ZaclysIndustries/searxngRebrandZaclys
2
0
Fork 0
forked from zaclys/searxng
Code Issues Pull requests Activity

LXC: normalize package installation & user creation.

Browse source 
utils/lib.sh:
- get DIST_ID & DIST_VERSION from /etc/os-release
- pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora

utils/lxc.sh
- Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error::
    'Set disable_coredump false' >> /etc/sudo.conf

utils/[searx.sh|filtron.sh|morty.sh]
- switched user creation from 'adduser' perl script to 'useradd' built-in
  command

utils/searx.sh
- install packages for ubuntu, debian, archlinux & fedora

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>
This commit is contained in:
Markus Heiser 2020-02-23 12:10:45 +01:00
parent e36e0f80ae
commit 5fb6d4f508
5 changed files with 96 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
utils/filtron.sh
View file

@ -106,7 +106,7 @@ main() {
rst_title "$SERVICE_NAME" part
required_commands \
dpkg apt-get install git wget curl \
sudo install git wget curl \
|| exit
local _usage="unknown or missing $1 command $2"
@ -231,9 +231,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section
echo
tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
--disabled-password --group --gecos 'Filtron' $SERVICE_USER
sudo -H usermod -a -G shadow $SERVICE_USER
useradd --shell /bin/bash --system \
--home-dir "$SERVICE_HOME" \
--comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER
EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

57
utils/lib.sh
View file

@ -3,6 +3,11 @@
# SPDX-License-Identifier: AGPL-3.0-or-later
# shellcheck disable=SC2059,SC1117
# ubuntu, debian, arch, fedora ...
DIST_ID=$(source /etc/os-release; echo $ID);
# shellcheck disable=SC2034
DIST_VERS=$(source /etc/os-release; echo $VERSION_ID);
ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
ADMIN_NAME="${ADMIN_NAME:-$USER}"
@ -54,7 +59,7 @@ sudo_or_exit() {
required_commands() {
# usage: requires_commands [cmd1 ...]
# usage: required_commands [cmd1 ...]
local exit_val=0
while [ -n "$1" ]; do
@ -787,9 +792,6 @@ uWSGI_disable_app() {
# distro's package manager
# ------------------------
#
# FIXME: Arch Linux & RHEL should be added
#
pkg_install() {
@ -801,8 +803,20 @@ pkg_install() {
if ! ask_yn "Should packages be installed?" Yn 30; then
return 42
fi
# shellcheck disable=SC2068
apt-get install -m -y $@
case $DIST_ID in
ubuntu|debian)
# shellcheck disable=SC2068
apt-get install -m -y $@
;;
arch)
# shellcheck disable=SC2068
pacman -S --noconfirm $@
;;
fedora)
# shellcheck disable=SC2068
dnf install -y $@
;;
esac
}
pkg_remove() {
@ -815,15 +829,40 @@ pkg_remove() {
if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
return 42
fi
apt-get purge --autoremove --ignore-missing -y "$@"
case $DIST_ID in
ubuntu|debian)
# shellcheck disable=SC2068
apt-get purge --autoremove --ignore-missing -y $@
;;
arch)
# shellcheck disable=SC2068
pacman -R --noconfirm $@
;;
fedora)
# shellcheck disable=SC2068
dnf remove -y $@
;;
esac
}
pkg_is_installed() {
# usage: pkg_is_install foopkg || pkg_install foopkg
dpkg -l "$1" &> /dev/null
return $?
case $DIST_ID in
ubuntu|debian)
dpkg -l "$1" &> /dev/null
return $?
;;
arch)
pacman -Qsq "$1" &> /dev/null
return $?
;;
fedora)
dnf list -q --installed "$1" &> /dev/null
return $?
;;
esac
}
# git tooling

11
utils/lxc.sh
View file

@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate"
# shellcheck disable=SC2034
archlinux_boilerplate="
pacman -Syu --noconfirm
pacman -S --noconfirm git curl wget
pacman -S --noconfirm git curl wget sudo
echo 'Set disable_coredump false' >> /etc/sudo.conf
"
# shellcheck disable=SC2034
fedora31_boilerplate="
dnf update -y
dnf install -y git curl wget
dnf install -y git curl wget hostname
echo 'Set disable_coredump false' >> /etc/sudo.conf
"
REMOTE_IMAGES=()
@ -162,7 +165,9 @@ main() {
lxc exec "${i}" -- "$@"
exit_val=$?
if [[ $exit_val -ne 0 ]]; then
err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
else
info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
fi
done
;;

10
utils/morty.sh
View file

@ -105,7 +105,7 @@ main() {
rst_title "$SERVICE_NAME" part
required_commands \
dpkg apt-get install git wget curl \
sudo install git wget curl \
|| exit
local _usage="ERROR: unknown or missing $1 command $2"
@ -224,9 +224,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section
echo
tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
--disabled-password --group --gecos 'Morty' $SERVICE_USER
sudo -H usermod -a -G shadow $SERVICE_USER
useradd --shell /bin/bash --system \
--home-dir "$SERVICE_HOME" \
--comment 'Web content sanitizer proxy' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER
EOF
SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

42
utils/searx.sh
View file

@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini"
# shellcheck disable=SC2034
SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
# FIXME: Arch Linux & RHEL should be added
SEARX_APT_PACKAGES="\
uwsgi uwsgi-plugin-python3 \
git build-essential \
libxslt-dev python3-dev python3-babel python3-venv \
zlib1g-dev libffi-dev libssl-dev \
"
case $DIST_ID in
ubuntu|debian) # apt packages
SEARX_PACKAGES="\
python3-dev python3-babel python3-venv \
uwsgi uwsgi-plugin-python3 \
git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev "
;;
arch) # pacman packages
SEARX_PACKAGES="\
python python-pip python-lxml python-babel \
uwsgi uwsgi-plugin-python \
git base-devel libxml2 "
;;
fedora) # dnf packages
SEARX_PACKAGES="\
python python-pip python-lxml python-babel \
uwsgi uwsgi-plugin-python3 \
git @development-tools libxml2 "
;;
esac
# Apache Settings
@ -72,7 +84,7 @@ usage() {
usage::
$(basename "$0") shell
$(basename "$0") install [all|user|pyenv|searx-src|apache]
$(basename "$0") install [all|user|searx-src|pyenv|apache]
$(basename "$0") update [searx]
$(basename "$0") remove [all|user|pyenv|searx-src]
$(basename "$0") activate [service]
@ -120,7 +132,7 @@ main() {
rst_title "$SEARX_INSTANCE_NAME" part
required_commands \
dpkg systemctl apt-get install git wget curl \
sudo systemctl install git wget curl \
|| exit
local _usage="unknown or missing $1 command $2"
@ -202,7 +214,7 @@ _service_prefix=" |$SERVICE_USER| "
install_all() {
rst_title "Install $SEARX_INSTANCE_NAME (service)"
pkg_install "$SEARX_APT_PACKAGES"
pkg_install "$SEARX_PACKAGES"
wait_key
assert_user
wait_key
@ -260,9 +272,11 @@ assert_user() {
rst_title "user $SERVICE_USER" section
echo
tee_stderr 1 <<EOF | bash | prefix_stdout
sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \
--disabled-password --group --gecos 'searx' $SERVICE_USER
sudo -H usermod -a -G shadow $SERVICE_USER
useradd --shell /bin/bash --system \
--home-dir "$SERVICE_HOME" \
--comment 'Privacy-respecting metasearch engine' $SERVICE_USER
mkdir "$SERVICE_HOME"
chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
groups $SERVICE_USER
EOF
#SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"