zitinexus-public
/
zitinexus-router-script
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fixed script new1

This commit is contained in:
Edmund Tan 2025-07-22 22:08:02 +08:00
parent b26ec1d4d9
commit 360249f22e
2 changed files with 122 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
UI/includes/config.php
View File

@ -151,7 +151,7 @@ function executeCommand($command, &$output = null, &$returnCode = null) {
// Commands that typically need sudo privileges // Commands that typically need sudo privileges
$sudoCommands = [ $sudoCommands = [
'apt-get', 'systemctl', 'mkdir', 'chmod', 'chown', 'curl', 'gpg', 'apt-get', 'systemctl', 'mkdir', 'chmod', 'chown', 'curl', 'gpg',
'ziti', 'cp', 'mv', 'rm', 'ln', 'update-alternatives' 'ziti', 'cp', 'mv', 'rm', 'ln', 'update-alternatives', 'cat', 'openssl'
]; ];
// Check if command needs sudo and doesn't already have it // Check if command needs sudo and doesn't already have it
@ -159,8 +159,8 @@ function executeCommand($command, &$output = null, &$returnCode = null) {
$commandParts = explode(' ', trim($command)); $commandParts = explode(' ', trim($command));
$baseCommand = $commandParts[0]; $baseCommand = $commandParts[0];
// Skip if already has sudo // Skip if already has sudo or export (environment setup)
if ($baseCommand !== 'sudo') { if ($baseCommand !== 'sudo' && $baseCommand !== 'export') {
foreach ($sudoCommands as $sudoCmd) { foreach ($sudoCommands as $sudoCmd) {
if ($baseCommand === $sudoCmd || strpos($command, $sudoCmd) !== false) { if ($baseCommand === $sudoCmd || strpos($command, $sudoCmd) !== false) {
$needsSudo = true; $needsSudo = true;
@ -178,17 +178,28 @@ function executeCommand($command, &$output = null, &$returnCode = null) {
} }
// Add sudo if needed and we're not already root // Add sudo if needed and we're not already root
if ($needsSudo && posix_getuid() !== 0) { if ($needsSudo && posix_getuid() !== 0 && strpos($command, 'sudo') === false) {
$command = 'sudo ' . $command; $command = 'sudo ' . $command;
} }
// Log the command being executed for debugging
logMessage('DEBUG', "Executing command: $command");
$descriptorspec = [ $descriptorspec = [
0 => ['pipe', 'r'], // stdin 0 => ['pipe', 'r'], // stdin
1 => ['pipe', 'w'], // stdout 1 => ['pipe', 'w'], // stdout
2 => ['pipe', 'w'] // stderr 2 => ['pipe', 'w'] // stderr
]; ];
$process = proc_open($command, $descriptorspec, $pipes); // Set environment variables for better command execution
$env = [
'PATH' => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
'HOME' => '/root',
'SHELL' => '/bin/bash',
'TERM' => 'xterm'
];
$process = proc_open($command, $descriptorspec, $pipes, null, $env);
if (is_resource($process)) { if (is_resource($process)) {
fclose($pipes[0]); fclose($pipes[0]);
@ -200,11 +211,19 @@ function executeCommand($command, &$output = null, &$returnCode = null) {
fclose($pipes[2]); fclose($pipes[2]);
$returnCode = proc_close($process); $returnCode = proc_close($process);
$output = trim($stdout . $stderr); $output = trim($stdout . ($stderr ? "\nSTDERR: " . $stderr : ""));
// Log command result for debugging
if ($returnCode !== 0) {
logMessage('DEBUG', "Command failed with return code $returnCode: $output");
} else {
logMessage('DEBUG', "Command succeeded: " . substr($output, 0, 200) . (strlen($output) > 200 ? '...' : ''));
}
return $returnCode === 0; return $returnCode === 0;
} }
logMessage('ERROR', "Failed to execute command: $command");
return false; return false;
} }

100
UI/includes/enrollment.php
View File

@ -181,9 +181,8 @@ class EnrollmentManager {
$this->reportProgress('INSTALL', 'Setting up OpenZiti package repository...'); $this->reportProgress('INSTALL', 'Setting up OpenZiti package repository...');
// Add GPG key // Add GPG key using enhanced method to handle PHP execution environment
$gpgCommand = 'curl -sSLf https://get.openziti.io/tun/package-repos.gpg | gpg --dearmor --output /usr/share/keyrings/openziti.gpg'; if (!$this->addOpenZitiGpgKey()) {
if (!executeCommand($gpgCommand)) {
throw new Exception('Failed to add OpenZiti GPG key'); throw new Exception('Failed to add OpenZiti GPG key');
} }
@ -529,6 +528,101 @@ EOF;
); );
} }
/**
* Add OpenZiti GPG key with enhanced error handling for PHP execution environment
*/
private function addOpenZitiGpgKey() {
$this->reportProgress('INSTALL', 'Downloading OpenZiti GPG key...');
// Method 1: Try the original piped command with enhanced environment
$gpgKeyUrl = 'https://get.openziti.io/tun/package-repos.gpg';
$gpgKeyPath = '/usr/share/keyrings/openziti.gpg';
// First, try the enhanced piped command with explicit environment
$envCommand = 'export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" && export HOME="/root" && export GNUPGHOME="/root/.gnupg"';
$gpgCommand = $envCommand . ' && curl -sSLf ' . $gpgKeyUrl . ' | gpg --dearmor --output ' . $gpgKeyPath;
$output = '';
if (executeCommand($gpgCommand, $output)) {
$this->reportProgress('INSTALL', 'GPG key added successfully using piped method');
return true;
}
logMessage('WARNING', 'Piped GPG command failed: ' . $output);
$this->reportProgress('INSTALL', 'Piped method failed, trying step-by-step approach...');
// Method 2: Step-by-step approach - download first, then process
$tempGpgFile = tempnam(sys_get_temp_dir(), 'openziti-gpg');
// Step 1: Download GPG key to temporary file
$downloadCommand = 'curl -sSLf ' . $gpgKeyUrl . ' -o ' . $tempGpgFile;
if (!executeCommand($downloadCommand, $output)) {
unlink($tempGpgFile);
logMessage('ERROR', 'Failed to download GPG key: ' . $output);
return false;
}
// Step 2: Verify the downloaded file exists and has content
if (!file_exists($tempGpgFile) || filesize($tempGpgFile) == 0) {
unlink($tempGpgFile);
logMessage('ERROR', 'Downloaded GPG key file is empty or missing');
return false;
}
$this->reportProgress('INSTALL', 'GPG key downloaded successfully, processing...');
// Step 3: Process with GPG using explicit environment and full paths
$gpgProcessCommand = $envCommand . ' && /usr/bin/gpg --dearmor --output ' . $gpgKeyPath . ' ' . $tempGpgFile;
if (executeCommand($gpgProcessCommand, $output)) {
unlink($tempGpgFile);
$this->reportProgress('INSTALL', 'GPG key processed successfully using step-by-step method');
return true;
}
logMessage('ERROR', 'GPG processing failed: ' . $output);
// Method 3: Fallback - use cat and redirect (sometimes works when pipes don't)
$this->reportProgress('INSTALL', 'Trying fallback method...');
$fallbackCommand = $envCommand . ' && cat ' . $tempGpgFile . ' | /usr/bin/gpg --dearmor > ' . $gpgKeyPath;
if (executeCommand($fallbackCommand, $output)) {
unlink($tempGpgFile);
$this->reportProgress('INSTALL', 'GPG key added successfully using fallback method');
return true;
}
// Clean up and log final failure
unlink($tempGpgFile);
logMessage('ERROR', 'All GPG key installation methods failed. Last error: ' . $output);
// Method 4: Last resort - manual file operations
$this->reportProgress('INSTALL', 'Trying manual file operations as last resort...');
// Download again to a new temp file
$tempGpgFile2 = tempnam(sys_get_temp_dir(), 'openziti-gpg2');
if (executeCommand('curl -sSLf ' . $gpgKeyUrl . ' -o ' . $tempGpgFile2, $output)) {
// Try to use openssl or other tools if available
$opensslCommand = 'openssl base64 -d -A < ' . $tempGpgFile2 . ' > ' . $gpgKeyPath;
if (executeCommand($opensslCommand, $output)) {
unlink($tempGpgFile2);
$this->reportProgress('INSTALL', 'GPG key added using openssl fallback');
return true;
}
// Final attempt: just copy the raw file and let apt handle it
if (executeCommand("cp '$tempGpgFile2' '$gpgKeyPath'", $output)) {
unlink($tempGpgFile2);
$this->reportProgress('INSTALL', 'GPG key copied as raw file - apt may handle conversion');
return true;
}
unlink($tempGpgFile2);
}
return false;
}
/** /**
* Check if command exists * Check if command exists
*/ */