Compare commits

..

No commits in common. "c2cb75cfd97eaa5b0e16115d35b9ca040b7f86f1" and "db681fbcd1e1d98feb0c756e107106b075762876" have entirely different histories.

7 changed files with 22 additions and 20 deletions

View File

@ -18,7 +18,7 @@ tagsProcessorDockerInstallation()
tagsManagerUpdateUniversalTag "$full_file_path" "GID_TAG" "$docker_install_user_id" tagsManagerUpdateUniversalTag "$full_file_path" "GID_TAG" "$docker_install_user_id"
# Enable user directive (non-tag replacement) # Enable user directive (non-tag replacement)
runFileOp sed -i 's|#user:|user:|g' "$full_file_path" sudo sed -i 's|#user:|user:|g' "$full_file_path"
checkSuccess "Docker rootless installation tags applied using universal tag manager" checkSuccess "Docker rootless installation tags applied using universal tag manager"
fi fi

View File

@ -8,6 +8,6 @@ crontabClear()
# user rename. The sticky bit on /var/spool/cron/crontabs otherwise stops # user rename. The sticky bit on /var/spool/cron/crontabs otherwise stops
# the user replacing a file it doesn't own ("rename: Operation not # the user replacing a file it doesn't own ("rename: Operation not
# permitted"); setup recreates the crontab as the user next. # permitted"); setup recreates the crontab as the user next.
runInstallOp crontab -r 2>/dev/null sudo crontab -u "$sudo_user_name" -r 2>/dev/null
isSuccessful "All crontab data has been deleted." isSuccessful "All crontab data has been deleted."
} }

View File

@ -41,7 +41,7 @@ dockerCopyBuildContext()
# container dir — the chown below sets the correct owner. Without this the # container dir — the chown below sets the correct owner. Without this the
# rsync re-stamps the WebUI tree as uid 1000 every install. # rsync re-stamps the WebUI tree as uid 1000 every install.
if command -v rsync >/dev/null 2>&1; then if command -v rsync >/dev/null 2>&1; then
runFileOp rsync -a --no-owner --no-group \ sudo rsync -a --no-owner --no-group \
--exclude="docker-compose.yml" \ --exclude="docker-compose.yml" \
--exclude="docker-compose.${app_name}.yml" \ --exclude="docker-compose.${app_name}.yml" \
--exclude="${app_name}.config" \ --exclude="${app_name}.config" \
@ -52,12 +52,15 @@ dockerCopyBuildContext()
else else
# Best-effort fallback. Copies everything then nukes the # Best-effort fallback. Copies everything then nukes the
# excluded items in the target. # excluded items in the target.
runFileOp cp -R "$source_dir/." "$target_dir/" sudo cp -R "$source_dir/." "$target_dir/"
runFileOp rm -f "$target_dir/${app_name}.config" "$target_dir/${app_name}.tools.json" sudo rm -f "$target_dir/${app_name}.config" "$target_dir/${app_name}.tools.json"
fi fi
# runFileOp above wrote the tree AS the container owner (rootless: the docker # Own the deployed tree as the mode's container owner (config-authoritative,
# install user; rooted: the manager) with --no-owner so the repo-clone uid # never the stale/empty $docker_install_user global that let uid 1000 slip
# isn't carried — no root, no chown needed. # through before).
local owner
owner="$(dockerContainerOwner)"
runSystem chown -R "$owner:$owner" "$target_dir"
isSuccessful "Build context copied for $app_name." isSuccessful "Build context copied for $app_name."
} }

View File

@ -33,11 +33,11 @@ dockerComposeUpdate()
local jail_local_file="$containers_dir/$app_name/config/$app_name/jail.local" local jail_local_file="$containers_dir/$app_name/config/$app_name/jail.local"
if [ -f "$jail_local_file" ]; then if [ -f "$jail_local_file" ]; then
if runFileOp grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then if sudo grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then
# Whitelist not set up yet # Whitelist not set up yet
if runFileOp grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then if sudo grep -q "ignoreip = ips_whitelist" "$jail_local_file"; then
local result=$(runFileOp sed -i "s/ips_whitelist/$CFG_IPS_WHITELIST/" "$jail_local_file") local result=$(sudo sed -i "s/ips_whitelist/$CFG_IPS_WHITELIST/" "$jail_local_file")
checkSuccess "Update the IP whitelist for $app_name" checkSuccess "Update the IP whitelist for $app_name"
local whitelistupdates=true local whitelistupdates=true
fi fi
@ -45,7 +45,7 @@ dockerComposeUpdate()
# If the IPs are set up already but need an update # If the IPs are set up already but need an update
local current_ip_range=$(grep "ignoreip = " "$jail_local_file" | cut -d ' ' -f 2) local current_ip_range=$(grep "ignoreip = " "$jail_local_file" | cut -d ' ' -f 2)
if [ "$current_ip_range" != "$CFG_IPS_WHITELIST" ]; then if [ "$current_ip_range" != "$CFG_IPS_WHITELIST" ]; then
local result=$(runFileOp sed -i "s/ignoreip = ips_whitelist/ignoreip = $CFG_IPS_WHITELIST/" "$jail_local_file") local result=$(sudo sed -i "s/ignoreip = ips_whitelist/ignoreip = $CFG_IPS_WHITELIST/" "$jail_local_file")
checkSuccess "Update the IP whitelist for $app_name" checkSuccess "Update the IP whitelist for $app_name"
local whitelistupdates=true local whitelistupdates=true
fi fi

View File

@ -2,5 +2,5 @@
createSuccessfulRunFile() createSuccessfulRunFile()
{ {
echo "LibrePortal last ran on : $(date)" | runInstallWrite "$docker_dir/run.txt" sudo echo "LibrePortal last ran on :" $(date) > $docker_dir/run.txt
} }

View File

@ -64,7 +64,7 @@ runReinstall()
# Try HTTPS first # Try HTTPS first
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTPS_REPO_URL" "/docker/install" 2>/dev/null; then if sudo -u $sudo_user_name git clone -q "$AUTH_HTTPS_REPO_URL" "/docker/install" 2>/dev/null; then
runSystem cp -f /docker/install/init.sh /root/ sudo cp -f /docker/install/init.sh /root/
echo "SUCCESS: Git repository cloned via HTTPS into /docker/install." echo "SUCCESS: Git repository cloned via HTTPS into /docker/install."
echo "" echo ""
echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command." echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command."
@ -72,7 +72,7 @@ runReinstall()
else else
# If HTTPS fails, try HTTP # If HTTPS fails, try HTTP
if sudo -u $sudo_user_name git clone -q "$AUTH_HTTP_REPO_URL" "/docker/install" 2>/dev/null; then if sudo -u $sudo_user_name git clone -q "$AUTH_HTTP_REPO_URL" "/docker/install" 2>/dev/null; then
runSystem cp -f /docker/install/init.sh /root/ sudo cp -f /docker/install/init.sh /root/
echo "SUCCESS: Git repository cloned via HTTP into /docker/install." echo "SUCCESS: Git repository cloned via HTTP into /docker/install."
echo "" echo ""
echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command." echo "SUCCESS: Reinstallation complete, you can now run the "libreportal run" command."

View File

@ -9,13 +9,12 @@ isSetupWizardComplete()
setupWizardMarkComplete() setupWizardMarkComplete()
{ {
# .setup_complete lives in the docker-install-owned frontend/data -> runFileOp sudo touch "$SETUP_LOCK_FILE" 2>/dev/null
# (created as that user; no root, no chown). sudo chown "$sudo_user_name:$sudo_user_name" "$SETUP_LOCK_FILE" 2>/dev/null
runFileOp touch "$SETUP_LOCK_FILE" 2>/dev/null sudo chmod 644 "$SETUP_LOCK_FILE" 2>/dev/null
runFileOp chmod 644 "$SETUP_LOCK_FILE" 2>/dev/null
} }
setupWizardReset() setupWizardReset()
{ {
runFileOp rm -f "$SETUP_LOCK_FILE" 2>/dev/null sudo rm -f "$SETUP_LOCK_FILE" 2>/dev/null
} }