Merge claude/2
This commit is contained in:
commit
6ca52f9f98
40
init.sh
40
init.sh
@ -830,6 +830,45 @@ initFolders()
|
||||
isSuccessful "All folders have been created."
|
||||
}
|
||||
|
||||
# Establish the rootless container layer — the docker-install user and ownership
|
||||
# of /docker/containers — during the ROOT phase, BEFORE the manager-run install
|
||||
# boots. That boot scans app configs under /docker/containers AS the container
|
||||
# user (runFileOp), so if the dir is still manager-owned (as initFolders leaves
|
||||
# it) the scan errors with "Permission denied". Handing the dir to the container
|
||||
# user here means the scan reads a dir it owns. Rootless-only — rooted keeps
|
||||
# containers manager/root-owned, which the manager reads fine. Idempotent: the
|
||||
# later rootless setup finds the user existing and just (re)asserts its password
|
||||
# + daemon config. Runs after initGIT (config present) + initFolders (dir present).
|
||||
initContainerLayer()
|
||||
{
|
||||
local cfg="$configs_dir/general/general_docker_install"
|
||||
local dtype duser
|
||||
dtype=$(grep -h '^CFG_DOCKER_INSTALL_TYPE=' "$cfg" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
|
||||
[[ "$dtype" != "rootless" ]] && return 0
|
||||
duser=$(grep -h '^CFG_DOCKER_INSTALL_USER=' "$cfg" 2>/dev/null | head -1 | cut -d= -f2 | awk '{print $1}')
|
||||
duser="${duser:-dockerinstall}"
|
||||
|
||||
isHeader "Container Layer Setup"
|
||||
if id "$duser" &>/dev/null; then
|
||||
isSuccessful "Container user '$duser' already exists."
|
||||
else
|
||||
# -m + the system login.defs SUB_UID/GID defaults assign its subordinate
|
||||
# uid/gid ranges (needed for rootless). The later rootless setup sees it
|
||||
# existing and configures the daemon/linger/password.
|
||||
sudo useradd -m -s /bin/bash -d "/home/$duser" "$duser" 2>/dev/null
|
||||
isSuccessful "Created container user '$duser'."
|
||||
fi
|
||||
|
||||
# Hand containers/ to the container user (it owns per-app data in rootless) so
|
||||
# the manager-run startup config scans can read it. 751: owner full; the
|
||||
# manager (other) can traverse in to known paths (it lists/writes via runFileOp).
|
||||
if [[ -d "$containers_dir" ]]; then
|
||||
sudo chown "$duser:$duser" "$containers_dir"
|
||||
sudo chmod 751 "$containers_dir"
|
||||
isSuccessful "containers/ handed to '$duser'."
|
||||
fi
|
||||
}
|
||||
|
||||
setupConfigsFromRepo()
|
||||
{
|
||||
isNotice "Setting up configuration files from repository..."
|
||||
@ -1468,6 +1507,7 @@ else
|
||||
initRootHelpers
|
||||
initLibrePortalCommand
|
||||
initUpdateConfigs
|
||||
initContainerLayer
|
||||
completeInitMessage
|
||||
elif [[ "$param1" == "uninstall" ]]; then
|
||||
runFullUninstall
|
||||
|
||||
@ -9,10 +9,7 @@ checkApplicationsConfigFilesMissingVariables()
|
||||
app=$(basename "$live" .config)
|
||||
remote="$install_containers_dir$app/$app.config"
|
||||
reconcileConfigFile "$live" "$remote"
|
||||
# 2>/dev/null: before the docker-type config loads (early install) runFileOp
|
||||
# falls back to the manager, which can't list the container-owned containers/
|
||||
# dir — harmless "Permission denied" on a best-effort reconcile (no apps yet).
|
||||
done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak' 2>/dev/null)
|
||||
done < <(runFileOp find "$containers_dir" -maxdepth 2 -type f -name '*.config' ! -name '*.bak')
|
||||
|
||||
isSuccessful "Application config reconciliation completed."
|
||||
}
|
||||
|
||||
@ -14,7 +14,10 @@ installDockerRootlessUser()
|
||||
# rootless). Run unmasked so checkSuccess sees real failures.
|
||||
runSystem useradd -m -s /bin/bash -d "/home/$CFG_DOCKER_INSTALL_USER" "$CFG_DOCKER_INSTALL_USER"
|
||||
checkSuccess "Creating $CFG_DOCKER_INSTALL_USER User."
|
||||
updateDockerInstallPassword;
|
||||
fi
|
||||
# (Re)assert the password regardless — the user may have been pre-created
|
||||
# in init.sh's root phase (so /docker/containers ownership is ready before
|
||||
# the manager-run boot scans), where the password isn't set.
|
||||
updateDockerInstallPassword;
|
||||
fi
|
||||
}
|
||||
|
||||
@ -61,12 +61,7 @@ sourceScanFiles()
|
||||
source "$file"
|
||||
# echo "$load_type FILE $file"
|
||||
fi
|
||||
# 2>/dev/null: early in an install the docker-type config isn't loaded
|
||||
# yet, so runFileOp falls back to the manager, which can't list the
|
||||
# container-owned containers/ dir — a harmless "Permission denied" on a
|
||||
# best-effort scan (no app configs exist yet). Suppress that noise; the
|
||||
# -print0 output still flows.
|
||||
done < <($scan_op find "$folder_dir" -maxdepth 3 -type d \( -name 'resources' \) -prune -o -type f -name "$file_pattern" -print0 2>/dev/null)
|
||||
done < <($scan_op find "$folder_dir" -maxdepth 3 -type d \( -name 'resources' \) -prune -o -type f -name "$file_pattern" -print0)
|
||||
fi
|
||||
|
||||
# Load the categories from the file into an array
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user