2014-04-27 21:46:59 +00:00
|
|
|
#!/bin/sh
|
2014-06-10 00:05:16 +00:00
|
|
|
|
2016-07-06 08:45:32 +00:00
|
|
|
set -o errexit
|
2014-04-27 21:46:59 +00:00
|
|
|
|
2018-10-15 17:05:23 +00:00
|
|
|
# If the legacy /tmp/resin-supervisor exists on the host, a container might
|
|
|
|
# already be using to take an update lock, so we symlink it to the new
|
|
|
|
# location so that the supervisor can see it
|
|
|
|
[ -d /mnt/root/tmp/resin-supervisor ] &&
|
2022-11-03 13:17:03 +00:00
|
|
|
([ -d /mnt/root/tmp/balena-supervisor ] || ln -s ./resin-supervisor /mnt/root/tmp/balena-supervisor)
|
2018-10-15 17:05:23 +00:00
|
|
|
|
|
|
|
# Otherwise, if the lockfiles directory doesn't exist
|
|
|
|
[ -d /mnt/root/tmp/balena-supervisor ] ||
|
2022-11-03 13:17:03 +00:00
|
|
|
mkdir -p /mnt/root/tmp/balena-supervisor
|
2018-03-16 14:01:50 +00:00
|
|
|
|
2022-11-02 18:56:48 +00:00
|
|
|
export DBUS_SYSTEM_BUS_ADDRESS="${DBUS_SYSTEM_BUS_ADDRESS:-unix:path=/mnt/root/run/dbus/system_bus_socket}"
|
2018-03-16 14:01:50 +00:00
|
|
|
|
2018-03-13 11:41:06 +00:00
|
|
|
# Include self-signed CAs, should they exist
|
2019-09-02 16:39:13 +00:00
|
|
|
if [ -n "${BALENA_ROOT_CA}" ]; then
|
2018-03-13 11:41:06 +00:00
|
|
|
if [ ! -e '/etc/ssl/certs/balenaRootCA.pem' ]; then
|
2022-11-03 13:17:03 +00:00
|
|
|
echo "${BALENA_ROOT_CA}" >/etc/ssl/certs/balenaRootCA.pem
|
2020-08-26 15:46:49 +00:00
|
|
|
|
|
|
|
# Include the balenaRootCA in the system store for services like Docker
|
2018-03-13 11:41:06 +00:00
|
|
|
mkdir -p /usr/local/share/ca-certificates
|
2022-11-03 13:17:03 +00:00
|
|
|
echo "${BALENA_ROOT_CA}" >/usr/local/share/ca-certificates/balenaRootCA.crt
|
2018-03-13 11:41:06 +00:00
|
|
|
update-ca-certificates
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
2022-12-05 19:24:11 +00:00
|
|
|
# Setup necessary directories for journalctl
|
|
|
|
# NOTE: this won't be necessary once the supervisor can update
|
|
|
|
# itself, as using the label io.balena.features.journal-logs will
|
|
|
|
# achieve the same objective
|
2022-12-15 21:12:06 +00:00
|
|
|
if { [ ! -d /run/log/journal ] || [ -L /run/log/journal ]; } && [ -s /mnt/root/etc/machine-id ]; then
|
|
|
|
# Only enter here if the directory does not exist or the location exists and is a symlink
|
|
|
|
# (note that test -d /symlink-to-dir will return true)
|
|
|
|
|
|
|
|
# Create the directory
|
2022-12-05 19:24:11 +00:00
|
|
|
mkdir -p /run/log
|
2022-12-15 21:12:06 +00:00
|
|
|
|
|
|
|
# Override the local machine-id
|
2022-12-05 19:24:11 +00:00
|
|
|
ln -sf /mnt/root/etc/machine-id /etc/machine-id
|
2022-12-15 21:12:06 +00:00
|
|
|
|
|
|
|
# Remove the original link if it exists to avoid creating deep links
|
|
|
|
[ -L /run/log/journal ] && rm /run/log/journal
|
|
|
|
|
|
|
|
# If using persistent logging, the host will the journal under `/var/log/journal`
|
|
|
|
# otherwise it will have it under /run/log/journal
|
|
|
|
[ -d "/mnt/root/run/log/journal/$(cat /etc/machine-id)" ] && ln -sf /mnt/root/run/log/journal /run/log/journal
|
|
|
|
[ -d "/mnt/root/var/log/journal/$(cat /etc/machine-id)" ] && ln -sf /mnt/root/var/log/journal /run/log/journal
|
2022-12-05 19:24:11 +00:00
|
|
|
fi
|
|
|
|
|
2019-02-13 10:49:07 +00:00
|
|
|
# Mount the host kernel module path onto the expected location
|
|
|
|
# We need to do this as busybox doesn't support using a custom location
|
2019-02-14 13:49:03 +00:00
|
|
|
if [ ! -d /lib/modules ]; then
|
|
|
|
ln -s /mnt/root/lib/modules /lib/modules
|
|
|
|
fi
|
2019-05-15 07:39:54 +00:00
|
|
|
# Now load the ip6_tables kernel module, so we can do
|
|
|
|
# filtering on ipv6 addresses. Don't fail here if the
|
|
|
|
# modprobe fails, as this can either be that the module is
|
|
|
|
# already loaded or that the kernel module isn't present. In
|
|
|
|
# the former case, this is fine for runtime, and in the
|
|
|
|
# latter it means that the supervisor will fail later on, so
|
|
|
|
# not a problem.
|
|
|
|
modprobe ip6_tables || true
|
2019-02-13 10:49:07 +00:00
|
|
|
|
2022-03-07 22:10:51 +00:00
|
|
|
export BASE_LOCK_DIR="/tmp/balena-supervisor/services"
|
|
|
|
export LOCKFILE_UID=65534
|
|
|
|
|
|
|
|
# Cleanup leftover Supervisor-created lockfiles from any previous processes.
|
|
|
|
# Supervisor-created lockfiles have a UID of 65534.
|
2022-04-13 16:29:45 +00:00
|
|
|
find "/mnt/root${BASE_LOCK_DIR}" -type f -user "${LOCKFILE_UID}" -name "*updates.lock" -delete || true
|
2022-03-07 22:10:51 +00:00
|
|
|
|
2020-04-21 11:56:58 +00:00
|
|
|
if [ "${LIVEPUSH}" = "1" ]; then
|
2020-04-14 09:50:21 +00:00
|
|
|
exec npx nodemon --watch src --watch typings --ignore tests -e js,ts,json \
|
2022-11-03 13:17:03 +00:00
|
|
|
--exec node -r ts-node/register/transpile-only src/app.ts
|
2020-04-06 08:53:34 +00:00
|
|
|
else
|
|
|
|
exec node /usr/src/app/dist/app.js
|
|
|
|
fi
|