134 lines
4.5 KiB
Bash
Executable File
134 lines
4.5 KiB
Bash
Executable File
#!/bin/bash
|
|
# IPTV Server Patch v2.7.7 - Critical Security Fix: Hardware ID Isolation
|
|
# This patch fixes a critical vulnerability where Hardware IDs were synchronized between servers
|
|
|
|
set -e
|
|
|
|
echo "====================================="
|
|
echo "IPTV Server Security Patch v2.7.7"
|
|
echo "Critical: Hardware ID Isolation Fix"
|
|
echo "====================================="
|
|
echo
|
|
|
|
# Check if running as root
|
|
if [ "$EUID" -ne 0 ]; then
|
|
echo "❌ Please run as root (use sudo)"
|
|
exit 1
|
|
fi
|
|
|
|
# Find IPTV installation directory
|
|
INSTALL_DIR="/opt/iptv"
|
|
if [ ! -d "$INSTALL_DIR/app" ]; then
|
|
echo "❌ IPTV Server not found at $INSTALL_DIR"
|
|
echo "Looking for alternative locations..."
|
|
|
|
# Check common locations
|
|
for dir in /home/*/iptv-server* /root/iptv-server*; do
|
|
if [ -d "$dir/app" ]; then
|
|
INSTALL_DIR="$dir"
|
|
echo "✅ Found IPTV installation at: $INSTALL_DIR"
|
|
break
|
|
fi
|
|
done
|
|
|
|
if [ ! -d "$INSTALL_DIR/app" ]; then
|
|
echo "❌ Could not find IPTV installation"
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
APP_DIR="$INSTALL_DIR/app"
|
|
|
|
echo "🔍 Installation directory: $INSTALL_DIR"
|
|
echo "📁 Application directory: $APP_DIR"
|
|
echo
|
|
|
|
# Backup current files
|
|
echo "📦 Creating backup..."
|
|
BACKUP_DIR="/tmp/iptv-backup-$(date +%Y%m%d-%H%M%S)"
|
|
mkdir -p "$BACKUP_DIR"
|
|
|
|
# Backup files that will be modified
|
|
cp -p "$APP_DIR/license_validator.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/license_manager.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/demo_middleware.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/app.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/startup_fix.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/version.py" "$BACKUP_DIR/" 2>/dev/null || true
|
|
cp -p "$APP_DIR/VERSION" "$BACKUP_DIR/" 2>/dev/null || true
|
|
|
|
echo "✅ Backup created at: $BACKUP_DIR"
|
|
echo
|
|
|
|
# Stop services
|
|
echo "🛑 Stopping IPTV services..."
|
|
docker-compose -f "$INSTALL_DIR/docker-compose.yml" down 2>/dev/null || \
|
|
docker-compose -f "$INSTALL_DIR/docker/docker-compose.iptv.yml" down 2>/dev/null || \
|
|
echo "⚠️ Could not stop services automatically"
|
|
|
|
# Apply the patch - copy files from current working directory
|
|
echo "🔧 Applying security patch..."
|
|
|
|
# Get the directory where this script is located
|
|
PATCH_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
|
|
SOURCE_DIR="$(dirname "$PATCH_DIR")/iptv-server-install-v2.0.0-licensed/app"
|
|
|
|
if [ ! -d "$SOURCE_DIR" ]; then
|
|
echo "❌ Source files not found at: $SOURCE_DIR"
|
|
echo "Please ensure the patched files are in the correct location"
|
|
exit 1
|
|
fi
|
|
|
|
# Copy the patched files
|
|
echo "📝 Updating files..."
|
|
cp "$SOURCE_DIR/license_validator.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/license_manager.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/demo_middleware.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/app.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/startup_fix.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/version.py" "$APP_DIR/"
|
|
cp "$SOURCE_DIR/VERSION" "$APP_DIR/"
|
|
|
|
echo "✅ Files updated successfully"
|
|
echo
|
|
|
|
# Clear Redis license cache (critical for this security fix)
|
|
echo "🗑️ Clearing Redis license cache..."
|
|
docker exec iptv-redis redis-cli --scan --pattern 'license:*' | xargs docker exec iptv-redis redis-cli del 2>/dev/null || \
|
|
echo "⚠️ Could not clear Redis cache automatically - please do this manually"
|
|
|
|
echo
|
|
echo "📋 Manual Redis cleanup (if automatic failed):"
|
|
echo " docker exec -it iptv-redis redis-cli"
|
|
echo " KEYS license:* | xargs DEL"
|
|
echo " exit"
|
|
echo
|
|
|
|
# Start services
|
|
echo "🚀 Starting IPTV services..."
|
|
docker-compose -f "$INSTALL_DIR/docker-compose.yml" up -d 2>/dev/null || \
|
|
docker-compose -f "$INSTALL_DIR/docker/docker-compose.iptv.yml" up -d 2>/dev/null || \
|
|
echo "⚠️ Please start services manually"
|
|
|
|
echo
|
|
echo "====================================="
|
|
echo "✅ Security Patch v2.7.7 Applied!"
|
|
echo "====================================="
|
|
echo
|
|
echo "🔒 SECURITY FIX: Hardware IDs are now isolated per server"
|
|
echo "🔒 Each server maintains its own license state"
|
|
echo "🔒 Prevents license sharing between servers"
|
|
echo
|
|
echo "🔄 Each server will regenerate its license validation on first run"
|
|
echo "📝 Backup saved at: $BACKUP_DIR"
|
|
echo
|
|
echo "⚠️ IMPORTANT: If you have multiple servers:"
|
|
echo " - Apply this patch to ALL servers"
|
|
echo " - Each server will validate independently"
|
|
echo " - License sharing is no longer possible"
|
|
echo
|
|
echo "If you encounter issues:"
|
|
echo "1. Check logs: docker logs iptv-backend"
|
|
echo "2. Restore from backup: cp $BACKUP_DIR/* $APP_DIR/"
|
|
echo "3. Contact support@powerdata.dk"
|
|
echo |