background part of initialization is always done via 'at'

improved test for 'is_init_running'
change IP address after reconfiguration and redirect to new URL
display a warning after reconfiguration of IP address
log warning, if config partition could not be unmounted
actions 'reboot' and 'poweroff' are now handled by 'cbox-manage.sh'

cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh

@@ -180,9 +180,22 @@ function is_crypto_mounted()
 
 function is_init_running()
 {
-	#ps -e | grep -q -E "$MKFS_DATA|$WIPE"
-	# this line is good for the "at" stuff - see cryptobox.pl
-	[ -n "$(at -l)" ]
+	check_at_command_queue " box-init-bg"
+}
+
+
+# check if a specified command is in an at-queue
+# Parameter: a regular expression of the commandline
+# Return: the command is part of an at-queue (0) or not (1)
+function check_at_command_queue()
+{
+	# 1) get the available job numbers
+	# 2) remove empty lines (especially the last one)
+	# 3) check every associated command for the regexp
+	at -l | cut -f 1 -d " " | while read jobnum
+	  do	at -c $jobnum | sed '/^$/d' | tail -1 | grep -q "$1" && return 0
+	 done
+	return 1
 }
 
 
@@ -284,8 +297,7 @@ function init_cryptobox_part1()
 function init_cryptobox_part2()
 # some things to be done in the background
 # these are the final steps of initialisation
-# thuid must be changed at the first time, therfore it needs to be
-# mounted
+# the uid must be changed initially, therfore it needs to be mounted
 {
 	mkfs_crypto
 	mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR"
@@ -311,7 +323,7 @@ ACTION=help
 
 case "$ACTION" in
 	config-up )
-		# die cruft option hilft vielleicht bei dem Fehler "interleaved files not (yet) supported"
+		# the "cruft" option could help to prevent the error "interleaved files not (yet) supported"
 		mount -o remount,cruft /
 		if mount_config
 		  then	echo "Cryptobox configuration successfully loaded"
@@ -319,7 +331,7 @@ case "$ACTION" in
 		 fi
 		;;
 	config-down )
-		mount | grep -q " $CONFIG_DIR" && umount "$CONFIG_DIR"
+		umount "$CONFIG_DIR" || error_msg 4 "Could not unmount configuration partition"
 		;;
 	network-up )
 		kudzu -s -q --class network
@@ -328,7 +340,7 @@ case "$ACTION" in
 		log_msg "Configured $NET_IFACE for $conf_ip ..."
 		echo "Configured network interface for $NET_IFACE: $conf_ip"
 		log_msg "Starting the firewall ..."
-		$FIREWALL_SCRIPT start
+		"$FIREWALL_SCRIPT" start
 		# start stunnel
 		if [ -f "$CERT_FILE" ] 
 		   then	USE_CERT=$CERT_FILE
@@ -358,8 +370,10 @@ case "$ACTION" in
 		/etc/init.d/thttpd stop
 		;;
 	box-init )
-		# this is good for commandline only, as it takes a lot of time
-		init_cryptobox_complete >>"$LOG_FILE" 2>&1
+		# do complete initialization
+		"$0" box-init-fg
+		# the background part will recall itself as an at-command
+		"$0" box-init-bg
 		;;
 	box-init-fg )
 		# only partitioning and configuration
@@ -371,7 +385,12 @@ case "$ACTION" in
 	box-init-bg )
 		# do it in the background to provide a smoother web interface
 		# messages and errors get written to $LOG_FILE
-		init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
+
+		# make sure, that this is always called via 'at':
+		if check_at_command_queue " box-init-bg"
+		  then	init_cryptobox_part2 </dev/null >>"$LOG_FILE" 2>&1
+		  else	echo -n "'$0' box-init-bg" | at now
+		 fi
 		;;
 	is_crypto_mounted )
 		is_crypto_mounted
@@ -382,6 +401,11 @@ case "$ACTION" in
 	is_init_running )
 		is_init_running
 		;;
+	update_ip_address )
+		# reconfigure the network interface to a new IP address
+		# wait for 15 seconds to finish present http requests
+		echo -n "sleep 15; ifconfig $NET_IFACE `get_config ip`" | at now
+		;;
 	crypto-mount )
 		mount_crypto
 		;;
@@ -399,6 +423,16 @@ case "$ACTION" in
 	diskinfo )
 		$SFDISK -L -q -l `find_harddisk`
 		;;
+	poweroff )
+		is_crypto_mounted && umount_crypto
+		log_msg "Turning off the CryptoBox ..."
+		echo "poweroff" | at now
+		;;
+	reboot )
+		is_crypto_mounted && umount_crypto
+		log_msg "Rebooting the CryptoBox ..."
+		echo "reboot" | at now
+		;;
 	get_current_ip )
 		get_current_ip
 		;;

cbox-tree.d/usr/share/cryptobox/lang/de.hdf

@@ -104,6 +104,11 @@ Lang {
     	Title = Ungültige Zeitabschaltung
 	Text  = Der ausgewählte Wert der Zeitabschaltung ist nicht gültig!
 	}
+
+    IPAddressChanged {
+    	Title = Änderung der Netzwerk-Adresse
+	Text  = Die Netzwerk-Adresse der CryptoBox wurde verändert. In wenigen Sekunden werden sie zu der neuen Adresse umgeleitet.
+	}
     }
 
 
@@ -130,12 +135,12 @@ Lang {
 
     PowerOff {
     	Title = Abschaltung
-	Text  =	Die CryptoBox wird gerade heruntergefahren. Spätestens in ein paar Minuten kannst du sie ausschalten.
+	Text  =	Die CryptoBox wird gerade heruntergefahren. In wenigen Sekunden können sie sie ausschalten (falls dies nicht automatisch geschieht).
     }
 
     ReBoot {
     	Title = Neustart
-	Text  =	Die CryptoBox wird gerade neu gestartet. Spätestens in ein paar Minuten ist sie wieder verfügbar.
+	Text  =	Die CryptoBox wird gerade neu gestartet. In wenigen Sekunden ist sie wieder verfügbar.
     }
   }
 

cbox-tree.d/var/www/cgi-bin/cryptobox.pl

@@ -179,7 +179,6 @@ sub umount_vol
 
 sub box_init
 {
-	# TODO: redirect output to pagedata
 	my $pw = shift;
 
 	# partitioning, config and initial cryptsetup
@@ -187,22 +186,22 @@ sub box_init
 	print PW_INPUT $pw;
 	close(PW_INPUT);
 
-	# wipe and mkfs takes some time - it will be done in background
-	system("echo $CB_SCRIPT box-init-bg | at now + 1 minutes >>$LOG_FILE 2>&1");
+	# wipe and mkfs takes some time - it will be done in the background
+	system("$CB_SCRIPT", "box-init-bg");
 }
 
 
 sub system_poweroff()
 {
 	&umount_vol();
-	system("echo /sbin/poweroff | at now + 1 minutes >>$LOG_FILE 2>&1");
+	system("$CB_SCRIPT", "poweroff");
 }
 
 
 sub system_reboot()
 {
 	&umount_vol();
-	system("echo /sbin/reboot | at now + 1 minutes >>$LOG_FILE 2>&1");
+	system("$CB_SCRIPT", "reboot");
 }
 
 
@@ -402,7 +401,20 @@ if ( ! &check_ssl()) {
 	    } else {
 		system("$CB_SCRIPT", "set_config", "language", $query->param('language'));
 		system("$CB_SCRIPT", "set_config", "timeout", $query->param('timeout'));
-		system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
+		# check, if the ip was reconfigured
+		if ($query->param('ip') ne `$CB_SCRIPT get_config ip`)
+		{
+		    # set the new value
+		    system("$CB_SCRIPT", "set_config", "ip", $query->param('ip'));
+		    # reconfigure the network interface
+		    system("$CB_SCRIPT", "update_ip_address");
+		    # redirect to the new address
+		    $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'});
+		    $pagedata->setValue('Data.Redirect.Delay', "5");
+		    # display a warning for the redirection
+		    $pagedata->setValue('Data.Warning', 'IPAddressChanged');
+		}
+
 		# TODO: check for success by comparing with new config and report success
 		$pagedata->setValue('Data.Success', 'ConfigSaved');
 		$pagedata->setValue('Data.Action', 'intro');
@@ -423,7 +435,7 @@ if ( ! &check_ssl()) {
     ##################### pweroff #######################
     } elsif ($action eq 'shutdown_ask') {
 	$pagedata->setValue('Data.Action', 'shutdown_form');
-    ##################### reboot ######################
+    ##################### reboot ########################
     } elsif ($action eq 'shutdown_do') {
 	if ($query->param('type') eq 'reboot') {
 	    &system_reboot();