From fe28b7c099f5fcdb06d748e0a68b4b4d00fc613c Mon Sep 17 00:00:00 2001 From: Scott B <28817345+foundObjects@users.noreply.github.com> Date: Sun, 12 Jan 2020 18:17:48 -0800 Subject: [PATCH] version 3 draft: install.sh rewrite, added install/uninstall routines --- install.sh | 184 +++++++++++++++++++++++++++++++--------------- make-release.sh | 2 +- pve-nag-buster.sh | 9 ++- 3 files changed, 130 insertions(+), 65 deletions(-) diff --git a/install.sh b/install.sh index a5ce65f..0e77767 100755 --- a/install.sh +++ b/install.sh @@ -1,9 +1,10 @@ #!/bin/bash +set -euo pipefail -# pve-nag-buster (v02) https://github.com/foundObjects/pve-nag-buster +# pve-nag-buster (v03) https://github.com/foundObjects/pve-nag-buster # Copyright (C) 2019 /u/seaQueue (reddit.com/u/seaQueue) # -# Removes Proxmox VE 5.x license nags automatically after updates +# Removes Proxmox VE 5.x+ license nags automatically after updates # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -19,72 +20,135 @@ # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. -RELEASE=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) +# ensure a predictable environment +PATH=/usr/sbin:/usr/bin:/sbin:/bin +unalias -a -# create the pve-no-subscription list - -echo "$0: Creating PVE no-subscription repo list ..." -cat << EOF > "/etc/apt/sources.list.d/pve-no-subscription.list" -# .list file automatically generated by pve-nag-buster:$0 at $(date) -# -# If $0 is run again this file will likely be overwritten -# - -deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription -EOF - -# create dpkg pre/post install hooks for persistence - -cat << 'EOF' > /etc/apt/apt.conf.d/86pve-nags -DPkg::Pre-Install-Pkgs { - "while read -r pkg; do case $pkg in *proxmox-widget-toolkit* | *pve-manager*) touch /tmp/.pve-nag-buster && exit 0; esac done < /dev/stdin"; -}; - -DPkg::Post-Invoke { - "[ -f /tmp/.pve-nag-buster ] && { /usr/share/pve-nag-buster.sh; rm -f /tmp/.pve-nag-buster; }; exit 0"; -}; -EOF - -# fetch the post-install patch script, patches license nag and switches to pve-no-subscription repository as needed - -if true; then - wget https://raw.githubusercontent.com/foundObjects/pve-nag-buster/master/pve-nag-buster.sh \ - -O "/usr/share/pve-nag-buster.sh" && - chmod +x "/usr/share/pve-nag-buster.sh" && - /usr/share/pve-nag-buster.sh +# installer main body: +_main() { + # ensure $1 exists so 'set -u' doesn't error out + (("$#" == 0)) && { set -- ""; } >&/dev/null + case "$1" in + "--emit") + # call the emit_script() function to stdout and exit, use this to verify + # that the base64 encoded script below isn't doing anything malicious + # does not require root + emit_script + ;; + "--uninstall") + # uninstall, requires root + assert_root + _uninstall + ;; + "--install" | "--offline" | "") + # install dpkg hooks, requires root + assert_root + _install "$@" + ;; + *) + # unknown flags, print usage and exit + _usage + ;; + esac exit 0 -fi +} -# this is the end, example offline code below +_uninstall() { + set -x + [ -f "/etc/apt/apt.conf.d/86pve-nags" ] && + rm -f "/etc/apt/apt.conf.d/86pve-nags" + [ -f "/usr/share/pve-nag-buster.sh" ] && + rm -f "/usr/share/pve-nag-buster.sh" -# Example code for inclusion into host provisioning scripts offline: this is just pve-nag-buster.sh -# run through "xz -z -9 -c pve-nag-buster.sh | base64" to avoid needing to fetch the script from github -# To use this installer offline just nuke the entire if block above. + echo "Script and dpkg hooks removed, please manually remove /etc/apt/sources.list.d/pve-no-subscription.list if desired" + exit 0 +} + +_install() { + # create hooks and no-subscription repo list, install hook script, run once + + RELEASE=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release) + + # create the pve-no-subscription list + echo "Creating PVE no-subscription repo list ..." + cat <<- EOF > "/etc/apt/sources.list.d/pve-no-subscription.list" + # .list file automatically generated by pve-nag-buster at $(date) + # + # If pve-nag-buster is installed again this file will be overwritten + # + + deb http://download.proxmox.com/debian/pve $RELEASE pve-no-subscription + EOF + + # create dpkg pre/post install hooks for persistence + echo "Creating dpkg hooks in /etc/apt/apt.conf.d ..." + cat <<- 'EOF' > "/etc/apt/apt.conf.d/86pve-nags" + DPkg::Pre-Install-Pkgs { + "while read -r pkg; do case $pkg in *proxmox-widget-toolkit* | *pve-manager*) touch /tmp/.pve-nag-buster && exit 0; esac done < /dev/stdin"; + }; + + DPkg::Post-Invoke { + "[ -f /tmp/.pve-nag-buster ] && { /usr/share/pve-nag-buster.sh; rm -f /tmp/.pve-nag-buster; }; exit 0"; + }; + EOF + + echo "Installing script to /usr/share/pve-nag-buster.sh" + temp='' + if [[ "$1" == "--offline" ]]; then + # offline mode, emit stored script + temp="$(mktemp)" && trap "rm -f $temp" EXIT + emit_script > "$temp" + elif [ -f "pve-nag-buster.sh" ]; then + # local copy available + temp="pve-nag-buster.sh" + else + # fetch from github + temp="$(mktemp)" && trap "rm -f $temp" EXIT + wget https://raw.githubusercontent.com/foundObjects/pve-nag-buster/master/pve-nag-buster.sh \ + -O "$temp" + fi + install -o root -m 0550 "$temp" "/usr/share/pve-nag-buster.sh" + /usr/share/pve-nag-buster.sh + return 0 +} + +# emit a stored copy of pve-nag-buster.sh offline -- this is intended to be used during +# offline provisioning where we don't have access to github or a full cloned copy of the +# project + +# run 'install.sh --emit' to dump stored script to stdout # Important: if you're not me you should probably decode this and read it to make sure I'm not doing # something malicious like mining dogecoin or stealing your valuable cat pictures -# pve-nag-buster.sh (v02) inline: +# pve-nag-buster.sh (v03) encoded below: -base64 -d << "YEET" | unxz > "/usr/share/pve-nag-buster.sh" && -/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4AXCA29dABGIQkY99Bhqpmevep/kIs9shoiNvzAP074w -LI3FnbhLtpij4weS6OPsQK59Kz5tjbWnQyPF33jFXvJXaoUNWDu1jNCPGEbx8L/Xao1oj9pvY3Kg -1uiwbnqeiyZNxvEC9DBbNO8pmKBaOS/Q4uzqwh3oRXh87IgYrLRazyGxEY23Nvy1QWHNjNQmWeQJ -XQ/srI4sGoN1MJuJSElGqFVcIw1gbMb0uTdKHo1cCaB6cehBesid/VHRbjP5UBo8lUDalXzEmPSU -F8as6Q6bPNGi2xZ0oMuVyEeypgE/gV0I5sv59Tjen5dLWBVrA1GuSfcZTeZtVCzgNupz8/3Bp511 -WUaS+xaMXTO0P6yVzKW8LzdlTF1q3eeNfvlqcdcL8ermG/VTkfyx5jsDKfRZpLLQdTV5nu67xPyt -+OrrCdG1C5xNG8O+UtkM2PgoAAVq6UJPWvHBlBC9Q6dS8G7Msz1dCOwgWqq+me5eNgON2RUOU6qj -fGOPgYW0Y5ayAUXLmfKrDOUF6tAekamQEb1GFPM3wbpbIFCucTuun+RUXcyGPqCt5FWm9JKu5qPx -0jL6dBem+gT6v/jHIyxuRUCz6Rjxcj4IqTfjpuiQMvFoKmqhW/H+jLbYqbSgkyhOagAWGvOzGqg/ -EU8j13jkb4W/8tuflP8BM44MsHc4J+t2Ru2SgeYq3jR2QWba3WOgsAUwG8ymmEa9mM2m7UaUG2Ko -Va1AjGcXKMzP+IUTPO/fCURGgETBjo+C+6O48ghpj17qzKqe9Wuq3o+CRShvG0lhejmh8pP5nVx9 -YhyVR4xZKH5EQz4bnLj9Zlc2nyuwlUHUu9dHFHf21gBY3YgrOjl3WCDi2OSKOGMflCMcsBE/JhkN -T7H6cH+Jyk09zkiNF6LOPzpCh9c1+7g6iGpo1oral1wDIXbY8P5iBjyWn7U+ofULxONDndlgT9M6 -UMh8RWESaJ96ZpDhdSYD591IYDpOuavKeJFjVzQb8864/QcRlMzzZ0tMz61akrumjUQYVoi4srIO -W7I/JpcDcABnxx6Y5xVgFDct7+xInHfC20EqN9H3p9PEotoUodAy8UckeQRo4RvQCKdKF6GUx3gt -YaNlele6TN/8HU65WEjUrLAGm98+cl4DdYyuEnOmJTEDUmb047/bftabhnWzfKwL0UQ4OWj5GAAA -95IH9OjVadkAAYsHwwsAAN9Cr22xxGf7AgAAAAAEWVo= +emit_script() { + base64 -d << 'YEET' | unxz +/Td6WFoAAATm1rRGAgAhARwAAAAQz1jM4AX4A41dABGIQkY99Bhqpmevep/kIs9shoiNvzAP074w +LI3FnbhLtpij4weS6SyCQK59Kz5tjbWnQyPF33jFXvJXaoUNWDu1jNCPGEbx8L/Xao1oj9pvY3Kg +1uiwbnqeFY3T0BVw3vH9v/mVM6jVs0gGace5y1ki7lhS3HB4q9iVjJX5r/YVESrEAGySvuExVL23 +Z0oXeFJgOvXO004IZYFS2oBqhv5RAgZ8/CXFodJxQF4RPUltfoDJ+ZtX7kh94C/s1Ke/Sx+X/OGr +UXzrTQMRYBtjbDv0bpHly5aADIveLB+OXCPWu9Ad+r07/DQjX+jPTuwrlKeE+tC7Bn5xjJVeCh6t +E7l91jOmfJ8SkMlRGwXNMyPNN/q278+4PfKVWTe1SzU+UdVjrOpyoVu2Tu1VvOOKK5XGp01688oy +P6Jm/DGROszIk/6TWOE58XXy6ipM0RRlScwWIWPd/6/eqn3pz4hvVUlGdziPMGGZ8hkG6RIzs+eq +WGwdU/Q17Kq45Rn0GBHiOq+Z/G3hWEYi5IgUpMb53YcnjidO/PQCLmpNX4XMN3Yp1kAcGUusJTCU +1RUQ1rsSTEoqr+VN/Z6lM8a75/x/6El0JC0jev1GopvvFRtJnyxrbOeqOaBd95cCAotmR7A6Qyje +R2cdqqSkFRcGgwVFcgu9WjLsRKGsSSkRbhkI0Kc9Q/3stV/iUXp2ra1DgVy5hkSC+Di5YhyUycCy +ltjKq3ck6CLwKMObb9kJ+oCRnO4W33lGdRQE4V4qtXpCZHqvB4L0x/k83TM0j0j6FkO7KdUK/nNu +gYVDfWgEFRFZkI80UFWUtKk7xPpv0FHuYJ2OycDHCRIYdqcIjfwY+LhDUhALVIElAQEn7TrsZV9G +x6uF3MsmknV6Ml56A0snUMD0Ig09Fa8r+wqKmhPpQtusjnRPA2v9t4iPZ7DDlBK2m7VY1vHIgMtM +M5OPtZ+aY4soOMrj0zbaIjvKwrAiSUhJ1msoZg3ARtJ/s4m+mP+7WB2C4sOBYTK/prZAUNaDj+Sp +eGWdGs/Uh8VjDbwrLQWX28XrWWdl9h4KG9xlwF9TjJMVriDhUp6gLrghCTahNreCWtGe0L2MNcMS +JbcIoThfZs0cxzKJDNtovQjxBP3vHaNBTxzZ5LWTW++C02FAx+7fkvk3FZsbxKCg4QE2HeLdPFPe +OVRx+ZjPAmaPF1tx/qm2GzBPbNZHJRm6sQ/JegAAAAA8deMi83ilmAABqQf5CwAAJ/5duLHEZ/sC +AAAAAARZWg== YEET - chmod +x "/usr/share/pve-nag-buster.sh" && - /usr/share/pve-nag-buster.sh +} + +assert_root() { [ $(id -u) -eq '0' ] || { echo "This action requires root." && exit 0; }; } +err() { echo "Err '${FUNCNAME[1]}': $*" >&2; } +_usage() { echo "Usage: $(basename "$0") (--emit|--offline|--uninstall)"; } + +_main "$@" diff --git a/make-release.sh b/make-release.sh index a864dea..49c71b1 100755 --- a/make-release.sh +++ b/make-release.sh @@ -1,6 +1,6 @@ #!/bin/sh -_VERS="v02" +_VERS="v03" _BRANCH=$(git branch --show-current) || { echo "can't poll branch, defaulting to master" && _BRANCH="master"; } diff --git a/pve-nag-buster.sh b/pve-nag-buster.sh index bd3eb9d..24ca0c5 100755 --- a/pve-nag-buster.sh +++ b/pve-nag-buster.sh @@ -1,9 +1,9 @@ #!/bin/bash # -# pve-nag-buster.sh (v02) https://github.com/foundObjects/pve-nag-buster +# pve-nag-buster.sh (v03) https://github.com/foundObjects/pve-nag-buster # Copyright (C) 2019 /u/seaQueue (reddit.com/u/seaQueue) # -# Removes Proxmox VE 5.x license nags automatically after updates +# Removes Proxmox VE 5.x+ license nags automatically after updates # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License @@ -21,11 +21,12 @@ NAGTOKEN="data.status !== 'Active'" NAGFILE="/usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js" +SCRIPT="$(basename $0)" # disable license nag: https://johnscs.com/remove-proxmox51-subscription-notice/ if grep -qs "$NAGTOKEN" "$NAGFILE" > /dev/null 2>&1; then - echo "$0: Removing Nag ..." + echo "$SCRIPT: Removing Nag ..." sed -i.orig "s/$NAGTOKEN/false/g" "$NAGFILE" systemctl restart pveproxy.service fi @@ -35,6 +36,6 @@ fi PAID_BASE="/etc/apt/sources.list.d/pve-enterprise" if [ -f "$PAID_BASE.list" ]; then - echo "$0: Disabling PVE paid repo list ..." + echo "$SCRIPT: Disabling PVE paid repo list ..." mv -f "$PAID_BASE.list" "$PAID_BASE.disabled" fi