/
usr
/
bin
/
Upload File
HOME
#!/bin/bash -e # shellcheck disable=SC2039,SC1090 SCRIPTNAME=$(basename "$0") # Services managed by the script (in alphabetical order) SERVICES="esm fips livepatch" # system details SERIES=${SERIES:-$(lsb_release -cs)} KERNEL_VERSION=${KERNEL_VERSION:-$(uname -r)} ARCH=${ARCH:-$(uname -m)} # system files FSTAB=${FSTAB:-"/etc/fstab"} CPUINFO=${CPUINFO:-"/proc/cpuinfo"} KEYRINGS_DIR=${KEYRINGS_DIR:-"/usr/share/keyrings"} APT_AUTH_FILE=${APT_AUTH_FILE:-"/etc/apt/auth.conf"} APT_KEYS_DIR=${APT_KEYS_DIR:-"/etc/apt/trusted.gpg.d"} APT_METHOD_HTTPS=${APT_METHOD_HTTPS:-"/usr/lib/apt/methods/https"} CA_CERTIFICATES=${CA_CERTIFICATES:-"/usr/sbin/update-ca-certificates"} # system binaries SNAPD=${SNAPD:-"/usr/lib/snapd/snapd"} APT_HELPER=${APT_HELPER:-"/usr/lib/apt/apt-helper"} load_modules() { local script_dir modules_dir script_dir=$(dirname "$0") if [ "$script_dir" = "/usr/bin" ]; then modules_dir="/usr/share/ubuntu-advantage-tools/modules" else modules_dir="${script_dir}/modules" fi local module for module in "$modules_dir"/*.sh; do . "$module" done } print_status() { local service="$1" local services="$SERVICES" if [ "$service" ]; then name_in_list "$service" "$SERVICES" || error_exit invalid_command services="$service" fi for service in $services; do service_print_status "$service" done } usage() { cat >&2 <<EOF usage: ${SCRIPTNAME} <command> [parameters] This is a tool that facilitates access to some of Canonical's Ubuntu Advantage offerings. Currently available are: - Ubuntu Extended Security Maintenance archive (https://ubuntu.com/esm) - Canonical FIPS 140-2 Certified Modules - Canonical FIPS 140-2 Non-Certified Module Updates - Canonical Livepatch Service (https://www.ubuntu.com/server/livepatch) Commands: version show the tool version status [NAME] show current status of Ubuntu Advantage offerings (or of a specific one if provided) enable-esm <TOKEN> enable the ESM repository disable-esm disable the ESM repository enable-fips <TOKEN> enable the FIPS PPA repository and install, configure and enable FIPS certified modules disable-fips currently not supported enable-fips-updates <TOKEN> [-y] enable non-certified FIPS-UPDATES PPA repository and install updates. With an optional "-y" the user prompt will be bypassed. enable-livepatch <TOKEN> enable the Livepatch service disable-livepatch [-r] disable the Livepatch service. With "-r", the canonical-livepatch snap will also be removed EOF error_exit invalid_command } main() { local command="$1" shift 1 || true local service service=$(service_from_command "$command") # if the command contains a service name, check that it's valid if [ "$service" ] && ! name_in_list "$service" "$SERVICES" \ && [ "$service" != "fips-updates" ]; then error_msg "Invalid command: \"$command\"" usage fi case "$command" in status) print_status "$@" ;; version) package_version ubuntu-advantage-tools ;; # special case, adding it above enable-*. There is no separate # fips-update service. enable-fips-updates) local token="$1" local bypass_prompt=0 if [ -n "$2" ]; then if [ "$2" = "-y" ]; then bypass_prompt=1 else error_msg "Unknown option \"$2\"" usage fi fi service_check_user service_check_support "fips" fips_validate_token "$token" || error_exit invalid_token fips_updates_enable "$token" "$bypass_prompt" ;; enable-*) service_enable "$service" "$@" ;; disable-*) service_disable "$service" "$@" ;; is-*-enabled) service_is_enabled "$service" ;; *) error_msg "Invalid command: \"$command\"" usage ;; esac } if ! echo "$PATH" | grep -qE "(^|:)/snap/bin/?(:|$)"; then PATH="/snap/bin:$PATH" fi load_modules main "$@"