mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 7

fix(install): support non-sudo service-user installs on apt distros (#25814)

Browse source 
The Debian/Ubuntu branch of install_node_deps() ran 'npx playwright install
--with-deps chromium' unconditionally. Playwright invokes sudo interactively
to apt-install Chromium's system libraries, which blocks the installer for
non-sudo users (systemd service accounts, unprivileged operator users) on
an unsatisfiable password prompt.

Changes:
- install.sh: gate --with-deps behind a sudo capability check on the apt
  branch (matches the existing Arch/pacman branch pattern). Non-sudo users
  fall back to 'npx playwright install chromium' alone and the installer
  prints the exact 'sudo npx playwright install-deps chromium' command an
  administrator can run separately.
- install.sh: add --skip-browser (alias --no-playwright) to skip the
  Playwright step entirely for headless installs that don't need browser
  automation. Mirrors the existing --no-venv / --skip-setup shape.
- installation.md: add a 'Non-Sudo / System Service User Installs' section
  covering the admin/service-user split, the --skip-browser flag, and the
  ~/.local/bin PATH gotcha (the root cause of the 'No module named dotenv'
  error users hit when running the repo source 'hermes' script with system
  Python instead of the venv launcher).
- test_install_sh_browser_install.py: regression coverage for the
  --skip-browser flag and the sudo-gate on the apt branch.

Reported by @ssilver in Discord.
This commit is contained in:
Teknium 2026-05-14 09:05:31 -07:00 committed by GitHub
parent 26933c2f59
commit 78b842c995
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 100 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

44
scripts/install.sh
View file

@ -69,6 +69,7 @@ DETECTED_BROWSER_EXECUTABLE=""
# Options
USE_VENV=true
RUN_SETUP=true
SKIP_BROWSER=false
BRANCH="main"
# Detect non-interactive mode (e.g. curl | bash)
@ -91,6 +92,10 @@ while [[ $# -gt 0 ]]; do
RUN_SETUP=false
shift
;;
--skip-browser|--no-playwright)
SKIP_BROWSER=true
shift
;;
--branch)
BRANCH="$2"
shift 2
@ -112,6 +117,7 @@ while [[ $# -gt 0 ]]; do
echo "Options:"
echo " --no-venv Don't create virtual environment"
echo " --skip-setup Skip interactive setup wizard"
echo " --skip-browser Skip Playwright/Chromium install (browser tools won't work)"
echo " --branch NAME Git branch to install (default: main)"
echo " --dir PATH Installation directory"
echo " default (non-root): ~/.hermes/hermes-agent"
@ -1566,6 +1572,13 @@ install_node_deps() {
# Playwright's --with-deps only supports apt-based systems natively.
# For Arch/Manjaro we install the system libs via pacman first.
# Other systems must install Chromium dependencies manually.
if [ "$SKIP_BROWSER" = true ]; then
log_info "Skipping Playwright/Chromium install (--skip-browser)"
log_info "Browser tools will be unavailable until you run manually:"
log_info " cd $INSTALL_DIR && npx playwright install chromium"
log_info "On apt-based systems, an admin also needs to run:"
log_info " sudo npx playwright install-deps chromium"
else
log_info "Installing browser engine (Playwright Chromium)..."
DETECTED_BROWSER_EXECUTABLE="$(find_system_browser 2>/dev/null || true)"
if [ -n "$DETECTED_BROWSER_EXECUTABLE" ]; then
@ -1574,12 +1587,30 @@ install_node_deps() {
else
case "$DISTRO" in
ubuntu|debian|raspbian|pop|linuxmint|elementary|zorin|kali|parrot)
log_info "Playwright may request sudo to install browser system dependencies (shared libraries)."
log_info "This is standard Playwright setup — Hermes itself does not require root access."
cd "$INSTALL_DIR" && run_browser_install_with_timeout 600 npx playwright install --with-deps chromium 2>/dev/null || {
log_warn "Playwright browser installation failed — browser tools will not work."
log_warn "Try running manually: cd $INSTALL_DIR && npx playwright install --with-deps chromium"
}
# Use --with-deps only when sudo is available non-interactively
# (root, or a user with passwordless sudo). Non-sudo users
# — typical for systemd service accounts and unprivileged
# operator users — would otherwise get blocked on an
# interactive sudo prompt that they can't satisfy. Fall back
# to the browser-only install in that case, and print the
# exact command the admin needs to run separately.
if [ "$(id -u)" -eq 0 ] || (command -v sudo >/dev/null 2>&1 && sudo -n true 2>/dev/null); then
log_info "Installing Playwright Chromium with system dependencies..."
cd "$INSTALL_DIR" && run_browser_install_with_timeout 600 npx playwright install --with-deps chromium 2>/dev/null || {
log_warn "Playwright browser installation failed — browser tools will not work."
log_warn "Try running manually: cd $INSTALL_DIR && npx playwright install --with-deps chromium"
}
else
log_warn "No sudo available — skipping system-library install (--with-deps)."
log_info "Ask an administrator to run, one time, as root:"
log_info " sudo npx playwright install-deps chromium"
log_info " (from $INSTALL_DIR, after Node.js deps are installed)"
log_info "Installing Chromium binary into this user's Playwright cache..."
cd "$INSTALL_DIR" && run_browser_install_with_timeout 600 npx playwright install chromium 2>/dev/null || {
log_warn "Playwright browser installation failed — browser tools will not work."
log_warn "Try running manually: cd $INSTALL_DIR && npx playwright install chromium"
}
fi
;;
arch|manjaro|cachyos|endeavouros|garuda)
if command -v pacman &> /dev/null; then
@ -1624,6 +1655,7 @@ install_node_deps() {
;;
esac
fi
fi
log_success "Browser engine setup complete"
fi