Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian Improvements #732

Merged
merged 37 commits into from
Nov 15, 2024
Merged

Debian Improvements #732

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
37 commits
Select commit Hold shift + click to select a range
72b3151
fix color
Gaojianli Nov 8, 2024
a4d4254
重构日志界面
Gaojianli Nov 9, 2024
7418b83
增强 GUI 右键菜单
Ghost-chu Nov 9, 2024
670e104
扩展 GUI 右键菜单
Ghost-chu Nov 9, 2024
7337840
日志性能优化
Gaojianli Nov 9, 2024
35f8651
日志增加复制按钮
Gaojianli Nov 9, 2024
b9590ad
日志增加复制按钮
Gaojianli Nov 9, 2024
8fa69b9
Merge branch 'master' of github.com:PBH-BTN/PeerBanHelper
Gaojianli Nov 9, 2024
fe9168a
fix format
Gaojianli Nov 9, 2024
bb61c91
忽略 WebSeed 的连接
Ghost-chu Nov 10, 2024
be5d5b0
final 处理 FAIL2BAN 字段
Ghost-chu Nov 10, 2024
b54fc2f
修复日志系统产生的内存泄漏
Ghost-chu Nov 10, 2024
0f11369
修复日志系统产生的内存泄漏
Ghost-chu Nov 10, 2024
803d6ec
删除 CircularArrayList
Ghost-chu Nov 10, 2024
c453b88
更新版本号
Ghost-chu Nov 10, 2024
8d5d944
修复 QBEE 的 Web Seed 问题
Ghost-chu Nov 10, 2024
c8c6ada
获取 IP 地址出错时返回一个固定 IPAddress 避免 NPE
Ghost-chu Nov 10, 2024
5b4a358
减轻 Peer 使用超级做种时 PBH 可能产生误封禁的问题
Ghost-chu Nov 10, 2024
4bf10fd
减轻 Peer 使用超级做种时 PBH 可能产生误封禁的问题
Ghost-chu Nov 10, 2024
e7cb11b
add english readme
Gaojianli Nov 11, 2024
2f2a33a
english
Gaojianli Nov 11, 2024
b46fb0c
litte fix
Gaojianli Nov 11, 2024
5a4f742
Merge pull request #722 from PBH-BTN/docs
Gaojianli Nov 11, 2024
bae1a36
Update README.md
Gaojianli Nov 11, 2024
dc9a042
add group info
Gaojianli Nov 11, 2024
e0cb833
调换顺序
Ghost-chu Nov 11, 2024
bc6021b
Update README.md
Ghost-chu Nov 11, 2024
8b5295f
Update README.EN.md
Ghost-chu Nov 11, 2024
37f4c53
修复 BTN 规则未加载时出现 500 错误的问题
Ghost-chu Nov 11, 2024
579ebae
修复 BTN 规则有时可能不会被执行的问题
Ghost-chu Nov 11, 2024
5f78997
7.1.4
Ghost-chu Nov 11, 2024
97115cc
更改默认屏蔽配置文件
Ghost-chu Nov 11, 2024
b0f6ae9
替换链接
Gaojianli Nov 12, 2024
65bc375
大小写
Gaojianli Nov 12, 2024
a449a4d
优化search ip
Gaojianli Nov 13, 2024
cce7403
fix potential bug for ip query
Gaojianli Nov 13, 2024
43c9ed6
Debian Improvements
Anuskuss Nov 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
96 changes: 96 additions & 0 deletions README.EN.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,96 @@
# PeerBanHelper
[简体中文](./README.md)

Automatically block unwanted, leeches and abnormal BT peers with support for customized and cloud rules.

![page-views](https://raw.githubusercontent.com/PBH-BTN/views-counter/refs/heads/master/svg/754169590/badge.svg)
## Introduction

Following function are provided by PeerBanHelper:

- [PeerID Blacklist](https://docs.pbh-btn.com/en/docs/module/peer-id)
- [Client Name Blacklist](https://docs.pbh-btn.com/en/docs/module/client-name)
- [IP/GeoIP/IP type Blacklist](https://docs.pbh-btn.com/en/docs/module/ip-address-blocker)
- [Fake progress checker (heuristic client detection)](https://docs.pbh-btn.com/en/docs/module/progress-cheat-blocker)
- [Auto range ban](https://docs.pbh-btn.com/en/docs/module/auto-range-ban)
- [Multi-dail ban](https://docs.pbh-btn.com/en/docs/module/multi-dial)
- Peer ID/Client Name camouflage check, powered by [AviatorScript Engine](https://docs.pbh-btn.com/en/docs/module/expression-engine)
- [Active monitoring(data analysis)](https://docs.pbh-btn.com/en/docs/module/active-monitoring)
- [IP set subscribe](https://docs.pbh-btn.com/en/docs/module/ip-address-blocker-rules)
- a mordern WebUI

In addition, PeerBanHelper downloads the GeoIP library at startup, and supports the following functions once it successful loaded:
- View IP address attribution, AS information (ASN, ISP, AS name, etc.), network type information (broadband, base station, IoT, data center, etc.) in the blocking list.
- Based on GeoIP information, block IP addresses by country/region, city, network type, ASN and so on.
- View GeoIP statistics

> [!TIP]
> For best results, it is recommended to work with the IP rule [PBH-BTN/BTN-Collected-Rules](https://github.com/PBH-BTN/BTN-Collected-Rules) and [BTN Network](https://docs.pbh-btn.com/en/docs/btn/intro) , but this is completely optional.


## Supported clients

- qBittorrent **4.5.0 or higher**
- BiglyBT([plugin](https://github.com/PBH-BTN/PBH-Adapter-BiglyBT) is required)
- Deluge([plugin](https://github.com/PBH-BTN/PBH-Adapter-Deluge) is required)
- Azureus(Vuze)([plugin](https://github.com/PBH-BTN/PBH-Adapter-Azureus) is required)
- Transmission **(deprected;3.00-20 or higher)**
- BitComet **v2.10 Beta6 [20240928] or higher**


# Screenshots

| Dashboard | Banlist | Banlogs | Rule subscribe |
| :------------------------------------------------------------------------------------------------------------------------------------ | :----------------------------------------------------------------------------------------------------------------------------------- | :----------------------------------------------------------------------------------------------------------------------------------- | :-------------------------------------------------------------------------------------------------------------------------------------- |
| <img width="1280" alt="homepage" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/d7f7ea9f-70df-40f1-a782-260450972bc9"> | <img width="1280" alt="banlist" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/c3e139e6-eb82-423f-b083-1839713ec801"> | <img width="1280" alt="banlogs" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/00d8efcc-0dd7-4e05-bdeb-9444e14739d6"> | <img width="1280" alt="banMetrics" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/dc312186-9643-4f23-9d53-7b8e0852f228"> |

## Install

Please read the [docs](https://docs.pbh-btn.com/en/docs/category/%E5%AE%89%E8%A3%85%E9%83%A8%E7%BD%B2)


## FAQ

Before submit issue, please read the [FAQ](https://docs.pbh-btn.com/en/docs/faq)

## Support
Consider join our [Telegram](https://t.me/+_t3Nt5GZ6bJmYjBl) group.

## Declaration

Illegal websites and black and grey industries should not initiate any kind of manual service request to our organization's development or support staff; it is strictly prohibited to use any services or products of PBH-BTN team to engage in any illegal activities such as violating the law, endangering national security, committing or helping others to commit telecommunication crimes, and other illegal activities.
Users are not allowed to carry out any activities that harm the interests of other individuals or organizations through any services or products of PBH-BTN Team. The use of any PBH-BTN Team services or products in violation of the rights and interests of any individual or organization is not permitted.

## Star History

[![Star History Chart](https://api.star-history.com/svg?repos=PBH-BTN/PeerBanHelper&type=Date)](https://star-history.com/#PBH-BTN/PeerBanHelper&Date)

## Credit

### Backend

- [Cordelia](https://github.com/bochkov/cordelia)
- [IPAddress](https://github.com/seancfoley/IPAddress)
- [YamlConfiguration](https://github.com/bspfsystems/YamlConfiguration)
- [libby](https://github.com/AlessioDP/libby)
- [AviatorScript](https://github.com/killme2008/aviatorscript)
- [javalin](https://javalin.io/)
- [deluge-java](https://github.com/RangerRick/deluge-java)
- [jSystemThemeDetector](https://github.com/Dansoftowner/jSystemThemeDetector)
- [Methanol](https://github.com/mizosoft/methanol)
- [Flatlaf](https://github.com/JFormDesigner/FlatLaf)
- [GeoIP2](https://dev.maxmind.com/geoip)
- [ormlite](https://ormlite.com/)
- [SimpleReloadLib](https://github.com/Ghost-chu/SimpleReloadLib)

### WebUI

- [Vue](https://vuejs.org/)
- [ArcoDesign](https://arco.design/)
- [ECharts](https://echarts.apache.org/en/index.html)

### Install4j

PeerBanHelper use [Install4j multi-platform installer builder](https://www.ej-technologies.com/products/install4j/overview.html) to build its multi-platform installer. Thanks the open-source license provided by ej-technolgies. Click the link or the image below to download install4j.

[![Install4j](https://www.ej-technologies.com/images/product_banners/install4j_large.png)](https://www.ej-technologies.com/products/install4j/overview.html)
72 changes: 34 additions & 38 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,26 +1,33 @@
# PeerBanHelper
[English](./README.EN.md)

自动封禁不受欢迎、吸血和异常的 BT 客户端,并支持自定义规则。

![page-views](https://raw.githubusercontent.com/PBH-BTN/views-counter/refs/heads/master/svg/754169590/badge.svg)
## 功能介绍

> [!NOTE]
> PeerBanHelper 没有内建的更新检查程序,记得时常回来看看是否有新的版本更新,或者 Watch 本仓库(Custom -> Releases, Issues 和 Discussions)以接收版本更新通知
> QQ 交流群:932978658,如果在使用过程中需要帮助,您可以在这里和他人一同交流。或者在 [Issue Tracker](https://github.com/Ghost-chu/PeerBanHelper/issues) 打开新问题
PeerBanHelper 主要由以下几个功能模块组成:

> [!TIP]
> 您只需要正确连接 PBH 到下载器就可以正常工作,大多数情况下,并不需要额外配置
- [PeerID 黑名单](https://docs.pbh-btn.com/docs/module/peer-id)
- [Client Name 黑名单](https://docs.pbh-btn.com/docs/module/client-name)
- [IP/GeoIP/IP 类型 黑名单](https://docs.pbh-btn.com/docs/module/ip-address-blocker)
- [虚假进度检查器(提供启发式客户端检测功能)](https://docs.pbh-btn.com/docs/module/progress-cheat-blocker)
- [自动连锁封禁](https://docs.pbh-btn.com/docs/module/auto-range-ban)
- [多拨追猎](https://docs.pbh-btn.com/docs/module/multi-dial)
- Peer ID/Client Name 伪装检查;通过 [AviatorScript 引擎](https://docs.pbh-btn.com/docs/module/expression-engine) 实现
- [主动监测(提供本地数据分析功能)](https://docs.pbh-btn.com/docs/module/active-monitoring)
- [网络 IP 集规则订阅](https://docs.pbh-btn.com/docs/module/ip-address-blocker-rules)
- WebUI (目前支持:活跃封禁名单查看,历史封禁查询,封禁最频繁的 Top 50 IP,规则订阅管理,图表查看,Peer 列表查看)

> [!TIP]
> 为获得最佳效果,建议配合我们维护的 IP 规则库 [PBH-BTN/BTN-Collected-Rules](https://github.com/PBH-BTN/BTN-Collected-Rules) 和 [BTN 网络](https://docs.pbh-btn.com/docs/btn/intro) 一起食用,不过这是完全可选的。
此外,PeerBanHelper 会在启动时下载 GeoIP 库,成功加载后支持以下功能:

| 主界面 | 封禁列表 | 封禁日志 | 封禁统计 | 规则统计 | 规则订阅 |
| ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| <img width="1280" alt="homepage" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/d7f7ea9f-70df-40f1-a782-260450972bc9"> | <img width="1280" alt="banlist" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/c3e139e6-eb82-423f-b083-1839713ec801"> | <img width="1280" alt="banlogs" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/00d8efcc-0dd7-4e05-bdeb-9444e14739d6"> | <img width="1280" alt="maxban" src="https://github.com/PBH-BTN/PeerBanHelper/assets/30802565/ae78ebb9-67f7-481a-9afc-7ced2c6a2534"> | <img width="1280" alt="banMetrics" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/9e4cd7b7-aaff-4b66-8d1d-ad4ef3466b1f"> | <img width="1280" alt="banMetrics" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/dc312186-9643-4f23-9d53-7b8e0852f228"> |
- 在封禁列表中查看 IP 归属地,AS 信息(ASN、ISP、AS 名称等),网络类型信息(宽带、基站、物联网、数据中心等)
- 基于 GeoIP 信息按国家/地区、城市、网络类型、ASN 等封禁 IP 地址
- 查看 GeoIP 统计数据

## 安装 PeerBanHelper
> [!TIP]
> 为获得最佳效果,建议配合我们维护的 IP 规则库 [PBH-BTN/BTN-Collected-Rules](https://github.com/PBH-BTN/BTN-Collected-Rules) 和 [BTN 网络](https://docs.pbh-btn.com/docs/btn/intro) 一起食用,不过这是完全可选的。

查看 [PeerBanHelper 文档](https://docs.pbh-btn.com/docs/category/%E5%AE%89%E8%A3%85%E9%83%A8%E7%BD%B2)

## 支持的客户端

Expand All @@ -31,43 +38,26 @@
- Transmission **(不建议使用;3.00-20 或更高版本)**
- BitComet **v2.10 Beta6 [20240928] 或更高版本**

## 注意事项

请不要打开下载器中的 "允许来自同一 IP 地址的多个连接" 选项,这会干扰 PBH 计算数据,并导致错误封禁。
如果您的下载器存在 PT 站种子,在添加下载器时建议开启 “忽略私有种子”。
# 截图

## 功能介绍

PeerBanHelper 主要由以下几个功能模块组成:
| 主界面 | 封禁列表 | 封禁日志 | 封禁统计 | 规则统计 | 规则订阅 |
| ------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- |
| <img width="1280" alt="homepage" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/d7f7ea9f-70df-40f1-a782-260450972bc9"> | <img width="1280" alt="banlist" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/c3e139e6-eb82-423f-b083-1839713ec801"> | <img width="1280" alt="banlogs" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/00d8efcc-0dd7-4e05-bdeb-9444e14739d6"> | <img width="1280" alt="maxban" src="https://github.com/PBH-BTN/PeerBanHelper/assets/30802565/ae78ebb9-67f7-481a-9afc-7ced2c6a2534"> | <img width="1280" alt="banMetrics" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/9e4cd7b7-aaff-4b66-8d1d-ad4ef3466b1f"> | <img width="1280" alt="banMetrics" src="https://github.com/PBH-BTN/PeerBanHelper/assets/19235246/dc312186-9643-4f23-9d53-7b8e0852f228"> |

- [PeerID 黑名单](https://docs.pbh-btn.com/docs/module/peer-id)
- [Client Name 黑名单](https://docs.pbh-btn.com/docs/module/client-name)
- [IP/GeoIP/IP 类型 黑名单](https://docs.pbh-btn.com/docs/module/ip-address-blocker)
- [虚假进度检查器(提供启发式客户端检测功能)](https://docs.pbh-btn.com/docs/module/progress-cheat-blocker)
- [自动连锁封禁](https://docs.pbh-btn.com/docs/module/auto-range-ban)
- [多拨追猎](https://docs.pbh-btn.com/docs/module/multi-dial)
- Peer ID/Client Name 伪装检查;通过 [AviatorScript 引擎](https://docs.pbh-btn.com/docs/module/expression-engine) 实现
- [主动监测(提供本地数据分析功能)](https://docs.pbh-btn.com/docs/module/active-monitoring)
- [网络 IP 集规则订阅](https://docs.pbh-btn.com/docs/module/ip-address-blocker-rules)
- WebUI (目前支持:活跃封禁名单查看,历史封禁查询,封禁最频繁的 Top 50 IP,规则订阅管理,图表查看,Peer 列表查看)
## 安装 PeerBanHelper

此外,PeerBanHelper 会在启动时下载 GeoIP 库,成功加载后支持以下功能:
查看 [PeerBanHelper 文档](https://docs.pbh-btn.com/docs/category/%E5%AE%89%E8%A3%85%E9%83%A8%E7%BD%B2)

- 在封禁列表中查看 IP 归属地,AS 信息(ASN、ISP、AS 名称等),网络类型信息(宽带、基站、物联网、数据中心等)
- 基于 GeoIP 信息按国家/地区、城市、网络类型、ASN 等封禁 IP 地址
- 查看 GeoIP 统计数据

## 常见问题

在报告问题前,请先检查 [常见问题列表](https://docs.pbh-btn.com/docs/faq)

## Install4j

PeerBanHelper 使用 [Install4j multi-platform installer builder](https://www.ej-technologies.com/products/install4j/overview.html) 打包多平台安装程序。感谢 ej-technolgies 的开放源代码许可证。点击链接或者下面的图片下载 install4j。

[![Install4j](https://www.ej-technologies.com/images/product_banners/install4j_large.png)](https://www.ej-technologies.com/products/install4j/overview.html)
## 需要帮助?
考虑加入我们的[QQ群](https://qm.qq.com/cgi-bin/qm/qr?k=w5as_wH2G1ReUrClreCYhR69XiNCuP65&jump_from=webapi&authKey=EyjMX7Pwc77XLM51V6FEcR7oXnG8fsUbSFqYZ4PPiEpq32vBglJn/jFvpc3LFDhn)!

## 法律文本
## 声明

违法网站和黑灰产请勿向我组织开发或支持人员发起任何形式的人工服务请求;严禁使用 PBH-BTN 团队的任何服务、产品从事任何违法违规、危害国家安全、实施或帮助他人实施电信犯罪等非法活动。
用户不得通过 PBH-BTN 团队的任何服务、产品进行任何损害其它个人或组织的利益的活动。在任何违反个人或组织权益的情况下使用 PBH-BTN 团队的任何服务、产品均不被允许。
Expand Down Expand Up @@ -99,3 +89,9 @@ PeerBanHelper 使用 [Install4j multi-platform installer builder](https://www.ej
- [Vue](https://vuejs.org/)
- [ArcoDesign](https://arco.design/)
- [ECharts](https://echarts.apache.org/en/index.html)

### Install4j

PeerBanHelper 使用 [Install4j multi-platform installer builder](https://www.ej-technologies.com/products/install4j/overview.html) 打包多平台安装程序。感谢 ej-technolgies 的开放源代码许可证。点击链接或者下面的图片下载 install4j。

[![Install4j](https://www.ej-technologies.com/images/product_banners/install4j_large.png)](https://www.ej-technologies.com/products/install4j/overview.html)
3 changes: 2 additions & 1 deletion pkg/deb/DEBIAN/conffiles
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
/etc/peerbanhelper/data/config.yml
/etc/peerbanhelper/config.yml
/etc/peerbanhelper/profile.yml
3 changes: 2 additions & 1 deletion pkg/deb/DEBIAN/control
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
Package: peerbanhelper
Version: <version>
Depends: java-runtime (>=21),libc6
Pre-Depends: adduser
Depends: java-runtime (>=21), libc6
Section: universe/net
Priority: optional
Architecture: all
Expand Down
1 change: 0 additions & 1 deletion pkg/deb/DEBIAN/dirs
View file
Open in desktop

This file was deleted.

15 changes: 10 additions & 5 deletions pkg/deb/DEBIAN/postinst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
#!/bin/sh
USER=peerbanhelper
adduser --system $USER
mkdir -p /etc/peerbanhelper
chown $USER /etc/peerbanhelper
#!/bin/sh -e

getent passwd peerbanhelper > /dev/null || adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Add error handling and explicit umask setting

While the user creation logic is correct, consider:

  1. Adding explicit error handling for adduser
  2. Setting a restrictive umask before user creation
+umask 022
+
 getent passwd peerbanhelper > /dev/null || adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper || {
+    echo "Failed to create peerbanhelper user" >&2
+    exit 1
+}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
getent passwd peerbanhelper > /dev/null || adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
umask 022
getent passwd peerbanhelper > /dev/null || adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper || {
echo "Failed to create peerbanhelper user" >&2
exit 1
}

chown -R peerbanhelper: /etc/peerbanhelper
chown -R root: /usr/lib/peerbanhelper
mkdir /var/log/peerbanhelper
chown peerbanhelper: /var/log/peerbanhelper
Comment on lines +4 to +7
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Fix directory creation and permission handling

Several critical issues in directory management:

  1. No mode specified for new directories
  2. Missing existence checks
  3. No explicit permissions set

Apply these changes:

-chown -R peerbanhelper: /etc/peerbanhelper
-chown -R root: /usr/lib/peerbanhelper
-mkdir /var/log/peerbanhelper
-chown peerbanhelper: /var/log/peerbanhelper

+# Ensure directories exist with correct permissions
+[ -d /etc/peerbanhelper ] || install -d -m 750 -o peerbanhelper -g peerbanhelper /etc/peerbanhelper
+[ -d /usr/lib/peerbanhelper ] || install -d -m 755 -o root -g root /usr/lib/peerbanhelper
+[ -d /var/log/peerbanhelper ] || install -d -m 750 -o peerbanhelper -g peerbanhelper /var/log/peerbanhelper
+
+# Set permissions recursively for existing content
+find /etc/peerbanhelper -type d -exec chmod 750 {} +
+find /etc/peerbanhelper -type f -exec chmod 640 {} +
+find /usr/lib/peerbanhelper -type d -exec chmod 755 {} +
+find /usr/lib/peerbanhelper -type f -exec chmod 644 {} +
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
chown -R peerbanhelper: /etc/peerbanhelper
chown -R root: /usr/lib/peerbanhelper
mkdir /var/log/peerbanhelper
chown peerbanhelper: /var/log/peerbanhelper
# Ensure directories exist with correct permissions
[ -d /etc/peerbanhelper ] || install -d -m 750 -o peerbanhelper -g peerbanhelper /etc/peerbanhelper
[ -d /usr/lib/peerbanhelper ] || install -d -m 755 -o root -g root /usr/lib/peerbanhelper
[ -d /var/log/peerbanhelper ] || install -d -m 750 -o peerbanhelper -g peerbanhelper /var/log/peerbanhelper
# Set permissions recursively for existing content
find /etc/peerbanhelper -type d -exec chmod 750 {} +
find /etc/peerbanhelper -type f -exec chmod 640 {} +
find /usr/lib/peerbanhelper -type d -exec chmod 755 {} +
find /usr/lib/peerbanhelper -type f -exec chmod 644 {} +


systemctl daemon-reload
systemctl start peerbanhelper.service
Comment on lines +9 to +10
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Improve service management robustness

The service management needs better error handling and should enable the service for system startup.

Apply these changes:

-systemctl daemon-reload
-systemctl start peerbanhelper.service
+systemctl daemon-reload || {
+    echo "Failed to reload systemd daemon" >&2
+    exit 1
+}
+
+systemctl enable peerbanhelper.service || {
+    echo "Failed to enable peerbanhelper service" >&2
+    exit 1
+}
+
+systemctl start peerbanhelper.service || {
+    echo "Failed to start peerbanhelper service" >&2
+    exit 1
+}
+
+# Verify service is running
+systemctl is-active --quiet peerbanhelper.service || {
+    echo "Service failed to start properly" >&2
+    exit 1
+}
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
systemctl daemon-reload
systemctl start peerbanhelper.service
systemctl daemon-reload || {
echo "Failed to reload systemd daemon" >&2
exit 1
}
systemctl enable peerbanhelper.service || {
echo "Failed to enable peerbanhelper service" >&2
exit 1
}
systemctl start peerbanhelper.service || {
echo "Failed to start peerbanhelper service" >&2
exit 1
}
# Verify service is running
systemctl is-active --quiet peerbanhelper.service || {
echo "Service failed to start properly" >&2
exit 1
}

3 changes: 3 additions & 0 deletions pkg/deb/DEBIAN/postrm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/sh -e

[ $1 = purge ] && deluser --quiet peerbanhelper && rm -rf /var/lib/peerbanhelper || true
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Improve error handling and safety checks

The current implementation has several potential issues:

  1. Suppressing all errors with || true could hide important failures
  2. No checks if user/directory exist before removal
  3. Using -rf without safeguards is risky

Consider this safer implementation:

-[ $1 = purge ] && deluser --quiet peerbanhelper && rm -rf /var/lib/peerbanhelper || true
+case "$1" in
+    purge)
+        # Remove peerbanhelper user if exists
+        if id "peerbanhelper" >/dev/null 2>&1; then
+            if ! deluser --quiet peerbanhelper; then
+                echo "Warning: Failed to remove peerbanhelper user" >&2
+            fi
+        fi
+        
+        # Remove data directory if exists
+        if [ -d "/var/lib/peerbanhelper" ]; then
+            if ! rm -rf "/var/lib/peerbanhelper"; then
+                echo "Warning: Failed to remove /var/lib/peerbanhelper directory" >&2
+                exit 1
+            fi
+        fi
+        ;;
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+        # No action needed for other removal cases
+        ;;
+    *)
+        echo "postrm called with unknown argument '$1'" >&2
+        exit 1
+        ;;
+esac
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
[ $1 = purge ] && deluser --quiet peerbanhelper && rm -rf /var/lib/peerbanhelper || true
case "$1" in
purge)
# Remove peerbanhelper user if exists
if id "peerbanhelper" >/dev/null 2>&1; then
if ! deluser --quiet peerbanhelper; then
echo "Warning: Failed to remove peerbanhelper user" >&2
fi
fi
# Remove data directory if exists
if [ -d "/var/lib/peerbanhelper" ]; then
if ! rm -rf "/var/lib/peerbanhelper"; then
echo "Warning: Failed to remove /var/lib/peerbanhelper directory" >&2
exit 1
fi
fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
# No action needed for other removal cases
;;
*)
echo "postrm called with unknown argument '$1'" >&2
exit 1
;;
esac

Comment on lines +1 to +3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

Service files are not properly cleaned up during package removal

The package has systemd service files and service-related operations, but the postrm script doesn't clean up:

  • /usr/lib/systemd/system/peerbanhelper.service - service file remains after package removal
  • No systemctl disable before removal
  • No removal of service files in /usr/lib/systemd/system/
🔗 Analysis chain

Verify systemd service cleanup

Ensure that systemd-related files are properly cleaned up during package removal.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for systemd service files that might need cleanup

# Check if there are any systemd service files
rg -l "peerbanhelper" "/lib/systemd/system/" "/etc/systemd/system/"

# Check if there are any remaining systemd runtime files
rg -l "peerbanhelper" "/run/systemd/system/"

Length of output: 289

Script:

#!/bin/bash
# Let's check the repository for any systemd service files and their cleanup
# First, find any systemd service files in the repository
fd -e service

# Check for any systemd-related cleanup in package scripts
rg -l "systemctl|systemd" pkg/deb/

# Look for service definitions or systemd mentions in the codebase
rg -l "\.service" 

# Check package scripts for service-related operations
cat pkg/deb/DEBIAN/{preinst,postinst,prerm,postrm} 2>/dev/null

Length of output: 1686

12 changes: 12 additions & 0 deletions pkg/deb/DEBIAN/preinst
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
#!/bin/sh -e

# migrate <= 7.1.2
if getent passwd peerbanhelper | grep --quiet /nonexistent; then
Comment on lines +3 to +4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Implement explicit version checking

The current version detection relies on checking the user's home directory, which is an indirect and potentially unreliable method. Consider implementing explicit version checking.

Example implementation:

 # migrate <= 7.1.2
+if [ -f /var/lib/dpkg/status ]; then
+    OLD_VERSION=$(dpkg-query -W -f='${Version}' peerbanhelper 2>/dev/null || echo "0.0.0")
+    if dpkg --compare-versions "$OLD_VERSION" le "7.1.2"; then
+        if getent passwd peerbanhelper | grep --quiet /nonexistent; then
-if getent passwd peerbanhelper | grep --quiet /nonexistent; then
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# migrate <= 7.1.2
if getent passwd peerbanhelper | grep --quiet /nonexistent; then
# migrate <= 7.1.2
if [ -f /var/lib/dpkg/status ]; then
OLD_VERSION=$(dpkg-query -W -f='${Version}' peerbanhelper 2>/dev/null || echo "0.0.0")
if dpkg --compare-versions "$OLD_VERSION" le "7.1.2"; then
if getent passwd peerbanhelper | grep --quiet /nonexistent; then

deluser --quiet peerbanhelper
adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
Comment on lines +5 to +6
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add error handling for user management operations

The --quiet flag suppresses important error messages. Consider removing it and adding proper error handling.

-deluser --quiet peerbanhelper
-adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
+if ! deluser peerbanhelper; then
+    echo "Error: Failed to remove existing peerbanhelper user" >&2
+    exit 1
+fi
+if ! adduser --system --group --home /var/lib/peerbanhelper peerbanhelper; then
+    echo "Error: Failed to create peerbanhelper user" >&2
+    exit 1
+fi
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
deluser --quiet peerbanhelper
adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
if ! deluser peerbanhelper; then
echo "Error: Failed to remove existing peerbanhelper user" >&2
exit 1
fi
if ! adduser --system --group --home /var/lib/peerbanhelper peerbanhelper; then
echo "Error: Failed to create peerbanhelper user" >&2
exit 1
fi

chown -R peerbanhelper: /etc/peerbanhelper
mv /etc/peerbanhelper/config/config.yml /etc/peerbanhelper/config/profile.yml /etc/peerbanhelper
rm -rf /etc/peerbanhelper/config /etc/peerbanhelper/data
mv /etc/peerbanhelper/logs /var/log/peerbanhelper
find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d -exec mv {} /var/lib/peerbanhelper \;
Comment on lines +7 to +11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Add safety checks and backups for file operations

The file operations lack error handling and backups. This could lead to data loss or incomplete migration.

+# Create backup
+BACKUP_DIR="/etc/peerbanhelper.backup.$(date +%Y%m%d_%H%M%S)"
+if ! cp -a /etc/peerbanhelper "$BACKUP_DIR"; then
+    echo "Error: Failed to create backup" >&2
+    exit 1
+fi

+# Ensure target directories exist
+mkdir -p /var/log/peerbanhelper /var/lib/peerbanhelper

 # Change ownership
-chown -R peerbanhelper: /etc/peerbanhelper
+if ! chown -R peerbanhelper: /etc/peerbanhelper; then
+    echo "Error: Failed to change ownership" >&2
+    exit 1
+fi

 # Move configuration files
-mv /etc/peerbanhelper/config/config.yml /etc/peerbanhelper/config/profile.yml /etc/peerbanhelper
+for file in config.yml profile.yml; do
+    if [ -f "/etc/peerbanhelper/config/$file" ]; then
+        if ! mv "/etc/peerbanhelper/config/$file" /etc/peerbanhelper/; then
+            echo "Error: Failed to move $file" >&2
+            exit 1
+        fi
+    fi
+done

 # Cleanup old directories
-rm -rf /etc/peerbanhelper/config /etc/peerbanhelper/data
-mv /etc/peerbanhelper/logs /var/log/peerbanhelper
+if [ -d /etc/peerbanhelper/logs ]; then
+    if ! mv /etc/peerbanhelper/logs/* /var/log/peerbanhelper/; then
+        echo "Error: Failed to move logs" >&2
+        exit 1
+    fi
+fi
+
+# Remove old directories only if they exist
+for dir in config data logs; do
+    if [ -d "/etc/peerbanhelper/$dir" ]; then
+        rm -rf "/etc/peerbanhelper/$dir"
+    fi
+done
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
chown -R peerbanhelper: /etc/peerbanhelper
mv /etc/peerbanhelper/config/config.yml /etc/peerbanhelper/config/profile.yml /etc/peerbanhelper
rm -rf /etc/peerbanhelper/config /etc/peerbanhelper/data
mv /etc/peerbanhelper/logs /var/log/peerbanhelper
find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d -exec mv {} /var/lib/peerbanhelper \;
# Create backup
BACKUP_DIR="/etc/peerbanhelper.backup.$(date +%Y%m%d_%H%M%S)"
if ! cp -a /etc/peerbanhelper "$BACKUP_DIR"; then
echo "Error: Failed to create backup" >&2
exit 1
fi
# Ensure target directories exist
mkdir -p /var/log/peerbanhelper /var/lib/peerbanhelper
# Change ownership
if ! chown -R peerbanhelper: /etc/peerbanhelper; then
echo "Error: Failed to change ownership" >&2
exit 1
fi
# Move configuration files
for file in config.yml profile.yml; do
if [ -f "/etc/peerbanhelper/config/$file" ]; then
if ! mv "/etc/peerbanhelper/config/$file" /etc/peerbanhelper/; then
echo "Error: Failed to move $file" >&2
exit 1
fi
fi
done
# Cleanup old directories
if [ -d /etc/peerbanhelper/logs ]; then
if ! mv /etc/peerbanhelper/logs/* /var/log/peerbanhelper/; then
echo "Error: Failed to move logs" >&2
exit 1
fi
fi
# Remove old directories only if they exist
for dir in config data logs; do
if [ -d "/etc/peerbanhelper/$dir" ]; then
rm -rf "/etc/peerbanhelper/$dir"
fi
done

fi
Comment on lines +11 to +12
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Improve safety of directory migration

The find command could potentially move unintended directories. Add validation and error handling.

-find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d -exec mv {} /var/lib/peerbanhelper \;
+# Move remaining directories with validation
+while IFS= read -r dir; do
+    dir_name=$(basename "$dir")
+    case "$dir_name" in
+        config|data|logs)
+            continue  # Skip already handled directories
+            ;;
+        *)
+            if ! mv "$dir" /var/lib/peerbanhelper/; then
+                echo "Error: Failed to move directory $dir" >&2
+                exit 1
+            fi
+            ;;
+    esac
+done < <(find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d)
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d -exec mv {} /var/lib/peerbanhelper \;
fi
# Move remaining directories with validation
while IFS= read -r dir; do
dir_name=$(basename "$dir")
case "$dir_name" in
config|data|logs)
continue # Skip already handled directories
;;
*)
if ! mv "$dir" /var/lib/peerbanhelper/; then
echo "Error: Failed to move directory $dir" >&2
exit 1
fi
;;
esac
done < <(find /etc/peerbanhelper -mindepth 1 -maxdepth 1 -type d)
fi

4 changes: 4 additions & 0 deletions pkg/deb/DEBIAN/prerm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
#!/bin/sh -e

systemctl daemon-reload
systemctl stop peerbanhelper.service
Comment on lines +3 to +4
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codebase verification

🛠️ Refactor suggestion

Add error handling for systemd operations in both prerm and postinst scripts

The verification confirms that both installation scripts (prerm and postinst) lack proper error handling for systemd operations. The package appears to be systemd-only, with no alternative init system support files present. The suggested changes should be applied to both scripts:

  • prerm: Apply the suggested error handling as mentioned in the review.
  • postinst: Add similar error handling:
 #!/bin/sh -e

 getent passwd peerbanhelper > /dev/null || adduser --quiet --system --group --home /var/lib/peerbanhelper peerbanhelper
 chown -R peerbanhelper: /etc/peerbanhelper
 chown -R root: /usr/lib/peerbanhelper
 mkdir /var/log/peerbanhelper
 chown peerbanhelper: /var/log/peerbanhelper

-systemctl daemon-reload
-systemctl start peerbanhelper.service
+# Check if systemd is running
+if [ -d /run/systemd/system ]; then
+    systemctl daemon-reload || true
+    systemctl start peerbanhelper.service || true
+else
+    echo "Warning: systemd not detected, skipping service management"
+fi
🔗 Analysis chain

Add error handling for systemd-specific operations.

The script assumes systemd is present and running, which might not always be true. Consider adding checks and graceful fallbacks.

Here's a suggested implementation with better error handling:

 #!/bin/sh -e

-systemctl daemon-reload
-systemctl stop peerbanhelper.service
+# Check if systemd is running
+if [ -d /run/systemd/system ]; then
+    # Stop service if it's running
+    if systemctl is-active --quiet peerbanhelper.service; then
+        systemctl stop peerbanhelper.service || true
+    fi
+    systemctl daemon-reload || true
+else
+    echo "Warning: systemd not detected, skipping service management"
+fi

This implementation:

  1. Checks if systemd is running before attempting systemd operations
  2. Only attempts to stop the service if it's actually running
  3. Uses || true to prevent script failure if commands fail
  4. Provides feedback when systemd is not available

Let's verify the service configuration:

The verification results show that:

  1. The service file exists and is properly configured
  2. systemctl commands are used in both prerm and postinst scripts
  3. The service requires special capabilities (CAP_NET_ADMIN) and runs as a dedicated user

Let's verify the presence of similar error handling in the postinst script:

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify service configuration and related files

# Check if service file exists and its contents
fd -t f "peerbanhelper.service" -x cat {}

# Check for other related systemd unit files
fd -t f "peerbanhelper*.service"

# Look for any systemctl commands in other installation scripts
rg "systemctl" pkg/

Length of output: 880

Script:

#!/bin/bash
# Check the content of postinst script
cat pkg/deb/DEBIAN/postinst

# Check if there are any other init system related files
fd -t f "init|upstart|openrc" pkg/

Length of output: 417

0 pkg/deb/etc/peerbanhelper/data/config.yml → pkg/deb/etc/peerbanhelper/config.yml
View file
Open in desktop
File renamed without changes.
2 changes: 1 addition & 1 deletion pkg/deb/etc/peerbanhelper/data/profile.yml → pkg/deb/etc/peerbanhelper/profile.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -414,4 +414,4 @@ module:
traffic-monitoring:
# 每日阈值 - 设置为 -1 以禁用,单位:bytes
# Daily threshold, set to -1 to disable, Unit: bytes
daily: -1
daily: -1
Loading