104 lines
3.3 KiB
Bash
Executable File
104 lines
3.3 KiB
Bash
Executable File
#!/usr/bin/env sh
|
|
|
|
set -eo pipefail
|
|
|
|
base_path='/var/www/passbolt'
|
|
gpg_private_key="$base_path/config/gpg/serverkey_private.asc"
|
|
gpg_public_key="$base_path/config/gpg/serverkey.asc"
|
|
ssl_key='/etc/ssl/certs/certificate.key'
|
|
ssl_cert='/etc/ssl/certs/certificate.crt'
|
|
|
|
gpg_gen_key() {
|
|
key_email="${KEY_EMAIL:-passbolt@yourdomain.com}"
|
|
key_name="${KEY_NAME:-Passbolt default user}"
|
|
key_length="${KEY_LENGTH:-2048}"
|
|
subkey_length="${SUBKEY_LENGTH:-2048}"
|
|
expiration="${KEY_EXPIRATION:-0}"
|
|
|
|
su -m -c "gpg --batch --gen-key <<EOF
|
|
Key-Type: 1
|
|
Key-Length: $key_length
|
|
Subkey-Type: 1
|
|
Subkey-Length: $subkey_length
|
|
Name-Real: $key_name
|
|
Name-Email: $key_email
|
|
Expire-Date: $expiration
|
|
%commit
|
|
EOF" -ls /bin/sh nginx
|
|
|
|
su -m -c "gpg --armor --export-secret-keys $key_email > $gpg_private_key" -ls /bin/sh nginx
|
|
su -m -c "gpg --armor --export $key_email > $gpg_public_key" -ls /bin/sh nginx
|
|
}
|
|
|
|
gpg_import_key() {
|
|
key_id=""
|
|
key_id=$(su -m -c "gpg --with-colons $gpg_private_key | grep sec |cut -f5 -d:" -ls /bin/sh nginx)
|
|
su -m -c "gpg --batch --import $gpg_public_key" -ls /bin/sh nginx
|
|
su -m -c "gpg -K $key_id" -ls /bin/sh nginx || su -m -c "gpg --batch --import $gpg_private_key" -ls /bin/sh nginx
|
|
}
|
|
|
|
gen_ssl_cert() {
|
|
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
|
|
-subj "/C=FR/ST=Denial/L=Springfield/O=Dis/CN=www.passbolt.local" \
|
|
-keyout $ssl_key -out $ssl_cert
|
|
}
|
|
|
|
install() {
|
|
tables=""
|
|
tables=$(mysql \
|
|
-u "$DATASOURCES_DEFAULT_USERNAME" \
|
|
-h "$DATASOURCES_DEFAULT_HOST" \
|
|
-P "$DATASOURCES_DEFAULT_PORT" \
|
|
-BN -e "SHOW TABLES FROM $DATASOURCES_DEFAULT_DATABASE" \
|
|
-p"$DATASOURCES_DEFAULT_PASSWORD" |wc -l)
|
|
|
|
if [ "$tables" -eq 0 ]; then
|
|
su -c "cp /var/www/passbolt/config/app.default.php /var/www/passbolt/config/app.php" -s /bin/sh nginx
|
|
su -m -c "PATH=$PATH:/usr/local/bin /var/www/passbolt/bin/cake passbolt install --no-admin --force" -s /bin/sh nginx
|
|
else
|
|
echo "Enjoy! ☮"
|
|
fi
|
|
}
|
|
|
|
email_cron_job() {
|
|
root_crontab='/etc/crontabs/root'
|
|
cron_task_dir='/etc/periodic/1min'
|
|
cron_task='/etc/periodic/1min/email_queue_processing'
|
|
process_email="PATH=$PATH:/usr/local/bin /var/www/passbolt/app/Console/cake EmailQueue.sender --quiet"
|
|
|
|
mkdir -p $cron_task_dir
|
|
echo "* * * * * run-parts $cron_task_dir" >> $root_crontab
|
|
echo "#!/bin/sh" > $cron_task
|
|
chmod +x $cron_task
|
|
echo "su -c \"$process_email\" -s /bin/sh nginx" >> $cron_task
|
|
}
|
|
|
|
if [ -z "$DATASOURCES_DEFAULT_HOST" ] \
|
|
&& [ -z "$DATASOURCES_DEFAULT_USERNAME" ] \
|
|
&& [ -z "$DATASOURCES_DEFAULT_PASSWORD" ] \
|
|
&& [ -z "$DATASOURCES_DEFAULT_DATABASE" ]; then
|
|
echo >&2 'Error: database credentials not provided'
|
|
echo >&2 'You must provide database details: hostname, username and password'
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -f $gpg_private_key ] && [ ! -L $gpg_private_key ] || \
|
|
[ ! -f $gpg_public_key ] && [ ! -L $gpg_public_key ]; then
|
|
gpg_gen_key
|
|
gpg_import_key
|
|
else
|
|
gpg_import_key
|
|
fi
|
|
|
|
if [ ! -f $ssl_key ] && [ ! -L $ssl_key ] && \
|
|
[ ! -f $ssl_cert ] && [ ! -L $ssl_cert ]; then
|
|
gen_ssl_cert
|
|
fi
|
|
|
|
gpg_auto_fingerprint=$(su -m -c "gpg --with-fingerprint $gpg_public_key | grep fingerprint | awk '{for(i=4;i<=NF;++i)printf \$i}'" -ls /bin/sh nginx)
|
|
export PASSBOLT_GPG_SERVER_KEY_FINGERPRINT=$gpg_auto_fingerprint
|
|
install
|
|
email_cron_job
|
|
|
|
/usr/bin/supervisord -n -c /etc/supervisord.conf
|