[3.3.6] backport Linux non-root packaging scripts#35145
Merged
Conversation
- Add setup_env() to install.sh: detects user vs root mode, selects
service dirs (systemctl --user for non-root), initialises all path
variables accordingly, and writes .install_path sentinel.
- Add validate_safe_path(), .install_path discovery, user_mode
detection, and sysctl_cmd (systemctl --user for non-root) to
remove.sh; clean_service_on_systemd_of now uses ${sysctl_cmd}.
- Add smokeTest/test_non_root_server_packaging_backport.sh regression
guard (6 checks, all passing).
- 3.3.6 tool lists, service names, and runtime boundaries preserved;
no xnode SQL behaviour introduced.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- clear csudo in user_mode=1 branch of setup_env() (install.sh) and
user_mode=1 branch (remove.sh) so non-root installs never run file
operations with sudo
- replace bare systemctl / ${csudo}systemctl with ${sysctl_cmd} in
clean_service_on_systemd(), install_service_on_systemd(), and the
updateProduct() stop path so non-root installs target the user bus
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Override csudo to empty after the top-level sudo detection so that non-root (user_mode=1) uninstalls never invoke sudo for file operations. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Remove the unconditional reassignment of service_config_dir to /etc/systemd/system inside the root-mode directory initialization block of setup_env(). The earlier service-manager detection block already sets service_config_dir=/etc/init.d when sysvinit is in use; overwriting it here broke that detection. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- packaging/tools/install.sh: drop csudo variable and all sudo invocations; direct commands run under current user context which is already correct (root owns system dirs, non-root owns user-local dirs set by setup_env) - packaging/tools/remove.sh: same; also remove the csudo init block and the non-root override that was masking the underlying sudo calls - packaging/smokeTest/test_non_root_server_packaging_backport.sh: extend regression guard with check_absent() helper and two new checks that fail if sudo or csudo appear in either target script Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This pull request introduces non-root (user-mode) support for TDengine server and client packaging scripts, including new regression tests. Key changes involve environment detection, directory initialization for non-root users, and updating systemd service management to use per-user sessions. Feedback highlights a critical security risk where /etc/hosts is made world-writable, and identifies several portability issues with ps and xargs commands that will cause failures on macOS (Darwin) systems.
Contributor
There was a problem hiding this comment.
Pull request overview
Backports main-branch non-root (user-mode) Linux packaging behavior into the 3.3.6 community install/remove scripts, adding safeguards around conflicting system-wide installs and adding smoke tests to prevent regressions.
Changes:
- Add user-mode awareness across install/remove scripts (per-user install dirs,
systemctl --user, safer process cleanup,.install_pathinstall discovery). - Add uninstall/install safety improvements (path validation, preserve cfg/log/data in user-mode unless explicitly removed, tighter process matching).
- Add bash smoke-test guards to validate key non-root backport behaviors for server and client packaging scripts.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 7 comments.
Show a summary per file
| File | Description |
|---|---|
| packaging/tools/startPre.sh | Support user-mode systemd unit location and systemctl --user reloads. |
| packaging/tools/install.sh | Add user-mode setup, conflicting system install detection, .install_path, user-mode unit rewrites. |
| packaging/tools/install_client.sh | Add user-mode env setup, conflict checks, .install_path, and per-user link locations. |
| packaging/tools/remove.sh | Add .install_path discovery, user-mode cleanup logic, safer process-kill scoping, and path validation. |
| packaging/tools/remove_client.sh | Add .install_path discovery, user-mode dirs, safer process matching, and path validation. |
| packaging/smokeTest/test_non_root_server_packaging_backport.sh | Regression guard for server packaging non-root backport expectations. |
| packaging/smokeTest/test_non_root_client_packaging_backport.sh | Regression guard for client packaging non-root backport expectations. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Backports main-branch non-root (user-mode) Linux packaging behavior into the 3.3.6 community install/remove scripts, adding safety checks and smoke-test guards to prevent regressions in non-root lifecycle and uninstall behavior.
Changes:
- Add user-mode support across install/remove scripts (per-user dirs,
systemctl --user,.install_pathinstallDir discovery). - Harden uninstall behavior (safer process cleanup, preserve cfg/log/data for user installs unless explicitly requested).
- Add packaging smoke-test regression guards for server/client non-root backport behavior and uninstall entrypoint correctness.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 10 comments.
Show a summary per file
| File | Description |
|---|---|
| packaging/tools/startPre.sh | Adds user-mode systemd unit path selection and systemctl --user support. |
| packaging/tools/remove_client.sh | Adds .install_path discovery, user-mode directories, safer process kill logic, and safer install-dir cleanup. |
| packaging/tools/remove.sh | Adds .install_path discovery, user-mode dirs + systemctl --user, safer process targeting, and install-dir cleanup logic. |
| packaging/tools/install_client.sh | Adds user-mode install layout, blocks non-root install if system-wide install exists, writes .install_path, updates shell rc. |
| packaging/tools/install.sh | Adds user-mode install layout, blocks non-root install if system-wide install exists, writes .install_path, rewrites systemd units for user-mode. |
| packaging/smokeTest/test_non_root_server_packaging_backport.sh | New regression guard verifying server scripts contain expected non-root backport behavior. |
| packaging/smokeTest/test_non_root_client_packaging_backport.sh | New regression guard verifying client scripts contain expected non-root backport behavior. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint.sh | New guard ensuring install.sh “client” uses remove.sh as uninstall backend. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint_guard_selftest.sh | New self-test validating the guard script catches intended good/bad fixtures. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- install.sh: remove chmod 666 /etc/hosts, use -w check instead - install.sh: fix insserv $1} stray brace typo - remove.sh: fix undefined verNumber in macOS Cellar paths - remove.sh: quote all rm -rf variable expansions for safety - install_client.sh: fix kill_client() multi-PID handling with while-read loop - remove_client.sh: replace GNU xargs -r with portable while-read loop - test: update guard pattern to match quoted rm -f form Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- install.sh: kill_process() use pgrep -x + while-read + || true - install_client.sh: kill_client() use pgrep -x + || true - remove_client.sh: add || : to while-read pipeline Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Backports main-branch non-root (user-mode) Linux packaging behaviors into the 3.3.6 community install/remove scripts, adds guardrails around root vs non-root lifecycle safety, and introduces smoke tests to prevent regressions.
Changes:
- Add user-mode install/uninstall support via
.install_pathdiscovery, per-user systemd units (systemctl --user), and per-user install locations. - Harden uninstall behavior to better scope process termination and avoid deleting config/log/data unintentionally.
- Add packaging smoke-test scripts to validate the backport invariants (non-root behavior, uninstall entrypoint correctness).
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packaging/tools/startPre.sh | Adjust service/log locations and systemctl invocation for user-mode systemd units. |
| packaging/tools/remove_client.sh | Add .install_path discovery, user-mode paths, safer process killing, and selective uninstall cleanup. |
| packaging/tools/remove.sh | Add .install_path discovery, user-mode support, scoped process killing, and safer uninstall cleanup logic. |
| packaging/tools/install_client.sh | Add user-mode install layout, conflict detection vs system installs, .install_path writing, and PATH/LD_LIBRARY_PATH setup. |
| packaging/tools/install.sh | Add user-mode setup (setup_env), conflict detection, user-mode systemd unit rewriting, and .install_path writing. |
| packaging/smokeTest/test_non_root_server_packaging_backport.sh | Regression guard for server-side non-root backport behavior. |
| packaging/smokeTest/test_non_root_client_packaging_backport.sh | Regression guard for client-side non-root backport behavior. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint.sh | Guard ensuring install.sh client mode uses remove.sh (not remove_client.sh) as uninstall backend. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint_guard_selftest.sh | Self-test harness validating the uninstall entrypoint guard script. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Check systemd >= 232 before non-root install, clear error for CentOS 7 - Show linger hint after install if not enabled (needed for auto-start on reboot) - Improve user session error message Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
User-level systemd does not have multi-user.target. Services must use WantedBy=default.target for auto-start on boot (with linger enabled). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Backports main-branch non-root (user-mode) packaging behavior into the 3.3.6 community install/remove scripts, adds safeguards around conflicting system-wide installs, and introduces smoke-test guards to prevent regressions in this backport.
Changes:
- Add user-mode (non-root) install/uninstall support across server/client scripts, including
.install_path-based installDir discovery and systemd--userhandling. - Tighten uninstall safety (scoped process killing, config/log preservation behavior) and block non-root installs when a system-wide install is detected.
- Add packaging smoke tests to assert key backport invariants and guard against future drift.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| packaging/tools/startPre.sh | Adjusts log/service dirs and systemctl invocation for user-mode systemd units. |
| packaging/tools/install.sh | Adds setup_env() user-mode detection, systemd user-unit rewrites, .install_path, and conflict detection. |
| packaging/tools/remove.sh | Adds .install_path discovery, user-mode support, safer process scoping, and revised removal logic. |
| packaging/tools/install_client.sh | Adds non-root client install behavior (user-local dirs, rc-file PATH/LD_LIBRARY_PATH updates, .install_path, conflict detection). |
| packaging/tools/remove_client.sh | Adds .install_path discovery, user-mode directory handling, safer process scoping, and improved cleanup behavior. |
| packaging/smokeTest/test_non_root_server_packaging_backport.sh | New regression guard verifying server-side user-mode backport invariants. |
| packaging/smokeTest/test_non_root_client_packaging_backport.sh | New regression guard verifying client-side user-mode backport invariants. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint.sh | New guard ensuring install.sh client flow uses remove.sh as uninstall backend. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint_guard_selftest.sh | Self-test harness validating the uninstall-entrypoint guard script behavior. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…tall Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…t uninstall Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
Backports main-branch “non-root (user-mode)” Linux packaging behavior into the 3.3.6 community install/remove scripts, adds safeguards around conflicting system-wide installs, and introduces smoke-test regression guards to prevent backport drift.
Changes:
- Add user-mode install/uninstall behavior across server + client packaging scripts (user systemd units, per-user dirs,
.install_pathdiscovery). - Tighten uninstall process targeting/safety (scoped process kills, preserve cfg/log/data in user-mode, safer symlink cleanup).
- Add packaging smoke-test guards validating non-root backport invariants.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 8 comments.
Show a summary per file
| File | Description |
|---|---|
| packaging/tools/startPre.sh | Use user systemd unit dir + systemctl --user for non-root start-pre behavior. |
| packaging/tools/install.sh | Introduce user-mode setup (systemctl --user, per-user paths), .install_path, unit rewrites, conflict checks. |
| packaging/tools/remove.sh | Add .install_path discovery, user-mode removal behavior, scoped process killing, env cleanup. |
| packaging/tools/install_client.sh | Add user-mode client install paths/link dirs, conflict checks, .install_path, rc-file env setup. |
| packaging/tools/remove_client.sh | Add .install_path discovery, user-mode uninstall paths, scoped process killing, env cleanup. |
| packaging/smokeTest/test_non_root_server_packaging_backport.sh | Guard script to assert required non-root backport patterns in server packaging scripts. |
| packaging/smokeTest/test_non_root_client_packaging_backport.sh | Guard script to assert required non-root backport patterns in client packaging scripts. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint.sh | Guard ensuring install.sh client mode uses remove.sh (not remove_client.sh) as uninstall backend. |
| packaging/smokeTest/test_install_sh_client_uninstall_entrypoint_guard_selftest.sh | Self-test for the install.sh uninstall-entrypoint guard logic. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- install_client.sh: remove rm -rf in install_log() to preserve logs on upgrade - remove.sh: add || : to rm calls in remove_service_of() to prevent set -e crash when non-root can't delete /usr/local/bin entries - remove.sh: skip dpkg/rpm cleanup in non-root mode (requires root) - startPre.sh: guard against missing StartLimitBurst in service file Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
feici02
approved these changes
Apr 24, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Test Plan
https://project.feishu.cn/taosdata_td/job/detail/6961071591