Fixed some bugs in the update scripts. Turns out sudo doesn't allow passing...

Fixed some bugs in the update scripts. Turns out sudo doesn't allow passing Bash functions as environment variables.

Fixed some bugs in the update scripts. Turns out sudo doesn't allow passing...
e97bdfdf · Filip Strömbäck · 3f74477e · e97bdfdf · e97bdfdf
Commit e97bdfdf authored 4 years ago by Filip Strömbäck
--- a/files/opendsa/on_update.sh
+++ b/files/opendsa/on_update.sh
@@ -5,15 +5,13 @@

 # Note: This file is executed as root, so we drop back to the opendsa user before starting pip.

-function update_pip() {
-    cd
-    python3 -m pip install --user -r OpenDSA/server/requirements.txt
-}
-
-export -f update_pip
+update_pip_fn=$(cat <<'EOF'
+cd
+python3 -m pip install --user -r OpenDSA/server/requirements.txt
+EOF

 # Run PIP as OpenDSA.
-sudo --user opendsa --group opendsa --set-home --preserve-env=update_pip -- bash -c update_pip
+sudo --user opendsa --group opendsa --set-home -- bash -c "$update_pip_fn"

 # Then, we can restart the service.
 systemctl service restart opendsa.service
--- a/files/update_repo.sh
+++ b/files/update_repo.sh
@@ -16,36 +16,39 @@
 # script as a regular user without setting REPO_USER.


-# Function that keeps the repo updated. Returns 0 if nothing was done, 100 if the repo was updated,
+# "function" that keeps the repo updated. Returns 0 if nothing was done, 100 if the repo was updated,
 # and something else on some kind of error. This function will be executed as the user indicated in
 # the environment variables.
-function update_repo() {
-    if [[ ! -d "$repo_path" ]]
+# I'm sorry for this thing... Turns out that sudo does not allow passing bash functions as environment
+# variables, so I simply pass the entire "function" to Bash as a string.
+update_repo_fn=$(cat <<'EOF'
+if [[ ! -d "$repo_path" ]]
+then
+    # Does not exist. We need to checkout the repository.
+    git clone --single-branch --branch "$repo_branch" "$repo_source" "$repo_path" || exit 1
+    exit 100
+else
+    # It does exist. Make sure it is updated.
+    cd "$repo_path"
+    old_sha=$(git rev-parse HEAD)
+    git fetch -f "$repo_source" "$repo_branch":remotes/origin/"$repo_branch" || exit 1
+    new_sha=$(git rev-parse remotes/origin/"$repo_branch")
+    if [[ "$old_sha" == "$new_sha" ]]
    then
-	# Does not exist. We need to checkout the repository.
-	git clone --single-branch --branch "$repo_branch" "$repo_source" "$repo_path" || exit 1
-	exit 100
+	# They are the same, we don't need to do anything.
+	exit 0
    else
-	# It does exist. Make sure it is updated.
-	cd "$repo_path"
-	old_sha=$(git rev-parse HEAD)
-	git fetch -f "$repo_source" "$repo_branch":remotes/origin/"$repo_branch" || exit 1
-	new_sha=$(git rev-parse remotes/origin/"$repo_branch")
-	if [[ "$old_sha" == "$new_sha" ]]
-	then
-	    # They are the same, we don't need to do anything.
-	    exit 0
-	else
-	    # They differ. Check out the new revision.
-	    git checkout -f "$new_sha" || exit 1
-	    git branch -f "$repo_branch" "$new_sha" || exit 1
-	    # This is not strictly necessary, but it makes it look like we have the correct branch
-	    # checked out. Good if someone inspects the repo at a later time.
-	    git checkout -f "$repo_branch" || exit 1
-	    exit 100
-	fi
+	# They differ. Check out the new revision.
+	git checkout -f "$new_sha" || exit 1
+	git branch -f "$repo_branch" "$new_sha" || exit 1
+	# This is not strictly necessary, but it makes it look like we have the correct branch
+	# checked out. Good if someone inspects the repo at a later time.
+	git checkout -f "$repo_branch" || exit 1
+	exit 100
    fi
-}
+fi
+EOF
+)

 # Check for enough parameters.
 if [[ "$#" < 3 ]]
@@ -61,19 +64,18 @@ repo_source="$2"
 repo_branch="$3"

 export repo_path repo_source repo_branch
-export -f update_repo

 if [[ -z "$REPO_USER" ]]
 then
    # Just run it in a subshell
-    bash -c update_repo
+    bash -c "$update_repo_fn"
 else
    # Perhaps group was not supplied.
    if [[ -z "$REPO_GROUP" ]]
    then
 	REPO_GROUP="$REPO_USER"
    fi
-    sudo --preserve-env=repo_path,repo_source,repo_branch,update_repo --set-home --user="$REPO_USER" --group="$REPO_GROUP" -- bash -c update_repo
+    sudo --preserve-env=repo_path,repo_source,repo_branch,update_repo --set-home --user="$REPO_USER" --group="$REPO_GROUP" -- bash -c "$update_repo_fn"
 fi
 # Note: We cannot put any commands between the if-statement and here. We need the result code from
 # invoking bash, which is the last command in both the if- and else- branches.