Merge pull request #14 from Al-Muhandis/deb-packaging

Deb packaging

Author: Al-Muhandis

.gitignore

@@ -27,6 +27,7 @@ ppas.bat
 *.7z
 *.mo
 *.lst
+*.deb
 
 # Lazarus autogenerated files (duplicated info)
 *.rst
@@ -49,4 +50,4 @@ use/*/
 *.new
 
 tests/users.sqlite3
-*.json
+debian/usr/bin/tgadmin

build-deb.sh

@@ -0,0 +1,141 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+# ---------------------------------------------------------------------------
+# Configuration
+# ---------------------------------------------------------------------------
+VER_MAJOR="0"
+VER_MINOR=$(grep -oP '<MinorVersionNr Value="\K[^"]+' src/adminhelperd.lpi)
+VER_REV=$(grep -oP '<RevisionNr Value="\K[^"]+' src/adminhelperd.lpi)
+VER_BUILD=$(grep -oP '<BuildNr Value="\K[^"]+' src/adminhelperd.lpi)
+
+export app_VER="${VER_MAJOR}.${VER_MINOR}.${VER_REV}"
+export app_VERdeb="${VER_BUILD}"
+
+MAINTAINER_NAME="Renat Suleymanov"
+MAINTAINER_EMAIL="mail@Renat.Su"
+PACKAGE_NAME="tgadmin"
+
+# ---------------------------------------------------------------------------
+# Paths
+# ---------------------------------------------------------------------------
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Build always happens in Linux fs to avoid NTFS chmod issues in WSL
+BUILD_DIR="/tmp/${PACKAGE_NAME}_build"
+
+STAGING_DIR="${BUILD_DIR}/debian"
+DEB_NAME="${PACKAGE_NAME}_${app_VER}-${app_VERdeb}_amd64.deb"
+OUTPUT_DEB="${BUILD_DIR}/${DEB_NAME}"
+
+# ---------------------------------------------------------------------------
+# Detect WSL
+# ---------------------------------------------------------------------------
+detect_wsl() {
+    grep -qi microsoft /proc/version 2>/dev/null || \
+    grep -qi wsl /proc/version 2>/dev/null
+}
+
+# Where to copy the finished .deb.
+# Set via env: WINDOWS_OUTPUT_DIR="/mnt/c/Users/..." ./build-deb.sh
+if [ -n "${WINDOWS_OUTPUT_DIR:-}" ]; then
+    COPY_TARGET="${WINDOWS_OUTPUT_DIR}"
+else
+    COPY_TARGET="${SCRIPT_DIR}"
+fi
+
+# ---------------------------------------------------------------------------
+# Dependencies' checking
+# ---------------------------------------------------------------------------
+check_deps() {
+    local missing=()
+    for cmd in dpkg-deb gzip du awk grep jq; do
+        command -v "$cmd" &>/dev/null || missing+=("$cmd")
+    done
+    if [ ${#missing[@]} -gt 0 ]; then
+        echo "ERROR: missing required tools: ${missing[*]}" >&2
+        echo "Install with: sudo apt-get install dpkg-dev gzip jq" >&2
+        exit 1
+    fi
+}
+
+# ---------------------------------------------------------------------------
+# Validate tgadmin.json before building
+# ---------------------------------------------------------------------------
+validate_config() {
+    local config="${SCRIPT_DIR}/src/tgadmin.json"
+    if [ ! -f "${config}" ]; then
+        echo "ERROR: src/tgadmin.json not found" >&2
+        exit 1
+    fi
+    if ! jq empty "${config}" 2>/dev/null; then
+        echo "ERROR: src/tgadmin.json is not valid JSON" >&2
+        exit 1
+    fi
+}
+
+# ---------------------------------------------------------------------------
+# Main
+# ---------------------------------------------------------------------------
+check_deps
+validate_config
+
+echo "==> Building ${PACKAGE_NAME} v${app_VER}-${app_VERdeb}"
+echo "==> Build dir (Linux fs): ${BUILD_DIR}"
+
+# Recreate build-dir in /tmp from scratch
+rm -rf "${BUILD_DIR}"
+mkdir -p "${BUILD_DIR}"
+
+# Copy staging from sources in /tmp — here chmod works correctly
+cp -r "${SCRIPT_DIR}/debian" "${STAGING_DIR}"
+
+# Include db_schema.sql — used by postinst to initialize the database
+mkdir -p "${STAGING_DIR}/usr/share/${PACKAGE_NAME}"
+cp "${SCRIPT_DIR}/src/db_schema.sql" "${STAGING_DIR}/usr/share/${PACKAGE_NAME}/db_schema.sql"
+
+# Include tgadmin.json as default config
+# postinst will fill in DB credentials automatically
+mkdir -p "${STAGING_DIR}/etc/${PACKAGE_NAME}"
+cp "${SCRIPT_DIR}/src/tgadmin.json" "${STAGING_DIR}/etc/${PACKAGE_NAME}/tgadmin.json"
+
+# Set permissions
+find "${STAGING_DIR}" -type d -exec chmod 0755 {} \;
+find "${STAGING_DIR}" -type f -exec chmod 0644 {} \;
+find "${STAGING_DIR}/usr/bin" -type f -exec chmod 0755 {} \;
+
+# Maintainer scripts must be executable
+chmod 0755 "${STAGING_DIR}/DEBIAN/postinst"
+chmod 0755 "${STAGING_DIR}/DEBIAN/postrm"
+
+# Config file should not be world-readable (contains credentials after install)
+chmod 0640 "${STAGING_DIR}/etc/${PACKAGE_NAME}/tgadmin.json"
+
+# Version and size in control
+echo "Version: ${app_VER}.0-${app_VERdeb}" >> "${STAGING_DIR}/DEBIAN/control"
+SIZE_IN_KB="$(du -s "${STAGING_DIR}" | awk '{print $1}')"
+echo "Installed-Size: ${SIZE_IN_KB}" >> "${STAGING_DIR}/DEBIAN/control"
+
+# Changelog
+CHANGELOG="${STAGING_DIR}/usr/share/doc/${PACKAGE_NAME}/changelog.Debian"
+DATE=$(date -R)
+{
+    echo "${PACKAGE_NAME} (${app_VER}-${app_VERdeb}) unstable; urgency=medium"
+    echo ""
+    echo "  * fixes"
+    echo ""
+    echo " -- ${MAINTAINER_NAME} <${MAINTAINER_EMAIL}>  ${DATE}"
+} >> "${CHANGELOG}"
+gzip -9 -n "${CHANGELOG}"
+
+# Package building
+dpkg-deb --root-owner-group --build "${STAGING_DIR}" "${OUTPUT_DEB}"
+
+echo "==> Package built: ${OUTPUT_DEB}"
+
+# Copy ready .deb to needed place
+mkdir -p "${COPY_TARGET}"
+cp "${OUTPUT_DEB}" "${COPY_TARGET}/"
+echo "==> Copied to: ${COPY_TARGET}/${DEB_NAME}"
+
+echo "==> Done."

debian/DEBIAN/conffiles

@@ -0,0 +1,2 @@
+/etc/tgadmin/tgadmin.json
+/etc/default/tgadmin

debian/DEBIAN/control

@@ -0,0 +1,9 @@
+Package: tgadmin
+Priority: optional
+Maintainer: Renat Suleymanov <mail@Renat.Su>
+Architecture: amd64
+Section: utils
+Depends: dash, libc6 (>= 2.2.5)
+Origin: https://github.com/al-Muhandis/AdminHelper
+Description: Telegram admin helper
+ Telegram bot service for groups' moderation

debian/DEBIAN/postinst

@@ -0,0 +1,156 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PACKAGE_NAME="tgadmin"
+CONFIG_FILE="/etc/${PACKAGE_NAME}/tgadmin.json"
+SCHEMA_FILE="/usr/share/${PACKAGE_NAME}/db_schema.sql"
+DEFAULTS_FILE="/etc/default/${PACKAGE_NAME}"
+SYSTEMD_DROPIN_DIR="/etc/systemd/system/${PACKAGE_NAME}.service.d"
+SYSTEMD_DROPIN_FILE="${SYSTEMD_DROPIN_DIR}/10-run-as.conf"
+
+DB_NAME="tgadmin"
+DB_USER="tgadmin"
+
+mysql_available() {
+    command -v mysql &>/dev/null && mysqladmin ping --silent 2>/dev/null
+}
+
+# Read current value from JSON (return empty string if null or missing)
+json_get() {
+    jq -r "$1 // empty" "${CONFIG_FILE}" 2>/dev/null || true
+}
+
+# Write values to JSON on the spot
+json_set() {
+    local tmp
+    tmp="$(mktemp)"
+    jq "$1" "${CONFIG_FILE}" > "${tmp}" && mv "${tmp}" "${CONFIG_FILE}"
+}
+
+resolve_service_identity() {
+    SERVICE_USER="${PACKAGE_NAME}"
+    SERVICE_GROUP="${PACKAGE_NAME}"
+
+    if [ -f "${DEFAULTS_FILE}" ]; then
+        # shellcheck disable=SC1090
+        . "${DEFAULTS_FILE}"
+
+        if [ -n "${TGADMIN_SERVICE_USER:-}" ]; then
+            SERVICE_USER="${TGADMIN_SERVICE_USER}"
+        fi
+        if [ -n "${TGADMIN_SERVICE_GROUP:-}" ]; then
+            SERVICE_GROUP="${TGADMIN_SERVICE_GROUP}"
+        fi
+    fi
+
+    if [ -z "${SERVICE_USER}" ] || [ -z "${SERVICE_GROUP}" ]; then
+        echo "ERROR: TGADMIN_SERVICE_USER and TGADMIN_SERVICE_GROUP must be non-empty." >&2
+        exit 1
+    fi
+}
+
+ensure_service_account() {
+    if ! getent group "${SERVICE_GROUP}" >/dev/null; then
+        groupadd --system "${SERVICE_GROUP}"
+    fi
+
+    if ! id -u "${SERVICE_USER}" >/dev/null 2>&1; then
+        useradd \
+            --system \
+            --gid "${SERVICE_GROUP}" \
+            --no-create-home \
+            --home-dir /nonexistent \
+            --shell /usr/sbin/nologin \
+            "${SERVICE_USER}"
+    fi
+}
+
+configure_systemd_service_user() {
+    if ! command -v systemctl >/dev/null 2>&1; then
+        return
+    fi
+
+    if ! systemctl list-unit-files "${PACKAGE_NAME}.service" >/dev/null 2>&1; then
+        return
+    fi
+
+    mkdir -p "${SYSTEMD_DROPIN_DIR}"
+    cat > "${SYSTEMD_DROPIN_FILE}" <<DROPIN
+[Service]
+User=${SERVICE_USER}
+Group=${SERVICE_GROUP}
+DROPIN
+
+    systemctl daemon-reload || true
+}
+
+case "$1" in
+    configure)
+        # ----------------------------------------------------------------
+        # Check dependencies of postinst
+        # ----------------------------------------------------------------
+        for cmd in jq mysql mysqladmin openssl; do
+            if ! command -v "$cmd" &>/dev/null; then
+                echo "ERROR: required tool not found: ${cmd}" >&2
+                echo "Install with: sudo apt-get install ${cmd}" >&2
+                exit 1
+            fi
+        done
+
+        if [ ! -f "${CONFIG_FILE}" ]; then
+            echo "ERROR: config file not found: ${CONFIG_FILE}" >&2
+            echo "       Place tgadmin.json into /etc/tgadmin/ before installing." >&2
+            exit 1
+        fi
+
+        resolve_service_identity
+        ensure_service_account
+        configure_systemd_service_user
+
+        # ----------------------------------------------------------------
+        # Data base
+        # ----------------------------------------------------------------
+        if mysql_available; then
+            # Take password from config if set (package update)
+            EXISTING_PASS="$(json_get '.AdminHelperDB.Password')"
+
+            if [ -z "${EXISTING_PASS}" ]; then
+                DB_PASS="$(openssl rand -base64 16 | tr -d '/+=' | head -c 20)"
+                echo "==> Generated new database password."
+            else
+                DB_PASS="${EXISTING_PASS}"
+                echo "==> Using existing database password from config."
+            fi
+
+            echo "==> Configuring MySQL/MariaDB for ${DB_NAME}..."
+
+            mysql -u root <<SQL
+CREATE DATABASE IF NOT EXISTS \`${DB_NAME}\` CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+CREATE USER IF NOT EXISTS '${DB_USER}'@'localhost' IDENTIFIED BY '${DB_PASS}';
+GRANT ALL PRIVILEGES ON \`${DB_NAME}\`.* TO '${DB_USER}'@'localhost';
+FLUSH PRIVILEGES;
+SQL
+
+            # Rolling out the scheme (IF NOT EXISTS — safe when updating)
+            mysql -u root "${DB_NAME}" < "${SCHEMA_FILE}"
+
+            # Write credentials to tgadmin.json
+            json_set \
+                --arg user "${DB_USER}" \
+                --arg pass "${DB_PASS}" \
+                --arg db   "${DB_NAME}" \
+                '.AdminHelperDB.User = $user | .AdminHelperDB.Password = $pass | .AdminHelperDB.Database = $db'
+
+            echo "==> Database configured. Credentials saved to ${CONFIG_FILE}"
+        else
+            echo "WARNING: MySQL/MariaDB not found or not running." >&2
+            echo "         Install it, then run: sudo dpkg-reconfigure ${PACKAGE_NAME}" >&2
+        fi
+
+        # Configuration rights — only root and the service group
+        chown "root:${SERVICE_GROUP}" "${CONFIG_FILE}" 2>/dev/null || chown root:root "${CONFIG_FILE}"
+        chmod 0640 "${CONFIG_FILE}"
+        ;;
+esac
+
+exit 0

debian/DEBIAN/postrm

@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PACKAGE_NAME="tgadmin"
+CONFIG_FILE="/etc/${PACKAGE_NAME}/tgadmin.json"
+
+DB_NAME="tgadmin"
+DB_USER="tgadmin"
+
+mysql_available() {
+    command -v mysql &>/dev/null && mysqladmin ping --silent 2>/dev/null
+}
+
+case "$1" in
+    purge)
+        # purge = dpkg --purge, полное удаление с данными
+        if mysql_available; then
+            echo "==> Removing database and user for ${DB_NAME}..."
+            mysql -u root <<SQL
+DROP DATABASE IF EXISTS \`${DB_NAME}\`;
+DROP USER IF EXISTS '${DB_USER}'@'localhost';
+FLUSH PRIVILEGES;
+SQL
+        fi
+        rm -f "${CONFIG_FILE}"
+        rm -f "/etc/systemd/system/${PACKAGE_NAME}.service.d/10-run-as.conf"
+        rmdir --ignore-fail-on-non-empty "/etc/systemd/system/${PACKAGE_NAME}.service.d"
+        rmdir --ignore-fail-on-non-empty "/etc/${PACKAGE_NAME}"
+        ;;
+    remove)
+        # remove = dpkg --remove, конфиг и данные остаются
+        ;;
+esac
+
+exit 0

debian/etc/default/tgadmin

@@ -0,0 +1,11 @@
+# Service identity used by postinst when configuring tgadmin.service.
+#
+# By default package runs daemon as the system account "tgadmin".
+# Override only if you need a different existing or system account.
+#
+# Example:
+# TGADMIN_SERVICE_USER=mybot
+# TGADMIN_SERVICE_GROUP=mybot
+
+TGADMIN_SERVICE_USER=tgadmin
+TGADMIN_SERVICE_GROUP=tgadmin