profile/home/bin/update-profile

#!/bin/sh -e

if [ "$(uname -s)" = "Darwin" ]; then
	CUT="gcut"
	if ! command -v "${CUT}" >/dev/null 2>&1; then
		CUT="cut"
	fi
fi

file_changed() {
	if [ ! -f "$1" ]; then
		if [ ! -f "$2" ]; then
			return 0
		else
			return 1
		fi
	fi
	if [ ! -f "$2" ]; then
		return 1
	fi
	oldfilehash="$(sha1sum "$1" | awk '{print $1}')"
	newfilehash="$(sha1sum "$2" | awk '{print $1}')"
	[ "${oldfilehash}" != "${newfilehash}" ]
}

if [ ! -d ~/.local/profile-git ]; then
	mkdir -p ~/.local/profile-git
	(
		cd ~/.local/profile-git
		git init
		git remote add origin https://git.icedream.tech/icedream/profile.git
	)
fi

(

	cd ~/.local/profile-git
	
	if [ "${_CHECKOUT_DONE:-0}" -lt 1 ]; then
		echo "Fetching updates for profile..."
		git fetch -p 

		# Synchronizing valid GPG keys
		echo "Preparing for update verification..."
		export GNUPGHOME="$HOME/.local/profile-data/gnupg"
		mkdir -p "${GNUPGHOME}"
		chmod 700 "${GNUPGHOME}"
		for key in \
			B5108C5A158A6608AD3361DA1573F6D8EFE4D0CF \
			; do
			if ! gpg --list-keys "${key}" >/dev/null 2>&1; then
				# key does not exist yet
				gpg --recv-keys "${key}"
			fi
		done

		echo "Verifying updates..."
		ref="origin/master"
		diffref="${ref}"
		if git rev-parse HEAD >/dev/null 2>&1; then
			diffref="HEAD..${diffref}"
		fi
		git rev-list --format=oneline "${diffref}" | while IFS= read -r line; do
			sha="$(echo "$line" | awk '{print $1}')"
			title="$(echo "$line" | "${CUT}" -f 1 -d ' ' --complement)"
			printf "  … $title\r  "
			if ! git verify-commit "$sha" >/dev/null 2>&1; then
				echo  "✘"
				echo "Found incorrectly signed commit, NOT applying. Contact the maintainer on the issue tracker."
				exit 1
			fi
			echo "✔"
		done

		echo "All commits passed, now applying updates..."
		if git rev-parse HEAD >/dev/null 2>&1; then
			git rebase "${ref}"
		else
			git checkout -f "${ref}"
		fi
		git submodule update --init
		
		if file_changed "${HOME}/bin/update-profile" "home/bin/update-profile"; then
			# Use new profile update script instead
			# Putting exit 0 on same line here for security since the old script
			# will be deleted.
			echo "Using newer profile update script."
			export _CHECKOUT_DONE=1
			exec home/bin/update-profile
		fi
	fi

	echo "Running package installation..."
	cd packages
	./packages.sh

	echo "Running profile installation..."
	cd ..
	if [ -f "${HOME}/bin/update-profile" ]; then
		mv "${HOME}/bin/update-profile" "${HOME}/bin/update-profile.old"
	fi
	./install.sh

)

rm -f "${HOME}/bin/update-profile.old"
Set -e flag on update-profile. 2018-02-18 22:03:58 +00:00			`#!/bin/sh -e`
Add update-profile script. 2018-02-17 20:04:57 +00:00
Only do command checks on Darwin. 2018-07-26 09:56:01 +00:00			`if [ "$(uname -s)" = "Darwin" ]; then`
			`CUT="gcut"`
			`if ! command -v "${CUT}" >/dev/null 2>&1; then`
			`CUT="cut"`
			`fi`
Detect coreutils with g prefix for macOS brew support. 2018-07-17 13:22:40 +00:00			`fi`

Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`file_changed() {`
Fix file_changed function for non-existent files. 2018-02-20 02:02:42 +00:00			`if [ ! -f "$1" ]; then`
			`if [ ! -f "$2" ]; then`
			`return 0`
			`else`
			`return 1`
			`fi`
			`fi`
			`if [ ! -f "$2" ]; then`
			`return 1`
			`fi`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`oldfilehash="$(sha1sum "$1" \| awk '{print $1}')"`
			`newfilehash="$(sha1sum "$2" \| awk '{print $1}')"`
			`[ "${oldfilehash}" != "${newfilehash}" ]`
			`}`

Fix wrong logic in update-profile script and explicitly create folder. 2018-02-17 20:09:46 +00:00			`if [ ! -d ~/.local/profile-git ]; then`
			`mkdir -p ~/.local/profile-git`
Fix first time git setup. 2018-02-20 01:34:24 +00:00			`(`
			`cd ~/.local/profile-git`
			`git init`
			`git remote add origin https://git.icedream.tech/icedream/profile.git`
			`)`
Add update-profile script. 2018-02-17 20:04:57 +00:00			`fi`

			`(`
Implement signature verification in update-profile script. 2018-02-18 22:33:25 +00:00
			`cd ~/.local/profile-git`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00
			`if [ "${_CHECKOUT_DONE:-0}" -lt 1 ]; then`
			`echo "Fetching updates for profile..."`
			`git fetch -p`

			`# Synchronizing valid GPG keys`
			`echo "Preparing for update verification..."`
			`export GNUPGHOME="$HOME/.local/profile-data/gnupg"`
			`mkdir -p "${GNUPGHOME}"`
			`chmod 700 "${GNUPGHOME}"`
Check for key existence before trying to import it. 2018-02-19 09:22:28 +00:00			`for key in \`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`B5108C5A158A6608AD3361DA1573F6D8EFE4D0CF \`
Check for key existence before trying to import it. 2018-02-19 09:22:28 +00:00			`; do`
			`if ! gpg --list-keys "${key}" >/dev/null 2>&1; then`
			`# key does not exist yet`
Remove keyserver hint in update script. 2018-06-18 11:44:40 +00:00			`gpg --recv-keys "${key}"`
Check for key existence before trying to import it. 2018-02-19 09:22:28 +00:00			`fi`
			`done`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00
			`echo "Verifying updates..."`
Fix rev-list for empty local tree. 2018-02-20 02:04:06 +00:00			`ref="origin/master"`
			`diffref="${ref}"`
			`if git rev-parse HEAD >/dev/null 2>&1; then`
			`diffref="HEAD..${diffref}"`
			`fi`
			`git rev-list --format=oneline "${diffref}" \| while IFS= read -r line; do`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`sha="$(echo "$line" \| awk '{print $1}')"`
Detect coreutils with g prefix for macOS brew support. 2018-07-17 13:22:40 +00:00			`title="$(echo "$line" \| "${CUT}" -f 1 -d ' ' --complement)"`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`printf " … $title\r "`
			`if ! git verify-commit "$sha" >/dev/null 2>&1; then`
			`echo "✘"`
			`echo "Found incorrectly signed commit, NOT applying. Contact the maintainer on the issue tracker."`
			`exit 1`
			`fi`
			`echo "✔"`
			`done`
Checkout before script switch, fix checkout from empty tree. 2018-02-20 02:05:08 +00:00
			`echo "All commits passed, now applying updates..."`
			`if git rev-parse HEAD >/dev/null 2>&1; then`
			`git rebase "${ref}"`
			`else`
			`git checkout -f "${ref}"`
			`fi`
			`git submodule update --init`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00
			`if file_changed "${HOME}/bin/update-profile" "home/bin/update-profile"; then`
			`# Use new profile update script instead`
Make sure to exit the script after update is done. 2018-02-19 08:56:15 +00:00			`# Putting exit 0 on same line here for security since the old script`
			`# will be deleted.`
Add an extra message to notify about usage of newer update script. 2018-02-19 08:58:04 +00:00			`echo "Using newer profile update script."`
Use exec instead of call && exit. 2018-02-19 08:59:19 +00:00			`export _CHECKOUT_DONE=1`
			`exec home/bin/update-profile`
Implement signature verification in update-profile script. 2018-02-18 22:33:25 +00:00			`fi`
Add update check for update-profile and use new script if possible. 2018-02-19 08:46:08 +00:00			`fi`
Implement signature verification in update-profile script. 2018-02-18 22:33:25 +00:00
			`echo "Running package installation..."`
			`cd packages`
			`./packages.sh`

			`echo "Running profile installation..."`
			`cd ..`
Only try to move old script if it actually exists. This would otherwise just error out on first installation! 2018-02-19 09:18:32 +00:00			`if [ -f "${HOME}/bin/update-profile" ]; then`
			`mv "${HOME}/bin/update-profile" "${HOME}/bin/update-profile.old"`
			`fi`
Implement signature verification in update-profile script. 2018-02-18 22:33:25 +00:00			`./install.sh`

Add update-profile script. 2018-02-17 20:04:57 +00:00			`)`
Temporarily move old update-profile script to avoid sudden syntax errs. 2018-02-19 08:48:23 +00:00
			`rm -f "${HOME}/bin/update-profile.old"`