From 4bbee9bd9464264a9a089caa73f356e80790af74 Mon Sep 17 00:00:00 2001 From: Benedikt Kuehne Date: Thu, 14 Sep 2023 16:53:29 +0200 Subject: [PATCH 1/5] remove logging from emba install --- installer.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/installer.sh b/installer.sh index fc9d7abd..a2434631 100755 --- a/installer.sh +++ b/installer.sh @@ -125,11 +125,10 @@ install_emba(){ sudo -u "${SUDO_USER:-${USER}}" git submodule update --remote sudo -u "${SUDO_USER:-${USER}}" git config --global --add safe.directory "$PWD"/emba cd emba - ./installer.sh -d | tee install.log || ( echo "Could not install EMBA" && exit 1 ) + ./installer.sh -d || ( echo "Could not install EMBA" && exit 1 ) cd .. if ! (cd emba && ./emba -d 1); then echo -e "\n$RED""$BOLD""EMBA installation failed""$NC" - tail emba/install.log exit 1 fi chown -R "${SUDO_USER:-${USER}}" emba @@ -497,9 +496,6 @@ uninstall (){ # delete/uninstall submodules # emba - if [ -f ./emba/install.log ]; then - rm ./emba/install.log - fi if [[ -d ./emba/external ]]; then rm -r ./emba/external/ fi From 4e6daa12709e14a2c14165099480c5f60c0cc1a7 Mon Sep 17 00:00:00 2001 From: Benedikt Kuehne Date: Fri, 15 Sep 2023 11:49:42 +0200 Subject: [PATCH 2/5] fix find old pwd --- helper/helper_embark_general.sh | 11 ----------- installer.sh | 26 +++++++++++++++++++++----- 2 files changed, 21 insertions(+), 16 deletions(-) diff --git a/helper/helper_embark_general.sh b/helper/helper_embark_general.sh index bb4955e5..355f1ae2 100644 --- a/helper/helper_embark_general.sh +++ b/helper/helper_embark_general.sh @@ -138,17 +138,6 @@ check_db() { echo -e "$GREEN""$BOLD""[+] Everything checks out""$NC\\n" } -check_safe() { - local ENV_FILES=() - if [[ -d safe ]] ; then - mapfile -d '' ENV_FILES < <(find ./safe -iname "*.env" -print0 2> /dev/null) - if [ ${#ENV_FILES[@]} -gt 0 ]; then - return 0 - fi - fi - return 1 -} - add_to_env_history(){ local PASSWORD_="${1:-}" local CONTAINER_HASH_="${2:-}" diff --git a/installer.sh b/installer.sh index a2434631..362b97f3 100755 --- a/installer.sh +++ b/installer.sh @@ -85,12 +85,28 @@ write_env(){ local SUPER_USER="superuser" local RANDOM_PW="" local DJANGO_SECRET_KEY="" + local ENV_FILES=() + local LAST_PW_HASH="" + local CHECK_PW="" - if check_safe; then - echo -e "$ORANGE""$BOLD""Using old env file""$NC" - DJANGO_SECRET_KEY="$(grep "SECRET_KEY=" "$(find ./safe -name "*.env" | head -1)" | sed -e "s/^SECRET_KEY=//" )" - RANDOM_PW="$(grep "DATABASE_PASSWORD=" "$(find ./safe -name "*.env" | head -1)" | sed -e "s/^DATABASE_PASSWORD=//" )" - else + if [[ -d safe ]]; then + mapfile -d '' ENV_FILES < <(find ./safe -iname "*.env" -print0 2> /dev/null) + if [[ ${#ENV_FILES[@]} -gt 0 ]] && [[ -f safe/history.env ]]; then + echo -e "$ORANGE""$BOLD""Using old env file""$NC" + # check which env file was the last one where $(echo "$PASSWORD_" | sha256sum) matches the first line and entry + LAST_PW_HASH="$(grep -v "$(echo "" | sha256sum)" safe/history.env | tail -n 1 | cut -d";" -f1)" + for FILE_ in "${ENV_FILES[@]}"; do + CHECK_PW="$(grep "DATABASE_PASSWORD=" "${FILE_}" | sed -e "s/^DATABASE_PASSWORD=//" )" + if [[ "${LAST_PW_HASH}" -eq "$(echo "${CHECK_PW}" | sha256sum)" ]]; then + RANDOM_PW="${CHECK_PW}" + DJANGO_SECRET_KEY="$(grep "SECRET_KEY=" "${FILE_}" | sed -e "s/^SECRET_KEY=//" )" + break + fi + done + fi + fi + + if [[ -z ${DJANGO_SECRET_KEY} ]] || [[ -z ${DJANGO_SECRET_KEY} ]]; then echo -e "$ORANGE""$BOLD""Did not find safed passwords""$NC" DJANGO_SECRET_KEY=$(python3.10 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())') RANDOM_PW=$(openssl rand -base64 12) From fea406a4ba6cc7df624d83f51e38b6373fe444b0 Mon Sep 17 00:00:00 2001 From: Benedikt Kuehne Date: Fri, 15 Sep 2023 12:04:57 +0200 Subject: [PATCH 3/5] add pw output --- helper/helper_embark_general.sh | 1 + installer.sh | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/helper/helper_embark_general.sh b/helper/helper_embark_general.sh index 355f1ae2..2013d7a8 100644 --- a/helper/helper_embark_general.sh +++ b/helper/helper_embark_general.sh @@ -131,6 +131,7 @@ check_db() { echo -e "$CYAN""You could try recoverying manually by overwriting your\".env\" file""$NC\\n" if [[ -f safe/history.env ]]; then echo -e "$CYAN""The mysql-db was first started with the password(sha256sum): $(head -n1 ./safe/history.env | cut -d";" -f1) ""$NC\\n" + echo -e "$CYAN""And the password used was (sha256sum): $(echo "${PW_ENV}" | sha256sum)""$NC\\n" fi exit 1 fi diff --git a/installer.sh b/installer.sh index 362b97f3..ab7ab7a3 100755 --- a/installer.sh +++ b/installer.sh @@ -490,11 +490,17 @@ uninstall (){ # delete user www-embark and reset visudo echo -e "$ORANGE""$BOLD""Delete user""$NC" - # sed -i 's/www\-embark\ ALL\=\(ALL\)\ NOPASSWD\:\ \/app\/emba\/emba//g' /etc/sudoers #TODO doesnt work yet + if id -u www-embark &>/dev/null ; then userdel www-embark fi + # remove all emba/embark NOPASSWD entries into sudoer file + while 1;do + echo #TODO + # sed -i 's/www\-embark\ ALL\=\(ALL\)\ NOPASSWD\:\ \/app\/emba\/emba//g' /etc/sudoers #TODO doesnt work yet + done < "$(grep "NOPASSWD" /etc/sudoers)" + # delete .env echo -e "$ORANGE""$BOLD""Delete env""$NC" if [[ -f ./.env ]]; then From 6d96eac16931d394d2a86f217682ce3497e9a736 Mon Sep 17 00:00:00 2001 From: Benedikt Kuehne Date: Fri, 15 Sep 2023 12:24:29 +0200 Subject: [PATCH 4/5] remove nopasswd entries --- installer.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/installer.sh b/installer.sh index ab7ab7a3..89dab4d3 100755 --- a/installer.sh +++ b/installer.sh @@ -97,7 +97,7 @@ write_env(){ LAST_PW_HASH="$(grep -v "$(echo "" | sha256sum)" safe/history.env | tail -n 1 | cut -d";" -f1)" for FILE_ in "${ENV_FILES[@]}"; do CHECK_PW="$(grep "DATABASE_PASSWORD=" "${FILE_}" | sed -e "s/^DATABASE_PASSWORD=//" )" - if [[ "${LAST_PW_HASH}" -eq "$(echo "${CHECK_PW}" | sha256sum)" ]]; then + if [[ "${LAST_PW_HASH}" == "$(echo "${CHECK_PW}" | sha256sum)" ]]; then RANDOM_PW="${CHECK_PW}" DJANGO_SECRET_KEY="$(grep "SECRET_KEY=" "${FILE_}" | sed -e "s/^SECRET_KEY=//" )" break @@ -496,10 +496,14 @@ uninstall (){ fi # remove all emba/embark NOPASSWD entries into sudoer file - while 1;do - echo #TODO - # sed -i 's/www\-embark\ ALL\=\(ALL\)\ NOPASSWD\:\ \/app\/emba\/emba//g' /etc/sudoers #TODO doesnt work yet - done < "$(grep "NOPASSWD" /etc/sudoers)" + if grep -qE "NOPASSWD\:.*\/emba\/emba" /etc/sudoers ; then + echo -e "$ORANGE""$BOLD""Deleting EMBA NOPASSWD entries""$NC" + sed -i '/NOPASSWD\:.*\/emba\/emba/d' /etc/sudoers + fi + if grep -qE "NOPASSWD\:.*\/bin\/pkill" /etc/sudoers ; then + echo -e "$ORANGE""$BOLD""Deleting pkill NOPASSWD entries""$NC" + sed -i '/NOPASSWD\:.*\/bin\/pkill/d' /etc/sudoers + fi # delete .env echo -e "$ORANGE""$BOLD""Delete env""$NC" From d2019ddbea07f7576d361119f5a0ffbaa60a2e8e Mon Sep 17 00:00:00 2001 From: Benedikt Kuehne Date: Fri, 15 Sep 2023 12:35:54 +0200 Subject: [PATCH 5/5] rm logs --dev --- installer.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/installer.sh b/installer.sh index 89dab4d3..d195deda 100755 --- a/installer.sh +++ b/installer.sh @@ -471,6 +471,9 @@ uninstall (){ if [[ -d ./.venv ]]; then rm -Rvf ./.venv fi + if [[ -d ./logs ]]; then + rm -Rvf ./logs + fi if [[ "$REFORCE" -eq 0 ]]; then # user-files if [[ -d ./emba_logs ]]; then