From c72c97d4f871e60452e456421e0f7b24dcce780b Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 14 Apr 2017 15:43:21 +0000 Subject: [PATCH 01/15] Prepare release: lepidopter 1.0.0-rc.0 * Add bootloader configuration file * Adjust to the minimum GPG memory possible (16M) #49 * Add support for hardware RNG #96 * Verbose heartbeat like LED activity * Change MOTD color prompt * Password-less operation to the sudo group * Ship ooniprobe version 2.2.0 * Do not store folders in the zip image archive #93 --- customize | 5 ---- lepidopter-fh/boot/config.txt | 8 ++++++ lepidopter-fh/configure.sh | 3 +++ lepidopter-fh/etc/motd.head | 4 +-- lepidopter-fh/etc/sudoers | 27 +++++++++++++++++++ lepidopter-fh/etc/watchdog.conf | 45 +++++++++++++++++++++++++++++++ lepidopter-fh/setup-ooniprobe.sh | 2 +- lepidopter-vmdebootstrap_build.sh | 3 ++- scripts/setup.sh | 2 +- 9 files changed, 89 insertions(+), 10 deletions(-) create mode 100644 lepidopter-fh/boot/config.txt create mode 100644 lepidopter-fh/etc/sudoers create mode 100644 lepidopter-fh/etc/watchdog.conf diff --git a/customize b/customize index 4d637d1..9424b3e 100755 --- a/customize +++ b/customize @@ -23,11 +23,6 @@ wget --directory-prefix=${ROOTDIR}/lib/firmware/brcm/ \ https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.bin \ https://github.com/RPi-Distro/firmware-nonfree/raw/master/brcm80211/brcm/brcmfmac43430-sdio.txt -# Add module for hardware RNG -cat <> ${ROOTDIR}/etc/modules -bcm2708_rng -EOF - # Add an apt repository with apt preferences set_apt_sources() { SUITE="$1" diff --git a/lepidopter-fh/boot/config.txt b/lepidopter-fh/boot/config.txt new file mode 100644 index 0000000..68525f8 --- /dev/null +++ b/lepidopter-fh/boot/config.txt @@ -0,0 +1,8 @@ +# Minimal GPU memory for headless mode +gpu_mem=16 +# Enable the hardware watchdog +dtparam=watchdog=on +# Turn power LED into heartbeat +dtparam=pwr_led_trigger=heartbeat +# Enable the hardware random number generator (RNG) +dtparam=random=on diff --git a/lepidopter-fh/configure.sh b/lepidopter-fh/configure.sh index eb8ec53..b63eb5a 100755 --- a/lepidopter-fh/configure.sh +++ b/lepidopter-fh/configure.sh @@ -7,4 +7,7 @@ cp /usr/share/zoneinfo/UTC /etc/localtime # Enable lepidopter-update systemd service systemctl enable lepidopter-update +# Install newest e2fsprogs due to incompatibly with ext4 file system checks +apt-get -y install -t jessie-backports e2fsprogs + history -c diff --git a/lepidopter-fh/etc/motd.head b/lepidopter-fh/etc/motd.head index 622c445..2005036 100644 --- a/lepidopter-fh/etc/motd.head +++ b/lepidopter-fh/etc/motd.head @@ -1,4 +1,4 @@ -@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Oo@:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@Oo@:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@8:::o8@@@@@Oc@@@@@@Oc:::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@:::o::::o@8O@o@8::::cc::c@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@ -10,7 +10,7 @@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@8::::c:::C@:::c::::c@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@C::::::c@@@@8:::::::@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@OCO@@@@@@@@@@@@8CC8@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ -@@Co@@@@@@@@@@@@@@@@@@@@@@@@@:O@@@@@@O:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ +@@Co@@@@@@@@@@@@@@@@@@@@@@@@@:O@@@@@@O:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@oc@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@O.@@@@@@@@@@@@@@@@@@@@oc@@@@@@@@@@@@@@@@@@@ @@oc@@@@@@@O:coo:C@@:ccoo:o@@.O@O:coo::@@O.ooo:O@@:::oc:c@o::c8@c:co::O@c::::8@@ @@oc@@@@@@8.@@@@@co@:C@@@@:C@:OO.@@@@O.@C:@@@@@cC@cc@@@@:c@oc@@::@@@@8:8C:O@@@@@ diff --git a/lepidopter-fh/etc/sudoers b/lepidopter-fh/etc/sudoers new file mode 100644 index 0000000..07f33a5 --- /dev/null +++ b/lepidopter-fh/etc/sudoers @@ -0,0 +1,27 @@ +# +# This file MUST be edited with the 'visudo' command as root. +# +# Please consider adding local content in /etc/sudoers.d/ instead of +# directly modifying this file. +# +# See the man page for details on how to write a sudoers file. +# +Defaults env_reset +Defaults mail_badpass +Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + +# Host alias specification + +# User alias specification + +# Cmnd alias specification + +# User privilege specification +root ALL=(ALL:ALL) ALL + +# Allow members of group sudo to execute any command +%sudo ALL=(ALL:ALL) NOPASSWD: ALL + +# See sudoers(5) for more information on "#include" directives: + +#includedir /etc/sudoers.d diff --git a/lepidopter-fh/etc/watchdog.conf b/lepidopter-fh/etc/watchdog.conf new file mode 100644 index 0000000..e4592d0 --- /dev/null +++ b/lepidopter-fh/etc/watchdog.conf @@ -0,0 +1,45 @@ +#ping = 172.31.14.1 +#ping = 172.26.1.255 +#interface = eth0 +#file = /var/log/messages +#change = 1407 + +# Uncomment to enable test. Setting one of these values to '0' disables it. +# These values will hopefully never reboot your machine during normal use +# (if your machine is really hung, the loadavg will go much higher than 25) +#max-load-1 = 24 +#max-load-5 = 18 +#max-load-15 = 12 + +# Note that this is the number of pages! +# To get the real size, check how large the pagesize is on your machine. +#min-memory = 1 +#allocatable-memory = 1 + +#repair-binary = /usr/sbin/repair +#repair-timeout = +#test-binary = +#test-timeout = + +watchdog-device = /dev/watchdog +# Avoid cannot set timeout warning +watchdog-timeout = 10 + +# Defaults compiled into the binary +#temperature-device = +#max-temperature = 120 + +# Defaults compiled into the binary +#admin = root +interval = 2 +#logtick = 1 +#log-dir = /var/log/watchdog + +# This greatly decreases the chance that watchdog won't be scheduled before +# your machine is really loaded +realtime = yes +priority = 1 + +# Check if rsyslogd is still running by enabling the following line +#pidfile = /var/run/rsyslogd.pid + diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 256a505..4c1d442 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -19,7 +19,7 @@ apt-get -y install -t stretch obfs4proxy # Remove previous system versions of pyasn1 and python-cryptography apt-get -y remove python-pyasn1 python-cryptography # Install obfsproxy, fteproxy and ooniprobe -pip install 'Twisted==16.4.1' obfsproxy fteproxy ooniprobe==2.0.0 +pip install obfsproxy fteproxy ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe diff --git a/lepidopter-vmdebootstrap_build.sh b/lepidopter-vmdebootstrap_build.sh index 342f044..4802539 100755 --- a/lepidopter-vmdebootstrap_build.sh +++ b/lepidopter-vmdebootstrap_build.sh @@ -37,7 +37,7 @@ vmdebootstrap \ --package wget \ --package kmod \ --package curl \ - --package haveged \ + --package rng-tools \ --package lsb-release \ --package tcpdump \ --package localepurge \ @@ -47,6 +47,7 @@ vmdebootstrap \ --package wpasupplicant \ --package wireless-regdb \ --package crda \ + --package watchdog \ --configure-apt \ --customize `pwd`/customize \ "$@" diff --git a/scripts/setup.sh b/scripts/setup.sh index 0c47f98..8f19df4 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -62,7 +62,7 @@ pxz --keep --verbose -D 12 images/${image_file} zip_archive() { apt-get install -y zip -zip --verbose -9 images/${image_file}.zip images/${image_file} +zip --junk-paths --verbose -9 images/${image_file}.zip images/${image_file} } # Add backports APT repository if needed From b3aaf5a6acae5325ebc59fc38e820e4c8aad8d48 Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 14 Apr 2017 16:56:52 +0000 Subject: [PATCH 02/15] Fix use an available keyserver --- lepidopter-fh/setup-ooniprobe.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 4c1d442..6647f99 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -4,9 +4,10 @@ set -ex TOR_DEB_REPO="http://deb.torproject.org/torproject.org" TOR_DEB_REPO_SRC_LIST="/etc/apt/sources.list.d/tor.list" TOR_REPO_GPG="A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89" +GPG_KEYSERVER="hkp://keyserver.ubuntu.com" # Add Torproject Debian repository -apt-key adv --keyserver hkp://pool.sks-keyservers.net --recv-keys ${TOR_REPO_GPG} +apt-key adv --keyserver ${GPG_KEYSERVER} --recv-keys ${TOR_REPO_GPG} echo "deb ${TOR_DEB_REPO} ${DEB_RELEASE} main" > ${TOR_DEB_REPO_SRC_LIST} apt-get update From c88b034e302ce0c0e9a0df86ea21bec3e28451d4 Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 14 Apr 2017 23:43:33 +0000 Subject: [PATCH 03/15] Fix setup script, noninteractive, remove old config --- scripts/setup.sh | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/scripts/setup.sh b/scripts/setup.sh index 8f19df4..1f1d1ec 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -1,7 +1,8 @@ #!/bin/bash set -e -source lepidopter-fh/etc/default/lepidopter +DEBIAN_FRONTEND=noninteractive + source conf/lepidopter-image.conf image_file="lepidopter-${LEPIDOPTER_BUILD}-${ARCH}.img" @@ -74,20 +75,17 @@ fi apt-get update -q apt-get install -t ${DEB_RELEASE}-backports -y vmdebootstrap qemu-utils -# Copy know working vmdebootstrap version 0.10 from git +# Copy known working vmdebootstrap version 0.10 from git cd $HOME git clone git://git.liw.fi/vmdebootstrap cd vmdebootstrap git checkout tags/vmdebootstrap-0.10 cp vmdebootstrap /usr/sbin/vmdebootstrap -cd $HOME -git clone https://github.com/TheTorProject/lepidopter.git - # Add loop kernel module required to mount loop devices modprobe loop -cd lepidopter/ +cd $HOME/lepidopter/ ./lepidopter-vmdebootstrap_build.sh if [ "${#compression_method[@]}" -ne 0 ] ; then From a510ae24b15baadca355dc2081f12307c01f7897 Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 21 Apr 2017 00:37:19 +0000 Subject: [PATCH 04/15] Install fteproxy via apt, obfs4proxy supersedes obfsproxy --- lepidopter-fh/setup-ooniprobe.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 6647f99..81d0985 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -14,13 +14,13 @@ apt-get update # Install ooniprobe and pluggable transports dependencies apt-get -y install openssl libssl-dev libyaml-dev libffi-dev libpcap-dev tor \ libgeoip-dev libdumbnet-dev python-dev python-pip libgmp-dev -# Install obfs4proxy that includes a lite version of meek -apt-get -y install -t stretch obfs4proxy +# Install fteproxy and obfs4proxy (includes a lite version of meek) +apt-get -y install -t stretch obfs4proxy fteproxy # Remove previous system versions of pyasn1 and python-cryptography apt-get -y remove python-pyasn1 python-cryptography -# Install obfsproxy, fteproxy and ooniprobe -pip install obfsproxy fteproxy ooniprobe==2.2.0 +# Install and ooniprobe +pip install ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe From 8434b67d3729b702e9a2ae3c1d91b943e86facd7 Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 21 Apr 2017 03:46:46 +0000 Subject: [PATCH 05/15] Remove old python-openssl, install fteproxy and python-pip * Ensure that are no system python-openssl packages installed. * Install fterproxy PyPI package to avoid installing old python-openssl package * Install python-pip from stretch release due to a bug introduced in v34.0.0 (http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0) --- lepidopter-fh/setup-ooniprobe.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 81d0985..045ec0a 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -13,14 +13,14 @@ apt-get update # Install ooniprobe and pluggable transports dependencies apt-get -y install openssl libssl-dev libyaml-dev libffi-dev libpcap-dev tor \ - libgeoip-dev libdumbnet-dev python-dev python-pip libgmp-dev -# Install fteproxy and obfs4proxy (includes a lite version of meek) -apt-get -y install -t stretch obfs4proxy fteproxy + libgeoip-dev libdumbnet-dev python-dev libgmp-dev +# Install obfs4proxy (includes a lite version of meek) +apt-get -y install -t stretch obfs4proxy python-pip -# Remove previous system versions of pyasn1 and python-cryptography -apt-get -y remove python-pyasn1 python-cryptography +# Remove old system versions of python packages pyasn1, cryptography and openssl +apt-get -y remove python-pyasn1 python-cryptography python-openssl # Install and ooniprobe -pip install ooniprobe==2.2.0 +pip install fteproxy ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe From db3dc456dd293f2152a8e0121027ee05bea3c63d Mon Sep 17 00:00:00 2001 From: anadahz Date: Mon, 24 Apr 2017 19:02:17 +0000 Subject: [PATCH 06/15] Update versions, updates, keys and fix release and setup scripts As spotted by @hellais --- conf/lepidopter-image.conf | 4 + lepidopter-fh/etc/lepidopter-update/version | 2 +- lepidopter-fh/etc/lepidopter_version | 2 +- .../opt/ooni/lepidopter-update/public.asc | 74 +++++----- .../opt/ooni/lepidopter-update/updater.py | 78 +++++----- .../lepidopter-update/versions/update-1.py | 77 +++++++++- .../versions/update-1.py.asc | 28 ++-- .../lepidopter-update/versions/update-2.py | 83 ++++++++++- .../versions/update-2.py.asc | 28 ++-- .../lepidopter-update/versions/update-3.py | 82 ++++++++++- .../versions/update-3.py.asc | 28 ++-- .../lepidopter-update/versions/update-4.py | 120 ++++++++++++++++ .../versions/update-4.py.asc | 17 +++ .../lepidopter-update/versions/update-5.py | 136 ++++++++++++++++++ .../versions/update-5.py.asc | 17 +++ .../lepidopter-update/versions/update-6.py | 104 ++++++++++++++ .../versions/update-6.py.asc | 17 +++ .../lepidopter-update/versions/update-7.py | 104 ++++++++++++++ .../versions/update-7.py.asc | 17 +++ scripts/release | 6 +- scripts/setup.sh | 3 + 21 files changed, 900 insertions(+), 127 deletions(-) create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py.asc create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py.asc create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py.asc create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py create mode 100644 lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py.asc diff --git a/conf/lepidopter-image.conf b/conf/lepidopter-image.conf index 0cf51ea..7bf8ff3 100644 --- a/conf/lepidopter-image.conf +++ b/conf/lepidopter-image.conf @@ -7,3 +7,7 @@ APT_MIRROR="http://httpredir.debian.org/debian" # Uncomment next line to use apt-cacher-ng #MIRROR="http://localhost:3142/debian" MIRROR="http://httpredir.debian.org/debian" +VERSION_FILE="lepidopter-fh/etc/lepidopter_version" +LEPIDOPTER_UPDATE_PATH="lepidopter-fh/opt/ooni/lepidopter-update/" +UPDATE_VERSION_FILE="lepidopter-fh/etc/lepidopter-update/version" +LEPIDOPTER_UPDATE_GIT="https://github.com/OpenObservatory/lepidopter-update" diff --git a/lepidopter-fh/etc/lepidopter-update/version b/lepidopter-fh/etc/lepidopter-update/version index e440e5c..301160a 100644 --- a/lepidopter-fh/etc/lepidopter-update/version +++ b/lepidopter-fh/etc/lepidopter-update/version @@ -1 +1 @@ -3 \ No newline at end of file +8 \ No newline at end of file diff --git a/lepidopter-fh/etc/lepidopter_version b/lepidopter-fh/etc/lepidopter_version index 78471a9..8fd3f57 100644 --- a/lepidopter-fh/etc/lepidopter_version +++ b/lepidopter-fh/etc/lepidopter_version @@ -1 +1 @@ -0.3.5-beta +v1.0.0-rc.0 diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/public.asc b/lepidopter-fh/opt/ooni/lepidopter-update/public.asc index 893e9d2..588ae7b 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/public.asc +++ b/lepidopter-fh/opt/ooni/lepidopter-update/public.asc @@ -1,5 +1,5 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: GPGTools - https://gpgtools.org +Comment: PGP mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o 9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 @@ -13,40 +13,40 @@ e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 -b3J5Lm9yZz6JAj0EEwEKACcFAlfEAKACGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AACgkQw+zcBCBPnSm6ug//eVOV7RiG8q5ry64TvgeTNfPlVF0R3y3d -2dUNaWy+4H0ay9UjW/ayxZNnSSreVZY+50pOiqsKWdV5bEgtOZXkDfth8NuCNddo -CYmVkV/x2Mvmpf3eTBXlXtmFn9j2an3GKSSHFscdfdZsPATUUv+YFyX8LK5K6vq+ -BdNEGpqqHxPEM0wyQm2/f2s0dmjkmPFNZpCGWnuBRpQQD5O2YwFKK316VNdBXvVA -i9+MA81vLtn40FsOKZ/kDLt65khEdgYTYj8lRXIEWGuWp1iPUuMmEL8dxtlY8K1R -qU2JbgHHOA7RHnAUqgg0Hjmyg4ZsQ/ZyWi2/3IoLn/7QGeV0HBdiGMFuShSfkFWx -bNNMuei9FVK4nwXRLcVfAMXv1GtqQU9jTeCYXzxgr81rkEivkdqlZ3Iins+KgWEQ -SbEEYAXOWp/oheTBOBQvLSZi+2vjMiUeIQHQUDNfhlp3/Mk6RTVLMml6thIY/NyL -f/vABO5V9oKAdIaFMu/70tYn8PxTqPE0uJ7FwcTa7awp10dkpXXk0tm5ywYsms8l -CA/vizq7VMiZC9G4JvZqa3vXNBT1yFe+4Ri+fLtdZw9IDgECi5ZdQlp7dx2Rei2i -S2XkUwWR4Qv3/WzvPDChr25BMlu0Pkb8MbynrxcMs5ODFxOuOiP2kL4YW2Qppo66 -U3Z92swhAIq5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08E -XS7eTElwDSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wf -ot85AXqCqrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpK -sZ094LwkO8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9l -eaT2pe9Ta48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/c -qWYG7znx2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBS -VrcMyNlaft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG -4qh/n2k508PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ -ihhY7IpGwUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNr -HJwUSeLMhRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/ -XgeKSxoiAmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oB -d5YhABEBAAGJAiUEGAEKAA8FAlfEAKACGwwFCQHhM4AACgkQw+zcBCBPnSn25BAA -xU7NKi6BokqnloYncvL74fuUpam3LJBwsOkFehuO2D+X9A2blIpbpXtUoWXwRc9V -Jf7nL/yhMKcOB9m1MHVPtxtN5JzV9p8k2BT04/X6fa09umsJ3hwg/zhXrkGFrMVE -hfAk6q8a0Y5oJKUOoJhzxqD9ItibxHPkqb+R/GSMfrDIRE0ecfIltDLIRQMlBF1b -z5WN5Dwv8cikeQrsK6DNvbUUuHAbG8RZYG9QxFdkbehp46bCA8CfINENBzIskckx -xwlTtVxcDD0Irql7EuIM1bpWdFxBZPlmcDyLrZgCYgSqPOe2mOK9V37jM3fsTqR9 -C9fmr3DDmAm8XrUBL9ORwMTFa6LIUpUoSSzG258h9qPiBySj7b51QbrJ9WXiISsQ -5X/V8u6Qbp9PJnEUXXfIE9YVspF3+Zrfn0XqqjEND+bWi52cgDvwROSFf4KQnAto -FdlxHtxlcZgJEFeHLyb370XI4rcNs7zMoD3B06Eyay5oY98w9JFYwrm6bVvNzis7 -CrK2K46QzSUZm1BHTOi0AlnqpYtLaJnMSQCxTmjyRBaJM5DGXs/86y/OYdBcpiYG -aV0q9EcvDLQnSpa0vlsVM0AfMY+To1RTCMv+TGKMZHHWeV2yUABWK52raBpQHtjs -7SonBqg04+2E4w1WmZEx1u9QyDXmlaLxnR+YIqilM7g= -=RbWA +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 -----END PGP PUBLIC KEY BLOCK----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/updater.py b/lepidopter-fh/opt/ooni/lepidopter-update/updater.py index 3766a5f..5809546 100755 --- a/lepidopter-fh/opt/ooni/lepidopter-update/updater.py +++ b/lepidopter-fh/opt/ooni/lepidopter-update/updater.py @@ -1,6 +1,4 @@ #!/usr/bin/env python2 -# Version: 16b10e7e4afb32fd7430cd7a8d01cd371f29e399 -# Source code: https://github.com/OpenObservatory/lepidopter-update """ This is the auto-updater script for lepidopter. @@ -35,7 +33,7 @@ from subprocess import check_output, check_call, CalledProcessError # The version number of the updater -__version__ = "1.0.0" +__version__ = "1.0.1" LOG_FORMAT = "%(asctime)s - %(levelname)s - %(message)s" # UPDATE_BASE_URL/latest/version must return an integer containing the latest version number @@ -65,7 +63,7 @@ PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" PUBLIC_KEY = """\ -----BEGIN PGP PUBLIC KEY BLOCK----- -Comment: GPGTools - https://gpgtools.org +Comment: PGP mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o 9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 @@ -79,42 +77,42 @@ ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 -b3J5Lm9yZz6JAj0EEwEKACcFAlfEAKACGwMFCQHhM4AFCwkIBwMFFQoJCAsFFgID -AQACHgECF4AACgkQw+zcBCBPnSm6ug//eVOV7RiG8q5ry64TvgeTNfPlVF0R3y3d -2dUNaWy+4H0ay9UjW/ayxZNnSSreVZY+50pOiqsKWdV5bEgtOZXkDfth8NuCNddo -CYmVkV/x2Mvmpf3eTBXlXtmFn9j2an3GKSSHFscdfdZsPATUUv+YFyX8LK5K6vq+ -BdNEGpqqHxPEM0wyQm2/f2s0dmjkmPFNZpCGWnuBRpQQD5O2YwFKK316VNdBXvVA -i9+MA81vLtn40FsOKZ/kDLt65khEdgYTYj8lRXIEWGuWp1iPUuMmEL8dxtlY8K1R -qU2JbgHHOA7RHnAUqgg0Hjmyg4ZsQ/ZyWi2/3IoLn/7QGeV0HBdiGMFuShSfkFWx -bNNMuei9FVK4nwXRLcVfAMXv1GtqQU9jTeCYXzxgr81rkEivkdqlZ3Iins+KgWEQ -SbEEYAXOWp/oheTBOBQvLSZi+2vjMiUeIQHQUDNfhlp3/Mk6RTVLMml6thIY/NyL -f/vABO5V9oKAdIaFMu/70tYn8PxTqPE0uJ7FwcTa7awp10dkpXXk0tm5ywYsms8l -CA/vizq7VMiZC9G4JvZqa3vXNBT1yFe+4Ri+fLtdZw9IDgECi5ZdQlp7dx2Rei2i -S2XkUwWR4Qv3/WzvPDChr25BMlu0Pkb8MbynrxcMs5ODFxOuOiP2kL4YW2Qppo66 -U3Z92swhAIq5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08E -XS7eTElwDSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wf -ot85AXqCqrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpK -sZ094LwkO8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9l -eaT2pe9Ta48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/c -qWYG7znx2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBS -VrcMyNlaft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG -4qh/n2k508PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ -ihhY7IpGwUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNr -HJwUSeLMhRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/ -XgeKSxoiAmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oB -d5YhABEBAAGJAiUEGAEKAA8FAlfEAKACGwwFCQHhM4AACgkQw+zcBCBPnSn25BAA -xU7NKi6BokqnloYncvL74fuUpam3LJBwsOkFehuO2D+X9A2blIpbpXtUoWXwRc9V -Jf7nL/yhMKcOB9m1MHVPtxtN5JzV9p8k2BT04/X6fa09umsJ3hwg/zhXrkGFrMVE -hfAk6q8a0Y5oJKUOoJhzxqD9ItibxHPkqb+R/GSMfrDIRE0ecfIltDLIRQMlBF1b -z5WN5Dwv8cikeQrsK6DNvbUUuHAbG8RZYG9QxFdkbehp46bCA8CfINENBzIskckx -xwlTtVxcDD0Irql7EuIM1bpWdFxBZPlmcDyLrZgCYgSqPOe2mOK9V37jM3fsTqR9 -C9fmr3DDmAm8XrUBL9ORwMTFa6LIUpUoSSzG258h9qPiBySj7b51QbrJ9WXiISsQ -5X/V8u6Qbp9PJnEUXXfIE9YVspF3+Zrfn0XqqjEND+bWi52cgDvwROSFf4KQnAto -FdlxHtxlcZgJEFeHLyb370XI4rcNs7zMoD3B06Eyay5oY98w9JFYwrm6bVvNzis7 -CrK2K46QzSUZm1BHTOi0AlnqpYtLaJnMSQCxTmjyRBaJM5DGXs/86y/OYdBcpiYG -aV0q9EcvDLQnSpa0vlsVM0AfMY+To1RTCMv+TGKMZHHWeV2yUABWK52raBpQHtjs -7SonBqg04+2E4w1WmZEx1u9QyDXmlaLxnR+YIqilM7g= -=RbWA +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 -----END PGP PUBLIC KEY BLOCK----- """ diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py index a8486d1..87ea8b2 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py @@ -169,6 +169,63 @@ """ OONIPROBE_CRONJOBS_LOGROTATE = "/etc/logrotate.d/ooniprobe" +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" + + def rm_rf(path): if os.path.isdir(path): shutil.rmtree(path, ignore_errors=True) @@ -214,6 +271,10 @@ def write_cronjobs_logrotate(): with open(OONIPROBE_CRONJOBS_LOGROTATE , "w") as out_file: out_file.write(OONIPROBE_CRONJOBS_LOGROTATE ) +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + def _perform_update(): # Delete all the daily crons rm_rf("/etc/cron.daily/remove_upl_reports") @@ -272,6 +333,16 @@ def _perform_update(): shutil.copyfile("/usr/share/zoneinfo/UTC", "/etc/localtime") + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) # Set it as already initialized so we skip the informed consent on @@ -280,7 +351,11 @@ def _perform_update(): pass check_call(["systemctl", "enable", "ooniprobe"]) - check_call(["systemctl", "start", "ooniprobe"]) + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe agent") + logging.exception(exc) def run(): try: diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py.asc index 4f98029..7d09337 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py.asc +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-1.py.asc @@ -1,17 +1,17 @@ -----BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org +Comment: PGP -iQIcBAABCgAGBQJX2884AAoJEMPs3AQgT50pN7IQAJnIVDl9kMCUKhCUmaAMCTYf -+bShpXaKK4RNEg8r4+8es2S5EWxyXVXIE/QG2MGAEVYxgF5dSpI+iqbsfWu6Ab4c -sxXpuUxXzvx6uM17CbCib1iqCQIUnzlE6XUdN/lznZiF63lOdaFgHRqP3bb4REmC -zWo6A3mq2d3DEqbdBvEEl9SElad2MmvolZCcmyAdPt06hUVWoDCJZWbGLSvIKNOU -J7L5o4fZ2dCi8JYXTwmC5GYCf8ajBQ114CkrFGye40SflEZIHyCZWgDR4QuoGIfL -A0yulZdLhjkvjF05HRSv/A1Gl0KFlDolwuu3GosXGFwgYATHyMCkxxAxBnUYBFOS -o30wT+rKPZxrnTRh+eAdHJWfPjvvO1q0LXecP3+Hp4iUtRxL3tQms3amCc8bVDMb -y319T5zam2Bl9HsGhix0ZnXkdhmtiz1l9VhrQLlvSeSUx7fywo/wTZRMln1pYTxO -S3wGIeOQPja1dAzUt/9pxAQ3oVMbmM/VrQPXcgXPpuMKRTyTH7jlOvIxKlqlR9Fl -wmjzXb7a/N+dd1UmXEw8do4bH+y9eIgaugYqEzEpNlDjkJUZ/mjxj74a5OElRX6p -Yf0z9npOXd65ykdHn71gBW67Kzu4z/D+IfTtX1Gs6/hhRuIMbnYQYAwTcwnXApMg -NjC48Ta7Y46zNB1ihJaL -=AShi +iQIcBAABCgAGBQJYpdEFAAoJEMPs3AQgT50pNJ8P/iIRkkoe0QxGFainHxx8ULe0 +eRPn43V8OinvZKXgSk0+BL35ojBI4VtyzJTd6+SbJaml9vfaQvVaGvdQE8HXjPCF +9K8MEmlKcb5o2nRh1lzsq+p3/J3lK+I0FbSSdAsjb0r73enEZTHgO5uz988xu51R +zPZOXHh9aP6eSLan9a/o9lUzbmaTuJ2soG8yNXosrWnN48nkKWEtdLujWeJT9Iiy +RzxPhw9W9EBr8+jrw3KZ6rImz2qAxIJXGdreLfnQWFiNxrUhlP2wmEtEuhwS3qsu +dfrftW3N7YLQ2rMpoFLgTzxe1v79P7udDSf5bXG5/UUdV9cw8ztk3p1Y/e7/VBT/ +zxEeZN7X7HeB7+6PNFs6E9JOVd/TDrHts5T19XgCJ8tBOQZgMrpJIqr7pxRheIxL +g2nupYxwhx65rHmr0uGxqWVIMt1lS4YS1weIuYD1Oqmk0aDysv4Zo38TlzgIijd+ +TpXfqaGOwRka3+0egJfEMZ468sn2gjpSH+tOmycMVZRRv5+KwjHdZm+E33+gcb1z +OM+uN6OcdwOnmpk/WzGUfWfuOimyNiCC3qtDIRODphKk/rVgkrbH5w29XpBpPgKS +zV/669xBXuzcvPC2MIpHfGJ7v8rhrM5bCh51+rS6X7RHHRk92fgZeIctioLmpVg4 +6eflAMxHoXwL3+X65K2O +=Cyq/ -----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py index 69ab131..b4cff91 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py @@ -10,18 +10,97 @@ OONIPROBE_PIP_URL = "https://github.com/TheTorProject/ooni-probe/releases/download/v2.0.0-rc.3/ooniprobe-2.0.0rc3.tar.gz" +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" + +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + def _perform_update(): + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) def run(): - check_call(["systemctl", "stop", "ooniprobe"]) + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) try: _perform_update() except Exception as exc: logging.exception(exc) raise finally: - check_call(["systemctl", "start", "ooniprobe"]) + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) if __name__ == "__main__": run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py.asc index 3373c50..11e1257 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py.asc +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-2.py.asc @@ -1,17 +1,17 @@ -----BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org +Comment: PGP -iQIcBAABCgAGBQJX39lIAAoJEMPs3AQgT50pI3YP/RAbCBIF3Z058XZtmsmwwqnd -UTH79zYOcJkZpW+s4L1Zj7XlgSAQsbp8hiHd8icc4PxW6esk+qlqAJ9d5KqUCLHp -h441vfJyXyCukkVOQND3OpWQ7elt2CNOcr7MICZ6ej3FafbIdJZ0FUVZ9s2I2fU4 -5EPzC7kyDcys+l56fnHdGKNIX9SdwmUxT/GlT+/O43q/AmAaaxW4dDyQpHmK2q/w -8nKy2M8qP1u6O5gZan3HV82A0DhJczmkjWmujmLB4CFUDHSmGLmXHrwmzx0Yc//L -XcdlQwBCM6lbagzhlR6iTCLLmqWAkkgLYsX+zxVnjnuspzYBWe8pDxUR0Cf6q5PQ -aYp4RHO9y3CPgFWBdqRN4F4ha+1DiYmr21ZnZhP20hzvp21q9i+AdRwe4f3vxGH9 -QMKrb8zvQl2BMZX+N6YX/cQboS0Ns+5UutvXJZ7abzzUe+GlyyM/wDRcgRhcfrpz -5eN9KrhV/MaCBvLg+/8XU1G7XMpSS3JTsMnpvGPMUTrFmdqqf/uCJfGJdluG0+RC -ojs5ySodbxgDyXlq8zMzXekPFU0Klcn986yaGn6GT1gT4AlDyLW6MkNI7LIC3qNU -6BWOgJucesU8/MEWWo4/UQzam+iaR4OeIIj2T2Uf/O+C4f3vtz/M/O+UyP0fBuiE -bYQRJdw7BDIrmhIlmfdn -=gKLn +iQIcBAABCgAGBQJYpdENAAoJEMPs3AQgT50p/mcQALpCQWQb0cSJCpXMYz+X7vhq +QAY9rZul/zLk+4M4MB0/1Y43cTYrUHZeURl4iHWaqp+Nt4zdpHwSk4TgUyLpXYW0 +Cqez9OUwY1/dlu8mGnVj739q2gFyYkGmH0UM/Vsf8mu0nz+y1BYiMk7/jYmi5wRk +es9+PQkqTmFQA4q+/LefVDORXbHR7bvKqnDtcqFh00wIOCNdJz6vvF5g1Mt22w4M +IUPErmtZmEkr1kDswk+G+ixMeENc+UXuGnmaVl5Ykk0zysi+bSiE7c3KBmv5EU0H +5VOhJoDTn5GZoGRoNcVY/LVJXd+aYp0MbgIrwBZZe0V18GfA1CwVnUpTQr5sCbrw +AJNP6Jx4yTDex81TEdfk3QdCgKiv46qdWjC/8vdULmHYS9Y1tsud3/2oZ0o74700 +RtA0xCfbHW+d1PdW8Oqvi5TNhOhxziWBg6H8bvI4vqw8C/YQ63hjRI1PFsPhHIJh +TTfE0OW2ZE4Inp8ZSGKemUyfjq8/2JXlCO2RA8u9kWs8B/GpkL9Ri2d0cF/pWEeA +QQfKeldUp7ozc6L+ofziv80ijBQJXambDZsQjT1X/cB3W5Hh9aqXUP1ygbzCzl1r +cSg9tYQDkJhW266hMsH4+u1frCqKfiKnaLcoiXk9CB4zGM/QqukZGE7ecdhukI4B +rbB8d9zlZ7+b9/aQOEdp +=oq21 -----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py index a4b4d55..49b5d40 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py @@ -24,6 +24,65 @@ 'tor.yaml', 'web.yaml' ] +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" + +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) def rm_f(path): try: @@ -58,17 +117,36 @@ def _perform_update(): enabled_path ) + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) def run(): - check_call(["systemctl", "stop", "ooniprobe"]) + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) try: _perform_update() except Exception as exc: logging.exception(exc) raise finally: - check_call(["systemctl", "start", "ooniprobe"]) + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) if __name__ == "__main__": run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py.asc index 86abf17..95bddd4 100644 --- a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py.asc +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-3.py.asc @@ -1,17 +1,17 @@ -----BEGIN PGP SIGNATURE----- -Comment: GPGTools - https://gpgtools.org +Comment: PGP -iQIbBAABCgAGBQJYAS/EAAoJEMPs3AQgT50pDfUP+J7+FNRNs9kczvycPmxwHNBg -iwWtdU+EieIbUBR1rl2eT7P1rnexm27nMivk5bEwC1nT/H0W8y822/3XnFwzGN6O -nnVNydtllki0YITbvVxXc01Moj5oHBiERe3mzqNx5zPXCqxQ+PTtWlWy8BLXZmG1 -/dt4UB4FsRiBeDz0cRF7neQUFItWhewJW6fm2lepkEsLl3cfmt4uZuFXIJNuY576 -kiJ5iM3hztR/L8fy89SQ/u7ZyI4AiThVjBZ2pVWLUi3Ckpwh46DCpCO7iH2e38Wz -f8KR5v6TnL1GdKdR9bwGoFVnvtNj+hhZ2CSqbdhUZpve5jkuQvlhyNYWQduTw82I -YEmmU64bneqddQGlc2H47pB7ap/lxu4nOop7X6mdaKcQVFyq44S/2TRc8h1TwJA2 -LMszjYlrztoRyWQJ7T8fVqwlgSi4gP71QEGJ6RHZsrCivWPaaCEnSDzzmKi1RE6v -6O9VF0lU4HMWGMmovZ1WwOU1WrEgNNTSP0B+bTC7WYHxs1+BY4e30dsHnvS82vNi -AEVJxPS14Y1iLz5aXfhcAnl57F6hNIc7KqTo9yBPCkrUa/25JHKJqvDGxKjwbBFC -p+Bf6P2KPSAbUkeJBryy2+ItGuYwGQdyk9V3AWsxVkIEO839hGbJJVwkF1rhrsRV -TvZIp5a/WEKMgbH7nbo= -=k6Ij +iQIcBAABCgAGBQJYpdEUAAoJEMPs3AQgT50pTesQAK/w789ZAhe5CvMz9rBdGNv5 +YnlBjebKEtUa6BQhAtZh7hLRBXBW+7Ex6lt3OylS6S9mAuKltmle8hEy/qtOp3it +cyF8jHJboMnV6yt3qXbdfDGmQdkjEK8jqzWFY4qBlWcB82Ai48II7WGAKPxcIvrr +Kk5nASlzpZw6Yag9iL21d6CQ/ZA9wzQjgEz83ycYYMoezwYlCfuuX5hQ6WZt9i9G +qH/nXz+hiPSD8GzKx70MioKW8oaVIWnAXFRiMArzkbHLL5aQsFMlCe565O6aObeM +9sQ19o1Bj8PzT076GLhJRMSaca0q8W1xIxz0sIs8fDEb0R4Wfv7hfUGAvz3FtSwC +Il8ewXppiDkQYkdLGs98EAzS8T1YJu3Ifo2xtU6LCSxM8e+LC4TWWOejHsZeTPSw +kaL2+aN7Yy84MXvxrcymwT70hbkN5kCws6TnGb2d66ABNKzYpwhlcaMdS+NP54ru +hC7xEeLtTY+90VJfk4m/NCeQNuAzWFlREscHkgPd1OIh504BSpMcKL1qC2mN3FJY +UwJqjhrMF3m8gzasbmpNznM9OaCCjUMzEueJeDt2nWcEOQcm0wv7UO08qnR8Qwwy +VwtY5bKlO2DmRwSai+N7vjlqmwqCkCsdGebAKiuyx0fRRsd71aPPWqfoEVRE9YbI +xzf8JmmXqsXswYAkVDCu +=Z+dn -----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py new file mode 100644 index 0000000..00da553 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py @@ -0,0 +1,120 @@ +""" +This is the auto update script for going from version 3 to version 4. +""" + +import os +import logging + +from datetime import datetime, timedelta + +from subprocess import check_call + +__version__ = "4" + +OONIPROBE_PIP_URL = "ooniprobe==2.0.1" +OONI_LOG_PATH = "/var/log/ooni/" + +past_2_days_ts = int((datetime.now() - timedelta(days=2)).strftime("%s")) + +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + +def _perform_update(): + # Deletes log files that are older than 2 days. + # This is due to a problem in ooniprobe with logfiles ending up being too + # large. + for filename in os.listdir(OONI_LOG_PATH): + filepath = os.path.join(OONI_LOG_PATH, filename) + if os.path.getmtime(filepath) < past_2_days_ts: + logging.info("Deleting %s" % filepath) + os.unlink(filepath) + + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) + +def run(): + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) + try: + _perform_update() + except Exception as exc: + logging.exception(exc) + raise + finally: + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) + +if __name__ == "__main__": + run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py.asc new file mode 100644 index 0000000..aad8987 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-4.py.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: PGP + +iQIcBAABCgAGBQJYpdEaAAoJEMPs3AQgT50pOqwP/2OcU1wv88nsk80heifqEcAP +tu9YpzHsBEdZaIZ5yF4N58YiIProVFw/O5xOULNKaunrM4fgKwLFrfQ3CsLRhfcw +SDFz23WzKHrIrGBSUxnslHEQJryCMZHgiUVnhDeVRshu5py0QvdbrMlNJ8qdLI0v +CT5CKlC+Hc6Ml8xYMhhw5mazTY7mfkZeiW8FKO7l4phyrr+X14lJ2vNmZiuMvNG4 +DbGB8/4HLusjXlRp3FrAAH7Rqvxt/APAsMqxxybZJKoIAt4HljeSgI6gl/J66XQP +j7G0lcB3aHjNswCr+QB33SO+ivONdqQHwDLZkxXIEkD01Lm2gmtXltbq31gZdxsC +ftGw2urDKIwgn7gKRLB9s416JVHQ7Ygx7Rax2VnhfAAuujrz5lGZ1TbPAKngH7iC +BEr9DmQMbFsxq4NjRVFXvGpAbRsgWIAARP+L/Jhk1L1Q4JNwX1i5CUjjMiHFtjbV +d1TGXfunl1cBDOTnwYk5MYhHqa2Q6YQ6T+dXHnz9smuoPaCwNMxUbBskufUjhJQk +bIkOYHm1Cg07MxBKxnBbjM9cXMvp/OvnDwEWrsxifGYGEa1ylk2LulwsonW94IWn +gXwLIYU2ZL7dT+8SZogJG9RiuiOYRYbzvWaYvo8Rt8Awe/pQGHrICWenv7azV9xq +pWwKb9LUsDTN3Cxz0VRb +=2cYq +-----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py new file mode 100644 index 0000000..9469771 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py @@ -0,0 +1,136 @@ +""" +This is the auto update script for going from version 4 to version 5. +""" + +import os +import logging + +from datetime import datetime, timedelta + +from subprocess import check_call + +__version__ = "5" + +OONIPROBE_PIP_URL = "ooniprobe==2.0.2" +OONI_LOG_PATH = "/var/log/ooni/" + +OONIPROBE_CONFIG = """ +basic: + logfile: /var/log/ooni/ooniprobe.log + rotate: length + rotate_length: 1M + max_rotated_files: 10 +advanced: + webui_port: 80 + webui_address: "0.0.0.0" +tor: + data_dir: /opt/ooni/tor_data_dir +""" +OONIPROBE_CONFIG_PATH = "/etc/ooniprobe.conf" +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + +past_2_days_ts = int((datetime.now() - timedelta(days=2)).strftime("%s")) + +def _perform_update(): + # Deletes log files that are older than 2 days. + # This is due to a problem in ooniprobe with logfiles ending up being too + # large. + for filename in os.listdir(OONI_LOG_PATH): + filepath = os.path.join(OONI_LOG_PATH, filename) + if os.path.getmtime(filepath) < past_2_days_ts: + logging.info("Deleting %s" % filepath) + os.unlink(filepath) + + with open(OONIPROBE_CONFIG_PATH, "w") as out_file: + out_file.write(OONIPROBE_CONFIG) + + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) + +def run(): + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) + try: + _perform_update() + except Exception as exc: + logging.exception(exc) + raise + finally: + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) + +if __name__ == "__main__": + run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py.asc new file mode 100644 index 0000000..160a458 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-5.py.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: PGP + +iQIcBAABCgAGBQJYpdEhAAoJEMPs3AQgT50pNlYQAMohE6DAiQA1PAmz6WwwHFhH +Of8K7dEyZHxCSBSy5iMA0Z9mBZeBzoI+ejG1FxAmOQ18r4o66Pmz0wofW+hGVHQ4 +JEYptSkh/+tbo8KlmdCOdap8xd1/xpVmunnm6euIxQ+45rowEZmJHX+0oxW2sg6h +gSrKcxyBxf6zBLTv1y/ddcReOXgjxDkApU9pALO0T6ykJCWRjFBQwJyOU9jtJGBX +tt5LQXCr8yjrO3z93hewTmAaRNK6RNa8gG+gmPopphPQpd1Y9Pg5rC+nFAtSNnZ1 +vOa/II23w6vNgERNu3AlX+oBggk00roFMH4Jy8KNvJ6lm/vDV5FrheIt0pALZq9K +NzaZR0MTKQvJA4DkQ1hbLOXGyoUhGm8SpyqYyw3p00i/LLhOMlvQ2OodbTsGqp+K +3JLAR9BlJ2FmCF7+qKw5NJHip0UhZSzt9Q2QFGsIPcQtQ8nzZWpT/3qsegO1JmsN +5iN1xW/FnhV4piMVRSFtxJpqFtYkdd1oJAU+LvPn35iw75EiVT7J/JknmE7E+XE/ +a9mxuMJCRbJ1DQv7XK/SSUR8U0oulWmI16xBt5FEx4t2EKWVk0DTfhswfAuCKh69 +hkwUz6DlFmvMqwVUsAgpRQsEYBKB3OeLp1N+vvpSgsa1AnFCDh7LC6io7IfRvKcM +qaSarHeoXFnzaDKIEMVU +=+e4q +-----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py new file mode 100644 index 0000000..89bed33 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py @@ -0,0 +1,104 @@ +""" +This is the auto update script for going from version 5 to version 6. +""" + +import logging + +from subprocess import check_call + +__version__ = "6" + +OONIPROBE_PIP_URL = "ooniprobe==2.1.0" +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + +def _perform_update(): + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) + +def run(): + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) + try: + _perform_update() + except Exception as exc: + logging.exception(exc) + raise + finally: + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) + +if __name__ == "__main__": + run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py.asc new file mode 100644 index 0000000..c660bd6 --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-6.py.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: PGP + +iQIcBAABCgAGBQJYpdErAAoJEMPs3AQgT50pT1UQAM0EXd5MIHw5iikmYCLwGWlz +qYa++TkHWioEQbCfEpEenhZoVN1LpdiXza2jeiRI3ftH966/I4VVWpJKvCPkQq5y +7ldvZexf6OoQGSA+IRTm0bn1oXH7/T3KhTcOZNy9qrTIHZzdIWEFnto72b/9sg2+ +hEayzsaSFJ9wF14CDwms42ZN3bubKex/f9UqYZW0NJvInv2m4nQlxemm+xBtXxam +F2eT7BDFTm98HW7UZsB8seeaGpH9MQzTCLY5FdCMqb+D8mW3Y74b5eKH05q8PAc7 +S2HDvrx/8nqN8IROoBhFLyfIiVNxDIeRXV4gjORQskOdPKVZLQLvqBHrJYVKgAfp +RIG9VtmERq0pxo1FoWcHEZ7Xal/lAQ2HZic+2wUkuHATnulKNsEvL/OHrSQLzBIF +sGZXKQYu/p6Dtef7iNsdcj5OFSyD8Y2f5EwW5vAMmQsTYOSPV3XS+bMQJB9xbgoO +byCgVTxjVp2erO7V4ZP0mmIFga/n044guLtl5NkR9HhrGoxliFFWpykzGwet+Fbi +284vEPuPlEUghPDHG0NrKnELj8QFK6RYMvZHArSUiJ/JlGDP88w0qnMso20WJMj0 +BYR0PFwv16+EJIz4zVsPwIOHRfr1N3qFXf8myRsA5xxsHd+xcurdjXb1oWJUD/Xp +4g8lj3vBRISPzFNkqfTd +=JIG6 +-----END PGP SIGNATURE----- diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py new file mode 100644 index 0000000..0f8e08e --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py @@ -0,0 +1,104 @@ +""" +This is the auto update script for going from version 6 to version 7. +""" + +import logging + +from subprocess import check_call + +__version__ = "7" + +OONIPROBE_PIP_URL = "ooniprobe==2.2.0" +PUBLIC_KEY_PATH = "/opt/ooni/lepidopter-update/public.asc" +PUBLIC_KEY = """\ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Comment: PGP + +mQINBFfEAKABEADNBPp2nD48xXRhMdKMVXS2qHgDzokSAn3hikA+cb2IL5ssde0o +9HHzMxSNCbQBWo1bpmg84zsHvZTL+yEVGJ+o8DjLfdKKdMUOPsLTc0O1rqD0M6L4 +35n6JjaeJp98HhVIRkmNqBG4pWMKLqvW1crEt5U8m/X7LWtTzsBt2DPi6UB6yDqw +520DLK051/0WKE+s7W8f8hYheHqyaUl35wtU6Qj7kjcDm0Kg57l7pY7gdYEeRizA +TECXy2c2mKJusql3p65FD/jNX6TncfHWiESvS8p31E8xx1hfgsgmh15JqrMTALm/ +7cn3/IDV5vPBzi2pf4IlVHo34QcE26uj7QaXjrlQUkuds5cAFy/4uozN6J2PbH2x +e1+oI9rGxSf9m7UfAbudC+QATAlMDNeH2ngeqA0tm4vrMk/ybj5efeUjGNGNW0c8 +6xfhbyhNJb6Rw2ScwdFUc/niWone3O1J3QkQ6CS6/gT3JCBMRVwLl+CkbeaALBTI +6We0CNQc1FXcWB84LI9F3UAHiR9jrmA3J/ck4R1oqv9STTrClTdWIvCK4sNa0sv7 +ra1fdEV4CK1Z0qKxbKCk/JTlD/9w/OqZQqyJLOrWXomYxR6I6lxNwhoC+3Ysj5EG +Mmagpi+nnqAK0oIBkPytts9e6e1D54hS9sEG4uaEQRm229e0yhmQNQOKNwARAQAB +tDZPT05JIHNvZnR3YXJlIHVwZGF0ZSBrZXkgPGNvbnRhY3RAb3Blbm9ic2VydmF0 +b3J5Lm9yZz6JAjcEEwEKACECGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AFAlil +vY4ACgkQw+zcBCBPnSkinhAAhlaPOq+X1rIcCbzePaf3/g47ha2AySPPVPL1hiiG +9b/YSemb5w9NTmPbsoJNQjQx9+4piLarSqN9Rihqw9T8IQ35EeuAd1sDBKseNbz6 +nt54FwUb29o71S5nakDALflGTmHs0dx1vaG50weZ9HBvSw07KMNK01JNmAeZ5GgV +6B2UTa3yRoyTkBOcRVTxcn7JC0NdHpy+8OYpubDhPJPJJSMRqUaY05tfl8hLFMkh +7g6VQRa/nBiOHgfla9ZqHr7yrFWV0g8wKF8nVBGD+R4/qchBrh+ofPk+Y7Gm39gD +ux0mAX7xbJZpLry8BWBIUW50wlH1W4/Pq1kfw7m5vSQFCr0Ge8U/NQXkLwVf37Ow +TT6opY9pXCrVqV8Ris+gah7XJayVyiF+SpARn+e2EPHxxhVxpF8H9cArhmU+Z9Vx +PuLtGlCM5C0ypboHvEmqmSL2BhFhlxwchyqMf0h+6L5gR/i9GE+3QBFMewBQlgAf +7ioddEGIUdnsAeQJHByupycCDF9rVxzWiYgDffV8B6JXDuw9iCwhIrslOkRM6mHV +4/oe9PZ2Y+uLmcyOQa4Yk3jhr2aEa0r2Tuz1Jxw8DmY3y2GDNghuSHaKX++R4KqC +SYuU4/yn1F0nojEy4Q+RuLfV7Bu9BDSUtsPB1LgXWBtAA6gMK66UiExd6fNLhy94 +1Dy5Ag0EV8QAoAEQAOQwsRo+2260kBYKnxRHr6rzTjStXtxsCsMUB08EXS7eTElw +DSE2C+pfeQjFe366f1zNTxY/CN6wCtd7wI4cVXWKLescFfCUrsg+S0Wfot85AXqC +qrPKFtKwW8khUeVnQfmHwhQl1W+/t+bE2p4X+0OR8qugHsMnvYwl+KpKsZ094Lwk +O8GRySB+LKm6KQtJ+WOnsvs3X8v8fSA6GwJjYdtKqNUzPBLpw8RrIH9leaT2pe9T +a48GqEwrU8wxwKyRBIfJJP/zq5n1rKcOBpvLZDVcyrVw+pIGa0zfmr/cqWYG7znx +2Xq3i22d36xPkfkZEyVnQcCJJ28hkAfXRYpp+gMnL0Zt4u3GgzSARSBSVrcMyNla +ft/aSOkojyjh3+2zF1PCfW1Nw9Sx50gdN3FfF0yEWjUoA1R/NW9CQZVG4qh/n2k5 +08PYfZRuJ74T2jABFJIztv2pmq3VpSA7hkHGl3nXrdqpsw3V9bkFqZa/ihhY7IpG +wUWx4pDHh1gKhjJ0qPUVK5sOx3GZfEvMCCiH9XPk70fn3nuYupRr9WNrHJwUSeLM +hRvi4jTT+z5QLdYloFRZmDRwNg63csGZRkly9vjrAiMVHMpcJI0eCei/XgeKSxoi +AmzNuc2J47SF2z7WIsDwHhwRj6tj4dOW3Ye0WIkcTIvHd7UTVX02v+oBd5YhABEB +AAGJAh8EGAEKAAkCGwwFAlilvaIACgkQw+zcBCBPnSnQmA/9F9bt+Fd3SUz/bQRx +MDFpEmGJyT0okiCli6wPOHIGG/K7qUJrRGYIZiV6Wje92+G6YR7025D4qnJVLfBo +IB1HtA0PeP5Px8ICfYhMuBD+Z2CQFu03gq0gD8MLpCh6lsSOYc+g+uxyI2zmRVmC +CqH36GTf57xm9Kogc1kze9rEyUA9CR+gachWFrdhGXbyt6czop2oDDfJG/Pbllbu +b2+n8OebaQSElqd263sCFMfVXsXn1qjuBEOao4aC14MD8EnmxUjGknYQIxI0vgyS +a/UcGqJScsEW0LRz71O5HeyaJwGGsnFwZv3U75x3SKJvDNN+UugOAwCATAZ984c2 +/R20d28WCLQYGOMxdRib9D5zlNrfjPVXKrXRkwxm5ucLhKrjgjp89uk+gyjZ1FnN +7V2YgJGMmL2jMsdGZpos7+MXpyoR0gTbtEaA9jWJlQNma1bAnEhnMaIZQGihyJs5 +JOhkGuhuuVQqbRJ5xLBX9xOszmWUA4itqQoYWM3k43QKZl7MT4Oxqhhmvmv4hVh0 +T8MdyzwACgAbLHsEMxb9kOMjhcIpRaP5ZzNWKIX8PPe92z4U6sqQGssBBaHAEPuN +FkpEG6zvsyimZlrp3Vz5m6FYbDZD0j63RiTPj4LupDLGqKGseyOYPvdZrmFTKWss +h+O+8iKVFs758eJDJtr72KlxfhQ= +=zx02 +-----END PGP PUBLIC KEY BLOCK----- +""" +def write_signing_key(): + with open(PUBLIC_KEY_PATH, "w") as out_file: + out_file.write(PUBLIC_KEY) + +def _perform_update(): + # Update to the latest PGP signing key + write_signing_key() + + # Fix pip bug introduced in setuptools v34.0.0 + # http://setuptools.readthedocs.io/en/latest/history.html#v34-0-0 + check_call(["apt-get", "-q", "update"]) + check_call(["apt-get", "-y", "install", "-t", "stretch", "python-pip"]) + # Remove previously installed python packages + check_call(["apt-get", "-y", "autoremove"]) + check_call(["pip", "install", "setuptools==34.2.0"]) + + check_call(["pip", "install", "--upgrade", OONIPROBE_PIP_URL]) + +def run(): + try: + check_call(["systemctl", "stop", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to stop ooniprobe-agent") + logging.exception(exc) + try: + _perform_update() + except Exception as exc: + logging.exception(exc) + raise + finally: + try: + check_call(["systemctl", "start", "ooniprobe"]) + except Exception as exc: + logging.error("Failed to start ooniprobe-agent") + logging.exception(exc) + +if __name__ == "__main__": + run() diff --git a/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py.asc b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py.asc new file mode 100644 index 0000000..417fd5d --- /dev/null +++ b/lepidopter-fh/opt/ooni/lepidopter-update/versions/update-7.py.asc @@ -0,0 +1,17 @@ +-----BEGIN PGP SIGNATURE----- +Comment: PGP + +iQIcBAABCgAGBQJY5RTPAAoJEMPs3AQgT50phcgP/1FOvazOWwCA/8d61Sc5Gwfs +1XlFua24Tn+SOy3fI2kUI1NlYdyhFVwHKQVdSeUZJ/kE7BMskYmgEn9MmwzVBA8B +FFnxZxfW0EQKrVjIAdUiSWsWEqNh/EV5aNvxSQt5xmE0iWhh76AVR7Fn7SmlVR4j +PQlZjBQsaFspvlb/of/OG/kn9q9LIdHlkLKgkRquX6GcAcnBgDk/1TfsYcJD0W+g +gCC+CTXZn/wwfzy2paFH8tMUlLy/Gw8EPMp+VoW/C2dfYRceEXouzSLsNW3XVjO3 +SGL1vmT2RjjLfBDP8d4meMHN/tz31rEhg9x9hJ5LK7bGXKpx2AYe3GWSkJOdzPGQ +ouJ9/+K0Gh0oz7ec5mYHKpa7AybPntjUcdUfw1KBAdCQ509j6KNWvZO9CV1UkeqD +AmHrsic7Ys52anVEirA2KlKWVs+Nfau4k/Kl0oVK+QpqCgATmypj31K/XsABBUBV +3B7VZNuq4UfVeNYg5E50dnG92KUETtvUVJYIP1bfM4iYmRY7qUKIrH7PMt3ajnr1 +0CSjndNjDnrMqvgWP7cY14LraGJqOLTX6X6tzVvZnQTB/V4Tb7TD9VHwuqOpsFqL +wvdJ8GkHc0BVKc+lUZ+x7d32vcpLEbthQv0fVssj1VTjEjKXd1AJYanuRvMf7Y6z +Ea5BE/ZbgOfLkdAPSByr +=jegw +-----END PGP SIGNATURE----- diff --git a/scripts/release b/scripts/release index 811bce0..8560e96 100755 --- a/scripts/release +++ b/scripts/release @@ -2,7 +2,8 @@ # This script updates lepidopter version and ChangeLog files set -e -VERSION_FILE="lepidopter-fh/etc/lepidopter_version" +source conf/lepidopter-image.conf +UPDATE_INCREMENT=$(awk '{print $1+1}' ${UPDATE_VERSION_FILE}) usage() { echo "usage: $0 [options]" @@ -49,6 +50,9 @@ echo "Using tag reference: ${annotation} as release tag.\n" echo ${annotation} > ${VERSION_FILE} +echo "Increment lepidopter-update version to: ${UPDATE_INCREMENT}\n" +printf ${UPDATE_INCREMENT} > ${UPDATE_VERSION_FILE} + mv ChangeLog.md ChangeLog.md.old echo ${log_entry} > ChangeLog.md printf %${#log_entry}s"\n\n" |tr " " "-" >> ChangeLog.md diff --git a/scripts/setup.sh b/scripts/setup.sh index 1f1d1ec..21cddec 100755 --- a/scripts/setup.sh +++ b/scripts/setup.sh @@ -86,6 +86,9 @@ cp vmdebootstrap /usr/sbin/vmdebootstrap modprobe loop cd $HOME/lepidopter/ +curl -L ${LEPIDOPTER_UPDATE_GIT}/tarball/master | tar zxvf - \ + -C ${LEPIDOPTER_UPDATE_PATH} --wildcards */updater/ --strip-components=2 \ + --exclude='latest_version' --exclude='test_updater.py' --exclude='example.py' ./lepidopter-vmdebootstrap_build.sh if [ "${#compression_method[@]}" -ne 0 ] ; then From 90f31bc3fe858071189a50e94c7ad87bc5f787a1 Mon Sep 17 00:00:00 2001 From: anadahz Date: Tue, 25 Apr 2017 14:25:01 +0000 Subject: [PATCH 07/15] Add openvpn (#65), set mount option noatime (#50) --- lepidopter-fh/configure.sh | 3 +++ lepidopter-fh/setup-ooniprobe.sh | 8 ++++++-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/lepidopter-fh/configure.sh b/lepidopter-fh/configure.sh index b63eb5a..d294b09 100755 --- a/lepidopter-fh/configure.sh +++ b/lepidopter-fh/configure.sh @@ -10,4 +10,7 @@ systemctl enable lepidopter-update # Install newest e2fsprogs due to incompatibly with ext4 file system checks apt-get -y install -t jessie-backports e2fsprogs +# Mount option noatime disables file access writes every time a file is read +sed -i 's/\/ ext4/\/ ext4 defaults,noatime/' /etc/fstab + history -c diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 045ec0a..1c70881 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -12,8 +12,8 @@ echo "deb ${TOR_DEB_REPO} ${DEB_RELEASE} main" > ${TOR_DEB_REPO_SRC_LIST} apt-get update # Install ooniprobe and pluggable transports dependencies -apt-get -y install openssl libssl-dev libyaml-dev libffi-dev libpcap-dev tor \ - libgeoip-dev libdumbnet-dev python-dev libgmp-dev +RUNLEVEL=1 apt-get -y install openssl libssl-dev libyaml-dev libffi-dev libpcap-dev tor \ + libgeoip-dev libdumbnet-dev python-dev libgmp-dev openvpn # Install obfs4proxy (includes a lite version of meek) apt-get -y install -t stretch obfs4proxy python-pip @@ -27,4 +27,8 @@ systemctl enable ooniprobe # Stop running tor service that can lead to a busy chroot mount service tor stop + +# Disable the OpenVPN unit +systemctl disable openvpn + history -c From 8b7bd8dcb516200b26b2721eabbbc3ad1e1ecd13 Mon Sep 17 00:00:00 2001 From: anadahz Date: Wed, 26 Apr 2017 02:43:58 +0000 Subject: [PATCH 08/15] Fix active meek tor bridges --- conf/tor-pt.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/tor-pt.conf b/conf/tor-pt.conf index 86f9c02..9b77c3a 100644 --- a/conf/tor-pt.conf +++ b/conf/tor-pt.conf @@ -1,5 +1,5 @@ # Uncomment the following 4 lines to connect via meek pluggable transport in tor #UseBridges 1 #Bridge meek_lite 0.0.2.0:1 url=https://d2zfqthxsdq309.cloudfront.net/ front=a0.awsstatic.com -#Bridge meek_lite 0.0.2.0:2 url=https://az786092.vo.msecnd.net/ front=ajax.aspnetcdn.com +#Bridge meek_lite 0.0.2.0:2 url=https://meek.azureedge.net/ front=ajax.aspnetcdn.com #ClientTransportPlugin meek_lite exec /usr/bin/obfs4proxy From f2deef12a1b07f4e9b1a2580153ab38efa08763a Mon Sep 17 00:00:00 2001 From: anadahz Date: Wed, 26 Apr 2017 12:52:02 +0000 Subject: [PATCH 09/15] Increase GPU memory to 32M to counteract vc_vchi_sm_init failure Some (most) vchiq services are being disabled and this bring the following non fatal error in dmesg: vc_vchi_sm_init: failed to open VCHI service (https://github.com/raspberrypi/firmware/issues/428) --- lepidopter-fh/boot/config.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lepidopter-fh/boot/config.txt b/lepidopter-fh/boot/config.txt index 68525f8..6f25434 100644 --- a/lepidopter-fh/boot/config.txt +++ b/lepidopter-fh/boot/config.txt @@ -1,5 +1,5 @@ -# Minimal GPU memory for headless mode -gpu_mem=16 +# Minimal (with no vc_vchi_sm_init failure) GPU memory for headless mode +gpu_mem=32 # Enable the hardware watchdog dtparam=watchdog=on # Turn power LED into heartbeat From a627ba02fa002ea32ef1074387bf29c146e0bd2d Mon Sep 17 00:00:00 2001 From: anadahz Date: Wed, 26 Apr 2017 16:02:31 +0000 Subject: [PATCH 10/15] Hotfix: Mask version of txtorcon package to 0.18.0 It seems that something is not working correctly with txtorcon package version 0.19.0 Related: https://github.com/TheTorProject/ooni-backend/issues/107 --- lepidopter-fh/setup-ooniprobe.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 1c70881..65604d2 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -20,7 +20,7 @@ apt-get -y install -t stretch obfs4proxy python-pip # Remove old system versions of python packages pyasn1, cryptography and openssl apt-get -y remove python-pyasn1 python-cryptography python-openssl # Install and ooniprobe -pip install fteproxy ooniprobe==2.2.0 +pip install txtorcon==0.18.0 fteproxy ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe From a108aaf97ba793da66219e684c78ae59491a9118 Mon Sep 17 00:00:00 2001 From: anadahz Date: Wed, 26 Apr 2017 20:59:09 +0000 Subject: [PATCH 11/15] Newly released txtorcon version 0.19.1 fixes the bug with tor Bug details: https://github.com/meejah/txtorcon/issues/227 --- lepidopter-fh/setup-ooniprobe.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 65604d2..1c70881 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -20,7 +20,7 @@ apt-get -y install -t stretch obfs4proxy python-pip # Remove old system versions of python packages pyasn1, cryptography and openssl apt-get -y remove python-pyasn1 python-cryptography python-openssl # Install and ooniprobe -pip install txtorcon==0.18.0 fteproxy ooniprobe==2.2.0 +pip install fteproxy ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe From 783a131423e3a2afa3d19cf103a98fddd1ea819f Mon Sep 17 00:00:00 2001 From: anadahz Date: Thu, 27 Apr 2017 22:51:13 +0000 Subject: [PATCH 12/15] Update changelog, tree, add persistent-date dir, remove BASHism * Update changelog for v1.0.0 * Add a persistent directory (/persistent-data) not touched by updates * Update tree structure * Remove BASHism, fix format in release script --- ChangeLog.md | 20 +++++++++++++++ README.md | 34 ++++++++++++++++++++++---- lepidopter-fh/etc/lepidopter_version | 2 +- lepidopter-fh/persistent-data/.gitkeep | 0 scripts/release | 8 +++--- 5 files changed, 54 insertions(+), 10 deletions(-) create mode 100644 lepidopter-fh/persistent-data/.gitkeep diff --git a/ChangeLog.md b/ChangeLog.md index 0703a96..ee70624 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,3 +1,23 @@ +Lepidopter v1.0.0 [2017-04-27] +------------------------------- + +This release version includes ooniprobe version 2.2.0. + +- Add bootloader configuration file +- Adjust to the minimum GPG memory possible (16M) #49 +- Add support for hardware RNG #96 +- Verbose heartbeat-like LED activity +- Change MOTD color prompt +- Password-less operation for the sudo group +- Ship ooniprobe version 2.2.0 +- Do not store folders in the zip image archive #93 +- Add a persistent directory (/persistent-data) +- Remove older obfsproxy package +- Add packages: OpenVPN, rng-tools, watchdog +- Fix active meek tor bridges +- Set mount option noatime +- Reduce GPU memory to 32M (was 64M) + Lepidopter v0.3.5-beta [2016-10-16] ------------------------------------ diff --git a/README.md b/README.md index 70b5c26..57c3c41 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,10 @@ User documentation and detailed image installation instructions can be found ├── customize customize script used to customize lepidopter image ├── images where the build Lepidopter images created ├── lepidopter-fh Lepidopter image filesystem hierarchy +│   ├── boot +│   │   └── config.txt │   ├── cleanup.sh cleanup script +│   ├── configure.sh │   ├── etc │   │   ├── apt │   │   │   └── apt.conf.d @@ -52,28 +55,49 @@ User documentation and detailed image installation instructions can be found │   │   │   ├── lepidopter-update │   │   │   └── ooniprobe │   │   ├── motd.head Lepidopter MOTD ASCII logo -│   │   ├── network -│   │   │   └── if-up.d -│   │   │   └── run_oonideckgen │   │   ├── ooniprobe │   │   │   └── ooniconfig.sh │   │   ├── ooniprobe.conf +│   │   ├── sudoers │   │   ├── systemd │   │   │   └── system │   │   │   ├── lepidopter-update.service │   │   │   └── ooniprobe.service -│   │   └── update-motd.d -│   │   └── 50-lepidopter +│   │   ├── update-motd.d +│   │   │   └── 50-lepidopter +│   │   └── watchdog.conf │   ├── opt │   │   └── ooni │   │   ├── lepidopter-update │   │   │   ├── public.asc │   │   │   ├── updater.py │   │   │   └── versions +│   │   │   ├── update-1.py +│   │   │   ├── update-1.py.asc +│   │   │   ├── update-2.py +│   │   │   ├── update-2.py.asc +│   │   │   ├── update-3.py +│   │   │   ├── update-3.py.asc +│   │   │   ├── update-4.py +│   │   │   ├── update-4.py.asc +│   │   │   ├── update-5.py +│   │   │   ├── update-5.py.asc +│   │   │   ├── update-6.py +│   │   │   ├── update-6.py.asc +│   │   │   ├── update-7.py +│   │   │   └── update-7.py.asc │   │   └── tor_data_dir +│   ├── persistent-data │   ├── remove_ssh_host_keys.sh │   ├── setup-ooniprobe.sh +│   ├── usr +│   │   └── share +│   │   └── ooni +│   │   └── decks-available │   └── var +│   ├── lib +│   │   └── ooni +│   │   └── decks-enabled │   └── log │   └── ooni ├── lepidopter-vmdebootstrap_build.sh main lepidopter vmdebootstrap script diff --git a/lepidopter-fh/etc/lepidopter_version b/lepidopter-fh/etc/lepidopter_version index 8fd3f57..0ec25f7 100644 --- a/lepidopter-fh/etc/lepidopter_version +++ b/lepidopter-fh/etc/lepidopter_version @@ -1 +1 @@ -v1.0.0-rc.0 +v1.0.0 diff --git a/lepidopter-fh/persistent-data/.gitkeep b/lepidopter-fh/persistent-data/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/scripts/release b/scripts/release index 8560e96..13aa64b 100755 --- a/scripts/release +++ b/scripts/release @@ -2,14 +2,14 @@ # This script updates lepidopter version and ChangeLog files set -e -source conf/lepidopter-image.conf +. conf/lepidopter-image.conf UPDATE_INCREMENT=$(awk '{print $1+1}' ${UPDATE_VERSION_FILE}) usage() { echo "usage: $0 [options]" - echo -e "\t-a git tag annotation (X.X.X)" - echo -e "\t-m git tag message (\"msg\")" - echo -e "\t-u git tag GPG keyid (0xXXX)" + echo "\t-a git tag annotation (X.X.X)" + echo "\t-m git tag message (\"msg\")" + echo "\t-u git tag GPG keyid (0xXXX)" } if [ $# -ne 6 ] ; then From f7fbae62a468ee05f207ac6c08b30537089b9ac4 Mon Sep 17 00:00:00 2001 From: anadahz Date: Sat, 29 Apr 2017 13:44:04 +0000 Subject: [PATCH 13/15] Pin txtorcon version to 0.18.0 As agreed on https://github.com/TheTorProject/ooni-probe/issues/751 --- lepidopter-fh/setup-ooniprobe.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lepidopter-fh/setup-ooniprobe.sh b/lepidopter-fh/setup-ooniprobe.sh index 1c70881..65604d2 100755 --- a/lepidopter-fh/setup-ooniprobe.sh +++ b/lepidopter-fh/setup-ooniprobe.sh @@ -20,7 +20,7 @@ apt-get -y install -t stretch obfs4proxy python-pip # Remove old system versions of python packages pyasn1, cryptography and openssl apt-get -y remove python-pyasn1 python-cryptography python-openssl # Install and ooniprobe -pip install fteproxy ooniprobe==2.2.0 +pip install txtorcon==0.18.0 fteproxy ooniprobe==2.2.0 # Enable ooniprobe systemd service to start on boot systemctl enable ooniprobe From e9ee9cb617c82e4bb47c82eb310f450a954cec2e Mon Sep 17 00:00:00 2001 From: anadahz Date: Wed, 3 May 2017 16:34:01 +0000 Subject: [PATCH 14/15] Export a list of installed packages installed, update changelog Generate a list of apt and python packages installed in lepidopter image --- ChangeLog.md | 1 + customize | 6 ++++++ lepidopter-fh/cleanup.sh | 4 ++++ pkglist/.gitkeep | 0 4 files changed, 11 insertions(+) create mode 100644 pkglist/.gitkeep diff --git a/ChangeLog.md b/ChangeLog.md index ee70624..cdba835 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -17,6 +17,7 @@ This release version includes ooniprobe version 2.2.0. - Fix active meek tor bridges - Set mount option noatime - Reduce GPU memory to 32M (was 64M) +- Pin txtorcon version to 0.18.0 Lepidopter v0.3.5-beta [2016-10-16] ------------------------------------ diff --git a/customize b/customize index 9424b3e..91ad428 100755 --- a/customize +++ b/customize @@ -77,5 +77,11 @@ chroot ${ROOTDIR} ln -s /var/run/motd /etc/motd # Add (optional) pluggable transport support in tor config cat conf/tor-pt.conf >> ${ROOTDIR}/etc/tor/torrc +# Get list of apt and Python packages from lepidopter image +rsync -av --no-R --no-implied-dirs --remove-source-files \ +${ROOTDIR}/lepidopter-apt-packages pkglist/lepidopter-${LEPIDOPTER_BUILD}-${ARCH}-apt-packages +rsync -av --no-R --no-implied-dirs --remove-source-files \ +${ROOTDIR}/lepidopter-pip-packages pkglist/lepidopter-${LEPIDOPTER_BUILD}-${ARCH}-pip-packages + echo "Customize script finished successfully." exit 0 diff --git a/lepidopter-fh/cleanup.sh b/lepidopter-fh/cleanup.sh index 757fd37..4654ac1 100755 --- a/lepidopter-fh/cleanup.sh +++ b/lepidopter-fh/cleanup.sh @@ -1,6 +1,10 @@ #!/usr/bin/env bash set -ex +# Generate list of installed apt and Python packages +dpkg-query -W -f='${binary:Package} ${Version}\n' > /lepidopter-apt-packages +pip freeze > /lepidopter-pip-packages + # Clean up the local repository of retrieved package files apt-get clean apt-get autoclean diff --git a/pkglist/.gitkeep b/pkglist/.gitkeep new file mode 100644 index 0000000..e69de29 From 2fb77f0ec72d72f4e4d76b7cbaac328e1e0f3ccc Mon Sep 17 00:00:00 2001 From: anadahz Date: Fri, 5 May 2017 13:04:26 +0000 Subject: [PATCH 15/15] Update changelog --- ChangeLog.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog.md b/ChangeLog.md index cdba835..33bdea9 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -1,4 +1,4 @@ -Lepidopter v1.0.0 [2017-04-27] +Lepidopter v1.0.0 [2017-05-05] ------------------------------- This release version includes ooniprobe version 2.2.0. @@ -17,7 +17,7 @@ This release version includes ooniprobe version 2.2.0. - Fix active meek tor bridges - Set mount option noatime - Reduce GPU memory to 32M (was 64M) -- Pin txtorcon version to 0.18.0 +- Pin txtorcon package version to 0.18.0 Lepidopter v0.3.5-beta [2016-10-16] ------------------------------------