deploy-go.sh - randomcrap - random crap programs of varying quality
(HTM) git clone git://git.codemadness.org/randomcrap
(DIR) Log
(DIR) Files
(DIR) Refs
(DIR) README
(DIR) LICENSE
---
deploy-go.sh (3014B)
---
1 #!/bin/sh
2 # Script to deploy a Go application to an OpenBSD server.
3
4 srcdir="$(dirname $(readlink -f $0))"
5 dir="/var/www/domains/hostname.org/program"
6 daemon="daemonname"
7 user="_${daemon}"
8 group="_${daemon}"
9 class="daemon"
10 file="/usr/local/sbin/${daemon}"
11
12 doas rcctl stop "${daemon}"
13
14 # install (new) rc file.
15
16 cat > "/etc/rc.d/${daemon}" <<!EOF
17 #!/bin/sh
18 # This sets up a chroot for a service.
19 # the service is priv-dropped.
20 # NOTE: depending on your service some build_chroot steps can be omitted.
21 # IMPORTANT: !!! make sure the service directory has no setuid binaries!!!
22 #
23 # Some tips:
24 # - idealy setup a separate partition for services with mount options:
25 # nodev,nosuid,ro options.
26 # - pledge(2) the service program.
27 # - specific pf rules for service.
28 # - setup resource limits for service user.
29
30 chroot_daemon="/bin/${daemon}"
31 original_daemon="${file}"
32 chroot="/services/${daemon}"
33 user="${user}"
34 group="${group}"
35 www="${dir}"
36
37 daemon="chroot -u \${user} -g \${group} \${chroot} \${chroot_daemon}"
38 daemon_flags="-config /config.json"
39 daemon_timeout="10"
40
41 . /etc/rc.d/rc.subr
42
43 rc_reload=NO
44 rc_bg=YES
45
46 pexp="\${chroot_daemon} .*"
47
48 build_chroot() {
49 # Clean previous environment.
50 rm -rf "\${chroot}"
51
52 # Locations of binaries and libraries.
53 mkdir -p "\${chroot}/etc" \\
54 "\${chroot}/bin" \\
55 "\${chroot}/dev" \\
56 "\${chroot}/usr/lib" \\
57 "\${chroot}/usr/libexec"
58
59 # Copy original daemon.
60 cp "\${original_daemon}" "\${chroot}/bin"
61
62 # Copy directories in root (ugly).
63 cp -R "\${www}/"* "\${chroot}/"
64
65 # Copy zoneinfo file from host.
66 cp "/etc/localtime" "\${chroot}/etc/localtime"
67
68 # Copy password and group information, filter only the service user
69 # and group.
70 grep -E "^(root|daemon|\${user}):" /etc/passwd > "\${chroot}/etc/passwd"
71 grep "\${group}" "/etc/group" > "\${chroot}/etc/group"
72 # default DNS resolver.
73 cp /etc/resolv.conf "\${chroot}/etc"
74
75 # cert bundle.
76 mkdir -p "\${chroot}/etc/ssl"
77 cp /etc/ssl/cert.pem "\${chroot}/etc/ssl"
78
79 # copy shared core libraries.
80 cp /usr/lib/libpthread.so.* "\${chroot}/usr/lib"
81 cp /usr/lib/libc.so.* "\${chroot}/usr/lib"
82 cp /usr/libexec/ld.so "\${chroot}/usr/libexec"
83
84 # setup /dev
85 # NOTE: make sure mount in $chroot does not have "nodev" set.
86 mknod -m 644 "\${chroot}/dev/urandom" c 45 2
87 mknod -m 666 "\${chroot}/dev/null" c 2 2
88
89 # Set owner to daemon user.
90 chown -R "\${user}:\${group}" "\${chroot}"
91 }
92
93 rc_pre() {
94 build_chroot
95 }
96
97 rc_cmd \$1
98 !EOF
99
100 chown root:daemon "/etc/rc.d/${daemon}"
101 chmod 755 "/etc/rc.d/${daemon}"
102
103 # add daemon user if it doesn't exist.
104 useradd -L "${class}" -d "${dir}" "${user}"
105
106 # clean (possible) previous install.
107 rm -rf "${dir}"
108 #mkdir -p "${dir}"
109
110 cp -R "${srcdir}/www/" "${dir}"
111 chown -R "${user}:${group}" "${dir}"
112
113 cp "${srcdir}/${daemon}" "${file}"
114 chown root:wheel "${file}"
115
116 # show checksum of binary file.
117 sha256 "${file}"
118
119 # start by default.
120 doas rcctl enable "${daemon}"
121 # start
122 doas rcctl start "${daemon}"
123 echo "status: $?"
124
125 # show if daemon is really running.
126 ps -A | grep "${file}"