From f287ecedc78c0cc8fb485c5995b8d1cfae9f0fe8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= Date: Wed, 20 Sep 2017 21:19:05 +0200 Subject: Commit current state --- .gitmodules | 3 ++ files | 1 + files/openssl_test_file | 1 - hosts/cynerd-laptop | 7 +++++ hosts/cynerd-pc | 7 +++++ hosts/virt-public | 9 ++++++ ops/bridge_net | 72 ++++++++++++++++++++++++++++++++++++++++++++ ops/cynerd_account | 65 ++++++++++++++++++++++++++++++++++++++++ ops/firewall | 65 ++++++++++++++++++++++++++++++++++++++++ ops/multiconfig | 41 +++++++++++++++++++++++++ ops/openvpn | 0 ops/wireguard | 0 run.sh | 32 +++++++++++++------- scripts/encrypt_file.sh | 12 ++++++++ scripts/multiconfig-cron.sh | 2 ++ scripts/multiconfig.sh | 73 +++++++++++++++++++++++++++++++++++++++++++++ scripts/setup.sh | 38 +++++++++++++++++++++++ tools/git | 0 tools/grusr | 0 tools/package | 0 utils/cleaner | 23 ++++++++++++++ utils/diff | 28 +++++++++++++++++ utils/echo | 13 ++++---- utils/encrypt | 42 ++++++++++++++++++++++++++ utils/fdata | 36 ++++++++++++++++++++++ utils/install | 7 +++++ utils/lock | 5 ++++ utils/ops | 30 +++++++++++++++++++ utils/syscheck | 28 ++++++++--------- 29 files changed, 607 insertions(+), 33 deletions(-) create mode 100644 .gitmodules create mode 160000 files delete mode 100644 files/openssl_test_file create mode 100644 hosts/cynerd-laptop create mode 100644 hosts/cynerd-pc create mode 100644 hosts/virt-public create mode 100644 ops/bridge_net create mode 100644 ops/cynerd_account create mode 100644 ops/firewall create mode 100644 ops/multiconfig create mode 100644 ops/openvpn create mode 100644 ops/wireguard create mode 100755 scripts/encrypt_file.sh create mode 100644 scripts/multiconfig-cron.sh create mode 100755 scripts/multiconfig.sh create mode 100755 scripts/setup.sh create mode 100644 tools/git create mode 100644 tools/grusr create mode 100644 tools/package create mode 100644 utils/cleaner create mode 100644 utils/diff create mode 100644 utils/encrypt create mode 100644 utils/fdata create mode 100644 utils/install create mode 100644 utils/lock create mode 100644 utils/ops diff --git a/.gitmodules b/.gitmodules new file mode 100644 index 0000000..b9b5024 --- /dev/null +++ b/.gitmodules @@ -0,0 +1,3 @@ +[submodule "files"] + path = files + url = git@cynerd.cz:multiconfig-private diff --git a/files b/files new file mode 160000 index 0000000..64daf40 --- /dev/null +++ b/files @@ -0,0 +1 @@ +Subproject commit 64daf404c238d0169acfebb1938c01def0144e12 diff --git a/files/openssl_test_file b/files/openssl_test_file deleted file mode 100644 index 4de8759..0000000 --- a/files/openssl_test_file +++ /dev/null @@ -1 +0,0 @@ -U2FsdGVkX1/PZaRNKDDLHnuGz2rsTJZY/CdJVs90ktI= diff --git a/hosts/cynerd-laptop b/hosts/cynerd-laptop new file mode 100644 index 0000000..6f4cd29 --- /dev/null +++ b/hosts/cynerd-laptop @@ -0,0 +1,7 @@ +# vim:ft=sh:noexpandtab + +#OPERATIONS="cynerd_account sshd openvpn firewall" +OPERATIONS="firewall" + +VPN_TYPE="client" +VPN_NAME="laptop" diff --git a/hosts/cynerd-pc b/hosts/cynerd-pc new file mode 100644 index 0000000..1336402 --- /dev/null +++ b/hosts/cynerd-pc @@ -0,0 +1,7 @@ +# vim:ft=sh:noexpandtab + +#OPERATIONS="cynerd_account sshd openvpn firewall" +OPERATIONS="firewall bridge_net" + +VPN_TYPE="client" +VPN_NAME="desktop" diff --git a/hosts/virt-public b/hosts/virt-public new file mode 100644 index 0000000..d28e465 --- /dev/null +++ b/hosts/virt-public @@ -0,0 +1,9 @@ +# vim:ft=sh:noexpandtab + +OPERATIONS="cynerd_account sshd openvpn firewall git_server" + +VPN_TYPE="server" +VPN_NAME="server" +VPN_NO_RESOLV=true + +GIT_SERVER_PREFIX="git" diff --git a/ops/bridge_net b/ops/bridge_net new file mode 100644 index 0000000..bab94ad --- /dev/null +++ b/ops/bridge_net @@ -0,0 +1,72 @@ +# vim:ft=sh:noexpandtab +# Bridge with dhcpd +# TODO FreeBSD + +BRIDGE_NET_BRIDGE="./files/bridge_net/bridge.service" +BRIDGE_NET_SYSCTL="./files/bridge_net/sysctl.conf" +BRIDGE_NET_DHCPD="./files/bridge_net/dhcpd.conf" +BRIDGE_NET_BRIDGE_DHCP="./files/bridge_net/bridge-dhcp.service" + +bridge_net_check() { + ops_set_current bridge_net + if ! ( which dhcpd ) >/dev/null; then + echo_error "Bridge_net expects dhcpd to be installed" + return 0 + fi + # TODO check that we are using openrc otherwise this doesn't work + + # Setup bridge service + if do_diff "$BRIDGE_NET_BRIDGE" "/etc/init.d/bridge" \ + "Bridge service changes"; then + ops_require bridge_service + fi + # Setup ipv4 forward + if do_diff "$BRIDGE_NET_SYSCTL" "/etc/sysctl.d/bridge_net.conf" \ + "Sysctl changes"; then + ops_require sysctl + fi + # DHCPd service + if do_diff "$BRIDGE_NET_BRIDGE_DHCP" "/etc/init.d/bridge-dhcp" \ + "Bridge dhcp service changes"; then + ops_require bridge_dhcp_service + fi + # DHCPd configuration + if do_diff "$BRIDGE_NET_DHCPD" "/etc/dhcp/bridge_dhcpd.conf" \ + "DHCPD configuration changes"; then + ops_require dhcpd_conf + fi + + # TODO enable bridge_dhcp and bridge service + + ops_required_any "Bridge_net" # return 1 fall trough +} + +bridge_net_prepare() { + local BRIDGE_RESTART=false + + if ops_is_required bridge_service; then + echo_trace "Updating bridge service" + cp "$BRIDGE_NET_BRIDGE" "/etc/init.d/bridge" + BRIDGE_RESTART=true + fi + if ops_is_required sysctl; then + echo_trace "Updating sysctl configuration for bridge" + cp "$BRIDGE_NET_SYSCTL" "/etc/sysctl.d/bridge" + fi + + if $BRIDGE_RESTART; then + service bridge restart + fi +} + +bridge_net_apply() { + # We have nothing to do for apply + # TODO + true +} + +bridge_net_clean() { + # We have nothing to do for clean + # TODO + true +} diff --git a/ops/cynerd_account b/ops/cynerd_account new file mode 100644 index 0000000..941ff66 --- /dev/null +++ b/ops/cynerd_account @@ -0,0 +1,65 @@ +# vim:ft=sh:noexpandtab +# My personal account + +# Configuration options: +# CYNERD_ACCOUNT_GROUPS - Additional groups to default cynerd,wheel +# CYNERD_ACCOUNT_SSH_KEY - ssh public key to be added as authorized_keys +# CYNERD_ACCOUNT_CONFIGS - myconfigs branch (currently accepting only server) + +. tools/grusr +. tools/package +. tools/git + +CYNERD_ACCOUNT_ARGS="" +CYNERD_ACCOUNT_MYCNF_GIT="" + +cynerd_account_check() { + package_check zsh || CYNERD_ACCOUNT_NEED="zsh" + user_check $CYNERD_ACCOUNT_ARGS || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED user" + # TODO check that we have correct ssh key + package_check rsync || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED rsync" + git_check $CYNERD_ACCOUNT_MYCNF_GIT || CYNERD_ACCOUNT_NEED="$CYNERD_ACCOUNT_NEED myconfigs" + if [ -n "$CYNERD_ACCOUNT_NEED" ]; then + echo_info "Cynerd account requires update of these components: $CYNERD_ACCOUNT_NEED" + return 1 + fi +} + +cynerd_account_prepare() { + for N in $CYNERD_ACCOUNT_NEED; do + case "$N" in + zsh|rsync) + package_prepare "$N" || return 1 + ;; + user) + user_prepare $CYNERD_ACCOUNT_ARGS || return 1 + ;; + myconfigs) + git_prepare $CYNERD_ACCOUNT_MYCNF_GIT || return 1 + ;; + esac + done +} + +cynerd_account_apply() { + for N in $CYNERD_ACCOUNT_NEED; do + case "$N" in + zsh|rsync) + package_apply "$N" || return 1 + ;; + user) + user_apply $CYNERD_ACCOUNT_ARGS || return 1 + ;; + myconfigs) + git_apply $CYNERD_ACCOUNT_MYCNF_GIT || return 1 + ;; + esac + done +} + +cynerd_account_clean() { + local FAIL=0 + package_clean zsh rsync || FAIL=1 + git_clean $CYNERD_ACCOUNT_MYCNF_GIT || FAIL=1 + return $FAIL +} diff --git a/ops/firewall b/ops/firewall new file mode 100644 index 0000000..e20b730 --- /dev/null +++ b/ops/firewall @@ -0,0 +1,65 @@ +# vim:ft=sh:noexpandtab +# Firewall configuration (iptables on linux) +# TODO FreeBSD + +FIREWALL_PREFIX="./files/firewall/$(hostname)" + +firewall_check_common() { + if do_diff "./files/firewall/$2.conf" "/etc/conf.d/$2" \ + "Firewall IPv$1 service config changes"; then + ops_require "ipv$1_config" + fi + if do_diff "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1" \ + "Firewall IPv$1 changes"; then + ops_require "ipv$1" + fi +} + +firewall_check() { + ops_set_current firewall + if ! ( which iptables && which ip6tables ) >/dev/null; then + echo_error "Firewall operation requires iptables and ip6tables." + return 0 + fi + + firewall_check_common 4 iptables + [ -n "$FIREWALL_NO_IPV6" ] && [ "$FIREWALL_NO_IPV6" = "true" ] || \ + firewall_check_common 6 ip6tables + + ops_required_any "Firewall" # return 1 fall trough +} + +firewall_prepare() { + # We have nothing to do for prepare + true +} + +firewall_apply_common() { + local RELOAD=false + if ops_is_required "ipv$1_config"; then + echo_trace "Updating $2 service config" + cp "./files/firewall/$2.conf" "/etc/conf.d/$2" + RELOAD=true + fi + if ops_is_required "ipv$1"; then + echo_trace "Updating ipv$1 tables" + mkdir -p /etc/iptables + cp "$FIREWALL_PREFIX.ipv$1" "/etc/iptables/ipv$1" + RELOAD=true + fi + if $RELOAD; then + echo_trace "Reloading service $2" + service "$2" reload + fi +} + +firewall_apply() { + ops_set_current firewall + firewall_apply_common 4 iptables + firewall_apply_common 6 ip6tables +} + +firewall_clean() { + # We have nothing to do for clean + true +} diff --git a/ops/multiconfig b/ops/multiconfig new file mode 100644 index 0000000..cee4d78 --- /dev/null +++ b/ops/multiconfig @@ -0,0 +1,41 @@ +# vim:ft=sh:noexpandtab +# Multiconfig system configuration + +# TODO setup cron +# TODO configure sending email account +# TODO configure keys +# TODO setup root ssh key to access git repo + +MULTICONFIG_SCRIPT="./scripts/multiconfig.sh" +MULTICONFIG_CRON_SCRIPT="./scripts/multiconfig-cron.sh" + +multiconfig_check() { + ops_set_current multiconfig + + if do_diff "$MULTICONFIG_SCRIPT" "/usr/local/bin/multiconfig.sh" \ + "Multiconfig script changes"; then + ops_require script + fi + + if do_diff "$MULTICONFIG_CRON_SCRIPT" "/etc/cron.daily/multiconfig" \ + "Multiconfig cron script changes"; then + ops_require cron + fi + + ops_required_any "Multiconfig" # return 1 fall trough +} + +multiconfig_prepare() { + # We have nothing to do for prepare + true +} + +multiconfig_apply() { + ops_set_current multiconfig + +} + +multiconfig_clean() { + # We have nothing to do for clean + true +} diff --git a/ops/openvpn b/ops/openvpn new file mode 100644 index 0000000..e69de29 diff --git a/ops/wireguard b/ops/wireguard new file mode 100644 index 0000000..e69de29 diff --git a/run.sh b/run.sh index 7a0ae4c..d0e7c71 100755 --- a/run.sh +++ b/run.sh @@ -3,16 +3,13 @@ set -e # Go to root directory cd "$(dirname $0)" -# Include utilities +# Include basic utilities . utils/echo REQ_OPS= while [ $# -gt 0 ]; do case "$1" in - -h|--help) - # TODO - ;; --verbose|-v) echo_verbose + 1 ;; @@ -24,7 +21,11 @@ while [ $# -gt 0 ]; do REQ_OPS="$REQ_OPS $1" ;; --key) - KEY_FILE="" + shift + KEY_FILE="$1" + ;; + *) + echo_die "Unknown argument: $1" ;; esac shift @@ -34,10 +35,21 @@ done [ -f hosts/"$(hostname)" ] || echo_die "No configuration for host $(hostname) found." . hosts/"$(hostname)" -# Run system sanity checks -. utils/syscheck -# Identify some variables from system +# Update git submodules +git submodule update --init --recursive || echo_die "Git submodule update failed!" + +# Include rest of the utilities +. utils/ops +. utils/encrypt . utils/identify +. utils/syscheck # This performs system check +. utils/cleaner +. utils/lock # This also creates lock +. utils/fdata +. utils/diff + +# Always add multiconfig operation +OPERATIONS="multiconfig $OPERATIONS" # Include enabled operations for OPT in $OPERATIONS; do @@ -48,13 +60,11 @@ for OPT in $OPERATIONS; do fi done -# TODO do we want to have some explicit sorting? - # Check if operations need some update if [ -z "$REQ_OPS" ]; then for OPT in $OPERATIONS; do if ! "$OPT"_check; then - echo_info "Scheduled: $OPT" + echo_info "$OPT scheduled" REQ_OPS="$REQ_OPS $OPT" fi done diff --git a/scripts/encrypt_file.sh b/scripts/encrypt_file.sh new file mode 100755 index 0000000..cee8c86 --- /dev/null +++ b/scripts/encrypt_file.sh @@ -0,0 +1,12 @@ +#!/bin/sh +set -e + +F="$(readlink -f "$1")" + +cd "$(dirname "$0")/.." + +TMP="$(mktemp)" +KEY="$(gpg2 --decrypt files/keys/primary.gpg)" + +PASS_ENC="$KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -in "$F" -out "$TMP" +mv "$TMP" "$F" diff --git a/scripts/multiconfig-cron.sh b/scripts/multiconfig-cron.sh new file mode 100644 index 0000000..97bd82d --- /dev/null +++ b/scripts/multiconfig-cron.sh @@ -0,0 +1,2 @@ +#!/bin/sh +/usr/local/bin/multiconfig.sh --syslog -v -v diff --git a/scripts/multiconfig.sh b/scripts/multiconfig.sh new file mode 100755 index 0000000..1519e48 --- /dev/null +++ b/scripts/multiconfig.sh @@ -0,0 +1,73 @@ +#!/bin/sh +set -e + +ARGS="" +LOCAL=false +SYSLOG=false + +# TODO email notifications + +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Multiconfig system call script" + echo "Usage: multiconfig.sh [OPTION]..." + echo + echo "Options:" + echo "--local - Use current working directory as multiconfig source." + echo "--syslog - pipe output to syslog" + echo "Passed options:" + echo "--verbose - Make output more verbose" + echo "--quiet - Make output more quiet" + echo "--operation OPT - run only given operation" + exit 0 + ;; + --verbose|-v|--quiet|-q) + ARGS="$ARGS $1" + ;; + --operation|-o) + ARGS="$ARGS $1 $2" + shift + ;; + --local) + LOCAL=true + ;; + --syslog) + SYSLOG=true + ;; + esac + shift +done + +[ "$(id -u)" == 0 ] || { + echo "Please run this script only as root." + exit 1 +} + +PREFIX="/root/.multiconfig" + +# Check if we have key +if [ ! -f "$PREFIX/key" ]; then + echo "Key is not in expected path. Please setup this host for multiconfig." + exit 1 +fi + +# TODO check key access rights + +if ! $LOCAL; then + if [ -d "$PREFIX/repo" ]; then + true + # TODO git clone + fi + cd "$PREFIX/repo" + # Pull git repository + git fetch + git reset --hard origin/master + git clean -xdf +fi + +# TODO check repository signature + +CMD="./run.sh --key $PREFIX/key $ARGS" +# Run command +$CMD diff --git a/scripts/setup.sh b/scripts/setup.sh new file mode 100755 index 0000000..5ca4211 --- /dev/null +++ b/scripts/setup.sh @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +while [ $# -gt 0 ]; do + case "$1" in + -h|--help) + echo "Multiconfig system setup script" + echo "Usage: setup.sh" + exit 0 + ;; + esac + shift +done + +# Move to multiconfig root +cd "$(dirname "$(dirname "$(readlink -f "$1")")")" + +PREFIX="/root/.multiconfig" + +echo "Creating directory $PREFIX" +sudo mkdir -p "$PREFIX" + +# Manage new key +echo "Generating new key for this host" +KEY="$(tr -dc A-Za-z0-9_ < /dev/urandom | head -c 128 | xargs)" +sudo -- sh -c "echo -n '$KEY' > '$PREFIX/key'" +# TODO setup access rights + +echo -n "$KEY" > wkey +FKEY="files/keys/$(hostname)" +echo "Writing key to repository" +gpg2 --decrypt files/keys/primary.gpg | \ + openssl aes-192-cbc -e -a -kfile wkey -out "$FKEY" +rm -f wkey +echo "Don't forget to add key to git!" + +# Deploy multiconfig script +sudo cp scripts/multiconfig.sh /usr/local/bin/multiconfig.sh diff --git a/tools/git b/tools/git new file mode 100644 index 0000000..e69de29 diff --git a/tools/grusr b/tools/grusr new file mode 100644 index 0000000..e69de29 diff --git a/tools/package b/tools/package new file mode 100644 index 0000000..e69de29 diff --git a/utils/cleaner b/utils/cleaner new file mode 100644 index 0000000..4919085 --- /dev/null +++ b/utils/cleaner @@ -0,0 +1,23 @@ +# vim:ft=sh:noexpandtab +# Functions for cleanups + +EXIT_CODE=0 + +do_cleanup() { + echo "$CLEANUP_ACTIONS" | while read CMD; do + eval "$CMD" + done + exit $EXIT_CODE +} + +trap do_cleanup EXIT INT QUIT TERM ABRT + +cleaner_add() { + CLEANUP_ACTIONS="$CLEANUP_ACTIONS +$@" +} + +cleaner_rm() { + # TODO this might be problematic with special characters + CLEANUP_ACTIONS="$(echo "$CLEANUP_ACTIONS" | sed "/^$@$/d")" +} diff --git a/utils/diff b/utils/diff new file mode 100644 index 0000000..0d093c7 --- /dev/null +++ b/utils/diff @@ -0,0 +1,28 @@ +# vim:ft=sh:noexpandtab +# Clever diff function + +# TODO directory diff + +# This function does diff and reports changes on debug level +# First and second arguments have to be paths to compared files and third argument +# have to be a debug message prepended string. +# It exits with nonzero exit code if there is no difference. +do_diff() { + if [ ! -f "$1" ]; then + echo_error "No reference file to compare to: $1" + return 1 # We pretend that there is no change as reference file is missing + fi + if [ ! -f "$2" ]; then + echo_dbg "$3: No target file" + return 0 + fi + + # Do real diff if both files exists + local DIFF="$(diff --suppress-common-lines -ay "$1" "$2")" + if [ -n "$DIFF" ]; then + echo_dbg "$3: +$DIFF" + else + return 1 + fi +} diff --git a/utils/echo b/utils/echo index c936f63..eeb8fa9 100644 --- a/utils/echo +++ b/utils/echo @@ -5,21 +5,21 @@ ECHO_VERBOSE=0 echo_info() { set +x - [ $ECHO_VERBOSE -ge 0 ] || return + [ $ECHO_VERBOSE -ge 0 ] || return 0 echo -e "\e[1;34m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_warn() { set +x - [ $ECHO_VERBOSE -ge -1 ] || return + [ $ECHO_VERBOSE -ge -1 ] || return 0 echo -e "\e[1;33m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_error() { set +x - [ $ECHO_VERBOSE -ge -2 ] || return + [ $ECHO_VERBOSE -ge -2 ] || return 0 echo -e "\e[1;31m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } @@ -31,20 +31,21 @@ echo_die() { fi [ $ECHO_VERBOSE -lt 3 ] || set -x # Suicide + EXIT_CODE=2 kill $$ } echo_dbg() { set +x - [ $ECHO_VERBOSE -ge 1 ] || return + [ $ECHO_VERBOSE -ge 1 ] || return 0 echo -e "\e[1;90m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } echo_trace() { set +x - [ $ECHO_VERBOSE -ge 2 ] || return - echo -e "\e[1;90m$@\e[0m" >&2 + [ $ECHO_VERBOSE -ge 2 ] || return 0 + echo -e "\e[0;90m$@\e[0m" >&2 [ $ECHO_VERBOSE -lt 3 ] || set -x } diff --git a/utils/encrypt b/utils/encrypt new file mode 100644 index 0000000..d1cb938 --- /dev/null +++ b/utils/encrypt @@ -0,0 +1,42 @@ +# vim:ft=sh:noexpandtab +# Allows work with encrypted files using their temporally copy. + +if [ -n "$KEY_FILE" ] && [ -f "files/keys/$(hostname)" ]; then + SECRET_KEY="$(openssl aes-192-cbc -d -a -kfile "$KEY_FILE" -in files/keys/"$(hostname)")" +else + SECRET_KEY="$(gpg2 --decrypt files/keys/primary.gpg)" +fi + +# Decrypt to temporally file in /tmp +# First argument should be the path to file to be decrypted and second argument +# output file. +fdecrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -d -a -pass env:PASS_ENC -in "$1" -out "$2" +} + +# Encrypt given file to target path +# First argument have to be a path to file to be encrypted and second argument +# output file. +fencprypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -in "$1" -out "$2" +} + +# Decrypt file to temporally one +# First argument have to be path to file to be extracted. +tfdecrypt() { + local TEMPF="$(mktemp /tmp/multiconfig_XXXXXXXX)" + fdecrypt "$1" "$TEMPF" + echo "$TEMPF" +} + +# Cat decrypted file +# First argument have to be a path to file to be catted. +catdecrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -d -a -pass env:PASS_ENC -in "$1" +} + +# Encrypt stdin to file +# First argument have to be a path to output file. +outencrypt() { + PASS_ENC="$SECRET_KEY" openssl aes-192-cbc -e -a -pass env:PASS_ENC -out "$2" +} diff --git a/utils/fdata b/utils/fdata new file mode 100644 index 0000000..4d36242 --- /dev/null +++ b/utils/fdata @@ -0,0 +1,36 @@ +# vim:ft=sh:noexpandtab +# Datasets on filesystem + +FDATA_PATH="/tmp/multiconfig-fdata" +mkdir -p "$FDATA_PATH" +cleaner_add "rm -rf '$FDATA_PATH'" + +dict_set() { + local DPATH="$FDATA_PATH/$1"; shift + mkdir -p "$DPATH" + local FPATH="$DPATH/$1"; shift + echo "$@" > "$FPATH" +} + +dict_get() { + local P="$FDATA_PATH/$1/$2" + [ -f "$P" ] || return + cat "$P" +} + +dict_keys() { + local P="$FDATA_PATH/$1" + if [ -d "$P" ]; then + ls -A "$P" | tr '\n' ' ' + fi +} + +dict_contains() { + local P="$FDATA_PATH/$1/$2" + [ -f "$P" ] +} + +dict_empty() { + local P="$FDATA_PATH/$1" + [ ! -d "$P" ] || [ -z "$(ls -A "$P")" ] +} diff --git a/utils/install b/utils/install new file mode 100644 index 0000000..852163e --- /dev/null +++ b/utils/install @@ -0,0 +1,7 @@ +# vim:ft=sh:noexpandtab +# Various install functions + +# Install directory of file +install() { + true +} diff --git a/utils/lock b/utils/lock new file mode 100644 index 0000000..9d02dae --- /dev/null +++ b/utils/lock @@ -0,0 +1,5 @@ +# vim:ft=sh:noexpandtab +# This implements lock to check to run tool just once + +# TODO create lock and fail if no lock is present +# TODO remove lock at the exit using cleaner diff --git a/utils/ops b/utils/ops new file mode 100644 index 0000000..1365ec8 --- /dev/null +++ b/utils/ops @@ -0,0 +1,30 @@ +# vim:ft=sh:noexpandtab +# Utility functions for operations + +# Set operation we are working on +ops_set_current() { + OPERATION_CURRENT="$1" +} + +ops_require() { + while [ $# -gt 0 ]; do + dict_set "ops/$OPERATION_CURRENT" "$1" true + shift + done +} + +ops_required_any() { + if ! dict_empty "ops/$OPERATION_CURRENT"; then + echo_warn "$1 requires update for following components: $(ops_required_list)" + else + return 1 + fi +} + +ops_is_required() { + dict_contains "ops/$OPERATION_CURRENT" "$1" +} + +ops_required_list() { + dict_keys "ops/$OPERATION_CURRENT" +} diff --git a/utils/syscheck b/utils/syscheck index a0c29a0..fcddae4 100644 --- a/utils/syscheck +++ b/utils/syscheck @@ -3,19 +3,19 @@ # Check that we are root (this tool can be run only as root) # TODO uncomment -# [ "$(id -u)" = "0" ] || echo_die "Distconfig have to be run as root." +# [ "$(id -u)" = "0" ] || echo_die "Multiconfig have to be run as root." -# We have sudo or su -which sudo >/dev/null || which su >/dev/null || echo_die "There is no sudo or su command." +# We have su +which su >/dev/null || echo_die "There is no su command." # Check that we are not using csh or tcsh # Note: variable shell should be defined only on csh or tcsh (note lowercase) -[ -z "$shell" ] || echo_die "Distconfig doesn't support csh nor tcsh." +[ -z "$shell" ] || echo_die "Multiconfig doesn't support csh nor tcsh." # Check that we have gpg which gpg >/dev/null || echo_die "There is no gpg command." -# Check that trunk is signed using correct key +# Check that git trunk is signed using trusted key # TODO # Check root owner (should be root) @@ -31,18 +31,16 @@ which openssl >/dev/null || echo_die "There is no openssl command." # Check that we can decrypt using openssl and aes-192-cbc OPENSSL_TEST_PASSWORD="XduF2T_opDknbzN0EyJJCBFyS1i6yaBU5Beb6IZkFVHWZGWOIZCF1Cc0zrupjEaV" -[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" < files/openssl_test_file)" = "It works!" ] || \ +[ "$(openssl aes-192-cbc -d -a -k "$OPENSSL_TEST_PASSWORD" -in files/openssl_test_file)" = "It works!" ] || \ echo_die "Test message couldn't been decrypted." -# Check that we have key file -[ -n "$KEY_FILE" ] || echo_die "No key specified. Please pass --key." - # Check that given key works with our machinery -# TODO +[ "$(catdecrypt files/encrypted_test)" = "It works!" ] || \ + echo_die "Encryption machinery failed to decrypt test file" # Check that we have internet connection -DC_INTERNET=true -if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then - echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" - DC_INTERNET=false -fi +#DC_INTERNET=true +#if ! ping -c 5 -w 30 cynerd.cz >/dev/null; then +# echo_warn "No internet connection detected. All operations requiring internet connection will be skipped" +# DC_INTERNET=false +#fi -- cgit v1.2.3