refactor(footprint): rename libreportal.service -> libreportal-taskprocessor.service

The single systemd unit is the task processor (and now also drives the periodic
regen poll), so name it for what it does instead of the ambiguous bare
"libreportal.service" — clearer now that the runtime has more than one concern.

- svc helper: SERVICE_NAME=libreportal-taskprocessor.service; _drop_legacy()
  stops/removes the pre-rename unit on install (idempotent migration) so an
  upgraded box never runs two processors.
- init.sh: read baked roots from the new unit (fall back to the old name);
  uninstall removes both names; bump footprint_version 2 -> 3 (root-owned unit
  changed, so a manager-run update flags "root re-install needed").
- check_webui_systemd: accept either name during the transition.
- docs/FOOTPRINT.md: new unit name + uninstall command.

No sudoers change — it allows /usr/bin/systemctl generically, not a named unit.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
This commit is contained in:
librelad 2026-05-25 23:23:18 +01:00
parent 7cf0bcf678
commit bd1f9455ce
4 changed files with 37 additions and 19 deletions

View File

@ -50,7 +50,7 @@ quick-deploy).
| `/usr/local/bin/libreportal` | root | **symlink**`/usr/local/lib/libreportal/libreportal` (puts the CLI on `$PATH`) | | `/usr/local/bin/libreportal` | root | **symlink**`/usr/local/lib/libreportal/libreportal` (puts the CLI on `$PATH`) |
| `/usr/local/bin/libreportal-uninstall` | root | **symlink**`/usr/local/lib/libreportal/uninstall.sh` (location-agnostic uninstall command) | | `/usr/local/bin/libreportal-uninstall` | root | **symlink**`/usr/local/lib/libreportal/uninstall.sh` (location-agnostic uninstall command) |
| `/etc/sudoers.d/<manager>` | root | scoped least-privilege grant for the manager (drop-in named after the manager user) | | `/etc/sudoers.d/<manager>` | root | scoped least-privilege grant for the manager (drop-in named after the manager user) |
| `/etc/systemd/system/libreportal.service` | root | the task-processor service (`User=<manager>`; bakes the roots as `Environment=LP_*_DIR`) | | `/etc/systemd/system/libreportal-taskprocessor.service` | root | the task-processor service (`User=<manager>`; bakes the roots as `Environment=LP_*_DIR`; also drives the periodic `regen` poll) |
| `/etc/sysctl.d/99-libreportal-hardening.conf` | root | kernel LPE-surface hardening | | `/etc/sysctl.d/99-libreportal-hardening.conf` | root | kernel LPE-surface hardening |
| `/etc/sysctl.d/99-libreportal-rootless.conf` | root | rootless sysctl settings + "rootless configured" marker | | `/etc/sysctl.d/99-libreportal-rootless.conf` | root | rootless sysctl settings + "rootless configured" marker |
@ -72,8 +72,8 @@ config lives at `~<container-user>/.config/docker/daemon.json`.
`init.sh uninstall` does all of this; the sketch (with default roots/manager): `init.sh uninstall` does all of this; the sketch (with default roots/manager):
``` ```
sudo systemctl disable --now libreportal.service sudo systemctl disable --now libreportal-taskprocessor.service
sudo rm -f /etc/systemd/system/libreportal.service /etc/sudoers.d/libreportal sudo rm -f /etc/systemd/system/libreportal-taskprocessor.service /etc/sudoers.d/libreportal
sudo rm -f /etc/sysctl.d/99-libreportal-*.conf sudo rm -f /etc/sysctl.d/99-libreportal-*.conf
sudo rm -rf /usr/local/lib/libreportal /usr/local/bin/libreportal /usr/local/bin/libreportal-uninstall sudo rm -rf /usr/local/lib/libreportal /usr/local/bin/libreportal /usr/local/bin/libreportal-uninstall
sudo rm -rf /libreportal-system /libreportal-containers /libreportal-backups sudo rm -rf /libreportal-system /libreportal-containers /libreportal-backups

10
init.sh
View File

@ -130,7 +130,7 @@ command_symlink="/usr/local/bin/libreportal"
# `update apply` runs as the manager and CANNOT rewrite root-owned files, so a bump # `update apply` runs as the manager and CANNOT rewrite root-owned files, so a bump
# tells the updater the new release needs a root re-install (which re-bakes them). # tells the updater the new release needs a root re-install (which re-bakes them).
# Recorded at install in $lp_lib_dir/.footprint_version. See docs/DEVELOPMENT.md. # Recorded at install in $lp_lib_dir/.footprint_version. See docs/DEVELOPMENT.md.
footprint_version=2 footprint_version=3
footprint_marker="$lp_lib_dir/.footprint_version" footprint_marker="$lp_lib_dir/.footprint_version"
# Directories — three independently-relocatable roots (see scripts/source/paths.sh # Directories — three independently-relocatable roots (see scripts/source/paths.sh
@ -1588,7 +1588,8 @@ completeInitMessage()
# the real locations; silently no-ops on a legacy unit (then the derive defaults / # the real locations; silently no-ops on a legacy unit (then the derive defaults /
# /docker compat shim apply). # /docker compat shim apply).
libreportalReadBakedRoots() { libreportalReadBakedRoots() {
local unit=/etc/systemd/system/libreportal.service local unit=/etc/systemd/system/libreportal-taskprocessor.service
[[ -f "$unit" ]] || unit=/etc/systemd/system/libreportal.service # pre-rename fallback
[[ -f "$unit" ]] || return 0 [[ -f "$unit" ]] || return 0
local s c b m local s c b m
s=$(grep -oE 'LP_SYSTEM_DIR=\S+' "$unit" | head -1 | cut -d= -f2) s=$(grep -oE 'LP_SYSTEM_DIR=\S+' "$unit" | head -1 | cut -d= -f2)
@ -1650,9 +1651,10 @@ runFullUninstall()
isHeader "Tearing down LibrePortal" isHeader "Tearing down LibrePortal"
# 1. Stop + remove the task-processor service. # 1. Stop + remove the task-processor service (current + pre-rename name).
systemctl disable --now libreportal-taskprocessor.service >/dev/null 2>&1
systemctl disable --now libreportal.service >/dev/null 2>&1 systemctl disable --now libreportal.service >/dev/null 2>&1
rm -f /etc/systemd/system/libreportal.service rm -f /etc/systemd/system/libreportal-taskprocessor.service /etc/systemd/system/libreportal.service
systemctl daemon-reload >/dev/null 2>&1 systemctl daemon-reload >/dev/null 2>&1
isSuccessful "Stopped + removed the task-processor service" isSuccessful "Stopped + removed the task-processor service"

View File

@ -3,8 +3,9 @@
checkWebUISystemdRequirement() checkWebUISystemdRequirement()
{ {
if [[ $CFG_REQUIREMENT_WEBUI_SERVICE == "true" ]]; then if [[ $CFG_REQUIREMENT_WEBUI_SERVICE == "true" ]]; then
### Check if systemd service is running ### Check if systemd service is running (accept the pre-rename name too)
if runSystem systemctl is-active --quiet libreportal.service; then if runSystem systemctl is-active --quiet libreportal-taskprocessor.service \
|| runSystem systemctl is-active --quiet libreportal.service; then
isSuccessful "LibrePortal task processor service is running." isSuccessful "LibrePortal task processor service is running."
else else
isNotice "LibrePortal task processor service is not running." isNotice "LibrePortal task processor service is not running."

View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
# LibrePortal task-processor systemd helper — the only root-privileged management # LibrePortal task-processor systemd helper — the only root-privileged management
# of the libreportal.service unit the manager may trigger. Installed root:root # of the libreportal-taskprocessor.service unit the manager may trigger. Installed root:root
# 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from # 0755 to /usr/local/sbin by init.sh. Self-contained: it GENERATES the unit from
# config (mode + install-user uid + the baked manager name + fixed script paths) # config (mode + install-user uid + the baked manager name + fixed script paths)
# — it does NOT accept unit content from the caller (that would be root: an # — it does NOT accept unit content from the caller (that would be root: an
@ -25,7 +25,12 @@ BACKUPS_DIR="__BACKUPS_DIR__"
[[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers" [[ "$CONTAINERS_DIR" == *"__"* || -z "$CONTAINERS_DIR" ]] && CONTAINERS_DIR="/libreportal-containers"
[[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups" [[ "$BACKUPS_DIR" == *"__"* || -z "$BACKUPS_DIR" ]] && BACKUPS_DIR="/libreportal-backups"
SERVICE_FILE="/etc/systemd/system/libreportal.service" SERVICE_NAME="libreportal-taskprocessor.service"
SERVICE_FILE="/etc/systemd/system/$SERVICE_NAME"
# Pre-rename unit name — removed on install so an upgraded box doesn't keep a
# duplicate/orphan processor running under the old name.
LEGACY_SERVICE_NAME="libreportal.service"
LEGACY_SERVICE_FILE="/etc/systemd/system/$LEGACY_SERVICE_NAME"
INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts" INSTALL_SCRIPTS_DIR="$SYSTEM_DIR/install/scripts"
TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh" TASK_PROCESSOR="$INSTALL_SCRIPTS_DIR/crontab/task/crontab_task_processor.sh"
DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install" DB_CFG="$SYSTEM_DIR/configs/general/general_docker_install"
@ -78,19 +83,29 @@ WantedBy=multi-user.target
EOF EOF
} }
# Remove the pre-rename unit if it's still around (idempotent migration).
_drop_legacy() {
if [[ -f "$LEGACY_SERVICE_FILE" ]]; then
systemctl disable --now "$LEGACY_SERVICE_NAME" >/dev/null 2>&1
rm -f "$LEGACY_SERVICE_FILE"
systemctl daemon-reload
fi
}
install_unit() { install_unit() {
_drop_legacy
local desired current="" local desired current=""
desired="$(_gen_unit)" desired="$(_gen_unit)"
[[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)" [[ -f "$SERVICE_FILE" ]] && current="$(cat "$SERVICE_FILE" 2>/dev/null)"
if [[ "$desired" != "$current" ]]; then if [[ "$desired" != "$current" ]]; then
printf '%s\n' "$desired" > "$SERVICE_FILE" printf '%s\n' "$desired" > "$SERVICE_FILE"
systemctl daemon-reload systemctl daemon-reload
systemctl enable libreportal.service >/dev/null 2>&1 systemctl enable "$SERVICE_NAME" >/dev/null 2>&1
systemctl restart libreportal.service systemctl restart "$SERVICE_NAME"
echo "updated" echo "updated"
else else
systemctl enable libreportal.service >/dev/null 2>&1 systemctl enable "$SERVICE_NAME" >/dev/null 2>&1
systemctl is-active --quiet libreportal.service || systemctl start libreportal.service systemctl is-active --quiet "$SERVICE_NAME" || systemctl start "$SERVICE_NAME"
echo "unchanged" echo "unchanged"
fi fi
} }
@ -98,9 +113,9 @@ install_unit() {
action="${1:-}" action="${1:-}"
case "$action" in case "$action" in
install) install_unit ;; install) install_unit ;;
enable) systemctl enable libreportal.service >/dev/null 2>&1 ;; enable) systemctl enable "$SERVICE_NAME" >/dev/null 2>&1 ;;
restart) systemctl restart libreportal.service ;; restart) systemctl restart "$SERVICE_NAME" ;;
start) systemctl start libreportal.service ;; start) systemctl start "$SERVICE_NAME" ;;
status) systemctl is-active libreportal.service ;; status) systemctl is-active "$SERVICE_NAME" ;;
*) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;; *) echo "usage: libreportal-svc {install|enable|restart|start|status}" >&2; exit 2 ;;
esac esac