Skip to content

Commit 7a99cc3

Browse files
committed
move secure image enabling from a button into a script
people don't read and lock themselves out of the image too often this change means they can only secure the image if they already have console access which is required to disable it
1 parent f9f680f commit 7a99cc3

File tree

3 files changed

+33
-20
lines changed

3 files changed

+33
-20
lines changed

src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/app.py

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -262,8 +262,12 @@ def list_value_by_tags(tags, idx):
262262
self._d.env_by_tags("rbthermalhack").value = ""
263263

264264
# Ensure secure_image is set the new way if before the update it was set only as env variable
265-
if self._d.is_enabled("secure_image"):
265+
if self._d.is_enabled("secure_image") and not self.check_secure_image():
266266
self.set_secure_image()
267+
# set secure_image env variable in case it is not set
268+
if not self._d.is_enabled("secure_image") and self.check_secure_image():
269+
self.set_secure_image()
270+
267271
self._d.env_by_tags("pack")._value_call = self.pack_im
268272
self._other_aggregators = {
269273
"adsbhub--submit": ADSBHub(self._system),
@@ -3489,8 +3493,6 @@ def update(self):
34893493
timeout=30,
34903494
)
34913495
self._d.env_by_tags("acarshub_data_path").value = "/run/acars_data"
3492-
if key == "secure_image":
3493-
self.set_secure_image()
34943496
if allow_insecure and key == "toggle_hotspot":
34953497
self.toggle_hotspot()
34963498
if key == "no_config_link":

src/modules/adsb-feeder/filesystem/root/opt/adsb/adsb-setup/templates/systemmgmt.html

Lines changed: 6 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -74,27 +74,16 @@ <h5 class="mt-3">The feeder system is secured</h5>
7474
</div>
7575
<div class="col-12 col-lg-6 {% if is_enabled('secure_image') %} d-none {% endif %}">
7676
<h5 class="mt-3">Secure Feeder System</h5>
77-
<form method="POST" onsubmit="show_spinner(); return true;">
7877
<div class="row align-items-center">
7978
<div class="col-8">
80-
<label for="secure_image">
81-
Attempt to make it somewhat harder for someone on the local
82-
network to gain access to the image. Of course, anyone with
83-
physical access to the feeder hardware can circumvent the
84-
protection attempted here. Make sure you have an SSH key or
85-
password set up and tested before doing this, or you will
86-
permanently lock yourself out of this image.
87-
Also disables the wifi hotspot which allows for wifi
88-
configuration when there is no network connectivity.
89-
</label>
90-
</div>
91-
<div class="col-4">
92-
<button type="submit" class="btn btn-primary mx-auto w-100" name="secure_image" value="go">
93-
SSH is working.<br>Secure the image.
94-
</button>
79+
Attempt to make it somewhat harder for someone on the local network to gain access to the
80+
image. Of course, anyone with physical access to the feeder hardware can circumvent the
81+
protection attempted here. Also disables the wifi hotspot which allows for wifi
82+
configuration when there is no network connectivity.
83+
To enable this option, log in locally or via SSH and run this command:
84+
/opt/adsb/scripts/secure-image-enable.sh
9585
</div>
9686
</div>
97-
</form>
9887
</div>
9988
<div class="col-12 col-lg-6 {% if is_enabled('secure_image') %} d-none {% endif %}">
10089
<h5 class="mt-3">Web Authentication</h5>
Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
#!/bin/bash
2+
3+
4+
# this needs to run as root
5+
if [ "$(id -u)" != "0" ] ; then
6+
echo "this command requires superuser privileges - please run as sudo bash $0"
7+
exit 1
8+
fi
9+
10+
systemctl stop adsb-setup
11+
12+
TMP="$(mktemp config.json.XXXX)"
13+
JSON="/opt/adsb/config/config.json"
14+
jq < "$JSON" '."AF_IS_SECURE_IMAGE" = true' > "$TMP" && mv "$TMP" "$JSON"
15+
sed -i '/_ADSBIM_STATE_IS_SECURE_IMAGE=.*/d' /opt/adsb/config/.env
16+
touch /opt/adsb/adsb.im.secure_image
17+
18+
systemctl restart adsb-setup
19+
20+
echo "----------------------"
21+
echo "Secure Image ENABLED!"
22+
echo "----------------------"

0 commit comments

Comments
 (0)