Skip to content
Snippets Groups Projects
Commit e97bdfdf authored by Filip Strömbäck's avatar Filip Strömbäck
Browse files

Fixed some bugs in the update scripts. Turns out sudo doesn't allow passing... 

Fixed some bugs in the update scripts. Turns out sudo doesn't allow passing Bash functions as environment variables.
parent 3f74477e
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
files/opendsa/on_update.sh
+ 5
7
View file @ e97bdfdf
...@@ -5,15 +5,13 @@ ...@@ -5,15 +5,13 @@
# Note: This file is executed as root, so we drop back to the opendsa user before starting pip. # Note: This file is executed as root, so we drop back to the opendsa user before starting pip.
function update_pip() { update_pip_fn=$(cat <<'EOF'
cd cd
python3 -m pip install --user -r OpenDSA/server/requirements.txt python3 -m pip install --user -r OpenDSA/server/requirements.txt
} EOF
export -f update_pip
# Run PIP as OpenDSA. # Run PIP as OpenDSA.
sudo --user opendsa --group opendsa --set-home --preserve-env=update_pip -- bash -c update_pip sudo --user opendsa --group opendsa --set-home -- bash -c "$update_pip_fn"
# Then, we can restart the service. # Then, we can restart the service.
systemctl service restart opendsa.service systemctl service restart opendsa.service
files/update_repo.sh
+ 30
28
View file @ e97bdfdf
...@@ -16,36 +16,39 @@ ...@@ -16,36 +16,39 @@
# script as a regular user without setting REPO_USER. # script as a regular user without setting REPO_USER.
# Function that keeps the repo updated. Returns 0 if nothing was done, 100 if the repo was updated, # "function" that keeps the repo updated. Returns 0 if nothing was done, 100 if the repo was updated,
# and something else on some kind of error. This function will be executed as the user indicated in # and something else on some kind of error. This function will be executed as the user indicated in
# the environment variables. # the environment variables.
function update_repo() { # I'm sorry for this thing... Turns out that sudo does not allow passing bash functions as environment
if [[ ! -d "$repo_path" ]] # variables, so I simply pass the entire "function" to Bash as a string.
update_repo_fn=$(cat <<'EOF'
if [[ ! -d "$repo_path" ]]
then
# Does not exist. We need to checkout the repository.
git clone --single-branch --branch "$repo_branch" "$repo_source" "$repo_path" || exit 1
exit 100
else
# It does exist. Make sure it is updated.
cd "$repo_path"
old_sha=$(git rev-parse HEAD)
git fetch -f "$repo_source" "$repo_branch":remotes/origin/"$repo_branch" || exit 1
new_sha=$(git rev-parse remotes/origin/"$repo_branch")
if [[ "$old_sha" == "$new_sha" ]]
then then
# Does not exist. We need to checkout the repository. # They are the same, we don't need to do anything.
git clone --single-branch --branch "$repo_branch" "$repo_source" "$repo_path" || exit 1 exit 0
exit 100
else else
# It does exist. Make sure it is updated. # They differ. Check out the new revision.
cd "$repo_path" git checkout -f "$new_sha" || exit 1
old_sha=$(git rev-parse HEAD) git branch -f "$repo_branch" "$new_sha" || exit 1
git fetch -f "$repo_source" "$repo_branch":remotes/origin/"$repo_branch" || exit 1 # This is not strictly necessary, but it makes it look like we have the correct branch
new_sha=$(git rev-parse remotes/origin/"$repo_branch") # checked out. Good if someone inspects the repo at a later time.
if [[ "$old_sha" == "$new_sha" ]] git checkout -f "$repo_branch" || exit 1
then exit 100
# They are the same, we don't need to do anything.
exit 0
else
# They differ. Check out the new revision.
git checkout -f "$new_sha" || exit 1
git branch -f "$repo_branch" "$new_sha" || exit 1
# This is not strictly necessary, but it makes it look like we have the correct branch
# checked out. Good if someone inspects the repo at a later time.
git checkout -f "$repo_branch" || exit 1
exit 100
fi
fi fi
} fi
EOF
)
# Check for enough parameters. # Check for enough parameters.
if [[ "$#" < 3 ]] if [[ "$#" < 3 ]]
...@@ -61,19 +64,18 @@ repo_source="$2" ...@@ -61,19 +64,18 @@ repo_source="$2"
repo_branch="$3" repo_branch="$3"
export repo_path repo_source repo_branch export repo_path repo_source repo_branch
export -f update_repo
if [[ -z "$REPO_USER" ]] if [[ -z "$REPO_USER" ]]
then then
# Just run it in a subshell # Just run it in a subshell
bash -c update_repo bash -c "$update_repo_fn"
else else
# Perhaps group was not supplied. # Perhaps group was not supplied.
if [[ -z "$REPO_GROUP" ]] if [[ -z "$REPO_GROUP" ]]
then then
REPO_GROUP="$REPO_USER" REPO_GROUP="$REPO_USER"
fi fi
sudo --preserve-env=repo_path,repo_source,repo_branch,update_repo --set-home --user="$REPO_USER" --group="$REPO_GROUP" -- bash -c update_repo sudo --preserve-env=repo_path,repo_source,repo_branch,update_repo --set-home --user="$REPO_USER" --group="$REPO_GROUP" -- bash -c "$update_repo_fn"
fi fi
# Note: We cannot put any commands between the if-statement and here. We need the result code from # Note: We cannot put any commands between the if-statement and here. We need the result code from
# invoking bash, which is the last command in both the if- and else- branches. # invoking bash, which is the last command in both the if- and else- branches.
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment