#!/bin/bash

## Copyright (C) 2012 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## If anyone adds a VPN or something similar to Whonix-Workstation
## (i.e. connection scheme: Whonix-Workstation -> Tor -> VPN), he would wonder
## why it is not detected.

#set -x
set -e
set -o pipefail
set -o errtrace

#trap 'sleep 1' DEBUG

NOTIFY_MSG="Checking System Status...
This will happen in the background and will take approximately three minutes..."

ICON="/usr/share/icons/gnome/24x24/status/info.png"

SCRIPTNAME="$(basename "$BASH_SOURCE")"
IDENTIFIER="$SCRIPTNAME"

## Debugging with bashdb.
#IDENTIFIER="systemcheck"

bash -n /usr/libexec/msgcollector/error_handler
source /usr/libexec/msgcollector/error_handler
trap "error_handler" ERR ## /usr/libexec/msgcollector/error_handler
set +e

bash -n /usr/libexec/helper-scripts/light_sleep.bsh
source /usr/libexec/helper-scripts/light_sleep.bsh

bash -n /usr/libexec/msgcollector/msgdispatcher_run_check
source /usr/libexec/msgcollector/msgdispatcher_run_check

bash -n /usr/libexec/helper-scripts/tor_enabled_check
source /usr/libexec/helper-scripts/tor_enabled_check
bash -n /usr/libexec/helper-scripts/pkg_manager_running_check
source /usr/libexec/helper-scripts/pkg_manager_running_check

## provides: is_whole_number
## provides: br_add
bash -n /usr/libexec/helper-scripts/strings.bsh
source /usr/libexec/helper-scripts/strings.bsh

for i in /usr/libexec/systemcheck/*.bsh; do
   bash -n "$i"
   source "$i"
done

systemcheck_move_progress_bar_to_percent() {
   if [ "$silent" -ge "3" ]; then
      true "silent is $silent. Skipping $FUNCNAME $1."
      return 0
   fi
   $output_x ${output_opts[@]} --progressbaridx "$progressbaridx" --progressx "$1"
}

systemcheck_progress_main() {
   if [ "$PROGRESS_MAIN" = "" ]; then
      PROGRESS_MAIN="0"
   fi
   local increment
   increment="$1"
   PROGRESS_MAIN="$(( $PROGRESS_MAIN + $increment ))"
   systemcheck_move_progress_bar_to_percent "$PROGRESS_MAIN"
}

systemcheck_main() {
   parse_cmd_options "$@" ## parse_cmd
   preparation ## preparation

   ## uses network: no
   systemcheck_run_function source_config ## preparation

   ## Conditionally only run the function name that was given by the --function
   ## command line parameter. Then exit.
   systemcheck_run_function function_manual_run ## function_manual_run

   ## uses network: no
   systemcheck_run_function root_check ## root_check
   systemcheck_run_function show_systemcheck_header ## preparation
   systemcheck_run_function input_notification ## preparation

   ## uses network: no
   systemcheck_run_function check_system_ready ## check_system_ready

   ## uses network: no
   ## XXX
   source /usr/libexec/helper-scripts/wc-test.sh

   ## uses network: no
   systemcheck_run_function check_apparmor ## check_apparmor

   ## uses network: no
   systemcheck_run_function check_environment_variables ## check_environment_variables

   ## uses network: no
   systemcheck_run_function check_privilege_escalation_tools ## check_privilege_escalation_tool

   ## uses network: no
   systemcheck_run_function show_versions ## show_versions
   systemcheck_run_function show_deprecation_notice ## show_versions

   ## uses network: no
   systemcheck_run_function check_man ## check_man

   ## uses network: no
   systemcheck_run_function check_spectre_meltdown ## check_spectre_meltdown

   ## uses network: no
   systemcheck_run_function check_dpkg ## check_dpkg

   ## uses network: no
   systemcheck_run_function check_services ## check_services

   ## uses network: no
   systemcheck_run_function check_journal ## check_services

   ## uses network: no
   systemcheck_run_function check_network_interfaces ## check_network_interfaces

   ## uses network: no
   systemcheck_run_function check_qubes_settings ## check_qubes

   ## uses network: no
   systemcheck_run_function check_kernel_messages ## check_systemd_clock

   ## uses network: no
   systemcheck_run_function check_whonix_firewall_systemd_status ## check_services

   ## uses network: no
   ## Own Progress Bar: Yes
   systemcheck_run_function check_package_manager_running ## check_package_manager_running

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_enabled ## check_tor_enabled

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_config ## check_tor_config

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_tor_running ## check_tor_running

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_control_port_filter_running ## check_control_port_filter

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_anondate_show

   ## Only connects to Whonix-Gateway.
   systemcheck_run_function check_tor_socks_port_reachability ## check_tor_socks_port_reachability
   ## Only connects to Whonix-Gateway.
   ## Own Progress Bar: Yes
   systemcheck_run_function check_tor_bootstrap ## check_tor_bootstrap

   progressbaridx="$(cat "/proc/sys/kernel/random/uuid")"

   local MSG="$NOTIFY_MSG"

   if [ "$silent" -ge "3" ]; then
      true "silent is $silent. Skipping progress bar."
   else
      $output_x ${output_opts[@]} --progressbaridx "$progressbaridx" --progressbarx --parentpid "$$" --progressbartitlex "$TITLE_X" --message "$MSG" --done
   fi

   ## uses network: no
   systemcheck_run_function check_packages ## check_packages
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_initializer ## check_initializer
   systemcheck_progress_main "1"

   ## uses network: no
   ## sets: systemcheck_virtualizer_detected
   systemcheck_run_function check_virtualizer ## check_virtualizer
   systemcheck_progress_main "1"

   ## uses network: no
   ## requires: systemcheck_virtualizer_detected
   systemcheck_run_function check_pvclock ## check_pvclock
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_timezone ## check_timezone
   systemcheck_progress_main "1"

   ## Disabled because of systemd bug.
   ## timedatectl: caches NTP enablement state, better shouldn't
   ## https://github.com/systemd/systemd/issues/1329
   ## uses network: no
   #systemcheck_run_function check_systemd_clock ## check_systemd_clock
   #systemcheck_progress_main "6"

   ## uses network: no (Runs only on Whonix-Gateway.)
   systemcheck_run_function check_ip_forwarding_disabled ## check_ip_forwarding_disabled
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function disclaimer ## disclaimer
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_logs ## check_logs
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_hostname ## check_hostname
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_entropy ## check_entropy
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_non_freedom ## check_non_freedom
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_debian_eol ## check_debian_eol
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_user_sysmaint_split ## check_user_sysmaint_split
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_full_disk_encryption ## check_full_disk_encryption
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_grub_security ## check_grub_security
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_login_security ## check_login_security
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_su_access ## check_su_access
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_secure_boot ## check_secure_boot
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_tirdad_module ## check_tirdad_module
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function check_apt_repository ## check_apt_repository
   systemcheck_progress_main "1"

   ## uses network: yes (local network only)
   systemcheck_run_function check_qubes_update_proxy ## check_qubes
   systemcheck_progress_main "3"

   ## uses network: yes
   systemcheck_run_function check_tor_connectivity ## check_tor_socks_or_trans_port
   systemcheck_progress_main "15"

   ## uses network: no
   systemcheck_run_function check_stream_isolation ## check_stream_isolation
   systemcheck_progress_main "15"

   ## uses network: yes
   systemcheck_run_function check_operating_system ## check_operating_system
   systemcheck_progress_main "15"

   ## uses network: no
   systemcheck_run_function check_warrant_canary ## check_warrant_canary.bsh
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function donate ## donate
   systemcheck_progress_main "1"

   ## uses network: no
   systemcheck_run_function cleanup ## cleanup
}

systemcheck_main "$@"

## End of systemcheck script.
