emdee/libvirt_cloud
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
emdee 2024-02-14 08:18:37 +00:00
parent 58937cfe7f
commit 5c3a865c7f
29 changed files with 431 additions and 2396 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

174
overlay/Linux/usr/local/src/src/ansible_gentooimgr/.gitignore vendored
View File

@ -1,174 +0,0 @@
# ---> Python
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
*.diff
*.good
*.bad
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
.pylint.err
.pylint.log
.pylint.out
*.dst
*~
.rsync.sh
.rsync.sh

50
roles/toxcore/overlay/Linux/usr/local/bin/analyze-ssl.bash
View File

@ -1,50 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PKG=analyze-ssl.pl
GIT_HUB=github.com
GIT_USER=noxxi
GIT_DIR=p5-ssl-tools
URL=raw.githubusercontent.com//master/$PKG.sh
URL=github.com/$GIT_USER/$GIT_DIR/raw/master/$PKG
. $PREFIX/src/var_local_src.bash
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -f $PKG ] ; then
[ -d $PREFIX/net/Http/$GIT_HUB ] || mkdir $PREFIX/net/Http/$GIT_HUB
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route | grep -q ^default || { DEBUG "$0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
fi
[ -f $PKG ] || cp -p $PREFIX/net/Http/$URL .
if [ ! -e $PREFIX/bin/$PKG.bash ] ; then
cat > $PREFIX/bin/$PKG.bash << EOF
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=text
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/
cd $PREFIX/src/ || exit 1
exec perl $PKG "\$@"
EOF
chmod 755 $PREFIX/bin/$PKG.bash
fi
exit 0
elif [ "$1" = 'test' ] ; then # 3*
$PREFIX/bin/$PKG.bash --help || exit 30
fi

28
roles/toxcore/overlay/Linux/usr/local/bin/ansible-keepass.bash
View File

@ -1,28 +0,0 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
[ -n "$KEYS_VAR_LOCAL" ] && PREFIX=$KEYS_VAR_LOCAL
TESTF_ANSIBLE_SRC=/o/data/TestForge/src/ansible
. /var/local/src/var_local_src.bash || exit 2
PKG=ansible-keepass
GIT_HUB=github.com
GIT_USER=Nekmo
GIT_DIR=ansible-keepass
[ -d $TESTF_ANSIBLE_SRC/lib/plugins/vars ] || \
mkdir -p $TESTF_ANSIBLE_SRC/lib/plugins/vars
[ -s $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py ] || \
wget $BASE_WGET_ARGS \
-O $TESTF_ANSIBLE_SRC/lib/plugins/vars/ansible_keepass.py \
https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$PKG.py \
exit 0

121
roles/toxcore/overlay/Linux/usr/local/bin/c-toxcore.bash
View File

@ -1,121 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=toxcore
DIR=c-$PKG
GIT_HUB=github.com
GIT_USER=TokTok
GIT_DIR=$DIR
GIT_BRAN=master
VERS=2.18.0
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
ols_are_we_connected || { DEBUG not connected ; exit 0 ; }
cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
git clone -b $GIT_BRAN --depth=1 https://$GIT_HUB/$GIT_USER/$GIT_DIR || exit 4
git clone --depth=1 https://$GIT_HUB/$GIT_USER/dockerfiles
cd $WD
# wget -xcP ../net/Http/ https://github.com/TokTok/c-toxcore/releases/download/v0.2.18/c-toxcore-0.2.18.tar.gz
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"/$GIT_DIR $DIR
fi
cd "$DIR" || exit 5
[ -f third_party/cmp/Makefile ] || git submodule update --init || exit 6
# ols_apply_testforge_patches
# # [ -f CMakeLists.txt.dst ] || patch -b -z.dst < toxcore.diff || exit 7
[ -f cmake.sh ] || cat > cmake.sh << EOF
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
PREFIX=$PREFIX
ROLE=$ROLE
CORE=$PREFIX/src/c-toxcore
DIR=_build
LIB=\$CORE/\$DIR
cd \$CORE | exit 3
mkdir _build
cd _build
cmake \
-DCMAKE_BUILD_TYPE="Debug" \
-DCMAKE_UNITY_BUILD=ON \
-DMIN_LOGGER_LEVEL=TRACE \
-DMUST_BUILD_TOXAV=ON \
-DNON_HERMETIC_TESTS=ON \
-DSTRICT_ABI=ON \
-DTEST_TIMEOUT_SECONDS=120 \
-DUSE_IPV6=OFF \
-DAUTOTEST=ON \
-DBUILD_MISC_TESTS=ON \
-DBUILD_FUN_UTILS=ON \
-DBOOTSTRAP_DAEMON=ON \
.. > cmake.log 2>&1
#sed -e 's/-DNDEBUG/-g/' -i CMakeCache.txt
make .. > make.log 2>&1
ls \$LIB/*so* || { echo ERROR \$LIB ; exit 2 ; }
EOF
bash cmake.sh || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cd _build
make >> make.log 2>&1 || {
retval=$?
ERROR cmake $retval
exit 3$retval
}
cp -p other/bootstrap_daemon/tox-bootstrapd $PREFIX/bin
cp -p other/bootstrap_daemon/tox-bootstrapd.sh $PREFIX/etc/init.d/tox-bootstrapd
# ln -s $PREFIX/etc/init.d/tox-bootstrapd /etc/init.d
exit 0
elif [ $1 = 'check' ] ; then # 1*
# ols_test_bins && exit 0 || exit $?
[ ! -d $DIR/_build ] && WARN not built yet $DIR && exit 11
[ -f $DIR/_build/libtoxcore.so.${VERS} ] && WARN not compiled yet $DIR && exit 12
ldd $DIR/_build/libtoxcore.so.${VERS} | grep found && ERROR ldd fails $DIR && exit 13
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

131
roles/toxcore/overlay/Linux/usr/local/bin/keyrings.bash
View File

@ -1,131 +0,0 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/src/usr_local_src.bash || exit 2
# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2
export LOG_DIR=$PREFIX/var/log/$ROLE
DESC=""
cd /usr/local/src || exit 4
if [ "$#" -eq 0 ] ; then
# /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh
[ -f /usr/local/bin/ssl-cipher-check.pl ] || \
wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl
if [ $USER = root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
command -v keepassxc.bash
EXE=`command -v keepassxc.bash`
[ -z "$EXE" ] && EXE=`command -v keepassxc`
if [ -z "$EXE" ] ; then
export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring
ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'`
[ -n "$ELTS" ] && kill $ELTS
if [ -d /etc/pam.d ] ; then
cd /etc/pam.d
grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do
[ -f .$file.dst ] || cp -p $file .$file.dst
sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file
done
fi
file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service
if [ ! -f $file ] || ! grep -q $EXE $file ; then
cat > $file <<EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=$EXE
EOF
fi
fi
fi
if [ $USER != root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
[ -d ~/.config/autostart ] || mkdir ~/.config/autostart
cd /etc/xdg/autostart/
for file in * ; do
[ -f ~/.config/autostart/$file ] || {
cat > ~/.config/autostart/$file <<EOF
[Desktop Entry]
Hidden=true
EOF
INFO created ~/.config/autostart/$file - cp /dev/null to reenable
}
done
# https://pypi.org/project/keyring/
A=`python3.bash -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"` || exit 1$?
[ -f "$A" ] || touch "$A"
# $HOME/.config/python_keyring
[ -s "$A" ] || cat > "$A" <<EOF
[backend]
default-keyring=keyring.backends.SecretService.Keyring
EOF
A=`python3 -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"`
[ -d "$A" ] || mkdir "$A"
if `which keepassxc` && ps ax | grep -v grep | grep -q keepassxc ; then
python3 -m keyring --list-backends | \
grep -q keyring.backends.SecretService.Keyring || \
WARN NO keyring.backends.SecretService.Keyring
# string "org.freedesktop.secrets"
dbus-send --session --dest=org.freedesktop.DBus \
--type=method_call --print-reply \
/org/freedesktop/DBus org.freedesktop.DBus.ListNames | \
grep -q 'org.freedesktop.secrets' || \
WARN NO org.freedesktop.DBus.ListNames
else
python3 -m keyring --list-backends || \
WARN NO keyring.backends
fi
if `which gajim` || [ -f $PREFIX/bin/gajim ] ; then
[ -f $HOME/.config/gajim/config ] || cat > $HOME/.config/gajim/config <<EOF
proxies.Tor.bosh_wait_for_restart_response = False
proxies.Tor.useauth = False
proxies.Tor.bosh_useproxy = True
proxies.Tor.bosh_http_pipelining = False
proxies.Tor.bosh_content = text/xml; charset=utf-8
proxies.Tor.bosh_uri =
proxies.Tor.bosh_wait = 30
proxies.Tor.host = 127.0.0.1
proxies.Tor.user =
proxies.Tor.pass =
proxies.Tor.bosh_hold = 2
proxies.Tor.type = socks5
proxies.Tor.port = 9050
EOF
fi
fi
exit 0
elif [ "$1" = check ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash || exit 10
msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash
msys_var_local_src_prog_key $1 || exit 20$?
ols_run_tests_shellcheck $ROLE || exit 21$?
ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then
msys_var_local_src_prog_key $1 || exit 51$?
fi

86
roles/toxcore/overlay/Linux/usr/local/bin/negotiator.bash
View File

@ -1,86 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
DESC=""
. $PREFIX/bin/usr_local_tput.bash || exit 1
PKG=negotiator
DIR=negatiator
declare -a FILES
FILES=(
1a/dd/3fcb75aebaa0a28f4f4e4a5773833d5cc7fecd47f2b535fc7e445f289539/negotiator-common-0.12.2.tar.gz
65/e5/bddc148f12aa8e81cfb0fbe504541436d0d38c6cb1546fa4fb5fbefcb5ce/negotiator-host-0.12.2.tar.gz
fe/a1/3d77020b8c5034f7ef65434d0510d1262840550155ce5f433c8189499326/negotiator-guest-0.12.2.tar.gz
)
declare -a GUESTS
GUESTS=(
coloredlogs-15.0.1-py2.py3-none-any.whl
executor-23.2-py2.py3-none-any.whl
fasteners-0.19-py3-none-any.whl
humanfriendly-10.0-py2.py3-none-any.whl
negotiator_common-0.12.2-py3-none-any.whl
negotiator_guest-0.12.2-py3-none-any.whl
property_manager-3.0-py2.py3-none-any.whl
setuptools-69.0.2-py3-none-any.whl
six-1.16.0-py2.py3-none-any.whl
supervisor-4.2.5-py2.py3-none-any.whl
verboselogs-1.7-py2.py3-none-any.whl
)
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
WD=$PWD
if [ ! -d "$DIR" ] ; then
route | grep -q ^def || { DBUG not connected ; exit 0 ; }
wget -xcP $PREFIX/net/Http/ https://pypi.org/project/negotiator-common/
for f in "${FILES[@]}" ; do
wget -xcP $PREFIX/net/Http/ https://files.pythonhosted.org/packages/$f
done
if [ ! -d "$WD/$DIR" ] ; then
[ -d $WD/$DIR ] || mkdir $WD/$DIR
pip3.sh download -d $WD/$DIR \
negotiator-guest supervisor humanfriendly
cd $WD
fi
for f in "${FILES[@]}" ; do
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
done
fi
for f in "${FILES[@]}" ; do
base=`basename $f .tar.gz`
[ -d base ] && continue
tar xvfkz $PREFIX/net/Http/$f 2>/dev/null
cd $base
pip3.sh install --prefix=/usr/local . >> install.log 2>&1 || \
WARN problems installing $base retval=$retval
cd ..
done
exit 0
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/_build || exit 30
ctest || exit 31
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
/usr/local/sbin/base_diff_from_dst.bash $ROLE || exit 6$?
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
fi

67
roles/toxcore/overlay/Linux/usr/local/bin/pyassuan.bash
View File

@ -1,67 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
#See /var/local/src/ZeroNet.bash
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYTHON_MINOR.sh
PYTHON_EXE=$PYTHON_EXE_MSYS
PYTHON_PIP_MSYS=$PREFIX/bin/pip$PYTHON_MINOR.sh
MOD="pyassuan"
DIR="${MOD}"
BINS="get-info pinentry"
GIT_HUB=http-git.tremily.us
GIT_DIR=pyassuan
#ols_funtoo_requires
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" ] ; then
[ -d "$PREFIX/net/Git/$GIT_HUB" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB"
route|grep ^def || { DEBUG not connected ; exit 0 ; }
(cd "$PREFIX/net/Git/$GIT_HUB" && \
git clone --depth=1 "http://http-git.tremily.us/pyassuan.git" ) ||\
exit 2
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_DIR" . || \
exit 3
fi
cd "$DIR" || exit 4
# ols_setup_zip_unsafe 's@^ )@ zip_safe=False)@'
#? [ -e /var/local/src/var_local_local.bash ] && . /var/local/src/var_local_local.bash
[ -d $PREFIX/$LIB/python${PYTHON_MINOR}/site-packages/${DIR}-${VER}-py${PYTHON_MINOR}.egg ] || \
msys_python_setup_install 2>&1 || { ERROR "code $?" ; cat install$PYVER.log ; exit 6 ; }
# msys_python_bins $BINS
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
"$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 20
# ols_test_bins
exit $?
elif [ "$1" = 'test' ] ; then # 3*
cd $WD/$DIR
$PYTHON_EXE_MSYS -m unittest discover >>test.log || exit 31$?
fi

113
roles/toxcore/overlay/Linux/usr/local/bin/testforge_clean_usr_local_lib.bash
View File

@ -1,113 +0,0 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=$PREFIX
ROLE=testforge
# too early
[ -f /usr/local/etc/testforge/testforge.bash ] || exit 0
. /usr/local/etc/testforge/testforge.bash || exit 1
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
if uname -a | grep entoo ; then
GENTOO=0
else
GENTOO=1
fi
UBUNTU=$( [ -d /etc/apt ] )
for PYTHON_MINOR in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -z "$PYTHON_MINOR" ] && continue
# [ "$PYTHON_MINOR" = "$BASE_PYTHON2_MINOR" ] && PYMAJOR=2 || PYMAJOR=3
PYVER="${PYTHON_MINOR:0:1}"
cd $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/ || exit $PYVER
[ -f __init__.py ] || touch __init__.py
INFO $PYVER GENTOO=$GENTOO $BASE_USR_LOCAL/$LIB/python${PYTHON_MINOR}/site-packages/
ls -1d * | \
grep -v '__init__.py\|~$\|egg-info\|__pycache__\|egg-link\|dist-info\|pyc$\|pyo$\|pth$\|.sh$$\|.so$\|.egg$\|.tar$\|.log$\|.lis$\|.err$' | \
sed -e 's/\.py$//' | \
while read elt ; do
[ -z "$elt" ] && continue
[ $elt = cachecontrol ] && mod=CacheControl || mod=$elt
#exceptions
[ $elt = pip ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
[ $elt = ansible ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
#?FixMe: - we are now allowing site.py
[ $elt = site ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for MarkupSafe-1.1.1-py2.7.egg-info
[ $elt = markupsafe ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# broken for PyYAML-5.3.1-py2.7.egg-info
[ $elt = yaml ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# Pygments-2.5.2-py2.7.egg-info
[ $elt = pygments ] && echo "INFO: $PYTHON_MINOR Skipped OK - $elt" && continue
# FixMe: what about the selenium patches
[ $elt = selenium ] && continue
# FixMe:
if [ $GENTOO -eq 0 ] && eix -r ^dev-python/${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER $elt is Installed
elif [ $GENTOO -eq 0 ] && eix ^dev-python/py${elt}$ | grep "Installed.*[\" ]$PYTHON_MINOR" ; then
DBUG $PYVER py$elt is Installed
elif [ -e /usr/$LIB/python$PYTHON_MINOR/$elt ] ; then
[ $elt = sitecustomize ] && echo WHY?: in /usr/$LIB/python$PYTHON_MINOR/$elt && continue
echo "DEBUG: $PYVER $elt is in /usr/$LIB/python$PYTHON_MINOR/$elt"
# The python$PYVER -s is crucial - otherwise
# /root/.local/lib64/python2.7/site-packages precedes
# /usr/lib64/python2.7/site-packageson sys.path
elif python$PYVER -s -c "import $mod,os; print os.path.realpath($mod.__path__[0])" 2>/dev/null | grep /usr/$LIB/ ; then
echo "DEBUG: $PYVER $elt is in /usr/$LIB/"
else
echo "INFO: $PYTHON_MINOR Checked OK - $elt"
continue
fi
WARN "$PYTHON_MINOR deleting - $elt"
if [ -d $elt ] ; then
INFO rm -rf *${elt}* .*${elt}*
rm -rf *${elt}* .*${elt}*
elif file $elt | grep 'empty' ; then
INFO rm -rf ${elt}
rm -rf ${elt}
elif [ -f "$elt.py" ] ; then
INFO rm ${elt}.py*
rm ${elt}.py*
elif [ -f "$elt.pyo" ] || [ -f "$elt.pyc" ] ; then
INFO rm -f ${elt}.pyc ${elt}.pyo
rm -f ${elt}.pyc ${elt}.pyo
else
echo "ERROR: oddball not a dir or file $( file $elt ) - \"$elt\""
fi
done
# FixMe: these are missed and crucial
[ -f /usr/local/lib64/python$PYTHON_MINOR7/site-packages/pkg_resources/__init__.py -a \
-f /usr/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/__init__.py ] &&
rm -rf /usr/local/lib64/python$PYTHON_MINOR/site-packages/pkg_resources/
/usr/local/bin/python$PYVER.sh -c 'from pkg_resources import ensure_directory, ContextualZipFile' || \
WARN "from pkg_resources import ensure_directory, ContextualZipFile "
done
cd /usr/local/bin
for file in * ; do
[ -x $file ] || continue
[ -e /usr/bin/$file -o -e /usr/sbin/$file -o -e /usr/bin/$file.py ] || continue
# ls -l /usr/bin/$file $file
root=$( basename $file .py )
[[ $file =~ .*2.py$ ]] && DBUG $file && continue
[[ $file =~ .*2$ ]] && DBUG $file && continue
if file $file | grep -q 'Python script' && head -2 $file | grep -q '/python2' ; then
[[ $file =~ .*.py$ ]] && INFO mv $file ${root}2.py && mv $file ${root}2.py && continue
[ -e /usr/bin/$file.py ] && INFO mv $file ${file}2 && mv $file ${file}2 &&z \
INFO ln -s /usr/bin/$file.py $file && ln -s /usr/bin/$file.py $file && continue
WARN $file not python ; continue
fi
INFO mv $file ${file}2; mv $file ${file}2
done
exit 0

39
roles/toxcore/overlay/Linux/usr/local/bin/testforge_dirmngr_test.bash
View File

@ -1,39 +0,0 @@
#!/bin/sh
# -*- mode: sh; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
ROLE=toxcore
prog=$(basename $0 .bash)
KEY=0x066DAFCB81E42C40
TIMEO=15
WARGS="-v -S --dns-timeout $TIMEO --connect-timeout $TIMEO --read-timeout $TIMEO"
. /usr/local/bin/proxy_export.bash
if [ is = dead ] ; then
# URL="http://hkps.pool.sks-keyservers.net:80/pks/lookup?op=get&options=mr&search=$KEY"
URL="http://pgp.mit.edu:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/2$$.log -O /tmp/2$$.html $URL || {
ERROR retval=$? ; cat /tmp/2$$.log; exit 2 ;
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/2$$.html || exit 210
grep -q 'HTTP/1.1 200 OK' /tmp/2$$.log || exit 220
fi
URL="http://keyserver.ubuntu.com:80/pks/lookup?op=get&options=mr&search=$KEY"
DBUG wget $URL
wget $WARGS -o /tmp/3$$.log -O /tmp/3$$.html $URL || {
ERROR retval=$? /tmp/3$$.log
exit 3
}
grep -q -e '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html || {
ERROR '-----BEGIN PGP PUBLIC KEY BLOCK' /tmp/3$$.html
exit 310
}
grep -q 'HTTP/1.1 200 OK' /tmp/3$$.log || {
ERROR NO 'HTTP/1.1 200 OK' /tmp/3$$.log
exit 320
}
exit 0

25
roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest2.bash
View File

@ -1,25 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=2
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
$PREFIX/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

26
roles/toxcore/overlay/Linux/usr/local/bin/testforge_run_doctest3.bash
View File

@ -1,26 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=$PREFIX
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
#? -S causes problems - why was it there?
for file in "$@" ; do
[ ! -f "$file" ] && WARN file not found $file && continue
/usr/local/bin/python$PYVER.sh $PREFIX/src/testforge_run_doctest.py \
$LOPTS --box '' --file "$file"
done

60
roles/toxcore/overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash
View File

@ -1,60 +0,0 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

519
roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_lib.bash
View File

@ -1,519 +0,0 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
. /usr/local/bin/proxy_curl_lib.bash
[ -z "$TIMEOUT" ] && TIMEOUT=30
TIMEOUT3=`expr 3 \* $TIMEOUT`
SSLSCAN_ARGS="-4 --show-certificate --bugs --timeout $TIMEOUT"
[ $SSL_VER = 3 ] && SSLSCAN_ARGS="$SSLSCAN_ARGS --tls13" || \
SSLSCAN_ARGS="$SSLSCAN_ARGS --tls12"
# -cipher 'ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH' -debug
# no timeout -no_tls1_1 -no_tls1_2
OPENSSL_ARGS="-4 -showcerts -bugs -status -state -no_ign_eof"
[ $SSL_VER = 3 ] && OPENSSL_ARGS="$OPENSSL_ARGS -tls1_3" || \
OPENSSL_ARGS="$OPENSSL_ARGS -tls1_2"
# --no-colour ?--show-certificate ?--show-client-cas ?--show-ciphers ?--tlsall
TESTSSL_ARGS="-4 --server-defaults --protocols --grease --server-preference --heartbleed --ccs-injection --renegotiation --breach --tls-fallback --drown --assume-http --connect-timeout $TIMEOUT3 --openssl-timeout $TIMEOUT3 --standard --vulnerable --ssl-native --phone-out --nodns none"
ANALYZE_ARGS="--timeout $TIMEOUT --all-ciphers --verbose"
NMAP_ARGS="--script ssl-enum-ciphers -v --script-trace"
# no --cert-status -> ocsp
CURL_ARGS="--silent -vvv --head --connect-timeout $TIMEOUT"
CURL_HTTP_ARGS="$CURL_ARGS --fail --location --http2 --proto-redir https --proto-default https --proto =https"
# [ -d /usr/local/share/ca-certificates/mozilla ] && \
# CURL_ARGS="$CURL_ARGS --capath usr/local/share/ca-certificates/mozilla"
[ $SSL_VER = 3 ] && CURL_ARGS="$CURL_ARGS --tlsv1.3" || \
CURL_ARGS="$CURL_ARGS --tlsv1.2"
NOW=`date +%s`
DATE () {
local elt=$1
shift
# DEBUG=1
$elt $( expr `date +%s` - $NOW )s $*
return 0
}
ssltest_proxies () {
PROXY_SCHEME=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 1 -d ' '`
PROXY_HOST=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 2 -d ' '`
PROXY_PORT=`echo $SSLTEST_HTTPS_PROXY|sed -e 's@/@@g' -e 's/:/ /g'| cut -f 3 -d ' '`
# SocksPolicy Accept in /etc/tor/torrc - required and works with sslscan
TESTSSL_ENVS="env MAX_OSSL_FAIL=10 DNS_VIA_PROXY=true PROXY_WAIT=$TIMEOUT"
if [ -n "$SSLTEST_HTTP_PROXY" ] ; then
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
elif [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
# WTF HTTP CONNECT failed: 502 Bad Gateway (tor protocol violation)
PROXY_HOST_PORT=`echo "$SSLTEST_HTTPS_PROXY" | sed -e 's@.*/@@'`
OPENSSL_ARGS="$OPENSSL_ARGS -proxy $PROXY_HOST_PORT"
fi
# Make sure a firewall is not between you and your scanning target!
# `sed -e 's@.*/@@' <<< $SSLTEST_HTTPS_PROXY`
# timesout 3x
# TESTSSL_ARGS="$TESTSSL_ARGS --proxy=auto"
# use torsocks instead of
# ANALYZE_ARGS="ANALYZE_ARGS --starttls http_proxy:${PROXY_HOST}:$PROXY_PORT"
CURL_ARGS="$CURL_ARGS -x socks5h://${SOCKS_HOST}:$SOCKS_PORT"
#? NMAP_ARGS="$NMAP_ARGS -x socks4://${SOCKS_HOST}:$SOCKS_PORT"
# no proxy args and no _proxy strings
SSLSCAN_ENVS="$TORSOCKS "
ANALYZE_ENVS="$TORSOCKS "
# proxy timesout
TESTSSL_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP $TESTSSL_ENVS"
NMAP_ENVS="sudo -u $BOX_BYPASS_PROXY_GROUP "
CURL_ENVS=" "
return 0
}
ssltest_nmap () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=nmap
DATE DBUG $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" $eltfile
INFO $elt "$NMAP_ENVS $exe $NMAP_ELTS $site" >> $eltfile
$NMAP_ENVS $exe $NMAP_ELTS $site >> $eltfile 2>&1
retval=$?
if grep -q '(1 host up)' $eltfile ; then
if grep -q TLS_AKE_WITH_AES_256_GCM_SHA384 $eltfile ; then
INFO "$elt TLS_AKE_WITH_AES_256_GCM_SHA384 = $eltfile" | tee -a $eltfile
else
INFO "$elt CA=$cacert = $eltfile" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
ERROR "$elt retval=$retval timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
else
WARN $elt "NO '(1 host up)' in" $eltfile
fi
return 0
}
## ssltest_nmap
## no good for 1.3
ssltest_sslscan () {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local exe=sslscan
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" $eltfile
INFO "$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site" >> $eltfile
$SSLSCAN_ENVS $exe $SSLSCAN_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# ECDHE-RSA-AES256-SHA pop.zoho.eu tls1.2
if [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ERROR $eltfile ; then
ERROR "$elt ERROR CA=$cacert = $eltfile" | tee -a $eltfile
retval=-1
elif grep EROR: $eltfile ; then
ERROR "$elt EROR: CA=$cacert = $eltfile" | tee -a $eltfile
retval=-2
elif grep "Certificate information cannot be retrieved." $eltfile ; then
WARN "$elt 'Certificate information cannot be retrieved' = $eltfile" | tee -a $eltfile
elif grep "TLSv1.$SSL_VER.*disabled" $eltfile ; then
ERROR "$elt TLSv1.$SSL_VER disabled = $eltfile" | tee -a $eltfile
retval=-3
elif ! grep '^\(Subject\|Altnames\).*'"$site" $eltfile ; then
# *.zoho.eu
WARN "$elt not 'Subject\|Altnames' = $eltfile" | tee -a $eltfile
elif ! grep -q Accepted $eltfile ; then
WARN "$elt not Accepted CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $SSL_VER = 3 ] && ! grep -q TLS_AES_256_GCM_SHA384 $eltfile ; then
WARN "$elt not TLS_AES_256_GCM_SHA384 CA=$cacert = $eltfile" | tee -a $eltfile
else
DATE INFO "$elt Accepted CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_openssl
ssltest_openssl () {
local elt=$1
local site=$2
local exe=openssl
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
# -msg -msgfile $TMPDIR/$$.$site.s_client.msg
DATE DBUG "$elt s_client $OPENSSL_ELTS" $site $eltfile
INFO "$exe s_client $OPENSSL_ELTS timeout=$total_s" $site >> $eltfile
timeout $total_s $exe s_client $OPENSSL_ELTS $site < /dev/null >> $eltfile 2>&1
retval=$?
if [ $retval -eq 124 ] ; then
WARN "$elt failed timeout=$TIMEOUT CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -eq 1 ] ; then
num=`grep ':SSL alert number' $eltfile | sed -e 's/.*:SSL alert number //'`
if [ $? -eq 0 ] && [ -n "$num" ] ; then
ERROR "$elt failed retval=$retval SSL alert #$num ${SSL_ALERT_CODES[$num]} CA=$cacert = $eltfile" | tee -a $eltfile
else
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
cat $eltfile
fi
elif grep ':error:' $eltfile ; then
a=`grep ':error:' $eltfile | sed -e 's/^[0-9]*:[^:]*:[^:]*:[^:]*:[^:]*://' -e 's/:.*//' |head -1 `
ERROR "$elt :error: $a CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Cipher is (NONE)\|SSL handshake has read 0 bytes' $eltfile ; then
ERROR "$elt s_client Cipher is (NONE) CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval err=${OPENSSL_X509_V[$retval]} CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'HTTP CONNECT failed:' $eltfile ; then
WARN "$elt failed HTTP CONNECT failed CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'unable to get local issuer certificate' $eltfile ; then
WARN "$elt s_client unable to get local issuer certificate CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'Verification error: certificate has expired' $eltfile ; then
WARN "$elt s_client Verification error: certificate has expired = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif ! grep -q '^depth=0 CN.*'$site $eltfile ; then
WARN "$elt s_client CN NOT $site = $eltfile" | tee -a $eltfile
elif grep 'OSCP response: no response' $eltfile ; then
WARN "$elt s_client OSCP response: no response = $eltfile | tee -a $eltfile" | tee -a $eltfile
elif grep 'New, TLSv1.$SSL_VER, Cipher is TLS' $eltfile ; then
DATE INFO "$elt TLSv1.$SSL_VER, Cipher is TLS CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt client CA=$cacert = $eltfile " | tee -a $eltfile
fi
return $retval
}
## ssltest_testssl
ssltest_testssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/$elt.sh
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT3`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" $eltfile
INFO DBUG $elt timeout $total_s "`basename $exe` $TESTSSL_ELTS $site:$SSL_PORT" >> $eltfile 2>&1
# TLS 1.2 offered (OK)
# TLS 1.3 offered (OK)
# You should not proceed as no protocol was detected. If you still really really want to, say "YES" -->
echo YES | timeout $total_s env $TESTSSL_ENVS $exe $TESTSSL_ELTS $site:$SSL_PORT >>$eltfile 2>&1
retval=$?
subdir=`grep 'DEBUG (level 1): see files in' $eltfile | sed -e 's/.* //' -e "s/[$'].*//"`
if [ -n "$subdir" ] ; then
subdir="${subdir::19}"
if [ -d "$subdir" ] ; then
DBUG found \"$subdir\"
cat "$subdir"/*parse*txt >> $eltfile
fi
fi
if grep "Protocol.*TLSv1.$SSL_VER" $eltfile ; then
# timesout after success
DATE INFO "$elt $site Protocol : TLSv1.$SSL_VER CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif grep 'TLS 1.$SSL_VER *.*offered.*(OK)' $eltfile ; then
DATE INFO "$elt $site TLS 1.$SSL_VER offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=0
elif [ $retval -eq 124 ] ; then
WARN $elt $site "timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif grep 'TLS 1.$SSL_VER.*not offered and downgraded to a weaker protocol' $eltfile ; then
DATE ERROR "$elt $site TLS 1.$SSL_VER NOT offered CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -q 't seem to be a TLS/SSL enabled server' $eltfile ; then
DATE ERROR "$elt $site doesnt seem to be a TLS/SSL enabled server: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep -q 'Client problem, No server cerificate could be retrieved' $eltfile ; then
WARN "$elt $site Client problem: CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'Fixme: something weird happened' $eltfile ; then
WARN "$elt $site Fixme: something weird happened CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif grep 'Oops: TCP connect problem' $eltfile ; then
WARN "$elt $site Oops: TCP connect problem CA=$cacert =$eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif [ $retval -gt 5 ] ; then
# returns 5
WARN "$elt failed retval=$retval CA=$cacert = $eltfile" | tee -a $eltfile
elif grep ': unable to\| error:' $eltfile ; then
ERROR "$elt.bash unable to / error: CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'unexpected error' $eltfile ; then
ERROR "$elt.bash unexpected error CA=$cacert = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif [ "$retval" -eq 1 ] ; then
DATE ERROR "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif grep -q "Negotiated protocol.*TLSv1.$SSL_VER" $eltfile ; then
# TLS_AES_256_GCM_SHA384
DATE INFO "$elt.bash TLSv1.$SSL_VER retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
elif [ "$retval" -ne 0 ] ; then
# 5 is success
DATE WARN "$elt.bash error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
else
DATE INFO "$elt.bash no error retval=$retval: CA=$cacert = $eltfile " | tee -a $eltfile
fi
if grep ' VULNERABLE ' $eltfile ; then
WARN "$elt.bash VULNERABLE: CA=$cacert = $eltfile " | tee -a $eltfile
fi
grep 'Overall Grade' $eltfile
return $retval
}
## ssltest_analyze_ssl $elt $site
ssltest_analyze_ssl () {
local elt=$1
local site=$2
local exe=/usr/local/bin/analyze-ssl.pl.bash
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
DATE DBUG $elt "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" $eltfile
INFO "timeout $total_s $ANALYZE_ENVS `basename $exe` $ANALYZE_ELTS $site:$SSL_PORT" >> $eltfile
timeout $total_s $ANALYZE_ENVS $exe $ANALYZE_ELTS $site:$SSL_PORT >> $eltfile 2>&1
retval=$?
if [ ! -s $eltfile ] ; then
ERROR "$elt failed empty $eltfile" | tee -a $eltfile
retval=`expr 256 - 1`
elif grep "successful connect with TLSv1_$SSL_VER" $eltfile && \
grep 'all certificates verified' $eltfile ; then
# succeeds but timesout
DATE INFO "$elt successful connect with TLSv1_$SSL_VER retval=$retval error = $eltfile" | tee -a $eltfile
elif [ $retval -eq 124 ] ; then
WARN "$elt timedout timeout=$total_s CA=$cacert = $eltfile" | tee -a $eltfile
elif [ $retval -ne 0 ] ; then
ERROR "$elt failed retval=$retval = $eltfile" | tee -a $eltfile
elif grep ERROR: $eltfile ; then
ERROR "$elt failed ERROR: = $eltfile" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'certificate verify - name does not match' $eltfile ; then
ERROR "$elt failed name does not match = $eltfile" | tee -a $eltfile
retval=`expr 256 - 4`
elif ! grep 'certificate verified : ok' $eltfile ; then
ERROR "$elt failed NO certificate verified = $eltfile" | tee -a $eltfile
retval=`expr 256 - 5`
elif grep 'certificate verified : FAIL' $eltfile ; then
ERROR "$elt certificate verified : FAIL = $eltfile" | tee -a $eltfile
retval=`expr 256 - 6`
elif grep 'handshake failed with HIGH' $eltfile ; then
WARN "$elt failed handshake failed with HIGH = $eltfile" | tee -a $eltfile
retval=`expr 256 - 7`
elif grep '^ \! ' $eltfile ; then
ERROR "$elt failed \! = $eltfile" | tee -a $eltfile
retval=`expr 256 - 8`
else
DATE INFO "$elt no error = $eltfile" | tee -a $eltfile
fi
return $retval
}
## ssltest_curl
ssltest_curl () {
local elt=$1
local site=$2
local exe="/usr/local/bin/s$elt.bash -- "
local outfile=$3
[ -f "$outfile" ] || { WARN no outfile ; return 1 ; }
local eltfile=`sed -e "s/.out/_$elt.out/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local prot
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
[ -n "$SSL_PORT" ] || { WARN no SSL_PORT ; return 3 ; }
exe=curl
if [ "$SSL_PORT" = 443 ] ; then
prot=https
elif [ "$SSL_PORT" = 995 ] ; then
prot=pop3s
exe=curl
CURL_ELTS="$CURL_ELTS -l"
elif [ "$SSL_PORT" = 587 ] ; then
prot=smtps
exe=curl
# CURL_ELTS="$CURL_ELTS"
else
ERROR $elt unrecognized port protocol $SSL_PORT
return 3
fi
DATE DBUG $elt $CURL_ENVS "`basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" $eltfile
INFO $elt "$CURL_ENVS `basename $exe` $CURL_ELTS ${prot}://$site:$SSL_PORT" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS ${prot}://$site:$SSL_PORT >> $eltfile 2>&1
retval=$?
# grep '= /tmp/scurl'
ERRF=$eltfile
if [ $SSL_VER -eq 3 ] && ! grep "SSL connection using TLSv1.$SSL_VER" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif ! grep -q "SSL connection using TLSv1.[3$SSL_VER]" $ERRF ; then
ERROR "$elt NO SSL connection using TLSv1.$SSL_VER CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 1`
cat $eltfile
elif [ $retval -eq 77 ] || grep -q 'CURLE_SSL_CACERT_BADFILE' $ERRF ; then
ERROR "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep -q 'CURLE_OPERATION_TIMEDOUT' $ERRF ; then
WARN "$elt retval=$retval CURLE_OPERATION_TIMEDOUT ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 91 ] || grep -q 'CURLE_SSL_INVALIDCERTSTATUS' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 28 ] || grep 'Connection timed out' $ERRF ; then
WARN "$elt retval=$retval ${CURLE[$retval]} CAFILE=$CAFILE = $ERRF" | tee -a $eltfile
elif [ $retval -eq 22 ] || grep -q 'curl: (22) The requested URL returned error:' $ERRF; then
# on 22 - change to HTTP code
code=`grep 'curl: (22) The requested URL returned error:' $ERRF | sed -s 's/.*returned error: //'`
if [ "$code" = 416 ] ; then
INFO "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
elif [ -n "$code" ] && [ "$code" -ge 400 ] ; then
# 403 Cloudflare
ERROR "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
retval=$code
else
WARN "$elt retval=$retval ${CURLE[$retval]} code=$code CA=$cacert = $ERRF" | tee -a $eltfile
fi
elif [ $retval -ne 0 ] ; then
# curl: (3) URL using bad/illegal format or missing URL - worked
WARN "$elt retval=$retval ${CURLE[$retval]} CA=$cacert = $ERRF" | tee -a $eltfile
elif ! grep "subject: CN=$site" $ERRF ; then
ERROR "$elt NO subject: CN=$site CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 2`
elif grep "503 - Forwarding failure" $ERRF ; then
WARN "$elt 503 - Forwarding failure CA=$cacert = $ERRF" | tee -a $eltfile
retval=`expr 256 - 3`
elif grep 'we are not connected' $eltfile ; then
WARN "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
else
INFO "$elt CA=$cacert = $ERRF" | tee -a $eltfile
retval=0
fi
# TLSv1.3 (IN), TLS handshake, Finished
return $retval
}
## ssllabs_analyze
ssltest_analyze () {
local elt=$1
local site=$2
local exe="/usr/local/bin/scurl.bash -- "
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local total_s=`expr 2 \* $TIMEOUT`
local url="https://www.ssllabs.com/ssltest/analyze.html?d=$site"
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS SSL_PORT=$SSL_PORT $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile >> $outfile
else
DATE INFO "$elt retval=$retval $url" $eltfile >> $outfile
fi
return $retval
}
## ssltest_ssllabs
ssltest_ssllabs() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local site_ip=$4
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local host=www.ssllabs.com
local url="ssltest/analyze.html?d=$site&s=$site_ip"
local exe="/usr/local/bin/scurl.bash -- "
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
DATE DBUG "$elt $CURL_ELTS $url" $eltfile
INFO "<\!-- $CURL_ENVS $elt $CURL_ELTS $url -->" >> $eltfile
$CURL_ENVS $exe $CURL_ELTS $url >> $eltfile 2>&1
retval=$?
if [ $retval -ne 0 ] ; then
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'No' ; then
DATE ERROR "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=`expr 256 - 1`
elif grep -A 2 ">TLS 1.$SSL_VER<" $eltfile | grep 'Yes' ; then
DATE INFO "$elt retval=$retval $url" $eltfile | tee -a $eltfile
retval=0
else
DATE WARN "$elt retval=$retval $url" $eltfile | tee -a $eltfile
fi
return $retval
}
## ssltest_http2_alt_svc
ssltest_http2_alt_svc() {
local elt=$1
local site=$2
local outfile=$3
[ -f "$outfile" ] || return 1
local eltfile=`sed -e "s/.out/_$elt.html/" <<< $outfile`
local exe="/usr/local/bin/scurl.bash -- "
local host=www.integralblue.com
local url=1.1.1.1/fun-stuff/dns-over-tor/
[ -n "$SSL_VER" ] || { WARN no SSL_VER ; return 2 ; }
umask 0022
if [ -n "$socks_proxy" ] ; then
export socks_proxy=`sed -e 's/socks[a-z0-9]*:/socks5h:/' <<< $socks_proxy`
$exe --head --http2 -x $socks_proxy https://$host/$url > $eltfile 2>&1
else
$exe --head --http2 https://$host/$url > $eltfile 2>&1
fi
#? grep '^HTTP/2 301' $eltfile || exit 1
grep '^HTTP/2 ' $eltfile || return 11
grep 'alt-svc:' $eltfile || return 12
onion=`grep 'alt-svc:' $eltfile | sed -e 's/.*h2=.//' -e 's/";.*//'` # || exit 3
if [ -n "$socks_proxy" ] ; then
$exe --head -x $socks_proxy https://$onion/$url >> $eltfile 2>&1
retval=$?
else
$exe --head https://$onion/$url >> $eltfile 2>&1
retval=$?
fi
if [ $retval -eq 0 ] ; then
DATE INFO $elt https://$host/$url | tee -a $eltfile
else
DATE WARN $elt https://$host/$url | tee -a $eltfile
fi
return $?
}

344
roles/toxcore/overlay/Linux/usr/local/bin/testforge_ssl_test.bash
View File

@ -1,344 +0,0 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
export PATH=/sbin:$PATH
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
#[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
. $PREFIX/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/proxy_ping_lib.bash >/dev/null || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 3; }
#? . $PREFIX/src/usr_local_src.bash || exit 2
DNS_TRIES=3
LOGP=TestSSL_`date -u +%y-%m-%d_%H_$$`
rm -f $TMPDIR/${LOGP}*
# analyze-ssl passed files.pythonhosted.org
# INFO: 226s analyze-ssl no error = /tmp/_files.pythonhosted.org_analyze-ssl.out
[ -z "$SSLTEST_TESTS" ] && SSLTEST_TESTS="curl openssl testssl nmap" # sslscan
[ -z "$SSLTEST_CERTS" ] && SSLTEST_CERTS="/etc/ssl/certs/ca-certificates.crt /usr/local/etc/ssl/cacert-testforge.pem"
[ -z "$SSLTEST_TIMEOUT" ] && SSLTEST_TIMEOUT=30
[ -z "$SSLTEST_SOCKS_PROXY" -a -n "$socks_proxy" ] && SSLTEST_SOCKS_PROXY=$socks_proxy \
&& DBUG SSLTEST_SOCKS_PROXY=$socks_proxy
if [ -z "$SSLTEST_HTTPS_PROXY" -a -n "$https_proxy" ] ; then
SSLTEST_HTTPS_PROXY=$https_proxy
DBUG SSLTEST_HTTPS_PROXY=$SSLTEST_HTTPS_PROXY
fi
[ -z "$SSLTEST_HTTP_PROXY" -a -n "$http_proxy" ] && SSLTEST_HTTP_PROXY=$http_proxy \
&& DBUG SSLTEST_HTTP_PROXY=$http_proxy
[ -z "$BOX_BYPASS_PROXY_GROUP" ] && BOX_BYPASS_PROXY_GROUP=bin
SSL_LIB=openssl
# [ "$MODE" ] && proxy_ping_test.bash $MODE
declare -a BADSSL_SITES
BADSSL_SITES=(
self-signed.badssl.com
expired.badssl.com
mixed.badssl.com
rc4.badssl.com
hsts.badssl.com
)
declare -a GOODSSL_SITES
GOODSSL_SITES=(
files.pythonhosted.org
mirrors.dotsrc.org
deb.devuan.org
# dfw.source.kernel.org
# cdn.kernel.org
)
badssl=0
goodssl=0
[ "$#" -eq 0 ] && goodssl=1
tests="$SSLTEST_TESTS"
verbosity=2
outdir=/tmp
timeout=$SSLTEST_TIMEOUT
onion=0
CAFILE=/usr/local/etc/ssl/cacert-testforge.pem
TMPDIR=/tmp
SSL_PORT=443
SSL_VER=3
usage() {
echo "Usage: $0 [OPTIONS] dirs-or-files"
echo
echo " -B | --badssl - test badssl.org sites"
echo " -G | --goodssl - test good sites"
echo " -S | --ssl - tls version v1.x - 2 or 3"
echo " -O | --onion - onion"
echo " -o | --outdir=$TMPDIR - output directory"
echo " -v | --verbosity=$verbosity - verbosity 0 least 5 most"
echo " -T | --timeout=$timeout - timeout in sec."
echo " -E | --tests=`sed -e 's/ /,/g' <<< $tests` - tests, comma separated"
echo " -C | --certs=`sed -e 's/ /,/g' <<< $SSLTEST_CERTS` - tests, comma separated"
echo " -Y | --ciphers - comma sep list of ciphers"
echo " -P | --port - port default $SSL_PORT"
echo " -N | --connect - connect"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
SHORTOPTS="hVGBv:T:C:P:S:E:Y:ON:"
LONGOPTS="help,version:,goodssl,badssl,verbosity:,timeout,certs:,port:,ssl:,tests:,ciphers:,onion,connect:"
declare -a SITES
SITES=()
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && { ERROR "error parsing getopt" ; exit 4 ; }
eval set -- "$ARGS"
while true; do
case "$1" in
-o|--outdir)
shift
TMPDIR="$1"
;;
-v|--verbosity)
shift
verbosity="$1"
;;
-T|--timeout)
shift
timeout="$1"
;;
-S|--ssl)
shift
SSL_VER="$1"
;;
-P|--port)
shift
SSL_PORT="$1"
;;
-N|--connect)
shift
SSL_CONNECT="$1"
;;
-C|--certs)
shift
SSLTEST_CERTS="`sed -e 's/,/ /g' <<< $1`"
;;
-Y|--ciphers)
shift
SSLTEST_CIPHERS="`sed -e 's/,/ /g' <<< $1`"
;;
-t|--tests)
shift
tests="`sed -e 's/,/ /g' <<< $1`"
;;
-O|--onion)
onion=1
;;
-G|--goodssl)
goodssl=1
badssl=0
;;
-B|--badssl)
badssl=1
goodssl=0
;;
-V|--version)
usage
exit 0
;;
-h|--help)
usage
exit 0
;;
'--')
shift
SITES=("$@")
break
;;
*)
{ ERROR "unrecognized arguments $*" ; exit 5 ; }
break
;;
esac
shift
done
[ "${#SITES[*]}" -eq 0 -a $badssl -gt 0 ] && SITES=("${BADSSL_SITES[@]}")
[ "${#SITES[*]}" -eq 0 -a $goodssl -gt 0 ] && SITES=("${GOODSSL_SITES[@]}")
[ "${#SITES[@]}" -eq 0 ] && { ERROR "no arguments $*" ; exit 7 ; }
[ "$SSL_VER" -ge 2 -a "$SSL_VER" -le 3 ] || { ERROR "SSL_VER $SSL_VER" ; exit 6 ; }
[ -d "$TMPDIR" ] || mkdir -p "$TMPDIR" || { ERROR "mkdir $TMPDIR" ; exit 8 ; }
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; exit 9 ; }
[ $onion -eq 0 ] && TIMEOUT=$timeout || TIMEOUT=`expr $timeout \* 2`
SSLTEST_TESTS="$tests"
declare -a tests_ran
tests_ran=()
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { WARN "not connected" ; exit 0 ; }
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { ERROR "no IF" ; exit 10 ; }
IP=`ifconfig $IF|grep -A 2 ^wlan |grep inet | sed -e 's/.*inet //' -e 's/ .*//'`
[ -n "$IP" ] || { ERROR "no IP" ; exit 11 ; }
[ -z "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash
netstat -nle4 | grep -v grep | grep -q 0.1:53 || \
{ WARN "DNS not running - netstat " ; }
# iptables-legacy-save | grep "OUTPUT -o wlan4 -m owner --gid-owner 2 -j ACCEPT"
# uses TIMEOUT=30
. $PREFIX/bin/testforge_ssl_lib.bash
if [ "$USER" = bin ] ; then
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
else
DEBUG=0 proxy_ping_get_socks >/dev/null
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
fi
if [ "$USER" = bin ] ; then
TORSOCKS=""
elif [ $SOCKS_HOST != 127.0.0.1 ] ; then
TORSOCKS="torsocks --address $SOCKS_HOST --port $SOCKS_PORT "
elif [ $SOCKS_PORT != 9050 ] ; then
TORSOCKS="torsocks --port $SOCKS_PORT "
else
TORSOCKS="torsocks "
fi
if [ -n "$SSLTEST_HTTPS_PROXY" ] ; then
grep -q "SocksPolicy *accept *$IP" /etc/tor/torrc || \
{ WARN "need SocksPolicy accept $IP in /etc/tor/torrc" ; }
fi
# This works off the $https_proxy environment variable in the form http://127.0.0.1:9128
# so you can test trans routing by call this with that unset.
ssltest_proxies $onion
rm -f $TMPDIR/${LOGP}.*.*
OUTF=$TMPDIR/${LOGP}.out
for CAFILE in $SSLTEST_CERTS ; do
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || {
WARN $prog we are not connected >&2
exit `expr 256 - 1`
}
[ -f $CAFILE ] || { ERROR "CAfile not found $CAFILE" ; continue ; }
DATE DBUG CAFILE=$CAFILE --address $SOCKS_HOST --port $SOCKS_PORT
cacert=`basename $CAFILE`
for site in "${SITES[@]##*/}" ; do
warns=0
IF=`route | grep ^def |sed -e 's/.* //'`
[ -n "$IF" ] || { WARN "$site no route" ; continue ; }
SITE_OUTF=$TMPDIR/${LOGP}_${site}.out
DEBUG=1 DATE DBUG $site CAFILE=$CAFILE $SITE_OUTF | tee -a $SITE_OUTF
# ERROR: Could not resolve hostname www.devuan.org.
i=0
while [ $i -le $DNS_TRIES ] ; do
if [ $onion -eq 0 ] ; then
site_ip=`dig $site +retry=5 +tries=2 +noall +answer +short | awk '{ print $1 }'` && break
else
site_ip=`tor-resolve -4 $site` && break
fi
i=`expr $i + 1`
sleep 5
done
[ $i -ge $DNS_TRIES ] && ERROR failed resolve $site | tee -a $SITE_OUTF
[ $i -ge $DNS_TRIES ] && site_ip=$site
elt=sslscan
SSLSCAN_ELTS="$SSLSCAN_ARGS --certs $CAFILE --sni-name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_sslscan $elt $site $SITE_OUTF $site_ip
elt=openssl
OPENSSL_ELTS="$OPENSSL_ARGS -CAfile $CAFILE -servername $site"
[ -n "$SSL_CONNECT" ] && OPENSSL_ELTS="$OPENSSL_ARGS -connect ${SSL_CONNECT}:$SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_openssl $elt $site $SITE_OUTF $site_ip
elt=testssl
rm -f $TMPDIR/${LOGP}.$site.$elt.json # --jsonfile-pretty $TMPDIR/${LOGP}.$site.$elt.json
TESTSSL_ELTS="$TESTSSL_ARGS --add-ca $CAFILE --append --ip $site_ip"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $onion -eq 0 ] && \
tests_ran+=($elt) && \
ssltest_testssl $elt $site $SITE_OUTF $site_ip
elt=analyze-ssl
ANALYZE_ELTS="$ANALYZE_ARGS --CApath $CAFILE --name $site"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
[ $SSL_PORT = 443 ] && \
tests_ran+=($elt) && \
ssltest_analyze_ssl $elt $site $SITE_OUTF $site_ip
elt=curl
CURL_ELTS="$CURL_ARGS --cacert $CAFILE --output /dev/null"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_curl $elt $site $SITE_OUTF $site_ip
elt=nmap
NMAP_ELTS="$NMAP_ARGS --host-timeout $TIMEOUT -p $SSL_PORT"
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_nmap $elt $site $SITE_OUTF $site_ip
elt=ssllabs
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_ssllabs $elt $site $SITE_OUTF $site_ip
done
done
# bonus
elt=alt_svc
[ $SSL_PORT = 443 ] && \
[[ $SSLTEST_TESTS =~ .*${elt}.* ]] && \
tests_ran+=($elt) && \
ssltest_http2_alt_svc $elt - $SITE_OUTF -
cat $TMPDIR/${LOGP}_*.out > $OUTF
# https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/
a=`openssl ciphers -v 'ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1:!AESCCM' | wc -l | sed -e 's/ .*//'`
[ $? -eq 0 ] && [ "$a" -eq 0 ] && \
WARN "no openssl ciphers" | tee -a $OUTF
DEBUG=1 DBUG "${#tests_ran[@]}" TESTS="${tests_ran[@]}"
warns=`grep -c WARN: $OUTF`
[ $? -eq 0 ] && [ "$warns" -gt 0 ] && DATE WARN "$warns warns for $site in $OUTF"
errs=`grep -c 'ERROR:\|EROR:' $OUTF`
[ $? -eq 0 ] && [ "$errs" -gt 0 ] && DATE ERROR "$errs errs for $site in $OUTF"
[ $? -eq 0 ] && [ "$warns" -eq 0 -a "$errs" -eq 0 ] && \
DATE INFO "NO warns/errs for $site in $OUTF"
exit $errs
# pysslscan scan --scan=protocol.http --scan=vuln.heartbleed --scan=server.renegotiation \
# --scan=server.preferred_ciphers --scan=server.ciphers \
# --report=term:rating=ssllabs.2009e --ssl2 --ssl3 --tls10 --tls11 --tls12
# /usr/local/bin/ssl-cipher-check.pl

50
roles/toxcore/overlay/Linux/usr/local/bin/tinfoilhat.shmoo.com.bash
View File

@ -1,50 +0,0 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -n "$PYDEV_VAR_LOCAL" ] && PREFIX=$PYDEV_VAR_LOCAL
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
HTTP_DIR=$PREFIX/net/Http
DIR=tinfoilhat.shmoo.com
URL=web.archive.org/web/20121116091222/http:/
cd $PREFIX/src || exit 2
WD=$PWD
if [ $# -eq 0 ] ; then
if [ ! -d $DIR ] ; then
route|grep -q ^default || exit 0
mkdir $DIR $DIR/source
wget -cP $DIR/source http://$URL/$DIR/source/bb-random.c \
http://$URL/$DIR/source/gpggrid-version-on-floppy.c \
http://$URL/$DIR/source/gpggrid.c || exit 3
fi
cd $PREFIX/src/$DIR/source || exit 4
[ -x gpggrid ] || \
cc -o gpggrid --static gpggrid.c || exit 5
[ -f staticgpggrid.c ] || \
sed -e 's/"gpg"/"staticgpg"/' gpggrid.c > staticgpggrid.c
[ -x staticgpggrid ] || \
cc -o staticgpggrid --static staticgpggrid.c || exit 6
[ -x $PREFIX/bin/gpggrid -a $PREFIX/bin/gpggrid -nt gpggrid ] || \
cp -p gpggrid $PREFIX/bin/ || exit 7
[ -x $PREFIX/bin/staticgpggrid -a $PREFIX/bin/staticgpggrid -nt gpggrid ] || \
cp -p staticgpggrid $PREFIX/bin/ || exit 8
OPREFIX=$PREFIX/share/genkernel/overlay
[ -d $OPREFIX/bin ] || mkdir $OPREFIX/bin
[ -x $OPREFIX/bin/staticgpggrid ] || \
ln $OPREFIX/bin/staticgpggrid $OPREFIX/bin/ || exit 9
fi
exit 0

9
roles/toxcore/overlay/Linux/usr/local/bin/tox-bootstrapd.bash Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
CONF=/var/local/etc/tox-bootstrapd.conf
[ -d /var/lib/tox-bootstrapd/ ] || mkdir /var/lib/tox-bootstrapd
exec torsocks /var/local/bin/tox-bootstrapd --config $CONF "$@"

75
roles/toxcore/overlay/Linux/usr/local/bin/tox_profile.bash
View File

@ -1,75 +0,0 @@
#/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
[ -z "$PYTHON_MINOR" ] && PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
DESC=""
. /usr/local/src/usr_local_src.bash || exit 1
SITE_PACKAGES_MSYS=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
HTTP_DIR=$PREFIX/net/Http
DIR=tox_profile
MOD=$DIR
GIT_HUB=git.plastiras.org
GIT_USER=emdee
GIT_DIR=$DIR
# tox_profile
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
if [ ! -d "$DIR" ] ; then
if [ ! -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" ] ; then
msys_are_we_connected || exit 0
[ -d "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" ] || \
mkdir "$PREFIX/net/Git/$GIT_HUB/$GIT_USER"
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git clone "https://$GIT_HUB/$GIT_USER/$GIT_DIR" ) ||\
exit 2
( cd "$PREFIX/net/Git/$GIT_HUB/$GIT_USER" && \
git config user emdee && \
git config email emdee@ )
fi
cp -rip "$PREFIX/net/Git/$GIT_HUB/$GIT_USER/$GIT_DIR" . || exit 3
fi
python$PYVER.sh -c 'import namedlist' || \
pip$PYVER.sh install namedlist
cd $DIR || exit 4
[ -f __init__.py ] || touch __init__.py
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
exit 0
elif [ $1 = 'check' ] ; then # 1*
# "$PYTHON_EXE_MSYS" -c "import $MOD" 2>/dev/null || exit 10
:
elif [ "$1" = 'lint' ] ; then # 2*
[ -n "$PYVER" ] || return 20
pylint -E --recursive y || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
cd $PREFIX/src/$DIR/$DIR || exit 32
$PYTHON_EXE_MSYS tox_savefile_test.bash \
>> $WD/$DIR/test.log 2>&1 || \
{ ERROR "$MOD code $?" ; cat $WD/$DIR/test.log ; exit 35 ; }
elif [ "$1" = 'refresh' ] ; then # 6*
cd $PREFIX/src/$DIR || exit 60
fi

51
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_DHTnodes_nmap.bash Executable file
View File

@ -0,0 +1,51 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=toxcore
prog=$( basename $0 .bash )
NOW=`date "+%Y-%m-%d_%H"`
. /usr/local/bin/usr_local_tput.bash 2>/dev/null >/dev/null || exit 2
PREFIX=/var/local
BINDIR=$PREFIX/bin
[ -n "$USER" ] && USER=$( id -un )
DEBUG="" /usr/local/bin/proxy_ping_test.bash tor || exit 1
[ -n "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash 2>/dev/null >/dev/null
[ -n "$socks_proxy" ] && sproxy=`echo $socks_proxy | sed -e 's@.*://@@'`
# https://nodes.tox.chat/json
ip=""
declare -a ports
[ $# -eq 0 ] && set -- ~/.config/tox/DHTnodes.json
cat "$@" | \
jq '.|with_entries(select(.key|match("nodes"))).nodes[]|select(.status_tcp)|select(.ipv4|match("."))|.ipv4,.tcp_ports' | while read line ; do
if [ -z "$ip" ] ; then
ip=`echo $line|sed -e 's/"//g'`
ports=()
continue
elif [ "$line" = '[' ] ; then
continue
elif [ "$line" = ']' ] ; then
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { ERROR no route ; exit 3 ; }
if [ "$ip" = '"NONE"' -o "$ip" = 'NONE' ] ; then
:
elif ping -c 1 $ip | grep '100% packet loss' ; then
WARN failed ping $ip
else
INFO $ip "${ports[*]}"
cmd="nmap -Pn -n -sT -p T:"`echo "${ports[*]}" |sed -e 's/ /,/g'`
DBUG $cmd $ip
$cmd $ip | grep /tcp
fi
ip=""
continue
else
port=`echo $line|sed -e 's/,//'`
ports+=("$port")
# echo '>>' $ip "${ports[*]}"
fi
done

43
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.bash Executable file
View File

@ -0,0 +1,43 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=toxcore
prog=$( basename $0 .bash )
NOW=`date "+%Y-%m-%d_%H"`
. /usr/local/bin/usr_local_tput.bash 2>/dev/null >/dev/null || exit 2
PREFIX=/var/local
BINDIR=$PREFIX/bin
[ -n "$USER" ] && USER=$( id -un )
[ -n "$socks_proxy" ] || . /usr/local/bin/proxy_export.bash 2>/dev/null >/dev/null
[ -n "$socks_proxy" ] && sproxy=`echo $socks_proxy | sed -e 's@.*://@@'`
if [ $# -gt 0 ] && [ $1 = --test ] ; then
test='--test'
shift
else
test=''
fi
[ $# -gt 0 ] && prot=$1 || prot=ipv4
[ $# -gt 1 ] && host=$2 || host=127.0.0.1
[ $# -gt 2 ] && port=$3 || {
[ -f /etc/tox-bootstrapd.conf ] && \
port=`grep ^port /etc/tox-bootstrapd.conf | sed -e 's/.*[ ]//'`
}
[ -n "$port" ] || port=33446
[ $# -gt 3 ] && network=$4 || network=old
if [ $network == new ] || [ $network == newlocal ] ; then
test=--test
elif [ $network == old ] ; then
test=
fi
dbug $PREFIX/src/toxygen/toxygen/tests/bootstrap_node_info.py $test $prot $host $port
python3.sh $PREFIX/src/toxygen/toxygen/tests/bootstrap_node_info.py $test $prot $host $port

220
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_node_info.py Executable file
View File

@ -0,0 +1,220 @@
#!/var/local/bin/python3.bash
"""
Copyright (c) 2014 by nurupo <nurupo.contributions@gmail.com>
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
"""
import socket
import sys
import os
import logging
if sys.version_info[0] == 2:
print("ERROR: This script requires Python 3+ in order to run.")
sys.exit(1)
logging.basicConfig(level=logging.INFO)
global LOG
LOG = logging.getLogger()
def print_help(prog: str) -> None:
"""Print program usage to stdout."""
LOG.info(f"Usage: {prog} <ipv4|ipv6> <ip/hostname> <port>")
LOG.info(f" Example: {prog} ipv4 192.210.149.121 33445")
LOG.info(f" Example: {prog} ipv4 23.226.230.47 33445")
LOG.info(f" Example: {prog} ipv4 node.tox.biribiri.org 33445")
LOG.info(f" Example: {prog} ipv4 cerberus.zodiaclabs.org 33445")
LOG.info(f" Example: {prog} ipv6 2604:180:1::3ded:b280 33445")
LOG.info(f" Example: {prog} socks '82.196.15.215' 33445"),
LOG.info(f" Example: {prog} socks5 '84.22.115.205' 33445"), # 'tox.verdict.gg'
LOG.info(f" Example: {prog} https '61.230.169.50' 33445"), # 'tox.initramfs.io'
LOG.info("socks or socks5 requires the environment_variable socks_proxy")
LOG.info("https requires the environment_variable https_proxy")
LOG.info("")
LOG.info("Return values:")
LOG.info(" 0 - received info reply from a node")
LOG.info(" 1 - incorrect command line arguments")
LOG.info(" 2 - didnt receive any reply from a node")
LOG.info(" 3 - received a malformed/unexpected reply")
# https://github.com/irungentoo/toxcore/blob/4940c4c62b6014d1f0586aa6aca7bf6e4ecfcf29/toxcore/network.h#L128
INFO_PACKET_ID = b"\xF0"
# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L28
INFO_REQUEST_PACKET_LENGTH = 78
# first byte is INFO_REQUEST_ID, other bytes don't matter as long as reqest's
# length matches INFO_REQUEST_LENGTH
INFO_REQUEST_PACKET = INFO_PACKET_ID + (
b"0" * (INFO_REQUEST_PACKET_LENGTH - len(INFO_PACKET_ID)))
PACKET_ID_LENGTH = len(INFO_PACKET_ID)
PACKET_ID_LENGTH = 1
# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L44
VERSION_LENGTH = 4
# https://github.com/irungentoo/toxcore/blob/881b2d900d1998981fb6b9938ec66012d049635f/other/bootstrap_node_packets.c#L26
MAX_MOTD_LENGTH = 256
MAX_INFO_RESPONSE_PACKET_LENGTH = PACKET_ID_LENGTH + VERSION_LENGTH + MAX_MOTD_LENGTH
SOCK_TIMEOUT_SECONDS = 15.0
def iNodeInfo(protocol: str, host: str, port: int, key: str, environ=None) -> int:
"""Call the bootstrap node info RPC and output the response."""
socks = None
python_socks = None
if not environ:
environ = os.environ
if protocol == 'socks5' or protocol == 'https':
# https://github.com/4sp1r3/socksipy-branch
try:
import socks
except ImportError:
LOG.error("socks/https not supported; download to this directory\n" \
+" https://github.com/4sp1r3/socksipy-branch/socks.py")
return 4
elif protocol == 'socks':
# https://github.com/romis2012/python-socks
try:
import python_socks
except ImportError:
LOG.error("socks not supported; install python_socks\n" \
+'https://github.com/romis2012/python-socks')
return 4
if socks and protocol == "socks5" and 'socks_proxy' in environ:
sock = socks.socksocket()
proxy = environ['socks_proxy']
if proxy:
i = proxy.find('//')
if i > 0:
proxy = proxy[i+2:]
phost = proxy.split(':')[0]
pport = int(proxy.split(':')[1])
# LOG("DBUG: 'socks_proxy' in environment: ", phost, pport)
else:
LOG.debug("NO 'socks_proxy' in environment - defaulting to 127.0.0.1:1080")
phost = '127.0.0.1'
pport = 1080
sock.setproxy(socks.PROXY_TYPE_SOCKS5, phost, pport, True)
elif socks and protocol == "https" and 'https_proxy' in environ:
sock = socks.socksocket()
proxy = environ['https_proxy']
if proxy:
i = proxy.find('//')
if i > 0:
proxy = proxy[i+2:]
phost = proxy.split(':')[0]
pport = int(proxy.split(':')[1])
# LOG("DBUG: 'https_proxy' in environment: ", phost, pport)
else:
LOG.debug("NO 'https_proxy' in environment - defaulting to 127.0.0.1:8080")
phost = '127.0.0.1'
pport = 8080
sock.setproxy(socks.PROXY_TYPE_HTTP, phost, pport, True)
elif python_socks and protocol == "socks" and 'socks_proxy' in environ:
from python_socks.sync import Proxy
proxy = Proxy.from_url(environ['socks_proxy'], rdns=True)
elif protocol == "ipv4":
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
elif protocol == "ipv6":
sock = socket.socket(socket.AF_INET6, socket.SOCK_DGRAM)
else:
LOG.error("1 Invalid first argument " +protocol +" - one of: socks socks5 https ipv4 ipv6")
print_help(__file__)
return 1
try:
if python_socks:
sock = proxy.connect(dest_host=host, dest_port=port)
else:
sock.connect((host, port))
except Exception as e:
LOG.error("2 Could not connect to bootstrap node " \
+repr((host, port)) \
+': ' +str(e))
return 2
try:
sock.settimeout(SOCK_TIMEOUT_SECONDS)
sock.sendall(INFO_REQUEST_PACKET)
except Exception as e:
LOG.error("3 Could not send to bootstrap node " \
+repr((host, port)) \
+' ' +str(e))
return 3
try:
data, _ = sock.recvfrom(MAX_INFO_RESPONSE_PACKET_LENGTH)
except socket.timeout:
LOG.warn("4 The DHT bootstrap node " \
+repr((host, port)) \
+" didnt reply in " + str(SOCK_TIMEOUT_SECONDS) + " sec.")
return 4
if len(data) == 0:
try:
data, _ = sock.recvfrom(MAX_INFO_RESPONSE_PACKET_LENGTH)
except socket.timeout:
LOG.warn("4b The DHT bootstrap node " \
+repr((host, port)) \
+" didnt reply in " + str(SOCK_TIMEOUT_SECONDS) + " sec.")
return 4
if len(data) == 0:
LOG.warn("5 Bad response, no data from " +repr((host, port)) )
return 5
packet_id = data[:PACKET_ID_LENGTH]
if packet_id != INFO_PACKET_ID:
LOG.warn("Bad response, first byte should be {info_packet_id!r}"
+" but got {packet_id!r}({data!r})".format(
info_packet_id=INFO_PACKET_ID,
packet_id=packet_id,
data=data,
))
LOG.warn("6 Are you sure that you are pointing the script at a Tox "
"DHT bootstrap node? " \
+repr((host, port)) \
)
return 6
version = int.from_bytes(data[PACKET_ID_LENGTH:PACKET_ID_LENGTH + VERSION_LENGTH],
byteorder="big")
motd = data[PACKET_ID_LENGTH + VERSION_LENGTH:].decode("utf-8")
LOG.info("Version: " + str(version) +" MOTD: " + motd[:-1])
return 0
if __name__ == "__main__":
if len(sys.argv) != 4:
print_help(sys.argv[0])
sys.exit(1)
try:
i = iNodeInfo(
protocol=sys.argv[1],
host=sys.argv[2],
port=int(sys.argv[3]),
)
except KeyboardInterrupt:
i = 0
sys.exit(i)

58
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_bootstrap_test.bash Executable file
View File

@ -0,0 +1,58 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
. /usr/local/bin/usr_local_tput.bash
[ $# -gt 0 ] && ERROR no arguments needed && exit 1
cd /var/local/bin/
network=new
[ -f /etc/tox-bootstrapd.conf ] && \
port=`grep ^port /etc/tox-bootstrapd.conf | sed -e 's/.*[ ]//'`
[ $? -eq 0 -a -n "$port" ] || port=33446
# EC8F7405F79F281569B6C66D9F03490973AB99BC9175C44FBEF4C3428A63B80D
python3.sh bootstrap_node_info.py ipv4 \
127.0.0.1 $port $network
python3.sh bootstrap_node_info.py tcp4 \
127.0.0.1 3389 $network
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { echo ERROR: not connected ; exit 1 ; }
if [ `id -un` = bin ] ; then
socks5=ipv4
socks=ipv4
else
socks5=socks5
socks=socks
fi
# onion
[ $socks5 = socks5 ] && \
python3.sh bootstrap_node_info.py $socks5 \
pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \
$port $network
[ $socks5 = socks5 ] && \
python3.sh bootstrap_node_info.py $socks5 \
pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \
38445 $network
[ $socks = socks ] && \
python3.sh bootstrap_node_info.py $socks \
pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \
$port $network
[ $socks = socks ] && \
python3.sh bootstrap_node_info.py $socks \
pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \
38445 $network
[ $socks = socks ] && \
python3.sh bootstrap_node_info.py $socks \
pvbgbm6bmn2d5xnmdqivowsi36ywawmixr645lnjuon22lriqj6gufqd.onion \
80
# $network
python3.sh bootstrap_node_info.py $socks \
172.93.52.70 $port $network
python3.sh bootstrap_node_info.py $socks5 \
172.93.52.70 $port $network

32
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_clean_local.bash Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# The idea here is to run ansible_local.bash --tags daily
# and then use this to do the parsing and throwing errors based on the output.
# This way the ansible run can be free from erroring and this can be
# run repeatedly anytime outside of ansible to deal with the issues raised.
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] || \
. /usr/local/etc/testforge/testforge.bash
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
. /usr/local/bin/usr_local_tput.bash
for from in /usr/lib/python$BASE_PYTHON3_MINOR/site-packages ; do
cd $from
ls */|grep -v '\.dist-info' | while read elt ; do
[ -d "$elt" ] || continue
[ "$elt" = __pycache__ ] && continue
base=`echo $elt|sed -e 's/-[0-9].*//'`
[ "$base" = py ] && continue
# DEBUG=1 DBUG $elt $base
ls -d $PREFIX/lib/python$BASE_PYTHON3_MINOR/site-packages/${base}* \
2>/dev/null && \
INFO $elt $PREFIX/lib/python$BASE_PYTHON3_MINOR/site-packages/${base}*
done
done

11
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_libvirt_test_ga.bash
View File

@ -1,11 +0,0 @@
#!/bin/sh
ROLE=toxcore
MODE=host
TOX_PLAY=/o/var/local/src/play_tox
sudo virsh list | grep running | while read a elt b ; do
echo INFO testing $elt
ansible -i $TOX_PLAY/hosts.yml -c libvirt_qemu -m setup $elt
done

11
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_python_doctest2.bash Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
ROLE=toxcore
export PYVER=2
exec /usr/local/bin/toxcore_python_doctest.bash "$@"

7
roles/toxcore/overlay/Linux/usr/local/bin/toxcore_tox_profile.bash Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=toxcore
exec python3.sh -m tox_profile "$@"
# exec python3.sh /usr/local/lib/python3.11/site-packages/bin/tox_profile "$@"

56
roles/toxcore/overlay/Linux/usr/local/bin/usr_local_toxcore.bash
View File

@ -1,56 +0,0 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
ROLE=toxcore
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash
# we install into /usr/local/bin and it takes precedence
# export PATH=$PREFIX/bin:$PATH
. $PREFIX/src/usr_local_src.bash || exit 2
[ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 3
if [ "$#" -eq 0 ] ; then
cd $PREFIX/src || exit 2
WD=$PWD
bash c-toxcore.bash # || exit 3$?
bash tox_profile.bash # || 4$?
# sh mitogen.bash
# sh toxcore_docker.bash || exit 4$?
# which sdwdate >/dev/null 2>/dev/null || \
# [ -f $PREFIX/bin/sdwdate.bash ] || \
# sh sdwdate.bash
sh gridfire.bash # || exit 6$?
sh pyassuan.bash #|| exit 7$?
sh tinfoilhat.shmoo.com.bash
# sh negotiator.bash
[ -d testssl.sh ] || \
sh testssl.bash || exit 9$?
exit 0
elif [ "$1" = 'check' ] ; then
exit 0
msys_run_checks_pip3
msys_var_local_src_prog_key check || exit 10$?
exit $?
elif [ "$1" = 'lint' ] ; then
# ols_run_tests_shellcheck $ROLE || exit 2$?
msys_var_local_src_prog_key $1 || exit 21$?
# ols_run_tests_pylint || exit 22$?
exit 0
elif [ "$1" = 'test' ] ; then
exit 0
msys_var_local_src_prog_key $1 || exit 30$?
msys_check_pips_inst
msys_gentoo_test_imports || exit 32$?
#hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$?
fi

131
roles/toxcore/overlay/Linux/usr/local/src/keyrings.bash
View File

@ -1,131 +0,0 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/src/usr_local_src.bash || exit 2
# [ `id -u` -eq 0 ] && ERROR $prog should not be run as root && exit 2
export LOG_DIR=$PREFIX/var/log/$ROLE
DESC=""
cd /usr/local/src || exit 4
if [ "$#" -eq 0 ] ; then
# /usr/lib/python3.9/site-packages/owtf/scripts/ssl/verify_ssl_cipher_check.sh
[ -f /usr/local/bin/ssl-cipher-check.pl ] || \
wget -cP /usr/local/bin/ http://unspecific.com/ssl/ssl-cipher-check.pl
if [ $USER = root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
command -v keepassxc.bash
EXE=`command -v keepassxc.bash`
[ -z "$EXE" ] && EXE=`command -v keepassxc`
if [ -z "$EXE" ] ; then
export PYTHON_KEYRING_BACKEND=keyring.backends.SecretService.Keyring
ELTS=`ps ax|grep gnome-keyring-daemon|grep -v grep|sed -e 's/^ *//' -e 's/ .*//'`
[ -n "$ELTS" ] && kill $ELTS
if [ -d /etc/pam.d ] ; then
cd /etc/pam.d
grep -l '^[^#].*pam_gnome_keyring.so' * | while read file ; do
[ -f .$file.dst ] || cp -p $file .$file.dst
sed -e 's/.*pam_gnome_keyring.so.*/#&/' -i $file
done
fi
file=/usr/local/share/dbus-1/services/org.freedesktop.secrets.service
if [ ! -f $file ] || ! grep -q $EXE $file ; then
cat > $file <<EOF
[D-BUS Service]
Name=org.freedesktop.secrets
Exec=$EXE
EOF
fi
fi
fi
if [ $USER != root ] ; then
# https://unix.stackexchange.com/questions/271661/disable-gnome-keyring-daemon
[ -d ~/.config/autostart ] || mkdir ~/.config/autostart
cd /etc/xdg/autostart/
for file in * ; do
[ -f ~/.config/autostart/$file ] || {
cat > ~/.config/autostart/$file <<EOF
[Desktop Entry]
Hidden=true
EOF
INFO created ~/.config/autostart/$file - cp /dev/null to reenable
}
done
# https://pypi.org/project/keyring/
A=`python3.bash -c "import keyring.util.platform_; print(keyring.util.platform_.config_root())"` || exit 1$?
[ -f "$A" ] || touch "$A"
# $HOME/.config/python_keyring
[ -s "$A" ] || cat > "$A" <<EOF
[backend]
default-keyring=keyring.backends.SecretService.Keyring
EOF
A=`python3 -c "import keyring.util.platform_; print(keyring.util.platform_.data_root())"`
[ -d "$A" ] || mkdir "$A"
if `which keepassxc` && ps ax | grep -v grep | grep -q keepassxc ; then
python3 -m keyring --list-backends | \
grep -q keyring.backends.SecretService.Keyring || \
WARN NO keyring.backends.SecretService.Keyring
# string "org.freedesktop.secrets"
dbus-send --session --dest=org.freedesktop.DBus \
--type=method_call --print-reply \
/org/freedesktop/DBus org.freedesktop.DBus.ListNames | \
grep -q 'org.freedesktop.secrets' || \
WARN NO org.freedesktop.DBus.ListNames
else
python3 -m keyring --list-backends || \
WARN NO keyring.backends
fi
if `which gajim` || [ -f $PREFIX/bin/gajim ] ; then
[ -f $HOME/.config/gajim/config ] || cat > $HOME/.config/gajim/config <<EOF
proxies.Tor.bosh_wait_for_restart_response = False
proxies.Tor.useauth = False
proxies.Tor.bosh_useproxy = True
proxies.Tor.bosh_http_pipelining = False
proxies.Tor.bosh_content = text/xml; charset=utf-8
proxies.Tor.bosh_uri =
proxies.Tor.bosh_wait = 30
proxies.Tor.host = 127.0.0.1
proxies.Tor.user =
proxies.Tor.pass =
proxies.Tor.bosh_hold = 2
proxies.Tor.type = socks5
proxies.Tor.port = 9050
EOF
fi
fi
exit 0
elif [ "$1" = check ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash || exit 10
msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash
msys_var_local_src_prog_key $1 || exit 20$?
ols_run_tests_shellcheck $ROLE || exit 21$?
ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then
msys_var_local_src_prog_key $1 || exit 51$?
fi

222
roles/toxcore/overlay/Linux/usr/local/src/testforge_run_doctest.py
View File

@ -1,222 +0,0 @@
#!/usr/bin/env python
# -*-mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
"""
Runs doctests locallly
doctest files are in the tests/ directory.
Note that when writing new test files, it will be convenient to use the command-line flags to avoid time-consuming reprovisioning or to target particular boxes or tests.
"""
from __future__ import print_function
from sys import stderr
import argparse
import doctest
import glob
import re
import subprocess
import sys
import os
OPTIONS = doctest.ELLIPSIS | doctest.NORMALIZE_WHITESPACE
# Convenience items for testing.
# We'll pass these as globals to the doctests.
if os.path.exists('/dev/null'):
DEV_NULL = open('/dev/null', 'w')
EXE='vagrant'
else:
DEV_NULL = open('NUL:', 'w')
EXE='sh /i/bin/vagrant.msys'
# find all our available boxes
#with open('Vagrantfile', 'r') as f:
# avail_boxes = re.findall(r'^\s+config.vm.define "(.+?)"', f.read(), re.MULTILINE)
# unused because it could be a Ruby variable
parser = argparse.ArgumentParser(description='Run playbook tests.')
parser.add_argument(
'-f', '--force',
action='store_true',
help="Force tests to proceed if box already exists. Do not destroy box at end of tests."
)
parser.add_argument(
'-n', '--no-provision',
action='store_true',
help="Skip provisioning."
)
parser.add_argument(
'-F', '--fail-fast',
action='store_true',
help="REPORT_ONLY_FIRST_FAILURE."
)
parser.add_argument(
'-o', '--options',
help=""
)
parser.add_argument(
'--haltonfail',
action='store_true',
help="Stop multibox tests after a fail; leave box running."
)
parser.add_argument(
'--file',
help="Specify a single doctest file (default tests/*.txt).",
)
parser.add_argument(
'--box',
help="Specify a particular target box",
action="append",
)
args = parser.parse_args()
if args.box:
lBoxes = args.box
else:
# find all our available running boxes
# sed -e 's/ .*//'
try:
s = os.system("vagrant global-status 2>&1| grep running | cut -f 1 -d ' ' ")
except StandardError as e:
print("ERROR: Unable to find any running boxes. Rerun with the --box argument.", file=sys.stderr)
raise
assert s, "ERROR: Unable to find a running box. Rerun with the --box argument."
lBoxes = s.split(' ')
# mplatform = None
# def get_mplatform():
# global mplatform
# # Linux-4.14.80-gentoo-x86_64-Intel-R-_Pentium-R-_CPU_N3700_@_1.60GHz-with-gentoo-2.2.1
# if mplatform is None:
# mplatform = subprocess.check_output(
# """vagrant ssh %s -c 'python -mplatform'""" % box,
# shell=True,
# stderr=DEV_NULL
# )
# return mplatform
print (repr(args))
def ssh_run(cmd):
"""
Run a command line in a vagrant box via vagrant ssh.
Return the output.
"""
return subprocess.check_output(
"""%s ssh %s -c '%s'""" % (EXE, box, cmd),
shell=True,
stderr=DEV_NULL
).replace('^@', '')
def run(cmd):
"""
Run a command in the host.
Stop the tests with a useful message if it fails.
"""
if sys.platform.startswith('win'):
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
)
else:
p = subprocess.Popen(
cmd,
shell=True,
stdout=subprocess.PIPE,
stderr=subprocess.PIPE,
close_fds=True
)
stdout, stderr = p.communicate()
if p.returncode != 0:
print(stdout, file=sys.stderr)
# Stop the doctest
raise KeyboardInterrupt(stderr)
return stdout
def cut(y, column_nums, sort=False):
"""
returns a list of lines reduced to the chosen column_nums
"""
assert y and len(y) > 0, "Empty string passed to cut"
#
if hasattr(y,'encode'):
s = y.encode('utf-8')
else:
s = y
lines = s.splitlines()
line_lists = [l.split() for l in lines if l]
rez = ["\t".join([col[col_num]
for col_num in column_nums if col_num < len(col)])
for col in line_lists]
if sort:
return sorted(rez)
else:
return rez
def joined_cut(s, column_nums, sort=False):
return "\n".join(cut(s, column_nums, sort))
for box in lBoxes:
globs = {
'ssh_run': ssh_run,
'run': run,
'cut': cut,
'joined_cut': joined_cut,
'skip_provisioning': args.no_provision,
'no_provisioning': args.no_provision,
'forcing': args.force,
'box': box,
}
if args.fail_fast:
OPTIONS = doctest.REPORT_ONLY_FIRST_FAILURE | OPTIONS
if box and not args.force:
output = subprocess.check_output("%s status %s" % (EXE, box,), shell=True)
if re.search(r"%s\s+not created" % box, output) is None:
print( "Vagrant box already exists. Destroy it or use '-f' to skip this test.", file=sys.stderr)
print ("Use '-f' in combination with '-n' to skip provisioning.", file=sys.stderr)
exit(1)
if args.file is None:
files = glob.glob('tests/*.txt')
else:
files = [args.file]
for fn in files:
print ( "%s / %s" % (box, fn) , file=sys.stderr)
print( '*' * 50 )
print (box)
print( '*' * 50 )
print (fn)
print( '*' * 50 )
try:
failure_count, test_count = doctest.testfile(fn,
module_relative=False,
optionflags=OPTIONS,
globs=globs)
except Exception as e:
sys.stderr.write('\n'.join(sys.path) +'\n')
raise
if args.haltonfail and failure_count > 0:
print ("Test failures occurred. Stopping tests and leaving vagrant box %s running." % box , file=sys.stderr)
exit(1)
# Clean up our vagrant box.
if box and not args.force:
print ( "Destroying %s" % box , file=sys.stderr)
run("%s destroy %s -f" % (EXE, box,))
elif box:
print ( "Vagrant box %s left running." % box, file=sys.stderr)

68
roles/toxcore/overlay/Linux/usr/local/src/testssl.bash
View File

@ -1,68 +0,0 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -n "$TESTF_VAR_LOCAL" ] && PREFIX=$TESTF_VAR_LOCAL
# https://security.stackexchange.com/questions/46197/force-a-specific-ssl-cipher
# https://code.google.com/p/chromium/issues/detail?id=58831
DIR=testssl.sh
GITHUB_USER=drwetter
GITHUB_DIR=$DIR
. $PREFIX/src/var_local_src.bash
BINS=testssl
cd $PREFIX/src || exit 2
WD=$PWD
if [ "$#" -eq 0 ] ; then
[ -d $DIR ] || git clone --depth=1 https://github.com/$GITHUB_USER/$DIR
for elt in $BINS ; do
file=$PREFIX/bin/$elt.bash
if [ ! -f $file ] ; then
cat > $file << EOF
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
cd $PREFIX/src/$DIR
exec bash testssl.sh "\$@"
EOF
chmod +x $PREFIX/bin/testssl.bash
fi
done
exit 0
elif [ $1 = 'check' ] ; then # 1*
ols_test_bins && exit 0 || exit 1$?
elif [ $1 = 'lint' ] ; then # 2*
/var/local/bin/pydev_shellcheck.bash testssl.sh/testssl.sh || exit 2$?
elif [ "$1" = 'test' ] ; then # 3*
for bin in $BINS ; do
$PREFIX/bin/$bin.bash --help >/dev/null || exit 3$?
done
elif [ "$1" = 'update' ] ; then # 7*
ols_are_we_connected || exit 0
cd $PREFIX/src/$DIR || exit 70
git pull || exit 7$?
#error: RPC failed; curl 92 HTTP/2 stream 5 was not closed cleanly before end of the underlying stream
#error: 1970 bytes of body are still expected
#fetch-pack: unexpected disconnect while reading sideband packet
#fatal: early EOF
#fatal: fetch-pack: invalid index-pack output
fi
# wget -P https://testssl.sh/testssl.sh
exit 0