LXC: normalize package installation & user creation.

utils/lib.sh:
- get DIST_ID & DIST_VERSION from /etc/os-release
- pkg_[install|remove|...] supports ubuntu, debian, archlinux & fedora

utils/lxc.sh
- Workaround for the "setrlimit(RLIMIT_CORE): Operation not permitted" error::
    'Set disable_coredump false' >> /etc/sudo.conf

utils/[searx.sh|filtron.sh|morty.sh]
- switched user creation from 'adduser' perl script to 'useradd' built-in
  command

utils/searx.sh
- install packages for ubuntu, debian, archlinux & fedora

Signed-off-by: Markus Heiser <markus.heiser@darmarit.de>

utils/filtron.sh

@@ -106,7 +106,7 @@ main() {
     rst_title "$SERVICE_NAME" part
 
     required_commands \
-        dpkg apt-get install git wget curl \
+        sudo install git wget curl \
         || exit
 
     local _usage="unknown or missing $1 command $2"
@@ -231,9 +231,11 @@ assert_user() {
     rst_title "user $SERVICE_USER" section
     echo
     tee_stderr 1 <<EOF | bash | prefix_stdout
-sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
-    --disabled-password --group --gecos 'Filtron' $SERVICE_USER
-sudo -H usermod -a -G shadow $SERVICE_USER
+useradd --shell /bin/bash --system \
+ --home-dir "$SERVICE_HOME" \
+ --comment 'Reverse HTTP proxy to filter requests' $SERVICE_USER
+mkdir "$SERVICE_HOME"
+chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
 groups $SERVICE_USER
 EOF
     SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

utils/lib.sh

@@ -3,6 +3,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later
 # shellcheck disable=SC2059,SC1117
 
+# ubuntu, debian, arch, fedora ...
+DIST_ID=$(source /etc/os-release; echo $ID);
+# shellcheck disable=SC2034
+DIST_VERS=$(source /etc/os-release; echo $VERSION_ID);
+
 ADMIN_NAME="${ADMIN_NAME:-$(git config user.name)}"
 ADMIN_NAME="${ADMIN_NAME:-$USER}"
 
@@ -54,7 +59,7 @@ sudo_or_exit() {
 
 required_commands() {
 
-    # usage:  requires_commands [cmd1 ...]
+    # usage:  required_commands [cmd1 ...]
 
     local exit_val=0
     while [ -n "$1" ]; do
@@ -787,9 +792,6 @@ uWSGI_disable_app() {
 
 # distro's package manager
 # ------------------------
-#
-# FIXME: Arch Linux & RHEL should be added
-#
 
 pkg_install() {
 
@@ -801,8 +803,20 @@ pkg_install() {
     if ! ask_yn "Should packages be installed?" Yn 30; then
         return 42
     fi
-    # shellcheck disable=SC2068
-    apt-get install -m -y $@
+    case $DIST_ID in
+        ubuntu|debian)
+            # shellcheck disable=SC2068
+            apt-get install -m -y $@
+            ;;
+        arch)
+            # shellcheck disable=SC2068
+            pacman -S --noconfirm $@
+            ;;
+        fedora)
+            # shellcheck disable=SC2068
+            dnf install -y $@
+            ;;
+    esac
 }
 
 pkg_remove() {
@@ -815,15 +829,40 @@ pkg_remove() {
     if ! ask_yn "Should packages be removed (purge)?" Yn 30; then
         return 42
     fi
-    apt-get purge --autoremove --ignore-missing -y "$@"
+    case $DIST_ID in
+        ubuntu|debian)
+            # shellcheck disable=SC2068
+            apt-get purge --autoremove --ignore-missing -y $@
+            ;;
+        arch)
+            # shellcheck disable=SC2068
+            pacman -R --noconfirm $@
+            ;;
+        fedora)
+            # shellcheck disable=SC2068
+            dnf remove -y $@
+            ;;
+    esac
 }
 
 pkg_is_installed() {
 
     # usage: pkg_is_install foopkg || pkg_install foopkg
 
-    dpkg -l "$1" &> /dev/null
-    return $?
+    case $DIST_ID in
+        ubuntu|debian)
+            dpkg -l "$1" &> /dev/null
+            return $?
+            ;;
+        arch)
+            pacman -Qsq "$1" &> /dev/null
+            return $?
+            ;;
+        fedora)
+            dnf list -q --installed "$1" &> /dev/null
+            return $?
+            ;;
+    esac
 }
 
 # git tooling

utils/lxc.sh

@@ -39,12 +39,15 @@ ubu1904_boilerplate="$ubu1804_boilerplate"
 # shellcheck disable=SC2034
 archlinux_boilerplate="
 pacman -Syu --noconfirm
-pacman -S --noconfirm git curl wget
+pacman -S --noconfirm git curl wget sudo
+echo 'Set disable_coredump false' >> /etc/sudo.conf
 "
 
+# shellcheck disable=SC2034
 fedora31_boilerplate="
 dnf update -y
-dnf install -y git curl wget
+dnf install -y git curl wget hostname
+echo 'Set disable_coredump false' >> /etc/sudo.conf
 "
 
 REMOTE_IMAGES=()
@@ -162,7 +165,9 @@ main() {
                 lxc exec "${i}" -- "$@"
                 exit_val=$?
                 if [[ $exit_val -ne 0 ]]; then
-                    err_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
+                    warn_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
+                else
+                    info_msg "[${_BBlue}${i}${_creset}] exit code (${_BRed}${exit_val}${_creset}) from ${_BGreen}${*}${_creset}"
                 fi
             done
             ;;

utils/morty.sh

@@ -105,7 +105,7 @@ main() {
     rst_title "$SERVICE_NAME" part
 
     required_commands \
-        dpkg apt-get install git wget curl \
+        sudo install git wget curl \
         || exit
 
     local _usage="ERROR: unknown or missing $1 command $2"
@@ -224,9 +224,11 @@ assert_user() {
     rst_title "user $SERVICE_USER" section
     echo
     tee_stderr 1 <<EOF | bash | prefix_stdout
-sudo -H adduser --shell /bin/bash --system --home $SERVICE_HOME \
-    --disabled-password --group --gecos 'Morty' $SERVICE_USER
-sudo -H usermod -a -G shadow $SERVICE_USER
+useradd --shell /bin/bash --system \
+ --home-dir "$SERVICE_HOME" \
+ --comment 'Web content sanitizer proxy' $SERVICE_USER
+mkdir "$SERVICE_HOME"
+chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
 groups $SERVICE_USER
 EOF
     SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"

utils/searx.sh

@@ -35,14 +35,26 @@ SEARX_UWSGI_APP="searx.ini"
 # shellcheck disable=SC2034
 SEARX_UWSGI_SOCKET="/run/uwsgi/app/searx/socket"
 
-# FIXME: Arch Linux & RHEL should be added
-
-SEARX_APT_PACKAGES="\
-  uwsgi uwsgi-plugin-python3 \
-  git build-essential \
-  libxslt-dev python3-dev python3-babel python3-venv \
-  zlib1g-dev libffi-dev libssl-dev \
-"
+case $DIST_ID in
+    ubuntu|debian)  # apt packages
+        SEARX_PACKAGES="\
+ python3-dev python3-babel python3-venv \
+ uwsgi uwsgi-plugin-python3 \
+ git build-essential libxslt-dev zlib1g-dev libffi-dev libssl-dev "
+        ;;
+    arch)           # pacman packages
+        SEARX_PACKAGES="\
+ python python-pip python-lxml python-babel \
+ uwsgi uwsgi-plugin-python \
+ git base-devel libxml2 "
+        ;;
+    fedora)          # dnf packages
+        SEARX_PACKAGES="\
+ python python-pip python-lxml python-babel \
+ uwsgi uwsgi-plugin-python3 \
+ git @development-tools libxml2 "
+        ;;
+esac
 
 # Apache Settings
 
@@ -72,7 +84,7 @@ usage() {
 usage::
 
   $(basename "$0") shell
-  $(basename "$0") install    [all|user|pyenv|searx-src|apache]
+  $(basename "$0") install    [all|user|searx-src|pyenv|apache]
   $(basename "$0") update     [searx]
   $(basename "$0") remove     [all|user|pyenv|searx-src]
   $(basename "$0") activate   [service]
@@ -120,7 +132,7 @@ main() {
     rst_title "$SEARX_INSTANCE_NAME" part
 
     required_commands \
-        dpkg systemctl apt-get install git wget curl \
+        sudo systemctl install git wget curl \
         || exit
 
     local _usage="unknown or missing $1 command $2"
@@ -202,7 +214,7 @@ _service_prefix="  |$SERVICE_USER| "
 
 install_all() {
     rst_title "Install $SEARX_INSTANCE_NAME (service)"
-    pkg_install "$SEARX_APT_PACKAGES"
+    pkg_install "$SEARX_PACKAGES"
     wait_key
     assert_user
     wait_key
@@ -260,9 +272,11 @@ assert_user() {
     rst_title "user $SERVICE_USER" section
     echo
     tee_stderr 1 <<EOF | bash | prefix_stdout
-sudo -H adduser --shell /bin/bash --system --home "$SERVICE_HOME" \
-  --disabled-password --group --gecos 'searx' $SERVICE_USER
-sudo -H usermod -a -G shadow $SERVICE_USER
+useradd --shell /bin/bash --system \
+ --home-dir "$SERVICE_HOME" \
+ --comment 'Privacy-respecting metasearch engine' $SERVICE_USER
+mkdir "$SERVICE_HOME"
+chown -R "$SERVICE_GROUP:$SERVICE_GROUP" "$SERVICE_HOME"
 groups $SERVICE_USER
 EOF
     #SERVICE_HOME="$(sudo -i -u "$SERVICE_USER" echo \$HOME)"