fatalerrors/profile
1
0
Fork 0
Code Issues Pull Requests Projects Releases 9 Wiki Activity

Compare commits

base: fatalerrors:ac66e896dd10317a1faff0fb72bb159d249d21dc
Branches Tags
fatalerrors:master
fatalerrors:v3.6.1 fatalerrors:v3.6.0 fatalerrors:v3.3.1 fatalerrors:v3.2.3 fatalerrors:v3.2.2 fatalerrors:v3.2.1 fatalerrors:v3.2.0 fatalerrors:v3.1.1 fatalerrors:v3.1.0
..
compare: fatalerrors:8fe11776cb30397e3b5d8c2357dd391784b4ccf5
Branches Tags
fatalerrors:master
fatalerrors:v3.6.1 fatalerrors:v3.6.0 fatalerrors:v3.3.1 fatalerrors:v3.2.3 fatalerrors:v3.2.2 fatalerrors:v3.2.1 fatalerrors:v3.2.0 fatalerrors:v3.1.1 fatalerrors:v3.1.0

4 Commits
ac66e896dd ... 8fe11776cb

Author SHA1 Message Date
fatalerrors
8fe11776cb add --all-users to rmhost, hardening 2026-04-01 17:54:23 +02:00
fatalerrors
0737d0c647 reworked genpwd / introduce pwdscore 2026-04-01 17:52:09 +02:00
fatalerrors
d72fa1a712 hardening 2026-04-01 17:21:54 +02:00
fatalerrors
08e9e6c799 greatly improved upgrade system 2026-04-01 17:20:49 +02:00
4 changed files with 657 additions and 195 deletions
Expand all files Collapse all files

1
profile.d/help.sh
View File

@@ -63,6 +63,7 @@ help()
printf "ppn\t\tDisplay process matching the exact process name given in parameter\n" printf "ppn\t\tDisplay process matching the exact process name given in parameter\n"
printf "ppu\t\tDisplay processes owned by the given user\n" printf "ppu\t\tDisplay processes owned by the given user\n"
printf "profile_upgrade\tUpgrade profile to the latest version\n" printf "profile_upgrade\tUpgrade profile to the latest version\n"
printf "pwdscore\tCalculate password strength score\n"
printf "rain\t\tLet the rain fall\n" printf "rain\t\tLet the rain fall\n"
printf "rmhost\t\tRemove host (IP and/or DNS name) from current known_hosts\n" printf "rmhost\t\tRemove host (IP and/or DNS name) from current known_hosts\n"
printf "rmspc\t\tRemove spaces from file and directory names\n" printf "rmspc\t\tRemove spaces from file and directory names\n"

335
profile.d/pwd.sh
View File

@@ -53,21 +53,22 @@
genpwd() genpwd()
{ {
local length=16 local length=16
local occurs=2 # Bug, if set to 1, seems to be ignored local occurs=2
local symb=1 maj=1 min=1 numb=1 local symb=1 maj=1 min=1 numb=1
local nbpwd=1 local nbpwd=1
local extcar local extcar=""
local PARSED local PARSED
PARSED=$(getopt -o hsnule:L:o: --long \ PARSED=$(getopt -o hsnule:L:o: --long \
help,nosymbols,nonumbers,noup,nolow,extracars:,length:,occurences: -n 'genpwd' -- "$@") help,nosymbols,nonumbers,noup,nolow,extracars:,length:,occurences:,occurrences: \
-n 'genpwd' -- "$@")
if [[ $? -ne 0 ]]; then return 1; fi if [[ $? -ne 0 ]]; then return 1; fi
eval set -- "$PARSED" eval set -- "$PARSED"
while true; do while true; do
case "$1" in case "$1" in
-h|--help) -h|--help)
printf "genpwd: Generate secure random password(s).\n\n" printf "genpwd: Generate random password(s).\n\n"
printf "Usage: genpwd [options] [nb_passwd]\n\n" printf "Usage: genpwd [options] [nb_passwd]\n\n"
printf "Options:\n" printf "Options:\n"
printf "\t-h, --help\t\tDisplay this help screen\n" printf "\t-h, --help\t\tDisplay this help screen\n"
@@ -75,9 +76,9 @@ local PARSED
printf "\t-n, --nonumbers\t\tExclude numbers\n" printf "\t-n, --nonumbers\t\tExclude numbers\n"
printf "\t-u, --noup\t\tExclude uppercase letters\n" printf "\t-u, --noup\t\tExclude uppercase letters\n"
printf "\t-l, --nolow\t\tExclude lowercase letters\n" printf "\t-l, --nolow\t\tExclude lowercase letters\n"
printf "\t-e, --extracars <c>\tAdd characters to list\n" printf "\t-e, --extracars <c>\tAdd characters to the pool\n"
printf "\t-L, --length <n>\tSet password length (default: 16)\n" printf "\t-L, --length <n>\tSet password length (default: 16)\n"
printf "\t-o, --occurences <n>\tMax occurences per character (default: 2)\n" printf "\t-o, --occurences <n>\tMax occurrences per character (default: 2)\n"
return 0 return 0
;; ;;
-s|--nosymbols) -s|--nosymbols)
@@ -102,102 +103,306 @@ local PARSED
;; ;;
-L|--length) -L|--length)
length="$2" length="$2"
if ! [[ $length =~ ^[0-9]+$ ]]; then if ! [[ $length =~ ^[1-9][0-9]*$ ]]; then
disp E "The --length parameter requires a number." disp E "The --length parameter requires a positive integer."
return 1 return 1
fi fi
shift 2 shift 2
;; ;;
-o|--occurences) -o|--occurences|--occurrences)
occurs="$2" occurs="$2"
if ! [[ $occurs =~ ^[1-9]+$ ]]; then if ! [[ $occurs =~ ^[1-9][0-9]*$ ]]; then
disp E "The --occurs parameter requires a number from 1 to 9." disp E "The --occurences parameter requires a positive integer."
return 1 return 1
fi fi
shift 2 shift 2
;; ;;
--) --)
shift; break shift
break
;; ;;
*) *)
break disp E "Invalid options, use \"genpwd --help\" to display usage."
return 1
;; ;;
esac esac
done done
if [[ -n "$1" ]]; then if [[ $# -gt 1 ]]; then
disp E "Too many positional arguments. Use only [nb_passwd]."
return 1
fi
if [[ $# -eq 1 ]]; then
nbpwd="$1" nbpwd="$1"
if ! [[ $nbpwd =~ ^[0-9]+$ ]]; then if ! [[ $nbpwd =~ ^[1-9][0-9]*$ ]]; then
disp E "The number of password to generate must be a number." disp E "The number of passwords to generate must be a positive integer."
return 1 return 1
fi fi
fi fi
# Function selecting a random caracter from the list in parameter local carset=""
pickcar() { local unique_carset=""
# When a character is picked we check if it's not appearing already twice local ch=""
# elsewhere, we choose an other char, to compensate weak bash randomizer local i=0
while [[ -z $char ]]; do local n=0
local char="${1:RANDOM%${#1}:1} $RANDOM" local idx=0
if [[ $(awk -F"$char" '{print NF-1}' <<<"$picked") -gt $occurs ]]; then local attempts=0
unset char local count=0
fi local max_attempts=0
done local set=""
picked+="$char" local char=""
echo "$char" local -a required_sets=()
} declare -A seen_chars=()
disp I "Generating $nbpwd passwords, please wait..." (( symb )) && {
for (( n=1; n<=nbpwd; n++ )); do required_sets+=('!.@#&%/^-_')
{
local carset='' # store final caracter set to use
local picked='' # store already used caracter
local rlength=0 # store already assigned length of caracters
# ?, *, $ and \ impossible to use to my knowledge as it would be interpreted
if [[ $symb == 1 ]]; then
pickcar '!.@#&%/^-_'
carset+='!.@#&%/^-_' carset+='!.@#&%/^-_'
((rlength++)) }
fi (( numb )) && {
if [[ $numb == 1 ]]; then required_sets+=('0123456789')
pickcar '0123456789'
carset+='0123456789' carset+='0123456789'
((rlength++)) }
fi (( maj )) && {
if [[ $maj == 1 ]]; then required_sets+=('ABCDEFGHIJKLMNOPQRSTUVWXYZ')
pickcar 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'
carset+='ABCDEFGHIJKLMNOPQRSTUVWXYZ' carset+='ABCDEFGHIJKLMNOPQRSTUVWXYZ'
((rlength++)) }
fi (( min )) && {
if [[ $min == 1 ]]; then required_sets+=('abcdefghijklmnopqrstuvwxyz')
pickcar 'abcdefghijklmnopqrstuvwxyz'
carset+='abcdefghijklmnopqrstuvwxyz' carset+='abcdefghijklmnopqrstuvwxyz'
((rlength++)) }
fi
if [[ -n $extcar ]]; then if [[ -n $extcar ]]; then
pickcar "$extcar" required_sets+=("$extcar")
carset+=$extcar carset+="$extcar"
((rlength++))
fi fi
# Check if we have enough car to have something viable if [[ -z $carset ]]; then
if [[ ${#carset} -lt $length ]]; then disp E "No characters are available. Re-enable at least one character class."
disp E 'Not enought caracters are authorised for the password length.'
disp E 'Please allow more caracter (preferably) or reduce password lentgh.'
return 1 return 1
fi fi
for i in $(seq 1 $(($length - $rlength))); do for (( i=0; i<${#carset}; i++ )); do
pickcar "$carset" ch=${carset:i:1}
if [[ -z ${seen_chars["$ch"]+x} ]]; then
seen_chars["$ch"]=1
unique_carset+="$ch"
fi
done done
} | sort -R | awk '{printf "%s", $1}' unset seen_chars
unset picked carset rlength carset="$unique_carset"
echo
if (( ${#required_sets[@]} > length )); then
disp E "The selected character classes require a longer password."
return 1
fi
if (( length > ${#carset} * occurs )); then
disp E "The occurrence limit is too strict for the selected length."
disp E "Please allow more characters or increase --occurences."
return 1
fi
disp I "Generating $nbpwd password(s), please wait..."
for (( n=1; n<=nbpwd; n++ )); do
local -a password_chars=()
local -A char_count=()
max_attempts=$(( ${#carset} * (occurs + 1) + 32 ))
for set in "${required_sets[@]}"; do
attempts=0
while :; do
if (( attempts >= max_attempts )); then
disp E "Unable to satisfy the occurrence limit with the current settings."
return 1
fi
idx=$(( RANDOM % ${#set} ))
char=${set:idx:1}
count=${char_count["$char"]:-0}
if (( count < occurs )); then
char_count["$char"]=$(( count + 1 ))
password_chars+=("$char")
break
fi
((attempts++))
done
done
while (( ${#password_chars[@]} < length )); do
attempts=0
while :; do
if (( attempts >= max_attempts )); then
disp E "Unable to satisfy the occurrence limit with the current settings."
return 1
fi
idx=$(( RANDOM % ${#carset} ))
char=${carset:idx:1}
count=${char_count["$char"]:-0}
if (( count < occurs )); then
char_count["$char"]=$(( count + 1 ))
password_chars+=("$char")
break
fi
((attempts++))
done
done
for (( i=${#password_chars[@]} - 1; i>0; i-- )); do
idx=$(( RANDOM % (i + 1) ))
char=${password_chars[i]}
password_chars[i]=${password_chars[idx]}
password_chars[idx]=$char
done
printf '%s' "${password_chars[@]}"
printf '\n'
done done
} }
export -f genpwd export -f genpwd
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# pwdscore : score a password quality from 1 to 100
# Usage: pwdscore [options] <password>
pwdscore()
{
local verbose=0
local PARSED
PARSED=$(getopt -o hv --long help,verbose -n 'pwdscore' -- "$@")
if [[ $? -ne 0 ]]; then return 1; fi
eval set -- "$PARSED"
while true; do
case "$1" in
-h|--help)
printf "pwdscore: Score a password from 1 to 100.\n\n"
printf "Usage: pwdscore [options] <password>\n\n"
printf "Options:\n"
printf "\t-h, --help\t\tDisplay this help screen\n"
printf "\t-v, --verbose\t\tShow details about the computed score\n"
return 0
;;
-v|--verbose)
verbose=1
shift
;;
--)
shift
break
;;
*)
disp E "Invalid options, use \"pwdscore --help\" to display usage."
return 1
;;
esac
done
[[ $# -ne 1 ]] && {
disp E "Please provide exactly one password to score."
return 1
}
local password="$1"
local lower=${password,,}
local length=${#password}
local score=0
local rating="very weak"
local unique_count=0
local i=0 idx=0
local c1=0 c2=0 c3=0
local ch=""
local has_lower=0 has_upper=0 has_digit=0 has_symbol=0
local -A seen=()
if [[ -z $password ]]; then
printf '1\n'
return 0
fi
if (( length >= 20 )); then
score=40
elif (( length >= 16 )); then
score=34
elif (( length >= 12 )); then
score=28
elif (( length >= 8 )); then
score=18
else
score=$(( length * 2 ))
fi
[[ $password =~ [a-z] ]] && { has_lower=1; ((score += 12)); }
[[ $password =~ [A-Z] ]] && { has_upper=1; ((score += 12)); }
[[ $password =~ [0-9] ]] && { has_digit=1; ((score += 12)); }
[[ $password =~ [^[:alnum:]] ]] && { has_symbol=1; ((score += 14)); }
for (( i=0; i<length; i++ )); do
ch=${password:i:1}
if [[ -z ${seen["$ch"]+x} ]]; then
seen["$ch"]=1
((unique_count++))
fi
done
(( score += (unique_count * 10) / length ))
if [[ $lower =~ (password|admin|root|qwerty|azerty|welcome|letmein|secret|changeme) ]]; then
((score -= 25))
fi
if [[ $lower =~ (1234|abcd|qwer|0000|1111|aaaa) ]]; then
((score -= 15))
fi
[[ $password =~ (.)\1\1 ]] && ((score -= 10))
(( length < 8 )) && ((score -= 10))
(( unique_count * 2 < length )) && ((score -= 10))
for (( idx=0; idx<length-2; idx++ )); do
printf -v c1 '%d' "'${lower:idx:1}"
printf -v c2 '%d' "'${lower:idx+1:1}"
printf -v c3 '%d' "'${lower:idx+2:1}"
if (( (c2 == c1 + 1 && c3 == c2 + 1) || \
(c2 == c1 - 1 && c3 == c2 - 1) )); then
((score -= 10))
break
fi
done
(( score < 1 )) && score=1
(( score > 100 )) && score=100
if (( score >= 90 )); then
rating='excellent'
elif (( score >= 75 )); then
rating='strong'
elif (( score >= 60 )); then
rating='good'
elif (( score >= 40 )); then
rating='fair'
elif (( score >= 20 )); then
rating='weak'
fi
if (( verbose )); then
printf 'Score: %d/100\n' "$score"
printf 'Rating: %s\n' "$rating"
printf 'Length: %d\n' "$length"
printf 'Lowercase: %s\n' "$([[ $has_lower -eq 1 ]] && echo yes || echo no)"
printf 'Uppercase: %s\n' "$([[ $has_upper -eq 1 ]] && echo yes || echo no)"
printf 'Digits: %s\n' "$([[ $has_digit -eq 1 ]] && echo yes || echo no)"
printf 'Symbols: %s\n' "$([[ $has_symbol -eq 1 ]] && echo yes || echo no)"
printf 'Unique chars: %d\n' "$unique_count"
else
printf '%d\n' "$score"
fi
}
export -f pwdscore
# ------------------------------------------------------------------------------
# EOF # EOF

142
profile.d/ssh.sh
View File

@@ -35,74 +35,118 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Remove host from know_host (name and IP) for the active user # Remove host entries (name and IP) from ~/.ssh/known_hosts for the active user
# Usage: rmhost <hostname|ip> [hostname2|ip2 [...]] # Usage: rmhost <hostname|ip> [hostname2|ip2 [...]]
rmhost() rmhost()
{ {
local PARSED local PARSED
PARSED=$(getopt -o h --long help -n 'rmhost' -- "$@") local all_users=0
local -a known_hosts_files=()
PARSED=$(getopt -o ha --long help,all-users -n 'rmhost' -- "$@")
if [[ $? -ne 0 ]]; then return 1; fi if [[ $? -ne 0 ]]; then return 1; fi
eval set -- "$PARSED" eval set -- "$PARSED"
while true; do while true; do
case "$1" in case "$1" in
-h|--help) -h|--help)
printf "rmhost: Remove host/IP from ~/.ssh/known_hosts.\n\n" printf "rmhost: Remove host/IP from known_hosts files.\n\n"
printf "Usage: rmhost <hostname|ip> [hostname2|ip2 ...]\n\n" printf "Usage: rmhost [--all-users] <hostname|ip> [hostname2|ip2 ...]\n\n"
printf "Options:\n" printf "Options:\n"
printf " -a, --all-users Remove entries from all local users when run as root\n"
printf " -h, --help Display this help screen\n" printf " -h, --help Display this help screen\n"
return 0 return 0
;; ;;
-a|--all-users)
all_users=1
shift
;;
--) --)
shift shift
break break
;; ;;
*) *)
disp E "Invalid options, use \"rmhost --help\" to display usage." disp E "Invalid options, use \"rmhost --help\" to display usage."
break return 1
;; ;;
esac esac
done done
# Validation: Ensure at least one argument remains [[ $# -eq 0 ]] && {
if [[ $# -eq 0 ]]; then
disp E "Missing argument. Use 'rmhost --help' for usage." disp E "Missing argument. Use 'rmhost --help' for usage."
return 1 return 1
}
command -v ssh-keygen >/dev/null 2>&1 || {
disp E "ssh-keygen is not installed."
return 127
}
if (( all_users )); then
[[ ${EUID:-$(id -u)} -eq 0 ]] || {
disp E "Option --all-users is only available when run as root."
return 1
}
while IFS=: read -r _ _ _ _ _ home _; do
[[ -n $home && -f $home/.ssh/known_hosts ]] || continue
known_hosts_files+=("$home/.ssh/known_hosts")
done < /etc/passwd
[[ -f /etc/ssh/ssh_known_hosts ]] && \
known_hosts_files+=("/etc/ssh/ssh_known_hosts")
[[ ${#known_hosts_files[@]} -gt 0 ]] || {
disp W "No known_hosts files found for local users."
return 0
}
else
known_hosts_files=("${HOME}/.ssh/known_hosts")
fi fi
for target in "$@"; do for target in "$@"; do
local hst=$target local hst="$target"
isipv4 "$hst" >/dev/null local ip=""
local v4=$? local v4=1
isipv6 "$hst" >/dev/null local v6=1
local v6=$?
isipv4 "$hst" >/dev/null 2>&1; v4=$?
isipv6 "$hst" >/dev/null 2>&1; v6=$?
if [[ $v4 -eq 0 || $v6 -eq 0 ]]; then if [[ $v4 -eq 0 || $v6 -eq 0 ]]; then
local ip=$hst ip="$hst"
unset hst hst=""
fi
unset v4 v6
if [[ ! $ip && $hst ]]; then
if ! ip=$(host "$hst" 2>/dev/null | awk '/has address/ {print $NF; exit}'); then
disp E "Impossible to extract IP from hostname." &&
return 1
fi
[[ -z $ip ]] && {
disp E "Impossible to extract IP from hostname."
return 1;
}
fi fi
if [[ $hst ]]; then if [[ -z ${ip:-} && -n ${hst:-} ]]; then
disp I "Removing host $hst from ssh known_host..." if command -v host >/dev/null 2>&1; then
ssh-keygen -R $hst >/dev/null ip=$(host "$hst" 2>/dev/null |
awk '/has address|has IPv6 address/ {print $NF; exit}')
elif command -v getent >/dev/null 2>&1; then
ip=$(getent ahosts "$hst" 2>/dev/null | awk 'NR == 1 {print $1; exit}')
else
disp W "No resolver tool found; removing hostname only for '$hst'."
fi fi
if [[ $ip ]]; then
disp I "Removing IP $ip from ssh known_host..." [[ -z ${ip:-} ]] && \
ssh-keygen -R $ip >/dev/null disp W "Could not resolve IP for '$hst'; removing hostname only."
fi fi
unset hst ip
local known_hosts_file=""
for known_hosts_file in "${known_hosts_files[@]}"; do
if [[ -n ${hst:-} ]]; then
disp I "Removing host $hst from $known_hosts_file..."
if ! ssh-keygen -R "$hst" -f "$known_hosts_file" >/dev/null 2>&1; then
disp W "No known_hosts entry found for '$hst' in '$known_hosts_file'."
fi
fi
if [[ -n ${ip:-} ]]; then
disp I "Removing IP $ip from $known_hosts_file..."
if ! ssh-keygen -R "$ip" -f "$known_hosts_file" >/dev/null 2>&1; then
disp W "No known_hosts entry found for '$ip' in '$known_hosts_file'."
fi
fi
done
done done
} }
export -f rmhost export -f rmhost
@@ -114,41 +158,33 @@ export -f rmhost
# Usage: ssr <server [ssh options]> # Usage: ssr <server [ssh options]>
ssr() ssr()
{ {
local PARSED case "${1:-}" in
PARSED=$(getopt -o h --long help -n 'ssr' -- "$@")
if [[ $? -ne 0 ]]; then return 1; fi
eval set -- "$PARSED"
while true; do
case "$1" in
-h|--help) -h|--help)
printf "ssr: SSH into a server as root.\n\n" printf "ssr: SSH into a server as root.\n\n"
printf "Usage: ssr <server> [ssh_options...]\n\n" printf "Usage: ssr <server> [ssh_options...]\n\n"
printf "Options:\n" printf "Notes:\n"
printf "\t-h, --help\t\tDisplay this help screen\n" printf " The first argument is the target server.\n"
printf " All remaining arguments are passed directly to ssh.\n\n"
printf "Examples:\n"
printf " ssr srv01\n"
printf " ssr srv01 -p 2222\n"
printf " ssr srv01 -i ~/.ssh/id_ed25519 -J bastion\n"
return 0 return 0
;; ;;
--)
shift
break
;;
*)
disp E "Invalid options, use \"ssr --help\" to display usage."
return 1
;;
esac esac
done
command -v ssh >/dev/null 2>&1 || { command -v ssh >/dev/null 2>&1 || {
disp E "ssh is not installed." disp E "ssh is not installed."
return 127 return 127
} }
[[ ! $1 ]] && {
[[ $# -eq 0 || -z ${1:-} ]] && {
disp E "Please specify the server you want to log in." disp E "Please specify the server you want to log in."
return 1 return 1
} }
local srv=$1 && shift local srv=$1
shift
ssh -Y root@"$srv" "$@" ssh -Y root@"$srv" "$@"
} }

320
profile.d/updates.sh
View File

@@ -39,24 +39,27 @@ export UPDT_URL="$BASE_URL/raw/branch/master"
export ARCH_URL="$BASE_URL/archive/master.tar.gz" export ARCH_URL="$BASE_URL/archive/master.tar.gz"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Check for profile updates # Check whether a newer profile version is available
# Usage: check_updates [-q] # Usage: check_updates [-q]
# If -q is specified, the function will operate in quiet mode (internal use only) # If -q is specified, the function will operate in quiet mode (internal use only)
check_updates() check_updates()
{ {
local quiet=0 local quiet=0 result=5 PARSED
local PARSED=$(getopt -o hq --long help,quiet -n 'check_updates' -- "$@") local vfile="" lastver=""
PARSED=$(getopt -o hq --long help,quiet -n 'check_updates' -- "$@")
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
disp E "Invalid options, use \"check_updates --help\" to display usage." disp E "Invalid options, use \"check_updates --help\" to display usage."
return 1 return 2
fi fi
eval set -- "$PARSED" eval set -- "$PARSED"
while true; do while true; do
case "$1" in case "$1" in
-h|--help) -h|--help)
printf "check_updates: Check for new versions.\n\n" printf "check_updates: Check whether a newer profile version is available.\n\n"
printf "Usage: check_updates\n" printf "Usage: check_updates [-q|--quiet]\n"
printf "This command only checks availability; it does not modify the installation.\n"
return 0 return 0
;; ;;
-q|--quiet) -q|--quiet)
@@ -73,28 +76,35 @@ check_updates()
esac esac
done done
(( $quiet != 1 )) && disp I "Checking for updates..." (( quiet != 1 )) && disp I "Checking for updates..."
local vfile="/tmp/version"
wget "$UPDT_URL/version" -O $vfile >/dev/null 2>&1 || { vfile=$(mktemp /tmp/profile_version.XXXXXX) || {
disp E "Can't download version file, impossible to proceed!" disp E "Failed to create a temporary file."
return 4
}
dwl "$UPDT_URL/version" "$vfile" >/dev/null 2>&1 || {
rm -f "$vfile"
disp E "Cannot download version file; unable to continue."
return 5 return 5
} }
if [[ -s $vfile ]]; then if [[ -s $vfile ]]; then
local lastver=$(cat $vfile) lastver=$(<"$vfile")
if [[ $lastver != $PROFVERSION ]]; then if [[ "$lastver" != "$PROFVERSION" ]]; then
disp I "You have version $PROFVERSION installed. Version $lastver is available." disp I "Installed: $PROFVERSION. Available: $lastver."
(( $quiet != 1 )) && disp I "You should upgrade to last version when possible." (( quiet != 1 )) && disp I "You should upgrade when possible."
result=1 result=1
else else
(( $quiet != 1 )) && disp I "Your version is up-to-date." (( quiet != 1 )) && disp I "Your version is up-to-date."
result=0 result=0
fi fi
rm -f $vfile rm -f "$vfile"
else else
disp E "Impossible to read temporary file, impossible to proceed." rm -f "$vfile"
disp E "Temporary file is unreadable; unable to continue."
fi fi
unset lastver vfile
return $result return $result
} }
export -f check_updates export -f check_updates
@@ -102,23 +112,63 @@ export -f check_updates
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Apply update to profile # Apply the available profile upgrade
# Usage: profile_upgrade # Usage: profile_upgrade [options]
profile_upgrade() profile_upgrade()
{ {
local PARSED=$(getopt -o h --long help -n 'profile_upgrade' -- "$@") local PARSED
local check_rc=0 dry_run=0 force_git=0 switch_to_git=0
local archive_file="" tmpbase="" use_archive=0 branch=""
local tmpdir="" archive="" extracted_root=""
PARSED=$(getopt -o hf:t:nFb:g --long help,file:,tmpdir:,dry-run,force,branch:,switch-to-git -n 'profile_upgrade' -- "$@")
if [[ $? -ne 0 ]]; then if [[ $? -ne 0 ]]; then
printf "Invalid options, use \"profile_upgrade --help\" to display usage." disp E "Invalid options, use \"profile_upgrade --help\" to display usage."
return 1 return 2
fi fi
eval set -- "$PARSED" eval set -- "$PARSED"
while true; do while true; do
case "$1" in case "$1" in
-h|--help) -h|--help)
printf "profile_upgrade: Upgrade the profile to the latest version.\n\n" printf "profile_upgrade: Apply the available profile upgrade.\n\n"
printf "Usage: profile_upgrade\n" printf "Usage: profile_upgrade [options]\n\n"
printf "Options:\n"
printf "\t-h, --help\t\tDisplay this help screen\n"
printf "\t-f, --file ARCHIVE\tUse a local archive file for the upgrade\n"
printf "\t-t, --tmpdir DIR\tCreate the temporary working directory under DIR\n"
printf "\t-b, --branch NAME\tUse NAME as the target Git branch\n"
printf "\t-g, --switch-to-git\tReplace current install with a fresh Git clone\n"
printf "\t-n, --dry-run\t\tDisplay what would be done without changing anything\n"
printf "\t-F, --force\t\tDiscard local changes before upgrading\n\n"
printf "If the profile is installed from Git, the upgrade uses 'git pull'.\n"
printf "Otherwise, it downloads or applies an archive and refreshes the files.\n"
return 0 return 0
;; ;;
-f|--file)
archive_file="$2"
use_archive=1
shift 2
;;
-t|--tmpdir)
tmpbase="$2"
shift 2
;;
-b|--branch)
branch="$2"
shift 2
;;
-g|--switch-to-git)
switch_to_git=1
shift
;;
-n|--dry-run)
dry_run=1
shift
;;
-F|--force)
force_git=1
shift
;;
--) --)
shift shift
break break
@@ -130,59 +180,229 @@ profile_upgrade()
esac esac
done done
if check_updates -q; then if (( ! use_archive && ! switch_to_git )); then
disp "No update available." check_updates -q
check_rc=$?
if (( check_rc == 0 )); then
disp I "No update available."
return 0 return 0
elif (( check_rc > 1 )); then
disp E "Unable to check whether an update is available."
return "$check_rc"
fi
fi fi
if [[ -s $MYPATH/profile.sh ]]; then if [[ ! -s $MYPATH/profile.sh ]]; then
disp E "Installation path detection failed, cannot upgrade automatically." disp E "Install path detection failed; cannot upgrade automatically."
return 1 return 1
fi fi
if [[ -d $MYPATH/.git ]] && (( use_archive )) && (( ! force_git )); then
disp E "Refusing archive upgrade on a Git install without --force."
return 1
fi
if (( switch_to_git )); then
command -v git >/dev/null 2>&1 || {
disp E "Git is required to switch this install to a Git clone."
return 3
}
if (( dry_run )); then
disp I "[dry-run] rm -rf \"$MYPATH\"/.git"
disp I "[dry-run] git clone "$BASE_URL" \"$MYPATH\""
[[ -n "$branch" ]] && disp I "[dry-run] git -C \"$MYPATH\" checkout "$branch""
return 0
fi
if [[ -d $MYPATH/.git ]]; then if [[ -d $MYPATH/.git ]]; then
disp W "Git repository already present; no switch is needed."
else
local backup_dir="${MYPATH}.pre-git.$$.bak"
mv "$MYPATH" "$backup_dir" || {
disp E "Failed to move current install out of the way."
return 3
}
git clone "$BASE_URL" "$MYPATH" || {
disp E "Git clone failed; previous install kept in $backup_dir."
mv "$backup_dir" "$MYPATH" 2>/dev/null || true
return 3
}
[[ -n "$branch" ]] && (
cd "$MYPATH" && git checkout "$branch"
) || true
disp I "Switched installation to Git source."
disp I "Previous install kept in $backup_dir."
return 0
fi
fi
if [[ -d $MYPATH/.git ]] && (( ! use_archive )); then
disp I "Git installation detected, applying git pull." disp I "Git installation detected, applying git pull."
pushd "$MYPATH" || { command -v git >/dev/null 2>&1 || {
disp E "Git is required for this upgrade but is not available."
return 3
}
pushd "$MYPATH" >/dev/null || {
disp E "Failed to change directory to $MYPATH." disp E "Failed to change directory to $MYPATH."
return 3 return 3
} }
git pull || { git rev-parse --is-inside-work-tree >/dev/null 2>&1 || {
disp E "Git pull failed, upgrade not applyed." disp E "Install directory is not a valid Git working tree."
popd popd >/dev/null || return 1
return 2 return 3
} }
disp I "Successfully upgraded using git." if ! git diff --quiet || ! git diff --cached --quiet || [[ -n $(git ls-files --others --exclude-standard) ]]; then
popd if (( force_git )); then
disp W "Force mode: local Git changes and untracked files will be lost."
if (( dry_run )); then
disp I "[dry-run] git fetch --all --prune"
disp I "[dry-run] git reset --hard HEAD"
disp I "[dry-run] git clean -fd"
else else
disp I "No Git detected. Downloading and applying upgrade from archive..." git fetch --all --prune || {
local tmpdir="/tmp/profile_upg.$$" disp E "Git fetch failed, upgrade not applied."
mkdir -p "$tmpdir" || { popd >/dev/null || return 1
disp E "Failed to create temporary directory."
return 4 return 4
} }
git reset --hard HEAD || {
disp E "Git reset failed, upgrade not applied."
popd >/dev/null || return 1
return 4
}
git clean -fd || {
disp E "Git clean failed, upgrade not applied."
popd >/dev/null || return 1
return 4
}
fi
else
disp W "The Git working tree contains local changes."
disp W "Consider committing or stashing them before upgrading, or use --force."
disp W "Upgrade may fail if the changes conflict with the upgrade."
fi
fi
if [[ -n "$branch" ]]; then
if (( dry_run )); then
disp I "[dry-run] git fetch origin $branch"
disp I "[dry-run] git checkout $branch"
else
git fetch origin "$branch" || {
disp E "Git fetch failed for branch $branch."
popd >/dev/null || return 1
return 2
}
git checkout "$branch" || {
disp E "Git checkout failed for branch $branch."
popd >/dev/null || return 1
return 2
}
fi
fi
local archive="$tmpdir/profile.tar.gz" if (( dry_run )); then
wget -q "$ARCH_URL" -O "$archive" || { if [[ -n "$branch" ]]; then
disp E "Failed to download archive." disp I "[dry-run] git pull origin $branch"
rm -rf "$tmpdir" else
disp I "[dry-run] git pull"
fi
else
if [[ -n "$branch" ]]; then
git pull origin "$branch" || {
disp E "Git pull failed, upgrade not applied."
popd >/dev/null || return 1
return 2
}
else
git pull || {
disp E "Git pull failed, upgrade not applied."
popd >/dev/null || return 1
return 2
}
fi
disp I "Successfully upgraded using git."
fi
popd >/dev/null || return 1
else
if (( use_archive )); then
[[ -r "$archive_file" ]] || {
disp E "Local archive '$archive_file' is missing or unreadable."
return 4
}
disp I "Using local archive $archive_file."
else
disp W "No Git repo found. Git is the recommended source."
disp I "Applying upgrade from archive..."
fi
if [[ -n "$tmpbase" ]]; then
if (( dry_run )); then
disp I "[dry-run] mkdir -p \"$tmpbase\""
disp I "[dry-run] mktemp -d \"$tmpbase/profile_upg.XXXXXX\""
tmpdir="$tmpbase/profile_upg.DRYRUN"
else
mkdir -p "$tmpbase" || {
disp E "Failed to create temporary directory base $tmpbase."
return 5 return 5
} }
tmpdir=$(mktemp -d "$tmpbase/profile_upg.XXXXXX") || {
disp E "Failed to create temp working directory under $tmpbase."
return 5
}
fi
else
if (( dry_run )); then
disp I "[dry-run] mktemp -d /tmp/profile_upg.XXXXXX"
tmpdir="/tmp/profile_upg.DRYRUN"
else
tmpdir=$(mktemp -d /tmp/profile_upg.XXXXXX) || {
disp E "Failed to create temporary directory."
return 5
}
fi
fi
tar -xzf "$archive" -C "$tmpdir" || { if (( use_archive )); then
disp E "Archive extraction failed." archive="$archive_file"
else
archive="$tmpdir/profile.tar.gz"
if (( dry_run )); then
disp I "[dry-run] dwl \"$ARCH_URL\" \"$archive\""
else
dwl "$ARCH_URL" "$archive" || {
disp E "Failed to download archive."
rm -rf "$tmpdir" rm -rf "$tmpdir"
return 6 return 6
} }
fi
fi
disp I "Installing new version..." if (( dry_run )); then
cp -r "$tmpdir"/profile/* "$MYPATH"/ || { disp I "[dry-run] tar -xzf \"$archive\" -C \"$tmpdir\""
disp E "Failed to copy new files to $MYPATH." disp I "[dry-run] cp -a <extracted_profile>/. \"$MYPATH\"/"
else
tar -xzf "$archive" -C "$tmpdir" || {
disp E "Archive extraction failed."
rm -rf "$tmpdir" rm -rf "$tmpdir"
return 7 return 7
} }
disp I "Upgrade complete. You should now logout and login again." extracted_root=$(find "$tmpdir" -mindepth 1 -maxdepth 1 -type d ! -name '.*' | head -n 1)
if [[ -z "$extracted_root" ]]; then
disp E "Could not find extracted profile files."
rm -rf "$tmpdir" rm -rf "$tmpdir"
return 8
fi
disp I "Installing new version..."
cp -a "$extracted_root"/. "$MYPATH"/ || {
disp E "Failed to copy new files into $MYPATH."
rm -rf "$tmpdir"
return 9
}
disp I "Upgrade complete. Please log out and log in again."
rm -rf "$tmpdir"
fi
fi fi
} }
export -f profile_upgrade export -f profile_upgrade