From d71d96b9ba8be42af3bc114f55db11fa71b9ce67 Mon Sep 17 00:00:00 2001 From: Wouter R Date: Thu, 20 Feb 2014 15:36:03 +0100 Subject: [PATCH] Protect against usage as root. Refactoring/tidying up. --- updater-ng/release-ng.lua | 144 +++++++++++++++++++++++--------------- 1 file changed, 88 insertions(+), 56 deletions(-) diff --git a/updater-ng/release-ng.lua b/updater-ng/release-ng.lua index 3bf4956..6217cc6 100755 --- a/updater-ng/release-ng.lua +++ b/updater-ng/release-ng.lua @@ -26,7 +26,7 @@ arg = argStash ----------------------------- local SERVER_HOST = 'localhost' -local SERVER_PATH = '~wouter/public_html/wifibox/updates' +local SERVER_PATH = '~USERDIR/public_html/wifibox/updates' --local SERVER_HOST = 'doodle3d.com' --local SERVER_PATH = 'doodle3d.com/DEFAULT/updates' @@ -59,6 +59,13 @@ local function md5sum(file) return rv and sum:sub(1, -2) or nil end +local function detectRootPrivileges() + local rv,_,userId = pl.utils.executeex('id -u') + if not rv then return nil end + + return tonumber(userId) == 0 and true or false +end + local function detectOpenWrtRoot() local f = io.open('Makefile', 'r') local line = f and f:read('*line') @@ -108,11 +115,41 @@ end -- return processFunc(--[[ hmm ]]--) --end +local function runAction(actMsg, errMsg, ev, func) + io.stdout:write(actMsg .. "...") + local rv,err = func() + if not rv then + print("Error: " .. errMsg .. " (" .. err .. ")") + quit(ev) + else + print("ok") + end + + return true +end + local function constructImageName(version, devType, sysupOrFactory) return IMAGE_BASENAME .. '-' .. um.formatVersion(version) .. '-' .. devType .. '-' .. sysupOrFactory .. '.bin' end +local function imageCachePath() + return pl.path.join(paths.cache, 'images') +end + +local function ensureFilePresent(src, tgt) +-- print("About to copy '" .. src .. "' => '" .. tgt .. "'") + local srcMd5, tgtMd5 = md5sum(src), md5sum(tgt) + + if not srcMd5 then return nil,"source file does not exist" end + if tgtMd5 and srcMd5 ~= tgtMd5 then return nil,"target file already exists but is different from source file" end + + if not tgtMd5 then + if not pl.file.copy(src, tgt, false) then return nil,"could not copy file" end + end + + return true +end @@ -157,6 +194,12 @@ local function prepare() return nil end + local rv,msg = pl.dir.makepath(imageCachePath()) + if not rv then + print("could not create images dir (" .. msg .. ").") + return nil + end + lock,msg = lfs.lock_dir(paths.cache) if not lock then print("could not obtain directory lock (" .. msg .. ").") @@ -214,11 +257,11 @@ local function generateIndex(newVersion, versionTable, isStable) return um.compareVersions(a.version, b.version, a.timestamp, b.timestamp) < 0 end) - local indexPath = pl.path.join(paths.cache, indexFilename) + local indexPath = pl.path.join(imageCachePath(), indexFilename) local rv = pl.file.copy(indexPath, pl.path.join(paths.cache, indexFilename..'.'..BACKUP_FILE_SUFFIX)) if not rv then return nil,"could not backup index file" end - local idxFile = io.open(pl.path.join(paths.cache, indexFilename), 'w') + local idxFile = io.open(pl.path.join(imageCachePath(), indexFilename), 'w') if not idxFile then return nil,"could not open index file for writing" end sortedVers:foreach(function(el) @@ -233,31 +276,38 @@ local function generateIndex(newVersion, versionTable, isStable) return 0 end -local function ensureFilePresent(src, tgt) --- print("About to copy '" .. src .. "' => '" .. tgt .. "'") - local srcMd5, tgtMd5 = md5sum(src), md5sum(tgt) +local function copyImages(newVersion) + local rv,msg + rv,msg = ensureFilePresent(newVersion.factoryImgPath, pl.path.join(imageCachePath(), newVersion.factoryFilename)) + if not rv then return nil,msg end - if not srcMd5 then return nil,"source file does not exist" end - if tgtMd5 and srcMd5 ~= tgtMd5 then return nil,"target file already exists but is different from source file" end - - if not tgtMd5 then - if not pl.file.copy(src, tgt, false) then return nil,"could not copy file" end - end + rv,msg = ensureFilePresent(newVersion.sysupgradeImgPath, pl.path.join(imageCachePath(), newVersion.sysupgradeFilename)) + if not rv then return nil,msg end return true end -local function copyImages(newVersion) - local rv,msg - rv,msg = ensureFilePresent(newVersion.factoryImgPath, pl.path.join(paths.cache, newVersion.factoryFilename)) - if not rv then return nil,msg end +local function copyReleaseNotes() + local releaseNotesPath = pl.path.join(imageCachePath(), RELEASE_NOTES_FILE) + if pl.path.isfile(releaseNotesPath) then + local rv = pl.file.copy(releaseNotesPath, pl.path.join(paths.cache, RELEASE_NOTES_FILE..'.'..BACKUP_FILE_SUFFIX)) + if not rv then return nil,"could not backup file" end + end - rv,msg = ensureFilePresent(newVersion.sysupgradeImgPath, pl.path.join(paths.cache, newVersion.sysupgradeFilename)) - if not rv then return nil,msg end + local rv = pl.file.copy(pl.path.join(paths.firmware, RELEASE_NOTES_FILE), releaseNotesPath) + if not rv then return nil,"could not copy file" end return true end +-- TODO: the packages are not really used and the openwrt script to generate the +-- package index requires all packages to be present so this has been skipped for now +local function buildFeedDir() + local scriptPath = pl.path.join(paths.wrt, 'scripts/ipkg-make-index.sh') + + return nil +end + local function uploadFiles() local serverUrl = SERVER_HOST..':'..SERVER_PATH -- rsync options are: recursive, preserve perms, symlinks and timestamps, be verbose and use compression @@ -269,17 +319,23 @@ end local function main() print("Doodle3D release script") + if detectRootPrivileges() then + print("Error: refusing to run script as root.") + quit(99) + end + -- local opts = parseOptions(arg) -- -- if opts['wrt-root'] then changedir(opts['wrt-root']) end -- if opts['cache-dir'] then paths.cache = opts['cache-dir'] end +-- more options: clear cache, rebuild (download all and generate index from actual files), dry-run, force if not prepare() then quit(1) end -- initialize update manager script um.setUseCache(false) um.setVerbosity(1) - um.setCachePath(paths.cache) + um.setCachePath(imageCachePath()) local newVersion,msg = collectLocalInfo() if not newVersion then @@ -301,6 +357,7 @@ local function main() quit(3) end + -- pl.pretty.dump(newVersion) -- print("stables: "); pl.pretty.dump(stables) -- print("==========================="); @@ -309,47 +366,22 @@ local function main() --TODO: if requested, fetch images and packages (i.e., mirror whole directory) --TODO: run sanity checks - io.stdout:write("Generating new index file...") - if not generateIndex(newVersion, isStable and stables or betas, isStable) then - print("Error: could not generate index") - quit(4) - else - print("ok") - end - io.stdout:write("Copying image files...") - local rv,msg = copyImages(newVersion) - if not rv then - print("Error: could not copy images (" .. msg .. ")") - quit(4) - else - print("ok") - end + runAction("Generating new index file", "could not generate index", 4, function() + return generateIndex(newVersion, isStable and stables or betas, isStable) + end) - io.stdout:write("Copying release notes...") - local releaseNotesPath = pl.path.join(paths.cache, RELEASE_NOTES_FILE) - if pl.path.isfile(releaseNotesPath) then - local rv = pl.file.copy(releaseNotesPath, pl.path.join(paths.cache, RELEASE_NOTES_FILE..'.'..BACKUP_FILE_SUFFIX)) - if not rv then - print("backing up failed") - quit(4) - end - end + runAction("Copying image files", "could not generate index", 4, function() + return copyImages(newVersion) + end) - local rv = pl.file.copy(pl.path.join(paths.firmware, RELEASE_NOTES_FILE), releaseNotesPath) - if not rv then - print("copy failed") - quit(4) - else - print("ok") - end + runAction("Copying release notes", "failed", 4, copyReleaseNotes) - print("About to sync files to server...") - local rv,msg = uploadFiles() - if not rv then - print("Error: could not upload files (" .. msg .. ")") - quit(5) - end + io.stdout:write("Building package feed directory...") + print("skipped - not implemented") +-- runAction("Building package feed directory", "failed", 4, buildFeedDir) + + runAction("About to sync files to server", "could not upload files", 5, uploadFiles) print("Done.") quit()