Skip to content

Commit d80291d

Browse files
lyjjllyjjl
committed
refactor: 修复包管理风险、权限控制及 eval 隐患
1 parent b87996b commit d80291d

File tree

1 file changed

+24
-21
lines changed

1 file changed

+24
-21
lines changed

script/start-linux.sh

Lines changed: 24 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@ log "检测到系统: $DISTRO"
3434

3535
install_arch() {
3636
log "检查 Arch 依赖..."
37-
sudo pacman -Sy --needed --noconfirm base-devel git ffmpeg xorg-server-xvfb libvips imagemagick dbus xorg-xhost fcitx5-im wget
37+
sudo pacman -S --needed --noconfirm base-devel git ffmpeg xorg-server-xvfb libvips imagemagick dbus xorg-xhost fcitx5-im wget
3838

3939
if [ ! -f "/opt/QQ/qq" ] && confirm "未检测到 QQ,是否通过 AUR 安装?"; then
4040
if ! command -v yay &> /dev/null; then
@@ -80,7 +80,7 @@ install_debian() {
8080
[ "$DISTRO" == "arch" ] && install_arch || install_debian
8181

8282
chmod +x "$SCRIPT_DIR/llbot/node" "$SCRIPT_DIR/llbot/pmhq" 2>/dev/null
83-
[ "$DISTRO" == "arch" ] && sudo chown -R $(whoami):$(whoami) "$SCRIPT_DIR"
83+
[ "$DISTRO" == "arch" ] && sudo chown -R $(whoami):$(whoami) "$SCRIPT_DIR/llbot"
8484

8585
PORT=$(find_port 13000)
8686
[ -z "$PORT" ] && error "无法找到可用端口"
@@ -99,7 +99,15 @@ MODE_CHOICE=${MODE_CHOICE:-$DEFAULT_CHOICE}
9999
USE_XVFB=$([ "$MODE_CHOICE" == "2" ] && echo 1 || echo 0)
100100

101101
# 授权 X11
102-
[ $USE_XVFB -eq 0 ] && xhost +local:$(whoami) > /dev/null 2>&1
102+
if [ $USE_XVFB -eq 0 ]; then
103+
if command -v xauth &> /dev/null; then
104+
export XAUTHORITY=${XAUTHORITY:-$HOME/.Xauthority}
105+
else
106+
warn "未检测到 xauth,使用临时 xhost 授权"
107+
xhost +local:$(whoami) > /dev/null 2>&1
108+
trap "xhost -local:$(whoami) > /dev/null 2>&1" EXIT
109+
fi
110+
fi
103111

104112
IM_ENV=""
105113
EXTRA_FLAGS=""
@@ -117,27 +125,22 @@ NODE_BIN="$SCRIPT_DIR/llbot/node"
117125
LLBOT_JS="$SCRIPT_DIR/llbot/llbot.js"
118126
PMHQ_BIN="$SCRIPT_DIR/llbot/pmhq"
119127

120-
if [ "$DISTRO" == "arch" ]; then
121-
export SYS_LIBS="/usr/lib/libstdc++.so.6:/usr/lib/libgcc_s.so.1"
122-
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u)/bus"
128+
run_llbot() {
129+
if [ "$DISTRO" == "arch" ]; then
130+
export LD_PRELOAD="/usr/lib/libstdc++.so.6:/usr/lib/libgcc_s.so.1"
131+
export DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(id -u)/bus"
132+
fi
123133

124-
SUB_CMD="env LD_PRELOAD=$SYS_LIBS $IM_ENV $NODE_BIN --enable-source-maps $LLBOT_JS -- --pmhq-port=$PORT --no-sandbox $EXTRA_FLAGS"
125-
FINAL_CMD="$PMHQ_BIN --port=$PORT --sub-cmd=\"$SUB_CMD\""
134+
local sub_cmd="$NODE_BIN --enable-source-maps $LLBOT_JS -- --pmhq-port=$PORT --no-sandbox $EXTRA_FLAGS"
126135

127-
if [ $USE_XVFB -eq 1 ]; then
128-
FINAL_CMD="env LD_PRELOAD=$SYS_LIBS $IM_ENV xvfb-run -a $FINAL_CMD"
129-
else
130-
FINAL_CMD="env LD_PRELOAD=$SYS_LIBS $IM_ENV PATH=$PATH $FINAL_CMD"
131-
fi
132-
else
133-
# Debian
134-
SUB_CMD="$NODE_BIN --enable-source-maps $LLBOT_JS -- --pmhq-port=$PORT"
135-
FINAL_CMD="sudo $PMHQ_BIN --port=$PORT --sub-cmd=\"$SUB_CMD\""
136+
log "启动中... (模式: $([ $USE_XVFB -eq 1 ] && echo "Headless" || echo "GUI"))"
136137

137138
if [ $USE_XVFB -eq 1 ]; then
138-
FINAL_CMD="sudo xvfb-run $PMHQ_BIN --port=$PORT --sub-cmd=\"$SUB_CMD\""
139+
env $IM_ENV xvfb-run -a "$PMHQ_BIN" --port="$PORT" --sub-cmd="$sub_cmd"
140+
else
141+
[ "$DISTRO" != "arch" ] && xhost +local:$(whoami) > /dev/null 2>&1
142+
env $IM_ENV "$PMHQ_BIN" --port="$PORT" --sub-cmd="$sub_cmd"
139143
fi
140-
fi
144+
}
141145

142-
log "启动中... (模式: $([ $USE_XVFB -eq 1 ] && echo "Headless" || echo "GUI"))"
143-
eval "$FINAL_CMD"
146+
run_llbot

0 commit comments

Comments
 (0)