def user_ssh_add_key(username, key, comment):
user = _get_user_for_ssh(username, ["homeDirectory", "uid"])
if not user:
raise Exception("User with username '%s' doesn't exists" % username)
authorized_keys_file = os.path.join(user["homeDirectory"][0], ".ssh",
"authorized_keys")
if not os.path.exists(authorized_keys_file):
# ensure ".ssh" exists
mkdir(os.path.join(user["homeDirectory"][0], ".ssh"),
force=True,
parents=True,
uid=user["uid"][0])
# create empty file to set good permissions
write_to_file(authorized_keys_file, "")
chown(authorized_keys_file, uid=user["uid"][0])
chmod(authorized_keys_file, 0o600)
authorized_keys_content = read_file(authorized_keys_file)
authorized_keys_content += "\n"
authorized_keys_content += "\n"
if comment and comment.strip():
if not comment.lstrip().startswith("#"):
comment = "# " + comment
authorized_keys_content += comment.replace("\n", " ").strip()
authorized_keys_content += "\n"
authorized_keys_content += key.strip()
authorized_keys_content += "\n"
write_to_file(authorized_keys_file, authorized_keys_content)
def test_chmod_recursive(test_file):
dirname = os.path.dirname(str(test_file))
mkdir(os.path.join(dirname, "new_dir"))
permission = 0o721
fpermission = 0o720
chmod(str(dirname), permission, fmode=fpermission, recursive=True)
assert oct(os.stat(str(test_file)).st_mode & 0o777) == oct(fpermission)
assert oct(os.stat(dirname).st_mode & 0o777) == oct(permission)
def test_chmod_exception(test_file, mocker):
error = "foobar"
mocker.patch("os.chmod", side_effect=Exception(error))
with pytest.raises(MoulinetteError) as exception:
chmod(str(test_file), 0o000)
translation = m18n.g(
"error_changing_file_permissions", path=str(test_file), error=str(error)
)
expected_msg = translation.format(path=str(test_file), error=str(error))
assert expected_msg in str(exception)
def test_chmod(test_file):
permission = 0o723
chmod(str(test_file), permission)
assert oct(os.stat(str(test_file)).st_mode & 0o777) == oct(permission)
dirname = os.path.dirname(str(test_file))
permission = 0o722
chmod(str(dirname), permission, recursive=True)
assert oct(os.stat(str(test_file)).st_mode & 0o777) == oct(permission)
assert oct(os.stat(dirname).st_mode & 0o777) == oct(permission)
def set_permissions(f, owner, group, perms):
chown(f, owner, group)
chmod(f, perms)
def backup_restore(auth, name, hooks=[], ignore_hooks=False,
apps=[], ignore_apps=False, force=False):
"""
Restore from a local backup archive
Keyword argument:
name -- Name of the local backup archive
hooks -- List of restoration hooks names to execute
ignore_hooks -- Do not execute backup hooks
apps -- List of application names to restore
ignore_apps -- Do not restore apps
force -- Force restauration on an already installed system
"""
# Validate what to restore
if ignore_hooks and ignore_apps:
raise MoulinetteError(errno.EINVAL,
m18n.n('restore_action_required'))
# Retrieve and open the archive
info = backup_info(name)
archive_file = info['path']
try:
tar = tarfile.open(archive_file, "r:gz")
except:
logger.debug("cannot open backup archive '%s'",
archive_file, exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_archive_open_failed'))
# Check temporary directory
tmp_dir = "%s/tmp/%s" % (backup_path, name)
if os.path.isdir(tmp_dir):
logger.debug("temporary directory for restoration '%s' already exists",
tmp_dir)
os.system('rm -rf %s' % tmp_dir)
# Check available disk space
statvfs = os.statvfs(backup_path)
free_space = statvfs.f_frsize * statvfs.f_bavail
if free_space < info['size']:
logger.debug("%dB left but %dB is needed", free_space, info['size'])
raise MoulinetteError(
errno.EIO, m18n.n('not_enough_disk_space', path=backup_path))
def _clean_tmp_dir(retcode=0):
ret = hook_callback('post_backup_restore', args=[tmp_dir, retcode])
if not ret['failed']:
filesystem.rm(tmp_dir, True, True)
else:
logger.warning(m18n.n('restore_cleaning_failed'))
# Extract the tarball
logger.info(m18n.n('backup_extracting_archive'))
tar.extractall(tmp_dir)
tar.close()
# Retrieve backup info
info_file = "%s/info.json" % tmp_dir
try:
with open(info_file, 'r') as f:
info = json.load(f)
except IOError:
logger.debug("unable to load '%s'", info_file, exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
else:
logger.debug("restoring from backup '%s' created on %s", name,
time.ctime(info['created_at']))
# Initialize restauration summary result
result = {
'apps': [],
'hooks': {},
}
# Check if YunoHost is installed
if os.path.isfile('/etc/yunohost/installed'):
logger.warning(m18n.n('yunohost_already_installed'))
if not force:
try:
# Ask confirmation for restoring
i = msignals.prompt(m18n.n('restore_confirm_yunohost_installed',
answers='y/N'))
except NotImplemented:
pass
else:
if i == 'y' or i == 'Y':
force = True
if not force:
_clean_tmp_dir()
raise MoulinetteError(errno.EEXIST, m18n.n('restore_failed'))
else:
# Retrieve the domain from the backup
try:
with open("%s/conf/ynh/current_host" % tmp_dir, 'r') as f:
domain = f.readline().rstrip()
except IOError:
logger.debug("unable to retrieve current_host from the backup",
exc_info=1)
raise MoulinetteError(errno.EIO, m18n.n('backup_invalid_archive'))
logger.debug("executing the post-install...")
tools_postinstall(domain, 'yunohost', True)
# Run system hooks
if not ignore_hooks:
# Filter hooks to execute
hooks_list = set(info['hooks'].keys())
_is_hook_in_backup = lambda h: True
if hooks:
def _is_hook_in_backup(h):
if h in hooks_list:
return True
logger.error(m18n.n('backup_archive_hook_not_exec', hook=h))
return False
else:
hooks = hooks_list
# Check hooks availibility
hooks_filtered = set()
for h in hooks:
if not _is_hook_in_backup(h):
continue
try:
hook_info('restore', h)
except:
tmp_hooks = glob('{:s}/hooks/restore/*-{:s}'.format(tmp_dir, h))
if not tmp_hooks:
logger.exception(m18n.n('restore_hook_unavailable', hook=h))
continue
# Add restoration hook from the backup to the system
# FIXME: Refactor hook_add and use it instead
restore_hook_folder = custom_hook_folder + 'restore'
filesystem.mkdir(restore_hook_folder, 755, True)
for f in tmp_hooks:
logger.debug("adding restoration hook '%s' to the system "
"from the backup archive '%s'", f, archive_file)
shutil.copy(f, restore_hook_folder)
hooks_filtered.add(h)
if hooks_filtered:
logger.info(m18n.n('restore_running_hooks'))
ret = hook_callback('restore', hooks_filtered, args=[tmp_dir])
result['hooks'] = ret['succeed']
# Add apps restore hook
if not ignore_apps:
# Filter applications to restore
apps_list = set(info['apps'].keys())
apps_filtered = set()
if apps:
for a in apps:
if a not in apps_list:
logger.error(m18n.n('backup_archive_app_not_found', app=a))
else:
apps_filtered.add(a)
else:
apps_filtered = apps_list
for app_instance_name in apps_filtered:
tmp_app_dir = '{:s}/apps/{:s}'.format(tmp_dir, app_instance_name)
tmp_app_bkp_dir = tmp_app_dir + '/backup'
# Check if the app is not already installed
if _is_installed(app_instance_name):
logger.error(m18n.n('restore_already_installed_app',
app=app_instance_name))
continue
# Check if the app has a restore script
app_script = tmp_app_dir + '/settings/scripts/restore'
if not os.path.isfile(app_script):
logger.warning(m18n.n('unrestore_app', app=app_instance_name))
continue
tmp_script = '/tmp/restore_' + app_instance_name
app_setting_path = '/etc/yunohost/apps/' + app_instance_name
logger.info(m18n.n('restore_running_app_script', app=app_instance_name))
try:
# Copy app settings and set permissions
shutil.copytree(tmp_app_dir + '/settings', app_setting_path)
filesystem.chmod(app_setting_path, 0555, 0444, True)
filesystem.chmod(app_setting_path + '/settings.yml', 0400)
# Execute app restore script
subprocess.call(['install', '-Dm555', app_script, tmp_script])
# Prepare env. var. to pass to script
env_dict = {}
app_id, app_instance_nb = _parse_app_instance_name(app_instance_name)
env_dict["YNH_APP_ID"] = app_id
env_dict["YNH_APP_INSTANCE_NAME"] = app_instance_name
env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
env_dict["YNH_APP_BACKUP_DIR"] = tmp_app_bkp_dir
hook_exec(tmp_script, args=[tmp_app_bkp_dir, app_instance_name],
raise_on_error=True, chdir=tmp_app_bkp_dir, env=env_dict)
except:
logger.exception(m18n.n('restore_app_failed', app=app_instance_name))
# Cleaning app directory
shutil.rmtree(app_setting_path, ignore_errors=True)
else:
result['apps'].append(app_instance_name)
finally:
filesystem.rm(tmp_script, force=True)
# Check if something has been restored
if not result['hooks'] and not result['apps']:
_clean_tmp_dir(1)
raise MoulinetteError(errno.EINVAL, m18n.n('restore_nothings_done'))
if result['apps']:
app_ssowatconf(auth)
_clean_tmp_dir()
logger.success(m18n.n('restore_complete'))
return result