debian: run as a daemon, ask informed consent (#162)

* Set verbose mode, depend on adduser

* Run as daemon

* Generate manpage

* Implement informed consent

* Set version

* Switch format to native

* Set environment

* Update packaging

* Create test and release pipelines

* Update debian/ooniprobe-cli.service

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* Update debian/ooniprobe-cli.service

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* Update debian/ooniprobe.conf.disabled

Co-authored-by: Simone Basso <bassosimone@gmail.com>

* fix(linux-debian-packages): build also on pull requests

Otherwise there's no way for us to test :^).

* fix(debian/control): ubuntu 20.04 has debhelper 12

See https://packages.ubuntu.com/focal/debhelper

* fix(debian/control): debhelper-compat relations doesn't work the way I thought

* Update debian/ooniprobe-cli.timer

Co-authored-by: Simone Basso <bassosimone@gmail.com>

.github/workflows/linux-debian-packages-release.yml

@@ -0,0 +1,37 @@
+# Build a Debian package only when a relase tag is applied
+# and publish it on the public/release archive
+name: linux-debian-packages
+on:
+  push:
+    tags:
+      - '*'
+jobs:
+  build:
+    runs-on: "ubuntu-20.04"
+    steps:
+      - uses: actions/setup-go@v1
+        with:
+          go-version: "1.14"
+      - uses: actions/checkout@v2
+      - run: ./build.sh linux
+      # - run: ./smoketest.sh ./CLI/linux/amd64/ooniprobe
+      - run: find . -name ooniprobe -type f -executable
+      - run: sudo apt-get update -q
+      - run: sudo apt-get build-dep -y --no-install-recommends .
+      # Use probe version as package version
+      - run: |
+          DVER=$(./CLI/linux/amd64/ooniprobe version)
+          dch -v $DVER "New release"
+          dpkg-buildpackage -us -uc -b
+          find ../ -name "*.deb" -type f
+          DEB="../ooniprobe-cli_${DVER}_amd64.deb"
+          BT_FNAME="ooniprobe-cli_${DVER}_amd64.deb"
+          curl --upload-file "${DEB}" -u "${BT_APIUSER}:${BT_APIKEY}" \
+            "https://api.bintray.com/content/${BT_ORG}/${BT_REPO}/${BT_PKGNAME}/${DVER}/${BT_FNAME};deb_distribution=${DEBDIST};deb_component=main;deb_architecture=amd64;publish=1"
+        env:
+          DEBDIST: unstable
+          BT_APIKEY: ${{ secrets.BT_APIKEY }}
+          BT_APIUSER: federicoceratto
+          BT_ORG: ooni
+          BT_PKGNAME: ooniprobe
+          BT_REPO: ooniprobe-debian

.github/workflows/linux-debian-packages.yml

@@ -1,6 +1,7 @@
 # Build a Debian package and publish on a test/internal archive
 name: linux-debian-packages
 on:
+  pull_request:
   push:
     branches:
       - master
@@ -13,9 +14,11 @@ jobs:
           go-version: "1.14"
       - uses: actions/checkout@v2
       - run: ./build.sh linux
+      # - run: ./smoketest.sh ./CLI/linux/amd64/ooniprobe
       - run: find . -name ooniprobe -type f -executable
       - run: sudo apt-get update -q
       - run: sudo apt-get build-dep -y --no-install-recommends .
+      # Use <probe version>~<github build number> as package version
       - run: |
           VER=$(./CLI/linux/amd64/ooniprobe version)
           DVER="${VER}~${GITHUB_RUN_NUMBER}"
@@ -32,4 +35,4 @@ jobs:
           BT_APIUSER: federicoceratto
           BT_ORG: ooni
           BT_PKGNAME: ooniprobe
-          BT_REPO: ooniprobe-debian
+          BT_REPO: ooniprobe-debian-test

debian/TODO

@@ -1,8 +1,4 @@
-
-pull python script
 create bintray repo
-detect tags
+detect tags in github CI
  /etc conf file
- timer
- sandbox
  shared unix group

debian/changelog

@@ -1,5 +1,5 @@
-ooniprobe-cli (0.0.0) UNRELEASED; urgency=medium
+ooniprobe-cli (3.0.9) UNRELEASED; urgency=medium
 
   * Test release
 
- -- Federico Ceratto <federico@openobservatory.org>  Thu, 12 Nov 2020 16:26:14 +0000
+ -- Federico Ceratto <federico@openobservatory.org>  Fri, 04 Dec 2020 19:43:15 +0000

debian/compat

@@ -1 +0,0 @@
-11

debian/config

@@ -0,0 +1,13 @@
+#! /bin/sh
+#
+# Load debconf module and ask informed consent
+#
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+db_input high ooniprobe-cli/ask-consent || true
+db_go
+
+exit 0

debian/control

@@ -2,7 +2,10 @@ Source: ooniprobe-cli
 Maintainer: Federico Ceratto <federico@openobservatory.org>
 Section: devel
 Priority: optional
-Build-Depends: dpkg-dev, debhelper, devscripts
+Build-Depends:
+ debhelper-compat (= 12),
+ devscripts,
+ dpkg-dev,
 Standards-Version: 4.5.0
 Vcs-Browser: https://github.com/ooni/probe-cli
 Vcs-Git: https://github.com/ooni/probe-cli.git
@@ -12,6 +15,9 @@ XS-Go-Import-Path: github.com/ooni/probe-cli
 
 Package: ooniprobe-cli
 Architecture: any
-Depends: ${misc:Depends}, ${shlibs:Depends}
+Pre-Depends: debconf (>= 1.0.0)
+Depends: ${misc:Depends}, ${shlibs:Depends},
+ adduser,
+ debconf
 Built-Using: ${misc:Built-Using}
 Description: OONI Probe CLI

debian/ooniprobe-cli.install

@@ -1 +1,2 @@
 ./CLI/linux/amd64/ooniprobe usr/bin
+debian/ooniprobe.conf.disabled /etc/ooniprobe

debian/ooniprobe-cli.postinst

@@ -0,0 +1,23 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+db_version 2.0
+
+if [ "$1" = "configure" ]; then
+    if ! getent passwd ooniprobe >/dev/null; then
+        adduser --quiet --system --group --home /var/lib/ooniprobe ooniprobe
+    fi
+fi
+
+# Extract the answer
+db_get ooniprobe-cli/ask-consent || true
+consent="$RET"
+CF=/etc/ooniprobe/ooniprobe.conf
+
+[ "$consent" = true ]  && [ -f ${CF}.disabled ] && mv ${CF}.disabled ${CF}
+[ "$consent" = false ] && [ -f ${CF} ]          && mv ${CF} ${CF}.disabled
+
+#DEBHELPER#
+
+exit 0

debian/ooniprobe-cli.service

@@ -0,0 +1,51 @@
+[Unit]
+Description=OONI Probe CLI
+Documentation=man:ooniprobe-cli
+#Documentation=file:///usr/share/doc/ooniprobe-cli/html/index.html
+Documentation=https://ooni.org/
+After=network.target tor.target
+Wants=network-online.target
+ConditionPathExists=/etc/ooniprobe/ooniprobe.conf
+
+[Service]
+Type=simple
+ExecStart=/usr/bin/ooniprobe --config=/etc/ooniprobe/ooniprobe.conf run unattended
+TimeoutStopSec=5
+KillMode=mixed
+
+Environment="OONI_HOME=/var/lib/ooniprobe"
+User=ooniprobe
+PermissionsStartOnly=true
+Restart=on-abnormal
+RestartSec=2s
+LimitNOFILE=65536
+WorkingDirectory=/var/lib/ooniprobe
+
+# Sandboxing
+CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+LockPersonality=yes
+NoNewPrivileges=yes
+PrivateDevices=yes
+PrivateTmp=yes
+PrivateUsers=yes
+ProtectClock=yes
+ProtectControlGroups=yes
+ProtectHome=yes
+ProtectHostname=yes
+ProtectKernelLogs=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+ProtectSystem=full
+ReadOnlyDirectories=/
+ReadWriteDirectories=-/proc
+ReadWriteDirectories=-/var/log/ooniprobe
+ReadWriteDirectories=-/var/lib/ooniprobe
+ReadWriteDirectories=-/var/run
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+SystemCallArchitectures=native
+SystemCallFilter=@system-service
+
+[Install]
+WantedBy=multi-user.target

debian/ooniprobe-cli.templates

@@ -0,0 +1,17 @@
+Template: ooniprobe-cli/ask-consent
+Type: boolean
+Default: false
+Description: Do you consent to OONI Probe data collection?
+ OONI Probe collects evidence of internet censorship and measures
+ network performance.
+ .
+ WARNING:
+ .
+ - OONI Probe will likely test objectionable sites and services
+ .
+ - Anyone monitoring your internet activity (such as a government
+ or Internet provider) may be able to tell that you are using OONI Probe
+ .
+ - The network data you collect will be published automatically
+ .
+ To learn more, see https://ooni.org/about/risks/

debian/ooniprobe-cli.timer

@@ -0,0 +1,11 @@
+[Unit]
+Description=OONI Probe CLI
+Requires=ooniprobe-cli.service
+
+[Timer]
+Unit=ooniprobe-cli.service
+OnCalendar=daily
+RandomizedDelaySec=24h
+
+[Install]
+WantedBy=timers.target

debian/ooniprobe.conf.disabled

@@ -0,0 +1,15 @@
+{
+  "_": "",
+  "_version": 1,
+  "_informed_consent": true,
+  "sharing": {
+    "upload_results": true
+  },
+  "nettests": {
+    "websites_url_limit": 0,
+    "websites_enabled_category_codes": null
+  },
+  "advanced": {
+    "send_crash_reports": true
+  }
+}

debian/rules

@@ -1,10 +1,17 @@
 #!/usr/bin/make -f
 
+export DH_VERBOSE=1
+
 %:
 	dh $@
 
+override_dh_auto_clean:
+	rm -f debian/ooniprobe.1
+	dh_auto_clean
+
 override_dh_auto_build:
-	true
+	# The ooniprobe binary is provided
+	./CLI/linux/amd64/ooniprobe --help-man > debian/ooniprobe.1
 
 override_dh_dwz:
 	true

debian/source/format

@@ -1 +1 @@
-3.0 (quilt)
+3.0 (native)