From: eostre <eostre.danne@protonmail.com>
Date: Tue, 15 Sep 2020 16:41:18 +0000 (-0400)
Subject: genericifying the drupal7 autobuild
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=8b2413e8255a9c904975d2a980d2a76262cd3b0f;p=eostre.git

genericifying the drupal7 autobuild
---

diff --git a/drupal-automake-generic/Makefile b/drupal-automake-generic/Makefile
new file mode 100644
index 0000000..b1a8fd7
--- /dev/null
+++ b/drupal-automake-generic/Makefile
@@ -0,0 +1,72 @@
+DATE:=`date --iso-8601`
+
+# no-op by default
+default:
+	true
+
+# make sure perms are right, gets called at the end of many routines
+chown-www:
+	chown -R www-data:www-data /var/www
+
+# recipes for installing this thing onto a "real" (non-chroot) system
+# this is enough to get us to a functional Drupal install page
+# to go further, use the install-from-backups recipe
+setup-real-system: probe-files install-pkgs install-drupal do-mysql chown-www
+
+# test that we have /install-{drupal-toolchain,packages}.sh /pkgs /sqldefaults and /do-mysql-sh
+# if we don't have all of these files, BAD THINGS may happen
+probe-files:
+	[ -f /install-packages.sh ]
+	[ -f /pkgs ]
+	[ -f /install-drupal-toolchain.sh ]
+	[ -f /do-mysql.sh ]
+	[ -f /sqldefaults ]
+
+install-drupal:
+	chmod +x /install-drupal-toolchain.sh
+	/install-drupal-toolchain.sh
+
+install-pkgs:
+	chmod +x /install-packages.sh
+	/install-packages.sh
+
+do-mysql:
+	chmod +x /do-mysql.sh
+	/do-mysql.sh
+	# secure these two files because they contain passwords in plaintext
+	chmod og-rwx /do-mysql.sh
+	chmod 0600 /sqldefaults
+
+# recipes to restore the site from a backup
+install-from-backups: probe-backup-files install-sqldump install-drupal-sites chown-www
+
+probe-backup-files:
+	[ -f /sqldump ]
+	[ -d /sites ]
+
+install-sqldump:
+	# source the dump twice - once to create the DB, once to populate it
+	mysql -u root -p -e 'source /sqldump; use dbd_drupal; source /sqldump;'
+
+install-drupal-sites:
+	cd /var/www/html
+	cp -r /sites sites
+
+# recipes for building a chroot. notice that sql does not cooperate with chroots, due to some funky postinstall hooks and /proc namespaces conflicting
+build-chroot: new-chroot install-pkgs-in-chroot install-drupal-toolchain
+
+new-chroot:
+	rm -rf tristrap
+	mkdir tristrap
+	debootstrap --merged-usr etiona ./tristrap/ http://mirror.fsf.org/trisquel/
+
+install-pkgs-in-chroot:
+	cp files/pkgs tristrap
+	cp files/install-packages.sh tristrap
+	chmod +x tristrap/install-packages.sh
+	chroot tristrap /install-packages.sh
+
+install-drupal-toolchain:
+	cp files/install-drupal-toolchain.sh tristrap
+	chmod +x tristrap/install-drupal-toolchain.sh
+	chroot tristrap /install-drupal-toolchain.sh
diff --git a/drupal-automake-generic/bm.sh b/drupal-automake-generic/bm.sh
new file mode 100644
index 0000000..14214ba
--- /dev/null
+++ b/drupal-automake-generic/bm.sh
@@ -0,0 +1,7 @@
+mount --rbind /proc proc
+mount --rbind /sys sys
+mount --rbind /dev dev
+mount -t tmpfs none tmp
+mount -t tmpfs none run
+touch etc/resolv.conf
+mount --bind /etc/resolv.conf etc/resolv.conf
diff --git a/drupal-automake-generic/bootstrap.sh b/drupal-automake-generic/bootstrap.sh
new file mode 100755
index 0000000..c7c49ba
--- /dev/null
+++ b/drupal-automake-generic/bootstrap.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+apt install -y build-essential
+cp files/do-mysql.sh /
+cp files/install-drupal-toolchain.sh /
+cp files/install-packages.sh /
+cp files/pkgs /
+cp files/sqldefaults /
diff --git a/drupal-automake-generic/conf/dbd.conf b/drupal-automake-generic/conf/dbd.conf
new file mode 100644
index 0000000..81a6895
--- /dev/null
+++ b/drupal-automake-generic/conf/dbd.conf
@@ -0,0 +1,127 @@
+# <aliases for dbd>
+<VirtualHost *:80>
+	ServerName www0.defectivebydesign.org
+	ServerAlias www.defectivebydesign.org
+	ServerAlias defectivebydesign.com
+	ServerAlias defectivebydesign.net
+	ServerAlias www.defectivebydesign.com
+	ServerAlias www.defectivebydesign.net
+	ServerAlias dbd.fsf.org
+	ServerAlias defectivebydesign.org
+	ServerAdmin webmaster@fsf.org
+	### redirect to same domain name, but HTTPS. required for HSTS  
+	RewriteEngine On
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName www0.defectivebydesign.org
+	ServerAlias defectivebydesign.com
+	ServerAlias defectivebydesign.net
+	ServerAlias www.defectivebydesign.com
+	ServerAlias www.defectivebydesign.net
+	ServerAlias dbd.fsf.org
+	ServerAlias defectivebydesign.org
+	ServerAdmin webmaster@fsf.org
+	RedirectMatch permanent (.*) https://www.defectivebydesign.org$1
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName www.defectivebydesign.org
+	ServerAdmin webmaster@fsf.org
+</VirtualHost>
+# </aliases>
+
+# <configure some basic server parameters>
+# Possible values include: debug, info, notice, warn, error, crit,
+# alert, emerg.
+LogLevel warn
+ServerSignature On
+# </basic params>
+
+# if we have mod_status, use it
+<IfModule mod_status.c>
+	#
+	# Allow server status reports generated by mod_status,
+	# with the URL of http://servername/server-status
+	# Uncomment and change the ".example.com" to allow
+	# access from other hosts.
+	#
+	<Location /server-status>
+		SetHandler server-status
+		Require host 127.0.0.1 74.94.156.210
+	</Location>
+</IfModule>
+
+# <redirects/shortenings of URLs>
+Redirect /day http://www.defectivebydesign.org/dayagainstdrm/2019
+Redirect ^/dayagainstdrm/?$ http://www.defectivebydesign.org/dayagainstdrm/2019
+RedirectPermanent /node/9 /join
+RedirectPermanent /feed.xml /rss.xml
+
+# we can't seem to standardize on using underscores or hyphens, so we're going to use both
+# we can probably have apache use regex for this, I'll investigate that next
+# - Eostre, 2020-08-04
+Redirect ^/amazon-kindle-swindle\. /amazon-kindle-swindle
+Redirect ^/amazon_kindle_swindle\. /amazon-kindle-swindle
+Redirect ^/kindle-swindle\. /amazon-kindle-swindle
+Redirect ^/kindle_swindle\. /amazon-kindle-swindle
+
+# Cf. RT #716003. Ward, 2011-11-30
+RedirectPermanent /user/register https://crm.fsf.org/civicrm/profile/create?gid=36&reset=1
+
+# Cf. RT #839159. Ward, 2013-07-09
+RedirectPermanent /what-is-drm http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+RedirectPermanent /what_is_drm http://www.defectivebydesign.org/what_is_drm_digital_restrictions_management
+
+#k054 RT #1044876 2015-09-09 
+RedirectPermanent /donate https://my.fsf.org/civicrm/contribute/transact?reset=1&id=40
+RedirectPermanent /no-drm-in-html5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no-drm-in-html-5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no_drm_in_html5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+RedirectPermanent /no_drm_in_html_5 https://my.fsf.org/civicrm/profile/create?gid=183&reset=1
+
+# broken links to /en/printable, etc
+# Ward, 2010-01-28
+RewriteRule ^/en/(.*) /$1 [R]
+# </redirects>
+
+# <I think this is for security? idk why we would be messing with / when our webroot is /var/www/html>
+# I'm just an intern, fiddling with code written before I could `echo Hello World`
+# - Eostre, 2020-08-04
+<Directory />
+	Options FollowSymLinks
+	AllowOverride None
+</Directory>
+# </weird stuff>
+
+# <add CGI scripts shipping by our distro>
+ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
+<Directory "/usr/lib/cgi-bin">
+	AllowOverride None
+	Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
+	Require all granted
+</Directory>
+# </cgi>
+
+# <allow us to access usr/share/doc over HTTP, but only from localhost, e.g. allow us to use an SSH tunnel to access it>
+Alias /doc/ "/usr/share/doc/"
+<Directory "/usr/share/doc/">
+	Options Indexes MultiViews FollowSymLinks
+	AllowOverride None
+	Require host 127.0.0.0/255.0.0.0 ::1/128
+</Directory>
+# </share/doc fuckery>
+
+# <manage caching: sets the Expires and Cache-Control headers so that clients know when to use their cache vs. when to refetch a resource>
+<FilesMatch "\.(ico|pdf|jpe?g|png|gif|js|css)$">
+	ExpiresActive On
+	ExpiresDefault "access plus 1 month"
+</FilesMatch>
+
+<FilesMatch ".*">
+	ExpiresActive On
+	ExpiresDefault "access plus 5 minutes"
+</FilesMatch>
+# </caching>
diff --git a/drupal-automake-generic/conf/drupal-fix-404s.conf b/drupal-automake-generic/conf/drupal-fix-404s.conf
new file mode 100644
index 0000000..a17eb05
--- /dev/null
+++ b/drupal-automake-generic/conf/drupal-fix-404s.conf
@@ -0,0 +1,4 @@
+# do this so that .htaccess can cause things to not 404
+<Directory /var/www/html>
+	AllowOverride All
+</Directory>
diff --git a/drupal-automake-generic/conf/redirect-domains.conf b/drupal-automake-generic/conf/redirect-domains.conf
new file mode 100644
index 0000000..7613093
--- /dev/null
+++ b/drupal-automake-generic/conf/redirect-domains.conf
@@ -0,0 +1,52 @@
+### directives for making sure that boycottsony.org, dayagainstdrm.org, and rotten-apple.org redirect to their appropriate pages on DBD
+
+<VirtualHost *:80>
+	ServerName boycottsony.org
+	ServerAlias www.boycottsony.org
+	### redirect to same domain name, but HTTPS. required for HSTS  
+	RewriteEngine On
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+	ServerName dayagainstdrm.org
+	ServerAlias www.dayagainstdrm.org
+	### redirect to same domain name, but HTTPS. required for HSTS  
+	RewriteEngine On
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:80>
+	ServerName rotten-apple.org
+	ServerAlias www.rotten-apple.org
+	### redirect to same domain name, but HTTPS. required for HSTS  
+	RewriteEngine On
+	RewriteCond %{HTTPS} !=on
+	RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName boycottsony.org
+	ServerAlias www.boycottsony.org
+	Redirect / https://www.defectivebydesign.org/sony/
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName dayagainstdrm.org
+	ServerAlias www.dayagainstdrm.org
+	Header set Access-Control-Allow-Origin "my.fsf.org"
+	RewriteEngine On
+	RewriteRule ^/$ https://defectivebydesign.org/dayagainstdrm
+	RewriteRule ^/2016$ https://www.defectivebydesign.org/dayagainstdrm/2016
+	RewriteRule ^/2017$ https://www.defectivebydesign.org/dayagainstdrm/2017
+	RewriteRule ^/2018$ https://www.defectivebydesign.org/dayagainstdrm/2018
+	RewriteRule ^/2019$ https://www.defectivebydesign.org/dayagainstdrm/2019
+</VirtualHost>
+
+<VirtualHost *:443>
+	ServerName rotten-apple.org
+	ServerAlias www.rotten-apple.org
+	Redirect / https://www.fsf.org/campaigns/apple-patents
+</VirtualHost>
diff --git a/drupal-automake-generic/files/RELEASE b/drupal-automake-generic/files/RELEASE
new file mode 100644
index 0000000..e69de29
diff --git a/drupal-automake-generic/files/do-mysql.sh b/drupal-automake-generic/files/do-mysql.sh
new file mode 100644
index 0000000..350650d
--- /dev/null
+++ b/drupal-automake-generic/files/do-mysql.sh
@@ -0,0 +1,23 @@
+#!/bin/bash -xe
+
+DRUPAL_DB_PASSWORD="H0z7WC8Xq8yRE"
+
+# install the mysql server
+apt install -y mariadb-server ||:
+# installation "fails" when working in a chroot
+# so we just ignore it
+# should work on a regular system, but this part can't be tested in a chroot
+
+# set up mysql with defaults
+mysql_secure_installation < /sqldefaults
+
+# add the drupal db
+mysql -u root -p -e 'CREATE DATABASE dbd_drupal CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;'
+mysql -u root -p -e "GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, INDEX, ALTER, CREATE TEMPORARY TABLES ON dbd_drupal.* TO 'w_dbd'@'localhost' IDENTIFIED BY '$DRUPAL_DB_PASSWORD';"
+
+## and have drupal do the site-install
+#cd /var/www/html
+#vendor/bin/drush site-install --db-url=mysql://drupaluser:$DRUPAL_DB_PASSWORD@localhost/drupal
+
+# make sure perms are right
+chown -R www-data:www-data /var/www/html
diff --git a/drupal-automake-generic/files/install-drupal-toolchain.sh b/drupal-automake-generic/files/install-drupal-toolchain.sh
new file mode 100644
index 0000000..0aa585a
--- /dev/null
+++ b/drupal-automake-generic/files/install-drupal-toolchain.sh
@@ -0,0 +1,26 @@
+#!/bin/bash -xe
+
+# install composer if it's not already installed
+which composer || (\
+	curl -sS https://getcomposer.org/installer | php && \
+	mv composer.phar /usr/local/bin/composer && \
+:) && (\
+	composer self-update &&\
+:)
+
+# use composer to install drush7 and the drush launcher
+cd /var/www
+composer require drush/drush:8.*
+# ^^ PLEASE note that we're installing DRUSH 8, not Drupal 8. drush8 works fine with drupal7
+## actually don't install the drush launcher because it doesn't work with the latest release of drupal7
+#wget -O drush.phar https://github.com/drush-ops/drush-launcher/releases/latest/download/drush.phar
+#chmod +x drush.phar
+#mv drush.phar /usr/local/bin/drush
+
+# use vendor/bin/drush to download drupal
+cd /var/www
+vendor/bin/drush dl drupal-7
+
+# make drupal our webroot
+mv html html-stock
+ln -s drupal-7* html
diff --git a/drupal-automake-generic/files/install-packages.sh b/drupal-automake-generic/files/install-packages.sh
new file mode 100644
index 0000000..beea2f9
--- /dev/null
+++ b/drupal-automake-generic/files/install-packages.sh
@@ -0,0 +1,12 @@
+#!/bin/bash -xe
+
+apt update -y && apt upgrade -y
+
+# actually don't because it seems we don't need it. yet
+## add the php5 repo
+#add-apt-repository -y ppa:ondrej/php
+#apt update -y && apt upgrade -y
+
+for PKG in $(cat /pkgs); do
+        apt install -y $PKG ||: # never fail to install a package, because some packages' postinstall hooks fail when /dev /proc /run etc aren't mounted
+done
diff --git a/drupal-automake-generic/files/pkgs b/drupal-automake-generic/files/pkgs
new file mode 100644
index 0000000..8ded688
--- /dev/null
+++ b/drupal-automake-generic/files/pkgs
@@ -0,0 +1,11 @@
+software-properties-common
+tar
+coreutils
+curl
+unzip
+wget
+php
+php-xml
+php-zip
+php-mbstring
+mysql-utilities
diff --git a/drupal-automake-generic/files/sqldefaults b/drupal-automake-generic/files/sqldefaults
new file mode 100644
index 0000000..0e4c58b
--- /dev/null
+++ b/drupal-automake-generic/files/sqldefaults
@@ -0,0 +1,9 @@
+
+y
+password
+password
+y
+y
+y
+y
+y