From df35a47df0a3b7a064db71a81ee33479779a3f1b Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Tue, 24 Sep 2019 17:40:51 +0200
Subject: [PATCH] Migration

---
 entrypoint.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/entrypoint.sh b/entrypoint.sh
index 9ea3b88..d8b1269 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -71,19 +71,23 @@ provider_info() {
 
 dnscrypt_wrapper_compat() {
     if [ ! -d "$LEGACY_KEYS_DIR" ]; then
+        echo "Neither [${KEYS_DIR}] doesn't seem to contain the required DNS provider information, and a [${LEGACY_KEYS_DIR}] directory wasn't found either" >&2
         return 1
     fi
     echo "Legacy [$LEGACY_KEYS_DIR] directory found" >&2
     if [ -d "${KEYS_DIR}/provider_name" ]; then
-        echo "Both [${LEGACY_KEYS_DIR}] and [${KEYS_DIR}] are present and not empty - This is not expected" >&2
+        echo "Both [${LEGACY_KEYS_DIR}] and [${KEYS_DIR}] are present and not empty - This is not expected." >&2
         return 1
     fi
     if [ ! -f "${LEGACY_KEYS_DIR}/secret.key" ]; then
         echo "No secret key in [${LEGACY_KEYS_DIR}/secret.key], this is not expected." >&2
+        echo >&2
         echo "If you are migrating from a container previously running dnscrypt-wrapper," >&2
         echo "make sure that the [${LEGACY_KEYS_DIR}] directory is mounted." >&2
+        echo >&2
         echo "If you are setting up a brand new server, maybe you've been following" >&2
         echo "an outdated tutorial." >&2
+        echo >&2
         echo "The key directory should be mounted as [${KEYS_DIR}] and not [$LEGACY_KEYS_DIR]." >&2
         return 1
     fi
@@ -96,7 +100,13 @@ dnscrypt_wrapper_compat() {
     sed -e "s#${KEYS_DIR}#${LEGACY_KEYS_DIR}#g" <"$CONFIG_FILE_TEMPLATE" >"${CONFIG_FILE_TEMPLATE}.tmp" &&
         mv -f "${CONFIG_FILE_TEMPLATE}.tmp" "$CONFIG_FILE_TEMPLATE" || exit 1
     provider_name=$(cat "${LEGACY_KEYS_DIR}/provider_name")
-    ext_address="0.0.0.0:443"
+    if [ -f "${LEGACY_KEYS_DIR}/provider-info.txt" ]; then
+        ext_address=$(grep -F -- "--resolver-address=" "${LEGACY_KEYS_DIR}/provider-info.txt" 2>/dev/null | cut -d'=' -f2 | sed 's/ //g')
+    fi
+    if [ -z "$ext_address" ]; then
+        echo "(we were not able to find the previous external IP address, the printed stamp will be wrong, but the previous stamp will keep working)" >&2
+        ext_address="0.0.0.0:443"
+    fi
     sed \
         -e "s/@PROVIDER_NAME@/${provider_name}/" \
         -e "s/@EXTERNAL_IPV4@/${ext_address}/" \
@@ -106,14 +116,16 @@ dnscrypt_wrapper_compat() {
         --config "$CONFIG_FILE" \
         --import-from-dnscrypt-wrapper "${LEGACY_KEYS_DIR}/secret.key" \
         --dry-run >/dev/null || exit 1
+    chmod 600 "${LEGACY_KEYS_DIR}/secret.key"
     echo "Done!" >&2
     echo >&2
+    export KEYS_DIR="$LEGACY_KEYS_DIR"
 }
 
 is_initialized() {
     if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] || [ ! -f "${KEYS_DIR}/provider-info.txt" ] || [ ! -f "${KEYS_DIR}/provider_name" ]; then
         if dnscrypt_wrapper_compat; then
-            if [ ! -f "${LEGACY_KEYS_DIR}/encrypted-dns.state" ] || [ ! -f "${LEGACY_KEYS_DIR}/provider-info.txt" ] || [ ! -f "${LEGACY_KEYS_DIR}/provider_name" ]; then
+            if [ ! -f "${KEYS_DIR}/encrypted-dns.state" ] || [ ! -f "${KEYS_DIR}/provider_name" ]; then
                 echo no
             else
                 echo yes