#!/bin/bash

## Copyright (C) 2012 - 2023 ENCRYPTED SUPPORT LP <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## If anyone adds a VPN or something similar to Whonix-Workstation
## (i.e. connection scheme: Whonix-Workstation -> Tor -> VPN), he would wonder
## why it is not detected.

#set -x
set -e
set -o pipefail
set -o errtrace

#trap 'sleep 1' DEBUG

NOTIFY_MSG="Checking System Status...
This will happen in the background and will take approximately three minutes..."

ICON="/usr/share/icons/gnome/24x24/status/info.png"

SCRIPTNAME="$(basename "$BASH_SOURCE")"
IDENTIFIER="$SCRIPTNAME"

## Debugging with bashdb.
#IDENTIFIER="systemcheck"

bash -n /usr/libexec/msgcollector/error_handler
source /usr/libexec/msgcollector/error_handler
trap "error_handler" ERR ## /usr/libexec/msgcollector/error_handler
set +e

bash -n /usr/libexec/msgcollector/msgdispatcher_run_check
source /usr/libexec/msgcollector/msgdispatcher_run_check

bash -n /usr/libexec/helper-scripts/tor_enabled_check
source /usr/libexec/helper-scripts/tor_enabled_check
bash -n /usr/libexec/helper-scripts/pkg_manager_running_check
source /usr/libexec/helper-scripts/pkg_manager_running_check

for i in /usr/libexec/systemcheck/*.bsh; do
   bash -n "$i"
   source "$i"
done

systemcheck_move_progress_bar_to_percent() {
   if [ "$silent" -ge "3" ]; then
      true "silent is $silent. Skipping $FUNCNAME $1."
      return 0
   fi
   $output_x ${output_opts[@]} --progressbaridx "$progressbaridx" --progressx "$1"
}

systemcheck_progress_main() {
   if [ "$PROGRESS_MAIN" = "" ]; then
      PROGRESS_MAIN="0"
   fi
   local increment
   increment="$1"
   PROGRESS_MAIN="$(( $PROGRESS_MAIN + $increment ))"
   systemcheck_move_progress_bar_to_percent "$PROGRESS_MAIN"
}

systemcheck_main() {
   parse_cmd_options "$@" ## parse_cmd
   preparation ## preparation

   systemcheck_run_function source_config ## preparation

   ## Conditionally only run the function name that was given by the --function
   ## command line parameter. Then exit.
   systemcheck_run_function function_manual_run ## function_manual_run

   systemcheck_run_function root_check ## root_check
   systemcheck_run_function show_systemcheck_header ## preparation
   systemcheck_run_function input_notification ## preparation

   ## Does not use the network.
   systemcheck_run_function check_environment_variables ## check_environment_variables

   ## Does not use the network.
   systemcheck_run_function check_sudo ## check_sudo

   if [ "$test_connect" = "true" ]; then
      ## Only connects to Whonix-Gateway.
      systemcheck_run_function check_tor_socks_port_reachability ## check_tor_socks_port_reachability
      ## Uses the network.
      systemcheck_run_function check_tor_connectivity ## check_tor_socks_or_trans_port
      ## Does not use the network.
      systemcheck_run_function cleanup ## cleanup
   fi

   ## Does not use the network.
   systemcheck_run_function show_versions ## show_versions
   systemcheck_run_function show_deprecation_notice ## show_versions

   ## Does not use the network.
   #systemcheck_run_function check_hardened_malloc ## check_hardened_malloc

   ## Does not use the network.
   #systemcheck_run_function check_man ## check_man

   ## Does not use the network.
   systemcheck_run_function check_spectre_meltdown ## check_spectre_meltdown

   ## Does not use the network.
   systemcheck_run_function check_dpkg ## check_dpkg

   ## Does not use the network.
   systemcheck_run_function check_services ## check_services

   ## Does not use the network.
   systemcheck_run_function check_journal ## check_services

   ## Does not use the network.
   systemcheck_run_function check_network_interfaces ## check_network_interfaces

   ## Does not use the network.
   systemcheck_run_function check_qubes_settings ## check_qubes

   ## Does not use the network.
   systemcheck_run_function check_kernel_messages ## check_systemd_clock

   ## Does not use the network.
   systemcheck_run_function check_whonix_firewall_systemd_status ## check_services

   ## Does not use the network.
   ## Own Progress Bar: Yes
   systemcheck_run_function check_package_manager_running ## check_package_manager_running

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_enabled ## check_tor_enabled

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_config ## check_tor_config

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_running ## check_tor_running

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_control_port_filter_running ## check_control_port_filter

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_anondate_show

   ## Only connects to Whonix-Gateway.
   systemcheck_run_function check_tor_socks_port_reachability ## check_tor_socks_port_reachability
   ## Only connects to Whonix-Gateway.
   ## Own Progress Bar: Yes
   systemcheck_run_function check_tor_bootstrap ## check_tor_bootstrap

   progressbaridx="$(cat "/proc/sys/kernel/random/uuid")"

   local MSG="$NOTIFY_MSG"

   if [ "$silent" -ge "3" ]; then
      true "silent is $silent. Skipping progress bar."
   else
      $output_x ${output_opts[@]} --progressbaridx "$progressbaridx" --progressbarx --parentpid "$$" --progressbartitlex "$TITLE_X" --message "$MSG" --done
   fi

   ## Does not use the network.
   systemcheck_run_function check_packages ## check_packages
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_initializer ## check_initializer
   systemcheck_progress_main "1"

   ## Does not use the network.
   ## sets: systemcheck_virtualizer_detected
   systemcheck_run_function check_virtualizer ## check_virtualizer
   systemcheck_progress_main "1"

   ## Does not use the network.
   ## requires: systemcheck_virtualizer_detected
   systemcheck_run_function check_pvclock ## check_pvclock
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_timezone ## check_timezone
   systemcheck_progress_main "1"

   ## Disabled because of systemd bug.
   ## timedatectl: caches NTP enablement state, better shouldn't
   ## https://github.com/systemd/systemd/issues/1329
   ## Does not use the network.
   #systemcheck_run_function check_systemd_clock ## check_systemd_clock
   #systemcheck_progress_main "6"

   ## Does not use the network. (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_ip_forwarding_disabled ## check_ip_forwarding_disabled
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function disclaimer ## disclaimer
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_logs ## check_logs
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_hostname ## check_hostname
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_entropy ## check_entropy
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_non_freedom ## check_non_freedom
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function check_apt_repository ## check_apt_repository
   systemcheck_progress_main "1"

   ## Local network connection.
   systemcheck_run_function check_qubes_update_proxy ## check_qubes
   systemcheck_progress_main "3"

   ## Uses the network.
   systemcheck_run_function check_tor_connectivity ## check_tor_socks_or_trans_port
   systemcheck_progress_main "15"

   ## Does not use the network.
   systemcheck_run_function check_stream_isolation ## check_stream_isolation
   systemcheck_progress_main "15"

   ## Uses the network.
   systemcheck_run_function check_operating_system ## check_operating_system
   systemcheck_progress_main "15"

   ## Does not use the network.
   systemcheck_run_function check_warrant_canary ## check_warrant_canary.bsh
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function donate ## donate
   systemcheck_progress_main "1"

   ## Does not use the network.
   systemcheck_run_function cleanup ## cleanup
}

systemcheck_main "$@"

## End of systemcheck script.
