diff --git a/etc/jailkit/jk_init.ini b/etc/jailkit/jk_init.ini new file mode 100644 index 0000000..51b30f7 --- /dev/null +++ b/etc/jailkit/jk_init.ini @@ -0,0 +1,175 @@ +[uidbasics] +# this section probably needs adjustment on 64bit systems +# or non-Linux systems +comment = common files for all jails that need user/group information +paths = /lib/libnsl.so.*, /lib64/libnsl.so.*, /lib/libnss*.so.2, /lib64/libnss*.so.2, /lib/i386-linux-gnu/libnsl.so.*, /lib/i386-linux-gnu/libnss*.so.2, /lib/x86_64-linux-gnu/libnsl.so.*, /lib/x86_64-linux-gnu/libnss*.so.2, /lib/arm-linux-gnueabihf/libnss*.so.2, /lib/arm-linux-gnueabihf/libnsl*.so.*, /etc/nsswitch.conf, /etc/ld.so.conf +# Solaris needs +# paths = /etc/default/nss, /lib/libnsl.so.1, /usr/lib/nss_*.so.1, /etc/nsswitch.conf + +[netbasics] +comment = common files for all jails that need any internet connectivity +paths = /lib/libnss_dns.so.2, /lib64/libnss_dns.so.2, /lib/libnss_mdns*.so.2, /etc/resolv.conf, /etc/host.conf, /etc/hosts, /etc/protocols, /etc/services +# on Solaris devices /dev/udp and /dev/tcp might be needed too, not sure + +[logbasics] +comment = timezone information and log sockets +paths = /etc/localtime +need_logsocket = 1 +# Solaris does not need logsocket +# but needs +# devices = /dev/log, /dev/conslog + +[jk_lsh] +comment = Jailkit limited shell +paths = /usr/sbin/jk_lsh, /etc/jailkit/jk_lsh.ini +users = root +groups = root +includesections = uidbasics, logbasics + +[limitedshell] +comment = alias for jk_lsh +includesections = jk_lsh + +[cvs] +comment = Concurrent Versions System +paths = cvs +devices = /dev/null + +[git] +comment = Fast Version Control System +paths = /usr/bin/git*, /usr/lib/git-core, /usr/share/git-core, /usr/bin/basename, /bin/uname, /usr/bin/pager +includesections = editors, perl + +[scp] +comment = ssh secure copy +paths = scp +includesections = netbasics, uidbasics +devices = /dev/urandom, /dev/null + +[sftp] +comment = ssh secure ftp +paths = /usr/lib/sftp-server, /usr/libexec/openssh/sftp-server, /usr/lib/misc/sftp-server, /usr/libexec/sftp-server, /usr/lib/openssh/sftp-server +includesections = netbasics, uidbasics +devices = /dev/urandom, /dev/null +# on solaris +#paths = /usr/lib/ssh/sftp-server + +[ssh] +comment = ssh secure shell +paths = ssh +includesections = netbasics, uidbasics +devices = /dev/urandom, /dev/tty, /dev/null + +[rsync] +paths = rsync +includesections = netbasics, uidbasics + +[procmail] +comment = procmail mail delivery +paths = procmail, /bin/sh +devices = /dev/null + +[basicshell] +comment = bash based shell with several basic utilities +paths = /bin/sh, bash, ls, cat, chmod, mkdir, cp, cpio, date, dd, echo, egrep, false, fgrep, grep, gunzip, gzip, ln, ls, mkdir, mktemp, more, mv, pwd, rm, rmdir, sed, sh, sleep, sync, tar, touch, true, uncompress, zcat, /etc/motd, /etc/issue, /etc/bash.bashrc, /etc/bashrc, /etc/profile, /usr/lib/locale/en_US.utf8 +users = root +groups = root +includesections = uidbasics + +[interactiveshell] +comment = for ssh access to a full shell +includesections = uidbasics, basicshell, terminfo, editors, extendedshell + +[midnightcommander] +comment = Midnight Commander +paths = mc, mcedit, mcview, /usr/share/mc +includesections = basicshell, terminfo + +[extendedshell] +comment = bash shell including things like awk, bzip, tail, less +paths = awk, bzip2, bunzip2, ldd, less, clear, cut, du, find, head, less, md5sum, nice, sort, tac, tail, tr, sort, wc, watch, whoami +includesections = basicshell, midnightcommander, editors + +[terminfo] +comment = terminfo databases, required for example for ncurses or vim +paths = /etc/terminfo, /usr/share/terminfo, /lib/terminfo + +[editors] +comment = vim, joe and nano +includesections = terminfo +paths = joe, nano, vi, vim, /etc/vimrc, /etc/joe, /usr/share/vim + +[netutils] +comment = several internet utilities like wget, ftp, rsync, scp, ssh +paths = wget, lynx, ftp, host, rsync, smbclient +includesections = netbasics, ssh, sftp, scp + +[apacheutils] +comment = htpasswd utility +paths = htpasswd + +[extshellplusnet] +comment = alias for extendedshell + netutils + apacheutils +includesections = extendedshell, netutils, apacheutils + +[openvpn] +comment = jail for the openvpn daemon +paths = /usr/sbin/openvpn +users = root,nobody +groups = root,nogroup +#includesections = netbasics +devices = /dev/urandom, /dev/random, /dev/net/tun +includesections = netbasics, uidbasics +need_logsocket = 1 + +[apache] +comment = the apache webserver, very basic setup, probably too limited for you +paths = /usr/sbin/apache +users = root, www-data +groups = root, www-data +includesections = netbasics, uidbasics + +[perl] +comment = the perl interpreter and libraries +paths = perl, /usr/lib/perl, /usr/lib/perl5, /usr/share/perl, /usr/share/perl5 + +[xauth] +comment = getting X authentication to work +paths = /usr/bin/X11/xauth, /usr/X11R6/lib/X11/rgb.txt, /etc/ld.so.conf + +[xclients] +comment = minimal files for X clients +paths = /usr/X11R6/lib/X11/rgb.txt +includesections = xauth + +[vncserver] +comment = the VNC server program +paths = Xvnc, Xrealvnc, /usr/X11R6/lib/X11/fonts/ +includesections = xclients + +[ping] +comment = Ping program +paths_w_setuid = /bin/ping + +#[xterm] +#comment = xterm +#paths = /usr/bin/X11/xterm, /usr/share/terminfo, /etc/terminfo +#devices = /dev/pts/0, /dev/pts/1, /dev/pts/2, /dev/pts/3, /dev/pts/4, /dev/ptyb4, /dev/ptya4, /dev/tty, /dev/tty0, /dev/tty4 + +[php] +comment = the php interpreter and libraries +paths = /usr/bin/php*, composer, /usr/bin/phar*, env, /usr/lib/php, /usr/share/php, /usr/share/php*, /usr/share/zoneinfo, /usr/share/ca-certificates, /etc/ssl/certs, /usr/lib/ssl/certs, /etc/localtime +includesections = netbasics + +[locales] +comment = all translations +paths = /usr/lib/locale, /usr/share/i18n, /etc/default/locale, /etc/locale.alias + +[custom_hosting] +comment = custom giftGRÜN configuration +includesections = php, git, netutils, interactiveshell, locales +devices = /dev/zero, /dev/random +paths = base32, base64, basenc, brotli, cksum, comm, csplit, curl, dirname, dir, expand, expr, factor, fmt, fold, gpg, id, install, join, link, mysql, mysqldump, mysqlcheck, nl, nohup, numfmt, od, openssl, paste, pr, printenv, printf, ptx, readlink, realpath, seq, sha1sum, sha224sum, sha256sum, sha384sum, sha512sum, shred, shuf, split, stat, stdbuf, sum, test, tee, timeout, tput, truncate, tsort, unexpand, uniq, unlink, unxz, unzip, vdir, which, xargs, xz, zip, zopfli, nologin, /etc/bash_completion, /etc/bash_completion.d, /usr/share/bash-completion, /etc/profile.d, /etc/ld.so.conf.d, /etc/hostname +emptydirs = /var/run/mysqld, /tmp +users = root, www-data +groups = root, www-data diff --git a/install_binaries.sh b/install_binaries.sh index eac390b..fe4a4f6 100755 --- a/install_binaries.sh +++ b/install_binaries.sh @@ -6,18 +6,18 @@ export LANG=C.UTF-8 export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin" # install all required packages DEBIAN_FRONTEND=noninteractive apt-get update -DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli +DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y apt-transport-tor bash-completion bind9 brotli bzip2 ca-certificates clamav-daemon clamav-freshclam curl dovecot-imapd dovecot-lmtpd dovecot-pop3d git hardlink haveged iptables jailkit libio-socket-ip-perl libnginx-mod-http-brotli libnginx-mod-stream libsasl2-modules locales locales-all logrotate lsb-release mariadb-server nano nginx postfix postfix-mysql quota quotatool redis rspamd rsync ssh tor unzip util-linux vim wget xz-utils zip zopfli # build dependencies -DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev `apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1` binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev `apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1` libffi-dev `apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1` libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev +DEBIAN_FRONTEND=noninteractive apt-get --no-install-recommends install -y autoconf automake bison g++ gcc ghostscript gnupg libaom-dev $(apt-cache search --names-only 'libargon2(-0)?-dev' | awk '{print $1;}' | head -n1) binutils-dev libbrotli-dev libbz2-dev libc-client2007e-dev libcurl4-openssl-dev libdjvulibre-dev libedit-dev $(apt-cache search --names-only 'libenchant(-2)?-dev' | awk '{print $1;}' | head -n1) libffi-dev $(apt-cache search --names-only libfreetype6?-dev | awk '{print $1;}' | head -n1) libfftw3-dev libfribidi-dev libgd-dev libgmp-dev libgpg-error-dev libgpgme-dev libgraphviz-dev libgs-dev libharfbuzz-dev libheif-dev libjbig-dev libjbig2dec0-dev libjxl-dev libkrb5-dev libldap2-dev liblmdb-dev liblqr-1-0-dev libmariadb-dev libonig-dev libopenexr-dev libopenjp2-7-dev libpango1.0-dev libpng-dev libpspell-dev libqdbm-dev libraqm-dev libraw-dev libreadline-dev librsvg2-dev libsasl2-dev libsodium-dev libssh2-1-dev libssl-dev libsqlite3-dev libsystemd-dev libtidy-dev libtool libwebp-dev libwmf-dev libxml2-dev libxpm-dev libxslt1-dev libzip-dev libzstd-dev make poppler-utils re2c zlib1g-dev # install nvm -curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash +curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash export NVM_DIR="$HOME/.nvm" [ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm # install nodejs nvm install node --latest-npm --default -for old_version in `nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'`; do nvm uninstall $old_version; done +for old_version in $(nvm ls --no-alias --no-colors | grep -v '\->' | awk '{print $1;}'); do nvm uninstall "$old_version"; done nvm cache clear #install yarn @@ -54,11 +54,11 @@ if [ ! -e msgpack-php ]; then fi cd ../.. -export PROC_LIMIT=`free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}'` +export PROC_LIMIT=$(free -g | grep Mem | awk -v nproc=$(nproc) '{print (($2 + 1) < nproc) ? ($2 + 1) : nproc;}') #start build cd ImageMagick git fetch --all -git checkout 7.1.1-36 +git checkout 7.1.1-37 CXXFLAGS='-O3 -mtune=native -march=native' CFLAGS='-O3 -mtune=native -march=native' ./configure --without-perl --without-magick-plus-plus --disable-openmp --with-fftw --with-gslib --with-gvc --with-rsvg --with-wmf make -j $PROC_LIMIT install make distclean diff --git a/var/www/setup_chroot.sh b/var/www/setup_chroot.sh index 9292f39..8f9a42c 100755 --- a/var/www/setup_chroot.sh +++ b/var/www/setup_chroot.sh @@ -1,334 +1,33 @@ #!/bin/bash +set -e export PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/sbin:/usr/sbin:/sbin" test "$1" != "" || { echo "Need path to chroot directory"; exit 1; } -ALL_LIB_DIRECTORIES=() -ALL_LIB_FILES=() - -### functions -function CHROOT_BINARY() { - BINARY="$(which $1)" - if [ "$BINARY" == "" ]; then - return; - fi - if [ "$(echo $BINARY | grep -E '.*:.*')" != "" ]; then - BINARY="$(echo $BINARY | cut -d':' -f2)" - fi - LIB_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | awk '{ print $3 }' | grep -E '^/(.*)' || echo)" - LDD_FILES="$(ldd $BINARY 2>&1 | grep -v 'not a dynamic executable' | grep 'ld-linux' | awk '{ print $1; }' || echo)" - if [ "$LIB_FILES" != "" ]; then - for LIB_FILE in $LIB_FILES; do - ADD_LIB $LIB_FILE - done - fi - if [ "$LDD_FILES" != "" ]; then - for LDD_FILE in $LDD_FILES; do - ADD_LIB $LDD_FILE - done - fi - BINARY_DIRECTORY="$(dirname $BINARY)" - mkdir -pm 0555 $CHROOT_DIRECTORY$BINARY_DIRECTORY - cp $BINARY $CHROOT_DIRECTORY$BINARY - chmod 0555 $CHROOT_DIRECTORY$BINARY -} - -function ADD_LIB() { - LIB_DIRECTORY="$(dirname $1)" - if [[ ! "${ALL_LIB_DIRECTORIES[@]}" =~ "$LIB_DIRECTORY" ]]; then - ALL_LIB_DIRECTORIES=(${ALL_LIB_DIRECTORIES[@]} "$LIB_DIRECTORY") - fi - if [[ ! "${ALL_LIB_FILES[@]}" =~ "$1" ]]; then - ALL_LIB_FILES=(${ALL_LIB_FILES[@]} "$1") - fi -} - -function CHROOT_LIBRARIES() { - for DIRECTORY in ${ALL_LIB_DIRECTORIES[@]}; do - mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY - done - for FILE in ${ALL_LIB_FILES[@]}; do - cp $FILE $CHROOT_DIRECTORY$FILE - chmod 0555 $CHROOT_DIRECTORY$FILE - done -} - ### variables CHROOT_DIRECTORY=$1 -CHROOT_DIRECTORY_STRUCTURE=( - '/etc' - '/etc/default' - '/dev' - '/tmp' - '/usr' - '/usr/share' - '/usr/share/bash-completion' - '/usr/share/bash-completion/completions' - '/usr/bin' - '/usr/lib' - '/usr/lib/openssh' - '/usr/sbin' - '/var' - '/var/run' - '/var/run/mysqld' -) -CHROOT_DIRECTORY_TO_CLEAN=( - '/bin' - '/lib' - '/usr/bin' - '/usr/lib' - '/usr/sbin' -) -BINARIES_GENERAL=( - '[' - 'awk' - 'base32' - 'base64' - 'basename' - 'basenc' - 'bash' - 'brotli' - 'bzip2' - 'cat' - 'chmod' - 'cksum' - 'clear' - 'comm' - 'composer' - 'cp' - 'csplit' - 'curl' - 'cut' - 'date' - 'dd' - 'dirname' - 'dir' - 'du' - 'echo' - 'egrep' - 'env' - 'expand' - 'expr' - 'factor' - 'false' - 'fgrep' - 'find' - 'fmt' - 'fold' - 'git' - 'git-receive-pack' - 'git-shell' - 'git-upload-archive' - 'git-upload-pack' - 'gpg' - 'grep' - 'gunzip' - 'gzip' - 'head' - 'id' - 'install' - 'join' - 'less' - 'link' - 'ln' - 'ls' - 'md5sum' - 'mkdir' - 'mktemp' - 'mv' - 'mysql' - 'mysqldump' - 'mysqlcheck' - 'nano' - 'nl' - 'nohup' - 'numfmt' - 'od' - 'openssl' - 'paste' - 'php8.1' - 'php8.2' - 'pr' - 'printenv' - 'printf' - 'ptx' - 'pwd' - 'readlink' - 'realpath' - 'rm' - 'rmdir' - 'rsync' - 'scp' - 'sed' - 'seq' - 'sftp' - 'sh' - 'sha1sum' - 'sha224sum' - 'sha256sum' - 'sha384sum' - 'sha512sum' - 'shred' - 'shuf' - 'sleep' - 'sort' - 'split' - 'ssh' - 'stat' - 'stdbuf' - 'sum' - 'tac' - 'tail' - 'tar' - 'test' - 'tee' - 'timeout' - 'touch' - 'tput' - 'tr' - 'true' - 'truncate' - 'tsort' - 'uname' - 'unexpand' - 'uniq' - 'unlink' - 'unxz' - 'unzip' - 'vdir' - 'vi' - 'vim' - 'wc' - 'wget' - 'which' - 'xargs' - 'xz' - 'zip' - 'zopfli' - 'nologin' -) -FILES_GENERAL=( - '/etc/hosts' - '/etc/hostname' - '/etc/resolv.conf' - '/etc/nsswitch.conf' - '/etc/services' - '/etc/protocols' - '/etc/locale.alias' - '/etc/default/locale' - '/etc/localtime' - '/etc/profile' - '/etc/bash_completion' - '/etc/bash.bashrc' - '/usr/share/bash-completion/bash_completion' - '/usr/share/bash-completion/completions/alias' - '/usr/share/bash-completion/completions/bind' - '/usr/share/bash-completion/completions/bzip2' - '/usr/share/bash-completion/completions/compgen' - '/usr/share/bash-completion/completions/complete' - '/usr/share/bash-completion/completions/curl' - '/usr/share/bash-completion/completions/declare' - '/usr/share/bash-completion/completions/export' - '/usr/share/bash-completion/completions/find' - '/usr/share/bash-completion/completions/function' - '/usr/share/bash-completion/completions/git' - '/usr/share/bash-completion/completions/gzip' - '/usr/share/bash-completion/completions/id' - '/usr/share/bash-completion/completions/kill' - '/usr/share/bash-completion/completions/mysql' - '/usr/share/bash-completion/completions/openssl' - '/usr/share/bash-completion/completions/pwd' - '/usr/share/bash-completion/completions/rsync' - '/usr/share/bash-completion/completions/scp' - '/usr/share/bash-completion/completions/sh' - '/usr/share/bash-completion/completions/sftp' - '/usr/share/bash-completion/completions/tar' - '/usr/share/bash-completion/completions/typeset' - '/usr/share/bash-completion/completions/wget' - '/etc/ld.so.conf' -) -DIRECTORIES_GENERAL=( - '/usr/lib/git-core' - '/usr/share/git-core' - '/usr/lib/locale' - '/usr/share/i18n' - '/etc/ssl' - '/usr/lib/ssl' - '/usr/share/ca-certificates' - '/etc/bash_completion.d' - '/usr/share/zoneinfo' - '/lib/terminfo' - '/usr/share/terminfo' - '/usr/lib/php' - '/etc/profile.d' - '/etc/ld.so.conf.d' -) ### test variables/parameters test "$CHROOT_DIRECTORY" != "" if [ "$2" != "" ]; then - CHROOT_BINARY $2 - CHROOT_LIBRARIES - ldconfig -r $CHROOT_DIRECTORY + jk_cp -j "$CHROOT_DIRECTORY" -k "$2" echo "copied extra binary $2"; exit 0; fi ### init chroot directory -mkdir -p $CHROOT_DIRECTORY -chown root:www-data $CHROOT_DIRECTORY -chmod 550 $CHROOT_DIRECTORY -for DIRECTORY in ${CHROOT_DIRECTORY_TO_CLEAN[@]}; do - rm -rf $CHROOT_DIRECTORY$DIRECTORY -done -ln -s usr/bin $CHROOT_DIRECTORY/bin -ln -s usr/lib $CHROOT_DIRECTORY/lib -for DIRECTORY in ${CHROOT_DIRECTORY_STRUCTURE[@]}; do - mkdir -pm 0555 $CHROOT_DIRECTORY$DIRECTORY -done -chmod 777 $CHROOT_DIRECTORY/tmp -# users and groups -echo "root:x:0:0:root:/root:/bin/bash" > $CHROOT_DIRECTORY/etc/passwd -echo "www-data:x:33:33::/var/www:/bin/bash" >> $CHROOT_DIRECTORY/etc/passwd -echo "root:x:0:" > $CHROOT_DIRECTORY/etc/group -echo "www-data:x:33:www-data" >> $CHROOT_DIRECTORY/etc/group - -# /dev devices -test -e $CHROOT_DIRECTORY/dev/null || mknod -m 666 $CHROOT_DIRECTORY/dev/null c 1 3 -test -e $CHROOT_DIRECTORY/dev/zero || mknod -m 666 $CHROOT_DIRECTORY/dev/zero c 1 5 -test -e $CHROOT_DIRECTORY/dev/tty || mknod -m 666 $CHROOT_DIRECTORY/dev/tty c 5 0 -test -e $CHROOT_DIRECTORY/dev/random || mknod -m 644 $CHROOT_DIRECTORY/dev/random c 1 8 -test -e $CHROOT_DIRECTORY/dev/urandom || mknod -m 644 $CHROOT_DIRECTORY/dev/urandom c 1 9 -# copy general directories -for DIRECTORY in ${DIRECTORIES_GENERAL[@]}; do - rm -rf $CHROOT_DIRECTORY$DIRECTORY - cp -Rp $DIRECTORY $CHROOT_DIRECTORY$DIRECTORY -done -echo "export HOME=/" > $CHROOT_DIRECTORY/etc/profile.d/hosting.sh -echo "export HISTFILE=/.bash_history" >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh -echo 'export PATH="$PATH:/.composer/vendor/bin"' >> $CHROOT_DIRECTORY/etc/profile.d/hosting.sh -# copy general files -for FILE in ${FILES_GENERAL[@]}; do - cp $FILE $CHROOT_DIRECTORY$FILE -done -### copy shared libraries and binaries -# general -for BINARY in ${BINARIES_GENERAL[@]}; do - CHROOT_BINARY $BINARY -done -# git -for BINARY in `find /usr/lib/git-core -type f`; do - CHROOT_BINARY $BINARY -done -# networking -for LIB in /lib/*/libnss_*; do - ADD_LIB $LIB -done -# php -for LIB in /usr/lib/php/*/*.so; do - ADD_LIB $LIB -done -CHROOT_LIBRARIES -ldconfig -r $CHROOT_DIRECTORY -ln -f $CHROOT_DIRECTORY/usr/bin/php8.2 $CHROOT_DIRECTORY/usr/bin/php +if [[ -d "$CHROOT_DIRECTORY/bin" ]]; then + chown root:root "$CHROOT_DIRECTORY" + chmod 555 "$CHROOT_DIRECTORY" + jk_update -j "$CHROOT_DIRECTORY" -k /bin /lib /usr +else + mkdir -p "$CHROOT_DIRECTORY" + chown root:root "$CHROOT_DIRECTORY" + chmod 555 "$CHROOT_DIRECTORY" + jk_init -j "$CHROOT_DIRECTORY" -k custom_hosting + chmod 777 "$CHROOT_DIRECTORY/tmp" + echo "export HOME=/" > "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh" + echo "export HISTFILE=/.bash_history" >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh" + echo 'export PATH="$PATH:/.composer/vendor/bin"' >> "$CHROOT_DIRECTORY/etc/profile.d/hosting.sh" +fi