diff options
-rw-r--r-- | .SRCINFO | 18 | ||||
-rw-r--r-- | .install | 35 | ||||
-rw-r--r-- | PKGBUILD | 37 | ||||
-rw-r--r-- | rserve-sandbox-docker.service | 43 | ||||
-rwxr-xr-x | run.sh | 178 |
5 files changed, 311 insertions, 0 deletions
diff --git a/.SRCINFO b/.SRCINFO new file mode 100644 index 000000000000..66917a36d0e2 --- /dev/null +++ b/.SRCINFO @@ -0,0 +1,18 @@ +pkgbase = rserve-sandbox-docker-bin + pkgdesc = Pre-compiled version of a Docker spec for running Rserve in a sandbox + pkgver = r6.fb0ec65 + pkgrel = 1 + url = https://gitlab.com/frnmst/rserve-sandbox-bin + install = .install + arch = x86_64 + license = BSD + makedepends = git + makedepends = sed + depends = r + depends = docker + conflicts = rserve-sandbox-docker + source = git+https://gitlab.com/frnmst/rserve-sandbox-bin#branch=distro-package + md5sums = SKIP + +pkgname = rserve-sandbox-docker-bin + diff --git a/.install b/.install new file mode 100644 index 000000000000..9c4778de8388 --- /dev/null +++ b/.install @@ -0,0 +1,35 @@ +post_install() { + # Add rserve user and group. + getent group rserve &>/dev/null || groupadd -g 32749 -r rserve >/dev/null + getent passwd rserve &>/dev/null || useradd -u 32749 -m -d /home/rserve \ +-s /bin/false -r -g rserve rserve >/dev/null + # Exec the chmod just like in the Makefile. + chmod 750 /home/rserve + + # Add rsd user and group. + getent group rsd &>/dev/null || groupadd -r rsd >/dev/null + getent passwd rsd &>/dev/null || useradd -s /bin/false \ +-r -g rsd rsd >/dev/null + + # This is explained in the Arch Wiki. It seems that anyone belonging to the + # docker group has root capablities, so creating a separate user to run + # Docker is necessary in my opinion. + gpasswd -a rsd docker >/dev/null + + chown -R rsd:rsd /usr/share/rserve-sandbox-docker + + printf "\n\n%s\n\n" "Before starting the service \ +you must run \ +sudo -u rsd rserve-sandbox-docker -i" + printf "%s\n\n" "You can then start and enable \ +rserve-sandbox-docker.service to run the server." +} + +post_remove() { + printf "\n\n%s\n" "To remove images and containters: \ +rm -rf /var/lib/docker \ +as described in \ +<https://docs.docker.com/engine/installation/linux/archlinux/#/uninstallation>" + printf "%s\n\n" "You can also remove /home/rserve \ +as well as rserve and rsd users and groups." +} diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 000000000000..53e9ba909fc9 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,37 @@ +# Maintainer: Franco Masotti <franco dot masotti at student dot unife dot it> +# Contributor: Franco Masotti <franco dot masotti at student dot unife dot it> +pkgname=rserve-sandbox-docker-bin +pkgver=r6.fb0ec65 +pkgrel=1 +pkgdesc="Pre-compiled version of a Docker spec for running Rserve in a sandbox" +arch=('x86_64') +url="https://gitlab.com/frnmst/rserve-sandbox-bin" +license=('BSD') +depends=('r' + 'docker') +makedepends=('git' + 'sed') +conflicts=('rserve-sandbox-docker') +install=.install +source=('git+https://gitlab.com/frnmst/rserve-sandbox-bin#branch=distro-package') +md5sums=('SKIP') + +pkgver () { + cd "${srcdir}"/rserve-sandbox-bin + ( set -o pipefail + git describe --long 2>/dev/null | sed 's/\([^-]*-g\)/r\1/;s/-/./g' || + printf "r%s.%s" "$(git rev-list --count HEAD)" "$(git rev-parse --short HEAD)" + ) +} + +package() { + cd "${srcdir}" + install -d "${pkgdir}"/usr/share/"${pkgname%-bin}" + install -d "${pkgdir}"/usr/bin + install -D -m644 rserve-sandbox-bin/Makefile "${pkgdir}"/usr/share/"${pkgname%-bin}"/Makefile + install -D -m644 rserve-sandbox-bin/LICENSE "${pkgdir}"/usr/share/licenses/${pkgname%-bin}/LICENSE + install -D -m644 rserve-sandbox-bin/rserve.tar "${pkgdir}"/usr/share/${pkgname%-bin}/rserve.tar + install -D -m755 ../run.sh "${pkgdir}"/usr/share/${pkgname%-bin}/run.sh + install -D -m644 ../${pkgname%-bin}.service "${pkgdir}"/usr/lib/systemd/system/"${pkgname%-bin}".service + ln -s /usr/share/"${pkgname%-bin}"/run.sh "${pkgdir}"/usr/bin/"${pkgname%-bin}" +} diff --git a/rserve-sandbox-docker.service b/rserve-sandbox-docker.service new file mode 100644 index 000000000000..d655e1da0fc1 --- /dev/null +++ b/rserve-sandbox-docker.service @@ -0,0 +1,43 @@ +# +# rserve-sandbox-docker.service +# +# Copyright (C) 2016 frnmst (Franco Masotti) <franco.masotti@student.unife.it> +# +# This file is part of cplint-installer. +# +# cplint-installer is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# cplint-installer is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with cplint-installer. If not, see <http://www.gnu.org/licenses/>. +# +# + +# To be placed in /usr/lib/systemd/system/rserve-sandbox-docker.service + +[Unit] +Description=Docker spec for running Rserve in a sandbox +Documentation=https://gitlab.com/frnmst/rserve-sandbox-bin https://github.com/JanWielemaker/rserve_client +Requires=docker.service +After=docker.service + +[Service] +ExecStart=/usr/bin/rserve-sandbox-docker -s +ExecStop=/usr/bin/rserve-sandbox-docker -k +Type=forking +PIDFile=/run/rserve-sandbox-docker/rserve-sandbox-docker.pid +User=rsd +Group=rsd +RuntimeDirectory=rserve-sandbox-docker + +[Install] +Also=docker.service +WantedBy=default.target + diff --git a/run.sh b/run.sh new file mode 100755 index 000000000000..45cd57e9f7d0 --- /dev/null +++ b/run.sh @@ -0,0 +1,178 @@ +#!/usr/bin/env sh + +# +# run.sh +# +# Copyright (C) 2016 frnmst (Franco Masotti) <franco.masotti@student.unife.it> +# +# This file is part of swish-installer. +# +# swish-installer is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# swish-installer is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with swish-installer. If not, see <http://www.gnu.org/licenses/>. +# +# + +pkg_dir="/usr/share/rserve-sandbox-docker" +pid_file="/run/rserve-sandbox-docker/rserve-sandbox-docker.pid" +user="rsd" +group="rsd" +docker_image_name="rserve" + +help() +{ + cat<<-EOF +rserve-sandbox-docker [OPTION] +Docker spec for running Rserve in a sandbox + +Only a single option is permitted. + -h print this help + -i load image + -k kill the container + -r remove the docker image + -s start the container + +Exit status: + 0 if OK, + 1 some error occurred. + +Full documentation at: <https://gitlab.com/frnmst/rserve-sandbox-bin> +EOF +} + +init() +{ + # Check if rserve image does not exist. + if [ -z "$(docker images -q "$docker_image_name")" ]; then + printf "%s\n" "This might take a while" + pushd "$pkg_dir" + make load + else + 1>&2 printf "%s\n" "Docker image already installed" + exit 1 + fi +} + +installed() +{ + if [ -z "$(docker images -q "$docker_image_name")" ]; then + 1>&2 printf "%s\n" "You need to run \ +'sudo -u rsd rserve-sandbox-docker -i' \ +first" + exit 1 + fi +} + +killd() +{ + # kill action only if process exists. + if [ -f "$pid_file" ]; then + pid=$(cat "$pid_file") + ps -q $pid > /dev/null + if [ $? -eq 0 ]; then + make -C "$pkg_dir" stop + fi + fi +} + +# Remove the docker image. +remove() +{ + installed \ +&& killd \ +&& make -C "$pkg_dir" remove +} + +startd() +{ + local pid="" + + # The following means installed && { ... } + installed + { + ( + cd "$pkg_dir" + make run + ) & + pid="$!" + } + + write_pid_file "$pid" +} + +# +# shared_functions.sh +# +# Copyright (C) 2016 frnmst (Franco Masotti) <franco.masotti@student.unife.it> +# +# This file is part of swish-installer. +# +# swish-installer is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# swish-installer is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with swish-installer. If not, see <http://www.gnu.org/licenses/>. +# +# + +# This file is used by the various run.sh. + +check_running_user_and_group() +{ + if [ "$(id -un)" = "$user" ] && [ "$(id -gn)" = "$group" ]; then + : + else + printf "User must be "$user"\n" + printf "Group must be "$group"\n" + return 1 + fi +} + +write_pid_file() +{ + local pid="$1" + + if [ -n "$pid" ]; then + printf "Server running with pid $pid\n" + printf "$pid\n" > "$pid_file" + else + printf "Server error\n" + return 1 + fi +} + +option_parser() +{ + getopts ":hikrs" opt "$@" + case "$opt" in + h ) help ;; + i ) init ;; + k ) killd ;; + r ) remove ;; + s ) startd ;; + ? ) help; return 1 ;; + esac +} + +main() +{ + check_running_user_and_group && option_parser "$@" +} + +main "$@" |