Merge pull request #53 from home-assistant/dev

Release 0.27

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "home-assistant-polymer"]
+	path = home-assistant-polymer
+	url = https://github.com/home-assistant/home-assistant-polymer

API.md

@@ -43,7 +43,9 @@ The addons from `addons` are only installed one.
             "repository": "12345678|null",
             "version": "LAST_VERSION",
             "installed": "INSTALL_VERSION",
-            "detached": "bool"
+            "detached": "bool",
+            "build": "bool",
+            "url": "null|url"
         }
     ],
     "addons_repositories": [
@@ -67,7 +69,9 @@ Get all available addons
             "repository": "core|local|REP_ID",
             "version": "LAST_VERSION",
             "installed": "none|INSTALL_VERSION",
-            "detached": "bool"
+            "detached": "bool",
+            "build": "bool",
+            "url": "null|url"
         }
     ],
     "repositories": [
@@ -108,6 +112,40 @@ Reload addons/version.
 
 Output the raw docker log
 
+### Security
+
+- GET `/security/info`
+```json
+{
+    "initialize": "bool",
+    "totp": "bool"
+}
+```
+
+- POST `/security/options`
+```json
+{
+    "password": "xy"
+}
+```
+
+- POST `/security/totp`
+```json
+{
+    "password": "xy"
+}
+```
+
+Return QR-Code
+
+- POST `/security/session`
+```json
+{
+    "password": "xy",
+    "totp": "null|123456"
+}
+```
+
 ### Host
 
 - POST `/host/shutdown`
@@ -190,6 +228,7 @@ Output the raw docker log
     "last_version": "LAST_VERSION",
     "state": "started|stopped",
     "boot": "auto|manual",
+    "build": "bool",
     "options": {},
 }
 ```

hassio/addons/__init__.py

@@ -191,7 +191,7 @@ class AddonManager(AddonsData):
             return False
 
         version = version or self.get_last_version(addon)
-        is_running = self.dockers[addon].is_running()
+        is_running = await self.dockers[addon].is_running()
 
         # update
         if await self.dockers[addon].update(version):

hassio/addons/data.py

@@ -13,8 +13,8 @@ from .validate import (
 from ..const import (
     FILE_HASSIO_ADDONS, ATTR_NAME, ATTR_VERSION, ATTR_SLUG, ATTR_DESCRIPTON,
     ATTR_STARTUP, ATTR_BOOT, ATTR_MAP, ATTR_OPTIONS, ATTR_PORTS, BOOT_AUTO,
-    DOCKER_REPO, ATTR_SCHEMA, ATTR_IMAGE, MAP_CONFIG, MAP_SSL, MAP_ADDONS,
-    MAP_BACKUP, ATTR_REPOSITORY, ATTR_URL, ATTR_ARCH)
+    ATTR_SCHEMA, ATTR_IMAGE, MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP,
+    ATTR_REPOSITORY, ATTR_URL, ATTR_ARCH, ATTR_LOCATON)
 from ..config import Config
 from ..tools import read_json_file, write_json_file
 
@@ -109,6 +109,7 @@ class AddonsData(Config):
 
                 # store
                 addon_config[ATTR_REPOSITORY] = repository
+                addon_config[ATTR_LOCATON] = str(addon.parent)
                 self._addons_cache[addon_slug] = addon_config
 
             except OSError:
@@ -148,12 +149,13 @@ class AddonsData(Config):
         """
         have_change = False
 
-        for addon, data in self._system_data.items():
+        for addon in self.list_installed:
             # detached
             if addon not in self._addons_cache:
                 continue
 
             cache = self._addons_cache[addon]
+            data = self._system_data[addon]
             if data[ATTR_VERSION] == cache[ATTR_VERSION]:
                 if data != cache:
                     self._system_data[addon] = copy.deepcopy(cache)
@@ -165,20 +167,12 @@ class AddonsData(Config):
     @property
     def list_installed(self):
         """Return a list of installed addons."""
-        return set(self._system_data.keys())
+        return set(self._system_data)
 
     @property
-    def data_all(self):
+    def list_all(self):
         """Return a dict of all addons."""
-        return {
-            **self._system_data,
-            **self._addons_cache
-        }
-
-    @property
-    def data_installed(self):
-        """Return a dict of installed addons."""
-        return self._system_data.copy()
+        return set(self._system_data) | set(self._addons_cache)
 
     def list_startup(self, start_type):
         """Get list of installed addon with need start by type."""
@@ -270,21 +264,27 @@ class AddonsData(Config):
 
     def get_name(self, addon):
         """Return name of addon."""
+        if addon in self._addons_cache:
+            return self._addons_cache[addon][ATTR_NAME]
         return self._system_data[addon][ATTR_NAME]
 
     def get_description(self, addon):
         """Return description of addon."""
+        if addon in self._addons_cache:
+            return self._addons_cache[addon][ATTR_DESCRIPTON]
         return self._system_data[addon][ATTR_DESCRIPTON]
 
     def get_repository(self, addon):
         """Return repository of addon."""
+        if addon in self._addons_cache:
+            return self._addons_cache[addon][ATTR_REPOSITORY]
         return self._system_data[addon][ATTR_REPOSITORY]
 
     def get_last_version(self, addon):
         """Return version of addon."""
-        if addon not in self._addons_cache:
-            return self.version_installed(addon)
-        return self._addons_cache[addon][ATTR_VERSION]
+        if addon in self._addons_cache:
+            return self._addons_cache[addon][ATTR_VERSION]
+        return self.version_installed(addon)
 
     def get_ports(self, addon):
         """Return ports of addon."""
@@ -292,24 +292,36 @@ class AddonsData(Config):
 
     def get_url(self, addon):
         """Return url of addon."""
+        if addon in self._addons_cache:
+            return self._addons_cache[addon].get(ATTR_URL)
         return self._system_data[addon].get(ATTR_URL)
 
     def get_arch(self, addon):
         """Return list of supported arch."""
-        if addon not in self._addons_cache:
-            return self._system_data[addon][ATTR_ARCH]
-        return self._addons_cache[addon][ATTR_ARCH]
+        if addon in self._addons_cache:
+            return self._addons_cache[addon][ATTR_ARCH]
+        return self._system_data[addon][ATTR_ARCH]
 
     def get_image(self, addon):
         """Return image name of addon."""
         addon_data = self._system_data.get(
-            addon, self._addons_cache.get(addon))
+            addon, self._addons_cache.get(addon)
+        )
 
-        if ATTR_IMAGE not in addon_data:
-            return "{}/{}-addon-{}".format(
-                DOCKER_REPO, self.arch, addon_data[ATTR_SLUG])
+        # Repository with dockerhub images
+        if ATTR_IMAGE in addon_data:
+            return addon_data[ATTR_IMAGE].format(arch=self.arch)
 
-        return addon_data[ATTR_IMAGE].format(arch=self.arch)
+        # local build
+        return "{}/{}-addon-{}".format(
+            addon_data[ATTR_REPOSITORY], self.arch, addon_data[ATTR_SLUG])
+
+    def need_build(self, addon):
+        """Return True if this  addon need a local build."""
+        addon_data = self._system_data.get(
+            addon, self._addons_cache.get(addon)
+        )
+        return ATTR_IMAGE not in addon_data
 
     def map_config(self, addon):
         """Return True if config map is needed."""
@@ -333,12 +345,16 @@ class AddonsData(Config):
 
     def path_extern_data(self, addon):
         """Return addon data path external for docker."""
-        return str(PurePath(self.config.path_extern_addons_data, addon))
+        return PurePath(self.config.path_extern_addons_data, addon)
 
     def path_addon_options(self, addon):
         """Return path to addons options."""
         return Path(self.path_data(addon), "options.json")
 
+    def path_addon_location(self, addon):
+        """Return path to this addon."""
+        return Path(self._addons_cache[addon][ATTR_LOCATON])
+
     def write_addon_options(self, addon):
         """Return True if addon options is written to data."""
         schema = self.get_schema(addon)

hassio/addons/validate.py

@@ -70,10 +70,10 @@ def validate_options(raw_schema):
             try:
                 if isinstance(typ, list):
                     # nested value
-                    options[key] = _nested_validate(typ[0], value)
+                    options[key] = _nested_validate(typ[0], value, key)
                 else:
                     # normal value
-                    options[key] = _single_validate(typ, value)
+                    options[key] = _single_validate(typ, value, key)
             except (IndexError, KeyError):
                 raise vol.Invalid(
                     "Type error for {}.".format(key)) from None
@@ -84,12 +84,12 @@ def validate_options(raw_schema):
 
 
 # pylint: disable=no-value-for-parameter
-def _single_validate(typ, value):
+def _single_validate(typ, value, key):
     """Validate a single element."""
     try:
         # if required argument
         if value is None:
-            raise vol.Invalid("A required argument is not set!")
+            raise vol.Invalid("Missing required option '{}'.".format(key))
 
         if typ == V_STR:
             return str(value)
@@ -104,13 +104,13 @@ def _single_validate(typ, value):
         elif typ == V_URL:
             return vol.Url()(value)
 
-        raise vol.Invalid("Fatal error for {}.".format(value))
+        raise vol.Invalid("Fatal error for {} type {}.".format(key, typ))
     except ValueError:
         raise vol.Invalid(
-            "Type {} error for {}.".format(typ, value)) from None
+            "Type {} error for '{}' on {}.".format(typ, value, key)) from None
 
 
-def _nested_validate(typ, data_list):
+def _nested_validate(typ, data_list, key):
     """Validate nested items."""
     options = []
 
@@ -123,10 +123,10 @@ def _nested_validate(typ, data_list):
                     raise vol.Invalid(
                         "Unknown nested options {}.".format(c_key))
 
-                c_options[c_key] = _single_validate(typ[c_key], c_value)
+                c_options[c_key] = _single_validate(typ[c_key], c_value, c_key)
             options.append(c_options)
         # normal list
         else:
-            options.append(_single_validate(typ, element))
+            options.append(_single_validate(typ, element, key))
 
     return options

hassio/api/__init__.py

@@ -1,5 +1,6 @@
 """Init file for HassIO rest api."""
 import logging
+from pathlib import Path
 
 from aiohttp import web
 
@@ -8,6 +9,7 @@ from .homeassistant import APIHomeAssistant
 from .host import APIHost
 from .network import APINetwork
 from .supervisor import APISupervisor
+from .security import APISecurity
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -86,6 +88,22 @@ class RestAPI(object):
             '/addons/{addon}/options', api_addons.options)
         self.webapp.router.add_get('/addons/{addon}/logs', api_addons.logs)
 
+    def register_security(self):
+        """Register security function."""
+        api_security = APISecurity(self.config, self.loop)
+
+        self.webapp.router.add_get('/security/info', api_security.info)
+        self.webapp.router.add_post('/security/options', api_security.options)
+        self.webapp.router.add_post('/security/totp', api_security.totp)
+        self.webapp.router.add_post('/security/session', api_security.session)
+
+    def register_panel(self):
+        """Register panel for homeassistant."""
+        panel_dir = Path(__file__).parents[1].joinpath('panel')
+
+        self.webapp.router.register_resource(
+            web.StaticResource('/panel', str(panel_dir)))
+
     async def start(self):
         """Run rest api webserver."""
         self._handler = self.webapp.make_handler(loop=self.loop)

hassio/api/addons.py

@@ -9,7 +9,7 @@ from .util import api_process, api_process_raw, api_validate
 from ..const import (
     ATTR_VERSION, ATTR_LAST_VERSION, ATTR_STATE, ATTR_BOOT, ATTR_OPTIONS,
     ATTR_URL, ATTR_DESCRIPTON, ATTR_DETACHED, ATTR_NAME, ATTR_REPOSITORY,
-    STATE_STOPPED, STATE_STARTED, BOOT_AUTO, BOOT_MANUAL)
+    ATTR_BUILD, STATE_STOPPED, STATE_STARTED, BOOT_AUTO, BOOT_MANUAL)
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -59,6 +59,7 @@ class APIAddons(object):
             ATTR_OPTIONS: self.addons.get_options(addon),
             ATTR_URL: self.addons.get_url(addon),
             ATTR_DETACHED: addon in self.addons.list_detached,
+            ATTR_BUILD: self.addons.need_build(addon),
         }
 
     @api_process

hassio/api/homeassistant.py

@@ -26,13 +26,11 @@ class APIHomeAssistant(object):
     @api_process
     async def info(self, request):
         """Return host information."""
-        info = {
+        return {
             ATTR_VERSION: self.homeassistant.version,
             ATTR_LAST_VERSION: self.config.last_homeassistant,
         }
 
-        return info
-
     @api_process
     async def update(self, request):
         """Update homeassistant."""

hassio/api/security.py

@@ -0,0 +1,102 @@
+"""Init file for HassIO security rest api."""
+from datetime import datetime, timedelta
+import io
+import logging
+import hashlib
+import os
+
+from aiohttp import web
+import voluptuous as vol
+import pyotp
+import pyqrcode
+
+from .util import api_process, api_validate, hash_password
+from ..const import ATTR_INITIALIZE, ATTR_PASSWORD, ATTR_TOTP, ATTR_SESSION
+
+_LOGGER = logging.getLogger(__name__)
+
+SCHEMA_PASSWORD = vol.Schema({
+    vol.Required(ATTR_PASSWORD): vol.Coerce(str),
+})
+
+SCHEMA_SESSION = SCHEMA_PASSWORD.extend({
+    vol.Optional(ATTR_TOTP, default=None): vol.Coerce(str),
+})
+
+
+class APISecurity(object):
+    """Handle rest api for security functions."""
+
+    def __init__(self, config, loop):
+        """Initialize security rest api part."""
+        self.config = config
+        self.loop = loop
+
+    def _check_password(self, body):
+        """Check if password is valid and security is initialize."""
+        if not self.config.security_initialize:
+            raise RuntimeError("First set a password")
+
+        password = hash_password(body[ATTR_PASSWORD])
+        if password != self.config.security_password:
+            raise RuntimeError("Wrong password")
+
+    @api_process
+    async def info(self, request):
+        """Return host information."""
+        return {
+            ATTR_INITIALIZE: self.config.security_initialize,
+            ATTR_TOTP: self.config.security_totp is not None,
+        }
+
+    @api_process
+    async def options(self, request):
+        """Set options / password."""
+        body = await api_validate(SCHEMA_PASSWORD, request)
+
+        if self.config.security_initialize:
+            raise RuntimeError("Password is already set!")
+
+        self.config.security_password = hash_password(body[ATTR_PASSWORD])
+        self.config.security_initialize = True
+        return True
+
+    @api_process
+    async def totp(self, request):
+        """Set and initialze TOTP."""
+        body = await api_validate(SCHEMA_PASSWORD, request)
+        self._check_password(body)
+
+        # generate TOTP
+        totp_init_key = pyotp.random_base32()
+        totp = pyotp.TOTP(totp_init_key)
+
+        # init qrcode
+        buff = io.BytesIO()
+
+        qrcode = pyqrcode.create(totp.provisioning_uri("Hass.IO"))
+        qrcode.svg(buff)
+
+        # finish
+        self.config.security_totp = totp_init_key
+        return web.Response(body=buff.getvalue(), content_type='image/svg+xml')
+
+    @api_process
+    async def session(self, request):
+        """Set and initialze session."""
+        body = await api_validate(SCHEMA_SESSION, request)
+        self._check_password(body)
+
+        # check TOTP
+        if self.config.security_totp:
+            totp = pyotp.TOTP(self.config.security_totp)
+            if body[ATTR_TOTP] != totp.now():
+                raise RuntimeError("Invalid TOTP token!")
+
+        # create session
+        valid_until = datetime.now() + timedelta(days=1)
+        session = hashlib.sha256(os.urandom(54)).hexdigest()
+
+        # store session
+        self.config.security_sessions = (session, valid_until)
+        return {ATTR_SESSION: session}

hassio/api/supervisor.py

@@ -10,7 +10,8 @@ from ..const import (
     ATTR_ADDONS, ATTR_VERSION, ATTR_LAST_VERSION, ATTR_BETA_CHANNEL,
     HASSIO_VERSION, ATTR_ADDONS_REPOSITORIES, ATTR_REPOSITORIES,
     ATTR_REPOSITORY, ATTR_DESCRIPTON, ATTR_NAME, ATTR_SLUG, ATTR_INSTALLED,
-    ATTR_DETACHED, ATTR_SOURCE, ATTR_MAINTAINER, ATTR_URL, ATTR_ARCH)
+    ATTR_DETACHED, ATTR_SOURCE, ATTR_MAINTAINER, ATTR_URL, ATTR_ARCH,
+    ATTR_BUILD)
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -41,23 +42,23 @@ class APISupervisor(object):
         detached = self.addons.list_detached
 
         if only_installed:
-            addons = self.addons.data_installed
+            addons = self.addons.list_installed
         else:
-            addons = self.addons.data_all
+            addons = self.addons.list_all
 
         data = []
-        for addon, values in addons.items():
-            i_version = self.addons.version_installed(addon)
-
+        for addon in addons:
             data.append({
-                ATTR_NAME: values[ATTR_NAME],
+                ATTR_NAME: self.addons.get_name(addon),
                 ATTR_SLUG: addon,
-                ATTR_DESCRIPTON: values[ATTR_DESCRIPTON],
-                ATTR_VERSION: values[ATTR_VERSION],
-                ATTR_INSTALLED: i_version,
-                ATTR_ARCH: values[ATTR_ARCH],
+                ATTR_DESCRIPTON: self.addons.get_description(addon),
+                ATTR_VERSION: self.addons.get_last_version(addon),
+                ATTR_INSTALLED: self.addons.version_installed(addon),
+                ATTR_ARCH: self.addons.get_arch(addon),
                 ATTR_DETACHED: addon in detached,
-                ATTR_REPOSITORY: values[ATTR_REPOSITORY],
+                ATTR_REPOSITORY: self.addons.get_repository(addon),
+                ATTR_BUILD: self.addons.need_build(addon),
+                ATTR_URL: self.addons.get_url(addon),
             })
 
         return data

hassio/api/util.py

@@ -1,5 +1,6 @@
 """Init file for HassIO util for rest api."""
 import json
+import hashlib
 import logging
 
 from aiohttp import web
@@ -32,6 +33,8 @@ def api_process(method):
 
         if isinstance(answer, dict):
             return api_return_ok(data=answer)
+        if isinstance(answer, web.Response):
+            return answer
         elif answer:
             return api_return_ok()
         return api_return_error()
@@ -101,3 +104,9 @@ async def api_validate(schema, request):
         raise RuntimeError(humanize_error(data, ex)) from None
 
     return data
+
+
+def hash_password(password):
+    """Hash and salt our passwords."""
+    key = ")*()*SALT_HASSIO2123{}6554547485HSKA!!*JSLAfdasda$".format(password)
+    return hashlib.sha256(key.encode()).hexdigest()

hassio/bootstrap.py

@@ -42,6 +42,11 @@ def initialize_system_data(websession):
                      config.path_addons_git)
         config.path_addons_git.mkdir(parents=True)
 
+    if not config.path_addons_build.is_dir():
+        _LOGGER.info("Create Home-Assistant addon build folder %s",
+                     config.path_addons_build)
+        config.path_addons_build.mkdir(parents=True)
+
     # homeassistant backup folder
     if not config.path_backup.is_dir():
         _LOGGER.info("Create Home-Assistant backup folder %s",

hassio/config.py

@@ -1,4 +1,5 @@
 """Bootstrap HassIO."""
+from datetime import datetime
 import logging
 import json
 import os
@@ -13,6 +14,8 @@ from .tools import (
 
 _LOGGER = logging.getLogger(__name__)
 
+DATETIME_FORMAT = "%Y%m%d %H:%M:%S"
+
 HOMEASSISTANT_CONFIG = PurePath("homeassistant")
 HOMEASSISTANT_LAST = 'homeassistant_last'
 
@@ -24,6 +27,7 @@ ADDONS_CORE = PurePath("addons/core")
 ADDONS_LOCAL = PurePath("addons/local")
 ADDONS_GIT = PurePath("addons/git")
 ADDONS_DATA = PurePath("addons/data")
+ADDONS_BUILD = PurePath("addons/build")
 ADDONS_CUSTOM_LIST = 'addons_custom_list'
 
 BACKUP_DATA = PurePath("backup")
@@ -32,6 +36,11 @@ UPSTREAM_BETA = 'upstream_beta'
 
 API_ENDPOINT = 'api_endpoint'
 
+SECURITY_INITIALIZE = 'security_initialize'
+SECURITY_TOTP = 'security_totp'
+SECURITY_PASSWORD = 'security_password'
+SECURITY_SESSIONS = 'security_sessions'
+
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_CONFIG = vol.Schema({
@@ -41,6 +50,11 @@ SCHEMA_CONFIG = vol.Schema({
     vol.Optional(HASSIO_LAST): vol.Coerce(str),
     vol.Optional(HASSIO_CLEANUP): vol.Coerce(str),
     vol.Optional(ADDONS_CUSTOM_LIST, default=[]): [vol.Url()],
+    vol.Optional(SECURITY_INITIALIZE, default=False): vol.Boolean(),
+    vol.Optional(SECURITY_TOTP): vol.Coerce(str),
+    vol.Optional(SECURITY_PASSWORD): vol.Coerce(str),
+    vol.Optional(SECURITY_SESSIONS, default={}):
+        {vol.Coerce(str): vol.Coerce(str)},
 }, extra=vol.REMOVE_EXTRA)
 
 
@@ -192,7 +206,7 @@ class CoreConfig(Config):
     @property
     def path_extern_addons_local(self):
         """Return path for customs addons."""
-        return str(PurePath(self.path_extern_hassio, ADDONS_LOCAL))
+        return PurePath(self.path_extern_hassio, ADDONS_LOCAL)
 
     @property
     def path_addons_data(self):
@@ -202,7 +216,12 @@ class CoreConfig(Config):
     @property
     def path_extern_addons_data(self):
         """Return root addon data folder extern for docker."""
-        return str(PurePath(self.path_extern_hassio, ADDONS_DATA))
+        return PurePath(self.path_extern_hassio, ADDONS_DATA)
+
+    @property
+    def path_addons_build(self):
+        """Return root addon build folder."""
+        return Path(HASSIO_SHARE, ADDONS_BUILD)
 
     @property
     def path_backup(self):
@@ -212,7 +231,7 @@ class CoreConfig(Config):
     @property
     def path_extern_backup(self):
         """Return root backup data folder extern for docker."""
-        return str(PurePath(self.path_extern_hassio, BACKUP_DATA))
+        return PurePath(self.path_extern_hassio, BACKUP_DATA)
 
     @property
     def addons_repositories(self):
@@ -235,3 +254,55 @@ class CoreConfig(Config):
 
         self._data[ADDONS_CUSTOM_LIST].remove(repo)
         self.save()
+
+    @property
+    def security_initialize(self):
+        """Return is security was initialize."""
+        return self._data[SECURITY_INITIALIZE]
+
+    @security_initialize.setter
+    def security_initialize(self, value):
+        """Set is security initialize."""
+        self._data[SECURITY_INITIALIZE] = value
+        self.save()
+
+    @property
+    def security_totp(self):
+        """Return the TOTP key."""
+        return self._data.get(SECURITY_TOTP)
+
+    @security_totp.setter
+    def security_totp(self, value):
+        """Set the TOTP key."""
+        self._data[SECURITY_TOTP] = value
+        self.save()
+
+    @property
+    def security_password(self):
+        """Return the password key."""
+        return self._data.get(SECURITY_PASSWORD)
+
+    @security_password.setter
+    def security_password(self, value):
+        """Set the password key."""
+        self._data[SECURITY_PASSWORD] = value
+        self.save()
+
+    @property
+    def security_sessions(self):
+        """Return api sessions."""
+        return {session: datetime.strptime(until, DATETIME_FORMAT) for
+                session, until in self._data[SECURITY_SESSIONS].items()}
+
+    @security_sessions.setter
+    def security_sessions(self, value):
+        """Set the a new session."""
+        session, valid = value
+        if valid is None:
+            self._data[SECURITY_SESSIONS].pop(session, None)
+        else:
+            self._data[SECURITY_SESSIONS].update(
+                {session: valid.strftime(DATETIME_FORMAT)}
+            )
+
+        self.save()

hassio/const.py

@@ -1,7 +1,7 @@
 """Const file for HassIO."""
 from pathlib import Path
 
-HASSIO_VERSION = '0.23'
+HASSIO_VERSION = '0.27'
 
 URL_HASSIO_VERSION = ('https://raw.githubusercontent.com/home-assistant/'
                       'hassio/master/version.json')
@@ -10,14 +10,13 @@ URL_HASSIO_VERSION_BETA = ('https://raw.githubusercontent.com/home-assistant/'
 
 URL_HASSIO_ADDONS = 'https://github.com/home-assistant/hassio-addons'
 
-DOCKER_REPO = "homeassistant"
-
 HASSIO_SHARE = Path("/data")
 
 RUN_UPDATE_INFO_TASKS = 28800
 RUN_UPDATE_SUPERVISOR_TASKS = 29100
 RUN_RELOAD_ADDONS_TASKS = 28800
 RUN_WATCHDOG_HOMEASSISTANT = 15
+RUN_CLEANUP_API_SESSIONS = 900
 
 RESTART_EXIT_CODE = 100
 
@@ -27,6 +26,14 @@ FILE_HASSIO_CONFIG = Path(HASSIO_SHARE, "config.json")
 SOCKET_DOCKER = Path("/var/run/docker.sock")
 SOCKET_HC = Path("/var/run/hassio-hc.sock")
 
+LABEL_VERSION = 'io.hass.version'
+LABEL_ARCH = 'io.hass.arch'
+LABEL_TYPE = 'io.hass.type'
+
+META_ADDON = 'addon'
+META_SUPERVISOR = 'supervisor'
+META_HOMEASSISTANT = 'homeassistant'
+
 JSON_RESULT = 'result'
 JSON_DATA = 'data'
 JSON_MESSAGE = 'message'
@@ -62,6 +69,12 @@ ATTR_REPOSITORY = 'repository'
 ATTR_REPOSITORIES = 'repositories'
 ATTR_URL = 'url'
 ATTR_MAINTAINER = 'maintainer'
+ATTR_PASSWORD = 'password'
+ATTR_TOTP = 'totp'
+ATTR_INITIALIZE = 'initialize'
+ATTR_SESSION = 'session'
+ATTR_LOCATON = 'location'
+ATTR_BUILD = 'build'
 
 STARTUP_BEFORE = 'before'
 STARTUP_AFTER = 'after'

hassio/core.py

@@ -11,12 +11,14 @@ from .api import RestAPI
 from .host_control import HostControl
 from .const import (
     SOCKET_DOCKER, RUN_UPDATE_INFO_TASKS, RUN_RELOAD_ADDONS_TASKS,
-    RUN_UPDATE_SUPERVISOR_TASKS, RUN_WATCHDOG_HOMEASSISTANT, STARTUP_AFTER,
-    STARTUP_BEFORE)
+    RUN_UPDATE_SUPERVISOR_TASKS, RUN_WATCHDOG_HOMEASSISTANT,
+    RUN_CLEANUP_API_SESSIONS, STARTUP_AFTER, STARTUP_BEFORE)
 from .scheduler import Scheduler
 from .dock.homeassistant import DockerHomeAssistant
 from .dock.supervisor import DockerSupervisor
-from .tasks import hassio_update, homeassistant_watchdog, homeassistant_setup
+from .tasks import (
+    hassio_update, homeassistant_watchdog, homeassistant_setup,
+    api_sessions_cleanup)
 from .tools import get_arch_from_image, get_local_ip
 
 _LOGGER = logging.getLogger(__name__)
@@ -71,6 +73,13 @@ class HassIO(object):
             self.supervisor, self.addons, self.host_control)
         self.api.register_homeassistant(self.homeassistant)
         self.api.register_addons(self.addons)
+        self.api.register_security()
+        self.api.register_panel()
+
+        # schedule api session cleanup
+        self.scheduler.register_task(
+            api_sessions_cleanup(self.config), RUN_CLEANUP_API_SESSIONS,
+            now=True)
 
         # schedule update info tasks
         self.scheduler.register_task(
@@ -102,24 +111,26 @@ class HassIO(object):
         await self.api.start()
         _LOGGER.info("Start hassio api on %s", self.config.api_endpoint)
 
-        # HomeAssistant is already running / supervisor have only reboot
-        if await self.homeassistant.is_running():
-            _LOGGER.info("HassIO reboot detected")
-            return
+        try:
+            # HomeAssistant is already running / supervisor have only reboot
+            if await self.homeassistant.is_running():
+                _LOGGER.info("HassIO reboot detected")
+                return
 
-        # start addon mark as before
-        await self.addons.auto_boot(STARTUP_BEFORE)
+            # start addon mark as before
+            await self.addons.auto_boot(STARTUP_BEFORE)
 
-        # run HomeAssistant
-        await self.homeassistant.run()
+            # run HomeAssistant
+            await self.homeassistant.run()
 
-        # schedule homeassistant watchdog
-        self.scheduler.register_task(
-            homeassistant_watchdog(self.loop, self.homeassistant),
-            RUN_WATCHDOG_HOMEASSISTANT)
+            # start addon mark as after
+            await self.addons.auto_boot(STARTUP_AFTER)
 
-        # start addon mark as after
-        await self.addons.auto_boot(STARTUP_AFTER)
+        finally:
+            # schedule homeassistant watchdog
+            self.scheduler.register_task(
+                homeassistant_watchdog(self.loop, self.homeassistant),
+                RUN_WATCHDOG_HOMEASSISTANT)
 
     async def stop(self, exit_code=0):
         """Stop a running orchestration."""

hassio/dock/__init__.py

@@ -5,6 +5,7 @@ import logging
 
 import docker
 
+from ..const import LABEL_VERSION
 from ..tools import get_version_from_env
 
 _LOGGER = logging.getLogger(__name__)
@@ -33,6 +34,19 @@ class DockerBase(object):
         """Return True if a task is in progress."""
         return self._lock.locked()
 
+    def process_metadata(self, metadata=None, force=False):
+        """Read metadata and set it to object."""
+        if not force and self.version:
+            return
+
+        # read metadata
+        metadata = metadata or self.container.attrs
+        if LABEL_VERSION in metadata['Config']['Labels']:
+            self.version = metadata['Config']['Labels'][LABEL_VERSION]
+        else:
+            # dedicated
+            self.version = get_version_from_env(metadata['Config']['Env'])
+
     async def install(self, tag):
         """Pull docker image."""
         if self._lock.locked():
@@ -52,12 +66,12 @@ class DockerBase(object):
             image = self.dock.images.pull("{}:{}".format(self.image, tag))
 
             image.tag(self.image, tag='latest')
-            self.version = get_version_from_env(image.attrs['Config']['Env'])
-            _LOGGER.info("Tag image %s with version %s as latest",
-                         self.image, self.version)
+            self.process_metadata(metadata=image.attrs, force=True)
         except docker.errors.APIError as err:
             _LOGGER.error("Can't install %s:%s -> %s.", self.image, tag, err)
             return False
+
+        _LOGGER.info("Tag image %s with version %s as latest", self.image, tag)
         return True
 
     def exists(self):
@@ -74,7 +88,7 @@ class DockerBase(object):
         """
         try:
             image = self.dock.images.get(self.image)
-            self.version = get_version_from_env(image.attrs['Config']['Env'])
+            self.process_metadata(metadata=image.attrs)
         except docker.errors.DockerException:
             return False
 
@@ -95,8 +109,7 @@ class DockerBase(object):
         if not self.container:
             try:
                 self.container = self.dock.containers.get(self.docker_name)
-                self.version = get_version_from_env(
-                    self.container.attrs['Config']['Env'])
+                self.process_metadata()
             except docker.errors.DockerException:
                 return False
         else:
@@ -121,8 +134,7 @@ class DockerBase(object):
         try:
             self.container = self.dock.containers.get(self.docker_name)
             self.image = self.container.attrs['Config']['Image']
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
+            self.process_metadata()
             _LOGGER.info("Attach to image %s with version %s",
                          self.image, self.version)
         except (docker.errors.DockerException, KeyError):
@@ -199,12 +211,14 @@ class DockerBase(object):
                      self.image, self.version)
 
         try:
-            self.dock.images.remove(
-                image="{}:latest".format(self.image), force=True)
-            self.dock.images.remove(
-                image="{}:{}".format(self.image, self.version), force=True)
-        except docker.errors.ImageNotFound:
-            return True
+            with suppress(docker.errors.ImageNotFound):
+                self.dock.images.remove(
+                    image="{}:latest".format(self.image), force=True)
+
+            with suppress(docker.errors.ImageNotFound):
+                self.dock.images.remove(
+                    image="{}:{}".format(self.image, self.version), force=True)
+
         except docker.errors.DockerException as err:
             _LOGGER.warning("Can't remove image %s -> %s", self.image, err)
             return False

hassio/dock/addon.py

@@ -1,15 +1,16 @@
 """Init file for HassIO addon docker object."""
 import logging
+from pathlib import Path
+import shutil
 
 import docker
 
 from . import DockerBase
-from ..tools import get_version_from_env
+from .util import dockerfile_template
+from ..const import META_ADDON
 
 _LOGGER = logging.getLogger(__name__)
 
-HASS_DOCKER_NAME = 'homeassistant'
-
 
 class DockerAddon(DockerBase):
     """Docker hassio wrapper for HomeAssistant."""
@@ -30,31 +31,31 @@ class DockerAddon(DockerBase):
     def volumes(self):
         """Generate volumes for mappings."""
         volumes = {
-            self.addons_data.path_extern_data(self.addon): {
+            str(self.addons_data.path_extern_data(self.addon)): {
                 'bind': '/data', 'mode': 'rw'
             }}
 
         if self.addons_data.map_config(self.addon):
             volumes.update({
-                self.config.path_extern_config: {
+                str(self.config.path_extern_config): {
                     'bind': '/config', 'mode': 'rw'
                 }})
 
         if self.addons_data.map_ssl(self.addon):
             volumes.update({
-                self.config.path_extern_ssl: {
+                str(self.config.path_extern_ssl): {
                     'bind': '/ssl', 'mode': 'rw'
                 }})
 
         if self.addons_data.map_addons(self.addon):
             volumes.update({
-                self.config.path_extern_addons_local: {
+                str(self.config.path_extern_addons_local): {
                     'bind': '/addons', 'mode': 'rw'
                 }})
 
         if self.addons_data.map_backup(self.addon):
             volumes.update({
-                self.config.path_extern_backup: {
+                str(self.config.path_extern_backup): {
                     'bind': '/backup', 'mode': 'rw'
                 }})
 
@@ -81,9 +82,7 @@ class DockerAddon(DockerBase):
                 volumes=self.volumes,
             )
 
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
-
+            self.process_metadata()
             _LOGGER.info("Start docker addon %s with version %s",
                          self.image, self.version)
 
@@ -98,11 +97,87 @@ class DockerAddon(DockerBase):
 
         Need run inside executor.
         """
+        # read container
         try:
             self.container = self.dock.containers.get(self.docker_name)
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
+            self.process_metadata()
+
+            _LOGGER.info("Attach to container %s with version %s",
+                         self.image, self.version)
+            return
+        except (docker.errors.DockerException, KeyError):
+            pass
+
+        # read image
+        try:
+            image = self.dock.images.get(self.image)
+            self.process_metadata(metadata=image.attrs)
+
             _LOGGER.info("Attach to image %s with version %s",
                          self.image, self.version)
         except (docker.errors.DockerException, KeyError):
-            pass
+            _LOGGER.error("No container/image found for %s", self.image)
+
+    def _install(self, tag):
+        """Pull docker image or build it.
+
+        Need run inside executor.
+        """
+        if self.addons_data.need_build(self.addon):
+            return self._build(tag)
+
+        return super()._install(tag)
+
+    async def build(self, tag):
+        """Build a docker container."""
+        if self._lock.locked():
+            _LOGGER.error("Can't excute build while a task is in progress")
+            return False
+
+        async with self._lock:
+            return await self.loop.run_in_executor(None, self._build, tag)
+
+    def _build(self, tag):
+        """Build a docker container.
+
+        Need run inside executor.
+        """
+        build_dir = Path(self.config.path_addons_build, self.addon)
+        try:
+            # prepare temporary addon build folder
+            try:
+                source = self.addons_data.path_addon_location(self.addon)
+                shutil.copytree(str(source), str(build_dir))
+            except shutil.Error as err:
+                _LOGGER.error("Can't copy %s to temporary build folder -> %s",
+                              source, build_dir)
+                return False
+
+            # prepare Dockerfile
+            try:
+                dockerfile_template(
+                    Path(build_dir, 'Dockerfile'), self.addons_data.arch,
+                    tag, META_ADDON)
+            except OSError as err:
+                _LOGGER.error("Can't prepare dockerfile -> %s", err)
+
+            # run docker build
+            try:
+                build_tag = "{}:{}".format(self.image, tag)
+
+                _LOGGER.info("Start build %s on %s", build_tag, build_dir)
+                image = self.dock.images.build(
+                    path=str(build_dir), tag=build_tag, pull=True)
+
+                image.tag(self.image, tag='latest')
+                self.process_metadata(metadata=image.attrs, force=True)
+
+            except (docker.errors.DockerException, TypeError) as err:
+                _LOGGER.error("Can't build %s -> %s", build_tag, err)
+                return False
+
+            _LOGGER.info("Build %s done", build_tag)
+            return True
+
+        finally:
+            shutil.rmtree(str(build_dir), ignore_errors=True)

hassio/dock/homeassistant.py

@@ -4,7 +4,6 @@ import logging
 import docker
 
 from . import DockerBase
-from ..tools import get_version_from_env
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -45,14 +44,13 @@ class DockerHomeAssistant(DockerBase):
                     'HASSIO': self.config.api_endpoint,
                 },
                 volumes={
-                    self.config.path_extern_config:
+                    str(self.config.path_extern_config):
                         {'bind': '/config', 'mode': 'rw'},
-                    self.config.path_extern_ssl:
+                    str(self.config.path_extern_ssl):
                         {'bind': '/ssl', 'mode': 'rw'},
                 })
 
-            self.version = get_version_from_env(
-                self.container.attrs['Config']['Env'])
+            self.process_metadata()
 
             _LOGGER.info("Start docker addon %s with version %s",
                          self.image, self.version)

hassio/dock/util.py

@@ -0,0 +1,40 @@
+"""HassIO docker utilitys."""
+import re
+
+from ..const import ARCH_AARCH64, ARCH_ARMHF, ARCH_I386, ARCH_AMD64
+
+
+RESIN_BASE_IMAGE = {
+    ARCH_ARMHF: "resin/armhf-alpine:3.5",
+    ARCH_AARCH64: "resin/aarch64-alpine:3.5",
+    ARCH_I386: "resin/i386-alpine:3.5",
+    ARCH_AMD64: "resin/amd64-alpine:3.5",
+}
+
+TMPL_IMAGE = re.compile(r"%%BASE_IMAGE%%")
+
+
+def dockerfile_template(dockerfile, arch, version, meta_type):
+    """Prepare a Hass.IO dockerfile."""
+    buff = []
+    resin_image = RESIN_BASE_IMAGE[arch]
+
+    # read docker
+    with dockerfile.open('r') as dock_input:
+        for line in dock_input:
+            line = TMPL_IMAGE.sub(resin_image, line)
+            buff.append(line)
+
+    # add metadata
+    buff.append(create_metadata(version, arch, meta_type))
+
+    # write docker
+    with dockerfile.open('w') as dock_output:
+        dock_output.writelines(buff)
+
+
+def create_metadata(version, arch, meta_type):
+    """Generate docker label layer for hassio."""
+    return ('LABEL io.hass.version="{}" '
+            'io.hass.arch="{}" '
+            'io.hass.type="{}"').format(version, arch, meta_type)

hassio/tasks.py

@@ -1,10 +1,23 @@
 """Multible tasks."""
 import asyncio
+from datetime import datetime
 import logging
 
 _LOGGER = logging.getLogger(__name__)
 
 
+def api_sessions_cleanup(config):
+    """Create scheduler task for cleanup api sessions."""
+    async def _api_sessions_cleanup():
+        """Cleanup old api sessions."""
+        now = datetime.now()
+        for session, until_valid in config.security_sessions.items():
+            if now >= until_valid:
+                config.security_sessions = (session, None)
+
+    return _api_sessions_cleanup
+
+
 def hassio_update(config, supervisor):
     """Create scheduler task for update of supervisor hassio."""
     async def _hassio_update():

misc/security.xml

@@ -0,0 +1 @@
+<mxfile userAgent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:53.0) Gecko/20100101 Firefox/53.0" version="6.5.8" editor="www.draw.io" type="device"><diagram name="Page-1">5Vxdd5s4EP01fmwOkgCbx9hp2j7sNrvpnnYfiVFsTjDyghwn++tXGMmAxileEB9O+9BjBhjM3GHmzjXKhCw2L58Sf7v+jQU0mmAreJmQmwnGU4eI/zPDa24gyM0NqyQMchMqDPfhv1QaLWndhQFNKwdyxiIebqvGJYtjuuQVm58kbF897JFF1atu/RUFhvulH0Hr9zDg69w6w25h/0zD1VpdGblevufBXz6tEraL5fUmmDwe/uW7N77yJW80XfsB25dM5OOELBLGeP5p87KgURZaFbb8vNs39h6/d0Jjfs4JOD/h2Y928tZvwyTlwnTP/YTLL8lfVWA4fRF+52u+iYQBiY8pT9gTXbCIJcISs1gcOX8Mo0gz+VG4isXmUnwzKuzzZ5rwUIT8Wu7YhEGQXWa+X4ec3m/9ZXbNvcivzCGL+b38Go7aztMGeWIb3rcMRXYV+lIyyTh8omxDefIqDpF7ySw/Q6asKxHaF/gjS9rWJewVkr5MudXRcRF28UFG/jQKBKDwVypipAe/FPUtC2N+uKIznzg3mYUmobhwFtoblvA1W7HYj+4KawcxQhgGyT0Vo5mBINkgSJ/9NB1hkDAiw0XJAVFaiyhdffk6wkDZ7oCBckGg2JbGh1uKs2b2drT0wvXAOGcbsYPGwXXWfDJbxJZPP4uSqK4ryiuZTYNKU4JhK4VFRSChkc/D52rbOhUW6e0uQ7pAwNOeZ1sLbMp2yZLKk8ptRPMjoNMc4aqj/HaBowNIxzs8C7cpwE2ckdLlLgm5uNPbMH5kvaLnDIYenmrPj9sQPuLUODIH3wzCNxVxFtdz/9llrGcexiEvtibkOiNwfpTS7KjpTVtsD085mQd+uqaBPE/slmRilm29hPyH+PzBurIcuf232LauCFH7S5XwxvpZpuQQVDKlyaPfMlNsy60AjK2mmYJrHJnLFA9kip8+ZfsP+WHdfe8+E856/kk/EOqsApOGECJS48gchGqcK2GYUm4Sw8vss7hpoT5GVDlyvM6wg6NhtdGyLQ9ZLAi4G2WF+kHMK+7qULK1gr4VBHTPkkAv6nrJt7b70iFGir1Kj/K4iC6vsWPPUGMHjgzmCxxiq/mS0jQVCfNGvvyvZOk1VxQdQFcWmlbowNRtRQfsMacc0XWNpikHHL2RcgIG/7V0mJxJWyYlFA306lSk5Rv5Jg94oq+mM66egDSqW31xSm16J9OmGTOrcWSwSEF5xMi43xGSA1FL0rTd6NQSODKIJNRvfmfJxodQvmPJGlfZoN2nZo2gEHMZorWDYJQ6UxkR1DsuRLXuN0xw2L8c2brXSGE4Ug+mW6vkHn6gdpqKIbpw7RDcVcc6JtpolGv11I1g3HAcQ+MGcGQQwBOKyBnaNU/E0XhROY4zvn2fGrfKqUZ1wrDK7TSWTXCNI4NJBWWTXOYejb6tiF7fU4jbVIHQpxDgyCB6UF/IZ4Xete3x9GK3aSnXxW3X7kzcPvHrfzdi5SAypVuVKV3itqros1EzhykyxByAoz6FylOvNbx7obI3XqANbNPG70nMahwZrFBQOBizUjkUSZjqM3VTkgAcGYQSihuXoZR5fQobBAobF6KU9RsmqCJcjlLWb6TguD6YUqaSe3h27plSyrzulDJS9ypB70qZeupGwHc9U0oZcGQQwPqf3dsoZflxFy6UkTZlwrBQ5pkSyoAjgzkFf7ovhLLbb1+/3XWfDGfVCnzubGyYCiPLlGAGPRmEESovZcXMCJAX2pqRZUo5Q1Z30hmpW4DRjXSWdYVDLzgcNcu64gVqaSrZRsotEDIlpkFPfapppH6VyftT03ojD/qqvebLjmZ1ngyWLSjCjFlPG4xEIFOCGvRkDky1TPHEy3+iSooiia2TPOLXeRVw5kqeVWoauKtXAW2oSY1U4LQ1noQ9G4SpuwXsGIRptAqnM2ScoPwzZolz0FBBouMvRTvwOT3WQJ2GywJZEHAzHLrgzIpB54wZ2a0Ys32iOaoHaQDGfHyd+rjQXWld7ZfMqwbaQb+E5Kc6s0mVzeDANsR6LNIy1fCJVDt3CUYXw5lWWWyvYaoRp85Tn8OZA8nbH39+WLCAts2YrtZTnVtuWg9Wem1pysXJTAPcsc8DvAmckPyNHM5z9ZbWo5UOgtvw+UWkzpNBOCFJ/ZKvzv7lJiqtPx8LV3l1lXpNp+VIJTaLv/mWo1b8XT3y8T8=</diagram></mxfile>

setup.py

@@ -38,5 +38,7 @@ setup(
         'colorlog',
         'voluptuous',
         'gitpython',
+        'pyotp',
+        'pyqrcode'
     ]
 )

version.json

@@ -1,5 +1,5 @@
 {
-    "hassio": "0.23",
+    "hassio": "0.27",
     "homeassistant": "0.44.2",
     "resinos": "0.7",
     "resinhup": "0.1",