2021-01-27 00:35:18 +01:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
function get_arch()
|
|
|
|
|
{
|
|
|
|
|
local architecture
|
|
|
|
|
if uname -m | grep -q "arm64" || uname -m | grep -q "aarch64"; then
|
2022-09-09 02:49:02 +02:00
|
|
|
architecture="arm64"
|
2021-01-27 00:35:18 +01:00
|
|
|
elif uname -m | grep -q "64"; then
|
|
|
|
|
architecture="amd64"
|
|
|
|
|
elif uname -m | grep -q "86"; then
|
|
|
|
|
architecture="i386"
|
|
|
|
|
elif uname -m | grep -q "arm"; then
|
|
|
|
|
architecture="armhf"
|
|
|
|
|
else
|
|
|
|
|
architecture="unknown"
|
|
|
|
|
fi
|
|
|
|
|
echo $architecture
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-03 16:48:22 +01:00
|
|
|
function rotate_image()
|
|
|
|
|
{
|
|
|
|
|
local instance_to_publish=$1
|
|
|
|
|
local alias_image=$2
|
|
|
|
|
|
|
|
|
|
# Save the finger print to delete the old image later
|
2024-03-10 21:36:36 +01:00
|
|
|
local finger_print_to_delete=$(incus image info "$alias_image" | grep Fingerprint | awk '{print $2}')
|
2021-02-03 16:48:22 +01:00
|
|
|
local should_restart=0
|
|
|
|
|
|
|
|
|
|
# If the container is running, stop it
|
2024-03-10 21:36:36 +01:00
|
|
|
if [ "$(incus info $instance_to_publish | grep Status | awk '{print tolower($2)}')" = "running" ]
|
2021-02-03 16:48:22 +01:00
|
|
|
then
|
|
|
|
|
should_restart=1
|
2024-03-10 21:36:36 +01:00
|
|
|
incus stop "$instance_to_publish"
|
2021-02-03 16:48:22 +01:00
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Create image before install
|
2024-03-10 21:36:36 +01:00
|
|
|
incus publish "$instance_to_publish" --alias "$alias_image" --reuse --public "${@:3}"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2021-02-03 16:48:22 +01:00
|
|
|
# Remove old image
|
2024-03-10 21:36:36 +01:00
|
|
|
incus image delete "$finger_print_to_delete"
|
2021-02-03 16:48:22 +01:00
|
|
|
|
|
|
|
|
if [ $should_restart = 1 ]
|
|
|
|
|
then
|
2024-03-10 21:36:36 +01:00
|
|
|
incus start "$instance_to_publish"
|
2021-02-03 16:48:22 +01:00
|
|
|
sleep 5
|
|
|
|
|
fi
|
|
|
|
|
}
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
function rebuild_base_incus()
|
2021-01-27 00:35:18 +01:00
|
|
|
{
|
|
|
|
|
local YNH_BRANCH=${1:-stable}
|
2023-02-07 00:36:30 +01:00
|
|
|
local DIST=${2:-bullseye}
|
2024-02-19 23:43:02 +01:00
|
|
|
local ARCH=${3:-$(dpkg --print-architecture)}
|
2021-01-27 00:35:18 +01:00
|
|
|
local img_name=$YNH_BRANCH-$DIST-$ARCH
|
2023-02-07 00:36:30 +01:00
|
|
|
|
2021-01-27 00:35:18 +01:00
|
|
|
set -x
|
2024-03-10 21:36:36 +01:00
|
|
|
incus info $img_name >/dev/null && incus delete $img_name --force
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
if [ $(get_arch) = $ARCH ];
|
|
|
|
|
then
|
2024-03-10 21:36:36 +01:00
|
|
|
incus launch images:debian/$DIST/$ARCH $img_name -c security.privileged=true -c security.nesting=true
|
2021-01-27 00:35:18 +01:00
|
|
|
else
|
2024-03-10 21:36:36 +01:00
|
|
|
incus image info $img_name >/dev/null && incus image delete $img_name
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
tmp_dir=$(mktemp -d)
|
|
|
|
|
pushd $tmp_dir
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus image export images:debian/$DIST/$ARCH
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
tar xJf lxd.tar.xz
|
|
|
|
|
local current_arch=$(get_arch)
|
|
|
|
|
sed -i "0,/architecture: $ARCH/s//architecture: $current_arch/" metadata.yaml
|
|
|
|
|
tar cJf lxd.tar.xz metadata.yaml templates
|
2024-03-10 21:36:36 +01:00
|
|
|
incus image import lxd.tar.xz rootfs.squashfs --alias $img_name
|
2021-01-27 00:35:18 +01:00
|
|
|
popd
|
|
|
|
|
rm -rf "$tmp_dir"
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus launch $img_name $img_name -c security.privileged=true -c security.nesting=true
|
2021-01-27 00:35:18 +01:00
|
|
|
fi
|
|
|
|
|
sleep 5
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
IN_INCUS="incus exec $img_name --"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2022-01-20 17:50:00 +01:00
|
|
|
local INSTALL_SCRIPT="https://install.yunohost.org/$DIST"
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS apt install curl -y
|
|
|
|
|
$IN_INCUS /bin/bash -c "echo exit 101 > /usr/sbin/policy-rc.d"
|
|
|
|
|
$IN_INCUS /bin/bash -c "chmod +x /usr/sbin/policy-rc.d"
|
|
|
|
|
$IN_INCUS /bin/bash -c "curl $INSTALL_SCRIPT | bash -s -- -a -d $YNH_BRANCH"
|
|
|
|
|
$IN_INCUS /bin/bash -c "rm /usr/sbin/policy-rc.d"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS systemctl -q disable apt-daily.timer --now
|
|
|
|
|
$IN_INCUS systemctl -q disable apt-daily-upgrade.timer --now
|
|
|
|
|
$IN_INCUS systemctl -q disable apt-daily.service --now
|
|
|
|
|
$IN_INCUS systemctl -q disable apt-daily-upgrade.service --now
|
|
|
|
|
$IN_INCUS rm -f /etc/cron.daily/apt-compat
|
|
|
|
|
$IN_INCUS cp /bin/true /usr/lib/apt/apt.systemd.daily
|
2023-02-07 00:37:09 +01:00
|
|
|
|
|
|
|
|
# Disable services that are useless in the vast majority of cases to try to improve perfs
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS systemctl -q disable rspamd --now
|
|
|
|
|
$IN_INCUS systemctl -q disable dovecot --now
|
|
|
|
|
$IN_INCUS systemctl -q disable postsrsd --now
|
|
|
|
|
$IN_INCUS systemctl -q disable metronome --now
|
|
|
|
|
$IN_INCUS systemctl -q disable yunohost-api --now
|
|
|
|
|
$IN_INCUS systemctl -q disable fake-hwclock.service --now
|
|
|
|
|
$IN_INCUS systemctl -q disable yunoprompt --now
|
|
|
|
|
$IN_INCUS systemctl -q disable haveged.service --now
|
|
|
|
|
$IN_INCUS systemctl -q disable metronome.service --now
|
|
|
|
|
$IN_INCUS systemctl -q disable unattended-upgrades.service --now
|
|
|
|
|
$IN_INCUS systemctl -q disable e2scrub_all.timer
|
|
|
|
|
$IN_INCUS systemctl -q disable logrotate.timer
|
|
|
|
|
$IN_INCUS systemctl -q disable phpsessionclean.timer
|
|
|
|
|
$IN_INCUS systemctl -q disable systemd-tmpfiles-clean.timer
|
|
|
|
|
|
|
|
|
|
$IN_INCUS sed -i 's/worker_processes.*;/worker_processes 4;/g' /etc/nginx/nginx.conf
|
|
|
|
|
|
|
|
|
|
$IN_INCUS /bin/bash -c "reboot 0"
|
2022-09-08 01:00:17 +02:00
|
|
|
sleep 5
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
# Publish ynh-dev image
|
2024-03-10 21:36:36 +01:00
|
|
|
local INCUS_BASE="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base"
|
|
|
|
|
rotate_image $img_name $INCUS_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-dev" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-dev $ARCH ($(date '+%Y%m%d'))"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
|
|
|
|
local YUNO_PWD="SomeSuperStrongPassword"
|
|
|
|
|
local DOMAIN="domain.tld"
|
|
|
|
|
local SUBDOMAIN="sub.$DOMAIN"
|
|
|
|
|
local TEST_USER="package_checker"
|
|
|
|
|
local TEST_USER_DISPLAY=${TEST_USER//"_"/""}
|
|
|
|
|
|
|
|
|
|
# Disable password strength check
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS /bin/bash -c "echo 'admin_strength: -1' >> /etc/yunohost/settings.yml"
|
|
|
|
|
$IN_INCUS /bin/bash -c "echo 'user_strength: -1' >> /etc/yunohost/settings.yml"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost domain add $SUBDOMAIN
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost --version
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
INCUS_BASE="ynh-appci-$DIST-$ARCH-$YNH_BRANCH-base"
|
|
|
|
|
incus stop $img_name
|
|
|
|
|
rotate_image $img_name $INCUS_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-appci" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-appci $ARCH ($(date '+%Y%m%d'))"
|
|
|
|
|
incus delete $img_name
|
2024-02-19 23:43:02 +01:00
|
|
|
set +x
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function update_appci_image()
|
|
|
|
|
{
|
|
|
|
|
local YNH_BRANCH=${1:-stable}
|
|
|
|
|
local DIST=${2:-bullseye}
|
|
|
|
|
local ARCH=${3:-$(dpkg --print-architecture)}
|
|
|
|
|
local img_name=$YNH_BRANCH-$DIST-$ARCH
|
|
|
|
|
|
|
|
|
|
set -x
|
2024-03-10 21:36:36 +01:00
|
|
|
incus launch ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base $img_name -c security.privileged=true -c security.nesting=true
|
|
|
|
|
IN_INCUS="incus exec $img_name --"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
|
|
|
|
sleep 3
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
echo "nameserver 8.8.8.8" | $IN_INCUS tee /etc/resolv.conf
|
2024-02-19 23:43:02 +01:00
|
|
|
|
|
|
|
|
sleep 3
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS ping -c3 deb.debian.org || exit 1
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS apt update
|
|
|
|
|
$IN_INCUS apt dist-upgrade -y
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2023-02-07 00:37:45 +01:00
|
|
|
local YUNO_PWD="SomeSuperStrongPassword"
|
2021-01-27 00:35:18 +01:00
|
|
|
local DOMAIN="domain.tld"
|
|
|
|
|
local SUBDOMAIN="sub.$DOMAIN"
|
|
|
|
|
local TEST_USER="package_checker"
|
2023-02-07 00:37:45 +01:00
|
|
|
local TEST_USER_DISPLAY=${TEST_USER//"_"/""}
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
# Disable password strength check
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost tools postinstall --domain $DOMAIN --password $YUNO_PWD --username $TEST_USER --fullname "$TEST_USER_DISPLAY"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS /bin/bash -c "echo 'admin_strength: -1' >> /etc/yunohost/settings.yml"
|
|
|
|
|
$IN_INCUS /bin/bash -c "echo 'user_strength: -1' >> /etc/yunohost/settings.yml"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost domain add $SUBDOMAIN
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS yunohost --version
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
INCUS_BASE="ynh-appci-$DIST-$ARCH-$YNH_BRANCH-base"
|
|
|
|
|
incus stop $img_name
|
|
|
|
|
rotate_image $img_name $INCUS_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-appci" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-appci $ARCH ($(date '+%Y%m%d'))"
|
|
|
|
|
incus delete $img_name
|
2021-01-27 00:35:18 +01:00
|
|
|
set +x
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2021-01-27 00:35:18 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function from_stable_to_another_version()
|
|
|
|
|
{
|
|
|
|
|
local YNH_BRANCH=${1:-testing}
|
2023-02-07 00:36:30 +01:00
|
|
|
local DIST=${2:-bullseye}
|
2024-02-19 23:43:02 +01:00
|
|
|
local ARCH=${3:-$(dpkg --print-architecture)}
|
|
|
|
|
local BASE_IMG=${4:-stable}
|
2024-03-10 21:36:36 +01:00
|
|
|
local OLD_INCUS_BASE="ynh-dev-$DIST-$ARCH-$BASE_IMG-base"
|
|
|
|
|
local NEW_INCUS_BASE="ynh-dev-$DIST-$ARCH-$YNH_BRANCH-base"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2023-02-07 00:36:30 +01:00
|
|
|
local CUSTOMAPT=/etc/apt/sources.list.d/yunohost.list
|
|
|
|
|
|
|
|
|
|
if [[ "$YNH_BRANCH" == "testing" ]] ; then
|
|
|
|
|
CHANNELS="testing"
|
|
|
|
|
elif [[ "$YNH_BRANCH" == "unstable" ]] ; then
|
|
|
|
|
CHANNELS="testing unstable"
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
local CUSTOMDEB="deb [signed-by=/usr/share/keyrings/yunohost-archive-keyring.gpg] http://forge.yunohost.org/debian/ $DIST stable $CHANNELS"
|
|
|
|
|
|
|
|
|
|
#curl --fail --silent https://forge.yunohost.org/yunohost_bullseye.asc | gpg --dearmor > /usr/share/keyrings/yunohost-archive-keyring.gpg
|
2021-01-27 00:35:18 +01:00
|
|
|
|
|
|
|
|
set -x
|
2024-03-10 21:36:36 +01:00
|
|
|
IN_INCUS="incus exec $NEW_INCUS_BASE --"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus launch $OLD_INCUS_BASE $NEW_INCUS_BASE -c security.privileged=true -c security.nesting=true
|
2021-01-27 00:35:18 +01:00
|
|
|
sleep 5
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS /bin/bash -c "echo '$CUSTOMDEB' > $CUSTOMAPT"
|
|
|
|
|
$IN_INCUS /bin/bash -c "apt-get update"
|
|
|
|
|
$IN_INCUS /bin/bash -c "apt-get dist-upgrade -y"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus stop $NEW_INCUS_BASE
|
|
|
|
|
rotate_image $NEW_INCUS_BASE $NEW_INCUS_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-dev" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-dev $ARCH ($(date '+%Y%m%d'))"
|
|
|
|
|
incus delete $NEW_INCUS_BASE
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
OLD_INCUS_BASE="ynh-appci-$DIST-$ARCH-stable-base"
|
|
|
|
|
NEW_INCUS_BASE="ynh-appci-$DIST-$ARCH-$YNH_BRANCH-base"
|
|
|
|
|
IN_INCUS="incus exec $NEW_INCUS_BASE --"
|
2021-01-27 00:35:18 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus launch $OLD_INCUS_BASE $NEW_INCUS_BASE -c security.privileged=true -c security.nesting=true
|
2021-01-27 00:35:18 +01:00
|
|
|
sleep 5
|
|
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS /bin/bash -c "echo '$CUSTOMDEB' > $CUSTOMAPT"
|
|
|
|
|
$IN_INCUS /bin/bash -c "apt-get update"
|
|
|
|
|
$IN_INCUS /bin/bash -c "apt-get dist-upgrade -y"
|
2023-02-07 00:36:30 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
$IN_INCUS /bin/bash -c "echo 'admin_strength: -1' >> /etc/yunohost/settings.yml"
|
|
|
|
|
$IN_INCUS /bin/bash -c "echo 'user_strength: -1' >> /etc/yunohost/settings.yml"
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2024-03-10 21:36:36 +01:00
|
|
|
incus stop $NEW_INCUS_BASE
|
|
|
|
|
rotate_image $NEW_INCUS_BASE $NEW_INCUS_BASE "os=YunoHost" "ynh-release=$YNH_BRANCH" "stage=ynh-appci" "release=${DIST^}" "architecture=$ARCH" "description=YunoHost $DIST $YNH_BRANCH ynh-appci $ARCH ($(date '+%Y%m%d'))"
|
|
|
|
|
incus delete $NEW_INCUS_BASE
|
2021-01-27 00:35:18 +01:00
|
|
|
set +x
|
|
|
|
|
}
|
2024-02-19 23:43:02 +01:00
|
|
|
|
2023-02-07 00:36:30 +01:00
|
|
|
for DIST in "bullseye" # Add new debian version here
|
2021-06-17 15:18:24 +02:00
|
|
|
do
|
2024-03-10 21:36:36 +01:00
|
|
|
rebuild_base_incus "stable" $DIST
|
2022-05-18 03:31:34 +02:00
|
|
|
|
2024-02-19 23:43:02 +01:00
|
|
|
for YNH_BRANCH in "testing" "unstable"
|
|
|
|
|
do
|
|
|
|
|
from_stable_to_another_version $YNH_BRANCH $DIST
|
2021-06-17 15:18:24 +02:00
|
|
|
done
|
|
|
|
|
done
|
2024-03-10 21:36:36 +01:00
|
|
|
|
|
|
|
|
for DIST in "bookworm" # Add new debian version here
|
|
|
|
|
do
|
|
|
|
|
rebuild_base_incus "unstable" $DIST
|
|
|
|
|
|
|
|
|
|
for YNH_BRANCH in "testing"
|
|
|
|
|
do
|
|
|
|
|
from_stable_to_another_version $YNH_BRANCH $DIST "$(dpkg --print-architecture)" "unstable"
|
|
|
|
|
done
|
|
|
|
|
done
|
