docker/debian-builder
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[debian]更新脚本;更新源文件存放位置;更新Makefile

Browse Source
This commit is contained in:
房振会
2020-09-03 15:08:56 +08:00
parent 8ac1dd7877
commit ddcdb7128d
21 changed files with 121 additions and 1191 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Dockerfile
+5 -31
View File
@@ -2,45 +2,19 @@
#
FROM debian:buster-slim
# ARG参数使用"--build-arg"指定。如 "--build-arg apt_source=tencent"
# APT源配置:default / tencent / ustc / aliyun / huawei
ARG apt_source=tencent
# 定义应用基础目录信息,该常量在容器内可使用
ENV APP_CONF_DIR=/srv/conf \
APP_DATA_DIR=/srv/data
LABEL \
"Version"="v10" \
"Description"="Docker image for Builder based on Debian." \
"Dockerfile"="https://github.com/colovu/docker-builder" \
"Vendor"="Endial Fang (endial@126.com)"
# 拷贝默认 Shell 脚本至容器相关目录中
COPY prebuilds /
COPY sources /etc/apt/sources/
COPY customer /
RUN select_source ${apt_source}
RUN install_pkg sudo wget curl ca-certificates gnupg dirmngr dpkg apt-transport-https lsb-release iproute2 net-tools iputils-ping nano build-essential
RUN prepare_env && create_user
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
RUN export DEBIAN_FRONTEND=noninteractive; \
set -eux; \
\
cp /etc/apt/sources/sources.list.${apt_source} /etc/apt/sources.list; \
apt-get update; \
# apt-get upgrade -y; \
\
export APP_DIRS="${APP_CONF_DIR} ${APP_DATA_DIR}"; \
mkdir -p ${APP_DIRS}; \
\
fetchDeps=" \
wget curl ca-certificates apt-transport-https \
lsb-release iproute2 net-tools iputils-ping \
\
nano \
build-essential \
"; \
apt-get install -y --no-install-recommends ${fetchDeps}; \
apt-get purge -y --auto-remove; \
apt-get autoclean -y; \
rm -rf /var/lib/apt/lists/*;
CMD []
CMD []
Makefile
+12 -6
View File
@@ -2,8 +2,8 @@
#
# 当前 Docker 镜像的编译脚本
debian_name := colovu/debian-builder
alpine_name := colovu/alpine-builder
debian_name := colovu/dbuilder
alpine_name := colovu/abuilder
local_registory := repo-dev.konkawise.com
# 生成镜像TAG,类似:<镜像名>:<分支名>-<Git ID> 或 <镜像名>:latest-<年月日>-<时分秒>
@@ -11,17 +11,17 @@ current_subversion:=$(shell if [[ -d .git ]]; then git rev-parse --short HEAD; e
current_tag:=$(shell if [[ -d .git ]]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion)
# Sources List: default / tencent / ustc / aliyun / huawei
build-arg:=--build-arg apt_source=tencent
source-name:=tencent
.PHONY: build clean clearclean upgrade tag
.PHONY: build clean clearclean upgrade tag push
build:
@echo "Build $(debian_name):$(current_tag)"
@docker build --force-rm $(build-arg) -t $(debian_name):$(current_tag) .
@docker build --force-rm --build-arg apt_source=$(source-name) -t $(debian_name):$(current_tag) .
@echo "Add tag: $(debian_name):latest"
@docker tag "$(debian_name):$(current_tag)" $(debian_name):latest
@echo "Build $(alpine_name):$(current_tag)"
@docker build --force-rm $(build-arg) -t $(alpine_name):$(current_tag) ./alpine
@docker build --force-rm --build-arg apk_source=$(source-name) -t $(alpine_name):$(current_tag) ./alpine
@echo "Add tag: $(alpine_name):latest"
@docker tag "$(alpine_name):$(current_tag)" $(alpine_name):latest
@@ -41,6 +41,12 @@ tag:
@echo "Add tag: $(local_registory)/$(alpine_name):latest"
@docker tag $(alpine_name) $(local_registory)/$(alpine_name)
push:
@echo "Push: $(local_registory)/$(alpine_name):latest"
@docker push $(local_registory)/$(debian_name)
@echo "Push: $(local_registory)/$(alpine_name):latest"
@docker push $(local_registory)/$(alpine_name)
# 更新所有 colovu 仓库的镜像
upgrade:
@echo "Upgrade all images..."
README.md
+15 -7
View File
@@ -4,6 +4,11 @@
该镜像主要用于在使用多阶段方式制作镜像时,进行软件的下载、编译等预处理操作。预安装软件包节省软件包下载及更新时间。
其中:
- dbuilder:基于 Debian 系统的 Builder 环境
- abuilder:基于 Alpine 系统的 Builder环境
**版本信息:**
- latest
@@ -11,8 +16,8 @@
**镜像信息:**
* 镜像地址:
* colovu/debian-builder:latest
* colovu/alpine-builder:latest
* colovu/dbuilder:latest
* colovu/abuilder:latest
## 数据卷
@@ -23,13 +28,19 @@
/srv/conf # 配置文件目录
```
## 用户
镜像中增加用户`builder`,并为该用户配置了`sudo`权限。
## 使用方式
使用`--from=0`方式:
```dockerfile
# 预编译阶段
FROM alpine-builder
FROM colovu/abuilder
WORKDIR /build
RUN \
@@ -40,7 +51,6 @@ RUN \
# 镜像生成阶段
FROM scratch
# 从编译阶段的中拷贝编译结果到当前镜像中
COPY --from=0 /usr/local/bin/gosu /usr/local/bin/
CMD []
@@ -50,13 +60,12 @@ CMD []
```dockerfile
# 预编译阶段。命名为`builder`
FROM alpine-builder as builder
FROM colovu/abuilder as builder
# ... 省略
# 镜像生成阶段
FROM scratch
# 从编译阶段的中拷贝编译结果到当前镜像中
COPY --from=builder /usr/local/bin/gosu /usr/local/bin/
CMD []
@@ -68,7 +77,6 @@ CMD []
- 不用安装、删除临时软件,方式生成多余的垃圾文件;预编译阶段的内容使用完即丢弃,不会对镜像大小产生影响
customer/usr/sbin/create_user
Executable
+8
View File
@@ -0,0 +1,8 @@
#!/bin/bash
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
set -eux
groupadd --gid 998 --system builder
useradd --gid 998 --uid 999 --shell /bin/bash --home /srv/data --system builder
sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers
echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
customer/usr/sbin/prepare_env
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
set -eux
mkdir -p /srv/data /srv/conf
prebuilds/etc/apt/sources/sources.list.aliyun
+9
View File
@@ -0,0 +1,9 @@
deb http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb http://mirrors.aliyun.com/debian-security buster/updates main
deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.aliyun.com/debian-security buster/updates main
deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib
prebuilds/etc/apt/sources/sources.list.default
+6
View File
@@ -0,0 +1,6 @@
# deb http://snapshot.debian.org/archive/debian/20200607T000000Z buster main
deb http://deb.debian.org/debian buster main
# deb http://snapshot.debian.org/archive/debian-security/20200607T000000Z buster/updates main
deb http://security.debian.org/debian-security buster/updates main
# deb http://snapshot.debian.org/archive/debian/20200607T000000Z buster-updates main
deb http://deb.debian.org/debian buster-updates main
prebuilds/etc/apt/sources/sources.list.huawei
+9
View File
@@ -0,0 +1,9 @@
deb http://mirrors.huaweicloud.com/debian/ buster main contrib non-free
deb http://mirrors.huaweicloud.com/debian/ buster-updates main contrib non-free
deb http://mirrors.huaweicloud.com/debian/ buster-backports main contrib non-free
deb http://mirrors.huaweicloud.com/debian-security/ buster/updates main contrib non-free
deb-src http://mirrors.huaweicloud.com/debian/ buster main contrib non-free
deb-src http://mirrors.huaweicloud.com/debian/ buster-updates main contrib non-free
deb-src http://mirrors.huaweicloud.com/debian/ buster-backports main contrib non-free
prebuilds/etc/apt/sources/sources.list.tencent
+10
View File
@@ -0,0 +1,10 @@
deb http://mirrors.cloud.tencent.com/debian/ buster main non-free contrib
deb http://mirrors.cloud.tencent.com/debian-security buster/updates main
deb http://mirrors.cloud.tencent.com/debian/ buster-updates main non-free contrib
deb http://mirrors.cloud.tencent.com/debian/ buster-backports main non-free contrib
deb-src http://mirrors.cloud.tencent.com/debian-security buster/updates main
deb-src http://mirrors.cloud.tencent.com/debian/ buster main non-free contrib
deb-src http://mirrors.cloud.tencent.com/debian/ buster-updates main non-free contrib
deb-src http://mirrors.cloud.tencent.com/debian/ buster-backports main non-free contrib
prebuilds/etc/apt/sources/sources.list.ustc
+10
View File
@@ -0,0 +1,10 @@
deb http://mirrors.ustc.edu.cn/debian/ buster main contrib non-free
deb http://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free
deb http://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free
deb http://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free
deb-src http://mirrors.ustc.edu.cn/debian/ buster main contrib non-free
deb-src http://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free
deb-src http://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free
deb-src http://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free
prebuilds/usr/local/scripts/libcommon.sh
-146
View File
@@ -1,146 +0,0 @@
#!/bin/bash
# Ver: 1.1 by Endial Fang (endial@126.com)
#
# shellcheck disable=SC1091
BOLD='\033[1m'
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 打印包含包含Logo的欢迎信息
# 全局变量:
# APP_NAME
print_image_welcome_page() {
_is_restart && return
local github_url="https://github.com/colovu/docker-${APP_NAME}"
LOG_I ""
LOG_I " ######## ######## ### ######## ### ## ### ##"
LOG_I " ### ## ### ## ### ### ## ### ## ### ##"
LOG_I " ### ### ## ### ### ## ### ## ### ##"
LOG_I " ### ### ## ### ### ## ### ## ### ##"
LOG_I " ### ### ## ### ### ## ### ## ### ##"
LOG_I " ### ## ### ## ### ### ## #### ### ##"
LOG_I "######## ######## ######## ######## ## ########"
LOG_I ""
LOG_I "Welcome to the ${BOLD}${APP_NAME}${RESET} container"
LOG_I "Project on Github: ${BOLD}${github_url}${RESET}"
LOG_I "Send us your feedback at ${BOLD}endial@126.com${RESET}"
LOG_I ""
}
# 根据需要打印欢迎信息
# 全局变量:
# ENV_DISABLE_WELCOME_MESSAGE
# APP_NAME
docker_print_welcome() {
if [[ -z "${ENV_DISABLE_WELCOME_MESSAGE:-}" ]]; then
if [[ -n "$APP_NAME" ]]; then
print_image_welcome_page
fi
fi
}
# 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0
# 参数:
# $1 - 待检测的参数表
docker_command_help() {
local arg
for arg; do
case "$arg" in
-'?'|--help|-V|--version)
return 0
;;
esac
done
return 1
}
# 根据脚本扩展名及权限,执行相应的初始化脚本
# 参数:
# $1 - 文件列表,支持路径通配符
# 使用:
# docker_process_init_files [file [file [...]]]
# 例子:
# docker_process_init_files /src/conf/${APP_NAME}/initdb.d/*
docker_process_init_files() {
echo
local f
for f; do
case "$f" in
*.sh)
if [ -x "$f" ]; then
LOG_I "$0: running $f"
"$f"
else
LOG_I "$0: sourcing $f"
. "$f"
fi
;;
*) LOG_W "$0: ignoring $f" ;;
esac
echo
done
}
# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份
# 默认配置文件路径:/etc/${APP_NAME}
# 目标配置文件路径:/srv/conf/${APP_NAME}
# 参数:
# $1 - 基础路径
# $* - 基础路径下的文件及目录列表,以" "分割
# 例子:
# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf
ensure_config_file_exist() {
local -r base_path="${1:?paths is missing}"
local f=""
local dist=""
shift 1
LOG_D "List to check: $@"
while [ "$#" -gt 0 ]; do
f="${1}"
LOG_D "Process \"${f}\""
if [ -d "${base_path}/${f}" ]; then
dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')"
[[ ! -d "${dist}" ]] && LOG_I "Create directory: ${dist}" && mkdir -p "${dist}"
[[ ! -z $(ls -A "${base_path}/${f}") ]] && ensure_config_file_exist "${base_path}/${f}" $(ls -A "${base_path}/${f}")
else
dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')"
[[ ! -e "${dist}" ]] && LOG_I "Copy: ${base_path}/${f} ===> ${dist}" && cp "${base_path}/${f}" "${dist}" && rm -rf "/srv/conf/${APP_NAME}/.app_init_flag"
fi
shift
done
}
# 检测当前用户是否为 root
# 返回值:
# 布尔值
_is_run_as_root() {
if [[ "$(id -u)" = "0" ]]; then
LOG_D "Check if run as root: Yes"
true
else
LOG_D "Check if run as root: No (ID $(id -u))"
false
fi
}
_is_restart() {
if [ x"${RESTART_FLAG:-}" = "x" ]; then
false
else
true
fi
}
# 检测当前脚本是被直接执行的,还是从其他脚本中使用 "source" 调用的
_is_sourced() {
[ "${#FUNCNAME[@]}" -ge 2 ] \
&& [ "${FUNCNAME[0]}" = '_is_sourced' ] \
&& [ "${FUNCNAME[1]}" = 'source' ]
}
prebuilds/usr/local/scripts/libdownload.sh
-97
View File
@@ -1,97 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 从服务器(列表)下载相应软件包
# Constants
#CV_BASE="http://archive.colovu.com/dist-files/"
#CV_BASE="http://10.37.129.2/dist-files/"
CV_BASE=""
# 检测软件包签名是否正确
# 参数:
# $1 - 软件包签名文件
# $2 - 软件包文件
# $3 - PGPKEY
check_pgp() {
local name_asc=${1:?missing asc file name}
local name=${2:?missing file name}
local keys="${3:?missing key id}"
GNUPGHOME="$(mktemp -d)"
for key in $keys; do
gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${key}" ||
gpg --batch --keyserver pgp.mit.edu --recv-keys "${key}" ||
gpg --batch --keyserver keys.gnupg.net --recv-keys "${key}" ||
gpg --batch --keyserver keyserver.pgp.com --recv-keys "${key}";
done
gpg --batch --verify "$name_asc" "$name"
command -v gpgconf > /dev/null && gpgconf --kill all
rm -rf "$GNUPGHOME" "$name_asc"
}
# 从私有服务器下载软件包,如果不存在,则从官网服务器下载
# 参数:
# $1 - 软件包全名(字符串)
# $2 - 官网路径(字符串)
# $3 - "-c"/"--checksum"
# $4 - 软件包SHA256值
# $3 - "-g"/"--pgpkey"
# $4 - 用于软件包签名的KEY ID
# 例子:
# . /usr/local/scripts/libdownload.sh && download_dist "java" "11.0.7-0" --checksum 02a1fc9b79b11617ad39221667f6a34209f5c45ca908268f8ba6c264a2577ee2
download_dist() {
local name="${1:?name is required}"
local base_urls="${2:?url is required}"
local package_sha256=""
local pgp_key=""
local success=""
# 获取SHA256或PGP KEY
shift 2
while [ "$#" -gt 0 ]; do
case "$1" in
-c|--checksum)
shift
package_sha256="${1:?missing package checksum}"
;;
-g|--pgpkey)
shift
pgp_key="${1:?missing package PGP key}"
;;
*)
echo "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
echo "Downloading $name package"
for url in $CV_BASE $base_urls; do
if wget -O "$name" "$url$name" && [ -s "$name" ]; then
if [ -n "$pgp_key" ]; then
wget -O "$name.asc" "$url$name.asc"
if [ ! -e "$name.asc" ]; then
wget -O "$name.asc" "$url$name.sig"
fi
fi
success=1
break
fi
done
if [ -n "$success" ]; then
if [ -n "$package_sha256" ]; then
echo "Verifying package whith sha256"
echo "$package_sha256 *${name}" | sha256sum --check -
fi
if [ -n "$pgp_key" ]; then
echo "Verifying package with PGP"
check_pgp "$name.asc" "$name" "$pgp_key"
fi
else
[ -n "$success" ]
fi
}
prebuilds/usr/local/scripts/libfile.sh
-78
View File
@@ -1,78 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 文件操作函数库
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存
# 变量:
# $1 - 需要设置的环境变量名称
# $2 - 该变量对应的默认值(Option)
#
# 使用: file_env ENV_VAR [DEFAULT]
file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
LOG_E "Both $var and $fileVar are set (but are exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# 使用规则表达式在文件中替换数据
# 参数:
# $1 - 文件名
# $2 - 正则表达式
# $3 - 替代数据表达式
# $4 - 是否使用POSIX表达式. Default: true
replace_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local substitute_regex="${3:?substitute regex is required}"
local posix_regex=${4:-true}
local result
# 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作
if [[ $posix_regex = true ]]; then
result="$(sed -E "s@$match_regex@$substitute_regex@g" "$filename")"
else
result="$(sed "s@$match_regex@$substitute_regex@g" "$filename")"
fi
echo "$result" > "$filename"
}
# 使用规则表达式在文件中删除数据
# 参数:
# $1 - 文件名
# $2 - 正则表达式
# $3 - 是否使用POSIX表达式. Default: true
remove_in_file() {
local filename="${1:?filename is required}"
local match_regex="${2:?match regex is required}"
local posix_regex=${3:-true}
local result
# 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作
if [[ $posix_regex = true ]]; then
result="$(sed -E "/$match_regex/d" "$filename")"
else
result="$(sed "/$match_regex/d" "$filename")"
fi
echo "$result" > "$filename"
}
prebuilds/usr/local/scripts/libfs.sh
-120
View File
@@ -1,120 +0,0 @@
#!/bin/bash
# Ver: 1.1 by Endial Fang (endial@126.com)
#
# 文件管理函数库
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# Ensure a file/directory is owned (user and group) but the given user
# Arguments:
# $1 - filepath
# $2 - owner
ensure_owned_by() {
local path="${1:?path is missing}"
local owner="${2:?owner is missing}"
chown "$owner":"$owner" "$path"
}
# 检测目录是否存在,如果不存在则创建,同时修改为指定的用户
# Arguments:
# $1 - directory
# $2 - owner
ensure_dir_exists() {
local dir="${1:?directory is missing}"
local owner="${2:-}"
mkdir -p "${dir}"
if [[ -n $owner ]]; then
ensure_owned_by "$dir" "$owner"
fi
}
# 检测目录是否存在或为空
# 参数:
# $1 - 目录路径
# 返回值:
# 布尔值
is_dir_empty() {
local dir="${1:?missing directory}"
if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then
true
else
false
fi
}
# 循环设置目录中子目录及文件权限
# 参数:
# $1 - paths (as a string).
# Flags:
# -f|--file-mode - 文件权限模式
# -d|--dir-mode - 目录权限模式
# -u|--user - 用户
# -g|--group - 用户组
configure_permissions_ownership() {
local -r paths="${1:?paths is missing}"
local dir_mode=""
local file_mode=""
local user=""
local group=""
# Validate arguments
shift 1
while [ "$#" -gt 0 ]; do
case "$1" in
-f|--file-mode)
shift
file_mode="${1:?missing mode for files}"
;;
-d|--dir-mode)
shift
dir_mode="${1:?missing mode for directories}"
;;
-u|--user)
shift
user="${1:?missing user}"
;;
-g|--group)
shift
group="${1:?missing group}"
;;
*)
LOG_E "Invalid command line flag $1" >&2
return 1
;;
esac
shift
done
read -r -a filepaths <<< "$paths"
for p in "${filepaths[@]}"; do
if [[ -e "$p" ]]; then
LOG_D "Check $p"
if [[ -n ${dir_mode} ]]; then
LOG_D "Change permissions to ${dir_mode} of directories in $p"
find -L "$p" -type d -print | xargs -i chmod "${dir_mode}" '{}'
fi
if [[ -n ${file_mode} ]]; then
LOG_D "Change permissions to ${file_mode} of files in $p"
find -L "$p" -type f -print | xargs -i chmod "${file_mode}" '{}'
fi
if [[ -n $user ]] && [[ -n ${group} ]]; then
LOG_D "Change ownership to ${user}:${group} of files and directories in $p"
find -L "$p" \( \! -user ${user} -or \! -group ${group} \) -print | xargs -i chown -L "${user}":"${group}" '{}'
elif [[ -n $user ]] && [[ -z $group ]]; then
LOG_D "Change user to ${user} of files and directories in $p"
find -L "$p" \! -user ${user} -print | xargs -i chown -L "${user}" '{}'
elif [[ -z $user ]] && [[ -n $group ]]; then
LOG_D "Change group to ${group} of files and directories in $p"
find -L "$p" \! -group ${group} -print | xargs -i chgrp -L "${group}" '{}'
fi
else
LOG_E "$p does not exist"
fi
done
}
prebuilds/usr/local/scripts/liblog.sh
-66
View File
@@ -1,66 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 日志处理函数库
# 定义颜色信息
RESET='\033[0m'
RED='\033[31;1m'
GREEN='\033[32;2m'
YELLOW='\033[33;1m'
MAGENTA='\033[36;2m'
CYAN='\033[35;2m'
BLUE='\033[34;2m'
# 函数列表
# 输出实际日志信息
# 参数:
# $1 - 日志类型
# $2 - 日志信息
LOG_RAW() {
local type="$1"; shift
case "${type}" in
x) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${BLUE}DEBUG${RESET} %b\n" "$(date "+%T.%2N")" "${*}" ;;
I) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${GREEN}INFO ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
W) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${YELLOW}WARN ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
E) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${RED}ERROR${RESET} %b\n" "$(date "+%T.%2N")" "${*}";;
esac
}
# 输出调试类日志信息,尽量少使用
# 参数:
# $1 - 日志类型
# $2 - 日志信息
LOG_D() {
local -r bool="${ENV_DEBUG:-false}"
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
LOG_RAW x "$@"
fi
}
# 输出提示信息类日志信息
# 参数:
# $1 - 日志类型
# $2 - 日志信息
LOG_I() {
shopt -s nocasematch
LOG_RAW I "$@"
}
# 输出警告类日志信息至sterr
# 参数:
# $1 - 日志类型
# $2 - 日志信息
LOG_W() {
LOG_RAW W "$@" >&2
}
# 输出错误类日志信息至sterr,并退出脚本
# 参数:
# $1 - 日志类型
# $2 - 日志信息
LOG_E() {
LOG_RAW E "$@" >&2
}
prebuilds/usr/local/scripts/libnet.sh
-120
View File
@@ -1,120 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 网络管理函数库
# shellcheck disable=SC1091
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 解析主机名为 IP
# 参数:
# $1 - 待解析的主机名
# 返回值:
# IP 地址
#########################
dns_lookup() {
local host="${1:?host is missing}"
getent ahosts "$host" | awk '/STREAM/ {print $1 }'
}
# 等待主机名解析,并返回 IP
# 参数:
# $1 - 主机名
# $2 - 重试次数
# $3 - 重试间隔(秒)
# 返回值:
# - IP 地址
wait_for_dns_lookup() {
local hostname="${1:?hostname is missing}"
local retries="${2:-5}"
local seconds="${3:-1}"
check_host() {
if [[ $(dns_lookup "$hostname") == "" ]]; then
false
else
true
fi
}
# Wait for the host to be ready
retry_while "check_host ${hostname}" "$retries" "$seconds"
dns_lookup "$hostname"
}
# 获取机器的 IP
# 返回值:
# - IP 地址
get_machine_ip() {
dns_lookup "$(hostname)"
}
# 检测提供的参数是否为可解析地址的主机名
# 参数:
# $1 - 待检测值
# 返回值:
# 布尔值
is_hostname_resolved() {
local -r host="${1:?missing value}"
if [[ -n "$(dns_lookup "$host")" ]]; then
true
else
false
fi
}
# 解析 URL
# 参数:
# $1 - URI 字符串
# $2 - 待解析参数字符串。有效值 (scheme, authority, userinfo, host, port, path, query or fragment)
# 返回值:
# 字符串
parse_uri() {
local uri="${1:?uri is missing}"
local component="${2:?component is missing}"
# Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with
# additional sub-expressions to split authority into userinfo, host and port
# Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969)
local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?'
# || | ||| | | | | | | | | |
# |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment
# 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #...
# | 4 authority
# 3 //...
local index=0
case "$component" in
scheme)
index=2
;;
authority)
index=4
;;
userinfo)
index=6
;;
host)
index=7
;;
port)
index=9
;;
path)
index=10
;;
query)
index=13
;;
fragment)
index=14
;;
*)
stderr_print "unrecognized component $component"
return 1
;;
esac
[[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}"
}
prebuilds/usr/local/scripts/libos.sh
-159
View File
@@ -1,159 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 操作系统控制函数库
# shellcheck disable=SC1091
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 检测指定用户账户是否存在
# 参数:
# $1 - 用户账户
# 返回值:
# 布尔值
user_exists() {
local user="${1:?user is missing}"
id "$user" >/dev/null 2>&1
}
# 检测指定用户分组是否存在
# 参数:
# $1 - 用户组
# 返回值:
# 布尔值
group_exists() {
local group="${1:?group is missing}"
getent group "$group" >/dev/null 2>&1
}
# 确保用户组存在,如果不存在则创建相应用户组
# 参数:
# $1 - 用户组
ensure_group_exists() {
local group="${1:?group is missing}"
if ! group_exists "$group"; then
groupadd "$group" >/dev/null 2>&1
fi
}
# 确保用户组及用户账户存在,如果不存在则创建相应用户组及账户
# 参数:
# $1 - 用户
# $2 - 用户组
ensure_user_exists() {
local user="${1:?user is missing}"
local group="${2:-}"
if ! user_exists "$user"; then
useradd "$user" >/dev/null 2>&1
fi
if [[ -n "$group" ]]; then
ensure_group_exists "$group"
fi
usermod -a -G "$group" "$user" >/dev/null 2>&1
}
# 获取系统可用内存
# 返回值:
# 内存大小(MB)
get_total_memory() {
echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024))
}
# 获取以定量方式描述的内存大小
# 参数:
# $1 - 内存大小 (可选)
# 返回值:
# 基于定量内存大小的内存大小描述
get_machine_size() {
local memory="${1:-}"
if [[ -z "$memory" ]]; then
debug "Memory was not specified, detecting available memory automatically"
memory="$(get_total_memory)"
fi
sanitized_memory=$(convert_to_mb "$memory")
if [[ "$sanitized_memory" -gt 26000 ]]; then
echo 2xlarge
elif [[ "$sanitized_memory" -gt 13000 ]]; then
echo xlarge
elif [[ "$sanitized_memory" -gt 6000 ]]; then
echo large
elif [[ "$sanitized_memory" -gt 3000 ]]; then
echo medium
elif [[ "$sanitized_memory" -gt 1500 ]]; then
echo small
else
echo micro
fi
}
# 获取已定义的所有内存大小描述
# 返回值:
# 内存大小描述
get_supported_machine_sizes() {
echo micro small medium large xlarge 2xlarge
}
# 将以字符串表示的内存大小转换为以MB为单位的内存大小值 (i.e. 2G -> 2048)
# 参数:
# $1 - 内存大小
# 返回值:
# 内存大小值(以MB为单位)
convert_to_mb() {
local amount="${1:-}"
if [[ $amount =~ ^([0-9]+)(M|G) ]]; then
size="${BASH_REMATCH[1]}"
unit="${BASH_REMATCH[2]}"
if [[ "$unit" = "G" ]]; then
amount="$((size * 1024))"
else
amount="$size"
fi
fi
echo "$amount"
}
# 如果禁用调试模式,将输出信息重定向至 /dev/null
# 全局变量:
# ENV_DEBUG
# 参数:
# $@ - 待执行的命令
debug_execute() {
local -r bool="${ENV_DEBUG:-false}"
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
"$@" >/dev/null 2>&1
else
"$@"
fi
}
# 重试执行命令
# 参数:
# $1 - cmd (as a string)
# $2 - 最大尝试次数. Default: 12
# $3 - 重试前等待时间(秒). Default: 5
# 返回值:
# 布尔值
retry_while() {
local -r cmd="${1:?cmd is missing}"
local -r retries="${2:-12}"
local -r sleep_time="${3:-5}"
local return_value=1
read -r -a command <<< "$cmd"
for ((i = 1 ; i <= retries ; i+=1 )); do
"${command[@]}" && return_value=0 && break
sleep "$sleep_time"
done
return $return_value
}
prebuilds/usr/local/scripts/libservice.sh
-132
View File
@@ -1,132 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 服务管理函数库
# shellcheck disable=SC1091
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 获取并返回服务 PID
# 参数:
# $1 - PID 文件
# 返回值:
# PID
get_pid_from_file() {
local pid_file="${1:?pid file is missing}"
if [[ -f "$pid_file" ]]; then
if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then
echo "$(< "$pid_file")"
fi
fi
}
# 检测 PID 对应的服务是否在运行中
# 参数:
# $1 - PID
# 返回值:
# Boolean
is_service_running() {
local pid="${1:?pid is missing}"
kill -0 "$pid" 2>/dev/null
}
# 通过发送信号停止一个指定的服务
# 参数:
# $1 - PID 文件
# $2 - 信号 (可选)
stop_service_using_pid() {
local pid_file="${1:?pid file is missing}"
local signal="${2:-}"
local pid
pid="$(get_pid_from_file "$pid_file")"
[[ -z "$pid" ]] || ! is_service_running "$pid" && return
if [[ -n "$signal" ]]; then
kill "-${signal}" "$pid"
else
kill "$pid"
fi
local counter=10
while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do
sleep 1
counter=$((counter - 1))
done
}
# 为指定的服务生成一个监控配置文件
# Arguments:
# $1 - 服务名
# $2 - PID 文件
# $3 - 启动命令
# $4 - 停止命令
# Flags:
# --disabled - Whether to disable the monit configuration
generate_monit_conf() {
local service_name="${1:?service name is missing}"
local pid_file="${2:?pid file is missing}"
local start_command="${3:?start command is missing}"
local stop_command="${4:?stop command is missing}"
local monit_conf_dir="/etc/monit/conf.d"
local disabled="no"
# Parse optional CLI flags
shift 4
while [[ "$#" -gt 0 ]]; do
case "$1" in
--disabled)
shift
disabled="$1"
;;
*)
echo "Invalid command line flag ${1}" >&2
return 1
;;
esac
shift
done
is_boolean_yes "$disabled" && conf_suffix=".disabled"
mkdir -p "$monit_conf_dir"
cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <<EOF
check process ${service_name}
with pidfile "${pid_file}"
start program = "${start_command}" with timeout 90 seconds
stop program = "${stop_command}" with timeout 90 seconds
EOF
}
# 生成一个 Logrotate 配置文件
# Arguments:
# $1 - 日志路径
# $2 - Period
# $3 - Rotations 存储的数量
# $4 - 其他参数 (可选)
generate_logrotate_conf() {
local service_name="${1:?service name is missing}"
local log_path="${2:?log path is missing}"
local period="${3:-weekly}"
local rotations="${4:-150}"
local extra_options="${5:-}"
local logrotate_conf_dir="/etc/logrotate.d"
mkdir -p "$logrotate_conf_dir"
cat >"${logrotate_conf_dir}/${service_name}" <<EOF
${log_path} {
${period}
rotate ${rotations}
dateext
compress
copytruncate
missingok
${extra_options}
}
EOF
}
prebuilds/usr/local/scripts/libvalidations.sh
-229
View File
@@ -1,229 +0,0 @@
#!/bin/bash
# Ver: 1.0 by Endial Fang (endial@126.com)
#
# 数据有效性校验函数库
# 加载依赖项
. /usr/local/scripts/liblog.sh # 日志输出函数库
# 函数列表
# 检测数据是否为整数
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_int() {
local -r int="${1:?missing value}"
if [[ "$int" =~ ^-?[0-9]+ ]]; then
true
else
false
fi
}
# 检测数据是否为正整数
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_positive_int() {
local -r int="${1:?missing value}"
if is_int "$int" && (( "${int}" >= 0 )); then
true
else
false
fi
}
# 检测数据是否为布尔值 '1' 或字符串 'yes/true'
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_boolean_yes() {
local -r bool="${1:-}"
# comparison is performed without regard to the case of alphabetic characters
shopt -s nocasematch
if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then
true
else
false
fi
}
# 检测数据是否为字符串 'yes/no'
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_yes_no_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(yes|no)$ ]]; then
true
else
false
fi
}
# 检测数据是否为字符串 'true/false'
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_true_false_value() {
local -r bool="${1:-}"
if [[ "$bool" =~ ^(true|false)$ ]]; then
true
else
false
fi
}
# 检测提供的参数是否为空字符串或未定义
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
is_empty_value() {
local -r val="${1:-}"
if [[ -z "$val" ]]; then
true
else
false
fi
}
# 检测数据是否为有效的端口号
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值 或 错误消息
validate_port() {
local value
local unprivileged=0
# Parse flags
while [[ "$#" -gt 0 ]]; do
case "$1" in
-unprivileged)
unprivileged=1
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [[ "$#" -gt 1 ]]; then
echo "too many arguments provided"
return 2
elif [[ "$#" -eq 0 ]]; then
stderr_print "missing port argument"
return 1
else
value=$1
fi
if [[ -z "$value" ]]; then
echo "the value is empty"
return 1
else
if ! is_int "$value"; then
echo "value is not an integer"
return 2
elif [[ "$value" -lt 0 ]]; then
echo "negative value provided"
return 2
elif [[ "$value" -gt 65535 ]]; then
echo "requested port is greater than 65535"
return 2
elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then
echo "privileged port requested"
return 3
fi
fi
}
# 检测数据是否为有效的IPv4地址
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
validate_ipv4() {
local ip="${1:?ip is missing}"
local stat=1
if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then
read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")"
[[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \
&& ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]]
stat=$?
fi
return $stat
}
# 校验字符串格式
# 参数:
# $1 - 待检测的数据
# 返回值:
# 布尔值
validate_string() {
local string
local min_length=-1
local max_length=-1
# Parse flags
while [ "$#" -gt 0 ]; do
case "$1" in
-min-length)
shift
min_length=${1:-}
;;
-max-length)
shift
max_length=${1:-}
;;
--)
shift
break
;;
-*)
stderr_print "unrecognized flag $1"
return 1
;;
*)
break
;;
esac
shift
done
if [ "$#" -gt 1 ]; then
stderr_print "too many arguments provided"
return 2
elif [ "$#" -eq 0 ]; then
stderr_print "missing string"
return 1
else
string=$1
fi
if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then
echo "string length is less than $min_length"
return 1
fi
if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then
echo "string length is great than $max_length"
return 1
fi
}
prebuilds/usr/sbin/install_pkg
Executable
+29
View File
@@ -0,0 +1,29 @@
#!/bin/bash
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
set -eux
export DEBIAN_FRONTEND=noninteractive
n=0
max=2
until [ $n -gt $max ]; do
set +e
(
apt-get update &&
apt-get upgrade -y &&
apt-get install -y --no-install-recommends "$@"
)
CODE=$?
set -e
if [ $CODE -eq 0 ]; then
break
fi
if [ $n -eq $max ]; then
exit $CODE
fi
echo "apt failed, retrying"
n=$(($n + 1))
done
apt-get purge -y --auto-remove
apt-get autoclean -y
rm -r /var/lib/apt/lists /var/cache/apt/archives || :
prebuilds/usr/sbin/select_source
Executable
+4
View File
@@ -0,0 +1,4 @@
#!/bin/bash
# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行)
set -eux
cp /etc/apt/sources/sources.list.${apt_source:-default} /etc/apt/sources.list; \