|
2 | 2 | set -eu |
3 | 3 |
|
4 | 4 | # Coder's automatic install script. |
5 | | -# See https://github.com/coder/coder#installing-coder |
| 5 | +# See https://github.com/coder/coder#install |
| 6 | +# |
| 7 | +# To run: |
| 8 | +# curl -L https://coder.com/install.sh | sh |
6 | 9 |
|
7 | 10 | usage() { |
8 | 11 | arg0="$0" |
9 | 12 | if [ "$0" = sh ]; then |
10 | | - arg0="curl -fsSL https://coder.com/install.sh | sh -s --" |
| 13 | + arg0="curl -fsSL https://coder.com/install.sh | sh" |
11 | 14 | else |
12 | 15 | not_curl_usage="The latest script is available at https://coder.com/install.sh |
13 | 16 | " |
@@ -61,6 +64,10 @@ Usage: |
61 | 64 | just want it on your base system aswell. |
62 | 65 | This supports most systems, however if you are unsure yours is supported you can check |
63 | 66 | the link above. |
| 67 | + --net-admin |
| 68 | + Adds \`CAP_NET_ADMIN\` to the installed binary. This allows Coder to |
| 69 | + increase network speeds, but has security implications. |
| 70 | + See: https://man7.org/linux/man-pages/man7/capabilities.7.html |
64 | 71 |
|
65 | 72 |
|
66 | 73 | The detection method works as follows: |
@@ -230,7 +237,8 @@ main() { |
230 | 237 | RSH_ARGS \ |
231 | 238 | EDGE \ |
232 | 239 | RSH \ |
233 | | - WITH_TERRAFORM |
| 240 | + WITH_TERRAFORM \ |
| 241 | + CAP_NET_ADMIN |
234 | 242 |
|
235 | 243 | ALL_FLAGS="" |
236 | 244 |
|
@@ -290,6 +298,9 @@ main() { |
290 | 298 | --with-terraform) |
291 | 299 | WITH_TERRAFORM=1 |
292 | 300 | ;; |
| 301 | + --net-admin) |
| 302 | + CAP_NET_ADMIN=1 |
| 303 | + ;; |
293 | 304 | --) |
294 | 305 | shift |
295 | 306 | # We remove the -- added above. |
@@ -362,7 +373,7 @@ main() { |
362 | 373 | fi |
363 | 374 |
|
364 | 375 | # Start by installing Terraform, if requested |
365 | | - if [ "${WITH_TERRAFORM-}" = 1 ]; then |
| 376 | + if [ "${WITH_TERRAFORM-}" ]; then |
366 | 377 | with_terraform |
367 | 378 | fi |
368 | 379 |
|
@@ -398,6 +409,26 @@ main() { |
398 | 409 | install_standalone |
399 | 410 | ;; |
400 | 411 | esac |
| 412 | + |
| 413 | + if [ "${CAP_NET_ADMIN:-}" ]; then |
| 414 | + cap_net_admin |
| 415 | + fi |
| 416 | +} |
| 417 | + |
| 418 | +cap_net_admin() { |
| 419 | + if ! command_exists setcap && command_exists capsh; then |
| 420 | + echo "Package 'libcap' not found. See install instructions for your distro: https://command-not-found.com/setcap" |
| 421 | + return |
| 422 | + fi |
| 423 | + |
| 424 | + # Make sure we'e allowed to add CAP_NET_ADMIN. |
| 425 | + if sudo_sh_c capsh --has-p=CAP_NET_ADMIN; then |
| 426 | + sudo_sh_c setcap CAP_NET_ADMIN=+ep "$(command -v coder)" || true |
| 427 | + |
| 428 | + # Unable to escalate perms, notify the user. |
| 429 | + else |
| 430 | + echo "Unable to setcap agent binary. Ensure the root user has CAP_NET_ADMIN permissions." |
| 431 | + fi |
401 | 432 | } |
402 | 433 |
|
403 | 434 | parse_arg() { |
@@ -697,10 +728,10 @@ sh_c() { |
697 | 728 | sudo_sh_c() { |
698 | 729 | if [ "$(id -u)" = 0 ]; then |
699 | 730 | sh_c "$@" |
700 | | - elif command_exists doas; then |
701 | | - sh_c "doas $*" |
702 | 731 | elif command_exists sudo; then |
703 | 732 | sh_c "sudo $*" |
| 733 | + elif command_exists doas; then |
| 734 | + sh_c "doas $*" |
704 | 735 | elif command_exists su; then |
705 | 736 | sh_c "su - -c '$*'" |
706 | 737 | else |
|
0 commit comments