From 6939ca768bc56acc845a50ef7ff6c4522c78c360 Mon Sep 17 00:00:00 2001 From: ed Date: Sun, 5 Feb 2023 00:07:04 +0000 Subject: [PATCH] pkg/arch: add prisonparty --- .gitignore | 2 + contrib/package/arch/PKGBUILD | 36 ++++++++---- contrib/package/arch/copyparty.conf | 75 ++---------------------- contrib/package/arch/copyparty.service | 41 ++----------- contrib/package/arch/index.md | 3 + contrib/package/arch/prisonparty.service | 31 ++++++++++ scripts/prep.sh | 43 ++++++++++++++ 7 files changed, 115 insertions(+), 116 deletions(-) create mode 100644 contrib/package/arch/index.md create mode 100644 contrib/package/arch/prisonparty.service create mode 100755 scripts/prep.sh diff --git a/.gitignore b/.gitignore index a5162eaf..de34ef54 100644 --- a/.gitignore +++ b/.gitignore @@ -25,6 +25,8 @@ copyparty.egg-info/ copyparty/res/COPYING.txt copyparty/web/deps/ srv/ +contrib/package/arch/pkg/ +contrib/package/arch/src/ # state/logs up.*.txt diff --git a/contrib/package/arch/PKGBUILD b/contrib/package/arch/PKGBUILD index b042e0c1..aa991138 100644 --- a/contrib/package/arch/PKGBUILD +++ b/contrib/package/arch/PKGBUILD @@ -6,8 +6,9 @@ pkgdesc="Portable file sharing hub" arch=("any") url="https://github.com/9001/${pkgname}" license=('MIT') -depends=("python3") +depends=("python" "lsof") optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tags" + "python-jinja: faster html generator" "python-mutagen: music tags (alternative)" "python-pillow: thumbnails for images" "python-pyvips: thumbnails for images (higher quality, faster, uses more ram)" @@ -19,12 +20,18 @@ optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tag source=("${url}/releases/download/v${pkgver}/${pkgname}-sfx.py" "${pkgname}.conf" "${pkgname}.service" - "https://raw.githubusercontent.com/9001/${pkgname}/hovudstraum/LICENSE" + "prisonparty.service" + "index.md" + "https://raw.githubusercontent.com/9001/${pkgname}/v${pkgver}/bin/prisonparty.sh" + "https://raw.githubusercontent.com/9001/${pkgname}/v${pkgver}/LICENSE" ) -backup=("etc/${pkgname}.conf" ) -sha256sums=("56c02d43a0e6c18d71295268674454b4c6f5ff2ccef30fb95f81d58d2d1e260d" - "c19df8d0b6cd32d0b37c68e4f170d8634644e7fe7d99c9030cc6f20622ef95b5" - "2ab7598e5150facb4f63bf5433b25b60874603f7a408bb37b24186c54a331b37" +backup=("etc/${pkgname}.d/init" ) +sha256sums=("56c02d43a0e6c18d71295268674454b4c6f5ff2ccef30fb95f81d58d2d1e260d" + "b8565eba5e64dedba1cf6c7aac7e31c5a731ed7153d6810288a28f00a36c28b2" + "f65c207e0670f9d78ad2e399bda18d5502ff30d2ac79e0e7fc48e7fbdc39afdc" + "c4f396b083c9ec02ad50b52412c84d2a82be7f079b2d016e1c9fad22d68285ff" + "dba701de9fd584405917e923ea1e59dbb249b96ef23bad479cf4e42740b774c8" + "0530459e6fbd57f770c374e960d2eb07a4e8c082c0007fb754454e45c0af57c6" "cb2ce3d6277bf2f5a82ecf336cc44963bc6490bcf496ffbd75fc9e21abaa75f3" ) @@ -33,13 +40,18 @@ package() { install -dm755 "${pkgdir}/etc/${pkgname}.d" install -Dm755 "${pkgname}-sfx.py" "${pkgdir}/usr/bin/${pkgname}" - install -Dm644 "${pkgname}.conf" "${pkgdir}/etc/${pkgname}.conf" + install -Dm755 "prisonparty.sh" "${pkgdir}/usr/bin/prisonparty" + install -Dm644 "${pkgname}.conf" "${pkgdir}/etc/${pkgname}.d/init" install -Dm644 "${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service" + install -Dm644 "prisonparty.service" "${pkgdir}/usr/lib/systemd/system/prisonparty.service" + install -Dm644 "index.md" "${pkgdir}/var/lib/${pkgname}-jail/README.md" install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE" - echo "------------" - echo "If this is your first time installing ${pkgname}, you'll want to copy the systemd service file" - echo "from /usr/lib/systemd/system/${pkgname}.service to /etc/systemd/system and edit /etc/${pkgname}.conf" - echo "to suit your needs" - echo "------------" + find /etc/${pkgname}.d -iname '*.conf' 2>/dev/null | grep -qE . && return + echo "┏━━━━━━━━━━━━━━━──-" + echo "┃ Configure ${pkgname} by adding .conf files into /etc/${pkgname}.d/" + echo "┃ and maybe copy+edit one of the following to /etc/systemd/system/:" + echo "┣━♦ /usr/lib/systemd/system/${pkgname}.service (standard)" + echo "┣━♦ /usr/lib/systemd/system/prisonparty.service (chroot)" + echo "┗━━━━━━━━━━━━━━━──-" } diff --git a/contrib/package/arch/copyparty.conf b/contrib/package/arch/copyparty.conf index ecfd8798..1d90d772 100644 --- a/contrib/package/arch/copyparty.conf +++ b/contrib/package/arch/copyparty.conf @@ -1,70 +1,7 @@ -## load /etc/copyparty.d/*.conf -## paths are relative from the location of each included file unless the path is absolute, for example % /etc/copyparty.d, max include depth is 64 -% copyparty.d +## import all *.conf files from the current folder (/etc/copyparty.d) +% ./ -## append some arguments to the commandline; -## the first space in a line counts as a separator, -## any additional spaces are part of the value - -#-e2dsa -#-e2ts -#-i 127.0.0.1 - -## create users: -## u username:password - -#u ed:password -#u user2:password2 - -## leave a blank line between volumes -## (and also between users and volumes) - -## create a volume: -## share "." (the current directory) -## as "/" (the webroot) for the following users: -## "r" grants read-access for anyone -## "rw ed" grants read-write to ed - -#. -#/ -#r -#rw ed - -## custom permissions for the "priv" folder: -## user "user2" can only see/read the contents -## user "ed" gets read-write access - -#./priv -#/priv -#r user2 -#rw ed - -## this does the same thing, -## and will cause an error on startup since /priv is already taken: - -#./priv -#/priv -#r ed user2 -#w ed - -## share /home/ed/Music/ as /music and let anyone read it -## (this will replace any folder called "music" in the webroot) - -#/home/ed/Music -#/music -#r - -## and a folder where anyone can upload -## but nobody can see the contents -## and set the e2d flag to enable the uploads database -## and set the nodupe flag to reject duplicate uploads - -#/home/ed/inc -#/dump -#w -#c e2d -#c nodupe - -## this entire config file can be replaced with these arguments (in the systemd file or the copyparty command): -## -u ed:password -u user2:password2 -v .::r:a,ed -v priv:priv:r,user2:rw,ed -v /home/ed/Music:music:r -v /home/ed/inc:dump:w:c,e2d,nodupe -## but note that the config file always wins in case of conflicts +# add additional .conf files to this folder; +# see example config files for reference: +# https://github.com/9001/copyparty/blob/hovudstraum/docs/example.conf +# https://github.com/9001/copyparty/tree/hovudstraum/docs/copyparty.d diff --git a/contrib/package/arch/copyparty.service b/contrib/package/arch/copyparty.service index 3d0fc23b..22dac3d6 100644 --- a/contrib/package/arch/copyparty.service +++ b/contrib/package/arch/copyparty.service @@ -1,35 +1,12 @@ -# this will start `/usr/local/bin/copyparty-sfx.py` -# and share '/mnt' with anonymous read+write +# this will start `/usr/bin/copyparty-sfx.py` +# and read config from `/etc/copyparty.d/*.conf` # -# installation: -# cp -pv copyparty.service /etc/systemd/system -# restorecon -vr /etc/systemd/system/copyparty.service -# firewall-cmd --permanent --add-port={80,443,3923}/tcp # --zone=libvirt -# firewall-cmd --reload -# systemctl daemon-reload && systemctl enable --now copyparty -# -# you may want to: +# you probably want to: # change "User=cpp" and "/home/cpp/" to another user -# remove the nft lines to only listen on port 3923 -# and in the ExecStart= line: -# change '/usr/bin/python3' to another interpreter -# change '/mnt::rw' to another location or permission-set -# add '-q' to disable logging on busy servers -# add '-i 127.0.0.1' to only allow local connections -# add '-e2dsa' to enable filesystem scanning + indexing -# add '-e2ts' to enable metadata indexing -# -# with `Type=notify`, copyparty will signal systemd when it is ready to -# accept connections; correctly delaying units depending on copyparty. -# But note that journalctl will get the timestamps wrong due to -# python disabling line-buffering, so messages are out-of-order: -# https://user-images.githubusercontent.com/241032/126040249-cb535cc7-c599-4931-a796-a5d9af691bad.png # # unless you add -q to disable logging, you may want to remove the # following line to allow buffering (slightly better performance): # Environment=PYTHONUNBUFFERED=x -# -# keep ExecStartPre before ExecStart, at least on rhel8 [Unit] Description=copyparty file server @@ -38,24 +15,18 @@ Description=copyparty file server Type=notify SyslogIdentifier=copyparty Environment=PYTHONUNBUFFERED=x +WorkingDirectory=/var/lib/copyparty-jail ExecReload=/bin/kill -s USR1 $MAINPID # user to run as + where the TLS certificate is (if any) User=cpp Environment=XDG_CONFIG_HOME=/home/cpp/.config -# setup forwarding from ports 80 and 443 to port 3923 -ExecStartPre=+/bin/bash -c 'nft -n -a list table nat | awk "/ to :3923 /{print\$NF}" | xargs -rL1 nft delete rule nat prerouting handle; true' -ExecStartPre=+nft add table ip nat -ExecStartPre=+nft -- add chain ip nat prerouting { type nat hook prerouting priority -100 \; } -ExecStartPre=+nft add rule ip nat prerouting tcp dport 80 redirect to :3923 -ExecStartPre=+nft add rule ip nat prerouting tcp dport 443 redirect to :3923 - # stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf' -# copyparty settings -ExecStart=/usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.conf +# run copyparty +ExecStart=/usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init [Install] WantedBy=multi-user.target diff --git a/contrib/package/arch/index.md b/contrib/package/arch/index.md new file mode 100644 index 00000000..016c0b0a --- /dev/null +++ b/contrib/package/arch/index.md @@ -0,0 +1,3 @@ +this is `/var/lib/copyparty-jail`, the fallback webroot when copyparty has not yet been configured + +please add some `*.conf` files to `/etc/copyparty.d/` diff --git a/contrib/package/arch/prisonparty.service b/contrib/package/arch/prisonparty.service new file mode 100644 index 00000000..de2d702b --- /dev/null +++ b/contrib/package/arch/prisonparty.service @@ -0,0 +1,31 @@ +# this will start `/usr/bin/copyparty-sfx.py` +# in a chroot, preventing accidental access elsewhere +# and read config from `/etc/copyparty.d/*.conf` +# +# expose additional filesystem locations to copyparty +# by listing them between the last `1000` and `--` +# +# `1000 1000` = what user to run copyparty as +# +# unless you add -q to disable logging, you may want to remove the +# following line to allow buffering (slightly better performance): +# Environment=PYTHONUNBUFFERED=x + +[Unit] +Description=copyparty file server + +[Service] +SyslogIdentifier=prisonparty +Environment=PYTHONUNBUFFERED=x +WorkingDirectory=/var/lib/copyparty-jail +ExecReload=/bin/kill -s USR1 $MAINPID + +# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running +ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf' + +# run copyparty +ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail 1000 1000 /etc/copyparty.d -- \ + /usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init + +[Install] +WantedBy=multi-user.target diff --git a/scripts/prep.sh b/scripts/prep.sh new file mode 100755 index 00000000..2dc2571c --- /dev/null +++ b/scripts/prep.sh @@ -0,0 +1,43 @@ +#!/bin/bash +set -e + +# general housekeeping before a release + +self=$(cd -- "$(dirname "$BASH_SOURCE")"; pwd -P) +ver=$(awk '/^VERSION/{gsub(/[^0-9]/," ");printf "%d.%d.%d\n",$1,$2,$3}' copyparty/__version__.py) + +update_arch_pkgbuild() { + cd "$self/../contrib/package/arch" + rm -rf x + mkdir x + + (echo "$self/../dist/copyparty-sfx.py" + awk -v self="$self" ' + /^\)/{o=0} + /^source=/{o=1;next} + { + sub(/..pkgname./,"copyparty"); + sub(/.*pkgver./,self "/.."); + sub(/^ +"/,"");sub(/"/,"") + } + o&&!/https/' PKGBUILD + ) | + xargs sha256sum > x/sums + + (awk -v ver=$ver ' + /^pkgver=/{sub(/[0-9\.]+/,ver)}; + /^sha256sums=/{exit}; + 1' PKGBUILD + echo -n 'sha256sums=(' + p=; cat x/sums | while read s _; do + echo "$p\"$s\"" + p=' ' + done + awk '/^sha256sums=/{o=1} o&&/^\)/{o=2} o==2' PKGBUILD + ) >a + mv a PKGBUILD + + rm -rf x +} + +update_arch_pkgbuild