lesavka: harden install scripts

2026-04-16 13:54:25 -03:00 · 2026-04-16 13:54:25 -03:00 · 43784cc152
commit 43784cc152
parent 59ed4e5724
2 changed files with 18 additions and 9 deletions
--- a/scripts/install/client.sh
+++ b/scripts/install/client.sh
@ -6,13 +6,16 @@ ORIG_USER=${SUDO_USER:-$(id -un)}
 REF=${LESAVKA_REF:-master}
 REPO_URL=${LESAVKA_REPO_URL:-ssh://git@scm.bstein.dev:2242/bstein/lesavka.git}
 SRC=/var/src/lesavka
+export TMPDIR=${TMPDIR:-/var/tmp}

 log() {
  printf '==> %s\n' "$*"
 }

+mkdir -p "$TMPDIR"
+
 log "1. Installing base packages"
-sudo pacman -Syq --needed --noconfirm \
+sudo pacman -Sq --needed --noconfirm \
  git rustup protobuf gcc clang evtest base-devel \
  gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \
  pipewire pipewire-pulse \
@ -24,14 +27,14 @@ ensure_yay() {
      return
    fi
  fi
-  sudo -u "$ORIG_USER" bash -c 'rm -rf /tmp/yay &&
-    cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git &&
+  sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c 'rm -rf "$TMPDIR/yay" &&
+    cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&
    cd yay && makepkg -si --noconfirm'
 }

 log "1b. Installing grpcurl"
 if sudo pacman -Si grpcurl >/dev/null 2>&1; then
-  sudo pacman -Syq --needed --noconfirm grpcurl
+  sudo pacman -Sq --needed --noconfirm grpcurl
 else
  ensure_yay
  if ! sudo -u "$ORIG_USER" yay -S --needed --noconfirm grpcurl-bin; then
--- a/scripts/install/server.sh
+++ b/scripts/install/server.sh
@ -2,6 +2,7 @@
 # scripts/install/server.sh - install and setup all server related apps and environments
 set -euo pipefail
 ORIG_USER=${SUDO_USER:-$(id -un)}
+export TMPDIR=${TMPDIR:-/var/tmp}

 REF=${LESAVKA_REF:-master}        # fallback

@ -33,9 +34,10 @@ while [[ $# -gt 0 ]]; do
  esac
 done
 echo "==> Using git ref: $REF"
+mkdir -p "$TMPDIR"

 echo "==> 1a. Base packages"
-sudo pacman -Syq --needed --noconfirm git \
+sudo pacman -Sq --needed --noconfirm git \
                                      rustup \
                                      protobuf \
                                      gcc \
@ -57,8 +59,9 @@ sudo pacman -Syq --needed --noconfirm git \
                                      lsof
 if ! command -v yay >/dev/null 2>&1; then
  echo "==> 1b. installing yay from AUR ..."
-  sudo -u "$ORIG_USER" bash -c '
-    cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git &&
+  sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c '
+    rm -rf "$TMPDIR/yay" &&
+    cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&
    cd yay && makepkg -si --noconfirm'
 fi
 # yay -S --noconfirm grpcurl-bin
@ -150,7 +153,7 @@ else
 fi

 echo "==> 4b. Kernel upgrade (optional)"
-if [[ "${LESAVKA_KERNEL_UPDATE:-1}" != "0" ]]; then
+if [[ "${LESAVKA_KERNEL_UPDATE:-0}" != "0" ]]; then
  sudo LESAVKA_KERNEL_BUILD_USER="$ORIG_USER" bash "$SRC_DIR/scripts/kernel/build-linux-rpi.sh"
 else
  echo "⚠️  skipping kernel upgrade (LESAVKA_KERNEL_UPDATE=0)"
@ -223,7 +226,7 @@ UNIT
 echo "==> 6c. Systemd units - initialization"
 sudo truncate -s 0 /tmp/lesavka-server.log
 sudo systemctl daemon-reload
-sudo systemctl enable lesavka-core lesavka-uvc lesavka-server
+sudo systemctl enable lesavka-core lesavka-server

 UDC_STATE=$(udc_state)
 if [[ -n ${LESAVKA_ALLOW_GADGET_RESET:-} ]] || ! is_attached_state "$UDC_STATE"; then
@ -256,6 +259,9 @@ EnvironmentFile=-/etc/lesavka/uvc.env
 WantedBy=multi-user.target
 UNIT

+sudo systemctl daemon-reload
+sudo systemctl enable lesavka-uvc
+
 echo "==> 6d. Systemd units - remove legacy reboot watchdog"
 sudo systemctl stop lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true
 sudo systemctl disable lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true