fix(desudo): manager->self sudo drops -> runAsManager (scoped-sudoers safe)

The scoped sudoers grants the manager (root) and (dockerinstall) but NOT
(itself), so the many 'sudo -u $sudo_user_name <cmd>' calls (crontab,
git/update, reinstall, swapfile, …) failed with 'a password is required'
once per CLI command. runAsManager runs the command plainly when already
the manager (the runtime case) and only sudo -u's when root (install
time), so it's correct in both contexts and needs no sudoers self-grant.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-24 18:40:19 +01:00
parent 4f2fd251fa
commit 6bb04533fa
17 changed files with 55 additions and 55 deletions

View File

@ -4,7 +4,7 @@ checkCrontabRequirement()
{ {
if [[ $CFG_REQUIREMENT_CRONTAB == "true" ]]; then if [[ $CFG_REQUIREMENT_CRONTAB == "true" ]]; then
### Crontab ### Crontab
if [[ "$ISCRON" != *"command not found"* ]] && sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "cron is set up for $sudo_user_name"; then if [[ "$ISCRON" != *"command not found"* ]] && runAsManager crontab -l 2>/dev/null | grep -q "cron is set up for $sudo_user_name"; then
isSuccessful "Crontab is successfully set up." isSuccessful "Crontab is successfully set up."
CRONTAB_SETUP="true" CRONTAB_SETUP="true"
else else

View File

@ -5,14 +5,14 @@
# backup task per enabled app for the processor to drain serially. # backup task per enabled app for the processor to drain serially.
crontabSetupBackupScheduler() crontabSetupBackupScheduler()
{ {
local ISCRON=$( (sudo -u $sudo_user_name crontab -l) 2>/dev/null ) local ISCRON=$( (runAsManager crontab -l) 2>/dev/null )
if [[ "$ISCRON" == *"command not found"* ]]; then if [[ "$ISCRON" == *"command not found"* ]]; then
isNotice "Crontab is not found. Unable to set up the backup scheduler." isNotice "Crontab is not found. Unable to set up the backup scheduler."
return 0 return 0
fi fi
if ! sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "cron is set up for $sudo_user_name"; then if ! runAsManager crontab -l 2>/dev/null | grep -q "cron is set up for $sudo_user_name"; then
isNotice "Crontab is not set up, skipping backup scheduler until it's found." isNotice "Crontab is not set up, skipping backup scheduler until it's found."
return 0 return 0
fi fi
@ -22,8 +22,8 @@ crontabSetupBackupScheduler()
# Drop any previous scheduler entry, then re-add the current one so a # Drop any previous scheduler entry, then re-add the current one so a
# changed schedule (CFG_BACKUP_CRONTAB_APP) always takes effect. # changed schedule (CFG_BACKUP_CRONTAB_APP) always takes effect.
local result=$(sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -v "$marker" | sudo -u $sudo_user_name crontab -) local result=$(runAsManager crontab -l 2>/dev/null | grep -v "$marker" | runAsManager crontab -)
local result=$( (sudo -u $sudo_user_name crontab -l 2>/dev/null; echo "$scheduler_entry") | sudo -u $sudo_user_name crontab - ) local result=$( (runAsManager crontab -l 2>/dev/null; echo "$scheduler_entry") | runAsManager crontab - )
checkSuccess "Installing the daily backup scheduler entry" checkSuccess "Installing the daily backup scheduler entry"
local schedule_time=$(echo "$CFG_BACKUP_CRONTAB_APP" | cut -d' ' -f2) local schedule_time=$(echo "$CFG_BACKUP_CRONTAB_APP" | cut -d' ' -f2)

View File

@ -7,14 +7,14 @@ installCrontab()
isHeader "Crontab Install" isHeader "Crontab Install"
# Check to see if already installed # Check to see if already installed
ISCRON=$( (sudo -u $sudo_user_name crontab -l) 2>&1 ) ISCRON=$( (runAsManager crontab -l) 2>&1 )
if [[ "$ISCRON" == *"command not found"* ]]; then if [[ "$ISCRON" == *"command not found"* ]]; then
isNotice "Crontab is not installed, setting up now." isNotice "Crontab is not installed, setting up now."
local result=$(runSystem apt update) local result=$(runSystem apt update)
checkSuccess "Updating apt for post installation" checkSuccess "Updating apt for post installation"
local result=$(runSystem apt install cron -y) local result=$(runSystem apt install cron -y)
isSuccessful "Installing crontab application" isSuccessful "Installing crontab application"
local result=$(sudo -u $sudo_user_name crontab -l) local result=$(runAsManager crontab -l)
isSuccessful "Enabling crontab on the system" isSuccessful "Enabling crontab on the system"
fi fi

View File

@ -3,10 +3,10 @@
crontabSetup() crontabSetup()
{ {
local search_line="# cron is set up for $sudo_user_name" local search_line="# cron is set up for $sudo_user_name"
local cron_output=$(sudo -u $sudo_user_name crontab -l 2>/dev/null) local cron_output=$(runAsManager crontab -l 2>/dev/null)
if [[ ! $cron_output == *"$search_line"* ]]; then if [[ ! $cron_output == *"$search_line"* ]]; then
local result=$( (sudo -u $sudo_user_name crontab -l 2>/dev/null; echo "# cron is set up for $sudo_user_name") | sudo -u $sudo_user_name crontab - 2>/dev/null ) local result=$( (runAsManager crontab -l 2>/dev/null; echo "# cron is set up for $sudo_user_name") | runAsManager crontab - 2>/dev/null )
checkSuccess "Setting up Crontab for $sudo_user_name user" checkSuccess "Setting up Crontab for $sudo_user_name user"
fi fi

View File

@ -5,11 +5,11 @@ crontabSetupSystemInfoUpdater()
local cronEntry="* * * * * libreportal webui generate system >/dev/null 2>&1" local cronEntry="* * * * * libreportal webui generate system >/dev/null 2>&1"
# Check if already in crontab # Check if already in crontab
if sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "libreportal webui generate system"; then if runAsManager crontab -l 2>/dev/null | grep -q "libreportal webui generate system"; then
isNotice "System info updater already in crontab" isNotice "System info updater already in crontab"
else else
# Add to crontab # Add to crontab
(sudo -u $sudo_user_name crontab -l 2>/dev/null; echo "$cronEntry") | sudo -u $sudo_user_name crontab - (runAsManager crontab -l 2>/dev/null; echo "$cronEntry") | runAsManager crontab -
isSuccessful "System info updater added to crontab (every 1 minute)." isSuccessful "System info updater added to crontab (every 1 minute)."
fi fi
} }

View File

@ -16,11 +16,11 @@ crontabSetupCheckProcessor()
local cronEntry="*/5 * * * * $task_check_script start_script" local cronEntry="*/5 * * * * $task_check_script start_script"
# Check if already in crontab # Check if already in crontab
if sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "crontab_check_processor.sh"; then if runAsManager crontab -l 2>/dev/null | grep -q "crontab_check_processor.sh"; then
isNotice "Task process checker already in crontab" isNotice "Task process checker already in crontab"
else else
# Add to crontab # Add to crontab
(sudo -u $sudo_user_name crontab -l 2>/dev/null; echo "$cronEntry") | sudo -u $sudo_user_name crontab - (runAsManager crontab -l 2>/dev/null; echo "$cronEntry") | runAsManager crontab -
isSuccessful "Continuous task process checker added to crontab." isSuccessful "Continuous task process checker added to crontab."
fi fi
} }

View File

@ -16,11 +16,11 @@ crontabSetupTaskProcessor()
local cronEntry="* * * * * $task_processor_script start_script" local cronEntry="* * * * * $task_processor_script start_script"
# Check if already in crontab # Check if already in crontab
if sudo -u $sudo_user_name crontab -l 2>/dev/null | grep -q "crontab_task_processor.sh"; then if runAsManager crontab -l 2>/dev/null | grep -q "crontab_task_processor.sh"; then
isNotice "Task processor already in crontab" isNotice "Task processor already in crontab"
else else
# Add to crontab # Add to crontab
(sudo -u $sudo_user_name crontab -l 2>/dev/null; echo "$cronEntry") | sudo -u $sudo_user_name crontab - (runAsManager crontab -l 2>/dev/null; echo "$cronEntry") | runAsManager crontab -
isSuccessful "Continuous task processor added to crontab." isSuccessful "Continuous task processor added to crontab."
fi fi
} }

View File

@ -59,7 +59,7 @@ installDockerRootless()
local result=$(echo "kernel.unprivileged_userns_clone=1" | sudo tee -a $sysctl > /dev/null) local result=$(echo "kernel.unprivileged_userns_clone=1" | sudo tee -a $sysctl > /dev/null)
checkSuccess "Adding kernel.unprivileged_userns_clone=1 to $sysctl..." checkSuccess "Adding kernel.unprivileged_userns_clone=1 to $sysctl..."
local result=$(runSystem sysctl --system) local result=$(runSystem sysctl --system)
checkSuccess "Running sudo -u $sudo_user_name sysctl --system..." checkSuccess "Running runAsManager sysctl --system..."
fi fi
fi fi

View File

@ -17,7 +17,7 @@ runReinstall()
gitCheckGitDetails; gitCheckGitDetails;
# Reset git # Reset git
local result=$(sudo -u $sudo_user_name rm -rf $script_dir) local result=$(runAsManager rm -rf $script_dir)
checkSuccess "Deleting all Git files" checkSuccess "Deleting all Git files"
local result=$(createFolders "loud" $sudo_user_name "$script_dir") local result=$(createFolders "loud" $sudo_user_name "$script_dir")
checkSuccess "Create the directory if it doesn't exist" checkSuccess "Create the directory if it doesn't exist"
@ -63,7 +63,7 @@ runReinstall()
AUTH_HTTP_REPO_URL="http://${CFG_GIT_USER}:${CFG_GIT_KEY}@${CLEAN_GIT_URL}.git" AUTH_HTTP_REPO_URL="http://${CFG_GIT_USER}:${CFG_GIT_KEY}@${CLEAN_GIT_URL}.git"
# Try HTTPS first # Try HTTPS first
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTPS_REPO_URL" "/docker/install" 2>/dev/null; then if runAsManager git clone -q "$AUTH_HTTPS_REPO_URL" "/docker/install" 2>/dev/null; then
runSystem cp -f /docker/install/init.sh /root/ runSystem cp -f /docker/install/init.sh /root/
echo "SUCCESS: Git repository cloned via HTTPS into /docker/install." echo "SUCCESS: Git repository cloned via HTTPS into /docker/install."
echo "" echo ""
@ -71,7 +71,7 @@ runReinstall()
echo "" echo ""
else else
# If HTTPS fails, try HTTP # If HTTPS fails, try HTTP
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTP_REPO_URL" "/docker/install" 2>/dev/null; then if runAsManager git clone -q "$AUTH_HTTP_REPO_URL" "/docker/install" 2>/dev/null; then
runSystem cp -f /docker/install/init.sh /root/ runSystem cp -f /docker/install/init.sh /root/
echo "SUCCESS: Git repository cloned via HTTP into /docker/install." echo "SUCCESS: Git repository cloned via HTTP into /docker/install."
echo "" echo ""

View File

@ -24,7 +24,7 @@ crowdsecToggleLibrePortalLogMounts() {
if runFileOp docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^libreportal-service$'; then if runFileOp docker ps --format '{{.Names}}' 2>/dev/null | grep -q '^libreportal-service$'; then
isNotice "Recreating libreportal so log mount toggle takes effect..." isNotice "Recreating libreportal so log mount toggle takes effect..."
( cd /docker/containers/libreportal && sudo -u libreportal docker compose up -d >/dev/null 2>&1 ) || true ( cd /docker/containers/libreportal && runAsManager docker compose up -d >/dev/null 2>&1 ) || true
fi fi
} }

View File

@ -5,22 +5,22 @@ installSwapfile()
if [[ "$CFG_REQUIREMENT_SWAPFILE" == "true" ]]; then if [[ "$CFG_REQUIREMENT_SWAPFILE" == "true" ]]; then
if [ ! -f "$swap_file" ]; then if [ ! -f "$swap_file" ]; then
isHeader "Increasing Swapfile" isHeader "Increasing Swapfile"
ISSWAP=$( (sudo -u $sudo_user_name swapoff /swapfile) 2>&1 ) ISSWAP=$( (runAsManager swapoff /swapfile) 2>&1 )
if [[ "$ISSWAP" != *"No such file or directory"* ]]; then if [[ "$ISSWAP" != *"No such file or directory"* ]]; then
local result=$(sudo -u $sudo_user_name swapoff /swapfile) local result=$(runAsManager swapoff /swapfile)
isSuccessful "Turning off /swapfile (if needed)" isSuccessful "Turning off /swapfile (if needed)"
fi fi
local result=$(sudo -u $sudo_user_name fallocate -l $CFG_SWAPFILE_SIZE /swapfile) local result=$(runAsManager fallocate -l $CFG_SWAPFILE_SIZE /swapfile)
checkSuccess "Allocating $CFG_SWAPFILE_SIZE to the /swapfile" checkSuccess "Allocating $CFG_SWAPFILE_SIZE to the /swapfile"
local result=$(sudo chmod 0600 /swapfile) local result=$(sudo chmod 0600 /swapfile)
checkSuccess "Adding permissions to the /swapfile" checkSuccess "Adding permissions to the /swapfile"
local result=$(sudo -u $sudo_user_name mkswap /swapfile) local result=$(runAsManager mkswap /swapfile)
checkSuccess "Swapping to the new /swapfile" checkSuccess "Swapping to the new /swapfile"
local result=$(sudo -u $sudo_user_name swapon /swapfile) local result=$(runAsManager swapon /swapfile)
checkSuccess "Enabling the new /swapfile" checkSuccess "Enabling the new /swapfile"
fi fi
fi fi

View File

@ -32,7 +32,7 @@ gitPerformUpdate()
local result=$(copyFolders "$backup_install_dir/$backupFolder/" "$docker_dir" "$sudo_user_name") local result=$(copyFolders "$backup_install_dir/$backupFolder/" "$docker_dir" "$sudo_user_name")
checkSuccess "Copy the backed up folders back into the installation directory" checkSuccess "Copy the backed up folders back into the installation directory"
local result=$(sudo -u $sudo_user_name zip -r "$backup_install_dir/$backupFolder.zip" "$backup_install_dir/$backupFolder") local result=$(runAsManager zip -r "$backup_install_dir/$backupFolder.zip" "$backup_install_dir/$backupFolder")
checkSuccess "Zipping up the the backup folder for safe keeping" checkSuccess "Zipping up the the backup folder for safe keeping"
gitCleanInstallBackups; gitCleanInstallBackups;

View File

@ -44,16 +44,16 @@ webuiRunUpdate()
fi fi
cd "$script_dir" || { isError "Cannot access the install directory ($script_dir)."; return 1; } cd "$script_dir" || { isError "Cannot access the install directory ($script_dir)."; return 1; }
sudo -u "$sudo_user_name" git config core.fileMode false runAsManager git config core.fileMode false
# Force a fresh fetch + status write so the decision below (and the badge) # Force a fresh fetch + status write so the decision below (and the badge)
# reflect reality right now, not a stale throttled snapshot. # reflect reality right now, not a stale throttled snapshot.
webuiSystemUpdateCheck "force" webuiSystemUpdateCheck "force"
local branch behind local branch behind
branch=$(sudo -u "$sudo_user_name" git -C "$script_dir" rev-parse --abbrev-ref HEAD 2>/dev/null) branch=$(runAsManager git -C "$script_dir" rev-parse --abbrev-ref HEAD 2>/dev/null)
[[ -z "$branch" || "$branch" == "HEAD" ]] && branch="main" [[ -z "$branch" || "$branch" == "HEAD" ]] && branch="main"
behind=$(sudo -u "$sudo_user_name" git -C "$script_dir" rev-list --count "HEAD..refs/remotes/origin/$branch" 2>/dev/null) behind=$(runAsManager git -C "$script_dir" rev-list --count "HEAD..refs/remotes/origin/$branch" 2>/dev/null)
[[ -z "$behind" ]] && behind=0 [[ -z "$behind" ]] && behind=0
if [[ "$behind" -eq 0 ]]; then if [[ "$behind" -eq 0 ]]; then
@ -128,10 +128,10 @@ checkUpdates()
cd "$script_dir" || { isError " Cannot navigate to the repository directory"; exit 1; } cd "$script_dir" || { isError " Cannot navigate to the repository directory"; exit 1; }
# Update Git to ignore changes in file permissions # Update Git to ignore changes in file permissions
sudo -u $sudo_user_name git config core.fileMode false runAsManager git config core.fileMode false
# Update Git with email address # Update Git with email address
sudo -u $sudo_user_name git config --global user.name "$CFG_INSTALL_NAME" runAsManager git config --global user.name "$CFG_INSTALL_NAME"
sudo -u $sudo_user_name git config --global user.email "noreply@${CFG_INSTALL_NAME,,}.libreportal.local" runAsManager git config --global user.email "noreply@${CFG_INSTALL_NAME,,}.libreportal.local"
# Check if there are edited (modified) files # Check if there are edited (modified) files
if git status --porcelain | grep -q "^ M"; then if git status --porcelain | grep -q "^ M"; then

View File

@ -11,7 +11,7 @@ gitCheckForUpdate()
while true; do while true; do
gitCheckGitDetails; gitCheckGitDetails;
# Test the credentials by trying to fetch # Test the credentials by trying to fetch
if sudo -u $sudo_user_name git -c "credential.helper=" -c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" fetch > /dev/null 2>&1; then if runAsManager git -c "credential.helper=" -c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" fetch > /dev/null 2>&1; then
isSuccessful "Git authentication successful" isSuccessful "Git authentication successful"
break break
else else
@ -22,13 +22,13 @@ gitCheckForUpdate()
# Proceed with the fetch using the credentials if they were provided # Proceed with the fetch using the credentials if they were provided
if [[ $CFG_INSTALL_MODE == "git" ]]; then if [[ $CFG_INSTALL_MODE == "git" ]]; then
sudo -u $sudo_user_name git -c "credential.helper=" -c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" fetch > /dev/null 2>&1 runAsManager git -c "credential.helper=" -c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" fetch > /dev/null 2>&1
else else
sudo -u $sudo_user_name git fetch > /dev/null 2>&1 runAsManager git fetch > /dev/null 2>&1
fi fi
if sudo -u $sudo_user_name git status | grep -q "Your branch is ahead"; then if runAsManager git status | grep -q "Your branch is ahead"; then
isSuccessful "The repository is up to date...continuing..." isSuccessful "The repository is up to date...continuing..."
elif sudo -u $sudo_user_name git status | grep -q "Your branch is up to date with"; then elif runAsManager git status | grep -q "Your branch is up to date with"; then
isSuccessful "The repository is up to date...continuing..." isSuccessful "The repository is up to date...continuing..."
else else
isNotice "Updates found." isNotice "Updates found."

View File

@ -15,7 +15,7 @@ gitReset()
runInstallOp chown -R $sudo_user_name:$sudo_user_name "$script_dir" runInstallOp chown -R $sudo_user_name:$sudo_user_name "$script_dir"
} }
local result=$(sudo -u $sudo_user_name rm -rf $script_dir) local result=$(runAsManager rm -rf $script_dir)
checkSuccess "Deleting all Git files" checkSuccess "Deleting all Git files"
cd $docker_dir cd $docker_dir
@ -30,11 +30,11 @@ gitReset()
AUTH_HTTP_REPO_URL="http://${CFG_GIT_USER}:${CFG_GIT_KEY}@${CLEAN_GIT_URL}.git" AUTH_HTTP_REPO_URL="http://${CFG_GIT_USER}:${CFG_GIT_KEY}@${CLEAN_GIT_URL}.git"
# Try HTTPS first # Try HTTPS first
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTPS_REPO_URL" "$script_dir" 2>/dev/null; then if runAsManager git clone -q "$AUTH_HTTPS_REPO_URL" "$script_dir" 2>/dev/null; then
isSuccessful "Git repository cloned via HTTPS into '$script_dir'." isSuccessful "Git repository cloned via HTTPS into '$script_dir'."
else else
# If HTTPS fails, try HTTP # If HTTPS fails, try HTTP
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTP_REPO_URL" "$script_dir" 2>/dev/null; then if runAsManager git clone -q "$AUTH_HTTP_REPO_URL" "$script_dir" 2>/dev/null; then
isSuccessful "Git repository cloned via HTTP into '$script_dir'." isSuccessful "Git repository cloned via HTTP into '$script_dir'."
else else
isError " Failed to clone repository via both HTTPS and HTTP." isError " Failed to clone repository via both HTTPS and HTTP."
@ -42,11 +42,11 @@ gitReset()
fi fi
fi fi
elif [[ $CFG_INSTALL_MODE == "local" ]]; then elif [[ $CFG_INSTALL_MODE == "local" ]]; then
if sudo -u $sudo_user_name git clone -q "https://${CLEAN_GIT_URL}.git" "$script_dir" 2>/dev/null; then if runAsManager git clone -q "https://${CLEAN_GIT_URL}.git" "$script_dir" 2>/dev/null; then
isSuccessful "Git repository cloned via HTTPS into '$script_dir'." isSuccessful "Git repository cloned via HTTPS into '$script_dir'."
else else
# If HTTPS fails, try HTTP # If HTTPS fails, try HTTP
if sudo -u $sudo_user_name git clone -q "http://${CLEAN_GIT_URL}.git" "$script_dir" 2>/dev/null; then if runAsManager git clone -q "http://${CLEAN_GIT_URL}.git" "$script_dir" 2>/dev/null; then
isSuccessful "Git repository cloned via HTTP into '$script_dir'." isSuccessful "Git repository cloned via HTTP into '$script_dir'."
fi fi
fi fi

View File

@ -4,8 +4,8 @@ gitUntrackFiles()
{ {
# Fixing the issue where the git does not use the .gitignore # Fixing the issue where the git does not use the .gitignore
cd $script_dir cd $script_dir
local result=$(sudo -u $sudo_user_name git config core.fileMode false) local result=$(runAsManager git config core.fileMode false)
checkSuccess "Removing configs and logs from git for git changes" checkSuccess "Removing configs and logs from git for git changes"
local result=$(sudo -u $sudo_user_name git commit -m "Stop tracking ignored files") local result=$(runAsManager git commit -m "Stop tracking ignored files")
checkSuccess "Removing tracking ignored files" checkSuccess "Removing tracking ignored files"
} }

View File

@ -54,7 +54,7 @@ webuiSystemUpdateCheck() {
current_version=$(tr -d ' \t\n\r' < "$repo_dir/VERSION") current_version=$(tr -d ' \t\n\r' < "$repo_dir/VERSION")
fi fi
if [[ -z "$current_version" ]]; then if [[ -z "$current_version" ]]; then
current_version=$(sudo -u "$sudo_user_name" git -C "$repo_dir" describe --tags --abbrev=0 2>/dev/null) current_version=$(runAsManager git -C "$repo_dir" describe --tags --abbrev=0 2>/dev/null)
fi fi
[[ -z "$current_version" ]] && current_version="unknown" [[ -z "$current_version" ]] && current_version="unknown"
@ -108,10 +108,10 @@ EOF
fi fi
local branch local branch
branch=$(sudo -u "$sudo_user_name" git -C "$repo_dir" rev-parse --abbrev-ref HEAD 2>/dev/null) branch=$(runAsManager git -C "$repo_dir" rev-parse --abbrev-ref HEAD 2>/dev/null)
[[ -z "$branch" || "$branch" == "HEAD" ]] && branch="main" [[ -z "$branch" || "$branch" == "HEAD" ]] && branch="main"
sudo -u "$sudo_user_name" git -C "$repo_dir" config core.fileMode false >/dev/null 2>&1 runAsManager git -C "$repo_dir" config core.fileMode false >/dev/null 2>&1
# Decide whether to hit the network this run. # Decide whether to hit the network this run.
local do_fetch="false" local do_fetch="false"
@ -128,20 +128,20 @@ EOF
if [[ "$do_fetch" == "true" ]]; then if [[ "$do_fetch" == "true" ]]; then
local _fetched="false" local _fetched="false"
if [[ "$install_mode" == "git" && -n "$CFG_GIT_USER" && "$CFG_GIT_USER" != "empty" && "$CFG_GIT_USER" != "changeme" ]]; then if [[ "$install_mode" == "git" && -n "$CFG_GIT_USER" && "$CFG_GIT_USER" != "empty" && "$CFG_GIT_USER" != "changeme" ]]; then
if sudo -u "$sudo_user_name" git -C "$repo_dir" \ if runAsManager git -C "$repo_dir" \
-c "credential.helper=" \ -c "credential.helper=" \
-c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" \ -c "credential.helper=!f() { echo username=$CFG_GIT_USER; echo password=$CFG_GIT_KEY; }; f" \
fetch --quiet origin "$branch" >/dev/null 2>&1; then fetch --quiet origin "$branch" >/dev/null 2>&1; then
_fetched="true" _fetched="true"
fi fi
else else
if sudo -u "$sudo_user_name" git -C "$repo_dir" fetch --quiet origin "$branch" >/dev/null 2>&1; then if runAsManager git -C "$repo_dir" fetch --quiet origin "$branch" >/dev/null 2>&1; then
_fetched="true" _fetched="true"
fi fi
fi fi
if [[ "$_fetched" == "true" ]]; then if [[ "$_fetched" == "true" ]]; then
sudo -u "$sudo_user_name" touch "$stamp_file" 2>/dev/null || touch "$stamp_file" 2>/dev/null runAsManager touch "$stamp_file" 2>/dev/null || touch "$stamp_file" 2>/dev/null
else else
fetch_error="Could not reach the update server." fetch_error="Could not reach the update server."
fi fi
@ -149,16 +149,16 @@ EOF
# Compare local HEAD against the (possibly just-fetched) remote ref. # Compare local HEAD against the (possibly just-fetched) remote ref.
local current_commit latest_commit behind ahead latest_version local current_commit latest_commit behind ahead latest_version
current_commit=$(sudo -u "$sudo_user_name" git -C "$repo_dir" rev-parse --short HEAD 2>/dev/null) current_commit=$(runAsManager git -C "$repo_dir" rev-parse --short HEAD 2>/dev/null)
latest_commit=$(sudo -u "$sudo_user_name" git -C "$repo_dir" rev-parse --short "refs/remotes/origin/$branch" 2>/dev/null) latest_commit=$(runAsManager git -C "$repo_dir" rev-parse --short "refs/remotes/origin/$branch" 2>/dev/null)
behind=$(sudo -u "$sudo_user_name" git -C "$repo_dir" rev-list --count "HEAD..refs/remotes/origin/$branch" 2>/dev/null) behind=$(runAsManager git -C "$repo_dir" rev-list --count "HEAD..refs/remotes/origin/$branch" 2>/dev/null)
ahead=$(sudo -u "$sudo_user_name" git -C "$repo_dir" rev-list --count "refs/remotes/origin/$branch..HEAD" 2>/dev/null) ahead=$(runAsManager git -C "$repo_dir" rev-list --count "refs/remotes/origin/$branch..HEAD" 2>/dev/null)
[[ -z "$behind" ]] && behind=0 [[ -z "$behind" ]] && behind=0
[[ -z "$ahead" ]] && ahead=0 [[ -z "$ahead" ]] && ahead=0
[[ -z "$current_commit" ]] && current_commit="unknown" [[ -z "$current_commit" ]] && current_commit="unknown"
[[ -z "$latest_commit" ]] && latest_commit="$current_commit" [[ -z "$latest_commit" ]] && latest_commit="$current_commit"
latest_version=$(sudo -u "$sudo_user_name" git -C "$repo_dir" show "refs/remotes/origin/$branch:VERSION" 2>/dev/null | tr -d ' \t\n\r') latest_version=$(runAsManager git -C "$repo_dir" show "refs/remotes/origin/$branch:VERSION" 2>/dev/null | tr -d ' \t\n\r')
[[ -z "$latest_version" ]] && latest_version="$current_version" [[ -z "$latest_version" ]] && latest_version="$current_version"
local update_available="false" local update_available="false"