bootstrap: Fix TLS, check if .entware exists, and improve error messages#423
Merged
Conversation
This PR contains several fixes for the bootstrap script. * If the standalone `wget` binary cannot be fetched, a more helpful error message is printed instead of the catch-all error message (see #422). * The standalone `wget` binary is fetched over HTTP instead of HTTPS, since the implementation of TLS in Busybox’s wget causes issues with the latest version of nginx. This does not reduce security since the checksum is still verified after fetching the binary (fixes #422, I believe). * Abort installation if `/home/root/.entware` already exists. Previously, only the existence of `/opt` was checked, leading to #409. Test plan (on rM1 and rM2): * Try to run the script normally. Issue #422 should be fixed and the install should proceed. * Try to run the script while not being connected to Wi-Fi. Expected output: ```sh INFO: Fetching secure wget wget: bad address 'toltec-dev.org' ERROR: Could not fetch wget, make sure you have a stable Wi-Fi connection ``` * Try to run it with `127.0.0.1 toltec-dev.org` in `/etc/hosts`. Expected output: ```sh INFO: Fetching secure wget wget: can't connect to remote host (127.0.0.1): Connection refused ERROR: Could not fetch wget, make sure you have a stable Wi-Fi connection ``` * Starting from a complete Toltec install, unmount /opt (`systemctl stop opt.mount`) and remove the /opt folder. Try to run the script. Expected output: ```sh INFO: Toltec is already installed or partially installed INFO: To re-enable Toltec after a system upgrade, run 'toltecctl reenable' INFO: To reinstall Toltec, run 'toltecctl uninstall' first ```
This was
linked to
issues
Aug 29, 2021
This was referenced Aug 30, 2021
Member
Author
|
Thanks! |
matteodelabre
added a commit
that referenced
this pull request
Sep 25, 2021
Fixes: * TLS issues with the bootstrap script (#422, #423) * Bootstrap script could overwrite existing installs (#409, #423) Updated packages: * fbink, fbdepth, fbink-doom - 1.24.0-1 (#425) * innernet - 1.4.1-2 (#420) * koreader - 2021.09-1 (#436) * remux - 0.1.9-5 (#431) (fixes 2.9 issues) * toltec-bootstrap - 0.2.0-1
matteodelabre
added a commit
that referenced
this pull request
Oct 4, 2021
Fixes: * TLS issues with the bootstrap script (#422, #423) * Bootstrap script could overwrite existing installs (#409, #423) Updated packages: * fbink, fbdepth, fbink-doom - 1.24.0-1 (#425) * innernet - 1.4.1-2 (#420) * koreader - 2021.09-1 (#436) * remux - 0.1.9-5 (#431) (fixes 2.9 issues) * toltec-bootstrap - 0.2.0-1
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains several fixes for the bootstrap script.
wgetbinary cannot be fetched, a more helpful error message is printed instead of the catch-all error message (see bootstrap fails on line 96 while fetching standalone wget due to a TLS error #422).wgetbinary is fetched over HTTP instead of HTTPS, since the implementation of TLS in Busybox’s wget causes issues with the latest version of nginx. This does not reduce security since the checksum is still verified after fetching the binary (fixes bootstrap fails on line 96 while fetching standalone wget due to a TLS error #422, I believe)./home/root/.entwarealready exists. Previously, only the existence of/optwas checked, leading to bootstrap can overwrite existing installs when run after a system upgrade #409.Test plan (on rM1 and rM2):
INFO: Fetching secure wget wget: bad address 'toltec-dev.org' ERROR: Could not fetch wget, make sure you have a stable Wi-Fi connection127.0.0.1 toltec-dev.orgin/etc/hosts. Expected output:systemctl stop opt.mount) and remove the /opt folder. Try to run the script. Expected output: