autocollect.sh / nuci-helper-autocollect should only make requests when opted in
Originally raised https://forum.turris.cz/t/why-does-the-router-access-project-turris-cz-when-im-opted-out-of-data-collection/8377.
At present the autocollect.sh / nuci-helper-autocollect script runs automatically hourly for some reason (part of nuci?? I'm new to this setup) and also daily as part of /etc/cron.d/autocollect
. During this process it immediately calls out to the web (insecurely, see #22 (closed)) to seemingly check if the given device should have Data Collection applied.
In https://gitlab.labs.nic.cz/turris/nuci/blob/master/src/helpers/autocollect.sh
[...]
# Get today's registration code
CODE=$(curl -k -m $TIMEOUT "$CHALLENGE_URL" | atsha204cmd challenge-response | head -c 16)
# Ask for the status of the contract
RESULT=$(curl -s -S -L -H "Accept: plain/text" --cacert "$CA_FILE" --cert-status -m "$TIMEOUT" "$CONTRACT_URL$CODE" | sed -ne 's/^result: *\(..*\)/\1/p')
if [ "$RESULT" = "valid" ] ; then
if uci -d'
' get updater.pkglists.lists | grep -q -F i_agree_datacollect ; then
: # Already there
else
echo "The contract is still valid, force-adding i_agree_datacollect user list" | logger -t nuci -p daemon.warning
uci add_list updater.pkglists.lists=i_agree_datacollect
uci commit updater
fi
[...]
My device is opted out of Data Collection and so these online checks should *not be occurring They should only occur after and when the user has opted in on their router to perform Data Collection. The way the script is written at present, it relies on this remote information as a configuration flag in order to decide if it should run or not. My device should rely on its own settings to decide whether it is opted in or not.
In fact, it would be preferable to save on processing time by not running these scripts at all (eg remove them from cron.d and the thing that runs them hourly) when the user is opted out of Data Collection.
My device is a Turris Omnia and I am on 3.10.7.