forked from Ponysearch/Ponysearch
LXC: normalize package installation & user creation.
utils/lib.sh: - get DIST_ID & DIST_VERSION from /etc/os-release - pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora utils/lxc.sh - Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error:: 'Set disable_coredump false' >> /etc/sudo.conf utils/[searx.sh|filtron.sh|morty.sh] - switched user creation from 'adduser' perl script to 'useradd' built-in command utils/searx.sh - install packages for ubuntu, debian, archlinux & fedora Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
parent
e36e0f80ae
commit
5fb6d4f508
5 changed files with 96 additions and 34 deletions
|
@ -106,7 +106,7 @@ main() {
|
||||||
rst_title "$SERVICE_NAME" part
|
rst_title "$SERVICE_NAME" part
|
||||||
|
|
||||||
required_commands \
|
required_commands \
|
||||||
dpkg apt-get install git wget curl \
|
sudo install git wget curl \
|
||||||
|| exit
|
|| exit
|
||||||
|
|
||||||
local _usage="unknown or missing $1 command $2"
|
local _usage="unknown or missing $1 command $2"
|
||||||
|
@ -231,9 +231,11 @@ assert_user() {
|
||||||
rst_title "user $SERVICE_USER" section
|
rst_title "user $SERVICE_USER" section
|
||||||
echo
|
echo
|
||||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||||
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
|
useradd --shell /bin/bash --system \
|
||||||
--disabled-password --group --gecos 'Filtron' $SERVICE_USER
|
--home-dir "$SERVICE_HOME" \
|
||||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
--comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
|
||||||
|
mkdir "$SERVICE_HOME"
|
||||||
|
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||||
groups $SERVICE_USER
|
groups $SERVICE_USER
|
||||||
EOF
|
EOF
|
||||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||||
|
|
49
utils/lib.sh
49
utils/lib.sh
|
@ -3,6 +3,11 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
# shellcheck disable=SC2059,SC1117
|
# shellcheck disable=SC2059,SC1117
|
||||||
|
|
||||||
|
# ubuntu, debian, arch, fedora ...
|
||||||
|
DIST_ID=$(source /etc/os-release; echo $ID);
|
||||||
|
# shellcheck disable=SC2034
|
||||||
|
DIST_VERS=$(source /etc/os-release; echo $VERSION_ID);
|
||||||
|
|
||||||
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
|
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
|
||||||
ADMIN_NAME="${ADMIN_NAME:-$USER}"
|
ADMIN_NAME="${ADMIN_NAME:-$USER}"
|
||||||
|
|
||||||
|
@ -54,7 +59,7 @@ sudo_or_exit() {
|
||||||
|
|
||||||
required_commands() {
|
required_commands() {
|
||||||
|
|
||||||
# usage: requires_commands [cmd1 ...]
|
# usage: required_commands [cmd1 ...]
|
||||||
|
|
||||||
local exit_val=0
|
local exit_val=0
|
||||||
while [ -n "$1" ]; do
|
while [ -n "$1" ]; do
|
||||||
|
@ -787,9 +792,6 @@ uWSGI_disable_app() {
|
||||||
|
|
||||||
# distro's package manager
|
# distro's package manager
|
||||||
# ------------------------
|
# ------------------------
|
||||||
#
|
|
||||||
# FIXME: Arch Linux & RHEL should be added
|
|
||||||
#
|
|
||||||
|
|
||||||
pkg_install() {
|
pkg_install() {
|
||||||
|
|
||||||
|
@ -801,8 +803,20 @@ pkg_install() {
|
||||||
if ! ask_yn "Should packages be installed?" Yn 30; then
|
if ! ask_yn "Should packages be installed?" Yn 30; then
|
||||||
return 42
|
return 42
|
||||||
fi
|
fi
|
||||||
|
case $DIST_ID in
|
||||||
|
ubuntu|debian)
|
||||||
# shellcheck disable=SC2068
|
# shellcheck disable=SC2068
|
||||||
apt-get install -m -y $@
|
apt-get install -m -y $@
|
||||||
|
;;
|
||||||
|
arch)
|
||||||
|
# shellcheck disable=SC2068
|
||||||
|
pacman -S --noconfirm $@
|
||||||
|
;;
|
||||||
|
fedora)
|
||||||
|
# shellcheck disable=SC2068
|
||||||
|
dnf install -y $@
|
||||||
|
;;
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_remove() {
|
pkg_remove() {
|
||||||
|
@ -815,15 +829,40 @@ pkg_remove() {
|
||||||
if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
|
if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
|
||||||
return 42
|
return 42
|
||||||
fi
|
fi
|
||||||
apt-get purge --autoremove --ignore-missing -y "$@"
|
case $DIST_ID in
|
||||||
|
ubuntu|debian)
|
||||||
|
# shellcheck disable=SC2068
|
||||||
|
apt-get purge --autoremove --ignore-missing -y $@
|
||||||
|
;;
|
||||||
|
arch)
|
||||||
|
# shellcheck disable=SC2068
|
||||||
|
pacman -R --noconfirm $@
|
||||||
|
;;
|
||||||
|
fedora)
|
||||||
|
# shellcheck disable=SC2068
|
||||||
|
dnf remove -y $@
|
||||||
|
;;
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
pkg_is_installed() {
|
pkg_is_installed() {
|
||||||
|
|
||||||
# usage: pkg_is_install foopkg || pkg_install foopkg
|
# usage: pkg_is_install foopkg || pkg_install foopkg
|
||||||
|
|
||||||
|
case $DIST_ID in
|
||||||
|
ubuntu|debian)
|
||||||
dpkg -l "$1" &> /dev/null
|
dpkg -l "$1" &> /dev/null
|
||||||
return $?
|
return $?
|
||||||
|
;;
|
||||||
|
arch)
|
||||||
|
pacman -Qsq "$1" &> /dev/null
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
fedora)
|
||||||
|
dnf list -q --installed "$1" &> /dev/null
|
||||||
|
return $?
|
||||||
|
;;
|
||||||
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
# git tooling
|
# git tooling
|
||||||
|
|
11
utils/lxc.sh
11
utils/lxc.sh
|
@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate"
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
archlinux_boilerplate="
|
archlinux_boilerplate="
|
||||||
pacman -Syu --noconfirm
|
pacman -Syu --noconfirm
|
||||||
pacman -S --noconfirm git curl wget
|
pacman -S --noconfirm git curl wget sudo
|
||||||
|
echo 'Set disable_coredump false' >> /etc/sudo.conf
|
||||||
"
|
"
|
||||||
|
|
||||||
|
# shellcheck disable=SC2034
|
||||||
fedora31_boilerplate="
|
fedora31_boilerplate="
|
||||||
dnf update -y
|
dnf update -y
|
||||||
dnf install -y git curl wget
|
dnf install -y git curl wget hostname
|
||||||
|
echo 'Set disable_coredump false' >> /etc/sudo.conf
|
||||||
"
|
"
|
||||||
|
|
||||||
REMOTE_IMAGES=()
|
REMOTE_IMAGES=()
|
||||||
|
@ -162,7 +165,9 @@ main() {
|
||||||
lxc exec "${i}" -- "$@"
|
lxc exec "${i}" -- "$@"
|
||||||
exit_val=$?
|
exit_val=$?
|
||||||
if [[ $exit_val -ne 0 ]]; then
|
if [[ $exit_val -ne 0 ]]; then
|
||||||
err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
||||||
|
else
|
||||||
|
info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -105,7 +105,7 @@ main() {
|
||||||
rst_title "$SERVICE_NAME" part
|
rst_title "$SERVICE_NAME" part
|
||||||
|
|
||||||
required_commands \
|
required_commands \
|
||||||
dpkg apt-get install git wget curl \
|
sudo install git wget curl \
|
||||||
|| exit
|
|| exit
|
||||||
|
|
||||||
local _usage="ERROR: unknown or missing $1 command $2"
|
local _usage="ERROR: unknown or missing $1 command $2"
|
||||||
|
@ -224,9 +224,11 @@ assert_user() {
|
||||||
rst_title "user $SERVICE_USER" section
|
rst_title "user $SERVICE_USER" section
|
||||||
echo
|
echo
|
||||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||||
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
|
useradd --shell /bin/bash --system \
|
||||||
--disabled-password --group --gecos 'Morty' $SERVICE_USER
|
--home-dir "$SERVICE_HOME" \
|
||||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
--comment 'Web content sanitizer proxy' $SERVICE_USER
|
||||||
|
mkdir "$SERVICE_HOME"
|
||||||
|
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||||
groups $SERVICE_USER
|
groups $SERVICE_USER
|
||||||
EOF
|
EOF
|
||||||
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||||
|
|
|
@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini"
|
||||||
# shellcheck disable=SC2034
|
# shellcheck disable=SC2034
|
||||||
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
|
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
|
||||||
|
|
||||||
# FIXME: Arch Linux & RHEL should be added
|
case $DIST_ID in
|
||||||
|
ubuntu|debian) # apt packages
|
||||||
SEARX_APT_PACKAGES="\
|
SEARX_PACKAGES="\
|
||||||
|
python3-dev python3-babel python3-venv \
|
||||||
uwsgi uwsgi-plugin-python3 \
|
uwsgi uwsgi-plugin-python3 \
|
||||||
git build-essential \
|
git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev "
|
||||||
libxslt-dev python3-dev python3-babel python3-venv \
|
;;
|
||||||
zlib1g-dev libffi-dev libssl-dev \
|
arch) # pacman packages
|
||||||
"
|
SEARX_PACKAGES="\
|
||||||
|
python python-pip python-lxml python-babel \
|
||||||
|
uwsgi uwsgi-plugin-python \
|
||||||
|
git base-devel libxml2 "
|
||||||
|
;;
|
||||||
|
fedora) # dnf packages
|
||||||
|
SEARX_PACKAGES="\
|
||||||
|
python python-pip python-lxml python-babel \
|
||||||
|
uwsgi uwsgi-plugin-python3 \
|
||||||
|
git @development-tools libxml2 "
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
# Apache Settings
|
# Apache Settings
|
||||||
|
|
||||||
|
@ -72,7 +84,7 @@ usage() {
|
||||||
usage::
|
usage::
|
||||||
|
|
||||||
$(basename "$0") shell
|
$(basename "$0") shell
|
||||||
$(basename "$0") install [all|user|pyenv|searx-src|apache]
|
$(basename "$0") install [all|user|searx-src|pyenv|apache]
|
||||||
$(basename "$0") update [searx]
|
$(basename "$0") update [searx]
|
||||||
$(basename "$0") remove [all|user|pyenv|searx-src]
|
$(basename "$0") remove [all|user|pyenv|searx-src]
|
||||||
$(basename "$0") activate [service]
|
$(basename "$0") activate [service]
|
||||||
|
@ -120,7 +132,7 @@ main() {
|
||||||
rst_title "$SEARX_INSTANCE_NAME" part
|
rst_title "$SEARX_INSTANCE_NAME" part
|
||||||
|
|
||||||
required_commands \
|
required_commands \
|
||||||
dpkg systemctl apt-get install git wget curl \
|
sudo systemctl install git wget curl \
|
||||||
|| exit
|
|| exit
|
||||||
|
|
||||||
local _usage="unknown or missing $1 command $2"
|
local _usage="unknown or missing $1 command $2"
|
||||||
|
@ -202,7 +214,7 @@ _service_prefix=" |$SERVICE_USER| "
|
||||||
|
|
||||||
install_all() {
|
install_all() {
|
||||||
rst_title "Install $SEARX_INSTANCE_NAME (service)"
|
rst_title "Install $SEARX_INSTANCE_NAME (service)"
|
||||||
pkg_install "$SEARX_APT_PACKAGES"
|
pkg_install "$SEARX_PACKAGES"
|
||||||
wait_key
|
wait_key
|
||||||
assert_user
|
assert_user
|
||||||
wait_key
|
wait_key
|
||||||
|
@ -260,9 +272,11 @@ assert_user() {
|
||||||
rst_title "user $SERVICE_USER" section
|
rst_title "user $SERVICE_USER" section
|
||||||
echo
|
echo
|
||||||
tee_stderr 1 <<EOF | bash | prefix_stdout
|
tee_stderr 1 <<EOF | bash | prefix_stdout
|
||||||
sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \
|
useradd --shell /bin/bash --system \
|
||||||
--disabled-password --group --gecos 'searx' $SERVICE_USER
|
--home-dir "$SERVICE_HOME" \
|
||||||
sudo -H usermod -a -G shadow $SERVICE_USER
|
--comment 'Privacy-respecting metasearch engine' $SERVICE_USER
|
||||||
|
mkdir "$SERVICE_HOME"
|
||||||
|
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
|
||||||
groups $SERVICE_USER
|
groups $SERVICE_USER
|
||||||
EOF
|
EOF
|
||||||
#SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
#SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"
|
||||||
|
|
Loading…
Reference in a new issue