From 35a802d6d9c093c69272d9f45eff27859c4efe47 Mon Sep 17 00:00:00 2001 From: Reactor Scram Date: Thu, 2 May 2024 12:51:28 -0500 Subject: [PATCH] chore(gui-client/linux): add install script and change group to `firezone-client` (#4879) Closes #4873 --- .../firezone-client-ipc.service | 2 +- .../src-tauri/deb_files/sysusers.conf | 4 ++++ rust/gui-client/src-tauri/tauri.conf.json | 3 ++- scripts/README.md | 2 +- scripts/build/tauri-rename-ubuntu.sh | 7 ++++-- scripts/firezone-client-gui-install.sh | 24 +++++++++++++++++++ scripts/tests/linux-group.sh | 6 ++--- 7 files changed, 40 insertions(+), 8 deletions(-) rename rust/gui-client/src-tauri/{ => deb_files}/firezone-client-ipc.service (98%) create mode 100644 rust/gui-client/src-tauri/deb_files/sysusers.conf create mode 100755 scripts/firezone-client-gui-install.sh diff --git a/rust/gui-client/src-tauri/firezone-client-ipc.service b/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service similarity index 98% rename from rust/gui-client/src-tauri/firezone-client-ipc.service rename to rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service index f348140499..7238f7055c 100644 --- a/rust/gui-client/src-tauri/firezone-client-ipc.service +++ b/rust/gui-client/src-tauri/deb_files/firezone-client-ipc.service @@ -44,7 +44,7 @@ ExecStart=firezone-client-ipc Type=notify # Unfortunately we may need root to control DNS User=root -Group=firezone +Group=firezone-client [Install] WantedBy=default.target diff --git a/rust/gui-client/src-tauri/deb_files/sysusers.conf b/rust/gui-client/src-tauri/deb_files/sysusers.conf new file mode 100644 index 0000000000..830b931dad --- /dev/null +++ b/rust/gui-client/src-tauri/deb_files/sysusers.conf @@ -0,0 +1,4 @@ +# This file is part of the Firezone Client. +# This creates the `firezone-client` group automatically at startup + +g firezone-client - diff --git a/rust/gui-client/src-tauri/tauri.conf.json b/rust/gui-client/src-tauri/tauri.conf.json index edb95a1cf4..7b8c997d6d 100644 --- a/rust/gui-client/src-tauri/tauri.conf.json +++ b/rust/gui-client/src-tauri/tauri.conf.json @@ -21,7 +21,8 @@ "active": true, "deb": { "files": { - "/usr/lib/systemd/system/firezone-client-ipc.service": "./firezone-client-ipc.service" + "/usr/lib/systemd/system/firezone-client-ipc.service": "./deb_files/firezone-client-ipc.service", + "/usr/lib/sysusers.d/firezone-client-ipc.conf": "./deb_files/sysusers.conf" } }, "targets": ["deb", "msi"], diff --git a/scripts/README.md b/scripts/README.md index 564c490bd2..9c85e19977 100644 --- a/scripts/README.md +++ b/scripts/README.md @@ -34,7 +34,7 @@ You can achieve this more easily by using `pre-commit`. See ## Scripting tips -- Use `#!/usr/bin/env bash` along with `set -euo pipefail` in general for dev +- Use `#!/usr/bin/env bash` along with `set -euox pipefail` in general for dev and test scripts. - In Docker images and other minimal envs, stick to `#!/bin/sh` and simply `set -eu`. diff --git a/scripts/build/tauri-rename-ubuntu.sh b/scripts/build/tauri-rename-ubuntu.sh index 0093a897c2..a4b1b0382a 100755 --- a/scripts/build/tauri-rename-ubuntu.sh +++ b/scripts/build/tauri-rename-ubuntu.sh @@ -23,7 +23,10 @@ make_hash "$BINARY_DEST_PATH.dwp" make_hash "$BINARY_DEST_PATH.deb" # Test the deb package, since this script is the easiest place to get a release build -sudo dpkg --install "$BINARY_DEST_PATH.deb" +DEB_PATH=$(realpath "$BINARY_DEST_PATH.deb") +sudo apt-get install "$DEB_PATH" +# Update users / groups +sudo systemd-sysusers # Debug-print the files. The icons and both binaries should be in here dpkg --listfiles firezone-client-gui @@ -37,5 +40,5 @@ stat /usr/share/icons/hicolor/512x512/apps/firezone-client-gui.png firezone-client-gui --help | grep "Usage: firezone-client-gui" # Try to start the IPC service -sudo groupadd --force firezone +sudo groupadd --force firezone-client sudo systemctl start firezone-client-ipc || systemctl status firezone-client-ipc diff --git a/scripts/firezone-client-gui-install.sh b/scripts/firezone-client-gui-install.sh new file mode 100755 index 0000000000..f2d0b53f14 --- /dev/null +++ b/scripts/firezone-client-gui-install.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +# Usage: ./firezone-client-gui-install.sh ./firezone-client-gui_VERSION_ARCH.deb +# +# The `./` is necessary +# +# This script should be idempotent +set -euox pipefail + +# `apt-get` needs either a leading `./` or `/` to recognize a local file path +DEB_PATH=$(realpath "$1") + +echo "Installing Firezone..." +sudo apt-get install "$DEB_PATH" + +echo "Adding your user to the firezone-client group..." +# Creates the system group `firezone-client` +sudo systemd-sysusers +sudo adduser "$USER" firezone-client + +echo "Starting and enabling Firezone IPC service..." +sudo systemctl enable --now firezone-client-ipc + +# Unfortunately Ubuntu seems to need a reboot here, at least 20.04 does +echo "Reboot to finish adding yourself to the group" diff --git a/scripts/tests/linux-group.sh b/scripts/tests/linux-group.sh index b1e216587e..e946b6b634 100755 --- a/scripts/tests/linux-group.sh +++ b/scripts/tests/linux-group.sh @@ -6,7 +6,7 @@ source "./scripts/tests/lib.sh" BINARY_NAME=firezone-client-ipc -FZ_GROUP="firezone" +FZ_GROUP="firezone-client" SERVICE_NAME=firezone-client-ipc SOCKET=/run/dev.firezone.client/ipc.sock export RUST_LOG=info @@ -15,7 +15,7 @@ export RUST_LOG=info sudo cp "rust/target/debug/firezone-headless-client" "/usr/bin/$BINARY_NAME" # Set up the systemd service -sudo cp "rust/gui-client/src-tauri/$SERVICE_NAME.service" /usr/lib/systemd/system/ +sudo cp "rust/gui-client/src-tauri/deb_files/$SERVICE_NAME.service" /usr/lib/systemd/system/ sudo cp "scripts/tests/systemd/env" "/etc/default/firezone-client-ipc" # The firezone group must exist before the daemon starts @@ -23,7 +23,7 @@ sudo groupadd "$FZ_GROUP" sudo systemctl start "$SERVICE_NAME" || { systemctl status "$SERVICE_NAME"; exit 1; } # Make sure the socket has the right permissions -if [ "root firezone" != "$(stat -c '%U %G' $SOCKET)" ] +if [ "root $FZ_GROUP" != "$(stat -c '%U %G' $SOCKET)" ] then exit 1 fi