination[-1] == '/': destination = destination[:-1] entry = destination + '/' + path # special case - we don't add entries for '.' if os.path.basename(entry) == '.': return if (not self.__p and not os.path.islink(entry) and (not os.path.exists(entry) or not os.access(entry, os.R_OK))): OUT.warn('Cannot access file ' + entry + ' to add it as' ' installation content. This should not happen!') return allowed_types = { 'file' : [ 'file', self.file_md5, self.file_null ], 'hardlink': [ 'file', self.file_md5, self.file_null ], 'dir' : [ 'dir', self.file_zero, self.file_null ], 'sym' : [ 'sym', self.file_zero, self.file_link ], } if not dsttype in list(allowed_types.keys()): OUT.die('Oops, webapp-config bug. "dsttype" is ' + dsttype) # Generate handler for file attributes a = allowed_types[dsttype] # For absolute entries the path must match the entry if not relative: path = entry OUT.debug('Adding entry', 7) # report if pretending if self.__p: OUT.info(' pretending to add: ' + ' '.join([dsttype, str(int(relative)), ctype, '"' + path + '"'])) else: # Only the path is enclosed in quotes, NOT the link targets self.__content[entry] = [ a[0], str(int(relative)), ctype, '"' + path + '"', self.file_time(entry), a[1](real_path), a[2](entry)] if self.__v: msg = path if msg[0] == "/": msg = self.__root + msg msg = self.__re.sub('/', msg) OUT.notice('>>> ' + a[0] + ' ' * (4 - len(a[0])) + ' (' \ + ctype + ') ' + msg)
def remove(self, installdir): ''' Remove a record from the list of virtual installs. installdir - the installation directory ''' if not installdir: OUT.die('The installation directory must be specified!') dbpath = self.appdb() if not dbpath: OUT.die('No package specified!') if not os.access(dbpath, os.R_OK): OUT.warn('Unable to read the install database ' + dbpath) return # Read db file fdb = open(dbpath) entries = fdb.readlines() fdb.close() newentries = [] found = False for i in entries: j = i.strip().split(' ') if j: if len(j) != 4: # Remove invalid entry OUT.warn('Invalid line "' + i.strip() + '" remo' 'ved from the database file!') elif j[3] != installdir: OUT.debug('Keeping entry', 7) # Keep valid entry newentries.append(i.strip()) elif j[3] == installdir: # Remove entry, indicate found found = True if not found: OUT.warn('Installation at "' + installdir + '" could not be ' 'found in the database file. Check the entries in "' + dbpath + '"!') if not self.__p: installs = open(dbpath, 'w') installs.write('\n'.join(newentries) + '\n') installs.close() if not self.has_installs(): os.unlink(dbpath) else: OUT.info('Pretended to remove installation ' + installdir) OUT.info('Final DB content:\n' + '\n'.join(newentries) + '\n')