remote: T3356: Backport remote module use to Equuleus

1 files changed, 31 insertions, 79 deletions

diff --git a/scripts/install/install-image b/scripts/install/install-image
index f59f3475..b4b9cfba 100755
--- a/scripts/install/install-image
+++ b/scripts/install/install-image
@@ -98,102 +98,55 @@ PART_FILE=''
 # Temp directory for downloaded ISO
 TEMP_DIR="/var/tmp/install-image.$$"
 
+download_file ()
+{
+    (REMOTE_USERNAME=$USERNAME \
+     REMOTE_PASSWORD=$PASSWORD \
+     ip vrf exec $VRF python3 -c "import vyos.remote; vyos.remote.friendly_download('$1', '$2')")
+}
+
 # Try to fetch the ISO file using a URL provided by the user.
 # If successful, we leave $NEW_ISO pointing to the ISO file that
 # was downloaded.
 fetch_iso_by_url ()
 {
     mkdir $TEMP_DIR
-    echo "Trying to fetch ISO file from $NEW_ISO"
-
-    if [ -n "$USERNAME" ]; then
-        AUTH="-u $USERNAME:$PASSWORD"
-    else
-        AUTH=""
-    fi
-
-    # This is for statistics collection
-    vyos_version=`cat /opt/vyatta/etc/version | awk '{print $2}'`
-
     filename="${TEMP_DIR}/${NEW_ISO##*/}"
-    ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o $filename $NEW_ISO
-    curlerror=$?
-    if [ $curlerror -eq 51 ]; then
-        host=${NEW_ISO##scp://}
-        host=${host%%/*}
-        rsa_key=$(ssh-keyscan -t rsa $host 2>/dev/null)
-        if [[ $VYATTA_PROCESS_CLIENT == "gui2_rest" ]]; then
-            response="yes"
-        else
-            echo "The authenticity of host '$host' can't be established."
-            echo "RSA key fingerprint is $(ssh-keygen -lf /dev/stdin <<<$rsa_key \
-                | awk {' print $2 '} ) ."
-            echo "Are you sure you want to continue connecting (yes/no) [yes]?"
-            response=$(get_response "Yes" "Yes No Y N")
-        fi
-        if [[ "$response" == "yes" || "$response" == "y" ]]; then
-            mkdir -p ~/.ssh/
-            echo $rsa_key >> ~/.ssh/known_hosts
-            ip vrf exec $VRF curl $AUTH -f -o $filename $NEW_ISO
-            curlerror=$?
-        fi
-    fi
-    if [ $curlerror -ne 0 ]; then
-        echo "Unable to fetch ISO from $NEW_ISO"
-        rm -f $filename
-        exit 1
-    fi
-    if [ ! -e $filename ]; then
-        echo "Download of $NEW_ISO failed"
-        exit 1
+
+    echo "Trying to fetch ISO file from $NEW_ISO..."
+    download_file "$filename" "$NEW_ISO"
+    if [ $? -ne 0 ]; then
+        fail_exit 'Failed to download the ISO file.'
     fi
-    echo "ISO download succeeded."
+    echo "Done."
 
     echo "Checking for digital signature file..."
-    # XXX: T2108: We will first download and try to verify the image using the
-    # generated minisign signature. If this fails, we try to retrieve the GPG
-    # signature file.
-    ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o ${filename}.minisig ${NEW_ISO}.minisig
+    download_file "${filename}.minisig" "${NEW_ISO}.minisig"
     if [ $? -ne 0 ]; then
-        ip vrf exec $VRF curl -L -H "User-Agent: VyOS/$vyos_version" $AUTH -f -o ${filename}.asc ${NEW_ISO}.asc
+        download_file "${filename}.asc" "${NEW_ISO}.asc"
     fi
     if [ $? -ne 0 ]; then
-        echo "Unable to fetch digital signature file."
         echo -n "Do you want to continue without signature check? (yes/no) [yes] "
 
-        response=$(get_response "Yes" "Yes No Y N")
-        if [ "$response" == "no" ] || [ "$response" == "n" ]; then
-            rm -f $filename
-            fail_exit 'OK. Installation will not be performed.'
-        fi
         # In case signature file was partially downloaded...
         rm -f ${filename}.asc ${filename}.minisig
-    fi
 
-    if [ -e ${filename}.minisig ]; then
-        echo "Found it. Checking digital signature..."
-        minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig
-        if [ $? -ne 0 ]; then
-            echo "Signature check FAILED, trying BACKUP key..."
-            minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig
+        response=$(get_response "Yes" "Yes No Y N")
+        if [ "$response" == "no" ] || [ "$response" == "n" ]; then
+            fail_exit 'OK. Installation will not be performed.'
         fi
-        if [ $? -ne 0 ]; then
-            echo "Signature check FAILED."
-            echo -n "Do you want to continue anyway? (yes/no) [no] "
-            response=$(get_response "No" "Yes No Y N")
-            if [ "$response" == "no" ] || [ "$response" == "n" ]; then
-                fail_exit 'OK. Installation will not be performed.'
+    else
+        echo "Checking digital signature..."
+        if [ -f ${filename}.minisig ]; then
+            minisign -V -q -p /usr/share/vyos/keys/vyos-release.minisign.pub -m ${filename} -x ${filename}.minisig
+            if [ $? -ne 0 ]; then
+                echo "Signature check FAILED, trying BACKUP key..."
+                minisign -V -q -p /usr/share/vyos/keys/vyos-backup.minisign.pub -m ${filename} -x ${filename}.minisig
             fi
-
-            echo "OK. Proceeding with installation anyway."
-        else
-            echo "Digital signature is valid."
         fi
-    fi
-
-    if [ -e ${filename}.asc ]; then
-        echo "Found it. Checking digital signature..."
-        gpg --verify ${filename}.asc ${filename} >/dev/null 2>&1
+        if [ -f ${filename}.asc ]; then
+            gpg --verify ${filename}.asc ${filename} >/dev/null 2>&1
+        fi
         if [ $? -ne 0 ]; then
             echo "Signature check FAILED."
             echo -n "Do you want to continue anyway? (yes/no) [no] "
@@ -201,7 +154,6 @@ fetch_iso_by_url ()
             if [ "$response" == "no" ] || [ "$response" == "n" ]; then
                 fail_exit 'OK. Installation will not be performed.'
             fi
-
             echo "OK. Proceeding with installation anyway."
         else
             echo "Digital signature is valid."
@@ -219,7 +171,7 @@ set_up_new_iso ()
     if [ "$url_scheme" != "$NEW_ISO" ]; then
         if [ "$url_scheme" = "http" -o "$url_scheme" = "https" -o \
              "$url_scheme" = "ftp" -o "$url_scheme" = "tftp" -o \
-             "$url_scheme" = "scp" ]; then
+             "$url_scheme" = "scp" -o "$url_scheme" = "sftp" ]; then
             fetch_iso_by_url
         fi
     fi
@@ -314,10 +266,10 @@ install_existing ()
 }
 
 if [ -z "$USERNAME" ] && [ -n "$PASSWORD" ]; then
-    fail_exit "Password can not be specified without username"
+    fail_exit "Password cannot be specified without username."
 fi
 if [ -n "$USERNAME" ] && [ -z "$PASSWORD" ]; then
-    fail_exit "Username can not be specified without password"
+    fail_exit "Username cannot be specified without password."
 fi
 if [ $(id -u) != 0 ]; then
     fail_exit "Image installation requires root privileges!"