From b9e3c2ee9c5791040b7765767f75696d0dba0056 Mon Sep 17 00:00:00 2001 From: Janez T Date: Wed, 22 Jan 2025 10:31:34 +0100 Subject: [PATCH] feat(install): add installation script for Pareto Security on multiple distributions --- apt/index.html | 109 ++++++++++++++++++++++++++++----------------- apt/install.sh | 69 ++++++++++++++++++++++++++++ apt/postinstall.sh | 26 ++++------- 3 files changed, 147 insertions(+), 57 deletions(-) create mode 100644 apt/install.sh diff --git a/apt/index.html b/apt/index.html index 8d4f472..771ac2b 100644 --- a/apt/index.html +++ b/apt/index.html @@ -91,11 +91,20 @@

Linux

+
+

Automatic installation

+

You can automatically install ParetoSecurity with:

+
+ + curl -sl pkg.paretosecurity.com/install.sh | sudo bash +
+
-
+

Debian- and Ubuntu-based distributions

@@ -114,19 +123,26 @@

Installing

signing key needed to automatically update ParetoSecurity and verify the integrity of the downloaded packages.

-

- Alternatively, you can manually configure the ParetoSecurity APT repository and install - ParetoSecurity by running the following commands: -

-
- - sudo apt-get install wget gpg
- curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | sudo tee - /usr/share/keyrings/paretosecurity.gpg >/dev/null
- echo 'deb [signed-by=/usr/share/keyrings/paretosecurity.gpg] https://pkg.paretosecurity.com/debian - stable main' | sudo tee /etc/apt/sources.list.d/pareto.list
- sudo apt update && sudo apt install paretosecurity + +
+

+ Alternatively, you can manually configure the ParetoSecurity APT repository and install + ParetoSecurity by running the following commands: +

+
+ + sudo apt-get install wget gpg
+ curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | sudo tee + /usr/share/keyrings/paretosecurity.gpg >/dev/null
+ echo 'deb [signed-by=/usr/share/keyrings/paretosecurity.gpg] + https://pkg.paretosecurity.com/debian + stable main' | sudo tee /etc/apt/sources.list.d/pareto.list
+ sudo apt update && sudo apt install paretosecurity +

Quick Start

@@ -140,7 +156,7 @@

Quick Start

-
+

RHEL-, Fedora-, and CentOS-based distributions

@@ -159,17 +175,23 @@

Installing

first update, dnf will retrieve the signing key needed to verify the integrity of the downloaded packages.

-

- Alternatively, you can manually configure the ParetoSecurity yum repository and install - ParetoSecurity by running the following commands: -

-
- - sudo rpm --import https://pkg.paretosecurity.com/paretosecurity.gpg
- curl -fsSl https://pkg.paretosecurity.com/rpm/paretosecurity.repo | sudo tee
- /etc/yum.repos.d/paretosecurity.repo
- sudo dnf install paretosecurity + +
+

+ Alternatively, you can manually configure the ParetoSecurity yum repository and install + ParetoSecurity by running the following commands: +

+
+ + sudo rpm --import https://pkg.paretosecurity.com/paretosecurity.gpg
+ curl -fsSl https://pkg.paretosecurity.com/rpm/paretosecurity.repo | sudo tee
+ /etc/yum.repos.d/paretosecurity.repo
+ sudo dnf install paretosecurity +

Quick Start

@@ -183,7 +205,7 @@

Quick Start

-
+

Archlinux-based distributions

@@ -203,19 +225,26 @@

Installing

first update, pacman will retrieve the signing key needed to verify the integrity of the downloaded packages.

-

- Alternatively, you can manually configure the ParetoSecurity pacman repository and install - ParetoSecurity by running the following commands: -

-
- - curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | sudo pacman-key --add -
- sudo pacman-key --lsign-key info@niteo.co
- echo '[paretosecurity]' | sudo tee -a /etc/pacman.conf >/dev/null
- echo "Server = https://pkg.paretosecurity.com/aur/stable/$(uname -m)" | sudo tee -a /etc/pacman.conf - >/dev/null
- sudo pacman -Syu paretosecurity + +
+

+ Alternatively, you can manually configure the ParetoSecurity pacman repository and install + ParetoSecurity by running the following commands: +

+
+ + curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | sudo pacman-key --add -
+ sudo pacman-key --lsign-key info@niteo.co
+ echo '[paretosecurity]' | sudo tee -a /etc/pacman.conf >/dev/null
+ echo "Server = https://pkg.paretosecurity.com/aur/stable/$(uname -m)" | sudo tee -a + /etc/pacman.conf + >/dev/null
+ sudo pacman -Syu paretosecurity +

Quick Start

diff --git a/apt/install.sh b/apt/install.sh new file mode 100644 index 0000000..a415687 --- /dev/null +++ b/apt/install.sh @@ -0,0 +1,69 @@ +#!/bin/bash + +BASE_URL="https://github.com/ParetoSecurity/pareto-linux/releases/latest/download/paretosecurity_" + +if [ "$EUID" -ne 0 ]; then + echo "Please run as root" + exit +fi +ARCH=$(uname -m) + +echo "Starting installation of Pareto Security..." + +# Check if the script is running on Ubuntu, Debian, or Pop!_OS +if [[ -f /etc/os-release ]]; then + . /etc/os-release + if [[ "$ID_LIKE" == *"debian"* ]]; then + TEMP_DIR=$(mktemp -d) + echo "Downloading Pareto Security package for $ARCH..." + if [[ "$ARCH" == "amd64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_amd64.deb" "${BASE_URL}amd64.deb" + echo "Installing package..." + dpkg -i "$TEMP_DIR/paretosecurity_amd64.deb" + elif [[ "$ARCH" == "aarch64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_arm64.deb" "${BASE_URL}arm64.deb" + echo "Installing package..." + dpkg -i "$TEMP_DIR/paretosecurity_arm64.deb" + else + echo "Unsupported architecture: $ARCH" + exit 1 + fi + echo "Cleaning up..." + rm -rf "$TEMP_DIR" + + elif [[ "$ID_LIKE" == *"arch"* ]]; then + TEMP_DIR=$(mktemp -d) + echo "Downloading Pareto Security package for $ARCH..." + if [[ "$ARCH" == "amd64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_amd64.rpm" "${BASE_URL}amd64.rpm" + echo "Installing package..." + pacman -U "$TEMP_DIR/paretosecurity_amd64.archlinux.pkg.tar.zst" + elif [[ "$ARCH" == "aarch64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_arm64.rpm" "${BASE_URL}arm64.rpm" + echo "Installing package..." + pacman -U "$TEMP_DIR/paretosecurity_arm64.archlinux.pkg.tar.zst" + else + echo "Unsupported architecture: $ARCH" + exit 1 + fi + elif [[ "$ID_LIKE" == *"rhel"* || "$ID_LIKE" == *"fedora"* ]]; then + TEMP_DIR=$(mktemp -d) + echo "Downloading Pareto Security package for $ARCH..." + if [[ "$ARCH" == "amd64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_amd64.rpm" "${BASE_URL}amd64.archlinux.pkg.tar.zst" + echo "Installing package..." + rpm -i "$TEMP_DIR/paretosecurity_amd64.rpm" + elif [[ "$ARCH" == "aarch64" ]]; then + wget -q --show-progress -O "$TEMP_DIR/paretosecurity_arm64.rpm" "${BASE_URL}arm64.archlinux.pkg.tar.zst" + echo "Installing package..." + rpm -i "$TEMP_DIR/paretosecurity_arm64.rpm" + else + echo "Unsupported architecture: $ARCH" + exit 1 + fi + echo "Cleaning up..." + rm -rf "$TEMP_DIR" + fi +fi + +echo "Pareto Security has been installed successfully." diff --git a/apt/postinstall.sh b/apt/postinstall.sh index 5615f5f..302ed70 100755 --- a/apt/postinstall.sh +++ b/apt/postinstall.sh @@ -7,23 +7,15 @@ if [[ -f /etc/os-release ]]; then if [[ "$ID" == "ubuntu" || "$ID" == "debian" || "$ID" == "pop" ]]; then # Create keyrings directory mkdir -p --mode=0755 /usr/share/keyrings - # Download and install GPG key curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | tee /usr/share/keyrings/paretosecurity.gpg >/dev/null - # Add Pareto repository echo 'deb [signed-by=/usr/share/keyrings/paretosecurity.gpg] https://pkg.paretosecurity.com/debian stable main' | tee /etc/apt/sources.list.d/pareto.list >/dev/null elif [[ "$ID_LIKE" == *"rhel"* || "$ID_LIKE" == *"fedora"* ]]; then # Download and install GPG key rpm --import https://pkg.paretosecurity.com/paretosecurity.asc curl -fsSl https://pkg.paretosecurity.com/rpm/paretosecurity.repo | tee /etc/yum.repos.d/paretosecurity.repo >/dev/null - fi -fi - -#Arch Linux -if [[ -f /etc/os-release ]]; then - . /etc/os-release - if [[ "$ID_LIKE" == "arch" ]]; then + elif [[ "$ID_LIKE" == "arch" ]]; then # Download and install GPG key curl -fsSL https://pkg.paretosecurity.com/paretosecurity.gpg | pacman-key --add - pacman-key --lsign-key info@niteo.co >/dev/null @@ -38,7 +30,7 @@ fi # Check for systemd if command -v systemctl >/dev/null 2>&1; then # Create socket unit - cat << 'EOF' | tee /etc/systemd/system/pareto-linux.socket > /dev/null + cat <<'EOF' | tee /etc/systemd/system/pareto-linux.socket >/dev/null [Unit] Description=Socket for pareto-linux @@ -52,7 +44,7 @@ WantedBy=sockets.target EOF # Create service unit - cat << 'EOF' | tee /etc/systemd/system/pareto-linux.service > /dev/null + cat <<'EOF' | tee /etc/systemd/system/pareto-linux.service >/dev/null [Unit] Description=Service for pareto-linux Requires=pareto-linux.socket @@ -67,7 +59,7 @@ RemainAfterExit=no StartLimitInterval=1 StartLimitBurst=100 -# Disabled to allow cehcking firewall rules +# Disabled to allow checking firewall rules #ReadOnlyPaths=/ ProtectSystem=full @@ -79,8 +71,8 @@ StandardError=journal WantedBy=multi-user.target EOF - # Reload systemd and enable socket - systemctl daemon-reload - systemctl enable pareto-linux.socket - systemctl start pareto-linux.socket -fi \ No newline at end of file + # Reload systemd and enable socket + systemctl daemon-reload + systemctl enable pareto-linux.socket + systemctl start pareto-linux.socket +fi