安全的免密码安装

debian/spark-store.postinst

@@ -30,6 +30,9 @@ case "$1" in
 		
      	       ln -s -f /opt/durapps/spark-store/bin/aptss /usr/bin/aptss
 
+		# Create symbol links for SSINSTALL 
+		ln -s -f  /opt/durapps/spark-store/bin/auto-install-policy/store.spark-app.ssinstall.policy /usr/share/polkit-1/actions/store.spark-app.ssinstall.policy
+
 		# Compile the Sender module
 
 		gcc /opt/durapps/spark-store/bin/ss-feedback/sender-d.sh.c -o /opt/durapps/spark-store/bin/ss-feedback/sender-d

tool/aptss

@@ -1,8 +1,6 @@
 #!/bin/bash
 
-apt-fast(){
-/opt/durapps/spark-store/bin/apt-fast/ss-apt-fast "$@"
-}
+
 
 if [ ! -e "/tmp/aptss-conf/apt-fast.conf" ];then
 ###刷新apt-fast配置
@@ -27,7 +25,7 @@ sudo bwrap --dev-bind / / --bind '/opt/durapps/spark-store/bin/apt-fast-conf/sou
 bwrap --dev-bind / / \
                    --bind '/tmp/aptss-conf/apt-fast.conf' /etc/apt-fast.conf \
                    --bind '/opt/durapps/spark-store/bin/apt-fast-conf/sources.list.d/sparkstore.list' /etc/apt/sources.list.d/sparkstore.list \
-                apt-fast "$@" --allow-downgrades 
+                /opt/durapps/spark-store/bin/apt-fast/ss-apt-fast "$@" --allow-downgrades 
 
 
 elif [ "$1" = "download" ];then
@@ -36,7 +34,7 @@ elif [ "$1" = "download" ];then
 bwrap --dev-bind / / \
                    --bind '/tmp/aptss-conf/apt-fast.conf' /etc/apt-fast.conf \
                    --bind '/opt/durapps/spark-store/bin/apt-fast-conf/sources.list.d/sparkstore.list' /etc/apt/sources.list.d/sparkstore.list \
-                apt-fast "$@" --allow-downgrades 
+                /opt/durapps/spark-store/bin/apt-fast/ss-apt-fast "$@" --allow-downgrades 
 
 
 elif [ "$1" = "policy" ] || [ "$1" = "search" ];then

tool/ssinstall

@@ -1,12 +1,20 @@
 #!/bin/bash
-#将来可能可以换成apt-metalink来直接用种子/链接下载
-
-apt-fast(){
-/opt/durapps/spark-store/bin/apt-fast/ss-apt-fast "$@"
-}
 
 echo "Spark Store Install script.星火商店安装脚本"
 
+function pkexec_as_current_user() {
+    #Detect the name of the display in use
+    local display=":$(ls /tmp/.X11-unix/* | sed 's#/tmp/.X11-unix/X##' | head -n 1)"
+
+    #Detect the user using such display
+    local user=$(who | grep '('$display')' | awk '{print $1}' | head -n 1)
+
+    #Detect the id of the user
+    local uid=$(id -u $user)
+
+    sudo -u $user DISPLAY=$display DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/$uid/bus pkexec "$@"
+}
+
 #################检测文件是否存在
 if [ $# -eq 0 ];then
 echo "没有接收到参数，退出"
@@ -19,39 +27,38 @@ then
 	echo "文件不存在"
 	exit 1
 fi
-#################root校验+要密码
-if [ "$(id -u)" != "0" ]
-then
-    echo "ssinstall需要在root下运行";
-	uname=`whoami`
-	echo "Now input the password of $uname"
-	read -e upass
-	################检查密码对不对
-    echo "$upass" | sudo -S echo "i love amber forever"
-	passcheck=`echo "$upass" | sudo -S echo "i love amber forever"`
-	if [ "$passcheck" != "i love amber forever" ];then
-	echo "-----------------------------------------------------"
-	echo "E:密码错误,退出脚本！"
-	exit 1		
-	fi
-fi
 
-
-
-
-##############判断是否是root运行，如果是，则正常走；如果不是，则代输密码
 if [ "$(id -u)" != "0" ];then
 #############################无root权限时
-----------------------------------------------------------------------------------
-echo "$upass" | sudo -S dpkg -i $1 || sudo aptss install -yf 
+echo "请使用root启动ssinstall"
+exit 1
+fi
 
+###
+
+
+if [ ! -e "/var/lib/apt/lists/d.store.deepinos.org.cn_Packages" ];then
+echo "接收星火仓库软件信息中..."
+aptss ssupdate
+fi
+
+echo "正在计算hash并与星火仓库匹配..."
+
+DEB_MD5SUM=`md5sum "$1" | cut -c -32`
+
+IS_MD5SUM_CHECKD=`cat /var/lib/apt/lists/d.store.deepinos.org.cn_Packages | grep $DEB_MD5SUM`
+if [ ! -z "$IS_MD5SUM_CHECKD" ];then
+
+echo "校验成功，开始安装"
+echo  ----------------------------------------------------------------------------------
+dpkg -i "$1" || aptss install -yf 
 
 else
-###########################有root权限时
-
-echo  ----------------------------------------------------------------------------------
-dpkg -i $1 || aptss install -yf 
 
+echo "校验失败，该deb不是星火已经上架的软件包，这可能是因为你正在尝试安装一个尚未上架的软件包"
+echo "如果你是审核人员，这是正常的"
+echo "为确保安全，将会询问密码"
 
+pkexec_as_current_user bash -c "dpkg -i "$1" || aptss install -yf "
 
 fi

tool/update-upgrade/ss-update-controler.sh

@@ -13,14 +13,9 @@ else
 text_update_open="开启"
 fi
 
-if [  -f /usr/share/polkit-1/actions/store.spark-app.ssinstall.policy ];then 
-text_auto_install_open="关闭"
-#已经开启了就显示关闭
-else
-text_auto_install_open="开启"
-fi
 
-option=`zenity --list --text="欢迎使用星火更新和安装设置工具\n请在以下操作中选择一个进行~" --column 数字 --column=操作选项  --print-column=2  --height 350 --width 760 0 "查看自动更新相关功能使用前须知（重要）" 1 "$text_update_open星火更新检测工具(如果开启则会在系统启动后自动检测更新。如有更新则会弹出通知)" 2 查看可更新软件包列表并决定是否更新 3 "$text_auto_install_open点击安装免输入密码功能" 4 退出脚本 --hide-column=1 --print-column=1` 
+
+option=`zenity --list --text="欢迎使用星火更新和安装设置工具\n请在以下操作中选择一个进行~" --column 数字 --column=操作选项  --print-column=2  --height 350 --width 760 0 "查看自动更新相关功能使用前须知（重要）" 1 "$text_update_open星火更新检测工具(如果开启则会在系统启动后自动检测更新。如有更新则会弹出通知)" 2 查看可更新软件包列表并决定是否更新  4 退出脚本 --hide-column=1 --print-column=1` 
 
 case $option in 
 	0)
@@ -42,25 +37,7 @@ case $option in
 	2)
 	/opt/durapps/spark-store/bin/update-upgrade/ss-do-upgrade.sh
 	;;
-	3)
-	if [ -f /usr/share/polkit-1/actions/store.spark-app.ssinstall.policy ];then 
-	zenity --info --icon-name=spark-store --height 150 --width 200 --text   "---检测到已经启动了免输入密码，执行关闭" --timeout=2 
-	pkexec rm /usr/share/polkit-1/actions/store.spark-app.ssinstall.policy
-	zenity --info --icon-name=spark-store --height 150 --width 200 --text   "已关闭" --timeout=2 
-	else
 
-	is_accept_polkiy=`zenity --list  --height 350 --width 300 --text "请注意：这个功能尚未开发完成，一旦开启，则运行pkexec ssinstall时不再需要授权\n仅对星火内置安装器生效\n理论上会存在一定的安全风险" --column 数字 --column=操作选项 --hide-column=1 --print-column=1 1 同意 2 拒绝`
-
-
-
-if [ "$is_accept_polkiy" = "1" ];then
-	pkexec ln -s /opt/durapps/spark-store/bin/auto-install-policy/store.spark-app.ssinstall.policy /usr/share/polkit-1/actions/store.spark-app.ssinstall.policy
-	zenity --info --icon-name=spark-store --height 150 --width 200 --text  "---已启动"
-	else
-	zenity --info --icon-name=spark-store --height 150 --width 200 --text  "---未同意，返回"
-fi
-fi
-	;;
 	4)
 	exit 0
 	;;