2023-12-21 15:30:31 +00:00
|
|
|
#!/bin/bash
|
2018-11-30 15:24:19 +00:00
|
|
|
# Turn on "strict mode." See http://redsymbol.net/articles/unofficial-bash-strict-mode/.
|
|
|
|
# -e: exit if any command unexpectedly fails.
|
|
|
|
# -u: exit if we have a variable typo.
|
2019-05-15 18:57:06 +00:00
|
|
|
# -o pipefail: don't ignore errors in the non-last command in a pipeline
|
2018-11-30 15:24:19 +00:00
|
|
|
set -euo pipefail
|
|
|
|
|
2022-06-19 11:12:02 +00:00
|
|
|
PHP_VER=8.0
|
|
|
|
|
2014-07-16 13:06:45 +00:00
|
|
|
function hide_output {
|
|
|
|
# This function hides the output of a command unless the command fails
|
|
|
|
# and returns a non-zero exit code.
|
|
|
|
|
|
|
|
# Get a temporary file.
|
2021-05-03 23:04:59 +00:00
|
|
|
OUTPUT=$(mktemp)
|
2014-07-16 13:06:45 +00:00
|
|
|
|
2018-11-30 15:24:19 +00:00
|
|
|
# Execute command, redirecting stderr/stdout to the temporary file. Since we
|
|
|
|
# check the return code ourselves, disable 'set -e' temporarily.
|
|
|
|
set +e
|
2023-12-21 14:58:34 +00:00
|
|
|
"$@" &> "$OUTPUT"
|
2018-11-30 15:24:19 +00:00
|
|
|
E=$?
|
|
|
|
set -e
|
2014-07-16 13:06:45 +00:00
|
|
|
|
|
|
|
# If the command failed, show the output that was captured in the temporary file.
|
2015-05-03 14:44:37 +00:00
|
|
|
if [ $E != 0 ]; then
|
2014-07-16 13:06:45 +00:00
|
|
|
# Something failed.
|
|
|
|
echo
|
2023-12-21 16:44:22 +00:00
|
|
|
echo "FAILED: $*"
|
2014-07-16 13:06:45 +00:00
|
|
|
echo -----------------------------------------
|
2023-12-21 14:58:34 +00:00
|
|
|
cat "$OUTPUT"
|
2014-07-16 13:06:45 +00:00
|
|
|
echo -----------------------------------------
|
2015-05-03 14:44:37 +00:00
|
|
|
exit $E
|
2014-07-16 13:06:45 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
# Remove temporary file.
|
2023-12-21 14:58:34 +00:00
|
|
|
rm -f "$OUTPUT"
|
2014-07-16 13:06:45 +00:00
|
|
|
}
|
|
|
|
|
2015-02-13 13:41:52 +00:00
|
|
|
function apt_get_quiet {
|
|
|
|
# Run apt-get in a totally non-interactive mode.
|
|
|
|
#
|
|
|
|
# Somehow all of these options are needed to get it to not ask the user
|
|
|
|
# questions about a) whether to proceed (-y), b) package options (noninteractive),
|
|
|
|
# and c) what to do about files changed locally (we don't cause that to happen but
|
|
|
|
# some VM providers muck with their images; -o).
|
|
|
|
#
|
|
|
|
# Although we could pass -qq to apt-get to make output quieter, many packages write to stdout
|
|
|
|
# and stderr things that aren't really important. Use our hide_output function to capture
|
|
|
|
# all of that and only show it if there is a problem (i.e. if apt_get returns a failure exit status).
|
|
|
|
DEBIAN_FRONTEND=noninteractive hide_output apt-get -y -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confnew" "$@"
|
|
|
|
}
|
|
|
|
|
2014-05-01 19:13:00 +00:00
|
|
|
function apt_install {
|
2015-08-19 19:58:35 +00:00
|
|
|
# Install a bunch of packages. We used to report which packages were already
|
|
|
|
# installed and which needed installing, before just running an 'apt-get
|
|
|
|
# install' for all of the packages. Calling `dpkg` on each package is slow,
|
|
|
|
# and doesn't affect what we actually do, except in the messages, so let's
|
|
|
|
# not do that anymore.
|
2021-05-03 23:04:59 +00:00
|
|
|
apt_get_quiet install "$@"
|
2014-05-01 19:13:00 +00:00
|
|
|
}
|
|
|
|
|
2014-06-07 17:54:58 +00:00
|
|
|
function get_default_hostname {
|
2014-06-07 18:55:57 +00:00
|
|
|
# Guess the machine's hostname. It should be a fully qualified
|
|
|
|
# domain name suitable for DNS. None of these calls may provide
|
|
|
|
# the right value, but it's the best guess we can make.
|
2023-12-21 14:58:34 +00:00
|
|
|
set -- "$(hostname --fqdn 2>/dev/null ||
|
2014-06-07 17:54:58 +00:00
|
|
|
hostname --all-fqdns 2>/dev/null ||
|
2023-12-21 14:58:34 +00:00
|
|
|
hostname 2>/dev/null)"
|
2014-06-07 18:55:57 +00:00
|
|
|
printf '%s\n' "$1" # return this value
|
2014-06-07 17:54:58 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function get_publicip_from_web_service {
|
2014-06-07 18:55:57 +00:00
|
|
|
# This seems to be the most reliable way to determine the
|
|
|
|
# machine's public IP address: asking a very nice web API
|
|
|
|
# for how they see us. Thanks go out to icanhazip.com.
|
2014-07-29 23:24:10 +00:00
|
|
|
# See: https://major.io/icanhazip-com-faq/
|
|
|
|
#
|
|
|
|
# Pass '4' or '6' as an argument to this function to specify
|
|
|
|
# what type of address to get (IPv4, IPv6).
|
2023-12-21 14:58:34 +00:00
|
|
|
curl -"$1" --fail --silent --max-time 15 icanhazip.com 2>/dev/null || /bin/true
|
2014-06-07 17:54:58 +00:00
|
|
|
}
|
|
|
|
|
2014-07-29 23:24:10 +00:00
|
|
|
function get_default_privateip {
|
|
|
|
# Return the IP address of the network interface connected
|
|
|
|
# to the Internet.
|
|
|
|
#
|
2014-08-31 12:09:13 +00:00
|
|
|
# Pass '4' or '6' as an argument to this function to specify
|
|
|
|
# what type of address to get (IPv4, IPv6).
|
|
|
|
#
|
2014-07-29 23:24:10 +00:00
|
|
|
# We used to use `hostname -I` and then filter for either
|
|
|
|
# IPv4 or IPv6 addresses. However if there are multiple
|
|
|
|
# network interfaces on the machine, not all may be for
|
|
|
|
# reaching the Internet.
|
|
|
|
#
|
|
|
|
# Instead use `ip route get` which asks the kernel to use
|
|
|
|
# the system's routes to select which interface would be
|
|
|
|
# used to reach a public address. We'll use 8.8.8.8 as
|
|
|
|
# the destination. It happens to be Google Public DNS, but
|
|
|
|
# no connection is made. We're just seeing how the box
|
|
|
|
# would connect to it. There many be multiple IP addresses
|
|
|
|
# assigned to an interface. `ip route get` reports the
|
|
|
|
# preferred. That's good enough for us. See issue #121.
|
|
|
|
#
|
2014-08-31 12:09:13 +00:00
|
|
|
# With IPv6, the best route may be via an interface that
|
|
|
|
# only has a link-local address (fe80::*). These addresses
|
|
|
|
# are only unique to an interface and so need an explicit
|
|
|
|
# interface specification in order to use them with bind().
|
|
|
|
# In these cases, we append "%interface" to the address.
|
|
|
|
# See the Notes section in the man page for getaddrinfo and
|
|
|
|
# https://discourse.mailinabox.email/t/update-broke-mailinabox/34/9.
|
|
|
|
#
|
2014-07-29 23:24:10 +00:00
|
|
|
# Also see ae67409603c49b7fa73c227449264ddd10aae6a9 and
|
|
|
|
# issue #3 for why/how we originally added IPv6.
|
2014-06-08 22:32:52 +00:00
|
|
|
|
2014-07-29 23:24:10 +00:00
|
|
|
target=8.8.8.8
|
2014-06-08 22:32:52 +00:00
|
|
|
|
2014-07-29 23:24:10 +00:00
|
|
|
# For the IPv6 route, use the corresponding IPv6 address
|
|
|
|
# of Google Public DNS. Again, it doesn't matter so long
|
|
|
|
# as it's an address on the public Internet.
|
|
|
|
if [ "$1" == "6" ]; then target=2001:4860:4860::8888; fi
|
2014-06-07 17:54:58 +00:00
|
|
|
|
2014-08-31 12:09:13 +00:00
|
|
|
# Get the route information.
|
2023-12-21 14:58:34 +00:00
|
|
|
route=$(ip -"$1" -o route get $target 2>/dev/null | grep -v unreachable)
|
2014-08-31 12:09:13 +00:00
|
|
|
|
|
|
|
# Parse the address out of the route information.
|
2023-12-21 14:58:34 +00:00
|
|
|
address=$(echo "$route" | sed "s/.* src \([^ ]*\).*/\1/")
|
2014-08-31 12:09:13 +00:00
|
|
|
|
|
|
|
if [[ "$1" == "6" && $address == fe80:* ]]; then
|
|
|
|
# For IPv6 link-local addresses, parse the interface out
|
|
|
|
# of the route information and append it with a '%'.
|
2023-12-21 14:58:34 +00:00
|
|
|
interface=$(echo "$route" | sed "s/.* dev \([^ ]*\).*/\1/")
|
2014-08-31 12:09:13 +00:00
|
|
|
address=$address%$interface
|
|
|
|
fi
|
|
|
|
|
2023-12-21 14:58:34 +00:00
|
|
|
echo "$address"
|
2014-06-08 22:32:52 +00:00
|
|
|
}
|
|
|
|
|
2014-05-01 19:35:18 +00:00
|
|
|
function ufw_allow {
|
2018-11-30 15:24:19 +00:00
|
|
|
if [ -z "${DISABLE_FIREWALL:-}" ]; then
|
2014-05-02 02:39:45 +00:00
|
|
|
# ufw has completely unhelpful output
|
2020-06-07 13:47:51 +00:00
|
|
|
ufw allow "$1" > /dev/null;
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
|
|
|
function ufw_limit {
|
|
|
|
if [ -z "${DISABLE_FIREWALL:-}" ]; then
|
|
|
|
# ufw has completely unhelpful output
|
|
|
|
ufw limit "$1" > /dev/null;
|
2014-05-02 02:39:45 +00:00
|
|
|
fi
|
2014-05-01 19:35:18 +00:00
|
|
|
}
|
|
|
|
|
2014-07-16 13:06:45 +00:00
|
|
|
function restart_service {
|
2023-12-21 14:58:34 +00:00
|
|
|
hide_output service "$1" restart
|
2014-07-16 13:06:45 +00:00
|
|
|
}
|
2014-08-21 01:09:09 +00:00
|
|
|
|
|
|
|
## Dialog Functions ##
|
|
|
|
function message_box {
|
|
|
|
dialog --title "$1" --msgbox "$2" 0 0
|
|
|
|
}
|
|
|
|
|
|
|
|
function input_box {
|
2014-08-21 15:52:19 +00:00
|
|
|
# input_box "title" "prompt" "defaultvalue" VARIABLE
|
|
|
|
# The user's input will be stored in the variable VARIABLE.
|
|
|
|
# The exit code from dialog will be stored in VARIABLE_EXITCODE.
|
2018-11-30 15:24:19 +00:00
|
|
|
# Temporarily turn off 'set -e' because we need the dialog return code.
|
2014-08-21 15:52:19 +00:00
|
|
|
declare -n result=$4
|
|
|
|
declare -n result_code=$4_EXITCODE
|
2018-11-30 15:24:19 +00:00
|
|
|
set +e
|
2014-08-21 15:52:19 +00:00
|
|
|
result=$(dialog --stdout --title "$1" --inputbox "$2" 0 0 "$3")
|
|
|
|
result_code=$?
|
2018-11-30 15:24:19 +00:00
|
|
|
set -e
|
2014-08-21 01:09:09 +00:00
|
|
|
}
|
2014-08-21 17:19:22 +00:00
|
|
|
|
|
|
|
function input_menu {
|
|
|
|
# input_menu "title" "prompt" "tag item tag item" VARIABLE
|
|
|
|
# The user's input will be stored in the variable VARIABLE.
|
|
|
|
# The exit code from dialog will be stored in VARIABLE_EXITCODE.
|
|
|
|
declare -n result=$4
|
|
|
|
declare -n result_code=$4_EXITCODE
|
|
|
|
local IFS=^$'\n'
|
2018-11-30 15:24:19 +00:00
|
|
|
set +e
|
2023-12-21 14:58:34 +00:00
|
|
|
result=$(dialog --stdout --title "$1" --menu "$2" 0 0 0 "$3")
|
2014-08-21 17:19:22 +00:00
|
|
|
result_code=$?
|
2018-11-30 15:24:19 +00:00
|
|
|
set -e
|
2014-08-21 17:19:22 +00:00
|
|
|
}
|
2015-02-12 19:53:17 +00:00
|
|
|
|
2015-04-11 19:21:38 +00:00
|
|
|
function wget_verify {
|
|
|
|
# Downloads a file from the web and checks that it matches
|
|
|
|
# a provided hash. If the comparison fails, exit immediately.
|
|
|
|
URL=$1
|
|
|
|
HASH=$2
|
|
|
|
DEST=$3
|
|
|
|
CHECKSUM="$HASH $DEST"
|
2023-12-21 14:58:34 +00:00
|
|
|
rm -f "$DEST"
|
|
|
|
hide_output wget -O "$DEST" "$URL"
|
2015-04-11 19:21:38 +00:00
|
|
|
if ! echo "$CHECKSUM" | sha1sum --check --strict > /dev/null; then
|
|
|
|
echo "------------------------------------------------------------"
|
|
|
|
echo "Download of $URL did not match expected checksum."
|
|
|
|
echo "Found:"
|
2023-12-21 14:58:34 +00:00
|
|
|
sha1sum "$DEST"
|
2015-04-11 19:21:38 +00:00
|
|
|
echo
|
|
|
|
echo "Expected:"
|
|
|
|
echo "$CHECKSUM"
|
2023-12-21 14:58:34 +00:00
|
|
|
rm -f "$DEST"
|
2015-04-11 19:21:38 +00:00
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
}
|
|
|
|
|
2015-02-12 19:53:17 +00:00
|
|
|
function git_clone {
|
|
|
|
# Clones a git repository, checks out a particular commit or tag,
|
|
|
|
# and moves the repository (or a subdirectory in it) to some path.
|
|
|
|
# We use separate clone and checkout because -b only supports tags
|
|
|
|
# and branches, but we sometimes want to reference a commit hash
|
|
|
|
# directly when the repo doesn't provide a tag.
|
|
|
|
REPO=$1
|
|
|
|
TREEISH=$2
|
|
|
|
SUBDIR=$3
|
|
|
|
TARGETPATH=$4
|
|
|
|
TMPPATH=/tmp/git-clone-$$
|
2023-12-21 14:58:34 +00:00
|
|
|
rm -rf $TMPPATH "$TARGETPATH"
|
|
|
|
git clone -q "$REPO" $TMPPATH || exit 1
|
|
|
|
(cd $TMPPATH; git checkout -q "$TREEISH";) || exit 1
|
|
|
|
mv $TMPPATH/"$SUBDIR" "$TARGETPATH"
|
2015-02-12 19:53:17 +00:00
|
|
|
rm -rf $TMPPATH
|
|
|
|
}
|