├── .github
└── workflows
│ └── shellcheck.yml
├── LICENSE
├── README.md
├── bookworm
├── bullseye
├── switchtoStable
├── switchtoTesting
├── switchtoUnstable
└── trixie
/.github/workflows/shellcheck.yml:
--------------------------------------------------------------------------------
1 | name: Run Shellcheck on push and PR
2 |
3 | on:
4 | push:
5 | pull_request:
6 |
7 | jobs:
8 | shellcheck:
9 | name: Shellcheck
10 | runs-on: ubuntu-latest
11 | steps:
12 | - uses: actions/checkout@v3
13 | - name: Run ShellCheck
14 | uses: ludeeus/action-shellcheck@master
15 | env:
16 | SHELLCHECK_OPTS: -x
17 | with:
18 | additional_files: bookworm switchtoTesting switchtoUnstable
19 | ignore_paths: ./bullseye
20 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | GNU AFFERO GENERAL PUBLIC LICENSE
2 | Version 3, 19 November 2007
3 |
4 | Copyright (C) 2007 Free Software Foundation, Inc.
5 | Everyone is permitted to copy and distribute verbatim copies
6 | of this license document, but changing it is not allowed.
7 |
8 | Preamble
9 |
10 | The GNU Affero General Public License is a free, copyleft license for
11 | software and other kinds of works, specifically designed to ensure
12 | cooperation with the community in the case of network server software.
13 |
14 | The licenses for most software and other practical works are designed
15 | to take away your freedom to share and change the works. By contrast,
16 | our General Public Licenses are intended to guarantee your freedom to
17 | share and change all versions of a program--to make sure it remains free
18 | software for all its users.
19 |
20 | When we speak of free software, we are referring to freedom, not
21 | price. Our General Public Licenses are designed to make sure that you
22 | have the freedom to distribute copies of free software (and charge for
23 | them if you wish), that you receive source code or can get it if you
24 | want it, that you can change the software or use pieces of it in new
25 | free programs, and that you know you can do these things.
26 |
27 | Developers that use our General Public Licenses protect your rights
28 | with two steps: (1) assert copyright on the software, and (2) offer
29 | you this License which gives you legal permission to copy, distribute
30 | and/or modify the software.
31 |
32 | A secondary benefit of defending all users' freedom is that
33 | improvements made in alternate versions of the program, if they
34 | receive widespread use, become available for other developers to
35 | incorporate. Many developers of free software are heartened and
36 | encouraged by the resulting cooperation. However, in the case of
37 | software used on network servers, this result may fail to come about.
38 | The GNU General Public License permits making a modified version and
39 | letting the public access it on a server without ever releasing its
40 | source code to the public.
41 |
42 | The GNU Affero General Public License is designed specifically to
43 | ensure that, in such cases, the modified source code becomes available
44 | to the community. It requires the operator of a network server to
45 | provide the source code of the modified version running there to the
46 | users of that server. Therefore, public use of a modified version, on
47 | a publicly accessible server, gives the public access to the source
48 | code of the modified version.
49 |
50 | An older license, called the Affero General Public License and
51 | published by Affero, was designed to accomplish similar goals. This is
52 | a different license, not a version of the Affero GPL, but Affero has
53 | released a new version of the Affero GPL which permits relicensing under
54 | this license.
55 |
56 | The precise terms and conditions for copying, distribution and
57 | modification follow.
58 |
59 | TERMS AND CONDITIONS
60 |
61 | 0. Definitions.
62 |
63 | "This License" refers to version 3 of the GNU Affero General Public License.
64 |
65 | "Copyright" also means copyright-like laws that apply to other kinds of
66 | works, such as semiconductor masks.
67 |
68 | "The Program" refers to any copyrightable work licensed under this
69 | License. Each licensee is addressed as "you". "Licensees" and
70 | "recipients" may be individuals or organizations.
71 |
72 | To "modify" a work means to copy from or adapt all or part of the work
73 | in a fashion requiring copyright permission, other than the making of an
74 | exact copy. The resulting work is called a "modified version" of the
75 | earlier work or a work "based on" the earlier work.
76 |
77 | A "covered work" means either the unmodified Program or a work based
78 | on the Program.
79 |
80 | To "propagate" a work means to do anything with it that, without
81 | permission, would make you directly or secondarily liable for
82 | infringement under applicable copyright law, except executing it on a
83 | computer or modifying a private copy. Propagation includes copying,
84 | distribution (with or without modification), making available to the
85 | public, and in some countries other activities as well.
86 |
87 | To "convey" a work means any kind of propagation that enables other
88 | parties to make or receive copies. Mere interaction with a user through
89 | a computer network, with no transfer of a copy, is not conveying.
90 |
91 | An interactive user interface displays "Appropriate Legal Notices"
92 | to the extent that it includes a convenient and prominently visible
93 | feature that (1) displays an appropriate copyright notice, and (2)
94 | tells the user that there is no warranty for the work (except to the
95 | extent that warranties are provided), that licensees may convey the
96 | work under this License, and how to view a copy of this License. If
97 | the interface presents a list of user commands or options, such as a
98 | menu, a prominent item in the list meets this criterion.
99 |
100 | 1. Source Code.
101 |
102 | The "source code" for a work means the preferred form of the work
103 | for making modifications to it. "Object code" means any non-source
104 | form of a work.
105 |
106 | A "Standard Interface" means an interface that either is an official
107 | standard defined by a recognized standards body, or, in the case of
108 | interfaces specified for a particular programming language, one that
109 | is widely used among developers working in that language.
110 |
111 | The "System Libraries" of an executable work include anything, other
112 | than the work as a whole, that (a) is included in the normal form of
113 | packaging a Major Component, but which is not part of that Major
114 | Component, and (b) serves only to enable use of the work with that
115 | Major Component, or to implement a Standard Interface for which an
116 | implementation is available to the public in source code form. A
117 | "Major Component", in this context, means a major essential component
118 | (kernel, window system, and so on) of the specific operating system
119 | (if any) on which the executable work runs, or a compiler used to
120 | produce the work, or an object code interpreter used to run it.
121 |
122 | The "Corresponding Source" for a work in object code form means all
123 | the source code needed to generate, install, and (for an executable
124 | work) run the object code and to modify the work, including scripts to
125 | control those activities. However, it does not include the work's
126 | System Libraries, or general-purpose tools or generally available free
127 | programs which are used unmodified in performing those activities but
128 | which are not part of the work. For example, Corresponding Source
129 | includes interface definition files associated with source files for
130 | the work, and the source code for shared libraries and dynamically
131 | linked subprograms that the work is specifically designed to require,
132 | such as by intimate data communication or control flow between those
133 | subprograms and other parts of the work.
134 |
135 | The Corresponding Source need not include anything that users
136 | can regenerate automatically from other parts of the Corresponding
137 | Source.
138 |
139 | The Corresponding Source for a work in source code form is that
140 | same work.
141 |
142 | 2. Basic Permissions.
143 |
144 | All rights granted under this License are granted for the term of
145 | copyright on the Program, and are irrevocable provided the stated
146 | conditions are met. This License explicitly affirms your unlimited
147 | permission to run the unmodified Program. The output from running a
148 | covered work is covered by this License only if the output, given its
149 | content, constitutes a covered work. This License acknowledges your
150 | rights of fair use or other equivalent, as provided by copyright law.
151 |
152 | You may make, run and propagate covered works that you do not
153 | convey, without conditions so long as your license otherwise remains
154 | in force. You may convey covered works to others for the sole purpose
155 | of having them make modifications exclusively for you, or provide you
156 | with facilities for running those works, provided that you comply with
157 | the terms of this License in conveying all material for which you do
158 | not control copyright. Those thus making or running the covered works
159 | for you must do so exclusively on your behalf, under your direction
160 | and control, on terms that prohibit them from making any copies of
161 | your copyrighted material outside their relationship with you.
162 |
163 | Conveying under any other circumstances is permitted solely under
164 | the conditions stated below. Sublicensing is not allowed; section 10
165 | makes it unnecessary.
166 |
167 | 3. Protecting Users' Legal Rights From Anti-Circumvention Law.
168 |
169 | No covered work shall be deemed part of an effective technological
170 | measure under any applicable law fulfilling obligations under article
171 | 11 of the WIPO copyright treaty adopted on 20 December 1996, or
172 | similar laws prohibiting or restricting circumvention of such
173 | measures.
174 |
175 | When you convey a covered work, you waive any legal power to forbid
176 | circumvention of technological measures to the extent such circumvention
177 | is effected by exercising rights under this License with respect to
178 | the covered work, and you disclaim any intention to limit operation or
179 | modification of the work as a means of enforcing, against the work's
180 | users, your or third parties' legal rights to forbid circumvention of
181 | technological measures.
182 |
183 | 4. Conveying Verbatim Copies.
184 |
185 | You may convey verbatim copies of the Program's source code as you
186 | receive it, in any medium, provided that you conspicuously and
187 | appropriately publish on each copy an appropriate copyright notice;
188 | keep intact all notices stating that this License and any
189 | non-permissive terms added in accord with section 7 apply to the code;
190 | keep intact all notices of the absence of any warranty; and give all
191 | recipients a copy of this License along with the Program.
192 |
193 | You may charge any price or no price for each copy that you convey,
194 | and you may offer support or warranty protection for a fee.
195 |
196 | 5. Conveying Modified Source Versions.
197 |
198 | You may convey a work based on the Program, or the modifications to
199 | produce it from the Program, in the form of source code under the
200 | terms of section 4, provided that you also meet all of these conditions:
201 |
202 | a) The work must carry prominent notices stating that you modified
203 | it, and giving a relevant date.
204 |
205 | b) The work must carry prominent notices stating that it is
206 | released under this License and any conditions added under section
207 | 7. This requirement modifies the requirement in section 4 to
208 | "keep intact all notices".
209 |
210 | c) You must license the entire work, as a whole, under this
211 | License to anyone who comes into possession of a copy. This
212 | License will therefore apply, along with any applicable section 7
213 | additional terms, to the whole of the work, and all its parts,
214 | regardless of how they are packaged. This License gives no
215 | permission to license the work in any other way, but it does not
216 | invalidate such permission if you have separately received it.
217 |
218 | d) If the work has interactive user interfaces, each must display
219 | Appropriate Legal Notices; however, if the Program has interactive
220 | interfaces that do not display Appropriate Legal Notices, your
221 | work need not make them do so.
222 |
223 | A compilation of a covered work with other separate and independent
224 | works, which are not by their nature extensions of the covered work,
225 | and which are not combined with it such as to form a larger program,
226 | in or on a volume of a storage or distribution medium, is called an
227 | "aggregate" if the compilation and its resulting copyright are not
228 | used to limit the access or legal rights of the compilation's users
229 | beyond what the individual works permit. Inclusion of a covered work
230 | in an aggregate does not cause this License to apply to the other
231 | parts of the aggregate.
232 |
233 | 6. Conveying Non-Source Forms.
234 |
235 | You may convey a covered work in object code form under the terms
236 | of sections 4 and 5, provided that you also convey the
237 | machine-readable Corresponding Source under the terms of this License,
238 | in one of these ways:
239 |
240 | a) Convey the object code in, or embodied in, a physical product
241 | (including a physical distribution medium), accompanied by the
242 | Corresponding Source fixed on a durable physical medium
243 | customarily used for software interchange.
244 |
245 | b) Convey the object code in, or embodied in, a physical product
246 | (including a physical distribution medium), accompanied by a
247 | written offer, valid for at least three years and valid for as
248 | long as you offer spare parts or customer support for that product
249 | model, to give anyone who possesses the object code either (1) a
250 | copy of the Corresponding Source for all the software in the
251 | product that is covered by this License, on a durable physical
252 | medium customarily used for software interchange, for a price no
253 | more than your reasonable cost of physically performing this
254 | conveying of source, or (2) access to copy the
255 | Corresponding Source from a network server at no charge.
256 |
257 | c) Convey individual copies of the object code with a copy of the
258 | written offer to provide the Corresponding Source. This
259 | alternative is allowed only occasionally and noncommercially, and
260 | only if you received the object code with such an offer, in accord
261 | with subsection 6b.
262 |
263 | d) Convey the object code by offering access from a designated
264 | place (gratis or for a charge), and offer equivalent access to the
265 | Corresponding Source in the same way through the same place at no
266 | further charge. You need not require recipients to copy the
267 | Corresponding Source along with the object code. If the place to
268 | copy the object code is a network server, the Corresponding Source
269 | may be on a different server (operated by you or a third party)
270 | that supports equivalent copying facilities, provided you maintain
271 | clear directions next to the object code saying where to find the
272 | Corresponding Source. Regardless of what server hosts the
273 | Corresponding Source, you remain obligated to ensure that it is
274 | available for as long as needed to satisfy these requirements.
275 |
276 | e) Convey the object code using peer-to-peer transmission, provided
277 | you inform other peers where the object code and Corresponding
278 | Source of the work are being offered to the general public at no
279 | charge under subsection 6d.
280 |
281 | A separable portion of the object code, whose source code is excluded
282 | from the Corresponding Source as a System Library, need not be
283 | included in conveying the object code work.
284 |
285 | A "User Product" is either (1) a "consumer product", which means any
286 | tangible personal property which is normally used for personal, family,
287 | or household purposes, or (2) anything designed or sold for incorporation
288 | into a dwelling. In determining whether a product is a consumer product,
289 | doubtful cases shall be resolved in favor of coverage. For a particular
290 | product received by a particular user, "normally used" refers to a
291 | typical or common use of that class of product, regardless of the status
292 | of the particular user or of the way in which the particular user
293 | actually uses, or expects or is expected to use, the product. A product
294 | is a consumer product regardless of whether the product has substantial
295 | commercial, industrial or non-consumer uses, unless such uses represent
296 | the only significant mode of use of the product.
297 |
298 | "Installation Information" for a User Product means any methods,
299 | procedures, authorization keys, or other information required to install
300 | and execute modified versions of a covered work in that User Product from
301 | a modified version of its Corresponding Source. The information must
302 | suffice to ensure that the continued functioning of the modified object
303 | code is in no case prevented or interfered with solely because
304 | modification has been made.
305 |
306 | If you convey an object code work under this section in, or with, or
307 | specifically for use in, a User Product, and the conveying occurs as
308 | part of a transaction in which the right of possession and use of the
309 | User Product is transferred to the recipient in perpetuity or for a
310 | fixed term (regardless of how the transaction is characterized), the
311 | Corresponding Source conveyed under this section must be accompanied
312 | by the Installation Information. But this requirement does not apply
313 | if neither you nor any third party retains the ability to install
314 | modified object code on the User Product (for example, the work has
315 | been installed in ROM).
316 |
317 | The requirement to provide Installation Information does not include a
318 | requirement to continue to provide support service, warranty, or updates
319 | for a work that has been modified or installed by the recipient, or for
320 | the User Product in which it has been modified or installed. Access to a
321 | network may be denied when the modification itself materially and
322 | adversely affects the operation of the network or violates the rules and
323 | protocols for communication across the network.
324 |
325 | Corresponding Source conveyed, and Installation Information provided,
326 | in accord with this section must be in a format that is publicly
327 | documented (and with an implementation available to the public in
328 | source code form), and must require no special password or key for
329 | unpacking, reading or copying.
330 |
331 | 7. Additional Terms.
332 |
333 | "Additional permissions" are terms that supplement the terms of this
334 | License by making exceptions from one or more of its conditions.
335 | Additional permissions that are applicable to the entire Program shall
336 | be treated as though they were included in this License, to the extent
337 | that they are valid under applicable law. If additional permissions
338 | apply only to part of the Program, that part may be used separately
339 | under those permissions, but the entire Program remains governed by
340 | this License without regard to the additional permissions.
341 |
342 | When you convey a copy of a covered work, you may at your option
343 | remove any additional permissions from that copy, or from any part of
344 | it. (Additional permissions may be written to require their own
345 | removal in certain cases when you modify the work.) You may place
346 | additional permissions on material, added by you to a covered work,
347 | for which you have or can give appropriate copyright permission.
348 |
349 | Notwithstanding any other provision of this License, for material you
350 | add to a covered work, you may (if authorized by the copyright holders of
351 | that material) supplement the terms of this License with terms:
352 |
353 | a) Disclaiming warranty or limiting liability differently from the
354 | terms of sections 15 and 16 of this License; or
355 |
356 | b) Requiring preservation of specified reasonable legal notices or
357 | author attributions in that material or in the Appropriate Legal
358 | Notices displayed by works containing it; or
359 |
360 | c) Prohibiting misrepresentation of the origin of that material, or
361 | requiring that modified versions of such material be marked in
362 | reasonable ways as different from the original version; or
363 |
364 | d) Limiting the use for publicity purposes of names of licensors or
365 | authors of the material; or
366 |
367 | e) Declining to grant rights under trademark law for use of some
368 | trade names, trademarks, or service marks; or
369 |
370 | f) Requiring indemnification of licensors and authors of that
371 | material by anyone who conveys the material (or modified versions of
372 | it) with contractual assumptions of liability to the recipient, for
373 | any liability that these contractual assumptions directly impose on
374 | those licensors and authors.
375 |
376 | All other non-permissive additional terms are considered "further
377 | restrictions" within the meaning of section 10. If the Program as you
378 | received it, or any part of it, contains a notice stating that it is
379 | governed by this License along with a term that is a further
380 | restriction, you may remove that term. If a license document contains
381 | a further restriction but permits relicensing or conveying under this
382 | License, you may add to a covered work material governed by the terms
383 | of that license document, provided that the further restriction does
384 | not survive such relicensing or conveying.
385 |
386 | If you add terms to a covered work in accord with this section, you
387 | must place, in the relevant source files, a statement of the
388 | additional terms that apply to those files, or a notice indicating
389 | where to find the applicable terms.
390 |
391 | Additional terms, permissive or non-permissive, may be stated in the
392 | form of a separately written license, or stated as exceptions;
393 | the above requirements apply either way.
394 |
395 | 8. Termination.
396 |
397 | You may not propagate or modify a covered work except as expressly
398 | provided under this License. Any attempt otherwise to propagate or
399 | modify it is void, and will automatically terminate your rights under
400 | this License (including any patent licenses granted under the third
401 | paragraph of section 11).
402 |
403 | However, if you cease all violation of this License, then your
404 | license from a particular copyright holder is reinstated (a)
405 | provisionally, unless and until the copyright holder explicitly and
406 | finally terminates your license, and (b) permanently, if the copyright
407 | holder fails to notify you of the violation by some reasonable means
408 | prior to 60 days after the cessation.
409 |
410 | Moreover, your license from a particular copyright holder is
411 | reinstated permanently if the copyright holder notifies you of the
412 | violation by some reasonable means, this is the first time you have
413 | received notice of violation of this License (for any work) from that
414 | copyright holder, and you cure the violation prior to 30 days after
415 | your receipt of the notice.
416 |
417 | Termination of your rights under this section does not terminate the
418 | licenses of parties who have received copies or rights from you under
419 | this License. If your rights have been terminated and not permanently
420 | reinstated, you do not qualify to receive new licenses for the same
421 | material under section 10.
422 |
423 | 9. Acceptance Not Required for Having Copies.
424 |
425 | You are not required to accept this License in order to receive or
426 | run a copy of the Program. Ancillary propagation of a covered work
427 | occurring solely as a consequence of using peer-to-peer transmission
428 | to receive a copy likewise does not require acceptance. However,
429 | nothing other than this License grants you permission to propagate or
430 | modify any covered work. These actions infringe copyright if you do
431 | not accept this License. Therefore, by modifying or propagating a
432 | covered work, you indicate your acceptance of this License to do so.
433 |
434 | 10. Automatic Licensing of Downstream Recipients.
435 |
436 | Each time you convey a covered work, the recipient automatically
437 | receives a license from the original licensors, to run, modify and
438 | propagate that work, subject to this License. You are not responsible
439 | for enforcing compliance by third parties with this License.
440 |
441 | An "entity transaction" is a transaction transferring control of an
442 | organization, or substantially all assets of one, or subdividing an
443 | organization, or merging organizations. If propagation of a covered
444 | work results from an entity transaction, each party to that
445 | transaction who receives a copy of the work also receives whatever
446 | licenses to the work the party's predecessor in interest had or could
447 | give under the previous paragraph, plus a right to possession of the
448 | Corresponding Source of the work from the predecessor in interest, if
449 | the predecessor has it or can get it with reasonable efforts.
450 |
451 | You may not impose any further restrictions on the exercise of the
452 | rights granted or affirmed under this License. For example, you may
453 | not impose a license fee, royalty, or other charge for exercise of
454 | rights granted under this License, and you may not initiate litigation
455 | (including a cross-claim or counterclaim in a lawsuit) alleging that
456 | any patent claim is infringed by making, using, selling, offering for
457 | sale, or importing the Program or any portion of it.
458 |
459 | 11. Patents.
460 |
461 | A "contributor" is a copyright holder who authorizes use under this
462 | License of the Program or a work on which the Program is based. The
463 | work thus licensed is called the contributor's "contributor version".
464 |
465 | A contributor's "essential patent claims" are all patent claims
466 | owned or controlled by the contributor, whether already acquired or
467 | hereafter acquired, that would be infringed by some manner, permitted
468 | by this License, of making, using, or selling its contributor version,
469 | but do not include claims that would be infringed only as a
470 | consequence of further modification of the contributor version. For
471 | purposes of this definition, "control" includes the right to grant
472 | patent sublicenses in a manner consistent with the requirements of
473 | this License.
474 |
475 | Each contributor grants you a non-exclusive, worldwide, royalty-free
476 | patent license under the contributor's essential patent claims, to
477 | make, use, sell, offer for sale, import and otherwise run, modify and
478 | propagate the contents of its contributor version.
479 |
480 | In the following three paragraphs, a "patent license" is any express
481 | agreement or commitment, however denominated, not to enforce a patent
482 | (such as an express permission to practice a patent or covenant not to
483 | sue for patent infringement). To "grant" such a patent license to a
484 | party means to make such an agreement or commitment not to enforce a
485 | patent against the party.
486 |
487 | If you convey a covered work, knowingly relying on a patent license,
488 | and the Corresponding Source of the work is not available for anyone
489 | to copy, free of charge and under the terms of this License, through a
490 | publicly available network server or other readily accessible means,
491 | then you must either (1) cause the Corresponding Source to be so
492 | available, or (2) arrange to deprive yourself of the benefit of the
493 | patent license for this particular work, or (3) arrange, in a manner
494 | consistent with the requirements of this License, to extend the patent
495 | license to downstream recipients. "Knowingly relying" means you have
496 | actual knowledge that, but for the patent license, your conveying the
497 | covered work in a country, or your recipient's use of the covered work
498 | in a country, would infringe one or more identifiable patents in that
499 | country that you have reason to believe are valid.
500 |
501 | If, pursuant to or in connection with a single transaction or
502 | arrangement, you convey, or propagate by procuring conveyance of, a
503 | covered work, and grant a patent license to some of the parties
504 | receiving the covered work authorizing them to use, propagate, modify
505 | or convey a specific copy of the covered work, then the patent license
506 | you grant is automatically extended to all recipients of the covered
507 | work and works based on it.
508 |
509 | A patent license is "discriminatory" if it does not include within
510 | the scope of its coverage, prohibits the exercise of, or is
511 | conditioned on the non-exercise of one or more of the rights that are
512 | specifically granted under this License. You may not convey a covered
513 | work if you are a party to an arrangement with a third party that is
514 | in the business of distributing software, under which you make payment
515 | to the third party based on the extent of your activity of conveying
516 | the work, and under which the third party grants, to any of the
517 | parties who would receive the covered work from you, a discriminatory
518 | patent license (a) in connection with copies of the covered work
519 | conveyed by you (or copies made from those copies), or (b) primarily
520 | for and in connection with specific products or compilations that
521 | contain the covered work, unless you entered into that arrangement,
522 | or that patent license was granted, prior to 28 March 2007.
523 |
524 | Nothing in this License shall be construed as excluding or limiting
525 | any implied license or other defenses to infringement that may
526 | otherwise be available to you under applicable patent law.
527 |
528 | 12. No Surrender of Others' Freedom.
529 |
530 | If conditions are imposed on you (whether by court order, agreement or
531 | otherwise) that contradict the conditions of this License, they do not
532 | excuse you from the conditions of this License. If you cannot convey a
533 | covered work so as to satisfy simultaneously your obligations under this
534 | License and any other pertinent obligations, then as a consequence you may
535 | not convey it at all. For example, if you agree to terms that obligate you
536 | to collect a royalty for further conveying from those to whom you convey
537 | the Program, the only way you could satisfy both those terms and this
538 | License would be to refrain entirely from conveying the Program.
539 |
540 | 13. Remote Network Interaction; Use with the GNU General Public License.
541 |
542 | Notwithstanding any other provision of this License, if you modify the
543 | Program, your modified version must prominently offer all users
544 | interacting with it remotely through a computer network (if your version
545 | supports such interaction) an opportunity to receive the Corresponding
546 | Source of your version by providing access to the Corresponding Source
547 | from a network server at no charge, through some standard or customary
548 | means of facilitating copying of software. This Corresponding Source
549 | shall include the Corresponding Source for any work covered by version 3
550 | of the GNU General Public License that is incorporated pursuant to the
551 | following paragraph.
552 |
553 | Notwithstanding any other provision of this License, you have
554 | permission to link or combine any covered work with a work licensed
555 | under version 3 of the GNU General Public License into a single
556 | combined work, and to convey the resulting work. The terms of this
557 | License will continue to apply to the part which is the covered work,
558 | but the work with which it is combined will remain governed by version
559 | 3 of the GNU General Public License.
560 |
561 | 14. Revised Versions of this License.
562 |
563 | The Free Software Foundation may publish revised and/or new versions of
564 | the GNU Affero General Public License from time to time. Such new versions
565 | will be similar in spirit to the present version, but may differ in detail to
566 | address new problems or concerns.
567 |
568 | Each version is given a distinguishing version number. If the
569 | Program specifies that a certain numbered version of the GNU Affero General
570 | Public License "or any later version" applies to it, you have the
571 | option of following the terms and conditions either of that numbered
572 | version or of any later version published by the Free Software
573 | Foundation. If the Program does not specify a version number of the
574 | GNU Affero General Public License, you may choose any version ever published
575 | by the Free Software Foundation.
576 |
577 | If the Program specifies that a proxy can decide which future
578 | versions of the GNU Affero General Public License can be used, that proxy's
579 | public statement of acceptance of a version permanently authorizes you
580 | to choose that version for the Program.
581 |
582 | Later license versions may give you additional or different
583 | permissions. However, no additional obligations are imposed on any
584 | author or copyright holder as a result of your choosing to follow a
585 | later version.
586 |
587 | 15. Disclaimer of Warranty.
588 |
589 | THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
590 | APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
591 | HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
592 | OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
593 | THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
594 | PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
595 | IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
596 | ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
597 |
598 | 16. Limitation of Liability.
599 |
600 | IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
601 | WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
602 | THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
603 | GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
604 | USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
605 | DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
606 | PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
607 | EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
608 | SUCH DAMAGES.
609 |
610 | 17. Interpretation of Sections 15 and 16.
611 |
612 | If the disclaimer of warranty and limitation of liability provided
613 | above cannot be given local legal effect according to their terms,
614 | reviewing courts shall apply local law that most closely approximates
615 | an absolute waiver of all civil liability in connection with the
616 | Program, unless a warranty or assumption of liability accompanies a
617 | copy of the Program in return for a fee.
618 |
619 | END OF TERMS AND CONDITIONS
620 |
621 | How to Apply These Terms to Your New Programs
622 |
623 | If you develop a new program, and you want it to be of the greatest
624 | possible use to the public, the best way to achieve this is to make it
625 | free software which everyone can redistribute and change under these terms.
626 |
627 | To do so, attach the following notices to the program. It is safest
628 | to attach them to the start of each source file to most effectively
629 | state the exclusion of warranty; and each file should have at least
630 | the "copyright" line and a pointer to where the full notice is found.
631 |
632 |
633 | Copyright (C)
634 |
635 | This program is free software: you can redistribute it and/or modify
636 | it under the terms of the GNU Affero General Public License as published
637 | by the Free Software Foundation, either version 3 of the License, or
638 | (at your option) any later version.
639 |
640 | This program is distributed in the hope that it will be useful,
641 | but WITHOUT ANY WARRANTY; without even the implied warranty of
642 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
643 | GNU Affero General Public License for more details.
644 |
645 | You should have received a copy of the GNU Affero General Public License
646 | along with this program. If not, see .
647 |
648 | Also add information on how to contact you by electronic and paper mail.
649 |
650 | If your software can interact with users remotely through a computer
651 | network, you should also make sure that it provides a way for users to
652 | get its source. For example, if your program is a web application, its
653 | interface could display a "Source" link that leads users to an archive
654 | of the code. There are many ways you could offer source, and different
655 | solutions will be better for different programs; see section 13 for the
656 | specific requirements.
657 |
658 | You should also get your employer (if you work as a programmer) or school,
659 | if any, to sign a "copyright disclaimer" for the program, if necessary.
660 | For more information on this, and how to apply and follow the GNU AGPL, see
661 | .
662 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # YunoHost installation scripts
2 |
3 | Please report any issue/feedback on https://github.com/YunoHost/issues/issues
4 |
5 | ## Context
6 |
7 | The script `install_yunohost` will install [YunoHost](https://yunohost.org/) on a Debian system.
8 |
9 | Only Debian systems running with kernel >= 3.12 [systemd](https://wiki.debian.org/systemd) - which is generally the default - are supported.
10 |
11 | ## Basic usage
12 |
13 | With a `curl|bash` syntax :
14 |
15 | ```bash
16 | $ curl https://raw.githubusercontent.com/YunoHost/install_script/main/ | bash
17 | ```
18 |
19 | If something goes wrong, you can check the installation logs saved in `/var/log/yunohost-installation.log`
20 |
21 | ## Advanced usage
22 |
23 | The script supports a number of positional arguments:
24 |
25 | ```
26 | $ bash install_yunohost -h
27 | Usage :
28 | install_yunohost [-a] [-d ] [-h]
29 |
30 | Options :
31 | -a Enable automatic mode. No questions are asked.
32 | This does not perform the post-install step.
33 | -d Choose the distribution to install ('stable', 'testing', 'unstable').
34 | Defaults to 'stable'
35 | -h Prints this help and exit
36 | ```
37 |
38 | Option `-a` is useful for fully automated headless installations.
39 |
40 | The [post-installation](https://yunohost.org/#/postinstall) will have to be performed later.
41 |
--------------------------------------------------------------------------------
/bookworm:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # shellcheck disable=SC2059
3 |
4 | # Copyright (C) 2015-2023 YunoHost
5 | #
6 | # This program is free software: you can redistribute it and/or modify
7 | # it under the terms of the GNU Affero General Public License as
8 | # published by the Free Software Foundation, either version 3 of the
9 | # License, or (at your option) any later version.
10 | #
11 | # This program is distributed in the hope that it will be useful,
12 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
13 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 | # GNU Affero General Public License for more details.
15 | #
16 | # You should have received a copy of the GNU Affero General Public License
17 | # along with this program. If not, see .
18 |
19 | # RUN INSTALL SCRIPT WITH -a FOR NON-INTERACTIVE MODE.
20 |
21 | set -u
22 |
23 | # Globals
24 |
25 | YUNOHOST_LOG="/var/log/yunohost-installation_$(date +%Y%m%d_%H%M%S).log"
26 | readonly YUNOHOST_LOG
27 | export DEBIAN_FRONTEND=noninteractive
28 |
29 | ###############################################################################
30 | # Main functions #
31 | ###############################################################################
32 |
33 | function check_connection() {
34 | TIMEOUT=$1
35 |
36 | while [ "$TIMEOUT" -gt 0 ]; do
37 | ping -c 1 -W 2 yunohost.org > /dev/null 2>&1 && return 0
38 | sleep 1
39 | TIMEOUT=$((TIMEOUT - 1))
40 | done
41 |
42 | return 1
43 | }
44 |
45 | function usage() {
46 | cat << EOF
47 | Usage :
48 | $(basename "$0") [-a] [-d ] [-h]
49 |
50 | Options :
51 | -a Enable automatic mode. No questions are asked.
52 | This does not perform the post-install step.
53 | -d Choose the distribution to install ('stable', 'testing', 'unstable').
54 | Defaults to 'stable'
55 | -f Ignore checks before starting the installation. Use only if you know
56 | what you are doing.
57 | -h Prints this help and exit
58 | EOF
59 | }
60 |
61 | function parse_options()
62 | {
63 | AUTOMODE=false
64 | DISTRIB=stable
65 | BUILD_IMAGE=false
66 | FORCE=false
67 |
68 | while getopts ":aid:fh" option; do
69 | case $option in
70 | a)
71 | AUTOMODE=true
72 | export DEBIAN_FRONTEND=noninteractive
73 | ;;
74 | d)
75 | DISTRIB=$OPTARG
76 | ;;
77 | f)
78 | FORCE=true
79 | ;;
80 | i)
81 | # This hidden option will allow to build generic image for Rpi/Olimex
82 | BUILD_IMAGE=true
83 | ;;
84 | h)
85 | usage
86 | exit 0
87 | ;;
88 | :)
89 | usage
90 | exit 1
91 | ;;
92 | \?)
93 | usage
94 | exit 1
95 | ;;
96 | esac
97 | done
98 | }
99 |
100 | function main()
101 | {
102 | parse_options "$@"
103 | check_assertions || exit 1
104 | confirm_installation || exit 1
105 | upgrade_system || die "Failed to upgrade the system"
106 | boring_workarounds || die "Failed to run the boring workarounds"
107 | setup_package_source || die "Setting up deb package sources failed"
108 | install_yunohost_packages || die "Installation of YunoHost packages failed"
109 |
110 | # For some reason sometimes dbus is not properly started/enabled ...
111 | if [[ "$BUILD_IMAGE" == "false" ]] ; then
112 | systemctl is-active dbus >/dev/null || systemctl enable dbus --now
113 | fi
114 |
115 | if [[ "$BUILD_IMAGE" == "true" ]] ; then
116 | clean_image || die "Unable to clean image"
117 | fi
118 |
119 | if is_raspbian ; then
120 |
121 | # FIXME : add a proper conclusion + timer warning?
122 |
123 | # Reboot should be done before postinstall to be able to run iptables rules
124 | reboot
125 | fi
126 |
127 | conclusion
128 | exit 0
129 | }
130 |
131 | ###############################################################################
132 | # Helpers #
133 | ###############################################################################
134 |
135 | normal=$(printf '\033[0m')
136 | bold=$(printf '\033[1m')
137 | # faint=$(printf '\033[2m')
138 | # underline=$(printf '\033[4m')
139 | # negative=$(printf '\033[7m')
140 | red=$(printf '\033[31m')
141 | green=$(printf '\033[32m')
142 | orange=$(printf '\033[33m')
143 | blue=$(printf '\033[34m')
144 | # yellow=$(printf '\033[93m')
145 | # white=$(printf '\033[39m')
146 | resetline=$(printf '\r\033[K')
147 | readonly normal bold red green orange blue resetline
148 |
149 | # shellcheck disable=SC2317
150 | function success()
151 | {
152 | local msg=${1}
153 | echo "[${bold}${green} OK ${normal}] ${msg}" | tee -a "$YUNOHOST_LOG"
154 | }
155 |
156 | function info()
157 | {
158 | local msg=${1}
159 | echo "[${bold}${blue}INFO${normal}] ${msg}" | tee -a "$YUNOHOST_LOG"
160 | }
161 |
162 | # shellcheck disable=SC2317
163 | function warn()
164 | {
165 | local msg=${1}
166 | echo "[${bold}${orange}WARN${normal}] ${msg}" | tee -a "$YUNOHOST_LOG" >&2
167 | }
168 |
169 | function error()
170 | {
171 | local msg=${1}
172 | echo "[${bold}${red}FAIL${normal}] ${msg}" | tee -a "$YUNOHOST_LOG" >&2
173 | }
174 |
175 | function die() {
176 | error "$1"
177 | info "Installation logs are available in $YUNOHOST_LOG"
178 | exit 1
179 | }
180 |
181 | trap trapint 2
182 | # shellcheck disable=SC2317
183 | function trapint {
184 | echo ""
185 | die "Aborted"
186 | exit 0
187 | }
188 |
189 | function show_apt_progress {
190 |
191 | local percent="$1"
192 | local title="$2"
193 | local message="$3"
194 |
195 | local done=$((${percent%.*}*40/100))
196 | local todo=$((39 - done))
197 |
198 | local done_sub_bar todo_sub_bar
199 | done_sub_bar="$(printf "%${done}s")"
200 | todo_sub_bar="$(printf "%${todo}s")"
201 |
202 | echo -ne "$resetline $bold$blue$title$normal [${done_sub_bar// /=}>${todo_sub_bar}] ${percent:0:4}% ${message:0:40}"
203 | }
204 |
205 | function _apt_with_progress() {
206 | local wat percent message title
207 | apt-get "$@" -o 'APT::Status-Fd=3' 3>&1 >> "$YUNOHOST_LOG" 2>&1 \
208 | | while read -r line; do
209 | wat=$(echo "$line" | cut -d: -f1)
210 | percent=$(echo "$line" | cut -d: -f3)
211 | message=$(echo "$line" | cut -d: -f2)
212 | if [[ $wat == "dlstatus" ]]; then
213 | title="Downloading"
214 | else
215 | title="Installing"
216 | fi
217 | show_apt_progress "$percent" "$title" "$message";
218 | done
219 | }
220 |
221 | function _apt() {
222 | set -o pipefail
223 | cat << EOF >> "$YUNOHOST_LOG"
224 | ===================
225 | Running: apt-get $*
226 | ===================
227 | EOF
228 | if [[ "$AUTOMODE" == "true" ]]; then
229 | # Why we need pipefail : https://stackoverflow.com/a/6872163
230 | apt-get "$@" 2>&1 | tee -a "$YUNOHOST_LOG"
231 | ret="$?"
232 | else
233 | if _apt_with_progress "$@"; then
234 | ret=0
235 | printf "$resetline $bold${green}Done$normal"
236 | else
237 | ret=1
238 | printf "$resetline $bold${red}'apt-get $*' failed.$normal Please check $YUNOHOST_LOG for debugging\n\n";
239 | fi
240 | fi
241 | set +o pipefail
242 | return "$ret"
243 | }
244 |
245 | function apt_update() {
246 | _apt update --allow-releaseinfo-change
247 | }
248 |
249 | function apt_install() {
250 | _apt install --assume-yes -o Dpkg::Options::="--force-confold" "$@"
251 | }
252 |
253 | ###############################################################################
254 | # Installation steps #
255 | ###############################################################################
256 |
257 | function check_assertions()
258 | {
259 | # Assert we're on Debian
260 | # Note : we do not rely on lsb_release to avoid installing a dependency
261 | # only to check this...
262 | if [[ ! -f "/etc/debian_version" ]]; then
263 | error "This script can only be ran on Debian 12 (Bookworm)."
264 | return 1
265 | fi
266 |
267 | # Assert we're on Bookworm
268 | # Note : we do not rely on lsb_release to avoid installing a dependency
269 | # only to check this...
270 | # TODO: remove the line with "bookworm/sid"
271 | debian_version=$(cat /etc/debian_version)
272 | if ! [[ "$debian_version" =~ ^12.* ]] && ! [[ "$debian_version" =~ "bookworm/sid" ]]; then
273 | error "YunoHost is only available for the version 12 (Bookworm) of Debian, you are using '$(cat /etc/debian_version)'."
274 | return 1
275 | fi
276 | # Forbid people from installing on Ubuntu or Linux mint ...
277 | if [[ -f "/etc/lsb-release" ]];
278 | then
279 | if grep -q -i "Ubuntu\|Mint" /etc/lsb-release
280 | then
281 | error "Please don't try to install YunoHost on an Ubuntu or Linux Mint system ... You need a 'raw' Debian 12 (Bookworm)."
282 | return 1
283 | fi
284 | fi
285 |
286 | # Assert we're root
287 | if [[ "$(id -u)" != "0" ]]; then
288 | error "This script must be run as root. On most setups, the command 'sudo -i' can be run first to become root."
289 | return 1
290 | fi
291 |
292 | # Assert Internet is reachable
293 | if ! check_connection 30; then
294 | die "You need internet to use this script! yunohost.org did not respond to ping after more than 30s."
295 | fi
296 |
297 | # Assert curl is setup
298 | if ! command -v curl >/dev/null 2>&1 && ! apt_install curl; then
299 | error "YunoHost installer requires curl to be installed, but it failed to install it."
300 | return 1
301 | fi
302 |
303 | # Check PATH var
304 | if [[ "$PATH" != *"/sbin"* ]]; then
305 | error "Your environment PATH variable must contains /sbin directory. Maybe try running 'PATH=/sbin:\$PATH' to fix this."
306 | return 1
307 | fi
308 |
309 | # Assert systemd is installed
310 | if ! command -v systemctl > /dev/null; then
311 | error "YunoHost requires systemd to be installed."
312 | return 1
313 | fi
314 |
315 | # Check that kernel is >= 3.12, otherwise systemd won't work properly. Cf. https://github.com/systemd/systemd/issues/5236#issuecomment-277779394
316 | if dpkg --compare-versions "$(uname -r)" "lt" "3.12"; then
317 | error "YunoHost requires a kernel >= 3.12. Please consult your hardware documentation or VPS provider to learn how to upgrade your kernel."
318 | return 1
319 | fi
320 |
321 | # Check we aren't running in docker or other weird containers that we can't probably install on
322 | if systemd-detect-virt | grep -q -w "docker\|container-other" && [[ "$FORCE" != "true" ]]; then
323 | error "It seems like you are trying to install YunoHost in docker or a weird container technology which probably is not supported by this install script (or YunoHost as a whole). If you know what you are doing, you can run this script with -f."
324 | return 1
325 | fi
326 | # Check possible conflict with apache, bind9.
327 | if dpkg --get-selections | grep -v deinstall | grep -q 'bind9\s' && [[ "$FORCE" != "true" ]]; then
328 | error "Bind9 is installed on your system. YunoHost conflicts with Bind9 because it requires dnsmasq. To be able to run this script, you should first run 'apt remove bind9 --purge --autoremove'."
329 | return 1
330 | fi
331 | if dpkg --get-selections | grep -v deinstall | grep -q 'apache2\s' && [[ "$FORCE" != "true" ]]; then
332 | error "Apache is installed on your system. YunoHost conflicts with apache2 because it requires nginx. To be able to run this script, you should first run 'apt remove apache2 --purge --autoremove'."
333 | return 1
334 | fi
335 |
336 | }
337 |
338 | function confirm_installation() {
339 |
340 | [[ "$AUTOMODE" == "true" ]] && return 0
341 |
342 | cat << EOF | tee -a "$YUNOHOST_LOG"
343 | $bold
344 | ╭───────────────────────╮
345 | │ YunoHost Installation │
346 | ╰───────────────────────╯
347 | $normal
348 | • Installing YunoHost requires to install various important services,
349 | and possibly rework the configuration of some services that may already
350 | be installed (such as: nginx, postfix, dovecot, fail2ban, slapd)
351 |
352 | EOF
353 |
354 | read -r -p " Are you sure you want to proceed (y/n) ? " choice < /dev/tty
355 | choice="$(echo "$choice" | tr '[:upper:]' '[:lower:]')"
356 | [[ "$choice" == "yes" ]] || [[ "$choice" == "y" ]] || { error "Aborting"; return 1; }
357 |
358 | if [[ "$DISTRIB" == "unstable" ]]
359 | then
360 | cat << EOF | tee -a "$YUNOHOST_LOG"
361 |
362 | • You are installing the unstable/alpha version of YunoHost 12/Bookworm.
363 |
364 | You should be warned that THIS IS ALPHA-STAGE DEVELOPMENT.
365 | WE ABSOLUTELY DISCOURAGE ANY USE OF THIS VERSION
366 | IN A PRODUCTION CONTEXT, THIS IS ONLY MEANT FOR *TESTING*.
367 |
368 | THINGS **WILL** BREAK.
369 |
370 | EOF
371 | read -r -p " Type 'Yes, I understand' if you understand: " choice < /dev/tty
372 | [[ "$choice" == "Yes, I understand" ]] || { error "Aborting"; return 1; }
373 | fi
374 |
375 | # SSH config warning
376 | if [[ -f /etc/ssh/sshd_config ]]
377 | then
378 |
379 | # If root login is currently enabled
380 | local root_login_warning=""
381 | if ! grep -E "^[[:blank:]]*PermitRootLogin[[:blank:]]+no" /etc/ssh/sshd_config ; then
382 | root_login_warning=" • SSH login using root will be disabled (except from local network).\n"
383 | root_login_warning+=" Instead, you should login using the first YunoHost user."
384 |
385 | fi
386 |
387 | # If current conf uses a custom ssh port
388 | local ssh_port_warning=""
389 | if grep -Ev "^[[:blank:]]*Port[[:blank:]]+22[[:blank:]]*(#.*)?$" /etc/ssh/sshd_config | grep -E "^[[:blank:]]*Port[[:blank:]]+[[:digit:]]+$" ; then
390 | ssh_port_warning=" • You will have to connect using port 22 instead of your custom SSH port,\n"
391 | ssh_port_warning+=" though you can reconfigure this from YunoHost after the postinstall."
392 | fi
393 |
394 | if [[ -n "$root_login_warning" ]] || [[ -n "$ssh_port_warning" ]]
395 | then
396 | cat << EOF | tee -a "$YUNOHOST_LOG"
397 |
398 | • Additionally, it is encouraged to let YunoHost manage the SSH configuration.
399 | However, you should be aware that:
400 | $(test -n "$root_login_warning" && echo -e "$root_login_warning")
401 | $(test -n "$ssh_port_warning" && echo -e "$ssh_port_warning")
402 | (Note that this will only be effective *after* you run YunoHost's postinstall)
403 |
404 | EOF
405 | read -r -p " Should YunoHost override the SSH configuration (y/n) ? " choice < /dev/tty
406 | choice="$(echo "$choice" | tr '[:upper:]' '[:lower:]')"
407 | if [[ "$choice" != "yes" ]] && [[ "$choice" != "y" ]]
408 | then
409 | # Keep a copy to be restored during the postinstall
410 | # so that the ssh confs behaves as manually modified.
411 | cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_yunohost
412 | fi
413 | fi
414 | fi
415 |
416 | cat << EOF | tee -a "$YUNOHOST_LOG"
417 |
418 | 🚀 ${bold}Let's go !$normal
419 |
420 | 📜 Detailed logs will be available in $YUNOHOST_LOG
421 | EOF
422 |
423 | return 0
424 | }
425 |
426 | function upgrade_system() {
427 |
428 | echo "" | tee -a "$YUNOHOST_LOG"
429 | echo "$bold 1/5 • Running system upgrades$normal" | tee -a "$YUNOHOST_LOG"
430 | echo "" | tee -a "$YUNOHOST_LOG"
431 |
432 | apt_update || return 1
433 |
434 | # We need libtext-iconv-perl even before the dist-upgrade,
435 | # otherwise the dist-upgrade might fails on some setups because
436 | # perl is yolomacnuggets :|
437 | # Stuff like "Can't locate object method "new" via package "Text::Iconv""
438 | apt_install libtext-iconv-perl || return 1
439 |
440 | # Manually upgrade grub stuff in non-interactive mode,
441 | # otherwise a weird technical question is asked to the user
442 | # regarding how to upgrade grub's configuration...
443 | apt_install --only-upgrade grub-common grub2-common || true
444 |
445 | _apt dist-upgrade -y -o Dpkg::Options::="--force-confold" || return 1
446 |
447 | if is_raspbian ; then
448 | apt_install rpi-update || return 1
449 |
450 | if [[ "$BUILD_IMAGE" == "false" ]] ; then
451 | (rpi-update 2>&1 | tee -a "$YUNOHOST_LOG") || return 1
452 | fi
453 | fi
454 | }
455 |
456 | function boring_workarounds() {
457 |
458 | echo "" | tee -a "$YUNOHOST_LOG"
459 | echo "" | tee -a "$YUNOHOST_LOG"
460 | echo "$bold 2/5 • Install dependencies needed before the main install$normal" | tee -a "$YUNOHOST_LOG"
461 | echo "" | tee -a "$YUNOHOST_LOG"
462 |
463 | # ###################################################################### #
464 | # Dependencies that must be installed prior to the rest, for reasons ... #
465 | # (for example https://github.com/YunoHost/issues/issues/1382) #
466 | # ###################################################################### #
467 |
468 | apt_install --no-install-recommends lsb-release dialog curl gnupg apt-transport-https adduser debconf debhelper dh-autoreconf locales
469 |
470 | echo "" | tee -a "$YUNOHOST_LOG"
471 | echo "" | tee -a "$YUNOHOST_LOG"
472 | echo "$bold 3/5 • Apply various tweaks to prepare installation$normal" | tee -a "$YUNOHOST_LOG"
473 | echo "" | tee -a "$YUNOHOST_LOG"
474 |
475 | # #################################### #
476 | # Attempt to fix the usual locale mess #
477 | # #################################### #
478 |
479 | # This function tries to fix the whole locale and perl mess about missing locale files
480 |
481 | # Generate at least en_US.UTF-8
482 | grep -q "^ *en_US.UTF-8" /etc/locale.gen || echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
483 |
484 | # FIXME: here some day we should try to identify the user's lang from LANG or LC_ALL and generate the appropriate locale ...
485 | # (and set this lang as the default in /etc/env 3 lines below)
486 |
487 | locale-gen >/dev/null
488 |
489 | # If no /etc/environment exists, default to en_US.UTF-8
490 | grep -q LC_ALL /etc/environment || echo 'LC_ALL="en_US.UTF-8"' >> /etc/environment
491 | source /etc/environment
492 | export LC_ALL
493 |
494 | # ######################## #
495 | # Workarounds for fail2ban #
496 | # ######################## #
497 |
498 | # We need to create auth.log in case it does not exists, because in some situation,
499 | # this file does not exists, fail2ban will miserably fail to start because
500 | # the default fail2ban jail include the sshd jail ... >.>
501 | touch /var/log/auth.log
502 |
503 | # ######################## #
504 | # Workarounds for avahi #
505 | # ######################## #
506 |
507 | # When attempting several installation of YunoHost on the same host
508 | # with a light VM system like LXC
509 | # we hit a bug with avahi-daemon postinstallation
510 | # This is described in detail in https://github.com/lxc/lxc/issues/25
511 | #
512 | # It makes the configure step of avahi-daemon fail, because the service does
513 | # start correctly. Then all other packages depending on avahi-daemon refuse to
514 | # configure themselves.
515 | #
516 | # The workaround we use is to generate a random uid for the avahi user, and
517 | # create the user with this id beforehand, so that the avahi-daemon postinst
518 | # script does not do it on its own. Our randomized uid has far less chances to
519 | # be already in use in another system than the automated one (which tries to use
520 | # consecutive uids).
521 |
522 | # Return without error if avahi already exists
523 | if ! id avahi > /dev/null 2>&1;
524 | then
525 | # Get a random unused uid between 500 and 999 (system-user)
526 | local avahi_id=$((500 + RANDOM % 500))
527 | while cut -d ':' -f 3 /etc/passwd | grep -q $avahi_id ;
528 | do
529 | avahi_id=$((500 + RANDOM % 500))
530 | done
531 |
532 | #info "Workaround for avahi : creating avahi user with uid $avahi_id"
533 |
534 | # Use the same adduser parameter as in the avahi-daemon postinst script
535 | # Just specify --uid explicitely
536 | adduser --disabled-password --quiet --system \
537 | --home /var/run/avahi-daemon --no-create-home \
538 | --gecos "Avahi mDNS daemon" --group avahi \
539 | --uid $avahi_id
540 | fi
541 |
542 | # ########## #
543 | # Resolvconf #
544 | # ########## #
545 |
546 | # On some machines (e.g. OVH VPS), the /etc/resolv.conf is immutable
547 | # We need to make it mutable for the resolvconf dependency to be installed
548 | chattr -i /etc/resolv.conf 2>/dev/null || true
549 |
550 | # Done
551 | printf "$resetline $bold${green}Done$normal"
552 | }
553 |
554 | function setup_package_source() {
555 |
556 | echo "" | tee -a "$YUNOHOST_LOG"
557 | echo "" | tee -a "$YUNOHOST_LOG"
558 | echo "$bold 4/5 • Adding YunoHost repository to apt$normal" | tee -a "$YUNOHOST_LOG"
559 | echo "" | tee -a "$YUNOHOST_LOG"
560 |
561 | local CUSTOMAPT=/etc/apt/sources.list.d/yunohost.list
562 |
563 | # Debian repository
564 |
565 | local CUSTOMDEB="deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] http://forge.yunohost.org/debian/ bookworm stable"
566 |
567 | if [[ "$DISTRIB" == "stable" ]] ; then
568 | echo "$CUSTOMDEB" > $CUSTOMAPT
569 | elif [[ "$DISTRIB" == "testing" ]] ; then
570 | echo "$CUSTOMDEB testing" > $CUSTOMAPT
571 | elif [[ "$DISTRIB" == "unstable" ]] ; then
572 | echo "$CUSTOMDEB testing unstable" > $CUSTOMAPT
573 | fi
574 |
575 | # Add YunoHost repository key to the keyring
576 | curl --fail --silent https://forge.yunohost.org/yunohost_bookworm.asc | gpg --dearmor > /usr/share/keyrings/yunohost-bookworm.gpg
577 | apt_update
578 | }
579 |
580 | function install_yunohost_packages() {
581 |
582 | echo "" | tee -a "$YUNOHOST_LOG"
583 | echo "" | tee -a "$YUNOHOST_LOG"
584 | echo "$bold 5/5 • Installing YunoHost$normal" | tee -a "$YUNOHOST_LOG"
585 | echo "" | tee -a "$YUNOHOST_LOG"
586 |
587 | debconf-set-selections << EOF
588 | slapd slapd/password1 password yunohost
589 | slapd slapd/password2 password yunohost
590 | slapd slapd/domain string yunohost.org
591 | slapd shared/organization string yunohost.org
592 | slapd slapd/allow_ldap_v2 boolean false
593 | slapd slapd/invalid_config boolean true
594 | slapd slapd/backend select MDB
595 | postfix postfix/main_mailer_type select Internet Site
596 | postfix postfix/mailname string /etc/mailname
597 | nslcd nslcd/ldap-bindpw password
598 | nslcd nslcd/ldap-starttls boolean false
599 | nslcd nslcd/ldap-reqcert select
600 | nslcd nslcd/ldap-uris string ldap://localhost/
601 | nslcd nslcd/ldap-binddn string
602 | nslcd nslcd/ldap-base string dc=yunohost,dc=org
603 | libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow
604 | postsrsd postsrsd/domain string yunohost.org
605 | EOF
606 |
607 | # Allow sudo removal even if no root password has been set (on some DO
608 | # droplet or Vagrant virtual machines), as YunoHost use sudo-ldap
609 | export SUDO_FORCE_REMOVE=yes
610 |
611 | # Install YunoHost
612 | # FIXME : do we still want to install recommends ?
613 | apt_install \
614 | -o APT::install-recommends=true \
615 | yunohost yunohost-admin postfix \
616 | || return 1
617 |
618 | }
619 |
620 | function conclusion() {
621 | # Get first local IP and global IP
622 | local local_ip
623 | local_ip=$(hostname --all-ip-address | tr ' ' '\n' | grep -v ":" | head -n1)
624 | local global_ip
625 | global_ip=$(curl https://ip.yunohost.org 2>/dev/null)
626 | local no_ip=""
627 |
628 | # Will ignore local ip if it's already the global IP (e.g. for some VPS)
629 | [[ "$local_ip" != "$global_ip" ]] || local_ip=""
630 |
631 | # Formatting
632 | local width=79
633 | [[ -z "$local_ip" ]] || {
634 | local_ip=$(echo -e "\n │ - https://$local_ip/ (local IP, if self-hosting at home)")
635 | local nb_spaces=$(( width - ${#local_ip} ))
636 | local_ip+="$(printf "%${nb_spaces}s")│"
637 | }
638 | [[ -z "$global_ip" ]] || {
639 | global_ip=$(echo -e "\n │ - https://$global_ip/ (global IP, if you're on a VPS)")
640 | local nb_spaces=$(( width - ${#global_ip} ))
641 | global_ip+="$(printf "%${nb_spaces}s")│"
642 | }
643 | [[ -n "$local_ip" ]] || [[ -n "$global_ip" ]] || {
644 | no_ip=$(echo -e "\n │ - (no local nor global IP detected ?)")
645 | local nb_spaces=$(( width - ${#no_ip} ))
646 | no_ip+="$(printf "%${nb_spaces}s")│"
647 | }
648 |
649 | cat << EOF | tee -a "$YUNOHOST_LOG"
650 |
651 |
652 | 🎉 ${bold}YunoHost installation completed!$normal
653 |
654 | ╭───────────────────────────────────────────────────────────────────────────╮
655 | │ You should now proceed with YunoHost post-installation. │
656 | │ This is where you will be asked for: │
657 | │ • the main domain of your server; │
658 | │ • the administration password; │
659 | │ • the name and password of the first user, which will also be admin. │
660 | │ │
661 | │ You can perform this step, either: │
662 | │ • from the command line, by running 'yunohost tools postinstall' as root │
663 | │ • or from your web browser, by accessing: │${local_ip}${global_ip}${no_ip}
664 | │ │
665 | │ If this is your first time with YunoHost, it is strongly recommended to │
666 | │ take time to read the administator documentation and in particular the │
667 | │ sections 'Finalizing your setup' and 'Getting to know YunoHost'. │
668 | │ │
669 | │ It is available at the following URL: https://yunohost.org/admindoc │
670 | ╰───────────────────────────────────────────────────────────────────────────╯
671 |
672 |
673 | EOF
674 | }
675 |
676 | ###############################################################################
677 | # Raspbian specific stuff #
678 | ###############################################################################
679 |
680 | function is_raspbian() {
681 | # On Raspbian image lsb_release is available
682 | if [[ "$(lsb_release -i -s 2> /dev/null)" != "Raspbian" ]] ;
683 | then
684 | return 1
685 | fi
686 | return 0
687 | }
688 |
689 | ###############################################################################
690 | # Image building specific stuff #
691 | ###############################################################################
692 |
693 | function clean_image() {
694 | {
695 | # Delete SSH keys
696 | rm -f /etc/ssh/ssh_host_*
697 | yes | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
698 | yes | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
699 | yes | ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521
700 |
701 | # Deleting logs ...
702 | find /var/log -type f -exec rm {} \;
703 |
704 | # Purging apt ...
705 | apt-get clean
706 | } >> "$YUNOHOST_LOG" 2>&1
707 | }
708 |
709 |
710 | ###############################################################################
711 |
712 | main "$@"
713 |
--------------------------------------------------------------------------------
/bullseye:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | # Copyright (C) 2015-2023 YunoHost
4 | #
5 | # This program is free software: you can redistribute it and/or modify
6 | # it under the terms of the GNU Affero General Public License as
7 | # published by the Free Software Foundation, either version 3 of the
8 | # License, or (at your option) any later version.
9 | #
10 | # This program is distributed in the hope that it will be useful,
11 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
12 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 | # GNU Affero General Public License for more details.
14 | #
15 | # You should have received a copy of the GNU Affero General Public License
16 | # along with this program. If not, see .
17 |
18 | # RUN INSTALL SCRIPT WITH -a FOR NON-INTERACTIVE MODE.
19 |
20 | set -u
21 |
22 | # Globals
23 |
24 | readonly YUNOHOST_LOG="/var/log/yunohost-installation_$(date +%Y%m%d_%H%M%S).log"
25 |
26 | # Custom colors for whiptail
27 | export NEWT_COLORS='
28 | root=white,black
29 | roottext=white,black
30 | window=white,black
31 | border=white,black
32 | title=white,black
33 | textbox=white,black
34 | button=black,white
35 | compactbutton=white,black
36 | '
37 |
38 | ###############################################################################
39 | # Main functions #
40 | ###############################################################################
41 |
42 | function check_connection() {
43 | TIMEOUT=$1
44 |
45 | while [ $TIMEOUT -gt 0 ]; do
46 | ping -c 1 -W 2 yunohost.org 2>&1 >/dev/null && return 0
47 | sleep 1
48 | TIMEOUT=$((TIMEOUT-1))
49 | done
50 |
51 | return 1
52 | }
53 |
54 | function usage() {
55 | echo "
56 | Usage :
57 | `basename $0` [-a] [-d ] [-h]
58 |
59 | Options :
60 | -a Enable automatic mode. No questions are asked.
61 | This does not perform the post-install step.
62 | -d Choose the distribution to install ('stable', 'testing', 'unstable').
63 | Defaults to 'stable'
64 | -f Ignore checks before starting the installation. Use only if you know
65 | what you are doing.
66 | -h Prints this help and exit
67 | "
68 | }
69 |
70 | function parse_options()
71 | {
72 | AUTOMODE=0
73 | DISTRIB=stable
74 | BUILD_IMAGE=0
75 | FORCE=0
76 |
77 | while getopts ":aid:fh" option; do
78 | case $option in
79 | a)
80 | AUTOMODE=1
81 | export DEBIAN_FRONTEND=noninteractive
82 | ;;
83 | d)
84 | DISTRIB=$OPTARG
85 | ;;
86 | f)
87 | FORCE=1
88 | ;;
89 | i)
90 | # This hidden option will allow to build generic image for Rpi/Olimex
91 | BUILD_IMAGE=1
92 | ;;
93 | h)
94 | usage
95 | exit 0
96 | ;;
97 | :)
98 | usage
99 | exit 1
100 | ;;
101 | \?)
102 | usage
103 | exit 1
104 | ;;
105 | esac
106 | done
107 | }
108 |
109 | function main()
110 | {
111 | parse_options "$@"
112 |
113 | check_assertions
114 |
115 | step upgrade_system || die "Unable to update the system"
116 | step install_script_dependencies || die "Unable to install dependencies to install script"
117 | step create_custom_config || die "Creating custom configuration file /etc/yunohost/yunohost.conf failed"
118 | step confirm_installation || die "Installation cancelled at your request"
119 | step manage_sshd_config || die "Error caught during sshd management"
120 | step fix_locales # do not die for a failure here, it's minor
121 | step setup_package_source || die "Setting up deb package sources failed"
122 | step apt_update || die "Error caught during 'apt-get update'"
123 | step register_debconf || die "Unable to insert new values into debconf database"
124 | step workarounds_because_sysadmin_sucks || die "Unable to run stupid workarounds"
125 | step install_yunohost_packages || die "Installation of Yunohost packages failed"
126 |
127 | if [[ "$BUILD_IMAGE" == "0" ]] ; then
128 | step restart_services || die "Error caught during services restart"
129 | fi
130 |
131 | if is_raspbian ; then
132 | step del_user_pi || die "Unable to delete user pi"
133 | fi
134 |
135 | if [[ "$BUILD_IMAGE" == "1" ]] ; then
136 | step clean_image || die "Unable to clean image"
137 | fi
138 |
139 | if is_raspbian ; then
140 | # Reboot should be done before postinstall to be able to run iptables rules
141 | reboot
142 | fi
143 |
144 | info "Installation logs are available in $YUNOHOST_LOG"
145 | success "YunoHost installation completed !"
146 | conclusion
147 | exit 0
148 | }
149 |
150 | ###############################################################################
151 | # Helpers #
152 | ###############################################################################
153 |
154 | readonly normal=$(printf '\033[0m')
155 | readonly bold=$(printf '\033[1m')
156 | readonly faint=$(printf '\033[2m')
157 | readonly underline=$(printf '\033[4m')
158 | readonly negative=$(printf '\033[7m')
159 | readonly red=$(printf '\033[31m')
160 | readonly green=$(printf '\033[32m')
161 | readonly orange=$(printf '\033[33m')
162 | readonly blue=$(printf '\033[34m')
163 | readonly yellow=$(printf '\033[93m')
164 | readonly white=$(printf '\033[39m')
165 |
166 | function success()
167 | {
168 | local msg=${1}
169 | echo "[${bold}${green} OK ${normal}] ${msg}" | tee -a $YUNOHOST_LOG
170 | }
171 |
172 | function info()
173 | {
174 | local msg=${1}
175 | echo "[${bold}${blue}INFO${normal}] ${msg}" | tee -a $YUNOHOST_LOG
176 | }
177 |
178 | function warn()
179 | {
180 | local msg=${1}
181 | echo "[${bold}${orange}WARN${normal}] ${msg}" | tee -a $YUNOHOST_LOG >&2
182 | }
183 |
184 | function error()
185 | {
186 | local msg=${1}
187 | echo "[${bold}${red}FAIL${normal}] ${msg}" | tee -a $YUNOHOST_LOG >&2
188 | }
189 |
190 | function die() {
191 | error "$1"
192 | info "Installation logs are available in $YUNOHOST_LOG"
193 | exit 1
194 | }
195 |
196 | function step() {
197 | info "Running $1"
198 | $*
199 | local return_code="$?"
200 | return $return_code
201 | }
202 |
203 | function apt_get_wrapper() {
204 | if [[ "$AUTOMODE" == "0" ]] ;
205 | then
206 | debconf-apt-progress \
207 | --logfile $YUNOHOST_LOG \
208 | -- \
209 | apt-get $*
210 | else
211 | # Why we need pipefail : https://stackoverflow.com/a/6872163
212 | set -o pipefail
213 | apt-get $* 2>&1 | tee -a $YUNOHOST_LOG || return 1
214 | set +o pipefail
215 | fi
216 | }
217 |
218 |
219 | function apt_update() {
220 | apt_get_wrapper update --allow-releaseinfo-change
221 | }
222 |
223 | ###############################################################################
224 | # Installation steps #
225 | ###############################################################################
226 |
227 | function check_assertions()
228 | {
229 | # Assert we're on Debian
230 | # Note : we do not rely on lsb_release to avoid installing a dependency
231 | # only to check this...
232 | [[ -f "/etc/debian_version" ]] || die "This script can only be ran on Debian 11 (Bullseye)."
233 |
234 | # Assert we're on Bullseye
235 | # Note : we do not rely on lsb_release to avoid installing a dependency
236 | # only to check this...
237 | # TODO: remove the line with "bullseye/sid"
238 | [[ "$(cat /etc/debian_version)" =~ ^11.* ]] \
239 | || [[ "$(cat /etc/debian_version)" =~ "bullseye/sid" ]] \
240 | || die "YunoHost is only available for the version 11 (Bullseye) of Debian, you are using '$(cat /etc/debian_version)'."
241 |
242 | # Forbid people from installing on Ubuntu or Linux mint ...
243 | if [[ -f "/etc/lsb-release" ]];
244 | then
245 | if cat /etc/lsb-release | grep -q -i "Ubuntu\|Mint"
246 | then
247 | die "Please don't try to install YunoHost on an Ubuntu or Linux Mint system ... You need a 'raw' Debian 11 (Bullseye)."
248 | fi
249 | fi
250 |
251 | # Assert we're root
252 | [[ "$(id -u)" == "0" ]] || die "This script must be run as root. On most setups, the command 'sudo -i' can be run first to become root."
253 |
254 | # Assert Internet is reachable
255 | if ! check_connection 30; then
256 | die "You need internet to use this script! yunohost.org did not respond to ping after more than 30s."
257 | fi
258 |
259 | # Assert curl is setup
260 | if ! command -v curl 2>&1 >/dev/null; then
261 | apt_get_wrapper --yes install curl
262 | fi
263 |
264 | # Check PATH var
265 | [[ "$PATH" == *"/sbin"* ]] || die "Your environment PATH variable must contains /sbin directory. Maybe try running 'PATH=/sbin:\$PATH' to fix this."
266 |
267 | # Assert systemd is installed
268 | command -v systemctl > /dev/null || die "YunoHost requires systemd to be installed."
269 |
270 | # Check that kernel is >= 3.12, otherwise systemd won't work properly. Cf. https://github.com/systemd/systemd/issues/5236#issuecomment-277779394
271 | dpkg --compare-versions "$(uname -r)" "ge" "3.12" || die "YunoHost requires a kernel >= 3.12. Please consult your hardware documentation or VPS provider to learn how to upgrade your kernel."
272 |
273 | # If we're on Raspbian, we want the user 'pi' to be logged out because
274 | # it's going to be deleted for security reasons...
275 | if is_raspbian ; then
276 | user_pi_logged_out || die "The user pi should be logged out."
277 | fi
278 |
279 | # Check we aren't running in docker or other weird containers that we can't probably install on
280 | systemd-detect-virt | grep -v -q -w "docker\|container-other" || [[ "$FORCE" == "1" ]] \
281 | || die "It seems like you are trying to install YunoHost in docker or a weird container technology which probably is not supported by this install script (or YunoHost as a whole). If you know what you are doing, you can run this script with -f."
282 |
283 | # Check possible conflict with apache, bind9.
284 | [[ -z "$(dpkg --get-selections | grep -v deinstall | grep 'bind9\s')" ]] || [[ "$FORCE" == "1" ]] \
285 | || die "Bind9 is installed on your system. Yunohost conflicts with Bind9 because it requires dnsmasq. To be able to run this script, you should first run 'apt remove bind9 --purge --autoremove'."
286 |
287 | [[ -z "$(dpkg --get-selections | grep -v deinstall | grep 'apache2\s')" ]] || [[ "$FORCE" == "1" ]] \
288 | || die "Apache is installed on your system. Yunohost conflicts with apache2 because it requires nginx. To be able to run this script, you should first run 'apt remove apache2 --purge --autoremove'."
289 |
290 | }
291 |
292 | function upgrade_system() {
293 |
294 | # Some VPS don't have debconf install, therefore don't have debconf-apt-progress...
295 | # c.f. https://github.com/YunoHost/issues/issues/1828
296 | dpkg --list | grep -q '^ii debconf ' || { apt update --allow-releaseinfo-change; apt install debconf; }
297 |
298 | apt_get_wrapper update --allow-releaseinfo-change \
299 | || return 1
300 |
301 | # We need libtext-iconv-perl even before the dist-upgrade,
302 | # otherwise the dist-upgrade might fails on some setups because
303 | # perl is yolomacnuggets :|
304 | # Stuff like "Can't locate object method "new" via package "Text::Iconv""
305 | apt_get_wrapper -o Dpkg::Options::="--force-confold" \
306 | -y install \
307 | libtext-iconv-perl \
308 | || return 1
309 |
310 | # Manually upgrade grub stuff in non-interactive mode,
311 | # otherwise a weird technical question is asked to the user
312 | # regarding how to upgrade grub's configuration...
313 | DEBIAN_FRONTEND=noninteractive \
314 | apt_get_wrapper -o Dpkg::Options::="--force-confold" \
315 | -y install --only-upgrade \
316 | grub-common grub2-common \
317 | || true
318 |
319 | apt_get_wrapper -o Dpkg::Options::="--force-confold" \
320 | -y dist-upgrade \
321 | || return 2
322 |
323 | if is_raspbian ; then
324 | apt_get_wrapper -o Dpkg::Options::="--force-confold" \
325 | -y install rpi-update \
326 | || return 3
327 |
328 | if [[ "$BUILD_IMAGE" != "1" ]] ; then
329 | (rpi-update 2>&1 | tee -a $YUNOHOST_LOG) \
330 | || return 4
331 | fi
332 | fi
333 | }
334 |
335 | function install_script_dependencies() {
336 | # dependencies of the install script itself
337 | local DEPENDENCIES="lsb-release whiptail gnupg apt-transport-https adduser"
338 |
339 | if [[ "$AUTOMODE" == "0" ]] ;
340 | then
341 | DEPENDENCIES+=" dialog"
342 | fi
343 |
344 | apt_update
345 | apt_get_wrapper -o Dpkg::Options::="--force-confold" \
346 | -y install \
347 | $DEPENDENCIES \
348 | || return 1
349 | }
350 |
351 | function create_custom_config() {
352 | # Create YunoHost configuration folder
353 | mkdir -p /etc/yunohost/
354 | }
355 |
356 | function confirm_installation() {
357 | [[ "$AUTOMODE" == "1" ]] && return 0
358 |
359 | local text="
360 | Caution !
361 |
362 | Your configuration files for :
363 | - postfix
364 | - dovecot
365 | - mysql
366 | - nginx
367 | - metronome
368 | will be overwritten !
369 |
370 | Are you sure you want to proceed with the installation of Yunohost?
371 | "
372 | whiptail --title "Yunohost Installation" --yesno "$text" 20 78
373 | }
374 |
375 | function manage_sshd_config() {
376 | # In auto mode we erase the current sshd config
377 | [[ "$AUTOMODE" == "1" ]] && return 0
378 |
379 | [[ ! -f /etc/ssh/sshd_config ]] && return 0
380 |
381 | local sshd_config_possible_issues="0"
382 | local text="To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration.
383 | Your current SSH configuration differs from the recommended configuration.
384 | If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:"
385 |
386 | # If root login is currently enabled
387 | if ! grep -E "^[[:blank:]]*PermitRootLogin[[:blank:]]+no" /etc/ssh/sshd_config ; then
388 | sshd_config_possible_issues="1"
389 | text="$text\n- you will not be able to connect as root through SSH. Instead you should use the admin user ;
390 | "
391 | fi
392 |
393 | # If current conf uses a custom ssh port
394 | if grep -Ev "^[[:blank:]]*Port[[:blank:]]+22[[:blank:]]*(#.*)?$" /etc/ssh/sshd_config | grep -E "^[[:blank:]]*Port[[:blank:]]+[[:digit:]]+$" ; then
395 | sshd_config_possible_issues="1"
396 | text="$text\n- you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it after the postinstallation.
397 | "
398 | fi
399 |
400 | # If we are using DSA key for ssh server fingerprint
401 | if grep -E "^[[:blank:]]*HostKey[[:blank:]]+/etc/ssh/ssh_host_dsa_key" /etc/ssh/sshd_config ; then
402 | sshd_config_possible_issues="1"
403 | text="$text\n- the DSA key will be disabled. Hence, you might later need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ;
404 | "
405 |
406 | fi
407 |
408 | text="${text}
409 | Do you agree to let YunoHost apply those changes to your configuration and therefore affect the way you connect through SSH ?
410 | "
411 |
412 | # If no possible issue found, we just assume it's okay and will take over the SSH conf during postinstall
413 | [[ "$sshd_config_possible_issues" == "0" ]] && return 0
414 |
415 | # Otherwise, we ask the user to confirm
416 | if ! whiptail --title "SSH Configuration" --yesno "$text" 20 78 --defaultno ; then
417 |
418 | # Keep a copy to be restored during the postinstall
419 | # so that the ssh confs behaves as manually modified.
420 | cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_yunohost
421 | fi
422 |
423 | return 0
424 | }
425 |
426 | function setup_package_source() {
427 |
428 | local CUSTOMAPT=/etc/apt/sources.list.d/yunohost.list
429 |
430 | # Debian repository
431 |
432 | local CUSTOMDEB="deb [signed-by=/usr/share/keyrings/yunohost-archive-keyring.gpg] http://forge.yunohost.org/debian/ bullseye stable"
433 |
434 | if [[ "$DISTRIB" == "stable" ]] ; then
435 | echo "$CUSTOMDEB" > $CUSTOMAPT
436 | elif [[ "$DISTRIB" == "testing" ]] ; then
437 | echo "$CUSTOMDEB testing" > $CUSTOMAPT
438 | elif [[ "$DISTRIB" == "unstable" ]] ; then
439 | echo "$CUSTOMDEB testing unstable" > $CUSTOMAPT
440 | fi
441 |
442 | # Add YunoHost repository key to the keyring
443 | curl --fail --silent https://forge.yunohost.org/yunohost_bullseye.asc | gpg --dearmor > /usr/share/keyrings/yunohost-archive-keyring.gpg
444 | apt-get -qq update
445 | }
446 |
447 | function register_debconf() {
448 | debconf-set-selections << EOF
449 | slapd slapd/password1 password yunohost
450 | slapd slapd/password2 password yunohost
451 | slapd slapd/domain string yunohost.org
452 | slapd shared/organization string yunohost.org
453 | slapd slapd/allow_ldap_v2 boolean false
454 | slapd slapd/invalid_config boolean true
455 | slapd slapd/backend select MDB
456 | postfix postfix/main_mailer_type select Internet Site
457 | postfix postfix/mailname string /etc/mailname
458 | nslcd nslcd/ldap-bindpw password
459 | nslcd nslcd/ldap-starttls boolean false
460 | nslcd nslcd/ldap-reqcert select
461 | nslcd nslcd/ldap-uris string ldap://localhost/
462 | nslcd nslcd/ldap-binddn string
463 | nslcd nslcd/ldap-base string dc=yunohost,dc=org
464 | libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow
465 | postsrsd postsrsd/domain string yunohost.org
466 | EOF
467 | }
468 |
469 | function workarounds_because_sysadmin_sucks() {
470 |
471 | # ######################## #
472 | # Workarounds for fail2ban #
473 | # ######################## #
474 |
475 | # We need to create auth.log in case it does not exists, because in some situation,
476 | # this file does not exists, fail2ban will miserably fail to start because
477 | # the default fail2ban jail include the sshd jail ... >.>
478 | touch /var/log/auth.log
479 |
480 | # ######################## #
481 | # Workarounds for avahi #
482 | # ######################## #
483 |
484 | # When attempting several installation of Yunohost on the same host
485 | # with a light VM system like LXC
486 | # we hit a bug with avahi-daemon postinstallation
487 | # This is described in detail in https://github.com/lxc/lxc/issues/25
488 | #
489 | # It makes the configure step of avahi-daemon fail, because the service does
490 | # start correctly. Then all other packages depending on avahi-daemon refuse to
491 | # configure themselves.
492 | #
493 | # The workaround we use is to generate a random uid for the avahi user, and
494 | # create the user with this id beforehand, so that the avahi-daemon postinst
495 | # script does not do it on its own. Our randomized uid has far less chances to
496 | # be already in use in another system than the automated one (which tries to use
497 | # consecutive uids).
498 |
499 | # Return without error if avahi already exists
500 | if id avahi > /dev/null 2>&1 ; then
501 | info "User avahi already exists (with uid $(id avahi)), skipping avahi workaround"
502 | return 0
503 | fi
504 |
505 | # Get a random unused uid between 500 and 999 (system-user)
506 | local avahi_id=$((500 + RANDOM % 500))
507 | while cut -d ':' -f 3 /etc/passwd | grep -q $avahi_id ;
508 | do
509 | avahi_id=$((500 + RANDOM % 500))
510 | done
511 |
512 | info "Workaround for avahi : creating avahi user with uid $avahi_id"
513 |
514 | # Use the same adduser parameter as in the avahi-daemon postinst script
515 | # Just specify --uid explicitely
516 | adduser --disabled-password --quiet --system \
517 | --home /var/run/avahi-daemon --no-create-home \
518 | --gecos "Avahi mDNS daemon" --group avahi \
519 | --uid $avahi_id
520 |
521 | }
522 |
523 | function install_yunohost_packages() {
524 | # Allow sudo removal even if no root password has been set (on some DO
525 | # droplet or Vagrant virtual machines), as YunoHost use sudo-ldap
526 | export SUDO_FORCE_REMOVE=yes
527 |
528 | # On some machines (e.g. OVH VPS), the /etc/resolv.conf is immutable
529 | # We need to make it mutable for the resolvconf dependency to be installed
530 | chattr -i /etc/resolv.conf 2>/dev/null || true
531 |
532 | # Install those damn deps independently ...
533 | # otherwise they make the install crash for random reasons ~.~
534 | # c.f. https://github.com/YunoHost/issues/issues/1382
535 | apt_get_wrapper \
536 | -o Dpkg::Options::="--force-confold" \
537 | -y install \
538 | debhelper dh-autoreconf \
539 | || true
540 |
541 | # Explicitly install these so they get flagged as manually installed
542 | # At some point we may want to start trying to not install these by default
543 | # To have lighter systems
544 | # But that assumes that app explicitly declare their dependencies
545 | recommend_packages="php7.4-fpm mariadb-server metronome"
546 |
547 | # Install YunoHost
548 | apt_get_wrapper \
549 | -o Dpkg::Options::="--force-confold" \
550 | -o APT::install-recommends=true \
551 | -y install \
552 | yunohost yunohost-admin postfix \
553 | $recommend_packages \
554 | || return 1
555 | }
556 |
557 | function restart_services() {
558 | service slapd restart
559 | # service yunohost-firewall start
560 | service unscd restart
561 | service nslcd restart
562 |
563 | # For some reason sometimes dbus is not properly started/enabled ...
564 | systemctl is-active dbus >/dev/null || systemctl enable dbus --now
565 |
566 | return 0
567 | }
568 |
569 | function fix_locales() {
570 | # This function tries to fix the whole locale and perl mess about missing locale files
571 |
572 | # Install 'locales' if locale-gen does not exists yet
573 | command -v locale-gen > /dev/null || apt_get_wrapper -o Dpkg::Options::="--force-confold" -y install locales
574 |
575 | # Generate at least en_US.UTF-8
576 | grep -q "^ *en_US.UTF-8" /etc/locale.gen || echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
577 |
578 | # FIXME: here some day we should try to identify the user's lang from LANG or LC_ALL and generate the appropriate locale ...
579 | # (and set this lang as the default in /etc/env 3 lines below)
580 |
581 | locale-gen
582 |
583 | # If no /etc/environment exists, default to en_US.UTF-8
584 | [ "$(grep LC_ALL /etc/environment)" ] || echo 'LC_ALL="en_US.UTF-8"' >> /etc/environment
585 | source /etc/environment
586 | export LC_ALL
587 | }
588 |
589 | function conclusion() {
590 | # Get first local IP and global IP
591 | local local_ip=$(hostname --all-ip-address | awk '{print $1}')
592 | local global_ip=$(curl https://ip.yunohost.org 2>/dev/null)
593 |
594 | # Will ignore local ip if it's already the global IP (e.g. for some VPS)
595 | [[ "$local_ip" != "$global_ip" ]] || local_ip=""
596 |
597 | # Formatting
598 | [[ -z "$local_ip" ]] || local_ip=$(echo -e "\n - https://$local_ip/ (local IP, if self-hosting at home)")
599 | [[ -z "$global_ip" ]] || global_ip=$(echo -e "\n - https://$global_ip/ (global IP, if you're on a VPS)")
600 |
601 | cat << EOF
602 | ===============================================================================
603 | You should now proceed with Yunohost post-installation. This is where you will
604 | be asked for :
605 | - the main domain of your server ;
606 | - the administration password.
607 |
608 | You can perform this step :
609 | - from the command line, by running 'yunohost tools postinstall' as root
610 | - or from your web browser, by accessing : ${local_ip}${global_ip}
611 |
612 | If this is your first time with YunoHost, it is strongly recommended to take
613 | time to read the administator documentation and in particular the sections
614 | 'Finalizing your setup' and 'Getting to know YunoHost'. It is available at
615 | the following URL : https://yunohost.org/admindoc
616 | ===============================================================================
617 | EOF
618 | }
619 |
620 | ###############################################################################
621 | # Raspbian specific stuff #
622 | ###############################################################################
623 |
624 | function is_raspbian() {
625 | # On Raspbian image lsb_release is available
626 | if [[ "$(lsb_release -i -s 2> /dev/null)" != "Raspbian" ]] ;
627 | then
628 | return 1
629 | fi
630 | return 0
631 | }
632 |
633 | function user_pi_logged_out() {
634 | who | grep -w pi > /dev/null && return 1
635 | return 0
636 | }
637 |
638 | function del_user_pi() {
639 | if id "pi" >/dev/null 2>&1; then
640 | deluser --remove-all-files pi >> $YUNOHOST_LOG 2>&1
641 | fi
642 | }
643 |
644 | ###############################################################################
645 | # Image building specific stuff #
646 | ###############################################################################
647 |
648 | function clean_image() {
649 | # Delete SSH keys
650 | rm -f /etc/ssh/ssh_host_* >> $YUNOHOST_LOG 2>&1
651 | yes | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa >> $YUNOHOST_LOG 2>&1
652 | yes | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa >> $YUNOHOST_LOG 2>&1
653 | yes | ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521 >> $YUNOHOST_LOG 2>&1
654 |
655 | # Deleting logs ...
656 | find /var/log -type f -exec rm {} \; >> $YUNOHOST_LOG 2>&1
657 |
658 | # Purging apt ...
659 | apt-get clean >> $YUNOHOST_LOG 2>&1
660 | }
661 |
662 |
663 | ###############################################################################
664 |
665 | main "$@"
666 |
--------------------------------------------------------------------------------
/switchtoStable:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | cat << EOF
4 | ----
5 | Patching sources.list to disable testing repository...
6 | ----
7 | EOF
8 |
9 | readarray -d '' apt_files < <(find /etc/apt/sources.list /etc/apt/sources.list.d -type f -print0)
10 | for FILE in "${apt_files[@]}"; do
11 | # Remove 'testing' and 'unstable' in lines using the yunohost repo
12 | sed -i 's|^\(deb.*yunohost.org.*\) testing\(.*\)$|\1\2|' "$FILE"
13 | sed -i 's|^\(deb.*yunohost.org.*\) unstable\(.*\)$|\1\2|' "$FILE"
14 | done
15 |
16 | cat << EOF
17 | ----
18 | Running 'apt-get update'
19 | ----
20 | EOF
21 | apt-get update
22 |
23 | cat << EOF
24 | ----
25 | Running 'apt-get dist-upgrade'
26 | ----
27 | EOF
28 | apt-get dist-upgrade -y
29 |
--------------------------------------------------------------------------------
/switchtoTesting:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | cat << EOF
4 | ----
5 | Patching sources.list to enable testing repository...
6 | ----
7 | EOF
8 |
9 | readarray -d '' apt_files < <(find /etc/apt/sources.list /etc/apt/sources.list.d -type f -print0)
10 | for FILE in "${apt_files[@]}"; do
11 | # (Append 'testing' at the end of lines starting with the yunohost repo..)
12 | sed -i 's@^deb.* http://forge.yunohost.org.*@& testing@' "$FILE"
13 | done
14 |
15 | cat << EOF
16 | ----
17 | Running 'apt-get update'
18 | ----
19 | EOF
20 | apt-get update
21 |
22 | cat << EOF
23 | ----
24 | Running 'apt-get dist-upgrade'
25 | ----
26 | EOF
27 | apt-get dist-upgrade -y
28 |
--------------------------------------------------------------------------------
/switchtoUnstable:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 |
3 | cat << EOF
4 | ----
5 | Patching sources.list to enable unstable repository...
6 | ----
7 | EOF
8 |
9 | readarray -d '' apt_files < <(find /etc/apt/sources.list /etc/apt/sources.list.d -type f -print0)
10 | for FILE in "${apt_files[@]}"; do
11 | # (Append 'testing' at the end of lines starting with the yunohost repo..)
12 | sed -i 's@^deb http://forge.yunohost.org.*@& testing unstable@' "$FILE"
13 | done
14 |
15 | cat << EOF
16 | ----
17 | Running 'apt-get update'
18 | ----
19 | EOF
20 | apt-get update
21 |
22 | cat << EOF
23 | ----
24 | Running 'apt-get dist-upgrade'
25 | ----
26 | EOF
27 | apt-get dist-upgrade -y
28 |
--------------------------------------------------------------------------------
/trixie:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | # shellcheck disable=SC2059
3 | set -Eeuo pipefail
4 |
5 | # Copyright (C) 2015-2023 YunoHost
6 | #
7 | # This program is free software: you can redistribute it and/or modify
8 | # it under the terms of the GNU Affero General Public License as
9 | # published by the Free Software Foundation, either version 3 of the
10 | # License, or (at your option) any later version.
11 | #
12 | # This program is distributed in the hope that it will be useful,
13 | # but WITHOUT ANY WARRANTY; without even the implied warranty of
14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 | # GNU Affero General Public License for more details.
16 | #
17 | # You should have received a copy of the GNU Affero General Public License
18 | # along with this program. If not, see .
19 |
20 | # RUN INSTALL SCRIPT WITH -a FOR NON-INTERACTIVE MODE.
21 |
22 | # Globals
23 |
24 | YUNOHOST_LOG="/var/log/yunohost-installation_$(date +%Y%m%d_%H%M%S).log"
25 | readonly YUNOHOST_LOG
26 | export DEBIAN_FRONTEND=noninteractive
27 |
28 | ###############################################################################
29 | # Main functions #
30 | ###############################################################################
31 |
32 | function check_connection() {
33 | TIMEOUT=$1
34 |
35 | while [ "$TIMEOUT" -gt 0 ]; do
36 | ping -c 1 -W 2 yunohost.org > /dev/null 2>&1 && return 0
37 | sleep 1
38 | TIMEOUT=$((TIMEOUT - 1))
39 | done
40 |
41 | return 1
42 | }
43 |
44 | function usage() {
45 | cat << EOF
46 | Usage :
47 | $(basename "$0") [-a] [-d ] [-h]
48 |
49 | Options :
50 | -a Enable automatic mode. No questions are asked.
51 | This does not perform the post-install step.
52 | -d Choose the distribution to install ('stable', 'testing', 'unstable').
53 | Defaults to 'stable'
54 | -f Ignore checks before starting the installation. Use only if you know
55 | what you are doing.
56 | -h Prints this help and exit
57 | EOF
58 | }
59 |
60 | function parse_options()
61 | {
62 | AUTOMODE=false
63 | DISTRIB=stable
64 | BUILD_IMAGE=false
65 | FORCE=false
66 |
67 | while getopts ":aid:fh" option; do
68 | case $option in
69 | a)
70 | AUTOMODE=true
71 | export DEBIAN_FRONTEND=noninteractive
72 | ;;
73 | d)
74 | DISTRIB=$OPTARG
75 | ;;
76 | f)
77 | FORCE=true
78 | ;;
79 | i)
80 | # This hidden option will allow to build generic image for Rpi/Olimex
81 | BUILD_IMAGE=true
82 | ;;
83 | h)
84 | usage
85 | exit 0
86 | ;;
87 | :)
88 | usage
89 | exit 1
90 | ;;
91 | \?)
92 | usage
93 | exit 1
94 | ;;
95 | esac
96 | done
97 | }
98 |
99 | function main()
100 | {
101 | parse_options "$@"
102 | check_assertions || exit 1
103 | confirm_installation || exit 1
104 | upgrade_system || die "Failed to upgrade the system"
105 | boring_workarounds || die "Failed to run the boring workarounds"
106 | setup_package_source || die "Setting up deb package sources failed"
107 | install_yunohost_packages || die "Installation of YunoHost packages failed"
108 |
109 | # For some reason sometimes dbus is not properly started/enabled ...
110 | if [[ "$BUILD_IMAGE" == "false" ]] ; then
111 | systemctl is-active dbus >/dev/null || systemctl enable dbus --now
112 | fi
113 |
114 | if [[ "$BUILD_IMAGE" == "true" ]] ; then
115 | clean_image || die "Unable to clean image"
116 | fi
117 |
118 | if is_raspbian ; then
119 |
120 | # FIXME : add a proper conclusion + timer warning?
121 |
122 | # Reboot should be done before postinstall to be able to run iptables rules
123 | reboot
124 | fi
125 |
126 | conclusion
127 | exit 0
128 | }
129 |
130 | ###############################################################################
131 | # Helpers #
132 | ###############################################################################
133 |
134 | normal=$(printf '\033[0m')
135 | bold=$(printf '\033[1m')
136 | # faint=$(printf '\033[2m')
137 | # underline=$(printf '\033[4m')
138 | # negative=$(printf '\033[7m')
139 | red=$(printf '\033[31m')
140 | green=$(printf '\033[32m')
141 | orange=$(printf '\033[33m')
142 | blue=$(printf '\033[34m')
143 | # yellow=$(printf '\033[93m')
144 | # white=$(printf '\033[39m')
145 | resetline=$(printf '\r\033[K')
146 | readonly normal bold red green orange blue resetline
147 |
148 | # shellcheck disable=SC2317
149 | function success()
150 | {
151 | local msg=${1}
152 | echo "[${bold}${green} OK ${normal}] ${msg}" | tee -a "$YUNOHOST_LOG"
153 | }
154 |
155 | function info()
156 | {
157 | local msg=${1}
158 | echo "[${bold}${blue}INFO${normal}] ${msg}" | tee -a "$YUNOHOST_LOG"
159 | }
160 |
161 | # shellcheck disable=SC2317
162 | function warn()
163 | {
164 | local msg=${1}
165 | echo "[${bold}${orange}WARN${normal}] ${msg}" | tee -a "$YUNOHOST_LOG" >&2
166 | }
167 |
168 | function error()
169 | {
170 | local msg=${1}
171 | echo "[${bold}${red}FAIL${normal}] ${msg}" | tee -a "$YUNOHOST_LOG" >&2
172 | }
173 |
174 | function die() {
175 | error "$1"
176 | info "Installation logs are available in $YUNOHOST_LOG"
177 | exit 1
178 | }
179 |
180 | function forceable_die() {
181 | msg="$1"
182 | if [[ "$FORCE" == "true" ]]; then
183 | warn "$msg You ran with -f so let's continue."
184 | else
185 | die "$msg If you know what you are doing, you can run this script with -f."
186 | fi
187 | }
188 |
189 | prompt_confirm() {
190 | prompt=$1
191 | if (( $# > 1 )); then
192 | check="$2"
193 | else
194 | check="@([yY]|[yY][eE][sS])"
195 | prompt="$prompt [y/n]: "
196 | fi
197 |
198 | shopt -s extglob
199 | while true; do
200 | read -r -p "$prompt" REPLY < /dev/tty
201 | case "$REPLY" in
202 | $check) echo ; return 0 ;;
203 | n|no) echo ; return 1 ;;
204 | *) printf " \033[31m %s \n\033[0m" "invalid input"
205 | esac
206 | done
207 | shopt +s extglob
208 | }
209 |
210 | trap trapint 2
211 | # shellcheck disable=SC2317
212 | function trapint {
213 | echo ""
214 | die "Aborted"
215 | exit 0
216 | }
217 |
218 | function show_apt_progress {
219 |
220 | local percent="$1"
221 | local title="$2"
222 | local message="$3"
223 |
224 | local done=$((${percent%.*}*40/100))
225 | local todo=$((39 - done))
226 |
227 | local done_sub_bar todo_sub_bar
228 | done_sub_bar="$(printf "%${done}s")"
229 | todo_sub_bar="$(printf "%${todo}s")"
230 |
231 | echo -ne "$resetline $bold$blue$title$normal [${done_sub_bar// /=}>${todo_sub_bar}] ${percent:0:4}% ${message:0:40}"
232 | }
233 |
234 | function _apt_with_progress() {
235 | local wat percent message title
236 | apt-get "$@" -o 'APT::Status-Fd=3' 3>&1 >> "$YUNOHOST_LOG" 2>&1 \
237 | | while read -r line; do
238 | wat=$(echo "$line" | cut -d: -f1)
239 | percent=$(echo "$line" | cut -d: -f3)
240 | message=$(echo "$line" | cut -d: -f2)
241 | if [[ $wat == "dlstatus" ]]; then
242 | title="Downloading"
243 | else
244 | title="Installing"
245 | fi
246 | show_apt_progress "$percent" "$title" "$message";
247 | done
248 | }
249 |
250 | function _apt() {
251 | set -o pipefail
252 | cat << EOF >> "$YUNOHOST_LOG"
253 | ===================
254 | Running: apt-get $*
255 | ===================
256 | EOF
257 | if [[ "$AUTOMODE" == "true" ]]; then
258 | # Why we need pipefail : https://stackoverflow.com/a/6872163
259 | apt-get "$@" 2>&1 | tee -a "$YUNOHOST_LOG"
260 | ret="$?"
261 | else
262 | if _apt_with_progress "$@"; then
263 | ret=0
264 | printf "$resetline $bold${green}Done$normal"
265 | else
266 | ret=1
267 | printf "$resetline $bold${red}'apt-get $*' failed.$normal Please check $YUNOHOST_LOG for debugging\n\n";
268 | fi
269 | fi
270 | set +o pipefail
271 | return "$ret"
272 | }
273 |
274 | function apt_update() {
275 | _apt update --allow-releaseinfo-change
276 | }
277 |
278 | function apt_install() {
279 | _apt install --assume-yes -o Dpkg::Options::="--force-confold" "$@"
280 | }
281 |
282 | ###############################################################################
283 | # Installation steps #
284 | ###############################################################################
285 |
286 | function check_assertions()
287 | {
288 | if [[ $DISTRIB == "stable" ]]; then
289 | error "Only unstable and testing branches are supported for Trixie right now. We ABSOLUTELY DISCOURAGE using YunoHost Trixie in any sort of production setup right now UNLESS YOU ARE A POWER-USER. Everything is in BETA STAGE ONLY."
290 | return 1
291 | fi
292 |
293 | # Assert we're on Debian
294 | # Note : we do not rely on lsb_release to avoid installing a dependency
295 | # only to check this...
296 | if [[ ! -f "/etc/debian_version" ]]; then
297 | die "This script can only be ran on Debian 13 (Trixie)."
298 | fi
299 |
300 | # Assert we're on Trixie
301 | # Note : we do not rely on lsb_release to avoid installing a dependency only to check this...
302 | # TODO: remove the line with "trixie/sid"
303 | debian_version=$(cat /etc/debian_version)
304 | if ! [[ "$debian_version" =~ ^13.* ]] && ! [[ "$debian_version" =~ "trixie/sid" ]]; then
305 | die "YunoHost is only available for the version 13 (Trixie) of Debian, you are using '$debian_version'."
306 | fi
307 |
308 | # Forbid people from installing on Ubuntu or Linux mint ...
309 | if [[ -f "/etc/lsb-release" ]]; then
310 | if grep -q -i "Ubuntu\|Mint" /etc/lsb-release; then
311 | die "Please don't try to install YunoHost on an Ubuntu or Linux Mint system ... You need a 'raw' Debian 13 (Trixie)."
312 | fi
313 | fi
314 |
315 | # Assert we're root
316 | if [[ "$(id -u)" != "0" ]]; then
317 | die "This script must be run as root. On most setups, the command 'sudo -i' can be run first to become root."
318 | fi
319 |
320 | # Check PATH var
321 | if [[ "$PATH" != *"/sbin"* ]]; then
322 | die "Your environment PATH variable must contain /sbin directory. Maybe try running 'PATH=/sbin:\$PATH' to fix this."
323 | fi
324 |
325 | # Assert Internet is reachable
326 | if ! check_connection 30; then
327 | die "You need internet to use this script! yunohost.org did not respond to ping after more than 30s."
328 | fi
329 |
330 | # Assert systemd is installed
331 | if ! command -v systemctl > /dev/null; then
332 | die "YunoHost requires systemd to be installed."
333 | fi
334 |
335 | # Assert curl is set up, try to install it otherwise
336 | if ! command -v curl >/dev/null 2>&1; then
337 | if ! apt_install curl; then
338 | die "YunoHost installer requires curl to be installed, but it failed to install it."
339 | fi
340 | fi
341 |
342 | # Check we aren't running in docker or other weird containers that we can't probably install on
343 | if systemd-detect-virt | grep -q -w "docker\|container-other"; then
344 | forceable_die "It seems like you are trying to install YunoHost in docker or a weird container technology which probably is not supported by this install script (or YunoHost as a whole)."
345 | fi
346 |
347 | # Check possible conflict with apache, bind9.
348 | if dpkg --get-selections | grep -v deinstall | grep -q 'apache2\s'; then
349 | forceable_die "Apache is installed on your system. YunoHost conflicts with apache2 because it requires nginx. To prevent this conflict, you should first run 'apt remove apache2 --purge --autoremove'."
350 | fi
351 | if dpkg --get-selections | grep -v deinstall | grep -q 'bind9\s'; then
352 | forceable_die "Bind9 is installed on your system. YunoHost conflicts with Bind9 because it requires dnsmasq. To prevent this conflict, you should first run 'apt remove bind9 --purge --autoremove'."
353 | fi
354 | }
355 |
356 | function confirm_installation() {
357 | if [[ "$AUTOMODE" == "true" ]]; then
358 | return 0
359 | fi
360 |
361 | cat << EOF | tee -a "$YUNOHOST_LOG"
362 | $bold
363 | ╭───────────────────────╮
364 | │ YunoHost Installation │
365 | ╰───────────────────────╯
366 | $normal
367 | • Installing YunoHost requires to install various important services,
368 | and possibly rework the configuration of some services that may already
369 | be installed (such as: nginx, postfix, dovecot, fail2ban, slapd)
370 |
371 | EOF
372 |
373 | if ! prompt_confirm " Are you sure you want to proceed ?"; then
374 | die "Aborting on user request."
375 | fi
376 |
377 | if [[ "$DISTRIB" == "unstable" ]]; then
378 | cat << EOF | tee -a "$YUNOHOST_LOG"
379 |
380 | • You are installing the unstable/alpha version of YunoHost 13/Trixie.
381 |
382 | You should be warned that THIS IS ALPHA-STAGE DEVELOPMENT.
383 | WE ABSOLUTELY DISCOURAGE ANY USE OF THIS VERSION
384 | IN A PRODUCTION CONTEXT, THIS IS ONLY MEANT FOR *TESTING*.
385 |
386 | THINGS **WILL** BREAK.
387 |
388 | EOF
389 | if ! prompt_confirm " Type 'Yes, I understand' if you understand: " "Yes, I understand"; then
390 | die "Aborting on user request."
391 | fi
392 | fi
393 |
394 | # SSH config warning
395 | if [[ -f /etc/ssh/sshd_config ]]; then
396 |
397 | # If root login is currently enabled
398 | local root_login_warning=""
399 | if ! grep -E "^[[:blank:]]*PermitRootLogin[[:blank:]]+no" /etc/ssh/sshd_config ; then
400 | root_login_warning=" • SSH login using root will be disabled (except from local network).\n"
401 | root_login_warning+=" Instead, you should login using the first YunoHost user."
402 |
403 | fi
404 |
405 | # If current conf uses a custom ssh port
406 | local ssh_port_warning=""
407 | if grep -Ev "^[[:blank:]]*Port[[:blank:]]+22[[:blank:]]*(#.*)?$" /etc/ssh/sshd_config | grep -E "^[[:blank:]]*Port[[:blank:]]+[[:digit:]]+$" ; then
408 | ssh_port_warning=" • You will have to connect using port 22 instead of your custom SSH port,\n"
409 | ssh_port_warning+=" though you can reconfigure this from YunoHost after the postinstall."
410 | fi
411 |
412 | if [[ -n "$root_login_warning" ]] || [[ -n "$ssh_port_warning" ]]; then
413 | cat << EOF | tee -a "$YUNOHOST_LOG"
414 |
415 | • Additionally, it is encouraged to let YunoHost manage the SSH configuration.
416 | However, you should be aware that:
417 | $(test -n "$root_login_warning" && echo -e "$root_login_warning")
418 | $(test -n "$ssh_port_warning" && echo -e "$ssh_port_warning")
419 | (Note that this will only be effective *after* you run YunoHost's postinstall)
420 |
421 | EOF
422 | if ! prompt_confirm " Should YunoHost override the SSH configuration ?"; then
423 | # Keep a copy to be restored during the postinstall
424 | # so that the ssh confs behaves as manually modified.
425 | cp /etc/ssh/sshd_config /etc/ssh/sshd_config.before_yunohost
426 | fi
427 | fi
428 | fi
429 |
430 | cat << EOF | tee -a "$YUNOHOST_LOG"
431 |
432 | 🚀 ${bold}Let's go !$normal
433 |
434 | 📜 Detailed logs will be available in $YUNOHOST_LOG
435 | EOF
436 |
437 | return 0
438 | }
439 |
440 | function upgrade_system() {
441 | echo "" | tee -a "$YUNOHOST_LOG"
442 | echo "$bold 1/5 • Running system upgrades$normal" | tee -a "$YUNOHOST_LOG"
443 | echo "" | tee -a "$YUNOHOST_LOG"
444 |
445 | apt_update
446 |
447 | # We need libtext-iconv-perl even before the dist-upgrade,
448 | # otherwise the dist-upgrade might fails on some setups because
449 | # perl is yolomacnuggets :|
450 | # Stuff like "Can't locate object method "new" via package "Text::Iconv""
451 | apt_install libtext-iconv-perl
452 |
453 | # Manually upgrade grub stuff in non-interactive mode,
454 | # otherwise a weird technical question is asked to the user
455 | # regarding how to upgrade grub's configuration...
456 | apt_install --only-upgrade grub-common grub2-common || true
457 |
458 | _apt dist-upgrade -y -o Dpkg::Options::="--force-confold"
459 |
460 | if is_raspbian ; then
461 | apt_install rpi-update
462 |
463 | if [[ "$BUILD_IMAGE" == "false" ]] ; then
464 | (rpi-update 2>&1 | tee -a "$YUNOHOST_LOG")
465 | fi
466 | fi
467 | }
468 |
469 | function boring_workarounds() {
470 |
471 | echo "" | tee -a "$YUNOHOST_LOG"
472 | echo "" | tee -a "$YUNOHOST_LOG"
473 | echo "$bold 2/5 • Install dependencies needed before the main install$normal" | tee -a "$YUNOHOST_LOG"
474 | echo "" | tee -a "$YUNOHOST_LOG"
475 |
476 | # ###################################################################### #
477 | # Dependencies that must be installed prior to the rest, for reasons ... #
478 | # (for example https://github.com/YunoHost/issues/issues/1382) #
479 | # ###################################################################### #
480 |
481 | apt_install --no-install-recommends lsb-release dialog curl gnupg apt-transport-https adduser debconf debhelper dh-autoreconf locales
482 |
483 | echo "" | tee -a "$YUNOHOST_LOG"
484 | echo "" | tee -a "$YUNOHOST_LOG"
485 | echo "$bold 3/5 • Apply various tweaks to prepare installation$normal" | tee -a "$YUNOHOST_LOG"
486 | echo "" | tee -a "$YUNOHOST_LOG"
487 |
488 | # #################################### #
489 | # Attempt to fix the usual locale mess #
490 | # #################################### #
491 |
492 | # This function tries to fix the whole locale and perl mess about missing locale files
493 |
494 | # Generate at least en_US.UTF-8
495 | grep -q "^ *en_US.UTF-8" /etc/locale.gen || echo "en_US.UTF-8 UTF-8" >> /etc/locale.gen
496 |
497 | # FIXME: here some day we should try to identify the user's lang from LANG or LC_ALL and generate the appropriate locale ...
498 | # (and set this lang as the default in /etc/env 3 lines below)
499 |
500 | locale-gen >/dev/null
501 |
502 | # If no /etc/environment exists, default to en_US.UTF-8
503 | grep -q LC_ALL /etc/environment || echo 'LC_ALL="en_US.UTF-8"' >> /etc/environment
504 | source /etc/environment
505 | export LC_ALL
506 |
507 | # ######################## #
508 | # Workarounds for fail2ban #
509 | # ######################## #
510 |
511 | # We need to create auth.log in case it does not exists, because in some situation,
512 | # this file does not exists, fail2ban will miserably fail to start because
513 | # the default fail2ban jail include the sshd jail ... >.>
514 | touch /var/log/auth.log
515 |
516 | # ######################## #
517 | # Workarounds for avahi #
518 | # ######################## #
519 |
520 | # When attempting several installation of YunoHost on the same host
521 | # with a light VM system like LXC
522 | # we hit a bug with avahi-daemon postinstallation
523 | # This is described in detail in https://github.com/lxc/lxc/issues/25
524 | #
525 | # It makes the configure step of avahi-daemon fail, because the service does
526 | # start correctly. Then all other packages depending on avahi-daemon refuse to
527 | # configure themselves.
528 | #
529 | # The workaround we use is to generate a random uid for the avahi user, and
530 | # create the user with this id beforehand, so that the avahi-daemon postinst
531 | # script does not do it on its own. Our randomized uid has far less chances to
532 | # be already in use in another system than the automated one (which tries to use
533 | # consecutive uids).
534 |
535 | # Return without error if avahi already exists
536 | if ! id avahi > /dev/null 2>&1; then
537 | # Get a random unused uid between 500 and 999 (system-user)
538 | local avahi_id=$((500 + RANDOM % 500))
539 | while cut -d ':' -f 3 /etc/passwd | grep -q $avahi_id ;do
540 | avahi_id=$((500 + RANDOM % 500))
541 | done
542 |
543 | # info "Workaround for avahi : creating avahi user with uid $avahi_id"
544 |
545 | # Use the same adduser parameter as in the avahi-daemon postinst script
546 | # Just specify --uid explicitely
547 | adduser --disabled-password --quiet --system \
548 | --home /var/run/avahi-daemon --no-create-home \
549 | --gecos "Avahi mDNS daemon" --group avahi \
550 | --uid $avahi_id
551 | fi
552 |
553 | # ########## #
554 | # Resolvconf #
555 | # ########## #
556 |
557 | # On some machines (e.g. OVH VPS), the /etc/resolv.conf is immutable
558 | # We need to make it mutable for the resolvconf dependency to be installed
559 | chattr -i /etc/resolv.conf 2>/dev/null || true
560 |
561 | # ######################################### #
562 | # python3-lexicon not packaged on trixie... #
563 | # ######################################### #
564 | # See upstream bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086560
565 | echo "${bold}${red} Installing python3-lexicon, this is a workaround to be removed before release!$normal" | tee -a "$YUNOHOST_LOG"
566 |
567 | # Download it from sid...
568 | curl http://ftp.it.debian.org/debian/pool/main/l/lexicon/python3-lexicon_3.17.0-1_all.deb -o /tmp/python3-lexicon_3.17.0-1_all.deb
569 | apt_install /tmp/python3-lexicon_3.17.0-1_all.deb
570 |
571 | # Done
572 | printf "$resetline $bold${green}Done$normal"
573 | }
574 |
575 | function setup_package_source() {
576 | echo "" | tee -a "$YUNOHOST_LOG"
577 | echo "" | tee -a "$YUNOHOST_LOG"
578 | echo "$bold 4/5 • Adding YunoHost repository to apt$normal" | tee -a "$YUNOHOST_LOG"
579 | echo "" | tee -a "$YUNOHOST_LOG"
580 |
581 | local CUSTOMAPT=/etc/apt/sources.list.d/yunohost.list
582 |
583 | # Debian repository
584 |
585 | local CUSTOMDEB="deb [signed-by=/usr/share/keyrings/yunohost-trixie.gpg] http://forge.yunohost.org/debian/ trixie stable"
586 |
587 | if [[ "$DISTRIB" == "stable" ]] ; then
588 | echo "$CUSTOMDEB" > $CUSTOMAPT
589 | elif [[ "$DISTRIB" == "testing" ]] ; then
590 | echo "$CUSTOMDEB testing" > $CUSTOMAPT
591 | elif [[ "$DISTRIB" == "unstable" ]] ; then
592 | echo "$CUSTOMDEB testing unstable" > $CUSTOMAPT
593 | fi
594 |
595 | # Add YunoHost repository key to the keyring
596 | curl --fail --silent https://forge.yunohost.org/yunohost_trixie.asc | gpg --dearmor > /usr/share/keyrings/yunohost-trixie.gpg
597 | apt_update
598 | }
599 |
600 | function install_yunohost_packages() {
601 |
602 | echo "" | tee -a "$YUNOHOST_LOG"
603 | echo "" | tee -a "$YUNOHOST_LOG"
604 | echo "$bold 5/5 • Installing YunoHost$normal" | tee -a "$YUNOHOST_LOG"
605 | echo "" | tee -a "$YUNOHOST_LOG"
606 |
607 | debconf-set-selections << EOF
608 | slapd slapd/password1 password yunohost
609 | slapd slapd/password2 password yunohost
610 | slapd slapd/domain string yunohost.org
611 | slapd shared/organization string yunohost.org
612 | slapd slapd/allow_ldap_v2 boolean false
613 | slapd slapd/invalid_config boolean true
614 | slapd slapd/backend select MDB
615 | postfix postfix/main_mailer_type select Internet Site
616 | postfix postfix/mailname string /etc/mailname
617 | nslcd nslcd/ldap-bindpw password
618 | nslcd nslcd/ldap-starttls boolean false
619 | nslcd nslcd/ldap-reqcert select
620 | nslcd nslcd/ldap-uris string ldap://localhost/
621 | nslcd nslcd/ldap-binddn string
622 | nslcd nslcd/ldap-base string dc=yunohost,dc=org
623 | libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow
624 | postsrsd postsrsd/domain string yunohost.org
625 | EOF
626 |
627 | # Allow sudo removal even if no root password has been set (on some DO
628 | # droplet or Vagrant virtual machines), as YunoHost use sudo-ldap
629 | export SUDO_FORCE_REMOVE=yes
630 |
631 | # Install YunoHost
632 | # FIXME : do we still want to install recommends ?
633 | apt_install \
634 | -o APT::install-recommends=true \
635 | yunohost yunohost-admin postfix
636 | }
637 |
638 | function conclusion() {
639 | # Get first local IP and global IP
640 | local local_ip
641 | local_ip=$(hostname --all-ip-address | tr ' ' '\n' | grep -v ":" | head -n1)
642 | local global_ip
643 | global_ip=$(curl https://ip.yunohost.org 2>/dev/null)
644 | local no_ip=""
645 |
646 | # Will ignore local ip if it's already the global IP (e.g. for some VPS)
647 | if [[ "$local_ip" == "$global_ip" ]]; then
648 | local_ip=""
649 | fi
650 |
651 | # Formatting
652 | local width=79
653 | if [[ -n "$local_ip" ]]; then
654 | local_ip=$(echo -e "\n │ - https://$local_ip/ (local IP, if self-hosting at home)")
655 | local nb_spaces=$(( width - ${#local_ip} ))
656 | local_ip+="$(printf "%${nb_spaces}s")│"
657 | fi
658 | if [[ -n "$global_ip" ]]; then
659 | global_ip=$(echo -e "\n │ - https://$global_ip/ (global IP, if you're on a VPS)")
660 | local nb_spaces=$(( width - ${#global_ip} ))
661 | global_ip+="$(printf "%${nb_spaces}s")│"
662 | fi
663 | if [[ -z "$local_ip" ]] && [[ -z "$global_ip" ]]; then
664 | no_ip=$(echo -e "\n │ - (no local nor global IP detected ?)")
665 | local nb_spaces=$(( width - ${#no_ip} ))
666 | no_ip+="$(printf "%${nb_spaces}s")│"
667 | fi
668 |
669 | cat << EOF | tee -a "$YUNOHOST_LOG"
670 |
671 |
672 | 🎉 ${bold}YunoHost installation completed!$normal
673 |
674 | ╭───────────────────────────────────────────────────────────────────────────╮
675 | │ You should now proceed with YunoHost post-installation. │
676 | │ This is where you will be asked for: │
677 | │ • the main domain of your server; │
678 | │ • the administration password; │
679 | │ • the name and password of the first user, which will also be admin. │
680 | │ │
681 | │ You can perform this step, either: │
682 | │ • from the command line, by running 'yunohost tools postinstall' as root │
683 | │ • or from your web browser, by accessing: │${local_ip}${global_ip}${no_ip}
684 | │ │
685 | │ If this is your first time with YunoHost, it is strongly recommended to │
686 | │ take time to read the administator documentation and in particular the │
687 | │ sections 'Finalizing your setup' and 'Getting to know YunoHost'. │
688 | │ │
689 | │ It is available at the following URL: ➡️ https://yunohost.org/admindoc │
690 | ╰───────────────────────────────────────────────────────────────────────────╯
691 |
692 |
693 | EOF
694 | }
695 |
696 | ###############################################################################
697 | # Raspbian specific stuff #
698 | ###############################################################################
699 |
700 | function is_raspbian() {
701 | # On Raspbian image lsb_release is available
702 | if [[ "$(lsb_release -i -s 2> /dev/null)" != "Raspbian" ]] ;
703 | then
704 | return 1
705 | fi
706 | return 0
707 | }
708 |
709 | ###############################################################################
710 | # Image building specific stuff #
711 | ###############################################################################
712 |
713 | function clean_image() {
714 | {
715 | # Delete SSH keys
716 | rm -f /etc/ssh/ssh_host_*
717 | yes | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa
718 | yes | ssh-keygen -f /etc/ssh/ssh_host_dsa_key -N '' -t dsa
719 | yes | ssh-keygen -f /etc/ssh/ssh_host_ecdsa_key -N '' -t ecdsa -b 521
720 |
721 | # Deleting logs ...
722 | find /var/log -type f -exec rm {} \;
723 |
724 | # Purging apt ...
725 | apt-get clean
726 | } >> "$YUNOHOST_LOG" 2>&1
727 | }
728 |
729 |
730 | ###############################################################################
731 |
732 | main "$@"
733 |
--------------------------------------------------------------------------------