-
Notifications
You must be signed in to change notification settings - Fork 4
/
livecheck.sh
executable file
·156 lines (135 loc) · 7.38 KB
/
livecheck.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
#!/bin/bash
## Copyright (C) 2018 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## Copyright (C) 2018 Algernon <33966997+Algernon-01@users.noreply.github.com>
## Copyright (C) 2023 PXLKNG <79484393+pxlkng@users.noreply.github.com>
## See the file COPYING for copying conditions.
set -e
## NOTICE: As of Linux 6 `lsblk --all` outputs 8 empty read-writeable loop devices. Those seem to be placeholders and not actually active. (without snapd)
## See: https://forums.kicksecure.com/t/livecheck-sh-script-broken-on-bookworm/269
##
## sudo /bin/lsblk --all
##
## NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
## loop0 7:0 0 0B 0 loop
## loop1 7:1 0 0B 0 loop
## loop2 7:2 0 0B 0 loop
## loop3 7:3 0 0B 0 loop
## loop4 7:4 0 0B 0 loop
## loop5 7:5 0 0B 0 loop
## loop6 7:6 0 0B 0 loop
## loop7 7:7 0 0B 0 loop
## sda 8:0 0 100G 1 disk
##
## 1 means read-only
## 0 means read-write
## As soon as we have at least one "0" (empty/0B loop devices are ignored) it is concluded: not live mode.
## when using snapd:
##
## sudo /bin/lsblk --all
##
## NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
## loop0 7:0 0 55M 1 loop /snap/core18/1754
## loop1 7:1 0 0 loop
## loop2 7:2 0 0 loop
## loop3 7:3 0 0 loop
## loop4 7:4 0 0 loop
## loop5 7:5 0 0 loop
## loop6 7:6 0 0 loop
## loop7 7:7 0 0 loop
## sda 8:0 0 100G 0 disk
## sda1 8:1 0 100G 0 part /
## sr0 11:0 1 1024M 0 rom
## when using snapd:
##
## sudo /bin/lsblk --noheadings --all --raw --output RO
##
## 1
## 1
## 0
## 0
## 0
## 0
## 0
## 0
## 0
## 0
## 0
## The following did not work with snapd:
## http://forums.whonix.org/t/wickr-me-gets-whonix-stuck-in-live-mode/9834/1
#if sudo --non-interactive /bin/lsblk --noheadings --all --raw --output RO | grep --invert-match "0" ; then
## Using `sudo` to run `lsblk` because `hide-hardware-info.service` makes this no longer
## readable by user `root`. Only readable by user `root`.
## https://forums.whonix.org/t/restrict-hardware-information-to-root-testers-wanted/8618/13
missing_image=""
test -f /usr/share/icons/gnome-colors-common/scalable/status/dialog-error.svg || missing_image=true
test -f /usr/share/icons/gnome-colors-common/scalable/status/dialog-warning.svg || missing_image=true
test -f /usr/share/icons/gnome-colors-common/scalable/status/gtk-info.svg || missing_image=true
test -f /usr/share/icons/gnome-colors-common/scalable/actions/dialog-apply.svg || missing_image=true
if test -f /usr/share/anon-gw-base-files/gateway || test -f /usr/share/anon-ws-base-files/workstation ; then
homepage="https://www.whonix.org"
sentence_ending="."
else
homepage="https://www.kicksecure.com"
sentence_ending=", if possible."
fi
if [ "$missing_image" = "true" ]; then
bug_message="
(Minor bug: Missing illustrative image.)"
else
bug_message=""
fi
## Check if execution of lsblk fails with a non-zero exit code such as in case of missing sudoers permissions.
## FIX: https://forums.kicksecure.com/t/livecheck-sh-script-broken-on-bookworm/269
## Change lsblk call to include `--output SIZE,RO,TYPE` since this info is needed to sanitize and crop accordingly later.
if ! lsblk_output_unsanitized="$(sudo --non-interactive /bin/lsblk --all --raw --noheadings --output SIZE,RO,TYPE)" ; then
## lsblk exited a non-zero exit code.
true "INFO: Running 'sudo --non-interactive /bin/lsblk --all --raw --noheadings --output SIZE,RO,TYPE' failed!"
echo "<img>/usr/share/icons/gnome-colors-common/scalable/status/dialog-error.svg</img>"
## Show "Error" next to info symbol in systray.
echo "<txt>Error</txt>"
echo "<tool>Do not panic. Live mode detection failed. Could not determine if booted into live mode or persistent mode. Please report this bug. See: $homepage/wiki/Grub-live#Live_Check_Systray_Issues or click on the icon for more information.$bug_message</tool>"
echo "<click>x-www-browser $homepage/wiki/Grub-live#Live_Check_Systray_Issues</click>"
echo "<txtclick>x-www-browser $homepage/wiki/Grub-live#Live_Check_Systray_Issues</txtclick>"
exit 0
fi
## lsblk exited with exit code 0.
## Sanitize lsblk output with RegEx (PCRE) to remove all empty loop devices.
## The following RegEx does an inverted grep search for "^0B\space+\digit\space+loop$" (simplified) thus matching every line of "0B 0 loop" or "0B 1 loop" effectively removing all empty loop devices.
## (See FIX above)
lsblk_output_pre1=$(echo "${lsblk_output_unsanitized}" | grep -vPx '^0B\s+\d\s+loop$')
## For the livecheck we only need the RO values. But because we needed to include `SIZE` and `TYPE` for sanitization we now have to remove those.
## In the next two steps we remove the unwanted string overhead BEFORE and AFTER the RO value, with RegEx (ERE).
## The following RegEx (ERE) searches for "^\digit+\.?\digit+\nonspace+\space+" (simplified) and replaces every occurence with "" thus removing everything BEFORE the RO values.
lsblk_output_pre2=$(echo "${lsblk_output_pre1}" | sed -r 's/^[0-9]+\.?[0-9]+\S+\s+//g')
## The following RegEx (ERE) searches for "\space+\nonspace+$" (simplified) and replaces every occurence with "" thus removing everything AFTER the RO values.
lsblk_output=$(echo "${lsblk_output_pre2}" | sed -r 's/\s+\S+$//g')
## lsblk_output is now only the RO values of the whole `lsblk --all [...]` output except the empty loop devices.
## Checking if there is any 0 / read-write device.
if echo "$lsblk_output" | grep --quiet "0" ; then
true "INFO: If at least one '0' was found. Conclusion: not all read-only. Some read-write."
if grep -qs "boot=live" /proc/cmdline; then
true "INFO: grub-live is enabled."
echo "<img>/usr/share/icons/gnome-colors-common/scalable/status/dialog-warning.svg</img>"
## Show "Live" next to info symbol in systray.
echo "<txt>Live</txt>"
echo "<tool>Live mode is enabled but it is still possible to write to the disk. Please power off the machine and set the disk to read-only$sentence_ending See: $homepage/wiki/Live_Mode or click on the icon for more information.$bug_message</tool>"
echo "<click>x-www-browser $homepage/wiki/Live_Mode</click>"
echo "<txtclick>x-www-browser $homepage/wiki/Live_Mode</txtclick>"
else
true "INFO: Live mode is disabled."
echo "<img>/usr/share/icons/gnome-colors-common/22x22/status/gtk-info.png</img>"
## Do not show "Persistent" next to info symbol in systray.
#echo "<txt>Persistent</txt>"
echo "<tool>You are using persistent mode. All changes to the disk will be preserved after a reboot. For using live mode, see: $homepage/wiki/Live_Mode or click on the icon for more information.$bug_message</tool>"
echo "<click>x-www-browser $homepage/wiki/Live_Mode</click>"
echo "<txtclick>x-www-browser $homepage/wiki/Live_Mode<txtclick>"
fi
else
true "INFO: No '0' is found. Therefore only '1' found. Conclusion: read-only."
echo "<img>/usr/share/icons/gnome-colors-common/scalable/actions/dialog-apply.svg</img>"
## Show "Live" next to info symbol in systray.
echo "<txt>Live</txt>"
echo "<tool>Live mode is enabled. All changes to the disk will be gone after a reboot. See: $homepage/wiki/Live_Mode or click on the icon for more information.$bug_message</tool>"
echo "<click>x-www-browser $homepage/wiki/Live_Mode</click>"
echo "<txtclick>x-www-browser $homepage/wiki/Live_Mode</txtclick>"
fi