forked from e-m-b-a/embark
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathinstaller.sh
executable file
·686 lines (607 loc) · 23.7 KB
/
installer.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
#!/bin/bash
# EMBArk - The firmware security scanning environment
#
# Copyright 2020-2023 Siemens Energy AG
# Copyright 2020-2022 Siemens AG
#
# EMBArk comes with ABSOLUTELY NO WARRANTY.
#
# EMBArk is licensed under MIT
#
# Author(s): Michael Messner, Pascal Eckmann
# Contributor(s): Benedikt Kuehne
# Description: Installer for EMBArk
# it the installer fails you can try to change it to 0
STRICT_MODE=0
export DEBIAN_FRONTEND=noninteractive
export HELP_DIR='helper'
export REFORCE=0
export UNINSTALL=0
export DEFAULT=0
export DEV=0
export EMBA_ONLY=0
export NO_EMBA=0
export WSL=0
export RED='\033[0;31m'
export GREEN='\033[0;32m'
export ORANGE='\033[0;33m'
export CYAN='\033[0;36m'
export BOLD='\033[1m'
export NC='\033[0m' # no
print_help(){
echo -e "\\n""${CYAN}""USAGE""${NC}"
echo -e "${CYAN}-h${NC} Print this help message"
echo -e "${CYAN}-d${NC} EMBArk default installation"
echo -e "${CYAN}-F${NC} Installation of EMBArk for developers"
echo -e "${CYAN}-e${NC} Install EMBA only"
echo -e "${CYAN}-s${NC} Installation without EMBA (use in combination with d/F)"
echo -e "---------------------------------------------------------------------------"
echo -e "${CYAN}-U${NC} Uninstall EMBArk"
echo -e "${CYAN}-rd${NC} Reinstallation of EMBArk with all dependencies"
echo -e "${CYAN}-rF${NC} Reinstallation of EMBArk with all dependencies in Developer-mode"
echo -e "${RED} ! Both options delete all Database-files as well !""${NC}"
}
import_helper(){
local HELPERS=()
local HELPER_COUNT=0
local HELPER_FILE=""
mapfile -d '' HELPERS < <(find "${HELP_DIR}" -iname "helper_embark_*.sh" -print0 2> /dev/null)
for HELPER_FILE in "${HELPERS[@]}" ; do
if ( file "${HELPER_FILE}" | grep -q "shell script" ) && ! [[ "${HELPER_FILE}" =~ \ |\' ]] ; then
# https://github.com/koalaman/shellcheck/wiki/SC1090
# shellcheck source=/dev/null
source "${HELPER_FILE}"
(( HELPER_COUNT+=1 ))
fi
done
echo -e "\\n""==> ""${GREEN}""Imported ""${HELPER_COUNT}"" necessary files""${NC}\\n"
}
# Source: https://stackoverflow.com/questions/4023830/how-to-compare-two-strings-in-dot-separated-version-format-in-bash
# version(){ echo "$@" | awk -F. '{ printf("%d%03d%03d%03d\n", $1,$2,$3,$4); }'; }
save_old_env(){
if ! [[ -d ./safe ]]; then
mkdir safe
fi
if [[ -f ./.env ]]; then
cp ./.env ./safe/"$(date +'%m-%d-%Y').env"
fi
}
write_env(){
local SUPER_PW="embark"
local SUPER_EMAIL="idk@lol.com"
local SUPER_USER="superuser"
local RANDOM_PW=""
local DJANGO_SECRET_KEY=""
local ENV_FILES=()
local LAST_PW_HASH=""
local CHECK_PW=""
if [[ -d safe ]]; then
mapfile -d '' ENV_FILES < <(find ./safe -iname "*.env" -print0 2> /dev/null)
if [[ ${#ENV_FILES[@]} -gt 0 ]] && [[ -f safe/history.env ]]; then
echo -e "${ORANGE}""${BOLD}""Using old env file""${NC}"
# check which env file was the last one where $(echo "${PASSWORD_}" | sha256sum) matches the first line and entry
LAST_PW_HASH="$(grep -v "$(echo "" | sha256sum)" safe/history.env | tail -n 1 | cut -d";" -f1)"
for FILE_ in "${ENV_FILES[@]}"; do
CHECK_PW="$(grep "DATABASE_PASSWORD=" "${FILE_}" | sed -e "s/^DATABASE_PASSWORD=//" )"
if [[ "${LAST_PW_HASH}" == "$(echo "${CHECK_PW}" | sha256sum)" ]]; then
RANDOM_PW="${CHECK_PW}"
DJANGO_SECRET_KEY="$(grep "SECRET_KEY=" "${FILE_}" | sed -e "s/^SECRET_KEY=//" )"
break
fi
done
fi
fi
if [[ -z ${DJANGO_SECRET_KEY} ]] || [[ -z ${DJANGO_SECRET_KEY} ]]; then
echo -e "${ORANGE}""${BOLD}""Did not find safed passwords""${NC}"
DJANGO_SECRET_KEY=$(python3.10 -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())')
RANDOM_PW=$(openssl rand -base64 12)
fi
echo -e "${ORANGE}""${BOLD}""Creating a EMBArk configuration file .env""${NC}"
{
echo "DATABASE_NAME=embark"
echo "DATABASE_USER=embark"
echo "DATABASE_PASSWORD=${RANDOM_PW}"
echo "DATABASE_HOST=172.22.0.5"
echo "DATABASE_PORT=3306"
echo "MYSQL_PASSWORD=${RANDOM_PW}"
echo "MYSQL_USER=embark"
echo "MYSQL_DATABASE=embark"
echo "REDIS_HOST=172.22.0.8"
echo "REDIS_PORT=7777"
echo "SECRET_KEY=${DJANGO_SECRET_KEY}"
echo "DJANGO_SUPERUSER_USERNAME=${SUPER_USER}"
echo "DJANGO_SUPERUSER_EMAIL=${SUPER_EMAIL}"
echo "DJANGO_SUPERUSER_PASSWORD=${SUPER_PW}"
echo "PYTHONPATH=${PWD}:${PWD}/embark:/var/www/:/var/www/embark"
} > .env
chmod 600 .env
}
install_emba(){
echo -e "\n${GREEN}""${BOLD}""Installation of the firmware scanner EMBA on host""${NC}"
if git submodule status emba | grep --quiet '^-'; then
sudo -u "${SUDO_USER:-${USER}}" git submodule init emba
fi
sudo -u "${SUDO_USER:-${USER}}" git submodule update --remote
sudo -u "${SUDO_USER:-${USER}}" git config --global --add safe.directory "${PWD}"/emba
cd emba
./installer.sh -d || ( echo "Could not install EMBA" && exit 1 )
cd ..
if ! (cd emba && ./emba -d 1); then
echo -e "\n${RED}""${BOLD}""EMBA installation failed""${NC}"
exit 1
fi
chown -R "${SUDO_USER:-${USER}}" emba
echo -e "\n""--------------------------------------------------------------------""${NC}"
}
create_ca (){
# FIXME could use some work
echo -e "\n${GREEN}""${BOLD}""Creating SSL Cert""${NC}"
if ! [[ -d cert ]]; then
sudo -u "${SUDO_USER:-${USER}}" git checkout -- cert
fi
cd cert || exit 1
if [[ -f embark.local.csr ]] || [[ -f embark-ws.local.csr ]] || [[ -f embark.local.crt ]] || [[ -f embark-ws.local.crt ]]; then
echo -e "\n${GREEN}""${BOLD}""Certs already generated, skipping""${NC}"
else
# create CA
openssl genrsa -out rootCA.key 4096
openssl req -x509 -new -nodes -key rootCA.key -sha256 -days 1024 -out rootCA.crt -subj '/CN=embark.local/O=EMBA/C=US'
# create server sign requests (csr)
openssl genrsa -out embark.local.key 2048
openssl req -new -sha256 -key embark.local.key -out embark.local.csr -subj '/CN=embark.local/O=EMBA/C=US'
openssl genrsa -out embark-ws.local.key 2048
openssl req -new -sha256 -key embark-ws.local.key -out embark-ws.local.csr -subj '/CN=embark-ws.local/O=EMBA/C=US'
# signe csr with ca
openssl x509 -req -in embark.local.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out embark.local.crt -days 10000 -sha256
openssl x509 -req -in embark-ws.local.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out embark-ws.local.crt -days 10000 -sha256
fi
cd .. || exit 1
}
dns_resolve(){
echo -e "\n${GREEN}""${BOLD}""Install hostnames for local dns-resolve""${NC}"
if ! grep -q "embark.local" /etc/hosts ; then
printf "0.0.0.0 embark.local\n" >>/etc/hosts
else
echo -e "\n${ORANGE}""${BOLD}""hostname already in use!""${NC}"
fi
}
reset_docker(){
echo -e "\\n${GREEN}""${BOLD}""Reset EMBArk docker images""${NC}\\n"
# EMBArk
docker_image_rm "mysql" "latest"
docker_image_rm "redis" "5"
docker_network_rm "embark_backend"
# EMBA
if [[ "${REFORCE}" -eq 0 ]]; then
docker_image_rm "embeddedanalyzer/emba" "latest"
docker_network_rm "emba_runs"
fi
docker container prune -f --filter "label=flag" || true
}
install_debs(){
echo -e "\n${GREEN}""${BOLD}""Install debian packages for EMBArk installation""${NC}"
apt-get update -y
# Git
if ! command -v git > /dev/null ; then
apt-get install -y git
fi
# Python3
if ! command -v python3.10 > /dev/null ; then
apt-get install -y python3.10
fi
# GCC
if ! command -v gcc > /dev/null ; then
apt-get install -y build-essential
fi
# Pip
if ! command -v pip3.10 > /dev/null ; then
apt-get install -y python3-pip
fi
# Gcc
if ! command -v gcc > /dev/null ; then
apt-get install -y build-essential
fi
# Docker + docker-compose
if [[ "${WSL}" -eq 1 ]]; then
echo -e "\n${ORANGE}WARNING: If you are using WSL2, disable docker integration from the docker-desktop daemon!${NC}"
read -p "Fix docker stuff, then continue. Press any key to continue ..." -n1 -s -r
fi
if ! command -v docker > /dev/null || ! command -v docker-compose > /dev/null ; then
# Add Docker's official GPG key:
apt-get install -y ca-certificates curl gnupg
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
# Add the repository to Apt sources:
# shellcheck source=/dev/null
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${VERSION_CODENAME}") stable" | \
tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update -y
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
fi
# alias for compose to stay backwards comp
if docker --help | grep -q compose; then
alias docker-compose="docker compose"
fi
# python3-dev
if ! dpkg -l python3.10-dev &>/dev/null; then
apt-get install -y python3.10-dev || apt-get install -y -q python3-dev
fi
# python3-django
if ! dpkg -l python3-django &>/dev/null; then
apt-get install -y python3-django
fi
}
install_daemon(){
echo -e "\n${GREEN}""${BOLD}""Install embark daemon""${NC}"
sed -i "s|{\$EMBARK_ROOT_DIR}|${PWD}|g" embark.service
if ! [[ -e /etc/systemd/system/embark.service ]] ; then
ln -s "${PWD}"/embark.service /etc/systemd/system/embark.service
fi
}
uninstall_daemon(){
echo -e "\n${ORANGE}""${BOLD}""Uninstalling embark daemon""${NC}"
if [[ -e /etc/systemd/system/embark.service ]] ; then
systemctl stop embark.service
systemctl disable embark.service
fi
sudo -u "${SUDO_USER:-${USER}}" git checkout HEAD -- embark.service
systemctl daemon-reload
}
install_embark_default(){
echo -e "\n${GREEN}""${BOLD}""Installation of the firmware scanning environment EMBArk""${NC}"
if [[ "${WSL}" -eq 1 ]]; then
echo -e "${RED}""${BOLD}""EMBArk currently does not support WSL in default mode. (only in Dev-mode)""${NC}"
fi
#debs
apt-get install -y -q default-libmysqlclient-dev build-essential mysql-client-core-8.0
# install pipenv
pip3.10 install pipenv
#Add user for server
if ! cut -d: -f1 /etc/passwd | grep -E www-embark ; then
useradd www-embark -G sudo -c "embark-server-user" -M -r --shell=/usr/sbin/nologin -d /var/www/embark
fi
# emba nopw
if ! grep 'www-embark ALL=(ALL) NOPASSWD: /var/www/emba/emba' /etc/sudoers ; then
echo 'www-embark ALL=(ALL) NOPASSWD: /var/www/emba/emba' | EDITOR='tee -a' visudo
fi
# pkill nopw
if ! grep 'www-embark ALL=(ALL) NOPASSWD: /bin/pkill' /etc/sudoers ; then
echo 'www-embark ALL=(ALL) NOPASSWD: /bin/pkill' | EDITOR='tee -a' visudo
fi
#Server-Dir
if ! [[ -d /var/www ]]; then
mkdir /var/www/
fi
if ! [[ -d /var/www/media ]]; then
mkdir /var/www/media
fi
if ! [[ -d /var/www/media/log_zip ]]; then
mkdir /var/www/media/log_zip
fi
if ! [[ -d /var/www/active ]]; then
mkdir /var/www/active
fi
if ! [[ -d /var/www/emba_logs ]]; then
mkdir /var/www/emba_logs
fi
if ! [[ -d /var/www/static ]]; then
mkdir /var/www/static
fi
if ! [[ -d /var/www/conf ]]; then
mkdir /var/www/conf
fi
# daemon
install_daemon
#add ssl cert
create_ca
#add dns name
dns_resolve
#install packages
cp ./Pipfile* /var/www/
(cd /var/www && MYSQLCLIENT_LDFLAGS='-L/usr/mysql/lib -lmysqlclient -lssl -lcrypto -lresolv' MYSQLCLIENT_CFLAGS='-I/usr/include/mysql/' PIPENV_VENV_IN_PROJECT=1 pipenv install)
# download externals
if ! [[ -d ./embark/static/external ]]; then
echo -e "\n${GREEN}""${BOLD}""Downloading of external files, e.g. jQuery, for the offline usability of EMBArk""${NC}"
mkdir -p ./embark/static/external/{scripts,css}
wget -O ./embark/static/external/scripts/jquery.js https://code.jquery.com/jquery-3.6.0.min.js
wget -O ./embark/static/external/scripts/confirm.js https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.js
wget -O ./embark/static/external/scripts/bootstrap.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js
wget -O ./embark/static/external/scripts/datatable.js https://cdn.datatables.net/v/bs5/dt-1.11.2/datatables.min.js
wget -O ./embark/static/external/scripts/charts.js https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js
wget -O ./embark/static/external/scripts/base64.js https://cdn.jsdelivr.net/npm/js-base64@3.7.5/+esm
wget -O ./embark/static/external/scripts/ansi_up.js https://cdn.jsdelivr.net/npm/ansi_up@6.0.2/ansi_up.min.js
wget -O ./embark/static/external/css/confirm.css https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.css
wget -O ./embark/static/external/css/bootstrap.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css
wget -O ./embark/static/external/css/datatable.css https://cdn.datatables.net/v/bs5/dt-1.11.2/datatables.min.css
find ./embark/static/external/ -type f -exec sed -i '/sourceMappingURL/d' {} \;
fi
# write env-vars into ./.env
write_env
if [[ "${WSL}" -eq 1 ]]; then
check_docker_wsl
fi
# download images for container
docker-compose pull
docker-compose up -d
# activate daemon
systemctl start embark.service
check_db
docker-compose stop
echo -e "${GREEN}""${BOLD}""Ready to use \$sudo ./run-server.sh ""${NC}"
echo -e "${GREEN}""${BOLD}""Which starts the server on (0.0.0.0) port 80 ""${NC}"
}
install_embark_dev(){
echo -e "\n${GREEN}""${BOLD}""Building Developent-Enviroment for EMBArk""${NC}"
# apt packages
apt-get install -y npm pycodestyle python3-pylint-django default-libmysqlclient-dev build-essential bandit yamllint mysql-client-core-8.0
# get geckodriver
wget https://github.com/mozilla/geckodriver/releases/download/v0.33.0/geckodriver-v0.33.0-linux64.tar.gz
tar -xvf geckodriver-v0.33.0-linux64.tar.gz
mv geckodriver /usr/local/bin
chmod +x /usr/local/bin/geckodriver
# npm packages
npm install -g jshint
# npm install -g dockerlinter
# install pipenv
pip3 install pipenv
#Add user nosudo
echo "${SUDO_USER:-${USER}}"" ALL=(ALL) NOPASSWD: ""${PWD}""/emba/emba" | EDITOR='tee -a' visudo
echo "${SUDO_USER:-${USER}}"" ALL=(ALL) NOPASSWD: /bin/pkill" | EDITOR='tee -a' visudo
echo "root ALL=(ALL) NOPASSWD: ""${PWD}""/emba/emba" | EDITOR='tee -a' visudo
echo "root ALL=(ALL) NOPASSWD: /bin/pkill" | EDITOR='tee -a' visudo
#pipenv
MYSQLCLIENT_LDFLAGS='-L/usr/mysql/lib -lmysqlclient -lssl -lcrypto -lresolv' MYSQLCLIENT_CFLAGS='-I/usr/include/mysql/' PIPENV_VENV_IN_PROJECT=1 pipenv install --dev
#Server-Dir
if ! [[ -d media ]]; then
mkdir media
fi
if ! [[ -d media/log_zip ]]; then
mkdir media/log_zip
fi
if ! [[ -d media ]]; then
mkdir static
fi
if ! [[ -d uploadedFirmwareImages ]]; then
mkdir uploadedFirmwareImages
fi
if ! [[ -d uploadedFirmwareImages/active/ ]]; then
mkdir uploadedFirmwareImages/active
fi
# download externals
if ! [[ -d ./embark/static/external ]]; then
echo -e "\n${GREEN}""${BOLD}""Downloading of external files, e.g. jQuery, for the offline usability of EMBArk""${NC}"
mkdir -p ./embark/static/external/{scripts,css}
wget -O ./embark/static/external/scripts/jquery.js https://code.jquery.com/jquery-3.6.0.min.js
wget -O ./embark/static/external/scripts/confirm.js https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.js
wget -O ./embark/static/external/scripts/bootstrap.js https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.bundle.min.js
wget -O ./embark/static/external/scripts/datatable.js https://cdn.datatables.net/v/bs5/dt-1.11.2/datatables.min.js
wget -O ./embark/static/external/scripts/charts.js https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js
wget -O ./embark/static/external/scripts/base64.js https://cdn.jsdelivr.net/npm/js-base64@3.7.5/+esm
wget -O ./embark/static/external/scripts/ansi_up.js https://cdn.jsdelivr.net/npm/ansi_up@6.0.2/ansi_up.min.js
wget -O ./embark/static/external/css/confirm.css https://cdnjs.cloudflare.com/ajax/libs/jquery-confirm/3.3.2/jquery-confirm.min.css
wget -O ./embark/static/external/css/bootstrap.css https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css
wget -O ./embark/static/external/css/datatable.css https://cdn.datatables.net/v/bs5/dt-1.11.2/datatables.min.css
find ./embark/static/external/ -type f -exec sed -i '/sourceMappingURL/d' {} \;
fi
# write env-vars into ./.env
write_env
chmod 644 .env
# download images for container
docker-compose pull
docker-compose up -d
check_db
docker-compose stop
echo -e "${GREEN}""${BOLD}""Ready to use \$sudo ./dev-tools/debug-server-start.sh""${NC}"
echo -e "${GREEN}""${BOLD}""Or use otherwise""${NC}"
}
uninstall (){
echo -e "[+]${CYAN}""${BOLD}""Uninstalling EMBArk""${NC}"
# check for changes
if [[ $(git status --porcelain --untracked-files=no --ignore-submodules=all) ]]; then
# Changes
echo -e "[!!]${RED}""${BOLD}""Changes detected - please stash or commit them ${ORANGE}( \$git stash )""${NC}"
git status
exit 1
fi
# delete directories
echo -e "${ORANGE}""${BOLD}""Delete Directories""${NC}"
if [[ -d /var/www ]]; then
rm -Rv /var/www
fi
if [[ -d ./media ]]; then
rm -Rv ./media
fi
if [[ -d ./active ]]; then
rm -Rv ./active
fi
if [[ -d ./static ]]; then
rm -Rv ./static
fi
if [[ -d ./embark/static/external ]]; then
rm -Rv ./embark/static/external
fi
if [[ -d ./cert ]]; then
rm -Rv ./cert
fi
if [[ -d ./.venv ]]; then
rm -Rvf ./.venv
fi
if [[ -d ./logs ]]; then
rm -Rvf ./logs
fi
if [[ "${REFORCE}" -eq 0 ]]; then
# user-files
if [[ -d ./emba_logs ]]; then
echo -e "${RED}""${BOLD}""Do you wish to remove the EMBA-Logs (and backups)""${NC}"
rm -RIv ./emba_logs
fi
if [[ -d ./embark_db ]]; then
echo -e "${RED}""${BOLD}""Do you wish to remove the database(and backups)""${NC}"
rm -RIv ./embark_db
if [[ -f ./safe/history.env ]]; then
echo -e "${RED}""${BOLD}""Moved old history file""${NC}"
mv --force ./safe/history.env ./safe/old_env_history
fi
fi
fi
# delete user www-embark and reset visudo
echo -e "${ORANGE}""${BOLD}""Delete user""${NC}"
if id -u www-embark &>/dev/null ; then
userdel www-embark
fi
# remove all emba/embark NOPASSWD entries into sudoer file
if grep -qE "NOPASSWD\:.*\/emba\/emba" /etc/sudoers ; then
echo -e "${ORANGE}""${BOLD}""Deleting EMBA NOPASSWD entries""${NC}"
sed -i '/NOPASSWD\:.*\/emba\/emba/d' /etc/sudoers
fi
if grep -qE "NOPASSWD\:.*\/bin\/pkill" /etc/sudoers ; then
echo -e "${ORANGE}""${BOLD}""Deleting pkill NOPASSWD entries""${NC}"
sed -i '/NOPASSWD\:.*\/bin\/pkill/d' /etc/sudoers
fi
# delete .env
echo -e "${ORANGE}""${BOLD}""Delete env""${NC}"
if [[ -f ./.env ]]; then
rm -Rvf ./.env
fi
# delete shared volumes and migrations
echo -e "${ORANGE}""${BOLD}""Delete migration-files""${NC}"
find . -path "*/migrations/*.py" -not -name "__init__.py" -delete
find . -path "*/migrations/*.pyc" -delete
# delete all docker interfaces and containers + images
reset_docker
echo -e "${ORANGE}""${BOLD}""Consider running " "${CYAN}""\$docker system prune""${NC}"
# delete/uninstall submodules
# emba
if [[ -d ./emba/external ]]; then
rm -r ./emba/external/
fi
# all submodules
if [[ ${REFORCE} -eq 1 ]]; then
sudo -u "${SUDO_USER:-${USER}}" git submodule status
else
if [[ $(sudo -u "${SUDO_USER:-${USER}}" git submodule foreach git status --porcelain --untracked-files=no) ]]; then
echo -e "[!!]${RED}""${BOLD}""Submodule changes detected - please commit them...otherwise they will be lost""${NC}"
read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r
fi
sudo -u "${SUDO_USER:-${USER}}" git submodule foreach git reset --hard
sudo -u "${SUDO_USER:-${USER}}" git submodule foreach git clean -f -x
sudo -u "${SUDO_USER:-${USER}}" git submodule deinit --all -f
fi
# stop&reset daemon
if [[ "${WSL}" -ne 1 ]]; then
uninstall_daemon
systemctl daemon-reload
fi
sudo -u "${SUDO_USER:-${USER}}" git checkout HEAD -- embark.service
# reset ownership etc
# reset server-certs
sudo -u "${SUDO_USER:-${USER}}" git checkout HEAD -- cert
# final
if [[ "${REFORCE}" -eq 0 ]]; then
sudo -u "${SUDO_USER:-${USER}}" git reset
rm -r ./safe
fi
echo -e "${ORANGE}""${BOLD}""Consider ""${CYAN}""\$git pull""${ORANGE}""${BOLD}"" and ""${CYAN}""\$git clean""${NC}"
}
echo -e "\\n${ORANGE}""${BOLD}""EMBArk Installer""${NC}\\n""${BOLD}=================================================================${NC}"
echo -e "${ORANGE}""${BOLD}""WARNING: This script can harm your environment!""${NC}\n"
import_helper
if [[ "${STRICT_MODE}" -eq 1 ]]; then
# http://redsymbol.net/articles/unofficial-bash-strict-mode/
# https://github.com/tests-always-included/wick/blob/master/doc/bash-strict-mode.md
set -e # Exit immediately if a command exits with a non-zero status
set -u # Exit and trigger the ERR trap when accessing an unset variable
set -o pipefail # The return value of a pipeline is the value of the last (rightmost) command to exit with a non-zero status
set -E # The ERR trap is inherited by shell functions, command substitutions and commands in subshells
shopt -s extdebug # Enable extended debugging
IFS=$'\n\t' # Set the "internal field separator"
trap 'wickStrictModeFail $? | tee -a /tmp/embark_installer.log' ERR # The ERR trap is triggered when a script catches an error
fi
if [ "$#" -ne 1 ]; then
echo -e "${RED}""${BOLD}""Invalid number of arguments""${NC}"
print_help
exit 1
fi
while getopts esFUrdDSh OPT ; do
case ${OPT} in
e)
export EMBA_ONLY=1
echo -e "${GREEN}""${BOLD}""Install only emba""${NC}"
;;
s)
export NO_EMBA=1
echo -e "${GREEN}""${BOLD}""Install without emba""${NC}"
;;
F)
export DEV=1
echo -e "${GREEN}""${BOLD}""Building Development-Enviroment""${NC}"
;;
U)
export UNINSTALL=1
echo -e "${GREEN}""${BOLD}""Uninstall EMBArk""${NC}"
;;
r)
export UNINSTALL=1
export REFORCE=1
echo -e "${GREEN}""${BOLD}""Re-Install all dependecies while keeping user-files""${NC}"
;;
d)
export DEFAULT=1
echo -e "${GREEN}""${BOLD}""Default installation of EMBArk""${NC}"
;;
S)
export STRICT_MODE=1
echo -e "${GREEN}""${BOLD}""Strict-mode enabled""${NC}"
;;
h)
print_help
exit 0
;;
*)
echo -e "${RED}""${BOLD}""Invalid option""${NC}"
print_help
exit 1
;;
esac
done
enable_strict_mode ${STRICT_MODE}
# WSL/OS version check
# WSL support - currently experimental!
if grep -q -i wsl /proc/version; then
echo -e "\n${ORANGE}INFO: System running in WSL environment!${NC}"
echo -e "\n${ORANGE}INFO: WSL is currently experimental!${NC}"
echo -e "\n${ORANGE}INFO: Ubuntu 22.04 is required for WSL!${NC}"
read -p "If you know what you are doing you can press any key to continue ..." -n1 -s -r
WSL=1
fi
if [[ ${EUID} -ne 0 ]]; then
echo -e "\\n${RED}""Run EMBArk installation script with root permissions!""${NC}\\n"
print_help
exit 1
fi
if [[ ${REFORCE} -eq 1 ]] && [[ ${UNINSTALL} -eq 1 ]]; then
save_old_env
uninstall
elif [[ ${UNINSTALL} -eq 1 ]]; then
save_old_env
uninstall
exit 0
fi
install_debs
# mark dir as safe for git
sudo -u "${SUDO_USER:-${USER}}" git config --global --add safe.directory "${PWD}"
if [[ "${NO_EMBA}" -eq 0 ]]; then
install_emba
fi
if [[ "${EMBA_ONLY}" -eq 1 ]]; then
exit 0
fi
if [[ ${DEFAULT} -eq 1 ]]; then
install_embark_default
elif [[ ${DEV} -eq 1 ]]; then
install_embark_dev
fi
exit 0