Index: scripts/crypt_setup.sh =================================================================== diff -u --- scripts/crypt_setup.sh (revision 0) +++ scripts/crypt_setup.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,130 @@ +#!/bin/bash +########################################################################### +# +# Copyright (c) 2022-2023 Diality Inc. - All Rights Reserved. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file crypt_setup.sh +# +# @author (last) Behrouz NematiPour +# @date (last) 15-May-2023 +# @author (original) Behrouz NematiPour +# @date (original) 15-May-2023 +# +############################################################################ + +ERR_CRYPTSETUP_UNKNOWN=100 + +ERR_CRYPTSETUP_USAGE=101 +ERR_CRYPTSETUP_PASSWORD=102 + +ERR_CRYPTSETUP_UMOUNT=111 +ERR_CRYPTSETUP_CLOSE=112 + +ERR_CRYPTSETUP_CREATE_MKDIR=121 +ERR_CRYPTSETUP_CREATE_FORMAT=122 +ERR_CRYPTSETUP_CREATE_OPEN=123 +ERR_CRYPTSETUP_CREATE_MKFS=124 +ERR_CRYPTSETUP_CREATE_MOUNT=125 + +ERR_CRYPTSETUP_MOUNT_TYPE=131 +ERR_CRYPTSETUP_MOUNT_OPEN=132 +ERR_CRYPTSETUP_MOUNT_MOUNT=133 +ERR_CRYPTSETUP_MOUNT_MOUNT=134 + +LOC_DEV="/dev/mmcblk0p7" +LOC_DIR="configurations" +LOC_MAP="/dev/mapper/"$LOC_DIR +LOC_VAR="/var/"$LOC_DIR + +DEV_TYP="crypto_LUKS" +DEV_MNT="/dev/mapper/configurations on /var/configurations type ext4 (rw,relatime)" + +function isEncrypted () { + if [ "$( blkid | grep "$LOC_DEV" | grep "TYPE=$DEV_TYP" )" != "" ]; then + echo "not an encrypted partition" + exit $ERR_CRYPTSETUP_MOUNT_TYPE + fi +} + +function isMounted() { + if [ "$( mount | grep "$DEV_MNT" )" != "" ]; then + echo "partition already mounted" + exit $ERR_CRYPTSETUP_MOUNT_MOUNT + fi +} + +function checkPassword() { + if [ "$PASSWORD" == "" ]; then + echo "setup command missing password argument" + exit $ERR_CRYPTSETUP_PASSWORD + fi +} + +function checkOutput() { + if [ "$3" == "" ]; then + out=` eval "$1" 2>&1` + else + out=`echo $3 | eval "$1" 2>&1` + fi + if [ "$?" -ne 0 ]; then + echo $out + exit $2 + fi +} + +function unmount_luks_partition() +{ + checkOutput "umount $LOC_VAR " $ERR_CRYPTSETUP_UMOUNT + checkOutput "cryptsetup luksClose $LOC_DIR " $ERR_CRYPTSETUP_CLOSE +} + +function create_luks_partition() +{ + umount_luks_partition + + checkOutput "mkdir -p $LOC_VAR " $ERR_CRYPTSETUP_CREATE_MKDIR + checkOutput "cryptsetup luksFormat $LOC_DEV " $ERR_CRYPTSETUP_CREATE_FORMAT $PASSWORD + checkOutput "cryptsetup luksOpen $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_CREATE_OPEN $PASSWORD + checkOutput "mkfs.ext4 $LOC_MAP " $ERR_CRYPTSETUP_CREATE_MKFS + checkOutput "mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_CREATE_MOUNT +} + +function mount_luks_partition() +{ + isEncrypted # if encrypted will continue else will exit with error + isMounted # if not mounted will continue else will exit with error + checkOutput "cryptsetup luksOpen $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_MOUNT_OPEN $PASSWORD + checkOutput "mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_MOUNT_MOUNT +} + +function handleCommand() { + # Handle the first argument to script, one of start, stop, erase, restart, force-reload or status + case $1 in + setup) + checkPassword + create_luks_partition + ;; + + mount) + checkPassword + mount_luks_partition + ;; + + umount) + unmount_luks_partition + ;; + + *) + echo "unknown command" + exit $ERR_CRYPTSETUP_UNKNOWN + ;; + + esac +} + +handleCommand $1 $2 + +exit 0 Index: scripts/decommission.sh =================================================================== diff -u --- scripts/decommission.sh (revision 0) +++ scripts/decommission.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,111 @@ +#!/bin/sh + +########################################################################### +# +# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file decommission.sh +# +# @author (last) Vy Duong +# @date (last) 26-May-2023 +# @author (original) Vy Duong +# @date (original) 26-May-2023 +# +############################################################################ + +# @details +# This file is called by UI Software to decommission the device + +if [ $# -eq 0 ]; then + currentFile=$(basename "$0") + echo "Usage: ./$currentFile " + exit 1 +fi + +ERR_FAILED_RM_WIFI_CONF=150 +ERR_FAILED_CLEAR_BT_CACHE=151 +ERR_FAILED_RESET_SETTINGS_CONF=152 +ERR_FAILED_CLEAR_LOGS=153 +ERR_FAILED_RM_SSH=154 +ERR_FAILED_CLEAR_CLOUDSYNC_TOKEN=155 + + +LOC_CLOUDSYNC_TOKEN=%1 +LOC_SETTINGS_CONF="/home/root/.config/Settings/System.conf" +LOC_DEFAULT_SETTINGS_CONF="/home/root/scripts/default_settings.conf" #TODO update to reflect real location +LOC_WIFI_CONF="/etc/wpa_supplicant/wpa_supplicant-wlan0.conf" +LOC_BLUETOOTH_CACHE_FOLDER="/var/lib/bluetooth/" +LOC_SSH_FOLDER="$HOME/.ssh/" +LOC_LOG_PARENT_FOLDER="/media/sd-card/" + +# removes all the files in the directory and subdirectory in a recursive manner +# exits with passed error code if either rm command fails or folder is not empty of files +# %1 - Directory path +# %2 - Error message string/msg +# %3 - Error code to return on exit in case of error +function clearFolderContent() { + if [ -f $1 ]; then + rm -rf "$1/*/*" + fi + + rmCommandReturn=$? + fileCount=$(find $1 -type f | wc -l) + + if [ "$fileCount" -ne 0 ] || [ "$rmCommandReturn" -ne 0 ]; then + echo "Error : $2 ($fileCount)" + exit $3 + fi +} + +# Removes a single file +# exits with passed error code if either rm command fails or if file was not removed +# %1 - path to file +# %2 - Error message string/msg +# %3 - Error code to return on exit in case of error +function removeSingleFile() { + if [ -f $1 ]; then + rm "$1" + fi + if [ -f $1 ]; then + echo "Error: $2" + # the file still exists, exit with error message + exit $3 + fi +} + +# ------------------------------ Remove Wifi Conf +removeSingleFile $LOC_WIFI_CONF "Failed to remove WiFi conf file" $ERR_FAILED_RM_WIFI_CONF + +# ------------------------------ Remove Bluetooth cache +clearFolderContent $LOC_BLUETOOTH_CACHE_FOLDER "Failed to remove Bluetooth cache" $ERR_FAILED_CLEAR_BT_CACHE + +# ------------------------------ Reset Settings Conf +cp $LOC_DEFAULT_SETTINGS_CONF $LOC_SETTINGS_CONF + +# ------------------------------ Remove Logs +#TODO this will always fail due to the fact UI is not pausing on it's writing of log when we attempt a removal, causing the count to always be >0 +clearFolderContent $LOC_LOG_PARENT_FOLDER "Failed to remove logs" $ERR_FAILED_CLEAR_LOGS + +# ------------------------------ Format Encrypted Partition +umountExitCode=$(source ./crypt_setup.sh umount) +if [ "$umountExitCode" -ne 0 ]; then + echo "Error: Failed to unmount partition" + exit $umountExitCode +fi + +setupExitCode=$(source ./crypt_setup.sh setup) +if [ "$setupExitCode" -ne 0 ]; then + echo "Error: format the partition" + exit $setupExitCode +fi + +# ------------------------------ Remove CloudSync Token +clearFolderContent $LOC_CLOUDSYNC_TOKEN "Failed to remove CloudSync token" $ERR_FAILED_CLEAR_CLOUDSYNC_TOKEN + +# ------------------------------ Remove ssh +clearFolderContent $LOC_SSH_FOLDER "Failed to remove ssh" $ERR_FAILED_RM_SSH + +exit 0 Index: scripts/factory_reset.sh =================================================================== diff -u --- scripts/factory_reset.sh (revision 0) +++ scripts/factory_reset.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,89 @@ +#!/bin/sh + +########################################################################### +# +# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file factory_reset.sh +# +# @author (last) Vy Duong +# @date (last) 26-May-2023 +# @author (original) Vy Duong +# @date (original) 26-May-2023 +# +############################################################################ + +# @details +# This file is called by UI Software to remove and reset the device + +ERR_FAILED_RM_WIFI_CONF=150 +ERR_FAILED_CLEAR_BT_CACHE=151 +ERR_FAILED_RESET_SETTINGS_CONF=152 +ERR_FAILED_CLEAR_LOGS=153 +ERR_FAILED_RM_SSH=154 + +LOC_SETTINGS_CONF="/home/root/.config/Settings/System.conf" +LOC_DEFAULT_SETTINGS_CONF="/home/root/scripts/default_settings.conf" #TODO update to reflect real location +LOC_WIFI_CONF="/etc/wpa_supplicant/wpa_supplicant-wlan0.conf" +LOC_BLUETOOTH_CACHE_FOLDER="/var/lib/bluetooth/" +LOC_SSH_FOLDER="$HOME/.ssh/" +LOC_LOG_PARENT_FOLDER="/media/sd-card/" + +# removes all the files in the directory and subdirectory in a recursive manner +# exits with passed error code if either rm command fails or folder is not empty of files +# %1 - Directory path +# %2 - Error message string/msg +# %3 - Error code to return on exit in case of error +function clearFolderContent() { + if [ -f $1 ]; then + rm -rf "$1/*/*" + fi + + rmCommandReturn=$? + fileCount=$(find $1 -type f | wc -l) + + if [ "$fileCount" -ne 0 ] || [ "$rmCommandReturn" -ne 0 ]; then + echo "Error : $2 ($fileCount)" + exit $3 + fi +echo "$2 success" +} + +# Removes a single file +# exits with passed error code if either rm command fails or if file was not removed +# %1 - path to file +# %2 - Error message string/msg +# %3 - Error code to return on exit in case of error +function removeSingleFile() { + if [ -f $1 ]; then + rm "$1" + fi + if [ -f $1 ]; then + echo "Error: $2" + # the file still exists, exit with error message + exit $3 + fi +} + +# ------------------------------ Remove Wifi Conf +removeSingleFile $LOC_WIFI_CONF "Failed to remove WiFi conf file" $ERR_FAILED_RM_WIFI_CONF + +# ------------------------------ Remove Bluetooth cache +clearFolderContent $LOC_BLUETOOTH_CACHE_FOLDER "Failed to remove Bluetooth cache" $ERR_FAILED_CLEAR_BT_CACHE + +# ------------------------------ Reset Settings Conf +storedPassword=$(grep Password $LOC_SETTINGS_CONF) +cp $LOC_DEFAULT_SETTINGS_CONF $LOC_SETTINGS_CONF +sed -i "s/^.*Password.*$/$storedPassword/" $LOC_SETTINGS_CONF + +# ------------------------------ Remove Logs +#TODO this will always fail due to the fact UI is not pausing on it's writing of log when we attempt a removal, causing the count to always be >0 +clearFolderContent $LOC_LOG_PARENT_FOLDER "Failed to remove logs" $ERR_FAILED_CLEAR_LOGS + +# ------------------------------ Remove ssh +clearFolderContent $LOC_SSH_FOLDER "Failed to remove ssh" $ERR_FAILED_RM_SSH + +exit Index: scripts/globals.sh =================================================================== diff -u -rd4988df80c5d03fe46e42c9563043ae281247278 -rb9654575709e02aecc01a01d246d7af578679387 --- scripts/globals.sh (.../globals.sh) (revision d4988df80c5d03fe46e42c9563043ae281247278) +++ scripts/globals.sh (.../globals.sh) (revision b9654575709e02aecc01a01d246d7af578679387) @@ -8,8 +8,8 @@ # # @file globals.sh # -# @author (last) Vy -# @date (last) 20-May-2023 +# @author (last) Behrouz NematiPour +# @date (last) 15-Dec-2022 # @author (original) Behrouz NematiPour # @date (original) 15-Dec-2022 # @@ -68,11 +68,10 @@ DST_PATH_SCRIPTS="/home/$DST_USER/scripts" DST_PATH_CLOUDSYNC="/home/$DST_USER/cloudsync" DST_PATH_FONTS="/usr/share/fonts/truetype" -DST_PATH_BT_CONF="/etc/bluetooth/" -POSTLOG=$HOME/post.log -POSTERR=$HOME/post.err -POSTOUT=$HOME/post.out +POSTLOG=/tmp/post.log +POSTERR=/tmp/post.err +POSTOUT=/tmp/post.out POSTMSG_POSTFIX_PASSED=" passed" POSTMSG_POSTFIX_FAILED=" failed" POSTMSG_CANBUS="CANBus" @@ -103,6 +102,11 @@ DENALI_BIN=denali LAUNCH_SCR=run.sh +SETUP_CONF_FILE="setup.conf" +SETUP_ENABLE_MANUFACTURING_MODE="ManufacturingMode 1" + +APPLICATION_PARAMS="&" + function confirm() { read -p "$1? [y,n]" -n 1 -r CONTINUE if [ "$CONTINUE" == "y" ]; then @@ -114,7 +118,7 @@ fi } -string_trim() { +function string_trim() { local var="$*" # remove leading whitespace characters var="${var#"${var%%[![:space:]]*}"}" @@ -176,6 +180,10 @@ } COUT="/dev/null" +function setupConsoleout() { + # /dev/ttymxc1 + COUT="/dev/$(echo $(dmesg | grep "printk: console") | sed 's/.*printk: console.*\(tty.*\)].*/\1/')" +} function post_log_clear () { echo "" > $POSTLOG; } function post_err_clear () { echo "" > $POSTERR; } @@ -198,3 +206,255 @@ echo_dash_message "$1" echo_dash_comment } + + +function setupResolved() { + echo nameserver 8.8.8.8 > /etc/resolv.conf + echo nameserver 192.168.10.20 >> /etc/resolv.conf # these need to be removed when/if the IoT WiFi doens't need them + echo nameserver 192.168.10.21 >> /etc/resolv.conf # these need to be removed when/if the IoT WiFi doens't need them + systemctl start systemd-resolved.service +} + +function cleanupPOSTLogs() { + # cleanup the POST log file + post_log_clear + post_err_clear + post_out_clear + + post_log_star " ***** " + post_log "Start: $(timestamp)" # log the current date, time +} + +function killApplication() { + # ---------------------------------------- STOP denali in case running (sys not rebooted) + killall $DENALI_BIN +} + +function setupEthernet() { + #setting up ethernet----------------------- Ethernet + post_log_dash " Ethernet " + ieth=eth0 + udhcpc --timeout=5 --retries=2 -n -i $ieth + post_log "$(ip addr show $ieth)" # -details -statistics +} + +function setupCANBus() { + #setting up can interface ----------------- CANBus + post_log_dash " CANBus " + #current settings can be retrieved by the command below + #$ ip -details -statistics link show can0 + ip link set can0 up type can bitrate 250000 restart-ms 100 + ifconfig can0 txqueuelen 4000 + candump can0 -T1 # check if candump can successfully use the port. will terminate in 1ms + if [ $? -eq 0 ]; then + post_log_pass "$POSTMSG_CANBUS$POSTMSG_POSTFIX_PASSED" + post_log "$(ip link show can0)" # -details -statistics + else + post_log_fail "$POSTMSG_CANBUS$POSTMSG_POSTFIX_FAILED" + fi +} + +function setupSDCard() { + #mounting sdcard -------------------------- SD-CARD + post_log_dash " SD-CARD " + mkdir -p $SDCARD_MNT + mount $SDCARD_PRT $SDCARD_MNT + SDCTEST="$(mount | grep "$SDCARD_PRT on $SDCARD_MNT type $SDCARD_TYP_NAME (rw,")" + if ! [ -z "$SDCTEST" ]; then + SDINFO="$(df -h | grep -i $SDCARD_MNT)" + post_log_pass "$POSTMSG_SDCARD$POSTMSG_POSTFIX_PASSED" + post_log "$SDCTEST" + post_log "$SDINFO" + else + post_log_fail "$POSTMSG_SDCARD$POSTMSG_POSTFIX_FAILED" + fi +} + +function testRTC() { + #test the RTC ----------------------------- RTC + post_log_dash " RTC" + #may not be an accurate test but sufficient for now + #and could not find a way to get the rtc clock with the higher resolusion + #it should not be confused with date command which is system date/time and not hwclock + hwclock -r # if there is any issue with rtc hwclock will show errors + if [ $? -eq 0 ]; then + RTC1=$($CMD_RTC_EPOCH) + sleep 1 + RTC2=$($CMD_RTC_EPOCH) + if [ $(($RTC2 - $RTC1)) -eq 1 ]; then + post_log_pass "$POSTMSG_RTC$POSTMSG_POSTFIX_PASSED" + else + post_log_fail "$POSTMSG_RTC$POSTMSG_POSTFIX_FAILED" + fi + fi +} + +function setupWiFi() { + # ----------------------------------------- WiFi + post_log_dash " WiFi " + + # create the wpa supplicant folder for conf storing + iwlan=wlan0 + WPA_SUPPLICANT_DIR="/etc/wpa_supplicant/" + WPA_SUPPLICANT_CNF="wpa_supplicant-$iwlan.conf" + mkdir -p $WPA_SUPPLICANT_DIR + + # remove any software blocks + rfkill unblock wlan + + if [[ ! -z $(dmesg | grep "wlan: driver loaded") ]]; then + post_log_pass "$POSTMSG_WIFI$POSTMSG_POSTFIX_PASSED [driver]" + post_log "$(dmesg | grep -i wlan:)" + + # start the wpa_supplicant service + post_log "start wpa_supplicant service" + systemctl start wpa_supplicant@$iwlan.service + if [ $? -eq 0 ]; then + post_log_pass "$POSTMSG_WIFI$POSTMSG_POSTFIX_PASSED [service]" + # try to connect to WiFi + if [ -f $WPA_SUPPLICANT_DIR$WPA_SUPPLICANT_CNF ]; then + post_log_dash " WiFi Connection " + killall udhcpc + post_log "connecting to WiFi" + # run this manually in terminal if didn't work on bootup + udhcpc --timeout=5 --retries=2 -n -i $iwlan + fi + post_log "$(ip link show $iwlan)" # -details -statistics + else + post_log_fail "$POSTMSG_WIFI$POSTMSG_POSTFIX_FAILED" + post_log "$(systemctl --failed | grep wpa)" + fi + else + post_log_fail "$POSTMSG_WIFI$POSTMSG_POSTFIX_FAILED" + fi +} + +function setupBluetooth() { + # ----------------------------------------- Bluetooth + post_log_dash " Bluetooth " + /usr/share/silex-uart/silex-uart.sh stop 1>> $POSTOUT 2>> $POSTERR + sleep 1 + /usr/share/silex-uart/silex-uart.sh start 1>> $POSTOUT 2>> $POSTERR + sleep 5 + hciconfig hci0 up + if [ $? -eq 0 ]; then + post_log_pass "$POSTMSG_BLUETOOTH$POSTMSG_POSTFIX_PASSED" + post_log "$(hciconfig hci0)" + else + post_log_fail "$POSTMSG_BLUETOOTH$POSTMSG_POSTFIX_FAILED" + fi +} + +function testTouchscreen() { + #test the touch screen -------------------- Touch + post_log_dash " Touch " + # when successfully connected and can be loaded + # Sitronix touch driver 2.10.2 Release date: 20180809 + # atmel_mxt_ts 3-004a: Direct firmware load for maxtouch.cfg failed with error -2 + # atmel_mxt_ts 3-004a: Touchscreen size X1279Y799 + # input: Atmel maXTouch Touchscreen as /devices/platform/soc@0/soc@0:bus@30800000/30a50000.i2c/i2c-3/3-004a/input/input2 + # When NOT connected + # Sitronix touch driver 2.10.2 Release date: 20180809 + TSTEST="$(dmesg | grep "input: Atmel maXTouch Touchscreen as ")" + if [ "$?" -eq 0 ]; then + post_log_pass "$POSTMSG_TOUCH$POSTMSG_POSTFIX_PASSED" + post_log "$TSTEST" + else + post_log_fail "$POSTMSG_TOUCH$POSTMSG_POSTFIX_FAILED" + fi +} + +function testApplicationShasum() { + # ----------------------------------------- Sha256Sum + post_log_dash " Sha256Sum " + #check the denali applicatoin checksum + SHA_ACT=$(tail -c 83 $HOME/$DENALI_BIN | cut -c19-82) + SHA_EXP=$(head -c -83 $HOME/$DENALI_BIN | sha256sum -b --tag | cut -c14-77) + if [ "$SHA_ACT" == "$SHA_EXP" ]; then + post_log_pass "$POSTMSG_SHASUM$POSTMSG_POSTFIX_PASSED" + else + post_log_fail "$POSTMSG_SHASUM$POSTMSG_POSTFIX_FAILED" + fi +} + +function testCloudSystem() { + # ----------------------------------------- CloudSystem + post_log_dash " CloudSystem " + post_log "$(ip addr show $iwlan)" # -details -statistics + post_log "$(ping www.diality.com -I $iwlan -c 3 -4)" +} + +function startCloudSync() { + # ----------------------------------------- CloudSync + post_log_dash " CloudSync " + if [ -d $HOME/$CLOUDSYNC_FOLDER ]; then + # moving/ backing up the previous treatment logs so the new buff starts with fresh sequence + echo "Backing up CloudSync I/O buff" + CLOUDSYNC_PATH="$SDCARD_MNT"/"$CLOUDSYNC_FOLDER" + CLOUDSYNC_BACKUP="$CLOUDSYNC_PATH"_backup/$(timestamp)/ + mkdir -p $CLOUDSYNC_BACKUP + mv $CLOUDSYNC_PATH/* $CLOUDSYNC_BACKUP 1>> $POSTOUT 2>> $POSTERR + rm $HOME/$CLOUDSYNC_FOLDER/data/* 1>> $POSTOUT 2>> $POSTERR + cd $HOME/$CLOUDSYNC_FOLDER/ + python3 ./cs.py start & + sleep 2 + CLOUDSYNC_STATUS="$(python3 ./cs.py status)" + if [ "$CLOUDSYNC_STATUS" == "$POSTMSG_CLOUDSYNC_RUNNING" ]; then + post_log_pass "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_PASSED" + else + post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" + fi + post_log "$CLOUDSYNC_STATUS" + cd + else + post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" + fi +} + +function startApplication() { + # ----------------------------------------- Denali + post_log_dash " Denali " + #launching denali application + DENALI_VERSION="$($HOME/$DENALI_BIN -v)" + if [[ -n "$DENALI_VERSION" ]]; then + post_log_pass "$($HOME/$DENALI_BIN -v)" # log UI Software version + if [[ "$APPLICATION_PARAMS" == *"-E"* ]]; then + $HOME/$DENALI_BIN $APPLICATION_PARAMS # do not enclose the APPLICATION_PARAMS in "", then it becomes an empty parameter to the denali which is not accepted. + else + $HOME/$DENALI_BIN $APPLICATION_PARAMS & + fi + else + post_log_fail "Unknown Applicaion Version" + fi +} + +function timerStart() { + time_start=$(date +%s) +} + +function timerEndLog() { + # ----------------------------------------- END + # tag the end time in the POST log file + post_log "End: $(timestamp)" + time_end=$(date +%s) + post_log "time spent: "$(( $time_end - $time_start ))" seconds" + post_log_star " ***** " +} + +function applicationPOST() { + setupConsoleout + cleanupPOSTLogs + setupCANBus + setupResolved + killApplication + setupEthernet + setupSDCard + testRTC + setupWiFi + setupBluetooth + testTouchscreen + testApplicationShasum + testCloudSystem + startCloudSync + startApplication +} Index: scripts/lockdown.sh =================================================================== diff -u --- scripts/lockdown.sh (revision 0) +++ scripts/lockdown.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,109 @@ +#!/bin/bash +########################################################################### +# +# Copyright (c) 2023 Diality Inc. - All Rights Reserved. +# +# This is inpart based on scripts developed by Sunrise Labs Inc. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file start.sh +# +# @author (last) Philip Braica +# @date (last) 22-Mar-2023 +# @author (original) Philip Braica +# @date (original) 22-Mar-2023 +# +############################################################################ + +# @details +# This file sets up and verifies some of the SOM security. + +# Does the file contain a string? if +# not, add a line at end. +# If $1 not in $2 then append line $3 to end. +# $1 What to look for. +# $2 File name. +# $3 What to add. +function appendIfMissing() { + # q for quiet, F for regular string match, not -x because not full line. + # Done as one command because this is done remotely. + grep -qF $1 $2 || echo $3 >> $2 +} + +# Remove all lines that contain $1 in file $2 then append $3. +# $1 What to look for. +# $2 File name. +function removeIfFound() { + sed -i /${1}/d $2 +} + +# Turn on some ssh security. +function secureSsh() { + local fileTarget="${PWD}/../../etc/ssh/sshd_config" + + # + chown -R root.denali ${fileTarget} + chmod -R g+rw ${fileTarget} + + # Remove add PermitRootLogin settings then add one to turn it off. + removeIfFound "PermitRootLogin" ${fileTarget} + appendIfMissing "PermitRootLogin" ${fileTarget} "PermitRootLogin no" + + # Restart service on remote. + systemctl restart system-sshd.slice +} + +# Move the customers app files to the app users home directories, +# changed the owner, and set the immutable attribute. +function moveCustomerAppFiles() { + # Move the files + mv ${PWD}/cloudsync ${PWD}/../cloudsync/ + mv ${PWD}/denali ${PWD}/../denali/ + + # Change the file owners. + chown -R cloudsync.cloudsync ${PWD}/../cloudsync + chmod -R o-rwx ${PWD}/../cloudsync + chown -R denali.denali ${PWD}/../denali + chmod -R o-rwx ${PWD}/../denali +} + +# Set all permissions for our users that +# are not root. +function setPermissionsCustomerAppFiles() { + + # Make sure the the other users have no access to these directories. + chmod -R o-rwx ${PWD}/../cloudsync + chmod -R o-rwx ${PWD}/../denali + + # Give read-only access to denali by making the group owner. + mkdir -p ${PWD}/../../var/configuration/CloudSync + chown -R cloudsync.denali ${PWD}/../../var/configuration/CloudSync + chmod -R g-w,g+r,o-rwx ${PWD}/../../var/configuration/CloudSync + + # Give read-only access to denali by making the group owner. + mkdir -p ${PWD}/../../media/sd-card/cloudsync + chown -R cloudsync.denali ${PWD}/../../media/sd-card/cloudsync + chmod -R g-w,g+r,o-rwx ${PWD}/../../media/sd-card/cloudsync + + # Set the immutable attribute for all of the files. + chattr -R +i ${PWD}/../cloudsync/* + chattr -R +i ${PWD}/../denali/* +} + +function main() { + + # Move the App Files to their home directories and setup the file + # permissions needed to make them work. + moveCustomerAppFiles + setPermissionsCustomerAppFiles + + # Turn off root login in by ssh. + secureSsh +} + +# Running the main function +main + +exit 0 Index: scripts/rootsshaccess_get.sh =================================================================== diff -u --- scripts/rootsshaccess_get.sh (revision 0) +++ scripts/rootsshaccess_get.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,25 @@ +#!/bin/sh +########################################################################### +# +# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file rootsshaccess_get.sh +# +# @author (last) Behrouz NematiPour +# @date (last) 17-Jun-2023 +# @author (original) Behrouz NematiPour +# @date (original) 17-Jun-2023 +# +############################################################################ + +SSHD_CONFIG="/etc/ssh/sshd_config" + +if [ "$(grep -ir "^PermitRootLogin" $SSHD_CONFIG | tr -s ' ' | cut -f2 -d' ')" == "yes" ]; then + echo 1 +else + echo 0 +fi +exit 0 Index: scripts/rootsshaccess_set.sh =================================================================== diff -u --- scripts/rootsshaccess_set.sh (revision 0) +++ scripts/rootsshaccess_set.sh (revision b9654575709e02aecc01a01d246d7af578679387) @@ -0,0 +1,34 @@ +#!/bin/sh +########################################################################### +# +# Copyright (c) 2021-2023 Diality Inc. - All Rights Reserved. +# +# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN +# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. +# +# @file rootsshaccess_set.sh +# +# @author (last) Behrouz NematiPour +# @date (last) 17-Jun-2023 +# @author (original) Behrouz NematiPour +# @date (original) 17-Jun-2023 +# +############################################################################ + + +SSHD_CONFIG="/etc/ssh/sshd_config" +ERR_EXECUTION=201 + +if [ "$1" == "YES" ]; then + sed -i '/PermitRootLogin/c\PermitRootLogin yes' $SSHD_CONFIG +else + sed -i '/PermitRootLogin/c\PermitRootLogin no' $SSHD_CONFIG +fi + +if [ $? != 0 ]; then + echo "Execution Failed" + exit $ERR_EXECUTION +fi + +echo "" +exit 0 Index: scripts/run.sh =================================================================== diff -u -rd4988df80c5d03fe46e42c9563043ae281247278 -rb9654575709e02aecc01a01d246d7af578679387 --- scripts/run.sh (.../run.sh) (revision d4988df80c5d03fe46e42c9563043ae281247278) +++ scripts/run.sh (.../run.sh) (revision b9654575709e02aecc01a01d246d7af578679387) @@ -15,196 +15,13 @@ # ############################################################################ -echo "HOME : $HOME " > /home/root/post.debug -HOME="$1" +# globals.sh needs to be initialized by the user home path +# otherwise creates the post.log in the / folder instead of home. +HOME=/home/$(whoami) source ./globals.sh -COUT="/dev/$(echo $(dmesg | grep "printk: console") | sed 's/.*printk: console.*\(tty.*\)].*/\1/')" -echo "COMMENT_DASH: $COMMENT_DASH " >> /home/root/post.debug -echo "HOME : $HOME " >> /home/root/post.debug -echo "COUT : $COUT " >> /home/root/post.debug -echo "POSTLOG : $POSTLOG " >> /home/root/post.debug -# cleanup the POST log file -post_log_clear -post_err_clear -post_out_clear +timerStart +applicationPOST +timerEndLog -post_log_star " ***** " -post_log "Start: $(timestamp)" # log the current date, time -#create folders for sd-card and usb if not exist -mkdir -p $SDCARD_MNT -mkdir -p $USB_MNT - - -# ---------------------------------------- STOP denali in case running (sys not rebooted) -killall $DENALI_BIN - - -#setting up ethernet----------------------- Ethernet -post_log_dash " Ethernet " -udhcpc eth0 & - - -#setting up can interface ----------------- CANBus -post_log_dash " CANBus " -#current settings can be retrieved by the command below -#$ ip -details -statistics link show can0 -ip link set can0 up type can bitrate 250000 restart-ms 100 -ifconfig can0 txqueuelen 4000 -candump can0 -T1 # check if candump can successfully use the port. will terminate in 1ms -if [ $? -eq 0 ]; then - post_log_pass "$POSTMSG_CANBUS$POSTMSG_POSTFIX_PASSED" - post_log "$(ip link show can0)" # -details -statistics -else - post_log_fail "$POSTMSG_CANBUS$POSTMSG_POSTFIX_FAILED" -fi - - -#mounting sdcard -------------------------- SD-CARD -post_log_dash " SD-CARD " -mount $SDCARD_PRT $SDCARD_MNT -SDCTEST="$(mount | grep "$SDCARD_PRT on $SDCARD_MNT type $SDCARD_TYP_NAME (rw,")" -if ! [ -z "$SDCTEST" ]; then - SDINFO="$(df -h | grep -i $SDCARD_MNT)" - post_log_pass "$POSTMSG_SDCARD$POSTMSG_POSTFIX_PASSED" - post_log "$SDCTEST" - post_log "$SDINFO" -else - post_log_fail "$POSTMSG_SDCARD$POSTMSG_POSTFIX_FAILED" -fi - - -#test the RTC ----------------------------- RTC -post_log_dash " RTC" -#may not be an accurate test but sufficient for now -#and could not find a way to get the rtc clock with the higher resolusion -#it should not be confused with date command which is system date/time and not hwclock -hwclock -r # if there is any issue with rtc hwclock will show errors -if [ $? -eq 0 ]; then - RTC1=$($CMD_RTC_EPOCH) - sleep 1 - RTC2=$($CMD_RTC_EPOCH) - if [ $(($RTC2 - $RTC1)) -eq 1 ]; then - post_log_pass "$POSTMSG_RTC$POSTMSG_POSTFIX_PASSED" - else - post_log_fail "$POSTMSG_RTC$POSTMSG_POSTFIX_FAILED" - fi -fi - - -# ----------------------------------------- Bluetooth -post_log_dash " Bluetooth " -/usr/share/silex-uart/silex-uart.sh start 1>> $POSTOUT 2>> $POSTERR -sleep 5 -hciconfig hci0 up -if [ $? -eq 0 ]; then - post_log_pass "$POSTMSG_BLUETOOTH$POSTMSG_POSTFIX_PASSED" - post_log "$(hciconfig hci0)" -else - post_log_fail "$POSTMSG_BLUETOOTH$POSTMSG_POSTFIX_FAILED" -fi - - -#test the touch screen -------------------- Touch -post_log_dash " Touch " -# when successfully connected and can be loaded -# Sitronix touch driver 2.10.2 Release date: 20180809 -# atmel_mxt_ts 3-004a: Direct firmware load for maxtouch.cfg failed with error -2 -# atmel_mxt_ts 3-004a: Touchscreen size X1279Y799 -# input: Atmel maXTouch Touchscreen as /devices/platform/soc@0/soc@0:bus@30800000/30a50000.i2c/i2c-3/3-004a/input/input2 -# When NOT connected -# Sitronix touch driver 2.10.2 Release date: 20180809 -TSTEST="$(dmesg | grep "input: Atmel maXTouch Touchscreen as ")" -if [ "$?" -eq 0 ]; then - post_log_pass "$POSTMSG_TOUCH$POSTMSG_POSTFIX_PASSED" - post_log "$TSTEST" -else - post_log_fail "$POSTMSG_TOUCH$POSTMSG_POSTFIX_FAILED" -fi - - -# ----------------------------------------- WiFi -post_log_dash " WiFi " - -# create the wpa supplicant folder for conf storing -WPA_SUPPLICANT_DIR="/etc/wpa_supplicant/" -mkdir -p $WPA_SUPPLICANT_DIR - -# remove any software blocks -rfkill unblock wlan - -if [[ ! -z $(dmesg | grep "wlan: driver loaded") ]]; then - post_log_pass "$POSTMSG_WIFI$POSTMSG_POSTFIX_PASSED" - post_log "$(dmesg | grep -i wlan:)" - post_log "$(ip link show wlan0)" # -details -statistics -else - post_log_fail "$POSTMSG_WIFI$POSTMSG_POSTFIX_FAILED" -fi - -# start the wpa_supplicant service -systemctl start wpa_supplicant@wlan0.service -if [ $? -eq 0 ]; then -    post_log_pass "$POSTMSG_WIFI$POSTMSG_POSTFIX_PASSED" -else -    post_log_fail "$POSTMSG_WIFI$POSTMSG_POSTFIX_FAILED" -    post_log      "$(systemctl --failed | grep wpa)" -fi - - -# ----------------------------------------- Sha256Sum -post_log_dash " Sha256Sum " -#check the denali applicatoin checksum -SHA_ACT=$(tail -c 83 $HOME/$DENALI_BIN | cut -c19-82) -SHA_EXP=$(head -c -83 $HOME/$DENALI_BIN | sha256sum -b --tag | cut -c14-77) -if [ "$SHA_ACT" == "$SHA_EXP" ]; then - post_log_pass "$POSTMSG_SHASUM$POSTMSG_POSTFIX_PASSED" -else - post_log_fail "$POSTMSG_SHASUM$POSTMSG_POSTFIX_FAILED" -fi - - -# ----------------------------------------- CloudSync -post_log_dash " CloudSync " -if [ -d $HOME/$CLOUDSYNC_FOLDER ]; then - # moving/ backing up the previous treatment logs so the new buff starts with fresh sequence - echo "Backing up CloudSync I/O buff" - CLOUDSYNC_PATH="$SDCARD_MNT"/"$CLOUDSYNC_FOLDER" - CLOUDSYNC_BACKUP="$CLOUDSYNC_PATH"_backup/$(timestamp)/ - mkdir -p $CLOUDSYNC_BACKUP - mv $CLOUDSYNC_PATH/* $CLOUDSYNC_BACKUP 1>> $POSTOUT 2>> $POSTERR - rm $HOME/$CLOUDSYNC_FOLDER/data/* 1>> $POSTOUT 2>> $POSTERR - cd $HOME/$CLOUDSYNC_FOLDER/ - python3 ./cs.py start & - sleep 2 - CLOUDSYNC_STATUS="$(python3 ./cs.py status)" - if [ "$CLOUDSYNC_STATUS" == "$POSTMSG_CLOUDSYNC_RUNNING" ]; then - post_log_pass "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_PASSED" - else - post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" - fi - post_log "$CLOUDSYNC_STATUS" - cd -else - post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" -fi - - -# ----------------------------------------- Denali -post_log_dash " Denali " -#launching denali application -DENALI_VERSION="$($HOME/$DENALI_BIN -v)" -if [ -n "$DENALI_VERSION" ]; then - post_log_pass "$($HOME/$DENALI_BIN -v)" # log UI Software version - $HOME/$DENALI_BIN -u -C & # -C to disable cloudsync for now sync it blocks the system and no cloudsync has been installed. -else - post_log_fail "Unknown Applicaion Version" -fi - - -# ----------------------------------------- END -# tag the end time in the POST log file -post_log "End: $(timestamp)" -post_log_star " ***** " - -exit 0 Index: scripts/setup.sh =================================================================== diff -u -rd4988df80c5d03fe46e42c9563043ae281247278 -rb9654575709e02aecc01a01d246d7af578679387 --- scripts/setup.sh (.../setup.sh) (revision d4988df80c5d03fe46e42c9563043ae281247278) +++ scripts/setup.sh (.../setup.sh) (revision b9654575709e02aecc01a01d246d7af578679387) @@ -83,7 +83,7 @@ timedatectl set-local-rtc $TDCTL_RTC_LOCL } -function set_datetime() { +function set_datetime() { echo "Setup the time/date" while true; do timedatectl set-time "$DATETIME" 1>/dev/null 2>/dev/null @@ -127,6 +127,15 @@ update-rc.d $INITD_AUTOSTART defaults } +function manufacturingMode() { + if [ "$(grep $SETUP_ENABLE_MANUFACTURING_MODE $SETUP_CONF_FILE)" != "" ]; then + # -E for Maunufacturing mode + # -a for disabling the non-minimizable Alarms + APPLICATION_PARAMS="-E -a" # don't use '&', we have to wait until user is done with UI + applicationPOST + fi +} + function confirm_reboot() { read -p "ready to reboot? [y,n]" -n 1 -r CONFIRM if [ "$CONFIRM" == "y" ]; then @@ -136,6 +145,12 @@ echo "" } +function cleanup() { + rm $SETUP_CONF_FILE + rm $(basename $0) + rm -frd $HOME/.ssh +} + function main() { disable_autostart format_sdcard @@ -144,6 +159,8 @@ diable_b2qt_services setup_denali enable_autostart + manufacturingMode + cleanup } main "$1" "$2" Index: scripts/start.sh =================================================================== diff -u -rd4988df80c5d03fe46e42c9563043ae281247278 -rb9654575709e02aecc01a01d246d7af578679387 --- scripts/start.sh (.../start.sh) (revision d4988df80c5d03fe46e42c9563043ae281247278) +++ scripts/start.sh (.../start.sh) (revision b9654575709e02aecc01a01d246d7af578679387) @@ -8,8 +8,8 @@ # # @file start.sh # -# @author (last) Vy -# @date (last) 20-May-2023 +# @author (last) Behrouz NematiPour +# @date (last) 15-Dec-2022 # @author (original) Behrouz NematiPour # @date (original) 11-Aug-2021 # @@ -136,6 +136,28 @@ exitConfirm $ERR_KILLPROMPT } +function manufacturingModePrompt() { +# I set to always enabled for now to always go to the manufacturing mode +# 1 - Even for normal setup start is moving files to /home/root, so the lockdown needs to run to move files. +# 2 - The UI still needs to be executed to decrypt the /var/configurations, otherwise the configurations can not be updated, +# and I don't have the ability to just decrypt and exit right now. +# Note: after the Cybersecurity release I will improve the user experience and will make it easier for manufacturing. + CONTINUE="y" + +# echo_star_comment +# echo_star_message "Do you want to run in the Manufacturing Mode?" +# echo_star_comment +# read -p "Continue? [y,n]" -n 1 -r CONTINUE +# echo "" # to echo prompts on new line + if [ "$CONTINUE" == "y" ]; then + sshRun "echo $SETUP_ENABLE_MANUFACTURING_MODE > $SETUP_CONF_FILE" + echo_star_message "Set the setup in manufacturing mode" + else + sshRun "echo '' > $SETUP_CONF_FILE" + echo_star_message "Continueing the setup in normal mode" + fi +} + function getDeviceIP() { while true; do validIP "$DST_IP" @@ -164,15 +186,6 @@ copyFileTo "setup.sh" $DST_PATH_HOME } -#TODO to be removed when yocto recipes updated -function setupBluetoothConfFile() { - echo_dash_comment - echo_dash_message "Installing bluetooth conf file" | tee -a $LOG_OUT_FILE - echo_dash_comment - copyFileTo $SRC_PATH_SCRIPTS/"bluetooth_main.conf" $DST_PATH_BT_CONF/main.conf - -} - function setupSettingsScripts() { echo_dash_comment echo_dash_message "Installing settings scripts" | tee -a $LOG_OUT_FILE @@ -226,8 +239,9 @@ } function wipe_device() { - sshRun "rm -frd *" - sshRun "rm -frd .*" + WIPEOUT="wiped.out" + sshRun "find -maxdepth 1 ! \( -name '.ssh' -o -name $SETUP_CONF_FILE -o -name . -o -name .. \) > $WIPEOUT" + sshRun "xargs -a $WIPEOUT rm -frd" } function main() { @@ -241,15 +255,14 @@ sshKeyCopy killPrompt + manufacturingModePrompt wipe_device setupBootupScripts setupSettingsScripts setupConfigurations - setupBluetoothConfFile setupCloudSync setupFonts - setupApplication }