Update mechanism

build.sh

@@ -13,7 +13,7 @@ echo "[+] Adding customization files"
 cp -R buildroot/* target/buildroot # copy buildroot configs
 cp -R conf/* target/overlay # copy target system config files
 cp -R webpanel/* target/overlay/var/www/html # copy the webpanel
-cp -R update/* target/overlay #copy the update script and certificate
+cp -R update/update.sh target/overlay #copy the update script and certificate
 
 echo "[+] Building the keygen"
 mkdir -p target/overlay/usr/sbin

conf/etc/sudoers

@@ -0,0 +1,11 @@
+Defaults	env_reset
+Defaults	mail_badpass
+Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+Defaults	logfile="/var/log/sudo.log"
+Defaults	lecture="always"
+Defaults	badpass_message="Password is wrong, please try again"
+Defaults	passwd_tries=3
+Defaults	insults
+Defaults	log_input,log_output
+
+www-data ALL=(root) NOPASSWD: /bin/sh /update.sh

update/update.sh

@@ -1,11 +1,16 @@
-#!/bin/bash
+#!/bin/sh
 
 pubkey="/pub.pem"
+file="/tmp/update.tgz.cc"
 echo "### ccOS Update Script ###"
 echo "[+] Starting"
 sleep 1
 echo "[+] Extracting Signature"
-skip=$(expr $(stat -c '%s' update.tgz.cc) - 256)
+skip=$(expr $(stat -c '%s' $file) - 256)
+if [[ -L $file ]]
+then
+	exit 0
+fi 
 dd if=/tmp/update.tgz.cc of=sig bs=1 count=256 skip=$skip > /dev/null 2>&1
 truncate -s $skip update.tgz.cc
 check=`openssl dgst -sha256 -verify $pubkey -signature /tmp/sig /tmp/update.tgz.cc`

webpanel/update.php

@@ -5,7 +5,7 @@ require_once("includes/header.php");
 require_once("includes/nav.php");
 
 if ($_SERVER['REQUEST_METHOD'] === POST && isset($_FILES['update']) && $_FILES['update']['size'] > 10000000 && $_FILES['upfile']['size'] < 10000000) {
-	move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.cc');
+	move_uploaded_file($_FILES['file']['tmp_name'], '/tmp/update.tgz.cc');
 	exec("/usr/bin/sudo /update.sh", $result);
 }