first release: version 0.2

v0.2/scripts/cbox-build.sh

@@ -0,0 +1,181 @@
+#!/bin/sh
+#
+# managing our work at the cryptobox
+#
+# usual workflow:
+#   dfsbuild	- create the image directory with dfsbuild
+#   config	- apply cryptobox specific changes to the image directory
+#   harden	- remove unnecessary packages and disable developer features
+#   iso		- create the iso image
+#   isoz	- create a compressed iso image
+#   burn	- burns the image on a cd-rw
+#
+# final action:
+#   release	- the same as "dfsbuild config harden iso"
+#
+#
+# problems of this script:
+#  - has to run as root
+#  - 'harden' is strangely integrated
+#
+# you may run this script with multiple arguments, e.g.:
+#   cb-build.sh dfsbuild config iso
+#
+# the action "release" does what it says :)
+#  (all developer's features like sshd, writable templates and
+#   the test-suite are deactivated, some packages get removed)
+#
+
+set -ue
+
+# include common functions and settings
+source $(dirname $0)/common.sh.inc
+
+
+################### some settings ######################
+
+# dfsbuild config
+DFS_CONFIG=$(get_config_file dfs-cbox.conf)
+
+
+####################### functions ######################
+
+function run_dfsbuild()
+{
+	[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
+	dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR" 
+	
+	# remove iso image of dfsbuild - it is not necessary
+	[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
+}
+
+
+function create_iso()
+{
+	echo "Creating the iso ..."
+	mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
+}
+
+
+function create_compressed_iso()
+{
+	echo "Creating the compressed iso ..."
+	[ -e "$IMAGEZ_DIR" ] && rm -r "$IMAGEZ_DIR"
+	mkdir "$IMAGEZ_DIR"
+	for a in $(ls "$IMAGE_DIR")
+		do	if echo "$UNCOMPRESSED_ITEMS" | grep -q -w "$a"
+				then	echo "	Copying uncompressed item: $a ..."
+					cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"
+				else	if [ -h "$IMAGE_DIR/$a" ]
+						then	echo "	Copying link: $a ..."
+							cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"
+						else	echo "	Compressing item: $a ..."
+							mkzftree "$IMAGE_DIR/$a" "$IMAGEZ_DIR/$a"
+					  fi
+			  fi
+	  done
+	mkisofs -z $MKISOFS_OPTIONS -o "$IMAGEZ_FILE" "$IMAGEZ_DIR"
+}
+
+
+function configure_cb()
+{
+	if [ ! -e "$IMAGE_DIR" ]; then 
+		echo -e "Directory \"$IMAGE_DIR\" not found!"
+		echo -e "Did you run \"$0 dfsbuild\"?" 
+		exit
+	fi
+
+	echo "Copying files to the box ..."
+		[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
+		cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
+		rm -rf `find "$TMP_DIR" -type d -name ".svn"`
+		cp -dr "$TMP_DIR/." "$IMAGE_DIR"
+		rm -rf "$TMP_DIR"
+	
+	echo "Configuring the cryptobox ..."
+		# "harden" removes /etc/issue ...
+		if [ -e "$IMAGE_DIR/etc/issue" ]
+		  then	sed -i "s/^Version:/Revision:/" "$IMAGE_DIR/etc/issue"
+				sed -i "s/^Revision:.*/Revision: $(fetch_revision)/" "$IMAGE_DIR/etc/issue"
+		  else	echo "Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
+		 fi
+		fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
+		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
+	
+	# source local configure scripts
+	[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
+	  find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
+	     do	echo "Sourcing custom configure script $(basename $file):"
+		# execute it in its own environment (to be safe)
+		# 'source' implicitly imports all current settings
+		# indent these lines to improve the output
+		( source "$file" ) 2>&1 | sed 's/^/\t/'
+	   done
+}
+
+
+function fetch_revision()
+{
+	svn -R info 2>&1 | grep ^Revision| cut -f2 -d " " | sort | tail -1 \
+		|| echo "unknown release"
+}
+
+
+function blanknburn_cdrw()
+{
+	cdrecord -v dev=$CDWRITER blank=fast
+	cdrecord -v dev=$CDWRITER $IMAGE_FILE
+}
+################ do it! ######################
+
+[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"
+
+# initialize local directories (easier for users)
+for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR
+	do	[ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"
+  done
+
+# check for uid=0 (necessary for all operations)
+[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1
+
+while [ $# -gt 0 ]
+   do	case "$1" in
+	    dfsbuild )
+		# check if we are in ROOT_DIR - otherwise we will have problems with
+		# relative paths in dfs-box.conf
+		[ "$ROOT_DIR" -ef "$(pwd)" ] || error_die 1 "Sorry: you have to run $0 while you are in '$ROOT_DIR'!"
+		run_dfsbuild
+		;;
+	    config )
+		configure_cb normal
+		;;
+	    iso )
+		create_iso
+		;;
+	    isoz )
+		create_compressed_iso
+		;;
+	    harden )
+		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
+	    	;;
+	    burn )
+		blanknburn_cdrw
+		;;
+	    release )
+	    	$0 dfsbuild config harden iso
+		;;
+	    help|--help )
+		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | isoz | burn | help )"
+		echo "  (you may specify more than one action)"
+		echo
+	    	;;
+	    * )
+		echo -e "unknown action: $1"
+		echo
+		$0 help
+		exit 1
+		;;
+	  esac
+	  shift
+  done