Fix scheduler no longer running as root + Fix permission errors with downloaded plugins
This commit is contained in:
parent
4a67a5f56e
commit
c8d39ba6b5
|
@ -2,8 +2,8 @@
|
|||
|
||||
from hashlib import sha256
|
||||
from io import BytesIO
|
||||
from os import getenv, listdir, makedirs, chmod, stat, _exit, walk
|
||||
from os.path import basename, dirname, join
|
||||
from os import getenv, listdir, chmod, stat, _exit
|
||||
from os.path import basename, dirname
|
||||
from pathlib import Path
|
||||
from stat import S_IEXEC
|
||||
from sys import exit as sys_exit, path as sys_path
|
||||
|
@ -11,7 +11,7 @@ from threading import Lock
|
|||
from uuid import uuid4
|
||||
from glob import glob
|
||||
from json import loads
|
||||
from shutil import chown, copytree, rmtree
|
||||
from shutil import copytree, rmtree
|
||||
from tarfile import open as tar_open
|
||||
from traceback import format_exc
|
||||
from zipfile import ZipFile
|
||||
|
@ -48,7 +48,7 @@ def install_plugin(plugin_dir) -> bool:
|
|||
# Copy the plugin
|
||||
copytree(plugin_dir, f"/data/plugins/{metadata['id']}")
|
||||
# Add u+x permissions to jobs files
|
||||
for job_file in glob(f"{plugin_dir}jobs/*"):
|
||||
for job_file in glob(f"{plugin_dir}/jobs/*"):
|
||||
st = stat(job_file)
|
||||
chmod(job_file, st.st_mode | S_IEXEC)
|
||||
logger.info(f"Plugin {metadata['id']} installed")
|
||||
|
@ -112,12 +112,6 @@ try:
|
|||
)
|
||||
status = 2
|
||||
|
||||
# Fix permissions on plugins
|
||||
for root, dirs, files in walk("/data/plugins", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
if not plugin_nbr:
|
||||
logger.info("No external plugins to update to database")
|
||||
_exit(0)
|
||||
|
@ -150,7 +144,7 @@ try:
|
|||
)
|
||||
|
||||
if "ui" in listdir(path):
|
||||
plugin_file["ui"] = True
|
||||
plugin_file["page"] = True
|
||||
|
||||
external_plugins.append(plugin_file)
|
||||
external_plugins_ids.append(plugin_file["id"])
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
#!/usr/bin/python3
|
||||
|
||||
from io import BytesIO
|
||||
from os import chmod, getenv, walk
|
||||
from os.path import join
|
||||
from os import getenv
|
||||
from pathlib import Path
|
||||
from shutil import chown
|
||||
from subprocess import run, DEVNULL, STDOUT
|
||||
from sys import exit as sys_exit, path as sys_path
|
||||
from tarfile import open as tar_open
|
||||
|
@ -48,12 +46,6 @@ try:
|
|||
# Create tarball of /data/cache/letsencrypt
|
||||
tgz = BytesIO()
|
||||
|
||||
# Fix permissions for the certificates
|
||||
for root, dirs, files in walk("/data/cache/letsencrypt", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
with tar_open(mode="w:gz", fileobj=tgz) as tf:
|
||||
tf.add("/data/cache/letsencrypt", arcname=".")
|
||||
tgz.seek(0, 0)
|
||||
|
|
|
@ -70,6 +70,6 @@ VOLUME /data /etc/nginx
|
|||
|
||||
WORKDIR /usr/share/bunkerweb/scheduler
|
||||
|
||||
USER root:scheduler
|
||||
USER scheduler:scheduler
|
||||
|
||||
ENTRYPOINT ["/usr/share/bunkerweb/scheduler/entrypoint.sh"]
|
||||
|
|
|
@ -9,12 +9,14 @@ from os import (
|
|||
getenv,
|
||||
getpid,
|
||||
listdir,
|
||||
stat,
|
||||
walk,
|
||||
)
|
||||
from os.path import dirname, join
|
||||
from pathlib import Path
|
||||
from shutil import chown, copy, rmtree
|
||||
from shutil import copy, rmtree
|
||||
from signal import SIGINT, SIGTERM, signal, SIGHUP
|
||||
from stat import S_IEXEC
|
||||
from subprocess import run as subprocess_run, DEVNULL, STDOUT
|
||||
from sys import path as sys_path
|
||||
from tarfile import open as tar_open
|
||||
|
@ -102,12 +104,6 @@ def generate_custom_configs(
|
|||
Path(dirname(tmp_path)).mkdir(parents=True, exist_ok=True)
|
||||
Path(tmp_path).write_bytes(custom_config["data"])
|
||||
|
||||
# Fix permissions for the custom configs folder
|
||||
for root, dirs, files in walk("/data/configs", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
if integration != "Linux":
|
||||
logger.info("Sending custom configs to BunkerWeb")
|
||||
ret = api_caller._send_files("/data/configs", "/custom_configs")
|
||||
|
@ -128,17 +124,16 @@ def generate_external_plugins(
|
|||
Path(original_path).mkdir(parents=True, exist_ok=True)
|
||||
for plugin in plugins:
|
||||
tmp_path = f"{original_path}/{plugin['id']}/{plugin['name']}.tar.gz"
|
||||
Path(dirname(tmp_path)).mkdir(parents=True, exist_ok=True)
|
||||
plugin_dir = dirname(tmp_path)
|
||||
Path(plugin_dir).mkdir(parents=True, exist_ok=True)
|
||||
Path(tmp_path).write_bytes(plugin["data"])
|
||||
with tar_open(tmp_path, "r:gz") as tar:
|
||||
tar.extractall(original_path)
|
||||
Path(tmp_path).unlink()
|
||||
|
||||
# Fix permissions for the plugins folder
|
||||
for root, dirs, files in walk("/data/plugins", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
for job_file in glob(f"{plugin_dir}/jobs/*"):
|
||||
st = stat(job_file)
|
||||
chmod(job_file, st.st_mode | S_IEXEC)
|
||||
|
||||
if integration != "Linux":
|
||||
logger.info("Sending plugins to BunkerWeb")
|
||||
|
@ -366,12 +361,6 @@ if __name__ == "__main__":
|
|||
"Config generator failed, configuration will not work as expected...",
|
||||
)
|
||||
else:
|
||||
# Fix permissions for the nginx folder
|
||||
for root, dirs, files in walk("/etc/nginx", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
copy("/etc/nginx/variables.env", "/var/tmp/bunkerweb/variables.env")
|
||||
|
||||
if len(api_caller._get_apis()) > 0:
|
||||
|
@ -383,12 +372,6 @@ if __name__ == "__main__":
|
|||
"Sending nginx configs failed, configuration will not work as expected...",
|
||||
)
|
||||
|
||||
# Fix permissions for the cache folders
|
||||
for root, dirs, files in walk("/data/cache", topdown=False):
|
||||
for name in files + dirs:
|
||||
chown(join(root, name), "root", 101)
|
||||
chmod(join(root, name), 0o770)
|
||||
|
||||
try:
|
||||
if len(api_caller._get_apis()) > 0:
|
||||
# send cache
|
||||
|
|
Loading…
Reference in New Issue