X-Git-Url: http://git.vanrenterghem.biz/git.ikiwiki.info.git/blobdiff_plain/dd7a38147179a59bff9dffd824b265862aa1a59e..c5c1519d97d18a6e630ee7afb647632109a4853b:/ikiwiki-mass-rebuild diff --git a/ikiwiki-mass-rebuild b/ikiwiki-mass-rebuild index daba2ca43..5b6a90b90 100755 --- a/ikiwiki-mass-rebuild +++ b/ikiwiki-mass-rebuild @@ -1,27 +1,80 @@ -#!/bin/sh -set -e +#!/usr/bin/perl +use warnings; +use strict; -wikilist=/etc/ikiwiki/wikilist - -processline () { - user="$1" - setup="$2" - - if [ -z "$user" ] || [ -z "$setup" ]; then - echo "parse failure in /etc/ikiwiki/wikilist, line: '$user $setup'" >&2 - exit 1 - fi +sub processline { + my $user=shift; + my $setup=shift; - if [ ! -f "$setup" ]; then - echo "warning: $setup specified in /etc/ikiwiki/wikilist does not exist, skipping" >&2 - else - echo "Rebuilding $setup as user $user ..." - su "$user" -c "ikiwiki -setup $setup" - fi + if (! getpwnam("$user")) { + print STDERR "warning: user $user does not exist\n"; + return + } + if (! -f "$setup") { + print STDERR "warning: $setup does not exist, skipping\n"; + return; + } + print "Processing $setup as user $user ...\n"; + # su is not used because it passes arguments through the shell, + # which is not safe for untrusted setup file names. + defined(my $pid = fork) or die "Can’t fork: $!"; + if (! $pid) { + my ($uuid, $ugid) = (getpwnam($user))[2, 3]; + $)="$ugid $ugid"; + $(=$ugid; + $>=$uuid; + $<=$uuid; + if ($< != $uuid || $> != $uuid || $( != $ugid || $) ne "$ugid $ugid") { + die "failed to drop permissions to $user"; + } + %ENV=(); + $ENV{HOME}=(getpwnam($user))[7]; + exec("ikiwiki", "-setup", $setup, @ARGV); + die "failed to run ikiwiki: $!"; + } + waitpid($pid,0); + if ($?) { + print STDERR "Processing $setup as user $user failed with code $?\n"; + } +} + +sub processlist { + my $file=shift; + my $forceuser=shift; + + my $list; + open ($list, "<$file") || die "$file: $!"; + while (<$list>) { + chomp; + s/^\s+//; + s/\s+$//; + next if /^#/ || ! length; + + if (/^([^\s]+)\s+([^\s]+)$/) { + my $user=$1; + my $setup=$2; + if (defined $forceuser && $forceuser ne $user) { + print STDERR "warning: in $file line $., attempt to set user to $user, but user forced to $forceuser. Skipping\n"; + } + processline($user, $setup); + } + elsif (/^([^\s]+)$/) { + my $user=$1; + my $home=(getpwnam($user))[7]; + if (defined $home && -d $home) { + my $dotfile="$home/.ikiwiki/wikilist"; + if (-e $dotfile) { + processlist($dotfile, $user); + } + } + } + } + close $list; +} + +my $wikilist="/etc/ikiwiki/wikilist"; + +if (-e $wikilist) { + processlist($wikilist); } -if [ -e "$wikilist" ]; then - grep -v '^#' $wikilist | grep -v '^$' | while read line; do - processline $line - done -fi