rain
f8530c50f7
chezmoi runs scripts as the invoking user, not root. run_once_00 was calling apt-get/pacman directly, which fails on debian with 'Permission denied' on /var/lib/apt/lists/lock and on arch with similar pacman lock errors. Same pattern was already correct in run_once_20. Mirror that here. This is the bug that blocked rye on the second attempt.
41 lines
No EOL
1.4 KiB
Bash
Executable file
41 lines
No EOL
1.4 KiB
Bash
Executable file
#!/usr/bin/env bash
|
|
# =============================================================================
|
|
# run_once_00-install-bootstrap-tools.sh.tmpl
|
|
# Install age, curl, ca-certificates, git — needed before anything else.
|
|
# Idempotent: skips if already installed.
|
|
# =============================================================================
|
|
set -euo pipefail
|
|
|
|
log() { printf '\033[1;34m[bootstrap]\033[0m %s\n' "$*"; }
|
|
die() { printf '\033[1;31m[bootstrap ERROR]\033[0m %s\n' "$*" >&2; exit 1; }
|
|
|
|
# This script runs as the invoking user via `chezmoi apply`/`init`. It uses
|
|
# sudo for system package installs. If sudo isn't passwordless, the user
|
|
# will be prompted once per sudo invocation.
|
|
|
|
{{ if eq .os_family "arch" -}}
|
|
log "pacman-sync"
|
|
sudo pacman -Sy --noconfirm
|
|
|
|
log "install base tools (arch)"
|
|
PACMAN_PKGS=(age curl ca-certificates git base-devel wget)
|
|
sudo pacman -S --needed --noconfirm "${PACMAN_PKGS[@]}"
|
|
|
|
{{ else if eq .os_family "debian" -}}
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
log "apt-update"
|
|
sudo apt-get update -y
|
|
log "apt-upgrade"
|
|
sudo apt-get upgrade -y
|
|
|
|
log "install base tools (debian)"
|
|
APT_PKGS=(age curl ca-certificates git wget gnupg)
|
|
sudo apt-get install -y --no-install-recommends "${APT_PKGS[@]}"
|
|
|
|
{{ else -}}
|
|
die "unsupported os_family: {{ .os_family }} (this script supports arch or debian)"
|
|
{{ end -}}
|
|
|
|
log "bootstrap tools installed"
|
|
command -v age && age --version
|
|
command -v git && git --version |