diff --git a/overlay/Linux/usr/local/src/src/ansible_gentooimgr/.gitignore b/overlay/Linux/usr/local/src/src/ansible_gentooimgr/.gitignore deleted file mode 100644 index b28fbcb..0000000 --- a/overlay/Linux/usr/local/src/src/ansible_gentooimgr/.gitignore +++ /dev/null @@ -1,174 +0,0 @@ -# ---> Python -# Byte-compiled / optimized / DLL files -__pycache__/ -*.py[cod] -*$py.class -*.diff -*.good -*.bad - -# C extensions -*.so - -# Distribution / packaging -.Python -build/ -develop-eggs/ -dist/ -downloads/ -eggs/ -.eggs/ -lib/ -lib64/ -parts/ -sdist/ -var/ -wheels/ -share/python-wheels/ -*.egg-info/ -.installed.cfg -*.egg -MANIFEST - -# PyInstaller -# Usually these files are written by a python script from a template -# before PyInstaller builds the exe, so as to inject date/other infos into it. -*.manifest -*.spec - -# Installer logs -pip-log.txt -pip-delete-this-directory.txt - -# Unit test / coverage reports -htmlcov/ -.tox/ -.nox/ -.coverage -.coverage.* -.cache -nosetests.xml -coverage.xml -*.cover -*.py,cover -.hypothesis/ -.pytest_cache/ -cover/ - -# Translations -*.mo -*.pot - -# Django stuff: -*.log -local_settings.py -db.sqlite3 -db.sqlite3-journal - -# Flask stuff: -instance/ -.webassets-cache - -# Scrapy stuff: -.scrapy - -# Sphinx documentation -docs/_build/ - -# PyBuilder -.pybuilder/ -target/ - -# Jupyter Notebook -.ipynb_checkpoints - -# IPython -profile_default/ -ipython_config.py - -# pyenv -# For a library or package, you might want to ignore these files since the code is -# intended to run in multiple environments; otherwise, check them in: -# .python-version - -# pipenv -# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control. -# However, in case of collaboration, if having platform-specific dependencies or dependencies -# having no cross-platform support, pipenv may install dependencies that don't work, or not -# install all needed dependencies. -#Pipfile.lock - -# poetry -# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control. -# This is especially recommended for binary packages to ensure reproducibility, and is more -# commonly ignored for libraries. -# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control -#poetry.lock - -# pdm -# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control. -#pdm.lock -# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it -# in version control. -# https://pdm.fming.dev/#use-with-ide -.pdm.toml - -# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm -__pypackages__/ - -# Celery stuff -celerybeat-schedule -celerybeat.pid - -# SageMath parsed files -*.sage.py - -# Environments -.env -.venv -env/ -venv/ -ENV/ -env.bak/ -venv.bak/ - -# Spyder project settings -.spyderproject -.spyproject - -# Rope project settings -.ropeproject - -# mkdocs documentation -/site - -# mypy -.mypy_cache/ -.dmypy.json -dmypy.json - -# Pyre type checker -.pyre/ - -# pytype static type analyzer -.pytype/ - -# Cython debug symbols -cython_debug/ - -# PyCharm -# JetBrains specific template is maintained in a separate JetBrains.gitignore that can -# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore -# and can be added to the global gitignore or merged into this file. For a more nuclear -# option (not recommended) you can uncomment the following to ignore the entire idea folder. -#.idea/ - -.pylint.err -.pylint.log -.pylint.out - -*.dst - -*~ -.rsync.sh -.rsync.sh diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash b/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash deleted file mode 100755 index c45ce47..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore - -PKG=analyze-ssl.pl -GIT_HUB=github.com -GIT_USER=noxxi -GIT_DIR=p5-ssl-tools -URL=raw.githubusercontent.com//master/$PKG.sh -URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG - -. $PREFIX/src/var_local_src.bash - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ "$#" -eq 0 ] ; then - if [ ! -f $PKG ] ; then - - [ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB - if [ -e $PREFIX/net/Http/$URL ] ; then - ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; } - wget -xc -P $PREFIX/net/Http https://$URL - fi - fi - - [ -f $PKG ] || cp -p $PREFIX/net/Http/$URL . - - if [ ! -e $PREFIX/bin/$PKG.bash ] ; then - cat > $PREFIX/bin/$PKG.bash << EOF -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- -ROLE=text -# https://$GIT_HUB/$GIT_USER/$GIT_DIR/ -cd $PREFIX/src/ || exit 1 -exec perl $PKG "\$@" -EOF - chmod 755 $PREFIX/bin/$PKG.bash - fi - - exit 0 - -elif [ "$1" = 'test' ] ; then # 3* - $PREFIX/bin/$PKG.bash --help || exit 30 -fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash b/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash deleted file mode 100755 index 1577a67..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore -[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL - -TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible - -. /var/local/src/var_local_src.bash || exit 2 - -PKG=ansible-keepass -GIT_HUB=github.com -GIT_USER=Nekmo -GIT_DIR=ansible-keepass - -[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \ - mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars - -[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \ - wget $BASE_WGET_ARGS \ - -O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \ - https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \ - -exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash deleted file mode 100755 index 2ffeb52..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore - -DESC="" -. $PREFIX/bin/usr_local_tput.bash || exit 1 - -PKG=toxcore -DIR=c-$PKG -GIT_HUB=github.com -GIT_USER=TokTok -GIT_DIR=$DIR -GIT_BRAN=master -VERS=2.18.0 - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ "$#" -eq 0 ] ; then - - WD=$PWD - if [ ! -d "$DIR" ] ; then - if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then - [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ - mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" - ols_are_we_connected || { DEBUG not connected ; exit 0 ; } - cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" - git clone -b $GIT_BRAN --depth=1 https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 4 - git clone --depth=1 https://$GIT_HUB/$GIT_USER/dockerfiles - cd $WD - # wget -xcP ../net/Http/ https://github.com/TokTok/c-toxcore/releases/download/v0.2.18/c-toxcore-0.2.18.tar.gz - fi - cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR - fi - - cd "$DIR" || exit 5 - - [ -f third_party/cmp/Makefile ] || git submodule update --init || exit 6 - -# ols_apply_testforge_patches -# # [ -f CMakeLists.txt.dst ] || patch -b -z.dst < toxcore.diff || exit 7 - - [ -f cmake.sh ] || cat > cmake.sh << EOF -#!/bin/sh -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- - -PREFIX=$PREFIX -ROLE=$ROLE - -CORE=$PREFIX/src/c-toxcore -DIR=_build -LIB=\$CORE/\$DIR - -cd \$CORE | exit 3 - -mkdir _build -cd _build -cmake \ - -DCMAKE_BUILD_TYPE="Debug" \ - -DCMAKE_UNITY_BUILD=ON \ - -DMIN_LOGGER_LEVEL=TRACE \ - -DMUST_BUILD_TOXAV=ON \ - -DNON_HERMETIC_TESTS=ON \ - -DSTRICT_ABI=ON \ - -DTEST_TIMEOUT_SECONDS=120 \ - -DUSE_IPV6=OFF \ - -DAUTOTEST=ON \ - -DBUILD_MISC_TESTS=ON \ - -DBUILD_FUN_UTILS=ON \ - -DBOOTSTRAP_DAEMON=ON \ - .. > cmake.log 2>&1 -#sed -e 's/-DNDEBUG/-g/' -i CMakeCache.txt -make .. > make.log 2>&1 - -ls \$LIB/*so* || { echo ERROR \$LIB ; exit 2 ; } - -EOF - bash cmake.sh || { - retval=$? - ERROR cmake $retval - exit 3$retval - } - cd _build - make >> make.log 2>&1 || { - retval=$? - ERROR cmake $retval - exit 3$retval - } - - cp -p other/bootstrap_daemon/tox-bootstrapd $PREFIX/bin - cp -p other/bootstrap_daemon/tox-bootstrapd.sh $PREFIX/etc/init.d/tox-bootstrapd -# ln -s $PREFIX/etc/init.d/tox-bootstrapd /etc/init.d - exit 0 - -elif [ $1 = 'check' ] ; then # 1* -# ols_test_bins && exit 0 || exit $? - - [ ! -d $DIR/_build ] && WARN not built yet $DIR && exit 11 - [ -f $DIR/_build/libtoxcore.so.${VERS} ] && WARN not compiled yet $DIR && exit 12 - ldd $DIR/_build/libtoxcore.so.${VERS} | grep found && ERROR ldd fails $DIR && exit 13 - exit 0 - -elif [ "$1" = 'test' ] ; then # 3* - cd $PREFIX/src/$DIR/_build || exit 30 - ctest || exit 31 - -elif [ "$1" = 'refresh' ] ; then # 6* - - cd $PREFIX/src/$DIR || exit 60 - /usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$? - -elif [ "$1" = 'update' ] ; then # 7* - ols_are_we_connected || exit 0 - cd $PREFIX/src/$DIR || exit 70 - git pull || exit 7$? -fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash b/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash deleted file mode 100755 index 6a6c942..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore - -. /usr/local/src/usr_local_src.bash || exit 2 -# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2 - -export LOG_DIR=$PREFIX/var/log/$ROLE - -DESC="" - -cd /usr/local/src || exit 4 - -if [ "$#" -eq 0 ] ; then - # /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh - [ -f /usr/local/bin/ssl-cipher-check.pl ] || \ - wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl - - if [ $USER = root ] ; then - # https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon - command -v keepassxc.bash - EXE=`command -v keepassxc.bash` - [ -z "$EXE" ] && EXE=`command -v keepassxc` - if [ -z "$EXE" ] ; then - export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring - ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'` - [ -n "$ELTS" ] && kill $ELTS - if [ -d /etc/pam.d ] ; then - cd /etc/pam.d - grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do - [ -f .$file.dst ] || cp -p $file .$file.dst - sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file - done - fi - file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service - if [ ! -f $file ] || ! grep -q $EXE $file ; then - cat > $file < ~/.config/autostart/$file < "$A" < $HOME/.config/gajim/config </dev/null - done - - fi - for f in "${FILES[@]}" ; do - base=`basename $f .tar.gz` - [ -d base ] && continue - tar xvfkz $PREFIX/net/Http/$f 2>/dev/null - cd $base - pip3.sh install --prefix=/usr/local . >> install.log 2>&1 || \ - WARN problems installing $base retval=$retval - cd .. - done - - exit 0 - -elif [ "$1" = 'test' ] ; then # 3* - cd $PREFIX/src/$DIR/_build || exit 30 - ctest || exit 31 - -elif [ "$1" = 'refresh' ] ; then # 6* - - cd $PREFIX/src/$DIR || exit 60 - /usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$? - -elif [ "$1" = 'update' ] ; then # 7* - ols_are_we_connected || exit 0 - cd $PREFIX/src/$DIR || exit 70 - git pull || exit 7$? -fi - diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash b/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash deleted file mode 100644 index df337e9..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash +++ /dev/null @@ -1,67 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -#See /var/local/src/ZeroNet.bash - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore - -PYVER=3 -P="BASE_PYTHON${PYVER}_MINOR" -[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh -PYTHON_EXE=$PYTHON_EXE_MSYS -PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh - -MOD="pyassuan" -DIR="${MOD}" -BINS="get-info pinentry" - -GIT_HUB=http-git.tremily.us -GIT_DIR=pyassuan - -#ols_funtoo_requires - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ "$#" -eq 0 ] ; then - - if [ ! -d "$DIR" ] ; then - if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then - [ -d "$PREFIX/net/Git/$GIT_HUB" ] || \ - mkdir "$PREFIX/net/Git/$GIT_HUB" - route|grep ^def || { DEBUG not connected ; exit 0 ; } - (cd "$PREFIX/net/Git/$GIT_HUB" && \ - git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\ - exit 2 - fi - cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \ - exit 3 - fi - - cd "$DIR" || exit 4 - - # ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@' - - #? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash - - [ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \ - msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; } - - # msys_python_bins $BINS - - "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 - - exit 0 - -elif [ $1 = 'check' ] ; then # 1* - "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20 - # ols_test_bins - exit $? - -elif [ "$1" = 'test' ] ; then # 3* - cd $WD/$DIR - $PYTHON_EXE_MSYS -m unittest discover >>test.log || exit 31$? -fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash deleted file mode 100755 index 038f94d..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- - -. /usr/local/bin/usr_local_tput.bash || exit 2 -PREFIX=$PREFIX -ROLE=testforge - -# too early -[ -f /usr/local/etc/testforge/testforge.bash ] || exit 0 - -. /usr/local/etc/testforge/testforge.bash || exit 1 - -[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL - -if uname -a | grep entoo ; then - GENTOO=0 -else - GENTOO=1 -fi -UBUNTU=$( [ -d /etc/apt ] ) - -for PYTHON_MINOR in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do - [ -z "$PYTHON_MINOR" ] && continue - # [ "$PYTHON_MINOR" = "$BASE_PYTHON2_MINOR" ] && PYMAJOR=2 || PYMAJOR=3 - PYVER="${PYTHON_MINOR:0:1}" - - cd $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ || exit $PYVER - [ -f __init__.py ] || touch __init__.py - INFO $PYVER GENTOO=$GENTOO $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ - ls -1d * | \ - grep -v '__init__.py\|~$\|egg-info\|__pycache__\|egg-link\|dist-info\|pyc$\|pyo$\|pth$\|.sh$$\|.so$\|.egg$\|.tar$\|.log$\|.lis$\|.err$' | \ - sed -e 's/\.py$//' | \ - while read elt ; do - [ -z "$elt" ] && continue - [ $elt = cachecontrol ] && mod=CacheControl || mod=$elt - - #exceptions - [ $elt = pip ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - [ $elt = ansible ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - #?FixMe: - we are now allowing site.py - [ $elt = site ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - # broken for MarkupSafe-1.1.1-py2.7.egg-info - [ $elt = markupsafe ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - # broken for PyYAML-5.3.1-py2.7.egg-info - [ $elt = yaml ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - # Pygments-2.5.2-py2.7.egg-info - [ $elt = pygments ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue - - # FixMe: what about the selenium patches - [ $elt = selenium ] && continue - - # FixMe: - if [ $GENTOO -eq 0 ] && eix -r ^dev-python/${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then - DBUG $PYVER $elt is Installed - elif [ $GENTOO -eq 0 ] && eix ^dev-python/py${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then - DBUG $PYVER py$elt is Installed - elif [ -e /usr/$LIB/python$PYTHON_MINOR/$elt ] ; then - [ $elt = sitecustomize ] && echo WHY?: in /usr/$LIB/python$PYTHON_MINOR/$elt && continue - echo "DEBUG: $PYVER $elt is in /usr/$LIB/python$PYTHON_MINOR/$elt" - # The python$PYVER -s is crucial - otherwise - # /root/.local/lib64/python2.7/site-packages precedes - # /usr/lib64/python2.7/site-packageson sys.path - elif python$PYVER -s -c "import $mod,os; print os.path.realpath($mod.__path__[0])" 2>/dev/null | grep /usr/$LIB/ ; then - echo "DEBUG: $PYVER $elt is in /usr/$LIB/" - else - echo "INFO: $PYTHON_MINOR Checked OK - $elt" - continue - fi - - WARN "$PYTHON_MINOR deleting - $elt" - - if [ -d $elt ] ; then - INFO rm -rf *${elt}* .*${elt}* - rm -rf *${elt}* .*${elt}* - elif file $elt | grep 'empty' ; then - INFO rm -rf ${elt} - rm -rf ${elt} - elif [ -f "$elt.py" ] ; then - INFO rm ${elt}.py* - rm ${elt}.py* - elif [ -f "$elt.pyo" ] || [ -f "$elt.pyc" ] ; then - INFO rm -f ${elt}.pyc ${elt}.pyo - rm -f ${elt}.pyc ${elt}.pyo - else - echo "ERROR: oddball not a dir or file $( file $elt ) - \"$elt\"" - fi - done - # FixMe: these are missed and crucial - [ -f /usr/local/lib64/python$PYTHON_MINOR7/site-packages/pkg_resources/__init__.py -a \ - -f /usr/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/__init__.py ] && - rm -rf /usr/local/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/ - /usr/local/bin/python$PYVER.sh -c 'from pkg_resources import ensure_directory, ContextualZipFile' || \ - WARN "from pkg_resources import ensure_directory, ContextualZipFile " -done - -cd /usr/local/bin -for file in * ; do - [ -x $file ] || continue - [ -e /usr/bin/$file -o -e /usr/sbin/$file -o -e /usr/bin/$file.py ] || continue - # ls -l /usr/bin/$file $file - root=$( basename $file .py ) - [[ $file =~ .*2.py$ ]] && DBUG $file && continue - [[ $file =~ .*2$ ]] && DBUG $file && continue - if file $file | grep -q 'Python script' && head -2 $file | grep -q '/python2' ; then - [[ $file =~ .*.py$ ]] && INFO mv $file ${root}2.py && mv $file ${root}2.py && continue - [ -e /usr/bin/$file.py ] && INFO mv $file ${file}2 && mv $file ${file}2 &&z \ - INFO ln -s /usr/bin/$file.py $file && ln -s /usr/bin/$file.py $file && continue - WARN $file not python ; continue - fi - INFO mv $file ${file}2; mv $file ${file}2 -done - -exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash deleted file mode 100755 index 009dee3..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh -# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- - -ROLE=toxcore -prog=$(basename $0 .bash) - -KEY=0x066DAFCB81E42C40 -TIMEO=15 -WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO" - -. /usr/local/bin/proxy_export.bash - -if [ is = dead ] ; then -# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY" -URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY" -DBUG wget $URL -wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || { - ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ; -} -grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210 -grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220 -fi - -URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY" -DBUG wget $URL -wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || { - ERROR retval=$? /tmp/3$$.log - exit 3 -} -grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || { - ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html - exit 310 -} -grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || { - ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log - exit 320 -} - -exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash deleted file mode 100755 index dfd097a..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=$PREFIX -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore - -PYVER=2 -P="BASE_PYTHON${PYVER}_MINOR" -PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash -PYTHON_EXE=$PYTHON_EXE_MSYS - -# doctest.py -# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE') -# ELLIPSIS = register_optionflag('ELLIPSIS') -LOPTS="-o ELLIPSIS --fail-fast" - -#? -S causes problems - why was it there? -for file in "$@" ; do - $PREFIX/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \ - $LOPTS --box '' --file "$file" -done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash deleted file mode 100755 index 8b74df4..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=$PREFIX -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore - -PYVER=3 -P="BASE_PYTHON${PYVER}_MINOR" -PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash -PYTHON_EXE=$PYTHON_EXE_MSYS - -# doctest.py -# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE') -# ELLIPSIS = register_optionflag('ELLIPSIS') -LOPTS="-o ELLIPSIS --fail-fast" - -#? -S causes problems - why was it there? -for file in "$@" ; do - [ ! -f "$file" ] && WARN file not found $file && continue - /usr/local/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \ - $LOPTS --box '' --file "$file" -done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash deleted file mode 100755 index b02df96..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/sh -# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*- - -. /usr/local/bin/usr_local_base.bash || exit 2 -PREFIX=/usr/local -ROLE=base - -[ -z "$BASE_PYTHON2_MINOR" ] && \ - BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) -[ -z "$BASE_PYTHON3_MINOR" ] && \ - BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) - -for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do - [ -z "$PYTHON_MINOR" ] && continue -if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then - LIB=lib -elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then - LIB=lib64 -elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then - ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages -fi -done - -umask 0022 -# [ "$#" -eq 0 ] && set -- $PREFIX/bin - -# FixMe? /usr/local/bin too? I think not, except for ours? - -for prefix in /usr/local /var/local ; do - cd $prefix/bin || exit 1 - #? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do - ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \ - while read file ; do - head -1 $file | grep -q python || continue - head -1 $file | grep -q $prefix/python..bash && continue - base=$( echo $file | sed -e 's/\.bash$//' ) - under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' ) - if [ -h /etc/python-exec/$base.conf ] ; then - link=$( readlink /etc/python-exec/$base.conf ) - if [ "$link" = python2.conf ] ; then - sed -f $prefix/share/sed/${under}_python2.sed -i $file - else - sed -f $prefix/share/sed/${under}_python3.sed -i $file - fi - else - sed -f $prefix/share/sed/${under}_python2.sed -i $file - sed -f $prefix/share/sed/${under}_python3.sed -i $file - fi - # echo $file - done - - # failsafe - Eberly - no longer active - for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do - [ -f $prefix/${LIB}/python$elt/site-packages/site.py ] - # WARN missing $prefix/${LIB}/python$elt/site-packages/site.py - done - -done - -exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash deleted file mode 100755 index 82c52ca..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash +++ /dev/null @@ -1,519 +0,0 @@ -#!/bin/bash -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- - -[ -f /usr/local/bin/usr_local_tput.bash ] && \ - . /usr/local/bin/usr_local_tput.bash - -. /usr/local/bin/proxy_curl_lib.bash -[ -z "$TIMEOUT" ] && TIMEOUT=30 -TIMEOUT3=`expr 3 \* $TIMEOUT` - -SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT" -[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \ - SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12" -# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug - -# no timeout -no_tls1_1 -no_tls1_2 -OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof" -[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \ - OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2" -# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall - -TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none" - -ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose" - -NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace" -# no --cert-status -> ocsp -CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT" -CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https" -# [ -d /usr/local/share/ca-certificates/mozilla ] && \ -# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla" - -[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \ - CURL_ARGS="$CURL_ARGS --tlsv1.2" -NOW=`date +%s` -DATE () { - local elt=$1 - shift - # DEBUG=1 - $elt $( expr `date +%s` - $NOW )s $* - return 0 -} - -ssltest_proxies () { - - PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '` - PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '` - PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '` - - # SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan - TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT" - if [ -n "$SSLTEST_HTTP_PROXY" ] ; then - PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'` - OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT" - elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then - # WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation) - PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'` - OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT" - fi - - # Make sure a firewall is not between you and your scanning target! - # `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY` - # timesout 3x - # TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto" - - # use torsocks instead of - # ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT" - CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT" -#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT" - - # no proxy args and no _proxy strings - SSLSCAN_ENVS="$TORSOCKS " - ANALYZE_ENVS="$TORSOCKS " - # proxy timesout - TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS" - NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP " - CURL_ENVS=" " - return 0 -} - -ssltest_nmap () { - local elt=$1 - local site=$2 - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local exe=nmap - - DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile - INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile - $NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1 - retval=$? - if grep -q '(1 host up)' $eltfile ; then - if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then - INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile - else - INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile - fi - elif [ $retval -ne 0 ] ; then - ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile - else - WARN $elt "NO '(1 host up)' in" $eltfile - fi - - return 0 -} - -## ssltest_nmap -## no good for 1.3 -ssltest_sslscan () { - local elt=$1 - local site=$2 - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local exe=sslscan - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - - DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile - INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile - $SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1 - retval=$? - - # ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2 - if [ $retval -ne 0 ] ; then - ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile - elif grep ERROR $eltfile ; then - ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile - retval=-1 - elif grep EROR: $eltfile ; then - ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile - retval=-2 - elif grep "Certificate information cannot be retrieved." $eltfile ; then - WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile - - elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then - ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile - retval=-3 - elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then - # *.zoho.eu - WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile - elif ! grep -q Accepted $eltfile ; then - WARN "$elt not Accepted CA=$cacert = $eltfile" | tee -a $eltfile - elif [ $SSL_VER = 3 ] && ! grep -q TLS_AES_256_GCM_SHA384 $eltfile ; then - WARN "$elt not TLS_AES_256_GCM_SHA384 CA=$cacert = $eltfile" | tee -a $eltfile - else - DATE INFO "$elt Accepted CA=$cacert = $eltfile " | tee -a $eltfile - fi - return $retval -} - -## ssltest_openssl -ssltest_openssl () { - local elt=$1 - local site=$2 - local exe=openssl - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local total_s=`expr 2 \* $TIMEOUT` - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - - # -msg -msgfile $TMPDIR/$$.$site.s_client.msg - DATE DBUG "$elt s_client $OPENSSL_ELTS" $site $eltfile - INFO "$exe s_client $OPENSSL_ELTS timeout=$total_s" $site >> $eltfile - timeout $total_s $exe s_client $OPENSSL_ELTS $site < /dev/null >> $eltfile 2>&1 - retval=$? - - if [ $retval -eq 124 ] ; then - WARN "$elt failed timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile - elif [ $retval -eq 1 ] ; then - num=`grep ':SSL alert number' $eltfile | sed -e 's/.*:SSL alert number //'` - if [ $? -eq 0 ] && [ -n "$num" ] ; then - ERROR "$elt failed retval=$retval SSL alert #$num ${SSL_ALERT_CODES[$num]} CA=$cacert = $eltfile" | tee -a $eltfile - else - ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile - cat $eltfile - fi - elif grep ':error:' $eltfile ; then - a=`grep ':error:' $eltfile | sed -e 's/^[0-9]*:[^:]*:[^:]*:[^:]*:[^:]*://' -e 's/:.*//' |head -1 ` - ERROR "$elt :error: $a CA=$cacert = $eltfile" | tee -a $eltfile - elif grep 'Cipher is (NONE)\|SSL handshake has read 0 bytes' $eltfile ; then - ERROR "$elt s_client Cipher is (NONE) CA=$cacert = $eltfile" | tee -a $eltfile - elif [ $retval -ne 0 ] ; then - ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile - elif grep 'HTTP CONNECT failed:' $eltfile ; then - WARN "$elt failed HTTP CONNECT failed CA=$cacert = $eltfile" | tee -a $eltfile - elif grep 'unable to get local issuer certificate' $eltfile ; then - WARN "$elt s_client unable to get local issuer certificate CA=$cacert = $eltfile" | tee -a $eltfile - elif grep 'Verification error: certificate has expired' $eltfile ; then - WARN "$elt s_client Verification error: certificate has expired = $eltfile | tee -a $eltfile" | tee -a $eltfile - elif ! grep -q '^depth=0 CN.*'$site $eltfile ; then - WARN "$elt s_client CN NOT $site = $eltfile" | tee -a $eltfile - - elif grep 'OSCP response: no response' $eltfile ; then - WARN "$elt s_client OSCP response: no response = $eltfile | tee -a $eltfile" | tee -a $eltfile - elif grep 'New, TLSv1.$SSL_VER, Cipher is TLS' $eltfile ; then - DATE INFO "$elt TLSv1.$SSL_VER, Cipher is TLS CA=$cacert = $eltfile " | tee -a $eltfile - else - DATE INFO "$elt client CA=$cacert = $eltfile " | tee -a $eltfile - fi - return $retval -} - -## ssltest_testssl -ssltest_testssl () { - local elt=$1 - local site=$2 - local exe=/usr/local/bin/$elt.sh - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local total_s=`expr 2 \* $TIMEOUT3` - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - - DATE DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" $eltfile - INFO DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" >> $eltfile 2>&1 - # TLS 1.2 offered (OK) - # TLS 1.3 offered (OK) - # You should not proceed as no protocol was detected. If you still really really want to, say "YES" --> - echo YES | timeout $total_s env $TESTSSL_ENVS $exe $TESTSSL_ELTS $site:$SSL_PORT >>$eltfile 2>&1 - retval=$? - - subdir=`grep 'DEBUG (level 1): see files in' $eltfile | sed -e 's/.* //' -e "s/[$'].*//"` - if [ -n "$subdir" ] ; then - subdir="${subdir::19}" - if [ -d "$subdir" ] ; then - DBUG found \"$subdir\" - cat "$subdir"/*parse*txt >> $eltfile - fi - fi - if grep "Protocol.*TLSv1.$SSL_VER" $eltfile ; then - # timesout after success - DATE INFO "$elt $site Protocol : TLSv1.$SSL_VER CA=$cacert =$eltfile" | tee -a $eltfile - retval=0 - elif grep 'TLS 1.$SSL_VER *.*offered.*(OK)' $eltfile ; then - DATE INFO "$elt $site TLS 1.$SSL_VER offered CA=$cacert =$eltfile" | tee -a $eltfile - retval=0 - elif [ $retval -eq 124 ] ; then - WARN $elt $site "timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile - elif grep 'TLS 1.$SSL_VER.*not offered and downgraded to a weaker protocol' $eltfile ; then - DATE ERROR "$elt $site TLS 1.$SSL_VER NOT offered CA=$cacert =$eltfile" | tee -a $eltfile - retval=`expr 256 - 1` - elif grep -q 't seem to be a TLS/SSL enabled server' $eltfile ; then - DATE ERROR "$elt $site doesnt seem to be a TLS/SSL enabled server: CA=$cacert =$eltfile" | tee -a $eltfile - retval=`expr 256 - 2` - elif grep -q 'Client problem, No server cerificate could be retrieved' $eltfile ; then - WARN "$elt $site Client problem: CA=$cacert =$eltfile" | tee -a $eltfile - retval=`expr 256 - 3` - elif grep 'Fixme: something weird happened' $eltfile ; then - WARN "$elt $site Fixme: something weird happened CA=$cacert =$eltfile" | tee -a $eltfile - retval=`expr 256 - 4` - elif grep 'Oops: TCP connect problem' $eltfile ; then - WARN "$elt $site Oops: TCP connect problem CA=$cacert =$eltfile" | tee -a $eltfile - retval=`expr 256 - 5` - elif [ $retval -gt 5 ] ; then - # returns 5 - WARN "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile - elif grep ': unable to\| error:' $eltfile ; then - ERROR "$elt.bash unable to / error: CA=$cacert = $eltfile" | tee -a $eltfile - retval=`expr 256 - 6` - elif grep 'unexpected error' $eltfile ; then - ERROR "$elt.bash unexpected error CA=$cacert = $eltfile" | tee -a $eltfile - retval=`expr 256 - 7` - elif [ "$retval" -eq 1 ] ; then - DATE ERROR "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile - elif grep -q "Negotiated protocol.*TLSv1.$SSL_VER" $eltfile ; then - # TLS_AES_256_GCM_SHA384 - DATE INFO "$elt.bash TLSv1.$SSL_VER retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile - elif [ "$retval" -ne 0 ] ; then - # 5 is success - DATE WARN "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile - else - DATE INFO "$elt.bash no error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile - fi - - if grep ' VULNERABLE ' $eltfile ; then - WARN "$elt.bash VULNERABLE: CA=$cacert = $eltfile " | tee -a $eltfile - fi - grep 'Overall Grade' $eltfile - return $retval -} - -## ssltest_analyze_ssl $elt $site -ssltest_analyze_ssl () { - local elt=$1 - local site=$2 - local exe=/usr/local/bin/analyze-ssl.pl.bash - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local total_s=`expr 2 \* $TIMEOUT` - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - - DATE DBUG $elt "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" $eltfile - INFO "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" >> $eltfile - timeout $total_s $ANALYZE_ENVS $exe $ANALYZE_ELTS $site:$SSL_PORT >> $eltfile 2>&1 - retval=$? - - if [ ! -s $eltfile ] ; then - ERROR "$elt failed empty $eltfile" | tee -a $eltfile - retval=`expr 256 - 1` - elif grep "successful connect with TLSv1_$SSL_VER" $eltfile && \ - grep 'all certificates verified' $eltfile ; then - # succeeds but timesout - DATE INFO "$elt successful connect with TLSv1_$SSL_VER retval=$retval error = $eltfile" | tee -a $eltfile - elif [ $retval -eq 124 ] ; then - WARN "$elt timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile - elif [ $retval -ne 0 ] ; then - ERROR "$elt failed retval=$retval = $eltfile" | tee -a $eltfile - elif grep ERROR: $eltfile ; then - ERROR "$elt failed ERROR: = $eltfile" | tee -a $eltfile - retval=`expr 256 - 3` - elif grep 'certificate verify - name does not match' $eltfile ; then - ERROR "$elt failed name does not match = $eltfile" | tee -a $eltfile - retval=`expr 256 - 4` - elif ! grep 'certificate verified : ok' $eltfile ; then - ERROR "$elt failed NO certificate verified = $eltfile" | tee -a $eltfile - retval=`expr 256 - 5` - elif grep 'certificate verified : FAIL' $eltfile ; then - ERROR "$elt certificate verified : FAIL = $eltfile" | tee -a $eltfile - retval=`expr 256 - 6` - elif grep 'handshake failed with HIGH' $eltfile ; then - WARN "$elt failed handshake failed with HIGH = $eltfile" | tee -a $eltfile - retval=`expr 256 - 7` - elif grep '^ \! ' $eltfile ; then - ERROR "$elt failed \! = $eltfile" | tee -a $eltfile - retval=`expr 256 - 8` - else - DATE INFO "$elt no error = $eltfile" | tee -a $eltfile - fi - return $retval -} - -## ssltest_curl -ssltest_curl () { - local elt=$1 - local site=$2 - local exe="/usr/local/bin/s$elt.bash -- " - local outfile=$3 - [ -f "$outfile" ] || { WARN no outfile ; return 1 ; } - local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile` - local total_s=`expr 2 \* $TIMEOUT` - local prot - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - [ -n "$SSL_PORT" ] || { WARN no SSL_PORT ; return 3 ; } - - exe=curl - if [ "$SSL_PORT" = 443 ] ; then - prot=https - elif [ "$SSL_PORT" = 995 ] ; then - prot=pop3s - exe=curl - CURL_ELTS="$CURL_ELTS -l" - elif [ "$SSL_PORT" = 587 ] ; then - prot=smtps - exe=curl - # CURL_ELTS="$CURL_ELTS" - else - ERROR $elt unrecognized port protocol $SSL_PORT - return 3 - fi - DATE DBUG $elt $CURL_ENVS "`basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" $eltfile - INFO $elt "$CURL_ENVS `basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" >> $eltfile - $CURL_ENVS $exe $CURL_ELTS ${prot}://$site:$SSL_PORT >> $eltfile 2>&1 - retval=$? - # grep '= /tmp/scurl' - ERRF=$eltfile - - if [ $SSL_VER -eq 3 ] && ! grep "SSL connection using TLSv1.$SSL_VER" $ERRF ; then - ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile - retval=`expr 256 - 1` - cat $eltfile - elif ! grep -q "SSL connection using TLSv1.[3$SSL_VER]" $ERRF ; then - ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile - retval=`expr 256 - 1` - cat $eltfile - elif [ $retval -eq 77 ] || grep -q 'CURLE_SSL_CACERT_BADFILE' $ERRF ; then - ERROR "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile - elif [ $retval -eq 28 ] || grep -q 'CURLE_OPERATION_TIMEDOUT' $ERRF ; then - WARN "$elt retval=$retval CURLE_OPERATION_TIMEDOUT ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile - - elif [ $retval -eq 91 ] || grep -q 'CURLE_SSL_INVALIDCERTSTATUS' $ERRF ; then - WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile - - elif [ $retval -eq 28 ] || grep 'Connection timed out' $ERRF ; then - WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile - - elif [ $retval -eq 22 ] || grep -q 'curl: (22) The requested URL returned error:' $ERRF; then - # on 22 - change to HTTP code - code=`grep 'curl: (22) The requested URL returned error:' $ERRF | sed -s 's/.*returned error: //'` - if [ "$code" = 416 ] ; then - INFO "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile - retval=$code - elif [ -n "$code" ] && [ "$code" -ge 400 ] ; then - # 403 Cloudflare - ERROR "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile - retval=$code - else - WARN "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile - fi - - elif [ $retval -ne 0 ] ; then - # curl: (3) URL using bad/illegal format or missing URL - worked - WARN "$elt retval=$retval ${CURLE[$retval]} CA=$cacert = $ERRF" | tee -a $eltfile - - elif ! grep "subject: CN=$site" $ERRF ; then - ERROR "$elt NO subject: CN=$site CA=$cacert = $ERRF" | tee -a $eltfile - retval=`expr 256 - 2` - elif grep "503 - Forwarding failure" $ERRF ; then - WARN "$elt 503 - Forwarding failure CA=$cacert = $ERRF" | tee -a $eltfile - retval=`expr 256 - 3` - elif grep 'we are not connected' $eltfile ; then - WARN "$elt CA=$cacert = $ERRF" | tee -a $eltfile - retval=0 - else - INFO "$elt CA=$cacert = $ERRF" | tee -a $eltfile - retval=0 - fi - # TLSv1.3 (IN), TLS handshake, Finished - return $retval -} - -## ssllabs_analyze -ssltest_analyze () { - local elt=$1 - local site=$2 - local exe="/usr/local/bin/scurl.bash -- " - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` - local total_s=`expr 2 \* $TIMEOUT` - local url="https://www.ssllabs.com/ssltest/analyze.html?d=$site" - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - umask 0022 - - DATE DBUG "$elt $CURL_ELTS SSL_PORT=$SSL_PORT $url" $eltfile - INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile - $CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1 - retval=$? - if [ $retval -ne 0 ] ; then - DATE WARN "$elt retval=$retval $url" $eltfile >> $outfile - else - DATE INFO "$elt retval=$retval $url" $eltfile >> $outfile - fi - return $retval -} - -## ssltest_ssllabs -ssltest_ssllabs() { - local elt=$1 - local site=$2 - local outfile=$3 - [ -f "$outfile" ] || return 1 - local site_ip=$4 - local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` - local host=www.ssllabs.com - local url="ssltest/analyze.html?d=$site&s=$site_ip" - local exe="/usr/local/bin/scurl.bash -- " - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - umask 0022 - - DATE DBUG "$elt $CURL_ELTS $url" $eltfile - INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile - $CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1 - retval=$? - if [ $retval -ne 0 ] ; then - DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile - elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'No' ; then - DATE ERROR "$elt retval=$retval $url" $eltfile | tee -a $eltfile - retval=`expr 256 - 1` - elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'Yes' ; then - DATE INFO "$elt retval=$retval $url" $eltfile | tee -a $eltfile - retval=0 - else - DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile - fi - return $retval -} - -## ssltest_http2_alt_svc -ssltest_http2_alt_svc() { - local elt=$1 - local site=$2 - local outfile=$3 - [ -f "$outfile" ] || return 1 - local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile` - local exe="/usr/local/bin/scurl.bash -- " - local host=www.integralblue.com - local url=1.1.1.1/fun-stuff/dns-over-tor/ - [ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; } - umask 0022 - - if [ -n "$socks_proxy" ] ; then - export socks_proxy=`sed -e 's/socks[a-z0-9]*:/socks5h:/' <<< $socks_proxy` - $exe --head --http2 -x $socks_proxy https://$host/$url > $eltfile 2>&1 - else - $exe --head --http2 https://$host/$url > $eltfile 2>&1 - fi - - #? grep '^HTTP/2 301' $eltfile || exit 1 - grep '^HTTP/2 ' $eltfile || return 11 - grep 'alt-svc:' $eltfile || return 12 - onion=`grep 'alt-svc:' $eltfile | sed -e 's/.*h2=.//' -e 's/";.*//'` # || exit 3 - - if [ -n "$socks_proxy" ] ; then - $exe --head -x $socks_proxy https://$onion/$url >> $eltfile 2>&1 - retval=$? - else - $exe --head https://$onion/$url >> $eltfile 2>&1 - retval=$? - fi - if [ $retval -eq 0 ] ; then - DATE INFO $elt https://$host/$url | tee -a $eltfile - else - DATE WARN $elt https://$host/$url | tee -a $eltfile - fi - return $? -} diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash deleted file mode 100755 index 20f6ff9..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash +++ /dev/null @@ -1,344 +0,0 @@ -#!/bin/bash -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore -export PATH=/sbin:$PATH - -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -#[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL -. $PREFIX/bin/usr_local_tput.bash || exit 2 -. /usr/local/bin/proxy_ping_lib.bash >/dev/null || \ - { ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 3; } - - -#? . $PREFIX/src/usr_local_src.bash || exit 2 - -DNS_TRIES=3 -LOGP=TestSSL_`date -u +%y-%m-%d_%H_$$` -rm -f $TMPDIR/${LOGP}* - -# analyze-ssl passed files.pythonhosted.org -# INFO: 226s analyze-ssl no error = /tmp/_files.pythonhosted.org_analyze-ssl.out -[ -z "$SSLTEST_TESTS" ] && SSLTEST_TESTS="curl openssl testssl nmap" # sslscan -[ -z "$SSLTEST_CERTS" ] && SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt /usr/local/etc/ssl/cacert-testforge.pem" -[ -z "$SSLTEST_TIMEOUT" ] && SSLTEST_TIMEOUT=30 - -[ -z "$SSLTEST_SOCKS_PROXY" -a -n "$socks_proxy" ] && SSLTEST_SOCKS_PROXY=$socks_proxy \ - && DBUG SSLTEST_SOCKS_PROXY=$socks_proxy -if [ -z "$SSLTEST_HTTPS_PROXY" -a -n "$https_proxy" ] ; then - SSLTEST_HTTPS_PROXY=$https_proxy - DBUG SSLTEST_HTTPS_PROXY=$SSLTEST_HTTPS_PROXY -fi -[ -z "$SSLTEST_HTTP_PROXY" -a -n "$http_proxy" ] && SSLTEST_HTTP_PROXY=$http_proxy \ - && DBUG SSLTEST_HTTP_PROXY=$http_proxy -[ -z "$BOX_BYPASS_PROXY_GROUP" ] && BOX_BYPASS_PROXY_GROUP=bin - -SSL_LIB=openssl - -# [ "$MODE" ] && proxy_ping_test.bash $MODE - -declare -a BADSSL_SITES -BADSSL_SITES=( - self-signed.badssl.com - expired.badssl.com - mixed.badssl.com - rc4.badssl.com - hsts.badssl.com -) -declare -a GOODSSL_SITES -GOODSSL_SITES=( - files.pythonhosted.org - mirrors.dotsrc.org - deb.devuan.org -# dfw.source.kernel.org -# cdn.kernel.org -) - -badssl=0 -goodssl=0 -[ "$#" -eq 0 ] && goodssl=1 -tests="$SSLTEST_TESTS" -verbosity=2 -outdir=/tmp -timeout=$SSLTEST_TIMEOUT -onion=0 -CAFILE=/usr/local/etc/ssl/cacert-testforge.pem -TMPDIR=/tmp -SSL_PORT=443 -SSL_VER=3 - -usage() { - echo "Usage: $0 [OPTIONS] dirs-or-files" - echo - echo " -B | --badssl - test badssl.org sites" - echo " -G | --goodssl - test good sites" - echo " -S | --ssl - tls version v1.x - 2 or 3" - echo " -O | --onion - onion" - echo " -o | --outdir=$TMPDIR - output directory" - echo " -v | --verbosity=$verbosity - verbosity 0 least 5 most" - echo " -T | --timeout=$timeout - timeout in sec." - echo " -E | --tests=`sed -e 's/ /,/g' <<< $tests` - tests, comma separated" - echo " -C | --certs=`sed -e 's/ /,/g' <<< $SSLTEST_CERTS` - tests, comma separated" - echo " -Y | --ciphers - comma sep list of ciphers" - echo " -P | --port - port default $SSL_PORT" - echo " -N | --connect - connect" - echo - echo " -V | --version - print version of this script" - echo " -h | --help - print this help" -} - -SHORTOPTS="hVGBv:T:C:P:S:E:Y:ON:" -LONGOPTS="help,version:,goodssl,badssl,verbosity:,timeout,certs:,port:,ssl:,tests:,ciphers:,onion,connect:" -declare -a SITES -SITES=() - -ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@") -[ $? != 0 ] && { ERROR "error parsing getopt" ; exit 4 ; } - -eval set -- "$ARGS" - -while true; do - case "$1" in - -o|--outdir) - shift - TMPDIR="$1" - ;; - -v|--verbosity) - shift - verbosity="$1" - ;; - -T|--timeout) - shift - timeout="$1" - ;; - -S|--ssl) - shift - SSL_VER="$1" - ;; - -P|--port) - shift - SSL_PORT="$1" - ;; - -N|--connect) - shift - SSL_CONNECT="$1" - ;; - -C|--certs) - shift - SSLTEST_CERTS="`sed -e 's/,/ /g' <<< $1`" - ;; - -Y|--ciphers) - shift - SSLTEST_CIPHERS="`sed -e 's/,/ /g' <<< $1`" - ;; - -t|--tests) - shift - tests="`sed -e 's/,/ /g' <<< $1`" - ;; - -O|--onion) - onion=1 - ;; - -G|--goodssl) - goodssl=1 - badssl=0 - ;; - -B|--badssl) - badssl=1 - goodssl=0 - ;; - -V|--version) - usage - exit 0 - ;; - -h|--help) - usage - exit 0 - ;; - '--') - shift - SITES=("$@") - break - ;; - *) - { ERROR "unrecognized arguments $*" ; exit 5 ; } - break - ;; - esac - shift -done - -[ "${#SITES[*]}" -eq 0 -a $badssl -gt 0 ] && SITES=("${BADSSL_SITES[@]}") -[ "${#SITES[*]}" -eq 0 -a $goodssl -gt 0 ] && SITES=("${GOODSSL_SITES[@]}") -[ "${#SITES[@]}" -eq 0 ] && { ERROR "no arguments $*" ; exit 7 ; } - -[ "$SSL_VER" -ge 2 -a "$SSL_VER" -le 3 ] || { ERROR "SSL_VER $SSL_VER" ; exit 6 ; } -[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" || { ERROR "mkdir $TMPDIR" ; exit 8 ; } -[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; exit 9 ; } - -[ $onion -eq 0 ] && TIMEOUT=$timeout || TIMEOUT=`expr $timeout \* 2` -SSLTEST_TESTS="$tests" -declare -a tests_ran -tests_ran=() - -grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; } - -IF=`route | grep ^def |sed -e 's/.* //'` -[ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; } - -IP=`ifconfig $IF|grep -A 2 ^wlan |grep inet | sed -e 's/.*inet //' -e 's/ .*//'` -[ -n "$IP" ] || { ERROR "no IP" ; exit 11 ; } - -[ -z "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash - -netstat -nle4 | grep -v grep | grep -q 0.1:53 || \ - { WARN "DNS not running - netstat " ; } - -# iptables-legacy-save | grep "OUTPUT -o wlan4 -m owner --gid-owner 2 -j ACCEPT" - -# uses TIMEOUT=30 -. $PREFIX/bin/testforge_ssl_lib.bash - -if [ "$USER" = bin ] ; then - [ -z "$SOCKS_HOST" ] && SOCKS_HOST= - [ -z "$SOCKS_PORT" ] && SOCKS_PORT= - [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 -else - DEBUG=0 proxy_ping_get_socks >/dev/null - [ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1 - [ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050 - [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 -fi - -if [ "$USER" = bin ] ; then - TORSOCKS="" -elif [ $SOCKS_HOST != 127.0.0.1 ] ; then - TORSOCKS="torsocks --address $SOCKS_HOST --port $SOCKS_PORT " -elif [ $SOCKS_PORT != 9050 ] ; then - TORSOCKS="torsocks --port $SOCKS_PORT " -else - TORSOCKS="torsocks " -fi - -if [ -n "$SSLTEST_HTTPS_PROXY" ] ; then - grep -q "SocksPolicy *accept *$IP" /etc/tor/torrc || \ - { WARN "need SocksPolicy accept $IP in /etc/tor/torrc" ; } -fi - -# This works off the $https_proxy environment variable in the form http://127.0.0.1:9128 -# so you can test trans routing by call this with that unset. -ssltest_proxies $onion - -rm -f $TMPDIR/${LOGP}.*.* -OUTF=$TMPDIR/${LOGP}.out -for CAFILE in $SSLTEST_CERTS ; do - grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { - WARN $prog we are not connected >&2 - exit `expr 256 - 1` - } - - [ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; continue ; } - DATE DBUG CAFILE=$CAFILE --address $SOCKS_HOST --port $SOCKS_PORT - - cacert=`basename $CAFILE` - for site in "${SITES[@]##*/}" ; do - warns=0 - IF=`route | grep ^def |sed -e 's/.* //'` - [ -n "$IF" ] || { WARN "$site no route" ; continue ; } - - SITE_OUTF=$TMPDIR/${LOGP}_${site}.out - DEBUG=1 DATE DBUG $site CAFILE=$CAFILE $SITE_OUTF | tee -a $SITE_OUTF - - # ERROR: Could not resolve hostname www.devuan.org. - i=0 - while [ $i -le $DNS_TRIES ] ; do - if [ $onion -eq 0 ] ; then - site_ip=`dig $site +retry=5 +tries=2 +noall +answer +short | awk '{ print $1 }'` && break - else - site_ip=`tor-resolve -4 $site` && break - fi - i=`expr $i + 1` - sleep 5 - done - [ $i -ge $DNS_TRIES ] && ERROR failed resolve $site | tee -a $SITE_OUTF - [ $i -ge $DNS_TRIES ] && site_ip=$site - - elt=sslscan - SSLSCAN_ELTS="$SSLSCAN_ARGS --certs $CAFILE --sni-name $site" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - tests_ran+=($elt) && \ - ssltest_sslscan $elt $site $SITE_OUTF $site_ip - - elt=openssl - OPENSSL_ELTS="$OPENSSL_ARGS -CAfile $CAFILE -servername $site" - [ -n "$SSL_CONNECT" ] && OPENSSL_ELTS="$OPENSSL_ARGS -connect ${SSL_CONNECT}:$SSL_PORT" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - [ $onion -eq 0 ] && \ - tests_ran+=($elt) && \ - ssltest_openssl $elt $site $SITE_OUTF $site_ip - - elt=testssl - rm -f $TMPDIR/${LOGP}.$site.$elt.json # --jsonfile-pretty $TMPDIR/${LOGP}.$site.$elt.json - TESTSSL_ELTS="$TESTSSL_ARGS --add-ca $CAFILE --append --ip $site_ip" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - [ $onion -eq 0 ] && \ - tests_ran+=($elt) && \ - ssltest_testssl $elt $site $SITE_OUTF $site_ip - - elt=analyze-ssl - ANALYZE_ELTS="$ANALYZE_ARGS --CApath $CAFILE --name $site" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - [ $SSL_PORT = 443 ] && \ - tests_ran+=($elt) && \ - ssltest_analyze_ssl $elt $site $SITE_OUTF $site_ip - - elt=curl - CURL_ELTS="$CURL_ARGS --cacert $CAFILE --output /dev/null" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - tests_ran+=($elt) && \ - ssltest_curl $elt $site $SITE_OUTF $site_ip - - elt=nmap - NMAP_ELTS="$NMAP_ARGS --host-timeout $TIMEOUT -p $SSL_PORT" - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - tests_ran+=($elt) && \ - ssltest_nmap $elt $site $SITE_OUTF $site_ip - - elt=ssllabs - [ $SSL_PORT = 443 ] && \ - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - tests_ran+=($elt) && \ - ssltest_ssllabs $elt $site $SITE_OUTF $site_ip - done -done - -# bonus -elt=alt_svc -[ $SSL_PORT = 443 ] && \ - [[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \ - tests_ran+=($elt) && \ - ssltest_http2_alt_svc $elt - $SITE_OUTF - - -cat $TMPDIR/${LOGP}_*.out > $OUTF -# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/ -a=`openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM' | wc -l | sed -e 's/ .*//'` -[ $? -eq 0 ] && [ "$a" -eq 0 ] && \ - WARN "no openssl ciphers" | tee -a $OUTF - -DEBUG=1 DBUG "${#tests_ran[@]}" TESTS="${tests_ran[@]}" -warns=`grep -c WARN: $OUTF` -[ $? -eq 0 ] && [ "$warns" -gt 0 ] && DATE WARN "$warns warns for $site in $OUTF" -errs=`grep -c 'ERROR:\|EROR:' $OUTF` -[ $? -eq 0 ] && [ "$errs" -gt 0 ] && DATE ERROR "$errs errs for $site in $OUTF" -[ $? -eq 0 ] && [ "$warns" -eq 0 -a "$errs" -eq 0 ] && \ - DATE INFO "NO warns/errs for $site in $OUTF" - -exit $errs - -# pysslscan scan --scan=protocol.http --scan=vuln.heartbleed --scan=server.renegotiation \ -# --scan=server.preferred_ciphers --scan=server.ciphers \ -# --report=term:rating=ssllabs.2009e --ssl2 --ssl3 --tls10 --tls11 --tls12 -# /usr/local/bin/ssl-cipher-check.pl - diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash deleted file mode 100755 index 6c4b26f..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash +++ /dev/null @@ -1,50 +0,0 @@ -#/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore -[ -n "$PYDEV_VAR_LOCAL" ] && PREFIX=$PYDEV_VAR_LOCAL - -DESC="" -. /usr/local/src/usr_local_src.bash || exit 1 -HTTP_DIR=$PREFIX/net/Http - -DIR=tinfoilhat.shmoo.com -URL=web.archive.org/web/20121116091222/http:/ - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ $# -eq 0 ] ; then - if [ ! -d $DIR ] ; then - route|grep -q ^default || exit 0 - mkdir $DIR $DIR/source - wget -cP $DIR/source http://$URL/$DIR/source/bb-random.c \ - http://$URL/$DIR/source/gpggrid-version-on-floppy.c \ - http://$URL/$DIR/source/gpggrid.c || exit 3 - fi - - cd $PREFIX/src/$DIR/source || exit 4 - - [ -x gpggrid ] || \ - cc -o gpggrid --static gpggrid.c || exit 5 - - [ -f staticgpggrid.c ] || \ - sed -e 's/"gpg"/"staticgpg"/' gpggrid.c > staticgpggrid.c - [ -x staticgpggrid ] || \ - cc -o staticgpggrid --static staticgpggrid.c || exit 6 - - [ -x $PREFIX/bin/gpggrid -a $PREFIX/bin/gpggrid -nt gpggrid ] || \ - cp -p gpggrid $PREFIX/bin/ || exit 7 - - [ -x $PREFIX/bin/staticgpggrid -a $PREFIX/bin/staticgpggrid -nt gpggrid ] || \ - cp -p staticgpggrid $PREFIX/bin/ || exit 8 - - OPREFIX=$PREFIX/share/genkernel/overlay - [ -d $OPREFIX/bin ] || mkdir $OPREFIX/bin - [ -x $OPREFIX/bin/staticgpggrid ] || \ - ln $OPREFIX/bin/staticgpggrid $OPREFIX/bin/ || exit 9 -fi - -exit 0 diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tox-bootstrapd.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tox-bootstrapd.bash new file mode 100755 index 0000000..fd24eb3 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/tox-bootstrapd.bash @@ -0,0 +1,9 @@ +#!/bin/sh +# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*- + +ROLE=toxcore + +CONF=/var/local/etc/tox-bootstrapd.conf + +[ -d /var/lib/tox-bootstrapd/ ] || mkdir /var/lib/tox-bootstrapd +exec torsocks /var/local/bin/tox-bootstrapd --config $CONF "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash b/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash deleted file mode 100755 index 63c6995..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash +++ /dev/null @@ -1,75 +0,0 @@ -#/bin/sh -# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- - -PREFIX=/usr/local -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -ROLE=toxcore - -PYVER=3 -P="BASE_PYTHON${PYVER}_MINOR" -[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)" -PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash -PYTHON_EXE=$PYTHON_EXE_MSYS -DESC="" -. /usr/local/src/usr_local_src.bash || exit 1 -SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages -HTTP_DIR=$PREFIX/net/Http - -DIR=tox_profile -MOD=$DIR -GIT_HUB=git.plastiras.org -GIT_USER=emdee -GIT_DIR=$DIR -# tox_profile - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ "$#" -eq 0 ] ; then - - if [ ! -d "$DIR" ] ; then - if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then - msys_are_we_connected || exit 0 - [ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \ - mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" - ( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \ - git clone "https://$GIT_HUB/$GIT_USER/$GIT_DIR" ) ||\ - exit 2 - ( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \ - git config user emdee && \ - git config email emdee@ ) - - fi - cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3 - fi - - python$PYVER.sh -c 'import namedlist' || \ - pip$PYVER.sh install namedlist - - cd $DIR || exit 4 - [ -f __init__.py ] || touch __init__.py - -# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 - - exit 0 - -elif [ $1 = 'check' ] ; then # 1* - # "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10 - : - -elif [ "$1" = 'lint' ] ; then # 2* - [ -n "$PYVER" ] || return 20 - pylint -E --recursive y || exit 2$? - -elif [ "$1" = 'test' ] ; then # 3* - - cd $PREFIX/src/$DIR/$DIR || exit 32 - $PYTHON_EXE_MSYS tox_savefile_test.bash \ - >> $WD/$DIR/test.log 2>&1 || \ - { ERROR "$MOD code $?" ; cat $WD/$DIR/test.log ; exit 35 ; } - -elif [ "$1" = 'refresh' ] ; then # 6* - cd $PREFIX/src/$DIR || exit 60 - -fi diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_DHTnodes_nmap.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_DHTnodes_nmap.bash new file mode 100755 index 0000000..9efa994 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_DHTnodes_nmap.bash @@ -0,0 +1,51 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +ROLE=toxcore +prog=$( basename $0 .bash ) +NOW=`date "+%Y-%m-%d_%H"` + +. /usr/local/bin/usr_local_tput.bash 2>/dev/null >/dev/null || exit 2 +PREFIX=/var/local +BINDIR=$PREFIX/bin +[ -n "$USER" ] && USER=$( id -un ) + +DEBUG="" /usr/local/bin/proxy_ping_test.bash tor || exit 1 + +[ -n "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash 2>/dev/null >/dev/null +[ -n "$socks_proxy" ] && sproxy=`echo $socks_proxy | sed -e 's@.*://@@'` + +# https://nodes.tox.chat/json +ip="" +declare -a ports + +[ $# -eq 0 ] && set -- ~/.config/tox/DHTnodes.json + +cat "$@" | \ +jq '.|with_entries(select(.key|match("nodes"))).nodes[]|select(.status_tcp)|select(.ipv4|match("."))|.ipv4,.tcp_ports' | while read line ; do + if [ -z "$ip" ] ; then + ip=`echo $line|sed -e 's/"//g'` + ports=() + continue + elif [ "$line" = '[' ] ; then + continue + elif [ "$line" = ']' ] ; then + grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { ERROR no route ; exit 3 ; } + if [ "$ip" = '"NONE"' -o "$ip" = 'NONE' ] ; then + : + elif ping -c 1 $ip | grep '100% packet loss' ; then + WARN failed ping $ip + else + INFO $ip "${ports[*]}" + cmd="nmap -Pn -n -sT -p T:"`echo "${ports[*]}" |sed -e 's/ /,/g'` + DBUG $cmd $ip + $cmd $ip | grep /tcp + fi + ip="" + continue + else + port=`echo $line|sed -e 's/,//'` + ports+=("$port") + # echo '>>' $ip "${ports[*]}" + fi +done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.bash new file mode 100755 index 0000000..befe372 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.bash @@ -0,0 +1,43 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +ROLE=toxcore +prog=$( basename $0 .bash ) +NOW=`date "+%Y-%m-%d_%H"` + +. /usr/local/bin/usr_local_tput.bash 2>/dev/null >/dev/null || exit 2 +PREFIX=/var/local +BINDIR=$PREFIX/bin +[ -n "$USER" ] && USER=$( id -un ) + +[ -n "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash 2>/dev/null >/dev/null +[ -n "$socks_proxy" ] && sproxy=`echo $socks_proxy | sed -e 's@.*://@@'` + + +if [ $# -gt 0 ] && [ $1 = --test ] ; then + test='--test' + shift +else + test='' +fi + +[ $# -gt 0 ] && prot=$1 || prot=ipv4 + +[ $# -gt 1 ] && host=$2 || host=127.0.0.1 + +[ $# -gt 2 ] && port=$3 || { + [ -f /etc/tox-bootstrapd.conf ] && \ + port=`grep ^port /etc/tox-bootstrapd.conf | sed -e 's/.*[ ]//'` + } +[ -n "$port" ] || port=33446 + +[ $# -gt 3 ] && network=$4 || network=old +if [ $network == new ] || [ $network == newlocal ] ; then + test=--test +elif [ $network == old ] ; then + test= +fi + +dbug $PREFIX/src/toxygen/toxygen/tests/bootstrap_node_info.py $test $prot $host $port +python3.sh $PREFIX/src/toxygen/toxygen/tests/bootstrap_node_info.py $test $prot $host $port + diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.py b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.py new file mode 100755 index 0000000..91509dc --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.py @@ -0,0 +1,220 @@ +#!/var/local/bin/python3.bash +""" +Copyright (c) 2014 by nurupo + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. +""" +import socket +import sys +import os +import logging + +if sys.version_info[0] == 2: + print("ERROR: This script requires Python 3+ in order to run.") + sys.exit(1) + +logging.basicConfig(level=logging.INFO) +global LOG +LOG = logging.getLogger() + +def print_help(prog: str) -> None: + """Print program usage to stdout.""" + LOG.info(f"Usage: {prog} ") + LOG.info(f" Example: {prog} ipv4 192.210.149.121 33445") + LOG.info(f" Example: {prog} ipv4 23.226.230.47 33445") + LOG.info(f" Example: {prog} ipv4 node.tox.biribiri.org 33445") + LOG.info(f" Example: {prog} ipv4 cerberus.zodiaclabs.org 33445") + LOG.info(f" Example: {prog} ipv6 2604:180:1::3ded:b280 33445") + LOG.info(f" Example: {prog} socks '82.196.15.215' 33445"), + LOG.info(f" Example: {prog} socks5 '84.22.115.205' 33445"), # 'tox.verdict.gg' + LOG.info(f" Example: {prog} https '61.230.169.50' 33445"), # 'tox.initramfs.io' + LOG.info("socks or socks5 requires the environment_variable socks_proxy") + LOG.info("https requires the environment_variable https_proxy") + LOG.info("") + LOG.info("Return values:") + LOG.info(" 0 - received info reply from a node") + LOG.info(" 1 - incorrect command line arguments") + LOG.info(" 2 - didnt receive any reply from a node") + LOG.info(" 3 - received a malformed/unexpected reply") + + +# https://github.com/irungentoo/toxcore/blob/4940c4c62b6014d1f0586aa6aca7bf6e4ecfcf29/toxcore/network.h#L128 +INFO_PACKET_ID = b"\xF0" +# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L28 +INFO_REQUEST_PACKET_LENGTH = 78 +# first byte is INFO_REQUEST_ID, other bytes don't matter as long as reqest's +# length matches INFO_REQUEST_LENGTH +INFO_REQUEST_PACKET = INFO_PACKET_ID + ( + b"0" * (INFO_REQUEST_PACKET_LENGTH - len(INFO_PACKET_ID))) + +PACKET_ID_LENGTH = len(INFO_PACKET_ID) +PACKET_ID_LENGTH = 1 +# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L44 +VERSION_LENGTH = 4 +# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L26 +MAX_MOTD_LENGTH = 256 + +MAX_INFO_RESPONSE_PACKET_LENGTH = PACKET_ID_LENGTH + VERSION_LENGTH + MAX_MOTD_LENGTH + +SOCK_TIMEOUT_SECONDS = 15.0 + + +def iNodeInfo(protocol: str, host: str, port: int, key: str, environ=None) -> int: + """Call the bootstrap node info RPC and output the response.""" + + socks = None + python_socks = None + if not environ: + environ = os.environ + if protocol == 'socks5' or protocol == 'https': + # https://github.com/4sp1r3/socksipy-branch + try: + import socks + except ImportError: + LOG.error("socks/https not supported; download to this directory\n" \ + +" https://github.com/4sp1r3/socksipy-branch/socks.py") + return 4 + + elif protocol == 'socks': + # https://github.com/romis2012/python-socks + try: + import python_socks + except ImportError: + LOG.error("socks not supported; install python_socks\n" \ + +'https://github.com/romis2012/python-socks') + return 4 + + if socks and protocol == "socks5" and 'socks_proxy' in environ: + sock = socks.socksocket() + proxy = environ['socks_proxy'] + if proxy: + i = proxy.find('//') + if i > 0: + proxy = proxy[i+2:] + phost = proxy.split(':')[0] + pport = int(proxy.split(':')[1]) + # LOG("DBUG: 'socks_proxy' in environment: ", phost, pport) + else: + LOG.debug("NO 'socks_proxy' in environment - defaulting to 127.0.0.1:1080") + phost = '127.0.0.1' + pport = 1080 + sock.setproxy(socks.PROXY_TYPE_SOCKS5, phost, pport, True) + + elif socks and protocol == "https" and 'https_proxy' in environ: + sock = socks.socksocket() + proxy = environ['https_proxy'] + if proxy: + i = proxy.find('//') + if i > 0: + proxy = proxy[i+2:] + phost = proxy.split(':')[0] + pport = int(proxy.split(':')[1]) + # LOG("DBUG: 'https_proxy' in environment: ", phost, pport) + else: + LOG.debug("NO 'https_proxy' in environment - defaulting to 127.0.0.1:8080") + phost = '127.0.0.1' + pport = 8080 + sock.setproxy(socks.PROXY_TYPE_HTTP, phost, pport, True) + + elif python_socks and protocol == "socks" and 'socks_proxy' in environ: + from python_socks.sync import Proxy + proxy = Proxy.from_url(environ['socks_proxy'], rdns=True) + elif protocol == "ipv4": + sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) + elif protocol == "ipv6": + sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM) + else: + LOG.error("1 Invalid first argument " +protocol +" - one of: socks socks5 https ipv4 ipv6") + print_help(__file__) + return 1 + + try: + if python_socks: + sock = proxy.connect(dest_host=host, dest_port=port) + else: + sock.connect((host, port)) + except Exception as e: + LOG.error("2 Could not connect to bootstrap node " \ + +repr((host, port)) \ + +': ' +str(e)) + return 2 + + try: + sock.settimeout(SOCK_TIMEOUT_SECONDS) + sock.sendall(INFO_REQUEST_PACKET) + except Exception as e: + LOG.error("3 Could not send to bootstrap node " \ + +repr((host, port)) \ + +' ' +str(e)) + return 3 + + try: + data, _ = sock.recvfrom(MAX_INFO_RESPONSE_PACKET_LENGTH) + except socket.timeout: + LOG.warn("4 The DHT bootstrap node " \ + +repr((host, port)) \ + +" didnt reply in " + str(SOCK_TIMEOUT_SECONDS) + " sec.") + return 4 + if len(data) == 0: + try: + data, _ = sock.recvfrom(MAX_INFO_RESPONSE_PACKET_LENGTH) + except socket.timeout: + LOG.warn("4b The DHT bootstrap node " \ + +repr((host, port)) \ + +" didnt reply in " + str(SOCK_TIMEOUT_SECONDS) + " sec.") + return 4 + + if len(data) == 0: + LOG.warn("5 Bad response, no data from " +repr((host, port)) ) + return 5 + + packet_id = data[:PACKET_ID_LENGTH] + if packet_id != INFO_PACKET_ID: + LOG.warn("Bad response, first byte should be {info_packet_id!r}" + +" but got {packet_id!r}({data!r})".format( + info_packet_id=INFO_PACKET_ID, + packet_id=packet_id, + data=data, + )) + LOG.warn("6 Are you sure that you are pointing the script at a Tox " + "DHT bootstrap node? " \ + +repr((host, port)) \ + ) + return 6 + + version = int.from_bytes(data[PACKET_ID_LENGTH:PACKET_ID_LENGTH + VERSION_LENGTH], + byteorder="big") + motd = data[PACKET_ID_LENGTH + VERSION_LENGTH:].decode("utf-8") + LOG.info("Version: " + str(version) +" MOTD: " + motd[:-1]) + return 0 + +if __name__ == "__main__": + if len(sys.argv) != 4: + print_help(sys.argv[0]) + sys.exit(1) + + try: + i = iNodeInfo( + protocol=sys.argv[1], + host=sys.argv[2], + port=int(sys.argv[3]), + ) + except KeyboardInterrupt: + i = 0 + sys.exit(i) diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_test.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_test.bash new file mode 100755 index 0000000..b2a6fd7 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_test.bash @@ -0,0 +1,58 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +ROLE=toxcore +. /usr/local/bin/usr_local_tput.bash + +[ $# -gt 0 ] && ERROR no arguments needed && exit 1 + +cd /var/local/bin/ +network=new + +[ -f /etc/tox-bootstrapd.conf ] && \ + port=`grep ^port /etc/tox-bootstrapd.conf | sed -e 's/.*[ ]//'` + [ $? -eq 0 -a -n "$port" ] || port=33446 + +# EC8F7405F79F281569B6C66D9F03490973AB99BC9175C44FBEF4C3428A63B80D +python3.sh bootstrap_node_info.py ipv4 \ + 127.0.0.1 $port $network +python3.sh bootstrap_node_info.py tcp4 \ + 127.0.0.1 3389 $network + +grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo ERROR: not connected ; exit 1 ; } + +if [ `id -un` = bin ] ; then + socks5=ipv4 + socks=ipv4 +else + socks5=socks5 + socks=socks +fi + +# onion +[ $socks5 = socks5 ] && \ +python3.sh bootstrap_node_info.py $socks5 \ + pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \ + $port $network +[ $socks5 = socks5 ] && \ +python3.sh bootstrap_node_info.py $socks5 \ + pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \ + 38445 $network +[ $socks = socks ] && \ +python3.sh bootstrap_node_info.py $socks \ + pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \ + $port $network +[ $socks = socks ] && \ +python3.sh bootstrap_node_info.py $socks \ + pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \ + 38445 $network +[ $socks = socks ] && \ +python3.sh bootstrap_node_info.py $socks \ + pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \ + 80 + +# $network +python3.sh bootstrap_node_info.py $socks \ + 172.93.52.70 $port $network +python3.sh bootstrap_node_info.py $socks5 \ + 172.93.52.70 $port $network diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_clean_local.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_clean_local.bash new file mode 100755 index 0000000..59ee43f --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_clean_local.bash @@ -0,0 +1,32 @@ +#!/bin/sh +# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- + +# The idea here is to run ansible_local.bash --tags daily +# and then use this to do the parsing and throwing errors based on the output. +# This way the ansible run can be free from erroring and this can be +# run repeatedly anytime outside of ansible to deal with the issues raised. +# It is also run at the end of ansible_local.bash --tags daily to raise the issues. + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=toxcore +[ -f /usr/local/etc/testforge/testforge.bash ] || \ + . /usr/local/etc/testforge/testforge.bash + +BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) + +. /usr/local/bin/usr_local_tput.bash + +for from in /usr/lib/python$BASE_PYTHON3_MINOR/site-packages ; do + cd $from + ls */|grep -v '\.dist-info' | while read elt ; do + [ -d "$elt" ] || continue + [ "$elt" = __pycache__ ] && continue + base=`echo $elt|sed -e 's/-[0-9].*//'` + [ "$base" = py ] && continue +# DEBUG=1 DBUG $elt $base + ls -d $PREFIX/lib/python$BASE_PYTHON3_MINOR/site-packages/${base}* \ + 2>/dev/null && \ + INFO $elt $PREFIX/lib/python$BASE_PYTHON3_MINOR/site-packages/${base}* + done +done diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_libvirt_test_ga.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_libvirt_test_ga.bash deleted file mode 100755 index b3b69eb..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_libvirt_test_ga.bash +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -ROLE=toxcore -MODE=host -TOX_PLAY=/o/var/local/src/play_tox - -sudo virsh list | grep running | while read a elt b ; do - echo INFO testing $elt - ansible -i $TOX_PLAY/hosts.yml -c libvirt_qemu -m setup $elt -done - diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest2.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest2.bash new file mode 100755 index 0000000..69b591c --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest2.bash @@ -0,0 +1,11 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +prog=`basename $0 .bash` +PREFIX=/usr/local +[ -f /usr/local/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash +ROLE=toxcore + +export PYVER=2 +exec /usr/local/bin/toxcore_python_doctest.bash "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_tox_profile.bash b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_tox_profile.bash new file mode 100755 index 0000000..54aeee0 --- /dev/null +++ b/roles/toxcore/overlay/Linux/usr/local/bin/toxcore_tox_profile.bash @@ -0,0 +1,7 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +ROLE=toxcore +exec python3.sh -m tox_profile "$@" + +# exec python3.sh /usr/local/lib/python3.11/site-packages/bin/tox_profile "$@" diff --git a/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash b/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash deleted file mode 100644 index edc1eec..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -ROLE=toxcore -PREFIX=/usr/local - -. /usr/local/bin/usr_local_tput.bash -# we install into /usr/local/bin and it takes precedence -# export PATH=$PREFIX/bin:$PATH - -. $PREFIX/src/usr_local_src.bash || exit 2 -[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3 - -if [ "$#" -eq 0 ] ; then - cd $PREFIX/src || exit 2 - WD=$PWD - - bash c-toxcore.bash # || exit 3$? - bash tox_profile.bash # || 4$? -# sh mitogen.bash - # sh toxcore_docker.bash || exit 4$? -# which sdwdate >/dev/null 2>/dev/null || \ -# [ -f $PREFIX/bin/sdwdate.bash ] || \ -# sh sdwdate.bash - - sh gridfire.bash # || exit 6$? - sh pyassuan.bash #|| exit 7$? - sh tinfoilhat.shmoo.com.bash - # sh negotiator.bash - - [ -d testssl.sh ] || \ - sh testssl.bash || exit 9$? - - exit 0 - -elif [ "$1" = 'check' ] ; then - exit 0 - msys_run_checks_pip3 - msys_var_local_src_prog_key check || exit 10$? - exit $? - -elif [ "$1" = 'lint' ] ; then -# ols_run_tests_shellcheck $ROLE || exit 2$? - msys_var_local_src_prog_key $1 || exit 21$? -# ols_run_tests_pylint || exit 22$? - exit 0 - -elif [ "$1" = 'test' ] ; then - exit 0 - msys_var_local_src_prog_key $1 || exit 30$? - msys_check_pips_inst - msys_gentoo_test_imports || exit 32$? - #hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$? - -fi diff --git a/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash b/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash deleted file mode 100755 index 6a6c942..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash +++ /dev/null @@ -1,131 +0,0 @@ -#!/bin/bash -# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore - -. /usr/local/src/usr_local_src.bash || exit 2 -# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2 - -export LOG_DIR=$PREFIX/var/log/$ROLE - -DESC="" - -cd /usr/local/src || exit 4 - -if [ "$#" -eq 0 ] ; then - # /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh - [ -f /usr/local/bin/ssl-cipher-check.pl ] || \ - wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl - - if [ $USER = root ] ; then - # https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon - command -v keepassxc.bash - EXE=`command -v keepassxc.bash` - [ -z "$EXE" ] && EXE=`command -v keepassxc` - if [ -z "$EXE" ] ; then - export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring - ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'` - [ -n "$ELTS" ] && kill $ELTS - if [ -d /etc/pam.d ] ; then - cd /etc/pam.d - grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do - [ -f .$file.dst ] || cp -p $file .$file.dst - sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file - done - fi - file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service - if [ ! -f $file ] || ! grep -q $EXE $file ; then - cat > $file < ~/.config/autostart/$file < "$A" < $HOME/.config/gajim/config <&1| grep running | cut -f 1 -d ' ' ") - except StandardError as e: - print("ERROR: Unable to find any running boxes. Rerun with the --box argument.", file=sys.stderr) - raise - assert s, "ERROR: Unable to find a running box. Rerun with the --box argument." - lBoxes = s.split(' ') - -# mplatform = None -# def get_mplatform(): -# global mplatform -# # Linux-4.14.80-gentoo-x86_64-Intel-R-_Pentium-R-_CPU_N3700_@_1.60GHz-with-gentoo-2.2.1 -# if mplatform is None: -# mplatform = subprocess.check_output( -# """vagrant ssh %s -c 'python -mplatform'""" % box, -# shell=True, -# stderr=DEV_NULL -# ) -# return mplatform - -print (repr(args)) - -def ssh_run(cmd): - """ - Run a command line in a vagrant box via vagrant ssh. - Return the output. - """ - - return subprocess.check_output( - """%s ssh %s -c '%s'""" % (EXE, box, cmd), - shell=True, - stderr=DEV_NULL - ).replace('^@', '') - - -def run(cmd): - """ - Run a command in the host. - Stop the tests with a useful message if it fails. - """ - - if sys.platform.startswith('win'): - p = subprocess.Popen( - cmd, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - ) - else: - p = subprocess.Popen( - cmd, - shell=True, - stdout=subprocess.PIPE, - stderr=subprocess.PIPE, - close_fds=True - ) - stdout, stderr = p.communicate() - if p.returncode != 0: - print(stdout, file=sys.stderr) - # Stop the doctest - raise KeyboardInterrupt(stderr) - return stdout - -def cut(y, column_nums, sort=False): - """ - returns a list of lines reduced to the chosen column_nums - """ - assert y and len(y) > 0, "Empty string passed to cut" - # - if hasattr(y,'encode'): - s = y.encode('utf-8') - else: - s = y - - lines = s.splitlines() - line_lists = [l.split() for l in lines if l] - rez = ["\t".join([col[col_num] - for col_num in column_nums if col_num < len(col)]) - for col in line_lists] - if sort: - return sorted(rez) - else: - return rez - - -def joined_cut(s, column_nums, sort=False): - return "\n".join(cut(s, column_nums, sort)) - - -for box in lBoxes: - globs = { - 'ssh_run': ssh_run, - 'run': run, - 'cut': cut, - 'joined_cut': joined_cut, - 'skip_provisioning': args.no_provision, - 'no_provisioning': args.no_provision, - 'forcing': args.force, - 'box': box, - } - - if args.fail_fast: - OPTIONS = doctest.REPORT_ONLY_FIRST_FAILURE | OPTIONS - if box and not args.force: - output = subprocess.check_output("%s status %s" % (EXE, box,), shell=True) - if re.search(r"%s\s+not created" % box, output) is None: - print( "Vagrant box already exists. Destroy it or use '-f' to skip this test.", file=sys.stderr) - print ("Use '-f' in combination with '-n' to skip provisioning.", file=sys.stderr) - exit(1) - - if args.file is None: - files = glob.glob('tests/*.txt') - else: - files = [args.file] - - for fn in files: - print ( "%s / %s" % (box, fn) , file=sys.stderr) - - print( '*' * 50 ) - print (box) - print( '*' * 50 ) - print (fn) - print( '*' * 50 ) - try: - failure_count, test_count = doctest.testfile(fn, - module_relative=False, - optionflags=OPTIONS, - globs=globs) - except Exception as e: - sys.stderr.write('\n'.join(sys.path) +'\n') - raise - if args.haltonfail and failure_count > 0: - print ("Test failures occurred. Stopping tests and leaving vagrant box %s running." % box , file=sys.stderr) - exit(1) - - # Clean up our vagrant box. - - if box and not args.force: - print ( "Destroying %s" % box , file=sys.stderr) - run("%s destroy %s -f" % (EXE, box,)) - elif box: - print ( "Vagrant box %s left running." % box, file=sys.stderr) - diff --git a/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash b/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash deleted file mode 100755 index 7ab3511..0000000 --- a/roles/toxcore/overlay/Linux/usr/local/src/testssl.bash +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/sh -# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- - -prog=`basename $0 .bash` -PREFIX=/usr/local -ROLE=toxcore -[ -f /usr/local/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash -[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL - -# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher -# https://code.google.com/p/chromium/issues/detail?id=58831 - -DIR=testssl.sh -GITHUB_USER=drwetter -GITHUB_DIR=$DIR - -. $PREFIX/src/var_local_src.bash - -BINS=testssl - -cd $PREFIX/src || exit 2 -WD=$PWD - -if [ "$#" -eq 0 ] ; then - [ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR - - for elt in $BINS ; do - file=$PREFIX/bin/$elt.bash - if [ ! -f $file ] ; then - cat > $file << EOF -# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- -cd $PREFIX/src/$DIR -exec bash testssl.sh "\$@" -EOF - chmod +x $PREFIX/bin/testssl.bash - fi - done - - exit 0 - -elif [ $1 = 'check' ] ; then # 1* - ols_test_bins && exit 0 || exit 1$? - -elif [ $1 = 'lint' ] ; then # 2* - /var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$? - -elif [ "$1" = 'test' ] ; then # 3* - for bin in $BINS ; do - $PREFIX/bin/$bin.bash --help >/dev/null || exit 3$? - done - -elif [ "$1" = 'update' ] ; then # 7* - ols_are_we_connected || exit 0 - cd $PREFIX/src/$DIR || exit 70 - git pull || exit 7$? - - #error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream - #error: 1970 bytes of body are still expected - #fetch-pack: unexpected disconnect while reading sideband packet - #fatal: early EOF - #fatal: fetch-pack: invalid index-pack output - -fi - -# wget -P https://testssl.sh/testssl.sh - -exit 0