From a64933dfbf39369ed8f377a95dbffa9df62c3137 Mon Sep 17 00:00:00 2001 From: Endial Fang Date: Wed, 2 Sep 2020 09:33:29 +0800 Subject: [PATCH] =?UTF-8?q?[alpine]=E5=A2=9E=E5=8A=A0Alpine=E7=B3=BB?= =?UTF-8?q?=E7=BB=9F=E7=9B=B8=E5=85=B3=E8=B5=84=E6=BA=90=E6=96=87=E4=BB=B6?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Makefile | 47 ++++ alpine/Dockerfile | 46 ++++ alpine/prebuilds/usr/local/license/LICENSE | 21 ++ .../prebuilds/usr/local/scripts/libcommon.sh | 146 +++++++++++ .../usr/local/scripts/libdownload.sh | 97 ++++++++ alpine/prebuilds/usr/local/scripts/libfile.sh | 78 ++++++ alpine/prebuilds/usr/local/scripts/libfs.sh | 120 +++++++++ alpine/prebuilds/usr/local/scripts/liblog.sh | 66 +++++ alpine/prebuilds/usr/local/scripts/libnet.sh | 120 +++++++++ alpine/prebuilds/usr/local/scripts/libos.sh | 159 ++++++++++++ .../prebuilds/usr/local/scripts/libservice.sh | 132 ++++++++++ .../usr/local/scripts/libvalidations.sh | 229 ++++++++++++++++++ alpine/sources/repositories.aliyun | 2 + alpine/sources/repositories.default | 2 + alpine/sources/repositories.huawei | 2 + alpine/sources/repositories.tencent | 2 + alpine/sources/repositories.ustc | 2 + 17 files changed, 1271 insertions(+) create mode 100644 Makefile create mode 100644 alpine/Dockerfile create mode 100644 alpine/prebuilds/usr/local/license/LICENSE create mode 100644 alpine/prebuilds/usr/local/scripts/libcommon.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libdownload.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libfile.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libfs.sh create mode 100644 alpine/prebuilds/usr/local/scripts/liblog.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libnet.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libos.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libservice.sh create mode 100644 alpine/prebuilds/usr/local/scripts/libvalidations.sh create mode 100644 alpine/sources/repositories.aliyun create mode 100644 alpine/sources/repositories.default create mode 100644 alpine/sources/repositories.huawei create mode 100644 alpine/sources/repositories.tencent create mode 100644 alpine/sources/repositories.ustc diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..a533deb --- /dev/null +++ b/Makefile @@ -0,0 +1,47 @@ +# Ver: 1.2 by Endial Fang (endial@126.com) +# +# 当前 Docker 镜像的编译脚本 + +debian_name := colovu/debian-builder +alpine_name := colovu/alpine-builder +local_registory := repo-dev.konkawise.com + +# 生成镜像TAG,类似:<镜像名>:<分支名>- 或 <镜像名>:latest-<年月日>-<时分秒> +current_subversion:=$(shell if [[ -d .git ]]; then git rev-parse --short HEAD; else date +%y%m%d-%H%M%S; fi) +current_tag:=$(shell if [[ -d .git ]]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion) + +# Sources List: default / tencent / ustc / aliyun / huawei +build-arg:=--build-arg apt_source=tencent + +.PHONY: build clean clearclean upgrade tag + +build: + @echo "Build $(debian_name):$(current_tag)" + @docker build --force-rm $(build-arg) -t $(debian_name):$(current_tag) . + @echo "Add tag: $(debian_name):latest" + @docker tag "$(debian_name):$(current_tag)" $(debian_name):latest + @echo "Build $(alpine_name):$(current_tag)" + @docker build --force-rm $(build-arg) -t $(alpine_name):$(current_tag) ./alpine + @echo "Add tag: $(alpine_name):latest" + @docker tag "$(alpine_name):$(current_tag)" $(alpine_name):latest + +# 清理悬空的镜像(无TAG)及停止的容器 +clean: + @echo "Clean untaged images and stoped containers..." + @docker ps -a | grep "Exited" | awk '{print $$1}' | xargs docker rm + @docker images | grep '' | awk '{print $$3}' | xargs docker rmi -f + +clearclean: clean + @echo "Clean all images for current application..." + @docker images | grep "$(debian_name)" | awk '{print $$3}' | xargs docker rmi -f + @docker images | grep "$(alpine_name)" | awk '{print $$3}' | xargs docker rmi -f +tag: + @echo "Add tag: $(local_registory)/$(alpine_name):latest" + @docker tag $(debian_name) $(local_registory)/$(debian_name) + @echo "Add tag: $(local_registory)/$(alpine_name):latest" + @docker tag $(alpine_name) $(local_registory)/$(alpine_name) + +# 更新所有 colovu 仓库的镜像 +upgrade: + @echo "Upgrade all images..." + @docker images | grep 'colovu' | grep -v '' | grep -v "latest-" | awk '{print $$1":"$$2}' | xargs -L 1 docker pull diff --git a/alpine/Dockerfile b/alpine/Dockerfile new file mode 100644 index 0000000..e5d478d --- /dev/null +++ b/alpine/Dockerfile @@ -0,0 +1,46 @@ +# Ver: 1.0 by Endial Fang (endial@126.com) +# +FROM alpine:3.12 + +# ARG参数使用"--build-arg"指定。如 "--build-arg apt_source=tencent" +# APK源配置:default / tencent / ustc / aliyun / huawei +ARG apt_source=tencent + +# 定义应用基础目录信息,该常量在容器内可使用 +ENV APP_CONF_DIR=/srv/conf \ + APP_DATA_DIR=/srv/data + +LABEL \ + "Version"="v3.12" \ + "Description"="Docker image for Builder based on Alpine." \ + "Dockerfile"="https://github.com/colovu/docker-builder" \ + "Vendor"="Endial Fang (endial@126.com)" + +# 拷贝默认 Shell 脚本至容器相关目录中 +COPY prebuilds / +COPY sources/* /etc/apk/ + +RUN set -eux; \ + \ +# 更改源为当次编译指定的源 + cp /etc/apk/repositories.${apt_source} /etc/apk/repositories; \ + \ + apk update --no-cache ; \ + apk upgrade --no-cache ; \ + \ + export APP_DIRS="${APP_CONF_DIR} ${APP_DATA_DIR}"; \ + mkdir -p ${APP_DIRS}; \ + \ + fetchDeps=" \ + bash \ + curl ca-certificates \ + iproute2 net-tools \ + \ + nano \ + build-base \ + \ + gnupg dpkg \ + "; \ + apk add --no-cache ${fetchDeps}; + +CMD [] diff --git a/alpine/prebuilds/usr/local/license/LICENSE b/alpine/prebuilds/usr/local/license/LICENSE new file mode 100644 index 0000000..80e3bb7 --- /dev/null +++ b/alpine/prebuilds/usr/local/license/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2020 Endial Fang (endial@126.com) + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/alpine/prebuilds/usr/local/scripts/libcommon.sh b/alpine/prebuilds/usr/local/scripts/libcommon.sh new file mode 100644 index 0000000..0175ac3 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libcommon.sh @@ -0,0 +1,146 @@ +#!/bin/bash +# Ver: 1.1 by Endial Fang (endial@126.com) +# + +# shellcheck disable=SC1091 + +BOLD='\033[1m' + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 打印包含包含Logo的欢迎信息 +# 全局变量: +# APP_NAME +print_image_welcome_page() { + _is_restart && return + + local github_url="https://github.com/colovu/docker-${APP_NAME}" + LOG_I "" + LOG_I " ######## ######## ### ######## ### ## ### ##" + LOG_I " ### ## ### ## ### ### ## ### ## ### ##" + LOG_I " ### ### ## ### ### ## ### ## ### ##" + LOG_I " ### ### ## ### ### ## ### ## ### ##" + LOG_I " ### ### ## ### ### ## ### ## ### ##" + LOG_I " ### ## ### ## ### ### ## #### ### ##" + LOG_I "######## ######## ######## ######## ## ########" + LOG_I "" + LOG_I "Welcome to the ${BOLD}${APP_NAME}${RESET} container" + LOG_I "Project on Github: ${BOLD}${github_url}${RESET}" + LOG_I "Send us your feedback at ${BOLD}endial@126.com${RESET}" + LOG_I "" +} + +# 根据需要打印欢迎信息 +# 全局变量: +# ENV_DISABLE_WELCOME_MESSAGE +# APP_NAME +docker_print_welcome() { + if [[ -z "${ENV_DISABLE_WELCOME_MESSAGE:-}" ]]; then + if [[ -n "$APP_NAME" ]]; then + print_image_welcome_page + fi + fi +} + +# 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0 +# 参数: +# $1 - 待检测的参数表 +docker_command_help() { + local arg + for arg; do + case "$arg" in + -'?'|--help|-V|--version) + return 0 + ;; + esac + done + return 1 +} + +# 根据脚本扩展名及权限,执行相应的初始化脚本 +# 参数: +# $1 - 文件列表,支持路径通配符 +# 使用: +# docker_process_init_files [file [file [...]]] +# 例子: +# docker_process_init_files /src/conf/${APP_NAME}/initdb.d/* +docker_process_init_files() { + echo + local f + for f; do + case "$f" in + *.sh) + if [ -x "$f" ]; then + LOG_I "$0: running $f" + "$f" + else + LOG_I "$0: sourcing $f" + . "$f" + fi + ;; + *) LOG_W "$0: ignoring $f" ;; + esac + echo + done +} + +# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份 +# 默认配置文件路径:/etc/${APP_NAME} +# 目标配置文件路径:/srv/conf/${APP_NAME} +# 参数: +# $1 - 基础路径 +# $* - 基础路径下的文件及目录列表,以" "分割 +# 例子: +# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf +ensure_config_file_exist() { + local -r base_path="${1:?paths is missing}" + local f="" + local dist="" + + shift 1 + LOG_D "List to check: $@" + while [ "$#" -gt 0 ]; do + f="${1}" + LOG_D "Process \"${f}\"" + if [ -d "${base_path}/${f}" ]; then + dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" + [[ ! -d "${dist}" ]] && LOG_I "Create directory: ${dist}" && mkdir -p "${dist}" + [[ ! -z $(ls -A "${base_path}/${f}") ]] && ensure_config_file_exist "${base_path}/${f}" $(ls -A "${base_path}/${f}") + else + dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" + [[ ! -e "${dist}" ]] && LOG_I "Copy: ${base_path}/${f} ===> ${dist}" && cp "${base_path}/${f}" "${dist}" && rm -rf "/srv/conf/${APP_NAME}/.app_init_flag" + fi + shift + done +} + +# 检测当前用户是否为 root +# 返回值: +# 布尔值 +_is_run_as_root() { + if [[ "$(id -u)" = "0" ]]; then + LOG_D "Check if run as root: Yes" + true + else + LOG_D "Check if run as root: No (ID $(id -u))" + false + fi +} + +_is_restart() { + if [ x"${RESTART_FLAG:-}" = "x" ]; then + false + else + true + fi +} + +# 检测当前脚本是被直接执行的,还是从其他脚本中使用 "source" 调用的 +_is_sourced() { + [ "${#FUNCNAME[@]}" -ge 2 ] \ + && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ + && [ "${FUNCNAME[1]}" = 'source' ] +} diff --git a/alpine/prebuilds/usr/local/scripts/libdownload.sh b/alpine/prebuilds/usr/local/scripts/libdownload.sh new file mode 100644 index 0000000..c83513d --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libdownload.sh @@ -0,0 +1,97 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 从服务器(列表)下载相应软件包 + +# Constants +#CV_BASE="http://archive.colovu.com/dist-files/" +#CV_BASE="http://10.37.129.2/dist-files/" +CV_BASE="" + +# 检测软件包签名是否正确 +# 参数: +# $1 - 软件包签名文件 +# $2 - 软件包文件 +# $3 - PGPKEY +check_pgp() { + local name_asc=${1:?missing asc file name} + local name=${2:?missing file name} + local keys="${3:?missing key id}" + + GNUPGHOME="$(mktemp -d)" + for key in $keys; do + gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${key}" || + gpg --batch --keyserver pgp.mit.edu --recv-keys "${key}" || + gpg --batch --keyserver keys.gnupg.net --recv-keys "${key}" || + gpg --batch --keyserver keyserver.pgp.com --recv-keys "${key}"; + done + gpg --batch --verify "$name_asc" "$name" + command -v gpgconf > /dev/null && gpgconf --kill all + rm -rf "$GNUPGHOME" "$name_asc" +} + +# 从私有服务器下载软件包,如果不存在,则从官网服务器下载 +# 参数: +# $1 - 软件包全名(字符串) +# $2 - 官网路径(字符串) +# $3 - "-c"/"--checksum" +# $4 - 软件包SHA256值 +# $3 - "-g"/"--pgpkey" +# $4 - 用于软件包签名的KEY ID +# 例子: +# . /usr/local/scripts/libdownload.sh && download_dist "java" "11.0.7-0" --checksum 02a1fc9b79b11617ad39221667f6a34209f5c45ca908268f8ba6c264a2577ee2 +download_dist() { + local name="${1:?name is required}" + local base_urls="${2:?url is required}" + local package_sha256="" + local pgp_key="" + local success="" + + # 获取SHA256或PGP KEY + shift 2 + while [ "$#" -gt 0 ]; do + case "$1" in + -c|--checksum) + shift + package_sha256="${1:?missing package checksum}" + ;; + -g|--pgpkey) + shift + pgp_key="${1:?missing package PGP key}" + ;; + *) + echo "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + echo "Downloading $name package" + for url in $CV_BASE $base_urls; do + if wget -O "$name" "$url$name" && [ -s "$name" ]; then + if [ -n "$pgp_key" ]; then + wget -O "$name.asc" "$url$name.asc" + if [ ! -e "$name.asc" ]; then + wget -O "$name.asc" "$url$name.sig" + fi + fi + success=1 + break + fi + done + + if [ -n "$success" ]; then + if [ -n "$package_sha256" ]; then + echo "Verifying package whith sha256" + echo "$package_sha256 *${name}" | sha256sum --check - + fi + + if [ -n "$pgp_key" ]; then + echo "Verifying package with PGP" + check_pgp "$name.asc" "$name" "$pgp_key" + fi + else + [ -n "$success" ] + fi +} diff --git a/alpine/prebuilds/usr/local/scripts/libfile.sh b/alpine/prebuilds/usr/local/scripts/libfile.sh new file mode 100644 index 0000000..1e664c1 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libfile.sh @@ -0,0 +1,78 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 文件操作函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存 +# 变量: +# $1 - 需要设置的环境变量名称 +# $2 - 该变量对应的默认值(Option) +# +# 使用: file_env ENV_VAR [DEFAULT] +file_env() { + local var="$1" + local fileVar="${var}_FILE" + local def="${2:-}" + if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then + LOG_E "Both $var and $fileVar are set (but are exclusive)" + exit 1 + fi + + local val="$def" + if [ "${!var:-}" ]; then + val="${!var}" + elif [ "${!fileVar:-}" ]; then + val="$(< "${!fileVar}")" + fi + + export "$var"="$val" + unset "$fileVar" +} + +# 使用规则表达式在文件中替换数据 +# 参数: +# $1 - 文件名 +# $2 - 正则表达式 +# $3 - 替代数据表达式 +# $4 - 是否使用POSIX表达式. Default: true +replace_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local substitute_regex="${3:?substitute regex is required}" + local posix_regex=${4:-true} + + local result + + # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 + if [[ $posix_regex = true ]]; then + result="$(sed -E "s@$match_regex@$substitute_regex@g" "$filename")" + else + result="$(sed "s@$match_regex@$substitute_regex@g" "$filename")" + fi + echo "$result" > "$filename" +} + +# 使用规则表达式在文件中删除数据 +# 参数: +# $1 - 文件名 +# $2 - 正则表达式 +# $3 - 是否使用POSIX表达式. Default: true +remove_in_file() { + local filename="${1:?filename is required}" + local match_regex="${2:?match regex is required}" + local posix_regex=${3:-true} + local result + + # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 + if [[ $posix_regex = true ]]; then + result="$(sed -E "/$match_regex/d" "$filename")" + else + result="$(sed "/$match_regex/d" "$filename")" + fi + echo "$result" > "$filename" +} diff --git a/alpine/prebuilds/usr/local/scripts/libfs.sh b/alpine/prebuilds/usr/local/scripts/libfs.sh new file mode 100644 index 0000000..f9f73d3 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libfs.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Ver: 1.1 by Endial Fang (endial@126.com) +# +# 文件管理函数库 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# Ensure a file/directory is owned (user and group) but the given user +# Arguments: +# $1 - filepath +# $2 - owner +ensure_owned_by() { + local path="${1:?path is missing}" + local owner="${2:?owner is missing}" + + chown "$owner":"$owner" "$path" +} + +# 检测目录是否存在,如果不存在则创建,同时修改为指定的用户 +# Arguments: +# $1 - directory +# $2 - owner +ensure_dir_exists() { + local dir="${1:?directory is missing}" + local owner="${2:-}" + + mkdir -p "${dir}" + if [[ -n $owner ]]; then + ensure_owned_by "$dir" "$owner" + fi +} + +# 检测目录是否存在或为空 +# 参数: +# $1 - 目录路径 +# 返回值: +# 布尔值 +is_dir_empty() { + local dir="${1:?missing directory}" + + if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then + true + else + false + fi +} + +# 循环设置目录中子目录及文件权限 +# 参数: +# $1 - paths (as a string). +# Flags: +# -f|--file-mode - 文件权限模式 +# -d|--dir-mode - 目录权限模式 +# -u|--user - 用户 +# -g|--group - 用户组 +configure_permissions_ownership() { + local -r paths="${1:?paths is missing}" + local dir_mode="" + local file_mode="" + local user="" + local group="" + + # Validate arguments + shift 1 + while [ "$#" -gt 0 ]; do + case "$1" in + -f|--file-mode) + shift + file_mode="${1:?missing mode for files}" + ;; + -d|--dir-mode) + shift + dir_mode="${1:?missing mode for directories}" + ;; + -u|--user) + shift + user="${1:?missing user}" + ;; + -g|--group) + shift + group="${1:?missing group}" + ;; + *) + LOG_E "Invalid command line flag $1" >&2 + return 1 + ;; + esac + shift + done + + read -r -a filepaths <<< "$paths" + for p in "${filepaths[@]}"; do + if [[ -e "$p" ]]; then + LOG_D "Check $p" + if [[ -n ${dir_mode} ]]; then + LOG_D "Change permissions to ${dir_mode} of directories in $p" + find -L "$p" -type d -print | xargs -i chmod "${dir_mode}" '{}' + fi + if [[ -n ${file_mode} ]]; then + LOG_D "Change permissions to ${file_mode} of files in $p" + find -L "$p" -type f -print | xargs -i chmod "${file_mode}" '{}' + fi + if [[ -n $user ]] && [[ -n ${group} ]]; then + LOG_D "Change ownership to ${user}:${group} of files and directories in $p" + find -L "$p" \( \! -user ${user} -or \! -group ${group} \) -print | xargs -i chown -L "${user}":"${group}" '{}' + elif [[ -n $user ]] && [[ -z $group ]]; then + LOG_D "Change user to ${user} of files and directories in $p" + find -L "$p" \! -user ${user} -print | xargs -i chown -L "${user}" '{}' + elif [[ -z $user ]] && [[ -n $group ]]; then + LOG_D "Change group to ${group} of files and directories in $p" + find -L "$p" \! -group ${group} -print | xargs -i chgrp -L "${group}" '{}' + fi + else + LOG_E "$p does not exist" + fi + done +} \ No newline at end of file diff --git a/alpine/prebuilds/usr/local/scripts/liblog.sh b/alpine/prebuilds/usr/local/scripts/liblog.sh new file mode 100644 index 0000000..3d91af4 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/liblog.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 日志处理函数库 + +# 定义颜色信息 +RESET='\033[0m' +RED='\033[31;1m' +GREEN='\033[32;2m' +YELLOW='\033[33;1m' +MAGENTA='\033[36;2m' +CYAN='\033[35;2m' +BLUE='\033[34;2m' + +# 函数列表 + +# 输出实际日志信息 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_RAW() { + local type="$1"; shift + case "${type}" in + x) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${BLUE}DEBUG${RESET} %b\n" "$(date "+%T.%2N")" "${*}" ;; + I) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${GREEN}INFO ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; + W) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${YELLOW}WARN ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; + E) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${RED}ERROR${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; + esac +} + +# 输出调试类日志信息,尽量少使用 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_D() { + local -r bool="${ENV_DEBUG:-false}" + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + LOG_RAW x "$@" + fi +} + +# 输出提示信息类日志信息 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_I() { + shopt -s nocasematch + LOG_RAW I "$@" +} + +# 输出警告类日志信息至sterr +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_W() { + LOG_RAW W "$@" >&2 +} + +# 输出错误类日志信息至sterr,并退出脚本 +# 参数: +# $1 - 日志类型 +# $2 - 日志信息 +LOG_E() { + LOG_RAW E "$@" >&2 +} diff --git a/alpine/prebuilds/usr/local/scripts/libnet.sh b/alpine/prebuilds/usr/local/scripts/libnet.sh new file mode 100644 index 0000000..b5136c7 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libnet.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 网络管理函数库 + +# shellcheck disable=SC1091 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 解析主机名为 IP +# 参数: +# $1 - 待解析的主机名 +# 返回值: +# IP 地址 +######################### +dns_lookup() { + local host="${1:?host is missing}" + getent ahosts "$host" | awk '/STREAM/ {print $1 }' +} + +# 等待主机名解析,并返回 IP +# 参数: +# $1 - 主机名 +# $2 - 重试次数 +# $3 - 重试间隔(秒) +# 返回值: +# - IP 地址 +wait_for_dns_lookup() { + local hostname="${1:?hostname is missing}" + local retries="${2:-5}" + local seconds="${3:-1}" + check_host() { + if [[ $(dns_lookup "$hostname") == "" ]]; then + false + else + true + fi + } + # Wait for the host to be ready + retry_while "check_host ${hostname}" "$retries" "$seconds" + dns_lookup "$hostname" +} + +# 获取机器的 IP +# 返回值: +# - IP 地址 +get_machine_ip() { + dns_lookup "$(hostname)" +} + +# 检测提供的参数是否为可解析地址的主机名 +# 参数: +# $1 - 待检测值 +# 返回值: +# 布尔值 +is_hostname_resolved() { + local -r host="${1:?missing value}" + if [[ -n "$(dns_lookup "$host")" ]]; then + true + else + false + fi +} + +# 解析 URL +# 参数: +# $1 - URI 字符串 +# $2 - 待解析参数字符串。有效值 (scheme, authority, userinfo, host, port, path, query or fragment) +# 返回值: +# 字符串 +parse_uri() { + local uri="${1:?uri is missing}" + local component="${2:?component is missing}" + + # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with + # additional sub-expressions to split authority into userinfo, host and port + # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) + local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' + # || | ||| | | | | | | | | | + # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment + # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... + # | 4 authority + # 3 //... + local index=0 + case "$component" in + scheme) + index=2 + ;; + authority) + index=4 + ;; + userinfo) + index=6 + ;; + host) + index=7 + ;; + port) + index=9 + ;; + path) + index=10 + ;; + query) + index=13 + ;; + fragment) + index=14 + ;; + *) + stderr_print "unrecognized component $component" + return 1 + ;; + esac + [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" +} + \ No newline at end of file diff --git a/alpine/prebuilds/usr/local/scripts/libos.sh b/alpine/prebuilds/usr/local/scripts/libos.sh new file mode 100644 index 0000000..db4fcb2 --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libos.sh @@ -0,0 +1,159 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 操作系统控制函数库 + +# shellcheck disable=SC1091 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 检测指定用户账户是否存在 +# 参数: +# $1 - 用户账户 +# 返回值: +# 布尔值 +user_exists() { + local user="${1:?user is missing}" + id "$user" >/dev/null 2>&1 +} + +# 检测指定用户分组是否存在 +# 参数: +# $1 - 用户组 +# 返回值: +# 布尔值 +group_exists() { + local group="${1:?group is missing}" + getent group "$group" >/dev/null 2>&1 +} + +# 确保用户组存在,如果不存在则创建相应用户组 +# 参数: +# $1 - 用户组 +ensure_group_exists() { + local group="${1:?group is missing}" + + if ! group_exists "$group"; then + groupadd "$group" >/dev/null 2>&1 + fi +} + +# 确保用户组及用户账户存在,如果不存在则创建相应用户组及账户 +# 参数: +# $1 - 用户 +# $2 - 用户组 +ensure_user_exists() { + local user="${1:?user is missing}" + local group="${2:-}" + + if ! user_exists "$user"; then + useradd "$user" >/dev/null 2>&1 + fi + + if [[ -n "$group" ]]; then + ensure_group_exists "$group" + fi + + usermod -a -G "$group" "$user" >/dev/null 2>&1 +} + +# 获取系统可用内存 +# 返回值: +# 内存大小(MB) +get_total_memory() { + echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) +} + +# 获取以定量方式描述的内存大小 +# 参数: +# $1 - 内存大小 (可选) +# 返回值: +# 基于定量内存大小的内存大小描述 +get_machine_size() { + local memory="${1:-}" + if [[ -z "$memory" ]]; then + debug "Memory was not specified, detecting available memory automatically" + memory="$(get_total_memory)" + fi + sanitized_memory=$(convert_to_mb "$memory") + if [[ "$sanitized_memory" -gt 26000 ]]; then + echo 2xlarge + elif [[ "$sanitized_memory" -gt 13000 ]]; then + echo xlarge + elif [[ "$sanitized_memory" -gt 6000 ]]; then + echo large + elif [[ "$sanitized_memory" -gt 3000 ]]; then + echo medium + elif [[ "$sanitized_memory" -gt 1500 ]]; then + echo small + else + echo micro + fi +} + +# 获取已定义的所有内存大小描述 +# 返回值: +# 内存大小描述 +get_supported_machine_sizes() { + echo micro small medium large xlarge 2xlarge +} + +# 将以字符串表示的内存大小转换为以MB为单位的内存大小值 (i.e. 2G -> 2048) +# 参数: +# $1 - 内存大小 +# 返回值: +# 内存大小值(以MB为单位) +convert_to_mb() { + local amount="${1:-}" + if [[ $amount =~ ^([0-9]+)(M|G) ]]; then + size="${BASH_REMATCH[1]}" + unit="${BASH_REMATCH[2]}" + if [[ "$unit" = "G" ]]; then + amount="$((size * 1024))" + else + amount="$size" + fi + fi + echo "$amount" +} + +# 如果禁用调试模式,将输出信息重定向至 /dev/null +# 全局变量: +# ENV_DEBUG +# 参数: +# $@ - 待执行的命令 +debug_execute() { + local -r bool="${ENV_DEBUG:-false}" + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + "$@" >/dev/null 2>&1 + else + "$@" + fi +} + +# 重试执行命令 +# 参数: +# $1 - cmd (as a string) +# $2 - 最大尝试次数. Default: 12 +# $3 - 重试前等待时间(秒). Default: 5 +# 返回值: +# 布尔值 +retry_while() { + local -r cmd="${1:?cmd is missing}" + local -r retries="${2:-12}" + local -r sleep_time="${3:-5}" + local return_value=1 + + read -r -a command <<< "$cmd" + for ((i = 1 ; i <= retries ; i+=1 )); do + "${command[@]}" && return_value=0 && break + sleep "$sleep_time" + done + return $return_value +} + + \ No newline at end of file diff --git a/alpine/prebuilds/usr/local/scripts/libservice.sh b/alpine/prebuilds/usr/local/scripts/libservice.sh new file mode 100644 index 0000000..5d0948c --- /dev/null +++ b/alpine/prebuilds/usr/local/scripts/libservice.sh @@ -0,0 +1,132 @@ +#!/bin/bash +# Ver: 1.0 by Endial Fang (endial@126.com) +# +# 服务管理函数库 + +# shellcheck disable=SC1091 + +# 加载依赖项 +. /usr/local/scripts/liblog.sh # 日志输出函数库 + +# 函数列表 + +# 获取并返回服务 PID +# 参数: +# $1 - PID 文件 +# 返回值: +# PID +get_pid_from_file() { + local pid_file="${1:?pid file is missing}" + + if [[ -f "$pid_file" ]]; then + if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then + echo "$(< "$pid_file")" + fi + fi +} + +# 检测 PID 对应的服务是否在运行中 +# 参数: +# $1 - PID +# 返回值: +# Boolean +is_service_running() { + local pid="${1:?pid is missing}" + + kill -0 "$pid" 2>/dev/null +} + +# 通过发送信号停止一个指定的服务 +# 参数: +# $1 - PID 文件 +# $2 - 信号 (可选) +stop_service_using_pid() { + local pid_file="${1:?pid file is missing}" + local signal="${2:-}" + local pid + + pid="$(get_pid_from_file "$pid_file")" + [[ -z "$pid" ]] || ! is_service_running "$pid" && return + + if [[ -n "$signal" ]]; then + kill "-${signal}" "$pid" + else + kill "$pid" + fi + + local counter=10 + while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do + sleep 1 + counter=$((counter - 1)) + done +} + +# 为指定的服务生成一个监控配置文件 +# Arguments: +# $1 - 服务名 +# $2 - PID 文件 +# $3 - 启动命令 +# $4 - 停止命令 +# Flags: +# --disabled - Whether to disable the monit configuration +generate_monit_conf() { + local service_name="${1:?service name is missing}" + local pid_file="${2:?pid file is missing}" + local start_command="${3:?start command is missing}" + local stop_command="${4:?stop command is missing}" + local monit_conf_dir="/etc/monit/conf.d" + local disabled="no" + + # Parse optional CLI flags + shift 4 + while [[ "$#" -gt 0 ]]; do + case "$1" in + --disabled) + shift + disabled="$1" + ;; + *) + echo "Invalid command line flag ${1}" >&2 + return 1 + ;; + esac + shift + done + + is_boolean_yes "$disabled" && conf_suffix=".disabled" + mkdir -p "$monit_conf_dir" + cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <"${logrotate_conf_dir}/${service_name}" <= 0 )); then + true + else + false + fi +} + +# 检测数据是否为布尔值 '1' 或字符串 'yes/true' +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +is_boolean_yes() { + local -r bool="${1:-}" + # comparison is performed without regard to the case of alphabetic characters + shopt -s nocasematch + if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then + true + else + false + fi +} + +# 检测数据是否为字符串 'yes/no' +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +is_yes_no_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(yes|no)$ ]]; then + true + else + false + fi +} + +# 检测数据是否为字符串 'true/false' +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +is_true_false_value() { + local -r bool="${1:-}" + if [[ "$bool" =~ ^(true|false)$ ]]; then + true + else + false + fi +} + +# 检测提供的参数是否为空字符串或未定义 +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +is_empty_value() { + local -r val="${1:-}" + if [[ -z "$val" ]]; then + true + else + false + fi +} + +# 检测数据是否为有效的端口号 +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 或 错误消息 +validate_port() { + local value + local unprivileged=0 + + # Parse flags + while [[ "$#" -gt 0 ]]; do + case "$1" in + -unprivileged) + unprivileged=1 + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [[ "$#" -gt 1 ]]; then + echo "too many arguments provided" + return 2 + elif [[ "$#" -eq 0 ]]; then + stderr_print "missing port argument" + return 1 + else + value=$1 + fi + + if [[ -z "$value" ]]; then + echo "the value is empty" + return 1 + else + if ! is_int "$value"; then + echo "value is not an integer" + return 2 + elif [[ "$value" -lt 0 ]]; then + echo "negative value provided" + return 2 + elif [[ "$value" -gt 65535 ]]; then + echo "requested port is greater than 65535" + return 2 + elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then + echo "privileged port requested" + return 3 + fi + fi +} + +# 检测数据是否为有效的IPv4地址 +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +validate_ipv4() { + local ip="${1:?ip is missing}" + local stat=1 + + if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then + read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" + [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ + && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] + stat=$? + fi + return $stat +} + +# 校验字符串格式 +# 参数: +# $1 - 待检测的数据 +# 返回值: +# 布尔值 +validate_string() { + local string + local min_length=-1 + local max_length=-1 + + # Parse flags + while [ "$#" -gt 0 ]; do + case "$1" in + -min-length) + shift + min_length=${1:-} + ;; + -max-length) + shift + max_length=${1:-} + ;; + --) + shift + break + ;; + -*) + stderr_print "unrecognized flag $1" + return 1 + ;; + *) + break + ;; + esac + shift + done + + if [ "$#" -gt 1 ]; then + stderr_print "too many arguments provided" + return 2 + elif [ "$#" -eq 0 ]; then + stderr_print "missing string" + return 1 + else + string=$1 + fi + + if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then + echo "string length is less than $min_length" + return 1 + fi + if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then + echo "string length is great than $max_length" + return 1 + fi +} \ No newline at end of file diff --git a/alpine/sources/repositories.aliyun b/alpine/sources/repositories.aliyun new file mode 100644 index 0000000..817c5d5 --- /dev/null +++ b/alpine/sources/repositories.aliyun @@ -0,0 +1,2 @@ +http://mirrors.aliyun.com/alpine/v3.12/main +http://mirrors.aliyun.com/alpine/v3.12/community diff --git a/alpine/sources/repositories.default b/alpine/sources/repositories.default new file mode 100644 index 0000000..1ad9e4f --- /dev/null +++ b/alpine/sources/repositories.default @@ -0,0 +1,2 @@ +http://dl-cdn.alpinelinux.org/alpine/v3.12/main +http://dl-cdn.alpinelinux.org/alpine/v3.12/community diff --git a/alpine/sources/repositories.huawei b/alpine/sources/repositories.huawei new file mode 100644 index 0000000..9640c9b --- /dev/null +++ b/alpine/sources/repositories.huawei @@ -0,0 +1,2 @@ +http://mirrors.huaweicloud.com/alpine/v3.12/main +http://mirrors.huaweicloud.com/alpine/v3.12/community diff --git a/alpine/sources/repositories.tencent b/alpine/sources/repositories.tencent new file mode 100644 index 0000000..cce0b79 --- /dev/null +++ b/alpine/sources/repositories.tencent @@ -0,0 +1,2 @@ +http://mirrors.cloud.tencent.com/alpine/v3.12/main +http://mirrors.cloud.tencent.com/alpine/v3.12/community diff --git a/alpine/sources/repositories.ustc b/alpine/sources/repositories.ustc new file mode 100644 index 0000000..efbdede --- /dev/null +++ b/alpine/sources/repositories.ustc @@ -0,0 +1,2 @@ +http://mirrors.ustc.edu.cn/alpine/v3.12/main +http://mirrors.ustc.edu.cn/alpine/v3.12/community