229 lines
6.5 KiB
Bash
229 lines
6.5 KiB
Bash
#!/bin/bash
|
|
|
|
TARGET_CFG="/etc/dtms/vctp.yml"
|
|
SOURCE_CFG="${TARGET_CFG}.rpmnew"
|
|
|
|
extract_setting_key_lines() {
|
|
local file="$1"
|
|
awk '
|
|
/^settings:[[:space:]]*$/ { in_settings = 1; next }
|
|
in_settings && /^[^[:space:]]/ { in_settings = 0 }
|
|
in_settings && $0 ~ /^ [A-Za-z0-9_]+:[[:space:]]*/ {
|
|
key = $1
|
|
sub(":", "", key)
|
|
print key "\t" $0
|
|
}
|
|
' "$file"
|
|
}
|
|
|
|
merge_missing_settings_from_rpmnew() {
|
|
local target="$1"
|
|
local source="$2"
|
|
|
|
if [ ! -f "$target" ] || [ ! -f "$source" ]; then
|
|
return 0
|
|
fi
|
|
|
|
local src_pairs target_pairs missing_lines merged_file
|
|
src_pairs="$(mktemp /tmp/vctp-postinstall-src-XXXXXX)" || return 0
|
|
target_pairs="$(mktemp /tmp/vctp-postinstall-target-XXXXXX)" || { rm -f "$src_pairs"; return 0; }
|
|
missing_lines="$(mktemp /tmp/vctp-postinstall-missing-XXXXXX)" || {
|
|
rm -f "$src_pairs" "$target_pairs"
|
|
return 0
|
|
}
|
|
merged_file="$(mktemp /tmp/vctp-postinstall-merged-XXXXXX)" || {
|
|
rm -f "$src_pairs" "$target_pairs" "$missing_lines"
|
|
return 0
|
|
}
|
|
|
|
extract_setting_key_lines "$source" > "$src_pairs"
|
|
extract_setting_key_lines "$target" > "$target_pairs"
|
|
|
|
declare -A existing_keys=()
|
|
while IFS=$'\t' read -r key _; do
|
|
[ -n "$key" ] || continue
|
|
existing_keys["$key"]=1
|
|
done < "$target_pairs"
|
|
|
|
local added=0
|
|
: > "$missing_lines"
|
|
while IFS=$'\t' read -r key line; do
|
|
[ -n "$key" ] || continue
|
|
if [ -z "${existing_keys[$key]+x}" ]; then
|
|
if [ "$added" -eq 0 ]; then
|
|
echo " # Added automatically by RPM postinstall from vctp.yml.rpmnew defaults." >> "$missing_lines"
|
|
fi
|
|
echo "$line" >> "$missing_lines"
|
|
existing_keys["$key"]=1
|
|
added=$((added + 1))
|
|
fi
|
|
done < "$src_pairs"
|
|
|
|
if [ "$added" -gt 0 ]; then
|
|
awk -v missing_file="$missing_lines" '
|
|
function print_missing( line) {
|
|
while ((getline line < missing_file) > 0) {
|
|
print line
|
|
}
|
|
close(missing_file)
|
|
}
|
|
BEGIN { in_settings = 0; inserted = 0 }
|
|
{
|
|
if ($0 ~ /^settings:[[:space:]]*$/) {
|
|
in_settings = 1
|
|
print
|
|
next
|
|
}
|
|
if (in_settings && $0 ~ /^[^[:space:]]/) {
|
|
if (!inserted) {
|
|
print_missing()
|
|
inserted = 1
|
|
}
|
|
in_settings = 0
|
|
}
|
|
print
|
|
}
|
|
END {
|
|
if (in_settings && !inserted) {
|
|
print_missing()
|
|
}
|
|
}
|
|
' "$target" > "$merged_file" && cat "$merged_file" > "$target"
|
|
|
|
if [ "$?" -eq 0 ]; then
|
|
echo "vCTP postinstall: added ${added} missing settings key(s) to ${target}"
|
|
fi
|
|
fi
|
|
|
|
rm -f "$src_pairs" "$target_pairs" "$missing_lines" "$merged_file"
|
|
}
|
|
|
|
generate_random_auth_jwt_key() {
|
|
if command -v openssl >/dev/null 2>&1; then
|
|
openssl rand -base64 32 2>/dev/null | tr -d '\n'
|
|
return 0
|
|
fi
|
|
if command -v base64 >/dev/null 2>&1; then
|
|
head -c 32 /dev/urandom | base64 | tr -d '\n'
|
|
return 0
|
|
fi
|
|
return 1
|
|
}
|
|
|
|
auth_jwt_key_is_set() {
|
|
local target="$1"
|
|
[ -f "$target" ] || return 1
|
|
|
|
local extracted
|
|
extracted="$(awk '
|
|
/^settings:[[:space:]]*$/ { in_settings = 1; next }
|
|
in_settings && /^[^[:space:]]/ { in_settings = 0 }
|
|
in_settings && $0 ~ /^ auth_jwt_signing_key:[[:space:]]*/ {
|
|
value = $0
|
|
sub(/^[[:space:]]*auth_jwt_signing_key:[[:space:]]*/, "", value)
|
|
sub(/[[:space:]]*#.*/, "", value)
|
|
gsub(/^[[:space:]]+|[[:space:]]+$/, "", value)
|
|
gsub(/^["'\'']|["'\'']$/, "", value)
|
|
print value
|
|
exit
|
|
}
|
|
' "$target")"
|
|
|
|
[ -n "$extracted" ]
|
|
}
|
|
|
|
set_auth_jwt_key() {
|
|
local target="$1"
|
|
local jwt_key="$2"
|
|
local updated_file
|
|
|
|
[ -f "$target" ] || return 1
|
|
updated_file="$(mktemp /tmp/vctp-postinstall-authkey-XXXXXX)" || return 1
|
|
|
|
if awk -v new_key="$jwt_key" '
|
|
BEGIN { in_settings = 0; replaced = 0; inserted = 0 }
|
|
{
|
|
if ($0 ~ /^settings:[[:space:]]*$/) {
|
|
in_settings = 1
|
|
print
|
|
next
|
|
}
|
|
|
|
if (in_settings && $0 ~ /^ auth_jwt_signing_key:[[:space:]]*/) {
|
|
print " auth_jwt_signing_key: \"" new_key "\""
|
|
replaced = 1
|
|
next
|
|
}
|
|
|
|
if (in_settings && $0 ~ /^[^[:space:]]/) {
|
|
if (!replaced && !inserted) {
|
|
print " auth_jwt_signing_key: \"" new_key "\""
|
|
inserted = 1
|
|
}
|
|
in_settings = 0
|
|
}
|
|
|
|
print
|
|
}
|
|
END {
|
|
if (in_settings && !replaced && !inserted) {
|
|
print " auth_jwt_signing_key: \"" new_key "\""
|
|
}
|
|
}
|
|
' "$target" > "$updated_file"; then
|
|
cat "$updated_file" > "$target"
|
|
rm -f "$updated_file"
|
|
return 0
|
|
fi
|
|
|
|
rm -f "$updated_file"
|
|
return 1
|
|
}
|
|
|
|
ensure_auth_jwt_key_in_settings() {
|
|
local target="$1"
|
|
[ -f "$target" ] || return 0
|
|
|
|
if auth_jwt_key_is_set "$target"; then
|
|
return 0
|
|
fi
|
|
|
|
local generated
|
|
generated="$(generate_random_auth_jwt_key)" || {
|
|
echo "vCTP postinstall: unable to generate auth_jwt_signing_key (openssl/base64 unavailable)"
|
|
return 0
|
|
}
|
|
|
|
if [ -z "$generated" ]; then
|
|
echo "vCTP postinstall: unable to generate auth_jwt_signing_key (empty key)"
|
|
return 0
|
|
fi
|
|
|
|
if set_auth_jwt_key "$target" "$generated"; then
|
|
echo "vCTP postinstall: generated and set settings.auth_jwt_signing_key in ${target}"
|
|
else
|
|
echo "vCTP postinstall: failed to write settings.auth_jwt_signing_key in ${target}"
|
|
fi
|
|
}
|
|
|
|
merge_missing_settings_from_rpmnew "$TARGET_CFG" "$SOURCE_CFG" || :
|
|
ensure_auth_jwt_key_in_settings "$TARGET_CFG" || :
|
|
|
|
if [ -f "$TARGET_CFG" ]; then
|
|
chown root:dtms "$TARGET_CFG" || :
|
|
chmod 640 "$TARGET_CFG" || :
|
|
fi
|
|
if [ -f "$SOURCE_CFG" ]; then
|
|
chown root:dtms "$SOURCE_CFG" || :
|
|
chmod 640 "$SOURCE_CFG" || :
|
|
fi
|
|
|
|
if command -v systemctl >/dev/null 2>&1; then
|
|
systemctl daemon-reload || :
|
|
if [ "${1:-0}" -eq 1 ]; then
|
|
systemctl enable --now vctp.service || :
|
|
else
|
|
systemctl try-restart vctp.service || :
|
|
fi
|
|
fi
|