From e566c94b43fa96b1e11d6faa0b4365b3be73434e Mon Sep 17 00:00:00 2001 From: Girish Ramakrishnan Date: Tue, 4 Jun 2019 17:14:29 -0700 Subject: [PATCH] Bring in various gogs features better custom app.ini optional sso support always create root user --- CloudronManifest.json | 1 + Dockerfile | 1 + POSTINSTALL.md | 18 ++++++------ start.sh | 66 ++++++++++++++++++++++++++++++------------- 4 files changed, 58 insertions(+), 28 deletions(-) diff --git a/CloudronManifest.json b/CloudronManifest.json index 20dbb70..9631dfe 100644 --- a/CloudronManifest.json +++ b/CloudronManifest.json @@ -24,6 +24,7 @@ "website": "https://gitea.io", "contactEmail": "apps@cloudron.io", "icon": "file://logo.png", + "optionalSso": true, "mediaLinks": [ "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png", "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png", diff --git a/Dockerfile b/Dockerfile index 26faebb..76945c6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -13,6 +13,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git RUN passwd -d git RUN mkdir -p /home/git/gitea +WORKDIR /home/git RUN curl -L https://dl.gitea.io/gitea/1.8.2/gitea-1.8.2-linux-amd64 -o /home/git/gitea/gitea \ && chmod +x /home/git/gitea/gitea diff --git a/POSTINSTALL.md b/POSTINSTALL.md index f5dafe1..300a734 100644 --- a/POSTINSTALL.md +++ b/POSTINSTALL.md @@ -1,12 +1,14 @@ -This app integrates with the Cloudron SSO. Admins on Cloudron automatically -become admins on Gitea. +A default admin user has been setup with the following credentials (use the `Local` authentication source when logging in): -If you want to disable Cloudron SSO, do the following: +``` +username: root +password: changeme +``` -* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated' -* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password +**Note:** Please change the password and email immediately after installation. -You can edit `/app/data/app.ini` and add any custom configuration. See the -[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet) -for more information. + +This app integrates with the Cloudron SSO. Cloudron users can login and use Gitea +using the `Cloudron` authentication source. + diff --git a/start.sh b/start.sh index 596b518..b70ca24 100755 --- a/start.sh +++ b/start.sh @@ -7,27 +7,56 @@ mkdir -p /run/gitea/tmp/uploads /run/sshd setup_ldap_source() { set -eu - # Wait for gitea to finish db setup, before we insert ldap source in db - while ! curl --fail http://localhost:3000/healthcheck; do - echo "Waiting for gitea to come up" - sleep 1 - done - - now=$(date +%s) - # Get the existing LDAP source status. This allows the user to disable LDAP + # Note that this method is deprecated since this app now supports optionalSso ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';") [[ -z "${ldap_status}" ]] && ldap_status="1" + now=$(date +%s) + if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \ -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then - echo "LDAP Authentication was setup with status ${ldap_status}" + echo "==> LDAP Authentication was setup with activation status ${ldap_status}" else - echo "Failed to setup LDAP authentication" + echo "==> Failed to setup LDAP authentication" exit 1 fi } +setup_root_user() { + set -eu + + if sudo -H -u git /home/git/gitea/gitea admin create-user --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then + echo "==> root user added" + else + echo "==> Failed to add root user" + exit 1 + fi +} + +setup_auth() { + set -eu + + # Wait for gitea to finish db setup, before we do any db operations + while ! curl --fail http://localhost:3000/healthcheck; do + echo "==> Waiting for gitea to come up" + sleep 1 + done + + echo "==> Gitea is up, setting up auth" + + if [[ -n "${LDAP_SERVER:-}" ]]; then + setup_ldap_source + fi + + user_count=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;") + # be careful, not to create root user for existing LDAP based installs + if [[ "${user_count}" == "0" ]]; then + echo "==> Setting up root user for first run" + setup_root_user + fi +} + # SSH_PORT can be unset to disable SSH disable_ssh="false" if [[ -z "${SSH_PORT:-}" ]]; then @@ -52,19 +81,15 @@ chmod 0644 /app/data/sshd/*.pub sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config -cp /home/git/app.ini.template "/run/gitea/app.ini" +if [[ ! -f /app/data/app.ini ]]; then + echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini -# create default user config file -if ! [ -f /app/data/app.ini ]; then - cp /home/git/app.ini.template /app/data/app.ini -fi - -if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then - echo "Generating new SECRET_KEY" + echo "==> Generating new SECRET_KEY" crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s) fi # merge user config file +cp /home/git/app.ini.template "/run/gitea/app.ini" crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini" # override important values @@ -94,11 +119,12 @@ crudini --set "/run/gitea/app.ini" log MODE "console" crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea" crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve" +echo "==> Creating dirs and changing permissions" mkdir -p /app/data/repository /app/data/ssh /app/data/custom - chown -R git:git /app/data /run/gitea -( setup_ldap_source ) & +# this expects app.ini to be available +( setup_auth ) & exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea