From 5774205bc2a429c443de1b89b795d767f3ec0087 Mon Sep 17 00:00:00 2001
From: Michael Kropat <mail@michael.kropat.name>
Date: Fri, 6 Jun 2014 17:07:30 -0400
Subject: [PATCH 1/3] Mask password input on stdin

---
 tools/mail.py | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/tools/mail.py b/tools/mail.py
index b1a175e8..688fac44 100755
--- a/tools/mail.py
+++ b/tools/mail.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 
-import sys, urllib.request, urllib.error
+import sys, getpass, urllib.request, urllib.error
 
 def mgmt(cmd, data=None):
 	req = urllib.request.Request('http://localhost:10222' + cmd, urllib.parse.urlencode(data).encode("utf8") if data else None)
@@ -11,6 +11,15 @@ def mgmt(cmd, data=None):
 		sys.exit(1)
 	return response.read().decode('utf8')
 
+def read_password():
+	first  = getpass.getpass('password: ')
+	second = getpass.getpass(' (again): ')
+	while first != second:
+		print('Passwords not the same. Try again.')
+		first  = getpass.getpass('password: ')
+		second = getpass.getpass(' (again): ')
+	return first
+
 if len(sys.argv) < 2:
 	print("Usage: ")
 	print("  tools/mail.py user  (lists users)")
@@ -33,7 +42,7 @@ elif sys.argv[1] == "user" and sys.argv[2] in ("add", "password"):
 			email = input("email: ")
 		else:
 			email = sys.argv[3]
-		pw = input("password: ")
+		pw = read_password()
 	else:
 		email, pw = sys.argv[3:5]
 

From 43ef49c73722174d37047efd53441a429fa9a932 Mon Sep 17 00:00:00 2001
From: Michael Kropat <mail@michael.kropat.name>
Date: Sat, 7 Jun 2014 13:54:58 -0400
Subject: [PATCH 2/3] Improve hostname/IP default values

Default IP+hostname values were incorrect for my VPS provider. I
improved the detection, which should give correct results results for
almost any provider. Specific issues addressed:

- icanhazip.com detection was only enabled in non-interactive mode
- `hostname` is by convention a short (non-fqdn) name in Ubuntu
- `hostname --fqdn` fails if provider does not pouplate `hosts` file
- `hostname -i` fails if provider does not populate `hosts` file
- `curl` without `--fail` will someday return crazy results
  when icanhazip.com returns 500 errors or similar
---
 setup/functions.sh | 28 ++++++++++++++++++++++++++++
 setup/start.sh     | 14 ++++++++------
 2 files changed, 36 insertions(+), 6 deletions(-)

diff --git a/setup/functions.sh b/setup/functions.sh
index 426f914a..d98405fd 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -19,6 +19,34 @@ function apt_install {
 	DEBIAN_FRONTEND=noninteractive apt-get -qq -y install $PACKAGES > /dev/null;
 }
 
+function get_default_hostname {
+	set -- $(hostname --fqdn      2>/dev/null ||
+                 hostname --all-fqdns 2>/dev/null ||
+                 hostname             2>/dev/null)
+	printf '%s\n' "$1"
+}
+
+function get_default_publicip {
+	get_publicip_from_web_service || get_publicip_from_dns
+}
+
+function get_publicip_from_web_service {
+	curl --fail --silent icanhazip.com 2>/dev/null
+}
+
+function get_publicip_from_dns {
+	set -- $(hostname --ip-address       2>/dev/null) \
+	       $(hostname --all-ip-addresses 2>/dev/null)
+	while (( $# )) && is_loopback_ip "$1"; do
+		shift
+	done
+	printf '%s\n' "$1"
+}
+
+function is_loopback_ip {
+	[[ "$1" == 127.* ]]
+}
+
 function ufw_allow {
 	if [ -z "$DISABLE_FIREWALL" ]; then
 		# ufw has completely unhelpful output
diff --git a/setup/start.sh b/setup/start.sh
index e9ccd552..cec5c90b 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -2,6 +2,8 @@
 # This is the entry point for configuring the system.
 #####################################################
 
+source setup/functions.sh # load our functions
+
 # Check system setup.
 
 if [ "`lsb_release -d | sed 's/.*:\s*//'`" != "Ubuntu 14.04 LTS" ]; then
@@ -31,7 +33,7 @@ if [ -z "$PUBLIC_HOSTNAME" ]; then
 
 	if [ -z "$DEFAULT_PUBLIC_HOSTNAME" ]; then
 		# set a default on first run
-		DEFAULT_PUBLIC_HOSTNAME=`hostname`
+		DEFAULT_PUBLIC_HOSTNAME=`get_default_hostname`
 	fi
 
 	read -e -i "$DEFAULT_PUBLIC_HOSTNAME" -p "Hostname: " PUBLIC_HOSTNAME
@@ -46,7 +48,7 @@ if [ -z "$PUBLIC_IP" ]; then
 
 	if [ -z "$DEFAULT_PUBLIC_IP" ]; then
 		# set a default on first run
-		DEFAULT_PUBLIC_IP=`hostname -i`
+		DEFAULT_PUBLIC_IP=`get_default_publicip`
 	fi
 
 	read -e -i "$DEFAULT_PUBLIC_IP" -p "Public IP: " PUBLIC_IP
@@ -69,18 +71,18 @@ fi
 
 # Automatic configuration, e.g. as used in our Vagrant configuration.
 if [ "$PUBLIC_IP" == "auto" ]; then
-	# Assume `hostname -i` gives the correct public IP address for the machine.
-	PUBLIC_IP=`hostname -i`
+	# Assume `get_publicip_from_dns` gives the correct public IP address for the machine.
+	PUBLIC_IP=`get_publicip_from_dns`
 	echo "IP Address: $PUBLIC_IP"
 fi
 if [ "$PUBLIC_IP" == "auto-web" ]; then
 	# Use a public API to get our public IP address.
-	PUBLIC_IP=`curl -s icanhazip.com`
+	PUBLIC_IP=`get_publicip_from_web_service`
 	echo "IP Address: $PUBLIC_IP"
 fi
 if [ "$PUBLIC_HOSTNAME" == "auto-easy" ]; then
 	# Generate a probably-unique subdomain under our justtesting.email domain.
-	PUBLIC_HOSTNAME=m`hostname -i | sha1sum | cut -c1-5`.justtesting.email
+	PUBLIC_HOSTNAME=m`get_publicip_from_dns | sha1sum | cut -c1-5`.justtesting.email
 	echo "Public Hostname: $PUBLIC_HOSTNAME"
 fi
 

From b60ca25e53a95d47ca533c93a0f5964aef9600bb Mon Sep 17 00:00:00 2001
From: Joshua Tauberer <jt@occams.info>
Date: Sat, 7 Jun 2014 14:55:57 -0400
Subject: [PATCH 3/3] add comments to the new get_default_hostname etc.
 functions, and simplify the logic in the Vagrantfile and start.sh so that we
 always call into the same two functions

---
 Vagrantfile        |  2 +-
 setup/functions.sh | 25 +++++++++++++++++++++----
 setup/start.sh     |  9 ++-------
 3 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/Vagrantfile b/Vagrantfile
index 06c660ce..861f276c 100644
--- a/Vagrantfile
+++ b/Vagrantfile
@@ -18,7 +18,7 @@ Vagrant.configure("2") do |config|
 	# machine figure out its own public IP and it'll take a
 	# subdomain on our justtesting.email domain so we can get
 	# started quickly.
-    export PUBLIC_IP=auto-web
+    export PUBLIC_IP=auto
     export PUBLIC_HOSTNAME=auto-easy
     export CSR_COUNTRY=US
 
diff --git a/setup/functions.sh b/setup/functions.sh
index d98405fd..1a18b28d 100644
--- a/setup/functions.sh
+++ b/setup/functions.sh
@@ -20,30 +20,47 @@ function apt_install {
 }
 
 function get_default_hostname {
+	# Guess the machine's hostname. It should be a fully qualified
+	# domain name suitable for DNS. None of these calls may provide
+	# the right value, but it's the best guess we can make.
 	set -- $(hostname --fqdn      2>/dev/null ||
                  hostname --all-fqdns 2>/dev/null ||
                  hostname             2>/dev/null)
-	printf '%s\n' "$1"
+	printf '%s\n' "$1" # return this value
 }
 
 function get_default_publicip {
-	get_publicip_from_web_service || get_publicip_from_dns
+	# Get the machine's public IP address. The machine might have
+	# an IP on a private network, but the IP address that we put
+	# into DNS must be one on the public Internet. Try a public
+	# API, but if that fails (maybe we don't have Internet access
+	# right now) then use the IP address that this machine knows
+	# itself as.
+	get_publicip_from_web_service || get_publicip_fallback
 }
 
 function get_publicip_from_web_service {
+	# This seems to be the most reliable way to determine the
+	# machine's public IP address: asking a very nice web API
+	# for how they see us. Thanks go out to icanhazip.com.
 	curl --fail --silent icanhazip.com 2>/dev/null
 }
 
-function get_publicip_from_dns {
+function get_publicip_fallback {
+	# Return the IP address that this machine knows itself as.
+	# It certainly may not be the IP address that this machine
+	# operates as on the public Internet. The machine might
+	# have multiple addresses if it has multiple network adapters.
 	set -- $(hostname --ip-address       2>/dev/null) \
 	       $(hostname --all-ip-addresses 2>/dev/null)
 	while (( $# )) && is_loopback_ip "$1"; do
 		shift
 	done
-	printf '%s\n' "$1"
+	printf '%s\n' "$1" # return this value
 }
 
 function is_loopback_ip {
+	# helper for get_publicip_fallback
 	[[ "$1" == 127.* ]]
 }
 
diff --git a/setup/start.sh b/setup/start.sh
index cec5c90b..51a1ebdd 100755
--- a/setup/start.sh
+++ b/setup/start.sh
@@ -71,18 +71,13 @@ fi
 
 # Automatic configuration, e.g. as used in our Vagrant configuration.
 if [ "$PUBLIC_IP" == "auto" ]; then
-	# Assume `get_publicip_from_dns` gives the correct public IP address for the machine.
-	PUBLIC_IP=`get_publicip_from_dns`
-	echo "IP Address: $PUBLIC_IP"
-fi
-if [ "$PUBLIC_IP" == "auto-web" ]; then
 	# Use a public API to get our public IP address.
-	PUBLIC_IP=`get_publicip_from_web_service`
+	PUBLIC_IP=`get_default_publicip`
 	echo "IP Address: $PUBLIC_IP"
 fi
 if [ "$PUBLIC_HOSTNAME" == "auto-easy" ]; then
 	# Generate a probably-unique subdomain under our justtesting.email domain.
-	PUBLIC_HOSTNAME=m`get_publicip_from_dns | sha1sum | cut -c1-5`.justtesting.email
+	PUBLIC_HOSTNAME=m`get_default_publicip | sha1sum | cut -c1-5`.justtesting.email
 	echo "Public Hostname: $PUBLIC_HOSTNAME"
 fi