pkg/arch: add prisonparty

2025-08-17 09:02:15 -06:00 · 2023-02-05 00:07:04 +00:00 · 2023-02-05 00:07:04 +00:00 · 6939ca768b
parent e3957e8239
commit 6939ca768b
7 changed files with 115 additions and 116 deletions
--- a/.gitignore
+++ b/.gitignore
@ -25,6 +25,8 @@ copyparty.egg-info/
 copyparty/res/COPYING.txt
 copyparty/web/deps/
 srv/
+contrib/package/arch/pkg/
+contrib/package/arch/src/

 # state/logs
 up.*.txt
--- a/contrib/package/arch/PKGBUILD
+++ b/contrib/package/arch/PKGBUILD
@ -6,8 +6,9 @@ pkgdesc="Portable file sharing hub"
 arch=("any")
 url="https://github.com/9001/${pkgname}"
 license=('MIT')
-depends=("python3")
+depends=("python" "lsof")
 optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tags" 
+            "python-jinja: faster html generator" 
            "python-mutagen: music tags (alternative)" 
            "python-pillow: thumbnails for images" 
            "python-pyvips: thumbnails for images (higher quality, faster, uses more ram)" 
@ -19,12 +20,18 @@ optdepends=("ffmpeg: thumbnails for videos, images (slower) and audio, music tag
 source=("${url}/releases/download/v${pkgver}/${pkgname}-sfx.py" 
        "${pkgname}.conf"
        "${pkgname}.service"
-        "https://raw.githubusercontent.com/9001/${pkgname}/hovudstraum/LICENSE"
+        "prisonparty.service"
+        "index.md"
+        "https://raw.githubusercontent.com/9001/${pkgname}/v${pkgver}/bin/prisonparty.sh"
+        "https://raw.githubusercontent.com/9001/${pkgname}/v${pkgver}/LICENSE"
 )
-backup=("etc/${pkgname}.conf" )
-sha256sums=("56c02d43a0e6c18d71295268674454b4c6f5ff2ccef30fb95f81d58d2d1e260d" 
-            "c19df8d0b6cd32d0b37c68e4f170d8634644e7fe7d99c9030cc6f20622ef95b5"
-            "2ab7598e5150facb4f63bf5433b25b60874603f7a408bb37b24186c54a331b37"
+backup=("etc/${pkgname}.d/init" )
+sha256sums=("56c02d43a0e6c18d71295268674454b4c6f5ff2ccef30fb95f81d58d2d1e260d"
+            "b8565eba5e64dedba1cf6c7aac7e31c5a731ed7153d6810288a28f00a36c28b2"
+            "f65c207e0670f9d78ad2e399bda18d5502ff30d2ac79e0e7fc48e7fbdc39afdc"
+            "c4f396b083c9ec02ad50b52412c84d2a82be7f079b2d016e1c9fad22d68285ff"
+            "dba701de9fd584405917e923ea1e59dbb249b96ef23bad479cf4e42740b774c8"
+            "0530459e6fbd57f770c374e960d2eb07a4e8c082c0007fb754454e45c0af57c6"
            "cb2ce3d6277bf2f5a82ecf336cc44963bc6490bcf496ffbd75fc9e21abaa75f3"
 )

@ -33,13 +40,18 @@ package() {

    install -dm755 "${pkgdir}/etc/${pkgname}.d"
    install -Dm755 "${pkgname}-sfx.py" "${pkgdir}/usr/bin/${pkgname}"
-    install -Dm644 "${pkgname}.conf" "${pkgdir}/etc/${pkgname}.conf"
+    install -Dm755 "prisonparty.sh" "${pkgdir}/usr/bin/prisonparty"
+    install -Dm644 "${pkgname}.conf" "${pkgdir}/etc/${pkgname}.d/init"
    install -Dm644 "${pkgname}.service" "${pkgdir}/usr/lib/systemd/system/${pkgname}.service"
+    install -Dm644 "prisonparty.service" "${pkgdir}/usr/lib/systemd/system/prisonparty.service"
+    install -Dm644 "index.md" "${pkgdir}/var/lib/${pkgname}-jail/README.md"
    install -Dm644 "LICENSE" "${pkgdir}/usr/share/licenses/${pkgname}/LICENSE"

-    echo "------------"
-    echo "If this is your first time installing ${pkgname}, you'll want to copy the systemd service file"
-    echo "from /usr/lib/systemd/system/${pkgname}.service to /etc/systemd/system and edit /etc/${pkgname}.conf" 
-    echo "to suit your needs"
-    echo "------------"
+    find /etc/${pkgname}.d -iname '*.conf' 2>/dev/null | grep -qE . && return
+    echo "┏━━━━━━━━━━━━━━━──-"
+    echo "┃ Configure ${pkgname} by adding .conf files into /etc/${pkgname}.d/"
+    echo "┃ and maybe copy+edit one of the following to /etc/systemd/system/:"
+    echo "┣━♦ /usr/lib/systemd/system/${pkgname}.service   (standard)"
+    echo "┣━♦ /usr/lib/systemd/system/prisonparty.service (chroot)"
+    echo "┗━━━━━━━━━━━━━━━──-"
 }
--- a/contrib/package/arch/copyparty.conf
+++ b/contrib/package/arch/copyparty.conf
@ -1,70 +1,7 @@
-## load /etc/copyparty.d/*.conf
-## paths are relative from the location of each included file unless the path is absolute, for example % /etc/copyparty.d, max include depth is 64
-% copyparty.d
+## import all *.conf files from the current folder (/etc/copyparty.d)
+% ./

-## append some arguments to the commandline;
-## the first space in a line counts as a separator,
-## any additional spaces are part of the value
-
-#-e2dsa
-#-e2ts
-#-i 127.0.0.1
-
-## create users:
-## u username:password
-
-#u ed:password
-#u user2:password2
-
-## leave a blank line between volumes
-## (and also between users and volumes)
-
-## create a volume:
-## share "." (the current directory)
-## as "/" (the webroot) for the following users:
-## "r" grants read-access for anyone
-## "rw ed" grants read-write to ed
-
-#.
-#/
-#r
-#rw ed
-
-## custom permissions for the "priv" folder:
-## user "user2" can only see/read the contents
-## user "ed" gets read-write access
-
-#./priv
-#/priv
-#r user2
-#rw ed
-
-## this does the same thing,
-## and will cause an error on startup since /priv is already taken:
-
-#./priv
-#/priv
-#r ed user2
-#w ed
-
-## share /home/ed/Music/ as /music and let anyone read it
-## (this will replace any folder called "music" in the webroot)
-
-#/home/ed/Music
-#/music
-#r
-
-## and a folder where anyone can upload
-## but nobody can see the contents
-## and set the e2d flag to enable the uploads database
-## and set the nodupe flag to reject duplicate uploads
-
-#/home/ed/inc
-#/dump
-#w
-#c e2d
-#c nodupe
-
-## this entire config file can be replaced with these arguments (in the systemd file or the copyparty command):
-## -u ed:password -u user2:password2 -v .::r:a,ed -v priv:priv:r,user2:rw,ed -v /home/ed/Music:music:r -v /home/ed/inc:dump:w:c,e2d,nodupe
-## but note that the config file always wins in case of conflicts
+# add additional .conf files to this folder;
+# see example config files for reference:
+# https://github.com/9001/copyparty/blob/hovudstraum/docs/example.conf
+# https://github.com/9001/copyparty/tree/hovudstraum/docs/copyparty.d
--- a/contrib/package/arch/copyparty.service
+++ b/contrib/package/arch/copyparty.service
@ -1,35 +1,12 @@
-# this will start `/usr/local/bin/copyparty-sfx.py`
-# and share '/mnt' with anonymous read+write
+# this will start `/usr/bin/copyparty-sfx.py`
+# and read config from `/etc/copyparty.d/*.conf`
 #
-# installation:
-#   cp -pv copyparty.service /etc/systemd/system
-#   restorecon -vr /etc/systemd/system/copyparty.service
-#   firewall-cmd --permanent --add-port={80,443,3923}/tcp  # --zone=libvirt
-#   firewall-cmd --reload
-#   systemctl daemon-reload && systemctl enable --now copyparty
-#
-# you may want to:
+# you probably want to:
 #   change "User=cpp" and "/home/cpp/" to another user
-#   remove the nft lines to only listen on port 3923
-# and in the ExecStart= line:
-#   change '/usr/bin/python3' to another interpreter
-#   change '/mnt::rw' to another location or permission-set
-#   add '-q' to disable logging on busy servers
-#   add '-i 127.0.0.1' to only allow local connections
-#   add '-e2dsa' to enable filesystem scanning + indexing
-#   add '-e2ts' to enable metadata indexing
-#
-# with `Type=notify`, copyparty will signal systemd when it is ready to
-#   accept connections; correctly delaying units depending on copyparty.
-#   But note that journalctl will get the timestamps wrong due to
-#   python disabling line-buffering, so messages are out-of-order:
-#   https://user-images.githubusercontent.com/241032/126040249-cb535cc7-c599-4931-a796-a5d9af691bad.png
 #
 # unless you add -q to disable logging, you may want to remove the
 #   following line to allow buffering (slightly better performance):
 #   Environment=PYTHONUNBUFFERED=x
-#
-# keep ExecStartPre before ExecStart, at least on rhel8

 [Unit]
 Description=copyparty file server
@ -38,24 +15,18 @@ Description=copyparty file server
 Type=notify
 SyslogIdentifier=copyparty
 Environment=PYTHONUNBUFFERED=x
+WorkingDirectory=/var/lib/copyparty-jail
 ExecReload=/bin/kill -s USR1 $MAINPID

 # user to run as + where the TLS certificate is (if any)
 User=cpp
 Environment=XDG_CONFIG_HOME=/home/cpp/.config

-# setup forwarding from ports 80 and 443 to port 3923
-ExecStartPre=+/bin/bash -c 'nft -n -a list table nat | awk "/ to :3923 /{print\$NF}" | xargs -rL1 nft delete rule nat prerouting handle; true'
-ExecStartPre=+nft add table ip nat
-ExecStartPre=+nft -- add chain ip nat prerouting { type nat hook prerouting priority -100 \; }
-ExecStartPre=+nft add rule ip nat prerouting tcp dport 80 redirect to :3923
-ExecStartPre=+nft add rule ip nat prerouting tcp dport 443 redirect to :3923
-
 # stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running
 ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'

-# copyparty settings
-ExecStart=/usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.conf
+# run copyparty
+ExecStart=/usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init

 [Install]
 WantedBy=multi-user.target
--- a/contrib/package/arch/index.md
+++ b/contrib/package/arch/index.md
@ -0,0 +1,3 @@
+this is `/var/lib/copyparty-jail`, the fallback webroot when copyparty has not yet been configured
+
+please add some `*.conf` files to `/etc/copyparty.d/`
--- a/contrib/package/arch/prisonparty.service
+++ b/contrib/package/arch/prisonparty.service
@ -0,0 +1,31 @@
+# this will start `/usr/bin/copyparty-sfx.py`
+# in a chroot, preventing accidental access elsewhere
+# and read config from `/etc/copyparty.d/*.conf`
+#
+# expose additional filesystem locations to copyparty
+#   by listing them between the last `1000` and `--`
+#
+# `1000 1000` = what user to run copyparty as
+#
+# unless you add -q to disable logging, you may want to remove the
+#   following line to allow buffering (slightly better performance):
+#   Environment=PYTHONUNBUFFERED=x
+
+[Unit]
+Description=copyparty file server
+
+[Service]
+SyslogIdentifier=prisonparty
+Environment=PYTHONUNBUFFERED=x
+WorkingDirectory=/var/lib/copyparty-jail
+ExecReload=/bin/kill -s USR1 $MAINPID
+
+# stop systemd-tmpfiles-clean.timer from deleting copyparty while it's running
+ExecStartPre=+/bin/bash -c 'mkdir -p /run/tmpfiles.d/ && echo "x /tmp/pe-copyparty*" > /run/tmpfiles.d/copyparty.conf'
+
+# run copyparty
+ExecStart=/bin/bash /usr/bin/prisonparty /var/lib/copyparty-jail 1000 1000 /etc/copyparty.d -- \
+  /usr/bin/python3 /usr/bin/copyparty -c /etc/copyparty.d/init
+
+[Install]
+WantedBy=multi-user.target
--- a/scripts/prep.sh
+++ b/scripts/prep.sh
@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# general housekeeping before a release
+
+self=$(cd -- "$(dirname "$BASH_SOURCE")"; pwd -P)
+ver=$(awk '/^VERSION/{gsub(/[^0-9]/," ");printf "%d.%d.%d\n",$1,$2,$3}' copyparty/__version__.py)
+
+update_arch_pkgbuild() {
+    cd "$self/../contrib/package/arch"
+    rm -rf x
+    mkdir x
+
+    (echo "$self/../dist/copyparty-sfx.py"
+    awk -v self="$self" '
+        /^\)/{o=0}
+        /^source=/{o=1;next}
+        {
+            sub(/..pkgname./,"copyparty");
+            sub(/.*pkgver./,self "/..");
+            sub(/^ +"/,"");sub(/"/,"")
+        }
+        o&&!/https/' PKGBUILD
+    ) |
+    xargs sha256sum > x/sums
+
+    (awk -v ver=$ver '
+        /^pkgver=/{sub(/[0-9\.]+/,ver)};
+        /^sha256sums=/{exit};
+        1' PKGBUILD
+    echo -n 'sha256sums=('
+    p=; cat x/sums | while read s _; do
+        echo "$p\"$s\""
+        p='            '
+    done
+    awk '/^sha256sums=/{o=1} o&&/^\)/{o=2} o==2' PKGBUILD
+    ) >a
+    mv a PKGBUILD
+
+    rm -rf x
+}
+
+update_arch_pkgbuild