diff options
| author | Markus Heiser <markus.heiser@darmarit.de> | 2020-02-23 12:10:45 +0100 |
|---|---|---|
| committer | Markus Heiser <markus.heiser@darmarit.de> | 2020-02-23 12:10:45 +0100 |
| commit | 5fb6d4f508d9744a8d82160ca184729514bc18c8 (patch) | |
| tree | 8b96368ef9b097bfe2b908dd2b56026f1b637c25 | |
| parent | e36e0f80aeec5d513b0bf8d4e4dc94c9fa4d98b4 (diff) | |
| download | searxng-5fb6d4f508d9744a8d82160ca184729514bc18c8.tar.gz searxng-5fb6d4f508d9744a8d82160ca184729514bc18c8.zip | |
LXC: normalize package installation & user creation.
utils/lib.sh:
- get DIST_ID & DIST_VERSION from /etc/os-release
- pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora
utils/lxc.sh
- Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error::
'Set disable_coredump false' >> /etc/sudo.conf
utils/[searx.sh|filtron.sh|morty.sh]
- switched user creation from 'adduser' perl script to 'useradd' built-in
command
utils/searx.sh
- install packages for ubuntu, debian, archlinux & fedora
Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
| -rwxr-xr-x | utils/filtron.sh | 10 | ||||
| -rwxr-xr-x | utils/lib.sh | 57 | ||||
| -rwxr-xr-x | utils/lxc.sh | 11 | ||||
| -rwxr-xr-x | utils/morty.sh | 10 | ||||
| -rwxr-xr-x | utils/searx.sh | 42 |
5 files changed, 96 insertions, 34 deletions
diff --git a/utils/filtron.sh b/utils/filtron.sh index 2d2270812..ba284787e 100755 --- a/utils/filtron.sh +++ b/utils/filtron.sh @@ -106,7 +106,7 @@ main() { rst_title "$SERVICE_NAME" part required_commands \ - dpkg apt-get install git wget curl \ + sudo install git wget curl \ || exit local _usage="unknown or missing $1 command $2" @@ -231,9 +231,11 @@ assert_user() { rst_title "user $SERVICE_USER" section echo tee_stderr 1 <<EOF | bash | prefix_stdout -sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \ - --disabled-password --group --gecos 'Filtron' $SERVICE_USER -sudo -H usermod -a -G shadow $SERVICE_USER +useradd --shell /bin/bash --system \ + --home-dir "$SERVICE_HOME" \ + --comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER +mkdir "$SERVICE_HOME" +chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME" groups $SERVICE_USER EOF SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" diff --git a/utils/lib.sh b/utils/lib.sh index a045c91a8..c3707d580 100755 --- a/utils/lib.sh +++ b/utils/lib.sh @@ -3,6 +3,11 @@ # SPDX-License-Identifier: AGPL-3.0-or-later # shellcheck disable=SC2059,SC1117 +# ubuntu, debian, arch, fedora ... +DIST_ID=$(source /etc/os-release; echo $ID); +# shellcheck disable=SC2034 +DIST_VERS=$(source /etc/os-release; echo $VERSION_ID); + ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}" ADMIN_NAME="${ADMIN_NAME:-$USER}" @@ -54,7 +59,7 @@ sudo_or_exit() { required_commands() { - # usage: requires_commands [cmd1 ...] + # usage: required_commands [cmd1 ...] local exit_val=0 while [ -n "$1" ]; do @@ -787,9 +792,6 @@ uWSGI_disable_app() { # distro's package manager # ------------------------ -# -# FIXME: Arch Linux & RHEL should be added -# pkg_install() { @@ -801,8 +803,20 @@ pkg_install() { if ! ask_yn "Should packages be installed?" Yn 30; then return 42 fi - # shellcheck disable=SC2068 - apt-get install -m -y $@ + case $DIST_ID in + ubuntu|debian) + # shellcheck disable=SC2068 + apt-get install -m -y $@ + ;; + arch) + # shellcheck disable=SC2068 + pacman -S --noconfirm $@ + ;; + fedora) + # shellcheck disable=SC2068 + dnf install -y $@ + ;; + esac } pkg_remove() { @@ -815,15 +829,40 @@ pkg_remove() { if ! ask_yn "Should packages be removed (purge)?" Yn 30; then return 42 fi - apt-get purge --autoremove --ignore-missing -y "$@" + case $DIST_ID in + ubuntu|debian) + # shellcheck disable=SC2068 + apt-get purge --autoremove --ignore-missing -y $@ + ;; + arch) + # shellcheck disable=SC2068 + pacman -R --noconfirm $@ + ;; + fedora) + # shellcheck disable=SC2068 + dnf remove -y $@ + ;; + esac } pkg_is_installed() { # usage: pkg_is_install foopkg || pkg_install foopkg - dpkg -l "$1" &> /dev/null - return $? + case $DIST_ID in + ubuntu|debian) + dpkg -l "$1" &> /dev/null + return $? + ;; + arch) + pacman -Qsq "$1" &> /dev/null + return $? + ;; + fedora) + dnf list -q --installed "$1" &> /dev/null + return $? + ;; + esac } # git tooling diff --git a/utils/lxc.sh b/utils/lxc.sh index 08205d374..8020b1346 100755 --- a/utils/lxc.sh +++ b/utils/lxc.sh @@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate" # shellcheck disable=SC2034 archlinux_boilerplate=" pacman -Syu --noconfirm -pacman -S --noconfirm git curl wget +pacman -S --noconfirm git curl wget sudo +echo 'Set disable_coredump false' >> /etc/sudo.conf " +# shellcheck disable=SC2034 fedora31_boilerplate=" dnf update -y -dnf install -y git curl wget +dnf install -y git curl wget hostname +echo 'Set disable_coredump false' >> /etc/sudo.conf " REMOTE_IMAGES=() @@ -162,7 +165,9 @@ main() { lxc exec "${i}" -- "$@" exit_val=$? if [[ $exit_val -ne 0 ]]; then - err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}" + warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}" + else + info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}" fi done ;; diff --git a/utils/morty.sh b/utils/morty.sh index bd4ad5901..37ee87edf 100755 --- a/utils/morty.sh +++ b/utils/morty.sh @@ -105,7 +105,7 @@ main() { rst_title "$SERVICE_NAME" part required_commands \ - dpkg apt-get install git wget curl \ + sudo install git wget curl \ || exit local _usage="ERROR: unknown or missing $1 command $2" @@ -224,9 +224,11 @@ assert_user() { rst_title "user $SERVICE_USER" section echo tee_stderr 1 <<EOF | bash | prefix_stdout -sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \ - --disabled-password --group --gecos 'Morty' $SERVICE_USER -sudo -H usermod -a -G shadow $SERVICE_USER +useradd --shell /bin/bash --system \ + --home-dir "$SERVICE_HOME" \ + --comment 'Web content sanitizer proxy' $SERVICE_USER +mkdir "$SERVICE_HOME" +chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME" groups $SERVICE_USER EOF SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" diff --git a/utils/searx.sh b/utils/searx.sh index 1b9bfd42c..0d011ef0a 100755 --- a/utils/searx.sh +++ b/utils/searx.sh @@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini" # shellcheck disable=SC2034 SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket" -# FIXME: Arch Linux & RHEL should be added - -SEARX_APT_PACKAGES="\ - uwsgi uwsgi-plugin-python3 \ - git build-essential \ - libxslt-dev python3-dev python3-babel python3-venv \ - zlib1g-dev libffi-dev libssl-dev \ -" +case $DIST_ID in + ubuntu|debian) # apt packages + SEARX_PACKAGES="\ + python3-dev python3-babel python3-venv \ + uwsgi uwsgi-plugin-python3 \ + git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev " + ;; + arch) # pacman packages + SEARX_PACKAGES="\ + python python-pip python-lxml python-babel \ + uwsgi uwsgi-plugin-python \ + git base-devel libxml2 " + ;; + fedora) # dnf packages + SEARX_PACKAGES="\ + python python-pip python-lxml python-babel \ + uwsgi uwsgi-plugin-python3 \ + git @development-tools libxml2 " + ;; +esac # Apache Settings @@ -72,7 +84,7 @@ usage() { usage:: $(basename "$0") shell - $(basename "$0") install [all|user|pyenv|searx-src|apache] + $(basename "$0") install [all|user|searx-src|pyenv|apache] $(basename "$0") update [searx] $(basename "$0") remove [all|user|pyenv|searx-src] $(basename "$0") activate [service] @@ -120,7 +132,7 @@ main() { rst_title "$SEARX_INSTANCE_NAME" part required_commands \ - dpkg systemctl apt-get install git wget curl \ + sudo systemctl install git wget curl \ || exit local _usage="unknown or missing $1 command $2" @@ -202,7 +214,7 @@ _service_prefix=" |$SERVICE_USER| " install_all() { rst_title "Install $SEARX_INSTANCE_NAME (service)" - pkg_install "$SEARX_APT_PACKAGES" + pkg_install "$SEARX_PACKAGES" wait_key assert_user wait_key @@ -260,9 +272,11 @@ assert_user() { rst_title "user $SERVICE_USER" section echo tee_stderr 1 <<EOF | bash | prefix_stdout -sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \ - --disabled-password --group --gecos 'searx' $SERVICE_USER -sudo -H usermod -a -G shadow $SERVICE_USER +useradd --shell /bin/bash --system \ + --home-dir "$SERVICE_HOME" \ + --comment 'Privacy-respecting metasearch engine' $SERVICE_USER +mkdir "$SERVICE_HOME" +chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME" groups $SERVICE_USER EOF #SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)" |