From 54fbf8b0b10c1c55a4967edf779680775795cadb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CDarkWugWug=E2=80=9D?= <“nolanrosen15@gmail.com”> Date: Sun, 21 Aug 2022 13:56:22 -0400 Subject: [PATCH 1/4] Updates for GH_TOKEN addition for packwiz support --- README.md | 34 ++++++++++++++++++++++++++++++++++ scripts/start-setupModpack | 15 ++++++++++++++- 2 files changed, 48 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 45fe6c42225..31ccd496031 100644 --- a/README.md +++ b/README.md @@ -643,6 +643,40 @@ packwiz modpack defitions are processed before other mod definitions (`MODPACK`, > packwiz is pre-configured to only download server mods. If client-side mods are downloaded and cause issues, check your pack.toml configuration, and make sure any client-only mods are not set to `"both"`, but rather `"client"` for the side configuration item. +### Known Issues: Curl 403 on Startup + +If the container enters a crash-loop or is otherwise rate-limited by Github, you +will see an error similar to, `curl: (22) The requested URL returned error: 403`. + +Packwiz is primarily distributed through Github releases. In order to check if +there are any new releases, this container must call Githubs API. All of the +data that we need to check is public, but trouble happens when Github has reason +to think these calls are a bad-actor. Like if the container gets stuck in a loop +restarting and calls the API too fast or too many times. Simply, this container uses +personal access tokens to tells Github that this system is built by a friendly +human. + +[Manage Your Github's Personal Access Tokens](https://github.com/settings/tokens) + +Create a new personal access token for this container to use. This token will +be used everytime the container is started or restarted so choose an expiration +date that will last for as long as you plan to be operating this container +instance. **The token cannot have any scopes.** This script doesn't need any +scopes what-so-ever to Github and is only being used to signal to Github that +a friendly human is requesting some data. **Do NOT give this token scopes. This +container will refuse to use any token with scopes.** + +To configure server mods using a packwiz modpack and a github token, set the +`PACKWIZ_URL` environment variable to the location of your `pack.toml` modpack +definition and the `GH_TOKEN` to your token's secret value: + + docker run -d -v /path/on/host:/data \ + -p 25565:25565 \ + -e TYPE=FORGE \ + -e "PACKWIZ_URL=https://example.com/modpack/pack.toml" \ + -e "GH_TOKEN"=ghp_chaosofrandomdigitsandletters \ + itzg/minecraft-server + ## Working with mods and plugins ### Optional plugins, mods, and config attach points diff --git a/scripts/start-setupModpack b/scripts/start-setupModpack index 56ba24af8f2..e51de5afed0 100755 --- a/scripts/start-setupModpack +++ b/scripts/start-setupModpack @@ -25,7 +25,20 @@ fi # If packwiz url passed, bootstrap packwiz and update mods before other modpack processing if [[ "${PACKWIZ_URL:-}" ]]; then # Ensure we have the latest packwiz bootstrap installer - latestPackwiz=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest) + if [[ "${GH_TOKEN:-}" ]]; then + # User has provided a Personal Access Token to mitigate rate-limiting issues + oAuthScopes="undefined" + oAuthScopes=$(curl -sv -H "Authorization: token $GH_TOKEN" https://api.github.com/users/codertocat -I | grep x-oauth-scopes) + if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then + # Don't use what you don't have to... + log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." + exit 1 + else + latestPackwiz=$(curl -fsSL -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest) + fi + else + latestPackwiz=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest) + fi if [[ -z "${latestPackwiz}" ]]; then log "WARNING: Could not retrieve Packwiz bootstrap installer release information" else From c7c00e6d972e44cff95615920e72428e6c8e8194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CDarkWugWug=E2=80=9D?= Date: Sun, 21 Aug 2022 14:34:25 -0400 Subject: [PATCH 2/4] Cleaned up some verboseness and updated the lines for the installer --- scripts/start-setupModpack | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/scripts/start-setupModpack b/scripts/start-setupModpack index e51de5afed0..478b7e0d7b4 100755 --- a/scripts/start-setupModpack +++ b/scripts/start-setupModpack @@ -28,7 +28,7 @@ if [[ "${PACKWIZ_URL:-}" ]]; then if [[ "${GH_TOKEN:-}" ]]; then # User has provided a Personal Access Token to mitigate rate-limiting issues oAuthScopes="undefined" - oAuthScopes=$(curl -sv -H "Authorization: token $GH_TOKEN" https://api.github.com/users/codertocat -I | grep x-oauth-scopes) + oAuthScopes=$(curl -s -H "Authorization: token $GH_TOKEN" https://api.github.com/users/codertocat -I | grep x-oauth-scopes) if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then # Don't use what you don't have to... log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." @@ -59,11 +59,33 @@ if [[ "${PACKWIZ_URL:-}" ]]; then #if bootstrap download fails, download installer manually - then run without updating returnVal=$? if [[ $returnVal ]]; then - latestPackwizInstaller=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer/releases/latest) + if [[ "${GH_TOKEN:-}" ]]; then + # User has provided a Personal Access Token to mitigate rate-limiting issues + if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then + # Don't use what you don't have to... + log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." + exit 1 + else + latestPackwizInstaller=$(curl -fsSL -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/packwiz/packwiz-installer/releases/latest) + fi + else + latestPackwizInstaller=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer/releases/latest) + fi latestPackwizInstallerVer=$(echo "${latestPackwizInstaller}" | jq --raw-output '.tag_name') latestPackwizInstallerUrl=$(echo "${latestPackwizInstaller}" | jq --raw-output '.assets[] | select(.name | match("packwiz-installer.jar")) | .url') log "Packwiz couldn't update - Downloading Packwiz Installer ${latestPackwizInstallerVer}" - curl -H "Accept:application/octet-stream" -o "packwiz-installer.jar" -fsSL "${latestPackwizInstallerUrl}" + if [[ "${GH_TOKEN:-}" ]]; then + # User has provided a Personal Access Token to mitigate rate-limiting issues + if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then + # Don't use what you don't have to... + log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." + exit 1 + else + curl -fsSL -H "Authorization: token $GH_TOKEN" -H "Accept:application/octet-stream" -o "packwiz-installer.jar" "${latestPackwizInstallerUrl}" + fi + else + curl -H "Accept:application/octet-stream" -o "packwiz-installer.jar" -fsSL "${latestPackwizInstallerUrl}" + fi java -jar "${PACKWIZ_BOOTSTRAP_JAR}" -g -bootstrap-no-update -s server "${PACKWIZ_URL}" fi fi From c031ea6a702a5b978efa48abda6c2462d97658b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CDarkWugWug=E2=80=9D?= Date: Sun, 21 Aug 2022 14:49:22 -0400 Subject: [PATCH 3/4] Oh there's more... added a function for this --- scripts/start-setupModpack | 41 +++----------------------------------- scripts/start-utils | 17 +++++++++++++++- 2 files changed, 19 insertions(+), 39 deletions(-) diff --git a/scripts/start-setupModpack b/scripts/start-setupModpack index 478b7e0d7b4..5662c536f04 100755 --- a/scripts/start-setupModpack +++ b/scripts/start-setupModpack @@ -25,20 +25,7 @@ fi # If packwiz url passed, bootstrap packwiz and update mods before other modpack processing if [[ "${PACKWIZ_URL:-}" ]]; then # Ensure we have the latest packwiz bootstrap installer - if [[ "${GH_TOKEN:-}" ]]; then - # User has provided a Personal Access Token to mitigate rate-limiting issues - oAuthScopes="undefined" - oAuthScopes=$(curl -s -H "Authorization: token $GH_TOKEN" https://api.github.com/users/codertocat -I | grep x-oauth-scopes) - if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then - # Don't use what you don't have to... - log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." - exit 1 - else - latestPackwiz=$(curl -fsSL -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest) - fi - else - latestPackwiz=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest) - fi + latestPackwiz=$(get_from_gh "https://api.github.com/repos/packwiz/packwiz-installer-bootstrap/releases/latest") if [[ -z "${latestPackwiz}" ]]; then log "WARNING: Could not retrieve Packwiz bootstrap installer release information" else @@ -59,33 +46,11 @@ if [[ "${PACKWIZ_URL:-}" ]]; then #if bootstrap download fails, download installer manually - then run without updating returnVal=$? if [[ $returnVal ]]; then - if [[ "${GH_TOKEN:-}" ]]; then - # User has provided a Personal Access Token to mitigate rate-limiting issues - if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then - # Don't use what you don't have to... - log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." - exit 1 - else - latestPackwizInstaller=$(curl -fsSL -H "Authorization: token $GH_TOKEN" https://api.github.com/repos/packwiz/packwiz-installer/releases/latest) - fi - else - latestPackwizInstaller=$(curl -fsSL https://api.github.com/repos/packwiz/packwiz-installer/releases/latest) - fi + latestPackwizInstaller=$(get_from_gh "https://api.github.com/repos/packwiz/packwiz-installer/releases/latest") latestPackwizInstallerVer=$(echo "${latestPackwizInstaller}" | jq --raw-output '.tag_name') latestPackwizInstallerUrl=$(echo "${latestPackwizInstaller}" | jq --raw-output '.assets[] | select(.name | match("packwiz-installer.jar")) | .url') log "Packwiz couldn't update - Downloading Packwiz Installer ${latestPackwizInstallerVer}" - if [[ "${GH_TOKEN:-}" ]]; then - # User has provided a Personal Access Token to mitigate rate-limiting issues - if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then - # Don't use what you don't have to... - log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." - exit 1 - else - curl -fsSL -H "Authorization: token $GH_TOKEN" -H "Accept:application/octet-stream" -o "packwiz-installer.jar" "${latestPackwizInstallerUrl}" - fi - else - curl -H "Accept:application/octet-stream" -o "packwiz-installer.jar" -fsSL "${latestPackwizInstallerUrl}" - fi + get_from_gh "${latestPackwizInstallerUrl}" -H "Accept:application/octet-stream" -o "packwiz-installer.jar" java -jar "${PACKWIZ_BOOTSTRAP_JAR}" -g -bootstrap-no-update -s server "${PACKWIZ_URL}" fi fi diff --git a/scripts/start-utils b/scripts/start-utils index a4102f9acba..fbf80b3dff0 100755 --- a/scripts/start-utils +++ b/scripts/start-utils @@ -1,5 +1,20 @@ #!/bin/bash +function get_from_gh() { + if [[ "${GH_TOKEN:-}" ]]; then + # User has provided a Personal Access Token to mitigate rate-limiting issues + if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then + # Don't use what you don't have to... + log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." + exit 1 + else + latestPackwizInstaller=$(curl -fsSL -H "Authorization: token $GH_TOKEN" ${@:2} $1) + fi + else + latestPackwizInstaller=$(curl -fsSL ${@:2} $1) + fi +} + function join_by() { local d=$1 shift @@ -291,7 +306,7 @@ function checkSum() { # Get distro distro=$(getDistro) - + if [ "${distro}" == "debian" ] && sha1sum -c "${sum_file}" --status 2> /dev/null; then return 0 elif [ "${distro}" == "ubuntu" ] && sha1sum -c "${sum_file}" --status 2> /dev/null; then From 898c0eb9d75a8afbe2c7f546a51aa971da3b8664 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CDarkWugWug=E2=80=9D?= Date: Sun, 21 Aug 2022 15:28:09 -0400 Subject: [PATCH 4/4] Refined the function --- scripts/start-utils | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/scripts/start-utils b/scripts/start-utils index fbf80b3dff0..932fd70d423 100755 --- a/scripts/start-utils +++ b/scripts/start-utils @@ -3,15 +3,18 @@ function get_from_gh() { if [[ "${GH_TOKEN:-}" ]]; then # User has provided a Personal Access Token to mitigate rate-limiting issues + if [[ -z "${oAuthScopes}" ]]; then + oAuthScopes=$(curl -s -H "Authorization: token $GH_TOKEN" https://api.github.com/users/codertocat -I | grep x-oauth-scopes) + fi if [[ ! "$oAuthScopes" =~ ^x-oauth-scopes:[[:space:]]*$ ]]; then # Don't use what you don't have to... log "ERROR: GH_TOKEN has permissions it doesn't need. Recreate or update this personal access token and disable ALL scopes." exit 1 else - latestPackwizInstaller=$(curl -fsSL -H "Authorization: token $GH_TOKEN" ${@:2} $1) + echo $(curl -fsSL -H "Authorization: token $GH_TOKEN" ${@:2} $1) fi else - latestPackwizInstaller=$(curl -fsSL ${@:2} $1) + echo $(curl -fsSL ${@:2} $1) fi }