From 43784cc1520cc1f95809df80541353dcc0b0f569 Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Thu, 16 Apr 2026 13:54:25 -0300 Subject: [PATCH] lesavka: harden install scripts --- scripts/install/client.sh | 11 +++++++---- scripts/install/server.sh | 16 +++++++++++----- 2 files changed, 18 insertions(+), 9 deletions(-) diff --git a/scripts/install/client.sh b/scripts/install/client.sh index c3d46bf..5041f4e 100755 --- a/scripts/install/client.sh +++ b/scripts/install/client.sh @@ -6,13 +6,16 @@ ORIG_USER=${SUDO_USER:-$(id -un)} REF=${LESAVKA_REF:-master} REPO_URL=${LESAVKA_REPO_URL:-ssh://git@scm.bstein.dev:2242/bstein/lesavka.git} SRC=/var/src/lesavka +export TMPDIR=${TMPDIR:-/var/tmp} log() { printf '==> %s\n' "$*" } +mkdir -p "$TMPDIR" + log "1. Installing base packages" -sudo pacman -Syq --needed --noconfirm \ +sudo pacman -Sq --needed --noconfirm \ git rustup protobuf gcc clang evtest base-devel \ gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \ pipewire pipewire-pulse \ @@ -24,14 +27,14 @@ ensure_yay() { return fi fi - sudo -u "$ORIG_USER" bash -c 'rm -rf /tmp/yay && - cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git && + sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c 'rm -rf "$TMPDIR/yay" && + cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git && cd yay && makepkg -si --noconfirm' } log "1b. Installing grpcurl" if sudo pacman -Si grpcurl >/dev/null 2>&1; then - sudo pacman -Syq --needed --noconfirm grpcurl + sudo pacman -Sq --needed --noconfirm grpcurl else ensure_yay if ! sudo -u "$ORIG_USER" yay -S --needed --noconfirm grpcurl-bin; then diff --git a/scripts/install/server.sh b/scripts/install/server.sh index 81de01d..d6c4c10 100755 --- a/scripts/install/server.sh +++ b/scripts/install/server.sh @@ -2,6 +2,7 @@ # scripts/install/server.sh - install and setup all server related apps and environments set -euo pipefail ORIG_USER=${SUDO_USER:-$(id -un)} +export TMPDIR=${TMPDIR:-/var/tmp} REF=${LESAVKA_REF:-master} # fallback @@ -33,9 +34,10 @@ while [[ $# -gt 0 ]]; do esac done echo "==> Using git ref: $REF" +mkdir -p "$TMPDIR" echo "==> 1a. Base packages" -sudo pacman -Syq --needed --noconfirm git \ +sudo pacman -Sq --needed --noconfirm git \ rustup \ protobuf \ gcc \ @@ -57,8 +59,9 @@ sudo pacman -Syq --needed --noconfirm git \ lsof if ! command -v yay >/dev/null 2>&1; then echo "==> 1b. installing yay from AUR ..." - sudo -u "$ORIG_USER" bash -c ' - cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git && + sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c ' + rm -rf "$TMPDIR/yay" && + cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git && cd yay && makepkg -si --noconfirm' fi # yay -S --noconfirm grpcurl-bin @@ -150,7 +153,7 @@ else fi echo "==> 4b. Kernel upgrade (optional)" -if [[ "${LESAVKA_KERNEL_UPDATE:-1}" != "0" ]]; then +if [[ "${LESAVKA_KERNEL_UPDATE:-0}" != "0" ]]; then sudo LESAVKA_KERNEL_BUILD_USER="$ORIG_USER" bash "$SRC_DIR/scripts/kernel/build-linux-rpi.sh" else echo "⚠️ skipping kernel upgrade (LESAVKA_KERNEL_UPDATE=0)" @@ -223,7 +226,7 @@ UNIT echo "==> 6c. Systemd units - initialization" sudo truncate -s 0 /tmp/lesavka-server.log sudo systemctl daemon-reload -sudo systemctl enable lesavka-core lesavka-uvc lesavka-server +sudo systemctl enable lesavka-core lesavka-server UDC_STATE=$(udc_state) if [[ -n ${LESAVKA_ALLOW_GADGET_RESET:-} ]] || ! is_attached_state "$UDC_STATE"; then @@ -256,6 +259,9 @@ EnvironmentFile=-/etc/lesavka/uvc.env WantedBy=multi-user.target UNIT +sudo systemctl daemon-reload +sudo systemctl enable lesavka-uvc + echo "==> 6d. Systemd units - remove legacy reboot watchdog" sudo systemctl stop lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true sudo systemctl disable lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true