install/mailsystem
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add template for 'install_schleuder3.sh'. At time, noting is implemented!

Browse Source
This commit is contained in:
Christoph 2018-04-30 03:09:34 +02:00
parent 683b6927b0
commit cc193c7339
3 changed files with 656 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

123
DOC/schleuder3/install_schleuder3_debian_package.txt Normal file
View File

@ -0,0 +1,123 @@
# ====================
# - Install via debian packagesystem
# ====================
# - Install dependencies
# -
apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
apt-get install haveged
# - Install schleuder 3 from stretch-backports
# -
apt-get install -t stretch-backports schleuder
# - You will get the following output
# -
# - Type 'J'
# -
Paketlisten werden gelesen... Fertig
Abhängigkeitsbaum wird aufgebaut.
Statusinformationen werden eingelesen.... Fertig
The following additional packages will be installed:
fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration
schleuder-cli sqlite3 thin
Vorgeschlagene Pakete:
gpgsm ri ruby-dev ruby-builder-doc bundler sqlite3-doc
Die folgenden NEUEN Pakete werden installiert:
fonts-lato libgpgme11 libruby2.3 libyaml-0-2 rake ruby ruby-activemodel ruby-activerecord ruby-activesupport
ruby-arel ruby-atomic ruby-backports ruby-blankslate ruby-builder ruby-daemons ruby-did-you-mean ruby-eventmachine
ruby-gpgme ruby-i18n ruby-json ruby-mail ruby-mail-gpg ruby-mime-types ruby-minitest ruby-multi-json ruby-net-telnet
ruby-oj ruby-power-assert ruby-rack ruby-rack-protection ruby-rack-test ruby-sinatra ruby-sinatra-contrib
ruby-sqlite3 ruby-test-unit ruby-thor ruby-thread-safe ruby-tilt ruby-tzinfo ruby2.3 rubygems-integration schleuder
schleuder-cli sqlite3 thin
0 aktualisiert, 45 neu installiert, 0 zu entfernen und 47 nicht aktualisiert.
Es müssen 9.420 kB an Archiven heruntergeladen werden.
Nach dieser Operation werden 42,1 MB Plattenplatz zusätzlich benutzt.
Möchten Sie fortfahren? [J/n]
# ---
# - Enable user schleuder for managing lists
# ---
backup_date="$(date +%Y-%m-%d-%H%M)"
schleuder_config="/etc/schleuder/schleuder.yml"
user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
# - Create API Key for user schleuder
# -
api_key="$(schleuder new_api_key)"
# - Add the generated API Key to the list of valid api keys at
# - configuration file $schleuder_config
# -
if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
perl -i.$backup_date -n -p \
-e "s/(^(\s*)valid_api_keys:.*)/\1\n\2 - ${api_key}/" \
$schleuder_config
fi
# - Add generated API Key to schleuder's configuration file
# - '${user_schleuder_config}'
# -
# - If no configuration file present, create a new default one.
# -
have_dot_schleuder_cli_yml=true
if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
have_dot_schleuder_cli_yml=false
elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
# - If the directory is present, no default configuration file (see below)
# - will be written
# -
mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
have_dot_schleuder_cli_yml=false
fi
if ! $have_dot_schleuder_cli_yml ; then
# Creates a default configuration file '${user_schleuder_config}'
#
su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
fi
# - Now, add the API Key..
# -
perl -i.$backup_date -n -p \
-e "s/^(\s*api_key:).*/\1 ${api_key}/" \
${user_schleuder_config}
# - Get tls fingerprint of configured certificate
# -
cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
# - Add the fingerprint to schleuder users private configuration file
# -
if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
perl -i.$backup_date -n -p \
-e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
${user_schleuder_config}
fi
# - Restart 'schleuder-api-daemon'
# -
systemctl restart schleuder-api-daemon
# ---
# - Add Postfix support
# ---

246
DOC/schleuder3/install_schleuder3_maually.txt Normal file
View File

@ -0,0 +1,246 @@
# ====================
# - Install schleuder3 manually
# ====================
# - See README.md of repository:
# -
# - https://0xacab.org/schleuder/schleuder-deb
# -
# - Requirements
# -
# - ruby >=2.1
# - gnupg >=2.0
# - gpgme
# - sqlite3
# - openssl
# -
apt-get install ruby-dev gnupg2 libgpgme-dev libsqlite3-dev libssl-dev build-essential
apt-get install haveged
# - Additionally these rubygems are required (will be installed automatically unless present):
# -
# - rake
# - active_record
# - sqlite3
# - thor
# - thin
# - mail-gpg
# - sinatra
# - sinatra-contrib
# -----
# - Installing Schleuder
# -----
mkdir /usr/local/src/schleuder3
cd /usr/local/src/schleuder3
# - Download the gem and the OpenPGP-signature and verify:
# -
wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem
wget https://0xacab.org/schleuder/schleuder/raw/master/gems/schleuder-3.2.1.gem.sig
gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
gpg --verify schleuder-3.2.1.gem.sig
# - If all went well install the gem:
# -
gem install schleuder-3.2.1.gem
# - Set up schleuder:
# -
schleuder install
# - Output command 'schleuder install':
# -
root@schleuder3:/usr/local/src/schleuder3 # schleuder install
-- create_table("lists", {:force=>:cascade})
-> 0.0119s
-- create_table("subscriptions", {:force=>:cascade})
-> 0.0060s
-- add_index("subscriptions", ["email", "list_id"], {:name=>"index_subscriptions_on_email_and_list_id", :unique=>true})
-> 0.0053s
-- add_index("subscriptions", ["list_id"], {:name=>"index_subscriptions_on_list_id"})
-> 0.0056s
-- initialize_schema_migrations_table()
-> 0.0113s
NOTE: The database was prepared using sqlite. If you prefer to use a different DBMS please edit the 'database'-section in /etc/schleuder/schleuder.yml, create the database, install the corresponding ruby-library (e.g. `gem install mysql`) and run this current command again
Private key written to: /etc/schleuder/schleuder-private-key.pem
Certificate written to: /etc/schleuder/schleuder-certificate.pem
Fingerprint of generated certificate: 9c70d382a0780904b2cd3a71b453ef689ea06ce18f46258bb668399742d2a794
Have this fingerprint included into the configuration-file of all clients that want to connect to your Schleuder API.
! Warning: this process was run as root — please make sure the above files are accessible by the user that is running `schleuder-api-daemon`.
Schleuder has been set up. You can now create a new list using `schleuder-cli`.
We hope you enjoy!
# -----
# - Installing schleuder-cli (to manage lists from the command line)
# -----
cd /usr/local/src/schleuder3
# - Download the gem and the OpenPGP-signature and verify:
# -
wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem
wget https://0xacab.org/schleuder/schleuder-cli/raw/master/gems/schleuder-cli-0.1.0.gem.sig
gpg --recv-key 0xB3D190D5235C74E1907EACFE898F2C91E2E6E1F3
gpg --verify schleuder-cli-0.1.0.gem.sig
cd /etc/postfix
ln -s /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/postfix/schleuder_sqlite.cf
cat <<EOF > /etc/postfix/transport_schleuder
cryptolists.mail36.net schleuder:
EOF
postmap btree:/etc/postfix/transport_schleuder/
if ! grep -A 3 -E "^\s*transport_maps" /etc/postfix/main.cf | grep -q "btree:/etc/postfix/transport_schleuder" ; then
perl -i -n -p -e "s#^(\s*transport_maps\s*=.*)#\1\n btree:/etc/postfix/transport_schleuder#" /etc/postfix/main.cf
fi
groupadd -r schleuder
useradd -r -M -d /noexistent -s /bin/false -g schleuder schleuder
chown -R schleuder:schleuder /var/lib/schleuder /etc/schleuder
systemctl stop postfix
rm -fr /var/lib/postfix/verify_cache.db
systemctl start postfix
# -----
# - Configure schleuder-api-daemon systemd service
# -----
cp /var/lib/gems/2.3.0/gems/schleuder-3.2.1/etc/schleuder-api-daemon.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable schleuder-api-daemon.service
systemctl start schleuder-api-daemon.service
# ---
# - Enable user schleuder for managing lists
# ---
backup_date="$(date +%Y-%m-%d-%H%M)"
schleuder_config="/etc/schleuder/schleuder.yml"
user_schleuder_config="/var/lib/schleuder/.schleuder-cli/schleuder-cli.yml"
# - Create API Key for user schleuder
# -
api_key="$(schleuder new_api_key)"
# - Add the generated API Key to the list of valid api keys at
# - configuration file $schleuder_config
# -
if ! grep -q "$api_key" 2> /dev/null $schleuder_config ; then
perl -i.$backup_date -n -p \
-e "s/(^(\s*)valid_api_keys:.*)/\1\n\2 - ${api_key}/" \
$schleuder_config
fi
# - Add generated API Key to schleuder's configuration file
# - '${user_schleuder_config}'
# -
# - If no configuration file present, create a new default one.
# -
have_dot_schleuder_cli_yml=true
if [[ ! -d "~schleuder/.schleuder-cli" ]] ; then
have_dot_schleuder_cli_yml=false
elif [[ ! -f "~schleuder/.schleuder-cli/schleuder-cli.yml" ]] ; then
# - If the directory is present, no default configuration file (see below)
# - will be written
# -
mv "~schleuder/.schleuder-cli" "~schleuder/.schleuder-cli.${backup_date}"
have_dot_schleuder_cli_yml=false
fi
if ! $have_dot_schleuder_cli_yml ; then
# Creates a default configuration file '${user_schleuder_config}'
#
su - schleuder -s /bin/bash -c "/usr//bin/schleuder-cli lists list > /dev/null 2>&1"
fi
# - Now, add the API Key..
# -
perl -i.$backup_date -n -p \
-e "s/^(\s*api_key:).*/\1 ${api_key}/" \
${user_schleuder_config}
# - Get tls fingerprint of configured certificate
# -
cert_fingerprint="$(schleuder cert fingerprint | awk '{print$4}')"
# - Add the fingerprint to schleuder users private configuration file
# -
if ! grep -q "$cert_fingerprint" 2> /dev/null ${user_schleuder_config} ; then
perl -i.$backup_date -n -p \
-e "s/^(\s*tls_fingerprint:).*/\1 ${cert_fingerprint}/" \
${user_schleuder_config}
fi
# - Restart 'schleuder-api-daemon'
# -
systemctl restart schleuder-api-daemon
# -----
# - Maintenance
# -----
# - Please take care to have the following commands run by the user that owns the
# - directory of schleuder lists (by default /var/lib/schleuder/lists) to avoid
# - running into file permission problems!
# - Schleuder can check all keys that are present in the lists keyrings for
# - (upcoming) expiration dates, revocation, or other reasons for not being
# - usable.
# -
# - Note: take care tcp port 11371 is open for calling pgp-keyservers
# -
# - Call this command weekly from cron to automate the check and have the
# - results sent to the respective list-admins:
# -
# - schleuder check_keys
# -
su schleuder -c "/usr/local/bin/schleuder check_keys" -s /bin/bash
# - Schleuder can also refresh all keys in the same manner. Each key of each
# - list will be refreshed from a keyserver one by one. If youre using gpg 2.1,
# - its possible to configure a TOR onion service to be used as keyserver! See
# - the config for an example.
# -
# - Call this command weekly from cron to automate the check and have the results
# - sent to the respective list-admins:
# -
# - schleuder refresh_keys
# -
su schleuder -c "/usr/local/bin/schleuder schleuder refresh_keys" -s /bin/bash

287
install_schleuder3.sh Executable file
View File

@ -0,0 +1,287 @@
#!/usr/bin/env bash
script_name="$(basename $(realpath $0))"
working_dir="$(dirname $(realpath $0))"
conf_file="${working_dir}/conf/${script_name%%.*}.conf"
LOCK_DIR="/tmp/$(basename $0).$$.LOCK"
log_file="${LOCK_DIR}/${script_name%%.*}.log"
backup_date="$(date +%Y-%m-%d-%H%M)"
# ----------
# Base Function(s)
# ----------
usage() {
[[ -n "$1" ]] && error "$1"
[[ $terminal ]] && echo -e "
\033[1mUsage:\033[m
$(basename $0) [OPTION [OPTION ..
\033[1mDescription\033[m
<Some Description>
\033[1mOptions\033[m
<List Options>
\033[1mExample:\033[m
<description example>
$(basename $0) .. <comand example>
<description another example>
$(basename $0) .. <command another example>
"
clean_up 1
}
clean_up() {
# Perform program exit housekeeping
rm -rf "$LOCK_DIR"
blank_line
exit $1
}
echononl(){
if $terminal ; then
echo X\\c > /tmp/shprompt$$
if [ `wc -c /tmp/shprompt$$ | awk '{print $1}'` -eq 1 ]; then
echo -e -n " $*\\c" 1>&2
else
echo -e -n " $*" 1>&2
fi
rm /tmp/shprompt$$
fi
}
fatal(){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mFatal\033[m ] $*"
else
echo -e " [ Fatal ] $*"
fi
echo ""
if $terminal ; then
echo -e " \033[1mScript terminated\033[m.."
else
echo -e " Script terminated.."
fi
echo ""
rm -rf $LOCK_DIR
exit 1
}
error (){
echo ""
if $terminal ; then
echo -e " [ \033[31m\033[1mError\033[m ] $*"
else
echo " [ Error ] $*"
fi
echo ""
}
warn (){
if $LOGGING || $terminal ; then
echo ""
if $terminal ; then
echo -e " [ \033[33m\033[1mWarn\033[m ] $*"
else
echo " [ Warn ] $*"
fi
echo ""
fi
}
info (){
if $LOGGING || $terminal ; then
echo ""
if $terminal ; then
echo -e " [ \033[32m\033[1mInfo\033[m ] $*"
else
echo " [ Info ] $*"
fi
echo ""
fi
}
ok (){
if $LOGGING || $terminal ; then
echo ""
if $terminal ; then
echo -e " [ \033[32m\033[1mOk\033[m ] $*"
else
echo " [ Ok ] $*"
fi
echo ""
fi
}
echo_done() {
if $terminal ; then
echo -e "\033[75G[ \033[32mdone\033[m ]"
fi
}
echo_ok() {
if $terminal ; then
echo -e "\033[75G[ \033[32mok\033[m ]"
fi
}
echo_failed(){
if $terminal ; then
echo -e "\033[75G[ \033[1;31mfailed\033[m ]"
fi
}
echo_skipped() {
if $terminal ; then
echo -e "\033[75G[ \033[33m\033[1mskipped\033[m ]"
fi
}
trim() {
local var="$*"
var="${var#"${var%%[![:space:]]*}"}" # remove leading whitespace characters
var="${var%"${var##*[![:space:]]}"}" # remove trailing whitespace characters
echo -n "$var"
}
blank_line() {
if $terminal ; then
echo ""
fi
}
# ----------
# - Jobhandling
# ----------
# - Run 'clean_up' for signals SIGHUP SIGINT SIGTERM
# -
trap clean_up SIGHUP SIGINT SIGTERM
# - Create lock directory '$LOCK_DIR"
#
mkdir "$LOCK_DIR"
# ----------
# - Headline
# ----------
if $terminal ; then
echo ""
echo -e "\033[1m----------\033[m"
echo -e "\033[32m\033[1mRunning script \033[m\033[1m$script_name\033[32m .. \033[m"
echo -e "\033[1m----------\033[m"
fi
# ----------
# - Some checks ..
# ----------
# - Running in a terminal?
# -
if [[ -t 1 ]] ; then
terminal=true
else
terminal=false
fi
# - Print help?
# -
if [[ "$(trim $*)" = "-h" ]] || [[ "$(trim $*)" = "--help" ]] ; then
usage
fi
if [[ -z "$(which basename)" ]]; then
fatal 'It seems "basename" is not installed, but needed!'
fi
if [[ -z "$(which realpath)" ]]; then
fatal 'It seems "realpath" is not installed, but needed!'
fi
# ==========
# - Begin Main Script
# ==========
fatal "Script not yet implemented"
# ----------
# Read Configurations from $conf_file
# ----------
# - Give your default values here
# -
LOGGING=false
if [[ -f "$conf_file" ]]; then
source "$conf_file"
else
warn "No configuration file '$conf_file' present.\n
Loading default values.."
fi
# ----------
# - Some pre-script tasks ..
# ----------
if $terminal ; then
echo ""
echo ""
echo -e " \033[1mDoing some pre-script tasks ..\033[m"
echo ""
fi
echononl "All is fine"
echo_ok
# ----------
# - Main part of script
# ----------
if $terminal ; then
echo ""
echo ""
echo -e " \033[1mMain part of script ..\033[m"
echo ""
fi
# ----------
# - Some post-script tasks ..
# ----------
if $terminal ; then
echo ""
echo ""
echo -e " \033[1mDoing some post-script tasks ..\033[m"
echo ""
fi
clean_up 0