Merge pull request #2 from oposs/deb_test

Debian packaging

.github/actions/build-release-action/Dockerfile

@@ -0,0 +1,34 @@
+ARG IMAGE_VERSION_TAG
+
+FROM ubuntu:$IMAGE_VERSION_TAG
+
+LABEL maintainer="oetiker" \
+      description="WG-wrangler builder"
+
+
+ENV DEBIAN_FRONTEND noninteractive
+
+RUN apt-get -y update && \
+    apt-get -y install apt-utils curl && \
+    curl https://deb.nodesource.com/setup_12.x | bash && \
+    apt-get -u update && \
+    apt-get -y install perl \
+        make \
+        gcc \
+        devscripts \
+        openssl \
+        pkg-config \
+        libssl-dev \
+        debhelper \
+        automake \
+        nodejs \
+        libkrb5-dev \
+        libqrencode-dev \
+        g++ \
+        zlib1g-dev
+
+COPY make-deb.sh /make-deb.sh
+
+RUN chmod 777 /make-deb.sh
+
+ENTRYPOINT ["/make-deb.sh"]

.github/actions/build-release-action/action.yaml

@@ -0,0 +1,36 @@
+name: 'Docker release builder'
+description: 'Build release packages using a docker image'
+
+inputs:
+  docker_file:
+    description: Target Docker file to build package
+    required: true
+  image_version_tag:
+    description: Tag which is prepended on the FROM directive
+    required: false
+    default: latest
+
+outputs:
+  package_name:
+    description: name of the generated package
+    value: ${{ steps.run.outputs.package_name }}
+
+runs:
+  using: 'composite'
+  steps:
+    - id: build
+      name: Build Docker Image
+      run: |
+        docker build \
+        --build-arg IMAGE_VERSION_TAG=${{inputs.image_version_tag}} \
+        -f $(pwd)/.github/actions/build-release-action/${{inputs.docker_file}} \
+        $(pwd)/.github/actions/build-release-action/ \
+        -t deb_builder:latest
+      shell: bash
+    - id: run
+      name: Run Docker Image
+      run: docker run -v $(pwd):/github/workspace --workdir /github/workspace deb_builder:latest
+      shell: bash
+
+
+

.github/actions/build-release-action/make-deb.sh

@@ -0,0 +1,19 @@
+#!/bin/sh
+set -ex
+cd /github/workspace/
+
+# workaround for debhelper bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897569
+mkdir -p deb_build_home
+ls | grep -v deb_build_home | xargs mv -t deb_build_home # move everything except deb_build_home
+cd deb_build_home
+
+dh_clean
+dpkg-buildpackage -us -uc -nc
+
+# set filename
+release_code_name=$(lsb_release --codename | sed 's/Codename:\s*//')
+package_name=$(basename ../*.deb | sed 's/.deb$//')_$release_code_name.deb
+mv ../*.deb ../$package_name
+
+# set action output
+echo "::set-output name=package_name::$package_name"

.github/workflows/build-release.yaml

@@ -0,0 +1,36 @@
+name: 'Build release'
+on:
+  push:
+    tags:
+      - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
+
+jobs:
+  build_deb:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - ubuntu: 18.04
+            docker_file: Dockerfile
+            image_version_tag: '18.04'
+          - ubuntu: 20.04
+            docker_file: Dockerfile
+            image_version_tag: '20.04'
+
+    runs-on: ubuntu-latest
+    name: Build package defined in ${{ matrix.docker_file }} for tag ${{ matrix.image_version_tag }}
+    steps:
+      - uses: actions/checkout@v1
+      - name: Run docker build
+        id: build_package
+        uses: ./.github/actions/build-release-action
+        with:
+          docker_file: ${{ matrix.docker_file }}
+          image_version_tag: ${{ matrix.image_version_tag }}
+
+      - name: Release deb files
+        uses: softprops/action-gh-release@v1
+        with:
+          files: ${{ github.workspace }}/${{ steps.build_package.outputs.package_name }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

CHANGES

@@ -1,5 +1,25 @@
-0.1.0 2021-04-16  Tobias Bossert (bossert _at_ oetiker _this_is_a_dot_ ch)
-- Initial release
+wg-wrangler (0.1.3) unstable; urgency=medium
 
-0.0.0 2021-01-12  Tobias Bossert (bossert _at_ oetiker _this_is_a_dot_ ch)
-- started project
+   * package: store config in /etc/opt/wg-wrangler, made systemd-service configurable
+   * wg-wrangler: migrated value attributes to getAllFieldValues()
+
+   -- Tobias Bossert <[email protected]> Thu, 07 Apr 2021 13:37:02 +0200
+
+wg-wrangler (0.1.2) unstable; urgency=medium
+
+   * package: added config options for the --listen argument
+   * development: Allow development without having wireguard installed
+
+   -- Tobias Bossert <[email protected]> Thu, 06 Apr 2021 15:56:58 +0200
+
+wg-wrangler (0.1.1) unstable; urgency=medium
+
+   * Initial deb release
+
+   -- Tobias Bossert <[email protected]> Thu, 30 Apr 2021 11:02:58 +0200
+
+wg-wrangler (0.1.0) unstable; urgency=medium
+
+   * Initial release
+
+   -- Tobias Bossert <[email protected]> Thu, 16 Apr 2021 09:02:58 +0200

Makefile.am

@@ -38,4 +38,4 @@ share/messages.pot: $(PM) $(CALLBACKERY_PM)
 	for lang in $(LANGUAGES); do 		( test -f $$lang || cp share/messages.pot $$lang ); 		$(MSGMERGE) -s --force-po -U $$lang share/messages.pot; 	done
 
 test:
-	prove -w
+	$(MJ_CLASS)_CONFIG=t/etc/wgwrangler.yaml prove -w

README.md

@@ -38,11 +38,14 @@ using the built-in Mojo webserver.
 
 You can now connect to the CallBackery app with your web browser.
 
-
-
 If you need any additional perl modules, write their names into the PERL_MODULES
 file and run ./bootstrap.
 
+**Honored Environment Variables**
+
+- `WGwrangler_NO_WG` If defined, we do not call any wg* command from code (e.g. to generate pub/private-keys)
+- `WGwrangler_CONFIG` Use this variable to set the path to the main `wgwrangler.yaml` file, defaults to `etc/wgrangler.yaml`
+
 Installation
 ------------
 

VERSION

@@ -1 +1 @@
-0.1.0
+0.1.3

bin/wgwrangler-source-mode.sh

@@ -1,4 +1,6 @@
 #!/bin/sh
 export MOJO_MODE=development
 export MOJO_LOG_LEVEL=debug
+export WGwrangler_NO_WG=1
+export WGwrangler_CONFIG=t/etc/wgwrangler.yaml
 exec $(dirname $0)/wgwrangler.pl prefork --listen 'http://*:7192'

cpanfile

@@ -1,8 +1,11 @@
-requires 'CallBackery', '>= 0.35.5';
+requires 'CallBackery', '>= 0.37.0';
 requires 'Mojo::SQLite';
 requires 'Wireguard::WGmeta', '>= 0.2.3';
 requires 'Net::IP', '>=1.26';
 requires 'Email::MIME';
 requires 'Email::Sender';
+requires 'Text::QRCode';
+requires 'YAML::XS';
 requires 'SVG::Barcode';
-requires 'SVG::Barcode::QRCode';
+requires 'SVG::Barcode::QRCode';
+requires 'YAML::PP';

debian/Makefile.am

@@ -0,0 +1,2 @@
+changelog: ../CHANGES:
+	cp ../CHANGES changelog

debian/changelog

@@ -0,0 +1,25 @@
+wg-wrangler (0.1.3) unstable; urgency=medium
+
+   * package: store config in /etc/opt/wg-wrangler, made systemd-service configurable
+   * wg-wrangler: migrated value attributes to getAllFieldValues()
+
+   -- Tobias Bossert <[email protected]> Thu, 07 Apr 2021 13:37:02 +0200
+
+wg-wrangler (0.1.2) unstable; urgency=medium
+
+   * package: added config options for the --listen argument
+   * development: Allow development without having wireguard installed
+
+   -- Tobias Bossert <[email protected]> Thu, 06 Apr 2021 15:56:58 +0200
+
+wg-wrangler (0.1.1) unstable; urgency=medium
+
+   * Initial deb release
+
+   -- Tobias Bossert <[email protected]> Thu, 30 Apr 2021 11:02:58 +0200
+
+wg-wrangler (0.1.0) unstable; urgency=medium
+
+   * Initial release
+
+   -- Tobias Bossert <[email protected]> Thu, 16 Apr 2021 09:02:58 +0200

debian/compat

@@ -0,0 +1 @@
+9

debian/control

@@ -0,0 +1,10 @@
+Source: wg-wrangler
+Section: system
+Priority: optional
+Maintainer: Tobias Bossert <[email protected]>
+Build-Depends: build-essential, debhelper (>= 9)
+
+Package: wg-wrangler
+Architecture: any
+Depends: ${shlibs:Depends}, perl, wireguard, sudo
+Description: An web-frontend for managing wireguard peer configuration

debian/postinst

@@ -0,0 +1,27 @@
+#!/bin/sh
+
+PKGNAME=wg-wrangler
+USERNAME=wg-wrangler_manager
+GROUPNAME=wg-wrangler_manager
+
+# Create user and group
+adduser --system --group --no-create-home $USERNAME
+
+# set permissions and group membership on /etc/wireguard
+chgrp --silent --recursive $GROUPNAME /etc/wireguard/
+# set group permissions
+chmod g+rwx /etc/wireguard
+chmod -R g+rw /etc/wireguard
+
+# set permissions for /opt/wg-wrangler/etc dir
+chgrp --silent --recursive $GROUPNAME /etc/opt/$PKGNAME/
+# set group permissions
+chmod -R g+rwx /etc/opt/$PKGNAME/
+
+# create var directory
+mkdir -p /var/opt/$PKGNAME
+chown --silent --recursive $USERNAME /var/opt/$PKGNAME
+
+# Whitelist wg* commands for us
+echo "%$GROUPNAME ALL=NOPASSWD: /usr/bin/wg*" >> /etc/sudoers.d/$PKGNAME
+

debian/postrm

@@ -0,0 +1,22 @@
+#!/bin/sh
+
+USERNAME=wg-wrangler_manager
+
+# Revert group of /etc/wireguard
+chgrp --silent --recursive root /etc/wireguard/
+
+# remove sudoers entry
+if [ ! -f /etc/sudoers.d/wg-wrangler ]
+then
+  echo "File does not exist. Skipping..."
+else
+  rm /etc/sudoers.d/wg-wrangler
+fi
+
+# and finally remove the wg-wrangler user
+if [ -x "$(command -v deluser)" ]; then
+  deluser --quiet --system $USERNAME > /dev/null || true
+else
+  echo >&2 "not removing $USERNAME system account because deluser command was not found"
+fi
+

debian/rules

@@ -0,0 +1,17 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+export DH_ALWAYS_EXCLUDE=CVS:.svn:.git:
+
+override_dh_auto_configure:
+	./bootstrap
+	./configure --prefix=/opt/wg-wrangler --sysconfdir=/etc/opt/wg-wrangler --localstatedir=/var/opt/wg-wrangler
+
+%:
+	dh $@

debian/wg-wrangler.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=wg-wrangler wireguard manager
+
+[Service]
+Type=simple
+Environment=LISTEN_ON=http://127.0.0.1:7171
+Environment=MOJO_MODE=production
+Environment=MOJO_LOG_LEVEL=info
+Environment=WGwrangler_CONFIG=/etc/opt/wg-wrangler/wgwrangler.yaml
+
+# Environment variables defined in this file (if it exists) override previously defined ones
+EnvironmentFile=-/etc/opt/wg-wrangler/env.conf
+
+User=wg-wrangler_manager
+Group=wg-wrangler_manager
+ExecStart=/usr/bin/perl opt/wg-wrangler/bin/wgwrangler.pl prefork --listen $LISTEN_ON
+
+[Install]
+WantedBy=multi-user.target

etc/Makefile.am

@@ -1,10 +1,5 @@
 
 
-ETC = wgwrangler.dist.yaml
+ETC = wgwrangler.dist.yaml env.dist.conf
 EXTRA_DIST = $(ETC)
 sysconf_DATA = $(ETC)
-
-wgwrangler.conf:
-	cp wgwrangler.dist.yaml wgwrangler.yaml
-
-.PHONY: wgwrangler.conf

etc/env.dist.conf

@@ -0,0 +1,4 @@
+LISTEN_ON=http://127.0.0.1:7171
+MOJO_MODE=production
+MOJO_LOG_LEVEL=info
+WGwrangler_CONFIG=/etc/opt/wg-wrangler/wgwrangler.yaml

etc/wgwrangler.dist.yaml

@@ -1,6 +1,6 @@
 
 BACKEND:
-  cfg_db: /tmp/wgwrangler.db
+  cfg_db: /var/opt/wg-wrangler/wgwrangler.db
   sesame_user: adfadsfasdf4ee3r
   # perl -MDigest::SHA -e 'print Digest::SHA::hmac_sha1_hex("access"),"\n"'
   sesame_pass: 393afhkjhffjj

frontend/Makefile.am

@@ -1,7 +1,7 @@
 
 AUTOMAKE_OPTIONS=foreign
 
-EXTRA_DIST = compile.js  compile.json Manifest.json package.json package-lock.json $(shell find source -not -name ".*" -a -not -name "*~" -a -not -name "*.tmp" -a -not -name "Makefile*" -a -type f -print )
+EXTRA_DIST = compile.js compile.json Manifest.json package.json package-lock.json $(shell find source -not -name ".*" -a -not -name "*~" -a -not -name "*.tmp" -a -not -name "Makefile*" -a -type f -print )
 
 if BUILD_QOOXDOO_APP