1

I have some kind of a kiosk Ubuntu set up based on Ubuntu Server 14.0.2 which runs an application on chrome. The kiosk has no internet connection thus the updates to the application should be done manually. I want the update process to be as easy as possible so what I want to present to the end-user is the ability to simply plug to the PC a USB drive and the USB drive will be automatically detected and will attempt to run a certain file. For example, I plug a USB drive and Ubuntu Server tries to find a update-2.3.sh file and execute it. That update-2.3.sh file is just a file that will run some commands and swap files from the USB to Hard Drive resulting in new code. I guess this should be ran with administrator privileges or maybe just setting the code directory to 777 should be enough?

An example of files in the USB drive:

├───update-2.3.sh
├───/updates
|   └───file1.php
|   └───file2.php
    └───/sub
        └───another.php

Now that update-2.3.sh file will run certain commands such as mv to override existing files (there is a folder `~/code/app/updates) and some commands as admin:

sudo stop kiosk
(sudo?) mv updates ~/code/app/
sudo start kiosk

* haven't tested that mv command, I hope it works

Is that possible doing such a thing?

kfirba
  • 111
  • 1
  • Very much out of my comfort zone but I believe you can do this with udev rules. – Drifter104 Sep 04 '15 at 08:20
  • @Drifter104 what are the udev rules? I'm really unfamiliar with it. I know the basics of server administration and that's pretty much it – kfirba Sep 04 '15 at 08:34
  • Take a look here - http://askubuntu.com/questions/284224/autorun-a-script-after-i-plugged-or-unplugged-a-usb-device but if you get it working please come back and add an answer to the question so other can benefit – Drifter104 Sep 04 '15 at 08:42
  • @Drifter104 I will try to set something I guess. I thought about another way to do so, tell me what do you think: When a USB is being plugged in, the system will detect that some USB was plugged and will run a LOCAL script. The script will list all of the USB ports connected and try to find a file in each one of them. If it finds a file `update-2.3.sh` it should execute it, otherwise, do nothing. Is it possible to detect if any USB was run and "hook" to that event and run some local pre-defined file? also, how would I can all of the USB plugged in? – kfirba Sep 04 '15 at 08:54
  • Make sure to implement some sort of signature checking before running any code from the drive, otherwise you're opening up a big security vulnerability as the system will run any code from any USB device with root privileges as long as the script's name matches your udev rule. – André Borie Sep 05 '15 at 18:14

1 Answers1

1

@drifter104 is correct, you can achieve this with udev rules. I had a similar setup where I wanted to plug in an encrypted thumb drive, and have it automatically run a backup script to backup certain important files from my work computer.

I'll give you the example of what I did to get mine working.

According to the udev README, /etc/udev/rules.d/README :

If the ordering of files in this directory are not important to you, it's recommended that you simply name your files "descriptive-name.rules" such that they are processed AFTER all numbered rules in both this directory and /lib/udev/rules.d and thus override anything set there.

Therefore, I called my rules file:

/etc/udev/rules.d/encrypted-backup.rules

Other guides out there will have the ruels set to catch the thumb drive's model number and/or it's serial number, however I can't use that. I didn't want my backup scripts to run until the encrypted volume had been mounted and decrypted. Therefore, I'm doing it from /sys/block/dm-3 (the encrypted volume) as opposed to the hardware device itself (/sys/block/sdb). Once I've entered in my password to decrypt the drive, THEN let the back script do it's thing. I imagine you'll want to trigger from the hardware device itself.

So, create that udev rule that triggers for 'dm-3' successfully being decrypted and added. In that aforementioned rules file, I'll make these lines:

KERNEL=="dm-3", ACTION=="add", SUBSYSTEM=="block", RUN+="/usr/local/bin/backup.sh"

Special Note: If you don't add the ACTION=="add", then it will run your script upon mounting and unmounting the drive. :)

Now, for your update, you can simply have it run your update script.

I hope that information helps you!

BoomShadow
  • 405
  • 1
  • 4
  • 9