diff --git a/scripts/CLAUDE.md b/scripts/CLAUDE.md index fa88e1b..5a35c7f 100644 --- a/scripts/CLAUDE.md +++ b/scripts/CLAUDE.md @@ -15,7 +15,7 @@ Support scripts for deployment and installation. None of these are called by the - `entrypoint.sh` **always overwrites** `adapter.js` / `adapter.py` from the image on every container start — this ensures runtime upgrades roll out even when the user mounts a persistent `orva-data` volume. - `install.sh` embeds the systemd/OpenRC units and `uninstall.sh`; the bare-metal install writes them to `$PREFIX/share/orva/scripts/` and the generated uninstaller to the same path. Edit the heredocs in `install.sh` — there is no separate unit file. - `install.sh --cli-only` installs only the `orva` CLI binary to `/usr/local/bin/orva` — no systemd unit, no rootfs, no service user. Use this on operator laptops or CI runners that talk to a remote Orva over HTTPS. -- Mode/option precedence is flag > env > interactive prompt > default. Key knobs: `--version`/`ORVA_VERSION` (pin a release), `--dry-run`/`ORVA_INSTALL_DRYRUN=1` (detect only), `--no-pkg`/`ORVA_NO_PKG=1` (skip system packages), `--runtime`/`ORVA_DOCKER_RUNTIME` (force the Docker runtime). There is **no** checksum-bypass env var — `ORVA_SKIP_VERIFY` is referenced in a stale `install.sh` comment but is not implemented. +- Mode/option precedence is flag > env > interactive prompt > default. Key knobs: `--version`/`ORVA_VERSION` (pin a release), `--dry-run`/`ORVA_INSTALL_DRYRUN=1` (detect only), `--no-pkg`/`ORVA_NO_PKG=1` (skip system packages), `--runtime`/`ORVA_DOCKER_RUNTIME` (force the Docker runtime). There is **no** checksum-bypass env var (no `ORVA_SKIP_VERIFY` or similar). - Downloaded assets (orva, nsjail, rootfs, CLI) are SHA-256 verified against `checksums.txt`. A checksum **mismatch** aborts the install. A *missing* checksum entry only warns and proceeds in `install.sh` (`verify()` is fail-open on a missing entry); `install-cli.sh` is stricter and aborts when the entry is missing. - `build-rootfs.sh` produces large tarballs (~hundreds of MB); run only when updating the rootfs base image or adding system libraries. - Cross-distro installer tests: `test/install/matrix.sh` (fast, unprivileged — shellcheck + POSIX parse + dry-run + real CLI install across 6 distros) and the privileged systemd-in-docker harness under `test/install/`. CI: `.github/workflows/install-e2e.yml`. diff --git a/scripts/install.sh b/scripts/install.sh index a78f5bc..68ebac9 100755 --- a/scripts/install.sh +++ b/scripts/install.sh @@ -633,8 +633,9 @@ download_and_install_binaries() { log "downloading orva + nsjail (linux-${ARCH})" fetch "$base/orva-linux-${ARCH}" "$tmp/orva" || die "failed to download orva-linux-${ARCH}" fetch "$base/nsjail-linux-${ARCH}" "$tmp/nsjail" || die "failed to download nsjail-linux-${ARCH}" - # Leave checksums.txt absent on failure and let verify() enforce policy - # (fail-closed unless ORVA_SKIP_VERIFY=1). + # Best-effort: if checksums.txt can't be fetched it's left absent, and + # verify() then finds no entry and warns+skips per asset (fail-open on a + # MISSING checksum). A checksum MISMATCH still aborts via die(). fetch "$base/checksums.txt" "$tmp/checksums.txt" || warn "could not download checksums.txt" log "verifying checksums" verify "$tmp/orva" "orva-linux-${ARCH}"