diff options
Diffstat (limited to 'extra')
-rw-r--r-- | extra/Makefile | 128 | ||||
-rw-r--r-- | extra/outbound.conf.apache | 11 | ||||
-rw-r--r-- | extra/outbound.conf.nginx | 13 | ||||
-rwxr-xr-x | extra/outbound.init | 174 | ||||
-rw-r--r-- | extra/outbound.service | 21 | ||||
-rw-r--r-- | extra/outbound.spec | 150 | ||||
-rw-r--r-- | extra/outbound.sysusers | 3 | ||||
-rw-r--r-- | extra/pip-helper.sh | 37 |
8 files changed, 537 insertions, 0 deletions
diff --git a/extra/Makefile b/extra/Makefile new file mode 100644 index 0000000..dd01eed --- /dev/null +++ b/extra/Makefile @@ -0,0 +1,128 @@ +# File: Makefile for outbound +# Location: outbound source package +# Author: bgstack15 +# Startdate: 2022-11-29 +# Title: Makefile for outbound source package +# Purpose: To use traditional Unix make utility +# History: +# Usage: +# Reference: +# fifconfig Makefile +# Improve: +# add man page? +# Document: +# Dependencies: +# build-devuan: + +APPNAME = outbound +APPVERSION = 0.0.1 +SRCDIR = $(CURDIR)/..# because Makefile is in extra/ inside this repo +prefix = /usr +SYSCONFDIR = $(DESTDIR)/etc +DEFAULTDIR = $(DESTDIR)/etc/sysconfig# for debian use '$(DESTDIR)/etc/default' +LIBEXECDIR = $(DESTDIR)$(prefix)/libexec +SHAREDIR = $(DESTDIR)$(prefix)/share +DOCDIR = $(SHAREDIR)/doc/$(APPNAME) +APPVARDIR = $(DESTDIR)/var/$(APPNAME) +MANDIR = $(SHAREDIR)/man +SYSVDIR = $(SYSCONFDIR)/init.d +SYSDDIR = $(DESTDIR)$(prefix)/lib/systemd/system +LOGDIR = $(DESTDIR)/var/log/outbound +APACHEDIR = $(SYSCONFDIR)/httpd/conf.d# for debian use '$(SYSCONFDIR)/apache2/sites-available' +NGINXDIR = $(SYSCONFDIR)/nginx/default.d +CRONDIR = $(SYSCONFDIR)/cron.d +SBINDIR = $(DESTDIR)$(prefix)/sbin + +# variables for deplist +DEPTYPE = dep +SEPARATOR = , + +awkbin :=$(shell which awk) +chmodbin :=$(shell which chmod) +cpbin :=$(shell which cp) +echobin :=$(shell which echo) +falsebin :=$(shell which false) +findbin :=$(shell which find) +grepbin :=$(shell which grep) +gzipbin :=$(shell which gzip) +installbin :=$(shell which install) +rmbin :=$(shell which rm) +rmdirbin :=$(shell which rmdir) +sedbin :=$(shell which sed) +sortbin :=$(shell which sort) +truebin :=$(shell which true) +uniqbin :=$(shell which uniq) +xargsbin :=$(shell which xargs) + +with_apache ?= NO +with_nginx ?= YES +with_init ?= YES +with_systemd ?= NO +with_pip_helper ?= NO + +all: + -@echo "Nothing to build." && ${truebin} + +install: install_files + +.PHONY: clean install install_files uninstall list deplist deplist_opts + +list: + @$(MAKE) -pRrq -f $(lastword $(MAKEFILE_LIST)) : 2>/dev/null | ${awkbin} -v RS= -F: '/^# File/,/^# Finished Make data base/ {if ($$1 !~ "^[#.]") {print $$1}}' | ${sortbin} | ${grepbin} -E -v -e '^[^[:alnum:]]' -e '^$@$$' + +deplist: + @# deplist 2020-04-18 input must be comma separated + @# DEPTYPE( dep , rec , sug ) for depends, recommends, or suggests + @if test -z "${DISTRO}" ; then ${echobin} "Please run \`make deplist\` with DISTRO= one of: `make deplist_opts 2>&1 1>/dev/null | ${xargsbin}`. Aborted." 1>&2 ; exit 1 ; fi + @if ! ${echobin} "${DEPTYPE}" | grep -qE "^(dep|rec|sug)$$" ; then ${echobin} "Please run \`make deplist\` with DEPTYPE= one of: dep, rec, sug. Undefined will use \`dep\`. Aborted." 1>&2 ; exit 1; fi + @${grepbin} -h --exclude-dir='doc' -riIE "\<${DEPTYPE}-" ${SRCDIR} | ${awkbin} -v "domain=${DISTRO}" -v "deptype=${DEPTYPE}" 'tolower($$2) ~ deptype"-"domain {$$1="";$$2="";print}' | tr ',' '\n' | ${sortbin} | ${uniqbin} | ${sedbin} -r -e 's/^\s*//' -e "s/\s*\$$/${SEPARATOR}/" | ${xargsbin} + +deplist_opts: + @# deplist_opts 2020-04-18 find all available dependency domains + @${grepbin} -h -o -riIE '\<(dep|rec|sug)-[^\ :]+:' ${SRCDIR} | ${sedbin} -r -e 's/(dep|rec|sug)-//;' -e 's/:$$//;' | ${sortbin} | ${uniqbin} 1>&2 + +install_files: + ${installbin} -m0755 -d ${LOGDIR} ${APPVARDIR} \ + ${DOCDIR} ${SBINDIR} ${SYSCONFDIR} ${LIBEXECDIR}/${APPNAME} + ${installbin} -m0755 -t ${SBINDIR} ${SRCDIR}/${APPNAME}.bin + ${installbin} -m0644 -t ${LIBEXECDIR}/${APPNAME} ${SRCDIR}/${APPNAME}.py + ${installbin} -m0644 ${SRCDIR}/${APPNAME}.conf.example ${SYSCONFDIR}/${APPNAME}.conf + ${installbin} -m0644 ${SRCDIR}/${APPNAME}.wsgi.ini.example ${SYSCONFDIR}/${APPNAME}.wsgi.ini + ${installbin} -m0644 -t ${DOCDIR} ${SRCDIR}/*.md +ifeq ($(with_apache),YES) + ${installbin} -m0755 -d ${APACHEDIR} + ${installbin} -m0644 ${SRCDIR}/extra/${APPNAME}.conf.apache ${APACHEDIR}/${APPNAME}.conf +endif +ifeq ($(with_nginx),YES) + ${installbin} -m0755 -d ${NGINXDIR} + ${installbin} -m0644 ${SRCDIR}/extra/${APPNAME}.conf.nginx ${NGINXDIR}/${APPNAME}.conf +endif +ifeq ($(with_init),YES) + ${installbin} -m0755 -d ${SYSVDIR} + ${installbin} -m0755 ${SRCDIR}/extra/${APPNAME}.init ${SYSVDIR}/${APPNAME} +endif +ifeq ($(with_systemd),YES) + ${installbin} -m0755 -d ${SYSDDIR} + ${installbin} -m0644 ${SRCDIR}/extra/outbound.service -t ${SYSDDIR} +endif +ifeq ($(with_pip_helper),YES) + ${installbin} -m0755 -t ${LIBEXECDIR}/${APPNAME}/ ${SRCDIR}/extra/pip-helper.sh +endif + +uninstall: + @${echobin} SRCDIR=${SRCDIR} + ${rmbin} -f \ + ${DOCDIR}/* \ + ${LIBEXECDIR}/${APPNAME}/* \ + ${SBINDIR}/${APPNAME}.bin \ + 1>/dev/null 2>&1 || : + ${rmbin} -f ${APACHEDIR}/${APPNAME}.conf || : + ${rmbin} -f ${SYSVDIR}/${APPNAME} || : + + # remove all installed directories that are now blank. + ${rmdirbin} ${APPVARDIR} \ + ${SYSVDIR} ${APACHEDIR} ${DOCDIR} \ + ${LIBEXECDIR}/${APPNAME} ${LOGDIR} 2>/dev/null || : + +clean: + -@${echobin} "target $@ not implemented yet! Gotta say unh." && ${falsebin} diff --git a/extra/outbound.conf.apache b/extra/outbound.conf.apache new file mode 100644 index 0000000..7e95a5a --- /dev/null +++ b/extra/outbound.conf.apache @@ -0,0 +1,11 @@ +# Apache example config for outbound application +# Needs setsebool -P http_can_network_connect 1 +# vim:set syntax=apache ts=3 sw=3 sts=3 sr et: +ProxyPass /outbound http://localhost:4682/ +ProxyPassReverse /outbound http://localhost:4682/ +<Location /outbound> + # a2enmod headers. These are extra ones that are not provided by Apache natively. + RequestHeader set X-Forwarded-Proto "https" + # This header is not required to be set manually. The ProxyPass orand Location directive already provide it! + #RequestHeader append X-Forwarded-Prefix "/outbound" +</Location> diff --git a/extra/outbound.conf.nginx b/extra/outbound.conf.nginx new file mode 100644 index 0000000..1d4fd49 --- /dev/null +++ b/extra/outbound.conf.nginx @@ -0,0 +1,13 @@ +# Nginx example config for outbound application +# Needs setsebool -P http_can_network_connect 1 +location /outbound/ { + #proxy_redirect off; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Script-Name /outbound; + proxy_set_header X-Forwarded-Host $host; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Prefix "/outbound"; + proxy_pass http://localhost:4682/; +} + diff --git a/extra/outbound.init b/extra/outbound.init new file mode 100755 index 0000000..dbdc20a --- /dev/null +++ b/extra/outbound.init @@ -0,0 +1,174 @@ +#!/bin/sh +### BEGIN INIT INFO +# Provides: outbound +# Required-Start: $local_fs $network $remote_fs $syslog +# Required-Stop: $local_fs $network $remote_fs $syslog +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: File Upoad and Storage Service +# Description: Python3 Flask application that presents a basic file hosting service +### END INIT INFO + +# Author: B. Stack <bgstack15@gmail.com> + +# Do NOT "set -e" + +# PATH should only include /usr/* if it runs after the mountnfs.sh script +DAEMON_ARGS="" +DAEMON=/usr/sbin/outbound.bin +DESC="outbound" +NAME=outbound +PATH=/sbin:/usr/sbin:/bin:/usr/bin +PIDFILE2=/var/$NAME/$NAME-wsgi.pid +PIDFILE=/var/run/$NAME.pid +SCRIPTNAME=/etc/init.d/$NAME +USER=outbound +WSGIBIN=uwsgi_python39 +export outbound_WSGI_INI=/etc/outbound.wsgi.ini +export outbound_CONF=/etc/outbound.conf + +# Exit if the package is not installed +[ -x "$DAEMON" ] || exit 0 + +# Read configuration variable file if it is present +[ -r /etc/default/$NAME ] && . /etc/default/$NAME + +# Load the VERBOSE setting and other rcS variables +. /lib/init/vars.sh + +# Define LSB log_* functions. +# Depend on lsb-base (>= 3.2-14) to ensure that this file is present +# and status_of_proc is working. +. /lib/lsb/init-functions + +# +# Function that starts the daemon/service +# +do_start() +{ + # Return + # 0 if daemon has been started + # 1 if daemon was already running + # 2 if daemon could not be started + #start-stop-daemon --start --quiet --chuid $USER --group $USER --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \ + # || return 1 + #start-stop-daemon --start --quiet --chuid $USER --group $USER --background --pidfile $PIDFILE --exec $DAEMON -- \ + # $DAEMON_ARGS \ + # || return 2 + #su $USER -c "$DAEMON" & + # The above code will not work for interpreted scripts, use the next + # six lines below instead (Ref: #643337, start-stop-daemon(8) ) + start-stop-daemon --start --make-pidfile --pidfile $PIDFILE \ + --chuid $USER --group $USER \ + --startas $DAEMON \ + --name $WSGIBIN --test > /dev/null \ + || return 1 + start-stop-daemon --start --background --make-pidfile --pidfile $PIDFILE --startas $DAEMON \ + --chuid $USER --group $USER \ + --name $WSGIBIN -- $DAEMON_ARGS \ + || return 2 + + # Add code here, if necessary, that waits for the process to be ready + # to handle requests from services started subsequently which depend + # on this one. As a last resort, sleep for some time. +} + +# +# Function that stops the daemon/service +# +do_stop() +{ + # Return + # 0 if daemon has been stopped + # 1 if daemon was already stopped + # 2 if daemon could not be stopped + # other if a failure occurred + #start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --user $USER --pidfile $PIDFILE + /usr/bin/$WSGIBIN --stop $PIDFILE2 2>/dev/null + RETVAL="$?" + [ "$RETVAL" = 2 ] && return 2 + # Wait for children to finish too if this is a daemon that forks + # and if the daemon is only ever run from this initscript. + # If the above conditions are not satisfied then add some other code + # that waits for the process to drop all resources that could be + # needed by services started subsequently. A last resort is to + # sleep for some time. + start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --user $USER --pidfile $PIDFILE + [ "$?" = 2 ] && return 2 + # Many daemons don't delete their pidfiles when they exit. + rm -f $PIDFILE + return "$RETVAL" +} + +# +# Function that sends a SIGHUP to the daemon/service +# +do_reload() { + # + # If the daemon can reload its configuration without + # restarting (for example, when it is sent a SIGHUP), + # then implement that here. + # + start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $WSGIBIN + return 0 +} + +case "$1" in + start) + [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" + do_start + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + stop) + [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" + do_stop + case "$?" in + 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; + 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; + esac + ;; + status) + status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $? + ;; + #reload|force-reload) + # + # If do_reload() is not implemented then leave this commented out + # and leave 'force-reload' as an alias for 'restart'. + # + #log_daemon_msg "Reloading $DESC" "$NAME" + #do_reload + #log_end_msg $? + #;; + restart|force-reload) + # + # If the "reload" option is implemented then remove the + # 'force-reload' alias + # + log_daemon_msg "Restarting $DESC" "$NAME" + do_stop + case "$?" in + 0|1) + do_start + case "$?" in + 0) log_end_msg 0 ;; + 1) log_end_msg 1 ;; # Old process is still running + *) log_end_msg 1 ;; # Failed to start + esac + ;; + *) + # Failed to stop + log_end_msg 1 + ;; + esac + ;; + *) + #echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2 + echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 + exit 3 + ;; +esac + +: diff --git a/extra/outbound.service b/extra/outbound.service new file mode 100644 index 0000000..a33a1f3 --- /dev/null +++ b/extra/outbound.service @@ -0,0 +1,21 @@ +[Unit] +Description=outbound link usage tracker webapp +Wants=network-online.target +After=network.target syslog.target + +[Service] +Environment=OUTBOUND_WSGI_INI=/etc/outbound.wsgi.ini +Environment=OUTBOUND_CONF=/etc/outbound.conf +WorkingDirectory=/var/outbound +User=outbound +Group=outbound +Type=simple +ExecStart=/usr/sbin/outbound.bin +TimeoutStartSec=120 +ExecStop=/usr/sbin/uwsgi --stop /var/outbound/outbound-wsgi.pid +RestartSec=15 +Restart=always +KillSignal=SIGINT + +[Install] +WantedBy=multi-user.target diff --git a/extra/outbound.spec b/extra/outbound.spec new file mode 100644 index 0000000..3ad3aaa --- /dev/null +++ b/extra/outbound.spec @@ -0,0 +1,150 @@ +# File: outbound.spec +# Location: outbound package +# Author: bgstack15 +# SPDX-License-Identifier: CC-BY-SA-4.0 +# Startdate: 2022-11-29 +# Title: Rpm spec for outbound package +# Purpose: Provide build instructions for CentOS rpm for package +# History: +# Usage: +# Reference: +# fifconfig.spec +# Improve: +# Documentation: +# Dependencies: + +# Tunables +# If you set this to 1, use the systemd-rpm-macros functionality described at https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ +%global with_systemd_usercreate 0 +%global pythonver python36 + +# Fedora defaults +%if 0%{?fedora} +%global with_systemd_usercreate 1 +%global pythonver python3 +%endif + +%global _appvardir %{?_localstatedir}%{!?_localstatedir:/var}/outbound +%global _user outbound + +%define devtty "/dev/null" +%define debug_package %{nil} +%global _python_bytecompile_errors_terminate_build 0 + +Summary: Outbound link usage tracker +Name: outbound +Version: 0.0.1 +Release: 1 +License: GPL 3.0 +Source0: https://bgstack15.ddns.net/cgit/%{name}/snapshot/%{name}-master.tar.gz +%if 0%{?with_systemd_usercreate} +Source1: extra/%{name}.sysusers +%endif +#%%if ! 0%%{?fedora} +#Patch1: extra/%%{name}-el7.patch +#%%endif +URL: https://bgstack15.ddns.net/ +Packager: B. Stack <bgstack15@gmail.com> +Requires: %{pythonver}-flask +Requires: %{pythonver}-xmltodict +Requires: uwsgi-plugin-%{pythonver} +Requires: uwsgi-logger-file +%if 0%{?fedora} +BuildRequires: make +# Fedora needs pip helper here +#Requires: %{pythonver}-json2html +%endif +# Mandatory pip3 requirements: pytimeparse, flask-sqlalchemy +#BuildRequires: txt2man +%if 0%{?with_systemd_usercreate} +BuildRequires: systemd-rpm-macros +%endif +%if 0%{?fedora} || 0%{?rhel} >= 8 +Suggests: nginx +%endif +Buildarch: noarch + +%description +Stackbin is a flask-based pastebin implementation. + +%prep +%setup -q -c %{name} +test -d "%{name}" && cd "%{name}" ; test -d "%{name}-"* && cd "%{name}-"* ; +#%%if ! 0%%{?fedora} +#%%patch1 -p1 +#%%endif + +%build +export srcdir="extra" +test -d "%{name}" && cd "%{name}" ; test -d "%{name}-"* && cd "%{name}-"* ; +%make_build -C "${srcdir}" + +%install +export srcdir="extra" +test -d "%{name}" && cd "%{name}" ; test -d "%{name}-"* && cd "%{name}-"* ; +%make_install -C "${srcdir}" \ + with_systemd=YES \ + with_nginx=YES \ + with_apache=NO \ + with_init=NO \ +%if 0%{?fedora} + with_pip_helper=NO +%else + with_pip_helper=YES +%endif +%if 0%{?with_systemd_usercreate} +install -p -D -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/%{name}.conf +%endif +exit 0 + +%clean +rm -rf %{buildroot} + +%pre +# Reference: squid.spec +%if 0%{?with_systemd_usercreate} +%sysusers_create_compat %{SOURCE1} +%else +if ! getent group %{_user} 1>/dev/null 2>&1 ; +then + /usr/sbin/groupadd --system --gid 726 %{_user} +fi +if ! getent passwd %{_user} 1>/dev/null 2>&1 ; +then + /usr/sbin/useradd --system --gid $( /usr/bin/getent group ${_user} | /usr/bin/awk -F':' '{print $3}' ) \ + --uid 726 --comment "outbound link tracker system user" \ + --home-dir %{_appvardir} --shell /sbin/nologin \ + %{_user} +fi +%endif +exit 0 + +%preun +%systemd_postun_with_restart %{name}.service + +%post +%systemd_post %{name}.service + +%postun +%systemd_postun_with_restart %{name}.service + +%files +%if 0%{?with_systemd_usercreate} +%{_sysusersdir}/%{name}.conf +%endif +%attr(0640, %{_user}, %{_user}) %config(noreplace) %{_sysconfdir}/%{name}.conf +%attr(0640, %{_user}, %{_user}) %config(noreplace) %{_sysconfdir}/%{name}.wsgi.ini +%attr(0640, %{_user}, %{_user}) %{_libexecdir}/%{name}/*.py +%attr(0755, %{_user}, %{_user}) %{_sbindir}/%{name}.bin +%attr(0750, %{_user}, %{_user}) %dir %{_appvardir} +%if ! 0%{?fedora} +%attr(0755, -, -) %{_libexecdir}/%{name}/pip-helper.sh +%endif +%attr(0644, root, root) %{?_unitdir}%{!?_unitdir:/usr/lib/systemd/system}/%{name}.service +%attr(0644, root, root) %{_sysconfdir}/nginx/default.d/%{name}.conf +%attr(0750, %{_user}, %{_user}) %dir %{?_localstatedir}%{!?_localstatedir:/var}/log/%{name} +%{_defaultdocdir}/%{name} + +%changelog +* Tue Feb 15 2022 B. Stack <bgstack15@gmail.com> - 0.0.1-1 +- Initial release diff --git a/extra/outbound.sysusers b/extra/outbound.sysusers new file mode 100644 index 0000000..813b698 --- /dev/null +++ b/extra/outbound.sysusers @@ -0,0 +1,3 @@ +# Part of fifconfig package +#Type Name ID GECOS Home directory Shell +u fifconfig - "fifconfig system user" /var/fifconfig /sbin/nologin diff --git a/extra/pip-helper.sh b/extra/pip-helper.sh new file mode 100644 index 0000000..e2dd700 --- /dev/null +++ b/extra/pip-helper.sh @@ -0,0 +1,37 @@ +#!/bin/sh +# This file is part of the outbound package. +# It is designed to be run as root, and it will run the requisite pip commands for the discovered environment. + +contents="$( awk -F'=' '/ID=|VERSION_ID/{print $2}' /etc/os-release 2>/dev/null | sed -r -e 's/"//g;' )" +id="$( echo "${contents}" | sed -n -e '1p' )" +version_id="$( echo "${contents}" | sed -n -e '2p' )" + +echo "Any parameters sent to this script ${0} will be added to the list of packages to install." +piplist="${1}" + +if echo "${id}" | grep -qiE 'rhel|centos' ; +then + #if echo "${version_id}" | grep -qiE '7' ; + #then + piplist="${piplist} " + #fi +elif echo "${id}" | grep -qiE 'fedora' ; +then + piplist="${piplist} " +elif echo "${id}" | grep -qiE 'devuan|debian' ; +then + piplist="${piplist} " +else + echo "Unknown os from /etc/os-release. Please investigate what pip3" 1>&2 + echo "packages are required for this OS release and share it with upstream." 1>&2 + echo "Aborted." 1>&2 + exit 1 +fi + +if test -n "${piplist}" ; +then + echo "Will try to serially install with pip these packages: ${piplist}" + for word in ${piplist} ; do + su outbound -s /bin/sh -c "pip3 install --user ${word}" || exit 1 + done +fi |