Only update files when they change

src/freedombone-app-keyserver

@@ -66,7 +66,7 @@ function keyserver_watchdog {
     read_config_param KEYSERVER_DOMAIN_NAME
 
     # check database size hourly
-    keyserver_watchdog_script=/etc/cron.hourly/keyserver-watchdog
+    keyserver_watchdog_script=/tmp/keyserver-watchdog
     echo '#!/bin/bash' > $keyserver_watchdog_script
     echo "dirsize=\$(du /var/lib/sks/DB | awk -F ' ' '{print \$1}')" >> $keyserver_watchdog_script
     echo 'if [ $dirsize -gt 450000 ]; then' >> $keyserver_watchdog_script
@@ -80,8 +80,18 @@ function keyserver_watchdog {
     echo "    echo \"$keyserver_disabled_warning\" | mail -s \"$keyserver_mail_subject_line_disabled\" $ADMIN_EMAIL_ADDRESS" >> $keyserver_watchdog_script
     echo '  fi' >> $keyserver_watchdog_script
     echo 'fi' >> $keyserver_watchdog_script
-
     chmod +x $keyserver_watchdog_script
+
+    if [ ! -f /etc/cron.hourly/keyserver-watchdog ]; then
+        cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog
+    else
+        HASH1=$(sha256sum $keyserver_watchdog_script | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum /etc/cron.hourly/keyserver-watchdog | awk -F ' ' '{print $1}')
+        if [[ "$HASH1" != "$HASH2" ]]; then
+            cp $keyserver_watchdog_script /etc/cron.hourly/keyserver-watchdog
+        fi
+    fi
+    rm $keyserver_watchdog_script
 }
 
 

src/freedombone-base-email

@@ -326,11 +326,10 @@ function encrypt_all_email {
     fi
 
     if [ -f /usr/local/bin/${PROJECT_NAME}-encrypt-mail ]; then
-        cp /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+        cp -u /usr/local/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
     else
-        cp /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
+        cp -u /usr/bin/${PROJECT_NAME}-encrypt-mail /usr/bin/encmaildir
     fi
-    chmod +x /usr/bin/encmaildir
 
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return
@@ -1648,7 +1647,7 @@ function configure_gpg {
 }
 
 function refresh_gpg_keys {
-    REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys
+    REFRESH_GPG_KEYS_SCRIPT=/tmp/update-gpg-keys
     echo '#!/bin/bash' > $REFRESH_GPG_KEYS_SCRIPT
     echo "if [ -f /usr/local/bin/${PROJECT_NAME}-sec ]; then" >> $REFRESH_GPG_KEYS_SCRIPT
     echo "    /usr/bin/timeout 600 /usr/local/bin/${PROJECT_NAME}-sec --refresh yes" >> $REFRESH_GPG_KEYS_SCRIPT
@@ -1658,6 +1657,18 @@ function refresh_gpg_keys {
     echo 'exit 0' >> $REFRESH_GPG_KEYS_SCRIPT
     chmod +x $REFRESH_GPG_KEYS_SCRIPT
 
+    if [ ! -f /usr/bin/update-gpg-keys ]; then
+        cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys
+    else
+        HASH1=$(sha256sum $REFRESH_GPG_KEYS_SCRIPT | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum /usr/bin/update-gpg-keys | awk -F ' ' '{print $1}')
+        if [[ "$HASH1" != "$HASH2" ]]; then
+            cp $REFRESH_GPG_KEYS_SCRIPT /usr/bin/update-gpg-keys
+        fi
+        rm $REFRESH_GPG_KEYS_SCRIPT
+    fi
+
+    REFRESH_GPG_KEYS_SCRIPT=/usr/bin/update-gpg-keys
     if grep -q "${PROJECT_NAME}-sec" /etc/crontab; then
         sed -i "/${PROJECT_NAME}-sec /d" /etc/crontab
     fi

src/freedombone-client

@@ -96,7 +96,7 @@ function refresh_gpg_keys {
     fi
     sudo cp /etc/crontab ~/temp_crontab
     sudo chown $CURR_USER:$CURR_GROUP ~/temp_crontab
-    if ! grep -q "gpg --refresh-keys" ~/temp_crontab; then
+    if ! grep -q 'gpg --refresh-keys' ~/temp_crontab; then
         echo "0            */$REFRESH_GPG_KEYS_HOURS *   *   *   $CURR_USER /usr/bin/gpg --refresh-keys > /dev/null" >> ~/temp_crontab
         sudo cp ~/temp_crontab /etc/crontab
         sudo chown root:root /etc/crontab

src/freedombone-utils-git

@@ -95,10 +95,10 @@ function set_repo_commit {
             chown -R www-data:www-data $repo_dir
         fi
         if [[ $repo_dir == *"gpgit" ]]; then
-            cp gpgit.pl /usr/bin/gpgit.pl
+            cp -u gpgit.pl /usr/bin/gpgit.pl
         fi
         if [[ $repo_dir == *"cleanup-maildir" ]]; then
-            cp $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
+            cp -u $INSTALL_DIR/cleanup-maildir/cleanup-maildir /usr/bin
         fi
         if [[ $repo_dir == *"nginx_ensite" ]]; then
             make install

src/freedombone-utils-setup

@@ -145,7 +145,9 @@ function separate_tmp_filesystem {
 }
 
 function proc_filesystem_settings {
-    sed -i 's|proc /proc proc defaults |proc /proc proc defaults,nodev,nosuid |g' /etc/fstab
+    if ! grep -q "proc proc defaults,nodev,nosuid " /etc/fstab; then
+       sed -i 's|proc /proc proc defaults |proc /proc proc defaults,nodev,nosuid |g' /etc/fstab
+    fi
 }
 
 function remove_bluetooth {

src/freedombone-utils-upgrade

@@ -32,7 +32,16 @@
 UPGRADE_SCRIPT_NAME="${PROJECT_NAME}-upgrade"
 
 function create_upgrade_script {
-    cp $(which ${PROJECT_NAME}-upgrade) /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+    upgrade_command_file=$(which ${PROJECT_NAME}-upgrade)
+    if [ ! -f /etc/cron.weekly/$UPGRADE_SCRIPT_NAME ]; then
+        cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+    else
+        HASH1=$(sha256sum $upgrade_command_file | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum /etc/cron.weekly/$UPGRADE_SCRIPT_NAME | awk -F ' ' '{print $1}')
+        if [[ "$HASH1" != "$HASH2" ]]; then
+            cp $upgrade_command_file /etc/cron.weekly/$UPGRADE_SCRIPT_NAME
+        fi
+    fi
 
     if [[ $(is_completed $FUNCNAME) == "1" ]]; then
         return

src/freedombone-utils-web

@@ -318,8 +318,8 @@ function letsencrypt_renewals {
         return
     fi
 
-    renewals_script=/etc/cron.monthly/letsencrypt
-    renewals_retry_script=/etc/cron.daily/letsencrypt
+    renewals_script=/tmp/renewals_letsencrypt
+    renewals_retry_script=/tmp/renewals_retry_letsencrypt
     renewal_failure_msg=$'The certificate for $LETSENCRYPT_DOMAIN could not be renewed'
     renewal_email_title=$'${PROJECT_NAME} Lets Encrypt certificate renewal'
 
@@ -361,6 +361,17 @@ function letsencrypt_renewals {
     echo 'fi' >> $renewals_script
     chmod +x $renewals_script
 
+    if [ ! -f /etc/cron.monthly/letsencrypt ]; then
+        cp $renewals_script /etc/cron.monthly/letsencrypt
+    else
+        HASH1=$(sha256sum $renewals_script | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum /etc/cron.monthly/letsencrypt | awk -F ' ' '{print $1}')
+        if [[ "$HASH1" != "$HASH2" ]]; then
+            cp $renewals_script /etc/cron.monthly/letsencrypt
+        fi
+    fi
+    rm $renewals_script
+
     # a secondary script keeps trying to renew after a failure
     echo '#!/bin/bash' > $renewals_retry_script
     echo '' >> $renewals_retry_script
@@ -398,6 +409,17 @@ function letsencrypt_renewals {
     echo '    fi' >> $renewals_retry_script
     echo 'fi' >> $renewals_retry_script
     chmod +x $renewals_retry_script
+
+    if [ ! -f /etc/cron.daily/letsencrypt ]; then
+        cp $renewals_retry_script /etc/cron.daily/letsencrypt
+    else
+        HASH1=$(sha256sum $renewals_retry_script | awk -F ' ' '{print $1}')
+        HASH2=$(sha256sum /etc/cron.daily/letsencrypt | awk -F ' ' '{print $1}')
+        if [[ "$HASH1" != "$HASH2" ]]; then
+            cp $renewals_retry_script /etc/cron.daily/letsencrypt
+        fi
+    fi
+    rm $renewals_retry_script
 }
 
 function configure_php {