From 4d47fd187fa54485050a62556565d45df166ad3e Mon Sep 17 00:00:00 2001 From: Maurice ONeal Date: Tue, 24 Dec 2019 15:51:10 -0500 Subject: [PATCH] Installation structor updates changed the default installattion used in the linux_build.sh script to create an installer that deauly installs the application data files in the /var fold folder instead of the user specific folder in /home. also made it so it will now create a system user named after the name of the application and use that user to run the systemd service instead of the currently logged in user. doing this harded system security by having the application run as an under privileged user. this also opens up the possibility to lock down direct writing access to the host database to just the internal module (in a future update). removed the -start command line argument and have just the -host option to start new host instances. the -start option would start the host as the current user so i decided to remove it as a way to encourage end users to start/stop the host via systemd. --- docs/README.md | 3 +-- linux_build.sh | 73 ++++++++++++++++++++++++++++++-------------------- src/db.h | 10 ++++--- src/main.cpp | 20 +++----------- 4 files changed, 55 insertions(+), 51 deletions(-) diff --git a/docs/README.md b/docs/README.md index 0e8124c..28af4a7 100644 --- a/docs/README.md +++ b/docs/README.md @@ -10,13 +10,12 @@ Usage: mrci -help : display usage information about this application. - -start : start a new host instance in the background. (non-blocking) -stop : stop the current host instance if one is currently running. -about : display versioning/warranty information about this application. -addr {ip_address:port} : set the listening address and port for TCP clients. -status : display status information about the host instance if it is currently running. -reset_root : reset the root account password to the default password. - -host : this starts a blocking host instance. for internal use only. + -host : start a new host instance. (this blocks). -public_cmds : run the internal module to list it's public commands. for internal use only. -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only. -user_cmds : run the internal module to list it's user commands. for internal use only. diff --git a/linux_build.sh b/linux_build.sh index ec81851..509192b 100644 --- a/linux_build.sh +++ b/linux_build.sh @@ -5,12 +5,12 @@ installer_file="$2" src_dir="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" bin_name="mrci" -app_version="2.1.2" +app_version="2.1.3" app_name="MRCI" install_dir="/opt/$bin_name" +var_dir="/var/opt/$bin_name" bin_dir="/usr/bin" tmp_dir="$HOME/.cache/mrci_build" -user="$USER" if [ ! -d "$qt_dir" ]; then @@ -32,14 +32,14 @@ fi if [ -d "$tmp_dir" ]; then - rm -rfv $tmp_dir + rm -rf $tmp_dir fi if [ $? -eq 0 -a -d "$qt_dir" ]; then mkdir -vp $tmp_dir - cp -rv $src_dir/. $tmp_dir + cp -r $src_dir/. $tmp_dir cd $tmp_dir qmake -config release @@ -68,6 +68,7 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then echo "export QTDIR=$install_dir" >> $startup_script echo "export QT_PLUGIN_PATH=$install_dir" >> $startup_script echo "export LD_LIBRARY_PATH=\"$install_dir/lib:\$LD_LIBRARY_PATH\"" >> $startup_script + echo "export MRCI_DB_PATH=$var_dir/data.db" >> $startup_script echo "$install_dir/$bin_name \$1 \$2 \$3" >> $startup_script echo "#!/bin/sh" > $setup_script @@ -77,43 +78,57 @@ if [ $? -eq 0 -a -d "$qt_dir" ]; then echo "if [ ! -d \"$install_dir\" ]; then" >> $setup_script echo " sudo mkdir -p $install_dir" >> $setup_script echo "fi" >> $setup_script - echo "sudo cp -rfv ./lib $install_dir" >> $setup_script - echo "sudo cp -rfv ./sqldrivers $install_dir" >> $setup_script - echo "sudo cp -fv ./$bin_name $install_dir" >> $setup_script - echo "sudo cp -fv ./$bin_name.sh $install_dir" >> $setup_script - echo "sudo cp -fv ./uninstall.sh $install_dir" >> $setup_script - echo "sudo cp -fv ./$bin_name.service /etc/systemd/system/$bin_name@$USER.service" >> $setup_script - echo "sudo chmod 755 $install_dir/$bin_name" >> $setup_script - echo "sudo chmod 755 $install_dir/$bin_name.sh" >> $setup_script - echo "sudo chmod 755 $install_dir/uninstall.sh" >> $setup_script - echo "sudo chmod 755 $install_dir" >> $setup_script - echo "sudo chmod -R 755 $install_dir/lib" >> $setup_script - echo "sudo chmod -R 755 $install_dir/sqldrivers" >> $setup_script - echo "sudo chmod 755 /etc/systemd/system/$bin_name@$USER.service" >> $setup_script - echo "sudo ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script - echo "sudo systemctl start $bin_name@$USER" >> $setup_script - echo "sudo systemctl enable $bin_name@$USER" >> $setup_script - echo "echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script - echo "echo \" sh $install_dir/uninstall.sh\n\"" >> $setup_script + echo "if [ ! -d \"$var_dir\" ]; then" >> $setup_script + echo " sudo mkdir -p $var_dir" >> $setup_script + echo "fi" >> $setup_script + echo "cp -rfv ./lib $install_dir" >> $setup_script + echo "cp -rfv ./sqldrivers $install_dir" >> $setup_script + echo "cp -fv ./$bin_name $install_dir" >> $setup_script + echo "cp -fv ./$bin_name.sh $install_dir" >> $setup_script + echo "cp -fv ./uninstall.sh $install_dir" >> $setup_script + echo "cp -fv ./$bin_name.service /etc/systemd/system/$bin_name.service" >> $setup_script + echo "useradd -r $bin_name" >> $setup_script + echo "chmod 755 $install_dir/$bin_name" >> $setup_script + echo "chmod 755 $install_dir/$bin_name.sh" >> $setup_script + echo "chmod 755 $install_dir/uninstall.sh" >> $setup_script + echo "chmod 755 $install_dir" >> $setup_script + echo "chmod -R 755 $install_dir/lib" >> $setup_script + echo "chmod -R 755 $install_dir/sqldrivers" >> $setup_script + echo "chmod 755 /etc/systemd/system/$bin_name.service" >> $setup_script + echo "chown -R $bin_name:$bin_name $var_dir" >> $setup_script + echo "chmod -R 755 $var_dir" >> $setup_script + echo "ln -sf $install_dir/$bin_name.sh $bin_dir/$bin_name" >> $setup_script + echo "systemctl start $bin_name" >> $setup_script + echo "systemctl enable $bin_name" >> $setup_script + echo "if [ \$? -eq 0 ]; then" >> $setup_script + echo " echo \"\nInstallation finished. If you ever need to uninstall this application, run this command:\n\"" >> $setup_script + echo " echo \" $install_dir/uninstall.sh\n\"" >> $setup_script + echo "fi" >> $setup_script echo "[Unit]" > $service_file - echo "Description=$app_name host" >> $service_file + echo "Description=$app_name Host Daemon" >> $service_file echo "After=network.target" >> $service_file echo "" >> $service_file echo "[Service]" >> $service_file echo "Type=simple" >> $service_file - echo "User=%i" >> $service_file + echo "User=$bin_name" >> $service_file + echo "Restart=on-failure" >> $service_file + echo "RestartSec=5" >> $service_file + echo "TimeoutStopSec=infinity" >> $service_file echo "ExecStart=/usr/bin/env $bin_name -host" >> $service_file + echo "ExecStop=/usr/bin/env $bin_name -stop" >> $service_file echo "" >> $service_file echo "[Install]" >> $service_file echo "WantedBy=multi-user.target" >> $service_file echo "#!/bin/sh" > $uninstall_script - echo "sudo systemctl -q stop $bin_name@$USER" >> $uninstall_script - echo "sudo systemctl -q disable $bin_name@$USER" >> $uninstall_script - echo "sudo rm -v /etc/systemd/system/$bin_name@$USER.service" >> $uninstall_script - echo "sudo rm -v $bin_dir/$bin_name" >> $uninstall_script - echo "sudo rm -rv $install_dir" >> $uninstall_script + echo "systemctl -q stop $bin_name" >> $uninstall_script + echo "systemctl -q disable $bin_name" >> $uninstall_script + echo "rm -v /etc/systemd/system/$bin_name.service" >> $uninstall_script + echo "rm -v $bin_dir/$bin_name" >> $uninstall_script + echo "rm -rv $install_dir" >> $uninstall_script + echo "chown -R root:root $var_dir" >> $uninstall_script + echo "deluser $bin_name" >> $uninstall_script chmod +x $setup_script diff --git a/src/db.h b/src/db.h index 165d8cd..e359307 100644 --- a/src/db.h +++ b/src/db.h @@ -37,25 +37,27 @@ #include "shell.h" #define APP_NAME "MRCI" -#define APP_VER "2.1.2" +#define APP_VER "2.1.3" #define APP_TARGET "mrci" #ifdef Q_OS_WIN #define DEFAULT_MAILBIN "%COMSPEC%" #define DEFAULT_MAIL_SEND "echo %message_body% | mutt -s %subject% %target_email%" -#define DEFAULT_DB_PATH "%LOCALAPPDATA%\\%EXENAME%\\data.db" +#define DEFAULT_DB_PATH "%PROGRAMDATA%\\mrci\\data.db" +#define DEFAULT_WORK_DIR "%PROGRAMDATA%\\mrci" #else #define DEFAULT_MAILBIN "/bin/sh" #define DEFAULT_MAIL_SEND "-c \"echo %message_body% | mutt -s %subject% %target_email%\"" -#define DEFAULT_DB_PATH "$HOME/.$EXENAME/data.db" +#define DEFAULT_DB_PATH "/var/opt/mrci/data.db" +#define DEFAULT_WORK_DIR "/var/opt/mrci" #endif #define ENV_DB_PATH "MRCI_DB_PATH" -#define ENV_EXENAME "EXENAME" +#define ENV_WORK_DIR "MRCI_WORK_DIR" #define ROOT_USER "root" #define SUBJECT_SUB "%subject%" #define MSG_SUB "%message_body%" diff --git a/src/main.cpp b/src/main.cpp index f60509c..c51577b 100644 --- a/src/main.cpp +++ b/src/main.cpp @@ -60,13 +60,12 @@ void showHelp() txtOut << "Usage: " << APP_TARGET << " " << endl << endl; txtOut << "" << endl << endl; txtOut << " -help : display usage information about this application." << endl; - txtOut << " -start : start a new host instance in the background. (non-blocking)" << endl; txtOut << " -stop : stop the current host instance if one is currently running." << endl; txtOut << " -about : display versioning/warranty information about this application." << endl; txtOut << " -addr {ip_address:port} : set the listening address and port for TCP clients." << endl; txtOut << " -status : display status information about the host instance if it is currently running." << endl; txtOut << " -reset_root : reset the root account password to the default password shown below." << endl; - txtOut << " -host : this starts a blocking host instance. for internal use only." << endl; + txtOut << " -host : start a new host instance. (this blocks)" << endl; txtOut << " -public_cmds : run the internal module to list it's public commands. for internal use only." << endl; txtOut << " -exempt_cmds : run the internal module to list it's rank exempt commands. for internal use only." << endl; txtOut << " -user_cmds : run the internal module to list it's user commands. for internal use only." << endl; @@ -110,12 +109,12 @@ int main(int argc, char *argv[]) serializeThread(app.thread()); - QDir::setCurrent(QDir::homePath()); + QString workDir = expandEnvVariables(qEnvironmentVariable(ENV_WORK_DIR, DEFAULT_WORK_DIR)); + + QDir::setCurrent(workDir); QCoreApplication::setApplicationName(APP_NAME); QCoreApplication::setApplicationVersion(APP_VER); - qputenv(ENV_EXENAME, APP_TARGET); - QString err; QStringList args = QCoreApplication::arguments(); bool dbFail = false; @@ -225,17 +224,6 @@ int main(int argc, char *argv[]) } } } - else if (args.contains("-start", Qt::CaseInsensitive)) - { - if (dbFail) - { - soeDueToDbErr(&ret); - } - else - { - QProcess::startDetached(QCoreApplication::applicationFilePath(), QStringList() << "-host"); - } - } else if (args.contains("-stop", Qt::CaseInsensitive) || args.contains("-status", Qt::CaseInsensitive)) { ret = shellToHost(args, app);