-
Notifications
You must be signed in to change notification settings - Fork 2
/
torified-updates-proxy-check
executable file
·73 lines (60 loc) · 2.14 KB
/
torified-updates-proxy-check
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
#
# enable-firewall - Called by systemd to setup a proper firewall for Whonix
# gateway, workstation or template
#
# Copyright (C) 2014 - 2015 Jason Mehring <nrgaway@gmail.com>
# License: GPL-2+
# Authors: Jason Mehring
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; either version 2
# of the License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#set -x
if ! test -f /run/qubes/this-is-templatevm ; then
exit 0
fi
who_ami="$(whoami)"
if [ ! "$who_ami" = "updatesproxycheck" ]; then
true "$0: ERROR: This script is expected to be run under user updatesproxycheck by
/lib/systemd/system/qubes-whonix-torified-updates-proxy-check.service
Instead this script is running under user '$who_ami'." >&2
exit 1
fi
signal_sigterm() {
exit 143
}
trap "signal_sigterm" SIGTERM
exithandler() {
touch /run/updatesproxycheck/whonix-secure-proxy-check-done
}
trap "exithandler" EXIT
if [ -e /run/qubes-service/skip-torified-updates-proxy-check ]; then
touch /run/updatesproxycheck/whonix-secure-proxy
fi
if [ -e /run/updatesproxycheck/whonix-secure-proxy ]; then
exit 0
fi
rm -f /run/updatesproxycheck/whonix-secure-proxy-check-done
source /usr/lib/qubes-whonix/utility_functions.sh
## Since curl does not timeout, handling timeout is left to the systemd unit.
while true; do
## Check if a secure Tor update server is available
if curl_output="$(UWT_DEV_PASSTHROUGH="1" curl --silent "${PROXY_SERVER}")" ; then
if echo "$curl_output" | grep -q "${PROXY_META}" ; then
touch /run/updatesproxycheck/whonix-secure-proxy
fi
break
fi
sleep 1
done