#!/bin/bash TARGET_CFG="/etc/dtms/vctp.yml" SOURCE_CFG="${TARGET_CFG}.rpmnew" extract_setting_key_lines() { local file="$1" awk ' /^settings:[[:space:]]*$/ { in_settings = 1; next } in_settings && /^[^[:space:]]/ { in_settings = 0 } in_settings && $0 ~ /^ [A-Za-z0-9_]+:[[:space:]]*/ { key = $1 sub(":", "", key) print key "\t" $0 } ' "$file" } merge_missing_settings_from_rpmnew() { local target="$1" local source="$2" if [ ! -f "$target" ] || [ ! -f "$source" ]; then return 0 fi local src_pairs target_pairs missing_lines merged_file src_pairs="$(mktemp /tmp/vctp-postinstall-src-XXXXXX)" || return 0 target_pairs="$(mktemp /tmp/vctp-postinstall-target-XXXXXX)" || { rm -f "$src_pairs"; return 0; } missing_lines="$(mktemp /tmp/vctp-postinstall-missing-XXXXXX)" || { rm -f "$src_pairs" "$target_pairs" return 0 } merged_file="$(mktemp /tmp/vctp-postinstall-merged-XXXXXX)" || { rm -f "$src_pairs" "$target_pairs" "$missing_lines" return 0 } extract_setting_key_lines "$source" > "$src_pairs" extract_setting_key_lines "$target" > "$target_pairs" declare -A existing_keys=() while IFS=$'\t' read -r key _; do [ -n "$key" ] || continue existing_keys["$key"]=1 done < "$target_pairs" local added=0 : > "$missing_lines" while IFS=$'\t' read -r key line; do [ -n "$key" ] || continue if [ -z "${existing_keys[$key]+x}" ]; then if [ "$added" -eq 0 ]; then echo " # Added automatically by RPM postinstall from vctp.yml.rpmnew defaults." >> "$missing_lines" fi echo "$line" >> "$missing_lines" existing_keys["$key"]=1 added=$((added + 1)) fi done < "$src_pairs" if [ "$added" -gt 0 ]; then awk -v missing_file="$missing_lines" ' function print_missing( line) { while ((getline line < missing_file) > 0) { print line } close(missing_file) } BEGIN { in_settings = 0; inserted = 0 } { if ($0 ~ /^settings:[[:space:]]*$/) { in_settings = 1 print next } if (in_settings && $0 ~ /^[^[:space:]]/) { if (!inserted) { print_missing() inserted = 1 } in_settings = 0 } print } END { if (in_settings && !inserted) { print_missing() } } ' "$target" > "$merged_file" && cat "$merged_file" > "$target" if [ "$?" -eq 0 ]; then echo "vCTP postinstall: added ${added} missing settings key(s) to ${target}" fi fi rm -f "$src_pairs" "$target_pairs" "$missing_lines" "$merged_file" } generate_random_auth_jwt_key() { if command -v openssl >/dev/null 2>&1; then openssl rand -base64 32 2>/dev/null | tr -d '\n' return 0 fi if command -v base64 >/dev/null 2>&1; then head -c 32 /dev/urandom | base64 | tr -d '\n' return 0 fi return 1 } auth_jwt_key_is_set() { local target="$1" [ -f "$target" ] || return 1 local extracted extracted="$(awk ' /^settings:[[:space:]]*$/ { in_settings = 1; next } in_settings && /^[^[:space:]]/ { in_settings = 0 } in_settings && $0 ~ /^ auth_jwt_signing_key:[[:space:]]*/ { value = $0 sub(/^[[:space:]]*auth_jwt_signing_key:[[:space:]]*/, "", value) sub(/[[:space:]]*#.*/, "", value) gsub(/^[[:space:]]+|[[:space:]]+$/, "", value) gsub(/^["'\'']|["'\'']$/, "", value) print value exit } ' "$target")" [ -n "$extracted" ] } set_auth_jwt_key() { local target="$1" local jwt_key="$2" local updated_file [ -f "$target" ] || return 1 updated_file="$(mktemp /tmp/vctp-postinstall-authkey-XXXXXX)" || return 1 if awk -v new_key="$jwt_key" ' BEGIN { in_settings = 0; replaced = 0; inserted = 0 } { if ($0 ~ /^settings:[[:space:]]*$/) { in_settings = 1 print next } if (in_settings && $0 ~ /^ auth_jwt_signing_key:[[:space:]]*/) { print " auth_jwt_signing_key: \"" new_key "\"" replaced = 1 next } if (in_settings && $0 ~ /^[^[:space:]]/) { if (!replaced && !inserted) { print " auth_jwt_signing_key: \"" new_key "\"" inserted = 1 } in_settings = 0 } print } END { if (in_settings && !replaced && !inserted) { print " auth_jwt_signing_key: \"" new_key "\"" } } ' "$target" > "$updated_file"; then cat "$updated_file" > "$target" rm -f "$updated_file" return 0 fi rm -f "$updated_file" return 1 } ensure_auth_jwt_key_in_settings() { local target="$1" [ -f "$target" ] || return 0 if auth_jwt_key_is_set "$target"; then return 0 fi local generated generated="$(generate_random_auth_jwt_key)" || { echo "vCTP postinstall: unable to generate auth_jwt_signing_key (openssl/base64 unavailable)" return 0 } if [ -z "$generated" ]; then echo "vCTP postinstall: unable to generate auth_jwt_signing_key (empty key)" return 0 fi if set_auth_jwt_key "$target" "$generated"; then echo "vCTP postinstall: generated and set settings.auth_jwt_signing_key in ${target}" else echo "vCTP postinstall: failed to write settings.auth_jwt_signing_key in ${target}" fi } merge_missing_settings_from_rpmnew "$TARGET_CFG" "$SOURCE_CFG" || : ensure_auth_jwt_key_in_settings "$TARGET_CFG" || : if [ -f "$TARGET_CFG" ]; then chown root:dtms "$TARGET_CFG" || : chmod 640 "$TARGET_CFG" || : fi if [ -f "$SOURCE_CFG" ]; then chown root:dtms "$SOURCE_CFG" || : chmod 640 "$SOURCE_CFG" || : fi if command -v systemctl >/dev/null 2>&1; then systemctl daemon-reload || : if [ "${1:-0}" -eq 1 ]; then systemctl enable --now vctp.service || : else systemctl try-restart vctp.service || : fi fi