Rewrite OpenRC

2025-04-10 03:25:10 +08:00 · 2025-04-10 03:25:10 +08:00 · fbd34ea6db
parent 167d978e96
commit fbd34ea6db
4 changed files with 93 additions and 26 deletions
--- a/README.md
+++ b/README.md
@ -53,3 +53,26 @@ $ curl -O https://raw.githubusercontent.com/XTLS/alpinelinux-install-xray/main/i
 ```
 # rc-service xray restart
 ```
 ### Breaking Changes at 2025-04-09
 #### Path Change: Original path `/usr/local/lib/xray/` has been updated to new path `/usr/local/share/xray/`
 - This directory contains `geosite.dat` and `geoip.dat`
 - If you have scripts to automatically update these files, please adjust them accordingly
 - Regular users can ignore this change
 #### Watchdog: Xray process will now automatically restart indefinitely (every 2 seconds) upon panic
 - Advanced users no longer need to manually modify `/etc/init.d/xray` or write custom daemon scripts
 - Regular users can ignore this change
 #### No `root` Required: Xray now retains privileges (capabilities) to support `tproxy` and `sockopt` even when running as `nobody`
 - Advanced users **should not** (and need not) run Xray as `root` anymore — it already has all required network privileges
 - If you run Xray as a **server** (not client), you _may_ optionally run the command below to reduce capabilities. This theoretically minimizes attack surface but has negligible practical impact
 - Regular users can ignore this change
 ```sh
 sed -i 's/^capabilities="cap_net_bind_service,cap_net_admin,cap_net_raw"$/capabilities="cap_net_bind_service"/g' /etc/init.d/xray
 ```
--- a/README_zh-cn.md
+++ b/README_zh-cn.md
@ -2,7 +2,6 @@
 [English](README.md) | 中文(中国) | [中文(薹灣)](README_zh-tw.md)
 ## 依赖软件
 ### 安装 cURL
@ -54,3 +53,26 @@ $ curl -O https://raw.githubusercontent.com/XTLS/alpinelinux-install-xray/main/i
 ```
 # rc-service xray restart
 ```
 ### 重大更改 at 2025-04-09
 #### 路径变更：原路径 `/usr/local/lib/xray/` 变更为 新路径 `/usr/local/share/xray/`
 - 此目录存放了 `geosite.dat` 和 `geoip.dat`
 - 如果你编写了一些脚本来自动更新这些文件，需要留意此项改动
 - 普通用户无需关注此改动
 #### 看门狗：若 Xray 进程 `panic` 将无限自动重启，间隔 2 秒
 - 对于高级用户，你无需再手动调整 `/etc/init.d/xray` 或自己编写 daemon 脚本了
 - 普通用户无需关注此改动
 #### 无需 `root`：已为 Xray 授予特权，即便以 `nobody` 身份运行也支持 `tproxy` 和 `sockopt`
 - 对于高级用户，你无需、也**不应该**再让 Xray 以 `root` 身份运行，现在它们已具备所有网络特权
 - 如果你的 Xray 作为**节点**而不是客户端运行，或*可考虑*执行下面的命令撤销部分网络特权。理论上可以降低攻击面，实际上无关痛痒
 - 普通用户无需关注此改动
 ```sh
 sed -i 's/^capabilities="cap_net_bind_service,cap_net_admin,cap_net_raw"$/capabilities="cap_net_bind_service"/g' /etc/init.d/xray
 ```
--- a/README_zh-tw.md
+++ b/README_zh-tw.md
@ -2,7 +2,6 @@
 [English](README.md) | [中文(中国)](README_zh-cn.md) | 中文(薹灣)
 ## 依賴軟體
 ### 安裝 cURL
@ -54,3 +53,26 @@ $ curl -O https://raw.githubusercontent.com/XTLS/alpinelinux-install-xray/main/i
 ```
 # rc-service xray restart
 ```
 ### 重大變更 at 2025-04-09
 #### 路徑變更：原始路徑 `/usr/local/lib/xray/` 變更為 新路徑 `/usr/local/share/xray/`
 - 此目錄存放了 `geosite.dat` 和 `geoip.dat`
 - 如果你編寫了一些腳本來自動更新這些文件，需要留意此項改動
 - 普通用戶無需關注此改動
 #### 看門狗：若 Xray 進程 `panic` 將無限自動重啟，間隔 2 秒
 - 對於高級用戶，你無需再手動調整 `/etc/init.d/xray` 或自己編寫 daemon 腳本了
 - 普通用戶無需關注此改動
 #### 無需 `root`：已為 Xray 授予特權，即便以 `nobody` 身分執行也支援 `tproxy` 和 `sockopt`
 - 對於高級用戶，你無需、也**不應該**再讓 Xray 以 `root` 身份運行，現在它們已具備所有網絡特權
 - 如果你的 Xray 是作為**節點**而不是客戶端運行，或*可考慮*執行下面的命令撤銷部分網路特權。理論上可以降低攻擊面，實際上無關痛癢
 - 普通用戶無需關注此改動
 ```sh
 sed -i 's/^capabilities="cap_net_bind_service,cap_net_admin,cap_net_raw"$/capabilities="cap_net_bind_service"/g' /etc/init.d/xray
 ```
--- a/init.d/xray
+++ b/init.d/xray
@ -1,36 +1,36 @@
 #!/sbin/openrc-run
 name="Xray Daemon"
 description="A unified platform for anti-censorship"
 supervisor=supervise-daemon
 respawn_delay=2
 respawn_max=0
-name="Xray"
+pidfile="/run/${RC_SVCNAME}.pid"
-description="The best v2ray-core, with XTLS support"
+rc_ulimit="-n 1024000 -u 1024000"
-description_checkconfig="Test configuration file"
+capabilities="cap_net_bind_service,cap_net_admin,cap_net_raw"
 : ${env:="XRAY_LOCATION_ASSET=/usr/local/share/xray/"}
 : ${confdir:="/usr/local/etc/xray/"}
 command="/usr/local/bin/xray"
 command_args="run -confdir $confdir"
 command_user="nobody"
 extra_commands="checkconfig"
-capabilities="^cap_net_bind_service"
+
 env=${env:-"XRAY_LOCATION_ASSET=/usr/local/share/xray/"} # See: https://github.com/XTLS/Xray-core/blob/main/common/platform/platform.go
 confdir=${confdir:-"/usr/local/etc/xray/"}
 command="/usr/local/bin/xray"
 command_user="nobody:nobody"
 command_args="run -confdir $confdir"
 required_files="$confdir"
 depend() {
-	need net localmount
+    need net
-	after firewall
+    want dns ntp-client
    after firewall
 }
 checkconfig() {
-	if [ ! -d "$confdir" ]; then
+    export $env
-		eerror "You need to setup $confdir first"
+    $command $command_args -test
-		return 1
+    eend $?
 	fi
 	export $env
 	su ${command_user%:*} -s /bin/sh -c "$command $command_args -test"
 	eend $?
 }
-stop_pre() {
+start_pre() {
-	if [ "$RC_CMD" = restart ]; then
+    checkconfig || return 1
 		checkconfig || return $?
 	fi
 }