From 316a1235383fb833d36b31f9d3ce12e3b12d354d Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 08:51:25 -0600 Subject: [PATCH 1/7] Create with-contenv alias --- docker-mods.v3 | 44 ++++++++++++++++++++++++++++++++------------ 1 file changed, 32 insertions(+), 12 deletions(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index 6fc7182..a54633c 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -1,9 +1,11 @@ -#!/usr/bin/with-contenv bash +#!/command/with-contenv bash # shellcheck shell=bash -# Version 3 -# 2022-09-25 -MOD_SCRIPT_VER="3" +# Version 4 +# 2023-01-21 +MOD_SCRIPT_VER="4" + +# Use /command/with-contenv shebang because /usr/bin/with-contenv is created in this script # Define custom folder paths SCRIPTS_DIR="/custom-cont-init.d" @@ -18,7 +20,7 @@ set_legacy_executable_bits() { } tamper_check() { - #Tamper check custom service locations + # Tamper check custom service locations if [[ -d "${SERVICES_DIR}" ]] && [[ -n "$(find ${SERVICES_DIR}/* ! -user root 2>/dev/null)" ]]; then echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' are not owned by root, which is a security risk. ****" echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****" @@ -26,7 +28,7 @@ tamper_check() { echo "[custom-init] **** Some of the contents of the folder '${SERVICES_DIR}' have write permissions for others, which is a security risk. ****" echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****" fi - #Tamper check custom script locations + # Tamper check custom script locations if [[ -d "${SCRIPTS_DIR}" ]] && [[ -n "$(find ${SCRIPTS_DIR}/* ! -user root 2>/dev/null)" ]]; then echo "[custom-init] **** Some of the contents of the folder '${SCRIPTS_DIR}' are not owned by root, which is a security risk. ****" echo "[custom-init] **** Please review the permissions of this folder and its contents to make sure they are owned by root, and can only be modified by root. ****" @@ -68,16 +70,33 @@ process_custom_services() { fi } -#Create our noisy chown alias to handle read-only/remote volumes +# Create our noisy chown alias to handle read-only/remote volumes create_lsiown_alias() { - cat <<- EOF > /usr/bin/lsiown + cat <<-EOF >/usr/bin/lsiown #!/bin/bash - chown "\$@" || printf '**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****\n**** The app may not work properly and we will not provide support for it. ****\n' - EOF + chmod +x /usr/bin/lsiown +} - chmod +x /usr/bin/lsiown +# Create our with-contenv alias with umask support +create_with_contenv_alias() { + if [[ -f /command/with-contenv ]]; then + echo "[mod-init] /command/with-contenv not found, skipping alias creation" + return + fi + rm -rf /usr/bin/with-contenv + cat <<-EOF >/usr/bin/with-contenv + #!/bin/bash + if [[ -f /run/s6/container_environment/UMASK ]] && + { [[ "$(pwdx \$\$)" =~ "/run/s6/legacy-services/" ]] || + [[ "$(pwdx \$\$)" =~ "/run/s6/services/" ]] || + [[ "$(pwdx \$\$)" =~ "/servicedirs/svc-" ]]; }; then + umask "$(cat /run/s6/container_environment/UMASK)" + fi + exec /command/with-contenv "\$@" + EOF + chmod +x /usr/bin/with-contenv } # Check for curl @@ -85,7 +104,7 @@ curl_check() { if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing" if [[ -f /usr/bin/apt ]]; then - ## Ubuntu + # Ubuntu export DEBIAN_FRONTEND="noninteractive" apt-get update apt-get install --no-install-recommends -y \ @@ -238,3 +257,4 @@ fi set_legacy_executable_bits create_lsiown_alias +create_with_contenv_alias From 6cf45c4b06df61cf2a9ba664675d768098f42a0b Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 08:56:19 -0600 Subject: [PATCH 2/7] Fix indent --- docker-mods.v3 | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index a54633c..3caee16 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -72,6 +72,7 @@ process_custom_services() { # Create our noisy chown alias to handle read-only/remote volumes create_lsiown_alias() { + # intentional tabs in the heredoc cat <<-EOF >/usr/bin/lsiown #!/bin/bash chown "\$@" || printf '**** Permissions could not be set. This is probably because your volume mounts are remote or read-only. ****\n**** The app may not work properly and we will not provide support for it. ****\n' @@ -86,15 +87,16 @@ create_with_contenv_alias() { return fi rm -rf /usr/bin/with-contenv + # intentional tabs in the heredoc cat <<-EOF >/usr/bin/with-contenv #!/bin/bash - if [[ -f /run/s6/container_environment/UMASK ]] && - { [[ "$(pwdx \$\$)" =~ "/run/s6/legacy-services/" ]] || - [[ "$(pwdx \$\$)" =~ "/run/s6/services/" ]] || - [[ "$(pwdx \$\$)" =~ "/servicedirs/svc-" ]]; }; then - umask "$(cat /run/s6/container_environment/UMASK)" - fi - exec /command/with-contenv "\$@" + if [[ -f /run/s6/container_environment/UMASK ]] && + { [[ "$(pwdx \$\$)" =~ "/run/s6/legacy-services/" ]] || + [[ "$(pwdx \$\$)" =~ "/run/s6/services/" ]] || + [[ "$(pwdx \$\$)" =~ "/servicedirs/svc-" ]]; }; then + umask "$(cat /run/s6/container_environment/UMASK)" + fi + exec /command/with-contenv "\$@" EOF chmod +x /usr/bin/with-contenv } From 93f0167b90c7fca8d8409c7e18dfab190528e1df Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 09:01:55 -0600 Subject: [PATCH 3/7] Update readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 4f6fe96..b62ad3a 100644 --- a/README.md +++ b/README.md @@ -2,5 +2,6 @@ These files are used by Linuxserver build processes to handle mods in our images. Not for end-user consumption. +* **21.01.23:** - Create with-contenv alias. * **01.01.23:** - Remove support for legacy custom script/service locations. * **25.09.22:** - Initial Release. From 94603f3ccdc14ab01c8379304802bebed078bfba Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 09:08:37 -0600 Subject: [PATCH 4/7] Reset version --- docker-mods.v3 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index 3caee16..9119f90 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -1,9 +1,9 @@ #!/command/with-contenv bash # shellcheck shell=bash -# Version 4 -# 2023-01-21 -MOD_SCRIPT_VER="4" +# Version 3 +# 2022-09-25 +MOD_SCRIPT_VER="3" # Use /command/with-contenv shebang because /usr/bin/with-contenv is created in this script From d54d46ed15c34604f3c942d17d3649c496b33fa3 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Sat, 21 Jan 2023 10:41:30 -0600 Subject: [PATCH 5/7] Move alias creations up --- docker-mods.v3 | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index 9119f90..f4f7003 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -238,6 +238,10 @@ run_mods() { done } +# Run alias creation functions +create_lsiown_alias +create_with_contenv_alias + # Main script loop if [[ ${S6_VERBOSITY} -ge 2 ]]; then @@ -257,6 +261,3 @@ fi # Set executable bit on legacy cont-init and services built into the image and anything legacy unpacked by mods set_legacy_executable_bits - -create_lsiown_alias -create_with_contenv_alias From 8b3658790327fbd2bb1668501b1356e9388c3421 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Tue, 24 Jan 2023 17:52:10 -0600 Subject: [PATCH 6/7] Fix missing escapes --- docker-mods.v3 | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index f4f7003..9f40a4b 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -91,10 +91,10 @@ create_with_contenv_alias() { cat <<-EOF >/usr/bin/with-contenv #!/bin/bash if [[ -f /run/s6/container_environment/UMASK ]] && - { [[ "$(pwdx \$\$)" =~ "/run/s6/legacy-services/" ]] || - [[ "$(pwdx \$\$)" =~ "/run/s6/services/" ]] || - [[ "$(pwdx \$\$)" =~ "/servicedirs/svc-" ]]; }; then - umask "$(cat /run/s6/container_environment/UMASK)" + { [[ "\$(pwdx \$\$)" =~ "/run/s6/legacy-services/" ]] || + [[ "\$(pwdx \$\$)" =~ "/run/s6/services/" ]] || + [[ "\$(pwdx \$\$)" =~ "/servicedirs/svc-" ]]; }; then + umask "\$(cat /run/s6/container_environment/UMASK)" fi exec /command/with-contenv "\$@" EOF From dad34393d33daa565e2606d9aafe1162401eb918 Mon Sep 17 00:00:00 2001 From: Eric Nemchik Date: Thu, 26 Jan 2023 18:28:22 -0600 Subject: [PATCH 7/7] Fix inverted logic --- docker-mods.v3 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-mods.v3 b/docker-mods.v3 index 9f40a4b..5590019 100755 --- a/docker-mods.v3 +++ b/docker-mods.v3 @@ -82,7 +82,7 @@ create_lsiown_alias() { # Create our with-contenv alias with umask support create_with_contenv_alias() { - if [[ -f /command/with-contenv ]]; then + if [[ ! -f /command/with-contenv ]]; then echo "[mod-init] /command/with-contenv not found, skipping alias creation" return fi