librelad 8b14f26125 refactor(desudo): route scattered runtime sudo through privilege helpers
Convert the remaining ad-hoc 'sudo' calls across the data plane to the
run_privileged helpers so every file op lands as the correct owner with
no blanket root:

- DB/configs (manager-owned): db_list_all_apps, delete_db_file,
  install_sqlite, cli_webui_commands -> runInstallOp
- containers (dockerinstall-owned): scan_container_socket, delete_data,
  webui_task_files, webui_app_log, webui_config_patch,
  application_missing_variables, uninstall_app -> runFileOp/runFileWrite
- genuine root: passwd, tailscale, ufw-docker, sysctl grep, systemd
  unit read, authorized_keys read, nobody chown -> runSystem
- interactive editors and 'id -u': drop sudo entirely (run as caller)
- owncloud/adguard container-UID config edits -> runSystem (funnel;
  docker-exec rework deferred)

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-24 18:00:19 +01:00

123 lines
4.6 KiB
Bash
Executable File

#!/bin/bash
dockerUninstallApp()
{
local app_name="$1"
# Optional: delete the app's docker images too. Default false so a
# plain `libreportal app uninstall <app>` keeps cached images for a
# quick reinstall. The WebUI's Uninstall modal exposes this as the
# "Also delete docker image" checkbox.
local delete_images="${2:-false}"
local delete_tasks="${3:-false}"
local stored_app_name=$app_name
if [[ "$stored_app_name" == "" ]]; then
isError "No app_name provided, unable to continue..."
else
isHeader "Uninstalling $stored_app_name"
initializeAppVariables $stored_app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Removing app where docker compose is installed"
echo ""
dockerComposeDownRemove $stored_app_name;
# App-specific uninstall hook. Host-installed apps (and any app needing
# teardown beyond the generic docker/DB cleanup) define an uninstall<App>
# function — it runs the app-specific bits (apt purge, systemd units,
# cscli state, ...) while the shared compose/data/DB/WebUI teardown below
# stays generic. The CLI and menu both route uninstalls through here, so
# this is the single point every uninstall passes through.
local app_name_ucfirst="$(tr '[:lower:]' '[:upper:]' <<< ${stored_app_name:0:1})${stored_app_name:1}"
local uninstallFuncName="uninstall${app_name_ucfirst}"
if declare -f "$uninstallFuncName" >/dev/null 2>&1; then
((menu_number++))
echo ""
echo "---- $menu_number. Running $stored_app_name-specific uninstall steps"
echo ""
"$uninstallFuncName"
fi
((menu_number++))
echo ""
if [[ "$delete_images" == "true" ]]; then
echo "---- $menu_number. Removing Docker images for the app"
echo ""
dockerRemoveAppImages $stored_app_name;
else
echo "---- $menu_number. Keeping Docker images (pass --delete-images to remove)"
echo ""
isNotice "Docker images for '$stored_app_name' left in place. A reinstall will reuse them."
fi
((menu_number++))
echo ""
echo "---- $menu_number. Deleting all app data from docker folder"
echo ""
dockerDeleteData $stored_app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Removing unused Docker networks."
echo ""
dockerPruneAppNetworks $stored_app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Removing app from the database"
echo ""
ipRemoveFromDatabase $stored_app_name;
portsRemoveFromDatabase $stored_app_name;
databaseUninstallApp $stored_app_name;
((menu_number++))
echo ""
echo "---- $menu_number. Updating the WebUI config file."
echo ""
webuiContainerSetup $stored_app_name uninstall;
if [[ $(dockerCheckAppInstalled "gluetun" "docker") == "installed" ]]; then
tagsProcessorGluetunForwardedPorts
fi
if [[ "$delete_tasks" == "true" ]]; then
((menu_number++))
echo ""
echo "---- $menu_number. Removing related task history"
echo ""
local _tasks_dir="${containers_dir}libreportal/frontend/data/tasks"
local _removed=0
if [[ -d "$_tasks_dir" ]]; then
for _tf in "$_tasks_dir"/task_*.json; do
[[ ! -f "$_tf" ]] && continue
# Skip in-flight tasks — that includes the uninstall task
# we're currently inside, plus anything queued or running.
if runFileOp grep -qE "\"status\"[[:space:]]*:[[:space:]]*\"(running|queued|pending)\"" "$_tf" 2>/dev/null; then
continue
fi
if runFileOp grep -q "\"app\"[[:space:]]*:[[:space:]]*\"${stored_app_name}\"" "$_tf" 2>/dev/null; then
local _id=$(basename "$_tf" .json)
runFileOp rm -f "$_tf" "$_tasks_dir/${_id}.log" "$_tasks_dir/${_id}.cancel" 2>/dev/null
_removed=$((_removed + 1))
fi
done
fi
isSuccessful "Removed $_removed task record(s) for $stored_app_name (in-flight task left for the WebUI to clean up after completion)."
fi
((menu_number++))
echo ""
isSuccessful "$stored_app_name has been removed from your system!"
echo ""
menu_number=0
cd
fi
}