Merge pull request #660 from home-assistant/dev

Release 127

.github/release-drafter.yml

@@ -0,0 +1,4 @@
+template: |
+  ## What's Changed
+
+  $CHANGES

.travis.yml

@@ -1,12 +1,6 @@
-sudo: false
-matrix:
-  fast_finish: true
-  include:
-    - python: "3.6"
-
-cache:
-  directories:
-    - $HOME/.cache/pip
+sudo: true
+dist: xenial
 install: pip install -U tox
 language: python
+python: 3.7
 script: tox

API.md

@@ -273,7 +273,9 @@ return:
 ```json
 {
     "version": "2.3",
+    "version_cli": "7",
     "version_latest": "2.4",
+    "version_cli_latest": "8",
     "board": "ova|rpi"
 }
 ```
@@ -285,6 +287,13 @@ return:
 }
 ```
 
+- POST `/hassos/update/cli`
+```json
+{
+    "version": "optional"
+}
+```
+
 - POST `/hassos/config/sync`
 
 Load host configs from a USB stick.
@@ -372,6 +381,7 @@ Output is the raw Docker log.
     "port": "port for access hass",
     "ssl": "bool",
     "password": "",
+    "refresh_token": "",
     "watchdog": "bool",
     "startup_time": 600
 }
@@ -468,10 +478,14 @@ Get all available addons.
     "changelog": "bool",
     "hassio_api": "bool",
     "homeassistant_api": "bool",
+    "full_access": "bool",
+    "protected": "bool",
+    "rating": "1-6",
     "stdin": "bool",
     "webui": "null|http(s)://[HOST]:port/xy/zx",
     "gpio": "bool",
     "devicetree": "bool",
+    "docker_api": "bool",
     "audio": "bool",
     "audio_input": "null|0,0",
     "audio_output": "null|0,0",
@@ -496,6 +510,7 @@ Get all available addons.
       "CONTAINER": "port|[ip, port]"
     },
     "options": {},
+    "protected": "bool",
     "audio_output": "null|0,0",
     "audio_input": "null|0,0"
 }

Dockerfile

@@ -1,26 +1,22 @@
 ARG BUILD_FROM
 FROM $BUILD_FROM
 
-# Add env
-ENV LANG C.UTF-8
-
-# Setup base
+# Install base
 RUN apk add --no-cache \
-        python3 \
-        git \
-        socat \
-        glib \
-        libstdc++ \
-        eudev-libs \
-    && apk add --no-cache --virtual .build-dependencies \
+    git \
+    socat \
+    glib \
+    libstdc++ \
+    eudev-libs
+
+# Install requirements
+COPY requirements.txt /usr/src/
+RUN apk add --no-cache --virtual .build-dependencies \
         make \
-        python3-dev \
         g++ \
-    && pip3 install --no-cache-dir \
-        uvloop==0.10.2 \
-        cchardet==2.1.1 \
-        pycryptodome==3.4.11 \
-    && apk del .build-dependencies
+    && pip3 install --no-cache-dir -r /usr/src/requirements.txt \
+    && apk del .build-dependencies \
+    && rm -f /usr/src/requirements.txt
 
 # Install HassIO
 COPY . /usr/src/hassio

hassio/__main__.py

@@ -4,7 +4,7 @@ from concurrent.futures import ThreadPoolExecutor
 import logging
 import sys
 
-import hassio.bootstrap as bootstrap
+from hassio import bootstrap
 
 _LOGGER = logging.getLogger(__name__)
 

hassio/addons/addon.py

@@ -14,7 +14,7 @@ from voluptuous.humanize import humanize_error
 
 from .validate import (
     validate_options, SCHEMA_ADDON_SNAPSHOT, RE_VOLUME, RE_SERVICE)
-from .utils import check_installed
+from .utils import check_installed, remove_data
 from ..const import (
     ATTR_NAME, ATTR_VERSION, ATTR_SLUG, ATTR_DESCRIPTON, ATTR_BOOT, ATTR_MAP,
     ATTR_OPTIONS, ATTR_PORTS, ATTR_SCHEMA, ATTR_IMAGE, ATTR_REPOSITORY,
@@ -25,8 +25,9 @@ from ..const import (
     ATTR_HASSIO_API, ATTR_AUDIO, ATTR_AUDIO_OUTPUT, ATTR_AUDIO_INPUT,
     ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY, ATTR_HOST_IPC,
     ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_DISCOVERY, ATTR_SERVICES,
-    ATTR_APPARMOR, ATTR_DEVICETREE, SECURITY_PROFILE, SECURITY_DISABLE,
-    SECURITY_DEFAULT)
+    ATTR_APPARMOR, ATTR_DEVICETREE, ATTR_DOCKER_API, ATTR_FULL_ACCESS,
+    ATTR_PROTECTED,
+    SECURITY_PROFILE, SECURITY_DISABLE, SECURITY_DEFAULT)
 from ..coresys import CoreSysAttributes
 from ..docker.addon import DockerAddon
 from ..utils.json import write_json_file, read_json_file
@@ -201,6 +202,18 @@ class Addon(CoreSysAttributes):
             return self._data.cache[self._id][ATTR_VERSION]
         return self.version_installed
 
+    @property
+    def protected(self):
+        """Return if addon is in protected mode."""
+        if self.is_installed:
+            return self._data.user[self._id][ATTR_PROTECTED]
+        return True
+
+    @protected.setter
+    def protected(self, value):
+        """Set addon in protected mode."""
+        self._data.user[self._id][ATTR_PROTECTED] = value
+
     @property
     def startup(self):
         """Return startup type of addon."""
@@ -335,6 +348,11 @@ class Addon(CoreSysAttributes):
         """Return if the add-on don't support hass labels."""
         return self._mesh.get(ATTR_LEGACY)
 
+    @property
+    def access_docker_api(self):
+        """Return if the add-on need read-only docker API access."""
+        return self._mesh.get(ATTR_DOCKER_API)
+
     @property
     def access_hassio_api(self):
         """Return True if the add-on access to hassio api."""
@@ -355,6 +373,11 @@ class Addon(CoreSysAttributes):
         """Return True if the add-on access to gpio interface."""
         return self._mesh[ATTR_GPIO]
 
+    @property
+    def with_full_access(self):
+        """Return True if the add-on want full access to hardware."""
+        return self._mesh[ATTR_FULL_ACCESS]
+
     @property
     def with_devicetree(self):
         """Return True if the add-on read access to devicetree."""
@@ -636,7 +659,7 @@ class Addon(CoreSysAttributes):
         if self.path_data.is_dir():
             _LOGGER.info(
                 "Remove Home-Assistant addon data folder %s", self.path_data)
-            shutil.rmtree(str(self.path_data))
+            await remove_data(self.path_data)
 
         # Cleanup audio settings
         if self.path_asound.exists():
@@ -856,12 +879,12 @@ class Addon(CoreSysAttributes):
             # restore data
             def _restore_data():
                 """Restore data."""
-                if self.path_data.is_dir():
-                    shutil.rmtree(str(self.path_data), ignore_errors=True)
                 shutil.copytree(str(Path(temp, "data")), str(self.path_data))
 
+            _LOGGER.info("Restore data for addon %s", self._id)
+            if self.path_data.is_dir():
+                await remove_data(self.path_data)
             try:
-                _LOGGER.info("Restore data for addon %s", self._id)
                 await self.sys_run_in_executor(_restore_data)
             except shutil.Error as err:
                 _LOGGER.error("Can't restore origin data: %s", err)

hassio/addons/data.py

@@ -80,7 +80,7 @@ class AddonsData(JsonConfig, CoreSysAttributes):
                 read_json_file(repository_file)
             )
 
-        except (OSError, json.JSONDecodeError):
+        except (OSError, json.JSONDecodeError, UnicodeDecodeError):
             _LOGGER.warning("Can't read repository information from %s",
                             repository_file)
             return

hassio/addons/utils.py

@@ -1,13 +1,56 @@
 """Util addons functions."""
+import asyncio
 import hashlib
 import logging
 import re
 
+from ..const import (
+    SECURITY_DISABLE, SECURITY_PROFILE, PRIVILEGED_NET_ADMIN,
+    PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO)
+
 RE_SHA1 = re.compile(r"[a-f0-9]{8}")
 
 _LOGGER = logging.getLogger(__name__)
 
 
+def rating_security(addon):
+    """Return 1-5 for security rating.
+
+    1 = not secure
+    5 = high secure
+    """
+    rating = 5
+
+    # AppArmor
+    if addon.apparmor == SECURITY_DISABLE:
+        rating += -1
+    elif addon.apparmor == SECURITY_PROFILE:
+        rating += 1
+
+    # API Access
+    if addon.access_hassio_api or addon.access_homeassistant_api:
+        rating += -1
+
+    # Privileged options
+    if addon.privileged in (PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN,
+                            PRIVILEGED_SYS_RAWIO):
+        rating += -1
+
+    # Not secure Networking
+    if addon.host_network:
+        rating += -1
+
+    # Full Access
+    if addon.with_full_access:
+        rating += -2
+
+    # Docker Access
+    if addon.access_docker_api:
+        rating = 1
+
+    return max(min(6, rating), 1)
+
+
 def get_hash_from_repository(name):
     """Generate a hash from repository."""
     key = name.lower().encode()
@@ -33,3 +76,20 @@ def check_installed(method):
         return await method(addon, *args, **kwargs)
 
     return wrap_check
+
+
+async def remove_data(folder):
+    """Remove folder and reset privileged."""
+    try:
+        proc = await asyncio.create_subprocess_exec(
+            "rm", "-rf", str(folder),
+            stdout=asyncio.subprocess.DEVNULL
+        )
+
+        _, error_msg = await proc.communicate()
+    except OSError as err:
+        error_msg = str(err)
+
+    if proc.returncode == 0:
+        return
+    _LOGGER.error("Can't remove Add-on Data: %s", error_msg)

hassio/addons/validate.py

@@ -18,7 +18,11 @@ from ..const import (
     ATTR_AUDIO_OUTPUT, ATTR_HASSIO_API, ATTR_BUILD_FROM, ATTR_SQUASH,
     ATTR_ARGS, ATTR_GPIO, ATTR_HOMEASSISTANT_API, ATTR_STDIN, ATTR_LEGACY,
     ATTR_HOST_DBUS, ATTR_AUTO_UART, ATTR_SERVICES, ATTR_DISCOVERY,
-    ATTR_APPARMOR, ATTR_DEVICETREE)
+    ATTR_APPARMOR, ATTR_DEVICETREE, ATTR_DOCKER_API, ATTR_PROTECTED,
+    ATTR_FULL_ACCESS,
+    PRIVILEGED_NET_ADMIN, PRIVILEGED_SYS_ADMIN, PRIVILEGED_SYS_RAWIO,
+    PRIVILEGED_IPC_LOCK, PRIVILEGED_SYS_TIME, PRIVILEGED_SYS_NICE,
+    PRIVILEGED_SYS_RESOURCE)
 from ..validate import NETWORK_PORT, DOCKER_PORTS, ALSA_DEVICE
 
 _LOGGER = logging.getLogger(__name__)
@@ -58,12 +62,13 @@ STARTUP_ALL = [
 ]
 
 PRIVILEGED_ALL = [
-    "NET_ADMIN",
-    "SYS_ADMIN",
-    "SYS_RAWIO",
-    "IPC_LOCK",
-    "SYS_TIME",
-    "SYS_NICE"
+    PRIVILEGED_NET_ADMIN,
+    PRIVILEGED_SYS_ADMIN,
+    PRIVILEGED_SYS_RAWIO,
+    PRIVILEGED_IPC_LOCK,
+    PRIVILEGED_SYS_TIME,
+    PRIVILEGED_SYS_NICE,
+    PRIVILEGED_SYS_RESOURCE,
 ]
 
 BASE_IMAGE = {
@@ -109,6 +114,7 @@ SCHEMA_ADDON_CONFIG = vol.Schema({
     vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): vol.Coerce(str)},
     vol.Optional(ATTR_PRIVILEGED): [vol.In(PRIVILEGED_ALL)],
     vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
+    vol.Optional(ATTR_FULL_ACCESS, default=False): vol.Boolean(),
     vol.Optional(ATTR_AUDIO, default=False): vol.Boolean(),
     vol.Optional(ATTR_GPIO, default=False): vol.Boolean(),
     vol.Optional(ATTR_DEVICETREE, default=False): vol.Boolean(),
@@ -116,6 +122,7 @@ SCHEMA_ADDON_CONFIG = vol.Schema({
     vol.Optional(ATTR_HOMEASSISTANT_API, default=False): vol.Boolean(),
     vol.Optional(ATTR_STDIN, default=False): vol.Boolean(),
     vol.Optional(ATTR_LEGACY, default=False): vol.Boolean(),
+    vol.Optional(ATTR_DOCKER_API, default=False): vol.Boolean(),
     vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
     vol.Optional(ATTR_DISCOVERY): [vol.Match(RE_DISCOVERY)],
     vol.Required(ATTR_OPTIONS): dict,
@@ -129,7 +136,8 @@ SCHEMA_ADDON_CONFIG = vol.Schema({
             vol.Coerce(str): vol.Any(SCHEMA_ELEMENT, [SCHEMA_ELEMENT])
         }))
     }), False),
-    vol.Optional(ATTR_IMAGE): vol.Match(r"^[\w{}]+/[\-\w{}]+$"),
+    vol.Optional(ATTR_IMAGE):
+        vol.Match(r"^([a-zA-Z.:\d{}]+/)*?([\w{}]+)/([\-\w{}]+)$"),
     vol.Optional(ATTR_TIMEOUT, default=10):
         vol.All(vol.Coerce(int), vol.Range(min=10, max=120)),
 }, extra=vol.REMOVE_EXTRA)
@@ -167,6 +175,7 @@ SCHEMA_ADDON_USER = vol.Schema({
     vol.Optional(ATTR_NETWORK): DOCKER_PORTS,
     vol.Optional(ATTR_AUDIO_OUTPUT): ALSA_DEVICE,
     vol.Optional(ATTR_AUDIO_INPUT): ALSA_DEVICE,
+    vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
 }, extra=vol.REMOVE_EXTRA)
 
 

hassio/api/__init__.py

@@ -76,6 +76,7 @@ class RestAPI(CoreSysAttributes):
         self.webapp.add_routes([
             web.get('/hassos/info', api_hassos.info),
             web.post('/hassos/update', api_hassos.update),
+            web.post('/hassos/update/cli', api_hassos.update_cli),
             web.post('/hassos/config/sync', api_hassos.config_sync),
         ])
 
@@ -234,13 +235,16 @@ class RestAPI(CoreSysAttributes):
     async def start(self):
         """Run rest api webserver."""
         await self._runner.setup()
-        self._site = web.TCPSite(self._runner, "0.0.0.0", 80)
+        self._site = web.TCPSite(
+            self._runner, host="0.0.0.0", port=80, shutdown_timeout=5)
 
         try:
             await self._site.start()
         except OSError as err:
             _LOGGER.fatal(
                 "Failed to create HTTP server at 0.0.0.0:80 -> %s", err)
+        else:
+            _LOGGER.info("Start API on %s", self.sys_docker.network.supervisor)
 
     async def stop(self):
         """Stop rest api webserver."""
@@ -250,3 +254,5 @@ class RestAPI(CoreSysAttributes):
         # Shutdown running API
         await self._site.stop()
         await self._runner.cleanup()
+
+        _LOGGER.info("Stop API on %s", self.sys_docker.network.supervisor)

hassio/api/addons.py

@@ -6,6 +6,7 @@ import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
 from .utils import api_process, api_process_raw, api_validate
+from ..addons.utils import rating_security
 from ..const import (
     ATTR_VERSION, ATTR_LAST_VERSION, ATTR_STATE, ATTR_BOOT, ATTR_OPTIONS,
     ATTR_URL, ATTR_DESCRIPTON, ATTR_DETACHED, ATTR_NAME, ATTR_REPOSITORY,
@@ -17,10 +18,12 @@ from ..const import (
     ATTR_CHANGELOG, ATTR_HOST_IPC, ATTR_HOST_DBUS, ATTR_LONG_DESCRIPTION,
     ATTR_CPU_PERCENT, ATTR_MEMORY_LIMIT, ATTR_MEMORY_USAGE, ATTR_NETWORK_TX,
     ATTR_NETWORK_RX, ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_ICON, ATTR_SERVICES,
-    ATTR_DISCOVERY, ATTR_APPARMOR, ATTR_DEVICETREE,
-    CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT)
+    ATTR_DISCOVERY, ATTR_APPARMOR, ATTR_DEVICETREE, ATTR_DOCKER_API,
+    ATTR_FULL_ACCESS, ATTR_PROTECTED, ATTR_RATING,
+    CONTENT_TYPE_PNG, CONTENT_TYPE_BINARY, CONTENT_TYPE_TEXT, REQUEST_FROM)
 from ..coresys import CoreSysAttributes
 from ..validate import DOCKER_PORTS, ALSA_DEVICE
+from ..exceptions import APINotSupportedError
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -35,6 +38,7 @@ SCHEMA_OPTIONS = vol.Schema({
     vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
     vol.Optional(ATTR_AUDIO_OUTPUT): ALSA_DEVICE,
     vol.Optional(ATTR_AUDIO_INPUT): ALSA_DEVICE,
+    vol.Optional(ATTR_PROTECTED): vol.Boolean(),
 })
 
 
@@ -116,6 +120,8 @@ class APIAddons(CoreSysAttributes):
             ATTR_REPOSITORY: addon.repository,
             ATTR_LAST_VERSION: addon.last_version,
             ATTR_STATE: await addon.state(),
+            ATTR_PROTECTED: addon.protected,
+            ATTR_RATING: rating_security(addon),
             ATTR_BOOT: addon.boot,
             ATTR_OPTIONS: addon.options,
             ATTR_URL: addon.url,
@@ -126,6 +132,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_HOST_IPC: addon.host_ipc,
             ATTR_HOST_DBUS: addon.host_dbus,
             ATTR_PRIVILEGED: addon.privileged,
+            ATTR_FULL_ACCESS: addon.with_full_access,
             ATTR_APPARMOR: addon.apparmor,
             ATTR_DEVICES: self._pretty_devices(addon),
             ATTR_ICON: addon.with_icon,
@@ -137,6 +144,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_HOMEASSISTANT_API: addon.access_homeassistant_api,
             ATTR_GPIO: addon.with_gpio,
             ATTR_DEVICETREE: addon.with_devicetree,
+            ATTR_DOCKER_API: addon.access_docker_api,
             ATTR_AUDIO: addon.with_audio,
             ATTR_AUDIO_INPUT: addon.audio_input,
             ATTR_AUDIO_OUTPUT: addon.audio_output,
@@ -149,6 +157,11 @@ class APIAddons(CoreSysAttributes):
         """Store user options for addon."""
         addon = self._extract_addon(request)
 
+        # Have Access
+        if addon.slug == request[REQUEST_FROM]:
+            _LOGGER.error("Add-on can't self modify his options!")
+            raise APINotSupportedError()
+
         addon_schema = SCHEMA_OPTIONS.extend({
             vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema),
         })
@@ -167,6 +180,9 @@ class APIAddons(CoreSysAttributes):
             addon.audio_input = body[ATTR_AUDIO_INPUT]
         if ATTR_AUDIO_OUTPUT in body:
             addon.audio_output = body[ATTR_AUDIO_OUTPUT]
+        if ATTR_PROTECTED in body:
+            _LOGGER.warning("Protected flag changing for %s!", addon.slug)
+            addon.protected = body[ATTR_PROTECTED]
 
         addon.save_data()
         return True

hassio/api/hassos.py

@@ -5,7 +5,9 @@ import logging
 import voluptuous as vol
 
 from .utils import api_process, api_validate
-from ..const import ATTR_VERSION, ATTR_BOARD, ATTR_VERSION_LATEST
+from ..const import (
+    ATTR_VERSION, ATTR_BOARD, ATTR_VERSION_LATEST, ATTR_VERSION_CLI,
+    ATTR_VERSION_CLI_LATEST)
 from ..coresys import CoreSysAttributes
 
 _LOGGER = logging.getLogger(__name__)
@@ -23,7 +25,9 @@ class APIHassOS(CoreSysAttributes):
         """Return hassos information."""
         return {
             ATTR_VERSION: self.sys_hassos.version,
+            ATTR_VERSION_CLI: self.sys_hassos.version_cli,
             ATTR_VERSION_LATEST: self.sys_hassos.version_latest,
+            ATTR_VERSION_CLI_LATEST: self.sys_hassos.version_cli_latest,
             ATTR_BOARD: self.sys_hassos.board,
         }
 
@@ -35,6 +39,14 @@ class APIHassOS(CoreSysAttributes):
 
         await asyncio.shield(self.sys_hassos.update(version))
 
+    @api_process
+    async def update_cli(self, request):
+        """Update HassOS CLI."""
+        body = await api_validate(SCHEMA_VERSION, request)
+        version = body.get(ATTR_VERSION, self.sys_hassos.version_cli_latest)
+
+        await asyncio.shield(self.sys_hassos.update_cli(version))
+
     @api_process
     def config_sync(self, request):
         """Trigger config reload on HassOS."""

hassio/api/homeassistant.py

@@ -10,7 +10,7 @@ from ..const import (
     ATTR_PORT, ATTR_PASSWORD, ATTR_SSL, ATTR_WATCHDOG, ATTR_CPU_PERCENT,
     ATTR_MEMORY_USAGE, ATTR_MEMORY_LIMIT, ATTR_NETWORK_RX, ATTR_NETWORK_TX,
     ATTR_BLK_READ, ATTR_BLK_WRITE, ATTR_WAIT_BOOT, ATTR_MACHINE,
-    CONTENT_TYPE_BINARY)
+    ATTR_REFRESH_TOKEN, CONTENT_TYPE_BINARY)
 from ..coresys import CoreSysAttributes
 from ..validate import NETWORK_PORT, DOCKER_IMAGE
 
@@ -21,15 +21,16 @@ _LOGGER = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema({
     vol.Optional(ATTR_BOOT): vol.Boolean(),
     vol.Inclusive(ATTR_IMAGE, 'custom_hass'):
-        vol.Any(None, vol.Coerce(str)),
+        vol.Maybe(vol.Coerce(str)),
     vol.Inclusive(ATTR_LAST_VERSION, 'custom_hass'):
         vol.Any(None, DOCKER_IMAGE),
     vol.Optional(ATTR_PORT): NETWORK_PORT,
-    vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+    vol.Optional(ATTR_PASSWORD): vol.Maybe(vol.Coerce(str)),
     vol.Optional(ATTR_SSL): vol.Boolean(),
     vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
     vol.Optional(ATTR_WAIT_BOOT):
         vol.All(vol.Coerce(int), vol.Range(min=60)),
+    vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
 })
 
 SCHEMA_VERSION = vol.Schema({
@@ -83,8 +84,10 @@ class APIHomeAssistant(CoreSysAttributes):
         if ATTR_WAIT_BOOT in body:
             self.sys_homeassistant.wait_boot = body[ATTR_WAIT_BOOT]
 
+        if ATTR_REFRESH_TOKEN in body:
+            self.sys_homeassistant.refresh_token = body[ATTR_REFRESH_TOKEN]
+
         self.sys_homeassistant.save_data()
-        return True
 
     @api_process
     async def stats(self, request):
@@ -109,11 +112,7 @@ class APIHomeAssistant(CoreSysAttributes):
         body = await api_validate(SCHEMA_VERSION, request)
         version = body.get(ATTR_VERSION, self.sys_homeassistant.last_version)
 
-        if version == self.sys_homeassistant.version:
-            raise RuntimeError("Version {} is already in use".format(version))
-
-        return await asyncio.shield(
-            self.sys_homeassistant.update(version))
+        await asyncio.shield(self.sys_homeassistant.update(version))
 
     @api_process
     def stop(self, request):

hassio/api/proxy.py

@@ -1,15 +1,18 @@
 """Utils for HomeAssistant Proxy."""
 import asyncio
+from contextlib import asynccontextmanager
 import logging
 
 import aiohttp
 from aiohttp import web
-from aiohttp.web_exceptions import HTTPBadGateway, HTTPInternalServerError
+from aiohttp.web_exceptions import (
+    HTTPBadGateway, HTTPInternalServerError, HTTPUnauthorized)
 from aiohttp.hdrs import CONTENT_TYPE
 import async_timeout
 
 from ..const import HEADER_HA_ACCESS
 from ..coresys import CoreSysAttributes
+from ..exceptions import HomeAssistantAuthError, HomeAssistantAPIError
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -23,49 +26,45 @@ class APIProxy(CoreSysAttributes):
         addon = self.sys_addons.from_uuid(hassio_token)
 
         if not addon:
-            _LOGGER.warning("Unknown Home-Assistant API access!")
+            _LOGGER.warning("Unknown HomeAssistant API access!")
+        elif not addon.access_homeassistant_api:
+            _LOGGER.warning("Not permitted API access: %s", addon.slug)
         else:
             _LOGGER.info("%s access from %s", request.path, addon.slug)
+            return
 
+        raise HTTPUnauthorized()
+
+    @asynccontextmanager
     async def _api_client(self, request, path, timeout=300):
         """Return a client request with proxy origin for Home-Assistant."""
-        url = f"{self.sys_homeassistant.api_url}/api/{path}"
-
         try:
-            data = None
-            headers = {}
-            method = getattr(self.sys_websession_ssl, request.method.lower())
-            params = request.query or None
-
             # read data
             with async_timeout.timeout(30):
                 data = await request.read()
 
             if data:
-                headers.update({CONTENT_TYPE: request.content_type})
+                content_type = request.content_type
+            else:
+                content_type = None
 
-            # need api password?
-            if self.sys_homeassistant.api_password:
-                headers = {
-                    HEADER_HA_ACCESS: self.sys_homeassistant.api_password,
-                }
-
-            # reset headers
-            if not headers:
-                headers = None
-
-            client = await method(
-                url, data=data, headers=headers, timeout=timeout,
-                params=params
-            )
-
-            return client
+            async with self.sys_homeassistant.make_request(
+                    request.method.lower(), f'api/{path}',
+                    content_type=content_type,
+                    data=data,
+                    timeout=timeout,
+            ) as resp:
+                yield resp
+                return
 
+        except HomeAssistantAuthError:
+            _LOGGER.error("Authenticate error on API for request %s", path)
+        except HomeAssistantAPIError:
+            _LOGGER.error("Error on API for request %s", path)
         except aiohttp.ClientError as err:
-            _LOGGER.error("Client error on API %s request %s.", path, err)
-
+            _LOGGER.error("Client error on API %s request %s", path, err)
         except asyncio.TimeoutError:
-            _LOGGER.error("Client timeout error on API request %s.", path)
+            _LOGGER.error("Client timeout error on API request %s", path)
 
         raise HTTPBadGateway()
 
@@ -74,30 +73,25 @@ class APIProxy(CoreSysAttributes):
         self._check_access(request)
 
         _LOGGER.info("Home-Assistant EventStream start")
-        client = await self._api_client(request, 'stream', timeout=None)
+        async with self._api_client(request, 'stream', timeout=None) as client:
+            response = web.StreamResponse()
+            response.content_type = request.headers.get(CONTENT_TYPE)
+            try:
+                await response.prepare(request)
+                while True:
+                    data = await client.content.read(10)
+                    if not data:
+                        break
+                    await response.write(data)
 
-        response = web.StreamResponse()
-        response.content_type = request.headers.get(CONTENT_TYPE)
-        try:
-            await response.prepare(request)
-            while True:
-                data = await client.content.read(10)
-                if not data:
-                    await response.write_eof()
-                    break
-                await response.write(data)
+            except aiohttp.ClientError:
+                pass
 
-        except aiohttp.ClientError:
-            await response.write_eof()
+            finally:
+                client.close()
+                _LOGGER.info("Home-Assistant EventStream close")
 
-        except asyncio.CancelledError:
-            pass
-
-        finally:
-            client.close()
-            _LOGGER.info("Home-Assistant EventStream close")
-
-        return response
+            return response
 
     async def api(self, request):
         """Proxy HomeAssistant API Requests."""
@@ -105,14 +99,13 @@ class APIProxy(CoreSysAttributes):
 
         # Normal request
         path = request.match_info.get('path', '')
-        client = await self._api_client(request, path)
-
-        data = await client.read()
-        return web.Response(
-            body=data,
-            status=client.status,
-            content_type=client.content_type
-        )
+        async with self._api_client(request, path) as client:
+            data = await client.read()
+            return web.Response(
+                body=data,
+                status=client.status,
+                content_type=client.content_type
+            )
 
     async def _websocket_client(self):
         """Initialize a websocket api connection."""
@@ -123,20 +116,46 @@ class APIProxy(CoreSysAttributes):
                 url, heartbeat=60, verify_ssl=False)
 
             # handle authentication
-            for _ in range(2):
-                data = await client.receive_json()
-                if data.get('type') == 'auth_ok':
-                    return client
-                elif data.get('type') == 'auth_required':
-                    await client.send_json({
-                        'type': 'auth',
-                        'api_password': self.sys_homeassistant.api_password,
-                    })
+            data = await client.receive_json()
 
-            _LOGGER.error("Authentication to Home-Assistant websocket")
+            if data.get('type') == 'auth_ok':
+                return client
 
-        except (aiohttp.ClientError, RuntimeError) as err:
+            if data.get('type') != 'auth_required':
+                # Invalid protocol
+                _LOGGER.error(
+                    'Got unexpected response from HA websocket: %s', data)
+                raise HTTPBadGateway()
+
+            if self.sys_homeassistant.refresh_token:
+                await self.sys_homeassistant.ensure_access_token()
+                await client.send_json({
+                    'type': 'auth',
+                    'access_token': self.sys_homeassistant.access_token,
+                })
+            else:
+                await client.send_json({
+                    'type': 'auth',
+                    'api_password': self.sys_homeassistant.api_password,
+                })
+
+            data = await client.receive_json()
+
+            if data.get('type') == 'auth_ok':
+                return client
+
+            # Renew the Token is invalid
+            if (data.get('type') == 'invalid_auth' and
+                    self.sys_homeassistant.refresh_token):
+                self.sys_homeassistant.access_token = None
+                return await self._websocket_client()
+
+            raise HomeAssistantAuthError()
+
+        except (RuntimeError, ValueError) as err:
             _LOGGER.error("Client error on websocket API %s.", err)
+        except HomeAssistantAuthError as err:
+            _LOGGER.error("Failed authentication to HomeAssistant websocket")
 
         raise HTTPBadGateway()
 
@@ -157,13 +176,19 @@ class APIProxy(CoreSysAttributes):
 
             # Check API access
             response = await server.receive_json()
-            hassio_token = response.get('api_password')
+            hassio_token = (response.get('api_password') or
+                            response.get('access_token'))
             addon = self.sys_addons.from_uuid(hassio_token)
 
-            if not addon:
+            if not addon or not addon.access_homeassistant_api:
                 _LOGGER.warning("Unauthorized websocket access!")
-            else:
-                _LOGGER.info("Websocket access from %s", addon.slug)
+                await server.send_json({
+                    'type': 'auth_invalid',
+                    'message': 'Invalid access',
+                })
+                return server
+
+            _LOGGER.info("Websocket access from %s", addon.slug)
 
             await server.send_json({
                 'type': 'auth_ok',

hassio/api/utils.py

@@ -1,6 +1,5 @@
 """Init file for HassIO util for rest api."""
 import json
-import hashlib
 import logging
 
 from aiohttp import web
@@ -31,10 +30,10 @@ def api_process(method):
         """Return api information."""
         try:
             answer = await method(api, *args, **kwargs)
-        except RuntimeError as err:
-            return api_return_error(message=str(err))
         except HassioError:
             return api_return_error()
+        except RuntimeError as err:
+            return api_return_error(message=str(err))
 
         if isinstance(answer, dict):
             return api_return_ok(data=answer)
@@ -94,9 +93,3 @@ async def api_validate(schema, request):
         raise RuntimeError(humanize_error(data, ex)) from None
 
     return data
-
-
-def hash_password(password):
-    """Hash and salt our passwords."""
-    key = ")*()*SALT_HASSIO2123{}6554547485HSKA!!*JSLAfdasda$".format(password)
-    return hashlib.sha256(key.encode()).hexdigest()

hassio/bootstrap.py

@@ -66,10 +66,11 @@ def initialize_system_data(coresys):
     config = coresys.config
 
     # homeassistant config folder
-    if not config.path_config.is_dir():
+    if not config.path_homeassistant.is_dir():
         _LOGGER.info(
-            "Create Home-Assistant config folder %s", config.path_config)
-        config.path_config.mkdir()
+            "Create Home-Assistant config folder %s",
+            config.path_homeassistant)
+        config.path_homeassistant.mkdir()
 
     # hassio ssl folder
     if not config.path_ssl.is_dir():

hassio/config.py

@@ -2,8 +2,11 @@
 from datetime import datetime
 import logging
 import os
+import re
 from pathlib import Path, PurePath
 
+import pytz
+
 from .const import (
     FILE_HASSIO_CONFIG, HASSIO_DATA, ATTR_TIMEZONE, ATTR_ADDONS_CUSTOM_LIST,
     ATTR_LAST_BOOT, ATTR_WAIT_BOOT)
@@ -29,6 +32,8 @@ APPARMOR_DATA = PurePath("apparmor")
 
 DEFAULT_BOOT_TIME = datetime.utcfromtimestamp(0).isoformat()
 
+RE_TIMEZONE = re.compile(r"time_zone: (?P<timezone>[\w/\-+]+)")
+
 
 class CoreConfig(JsonConfig):
     """Hold all core config data."""
@@ -40,7 +45,21 @@ class CoreConfig(JsonConfig):
     @property
     def timezone(self):
         """Return system timezone."""
-        return self._data[ATTR_TIMEZONE]
+        config_file = Path(self.path_homeassistant, 'configuration.yaml')
+        try:
+            assert config_file.exists()
+            configuration = config_file.read_text()
+
+            data = RE_TIMEZONE.search(configuration)
+            assert data
+
+            timezone = data.group('timezone')
+            pytz.timezone(timezone)
+        except (pytz.exceptions.UnknownTimeZoneError, OSError, AssertionError):
+            _LOGGER.debug("Can't parse HomeAssistant timezone")
+            return self._data[ATTR_TIMEZONE]
+
+        return timezone
 
     @timezone.setter
     def timezone(self, value):
@@ -83,12 +102,12 @@ class CoreConfig(JsonConfig):
         return PurePath(os.environ['SUPERVISOR_SHARE'])
 
     @property
-    def path_extern_config(self):
+    def path_extern_homeassistant(self):
         """Return config path extern for docker."""
         return str(PurePath(self.path_extern_hassio, HOMEASSISTANT_CONFIG))
 
     @property
-    def path_config(self):
+    def path_homeassistant(self):
         """Return config path inside supervisor."""
         return Path(HASSIO_DATA, HOMEASSISTANT_CONFIG)
 

hassio/const.py

@@ -2,7 +2,7 @@
 from pathlib import Path
 from ipaddress import ip_network
 
-HASSIO_VERSION = '114'
+HASSIO_VERSION = '127'
 
 URL_HASSIO_ADDONS = "https://github.com/home-assistant/hassio-addons"
 URL_HASSIO_VERSION = \
@@ -50,7 +50,7 @@ CONTENT_TYPE_JSON = 'application/json'
 CONTENT_TYPE_TEXT = 'text/plain'
 CONTENT_TYPE_TAR = 'application/tar'
 HEADER_HA_ACCESS = 'x-ha-access'
-HEADER_TOKEN = 'X-HASSIO-KEY'
+HEADER_TOKEN = 'x-hassio-key'
 
 ENV_TOKEN = 'HASSIO_TOKEN'
 ENV_TIME = 'TZ'
@@ -174,6 +174,14 @@ ATTR_DEVICETREE = 'devicetree'
 ATTR_CPE = 'cpe'
 ATTR_BOARD = 'board'
 ATTR_HASSOS = 'hassos'
+ATTR_HASSOS_CLI = 'hassos_cli'
+ATTR_VERSION_CLI = 'version_cli'
+ATTR_VERSION_CLI_LATEST = 'version_cli_latest'
+ATTR_REFRESH_TOKEN = 'refresh_token'
+ATTR_DOCKER_API = 'docker_api'
+ATTR_FULL_ACCESS = 'full_access'
+ATTR_PROTECTED = 'protected'
+ATTR_RATING = 'rating'
 
 SERVICE_MQTT = 'mqtt'
 
@@ -222,6 +230,14 @@ SECURITY_PROFILE = 'profile'
 SECURITY_DEFAULT = 'default'
 SECURITY_DISABLE = 'disable'
 
+PRIVILEGED_NET_ADMIN = 'NET_ADMIN'
+PRIVILEGED_SYS_ADMIN = 'SYS_ADMIN'
+PRIVILEGED_SYS_RAWIO = 'SYS_RAWIO'
+PRIVILEGED_IPC_LOCK = 'IPC_LOCK'
+PRIVILEGED_SYS_TIME = 'SYS_TIME'
+PRIVILEGED_SYS_NICE = 'SYS_NICE'
+PRIVILEGED_SYS_RESOURCE = 'SYS_RESOURCE'
+
 FEATURES_SHUTDOWN = 'shutdown'
 FEATURES_REBOOT = 'reboot'
 FEATURES_HASSOS = 'hassos'

hassio/core.py

@@ -3,11 +3,12 @@ from contextlib import suppress
 import asyncio
 import logging
 
+import async_timeout
+
 from .coresys import CoreSysAttributes
 from .const import (
     STARTUP_SYSTEM, STARTUP_SERVICES, STARTUP_APPLICATION, STARTUP_INITIALIZE)
-from .exceptions import HassioError
-from .utils.dt import fetch_timezone
+from .exceptions import HassioError, HomeAssistantError
 
 _LOGGER = logging.getLogger(__name__)
 
@@ -21,10 +22,8 @@ class HassIO(CoreSysAttributes):
 
     async def setup(self):
         """Setup HassIO orchestration."""
-        # update timezone
-        if self.sys_config.timezone == 'UTC':
-            self.sys_config.timezone = \
-                await fetch_timezone(self.sys_websession)
+        # Load Supervisor
+        await self.sys_supervisor.load()
 
         # Load DBus
         await self.sys_dbus.load()
@@ -35,9 +34,6 @@ class HassIO(CoreSysAttributes):
         # Load HassOS
         await self.sys_hassos.load()
 
-        # Load Supervisor
-        await self.sys_supervisor.load()
-
         # Load Home Assistant
         await self.sys_homeassistant.load()
 
@@ -71,7 +67,6 @@ class HassIO(CoreSysAttributes):
 
         # start api
         await self.sys_api.start()
-        _LOGGER.info("Start API on %s", self.sys_docker.network.supervisor)
 
         # start addon mark as initialize
         await self.sys_addons.boot(STARTUP_INITIALIZE)
@@ -93,7 +88,8 @@ class HassIO(CoreSysAttributes):
 
             # run HomeAssistant
             if self.sys_homeassistant.boot:
-                await self.sys_homeassistant.start()
+                with suppress(HomeAssistantError):
+                    await self.sys_homeassistant.start()
 
             # start addon mark as application
             await self.sys_addons.boot(STARTUP_APPLICATION)
@@ -118,12 +114,18 @@ class HassIO(CoreSysAttributes):
         self.sys_scheduler.suspend = True
 
         # process async stop tasks
-        await asyncio.wait([
-            self.sys_api.stop(),
-            self.sys_dns.stop(),
-            self.sys_websession.close(),
-            self.sys_websession_ssl.close()
-        ])
+        try:
+            with async_timeout.timeout(10):
+                await asyncio.wait([
+                    self.sys_api.stop(),
+                    self.sys_dns.stop(),
+                    self.sys_websession.close(),
+                    self.sys_websession_ssl.close()
+                ])
+        except asyncio.TimeoutError:
+            _LOGGER.warning("Force Shutdown!")
+
+        _LOGGER.info("Hass.io is down")
 
     async def shutdown(self):
         """Shutdown all running containers in correct order."""

hassio/coresys.py

@@ -66,6 +66,11 @@ class CoreSys:
         """Return True if we run dev modus."""
         return self._updater.channel == CHANNEL_DEV
 
+    @property
+    def timezone(self):
+        """Return timezone."""
+        return self._config.timezone
+
     @property
     def loop(self):
         """Return loop object."""

hassio/docker/addon.py

@@ -1,6 +1,7 @@
 """Init file for HassIO addon docker object."""
 import logging
 import os
+from pathlib import Path
 
 import docker
 import requests
@@ -66,6 +67,11 @@ class DockerAddon(DockerInterface):
             return 'host'
         return None
 
+    @property
+    def full_access(self):
+        """Return True if full access is enabled."""
+        return not self.addon.protected and self.addon.with_full_access
+
     @property
     def hostname(self):
         """Return slug/id of addon."""
@@ -85,7 +91,7 @@ class DockerAddon(DockerInterface):
 
         return {
             **addon_env,
-            ENV_TIME: self.sys_config.timezone,
+            ENV_TIME: self.sys_timezone,
             ENV_TOKEN: self.addon.uuid,
         }
 
@@ -172,7 +178,7 @@ class DockerAddon(DockerInterface):
         # setup config mappings
         if MAP_CONFIG in addon_mapping:
             volumes.update({
-                str(self.sys_config.path_extern_config): {
+                str(self.sys_config.path_extern_homeassistant): {
                     'bind': "/config", 'mode': addon_mapping[MAP_CONFIG]
                 }})
 
@@ -204,14 +210,14 @@ class DockerAddon(DockerInterface):
 
         # GPIO support
         if self.addon.with_gpio:
-            volumes.update({
-                "/sys/class/gpio": {
-                    'bind': "/sys/class/gpio", 'mode': 'rw'
-                },
-                "/sys/devices/platform/soc": {
-                    'bind': "/sys/devices/platform/soc", 'mode': 'rw'
-                },
-            })
+            for gpio_path in ("/sys/class/gpio", "/sys/devices/platform/soc"):
+                if not Path(gpio_path).exists():
+                    continue
+                volumes.update({
+                    gpio_path: {
+                        'bind': gpio_path, 'mode': 'rw'
+                    },
+                })
 
         # DeviceTree support
         if self.addon.with_devicetree:
@@ -221,6 +227,14 @@ class DockerAddon(DockerInterface):
                 },
             })
 
+        # Docker API support
+        if not self.addon.protected and self.addon.access_docker_api:
+            volumes.update({
+                "/var/run/docker.sock": {
+                    'bind': "/var/run/docker.sock", 'mode': 'ro'
+                },
+            })
+
         # Host dbus system
         if self.addon.host_dbus:
             volumes.update({
@@ -245,6 +259,11 @@ class DockerAddon(DockerInterface):
         if self._is_running():
             return True
 
+        # Security check
+        if not self.addon.protected:
+            _LOGGER.warning(
+                "%s run with disabled proteced mode!", self.addon.name)
+
         # cleanup
         self._stop()
 
@@ -254,6 +273,7 @@ class DockerAddon(DockerInterface):
             hostname=self.hostname,
             detach=True,
             init=True,
+            privileged=self.full_access,
             ipc_mode=self.ipc,
             stdin_open=self.addon.with_stdin,
             network_mode=self.network_mode,

hassio/docker/hassos_cli.py

@@ -0,0 +1,37 @@
+"""HassOS Cli docker object."""
+import logging
+
+import docker
+
+from .interface import DockerInterface
+from ..coresys import CoreSysAttributes
+
+_LOGGER = logging.getLogger(__name__)
+
+
+class DockerHassOSCli(DockerInterface, CoreSysAttributes):
+    """Docker hassio wrapper for HassOS Cli."""
+
+    @property
+    def image(self):
+        """Return name of HassOS cli image."""
+        return f"homeassistant/{self.sys_arch}-hassio-cli"
+
+    def _stop(self):
+        """Don't need stop."""
+        return True
+
+    def _attach(self):
+        """Attach to running docker container.
+        Need run inside executor.
+        """
+        try:
+            image = self.sys_docker.images.get(self.image)
+
+        except docker.errors.DockerException:
+            _LOGGER.warning("Can't find a HassOS cli %s", self.image)
+
+        else:
+            self._meta = image.attrs
+            _LOGGER.info("Found HassOS cli %s with version %s",
+                         self.image, self.version)

hassio/docker/homeassistant.py

@@ -61,11 +61,11 @@ class DockerHomeAssistant(DockerInterface):
             network_mode='host',
             environment={
                 'HASSIO': self.sys_docker.network.supervisor,
-                ENV_TIME: self.sys_config.timezone,
+                ENV_TIME: self.sys_timezone,
                 ENV_TOKEN: self.sys_homeassistant.uuid,
             },
             volumes={
-                str(self.sys_config.path_extern_config):
+                str(self.sys_config.path_extern_homeassistant):
                     {'bind': '/config', 'mode': 'rw'},
                 str(self.sys_config.path_extern_ssl):
                     {'bind': '/ssl', 'mode': 'ro'},
@@ -95,13 +95,15 @@ class DockerHomeAssistant(DockerInterface):
             stdout=True,
             stderr=True,
             environment={
-                ENV_TIME: self.sys_config.timezone,
+                ENV_TIME: self.sys_timezone,
             },
             volumes={
-                str(self.sys_config.path_extern_config):
+                str(self.sys_config.path_extern_homeassistant):
                     {'bind': '/config', 'mode': 'rw'},
                 str(self.sys_config.path_extern_ssl):
                     {'bind': '/ssl', 'mode': 'ro'},
+                str(self.sys_config.path_extern_share):
+                    {'bind': '/share', 'mode': 'ro'},
             }
         )
 

hassio/docker/supervisor.py

@@ -11,7 +11,7 @@ _LOGGER = logging.getLogger(__name__)
 
 
 class DockerSupervisor(DockerInterface, CoreSysAttributes):
-    """Docker hassio wrapper for HomeAssistant."""
+    """Docker hassio wrapper for Supervisor."""
 
     @property
     def name(self):

hassio/exceptions.py

@@ -11,6 +11,28 @@ class HassioNotSupportedError(HassioError):
     pass
 
 
+# HomeAssistant
+
+class HomeAssistantError(HassioError):
+    """Home Assistant exception."""
+    pass
+
+
+class HomeAssistantUpdateError(HomeAssistantError):
+    """Error on update of a Home Assistant."""
+    pass
+
+
+class HomeAssistantAPIError(HomeAssistantError):
+    """Home Assistant API exception."""
+    pass
+
+
+class HomeAssistantAuthError(HomeAssistantAPIError):
+    """Home Assistant Auth API exception."""
+    pass
+
+
 # HassOS
 
 class HassOSError(HassioError):
@@ -54,6 +76,19 @@ class HostServiceError(HostError):
 
 class HostAppArmorError(HostError):
     """Host apparmor functions fails."""
+    pass
+
+
+# API
+
+class APIError(HassioError):
+    """API errors."""
+    pass
+
+
+class APINotSupportedError(HassioNotSupportedError):
+    """API not supported error."""
+    pass
 
 
 # utils/gdbus

hassio/hassos.py

@@ -1,4 +1,5 @@
 """HassOS support on supervisor."""
+import asyncio
 import logging
 from pathlib import Path
 
@@ -7,6 +8,7 @@ from cpe import CPE
 
 from .coresys import CoreSysAttributes
 from .const import URL_HASSOS_OTA
+from .docker.hassos_cli import DockerHassOSCli
 from .exceptions import HassOSNotSupportedError, HassOSUpdateError, DBusError
 
 _LOGGER = logging.getLogger(__name__)
@@ -18,6 +20,7 @@ class HassOS(CoreSysAttributes):
     def __init__(self, coresys):
         """Initialize HassOS handler."""
         self.coresys = coresys
+        self.instance = DockerHassOSCli(coresys)
         self._available = False
         self._version = None
         self._board = None
@@ -32,11 +35,31 @@ class HassOS(CoreSysAttributes):
         """Return version of HassOS."""
         return self._version
 
+    @property
+    def version_cli(self):
+        """Return version of HassOS cli."""
+        return self.instance.version
+
     @property
     def version_latest(self):
         """Return version of HassOS."""
         return self.sys_updater.version_hassos
 
+    @property
+    def version_cli_latest(self):
+        """Return version of HassOS."""
+        return self.sys_updater.version_hassos_cli
+
+    @property
+    def need_update(self):
+        """Return true if a HassOS update is available."""
+        return self.version != self.version_latest
+
+    @property
+    def need_cli_update(self):
+        """Return true if a HassOS cli update is available."""
+        return self.version_cli != self.version_cli_latest
+
     @property
     def board(self):
         """Return board name."""
@@ -56,6 +79,10 @@ class HassOS(CoreSysAttributes):
         try:
             _LOGGER.info("Fetch OTA update from %s", url)
             async with self.sys_websession.get(url) as request:
+                if request.status != 200:
+                    raise HassOSUpdateError()
+
+                # Download RAUCB file
                 with raucb.open('wb') as ota_file:
                     while True:
                         chunk = await request.content.read(1048576)
@@ -66,7 +93,7 @@ class HassOS(CoreSysAttributes):
             _LOGGER.info("OTA update is downloaded on %s", raucb)
             return raucb
 
-        except aiohttp.ClientError as err:
+        except (aiohttp.ClientError, asyncio.TimeoutError) as err:
             _LOGGER.warning("Can't fetch versions from %s: %s", url, err)
 
         except OSError as err:
@@ -86,7 +113,7 @@ class HassOS(CoreSysAttributes):
             cpe = CPE(self.sys_host.info.cpe)
             assert cpe.get_product()[0] == 'hassos'
         except (AssertionError, NotImplementedError):
-            _LOGGER.debug("Ignore HassOS")
+            _LOGGER.debug("Found no HassOS")
             return
 
         # Store meta data
@@ -95,6 +122,7 @@ class HassOS(CoreSysAttributes):
         self._board = cpe.get_target_hardware()[0]
 
         _LOGGER.info("Detect HassOS %s on host system", self.version)
+        await self.instance.attach()
 
     def config_sync(self):
         """Trigger a host config reload from usb.
@@ -142,3 +170,17 @@ class HassOS(CoreSysAttributes):
         _LOGGER.error(
             "HassOS update fails with: %s", rauc_status.get('LastError'))
         raise HassOSUpdateError()
+
+    async def update_cli(self, version=None):
+        """Update local HassOS cli."""
+        version = version or self.version_cli_latest
+
+        if version == self.version_cli:
+            _LOGGER.warning("Version %s is already installed for CLI", version)
+            raise HassOSUpdateError()
+
+        if await self.instance.update(version):
+            return
+
+        _LOGGER.error("HassOS CLI update fails.")
+        raise HassOSUpdateError()

hassio/homeassistant.py

@@ -1,21 +1,27 @@
 """HomeAssistant control object."""
 import asyncio
+from contextlib import asynccontextmanager, suppress
 import logging
 import os
 import re
+from pathlib import Path
 import socket
 import time
 
 import aiohttp
-from aiohttp.hdrs import CONTENT_TYPE
+from aiohttp import hdrs
 import attr
 
 from .const import (
     FILE_HASSIO_HOMEASSISTANT, ATTR_IMAGE, ATTR_LAST_VERSION, ATTR_UUID,
     ATTR_BOOT, ATTR_PASSWORD, ATTR_PORT, ATTR_SSL, ATTR_WATCHDOG,
-    ATTR_WAIT_BOOT, HEADER_HA_ACCESS, CONTENT_TYPE_JSON)
+    ATTR_WAIT_BOOT, ATTR_REFRESH_TOKEN,
+    HEADER_HA_ACCESS)
 from .coresys import CoreSysAttributes
 from .docker.homeassistant import DockerHomeAssistant
+from .exceptions import (
+    HomeAssistantUpdateError, HomeAssistantError, HomeAssistantAPIError,
+    HomeAssistantAuthError)
 from .utils import convert_to_ascii, process_lock
 from .utils.json import JsonConfig
 from .validate import SCHEMA_HASS_CONFIG
@@ -25,7 +31,7 @@ _LOGGER = logging.getLogger(__name__)
 RE_YAML_ERROR = re.compile(r"homeassistant\.util\.yaml")
 
 # pylint: disable=invalid-name
-ConfigResult = attr.make_class('ConfigResult', ['valid', 'log'])
+ConfigResult = attr.make_class('ConfigResult', ['valid', 'log'], frozen=True)
 
 
 class HomeAssistant(JsonConfig, CoreSysAttributes):
@@ -38,6 +44,8 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         self.instance = DockerHomeAssistant(coresys)
         self.lock = asyncio.Lock(loop=coresys.loop)
         self._error_state = False
+        # We don't persist access tokens. Instead we fetch new ones when needed
+        self.access_token = None
 
     async def load(self):
         """Prepare HomeAssistant object."""
@@ -175,6 +183,16 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
         """Return a UUID of this HomeAssistant."""
         return self._data[ATTR_UUID]
 
+    @property
+    def refresh_token(self):
+        """Return the refresh token to authenticate with HomeAssistant."""
+        return self._data.get(ATTR_REFRESH_TOKEN)
+
+    @refresh_token.setter
+    def refresh_token(self, value):
+        """Set Home Assistant refresh_token."""
+        self._data[ATTR_REFRESH_TOKEN] = value
+
     @process_lock
     async def install_landingpage(self):
         """Install a landingpage."""
@@ -186,7 +204,11 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
             await asyncio.sleep(60)
 
         # Run landingpage after installation
-        await self._start()
+        _LOGGER.info("Start landingpage")
+        try:
+            await self._start()
+        except HomeAssistantError:
+            _LOGGER.warning("Can't start landingpage")
 
     @process_lock
     async def install(self):
@@ -205,46 +227,57 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
 
         # finishing
         _LOGGER.info("HomeAssistant docker now installed")
-        if self.boot:
+        try:
+            if not self.boot:
+                return
+            _LOGGER.info("Start HomeAssistant")
             await self._start()
-        await self.instance.cleanup()
+        except HomeAssistantError:
+            _LOGGER.error("Can't start HomeAssistant!")
+        finally:
+            await self.instance.cleanup()
 
     @process_lock
     async def update(self, version=None):
         """Update HomeAssistant version."""
         version = version or self.last_version
-        rollback = self.version
+        rollback = self.version if not self.error_state else None
         running = await self.instance.is_running()
         exists = await self.instance.exists()
 
         if exists and version == self.instance.version:
             _LOGGER.warning("Version %s is already installed", version)
-            return False
+            return HomeAssistantUpdateError()
 
         # process a update
         async def _update(to_version):
             """Run Home Assistant update."""
             try:
-                return await self.instance.update(to_version)
+                _LOGGER.info("Update HomeAssistant to version %s", to_version)
+                if not await self.instance.update(to_version):
+                    raise HomeAssistantUpdateError()
             finally:
                 if running:
                     await self._start()
+                _LOGGER.info("Successfull run HomeAssistant %s", to_version)
 
         # Update Home Assistant
-        ret = await _update(version)
+        with suppress(HomeAssistantError):
+            await _update(version)
+            return
 
         # Update going wrong, revert it
         if self.error_state and rollback:
-            _LOGGER.fatal("Home Assistant update fails -> rollback!")
-            ret = await _update(rollback)
-
-        return ret
+            _LOGGER.fatal("HomeAssistant update fails -> rollback!")
+            await _update(rollback)
+        else:
+            raise HomeAssistantUpdateError()
 
     async def _start(self):
         """Start HomeAssistant docker & wait."""
         if not await self.instance.run():
-            return False
-        return await self._block_till_run()
+            raise HomeAssistantError()
+        await self._block_till_run()
 
     @process_lock
     def start(self):
@@ -266,7 +299,7 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
     async def restart(self):
         """Restart HomeAssistant docker."""
         await self.instance.stop()
-        return await self._start()
+        await self._start()
 
     def logs(self):
         """Get HomeAssistant docker logs.
@@ -309,7 +342,7 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
 
         # if not valid
         if result.exit_code is None:
-            return ConfigResult(False, "")
+            raise HomeAssistantError()
 
         # parse output
         log = convert_to_ascii(result.output)
@@ -317,55 +350,97 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
             return ConfigResult(False, log)
         return ConfigResult(True, log)
 
-    async def check_api_state(self):
-        """Check if Home-Assistant up and running."""
-        url = f"{self.api_url}/api/"
-        header = {CONTENT_TYPE: CONTENT_TYPE_JSON}
+    async def ensure_access_token(self):
+        """Ensures there is an access token."""
+        if self.access_token is not None:
+            return
 
+        with suppress(asyncio.TimeoutError, aiohttp.ClientError):
+            async with self.sys_websession_ssl.post(
+                    f"{self.api_url}/auth/token",
+                    timeout=30,
+                    data={
+                        "grant_type": "refresh_token",
+                        "refresh_token": self.refresh_token
+                    }
+            ) as resp:
+                if resp.status == 200:
+                    _LOGGER.info("Updated HomeAssistant API token")
+                    tokens = await resp.json()
+                    self.access_token = tokens['access_token']
+                    return
+
+        _LOGGER.error("Can't update HomeAssistant access token!")
+        raise HomeAssistantAuthError()
+
+    @asynccontextmanager
+    async def make_request(self, method, path, json=None, content_type=None,
+                           data=None, timeout=30):
+        """Async context manager to make a request with right auth."""
+        url = f"{self.api_url}/{path}"
+        headers = {}
+
+        # Passthrough content type
+        if content_type is not None:
+            headers[hdrs.CONTENT_TYPE] = content_type
+
+        # Set old API Password
         if self.api_password:
-            header.update({HEADER_HA_ACCESS: self.api_password})
+            headers[HEADER_HA_ACCESS] = self.api_password
 
-        try:
-            # pylint: disable=bad-continuation
-            async with self.sys_websession_ssl.get(
-                    url, headers=header, timeout=30) as request:
-                status = request.status
+        for _ in (1, 2):
+            # Prepare Access token
+            if self.refresh_token:
+                await self.ensure_access_token()
+                headers[hdrs.AUTHORIZATION] = f'Bearer {self.access_token}'
 
-        except (asyncio.TimeoutError, aiohttp.ClientError):
-            return False
+            try:
+                async with getattr(self.sys_websession_ssl, method)(
+                        url, data=data, timeout=timeout, json=json,
+                        headers=headers
+                ) as resp:
+                    # Access token expired
+                    if resp.status == 401 and self.refresh_token:
+                        self.access_token = None
+                        continue
+                    yield resp
+                    return
+            except (asyncio.TimeoutError, aiohttp.ClientError) as err:
+                _LOGGER.error("Error on call %s: %s", url, err)
+                break
 
-        if status not in (200, 201):
-            _LOGGER.warning("Home-Assistant API config missmatch")
-        return True
+        raise HomeAssistantAPIError()
+
+    async def check_api_state(self):
+        """Return True if Home-Assistant up and running."""
+        with suppress(HomeAssistantAPIError):
+            async with self.make_request('get', 'api/') as resp:
+                if resp.status in (200, 201):
+                    return True
+                err = resp.status
+
+        _LOGGER.warning("Home-Assistant API config missmatch: %d", err)
+        return False
 
     async def send_event(self, event_type, event_data=None):
         """Send event to Home-Assistant."""
-        url = f"{self.api_url}/api/events/{event_type}"
-        header = {CONTENT_TYPE: CONTENT_TYPE_JSON}
+        with suppress(HomeAssistantAPIError):
+            async with self.make_request(
+                    'get', f'api/events/{event_type}'
+            ) as resp:
+                if resp.status in (200, 201):
+                    return
+                err = resp.status
 
-        if self.api_password:
-            header.update({HEADER_HA_ACCESS: self.api_password})
-
-        try:
-            # pylint: disable=bad-continuation
-            async with self.sys_websession_ssl.post(
-                    url, headers=header, timeout=30,
-                    json=event_data) as request:
-                status = request.status
-
-        except (asyncio.TimeoutError, aiohttp.ClientError) as err:
-            _LOGGER.warning(
-                "Home-Assistant event %s fails: %s", event_type, err)
-            return False
-
-        if status not in (200, 201):
-            _LOGGER.warning("Home-Assistant event %s fails", event_type)
-            return False
-        return True
+        _LOGGER.warning("HomeAssistant event %s fails: %s", event_type, err)
+        return HomeAssistantError()
 
     async def _block_till_run(self):
         """Block until Home-Assistant is booting up or startup timeout."""
         start_time = time.monotonic()
+        migration_progress = False
+        migration_file = Path(
+            self.sys_config.path_homeassistant, '.migration_progress')
 
         def check_port():
             """Check if port is mapped."""
@@ -374,27 +449,46 @@ class HomeAssistant(JsonConfig, CoreSysAttributes):
                 result = sock.connect_ex((str(self.api_ip), self.api_port))
                 sock.close()
 
+                # Check if the port is available
                 if result == 0:
                     return True
-                return False
             except OSError:
                 pass
+            return False
 
-        while time.monotonic() - start_time < self.wait_boot:
-            # Check if API response
-            if await self.sys_run_in_executor(check_port):
-                _LOGGER.info("Detect a running Home-Assistant instance")
-                self._error_state = False
-                return True
-
-            # Check if Container is is_running
-            if not await self.instance.is_running():
-                _LOGGER.error("Home Assistant is crashed!")
-                break
-
-            # wait and don't hit the system
+        while True:
             await asyncio.sleep(10)
 
-        _LOGGER.warning("Don't wait anymore of Home-Assistant startup!")
+            # 1
+            # Check if Container is is_running
+            if not await self.instance.is_running():
+                _LOGGER.error("HomeAssistant is crashed!")
+                break
+
+            # 2
+            # Check if API response
+            if await self.sys_run_in_executor(check_port):
+                _LOGGER.info("Detect a running HomeAssistant instance")
+                self._error_state = False
+                return
+
+            # 3
+            # Running DB Migration
+            if migration_file.exists():
+                if not migration_progress:
+                    migration_progress = True
+                    _LOGGER.info("HomeAssistant record migration in progress")
+                continue
+            elif migration_progress:
+                migration_progress = False  # Reset start time
+                start_time = time.monotonic()
+                _LOGGER.info("HomeAssistant record migration done")
+
+            # 4
+            # Timeout
+            if time.monotonic() - start_time > self.wait_boot:
+                _LOGGER.warning("Don't wait anymore of HomeAssistant startup!")
+                break
+
         self._error_state = True
-        return False
+        raise HomeAssistantError()

hassio/misc/dns.py

@@ -3,6 +3,8 @@ import asyncio
 import logging
 import shlex
 
+import async_timeout
+
 _LOGGER = logging.getLogger(__name__)
 
 COMMAND = "socat UDP-RECVFROM:53,fork UDP-SENDTO:127.0.0.11:53"
@@ -38,5 +40,10 @@ class DNSForward:
             return
 
         self.proc.kill()
-        await self.proc.wait()
+        try:
+            with async_timeout.timeout(5):
+                await self.proc.wait()
+        except asyncio.TimeoutError:
+            _LOGGER.warning("Stop waiting for DNS shutdown")
+
         _LOGGER.info("Stop DNS forwarding")

hassio/snapshots/validate.py

@@ -16,7 +16,7 @@ ALL_FOLDERS = [FOLDER_HOMEASSISTANT, FOLDER_SHARE, FOLDER_ADDONS, FOLDER_SSL]
 
 def unique_addons(addons_list):
     """Validate that an add-on is unique."""
-    single = set([addon[ATTR_SLUG] for addon in addons_list])
+    single = set(addon[ATTR_SLUG] for addon in addons_list)
 
     if len(single) != len(addons_list):
         raise vol.Invalid("Invalid addon list on snapshot!")

hassio/supervisor.py

@@ -1,4 +1,5 @@
 """HomeAssistant control object."""
+import asyncio
 import logging
 from pathlib import Path
 from tempfile import TemporaryDirectory
@@ -60,7 +61,7 @@ class Supervisor(CoreSysAttributes):
             async with self.sys_websession.get(url, timeout=10) as request:
                 data = await request.text()
 
-        except aiohttp.ClientError as err:
+        except (aiohttp.ClientError, asyncio.TimeoutError) as err:
             _LOGGER.warning("Can't fetch AppArmor profile: %s", err)
             return
 

hassio/tasks.py

@@ -10,6 +10,7 @@ HASS_WATCHDOG_API = 'HASS_WATCHDOG_API'
 
 RUN_UPDATE_SUPERVISOR = 29100
 RUN_UPDATE_ADDONS = 57600
+RUN_UPDATE_HASSOSCLI = 29100
 
 RUN_RELOAD_ADDONS = 21600
 RUN_RELOAD_SNAPSHOTS = 72000
@@ -35,6 +36,8 @@ class Tasks(CoreSysAttributes):
             self._update_addons, RUN_UPDATE_ADDONS))
         self.jobs.add(self.sys_scheduler.register_task(
             self._update_supervisor, RUN_UPDATE_SUPERVISOR))
+        self.jobs.add(self.sys_scheduler.register_task(
+            self._update_hassos_cli, RUN_UPDATE_HASSOSCLI))
 
         self.jobs.add(self.sys_scheduler.register_task(
             self.sys_addons.reload, RUN_RELOAD_ADDONS))
@@ -79,7 +82,7 @@ class Tasks(CoreSysAttributes):
         if not self.sys_supervisor.need_update:
             return
 
-        # don't perform an update on beta/dev channel
+        # don't perform an update on dev channel
         if self.sys_dev:
             _LOGGER.warning("Ignore Hass.io update on dev channel!")
             return
@@ -131,5 +134,20 @@ class Tasks(CoreSysAttributes):
             return
 
         _LOGGER.error("Watchdog found a problem with Home-Assistant API!")
-        await self.sys_homeassistant.restart()
-        self._cache[HASS_WATCHDOG_API] = 0
+        try:
+            await self.sys_homeassistant.restart()
+        finally:
+            self._cache[HASS_WATCHDOG_API] = 0
+
+    async def _update_hassos_cli(self):
+        """Check and run update of HassOS CLI."""
+        if not self.sys_hassos.need_cli_update:
+            return
+
+        # don't perform an update on dev channel
+        if self.sys_dev:
+            _LOGGER.warning("Ignore HassOS CLI update on dev channel!")
+            return
+
+        _LOGGER.info("Found new HassOS CLI version")
+        await self.sys_hassos.update_cli()

hassio/updater.py

@@ -1,4 +1,5 @@
 """Fetch last versions from webserver."""
+import asyncio
 from contextlib import suppress
 from datetime import timedelta
 import json
@@ -8,7 +9,7 @@ import aiohttp
 
 from .const import (
     URL_HASSIO_VERSION, FILE_HASSIO_UPDATER, ATTR_HOMEASSISTANT, ATTR_HASSIO,
-    ATTR_CHANNEL, ATTR_HASSOS)
+    ATTR_CHANNEL, ATTR_HASSOS, ATTR_HASSOS_CLI)
 from .coresys import CoreSysAttributes
 from .utils import AsyncThrottle
 from .utils.json import JsonConfig
@@ -51,6 +52,11 @@ class Updater(JsonConfig, CoreSysAttributes):
         """Return last version of hassos."""
         return self._data.get(ATTR_HASSOS)
 
+    @property
+    def version_hassos_cli(self):
+        """Return last version of hassos cli."""
+        return self._data.get(ATTR_HASSOS_CLI)
+
     @property
     def channel(self):
         """Return upstream channel of hassio instance."""
@@ -76,7 +82,7 @@ class Updater(JsonConfig, CoreSysAttributes):
             async with self.sys_websession.get(url, timeout=10) as request:
                 data = await request.json(content_type=None)
 
-        except aiohttp.ClientError as err:
+        except (aiohttp.ClientError, asyncio.TimeoutError) as err:
             _LOGGER.warning("Can't fetch versions from %s: %s", url, err)
             raise HassioUpdaterError() from None
 
@@ -99,6 +105,7 @@ class Updater(JsonConfig, CoreSysAttributes):
             # update hassos version
             if self.sys_hassos.available and board:
                 self._data[ATTR_HASSOS] = data['hassos'][board]
+                self._data[ATTR_HASSOS_CLI] = data['hassos-cli']
 
         except KeyError as err:
             _LOGGER.warning("Can't process version data: %s", err)

hassio/utils/dt.py

@@ -3,14 +3,12 @@ from datetime import datetime, timedelta, timezone
 import logging
 import re
 
-import aiohttp
 import pytz
 
 UTC = pytz.utc
 
 _LOGGER = logging.getLogger(__name__)
 
-FREEGEOIP_URL = "https://freegeoip.net/json/"
 
 # Copyright (c) Django Software Foundation and individual contributors.
 # All rights reserved.
@@ -23,22 +21,6 @@ DATETIME_RE = re.compile(
 )
 
 
-async def fetch_timezone(websession):
-    """Read timezone from freegeoip."""
-    data = {}
-    try:
-        async with websession.get(FREEGEOIP_URL, timeout=10) as request:
-            data = await request.json()
-
-    except aiohttp.ClientError as err:
-        _LOGGER.warning("Can't fetch freegeoip data: %s", err)
-
-    except ValueError as err:
-        _LOGGER.warning("Error on parse freegeoip data: %s", err)
-
-    return data.get('time_zone', 'UTC')
-
-
 # Copyright (c) Django Software Foundation and individual contributors.
 # All rights reserved.
 # https://github.com/django/django/blob/master/LICENSE

hassio/utils/gdbus.py

@@ -247,7 +247,7 @@ class DBusSignalWrapper:
         self._proc.send_signal(SIGINT)
         await self._proc.communicate()
 
-    async def __aiter__(self):
+    def __aiter__(self):
         """Start Iteratation."""
         return self
 

hassio/utils/json.py

@@ -45,7 +45,7 @@ class JsonConfig:
         if self._file.is_file():
             try:
                 self._data = read_json_file(self._file)
-            except (OSError, json.JSONDecodeError):
+            except (OSError, json.JSONDecodeError, UnicodeDecodeError):
                 _LOGGER.warning("Can't read %s", self._file)
                 self._data = {}
 

hassio/validate.py

@@ -9,7 +9,8 @@ from .const import (
     ATTR_IMAGE, ATTR_LAST_VERSION, ATTR_CHANNEL, ATTR_TIMEZONE, ATTR_HASSOS,
     ATTR_ADDONS_CUSTOM_LIST, ATTR_PASSWORD, ATTR_HOMEASSISTANT, ATTR_HASSIO,
     ATTR_BOOT, ATTR_LAST_BOOT, ATTR_SSL, ATTR_PORT, ATTR_WATCHDOG,
-    ATTR_WAIT_BOOT, ATTR_UUID, CHANNEL_STABLE, CHANNEL_BETA, CHANNEL_DEV)
+    ATTR_WAIT_BOOT, ATTR_UUID, ATTR_REFRESH_TOKEN, ATTR_HASSOS_CLI,
+    CHANNEL_STABLE, CHANNEL_BETA, CHANNEL_DEV)
 
 
 RE_REPOSITORY = re.compile(r"^(?P<url>[^#]+)(?:#(?P<branch>[\w\-]+))?$")
@@ -88,6 +89,7 @@ SCHEMA_HASS_CONFIG = vol.Schema({
     vol.Inclusive(ATTR_LAST_VERSION, 'custom_hass'): vol.Coerce(str),
     vol.Optional(ATTR_PORT, default=8123): NETWORK_PORT,
     vol.Optional(ATTR_PASSWORD): vol.Maybe(vol.Coerce(str)),
+    vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
     vol.Optional(ATTR_SSL, default=False): vol.Boolean(),
     vol.Optional(ATTR_WATCHDOG, default=True): vol.Boolean(),
     vol.Optional(ATTR_WAIT_BOOT, default=600):
@@ -100,6 +102,7 @@ SCHEMA_UPDATER_CONFIG = vol.Schema({
     vol.Optional(ATTR_HOMEASSISTANT): vol.Coerce(str),
     vol.Optional(ATTR_HASSIO): vol.Coerce(str),
     vol.Optional(ATTR_HASSOS): vol.Coerce(str),
+    vol.Optional(ATTR_HASSOS_CLI): vol.Coerce(str),
 }, extra=vol.REMOVE_EXTRA)
 
 

pylintrc

@@ -21,7 +21,6 @@ disable=
   abstract-class-little-used,
   abstract-class-not-used,
   unused-argument,
-  global-statement,
   redefined-variable-type,
   too-many-arguments,
   too-many-branches,
@@ -32,7 +31,10 @@ disable=
   too-many-statements,
   too-many-lines,
   too-few-public-methods,
-  abstract-method
+  abstract-method,
+  no-else-return,
+  useless-return,
+  not-async-context-manager
 
 [EXCEPTIONS]
 overgeneral-exceptions=Exception,HomeAssistantError

requirements.txt

@@ -0,0 +1,13 @@
+attr==0.3.1
+async_timeout==3.0.0
+aiohttp==3.3.2
+docker==3.5.0
+colorlog==3.1.2
+voluptuous==0.11.5
+gitpython==2.1.10
+pytz==2018.4
+pyudev==0.21.0
+pycryptodome==3.6.4
+cpe==1.2.1
+uvloop==0.11.2
+cchardet==2.1.1

setup.py

@@ -38,18 +38,5 @@ setup(
         'hassio.utils',
         'hassio.snapshots'
     ],
-    include_package_data=True,
-    install_requires=[
-        'attr==0.3.1',
-        'async_timeout==3.0.0',
-        'aiohttp==3.3.2',
-        'docker==3.3.0',
-        'colorlog==3.1.2',
-        'voluptuous==0.11.1',
-        'gitpython==2.1.10',
-        'pytz==2018.4',
-        'pyudev==0.21.0',
-        'pycryptodome==3.4.11',
-        "cpe==1.2.1"
-    ]
+    include_package_data=True
 )

tox.ini

@@ -3,8 +3,9 @@ envlist = lint
 
 [testenv]
 deps =
-    flake8
-    pylint
+    flake8==3.5.0
+    pylint==2.1.1
+    -r{toxinidir}/requirements.txt
 
 [testenv:lint]
 basepython = python3