External-Mirrors/nextcloudpi
2
0
Fork 0
mirror of https://github.com/nextcloud/nextcloudpi.git synced 2026-01-09 06:32:00 -03:30
Code Issues Packages Projects Releases Wiki Activity

nc-encrypt.sh: Fix detection of running encryption

Browse Source 
Signed-off-by: Tobias Knöppler <6317548+theCalcaholic@users.noreply.github.com>
This commit is contained in:
Tobias Knöppler 2024-09-07 02:51:44 +02:00
parent 93f76ec8f8
commit 0e40867347
No known key found for this signature in database
GPG Key ID: 44FD368932E645C1
3 changed files with 32 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
.github/workflows/build-sd-images.yml vendored
View File

@ -282,20 +282,20 @@ jobs:
echo -e "${LOG_DIAG} /etc/os-release:" echo -e "${LOG_DIAG} /etc/os-release:"
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'cat /etc/os-release' "${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'cat /etc/os-release'
echo -e "${LOG_DIAG} /usr/local/etc/ncp.cfg:" echo -e "${LOG_DIAG} /usr/local/etc/ncp.cfg:"
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'cat /usr/local/etc/ncp.cfg' "${CONTAINER_CMD[@]}" --pipe -q ncp /bin/bash -c 'cat /usr/local/etc/ncp.cfg'
cat ./raspbian_root/usr/local/etc/ncp.cfg cat ./raspbian_root/usr/local/etc/ncp.cfg
echo -e "${LOG_DIAG} /home/ncp-app-bridge confi g ncp" echo -e "${LOG_DIAG} /home/ncp-app-bridge config ncp"
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'sudo -u www-data sudo /home/www/ncp-app-bridge.sh config ncp'
sudo ls -l ./raspbian_root/home/www/ncp-app-bridge.sh sudo ls -l ./raspbian_root/home/www/ncp-app-bridge.sh
"${CONTAINER_CMD[@]}" --pipe --uid=33 ncp /bin/bash -c 'sudo /home/www/ncp-app-bridge.sh config ncp'
echo -e "{$LOG_DIAG} Geckodriver logs:" echo -e "{$LOG_DIAG} Geckodriver logs:"
tail -n 20 geckodriver.log >&2 |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true tail -n 20 geckodriver.log >&2 |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true
echo -e "${LOG_CICD} ================" echo -e "${LOG_CICD} ================"
echo -e "${LOG_DIAG} ncp.log: " echo -e "${LOG_DIAG} ncp.log: "
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c "tail -n20 /var/log/ncp.log" |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true "${CONTAINER_CMD[@]}" --pipe ncp /bin/bash -c "tail -n20 /var/log/ncp.log" |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true
echo "================" echo "================"
echo "${LOG_DIAG} Nextcloud log: " echo "${LOG_DIAG} Nextcloud log: "
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'ls -l /opt/ncdata/data/nextcloud.log' |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true "${CONTAINER_CMD[@]}" --pipe -q ncp /bin/bash -c 'ls -l /opt/ncdata/data/nextcloud.log' |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true
"${CONTAINER_CMD[@]}" -q ncp /bin/bash -c 'cat /opt/ncdata/data/nextcloud.log' |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true "${CONTAINER_CMD[@]}" --pipe -q ncp /bin/bash -c 'cat /opt/ncdata/data/nextcloud.log' |& awk "{ print \"${LOG_DIAG} \" \$0 }" || true
sudo cat ./raspbian_root/opt/ncdata/data/nextcloud.log |& awk "{ print \"${LOG_DIAG} \" \$0 }" sudo cat ./raspbian_root/opt/ncdata/data/nextcloud.log |& awk "{ print \"${LOG_DIAG} \" \$0 }"
sleep 12 sleep 12
continue continue

30
bin/ncp/SECURITY/nc-encrypt.sh
View File

@ -20,14 +20,14 @@ install()
configure() configure()
{ {
(
set -e -o pipefail set -e -o pipefail
local datadir parentdir encdir tmpdir local datadir parentdir encdir tmpdir
datadir="$(get_ncpcfg datadir)" datadir="$(get_ncpcfg datadir)"
[[ "${datadir?}" == "null" ]] && datadir=/var/www/nextcloud/data [[ "${datadir?}" == "null" ]] && datadir=/var/www/nextcloud/data
parentdir="$(dirname "${datadir}")" parentdir="$(dirname "${datadir}")"
encdir="${parentdir?}/ncdata_enc" encdir="${parentdir?}/ncdata_enc"
tmpdir="$(mktemp -u -p "${parentdir}" -t nc-data-crypt.XXXXXX))" tmpdir="$(mktemp -u -p "${parentdir}" -t nc-data-crypt.XXXXXX)"
[[ "${ACTIVE?}" != "yes" ]] && { [[ "${ACTIVE?}" != "yes" ]] && {
if ! is_active; then if ! is_active; then
@ -59,7 +59,7 @@ configure()
# Just mount already encrypted data # Just mount already encrypted data
if [[ -f "${encdir?}"/gocryptfs.conf ]]; then if [[ -f "${encdir?}"/gocryptfs.conf ]]; then
systemctl reset-failed ncp-encrypt ||: systemctl reset-failed ncp-encrypt ||:
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log" systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -fg -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"
# switch to the regular virtual hosts after we decrypt, so we can access NC and ncp-web # switch to the regular virtual hosts after we decrypt, so we can access NC and ncp-web
a2ensite ncp 001-nextcloud a2ensite ncp 001-nextcloud
@ -72,13 +72,33 @@ configure()
mkdir -p "${encdir?}" mkdir -p "${encdir?}"
echo "${PASSWORD?}" | gocryptfs -init -q "${encdir}" echo "${PASSWORD?}" | gocryptfs -init -q "${encdir}"
save_maintenance_mode save_maintenance_mode
cleanup() {
umount "${datadir}" ||:
[[ -f "${tmpdir}" ]] && {
rm -rf "${datadir?}" ||:
mv "${tmpdir}" "${datadir}"
chown -R www-data:www-data "${datadir}"
}
}
trap cleanup 1
trap restore_maintenance_mode EXIT trap restore_maintenance_mode EXIT
mv "${datadir?}" "${tmpdir?}" mv "${datadir?}" "${tmpdir?}"
mkdir "${datadir}" mkdir "${datadir}"
systemctl reset-failed ncp-encrypt ||: systemctl reset-failed ncp-encrypt ||:
systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log" systemd-run -u ncp-encrypt -E PASSWORD bash -c "gocryptfs -fg -allow_other -q '${encdir}' '${datadir}' <<<\"\${PASSWORD}\" 2>&1 | sed /^Switch/d |& tee /var/log/ncp-encrypt.log"
maxtries=5
while [[ "$(systemctl is-active ncp-encrypt)" != "active" ]] || ! mount | grep -1 "${datadir}"
do
echo "Wating for encryption process to start... (${maxtries})"
sleep 3
maxtries=$((maxtries - 1))
[[ $maxtries -gt 0 ]] || return 1
done
echo "Encrypting data..." echo "Encrypting data..."
mv "${tmpdir}"/* "${tmpdir}"/.[!.]* "${datadir}" mv "${tmpdir}"/* "${tmpdir}"/.[!.]* "${datadir}"
@ -88,7 +108,7 @@ configure()
set_ncpcfg datadir "${datadir}" set_ncpcfg datadir "${datadir}"
echo "Data is now encrypted" echo "Data is now encrypted"
)
} }
# License # License

2
ncp.sh
View File

@ -128,7 +128,7 @@ EOF
cat > /home/www/ncp-app-bridge.sh <<'EOF' cat > /home/www/ncp-app-bridge.sh <<'EOF'
#!/bin/bash #!/bin/bash
set -ex set -e
grep -q '[\\&#;`|*?~<>^()[{}$&]' <<< "$*" && exit 1 grep -q '[\\&#;`|*?~<>^()[{}$&]' <<< "$*" && exit 1
action="${1?}" action="${1?}"
[[ "$action" == "config" ]] && { [[ "$action" == "config" ]] && {