#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is under GPL v. 3 or later, see
#
# identify if this is a debian based distro
isdeb() { command -v apt &>/dev/null; }
# tee unique. append each stdin line if it does not exist in the file
teeu () {
local MAPFILE
mapfile -t
for line in "${MAPFILE[@]}"; do
grep -xFq "$line" "$1" &>/dev/null || tee -a "$1" <<<"$line"
done
}
# get and reset an extension/skin repository, and enable it
mw-clone() {
local url=$1
local original_pwd="$PWD"
local name
local re='[^/]*/[^/]*$'
[[ $url =~ $re ]] ||:
target=$mw/${BASH_REMATCH[0]}
if [[ ! -e $target/.git ]]; then
git clone $url $target
fi
if ! cd $target; then
echo "mw-ext error: failed cd $target";
exit 1
fi
git fetch
git checkout -qf origin/$mw_branch || git checkout -qf origin/master
git clean -xffd
cd "$original_pwd"
}
mw-ext () {
local ext
for ext in "$@"; do
mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
if [[ -e $mw/ext/$ext/extension.json ]]; then
# new style extension. remove old style declaration
sed -i '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
teeu $mwc </dev/null; then
apache_user=www-data
else
apache_user=apache
fi
#
#
# From here on out, exit if a command fails.
# This will prevent us from not noticing an important failure.
# We recommend setting this for the entire installation session.
# If you are running commands interactively, it might be best to
# put it in your ~/.bashrc temporarily.
set -eE -o pipefail
trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
source ~/mw_vars
if isdeb; then
# main reference:
# https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
apt-get update
apt-get install -y imagemagick php-mbstring
if apt-get install -s mediawiki &>/dev/null; then
# in debian wheezy time-frame distros, mediawiki was packaged.
apt-get -y install php-apc mediawiki
else
# https://www.mediawiki.org/wiki/Manual:Installation_requirements
if apt-get install -s php7.0 &>/dev/null; then
# note, 7.0 is untested by the editor here, since it's not
# available in debian 8. it's listed as supported
# in the mediawiki page.
# noninteractive to avoid mysql password prompt
DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 mysql-server \
php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-xml \
php7.0-apcu
else
DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 mysql-server \
php5 php5-mysql libapache2-mod-php5 php5-apcu
fi
fi
service apache2 restart
else
# note
# fedora deps are missing a database, so some is translated from debian packages
yum -y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server
systemctl restart mariadb.service
systemctl enable mariadb.service
systemctl enable httpd.service
systemctl restart httpd.service
fi
# slightly different depending on if we already set the root pass
if echo exit|mysql -u root -p"$dbpass"; then
# answer interactive prompts:
# mysql root pass, change pass? no, remove anon users? (default, yes)
# disallow remote root (default, yes), reload? (default, yes)
echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
else
# I had 1 less newline at the start when doing ubuntu 14.04,
# compared to debian 8, so can't say this is especially portable.
# It won't hurt if it fails.
echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
#
#
mkdir -p $mw
cd $mw
# this will just fail if it already exists which is fine
if [[ ! -e .git ]]; then
git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git .
fi
# to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
# and
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
if [[ ! -e vendor/.git ]]; then
git clone https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git
fi
cd vendor
git checkout -f origin/$mw_branch
cd ..
# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
mysql -u root -p$dbpass <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
--dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
$wgGroupPermissions['*']['edit'] = false;
# don't allow any account creation
$wgGroupPermissions['*']['createaccount'] = false;
EOF
#
#
temp=$(mktemp -d)
cd $temp
git_site=https://iankelling.org/git
git clone $git_site/acme-tiny-wrapper
l=$mw/../../logs
mkdir -p $l
acme-tiny-wrapper/acme-tiny-wrapper $mwdomain
git clone $git_site/basic-https-conf
{ cat <\n $(< $line)\n";
done
} | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
cd
rm -rf $temp
#
#
dd of=$mw/../robots.txt <<'EOF'
User-agent: *
Disallow: /w/
User-agent: ia_archiver
Allow: /*&action=raw
EOF
mw-skin Vector
#
#
teeu $mwc<
#
teeu $mwc<
#
teeu $mwc <<'EOF'
# from https://www.mediawiki.org/wiki/Manual:Short_URL
$wgArticlePath = "/wiki/$1";
# https://www.mediawiki.org/wiki/Manual:Combating_spam
# check that url if our precautions don't work
# not using nofollow is good practice, as long as we avoid spam.
$wgNoFollowLinks = false;
# Allow user customization.
$wgAllowUserJs = true;
$wgAllowUserCss = true;
# use imagemagick over GD
$wgUseImageMagick = true;
EOF
# https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
# Increase from default of 2M to 100M.
# This will at least allow high res pics etc.
php_ini=$(php -r 'echo(php_ini_loaded_file());')
sed -i 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
if isdeb; then
service apache2 restart
else
systemctl restart httpd.service
fi
# if you were to install as a normal user, you would need this for images
# sudo usermod -aG $apache_user $USER
# this doesn't propogate right away
chgrp -R $apache_user $mw/images
chmod -R g+w $mw/images
#
#
teeu $mwc <<'EOF'
$wgLogo = null;
#$wgFooterIcons = null;
EOF
# Make the toolbox go into the drop down.
cd $mw/skins/Vector
if ! git remote show ian-kelling &>/dev/null; then
git remote add ian-kelling https://iankelling.org/git/Vector
fi
git fetch ian-kelling
git checkout ian-kelling/REL1_27-toolbox-in-dropdown
#
#
mw-ext Cite CiteThisPage CSS Echo Gadgets ImageMap Interwiki News \
Nuke ParserFunctions Poem SyntaxHighlight_GeSHi Variables
#
#
mw-ext AntiSpoof
# recommended setup script to account for existing users
sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
#
#
mw-ext CheckUser
sudo -u $apache_user php $mw/extensions/CheckUser/install.php; sleep 1
#
#
if isdeb; then
apt-get -y install php-wikidiff2
teeu $mwc <<'EOF'
$wgExternalDiffEngine = 'wikidiff2';
EOF
dir=$(dirname $(php -r 'echo(php_ini_loaded_file());'))/../apache2/conf.d
ln -sf ../../mods-available/wikidiff2.ini $dir
service apache2 restart
fi
#
#
mw-ext Math
# php5-curl according to Math readme
if isdeb; then
curl_pkg=php7.0-curl
if ! apt-get -s install $curl_pkg &>/dev/null; then
curl_pkg=php5-curl
fi
apt-get -y install latex-cjk-all texlive-latex-extra texlive-latex-base \
ghostscript imagemagick ocaml $curl_pkg make
else
# todo, php5-curl equivalent on fedora
yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
fi
service apache2 restart
cd $mw/extensions/Math/math; make # makes texvc
cd $mw/extensions/Math/texvccheck; make
teeu $mwc <<'EOF'
# Enable MathJax as rendering option
$wgUseMathJax = true;
# Enable LaTeXML as rendering option
$wgMathValidModes[] = 'latexml';
# Set LaTeXML as default rendering option, because it is nicest
$wgDefaultUserOptions['math'] = 'latexml';
EOF
#
#
mw-ext SpamBlacklist
if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
tee -a $mwc <<'EOF'
$wgEnableDnsBlacklist = true;
$wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );
ini_set( 'pcre.backtrack_limit', '10M' );
$wgSpamBlacklistFiles = array(
"[[m:Spam blacklist]]",
"http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
);
EOF
fi
#
#
mw-ext TitleBlacklist
if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
tee -a $mwc <<'EOF'
$wgTitleBlacklistSources = array(
array(
'type' => 'local',
'src' => 'MediaWiki:Titleblacklist',
),
array(
'type' => 'url',
'src' => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
),
);
EOF
fi
#
#
mw-ext WikiEditor
teeu $mwc <<'EOF'
# Enable Wikieditor by default
$wgDefaultUserOptions['usebetatoolbar'] = 1;
$wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;
# Display the Preview and Changes tabs
$wgDefaultUserOptions['wikieditor-preview'] = 1;
EOF
#
#
mw-ext CategoryTree
teeu $mwc <<'EOF'
# Mediawiki setting dependency for CategoryTree
$wgUseAjax = true;
EOF
#
#
mw-ext AbuseFilter
teeu $mwc<<'EOF'
$wgGroupPermissions['sysop']['abusefilter-modify'] = true;
$wgGroupPermissions['*']['abusefilter-log-detail'] = true;
$wgGroupPermissions['*']['abusefilter-view'] = true;
$wgGroupPermissions['*']['abusefilter-log'] = true;
$wgGroupPermissions['sysop']['abusefilter-private'] = true;
$wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
$wgGroupPermissions['sysop']['abusefilter-revert'] = true;
EOF
#
#
mw-ext ConfirmEdit
captchaArray
teeu $mwc <<'EOF'
wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
$wgCaptchaClass = 'QuestyCaptcha';
# only captcha on registration
$wgGroupPermissions['user' ]['skipcaptcha'] = true;
$wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
EOF
if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
tee -a $mwc <<'EOF'
foreach ( $localSettingsQuestyQuestions as $key => $value ) {
$wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
}
EOF
fi
#
#
sed -i "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
#
#
# get repo
if [[ ! -e ~/pywikibot/.git ]]; then
git clone --recursive \
https://gerrit.wikimedia.org/r/pywikibot/core.git ~/pywikibot
fi
cd ~/pywikibot
#updating
git pull --all
git submodule update
#
#
cd $HOME/pywikibot
dd of=user-config.py <
#
cd "$HOME/pywikibot"
dd of=scripts/${mwfamily}_setup.py<
#
s=/etc/cron.daily/mediawiki_update
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
cd $mw
git fetch --all
git checkout origin/$mw_branch
git rebase ian/REL1_23-toolbox-in-dropdown
cd extensions
for x in *; do
if [[ -d $x ]]; then
cd $x
git fetch --all
git checkout origin/$mw_branch || git checkout -qf origin/master
cd ..
fi
done
php $mw/maintenance/update.php -q
EOF
chmod +x $s
#