diff --git a/src/freedombone-app-keyserver b/src/freedombone-app-keyserver index c2299b99..7001920d 100755 --- a/src/freedombone-app-keyserver +++ b/src/freedombone-app-keyserver @@ -66,7 +66,7 @@ function keyserver_watchdog { read_config_param KEYSERVER_DOMAIN_NAME # check database size hourly - keyserver_watchdog_script=/etc/cron.hourly/keyserver-watchdog + keyserver_watchdog_script=/tmp/keyserver-watchdog echo '#!/bin/bash' > $keyserver_watchdog_script echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script @@ -80,8 +80,18 @@ function keyserver_watchdog { echo " echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script echo ' fi' >> $keyserver_watchdog_script echo 'fi' >> $keyserver_watchdog_script - chmod +x $keyserver_watchdog_script + + if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then + cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog + else + HASH1=$(sha256sum $keyserver_watchdog_script | awk -F ' ' '{print $1}') + HASH2=$(sha256sum /etc/cron.hourly/keyserver-watchdog | awk -F ' ' '{print $1}') + if [[ "$HASH1" != "$HASH2" ]]; then + cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog + fi + fi + rm $keyserver_watchdog_script } diff --git a/src/freedombone-base-email b/src/freedombone-base-email index 4e576aee..22bf49cf 100755 --- a/src/freedombone-base-email +++ b/src/freedombone-base-email @@ -326,11 +326,10 @@ function encrypt_all_email { fi if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then - cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir + cp -u /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir else - cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir + cp -u /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir fi - chmod +x /usr/bin/encmaildir if [[ $(is_completed $FUNCNAME) == "1" ]]; then return @@ -1648,7 +1647,7 @@ function configure_gpg { } function refresh_gpg_keys { - REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys + REFRESH_GPG_KEYS_SCRIPT=/tmp/update-gpg-keys echo '#!/bin/bash' > $REFRESH_GPG_KEYS_SCRIPT echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then" >> $REFRESH_GPG_KEYS_SCRIPT echo " /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT @@ -1658,6 +1657,18 @@ function refresh_gpg_keys { echo 'exit 0' >> $REFRESH_GPG_KEYS_SCRIPT chmod +x $REFRESH_GPG_KEYS_SCRIPT + if [ ! -f /usr/bin/update-gpg-keys ]; then + cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys + else + HASH1=$(sha256sum $REFRESH_GPG_KEYS_SCRIPT | awk -F ' ' '{print $1}') + HASH2=$(sha256sum /usr/bin/update-gpg-keys | awk -F ' ' '{print $1}') + if [[ "$HASH1" != "$HASH2" ]]; then + cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys + fi + rm $REFRESH_GPG_KEYS_SCRIPT + fi + + REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys if grep -q "${PROJECT_NAME}-sec" /etc/crontab; then sed -i "/${PROJECT_NAME}-sec /d" /etc/crontab fi diff --git a/src/freedombone-client b/src/freedombone-client index 6893872c..8645f15b 100755 --- a/src/freedombone-client +++ b/src/freedombone-client @@ -96,7 +96,7 @@ function refresh_gpg_keys { fi sudo cp /etc/crontab ~/temp_crontab sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab - if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then + if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then echo "0 */$REFRESH_GPG_KEYS_HOURS * * * $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab sudo cp ~/temp_crontab /etc/crontab sudo chown root:root /etc/crontab diff --git a/src/freedombone-utils-git b/src/freedombone-utils-git index 310e64e4..883be12d 100755 --- a/src/freedombone-utils-git +++ b/src/freedombone-utils-git @@ -95,10 +95,10 @@ function set_repo_commit { chown -R www-data:www-data $repo_dir fi if [[ $repo_dir == *"gpgit" ]]; then - cp gpgit.pl /usr/bin/gpgit.pl + cp -u gpgit.pl /usr/bin/gpgit.pl fi if [[ $repo_dir == *"cleanup-maildir" ]]; then - cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin + cp -u $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin fi if [[ $repo_dir == *"nginx_ensite" ]]; then make install diff --git a/src/freedombone-utils-setup b/src/freedombone-utils-setup index f525ef99..e0fbe7f1 100755 --- a/src/freedombone-utils-setup +++ b/src/freedombone-utils-setup @@ -145,7 +145,9 @@ function separate_tmp_filesystem { } function proc_filesystem_settings { - sed -i 's|proc /proc proc defaults |proc /proc proc defaults,nodev,nosuid |g' /etc/fstab + if ! grep -q "proc proc defaults,nodev,nosuid " /etc/fstab; then + sed -i 's|proc /proc proc defaults |proc /proc proc defaults,nodev,nosuid |g' /etc/fstab + fi } function remove_bluetooth { diff --git a/src/freedombone-utils-upgrade b/src/freedombone-utils-upgrade index e3aebd5c..2b0894fc 100755 --- a/src/freedombone-utils-upgrade +++ b/src/freedombone-utils-upgrade @@ -32,7 +32,16 @@ UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade" function create_upgrade_script { - cp $(which ${PROJECT_NAME}-upgrade) /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + upgrade_command_file=$(which ${PROJECT_NAME}-upgrade) + if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then + cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + else + HASH1=$(sha256sum $upgrade_command_file | awk -F ' ' '{print $1}') + HASH2=$(sha256sum /etc/cron.weekly/$UPGRADE_SCRIPT_NAME | awk -F ' ' '{print $1}') + if [[ "$HASH1" != "$HASH2" ]]; then + cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME + fi + fi if [[ $(is_completed $FUNCNAME) == "1" ]]; then return diff --git a/src/freedombone-utils-web b/src/freedombone-utils-web index 3856d883..1aa1de9d 100755 --- a/src/freedombone-utils-web +++ b/src/freedombone-utils-web @@ -318,8 +318,8 @@ function letsencrypt_renewals { return fi - renewals_script=/etc/cron.monthly/letsencrypt - renewals_retry_script=/etc/cron.daily/letsencrypt + renewals_script=/tmp/renewals_letsencrypt + renewals_retry_script=/tmp/renewals_retry_letsencrypt renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed' renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal' @@ -361,6 +361,17 @@ function letsencrypt_renewals { echo 'fi' >> $renewals_script chmod +x $renewals_script + if [ ! -f /etc/cron.monthly/letsencrypt ]; then + cp $renewals_script /etc/cron.monthly/letsencrypt + else + HASH1=$(sha256sum $renewals_script | awk -F ' ' '{print $1}') + HASH2=$(sha256sum /etc/cron.monthly/letsencrypt | awk -F ' ' '{print $1}') + if [[ "$HASH1" != "$HASH2" ]]; then + cp $renewals_script /etc/cron.monthly/letsencrypt + fi + fi + rm $renewals_script + # a secondary script keeps trying to renew after a failure echo '#!/bin/bash' > $renewals_retry_script echo '' >> $renewals_retry_script @@ -398,6 +409,17 @@ function letsencrypt_renewals { echo ' fi' >> $renewals_retry_script echo 'fi' >> $renewals_retry_script chmod +x $renewals_retry_script + + if [ ! -f /etc/cron.daily/letsencrypt ]; then + cp $renewals_retry_script /etc/cron.daily/letsencrypt + else + HASH1=$(sha256sum $renewals_retry_script | awk -F ' ' '{print $1}') + HASH2=$(sha256sum /etc/cron.daily/letsencrypt | awk -F ' ' '{print $1}') + if [[ "$HASH1" != "$HASH2" ]]; then + cp $renewals_retry_script /etc/cron.daily/letsencrypt + fi + fi + rm $renewals_retry_script } function configure_php {