iankelling.org Git - mediawiki-setup/blob - mw-setup-script

   1 #!/bin/bash
   2 # Copyright (C) 2016 Ian Kelling
   3 # This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
   4 set -x
   5 # <source lang="bash">
   6 # identify if this is a debian based distro
   7 isdeb() { command -v apt &>/dev/null; }
   8 # tee unique. append each stdin line if it does not exist in the file
   9 teeu () {
  10     local MAPFILE
  11     mapfile -t
  12     for line in "${MAPFILE[@]}"; do
  13         grep -xFq "$line" "$1" &>/dev/null || tee -a "$1" <<<"$line"
  14     done
  15 }
  16
  17 # get and reset an extension/skin repository, and enable it
  18 mw-clone() {
  19     local url=$1
  20     local original_pwd="$PWD"
  21     local name
  22     local re='[^/]*/[^/]*$' # last 2 parts of path
  23     [[ $url =~ $re ]] ||:
  24     target=$mw/${BASH_REMATCH[0]}
  25     if [[ ! -e $target/.git ]]; then
  26         git clone $url $target
  27     fi
  28     if ! cd $target; then
  29         echo "mw-ext error: failed cd $target";
  30         exit 1
  31     fi
  32     git fetch
  33     git checkout -qf origin/$mw_branch || git checkout -qf origin/master
  34     git clean -xffd
  35     cd "$original_pwd"
  36
  37 }
  38 mw-ext () {
  39     local ext
  40     for ext; do
  41         mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
  42         if [[ -e $mw/extensions/$ext/extension.json ]]; then
  43             # new style extension
  44             teeu $mwc <<EOF
  45 wfLoadExtension( '$ext' );
  46 EOF
  47         else
  48             teeu $mwc <<EOF
  49 require_once( "\$IP/extensions/$ext/$ext.php" );
  50 EOF
  51         fi
  52     done
  53     # --quick is quicker than default flags,
  54     # but still add a sleep to make sure everything works right
  55     sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
  56 }
  57 mw-skin() {
  58     local skin=$1
  59     mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/skins/$skin
  60     sed -i --follow-symlinks '/^wfLoadSkin/d' $mwc
  61     sed -i --follow-symlinks '/^\$wgDefaultSkin/d' $mwc
  62     teeu $mwc <<EOF
  63 \$wgDefaultSkin = "${skin,,*}";
  64 wfLoadSkin( '$skin' );
  65 EOF
  66     sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
  67 }
  68
  69 if command -v apt &>/dev/null; then
  70     apache_user=www-data
  71 else
  72     apache_user=apache
  73 fi
  74
  75 # </source>
  76 # <source lang="bash">
  77 # From here on out, exit if a command fails.
  78 # This will prevent us from not noticing an important failure.
  79 # We recommend setting this for the entire installation session.
  80 # If you are running commands interactively, it might be best to
  81 # put it in your ~/.bashrc temporarily.
  82 set -eE -o pipefail
  83 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  84 source ~/mw_vars
  85
  86 if isdeb; then
  87     # main reference:
  88     # https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
  89     apt-get update
  90     DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
  91     if apt-get install -s mediawiki &>/dev/null; then
  92         # mediawiki is packaged in jessie backports.
  93         DEBIAN_FRONTEND=noninteractive apt-get -y install php5-apcu mediawiki
  94     else
  95         # https://www.mediawiki.org/wiki/Manual:Installation_requirements
  96         if apt-get install -s php7.0 &>/dev/null; then
  97             # note, 7.0 is untested by the editor here, since it's not
  98             # available in debian 8. it's listed as supported
  99             # in the mediawiki page.
 100             # noninteractive to avoid mysql password prompt.
 101             DEBIAN_FRONTEND=noninteractive apt-get install -y apache2  \
 102                            default-mysql-server \
 103                            php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-xml \
 104                            php7.0-apcu php7.0-mbstring
 105         else
 106             # note: mbstring is recommended, but it's not available for php5 in
 107             # debian jessie.
 108             DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
 109                            default-mysql-server \
 110                            php5 php5-mysql libapache2-mod-php5 php5-apcu
 111         fi
 112     fi
 113     service apache2 restart
 114 else
 115     # note
 116     # fedora deps are missing a database, so some is translated from debian packages
 117     yum -y install mediawiki ImageMagick php-mysqlnd php-pecl-apcu mariadb-server
 118
 119     systemctl restart mariadb.service
 120     systemctl enable mariadb.service
 121     systemctl enable httpd.service
 122     systemctl restart httpd.service
 123 fi
 124
 125
 126 # slightly different depending on if we already set the root pass
 127 if echo exit|mysql -u root -p"$dbpass"; then
 128     # answer interactive prompts:
 129     # mysql root pass, change pass? no, remove anon users? (default, yes)
 130     # disallow remote root (default, yes), reload? (default, yes)
 131     echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
 132 else
 133     # I had 1 less newline at the start when doing ubuntu 14.04,
 134     # compared to debian 8, so can't say this is especially portable.
 135     # It won't hurt if it fails.
 136     echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
 137 fi
 138 # </source>
 139 # <source lang="bash">
 140 mkdir -p $mw
 141 cd $mw
 142 # this will just fail if it already exists which is fine
 143 if [[ ! -e .git ]]; then
 144     git clone https://gerrit.wikimedia.org/r/p/mediawiki/core.git .
 145 fi
 146 # to see available branches: https://www.mediawiki.org/wiki/Version_lifecycle
 147 # and
 148 # git branch -r
 149 git checkout -f origin/$mw_branch
 150 git clean -ffxd
 151 # apply librejs patch
 152 curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
 153 # Get the php libraries wmf uses. Based on:
 154 # https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
 155 if [[ ! -e vendor/.git ]]; then
 156     git clone  https://gerrit.wikimedia.org/r/p/mediawiki/vendor.git
 157 fi
 158 cd vendor
 159 git checkout -f origin/$mw_branch
 160 cd ..
 161
 162 # Drop any previous database which may have been installed while testing.
 163 # If upgrading, we should have a db backup which will get restored.
 164 # https://www.mediawiki.org/wiki/Manual:Upgrading
 165 mysql -u root -p$dbpass <<'EOF' ||:
 166 drop database my_wiki;
 167 exit
 168 EOF
 169 php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
 170     --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
 171 teeu $mwc <<'EOF'
 172 # lock down the wiki to only the initial owner until anti-spam measures are put in place
 173 # limit edits to registered users
 174 $wgGroupPermissions['*']['edit'] = false;
 175 # don't allow any account creation
 176 $wgGroupPermissions['*']['createaccount'] = false;
 177 EOF
 178 # </source>
 179 # <source lang="bash">
 180 temp=$(mktemp -d)
 181 cd $temp
 182 git_site=https://iankelling.org/git
 183 git clone $git_site/acme-tiny-wrapper
 184 l=$mw/../../logs
 185 mkdir -p $l
 186
 187 acme-tiny-wrapper/acme-tiny-wrapper -t $mwdomain
 188
 189 git clone $git_site/basic-https-conf
 190 { cat <<EOF
 191 ServerAdmin $mw_email
 192 RewriteEngine On
 193 # make the site's root url go to our main page
 194 RewriteRule ^/?wiki(/.*)?\$ %{DOCUMENT_ROOT}/w/index.php [L]
 195 # use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
 196 RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
 197 EOF
 198 find -L $(readlink -f $mw) -name .htaccess \
 199     | while read line; do
 200     echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
 201 done
 202 } | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
 203 cd
 204 rm -rf $temp
 205 # </source>
 206 # <source lang="bash">
 207 dd of=$mw/../robots.txt <<'EOF'
 208         User-agent: *
 209 Disallow: /w/
 210         User-agent: ia_archiver
 211 Allow: /*&action=raw
 212 EOF
 213 mw-skin Vector
 214 # </source>
 215 # <source lang="bash">
 216 teeu $mwc<<EOF
 217 \$wgServer = "https://$mwdomain";
 218 \$wgDBserver = "localhost";
 219 \$wgRightsUrl = "$mw_RightsUrl";
 220 \$wgRightsText = "$mw_RightsText";
 221 \$wgRightsIcon = "$mw_RightsIcon";
 222 EOF
 223 # </source>
 224 # <source lang="bash">
 225 teeu $mwc<<EOF
 226 \$wgPasswordSender = "$mw_email";
 227 \$wgEmergencyContact = "$mw_email";
 228 \$wgEnotifUserTalk = true; # UPO
 229 \$wgEnotifWatchlist = true; # UPO
 230 \$wgMainCacheType = CACHE_ACCEL;
 231 \$wgEnableUploads = true;
 232 \$wgUseInstantCommons = true;
 233 \$wgPingback = true;
 234 EOF
 235 # </source>
 236 # <source lang="bash">
 237 teeu $mwc <<'EOF'
 238 # from https://www.mediawiki.org/wiki/Manual:Short_URL
 239 $wgArticlePath = "/wiki/$1";
 240
 241 # https://www.mediawiki.org/wiki/Manual:Combating_spam
 242 # check that url if our precautions don't work
 243 # not using nofollow is good practice, as long as we avoid spam.
 244 $wgNoFollowLinks = false;
 245 # Allow user customization.
 246 $wgAllowUserCss = true;
 247 # use imagemagick over GD
 248 $wgUseImageMagick = true;
 249 # manual says this is not production ready, I think that is mostly
 250 # because they are using MobileFrontend extension instead, which gives
 251 # an even cleaner more minimal view, I plan to try setting it up
 252 # sometime but this seems like a very nice improvement for now.
 253 $wgVectorResponsive = true;
 254 EOF
 255
 256
 257 # https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
 258 # Increase from default of 2M to 100M.
 259 # This will at least allow high res pics etc.
 260 php_ini=$(php -r 'echo(php_ini_loaded_file());')
 261 sed -i --follow-symlinks 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
 262 if isdeb; then
 263     service apache2 restart
 264 else
 265     systemctl restart httpd.service
 266 fi
 267
 268 # if you were to install as a normal user, you would need this for images
 269 # sudo usermod -aG $apache_user $USER
 270
 271 # this doesn't propogate right away
 272 chgrp -R $apache_user $mw/images
 273 chmod -R g+w $mw/images
 274 # </source>
 275 # <source lang="bash">
 276 teeu $mwc <<'EOF'
 277 $wgLogo = null;
 278 #$wgFooterIcons = null;
 279 EOF
 280 # Make the toolbox go into the drop down.
 281 cd $mw/skins/Vector
 282 if ! git remote show ian-kelling &>/dev/null; then
 283     git remote add ian-kelling https://iankelling.org/git/forks/Vector
 284 fi
 285 git fetch ian-kelling
 286 git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
 287 # </source>
 288 # <source lang="bash">
 289 mw-ext Cite CiteThisPage CheckUser CSS Echo Gadgets ImageMap Interwiki News \
 290        Nuke ParserFunctions Poem Renameuser SyntaxHighlight_GeSHi Variables
 291 # </source>
 292 # <source lang="bash">
 293 mw-ext AntiSpoof
 294 # recommended setup script to account for existing users
 295 sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
 296 # </source>
 297 # <source lang="bash">
 298 if isdeb; then
 299     apt-get -y install php-wikidiff2
 300     teeu $mwc <<'EOF'
 301 $wgExternalDiffEngine = 'wikidiff2';
 302 EOF
 303     dir=$(dirname $(php -r 'echo(php_ini_loaded_file());'))/../apache2/conf.d
 304     ln -sf ../../mods-available/wikidiff2.ini $dir
 305     service apache2 restart
 306 fi
 307 # </source>
 308 # <source lang="bash">
 309 mw-ext Math
 310 # php5-curl according to Math readme
 311 if isdeb; then
 312     curl_pkg=php7.0-curl
 313     if ! apt-get -s install $curl_pkg &>/dev/null; then
 314         curl_pkg=php5-curl
 315     fi
 316     apt-get -y install latex-cjk-all texlive-latex-extra texlive-latex-base \
 317             ghostscript imagemagick ocaml $curl_pkg make
 318 else
 319     # todo, php5-curl equivalent on fedora
 320     yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
 321 fi
 322 service apache2 restart
 323
 324 cd $mw/extensions/Math/math; make # makes texvc
 325 cd $mw/extensions/Math/texvccheck; make
 326
 327 teeu $mwc <<'EOF'
 328 # Enable MathJax as rendering option
 329 $wgUseMathJax = true;
 330 # Enable LaTeXML as rendering option
 331 $wgMathValidModes[] = 'latexml';
 332 # Set LaTeXML as default rendering option, because it is nicest
 333 $wgDefaultUserOptions['math'] = 'latexml';
 334 EOF
 335 # </source>
 336 # <source lang="bash">
 337 mw-ext SpamBlacklist
 338 if ! grep -F '$wgSpamBlacklistFiles = array(' $mwc &>/dev/null; then
 339     tee -a $mwc <<'EOF'
 340 $wgEnableDnsBlacklist = true;
 341 $wgDnsBlacklistUrls = array( 'xbl.spamhaus.org', 'dnsbl.tornevall.org' );
 342
 343 ini_set( 'pcre.backtrack_limit', '10M' );
 344 $wgSpamBlacklistFiles = array(
 345    "[[m:Spam blacklist]]",
 346    "http://en.wikipedia.org/wiki/MediaWiki:Spam-blacklist"
 347 );
 348 EOF
 349 fi
 350 # </source>
 351 # <source lang="bash">
 352 mw-ext TitleBlacklist
 353 if ! grep -F '$wgTitleBlacklistSources = array(' $mwc &>/dev/null; then
 354     tee -a $mwc <<'EOF'
 355 $wgTitleBlacklistSources = array(
 356     array(
 357          'type' => 'local',
 358          'src'  => 'MediaWiki:Titleblacklist',
 359     ),
 360     array(
 361          'type' => 'url',
 362          'src'  => 'http://meta.wikimedia.org/w/index.php?title=Title_blacklist&action=raw',
 363     ),
 364 );
 365 EOF
 366 fi
 367 # </source>
 368 # <source lang="bash">
 369 mw-ext WikiEditor
 370 teeu $mwc <<'EOF'
 371 # Enable Wikieditor by default
 372 $wgDefaultUserOptions['usebetatoolbar'] = 1;
 373 $wgDefaultUserOptions['usebetatoolbar-cgd'] = 1;
 374
 375 # Display the Preview and Changes tabs
 376 $wgDefaultUserOptions['wikieditor-preview'] = 1;
 377 EOF
 378 # </source>
 379 # <source lang="bash">
 380 mw-ext CategoryTree
 381 teeu $mwc <<'EOF'
 382 # Mediawiki setting dependency for CategoryTree
 383 $wgUseAjax = true;
 384 EOF
 385 # </source>
 386 # <source lang="bash">
 387 mw-ext AbuseFilter
 388 teeu $mwc<<'EOF'
 389 $wgGroupPermissions['sysop']['abusefilter-modify'] = true;
 390 $wgGroupPermissions['*']['abusefilter-log-detail'] = true;
 391 $wgGroupPermissions['*']['abusefilter-view'] = true;
 392 $wgGroupPermissions['*']['abusefilter-log'] = true;
 393 $wgGroupPermissions['sysop']['abusefilter-private'] = true;
 394 $wgGroupPermissions['sysop']['abusefilter-modify-restricted'] = true;
 395 $wgGroupPermissions['sysop']['abusefilter-revert'] = true;
 396 EOF
 397 # </source>
 398 # <source lang="bash">
 399 mw-ext ConfirmEdit
 400 captchaArray
 401 teeu $mwc <<'EOF'
 402 wfLoadExtension( 'ConfirmEdit/QuestyCaptcha' );
 403 $wgCaptchaClass = 'QuestyCaptcha';
 404 # only captcha on registration
 405 $wgGroupPermissions['user'         ]['skipcaptcha'] = true;
 406 $wgGroupPermissions['autoconfirmed']['skipcaptcha'] = true;
 407 EOF
 408 if ! grep -Fx 'foreach ( $localSettingsQuestyQuestions as $key => $value ) {' $mwc; then
 409     tee -a $mwc <<'EOF'
 410 foreach ( $localSettingsQuestyQuestions as $key => $value ) {
 411         $wgCaptchaQuestions[] = array( 'question' => $key, 'answer' => $value );
 412 }
 413 EOF
 414 fi
 415 # </source>
 416 # <source lang="bash">
 417 sed -i --follow-symlinks "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
 418 # </source>
 419 # <source lang="bash">
 420 # get repo
 421 if [[ ! -e ~/pywikibot/.git ]]; then
 422     git clone --recursive \
 423         https://gerrit.wikimedia.org/r/pywikibot/core.git ~/pywikibot
 424 fi
 425 cd ~/pywikibot
 426 #updating
 427 git pull --all
 428 git submodule update
 429 # </source>
 430 # <source lang="bash">
 431 cd $HOME/pywikibot
 432 dd of=user-config.py <<EOF
 433 mylang = 'en'
 434 usernames["$mwfamily"]['en'] = u'$wikiuser'
 435 family = "$mwfamily"
 436 console_encoding = 'utf-8'
 437 password_file = "secretsfile"
 438 EOF
 439
 440 dd of=secretsfile <<EOF
 441 ("$wikiuser", "$wikipass")
 442 EOF
 443
 444 # it won't overrwrite an existing file. Remove if if one exists
 445 rm -f  pywikibot/families/${mwfamily}_family.py
 446 if isdeb; then
 447     apt-get install -y python-requests
 448 else
 449     yum -y install python-requests
 450 fi
 451
 452 python generate_family_file.py https://$mwdomain/wiki/Main_Page "$mwfamily"
 453
 454 # Note, this needed only for ssl site
 455 tee -a pywikibot/families/${mwfamily}_family.py<<'EOF'
 456     def protocol(self, code):
 457         return 'https'
 458 EOF
 459 # </source>
 460 # <source lang="bash">
 461 cd "$HOME/pywikibot"
 462
 463 dd of=scripts/${mwfamily}_setup.py<<EOF
 464 import pywikibot
 465 import time
 466 import sys
 467 site = pywikibot.Site()
 468 def x(p, t=""):
 469    page = pywikibot.Page(site, p)
 470    page.text = t
 471    #force is for some anti-bot thing, not necessary in my testing, but might as well include it
 472    page.save(force=True)
 473
 474 # Small/medium noncommercial wiki should be fine with no privacy policy
 475 # based on https://www.mediawiki.org/wiki/Manual:Footer
 476 x("MediaWiki:Privacy")
 477
 478 # licenses for uploads. Modified from the mediawiki's wiki
 479 x("MediaWiki:Licenses", u"""* Same as this wiki's text (preferred)
 480 ** CC BY-SA or GFDL| Creative Commons Attribution ShareAlike or GNU Free Documentation License
 481 * Others:
 482 ** Unknown_copyright|I don't know exactly
 483 ** PD|PD: public domain
 484 ** CC BY|Creative Commons Attribution
 485 ** CC BY-SA|Creative Commons Attribution ShareAlike
 486 ** GFDL|GFDL: GNU Free Documentation License
 487 ** GPL|GPL: GNU General Public License
 488 ** LGPL|LGPL: GNU Lesser General Public License""")
 489 x("MediaWiki:Copyright", '$mw_license')
 490 x("MediaWiki:Mainpage-description", "$mwdescription")
 491
 492
 493
 494 # The rest of the settings are for the site style
 495
 496 # Remove various clutter
 497 x("MediaWiki:Lastmodifiedat")
 498 x("MediaWiki:Disclaimers")
 499 x("MediaWiki:Viewcount")
 500 x("MediaWiki:Aboutsite")
 501 # remove these lines from sidebar
 502 # ** recentchanges-url|recentchanges
 503 # ** randompage-url|randompage
 504 # ** helppage|help
 505 x("MediaWiki:Sidebar", """* navigation
 506 ** mainpage|mainpage-description
 507 * SEARCH
 508 * TOOLBOX
 509 * LANGUAGES""")
 510
 511 # remove side panel
 512 # helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
 513 x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top  */
 514 /* panel width increased to fit full wiki name. */
 515 div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
 516 div#footer, #mw-head-base, div#content { margin-left: 1em; }
 517 #left-navigation { margin-left: 1em; }
 518
 519
 520 /* logo, and toolbar hidden */
 521 #p-logo, #p-tb.portal {
 522    display:none;
 523 }
 524
 525 /* make the font size smaller for the misc stuff */
 526 #p-personal {
 527    font-size: 0.8em;
 528 }
 529
 530 #footer-info {
 531    font-size: 0.8em;
 532 }
 533 div#mw-content-text {
 534     max-width: 720px;
 535 }
 536 """)
 537 EOF
 538
 539 # this can spam a warning, so uniq it
 540 python pwb.py ${mwfamily}_setup |& uniq
 541 # </source>
 542 # <source lang="bash">
 543 s=/etc/cron.daily/mediawiki_update
 544 dd of=$s<<'EOF'
 545 #!/bin/bash
 546 source ~/mw_vars
 547 update() {
 548     dir=$1
 549     cd $mw
 550     [[ -d $dir ]] || return 1
 551     cd $dir
 552     branch=$(git describe --all)
 553     branch=${branch#remotes/}
 554     git fetch --all -q
 555     new_head=$(git rev-parse $branch)
 556     log=$(git log HEAD..$new_head)
 557     if [[ ! $log ]]; then
 558         return 1
 559     fi
 560     pwd
 561     echo "$log"
 562     git checkout -qf $new_head
 563     cd $mw
 564     return 0
 565 }
 566 for dir in extensions/* skins/* vendor; do
 567     update "$dir" ||:
 568 done
 569 if update .; then
 570     curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
 571 fi
 572 php $mw/maintenance/update.php -q --quick
 573 EOF
 574
 575 # </source>