From 65eb520cca600c36757d1ef3d6be5962965af415 Mon Sep 17 00:00:00 2001
From: Aiden McClelland <3732071+dr-bonez@users.noreply.github.com>
Date: Fri, 17 Mar 2023 12:08:49 -0600
Subject: [PATCH] disable apt and add script for persisting apt pkgs (#2225)

* disable apt and add script for persisting apt pkgs

* fix typo

* exit 1 on fake-apt

* readd fake-apt after upgrade

* fix typo

* remove finicky protection

* fix build
---
 build/lib/depends                     |  1 +
 build/lib/scripts/chroot-and-upgrade  | 13 ++++++++++++-
 build/lib/scripts/enable-kiosk        |  4 ++--
 build/lib/scripts/fake-apt            | 21 +++++++++++++++++++++
 build/lib/scripts/persist-apt-install | 20 ++++++++++++++++++++
 build/lib/scripts/postinst            |  4 ++++
 6 files changed, 60 insertions(+), 3 deletions(-)
 create mode 100755 build/lib/scripts/fake-apt
 create mode 100755 build/lib/scripts/persist-apt-install

diff --git a/build/lib/depends b/build/lib/depends
index 505bd9497..46b21caa8 100644
--- a/build/lib/depends
+++ b/build/lib/depends
@@ -32,3 +32,4 @@ rsync
 systemd-timesyncd
 magic-wormhole
 nyx
+bash-completion
\ No newline at end of file
diff --git a/build/lib/scripts/chroot-and-upgrade b/build/lib/scripts/chroot-and-upgrade
index 60dba4e87..5a50bd1e9 100755
--- a/build/lib/scripts/chroot-and-upgrade
+++ b/build/lib/scripts/chroot-and-upgrade
@@ -13,17 +13,28 @@ mkdir -p /media/embassy/next/run
 mkdir -p /media/embassy/next/dev
 mkdir -p /media/embassy/next/sys
 mkdir -p /media/embassy/next/proc
+mkdir -p /media/embassy/next/boot
 mount --bind /run /media/embassy/next/run
 mount --bind /dev /media/embassy/next/dev
 mount --bind /sys /media/embassy/next/sys
 mount --bind /proc /media/embassy/next/proc
+mount --bind /boot /media/embassy/next/boot
 
-chroot /media/embassy/next
+rm /media/embassy/next/usr/local/bin/apt
+rm /media/embassy/next/usr/local/bin/apt-get
+rm /media/embassy/next/usr/local/bin/aptitude
+
+chroot /media/embassy/next $@
+
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/apt
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/apt-get
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/aptitude
 
 umount /media/embassy/next/run
 umount /media/embassy/next/dev
 umount /media/embassy/next/sys
 umount /media/embassy/next/proc
+umount /media/embassy/next/boot
 
 echo 'Upgrading...'
 
diff --git a/build/lib/scripts/enable-kiosk b/build/lib/scripts/enable-kiosk
index 9bf557be2..9a3eb0d61 100755
--- a/build/lib/scripts/enable-kiosk
+++ b/build/lib/scripts/enable-kiosk
@@ -3,8 +3,8 @@
 set -e
 
 # install dependencies
-apt update
-apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
+/usr/bin/apt update
+/usr/bin/apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
 
 # create kiosk script
 cat > /home/start9/kiosk.sh << 'EOF'
diff --git a/build/lib/scripts/fake-apt b/build/lib/scripts/fake-apt
new file mode 100755
index 000000000..8746e2c91
--- /dev/null
+++ b/build/lib/scripts/fake-apt
@@ -0,0 +1,21 @@
+#!/bin/bash
+
+>&2 echo 'THIS IS NOT A STANDARD DEBIAN SYSTEM'
+>&2 echo 'USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR EMBASSY'
+>&2 echo 'PLEASE TURN BACK NOW!!!'
+if [ "$1" == "upgrade" ] && [ "$(whoami)" == "root" ]; then
+    >&2 echo 'IF YOU THINK RUNNING "sudo apt upgrade" IS A REASONABLE THING TO DO ON THIS SYSTEM, YOU PROBABLY SHOULDN'"'"'T BE ON THE COMMAND LINE.'
+    >&2 echo 'YOU ARE BEING REMOVED FROM THIS SESSION FOR YOUR OWN SAFETY.'
+    pkill -9 -t $(tty | sed 's|^/dev/||g')
+fi
+>&2 echo
+>&2 echo 'If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:'
+>&2 echo '    sudo rm /usr/local/bin/apt'
+>&2 echo
+>&2 echo 'Otherwise, what you probably want to do is run:'
+>&2 echo '    sudo /usr/lib/embassy/scripts/chroot-and-upgrade'
+>&2 echo 'You can run apt in this context to add packages to your system.'
+>&2 echo 'When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.'
+>&2 echo 'This is still NOT RECOMMENDED if you don'"'"'t know what you are doing, but at least isn'"'"'t guaranteed to break things.'
+
+exit 1
\ No newline at end of file
diff --git a/build/lib/scripts/persist-apt-install b/build/lib/scripts/persist-apt-install
new file mode 100755
index 000000000..3ed5c24b1
--- /dev/null
+++ b/build/lib/scripts/persist-apt-install
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    >&2 echo "usage: $0 <PACKAGE_NAME>"
+    exit 1
+fi
+
+TO_INSTALL=()
+while [ -n "$1" ]; do
+    if ! dpkg -s "$1"; then
+        TO_INSTALL+=("$1")
+    fi
+    shift
+done
+
+if [ ${#TO_INSTALL[@]} -ne 0 ]; then
+/usr/lib/embassy/scripts/chroot-and-upgrade << EOF
+apt-get update && apt-get install -y ${TO_INSTALL[@]}
+EOF
+fi
\ No newline at end of file
diff --git a/build/lib/scripts/postinst b/build/lib/scripts/postinst
index dcd714d4c..a999b8c9b 100755
--- a/build/lib/scripts/postinst
+++ b/build/lib/scripts/postinst
@@ -112,3 +112,7 @@ rm -f /etc/motd
 ln -sf /usr/lib/embassy/motd /etc/update-motd.d/00-embassy
 chmod -x /etc/update-motd.d/*
 chmod +x /etc/update-motd.d/00-embassy
+
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/apt
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/apt-get
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/aptitude
\ No newline at end of file