From 4bfd3afba8bf54af3710f06893493a83b1056013 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Sat, 2 Jun 2018 02:25:41 -0600 Subject: [PATCH] explain installer, update system services --- .../LaunchDaemons/cloud.telebit.remote.plist | 57 +++++++++++++++++++ dist/etc/systemd/system/telebit.service | 17 +++--- installer/get.sh | 16 ++++++ installer/install.sh | 53 ++++++++++++++--- var/log/.gitkeep | 0 5 files changed, 127 insertions(+), 16 deletions(-) create mode 100644 dist/Library/LaunchDaemons/cloud.telebit.remote.plist create mode 100644 var/log/.gitkeep diff --git a/dist/Library/LaunchDaemons/cloud.telebit.remote.plist b/dist/Library/LaunchDaemons/cloud.telebit.remote.plist new file mode 100644 index 0000000..e44928a --- /dev/null +++ b/dist/Library/LaunchDaemons/cloud.telebit.remote.plist @@ -0,0 +1,57 @@ + + + + + Label + Telebit Remote + ProgramArguments + + /opt/telebit/bin/node + /opt/telebit/bin/telebit.js + --config + /opt/telebit/etc/telebit.yml + + EnvironmentVariables + + TELEBIT_PATH + /opt/telebit + NODE_PATH + /opt/telebit/lib/node_modules + NPM_CONFIG_PREFIX + /opt/telebit + + + UserName + root + GroupName + wheel + InitGroups + + + RunAtLoad + + KeepAlive + + Crashed + + SuccessfulExit + + + + SoftResourceLimits + + NumberOfFiles + 8192 + + HardResourceLimits + + + WorkingDirectory + /opt/telebit + + StandardErrorPath + /opt/telebit/var/log/error.log + StandardOutPath + /opt/telebit/var/log/info.log + + diff --git a/dist/etc/systemd/system/telebit.service b/dist/etc/systemd/system/telebit.service index a9c1ca5..624ed6a 100644 --- a/dist/etc/systemd/system/telebit.service +++ b/dist/etc/systemd/system/telebit.service @@ -23,16 +23,16 @@ User=telebit Group=telebit WorkingDirectory=/opt/telebit -# custom directory cannot be set and will be the place where gitea exists, not the working directory -ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /etc/telebit/telebit.yml +# custom directory cannot be set and will be the place where this exists, not the working directory +ExecStart=/opt/telebit/bin/node /opt/telebit/bin/telebit.js --config /opt/telebit/etc/telebit.yml ExecReload=/bin/kill -USR1 $MAINPID # Limit the number of file descriptors and processes; see `man systemd.exec` for more limit settings. -# Unmodified gitea is not expected to use more than this. +# Unmodified, this is not expected to use more than this. LimitNOFILE=1048576 LimitNPROC=64 -# Use private /tmp and /var/tmp, which are discarded after gitea stops. +# Use private /tmp and /var/tmp, which are discarded after this stops. PrivateTmp=true # Use a minimal /dev PrivateDevices=true @@ -40,17 +40,16 @@ PrivateDevices=true ProtectHome=true # Make /usr, /boot, /etc and possibly some more folders read-only. ProtectSystem=full -# ... except /opt/gitea because we want a place for the database -# and /var/log/gitea because we want a place where logs can go. +# ... except /opt/telebit because we want a place for config, logs, etc # This merely retains r/w access rights, it does not add any new. # Must still be writable on the host! -ReadWriteDirectories=/opt/telebit /etc/telebit +ReadWriteDirectories=/opt/telebit # Note: in v231 and above ReadWritePaths has been renamed to ReadWriteDirectories -; ReadWritePaths=/opt/telebit /etc/telebit +; ReadWritePaths=/opt/telebit # The following additional security directives only work with systemd v229 or later. -# They further retrict privileges that can be gained by gitea. +# They further retrict privileges that can be gained. # Note that you may have to add capabilities required by any plugins in use. CapabilityBoundingSet=CAP_NET_BIND_SERVICE AmbientCapabilities=CAP_NET_BIND_SERVICE diff --git a/installer/get.sh b/installer/get.sh index 7849c92..f44e8f2 100644 --- a/installer/get.sh +++ b/installer/get.sh @@ -1,6 +1,22 @@ #!/bin/bash #

 
+# This script does exactly 3 things for 1 good reason:
+#
+# What this does:
+#
+#   1. Detects either curl or wget and wraps them in helpers
+#   2. Exports the helpers for the real installer
+#   3. Downloads and runs the real installer
+#
+# Why
+#
+#   1. 'curl  | bash -- some args here` breaks interactive input
+#       See https://stackoverflow.com/questions/16854041/bash-read-is-being-skipped-when-run-from-curl-pipe
+#
+#   2.  It also has practical risks of running a partially downloaded script, which could be dangeresque
+#       See https://news.ycombinator.com/item?id=12767636
+
 set -e
 set -u
 
diff --git a/installer/install.sh b/installer/install.sh
index 382714c..a485118 100644
--- a/installer/install.sh
+++ b/installer/install.sh
@@ -1,10 +1,29 @@
 #!/bin/bash
 #

 
-# This is a 3 step process
-#   1. First we need to figure out whether to use wget or curl for fetching remote files
-#   2. Next we need to figure out whether to use unzip or tar for downloading releases
-#   3. We need to actually install the stuff
+# What does this do.. and why?
+# (and why is it so complicated?)
+#
+# What this does
+#
+#   1. Sets some vars and asks some questions
+#   2. Installs everything into a single place
+#      (inculding deps like node.js, with the correct version)
+#   3. Depending on OS, creates a user for the service
+#   4. Depending on OS, register with system launcher
+#
+# Why
+#
+#   So that you can get a fully configured, running product,
+#   with zero manual configuration in a matter of seconds -
+#   and have an uninstall that's just as easy.
+#
+# Why so complicated?
+#
+#  To support nuance differences between various versions of
+#  Linux, macOS, and Android, including whether it's being
+#  installed with user privileges, as root, wit a system user
+#  system daemon launcher, etc.
 
 set -e
 set -u
@@ -20,6 +39,8 @@ my_app="telebit"
 my_bin="telebit.js"
 my_name="Telebit Remote"
 my_repo="telebit.js"
+my_root=${my_root:-} # todo better install script
+sudo_cmd="sudo"
 
 if [ -z "${my_email}" ]; then
   echo ""
@@ -136,10 +157,28 @@ if type -p setcap >/dev/null 2>&1; then
 fi
 set -e
 
-if [ -z "$(cat /etc/passwd | grep $my_user)" ]; then
-  echo "sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user"
-  sudo adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
+set +e
+# TODO for macOS https://apple.stackexchange.com/questions/286749/how-to-add-a-user-from-the-command-line-in-macos
+if type -p adduser >/dev/null 2>/dev/null; then
+  if [ -z "$(cat $my_root/etc/passwd | grep $my_user)" ]; then
+    $sudo_cmd adduser --home $TELEBIT_PATH --gecos '' --disabled-password $my_user >/dev/null 2>&1
+  fi
+  #my_user=$my_app_name
+  my_group=$my_user
+elif [ -n "$(cat /etc/passwd | grep www-data:)" ]; then
+  # Linux (Ubuntu)
+  my_user=www-data
+  my_group=www-data
+elif [ -n "$(cat /etc/passwd | grep _www:)" ]; then
+  # Mac
+  my_user=_www
+  my_group=_www
+else
+  # Unsure
+  my_user=$(id -u -n) # $(whoami)
+  my_group=$(id -g -n)
 fi
+set -e
 
 my_config="$TELEBIT_PATH/etc/$my_app.yml"
 mkdir -p "$(dirname $my_config)"
diff --git a/var/log/.gitkeep b/var/log/.gitkeep
new file mode 100644
index 0000000..e69de29