From ab057c854cf423f3f49263e6f944f5dfc10cf69d Mon Sep 17 00:00:00 2001
From: key-networks <34238649+key-networks@users.noreply.github.com>
Date: Thu, 14 Jan 2021 19:41:49 +0800
Subject: [PATCH 1/3] Issue#36: .deb deploys default TLS certificate and
 private key (#39)

* issue#36: Generating TLS key and self-signed cert after installing/upgrading the package

* issue#36: Updated libstdc++.a dependency to v10

* issue#36: Generate self-signed certs after install/upgrade

* issue#36: Updated dependencies

* issue#36: Check for pre-existence of key/cert
---
 build/after-install.sh  | 17 +++++++++++++++--
 build/after-upgrade.sh  |  9 +++++++++
 build/binding.gyp.patch |  6 +++---
 build/build.sh          | 33 ++++++++++++++++++++++-----------
 src/package.json        |  6 +++---
 5 files changed, 52 insertions(+), 19 deletions(-)

diff --git a/build/after-install.sh b/build/after-install.sh
index 9235e69..dc71086 100644
--- a/build/after-install.sh
+++ b/build/after-install.sh
@@ -1,6 +1,19 @@
+#!/bin/bash
+
 ETC='/opt/key-networks/ztncui/etc'
-echo "Copying default password file..."
-cp -pv $ETC/default.passwd $ETC/passwd
+if [ -f ${ETC}/passwd ]; then
+  echo "Password file aready exists"
+else
+  echo "Copying default password file..."
+  cp -pv ${ETC}/default.passwd ${ETC}/passwd
+fi
+if [ -f /opt/key-networks/ztncui/etc/tls/privkey.pem ] && [ -f /opt/key-networks/ztncui/etc/tls/fullchain.pem ]; then
+  echo "TLS key and certificate already exist"
+else
+  echo "Generating new TLS key and self-signed certificate..."
+  openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /opt/key-networks/ztncui/etc/tls/privkey.pem -out /opt/key-networks/ztncui/etc/tls/fullchain.pem -subj "/C=XX/ST=YY/L=ZZ/O=Security/OU=SelfSigned/CN=example.com"
+fi
+chown ztncui.ztncui /opt/key-networks/ztncui/etc/tls/*
 echo "Enabling and starting ztncui service..."
 systemctl enable ztncui
 systemctl start ztncui
diff --git a/build/after-upgrade.sh b/build/after-upgrade.sh
index ab0a922..f00a075 100644
--- a/build/after-upgrade.sh
+++ b/build/after-upgrade.sh
@@ -1,2 +1,11 @@
+#!/bin/bash
+
+if [ -f /opt/key-networks/ztncui/etc/tls/privkey.pem ] && [ -f /opt/key-networks/ztncui/etc/tls/fullchain.pem ]; then
+  echo "TLS key and certificate already exist"
+else
+  echo "Generating new TLS key and self-signed certificate..."
+  openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout /opt/key-networks/ztncui/etc/tls/privkey.pem -out /opt/key-networks/ztncui/etc/tls/fullchain.pem -subj "/C=XX/ST=YY/L=ZZ/O=Security/OU=SelfSigned/CN=example.com"
+fi
+chown ztncui.ztncui /opt/key-networks/ztncui/etc/tls/*
 systemctl daemon-reload
 systemctl try-restart ztncui
diff --git a/build/binding.gyp.patch b/build/binding.gyp.patch
index 69c2874..b5fcb63 100644
--- a/build/binding.gyp.patch
+++ b/build/binding.gyp.patch
@@ -1,10 +1,10 @@
---- /tmp/binding.gyp	2018-07-07 14:38:23.884143337 +0800
-+++ ../src/node_modules/argon2/binding.gyp	2018-07-07 14:39:09.684840870 +0800
+--- ../src/node_modules/argon2/binding.gyp
++++ ../src/node_modules/argon2/binding.gyp
 @@ -47,6 +47,7 @@
        ],
        "cflags+": ["-Wno-cast-function-type"],
        "include_dirs+": ["<!(node -e \"require('nan')\")"],
-+      "libraries": ["/usr/lib/gcc/x86_64-redhat-linux/9/libstdc++.a"],
++      "libraries": ["/usr/lib/gcc/x86_64-redhat-linux/10/libstdc++.a"],
        "dependencies": ["libargon2"],
        "configurations": {
          "Debug": {
diff --git a/build/build.sh b/build/build.sh
index efd56dd..2a73503 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+set -e
+
 THISDIR=`pwd`
 if [ `basename $THISDIR`  != 'build' ]; then
   echo "Execute `basename $0` from the build directory"
@@ -22,20 +24,21 @@ LICENSE='GPLv3'
 
 BINDINGGYP='node_modules/argon2/binding.gyp'
 
-if [ ! -f  /usr/lib/gcc/x86_64-redhat-linux/9/libstdc++.a ]; then
+NODE_VER='v8'
+
+if [ ! -f  /usr/lib/gcc/x86_64-redhat-linux/10/libstdc++.a ]; then
   echo "You must install libstdc++-static"
   exit 1
 fi
 
-if [ ! -f  /usr/bin/rpmbuild ]; then
-  echo "You must install rpm-build"
-  exit 1
-fi
+DEPS="rpmbuild rpmsign npm node"
 
-if [ ! -f  /usr/bin/rpmsign ]; then
-  echo "You must install rpm-sign"
-  exit 1
-fi
+for DEP in ${DEPS}; do
+  if ! which ${DEP}; then
+    echo "Missing dependency ${DEP}"
+    exit 1
+  fi
+done
 
 rm -fr $STAGING_DIR && mkdir $STAGING_DIR
 rm -fr $PKG_DIR && mkdir $PKG_DIR
@@ -43,6 +46,15 @@ rm -fr $PKG_DIR && mkdir $PKG_DIR
 pushd .
 cd ../src
 pushd .
+
+NVER=`node --version`
+if [[ ${NVER%%.*} != ${NODE_VER} ]]; then
+  echo "Missing dependency node ${NODE_VER}"
+  exit 1
+fi
+
+[[ -d ../src/node_modules ]] && rm -fr ../src/node_modules
+
 npm install
 
 patch --forward --dry-run --silent $BINDINGGYP $BUILD_DIR/binding.gyp.patch
@@ -81,8 +93,6 @@ install -m 644 $BUILD_DIR/ztncui.service $STAGING_DIR/lib/systemd/system
 
 rm -f $BUILD_DIR/ztncui
 
-openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout $STAGING_DIR/opt/key-networks/ztncui/etc/tls/privkey.pem -out $STAGING_DIR/opt/key-networks/ztncui/etc/tls/fullchain.pem -config $BUILD_DIR/openssl.cnf
-
 GENERAL_FPM_FLAGS="
   --name $NAME
   --version $VERSION
@@ -92,6 +102,7 @@ GENERAL_FPM_FLAGS="
   --package $PKG_DIR
   --directories /opt/key-networks
   --depends zerotier-one
+  --depends openssl
   --before-install before-install.sh
   --after-install after-install.sh
   --before-remove before-remove.sh
diff --git a/src/package.json b/src/package.json
index fe41a0d..075d7cd 100644
--- a/src/package.json
+++ b/src/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ztncui",
-  "version": "0.5.8",
+  "version": "0.6.3",
   "private": true,
   "scripts": {
     "start": "node ./bin/www",
@@ -17,9 +17,9 @@
     "express-session": "^1.15.6",
     "express-validator": "^4.3.0",
     "got": "^7.1.0",
-    "helmet": "^3.12.0",
+    "helmet": "^3.23.0",
     "ip-address": "^5.8.9",
-    "jquery": "^3.4.1",
+    "jquery": "^3.5.1",
     "morgan": "~1.9.1",
     "node-persist": "^2.1.0",
     "pug": "^2.0.4",

From f0be22248cb128c3ff3f5342ecaf25e971a88bc3 Mon Sep 17 00:00:00 2001
From: key-networks <34238649+key-networks@users.noreply.github.com>
Date: Sat, 16 Jan 2021 12:55:25 +0800
Subject: [PATCH 2/3] rpm-sign: Workaround for broken fpm rpm signing (#53)

---
 build/build.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/build/build.sh b/build/build.sh
index 2a73503..4dc24cb 100755
--- a/build/build.sh
+++ b/build/build.sh
@@ -118,7 +118,6 @@ fpm -s dir -t rpm \
   --description "$DESCRIPTION" \
   --rpm-user ztncui \
   --rpm-group ztncui \
-  --rpm-sign \
   .
 
 fpm -s dir -t deb \
@@ -130,5 +129,8 @@ fpm -s dir -t deb \
   --deb-group ztncui \
   .
 
+rpm --addsign ../Release/ztncui*rpm
+rpm --checksig ../Release/ztncui*rpm
+
 createrepo $PKG_DIR
 gpg -u 'Key Networks' --detach-sign --armor $PKG_DIR/repodata/repomd.xml

From ce4b0e6d79c056fa0e2f2a94967d7ea62599fd6c Mon Sep 17 00:00:00 2001
From: key-networks <34238649+key-networks@users.noreply.github.com>
Date: Sat, 16 Jan 2021 14:02:32 +0800
Subject: [PATCH 3/3] version bump (#54)

---
 src/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/package.json b/src/package.json
index 075d7cd..bf03fd0 100644
--- a/src/package.json
+++ b/src/package.json
@@ -1,6 +1,6 @@
 {
   "name": "ztncui",
-  "version": "0.6.3",
+  "version": "0.6.6",
   "private": true,
   "scripts": {
     "start": "node ./bin/www",