nexus/ProxMenux
2
0
Fork 0
mirror of https://github.com/MacRimi/ProxMenux.git synced 2026-05-28 03:04:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update AppImage

Browse Source
This commit is contained in:
MacRimi
2026-05-09 23:37:46 +02:00
parent 0288c14a29
commit 6d7e06a0d2
2 changed files with 111 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files
install_proxmenux.sh
+55 -3
View File
@@ -51,6 +51,7 @@ MENU_SCRIPT="menu"
VENV_PATH="/opt/googletrans-env" VENV_PATH="/opt/googletrans-env"
MONITOR_INSTALL_DIR="$BASE_DIR" MONITOR_INSTALL_DIR="$BASE_DIR"
MONITOR_RUNTIME_DIR="$BASE_DIR/monitor-app"
MONITOR_SERVICE_FILE="/etc/systemd/system/proxmenux-monitor.service" MONITOR_SERVICE_FILE="/etc/systemd/system/proxmenux-monitor.service"
MONITOR_PORT=8008 MONITOR_PORT=8008
@@ -582,6 +583,52 @@ get_appimage_version() {
echo "$version" echo "$version"
} }
# ── AppImage runtime extraction ────────────────────────────
# Extract the AppImage's squashfs to a stable directory and run AppRun
# directly. Avoids the FUSE mount under /tmp/.mount_ProxMe<random>, which
# trips Wazuh rule 521 / rkhunter "Possible kernel level rootkit" alerts
# (issue #101) — those scanners flag any directory that appears in
# readdir() but is hidden from lstat(), which is exactly what AppImage's
# FUSE mount layer looks like to them. Running from a plain extracted
# directory has the same files but no FUSE indirection, so the false
# positive disappears.
extract_appimage_to_runtime_dir() {
local appimage_path="$1"
local target_runtime_dir="$2"
local tmp_extract_dir
tmp_extract_dir=$(mktemp -d /tmp/proxmenux-extract.XXXXXX) || return 1
msg_info "Extracting AppImage runtime to ${target_runtime_dir}..."
if ! ( cd "$tmp_extract_dir" && "$appimage_path" --appimage-extract >/dev/null 2>&1 ); then
msg_error "Failed to extract AppImage."
rm -rf "$tmp_extract_dir"
return 1
fi
if [ ! -x "$tmp_extract_dir/squashfs-root/AppRun" ]; then
msg_error "Extracted AppImage missing AppRun."
rm -rf "$tmp_extract_dir"
return 1
fi
rm -rf "${target_runtime_dir}.new"
mv "$tmp_extract_dir/squashfs-root" "${target_runtime_dir}.new"
rm -rf "$tmp_extract_dir"
if [ -d "$target_runtime_dir" ]; then
rm -rf "${target_runtime_dir}.old"
mv "$target_runtime_dir" "${target_runtime_dir}.old"
fi
mv "${target_runtime_dir}.new" "$target_runtime_dir"
rm -rf "${target_runtime_dir}.old"
rm -f "$appimage_path"
msg_ok "AppImage runtime extracted (no FUSE mount; bypasses Wazuh rule 521)."
return 0
}
install_proxmenux_monitor() { install_proxmenux_monitor() {
local appimage_source=$(detect_latest_appimage) local appimage_source=$(detect_latest_appimage)
@@ -625,7 +672,12 @@ install_proxmenux_monitor() {
local target_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage" local target_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage"
cp "$appimage_source" "$target_path" cp "$appimage_source" "$target_path"
chmod +x "$target_path" chmod +x "$target_path"
if ! extract_appimage_to_runtime_dir "$target_path" "$MONITOR_RUNTIME_DIR"; then
update_config "proxmenux_monitor" "extract_failed"
return 1
fi
msg_ok "ProxMenux Monitor v$appimage_version installed." msg_ok "ProxMenux Monitor v$appimage_version installed."
if [ "$service_exists" = false ]; then if [ "$service_exists" = false ]; then
@@ -649,8 +701,8 @@ install_proxmenux_monitor() {
create_monitor_service() { create_monitor_service() {
msg_info "Creating ProxMenux Monitor service..." msg_info "Creating ProxMenux Monitor service..."
local exec_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage" local exec_path="$MONITOR_RUNTIME_DIR/AppRun"
if [ -f "$TEMP_DIR/systemd/proxmenux-monitor.service" ]; then if [ -f "$TEMP_DIR/systemd/proxmenux-monitor.service" ]; then
sed "s|ExecStart=.*|ExecStart=$exec_path|g" \ sed "s|ExecStart=.*|ExecStart=$exec_path|g" \
install_proxmenux_beta.sh
+56 -4
View File
@@ -42,6 +42,7 @@ BETA_VERSION_FILE="$BASE_DIR/beta_version.txt"
MENU_SCRIPT="menu" MENU_SCRIPT="menu"
MONITOR_INSTALL_DIR="$BASE_DIR" MONITOR_INSTALL_DIR="$BASE_DIR"
MONITOR_RUNTIME_DIR="$BASE_DIR/monitor-app"
MONITOR_SERVICE_FILE="/etc/systemd/system/proxmenux-monitor.service" MONITOR_SERVICE_FILE="/etc/systemd/system/proxmenux-monitor.service"
MONITOR_PORT=8008 MONITOR_PORT=8008
@@ -323,6 +324,52 @@ get_appimage_version() {
echo "$filename" | grep -oP 'ProxMenux-\K[0-9]+\.[0-9]+\.[0-9]+' echo "$filename" | grep -oP 'ProxMenux-\K[0-9]+\.[0-9]+\.[0-9]+'
} }
# ── AppImage runtime extraction ────────────────────────────
# Extract the AppImage's squashfs to a stable directory and run AppRun
# directly. Avoids the FUSE mount under /tmp/.mount_ProxMe<random>, which
# trips Wazuh rule 521 / rkhunter "Possible kernel level rootkit" alerts
# (issue #101) — those scanners flag any directory that appears in
# readdir() but is hidden from lstat(), which is exactly what AppImage's
# FUSE mount layer looks like to them. Running from a plain extracted
# directory has the same files but no FUSE indirection, so the false
# positive disappears.
extract_appimage_to_runtime_dir() {
local appimage_path="$1"
local target_runtime_dir="$2"
local tmp_extract_dir
tmp_extract_dir=$(mktemp -d /tmp/proxmenux-extract.XXXXXX) || return 1
msg_info "Extracting AppImage runtime to ${target_runtime_dir}..."
if ! ( cd "$tmp_extract_dir" && "$appimage_path" --appimage-extract >/dev/null 2>&1 ); then
msg_error "Failed to extract AppImage."
rm -rf "$tmp_extract_dir"
return 1
fi
if [ ! -x "$tmp_extract_dir/squashfs-root/AppRun" ]; then
msg_error "Extracted AppImage missing AppRun."
rm -rf "$tmp_extract_dir"
return 1
fi
rm -rf "${target_runtime_dir}.new"
mv "$tmp_extract_dir/squashfs-root" "${target_runtime_dir}.new"
rm -rf "$tmp_extract_dir"
if [ -d "$target_runtime_dir" ]; then
rm -rf "${target_runtime_dir}.old"
mv "$target_runtime_dir" "${target_runtime_dir}.old"
fi
mv "${target_runtime_dir}.new" "$target_runtime_dir"
rm -rf "${target_runtime_dir}.old"
rm -f "$appimage_path"
msg_ok "AppImage runtime extracted (no FUSE mount; bypasses Wazuh rule 521)."
return 0
}
# ── Monitor install ──────────────────────────────────────── # ── Monitor install ────────────────────────────────────────
install_proxmenux_monitor() { install_proxmenux_monitor() {
local appimage_source local appimage_source
@@ -364,7 +411,12 @@ install_proxmenux_monitor() {
local target_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage" local target_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage"
cp "$appimage_source" "$target_path" cp "$appimage_source" "$target_path"
chmod +x "$target_path" chmod +x "$target_path"
if ! extract_appimage_to_runtime_dir "$target_path" "$MONITOR_RUNTIME_DIR"; then
update_config "proxmenux_monitor" "extract_failed"
return 1
fi
# Copy shutdown-notify.sh script for systemd ExecStop # Copy shutdown-notify.sh script for systemd ExecStop
local shutdown_script_src="$TEMP_DIR/scripts/shutdown-notify.sh" local shutdown_script_src="$TEMP_DIR/scripts/shutdown-notify.sh"
local shutdown_script_dst="$MONITOR_INSTALL_DIR/scripts/shutdown-notify.sh" local shutdown_script_dst="$MONITOR_INSTALL_DIR/scripts/shutdown-notify.sh"
@@ -401,8 +453,8 @@ install_proxmenux_monitor() {
# Update existing service file with new configuration # Update existing service file with new configuration
update_monitor_service() { update_monitor_service() {
local exec_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage" local exec_path="$MONITOR_RUNTIME_DIR/AppRun"
cat > "$MONITOR_SERVICE_FILE" << EOF cat > "$MONITOR_SERVICE_FILE" << EOF
[Unit] [Unit]
Description=ProxMenux Monitor - Web Dashboard (Beta) Description=ProxMenux Monitor - Web Dashboard (Beta)
@@ -433,7 +485,7 @@ EOF
create_monitor_service() { create_monitor_service() {
msg_info "Creating ProxMenux Monitor service..." msg_info "Creating ProxMenux Monitor service..."
local exec_path="$MONITOR_INSTALL_DIR/ProxMenux-Monitor.AppImage" local exec_path="$MONITOR_RUNTIME_DIR/AppRun"
if [ -f "$TEMP_DIR/systemd/proxmenux-monitor.service" ]; then if [ -f "$TEMP_DIR/systemd/proxmenux-monitor.service" ]; then
sed "s|ExecStart=.*|ExecStart=$exec_path|g" \ sed "s|ExecStart=.*|ExecStart=$exec_path|g" \