From dfe0d4aed79d07124637da9c2923dfbe1dff0cbb Mon Sep 17 00:00:00 2001 From: electricface Date: Mon, 22 Dec 2025 15:25:45 +0800 Subject: [PATCH] feat: Add security restriction configurations to all service files - Use the deepin-daemon user to run services whenever possible, reducing privilege risks; - Add a D-Bus policy to allow the deepin-daemon user to invoke the HandleSystemEvent method; - Deny users other than root and deepin-daemon from calling HandleSystemEvent, strengthening access control; - "Remove the unused update-metadata-info related scripts and services. Task: https://pms.uniontech.com/task-view-385069.html --- debian/lastore-daemon.postinst | 1 - .../lastore-abort-auto-download.service | 17 +++++- .../lastore-after-upgrade-check.service | 20 ++++++- .../system/lastore-auto-download.service | 16 ++++- .../system/lastore-build-system-info.service | 29 +++++++-- lib/systemd/system/lastore-daemon.service | 28 +++++++-- .../system/lastore-smartmirror-daemon.service | 44 +++++++------- .../lastore-update-metadata-info.service | 11 ---- src/lastore-daemon/manager.go | 3 - src/lastore-daemon/manager_unit.go | 40 ++++++++++--- src/lastore-daemon/updater.go | 9 --- src/lastore-smartmirror-daemon/config.go | 5 ++ src/lastore-smartmirror-daemon/smartmirror.go | 13 +++- src/lastore-tools/deprecated.go | 14 ++++- var/lib/lastore/scripts/build_safecache.sh | 4 +- var/lib/lastore/scripts/build_system_info | 2 +- .../scripts/gen_upgrade_check_config.sh | 24 +++++++- var/lib/lastore/scripts/update_metadata_info | 59 ------------------- 18 files changed, 200 insertions(+), 139 deletions(-) delete mode 100644 lib/systemd/system/lastore-update-metadata-info.service delete mode 100755 var/lib/lastore/scripts/update_metadata_info diff --git a/debian/lastore-daemon.postinst b/debian/lastore-daemon.postinst index a4b8ae4c0..e007b05a8 100755 --- a/debian/lastore-daemon.postinst +++ b/debian/lastore-daemon.postinst @@ -10,7 +10,6 @@ case "$1" in [ -e /lib/systemd/dbus-org.deepin.dde.Lastore1.service ] && rm /lib/systemd/system/dbus-org.deepin.dde.Lastore1.service || true fi systemctl daemon-reload || true - /var/lib/lastore/scripts/update_metadata_info || true /var/lib/lastore/scripts/build_system_info || true # Fix the problem that the machine id is the same after the system is installed. if [ -f /etc/machine-id ] && grep -q "a5fa4f1b04514009830c73f3b1f1dd4c" /etc/machine-id; then diff --git a/lib/systemd/system/lastore-abort-auto-download.service b/lib/systemd/system/lastore-abort-auto-download.service index 5bd6547fc..f3e80552f 100644 --- a/lib/systemd/system/lastore-abort-auto-download.service +++ b/lib/systemd/system/lastore-abort-auto-download.service @@ -3,5 +3,20 @@ Description=System Update Auto Download Abort Service Wants=lastore-daemon.service [Service] +CapabilityBoundingSet= +ExecStart=/usr/bin/dbus-send --system --print-reply --dest=org.deepin.dde.Lastore1 /org/deepin/dde/Lastore1 org.deepin.dde.Lastore1.Manager.HandleSystemEvent string:AbortAutoDownload +InaccessiblePaths=-/etc/shadow -/etc/pam.d/ -/etc/NetworkManager/system-connections/ -/etc/security/ -/etc/selinux/ -/etc/deepin-elf-verify/ -/etc/filearmor.d/ -/etc/crypttab -/etc/fstab -/sysroot/ostree/repo/ -/persistent/ostree/repo/ +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateIPC=true +PrivateTmp=true +ProtectClock=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RestrictSUIDSGID=true Type=oneshot -ExecStart=/usr/bin/dbus-send --system --print-reply --dest=org.deepin.dde.Lastore1 /org/deepin/dde/Lastore1 org.deepin.dde.Lastore1.Manager.HandleSystemEvent string:AbortAutoDownload \ No newline at end of file +User=deepin-daemon diff --git a/lib/systemd/system/lastore-after-upgrade-check.service b/lib/systemd/system/lastore-after-upgrade-check.service index a432ea113..af1f48cca 100644 --- a/lib/systemd/system/lastore-after-upgrade-check.service +++ b/lib/systemd/system/lastore-after-upgrade-check.service @@ -3,8 +3,26 @@ Description=generate config file for check system Before=display-manager.service [Service] -Type=oneshot + +# PrivateTmp=true is not set because it needs to use /tmp to save state + +CapabilityBoundingSet= ExecStart=/var/lib/lastore/scripts/gen_upgrade_check_config.sh +InaccessiblePaths=-/etc/shadow -/etc/pam.d/ -/etc/NetworkManager/system-connections/ -/etc/security/ -/etc/selinux/ -/etc/deepin-elf-verify/ -/etc/filearmor.d/ -/etc/crypttab -/etc/fstab -/sysroot/ostree/repo/ -/persistent/ostree/repo/ +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateIPC=true +ProtectClock=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +ReadWritePaths=/tmp/ +RestrictSUIDSGID=true +Type=oneshot +User=deepin-daemon [Install] WantedBy=multi-user.target diff --git a/lib/systemd/system/lastore-auto-download.service b/lib/systemd/system/lastore-auto-download.service index 098a8cac1..afff6d695 100644 --- a/lib/systemd/system/lastore-auto-download.service +++ b/lib/systemd/system/lastore-auto-download.service @@ -3,5 +3,19 @@ Description=System Update Auto Download Service Wants=lastore-daemon.service [Service] +CapabilityBoundingSet= +ExecStart=/usr/bin/dbus-send --system --print-reply --dest=org.deepin.dde.Lastore1 /org/deepin/dde/Lastore1 org.deepin.dde.Lastore1.Manager.HandleSystemEvent string:AutoDownload +InaccessiblePaths=-/etc/shadow -/etc/pam.d/ -/etc/NetworkManager/system-connections/ -/etc/security/ -/etc/selinux/ -/etc/deepin-elf-verify/ -/etc/filearmor.d/ -/etc/crypttab -/etc/fstab -/sysroot/ostree/repo/ -/persistent/ostree/repo/ +MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateIPC=true +PrivateTmp=true +ProtectClock=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +RestrictSUIDSGID=true Type=oneshot -ExecStart=/usr/bin/dbus-send --system --print-reply --dest=org.deepin.dde.Lastore1 /org/deepin/dde/Lastore1 org.deepin.dde.Lastore1.Manager.HandleSystemEvent string:AutoDownload \ No newline at end of file +User=deepin-daemon diff --git a/lib/systemd/system/lastore-build-system-info.service b/lib/systemd/system/lastore-build-system-info.service index 9f431cca8..df2182adf 100644 --- a/lib/systemd/system/lastore-build-system-info.service +++ b/lib/systemd/system/lastore-build-system-info.service @@ -2,9 +2,28 @@ Description=Build system info [Service] -Type=idle -StartLimitInterval=10s -StartLimitBurst=20 -RestartSec=5s -Restart=on-failure + +# MemoryDenyWriteExecute=true is not set because the script calls lastore-tools (a Go program compiled with -pie option) which would fail. +# ProtectProc=invisible is not set because the script uses pgrep to check if processes are running + +CapabilityBoundingSet= ExecStart=/var/lib/lastore/scripts/build_system_info -now +InaccessiblePaths=-/etc/shadow -/etc/pam.d/ -/etc/NetworkManager/system-connections/ -/etc/security/ -/etc/selinux/ -/etc/deepin-elf-verify/ -/etc/filearmor.d/ -/etc/crypttab -/etc/fstab -/sysroot/ostree/repo/ -/persistent/ostree/repo/ +NoNewPrivileges=true +PrivateDevices=true +PrivateIPC=true +PrivateTmp=true +ProtectClock=true +ProtectHome=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectSystem=strict +ReadWritePaths=/var/ +Restart=on-failure +RestartSec=5s +RestrictSUIDSGID=true +StartLimitBurst=20 +StartLimitInterval=10s +StateDirectory=lastore +Type=idle +User=deepin-daemon diff --git a/lib/systemd/system/lastore-daemon.service b/lib/systemd/system/lastore-daemon.service index 6ebc7c9d6..16c229360 100644 --- a/lib/systemd/system/lastore-daemon.service +++ b/lib/systemd/system/lastore-daemon.service @@ -3,12 +3,28 @@ Description=Deepin Lastore Daemon After=display-manager.service [Service] -Type=dbus + +# CapabilityBoundingSet= is not set because it would cause apt execution errors, such as setegid and other operations failing due to insufficient permissions. +# InaccessiblePaths is not set because dpkg needs to be called to upgrade the system. +# MemoryDenyWriteExecute=yes is not set because this is a Go program compiled with -pie option, which would prevent the process from starting. +# PrivateDevices=true is not set because grub-mkconfig is executed when creating backup deployment. +# PrivateTmp=true is not set because it relies on /tmp to record state. +# ProtectHome=true is not set because sudo is needed to connect to the user Session Bus and send DDE message notifications. +# ProtectKernelModules=true is not set because kernel packages need to be installed +# ProtectProc=true is not set because it needs to access caller process environment variables. +# ProtectSystem=strict is not set because dpkg needs to be called to upgrade the system. +# RestrictSUIDSGID=true is not set because some packages may need to set SUID and SGID during installation. +# StateDirectory=lastore is not set because it would conflict with the ownership of smartmirror-daemon and build-system-info services, which need to be owned by deepin-daemon, and enabling this would set the owner to root. + BusName=org.deepin.dde.Lastore1 -ExecStart=/usr/libexec/lastore-daemon/lastore-daemon -StandardOutput=null -StandardError=null -StateDirectory=lastore CacheDirectory=lastore +ExecStart=/usr/libexec/lastore-daemon/lastore-daemon +NoNewPrivileges=true +PrivateIPC=true +ProtectClock=true +ProtectKernelTunables=true RuntimeDirectory=lastore -RuntimeDirectoryMode=0750 \ No newline at end of file +RuntimeDirectoryMode=0750 +StandardError=null +StandardOutput=null +Type=dbus diff --git a/lib/systemd/system/lastore-smartmirror-daemon.service b/lib/systemd/system/lastore-smartmirror-daemon.service index 75148a8e6..eae2b9510 100644 --- a/lib/systemd/system/lastore-smartmirror-daemon.service +++ b/lib/systemd/system/lastore-smartmirror-daemon.service @@ -5,35 +5,31 @@ Wants=dbus.socket After=dbus.socket [Service] -Type=dbus +# Cannot set PrivateNetwork=yes because network access is required. +# Cannot set MemoryDenyWriteExecute=yes because this is a Go program compiled with -pie option, which would prevent the process from starting. BusName=org.deepin.dde.Lastore1.Smartmirror -User=deepin-daemon +CapabilityBoundingSet= ExecStart=/usr/libexec/lastore-daemon/lastore-smartmirror-daemon -StandardOutput=null -StandardError=journal - -ProtectSystem=strict -StateDirectory=lastore -InaccessiblePaths=/etc/shadow -InaccessiblePaths=-/etc/NetworkManager/system-connections -InaccessiblePaths=-/etc/pam.d -InaccessiblePaths=-/usr/share/uadp/ - +InaccessiblePaths=-/etc/shadow -/etc/pam.d/ -/etc/NetworkManager/system-connections/ -/etc/security/ -/etc/selinux/ -/etc/deepin-elf-verify/ -/etc/filearmor.d/ -/etc/crypttab -/etc/fstab -/sysroot/ostree/repo/ -/persistent/ostree/repo/ +LockPersonality=yes NoNewPrivileges=yes -ProtectHome=yes -ProtectKernelTunables=yes -ProtectKernelModules=yes -ProtectControlGroups=yes +PrivateDevices=yes +PrivateIPC=true PrivateMounts=yes PrivateTmp=yes -PrivateDevices=yes -# 需要联网 -#PrivateNetwork=yes PrivateUsers=yes +ProtectClock=true +ProtectControlGroups=yes +ProtectHome=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectSystem=strict +RemoveIPC=yes RestrictNamespaces=yes -LockPersonality=yes RestrictRealtime=yes -RemoveIPC=yes -# 和golang -pie参数冲突,导致进程无法启动 -#MemoryDenyWriteExecute=yes -#MemoryLimit=100M \ No newline at end of file +RestrictSUIDSGID=true +StandardError=journal +StandardOutput=null +StateDirectory=lastore +Type=dbus +User=deepin-daemon diff --git a/lib/systemd/system/lastore-update-metadata-info.service b/lib/systemd/system/lastore-update-metadata-info.service deleted file mode 100644 index 2916ae3ef..000000000 --- a/lib/systemd/system/lastore-update-metadata-info.service +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Update lastore metadata info - - -[Service] -Restart=on-failure -RestartSec=5s - -TimeoutStartSec=infinity - -ExecStart=/var/lib/lastore/scripts/update_metadata_info -now diff --git a/src/lastore-daemon/manager.go b/src/lastore-daemon/manager.go index 6f29058c0..f4bad1eb3 100644 --- a/src/lastore-daemon/manager.go +++ b/src/lastore-daemon/manager.go @@ -662,9 +662,6 @@ func (m *Manager) handleAutoCheckEvent() error { return err } } - if !m.config.DisableUpdateMetadata && !m.ImmutableAutoRecovery { - startUpdateMetadataInfoService() - } return nil } diff --git a/src/lastore-daemon/manager_unit.go b/src/lastore-daemon/manager_unit.go index b6d71a8be..5cf4a6ec6 100644 --- a/src/lastore-daemon/manager_unit.go +++ b/src/lastore-daemon/manager_unit.go @@ -10,6 +10,8 @@ import ( "fmt" "math/rand" "os/exec" + "os/user" + "strconv" "strings" "time" @@ -26,6 +28,7 @@ const ( lastoreUnitCache = "/tmp/lastoreUnitCache" run = "systemd-run" lastoreDBusCmd = "dbus-send --system --print-reply --dest=org.deepin.dde.Lastore1 /org/deepin/dde/Lastore1 org.deepin.dde.Lastore1.Manager.HandleSystemEvent" + deepinDaemonUser = "deepin-daemon" ) // isFirstBoot startOfflineTask执行前执行有效 @@ -38,7 +41,6 @@ type systemdEventType string const ( AutoCheck systemdEventType = "AutoCheck" AutoClean systemdEventType = "AutoClean" - UpdateInfosChanged systemdEventType = "UpdateInfosChanged" OsVersionChanged systemdEventType = "OsVersionChanged" InitIdleDownload systemdEventType = "InitIdleDownload" AutoDownload systemdEventType = "AutoDownload" @@ -334,20 +336,45 @@ func (m *Manager) getNextUpdateDelay() time.Duration { return remained + _minDelayTime } +// isAllowedToTriggerSystemEvent checks if the uid is allowed to trigger system events +func isAllowedToTriggerSystemEvent(uid uint32, eventType systemdEventType) bool { + // Allow regular users to trigger OsVersionChanged event + // TODO: This should be fixed in the future to only allow restricted users to trigger this event. + if eventType == OsVersionChanged { + return true + } + + // Allow root user for all operations + if uid == 0 { + return true + } + + // Allow deepin-daemon user for all operations + if u, err := user.Lookup(deepinDaemonUser); err == nil { + if daemonUID, err := strconv.ParseUint(u.Uid, 10, 32); err == nil && uid == uint32(daemonUID) { + return true + } + } + + return false +} + func (m *Manager) delHandleSystemEvent(sender dbus.Sender, eventType string) error { uid, err := m.service.GetConnUID(string(sender)) if err != nil { logger.Warning(err) return dbusutil.ToError(err) } - if uid != 0 && systemdEventType(eventType) != OsVersionChanged { - err = fmt.Errorf("%q is not allowed to trigger system event", uid) + + evType := systemdEventType(eventType) + if !isAllowedToTriggerSystemEvent(uid, evType) { + err = fmt.Errorf("uid %d is not allowed to trigger system event %v", uid, evType) logger.Warning(err) return dbusutil.ToError(err) } + m.service.DelayAutoQuit() - typ := systemdEventType(eventType) - switch typ { + switch evType { case AutoCheck: go func() { err := m.handleAutoCheckEvent() @@ -363,9 +390,6 @@ func (m *Manager) delHandleSystemEvent(sender dbus.Sender, eventType string) err logger.Warning(err) } }() - // case UpdateInfosChanged: - // logger.Info("UpdateInfos Changed") - // m.handleUpdateInfosChanged() case OsVersionChanged: go updateplatform.UpdateTokenConfigFile(m.config.IncludeDiskInfo) case InitIdleDownload: diff --git a/src/lastore-daemon/updater.go b/src/lastore-daemon/updater.go index 158d5133f..465613994 100644 --- a/src/lastore-daemon/updater.go +++ b/src/lastore-daemon/updater.go @@ -10,7 +10,6 @@ import ( "fmt" "io/fs" "os" - "os/exec" "path/filepath" "strings" "sync" @@ -133,14 +132,6 @@ func NewUpdater(service *dbusutil.Service, m *Manager, config *Config) *Updater return u } -func startUpdateMetadataInfoService() { - logger.Info("start update metadata info service") - err := exec.Command("systemctl", "start", "lastore-update-metadata-info.service").Run() - if err != nil { - logger.Warningf("AutoCheck Update failed: %v", err) - } -} - func SetAPTSmartMirror(url string) error { return os.WriteFile("/etc/apt/apt.conf.d/99mirrors.conf", ([]byte)(fmt.Sprintf("Acquire::SmartMirrors::MirrorSource %q;", url)), diff --git a/src/lastore-smartmirror-daemon/config.go b/src/lastore-smartmirror-daemon/config.go index f453ff777..395951afc 100644 --- a/src/lastore-smartmirror-daemon/config.go +++ b/src/lastore-smartmirror-daemon/config.go @@ -5,6 +5,8 @@ package main import ( + "os" + "github.com/linuxdeepin/lastore-daemon/src/internal/system" ) @@ -33,5 +35,8 @@ func (c *config) setEnable(enable bool) error { } func (c *config) save() error { + if err := os.Remove(c.filePath); err != nil && !os.IsNotExist(err) { + logger.Warning("remove config file failed:", err) + } return system.EncodeJson(c.filePath, c) } diff --git a/src/lastore-smartmirror-daemon/smartmirror.go b/src/lastore-smartmirror-daemon/smartmirror.go index 7fca171b6..224525c1f 100644 --- a/src/lastore-smartmirror-daemon/smartmirror.go +++ b/src/lastore-smartmirror-daemon/smartmirror.go @@ -18,11 +18,12 @@ import ( "github.com/linuxdeepin/lastore-daemon/src/internal/utils" ) -var ( +const ( qualityDataFilepath = "smartmirror_quality.json" configDataFilepath = "smartmirror_config.json" ) +// The STATE_DIRECTORY environment variable is set by systemd when starting this service. var stateDirectory = os.Getenv("STATE_DIRECTORY") // SmartMirror handle core smart mirror data @@ -78,7 +79,13 @@ func newSmartMirror(service *dbusutil.Service) *SmartMirror { s.mirrorQuality.updateQuality(r) s.taskCount-- } - _ = utils.WriteData(path.Join(stateDirectory, qualityDataFilepath), s.mirrorQuality.QualityMap) + filePath := path.Join(stateDirectory, qualityDataFilepath) + if err := os.Remove(filePath); err != nil && !os.IsNotExist(err) { + logger.Warning("remove quality data file failed:", err) + } + if err := utils.WriteData(filePath, s.mirrorQuality.QualityMap); err != nil { + logger.Warning("write quality data file failed:", err) + } } }() return s @@ -86,6 +93,7 @@ func newSmartMirror(service *dbusutil.Service) *SmartMirror { // SetEnable the best source func (s *SmartMirror) SetEnable(enable bool) *dbus.Error { + s.service.DelayAutoQuit() changed := s.Enable != enable s.Enable = enable @@ -106,6 +114,7 @@ func (s *SmartMirror) SetEnable(enable bool) *dbus.Error { // Query the best source func (s *SmartMirror) Query(original, officialMirror, mirrorHost string) (url string, busErr *dbus.Error) { + s.service.DelayAutoQuit() if !s.Enable { source := strings.Replace(original, officialMirror, mirrorHost, 1) if utils.ValidURL(source) { diff --git a/src/lastore-tools/deprecated.go b/src/lastore-tools/deprecated.go index 56707ca42..4c84af4df 100644 --- a/src/lastore-tools/deprecated.go +++ b/src/lastore-tools/deprecated.go @@ -67,11 +67,19 @@ func GetDesktopFiles(dirs []string) []string { // 2. desktop --> exec // 3. desktop --> package func GenerateDesktopIndexes(baseDir string) error { - // #nosec G301 - _ = os.MkdirAll(baseDir, 0755) + err := os.MkdirAll(baseDir, 0755) + if err != nil { + return err + } packageIndex, installTimeIndex := ParsePackageInfos() - if err := writeData(path.Join(baseDir, "pacakge_installedTime.json"), installTimeIndex); err != nil { + installTimeFile := path.Join(baseDir, "pacakge_installedTime.json") + + // Remove the file first to avoid write failures due to insufficient permissions + if err := os.Remove(installTimeFile); err != nil && !os.IsNotExist(err) { + logger.Warningf("Remove %s failed: %v\n", installTimeFile, err) + } + if err := writeData(installTimeFile, installTimeIndex); err != nil { return err } diff --git a/var/lib/lastore/scripts/build_safecache.sh b/var/lib/lastore/scripts/build_safecache.sh index 42f3d46a7..2d368d4ce 100755 --- a/var/lib/lastore/scripts/build_safecache.sh +++ b/var/lib/lastore/scripts/build_safecache.sh @@ -1,4 +1,6 @@ #!/bin/bash # /var/cache/apt/pkgcache.bin will be deleted temporarily # whenever executing "apt-get update". -ln -fv /var/cache/apt/pkgcache.bin /var/lib/lastore/safecache_pkgcache.bin +tmpfile=$(mktemp /var/lib/lastore/safecache_pkgcache.bin.XXXXXX) +cp -fv /var/cache/apt/pkgcache.bin "$tmpfile" +mv -f "$tmpfile" /var/lib/lastore/safecache_pkgcache.bin diff --git a/var/lib/lastore/scripts/build_system_info b/var/lib/lastore/scripts/build_system_info index a8a617d68..1ec4f42b4 100755 --- a/var/lib/lastore/scripts/build_system_info +++ b/var/lib/lastore/scripts/build_system_info @@ -12,7 +12,7 @@ function prepare() # exit 1; # fi - if /usr/bin/pgrep build_system_info > /dev/null; then + if /usr/bin/pgrep --ignore-ancestors -f "/var/lib/lastore/scripts/build_system_info" > /dev/null; then echo "build_system_info is running, please try it later" exit 1; fi diff --git a/var/lib/lastore/scripts/gen_upgrade_check_config.sh b/var/lib/lastore/scripts/gen_upgrade_check_config.sh index a41a6dc9d..27b366ed5 100755 --- a/var/lib/lastore/scripts/gen_upgrade_check_config.sh +++ b/var/lib/lastore/scripts/gen_upgrade_check_config.sh @@ -1,5 +1,23 @@ #!/bin/bash -if [ -e "/tmp/update_has_run" ] ;then + +# Constants +readonly UPDATE_RUN_FLAG="/tmp/update_has_run" + +# Function to start lastore-daemon service using busctl +# Triggers the service by querying JobList property via DBus +# Ignores any errors if the service is not available +start_lastore_daemon() { + local dbus_path="org.deepin.dde.Lastore1" + local object_path="/org/deepin/dde/Lastore1" + local interface="org.deepin.dde.Lastore1.Manager" + local property="JobList" + + # Execute busctl command to trigger lastore-daemon service + # Ignore any errors if service is not available + busctl --system get-property "$dbus_path" "$object_path" "$interface" "$property" || true +} + +if [ -e "$UPDATE_RUN_FLAG" ] ;then echo "not first run gen_upgrade_check_config.sh" exit 0 fi @@ -7,9 +25,9 @@ fi if [ -e "/etc/deepin/deepin_update_option.json" ] && [ ! -e "/tmp/deepin_update_option.json" ] ; then # 如果文件存在,则创建软连接 ln -s "/etc/deepin/deepin_update_option.json" "/tmp/deepin_update_option.json" - systemctl start lastore-daemon.service > /dev/null || true & + start_lastore_daemon else echo "deepin_update_option.json not exist or don't need create link" fi -touch "/tmp/update_has_run" \ No newline at end of file +touch "$UPDATE_RUN_FLAG" diff --git a/var/lib/lastore/scripts/update_metadata_info b/var/lib/lastore/scripts/update_metadata_info deleted file mode 100755 index 703e1997f..000000000 --- a/var/lib/lastore/scripts/update_metadata_info +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/bash - -# This script will be invoked by lastore-update-metadata-info.timer every 3 hours -# 1. Trigger a apt-get update, so other component can update /var/lib/lastore/update_infos.json. -# 2. Pull appstore.deepin.com's metadata by lastore-tools, -# inlcude a large ostree repo and some small json metadata. - -function systemd_update_metadata_info() -{ - systemctl start lastore-update-metadata-info.service -} - -function update_metadata_info_now() -{ - #remote=$(cat /var/lib/lastore/scripts/metadata_remote) - #fix_remote_url $remote - #/usr/bin/lastore-tools metadata -u --remote=$remote - /usr/bin/lastore-tools update -r desktop -j applications -o /var/lib/lastore/applications.json - #/usr/bin/lastore-tools update -r desktop -j categories -o /var/lib/lastore/categories.json - #/usr/bin/lastore-tools update -r desktop -j xcategories -o /var/lib/lastore/xcategories.json - #/usr/bin/lastore-tools update -r desktop -j mirrors -o /var/lib/lastore/mirrors.json -} - -function fix_remote_url() -{ - repo_dir=/var/lib/lastore/tree - config_url=$1 - if [ -f $repo_dir/config -a -n "$config_url" ]; then - # repo config file exist and $config_url is not empty - if which ostree >/dev/null; then - # has ostree - current_url=$(ostree --repo=$repo_dir config get 'remote "origin".url') - if [ "$current_url" != "$config_url" ]; then - echo remove $repo_dir - rm -rf $repo_dir - fi - fi - fi -} - - -which ostree >/dev/null || exit 0 - -case "$1" in - "-now") - update_metadata_info_now - exit 0 - ;; - *) - if [[ -S /var/run/systemd/notify ]]; then - systemd_update_metadata_info - else - update_metadata_info_now - fi - ;; -esac - - -