bstein/lesavka
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

lesavka: harden install scripts

Browse Source
This commit is contained in:
Brad Stein 2026-04-16 13:54:25 -03:00
parent 59ed4e5724
commit 43784cc152
2 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
scripts/install/client.sh
View File

@ -6,13 +6,16 @@ ORIG_USER=${SUDO_USER:-$(id -un)}
REF=${LESAVKA_REF:-master} REF=${LESAVKA_REF:-master}
REPO_URL=${LESAVKA_REPO_URL:-ssh://git@scm.bstein.dev:2242/bstein/lesavka.git} REPO_URL=${LESAVKA_REPO_URL:-ssh://git@scm.bstein.dev:2242/bstein/lesavka.git}
SRC=/var/src/lesavka SRC=/var/src/lesavka
export TMPDIR=${TMPDIR:-/var/tmp}
log() { log() {
printf '==> %s\n' "$*" printf '==> %s\n' "$*"
} }
mkdir -p "$TMPDIR"
log "1. Installing base packages" log "1. Installing base packages"
sudo pacman -Syq --needed --noconfirm \ sudo pacman -Sq --needed --noconfirm \
git rustup protobuf gcc clang evtest base-devel \ git rustup protobuf gcc clang evtest base-devel \
gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \ gstreamer gst-plugins-base gst-plugins-good gst-plugins-bad gst-plugins-ugly gst-libav \
pipewire pipewire-pulse \ pipewire pipewire-pulse \
@ -24,14 +27,14 @@ ensure_yay() {
return return
fi fi
fi fi
sudo -u "$ORIG_USER" bash -c 'rm -rf /tmp/yay && sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c 'rm -rf "$TMPDIR/yay" &&
cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git && cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&
cd yay && makepkg -si --noconfirm' cd yay && makepkg -si --noconfirm'
} }
log "1b. Installing grpcurl" log "1b. Installing grpcurl"
if sudo pacman -Si grpcurl >/dev/null 2>&1; then if sudo pacman -Si grpcurl >/dev/null 2>&1; then
sudo pacman -Syq --needed --noconfirm grpcurl sudo pacman -Sq --needed --noconfirm grpcurl
else else
ensure_yay ensure_yay
if ! sudo -u "$ORIG_USER" yay -S --needed --noconfirm grpcurl-bin; then if ! sudo -u "$ORIG_USER" yay -S --needed --noconfirm grpcurl-bin; then

16
scripts/install/server.sh
View File

@ -2,6 +2,7 @@
# scripts/install/server.sh - install and setup all server related apps and environments # scripts/install/server.sh - install and setup all server related apps and environments
set -euo pipefail set -euo pipefail
ORIG_USER=${SUDO_USER:-$(id -un)} ORIG_USER=${SUDO_USER:-$(id -un)}
export TMPDIR=${TMPDIR:-/var/tmp}
REF=${LESAVKA_REF:-master} # fallback REF=${LESAVKA_REF:-master} # fallback
@ -33,9 +34,10 @@ while [[ $# -gt 0 ]]; do
esac esac
done done
echo "==> Using git ref: $REF" echo "==> Using git ref: $REF"
mkdir -p "$TMPDIR"
echo "==> 1a. Base packages" echo "==> 1a. Base packages"
sudo pacman -Syq --needed --noconfirm git \ sudo pacman -Sq --needed --noconfirm git \
rustup \ rustup \
protobuf \ protobuf \
gcc \ gcc \
@ -57,8 +59,9 @@ sudo pacman -Syq --needed --noconfirm git \
lsof lsof
if ! command -v yay >/dev/null 2>&1; then if ! command -v yay >/dev/null 2>&1; then
echo "==> 1b. installing yay from AUR ..." echo "==> 1b. installing yay from AUR ..."
sudo -u "$ORIG_USER" bash -c ' sudo -u "$ORIG_USER" env TMPDIR="$TMPDIR" bash -c '
cd /tmp && git clone --depth 1 https://aur.archlinux.org/yay.git && rm -rf "$TMPDIR/yay" &&
cd "$TMPDIR" && git clone --depth 1 https://aur.archlinux.org/yay.git &&
cd yay && makepkg -si --noconfirm' cd yay && makepkg -si --noconfirm'
fi fi
# yay -S --noconfirm grpcurl-bin # yay -S --noconfirm grpcurl-bin
@ -150,7 +153,7 @@ else
fi fi
echo "==> 4b. Kernel upgrade (optional)" echo "==> 4b. Kernel upgrade (optional)"
if [[ "${LESAVKA_KERNEL_UPDATE:-1}" != "0" ]]; then if [[ "${LESAVKA_KERNEL_UPDATE:-0}" != "0" ]]; then
sudo LESAVKA_KERNEL_BUILD_USER="$ORIG_USER" bash "$SRC_DIR/scripts/kernel/build-linux-rpi.sh" sudo LESAVKA_KERNEL_BUILD_USER="$ORIG_USER" bash "$SRC_DIR/scripts/kernel/build-linux-rpi.sh"
else else
echo "⚠️ skipping kernel upgrade (LESAVKA_KERNEL_UPDATE=0)" echo "⚠️ skipping kernel upgrade (LESAVKA_KERNEL_UPDATE=0)"
@ -223,7 +226,7 @@ UNIT
echo "==> 6c. Systemd units - initialization" echo "==> 6c. Systemd units - initialization"
sudo truncate -s 0 /tmp/lesavka-server.log sudo truncate -s 0 /tmp/lesavka-server.log
sudo systemctl daemon-reload sudo systemctl daemon-reload
sudo systemctl enable lesavka-core lesavka-uvc lesavka-server sudo systemctl enable lesavka-core lesavka-server
UDC_STATE=$(udc_state) UDC_STATE=$(udc_state)
if [[ -n ${LESAVKA_ALLOW_GADGET_RESET:-} ]] || ! is_attached_state "$UDC_STATE"; then if [[ -n ${LESAVKA_ALLOW_GADGET_RESET:-} ]] || ! is_attached_state "$UDC_STATE"; then
@ -256,6 +259,9 @@ EnvironmentFile=-/etc/lesavka/uvc.env
WantedBy=multi-user.target WantedBy=multi-user.target
UNIT UNIT
sudo systemctl daemon-reload
sudo systemctl enable lesavka-uvc
echo "==> 6d. Systemd units - remove legacy reboot watchdog" echo "==> 6d. Systemd units - remove legacy reboot watchdog"
sudo systemctl stop lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true sudo systemctl stop lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true
sudo systemctl disable lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true sudo systemctl disable lesavka-watchdog.timer lesavka-watchdog.service >/dev/null 2>&1 || true