diff --git a/roles/usb_lib/files/upload/error.php b/roles/usb_lib/files/upload/error.php
index 2e51003e0..46dd0e667 100644
--- a/roles/usb_lib/files/upload/error.php
+++ b/roles/usb_lib/files/upload/error.php
@@ -5,7 +5,7 @@
*/
?>
-ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, Can students upload their own work?, for additional support.
+ERROR: Please make sure one and ONLY one (no more, no less) removable USB stick is plugged into your Internet-in-a-Box. Please see IIAB FAQ, "Can students upload their own work?", for additional support.
diff --git a/roles/usb_lib/tasks/install.yml b/roles/usb_lib/tasks/install.yml
index 0f584dc38..ba8b3a164 100644
--- a/roles/usb_lib/tasks/install.yml
+++ b/roles/usb_lib/tasks/install.yml
@@ -67,7 +67,7 @@
group: "{{ apache_user }}" # 2020-02-13: changed from iiab_admin_user, after discussion on weekly call (#1228, #2222)
mode: 0775
-- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/bin/iiab-usb_lib-show-all-on, /usr/bin/iiab-usb_lib-show-all-off, /usr/sbin/iiab-clean-usb.sh'
+- name: 'Install from template: /etc/udev/rules.d/usbmount.rules, /etc/systemd/system/usbmount@.service, /usr/sbin/iiab-clean-usb.sh'
template:
src: "{{ item.src }}"
dest: "{{ item.dest }}"
@@ -75,8 +75,6 @@
with_items:
- { src: 'usbmount.rules.j2', dest: '/etc/udev/rules.d/usbmount.rules', mode: '0644' }
- { src: 'usbmount@.service.j2', dest: '/etc/systemd/system/usbmount@.service', mode: '0644' }
- - { src: 'iiab-usb_lib-show-all-on', dest: '/usr/bin/', mode: '0755' }
- - { src: 'iiab-usb_lib-show-all-off', dest: '/usr/bin/', mode: '0755' }
- { src: 'iiab-clean-usb.sh', dest: '/usr/sbin/', mode: '0755' }
- name: '2025-01-05: Add upload2usb app (#3875) directory to doc_root'
@@ -87,10 +85,10 @@
group: "{{ apache_user }}"
mode: 0755
-- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ to upload2usb'
+- name: '2025-01-05: Copy upload2usb app (#3875) files from files/upload/ into {{ doc_root }}/upload2usb/'
copy:
src: "{{ item }}"
- dest: "{{ doc_root }}/upload2usb" # /library/www/html
+ dest: "{{ doc_root }}/upload2usb/" # /library/www/html
with_fileglob:
- upload/*
diff --git a/roles/usb_lib/tasks/nginx.yml b/roles/usb_lib/tasks/nginx.yml
index 7e572142a..1e6be6d21 100644
--- a/roles/usb_lib/tasks/nginx.yml
+++ b/roles/usb_lib/tasks/nginx.yml
@@ -1,20 +1,21 @@
- name: Install /etc/usbmount/mount.d/70-usb-library from template, if usb_lib_enabled
template:
- src: mount.d/70-usb-library
- dest: /etc/usbmount/mount.d/
+ src: mount.d/70-usb-library.j2
+ dest: /etc/usbmount/mount.d/70-usb-library
owner: root
group: root
mode: '0751'
when: usb_lib_enabled
-- name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
- template:
- src: umount.d/70-usb-library
- dest: /etc/usbmount/umount.d
- owner: root
- group: root
- mode: '0751'
- when: usb_lib_enabled
+# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh
+# - name: Install /etc/usbmount/umount.d/70-usb-library from template, if usb_lib_enabled
+# template:
+# src: umount.d/70-usb-library
+# dest: /etc/usbmount/umount.d
+# owner: root
+# group: root
+# mode: '0751'
+# when: usb_lib_enabled
- name: Remove /etc/usbmount/mount.d/70-usb-library if not usb_lib_enabled
file:
@@ -22,11 +23,12 @@
state: absent
when: not usb_lib_enabled
-- name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
- file:
- path: /etc/usbmount/umount.d/70-usb-library
- state: absent
- when: not usb_lib_enabled
+# 20250125: commenting out stale file, superseded by iiab-clean-usb.sh
+# - name: Remove /etc/usbmount/umount.d/70-usb-library if not usb_lib_enabled
+# file:
+# path: /etc/usbmount/umount.d/70-usb-library
+# state: absent
+# when: not usb_lib_enabled
- name: Restart 'nginx' systemd service
systemd:
diff --git a/roles/usb_lib/templates/iiab-clean-usb.sh b/roles/usb_lib/templates/iiab-clean-usb.sh
index a1876551c..dcdf987d3 100644
--- a/roles/usb_lib/templates/iiab-clean-usb.sh
+++ b/roles/usb_lib/templates/iiab-clean-usb.sh
@@ -1,14 +1,14 @@
#!/bin/bash
# Remove symlink in /library/content to automounted usb drive
#
-DEVICE=`echo $@ | sed -s 's|-|/|'`
-MNT_POINT=`findmnt -n /$DEVICE | awk '{print $1}'`
-CONTENT_LINK_USB=`basename $MNT_POINT | awk '{print toupper($0)}'`
+DEVICE=$(echo $@ | sed -s 's|-|/|')
+MNT_POINT=$(findmnt -n /$DEVICE | awk '{print $1}')
+CONTENT_LINK_USB=$(basename $MNT_POINT | awk '{print toupper($0)}')
CONTENT_LINK="/library/www/html/local_content/$CONTENT_LINK_USB"
-logger -p user.notice -t "usbmount" -- "Attempting to remove link $CONTENT_LINK."
+logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "Attempting to remove link $CONTENT_LINK."
if [ -L $CONTENT_LINK ]; then
/bin/rm $CONTENT_LINK
- logger -p user.notice -t "usbmount" -- "$CONTENT_LINK removed."
+ logger -p user.notice -t "usb_lib (iiab-clean-usb.sh)" -- "$CONTENT_LINK removed."
fi
diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-off b/roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused
similarity index 100%
rename from roles/usb_lib/templates/iiab-usb_lib-show-all-off
rename to roles/usb_lib/templates/iiab-usb_lib-show-all-off.unused
diff --git a/roles/usb_lib/templates/iiab-usb_lib-show-all-on b/roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused
similarity index 100%
rename from roles/usb_lib/templates/iiab-usb_lib-show-all-on
rename to roles/usb_lib/templates/iiab-usb_lib-show-all-on.unused
diff --git a/roles/usb_lib/templates/mount.d/70-usb-library b/roles/usb_lib/templates/mount.d/70-usb-library
deleted file mode 100644
index 5b9cfefe8..000000000
--- a/roles/usb_lib/templates/mount.d/70-usb-library
+++ /dev/null
@@ -1,72 +0,0 @@
-#!/bin/bash
-# Create symlink in DocumentRoot/content to autmounted usb drive
-#
-# based on a similar script in the xs-rsync package
-# by Martin Langhoff
-#
-# and the adaptation for xs-activity-server by Douglas Bagnall
-#
-#
-# by Tim Moody tim@timmoody.com
-
-source {{ iiab_env_file }}
-case $IIAB_USB_LIB_SHOW_ALL in
-'True'|'true'|'TRUE')
- logger -p user.notice -t "70-usb-library" -- "Display entire USB drive is True. Checking for rootfs or /library on $UM_MOUNTPOINT."
- # regularize the variable
- IIAB_USB_LIB_SHOW_ALL=True
- ;;
-*)
- logger -p user.notice -t "70-usb-library" -- "Looking for /share, /Share, /Piratebox/Share, /USB, or /usb on $UM_MOUNTPOINT."
- ;;
-esac
-
-VERBOSE=yes
-
-SHARE_DIR=""
-# Only show content if in these directories
-
-if [ -d $UM_MOUNTPOINT/share ]; then
- SHARE_DIR="$UM_MOUNTPOINT/share"
-fi
-if [ -d $UM_MOUNTPOINT/Share ]; then
- SHARE_DIR="$UM_MOUNTPOINT/Share"
-fi
-if [ -d $UM_MOUNTPOINT/Piratebox/Share ]; then
- SHARE_DIR="$UM_MOUNTPOINT/Piratebox/Share"
-fi
-if [ -d $UM_MOUNTPOINT/USB ]; then
- SHARE_DIR="$UM_MOUNTPOINT/USB"
-fi
-if [ -d $UM_MOUNTPOINT/usb ]; then
- SHARE_DIR="$UM_MOUNTPOINT/usb"
-fi
-
-if [ "$IIAB_USB_LIB_SHOW_ALL" == "True" ]; then
- UM_DEV=`findmnt $UM_MOUNTPOINT | grep / | awk '{print $2}'`
- LIB_DEV=`findmnt /library | grep / | awk '{print $2}' |awk -F '[' '{print $1}'`
- ROOT_DEV=`findmnt / | grep / | awk '{print $2}'`
- if [ "$UM_DEV" == "$LIB_DEV" ]; then
- logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing /library"
- #echo "lib on dev"
- elif [ "$UM_DEV" == "$ROOT_DEV" ]; then
- logger -p user.notice -t "70-usb-library" -- "skipping $UM_MOUNTPOINT containing rootfs"
- #echo "rootfs on dev"
- else
- SHARE_DIR="$UM_MOUNTPOINT"
- fi
-fi
-
-if [ ! -z "$SHARE_DIR" ]; then
- logger -p user.notice -t "70-usb-library" -- "Found Share Directory $SHARE_DIR."
-else
- logger -p user.notice -t "70-usb-library" -- "did not find /share, /Share, /Piratebox/Share, /USB, or /usb on USB"
-fi
-
-
-if [ "$SHARE_DIR" != "" ];then
- CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'`
- CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB"
- logger -p user.notice -t "70-usb-library" -- "Creating link to $CONTENT_LINK."
- ln -s $SHARE_DIR $CONTENT_LINK
-fi
diff --git a/roles/usb_lib/templates/mount.d/70-usb-library.j2 b/roles/usb_lib/templates/mount.d/70-usb-library.j2
new file mode 100644
index 000000000..803313f7e
--- /dev/null
+++ b/roles/usb_lib/templates/mount.d/70-usb-library.j2
@@ -0,0 +1,60 @@
+#!/bin/bash
+# Create symlink in DocumentRoot/content to automounted usb drive
+#
+# based on a similar script in the xs-rsync package
+# by Martin Langhoff
+#
+# and the adaptation for xs-activity-server by Douglas Bagnall
+#
+#
+# by Tim Moody tim@timmoody.com
+
+# Better to set this in /etc/usbmount/usbmount.conf
+# VERBOSE=yes
+
+# UM_MOUNTPOINT is documented at: https://github.com/rbrito/usbmount#hook-scripts
+UM_DEV=$(findmnt -no source $UM_MOUNTPOINT)
+
+# 2022-06-16 better security thanks to @tim-moody and @jvonau:
+# https://github.com/iiab/iiab/pull/3254
+LIB_DEV=$(findmnt -no source /library | cut -d '[' -f 1)
+ROOT_DEV=$(findmnt -no source /)
+BOOT_DEV=$(findmnt -no source /boot)
+BOOTFW_DEV=$(findmnt -no source /boot/firmware)
+
+# Verbose logging to illuminate occasional boot bugginess:
+logger -t "usb_lib (70-usb-library)" "UM_DEV is: $UM_DEV"
+logger -t "usb_lib (70-usb-library)" "LIB_DEV is: $LIB_DEV"
+logger -t "usb_lib (70-usb-library)" "ROOT_DEV is: $ROOT_DEV"
+logger -t "usb_lib (70-usb-library)" "BOOT_DEV is: $BOOT_DEV"
+logger -t "usb_lib (70-usb-library)" "BOOTFW_DEV is: $BOOTFW_DEV"
+
+if [ "$UM_DEV" == "$LIB_DEV" ]; then
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /library"
+ exit
+elif [ "$UM_DEV" == "$ROOT_DEV" ]; then
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing rootfs"
+ exit
+elif [ "$UM_DEV" == "$BOOT_DEV" ]; then
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot"
+ exit
+elif [ "$UM_DEV" == "$BOOTFW_DEV" ]; then
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Skipping $UM_MOUNTPOINT containing /boot/firmware"
+ exit
+fi
+
+# 2025-01-25: Check for existence of folder PUBLIC on USB stick: if found, the stick will not be completely browsable.
+# Teachers can set their stick for 1 of 2 two "personalities" — students can either upload "confidential homework" or
+# "public artwork" — as summarized here: https://github.com/iiab/iiab/blob/master/roles/usb_lib/README.rst
+if [ -d $UM_MOUNTPOINT/PUBLIC ]; then
+ SHARE_DIR=$UM_MOUNTPOINT/PUBLIC
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Found /PUBLIC on $UM_MOUNTPOINT"
+else
+ SHARE_DIR=$UM_MOUNTPOINT
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "Did not find /PUBLIC on $UM_MOUNTPOINT"
+fi
+
+CONTENT_LINK_USB=$(basename $UM_MOUNTPOINT | awk '{print toupper($0)}')
+CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB"
+logger -p user.notice -t "usb_lib (70-usb-library)" -- "Creating link from $CONTENT_LINK to $SHARE_DIR"
+ln -s $SHARE_DIR $CONTENT_LINK
diff --git a/roles/usb_lib/templates/umount.d/70-usb-library b/roles/usb_lib/templates/umount.d.unused/70-usb-library
similarity index 75%
rename from roles/usb_lib/templates/umount.d/70-usb-library
rename to roles/usb_lib/templates/umount.d.unused/70-usb-library
index 5af914c01..d8e095008 100644
--- a/roles/usb_lib/templates/umount.d/70-usb-library
+++ b/roles/usb_lib/templates/umount.d.unused/70-usb-library
@@ -12,7 +12,7 @@
CONTENT_LINK_USB=`basename $UM_MOUNTPOINT | awk '{print toupper($0)}'`
CONTENT_LINK="{{ doc_root }}/local_content/$CONTENT_LINK_USB"
-logger -p user.notice -t "70-usb-library" -- "Attempting to remove link $CONTENT_LINK."
+logger -p user.notice -t "usb_lib (70-usb-library)" -- "Attempting to remove link $CONTENT_LINK."
if [ -L $CONTENT_LINK ]; then
{% if is_debuntu %}
@@ -20,5 +20,5 @@ if [ -L $CONTENT_LINK ]; then
{% else %}
/usr/bin/rm -f $CONTENT_LINK
{% endif %}
- logger -p user.notice -t "70-usb-library" -- "$CONTENT_LINK removed."
+ logger -p user.notice -t "usb_lib (70-usb-library)" -- "$CONTENT_LINK removed."
fi