ktwrd · December 15, 2024 01:33
diff --git a/download-wellknown-security.py b/download-wellknown-security.py
 #!/usr/bin/python3
 # coding: utf-8
 '''
 ------------------------------------------------------------------------------
 Copyright 2024 Kate Ward
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 ------------------------------------------------------------------------------
 Note: This script automatically updates itself before pulling security.txt
 '''

 # ---- download with cURL ----
 # curl -J -L https://gist.github.com/ktwrd/44bdb1bd577a0d944dbfb7911e51fdbd/raw/download-wellknown-security.py -o /etc/cron.hourly/1_download_well-known-security_katepet.py && chmod +x /etc/cron.hourly/1_download_well-known-security_katepet.py

 import requests, sys, hashlib, subprocess, logging
 from threading import Thread

 # logging stuff :3
 logging.basicConfig(stream=sys.stdout, level=logging.INFO)
 logging.addLevelName(logging.INFO + 2, 'STDERR')
 logging.addLevelName(logging.INFO + 1, 'STDOUT')
 logger = logging.getLogger('root')
 def logstream(stream, loggercb):
    while True:
        out = stream.readline()
        if out:
            loggercb(out.rstrip())
        else:
            break

 # download security.txt to /var/www/
 def fetch_security():
    response = requests.get("https://res.kate.pet/.well-known/security.txt")
    if response.status_code >= 200 and response.status_code < 300:
        f = open("/var/www/security.txt", "w")
        f.write(response.text)
        f.close()
        print('Wrote content to /var/www/security.txt')
        return True
    else:
        print('Invalid status code: ' + response.status_code)
        print(response.text)
        return False

 # download latest script version, and write into *this* file.
 def fetch_script():
    if not __file__.endswith('.py'):
        print('[fetch_script] Skipping. __file__ (%s) does not end with ".py"' % __file__)
        return True

    response = requests.get("https://gist.githubusercontent.com/ktwrd/44bdb1bd577a0d944dbfb7911e51fdbd/raw/download-wellknown-security.py")
    if response.status_code >= 200 and response.status_code < 300:
        f = open(__file__, "w")
        f.write(response.text)
        f.close()
        print('[fetch_script] Wrote new script to ' + __file__)
        return True
    else:
        print('[fetch_script] Invalid status cide: ' + response.status_code)
        print(response.text)
        return False

 # lil bit of glue for getting the sha256 hash of a file
 HASH_BUF_SIZE = 65536
 def get_file_checksum(location):
    hash = hashlib.sha256()
    with open(location, 'rb') as f:
        while True:
            data = f.read(HASH_BUF_SIZE)
            if not data:
                break
            hash.update(data)
    return hash.hexdigest()

 def exec_pipe(data):
    pobj = subprocess.Popen(data, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    stdout_thread = Thread(target=logstream, args=(pobj.stdout, lambda s: logger.log(logging.INFO + 1, s)))
    stderr_thread = Thread(target=logstream, args=(pobj.stderr, lambda s: logger.log(logging.INFO + 2, s)))

    stdout_thread.start()
    stderr_thread.start()
    while stdout_thread.is_alive() or stderr_thread.is_alive():
        pass

 current_file_hash = get_file_checksum(__file__)
 if not fetch_script():
    print('[run] Failed to run fetch_script')
    exit(1)

 # check if script has been updated. if so, re-run it then exit once it's done.
 new_file_hash = get_file_checksum(__file__)
 if current_file_hash != new_file_hash:
    print('[run] Hash mismatch. Script has been updated after download! Re-running')
    print('Currently running: %s' % current_file_hash)
    print('  Downloaded file: %s' % new_file_hash)
    print('')
    exec_pipe(['/usr/bin/python3', __file__])
    exit(0)
    
 # download security.txt and write to /var/www/security.txt
 if not fetch_security():
    print('[run] Failed to run fetch_security')
    exit(1)
 print('[run] Done!')
 exit(0)
	#!/usr/bin/python3
	# coding: utf-8
	'''
	------------------------------------------------------------------------------
	Copyright 2024 Kate Ward
	Licensed under the Apache License, Version 2.0 (the "License");
	you may not use this file except in compliance with the License.
	You may obtain a copy of the License at
	http://www.apache.org/licenses/LICENSE-2.0
	Unless required by applicable law or agreed to in writing, software
	distributed under the License is distributed on an "AS IS" BASIS,
	WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	See the License for the specific language governing permissions and
	limitations under the License.
	------------------------------------------------------------------------------
	Note: This script automatically updates itself before pulling security.txt
	'''

	# ---- download with cURL ----
	# curl -J -L https://gist.github.com/ktwrd/44bdb1bd577a0d944dbfb7911e51fdbd/raw/download-wellknown-security.py -o /etc/cron.hourly/1_download_well-known-security_katepet.py && chmod +x /etc/cron.hourly/1_download_well-known-security_katepet.py

	import requests, sys, hashlib, subprocess, logging
	from threading import Thread

	# logging stuff :3
	logging.basicConfig(stream=sys.stdout, level=logging.INFO)
	logging.addLevelName(logging.INFO + 2, 'STDERR')
	logging.addLevelName(logging.INFO + 1, 'STDOUT')
	logger = logging.getLogger('root')
	def logstream(stream, loggercb):
	while True:
	out = stream.readline()
	if out:
	loggercb(out.rstrip())
	else:
	break

	# download security.txt to /var/www/
	def fetch_security():
	response = requests.get("https://res.kate.pet/.well-known/security.txt")
	if response.status_code >= 200 and response.status_code < 300:
	f = open("/var/www/security.txt", "w")
	f.write(response.text)
	f.close()
	print('Wrote content to /var/www/security.txt')
	return True
	else:
	print('Invalid status code: ' + response.status_code)
	print(response.text)
	return False

	# download latest script version, and write into this file.
	def fetch_script():
	if not __file__.endswith('.py'):
	print('[fetch_script] Skipping. __file__ (%s) does not end with ".py"' % __file__)
	return True

	response = requests.get("https://gist.githubusercontent.com/ktwrd/44bdb1bd577a0d944dbfb7911e51fdbd/raw/download-wellknown-security.py")
	if response.status_code >= 200 and response.status_code < 300:
	f = open(__file__, "w")
	f.write(response.text)
	f.close()
	print('[fetch_script] Wrote new script to ' + __file__)
	return True
	else:
	print('[fetch_script] Invalid status cide: ' + response.status_code)
	print(response.text)
	return False

	# lil bit of glue for getting the sha256 hash of a file
	HASH_BUF_SIZE = 65536
	def get_file_checksum(location):
	hash = hashlib.sha256()
	with open(location, 'rb') as f:
	while True:
	data = f.read(HASH_BUF_SIZE)
	if not data:
	break
	hash.update(data)
	return hash.hexdigest()

	def exec_pipe(data):
	pobj = subprocess.Popen(data, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
	stdout_thread = Thread(target=logstream, args=(pobj.stdout, lambda s: logger.log(logging.INFO + 1, s)))
	stderr_thread = Thread(target=logstream, args=(pobj.stderr, lambda s: logger.log(logging.INFO + 2, s)))

	stdout_thread.start()
	stderr_thread.start()
	while stdout_thread.is_alive() or stderr_thread.is_alive():
	pass

	current_file_hash = get_file_checksum(__file__)
	if not fetch_script():
	print('[run] Failed to run fetch_script')
	exit(1)

	# check if script has been updated. if so, re-run it then exit once it's done.
	new_file_hash = get_file_checksum(__file__)
	if current_file_hash != new_file_hash:
	print('[run] Hash mismatch. Script has been updated after download! Re-running')
	print('Currently running: %s' % current_file_hash)
	print(' Downloaded file: %s' % new_file_hash)
	print('')
	exec_pipe(['/usr/bin/python3', __file__])
	exit(0)

	# download security.txt and write to /var/www/security.txt
	if not fetch_security():
	print('[run] Failed to run fetch_security')
	exit(1)
	print('[run] Done!')
	exit(0)