mirror of
https://github.com/photoprism/photoprism.git
synced 2026-07-17 16:49:04 +00:00
Build: Make install-chrome.sh safe to run via curl | sudo bash
Two issues prevented the script from running cleanly when piped into
sudo (the most reliable invocation over SSH):
1. The header recommended `bash <(curl …)`, but with sudo the process
substitution opens /dev/fd/63 in the unprivileged parent shell and
the elevated bash cannot read it — the script aborted with
`bash: /dev/fd/63: No such file or directory`. Replace with the
`curl -fsSL … | sudo bash` pattern (and keep an explicit
download-then-run fallback). Also call out the broken sudo + process
substitution form so users do not retry it.
2. With stdin piped to bash, `gpg --dearmor` tried to write status to
/dev/tty and failed with `gpg: cannot open '/dev/tty'`, breaking the
keyring import (and silently leaving an empty keyring on a fresh
host). Pass `--no-tty --batch --yes` to both gpg calls.
Tested end-to-end on Ubuntu 26.04 ("resolute") via
`curl -fsSL …/install-chrome.sh | sudo bash` from a clean state
(no preexisting keyring or apt list): keyring valid OpenPGP file, deb
fetched and installed, `google-chrome --version` returns 147.0.7727.116.
This commit is contained in:
parent
c1e9d80692
commit
d4666a5765
1 changed files with 18 additions and 4 deletions
22
scripts/dist/install-chrome.sh
vendored
22
scripts/dist/install-chrome.sh
vendored
|
|
@ -10,13 +10,27 @@
|
|||
# libminizip1, ...) are close enough to Ubuntu LTS that apt can resolve
|
||||
# them by pulling those few libs from the Debian repo; the chromium
|
||||
# binary itself runs fine on Ubuntu glibc from jammy (22.04, 2.35) up.
|
||||
# bash <(curl -s https://raw.githubusercontent.com/photoprism/photoprism/develop/scripts/dist/install-chrome.sh)
|
||||
#
|
||||
# This script must run as root. Use one of these invocations:
|
||||
#
|
||||
# # Pipe via stdin (recommended one-liner — works everywhere, incl. SSH):
|
||||
# curl -fsSL https://raw.githubusercontent.com/photoprism/photoprism/develop/scripts/dist/install-chrome.sh | sudo bash
|
||||
#
|
||||
# # Or download first and run:
|
||||
# curl -fsSL https://raw.githubusercontent.com/photoprism/photoprism/develop/scripts/dist/install-chrome.sh -o /tmp/install-chrome.sh
|
||||
# sudo bash /tmp/install-chrome.sh
|
||||
#
|
||||
# Do NOT use process substitution under sudo (`sudo bash <(curl …)`): the
|
||||
# substitution opens /dev/fd/63 in the *parent* (unprivileged) shell, which
|
||||
# the elevated bash cannot read once sudo re-execs — the script aborts
|
||||
# immediately with `bash: /dev/fd/63: No such file or directory`.
|
||||
|
||||
PATH="/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin:/scripts:$PATH"
|
||||
|
||||
# Abort if not executed as root.
|
||||
if [[ $(id -u) != "0" ]]; then
|
||||
echo "Usage: run ${0##*/} as root" 1>&2
|
||||
echo "Usage: ${0##*/} must run as root. Try:" 1>&2
|
||||
echo " curl -fsSL <url-to-this-script> | sudo bash" 1>&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
@ -39,7 +53,7 @@ install_chromium_from_debian_bookworm() {
|
|||
|
||||
install -m 0755 -d /etc/apt/keyrings
|
||||
curl -fsSL https://ftp-master.debian.org/keys/archive-key-12.asc \
|
||||
| gpg --dearmor -o "$keyring"
|
||||
| gpg --no-tty --batch --yes --dearmor -o "$keyring"
|
||||
|
||||
cat > "$src" <<EOF
|
||||
Types: deb
|
||||
|
|
@ -58,7 +72,7 @@ case $DESTARCH in
|
|||
amd64 | AMD64 | x86_64 | x86-64)
|
||||
echo "Installing Google Chrome (stable) on ${ID} for ${DESTARCH^^}..."
|
||||
set -e
|
||||
curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --dearmor -o /etc/apt/trusted.gpg.d/dl-ssl.google.com.gpg
|
||||
curl -fsSL https://dl-ssl.google.com/linux/linux_signing_key.pub | gpg --no-tty --batch --yes --dearmor -o /etc/apt/trusted.gpg.d/dl-ssl.google.com.gpg
|
||||
sh -c 'echo "deb [arch=amd64] http://dl.google.com/linux/chrome/deb/ stable main" >> /etc/apt/sources.list.d/google-chrome.list'
|
||||
apt-get update
|
||||
apt-get -qq install google-chrome-stable
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue