fix agent code review

BuildGuide.md

@@ -98,10 +98,6 @@
       ```
       rm -rf ~/.stack/setup-exe-src/
       ```
-   1. Re-make the agent
-      ```
-      make agent
-      ```
 
 6. Install requirements for step 7
    1. Install NVM

agent/ambassador-agent.cabal

@@ -5,7 +5,7 @@ cabal-version: 1.12
 -- see: https://github.com/sol/hpack
 
 name:           ambassador-agent
-version:        0.2.17
+version:        0.2.14
 build-type:     Simple
 extra-source-files:
     ./migrations/0.1.0::0.1.0
@@ -20,9 +20,6 @@ extra-source-files:
     ./migrations/0.2.11::0.2.12
     ./migrations/0.2.12::0.2.13
     ./migrations/0.2.13::0.2.14
-    ./migrations/0.2.14::0.2.15
-    ./migrations/0.2.15::0.2.16
-    ./migrations/0.2.16::0.2.17
     ./migrations/0.2.1::0.2.2
     ./migrations/0.2.2::0.2.3
     ./migrations/0.2.3::0.2.4

agent/config/settings.yml

@@ -33,5 +33,5 @@ database:
   database: "start9_agent.sqlite3"
   poolsize: "_env:YESOD_SQLITE_POOLSIZE:10"
 
-app-mgr-version-spec: "=0.2.16"
+app-mgr-version-spec: "=0.2.14"
 #analytics: UA-YOURCODE

agent/migrations/0.2.14::0.2.15

@@ -1 +0,0 @@
-SELECT TRUE;

agent/migrations/0.2.15::0.2.16

@@ -1 +0,0 @@
-SELECT TRUE;

agent/migrations/0.2.16::0.2.17

@@ -1 +0,0 @@
-SELECT TRUE;

agent/package.yaml

@@ -1,5 +1,5 @@
 name: ambassador-agent
-version: 0.2.17
+version: 0.2.14
 
 default-extensions:
   - NoImplicitPrelude

agent/src/Daemon/SslRenew.hs

@@ -6,30 +6,22 @@ import           Startlude               hiding ( err )
 import           Data.String.Interpolate        ( i )
 import           System.Process                 ( system )
 
-import           Constants
-import           Control.Carrier.Lift
-import           Daemon.ZeroConf                ( getStart9AgentHostname )
-import qualified Data.ByteString               as BS
-import           Database.Persist.Sql           ( Filter
-                                                , SqlPersistT
-                                                , count
-                                                , runSqlPool
-                                                )
 import           Foundation
-import qualified Lib.Notifications             as Notifications
-import           Lib.Ssl
-import           Lib.SystemCtl
 import           Lib.SystemPaths
-import           Lib.Tor
-import           Lib.Types.Core
-import           Model
 import           Settings
-import           System.Directory               ( createDirectoryIfMissing
-                                                , doesPathExist
+import           Lib.Ssl
+import           Daemon.ZeroConf                ( getStart9AgentHostname )
+import           Lib.Tor
+import           Control.Carrier.Lift
+import           System.Directory               ( doesPathExist
                                                 , removePathForcibly
                                                 , renameDirectory
                                                 )
-import           System.FilePath                ( takeDirectory )
+import           Lib.SystemCtl
+import qualified Lib.Notifications             as Notifications
+import           Database.Persist.Sql           ( runSqlPool )
+import           Lib.Types.Core
+import           Constants
 
 renewSslLeafCert :: AgentCtx -> IO ()
 renewSslLeafCert ctx = do
@@ -38,7 +30,7 @@ renewSslLeafCert ctx = do
     let hostname = sid <> ".local"
     tor <- injectFilesystemBase base getAgentHiddenServiceUrl
     putStr @Text "SSL Renewal Required? "
-    needsRenew <- flip runSqlPool (appConnPool ctx) $ doesSslNeedRenew (toS $ entityCertPath sid `relativeTo` base)
+    needsRenew <- doesSslNeedRenew (toS $ entityCertPath sid `relativeTo` base)
     print needsRenew
     when needsRenew $ runM . injectFilesystemBase base $ do
         intCaKeyPath   <- toS <$> getAbsoluteLocationFor intermediateCaKeyPath
@@ -50,9 +42,6 @@ renewSslLeafCert ctx = do
         entConfPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityConfPath sid)
         entCertPathTmp <- toS <$> getAbsoluteLocationFor (agentTmpDirectory <> entityCertPath sid)
 
-        liftIO $ createDirectoryIfMissing True sslDirTmp
-        liftIO $ BS.writeFile entConfPathTmp (domain_CSR_CONF hostname)
-
         (ec, out, err) <- writeLeafCert
             DeriveCertificate { applicantConfPath = entConfPathTmp
                               , applicantKeyPath  = entKeyPathTmp
@@ -71,28 +60,24 @@ renewSslLeafCert ctx = do
             putStrLn @String $ "stdout: " <> out
             putStrLn @String $ "stderr: " <> err
         case ec of
+            ExitSuccess -> pure ()
             ExitFailure n ->
                 liftIO
                     . void
                     $ flip runSqlPool (appConnPool ctx)
                     $ Notifications.emit (AppId "EmbassyOS") agentVersion
                     $ Notifications.CertRenewFailed (ExitFailure n) out err
-            ExitSuccess -> liftIO $ do
-                let sslDir = toS $ sslDirectory `relativeTo` base
-                createDirectoryIfMissing True (takeDirectory sslDir)
-                removePathForcibly sslDir
-                renameDirectory sslDirTmp sslDir
-                systemCtl RestartService "nginx" $> ()
+        let sslDir = toS $ sslDirectory `relativeTo` base
+        liftIO $ removePathForcibly sslDir
+        liftIO $ renameDirectory sslDirTmp sslDir
+        liftIO $ systemCtl RestartService "nginx" $> ()
 
 
-doesSslNeedRenew :: FilePath -> SqlPersistT IO Bool
+doesSslNeedRenew :: FilePath -> IO Bool
 doesSslNeedRenew cert = do
-    exists <- liftIO $ doesPathExist cert
+    exists <- doesPathExist cert
     if exists
         then do
             ec <- liftIO $ system [i|openssl x509 -checkend 2592000 -noout -in #{cert}|]
             pure $ ec /= ExitSuccess
-        else do
-            -- if we have set up the embassy already, then this is bad state that needs to be repaired
-            n <- count ([] :: [Filter Account])
-            pure $ n >= 1
+        else pure False

agent/src/Lib/SelfUpdate.hs

@@ -5,9 +5,7 @@
 {-# LANGUAGE TupleSections       #-}
 module Lib.SelfUpdate where
 
-import           Startlude               hiding ( handle
-                                                , runReader
-                                                )
+import           Startlude               hiding ( runReader )
 
 import           Control.Carrier.Error.Either
 import           Control.Lens
@@ -31,7 +29,6 @@ import           Lib.SystemPaths
 import           Lib.Types.Emver
 import           Lib.WebServer
 import           Settings
-import           UnliftIO.Exception             ( handle )
 
 youngAgentPort :: Word16
 youngAgentPort = 5960
@@ -194,21 +191,18 @@ runSyncOps syncOps = do
     pure res
 
 synchronizeSystemState :: AgentCtx -> Version -> IO ()
-synchronizeSystemState ctx _version = handle @_ @SomeException cleanup $ flip runReaderT ctx $ do
+synchronizeSystemState ctx _version = handle @SomeException cleanup $ flip runReaderT ctx $ do
     (restartsAndRuns, mTid) <- case synchronizer of
         Synchronizer { synchronizerOperations } -> flip runStateT Nothing $ for synchronizerOperations $ \syncOp -> do
             shouldRun <- lift $ syncOpShouldRun syncOp
             putStrLn @Text [i|Sync Op "#{syncOpName syncOp}" should run: #{shouldRun}|]
             when shouldRun $ do
-                tid <- get >>= \case
-                    Nothing -> do
-                        tid <- liftIO . forkIO . forever $ playSong 300 updateInProgress *> threadDelay 20_000_000
-                        put (Just tid)
-                        pure tid
-                    Just tid -> pure tid
+                whenM (isNothing <$> get) $ do
+                    tid <- liftIO . forkIO . forever $ playSong 300 updateInProgress *> threadDelay 20_000_000
+                    put (Just tid)
                 putStrLn @Text [i|Running Sync Op: #{syncOpName syncOp}|]
                 setUpdate True
-                lift $ handle @_ @SomeException (\e -> lift $ killThread tid *> cleanup e) $ syncOpRun syncOp
+                lift $ syncOpRun syncOp
             pure $ (syncOpRequiresReboot syncOp, shouldRun)
     case mTid of
         Nothing  -> pure ()
@@ -228,6 +222,5 @@ synchronizeSystemState ctx _version = handle @_ @SomeException cleanup $ flip ru
             void $ try @SomeException Sound.stop
             void $ try @SomeException Sound.unexport
             let e' = InternalE $ show e
-            setUpdate False
             flip runReaderT ctx $ cantFail $ failUpdate e'
 

agent/src/Lib/Ssl.hs

@@ -10,7 +10,8 @@ module Lib.Ssl
     , root_CA_OPENSSL_CONF
     , intermediate_CA_OPENSSL_CONF
     , segment
-    ) where
+    )
+where
 
 import           Startlude
 

agent/src/Lib/Synchronizers.hs

@@ -102,12 +102,12 @@ parseKernelVersion = do
     pure $ KernelVersion (Version (major', minor', patch', 0)) arch
 
 synchronizer :: Synchronizer
-synchronizer = sync_0_2_17
+synchronizer = sync_0_2_14
 {-# INLINE synchronizer #-}
 
-sync_0_2_17 :: Synchronizer
-sync_0_2_17 = Synchronizer
-    "0.2.17"
+sync_0_2_14 :: Synchronizer
+sync_0_2_14 = Synchronizer
+    "0.2.14"
     [ syncCreateAgentTmp
     , syncCreateSshDir
     , syncRemoveAvahiSystemdDependency
@@ -180,7 +180,7 @@ syncFullUpgrade = SyncOp "Full Upgrade" check migrate True
                 Just (Done _ (KernelVersion (Version av) _)) -> if av < (4, 19, 118, 0) then pure True else pure False
                 _ -> pure False
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get full-upgrade -y"
 
 sync32BitKernel :: SyncOp
@@ -205,7 +205,7 @@ syncInstallNginx = SyncOp "Install Nginx" check migrate False
     where
         check   = liftIO . run $ fmap isNothing (shell [i|which nginx || true|] $| conduit await)
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install nginx -y"
 
 syncInstallEject :: SyncOp
@@ -213,7 +213,7 @@ syncInstallEject = SyncOp "Install Eject" check migrate False
     where
         check   = liftIO . run $ fmap isNothing (shell [i|which eject || true|] $| conduit await)
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install eject -y"
 
 syncInstallDuplicity :: SyncOp
@@ -221,7 +221,7 @@ syncInstallDuplicity = SyncOp "Install duplicity" check migrate False
     where
         check   = liftIO . run $ fmap isNothing (shell [i|which duplicity || true|] $| conduit await)
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install -y duplicity"
 
 syncInstallExfatFuse :: SyncOp
@@ -234,7 +234,7 @@ syncInstallExfatFuse = SyncOp "Install exfat-fuse" check migrate False
                             ProcessException _ (ExitFailure 1) -> pure True
                             _ -> throwIO e
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install -y exfat-fuse"
 
 syncInstallExfatUtils :: SyncOp
@@ -247,7 +247,7 @@ syncInstallExfatUtils = SyncOp "Install exfat-utils" check migrate False
                             ProcessException _ (ExitFailure 1) -> pure True
                             _ -> throwIO e
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install -y exfat-utils"
 
 syncInstallLibAvahi :: SyncOp
@@ -260,7 +260,7 @@ syncInstallLibAvahi = SyncOp "Install libavahi-client" check migrate False
                             ProcessException _ (ExitFailure 1) -> pure True
                             _ -> throwIO e
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             shell "apt-get install -y libavahi-client3"
 
 syncWriteConf :: Text -> ByteString -> SystemPath -> SyncOp
@@ -592,13 +592,15 @@ syncUpgradeTor :: SyncOp
 syncUpgradeTor = SyncOp "Install Latest Tor" check migrate False
     where
         check = run $ do
+            shell "apt-get clean"
+            shell "apt-get update"
             mTorVersion <- (shell "dpkg -s tor" $| shell "grep '^Version'" $| shell "cut -d ' ' -f2" $| conduit await)
             let torVersion = case mTorVersion of
                     Nothing -> panic "invalid output from dpkg, can't read tor version"
                     Just x  -> x
             pure $ compareTorVersions torVersion "0.3.5.15-1" == LT
         migrate = liftIO . run $ do
-            shell "apt-get update --allow-releaseinfo-change"
+            shell "apt-get update"
             availVersions <-
                 (shell "apt-cache madison tor" $| shell "cut -d '|' -f2" $| shell "xargs" $| conduit consume)
             latest <- case lastMay $ sortBy compareTorVersions availVersions of

appmgr/Cargo.lock

@@ -1,7 +1,5 @@
 # This file is automatically @generated by Cargo.
 # It is not intended for manual editing.
-version = 3
-
 [[package]]
 name = "addr2line"
 version = "0.14.1"
@@ -43,7 +41,7 @@ checksum = "afddf7f520a80dbf76e6f50a35bca42a2331ef227a28b3b6dc5c2e2338d114b1"
 
 [[package]]
 name = "appmgr"
-version = "0.2.16"
+version = "0.2.14"
 dependencies = [
  "async-trait",
  "avahi-sys",

appmgr/Cargo.toml

@@ -2,7 +2,7 @@
 authors = ["Aiden McClelland <me@drbonez.dev>"]
 edition = "2018"
 name = "appmgr"
-version = "0.2.16"
+version = "0.2.14"
 
 [lib]
 name = "appmgrlib"

appmgr/src/version/mod.rs

@@ -31,10 +31,8 @@ mod v0_2_11;
 mod v0_2_12;
 mod v0_2_13;
 mod v0_2_14;
-mod v0_2_15;
-mod v0_2_16;
 
-pub use v0_2_16::Version as Current;
+pub use v0_2_14::Version as Current;
 
 #[derive(serde::Serialize, serde::Deserialize)]
 #[serde(untagged)]
@@ -61,8 +59,6 @@ enum Version {
     V0_2_12(Wrapper<v0_2_12::Version>),
     V0_2_13(Wrapper<v0_2_13::Version>),
     V0_2_14(Wrapper<v0_2_14::Version>),
-    V0_2_15(Wrapper<v0_2_15::Version>),
-    V0_2_16(Wrapper<v0_2_16::Version>),
     Other(emver::Version),
 }
 
@@ -179,8 +175,6 @@ pub async fn init() -> Result<(), failure::Error> {
             Version::V0_2_12(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_13(v) => v.0.migrate_to(&Current::new()).await?,
             Version::V0_2_14(v) => v.0.migrate_to(&Current::new()).await?,
-            Version::V0_2_15(v) => v.0.migrate_to(&Current::new()).await?,
-            Version::V0_2_16(v) => v.0.migrate_to(&Current::new()).await?,
             Version::Other(_) => (),
             // TODO find some way to automate this?
         }
@@ -276,8 +270,6 @@ pub async fn self_update(requirement: emver::VersionRange) -> Result<(), Error>
         Version::V0_2_12(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_13(v) => Current::new().migrate_to(&v.0).await?,
         Version::V0_2_14(v) => Current::new().migrate_to(&v.0).await?,
-        Version::V0_2_15(v) => Current::new().migrate_to(&v.0).await?,
-        Version::V0_2_16(v) => Current::new().migrate_to(&v.0).await?,
         Version::Other(_) => (),
         // TODO find some way to automate this?
     };

appmgr/src/version/v0_2_15.rs

@@ -1,21 +0,0 @@
-use super::*;
-
-const V0_2_15: emver::Version = emver::Version::new(0, 2, 15, 0);
-
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_2_14::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> &'static emver::Version {
-        &V0_2_15
-    }
-    async fn up(&self) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down(&self) -> Result<(), Error> {
-        Ok(())
-    }
-}

appmgr/src/version/v0_2_16.rs

@@ -1,21 +0,0 @@
-use super::*;
-
-const V0_2_16: emver::Version = emver::Version::new(0, 2, 16, 0);
-
-pub struct Version;
-#[async_trait]
-impl VersionT for Version {
-    type Previous = v0_2_15::Version;
-    fn new() -> Self {
-        Version
-    }
-    fn semver(&self) -> &'static emver::Version {
-        &V0_2_16
-    }
-    async fn up(&self) -> Result<(), Error> {
-        Ok(())
-    }
-    async fn down(&self) -> Result<(), Error> {
-        Ok(())
-    }
-}

ui/client-manifest.yaml

@@ -1,6 +1,6 @@
 manifest-version: 0
 app-id: start9-ambassador
-app-version: 0.2.17
+app-version: 0.2.14
 uri-rewrites:
     - =/api -> http://{{start9-ambassador}}:5959/authenticate
     - /api/ -> http://{{start9-ambassador}}:5959/

ui/package.json

@@ -1,6 +1,6 @@
 {
   "name": "embassy-ui",
-  "version": "0.2.17",
+  "version": "0.2.14",
   "description": "GUI for EmbassyOS",
   "author": "Start9 Labs",
   "homepage": "https://github.com/Start9Labs/embassy-ui",
@@ -53,7 +53,7 @@
     "@types/marked": "^1.1.0",
     "@types/node": "^14.11.10",
     "@types/uuid": "^8.0.0",
-    "node-html-parser": "2.0.0",
+    "node-html-parser": "^2.0.0",
     "ts-node": "^9.1.0",
     "tslint": "^6.1.0",
     "typescript": "4.0.5"

ui/src/app/app-config/config-cursor.ts

@@ -298,7 +298,6 @@ export class ConfigCursor<T extends ValueType> {
     const mappedCfg = this.mappedConfig()
     if (cfg && mappedCfg && typeof cfg === 'object' && typeof mappedCfg === 'object') {
       const spec = this.spec()
-      if (spec === undefined) return true
       let allKeys: Set<string>
       if (spec.type === 'union') {
         let unionSpec = spec as  ValueSpecOf<'union'>
@@ -483,4 +482,4 @@ export function displayUniqueBy(uniqueBy: UniqueBy, spec: ValueSpecObject | Valu
       }
     }).join(' or ')
   }
-}
+}

ui/src/app/modals/os-welcome/os-welcome.page.html

@@ -1,7 +1,7 @@
 <ion-header>
   <ion-toolbar>
     <ion-title >
-      <ion-label style="font-size: 20px;" class="ion-text-wrap">Welcome to 0.2.17!</ion-label>
+      <ion-label style="font-size: 20px;" class="ion-text-wrap">Welcome to 0.2.14!</ion-label>
     </ion-title>
   </ion-toolbar>
 </ion-header>
@@ -10,7 +10,7 @@
   <div style="display: flex; flex-direction: column; justify-content: space-between; height: 100%">
     <h2>Highlights</h2>
     <div class="main-content">
-      <p>This release fixes a bug with certificate generation that caused the Embassy web interface to become inaccessible</p>
+      <p>This release contains an important security patch to the tor binaries</p>
     </div>
 
     <div class="close-button">

ui/src/app/services/api/mock-api.service.ts

@@ -499,8 +499,8 @@ const mockApiNotifications: ReqRes.GetNotificationsRes = [
 const mockApiServer: () => ReqRes.GetServerRes = () => ({
   serverId: 'start9-mockxyzab',
   name: 'Embassy:12345678',
-  versionInstalled: '0.2.17',
-  versionLatest: '0.2.17',
+  versionInstalled: '0.2.14',
+  versionLatest: '0.2.14',
   status: ServerStatus.RUNNING,
   alternativeRegistryUrl: 'beta-registry.start9labs.com',
   welcomeAck: true,