Fix version conflicts

* Allow to use branch on repositories

* Fix argument extraction

* fix lint

.github/move.yml

@@ -0,0 +1,13 @@
+# Configuration for move-issues - https://github.com/dessant/move-issues
+
+# Delete the command comment. Ignored when the comment also contains other content
+deleteCommand: true
+# Close the source issue after moving
+closeSourceIssue: true
+# Lock the source issue after moving
+lockSourceIssue: false
+# Set custom aliases for targets
+# aliases:
+#   r: repo
+#   or: owner/repo
+

API.md

@@ -113,7 +113,8 @@ Output is the raw docker log.
             "slug": "SLUG",
             "date": "ISO",
             "name": "Custom name",
-            "type": "full|partial"
+            "type": "full|partial",
+            "protected": "bool"
         }
     ]
 }
@@ -121,11 +122,28 @@ Output is the raw docker log.
 
 - POST `/snapshots/reload`
 
+- POST `/snapshots/new/upload`
+
+return:
+```json
+{
+    "slug": ""
+}
+```
+
 - POST `/snapshots/new/full`
 
 ```json
 {
-    "name": "Optional"
+    "name": "Optional",
+    "password": "Optional"
+}
+```
+
+return:
+```json
+{
+    "slug": ""
 }
 ```
 
@@ -135,7 +153,15 @@ Output is the raw docker log.
 {
     "name": "Optional",
     "addons": ["ADDON_SLUG"],
-    "folders": ["FOLDER_NAME"]
+    "folders": ["FOLDER_NAME"],
+    "password": "Optional"
+}
+```
+
+return:
+```json
+{
+    "slug": ""
 }
 ```
 
@@ -150,12 +176,14 @@ Output is the raw docker log.
     "name": "custom snapshot name / description",
     "date": "ISO",
     "size": "SIZE_IN_MB",
+    "protected": "bool",
     "homeassistant": "version",
     "addons": [
         {
             "slug": "ADDON_SLUG",
             "name": "NAME",
-            "version": "INSTALLED_VERSION"
+            "version": "INSTALLED_VERSION",
+            "size": "SIZE_IN_MB"
         }
     ],
     "repositories": ["URL"],
@@ -164,14 +192,25 @@ Output is the raw docker log.
 ```
 
 - POST `/snapshots/{slug}/remove`
+
+- GET `/snapshots/{slug}/download`
+
 - POST `/snapshots/{slug}/restore/full`
+
+```json
+{
+    "password": "Optional"
+}
+```
+
 - POST `/snapshots/{slug}/restore/partial`
 
 ```json
 {
     "homeassistant": "bool",
     "addons": ["ADDON_SLUG"],
-    "folders": ["FOLDER_NAME"]
+    "folders": ["FOLDER_NAME"],
+    "password": "Optional"
 }
 ```
 
@@ -268,7 +307,8 @@ Optional:
     "boot": "bool",
     "port": 8123,
     "ssl": "bool",
-    "watchdog": "bool"
+    "watchdog": "bool",
+    "startup_time": 600
 }
 ```
 
@@ -300,7 +340,8 @@ Output is the raw Docker log.
     "port": "port for access hass",
     "ssl": "bool",
     "password": "",
-    "watchdog": "bool"
+    "watchdog": "bool",
+    "startup_time": 600
 }
 ```
 
@@ -398,7 +439,9 @@ Get all available addons.
     "gpio": "bool",
     "audio": "bool",
     "audio_input": "null|0,0",
-    "audio_output": "null|0,0"
+    "audio_output": "null|0,0",
+    "services": "null|['mqtt']",
+    "discovery": "null|['component/platform']"
 }
 ```
 
@@ -462,6 +505,104 @@ Write data to add-on stdin
 }
 ```
 
+### Service discovery
+
+- GET `/services/discovery`
+```json
+{
+    "discovery": [
+        {
+            "provider": "name",
+            "uuid": "uuid",
+            "component": "component",
+            "platform": "null|platform",
+            "config": {}
+        }
+    ]
+}
+```
+
+- GET `/services/discovery/{UUID}`
+```json
+{
+    "provider": "name",
+    "uuid": "uuid",
+    "component": "component",
+    "platform": "null|platform",
+    "config": {}
+}
+```
+
+- POST `/services/discovery`
+```json
+{
+    "component": "component",
+    "platform": "null|platform",
+    "config": {}
+}
+```
+
+return:
+```json
+{
+    "uuid": "uuid"
+}
+```
+
+- DEL `/services/discovery/{UUID}`
+
+- GET `/services`
+```json
+{
+    "services": [
+        {
+            "slug": "name",
+            "available": "bool",
+            "provider": "null|name|list"
+        }
+    ]
+}
+```
+
+- GET `/services/xy`
+```json
+{
+    "available": "bool",
+    "xy": {}
+}
+```
+
+#### MQTT
+
+This service perform a auto discovery to Home-Assistant.
+
+- GET `/services/mqtt`
+```json
+{
+    "provider": "name",
+    "host": "xy",
+    "port": "8883",
+    "ssl": "bool",
+    "username": "optional",
+    "password": "optional",
+    "protocol": "3.1.1"
+}
+```
+
+- POST `/services/mqtt`
+```json
+{
+    "host": "xy",
+    "port": "8883",
+    "ssl": "bool|optional",
+    "username": "optional",
+    "password": "optional",
+    "protocol": "3.1.1"
+}
+```
+
+- DEL `/services/mqtt`
+
 ## Host Control
 
 Communicate over UNIX socket with a host daemon.

Dockerfile

@@ -15,8 +15,9 @@ RUN apk add --no-cache \
         python3-dev \
         g++ \
     && pip3 install --no-cache-dir \
-        uvloop \
-        cchardet \
+        uvloop==0.9.1 \
+        cchardet==2.1.1 \
+        pycryptodome==3.4.11 \
     && apk del .build-dependencies
 
 # Install HassIO

hassio/addons/__init__.py

@@ -4,7 +4,7 @@ import logging
 
 from .addon import Addon
 from .repository import Repository
-from .data import Data
+from .data import AddonsData
 from ..const import REPOSITORY_CORE, REPOSITORY_LOCAL, BOOT_AUTO
 from ..coresys import CoreSysAttributes
 
@@ -19,7 +19,7 @@ class AddonManager(CoreSysAttributes):
     def __init__(self, coresys):
         """Initialize docker base wrapper."""
         self.coresys = coresys
-        self.data = Data(coresys)
+        self.data = AddonsData(coresys)
         self.addons_obj = {}
         self.repositories_obj = {}
 
@@ -28,15 +28,28 @@ class AddonManager(CoreSysAttributes):
         """Return a list of all addons."""
         return list(self.addons_obj.values())
 
+    @property
+    def list_installed(self):
+        """Return a list of installed addons."""
+        return [addon for addon in self.addons_obj.values()
+                if addon.is_installed]
+
     @property
     def list_repositories(self):
         """Return list of addon repositories."""
         return list(self.repositories_obj.values())
 
     def get(self, addon_slug):
-        """Return a adddon from slug."""
+        """Return a add-on from slug."""
         return self.addons_obj.get(addon_slug)
 
+    def from_uuid(self, uuid):
+        """Return a add-on from uuid."""
+        for addon in self.list_addons:
+            if addon.is_installed and uuid == addon.uuid:
+                return addon
+        return None
+
     async def load(self):
         """Startup addon management."""
         self.data.reload()

hassio/addons/addon.py

@@ -12,7 +12,7 @@ import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
 from .validate import (
-    validate_options, SCHEMA_ADDON_SNAPSHOT, RE_VOLUME)
+    validate_options, SCHEMA_ADDON_SNAPSHOT, RE_VOLUME, RE_SERVICE)
 from .utils import check_installed
 from ..const import (
     ATTR_NAME, ATTR_VERSION, ATTR_SLUG, ATTR_DESCRIPTON, ATTR_BOOT, ATTR_MAP,
@@ -23,7 +23,7 @@ from ..const import (
     ATTR_STATE, ATTR_TIMEOUT, ATTR_AUTO_UPDATE, ATTR_NETWORK, ATTR_WEBUI,
     ATTR_HASSIO_API, ATTR_AUDIO, ATTR_AUDIO_OUTPUT, ATTR_AUDIO_INPUT,
     ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY, ATTR_HOST_IPC,
-    ATTR_HOST_DBUS, ATTR_AUTO_UART)
+    ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_DISCOVERY, ATTR_SERVICES)
 from ..coresys import CoreSysAttributes
 from ..docker.addon import DockerAddon
 from ..utils.json import write_json_file, read_json_file
@@ -201,6 +201,26 @@ class Addon(CoreSysAttributes):
         """Return startup type of addon."""
         return self._mesh.get(ATTR_STARTUP)
 
+    @property
+    def services(self):
+        """Return dict of services with rights."""
+        raw_services = self._mesh.get(ATTR_SERVICES)
+        if not raw_services:
+            return None
+
+        formated_services = {}
+        for data in raw_services:
+            service = RE_SERVICE.match(data)
+            formated_services[service.group('service')] = \
+                service.group('rights') or 'ro'
+
+        return formated_services
+
+    @property
+    def discovery(self):
+        """Return list of discoverable components/platforms."""
+        return self._mesh.get(ATTR_DISCOVERY)
+
     @property
     def ports(self):
         """Return ports of addon."""
@@ -561,12 +581,12 @@ class Addon(CoreSysAttributes):
         return STATE_STOPPED
 
     @check_installed
-    def start(self):
-        """Set options and start addon.
+    async def start(self):
+        """Set options and start addon."""
+        if not self.write_options():
+            return False
 
-        Return a coroutine.
-        """
-        return self.instance.run()
+        return await self.instance.run()
 
     @check_installed
     def stop(self):
@@ -591,16 +611,14 @@ class Addon(CoreSysAttributes):
 
         # restore state
         if last_state == STATE_STARTED:
-            await self.instance.run()
+            await self.start()
         return True
 
     @check_installed
-    def restart(self):
-        """Restart addon.
-
-        Return a coroutine.
-        """
-        return self.instance.restart()
+    async def restart(self):
+        """Restart addon."""
+        await self.stop()
+        return await self.start()
 
     @check_installed
     def logs(self):
@@ -636,7 +654,7 @@ class Addon(CoreSysAttributes):
 
         # restore state
         if last_state == STATE_STARTED:
-            await self.instance.run()
+            await self.start()
         return True
 
     @check_installed
@@ -675,16 +693,15 @@ class Addon(CoreSysAttributes):
                 return False
 
             # write into tarfile
-            def _create_tar():
+            def _write_tarfile():
                 """Write tar inside loop."""
-                with tarfile.open(tar_file, "w:gz",
-                                  compresslevel=1) as snapshot:
+                with tar_file as snapshot:
                     snapshot.add(temp, arcname=".")
                     snapshot.add(self.path_data, arcname="data")
 
             try:
                 _LOGGER.info("Build snapshot for addon %s", self._id)
-                await self._loop.run_in_executor(None, _create_tar)
+                await self._loop.run_in_executor(None, _write_tarfile)
             except (tarfile.TarError, OSError) as err:
                 _LOGGER.error("Can't write tarfile %s: %s", tar_file, err)
                 return False
@@ -696,13 +713,13 @@ class Addon(CoreSysAttributes):
         """Restore a state of a addon."""
         with TemporaryDirectory(dir=str(self._config.path_tmp)) as temp:
             # extract snapshot
-            def _extract_tar():
+            def _extract_tarfile():
                 """Extract tar snapshot."""
-                with tarfile.open(tar_file, "r:gz") as snapshot:
+                with tar_file as snapshot:
                     snapshot.extractall(path=Path(temp))
 
             try:
-                await self._loop.run_in_executor(None, _extract_tar)
+                await self._loop.run_in_executor(None, _extract_tarfile)
             except tarfile.TarError as err:
                 _LOGGER.error("Can't read tarfile %s: %s", tar_file, err)
                 return False

hassio/addons/built-in.json

@@ -1,12 +1,12 @@
 {
     "local": {
-        "name": "Local Add-Ons",
+        "name": "Local add-ons",
         "url": "https://home-assistant.io/hassio",
         "maintainer": "you"
     },
     "core": {
-        "name": "Built-in Add-Ons",
+        "name": "Official add-ons",
         "url": "https://home-assistant.io/addons",
-        "maintainer": "Home Assistant authors"
+        "maintainer": "Home Assistant"
     }
 }

hassio/addons/data.py

@@ -9,7 +9,7 @@ from voluptuous.humanize import humanize_error
 
 from .utils import extract_hash_from_path
 from .validate import (
-    SCHEMA_ADDON_CONFIG, SCHEMA_ADDON_FILE, SCHEMA_REPOSITORY_CONFIG)
+    SCHEMA_ADDON_CONFIG, SCHEMA_ADDONS_FILE, SCHEMA_REPOSITORY_CONFIG)
 from ..const import (
     FILE_HASSIO_ADDONS, ATTR_VERSION, ATTR_SLUG, ATTR_REPOSITORY, ATTR_LOCATON,
     REPOSITORY_CORE, REPOSITORY_LOCAL, ATTR_USER, ATTR_SYSTEM)
@@ -19,12 +19,12 @@ from ..utils.json import JsonConfig, read_json_file
 _LOGGER = logging.getLogger(__name__)
 
 
-class Data(JsonConfig, CoreSysAttributes):
+class AddonsData(JsonConfig, CoreSysAttributes):
     """Hold data for addons inside HassIO."""
 
     def __init__(self, coresys):
         """Initialize data holder."""
-        super().__init__(FILE_HASSIO_ADDONS, SCHEMA_ADDON_FILE)
+        super().__init__(FILE_HASSIO_ADDONS, SCHEMA_ADDONS_FILE)
         self.coresys = coresys
         self._repositories = {}
         self._cache = {}

hassio/addons/git.py

@@ -8,8 +8,9 @@ import shutil
 import git
 
 from .utils import get_hash_from_repository
-from ..const import URL_HASSIO_ADDONS
+from ..const import URL_HASSIO_ADDONS, ATTR_URL, ATTR_BRANCH
 from ..coresys import CoreSysAttributes
+from ..validate import RE_REPOSITORY
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -22,9 +23,20 @@ class GitRepo(CoreSysAttributes):
         self.coresys = coresys
         self.repo = None
         self.path = path
-        self.url = url
         self.lock = asyncio.Lock(loop=coresys.loop)
 
+        self._data = RE_REPOSITORY.match(url).groupdict()
+
+    @property
+    def url(self):
+        """Return repository URL."""
+        return self._data[ATTR_URL]
+
+    @property
+    def branch(self):
+        """Return repository branch."""
+        return self._data[ATTR_BRANCH]
+
     async def load(self):
         """Init git addon repo."""
         if not self.path.is_dir():
@@ -46,12 +58,20 @@ class GitRepo(CoreSysAttributes):
     async def clone(self):
         """Clone git addon repo."""
         async with self.lock:
+            git_args = {
+                attribute: value
+                for attribute, value in (
+                    ('recursive', True),
+                    ('branch', self.branch)
+                ) if value is not None
+            }
+
             try:
                 _LOGGER.info("Clone addon %s repository", self.url)
-                self.repo = await self._loop.run_in_executor(
-                    None, ft.partial(
-                        git.Repo.clone_from, self.url, str(self.path),
-                        recursive=True))
+                self.repo = await self._loop.run_in_executor(None, ft.partial(
+                    git.Repo.clone_from, self.url, str(self.path),
+                    **git_args
+                ))
 
             except (git.InvalidGitRepositoryError, git.NoSuchPathError,
                     git.GitCommandError) as err:

hassio/addons/validate.py

@@ -17,13 +17,15 @@ from ..const import (
     ATTR_AUTO_UPDATE, ATTR_WEBUI, ATTR_AUDIO, ATTR_AUDIO_INPUT, ATTR_HOST_IPC,
     ATTR_AUDIO_OUTPUT, ATTR_HASSIO_API, ATTR_BUILD_FROM, ATTR_SQUASH,
     ATTR_ARGS, ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY,
-    ATTR_HOST_DBUS, ATTR_AUTO_UART)
+    ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_SERVICES, ATTR_DISCOVERY)
 from ..validate import NETWORK_PORT, DOCKER_PORTS, ALSA_CHANNEL
 
 _LOGGER = logging.getLogger(__name__)
 
 
 RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share)(?::(rw|:ro))?$")
+RE_SERVICE = re.compile(r"^(?P<service>mqtt)(?::(?P<rights>rw|:ro))?$")
+RE_DISCOVERY = re.compile(r"^(?P<component>\w*)(?:/(?P<platform>\w*>))?$")
 
 V_STR = 'str'
 V_INT = 'int'
@@ -110,6 +112,8 @@ SCHEMA_ADDON_CONFIG = vol.Schema({
     vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
     vol.Optional(ATTR_STDIN, default=False): vol.Boolean(),
     vol.Optional(ATTR_LEGACY, default=False): vol.Boolean(),
+    vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
+    vol.Optional(ATTR_DISCOVERY): [vol.Match(RE_DISCOVERY)],
     vol.Required(ATTR_OPTIONS): dict,
     vol.Required(ATTR_SCHEMA): vol.Any(vol.Schema({
         vol.Coerce(str): vol.Any(SCHEMA_ELEMENT, [
@@ -168,7 +172,7 @@ SCHEMA_ADDON_SYSTEM = SCHEMA_ADDON_CONFIG.extend({
 })
 
 
-SCHEMA_ADDON_FILE = vol.Schema({
+SCHEMA_ADDONS_FILE = vol.Schema({
     vol.Optional(ATTR_USER, default=dict): {
         vol.Coerce(str): SCHEMA_ADDON_USER,
     },

hassio/api/__init__.py

@@ -5,12 +5,15 @@ from pathlib import Path
 from aiohttp import web
 
 from .addons import APIAddons
+from .discovery import APIDiscovery
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
 from .network import APINetwork
 from .proxy import APIProxy
 from .supervisor import APISupervisor
 from .snapshots import APISnapshots
+from .services import APIServices
+from .security import security_layer
 from ..coresys import CoreSysAttributes
 
 _LOGGER = logging.getLogger(__name__)
@@ -22,12 +25,16 @@ class RestAPI(CoreSysAttributes):
     def __init__(self, coresys):
         """Initialize docker base wrapper."""
         self.coresys = coresys
-        self.webapp = web.Application(loop=self._loop)
+        self.webapp = web.Application(
+            middlewares=[security_layer], loop=self._loop)
 
         # service stuff
         self._handler = None
         self.server = None
 
+        # middleware
+        self.webapp['coresys'] = coresys
+
     async def load(self):
         """Register REST API Calls."""
         self._register_supervisor()
@@ -38,6 +45,8 @@ class RestAPI(CoreSysAttributes):
         self._register_addons()
         self._register_snapshots()
         self._register_network()
+        self._register_discovery()
+        self._register_services()
 
     def _register_host(self):
         """Register hostcontrol function."""
@@ -151,6 +160,8 @@ class RestAPI(CoreSysAttributes):
             '/snapshots/new/full', api_snapshots.snapshot_full)
         self.webapp.router.add_post(
             '/snapshots/new/partial', api_snapshots.snapshot_partial)
+        self.webapp.router.add_post(
+            '/snapshots/new/upload', api_snapshots.upload)
 
         self.webapp.router.add_get(
             '/snapshots/{snapshot}/info', api_snapshots.info)
@@ -161,6 +172,35 @@ class RestAPI(CoreSysAttributes):
         self.webapp.router.add_post(
             '/snapshots/{snapshot}/restore/partial',
             api_snapshots.restore_partial)
+        self.webapp.router.add_get(
+            '/snapshots/{snapshot}/download',
+            api_snapshots.download)
+
+    def _register_services(self):
+        api_services = APIServices()
+        api_services.coresys = self.coresys
+
+        self.webapp.router.add_get('/services', api_services.list)
+
+        self.webapp.router.add_get(
+            '/services/{service}', api_services.get_service)
+        self.webapp.router.add_post(
+            '/services/{service}', api_services.set_service)
+        self.webapp.router.add_delete(
+            '/services/{service}', api_services.del_service)
+
+    def _register_discovery(self):
+        api_discovery = APIDiscovery()
+        api_discovery.coresys = self.coresys
+
+        self.webapp.router.add_get(
+            '/services/discovery', api_discovery.list)
+        self.webapp.router.add_get(
+            '/services/discovery/{uuid}', api_discovery.get_discovery)
+        self.webapp.router.add_delete(
+            '/services/discovery/{uuid}', api_discovery.del_discovery)
+        self.webapp.router.add_post(
+            '/services/discovery', api_discovery.set_discovery)
 
     def _register_panel(self):
         """Register panel for homeassistant."""

hassio/api/addons.py

@@ -16,7 +16,8 @@ from ..const import (
     ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, BOOT_AUTO, BOOT_MANUAL,
     ATTR_CHANGELOG, ATTR_HOST_IPC, ATTR_HOST_DBUS, ATTR_LONG_DESCRIPTION,
     ATTR_CPU_PERCENT, ATTR_MEMORY_LIMIT, ATTR_MEMORY_USAGE, ATTR_NETWORK_TX,
-    ATTR_NETWORK_RX, ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_ICON,
+    ATTR_NETWORK_RX, ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_ICON, ATTR_SERVICES,
+    ATTR_DISCOVERY,
     CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT)
 from ..coresys import CoreSysAttributes
 from ..validate import DOCKER_PORTS
@@ -134,6 +135,8 @@ class APIAddons(CoreSysAttributes):
             ATTR_AUDIO: addon.with_audio,
             ATTR_AUDIO_INPUT: addon.audio_input,
             ATTR_AUDIO_OUTPUT: addon.audio_output,
+            ATTR_SERVICES: addon.services,
+            ATTR_DISCOVERY: addon.discovery,
         }
 
     @api_process

hassio/api/discovery.py

@@ -0,0 +1,72 @@
+"""Init file for HassIO network rest api."""
+
+import voluptuous as vol
+
+from .utils import api_process, api_validate
+from ..const import (
+    ATTR_PROVIDER, ATTR_UUID, ATTR_COMPONENT, ATTR_PLATFORM, ATTR_CONFIG,
+    ATTR_DISCOVERY, REQUEST_FROM)
+from ..coresys import CoreSysAttributes
+
+
+SCHEMA_DISCOVERY = vol.Schema({
+    vol.Required(ATTR_COMPONENT): vol.Coerce(str),
+    vol.Optional(ATTR_PLATFORM): vol.Any(None, vol.Coerce(str)),
+    vol.Optional(ATTR_CONFIG): vol.Any(None, dict),
+})
+
+
+class APIDiscovery(CoreSysAttributes):
+    """Handle rest api for discovery functions."""
+
+    def _extract_message(self, request):
+        """Extract discovery message from URL."""
+        message = self._services.discovery.get(request.match_info.get('uuid'))
+        if not message:
+            raise RuntimeError("Discovery message not found")
+        return message
+
+    @api_process
+    async def list(self, request):
+        """Show register services."""
+        discovery = []
+        for message in self._services.discovery.list_messages:
+            discovery.append({
+                ATTR_PROVIDER: message.provider,
+                ATTR_UUID: message.uuid,
+                ATTR_COMPONENT: message.component,
+                ATTR_PLATFORM: message.platform,
+                ATTR_CONFIG: message.config,
+            })
+
+        return {ATTR_DISCOVERY: discovery}
+
+    @api_process
+    async def set_discovery(self, request):
+        """Write data into a discovery pipeline."""
+        body = await api_validate(SCHEMA_DISCOVERY, request)
+        message = self._services.discovery.send(
+            provider=request[REQUEST_FROM], **body)
+
+        return {ATTR_UUID: message.uuid}
+
+    @api_process
+    async def get_discovery(self, request):
+        """Read data into a discovery message."""
+        message = self._extract_message(request)
+
+        return {
+            ATTR_PROVIDER: message.provider,
+            ATTR_UUID: message.uuid,
+            ATTR_COMPONENT: message.component,
+            ATTR_PLATFORM: message.platform,
+            ATTR_CONFIG: message.config,
+        }
+
+    @api_process
+    async def del_discovery(self, request):
+        """Delete data into a discovery message."""
+        message = self._extract_message(request)
+
+        self._services.discovery.remove(message)
+        return True

hassio/api/homeassistant.py

@@ -9,7 +9,7 @@ from ..const import (
     ATTR_VERSION, ATTR_LAST_VERSION, ATTR_IMAGE, ATTR_CUSTOM, ATTR_BOOT,
     ATTR_PORT, ATTR_PASSWORD, ATTR_SSL, ATTR_WATCHDOG, ATTR_CPU_PERCENT,
     ATTR_MEMORY_USAGE, ATTR_MEMORY_LIMIT, ATTR_NETWORK_RX, ATTR_NETWORK_TX,
-    ATTR_BLK_READ, ATTR_BLK_WRITE, CONTENT_TYPE_BINARY)
+    ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_WAIT_BOOT, CONTENT_TYPE_BINARY)
 from ..coresys import CoreSysAttributes
 from ..validate import NETWORK_PORT, DOCKER_IMAGE
 
@@ -27,6 +27,8 @@ SCHEMA_OPTIONS = vol.Schema({
     vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
     vol.Optional(ATTR_SSL): vol.Boolean(),
     vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
+    vol.Optional(ATTR_WAIT_BOOT):
+        vol.All(vol.Coerce(int), vol.Range(min=60)),
 })
 
 SCHEMA_VERSION = vol.Schema({
@@ -49,6 +51,7 @@ class APIHomeAssistant(CoreSysAttributes):
             ATTR_PORT: self._homeassistant.api_port,
             ATTR_SSL: self._homeassistant.api_ssl,
             ATTR_WATCHDOG: self._homeassistant.watchdog,
+            ATTR_WAIT_BOOT: self._homeassistant.wait_boot,
         }
 
     @api_process
@@ -75,6 +78,9 @@ class APIHomeAssistant(CoreSysAttributes):
         if ATTR_WATCHDOG in body:
             self._homeassistant.watchdog = body[ATTR_WATCHDOG]
 
+        if ATTR_WAIT_BOOT in body:
+            self._homeassistant.wait_boot = body[ATTR_WAIT_BOOT]
+
         self._homeassistant.save_data()
         return True
 
@@ -115,7 +121,7 @@ class APIHomeAssistant(CoreSysAttributes):
     @api_process
     def start(self, request):
         """Start homeassistant."""
-        return asyncio.shield(self._homeassistant.run(), loop=self._loop)
+        return asyncio.shield(self._homeassistant.start(), loop=self._loop)
 
     @api_process
     def restart(self, request):
@@ -130,8 +136,8 @@ class APIHomeAssistant(CoreSysAttributes):
     @api_process
     async def check(self, request):
         """Check config of homeassistant."""
-        code, message = await self._homeassistant.check_config()
-        if not code:
-            raise RuntimeError(message)
+        result = await self._homeassistant.check_config()
+        if not result.valid:
+            raise RuntimeError(result.log)
 
         return True

hassio/api/proxy.py

@@ -4,7 +4,7 @@ import logging
 
 import aiohttp
 from aiohttp import web
-from aiohttp.web_exceptions import HTTPBadGateway
+from aiohttp.web_exceptions import HTTPBadGateway, HTTPInternalServerError
 from aiohttp.hdrs import CONTENT_TYPE
 import async_timeout
 
@@ -17,6 +17,16 @@ _LOGGER = logging.getLogger(__name__)
 class APIProxy(CoreSysAttributes):
     """API Proxy for Home-Assistant."""
 
+    def _check_access(self, request):
+        """Check the Hass.io token."""
+        hassio_token = request.headers.get(HEADER_HA_ACCESS)
+        addon = self._addons.from_uuid(hassio_token)
+
+        if not addon:
+            _LOGGER.warning("Unknown Home-Assistant API access!")
+        else:
+            _LOGGER.info("%s access from %s", request.path, addon.slug)
+
     async def _api_client(self, request, path, timeout=300):
         """Return a client request with proxy origin for Home-Assistant."""
         url = f"{self._homeassistant.api_url}/api/{path}"
@@ -59,6 +69,8 @@ class APIProxy(CoreSysAttributes):
 
     async def stream(self, request):
         """Proxy HomeAssistant EventStream Requests."""
+        self._check_access(request)
+
         _LOGGER.info("Home-Assistant EventStream start")
         client = await self._api_client(request, 'stream', timeout=None)
 
@@ -83,12 +95,14 @@ class APIProxy(CoreSysAttributes):
             client.close()
             _LOGGER.info("Home-Assistant EventStream close")
 
+        return response
+
     async def api(self, request):
         """Proxy HomeAssistant API Requests."""
-        path = request.match_info.get('path', '')
+        self._check_access(request)
 
         # Normal request
-        _LOGGER.info("Home-Assistant /api/%s request", path)
+        path = request.match_info.get('path', '')
         client = await self._api_client(request, path)
 
         data = await client.read()
@@ -100,7 +114,7 @@ class APIProxy(CoreSysAttributes):
 
     async def _websocket_client(self):
         """Initialize a websocket api connection."""
-        url = f"{self.homeassistant.api_url}/api/websocket"
+        url = f"{self._homeassistant.api_url}/api/websocket"
 
         try:
             client = await self._websession_ssl.ws_connect(
@@ -133,9 +147,29 @@ class APIProxy(CoreSysAttributes):
         await server.prepare(request)
 
         # handle authentication
-        await server.send_json({'type': 'auth_required'})
-        await server.receive_json()  # get internal token
-        await server.send_json({'type': 'auth_ok'})
+        try:
+            await server.send_json({
+                'type': 'auth_required',
+                'ha_version': self._homeassistant.version,
+            })
+
+            # Check API access
+            response = await server.receive_json()
+            hassio_token = response.get('api_password')
+            addon = self._addons.from_uuid(hassio_token)
+
+            if not addon:
+                _LOGGER.warning("Unauthorized websocket access!")
+            else:
+                _LOGGER.info("Websocket access from %s", addon.slug)
+
+            await server.send_json({
+                'type': 'auth_ok',
+                'ha_version': self._homeassistant.version,
+            })
+        except (RuntimeError, ValueError) as err:
+            _LOGGER.error("Can't initialize handshake: %s", err)
+            raise HTTPInternalServerError() from None
 
         # init connection to hass
         client = await self._websocket_client()

hassio/api/security.py

@@ -0,0 +1,50 @@
+"""Handle security part of this API."""
+import logging
+import re
+
+from aiohttp.web import middleware
+from aiohttp.web_exceptions import HTTPUnauthorized
+
+from ..const import HEADER_TOKEN, REQUEST_FROM
+
+_LOGGER = logging.getLogger(__name__)
+
+NO_SECURITY_CHECK = set((
+    re.compile(r"^/homeassistant/api/.*$"),
+    re.compile(r"^/homeassistant/websocket$"),
+    re.compile(r"^/supervisor/ping$"),
+))
+
+
+@middleware
+async def security_layer(request, handler):
+    """Check security access of this layer."""
+    coresys = request.app['coresys']
+    hassio_token = request.headers.get(HEADER_TOKEN)
+
+    # Ignore security check
+    for rule in NO_SECURITY_CHECK:
+        if rule.match(request.path):
+            _LOGGER.debug("Passthrough %s", request.path)
+            return await handler(request)
+
+    # Need to be removed later
+    if not hassio_token:
+        _LOGGER.warning("Invalid token for access %s", request.path)
+        request[REQUEST_FROM] = 'UNKNOWN'
+        return await handler(request)
+
+    # Home-Assistant
+    if hassio_token == coresys.homeassistant.uuid:
+        _LOGGER.debug("%s access from Home-Assistant", request.path)
+        request[REQUEST_FROM] = 'homeassistant'
+        return await handler(request)
+
+    # Add-on
+    addon = coresys.addons.from_uuid(hassio_token)
+    if addon:
+        _LOGGER.info("%s access from %s", request.path, addon.slug)
+        request[REQUEST_FROM] = addon.slug
+        return await handler(request)
+
+    raise HTTPUnauthorized()

hassio/api/services.py

@@ -0,0 +1,55 @@
+"""Init file for HassIO network rest api."""
+
+from .utils import api_process, api_validate
+from ..const import (
+    ATTR_AVAILABLE, ATTR_PROVIDER, ATTR_SLUG, ATTR_SERVICES, REQUEST_FROM)
+from ..coresys import CoreSysAttributes
+
+
+class APIServices(CoreSysAttributes):
+    """Handle rest api for services functions."""
+
+    def _extract_service(self, request):
+        """Return service and if not exists trow a exception."""
+        service = self._services.get(request.match_info.get('service'))
+        if not service:
+            raise RuntimeError("Service not exists")
+
+        return service
+
+    @api_process
+    async def list(self, request):
+        """Show register services."""
+        services = []
+        for service in self._services.list_services:
+            services.append({
+                ATTR_SLUG: service.slug,
+                ATTR_AVAILABLE: service.enabled,
+                ATTR_PROVIDER: service.provider,
+            })
+
+        return {ATTR_SERVICES: services}
+
+    @api_process
+    async def set_service(self, request):
+        """Write data into a service."""
+        service = self._extract_service(request)
+        body = await api_validate(service.schema, request)
+
+        return service.set_service_data(request[REQUEST_FROM], body)
+
+    @api_process
+    async def get_service(self, request):
+        """Read data into a service."""
+        service = self._extract_service(request)
+
+        return {
+            ATTR_AVAILABLE: service.enabled,
+            service.slug: service.get_service_data(),
+        }
+
+    @api_process
+    async def del_service(self, request):
+        """Delete data into a service."""
+        service = self._extract_service(request)
+        return service.del_service_data(request[REQUEST_FROM])

hassio/api/snapshots.py

@@ -1,7 +1,10 @@
 """Init file for HassIO snapshot rest api."""
 import asyncio
 import logging
+from pathlib import Path
+from tempfile import TemporaryDirectory
 
+from aiohttp import web
 import voluptuous as vol
 
 from .utils import api_process, api_validate
@@ -9,7 +12,7 @@ from ..snapshots.validate import ALL_FOLDERS
 from ..const import (
     ATTR_NAME, ATTR_SLUG, ATTR_DATE, ATTR_ADDONS, ATTR_REPOSITORIES,
     ATTR_HOMEASSISTANT, ATTR_VERSION, ATTR_SIZE, ATTR_FOLDERS, ATTR_TYPE,
-    ATTR_SNAPSHOTS)
+    ATTR_SNAPSHOTS, ATTR_PASSWORD, ATTR_PROTECTED, CONTENT_TYPE_TAR)
 from ..coresys import CoreSysAttributes
 
 _LOGGER = logging.getLogger(__name__)
@@ -17,6 +20,7 @@ _LOGGER = logging.getLogger(__name__)
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_RESTORE_PARTIAL = vol.Schema({
+    vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
     vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
     vol.Optional(ATTR_ADDONS):
         vol.All([vol.Coerce(str)], vol.Unique()),
@@ -24,8 +28,13 @@ SCHEMA_RESTORE_PARTIAL = vol.Schema({
         vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
 })
 
+SCHEMA_RESTORE_FULL = vol.Schema({
+    vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+})
+
 SCHEMA_SNAPSHOT_FULL = vol.Schema({
     vol.Optional(ATTR_NAME): vol.Coerce(str),
+    vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
 })
 
 SCHEMA_SNAPSHOT_PARTIAL = SCHEMA_SNAPSHOT_FULL.extend({
@@ -56,6 +65,7 @@ class APISnapshots(CoreSysAttributes):
                 ATTR_NAME: snapshot.name,
                 ATTR_DATE: snapshot.date,
                 ATTR_TYPE: snapshot.sys_type,
+                ATTR_PROTECTED: snapshot.protected,
             })
 
         return {
@@ -79,6 +89,7 @@ class APISnapshots(CoreSysAttributes):
                 ATTR_SLUG: addon_data[ATTR_SLUG],
                 ATTR_NAME: addon_data[ATTR_NAME],
                 ATTR_VERSION: addon_data[ATTR_VERSION],
+                ATTR_SIZE: addon_data[ATTR_SIZE],
             })
 
         return {
@@ -87,6 +98,7 @@ class APISnapshots(CoreSysAttributes):
             ATTR_NAME: snapshot.name,
             ATTR_DATE: snapshot.date,
             ATTR_SIZE: snapshot.size,
+            ATTR_PROTECTED: snapshot.protected,
             ATTR_HOMEASSISTANT: snapshot.homeassistant_version,
             ATTR_ADDONS: data_addons,
             ATTR_REPOSITORIES: snapshot.repositories,
@@ -97,28 +109,40 @@ class APISnapshots(CoreSysAttributes):
     async def snapshot_full(self, request):
         """Full-Snapshot a snapshot."""
         body = await api_validate(SCHEMA_SNAPSHOT_FULL, request)
-        return await asyncio.shield(
+        snapshot = await asyncio.shield(
             self._snapshots.do_snapshot_full(**body), loop=self._loop)
 
+        if snapshot:
+            return {ATTR_SLUG: snapshot.slug}
+        return False
+
     @api_process
     async def snapshot_partial(self, request):
         """Partial-Snapshot a snapshot."""
         body = await api_validate(SCHEMA_SNAPSHOT_PARTIAL, request)
-        return await asyncio.shield(
+        snapshot = await asyncio.shield(
             self._snapshots.do_snapshot_partial(**body), loop=self._loop)
 
+        if snapshot:
+            return {ATTR_SLUG: snapshot.slug}
+        return False
+
     @api_process
-    def restore_full(self, request):
+    async def restore_full(self, request):
         """Full-Restore a snapshot."""
         snapshot = self._extract_snapshot(request)
-        return asyncio.shield(
-            self._snapshots.do_restore_full(snapshot), loop=self._loop)
+        body = await api_validate(SCHEMA_RESTORE_FULL, request)
+
+        return await asyncio.shield(
+            self._snapshots.do_restore_full(snapshot, **body),
+            loop=self._loop
+        )
 
     @api_process
     async def restore_partial(self, request):
         """Partial-Restore a snapshot."""
         snapshot = self._extract_snapshot(request)
-        body = await api_validate(SCHEMA_SNAPSHOT_PARTIAL, request)
+        body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
 
         return await asyncio.shield(
             self._snapshots.do_restore_partial(snapshot, **body),
@@ -130,3 +154,37 @@ class APISnapshots(CoreSysAttributes):
         """Remove a snapshot."""
         snapshot = self._extract_snapshot(request)
         return self._snapshots.remove(snapshot)
+
+    async def download(self, request):
+        """Download a snapshot file."""
+        snapshot = self._extract_snapshot(request)
+
+        _LOGGER.info("Download snapshot %s", snapshot.slug)
+        response = web.FileResponse(snapshot.tarfile)
+        response.content_type = CONTENT_TYPE_TAR
+        return response
+
+    @api_process
+    async def upload(self, request):
+        """Upload a snapshot file."""
+        with TemporaryDirectory(dir=str(self._config.path_tmp)) as temp_dir:
+            tar_file = Path(temp_dir, f"snapshot.tar")
+
+            try:
+                with tar_file.open('wb') as snapshot:
+                    async for data in request.content.iter_any():
+                        snapshot.write(data)
+
+            except OSError as err:
+                _LOGGER.error("Can't write new snapshot file: %s", err)
+                return False
+
+            except asyncio.CancelledError:
+                return False
+
+            snapshot = await asyncio.shield(
+                self._snapshots.import_snapshot(tar_file), loop=self._loop)
+
+            if snapshot:
+                return {ATTR_SLUG: snapshot.slug}
+            return False

hassio/bootstrap.py

@@ -13,9 +13,10 @@ from .const import SOCKET_DOCKER
 from .coresys import CoreSys
 from .supervisor import Supervisor
 from .homeassistant import HomeAssistant
-from .snapshots import SnapshotsManager
+from .snapshots import SnapshotManager
 from .tasks import Tasks
 from .updater import Updater
+from .services import ServiceManager
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -30,8 +31,9 @@ def initialize_coresys(loop):
     coresys.supervisor = Supervisor(coresys)
     coresys.homeassistant = HomeAssistant(coresys)
     coresys.addons = AddonManager(coresys)
-    coresys.snapshots = SnapshotsManager(coresys)
+    coresys.snapshots = SnapshotManager(coresys)
     coresys.tasks = Tasks(coresys)
+    coresys.services = ServiceManager(coresys)
 
     # bootstrap config
     initialize_system_data(coresys)

hassio/const.py

@@ -2,7 +2,7 @@
 from pathlib import Path
 from ipaddress import ip_network
 
-HASSIO_VERSION = '0.84'
+HASSIO_VERSION = '0.96'
 
 URL_HASSIO_VERSION = ('https://raw.githubusercontent.com/home-assistant/'
                       'hassio/{}/version.json')
@@ -15,6 +15,7 @@ FILE_HASSIO_ADDONS = Path(HASSIO_DATA, "addons.json")
 FILE_HASSIO_CONFIG = Path(HASSIO_DATA, "config.json")
 FILE_HASSIO_HOMEASSISTANT = Path(HASSIO_DATA, "homeassistant.json")
 FILE_HASSIO_UPDATER = Path(HASSIO_DATA, "updater.json")
+FILE_HASSIO_SERVICES = Path(HASSIO_DATA, "services.json")
 
 SOCKET_DOCKER = Path("/var/run/docker.sock")
 SOCKET_HC = Path("/var/run/hassio-hc.sock")
@@ -42,7 +43,14 @@ CONTENT_TYPE_BINARY = 'application/octet-stream'
 CONTENT_TYPE_PNG = 'image/png'
 CONTENT_TYPE_JSON = 'application/json'
 CONTENT_TYPE_TEXT = 'text/plain'
+CONTENT_TYPE_TAR = 'application/tar'
 HEADER_HA_ACCESS = 'x-ha-access'
+HEADER_TOKEN = 'X-HASSIO-KEY'
+
+ENV_TOKEN = 'HASSIO_TOKEN'
+ENV_TIME = 'TZ'
+
+REQUEST_FROM = 'HASSIO_FROM'
 
 ATTR_WAIT_BOOT = 'wait_boot'
 ATTR_WATCHDOG = 'watchdog'
@@ -136,6 +144,23 @@ ATTR_MEMORY_LIMIT = 'memory_limit'
 ATTR_MEMORY_USAGE = 'memory_usage'
 ATTR_BLK_READ = 'blk_read'
 ATTR_BLK_WRITE = 'blk_write'
+ATTR_PROVIDER = 'provider'
+ATTR_AVAILABLE = 'available'
+ATTR_HOST = 'host'
+ATTR_USERNAME = 'username'
+ATTR_PROTOCOL = 'protocol'
+ATTR_DISCOVERY = 'discovery'
+ATTR_PLATFORM = 'platform'
+ATTR_COMPONENT = 'component'
+ATTR_CONFIG = 'config'
+ATTR_DISCOVERY_ID = 'discovery_id'
+ATTR_SERVICES = 'services'
+ATTR_DISCOVERY = 'discovery'
+ATTR_PROTECTED = 'protected'
+ATTR_CRYPTO = 'crypto'
+ATTR_BRANCH = 'branch'
+
+SERVICE_MQTT = 'mqtt'
 
 STARTUP_INITIALIZE = 'initialize'
 STARTUP_SYSTEM = 'system'
@@ -171,3 +196,5 @@ FOLDER_SSL = 'ssl'
 
 SNAPSHOT_FULL = 'full'
 SNAPSHOT_PARTIAL = 'partial'
+
+CRYPTO_AES128 = 'aes128'

hassio/core.py

@@ -44,6 +44,9 @@ class HassIO(CoreSysAttributes):
         # load last available data
         await self._snapshots.load()
 
+        # load services
+        await self._services.load()
+
         # start dns forwarding
         self._loop.create_task(self._dns.start())
 
@@ -70,6 +73,9 @@ class HassIO(CoreSysAttributes):
                 _LOGGER.info("Hass.io reboot detected")
                 return
 
+            # reset register services / discovery
+            self._services.reset()
+
             # start addon mark as system
             await self._addons.auto_boot(STARTUP_SYSTEM)
 
@@ -78,13 +84,14 @@ class HassIO(CoreSysAttributes):
 
             # run HomeAssistant
             if self._homeassistant.boot:
-                await self._homeassistant.run()
+                await self._homeassistant.start()
 
             # start addon mark as application
             await self._addons.auto_boot(STARTUP_APPLICATION)
 
             # store new last boot
             self._config.last_boot = self._hardware.last_boot
+            self._config.save_data()
 
         finally:
             # Add core tasks into scheduler

hassio/coresys.py

@@ -40,6 +40,7 @@ class CoreSys(object):
         self._updater = None
         self._snapshots = None
         self._tasks = None
+        self._services = None
 
     @property
     def arch(self):
@@ -155,19 +156,19 @@ class CoreSys(object):
 
     @property
     def snapshots(self):
-        """Return SnapshotsManager object."""
+        """Return SnapshotManager object."""
         return self._snapshots
 
     @snapshots.setter
     def snapshots(self, value):
-        """Set a SnapshotsManager object."""
+        """Set a SnapshotManager object."""
         if self._snapshots:
             raise RuntimeError("SnapshotsManager already set!")
         self._snapshots = value
 
     @property
     def tasks(self):
-        """Return SnapshotsManager object."""
+        """Return Tasks object."""
         return self._tasks
 
     @tasks.setter
@@ -177,6 +178,18 @@ class CoreSys(object):
             raise RuntimeError("Tasks already set!")
         self._tasks = value
 
+    @property
+    def services(self):
+        """Return ServiceManager object."""
+        return self._services
+
+    @services.setter
+    def services(self, value):
+        """Set a ServiceManager object."""
+        if self._services:
+            raise RuntimeError("Services already set!")
+        self._services = value
+
 
 class CoreSysAttributes(object):
     """Inheret basic CoreSysAttributes."""

hassio/docker/__init__.py

@@ -1,5 +1,6 @@
 """Init file for HassIO docker object."""
 from contextlib import suppress
+from collections import namedtuple
 import logging
 
 import docker
@@ -9,6 +10,8 @@ from ..const import SOCKET_DOCKER
 
 _LOGGER = logging.getLogger(__name__)
 
+CommandReturn = namedtuple('CommandReturn', ['exit_code', 'output'])
+
 
 class DockerAPI(object):
     """Docker hassio wrapper.
@@ -19,7 +22,8 @@ class DockerAPI(object):
     def __init__(self):
         """Initialize docker base wrapper."""
         self.docker = docker.DockerClient(
-            base_url="unix:/{}".format(str(SOCKET_DOCKER)), version='auto')
+            base_url="unix:/{}".format(str(SOCKET_DOCKER)),
+            version='auto', timeout=300)
         self.network = DockerNetwork(self.docker)
 
     @property
@@ -96,15 +100,15 @@ class DockerAPI(object):
             )
 
             # wait until command is done
-            exit_code = container.wait()
+            result = container.wait()
             output = container.logs(stdout=stdout, stderr=stderr)
 
         except docker.errors.DockerException as err:
             _LOGGER.error("Can't execute command: %s", err)
-            return (None, b"")
+            return CommandReturn(None, b"")
 
         # cleanup container
         with suppress(docker.errors.DockerException):
             container.remove(force=True)
 
-        return (exit_code, output)
+        return CommandReturn(result.get('StatusCode'), output)

hassio/docker/addon.py

@@ -9,7 +9,8 @@ from .interface import DockerInterface
 from .utils import docker_process
 from ..addons.build import AddonBuild
 from ..const import (
-    MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP, MAP_SHARE)
+    MAP_CONFIG, MAP_SSL, MAP_ADDONS, MAP_BACKUP, MAP_SHARE, ENV_TOKEN,
+    ENV_TIME)
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -74,19 +75,18 @@ class DockerAddon(DockerInterface):
     def environment(self):
         """Return environment for docker add-on."""
         addon_env = self.addon.environment or {}
+
+        # Need audio settings
         if self.addon.with_audio:
             addon_env.update({
                 'ALSA_OUTPUT': self.addon.audio_output,
                 'ALSA_INPUT': self.addon.audio_input,
             })
 
-        # Set api token if any API access is needed
-        if self.addon.access_hassio_api or self.addon.access_homeassistant_api:
-            addon_env['HASSIO_TOKEN'] = self.addon.uuid
-
         return {
             **addon_env,
-            'TZ': self._config.timezone,
+            ENV_TIME: self._config.timezone,
+            ENV_TOKEN: self.addon.uuid,
         }
 
     @property
@@ -225,10 +225,6 @@ class DockerAddon(DockerInterface):
         # cleanup
         self._stop()
 
-        # write config
-        if not self.addon.write_options():
-            return False
-
         ret = self._docker.run(
             self.image,
             name=self.name,
@@ -273,9 +269,13 @@ class DockerAddon(DockerInterface):
 
         _LOGGER.info("Start build %s:%s", self.image, tag)
         try:
-            image = self._docker.images.build(**build_env.get_docker_args(tag))
+            image, log = self._docker.images.build(
+                **build_env.get_docker_args(tag))
 
+            _LOGGER.debug("Build %s:%s done: %s", self.image, tag, log)
             image.tag(self.image, tag='latest')
+
+            # Update meta data
             self._meta = image.attrs
 
         except (docker.errors.DockerException) as err:
@@ -301,15 +301,16 @@ class DockerAddon(DockerInterface):
             _LOGGER.error("Can't fetch image %s: %s", self.image, err)
             return False
 
+        _LOGGER.info("Export image %s to %s", self.image, tar_file)
         try:
             with tar_file.open("wb") as write_tar:
-                for chunk in image.stream():
+                for chunk in image:
                     write_tar.write(chunk)
         except (OSError, requests.exceptions.ReadTimeout) as err:
             _LOGGER.error("Can't write tar file %s: %s", tar_file, err)
             return False
 
-        _LOGGER.info("Export image %s to %s", self.image, tar_file)
+        _LOGGER.info("Export image %s done", self.image)
         return True
 
     @docker_process
@@ -337,15 +338,6 @@ class DockerAddon(DockerInterface):
         self._cleanup()
         return True
 
-    def _restart(self):
-        """Restart docker container.
-
-        Addons prepare some thing on start and that is normaly not repeatable.
-        Need run inside executor.
-        """
-        self._stop()
-        return self._run()
-
     @docker_process
     def write_stdin(self, data):
         """Write to add-on stdin."""

hassio/docker/homeassistant.py

@@ -4,6 +4,7 @@ import logging
 import docker
 
 from .interface import DockerInterface
+from ..const import ENV_TOKEN, ENV_TIME
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -53,8 +54,8 @@ class DockerHomeAssistant(DockerInterface):
             network_mode='host',
             environment={
                 'HASSIO': self._docker.network.supervisor,
-                'TZ': self._config.timezone,
-                'HASSIO_TOKEN': self._homeassistant.uuid,
+                ENV_TIME: self._config.timezone,
+                ENV_TOKEN: self._homeassistant.uuid,
             },
             volumes={
                 str(self._config.path_extern_config):
@@ -84,7 +85,7 @@ class DockerHomeAssistant(DockerInterface):
             stdout=True,
             stderr=True,
             environment={
-                'TZ': self._config.timezone,
+                ENV_TIME: self._config.timezone,
             },
             volumes={
                 str(self._config.path_extern_config):

hassio/homeassistant.py

@@ -1,8 +1,11 @@
 """HomeAssistant control object."""
 import asyncio
+from collections import namedtuple
 import logging
 import os
 import re
+import socket
+import time
 
 import aiohttp
 from aiohttp.hdrs import CONTENT_TYPE
@@ -10,7 +13,7 @@ from aiohttp.hdrs import CONTENT_TYPE
 from .const import (
     FILE_HASSIO_HOMEASSISTANT, ATTR_IMAGE, ATTR_LAST_VERSION, ATTR_UUID,
     ATTR_BOOT, ATTR_PASSWORD, ATTR_PORT, ATTR_SSL, ATTR_WATCHDOG,
-    HEADER_HA_ACCESS, CONTENT_TYPE_JSON)
+    ATTR_WAIT_BOOT, HEADER_HA_ACCESS, CONTENT_TYPE_JSON)
 from .coresys import CoreSysAttributes
 from .docker.homeassistant import DockerHomeAssistant
 from .utils import convert_to_ascii
@@ -21,6 +24,8 @@ _LOGGER = logging.getLogger(__name__)
 
 RE_YAML_ERROR = re.compile(r"homeassistant\.util\.yaml")
 
+ConfigResult = namedtuple('ConfigResult', ['valid', 'log'])
+
 
 class HomeAssistant(JsonConfig, CoreSysAttributes):
     """Hass core object for handle it."""
@@ -91,6 +96,16 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         """Return True if the watchdog should protect Home-Assistant."""
         self._data[ATTR_WATCHDOG] = value
 
+    @property
+    def wait_boot(self):
+        """Return time to wait for Home-Assistant startup."""
+        return self._data[ATTR_WAIT_BOOT]
+
+    @wait_boot.setter
+    def wait_boot(self, value):
+        """Set time to wait for Home-Assistant startup."""
+        self._data[ATTR_WAIT_BOOT] = value
+
     @property
     def version(self):
         """Return version of running homeassistant."""
@@ -156,8 +171,8 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
             _LOGGER.warning("Fails install landingpage, retry after 60sec")
             await asyncio.sleep(60, loop=self._loop)
 
-        # run landingpage after installation
-        await self.instance.run()
+        # Run landingpage after installation
+        await self.start()
 
     async def install(self):
         """Install a landingpage."""
@@ -176,7 +191,7 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         # finishing
         _LOGGER.info("HomeAssistant docker now installed")
         if self.boot:
-            await self.instance.run()
+            await self.start()
         await self.instance.cleanup()
 
     async def update(self, version=None):
@@ -193,14 +208,14 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
             return await self.instance.update(version)
         finally:
             if running:
-                await self.instance.run()
+                await self.start()
 
-    def run(self):
-        """Run HomeAssistant docker.
+    async def start(self):
+        """Run HomeAssistant docker."""
+        if not await self.instance.run():
+            return False
 
-        Return a coroutine.
-        """
-        return self.instance.run()
+        return await self._block_till_run()
 
     def stop(self):
         """Stop HomeAssistant docker.
@@ -209,12 +224,12 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         """
         return self.instance.stop()
 
-    def restart(self):
-        """Restart HomeAssistant docker.
+    async def restart(self):
+        """Restart HomeAssistant docker."""
+        if not await self.instance.restart():
+            return False
 
-        Return a coroutine.
-        """
-        return self.instance.restart()
+        return await self._block_till_run()
 
     def logs(self):
         """Get HomeAssistant docker logs.
@@ -251,19 +266,19 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
 
     async def check_config(self):
         """Run homeassistant config check."""
-        exit_code, log = await self.instance.execute_command(
+        result = await self.instance.execute_command(
             "python3 -m homeassistant -c /config --script check_config"
         )
 
         # if not valid
-        if exit_code is None:
-            return (False, "")
+        if result.exit_code is None:
+            return ConfigResult(False, "")
 
         # parse output
-        log = convert_to_ascii(log)
-        if exit_code != 0 or RE_YAML_ERROR.search(log):
-            return (False, log)
-        return (True, log)
+        log = convert_to_ascii(result.output)
+        if result.exit_code != 0 or RE_YAML_ERROR.search(log):
+            return ConfigResult(False, log)
+        return ConfigResult(True, log)
 
     async def check_api_state(self):
         """Check if Home-Assistant up and running."""
@@ -285,3 +300,54 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         if status not in (200, 201):
             _LOGGER.warning("Home-Assistant API config missmatch")
         return True
+
+    async def send_event(self, event_type, event_data=None):
+        """Send event to Home-Assistant."""
+        url = f"{self.api_url}/api/events/{event_type}"
+        header = {CONTENT_TYPE: CONTENT_TYPE_JSON}
+
+        if self.api_password:
+            header.update({HEADER_HA_ACCESS: self.api_password})
+
+        try:
+            # pylint: disable=bad-continuation
+            async with self._websession_ssl.post(
+                    url, headers=header, timeout=30,
+                    json=event_data) as request:
+                status = request.status
+
+        except (asyncio.TimeoutError, aiohttp.ClientError) as err:
+            _LOGGER.warning(
+                "Home-Assistant event %s fails: %s", event_type, err)
+            return False
+
+        if status not in (200, 201):
+            _LOGGER.warning("Home-Assistant event %s fails", event_type)
+            return False
+        return True
+
+    async def _block_till_run(self):
+        """Block until Home-Assistant is booting up or startup timeout."""
+        start_time = time.monotonic()
+
+        def check_port():
+            """Check if port is mapped."""
+            sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            try:
+                result = sock.connect_ex((str(self.api_ip), self.api_port))
+                sock.close()
+
+                if result == 0:
+                    return True
+                return False
+            except OSError:
+                pass
+
+        while time.monotonic() - start_time < self.wait_boot:
+            if await self._loop.run_in_executor(None, check_port):
+                _LOGGER.info("Detect a running Home-Assistant instance")
+                return True
+            await asyncio.sleep(10, loop=self._loop)
+
+        _LOGGER.warning("Don't wait anymore of Home-Assistant startup!")
+        return False

hassio/services/__init__.py

@@ -0,0 +1,45 @@
+"""Handle internal services discovery."""
+
+from .mqtt import MQTTService
+from .data import ServicesData
+from .discovery import Discovery
+from ..const import SERVICE_MQTT
+from ..coresys import CoreSysAttributes
+
+
+AVAILABLE_SERVICES = {
+    SERVICE_MQTT: MQTTService
+}
+
+
+class ServiceManager(CoreSysAttributes):
+    """Handle internal services discovery."""
+
+    def __init__(self, coresys):
+        """Initialize Services handler."""
+        self.coresys = coresys
+        self.data = ServicesData()
+        self.discovery = Discovery(coresys)
+        self.services_obj = {}
+
+    @property
+    def list_services(self):
+        """Return a list of services."""
+        return list(self.services_obj.values())
+
+    def get(self, slug):
+        """Return service object from slug."""
+        return self.services_obj.get(slug)
+
+    async def load(self):
+        """Load available services."""
+        for slug, service in AVAILABLE_SERVICES.items():
+            self.services_obj[slug] = service(self.coresys)
+
+        # Read exists discovery messages
+        self.discovery.load()
+
+    def reset(self):
+        """Reset available data."""
+        self.data.reset_data()
+        self.discovery.load()

hassio/services/data.py

@@ -0,0 +1,23 @@
+"""Handle service data for persistent supervisor reboot."""
+
+from .validate import SCHEMA_SERVICES_FILE
+from ..const import FILE_HASSIO_SERVICES, ATTR_DISCOVERY, SERVICE_MQTT
+from ..utils.json import JsonConfig
+
+
+class ServicesData(JsonConfig):
+    """Class to handle services data."""
+
+    def __init__(self):
+        """Initialize services data."""
+        super().__init__(FILE_HASSIO_SERVICES, SCHEMA_SERVICES_FILE)
+
+    @property
+    def discovery(self):
+        """Return discovery data for home-assistant."""
+        return self._data[ATTR_DISCOVERY]
+
+    @property
+    def mqtt(self):
+        """Return settings for mqtt service."""
+        return self._data[SERVICE_MQTT]

hassio/services/discovery.py

@@ -0,0 +1,107 @@
+"""Handle discover message for Home-Assistant."""
+import logging
+from uuid import uuid4
+
+from ..const import ATTR_UUID
+from ..coresys import CoreSysAttributes
+
+_LOGGER = logging.getLogger(__name__)
+
+EVENT_DISCOVERY_ADD = 'hassio_discovery_add'
+EVENT_DISCOVERY_DEL = 'hassio_discovery_del'
+
+
+class Discovery(CoreSysAttributes):
+    """Home-Assistant Discovery handler."""
+
+    def __init__(self, coresys):
+        """Initialize discovery handler."""
+        self.coresys = coresys
+        self.message_obj = {}
+
+    def load(self):
+        """Load exists discovery message into storage."""
+        messages = {}
+        for message in self._data:
+            discovery = Message(**message)
+            messages[discovery.uuid] = discovery
+
+        self.message_obj = messages
+
+    def save(self):
+        """Write discovery message into data file."""
+        messages = []
+        for message in self.message_obj.values():
+            messages.append(message.raw())
+
+        self._data.clear()
+        self._data.extend(messages)
+        self._services.data.save_data()
+
+    def get(self, uuid):
+        """Return discovery message."""
+        return self.message_obj.get(uuid)
+
+    @property
+    def _data(self):
+        """Return discovery data."""
+        return self._services.data.discovery
+
+    @property
+    def list_messages(self):
+        """Return list of available discovery messages."""
+        return self.message_obj.values()
+
+    def send(self, provider, component, platform=None, config=None):
+        """Send a discovery message to Home-Assistant."""
+        message = Message(provider, component, platform, config)
+
+        # Allready exists?
+        for exists_message in self.message_obj:
+            if exists_message == message:
+                _LOGGER.warning("Found douplicate discovery message from %s",
+                                provider)
+                return exists_message
+
+        _LOGGER.info("Send discovery to Home-Assistant %s/%s from %s",
+                     component, platform, provider)
+        self.message_obj[message.uuid] = message
+        self.save()
+
+        # send event to Home-Assistant
+        self._loop.create_task(self._homeassistant.send_event(
+            EVENT_DISCOVERY_ADD, {ATTR_UUID: message.uuid}))
+
+        return message
+
+    def remove(self, message):
+        """Remove a discovery message from Home-Assistant."""
+        self.message_obj.pop(message.uuid, None)
+        self.save()
+
+        # send event to Home-Assistant
+        self._loop.create_task(self._homeassistant.send_event(
+            EVENT_DISCOVERY_DEL, {ATTR_UUID: message.uuid}))
+
+
+class Message(object):
+    """Represent a single Discovery message."""
+
+    def __init__(self, provider, component, platform, config, uuid=None):
+        """Initialize discovery message."""
+        self.provider = provider
+        self.component = component
+        self.platform = platform
+        self.config = config
+        self.uuid = uuid or uuid4().hex
+
+    def raw(self):
+        """Return raw discovery message."""
+        return self.__dict__
+
+    def __eq__(self, other):
+        """Compare with other message."""
+        for attribute in ('provider', 'component', 'platform', 'config'):
+            if getattr(self, attribute) != getattr(other, attribute):
+                return False
+        return True

hassio/services/interface.py

@@ -0,0 +1,54 @@
+"""Interface for single service."""
+
+from ..coresys import CoreSysAttributes
+
+
+class ServiceInterface(CoreSysAttributes):
+    """Interface class for service integration."""
+
+    def __init__(self, coresys):
+        """Initialize service interface."""
+        self.coresys = coresys
+
+    @property
+    def slug(self):
+        """Return slug of this service."""
+        return None
+
+    @property
+    def _data(self):
+        """Return data of this service."""
+        return None
+
+    @property
+    def schema(self):
+        """Return data schema of this service."""
+        return None
+
+    @property
+    def provider(self):
+        """Return name of service provider."""
+        return None
+
+    @property
+    def enabled(self):
+        """Return True if the service is in use."""
+        return bool(self._data)
+
+    def save(self):
+        """Save changes."""
+        self._services.data.save_data()
+
+    def get_service_data(self):
+        """Return the requested service data."""
+        if self.enabled:
+            return self._data
+        return None
+
+    def set_service_data(self, provider, data):
+        """Write the data into service object."""
+        raise NotImplementedError()
+
+    def del_service_data(self, provider):
+        """Remove the data from service object."""
+        raise NotImplementedError()

hassio/services/mqtt.py

@@ -0,0 +1,89 @@
+"""Provide MQTT Service."""
+import logging
+
+from .interface import ServiceInterface
+from .validate import SCHEMA_SERVICE_MQTT
+from ..const import (
+    ATTR_PROVIDER, SERVICE_MQTT, ATTR_HOST, ATTR_PORT, ATTR_USERNAME,
+    ATTR_PASSWORD, ATTR_PROTOCOL, ATTR_DISCOVERY_ID)
+
+_LOGGER = logging.getLogger(__name__)
+
+
+class MQTTService(ServiceInterface):
+    """Provide mqtt services."""
+
+    @property
+    def slug(self):
+        """Return slug of this service."""
+        return SERVICE_MQTT
+
+    @property
+    def _data(self):
+        """Return data of this service."""
+        return self._services.data.mqtt
+
+    @property
+    def schema(self):
+        """Return data schema of this service."""
+        return SCHEMA_SERVICE_MQTT
+
+    @property
+    def provider(self):
+        """Return name of service provider."""
+        return self._data.get(ATTR_PROVIDER)
+
+    @property
+    def hass_config(self):
+        """Return Home-Assistant mqtt config."""
+        if not self.enabled:
+            return None
+
+        hass_config = {
+            'host': self._data[ATTR_HOST],
+            'port': self._data[ATTR_PORT],
+            'protocol': self._data[ATTR_PROTOCOL]
+        }
+        if ATTR_USERNAME in self._data:
+            hass_config['user']: self._data[ATTR_USERNAME]
+        if ATTR_PASSWORD in self._data:
+            hass_config['password']: self._data[ATTR_PASSWORD]
+
+        return hass_config
+
+    def set_service_data(self, provider, data):
+        """Write the data into service object."""
+        if self.enabled:
+            _LOGGER.error("It is already a mqtt in use from %s", self.provider)
+            return False
+
+        self._data.update(data)
+        self._data[ATTR_PROVIDER] = provider
+
+        if provider == 'homeassistant':
+            _LOGGER.info("Use mqtt settings from Home-Assistant")
+            self.save()
+            return True
+
+        # discover mqtt to homeassistant
+        message = self._services.discovery.send(
+            provider, SERVICE_MQTT, None, self.hass_config)
+
+        self._data[ATTR_DISCOVERY_ID] = message.uuid
+        self.save()
+        return True
+
+    def del_service_data(self, provider):
+        """Remove the data from service object."""
+        if not self.enabled:
+            _LOGGER.warning("Can't remove not exists services.")
+            return False
+
+        discovery_id = self._data.get(ATTR_DISCOVERY_ID)
+        if discovery_id:
+            self._services.discovery.remove(
+                self._services.discovery.get(discovery_id))
+
+        self._data.clear()
+        self.save()
+        return True

hassio/services/validate.py

@@ -0,0 +1,44 @@
+"""Validate services schema."""
+
+import voluptuous as vol
+
+from ..const import (
+    SERVICE_MQTT, ATTR_HOST, ATTR_PORT, ATTR_PASSWORD, ATTR_USERNAME, ATTR_SSL,
+    ATTR_PROVIDER, ATTR_PROTOCOL, ATTR_DISCOVERY, ATTR_COMPONENT, ATTR_UUID,
+    ATTR_PLATFORM, ATTR_CONFIG, ATTR_DISCOVERY_ID)
+from ..validate import NETWORK_PORT
+
+
+SCHEMA_DISCOVERY = vol.Schema([
+    vol.Schema({
+        vol.Required(ATTR_UUID): vol.Match(r"^[0-9a-f]{32}$"),
+        vol.Required(ATTR_PROVIDER): vol.Coerce(str),
+        vol.Required(ATTR_COMPONENT): vol.Coerce(str),
+        vol.Required(ATTR_PLATFORM): vol.Any(None, vol.Coerce(str)),
+        vol.Required(ATTR_CONFIG): vol.Any(None, dict),
+    }, extra=vol.REMOVE_EXTRA)
+])
+
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_SERVICE_MQTT = vol.Schema({
+    vol.Required(ATTR_HOST): vol.Coerce(str),
+    vol.Required(ATTR_PORT): NETWORK_PORT,
+    vol.Optional(ATTR_USERNAME): vol.Coerce(str),
+    vol.Optional(ATTR_PASSWORD): vol.Coerce(str),
+    vol.Optional(ATTR_SSL, default=False): vol.Boolean(),
+    vol.Optional(ATTR_PROTOCOL, default='3.1.1'):
+        vol.All(vol.Coerce(str), vol.In(['3.1', '3.1.1'])),
+})
+
+
+SCHEMA_CONFIG_MQTT = SCHEMA_SERVICE_MQTT.extend({
+    vol.Required(ATTR_PROVIDER): vol.Coerce(str),
+    vol.Optional(ATTR_DISCOVERY_ID): vol.Match(r"^[0-9a-f]{32}$"),
+})
+
+
+SCHEMA_SERVICES_FILE = vol.Schema({
+    vol.Optional(SERVICE_MQTT, default=dict): vol.Any({}, SCHEMA_CONFIG_MQTT),
+    vol.Optional(ATTR_DISCOVERY, default=list): vol.Any([], SCHEMA_DISCOVERY),
+}, extra=vol.REMOVE_EXTRA)

hassio/snapshots/__init__.py

@@ -1,20 +1,19 @@
 """Snapshot system control."""
 import asyncio
-from datetime import datetime
 import logging
 from pathlib import Path
-import tarfile
 
 from .snapshot import Snapshot
 from .utils import create_slug
 from ..const import (
-    ATTR_SLUG, FOLDER_HOMEASSISTANT, SNAPSHOT_FULL, SNAPSHOT_PARTIAL)
+    FOLDER_HOMEASSISTANT, SNAPSHOT_FULL, SNAPSHOT_PARTIAL)
 from ..coresys import CoreSysAttributes
+from ..utils.dt import utcnow
 
 _LOGGER = logging.getLogger(__name__)
 
 
-class SnapshotsManager(CoreSysAttributes):
+class SnapshotManager(CoreSysAttributes):
     """Manage snapshots."""
 
     def __init__(self, coresys):
@@ -32,15 +31,15 @@ class SnapshotsManager(CoreSysAttributes):
         """Return snapshot object."""
         return self.snapshots_obj.get(slug)
 
-    def _create_snapshot(self, name, sys_type):
+    def _create_snapshot(self, name, sys_type, password):
         """Initialize a new snapshot object from name."""
-        date_str = datetime.utcnow().isoformat()
+        date_str = utcnow().isoformat()
         slug = create_slug(name, date_str)
-        tar_file = Path(self._config.path_backup, "{}.tar".format(slug))
+        tar_file = Path(self._config.path_backup, f"{slug}.tar")
 
         # init object
         snapshot = Snapshot(self.coresys, tar_file)
-        snapshot.create(slug, name, date_str, sys_type)
+        snapshot.new(slug, name, date_str, sys_type, password)
 
         # set general data
         snapshot.store_homeassistant()
@@ -75,65 +74,91 @@ class SnapshotsManager(CoreSysAttributes):
     def remove(self, snapshot):
         """Remove a snapshot."""
         try:
-            snapshot.tar_file.unlink()
+            snapshot.tarfile.unlink()
             self.snapshots_obj.pop(snapshot.slug, None)
+            _LOGGER.info("Removed snapshot file %s", snapshot.slug)
+
         except OSError as err:
             _LOGGER.error("Can't remove snapshot %s: %s", snapshot.slug, err)
             return False
 
         return True
 
-    async def do_snapshot_full(self, name=""):
+    async def import_snapshot(self, tar_file):
+        """Check snapshot tarfile and import it."""
+        snapshot = Snapshot(self.coresys, tar_file)
+
+        # Read meta data
+        if not await snapshot.load():
+            return None
+
+        # Allready exists?
+        if snapshot.slug in self.snapshots_obj:
+            _LOGGER.error("Snapshot %s allready exists!", snapshot.slug)
+            return None
+
+        # Move snapshot to backup
+        tar_origin = Path(self._config.path_backup, f"{snapshot.slug}.tar")
+        try:
+            snapshot.tarfile.rename(tar_origin)
+
+        except OSError as err:
+            _LOGGER.error("Can't move snapshot file to storage: %s", err)
+            return None
+
+        # Load new snapshot
+        snapshot = Snapshot(self.coresys, tar_origin)
+        if not await snapshot.load():
+            return None
+        _LOGGER.info("Success import %s", snapshot.slug)
+
+        self.snapshots_obj[snapshot.slug] = snapshot
+        return snapshot
+
+    async def do_snapshot_full(self, name="", password=None):
         """Create a full snapshot."""
         if self.lock.locked():
             _LOGGER.error("It is already a snapshot/restore process running")
-            return False
+            return None
 
-        snapshot = self._create_snapshot(name, SNAPSHOT_FULL)
+        snapshot = self._create_snapshot(name, SNAPSHOT_FULL, password)
         _LOGGER.info("Full-Snapshot %s start", snapshot.slug)
         try:
             self._scheduler.suspend = True
             await self.lock.acquire()
 
             async with snapshot:
-                # snapshot addons
-                tasks = []
-                for addon in self._addons.list_addons:
-                    if not addon.is_installed:
-                        continue
-                    tasks.append(snapshot.import_addon(addon))
+                # Snapshot add-ons
+                _LOGGER.info("Snapshot %s store Add-ons", snapshot.slug)
+                await snapshot.store_addons()
 
-                if tasks:
-                    _LOGGER.info("Full-Snapshot %s run %d addons",
-                                 snapshot.slug, len(tasks))
-                    await asyncio.wait(tasks, loop=self._loop)
-
-                # snapshot folders
-                _LOGGER.info("Full-Snapshot %s store folders", snapshot.slug)
+                # Snapshot folders
+                _LOGGER.info("Snapshot %s store folders", snapshot.slug)
                 await snapshot.store_folders()
 
-        except (OSError, ValueError, tarfile.TarError) as err:
-            _LOGGER.info("Full-Snapshot %s error: %s", snapshot.slug, err)
-            return False
+        except Exception:  # pylint: disable=broad-except
+            _LOGGER.exception("Snapshot %s error", snapshot.slug)
+            return None
 
         else:
             _LOGGER.info("Full-Snapshot %s done", snapshot.slug)
             self.snapshots_obj[snapshot.slug] = snapshot
-            return True
+            return snapshot
 
         finally:
             self._scheduler.suspend = False
             self.lock.release()
 
-    async def do_snapshot_partial(self, name="", addons=None, folders=None):
+    async def do_snapshot_partial(self, name="", addons=None, folders=None,
+                                  password=None):
         """Create a partial snapshot."""
         if self.lock.locked():
             _LOGGER.error("It is already a snapshot/restore process running")
-            return False
+            return None
 
         addons = addons or []
         folders = folders or []
-        snapshot = self._create_snapshot(name, SNAPSHOT_PARTIAL)
+        snapshot = self._create_snapshot(name, SNAPSHOT_PARTIAL, password)
 
         _LOGGER.info("Partial-Snapshot %s start", snapshot.slug)
         try:
@@ -141,45 +166,51 @@ class SnapshotsManager(CoreSysAttributes):
             await self.lock.acquire()
 
             async with snapshot:
-                # snapshot addons
-                tasks = []
-                for slug in addons:
-                    addon = self._addons.get(slug)
-                    if addon.is_installed:
-                        tasks.append(snapshot.import_addon(addon))
+                # Snapshot add-ons
+                addon_list = []
+                for addon_slug in addons:
+                    addon = self._addons.get(addon_slug)
+                    if addon and addon.is_installed:
+                        addon_list.append(addon)
+                        continue
+                    _LOGGER.warning(
+                        "Add-on %s not found/installed", addon_slug)
 
-                if tasks:
-                    _LOGGER.info("Partial-Snapshot %s run %d addons",
-                                 snapshot.slug, len(tasks))
-                    await asyncio.wait(tasks, loop=self._loop)
+                if addon_list:
+                    _LOGGER.info("Snapshot %s store Add-ons", snapshot.slug)
+                    await snapshot.store_addons(addon_list)
 
-                # snapshot folders
-                _LOGGER.info("Partial-Snapshot %s store folders %s",
-                             snapshot.slug, folders)
-                await snapshot.store_folders(folders)
+                # Snapshot folders
+                if folders:
+                    _LOGGER.info("Snapshot %s store folders", snapshot.slug)
+                    await snapshot.store_folders(folders)
 
-        except (OSError, ValueError, tarfile.TarError) as err:
-            _LOGGER.info("Partial-Snapshot %s error: %s", snapshot.slug, err)
-            return False
+        except Exception:  # pylint: disable=broad-except
+            _LOGGER.exception("Snapshot %s error", snapshot.slug)
+            return None
 
         else:
             _LOGGER.info("Partial-Snapshot %s done", snapshot.slug)
             self.snapshots_obj[snapshot.slug] = snapshot
-            return True
+            return snapshot
 
         finally:
             self._scheduler.suspend = False
             self.lock.release()
 
-    async def do_restore_full(self, snapshot):
+    async def do_restore_full(self, snapshot, password=None):
         """Restore a snapshot."""
         if self.lock.locked():
             _LOGGER.error("It is already a snapshot/restore process running")
             return False
 
         if snapshot.sys_type != SNAPSHOT_FULL:
-            _LOGGER.error(
-                "Full-Restore %s is only a partial snapshot!", snapshot.slug)
+            _LOGGER.error("Restore %s is only a partial snapshot!",
+                          snapshot.slug)
+            return False
+
+        if snapshot.protected and not snapshot.set_password(password):
+            _LOGGER.error("Invalid password for snapshot %s", snapshot.slug)
             return False
 
         _LOGGER.info("Full-Restore %s start", snapshot.slug)
@@ -188,71 +219,54 @@ class SnapshotsManager(CoreSysAttributes):
             await self.lock.acquire()
 
             async with snapshot:
-                # stop system
                 tasks = []
-                tasks.append(self._homeassistant.stop())
 
+                # Stop Home-Assistant / Add-ons
+                tasks.append(self._homeassistant.stop())
                 for addon in self._addons.list_addons:
                     if addon.is_installed:
                         tasks.append(addon.stop())
 
-                await asyncio.wait(tasks, loop=self._loop)
+                if tasks:
+                    _LOGGER.info("Restore %s stop tasks", snapshot.slug)
+                    await asyncio.wait(tasks, loop=self._loop)
 
-                # restore folders
-                _LOGGER.info("Full-Restore %s restore folders", snapshot.slug)
+                # Restore folders
+                _LOGGER.info("Restore %s run folders", snapshot.slug)
                 await snapshot.restore_folders()
 
-                # start homeassistant restore
-                _LOGGER.info("Full-Restore %s restore Home-Assistant",
-                             snapshot.slug)
+                # Start homeassistant restore
+                _LOGGER.info("Restore %s run Home-Assistant", snapshot.slug)
                 snapshot.restore_homeassistant()
                 task_hass = self._loop.create_task(
                     self._homeassistant.update(snapshot.homeassistant_version))
 
-                # restore repositories
-                _LOGGER.info("Full-Restore %s restore Repositories",
-                             snapshot.slug)
+                # Restore repositories
+                _LOGGER.info("Restore %s run Repositories", snapshot.slug)
                 await snapshot.restore_repositories()
 
-                # restore addons
-                tasks = []
-                actual_addons = \
-                    set(addon.slug for addon in self._addons.list_addons
-                        if addon.is_installed)
-                restore_addons = \
-                    set(data[ATTR_SLUG] for data in snapshot.addons)
-                remove_addons = actual_addons - restore_addons
-
-                _LOGGER.info("Full-Restore %s restore addons %s, remove %s",
-                             snapshot.slug, restore_addons, remove_addons)
-
-                for slug in remove_addons:
-                    addon = self._addons.get(slug)
-                    if addon:
+                # Delete delta add-ons
+                tasks.clear()
+                for addon in self._addons.list_installed:
+                    if addon.slug not in snapshot.addon_list:
                         tasks.append(addon.uninstall())
-                    else:
-                        _LOGGER.warning("Can't remove addon %s", snapshot.slug)
-
-                for slug in restore_addons:
-                    addon = self._addons.get(slug)
-                    if addon:
-                        tasks.append(snapshot.export_addon(addon))
-                    else:
-                        _LOGGER.warning("Can't restore addon %s", slug)
 
                 if tasks:
-                    _LOGGER.info("Full-Restore %s restore addons tasks %d",
-                                 snapshot.slug, len(tasks))
+                    _LOGGER.info("Restore %s remove add-ons", snapshot.slug)
                     await asyncio.wait(tasks, loop=self._loop)
 
+                # Restore add-ons
+                _LOGGER.info("Restore %s old add-ons", snapshot.slug)
+                await snapshot.restore_addons()
+
                 # finish homeassistant task
-                _LOGGER.info("Full-Restore %s wait until homeassistant ready",
+                _LOGGER.info("Restore %s wait until homeassistant ready",
                              snapshot.slug)
                 await task_hass
-                await self._homeassistant.run()
+                await self._homeassistant.start()
 
-        except (OSError, ValueError, tarfile.TarError) as err:
-            _LOGGER.info("Full-Restore %s error: %s", snapshot.slug, err)
+        except Exception:  # pylint: disable=broad-except
+            _LOGGER.exception("Restore %s error", snapshot.slug)
             return False
 
         else:
@@ -264,12 +278,16 @@ class SnapshotsManager(CoreSysAttributes):
             self.lock.release()
 
     async def do_restore_partial(self, snapshot, homeassistant=False,
-                                 addons=None, folders=None):
+                                 addons=None, folders=None, password=None):
         """Restore a snapshot."""
         if self.lock.locked():
             _LOGGER.error("It is already a snapshot/restore process running")
             return False
 
+        if snapshot.protected and not snapshot.set_password(password):
+            _LOGGER.error("Invalid password for snapshot %s", snapshot.slug)
+            return False
+
         addons = addons or []
         folders = folders or []
 
@@ -279,41 +297,47 @@ class SnapshotsManager(CoreSysAttributes):
             await self.lock.acquire()
 
             async with snapshot:
-                tasks = []
-
-                if FOLDER_HOMEASSISTANT in folders:
+                # Stop Home-Assistant if they will be restored later
+                if homeassistant and FOLDER_HOMEASSISTANT in folders:
                     await self._homeassistant.stop()
 
+                # Process folders
                 if folders:
-                    _LOGGER.info("Partial-Restore %s restore folders %s",
-                                 snapshot.slug, folders)
+                    _LOGGER.info("Restore %s run folders", snapshot.slug)
                     await snapshot.restore_folders(folders)
 
+                # Process Home-Assistant
+                task_hass = None
                 if homeassistant:
-                    _LOGGER.info("Partial-Restore %s restore Home-Assistant",
+                    _LOGGER.info("Restore %s run Home-Assistant",
                                  snapshot.slug)
                     snapshot.restore_homeassistant()
-                    tasks.append(self._homeassistant.update(
-                        snapshot.homeassistant_version))
+                    task_hass = self._loop.create_task(
+                        self._homeassistant.update(
+                            snapshot.homeassistant_version))
 
+                # Process Add-ons
+                addon_list = []
                 for slug in addons:
                     addon = self._addons.get(slug)
                     if addon:
-                        tasks.append(snapshot.export_addon(addon))
-                    else:
-                        _LOGGER.warning("Can't restore addon %s",
-                                        snapshot.slug)
+                        addon_list.append(addon)
+                        continue
+                    _LOGGER.warning("Can't restore addon %s", snapshot.slug)
 
-                if tasks:
-                    _LOGGER.info("Partial-Restore %s run %d tasks",
-                                 snapshot.slug, len(tasks))
-                    await asyncio.wait(tasks, loop=self._loop)
+                if addon_list:
+                    _LOGGER.info("Restore %s old add-ons", snapshot.slug)
+                    await snapshot.restore_addons(addon_list)
 
                 # make sure homeassistant run agen
-                await self._homeassistant.run()
+                if task_hass:
+                    _LOGGER.info("Restore %s wait for Home-Assistant",
+                                 snapshot.slug)
+                    await task_hass
+                await self._homeassistant.start()
 
-        except (OSError, ValueError, tarfile.TarError) as err:
-            _LOGGER.info("Partial-Restore %s error: %s", snapshot.slug, err)
+        except Exception:  # pylint: disable=broad-except
+            _LOGGER.exception("Restore %s error", snapshot.slug)
             return False
 
         else:

hassio/snapshots/snapshot.py

@@ -1,23 +1,29 @@
 """Represent a snapshot file."""
 import asyncio
+from base64 import b64decode, b64encode
 import json
 import logging
 from pathlib import Path
 import tarfile
 from tempfile import TemporaryDirectory
 
+from Crypto.Cipher import AES
+from Crypto.Util import Padding
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
 from .validate import SCHEMA_SNAPSHOT, ALL_FOLDERS
-from .utils import remove_folder
+from .utils import (
+    remove_folder, password_to_key, password_for_validating, key_to_iv)
 from ..const import (
     ATTR_SLUG, ATTR_NAME, ATTR_DATE, ATTR_ADDONS, ATTR_REPOSITORIES,
     ATTR_HOMEASSISTANT, ATTR_FOLDERS, ATTR_VERSION, ATTR_TYPE, ATTR_IMAGE,
-    ATTR_PORT, ATTR_SSL, ATTR_PASSWORD, ATTR_WATCHDOG, ATTR_BOOT,
-    ATTR_LAST_VERSION)
+    ATTR_PORT, ATTR_SSL, ATTR_PASSWORD, ATTR_WATCHDOG, ATTR_BOOT, ATTR_CRYPTO,
+    ATTR_LAST_VERSION, ATTR_PROTECTED, ATTR_WAIT_BOOT, ATTR_SIZE,
+    CRYPTO_AES128)
 from ..coresys import CoreSysAttributes
 from ..utils.json import write_json_file
+from ..utils.tar import SecureTarFile
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -28,9 +34,11 @@ class Snapshot(CoreSysAttributes):
     def __init__(self, coresys, tar_file):
         """Initialize a snapshot."""
         self.coresys = coresys
-        self.tar_file = tar_file
+        self._tarfile = tar_file
         self._data = {}
         self._tmp = None
+        self._key = None
+        self._aes = None
 
     @property
     def slug(self):
@@ -52,11 +60,21 @@ class Snapshot(CoreSysAttributes):
         """Return snapshot date."""
         return self._data[ATTR_DATE]
 
+    @property
+    def protected(self):
+        """Return snapshot date."""
+        return self._data.get(ATTR_PROTECTED) is not None
+
     @property
     def addons(self):
         """Return snapshot date."""
         return self._data[ATTR_ADDONS]
 
+    @property
+    def addon_list(self):
+        """Return a list of addons slugs."""
+        return [addon_data[ATTR_SLUG] for addon_data in self.addons]
+
     @property
     def folders(self):
         """Return list of saved folders."""
@@ -77,89 +95,29 @@ class Snapshot(CoreSysAttributes):
         """Return snapshot homeassistant version."""
         return self._data[ATTR_HOMEASSISTANT].get(ATTR_VERSION)
 
-    @homeassistant_version.setter
-    def homeassistant_version(self, value):
-        """Set snapshot homeassistant version."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_VERSION] = value
-
     @property
-    def homeassistant_last_version(self):
-        """Return snapshot homeassistant last version (custom)."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_LAST_VERSION)
-
-    @homeassistant_last_version.setter
-    def homeassistant_last_version(self, value):
-        """Set snapshot homeassistant last version (custom)."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_LAST_VERSION] = value
-
-    @property
-    def homeassistant_image(self):
-        """Return snapshot homeassistant custom image."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_IMAGE)
-
-    @homeassistant_image.setter
-    def homeassistant_image(self, value):
-        """Set snapshot homeassistant custom image."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_IMAGE] = value
-
-    @property
-    def homeassistant_ssl(self):
-        """Return snapshot homeassistant api ssl."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_SSL)
-
-    @homeassistant_ssl.setter
-    def homeassistant_ssl(self, value):
-        """Set snapshot homeassistant api ssl."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_SSL] = value
-
-    @property
-    def homeassistant_port(self):
-        """Return snapshot homeassistant api port."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_PORT)
-
-    @homeassistant_port.setter
-    def homeassistant_port(self, value):
-        """Set snapshot homeassistant api port."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_PORT] = value
-
-    @property
-    def homeassistant_password(self):
-        """Return snapshot homeassistant api password."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_PASSWORD)
-
-    @homeassistant_password.setter
-    def homeassistant_password(self, value):
-        """Set snapshot homeassistant api password."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_PASSWORD] = value
-
-    @property
-    def homeassistant_watchdog(self):
-        """Return snapshot homeassistant watchdog options."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_WATCHDOG)
-
-    @homeassistant_watchdog.setter
-    def homeassistant_watchdog(self, value):
-        """Set snapshot homeassistant watchdog options."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_WATCHDOG] = value
-
-    @property
-    def homeassistant_boot(self):
-        """Return snapshot homeassistant boot options."""
-        return self._data[ATTR_HOMEASSISTANT].get(ATTR_BOOT)
-
-    @homeassistant_boot.setter
-    def homeassistant_boot(self, value):
-        """Set snapshot homeassistant boot options."""
-        self._data[ATTR_HOMEASSISTANT][ATTR_BOOT] = value
+    def homeassistant(self):
+        """Return snapshot homeassistant data."""
+        return self._data[ATTR_HOMEASSISTANT]
 
     @property
     def size(self):
         """Return snapshot size."""
-        if not self.tar_file.is_file():
+        if not self.tarfile.is_file():
             return 0
-        return self.tar_file.stat().st_size / 1048576  # calc mbyte
+        return round(self.tarfile.stat().st_size / 1048576, 2)  # calc mbyte
 
-    def create(self, slug, name, date, sys_type):
+    @property
+    def is_new(self):
+        """Return True if there is new."""
+        return not self.tarfile.exists()
+
+    @property
+    def tarfile(self):
+        """Return path to Snapshot tarfile."""
+        return self._tarfile
+
+    def new(self, slug, name, date, sys_type, password=None):
         """Initialize a new snapshot."""
         # init metadata
         self._data[ATTR_SLUG] = slug
@@ -170,15 +128,52 @@ class Snapshot(CoreSysAttributes):
         # Add defaults
         self._data = SCHEMA_SNAPSHOT(self._data)
 
+        # Set password
+        if password:
+            self._key = password_to_key(password)
+            self._aes = AES.new(
+                self._key, AES.MODE_CBC, iv=key_to_iv(self._key))
+            self._data[ATTR_PROTECTED] = password_for_validating(password)
+            self._data[ATTR_CRYPTO] = CRYPTO_AES128
+
+    def set_password(self, password):
+        """Set the password for a exists snapshot."""
+        if not password:
+            return False
+
+        validating = password_for_validating(password)
+        if validating != self._data[ATTR_PROTECTED]:
+            return False
+
+        self._key = password_to_key(password)
+        self._aes = AES.new(self._key, AES.MODE_CBC, iv=key_to_iv(self._key))
+        return True
+
+    def _encrypt_data(self, data):
+        """Make data secure."""
+        if not self._key or data is None:
+            return data
+
+        return b64encode(
+            self._aes.encrypt(Padding.pad(data.encode(), 16))).decode()
+
+    def _decrypt_data(self, data):
+        """Make data readable."""
+        if not self._key or data is None:
+            return data
+
+        return Padding.unpad(
+            self._aes.decrypt(b64decode(data)), 16).decode()
+
     async def load(self):
         """Read snapshot.json from tar file."""
-        if not self.tar_file.is_file():
-            _LOGGER.error("No tarfile %s", self.tar_file)
+        if not self.tarfile.is_file():
+            _LOGGER.error("No tarfile %s", self.tarfile)
             return False
 
         def _load_file():
             """Read snapshot.json."""
-            with tarfile.open(self.tar_file, "r:") as snapshot:
+            with tarfile.open(self.tarfile, "r:") as snapshot:
                 json_file = snapshot.extractfile("./snapshot.json")
                 return json_file.read()
 
@@ -187,21 +182,21 @@ class Snapshot(CoreSysAttributes):
             raw = await self._loop.run_in_executor(None, _load_file)
         except (tarfile.TarError, KeyError) as err:
             _LOGGER.error(
-                "Can't read snapshot tarfile %s: %s", self.tar_file, err)
+                "Can't read snapshot tarfile %s: %s", self.tarfile, err)
             return False
 
         # parse data
         try:
             raw_dict = json.loads(raw)
         except json.JSONDecodeError as err:
-            _LOGGER.error("Can't read data for %s: %s", self.tar_file, err)
+            _LOGGER.error("Can't read data for %s: %s", self.tarfile, err)
             return False
 
         # validate
         try:
             self._data = SCHEMA_SNAPSHOT(raw_dict)
         except vol.Invalid as err:
-            _LOGGER.error("Can't validate data for %s: %s", self.tar_file,
+            _LOGGER.error("Can't validate data for %s: %s", self.tarfile,
                           humanize_error(raw_dict, err))
             return False
 
@@ -212,13 +207,13 @@ class Snapshot(CoreSysAttributes):
         self._tmp = TemporaryDirectory(dir=str(self._config.path_tmp))
 
         # create a snapshot
-        if not self.tar_file.is_file():
+        if not self.tarfile.is_file():
             return self
 
         # extract a exists snapshot
         def _extract_snapshot():
             """Extract a snapshot."""
-            with tarfile.open(self.tar_file, "r:") as tar:
+            with tarfile.open(self.tarfile, "r:") as tar:
                 tar.extractall(path=self._tmp.name)
 
         await self._loop.run_in_executor(None, _extract_snapshot)
@@ -226,7 +221,7 @@ class Snapshot(CoreSysAttributes):
     async def __aexit__(self, exception_type, exception_value, traceback):
         """Async context to close a snapshot."""
         # exists snapshot or exception on build
-        if self.tar_file.is_file() or exception_type is not None:
+        if self.tarfile.is_file() or exception_type is not None:
             self._tmp.cleanup()
             return
 
@@ -234,14 +229,14 @@ class Snapshot(CoreSysAttributes):
         try:
             self._data = SCHEMA_SNAPSHOT(self._data)
         except vol.Invalid as err:
-            _LOGGER.error("Invalid data for %s: %s", self.tar_file,
+            _LOGGER.error("Invalid data for %s: %s", self.tarfile,
                           humanize_error(self._data, err))
             raise ValueError("Invalid config") from None
 
         # new snapshot, build it
         def _create_snapshot():
             """Create a new snapshot."""
-            with tarfile.open(self.tar_file, "w:") as tar:
+            with tarfile.open(self.tarfile, "w:") as tar:
                 tar.add(self._tmp.name, arcname=".")
 
         try:
@@ -252,32 +247,63 @@ class Snapshot(CoreSysAttributes):
         finally:
             self._tmp.cleanup()
 
-    async def import_addon(self, addon):
-        """Add a addon into snapshot."""
-        snapshot_file = Path(self._tmp.name, "{}.tar.gz".format(addon.slug))
+    async def store_addons(self, addon_list=None):
+        """Add a list of add-ons into snapshot."""
+        addon_list = addon_list or self._addons.list_installed
 
-        if not await addon.snapshot(snapshot_file):
-            _LOGGER.error("Can't make snapshot from %s", addon.slug)
-            return False
+        async def _addon_save(addon):
+            """Task to store a add-on into snapshot."""
+            addon_file = SecureTarFile(
+                Path(self._tmp.name, f"{addon.slug}.tar.gz"),
+                'w', key=self._key)
 
-        # store to config
-        self._data[ATTR_ADDONS].append({
-            ATTR_SLUG: addon.slug,
-            ATTR_NAME: addon.name,
-            ATTR_VERSION: addon.version_installed,
-        })
+            # Take snapshot
+            if not await addon.snapshot(addon_file):
+                _LOGGER.error("Can't make snapshot from %s", addon.slug)
+                return
 
-        return True
+            # Store to config
+            self._data[ATTR_ADDONS].append({
+                ATTR_SLUG: addon.slug,
+                ATTR_NAME: addon.name,
+                ATTR_VERSION: addon.version_installed,
+                ATTR_SIZE: addon_file.size,
+            })
 
-    async def export_addon(self, addon):
-        """Restore a addon from snapshot."""
-        snapshot_file = Path(self._tmp.name, "{}.tar.gz".format(addon.slug))
+        # Run tasks
+        tasks = [_addon_save(addon) for addon in addon_list]
+        if tasks:
+            await asyncio.wait(tasks, loop=self._loop)
 
-        if not await addon.restore(snapshot_file):
-            _LOGGER.error("Can't restore snapshot for %s", addon.slug)
-            return False
+    async def restore_addons(self, addon_list=None):
+        """Restore a list add-on from snapshot."""
+        if not addon_list:
+            addon_list = []
+            for addon_slug in self.addon_list:
+                addon = self._addons.get(addon_slug)
+                if addon:
+                    addon_list.append(addon)
 
-        return True
+        async def _addon_restore(addon):
+            """Task to restore a add-on into snapshot."""
+            addon_file = SecureTarFile(
+                Path(self._tmp.name, f"{addon.slug}.tar.gz"),
+                'r', key=self._key)
+
+            # If exists inside snapshot
+            if not addon_file.path.exists():
+                _LOGGER.error("Can't find snapshot for %s", addon.slug)
+                return
+
+            # Performe a restore
+            if not await addon.restore(addon_file):
+                _LOGGER.error("Can't restore snapshot for %s", addon.slug)
+                return
+
+        # Run tasks
+        tasks = [_addon_restore(addon) for addon in addon_list]
+        if tasks:
+            await asyncio.wait(tasks, loop=self._loop)
 
     async def store_folders(self, folder_list=None):
         """Backup hassio data into snapshot."""
@@ -286,13 +312,18 @@ class Snapshot(CoreSysAttributes):
         def _folder_save(name):
             """Intenal function to snapshot a folder."""
             slug_name = name.replace("/", "_")
-            snapshot_tar = Path(self._tmp.name, "{}.tar.gz".format(slug_name))
+            tar_name = Path(self._tmp.name, f"{slug_name}.tar.gz")
             origin_dir = Path(self._config.path_hassio, name)
 
+            # Check if exsits
+            if not origin_dir.is_dir():
+                _LOGGER.warning("Can't find snapshot folder %s", name)
+                return
+
+            # Take snapshot
             try:
                 _LOGGER.info("Snapshot folder %s", name)
-                with tarfile.open(snapshot_tar, "w:gz",
-                                  compresslevel=1) as tar_file:
+                with SecureTarFile(tar_name, 'w', key=self._key) as tar_file:
                     tar_file.add(origin_dir, arcname=".")
 
                 _LOGGER.info("Snapshot folder %s done", name)
@@ -300,7 +331,7 @@ class Snapshot(CoreSysAttributes):
             except (tarfile.TarError, OSError) as err:
                 _LOGGER.warning("Can't snapshot folder %s: %s", name, err)
 
-        # run tasks
+        # Run tasks
         tasks = [self._loop.run_in_executor(None, _folder_save, folder)
                  for folder in folder_list]
         if tasks:
@@ -313,22 +344,28 @@ class Snapshot(CoreSysAttributes):
         def _folder_restore(name):
             """Intenal function to restore a folder."""
             slug_name = name.replace("/", "_")
-            snapshot_tar = Path(self._tmp.name, "{}.tar.gz".format(slug_name))
+            tar_name = Path(self._tmp.name, f"{slug_name}.tar.gz")
             origin_dir = Path(self._config.path_hassio, name)
 
-            # clean old stuff
+            # Check if exists inside snapshot
+            if not tar_name.exists():
+                _LOGGER.warning("Can't find restore folder %s", name)
+                return
+
+            # Clean old stuff
             if origin_dir.is_dir():
                 remove_folder(origin_dir)
 
+            # Performe a restore
             try:
                 _LOGGER.info("Restore folder %s", name)
-                with tarfile.open(snapshot_tar, "r:gz") as tar_file:
+                with SecureTarFile(tar_name, 'r', key=self._key) as tar_file:
                     tar_file.extractall(path=origin_dir)
                 _LOGGER.info("Restore folder %s done", name)
             except (tarfile.TarError, OSError) as err:
                 _LOGGER.warning("Can't restore folder %s: %s", name, err)
 
-        # run tasks
+        # Run tasks
         tasks = [self._loop.run_in_executor(None, _folder_restore, folder)
                  for folder in folder_list]
         if tasks:
@@ -336,34 +373,40 @@ class Snapshot(CoreSysAttributes):
 
     def store_homeassistant(self):
         """Read all data from homeassistant object."""
-        self.homeassistant_version = self._homeassistant.version
-        self.homeassistant_watchdog = self._homeassistant.watchdog
-        self.homeassistant_boot = self._homeassistant.boot
+        self.homeassistant[ATTR_VERSION] = self._homeassistant.version
+        self.homeassistant[ATTR_WATCHDOG] = self._homeassistant.watchdog
+        self.homeassistant[ATTR_BOOT] = self._homeassistant.boot
+        self.homeassistant[ATTR_WAIT_BOOT] = self._homeassistant.wait_boot
 
-        # custom image
+        # Custom image
         if self._homeassistant.is_custom_image:
-            self.homeassistant_image = self._homeassistant.image
-            self.homeassistant_last_version = self._homeassistant.last_version
+            self.homeassistant[ATTR_IMAGE] = self._homeassistant.image
+            self.homeassistant[ATTR_LAST_VERSION] = \
+                self._homeassistant.last_version
 
-        # api
-        self.homeassistant_port = self._homeassistant.api_port
-        self.homeassistant_ssl = self._homeassistant.api_ssl
-        self.homeassistant_password = self._homeassistant.api_password
+        # API/Proxy
+        self.homeassistant[ATTR_PORT] = self._homeassistant.api_port
+        self.homeassistant[ATTR_SSL] = self._homeassistant.api_ssl
+        self.homeassistant[ATTR_PASSWORD] = \
+            self._encrypt_data(self._homeassistant.api_password)
 
     def restore_homeassistant(self):
         """Write all data to homeassistant object."""
-        self._homeassistant.watchdog = self.homeassistant_watchdog
-        self._homeassistant.boot = self.homeassistant_boot
+        self._homeassistant.watchdog = self.homeassistant[ATTR_WATCHDOG]
+        self._homeassistant.boot = self.homeassistant[ATTR_BOOT]
+        self._homeassistant.wait_boot = self.homeassistant[ATTR_WAIT_BOOT]
 
-        # custom image
-        if self.homeassistant_image:
-            self._homeassistant.image = self.homeassistant_image
-            self._homeassistant.last_version = self.homeassistant_last_version
+        # Custom image
+        if self.homeassistant.get(ATTR_IMAGE):
+            self._homeassistant.image = self.homeassistant[ATTR_IMAGE]
+            self._homeassistant.last_version = \
+                self.homeassistant[ATTR_LAST_VERSION]
 
-        # api
-        self._homeassistant.api_port = self.homeassistant_port
-        self._homeassistant.api_ssl = self.homeassistant_ssl
-        self._homeassistant.api_password = self.homeassistant_password
+        # API/Proxy
+        self._homeassistant.api_port = self.homeassistant[ATTR_PORT]
+        self._homeassistant.api_ssl = self.homeassistant[ATTR_SSL]
+        self._homeassistant.api_password = \
+            self._decrypt_data(self.homeassistant[ATTR_PASSWORD])
 
         # save
         self._homeassistant.save_data()

hassio/snapshots/utils.py

@@ -1,6 +1,34 @@
 """Util addons functions."""
 import hashlib
 import shutil
+import re
+
+RE_DIGITS = re.compile(r"\d+")
+
+
+def password_to_key(password):
+    """Generate a AES Key from password."""
+    password = password.encode()
+    for _ in range(100):
+        password = hashlib.sha256(password).digest()
+    return password[:16]
+
+
+def password_for_validating(password):
+    """Generate a SHA256 hash from password."""
+    for _ in range(100):
+        password = hashlib.sha256(password.encode()).hexdigest()
+    try:
+        return str(sum(map(int, RE_DIGITS.findall(password))))[0]
+    except (ValueError, IndexError):
+        return "0"
+
+
+def key_to_iv(key):
+    """Generate a iv from Key."""
+    for _ in range(100):
+        key = hashlib.sha256(key).digest()
+    return key[:16]
 
 
 def create_slug(name, date_str):

hassio/snapshots/validate.py

@@ -5,10 +5,10 @@ import voluptuous as vol
 from ..const import (
     ATTR_REPOSITORIES, ATTR_ADDONS, ATTR_NAME, ATTR_SLUG, ATTR_DATE,
     ATTR_VERSION, ATTR_HOMEASSISTANT, ATTR_FOLDERS, ATTR_TYPE, ATTR_IMAGE,
-    ATTR_PASSWORD, ATTR_PORT, ATTR_SSL, ATTR_WATCHDOG, ATTR_BOOT,
-    ATTR_LAST_VERSION,
+    ATTR_PASSWORD, ATTR_PORT, ATTR_SSL, ATTR_WATCHDOG, ATTR_BOOT, ATTR_SIZE,
+    ATTR_LAST_VERSION, ATTR_WAIT_BOOT, ATTR_PROTECTED, ATTR_CRYPTO,
     FOLDER_SHARE, FOLDER_HOMEASSISTANT, FOLDER_ADDONS, FOLDER_SSL,
-    SNAPSHOT_FULL, SNAPSHOT_PARTIAL)
+    SNAPSHOT_FULL, SNAPSHOT_PARTIAL, CRYPTO_AES128)
 from ..validate import NETWORK_PORT, REPOSITORIES, DOCKER_IMAGE
 
 ALL_FOLDERS = [FOLDER_HOMEASSISTANT, FOLDER_SHARE, FOLDER_ADDONS, FOLDER_SSL]
@@ -29,8 +29,11 @@ SCHEMA_SNAPSHOT = vol.Schema({
     vol.Required(ATTR_TYPE): vol.In([SNAPSHOT_FULL, SNAPSHOT_PARTIAL]),
     vol.Required(ATTR_NAME): vol.Coerce(str),
     vol.Required(ATTR_DATE): vol.Coerce(str),
+    vol.Inclusive(ATTR_PROTECTED, 'encrypted'):
+        vol.All(vol.Coerce(str), vol.Length(min=1, max=1)),
+    vol.Inclusive(ATTR_CRYPTO, 'encrypted'): CRYPTO_AES128,
     vol.Optional(ATTR_HOMEASSISTANT, default=dict): vol.Schema({
-        vol.Required(ATTR_VERSION): vol.Coerce(str),
+        vol.Optional(ATTR_VERSION): vol.Coerce(str),
         vol.Inclusive(ATTR_IMAGE, 'custom_hass'): DOCKER_IMAGE,
         vol.Inclusive(ATTR_LAST_VERSION, 'custom_hass'): vol.Coerce(str),
         vol.Optional(ATTR_BOOT, default=True): vol.Boolean(),
@@ -38,6 +41,8 @@ SCHEMA_SNAPSHOT = vol.Schema({
         vol.Optional(ATTR_PORT, default=8123): NETWORK_PORT,
         vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
         vol.Optional(ATTR_WATCHDOG, default=True): vol.Boolean(),
+        vol.Optional(ATTR_WAIT_BOOT, default=600):
+            vol.All(vol.Coerce(int), vol.Range(min=60)),
     }, extra=vol.REMOVE_EXTRA),
     vol.Optional(ATTR_FOLDERS, default=list):
         vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
@@ -45,6 +50,7 @@ SCHEMA_SNAPSHOT = vol.Schema({
         vol.Required(ATTR_SLUG): vol.Coerce(str),
         vol.Required(ATTR_NAME): vol.Coerce(str),
         vol.Required(ATTR_VERSION): vol.Coerce(str),
+        vol.Optional(ATTR_SIZE, default=0): vol.Coerce(float),
     }, extra=vol.REMOVE_EXTRA)], unique_addons),
     vol.Optional(ATTR_REPOSITORIES, default=list): REPOSITORIES,
 }, extra=vol.ALLOW_EXTRA)

hassio/tasks.py

@@ -98,7 +98,7 @@ class Tasks(CoreSysAttributes):
             return
 
         _LOGGER.warning("Watchdog found a problem with Home-Assistant docker!")
-        await self._homeassistant.run()
+        await self._homeassistant.start()
 
     async def _watchdog_homeassistant_api(self):
         """Create scheduler task for montoring running state of API.

hassio/utils/dt.py

@@ -8,6 +8,8 @@ import aiohttp
 import async_timeout
 import pytz
 
+UTC = pytz.utc
+
 _LOGGER = logging.getLogger(__name__)
 
 FREEGEOIP_URL = "https://freegeoip.io/json/"
@@ -61,7 +63,7 @@ def parse_datetime(dt_str):
 
     tzinfo = None  # type: Optional[dt.tzinfo]
     if tzinfo_str == 'Z':
-        tzinfo = pytz.utc
+        tzinfo = UTC
     elif tzinfo_str is not None:
         offset_mins = int(tzinfo_str[-2:]) if len(tzinfo_str) > 3 else 0
         offset_hours = int(tzinfo_str[1:3])
@@ -74,3 +76,8 @@ def parse_datetime(dt_str):
     kws = {k: int(v) for k, v in kws.items() if v is not None}
     kws['tzinfo'] = tzinfo
     return datetime(**kws)
+
+
+def utcnow():
+    """Returns current timestamp including timezone."""
+    return datetime.now(UTC)

hassio/utils/json.py

@@ -32,6 +32,14 @@ class JsonConfig(object):
 
         self.read_data()
 
+    def reset_data(self):
+        """Reset json file to default."""
+        try:
+            self._data = self._schema({})
+        except vol.Invalid as ex:
+            _LOGGER.error("Can't reset %s: %s",
+                          self._file, humanize_error(self._data, ex))
+
     def read_data(self):
         """Read json file & validate."""
         if self._file.is_file():
@@ -63,7 +71,7 @@ class JsonConfig(object):
 
             # Load last valid data
             _LOGGER.warning("Reset %s to last version", self._file)
-            self.save_data()
+            self.read_data()
             return
 
         # write

hassio/utils/tar.py

@@ -0,0 +1,88 @@
+"""Tarfile fileobject handler for encrypted files."""
+import tarfile
+import hashlib
+
+from Crypto.Cipher import AES
+from Crypto.Random import get_random_bytes
+from Crypto.Util.Padding import pad
+
+BLOCK_SIZE = 16
+
+MOD_READ = 'r'
+MOD_WRITE = 'w'
+
+
+class SecureTarFile(object):
+    """Handle encrypted files for tarfile library."""
+
+    def __init__(self, name, mode, key=None, gzip=True):
+        """Initialize encryption handler."""
+        self._file = None
+        self._mode = mode
+        self._name = name
+
+        # Tarfile options
+        self._tar = None
+        self._tar_mode = f"{mode}|gz" if gzip else f"{mode}|"
+
+        # Encryption/Decription
+        self._aes = None
+        self._key = key
+
+    def __enter__(self):
+        """Start context manager tarfile."""
+        if not self._key:
+            self._tar = tarfile.open(name=str(self._name), mode=self._tar_mode)
+            return self._tar
+
+        # Encrypted/Decryped Tarfile
+        self._file = self._name.open(f"{self._mode}b")
+
+        # Extract IV for CBC
+        if self._mode == MOD_READ:
+            cbc_rand = self._file.read(16)
+        else:
+            cbc_rand = get_random_bytes(16)
+            self._file.write(cbc_rand)
+        self._aes = AES.new(
+            self._key, AES.MODE_CBC, iv=_generate_iv(self._key, cbc_rand))
+
+        self._tar = tarfile.open(fileobj=self, mode=self._tar_mode)
+        return self._tar
+
+    def __exit__(self, exc_type, exc_value, traceback):
+        """Close file."""
+        if self._tar:
+            self._tar.close()
+        if self._file:
+            self._file.close()
+
+    def write(self, data):
+        """Write data."""
+        if len(data) % BLOCK_SIZE != 0:
+            data = pad(data, BLOCK_SIZE)
+        self._file.write(self._aes.encrypt(data))
+
+    def read(self, size=0):
+        """Read data."""
+        return self._aes.decrypt(self._file.read(size))
+
+    @property
+    def path(self):
+        """Return path object of tarfile."""
+        return self._name
+
+    @property
+    def size(self):
+        """Return snapshot size."""
+        if not self._name.is_file():
+            return 0
+        return round(self._name.stat().st_size / 1048576, 2)  # calc mbyte
+
+
+def _generate_iv(key, salt):
+    """Generate a iv from data."""
+    temp_iv = key + salt
+    for _ in range(100):
+        temp_iv = hashlib.sha256(temp_iv).digest()
+    return temp_iv[:16]

hassio/validate.py

@@ -1,5 +1,6 @@
 """Validate functions."""
 import uuid
+import re
 
 import voluptuous as vol
 import pytz
@@ -11,13 +12,29 @@ from .const import (
     ATTR_SSL, ATTR_PORT, ATTR_WATCHDOG, ATTR_WAIT_BOOT, ATTR_UUID)
 
 
+RE_REPOSITORY = re.compile(r"^(?P<url>[^#]+)(?:#(?P<branch>[\w\-]+))?$")
+
 NETWORK_PORT = vol.All(vol.Coerce(int), vol.Range(min=1, max=65535))
 ALSA_CHANNEL = vol.Match(r"\d+,\d+")
 WAIT_BOOT = vol.All(vol.Coerce(int), vol.Range(min=1, max=60))
 DOCKER_IMAGE = vol.Match(r"^[\w{}]+/[\-\w{}]+$")
 
+
+def validate_repository(repository):
+    """Validate a valide repository."""
+    data = RE_REPOSITORY.match(repository)
+    if not data:
+        raise vol.Invalid("No valid repository format!")
+
+    # Validate URL
+    # pylint: disable=no-value-for-parameter
+    vol.Url()(data.group('url'))
+
+    return repository
+
+
 # pylint: disable=no-value-for-parameter
-REPOSITORIES = vol.All([vol.Url()], vol.Unique())
+REPOSITORIES = vol.All([validate_repository], vol.Unique())
 
 
 def validate_timezone(timezone):
@@ -72,6 +89,8 @@ SCHEMA_HASS_CONFIG = vol.Schema({
     vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
     vol.Optional(ATTR_SSL, default=False): vol.Boolean(),
     vol.Optional(ATTR_WATCHDOG, default=True): vol.Boolean(),
+    vol.Optional(ATTR_WAIT_BOOT, default=600):
+        vol.All(vol.Coerce(int), vol.Range(min=60)),
 }, extra=vol.REMOVE_EXTRA)
 
 

setup.py

@@ -40,13 +40,14 @@ setup(
     ],
     include_package_data=True,
     install_requires=[
-        'async_timeout',
-        'aiohttp',
-        'docker',
-        'colorlog',
-        'voluptuous',
-        'gitpython',
-        'pytz',
-        'pyudev'
+        'async_timeout==2.0.0',
+        'aiohttp==2.3.10',
+        'docker==3.1.0',
+        'colorlog==3.1.2',
+        'voluptuous==0.11.1',
+        'gitpython==2.1.8',
+        'pytz==2018.3',
+        'pyudev==0.21.0',
+        'pycryptodome==3.4.11'
     ]
 )

version.json

@@ -1,6 +1,6 @@
 {
-    "hassio": "0.84",
-    "homeassistant": "0.61.1",
+    "hassio": "0.96",
+    "homeassistant": "0.64.3",
     "resinos": "1.1",
     "resinhup": "0.3",
     "generic": "0.3",