0
0
mirror of https://github.com/Doodle3D/doodle3d-firmware.git synced 2024-11-04 21:53:24 +01:00

Protect against usage as root.

Refactoring/tidying up.
This commit is contained in:
Wouter R 2014-02-20 15:36:03 +01:00
parent 781a4dc7a1
commit d71d96b9ba

View File

@ -26,7 +26,7 @@ arg = argStash
----------------------------- -----------------------------
local SERVER_HOST = 'localhost' local SERVER_HOST = 'localhost'
local SERVER_PATH = '~wouter/public_html/wifibox/updates' local SERVER_PATH = '~USERDIR/public_html/wifibox/updates'
--local SERVER_HOST = 'doodle3d.com' --local SERVER_HOST = 'doodle3d.com'
--local SERVER_PATH = 'doodle3d.com/DEFAULT/updates' --local SERVER_PATH = 'doodle3d.com/DEFAULT/updates'
@ -59,6 +59,13 @@ local function md5sum(file)
return rv and sum:sub(1, -2) or nil return rv and sum:sub(1, -2) or nil
end end
local function detectRootPrivileges()
local rv,_,userId = pl.utils.executeex('id -u')
if not rv then return nil end
return tonumber(userId) == 0 and true or false
end
local function detectOpenWrtRoot() local function detectOpenWrtRoot()
local f = io.open('Makefile', 'r') local f = io.open('Makefile', 'r')
local line = f and f:read('*line') local line = f and f:read('*line')
@ -108,11 +115,41 @@ end
-- return processFunc(--[[ hmm ]]--) -- return processFunc(--[[ hmm ]]--)
--end --end
local function runAction(actMsg, errMsg, ev, func)
io.stdout:write(actMsg .. "...")
local rv,err = func()
if not rv then
print("Error: " .. errMsg .. " (" .. err .. ")")
quit(ev)
else
print("ok")
end
return true
end
local function constructImageName(version, devType, sysupOrFactory) local function constructImageName(version, devType, sysupOrFactory)
return IMAGE_BASENAME .. '-' .. um.formatVersion(version) .. '-' .. devType .. '-' .. sysupOrFactory .. '.bin' return IMAGE_BASENAME .. '-' .. um.formatVersion(version) .. '-' .. devType .. '-' .. sysupOrFactory .. '.bin'
end end
local function imageCachePath()
return pl.path.join(paths.cache, 'images')
end
local function ensureFilePresent(src, tgt)
-- print("About to copy '" .. src .. "' => '" .. tgt .. "'")
local srcMd5, tgtMd5 = md5sum(src), md5sum(tgt)
if not srcMd5 then return nil,"source file does not exist" end
if tgtMd5 and srcMd5 ~= tgtMd5 then return nil,"target file already exists but is different from source file" end
if not tgtMd5 then
if not pl.file.copy(src, tgt, false) then return nil,"could not copy file" end
end
return true
end
@ -157,6 +194,12 @@ local function prepare()
return nil return nil
end end
local rv,msg = pl.dir.makepath(imageCachePath())
if not rv then
print("could not create images dir (" .. msg .. ").")
return nil
end
lock,msg = lfs.lock_dir(paths.cache) lock,msg = lfs.lock_dir(paths.cache)
if not lock then if not lock then
print("could not obtain directory lock (" .. msg .. ").") print("could not obtain directory lock (" .. msg .. ").")
@ -214,11 +257,11 @@ local function generateIndex(newVersion, versionTable, isStable)
return um.compareVersions(a.version, b.version, a.timestamp, b.timestamp) < 0 return um.compareVersions(a.version, b.version, a.timestamp, b.timestamp) < 0
end) end)
local indexPath = pl.path.join(paths.cache, indexFilename) local indexPath = pl.path.join(imageCachePath(), indexFilename)
local rv = pl.file.copy(indexPath, pl.path.join(paths.cache, indexFilename..'.'..BACKUP_FILE_SUFFIX)) local rv = pl.file.copy(indexPath, pl.path.join(paths.cache, indexFilename..'.'..BACKUP_FILE_SUFFIX))
if not rv then return nil,"could not backup index file" end if not rv then return nil,"could not backup index file" end
local idxFile = io.open(pl.path.join(paths.cache, indexFilename), 'w') local idxFile = io.open(pl.path.join(imageCachePath(), indexFilename), 'w')
if not idxFile then return nil,"could not open index file for writing" end if not idxFile then return nil,"could not open index file for writing" end
sortedVers:foreach(function(el) sortedVers:foreach(function(el)
@ -233,31 +276,38 @@ local function generateIndex(newVersion, versionTable, isStable)
return 0 return 0
end end
local function ensureFilePresent(src, tgt)
-- print("About to copy '" .. src .. "' => '" .. tgt .. "'")
local srcMd5, tgtMd5 = md5sum(src), md5sum(tgt)
if not srcMd5 then return nil,"source file does not exist" end
if tgtMd5 and srcMd5 ~= tgtMd5 then return nil,"target file already exists but is different from source file" end
if not tgtMd5 then
if not pl.file.copy(src, tgt, false) then return nil,"could not copy file" end
end
return true
end
local function copyImages(newVersion) local function copyImages(newVersion)
local rv,msg local rv,msg
rv,msg = ensureFilePresent(newVersion.factoryImgPath, pl.path.join(paths.cache, newVersion.factoryFilename)) rv,msg = ensureFilePresent(newVersion.factoryImgPath, pl.path.join(imageCachePath(), newVersion.factoryFilename))
if not rv then return nil,msg end if not rv then return nil,msg end
rv,msg = ensureFilePresent(newVersion.sysupgradeImgPath, pl.path.join(paths.cache, newVersion.sysupgradeFilename)) rv,msg = ensureFilePresent(newVersion.sysupgradeImgPath, pl.path.join(imageCachePath(), newVersion.sysupgradeFilename))
if not rv then return nil,msg end if not rv then return nil,msg end
return true return true
end end
local function copyReleaseNotes()
local releaseNotesPath = pl.path.join(imageCachePath(), RELEASE_NOTES_FILE)
if pl.path.isfile(releaseNotesPath) then
local rv = pl.file.copy(releaseNotesPath, pl.path.join(paths.cache, RELEASE_NOTES_FILE..'.'..BACKUP_FILE_SUFFIX))
if not rv then return nil,"could not backup file" end
end
local rv = pl.file.copy(pl.path.join(paths.firmware, RELEASE_NOTES_FILE), releaseNotesPath)
if not rv then return nil,"could not copy file" end
return true
end
-- TODO: the packages are not really used and the openwrt script to generate the
-- package index requires all packages to be present so this has been skipped for now
local function buildFeedDir()
local scriptPath = pl.path.join(paths.wrt, 'scripts/ipkg-make-index.sh')
return nil
end
local function uploadFiles() local function uploadFiles()
local serverUrl = SERVER_HOST..':'..SERVER_PATH local serverUrl = SERVER_HOST..':'..SERVER_PATH
-- rsync options are: recursive, preserve perms, symlinks and timestamps, be verbose and use compression -- rsync options are: recursive, preserve perms, symlinks and timestamps, be verbose and use compression
@ -269,17 +319,23 @@ end
local function main() local function main()
print("Doodle3D release script") print("Doodle3D release script")
if detectRootPrivileges() then
print("Error: refusing to run script as root.")
quit(99)
end
-- local opts = parseOptions(arg) -- local opts = parseOptions(arg)
-- --
-- if opts['wrt-root'] then changedir(opts['wrt-root']) end -- if opts['wrt-root'] then changedir(opts['wrt-root']) end
-- if opts['cache-dir'] then paths.cache = opts['cache-dir'] end -- if opts['cache-dir'] then paths.cache = opts['cache-dir'] end
-- more options: clear cache, rebuild (download all and generate index from actual files), dry-run, force
if not prepare() then quit(1) end if not prepare() then quit(1) end
-- initialize update manager script -- initialize update manager script
um.setUseCache(false) um.setUseCache(false)
um.setVerbosity(1) um.setVerbosity(1)
um.setCachePath(paths.cache) um.setCachePath(imageCachePath())
local newVersion,msg = collectLocalInfo() local newVersion,msg = collectLocalInfo()
if not newVersion then if not newVersion then
@ -301,6 +357,7 @@ local function main()
quit(3) quit(3)
end end
-- pl.pretty.dump(newVersion) -- pl.pretty.dump(newVersion)
-- print("stables: "); pl.pretty.dump(stables) -- print("stables: "); pl.pretty.dump(stables)
-- print("==========================="); -- print("===========================");
@ -309,47 +366,22 @@ local function main()
--TODO: if requested, fetch images and packages (i.e., mirror whole directory) --TODO: if requested, fetch images and packages (i.e., mirror whole directory)
--TODO: run sanity checks --TODO: run sanity checks
io.stdout:write("Generating new index file...")
if not generateIndex(newVersion, isStable and stables or betas, isStable) then
print("Error: could not generate index")
quit(4)
else
print("ok")
end
io.stdout:write("Copying image files...") runAction("Generating new index file", "could not generate index", 4, function()
local rv,msg = copyImages(newVersion) return generateIndex(newVersion, isStable and stables or betas, isStable)
if not rv then end)
print("Error: could not copy images (" .. msg .. ")")
quit(4)
else
print("ok")
end
io.stdout:write("Copying release notes...") runAction("Copying image files", "could not generate index", 4, function()
local releaseNotesPath = pl.path.join(paths.cache, RELEASE_NOTES_FILE) return copyImages(newVersion)
if pl.path.isfile(releaseNotesPath) then end)
local rv = pl.file.copy(releaseNotesPath, pl.path.join(paths.cache, RELEASE_NOTES_FILE..'.'..BACKUP_FILE_SUFFIX))
if not rv then
print("backing up failed")
quit(4)
end
end
local rv = pl.file.copy(pl.path.join(paths.firmware, RELEASE_NOTES_FILE), releaseNotesPath) runAction("Copying release notes", "failed", 4, copyReleaseNotes)
if not rv then
print("copy failed")
quit(4)
else
print("ok")
end
print("About to sync files to server...") io.stdout:write("Building package feed directory...")
local rv,msg = uploadFiles() print("skipped - not implemented")
if not rv then -- runAction("Building package feed directory", "failed", 4, buildFeedDir)
print("Error: could not upload files (" .. msg .. ")")
quit(5) runAction("About to sync files to server", "could not upload files", 5, uploadFiles)
end
print("Done.") print("Done.")
quit() quit()