From 8df91ecb1b6be194488d05c4e174db5f6a451c8a Mon Sep 17 00:00:00 2001
From: Federico Ceratto <federico@openobservatory.org>
Date: Tue, 15 Dec 2020 12:05:13 +0000
Subject: [PATCH] debian: run as a daemon, ask informed consent (#162)

* Set verbose mode, depend on adduser

* Run as daemon

* Generate manpage

* Implement informed consent

* Set version

* Switch format to native

* Set environment

* Update packaging

* Create test and release pipelines

* Update debian/ooniprobe-cli.service

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* Update debian/ooniprobe-cli.service

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* Update debian/ooniprobe.conf.disabled

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* fix(linux-debian-packages): build also on pull requests

Otherwise there's no way for us to test :^).

* fix(debian/control): ubuntu 20.04 has debhelper 12

See https://packages.ubuntu.com/focal/debhelper

* fix(debian/control): debhelper-compat relations doesn't work the way I thought

* Update debian/ooniprobe-cli.timer

Co-authored-by: Simone Basso <bassosimone@gmail.com>
---
 .../linux-debian-packages-release.yml         | 37 ++++++++++++++
 .github/workflows/linux-debian-packages.yml   |  5 +-
 debian/TODO                                   |  6 +--
 debian/changelog                              |  4 +-
 debian/compat                                 |  1 -
 debian/config                                 | 13 +++++
 debian/control                                | 10 +++-
 debian/ooniprobe-cli.install                  |  1 +
 debian/ooniprobe-cli.postinst                 | 23 +++++++++
 debian/ooniprobe-cli.service                  | 51 +++++++++++++++++++
 debian/ooniprobe-cli.templates                | 17 +++++++
 debian/ooniprobe-cli.timer                    | 11 ++++
 debian/ooniprobe.conf.disabled                | 15 ++++++
 debian/rules                                  |  9 +++-
 debian/source/format                          |  2 +-
 15 files changed, 192 insertions(+), 13 deletions(-)
 create mode 100644 .github/workflows/linux-debian-packages-release.yml
 delete mode 100644 debian/compat
 create mode 100644 debian/config
 create mode 100755 debian/ooniprobe-cli.postinst
 create mode 100644 debian/ooniprobe-cli.service
 create mode 100644 debian/ooniprobe-cli.templates
 create mode 100644 debian/ooniprobe-cli.timer
 create mode 100644 debian/ooniprobe.conf.disabled

diff --git a/.github/workflows/linux-debian-packages-release.yml b/.github/workflows/linux-debian-packages-release.yml
new file mode 100644
index 0000000..24c77db
--- /dev/null
+++ b/.github/workflows/linux-debian-packages-release.yml
@@ -0,0 +1,37 @@
+# Build a Debian package only when a relase tag is applied
+# and publish it on the public/release archive
+name: linux-debian-packages
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  build:
+    runs-on: "ubuntu-20.04"
+    steps:
+      - uses: actions/setup-go@v1
+        with:
+          go-version: "1.14"
+      - uses: actions/checkout@v2
+      - run: ./build.sh linux
+      # - run: ./smoketest.sh ./CLI/linux/amd64/ooniprobe
+      - run: find . -name ooniprobe -type f -executable
+      - run: sudo apt-get update -q
+      - run: sudo apt-get build-dep -y --no-install-recommends .
+      # Use probe version as package version
+      - run: |
+          DVER=$(./CLI/linux/amd64/ooniprobe version)
+          dch -v $DVER "New release"
+          dpkg-buildpackage -us -uc -b
+          find ../ -name "*.deb" -type f
+          DEB="../ooniprobe-cli_${DVER}_amd64.deb"
+          BT_FNAME="ooniprobe-cli_${DVER}_amd64.deb"
+          curl --upload-file "${DEB}" -u "${BT_APIUSER}:${BT_APIKEY}" \
+            "https://api.bintray.com/content/${BT_ORG}/${BT_REPO}/${BT_PKGNAME}/${DVER}/${BT_FNAME};deb_distribution=${DEBDIST};deb_component=main;deb_architecture=amd64;publish=1"
+        env:
+          DEBDIST: unstable
+          BT_APIKEY: ${{ secrets.BT_APIKEY }}
+          BT_APIUSER: federicoceratto
+          BT_ORG: ooni
+          BT_PKGNAME: ooniprobe
+          BT_REPO: ooniprobe-debian
diff --git a/.github/workflows/linux-debian-packages.yml b/.github/workflows/linux-debian-packages.yml
index bfc3f78..62fe56a 100644
--- a/.github/workflows/linux-debian-packages.yml
+++ b/.github/workflows/linux-debian-packages.yml
@@ -1,6 +1,7 @@
 # Build a Debian package and publish on a test/internal archive
 name: linux-debian-packages
 on:
+  pull_request:
   push:
     branches:
       - master
@@ -13,9 +14,11 @@ jobs:
           go-version: "1.14"
       - uses: actions/checkout@v2
       - run: ./build.sh linux
+      # - run: ./smoketest.sh ./CLI/linux/amd64/ooniprobe
       - run: find . -name ooniprobe -type f -executable
       - run: sudo apt-get update -q
       - run: sudo apt-get build-dep -y --no-install-recommends .
+      # Use <probe version>~<github build number> as package version
       - run: |
           VER=$(./CLI/linux/amd64/ooniprobe version)
           DVER="${VER}~${GITHUB_RUN_NUMBER}"
@@ -32,4 +35,4 @@ jobs:
           BT_APIUSER: federicoceratto
           BT_ORG: ooni
           BT_PKGNAME: ooniprobe
-          BT_REPO: ooniprobe-debian
+          BT_REPO: ooniprobe-debian-test
diff --git a/debian/TODO b/debian/TODO
index 8e5c405..a87df46 100644
--- a/debian/TODO
+++ b/debian/TODO
@@ -1,8 +1,4 @@
-
-pull python script
 create bintray repo
-detect tags
+detect tags in github CI
  /etc conf file
- timer
- sandbox
  shared unix group
diff --git a/debian/changelog b/debian/changelog
index c2a961b..6e36d06 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,5 @@
-ooniprobe-cli (0.0.0) UNRELEASED; urgency=medium
+ooniprobe-cli (3.0.9) UNRELEASED; urgency=medium
 
   * Test release
 
- -- Federico Ceratto <federico@openobservatory.org>  Thu, 12 Nov 2020 16:26:14 +0000
+ -- Federico Ceratto <federico@openobservatory.org>  Fri, 04 Dec 2020 19:43:15 +0000
diff --git a/debian/compat b/debian/compat
deleted file mode 100644
index b4de394..0000000
--- a/debian/compat
+++ /dev/null
@@ -1 +0,0 @@
-11
diff --git a/debian/config b/debian/config
new file mode 100644
index 0000000..d36bdaf
--- /dev/null
+++ b/debian/config
@@ -0,0 +1,13 @@
+#! /bin/sh
+#
+# Load debconf module and ask informed consent
+#
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+db_input high ooniprobe-cli/ask-consent || true
+db_go
+
+exit 0
diff --git a/debian/control b/debian/control
index 5ce545d..a6c95c6 100644
--- a/debian/control
+++ b/debian/control
@@ -2,7 +2,10 @@ Source: ooniprobe-cli
 Maintainer: Federico Ceratto <federico@openobservatory.org>
 Section: devel
 Priority: optional
-Build-Depends: dpkg-dev, debhelper, devscripts
+Build-Depends:
+ debhelper-compat (= 12),
+ devscripts,
+ dpkg-dev,
 Standards-Version: 4.5.0
 Vcs-Browser: https://github.com/ooni/probe-cli
 Vcs-Git: https://github.com/ooni/probe-cli.git
@@ -12,6 +15,9 @@ XS-Go-Import-Path: github.com/ooni/probe-cli
 
 Package: ooniprobe-cli
 Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Pre-Depends: debconf (>= 1.0.0)
+Depends: ${misc:Depends}, ${shlibs:Depends},
+ adduser,
+ debconf
 Built-Using: ${misc:Built-Using}
 Description: OONI Probe CLI
diff --git a/debian/ooniprobe-cli.install b/debian/ooniprobe-cli.install
index a4ecd68..8fcfc0b 100644
--- a/debian/ooniprobe-cli.install
+++ b/debian/ooniprobe-cli.install
@@ -1 +1,2 @@
 ./CLI/linux/amd64/ooniprobe usr/bin
+debian/ooniprobe.conf.disabled /etc/ooniprobe
diff --git a/debian/ooniprobe-cli.postinst b/debian/ooniprobe-cli.postinst
new file mode 100755
index 0000000..2bc454d
--- /dev/null
+++ b/debian/ooniprobe-cli.postinst
@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+if [ "$1" = "configure" ]; then
+    if ! getent passwd ooniprobe >/dev/null; then
+        adduser --quiet --system --group --home /var/lib/ooniprobe ooniprobe
+    fi
+fi
+
+# Extract the answer
+db_get ooniprobe-cli/ask-consent || true
+consent="$RET"
+CF=/etc/ooniprobe/ooniprobe.conf
+
+[ "$consent" = true ]  && [ -f ${CF}.disabled ] && mv ${CF}.disabled ${CF}
+[ "$consent" = false ] && [ -f ${CF} ]          && mv ${CF} ${CF}.disabled
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/ooniprobe-cli.service b/debian/ooniprobe-cli.service
new file mode 100644
index 0000000..8ad7cd2
--- /dev/null
+++ b/debian/ooniprobe-cli.service
@@ -0,0 +1,51 @@
+[Unit]
+Description=OONI Probe CLI
+Documentation=man:ooniprobe-cli
+#Documentation=file:///usr/share/doc/ooniprobe-cli/html/index.html
+Documentation=https://ooni.org/
+After=network.target tor.target
+Wants=network-online.target
+ConditionPathExists=/etc/ooniprobe/ooniprobe.conf
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/ooniprobe --config=/etc/ooniprobe/ooniprobe.conf run unattended
+TimeoutStopSec=5
+KillMode=mixed
+
+Environment="OONI_HOME=/var/lib/ooniprobe"
+User=ooniprobe
+PermissionsStartOnly=true
+Restart=on-abnormal
+RestartSec=2s
+LimitNOFILE=65536
+WorkingDirectory=/var/lib/ooniprobe
+
+# Sandboxing
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+LockPersonality=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/proc
+ReadWriteDirectories=-/var/log/ooniprobe
+ReadWriteDirectories=-/var/lib/ooniprobe
+ReadWriteDirectories=-/var/run
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target
diff --git a/debian/ooniprobe-cli.templates b/debian/ooniprobe-cli.templates
new file mode 100644
index 0000000..c2f9dcb
--- /dev/null
+++ b/debian/ooniprobe-cli.templates
@@ -0,0 +1,17 @@
+Template: ooniprobe-cli/ask-consent
+Type: boolean
+Default: false
+Description: Do you consent to OONI Probe data collection?
+ OONI Probe collects evidence of internet censorship and measures
+ network performance.
+ .
+ WARNING:
+ .
+ - OONI Probe will likely test objectionable sites and services
+ .
+ - Anyone monitoring your internet activity (such as a government
+ or Internet provider) may be able to tell that you are using OONI Probe
+ .
+ - The network data you collect will be published automatically
+ .
+ To learn more, see https://ooni.org/about/risks/
diff --git a/debian/ooniprobe-cli.timer b/debian/ooniprobe-cli.timer
new file mode 100644
index 0000000..776fb51
--- /dev/null
+++ b/debian/ooniprobe-cli.timer
@@ -0,0 +1,11 @@
+[Unit]
+Description=OONI Probe CLI
+Requires=ooniprobe-cli.service
+
+[Timer]
+Unit=ooniprobe-cli.service
+OnCalendar=daily
+RandomizedDelaySec=24h
+
+[Install]
+WantedBy=timers.target
diff --git a/debian/ooniprobe.conf.disabled b/debian/ooniprobe.conf.disabled
new file mode 100644
index 0000000..7124af6
--- /dev/null
+++ b/debian/ooniprobe.conf.disabled
@@ -0,0 +1,15 @@
+{
+  "_": "",
+  "_version": 1,
+  "_informed_consent": true,
+  "sharing": {
+    "upload_results": true
+  },
+  "nettests": {
+    "websites_url_limit": 0,
+    "websites_enabled_category_codes": null
+  },
+  "advanced": {
+    "send_crash_reports": true
+  }
+}
diff --git a/debian/rules b/debian/rules
index a3ed1b0..3ab0d3d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -1,10 +1,17 @@
 #!/usr/bin/make -f
 
+export DH_VERBOSE=1
+
 %:
 	dh $@
 
+override_dh_auto_clean:
+	rm -f debian/ooniprobe.1
+	dh_auto_clean
+
 override_dh_auto_build:
-	true
+	# The ooniprobe binary is provided
+	./CLI/linux/amd64/ooniprobe --help-man > debian/ooniprobe.1
 
 override_dh_dwz:
 	true
diff --git a/debian/source/format b/debian/source/format
index 163aaf8..89ae9db 100644
--- a/debian/source/format
+++ b/debian/source/format
@@ -1 +1 @@
-3.0 (quilt)
+3.0 (native)