refactor core moving files to core/rootfs

move helper scripts to /opt/lib from /opt/bin therein refactor creating a user and installing UCI shell
2024-01-29 15:11:57 -08:00 · 2024-01-29 15:11:57 -08:00 · f8d0c78bf6
parent d89001bc51
commit f8d0c78bf6
13 changed files with 116 additions and 191 deletions
--- a/Dockerfile.d/core.tpl
+++ b/Dockerfile.d/core.tpl
@ -7,11 +7,13 @@
 %
 if ! { [ "$VERBOSE" = "core" ] || [ "$VERBOSE" = "all" ]; }; then unset VERBOSE; fi
 echo "**************************************" 
 echo "****** Building UCI Image Core ******" 
 echo copying core rootfs to image
 /bin/cp -R -f -p rootfs/. /
 . /opt/lib/verbose.lib 
 echo "**************************************" 
 echo "****** Building UCI Image Core ******" 
 quiet echo core build directory
 quiet pwd
 quiet ls -la
--- a/core/core.sh
+++ b/core/core.sh
@ -10,6 +10,8 @@ if [[ -f ./build.env ]]; then
    source ./build.env 
 fi
 source $LIB_DIR/verbose.lib
 [[ -f ./custom-core.sh ]] && echo "sourcing custom core script" && source "./custom-core.sh" 
 echo appending pkg commands to core_run.env
 echo appending sourcing of $ENV_DIR/run.env if it exists
 cat <<ENV >> /opt/core_run.env
@ -21,14 +23,16 @@ quiet cat /opt/core_run.env
 mkdir -p /etc/profile.d
 echo creating login sourcing file for core_run.env in /etc/profile.d
 echo "source /opt/core_run.env" > /etc/profile.d/01-core-run-env.sh
-quiet ls -la /etc/profile.d
+
 # if UCI_SHELL is set then USER must be login user 
 [[ $USER_PW ]] && export USER=${USER:-host}
 if [[ $USER ]]; then
    export UHID=${UHID:-1000}
    chown -R -h $UHID:$UHID /opt $VOLUME_DIRS
-    /bin/bash user.sh
+    $LIB_DIR/user-create
 fi
-[[ $UCI_SHELL ]] && /bin/bash uci-shell.sh
+[[ $UCI_SHELL ]] && $LIB_DIR/uci-shell
-
+quiet ls -la /etc/profile.d
 quiet cat /etc/profile
 ls -la /opt
 echo "done ------------- CORE INSTALLATION ------------"
--- a/core/rootfs/etc/profile
+++ b/core/rootfs/etc/profile
@ -1,83 +0,0 @@
 #!/bin/bash
 # do not add code here for non-interative login shell
 # rather put additional non-interactive profile script code in files in /etc/profile.d
 # this files is sourced for all login shells and also interactive non-login shells via /etc/bash.bashrc
 # more info see http://www.linuxfromscratch.org/blfs/view/svn/postlfs/profile.html
 # interactive non-login and login shells will call the BASH_SHELL_LOAD script below
 # non-interative login shells only source /etc/profile.d 
 # in profile.d is 03-startup.sh which will call 
 # any of the scripts in a repo's startup subdirectory 
 # non-interactive non-login shells are not handled here only via /etc/bash.bashrc
 # interactive login 
 ([ -n "$SSH_CONNECTION" ] || [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]) && export SSH_SESSION=true
 [[ $- == *i* ]] && export SHELL_INTERACTIVE=true
 shopt -q login_shell && export SHELL_LOGIN=true 
 [ $EUID -eq 0 ] && export USER_ROOT=true
 # uncomment for debugging non-interactive login shell, i.e. $ . /etc/profile
 #unset SHELL_INTERACTIVE
 #uncomment these for debugging.
 #  echo ---- sourcing system /etc/profile ---
 #  [[ $USER_ROOT ]] && echo 'Root User' || echo 'Non Root User'
 #  [[ $SHELL_INTERACTIVE ]] && echo 'Interactive' || echo 'Not interactive'
 #  [[ $SHELL_LOGIN ]] && echo 'Login shell' || echo 'Not login shell'
 #  [[ $SSH_SESSION ]] && echo ssh remote user || echo local user
 #  echo ---------------------
 # Set the initial path
 export PATH=/bin:/usr/bin:/usr/local/bin
 # set directory for base shell repo
 export BASH_SHELL_BASE=/shell
 # now bootstrap by souring the shell repo envinroment
 source $BASH_SHELL_BASE/shell.env
 # set $BASH_SAFE_MODE=true in shell.env to disable UCI interactive shell from loading
 # TODO see if  $NO_BASH_SHELL_SSH=true in user or host directory (at the remote machine)
 # if so don't source the load command below and make just a simple prompt.
 if [[ $SHELL_INTERACTIVE ]]; then 
 if [[ ! $BASH_SAFE_MODE ]]; then
   # echo interactive shell loading $BASH_SHELL_LOAD
   source "$BASH_SHELL_LOAD"
 else
   # safe mode
   # just set a simple prompt instead
   NORMAL="\[\e[0m\]"
   RED="\[\e[1;31m\]"
   GREEN="\[\e[1;32m\]"
   YELLOW='\e[1;33m'
   if [[ $EUID == 0 ]] ; then
     PS1="${YELLOW}SAFE:$RED\u [ $NORMAL\w$RED ]# $NORMAL"
   else
     PS1="${YELLOW}SAFE:$GREEN \u [ $NORMAL\w$GREEN ]\$ $NORMAL"
   fi
   unset RED GREEN NORMAL YELLOW
 fi
 else
  # this is non-interactive login (e.g. at user machine login)
  if [[ $EUID -ne 0 ]] && [[ ! $SSH_SESSION ]]; then
    export LOGIN_LOG=$HOME/logs/login.log
    mkdir -p $HOME/logs
    touch $LOGIN_LOG
    llog () {
       echo "$@" >> $LOGIN_LOG 2>&1
    }
    export -f llog
    llog "$(env | grep BASH)"
    echo "$(date)" > $LOGIN_LOG
    llog "non-interactive login shell for $USER"
    if [ -d /etc/profile.d ]; then
       for i in /etc/profile.d/*.sh; do
         if [ -r $i ]; then
           llog "sourcing $i"
           source $i
         fi
       done
       unset i
    fi
  fi
 fi
--- a/core/rootfs/etc/profile.d/02-root.sh
+++ b/core/rootfs/etc/profile.d/02-root.sh
@ -1,6 +0,0 @@
 # root login setup only, put in if block
 if [ $EUID -eq 0 ] ; then # if root user
        echo login profile, root specific setup
        export PATH=$PATH:/sbin:/usr/sbin:/usr/local/sbin
        unset HISTFILE
 fi
--- a/core/rootfs/etc/profile.d/03-startup.sh
+++ b/core/rootfs/etc/profile.d/03-startup.sh
@ -1,10 +0,0 @@
 # this runs startups for bash shell base system
 # don't run statup if user logs in via su
  if  [ "$SHELL" = "/bin/bash" ] && [ "${BASH_SHELL_STARTUP}" ] && [ "$(ps -o comm= $PPID)" != "su" ]; then
    # uncomment for debugging
    if [[ -f $BASH_SHELL_STARTUP ]] && [[ $EUID -ne 0 ]]; then
     llog "sourcing startup script $BASH_SHELL_STARTUP"
    #  (${BASH_SHELL_STARTUP}) &
    source ${BASH_SHELL_STARTUP}
   fi
 fi
--- a/core/rootfs/opt/bin/entrypoint
+++ b/core/rootfs/opt/bin/entrypoint
@ -1,18 +1,23 @@
 #!/bin/bash
 source /opt/core_run.env
 case "$1" in
 cmd=$1
 # [[ $DEVELOPMENT && $cmd == "${ENTRYPOINT_CMD:-start}" ]] && echo "development mode enabled, idling container" && cmd=idle  
 case "$cmd" in
 maphostid)
 shift 1
-/bin/bash -l -c '$BIN_DIR/map-host-id $@' $0 "$@"
+/bin/bash -l -c '$:LIB_DIR/map-host-id $@' $0 "$@"
 ;;
 idle)
 echo container put in idle mode, use docker terminal to access
 sleep infinity
 ;;
 image)
 shift 1
-/bin/bash -l -c '$BIN_DIR/image-info $@' $0 "$@"
+/bin/bash -l -c '$LIB_DIR/image-info $@' $0 "$@"
 ;;
 shell)
 shift 1
@ -29,7 +34,7 @@ cat | /bin/bash -l
 ;;
 ${ENTRYPOINT_CMD:-start})
 shift 1
-/bin/bash -l -c '${ENTRYPOINT_CMD_PATH:-$BIN_DIR/start} $@' $0 "$@"
+/bin/bash -l -c '${ENTRYPOINT_CMD_PATH:-$BIN_DIR/${ENTRYPOINT_CMD:-start}} $@' $0 "$@"
 ;;
 *)
 echo "--- command passed to container: $* ---"
--- a/core/rootfs/opt/lib/image-info
+++ b/core/rootfs/opt/lib/image-info
--- a/core/rootfs/opt/lib/uci-shell
+++ b/core/rootfs/opt/lib/uci-shell
@ -0,0 +1,29 @@
 #!/bin/bash
 echo -e "\n------------ ADD UCI-SHELL ---------------"
 /bin/cp -R -f -p shell/. /shell
 ls -la /
 ls -ls /shell
 # mkdir -p /shell
 # _url=https://git.kebler.net/bash/shell-base.git
 # git clone $_url /shell
 source /shell/base/install/install.sh 
 usermod --shell /bin/bash root
 if [[ $USER_PW ]]; then
 echo adding shell for login user $USER
 homedir=$( getent passwd "$USER" | cut -d: -f6 )
 mkdir -p $homedir/shell 
 uci_bash_shell_install $USER
 chown -R :$USER /shell 
 chmod -R g+r /shell
 # setfacl -d --set u::rwx,g::rwx,o::- /shell
 chown -R :host $homedir/shell 
 chmod -R g+rw $homedir/shell
 # setfacl -d --set u::rwx,g::rwx,o::- /home/$USER/shell
 else 
 uci_bash_shell_install 
 fi
 echo "----------- uci shell install complete ------"
--- a/core/rootfs/opt/lib/user-create
+++ b/core/rootfs/opt/lib/user-create
@ -0,0 +1,66 @@
 #!/bin/bash
 USER=${1:-$USER}
 USER_PW=${2-$USER_PW}
 UHID=${UHID:-1000}
 # TODO make SUDO conditional on USER_SUDO=true
 if [[ $USER ]]; then
 echo "------- Adding USER: $USER with ID: $UHID ------"
 cat <<DOC >> /etc/login.defs
 SYS_UID_MAX   $UHID"
 SYS_GID_MAX   $UHID"
 DOC
    source $LIB_DIR/verbose.lib
    # echo loading acl package
    # silence $INSTALL_PKGS acl
    groupadd -g $UHID $USER
    # user passwords implies system (sudo) login user
    if [[ $USER_PW ]]; then
        echo "$USER is being created as a login user"
        useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER
        echo $USER groups: $(groups $USER)
        chpasswd <<< "${USER}:${USER_PW}"
 # SUDOERS Setup 
        cat <<SUDO >> /etc/sudoers.d/01-sudo-wheel
 Defaults lecture = never     
 %wheel ALL=(ALL:ALL) ALL
 %sudo  ALL=(ALL:ALL) ALL
 SUDO
    chmod 440 /etc/sudoers.d/01-sudo-wheel
        cat <<USER >> /etc/sudoers.d/02-$USER
 $USER ALL = NOPASSWD:/bin/chown
 $USER ALL = NOPASSWD:/bin/chmod
 USER
        chmod 440 /etc/sudoers.d/02-$USER
        if [[ -f $USER-permits ]]; then
            echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---"
            cat $USER-permits 
            cat $USER-permits >> /etc/sudoers.d/02-$USER
        fi 
    else
        echo $USER will be a non login user
        # home_dir=${USER_HOME:-/home/$USER}
        # mkdir -p $home_dir
        useradd -rM -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -p '*' -d /dev/null
        # usermod -p '*' $USER
        # -d $home_dir
        # chown $USER:$USER $home_dir
 fi   
 # shellcheck enable=add-default-case      
 # chmod -R g+rw /opt
 # setfacl -d --set u::rwx,g::rwx,o::- /opt
 cat /etc/passwd | grep $USER
 id $USER
 echo "done------- Adding USER: $USER ------"
 fi
--- a/core/rootfs/opt/lib/user-map-host-id
+++ b/core/rootfs/opt/lib/user-map-host-id
--- a/core/rootfs/opt/lib/user-set-host-id
+++ b/core/rootfs/opt/lib/user-set-host-id
--- a/core/uci-shell.sh
+++ b/core/uci-shell.sh
@ -1,24 +0,0 @@
 #!/bin/bash
 echo -e "\n------------ ADD UCI-SHELL ---------------"
 mkdir -p /shell
 _url=https://git.kebler.net/bash/shell-base.git
 git clone $_url /shell
 source /shell/install/install.sh 
 if [[ $USER_PW ]]; then
 echo adding shell for login user $USER
 mkdir -p /home/$USER/shell 
 uci_bash_shell_install $USER
 chown -R $USER:$USER /shell 
 chmod -R g+rw /shell
 # setfacl -d --set u::rwx,g::rwx,o::- /shell
 chown -R :host /home/$USER/shell 
 chmod -R g+rw /home/$USER/shell
 # setfacl -d --set u::rwx,g::rwx,o::- /home/$USER/shell
 else 
 uci_bash_shell_install 
 fi
 echo "----------- uci shell install complete ------"
--- a/core/user.sh
+++ b/core/user.sh
@ -1,58 +0,0 @@
 #!/bin/bash
 USER=${1:-$USER}
 USER_PW=${2-$USER_PW}
 UHID=${UHID:-1000}
 if [[ $USER ]]; then
 echo "------- Adding USER: $USER with ID: $UHID ------"
 cat <<DOC >> /etc/login.defs
 SYS_UID_MAX   $UHID"
 SYS_GID_MAX   $UHID"
 DOC
    source $LIB_DIR/verbose.lib
    # echo loading acl package
    # silence $INSTALL_PKGS acl
    groupadd -g $UHID $USER
    # user passwords implies system (sudo) login user
    if [[ $USER_PW ]]; then
    echo "login system user being created"
    useradd -rm -s /bin/bash -G $USER,$([[ $(getent group sudo) ]] && echo sudo || echo wheel) -g $USER -u $UHID $USER
    echo $USER groups: $(groups $USER)
    chpasswd <<< "${USER}:${USER_PW}"
 # SUDOERS Setup 
 cat <<SUDO >> /etc/sudoers.d/01-sudo-wheel
 Defaults lecture = never     
 %wheel ALL=(ALL:ALL) ALL
 %sudo  ALL=(ALL:ALL) ALL
 SUDO
    chmod 440 /etc/sudoers.d/01-sudo-wheel
 cat <<USER >> /etc/sudoers.d/02-$USER
 $USER ALL = NOPASSWD:/bin/chown
 $USER ALL = NOPASSWD:/bin/chmod
 USER
    chmod 440 /etc/sudoers.d/02-$USER
    if [[ -f $USER-permits ]]; then
        echo "--- $USER-permits file supplied copying to /etc/sudoers.d ---"
        cat $USER-permits 
        cat $USER-permits >> /etc/sudoers.d/02-$USER
    fi 
  else
    home_dir=$([[ $USER_HOME ]] && echo "$USER_HOME" || echo "/opt/user" )
    mkdir -p $home_dir
    useradd -s /sbin/nologin -G $USER -g $USER -u $UHID $USER -d $home_dir
    chown $USER:$USER $home_dir
 fi   
 # shellcheck enable=add-default-case      
 # chmod -R g+rw /opt
 # setfacl -d --set u::rwx,g::rwx,o::- /opt
 cat /etc/passwd | grep $USER
 echo "done------- Adding USER: $USER ------"
 fi