From fcd2f47270385f8337e9e726a17ed4d711d22ce5 Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+theCalcaholic@users.noreply.github.com> Date: Mon, 25 Jul 2022 22:08:45 +0200 Subject: nc-datadir.sh, nc-encrypt.sh: Avoid set -u in scripts --- bin/ncp/CONFIG/nc-datadir.sh | 2 +- bin/ncp/SECURITY/nc-encrypt.sh | 24 ++++++++++++------------ tests/system_tests.py | 10 +++++++++- 3 files changed, 22 insertions(+), 14 deletions(-) diff --git a/bin/ncp/CONFIG/nc-datadir.sh b/bin/ncp/CONFIG/nc-datadir.sh index 2503fce7..d8f4f699 100644 --- a/bin/ncp/CONFIG/nc-datadir.sh +++ b/bin/ncp/CONFIG/nc-datadir.sh @@ -22,7 +22,7 @@ install() configure() { - set -eu -o pipefail + set -e -o pipefail shopt -s dotglob # includes dot files ## CHECKS diff --git a/bin/ncp/SECURITY/nc-encrypt.sh b/bin/ncp/SECURITY/nc-encrypt.sh index 33f8dea3..862a5ee0 100644 --- a/bin/ncp/SECURITY/nc-encrypt.sh +++ b/bin/ncp/SECURITY/nc-encrypt.sh @@ -21,15 +21,15 @@ install() configure() { ( - set -eu -o pipefail + set -e -o pipefail local datadir parentdir encdir tmpdir datadir="$(get_ncpcfg datadir)" - [[ "${datadir}" == "null" ]] && datadir=/var/www/nextcloud/data + [[ "${datadir?}" == "null" ]] && datadir=/var/www/nextcloud/data parentdir="$(dirname "${datadir}")" - encdir="${parentdir}/ncdata_enc" + encdir="${parentdir?}/ncdata_enc" tmpdir="$(mktemp -u -p "${parentdir}" -t nc-data-crypt.XXXXXX))" - [[ "${ACTIVE}" != "yes" ]] && { + [[ "${ACTIVE?}" != "yes" ]] && { if ! is_active; then echo "Data not currently encrypted" return 0 @@ -37,14 +37,14 @@ configure() save_maintenance_mode trap restore_maintenance_mode EXIT echo "Decrypting data..." - mkdir "${tmpdir}" + mkdir "${tmpdir?}" chown www-data: "${tmpdir}" pkill tail # prevents from umounting in docker - mv "${datadir}"/* "${datadir}"/.[!.]* "${tmpdir}" + mv "${datadir?}"/* "${datadir}"/.[!.]* "${tmpdir}" fusermount -u "${datadir}" rmdir "${datadir}" mv "${tmpdir}" "${datadir}" - rm "${encdir}"/gocryptfs.* + rm "${encdir?}"/gocryptfs.* rmdir "${encdir}" echo "Data no longer encrypted" return @@ -56,8 +56,8 @@ configure() fi # Just mount already encrypted data - if [[ -f "${encdir}"/gocryptfs.conf ]]; then - echo "${PASSWORD}" | gocryptfs -allow_other -q "${encdir}" "${datadir}" 2>&1 | sed /^Switch/d + if [[ -f "${encdir?}"/gocryptfs.conf ]]; then + echo "${PASSWORD?}" | gocryptfs -allow_other -q "${encdir}" "${datadir}" 2>&1 | sed /^Switch/d # switch to the regular virtual hosts after we decrypt, so we can access NC and ncp-web a2ensite ncp nextcloud @@ -67,12 +67,12 @@ configure() echo "Encrypted data now accessible" return fi - mkdir -p "${encdir}" - echo "${PASSWORD}" | gocryptfs -init -q "${encdir}" + mkdir -p "${encdir?}" + echo "${PASSWORD?}" | gocryptfs -init -q "${encdir}" save_maintenance_mode trap restore_maintenance_mode EXIT - mv "${datadir}" "${tmpdir}" + mv "${datadir?}" "${tmpdir?}" mkdir "${datadir}" echo "${PASSWORD}" | gocryptfs -allow_other -q "${encdir}" "${datadir}" 2>&1 | sed /^Switch/d diff --git a/tests/system_tests.py b/tests/system_tests.py index a2e56511..abae3cf6 100755 --- a/tests/system_tests.py +++ b/tests/system_tests.py @@ -18,7 +18,6 @@ import sys import getopt import os import signal -from urllib.request import urlopen from subprocess import run, getstatusoutput, PIPE processes_must_be_running = [ @@ -221,6 +220,12 @@ if __name__ == "__main__": except: lxc_running = False + try: + systemd_container_running = run(['machinectl', 'show', 'ncp'], stdout=PIPE, check = True) + except: + systemd_container_running = False + + # local method if os.path.exists('/usr/local/etc/ncp-baseimage'): print(tc.brown + "* local NCP instance detected" + tc.normal) @@ -241,6 +246,9 @@ if __name__ == "__main__": print( tc.brown + "* local LXC instance detected" + tc.normal) pre_cmd = ['lxc', 'exec', 'ncp', '--'] + elif systemd_container_running: + pre_cmd = ['machinectl', 'shell', 'root@ncp', '/usr/bin/bash', '-c'] + # SSH method else: if len(args) == 0: -- cgit v1.2.3