Merge pull request #12 from labriqueinternet/v0.3

v0.3

scripts/install

@@ -1,46 +1,34 @@
 #!/bin/bash
 
-set -xe
+source src/env
+source src/helpers
+source src/commands
 
-source ./commons
+set_doctorcube_version "${_LATESTVERSION}"
 
-export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true
-export LC_ALL=C LANGUAGE=C LANG=C
-apt='sudo --preserve-env apt-get'
-
-sudo yunohost app setting doctorcube version -v "0.2.1"
-sudo yunohost app fetchlist -n labriqueinternet -u https://labriqueinter.net/apps/labriqueinternet.json
-
-if [ "$(find /boot/ -name '*olinux*')" ]; then
-    # We are on a brique, or at least on a olinux board :)
-
-    set_correct_hostname
-
-    sudo rm -f /etc/apt/sources.list.d/{backports,testing}.list
-    sudo rm -f /etc/apt/preferences.d/kernel-{backports,testing}
-
-    if dpkg -l | grep -q 'linux-image-4'; then
-        KERNEL_VERSION=$(uname -r)
-
-        echo "linux-image-$KERNEL_VERSION linux-image-$KERNEL_VERSION/prerm/removing-running-kernel-$KERNEL_VERSION boolean false" | sudo debconf-set-selections
+# Adds labriqueinternet app list
+if ! has_labriqueinternet_applist; then
+  fetch_labriqueinternet_applist
+fi
 
-        $apt remove --purge -qy --force-yes \
-            linux-image-4* flash-kernel u-boot-tools u-boot-sunxi
+# Sets a correct hostname based on the first Yunohost domain
+if ! has_correct_hostname; then
+  fix_hostname
+fi
 
+# Removes testing kernel 4.* bugged with Olimex network cards
+if is_olinux_board && has_testing_kernel; then
+  remove_testing_kernel
+fi
 
-        if [ -f /etc/crypttab ] ; then
-            sudo su root -c "echo 'LINUX_KERNEL_CMDLINE=\"console=ttyS2 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mapper/root cryptopts=target=root,source=/dev/mmcblk0p2,cipher=aes-xts-plain64,size=256,hash=sha1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0\"' > /etc/default/flash-kernel"
-        else
-            sudo su root -c "echo 'LINUX_KERNEL_CMDLINE=\"console=ttyS1 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0\"' > /etc/default/flash-kernel"
-        fi
+# The filesystem is encrypted
+if has_encryptedfs; then
 
-        $apt clean -q
-        $apt update -q
-        $apt install -qy --force-yes \
-            -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold \
-            linux-image-armmp flash-kernel u-boot-sunxi u-boot-tools
-        sudo update-initramfs -k all -u
-    fi
-else
-    echo "WARNING: you aren't running this script on an Internet Cube, therefor I'm not touching your kernel but I'm still adding you the InternetCube apps list."
+  # Updates the decryption web interface and rebuilds the initramfs
+  decryption_webinterface_version=6becabaf57e95e334ebb8141642b807974885f84
+  if ! compare_decryption_webinterface_version "${decryption_webinterface_version}"; then
+    update_decryption_webinterface "${decryption_webinterface_version}"
+  fi
 fi
+
+exit 0

scripts/remove

@@ -1 +1,3 @@
 #!/bin/bash
+
+exit 0

scripts/src/commands

@@ -0,0 +1,96 @@
+function has_labriqueinternet_applist() {
+  sudo yunohost app listlists | grep -q labriqueinternet
+}
+
+function fetch_labriqueinternet_applist() {
+  info "Fetching labriqueinternet app list..."
+
+  sudo yunohost app fetchlist -n labriqueinternet -u https://labriqueinter.net/apps/labriqueinternet.json |& to_logs
+}
+
+function has_testing_kernel() {
+  [ -f /etc/apt/sources.list.d/testing.list -o -f /etc/apt/sources.list.d/backports.list ]\
+    && dpkg -l | grep -q linux-image-4
+}
+
+function remove_testing_kernel() {
+  info "Removing testing kernel..."
+
+  sudo rm -f /etc/apt/sources.list.d/{backports,testing}.list
+  sudo rm -f /etc/apt/preferences.d/kernel-{backports,testing}
+
+  local kernel_version="$(uname -r)"
+  echo "linux-image-${kernel_version} linux-image-${kernel_version}/prerm/removing-running-kernel-${kernel_version} boolean false" | sudo debconf-set-selections |& to_logs
+
+  $_APT remove --purge -y --force-yes '^linux-image-4.*' flash-kernel u-boot-tools u-boot-sunxi |& to_logs
+
+  if has_encryptedfs; then
+    echo 'LINUX_KERNEL_CMDLINE="console=ttyS2 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mapper/root cryptopts=target=root,source=/dev/mmcblk0p2,cipher=aes-xts-plain64,size=256,hash=sha1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0"' | sudo tee /etc/default/flash-kernel &> /dev/null
+  else
+    echo 'LINUX_KERNEL_CMDLINE="console=ttyS1 hdmi.audio=EDID:0 disp.screen0_output_mode=EDID:1280x720p60 root=/dev/mmcblk0p1 rootwait sunxi_ve_mem_reserve=0 sunxi_g2d_mem_reserve=0 sunxi_no_mali_mem_reserve sunxi_fb_mem_reserve=0 panic=10 loglevel=6 consoleblank=0"' | sudo tee /etc/default/flash-kernel &> /dev/null
+  fi
+
+  $_APT clean |& to_logs
+  $_APT update |& to_logs
+  $_APT install -y --force-yes -o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold linux-image-armmp flash-kernel u-boot-sunxi u-boot-tools |& to_logs
+
+  sudo update-initramfs -k all -u |& to_logs
+}
+
+function has_correct_hostname() {
+  hostnamectl --static | grep -q '\.'
+}
+
+function fix_hostname() {
+  info "Fixing hostname..."
+
+  local main_domain=$(sudo cat /etc/yunohost/current_host)
+
+  if [ -n "${main_domain}" ]; then
+    sudo hostnamectl --static set-hostname "${main_domain}" |& to_logs
+    sudo hostnamectl --transient set-hostname "${main_domain}" |& to_logs
+    sudo hostnamectl --pretty set-hostname "La Brique Internet (${main_domain})" |& to_logs
+
+    if ! grep -q "${main_domain}" /etc/hosts; then
+      echo "::1 $main_domain" | sudo tee -a /etc/hosts &> /dev/null
+      echo "127.0.0.1 $main_domain" | sudo tee -a /etc/hosts &> /dev/null
+    fi
+  else
+    warn "Hostname cannot be fixed because there is no current host"
+  fi
+}
+
+function download_decryption_webinterface() {
+  local commit=$1
+
+  mkdir -p "${_TMPDIR}/webdecryption/"
+
+  wget "https://dev.yunohost.org/projects/la-brique-internet/repository/build/revisions/${commit}/raw/build/script/initramfs/www/cgi-bin/post.sh" -O "${_TMPDIR}/webdecryption/${commit}_post.sh" |& to_logs
+  wget "https://dev.yunohost.org/projects/la-brique-internet/repository/build/revisions/${commit}/raw/build/script/initramfs/www/index.html" -O "${_TMPDIR}/webdecryption/${commit}_index.html" |& to_logs
+}
+
+function compare_decryption_webinterface_version() {
+  local commit=$1
+
+  download_decryption_webinterface "${commit}"
+
+  sudo cmp -s "${_TMPDIR}/webdecryption/${commit}_index.html" /etc/initramfs-tools/root/www/index.html\
+    && sudo cmp -s "${_TMPDIR}/webdecryption/${commit}_post.sh" /etc/initramfs-tools/root/www/cgi-bin/post.sh
+}
+
+function update_decryption_webinterface() {
+  local commit=$1
+
+  info "Updating decryption web interface (${commit})..."
+
+  if ! [ -f "${_TMPDIR}/webdecryption/${commit}_post.sh" -a -f "${_TMPDIR}/webdecryption/${commit}_index.html" ]; then
+    download_decryption_webinterface "${commit}"
+  fi
+
+  sudo mv "${_TMPDIR}/webdecryption/${commit}_index.html" /etc/initramfs-tools/root/www/index.html
+  sudo mv "${_TMPDIR}/webdecryption/${commit}_post.sh" /etc/initramfs-tools/root/www/cgi-bin/post.sh
+  sudo chmod +x /etc/initramfs-tools/root/www/cgi-bin/post.sh
+
+  sudo sed 's/^TIMEOUTclose.*/TIMEOUTclose = 3600/' -i /etc/initramfs-tools/stunnel.conf
+  sudo update-initramfs -u -k all |& to_logs
+}

scripts/src/env

@@ -0,0 +1,23 @@
+set -Eu -o pipefail
+
+export DEBIAN_FRONTEND=noninteractive
+export DEBCONF_NONINTERACTIVE_SEEN=true
+export LC_ALL=C LANGUAGE=C LANG=C
+
+readonly _ISVERBOSE="$([ "${-/x}" != "${-}" ] && echo true || echo false)"
+readonly _LATESTVERSION="$(cat ./version)"
+readonly _CURRENTVERSION="$(sudo yunohost app setting doctorcube version 2> /dev/null || true)"
+readonly _TMPDIR="$(mktemp -dp /tmp/ doctorcube-XXXXX)"
+readonly _APT='sudo --preserve-env apt-get'
+
+function cleaning() {
+  rm -fr "${_TMPDIR}"
+}
+
+function cleaning_err() {
+  err "There was an error, script aborted"
+  exit 1
+}
+
+trap cleaning EXIT
+trap cleaning_err ERR

scripts/src/helpers

@@ -0,0 +1,40 @@
+function log() {
+  echo "${1}"
+}
+
+function info() {
+  log "[INFO] ${1}"
+}
+
+function warn() {
+  log "[WARN] ${1}"
+}
+
+function err() {
+  log "[ERR] ${1}"
+}
+
+function to_logs() {
+
+  # When yunohost --verbose or bash -x
+  if $_ISVERBOSE; then
+    cat
+  else
+    cat > /dev/null
+  fi
+}
+
+function set_doctorcube_version() {
+  local version=$1
+  sudo yunohost app setting doctorcube version -v "${version}"
+
+  info "DoctorCube version is now ${version}"
+}
+
+function is_olinux_board() {
+  sudo grep -qi olinux /etc/flash-kernel/machine &> /dev/null
+}
+
+function has_encryptedfs() {
+  sudo grep -q '^root\s' /etc/crypttab &> /dev/null
+}

scripts/upgrade

@@ -1,29 +1,66 @@
 #!/bin/bash
 
-set -e
+source src/env
+source src/helpers
+source src/commands
 
-source ./commons
+version=$_CURRENTVERSION
 
-version=$(sudo yunohost app setting doctorcube version)
+info "Current version of DoctorCube is ${version}"
+info "Latest version of DoctorCube is ${_LATESTVERSION}"
+
+if [ "${version}" = "${_LATESTVERSION}" ]; then
+  info "Up-to-date, nothing to do"
+  exit 0
+fi
+
+info "Upgrading..."
 
 # 0.1 -> 0.2.1
-if [[ "$version" == "0.1" ]]; then
+if [ "${version}" = 0.1 ]; then
 
-    set_correct_hostname
+  # The hostname should not be a fake one like "olinux"
+  if ! has_correct_hostname; then
+    fix_hostname
+  fi
 
-    sudo yunohost app setting doctorcube version -v "0.2.1"
-    version="0.2.1"
+  version=0.2.1
+  set_doctorcube_version "${version}"
 fi
 
 # 0.2 -> 0.2.1
-if [[ "$version" == "0.2" ]]; then
+if [ "${version}" = 0.2 ]; then
+
+  # The hostname was not correctly set in the case of only one single domain
+  if ! has_correct_hostname; then
+    fix_hostname
+  fi
+
+  version=0.2.1
+  set_doctorcube_version "${version}"
+fi
+
+# 0.2.1 -> 0.3
+if [ "${version}" = 0.2.1 ]; then
+  if has_encryptedfs; then
 
-    # we weren't setting the domain correctly in the case of only
-    # one single domain
-    if [[ "$(hostname)" == "olinux" ]]; then
-        set_correct_hostname
+    # The testing kernel was not correctly removed in the case of an
+    # encrypted filesystem
+    if is_olinux_board && has_testing_kernel; then
+      remove_testing_kernel
+    fi
+
+    # Fixes a security issue (removing eval commands) and some minor bugs
+    decryption_webinterface_version=6becabaf57e95e334ebb8141642b807974885f84
+    if ! compare_decryption_webinterface_version "${decryption_webinterface_version}"; then
+      update_decryption_webinterface "${decryption_webinterface_version}"
     fi
+  fi
 
-    sudo yunohost app setting doctorcube version -v "0.2.1"
-    version="0.2.1"
+  version=0.3
+  set_doctorcube_version "${version}"
 fi
+
+info "Upgrading done"
+
+exit 0

scripts/version

@@ -0,0 +1 @@
+0.3