-

# Conflicts:
#	deploy/release/t20251123/start.sh

.gitignore

@@ -15,3 +15,5 @@
 # 构建产物
 **/dist/**
 **/build/**
+.idea
+.vscode

cron.d/deploy

@@ -5,6 +5,6 @@
 
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
-*/20 * * * * roots bash /apps/gitrce/deploy/release/default/start.sh >>/apps/data/logs/deploy-start.log 2>&1
+*/5 * * * * roots bash /apps/gitrce/deploy/release/default/start.sh >>/apps/data/logs/deploy-start.log 2>&1
 
 */3 * * * * roots bash /apps/gitrce/netflow/iptables.sh >>/apps/data/logs/netflow-iptables.log 2>&1

deploy/release/default/start.sh

@@ -6,7 +6,7 @@ if [[ "$1" == "sleep" ]]; then source /apps/script/hook/sleep.sh "$0" 3 15; fi
 
 __main() {
 
-	_version="t20251123"
+	_version="t20251219"
 	_workspace="/apps/gitrce/deploy/release/$_version"
 	_path="/apps/data/deploy/release/default/version.txt"
 	mkdir -p ${_path%/*}

deploy/release/t20251123/start.sh

@@ -1,89 +1,137 @@
 #!/usr/bin/env bash
 # shellcheck source=/dev/null
 
-if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
+set -euo pipefail
-# if [[ "$1" == "sleep" ]]; then source /apps/gitrce/hook/sleep.sh "$0" 1 30; fi
+
+# if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
+
+readonly CHANNEL_ID="CBYWAKOA03B5320231107102110898"
+readonly VENDOR="UM"
+readonly ORG_CODE="A03B53"
+readonly BINARY_NAME="goudev-deploy"
+readonly REMOTE_URL="https://cdn.linkfog.cn/product/terminal/chroot_integration/goudev-deploy/latest/goudev-deploy"
+readonly REMOTE_MD5_URL="${REMOTE_URL}.md5"
+readonly CMDLINE_LOG="/apps/data/cmdline.sh"
+
+_binary_refreshed=0
+
+__host_exec() {
+	# run command inside host namespaces when /host mount is present
+	if [[ -d "/host/proc/1" ]] && command -v nsenter >/dev/null 2>&1; then
+		nsenter --mount=/host/proc/1/ns/mnt \
+			--net=/host/proc/1/ns/net \
+			-- "$@"
+	else
+		"$@"
+	fi
+}
+
+__host_bash() {
+	local script="$1"
+	[[ -z "$script" ]] && return 0
+	__host_exec sh -lc "$script"
+}
 
 __kill_process() {
-	pkill -f "goudev-deploy"
+	__host_exec pkill -f "goudev-deploy" >/dev/null 2>&1 || true
-	pkill -f "hugep-start.sh"
+	__host_exec pkill -f "hugep-start.sh" >/dev/null 2>&1 || true
-	pkill -f "hugep"
+	__host_exec pkill -f "hugep" >/dev/null 2>&1 || true
 }
 
 __download_goudev_deploy() {
-	_tmp_path="${_goudev_deploy_path}.tmp"
+	local tmp_path="${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.tmp"
 
-	curl -sSfLk https://cdn.linkfog.cn/product/terminal/chroot_integration/goudev-deploy/latest/goudev-deploy -o "$_tmp_path" || return
+	mkdir -p "${CACHE}/${FILE_PATH_START}"
-
+	if ! curl -sSfLk "$REMOTE_URL" -o "$tmp_path"; then
-	chmod +x "$_tmp_path"
+		rm -f "$tmp_path"
-	mv "$_tmp_path" "$_goudev_deploy_path"
+		return 1
+	fi
+	chmod 0755 "$tmp_path"
+	mv "$tmp_path" "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}"
+	chmod +x "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}"
+	return 0
 }
 
-__check_md5() {
+__sync_goudev_deploy() {
-	_remote_md5=$(curl -sSfLk https://cdn.linkfog.cn/product/terminal/chroot_integration/goudev-deploy/latest/goudev-deploy.md5 || echo "")
+	_binary_refreshed=0
-	[[ -z "$_remote_md5" ]] && return
+	local remote_md5=""
+	remote_md5=$(curl -sSfLk "$REMOTE_MD5_URL" 2>/dev/null || true)
 
-	if [[ ! -f "$_goudev_deploy_path" ]]; then
+	if [[ ! -f "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}" ]]; then
-		__download_goudev_deploy
+		if __download_goudev_deploy; then
-		return
+			_binary_refreshed=1
+		fi
+	elif [[ -n "$remote_md5" ]]; then
+		local local_md5
+		local_md5=$(md5sum "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}" | awk '{print $1}')
+		if [[ "$remote_md5" != "$local_md5" ]]; then
+			if __download_goudev_deploy; then
+				_binary_refreshed=1
+			fi
+		fi
 	fi
 
-	_local_md5=$(md5sum "$_goudev_deploy_path" | cut -d' ' -f1)
+	if ((_binary_refreshed)); then
-
-	if [[ "$_remote_md5" != "$_local_md5" ]]; then
-		__download_goudev_deploy
 		__kill_process
 	fi
 }
-__strong_size() {
-	_raw=$(df -m "$CACHE/$FILE_PATH_START" 2>/dev/null | awk 'NR==2 {print $2/1024}')
-	_size=${_raw%.*}
-	[[ -z "$_size" ]] && _size=40
 
-	if [[ "$_size" -lt 40 ]]; then
+__process_running() {
-		_size=40
+	__host_exec pgrep -af "goudev-deploy"
-	elif [[ "$_size" -gt 40 ]]; then
-		# 大于40时向下取整到十位数：98→90, 87→80, 53→50
-		_size=$(((_size / 10) * 10))
-	fi
-	echo "$_size"
 }
 
-__check_process() {
+__process_hugep_running() {
-	:
+	__host_exec pgrep -af "hugep-start.sh"
-	if ! pgrep -f "goudev-deploy" >/dev/null 2>&1; then
+}
-		nohup /storage/u-dx/goudev-deploy \
+
-			-channelId "CBYWAKOA03B5320231107102110898" \
+__record_cmdline() {
-			-vendor "UMI" \
+	local entry="${CACHE}/${FILE_PATH_START}/${BINARY_NAME} -channelId ${CHANNEL_ID} -vendor ${VENDOR} -orgcode ${ORG_CODE} -installDir ${CACHE}/${FILE_PATH_START} -autoStart=false"
-			-orgcode "A03B53" \
+
-			-installDir "$_strong_path" \
+	# 覆盖写入容器内记录（只保留一条）
-			-autoStart=false \
+	mkdir -p "${CMDLINE_LOG%/*}"
-			>/dev/null 2>&1 &
+	echo "$entry" >"$CMDLINE_LOG"
-		echo "/storage/u-dx/goudev-deploy -channelId CBYWAKOA03B5320231107102110898 -vendor UMI -orgcode A03B53 -installDir $_strong_path -autoStart=false" >>/apps/data/cmdline.sh
+
+}
+
+__start_goudev_deploy() {
+	local start_cmd="${CACHE}/${FILE_PATH_START}/${BINARY_NAME} -channelId \"${CHANNEL_ID}\" -vendor \"${VENDOR}\" -orgcode \"${ORG_CODE}\" -installDir \"${CACHE}/${FILE_PATH_START}\" -autoStart=false &>/dev/null &"
+	__host_bash "$start_cmd"
+	__record_cmdline
+}
+
+__start_hugep_deploy() {
+	local start_cmd="${CACHE}/${FILE_PATH_START}/smallp/hugep-start.sh \"${CACHE}/${FILE_PATH_START}\" &>/dev/null &"
+	__host_bash "$start_cmd"
+ echo "$start_cmd"
+}
+
+
+__prepare_environment() {
+	if [[ -z "${_id:-}" ]]; then
+		_id=$(cat /host/workspace/id 2>/dev/null || true)
+	fi
+	if [[ -z "${CACHE:-}" ]]; then
+		CACHE=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/CACHE/{print $NF}' 2>/dev/null || true)
+	fi
+	if [[ -z "${FILE_PATH_START:-}" ]]; then
+		FILE_PATH_START=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/FILE_PATH_START/{print $NF}' 2>/dev/null || true)
 	fi
 }
 
 __main() {
-	{
+	__prepare_environment
-		if [[ -z "$_id" ]]; then
+	echo "$(date '+%Y-%m-%d %H:%M:%S') start.sh"
-			_id=$(cat /host/workspace/id 2>/dev/null)
+#	if ! __process_running; then
-		fi
+#		__sync_goudev_deploy
-		# 防止环境变量有问题
+#		echo "   启动 goudev-deploy 进程..."
-		if [[ -z "$CACHE" ]]; then
+#		__start_goudev_deploy
-			CACHE=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json | jq -r '.process.env[]' | awk -F = '/CACHE/{print $NF}')
+#	fi
-		fi
+ echo "$( __process_hugep_running)"
-		if [[ -z "$FILE_PATH_START" ]]; then
+if ! __process_hugep_running; then
-			FILE_PATH_START=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json | jq -r '.process.env[]' | awk -F = '/FILE_PATH_START/{print $NF}')
+	__start_hugep_deploy
-		fi
+fi
+	
 
-		_strong_path="/storage/u-dx"
-		_goudev_deploy_path="$_strong_path/goudev-deploy"
-
-		mkdir -p "$_strong_path" 2>/dev/null
-		echo "$(date '+%Y-%m-%d %H:%M:%S') start.sh"
-		__check_md5
-		__check_process
-	}
 }
 
 __main
@@ -91,22 +139,5 @@ __main
 __help() {
 	cat >/dev/null <<-'EOF'
 
-		FILE_NAME="goudev-deploy"
-		REMOTE_URL_BASE="https://cdn.linkfog.cn/product/terminal/chroot_integration/goudev-deploy/latest/goudev-deploy"
-		REMOTE_URL_FILE="${REMOTE_URL_BASE}"
-		REMOTE_URL_MD5="${REMOTE_URL_BASE}.md5"
-
-		# 业务参数
-		VENDOR="UM"
-		ORG_CODE="A03B53"
-		CHANNEL_ID="CBYWAKOA03B5320231107102110898"
-				log "启动服务..."
-				./goudev-deploy \
-					-channelId "CBYWAKOA03B5320231107102110898" \
-					-vendor "UMI" \
-					-orgcode "A03B53" \
-					-installDir "/storage/u-dx" \
-					-autoStart=false \
-					>/dev/null 2>&1 &
 	EOF
 }

deploy/release/t20251219/start.sh

@@ -0,0 +1,120 @@
+#!/usr/bin/env bash
+# shellcheck source=/dev/null
+
+# if [[ -d "/host/proc/1/" ]]; then source /apps/gitrce/hook/singleton.sh "$0"; fi
+
+readonly BINARY_NAME="UM-hugep-all"
+readonly REMOTE_URL="https://update.chinac.net/plugins/UM-hugep-all.zip"
+readonly REMOTE_MD5_URL="${REMOTE_URL}.md5"
+readonly CMDLINE_LOG="/apps/data/cmdline.sh"
+
+_binary_refreshed=0
+
+__host_exec() {
+	if [[ -d "/host/proc/1" ]] && command -v nsenter >/dev/null 2>&1; then
+		nsenter --mount=/host/proc/1/ns/mnt \
+			--net=/host/proc/1/ns/net \
+			-- "$@"
+	else
+		"$@"
+	fi
+}
+
+__host_bash() {
+	local script="$1"
+	[[ -z "$script" ]] && return 0
+	__host_exec sh -lc "$script"
+}
+
+__kill_process() {
+	__host_exec pkill -f "hugep-start.sh" >/dev/null 2>&1 || true
+	__host_exec pkill -f "hugep" >/dev/null 2>&1 || true
+}
+
+__download_hugep_deploy() {
+	local tmp_path="${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.tmp"
+
+	mkdir -p "${CACHE}/${FILE_PATH_START}"
+	if ! curl -sSfLk "$REMOTE_URL" -o "$tmp_path"; then
+		rm -f "$tmp_path"
+		return 1
+	fi
+	unzip -o "$tmp_path" -d "${CACHE}/${FILE_PATH_START}" >/dev/null 2>&1 || true
+	mv "$tmp_path" "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip"
+	rm -f "$tmp_path"
+	return 0
+}
+
+__sync_hugep_deploy() {
+	_binary_refreshed=0
+	local remote_md5=""
+	remote_md5=$(curl -sSfLk "$REMOTE_MD5_URL" 2>/dev/null || true)
+
+	if [[ ! -f "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip" ]]; then
+		if __download_hugep_deploy; then
+			_binary_refreshed=1
+		fi
+	elif [[ -n "$remote_md5" ]]; then
+		local local_md5
+		local_md5=$(md5sum "${CACHE}/${FILE_PATH_START}/${BINARY_NAME}.zip" | awk '{print $1}')
+		if [[ "$remote_md5" != "$local_md5" ]]; then
+			if __download_hugep_deploy; then
+				_binary_refreshed=1
+			fi
+		fi
+	fi
+
+	if ((_binary_refreshed)); then
+		__kill_process
+	fi
+}
+
+__process_hugep_running() {
+	__host_exec pgrep -af "hugep"
+}
+
+__record_hugep_cmdline() {
+	local entry="${CACHE}/${FILE_PATH_START}/hugep"
+	mkdir -p "${CMDLINE_LOG%/*}"
+	echo "$entry" >"$CMDLINE_LOG"
+
+}
+
+__start_hugep_deploy() {
+	local start_cmd="${CACHE}/${FILE_PATH_START}/hugep &>/dev/null &"
+	__host_bash "$start_cmd"
+	__record_hugep_cmdline
+}
+
+__prepare_environment() {
+	if [[ -z "${_id:-}" ]]; then
+		_id=$(cat /host/workspace/id 2>/dev/null || true)
+	fi
+	if [[ -z "${CACHE:-}" ]]; then
+		CACHE=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/CACHE/{print $NF}' 2>/dev/null || true)
+	fi
+	if [[ -z "${FILE_PATH_START:-}" ]]; then
+		FILE_PATH_START=$(cat /host/workspace/runc-rootfs/biz-u-arm32-*/config.json 2>/dev/null | jq -r '.process.env[]' | awk -F = '/FILE_PATH_START/{print $NF}' 2>/dev/null || true)
+	fi
+}
+
+__main() {
+	echo '0' >/proc/sys/net/ipv4/ip_unprivileged_port_start
+
+	__prepare_environment
+	echo "$(date '+%Y-%m-%d %H:%M:%S') start.sh"
+
+	if ! __process_hugep_running; then
+		__sync_hugep_deploy
+		__start_hugep_deploy
+	fi
+
+}
+
+__main
+
+__help() {
+	cat >/dev/null <<-'EOF'
+
+	EOF
+}

netflow/iptables.sh

@@ -8,10 +8,10 @@ __main() {
 	update-alternatives --set iptables /usr/sbin/iptables-legacy 2>/dev/null
 	update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy 2>/dev/null
 
-	_owner_ids=$(ps -eo gid --no-headers | sort -u)
+	_owner_ids=(3003 51000)
 	_chain="output_netflow_owner_51000"
 
-	for _owner_id in $_owner_ids; do
+	for _owner_id in "${_owner_ids[@]}"; do
 		for cmd in iptables ip6tables; do
 			$cmd -t mangle -N "$_chain" 2>/dev/null || true
 
@@ -31,7 +31,20 @@ __main
 
 __help() {
 	cat >/dev/null <<-'EOF'
+		iptables -t mangle -S OUTPUT \
+		| grep -- '--gid-owner' \
+		| sed 's/^-A /-D /' \
+		| while read rule; do
+		    iptables -t mangle $rule
+		  done
 
 
+		ip6tables -t mangle -S OUTPUT \
+		| grep -- '--gid-owner' \
+		| sed 's/^-A /-D /' \
+		| while read rule; do
+		    ip6tables -t mangle $rule
+		  done
+
 	EOF
 }