From 2ecb60f2bc18079ecb3bf05da79c54105f5199e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jari=20Sch=C3=A4fer?= Date: Sun, 24 Jul 2022 01:04:40 +0200 Subject: [PATCH] version 22.7.0 based on ubuntu 22.04 --- .dockerignore | 4 ++ .gitignore | 1 + Dockerfile | 11 +-- Dockerfile.arm32v7 | 11 +-- Dockerfile.arm64v8 | 11 +-- README.md | 6 +- docker-compose.yml | 21 ++++-- hooks/post_checkout | 6 +- hooks/pre_build | 2 +- ...5_environment => librenms_000_environment} | 3 +- .../etc/my_init.d/librenms_000_permissions | 52 -------------- .../my_init.d/librenms_001_early_permissions | 22 ++++++ ...ibrenms_010_mounts => librenms_002_mounts} | 2 +- post_install/etc/my_init.d/librenms_100_cron | 2 +- post_install/etc/my_init.d/librenms_101_ssl | 12 +--- post_install/etc/my_init.d/librenms_102_ipv6 | 2 +- .../etc/my_init.d/librenms_103_timezone | 12 ++-- .../etc/my_init.d/librenms_104_php_fpm | 6 ++ ...04_config => librenms_200_librenms_config} | 17 +---- ...iles => librenms_201_create_default_files} | 2 +- ...ervices => librenms_220_optional_services} | 2 +- ...ibrenms_108_syslog => librenms_221_syslog} | 7 +- ...{librenms_106_daily => librenms_290_daily} | 2 +- .../etc/my_init.d/librenms_900_permissions | 40 +---------- post_install/etc/nginx/nginx.conf | 8 +-- .../cli/conf.d/90-include-path.ini | 0 .../fpm/conf.d/90-include-path.ini | 0 .../{7.4 => 8.1}/fpm/conf.d/91-opcache.ini | 0 .../fpm/conf.d/99-no-memory-limit.ini | 0 .../etc/php/{7.4 => 8.1}/fpm/pool.d/www.conf | 69 ++++++++++++++----- .../runsvdir/default/librenms-service/run | 2 +- .../etc/runit/runsvdir/default/nginx/run | 2 +- .../etc/runit/runsvdir/default/php-fpm/run | 4 +- .../etc/runit/runsvdir/default/rrdcached/run | 2 +- .../etc/runit/runsvdir/default/snmptrapd/run | 2 +- post_install/usr/local/bin/create_admin | 2 +- post_install/usr/local/bin/create_user | 2 +- post_install/usr/local/bin/generate_key | 2 +- post_install/usr/local/bin/set_acls | 4 ++ post_install/usr/local/bin/set_owner_and_mode | 4 ++ post_install/usr/local/bin/set_permissions | 10 +++ .../usr/local/bin/set_permissions_basic | 15 ++++ post_install/usr/local/bin/setup_database | 2 +- pre_install/build/install | 31 +++++++-- 44 files changed, 225 insertions(+), 192 deletions(-) create mode 100644 .dockerignore rename post_install/etc/my_init.d/{librenms_105_environment => librenms_000_environment} (92%) delete mode 100755 post_install/etc/my_init.d/librenms_000_permissions create mode 100755 post_install/etc/my_init.d/librenms_001_early_permissions rename post_install/etc/my_init.d/{librenms_010_mounts => librenms_002_mounts} (94%) create mode 100644 post_install/etc/my_init.d/librenms_104_php_fpm rename post_install/etc/my_init.d/{librenms_104_config => librenms_200_librenms_config} (69%) rename post_install/etc/my_init.d/{librenms_107_create_default_files => librenms_201_create_default_files} (94%) rename post_install/etc/my_init.d/{librenms_109_services => librenms_220_optional_services} (97%) rename post_install/etc/my_init.d/{librenms_108_syslog => librenms_221_syslog} (65%) rename post_install/etc/my_init.d/{librenms_106_daily => librenms_290_daily} (90%) rename post_install/etc/php/{7.4 => 8.1}/cli/conf.d/90-include-path.ini (100%) rename post_install/etc/php/{7.4 => 8.1}/fpm/conf.d/90-include-path.ini (100%) rename post_install/etc/php/{7.4 => 8.1}/fpm/conf.d/91-opcache.ini (100%) rename post_install/etc/php/{7.4 => 8.1}/fpm/conf.d/99-no-memory-limit.ini (100%) rename post_install/etc/php/{7.4 => 8.1}/fpm/pool.d/www.conf (88%) create mode 100644 post_install/usr/local/bin/set_acls create mode 100644 post_install/usr/local/bin/set_owner_and_mode create mode 100644 post_install/usr/local/bin/set_permissions create mode 100644 post_install/usr/local/bin/set_permissions_basic diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 0000000..d1a1224 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,4 @@ +* +!post_install +!pre_install +!qemu* diff --git a/.gitignore b/.gitignore index 78d86c7..ee47f1f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,4 @@ Thumbs.db .project nbproject !.gitignore +docker-persistence diff --git a/Dockerfile b/Dockerfile index ed5f0b9..a3b8068 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,6 @@ -FROM jarischaefer/baseimage-librenms:3.3 +FROM jarischaefer/baseimage-librenms:4.0 + +EXPOSE 80 443 ENV TZ=UTC \ RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ @@ -7,8 +9,9 @@ ENV TZ=UTC \ WEATHERMAP_CRON="*/5 * * * *" \ POLLERS=8 \ POLLERS_CRON="*/5 * * * *" \ - INSTALL=false -EXPOSE 80 443 + INSTALL=false \ + PHP_FPM_WORKERS_MIN=1 \ + PHP_FPM_WORKERS_MAX=4 ADD pre_install / @@ -17,7 +20,7 @@ RUN chmod +x /build/install && /build/install && rm -r /build ADD post_install / RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ - find /opt/librenms \( ! -user librenms -o ! -group librenms \) -exec chown librenms:librenms {} \; && \ + find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ chmod 644 /etc/cron.d/* /etc/librenms/cron/* VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] diff --git a/Dockerfile.arm32v7 b/Dockerfile.arm32v7 index 37687ae..60c92ed 100644 --- a/Dockerfile.arm32v7 +++ b/Dockerfile.arm32v7 @@ -1,6 +1,8 @@ -FROM --platform=linux/arm32v7 jarischaefer/baseimage-librenms:3.2-arm32v7 +FROM --platform=linux/arm32v7 jarischaefer/baseimage-librenms:4.0-arm32v7 ADD qemu-arm-static /usr/bin +EXPOSE 80 443 + ENV TZ=UTC \ RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ RRDCACHED_CONNECT=unix:/var/run/rrdcached/rrdcached.sock \ @@ -8,8 +10,9 @@ ENV TZ=UTC \ WEATHERMAP_CRON="*/5 * * * *" \ POLLERS=8 \ POLLERS_CRON="*/5 * * * *" \ - INSTALL=false -EXPOSE 80 443 + INSTALL=false \ + PHP_FPM_WORKERS_MIN=1 \ + PHP_FPM_WORKERS_MAX=4 ADD pre_install / @@ -18,7 +21,7 @@ RUN chmod +x /build/install && /build/install && rm -r /build ADD post_install / RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ - find /opt/librenms \( ! -user librenms -o ! -group librenms \) -exec chown librenms:librenms {} \; && \ + find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ chmod 644 /etc/cron.d/* /etc/librenms/cron/* VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] diff --git a/Dockerfile.arm64v8 b/Dockerfile.arm64v8 index fcea134..a45ab47 100644 --- a/Dockerfile.arm64v8 +++ b/Dockerfile.arm64v8 @@ -1,6 +1,8 @@ -FROM --platform=linux/arm64v8 jarischaefer/baseimage-librenms:3.2-arm64v8 +FROM --platform=linux/arm64v8 jarischaefer/baseimage-librenms:4.0-arm64v8 ADD qemu-aarch64-static /usr/bin +EXPOSE 80 443 + ENV TZ=UTC \ RRDCACHED_LISTEN=unix:/var/run/rrdcached/rrdcached.sock \ RRDCACHED_CONNECT=unix:/var/run/rrdcached/rrdcached.sock \ @@ -8,8 +10,9 @@ ENV TZ=UTC \ WEATHERMAP_CRON="*/5 * * * *" \ POLLERS=8 \ POLLERS_CRON="*/5 * * * *" \ - INSTALL=false -EXPOSE 80 443 + INSTALL=false \ + PHP_FPM_WORKERS_MIN=1 \ + PHP_FPM_WORKERS_MAX=4 ADD pre_install / @@ -18,7 +21,7 @@ RUN chmod +x /build/install && /build/install && rm -r /build ADD post_install / RUN chmod -R +x /etc/my_init.d /etc/service /usr/local/bin && \ - find /opt/librenms \( ! -user librenms -o ! -group librenms \) -exec chown librenms:librenms {} \; && \ + find /opt/librenms \( ! -user librenms -o ! -group librenms \) | xargs -L25 -r chown -h librenms:librenms && \ chmod 644 /etc/cron.d/* /etc/librenms/cron/* VOLUME ["/opt/librenms/logs", "/opt/librenms/rrd", "/opt/librenms/storage"] diff --git a/README.md b/README.md index f4df874..ec27756 100644 --- a/README.md +++ b/README.md @@ -14,10 +14,10 @@ Releases are listed on the [Releases page](https://github.com/jarischaefer/docke docker-librenms is a customizable Docker image for [LibreNMS](http://www.librenms.org/) based on Ubuntu. -The container runs nginx 1.15+ with HTTP/2 support and PHP 7.4 FPM with [OPCache](http://php.net/manual/en/book.opcache.php) +The container runs nginx 1.18+ with HTTP/2 support and PHP 8.1 FPM with [OPCache](http://php.net/manual/en/book.opcache.php) and [rrdcached](https://oss.oetiker.ch/rrdtool/doc/rrdcached.en.html) for maximum performance. -> :warning: ARM is not supported currently, see [here](https://github.com/jarischaefer/docker-librenms/issues/114) for more details. +> :warning: ARM support is experimental, see [here](https://github.com/jarischaefer/docker-librenms/issues/114) for more details. --- @@ -229,6 +229,8 @@ The following keys can be passed directly via the `-e` switch: |TZ |UTC |Timezone (e.g. Europe/Zurich) |PUID | |User ID |PGID | |Group ID +|PHP_FPM_WORKERS_MIN |1 |Minimum number of PHP-FPM workers +|PHP_FPM_WORKERS_MAX |4 |Maximum number of PHP-FPM workers ## Enabling/disabling container features diff --git a/docker-compose.yml b/docker-compose.yml index 6c3da78..c712ab8 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,4 +1,4 @@ -version: '2' +version: '3.9' services: web: @@ -7,27 +7,36 @@ services: ports: - "80:80" volumes: - - /my/persistent/directory/logs:/opt/librenms/logs - - /my/persistent/directory/rrd:/opt/librenms/rrd + - ./docker-persistence/logs:/opt/librenms/logs + - ./docker-persistence/rrd:/opt/librenms/rrd environment: - - APP_KEY=REPLACE-WITH-GENERATED-KEY + - APP_KEY=base64:7cVDlhFEZ1dyxIuP38Yy72YuXrcGg1ISwAwZ2dKt4Pk= - DB_HOST=db - DB_NAME=librenms - DB_USER=librenms - DB_PASS=librenms - POLLERS=16 - BASE_URL=http://localhost + - DAILY_ON_STARTUP=true links: - mysql:db + depends_on: + mysql: + condition: service_healthy mysql: - image: mysql:5.6 + image: mysql:8.0 command: --sql-mode="" ports: - "3306" volumes: - - /my/persistent/directory/mysql:/var/lib/mysql + - ./docker-persistence/mysql:/var/lib/mysql environment: - MYSQL_ROOT_PASSWORD=password - MYSQL_USER=librenms - MYSQL_PASSWORD=librenms - MYSQL_DATABASE=librenms + healthcheck: + test: "mysql -h localhost -u root -p$$MYSQL_ROOT_PASSWORD -e 'USE librenms'" + interval: 5s + timeout: 5s + retries: 20 diff --git a/hooks/post_checkout b/hooks/post_checkout index d037d4a..82e1a2c 100644 --- a/hooks/post_checkout +++ b/hooks/post_checkout @@ -1,6 +1,6 @@ -#!/bin/bash -eu +#!/bin/sh -eu -curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-2/qemu-arm-static.tar.gz" | tar -xz -curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v5.2.0-2/qemu-aarch64-static.tar.gz" | tar -xz +curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-arm-static.tar.gz" | tar -xz +curl -qsSL "https://github.com/multiarch/qemu-user-static/releases/download/v6.1.0-8/qemu-aarch64-static.tar.gz" | tar -xz chmod 755 qemu-arm-static qemu-aarch64-static diff --git a/hooks/pre_build b/hooks/pre_build index 742558f..e7dc1c7 100644 --- a/hooks/pre_build +++ b/hooks/pre_build @@ -1,3 +1,3 @@ -#!/bin/bash -eu +#!/bin/sh -eu docker run --rm --privileged multiarch/qemu-user-static:register --reset diff --git a/post_install/etc/my_init.d/librenms_105_environment b/post_install/etc/my_init.d/librenms_000_environment similarity index 92% rename from post_install/etc/my_init.d/librenms_105_environment rename to post_install/etc/my_init.d/librenms_000_environment index f88753d..7bb30e7 100755 --- a/post_install/etc/my_init.d/librenms_105_environment +++ b/post_install/etc/my_init.d/librenms_000_environment @@ -1,4 +1,5 @@ #!/bin/bash -e +# Bash supports the ${!...} construct for indirect variable expansion LOCK_FILE=/var/lock/librenms_environment.lock @@ -6,7 +7,7 @@ if [ -f "$LOCK_FILE" ]; then exit 0 fi -function addConfig() { +addConfig () { if [ -n "${!1}" ]; then echo "export $1=\"${!1}\"" >> /etc/librenms_environment fi diff --git a/post_install/etc/my_init.d/librenms_000_permissions b/post_install/etc/my_init.d/librenms_000_permissions deleted file mode 100755 index 81ec942..0000000 --- a/post_install/etc/my_init.d/librenms_000_permissions +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash -e - -# Create a new librenms user and remap it to the given UID -if [ ! -z "$PUID" ]; then - if [ -z "$PGID" ]; then - PGID=${PUID} - fi - - deluser librenms - delgroup www-data librenms - delgroup librenms - groupadd --gid ${PGID} librenms - usermod --append --groups librenms www-data - useradd librenms --gid librenms --home-dir /opt/librenms --system --shell /bin/bash --uid ${PUID} -fi - -# avoids problems when mounting volumes via NFS -set +e - -setfacl --default --modify g::rwX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - -setfacl --modify g::rwX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - -chown librenms:librenms \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/conf.d \ - /opt/librenms/conf.internal.d \ - /opt/librenms/html/plugins/Weathermap/configs \ - /opt/librenms/html/plugins/Weathermap/output \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - -chmod -x,u=rwX,g=rwX,o=rX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/conf.d \ - /opt/librenms/conf.internal.d \ - /opt/librenms/html/plugins/Weathermap/configs \ - /opt/librenms/html/plugins/Weathermap/output \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - -exit 0 diff --git a/post_install/etc/my_init.d/librenms_001_early_permissions b/post_install/etc/my_init.d/librenms_001_early_permissions new file mode 100755 index 0000000..c41a85e --- /dev/null +++ b/post_install/etc/my_init.d/librenms_001_early_permissions @@ -0,0 +1,22 @@ +#!/bin/sh -e + +# Create a new librenms user and remap it to the given UID +if [ ! -z "$PUID" ]; then + if [ -z "$PGID" ]; then + PGID=${PUID} + fi + + deluser librenms + delgroup www-data librenms + delgroup librenms + groupadd --gid ${PGID} librenms + usermod --append --groups librenms www-data + useradd librenms --gid librenms --home-dir /opt/librenms --system --shell /bin/bash --uid ${PUID} +fi + +# avoids problems when mounting volumes via NFS +set +e + +/usr/local/bin/set_permissions_basic + +exit 0 diff --git a/post_install/etc/my_init.d/librenms_010_mounts b/post_install/etc/my_init.d/librenms_002_mounts similarity index 94% rename from post_install/etc/my_init.d/librenms_010_mounts rename to post_install/etc/my_init.d/librenms_002_mounts index 3fddc88..20789bc 100644 --- a/post_install/etc/my_init.d/librenms_010_mounts +++ b/post_install/etc/my_init.d/librenms_002_mounts @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu NAGIOS_PLUGINS_MOUNT=/mount/nagios_plugins TARGET_DIR=/usr/lib/nagios/plugins diff --git a/post_install/etc/my_init.d/librenms_100_cron b/post_install/etc/my_init.d/librenms_100_cron index a2ad176..059d932 100755 --- a/post_install/etc/my_init.d/librenms_100_cron +++ b/post_install/etc/my_init.d/librenms_100_cron @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e LOCK_FILE=/var/lock/librenms_cron.lock diff --git a/post_install/etc/my_init.d/librenms_101_ssl b/post_install/etc/my_init.d/librenms_101_ssl index c097737..092d0a2 100755 --- a/post_install/etc/my_init.d/librenms_101_ssl +++ b/post_install/etc/my_init.d/librenms_101_ssl @@ -1,10 +1,4 @@ -#!/bin/bash -eu - -LOCK_FILE=/var/lock/librenms_ssl.lock - -if [ -f "$LOCK_FILE" ]; then - exit 0 -fi +#!/bin/sh -eu CONF_FILE=/etc/nginx/sites-available/librenms.https SSL_CERT=/etc/nginx/ssl/ssl.crt @@ -16,7 +10,5 @@ if [ -f "$SSL_CERT" ] && [ -f "$SSL_KEY" ]; then sed -i 's/#ssl_trusted_certificate/ssl_trusted_certificate/g' "$CONF_FILE" fi - ln -s "$CONF_FILE" /etc/nginx/sites-enabled/librenms.https + ln -sf "$CONF_FILE" /etc/nginx/sites-enabled/librenms.https fi - -touch "$LOCK_FILE" diff --git a/post_install/etc/my_init.d/librenms_102_ipv6 b/post_install/etc/my_init.d/librenms_102_ipv6 index 53c22ab..b21a281 100755 --- a/post_install/etc/my_init.d/librenms_102_ipv6 +++ b/post_install/etc/my_init.d/librenms_102_ipv6 @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e LOCK_FILE=/var/lock/librenms_ipv6.lock diff --git a/post_install/etc/my_init.d/librenms_103_timezone b/post_install/etc/my_init.d/librenms_103_timezone index 00e6e72..75ce0f5 100755 --- a/post_install/etc/my_init.d/librenms_103_timezone +++ b/post_install/etc/my_init.d/librenms_103_timezone @@ -1,13 +1,13 @@ -#!/bin/bash -e +#!/bin/sh -e if [ -n "$TZ" ]; then - ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone + ln -snf "/usr/share/zoneinfo/${TZ}" /etc/localtime && echo "$TZ" > /etc/timezone - if [ ! -f /etc/php/7.4/cli/conf.d/100-timezone.ini ]; then - echo "date.timezone=$TZ" > /etc/php/7.4/cli/conf.d/100-timezone.ini + if [ ! -f /etc/php/8.1/cli/conf.d/100-timezone.ini ]; then + echo "date.timezone=${TZ}" > /etc/php/8.1/cli/conf.d/100-timezone.ini fi - if [ ! -f /etc/php/7.4/fpm/conf.d/100-timezone.ini ]; then - echo "date.timezone=$TZ" > /etc/php/7.4/fpm/conf.d/100-timezone.ini + if [ ! -f /etc/php/8.1/fpm/conf.d/100-timezone.ini ]; then + echo "date.timezone=${TZ}" > /etc/php/8.1/fpm/conf.d/100-timezone.ini fi fi diff --git a/post_install/etc/my_init.d/librenms_104_php_fpm b/post_install/etc/my_init.d/librenms_104_php_fpm new file mode 100644 index 0000000..4267e1c --- /dev/null +++ b/post_install/etc/my_init.d/librenms_104_php_fpm @@ -0,0 +1,6 @@ +#!/bin/sh -eu + +configFile=/etc/php/8.1/fpm/pool.d/www.conf + +sed -i "s/PLACEHOLDER_MAX_WORKERS/${PHP_FPM_WORKERS_MAX}/g" "$configFile" +sed -i "s/PLACEHOLDER_MIN_WORKERS/${PHP_FPM_WORKERS_MIN}/g" "$configFile" diff --git a/post_install/etc/my_init.d/librenms_104_config b/post_install/etc/my_init.d/librenms_200_librenms_config similarity index 69% rename from post_install/etc/my_init.d/librenms_104_config rename to post_install/etc/my_init.d/librenms_200_librenms_config index f26ba1a..997893d 100755 --- a/post_install/etc/my_init.d/librenms_104_config +++ b/post_install/etc/my_init.d/librenms_200_librenms_config @@ -1,6 +1,7 @@ #!/bin/bash -eu +# Bash supports the ${!...} construct for indirect variable expansion -function requireConfig() { +requireConfig () { if [ -z ${!1:-} ]; then echo "Error: $1 is unset" >&2 exit 1 @@ -40,19 +41,7 @@ fi requireConfig DB_NAME requireConfig BASE_URL -# Deprecated legacy config support -# TODO remove legacy config - -if [ -f /opt/librenms/config.custom.php ]; then - echo -e "\033[1;33mWARNING: Detected deprecated config.custom.php file, please check the docs\033[0m" >&2 - - echo " /opt/librenms/conf.internal.d/config.custom.php - cat /opt/librenms/config.custom.php >> /opt/librenms/conf.internal.d/config.custom.php - chown librenms:librenms /opt/librenms/conf.internal.d/config.custom.php -fi - - -# Generate Laravel .env file from legacy config +# Generate Laravel .env file COMPOSER_PROCESS_TIMEOUT=3600 APP_ENV=local /sbin/setuser librenms composer run-script post-install-cmd -d /opt/librenms # Not deleting the directory causes validation errors in LibreNMS diff --git a/post_install/etc/my_init.d/librenms_107_create_default_files b/post_install/etc/my_init.d/librenms_201_create_default_files similarity index 94% rename from post_install/etc/my_init.d/librenms_107_create_default_files rename to post_install/etc/my_init.d/librenms_201_create_default_files index 32de12e..2f2cdc2 100755 --- a/post_install/etc/my_init.d/librenms_107_create_default_files +++ b/post_install/etc/my_init.d/librenms_201_create_default_files @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu if [ ! -f /opt/librenms/logs/.gitignore ]; then cp /opt/helpers/default_files/logs/.gitignore /opt/librenms/logs/.gitignore diff --git a/post_install/etc/my_init.d/librenms_109_services b/post_install/etc/my_init.d/librenms_220_optional_services similarity index 97% rename from post_install/etc/my_init.d/librenms_109_services rename to post_install/etc/my_init.d/librenms_220_optional_services index 96d0191..7b26cdd 100755 --- a/post_install/etc/my_init.d/librenms_109_services +++ b/post_install/etc/my_init.d/librenms_220_optional_services @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e LOCK_FILE=/var/lock/librenms_services.lock diff --git a/post_install/etc/my_init.d/librenms_108_syslog b/post_install/etc/my_init.d/librenms_221_syslog similarity index 65% rename from post_install/etc/my_init.d/librenms_108_syslog rename to post_install/etc/my_init.d/librenms_221_syslog index 5e01fef..b90fd8f 100755 --- a/post_install/etc/my_init.d/librenms_108_syslog +++ b/post_install/etc/my_init.d/librenms_221_syslog @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e LOCK_FILE=/var/lock/librenms_syslog.lock @@ -6,11 +6,12 @@ if [ -f "$LOCK_FILE" ]; then exit 0 fi -if [ "$ENABLE_SYSLOG" == "1" ] || [ "$ENABLE_SYSLOG" == "true" ]; then +if [ "$ENABLE_SYSLOG" = "1" ] || [ "$ENABLE_SYSLOG" = "true" ]; then + echo "Enabling syslog" ln -sf /etc/librenms/syslog/librenms.syslog.conf /etc/syslog-ng/conf.d/librenms.syslog.conf ln -sf /etc/librenms/syslog/syslog.conf.php /opt/librenms/conf.internal.d/syslog.conf.php - kill -SIGHUP $(cat /var/run/syslog-ng.pid) + /usr/bin/kill -HUP $(cat /var/run/syslog-ng.pid) fi touch "$LOCK_FILE" diff --git a/post_install/etc/my_init.d/librenms_106_daily b/post_install/etc/my_init.d/librenms_290_daily similarity index 90% rename from post_install/etc/my_init.d/librenms_106_daily rename to post_install/etc/my_init.d/librenms_290_daily index 32a6e21..4d90ab8 100755 --- a/post_install/etc/my_init.d/librenms_106_daily +++ b/post_install/etc/my_init.d/librenms_290_daily @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e if [ "$DAILY_ON_STARTUP" = "true" ]; then cd /opt/librenms diff --git a/post_install/etc/my_init.d/librenms_900_permissions b/post_install/etc/my_init.d/librenms_900_permissions index 8670807..bc5bdcf 100755 --- a/post_install/etc/my_init.d/librenms_900_permissions +++ b/post_install/etc/my_init.d/librenms_900_permissions @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e # Create a new librenms user and remap it to the given UID if [ ! -z "$PUID" ]; then @@ -18,42 +18,8 @@ fi set +e # Don't `chown` if SKIP_CHOWN is set (Useful for NFS mounted shares) -if [ -z "$SKIP_CHOWN" ]; then - if [ -f /opt/librenms/config.custom.php ]; then - chown librenms:librenms /opt/librenms/config.custom.php - fi - - setfacl --recursive --default --modify g::rwX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - - setfacl --recursive --modify g::rwX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - - chown -R librenms:librenms \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/conf.d \ - /opt/librenms/conf.internal.d \ - /opt/librenms/html/plugins/Weathermap/configs \ - /opt/librenms/html/plugins/Weathermap/output \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage - - chmod -R -x,u=rwX,g=rwX,o=rX \ - /opt/librenms/bootstrap/cache \ - /opt/librenms/conf.d \ - /opt/librenms/conf.internal.d \ - /opt/librenms/html/plugins/Weathermap/configs \ - /opt/librenms/html/plugins/Weathermap/output \ - /opt/librenms/logs \ - /opt/librenms/rrd \ - /opt/librenms/storage +if [ "$SKIP_CHOWN" != "true" ]; then + /usr/local/bin/set_permissions fi exit 0 diff --git a/post_install/etc/nginx/nginx.conf b/post_install/etc/nginx/nginx.conf index f20e1fe..62b4de6 100644 --- a/post_install/etc/nginx/nginx.conf +++ b/post_install/etc/nginx/nginx.conf @@ -1,5 +1,5 @@ user www-data; -worker_processes auto; +worker_processes 1; pid /var/run/nginx.pid; daemon off; @@ -17,14 +17,14 @@ http { tcp_nopush on; tcp_nodelay on; - ssl_protocols TLSv1.2; + ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers off; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES256-GCM-SHA384:DHE-DSS-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256; - ssl_ecdh_curve secp384r1; + ssl_ecdh_curve auto; ssl_session_cache builtin:1000 shared:SSL:64M; ssl_session_timeout 10m; ssl_dhparam /etc/nginx/dhparam.pem; - resolver 8.8.8.8 8.8.4.4 valid=300s; + resolver 1.1.1.1 8.8.8.8 valid=300s; resolver_timeout 5s; ssl_stapling on; ssl_stapling_verify on; diff --git a/post_install/etc/php/7.4/cli/conf.d/90-include-path.ini b/post_install/etc/php/8.1/cli/conf.d/90-include-path.ini similarity index 100% rename from post_install/etc/php/7.4/cli/conf.d/90-include-path.ini rename to post_install/etc/php/8.1/cli/conf.d/90-include-path.ini diff --git a/post_install/etc/php/7.4/fpm/conf.d/90-include-path.ini b/post_install/etc/php/8.1/fpm/conf.d/90-include-path.ini similarity index 100% rename from post_install/etc/php/7.4/fpm/conf.d/90-include-path.ini rename to post_install/etc/php/8.1/fpm/conf.d/90-include-path.ini diff --git a/post_install/etc/php/7.4/fpm/conf.d/91-opcache.ini b/post_install/etc/php/8.1/fpm/conf.d/91-opcache.ini similarity index 100% rename from post_install/etc/php/7.4/fpm/conf.d/91-opcache.ini rename to post_install/etc/php/8.1/fpm/conf.d/91-opcache.ini diff --git a/post_install/etc/php/7.4/fpm/conf.d/99-no-memory-limit.ini b/post_install/etc/php/8.1/fpm/conf.d/99-no-memory-limit.ini similarity index 100% rename from post_install/etc/php/7.4/fpm/conf.d/99-no-memory-limit.ini rename to post_install/etc/php/8.1/fpm/conf.d/99-no-memory-limit.ini diff --git a/post_install/etc/php/7.4/fpm/pool.d/www.conf b/post_install/etc/php/8.1/fpm/pool.d/www.conf similarity index 88% rename from post_install/etc/php/7.4/fpm/pool.d/www.conf rename to post_install/etc/php/8.1/fpm/pool.d/www.conf index 30e0648..c0c9e9d 100644 --- a/post_install/etc/php/7.4/fpm/pool.d/www.conf +++ b/post_install/etc/php/8.1/fpm/pool.d/www.conf @@ -41,7 +41,8 @@ listen = /run/php/php-fpm.sock ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. The owner +; and group can be specified either by name or by their numeric IDs. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data @@ -70,7 +71,7 @@ listen.group = www-data ; process.priority = -19 ; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process +; or group is different than the master process user. It allows to create process ; core dump and ptrace the process for the pool user. ; Default Value: no ; process.dumpable = yes @@ -92,6 +93,8 @@ listen.group = www-data ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; pm.max_spawn_rate - the maximum number of rate to spawn child +; processes at once. ; ondemand - no children are created at startup. Children will be forked when ; new requests will connect. The following parameter are used: ; pm.max_children - the maximum number of children that @@ -110,36 +113,42 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 24 +pm.max_children = PLACEHOLDER_MAX_WORKERS ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 4 +; Default Value: (min_spare_servers + max_spare_servers) / 2 +pm.start_servers = PLACEHOLDER_MIN_WORKERS ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 4 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 8 +pm.max_spare_servers = 4 + +; The number of rate to spawn child processes at once. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +; Default Value: 32 +;pm.max_spawn_rate = 32 ; The number of seconds after which an idle process will be killed. ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s -;pm.process_idle_timeout = 10s; +pm.process_idle_timeout = 120s; ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -;pm.max_requests = 500 +pm.max_requests = 1000 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: +; recognized as a status page. It shows the following information: ; pool - the name of the pool; ; process manager - static, dynamic or ondemand; ; start time - the date and time FPM has started; @@ -229,7 +238,7 @@ pm.max_spare_servers = 8 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/php/7.4/fpm/status.html +; It's available in: /usr/share/php/8.1/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -237,6 +246,22 @@ pm.max_spare_servers = 8 ; Default Value: not set ;pm.status_path = /status +; The address on which to accept FastCGI status request. This creates a new +; invisible pool that can handle requests independently. This is useful +; if the main pool is busy with long running requests because it is still possible +; to get the status before finishing the long running requests. +; +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on +; a specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Default Value: value of the listen option +;pm.status_listen = 127.0.0.1:9001 + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -269,13 +294,13 @@ pm.max_spare_servers = 8 ; %d: time taken to serve the request ; it can accept the following format: ; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d +; - %{milliseconds}d +; - %{milli}d ; - %{microseconds}d ; - %{micro}d ; %e: an environment variable (same as $_ENV or $_SERVER) ; it must be associated with embraces to specify the name of the env -; variable. Some exemples: +; variable. Some examples: ; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e ; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e ; %f: script filename @@ -305,17 +330,17 @@ pm.max_spare_servers = 8 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag +; The strftime(3) format must be encapsulated in a %{}t tag ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag +; The strftime(3) format must be encapsulated in a %{}t tag ; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{milli}d %{kilo}M %C%%" ; The log file for slow requests ; Default Value: not set @@ -339,6 +364,14 @@ pm.max_spare_servers = 8 ; Default Value: 0 ;request_terminate_timeout = 0 +; The timeout set by 'request_terminate_timeout' ini option is not engaged after +; application calls 'fastcgi_finish_request' or when application has finished and +; shutdown functions are being called (registered via register_shutdown_function). +; This option will enable timeout limit to be applied unconditionally +; even in such cases. +; Default Value: no +;request_terminate_timeout_track_finished = no + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 @@ -366,7 +399,7 @@ pm.max_spare_servers = 8 ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page +; Note: on highloaded environment, this can cause some delay in the page ; process time (several ms). ; Default Value: no ;catch_workers_output = yes diff --git a/post_install/etc/runit/runsvdir/default/librenms-service/run b/post_install/etc/runit/runsvdir/default/librenms-service/run index d8a13d4..8d98757 100644 --- a/post_install/etc/runit/runsvdir/default/librenms-service/run +++ b/post_install/etc/runit/runsvdir/default/librenms-service/run @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e if [ -z "$LIBRENMS_SERVICE_OPTS" ]; then LIBRENMS_SERVICE_OPTS="" diff --git a/post_install/etc/runit/runsvdir/default/nginx/run b/post_install/etc/runit/runsvdir/default/nginx/run index 7526fc7..a4d2be4 100755 --- a/post_install/etc/runit/runsvdir/default/nginx/run +++ b/post_install/etc/runit/runsvdir/default/nginx/run @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu echo "Starting nginx..." diff --git a/post_install/etc/runit/runsvdir/default/php-fpm/run b/post_install/etc/runit/runsvdir/default/php-fpm/run index 012f03c..40b6646 100755 --- a/post_install/etc/runit/runsvdir/default/php-fpm/run +++ b/post_install/etc/runit/runsvdir/default/php-fpm/run @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu echo "Starting php-fpm..." @@ -6,4 +6,4 @@ if [ ! -d /run/php ]; then mkdir /run/php fi -exec /usr/sbin/php-fpm7.4 --nodaemonize --fpm-config /etc/php/7.4/fpm/php-fpm.conf +exec /usr/sbin/php-fpm8.1 --nodaemonize --fpm-config /etc/php/8.1/fpm/php-fpm.conf diff --git a/post_install/etc/runit/runsvdir/default/rrdcached/run b/post_install/etc/runit/runsvdir/default/rrdcached/run index 5708dbd..b3137e5 100755 --- a/post_install/etc/runit/runsvdir/default/rrdcached/run +++ b/post_install/etc/runit/runsvdir/default/rrdcached/run @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu echo "Starting rrdcached..." diff --git a/post_install/etc/runit/runsvdir/default/snmptrapd/run b/post_install/etc/runit/runsvdir/default/snmptrapd/run index bbe5bc9..690d4a5 100644 --- a/post_install/etc/runit/runsvdir/default/snmptrapd/run +++ b/post_install/etc/runit/runsvdir/default/snmptrapd/run @@ -1,4 +1,4 @@ -#!/bin/bash -e +#!/bin/sh -e if [ -z "$SNMPTRAPD_MIBDIRS" ]; then SNMPTRAPD_MIBDIRS="/opt/librenms/mibs" diff --git a/post_install/usr/local/bin/create_admin b/post_install/usr/local/bin/create_admin index 0bb08d6..8e839d1 100644 --- a/post_install/usr/local/bin/create_admin +++ b/post_install/usr/local/bin/create_admin @@ -1,3 +1,3 @@ -#!/bin/bash -eu +#!/bin/sh -eu /usr/local/bin/create_user admin admin 10 admin@example.com diff --git a/post_install/usr/local/bin/create_user b/post_install/usr/local/bin/create_user index 59b5be1..c2dad7f 100644 --- a/post_install/usr/local/bin/create_user +++ b/post_install/usr/local/bin/create_user @@ -1,4 +1,4 @@ -#!/bin/bash -eu +#!/bin/sh -eu user=$1 password=$2 diff --git a/post_install/usr/local/bin/generate_key b/post_install/usr/local/bin/generate_key index 21b7918..8ec4aa5 100644 --- a/post_install/usr/local/bin/generate_key +++ b/post_install/usr/local/bin/generate_key @@ -1,3 +1,3 @@ -#!/bin/bash -eu +#!/bin/sh -eu /sbin/setuser librenms php /opt/librenms/artisan key:generate --show diff --git a/post_install/usr/local/bin/set_acls b/post_install/usr/local/bin/set_acls new file mode 100644 index 0000000..90e051c --- /dev/null +++ b/post_install/usr/local/bin/set_acls @@ -0,0 +1,4 @@ +#!/bin/sh -u + +setfacl --recursive --default --modify g::rwX "$1" +setfacl --recursive --modify g::rwX "$1" diff --git a/post_install/usr/local/bin/set_owner_and_mode b/post_install/usr/local/bin/set_owner_and_mode new file mode 100644 index 0000000..c2a2477 --- /dev/null +++ b/post_install/usr/local/bin/set_owner_and_mode @@ -0,0 +1,4 @@ +#!/bin/sh -u + +chown -R --no-dereference librenms:librenms "$1" +chmod -R -x,u=rwX,g=rwX,o=rX "$1" diff --git a/post_install/usr/local/bin/set_permissions b/post_install/usr/local/bin/set_permissions new file mode 100644 index 0000000..5753eda --- /dev/null +++ b/post_install/usr/local/bin/set_permissions @@ -0,0 +1,10 @@ +#!/bin/sh -u + +PATH=/usr/local/bin:$PATH + +# Set basic permissions again since new files may be generated during configuration +set_permissions_basic + +# Set permissions for additional user directories +set_acls /opt/librenms/rrd +set_owner_and_mode /opt/librenms/rrd diff --git a/post_install/usr/local/bin/set_permissions_basic b/post_install/usr/local/bin/set_permissions_basic new file mode 100644 index 0000000..9247c10 --- /dev/null +++ b/post_install/usr/local/bin/set_permissions_basic @@ -0,0 +1,15 @@ +#!/bin/sh -u + +PATH=/usr/local/bin:$PATH + +set_acls /opt/librenms/bootstrap/cache +set_acls /opt/librenms/logs +set_acls /opt/librenms/storage + +set_owner_and_mode /opt/librenms/bootstrap/cache +set_owner_and_mode /opt/librenms/conf.d +set_owner_and_mode /opt/librenms/conf.internal.d +set_owner_and_mode /opt/librenms/html/plugins/Weathermap/configs +set_owner_and_mode /opt/librenms/html/plugins/Weathermap/output +set_owner_and_mode /opt/librenms/logs +set_owner_and_mode /opt/librenms/storage diff --git a/post_install/usr/local/bin/setup_database b/post_install/usr/local/bin/setup_database index bbae4cf..72fd63d 100644 --- a/post_install/usr/local/bin/setup_database +++ b/post_install/usr/local/bin/setup_database @@ -1,3 +1,3 @@ -#!/bin/bash -eu +#!/bin/sh -eu /sbin/setuser librenms php /opt/librenms/includes/sql-schema/update.php diff --git a/pre_install/build/install b/pre_install/build/install index e07a0ea..f942d4c 100644 --- a/pre_install/build/install +++ b/pre_install/build/install @@ -1,18 +1,20 @@ -#!/bin/bash -eu +#!/bin/sh -eu -LIBRENMS_VERSION=${LIBRENMS_VERSION:-22.6.0} -LIBRENMS_WEATHERMAP_VERSION=2b9e0f2e7df80b1e5eb75a1470bc657325cbb381 +LIBRENMS_VERSION=${LIBRENMS_VERSION:-22.7.0} +LIBRENMS_WEATHERMAP_VERSION=018334ac225a07a77d044a7b46af452d3242534a -# Dependencies git clone --branch ${LIBRENMS_VERSION} https://github.com/librenms/librenms.git /opt/librenms + +# Dependencies +apt update +apt -yq dist-upgrade +apt -yq install --no-install-recommends gcc python3-dev pip3 install -r /opt/librenms/requirements.txt -composer --no-interaction global require hirak/prestissimo composer --no-interaction install --working-dir=/opt/librenms --no-dev --prefer-dist -composer --no-interaction global remove hirak/prestissimo composer clear-cache -# Workaround for initialization order +# Workaround for initialization order - In EnvHelper.php line 117: Call to undefined function LibreNMS\Util\base_path() sed -i 's|"LibreNMS\\\\ComposerHelper::postInstall",|"Illuminate\\\\Foundation\\\\ComposerScripts::postInstall",\n "LibreNMS\\\\ComposerHelper::postInstall",|g' /opt/librenms/composer.json # Weathermap plugin @@ -33,3 +35,18 @@ find /opt/librenms -name '.gitignore' -type f -exec chmod -x "{}" + mkdir -p /opt/helpers/default_files/logs /opt/helpers/default_files/rrd cp /opt/librenms/logs/.gitignore /opt/helpers/default_files/logs cp /opt/librenms/rrd/.gitignore /opt/helpers/default_files/rrd + +# Remove unnecessary files +rm -rf /opt/librenms/tests + +# Cleanup +apt -yq purge gcc python3-dev +apt -yq autoremove --purge +apt clean +rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* +rm -f /var/log/dpkg.log /var/log/alternatives.log /var/log/bootstrap.log +rm -f /var/log/apt/history.log /var/log/apt/term.log +rm -rf /usr/share/man/* /usr/share/groff/* /usr/share/info/* +rm -rf /usr/share/lintian/* /usr/share/linda/* +find /usr/share/doc -not -type d -not -name 'copyright' -delete +find /usr/share/doc -type d -empty -delete