Improve logging, support multiarch mods

This commit is contained in:
TheSpad
2024-01-04 20:17:39 +00:00
parent ed33ad778c
commit a296072978
+63 -33
View File
@@ -13,7 +13,6 @@ SERVICES_DIR="/custom-services.d"
if [[ ${DOCKER_MODS_DEBUG,,} = "true" ]]; then if [[ ${DOCKER_MODS_DEBUG,,} = "true" ]]; then
CURL_NOISE_LEVEL="-v" CURL_NOISE_LEVEL="-v"
echo "[mod-init] Running in debug mode"
else else
CURL_NOISE_LEVEL="--silent" CURL_NOISE_LEVEL="--silent"
fi fi
@@ -141,7 +140,7 @@ create_lsiown_alias() {
# Create our with-contenv alias with umask support # Create our with-contenv alias with umask support
create_with_contenv_alias() { create_with_contenv_alias() {
if [[ ! -f /command/with-contenv ]]; then if [[ ! -f /command/with-contenv ]]; then
echo "[mod-init] /command/with-contenv not found, skipping alias creation" echo "/command/with-contenv not found, skipping alias creation"
return return
fi fi
rm -rf /usr/bin/with-contenv rm -rf /usr/bin/with-contenv
@@ -162,7 +161,7 @@ create_with_contenv_alias() {
# Check for curl # Check for curl
curl_check() { curl_check() {
if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then if [[ ! -f /usr/bin/curl ]] || [[ ! -f /usr/bin/jq ]]; then
echo "[mod-init] Curl/JQ was not found on this system for Docker mods installing" write_mod_info "[mod-init] Curl/JQ was not found on this system for Docker mods installing"
if [[ -f /usr/bin/apt ]]; then if [[ -f /usr/bin/apt ]]; then
# Ubuntu # Ubuntu
export DEBIAN_FRONTEND="noninteractive" export DEBIAN_FRONTEND="noninteractive"
@@ -189,7 +188,17 @@ curl_check() {
fi fi
} }
write_debug() { write_mod_info() {
local MSG=$*
echo "[mod-init] $MSG"
}
write_mod_error() {
local MSG=$*
echo "[mod-init] (ERROR) $MSG"
}
write_mod_debug() {
local MSG=$* local MSG=$*
if [[ ${DOCKER_MODS_DEBUG,,} = "true" ]]; then echo "[mod-init] (DEBUG) $MSG"; fi if [[ ${DOCKER_MODS_DEBUG,,} = "true" ]]; then echo "[mod-init] (DEBUG) $MSG"; fi
} }
@@ -199,17 +208,15 @@ get_blob_sha() {
MULTIDIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ MULTIDIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--location \ --location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.index.v1+json" \ --header "Accept: application/vnd.oci.image.index.v1+json" \
--header "Authorization: Bearer ${1}" \ --header "Authorization: Bearer ${1}" \
--user-agent "${MOD_UA}" \ --user-agent "${MOD_UA}" \
"${2}/${3}" | jq -r 'first(.manifests[].digest)?') "${2}/${3}" | jq -r ".manifests[]? | select(.platform.architecture == \"${4}\").digest?")
if [[ -z "${MULTIDIGEST}" ]]; then if [[ -z "${MULTIDIGEST}" ]]; then
if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--location \ --location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${1}" \ --header "Authorization: Bearer ${1}" \
@@ -221,7 +228,6 @@ get_blob_sha() {
if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ if DIGEST=$(curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--location \ --location \
--request GET \
--header "Accept: application/vnd.docker.distribution.manifest.v2+json" \ --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
--header "Accept: application/vnd.oci.image.manifest.v1+json" \ --header "Accept: application/vnd.oci.image.manifest.v1+json" \
--header "Authorization: Bearer ${1}" \ --header "Authorization: Bearer ${1}" \
@@ -239,7 +245,7 @@ get_auth_url() {
local scope local scope
# Call to get manifests and extract www-authenticate header # Call to get manifests and extract www-authenticate header
auth_header=$(curl -sLI ${CURL_NOISE_LEVEL} "${1}/${2}" | grep -i www-authenticate | tr -d '\r') auth_header=$(curl -sLI ${CURL_NOISE_LEVEL} "${1}/${2}" | grep -i www-authenticate | tr -d '\r')
write_debug "${auth_header}" write_mod_debug "${auth_header}"
if [[ -n "${auth_header}" ]]; then if [[ -n "${auth_header}" ]]; then
# Extract realm URL from www-authenticate header # Extract realm URL from www-authenticate header
realm_url=$(echo "$auth_header" | grep -oP 'realm="\K[^"]+') realm_url=$(echo "$auth_header" | grep -oP 'realm="\K[^"]+')
@@ -251,9 +257,34 @@ get_auth_url() {
fi fi
} }
get_arch(){
local arch
if [[ -f /sbin/apk ]]; then
arch=$(apk --print-arch)
elif [[ -f /usr/bin/dpkg ]]; then
arch=$(dpkg --print-architecture)
else
arch=$(uname -m)
fi
case "${arch}" in
x86_64 )
arch="amd64"
;;
aarch64 )
arch="arm64"
;;
esac
echo "${arch}"
}
# Main run logic # Main run logic
run_mods() { run_mods() {
echo "[mod-init] Attempting to run Docker Modification Logic" write_mod_info "Attempting to run Docker Modification Logic"
write_mod_debug "Running in debug mode"
write_mod_debug "Mod script version ${MOD_SCRIPT_VER}"
for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
# Support alternative endpoints # Support alternative endpoints
case "${DOCKER_MOD}" in case "${DOCKER_MOD}" in
@@ -294,76 +325,75 @@ run_mods() {
MANIFEST_URL="https://${REGISTRY}/v2/${ENDPOINT}/manifests" MANIFEST_URL="https://${REGISTRY}/v2/${ENDPOINT}/manifests"
BLOB_URL="https://${REGISTRY}/v2/${ENDPOINT}/blobs/" BLOB_URL="https://${REGISTRY}/v2/${ENDPOINT}/blobs/"
MOD_UA="Mozilla/5.0 (Linux $(uname -m)) linuxserver.io ${REGISTRY}/${ENDPOINT}:${TAG}" MOD_UA="Mozilla/5.0 (Linux $(uname -m)) linuxserver.io ${REGISTRY}/${ENDPOINT}:${TAG}"
write_debug "Registry='${REGISTRY}', Repository='${USERNAME}', Image='${ENDPOINT}', Tag='${TAG}'" write_mod_debug "Registry='${REGISTRY}', Repository='${USERNAME}', Image='${ENDPOINT}', Tag='${TAG}'"
case "${REGISTRY}" in case "${REGISTRY}" in
"lscr.io") AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull";; "lscr.io") AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull";;
"ghcr.io") AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull";; "ghcr.io") AUTH_URL="https://ghcr.io/token?scope=repository%3A${USERNAME}%2F${REPO}%3Apull";;
"quay.io") AUTH_URL="https://quay.io/v2/auth?service=quay.io&scope=repository%3A${USERNAME}%2F${REPO}%3Apull";; "quay.io") AUTH_URL="https://quay.io/v2/auth?service=quay.io&scope=repository%3A${USERNAME}%2F${REPO}%3Apull";;
"registry-1.docker.io") AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull";; "registry-1.docker.io") AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull";;
*) get_auth_url "${MANIFEST_URL}" "${TAG}" *) AUTH_URL=$(get_auth_url "${MANIFEST_URL}" "${TAG}")
esac esac
if [[ -z "${AUTH_URL}" ]]; then echo "[mod-init] Could not fetch auth URL from registry, skipping mod";fi if [[ -z "${AUTH_URL}" ]]; then write_mod_error "Could not fetch auth URL from registry, skipping mod";fi
# Kill off modification logic if any of the usernames are banned # Kill off modification logic if any of the usernames are banned
for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do for BANNED in $(curl -s https://raw.githubusercontent.com/linuxserver/docker-mods/master/blacklist.txt); do
if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then if [[ "${BANNED,,}" == "${USERNAME,,}" ]]; then
if [[ -z ${RUN_BANNED_MODS+x} ]]; then if [[ -z ${RUN_BANNED_MODS+x} ]]; then
echo "[mod-init] ${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic" write_mod_info "${DOCKER_MOD} is banned from use due to reported abuse aborting mod logic"
return return
else else
echo "[mod-init] You have chosen to run banned mods ${DOCKER_MOD} will be applied" write_mod_info "You have chosen to run banned mods ${DOCKER_MOD} will be applied"
fi fi
fi fi
done done
echo "[mod-init] Adding ${DOCKER_MOD} to container" write_mod_info "Adding ${DOCKER_MOD} to container"
# Get registry token for api operations # Get registry token for api operations
TOKEN="$( TOKEN="$(
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--request GET \
"${AUTH_URL}" | "${AUTH_URL}" |
jq -r '.token' jq -r '.token'
)" )"
# If we're using lscr try and get the manifest from ghcr, if it fails re-request a token from Docker Hub # If we're using lscr try and get the manifest from ghcr, if it fails re-request a token from Docker Hub
if [[ "${REGISTRY}" == "lscr.io" ]]; then if [[ "${REGISTRY}" == "lscr.io" ]]; then
if [[ -n $(curl --user-agent "${MOD_UA}" -sLH "Authorization: Bearer ${TOKEN}" "${MANIFEST_URL}/${TAG}" | jq -r '.errors' >/dev/null 2>&1) ]]; then if [[ -n $(curl --user-agent "${MOD_UA}" -sLH "Authorization: Bearer ${TOKEN}" "${MANIFEST_URL}/${TAG}" | jq -r '.errors' >/dev/null 2>&1) ]]; then
write_debug "Couldn't fetch manifest from ghcr.io, trying docker.io" write_mod_debug "Couldn't fetch manifest from ghcr.io, trying docker.io"
AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull" AUTH_URL="https://auth.docker.io/token?service=registry.docker.io&scope=repository:${ENDPOINT}:pull"
TOKEN="$( TOKEN="$(
curl -f --retry 10 --retry-max-time 60 --retry-connrefused \ curl -f --retry 10 --retry-max-time 60 --retry-connrefused \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--request GET \
"${AUTH_URL}" | "${AUTH_URL}" |
jq -r '.token' jq -r '.token'
)" )"
fi fi
fi fi
write_debug "Using ${AUTH_URL} as auth endpoint" write_mod_debug "Using ${AUTH_URL} as auth endpoint"
ARCH=$(get_arch)
write_mod_debug "Arch detected as ${ARCH}"
# Determine first and only layer of image # Determine first and only layer of image
SHALAYER=$(get_blob_sha "${TOKEN}" "${MANIFEST_URL}" "${TAG}") SHALAYER=$(get_blob_sha "${TOKEN}" "${MANIFEST_URL}" "${TAG}" "${ARCH:=-amd64}")
if [[ -z "${SHALAYER}" ]]; then if [[ -z "${SHALAYER}" ]]; then
echo "[mod-init] ${DOCKER_MOD} could not be found on ${REGISTRY}" write_mod_error "${DOCKER_MOD} digest could not be fetched from ${REGISTRY}"
continue continue
fi fi
# Check if we have allready applied this layer # Check if we have allready applied this layer
if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then
echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping" write_mod_info "${DOCKER_MOD} at ${SHALAYER} has been previously applied skipping"
else else
echo "[mod-init] Downloading ${DOCKER_MOD} from ${REGISTRY}" write_mod_info "Downloading ${DOCKER_MOD} from ${REGISTRY}"
# Download and extract layer to / # Download and extract layer to /
curl -f --retry 10 --retry-max-time 60 --retry-all-errors \ curl -f --retry 10 --retry-max-time 60 --retry-all-errors \
${CURL_NOISE_LEVEL} \ ${CURL_NOISE_LEVEL} \
--location \ --location \
--request GET \
--header "Authorization: Bearer ${TOKEN}" \ --header "Authorization: Bearer ${TOKEN}" \
--user-agent "${MOD_UA}" \ --user-agent "${MOD_UA}" \
"${BLOB_URL}${SHALAYER}" -o \ "${BLOB_URL}${SHALAYER}" -o \
/modtarball.tar.xz /modtarball.tar.xz
mkdir -p /tmp/mod mkdir -p /tmp/mod
if ! tar -tzf /modtarball.tar.xz >/dev/null 2>&1; then if ! tar -tzf /modtarball.tar.xz >/dev/null 2>&1; then
echo "[mod-init] Invalid tarball, could not download ${DOCKER_MOD} from ${REGISTRY}" write_mod_error "Invalid tarball, could not download ${DOCKER_MOD} from ${REGISTRY}"
continue continue
fi fi
echo "[mod-init] Installing ${DOCKER_MOD}" write_mod_info "Installing ${DOCKER_MOD}"
tar xzf /modtarball.tar.xz -C /tmp/mod tar xzf /modtarball.tar.xz -C /tmp/mod
if [[ -d /tmp/mod/etc/s6-overlay ]]; then if [[ -d /tmp/mod/etc/s6-overlay ]]; then
if [[ -d /tmp/mod/etc/cont-init.d ]]; then if [[ -d /tmp/mod/etc/cont-init.d ]]; then
@@ -379,13 +409,13 @@ run_mods() {
rm -rf /tmp/mod rm -rf /tmp/mod
rm -rf /modtarball.tar.xz rm -rf /modtarball.tar.xz
echo "${SHALAYER}" >"/${FILENAME}" echo "${SHALAYER}" >"/${FILENAME}"
echo "[mod-init] ${DOCKER_MOD} applied to container" write_mod_info "${DOCKER_MOD} applied to container"
fi fi
done done
} }
run_mods_local() { run_mods_local() {
echo "[mod-init] Attempting to run Local Docker Modification Logic" write_mod_info "Attempting to run Local Docker Modification Logic"
for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do for DOCKER_MOD in $(echo "${DOCKER_MODS}" | tr '|' '\n'); do
# Check mod file exists # Check mod file exists
if [[ -n "$(/bin/ls -A "/mods/${DOCKER_MOD}.tar" 2>/dev/null)" ]]; then if [[ -n "$(/bin/ls -A "/mods/${DOCKER_MOD}.tar" 2>/dev/null)" ]]; then
@@ -394,9 +424,9 @@ run_mods_local() {
SHALAYER=$(sha256sum "/mods/${DOCKER_MOD}.tar" | cut -d " " -f 1) SHALAYER=$(sha256sum "/mods/${DOCKER_MOD}.tar" | cut -d " " -f 1)
# Check if we have allready applied this layer # Check if we have allready applied this layer
if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then if [[ -f "/${FILENAME}" ]] && [[ "${SHALAYER}" == "$(cat /"${FILENAME}")" ]]; then
echo "[mod-init] ${DOCKER_MOD} at ${SHALAYER} has been previously applied, skipping" write_mod_info "${DOCKER_MOD} at ${SHALAYER} has been previously applied, skipping"
else else
echo "[mod-init] Installing ${DOCKER_MOD}" write_mod_info "Installing ${DOCKER_MOD}"
mkdir -p "/tmp/mod/${DOCKER_MOD}" mkdir -p "/tmp/mod/${DOCKER_MOD}"
tar xf "/mods/${DOCKER_MOD}.tar" -C /tmp/mod --strip-components=1 tar xf "/mods/${DOCKER_MOD}.tar" -C /tmp/mod --strip-components=1
tar xf "/tmp/mod/layer.tar" -C "/tmp/mod/${DOCKER_MOD}" tar xf "/tmp/mod/layer.tar" -C "/tmp/mod/${DOCKER_MOD}"
@@ -413,10 +443,10 @@ run_mods_local() {
shopt -u dotglob shopt -u dotglob
rm -rf "/tmp/mod/${DOCKER_MOD}" rm -rf "/tmp/mod/${DOCKER_MOD}"
echo "${SHALAYER}" >"/${FILENAME}.local" echo "${SHALAYER}" >"/${FILENAME}.local"
echo "[mod-init] ${DOCKER_MOD} applied to container" write_mod_info "${DOCKER_MOD} applied to container"
fi fi
else else
echo "[mod-init] ${DOCKER_MOD}.tar not found in /mods, skipping" write_mod_error "${DOCKER_MOD}.tar not found in /mods, skipping"
fi fi
done done
} }