librewolf
/
bunkerized-nginx
mirror of https://github.com/bunkerity/bunkerized-nginx
4
0
Fork 1
Code Issues Projects Releases Wiki Activity

Fix scheduler no longer running as root + Fix permission errors with downloaded plugins

This commit is contained in:
Théophile Diot 2023-03-21 17:56:31 +01:00
parent 4a67a5f56e
commit c8d39ba6b5
No known key found for this signature in database
GPG Key ID: E752C80DB72BB014
4 changed files with 15 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/common/core/jobs/jobs/download-plugins.py
View File

@ -2,8 +2,8 @@
from hashlib import sha256
from io import BytesIO
from os import getenv, listdir, makedirs, chmod, stat, _exit, walk
from os.path import basename, dirname, join
from os import getenv, listdir, chmod, stat, _exit
from os.path import basename, dirname
from pathlib import Path
from stat import S_IEXEC
from sys import exit as sys_exit, path as sys_path
@ -11,7 +11,7 @@ from threading import Lock
from uuid import uuid4
from glob import glob
from json import loads
from shutil import chown, copytree, rmtree
from shutil import copytree, rmtree
from tarfile import open as tar_open
from traceback import format_exc
from zipfile import ZipFile
@ -48,7 +48,7 @@ def install_plugin(plugin_dir) -> bool:
# Copy the plugin
copytree(plugin_dir, f"/data/plugins/{metadata['id']}")
# Add u+x permissions to jobs files
for job_file in glob(f"{plugin_dir}jobs/*"):
for job_file in glob(f"{plugin_dir}/jobs/*"):
st = stat(job_file)
chmod(job_file, st.st_mode | S_IEXEC)
logger.info(f"Plugin {metadata['id']} installed")
@ -112,12 +112,6 @@ try:
)
status = 2
# Fix permissions on plugins
for root, dirs, files in walk("/data/plugins", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
if not plugin_nbr:
logger.info("No external plugins to update to database")
_exit(0)
@ -150,7 +144,7 @@ try:
)
if "ui" in listdir(path):
plugin_file["ui"] = True
plugin_file["page"] = True
external_plugins.append(plugin_file)
external_plugins_ids.append(plugin_file["id"])

10
src/common/core/letsencrypt/jobs/certbot-deploy.py
View File

@ -1,10 +1,8 @@
#!/usr/bin/python3
from io import BytesIO
from os import chmod, getenv, walk
from os.path import join
from os import getenv
from pathlib import Path
from shutil import chown
from subprocess import run, DEVNULL, STDOUT
from sys import exit as sys_exit, path as sys_path
from tarfile import open as tar_open
@ -48,12 +46,6 @@ try:
# Create tarball of /data/cache/letsencrypt
tgz = BytesIO()
# Fix permissions for the certificates
for root, dirs, files in walk("/data/cache/letsencrypt", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
with tar_open(mode="w:gz", fileobj=tgz) as tf:
tf.add("/data/cache/letsencrypt", arcname=".")
tgz.seek(0, 0)

2
src/scheduler/Dockerfile
View File

@ -70,6 +70,6 @@ VOLUME /data /etc/nginx
WORKDIR /usr/share/bunkerweb/scheduler
USER root:scheduler
USER scheduler:scheduler
ENTRYPOINT ["/usr/share/bunkerweb/scheduler/entrypoint.sh"]

33
src/scheduler/main.py
View File

@ -9,12 +9,14 @@ from os import (
getenv,
getpid,
listdir,
stat,
walk,
)
from os.path import dirname, join
from pathlib import Path
from shutil import chown, copy, rmtree
from shutil import copy, rmtree
from signal import SIGINT, SIGTERM, signal, SIGHUP
from stat import S_IEXEC
from subprocess import run as subprocess_run, DEVNULL, STDOUT
from sys import path as sys_path
from tarfile import open as tar_open
@ -102,12 +104,6 @@ def generate_custom_configs(
Path(dirname(tmp_path)).mkdir(parents=True, exist_ok=True)
Path(tmp_path).write_bytes(custom_config["data"])
# Fix permissions for the custom configs folder
for root, dirs, files in walk("/data/configs", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
if integration != "Linux":
logger.info("Sending custom configs to BunkerWeb")
ret = api_caller._send_files("/data/configs", "/custom_configs")
@ -128,17 +124,16 @@ def generate_external_plugins(
Path(original_path).mkdir(parents=True, exist_ok=True)
for plugin in plugins:
tmp_path = f"{original_path}/{plugin['id']}/{plugin['name']}.tar.gz"
Path(dirname(tmp_path)).mkdir(parents=True, exist_ok=True)
plugin_dir = dirname(tmp_path)
Path(plugin_dir).mkdir(parents=True, exist_ok=True)
Path(tmp_path).write_bytes(plugin["data"])
with tar_open(tmp_path, "r:gz") as tar:
tar.extractall(original_path)
Path(tmp_path).unlink()
# Fix permissions for the plugins folder
for root, dirs, files in walk("/data/plugins", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
for job_file in glob(f"{plugin_dir}/jobs/*"):
st = stat(job_file)
chmod(job_file, st.st_mode | S_IEXEC)
if integration != "Linux":
logger.info("Sending plugins to BunkerWeb")
@ -366,12 +361,6 @@ if __name__ == "__main__":
"Config generator failed, configuration will not work as expected...",
)
else:
# Fix permissions for the nginx folder
for root, dirs, files in walk("/etc/nginx", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
copy("/etc/nginx/variables.env", "/var/tmp/bunkerweb/variables.env")
if len(api_caller._get_apis()) > 0:
@ -383,12 +372,6 @@ if __name__ == "__main__":
"Sending nginx configs failed, configuration will not work as expected...",
)
# Fix permissions for the cache folders
for root, dirs, files in walk("/data/cache", topdown=False):
for name in files + dirs:
chown(join(root, name), "root", 101)
chmod(join(root, name), 0o770)
try:
if len(api_caller._get_apis()) > 0:
# send cache