#!/bin/bash
# Copyright (C) 2016 Ian Kelling
# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
+set -x
+# <source lang="bash">
+# if we have jessie-backports, we need to use it.
+if ! apt-get install -t jessie-backports certbot python-certbot-apache; then
+ apt-get install certbot python-certbot-apache
+fi
+# </source>
# <source lang="bash">
-# for convenience, Mediawiki config file
-mwc="$mw/LocalSettings.php"
-
# identify if this is a debian based distro
isdeb() { command -v apt &>/dev/null; }
# tee unique. append each stdin line if it does not exist in the file
}
# get and reset an extension/skin repository, and enable it
-mw-ext () { mw-extra extensions $@; }
-mw-skin() { mw-extra skins $@; }
+mw-clone() {
+ local url=$1
+ local original_pwd="$PWD"
+ local name
+ local re='[^/]*/[^/]*$' # last 2 parts of path
+ [[ $url =~ $re ]] ||:
+ target=$mw/${BASH_REMATCH[0]}
+ if [[ ! -e $target/.git ]]; then
+ git clone $url $target
+ fi
+ if ! cd $target; then
+ echo "mw-ext error: failed cd $target";
+ exit 1
+ fi
+ git fetch
+ git checkout -qf origin/$mw_branch || git checkout -qf origin/master
+ git clean -xffd
+ cd "$original_pwd"
-mw-extra() {
- local type=$1 # extension or skin
- shift
+}
+mw-ext () {
local ext
- for ext in "$@"; do
- local original_pwd="$PWD"
- # it's ok that this fails if we already have it
- url=https://git.wikimedia.org/git/mediawiki
- target=$mw/$type/$ext
- if [[ ! -e $target/.git ]]; then
- git clone $url/$type/$ext.git $target
- fi
- if ! cd $target; then
- echo "mw-ext error: failed cd $mw/extensions/$ext";
- exit 1
- fi
- git fetch
- git checkout -qf origin/$mw_branch || git checkout -qf origin/master
- git clean -xffd
- cd "$original_pwd"
- case $type in
- extensions)
- if [[ -e $target/extension.json ]]; then
- # new style extension. remove old style declaration
- sed -i '#^require_once( "\\\$IP/extensions/\$ext/\$ext\.php" );#d' $mwc
- teeu $mwc <<EOF
+ for ext; do
+ mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/extensions/$ext
+ if [[ -e $mw/extensions/$ext/extension.json ]]; then
+ # new style extension
+ teeu $mwc <<EOF
wfLoadExtension( '$ext' );
EOF
- else
- teeu $mwc <<EOF
+ else
+ teeu $mwc <<EOF
require_once( "\$IP/extensions/$ext/$ext.php" );
EOF
- fi
- ;;
- skins)
- sed -i '/^wfLoadSkin/d' $mwc
- sed -i '/^\$wgDefaultSkin/d' $mwc
- teeu $mwc <<EOF
-\$wgDefaultSkin = "${ext,,*}";
-wfLoadSkin( '$ext' );
-EOF
- ;;
- esac
+ fi
done
# --quick is quicker than default flags,
# but still add a sleep to make sure everything works right
sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
}
+mw-skin() {
+ local skin=$1
+ mw-clone https://gerrit.wikimedia.org/r/p/mediawiki/skins/$skin
+ sed -i --follow-symlinks '/^wfLoadSkin/d' $mwc
+ sed -i --follow-symlinks '/^\$wgDefaultSkin/d' $mwc
+ teeu $mwc <<EOF
+\$wgDefaultSkin = "${skin,,*}";
+wfLoadSkin( '$skin' );
+EOF
+ sudo -u $apache_user php $mw/maintenance/update.php -q --quick; sleep 1
+}
if command -v apt &>/dev/null; then
apache_user=www-data
# main reference:
# https://www.mediawiki.org/wiki/Manual:Running_MediaWiki_on_Ubuntu
apt-get update
- apt-get install -y ImageMagick
+ DEBIAN_FRONTEND=noninteractive apt-get install -y imagemagick curl
if apt-get install -s mediawiki &>/dev/null; then
- # in debian wheezy time-frame distros, mediawiki was packaged.
- apt-get -y install php-apc mediawiki
+ apcu=php5-apcu
+ if apt-get install -s php7.0-apcu &>/dev/null; then
+ apcu=php7.0-apcu
+ fi
+ # mediawiki is packaged in jessie backports & stretch
+ DEBIAN_FRONTEND=noninteractive apt-get -y install $apcu mediawiki
else
# https://www.mediawiki.org/wiki/Manual:Installation_requirements
if apt-get install -s php7.0 &>/dev/null; then
# note, 7.0 is untested by the editor here, since it's not
# available in debian 8. it's listed as supported
# in the mediawiki page.
- # noninteractive to avoid mysql password prompt
- DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 mysql-server \
+ # noninteractive to avoid mysql password prompt.
+ DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
+ default-mysql-server \
php7.0 php7.0-mysql libapache2-mod-php7.0 php7.0-xml \
- php7.0-apcu
+ php7.0-apcu php7.0-mbstring
else
- DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 mysql-server \
+ # note: mbstring is recommended, but it's not available for php5 in
+ # debian jessie.
+ DEBIAN_FRONTEND=noninteractive apt-get install -y apache2 \
+ default-mysql-server \
php5 php5-mysql libapache2-mod-php5 php5-apcu
fi
fi
fi
-# slightly different depending on if we already set the root pass
-if echo exit|mysql -u root -p"$dbpass"; then
- # answer interactive prompts:
- # mysql root pass, change pass? no, remove anon users? (default, yes)
- # disallow remote root (default, yes), reload? (default, yes)
- echo -e "$dbpass\nn\n\n\n\n" | mysql_secure_installation
-else
- # I had 1 less newline at the start when doing ubuntu 14.04,
+# skip if we already set the root pass and are on pre-debian 9.
+if ! echo exit|mysql -uroot "-p$dbpass"; then
+ # Note: we set a root password here, but in debian 9+, it is ignored;
+ # only the local user root can login, and any password is accepted.
+ # We answer these interactive prompts:
+ # Enter current password for root (enter for none):
+ # Set root password? [Y/n]
+ # New password:
+ # Re-enter new password:
+ # Remove anonymous users? [Y/n]
+ # Disallow root login remotely? [Y/n]
+ # Remove test database and access to it? [Y/n]
+ # Reload privilege tables now? [Y/n]
+ # Note, I had 1 less newline at the start when doing ubuntu 14.04,
# compared to debian 8, so can't say this is especially portable.
- # It won't hurt if it fails.
echo -e "\n\n$dbpass\n$dbpass\n\n\n\n\n" | mysql_secure_installation
fi
+mysql -uroot "-p$dbpass" <<EOF
+GRANT ALL PRIVILEGES ON my_wiki.* TO 'wikiuser'@'localhost' IDENTIFIED BY '$dbpass';
+EOF
# </source>
# <source lang="bash">
mkdir -p $mw
# git branch -r
git checkout -f origin/$mw_branch
git clean -ffxd
+# apply librejs patch
+curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
# Get the php libraries wmf uses. Based on:
# https://www.mediawiki.org/wiki/Download_from_Git#Fetch_external_libraries
if [[ ! -e vendor/.git ]]; then
# Drop any previous database which may have been installed while testing.
# If upgrading, we should have a db backup which will get restored.
# https://www.mediawiki.org/wiki/Manual:Upgrading
-mysql -u root -p$dbpass <<'EOF' ||:
+mysql -uroot "-p$dbpass" <<'EOF' ||:
drop database my_wiki;
exit
EOF
php $mw/maintenance/install.php --pass $wikipass --scriptpath /w \
- --dbuser root --dbpass $dbpass "$mwdescription" "$wikiuser"
+ --dbuser wikiuser --dbpass $dbpass "$mwdescription" "$wikiuser"
teeu $mwc <<'EOF'
# lock down the wiki to only the initial owner until anti-spam measures are put in place
# limit edits to registered users
EOF
# </source>
# <source lang="bash">
-tmpdir="$(mktemp -d)"
-cd $tmpdir
-wget http://builds.piwik.org/piwik.zip
-if isdeb; then apt-get -y install unzip; else yum -y install unzip; fi
-unzip -q piwik.zip
-# gui installer suggested command
-if isdeb; then
- chown -R www-data:www-data piwik
-else
- chown -R apache:apache piwik
-fi
-# remove any existing directory
-rm -rf $mw/../analytics
-mv piwik $mw/../analytics
-cd $mw
-rm -rf $tmpdir
-
-# </source>
-# <source lang="bash">
-temp=$(mktemp -d)
-cd $temp
-git_site=https://iankelling.org/git
-git clone $git_site/acme-tiny-wrapper
l=$mw/../../logs
mkdir -p $l
-
-acme-tiny-wrapper/acme-tiny-wrapper $mwdomain
-
-git clone $git_site/basic-https-conf
+temp=$(mktemp -d)
+cd $temp
+# for me, this repo is on the same server and apache needs a sec after restarting
+sleep 1
+git clone https://iankelling.org/git/basic-https-conf
{ cat <<EOF
ServerAdmin $mw_email
RewriteEngine On
# use short urls https://www.mediawiki.org/wiki/Manual:Short_URL
RewriteRule ^/*\$ %{DOCUMENT_ROOT}/w/index.php [L]
EOF
-find -L $(readlink -f $mw/..) -name .htaccess \
+find -L $(readlink -f $mw) -name .htaccess \
| while read line; do
echo -e "<Directory ${line%/.htaccess}>\n $(< $line)\n</Directory>";
done
-} | basic-https-conf/apache-site -r ${mw%/*} - $mwdomain
+} | basic-https-conf/web-conf -r ${mw%/*} - apache2 $mwdomain
+cd
+rm -rf $temp
# </source>
# <source lang="bash">
dd of=$mw/../robots.txt <<'EOF'
\$wgMainCacheType = CACHE_ACCEL;
\$wgEnableUploads = true;
\$wgUseInstantCommons = true;
+\$wgPingback = true;
EOF
# </source>
# <source lang="bash">
# not using nofollow is good practice, as long as we avoid spam.
$wgNoFollowLinks = false;
# Allow user customization.
-$wgAllowUserJs = true;
$wgAllowUserCss = true;
-
# use imagemagick over GD
$wgUseImageMagick = true;
+# manual says this is not production ready, I think that is mostly
+# because they are using MobileFrontend extension instead, which gives
+# an even cleaner more minimal view, I plan to try setting it up
+# sometime but this seems like a very nice improvement for now.
+$wgVectorResponsive = true;
EOF
# https://www.mediawiki.org/wiki/Manual:Configuring_file_uploads
# Increase from default of 2M to 100M.
# This will at least allow high res pics etc.
-php_ini=$(isdeb && echo /etc/php5/apache2/php.ini || echo /etc/php.ini)
-sed -i 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
+php_ini=$(php -r 'echo(php_ini_loaded_file());')
+sed -i --follow-symlinks 's/^\(upload_max_filesize\|post_max_size\)\b.*/\1 = 100M/' $php_ini
if isdeb; then
service apache2 restart
else
# Make the toolbox go into the drop down.
cd $mw/skins/Vector
if ! git remote show ian-kelling &>/dev/null; then
- git remote add ian-kelling https://iankelling.org/git/Vector
+ git remote add ian-kelling https://iankelling.org/git/mediawiki-sidebar-patch
fi
git fetch ian-kelling
-git checkout ian-kelling/REL1_27-toolbox-in-dropdown
+git checkout ian-kelling/${mw_branch}-toolbox-in-dropdown
# </source>
# <source lang="bash">
-mw-ext Cite CiteThisPage CSS Echo Gadgets ImageMap Interwiki News \
- Nuke ParserFunctions Poem SyntaxHighlight_GeSHi Variables
+mw-ext Cite CiteThisPage CheckUser CSS Echo Gadgets ImageMap Interwiki News \
+ Nuke ParserFunctions Poem Renameuser SyntaxHighlight_GeSHi Variables
# </source>
# <source lang="bash">
mw-ext AntiSpoof
sudo -u $apache_user php $mw/extensions/AntiSpoof/maintenance/batchAntiSpoof.php
# </source>
# <source lang="bash">
-mw-ext CheckUser
-sudo -u $apache_user php $mw/extensions/CheckUser/install.php; sleep 1
-# </source>
-# <source lang="bash">
if isdeb; then
apt-get -y install php-wikidiff2
teeu $mwc <<'EOF'
$wgExternalDiffEngine = 'wikidiff2';
EOF
- ln -sf ../../mods-available/wikidiff2.ini /etc/php5/apache2/conf.d
+ dir=$(dirname $(php -r 'echo(php_ini_loaded_file());'))/../apache2/conf.d
+ ln -sf ../../mods-available/wikidiff2.ini $dir
service apache2 restart
fi
# </source>
# todo, php5-curl equivalent on fedora
yum -y install texlive-cjk ghostscript ImageMagick texlive ocaml
fi
-ln -sf ../../mods-available/curl.ini /etc/php5/apache2/conf.d
service apache2 restart
cd $mw/extensions/Math/math; make # makes texvc
fi
# </source>
# <source lang="bash">
-sed -i "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
+sed -i --follow-symlinks "/\\\$wgGroupPermissions\\['\\*'\\]\\['createaccount'\\] = false;/d" $mwc
# </source>
# <source lang="bash">
# get repo
# remove side panel
# helpfull doc: https://www.mediawiki.org/wiki/Manual:Interface/Sidebar
x("mediawiki:Common.css", """/* adjust sidebar to just be home link and up top */
+/* adjust sidebar to just be home link and up top */
/* panel width increased to fit full wiki name. */
+/* selectors other than final id are for increasing priority of rule */
div#mw-panel { top: 10px; padding-top: 0em; width: 20em }
div#footer, #mw-head-base, div#content { margin-left: 1em; }
#left-navigation { margin-left: 1em; }
/* logo, and toolbar hidden */
-#p-logo, #p-tb.portal {
+#p-logo, div#mw-navigation div#mw-panel #p-tb {
display:none;
}
-/* make the font size smaller for the misc stuff */
-#p-personal {
- font-size: 0.8em;
-}
-
-#footer-info {
- font-size: 0.8em;
-}
div#mw-content-text {
max-width: 720px;
}
""")
EOF
-python pwb.py ${mwfamily}_setup
+# this can spam a warning, so uniq it
+python pwb.py ${mwfamily}_setup |& uniq
# </source>
# <source lang="bash">
s=/etc/cron.daily/mediawiki_update
dd of=$s<<'EOF'
#!/bin/bash
source ~/mw_vars
-cd $mw
-git fetch --all
-git checkout origin/$mw_branch
-git rebase ian/REL1_23-toolbox-in-dropdown
-cd extensions
-for x in *; do
- if [[ -d $x ]]; then
- cd $x
- git fetch --all
- git checkout origin/$mw_branch || git checkout -qf origin/master
- cd ..
+update() {
+ dir=$1
+ cd $mw
+ [[ -d $dir ]] || return 1
+ cd $dir
+ branch=$(git describe --all)
+ branch=${branch#remotes/}
+ git fetch --all -q
+ new_head=$(git rev-parse $branch)
+ log=$(git log HEAD..$new_head)
+ if [[ ! $log ]]; then
+ return 1
fi
+ pwd
+ echo "$log"
+ git checkout -qf $new_head
+ cd $mw
+ return 0
+}
+for dir in extensions/* skins/* vendor; do
+ update "$dir" ||:
done
-php $mw/maintenance/update.php -q
-EOF
-chmod +x $s
-# </source>
-# <source lang="bash">
-# based on recommendation from install page
-if ! dpkg -s php5-gd &>/dev/null; then
- apt-get install -y php5-gd
- service apache2 restart
+if update .; then
+ curl "https://iankelling.org/git/?p=mediawiki-librejs-patch;a=blob_plain;f=mediawiki-1.28-librejs.patch;hb=HEAD" | patch -r - -N -p1
fi
-
-# docs suggests using separate database user
-mysql -u root -p$dbpass <<EOF
-GRANT ALL ON piwik.* TO 'piwik'@'localhost' IDENTIFIED BY '$piwik_pass';
-FLUSH PRIVILEGES;
-exit
-EOF
-php_ini=$(isdeb && echo /etc/php5/apache2/php.ini || echo /etc/php.ini)
-# based on the install page. however, ths option is changing with php7.0
-opt=always_populate_raw_post_data
-sed -ri "/^ *$opt\b/d;/^ *\[PHP\]/a $opt = -1" $php_ini
-service apache2 restart
-# </source>
-# <source lang="bash">
-git clone https://github.com/DaSchTour/piwik-mediawiki-extension.git $mw/extensions/Piwik
-mw-ext Piwik
-teeu $mwc <<EOF
-\$wgPiwikURL = '$mwdomain/analytics/';
-\$wgPiwikIDSite = '1';
+php $mw/maintenance/update.php -q --quick
EOF
+
# </source>