mirror
/
docker-baseimage-ubuntu
kopia lustrzana https://github.com/linuxserver/docker-baseimage-ubuntu
1
0
Forkuj 0
Kod Zgłoszenia Packages Projekty Wydania Wiki Aktywność

Merge pull request #119 from linuxserver/jammy-custom-rework

pull/111/head jammy-cd65f39a-ls39
Adam 2022-09-10 10:46:45 +01:00 zatwierdzone przez GitHub
rodzic 1fe03df8ea aecc9fab2c
commit 9ab0ba6aee
Nie znaleziono w bazie danych klucza dla tego podpisu
ID klucza GPG: 4AEE18F83AFDEB23
6 zmienionych plików z 345 dodań i 257 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

384
root/docker-mods
Wyświetl plik

@ -1,31 +1,76 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Set executable bit on cont-init and services built into the image # Set executable bit on cont-init and services built into the image
set_legacy_executable_bits() { set_legacy_executable_bits() {
mkdir -p /etc/{cont-init.d,services.d} mkdir -p /etc/{cont-init.d,services.d}
chmod +x \ chmod +x \
/etc/cont-init.d/* \ /etc/cont-init.d/* \
/etc/services.d/*/* 2> /dev/null || true /etc/services.d/*/* 2>/dev/null || true
} }
set_legacy_executable_bits
SERVICES_DIR_OLD="/config/custom-services.d" tamper_check() {
SERVICES_DIR="/custom-services.d" #Tamper check custom service locations
if [[ -d "${SERVICES_DIR}" ]] && [[ -n "$(find ${SERVICES_DIR}/* ! -user root)" ]]; then
echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' are not owned by root, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
elif [[ -d "${SERVICES_DIR}" ]] && [[ -n "$(find ${SERVICES_DIR}/* -perm -o+w)" ]]; then
echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' have write permissions for others, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
#Tamper check custom script locations
if [[ -d "${SCRIPTS_DIR}" ]] && [[ -n "$(find ${SCRIPTS_DIR}/* ! -user root)" ]]; then
echo "[custom-init] **** Some of the contents of the folder '${SCRIPTS_DIR}' are not owned by root, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
elif [[ -d "${SCRIPTS_DIR}" ]] && [[ -n "$(find ${SCRIPTS_DIR}/* -perm -o+w)" ]]; then
echo "[custom-init] **** Some of the contents of the folder '${SCRIPTS_DIR}' have write permissions for others, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
}
# Remove all existing custom services before continuing to ensure tamper_check_legacy() {
# we aren't running anything the user may have removed # Tamper check custom script locations
if [[ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]]; then if [[ -d "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(find ${SCRIPTS_DIR_OLD} ! -user root)" ]]; then
echo "[custom-init] removing existing custom services..." echo "**** Potential tampering with custom scripts detected ****"
rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-* randstr=$(
fi tr </dev/urandom -dc _A-Z-a-z-0-9 | head -c8
echo
)
mv "${SCRIPTS_DIR_OLD}" "${SCRIPTS_DIR_OLD}.${randstr}"
echo "[custom-init] **** Folder ${SCRIPTS_DIR_OLD} is moved to ${SCRIPTS_DIR_OLD}.${randstr} ****"
echo "[custom-init] **** The folder '${SCRIPTS_DIR_OLD}' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****"
elif [[ -d "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(find ${SCRIPTS_DIR_OLD} -perm -o+w)" ]]; then
echo "[custom-init] **** The folder '${SCRIPTS_DIR_OLD}' or some of its contents have write permissions for others, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
# Tamper check custom service locations
if [[ -d "${SERVICES_DIR_OLD}" ]] && [[ -n "$(find ${SERVICES_DIR_OLD} ! -user root)" ]]; then
echo "[custom-init] **** Potential tampering with custom scripts detected ****"
randstr=$(
tr </dev/urandom -dc _A-Z-a-z-0-9 | head -c8
echo
)
mv "${SERVICES_DIR_OLD}" "${SERVICES_DIR_OLD}.${randstr}"
echo "[custom-init] **** Folder ${SERVICES_DIR_OLD} is moved to ${SERVICES_DIR_OLD}.${randstr} ****"
echo "[custom-init] **** The folder '${SERVICES_DIR_OLD}' and its contents need to all be owned by root to prevent root escalation inside the container!!! ****"
elif [[ -d "${SERVICES_DIR_OLD}" ]] && [[ -n "$(find ${SERVICES_DIR_OLD} -perm -o+w)" ]]; then
echo "[custom-init] **** The folder '${SERVICES_DIR_OLD}' or some of its contents have write permissions for others, which is a security risk. ****"
echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****"
fi
}
process_custom_services() {
# Remove all existing custom services before continuing to ensure
# we aren't running anything the user may have removed
if [[ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]]; then
echo "[custom-init] removing existing custom services..."
rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-*
fi
if [[ -z "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]] &&
[[ -z "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] no custom services found, skipping..."
else
# Make sure custom service directory exists and has files in it # Make sure custom service directory exists and has files in it
if [[ -e "${SERVICES_DIR}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]]; then if [[ -e "${SERVICES_DIR}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR} 2>/dev/null)" ]]; then
echo "[custom-init] service files found in ${SERVICES_DIR}" echo "[custom-init] Service files found in ${SERVICES_DIR}"
for SERVICE in "${SERVICES_DIR}"/*; do for SERVICE in "${SERVICES_DIR}"/*; do
NAME="$(basename "${SERVICE}")" NAME="$(basename "${SERVICE}")"
if [[ -f "${SERVICE}" ]]; then if [[ -f "${SERVICE}" ]]; then
@ -41,10 +86,29 @@ else
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
else
echo "[custom-init] No custom services found, skipping..."
fi fi
# Remove legacy folder if it's empty
if [[ -e "${SERVICES_DIR_OLD}" ]] && [[ -z "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] Legacy service folder ${SERVICES_DIR_OLD} is empty, deleting..."
rm -rf "${SERVICES_DIR_OLD}"
fi
}
process_custom_services_legacy() {
# Remove all existing custom services before continuing to ensure
# we aren't running anything the user may have removed
if [[ -n "$(/bin/ls -A /etc/s6-overlay/s6-rc.d/custom-svc-* 2>/dev/null)" ]]; then
echo "[custom-init] removing existing custom services..."
rm -rf /etc/s6-overlay/s6-rc.d/custom-svc-*
fi
# Make sure custom service directory exists and has files in it
if [[ -e "${SERVICES_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then if [[ -e "${SERVICES_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] service files found in ${SERVICES_DIR_OLD}" echo "[custom-init] Service files found in ${SERVICES_DIR_OLD}"
for SERVICE in "${SERVICES_DIR_OLD}"/*; do for SERVICE in "${SERVICES_DIR_OLD}"/*; do
NAME="$(basename "${SERVICE}")" NAME="$(basename "${SERVICE}")"
if [[ -f "${SERVICE}" ]]; then if [[ -f "${SERVICE}" ]]; then
@ -60,142 +124,166 @@ else
echo "[custom-init] ${NAME}: is not a file" echo "[custom-init] ${NAME}: is not a file"
fi fi
done done
fi else
fi echo "[custom-init] No custom services found, skipping..."
fi
# Exit if mods is not set # Remove legacy folder if it's empty
if [ -z ${DOCKER_MODS+x} ]; then if [[ -e "${SERVICES_DIR_OLD}" ]] && [[ -z "$(/bin/ls -A ${SERVICES_DIR_OLD} 2>/dev/null)" ]]; then
exit 0 echo "[custom-init] Legacy service folder ${SERVICES_DIR_OLD} is empty, deleting..."
fi rm -rf "${SERVICES_DIR_OLD}"
fi
}
# Check for curl # Check for curl
if [ ! -f /usr/bin/curl ] || [ ! -f /usr/bin/jq ]; then curl_check() {
echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing" if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then
if [ -f /usr/bin/apt ]; then echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing"
# Ubuntu if [[ -f /usr/bin/apt ]]; then
apt-get update ## Ubuntu
apt-get install --no-install-recommends -y \ export DEBIAN_FRONTEND="noninteractive"
curl \ apt-get update
jq apt-get install --no-install-recommends -y \
elif [ -f /sbin/apk ]; then curl \
# Alpine jq
apk add --no-cache \ elif [[ -f /sbin/apk ]]; then
curl \ # Alpine
jq apk add --no-cache \
fi curl \
fi jq
fi
## Functions fi
}
# Use different filtering depending on URL # Use different filtering depending on URL
get_blob_sha () { get_blob_sha() {
if [[ $1 == "ghcr" ]]; then if [[ $1 == "ghcr" ]]; then
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
--location \ --location \
--request GET \ --request GET \
--header "Authorization: Bearer $2" \ --header "Authorization: Bearer $2" \
$3 | jq -r '.layers[0].digest' "$3" | jq -r '.layers[0].digest'
else else
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
--silent \ --silent \
--location \ --location \
--request GET \ --request GET \
--header "Authorization: Bearer $2" \ --header "Authorization: Bearer $2" \
$3 | jq -r '.fsLayers[0].blobSum' "$3" | jq -r '.fsLayers[0].blobSum'
fi fi
} }
# Main run logic # Main run logic
echo "[mod-init] Attempting to run Docker Modification Logic" run_mods() {
IFS='|' echo "[mod-init] Attempting to run Docker Modification Logic"
DOCKER_MODS=(${DOCKER_MODS}) for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
for DOCKER_MOD in "${DOCKER_MODS[@]}"; do # Support alternative endpoints
# Support alternative endpoints if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then
if [[ ${DOCKER_MOD} == ghcr.io/* ]] || [[ ${DOCKER_MOD} == linuxserver/* ]]; then DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}"
DOCKER_MOD="${DOCKER_MOD#ghcr.io/*}" ENDPOINT="${DOCKER_MOD%%:*}"
ENDPOINT="${DOCKER_MOD%%:*}" USERNAME="${DOCKER_MOD%%/*}"
USERNAME="${DOCKER_MOD%%/*}" REPO="${ENDPOINT#*/}"
REPO="${ENDPOINT#*/}" TAG="${DOCKER_MOD#*:}"
TAG="${DOCKER_MOD#*:}" if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then TAG="latest"
TAG="latest" fi
fi FILENAME="${USERNAME}.${REPO}.${TAG}"
FILENAME="${USERNAME}.${REPO}.${TAG}" AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull"
AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull" MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}"
MANIFEST_URL="https://ghcr.io/v2/${ENDPOINT}/manifests/${TAG}" BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/"
BLOB_URL="https://ghcr.io/v2/${ENDPOINT}/blobs/" MODE="ghcr"
MODE="ghcr" else
else ENDPOINT="${DOCKER_MOD%%:*}"
ENDPOINT="${DOCKER_MOD%%:*}" USERNAME="${DOCKER_MOD%%/*}"
USERNAME="${DOCKER_MOD%%/*}" REPO="${ENDPOINT#*/}"
REPO="${ENDPOINT#*/}" TAG="${DOCKER_MOD#*:}"
TAG="${DOCKER_MOD#*:}" if [[ ${TAG} == "${DOCKER_MOD}" ]]; then
if [[ ${TAG} == "${DOCKER_MOD}" ]]; then TAG="latest"
TAG="latest" fi
fi FILENAME="${USERNAME}.${REPO}.${TAG}"
FILENAME="${USERNAME}.${REPO}.${TAG}" AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull" MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}"
MANIFEST_URL="https://registry-1.docker.io/v2/${ENDPOINT}/manifests/${TAG}" BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/"
BLOB_URL="https://registry-1.docker.io/v2/${ENDPOINT}/blobs/" MODE="dockerhub"
MODE="dockerhub" fi
fi # Kill off modification logic if any of the usernames are banned
# Kill off modification logic if any of the usernames are banned for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do
BLACKLIST=$(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt) if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then
IFS=$'\n' if [[ -z ${RUN_BANNED_MODS+x} ]]; then
BLACKLIST=(${BLACKLIST}) echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
for BANNED in "${BLACKLIST[@]}"; do return
if [ "${BANNED}" == "${USERNAME,,}" ]; then else
if [ -z ${RUN_BANNED_MODS+x} ]; then echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied"
echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic" fi
exit 0 fi
else done
echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied" echo "[mod-init] Applying ${DOCKER_MOD} files to container"
fi # Get Dockerhub token for api operations
fi TOKEN="$(
done curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
echo "[mod-init] Applying ${DOCKER_MOD} files to container" --silent \
# Get Dockerhub token for api operations --header 'GET' \
TOKEN=\ "${AUTH_URL}" |
"$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ jq -r '.token'
--silent \ )"
--header 'GET' \ # Determine first and only layer of image
"${AUTH_URL}" \ SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}")
| jq -r '.token' \ # Check if we have allready applied this layer
)" if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then
# Determine first and only layer of image echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
SHALAYER=$(get_blob_sha "${MODE}" "${TOKEN}" "${MANIFEST_URL}") else
# Check if we have allready applied this layer # Download and extract layer to /
if [ -f "/${FILENAME}" ] && [ "${SHALAYER}" == "$(cat /${FILENAME})" ]; then curl -f --retry 10 --retry-max-time 60 --retry-all-errors \
echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping" --silent \
else --location \
# Download and extract layer to / --request GET \
curl -f --retry 10 --retry-max-time 60 --retry-all-errors \ --header "Authorization: Bearer ${TOKEN}" \
--silent \ "${BLOB_URL}${SHALAYER}" -o \
--location \ /modtarball.tar.xz
--request GET \ mkdir -p /tmp/mod
--header "Authorization: Bearer ${TOKEN}" \ tar xzf /modtarball.tar.xz -C /tmp/mod
"${BLOB_URL}${SHALAYER}" -o \ if [[ -d /tmp/mod/etc/s6-overlay ]]; then
/modtarball.tar.xz if [[ -d /tmp/mod/etc/cont-init.d ]]; then
mkdir -p /tmp/mod rm -rf /tmp/mod/etc/cont-init.d
tar xzf /modtarball.tar.xz -C /tmp/mod fi
if [ -d /tmp/mod/etc/s6-overlay ]; then if [[ -d /tmp/mod/etc/services.d ]]; then
if [ -d /tmp/mod/etc/cont-init.d ]; then rm -rf /tmp/mod/etc/services.d
rm -rf /tmp/mod/etc/cont-init.d fi
fi fi
if [ -d /tmp/mod/etc/services.d ]; then shopt -s dotglob
rm -rf /tmp/mod/etc/services.d cp -R /tmp/mod/* /
fi shopt -u dotglob
fi rm -rf /tmp/mod
shopt -s dotglob rm -rf /modtarball.tar.xz
cp -R /tmp/mod/* / echo "${SHALAYER}" >"/${FILENAME}"
shopt -u dotglob echo "[mod-init] ${DOCKER_MOD} applied to container"
rm -rf /tmp/mod fi
rm -rf /modtarball.tar.xz done
echo ${SHALAYER} > "/${FILENAME}" }
echo "[mod-init] ${DOCKER_MOD} applied to container"
fi
done
# Set executable bit on cont-init and services that may have been unpacked by mods # Main script loop
SCRIPTS_DIR_OLD="/config/custom-cont-init.d"
SCRIPTS_DIR="/custom-cont-init.d"
SERVICES_DIR_OLD="/config/custom-services.d"
SERVICES_DIR="/custom-services.d"
if [ ! -d "/custom-cont-init.d" ] && [ ! -d "/custom-services.d" ]; then
# Tamper check legacy custom folders
tamper_check_legacy
process_custom_services_legacy
else
# Tamper check new custom folders
tamper_check
process_custom_services
fi
# Run mod logic
if [[ -n "${DOCKER_MODS+x}" ]]; then
curl_check
run_mods
fi
# Set executable bit on legacy cont-init and services built into the image and anything legacy unpacked by mods
set_legacy_executable_bits set_legacy_executable_bits

18
root/etc/cont-init.d/02-tamper-check
Wyświetl plik

@ -1,18 +0,0 @@
#!/usr/bin/with-contenv bash
if ([ -d "/config/custom-cont-init.d" ] && [ -n "$(find /config/custom-cont-init.d ! -user root)" ]) || ([ -d "/config/custom-services.d" ] && [ -n "$(find /config/custom-services.d ! -user root)" ]); then
echo "**** Potential tampering with custom scripts/services detected ****"
randstr=$(< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-8};echo;)
for folder in "/config/custom-cont-init.d" "/config/custom-services.d"; do
if [ -d "${folder}" ]; then
mv "${folder}" "${folder}.${randstr}"
echo "**** Folder ${folder} is moved to ${folder}.${randstr} ****"
fi
done
echo "**** The folders '/config/custom-cont-init.d' and '/config/custom-services.d'; and their contents need to all be owned by root to prevent root escalation inside the container!!! ****"
mkdir -p /config/custom-cont-init.d /config/custom-services.d
chown 0:0 /config/custom-cont-init.d /config/custom-services.d
elif ([ -d "/config/custom-cont-init.d" ] && [ -n "$(find /config/custom-cont-init.d -perm -o+w)" ]) || ([ -d "/config/custom-services.d" ] && [ -n "$(find /config/custom-services.d -perm -o+w)" ]); then
echo "**** The folders '/config/custom-cont-init.d' or '/config/custom-services.d'; or some of their contents have write permissions for others, which is a security risk. ****"
echo "**** Please review the permissions of these two folders and their contents to make sure they are owned by root, and can only be modified by root. ****"
fi

5
root/etc/cont-init.d/90-custom-folders
Wyświetl plik

@ -1,5 +0,0 @@
#!/usr/bin/with-contenv bash
# create custom folders and secure permissions
mkdir -p /config/{custom-cont-init.d,custom-services.d}
chown -R 0:0 /config/{custom-cont-init.d,custom-services.d}

77
root/etc/cont-init.d/99-custom-files 100755
Wyświetl plik

@ -0,0 +1,77 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Directories
SCRIPTS_DIR_OLD="/config/custom-cont-init.d"
SCRIPTS_DIR="/custom-cont-init.d"
SERVICES_DIR_OLD="/config/custom-services.d"
SERVICES_DIR="/custom-services.d"
# chown legacy folders if they exist
if [[ -e "${SCRIPTS_DIR_OLD}" ]]; then
chown -R 0:0 "${SCRIPTS_DIR_OLD}"
fi
# chown legacy folders if they exist
if [[ -e "${SERVICES_DIR_OLD}" ]]; then
chown -R 0:0 "${SERVICES_DIR_OLD}"
fi
# Make sure custom init directory exists and has files in it
if [[ -e "${SCRIPTS_DIR}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]]; then
echo "[custom-init] Files found, executing"
for SCRIPT in "${SCRIPTS_DIR}"/*; do
NAME="$(basename "${SCRIPT}")"
if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?"
elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file"
fi
done
# Remove legacy folder if it's empty
if [[ -e "${SCRIPTS_DIR}" ]] && [[ -z "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]]; then
echo "[custom-init] Legacy service folder ${SCRIPTS_DIR} is empty, deleting..."
rm -rf "${SCRIPTS_DIR}"
fi
elif [[ -e "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] Files found, executing"
for SCRIPT in "${SCRIPTS_DIR_OLD}"/*; do
NAME="$(basename "${SCRIPT}")"
if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?"
elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file"
fi
done
elif [[ -e "${SCRIPTS_DIR_OLD}" ]] && [[ -z "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] Legacy files folder ${SCRIPTS_DIR_OLD} is empty, deleting..."
rm -rf "${SCRIPTS_DIR_OLD}"
else
echo "[custom-init] No custom files found, skipping..."
fi
if [[ -n "$(/bin/ls -A "${SCRIPTS_DIR_OLD}" 2>/dev/null)" ]] ||
[[ -n "$(/bin/ls -A "${SERVICES_DIR_OLD}" 2>/dev/null)" ]]; then
cat << EOF | tee {${SCRIPTS_DIR_OLD}/README.txt,${SERVICES_DIR_OLD}/README.txt} 2>/dev/null
********************************************************
********************************************************
* *
* !!!! *
* Custom scripts or services found in legacy locations *
* !!!! *
* Please move your custom scripts and services *
* to ${SCRIPTS_DIR} and ${SERVICES_DIR} *
* respectively to ensure they continue working. *
* *
* Visit https://linuxserver.io/custom for more info. *
* *
********************************************************
********************************************************
EOF
fi
exit 0

63
root/etc/cont-init.d/99-custom-scripts
Wyświetl plik

@ -1,63 +0,0 @@
#!/usr/bin/with-contenv bash
# shellcheck shell=bash
# Directories
SCRIPTS_DIR_OLD="/config/custom-cont-init.d"
SERVICES_DIR_OLD="/config/custom-services.d"
SCRIPTS_DIR="/custom-cont-init.d"
SERVICES_DIR="/custom-services.d"
if [[ -z "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]] &&
[[ -z "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] no custom files found, skipping..."
else
# Make sure custom init directory exists and has files in it
if [[ -e "${SCRIPTS_DIR}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR} 2>/dev/null)" ]]; then
echo "[custom-init] files found, executing"
for SCRIPT in "${SCRIPTS_DIR}"/*; do
NAME="$(basename "${SCRIPT}")"
if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?"
elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file"
fi
done
fi
if [[ -e "${SCRIPTS_DIR_OLD}" ]] && [[ -n "$(/bin/ls -A ${SCRIPTS_DIR_OLD} 2>/dev/null)" ]]; then
echo "[custom-init] files found, executing"
for SCRIPT in "${SCRIPTS_DIR_OLD}"/*; do
NAME="$(basename "${SCRIPT}")"
if [[ -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: executing..."
/bin/bash "${SCRIPT}"
echo "[custom-init] ${NAME}: exited $?"
elif [[ ! -f "${SCRIPT}" ]]; then
echo "[custom-init] ${NAME}: is not a file"
fi
done
fi
fi
if [[ -n "$(/bin/ls -A "${SCRIPTS_DIR_OLD}" 2>/dev/null)" ]] ||
[[ -n "$(/bin/ls -A "${SERVICES_DIR_OLD}" 2>/dev/null)" ]]; then
cat << EOF | tee {${SCRIPTS_DIR_OLD}/README.txt,${SERVICES_DIR_OLD}/README.txt} 2>/dev/null
********************************************************
********************************************************
* *
* !!!! *
* Custom scripts or services found in legacy locations *
* !!!! *
* Please move your custom scripts and services *
* to ${SCRIPTS_DIR} and ${SERVICES_DIR} *
* respectively to ensure they continue working. *
* *
* Visit https://linuxserver.io/custom for more info. *
* *
********************************************************
********************************************************
EOF
fi
exit 0

55
root/etc/s6-overlay/s6-rc.d/init-mods-package-install/run
Wyświetl plik

@ -1,33 +1,42 @@
#!/usr/bin/with-contenv bash #!/usr/bin/with-contenv bash
# shellcheck shell=bash
if [ -f "/mod-repo-packages-to-install.list" ]; then if [[ -f "/mod-repo-packages-to-install.list" ]]; then
echo "**** Installing all mod packages ****" IFS=' ' read -ra REPO_PACKAGES <<< "$(tr '\n' ' ' < /mod-repo-packages-to-install.list)"
if [ -f /usr/bin/apt ]; then if [[ ${#REPO_PACKAGES[@]} -ne 0 ]] && [[ ${REPO_PACKAGES[*]} != "" ]]; then
export DEBIAN_FRONTEND="noninteractive" echo "**** Installing all mod packages ****"
apt-get update if [[ -f /usr/bin/apt ]]; then
apt-get install -y --no-install-recommends \ export DEBIAN_FRONTEND="noninteractive"
$(cat /mod-repo-packages-to-install.list) apt-get update
elif [ -f /sbin/apk ]; then apt-get install -y --no-install-recommends \
apk add --no-cache \ "${REPO_PACKAGES[@]}"
$(cat /mod-repo-packages-to-install.list) elif [[ -f /sbin/apk ]]; then
apk add --no-cache \
"${REPO_PACKAGES[@]}"
fi
fi fi
fi fi
if [ -f "/mod-pip-packages-to-install.list" ]; then if [[ -f "/mod-pip-packages-to-install.list" ]]; then
echo "**** Installing all pip packages ****" IFS=' ' read -ra PIP_PACKAGES <<< "$(tr '\n' ' ' < /mod-pip-packages-to-install.list)"
python3 -m pip install -U pip wheel setuptools if [[ ${#PIP_PACKAGES[@]} -ne 0 ]] && [[ ${PIP_PACKAGES[*]} != "" ]]; then
if [ -f /usr/bin/apt ]; then echo "**** Installing all pip packages ****"
PIP_ARGS="-f https://wheel-index.linuxserver.io/ubuntu/" python3 -m pip install -U pip wheel setuptools
elif [ -f /sbin/apk ]; then PIP_ARGS=()
ALPINE_VER=$(grep main /etc/apk/repositories | sed 's|.*alpine/v||' | sed 's|/main.*||') if [[ -f /usr/bin/apt ]]; then
if [ "${ALPINE_VER}" = "3.14" ]; then PIP_ARGS+=("-f" "https://wheel-index.linuxserver.io/ubuntu/")
PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine/" elif [[ -f /sbin/apk ]]; then
else ALPINE_VER=$(grep main /etc/apk/repositories | sed 's|.*alpine/v||' | sed 's|/main.*||')
PIP_ARGS="-f https://wheel-index.linuxserver.io/alpine-${ALPINE_VER}/" if [[ "${ALPINE_VER}" = "3.14" ]]; then
PIP_ARGS+=("-f" "https://wheel-index.linuxserver.io/alpine/")
else
PIP_ARGS+=("-f" "https://wheel-index.linuxserver.io/alpine-${ALPINE_VER}/")
fi
fi fi
python3 -m pip install \
"${PIP_ARGS[@]}" \
"${PIP_PACKAGES[@]}"
fi fi
python3 -m pip install ${PIP_ARGS} \
$(cat /mod-pip-packages-to-install.list)
fi fi
rm -rf \ rm -rf \