diff --git a/v0.2.1/cbox-tree.d/etc/cryptobox/cryptobox.conf b/v0.2.1/cbox-tree.d/etc/cryptobox/cryptobox.conf index 419a400..d692093 100644 --- a/v0.2.1/cbox-tree.d/etc/cryptobox/cryptobox.conf +++ b/v0.2.1/cbox-tree.d/etc/cryptobox/cryptobox.conf @@ -1,7 +1,7 @@ # this file is directly sourced by some bash scripts # so there should be no space around the "=" -LANGUAGE=de +LANGUAGE=en NET_IFACE=eth0 SAMBA_USER=nobody SCAN_DEVICES="/dev/hda /dev/hdb /dev/hdc /dev/hde /dev/hdf /dev/hdg /dev/scd0 /dev/scd1 /dev/scd2 /dev/scd3 /dev/sda /dev/sdb /dev/sdc /dev/sdd" @@ -25,13 +25,13 @@ OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf IDLE_COUNTER_FILE=/tmp/cbox-idle-counter # crypto settings -HASH=sha512 -ALGO=aes +HASH=ripemd160 +ALGO=aes-cbc-essiv:sha256 CRYPTMAPPER_DEV=/dev/mapper/cryptobox-data # some programs SFDISK=/sbin/sfdisk -WIPE=/usr/bin/wipe +#WIPE=/usr/bin/wipe MKFS_DATA=/sbin/mkfs.ext3 MKFS_CONFIG=/sbin/mkfs.ext2 CRYPTSETUP=/sbin/cryptsetup diff --git a/v0.2.1/cbox-tree.d/etc/init.d/cb-hints.sh b/v0.2.1/cbox-tree.d/etc/init.d/cb-hints.sh index b7ac3fd..46e0ca2 100755 --- a/v0.2.1/cbox-tree.d/etc/init.d/cb-hints.sh +++ b/v0.2.1/cbox-tree.d/etc/init.d/cb-hints.sh @@ -7,7 +7,7 @@ case "$1" in start ) echo - echo "Hints for usage: + echo "Hints for usage: " echo " * you can not login here :)" echo " * point a webbrowser on another computer to 'http://$(/usr/lib/cryptobox/cb-manage.sh get_current_ip)'" echo " * configure your box via your webbrowser" diff --git a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh index 1f87e02..e3e9428 100755 --- a/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh +++ b/v0.2.1/cbox-tree.d/usr/lib/cryptobox/cbox-manage.sh @@ -1,4 +1,5 @@ #!/bin/sh +# $Id: cbox-manage.sh 308 2005-10-20 12:11:32Z age $ # # this script does EVERYTHING # all other scripts are only frontends :) @@ -44,12 +45,7 @@ function initial_checks() { local device="$1" [ ! -b "$device" ] && log_msg "blockdevice $device does not exist" && return 1 - [ ! -x "$WIPE" ] && log_msg "$WIPE not found" && return 1 [ ! -x "$SFDISK" ] && log_msg "$SFDISK not found" && return 1 - for a in $ALGO $HASH - do grep -q "^name *: $a$" /proc/crypto || modprobe "$a" - grep -q "^name *: $a$" /proc/crypto || { log_msg "$a is not supported by kernel" && return 1; } - done log_msg "inital checks successful" return 0 } @@ -84,9 +80,28 @@ function config_get_value() else conf_dir=$CONFIG_DEFAULTS_DIR fi [ -z "$1" ] && error_msg 1 "empty setting name" - [ ! -e "$conf_dir/$1" ] && error_msg 2 "unknown configuration value ($1)" - # remove trailing line break - echo -n $(cat "$conf_dir/$1") + # check for existence - maybe use default values (for old releases without this setting) + if [ ! -e "$conf_dir/$1" ] + then case "$1" in + version ) + echo -n "0.2" + ;; + cipher ) + echo -n "aes" + ;; + hash ) + echo -n "sha512" + ;; + * ) + error_msg 2 "unknown configuration value ($1)" + # empty output + ;; + esac + else echo -n $(cat "$conf_dir/$1") + # this removes the trailing line break + fi + # always return without error + true } @@ -105,7 +120,7 @@ function create_config() log_msg "Copying configuration defaults ..." cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" - log_msg "Copying temporary cerificate file to config filesystem ..." + log_msg "Copying temporary certificate file to config filesystem ..." # beware: the temp file should always be there - even after reboot - see "mount_config" cp -p "$CERT_TEMP" "$CERT_FILE" @@ -135,7 +150,7 @@ function create_crypto() { local device="$1" # passphrase may be passed via command line - $CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2" + $CRYPTSETUP -h "$(config_get_value hash)" -c "$(config_get_value cipher)" create "`basename $CRYPTMAPPER_DEV`" "${device}2" } @@ -210,11 +225,14 @@ function find_harddisk() do grep -q " `basename $a`$" /proc/partitions && echo "$a" && break done fi ) - [ -z "$dev" ] && echo "no valid partition for initialisation found!" >>"$LOG_FILE" + if [ -z "$dev" ] ; then + echo "no valid harddisk for initialisation found!" >>"$LOG_FILE" + cat /proc/partitions >>"$LOG_FILE" + return 1 + fi echo -n "$dev" } - function mount_config() { is_config_mounted && error_msg 3 "configuration directory ($CONFIG_DIR) is already mounted!" @@ -238,12 +256,12 @@ function mount_config() function mount_crypto() { - is_crypto_mounted && echo "Das Crypto-Dateisystem ist bereits aktiv!" && return + is_crypto_mounted && echo "The cryptofilesystem is already active!" && return local device=`find_harddisk` - [ -z "$device" ] && error_msg 4 'no valid harddisk found!' + [ -z "$device" ] && error_msg 4 'No valid harddisk found!' && return 1 # passphrase is read from stdin log_msg "Mounting crypto partition ..." - $CRYPTSETUP -h "$HASH" -c "$ALGO" create "`basename $CRYPTMAPPER_DEV`" "${device}2" + $CRYPTSETUP -h "$(config_get_value hash)" -c "$(config_get_value cipher)" create "`basename $CRYPTMAPPER_DEV`" "${device}2" if mount "$CRYPTMAPPER_DEV" "$CRYPTO_DIR" then log_msg "Mount succeded - now starting samba ..." /etc/init.d/samba start @@ -282,12 +300,12 @@ function init_cryptobox_part1() # this is only the first part of initialisation that takes no time - good for a smooth web interface { local device=$(find_harddisk) - [ -z "$device" ] && log_msg 'no valid harddisk found!' && return 1 + [ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1 ( log_msg "Initializing crypto partition on $device ..." umount_crypto || true mount | grep -q " $CONFIG_DIR " && umount "$CONFIG_DIR" || true - initial_checks "$device" || return 1 + initial_checks "$device" || { log_msg "initial checks failed" && return 1} create_partitions "$device" create_config "$device" ) >>"$LOG_FILE" 2>&1 diff --git a/v0.2.1/etc-defaults.d/dfs-cbox.conf b/v0.2.1/etc-defaults.d/dfs-cbox.conf index b45a5cd..dd08c20 100644 --- a/v0.2.1/etc-defaults.d/dfs-cbox.conf +++ b/v0.2.1/etc-defaults.d/dfs-cbox.conf @@ -173,7 +173,7 @@ deletefiles = /etc/rcS.d/*discover # Debs from local fs to unpack on live FS (will not be configured) #unpackdebs = kernel/kernel-image-2.6.8_1.dfs_i386.deb -unpackdebs = kernel/kernel-image-2.6.12.6_cryptobox0.3_i386.deb +unpackdebs = kernel/kernel-image-2.6.12.6_cryptobox0.2.1_i386.deb # Other packages to install besides the list in DEFAULT packages = %(allpackages)s diff --git a/v0.2.1/kernel/config-2.6.12.6_cryptobox0.3 b/v0.2.1/kernel/config-2.6.12.6_cryptobox0.2.1 similarity index 88% rename from v0.2.1/kernel/config-2.6.12.6_cryptobox0.3 rename to v0.2.1/kernel/config-2.6.12.6_cryptobox0.2.1 index 4a2b198..36dfe45 100644 --- a/v0.2.1/kernel/config-2.6.12.6_cryptobox0.3 +++ b/v0.2.1/kernel/config-2.6.12.6_cryptobox0.2.1 @@ -1,7 +1,7 @@ # # Automatically generated make config: don't edit # Linux kernel version: 2.6.12.6 -# Mon Oct 17 13:43:42 2005 +# Thu Oct 20 16:59:34 2005 # CONFIG_X86=y CONFIG_MMU=y @@ -357,18 +357,18 @@ CONFIG_IDEDMA_AUTO=y # # SCSI device support # -CONFIG_SCSI=m +CONFIG_SCSI=y # CONFIG_SCSI_PROC_FS is not set # # SCSI support type (disk, tape, CD-ROM) # -CONFIG_BLK_DEV_SD=m +CONFIG_BLK_DEV_SD=y # CONFIG_CHR_DEV_ST is not set # CONFIG_CHR_DEV_OSST is not set -CONFIG_BLK_DEV_SR=m +CONFIG_BLK_DEV_SR=y # CONFIG_BLK_DEV_SR_VENDOR is not set -CONFIG_CHR_DEV_SG=m +CONFIG_CHR_DEV_SG=y # # Some SCSI devices (e.g. CD jukebox) support multiple LUNs @@ -387,87 +387,56 @@ CONFIG_SCSI_FC_ATTRS=m # # SCSI low-level drivers # -CONFIG_BLK_DEV_3W_XXXX_RAID=m -CONFIG_SCSI_3W_9XXX=m -CONFIG_SCSI_7000FASST=m -CONFIG_SCSI_ACARD=m -CONFIG_SCSI_AHA152X=m -CONFIG_SCSI_AHA1542=m -CONFIG_SCSI_AACRAID=m -CONFIG_SCSI_AIC7XXX=m -CONFIG_AIC7XXX_CMDS_PER_DEVICE=32 -CONFIG_AIC7XXX_RESET_DELAY_MS=15000 -# CONFIG_AIC7XXX_BUILD_FIRMWARE is not set -CONFIG_AIC7XXX_DEBUG_ENABLE=y -CONFIG_AIC7XXX_DEBUG_MASK=0 -CONFIG_AIC7XXX_REG_PRETTY_PRINT=y -CONFIG_SCSI_AIC7XXX_OLD=m -CONFIG_SCSI_AIC79XX=m -CONFIG_AIC79XX_CMDS_PER_DEVICE=32 -CONFIG_AIC79XX_RESET_DELAY_MS=15000 -# CONFIG_AIC79XX_BUILD_FIRMWARE is not set -# CONFIG_AIC79XX_ENABLE_RD_STRM is not set -CONFIG_AIC79XX_DEBUG_ENABLE=y -CONFIG_AIC79XX_DEBUG_MASK=0 -CONFIG_AIC79XX_REG_PRETTY_PRINT=y -CONFIG_SCSI_DPT_I2O=m -CONFIG_SCSI_IN2000=m +# CONFIG_BLK_DEV_3W_XXXX_RAID is not set +# CONFIG_SCSI_3W_9XXX is not set +# CONFIG_SCSI_7000FASST is not set +# CONFIG_SCSI_ACARD is not set +# CONFIG_SCSI_AHA152X is not set +# CONFIG_SCSI_AHA1542 is not set +# CONFIG_SCSI_AACRAID is not set +# CONFIG_SCSI_AIC7XXX is not set +# CONFIG_SCSI_AIC7XXX_OLD is not set +# CONFIG_SCSI_AIC79XX is not set +# CONFIG_SCSI_DPT_I2O is not set +# CONFIG_SCSI_IN2000 is not set # CONFIG_MEGARAID_NEWGEN is not set -CONFIG_MEGARAID_LEGACY=m +# CONFIG_MEGARAID_LEGACY is not set # CONFIG_SCSI_SATA is not set -CONFIG_SCSI_BUSLOGIC=m -# CONFIG_SCSI_OMIT_FLASHPOINT is not set -CONFIG_SCSI_DMX3191D=m -CONFIG_SCSI_DTC3280=m -CONFIG_SCSI_EATA=m -# CONFIG_SCSI_EATA_TAGGED_QUEUE is not set -# CONFIG_SCSI_EATA_LINKED_COMMANDS is not set -CONFIG_SCSI_EATA_MAX_TAGS=16 -CONFIG_SCSI_FUTURE_DOMAIN=m -CONFIG_SCSI_GDTH=m -CONFIG_SCSI_GENERIC_NCR5380=m -CONFIG_SCSI_GENERIC_NCR5380_MMIO=m -# CONFIG_SCSI_GENERIC_NCR53C400 is not set -CONFIG_SCSI_IPS=m -CONFIG_SCSI_INITIO=m -CONFIG_SCSI_INIA100=m -CONFIG_SCSI_PPA=m -CONFIG_SCSI_IMM=m -# CONFIG_SCSI_IZIP_EPP16 is not set -# CONFIG_SCSI_IZIP_SLOW_CTR is not set -CONFIG_SCSI_NCR53C406A=m -CONFIG_SCSI_SYM53C8XX_2=m -CONFIG_SCSI_SYM53C8XX_DMA_ADDRESSING_MODE=1 -CONFIG_SCSI_SYM53C8XX_DEFAULT_TAGS=16 -CONFIG_SCSI_SYM53C8XX_MAX_TAGS=64 -# CONFIG_SCSI_SYM53C8XX_IOMAPPED is not set -CONFIG_SCSI_IPR=m -# CONFIG_SCSI_IPR_TRACE is not set -# CONFIG_SCSI_IPR_DUMP is not set -CONFIG_SCSI_PAS16=m -CONFIG_SCSI_PSI240I=m -CONFIG_SCSI_QLOGIC_FAS=m -CONFIG_SCSI_QLOGIC_FC=m -# CONFIG_SCSI_QLOGIC_FC_FIRMWARE is not set -CONFIG_SCSI_QLOGIC_1280=m -# CONFIG_SCSI_QLOGIC_1280_1040 is not set -CONFIG_SCSI_QLA2XXX=m -CONFIG_SCSI_QLA21XX=m -CONFIG_SCSI_QLA22XX=m -CONFIG_SCSI_QLA2300=m -CONFIG_SCSI_QLA2322=m -CONFIG_SCSI_QLA6312=m -CONFIG_SCSI_LPFC=m -CONFIG_SCSI_SYM53C416=m -CONFIG_SCSI_DC395x=m -CONFIG_SCSI_DC390T=m -CONFIG_SCSI_T128=m -CONFIG_SCSI_U14_34F=m -# CONFIG_SCSI_U14_34F_TAGGED_QUEUE is not set -# CONFIG_SCSI_U14_34F_LINKED_COMMANDS is not set -CONFIG_SCSI_U14_34F_MAX_TAGS=8 -CONFIG_SCSI_ULTRASTOR=m -CONFIG_SCSI_NSP32=m +# CONFIG_SCSI_BUSLOGIC is not set +# CONFIG_SCSI_DMX3191D is not set +# CONFIG_SCSI_DTC3280 is not set +# CONFIG_SCSI_EATA is not set +# CONFIG_SCSI_FUTURE_DOMAIN is not set +# CONFIG_SCSI_GDTH is not set +# CONFIG_SCSI_GENERIC_NCR5380 is not set +# CONFIG_SCSI_GENERIC_NCR5380_MMIO is not set +# CONFIG_SCSI_IPS is not set +# CONFIG_SCSI_INITIO is not set +# CONFIG_SCSI_INIA100 is not set +# CONFIG_SCSI_PPA is not set +# CONFIG_SCSI_IMM is not set +# CONFIG_SCSI_NCR53C406A is not set +# CONFIG_SCSI_SYM53C8XX_2 is not set +# CONFIG_SCSI_IPR is not set +# CONFIG_SCSI_PAS16 is not set +# CONFIG_SCSI_PSI240I is not set +# CONFIG_SCSI_QLOGIC_FAS is not set +# CONFIG_SCSI_QLOGIC_FC is not set +# CONFIG_SCSI_QLOGIC_1280 is not set +CONFIG_SCSI_QLA2XXX=y +# CONFIG_SCSI_QLA21XX is not set +# CONFIG_SCSI_QLA22XX is not set +# CONFIG_SCSI_QLA2300 is not set +# CONFIG_SCSI_QLA2322 is not set +# CONFIG_SCSI_QLA6312 is not set +# CONFIG_SCSI_LPFC is not set +# CONFIG_SCSI_SYM53C416 is not set +# CONFIG_SCSI_DC395x is not set +# CONFIG_SCSI_DC390T is not set +# CONFIG_SCSI_T128 is not set +# CONFIG_SCSI_U14_34F is not set +# CONFIG_SCSI_ULTRASTOR is not set +# CONFIG_SCSI_NSP32 is not set # CONFIG_SCSI_DEBUG is not set # @@ -511,17 +480,17 @@ CONFIG_IEEE1394=y # # Texas Instruments PCILynx requires I2C # -CONFIG_IEEE1394_OHCI1394=m +CONFIG_IEEE1394_OHCI1394=y # # Protocol Drivers # # CONFIG_IEEE1394_VIDEO1394 is not set -CONFIG_IEEE1394_SBP2=m +CONFIG_IEEE1394_SBP2=y # CONFIG_IEEE1394_SBP2_PHYS_DMA is not set # CONFIG_IEEE1394_ETH1394 is not set # CONFIG_IEEE1394_DV1394 is not set -# CONFIG_IEEE1394_RAWIO is not set +CONFIG_IEEE1394_RAWIO=y # CONFIG_IEEE1394_CMP is not set # @@ -953,7 +922,7 @@ CONFIG_DUMMY_CONSOLE=y # CONFIG_USB_ARCH_HAS_HCD=y CONFIG_USB_ARCH_HAS_OHCI=y -CONFIG_USB=m +CONFIG_USB=y # CONFIG_USB_DEBUG is not set # @@ -968,13 +937,13 @@ CONFIG_USB_DEVICEFS=y # # USB Host Controller Drivers # -CONFIG_USB_EHCI_HCD=m +CONFIG_USB_EHCI_HCD=y # CONFIG_USB_EHCI_SPLIT_ISO is not set # CONFIG_USB_EHCI_ROOT_HUB_TT is not set -CONFIG_USB_OHCI_HCD=m +CONFIG_USB_OHCI_HCD=y # CONFIG_USB_OHCI_BIG_ENDIAN is not set CONFIG_USB_OHCI_LITTLE_ENDIAN=y -CONFIG_USB_UHCI_HCD=m +CONFIG_USB_UHCI_HCD=y # CONFIG_USB_SL811_HCD is not set # @@ -987,7 +956,7 @@ CONFIG_USB_UHCI_HCD=m # # NOTE: USB_STORAGE enables SCSI, and 'SCSI disk support' may also be needed; see USB_STORAGE Help for more information # -CONFIG_USB_STORAGE=m +CONFIG_USB_STORAGE=y # CONFIG_USB_STORAGE_DEBUG is not set # CONFIG_USB_STORAGE_DATAFAB is not set CONFIG_USB_STORAGE_FREECOM=y @@ -1190,10 +1159,10 @@ CONFIG_MSDOS_PARTITION=y # CONFIG_NLS=y CONFIG_NLS_DEFAULT="iso8859-15" -CONFIG_NLS_CODEPAGE_437=m +CONFIG_NLS_CODEPAGE_437=y # CONFIG_NLS_CODEPAGE_737 is not set # CONFIG_NLS_CODEPAGE_775 is not set -CONFIG_NLS_CODEPAGE_850=m +CONFIG_NLS_CODEPAGE_850=y # CONFIG_NLS_CODEPAGE_852 is not set # CONFIG_NLS_CODEPAGE_855 is not set # CONFIG_NLS_CODEPAGE_857 is not set @@ -1213,21 +1182,21 @@ CONFIG_NLS_CODEPAGE_850=m # CONFIG_NLS_ISO8859_8 is not set # CONFIG_NLS_CODEPAGE_1250 is not set # CONFIG_NLS_CODEPAGE_1251 is not set -CONFIG_NLS_ASCII=m -CONFIG_NLS_ISO8859_1=m -# CONFIG_NLS_ISO8859_2 is not set -# CONFIG_NLS_ISO8859_3 is not set -# CONFIG_NLS_ISO8859_4 is not set -# CONFIG_NLS_ISO8859_5 is not set -# CONFIG_NLS_ISO8859_6 is not set -# CONFIG_NLS_ISO8859_7 is not set -# CONFIG_NLS_ISO8859_9 is not set -# CONFIG_NLS_ISO8859_13 is not set -# CONFIG_NLS_ISO8859_14 is not set +CONFIG_NLS_ASCII=y +CONFIG_NLS_ISO8859_1=y +CONFIG_NLS_ISO8859_2=y +CONFIG_NLS_ISO8859_3=y +CONFIG_NLS_ISO8859_4=y +CONFIG_NLS_ISO8859_5=y +CONFIG_NLS_ISO8859_6=y +CONFIG_NLS_ISO8859_7=y +CONFIG_NLS_ISO8859_9=y +CONFIG_NLS_ISO8859_13=y +CONFIG_NLS_ISO8859_14=y CONFIG_NLS_ISO8859_15=y -# CONFIG_NLS_KOI8_R is not set -# CONFIG_NLS_KOI8_U is not set -CONFIG_NLS_UTF8=m +CONFIG_NLS_KOI8_R=y +CONFIG_NLS_KOI8_U=y +# CONFIG_NLS_UTF8 is not set # # Profiling support diff --git a/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.2.1_i386.deb b/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.2.1_i386.deb new file mode 100644 index 0000000..4290fc7 Binary files /dev/null and b/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.2.1_i386.deb differ diff --git a/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.3_i386.deb b/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.3_i386.deb deleted file mode 100644 index 29c5b84..0000000 Binary files a/v0.2.1/kernel/kernel-image-2.6.12.6_cryptobox0.3_i386.deb and /dev/null differ