From bd1f9455ce3e9d849e8d3887699b24499e2c6ec4 Mon Sep 17 00:00:00 2001 From: librelad Date: Mon, 25 May 2026 23:23:18 +0100 Subject: [PATCH] refactor(footprint): rename libreportal.service -> libreportal-taskprocessor.service MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The single systemd unit is the task processor (and now also drives the periodic regen poll), so name it for what it does instead of the ambiguous bare "libreportal.service" — clearer now that the runtime has more than one concern. - svc helper: SERVICE_NAME=libreportal-taskprocessor.service; _drop_legacy() stops/removes the pre-rename unit on install (idempotent migration) so an upgraded box never runs two processors. - init.sh: read baked roots from the new unit (fall back to the old name); uninstall removes both names; bump footprint_version 2 -> 3 (root-owned unit changed, so a manager-run update flags "root re-install needed"). - check_webui_systemd: accept either name during the transition. - docs/FOOTPRINT.md: new unit name + uninstall command. No sudoers change — it allows /usr/bin/systemctl generically, not a named unit. Co-Authored-By: Claude Opus 4.7 Signed-off-by: librelad --- docs/FOOTPRINT.md | 6 ++-- init.sh | 10 +++--- .../requirements/check_webui_systemd.sh | 5 +-- scripts/system/libreportal-svc | 35 +++++++++++++------ 4 files changed, 37 insertions(+), 19 deletions(-) diff --git a/docs/FOOTPRINT.md b/docs/FOOTPRINT.md index 0bcf3f2..ff02fbe 100644 --- a/docs/FOOTPRINT.md +++ b/docs/FOOTPRINT.md @@ -50,7 +50,7 @@ quick-deploy). | `/usr/local/bin/libreportal` | root | **symlink** → `/usr/local/lib/libreportal/libreportal` (puts the CLI on `$PATH`) | | `/usr/local/bin/libreportal-uninstall` | root | **symlink** → `/usr/local/lib/libreportal/uninstall.sh` (location-agnostic uninstall command) | | `/etc/sudoers.d/` | root | scoped least-privilege grant for the manager (drop-in named after the manager user) | -| `/etc/systemd/system/libreportal.service` | root | the task-processor service (`User=`; bakes the roots as `Environment=LP_*_DIR`) | +| `/etc/systemd/system/libreportal-taskprocessor.service` | root | the task-processor service (`User=`; bakes the roots as `Environment=LP_*_DIR`; also drives the periodic `regen` poll) | | `/etc/sysctl.d/99-libreportal-hardening.conf` | root | kernel LPE-surface hardening | | `/etc/sysctl.d/99-libreportal-rootless.conf` | root | rootless sysctl settings + "rootless configured" marker | @@ -72,8 +72,8 @@ config lives at `~/.config/docker/daemon.json`. `init.sh uninstall` does all of this; the sketch (with default roots/manager): ``` -sudo systemctl disable --now libreportal.service -sudo rm -f /etc/systemd/system/libreportal.service /etc/sudoers.d/libreportal +sudo systemctl disable --now libreportal-taskprocessor.service +sudo rm -f /etc/systemd/system/libreportal-taskprocessor.service /etc/sudoers.d/libreportal sudo rm -f /etc/sysctl.d/99-libreportal-*.conf sudo rm -rf /usr/local/lib/libreportal /usr/local/bin/libreportal /usr/local/bin/libreportal-uninstall sudo rm -rf /libreportal-system /libreportal-containers /libreportal-backups diff --git a/init.sh b/init.sh index 73b46c8..f237181 100755 --- a/init.sh +++ b/init.sh @@ -130,7 +130,7 @@ command_symlink="/usr/local/bin/libreportal" # `update apply` runs as the manager and CANNOT rewrite root-owned files, so a bump # tells the updater the new release needs a root re-install (which re-bakes them). # Recorded at install in $lp_lib_dir/.footprint_version. See docs/DEVELOPMENT.md. -footprint_version=2 +footprint_version=3 footprint_marker="$lp_lib_dir/.footprint_version" # Directories — three independently-relocatable roots (see scripts/source/paths.sh @@ -1588,7 +1588,8 @@ completeInitMessage() # the real locations; silently no-ops on a legacy unit (then the derive defaults / # /docker compat shim apply). libreportalReadBakedRoots() { - local unit=/etc/systemd/system/libreportal.service + local unit=/etc/systemd/system/libreportal-taskprocessor.service + [[ -f "$unit" ]] || unit=/etc/systemd/system/libreportal.service # pre-rename fallback [[ -f "$unit" ]] || return 0 local s c b m s=$(grep -oE 'LP_SYSTEM_DIR=\S+' "$unit" | head -1 | cut -d= -f2) @@ -1650,9 +1651,10 @@ runFullUninstall() isHeader "Tearing down LibrePortal" - # 1. Stop + remove the task-processor service. + # 1. Stop + remove the task-processor service (current + pre-rename name). + systemctl disable --now libreportal-taskprocessor.service >/dev/null 2>&1 systemctl disable --now libreportal.service >/dev/null 2>&1 - rm -f /etc/systemd/system/libreportal.service + rm -f /etc/systemd/system/libreportal-taskprocessor.service /etc/systemd/system/libreportal.service systemctl daemon-reload >/dev/null 2>&1 isSuccessful "Stopped + removed the task-processor service" diff --git a/scripts/checks/requirements/check_webui_systemd.sh b/scripts/checks/requirements/check_webui_systemd.sh index fed3cc7..2c2623f 100755 --- a/scripts/checks/requirements/check_webui_systemd.sh +++ b/scripts/checks/requirements/check_webui_systemd.sh @@ -3,8 +3,9 @@ checkWebUISystemdRequirement() { if [[ $CFG_REQUIREMENT_WEBUI_SERVICE == "true" ]]; then - ### Check if systemd service is running - if runSystem systemctl is-active --quiet libreportal.service; then + ### Check if systemd service is running (accept the pre-rename name too) + if runSystem systemctl is-active --quiet libreportal-taskprocessor.service \ + || runSystem systemctl is-active --quiet libreportal.service; then isSuccessful "LibrePortal task processor service is running." else isNotice "LibrePortal task processor service is not running." diff --git a/scripts/system/libreportal-svc b/scripts/system/libreportal-svc index c06c663..a9b1f1f 100644 --- a/scripts/system/libreportal-svc +++ b/scripts/system/libreportal-svc @@ -1,6 +1,6 @@ #!/bin/bash # LibrePortal task-processor systemd helper — the only root-privileged management -# of the libreportal.service unit the manager may trigger. Installed root:root +# of the libreportal-taskprocessor.service unit the manager may trigger. Installed root:root # 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from # config (mode + install-user uid + the baked manager name + fixed script paths) # — it does NOT accept unit content from the caller (that would be root: an @@ -25,7 +25,12 @@ BACKUPS_DIR="__BACKUPS_DIR__" [[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers" [[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups" -SERVICE_FILE="/etc/systemd/system/libreportal.service" +SERVICE_NAME="libreportal-taskprocessor.service" +SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME" +# Pre-rename unit name — removed on install so an upgraded box doesn't keep a +# duplicate/orphan processor running under the old name. +LEGACY_SERVICE_NAME="libreportal.service" +LEGACY_SERVICE_FILE="/etc/systemd/system/$LEGACY_SERVICE_NAME" INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts" TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh" DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install" @@ -78,19 +83,29 @@ WantedBy=multi-user.target EOF } +# Remove the pre-rename unit if it's still around (idempotent migration). +_drop_legacy() { + if [[ -f "$LEGACY_SERVICE_FILE" ]]; then + systemctl disable --now "$LEGACY_SERVICE_NAME" >/dev/null 2>&1 + rm -f "$LEGACY_SERVICE_FILE" + systemctl daemon-reload + fi +} + install_unit() { + _drop_legacy local desired current="" desired="$(_gen_unit)" [[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)" if [[ "$desired" != "$current" ]]; then printf '%s\n' "$desired" > "$SERVICE_FILE" systemctl daemon-reload - systemctl enable libreportal.service >/dev/null 2>&1 - systemctl restart libreportal.service + systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 + systemctl restart "$SERVICE_NAME" echo "updated" else - systemctl enable libreportal.service >/dev/null 2>&1 - systemctl is-active --quiet libreportal.service || systemctl start libreportal.service + systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 + systemctl is-active --quiet "$SERVICE_NAME" || systemctl start "$SERVICE_NAME" echo "unchanged" fi } @@ -98,9 +113,9 @@ install_unit() { action="${1:-}" case "$action" in install) install_unit ;; - enable) systemctl enable libreportal.service >/dev/null 2>&1 ;; - restart) systemctl restart libreportal.service ;; - start) systemctl start libreportal.service ;; - status) systemctl is-active libreportal.service ;; + enable) systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 ;; + restart) systemctl restart "$SERVICE_NAME" ;; + start) systemctl start "$SERVICE_NAME" ;; + status) systemctl is-active "$SERVICE_NAME" ;; *) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;; esac