Index: scripts/crypt_setup.sh =================================================================== diff -u -r803683ce55f7f96f0f1b53094ab2e9b32db4eac5 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/crypt_setup.sh (.../crypt_setup.sh) (revision 803683ce55f7f96f0f1b53094ab2e9b32db4eac5) +++ scripts/crypt_setup.sh (.../crypt_setup.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -83,7 +83,7 @@ function create_luks_partition() { - umount_luks_partition + unmount_luks_partition checkOutput "sudo mkdir -p $LOC_VAR " $ERR_CRYPTSETUP_CREATE_MKDIR checkOutput "sudo cryptsetup luksFormat $LOC_DEV " $ERR_CRYPTSETUP_CREATE_FORMAT $PASSWORD @@ -100,19 +100,6 @@ checkOutput "sudo mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_MOUNT_MOUNT } -function reset_luks_partition() -{ - # TODO this needs some discussions. - - #umount_luks_partition - - # checkOutput "mkdir -p $LOC_VAR " $ERR_CRYPTSETUP_CREATE_MKDIR - # checkOutput "cryptsetup luksFormat $LOC_DEV " $ERR_CRYPTSETUP_CREATE_FORMAT $PASSWORD - # checkOutput "cryptsetup luksOpen $LOC_DEV $LOC_DIR" $ERR_CRYPTSETUP_CREATE_OPEN $PASSWORD - # checkOutput "mkfs.ext4 $LOC_MAP " $ERR_CRYPTSETUP_CREATE_MKFS - # checkOutput "mount -t ext4 $LOC_MAP $LOC_VAR" $ERR_CRYPTSETUP_CREATE_MOUNT -} - function handleCommand() { # Handle the first argument to script, one of start, stop, erase, restart, force-reload or status case $1 in @@ -130,11 +117,6 @@ unmount_luks_partition ;; - decommission) - checkPassword - reset_luks_partition - ;; - *) echo "unknown command" exit $ERR_CRYPTSETUP_UNKNOWN Index: scripts/factory_reset.sh =================================================================== diff -u -rafc592ea044004b8b710c31bff8e7edde4e1d4c9 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/factory_reset.sh (.../factory_reset.sh) (revision afc592ea044004b8b710c31bff8e7edde4e1d4c9) +++ scripts/factory_reset.sh (.../factory_reset.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -109,7 +109,7 @@ # $2 - string: echo message [optional] { if (( $2 )); then - echo $3 + echo "$3" fi if (( $(isNonZero $1) )); then @@ -143,7 +143,7 @@ local _has_error_=$[ ! $(isFile $1)] exitError $_has_error_ $ERR_REMOVE_PRM_FIL "'$1' is not a file" - rm "$1" + rm -f "$1" _has_error_=$? exitError $_has_error_ $ERR_REMOVE_CMD_FIL "Failed $2 file deletion" Index: scripts/globals.sh =================================================================== diff -u -rb9654575709e02aecc01a01d246d7af578679387 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/globals.sh (.../globals.sh) (revision b9654575709e02aecc01a01d246d7af578679387) +++ scripts/globals.sh (.../globals.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -107,6 +107,14 @@ APPLICATION_PARAMS="&" +CloudSync_DRT_SERVER_IP=172.31.99.117 +CloudSync_DRT_SERVER_PORT=80 + +CLOUD_USER=cloud +CLOUD_HOME=/home/$CLOUD_USER +DENALI_USER=denali +DENALI_HOME=/home/$DENALI_USER + function confirm() { read -p "$1? [y,n]" -n 1 -r CONTINUE if [ "$CONTINUE" == "y" ]; then @@ -167,6 +175,26 @@ return 0 } +# Does the file contain a string? if +# not, add a line at end. +# If $1 not in $2 then append line $3 to end. +# $1 What to look for. +# $2 File name. +# $3 What to add. +function appendIfMissing() { + # q for quiet, F for regular string match, not -x because not full line. + # Done as one command because this is done remotely. + grep -qF $1 $2 || echo $3 >> $2 +} + + +# Remove all lines that contain $1 in file $2 then append $3. +# $1 What to look for. +# $2 File name. +function removeIfFound() { + sed -i /${1}/d $2 +} + function existsFolder() { if [ ! -d "$1" ]; then return "$ERR_MISSING_FOLDER" @@ -208,10 +236,14 @@ } +function disableRootSSH() { + local SSHD_CONFIG="/etc/ssh/sshd_config" + sudo sed -i '/PermitRootLogin/c\PermitRootLogin no' $SSHD_CONFIG +} + + function setupResolved() { echo nameserver 8.8.8.8 > /etc/resolv.conf - echo nameserver 192.168.10.20 >> /etc/resolv.conf # these need to be removed when/if the IoT WiFi doens't need them - echo nameserver 192.168.10.21 >> /etc/resolv.conf # these need to be removed when/if the IoT WiFi doens't need them systemctl start systemd-resolved.service } @@ -364,7 +396,8 @@ fi } -function testApplicationShasum() { + +function testApplicationShasum_setup() { # ----------------------------------------- Sha256Sum post_log_dash " Sha256Sum " #check the denali applicatoin checksum @@ -377,28 +410,44 @@ fi } + +function testApplicationShasum_local() { + # ----------------------------------------- Sha256Sum + post_log_dash " Sha256Sum " + #check the denali applicatoin checksum + SHA_ACT=$(tail -c 83 $DENALI_HOME/$DENALI_BIN | cut -c19-82) + SHA_EXP=$(head -c -83 $DENALI_HOME/$DENALI_BIN | sha256sum -b --tag | cut -c14-77) + if [ "$SHA_ACT" == "$SHA_EXP" ]; then + post_log_pass "$POSTMSG_SHASUM$POSTMSG_POSTFIX_PASSED" + else + post_log_fail "$POSTMSG_SHASUM$POSTMSG_POSTFIX_FAILED" + fi +} + + function testCloudSystem() { # ----------------------------------------- CloudSystem post_log_dash " CloudSystem " post_log "$(ip addr show $iwlan)" # -details -statistics - post_log "$(ping www.diality.com -I $iwlan -c 3 -4)" + post_log "$(ping www.diality.staging.kebormed.com -I $iwlan -c 3 -4)" } -function startCloudSync() { +function startCloudSync_setup() { # ----------------------------------------- CloudSync post_log_dash " CloudSync " - if [ -d $HOME/$CLOUDSYNC_FOLDER ]; then - # moving/ backing up the previous treatment logs so the new buff starts with fresh sequence - echo "Backing up CloudSync I/O buff" - CLOUDSYNC_PATH="$SDCARD_MNT"/"$CLOUDSYNC_FOLDER" - CLOUDSYNC_BACKUP="$CLOUDSYNC_PATH"_backup/$(timestamp)/ - mkdir -p $CLOUDSYNC_BACKUP - mv $CLOUDSYNC_PATH/* $CLOUDSYNC_BACKUP 1>> $POSTOUT 2>> $POSTERR - rm $HOME/$CLOUDSYNC_FOLDER/data/* 1>> $POSTOUT 2>> $POSTERR - cd $HOME/$CLOUDSYNC_FOLDER/ - python3 ./cs.py start & + local CLOUDSYNC_PATH=$HOME/$CLOUDSYNC_FOLDER + if [ -d $CLOUDSYNC_PATH ]; then + + # removing the previous treatment logs so the new buff starts with fresh sequence + echo "Removing CloudSync I/O buff" + local CLOUDSYNC_LOGS="$SDCARD_MNT/$CLOUDSYNC_FOLDER/" + rm $(find $CLOUDSYNC_LOGS -name "*[_inp,_out].buf" ) 1>> $POSTOUT 2>> $POSTERR + + echo "Executing the CloudSync" + cd $CLOUDSYNC_PATH + ./cs.py start debug & sleep 2 - CLOUDSYNC_STATUS="$(python3 ./cs.py status)" + CLOUDSYNC_STATUS="$(./cs.py status)" if [ "$CLOUDSYNC_STATUS" == "$POSTMSG_CLOUDSYNC_RUNNING" ]; then post_log_pass "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_PASSED" else @@ -411,15 +460,15 @@ fi } -function startApplication() { +function startApplication_setup() { # ----------------------------------------- Denali post_log_dash " Denali " #launching denali application DENALI_VERSION="$($HOME/$DENALI_BIN -v)" if [[ -n "$DENALI_VERSION" ]]; then post_log_pass "$($HOME/$DENALI_BIN -v)" # log UI Software version if [[ "$APPLICATION_PARAMS" == *"-E"* ]]; then - $HOME/$DENALI_BIN $APPLICATION_PARAMS # do not enclose the APPLICATION_PARAMS in "", then it becomes an empty parameter to the denali which is not accepted. + $HOME/$DENALI_BIN $APPLICATION_PARAMS & # do not enclose the APPLICATION_PARAMS in "", then it becomes an empty parameter to the denali which is not accepted. else $HOME/$DENALI_BIN $APPLICATION_PARAMS & fi @@ -428,6 +477,63 @@ fi } +function confirm_reboot() { + read -p "ready to reboot? [y,n]" -n 1 -r CONFIRM + if [ "$CONFIRM" == "y" ]; then + reboot + fi + echo "" +} + + +function startCloudSync_local() { + # ----------------------------------------- CloudSync + post_log_dash " CloudSync " + local CLOUDSYNC_PATH=$CLOUD_HOME/$CLOUDSYNC_FOLDER + local DATE_UTC=$(date -u +%Y_%m_%d) + if [ -d $CLOUDSYNC_PATH ]; then + + # removing the previous treatment logs so the new buff starts with fresh sequence + echo "Removing CloudSync I/O buff" + local CLOUDSYNC_LOGS="$SDCARD_MNT/$CLOUDSYNC_FOLDER/" + sudo -u $CLOUD_USER rm $(find $CLOUDSYNC_LOGS -name "*[_inp,_out].buf" ) 1>> $POSTOUT 2>> $POSTERR + + echo "Creating new bufs for the denali and cloud user" + sudo -u $CLOUD_USER touch "$CLOUDSYNC_LOGS/$DATE_UTC"_out.buf + sudo -u $DENALI_USER touch "$CLOUDSYNC_LOGS/$DATE_UTC"_inp.buf + + echo "Executing the CloudSync" + cd $CLOUDSYNC_PATH + sudo -u $CLOUD_USER ./cs.py start + sleep 2 + CLOUDSYNC_STATUS="$(sudo -u $CLOUD_USER ./cs.py status)" + if [ "$CLOUDSYNC_STATUS" == "$POSTMSG_CLOUDSYNC_RUNNING" ]; then + post_log_pass "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_PASSED" + else + post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" + fi + post_log "$CLOUDSYNC_STATUS" + cd + else + post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" + fi +} + + +function startApplication_local() { + # ----------------------------------------- Denali + post_log_dash " Denali " + #launching denali application + DENALI_VERSION="$($DENALI_HOME/$DENALI_BIN -v)" + if [ -n "$DENALI_VERSION" ]; then + post_log_pass "$DENALI_VERSION" # log UI Software version + sudo -u $DENALI_USER $DENALI_HOME/$DENALI_BIN $APPLICATION_PARAMS 1>> /tmp/denali.out 2>> /tmp/denali.out & + else + post_log_fail "Unknown Applicaion Version for $DENALI_HOME/$DENALI_BIN" + fi +} + + function timerStart() { time_start=$(date +%s) } @@ -443,6 +549,7 @@ function applicationPOST() { setupConsoleout + disableRootSSH cleanupPOSTLogs setupCANBus setupResolved @@ -453,8 +560,5 @@ setupWiFi setupBluetooth testTouchscreen - testApplicationShasum testCloudSystem - startCloudSync - startApplication } Index: scripts/lockdown.sh =================================================================== diff -u -rf51f9ce154a6891cb5bfd133409430e6800f0166 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/lockdown.sh (.../lockdown.sh) (revision f51f9ce154a6891cb5bfd133409430e6800f0166) +++ scripts/lockdown.sh (.../lockdown.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -1,142 +1,14 @@ #!/bin/bash -########################################################################### -# -# Copyright (c) 2023 Diality Inc. - All Rights Reserved. -# -# This is inpart based on scripts developed by Sunrise Labs Inc. -# -# THIS CODE MAY NOT BE COPIED OR REPRODUCED IN ANY FORM, IN PART OR IN -# WHOLE, WITHOUT THE EXPLICIT PERMISSION OF THE COPYRIGHT OWNER. -# -# @file start.sh -# -# @author (last) Philip Braica -# @date (last) 22-Mar-2023 -# @author (original) Philip Braica -# @date (original) 22-Mar-2023 -# -############################################################################ # @details # This file sets up and verifies some of the SOM security. -# Number of problems detected with security. -NUM_PROBLEMS=0 +source ./globals.sh - -############################################################################ -# Debug output (warn). -# -# Globals: -# None -# Arguments: -# $1 Start text. -# $2 The purple text. -# Outputs: -# Warning text. -############################################################################ -function debug() { - echo -en "\033[0;34mDbg: \033[0m${1}\n" -} - -############################################################################ -# Green output (info). -# -# Globals: -# None -# Arguments: -# $1 Start text. -# $2 The green text. -# Outputs: -# Info text. -############################################################################ -function info() { - echo -en "\033[0;32mInfo: \033[0m${1}\n" -} - -############################################################################ -# Purple output (warn). -# -# Globals: -# None -# Arguments: -# $1 Start text. -# $2 The purple text. -# Outputs: -# Warning text. -############################################################################ -function warn() { - echo -en "\033[0;35mWarn: \033[0m${1}\n" -} - -############################################################################ -# Red output (error). -# -# Globals: -# None -# Arguments: -# $1 Start text. -# $2 The red text. -# Outputs: -# Error text. -############################################################################ -function error() { - echo -en "\033[0;31mError: \033[0m${1}\n" -} - -############################################################################ -# Does the file contain a string? if -# not, add a line at end. -# If $1 not in $2 then append line $3 to end. -# -# Globals: -# None -# Arguments: -# $1 What to look for. -# $2 File name. -# $3 What to add. -# Outputs: -# None -############################################################################ -function appendIfMissing() { - - # q for quiet, F for regular string match, not -x because not full line. - # Done as one command because this is done remotely. - grep -qF $1 $2 || echo $3 >> $2 -} - -############################################################################ -# Remove all lines that contain $1 in file $2 then append $3. -# -# Globals: -# None -# Arguments: -# $1 What to look for. -# $2 File name. -# Outputs: -# None -############################################################################ -function removeIfFound() { - sed -i /${1}/d $2 -} - -############################################################################ -# Allow the denali app to run specific commands as root. -# -# Globals: -# None -# Arguments: -# None -# Outputs: -# None -############################################################################ -function updateSudoers() { - - # Allow the denali user to execute specific commands as root. - echo " +CONTENT_SUDOERS=" Defaults env_reset Defaults mail_badpass -Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin" +Defaults secure_path=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin\" Defaults use_pty # User privilege specification @@ -181,91 +53,103 @@ denali ALL=(root) NOPASSWD: /bin/mkdir * denali ALL=(root) NOPASSWD: /usr/sbin/cryptsetup * denali ALL=(root) NOPASSWD: /sbin/mkfs.ext4 * -" > /etc/sudoers -} +" -############################################################################ -# Turn on IPTables Firewall security. -# -# Globals: -# None -# Arguments: -# None -# Outputs: -# None -############################################################################ -function secureIPTables() { - local fileTarget="/etc/iptables/iptables.rules" +CONTENT_IPTABLES=" +*filter - # Flush current iptable configuration. - iptables -F +# Set default chain policies +:INPUT DROP [0:0] +:FORWARD DROP [0:0] +:OUTPUT ACCEPT [0:0] - # Allow established connections to come input. - iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT +# Accept all connections via lo interface +-A INPUT -i lo -j ACCEPT +-A OUTPUT -o lo -j ACCEPT - # Localhost - iptables -A INPUT -i lo -j ACCEPT +# Accept SSH connections +-A INPUT -p tcp --dport 22 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +-A OUTPUT -p tcp --sport 22 -m conntrack --ctstate ESTABLISHED -j ACCEPT - # SSH - iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT - iptables -A OUTPUT -p tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT +# Accept incoming VNC connections +# -A INPUT -p tcp --dport 5900 -m conntrack --ctstate NEW,ESTABLISHED -j ACCEPT +# -A OUTPUT -p tcp --sport 5900 -m conntrack --ctstate ESTABLISHED -j ACCEPT - # Default Rules - iptables -A INPUT -j DROP - iptables -A FORWARD -j DROP - iptables -A OUTPUT -j ACCEPT +# Allow established inbound connections +-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT - iptables-save > $fileTarget +COMMIT +" + +CONTENT_SSHD_CONFIG=" +# $OpenBSD: sshd_config,v 1.102 2018/02/16 02:32:40 djm Exp $ + +# This is the sshd server system-wide configuration file. See +# sshd_config(5) for more information. + +# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin +LoginGraceTime 2m +PermitRootLogin no + +AuthorizedKeysFile .ssh/authorized_keys + +PasswordAuthentication no +PermitEmptyPasswords yes + +ChallengeResponseAuthentication yes + +UsePAM yes + +Compression no +ClientAliveInterval 15 +ClientAliveCountMax 4 + +Subsystem sftp /usr/libexec/sftp-server +" + + +# Allow the denali app to run specific commands as root. +function updateSudoers() { + # ----------------------------------------- Update Sudoers + post_log_dash " Update Sudoers " + local fileTarget="/etc/sudoers" + # Allow the denali user to execute specific commands as root. + echo "$CONTENT_SUDOERS" > $fileTarget } -############################################################################ + +# Turn on IPTables Firewall security. +function secureIPTables() { + # ----------------------------------------- Secure Iptables + post_log_dash " Secure Iptables " + local fileTarget="/etc/iptables/iptables.rules" + iptables -F + echo "$CONTENT_IPTABLES" > $fileTarget +} + + # Turn on some ssh security. -# -# Globals: -# None -# Arguments: -# None -# Outputs: -# None -############################################################################ function secureSsh() { - local fileTarget="/etc/ssh/sshd_config" + # ----------------------------------------- Secure SSH + post_log_dash " Secure SSH " + local fileTarget="/etc/ssh/sshd_config" - # + echo "$CONTENT_SSHD_CONFIG" > $fileTarget + chown -R root.denali ${fileTarget} chmod -R g+rw ${fileTarget} - # Remove add PermitRootLogin settings then add one to turn it off. - removeIfFound "PermitRootLogin" ${fileTarget} - appendIfMissing "PermitRootLogin" ${fileTarget} "PermitRootLogin no" - # Restart service on remote. systemctl restart system-sshd.slice } -############################################################################ -# Move the customers app files to the app users home directories, -# changed the owner, and set the immutable attribute. -# -# Globals: -# None -# Arguments: -# None -# Outputs: -# None -############################################################################ -function moveCustomerAppFiles() { - # Unset the immutable attribute for all of the files in case we - # are rerunning this script. - chattr -R -i /home/cloud/* +function secureDenali() { + # ----------------------------------------- Secure the denali + post_log_dash " Secure the denali " + # Unset the immutable attribute for all of the files in case we are rerunning this script. chattr -R -i /home/denali/* - # Move the files - if [ -d ~/cloudsync ]; then - rm -rf /home/cloud/cloudsync - mv ~/cloudsync /home/cloud/ - fi if [ -f ~/denali ]; then rm -f /home/denali/denali @@ -277,43 +161,66 @@ mv ~/scripts /home/denali/ fi - # Change the file owners. - chown -R cloud.cloud /home/cloud - chmod -R o-rwx /home/cloud chown -R denali.denali /home/denali chmod -R o-rwx /home/denali } -############################################################################ + +function secureCloudSync() { + # ----------------------------------------- Secure the CloudSync + post_log_dash " Secure the CloudSync " + # Unset the immutable attribute for all of the files in case we are rerunning this script. + chattr -R -i /home/cloud/* + + if [ -d ~/cloudsync ]; then + rm -rf /home/cloud/cloudsync + mv ~/cloudsync /home/cloud/ + fi + + chown -R cloud.cloud /home/cloud + chmod -R o-rwx /home/cloud +} + + # Set all permissions for our users that # are not root. -# -# Globals: -# None -# Arguments: -# None -# Outputs: -# None -############################################################################ function setPermissionsCustomerAppFiles() { + # ----------------------------------------- Secure the filesystem + post_log_dash " Secure the filesystem " - # Make sure the the other users have no access to these directories. + # TODO there seem to be some duplicate commands here to review later. + + # Make sure the other users have no access to these directories. chmod -R o-rwx /home/cloud chmod -R o-rwx /home/denali chmod u+rx /home/denali/denali # Give read-only access to denali by making the group owner. - mkdir -p /var/configuration/CloudSync - chown -R cloud.denali /var/configuration/CloudSync - chmod -R g-w,g+r,o-rwx /var/configuration/CloudSync + mkdir -p /var/configurations/CloudSync + chown -R cloud.denali /var/configurations/CloudSync + chmod -R g-w,g+r,o-rwx /var/configurations/CloudSync + # Give read-only access to cloud by making the group owner. + mkdir -p /var/configurations/treatment + chown -R denali.cloud /var/configurations/treatment + chmod -R g-w,g+r,o-rwx /var/configurations/treatment + + # Give read-only access to cloud by making the group owner. + mkdir -p /var/configurations/treatment/pending/ + chown -R denali.cloud /var/configurations/treatment/pending/ + chmod -R g-w,g+r,o-rwx /var/configurations/treatment/pending/ + + # Give read-only access to denali by making the group owner. mkdir -p /media/sd-card/cloudsync chown -R cloud.denali /media/sd-card/cloudsync chmod -R u+rw,g+rw,o-rwx /media/sd-card/cloudsync # Give read-write access to denali by making it the owner. + mkdir -p /media/sd-card/log chown -R denali.denali /media/sd-card/log + + mkdir -p /media/sd-card/service chown -R denali.denali /media/sd-card/service # Set the immutable attribute for all of the files. @@ -326,22 +233,39 @@ usermod -a -G tty denali } +function cleanup() { + # ----------------------------------------- Remove the setup files + post_log_dash " Remove the setup files " + + rm $SETUP_CONF_FILE + rm /home/root/setup.sh + rm -frd $HOME/.ssh + rm -frd /media/sd-card/* + +} + function main() { + cleanup + + secureDenali + secureCloudSync - # Move the App Files to their home directories and setup the file - # permissions needed to make them work. - moveCustomerAppFiles setPermissionsCustomerAppFiles updateSudoers - # Block incoming traffic except for ssh and established. secureIPTables - # Turn off root login in by ssh. -# secureSsh + secureSsh + } # Running the main function -main +main -exit 0 +rm $(basename $0) + +sync +sync +sync + +reboot Index: scripts/run.sh =================================================================== diff -u -r01b9447a564c79628976078d442b8fa198adec97 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/run.sh (.../run.sh) (revision 01b9447a564c79628976078d442b8fa198adec97) +++ scripts/run.sh (.../run.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -20,100 +20,9 @@ HOME=/home/$(whoami) source ./globals.sh -CLOUD_USER=cloud -CLOUD_HOME=/home/$CLOUD_USER -DENALI_USER=denali -DENALI_HOME=/home/$DENALI_USER - - -function Local_testApplicationShasum() { - # ----------------------------------------- Sha256Sum - post_log_dash " Sha256Sum " - #check the denali applicatoin checksum - SHA_ACT=$(tail -c 83 $DENALI_HOME/$DENALI_BIN | cut -c19-82) - SHA_EXP=$(head -c -83 $DENALI_HOME/$DENALI_BIN | sha256sum -b --tag | cut -c14-77) - if [ "$SHA_ACT" == "$SHA_EXP" ]; then - post_log_pass "$POSTMSG_SHASUM$POSTMSG_POSTFIX_PASSED" - else - post_log_fail "$POSTMSG_SHASUM$POSTMSG_POSTFIX_FAILED" - fi -} - - -function Local_startCloudSync() { - # ----------------------------------------- CloudSync - post_log_dash " CloudSync " - if [ -d $HOME/$CLOUDSYNC_FOLDER ]; then - # moving/ backing up the previous treatment logs so the new buff starts with fresh sequence - echo "Backing up CloudSync I/O buff" - CLOUDSYNC_PATH="$SDCARD_MNT"/"$CLOUDSYNC_FOLDER" - CLOUDSYNC_BACKUP="$CLOUDSYNC_PATH"_backup/$(timestamp)/ - mkdir -p $CLOUDSYNC_BACKUP - sudo -u $CLOUD_USER \ - mv $CLOUDSYNC_PATH/* $CLOUDSYNC_BACKUP \ - 1>> $POSTOUT 2>> $POSTERR - sudo -u $CLOUD_USER \ - rm $CLOUD_HOME/$CLOUDSYNC_FOLDER/data/* \ - 1>> $POSTOUT 2>> $POSTERR - cd $CLOUD_HOME/$CLOUDSYNC_FOLDER/ - sudo -u $CLOUD_USER \ - python3 ./cs.py start & - sleep 2 - CLOUDSYNC_STATUS="$(sudo -u $CLOUD_USER python3 ./cs.py status)" - if [ "$CLOUDSYNC_STATUS" == "$POSTMSG_CLOUDSYNC_RUNNING" ]; then - post_log_pass "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_PASSED" - else - post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" - fi - post_log "$CLOUDSYNC_STATUS" - cd - else - post_log_fail "$POSTMSG_CLOUDSYNC$POSTMSG_POSTFIX_FAILED" - fi -} - - -function Local_startApplication() { - # ----------------------------------------- Denali - post_log_dash " Denali " - #launching denali application - DENALI_VERSION="$($DENALI_HOME/$DENALI_BIN -v)" - if [ -n "$DENALI_VERSION" ]; then - post_log_pass "$($DENALI_HOME/$DENALI_BIN -v)" # log UI Software version - if [ "$APPLICATION_PARAMS" == *"-E"* ]; then - # do not enclose the APPLICATION_PARAMS in "", then it becomes an - # empty parameter to the denali which is not accepted. - sudo -u $DENALI_USER \ - $DENALI_HOME/$DENALI_BIN $APPLICATION_PARAMS - else - sudo -u $DENALI_USER \ - $DENALI_HOME/$DENALI_BIN $APPLICATION_PARAMS & - fi - else - post_log_fail "Unknown Applicaion Version for $DENALI_HOME/$DENALI_BIN" - fi -} - - -function Local_applicationPOST() { - setupConsoleout - cleanupPOSTLogs - setupCANBus - setupResolved - killApplication - setupEthernet - setupSDCard - testRTC - setupWiFi - setupBluetooth - testTouchscreen - Local_testApplicationShasum - testCloudSystem - Local_startCloudSync - Local_startApplication -} - - timerStart -Local_applicationPOST +applicationPOST +testApplicationShasum_local +startCloudSync_local +startApplication_local timerEndLog Index: scripts/setup.sh =================================================================== diff -u -rb9654575709e02aecc01a01d246d7af578679387 -r1e9d99fa2087d302e69c616b5a2420e010abe164 --- scripts/setup.sh (.../setup.sh) (revision b9654575709e02aecc01a01d246d7af578679387) +++ scripts/setup.sh (.../setup.sh) (revision 1e9d99fa2087d302e69c616b5a2420e010abe164) @@ -31,9 +31,7 @@ echo_dash_comment confirm "Continue" if [ $? -eq $FALSE ]; then - # Since the UI will still work without the SD-Card, but won't log, - #exit $ERR_SD_CARD # Do not exit the setup for now, - return $FALSE # And let the user to format and insert the sd-card later. + exit $ERR_SD_CARD fi else break @@ -55,8 +53,24 @@ fi fi - echo "Unmount the SD-Card if is in use" - umount "$SDCARD_PRT" + while true; do + echo "Unmount the SD-Card if is in use" + umount "$SDCARD_PRT" + if [ ! "$( mount | grep $SDCARD_PRT)" == "" ]; then # is still mounted + if [ $? -eq $FALSE ]; then # if SD-Card cannot the unmounted then stop the format. + echo "The SD-Card $SDCARD_DEV cannot be unmounted, therefore cannot be formatted" + confirm "Do you want to retry?" + if [ $? -eq $FALSE ]; then + return $FALSE # do not continue with format + fi + else + break + fi + else + break + fi + done + echo "Removing current partitions" sfdisk --delete $SDCARD_DEV 1>/dev/null 2>/dev/null echo "Create new partition" @@ -101,6 +115,11 @@ systemctl disable connman systemctl disable qtlauncher systemctl disable ebikedata + + echo "Stop the boot2Qt setvices" + killall qtlauncher + killall datacollector + killall appcontroller } function setup_denali() { @@ -117,8 +136,8 @@ } function disable_autostart() { - # in case the device is alread setup, disable the autostart of the application until the setup script enables it. - rm -f $INITD_LOCATION$INITD_AUTOSTART + # in case the device is alread setup, disable the autostart of the application until the setup script enables it. + rm -f $INITD_LOCATION$INITD_AUTOSTART } function enable_autostart() { @@ -127,43 +146,37 @@ update-rc.d $INITD_AUTOSTART defaults } +function enableDRT() { + # trying to temporarily add the DRT server input open for the device registration + iptables -A INPUT -p tcp -s $CloudSync_DRT_SERVER_IP --dport $CloudSync_DRT_SERVER_PORT -j ACCEPT + # enables the ping from the DRT server to the device [ useful for testing ] + iptables -A INPUT -p icmp --icmp-type echo-request -s $CloudSync_DRT_SERVER_IP -j ACCEPT +} + function manufacturingMode() { if [ "$(grep $SETUP_ENABLE_MANUFACTURING_MODE $SETUP_CONF_FILE)" != "" ]; then # -E for Maunufacturing mode # -a for disabling the non-minimizable Alarms - APPLICATION_PARAMS="-E -a" # don't use '&', we have to wait until user is done with UI + APPLICATION_PARAMS="-E -a" + enableDRT applicationPOST + testApplicationShasum_setup + startCloudSync_setup + startApplication_setup fi } -function confirm_reboot() { - read -p "ready to reboot? [y,n]" -n 1 -r CONFIRM - if [ "$CONFIRM" == "y" ]; then - rm $0 - reboot - fi - echo "" -} - -function cleanup() { - rm $SETUP_CONF_FILE - rm $(basename $0) - rm -frd $HOME/.ssh -} - function main() { - disable_autostart - format_sdcard - set_timezone - set_datetime "$1" "$2" - diable_b2qt_services - setup_denali - enable_autostart - manufacturingMode - cleanup + disable_autostart + format_sdcard + set_timezone + set_datetime "$1" "$2" + diable_b2qt_services + setup_denali + enable_autostart + manufacturingMode } main "$1" "$2" -confirm_reboot exit 0