LXC: normalize package installation & user creation.

utils/lib.sh:
- get DIST_ID & DIST_VERSION from /etc/os-release
- pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora

utils/lxc.sh
- Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error::
    'Set disable_coredump false' >> /etc/sudo.conf

utils/[searx.sh|filtron.sh|morty.sh]
- switched user creation from 'adduser' perl script to 'useradd' built-in
  command

utils/searx.sh
- install packages for ubuntu, debian, archlinux & fedora

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2020-02-23 12:10:45 +01:00
parent e36e0f80ae
commit 5fb6d4f508
5 changed files with 96 additions and 34 deletions

View file

@ -106,7 +106,7 @@ main() {
rst_title "$SERVICE_NAME" part rst_title "$SERVICE_NAME" part
required_commands \ required_commands \
dpkg apt-get install git wget curl \ sudo install git wget curl \
|| exit || exit
local _usage="unknown or missing $1 command $2" local _usage="unknown or missing $1 command $2"
@ -231,9 +231,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section rst_title "user $SERVICE_USER" section
echo echo
tee_stderr 1 <<EOF | bash | prefix_stdout tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \ useradd --shell /bin/bash --system \
--disabled-password --group --gecos 'Filtron' $SERVICE_USER --home-dir "$SERVICE_HOME" \
sudo -H usermod -a -G shadow $SERVICE_USER --comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER groups $SERVICE_USER
EOF EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

View file

@ -3,6 +3,11 @@
# SPDX-License-Identifier: AGPL-3.0-or-later # SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC2059,SC1117 # shellcheck disable=SC2059,SC1117
# ubuntu, debian, arch, fedora ...
DIST_ID=$(source /etc/os-release; echo $ID);
# shellcheck disable=SC2034
DIST_VERS=$(source /etc/os-release; echo $VERSION_ID);
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}" ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
ADMIN_NAME="${ADMIN_NAME:-$USER}" ADMIN_NAME="${ADMIN_NAME:-$USER}"
@ -54,7 +59,7 @@ sudo_or_exit() {
required_commands() { required_commands() {
# usage: requires_commands [cmd1 ...] # usage: required_commands [cmd1 ...]
local exit_val=0 local exit_val=0
while [ -n "$1" ]; do while [ -n "$1" ]; do
@ -787,9 +792,6 @@ uWSGI_disable_app() {
# distro's package manager # distro's package manager
# ------------------------ # ------------------------
#
# FIXME: Arch Linux & RHEL should be added
#
pkg_install() { pkg_install() {
@ -801,8 +803,20 @@ pkg_install() {
if ! ask_yn "Should packages be installed?" Yn 30; then if ! ask_yn "Should packages be installed?" Yn 30; then
return 42 return 42
fi fi
case $DIST_ID in
ubuntu|debian)
# shellcheck disable=SC2068 # shellcheck disable=SC2068
apt-get install -m -y $@ apt-get install -m -y $@
;;
arch)
# shellcheck disable=SC2068
pacman -S --noconfirm $@
;;
fedora)
# shellcheck disable=SC2068
dnf install -y $@
;;
esac
} }
pkg_remove() { pkg_remove() {
@ -815,15 +829,40 @@ pkg_remove() {
if ! ask_yn "Should packages be removed (purge)?" Yn 30; then if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
return 42 return 42
fi fi
apt-get purge --autoremove --ignore-missing -y "$@" case $DIST_ID in
ubuntu|debian)
# shellcheck disable=SC2068
apt-get purge --autoremove --ignore-missing -y $@
;;
arch)
# shellcheck disable=SC2068
pacman -R --noconfirm $@
;;
fedora)
# shellcheck disable=SC2068
dnf remove -y $@
;;
esac
} }
pkg_is_installed() { pkg_is_installed() {
# usage: pkg_is_install foopkg || pkg_install foopkg # usage: pkg_is_install foopkg || pkg_install foopkg
case $DIST_ID in
ubuntu|debian)
dpkg -l "$1" &> /dev/null dpkg -l "$1" &> /dev/null
return $? return $?
;;
arch)
pacman -Qsq "$1" &> /dev/null
return $?
;;
fedora)
dnf list -q --installed "$1" &> /dev/null
return $?
;;
esac
} }
# git tooling # git tooling

View file

@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
archlinux_boilerplate=" archlinux_boilerplate="
pacman -Syu --noconfirm pacman -Syu --noconfirm
pacman -S --noconfirm git curl wget pacman -S --noconfirm git curl wget sudo
echo 'Set disable_coredump false' >> /etc/sudo.conf
" "
# shellcheck disable=SC2034
fedora31_boilerplate=" fedora31_boilerplate="
dnf update -y dnf update -y
dnf install -y git curl wget dnf install -y git curl wget hostname
echo 'Set disable_coredump false' >> /etc/sudo.conf
" "
REMOTE_IMAGES=() REMOTE_IMAGES=()
@ -162,7 +165,9 @@ main() {
lxc exec "${i}" -- "$@" lxc exec "${i}" -- "$@"
exit_val=$? exit_val=$?
if [[ $exit_val -ne 0 ]]; then if [[ $exit_val -ne 0 ]]; then
err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}" warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
else
info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
fi fi
done done
;; ;;

View file

@ -105,7 +105,7 @@ main() {
rst_title "$SERVICE_NAME" part rst_title "$SERVICE_NAME" part
required_commands \ required_commands \
dpkg apt-get install git wget curl \ sudo install git wget curl \
|| exit || exit
local _usage="ERROR: unknown or missing $1 command $2" local _usage="ERROR: unknown or missing $1 command $2"
@ -224,9 +224,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section rst_title "user $SERVICE_USER" section
echo echo
tee_stderr 1 <<EOF | bash | prefix_stdout tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \ useradd --shell /bin/bash --system \
--disabled-password --group --gecos 'Morty' $SERVICE_USER --home-dir "$SERVICE_HOME" \
sudo -H usermod -a -G shadow $SERVICE_USER --comment 'Web content sanitizer proxy' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER groups $SERVICE_USER
EOF EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

View file

@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini"
# shellcheck disable=SC2034 # shellcheck disable=SC2034
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket" SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
# FIXME: Arch Linux & RHEL should be added case $DIST_ID in
ubuntu|debian) # apt packages
SEARX_APT_PACKAGES="\ SEARX_PACKAGES="\
python3-dev python3-babel python3-venv \
uwsgi uwsgi-plugin-python3 \ uwsgi uwsgi-plugin-python3 \
git build-essential \ git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev "
libxslt-dev python3-dev python3-babel python3-venv \ ;;
zlib1g-dev libffi-dev libssl-dev \ arch) # pacman packages
" SEARX_PACKAGES="\
python python-pip python-lxml python-babel \
uwsgi uwsgi-plugin-python \
git base-devel libxml2 "
;;
fedora) # dnf packages
SEARX_PACKAGES="\
python python-pip python-lxml python-babel \
uwsgi uwsgi-plugin-python3 \
git @development-tools libxml2 "
;;
esac
# Apache Settings # Apache Settings
@ -72,7 +84,7 @@ usage() {
usage:: usage::
$(basename "$0") shell $(basename "$0") shell
$(basename "$0") install [all|user|pyenv|searx-src|apache] $(basename "$0") install [all|user|searx-src|pyenv|apache]
$(basename "$0") update [searx] $(basename "$0") update [searx]
$(basename "$0") remove [all|user|pyenv|searx-src] $(basename "$0") remove [all|user|pyenv|searx-src]
$(basename "$0") activate [service] $(basename "$0") activate [service]
@ -120,7 +132,7 @@ main() {
rst_title "$SEARX_INSTANCE_NAME" part rst_title "$SEARX_INSTANCE_NAME" part
required_commands \ required_commands \
dpkg systemctl apt-get install git wget curl \ sudo systemctl install git wget curl \
|| exit || exit
local _usage="unknown or missing $1 command $2" local _usage="unknown or missing $1 command $2"
@ -202,7 +214,7 @@ _service_prefix=" |$SERVICE_USER| "
install_all() { install_all() {
rst_title "Install $SEARX_INSTANCE_NAME (service)" rst_title "Install $SEARX_INSTANCE_NAME (service)"
pkg_install "$SEARX_APT_PACKAGES" pkg_install "$SEARX_PACKAGES"
wait_key wait_key
assert_user assert_user
wait_key wait_key
@ -260,9 +272,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section rst_title "user $SERVICE_USER" section
echo echo
tee_stderr 1 <<EOF | bash | prefix_stdout tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \ useradd --shell /bin/bash --system \
--disabled-password --group --gecos 'searx' $SERVICE_USER --home-dir "$SERVICE_HOME" \
sudo -H usermod -a -G shadow $SERVICE_USER --comment 'Privacy-respecting metasearch engine' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER groups $SERVICE_USER
EOF EOF
#SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" #SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"