瀏覽代碼

Merge branch 'stretch' of https://github.com/bashrc/freedombone

Bob Mottram 8 年之前
父節點
當前提交
69fb3e5d38
共有 3 個檔案被更改,包括 441 行新增2 行删除
  1. 437
    0
      src/freedombone-app-keyserver
  2. 2
    2
      src/freedombone-app-wekan
  3. 2
    0
      src/freedombone-image-customise

+ 437
- 0
src/freedombone-app-keyserver 查看文件

@@ -0,0 +1,437 @@
1
+#!/bin/bash
2
+#
3
+# .---.                  .              .
4
+# |                      |              |
5
+# |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.
6
+# |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'
7
+# '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'
8
+#
9
+#                    Freedom in the Cloud
10
+#
11
+# SKS Keyserver
12
+#
13
+# License
14
+# =======
15
+#
16
+# Copyright (C) 2017 Bob Mottram <bob@freedombone.net>
17
+#
18
+# This program is free software: you can redistribute it and/or modify
19
+# it under the terms of the GNU Affero General Public License as published by
20
+# the Free Software Foundation, either version 3 of the License, or
21
+# (at your option) any later version.
22
+#
23
+# This program is distributed in the hope that it will be useful,
24
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
25
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
26
+# GNU Affero General Public License for more details.
27
+#
28
+# You should have received a copy of the GNU Affero General Public License
29
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
30
+
31
+VARIANTS='full full-vim'
32
+
33
+IN_DEFAULT_INSTALL=0
34
+SHOW_ON_ABOUT=1
35
+
36
+KEYSERVER_SKS_REPO="https://bitbucket.org/skskeyserver/sks-keyserver"
37
+KEYSERVER_SKS_COMMIT='0106ba2'
38
+KEYSERVER_WEB_REPO="https://github.com/mattrude/pgpkeyserver-lite"
39
+KEYSERVER_WEB_COMMIT='a038cb79b927c99bf7da62f20d2c6a2f20374339'
40
+KEYSERVER_PORT=11371
41
+KEYSERVER_ONION_PORT=8122
42
+KEYSERVER_DOMAIN_NAME=
43
+KEYSERVER_CODE=
44
+KEYSERVER_DUMP_URL="https://keyserver.mattrude.com/dump/current/"
45
+
46
+keyserver_variables=(ONION_ONLY
47
+                     MY_USERNAME
48
+                     DEFAULT_DOMAIN_NAME
49
+                     KEYSERVER_DOMAIN_NAME
50
+                     KEYSERVER_CODE)
51
+
52
+function logging_on_keyserver {
53
+    echo -n ''
54
+}
55
+
56
+function logging_off_keyserver {
57
+    echo -n ''
58
+}
59
+
60
+function reconfigure_keyserver {
61
+    echo -n ''
62
+}
63
+
64
+function upgrade_keyserver_sks {
65
+    CURR_KEYSERVER_SKS_COMMIT=$(get_completion_param "keyserver commit")
66
+    if [[ "$CURR_KEYSERVER_SKS_COMMIT" == "$KEYSERVER_SKS_COMMIT" ]]; then
67
+        return
68
+    fi
69
+
70
+    if grep -q "keyserver domain" $COMPLETION_FILE; then
71
+        KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
72
+    fi
73
+
74
+    # update to the next commit
75
+    function_check set_repo_commit
76
+    set_repo_commit $INSTALL_DIR/keyserver "keyserver commit" "$KEYSERVER_SKS_COMMIT" $KEYSERVER_SKS_REPO
77
+
78
+    cd $INSTALL_DIR/keyserver
79
+    make dep
80
+    make all
81
+    if [ ! "$?" = "0" ]; then
82
+        echo $'Unable to build sks-keyserver'
83
+        exit 836252
84
+    fi
85
+    make install
86
+
87
+    chown -R keyserver:keyserver /var/lib/sks
88
+}
89
+
90
+function upgrade_keyserver_web {
91
+    CURR_KEYSERVER_WEB_COMMIT=$(get_completion_param "keyserver web commit")
92
+    if [[ "$CURR_KEYSERVER_WEB_COMMIT" == "$KEYSERVER_WEB_COMMIT" ]]; then
93
+        return
94
+    fi
95
+
96
+    if grep -q "keyserver domain" $COMPLETION_FILE; then
97
+        KEYSERVER_DOMAIN_NAME=$(get_completion_param "keyserver domain")
98
+    fi
99
+
100
+    # update to the next commit
101
+    function_check set_repo_commit
102
+    set_repo_commit /var/www/$KEYSERVER_DOMAIN_NAME/htdocs "keyserver web commit" "$KEYSERVER_WEB_COMMIT" $KEYSERVER_WEB_REPO
103
+
104
+    chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
105
+}
106
+
107
+function upgrade_keyserver {
108
+    upgrade_keyserver_sks
109
+    upgrade_keyserver_web
110
+}
111
+
112
+function backup_local_keyserver {
113
+    echo -n ''
114
+}
115
+
116
+function restore_local_keyserver {
117
+    echo -n ''
118
+}
119
+
120
+function backup_remote_keyserver {
121
+    echo -n ''
122
+}
123
+
124
+function restore_remote_keyserver {
125
+    echo -n ''
126
+}
127
+
128
+function remove_keyserver {
129
+    systemctl stop keyserver
130
+    systemctl disable keyserver
131
+    rm /etc/systemd/system/keyserver.service
132
+    systemctl daemon-reload
133
+
134
+    read_config_param "KEYSERVER_DOMAIN_NAME"
135
+    nginx_dissite $KEYSERVER_DOMAIN_NAME
136
+    remove_certs ${KEYSERVER_DOMAIN_NAME}
137
+    if [ -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME ]; then
138
+        rm -f /etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
139
+    fi
140
+    if [ -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
141
+        rm -rf /var/www/$KEYSERVER_DOMAIN_NAME
142
+    fi
143
+    function_check remove_ddns_domain
144
+    remove_ddns_domain $KEYSERVER_DOMAIN_NAME
145
+
146
+    groupdel -f keyserver
147
+    userdel -r keyserver
148
+
149
+    remove_config_param KEYSERVER_DOMAIN_NAME
150
+    remove_config_param KEYSERVER_CODE
151
+    function_check remove_onion_service
152
+    remove_onion_service keyserver ${KEYSERVER_ONION_PORT}
153
+    remove_completion_param "install_keyserver"
154
+
155
+    sed -i '/keyserver/d' $COMPLETION_FILE
156
+    if [ -f /usr/bin/keyserver-start ]; then
157
+        rm /usr/bin/keyserver-start
158
+    fi
159
+    if [ -f /usr/bin/keyserver-stop ]; then
160
+        rm /usr/bin/keyserver-stop
161
+    fi
162
+    groupdel -f keyserver
163
+    userdel -r keyserver
164
+}
165
+
166
+function install_interactive_keyserver {
167
+    if [ ! $ONION_ONLY ]; then
168
+        ONION_ONLY='no'
169
+    fi
170
+
171
+    if [[ $ONION_ONLY != "no" ]]; then
172
+        KEYSERVER_DOMAIN_NAME='keyserver.local'
173
+        write_config_param "KEYSERVER_DOMAIN_NAME" "$KEYSERVER_DOMAIN_NAME"
174
+    else
175
+        function_check interactive_site_details
176
+        interactive_site_details "keyserver" "KEYSERVER_DOMAIN_NAME" "KEYSERVER_CODE"
177
+    fi
178
+    APP_INSTALLED=1
179
+}
180
+
181
+function install_keyserver {
182
+    apt-get -qy install build-essential gcc ocaml libdb-dev wget
183
+
184
+    if [ ! -d /var/www/$KEYSERVER_DOMAIN_NAME ]; then
185
+        mkdir /var/www/$KEYSERVER_DOMAIN_NAME
186
+    fi
187
+
188
+    if [ ! -d $INSTALL_DIR ]; then
189
+        mkdir -p $INSTALL_DIR
190
+    fi
191
+    cd $INSTALL_DIR
192
+    if [ -d /repos/keyserver ]; then
193
+        mkdir $INSTALL_DIR/keyserver
194
+        cp -r -p /repos/keyserver/. $INSTALL_DIR/keyserver
195
+        cd $INSTALL_DIR/keyserver
196
+        git pull
197
+    else
198
+        if [ -d $INSTALL_DIR/keyserver ]; then
199
+            cd $INSTALL_DIR/keyserver
200
+            pull
201
+        else
202
+            git_clone $KEYSERVER_SKS_REPO $INSTALL_DIR/keyserver
203
+        fi
204
+    fi
205
+
206
+    cd $INSTALL_DIR/keyserver
207
+    git checkout $KEYSERVER_SKS_COMMIT -b $KEYSERVER_SKS_COMMIT
208
+    set_completion_param "keyserver commit" "$KEYSERVER_SKS_COMMIT"
209
+
210
+    cd /var/www/$KEYSERVER_DOMAIN_NAME
211
+    if [ -d /var/www/$KEYSERVER_DOMAIN_NAME/htdocs ]; then
212
+        rm -rf /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
213
+    fi
214
+
215
+    if [ -d /repos/keyserverweb ]; then
216
+        mkdir htdocs
217
+        cp -r -p /repos/keyserverweb/. htdocs
218
+        cd htdocs
219
+        git pull
220
+    else
221
+        git_clone $KEYSERVER_WEB_REPO htdocs
222
+    fi
223
+
224
+    cd /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
225
+    git checkout $KEYSERVER_WEB_COMMIT -b $KEYSERVER_WEB_COMMIT
226
+    set_completion_param "keyserver web commit" "$KEYSERVER_WEB_COMMIT"
227
+
228
+    cd $INSTALL_DIR/keyserver
229
+    if [ ! -f Makefile.local.unused ]; then
230
+        echo $'Unused makefile not found'
231
+        exit 72398
232
+    fi
233
+    cp Makefile.local.unused Makefile.local
234
+    sed -i 's|LIBDB=.*|LIBDB=-ldb-5.3.1|g' Makefile.local
235
+
236
+    make dep
237
+    make all
238
+    if [ ! "$?" = "0" ]; then
239
+        echo $'Unable to build sks-keyserver'
240
+        exit 8356328
241
+    fi
242
+    make install
243
+
244
+    if [ ! -f /usr/local/bin/sks_build.sh ]; then
245
+        echo $'/usr/local/bin/sks_build.sh not found'
246
+        exit 238460
247
+    fi
248
+
249
+    USER_EMAIL_ADDRESS=$MY_USERNAME@$HOSTNAME
250
+    GPG_ID=$(su -m root -c "gpg --list-keys $USER_EMAIL_ADDRESS | sed -n '2p' | sed 's/^[ \t]*//'" - $MY_USERNAME)
251
+    if [ ! $GPG_ID ]; then
252
+        echo $'No GPG ID for admin user'
253
+        exit 846336
254
+    fi
255
+    if [ ${#GPG_ID} -lt 5 ]; then
256
+        echo $'GPG ID not retrieved for admin user'
257
+        exit 835292
258
+    fi
259
+    if [[ "$GPG_ID" == *"error"* ]]; then
260
+        echo $'GPG ID not retrieved for admin user due to error'
261
+        exit 74825
262
+    fi
263
+
264
+    sksconf_file=/var/lib/sks/sksconf
265
+    echo 'debuglevel: 3' > $sksconf_file
266
+    echo '' >> $sksconf_file
267
+    echo "hostname:                       $KEYSERVER_DOMAIN_NAME" >> $sksconf_file
268
+    echo '' >> $sksconf_file
269
+    echo 'hkp_address:                    127.0.0.1' >> $sksconf_file
270
+    echo "hkp_port:                       $KEYSERVER_PORT" >> $sksconf_file
271
+    echo 'recon_port:                     11370' >> $sksconf_file
272
+    echo '' >> $sksconf_file
273
+    echo "server_contact:                 $GPG_ID" >> $sksconf_file
274
+    echo '' >> $sksconf_file
275
+    echo 'initial_stat:' >> $sksconf_file
276
+    echo 'disable_mailsync:' >> $sksconf_file
277
+    echo 'membership_reload_interval:     1' >> $sksconf_file
278
+    echo 'stat_hour:                      12' >> $sksconf_file
279
+    echo '' >> $sksconf_file
280
+    echo 'max_matches:                    500' >> $sksconf_file
281
+
282
+    if [ ! -d /var/lib/sks/dump ]; then
283
+        mkdir -p /var/lib/sks/dump
284
+    fi
285
+    cd /var/lib/sks/dump
286
+    echo $'Getting keyserver dump. This may take a few hours, so be patient.'
287
+    wget -crp -e robots=off --level=1 --cut-dirs=3 -nH \
288
+         -A pgp,txt $KEYSERVER_DUMP_URL
289
+
290
+    cd /var/lib/sks
291
+    echo $'Building the keyserver database from the downloaded dump'
292
+    echo '2' | /usr/local/bin/sks_build.sh
293
+
294
+    KEYSERVER_ONION_HOSTNAME=$(add_onion_service keyserver 80 ${KEYSERVER_ONION_PORT})
295
+
296
+    echo '#!/bin/sh' > /usr/bin/keyserver-start
297
+    echo 'cd /var/lib/sks' >> /usr/bin/keyserver-start
298
+    echo 'echo -n \ sks_db' >> /usr/bin/keyserver-start
299
+    echo '$DAEMON db &' >> /usr/bin/keyserver-start
300
+    echo 'echo -n \ sks_recon' >> /usr/bin/keyserver-start
301
+    echo '$DAEMON recon &' >> /usr/bin/keyserver-start
302
+    chmod +x /usr/bin/keyserver-start
303
+
304
+    echo '#!/bin/sh' > /usr/bin/keyserver-stop
305
+    echo 'killall sks' >> /usr/bin/keyserver-stop
306
+    echo 'sleep 5' >> /usr/bin/keyserver-stop
307
+    chmod +x /usr/bin/keyserver-stop
308
+
309
+    echo '[Unit]' > /etc/systemd/system/keyserver.service
310
+    echo 'Description=SKS Keyserver' >> /etc/systemd/system/keyserver.service
311
+    echo 'After=syslog.target network.target nginx.target' >> /etc/systemd/system/keyserver.service
312
+    echo '' >> /etc/systemd/system/keyserver.service
313
+    echo '[Service]' >> /etc/systemd/system/keyserver.service
314
+    echo 'User=keyserver' >> /etc/systemd/system/keyserver.service
315
+    echo 'Group=keyserver' >> /etc/systemd/system/keyserver.service
316
+    echo "WorkingDirectory=/var/lib/sks" >> /etc/systemd/system/keyserver.service
317
+    echo "ExecStart=/usr/bin/keyserver-start" >> /etc/systemd/system/keyserver.service
318
+    echo "ExecStop=/usr/bin/keyserver-stop" >> /etc/systemd/system/keyserver.service
319
+    echo 'Restart=always' >> /etc/systemd/system/keyserver.service
320
+    echo 'RestartSec=10' >> /etc/systemd/system/keyserver.service
321
+    echo '' >> /etc/systemd/system/keyserver.service
322
+    echo '[Install]' >> /etc/systemd/system/keyserver.service
323
+    echo 'WantedBy=multi-user.target' >> /etc/systemd/system/keyserver.service
324
+    chmod +x /etc/systemd/system/keyserver.service
325
+
326
+    keyserver_nginx_site=/etc/nginx/sites-available/$KEYSERVER_DOMAIN_NAME
327
+    if [[ $ONION_ONLY == "no" ]]; then
328
+        function_check nginx_http_redirect
329
+        nginx_http_redirect $KEYSERVER_DOMAIN_NAME
330
+        echo 'server {' >> $keyserver_nginx_site
331
+        echo '  listen 443 ssl;' >> $keyserver_nginx_site
332
+        echo '  listen [::]:443 ssl;' >> $keyserver_nginx_site
333
+        echo "  server_name $KEYSERVER_DOMAIN_NAME;" >> $keyserver_nginx_site
334
+        echo '' >> $keyserver_nginx_site
335
+        echo '  # Security' >> $keyserver_nginx_site
336
+        function_check nginx_ssl
337
+        nginx_ssl $KEYSERVER_DOMAIN_NAME
338
+
339
+        function_check nginx_disable_sniffing
340
+        nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
341
+
342
+        echo '  add_header Strict-Transport-Security max-age=15768000;' >> $keyserver_nginx_site
343
+        echo '' >> $keyserver_nginx_site
344
+        echo '  # Logs' >> $keyserver_nginx_site
345
+        echo '  access_log /dev/null;' >> $keyserver_nginx_site
346
+        echo '  error_log /dev/null;' >> $keyserver_nginx_site
347
+        echo '' >> $keyserver_nginx_site
348
+        echo '  # Root' >> $keyserver_nginx_site
349
+        echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/htdocs;" >> $keyserver_nginx_site
350
+        echo '' >> $keyserver_nginx_site
351
+
352
+        echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
353
+        echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
354
+        echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
355
+        echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
356
+        echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
357
+        echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
358
+        echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
359
+        echo '' >> $keyserver_nginx_site
360
+        echo '  location /pks {' >> $keyserver_nginx_site
361
+        echo "    proxy_pass         http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
362
+        echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
363
+        echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
364
+        echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
365
+        echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
366
+        echo '  }' >> $keyserver_nginx_site
367
+        echo '}' >> $keyserver_nginx_site
368
+        echo '' >> $keyserver_nginx_site
369
+    else
370
+        echo -n '' > $keyserver_nginx_site
371
+    fi
372
+    echo 'server {' >> $keyserver_nginx_site
373
+    echo "    listen 127.0.0.1:$KEYSERVER_ONION_PORT default_server;" >> $keyserver_nginx_site
374
+    echo "    server_name $KEYSERVER_ONION_HOSTNAME;" >> $keyserver_nginx_site
375
+    echo '' >> $keyserver_nginx_site
376
+    function_check nginx_disable_sniffing
377
+    nginx_disable_sniffing $KEYSERVER_DOMAIN_NAME
378
+    echo '' >> $keyserver_nginx_site
379
+    echo '  # Logs' >> $keyserver_nginx_site
380
+    echo '  access_log /dev/null;' >> $keyserver_nginx_site
381
+    echo '  error_log /dev/null;' >> $keyserver_nginx_site
382
+    echo '' >> $keyserver_nginx_site
383
+    echo '  # Root' >> $keyserver_nginx_site
384
+    echo "  root /var/www/$KEYSERVER_DOMAIN_NAME/mail;" >> $keyserver_nginx_site
385
+    echo '' >> $keyserver_nginx_site
386
+    echo '  rewrite ^/stats /pks/lookup?op=stats;' >> $keyserver_nginx_site
387
+    echo '  rewrite ^/s/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
388
+    echo '  rewrite ^/search/(.*) /pks/lookup?search=$1;' >> $keyserver_nginx_site
389
+    echo '  rewrite ^/g/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
390
+    echo '  rewrite ^/get/(.*) /pks/lookup?op=get&search=$1;' >> $keyserver_nginx_site
391
+    echo '  rewrite ^/d/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
392
+    echo '  rewrite ^/download/(.*) /pks/lookup?op=get&options=mr&search=$1;' >> $keyserver_nginx_site
393
+    echo '' >> $keyserver_nginx_site
394
+    echo '  location /pks {' >> $keyserver_nginx_site
395
+    echo "    proxy_pass         http://127.0.0.1:$KEYSERVER_PORT;" >> $keyserver_nginx_site
396
+    echo '    proxy_pass_header  Server;' >> $keyserver_nginx_site
397
+    echo "    add_header         Via \"1.1 $KEYSERVER_DOMAIN_NAME:$KEYSERVER_PORT (nginx)\";" >> $keyserver_nginx_site
398
+    echo '    proxy_ignore_client_abort on;' >> $keyserver_nginx_site
399
+    echo '    client_max_body_size 8m;' >> $keyserver_nginx_site
400
+    echo '  }' >> $keyserver_nginx_site
401
+    echo '}' >> $keyserver_nginx_site
402
+
403
+    function_check create_site_certificate
404
+    if [ ! -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
405
+        create_site_certificate $KEYSERVER_DOMAIN_NAME 'yes'
406
+    fi
407
+
408
+    if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt ]; then
409
+        mv /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.crt /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem
410
+    fi
411
+    if [ -f /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem ]; then
412
+        chown root:root /etc/ssl/certs/${KEYSERVER_DOMAIN_NAME}.pem
413
+        sed -i "s|.crt|.pem|g" /etc/nginx/sites-available/${KEYSERVER_DOMAIN_NAME}
414
+    fi
415
+    if [ -f /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key ]; then
416
+        chown root:root /etc/ssl/private/${KEYSERVER_DOMAIN_NAME}.key
417
+    fi
418
+
419
+    groupadd keyserver
420
+    useradd -c "SKS Keyserver system account" -d /var/lib/sks -m -r -g keyserver keyserver
421
+    chown -R keyserver:keyserver /var/lib/sks
422
+    chown -R www-data:www-data /var/www/$KEYSERVER_DOMAIN_NAME/htdocs
423
+
424
+    function_check nginx_ensite
425
+    nginx_ensite $KEYSERVER_DOMAIN_NAME
426
+
427
+    systemctl enable keyserver
428
+    systemctl daemon-reload
429
+    systemctl start keyserver
430
+    systemctl restart nginx
431
+
432
+    set_completion_param "keyserver domain" "$KEYSERVER_DOMAIN_NAME"
433
+
434
+    APP_INSTALLED=1
435
+}
436
+
437
+# NOTE: deliberately no exit 0

+ 2
- 2
src/freedombone-app-wekan 查看文件

@@ -210,7 +210,7 @@ function remove_wekan {
210 210
     remove_completion_param install_wekan
211 211
     sed -i '/wekan/d' $COMPLETION_FILE
212 212
 
213
-    groupdel -f gogs
213
+    groupdel -f wekan
214 214
     userdel -r wekan
215 215
     remove_meteor
216 216
 }
@@ -259,8 +259,8 @@ function install_wekan_main {
259 259
     fi
260 260
 
261 261
     # an unprivileged user to run as
262
-    useradd -d $WEKAN_DIR/ wekan
263 262
     groupadd wekan
263
+    useradd -c "Wekan account" -d $WEKAN_DIR/ -m -r -g wekan wekan
264 264
 
265 265
     cd $WEKAN_DIR
266 266
     git checkout $WEKAN_COMMIT -b $WEKAN_COMMIT

+ 2
- 0
src/freedombone-image-customise 查看文件

@@ -1275,6 +1275,8 @@ function image_preinstall_repos {
1275 1275
     git clone $TOXIC_REPO $rootdir/repos/toxic
1276 1276
     git clone $TURTL_REPO $rootdir/repos/turtl
1277 1277
     git clone $KANBOARD_REPO $rootdir/repos/kanboard
1278
+    git clone $KEYSERVER_SKS_REPO $rootdir/repos/keyserver
1279
+    git clone $KEYSERVER_WEB_REPO $rootdir/repos/keyserverweb
1278 1280
     #git clone $WEKAN_REPO $rootdir/repos/wekan
1279 1281
     #git clone $FLOW_ROUTER_REPO $rootdir/repos/flowrouter
1280 1282
     #git clone $METEOR_USERACCOUNTS_REPO $rootdir/repos/meteoruseraccounts