meatbag/baseimage-alpine
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Integrate changes from Edge PR #123

Browse source
This commit is contained in:
TheSpad 2022-08-28 12:55:22 +01:00
parent 595c036d6d
commit 7519dd8f97
No known key found for this signature in database
GPG key ID: 08F06191F4587860
8 changed files with 285 additions and 269 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

370
root/docker-mods
View file

@ -1,221 +1,215 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
#shellcheck disable=SC2120
# Set executable bit on cont-init and services built into the image # Set executable bit on cont-init and services built into the image
set_legacy_executable_bits () { set_legacy_executable_bits() {
mkdir -p /etc/{cont-init.d,services.d} mkdir -p /etc/{cont-init.d,services.d}
chmod +x \ chmod +x \
/etc/cont-init.d/* \ /etc/cont-init.d/* \
/etc/services.d/*/* 2> /dev/null || true /etc/services.d/*/* 2>/dev/null || true
} }
# Tamper check legacy custom service locations # Tamper check legacy custom service locations
tamper_check () { tamper_check() {
if ([ -d "/config/custom-services.d" ] && [ -n "$(find /config/custom-services.d ! -user root)" ]); then if [[ -d "/config/custom-services.d" ]] && [[ -n "$(find /config/custom-services.d ! -user root)" ]]; then
echo "**** Potential tampering with custom scripts detected ****" echo "**** Potential tampering with custom scripts detected ****"
randstr=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo;) randstr=$(
mv "/config/custom-services.d" "/config/custom-services.d.${randstr}" tr </dev/urandom -dc _A-Z-a-z-0-9 | head -c8
echo "**** Folder /config/custom-services.d is moved to /config/custom-services.d.${randstr} ****" echo
echo "**** The folder '/config/custom-services.d' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****" )
mkdir -p /config/custom-services.d mv "/config/custom-services.d" "/config/custom-services.d.${randstr}"
chown 0:0 /config/custom-services.d echo "**** Folder /config/custom-services.d is moved to /config/custom-services.d.${randstr} ****"
elif ([ -d "/config/custom-services.d" ] && [ -n "$(find /config/custom-services.d -perm -o+w)" ]); then echo "**** The folder '/config/custom-services.d' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****"
echo "**** The folder '/config/custom-services.d' or some of its contents have write permissions for others, which is a security risk. ****" mkdir -p /config/custom-services.d
echo "**** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****" chown 0:0 /config/custom-services.d
fi elif [[ -d "/config/custom-services.d" ]] && [[ -n "$(find /config/custom-services.d -perm -o+w)" ]]; then
echo "**** The folder '/config/custom-services.d' or some of its contents have write permissions for others, which is a security risk. ****"
echo "**** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
} }
# Process Custom Services # Process Custom Services
process_custom_services() { process_custom_services() {
SERVICES_DIR_OLD="/config/custom-services.d" SERVICES_DIR_OLD="/config/custom-services.d"
SERVICES_DIR="/custom-services.d" SERVICES_DIR="/custom-services.d"
# Remove all existing custom services before continuing to ensure # Remove all existing custom services before continuing to ensure
# we aren't running anything the user may have removed # we aren't running anything the user may have removed
if [ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]; then if [[ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]]; then
echo "[custom-init] removing existing custom services..." echo "[custom-init] removing existing custom services..."
rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-* rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-*
fi fi
if { [ -z "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]; } && \ if [[ -z "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]] &&
{ [ -z "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]; }; then [[ -z "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] no custom services found, skipping..." echo "[custom-init] no custom services found, skipping..."
return return
fi fi
# Make sure custom service directory exists and has files in it # Make sure custom service directory exists and has files in it
if { [ -e "${SERVICES_DIR}" ] && [ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]; }; then if [[ -e "${SERVICES_DIR}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]]; then
if [ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]; then
echo "[custom-init] service files found in ${SERVICES_DIR}" echo "[custom-init] service files found in ${SERVICES_DIR}"
for SERVICE in ${SERVICES_DIR}/*; do for SERVICE in "${SERVICES_DIR}"/*; do
NAME="$(basename "${SERVICE}")" NAME="$(basename "${SERVICE}")"
if [ -f "${SERVICE}" ]; then if [[ -f "${SERVICE}" ]]; then
echo "[custom-init] ${NAME}: service detected, copying..." echo "[custom-init] ${NAME}: service detected, copying..."
mkdir -p /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/ mkdir -p /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/
cp "${SERVICE}" /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run cp "${SERVICE}" /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
chmod +x /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run chmod +x /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
echo "longrun" > /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/type echo "longrun" >/etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/type
touch /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/init-services touch /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/init-services
touch /etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/custom-svc-"${NAME}" touch /etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/custom-svc-"${NAME}"
echo "[custom-init] ${NAME}: copied" echo "[custom-init] ${NAME}: copied"
elif [ ! -f "${SERVICE}" ]; then elif [[ ! -f "${SERVICE}" ]]; then
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
fi fi
fi
if { [ -e "${SERVICES_DIR_OLD}" ] && [ -n "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]; }; then if [[ -e "${SERVICES_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
if [ -n "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]; then
echo "[custom-init] service files found in ${SERVICES_DIR_OLD}" echo "[custom-init] service files found in ${SERVICES_DIR_OLD}"
for SERVICE in ${SERVICES_DIR_OLD}/*; do for SERVICE in "${SERVICES_DIR_OLD}"/*; do
NAME="$(basename "${SERVICE}")" NAME="$(basename "${SERVICE}")"
if [ -f "${SERVICE}" ]; then if [[ -f "${SERVICE}" ]]; then
echo "[custom-init] ${NAME}: service detected, copying..." echo "[custom-init] ${NAME}: service detected, copying..."
mkdir -p /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/ mkdir -p /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/
cp "${SERVICE}" /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run cp "${SERVICE}" /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
chmod +x /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run chmod +x /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/run
echo "longrun" > /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/type echo "longrun" >/etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/type
touch /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/init-services touch /etc/s6-overlay/s6-rc.d/custom-svc-"${NAME}"/dependencies.d/init-services
touch /etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/custom-svc-"${NAME}" touch /etc/s6-overlay/s6-rc.d/init-mods-end/dependencies.d/custom-svc-"${NAME}"
echo "[custom-init] ${NAME}: copied" echo "[custom-init] ${NAME}: copied"
elif [ ! -f "${SERVICE}" ]; then elif [[ ! -f "${SERVICE}" ]]; then
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
fi fi
fi
} }
# Check for curl # Check for curl
curl_check () { curl_check() {
if [ ! -f /usr/bin/curl ] || [ ! -f /usr/bin/jq ]; then if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then
echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing" echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing"
if [ -f /usr/bin/apt ]; then if [[ -f /usr/bin/apt ]]; then
## Ubuntu ## Ubuntu
apt-get update apt-get update
apt-get install --no-install-recommends -y \ apt-get install --no-install-recommends -y \
curl \ curl \
jq jq
elif [ -f /sbin/apk ]; then elif [[ -f /sbin/apk ]]; then
# Alpine # Alpine
apk add --no-cache \ apk add --no-cache \
curl \ curl \
jq jq
fi
fi fi
fi
} }
# Use different filtering depending on URL # Use different filtering depending on URL
get_blob_sha () { get_blob_sha() {
if [[ $1 == "ghcr" ]]; then if [[ $1 == "ghcr" ]]; then
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
--location \ --location \
--request GET \ --request GET \
--header "Authorization: Bearer $2" \ --header "Authorization: Bearer $2" \
$3 | jq -r '.layers[0].digest' "$3" | jq -r '.layers[0].digest'
else else
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
--location \ --location \
--request GET \ --request GET \
--header "Authorization: Bearer $2" \ --header "Authorization: Bearer $2" \
$3 | jq -r '.fsLayers[0].blobSum' "$3" | jq -r '.fsLayers[0].blobSum'
fi fi
} }
# Main run logic # Main run logic
run_mods () { run_mods() {
echo "[mod-init] Attempting to run Docker Modification Logic" echo "[mod-init] Attempting to run Docker Modification Logic"
IFS='|' for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
DOCKER_MODS=(${DOCKER_MODS}) # Support alternative endpoints
for DOCKER_MOD in "${DOCKER_MODS[@]}"; do if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then
# Support alternative endpoints DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}"
if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then ENDPOINT="${DOCKER_MOD%%:*}"
DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}" USERNAME="${DOCKER_MOD%%/*}"
ENDPOINT="${DOCKER_MOD%%:*}" REPO="${ENDPOINT#*/}"
USERNAME="${DOCKER_MOD%%/*}" TAG="${DOCKER_MOD#*:}"
REPO="${ENDPOINT#*/}" if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
TAG="${DOCKER_MOD#*:}" TAG="latest"
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then fi
TAG="latest" FILENAME="${USERNAME}.${REPO}.${TAG}"
fi AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull"
FILENAME="${USERNAME}.${REPO}.${TAG}" MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}"
AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull" BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/"
MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}" MODE="ghcr"
BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/"
MODE="ghcr"
else
ENDPOINT="${DOCKER_MOD%%:*}"
USERNAME="${DOCKER_MOD%%/*}"
REPO="${ENDPOINT#*/}"
TAG="${DOCKER_MOD#*:}"
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
TAG="latest"
fi
FILENAME="${USERNAME}.${REPO}.${TAG}"
AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}"
BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
MODE="dockerhub"
fi
# Kill off modification logic if any of the usernames are banned
BLACKLIST=$(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt)
IFS=$'\n'
BLACKLIST=(${BLACKLIST})
for BANNED in "${BLACKLIST[@]}"; do
if [ "${BANNED}" == "${USERNAME,,}" ]; then
if [ -z ${RUN_BANNED_MODS+x} ]; then
echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
return
else else
echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied" ENDPOINT="${DOCKER_MOD%%:*}"
USERNAME="${DOCKER_MOD%%/*}"
REPO="${ENDPOINT#*/}"
TAG="${DOCKER_MOD#*:}"
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
TAG="latest"
fi
FILENAME="${USERNAME}.${REPO}.${TAG}"
AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}"
BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
MODE="dockerhub"
fi
# Kill off modification logic if any of the usernames are banned
for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do
if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then
if [[ -z ${RUN_BANNED_MODS+x} ]]; then
echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
return
else
echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied"
fi
fi
done
echo "[mod-init] Applying ${DOCKER_MOD} files to container"
# Get Dockerhub token for api operations
TOKEN="$(
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \
--header 'GET' \
"${AUTH_URL}" |
jq -r '.token'
)"
# Determine first and only layer of image
SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}")
# Check if we have allready applied this layer
if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then
echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
else
# Download and extract layer to /
curl -f --retry 10 --retry-max-time 60 --retry-all-errors \
--silent \
--location \
--request GET \
--header "Authorization: Bearer ${TOKEN}" \
"${BLOB_URL}${SHALAYER}" -o \
/modtarball.tar.xz
mkdir -p /tmp/mod
tar xzf /modtarball.tar.xz -C /tmp/mod
if [[ -d /tmp/mod/etc/s6-overlay ]]; then
if [[ -d /tmp/mod/etc/cont-init.d ]]; then
rm -rf /tmp/mod/etc/cont-init.d
fi
if [[ -d /tmp/mod/etc/services.d ]]; then
rm -rf /tmp/mod/etc/services.d
fi
fi
shopt -s dotglob
cp -R /tmp/mod/* /
shopt -u dotglob
rm -rf /tmp/mod
rm -rf /modtarball.tar.xz
echo "${SHALAYER}" >"/${FILENAME}"
echo "[mod-init] ${DOCKER_MOD} applied to container"
fi fi
fi
done done
echo "[mod-init] Applying ${DOCKER_MOD} files to container"
# Get Dockerhub token for api operations
TOKEN="$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \
--header 'GET' \
"${AUTH_URL}" \
| jq -r '.token' \
)"
# Determine first and only layer of image
SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}")
# Check if we have allready applied this layer
if [ -f "/${FILENAME}" ] && [ "${SHALAYER}" == "$(cat /${FILENAME})" ]; then
echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
else
# Download and extract layer to /
curl -f --retry 10 --retry-max-time 60 --retry-all-errors \
--silent \
--location \
--request GET \
--header "Authorization: Bearer ${TOKEN}" \
"${BLOB_URL}${SHALAYER}" -o \
/modtarball.tar.xz
mkdir -p /tmp/mod
tar xzf /modtarball.tar.xz -C /tmp/mod
if [ -d /tmp/mod/etc/s6-overlay ]; then
if [ -d /tmp/mod/etc/cont-init.d ]; then
rm -rf /tmp/mod/etc/cont-init.d
fi
if [ -d /tmp/mod/etc/services.d ]; then
rm -rf /tmp/mod/etc/services.d
fi
fi
shopt -s dotglob
cp -R /tmp/mod/* /
shopt -u dotglob
rm -rf /tmp/mod
rm -rf /modtarball.tar.xz
echo ${SHALAYER} > "/${FILENAME}"
echo "[mod-init] ${DOCKER_MOD} applied to container"
fi
done
} }
# Tamper check legacy services # Tamper check legacy services
@ -225,7 +219,7 @@ tamper_check
process_custom_services process_custom_services
# Run mod logic # Run mod logic
if [ -n "${DOCKER_MODS+x}" ]; then if [[ -n "${DOCKER_MODS+x}" ]]; then
curl_check curl_check
run_mods run_mods
fi fi

5
root/etc/s6-overlay/s6-rc.d/init-adduser/run
View file

@ -1,4 +1,5 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
PUID=${PUID:-911} PUID=${PUID:-911}
PGID=${PGID:-911} PGID=${PGID:-911}
@ -37,7 +38,7 @@ User gid: $(id -g abc)
time32="$(date +%Y)" time32="$(date +%Y)"
if [[ "${time32}" == "1970" || "${time32}" == "1969" ]] && [ "$(uname -m)" == "armv7l" ]; then if [[ "${time32}" == "1970" || "${time32}" == "1969" ]] && [ "$(uname -m)" == "armv7l" ]; then
echo ' echo '
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Your DockerHost is running an outdated version of libseccomp Your DockerHost is running an outdated version of libseccomp
@ -48,7 +49,7 @@ Apps will not behave correctly without this
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
' '
sleep infinity sleep infinity
fi fi
chown abc:abc /app chown abc:abc /app

70
root/etc/s6-overlay/s6-rc.d/init-custom-files/run
View file

@ -1,4 +1,5 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Directories # Directories
SCRIPTS_DIR_OLD="/config/custom-cont-init.d" SCRIPTS_DIR_OLD="/config/custom-cont-init.d"
@ -6,51 +7,64 @@ SCRIPTS_DIR="/custom-cont-init.d"
SERVICES_DIR_OLD="/config/custom-services.d" SERVICES_DIR_OLD="/config/custom-services.d"
# Tamper check legacy custom script locations
if [[ -d "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(find ${SCRIPTS_DIR_OLD} ! -user root)" ]]; then
echo "**** Potential tampering with custom scripts detected ****"
randstr=$(
tr </dev/urandom -dc _A-Z-a-z-0-9 | head -c8
echo
)
mv "${SCRIPTS_DIR_OLD}" "${SCRIPTS_DIR_OLD}.${randstr}"
echo "**** Folder ${SCRIPTS_DIR_OLD} is moved to ${SCRIPTS_DIR_OLD}.${randstr} ****"
echo "**** The folder '${SCRIPTS_DIR_OLD}' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****"
mkdir -p ${SCRIPTS_DIR_OLD}
chown 0:0 ${SCRIPTS_DIR_OLD}
elif [[ -d "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(find ${SCRIPTS_DIR_OLD} -perm -o+w)" ]]; then
echo "**** The folder '${SCRIPTS_DIR_OLD}' or some of its contents have write permissions for others, which is a security risk. ****"
echo "**** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
# chown legacy folders if they exist # chown legacy folders if they exist
if [ -e "${SCRIPTS_DIR_OLD}" ]; then if [[ -e "${SCRIPTS_DIR_OLD}" ]]; then
chown -R 0:0 "${SCRIPTS_DIR_OLD}" chown -R 0:0 "${SCRIPTS_DIR_OLD}"
fi fi
# chown legacy folders if they exist # chown legacy folders if they exist
if [ -e "${SERVICES_DIR_OLD}" ]; then if [[ -e "${SERVICES_DIR_OLD}" ]]; then
chown -R 0:0 "${SERVICES_DIR_OLD}" chown -R 0:0 "${SERVICES_DIR_OLD}"
fi fi
if { [ -z "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]; } && \ if [[ -z "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]] &&
{ [ -z "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]; }; then [[ -z "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] no custom files found, skipping..." echo "[custom-init] no custom files found, skipping..."
exit 0 exit 0
fi fi
# Make sure custom init directory exists and has files in it # Make sure custom init directory exists and has files in it
if { [ -e "${SCRIPTS_DIR}" ] && [ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]; }; then if [[ -e "${SCRIPTS_DIR}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]]; then
if [ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]; then echo "[custom-init] files found, executing"
echo "[custom-init] files found, executing" for SCRIPT in "${SCRIPTS_DIR}"/*; do
for SCRIPT in ${SCRIPTS_DIR}/*; do
NAME="$(basename "${SCRIPT}")" NAME="$(basename "${SCRIPT}")"
if [ -f "${SCRIPT}" ]; then if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..." echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}" /bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?" echo "[custom-init] ${NAME}: exited $?"
elif [ ! -f "${SCRIPT}" ]; then elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
fi
fi fi
if { [ -e "${SCRIPTS_DIR_OLD}" ] && [ -n "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]; }; then if [[ -e "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
if [ -n "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]; then echo "[custom-init] files found, executing"
echo "[custom-init] files found, executing" for SCRIPT in "${SCRIPTS_DIR_OLD}"/*; do
for SCRIPT in ${SCRIPTS_DIR_OLD}/*; do
NAME="$(basename "${SCRIPT}")" NAME="$(basename "${SCRIPT}")"
if [ -f "${SCRIPT}" ]; then if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..." echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}" /bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?" echo "[custom-init] ${NAME}: exited $?"
elif [ ! -f "${SCRIPT}" ]; then elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
fi
fi fi

29
root/etc/s6-overlay/s6-rc.d/init-envfile/run
View file

@ -1,16 +1,17 @@
#! /bin/bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [[ "$(ls /var/run/s6/container_environment/ | xargs)" == *"FILE__"* ]]; then if [[ "$(find /var/run/s6/container_environment/ -maxdepth 1 -print0 | xargs)" == *"FILE__"* ]]; then
for FILENAME in /var/run/s6/container_environment/*; do for FILENAME in /var/run/s6/container_environment/*; do
if [[ "${FILENAME##*/}" == "FILE__"* ]]; then if [[ "${FILENAME##*/}" == "FILE__"* ]]; then
SECRETFILE=$(cat ${FILENAME}) SECRETFILE=$(cat "${FILENAME}")
if [[ -f ${SECRETFILE} ]]; then if [[ -f ${SECRETFILE} ]]; then
FILESTRIP=${FILENAME//FILE__/} FILESTRIP=${FILENAME//FILE__/}
cat ${SECRETFILE} > ${FILESTRIP} cat "${SECRETFILE}" >"${FILESTRIP}"
echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}" echo "[env-init] ${FILESTRIP##*/} set from ${FILENAME##*/}"
else else
echo "[env-init] cannot find secret in ${FILENAME##*/}" echo "[env-init] cannot find secret in ${FILENAME##*/}"
fi fi
fi fi
done done
fi fi

38
root/etc/s6-overlay/s6-rc.d/init-migrations/run
View file

@ -1,4 +1,5 @@
#!/bin/bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
MIGRATIONS_DIR="/migrations" MIGRATIONS_DIR="/migrations"
MIGRATIONS_HISTORY="/config/.migrations" MIGRATIONS_HISTORY="/config/.migrations"
@ -6,25 +7,28 @@ MIGRATIONS_HISTORY="/config/.migrations"
echo "[migrations] started" echo "[migrations] started"
if [[ ! -d ${MIGRATIONS_DIR} ]]; then if [[ ! -d ${MIGRATIONS_DIR} ]]; then
echo "[migrations] no migrations found" echo "[migrations] no migrations found"
exit exit
fi fi
for MIGRATION in $(find ${MIGRATIONS_DIR}/* | sort -n); do for MIGRATION in $(find ${MIGRATIONS_DIR}/* | sort -n); do
NAME="$(basename "${MIGRATION}")" NAME="$(basename "${MIGRATION}")"
if [[ -f ${MIGRATIONS_HISTORY} ]] && grep -Fxq "${NAME}" ${MIGRATIONS_HISTORY}; then if [[ -f ${MIGRATIONS_HISTORY} ]] && grep -Fxq "${NAME}" ${MIGRATIONS_HISTORY}; then
echo "[migrations] ${NAME}: skipped" echo "[migrations] ${NAME}: skipped"
continue continue
fi fi
echo "[migrations] ${NAME}: executing..." echo "[migrations] ${NAME}: executing..."
chmod +x "${MIGRATION}" chmod +x "${MIGRATION}"
EXIT_CODE=$(/bin/bash "${MIGRATION}"; echo $?) EXIT_CODE=$(
if [[ ${EXIT_CODE} -ne 0 ]]; then /bin/bash "${MIGRATION}"
echo "[migrations] ${NAME}: failed with exit code ${EXIT_CODE}, contact support" echo $?
exit "${EXIT_CODE}" )
fi if [[ ${EXIT_CODE} -ne 0 ]]; then
echo "${NAME}" >> ${MIGRATIONS_HISTORY} echo "[migrations] ${NAME}: failed with exit code ${EXIT_CODE}, contact support"
echo "[migrations] ${NAME}: succeeded" exit "${EXIT_CODE}"
fi
echo "${NAME}" >>${MIGRATIONS_HISTORY}
echo "[migrations] ${NAME}: succeeded"
done done
echo "[migrations] done" echo "[migrations] done"

23
root/etc/s6-overlay/s6-rc.d/init-mods-package-install/run
View file

@ -1,33 +1,34 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [ -f "/mod-repo-packages-to-install.list" ]; then if [[ -f "/mod-repo-packages-to-install.list" ]]; then
echo "**** Installing all mod packages ****" echo "**** Installing all mod packages ****"
if [ -f /usr/bin/apt ]; then if [[ -f /usr/bin/apt ]]; then
export DEBIAN_FRONTEND="noninteractive" export DEBIAN_FRONTEND="noninteractive"
apt-get update apt-get update
apt-get install -y --no-install-recommends \ apt-get install -y --no-install-recommends \
$(cat /mod-repo-packages-to-install.list) "$(cat /mod-repo-packages-to-install.list)"
elif [ -f /sbin/apk ]; then elif [[ -f /sbin/apk ]]; then
apk add --no-cache \ apk add --no-cache \
$(cat /mod-repo-packages-to-install.list) "$(cat /mod-repo-packages-to-install.list)"
fi fi
fi fi
if [ -f "/mod-pip-packages-to-install.list" ]; then if [[ -f "/mod-pip-packages-to-install.list" ]]; then
echo "**** Installing all pip packages ****" echo "**** Installing all pip packages ****"
python3 -m pip install -U pip wheel setuptools python3 -m pip install -U pip wheel setuptools
if [ -f /usr/bin/apt ]; then if [[ -f /usr/bin/apt ]]; then
PIP_ARGS="-f https://wheel-index.linuxserver.io/ubuntu/" PIP_ARGS="-f https://wheel-index.linuxserver.io/ubuntu/"
elif [ -f /sbin/apk ]; then elif [[ -f /sbin/apk ]]; then
ALPINE_VER=$(grep main /etc/apk/repositories | sed 's|.*alpine/v||' | sed 's|/main.*||') ALPINE_VER=$(grep main /etc/apk/repositories | sed 's|.*alpine/v||' | sed 's|/main.*||')
if [ "${ALPINE_VER}" = "3.14" ]; then if [[ "${ALPINE_VER}" = "3.14" ]]; then
PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine/" PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine/"
else else
PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine-${ALPINE_VER}/" PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine-${ALPINE_VER}/"
fi fi
fi fi
python3 -m pip install ${PIP_ARGS} \ python3 -m pip install "${PIP_ARGS}" \
$(cat /mod-pip-packages-to-install.list) "$(cat /mod-pip-packages-to-install.list)"
fi fi
rm -rf \ rm -rf \

7
root/etc/s6-overlay/s6-rc.d/init-script-check/run
View file

@ -1,12 +1,13 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
# This doesn't do anything yet # This doesn't do anything yet
exit 0 exit 0
if { [ -n "$(/bin/ls -A "/config/custom-cont-init.d" 2>/dev/null)" ]; } && \ if [[ -n "$(/bin/ls -A "/config/custom-cont-init.d" 2>/dev/null)" ]] &&
{ [ -n "$(/bin/ls -A "/config/custom-services.d" 2>/dev/null)" ]; }; then [[ -n "$(/bin/ls -A "/config/custom-services.d" 2>/dev/null)" ]]; then
cat <<-EOF | tee /config/custom-cont-init.d/README.txt,/config/custom-services.d/README.txt 2>/dev/null cat <<-EOF | tee /config/custom-cont-init.d/README.txt,/config/custom-services.d/README.txt 2>/dev/null
******************************************************** ********************************************************
******************************************************** ********************************************************
* * * *

12
root/usr/bin/with-contenv
View file

@ -1,9 +1,9 @@
#! /bin/bash #!/bin/bash
if [[ -f /var/run/s6/container_environment/UMASK ]] && \ if [[ -f /var/run/s6/container_environment/UMASK ]] &&
{ [[ "$(pwdx $$)" =~ "/run/s6/legacy-services/" ]] || \ { [[ "$(pwdx $$)" =~ "/run/s6/legacy-services/" ]] ||
[[ "$(pwdx $$)" =~ "/run/s6/services/" ]] || \ [[ "$(pwdx $$)" =~ "/run/s6/services/" ]] ||
[[ "$(pwdx $$)" =~ "/servicedirs/svc-" ]]; }; then [[ "$(pwdx $$)" =~ "/servicedirs/svc-" ]]; }; then
umask $(cat /var/run/s6/container_environment/UMASK) umask "$(cat /var/run/s6/container_environment/UMASK)"
fi fi
exec /command/with-contenv "$@" exec /command/with-contenv "$@"