disable apt and add script for persisting apt pkgs (#2225)

* disable apt and add script for persisting apt pkgs

* fix typo

* exit 1 on fake-apt

* readd fake-apt after upgrade

* fix typo

* remove finicky protection

* fix build

build/lib/depends

@@ -32,3 +32,4 @@ rsync
 systemd-timesyncd
 magic-wormhole
 nyx
+bash-completion

build/lib/scripts/chroot-and-upgrade

@@ -13,17 +13,28 @@ mkdir -p /media/embassy/next/run
 mkdir -p /media/embassy/next/dev
 mkdir -p /media/embassy/next/sys
 mkdir -p /media/embassy/next/proc
+mkdir -p /media/embassy/next/boot
 mount --bind /run /media/embassy/next/run
 mount --bind /dev /media/embassy/next/dev
 mount --bind /sys /media/embassy/next/sys
 mount --bind /proc /media/embassy/next/proc
+mount --bind /boot /media/embassy/next/boot
 
-chroot /media/embassy/next
+rm /media/embassy/next/usr/local/bin/apt
+rm /media/embassy/next/usr/local/bin/apt-get
+rm /media/embassy/next/usr/local/bin/aptitude
+
+chroot /media/embassy/next $@
+
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/apt
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/apt-get
+ln -sf /usr/lib/embassy/scripts/fake-apt /media/embassy/next/usr/local/bin/aptitude
 
 umount /media/embassy/next/run
 umount /media/embassy/next/dev
 umount /media/embassy/next/sys
 umount /media/embassy/next/proc
+umount /media/embassy/next/boot
 
 echo 'Upgrading...'
 

build/lib/scripts/enable-kiosk

@@ -3,8 +3,8 @@
 set -e
 
 # install dependencies
-apt update
-apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
+/usr/bin/apt update
+/usr/bin/apt install --no-install-recommends -y xserver-xorg x11-xserver-utils xinit firefox-esr matchbox-window-manager libnss3-tools
 
 # create kiosk script
 cat > /home/start9/kiosk.sh << 'EOF'

build/lib/scripts/fake-apt

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+>&2 echo 'THIS IS NOT A STANDARD DEBIAN SYSTEM'
+>&2 echo 'USING apt COULD CAUSE IRREPARABLE DAMAGE TO YOUR EMBASSY'
+>&2 echo 'PLEASE TURN BACK NOW!!!'
+if [ "$1" == "upgrade" ] && [ "$(whoami)" == "root" ]; then
+    >&2 echo 'IF YOU THINK RUNNING "sudo apt upgrade" IS A REASONABLE THING TO DO ON THIS SYSTEM, YOU PROBABLY SHOULDN'"'"'T BE ON THE COMMAND LINE.'
+    >&2 echo 'YOU ARE BEING REMOVED FROM THIS SESSION FOR YOUR OWN SAFETY.'
+    pkill -9 -t $(tty | sed 's|^/dev/||g')
+fi
+>&2 echo
+>&2 echo 'If you are SURE you know what you are doing, and are willing to accept the DIRE CONSEQUENCES of doing so, you can run the following command to disable this protection:'
+>&2 echo '    sudo rm /usr/local/bin/apt'
+>&2 echo
+>&2 echo 'Otherwise, what you probably want to do is run:'
+>&2 echo '    sudo /usr/lib/embassy/scripts/chroot-and-upgrade'
+>&2 echo 'You can run apt in this context to add packages to your system.'
+>&2 echo 'When you are done with your changes, type "exit" and the device will reboot into a system with the changes applied.'
+>&2 echo 'This is still NOT RECOMMENDED if you don'"'"'t know what you are doing, but at least isn'"'"'t guaranteed to break things.'
+
+exit 1

build/lib/scripts/persist-apt-install

@@ -0,0 +1,20 @@
+#!/bin/bash
+
+if [ -z "$1" ]; then
+    >&2 echo "usage: $0 <PACKAGE_NAME>"
+    exit 1
+fi
+
+TO_INSTALL=()
+while [ -n "$1" ]; do
+    if ! dpkg -s "$1"; then
+        TO_INSTALL+=("$1")
+    fi
+    shift
+done
+
+if [ ${#TO_INSTALL[@]} -ne 0 ]; then
+/usr/lib/embassy/scripts/chroot-and-upgrade << EOF
+apt-get update && apt-get install -y ${TO_INSTALL[@]}
+EOF
+fi

build/lib/scripts/postinst

@@ -112,3 +112,7 @@ rm -f /etc/motd
 ln -sf /usr/lib/embassy/motd /etc/update-motd.d/00-embassy
 chmod -x /etc/update-motd.d/*
 chmod +x /etc/update-motd.d/00-embassy
+
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/apt
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/apt-get
+ln -sf /usr/lib/embassy/scripts/fake-apt /usr/local/bin/aptitude