Add IvorySQL-AutoInstaller/ – A Cross-Distribution Source Build Helper with Non-Systemd Support#900
Add IvorySQL-AutoInstaller/ – A Cross-Distribution Source Build Helper with Non-Systemd Support#900yangchunwanwusheng wants to merge 27 commits intoIvorySQL:masterfrom
Conversation
WalkthroughAdds a Bash-based IvorySQL automated installer with strict error handling, logging, config parsing, filesystem/service setup, OS/package detection, dependency installation (Nix-aware), source build/install, initdb/service registration, Nix flake for dev shells, and English/Chinese documentation. Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor Admin
participant Script as AutoInstall.sh
participant Config as ivorysql.conf
participant Host as OS / Package Manager
participant NixEnv as Nix Env (optional)
participant Builder as Build Toolchain
participant Service as systemd / ivorysql-ctl
Admin->>Script: run installer
Script->>Config: load & validate
Script->>Script: init logging, prepare FS & users
alt In Nix environment
Script->>NixEnv: detect IN_NIX_SHELL / NIX_BUILD_TOP
NixEnv-->>Script: present
Script->>Script: log and skip system package installs
else Not in Nix
Script->>Host: detect distro & select package manager
Script->>Host: enable repos (opt) / install dependencies
end
Script->>Builder: configure -> make -j -> make install
Builder-->>Script: build finished
Script->>Service: create systemd unit or `ivorysql-ctl` wrapper
Script->>Service: start service
Service-->>Script: report ready or timeout (pg_isready/psql)
Script-->>Admin: output summary & troubleshooting hints
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Potential hotspots to inspect:
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 9
🧹 Nitpick comments (11)
autoinstall_script/README.md (3)
188-195: Missing language identifiers for fenced code blocks.Add languages to satisfy MD040 and improve readability.
Example:
-``` +```bash cd IvorySQL/IvorySQL-AutoInstaller-``` +```bash chmod +x AutoInstall.sh
67-74: Markdown tables need surrounding blank lines and one row has 4 cells.
- Add blank lines before/after tables (MD058).
- Fix the “Common Error Handling” table row that yields 4 cells (MD056).
Also applies to: 239-246, 255-262
145-151: Code fences lack language spec.Tag as bash/conf/text where appropriate to satisfy MD040.
Also applies to: 157-169, 218-236
autoinstall_script/README_CN.md (2)
174-181: Add code fence languages (bash/conf).Satisfy MD040 and improve readability.
Also applies to: 186-193, 209-212, 261-267, 287-291
16-22: Tables need blank lines around and verify column counts.Add blank lines before/after tables (MD058) and fix any misaligned rows (MD056).
Also applies to: 30-37, 66-73, 236-246, 252-259
autoinstall_script/AutoInstall.sh (6)
866-868: Quote command substitution for robustness.Minor: quote
$(nproc)to avoid word splitting edge cases and quiet SC2046.- make -j$(nproc) || STEP_FAIL "Build failed." + make -j"$(nproc)" || STEP_FAIL "Build failed."
1004-1028: Non-systemd helper: ensure sed-safe substitution and POSIX shell.If paths include
&or#, sed replacement may misbehave. Also, the shebang uses bash; considershif bash isn’t guaranteed. At minimum, escape&in values.Example escaping:
- sed -i "s#__PGDATA_PLACEHOLDER__#$DATA_DIR#g" "$INSTALL_DIR/ivorysql-ctl" + sed -i "s#__PGDATA_PLACEHOLDER__#$(printf '%s' "$DATA_DIR" | sed 's/[&]/\\&/g')#g" "$INSTALL_DIR/ivorysql-ctl"Repeat for INSTALL_DIR and LOG_DIR.
942-954: INIT_CMD quoting is brittle.The long double-quoted assignment with mixed quotes triggers ShellCheck warnings. Build an array or use a here-doc for clarity.
Example:
INIT_CMD=( env PGDATA="$DATA_DIR" LD_LIBRARY_PATH="$INSTALL_DIR/lib:$INSTALL_DIR/lib/postgresql:${LD_LIBRARY_PATH:-}" PATH="$INSTALL_DIR/bin:${PATH:-/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin}" "$INSTALL_DIR/bin/initdb" -D "$DATA_DIR" --locale=C --encoding=UTF8 -m "$INIT_MODE" --debug ) runuser -u "$SERVICE_USER" -- bash -c "${INIT_CMD[*]}" > "$INIT_LOG" 2>&1 || { ... }
1035-1043: Service start failure path: include initdb tail automatically when start fails right after init.Helps diagnose early failures without manual steps.
Append
tail -n 100 "$INIT_LOG" || trueto the failure branch.
1046-1062: db_is_ready: prefer discovered port and unix socket directory if available.You parse port (get_pgport) but don’t use it; also hardcoding
/tmpmay miss distros using/run/postgresql.Use the port from postmaster.pid and probe both
/tmpand/run/postgresql.
915-933: .bash_profile overwrite risk.Overwrites any existing service user profile. Append or write a dedicated file and source it instead.
Write
$user_home/.ivorysql_envand append asourceline if not present.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (4)
autoinstall_script/AutoInstall.sh(1 hunks)autoinstall_script/README.md(1 hunks)autoinstall_script/README_CN.md(1 hunks)autoinstall_script/ivorysql.conf(1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.11.0)
autoinstall_script/AutoInstall.sh
[warning] 143-143: Declare and assign separately to avoid masking return values.
(SC2155)
[warning] 193-193: ShellCheck can't follow non-constant source. Use a directive to specify location.
(SC1090)
[warning] 232-241: check_root references arguments, but none are ever passed.
(SC2120)
[error] 237-237: Argument mixes string and array. Use * or separate argument.
(SC2145)
[warning] 829-829: perl_paths appears unused. Verify use (or export if used externally).
(SC2034)
[warning] 867-867: Quote this to prevent word splitting.
(SC2046)
[warning] 944-944: Did you forget to close this double quoted string?
(SC1078)
[warning] 952-952: The surrounding quotes actually unquote this. Remove or escape them.
(SC2027)
[warning] 1067-1067: i appears unused. Verify use (or export if used externally).
(SC2034)
🪛 markdownlint-cli2 (0.18.1)
autoinstall_script/README.md
17-17: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
31-31: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
39-39: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
43-43: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
60-60: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
68-68: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
75-75: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
131-131: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
145-145: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
177-177: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
218-218: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
239-239: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
255-255: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
261-261: Table column count
Expected: 3; Actual: 4; Too many cells, extra data will be missing
(MD056, table-column-count)
autoinstall_script/README_CN.md
16-16: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
30-30: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
38-38: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
42-42: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
59-59: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
67-67: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
74-74: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
130-130: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
143-143: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
175-175: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
215-215: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
236-236: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
252-252: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
258-258: Table column count
Expected: 3; Actual: 4; Too many cells, extra data will be missing
(MD056, table-column-count)
🔇 Additional comments (2)
autoinstall_script/README_CN.md (1)
2-2: Language link works; keep consistent directory naming throughout.Ensure all path examples use the actual directory
autoinstall_script/if that is the final location.autoinstall_script/AutoInstall.sh (1)
344-372: Dependency detection/install loops are solid; nice graceful fallbacks.Good coverage across distros with step-tagged logs and non-fatal fallbacks when optional features are missing.
Please confirm that EL10 repo names are correct for Oracle/Rocky variants across mirrors.
Also applies to: 582-635, 646-671
| CURRENT_STAGE "Detect system" | ||
|
|
||
| get_major_version() { | ||
| grep -Eo 'VERSION_ID="?[0-9.]+' /etc/os-release | | ||
| cut -d= -f2 | tr -d '"' | cut -d. -f1 | ||
| } | ||
|
|
||
| STEP_BEGIN "Detecting operating system" | ||
| [[ ! -f /etc/os-release ]] && STEP_FAIL "Unable to detect operating system (missing /etc/os-release)." | ||
| source /etc/os-release | ||
|
|
||
| OS_TYPE="$ID" | ||
| OS_VERSION="$VERSION_ID" | ||
|
|
||
| PKG_MANAGER="" | ||
| STEP_SUCCESS "Detected OS: $PRETTY_NAME" | ||
|
|
||
| # Special handling for Oracle Linux | ||
| if [[ -f /etc/oracle-release ]]; then | ||
| OS_TYPE="oracle" | ||
| ORACLE_VERSION=$(grep -oE '([0-9]+)\.?([0-9]+)?' /etc/oracle-release | head -1) | ||
| STEP_SUCCESS "Detected Oracle Linux $ORACLE_VERSION" | ||
| fi | ||
|
|
||
| case "$OS_TYPE" in | ||
| centos|rhel|almalinux|rocky|oracle) | ||
| RHEL_VERSION=$(get_major_version) | ||
| [[ -z $RHEL_VERSION ]] && STEP_FAIL "Failed to detect major version" | ||
|
|
||
| if [[ $RHEL_VERSION -eq 7 ]]; then | ||
| STEP_FAIL "CentOS/RHEL 7 is not supported by this script." | ||
| elif [[ $RHEL_VERSION =~ ^(8|9|10)$ ]]; then | ||
| if command -v dnf &>/dev/null; then | ||
| PKG_MANAGER="dnf" | ||
| STEP_SUCCESS "Using package manager: dnf" | ||
| else | ||
| PKG_MANAGER="yum" | ||
| STEP_WARNING "dnf not available; falling back to yum" | ||
| fi | ||
| else | ||
| STEP_FAIL "Unsupported version: $RHEL_VERSION" | ||
| fi | ||
| ;; | ||
|
|
||
| ubuntu|debian) | ||
| OS_VERSION=$(grep -Po '(?<=VERSION_ID=")[0-9.]+' /etc/os-release) | ||
| MAJOR_VERSION=${OS_VERSION%%.*} | ||
|
|
||
| case "$OS_TYPE" in | ||
| ubuntu) | ||
| [[ $MAJOR_VERSION =~ ^(18|20|22|24)$ ]] || | ||
| STEP_FAIL "Unsupported Ubuntu version: $OS_VERSION" ;; | ||
| debian) | ||
| [[ $MAJOR_VERSION =~ ^(10|11|12|13)$ ]] || | ||
| STEP_FAIL "Unsupported Debian version: $OS_VERSION" ;; | ||
| esac | ||
| PKG_MANAGER="apt-get" | ||
| STEP_SUCCESS "Using package manager: apt-get" | ||
| ;; | ||
|
|
||
| opensuse*|sles) | ||
| PKG_MANAGER="zypper" | ||
| STEP_SUCCESS "Using package manager: zypper" | ||
| ;; | ||
|
|
||
| arch) | ||
| PKG_MANAGER="pacman" | ||
| STEP_SUCCESS "Using package manager: pacman" | ||
| ;; | ||
|
|
||
| *) | ||
| STEP_FAIL "Unsupported or unrecognized OS: $OS_TYPE" | ||
| ;; | ||
| esac |
There was a problem hiding this comment.
OS detection: allow Fedora explicitly or fail fast with a clearer message.
You reference fedora in UUID deps (Line 649) but not in OS detection. Currently Fedora will be “unsupported OS”.
Add a branch for fedora selecting dnf.
| curl -fsSL https://cpanmin.us | perl - App::cpanminus || true | ||
| cpanm IPC::Run FindBin || STEP_WARNING "Failed to install Perl modules (continuing)." | ||
| } |
There was a problem hiding this comment.
Security: piping remote script into perl as root.
curl -fsSL https://cpanmin.us | perl - App::cpanminus is risky. Prefer distro packages; if absent, fail with a clear message.
- curl -fsSL https://cpanmin.us | perl - App::cpanminus || true
- cpanm IPC::Run FindBin || STEP_WARNING "Failed to install Perl modules (continuing)."
+ STEP_WARNING "cpanminus not available from repos; skipping network bootstrap for security."
+ STEP_FAIL "Missing cpanminus. Install 'perl-App-cpanminus' via OS packages and re-run."📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| curl -fsSL https://cpanmin.us | perl - App::cpanminus || true | |
| cpanm IPC::Run FindBin || STEP_WARNING "Failed to install Perl modules (continuing)." | |
| } | |
| STEP_WARNING "cpanminus not available from repos; skipping network bootstrap for security." | |
| STEP_FAIL "Missing cpanminus. Install 'perl-App-cpanminus' via OS packages and re-run." | |
| } |
🤖 Prompt for AI Agents
In autoinstall_script/AutoInstall.sh around lines 536 to 538, avoid piping a
remote script into perl as root; instead detect and install cpanminus from the
distro package (apt/yum/zypper/pacman) if available, and only if no package
exists download the cpanm installer to a temporary file, verify its integrity
(checksum or signature) before making it executable and moving it to a system
path, and run it explicitly rather than using a curl | perl pipe; if neither
package nor a verified installer is available, emit a clear error or use
STEP_WARNING and do not attempt to execute an unverified remote script.
| INSTALL_DIR=/usr/ivorysql | ||
| DATA_DIR=/var/lib/ivorysql/data | ||
| SERVICE_USER=ivorysql | ||
| SERVICE_GROUP=ivorysql | ||
| REPO_URL=https://github.com/IvorySQL/IvorySQL.git | ||
| LOG_DIR=/var/log/ivorysql |
There was a problem hiding this comment.
🛠️ Refactor suggestion | 🟠 Major
Add guardrails for destructive misconfiguration.
Consider disallowing obviously unsafe prefixes here (/, /usr, /var) to avoid catastrophic chown/rm operations when paths are mis-set.
I can add the checks in AutoInstall.sh if you’d like.
🤖 Prompt for AI Agents
In autoinstall_script/ivorysql.conf around lines 2 to 7, the configured
INSTALL_DIR, DATA_DIR and LOG_DIR can be set to unsafe top-level paths (/, /usr,
/var) which could cause catastrophic chown/rm operations; add validation in
AutoInstall.sh that reads these values and rejects any that are empty, equal to
"/" or match unsafe prefixes like "/usr", "/usr/", "/var", "/var/", or any path
shorter than 3 characters, exiting with a clear error; optionally require an
explicit --force flag or interactive confirmation to allow non-standard roots
and otherwise ensure all chown/rm operations are only performed on validated,
non-root subpaths (e.g., must start with / and have at least two path components
not in the disallowed list).
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
autoinstall_script/README.md(1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
autoinstall_script/README.md
17-17: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
31-31: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
39-39: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
43-43: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
60-60: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
68-68: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
75-75: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
131-131: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
145-145: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
177-177: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
218-218: Fenced code blocks should have a language specified
(MD040, fenced-code-language)
239-239: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
255-255: Tables should be surrounded by blank lines
(MD058, blanks-around-tables)
261-261: Table column count
Expected: 3; Actual: 4; Too many cells, extra data will be missing
(MD056, table-column-count)
🔇 Additional comments (1)
autoinstall_script/README.md (1)
175-195: Align directory paths with the repository layoutAll of these instructions reference
IvorySQL-AutoInstaller/, but the directory checked into the tree isautoinstall_script/. Following the README literally will send users to the wrong path. Please update the documentation to use the real directory name (or rename the directory to match the docs).Apply:
- <repo-root>/IvorySQL-AutoInstaller/ + <repo-root>/autoinstall_script/ @@ - cd IvorySQL/IvorySQL-AutoInstaller + cd IvorySQL/autoinstall_script
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (3)
autoinstall_script/AutoInstall.sh (3)
97-108: Stop sourcing ivorysql.conf; parse it safely instead.Using
. "$cfg"still executes arbitrary code via command substitutions despite the regex check. Please switch to a safe KEY=VALUE parser that trims whitespace, rejects invalid keys, and assigns viadeclare -gwithout evaluation.Apply this diff:
- STEP "Sourcing config" - if grep -Evq '^\s*([A-Z_][A-Z0-9_]*\s*=\s*.*|#|$)' "$cfg"; then - FAIL "Invalid lines detected in config (only KEY=VALUE, # comments, blanks)." - fi - . "$cfg" + STEP "Loading config" + if grep -Evq '^\s*([A-Z_][A-Z0-9_]*\s*=\s*[^#]*|#|$)' "$cfg"; then + FAIL "Invalid lines detected in config (only KEY=VALUE, # comments, blanks)." + fi + local raw_key raw_val key val + declare -g INSTALL_DIR DATA_DIR SERVICE_USER SERVICE_GROUP LOG_DIR REPO_URL TAG + while IFS='=' read -r raw_key raw_val; do + raw_key="${raw_key%%#*}" + raw_val="${raw_val%%#*}" + key="${raw_key#"${raw_key%%[![:space:]]*}"}" + key="${key%"${key##*[![:space:]]}"}" + [ -z "$key" ] && continue + val="${raw_val#"${raw_val%%[![:space:]]*}"}" + val="${val%"${val##*[![:space:]]}"}" + [[ "$val" =~ ^\".*\"$ ]] && val="${val:1:${#val}-2}" + [[ "$val" =~ ^\'.*\'$ ]] && val="${val:1:${#val}-2}" + case "$key" in + INSTALL_DIR|DATA_DIR|SERVICE_USER|SERVICE_GROUP|LOG_DIR|REPO_URL|TAG) + declare -g "$key=$val" + ;; + *) + WARN "Unknown config key ignored: $key" + ;; + esac + done < "$cfg" OK "Config loaded"
142-161: Handle Fedora explicitly during OS detection.
case "$OS_ID"still has nofedorabranch, so Fedora hosts abort even though later logic assumes Fedora-style packaging. Please addfedora)selectingdnf(with version guard if needed) before the fallback.Apply this diff:
case "$OS_ID" in rhel|rocky|almalinux|oracle|ol|oraclelinux|centos) EL_MAJOR="$(echo "$OS_VER" | cut -d. -f1)" [[ "$EL_MAJOR" =~ ^(8|9|10)$ ]] || FAIL "Unsupported EL major: $EL_MAJOR" PKG="$(command -v dnf >/dev/null 2>&1 && echo dnf || echo yum)" ;; + fedora) + PKG="dnf" + ;; ubuntu)
368-369: Guard against recursive chown of system directories.
chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR"will happily seize ownership of/usr,/optetc. if misconfigured, breaking the OS. Fail fast whenINSTALL_DIRis a sensitive path (/, /usr, /var, /bin, …) before runningchown.Apply this diff:
STEP "Install" (cd "$src_root" && make install) || FAIL "Install failed" - chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR" || true + case "$INSTALL_DIR" in + /|/usr|/usr/*|/bin|/sbin|/lib|/lib64|/etc|/var|/opt|/opt/*) + FAIL "Unsafe INSTALL_DIR for chown: $INSTALL_DIR" + ;; + esac + chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR" || true OK "Installed to $INSTALL_DIR"
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
autoinstall_script/AutoInstall.sh(1 hunks)
🧰 Additional context used
🪛 Shellcheck (0.11.0)
autoinstall_script/AutoInstall.sh
[warning] 101-101: ShellCheck can't follow non-constant source. Use a directive to specify location.
(SC1090)
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
autoinstall_script/README_CN.md(1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
autoinstall_script/README_CN.md
76-76: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
autoinstall_script/README.md (1)
79-92: Use a heading instead of bold text for the “Examples” section.Switching
**Examples**to a proper heading (e.g.,### Examples) matches the surrounding structure and clears the MD036 lint warning about emphasis masquerading as a heading.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
autoinstall_script/README.md(1 hunks)
🧰 Additional context used
🪛 markdownlint-cli2 (0.18.1)
autoinstall_script/README.md
79-79: Emphasis used instead of a heading
(MD036, no-emphasis-as-heading)
helper: respect READY_TIMEOUT in non-systemd wrapper
- Replace hardcoded '-t 90' with templated __READY_TIMEOUT__ in ivorysql-ctl.
- Expand sed replacement to inject ${READY_TIMEOUT}.
- Keep behavior consistent between systemd unit and the helper.
|
I have fixed the review comments according to coderabbit's suggestions. |
|
Will you be interested in getting a See for examples: https://github.com/supabase/postgres/tree/develop/nix |
Removed the '贡献' section from the README_CN.md file.
Updated README.md for the IvorySQL automated installation script, enhancing clarity and structure, and adding detailed sections on features, supported operating systems, configuration, and usage.
|
@c2main Implementation DetailsThe specific implementation includes:
UsageDevelopers can now use the Nix environment in the following ways: # Enter Nix development environment
nix develop
# Or use the full command
nix-shell flake.nix --run 'bash AutoInstall.sh'In the Nix environment, AutoInstall.sh will automatically detect the IN_NIX_SHELL environment variable and skip system package installation steps, as all dependencies are provided by the Nix environment. BenefitsThis implementation approach is similar to the Supabase Postgres project you mentioned, providing developers with a clean, isolated, and reproducible development environment that solves dependency conflicts across different system environments. I believe this Nix integration will greatly simplify the environment setup process for developers and improve development efficiency. If you have any further suggestions for the implementation, I would be very happy to continue improving. |
|
@coderabbitai review |
✅ Actions performedReview triggered.
|
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (2)
autoinstall_script/AutoInstall.sh (2)
97-102: Critical: Replace unsafesourcewith a safe config parser.Line 101 uses
source "$cfg", which executes arbitrary shell code including command substitutions. This is a code execution vulnerability if the config file is compromised. Parse the file line-by-line and assign validated key-value pairs instead.Apply this diff:
STEP "Sourcing config" if grep -Evq '^\s*([A-Z_][A-Z0-9_]*\s*=\s*.*|#|$)' "$cfg"; then FAIL "Invalid lines detected in config (only KEY=VALUE, # comments, blanks)." fi - . "$cfg" - OK "Config loaded" + # Safe parse: read line-by-line, no command substitution evaluation + while IFS='=' read -r key value || [ -n "$key" ]; do + # Strip leading/trailing whitespace + key="$(echo "$key" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')" + value="$(echo "$value" | sed 's/^[[:space:]]*//;s/[[:space:]]*$//')" + # Skip blank lines and comments + [[ -z "$key" || "$key" =~ ^# ]] && continue + # Whitelist known keys + case "$key" in + INSTALL_DIR|DATA_DIR|SERVICE_USER|SERVICE_GROUP|LOG_DIR) + declare -g "$key=$value" + ;; + *) + WARN "Unknown config key: $key" + ;; + esac + done < "$cfg" + OK "Config loaded (safe parse)"
366-369: Add safety guard before recursive chown.Line 368 performs
chown -RonINSTALL_DIRwithout verifying it's not a sensitive system path. Validate before recursing to prevent accidental permission changes on/,/usr, etc.Apply this diff:
STEP "Install" (cd "$src_root" && make install) || FAIL "Install failed" + # Safety: prevent chown on system directories + case "$INSTALL_DIR" in + ""|"/"|"/usr"|"/usr/bin"|"/usr/lib"|"/var"|"/etc"|"/bin"|"/sbin") + FAIL "Refusing to chown system directory: $INSTALL_DIR" + ;; + esac chown -R "$SERVICE_USER:$SERVICE_GROUP" "$INSTALL_DIR" || true
🧹 Nitpick comments (1)
autoinstall_script/flake.nix (1)
10-11: Consider adding aarch64-linux and darwin support.The flake currently hardcodes
x86_64-linux. To improve portability for developers on ARM64 Linux or macOS, extendoutputsto iterate over multiple systems.Apply this diff to support additional platforms:
- system = "x86_64-linux"; - pkgs = nixpkgs.legacyPackages.${system}; + systems = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ]; + forAllSystems = f: nixpkgs.lib.genAttrs systems (system: f system); in { - devShells.${system}.default = pkgs.mkShell { + devShells = forAllSystems (system: + let pkgs = nixpkgs.legacyPackages.${system}; + in { + default = pkgs.mkShell { buildInputs = with pkgs; [ # Core compiler and build tools gcc @@ -40,5 +43,6 @@ curl ]; }; + }); }; }
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
autoinstall_script/flake.lockis excluded by!**/*.lock
📒 Files selected for processing (5)
autoinstall_script/AutoInstall.sh(1 hunks)autoinstall_script/README.md(1 hunks)autoinstall_script/README_CN.md(1 hunks)autoinstall_script/flake.nix(1 hunks)autoinstall_script/nix_support.patch(1 hunks)
✅ Files skipped from review due to trivial changes (1)
- autoinstall_script/README_CN.md
🧰 Additional context used
🪛 LanguageTool
autoinstall_script/README.md
[grammar] ~70-~70: Use a hyphen to join words.
Context: ...sh script supports the following command line options: ```bash # Display help in...
(QB_NEW_EN_HYPHEN)
🪛 Shellcheck (0.11.0)
autoinstall_script/AutoInstall.sh
[warning] 101-101: ShellCheck can't follow non-constant source. Use a directive to specify location.
(SC1090)
🔇 Additional comments (1)
autoinstall_script/README.md (1)
1-163: LGTM! Comprehensive documentation.The README is thorough, well-organized, and covers all key aspects: features, supported OSes, configuration, environment variables, usage scenarios (basic, Nix, Docker), logging, troubleshooting, and service management. Past review issues have been addressed.
There was a problem hiding this comment.
Actionable comments posted: 2
♻️ Duplicate comments (1)
autoinstall_script/AutoInstall.sh (1)
158-177: Fedora is not explicitly supported.The OS detection handles EL derivatives, Ubuntu, and Debian, but Fedora (which uses
dnf) is not explicitly listed. Fedora installations will fail at line 175 with "Unsupported or unrecognized OS."Add explicit Fedora support:
case "$OS_ID" in rhel|rocky|almalinux|oracle|ol|oraclelinux|centos) EL_MAJOR="$(echo "$OS_VER" | cut -d. -f1)" [[ "$EL_MAJOR" =~ ^(8|9|10)$ ]] || FAIL "Unsupported EL major: $EL_MAJOR" PKG="$(command -v dnf >/dev/null 2>&1 && echo dnf || echo yum)" ;; + fedora) + PKG="dnf" + ;; ubuntu)
🧹 Nitpick comments (4)
autoinstall_script/AutoInstall.sh (3)
256-263: Consider warning users before using--allowerasing.The
--allowerasingflag can remove conflicting packages without warning. While necessary for handling conflicts (e.g., curl vs. curl-minimal), users might appreciate a heads-up.Add an informational message:
+ STEP "Installing packages (may replace conflicting packages)" if ! dnf install -y --allowerasing "${EL_PKGS[@]}"; then
435-455: Consider addingTimeoutStartSecto the systemd unit.The systemd unit currently relies on the default
TimeoutStartSec(90s), but you're configuringpg_ctlwith a custom${READY_TIMEOUT}. Aligning the systemd timeout prevents systemd from killing the service if startup takes longer than 90s but less than your configured timeout.ExecStart=$INSTALL_DIR/bin/pg_ctl start -D \${PGDATA} -s -w -t ${READY_TIMEOUT} ExecStop=$INSTALL_DIR/bin/pg_ctl stop -D \${PGDATA} -s -m fast ExecReload=$INSTALL_DIR/bin/pg_ctl reload -D \${PGDATA} +TimeoutStartSec=$((${READY_TIMEOUT} + 10)) Restart=on-failure
500-506: Readiness check could be more efficient.The current implementation spawns three
suprocesses per iteration (one for each socket location). While correct, this adds overhead during startup verification.Consider checking all locations in a single subshell:
for _ in $(seq 1 "$READY_TIMEOUT"); do - su -s /bin/bash - "$SERVICE_USER" -c "env PATH='$INSTALL_DIR/bin:\$PATH' $INSTALL_DIR/bin/pg_isready -q -h /tmp -p $port -t 1" \ - || su -s /bin/bash - "$SERVICE_USER" -c "env PATH='$INSTALL_DIR/bin:\$PATH' $INSTALL_DIR/bin/pg_isready -q -h /var/run/postgresql -p $port -t 1" \ - || su -s /bin/bash - "$SERVICE_USER" -c "env PATH='$INSTALL_DIR/bin:\$PATH' $INSTALL_DIR/bin/pg_isready -q -h 127.0.0.1 -p $port -t 1" \ - && { ok=1; break; } + su -s /bin/bash - "$SERVICE_USER" -c "env PATH='$INSTALL_DIR/bin:\$PATH' $INSTALL_DIR/bin/pg_isready -q -h /tmp -p $port -t 1 || $INSTALL_DIR/bin/pg_isready -q -h /var/run/postgresql -p $port -t 1 || $INSTALL_DIR/bin/pg_isready -q -h 127.0.0.1 -p $port -t 1" \ + && { ok=1; break; } sleep 1autoinstall_script/flake.nix (1)
5-5: Consider documenting the nixos-unstable choice.Using
nixos-unstableprovides the latest packages but can introduce breaking changes. For a more stable development environment, consider mentioning in the README that users can override to a stable channel if needed.Alternatively, consider using a recent stable release:
inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05"; # or nixos-unstable };
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (3)
autoinstall_script/AutoInstall.sh(1 hunks)autoinstall_script/flake.nix(1 hunks)autoinstall_script/nix_support.patch(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- autoinstall_script/nix_support.patch
🔇 Additional comments (3)
autoinstall_script/AutoInstall.sh (1)
1-586: Strong error handling and structure.The script demonstrates excellent practices:
- Strict error handling with
set -Eeuo pipefailand ERR trap- Safe configuration parsing without command substitution
- System directory guards before recursive chown
- Comprehensive logging with structured stages
- Clear troubleshooting guidance in error messages
Previous review concerns have been properly addressed. The remaining issues are minor improvements rather than critical defects.
autoinstall_script/flake.nix (2)
38-40: IPC::Run included by default for regression tests.The flake includes
perlPackages.IPCRununconditionally, which is appropriate for a development environment. Users running the regression test suite will need this, and it aligns with settingRUN_TESTS=1when using the Nix shell.
10-10: Good multi-platform support.Supporting x86_64 and aarch64 for both Linux and Darwin covers the vast majority of development scenarios, including Apple Silicon Macs and ARM servers.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
autoinstall_script/AutoInstall.sh (1)
158-177: Major: Fedora is not explicitly supported in OS detection.Fedora (a mainstream, actively maintained distribution) is not listed in the OS_ID case statement. Users running on Fedora will see "Unsupported OS" and the script will exit. Since Fedora uses
dnflike modern RHEL/Rocky, adding explicit support is straightforward.Add Fedora to the OS detection case:
case "$OS_ID" in - rhel|rocky|almalinux|oracle|ol|oraclelinux|centos) + fedora|rhel|rocky|almalinux|oracle|ol|oraclelinux|centos) EL_MAJOR="$(echo "$OS_VER" | cut -d. -f1)" - [[ "$EL_MAJOR" =~ ^(8|9|10)$ ]] || FAIL "Unsupported EL major: $EL_MAJOR" + [[ "$EL_MAJOR" =~ ^(8|9|10|39|40)$ ]] || FAIL "Unsupported EL/Fedora major: $EL_MAJOR" PKG="$(command -v dnf >/dev/null 2>&1 && echo dnf || echo yum)" ;;And in
enable_el_repos(), include Fedora in the case statement so it skips EL-specific repo commands (Fedora doesn't use CRB/EPEL):case "$OS_ID" in - rocky|almalinux|centos) + fedora) + : # Fedora uses standard repos; skip EPEL/CRB/PowerTools setup + ;; + rocky|almalinux|centos) if cmd_exists dnf; then
🧹 Nitpick comments (2)
autoinstall_script/AutoInstall.sh (2)
108-124: Optional: Clarify unused configuration keys.The config validation whitelist (line 109–116) only includes
INSTALL_DIR,DATA_DIR,SERVICE_USER,SERVICE_GROUP, andLOG_DIR. However, earlier review discussions mentionREPO_URLandTAGas configuration keys. If these are meant to be supported, they should be added to the whitelist and used in the script (e.g., to override the source repository). If not, document that they are intentionally unsupported or remove references to them.This is a minor clarity issue; if the config file is simple and doesn't include these keys, no action is needed.
515-516: Optional: Escape special characters in sed substitutions for robustness.The sed command on line 515 substitutes unquoted variables into patterns. While path validation reduces the risk (paths must start with
/and contain no spaces), paths containing&or\could break sed semantics. For defense-in-depth, either pre-escape the variables or use--to prevent interpretation:+ # Escape special sed characters: & \ and / + DATA_DIR_ESC="$(printf '%s\n' "$DATA_DIR" | sed -e 's/[\/&]/\\&/g')" + INSTALL_DIR_ESC="$(printf '%s\n' "$INSTALL_DIR" | sed -e 's/[\/&]/\\&/g')" + LOG_DIR_ESC="$(printf '%s\n' "$LOG_DIR" | sed -e 's/[\/&]/\\&/g')" - sed -i "s#__PGDATA__#$DATA_DIR#g; s#__INSTALL__#$INSTALL_DIR#g; s#__LOG__#$LOG_DIR#g; s#__READY_TIMEOUT__#${READY_TIMEOUT}#g" "$INSTALL_DIR/ivorysql-ctl" + sed -i "s#__PGDATA__#${DATA_DIR_ESC}#g; s#__INSTALL__#${INSTALL_DIR_ESC}#g; s#__LOG__#${LOG_DIR_ESC}#g; s#__READY_TIMEOUT__#${READY_TIMEOUT}#g" "$INSTALL_DIR/ivorysql-ctl"This is a low-risk defensive improvement; given your path validation, it's not urgent.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
autoinstall_script/AutoInstall.sh(1 hunks)autoinstall_script/flake.nix(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- autoinstall_script/flake.nix
🧰 Additional context used
🪛 Shellcheck (0.11.0)
autoinstall_script/AutoInstall.sh
[error] 228-228: -f doesn't work with globs. Use a for loop.
(SC2144)
[error] 228-228: -f doesn't work with globs. Use a for loop.
(SC2144)
[error] 235-235: -f doesn't work with globs. Use a for loop.
(SC2144)
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (4)
autoinstall_script/AutoInstall.sh (4)
98-98: Regex pattern uses\swhich may not be portable across all grep implementations.Line 98 uses
\sfor whitespace in the ERE pattern. While supported by GNU grep, POSIX ERE does not guarantee\ssupport on all systems. For maximum portability, use[[:space:]]instead.Apply this diff:
-if grep -Evq '^\s*([A-Z_][A-Z0-9_]*\s*=\s*.*|#|$)' "$cfg"; then +if grep -Evq '^[[:space:]]*([A-Z_][A-Z0-9_]*[[:space:]]*=[[:space:]]*.*|#|$)' "$cfg"; then
334-335: Hardcodedapt-getcommand should use$PKGvariable for consistency.Line 334 calls
apt-get installdirectly instead of using the$PKGvariable established at line 167. While this works within theapt-get)case branch, it is inconsistent with the goal of centralizing package manager logic. For maintainability, use$PKGlike the dnf/yum branches do.Apply this diff:
- apt-get install -y --no-install-recommends "${APT_PKGS[@]}" \ + $PKG install -y --no-install-recommends "${APT_PKGS[@]}" \ || FAIL "Package installation failed on Debian/Ubuntu"
356-365: Perl module availability check is thorough, but consider logging the fallback path.Lines 359–365 attempt to install Perl with fallbacks (
dnf install/yum install/apt-get install), then re-check. While robust, there is no log message indicating which fallback was used or why. Consider adding aWARNorSTEPmessage to make troubleshooting clearer if the fallback is needed.
544-555: Readiness polling loop is robust but could be simplified.Lines 547–553 poll
pg_isreadythree times (with/tmp,/var/run/postgresql, and127.0.0.1) to handle different socket/network configurations. While thorough, consider documenting why all three are needed or consolidating to the most common path. The loop respectsREADY_TIMEOUTand includes a final status check if the timeout is exceeded.
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
autoinstall_script/AutoInstall.sh(1 hunks)
🔇 Additional comments (6)
autoinstall_script/AutoInstall.sh (6)
220-264: Nix environment detection and header probing is well-implemented.The Nix detection correctly checks
IN_NIX_SHELLandNIX_BUILD_TOP, skips package manager operations, and uses proper loop-based header detection instead of glob patterns in-ftests (addressing the prior SC2144 shellcheck warnings). Thefind ... -print0withread -d ''pattern safely handles paths with spaces.
267-271: Verify DEBIAN_FRONTEND export is applied correctly.Line 269 sets
export DEBIAN_FRONTEND=noninteractiveinside the case statement, but it applies to the entire subshell only for that command. Ensure this is intentional and that subsequent apt calls also respect the non-interactive mode if needed.
393-407: Feature detection and compile flags are well-structured.The script uses
pkg-configfirst (lines 395, 400) with graceful fallback to header file checks, and respects earlier probed support flags (XML_SUPPORT,UUID_SUPPORTfrom lines 10, 227, 238). This is a good defensive pattern that handles both standard and non-standard library locations.
466-478: initdb invocation is well-configured with mode and case options.The script respects
INIT_MODE(oracle/pg) andCASE_MODE(interchange/normal/lowercase) environment variables and passes them to initdb. The choice betweenrunuserandsu(lines 471–476) is appropriate for portability. Logging toINIT_LOGallows inspection of failures.
481-526: Service installation correctly handles systemd and fallback helper.The script detects systemd availability (line 481) and installs either a systemd unit or a portable helper script. The
__READY_TIMEOUT__placeholder is correctly substituted at line 523, and the helper respects the configuredREADY_TIMEOUT. The use ofsed -ifor template substitution is safe when$INSTALL_DIR,$DATA_DIR, and$LOG_DIRare validated (as done earlier).Verify that all four placeholders (
__PGDATA__,__INSTALL__,__LOG__,__READY_TIMEOUT__) are correctly substituted even when paths contain special characters (e.g.,#,/,&). If any path could contain these, escape them in thesedcommand using a different delimiter or proper escaping.
158-177: The review comment is based on non-existent prior context and should be disregarded.Verification shows:
- Fedora is mentioned zero times in the entire AutoInstall.sh file
- UUID-related code (lines 238–247, 351–354, 405) does not include Fedora-specific handling or dependencies
- No prior review comments referencing Fedora UUID deps exist in the codebase
The review comment claims "based on the prior review comment referencing Fedora in UUID deps," but this prior context does not exist. While Fedora is indeed absent from the OS detection list (line 159), there is no evidence that Fedora support is an actual requirement. The recommendation to add Fedora is speculative and unsupported by the codebase.
Likely an incorrect or invalid review comment.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (1)
autoinstall_script/README.md (1)
58-58: Use hyphenated "command-line" for the compound adjective.Per grammar conventions, compound adjectives should be hyphenated when they precede the noun.
Apply:
-The AutoInstall.sh script supports the following command line options: +The AutoInstall.sh script supports the following command-line options:
📜 Review details
Configuration used: Path: .coderabbit.yaml
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (2)
autoinstall_script/README.md(1 hunks)autoinstall_script/README_CN.md(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- autoinstall_script/README_CN.md
🧰 Additional context used
🪛 LanguageTool
autoinstall_script/README.md
[grammar] ~58-~58: Use a hyphen to join words.
Context: ...sh script supports the following command line options: ```bash # Display help in...
(QB_NEW_EN_HYPHEN)
🔇 Additional comments (2)
autoinstall_script/README.md (2)
1-1: ✓ Verified: Prior issues resolved.Confirmed that previous review feedback has been incorporated:
- Line 1: Language switch link correctly points to
README_CN.md(fixed case).- Line 25: Documentation correctly references
autoinstall_scriptdirectory (aligns with actual repository structure).- Multiline configure examples and troubleshooting table formatting issues have been resolved or removed.
Also applies to: 25-25
2-150: Well-structured documentation covering installation, configuration, and troubleshooting.The README provides clear guidance on supported systems, file layout, configuration options, environment variables, usage scenarios (basic, Nix, Docker), and diagnostic procedures. Examples are properly formatted, no broken links detected, and content aligns with the installer's stated features and safety guarantees.
What
This Pull Request adds a new utility subdirectory IvorySQL-AutoInstaller/ containing the following files:
AutoInstall.sh – A Bash script for building and installing IvorySQL from source.
ivorysql.conf – The configuration file for the installer.
README.md and README_CN.md – User documentation (kept in sync).
Note: This is an add-only change. It does not modify the core source tree, the build system (configure, Makefile, etc.), or any existing CI workflows.
Why
To lower the barrier for contributors and users to build IvorySQL from source across major Linux distributions, including environments without systemd. The installer provides:
Consistent detection of prerequisites.
Safe fallbacks for missing features.
Structured logging.
This allows new users to get a working database with minimal manual steps.
How (Design & Safety)
Add-Only / No CI Changes: The installer is optional tooling and does not affect normal builds or existing CI.
pkg-config-First Detection: Dependencies (e.g., OpenSSL, ICU, libxml2, uuid) are detected via pkg-config whenever possible. If a feature is unavailable, the installer degrades gracefully (e.g., it can disable XML features) rather than failing hard.
Systemd & Non-Systemd Support: On systemd hosts, a unit is configured; otherwise, a lightweight ivorysql-ctl script manages pg_ctl with a readiness waiting timeout (default: 90s).
Secure Defaults: Uses absolute paths, a dedicated service user/group, conservative permissions, and structured logs.
Observability: Writes detailed logs (install/build/error/initdb). The documentation shows common commands for diagnosis.
Limitations
No support for EOL distributions (e.g., CentOS 7).
Offline environments are out of scope for this PR; a reachable package mirror is required.
The installer is optional—users can still follow the standard manual build steps if they prefer.
Summary by CodeRabbit
New Features
Documentation
Chores