refactor(desudo): drop runtime root from docker_run, sqlite guards, restores
- docker_run: in rooted mode run docker AS the manager via the docker group (no sudo); the type=='sudo' branch was unreachable dead code - 8 db helpers: fix 'command -v sudo sqlite3' guard to 'command -v sqlite3' (bodies already query via runInstallOp) - restic/kopia single-file dump: write target_file via runBackupOp tee (as the backup user, matching the snapshot-restore path) instead of root tee - adguard auth: root-owned scratch via runSystem mktemp Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
parent
f13a5bc548
commit
21afae2eff
@ -17,7 +17,7 @@ authAdapter_adguard_setPassword() {
|
|||||||
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
|
[[ -z "$bcrypt" ]] && { isError "bcrypt failed."; return 1; }
|
||||||
|
|
||||||
local tmp
|
local tmp
|
||||||
tmp=$(sudo mktemp)
|
tmp=$(runSystem mktemp)
|
||||||
if ! runSystem awk -v u="$user" -v pw="$bcrypt" '
|
if ! runSystem awk -v u="$user" -v pw="$bcrypt" '
|
||||||
/^users:/ { in_users=1; print; next }
|
/^users:/ { in_users=1; print; next }
|
||||||
in_users && /^[^[:space:]-]/ { in_users=0 }
|
in_users && /^[^[:space:]-]/ { in_users=0 }
|
||||||
|
|||||||
@ -40,7 +40,7 @@ kopiaDumpFile()
|
|||||||
kopiaEnvExport "$idx" || return 1
|
kopiaEnvExport "$idx" || return 1
|
||||||
# `kopia show` writes the file contents from a snapshot to stdout.
|
# `kopia show` writes the file contents from a snapshot to stdout.
|
||||||
if [[ -n "$target_file" ]]; then
|
if [[ -n "$target_file" ]]; then
|
||||||
runBackupOp kopia show "${snapshot_id}:${file_path}" | sudo tee "$target_file" >/dev/null
|
runBackupOp kopia show "${snapshot_id}:${file_path}" | runBackupOp tee "$target_file" >/dev/null
|
||||||
else
|
else
|
||||||
runBackupOp kopia show "${snapshot_id}:${file_path}"
|
runBackupOp kopia show "${snapshot_id}:${file_path}"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -10,7 +10,7 @@ resticDumpFile()
|
|||||||
resticEnvExport "$idx" || return 1
|
resticEnvExport "$idx" || return 1
|
||||||
|
|
||||||
if [[ -n "$target_file" ]]; then
|
if [[ -n "$target_file" ]]; then
|
||||||
runBackupOp restic dump "$snapshot_id" "$file_path" | sudo tee "$target_file" >/dev/null
|
runBackupOp restic dump "$snapshot_id" "$file_path" | runBackupOp tee "$target_file" >/dev/null
|
||||||
else
|
else
|
||||||
runBackupOp restic dump "$snapshot_id" "$file_path"
|
runBackupOp restic dump "$snapshot_id" "$file_path"
|
||||||
fi
|
fi
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
databaseAppScan()
|
databaseAppScan()
|
||||||
{
|
{
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -9,7 +9,7 @@ databaseListInstalledApp()
|
|||||||
isNotice "App name is required. Usage: databaseListInstalledApp <app_name>"
|
isNotice "App name is required. Usage: databaseListInstalledApp <app_name>"
|
||||||
else
|
else
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
else
|
else
|
||||||
# Check if database file is available
|
# Check if database file is available
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
databaseListInstalledApps()
|
databaseListInstalledApps()
|
||||||
{
|
{
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -5,7 +5,7 @@ databaseUninstallApp()
|
|||||||
local app_name="$1"
|
local app_name="$1"
|
||||||
|
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -3,7 +3,7 @@
|
|||||||
# Function to check if we should run the update
|
# Function to check if we should run the update
|
||||||
checkIfOSUpdateShouldRun()
|
checkIfOSUpdateShouldRun()
|
||||||
{
|
{
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
elif [ ! -f "$docker_dir/$db_file" ]; then
|
elif [ ! -f "$docker_dir/$db_file" ]; then
|
||||||
isNotice "Database file not found: $docker_dir/$db_file"
|
isNotice "Database file not found: $docker_dir/$db_file"
|
||||||
|
|||||||
@ -11,7 +11,7 @@ databaseDisplayTables()
|
|||||||
|
|
||||||
while true; do
|
while true; do
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -6,7 +6,7 @@ databaseEmptyTable()
|
|||||||
isHeader "Empty Database Table"
|
isHeader "Empty Database Table"
|
||||||
|
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
@ -19,7 +19,7 @@ dockerCheckAppInstalled()
|
|||||||
package_status="not_installed"
|
package_status="not_installed"
|
||||||
fi
|
fi
|
||||||
elif [ "$flag" = "docker" ]; then
|
elif [ "$flag" = "docker" ]; then
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
package_status="not_installed"
|
package_status="not_installed"
|
||||||
elif [ ! -f "$docker_dir/$db_file" ]; then
|
elif [ ! -f "$docker_dir/$db_file" ]; then
|
||||||
package_status="not_installed"
|
package_status="not_installed"
|
||||||
|
|||||||
@ -1,17 +1,16 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
# Run a docker command-line string in the right context for the install mode.
|
||||||
|
# rootless -> as the docker install user (owns the rootless daemon + socket)
|
||||||
|
# rooted -> as the manager (in the docker group, talks to the root socket
|
||||||
|
# directly — no sudo)
|
||||||
dockerCommandRun()
|
dockerCommandRun()
|
||||||
{
|
{
|
||||||
local command="$1"
|
local command="$1"
|
||||||
local type="$2" # sudo
|
|
||||||
|
|
||||||
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
if [[ $CFG_DOCKER_INSTALL_TYPE == "rootless" ]]; then
|
||||||
dockerCommandRunInstallUser "$command"
|
dockerCommandRunInstallUser "$command"
|
||||||
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
|
elif [[ $CFG_DOCKER_INSTALL_TYPE == "rooted" ]]; then
|
||||||
if [[ $type == "sudo" ]]; then
|
|
||||||
sudo bash -c "$command"
|
|
||||||
else
|
|
||||||
bash -c "$command"
|
bash -c "$command"
|
||||||
fi
|
fi
|
||||||
fi
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -153,7 +153,7 @@ databaseSSHScanForKeys()
|
|||||||
local ssh_directory="$ssh_dir$CFG_DOCKER_MANAGER_USER"
|
local ssh_directory="$ssh_dir$CFG_DOCKER_MANAGER_USER"
|
||||||
|
|
||||||
# Check if sqlite3 is available
|
# Check if sqlite3 is available
|
||||||
if ! command -v sudo sqlite3 &> /dev/null; then
|
if ! command -v sqlite3 &> /dev/null; then
|
||||||
isNotice "sqlite3 command not found. Make sure it's installed."
|
isNotice "sqlite3 command not found. Make sure it's installed."
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user