emdee/libvirt_cloud
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

bash

Browse source
This commit is contained in:
emdee 2024-01-09 14:16:55 +00:00
parent 7e491f4b8c
commit 2c8998aeb4
80 changed files with 8999 additions and 109 deletions
Download patch file Download diff file Expand all files Collapse all files

50
roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash Executable file
View file

@ -0,0 +1,50 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PKG=analyze-ssl.pl
GIT_HUB=github.com
GIT_USER=noxxi
GIT_DIR=p5-ssl-tools
URL=raw.githubusercontent.com//master/$PKG.sh
URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG
. $PREFIX/src/var_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -f $PKG ] ; then
[ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
fi
[ -f $PKG ] || cp -p $PREFIX/net/Http/$URL .
if [ ! -e $PREFIX/bin/$PKG.bash ] ; then
cat > $PREFIX/bin/$PKG.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=text
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
cd $PREFIX/src/ || exit 1
exec perl $PKG "\$@"
EOF
chmod 755 $PREFIX/bin/$PKG.bash
fi
exit 0
elif [ "$1" = 'test' ] ; then # 3*
$PREFIX/bin/$PKG.bash --help || exit 30
fi

7
roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.pl.bash Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# https://github.com/noxxi/p5-ssl-tools/
ROLE=toxcore
cd /usr/local/src/ || exit 1
exec perl analyze-ssl.pl "$@"

28
roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL
TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible
. /var/local/src/var_local_src.bash || exit 2
PKG=ansible-keepass
GIT_HUB=github.com
GIT_USER=Nekmo
GIT_DIR=ansible-keepass
[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \
mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars
[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \
wget $BASE_WGET_ARGS \
-O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \
https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \
exit 0

89
roles/toxcore/overlay/Linux/usr/local/bin/ansible.bash Executable file
View file

@ -0,0 +1,89 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
#? broken in ansible
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -z "$PYTHON_MINOR" ] || PYTHON_MINOR=3.9
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
PKG="ansible"
MOD="$PKG"
VER="2.9.22"
AVER="2.9.22"
DIR="${PKG}-$VER"
EXT="tar.gz"
URL="files.pythonhosted.org/packages/03/4f/cccab1ec2e0ecb05120184088e00404b38854809cf35aa76889406fbcbad/ansible-2.9.10.tar.gz"
TODIR=/o/data/TestForge/src/ansible
if [ -f /var/local/src/var_local_src.bash ] ; then
. /var/local/src/var_local_src.bash
else
ols_are_we_connected () { route | grep -q ^default ; return $? ; }
fi
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -f "$HTTP_DIR/$URL" ] ; then
ols_are_we_connected || { DEBUG not connected ; exit 0 ; }
wget -xc -P "$HTTP_DIR" "https://$URL" || exit 2
fi
if [ "$EXT" = "zip" ] ; then
unzip "$HTTP_DIR/$URL" || exit 3
else
tar xfvz "$HTTP_DIR/$URL" || exit 3
fi
fi
cd "$DIR" || exit 4
[ -f lib/ansible/parsing/utils/yaml.py.dst ] || \
bash /usr/local/sbin/base_patch_from_diff.bash $ROLE \
$TODIR/roles/$ROLE/overlay/Linux/$PREFIX/patches/$ROLE/$PWD || exit 6$?
[ -d $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/$DIR-py$PYTHON_MINOR.egg ] || \
pip3.sh install . >> install.log 2>&1\
|| { echo "ERROR: code $?" ; tail install.log ; exit 5 ; }
"$PYTHON_EXE" -c "import $MOD" || exit 10
grep -l '_tput\|_src' *sh ../bin*sh | \
xargs grep -l 'echo \(INFO\|DEBUG\|ERROR\|DEBUG\):' | \
xargs sed -e 's@echo \(INFO\|DEBUG\|ERROR\|DEBUG\):@\1 @'
if [ -d $PREFIX/src/ansible-$AVER/docs/docsite ] ; then
cd $PREFIX/src/ansible-$AVER/docs/docsite
[ -f htmldocs.log ] || make -n -f Makefile htmldocs > htmldocs.log 2>&1 || exit 2$?
[ -f info.log ] || make -n -f Makefile.sphinx info > info.log 2>&1 || exit 3$?
exit 0
elif [ "$1" = 'check' ] ; then
"$PYTHON_EXE" -c "import $MOD" || exit 10
# msys_run_checks_requirements
elif [ $1 = 'test' ] ; then
cd $PREFIX/src/$DIR || exit 50
$PYTHON_EXE_MSYS -m tox >> test.log 2>&1 || \
{ echo "ERROR: $MOD code $?" ; cat test.log ; exit 51 ; }
elif [ "$1" = 'refresh' ] ; then
cd $PREFIX/src/$DIR || exit 60
env PWD=$PREFIX/src/$DIR \
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
fi
exit 0

121
roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash Executable file
View file

@ -0,0 +1,121 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=toxcore
DIR=c-$PKG
GIT_HUB=github.com
GIT_USER=TokTok
GIT_DIR=$DIR
GIT_BRAN=master
VERS=2.18.0
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
ols_are_we_connected || { DEBUG not connected ; exit 0 ; }
cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
git clone -b $GIT_BRAN --depth=1 https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 4
git clone --depth=1 https://$GIT_HUB/$GIT_USER/dockerfiles
cd $WD
# wget -xcP ../net/Http/ https://github.com/TokTok/c-toxcore/releases/download/v0.2.18/c-toxcore-0.2.18.tar.gz
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR
fi
cd "$DIR" || exit 5
[ -f third_party/cmp/Makefile ] || git submodule update --init || exit 6
# ols_apply_testforge_patches
# # [ -f CMakeLists.txt.dst ] || patch -b -z.dst < toxcore.diff || exit 7
[ -f cmake.sh ] || cat > cmake.sh << EOF
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=$PREFIX
ROLE=$ROLE
CORE=$PREFIX/src/c-toxcore
DIR=_build
LIB=\$CORE/\$DIR
cd \$CORE | exit 3
mkdir _build
cd _build
cmake \
-DCMAKE_BUILD_TYPE="Debug" \
-DCMAKE_UNITY_BUILD=ON \
-DMIN_LOGGER_LEVEL=TRACE \
-DMUST_BUILD_TOXAV=ON \
-DNON_HERMETIC_TESTS=ON \
-DSTRICT_ABI=ON \
-DTEST_TIMEOUT_SECONDS=120 \
-DUSE_IPV6=OFF \
-DAUTOTEST=ON \
-DBUILD_MISC_TESTS=ON \
-DBUILD_FUN_UTILS=ON \
-DBOOTSTRAP_DAEMON=ON \
.. > cmake.log 2>&1
#sed -e 's/-DNDEBUG/-g/' -i CMakeCache.txt
make .. > make.log 2>&1
ls \$LIB/*so* || { echo ERROR \$LIB ; exit 2 ; }
EOF
bash cmake.sh || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cd _build
make >> make.log 2>&1 || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cp -p other/bootstrap_daemon/tox-bootstrapd $PREFIX/bin
cp -p other/bootstrap_daemon/tox-bootstrapd.sh $PREFIX/etc/init.d/tox-bootstrapd
# ln -s $PREFIX/etc/init.d/tox-bootstrapd /etc/init.d
exit 0
elif [ $1 = 'check' ] ; then # 1*
# ols_test_bins && exit 0 || exit $?
[ ! -d $DIR/_build ] && WARN not built yet $DIR && exit 11
[ -f $DIR/_build/libtoxcore.so.${VERS} ] && WARN not compiled yet $DIR && exit 12
ldd $DIR/_build/libtoxcore.so.${VERS} | grep found && ERROR ldd fails $DIR && exit 13
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

5
roles/toxcore/overlay/Linux/usr/local/bin/dracut-055.bash Normal file
View file

@ -0,0 +1,5 @@
#!/bin/sh
ROLE=toxcore
#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.sign
#https://mirrors.edge.kernel.org/pub/linux/utils/boot/dracut/dracut-055.tar.gz

80
roles/toxcore/overlay/Linux/usr/local/bin/gridfire.bash Executable file
View file

@ -0,0 +1,80 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
MOD=gridfire
DIR=$MOD
GIT_HUB=github.com
GIT_USER=reid-k
GIT_DIR=gridfire
DESC=""
[ -f /usr/local/src/usr_local_src.bash ] && \
. /usr/local/src/usr_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
cd $DIR || exit 3
if [ ! -e $MOD.py ] ; then
route|grep -q ^default || exit 0
wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py
fi
#[ -f $MOD.sh ] || \
# cp -p $PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR/$MOD.sh .
for VER in 2 3 ; do
PYVER=$VER
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
if [ ! -e $PREFIX/bin/$MOD$VER.bash ] ; then
cat > $PREFIX/bin/$MOD$VER.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=$ROLE
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@"
EOF
chmod 755 $PREFIX/bin/$MOD$VER.bash
fi
done
# default to python2
BINS=$MOD
msys_install_python_scripts $BINS
cd bin || exit 4
for file in *.bash *.py ; do
[ $file = gridfire_ansible-vault.bash ] && continue
[ -x $PREFIX/bin/$file ] && diff -q $file $PREFIX/bin/$file && continue
cp -p $file $PREFIX/bin
[ -x $PREFIX/bin/$file ] || chmod 775 $PREFIX/bin/$file
done
cd ..
#[ -d /usr/lib64/misc/ ] && [ ! -e /usr/lib64/misc/ssh-askpass ] \
# && sudo ln -s $PREFIX/bin/$MOD.bash /usr/lib64/misc/ssh-askpass
retval=0
[ -z "$BOX_OS_FLAVOR" ] && BOX_OS_FLAVOR="Linux"
make all-$BOX_OS_FLAVOR
OPREFIX=$PREFIX/share/genkernel/overlay
dist=dist-$BOX_OS_FLAVOR
[ -d $OPREFIX/bin ] || { sudo mkdir -p $OPREFIX/bin ; sudo chmod 1777 $OPREFIX/bin ; }
[ ! -x $dist/$MOD ] || \
[ -x $OPREFIX/bin/$MOD -a $OPREFIX/bin/$MOD -nt $dist/$MOD ] || \
cp -p $dist/$MOD $OPREFIX/bin/ || exit 9
# libc.so.1 libz.so.1 libdl.so.1
exit 0
elif [ "$1" = 'test' ] ; then
$PREFIX/bin/$MOD.bash --help >/dev/null || exit 10
make test >/dev/null || exit 11
fi

131
roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash Executable file
View file

@ -0,0 +1,131 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/src/usr_local_src.bash || exit 2
# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2
export LOG_DIR=$PREFIX/var/log/$ROLE
DESC=""
cd /usr/local/src || exit 4
if [ "$#" -eq 0 ] ; then
# /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh
[ -f /usr/local/bin/ssl-cipher-check.pl ] || \
wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl
if [ $USER = root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
command -v keepassxc.bash
EXE=`command -v keepassxc.bash`
[ -z "$EXE" ] && EXE=`command -v keepassxc`
if [ -z "$EXE" ] ; then
export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring
ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'`
[ -n "$ELTS" ] && kill $ELTS
if [ -d /etc/pam.d ] ; then
cd /etc/pam.d
grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do
[ -f .$file.dst ] || cp -p $file .$file.dst
sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file
done
fi
file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service
if [ ! -f $file ] || ! grep -q $EXE $file ; then
cat > $file <<EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=$EXE
EOF
fi
fi
fi
if [ $USER != root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
[ -d ~/.config/autostart ] || mkdir ~/.config/autostart
cd /etc/xdg/autostart/
for file in * ; do
[ -f ~/.config/autostart/$file ] || {
cat > ~/.config/autostart/$file <<EOF
[Desktop Entry]
Hidden=true
EOF
INFO created ~/.config/autostart/$file - cp /dev/null to reenable
}
done
# https://pypi.org/project/keyring/
A=`python3.bash -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"` || exit 1$?
[ -f "$A" ] || touch "$A"
# $HOME/.config/python_keyring
[ -s "$A" ] || cat > "$A" <<EOF
[backend]
default-keyring=keyring.backends.SecretService.Keyring
EOF
A=`python3 -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"`
[ -d "$A" ] || mkdir "$A"
if `which keepassxc` && ps ax | grep -v grep | grep -q keepassxc ; then
python3 -m keyring --list-backends | \
grep -q keyring.backends.SecretService.Keyring || \
WARN NO keyring.backends.SecretService.Keyring
# string "org.freedesktop.secrets"
dbus-send --session --dest=org.freedesktop.DBus \
--type=method_call --print-reply \
/org/freedesktop/DBus org.freedesktop.DBus.ListNames | \
grep -q 'org.freedesktop.secrets' || \
WARN NO org.freedesktop.DBus.ListNames
else
python3 -m keyring --list-backends || \
WARN NO keyring.backends
fi
if `which gajim` || [ -f $PREFIX/bin/gajim ] ; then
[ -f $HOME/.config/gajim/config ] || cat > $HOME/.config/gajim/config <<EOF
proxies.Tor.bosh_wait_for_restart_response = False
proxies.Tor.useauth = False
proxies.Tor.bosh_useproxy = True
proxies.Tor.bosh_http_pipelining = False
proxies.Tor.bosh_content = text/xml; charset=utf-8
proxies.Tor.bosh_uri =
proxies.Tor.bosh_wait = 30
proxies.Tor.host = 127.0.0.1
proxies.Tor.user =
proxies.Tor.pass =
proxies.Tor.bosh_hold = 2
proxies.Tor.type = socks5
proxies.Tor.port = 9050
EOF
fi
fi
exit 0
elif [ "$1" = check ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash || exit 10
msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash
msys_var_local_src_prog_key $1 || exit 20$?
ols_run_tests_shellcheck $ROLE || exit 21$?
ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then
msys_var_local_src_prog_key $1 || exit 51$?
fi

86
roles/toxcore/overlay/Linux/usr/local/bin/negotiator.bash Normal file
View file

@ -0,0 +1,86 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=negotiator
DIR=negatiator
declare -a FILES
FILES=(
1a/dd/3fcb75aebaa0a28f4f4e4a5773833d5cc7fecd47f2b535fc7e445f289539/negotiator-common-0.12.2.tar.gz
65/e5/bddc148f12aa8e81cfb0fbe504541436d0d38c6cb1546fa4fb5fbefcb5ce/negotiator-host-0.12.2.tar.gz
fe/a1/3d77020b8c5034f7ef65434d0510d1262840550155ce5f433c8189499326/negotiator-guest-0.12.2.tar.gz
)
declare -a GUESTS
GUESTS=(
coloredlogs-15.0.1-py2.py3-none-any.whl
executor-23.2-py2.py3-none-any.whl
fasteners-0.19-py3-none-any.whl
humanfriendly-10.0-py2.py3-none-any.whl
negotiator_common-0.12.2-py3-none-any.whl
negotiator_guest-0.12.2-py3-none-any.whl
property_manager-3.0-py2.py3-none-any.whl
setuptools-69.0.2-py3-none-any.whl
six-1.16.0-py2.py3-none-any.whl
supervisor-4.2.5-py2.py3-none-any.whl
verboselogs-1.7-py2.py3-none-any.whl
)
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
route | grep -q ^def || { DBUG not connected ; exit 0 ; }
wget -xcP $PREFIX/net/Http/ https://pypi.org/project/negotiator-common/
for f in "${FILES[@]}" ; do
wget -xcP $PREFIX/net/Http/ https://files.pythonhosted.org/packages/$f
done
if [ ! -d "$WD/$DIR" ] ; then
[ -d $WD/$DIR ] || mkdir $WD/$DIR
pip3.sh download -d $WD/$DIR \
negotiator-guest supervisor humanfriendly
cd $WD
fi
for f in "${FILES[@]}" ; do
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
done
fi
for f in "${FILES[@]}" ; do
base=`basename $f .tar.gz`
[ -d base ] && continue
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
cd $base
pip3.sh install --prefix=/usr/local . >> install.log 2>&1 || \
WARN problems installing $base retval=$retval
cd ..
done
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

6
roles/toxcore/overlay/Linux/usr/local/bin/pex2.bash Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# --not-zip-safe --no-index linux_x86_64-cp-27-cp27mu
ROLE=toxcore
exec /usr/local/bin/python2.sh -m pex --python $PREFIX/bin/python2.sh --python-shebang $PREFIX/bin/python2.sh "$@"

7
roles/toxcore/overlay/Linux/usr/local/bin/pex3.bash Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
# -f /usr/lib/python3/dist-packages/
exec /usr/local/bin/pex \
--python /usr/local/bin/python3.sh \
--python-shebang /usr/local/bin/python3.sh "$@"

67
roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash Normal file
View file

@ -0,0 +1,67 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
#See /var/local/src/ZeroNet.bash
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
MOD="pyassuan"
DIR="${MOD}"
BINS="get-info pinentry"
GIT_HUB=http-git.tremily.us
GIT_DIR=pyassuan
#ols_funtoo_requires
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cd "$DIR" || exit 4
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
#? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; }
# msys_python_bins $BINS
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20
# ols_test_bins
exit $?
elif [ "$1" = 'test' ] ; then # 3*
cd $WD/$DIR
$PYTHON_EXE_MSYS -m unittest discover >>test.log || exit 31$?
fi

96
roles/toxcore/overlay/Linux/usr/local/bin/sdwdate.bash Executable file
View file

@ -0,0 +1,96 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# 19 Nov 00:48:20 ntpdate[24018]: step time server 132.163.97.3 offset +4125.279643 sec
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash || exit 1
# python3.6 problems on gentoo with gevent not installing
# python3.7 -c 'import gevent'
PYVER=3
PYTHON_MINOR=3.11
PYTHON_EXE_MSYS=python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PKG=sdwdate
URL=github.com/Whonix/sdwdate
DIR=$PKG
cd $PREFIX/src || exit 2
WD=$PWD
cd $DIR || exit 3
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
if ! [ -d $site_packages/$DIR/ ] ; then
rsync -vax usr/lib/python3/dist-packages/$DIR/ $site_packages/$DIR/
sed -e 's@/usr/lib@/usr/local/lib@' -i $site_packages/$DIR/*py
fi
[ -d $site_packages/$DIR/ ] || exit 4
[ -d $PREFIX/etc/sdwdate.d ] || mkdir $PREFIX/etc/sdwdate.d
[ -f $PREFIX/etc/sdwdate.d/30_default.conf ] || \
cp -p etc/sdwdate.d/30_default.conf $PREFIX/etc/sdwdate.d/30_default.conf
if [ ! -f $PREFIX/bin/${PKG}_.py ] ; then
cp -p usr/bin/${PKG} $PREFIX/bin/${PKG}_.py || exit 5
patch -b -z .dst $PREFIX/bin/${PKG}_.py < $PREFIX/src/${PKG}_.py,diff
fi
if ! [ -d /usr/local/lib/helper-scripts ] ; then
rsync -vax ../helper-scripts/ $PREFIX/lib/helper-scripts/
fi
# share/sdwdate/onion_tester
if ! [ -d /usr/local/share/sdwdate ] ; then
rsync -vax usr/share/$DIR/ $PREFIX/share/$DIR/
fi
if ! [ -d /usr/local/lib/sdwdate ] ; then
rsync -vax usr/lib/$DIR/ $PREFIX/lib/$DIR/
## Compatibility with anon-ws-disable-stacked-tor.
# addgroup debian-tor 2>/dev/null || true
# adduser --home /run/sdwdate --no-create-home --quiet --system --group sdwdate || true
## Add sdwdate to group debian-tor so it can read
## /run/tor/control.authcookie which is required to check if Tor has
## already successfully established a circuit before fetching time.
# addgroup sdwdate debian-tor
cd /usr/local/lib/$DIR
[ -x sclockadj ] || \
gcc sclockadj.c -o sclockadj -ldl -D_GNU_SOURCE -Wdate-time -D_FORTIFY_SOURCE=2 -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wl,-z,relro -Wl,-z,now || exit 7
cd $WD
fi
if grep -q /usr/lib /usr/local/lib/sdwdate/* ; then
sed -e 's@/usr/lib@/usr/local/lib@' -i /usr/local/lib/sdwdate/*
fi
cd $WD
if [ ! -e $PREFIX/bin/${ROLE}_${PKG}.bash ] ; then
cat > $PREFIX/bin/${ROLE}_${PKG}.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
if [ -x /usr/local/bin/proxy_ping_test.bash ] ; then
sh /usr/local/bin/proxy_ping_test.bash wifi || exit 1
sh /usr/local/bin/proxy_ping_test.bash 30 || exit 2
fi
export PYTHONPATH=$site_packages
exec $PYTHON_EXE_MSYS $PREFIX/bin/${PKG}_.py "\$@"
EOF
chmod 755 $PREFIX/bin/${ROLE}_${PKG}.bash
fi
exit 0

7
roles/toxcore/overlay/Linux/usr/local/bin/testforge_alsa_info.bash Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=testforge
export http_proxy=localhost:9999
export https_proxy=localhost:9999
exec alsa-info.sh --stdout --no-load $*

149
roles/toxcore/overlay/Linux/usr/local/bin/testforge_backup_btrfs.bash Executable file
View file

@ -0,0 +1,149 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# https://lukas.dzunko.sk/index.php/Linux:_incremental_backup_using_rsync_on_btrfs_with_snapshots
PREFIX=/var/local
ROLE=testforge
MONIKER=4TA
DEST=/mnt/backup
snapshot=""
opt=""
usage() {
echo "Usage: $0 [OPTIONS] dirs"
echo
echo " -s | --snapshot - snapshot"
echo " -c | --checksum - checksum"
echo " -p | --dedupe - dedupe"
echo " -d | --dest - destination (default - $DEST )"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
[ "$#" -eq 0 ] && usage && exit 1
SHORTOPTS="hVcspm:d:"
LONGOPTS="help,version,checksum,snapshot,dedupe,moniker:,dest:"
dedupe=
DIRS=
. /usr/local/bin/usr_local_base.bash || exit 2
error () { retval=$1 ; shift; echo "ERROR: $prog" $* ; exit $retval ; }
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && error 2 "Aborting."
eval set -- "$ARGS"
while true; do
# echo $*
case "$1" in
-p|--dedupe)
dedupe="true"
;;
-s|--snapshot)
snapshot="true"
;;
-c|--checksum)
opt="--checksum"
;;
-m|--moniker)
shift
MONIKER="$1"
;;
-d|--dest)
shift
DEST="$1"
;;
-v|--verbosity)
shift
verbosity="$1"
;;
-V|--version)
usage
exit 0
;;
-h|--help)
usage
exit 0
;;
'--')
shift
DIRS="$@"
break
;;
*)
error 3 "unrecognized arguments $*"
break
;;
esac
shift
done
[ -z "$DIRS" ] && error 4 "no directories given"
df | grep ${DEST} || mount -v ${DEST} || exit 3
echo "INFO: Copying data ..."
# output of following commands is saved along with backup
( echo; echo "lsusb:" ; lsusb;
echo; echo "lspci:"; lspci;
echo; echo "lshw:" ; lshw -short;
echo; echo "date:" ; date;
echo; echo "# EOF" ;
) > /.lastbackup_$MONIKER
echo
shopt -s nullglob
[ -d /var/local/etc/testforge/backup ] || mkdir /var/local/etc/testforge/backup
file=/var/local/etc/testforge/backup/$MONIKER.exclude
if ! [ -f $file ] ; then
cat > $file << EOF
/cdrom
/dev
/media
/mnt
/proc
/run
/sys
/tmp
EOF
for elt in /root/.cache /home/*/.cache ; do
grep -q ^$elt $file || echo $eelt >> $file
done
fi
LARGS="${opt} -vaxHAX --delete --delete-excluded --human-readable --stats --exclude-from=$file"
for dir in $DIRS ; do
[ -d $dir ] || continue
# copy data to backup location
dest=$( echo $dir | sed -e 's@/mnt/@@' )
rsync $LARGS\
${DEST}/${MONIKER}/$dest || { retval=$? ; ERROR backing up $dir ; sync; exit $retval ; }
done
echo "Flushing file system buffers ..."
time sync
btrfs filesystem sync ${DEST}
time sync
echo
if [ $dedupe = "true" ] ; then
echo "INFO: deduping backup ..."
time $PREFIX/bin/testforge_ln_dups.perl ${DEST}/${MONIKER}
fi
if [ $snapshot = "true" ] ; then
echo "INFO: Creating snapshot of backup ..."
btrfs sub snap -r ${DEST}/${MONIKER} "${DEST}/${MONIKER}_$(LANG=C date +%Y-%m-%d_%s)" || exit 4
fi
echo "INFO: Umounting backup filesystem ..."
umount -v ${DEST} || exit 6
echo
exit 0

113
roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash Executable file
View file

@ -0,0 +1,113 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=$PREFIX
ROLE=testforge
# too early
[ -f /usr/local/etc/testforge/testforge.bash ] || exit 0
. /usr/local/etc/testforge/testforge.bash || exit 1
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
if uname -a | grep entoo ; then
GENTOO=0
else
GENTOO=1
fi
UBUNTU=$( [ -d /etc/apt ] )
for PYTHON_MINOR in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -z "$PYTHON_MINOR" ] && continue
# [ "$PYTHON_MINOR" = "$BASE_PYTHON2_MINOR" ] && PYMAJOR=2 || PYMAJOR=3
PYVER="${PYTHON_MINOR:0:1}"
cd $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ || exit $PYVER
[ -f __init__.py ] || touch __init__.py
INFO $PYVER GENTOO=$GENTOO $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/
ls -1d * | \
grep -v '__init__.py\|~$\|egg-info\|__pycache__\|egg-link\|dist-info\|pyc$\|pyo$\|pth$\|.sh$$\|.so$\|.egg$\|.tar$\|.log$\|.lis$\|.err$' | \
sed -e 's/\.py$//' | \
while read elt ; do
[ -z "$elt" ] && continue
[ $elt = cachecontrol ] && mod=CacheControl || mod=$elt
#exceptions
[ $elt = pip ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
[ $elt = ansible ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
#?FixMe: - we are now allowing site.py
[ $elt = site ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for MarkupSafe-1.1.1-py2.7.egg-info
[ $elt = markupsafe ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for PyYAML-5.3.1-py2.7.egg-info
[ $elt = yaml ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# Pygments-2.5.2-py2.7.egg-info
[ $elt = pygments ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# FixMe: what about the selenium patches
[ $elt = selenium ] && continue
# FixMe:
if [ $GENTOO -eq 0 ] && eix -r ^dev-python/${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER $elt is Installed
elif [ $GENTOO -eq 0 ] && eix ^dev-python/py${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER py$elt is Installed
elif [ -e /usr/$LIB/python$PYTHON_MINOR/$elt ] ; then
[ $elt = sitecustomize ] && echo WHY?: in /usr/$LIB/python$PYTHON_MINOR/$elt && continue
echo "DEBUG: $PYVER $elt is in /usr/$LIB/python$PYTHON_MINOR/$elt"
# The python$PYVER -s is crucial - otherwise
# /root/.local/lib64/python2.7/site-packages precedes
# /usr/lib64/python2.7/site-packageson sys.path
elif python$PYVER -s -c "import $mod,os; print os.path.realpath($mod.__path__[0])" 2>/dev/null | grep /usr/$LIB/ ; then
echo "DEBUG: $PYVER $elt is in /usr/$LIB/"
else
echo "INFO: $PYTHON_MINOR Checked OK - $elt"
continue
fi
WARN "$PYTHON_MINOR deleting - $elt"
if [ -d $elt ] ; then
INFO rm -rf *${elt}* .*${elt}*
rm -rf *${elt}* .*${elt}*
elif file $elt | grep 'empty' ; then
INFO rm -rf ${elt}
rm -rf ${elt}
elif [ -f "$elt.py" ] ; then
INFO rm ${elt}.py*
rm ${elt}.py*
elif [ -f "$elt.pyo" ] || [ -f "$elt.pyc" ] ; then
INFO rm -f ${elt}.pyc ${elt}.pyo
rm -f ${elt}.pyc ${elt}.pyo
else
echo "ERROR: oddball not a dir or file $( file $elt ) - \"$elt\""
fi
done
# FixMe: these are missed and crucial
[ -f /usr/local/lib64/python$PYTHON_MINOR7/site-packages/pkg_resources/__init__.py -a \
-f /usr/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/__init__.py ] &&
rm -rf /usr/local/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/
/usr/local/bin/python$PYVER.sh -c 'from pkg_resources import ensure_directory, ContextualZipFile' || \
WARN "from pkg_resources import ensure_directory, ContextualZipFile "
done
cd /usr/local/bin
for file in * ; do
[ -x $file ] || continue
[ -e /usr/bin/$file -o -e /usr/sbin/$file -o -e /usr/bin/$file.py ] || continue
# ls -l /usr/bin/$file $file
root=$( basename $file .py )
[[ $file =~ .*2.py$ ]] && DBUG $file && continue
[[ $file =~ .*2$ ]] && DBUG $file && continue
if file $file | grep -q 'Python script' && head -2 $file | grep -q '/python2' ; then
[[ $file =~ .*.py$ ]] && INFO mv $file ${root}2.py && mv $file ${root}2.py && continue
[ -e /usr/bin/$file.py ] && INFO mv $file ${file}2 && mv $file ${file}2 &&z \
INFO ln -s /usr/bin/$file.py $file && ln -s /usr/bin/$file.py $file && continue
WARN $file not python ; continue
fi
INFO mv $file ${file}2; mv $file ${file}2
done
exit 0

8
roles/toxcore/overlay/Linux/usr/local/bin/testforge_dbus_session_address.bash Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=testforge
ps axwe | grep -v grep | grep DBUS_SESSION_BUS_ADDRESS | \
sed -e 's/[A-Z][A-Z].*DBUS_SESSION_BUS_ADDRESS/DBUS_SESSION_BUS_ADDRESS/' \
-e 's/ [A-CE-Z][A-Z].*//'

39
roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash Executable file
View file

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
ROLE=toxcore
prog=$(basename $0 .bash)
KEY=0x066DAFCB81E42C40
TIMEO=15
WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO"
. /usr/local/bin/proxy_export.bash
if [ is = dead ] ; then
# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY"
URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || {
ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ;
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210
grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220
fi
URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || {
ERROR retval=$? /tmp/3$$.log
exit 3
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || {
ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html
exit 310
}
grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || {
ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log
exit 320
}
exit 0

36
roles/toxcore/overlay/Linux/usr/local/bin/testforge_get_inventory.bash Executable file
View file

@ -0,0 +1,36 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# on stdout - messages on stderr
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
base=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
name=`hostname`
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
base=$name
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
#!? export
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
fi
rm -f /tmp/${AnsI}$$.json
fi
exit 0

39
roles/toxcore/overlay/Linux/usr/local/bin/testforge_local_bin.bash Executable file
View file

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
. /usr/local/bin/usr_local_base.bash || exit 2
umask 0022
[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
[ -f $inidir ] || mkdir -p $inidir
if [ -f $inidir ] ; then
inifile=$inidir
else
inifile=$inidir/testforge.ini
fi
# echo -n "DEBUG: $prog "; ls -l $inifile
[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; }
[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; }
bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' )
if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then
INFO "$inifile > $bashfile"
/usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3
echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile
echo -n "DEBUG: $prog bashfile"; ls -l $bashfile
fi
ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' )
if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then
INFO "$inifile > $ymlfile"
/usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4
echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile
fi
. $bashfile || exit $?
exec bash /usr/local/bin/base_sheebang_after_pip.bash

33
roles/toxcore/overlay/Linux/usr/local/bin/testforge_perm.bash Executable file
View file

@ -0,0 +1,33 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# very dangerous
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
[ -n "$ROOT" ] || exit 1
[ -d "$ROOT" ] || exit 2
ROLE=testforge
cd $ROOT || exit 2
GROUP=adm
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP
if [ -d ${ROOT}$PREFIX ] ; then
# allow
chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net}
chmod -R g+rw,o-w ${ROOT}$PREFIX/{bin,data,lib64,src,net}
chmod a+x ${ROOT}$PREFIX/{bin,src,share/bash}/*sh
# if [ -d ${ROOT}$PREFIX/src/lynis ] ; then
chgrp -R $GROUP ${ROOT}$PREFIX/{bin,data,lib64,src,net}
# forbid /var
chgrp -R root ${ROOT}$PREFIX/{etc,var,share}
chmod -R g-w,o-w ${ROOT}$PREFIX/{etc,var,share}
fi
if [ -d ${ROOT}/usr/local ] ; then
# forbid /usr but lib/python* will be created and allowed on install
chgrp -R root ${ROOT}/usr/local/
chmod -R g-w,o-rw ${ROOT}/usr/local/
fi
exit 0

93
roles/toxcore/overlay/Linux/usr/local/bin/testforge_refresh_ca-certificates.bash Executable file
View file

@ -0,0 +1,93 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=testforge
BASE=/usr/share/ca-certificates/mozilla
TO=/usr/local/share/ca-certificates/mozilla
VER=20190110
DIR=ca-certificates-$VER
URL=deb.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_$VER.tar.xz
URL_CERTDATA=hg.mozilla.org/releases/mozilla-beta/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt
LOG_DIR=/var/local/var/log
[ -d $LOG_DIR ] || mkdir $LOG_DIR
LOG_FILE=$LOG_DIR/ca-certificates_$$.log
rm -f $LOG_FILE
# on Gentoo it may be up to date
if false && which equery 2>/dev/null >/dev/null ; then
# 20190110.3.43
equery f app-misc/ca-certificates|grep /usr/share/doc/ca-certificates-$VER
fi
[ -d $TO ] || mkdir -p $TO
cd /usr/local/src || exit 1
if [ ! -d $DIR ] ; then
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo INFO: not connected ; exit 0 ; }
[ -f /usr/local/net/Http/$URL ] || \
wget -xcP /usr/local/net/Http/ http://$URL || exit 1
tar xvfJ /usr/local/net/Http/$URL
fi
cd $DIR/mozilla || exit 2
# will regenerate these if they exist
rm -f *crt
# leave the original OS /usr/share certs renamed to .old
ls $BASE/*.crt >/dev/null 2>/dev/null && \
for file in $BASE/*.crt ; do
[ -f "$file.old" ] && sudo rm "$file.old"
sudo mv "$file" "$file.old" || \
{ echo ERROR: moving $file $file.old ; exit 3 ; }
done
[ -f blacklist.txt ] || { echo ERROR: missing blacklist.txt ; exit 4 ; }
if [ ! -f certdata.txt.mozilla ] && grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
[ -f /usr/local/net/Http/$URL_CERTDATA ] || \
wget -xcP /usr/local/net/Http/ http://$URL_CERTDATA
fi
if [ ! -f certdata.txt.mozilla ] && [ -f /usr/local/net/Http/$URL ] ; then
cp -p /usr/local/net/Http/$URL_CERTDATA certdata.txt.mozilla
fi
if [ -f certdata.txt.mozilla -a certdata.txt.mozilla -nt certdata.txt ] ; then
[ -f certdata.txt.debian ] || mv certdata.txt certdata.txt.debian
cp -p certdata.txt.mozilla certdata.txt
fi
python2 ./certdata2pem.py >> $LOG_FILE 2>&1 || exit 5
ls *.crt >/dev/null 2>/dev/null && \
for file in *crt ; do
sudo mv $file $TO/$file || \
{ echo ERROR: moving $file $TO/$file ; exit 6 ; }
done
[ -f $TO/blacklist.txt ] || \
sudo cp -p blacklist.txt $TO
#[ -f /etc/ca-certificates.conf ] && [ ! -f /etc/ca-certificates.conf.old ] && \
# sudo mv /etc/ca-certificates.conf /etc/ca-certificates.conf.old
# morons: this return rc=0 even when there is an exception - with java7 -
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
sudo bash /usr/sbin/update-ca-certificates --verbose > $LOG_FILE 2>&1
[ $? -ne 0 ] && exit 7$?
grep Exception: $LOG_FILE && exit 8
cd /usr/local/share/ca-certificates/mozilla || exit 9
for file in *crt; do diff $file /usr/share/ca-certificates/mozilla/$file.old ; done \
>> $LOG_FILE 2>&1
cd /usr/share/ca-certificates/mozilla || exit 10
echo INFO: /usr/share/ca-certificates/mozilla >> $LOG_FILE 2>&1
for file in *.old; do diff $file /usr/local/share/ca-certificates/mozilla$( basename $file .old );done \
>> $LOG_FILE 2>&1
exit 0
# alternate
# wget -xcP /usr/local/net/Http/ http://ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb;alien -t -c /usr/local/net/Http/ftp.us.debian.org/debian/pool/main/c/ca-certificates/ca-certificates_20190110_all.deb ; tar xvfz ca-certificates-20190110.tgz -C /usr/local/share/ca-certificates/mozilla

25
roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash Executable file
View file

@ -0,0 +1,25 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=2
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
$PREFIX/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

26
roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash Executable file
View file

@ -0,0 +1,26 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
[ ! -f "$file" ] && WARN file not found $file && continue
/usr/local/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

60
roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash Executable file
View file

@ -0,0 +1,60 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

519
roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash Executable file
View file

@ -0,0 +1,519 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/proxy_curl_lib.bash
[ -z "$TIMEOUT" ] && TIMEOUT=30
TIMEOUT3=`expr 3 \* $TIMEOUT`
SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT"
[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \
SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12"
# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug
# no timeout -no_tls1_1 -no_tls1_2
OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof"
[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \
OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2"
# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall
TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none"
ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose"
NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace"
# no --cert-status -> ocsp
CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT"
CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https"
# [ -d /usr/local/share/ca-certificates/mozilla ] && \
# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla"
[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \
CURL_ARGS="$CURL_ARGS --tlsv1.2"
NOW=`date +%s`
DATE () {
local elt=$1
shift
# DEBUG=1
$elt $( expr `date +%s` - $NOW )s $*
return 0
}
ssltest_proxies () {
PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '`
PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '`
PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '`
# SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan
TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT"
if [ -n "$SSLTEST_HTTP_PROXY" ] ; then
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
# WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation)
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
fi
# Make sure a firewall is not between you and your scanning target!
# `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY`
# timesout 3x
# TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto"
# use torsocks instead of
# ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT"
CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT"
#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT"
# no proxy args and no _proxy strings
SSLSCAN_ENVS="$TORSOCKS "
ANALYZE_ENVS="$TORSOCKS "
# proxy timesout
TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS"
NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP "
CURL_ENVS=" "
return 0
}
ssltest_nmap () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=nmap
DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile
INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile
$NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1
retval=$?
if grep -q '(1 host up)' $eltfile ; then
if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then
INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile
else
INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
else
WARN $elt "NO '(1 host up)' in" $eltfile
fi
return 0
}
## ssltest_nmap
## no good for 1.3
ssltest_sslscan () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=sslscan
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile
INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile
$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2
if [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ERROR $eltfile ; then
ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile
retval=-1
elif grep EROR: $eltfile ; then
ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile
retval=-2
elif grep "Certificate information cannot be retrieved." $eltfile ; then
WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile
elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then
ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile
retval=-3
elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then
# *.zoho.eu
WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile
elif ! grep -q Accepted $eltfile ; then
WARN "$elt not Accepted CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $SSL_VER = 3 ] && ! grep -q TLS_AES_256_GCM_SHA384 $eltfile ; then
WARN "$elt not TLS_AES_256_GCM_SHA384 CA=$cacert = $eltfile" | tee -a $eltfile
else
DATE INFO "$elt Accepted CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_openssl
ssltest_openssl () {
local elt=$1
local site=$2
local exe=openssl
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
# -msg -msgfile $TMPDIR/$$.$site.s_client.msg
DATE DBUG "$elt s_client $OPENSSL_ELTS" $site $eltfile
INFO "$exe s_client $OPENSSL_ELTS timeout=$total_s" $site >> $eltfile
timeout $total_s $exe s_client $OPENSSL_ELTS $site < /dev/null >> $eltfile 2>&1
retval=$?
if [ $retval -eq 124 ] ; then
WARN "$elt failed timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -eq 1 ] ; then
num=`grep ':SSL alert number' $eltfile | sed -e 's/.*:SSL alert number //'`
if [ $? -eq 0 ] && [ -n "$num" ] ; then
ERROR "$elt failed retval=$retval SSL alert #$num ${SSL_ALERT_CODES[$num]} CA=$cacert = $eltfile" | tee -a $eltfile
else
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
cat $eltfile
fi
elif grep ':error:' $eltfile ; then
a=`grep ':error:' $eltfile | sed -e 's/^[0-9]*:[^:]*:[^:]*:[^:]*:[^:]*://' -e 's/:.*//' |head -1 `
ERROR "$elt :error: $a CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Cipher is (NONE)\|SSL handshake has read 0 bytes' $eltfile ; then
ERROR "$elt s_client Cipher is (NONE) CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'HTTP CONNECT failed:' $eltfile ; then
WARN "$elt failed HTTP CONNECT failed CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'unable to get local issuer certificate' $eltfile ; then
WARN "$elt s_client unable to get local issuer certificate CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Verification error: certificate has expired' $eltfile ; then
WARN "$elt s_client Verification error: certificate has expired = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif ! grep -q '^depth=0 CN.*'$site $eltfile ; then
WARN "$elt s_client CN NOT $site = $eltfile" | tee -a $eltfile
elif grep 'OSCP response: no response' $eltfile ; then
WARN "$elt s_client OSCP response: no response = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif grep 'New, TLSv1.$SSL_VER, Cipher is TLS' $eltfile ; then
DATE INFO "$elt TLSv1.$SSL_VER, Cipher is TLS CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt client CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_testssl
ssltest_testssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/$elt.sh
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT3`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" $eltfile
INFO DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" >> $eltfile 2>&1
# TLS 1.2 offered (OK)
# TLS 1.3 offered (OK)
# You should not proceed as no protocol was detected. If you still really really want to, say "YES" -->
echo YES | timeout $total_s env $TESTSSL_ENVS $exe $TESTSSL_ELTS $site:$SSL_PORT >>$eltfile 2>&1
retval=$?
subdir=`grep 'DEBUG (level 1): see files in' $eltfile | sed -e 's/.* //' -e "s/[$'].*//"`
if [ -n "$subdir" ] ; then
subdir="${subdir::19}"
if [ -d "$subdir" ] ; then
DBUG found \"$subdir\"
cat "$subdir"/*parse*txt >> $eltfile
fi
fi
if grep "Protocol.*TLSv1.$SSL_VER" $eltfile ; then
# timesout after success
DATE INFO "$elt $site Protocol : TLSv1.$SSL_VER CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif grep 'TLS 1.$SSL_VER *.*offered.*(OK)' $eltfile ; then
DATE INFO "$elt $site TLS 1.$SSL_VER offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif [ $retval -eq 124 ] ; then
WARN $elt $site "timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'TLS 1.$SSL_VER.*not offered and downgraded to a weaker protocol' $eltfile ; then
DATE ERROR "$elt $site TLS 1.$SSL_VER NOT offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -q 't seem to be a TLS/SSL enabled server' $eltfile ; then
DATE ERROR "$elt $site doesnt seem to be a TLS/SSL enabled server: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep -q 'Client problem, No server cerificate could be retrieved' $eltfile ; then
WARN "$elt $site Client problem: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'Fixme: something weird happened' $eltfile ; then
WARN "$elt $site Fixme: something weird happened CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif grep 'Oops: TCP connect problem' $eltfile ; then
WARN "$elt $site Oops: TCP connect problem CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif [ $retval -gt 5 ] ; then
# returns 5
WARN "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ': unable to\| error:' $eltfile ; then
ERROR "$elt.bash unable to / error: CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'unexpected error' $eltfile ; then
ERROR "$elt.bash unexpected error CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif [ "$retval" -eq 1 ] ; then
DATE ERROR "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif grep -q "Negotiated protocol.*TLSv1.$SSL_VER" $eltfile ; then
# TLS_AES_256_GCM_SHA384
DATE INFO "$elt.bash TLSv1.$SSL_VER retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif [ "$retval" -ne 0 ] ; then
# 5 is success
DATE WARN "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt.bash no error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
fi
if grep ' VULNERABLE ' $eltfile ; then
WARN "$elt.bash VULNERABLE: CA=$cacert = $eltfile " | tee -a $eltfile
fi
grep 'Overall Grade' $eltfile
return $retval
}
## ssltest_analyze_ssl $elt $site
ssltest_analyze_ssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/analyze-ssl.pl.bash
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" $eltfile
INFO "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" >> $eltfile
timeout $total_s $ANALYZE_ENVS $exe $ANALYZE_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
if [ ! -s $eltfile ] ; then
ERROR "$elt failed empty $eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep "successful connect with TLSv1_$SSL_VER" $eltfile && \
grep 'all certificates verified' $eltfile ; then
# succeeds but timesout
DATE INFO "$elt successful connect with TLSv1_$SSL_VER retval=$retval error = $eltfile" | tee -a $eltfile
elif [ $retval -eq 124 ] ; then
WARN "$elt timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval = $eltfile" | tee -a $eltfile
elif grep ERROR: $eltfile ; then
ERROR "$elt failed ERROR: = $eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'certificate verify - name does not match' $eltfile ; then
ERROR "$elt failed name does not match = $eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif ! grep 'certificate verified : ok' $eltfile ; then
ERROR "$elt failed NO certificate verified = $eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif grep 'certificate verified : FAIL' $eltfile ; then
ERROR "$elt certificate verified : FAIL = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'handshake failed with HIGH' $eltfile ; then
WARN "$elt failed handshake failed with HIGH = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif grep '^ \! ' $eltfile ; then
ERROR "$elt failed \! = $eltfile" | tee -a $eltfile
retval=`expr 256 - 8`
else
DATE INFO "$elt no error = $eltfile" | tee -a $eltfile
fi
return $retval
}
## ssltest_curl
ssltest_curl () {
local elt=$1
local site=$2
local exe="/usr/local/bin/s$elt.bash -- "
local outfile=$3
[ -f "$outfile" ] || { WARN no outfile ; return 1 ; }
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local prot
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
[ -n "$SSL_PORT" ] || { WARN no SSL_PORT ; return 3 ; }
exe=curl
if [ "$SSL_PORT" = 443 ] ; then
prot=https
elif [ "$SSL_PORT" = 995 ] ; then
prot=pop3s
exe=curl
CURL_ELTS="$CURL_ELTS -l"
elif [ "$SSL_PORT" = 587 ] ; then
prot=smtps
exe=curl
# CURL_ELTS="$CURL_ELTS"
else
ERROR $elt unrecognized port protocol $SSL_PORT
return 3
fi
DATE DBUG $elt $CURL_ENVS "`basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" $eltfile
INFO $elt "$CURL_ENVS `basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS ${prot}://$site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# grep '= /tmp/scurl'
ERRF=$eltfile
if [ $SSL_VER -eq 3 ] && ! grep "SSL connection using TLSv1.$SSL_VER" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif ! grep -q "SSL connection using TLSv1.[3$SSL_VER]" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif [ $retval -eq 77 ] || grep -q 'CURLE_SSL_CACERT_BADFILE' $ERRF ; then
ERROR "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep -q 'CURLE_OPERATION_TIMEDOUT' $ERRF ; then
WARN "$elt retval=$retval CURLE_OPERATION_TIMEDOUT ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 91 ] || grep -q 'CURLE_SSL_INVALIDCERTSTATUS' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep 'Connection timed out' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 22 ] || grep -q 'curl: (22) The requested URL returned error:' $ERRF; then
# on 22 - change to HTTP code
code=`grep 'curl: (22) The requested URL returned error:' $ERRF | sed -s 's/.*returned error: //'`
if [ "$code" = 416 ] ; then
INFO "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
elif [ -n "$code" ] && [ "$code" -ge 400 ] ; then
# 403 Cloudflare
ERROR "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
else
WARN "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
# curl: (3) URL using bad/illegal format or missing URL - worked
WARN "$elt retval=$retval ${CURLE[$retval]} CA=$cacert = $ERRF" | tee -a $eltfile
elif ! grep "subject: CN=$site" $ERRF ; then
ERROR "$elt NO subject: CN=$site CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep "503 - Forwarding failure" $ERRF ; then
WARN "$elt 503 - Forwarding failure CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'we are not connected' $eltfile ; then
WARN "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
else
INFO "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
fi
# TLSv1.3 (IN), TLS handshake, Finished
return $retval
}
## ssllabs_analyze
ssltest_analyze () {
local elt=$1
local site=$2
local exe="/usr/local/bin/scurl.bash -- "
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local url="https://www.ssllabs.com/ssltest/analyze.html?d=$site"
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS SSL_PORT=$SSL_PORT $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile >> $outfile
else
DATE INFO "$elt retval=$retval $url" $eltfile >> $outfile
fi
return $retval
}
## ssltest_ssllabs
ssltest_ssllabs() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local site_ip=$4
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local host=www.ssllabs.com
local url="ssltest/analyze.html?d=$site&s=$site_ip"
local exe="/usr/local/bin/scurl.bash -- "
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'No' ; then
DATE ERROR "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'Yes' ; then
DATE INFO "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=0
else
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
fi
return $retval
}
## ssltest_http2_alt_svc
ssltest_http2_alt_svc() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local exe="/usr/local/bin/scurl.bash -- "
local host=www.integralblue.com
local url=1.1.1.1/fun-stuff/dns-over-tor/
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
if [ -n "$socks_proxy" ] ; then
export socks_proxy=`sed -e 's/socks[a-z0-9]*:/socks5h:/' <<< $socks_proxy`
$exe --head --http2 -x $socks_proxy https://$host/$url > $eltfile 2>&1
else
$exe --head --http2 https://$host/$url > $eltfile 2>&1
fi
#? grep '^HTTP/2 301' $eltfile || exit 1
grep '^HTTP/2 ' $eltfile || return 11
grep 'alt-svc:' $eltfile || return 12
onion=`grep 'alt-svc:' $eltfile | sed -e 's/.*h2=.//' -e 's/";.*//'` # || exit 3
if [ -n "$socks_proxy" ] ; then
$exe --head -x $socks_proxy https://$onion/$url >> $eltfile 2>&1
retval=$?
else
$exe --head https://$onion/$url >> $eltfile 2>&1
retval=$?
fi
if [ $retval -eq 0 ] ; then
DATE INFO $elt https://$host/$url | tee -a $eltfile
else
DATE WARN $elt https://$host/$url | tee -a $eltfile
fi
return $?
}

344
roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash Executable file
View file

@ -0,0 +1,344 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
export PATH=/sbin:$PATH
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
#[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
. $PREFIX/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/proxy_ping_lib.bash >/dev/null || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 3; }
#? . $PREFIX/src/usr_local_src.bash || exit 2
DNS_TRIES=3
LOGP=TestSSL_`date -u +%y-%m-%d_%H_$$`
rm -f $TMPDIR/${LOGP}*
# analyze-ssl passed files.pythonhosted.org
# INFO: 226s analyze-ssl no error = /tmp/_files.pythonhosted.org_analyze-ssl.out
[ -z "$SSLTEST_TESTS" ] && SSLTEST_TESTS="curl openssl testssl nmap" # sslscan
[ -z "$SSLTEST_CERTS" ] && SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt /usr/local/etc/ssl/cacert-testforge.pem"
[ -z "$SSLTEST_TIMEOUT" ] && SSLTEST_TIMEOUT=30
[ -z "$SSLTEST_SOCKS_PROXY" -a -n "$socks_proxy" ] && SSLTEST_SOCKS_PROXY=$socks_proxy \
&& DBUG SSLTEST_SOCKS_PROXY=$socks_proxy
if [ -z "$SSLTEST_HTTPS_PROXY" -a -n "$https_proxy" ] ; then
SSLTEST_HTTPS_PROXY=$https_proxy
DBUG SSLTEST_HTTPS_PROXY=$SSLTEST_HTTPS_PROXY
fi
[ -z "$SSLTEST_HTTP_PROXY" -a -n "$http_proxy" ] && SSLTEST_HTTP_PROXY=$http_proxy \
&& DBUG SSLTEST_HTTP_PROXY=$http_proxy
[ -z "$BOX_BYPASS_PROXY_GROUP" ] && BOX_BYPASS_PROXY_GROUP=bin
SSL_LIB=openssl
# [ "$MODE" ] && proxy_ping_test.bash $MODE
declare -a BADSSL_SITES
BADSSL_SITES=(
self-signed.badssl.com
expired.badssl.com
mixed.badssl.com
rc4.badssl.com
hsts.badssl.com
)
declare -a GOODSSL_SITES
GOODSSL_SITES=(
files.pythonhosted.org
mirrors.dotsrc.org
deb.devuan.org
# dfw.source.kernel.org
# cdn.kernel.org
)
badssl=0
goodssl=0
[ "$#" -eq 0 ] && goodssl=1
tests="$SSLTEST_TESTS"
verbosity=2
outdir=/tmp
timeout=$SSLTEST_TIMEOUT
onion=0
CAFILE=/usr/local/etc/ssl/cacert-testforge.pem
TMPDIR=/tmp
SSL_PORT=443
SSL_VER=3
usage() {
echo "Usage: $0 [OPTIONS] dirs-or-files"
echo
echo " -B | --badssl - test badssl.org sites"
echo " -G | --goodssl - test good sites"
echo " -S | --ssl - tls version v1.x - 2 or 3"
echo " -O | --onion - onion"
echo " -o | --outdir=$TMPDIR - output directory"
echo " -v | --verbosity=$verbosity - verbosity 0 least 5 most"
echo " -T | --timeout=$timeout - timeout in sec."
echo " -E | --tests=`sed -e 's/ /,/g' <<< $tests` - tests, comma separated"
echo " -C | --certs=`sed -e 's/ /,/g' <<< $SSLTEST_CERTS` - tests, comma separated"
echo " -Y | --ciphers - comma sep list of ciphers"
echo " -P | --port - port default $SSL_PORT"
echo " -N | --connect - connect"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
SHORTOPTS="hVGBv:T:C:P:S:E:Y:ON:"
LONGOPTS="help,version:,goodssl,badssl,verbosity:,timeout,certs:,port:,ssl:,tests:,ciphers:,onion,connect:"
declare -a SITES
SITES=()
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && { ERROR "error parsing getopt" ; exit 4 ; }
eval set -- "$ARGS"
while true; do
case "$1" in
-o|--outdir)
shift
TMPDIR="$1"
;;
-v|--verbosity)
shift
verbosity="$1"
;;
-T|--timeout)
shift
timeout="$1"
;;
-S|--ssl)
shift
SSL_VER="$1"
;;
-P|--port)
shift
SSL_PORT="$1"
;;
-N|--connect)
shift
SSL_CONNECT="$1"
;;
-C|--certs)
shift
SSLTEST_CERTS="`sed -e 's/,/ /g' <<< $1`"
;;
-Y|--ciphers)
shift
SSLTEST_CIPHERS="`sed -e 's/,/ /g' <<< $1`"
;;
-t|--tests)
shift
tests="`sed -e 's/,/ /g' <<< $1`"
;;
-O|--onion)
onion=1
;;
-G|--goodssl)
goodssl=1
badssl=0
;;
-B|--badssl)
badssl=1
goodssl=0
;;
-V|--version)
usage
exit 0
;;
-h|--help)
usage
exit 0
;;
'--')
shift
SITES=("$@")
break
;;
*)
{ ERROR "unrecognized arguments $*" ; exit 5 ; }
break
;;
esac
shift
done
[ "${#SITES[*]}" -eq 0 -a $badssl -gt 0 ] && SITES=("${BADSSL_SITES[@]}")
[ "${#SITES[*]}" -eq 0 -a $goodssl -gt 0 ] && SITES=("${GOODSSL_SITES[@]}")
[ "${#SITES[@]}" -eq 0 ] && { ERROR "no arguments $*" ; exit 7 ; }
[ "$SSL_VER" -ge 2 -a "$SSL_VER" -le 3 ] || { ERROR "SSL_VER $SSL_VER" ; exit 6 ; }
[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" || { ERROR "mkdir $TMPDIR" ; exit 8 ; }
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; exit 9 ; }
[ $onion -eq 0 ] && TIMEOUT=$timeout || TIMEOUT=`expr $timeout \* 2`
SSLTEST_TESTS="$tests"
declare -a tests_ran
tests_ran=()
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; }
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; }
IP=`ifconfig $IF|grep -A 2 ^wlan |grep inet | sed -e 's/.*inet //' -e 's/ .*//'`
[ -n "$IP" ] || { ERROR "no IP" ; exit 11 ; }
[ -z "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash
netstat -nle4 | grep -v grep | grep -q 0.1:53 || \
{ WARN "DNS not running - netstat " ; }
# iptables-legacy-save | grep "OUTPUT -o wlan4 -m owner --gid-owner 2 -j ACCEPT"
# uses TIMEOUT=30
. $PREFIX/bin/testforge_ssl_lib.bash
if [ "$USER" = bin ] ; then
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
else
DEBUG=0 proxy_ping_get_socks >/dev/null
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
fi
if [ "$USER" = bin ] ; then
TORSOCKS=""
elif [ $SOCKS_HOST != 127.0.0.1 ] ; then
TORSOCKS="torsocks --address $SOCKS_HOST --port $SOCKS_PORT "
elif [ $SOCKS_PORT != 9050 ] ; then
TORSOCKS="torsocks --port $SOCKS_PORT "
else
TORSOCKS="torsocks "
fi
if [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
grep -q "SocksPolicy *accept *$IP" /etc/tor/torrc || \
{ WARN "need SocksPolicy accept $IP in /etc/tor/torrc" ; }
fi
# This works off the $https_proxy environment variable in the form http://127.0.0.1:9128
# so you can test trans routing by call this with that unset.
ssltest_proxies $onion
rm -f $TMPDIR/${LOGP}.*.*
OUTF=$TMPDIR/${LOGP}.out
for CAFILE in $SSLTEST_CERTS ; do
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || {
WARN $prog we are not connected >&2
exit `expr 256 - 1`
}
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; continue ; }
DATE DBUG CAFILE=$CAFILE --address $SOCKS_HOST --port $SOCKS_PORT
cacert=`basename $CAFILE`
for site in "${SITES[@]##*/}" ; do
warns=0
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { WARN "$site no route" ; continue ; }
SITE_OUTF=$TMPDIR/${LOGP}_${site}.out
DEBUG=1 DATE DBUG $site CAFILE=$CAFILE $SITE_OUTF | tee -a $SITE_OUTF
# ERROR: Could not resolve hostname www.devuan.org.
i=0
while [ $i -le $DNS_TRIES ] ; do
if [ $onion -eq 0 ] ; then
site_ip=`dig $site +retry=5 +tries=2 +noall +answer +short | awk '{ print $1 }'` && break
else
site_ip=`tor-resolve -4 $site` && break
fi
i=`expr $i + 1`
sleep 5
done
[ $i -ge $DNS_TRIES ] && ERROR failed resolve $site | tee -a $SITE_OUTF
[ $i -ge $DNS_TRIES ] && site_ip=$site
elt=sslscan
SSLSCAN_ELTS="$SSLSCAN_ARGS --certs $CAFILE --sni-name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_sslscan $elt $site $SITE_OUTF $site_ip
elt=openssl
OPENSSL_ELTS="$OPENSSL_ARGS -CAfile $CAFILE -servername $site"
[ -n "$SSL_CONNECT" ] && OPENSSL_ELTS="$OPENSSL_ARGS -connect ${SSL_CONNECT}:$SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_openssl $elt $site $SITE_OUTF $site_ip
elt=testssl
rm -f $TMPDIR/${LOGP}.$site.$elt.json # --jsonfile-pretty $TMPDIR/${LOGP}.$site.$elt.json
TESTSSL_ELTS="$TESTSSL_ARGS --add-ca $CAFILE --append --ip $site_ip"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_testssl $elt $site $SITE_OUTF $site_ip
elt=analyze-ssl
ANALYZE_ELTS="$ANALYZE_ARGS --CApath $CAFILE --name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $SSL_PORT = 443 ] && \
tests_ran+=($elt) && \
ssltest_analyze_ssl $elt $site $SITE_OUTF $site_ip
elt=curl
CURL_ELTS="$CURL_ARGS --cacert $CAFILE --output /dev/null"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_curl $elt $site $SITE_OUTF $site_ip
elt=nmap
NMAP_ELTS="$NMAP_ARGS --host-timeout $TIMEOUT -p $SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_nmap $elt $site $SITE_OUTF $site_ip
elt=ssllabs
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_ssllabs $elt $site $SITE_OUTF $site_ip
done
done
# bonus
elt=alt_svc
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_http2_alt_svc $elt - $SITE_OUTF -
cat $TMPDIR/${LOGP}_*.out > $OUTF
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
a=`openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM' | wc -l | sed -e 's/ .*//'`
[ $? -eq 0 ] && [ "$a" -eq 0 ] && \
WARN "no openssl ciphers" | tee -a $OUTF
DEBUG=1 DBUG "${#tests_ran[@]}" TESTS="${tests_ran[@]}"
warns=`grep -c WARN: $OUTF`
[ $? -eq 0 ] && [ "$warns" -gt 0 ] && DATE WARN "$warns warns for $site in $OUTF"
errs=`grep -c 'ERROR:\|EROR:' $OUTF`
[ $? -eq 0 ] && [ "$errs" -gt 0 ] && DATE ERROR "$errs errs for $site in $OUTF"
[ $? -eq 0 ] && [ "$warns" -eq 0 -a "$errs" -eq 0 ] && \
DATE INFO "NO warns/errs for $site in $OUTF"
exit $errs
# pysslscan scan --scan=protocol.http --scan=vuln.heartbleed --scan=server.renegotiation \
# --scan=server.preferred_ciphers --scan=server.ciphers \
# --report=term:rating=ssllabs.2009e --ssl2 --ssl3 --tls10 --tls11 --tls12
# /usr/local/bin/ssl-cipher-check.pl

68
roles/toxcore/overlay/Linux/usr/local/bin/testssl.bash Executable file
View file

@ -0,0 +1,68 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0

6
roles/toxcore/overlay/Linux/usr/local/bin/testssl.sh Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=toxcore
cd $PREFIX/src/testssl.sh || exit 1
exec bash testssl.sh "$@"

50
roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash Executable file
View file

@ -0,0 +1,50 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -n "$PYDEV_VAR_LOCAL" ] && PREFIX=$PYDEV_VAR_LOCAL
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
HTTP_DIR=$PREFIX/net/Http
DIR=tinfoilhat.shmoo.com
URL=web.archive.org/web/20121116091222/http:/
cd $PREFIX/src || exit 2
WD=$PWD
if [ $# -eq 0 ] ; then
if [ ! -d $DIR ] ; then
route|grep -q ^default || exit 0
mkdir $DIR $DIR/source
wget -cP $DIR/source http://$URL/$DIR/source/bb-random.c \
http://$URL/$DIR/source/gpggrid-version-on-floppy.c \
http://$URL/$DIR/source/gpggrid.c || exit 3
fi
cd $PREFIX/src/$DIR/source || exit 4
[ -x gpggrid ] || \
cc -o gpggrid --static gpggrid.c || exit 5
[ -f staticgpggrid.c ] || \
sed -e 's/"gpg"/"staticgpg"/' gpggrid.c > staticgpggrid.c
[ -x staticgpggrid ] || \
cc -o staticgpggrid --static staticgpggrid.c || exit 6
[ -x $PREFIX/bin/gpggrid -a $PREFIX/bin/gpggrid -nt gpggrid ] || \
cp -p gpggrid $PREFIX/bin/ || exit 7
[ -x $PREFIX/bin/staticgpggrid -a $PREFIX/bin/staticgpggrid -nt gpggrid ] || \
cp -p staticgpggrid $PREFIX/bin/ || exit 8
OPREFIX=$PREFIX/share/genkernel/overlay
[ -d $OPREFIX/bin ] || mkdir $OPREFIX/bin
[ -x $OPREFIX/bin/staticgpggrid ] || \
ln $OPREFIX/bin/staticgpggrid $OPREFIX/bin/ || exit 9
fi
exit 0

6
roles/toxcore/overlay/Linux/usr/local/bin/tor_bootstrap_check.bash Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
exec python3.sh /usr/local/lib/helper-scripts/tor_bootstrap_check.py "$@"

75
roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash Executable file
View file

@ -0,0 +1,75 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
HTTP_DIR=$PREFIX/net/Http
DIR=tox_profile
MOD=$DIR
GIT_HUB=git.plastiras.org
GIT_USER=emdee
GIT_DIR=$DIR
# tox_profile
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
msys_are_we_connected || exit 0
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git clone "https://$GIT_HUB/$GIT_USER/$GIT_DIR" ) ||\
exit 2
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git config user emdee && \
git config email emdee@ )
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3
fi
python$PYVER.sh -c 'import namedlist' || \
pip$PYVER.sh install namedlist
cd $DIR || exit 4
[ -f __init__.py ] || touch __init__.py
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
:
elif [ "$1" = 'lint' ] ; then # 2*
[ -n "$PYVER" ] || return 20
pylint -E --recursive y || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/$DIR || exit 32
$PYTHON_EXE_MSYS tox_savefile_test.bash \
>> $WD/$DIR/test.log 2>&1 || \
{ ERROR "$MOD code $?" ; cat $WD/$DIR/test.log ; exit 35 ; }
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
fi

122
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_daily.bash Normal file → Executable file
View file

@ -10,9 +10,19 @@
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/locaal/etc/testforge/testforge.bash
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
TOXCORE_LOG_DIR=$PREFIX/var/log
[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
. /usr/local/src/usr_local_src.bash
TOHOST=files.pythonhosted.org
# mirrors.dotsrc.org
. /usr/local/bin/proxy_export.bash
PL=/usr/local/bin/proxy_ping_lib.bash
. $PL
PL=
MYID=`id -u`
[ $MYID -eq 0 ] || WARN $prog should be run as root $MYID
@ -28,50 +38,96 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete
[ -d /usr/local/share/doc ] || mkdir -p /usr/local/share/doc
[ -d /var/local/share/doc/txt ] && [ ! -d /usr/local/share/doc/txt ] && \
mv /var/local/share/doc/txt /usr/local/share/doc/txt && \
ln -s /usr/local/share/doc/txt /var/local/share/doc/txt
find "$TOXCORE_LOG_DIR"/$ly/ -type f \
-name W${prog}*.log -o -name E${prog}\*.log -mtime +8 -delete >/dev/null
if virsh list | grep -q Whonix-Gateway ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
[ -z "$MODE" ] || MODE=`proxy_ping_mode`
if [ -d /etc/libvirt/qemu ] ; then
elt=qemu
DBUG elt=$elt
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null >/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | \
grep -v 'Failed to open SPICE sockets\|Spice: Connection reset by peer' | \
tee -a $WLOG
fi
# FixMe missing
[ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \
$PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | \
grep WARN: |tee -a $WLOG
if which virt-host-validate 2>/dev/null ; then
[ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \
sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1
b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ]
b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \
WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG
fi
if /etc/init.d/libvirtd status ; then
if [ "$MODE" = whonix ] ; then
elt=toxcore_libvirt_test_ga
DBUG $elt
if virsh net-list | grep -q External ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
fi
virsh list | grep '^ [0-9]' | while read id elt rest ; do
[ $rest = running ] || continue
virsh dumpxml $elt | grep -q org.qemu.guest_agent.0.*connected || \
WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG
# <target type='virtio' name='com.redhat.spice.0' state='connected'/>
# <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
done
fi
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
export SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt"
export SSLTEST_TESTS="testssl nmap"
if route | grep -q def ; then
elt=testforge_ssl_test
DBUG $elt
$PREFIX/bin/testforge_ssl_test.bash -v 3 $TOHOST
retval=$?
if [ $retval -ne 0 ] ; then
ERROR retval=$retval testforge_ssl_test.bash -v 3 $TOHOST|tee -a $ELOG
else
INFO testforge_ssl_test.bash -v 3 $TOHOST
fi
fi
# FixMe missing
[ -x $PREFIX/bin/toxcore_libvirt_test_xml.bash ] && \
$PREFIX/bin/toxcore_libvirt_test_xml.bash 2>&1 | grep WARN: >> $WLOG
if which virt-host-validate 2>/dev/null ; then
[ -f $TOXCORE_LOG_DIR/daily/virt-host-validate.log ] || \
sudo virt-host-validate > $TOXCORE_LOG_DIR/daily/virt-host-validate.log 2>&1
b=`grep FAIL $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ]
b=`grep WARN $TOXCORE_LOG_DIR/daily/virt-host-validate.log|wc -l|sed -e 's/ .*//'`
[ $? -eq 0 -a -n "$b" -a $b -gt 0 ] && \
WARN $b WARN in $TOXCORE_LOG_DIR/$ly/virt-host-validate.log $warns | tee -a $WLOG
elt=testforge_dirmngr_test
if route | grep -q default ; then
DBUG $elt
$PREFIX/bin/testforge_dirmngr_test.bash
retval=$?
if [ $retval -ne 0 ] ; then
ERROR retval=$retval testforge_dirmngr_test.bash | tee -a $ELOG
else
INFO testforge_dirmngr_test.bash
fi
fi
if /etc/init.d/libvirtd status ; then
virsh list | grep '^ [0-9]' | while read id elt rest ; do
[ $rest = running ] || continue
virsh dumpxml $elt | grep org.qemu.guest_agent.0.*connected || \
WARN org.qemu.guest_agent not connected for $elt |tee -a $WLOG
# <target type='virtio' name='com.redhat.spice.0' state='connected'/>
# <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
done
fi
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
if [ -s $ELOG ] ; then
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
fi
if [ -s $WLOG ] ; then
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
fi
[ $warns -eq 0 -a $errs -eq 0 ] && \
ols_clean_testforge_logs $TOXCORE_LOG_DIR && \

49
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_hourly.bash
View file

@ -10,7 +10,8 @@
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/locaal/etc/testforge/testforge.bash
[ -f /usr/local/etc/testforge/testforge.bash ] || \
. /usr/local/etc/testforge/testforge.bash
TOXCORE_LOG_DIR=$PREFIX/var/log
[ -d $TOXCORE_LOG_DIR ] || mkdir -p $TOXCORE_LOG_DIR
@ -28,31 +29,39 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete
[ -d /var/lib/libvirt/dnsmasq/ ] && \
sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log \
-o -name E${prog}*.log -mtime +1 -delete
if [ -d /etc/libvirt/qemu ] ; then
elt=qemu
DBUG elt=$elt
[ -d /var/lib/libvirt/dnsmasq/ ] && \
sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete
if virsh net-list | grep -q External ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
fi
if virsh list | grep -q Whonix-Gateway ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash
fi
# -%d
if ls /var/log/libvirt/qemu/*.log 2>/dev/null ; then
sudo grep ^`date +%Y-%m`.*warning /var/log/libvirt/qemu/*.log | tee -a $WLOG
if [ -s $ELOG ] ; then
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
fi
if [ -s $WLOG ] ; then
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
fi
warns=`grep -c WARN: "$WLOG"`
[ $warns -ne 0 ] && \
WARN "$prog $ly $warns warnings in $WLOG"
errs=`grep -c ERROR: "$ELOG"`
[ $errs -ne 0 ] && \
ERROR "$prog $ly $errs errors in $ELOG" && \
exit -$errs
[ $warns -eq 0 -a $errs -eq 0 ] && \
ols_clean_testforge_logs $TOXCORE_LOG_DIR && \
INFO "No $ly errors in $TOXCORE_LOG_DIR"
exit 0

33
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint.bash Executable file
View file

@ -0,0 +1,33 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=3
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
[ -f . /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -z "$PYVER" ] && PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
[ -z "$PYTHON_MINOR" -a PYVER = 2 ] && BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$PYTHON_MINOR" -a PYVER = 3 ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
declare -a LARGS
LARGS=( --recursive y --verbose --py-version "$PYTHON_MINOR" --output-format colorized )
[ -f $RCFILE ] || exit 2
LARGS+=( --rcfile $RCFILE )
export PYTHONPATH=$PWD
#INFO python3.bash `which pylint` "${LARGS[@]}" "$@"
#/usr/local/bin/python3.sh `which pylint` "${LARGS[@]}" "$@"
exec $PYTHON_EXE_MSYS `which pylint` "${LARGS[@]}" "$@"

16
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint2.bash Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
export PYVER
export PREFIX
export PYTHON_EXE_MSYS
exec toxcore_pylint.bash "$@"

16
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_pylint3.bash Executable file
View file

@ -0,0 +1,16 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash
ROLE=toxcore
RCFILE=/usr/local/etc/testforge/pylint.rc
[ -n "$PREFIX" ] || PREFIX=/usr/local
[ -n "$PYVER" ] || PYVER=2
[ -n "$PYTHON_EXE_MSYS" ] || PYTHON_EXE_MSYS=python$PYVER.sh
[ -x "$PYTHON_EXE_MSYS" ] || return 2
export PYVER
export PREFIX
export PYTHON_EXE_MSYS
exec toxcore_pylint.bash "$@"

16
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest3.bash
View file

@ -2,14 +2,19 @@
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/var/local
. /usr/local/etc/testforge/testforge.bash
ROLE=testforge
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
@ -18,5 +23,6 @@ PYTHON_EXE=$PYTHON_EXE_MSYS
LOPTS="-o ELLIPSIS --fail-fast"
for file in "$@" ; do
/var/local/bin/python$PYVER.bash -m doctest $LOPTS "$file"
[ -f "$file" ] || continue
$PREFIX/bin/python$PYVER.sh -m doctest $LOPTS "$file"
done

56
roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash Normal file
View file

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
ROLE=toxcore
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash
# we install into /usr/local/bin and it takes precedence
# export PATH=$PREFIX/bin:$PATH
. $PREFIX/src/usr_local_src.bash || exit 2
[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3
if [ "$#" -eq 0 ] ; then
cd $PREFIX/src || exit 2
WD=$PWD
bash c-toxcore.bash # || exit 3$?
bash tox_profile.bash # || 4$?
# sh mitogen.bash
# sh toxcore_docker.bash || exit 4$?
# which sdwdate >/dev/null 2>/dev/null || \
# [ -f $PREFIX/bin/sdwdate.bash ] || \
# sh sdwdate.bash
sh gridfire.bash # || exit 6$?
sh pyassuan.bash #|| exit 7$?
sh tinfoilhat.shmoo.com.bash
# sh negotiator.bash
[ -d testssl.sh ] || \
sh testssl.bash || exit 9$?
exit 0
elif [ "$1" = 'check' ] ; then
exit 0
msys_run_checks_pip3
msys_var_local_src_prog_key check || exit 10$?
exit $?
elif [ "$1" = 'lint' ] ; then
# ols_run_tests_shellcheck $ROLE || exit 2$?
msys_var_local_src_prog_key $1 || exit 21$?
# ols_run_tests_pylint || exit 22$?
exit 0
elif [ "$1" = 'test' ] ; then
exit 0
msys_var_local_src_prog_key $1 || exit 30$?
msys_check_pips_inst
msys_gentoo_test_imports || exit 32$?
#hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$?
fi

375
roles/toxcore/overlay/Linux/usr/local/etc/testforge/pylint.rc Normal file
View file

@ -0,0 +1,375 @@
# is file was generated by edx-lint: https://github.com/edx/edx-lint
#
# If you want to change this file, you have two choices, depending on whether
# you want to make a local change that applies only to this repo, or whether
# you want to make a central change that applies to all repos using edx-lint.
#
# Note: If your pylintrc file is simply out-of-date relative to the latest
# pylintrc in edx-lint, ensure you have the latest edx-lint installed
# and then follow the steps for a "LOCAL CHANGE".
#
# LOCAL CHANGE:
#
# 1. Edit the local pylintrc_tweaks file to add changes just to this
# repo's file.
#
# 2. Run:
#
# $ edx_lint write pylintrc
#
# 3. This will modify the local file. Submit a pull request to get it
# checked in so that others will benefit.
#
#
# CENTRAL CHANGE:
#
# 1. Edit the pylintrc file in the edx-lint repo at
# https://github.com/edx/edx-lint/blob/master/edx_lint/files/pylintrc
#
# 2. install the updated version of edx-lint (in edx-lint):
#
# $ pip install .
#
# 3. Run (in edx-lint):
#
# $ edx_lint write pylintrc
#
# 4. Make a new version of edx_lint, submit and review a pull request with the
# pylintrc update, and after merging, update the edx-lint version and
# publish the new version.
#
# 5. In your local repo, install the newer version of edx-lint.
#
# 6. Run:
#
# $ edx_lint write pylintrc
#
# 7. This will modify the local file. Submit a pull request to get it
# checked in so that others will benefit.
#
#
#
#
#
# STAY AWAY FROM THIS FILE!
#
#
#
#
#
# SERIOUSLY.
#
# ------------------------------
# Generated by edx-lint version: 5.2.3
# ------------------------------
[MASTER]
ignore = ,input
persistent = yes
[MESSAGES CONTROL]
enable =
blacklisted-name,
# line-too-long,
abstract-class-instantiated,
abstract-method,
access-member-before-definition,
anomalous-backslash-in-string,
anomalous-unicode-escape-in-string,
arguments-differ,
assert-on-tuple,
assigning-non-slot,
assignment-from-no-return,
assignment-from-none,
attribute-defined-outside-init,
bad-except-order,
bad-format-character,
bad-format-string-key,
bad-format-string,
bad-open-mode,
bad-reversed-sequence,
bad-staticmethod-argument,
bad-str-strip-call,
bad-super-call,
binary-op-exception,
boolean-datetime,
catching-non-exception,
cell-var-from-loop,
confusing-with-statement,
continue-in-finally,
dangerous-default-value,
duplicate-argument-name,
duplicate-bases,
duplicate-except,
duplicate-key,
expression-not-assigned,
format-combined-specification,
format-needs-mapping,
function-redefined,
global-variable-undefined,
import-error,
import-self,
inconsistent-mro,
inherit-non-class,
init-is-generator,
invalid-all-object,
invalid-format-index,
invalid-length-returned,
invalid-sequence-index,
invalid-slice-index,
invalid-slots-object,
invalid-slots,
invalid-unary-operand-type,
logging-too-few-args,
logging-too-many-args,
logging-unsupported-format,
lost-exception,
method-hidden,
misplaced-bare-raise,
misplaced-future,
missing-format-argument-key,
missing-format-attribute,
missing-format-string-key,
no-member,
no-method-argument,
no-name-in-module,
no-self-argument,
no-value-for-parameter,
non-iterator-returned,
nonexistent-operator,
not-a-mapping,
not-an-iterable,
not-callable,
not-context-manager,
not-in-loop,
pointless-statement,
pointless-string-statement,
raising-bad-type,
raising-non-exception,
redefined-builtin,
redefined-outer-name,
redundant-keyword-arg,
repeated-keyword,
return-arg-in-generator,
return-in-init,
return-outside-function,
signature-differs,
super-init-not-called,
syntax-error,
too-few-format-args,
too-many-format-args,
too-many-function-args,
truncated-format-string,
undefined-all-variable,
undefined-loop-variable,
undefined-variable,
unexpected-keyword-arg,
unexpected-special-method-signature,
unpacking-non-sequence,
unreachable,
unsubscriptable-object,
unsupported-binary-operation,
unsupported-membership-test,
unused-format-string-argument,
unused-format-string-key,
used-before-assignment,
using-constant-test,
yield-outside-function,
astroid-error,
fatal,
method-check-failed,
parse-error,
raw-checker-failed,
empty-docstring,
invalid-characters-in-docstring,
# missing-docstring,
# wrong-spelling-in-comment,
# wrong-spelling-in-docstring,
unused-argument,
unused-import,
unused-variable,
eval-used,
exec-used,
bad-classmethod-argument,
bad-mcs-classmethod-argument,
bad-mcs-method-argument,
bare-except,
broad-except,
consider-iterating-dictionary,
consider-using-enumerate,
global-at-module-level,
global-variable-not-assigned,
logging-format-interpolation,
# logging-not-lazy,
multiple-imports,
multiple-statements,
no-classmethod-decorator,
no-staticmethod-decorator,
protected-access,
redundant-unittest-assert,
reimported,
simplifiable-if-statement,
singleton-comparison,
superfluous-parens,
unidiomatic-typecheck,
unnecessary-lambda,
unnecessary-pass,
unnecessary-semicolon,
unneeded-not,
useless-else-on-loop,
deprecated-method,
deprecated-module,
too-many-boolean-expressions,
too-many-nested-blocks,
too-many-statements,
# wildcard-import,
# wrong-import-order,
# wrong-import-position,
missing-final-newline,
mixed-line-endings,
trailing-newlines,
# trailing-whitespace,
unexpected-line-ending-format,
bad-inline-option,
bad-option-value,
deprecated-pragma,
unrecognized-inline-option,
useless-suppression,
disable =
bad-indentation,
consider-using-f-string,
duplicate-code,
file-ignored,
fixme,
global-statement,
invalid-name,
locally-disabled,
no-else-return,
## no-self-use,
suppressed-message,
too-few-public-methods,
too-many-ancestors,
too-many-arguments,
too-many-branches,
too-many-instance-attributes,
too-many-lines,
too-many-locals,
too-many-public-methods,
too-many-return-statements,
ungrouped-imports,
unspecified-encoding,
unused-wildcard-import,
use-maxsplit-arg,
logging-fstring-interpolation,
# new
missing-module-docstring,
missing-class-docstring,
[REPORTS]
output-format = text
##files-output = no
reports = no
score = no
[BASIC]
##bad-functions = map,filter,apply,input
module-rgx = (([a-z_][a-z0-9_]*)|([A-Z][a-zA-Z0-9]+))$
const-rgx = (([A-Z_][A-Z0-9_]*)|(__.*__)|log|urlpatterns)$
class-rgx = [A-Z_][a-zA-Z0-9]+$
function-rgx = ([a-z_][a-z0-9_]{2,40}|test_[a-z0-9_]+)$
method-rgx = ([a-z_][a-z0-9_]{2,40}|setUp|set[Uu]pClass|tearDown|tear[Dd]ownClass|assert[A-Z]\w*|maxDiff|test_[a-z0-9_]+)$
attr-rgx = [a-z_][a-z0-9_]{2,30}$
argument-rgx = [a-z_][a-z0-9_]{2,30}$
variable-rgx = [a-z_][a-z0-9_]{2,30}$
class-attribute-rgx = ([A-Za-z_][A-Za-z0-9_]{2,30}|(__.*__))$
inlinevar-rgx = [A-Za-z_][A-Za-z0-9_]*$
good-names = f,i,j,k,db,ex,Run,_,__
bad-names = foo,bar,baz,toto,tutu,tata
no-docstring-rgx = __.*__$|test_.+|setUp$|setUpClass$|tearDown$|tearDownClass$|Meta$
docstring-min-length = 5
[FORMAT]
max-line-length = 120
ignore-long-lines = ^\s*(# )?((<?https?://\S+>?)|(\.\. \w+: .*))$
single-line-if-stmt = no
##no-space-check = trailing-comma,dict-separator
max-module-lines = 1000
indent-string = ' '
[MISCELLANEOUS]
notes = FIXME,XXX,TODO
[SIMILARITIES]
min-similarity-lines = 4
ignore-comments = yes
ignore-docstrings = yes
ignore-imports = no
[TYPECHECK]
ignore-mixin-members = yes
ignored-classes = SQLObject
unsafe-load-any-extension = yes
generated-members =
REQUEST,
acl_users,
aq_parent,
objects,
DoesNotExist,
can_read,
can_write,
get_url,
size,
content,
status_code,
create,
build,
fields,
tag,
org,
course,
category,
name,
revision,
_meta,
[VARIABLES]
init-import = no
dummy-variables-rgx = _|dummy|unused|.*_unused
additional-builtins =
[CLASSES]
defining-attr-methods = __init__,__new__,setUp
valid-classmethod-first-arg = cls
valid-metaclass-classmethod-first-arg = mcs
[DESIGN]
max-args = 5
ignored-argument-names = _.*
max-locals = 15
max-returns = 6
max-branches = 12
max-statements = 50
max-parents = 7
max-attributes = 7
min-public-methods = 2
max-public-methods = 20
[IMPORTS]
deprecated-modules = regsub,TERMIOS,Bastion,rexec
import-graph =
ext-import-graph =
int-import-graph =
[EXCEPTIONS]
overgeneral-exceptions = BaseException

50
roles/toxcore/overlay/Linux/usr/local/src/analyze-ssl.bash Executable file
View file

@ -0,0 +1,50 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PKG=analyze-ssl.pl
GIT_HUB=github.com
GIT_USER=noxxi
GIT_DIR=p5-ssl-tools
URL=raw.githubusercontent.com//master/$PKG.sh
URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG
. $PREFIX/src/var_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -f $PKG ] ; then
[ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
fi
[ -f $PKG ] || cp -p $PREFIX/net/Http/$URL .
if [ ! -e $PREFIX/bin/$PKG.bash ] ; then
cat > $PREFIX/bin/$PKG.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=text
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
cd $PREFIX/src/ || exit 1
exec perl $PKG "\$@"
EOF
chmod 755 $PREFIX/bin/$PKG.bash
fi
exit 0
elif [ "$1" = 'test' ] ; then # 3*
$PREFIX/bin/$PKG.bash --help || exit 30
fi

28
roles/toxcore/overlay/Linux/usr/local/src/ansible-keepass.bash Executable file
View file

@ -0,0 +1,28 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL
TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible
. /var/local/src/var_local_src.bash || exit 2
PKG=ansible-keepass
GIT_HUB=github.com
GIT_USER=Nekmo
GIT_DIR=ansible-keepass
[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \
mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars
[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \
wget $BASE_WGET_ARGS \
-O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \
https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \
exit 0

30
roles/toxcore/overlay/Linux/usr/local/src/pyassuan.bash
View file

@ -10,8 +10,9 @@ ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.bash
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
MOD="pyassuan"
DIR="${MOD}"
@ -27,30 +28,29 @@ WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cd "$DIR" || exit 4
cd "$DIR" || exit 4
if [ "$#" -eq 0 ] ; then
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
#? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; }
# ols_install_python_scripts $BINS
# msys_python_bins $BINS
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
@ -58,7 +58,7 @@ if [ "$#" -eq 0 ] ; then
elif [ $1 = 'check' ] ; then # 1*
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20
# ols_test_bins
# ols_test_bins
exit $?
elif [ "$1" = 'test' ] ; then # 3*

222
roles/toxcore/overlay/Linux/usr/local/src/testforge_run_doctest.py Normal file
View file

@ -0,0 +1,222 @@
#!/usr/bin/env python
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
"""
Runs doctests locallly
doctest files are in the tests/ directory.
Note that when writing new test files, it will be convenient to use the command-line flags to avoid time-consuming reprovisioning or to target particular boxes or tests.
"""
from __future__ import print_function
from sys import stderr
import argparse
import doctest
import glob
import re
import subprocess
import sys
import os
OPTIONS = doctest.ELLIPSIS | doctest.NORMALIZE_WHITESPACE
# Convenience items for testing.
# We'll pass these as globals to the doctests.
if os.path.exists('/dev/null'):
DEV_NULL = open('/dev/null', 'w')
EXE='vagrant'
else:
DEV_NULL = open('NUL:', 'w')
EXE='sh /i/bin/vagrant.msys'
# find all our available boxes
#with open('Vagrantfile', 'r') as f:
# avail_boxes = re.findall(r'^\s+config.vm.define "(.+?)"', f.read(), re.MULTILINE)
# unused because it could be a Ruby variable
parser = argparse.ArgumentParser(description='Run playbook tests.')
parser.add_argument(
'-f', '--force',
action='store_true',
help="Force tests to proceed if box already exists. Do not destroy box at end of tests."
)
parser.add_argument(
'-n', '--no-provision',
action='store_true',
help="Skip provisioning."
)
parser.add_argument(
'-F', '--fail-fast',
action='store_true',
help="REPORT_ONLY_FIRST_FAILURE."
)
parser.add_argument(
'-o', '--options',
help=""
)
parser.add_argument(
'--haltonfail',
action='store_true',
help="Stop multibox tests after a fail; leave box running."
)
parser.add_argument(
'--file',
help="Specify a single doctest file (default tests/*.txt).",
)
parser.add_argument(
'--box',
help="Specify a particular target box",
action="append",
)
args = parser.parse_args()
if args.box:
lBoxes = args.box
else:
# find all our available running boxes
# sed -e 's/ .*//'
try:
s = os.system("vagrant global-status 2>&1| grep running | cut -f 1 -d ' ' ")
except StandardError as e:
print("ERROR: Unable to find any running boxes. Rerun with the --box argument.", file=sys.stderr)
raise
assert s, "ERROR: Unable to find a running box. Rerun with the --box argument."
lBoxes = s.split(' ')
# mplatform = None
# def get_mplatform():
# global mplatform
# # Linux-4.14.80-gentoo-x86_64-Intel-R-_Pentium-R-_CPU_N3700_@_1.60GHz-with-gentoo-2.2.1
# if mplatform is None:
# mplatform = subprocess.check_output(
# """vagrant ssh %s -c 'python -mplatform'""" % box,
# shell=True,
# stderr=DEV_NULL
# )
# return mplatform
print (repr(args))
def ssh_run(cmd):
"""
Run a command line in a vagrant box via vagrant ssh.
Return the output.
"""
return subprocess.check_output(
"""%s ssh %s -c '%s'""" % (EXE, box, cmd),
shell=True,
stderr=DEV_NULL
).replace('^@', '')
def run(cmd):
"""
Run a command in the host.
Stop the tests with a useful message if it fails.
"""
if sys.platform.startswith('win'):
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
else:
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True
)
stdout, stderr = p.communicate()
if p.returncode != 0:
print(stdout, file=sys.stderr)
# Stop the doctest
raise KeyboardInterrupt(stderr)
return stdout
def cut(y, column_nums, sort=False):
"""
returns a list of lines reduced to the chosen column_nums
"""
assert y and len(y) > 0, "Empty string passed to cut"
#
if hasattr(y,'encode'):
s = y.encode('utf-8')
else:
s = y
lines = s.splitlines()
line_lists = [l.split() for l in lines if l]
rez = ["\t".join([col[col_num]
for col_num in column_nums if col_num < len(col)])
for col in line_lists]
if sort:
return sorted(rez)
else:
return rez
def joined_cut(s, column_nums, sort=False):
return "\n".join(cut(s, column_nums, sort))
for box in lBoxes:
globs = {
'ssh_run': ssh_run,
'run': run,
'cut': cut,
'joined_cut': joined_cut,
'skip_provisioning': args.no_provision,
'no_provisioning': args.no_provision,
'forcing': args.force,
'box': box,
}
if args.fail_fast:
OPTIONS = doctest.REPORT_ONLY_FIRST_FAILURE | OPTIONS
if box and not args.force:
output = subprocess.check_output("%s status %s" % (EXE, box,), shell=True)
if re.search(r"%s\s+not created" % box, output) is None:
print( "Vagrant box already exists. Destroy it or use '-f' to skip this test.", file=sys.stderr)
print ("Use '-f' in combination with '-n' to skip provisioning.", file=sys.stderr)
exit(1)
if args.file is None:
files = glob.glob('tests/*.txt')
else:
files = [args.file]
for fn in files:
print ( "%s / %s" % (box, fn) , file=sys.stderr)
print( '*' * 50 )
print (box)
print( '*' * 50 )
print (fn)
print( '*' * 50 )
try:
failure_count, test_count = doctest.testfile(fn,
module_relative=False,
optionflags=OPTIONS,
globs=globs)
except Exception as e:
sys.stderr.write('\n'.join(sys.path) +'\n')
raise
if args.haltonfail and failure_count > 0:
print ("Test failures occurred. Stopping tests and leaving vagrant box %s running." % box , file=sys.stderr)
exit(1)
# Clean up our vagrant box.
if box and not args.force:
print ( "Destroying %s" % box , file=sys.stderr)
run("%s destroy %s -f" % (EXE, box,))
elif box:
print ( "Vagrant box %s left running." % box, file=sys.stderr)

22
roles/toxcore/overlay/Linux/usr/local/src/testforge_ss_test.err Normal file
View file

@ -0,0 +1,22 @@
DBUG pip.sh --disable-pip-version-check --timeout=30 --cache-dir /usr/local/net/
Cache/Pip --cert /usr/local/etc/ssl/cacert-testforge.pem install --only-binary :
none: --prefix=/usr/local --progress-bar=off namedlist
Collecting namedlist
WARNING: Certificate did not match expected hostname: files.pythonhosted.org.
Certificate: {'subject': ((('commonName', 'default.ssl.fastly.net'),), (('organiza
tionName', 'Fastly, Inc.'),), (('localityName', 'San Francisco'),), (('stateOrPr
ovinceName', 'California'),), (('countryName', 'US'),)), 'issuer': ((('countryNa
me', 'BE'),), (('organizationName', 'GlobalSign nv-sa'),), (('commonName', 'Glob
alSign RSA OV SSL CA 2018'),)), 'version': 3, 'serialNumber': '1FE7655920B1BB8AB
A126434', 'notBefore': 'Aug 28 16:54:01 2023 GMT', 'notAfter': 'Sep 28 16:41:01
2024 GMT', 'subjectAltName': (('DNS', 'default.ssl.fastly.net'), ('DNS', '*.host
s.fastly.net'), ('DNS', '*.fastly.com')), 'OCSP': ('http://ocsp.globalsign.com/g
srsaovsslca2018',), 'caIssuers': ('http://secure.globalsign.com/cacert/gsrsaovss
lca2018.crt',), 'crlDistributionPoints': ('http://crl.globalsign.com/gsrsaovsslc
a2018.crl',)}
WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None))
after connection broken by
'SSLError(CertificateError("hostname 'files.pythonhosted.org' doesn't match either of 'default.ssl.fastly.net', '*.hosts.fastly.net', '*.fastly.com'\"))': /packages/5a/fe/2bc087aed738aa3ace8fa1e50e4619eaf33b833e5d060fe214a7ed63c1f6/namedlist-1.8-py2.py3-none-any.whl\

68
roles/toxcore/overlay/Linux/usr/local/src/testssl.bash Executable file
View file

@ -0,0 +1,68 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0

8
roles/toxcore/overlay/Linux/usr/local/src/tox_profile.bash
View file

@ -12,7 +12,7 @@ P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
. /var/local/src/var_local_src.bash || exit 1
. /usr/local/src/usr_local_src.bash || exit 1
SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
HTTP_DIR=$PREFIX/net/Http
@ -30,7 +30,7 @@ if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
ols_are_we_connected || exit 0
msys_are_we_connected || exit 0
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
@ -44,8 +44,8 @@ if [ "$#" -eq 0 ] ; then
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3
fi
python$PYVER.bash -c 'import namedlist' || \
pip$PYVER.bash install namedlist
python$PYVER.sh -c 'import namedlist' || \
pip$PYVER.sh install namedlist
cd $DIR || exit 4
[ -f __init__.py ] || touch __init__.py

12
roles/toxcore/overlay/Linux/usr/local/src/usr_local_toxcore.bash
View file

@ -6,9 +6,10 @@ ROLE=toxcore
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash
# we install into /var/local/bin and it takes precedence
# we install into /usr/local/bin and it takes precedence
# export PATH=$PREFIX/bin:$PATH
#. /var/local/src/var_local_src.bash || exit 2
. $PREFIX/src/usr_local_src.bash || exit 2
[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3
if [ "$#" -eq 0 ] ; then
@ -27,6 +28,9 @@ if [ "$#" -eq 0 ] ; then
sh pyassuan.bash #|| exit 7$?
sh tinfoilhat.shmoo.com.bash
# sh negotiator.bash
[ -d testssl.sh ] || \
sh testssl.bash || exit 9$?
exit 0
@ -37,10 +41,10 @@ elif [ "$1" = 'check' ] ; then
exit $?
elif [ "$1" = 'lint' ] ; then
exit 0
ols_run_tests_shellcheck $ROLE || exit 2$?
# ols_run_tests_shellcheck $ROLE || exit 2$?
msys_var_local_src_prog_key $1 || exit 21$?
# ols_run_tests_pylint || exit 22$?
exit 0
elif [ "$1" = 'test' ] ; then
exit 0