From cc193c7339548260a233e28c1bb6bbf4e34a300e Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Mon, 30 Apr 2018 03:09:34 +0200
Subject: [PATCH] Add template for 'install_schleuder3.sh'. At time, noting is
 implemented!

---
 .../install_schleuder3_debian_package.txt     | 123 ++++++++
 DOC/schleuder3/install_schleuder3_maually.txt | 246 +++++++++++++++
 install_schleuder3.sh                         | 287 ++++++++++++++++++
 3 files changed, 656 insertions(+)
 create mode 100644 DOC/schleuder3/install_schleuder3_debian_package.txt
 create mode 100644 DOC/schleuder3/install_schleuder3_maually.txt
 create mode 100755 install_schleuder3.sh

diff --git a/DOC/schleuder3/install_schleuder3_debian_package.txt b/DOC/schleuder3/install_schleuder3_debian_package.txt
new file mode 100644
index 0000000..3db964e
--- /dev/null
+++ b/DOC/schleuder3/install_schleuder3_debian_package.txt
@@ -0,0 +1,123 @@
+# ====================
+# - Install via debian packagesystem
+# ====================
+
+# - Install dependencies
+# -
+apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
+apt-get install haveged
+
+# - Install schleuder 3 from stretch-backports
+# -
+apt-get install -t stretch-backports schleuder
+
+# - You will get the following output
+# -
+# -    Type 'J'
+# -
+Paketlisten werden gelesen... Fertig
+Abhängigkeitsbaum wird aufgebaut.       
+Statusinformationen werden eingelesen.... Fertig
+The following additional packages will be installed:
+  fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
+  ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
+  ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
+  ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
+  ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration
+  schleuder-cli sqlite3 thin
+Vorgeschlagene Pakete:
+  gpgsm ri ruby-dev ruby-builder-doc bundler sqlite3-doc
+Die folgenden NEUEN Pakete werden installiert:
+  fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
+  ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
+  ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
+  ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
+  ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration schleuder
+  schleuder-cli sqlite3 thin
+0 aktualisiert, 45 neu installiert, 0 zu entfernen und 47 nicht aktualisiert.
+Es müssen 9.420 kB an Archiven heruntergeladen werden.
+Nach dieser Operation werden 42,1 MB Plattenplatz zusätzlich benutzt.
+Möchten Sie fortfahren? [J/n] 
+
+
+
+# ---
+# - Enable user schleuder for managing lists
+# ---
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+schleuder_config="/etc/schleuder/schleuder.yml"
+user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
+
+# - Create API Key for user schleuder
+# -
+api_key="$(schleuder new_api_key)"
+
+# - Add the generated API Key to the list of valid api keys at
+# - configuration file $schleuder_config
+# -
+if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
+   perl -i.$backup_date -n -p \
+      -e "s/(^(\s*)valid_api_keys:.*)/\1\n\2  - ${api_key}/" \
+      $schleuder_config
+fi
+
+
+# - Add generated API Key to schleuder's configuration file
+# - '${user_schleuder_config}'
+# -
+
+# - If no configuration file present, create a new default one.
+# -
+have_dot_schleuder_cli_yml=true
+if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
+   have_dot_schleuder_cli_yml=false
+elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
+
+   # - If the directory is present, no default configuration file (see below)
+   # - will be written
+   # -
+   mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
+
+   have_dot_schleuder_cli_yml=false
+fi
+
+if ! $have_dot_schleuder_cli_yml ; then
+
+   # Creates a default configuration file '${user_schleuder_config}'
+   #
+   su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
+
+fi
+
+# - Now, add the API Key..
+# -
+perl -i.$backup_date -n -p \
+   -e "s/^(\s*api_key:).*/\1 ${api_key}/" \
+   ${user_schleuder_config}
+
+
+# - Get tls fingerprint of configured certificate
+# -
+cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
+
+# - Add the fingerprint to schleuder users private configuration file
+# -
+if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
+   perl -i.$backup_date -n -p \
+      -e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
+      ${user_schleuder_config}
+fi
+
+
+# - Restart 'schleuder-api-daemon'
+# -
+systemctl restart schleuder-api-daemon
+
+
+
+# ---
+# - Add Postfix support
+# ---
+
+
diff --git a/DOC/schleuder3/install_schleuder3_maually.txt b/DOC/schleuder3/install_schleuder3_maually.txt
new file mode 100644
index 0000000..af5b0c9
--- /dev/null
+++ b/DOC/schleuder3/install_schleuder3_maually.txt
@@ -0,0 +1,246 @@
+# ====================
+# - Install schleuder3 manually
+# ====================
+
+
+# - See README.md of repository:
+# -
+# -    https://0xacab.org/schleuder/schleuder-deb
+# -
+
+# - Requirements
+# -
+# -    ruby >=2.1
+# -    gnupg >=2.0
+# -    gpgme
+# -    sqlite3
+# -    openssl
+# -
+apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
+
+apt-get install haveged
+
+# - Additionally these rubygems are required (will be installed automatically unless present):
+# -
+# -    rake
+# -    active_record
+# -    sqlite3
+# -    thor
+# -    thin
+# -    mail-gpg
+# -    sinatra
+# -    sinatra-contrib
+
+
+# -----
+# - Installing Schleuder
+# -----
+
+mkdir /usr/local/src/schleuder3
+
+cd /usr/local/src/schleuder3
+
+
+# - Download the gem and the OpenPGP-signature and verify:
+# -
+wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem
+wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem.sig
+
+gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
+gpg --verify schleuder-3.2.1.gem.sig
+
+
+# - If all went well install the gem:
+# -
+gem install schleuder-3.2.1.gem
+
+
+# - Set up schleuder:
+# -
+schleuder install
+
+# - Output command 'schleuder install':
+# -
+root@schleuder3:/usr/local/src/schleuder3 # schleuder install
+-- create_table("lists", {:force=>:cascade})
+   -> 0.0119s
+-- create_table("subscriptions", {:force=>:cascade})
+   -> 0.0060s
+-- add_index("subscriptions", ["email", "list_id"], {:name=>"index_subscriptions_on_email_and_list_id", :unique=>true})
+   -> 0.0053s
+-- add_index("subscriptions", ["list_id"], {:name=>"index_subscriptions_on_list_id"})
+   -> 0.0056s
+-- initialize_schema_migrations_table()
+   -> 0.0113s
+NOTE: The database was prepared using sqlite. If you prefer to use a different DBMS please edit the 'database'-section in /etc/schleuder/schleuder.yml, create the database, install the corresponding ruby-library (e.g. `gem install mysql`) and run this current command again
+Private key written to: /etc/schleuder/schleuder-private-key.pem
+Certificate written to: /etc/schleuder/schleuder-certificate.pem
+Fingerprint of generated certificate: 9c70d382a0780904b2cd3a71b453ef689ea06ce18f46258bb668399742d2a794
+Have this fingerprint included into the configuration-file of all clients that want to connect to your Schleuder API.
+! Warning: this process was run as root — please make sure the above files are accessible by the user that is running `schleuder-api-daemon`.
+Schleuder has been set up. You can now create a new list using `schleuder-cli`.
+We hope you enjoy!
+
+
+
+# -----
+# - Installing  schleuder-cli (to manage lists from the command line)
+# -----
+
+cd /usr/local/src/schleuder3
+
+
+
+# - Download the gem and the OpenPGP-signature and verify:
+# -
+wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem
+wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem.sig
+
+gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
+gpg --verify schleuder-cli-0.1.0.gem.sig
+
+
+cd /etc/postfix
+ln -s /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/postfix/schleuder_sqlite.cf
+
+cat <<EOF > /etc/postfix/transport_schleuder
+cryptolists.mail36.net schleuder:
+EOF
+
+postmap btree:/etc/postfix/transport_schleuder/
+
+if ! grep -A 3 -E "^\s*transport_maps" /etc/postfix/main.cf | grep -q "btree:/etc/postfix/transport_schleuder" ; then
+   perl -i -n -p -e "s#^(\s*transport_maps\s*=.*)#\1\n   btree:/etc/postfix/transport_schleuder#" /etc/postfix/main.cf
+fi
+
+
+
+groupadd -r schleuder
+useradd -r -M -d /noexistent -s /bin/false -g schleuder schleuder
+chown -R schleuder:schleuder /var/lib/schleuder /etc/schleuder
+
+systemctl stop postfix
+rm -fr /var/lib/postfix/verify_cache.db
+systemctl start postfix
+
+
+# -----
+# - Configure schleuder-api-daemon systemd service
+# -----
+
+cp /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/schleuder-api-daemon.service /etc/systemd/system/
+systemctl daemon-reload
+systemctl enable schleuder-api-daemon.service
+systemctl start schleuder-api-daemon.service
+
+
+
+# ---
+# - Enable user schleuder for managing lists
+# ---
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+schleuder_config="/etc/schleuder/schleuder.yml"
+user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
+
+# - Create API Key for user schleuder
+# -
+api_key="$(schleuder new_api_key)"
+
+# - Add the generated API Key to the list of valid api keys at
+# - configuration file $schleuder_config
+# -
+if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
+   perl -i.$backup_date -n -p \
+      -e "s/(^(\s*)valid_api_keys:.*)/\1\n\2  - ${api_key}/" \
+      $schleuder_config
+fi
+
+
+# - Add generated API Key to schleuder's configuration file
+# - '${user_schleuder_config}'
+# -
+
+# - If no configuration file present, create a new default one.
+# -
+have_dot_schleuder_cli_yml=true
+if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
+   have_dot_schleuder_cli_yml=false
+elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
+
+   # - If the directory is present, no default configuration file (see below)
+   # - will be written
+   # -
+   mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
+
+   have_dot_schleuder_cli_yml=false
+fi
+
+if ! $have_dot_schleuder_cli_yml ; then
+
+   # Creates a default configuration file '${user_schleuder_config}'
+   #
+   su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
+
+fi
+
+# - Now, add the API Key..
+# -
+perl -i.$backup_date -n -p \
+   -e "s/^(\s*api_key:).*/\1 ${api_key}/" \
+   ${user_schleuder_config}
+
+
+# - Get tls fingerprint of configured certificate
+# -
+cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
+
+# - Add the fingerprint to schleuder users private configuration file
+# -
+if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
+   perl -i.$backup_date -n -p \
+      -e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
+      ${user_schleuder_config}
+fi
+
+
+# - Restart 'schleuder-api-daemon'
+# -
+systemctl restart schleuder-api-daemon
+
+
+
+# -----
+# - Maintenance
+# -----
+
+# - Please take care to have the following commands run by the user that owns the
+# - directory of schleuder lists (by default /var/lib/schleuder/lists) to avoid
+# - running into file permission problems!
+
+# - Schleuder can check all keys that are present in the list’s keyrings for
+# - (upcoming) expiration dates, revocation, or other reasons for not being
+# - usable.
+# -
+# - Note: take care tcp port 11371 is open for calling pgp-keyservers
+# -
+# - Call this command weekly from cron to automate the check and have the
+# - results sent to the respective list-admins:
+# -
+# -    schleuder check_keys
+# -
+su schleuder -c "/usr/local/bin/schleuder check_keys" -s /bin/bash
+
+# - Schleuder can also refresh all keys in the same manner. Each key of each
+# - list will be refreshed from a keyserver one by one. If you’re using gpg 2.1,
+# - it’s possible to configure a TOR onion service to be used as keyserver! See
+# - the config for an example.
+# -
+# - Call this command weekly from cron to automate the check and have the results
+# - sent to the respective list-admins:
+# -
+# -    schleuder refresh_keys
+# -
+su schleuder -c "/usr/local/bin/schleuder schleuder refresh_keys" -s /bin/bash
+
+
diff --git a/install_schleuder3.sh b/install_schleuder3.sh
new file mode 100755
index 0000000..ccc7f97
--- /dev/null
+++ b/install_schleuder3.sh
@@ -0,0 +1,287 @@
+#!/usr/bin/env bash
+
+script_name="$(basename $(realpath $0))"
+working_dir="$(dirname $(realpath $0))"
+
+conf_file="${working_dir}/conf/${script_name%%.*}.conf"
+
+LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
+log_file="${LOCK_DIR}/${script_name%%.*}.log"
+
+backup_date="$(date +%Y-%m-%d-%H%M)"
+
+# ----------
+# Base Function(s)
+# ----------
+
+usage() {
+
+
+   [[ -n  "$1" ]] && error "$1"
+
+
+   [[ $terminal ]] && echo -e "
+\033[1mUsage:\033[m
+
+   $(basename $0) [OPTION [OPTION ..
+
+\033[1mDescription\033[m
+
+   <Some Description>
+
+\033[1mOptions\033[m
+
+   <List Options>
+
+\033[1mExample:\033[m
+   
+   <description example>
+
+      $(basename $0) .. <comand example>
+
+   <description another example>
+   
+      $(basename $0) .. <command another example>
+
+"
+
+   clean_up 1
+
+}
+
+clean_up() {
+
+   # Perform program exit housekeeping
+   rm -rf "$LOCK_DIR"
+   blank_line
+   exit $1
+}
+
+
+echononl(){
+   if $terminal ; then
+      echo X\\c > /tmp/shprompt$$
+      if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
+         echo -e -n "   $*\\c" 1>&2
+      else
+         echo -e -n "   $*" 1>&2
+      fi
+      rm /tmp/shprompt$$
+   fi
+}
+
+
+fatal(){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mFatal\033[m ] $*"
+   else
+      echo -e "   [ Fatal ] $*"
+   fi
+   echo ""
+   if $terminal ; then
+      echo -e "             \033[1mScript terminated\033[m.."
+   else
+      echo -e "             Script terminated.."
+   fi
+   echo ""
+   rm -rf $LOCK_DIR
+   exit 1
+}
+
+error (){
+   echo ""
+   if $terminal ; then
+      echo -e "   [ \033[31m\033[1mError\033[m ] $*"
+   else
+      echo "   [ Error ] $*"
+   fi
+   echo ""
+}
+
+warn (){
+   if $LOGGING || $terminal ; then
+      echo ""
+      if $terminal ; then
+         echo -e "   [ \033[33m\033[1mWarn\033[m ]  $*"
+      else
+         echo "   [ Warn ]  $*"
+      fi
+      echo ""
+   fi
+}
+
+info (){
+   if $LOGGING || $terminal ; then
+      echo ""
+      if $terminal ; then
+         echo -e "   [ \033[32m\033[1mInfo\033[m ]  $*"
+      else
+         echo "   [ Info ]  $*"
+      fi
+      echo ""
+   fi
+}
+
+ok (){
+   if $LOGGING || $terminal ; then
+      echo ""
+      if $terminal ; then
+         echo -e "   [ \033[32m\033[1mOk\033[m ]    $*"
+      else
+         echo "   [ Ok ]    $*"
+      fi
+      echo ""
+   fi
+}
+
+echo_done() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mdone\033[m ]"
+   fi
+}
+echo_ok() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[32mok\033[m ]"
+   fi
+}
+echo_failed(){
+   if $terminal ; then
+      echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
+   fi
+}
+echo_skipped() {
+   if $terminal ; then
+      echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
+   fi
+}
+
+trim() {
+    local var="$*"
+    var="${var#"${var%%[![:space:]]*}"}"   # remove leading whitespace characters
+    var="${var%"${var##*[![:space:]]}"}"   # remove trailing whitespace characters
+    echo -n "$var"
+}
+
+blank_line() {
+   if $terminal ; then
+      echo ""
+   fi
+}
+
+
+
+# ----------
+# - Jobhandling 
+# ----------
+
+# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
+# -
+trap clean_up SIGHUP SIGINT SIGTERM
+
+# - Create lock directory '$LOCK_DIR"
+#
+mkdir "$LOCK_DIR"
+
+
+# ----------
+# - Headline
+# ----------
+
+if $terminal ; then
+   echo ""
+   echo -e "\033[1m----------\033[m"
+   echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m"
+   echo -e "\033[1m----------\033[m"
+fi
+
+
+# ----------
+# - Some checks ..
+# ----------
+
+# - Running in a terminal?
+# -
+if [[ -t 1 ]] ; then
+   terminal=true
+else
+   terminal=false
+fi
+
+# - Print help?
+# -
+if [[ "$(trim $*)" = "-h" ]] || [[ "$(trim $*)" = "--help" ]] ; then
+    usage
+fi
+
+if [[ -z "$(which basename)" ]]; then
+   fatal 'It seems "basename" is not installed, but needed!'
+fi
+
+if [[ -z "$(which realpath)" ]]; then
+   fatal 'It seems "realpath" is not installed, but needed!'
+fi
+
+
+# ==========
+# - Begin Main Script
+# ==========
+
+fatal "Script not yet implemented"
+
+# ----------
+#  Read Configurations from $conf_file
+# ----------
+
+
+# - Give your default values here
+# -
+LOGGING=false
+
+if [[ -f "$conf_file" ]]; then
+   source "$conf_file"
+else
+   warn "No configuration file '$conf_file' present.\n
+             Loading default values.."
+fi
+
+
+# ----------
+# - Some pre-script tasks ..
+# ----------
+
+if $terminal ; then
+   echo ""
+   echo ""
+   echo -e "   \033[1mDoing some pre-script tasks ..\033[m"
+   echo ""
+fi
+
+echononl "All is fine"
+echo_ok
+
+
+# ----------
+# - Main part of script
+# ----------
+
+if $terminal ; then
+   echo ""
+   echo ""
+   echo -e "   \033[1mMain part of script ..\033[m"
+   echo ""
+fi
+
+
+# ----------
+# - Some post-script tasks ..
+# ----------
+
+if $terminal ; then
+   echo ""
+   echo ""
+   echo -e "   \033[1mDoing some post-script tasks ..\033[m"
+   echo ""
+fi
+
+clean_up 0