From bab86f26872c9397edb8eed477766a8a6c4f90bf Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+thecalcaholic@users.noreply.github.com> Date: Fri, 27 Jan 2023 15:48:44 +0100 Subject: [PATCH 01/18] elements.php: Fail gracefully if script configs can't be loaded Signed-off-by: Tobias K <6317548+thecalcaholic@users.noreply.github.com> --- ncp-web/elements.php | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ncp-web/elements.php b/ncp-web/elements.php index 82f62cafc..7c307a3c6 100644 --- a/ncp-web/elements.php +++ b/ncp-web/elements.php @@ -182,6 +182,13 @@ function print_sidebar( $l /* translations l10n object */, $ticks /* wether to c $cfg_file = $cfg_dir . $ncp_app . ".cfg"; $cfg = json_decode(file_get_contents($cfg_file), true); + try { + sizeof($cfg['params']); + } catch (TypeError $e) { + error_log("Failed loading script '$script'!, Config file '$cfg_file' could not be found or failed to be parsed.\n"); + continue; + } + $active = ""; if ( $ticks ) { exec("bash -c \"source /usr/local/etc/library.sh && is_active_app $ncp_app\"", $output, $retval); From 50640d9b9e8385cfec024e36a2a5da2213bd7583 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Mon, 23 Jan 2023 22:52:00 +0100 Subject: [PATCH 02/18] ncp-update-nc: Fix wrong base dir being used to check for interrupted installation on docker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp-update-nc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bin/ncp-update-nc b/bin/ncp-update-nc index c9f281a83..20a392550 100755 --- a/bin/ncp-update-nc +++ b/bin/ncp-update-nc @@ -31,8 +31,8 @@ source /usr/local/etc/library.sh cd "$BASEDIR" DATADIR="$( get_nc_config_value datadirectory )" ncc status &>/dev/null || { [[ "$DBG" == x ]] && ncc status; echo "Nextcloud is currently down"; exit 1; } -[[ -d /var/www/nextcloud-old ]] && { echo "Nextcloud backup directory found. Interrupted or already running installation?"; exit 1; } -[[ -d /var/www/nextcloud ]] || { echo "Nextcloud directory not found" ; exit 1; } +[[ -d "${BASEDIR}/nextcloud-old" ]] && { echo "Nextcloud backup directory found. Interrupted or already running installation?"; exit 1; } +[[ -d "${BASEDIR}/nextcloud" ]] || { echo "Nextcloud directory not found" ; exit 1; } [[ -d "$DATADIR" ]] || { echo "Nextcloud data directory not found" ; exit 1; } # check version From a13a88bdb78cd19f96fbe504b389e53730a06c78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Thu, 2 Feb 2023 11:42:32 +0100 Subject: [PATCH 03/18] run-parts.sh: Compare minimum to currently installed nc version on docker startup MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- build/docker/Dockerfile | 1 + build/docker/debian-ncp/run-parts.sh | 9 +++++++++ 2 files changed, 10 insertions(+) diff --git a/build/docker/Dockerfile b/build/docker/Dockerfile index a0e1b3766..421f9ae76 100644 --- a/build/docker/Dockerfile +++ b/build/docker/Dockerfile @@ -140,6 +140,7 @@ LABEL maintainer="Ignacio Núñez Hernanz " SHELL ["/bin/bash", "-c"] ENV DOCKERBUILD 1 +ENV MINIMUM_NC_VERSION=24 RUN mkdir -p /tmp/ncp-build COPY bin/ /tmp/ncp-build/bin/ diff --git a/build/docker/debian-ncp/run-parts.sh b/build/docker/debian-ncp/run-parts.sh index bbf8c2246..bc6d9ac19 100755 --- a/build/docker/debian-ncp/run-parts.sh +++ b/build/docker/debian-ncp/run-parts.sh @@ -18,6 +18,15 @@ then cp -raT /data-ro /data fi +CURRENT_NC_VERSION="$(sudo -u www-data php -r "include(\"/var/www/nextcloud/config/config.php\"); echo(\$CONFIG[\"version\"]);")" +CURRENT_NC_MAJ="${CURRENT_NC_VERSION%%.*}" +[[ "$CURRENT_NC_MAJ" -ge "$MINIMUM_NC_VERSION" ]] || { + echo "This image of NCP requires at least Nextcloud version ${MINIMUM_NC_VERSION} but you have ${CURRENT_NC_VERSION} installed. " \ + "Please upgrade your Nextcloud first (using the web UI), before upgrading to this NCP version." + exit 1 +} + + # wrapper to simulate update-rc.d cat > /usr/local/sbin/update-rc.d <<'EOF' #!/bin/bash From 6a71870278a2036627f8242499144162c39c40b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Thu, 2 Feb 2023 12:15:56 +0100 Subject: [PATCH 04/18] run-parts.sh: Read NC version from /data instead of /var/www MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- build/docker/debian-ncp/run-parts.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/build/docker/debian-ncp/run-parts.sh b/build/docker/debian-ncp/run-parts.sh index bc6d9ac19..2a0588906 100755 --- a/build/docker/debian-ncp/run-parts.sh +++ b/build/docker/debian-ncp/run-parts.sh @@ -18,11 +18,11 @@ then cp -raT /data-ro /data fi -CURRENT_NC_VERSION="$(sudo -u www-data php -r "include(\"/var/www/nextcloud/config/config.php\"); echo(\$CONFIG[\"version\"]);")" +CURRENT_NC_VERSION="$(sudo -u www-data php -r "include(\"/data/nextcloud/config/config.php\"); echo(\$CONFIG[\"version\"]);")" CURRENT_NC_MAJ="${CURRENT_NC_VERSION%%.*}" [[ "$CURRENT_NC_MAJ" -ge "$MINIMUM_NC_VERSION" ]] || { echo "This image of NCP requires at least Nextcloud version ${MINIMUM_NC_VERSION} but you have ${CURRENT_NC_VERSION} installed. " \ - "Please upgrade your Nextcloud first (using the web UI), before upgrading to this NCP version." + "Please upgrade your Nextcloud first (using the web UI on an older NCP image), before upgrading to this NCP version." exit 1 } From 324c0d39cbdba2b1ad188d94edc203ddce7d1a9d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Thu, 2 Feb 2023 15:32:26 +0100 Subject: [PATCH 05/18] nc-update-nextcloud.sh: Prevent PHP upgrade from the web UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/UPDATES/nc-update-nextcloud.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/bin/ncp/UPDATES/nc-update-nextcloud.sh b/bin/ncp/UPDATES/nc-update-nextcloud.sh index 0819db784..821bb5e08 100644 --- a/bin/ncp/UPDATES/nc-update-nextcloud.sh +++ b/bin/ncp/UPDATES/nc-update-nextcloud.sh @@ -13,6 +13,11 @@ LATEST="$NCLATESTVER" configure() { [[ "$VERSION" == "0" ]] && VERSION="$LATEST" + if ! is_docker && ! is_more_recent_than "24.0.0" "${VERSION}" && is_more_recent_than "8.1.0" "${PHPVER}.0" && [[ " ${BASH_SOURCE[*]} " =~ .*" /home/www/ncp-launcher.sh ".* ]] + then + echo "We need to upgrade PHP. This process cannot be performed from the web UI. Please use 'ncp-config' from the terminal (via SSH or direct access) to update Nextcloud instead. Future updates can again be run from the web UI" + exit 1 + fi bash /usr/local/bin/ncp-update-nc "$VERSION" } From 078210b52c342d00c94db2dbc366c8de6060f7ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Sun, 26 Mar 2023 16:15:04 +0200 Subject: [PATCH 06/18] Add support for arm64 lxd image (#1751) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * build-LXD.sh, build-lxd.yml, release.yml: Add support for lxd images for armhf/arm64 * release.yml: Remove armhf lxd as target platform * build-LXD.sh: Attempt to start container as root if user service couldn't be started * build-lxd.yml: Use architecture specific runner for unit tests * build-lxd.yml: Allow 'setup firefox' to fail (not required on self-hosted runner) * Allow 'fix lxd' step to fail * build-lxd.yml: Allow 'setup geckodriver' step to fail (not required on self-hosted runner) * build-lxd.yml: Delete lxd images on self-hosted runner before running tests --------- Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- .github/workflows/build-lxd.yml | 98 ++++++++++++++++++++++----------- .github/workflows/release.yml | 30 ++++++++-- build/build-LXD.sh | 30 ++++++++-- build/buildlib.sh | 2 + 4 files changed, 118 insertions(+), 42 deletions(-) diff --git a/.github/workflows/build-lxd.yml b/.github/workflows/build-lxd.yml index 5bcbeff57..2fa013930 100644 --- a/.github/workflows/build-lxd.yml +++ b/.github/workflows/build-lxd.yml @@ -5,6 +5,10 @@ on: git_ref: required: true type: string + arch: + required: false + type: string + default: 'x86' outputs: artifact_name: value: "${{ jobs.build-current.outputs.artifact_name }}" @@ -20,44 +24,46 @@ on: - release/* jobs: - build-current: + determine-runner: + env: + LXD_ARCH: "${{ inputs.arch || 'x86' }}" runs-on: ubuntu-20.04 + outputs: + runner_label: ${{ steps.script.outputs.runner_label }} + steps: + - name: script + id: script + run: | + if [[ "${LXD_ARCH}" == "arm64" ]] + then + RUNNER_LABEL=ubuntu-20.04-arm64 + else + RUNNER_LABEL=ubuntu-20.04 + fi + echo "runner_label=$RUNNER_LABEL" | tee -a $GITHUB_OUTPUT + + build-current: + needs: + - determine-runner + runs-on: + - ${{ needs.determine-runner.outputs.runner_label }} outputs: artifact_name: "${{ env.ARTIFACT_NAME }}" artifact_file: "${{ steps.pack-lxd.outputs.artifact_file }}" env: VERSION: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" - ARTIFACT_NAME: "${{ github.run_id }}-lxd-image" + ARTIFACT_NAME: "${{ github.run_id }}-lxd-${{ inputs.arch || 'x86' }}-image" + LXD_ARCH: "${{ inputs.arch || 'x86' }}" steps: - name: Checkout code uses: actions/checkout@v3 with: ref: "${{ env.VERSION }}" + - name: Cleanup lxd + run: test -z "$(lxc profile device show default | grep eth0)" || lxc profile device remove default eth0 - uses: whywaita/setup-lxd@v1 with: lxd_version: latest/stable - -# - name: Fix LXD -# run: | -# ip address -# ip route list -# lxc profile create network -# cat <> $GITHUB_OUTPUT - name: upload LXD image to artifact store @@ -77,14 +83,16 @@ jobs: build-previous: runs-on: ubuntu-20.04 + if: ${{ inputs.arch == 'x86' || inputs.arch == '' }} outputs: artifact_name: "${{ env.ARTIFACT_NAME }}" artifact_file: "${{ steps.pack-lxd.outputs.artifact_file }}" previous_version: "${{ steps.checkout_previous_version.outputs.previous_version }}" env: VERSION: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" - ARTIFACT_NAME: "${{ github.run_id }}-lxd-image-previous" + ARTIFACT_NAME: "${{ github.run_id }}-lxd-${{ inputs.arch || 'x86' }}-image-previous" LXD_EXTRA_PROFILE: network + LXD_ARCH: "${{ inputs.arch || 'x86' }}" steps: - name: Checkout code uses: actions/checkout@v3 @@ -132,6 +140,17 @@ jobs: nictype: bridged type: nic EOF + + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Enable qemu SUID + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes --credential yes + - name: Download qemu binaries + run: | + wget -nv https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-aarch64-static -O qemu-aarch64-static + wget -nv https://github.com/multiarch/qemu-user-static/releases/latest/download/qemu-arm-static -O qemu-arm-static + chmod +x qemu-{arm,aarch64}-static + - name: Build LXD image run: | ./build/build-LXD.sh @@ -139,7 +158,7 @@ jobs: id: pack-lxd run: | . ./build/buildlib.sh - ARTIFACT_FILE="NextCloudPi_LXD_${VERSION//\//_}" + ARTIFACT_FILE="NextCloudPi_LXD_${LXD_ARCH:-x86}_${VERSION//\//_}" lxc image export -q ncp/"${version}" "output/${ARTIFACT_FILE}" echo "artifact_file=${ARTIFACT_FILE}.tar.gz" >> $GITHUB_OUTPUT - name: upload LXD image to artifact store @@ -158,7 +177,7 @@ jobs: artifact_file: "${{ steps.pack-lxd.outputs.artifact_file }}" env: VERSION: "${{ inputs.git_ref || github.ref }}" - ARTIFACT_NAME: "${{ github.run_id }}-lxd-image-updated" + ARTIFACT_NAME: "${{ needs.build-previous.outputs.artifact_name }}" steps: - uses: whywaita/setup-lxd@v1 with: @@ -227,7 +246,7 @@ jobs: run: | set -x . ./build/buildlib.sh - ARTIFACT_FILE="NextCloudPi_LXD_${VERSION//\//_}" + ARTIFACT_FILE="NextCloudPi_LXD_${LXD_ARCH:-x86}_${VERSION//\//_}" lxc publish -q ncp -f --alias "ncp/updated" mkdir -p output lxc image export -q "ncp/updated" "output/${ARTIFACT_FILE}" @@ -241,8 +260,9 @@ jobs: test-fresh-install: needs: + - determine-runner - build-current - runs-on: ubuntu-20.04 + runs-on: ${{ needs.determine-runner.outputs.runner_label }} env: VERSION: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" ARTIFACT_NAME: ${{ needs.build-current.outputs.artifact_name }} @@ -252,10 +272,13 @@ jobs: uses: actions/checkout@v3 with: ref: "${{ env.VERSION }}" + - name: Cleanup lxd + run: test -z "$(lxc profile device show default | grep eth0)" || lxc profile device remove default eth0 - uses: whywaita/setup-lxd@v1 with: lxd_version: latest/stable - name: Fix LXD + continue-on-error: true run: | lxc profile create network cat </dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' sleep 30 ip="$(lxc list -c n4 -f csv | grep '^ncp' | cut -d ',' -f2)" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b77e52bb2..5783a6d74 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -40,11 +40,19 @@ permissions: contents: write jobs: - lxd: + lxd-x86: if: ${{ inputs.lxd || github.event_name != 'workflow_dispatch' }} uses: ./.github/workflows/build-lxd.yml with: git_ref: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" + arch: 'x86' + secrets: inherit + lxd-arm64: + if: ${{ inputs.lxd || github.event_name != 'workflow_dispatch' }} + uses: ./.github/workflows/build-lxd.yml + with: + git_ref: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" + arch: 'arm64' secrets: inherit docker-x86: @@ -148,18 +156,28 @@ jobs: board_name: OdroidC2 secrets: inherit - lxd-release: + lxd-x86-release: needs: - github-release - - lxd + - lxd-x86 if: ${{ inputs.lxd || github.event_name != 'workflow_dispatch' }} uses: ./.github/workflows/publish-image.yml with: git_ref: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" - artifact_id: "${{ needs.lxd.outputs.artifact_name }}" - artifact_file: "${{ needs.lxd.outputs.artifact_file }}" + artifact_id: "${{ needs.lxd-x86.outputs.artifact_name }}" + artifact_file: "${{ needs.lxd-x86.outputs.artifact_file }}" + dry_run: ${{ (!inputs.release && github.event_name == 'workflow_dispatch') || github.ref_type != 'tag' || !(github.ref_protected || startsWith(github.ref, 'refs/tags/v')) }} + lxd-arm64-release: + needs: + - github-release + - lxd-arm64 + if: ${{ inputs.lxd || github.event_name != 'workflow_dispatch' }} + uses: ./.github/workflows/publish-image.yml + with: + git_ref: "${{ inputs.git_ref || github.head_ref || github.ref_name }}" + artifact_id: "${{ needs.lxd-arm64.outputs.artifact_name }}" + artifact_file: "${{ needs.lxd-arm64.outputs.artifact_file }}" dry_run: ${{ (!inputs.release && github.event_name == 'workflow_dispatch') || github.ref_type != 'tag' || !(github.ref_protected || startsWith(github.ref, 'refs/tags/v')) }} - secrets: inherit raspberrypi-release: needs: diff --git a/build/build-LXD.sh b/build/build-LXD.sh index e34402e10..2487e7f08 100755 --- a/build/build-LXD.sh +++ b/build/build-LXD.sh @@ -32,10 +32,32 @@ prepare_dirs # tmp cache output ## BUILD NCP lxc delete -f ncp 2>/dev/null || true -LXC_LAUNCH=(lxc launch -p default) -[[ -n "$LXD_EXTRA_PROFILE" ]] && LXC_LAUNCH+=(-p "$LXD_EXTRA_PROFILE") -LXC_LAUNCH+=(-q 'images:debian/bullseye' ncp) -systemd-run --user --scope -p "Delegate=yes" "${LXC_LAUNCH[@]}" +LXC_CREATE=(lxc init -p default) +[[ -n "$LXD_EXTRA_PROFILE" ]] && LXC_CREATE+=(-p "$LXD_EXTRA_PROFILE") +if [[ -n "$LXD_ARCH" ]] && [[ "$LXD_ARCH" != "x86" ]] +then + echo "Building for architecture: $LXD_ARCH" + LXC_CREATE+=("images:debian/bullseye/$LXD_ARCH") +else + LXC_CREATE+=('images:debian/bullseye') +fi +LXC_CREATE+=(ncp) +"${LXC_CREATE[@]}" + +#if [[ -n "$LXD_ARCH" ]] && [[ "$LXD_ARCH" != "x86" ]] +#then +# if [[ -f "qemu-aarch64-static" ]] +# then +# lxc file push qemu-aarch64-static ncp/usr/bin/ +# lxc file push qemu-arm-static ncp/usr/bin/ +# else +# lxc file push /usr/bin/qemu-aarch64-static ncp/usr/bin +# lxc file push /usr/bin/qemu-arm-static ncp/usr/bin +# fi +#fi + +systemd-run --user --scope -p "Delegate=yes" lxc start ncp -q || \ +sudo systemd-run --scope -p "Delegate=yes" lxc start ncp -q lxc config device add ncp buildcode disk source="$(pwd)" path=/build lxc exec ncp -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done' lxc exec ncp -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh' diff --git a/build/buildlib.sh b/build/buildlib.sh index 71aeb5762..6303c10e2 100644 --- a/build/buildlib.sh +++ b/build/buildlib.sh @@ -176,8 +176,10 @@ function prepare_chroot_raspbian() if [[ -f "qemu-aarch64-static" ]] then sudo cp qemu-aarch64-static raspbian_root/usr/bin/ + sudo cp qemu-arm-static raspbian_root/usr/bin/ else sudo cp /usr/bin/qemu-aarch64-static raspbian_root/usr/bin + sudo cp /usr/bin/qemu-arm-static raspbian_root/usr/bin fi # Prevent services from auto-starting From 4824cad24e54e447e6f1d0966c191e351322fc73 Mon Sep 17 00:00:00 2001 From: "Victor-ray, S" <12261439+ZendaiOwl@users.noreply.github.com> Date: Sun, 22 Jan 2023 21:26:26 +0100 Subject: [PATCH 07/18] =?UTF-8?q?=E0=BF=93=E2=9D=AF=20SSH.sh:=20Rewrote=20?= =?UTF-8?q?SSH=20activation=20so=20it=20allows=20for=20user=20creation=20a?= =?UTF-8?q?nd=20disallows=20the=20webadmin=20to=20be=20used?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Victor-ray, S <12261439+ZendaiOwl@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/NETWORKING/SSH.sh | 65 ++++++++++++--------------------------- 1 file changed, 20 insertions(+), 45 deletions(-) diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh index 5d3bbc352..472c23b62 100644 --- a/bin/ncp/NETWORKING/SSH.sh +++ b/bin/ncp/NETWORKING/SSH.sh @@ -17,7 +17,7 @@ is_active() configure() { - [[ $ACTIVE != "yes" ]] && { + [[ "$ACTIVE" != "yes" ]] && { systemctl stop ssh systemctl disable ssh echo "SSH disabled" @@ -25,63 +25,38 @@ configure() } # Check for bad ideas - [[ "$USER" == "pi" ]] && [[ "$PASS" == "raspberry" ]] && { + [[ "${USER,,}" == "pi" ]] && [[ "${PASS,,}" == "raspberry" ]] && { echo "Refusing to use the default Raspbian user and password. It's insecure" return 1 } - [[ "$USER" == "root" ]] && { + [[ "${USER,,}" == "root" ]] && { echo "Refusing to use the root user for SSH. It's insecure" return 1 } + # Disallow the webadmin to be used for SSH + [[ "${USER,,}" == "ncp" ]] && { + echo "The webadmin is not allowed to be used, pick another username" + return 1 + } - # Change credentials - id "$USER" &>/dev/null || { echo "$USER doesn't exist"; return 1; } - echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 - - # Reenable pi user - chsh -s /bin/bash "$USER" + # Change or create credentials + if id "$USER" &>/dev/null + then + echo "$USER exists, setting password" + echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 + else + echo "Creating $USER & setting password" + # The ,, ensures the users home directory is in lowercase letters + useradd --create-home --home-dir /home/"${USER,,}" --shell /bin/bash "$USER" || return 1 + echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 + fi + [[ "$SUDO" == "yes" ]] && { usermod -aG sudo "$USER" echo "Enabled sudo for $USER" } - # Check for insecure default pi password ( taken from old jessie method ) - # TODO Due to Debian bug #1003151 with mkpasswd this feature is not working properly at the moment - https://www.mail-archive.com/debian-bugs-dist@lists.debian.org/msg1837456.html - #local SHADOW SALT HASH - #SHADOW="$( grep -E '^pi:' /etc/shadow )" - #test -n "${SHADOW}" && { - #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}") - - #[[ "${SALT}" != "" ]] && { - #HASH=$(mkpasswd -myescrypt raspberry "${SALT}") - #grep -q "${HASH}" <<< "${SHADOW}" && { - #systemctl stop ssh - #systemctl disable ssh - #echo "The user pi is using the default password. Refusing to activate SSH" - #echo "SSH disabled" - #return 1 - #} - #} - #} - - # Check for insecure default root password ( taken from old jessie method ) - #SHADOW="$( grep -E '^root:' /etc/shadow )" - #test -n "${SHADOW}" && { - #SALT=$(awk -F[:$] '{print $5}' <<<"${SHADOW}") - - #[[ "${SALT}" != "" ]] && { - #HASH=$(mkpasswd -myescrypt 1234 "${SALT}") - #grep -q "${HASH}" <<< "${SHADOW}" && { - #systemctl stop ssh - #systemctl disable ssh - #echo "The user root is using the default password. Refusing to activate SSH" - #echo "SSH disabled" - #return 1 - #} - #} - #} - # Enable chage -d 0 "$USER" systemctl enable ssh From 9030882d28ad708791a6627dbb2fb98bdd57f839 Mon Sep 17 00:00:00 2001 From: "Victor-ray, S" <12261439+ZendaiOwl@users.noreply.github.com> Date: Mon, 23 Jan 2023 17:05:54 +0100 Subject: [PATCH 08/18] =?UTF-8?q?=E0=BF=93=E2=9D=AF=20SSH.sh:=20Added=20us?= =?UTF-8?q?er=20creation=20functionality?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Victor-ray, S <12261439+ZendaiOwl@users.noreply.github.com> ࿓❯ SSH.sh: Added a '-' for the '--append' Signed-off-by: Victor-ray, S <12261439+ZendaiOwl@users.noreply.github.com> ࿓❯ SSH.sh: Removed chage -d 0 "USER" as it forces an immediate password change after login and signs the user out afterwards Signed-off-by: Victor-ray, S <12261439+ZendaiOwl@users.noreply.github.com> Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/NETWORKING/SSH.sh | 35 ++++++++++++++++++++++++++++++----- 1 file changed, 30 insertions(+), 5 deletions(-) diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh index 472c23b62..82ce0d38b 100644 --- a/bin/ncp/NETWORKING/SSH.sh +++ b/bin/ncp/NETWORKING/SSH.sh @@ -39,26 +39,51 @@ configure() return 1 } + # --force: exit successfully if the group already exists + groupadd --force ncp-ssh + # Change or create credentials if id "$USER" &>/dev/null then - echo "$USER exists, setting password" + usermod --append --groups ncp-ssh "$USER" + echo "$USER exists, changing password" echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 + # Unlocks the user if previously locked + # This one needs to be after passwd becuase it will fail + # if the user didn't have a password set when the account was locked + usermod --unlock --expiredate -1 "$USER" else echo "Creating $USER & setting password" - # The ,, ensures the users home directory is in lowercase letters - useradd --create-home --home-dir /home/"${USER,,}" --shell /bin/bash "$USER" || return 1 + useradd --create-home --home-dir /home/"$USER" --shell /bin/bash --groups ncp-ssh "$USER" || return 1 echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 fi + # Get the current users of the group to an array + mapfile -d ',' -t GROUP_USERS < <(awk -F':' '/ncp-ssh/{printf $4}' /etc/group) + + if [[ "${#GROUP_USERS[@]}" -gt 0 ]] + then + # Loop through each user in the group + for U in "${GROUP_USERS[@]}" + do + # Test if extra users exists in the group + if [[ "$U" != "$USER" ]] + then + # Locks any extra accounts + usermod --lock --expiredate 1 "$U" + fi + done + fi + # Unsets the group array variable (cleanup) + unset GROUP_USERS + [[ "$SUDO" == "yes" ]] && { - usermod -aG sudo "$USER" + usermod --append --groups sudo "$USER" echo "Enabled sudo for $USER" } # Enable - chage -d 0 "$USER" systemctl enable ssh systemctl start ssh echo "SSH enabled" From 378df3bd5c2144c6042778fcd85a5e133496cbb1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Tue, 28 Mar 2023 11:12:04 +0200 Subject: [PATCH 09/18] build-SD-armbian.sh: Use armbian v23.02 as base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- build/build-SD-armbian.sh | 2 +- build/buildlib.sh | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/build/build-SD-armbian.sh b/build/build-SD-armbian.sh index f77695a4a..343606334 100755 --- a/build/build-SD-armbian.sh +++ b/build/build-SD-armbian.sh @@ -31,7 +31,7 @@ prepare_dirs # tmp cache output # get latest armbian [[ -d armbian ]] || git clone https://github.com/armbian/build armbian -( cd armbian && git pull --ff-only --tags ) +( cd armbian && git pull --ff-only --tags && git checkout v23.02 ) # add NCP modifications mkdir -p armbian/userpatches armbian/userpatches/overlay diff --git a/build/buildlib.sh b/build/buildlib.sh index 6303c10e2..5870ab8f5 100644 --- a/build/buildlib.sh +++ b/build/buildlib.sh @@ -176,10 +176,10 @@ function prepare_chroot_raspbian() if [[ -f "qemu-aarch64-static" ]] then sudo cp qemu-aarch64-static raspbian_root/usr/bin/ - sudo cp qemu-arm-static raspbian_root/usr/bin/ + #sudo cp qemu-arm-static raspbian_root/usr/bin/ else sudo cp /usr/bin/qemu-aarch64-static raspbian_root/usr/bin - sudo cp /usr/bin/qemu-arm-static raspbian_root/usr/bin + #sudo cp /usr/bin/qemu-arm-static raspbian_root/usr/bin fi # Prevent services from auto-starting From f10c48d1c088faff49bfc8a03566da436528bd22 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Tue, 28 Mar 2023 15:39:16 +0200 Subject: [PATCH 10/18] nc-init.sh: Fix ncp theming MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/CONFIG/nc-init.sh | 13 +++++++------ updates/1.52.0.sh | 13 +++++++++++++ 2 files changed, 20 insertions(+), 6 deletions(-) create mode 100644 updates/1.52.0.sh diff --git a/bin/ncp/CONFIG/nc-init.sh b/bin/ncp/CONFIG/nc-init.sh index 99f319a02..d07be2661 100644 --- a/bin/ncp/CONFIG/nc-init.sh +++ b/bin/ncp/CONFIG/nc-init.sh @@ -114,15 +114,16 @@ EOF ncc config:system:set mail_from_address --value="admin" ncc config:system:set mail_domain --value="ownyourbits.com" - # NCP theme + # Fix NCP theme [[ -e /usr/local/etc/logo ]] && { local ID=$( grep instanceid config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" ) [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; } - mkdir -p data/appdata_${ID}/theming/images - cp /usr/local/etc/background data/appdata_${ID}/theming/images - cp /usr/local/etc/logo data/appdata_${ID}/theming/images/logo - cp /usr/local/etc/logo data/appdata_${ID}/theming/images/logoheader - chown -R www-data:www-data data/appdata_${ID} + local theming_base_path="data/appdata_${ID}/theming/global/images" + mkdir -p "${theming_base_path}" + cp /usr/local/etc/background "${theming_base_path}/" + cp /usr/local/etc/logo "${theming_base_path}/logo" + cp /usr/local/etc/logo "${theming_base_path}/logoheader" + chown -R www-data:www-data "data/appdata_${ID}" } mysql nextcloud < " '{ print $2 }' | sed "s|[,']||g" ) + [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; } + theming_base_path="data/appdata_${ID}/theming/global/images" + mkdir -p "${theming_base_path}" + [ -f "${theming_base_path}/background" ] || cp /usr/local/etc/background "${theming_base_path}/background" + [ -f "${theming_base_path}/logo" ] || cp /usr/local/etc/logo "${theming_base_path}/logo" + [ -f "${theming_base_path}/logoheader" ] || cp /usr/local/etc/logo "${theming_base_path}/logoheader" + chown -R www-data:www-data "data/appdata_${ID}" +} From 87ded5925a2d1e0e33d69f3b28d740d9173859c6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 29 Mar 2023 22:49:57 +0200 Subject: [PATCH 11/18] nc-nextcloud.cfg, ncp.cfg: Push NC to v25.0.5 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- etc/ncp-config.d/nc-nextcloud.cfg | 2 +- etc/ncp.cfg | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/ncp-config.d/nc-nextcloud.cfg b/etc/ncp-config.d/nc-nextcloud.cfg index 43ff481dc..15d301fe6 100644 --- a/etc/ncp-config.d/nc-nextcloud.cfg +++ b/etc/ncp-config.d/nc-nextcloud.cfg @@ -9,7 +9,7 @@ { "id": "VER", "name": "Version", - "value": "25.0.3" + "value": "25.0.5" }, { "id": "MAXFILESIZE", diff --git a/etc/ncp.cfg b/etc/ncp.cfg index 95241ac6f..93a6b0406 100644 --- a/etc/ncp.cfg +++ b/etc/ncp.cfg @@ -1,5 +1,5 @@ { - "nextcloud_version": "25.0.3", + "nextcloud_version": "25.0.5", "php_version": "8.1", "release": "bullseye" } From eabb975a5aed0b286523c1ea34966253b3d08e85 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 5 Apr 2023 15:33:51 +0200 Subject: [PATCH 12/18] ncp-update-nc: Restart notify_push after successful nc update on docker MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp-update-nc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/bin/ncp-update-nc b/bin/ncp-update-nc index 20a392550..f27a25eb5 100755 --- a/bin/ncp-update-nc +++ b/bin/ncp-update-nc @@ -297,6 +297,12 @@ fi # refresh completions ncc _completion -g --shell-type bash -p ncc | sed 's|/var/www/nextcloud/occ|ncc|g' > /usr/share/bash-completion/completions/ncp +is_docker && { + killall notify_push + sleep 1 + start_notify_push +} + echo "Update completed successfully." # done #################### From 3a5fceebd08526c1769f2dbdb88ad134a5549ce0 Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+theCalcaholic@users.noreply.github.com> Date: Fri, 31 Mar 2023 10:31:14 +0200 Subject: [PATCH 13/18] changelog.md: Document changes from v1.51.1 Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- changelog.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/changelog.md b/changelog.md index 72d48f489..fc60c0a85 100644 --- a/changelog.md +++ b/changelog.md @@ -1,3 +1,15 @@ +## [v1.51.1](https://github.com/nextcloud/nextcloudpi/tree) (2023-03-??) Support for Nextcloud 25.0.4 and SSH/updater fixes + +### Changes + +- Add support for Nextcloud 25.0.4 +- Allow arbitrary users to be created during SSH activation from the web UI + +### Fixes + +- Prevent PHP upgrades from the web UI +- Prevent docker container startup if the installed Nextcloud version is not compatible + ## [v1.51.0](https://github.com/nextcloud/nextcloudpi/tree/v1.51.0) (2023-01-22) Update to Nextcloud 25.0.3 and new PortCheck Service ### Changes From b01da03fe485ec01ea626e769e6d786aff3ed319 Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 5 Apr 2023 15:30:55 +0200 Subject: [PATCH 14/18] changelog.md: Correct supported NC version in v1.51.1 --- changelog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/changelog.md b/changelog.md index fc60c0a85..3110509c7 100644 --- a/changelog.md +++ b/changelog.md @@ -1,8 +1,8 @@ -## [v1.51.1](https://github.com/nextcloud/nextcloudpi/tree) (2023-03-??) Support for Nextcloud 25.0.4 and SSH/updater fixes +## [v1.51.1](https://github.com/nextcloud/nextcloudpi/tree) (2023-03-??) Support for Nextcloud 25.0.5 and SSH/updater fixes ### Changes -- Add support for Nextcloud 25.0.4 +- Add support for Nextcloud 25.0.5 - Allow arbitrary users to be created during SSH activation from the web UI ### Fixes From 39549d2e6efb8bab1e21420c2ce27413f7863d7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 5 Apr 2023 20:34:18 +0200 Subject: [PATCH 15/18] Fix update script with wrong version MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- updates/{1.52.0.sh => 1.51.1.sh} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename updates/{1.52.0.sh => 1.51.1.sh} (100%) diff --git a/updates/1.52.0.sh b/updates/1.51.1.sh similarity index 100% rename from updates/1.52.0.sh rename to updates/1.51.1.sh From fd60a22b17bb7444079c0d592b7a0d6cdb6ea0d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 5 Apr 2023 20:39:47 +0200 Subject: [PATCH 16/18] 1.51.1.sh: Fix retrieval of theming app instance ID MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- updates/1.51.1.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/updates/1.51.1.sh b/updates/1.51.1.sh index c5307360a..cfb229504 100644 --- a/updates/1.51.1.sh +++ b/updates/1.51.1.sh @@ -2,8 +2,8 @@ # Fix NCP theme [[ -e /usr/local/etc/logo ]] && { - ID=$( grep instanceid config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" ) - [[ "$ID" == "" ]] && { echo "failed to get ID"; return 1; } + ID=$( grep instanceid /var/www/nextcloud/config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" ) + [[ "$ID" == "" ]] && { echo "failed to get ID"; exit 1; } theming_base_path="data/appdata_${ID}/theming/global/images" mkdir -p "${theming_base_path}" [ -f "${theming_base_path}/background" ] || cp /usr/local/etc/background "${theming_base_path}/background" From 18058ed366e0385b5f1e60b769717c445138b2af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Kn=C3=B6ppler?= <6317548+theCalcaholic@users.noreply.github.com> Date: Wed, 5 Apr 2023 21:45:07 +0200 Subject: [PATCH 17/18] SSH.sh: Improve output when disabling ssh users MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com> --- bin/ncp/NETWORKING/SSH.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/bin/ncp/NETWORKING/SSH.sh b/bin/ncp/NETWORKING/SSH.sh index 82ce0d38b..710d628cc 100644 --- a/bin/ncp/NETWORKING/SSH.sh +++ b/bin/ncp/NETWORKING/SSH.sh @@ -41,7 +41,7 @@ configure() # --force: exit successfully if the group already exists groupadd --force ncp-ssh - + # Change or create credentials if id "$USER" &>/dev/null then @@ -57,10 +57,10 @@ configure() useradd --create-home --home-dir /home/"$USER" --shell /bin/bash --groups ncp-ssh "$USER" || return 1 echo -e "$PASS\n$CONFIRM" | passwd "$USER" || return 1 fi - + # Get the current users of the group to an array mapfile -d ',' -t GROUP_USERS < <(awk -F':' '/ncp-ssh/{printf $4}' /etc/group) - + if [[ "${#GROUP_USERS[@]}" -gt 0 ]] then # Loop through each user in the group @@ -69,6 +69,7 @@ configure() # Test if extra users exists in the group if [[ "$U" != "$USER" ]] then + echo "Disabling user '$U'..." # Locks any extra accounts usermod --lock --expiredate 1 "$U" fi @@ -77,7 +78,7 @@ configure() # Unsets the group array variable (cleanup) unset GROUP_USERS - + [[ "$SUDO" == "yes" ]] && { usermod --append --groups sudo "$USER" echo "Enabled sudo for $USER" From 81d4d68df7a231b14a595c935ea301cebb69ddf5 Mon Sep 17 00:00:00 2001 From: Tobias K <6317548+thecalcaholic@users.noreply.github.com> Date: Sat, 8 Apr 2023 14:10:19 +0200 Subject: [PATCH 18/18] 1.51.1.sh: Fix invalid data directory path Signed-off-by: Tobias K <6317548+theCalcaholic@users.noreply.github.com> --- updates/1.51.1.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/updates/1.51.1.sh b/updates/1.51.1.sh index cfb229504..1adcb3745 100644 --- a/updates/1.51.1.sh +++ b/updates/1.51.1.sh @@ -1,13 +1,17 @@ #!/usr/bin/env bash +source /usr/local/etc/library.sh + # Fix NCP theme [[ -e /usr/local/etc/logo ]] && { + echo "Fixing NCP logo if missing..." ID=$( grep instanceid /var/www/nextcloud/config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g" ) [[ "$ID" == "" ]] && { echo "failed to get ID"; exit 1; } - theming_base_path="data/appdata_${ID}/theming/global/images" + theming_base_path="$( get_nc_config_value datadirectory )/appdata_${ID}/theming/global/images" mkdir -p "${theming_base_path}" [ -f "${theming_base_path}/background" ] || cp /usr/local/etc/background "${theming_base_path}/background" [ -f "${theming_base_path}/logo" ] || cp /usr/local/etc/logo "${theming_base_path}/logo" [ -f "${theming_base_path}/logoheader" ] || cp /usr/local/etc/logo "${theming_base_path}/logoheader" chown -R www-data:www-data "data/appdata_${ID}" + echo "Done." }