Create the secret file in .config/rascsi instead. Plus some added code comments, and removing a superfluous sudo -v.

2022-07-28 22:48:18 -07:00 · 2022-07-28 22:48:18 -07:00 · 8265d25d88
parent e51517ca60
commit 8265d25d88
1 changed files with 17 additions and 7 deletions
--- a/easyinstall.sh
+++ b/easyinstall.sh
@ -89,9 +89,10 @@ function compileRaScsi() {

    echo "Compiling with ${CORES:-1} simultaneous cores..."
    make clean </dev/null
+
+    # Refresh the sudo authentication, which shouldn't trigger another password prompt
    sudo -v
    make -j "${CORES:-1}" all CONNECT_TYPE="${CONNECT_TYPE:-FULLSPEC}" </dev/null
-    sudo -v
 }

 function cleanupOutdatedManPage() {
@ -223,6 +224,8 @@ function configureTokenAuth() {
    echo "Do you want to protect your RaSCSI installation with a password? [y/N]"
    read REPLY

+    SECRET_FILE="$HOME/.config/rascsi/rascsi_secret"
+
    if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
        echo -n "Enter the password that you want to use: "
        read -r TOKEN
@ -230,11 +233,17 @@ function configureTokenAuth() {
            sudo rm "$HOME/.rascsi_secret"
            echo "Removed old RaSCSI token file"
        fi
-        echo "$TOKEN" > "$HOME/.rascsi_secret"
-        sudo chown root:root "$HOME/.rascsi_secret"
-        sudo chmod 600 "$HOME/.rascsi_secret"
+        if [ -f "$SECRET_FILE" ]; then
+            sudo rm "$SECRET_FILE"
+            echo "Removed old RaSCSI token file"
+        fi
+        echo "$TOKEN" > "$SECRET_FILE"
+
+	# Make the secret file owned and only readable by root
+        sudo chown root:root "$SECRET_FILE"
+        sudo chmod 600 "$SECRET_FILE"
        echo ""
-        echo "Configured RaSCSI to use $HOME/.rascsi_secret for authentication. This file is readable by root only."
+        echo "Configured RaSCSI to use $SECRET_FILE for authentication. This file is readable by root only."
        echo "Make note of your password: you will need it to use rasctl and other RaSCSI clients."
    fi
 }
@ -242,8 +251,7 @@ function configureTokenAuth() {
 # Modifies and installs the rascsi service
 function enableRaScsiService() {
    if [ ! -z "$TOKEN" ]; then
-        sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $HOME/.rascsi_secret@" "$SYSTEMD_PATH/rascsi.service"
-        sudo chmod 600 "$SYSTEMD_PATH/rascsi.service"
+        sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
    else
        sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service"
    fi
@ -264,6 +272,7 @@ function installWebInterfaceService() {
    echo "$TOKEN"
    if [ ! -z "$TOKEN" ]; then
        sudo sed -i "8 i ExecStart=$WEB_INSTALL_PATH/start.sh --password=$TOKEN" "$SYSTEMD_PATH/rascsi-web.service"
+	# Make the service file readable by root only, to protect the token string
        sudo chmod 600 "$SYSTEMD_PATH/rascsi-web.service"
        echo "Granted access to the Web Interface with the token password that you configured for RaSCSI."
    else
@ -932,6 +941,7 @@ function installRaScsiScreen() {
    sudo sed -i /^ExecStart=/d "$SYSTEMD_PATH/rascsi-oled.service"
    if [ ! -z "$TOKEN" ]; then
        sudo sed -i "8 i ExecStart=$OLED_INSTALL_PATH/start.sh --rotation=$ROTATION --height=$SCREEN_HEIGHT --password=$TOKEN" "$SYSTEMD_PATH/rascsi-oled.service"
+	# Make the service file readable by root only, to protect the token string
        sudo chmod 600 "$SYSTEMD_PATH/rascsi-oled.service"
        echo "Granted access to the OLED Monitor with the password that you configured for RaSCSI."
    else