Fix some bugs in ClubWebHostingService
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
* Don't read the value of an Apache directive unless we are sure it can only accept one argument * Handle the case where a club's www directory is not readable
This commit is contained in:
parent
4ebb9bb0a8
commit
8ad8271db1
|
@ -2,7 +2,12 @@
|
||||||
chmod 1777 /tmp
|
chmod 1777 /tmp
|
||||||
|
|
||||||
# don't resolve container names to *real* CSC machines
|
# don't resolve container names to *real* CSC machines
|
||||||
sed -E '/^(domain|search)[[:space:]]+csclub.uwaterloo.ca/d' /etc/resolv.conf > /tmp/resolv.conf
|
sed -E 's/([[:alnum:]-]+\.)*uwaterloo\.ca//g' /etc/resolv.conf > /tmp/resolv.conf
|
||||||
|
# remove empty 'search' lines, if we created them
|
||||||
|
sed -E -i '/^search[[:space:]]*$/d' /tmp/resolv.conf
|
||||||
|
# also remove the 'rotate' option, since this can cause the Docker DNS server
|
||||||
|
# to be circumvented
|
||||||
|
sed -E -i '/^options.*\brotate/d' /tmp/resolv.conf
|
||||||
cp /tmp/resolv.conf /etc/resolv.conf
|
cp /tmp/resolv.conf /etc/resolv.conf
|
||||||
rm /tmp/resolv.conf
|
rm /tmp/resolv.conf
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ Docker containers instead, which are much easier to work with than the VM.
|
||||||
|
|
||||||
First, make sure you create the virtualenv:
|
First, make sure you create the virtualenv:
|
||||||
```sh
|
```sh
|
||||||
docker run --rm -v "$PWD:$PWD" -w "$PWD" python:3.7-buster sh -c 'apt update && apt install -y libaugeas0 && python -m venv venv && . venv/bin/activate && pip install -r requirements.txt -r dev-requirements.txt'
|
docker run --rm -v "$PWD:$PWD:z" -w "$PWD" python:3.7-buster sh -c 'apt update && apt install -y libaugeas0 && python -m venv venv && . venv/bin/activate && pip install -r requirements.txt -r dev-requirements.txt'
|
||||||
```
|
```
|
||||||
Then bring up the containers:
|
Then bring up the containers:
|
||||||
```sh
|
```sh
|
||||||
|
|
|
@ -84,16 +84,19 @@ class ClubWebHostingService:
|
||||||
logger.debug('Reloading Apache')
|
logger.debug('Reloading Apache')
|
||||||
self._run(['systemctl', 'reload', 'apache2'])
|
self._run(['systemctl', 'reload', 'apache2'])
|
||||||
|
|
||||||
# This requires the APACHE_CONFIG_CRON environment variable to be
|
|
||||||
# set to 1 (e.g. in a systemd drop-in)
|
|
||||||
# See /etc/apache2/.git/hooks/pre-commit on caffeine
|
|
||||||
def _git_commit(self):
|
def _git_commit(self):
|
||||||
if not os.path.isdir(os.path.join(self.apache_dir, '.git')):
|
if not os.path.isdir(os.path.join(self.apache_dir, '.git')):
|
||||||
logger.debug('No git folder found in Apache directory')
|
logger.debug('No git folder found in Apache directory')
|
||||||
return
|
return
|
||||||
logger.debug('Committing changes to git repository')
|
logger.debug('Committing changes to git repository')
|
||||||
self._run(['git', 'add', APACHE_DISABLED_CLUBS_FILE], cwd=self.apache_dir)
|
self._run(
|
||||||
self._run(['git', 'commit', '-m', '[ceo] disable club websites'], cwd=self.apache_dir)
|
['git', 'add', APACHE_DISABLED_CLUBS_FILE],
|
||||||
|
cwd=self.apache_dir)
|
||||||
|
# See /etc/apache2/.git/hooks/pre-commit on caffeine
|
||||||
|
self._run(
|
||||||
|
['git', 'commit', '-m', '[ceo] disable club websites'],
|
||||||
|
cwd=self.apache_dir,
|
||||||
|
env={**os.environ, 'APACHE_CONFIG_CRON': '1'})
|
||||||
|
|
||||||
def commit(self):
|
def commit(self):
|
||||||
if not self.made_at_least_one_change:
|
if not self.made_at_least_one_change:
|
||||||
|
@ -112,12 +115,13 @@ class ClubWebHostingService:
|
||||||
directive_paths = self.aug.match(f'/files/etc/apache2/sites-available/{filename}/VirtualHost/directive')
|
directive_paths = self.aug.match(f'/files/etc/apache2/sites-available/{filename}/VirtualHost/directive')
|
||||||
for directive_path in directive_paths:
|
for directive_path in directive_paths:
|
||||||
directive = self.aug.get(directive_path)
|
directive = self.aug.get(directive_path)
|
||||||
directive_value = self.aug.get(directive_path + '/arg')
|
|
||||||
if directive == 'DocumentRoot':
|
if directive == 'DocumentRoot':
|
||||||
|
directive_value = self.aug.get(directive_path + '/arg')
|
||||||
match = APACHE_USERDIR_RE.match(directive_value)
|
match = APACHE_USERDIR_RE.match(directive_value)
|
||||||
if match is not None:
|
if match is not None:
|
||||||
club_name = match.group('club_name')
|
club_name = match.group('club_name')
|
||||||
elif directive == 'ServerAdmin':
|
elif directive == 'ServerAdmin':
|
||||||
|
directive_value = self.aug.get(directive_path + '/arg')
|
||||||
club_email = directive_value
|
club_email = directive_value
|
||||||
if club_name is not None:
|
if club_name is not None:
|
||||||
self.clubs[club_name]['email'] = club_email
|
self.clubs[club_name]['email'] = club_email
|
||||||
|
@ -157,9 +161,17 @@ class ClubWebHostingService:
|
||||||
|
|
||||||
def _site_uses_php(self, club_name: str) -> bool:
|
def _site_uses_php(self, club_name: str) -> bool:
|
||||||
www = f'{self.clubs_home}/{club_name}/www'
|
www = f'{self.clubs_home}/{club_name}/www'
|
||||||
if os.path.isdir(www):
|
if not os.path.isdir(www):
|
||||||
|
return False
|
||||||
|
try:
|
||||||
# We're just going to look one level deep; that should be good enough.
|
# We're just going to look one level deep; that should be good enough.
|
||||||
for filename in os.listdir(www):
|
filenames = os.listdir(www)
|
||||||
|
except os.error:
|
||||||
|
# If we're unable to read the directory (e.g. permissions error),
|
||||||
|
# then this means that the Apache user (www-data) can't read it either.
|
||||||
|
# So we can just return False here.
|
||||||
|
return False
|
||||||
|
for filename in filenames:
|
||||||
filepath = os.path.join(www, filename)
|
filepath = os.path.join(www, filename)
|
||||||
if os.path.isfile(filepath) and filename.endswith('.php'):
|
if os.path.isfile(filepath) and filename.endswith('.php'):
|
||||||
return True
|
return True
|
||||||
|
|
Loading…
Reference in New Issue