1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
#!/bin/bash
#
# DESCRIPTION:
# Initialization for manually installed systems
#
# USAGE:
# 1. Install a stock Ubuntu image
# 2. After the installation, run this script
# Usage: sudo bash init-selftest.sh [options]
# Options: -h Show help message
# -s, --sid SID Assign the SecureID
# -u, --user USER C3 Username
# -k, --key API_KEY C3 API key
# --stable Use the stable ppa
# Po-Hsu Lin <po-hsu.lin@canonical.com>
#
### User Modification Area ##########
BTServer="00:02:72:3E:83:D6"
#cfgFN_legacy="/usr/share/checkbox/configs/checkbox.ini"
cfgFN_NG="/etc/xdg/checkbox.conf"
#sidFN="/etc/checkbox.d/checkbox-certification.ini"
PPA="dev"
# not necessary, just for convenience
PKG="vim openssh-server python-opencv bzr python-apport"
# gallery-app is not available in Precise
if [ "`lsb_release -c | awk '{print$2}'`" == "trusty" ]; then
PKG="$PKG gallery-app"
fi
### End of User Modification Area ###
SecureID=""
Account=""
Key=""
# Function for checking result
function checker {
if [ $? -eq 0 ]; then
echo -e "\t[\033[1;32mPASSED\033[m]"
else
echo -e "\t[\033[1;31mFAILED\033[m]"
[ -n "$1" ] && echo "$1" && exit
fi
}
# Argument parser
while [[ $# > 0 ]]
do
flag="$1"
shift
case $flag in
-s|--sid)
SecureID="$1"
shift
;;
-u|--user)
Account="$1"
shift
;;
-k|--key)
Key="$1"
shift
;;
--stable)
PPA="stable"
;;
--sru)
# so the system could be a self-test system in the SRU pool
PKG="$PKG checkbox-autostart-desktop plainbox-provider-sru"
;;
-n)
# so the system could be ready for n+1 test.
PKG="$PKG plainbox-provider-certification-client canonical-certification-client"
;;
-c)
hostname=`hostname`
SecureID=`grep $hostname $1 | awk {'print $2'}`
shift
;;
-h|--help)
echo "Usage: sudo bash init-selftest.sh [options]"
echo ""
echo "Options:"
echo -e " -h,\t--help\t\tShow this help message and exit"
echo -e " -s,\t--sid SID\tAssign the SecureID"
echo -e " -u,\t--user USER\tC3 Username"
echo -e " -k,\t--key API_KEY\tC3 API key"
echo -e " --stable\t\t\tUse the stable PPA instead of the default dev PPA"
echo -e " --sru\t\t\tThe system could be a self-test system in the SRU pool"
echo -e " -n\t\t\tThe system could be ready for n+1 test"
echo -e " -c\t\t\tUse CID-SecureID table to specify secure ID. It is usually init-selftest.dat."
exit
;;
esac
done
if [ "`whoami`" != "root" ]; then
echo "Must run as root!!!"
exit
fi
# Check network connection
echo -e "Checking your network connection: \c"
wget -O /dev/null -q --tries=3 --timeout=20 http://cdimage.ubuntu.com
checker "Please check your network connection"
# Update PCI ID database
echo -e "Updating the PCI ID database: \t\c"
update-pciids > /dev/null
checker
# Update USB ID database
echo -e "Updating the USB ID database: \t\c"
update-usbids &> /dev/null
checker
# Check SID argument, fetch it if necessary
if [ -z "$SecureID" ]; then
if [ -z "$Account" ] || [ -z "$Key" ]; then
echo "No SecureID, you will need to enter it manually later."
else
echo -e "Fetching hardware info through C3 API:\c"
C3Link="https://certification.canonical.com/api/v1/hardware/`hostname`/?username=$Account&api_key=$Key"
# note: logname command does not work correctly on Xenial. Use environment variable USER instead.
sudo -u $USER wget $C3Link -O /tmp/C3.txt -o wget.log
checker "Failed to fetch, please check wget.log"
echo -e "Parsing the SecureID from file: \c"
SecureID=`awk < /tmp/C3.txt -F'secure_id"\: "' '{print $3}'| awk -F'",' '{print $1}'`
checker "Failed to parse, please check /tmp/C3.txt"
echo -e "SecureID: \033[1;33m$SecureID\033[m"
echo "You could double check this on: https://certification.canonical.com/hardware/`hostname`"
fi
fi
echo -e "The Secure ID is: " $SecureID
# Check sudoer status
echo -e "Adding NOPASSWD in /etc/sudoers: \c"
grep "ubuntu ALL=NOPASSWD: ALL" /etc/sudoers > /dev/null || echo "ubuntu ALL=NOPASSWD: ALL" >> /etc/sudoers
checker
echo -e "Changing timeout in /etc/sudoers: \c"
grep "env_reset,timestamp_timeout=1440" /etc/sudoers > /dev/null || sed -i.bak 's/env_reset/env_reset,timestamp_timeout=1440/g' /etc/sudoers
checker
# Adding Secure ID
echo -e "Editing config $cfgFN_NG: \c"
if [ -n "$SecureID" ]; then
# Check existence first
[ -f $cfgFN_NG ] && grep "secure_id = $SecureID" $cfgFN_NG > /dev/null
if [ $? -ne 0 ]; then
cat > $cfgFN_NG <<- EOF
[common]
welcome_text=configuration generated by init-selftest.sh
[submission]
submit_to_c3 = yes
[sru]
secure_id = $SecureID
fallback_file = /tmp/$SecureID.xml
# whitelist = /usr/share/2013.com.canonical.certification:certification-client/whitelists/client-cert.whitelist
# c3_url = https://certification.canonical.com/submissions/submit/
EOF
fi
fi
checker
# Setting up environment
echo -e "Setting up testing environment: \c"
grep "environment" $cfgFN_NG > /dev/null
if [ $? -ne 0 ]; then
cat >> $cfgFN_NG <<- EOF
[environment]
ROUTERS = multiple
WPA_BG_SSID = ubuntu-cert-bg-wpa
WPA_BG_PSK = insecure
WPA_N_SSID = ubuntu-cert-n-wpa
WPA_N_PSK = insecure
WPA_AC_SSID = ubuntu-cert-ac-wpa
WPA_AC_PSK = insecure
OPEN_BG_SSID = ubuntu-cert-bg-open
OPEN_N_SSID = ubuntu-cert-n-open
OPEN_AC_SSID = ubuntu-cert-ac-open
BTDEVADDR = 00:02:72:3E:83:D6
TRANSFER_SERVER = cdimage.ubuntu.com
EOF
fi
checker
# Selecting PPA
package_basic="checkbox-ng plainbox-insecure-policy plainbox-provider-checkbox plainbox-provider-resource-generic"
case $PPA in
"stable")
apt-add-repository -y ppa:hardware-certification/public
apt-get update
apt-get install -y $package_basic $PKG
;;
*)
apt-add-repository -y ppa:checkbox-dev
if [ `grep "precise" /etc/lsb-release` ]; then
add-apt-repository -y ppa:ubuntu-sdk-team/ppa
fi
apt-get update
apt-get install -y $package_basic $PKG
;;
esac
# Fetching Component Pre-Checker
echo -e "Fetching T-Cell the Component Pre-Checker: \c"
sudo -u $USER bzr branch --use-existing-dir lp:t-cell ~/t-cell 2>/dev/null
checker
## Run shutter first, to do the initialization
echo -e "Running shutter once to initialize it: \t\c"
sudo -u $USER shutter -f -e --disable_systray &> /dev/null
checker
## Put Secure ID into the canonical-certification-client launcher
if [ ! -z "$SecureID" ]; then
echo -e "Setting up Secure ID in checkbox launcher: \c"
sed -i "s/\[submission\]/\[submission\]\nsecure_id = \"$SecureID\"/" /usr/bin/canonical-certification-client
checker
fi
#if [ -n "$SecureID" ]; then
# # Check existence first
# grep "secure_id = $SecureID" $sidFN > /dev/null
# if [ $? -eq 1 ]; then
# echo "[checkbox-certification/plugins/certify_prompt]" >> $sidFN
# echo "secure_id = $SecureID" >> $sidFN
# fi
#fi
## Wireless APs (Check existence first)
#grep "\[checkbox/plugins/environment_info]" $cfgFN_legacy > /dev/null
#if [ $? -eq 1 ]; then
# echo "Configuring Wireless and the Bluetooth server, address: " $BTServer
# cat >> $cfgFN_legacy <<- EOF
# [checkbox/plugins/environment_info]
# btdevaddr = $BTServer
# routers = multiple
# wpa_bg_ssid = ubuntu-cert-bg-wpa
# wpa_bg_psk = insecure
# open_bg_ssid = ubuntu-cert-bg-open
# wpa_n_ssid = ubuntu-cert-n-wpa
# wpa_n_psk = insecure
# open_n_ssid = ubuntu-cert-n-open
# wpa_ac_ssid = ubuntu-cert-ac-wpa
# wpa_ac_psk = insecure
# open_ac_ssid = ubuntu-cert-ac-open
# EOF
#fi
# Run the Component Pre-Checker
cd ~/t-cell; python RunMe.py
|