From ddcdb7128df4546fa7dcc7303678cdc31e79c566 Mon Sep 17 00:00:00 2001 From: Endial Fang Date: Thu, 3 Sep 2020 15:08:56 +0800 Subject: [PATCH] =?UTF-8?q?[debian]=E6=9B=B4=E6=96=B0=E8=84=9A=E6=9C=AC?= =?UTF-8?q?=EF=BC=9B=E6=9B=B4=E6=96=B0=E6=BA=90=E6=96=87=E4=BB=B6=E5=AD=98?= =?UTF-8?q?=E6=94=BE=E4=BD=8D=E7=BD=AE=EF=BC=9B=E6=9B=B4=E6=96=B0Makefile?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Dockerfile | 36 +-- Makefile | 18 +- README.md | 22 +- customer/usr/sbin/create_user | 8 + customer/usr/sbin/prepare_env | 4 + prebuilds/etc/apt/sources/sources.list.aliyun | 9 + .../etc/apt/sources/sources.list.default | 6 + prebuilds/etc/apt/sources/sources.list.huawei | 9 + .../etc/apt/sources/sources.list.tencent | 10 + prebuilds/etc/apt/sources/sources.list.ustc | 10 + prebuilds/usr/local/scripts/libcommon.sh | 146 ----------- prebuilds/usr/local/scripts/libdownload.sh | 97 -------- prebuilds/usr/local/scripts/libfile.sh | 78 ------ prebuilds/usr/local/scripts/libfs.sh | 120 --------- prebuilds/usr/local/scripts/liblog.sh | 66 ----- prebuilds/usr/local/scripts/libnet.sh | 120 --------- prebuilds/usr/local/scripts/libos.sh | 159 ------------ prebuilds/usr/local/scripts/libservice.sh | 132 ---------- prebuilds/usr/local/scripts/libvalidations.sh | 229 ------------------ prebuilds/usr/sbin/install_pkg | 29 +++ prebuilds/usr/sbin/select_source | 4 + 21 files changed, 121 insertions(+), 1191 deletions(-) create mode 100755 customer/usr/sbin/create_user create mode 100755 customer/usr/sbin/prepare_env create mode 100644 prebuilds/etc/apt/sources/sources.list.aliyun create mode 100644 prebuilds/etc/apt/sources/sources.list.default create mode 100644 prebuilds/etc/apt/sources/sources.list.huawei create mode 100644 prebuilds/etc/apt/sources/sources.list.tencent create mode 100644 prebuilds/etc/apt/sources/sources.list.ustc delete mode 100644 prebuilds/usr/local/scripts/libcommon.sh delete mode 100644 prebuilds/usr/local/scripts/libdownload.sh delete mode 100644 prebuilds/usr/local/scripts/libfile.sh delete mode 100644 prebuilds/usr/local/scripts/libfs.sh delete mode 100644 prebuilds/usr/local/scripts/liblog.sh delete mode 100644 prebuilds/usr/local/scripts/libnet.sh delete mode 100644 prebuilds/usr/local/scripts/libos.sh delete mode 100644 prebuilds/usr/local/scripts/libservice.sh delete mode 100644 prebuilds/usr/local/scripts/libvalidations.sh create mode 100755 prebuilds/usr/sbin/install_pkg create mode 100755 prebuilds/usr/sbin/select_source diff --git a/Dockerfile b/Dockerfile index 0c943d1..65c7c4b 100644 --- a/Dockerfile +++ b/Dockerfile @@ -2,45 +2,19 @@ # FROM debian:buster-slim -# ARG参数使用"--build-arg"指定。如 "--build-arg apt_source=tencent" # APT源配置:default / tencent / ustc / aliyun / huawei ARG apt_source=tencent -# 定义应用基础目录信息,该常量在容器内可使用 -ENV APP_CONF_DIR=/srv/conf \ - APP_DATA_DIR=/srv/data - LABEL \ "Version"="v10" \ "Description"="Docker image for Builder based on Debian." \ "Dockerfile"="https://github.com/colovu/docker-builder" \ "Vendor"="Endial Fang (endial@126.com)" -# 拷贝默认 Shell 脚本至容器相关目录中 COPY prebuilds / -COPY sources /etc/apt/sources/ +COPY customer / +RUN select_source ${apt_source} +RUN install_pkg sudo wget curl ca-certificates gnupg dirmngr dpkg apt-transport-https lsb-release iproute2 net-tools iputils-ping nano build-essential +RUN prepare_env && create_user -# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) -RUN export DEBIAN_FRONTEND=noninteractive; \ - set -eux; \ - \ - cp /etc/apt/sources/sources.list.${apt_source} /etc/apt/sources.list; \ - apt-get update; \ -# apt-get upgrade -y; \ - \ - export APP_DIRS="${APP_CONF_DIR} ${APP_DATA_DIR}"; \ - mkdir -p ${APP_DIRS}; \ - \ - fetchDeps=" \ - wget curl ca-certificates apt-transport-https \ - lsb-release iproute2 net-tools iputils-ping \ - \ - nano \ - build-essential \ - "; \ - apt-get install -y --no-install-recommends ${fetchDeps}; \ - apt-get purge -y --auto-remove; \ - apt-get autoclean -y; \ - rm -rf /var/lib/apt/lists/*; - -CMD [] +CMD [] \ No newline at end of file diff --git a/Makefile b/Makefile index a533deb..b7b5e5b 100644 --- a/Makefile +++ b/Makefile @@ -2,8 +2,8 @@ # # 当前 Docker 镜像的编译脚本 -debian_name := colovu/debian-builder -alpine_name := colovu/alpine-builder +debian_name := colovu/dbuilder +alpine_name := colovu/abuilder local_registory := repo-dev.konkawise.com # 生成镜像TAG,类似:<镜像名>:<分支名>- 或 <镜像名>:latest-<年月日>-<时分秒> @@ -11,17 +11,17 @@ current_subversion:=$(shell if [[ -d .git ]]; then git rev-parse --short HEAD; e current_tag:=$(shell if [[ -d .git ]]; then git rev-parse --abbrev-ref HEAD | sed -e 's/master/latest/'; else echo "latest"; fi)-$(current_subversion) # Sources List: default / tencent / ustc / aliyun / huawei -build-arg:=--build-arg apt_source=tencent +source-name:=tencent -.PHONY: build clean clearclean upgrade tag +.PHONY: build clean clearclean upgrade tag push build: @echo "Build $(debian_name):$(current_tag)" - @docker build --force-rm $(build-arg) -t $(debian_name):$(current_tag) . + @docker build --force-rm --build-arg apt_source=$(source-name) -t $(debian_name):$(current_tag) . @echo "Add tag: $(debian_name):latest" @docker tag "$(debian_name):$(current_tag)" $(debian_name):latest @echo "Build $(alpine_name):$(current_tag)" - @docker build --force-rm $(build-arg) -t $(alpine_name):$(current_tag) ./alpine + @docker build --force-rm --build-arg apk_source=$(source-name) -t $(alpine_name):$(current_tag) ./alpine @echo "Add tag: $(alpine_name):latest" @docker tag "$(alpine_name):$(current_tag)" $(alpine_name):latest @@ -41,6 +41,12 @@ tag: @echo "Add tag: $(local_registory)/$(alpine_name):latest" @docker tag $(alpine_name) $(local_registory)/$(alpine_name) +push: + @echo "Push: $(local_registory)/$(alpine_name):latest" + @docker push $(local_registory)/$(debian_name) + @echo "Push: $(local_registory)/$(alpine_name):latest" + @docker push $(local_registory)/$(alpine_name) + # 更新所有 colovu 仓库的镜像 upgrade: @echo "Upgrade all images..." diff --git a/README.md b/README.md index 65cd679..8f9d1bc 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,11 @@ 该镜像主要用于在使用多阶段方式制作镜像时,进行软件的下载、编译等预处理操作。预安装软件包节省软件包下载及更新时间。 +其中: + +- dbuilder:基于 Debian 系统的 Builder 环境 +- abuilder:基于 Alpine 系统的 Builder环境 + **版本信息:** - latest @@ -11,8 +16,8 @@ **镜像信息:** * 镜像地址: - * colovu/debian-builder:latest - * colovu/alpine-builder:latest + * colovu/dbuilder:latest + * colovu/abuilder:latest ## 数据卷 @@ -23,13 +28,19 @@ /srv/conf # 配置文件目录 ``` +## 用户 + +镜像中增加用户`builder`,并为该用户配置了`sudo`权限。 + + + ## 使用方式 使用`--from=0`方式: ```dockerfile # 预编译阶段 -FROM alpine-builder +FROM colovu/abuilder WORKDIR /build RUN \ @@ -40,7 +51,6 @@ RUN \ # 镜像生成阶段 FROM scratch - # 从编译阶段的中拷贝编译结果到当前镜像中 COPY --from=0 /usr/local/bin/gosu /usr/local/bin/ CMD [] @@ -50,13 +60,12 @@ CMD [] ```dockerfile # 预编译阶段。命名为`builder` -FROM alpine-builder as builder +FROM colovu/abuilder as builder # ... 省略 # 镜像生成阶段 FROM scratch - # 从编译阶段的中拷贝编译结果到当前镜像中 COPY --from=builder /usr/local/bin/gosu /usr/local/bin/ CMD [] @@ -68,7 +77,6 @@ CMD [] - 不用安装、删除临时软件,方式生成多余的垃圾文件;预编译阶段的内容使用完即丢弃,不会对镜像大小产生影响 - diff --git a/customer/usr/sbin/create_user b/customer/usr/sbin/create_user new file mode 100755 index 0000000..1cd2f93 --- /dev/null +++ b/customer/usr/sbin/create_user @@ -0,0 +1,8 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +groupadd --gid 998 --system builder +useradd --gid 998 --uid 999 --shell /bin/bash --home /srv/data --system builder + +sed -i -e 's/^\sDefaults\s*secure_path\s*=/# Defaults secure_path=/' /etc/sudoers +echo 'builder ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers \ No newline at end of file diff --git a/customer/usr/sbin/prepare_env b/customer/usr/sbin/prepare_env new file mode 100755 index 0000000..09fe293 --- /dev/null +++ b/customer/usr/sbin/prepare_env @@ -0,0 +1,4 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +mkdir -p /srv/data /srv/conf \ No newline at end of file diff --git a/prebuilds/etc/apt/sources/sources.list.aliyun b/prebuilds/etc/apt/sources/sources.list.aliyun new file mode 100644 index 0000000..b381758 --- /dev/null +++ b/prebuilds/etc/apt/sources/sources.list.aliyun @@ -0,0 +1,9 @@ +deb http://mirrors.aliyun.com/debian/ buster main non-free contrib +deb http://mirrors.aliyun.com/debian-security buster/updates main +deb http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib +deb http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib + +deb-src http://mirrors.aliyun.com/debian-security buster/updates main +deb-src http://mirrors.aliyun.com/debian/ buster main non-free contrib +deb-src http://mirrors.aliyun.com/debian/ buster-updates main non-free contrib +deb-src http://mirrors.aliyun.com/debian/ buster-backports main non-free contrib diff --git a/prebuilds/etc/apt/sources/sources.list.default b/prebuilds/etc/apt/sources/sources.list.default new file mode 100644 index 0000000..5e33983 --- /dev/null +++ b/prebuilds/etc/apt/sources/sources.list.default @@ -0,0 +1,6 @@ +# deb http://snapshot.debian.org/archive/debian/20200607T000000Z buster main +deb http://deb.debian.org/debian buster main +# deb http://snapshot.debian.org/archive/debian-security/20200607T000000Z buster/updates main +deb http://security.debian.org/debian-security buster/updates main +# deb http://snapshot.debian.org/archive/debian/20200607T000000Z buster-updates main +deb http://deb.debian.org/debian buster-updates main diff --git a/prebuilds/etc/apt/sources/sources.list.huawei b/prebuilds/etc/apt/sources/sources.list.huawei new file mode 100644 index 0000000..2cfcba5 --- /dev/null +++ b/prebuilds/etc/apt/sources/sources.list.huawei @@ -0,0 +1,9 @@ +deb http://mirrors.huaweicloud.com/debian/ buster main contrib non-free +deb http://mirrors.huaweicloud.com/debian/ buster-updates main contrib non-free +deb http://mirrors.huaweicloud.com/debian/ buster-backports main contrib non-free +deb http://mirrors.huaweicloud.com/debian-security/ buster/updates main contrib non-free + +deb-src http://mirrors.huaweicloud.com/debian/ buster main contrib non-free +deb-src http://mirrors.huaweicloud.com/debian/ buster-updates main contrib non-free +deb-src http://mirrors.huaweicloud.com/debian/ buster-backports main contrib non-free + diff --git a/prebuilds/etc/apt/sources/sources.list.tencent b/prebuilds/etc/apt/sources/sources.list.tencent new file mode 100644 index 0000000..dd0cb32 --- /dev/null +++ b/prebuilds/etc/apt/sources/sources.list.tencent @@ -0,0 +1,10 @@ +deb http://mirrors.cloud.tencent.com/debian/ buster main non-free contrib +deb http://mirrors.cloud.tencent.com/debian-security buster/updates main +deb http://mirrors.cloud.tencent.com/debian/ buster-updates main non-free contrib +deb http://mirrors.cloud.tencent.com/debian/ buster-backports main non-free contrib + +deb-src http://mirrors.cloud.tencent.com/debian-security buster/updates main +deb-src http://mirrors.cloud.tencent.com/debian/ buster main non-free contrib +deb-src http://mirrors.cloud.tencent.com/debian/ buster-updates main non-free contrib +deb-src http://mirrors.cloud.tencent.com/debian/ buster-backports main non-free contrib + diff --git a/prebuilds/etc/apt/sources/sources.list.ustc b/prebuilds/etc/apt/sources/sources.list.ustc new file mode 100644 index 0000000..b50c198 --- /dev/null +++ b/prebuilds/etc/apt/sources/sources.list.ustc @@ -0,0 +1,10 @@ +deb http://mirrors.ustc.edu.cn/debian/ buster main contrib non-free +deb http://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free +deb http://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free +deb http://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free + +deb-src http://mirrors.ustc.edu.cn/debian/ buster main contrib non-free +deb-src http://mirrors.ustc.edu.cn/debian/ buster-updates main contrib non-free +deb-src http://mirrors.ustc.edu.cn/debian/ buster-backports main contrib non-free +deb-src http://mirrors.ustc.edu.cn/debian-security/ buster/updates main contrib non-free + diff --git a/prebuilds/usr/local/scripts/libcommon.sh b/prebuilds/usr/local/scripts/libcommon.sh deleted file mode 100644 index 0175ac3..0000000 --- a/prebuilds/usr/local/scripts/libcommon.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# - -# shellcheck disable=SC1091 - -BOLD='\033[1m' - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# 打印包含包含Logo的欢迎信息 -# 全局变量: -# APP_NAME -print_image_welcome_page() { - _is_restart && return - - local github_url="https://github.com/colovu/docker-${APP_NAME}" - LOG_I "" - LOG_I " ######## ######## ### ######## ### ## ### ##" - LOG_I " ### ## ### ## ### ### ## ### ## ### ##" - LOG_I " ### ### ## ### ### ## ### ## ### ##" - LOG_I " ### ### ## ### ### ## ### ## ### ##" - LOG_I " ### ### ## ### ### ## ### ## ### ##" - LOG_I " ### ## ### ## ### ### ## #### ### ##" - LOG_I "######## ######## ######## ######## ## ########" - LOG_I "" - LOG_I "Welcome to the ${BOLD}${APP_NAME}${RESET} container" - LOG_I "Project on Github: ${BOLD}${github_url}${RESET}" - LOG_I "Send us your feedback at ${BOLD}endial@126.com${RESET}" - LOG_I "" -} - -# 根据需要打印欢迎信息 -# 全局变量: -# ENV_DISABLE_WELCOME_MESSAGE -# APP_NAME -docker_print_welcome() { - if [[ -z "${ENV_DISABLE_WELCOME_MESSAGE:-}" ]]; then - if [[ -n "$APP_NAME" ]]; then - print_image_welcome_page - fi - fi -} - -# 检测可能导致容器执行后直接退出的命令,如"--help";如果存在,直接返回 0 -# 参数: -# $1 - 待检测的参数表 -docker_command_help() { - local arg - for arg; do - case "$arg" in - -'?'|--help|-V|--version) - return 0 - ;; - esac - done - return 1 -} - -# 根据脚本扩展名及权限,执行相应的初始化脚本 -# 参数: -# $1 - 文件列表,支持路径通配符 -# 使用: -# docker_process_init_files [file [file [...]]] -# 例子: -# docker_process_init_files /src/conf/${APP_NAME}/initdb.d/* -docker_process_init_files() { - echo - local f - for f; do - case "$f" in - *.sh) - if [ -x "$f" ]; then - LOG_I "$0: running $f" - "$f" - else - LOG_I "$0: sourcing $f" - . "$f" - fi - ;; - *) LOG_W "$0: ignoring $f" ;; - esac - echo - done -} - -# 检测应用相应的配置文件是否存在,如果不存在,则从默认配置文件目录拷贝一份 -# 默认配置文件路径:/etc/${APP_NAME} -# 目标配置文件路径:/srv/conf/${APP_NAME} -# 参数: -# $1 - 基础路径 -# $* - 基础路径下的文件及目录列表,以" "分割 -# 例子: -# ensure_config_file_exist /etc/${APP_NAME} conf.d server.conf -ensure_config_file_exist() { - local -r base_path="${1:?paths is missing}" - local f="" - local dist="" - - shift 1 - LOG_D "List to check: $@" - while [ "$#" -gt 0 ]; do - f="${1}" - LOG_D "Process \"${f}\"" - if [ -d "${base_path}/${f}" ]; then - dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" - [[ ! -d "${dist}" ]] && LOG_I "Create directory: ${dist}" && mkdir -p "${dist}" - [[ ! -z $(ls -A "${base_path}/${f}") ]] && ensure_config_file_exist "${base_path}/${f}" $(ls -A "${base_path}/${f}") - else - dist="$(echo ${base_path}/${f} | sed -e 's/\/etc/\/srv\/conf/g')" - [[ ! -e "${dist}" ]] && LOG_I "Copy: ${base_path}/${f} ===> ${dist}" && cp "${base_path}/${f}" "${dist}" && rm -rf "/srv/conf/${APP_NAME}/.app_init_flag" - fi - shift - done -} - -# 检测当前用户是否为 root -# 返回值: -# 布尔值 -_is_run_as_root() { - if [[ "$(id -u)" = "0" ]]; then - LOG_D "Check if run as root: Yes" - true - else - LOG_D "Check if run as root: No (ID $(id -u))" - false - fi -} - -_is_restart() { - if [ x"${RESTART_FLAG:-}" = "x" ]; then - false - else - true - fi -} - -# 检测当前脚本是被直接执行的,还是从其他脚本中使用 "source" 调用的 -_is_sourced() { - [ "${#FUNCNAME[@]}" -ge 2 ] \ - && [ "${FUNCNAME[0]}" = '_is_sourced' ] \ - && [ "${FUNCNAME[1]}" = 'source' ] -} diff --git a/prebuilds/usr/local/scripts/libdownload.sh b/prebuilds/usr/local/scripts/libdownload.sh deleted file mode 100644 index c83513d..0000000 --- a/prebuilds/usr/local/scripts/libdownload.sh +++ /dev/null @@ -1,97 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 从服务器(列表)下载相应软件包 - -# Constants -#CV_BASE="http://archive.colovu.com/dist-files/" -#CV_BASE="http://10.37.129.2/dist-files/" -CV_BASE="" - -# 检测软件包签名是否正确 -# 参数: -# $1 - 软件包签名文件 -# $2 - 软件包文件 -# $3 - PGPKEY -check_pgp() { - local name_asc=${1:?missing asc file name} - local name=${2:?missing file name} - local keys="${3:?missing key id}" - - GNUPGHOME="$(mktemp -d)" - for key in $keys; do - gpg --batch --keyserver ha.pool.sks-keyservers.net --recv-keys "${key}" || - gpg --batch --keyserver pgp.mit.edu --recv-keys "${key}" || - gpg --batch --keyserver keys.gnupg.net --recv-keys "${key}" || - gpg --batch --keyserver keyserver.pgp.com --recv-keys "${key}"; - done - gpg --batch --verify "$name_asc" "$name" - command -v gpgconf > /dev/null && gpgconf --kill all - rm -rf "$GNUPGHOME" "$name_asc" -} - -# 从私有服务器下载软件包,如果不存在,则从官网服务器下载 -# 参数: -# $1 - 软件包全名(字符串) -# $2 - 官网路径(字符串) -# $3 - "-c"/"--checksum" -# $4 - 软件包SHA256值 -# $3 - "-g"/"--pgpkey" -# $4 - 用于软件包签名的KEY ID -# 例子: -# . /usr/local/scripts/libdownload.sh && download_dist "java" "11.0.7-0" --checksum 02a1fc9b79b11617ad39221667f6a34209f5c45ca908268f8ba6c264a2577ee2 -download_dist() { - local name="${1:?name is required}" - local base_urls="${2:?url is required}" - local package_sha256="" - local pgp_key="" - local success="" - - # 获取SHA256或PGP KEY - shift 2 - while [ "$#" -gt 0 ]; do - case "$1" in - -c|--checksum) - shift - package_sha256="${1:?missing package checksum}" - ;; - -g|--pgpkey) - shift - pgp_key="${1:?missing package PGP key}" - ;; - *) - echo "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - echo "Downloading $name package" - for url in $CV_BASE $base_urls; do - if wget -O "$name" "$url$name" && [ -s "$name" ]; then - if [ -n "$pgp_key" ]; then - wget -O "$name.asc" "$url$name.asc" - if [ ! -e "$name.asc" ]; then - wget -O "$name.asc" "$url$name.sig" - fi - fi - success=1 - break - fi - done - - if [ -n "$success" ]; then - if [ -n "$package_sha256" ]; then - echo "Verifying package whith sha256" - echo "$package_sha256 *${name}" | sha256sum --check - - fi - - if [ -n "$pgp_key" ]; then - echo "Verifying package with PGP" - check_pgp "$name.asc" "$name" "$pgp_key" - fi - else - [ -n "$success" ] - fi -} diff --git a/prebuilds/usr/local/scripts/libfile.sh b/prebuilds/usr/local/scripts/libfile.sh deleted file mode 100644 index 1e664c1..0000000 --- a/prebuilds/usr/local/scripts/libfile.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 文件操作函数库 - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# 检测"*_FILE"文件,并从文件中读取信息作为参数值;环境变量不允许 VAR 与 VAR_FILE 方式并存 -# 变量: -# $1 - 需要设置的环境变量名称 -# $2 - 该变量对应的默认值(Option) -# -# 使用: file_env ENV_VAR [DEFAULT] -file_env() { - local var="$1" - local fileVar="${var}_FILE" - local def="${2:-}" - if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then - LOG_E "Both $var and $fileVar are set (but are exclusive)" - exit 1 - fi - - local val="$def" - if [ "${!var:-}" ]; then - val="${!var}" - elif [ "${!fileVar:-}" ]; then - val="$(< "${!fileVar}")" - fi - - export "$var"="$val" - unset "$fileVar" -} - -# 使用规则表达式在文件中替换数据 -# 参数: -# $1 - 文件名 -# $2 - 正则表达式 -# $3 - 替代数据表达式 -# $4 - 是否使用POSIX表达式. Default: true -replace_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local substitute_regex="${3:?substitute regex is required}" - local posix_regex=${4:-true} - - local result - - # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 - if [[ $posix_regex = true ]]; then - result="$(sed -E "s@$match_regex@$substitute_regex@g" "$filename")" - else - result="$(sed "s@$match_regex@$substitute_regex@g" "$filename")" - fi - echo "$result" > "$filename" -} - -# 使用规则表达式在文件中删除数据 -# 参数: -# $1 - 文件名 -# $2 - 正则表达式 -# $3 - 是否使用POSIX表达式. Default: true -remove_in_file() { - local filename="${1:?filename is required}" - local match_regex="${2:?match regex is required}" - local posix_regex=${3:-true} - local result - - # 因部分系统兼容性问题,需要防止使用 'sed in-place' 方式操作 - if [[ $posix_regex = true ]]; then - result="$(sed -E "/$match_regex/d" "$filename")" - else - result="$(sed "/$match_regex/d" "$filename")" - fi - echo "$result" > "$filename" -} diff --git a/prebuilds/usr/local/scripts/libfs.sh b/prebuilds/usr/local/scripts/libfs.sh deleted file mode 100644 index f9f73d3..0000000 --- a/prebuilds/usr/local/scripts/libfs.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash -# Ver: 1.1 by Endial Fang (endial@126.com) -# -# 文件管理函数库 - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# Ensure a file/directory is owned (user and group) but the given user -# Arguments: -# $1 - filepath -# $2 - owner -ensure_owned_by() { - local path="${1:?path is missing}" - local owner="${2:?owner is missing}" - - chown "$owner":"$owner" "$path" -} - -# 检测目录是否存在,如果不存在则创建,同时修改为指定的用户 -# Arguments: -# $1 - directory -# $2 - owner -ensure_dir_exists() { - local dir="${1:?directory is missing}" - local owner="${2:-}" - - mkdir -p "${dir}" - if [[ -n $owner ]]; then - ensure_owned_by "$dir" "$owner" - fi -} - -# 检测目录是否存在或为空 -# 参数: -# $1 - 目录路径 -# 返回值: -# 布尔值 -is_dir_empty() { - local dir="${1:?missing directory}" - - if [[ ! -e "$dir" ]] || [[ -z "$(ls -A "$dir")" ]]; then - true - else - false - fi -} - -# 循环设置目录中子目录及文件权限 -# 参数: -# $1 - paths (as a string). -# Flags: -# -f|--file-mode - 文件权限模式 -# -d|--dir-mode - 目录权限模式 -# -u|--user - 用户 -# -g|--group - 用户组 -configure_permissions_ownership() { - local -r paths="${1:?paths is missing}" - local dir_mode="" - local file_mode="" - local user="" - local group="" - - # Validate arguments - shift 1 - while [ "$#" -gt 0 ]; do - case "$1" in - -f|--file-mode) - shift - file_mode="${1:?missing mode for files}" - ;; - -d|--dir-mode) - shift - dir_mode="${1:?missing mode for directories}" - ;; - -u|--user) - shift - user="${1:?missing user}" - ;; - -g|--group) - shift - group="${1:?missing group}" - ;; - *) - LOG_E "Invalid command line flag $1" >&2 - return 1 - ;; - esac - shift - done - - read -r -a filepaths <<< "$paths" - for p in "${filepaths[@]}"; do - if [[ -e "$p" ]]; then - LOG_D "Check $p" - if [[ -n ${dir_mode} ]]; then - LOG_D "Change permissions to ${dir_mode} of directories in $p" - find -L "$p" -type d -print | xargs -i chmod "${dir_mode}" '{}' - fi - if [[ -n ${file_mode} ]]; then - LOG_D "Change permissions to ${file_mode} of files in $p" - find -L "$p" -type f -print | xargs -i chmod "${file_mode}" '{}' - fi - if [[ -n $user ]] && [[ -n ${group} ]]; then - LOG_D "Change ownership to ${user}:${group} of files and directories in $p" - find -L "$p" \( \! -user ${user} -or \! -group ${group} \) -print | xargs -i chown -L "${user}":"${group}" '{}' - elif [[ -n $user ]] && [[ -z $group ]]; then - LOG_D "Change user to ${user} of files and directories in $p" - find -L "$p" \! -user ${user} -print | xargs -i chown -L "${user}" '{}' - elif [[ -z $user ]] && [[ -n $group ]]; then - LOG_D "Change group to ${group} of files and directories in $p" - find -L "$p" \! -group ${group} -print | xargs -i chgrp -L "${group}" '{}' - fi - else - LOG_E "$p does not exist" - fi - done -} \ No newline at end of file diff --git a/prebuilds/usr/local/scripts/liblog.sh b/prebuilds/usr/local/scripts/liblog.sh deleted file mode 100644 index 3d91af4..0000000 --- a/prebuilds/usr/local/scripts/liblog.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 日志处理函数库 - -# 定义颜色信息 -RESET='\033[0m' -RED='\033[31;1m' -GREEN='\033[32;2m' -YELLOW='\033[33;1m' -MAGENTA='\033[36;2m' -CYAN='\033[35;2m' -BLUE='\033[34;2m' - -# 函数列表 - -# 输出实际日志信息 -# 参数: -# $1 - 日志类型 -# $2 - 日志信息 -LOG_RAW() { - local type="$1"; shift - case "${type}" in - x) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${BLUE}DEBUG${RESET} %b\n" "$(date "+%T.%2N")" "${*}" ;; - I) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${GREEN}INFO ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; - W) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${YELLOW}WARN ${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; - E) printf "${CYAN}${APP_NAME:-} ${MAGENTA}%s ${RESET}${RED}ERROR${RESET} %b\n" "$(date "+%T.%2N")" "${*}";; - esac -} - -# 输出调试类日志信息,尽量少使用 -# 参数: -# $1 - 日志类型 -# $2 - 日志信息 -LOG_D() { - local -r bool="${ENV_DEBUG:-false}" - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - LOG_RAW x "$@" - fi -} - -# 输出提示信息类日志信息 -# 参数: -# $1 - 日志类型 -# $2 - 日志信息 -LOG_I() { - shopt -s nocasematch - LOG_RAW I "$@" -} - -# 输出警告类日志信息至sterr -# 参数: -# $1 - 日志类型 -# $2 - 日志信息 -LOG_W() { - LOG_RAW W "$@" >&2 -} - -# 输出错误类日志信息至sterr,并退出脚本 -# 参数: -# $1 - 日志类型 -# $2 - 日志信息 -LOG_E() { - LOG_RAW E "$@" >&2 -} diff --git a/prebuilds/usr/local/scripts/libnet.sh b/prebuilds/usr/local/scripts/libnet.sh deleted file mode 100644 index b5136c7..0000000 --- a/prebuilds/usr/local/scripts/libnet.sh +++ /dev/null @@ -1,120 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 网络管理函数库 - -# shellcheck disable=SC1091 - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# 解析主机名为 IP -# 参数: -# $1 - 待解析的主机名 -# 返回值: -# IP 地址 -######################### -dns_lookup() { - local host="${1:?host is missing}" - getent ahosts "$host" | awk '/STREAM/ {print $1 }' -} - -# 等待主机名解析,并返回 IP -# 参数: -# $1 - 主机名 -# $2 - 重试次数 -# $3 - 重试间隔(秒) -# 返回值: -# - IP 地址 -wait_for_dns_lookup() { - local hostname="${1:?hostname is missing}" - local retries="${2:-5}" - local seconds="${3:-1}" - check_host() { - if [[ $(dns_lookup "$hostname") == "" ]]; then - false - else - true - fi - } - # Wait for the host to be ready - retry_while "check_host ${hostname}" "$retries" "$seconds" - dns_lookup "$hostname" -} - -# 获取机器的 IP -# 返回值: -# - IP 地址 -get_machine_ip() { - dns_lookup "$(hostname)" -} - -# 检测提供的参数是否为可解析地址的主机名 -# 参数: -# $1 - 待检测值 -# 返回值: -# 布尔值 -is_hostname_resolved() { - local -r host="${1:?missing value}" - if [[ -n "$(dns_lookup "$host")" ]]; then - true - else - false - fi -} - -# 解析 URL -# 参数: -# $1 - URI 字符串 -# $2 - 待解析参数字符串。有效值 (scheme, authority, userinfo, host, port, path, query or fragment) -# 返回值: -# 字符串 -parse_uri() { - local uri="${1:?uri is missing}" - local component="${2:?component is missing}" - - # Solution based on https://tools.ietf.org/html/rfc3986#appendix-B with - # additional sub-expressions to split authority into userinfo, host and port - # Credits to Patryk Obara (see https://stackoverflow.com/a/45977232/6694969) - local -r URI_REGEX='^(([^:/?#]+):)?(//((([^@/?#]+)@)?([^:/?#]+)(:([0-9]+))?))?(/([^?#]*))?(\?([^#]*))?(#(.*))?' - # || | ||| | | | | | | | | | - # |2 scheme | ||6 userinfo 7 host | 9 port | 11 rpath | 13 query | 15 fragment - # 1 scheme: | |5 userinfo@ 8 :... 10 path 12 ?... 14 #... - # | 4 authority - # 3 //... - local index=0 - case "$component" in - scheme) - index=2 - ;; - authority) - index=4 - ;; - userinfo) - index=6 - ;; - host) - index=7 - ;; - port) - index=9 - ;; - path) - index=10 - ;; - query) - index=13 - ;; - fragment) - index=14 - ;; - *) - stderr_print "unrecognized component $component" - return 1 - ;; - esac - [[ "$uri" =~ $URI_REGEX ]] && echo "${BASH_REMATCH[${index}]}" -} - \ No newline at end of file diff --git a/prebuilds/usr/local/scripts/libos.sh b/prebuilds/usr/local/scripts/libos.sh deleted file mode 100644 index db4fcb2..0000000 --- a/prebuilds/usr/local/scripts/libos.sh +++ /dev/null @@ -1,159 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 操作系统控制函数库 - -# shellcheck disable=SC1091 - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# 检测指定用户账户是否存在 -# 参数: -# $1 - 用户账户 -# 返回值: -# 布尔值 -user_exists() { - local user="${1:?user is missing}" - id "$user" >/dev/null 2>&1 -} - -# 检测指定用户分组是否存在 -# 参数: -# $1 - 用户组 -# 返回值: -# 布尔值 -group_exists() { - local group="${1:?group is missing}" - getent group "$group" >/dev/null 2>&1 -} - -# 确保用户组存在,如果不存在则创建相应用户组 -# 参数: -# $1 - 用户组 -ensure_group_exists() { - local group="${1:?group is missing}" - - if ! group_exists "$group"; then - groupadd "$group" >/dev/null 2>&1 - fi -} - -# 确保用户组及用户账户存在,如果不存在则创建相应用户组及账户 -# 参数: -# $1 - 用户 -# $2 - 用户组 -ensure_user_exists() { - local user="${1:?user is missing}" - local group="${2:-}" - - if ! user_exists "$user"; then - useradd "$user" >/dev/null 2>&1 - fi - - if [[ -n "$group" ]]; then - ensure_group_exists "$group" - fi - - usermod -a -G "$group" "$user" >/dev/null 2>&1 -} - -# 获取系统可用内存 -# 返回值: -# 内存大小(MB) -get_total_memory() { - echo $(($(grep MemTotal /proc/meminfo | awk '{print $2}') / 1024)) -} - -# 获取以定量方式描述的内存大小 -# 参数: -# $1 - 内存大小 (可选) -# 返回值: -# 基于定量内存大小的内存大小描述 -get_machine_size() { - local memory="${1:-}" - if [[ -z "$memory" ]]; then - debug "Memory was not specified, detecting available memory automatically" - memory="$(get_total_memory)" - fi - sanitized_memory=$(convert_to_mb "$memory") - if [[ "$sanitized_memory" -gt 26000 ]]; then - echo 2xlarge - elif [[ "$sanitized_memory" -gt 13000 ]]; then - echo xlarge - elif [[ "$sanitized_memory" -gt 6000 ]]; then - echo large - elif [[ "$sanitized_memory" -gt 3000 ]]; then - echo medium - elif [[ "$sanitized_memory" -gt 1500 ]]; then - echo small - else - echo micro - fi -} - -# 获取已定义的所有内存大小描述 -# 返回值: -# 内存大小描述 -get_supported_machine_sizes() { - echo micro small medium large xlarge 2xlarge -} - -# 将以字符串表示的内存大小转换为以MB为单位的内存大小值 (i.e. 2G -> 2048) -# 参数: -# $1 - 内存大小 -# 返回值: -# 内存大小值(以MB为单位) -convert_to_mb() { - local amount="${1:-}" - if [[ $amount =~ ^([0-9]+)(M|G) ]]; then - size="${BASH_REMATCH[1]}" - unit="${BASH_REMATCH[2]}" - if [[ "$unit" = "G" ]]; then - amount="$((size * 1024))" - else - amount="$size" - fi - fi - echo "$amount" -} - -# 如果禁用调试模式,将输出信息重定向至 /dev/null -# 全局变量: -# ENV_DEBUG -# 参数: -# $@ - 待执行的命令 -debug_execute() { - local -r bool="${ENV_DEBUG:-false}" - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - "$@" >/dev/null 2>&1 - else - "$@" - fi -} - -# 重试执行命令 -# 参数: -# $1 - cmd (as a string) -# $2 - 最大尝试次数. Default: 12 -# $3 - 重试前等待时间(秒). Default: 5 -# 返回值: -# 布尔值 -retry_while() { - local -r cmd="${1:?cmd is missing}" - local -r retries="${2:-12}" - local -r sleep_time="${3:-5}" - local return_value=1 - - read -r -a command <<< "$cmd" - for ((i = 1 ; i <= retries ; i+=1 )); do - "${command[@]}" && return_value=0 && break - sleep "$sleep_time" - done - return $return_value -} - - \ No newline at end of file diff --git a/prebuilds/usr/local/scripts/libservice.sh b/prebuilds/usr/local/scripts/libservice.sh deleted file mode 100644 index 5d0948c..0000000 --- a/prebuilds/usr/local/scripts/libservice.sh +++ /dev/null @@ -1,132 +0,0 @@ -#!/bin/bash -# Ver: 1.0 by Endial Fang (endial@126.com) -# -# 服务管理函数库 - -# shellcheck disable=SC1091 - -# 加载依赖项 -. /usr/local/scripts/liblog.sh # 日志输出函数库 - -# 函数列表 - -# 获取并返回服务 PID -# 参数: -# $1 - PID 文件 -# 返回值: -# PID -get_pid_from_file() { - local pid_file="${1:?pid file is missing}" - - if [[ -f "$pid_file" ]]; then - if [[ -n "$(< "$pid_file")" ]] && [[ "$(< "$pid_file")" -gt 0 ]]; then - echo "$(< "$pid_file")" - fi - fi -} - -# 检测 PID 对应的服务是否在运行中 -# 参数: -# $1 - PID -# 返回值: -# Boolean -is_service_running() { - local pid="${1:?pid is missing}" - - kill -0 "$pid" 2>/dev/null -} - -# 通过发送信号停止一个指定的服务 -# 参数: -# $1 - PID 文件 -# $2 - 信号 (可选) -stop_service_using_pid() { - local pid_file="${1:?pid file is missing}" - local signal="${2:-}" - local pid - - pid="$(get_pid_from_file "$pid_file")" - [[ -z "$pid" ]] || ! is_service_running "$pid" && return - - if [[ -n "$signal" ]]; then - kill "-${signal}" "$pid" - else - kill "$pid" - fi - - local counter=10 - while [[ "$counter" -ne 0 ]] && is_service_running "$pid"; do - sleep 1 - counter=$((counter - 1)) - done -} - -# 为指定的服务生成一个监控配置文件 -# Arguments: -# $1 - 服务名 -# $2 - PID 文件 -# $3 - 启动命令 -# $4 - 停止命令 -# Flags: -# --disabled - Whether to disable the monit configuration -generate_monit_conf() { - local service_name="${1:?service name is missing}" - local pid_file="${2:?pid file is missing}" - local start_command="${3:?start command is missing}" - local stop_command="${4:?stop command is missing}" - local monit_conf_dir="/etc/monit/conf.d" - local disabled="no" - - # Parse optional CLI flags - shift 4 - while [[ "$#" -gt 0 ]]; do - case "$1" in - --disabled) - shift - disabled="$1" - ;; - *) - echo "Invalid command line flag ${1}" >&2 - return 1 - ;; - esac - shift - done - - is_boolean_yes "$disabled" && conf_suffix=".disabled" - mkdir -p "$monit_conf_dir" - cat >"${monit_conf_dir}/${service_name}.conf${conf_suffix:-}" <"${logrotate_conf_dir}/${service_name}" <= 0 )); then - true - else - false - fi -} - -# 检测数据是否为布尔值 '1' 或字符串 'yes/true' -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -is_boolean_yes() { - local -r bool="${1:-}" - # comparison is performed without regard to the case of alphabetic characters - shopt -s nocasematch - if [[ "$bool" = 1 || "$bool" =~ ^(yes|true)$ ]]; then - true - else - false - fi -} - -# 检测数据是否为字符串 'yes/no' -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -is_yes_no_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(yes|no)$ ]]; then - true - else - false - fi -} - -# 检测数据是否为字符串 'true/false' -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -is_true_false_value() { - local -r bool="${1:-}" - if [[ "$bool" =~ ^(true|false)$ ]]; then - true - else - false - fi -} - -# 检测提供的参数是否为空字符串或未定义 -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -is_empty_value() { - local -r val="${1:-}" - if [[ -z "$val" ]]; then - true - else - false - fi -} - -# 检测数据是否为有效的端口号 -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 或 错误消息 -validate_port() { - local value - local unprivileged=0 - - # Parse flags - while [[ "$#" -gt 0 ]]; do - case "$1" in - -unprivileged) - unprivileged=1 - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [[ "$#" -gt 1 ]]; then - echo "too many arguments provided" - return 2 - elif [[ "$#" -eq 0 ]]; then - stderr_print "missing port argument" - return 1 - else - value=$1 - fi - - if [[ -z "$value" ]]; then - echo "the value is empty" - return 1 - else - if ! is_int "$value"; then - echo "value is not an integer" - return 2 - elif [[ "$value" -lt 0 ]]; then - echo "negative value provided" - return 2 - elif [[ "$value" -gt 65535 ]]; then - echo "requested port is greater than 65535" - return 2 - elif [[ "$unprivileged" = 1 && "$value" -lt 1024 ]]; then - echo "privileged port requested" - return 3 - fi - fi -} - -# 检测数据是否为有效的IPv4地址 -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -validate_ipv4() { - local ip="${1:?ip is missing}" - local stat=1 - - if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then - read -r -a ip_array <<< "$(tr '.' ' ' <<< "$ip")" - [[ ${ip_array[0]} -le 255 && ${ip_array[1]} -le 255 \ - && ${ip_array[2]} -le 255 && ${ip_array[3]} -le 255 ]] - stat=$? - fi - return $stat -} - -# 校验字符串格式 -# 参数: -# $1 - 待检测的数据 -# 返回值: -# 布尔值 -validate_string() { - local string - local min_length=-1 - local max_length=-1 - - # Parse flags - while [ "$#" -gt 0 ]; do - case "$1" in - -min-length) - shift - min_length=${1:-} - ;; - -max-length) - shift - max_length=${1:-} - ;; - --) - shift - break - ;; - -*) - stderr_print "unrecognized flag $1" - return 1 - ;; - *) - break - ;; - esac - shift - done - - if [ "$#" -gt 1 ]; then - stderr_print "too many arguments provided" - return 2 - elif [ "$#" -eq 0 ]; then - stderr_print "missing string" - return 1 - else - string=$1 - fi - - if [[ "$min_length" -ge 0 ]] && [[ "${#string}" -lt "$min_length" ]]; then - echo "string length is less than $min_length" - return 1 - fi - if [[ "$max_length" -ge 0 ]] && [[ "${#string}" -gt "$max_length" ]]; then - echo "string length is great than $max_length" - return 1 - fi -} \ No newline at end of file diff --git a/prebuilds/usr/sbin/install_pkg b/prebuilds/usr/sbin/install_pkg new file mode 100755 index 0000000..699e3d3 --- /dev/null +++ b/prebuilds/usr/sbin/install_pkg @@ -0,0 +1,29 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +export DEBIAN_FRONTEND=noninteractive +n=0 +max=2 +until [ $n -gt $max ]; do + set +e + ( + apt-get update && + apt-get upgrade -y && + apt-get install -y --no-install-recommends "$@" + ) + CODE=$? + set -e + if [ $CODE -eq 0 ]; then + break + fi + if [ $n -eq $max ]; then + exit $CODE + fi + echo "apt failed, retrying" + n=$(($n + 1)) +done + +apt-get purge -y --auto-remove +apt-get autoclean -y + +rm -r /var/lib/apt/lists /var/cache/apt/archives || : \ No newline at end of file diff --git a/prebuilds/usr/sbin/select_source b/prebuilds/usr/sbin/select_source new file mode 100755 index 0000000..ddbe831 --- /dev/null +++ b/prebuilds/usr/sbin/select_source @@ -0,0 +1,4 @@ +#!/bin/bash +# shell 执行参数,分别为 -e(命令执行错误则退出脚本) -u(变量未定义则报错) -x(打印实际待执行的命令行) +set -eux +cp /etc/apt/sources/sources.list.${apt_source:-default} /etc/apt/sources.list; \