Packaging: Cherry-pick rpm/deb scriptlets from st2-packages (#6313)

cognifloyd · web-flow · commit 8f826bcb0682 · 2025-03-07T10:09:21.000-06:00
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -111,7 +111,7 @@ Added
 * Add python 3.10 and 3.11 to the GitHub Actions test matrix.
   Contributed by @nzlosh, @guzzijones12, and @cognifloyd
 
-* Copy systemd files from st2-packages.git for future packaging via pants. #6303
+* Copy systemd files and rpm/deb scriptlets from st2-packages.git for future packaging via pants. #6303 #6313
   Cherry-picked by @cognifloyd
 
 * Cherry-pick changes to runners.sh from st2-packages git repo. #6302
diff --git a/packaging/deb/scripts/BUILD b/packaging/deb/scripts/BUILD
@@ -0,0 +1 @@
+shell_sources(skip_shellcheck=True)
diff --git a/packaging/deb/scripts/post-install.sh b/packaging/deb/scripts/post-install.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+# postinst script for st2
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postinst> `configure' <most-recently-configured-version>
+#        * <old-postinst> `abort-upgrade' <new version>
+#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+#          <new-version>
+#        * <postinst> `abort-remove'
+#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+#          <failed-install-package> <version> `removing'
+#          <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+ST2_USER=st2
+PACKS_GROUP=st2packs
+ST2_UPGRADESTAMP="/tmp/.stamp-stackstorm-st2-deb-package"
+upgrading=0
+
+## Permissions of files which should be set on install
+SET_PERMS=$(cat <<EHD | sed 's/\s\+/ /g'
+-R ug+rw root:_packsgroup /opt/stackstorm/packs
+-R ug+rw root:_packsgroup /usr/share/doc/st2/examples
+   ug+rw root:_packsgroup /opt/stackstorm/virtualenvs
+   755 _st2user:root      /opt/stackstorm/configs
+   755 _st2user:root      /opt/stackstorm/exports
+   755 _st2user:root      /var/log/st2
+   755 _st2user:root      /var/run/st2
+   600 _st2user:_st2user  /etc/st2/htpasswd
+EHD
+)
+
+## Fix directories permissions on install (different across maint scripts!)
+set_permissions() {
+  local fileperms="$1"
+  fileperms=$(echo "$fileperms" | sed -e "s/_st2user/$ST2_USER/g" -e "s/_packsgroup/$PACKS_GROUP/g")
+  # Reqursively chown given destinations!
+  echo "$fileperms" | cut -f1,3,4 -d' ' | xargs -L1 chown
+  # Set directories mode
+  echo "$fileperms" | cut -f1,2,4 -d' ' | xargs -L1 chmod
+}
+
+# Choose first install or upgrade
+[ -f $ST2_UPGRADESTAMP ] && upgrading=1 || :
+
+case "$1" in
+    configure)
+      # Initially set destination files owenership (only on the first install)
+      [ "$upgrading" = 1 ] || set_permissions "$SET_PERMS"
+      rm -f $ST2_UPGRADESTAMP
+
+      # make sure that our socket generators run
+      systemctl daemon-reload >/dev/null 2>&1 || true
+    ;;
+    abort-upgrade|abort-remove|abort-deconfigure)
+    ;;
+
+    *)
+        echo "postinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packaging/deb/scripts/post-remove.sh b/packaging/deb/scripts/post-remove.sh
@@ -0,0 +1,53 @@
+#!/bin/sh
+# postrm script for st2
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <postrm> `remove'
+#        * <postrm> `purge'
+#        * <old-postrm> `upgrade' <new-version>
+#        * <new-postrm> `failed-upgrade' <old-version>
+#        * <new-postrm> `abort-install'
+#        * <new-postrm> `abort-install' <old-version>
+#        * <new-postrm> `abort-upgrade' <old-version>
+#        * <disappearer's-postrm> `disappear' <overwriter>
+#          <overwriter-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+## Save st2 logrotate config on remove, but wipe it out on purge.
+preserve_logrotate() {
+  if [ "$1" = remove ]; then
+    [ -f /etc/logrotate.d/st2 ] && mv /etc/logrotate.d/st2-pkgsaved.disabled 1>/dev/null 2>&1 || :
+  elif [ "$1" = purge ]; then
+    rm -f /etc/logrotate.d/st2-pkgsaved.disabled 1>/dev/null 2>&1 || :
+    # Clean up other StackStorm related configs and directories
+    rm -rf /etc/st2 1>/dev/null 2>&1 || :
+    rm -rf /opt/stackstorm 1>/dev/null 2>&1 || :
+    rm -rf /root/.st2 1>/dev/null 2>&1 || :
+    rm -rf /var/log/st2 1>/dev/null 2>&1 || :
+    rm -f /etc/sudoers.d/st2 1>/dev/null 2>&1 || :
+  fi
+}
+
+case "$1" in
+    remove|purge)
+      preserve_logrotate "$1"
+    ;;
+    upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+    ;;
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packaging/deb/scripts/pre-install.sh b/packaging/deb/scripts/pre-install.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+# preinst script for st2
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+#        * <new-preinst> `install'
+#        * <new-preinst> `install' <old-version>
+#        * <new-preinst> `upgrade' <old-version>
+#        * <old-preinst> `abort-upgrade' <new-version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+PACKS_GROUP=st2packs
+SYS_USER=stanley
+ST2_USER=st2
+ST2_CONFPATH="/etc/st2/st2.conf"
+ST2_UPGRADESTAMP="/tmp/.stamp-stackstorm-st2-deb-package"
+
+## Permissions of directories which has to be reset on upgrade
+RESET_PERMS=$(cat <<EHD | sed 's/\s\+/ /g'
+ug+rw root:_packsgroup /opt/stackstorm/packs
+ug+rw root:_packsgroup /usr/share/doc/st2/examples
+ug+rw root:_packsgroup /opt/stackstorm/virtualenvs
+755 _st2user:root      /opt/stackstorm/configs
+755 _st2user:root      /opt/stackstorm/overrides
+755 _st2user:root      /opt/stackstorm/exports
+EHD
+)
+
+## Create stackstorm users and groups
+create_users() {
+  # create st2 user (services user)
+  (id $ST2_USER 1>/dev/null 2>&1) ||
+    adduser --group --disabled-password --no-create-home --system $ST2_USER
+
+  # make st2 member of st2packs group
+  (getent group $PACKS_GROUP 1>/dev/null 2>&1) || groupadd -r $PACKS_GROUP
+  (groups $ST2_USER 2>/dev/null | grep -q "\b${PACKS_GROUP}\b") ||
+    usermod -a -G $PACKS_GROUP $ST2_USER
+
+  # create stanley user (for actionrunner service)
+  if (! id $SYS_USER 1>/dev/null 2>&1); then
+    adduser --group $SYS_USER
+    adduser --disabled-password --gecos "" --ingroup $SYS_USER $SYS_USER
+  fi
+}
+
+## [NOT USED!] Get current system user from the st2.conf
+config_sysuser() {
+  # exit hooked
+  return 0
+  local sysuser=
+  if [ -f $ST2_CONFPATH ]; then
+    sysuser=$(cat $ST2_CONFPATH |
+      sed -n -e '/\[system_user\]/,/\[.*\]\|\$/ { /\[.*\]/d; /user\s*=/ { s/\s*user\s*=\s*//; p } }')
+  fi
+  echo $sysuser
+}
+
+## Update logrotate configuration
+enable_logrotate() {
+  [ -f /etc/logrotate.d/st2-pkgsaved.disabled ] &&
+    mv -f /etc/logrotate.d/st2-pkgsaved.disabled /etc/logrotate.d/st2 || :
+}
+
+## Fix directories permissions on upgrade (different across maint scripts!)
+#  NB! USED FOR COMPATIBILITY ON UPGRADE FROM PREVIOUS VERSIONS OF PACKAGES.
+#  NB! In future package releases reseting permissions SHOULD BE REMOVED.
+#
+set_permissions() {
+  local fileperms="$1" mode= ownership= path= current_ownership= user= group=
+
+  echo "$fileperms" | sed -e "s/_packsgroup/$PACKS_GROUP/g" -e "s/_st2user/$ST2_USER/g" |
+  while read mode ownership path; do
+    user=$(echo $ownership | cut -f1 -d:)
+    group=$(echo $ownership | cut -f2 -d:)
+    # set top level permissions whether it's a file or directory
+    [ -e $path ] || continue
+    chown $ownership $path && chmod $mode $path
+
+    # recursively change permissions of children (since those are directories)
+    find $path -mindepth 1 -maxdepth 1 -not \( -user $user -group $group \) |
+      xargs -I {} sh -c "echo chown -R $ownership {} && echo chmod -R $mode {}"
+  done
+}
+
+case "$1" in
+    install)
+      create_users
+      enable_logrotate
+    ;;
+    upgrade)
+      create_users
+      enable_logrotate
+      set_permissions "$RESET_PERMS"
+      touch $ST2_UPGRADESTAMP
+    ;;
+    abort-upgrade)
+    ;;
+    *)
+        echo "preinst called with unknown argument \`$1'" >&2
+        exit 1
+    ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+exit 0
diff --git a/packaging/rpm/scripts/BUILD b/packaging/rpm/scripts/BUILD
@@ -0,0 +1 @@
+shell_sources(skip_shellcheck=True)
diff --git a/packaging/rpm/scripts/post-install.sh b/packaging/rpm/scripts/post-install.sh
@@ -0,0 +1,4 @@
+set -e
+
+# make sure that our socket generators run
+systemctl daemon-reload >/dev/null 2>&1 || true
diff --git a/packaging/rpm/scripts/pre-install.sh b/packaging/rpm/scripts/pre-install.sh
@@ -0,0 +1,60 @@
+set -e
+
+PACKS_GROUP=%{packs_group}
+SYS_USER=%{stanley_user}
+ST2_USER=%{svc_user}
+
+## Permissions of directories which has to be reset on upgrade
+RESET_PERMS=$(cat <<EHD | sed 's/\s\+/ /g'
+ug+rw root:_packsgroup /opt/stackstorm/packs
+ug+rw root:_packsgroup /usr/share/doc/st2/examples
+ug+rw root:_packsgroup /opt/stackstorm/virtualenvs
+755 _st2user:root      /opt/stackstorm/configs
+755 _st2user:root      /opt/stackstorm/exports
+755 _st2user:root      /opt/stackstorm/overrides
+EHD
+)
+
+## Create stackstorm users and groups (differs from debian)
+create_users() {
+  # create st2 user (services user)
+  (id $ST2_USER 1>/dev/null 2>&1) ||
+    adduser --no-create-home --system --user-group $ST2_USER
+
+  # make st2 member of st2packs group
+  (getent group $PACKS_GROUP 1>/dev/null 2>&1) || groupadd -r $PACKS_GROUP
+  (groups $ST2_USER 2>/dev/null | grep -q "\b${PACKS_GROUP}\b") ||
+    usermod -a -G $PACKS_GROUP $ST2_USER
+
+  # create stanley user (unprivileged action user, we don't ship sudoers.d config)
+  (id $SYS_USER 1>/dev/null 2>&1) ||
+    adduser --user-group $SYS_USER
+}
+
+## Fix directories permissions on upgrade (different across maint scripts!)
+#  NB! USED FOR COMPATIBILITY ON UPGRADE FROM PREVIOUS VERSIONS OF PACKAGES.
+#  NB! In future package releases reseting permissions SHOULD BE REMOVED.
+#
+set_permissions() {
+  local fileperms="$1" mode= ownership= path= current_ownership= user= group=
+
+  echo "$fileperms" | sed -e "s/_packsgroup/$PACKS_GROUP/g" -e "s/_st2user/$ST2_USER/g" |
+  while read mode ownership path; do
+    user=$(echo $ownership | cut -f1 -d:)
+    group=$(echo $ownership | cut -f2 -d:)
+    # set top level permissions whether it's a file or directory
+    [ -e $path ] || continue
+    chown $ownership $path && chmod $mode $path
+
+    # recursively change permissions of children (since those are directories)
+    find $path -mindepth 1 -maxdepth 1 -not \( -user $user -group $group \) |
+      xargs -I {} sh -c "chown -R $ownership {} && chmod -R $mode {}"
+  done
+}
+
+create_users
+
+# We perform upgrade (when install count > 1)
+if [ "$1" -gt 1 ]; then
+  set_permissions "$RESET_PERMS"
+fi

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +set -e
++
 +# make sure that our socket generators run
 +systemctl daemon-reload >/dev/null 2>&1 || true