zeaslity/Xray-install
1
0
Fork 0
mirror of https://github.com/XTLS/Xray-install.git synced 2025-12-10 02:09:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

OpenRC: Improved syntax and update README

Browse Source
This commit is contained in:
Meo597
2025-11-24 08:46:09 +08:00
committed by yuhan6665
parent b5e8fdf24f
commit 08485e44b3
6 changed files with 25 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README_zh-Hans.md
View File

@@ -4,7 +4,7 @@
用于在支持 systemd 的操作系统(如 CentOS / Debian / OpenSUSE中安装 Xray 的 Bash 脚本。 用于在支持 systemd 的操作系统(如 CentOS / Debian / OpenSUSE中安装 Xray 的 Bash 脚本。
**对于 Alpine Linux 用户**,请参考 **[Alpine Linux 专用说明](alpinelinux/README_zh-Hans.md)** 以获取适用于 Alpine Linux 的安装脚本和指南。 **对于 Alpine 及 Gentoo Linux 用户**,请参考 **[OpenRC 专用说明](alpinelinux/README_zh-Hans.md)** 以获取适用于 Alpine/Gentoo Linux 的安装脚本和指南。
--- ---

2
README_zh-Hant.md
View File

@@ -4,7 +4,7 @@
用於在支持 systemd 的作業系統(如 CentOS / Debian / OpenSUSE中安裝 Xray 的 Bash 腳本。 用於在支持 systemd 的作業系統(如 CentOS / Debian / OpenSUSE中安裝 Xray 的 Bash 腳本。
**對 Alpine Linux 使用者**,請參 **[Alpine Linux 專用說明](alpinelinux/README_zh-Hant.md)** 以獲取適用於 Alpine Linux 的安裝腳本指南。 **對 Alpine 及 Gentoo Linux 使用者**,請參 **[OpenRC 專用說明](alpinelinux/README_zh-Hant.md)** 以獲取適用於 Alpine/Gentoo Linux 的安裝腳本指南。
--- ---

23
alpinelinux/README.md
View File

@@ -53,26 +53,3 @@ rc-service xray stop
```sh ```sh
rc-service xray restart rc-service xray restart
``` ```
## Breaking Changes at 2025-04-09
#### Path Change: Original path `/usr/local/lib/xray/` has been updated to new path `/usr/local/share/xray/`
- This directory contains `geosite.dat` and `geoip.dat`
- If you have scripts to automatically update these files, please adjust them accordingly
- Regular users can ignore this change
#### Watchdog: Xray process will now automatically restart indefinitely (every 5 seconds) upon panic, unless it panic 3 times in 10 minutes
- Advanced users no longer need to manually modify `/etc/init.d/xray` or write custom daemon scripts
- Regular users can ignore this change
#### No `root` Required: Xray now retains privileges (capabilities) to support `tproxy` and `sockopt` even when running as `nobody`
- Advanced users **should not** (and need not) run Xray as `root` anymore — it already has all required network privileges
- If you run Xray as a **server** (not client), you _may_ optionally run the command below to reduce capabilities. This theoretically minimizes attack surface but has negligible practical impact
- Regular users can ignore this change
```sh
sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray
```

23
alpinelinux/README_zh-Hans.md
View File

@@ -53,26 +53,3 @@ rc-service xray stop
```sh ```sh
rc-service xray restart rc-service xray restart
``` ```
## 重大更改 at 2025-04-09
#### 路径变更:原路径 `/usr/local/lib/xray/` 变更为 新路径 `/usr/local/share/xray/`
- 此目录存放了 `geosite.dat``geoip.dat`
- 如果你编写了一些脚本来自动更新这些文件,需要留意此项改动
- 普通用户无需关注此改动
#### 看门狗:若 Xray 进程 `panic` 将无限自动重启,间隔 5 秒,除非 10 分钟内崩溃 3 次
- 对于高级用户,你无需再手动调整 `/etc/init.d/xray` 或自己编写 daemon 脚本了
- 普通用户无需关注此改动
#### 无需 `root`:已为 Xray 授予特权,即便以 `nobody` 身份运行也支持 `tproxy` 和 `sockopt`
- 对于高级用户,你无需、也**不应该**再让 Xray 以 `root` 身份运行,现在它们已具备所有网络特权
- 如果你的 Xray 作为**节点**而不是客户端运行,或*可考虑*执行下面的命令撤销部分网络特权。理论上可以降低攻击面,实际上无关痛痒
- 普通用户无需关注此改动
```sh
sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray
```

23
alpinelinux/README_zh-Hant.md
View File

@@ -53,26 +53,3 @@ rc-service xray stop
```sh ```sh
rc-service xray restart rc-service xray restart
``` ```
## 重大變更 at 2025-04-09
#### 路徑變更:原始路徑 `/usr/local/lib/xray/` 變更為 新路徑 `/usr/local/share/xray/`
- 此目錄存放了 `geosite.dat``geoip.dat`
- 如果你編寫了一些腳本來自動更新這些文件,需要留意此項改動
- 普通用戶無需關注此改動
#### 看門狗:若 Xray 進程 `panic` 將無限自動重啟,間隔 5 秒,除非 10 分鐘內崩潰 3 次
- 對於高級用戶,你無需再手動調整 `/etc/init.d/xray` 或自己編寫 daemon 腳本了
- 普通用戶無需關注此改動
#### 無需 `root`:已為 Xray 授予特權,即便以 `nobody` 身分執行也支援 `tproxy` 和 `sockopt`
- 對於高級用戶,你無需、也**不應該**再讓 Xray 以 `root` 身份運行,現在它們已具備所有網絡特權
- 如果你的 Xray 是作為**節點**而不是客戶端運行,或*可考慮*執行下面的命令撤銷部分網路特權。理論上可以降低攻擊面,實際上無關痛癢
- 普通用戶無需關注此改動
```sh
sed -i 's/^capabilities="^cap_net_bind_service,^cap_net_admin,^cap_net_raw"$/capabilities="^cap_net_bind_service"/g' /etc/init.d/xray
```

47
alpinelinux/install-release.sh
View File

@@ -4,33 +4,32 @@
set -euo pipefail set -euo pipefail
pkg_manager() { pkg_manager() {
local OP="$1" PM=apk local OP="$1" PM=apk
shift shift
if [ -f /etc/gentoo-release ]; then if [ -f /etc/gentoo-release ]; then
PM=emerge PM=emerge
case "$OP" in case "$OP" in
add) add)
OP='-v' OP='-v'
;; ;;
del) del)
OP='-C' OP='-C'
;; ;;
esac esac
fi fi
if [ -z "$@" ]; then if [ $# -eq 0 ]; then
echo "$PM $OP" echo "$PM $OP"
else else
$PM $OP $@ $PM "$OP" "$@"
fi fi
} }
check_distro() {
check_distr() {
if [ -z "$(command -v rc-service)" ]; then if [ -z "$(command -v rc-service)" ]; then
echo "No OpenRC init-system detected" echo "No OpenRC init-system detected."
return 1 return 1
fi fi
if [ -f /etc/alpine-release -o -f /etc/gentoo-release ]; then if [ -f /etc/alpine-release ] || [ -f /etc/gentoo-release ]; then
return 0 return 0
else else
return 1 return 1
@@ -117,7 +116,7 @@ install_dependencies() {
fi fi
if [ "$(command -v apk)" ]; then if [ "$(command -v apk)" ]; then
echo "Installing required dependencies..." echo "Installing required dependencies..."
pkg_manager add curl unzip #to generalize installation procedure pkg_manager add curl unzip # to generalize installation procedure
else else
echo "error: The script does not support the package manager in this operating system." echo "error: The script does not support the package manager in this operating system."
exit 1 exit 1
@@ -238,7 +237,7 @@ information() {
} }
main() { main() {
check_distr || return 1 check_distro || return 1
check_if_running_as_root || return 1 check_if_running_as_root || return 1
identify_architecture || return 1 identify_architecture || return 1
install_dependencies install_dependencies