fix install script14
This commit is contained in:
parent
0dce65fdd3
commit
1c51ff02b5
|
|
@ -109,16 +109,79 @@ function logMessage($level, $message) {
|
|||
}
|
||||
|
||||
/**
|
||||
* Check if running as root/admin
|
||||
* Check if running as root/admin or has sudo privileges
|
||||
*/
|
||||
function isRunningAsRoot() {
|
||||
return posix_getuid() === 0;
|
||||
// If actually running as root
|
||||
if (posix_getuid() === 0) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// Test if we have sudo privileges by trying a simple sudo command
|
||||
$output = '';
|
||||
$returnCode = 0;
|
||||
$testCommand = 'sudo -n whoami 2>/dev/null';
|
||||
|
||||
$descriptorspec = [
|
||||
0 => ['pipe', 'r'],
|
||||
1 => ['pipe', 'w'],
|
||||
2 => ['pipe', 'w']
|
||||
];
|
||||
|
||||
$process = proc_open($testCommand, $descriptorspec, $pipes);
|
||||
|
||||
if (is_resource($process)) {
|
||||
fclose($pipes[0]);
|
||||
$stdout = stream_get_contents($pipes[1]);
|
||||
fclose($pipes[1]);
|
||||
fclose($pipes[2]);
|
||||
$returnCode = proc_close($process);
|
||||
|
||||
// If sudo command succeeded, we have sudo privileges
|
||||
return $returnCode === 0;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Execute system command safely
|
||||
* Execute system command safely with automatic sudo for privileged operations
|
||||
*/
|
||||
function executeCommand($command, &$output = null, &$returnCode = null) {
|
||||
// Commands that typically need sudo privileges
|
||||
$sudoCommands = [
|
||||
'apt-get', 'systemctl', 'mkdir', 'chmod', 'chown', 'curl', 'gpg',
|
||||
'ziti', 'cp', 'mv', 'rm', 'ln', 'update-alternatives'
|
||||
];
|
||||
|
||||
// Check if command needs sudo and doesn't already have it
|
||||
$needsSudo = false;
|
||||
$commandParts = explode(' ', trim($command));
|
||||
$baseCommand = $commandParts[0];
|
||||
|
||||
// Skip if already has sudo
|
||||
if ($baseCommand !== 'sudo') {
|
||||
foreach ($sudoCommands as $sudoCmd) {
|
||||
if ($baseCommand === $sudoCmd || strpos($command, $sudoCmd) !== false) {
|
||||
$needsSudo = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// Also check for file operations in system directories
|
||||
if (strpos($command, '/etc/') !== false ||
|
||||
strpos($command, '/var/') !== false ||
|
||||
strpos($command, '/usr/') !== false ||
|
||||
strpos($command, '/opt/') !== false) {
|
||||
$needsSudo = true;
|
||||
}
|
||||
}
|
||||
|
||||
// Add sudo if needed and we're not already root
|
||||
if ($needsSudo && posix_getuid() !== 0) {
|
||||
$command = 'sudo ' . $command;
|
||||
}
|
||||
|
||||
$descriptorspec = [
|
||||
0 => ['pipe', 'r'], // stdin
|
||||
1 => ['pipe', 'w'], // stdout
|
||||
|
|
|
|||
|
|
@ -194,9 +194,14 @@ class EnrollmentManager {
|
|||
|
||||
// Add repository to sources list
|
||||
$repoContent = 'deb [signed-by=/usr/share/keyrings/openziti.gpg] https://packages.openziti.org/zitipax-openziti-deb-stable debian main';
|
||||
if (!file_put_contents('/etc/apt/sources.list.d/openziti-release.list', $repoContent)) {
|
||||
$tempFile = tempnam(sys_get_temp_dir(), 'openziti-repo');
|
||||
file_put_contents($tempFile, $repoContent);
|
||||
|
||||
if (!executeCommand("cp '$tempFile' /etc/apt/sources.list.d/openziti-release.list")) {
|
||||
unlink($tempFile);
|
||||
throw new Exception('Failed to add OpenZiti repository');
|
||||
}
|
||||
unlink($tempFile);
|
||||
|
||||
// Update package list
|
||||
$this->reportProgress('INSTALL', 'Updating package list...');
|
||||
|
|
@ -408,9 +413,15 @@ StandardError=append:/var/log/ziti-router.log
|
|||
WantedBy=multi-user.target
|
||||
EOF;
|
||||
|
||||
if (!file_put_contents(SYSTEMD_SERVICE_FILE, $serviceContent)) {
|
||||
// Write service file using sudo
|
||||
$tempFile = tempnam(sys_get_temp_dir(), 'ziti-service');
|
||||
file_put_contents($tempFile, $serviceContent);
|
||||
|
||||
if (!executeCommand("cp '$tempFile' " . SYSTEMD_SERVICE_FILE)) {
|
||||
unlink($tempFile);
|
||||
throw new Exception('Failed to create systemd service file');
|
||||
}
|
||||
unlink($tempFile);
|
||||
|
||||
// Reload systemd and enable service
|
||||
if (!executeCommand('systemctl daemon-reload')) {
|
||||
|
|
|
|||
|
|
@ -356,6 +356,13 @@ www-data ALL=(ALL) NOPASSWD: /usr/bin/which
|
|||
www-data ALL=(ALL) NOPASSWD: /usr/bin/hostname
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/uname
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/lsb_release
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/cp
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/mv
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/rm
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/ln
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/whoami
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/tee
|
||||
www-data ALL=(ALL) NOPASSWD: /usr/bin/cat
|
||||
EOF
|
||||
|
||||
# Validate sudoers file
|
||||
|
|
|
|||
Loading…
Reference in New Issue