insert-update

#!/bin/bash
# User should put the real keys in $insertKeys (see ~/.freenetrc)
# Format of keys file: NEWKEY=[SSK private URI]
# We used to also include OLDKEY, but this is not used any more, since the transition version is the last build inserted on the old key and the first inserted on the new key.

# release or testing
TARGET="$1"

# when uploading to multiple keys (i.e. java 7 and java 8), we need an identifier-fragment to allow multiple simultaneous uploads
ID_FRAGMENT="$2"

# Load configuration and utility functions.
source freenet-scripts-common || exit

SEEDNODESFILE="$releaseDir/seednodes.fref"

getBuildInfo $TARGET
if [[ -z "$gitVersion" ]]; then echo Could not get git version; exit 1; fi

echo Build number $buildNumber git tag $gitVersion

# The auto-update keys should never, EVER be written to disk in plaintext.
# /tmp is a tmpfs on encrypted swap, right?
# PARANOIA: Maybe we should check :)
KEYS="$(mktemp -d -p /tmp temp.XXXXXXXX)"
if [ ! -f "$countryDataFile" ]; then echo WARNING: Inserting without country data; fi
# Decrypt the keys.
gpg -o $KEYS/keys "$insertKeys" || exit
(cat $KEYS/keys; echo) | grep "NEWKEY=" | sed -n "s/NEWKEY=//p" | sed "s/^\"\(.*\)\"$/\1/" | tr --delete "\n\"" > $KEYS/barekey
if test ! -s $KEYS/barekey; then
	# May be bare key already as generated by generate_autoupdate_key.
	cat $KEYS/keys | tr --delete "\n/" > $KEYS/barekey
	if test ! -s $KEYS/barekey; then
		echo Empty key???
		exit 1
	fi
fi
FILENAME="$releaseDir/freenet-$gitVersion.jar"
SOURCENAME="$releaseDir/freenet-$gitVersion-source.tar.bz2"
if [[ ! -e "$FILENAME" ]]; then echo Jar not found; exit; fi
if [[ ! -e "$SOURCENAME" ]]; then echo Source not found; exit; fi
echo Inserting update for build number $buildNumber

# SECURITY: Insert via secondary testing node, NOT VIA MAIN NODE
# This avoids the insert keys ever being known to the main node.
# REDFLAG IT IS NEVER SAFE TO INSERT A BUILD ON A DEVELOPMENT NODE!!!!!
PORT="$fcpUpdatePort"

TEMPFILE="$(mktemp /tmp/insert.temp.XXXXXXXXXX)"
# TODO Consider not using a tempfile.
# Obvious way to do this is (.....) | nc ...
# The error messages would need to be echo Blah >&2, which they are not now.
# However, we need to be able to exit the whole script from within the parentheses...
echo Temp file $TEMPFILE
echo ClientHello > $TEMPFILE
echo "Name=Toad-update-$buildNumber" >> $TEMPFILE
echo ExpectedVersion=2 >> $TEMPFILE
echo End >> $TEMPFILE
echo >> $TEMPFILE

INSTALLERFILE=$releaseDir/new_installer_offline_$buildNumber.jar
WININSTALLERFILE=$releaseDir/FreenetInstaller-$buildNumber.exe

if [[ ! -f "$INSTALLERFILE" ]]
then
  echo Installer file does not exist: "$INSTALLERFILE"
  exit
else
  if [[ ! -f "$WININSTALLERFILE" ]]
  then
    echo '!!!!!! !!!!!!'
    echo Windows installer file does not exist: "$WININSTALLERFILE"
    echo You MUST run the insertion again once the wininstaller has been built.
    echo '!!!!!! !!!!!!'
    # exit
  fi
fi

for WHAT in binary source installer wininstaller seednodes changelog fullchangelog iptocountryv4; do

# Insert the binary LAST so that the node doesn't restart before completing the insert.
# Of course, you should run this against the testing node which should already be running the new version, so won't restart.
PCLASS=1
IDENT="update-new-${buildNumber}-${ID_FRAGMENT}"
if [[ $WHAT == "source" ]]; then
  INSERTFILE=$SOURCENAME
  PCLASS=$((PCLASS+3))
  URIEND=/update-source-$buildNumber
  IDENT=${IDENT}-source
fi
if [[ $WHAT == "installer" ]]; then
  INSERTFILE=$INSTALLERFILE
  URIEND=/installer-$buildNumber
  IDENT=${IDENT}-installer
  PCLASS=$((PCLASS+2))
fi
if [[ $WHAT == "wininstaller" ]]; then
  INSERTFILE=$WININSTALLERFILE
  URIEND=/wininstaller-${buildNumber}
  IDENT=${IDENT}-wininstaller
  PCLASS=$((PCLASS+2))
fi
if [[ $WHAT == "binary" ]]; then
  INSERTFILE=$FILENAME
  URIEND=/jar-$buildNumber
  PCLASS=$((PCLASS))
fi
if [[ $WHAT == "seednodes" ]]; then
  INSERTFILE=$SEEDNODESFILE
  URIEND=/seednodes-$buildNumber
  IDENT=${IDENT}-seednodes
fi
if [[ $WHAT == "changelog" ]]; then
  INSERTFILE=$releaseDir/changelog.short.$gitVersion.txt
  URIEND=/changelog-$buildNumber
  IDENT=${IDENT}-changelog
fi
if [[ $WHAT == "fullchangelog" ]]; then
  INSERTFILE=$releaseDir/changelog.full.$gitVersion.txt
  URIEND=/fullchangelog-$buildNumber
  IDENT=${IDENT}-fullchangelog
fi
if [[ $WHAT == "iptocountryv4" ]]; then
  INSERTFILE=$countryDataFile
  URIEND=/iptocountryv4-$buildNumber
  IDENT=${IDENT}-iptocountryv4
  PCLASS=$((PCLASS+2))
fi
if [[ ! -e "$INSERTFILE" ]]; then
    echo "File $INSERTFILE missing"
   if [[ $WHAT == "wininstaller" ]]; then
       continue
   else
       exit 5
   fi
fi
echo ClientPut >> $TEMPFILE
# Turn off compression: Limit possibilities for things breaking
echo "DontCompress=true" >> $TEMPFILE
# Force a specific compatibility mode. This should be whatever was current at the time of the last transition build.
echo "CompatibilityMode=COMPAT_1416" >> $TEMPFILE
# Add the actual private URI
echo -n "URI=" >> $TEMPFILE
cat $KEYS/barekey >> $TEMPFILE
echo "$URIEND" >> $TEMPFILE
echo "Identifier=$IDENT" >> $TEMPFILE
# Keep on retrying the insert until it succeeds.
echo MaxRetries=-1 >> $TEMPFILE
echo UploadFrom=direct >> $TEMPFILE
# TODO: wc -c instead of relying on the ls -l format?
echo DataLength=$(ls -l $INSERTFILE | cut -d " " -f 5) >> $TEMPFILE
# SECURITY: Persistence=reboot so the keys are never written to disk
echo Persistence=reboot >> $TEMPFILE
echo PriorityClass=$PCLASS >> $TEMPFILE
echo Global=true >> $TEMPFILE
echo End >> $TEMPFILE
# Send the data after the message
cat $INSERTFILE >> $TEMPFILE

done

SCRIPT=$KEYS/script

cat $TEMPFILE | nc 127.0.0.1 $PORT | sed "/^URI=/d"

rm -Rf $KEYS
rm -Rf $TEMPFILE

#jobs
#wait %1
#wait %2
#wait %3
#wait %4