From c0492134aff9544e0a017b259931024e2940cfbd Mon Sep 17 00:00:00 2001 From: Gareth Evans <63365672+ggfevans@users.noreply.github.com> Date: Wed, 1 Jul 2026 23:32:50 -0700 Subject: [PATCH] fix(rackula): install Bun outside /root so hardened service unit can exec it (#15540) rackula-api.service ships with ProtectHome=true and ExecStart=/usr/local/bin/bun. With BUN_INSTALL=/root/.bun the symlink resolves into /root, which is masked in the unit's mount namespace, so the service fails with status=203/EXEC and crash-loops. Use /opt/bun instead, matching yubal and gitea-mirror. Also drop the unused BUN_VERSION/BUN_VARIANT block (bun.sh/install takes the version as a positional arg and detects avx2/baseline itself, so the env vars were dead code) and restore the msg_ok "Installed Bun" / msg_info "Setting up Rackula" pair. Claude-Session: https://claude.ai/code/session_011sGajwSQGg1vd6m2AC6Byq Co-authored-by: Claude Fable 5 --- install/rackula-install.sh | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/install/rackula-install.sh b/install/rackula-install.sh index c8139c7fe..b7c4b0a0d 100755 --- a/install/rackula-install.sh +++ b/install/rackula-install.sh @@ -19,19 +19,16 @@ msg_ok "Installed Dependencies" msg_info "Installing Bun" ensure_dependencies unzip ca-certificates -BUN_VERSION="${BUN_VERSION:-1.3.14}" -case "$(uname -m)" in -x86_64) grep -q avx2 /proc/cpuinfo && BUN_VARIANT="x64" || BUN_VARIANT="x64-baseline" ;; -aarch64) BUN_VARIANT="aarch64" ;; -*) - msg_error "Unsupported architecture: $(uname -m)" - exit 1 - ;; -esac -export BUN_INSTALL="/root/.bun" +# rackula-api.service ships with ProtectHome=true, so the bun binary must live +# outside /root; /opt/bun matches yubal and gitea-mirror +export BUN_INSTALL="/opt/bun" curl -fsSL https://bun.sh/install | $STD bash -ln -sf /root/.bun/bin/bun /usr/local/bin/bun +ln -sf /opt/bun/bin/bun /usr/local/bin/bun +msg_ok "Installed Bun" + fetch_and_deploy_gh_release "rackula" "RackulaLives/Rackula" "prebuild" "latest" "/opt/rackula" "rackula-lxc-*.tar.gz" + +msg_info "Setting up Rackula" mkdir -p /opt/rackula/data /etc/nginx/snippets SECURITY_HEADERS_SRC="/opt/rackula/config/security-headers.conf"