-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinstall.sh
More file actions
executable file
Β·499 lines (434 loc) Β· 16.5 KB
/
install.sh
File metadata and controls
executable file
Β·499 lines (434 loc) Β· 16.5 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
#!/bin/sh
# install.sh β installer, updater, and uninstaller for flashduty-runner.
#
# Usage (install or update):
# curl -fsSL https://raw.githubusercontent.com/flashcatcloud/flashduty-runner/main/install.sh | sudo bash
#
# See https://github.com/flashcatcloud/flashduty-runner for documentation.
set -eu
# ---------------------------------------------------------------------------
# Configuration
# ---------------------------------------------------------------------------
: "${REPO:=flashcatcloud/flashduty-runner}"
: "${INSTALL_DIR:=/usr/local/bin}"
: "${URL:=wss://api.flashcat.cloud/safari/environment/ws}"
: "${VERSION:=}"
: "${TOKEN:=}"
BINARY_NAME="flashduty-runner"
CONFIG_DIR="/etc/flashduty-runner"
ENV_FILE="${CONFIG_DIR}/env"
STATE_DIR="/var/lib/flashduty-runner"
WORKSPACE_DIR="${STATE_DIR}/workspace"
SERVICE_USER="flashduty"
UNIT_PATH="/etc/systemd/system/flashduty-runner.service"
LOCK_FILE="/var/lock/flashduty-runner-install.lock"
MODE="install" # install | uninstall
PURGE="false"
NO_SERVICE="false"
TMPDIR_=""
# ---------------------------------------------------------------------------
# Logging
# ---------------------------------------------------------------------------
if [ -t 2 ]; then
COLOR_RED="$(printf '\033[31m')"
COLOR_YLW="$(printf '\033[33m')"
COLOR_GRN="$(printf '\033[32m')"
COLOR_RST="$(printf '\033[0m')"
else
COLOR_RED=""
COLOR_YLW=""
COLOR_GRN=""
COLOR_RST=""
fi
info() { printf '%s[info]%s %s\n' "$COLOR_GRN" "$COLOR_RST" "$*" >&2; }
warn() { printf '%s[warn]%s %s\n' "$COLOR_YLW" "$COLOR_RST" "$*" >&2; }
err() { printf '%s[err ]%s %s\n' "$COLOR_RED" "$COLOR_RST" "$*" >&2; }
die() {
code="$1"
shift
err "$*"
exit "$code"
}
# ---------------------------------------------------------------------------
# Help
# ---------------------------------------------------------------------------
print_help() {
cat <<'EOF'
flashduty-runner installer
USAGE:
install.sh [FLAGS]
FLAGS:
--token <value> Auth token (written to env file on first install)
--version <tag> Pin a specific release tag (e.g. v0.0.5)
--no-service Install binary only, skip systemd unit / service user
--uninstall Stop service, remove binary + unit (keeps config)
--purge Uninstall and also remove config + state + user
--help Show this help
ENVIRONMENT:
TOKEN Same as --token
VERSION Same as --version
URL Runtime WebSocket URL (default: wss://api.flashcat.cloud/β¦)
INSTALL_DIR Binary install directory (default: /usr/local/bin)
REPO GitHub owner/repo override (default: flashcatcloud/flashduty-runner)
EXAMPLES:
curl -fsSL https://raw.githubusercontent.com/flashcatcloud/flashduty-runner/main/install.sh | sudo bash
curl -fsSL https://raw.githubusercontent.com/flashcatcloud/flashduty-runner/main/install.sh | sudo TOKEN=wnt_xxx bash
curl -fsSL https://raw.githubusercontent.com/flashcatcloud/flashduty-runner/main/install.sh | sudo bash -s -- --uninstall
EOF
}
# ---------------------------------------------------------------------------
# Argument parsing
# ---------------------------------------------------------------------------
parse_args() {
while [ "$#" -gt 0 ]; do
case "$1" in
--help|-h) print_help; exit 0 ;;
--uninstall) MODE="uninstall" ;;
--purge) MODE="uninstall"; PURGE="true" ;;
--no-service) NO_SERVICE="true" ;;
--token) shift; TOKEN="${1:-}" ;;
--token=*) TOKEN="${1#--token=}" ;;
--version) shift; VERSION="${1:-}" ;;
--version=*) VERSION="${1#--version=}" ;;
*) die 1 "Unknown argument: $1. Run with --help for usage." ;;
esac
shift
done
}
# ---------------------------------------------------------------------------
# Preconditions
# ---------------------------------------------------------------------------
require_root() {
if [ "$(id -u)" -ne 0 ]; then
die 3 "This script must run as root. Re-run via: curl -fsSL <url> | sudo bash"
fi
}
require_cmd() {
for c in "$@"; do
if ! command -v "$c" >/dev/null 2>&1; then
die 1 "Required command not found: $c. Please install it and retry."
fi
done
}
# ---------------------------------------------------------------------------
# Platform detection
# ---------------------------------------------------------------------------
OS=""
OS_TITLE=""
ARCH_GR=""
INIT=""
detect_platform() {
uname_s="$(uname -s)"
uname_m="$(uname -m)"
case "$uname_s" in
Linux) OS="linux"; OS_TITLE="Linux" ;;
Darwin) OS="darwin"; OS_TITLE="Darwin" ;;
*) die 2 "Unsupported OS: $uname_s. Supported: Linux, Darwin." ;;
esac
case "$uname_m" in
x86_64|amd64) ARCH_GR="x86_64" ;;
arm64|aarch64) ARCH_GR="arm64" ;;
*) die 2 "Unsupported architecture: $uname_m. Supported: x86_64, arm64." ;;
esac
}
detect_init() {
if [ "$OS" = "linux" ] && [ -d /run/systemd/system ]; then
INIT="systemd"
else
INIT="none"
fi
}
# ---------------------------------------------------------------------------
# Version resolution
# ---------------------------------------------------------------------------
resolve_version() {
if [ -n "$VERSION" ]; then
case "$VERSION" in
v*) : ;;
*) VERSION="v$VERSION" ;;
esac
info "Using pinned version: $VERSION"
return
fi
info "Resolving latest release from github.com/${REPO}"
effective="$(curl --proto '=https' --tlsv1.2 -fsSLI -o /dev/null -w '%{url_effective}' "https://github.com/${REPO}/releases/latest" || true)"
VERSION="${effective##*/}"
if [ -z "$VERSION" ] || [ "$VERSION" = "latest" ]; then
die 5 "Could not resolve latest version from github.com/${REPO}/releases/latest"
fi
info "Latest version: $VERSION"
}
get_installed_version() {
if [ -x "${INSTALL_DIR}/${BINARY_NAME}" ]; then
# Output format: "flashduty-runner 0.0.5\n Build Time: ...\n Git Commit: ..."
"${INSTALL_DIR}/${BINARY_NAME}" version 2>/dev/null | awk 'NR==1 {print $2; exit}' || true
fi
}
# ---------------------------------------------------------------------------
# Download + verify
# ---------------------------------------------------------------------------
sha256_of() {
file="$1"
if command -v sha256sum >/dev/null 2>&1; then
sha256sum "$file" | awk '{print $1}'
elif command -v shasum >/dev/null 2>&1; then
shasum -a 256 "$file" | awk '{print $1}'
else
die 1 "Need sha256sum or shasum on PATH (install coreutils on Linux)."
fi
}
download_and_verify() {
asset="${BINARY_NAME}_${OS_TITLE}_${ARCH_GR}.tar.gz"
base="https://github.com/${REPO}/releases/download/${VERSION}"
TMPDIR_="$(mktemp -d 2>/dev/null || mktemp -d -t frdl)"
trap 'rm -rf "$TMPDIR_"' EXIT INT TERM
info "Downloading ${asset}"
if ! curl --proto '=https' --tlsv1.2 -fsSL "${base}/${asset}" -o "${TMPDIR_}/${asset}"; then
die 5 "Failed to download ${base}/${asset}"
fi
info "Downloading checksums.txt"
if ! curl --proto '=https' --tlsv1.2 -fsSL "${base}/checksums.txt" -o "${TMPDIR_}/checksums.txt"; then
die 5 "Failed to download ${base}/checksums.txt"
fi
# checksums.txt line format: "<sha256> <filename>" (two-space separator from goreleaser).
# Anchor the filename so e.g. "foo_${asset}" cannot false-match.
expected="$(awk -v a="$asset" '$2 == a {print $1; exit}' "${TMPDIR_}/checksums.txt")"
if [ -z "$expected" ]; then
die 4 "Asset ${asset} not found in checksums.txt (wrong release or renamed asset)"
fi
actual="$(sha256_of "${TMPDIR_}/${asset}")"
if [ "$actual" != "$expected" ]; then
die 4 "Checksum mismatch for ${asset}: expected ${expected}, got ${actual}"
fi
info "Checksum OK"
tar -xzf "${TMPDIR_}/${asset}" -C "${TMPDIR_}"
if [ ! -x "${TMPDIR_}/${BINARY_NAME}" ]; then
die 1 "Extracted tarball does not contain an executable ${BINARY_NAME}"
fi
}
# ---------------------------------------------------------------------------
# Install steps
# ---------------------------------------------------------------------------
# Stop the running service (if any) before we swap the binary, so a crash+restart
# in the narrow window between mv and enable_and_start can't launch the new binary
# ahead of schedule. Must run on the update path; cheap no-op on fresh installs.
stop_service_if_running() {
if [ "$INIT" = "systemd" ] && [ -f "$UNIT_PATH" ]; then
if systemctl is-active --quiet flashduty-runner 2>/dev/null; then
info "Stopping flashduty-runner before binary swap"
systemctl stop flashduty-runner || true
fi
fi
}
install_binary() {
target="${INSTALL_DIR}/${BINARY_NAME}"
mkdir -p "$INSTALL_DIR"
if [ -e "$target" ]; then
mv -f "$target" "${target}.bak"
fi
mv "${TMPDIR_}/${BINARY_NAME}" "$target"
chmod 0755 "$target"
chown 0:0 "$target" 2>/dev/null || true
info "Installed ${target}"
}
ensure_user() {
if id "$SERVICE_USER" >/dev/null 2>&1; then
return
fi
info "Creating system user: ${SERVICE_USER}"
if command -v useradd >/dev/null 2>&1; then
useradd --system --home-dir "$STATE_DIR" --shell /usr/sbin/nologin "$SERVICE_USER"
elif command -v adduser >/dev/null 2>&1; then
# Alpine / busybox fallback.
adduser -S -H -h "$STATE_DIR" -s /sbin/nologin "$SERVICE_USER"
else
die 1 "Neither useradd nor adduser available β cannot create service user"
fi
}
ensure_workdir() {
# Refuse to touch a pre-existing symlink β prevents a pre-staged /var/lib/flashduty-runner
# β / symlink from turning our recursive chown into a full-FS chown.
if [ -L "$STATE_DIR" ]; then
die 1 "${STATE_DIR} is a symlink β refusing to chown through it."
fi
mkdir -p "$WORKSPACE_DIR"
chown -R "$SERVICE_USER":"$SERVICE_USER" "$STATE_DIR" 2>/dev/null || true
chmod 0750 "$STATE_DIR" "$WORKSPACE_DIR"
}
ensure_token() {
# Already have a token in env file? Leave it alone on update.
if [ -f "$ENV_FILE" ] && grep -q '^FLASHDUTY_RUNNER_TOKEN=' "$ENV_FILE"; then
return
fi
if [ -n "$TOKEN" ]; then
return
fi
# Probe whether /dev/tty is actually openable. Mode bits alone aren't enough
# (it exists as a device in containers without a tty, but open() returns ENXIO).
# The subshell isolates the failing redirect from `set -e`.
if ( : </dev/tty ) 2>/dev/null; then
printf 'Enter Flashduty token: ' >/dev/tty
old_stty=""
# Restore terminal echo on Ctrl-C, otherwise the user is left with a silent shell.
if command -v stty >/dev/null 2>&1; then
old_stty="$(stty -g </dev/tty 2>/dev/null || true)"
if [ -n "$old_stty" ]; then
trap 'stty "$old_stty" </dev/tty 2>/dev/null || true; exit 130' INT TERM
fi
stty -echo </dev/tty 2>/dev/null || true
fi
IFS= read -r TOKEN </dev/tty || TOKEN=""
if [ -n "$old_stty" ]; then
stty "$old_stty" </dev/tty 2>/dev/null || true
trap - INT TERM
fi
printf '\n' >/dev/tty
fi
if [ -z "$TOKEN" ]; then
die 6 "Token is required. Set TOKEN=wnt_xxx before sudo, pass --token, or run the script from a terminal."
fi
}
write_env_file() {
mkdir -p "$CONFIG_DIR"
chmod 0755 "$CONFIG_DIR"
if [ -f "$ENV_FILE" ]; then
info "Env file exists, leaving it unchanged: ${ENV_FILE}"
return
fi
umask 077
# Use printf (not heredoc) so shell metacharacters in $TOKEN / $URL stay literal.
{
printf '# Managed by install.sh on first install. Edit freely; updates will not overwrite this file.\n'
printf 'FLASHDUTY_RUNNER_TOKEN=%s\n' "$TOKEN"
printf 'FLASHDUTY_RUNNER_URL=%s\n' "$URL"
printf 'FLASHDUTY_RUNNER_WORKSPACE=%s\n' "$WORKSPACE_DIR"
printf 'FLASHDUTY_RUNNER_LOG_LEVEL=info\n'
} >"$ENV_FILE"
chown 0:0 "$ENV_FILE" 2>/dev/null || true
chmod 0600 "$ENV_FILE"
info "Wrote env file: ${ENV_FILE}"
}
install_systemd_unit() {
new_unit="${TMPDIR_}/flashduty-runner.service"
cat >"$new_unit" <<EOF
[Unit]
Description=Flashduty Runner
Documentation=https://github.com/${REPO}
After=network-online.target
Wants=network-online.target
[Service]
Type=simple
User=${SERVICE_USER}
Group=${SERVICE_USER}
EnvironmentFile=${ENV_FILE}
ExecStart=${INSTALL_DIR}/${BINARY_NAME} run
Restart=always
RestartSec=5
NoNewPrivileges=true
ProtectSystem=strict
ProtectHome=true
PrivateTmp=true
ReadWritePaths=${STATE_DIR}
[Install]
WantedBy=multi-user.target
EOF
if [ -f "$UNIT_PATH" ] && cmp -s "$new_unit" "$UNIT_PATH"; then
info "Systemd unit unchanged: ${UNIT_PATH}"
else
install -m 0644 -o 0 -g 0 "$new_unit" "$UNIT_PATH"
info "Installed systemd unit: ${UNIT_PATH}"
systemctl daemon-reload
fi
}
enable_and_start() {
# stop_service_if_running already handled any pre-existing instance before the swap.
systemctl enable flashduty-runner >/dev/null 2>&1 || true
systemctl start flashduty-runner
# Give the process a moment to exec + either connect or crash, then check status.
sleep 2
if systemctl is-active --quiet flashduty-runner; then
info "Service is active. Check status: systemctl status flashduty-runner"
else
warn "Service failed to start. Logs: journalctl -u flashduty-runner -n 50"
warn "Previous binary preserved at ${INSTALL_DIR}/${BINARY_NAME}.bak for rollback."
fi
}
# ---------------------------------------------------------------------------
# Uninstall
# ---------------------------------------------------------------------------
uninstall() {
info "Uninstalling flashduty-runner (purge=${PURGE})"
if command -v systemctl >/dev/null 2>&1 && [ -f "$UNIT_PATH" ]; then
systemctl stop flashduty-runner 2>/dev/null || true
systemctl disable flashduty-runner 2>/dev/null || true
rm -f "$UNIT_PATH"
systemctl daemon-reload 2>/dev/null || true
fi
rm -f "${INSTALL_DIR}/${BINARY_NAME}" "${INSTALL_DIR}/${BINARY_NAME}.bak"
if [ "$PURGE" = "true" ]; then
rm -rf "$CONFIG_DIR" "$STATE_DIR"
if id "$SERVICE_USER" >/dev/null 2>&1; then
if command -v userdel >/dev/null 2>&1; then
userdel "$SERVICE_USER" 2>/dev/null || true
elif command -v deluser >/dev/null 2>&1; then
deluser "$SERVICE_USER" 2>/dev/null || true
fi
fi
info "Purge complete."
else
info "Uninstall complete. Config preserved at ${CONFIG_DIR}. Run with --purge to remove it."
fi
}
# ---------------------------------------------------------------------------
# Main
# ---------------------------------------------------------------------------
do_install() {
detect_platform
detect_init
require_cmd curl tar
resolve_version
installed="$(get_installed_version || true)"
# Binary reports "0.0.5"; VERSION carries "v0.0.5" β strip the leading "v" for comparison.
if [ -n "$installed" ] && [ "$installed" = "${VERSION#v}" ]; then
info "Already at ${VERSION}, nothing to do."
return
fi
download_and_verify
stop_service_if_running
install_binary
if [ "$NO_SERVICE" = "true" ] || [ "$OS" = "darwin" ]; then
info "Binary-only install complete."
info "Start manually: ${INSTALL_DIR}/${BINARY_NAME} run --token <your-token>"
return
fi
ensure_user
ensure_workdir
ensure_token
write_env_file
if [ "$INIT" = "systemd" ]; then
install_systemd_unit
enable_and_start
info "Installed ${BINARY_NAME} ${VERSION}."
else
info "Systemd not detected. Binary installed at ${INSTALL_DIR}/${BINARY_NAME}."
info "Start manually with 'flashduty-runner run' or wire it into your init system."
fi
}
main() {
parse_args "$@"
require_root
# Serialize concurrent installs. flock is optional; skip if absent.
if command -v flock >/dev/null 2>&1; then
mkdir -p "$(dirname "$LOCK_FILE")"
exec 9>"$LOCK_FILE"
if ! flock -n 9; then
die 1 "Another install.sh is already running (lock: ${LOCK_FILE})"
fi
fi
case "$MODE" in
install) do_install ;;
uninstall) uninstall ;;
*) die 1 "Unknown mode: $MODE" ;;
esac
}
main "$@"