diff --git a/pythonrewrite/LICENSE b/pythonrewrite/LICENSE new file mode 100644 index 0000000..b7b5f53 --- /dev/null +++ b/pythonrewrite/LICENSE @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/pythonrewrite/Makefile b/pythonrewrite/Makefile new file mode 100644 index 0000000..bb2f6c6 --- /dev/null +++ b/pythonrewrite/Makefile @@ -0,0 +1,70 @@ +# +# Makefile for the cryptobox web-interface +# +# Copyright (c) 02006 senselab +# + +CRYPTOBOX_ROOT = . + +PREFIX = /usr/local +SHARE_DIR = $(PREFIX)/share/cryptobox +LIB_DIR = $(PREFIX)/lib/cryptobox +DOC_DIR = $(PREFIX)/share/doc/cryptobox +BUILD_DIR = build_dir +INSTALL = install + +OS_TYPE=$(shell uname -o | tr [:upper:] [:lower:] | sed s/[^a-z0-9\._\-]/_/g) + +.PHONY: install clean build + +build: + $(INSTALL) -d -m 755 $(BUILD_DIR)/etc + $(INSTALL) -c -m 644 conf-examples/cryptobox.conf $(BUILD_DIR)/etc/ + @sed -i 's#^HTML_TEMPLATE_DIR=.*$$#HTML_TEMPLATE_DIR=$(SHARE_DIR)/templates#' $(BUILD_DIR)/etc/cryptobox.conf + @sed -i 's#^LANGUAGE_DIR=.*$$#LANGUAGE_DIR=$(SHARE_DIR)/lang#' $(BUILD_DIR)/etc/cryptobox.conf + @sed -i 's#^DOC_DIR=.*$$#DOC_DIR=$(DOC_DIR)/html#' $(BUILD_DIR)/etc/cryptobox.conf + @sed -i 's#^CONFIG_DEFAULTS_DIR=.*$$#CONFIG_DEFAULTS_DIR=$(SHARE_DIR)/defaults#' $(BUILD_DIR)/etc/cryptobox.conf + + # choose the appropriate program_locations.conf + if test -e conf-examples/distributions/$(OS_TYPE) ; \ + then cat conf-examples/distributions/$(OS_TYPE) ;\ + else cat conf-examples/distributions/default ;\ + fi >$(BUILD_DIR)/etc/distribution.conf + + # compile the suid wrapper + $(MAKE) -C bin LIB_DIR=$(LIB_DIR) + @touch $(BUILD_DIR)-stamp + + +install: $(BUILD_DIR)-stamp + $(INSTALL) -d -m 755 $(LIB_DIR) + $(INSTALL) -c -m 755 bin/cbox-manage.sh $(LIB_DIR) + $(INSTALL) -c -m 755 bin/cbox-root-actions.sh $(LIB_DIR) + $(INSTALL) -c -m 755 bin/cryptobox.pl $(LIB_DIR) + $(INSTALL) -c -m 755 bin/cryptobox_cgi_wrapper $(LIB_DIR) + $(INSTALL) -c -m 4755 bin/cryptobox_root_wrapper $(LIB_DIR) + $(INSTALL) -d -m 755 $(SHARE_DIR)/lang + $(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/ + $(INSTALL) -d -m 755 $(SHARE_DIR)/templates + $(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates + $(INSTALL) -d -m 755 $(SHARE_DIR)/defaults + $(INSTALL) -c -m 644 conf-examples/default-settings/* $(SHARE_DIR)/defaults/ + $(INSTALL) -d -m 755 $(SHARE_DIR)/html + $(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/ + $(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/ + $(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/ + #$(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots + #$(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/ + $(INSTALL) -d -m 755 $(DOC_DIR)/html/en + $(INSTALL) -d -m 755 $(DOC_DIR)/html/de + $(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/ + $(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/ + $(INSTALL) -d -m 755 $(SHARE_DIR)/distributions + $(INSTALL) -c -m 644 conf-examples/distributions/* $(SHARE_DIR)/distributions/ + + +clean: + $(MAKE) -C bin clean + -rm -rf $(BUILD_DIR) + -rm -f $(BUILD_DIR)-stamp + diff --git a/pythonrewrite/README b/pythonrewrite/README new file mode 100644 index 0000000..2fa9850 --- /dev/null +++ b/pythonrewrite/README @@ -0,0 +1 @@ +link cbox-tree.d/usr/share/doc/cryptobox/README \ No newline at end of file diff --git a/pythonrewrite/bin/Makefile b/pythonrewrite/bin/Makefile new file mode 100644 index 0000000..6023795 --- /dev/null +++ b/pythonrewrite/bin/Makefile @@ -0,0 +1,37 @@ +# Makefile to compile the binary suid-wrapper for cryptobox +# +# LIB_DIR should be defined in the higher level Makefile +# + +HEADER_FILE = cryptobox_wrapper.h +SRC_FILE = cryptobox_wrapper.c +CGI_SUID_FILE = cryptobox_cgi_wrapper +ROOT_SUID_FILE = cryptobox_root_wrapper + +CGI_FILENAME = cryptobox.pl +ROOT_SCRIPT_FILENAME = cbox-root-actions.sh +# fall back to default, if not overwritten +LIB_DIR = /usr/local/lib/cryptobox + + +# _always_ recompile (in case of a changed LIB_DIR) +.PHONY: build clean $(CGI_SUID_FILE) $(ROOT_SUID_FILE) + +build: $(CGI_SUID_FILE) $(ROOT_SUID_FILE) + + +$(CGI_SUID_FILE): $(SRC_FILE) + @echo '#define EXEC_PATH "$(LIB_DIR)/$(CGI_FILENAME)"' >$(HEADER_FILE) + $(CC) -o $(CGI_SUID_FILE) $(SRC_FILE) + -rm $(HEADER_FILE) + + +$(ROOT_SUID_FILE): $(SRC_FILE) + @echo '#define EXEC_PATH "$(LIB_DIR)/$(ROOT_SCRIPT_FILENAME)"' >$(HEADER_FILE) + $(CC) -o $(ROOT_SUID_FILE) $(SRC_FILE) + -rm $(HEADER_FILE) + + +clean: + -rm -f $(CGI_SUID_FILE) $(ROOT_SUID_FILE) $(HEADER_FILE) + diff --git a/pythonrewrite/bin/cbox-manage.sh b/pythonrewrite/bin/cbox-manage.sh new file mode 100755 index 0000000..30a82a6 --- /dev/null +++ b/pythonrewrite/bin/cbox-manage.sh @@ -0,0 +1,474 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# this script does EVERYTHING +# all other scripts are only frontends :) +# +# called by: +# - some rc-scripts +# - the web frontend cgi +# + +# TODO: check permissions and owners of config files, directories and scripts before +# running cbox-root-actions.sh + +set -eu + + +# default location of config file +CONF_FILE=/etc/cryptobox/cryptobox.conf + +LIB_DIR=$(dirname "$0") + +# to determine a nice default partition name +DEVICE_NAME_PREFIX="Disk #" + +# read the default setting file, if it exists +test -e /etc/default/cryptobox && . /etc/default/cryptobox + +test ! -e "$CONF_FILE" && echo "Could not find the configuration file: $CONF_FILE" >&2 && exit 1 + +# parse config file +. "$CONF_FILE" + +test ! -e "$CONF_FILE" && echo "Could not find the distribution specific configuration file: $CONF_FILE" >&2 && exit 1 + +# parse the distribution specific file +. "$DISTRIBUTION_CONF" + +# check for writable log file +test -w "$LOG_FILE" || LOG_FILE=/tmp/$(basename "$LOG_FILE") + +# retrieve configuration directory +CONFIG_DIR="$(getent passwd $CRYPTOBOX_USER | cut -d ':' -f 6)/config" +CONFIG_MARKER=cryptobox.marker + +## configuration +ROOT_PERM_SCRIPT="$LIB_DIR/cryptobox_root_wrapper" +# ROOT_PERM_SCRIPT needs the MNT_PARENT setting +export MNT_PARENT="$(cd ~; pwd)/mnt" + +######## stuff ########## + +# all partitions with a trailing number +ALL_PARTITIONS=$(cat /proc/partitions | sed '1,2d; s/ */ /g; s/^ *//' | cut -d " " -f 4 | grep '[0-9]$') + +######################### + +function log_msg() +{ + # the log file is (maybe) not writable during boot - try + # before writing ... + test -w "$LOG_FILE" || return 0 + echo >>"$LOG_FILE" + echo "##### `date` #####" >>"$LOG_FILE" + echo "$1" >>"$LOG_FILE" +} + + +function error_msg() +# parameters: ExitCode ErrorMessage +{ + local all=$@ + test $# -ne 2 && error_msg 1 "*** invalid call of error_msg *** $all" + echo "[`date`] - $2" | tee -a "$LOG_FILE" >&2 + # print the execution stack - not usable with busybox + # caller | sed 's/^/\t/' >&2 + exit "$1" +} + + +# Parameter: device +function is_device_allowed() { + # check for invalid characters and exit if one is found + local device=$(echo "$1" | sed 's#[^a-zA-Z0-9_\-\./]##g') + test "$1" = "$device" || return 1 + # remove leading "/dev/" + device=$(echo "$device" | sed 's#^/dev/##') + # return for empty name + test -z "$device" && return 1 + for a in $ALL_PARTITIONS + do echo "$device" | grep -q "^$a.*" && return 0 + done + # no matching device found - exit with error + return 1 +} + +function config_set_value() +# parameters: SettingName [SettingValue] +# read from stdin if SettingValue is not defined +{ + if test $# -gt 1 + then echo "$2" > "$CONFIG_DIR/$1" + else cat - >"$CONFIG_DIR/$1" + fi +} + + +function config_get_value() +# parameters: SettingName +{ + # use mounted config, if it exists - otherwise use defaults + local conf_dir + test -z "$1" && error_msg 1 "empty setting name" + # check for existence - maybe use default values (even for old + # releases that did not contain this setting) + if test -e "$CONFIG_DIR/$1" + then cat "$CONFIG_DIR/$1" + elif test -e "$CONFIG_DEFAULTS_DIR/$1" + then cat "$CONFIG_DEFAULTS_DIR/$1" + else case "$1" in + # you may place default values for older versions here + # for compatibility + * ) + error_msg 2 "unknown configuration value ($1)" + ;; + esac + fi + return 0 +} + + +function list_partitions_of_type() +# parameter: { config | crypto | plaindata | unused } +{ + local config= + local crypto= + local plaindata= + local unused= + for a in $ALL_PARTITIONS + do if "$ROOT_PERM_SCRIPT" is_crypto_partition "/dev/$a" + then crypto="$crypto /dev/$a" + elif "$ROOT_PERM_SCRIPT" is_config_partition "/dev/$a" + then config="$config /dev/$a" + elif "$ROOT_PERM_SCRIPT" is_plaindata_partition "/dev/$a" + then plaindata="$plaindata /dev/$a" + else unused="$unused /dev/$a" + fi + done + case "$1" in + config ) + echo "$config" + ;; + crypto ) + echo "$crypto" + ;; + plaindata ) + echo "$plaindata" + ;; + unused ) + echo "$unused" + ;; + * ) + error_msg 11 "wrong parameter ($1) for list_partition_types in $(basename $0)" + ;; + esac | tr " " "\n" | grep -v '^$' + return 0 +} + + +# Parameter: DEVICE +function get_device_mnt_name() { + "$ROOT_PERM_SCRIPT" get_device_mnt_name "$1" +} + + +# Parameter: DEVICE +function get_device_uuid() { + "$ROOT_PERM_SCRIPT" get_device_uuid "$1" +} + + +# Parameter: DEVICE +# return the readable name of the crypto container, if it is already defined +# if undefined - return the uuid +function get_device_name() { + local uuid=$(get_device_uuid "$1") + local dbname=$(config_get_value "names.db" | grep "^$uuid:" | cut -d ":" -f 2-) + # return dbname if it exists + test -n "$dbname" && echo "$dbname" && return 0 + # find a nice name for the new partition + local counter=1 + local test_name + local test_uuid + local test_result + # try to find a name with the defined "prefix" followed by a number ... + while true + do test_name="$DEVICE_NAME_PREFIX$counter" + if config_get_value "names.db" | grep -q ":$test_name$" + then counter=$((counter+1)) + else # save it for next time + set_device_name "$1" "$test_name" + echo "$test_name" + return 0 + fi + done +} + + +function set_device_name() +# TODO: the implementation is quite ugly, but it works (tm) +# Parameter: DEVICE NAME +{ + local uuid=$(get_device_uuid "$1") + # remove the old setting for this device and every possible entry with the same name + local new_config=$(config_get_value 'names.db' | sed "/^$uuid:/d; /^[^:]*:$2$/d"; echo "$uuid:$2") + echo "$new_config" | config_set_value "names.db" +} + + +function does_crypto_name_exist() +# Parameter: NAME +{ + config_get_value 'names.db' | grep -q "^[^:]*:$1$" +} + + +function create_crypto() +# Parameter: DEVICE NAME KEYFILE +# keyfile is necessary, to allow background execution via 'at' +{ + local device=$1 + local name=$2 + local keyfile=$3 + # otherwise the web interface will hang + # passphrase may be passed via command line + local key=$(<"$keyfile") + # remove the passphrase-file as soon as possible + dd if=/dev/zero of="$keyfile" bs=512 count=1 2>/dev/null + rm "$keyfile" + + log_msg "Creating crypto partition with the cipher $DEFAULT_CIPHER on $device" + echo "$key" | "$ROOT_PERM_SCRIPT" create_crypto "$device" + + set_crypto_name "$device" "$name" +} + + +function is_config_active() { + test -f "$CONFIG_DIR/$CONFIG_MARKER" +} + + +# Parameter: DEVICE +function is_mounted() { + local name=$(get_device_mnt_name "$1") + test -n "$name" && mountpoint -q "$MNT_PARENT/$name" +} + + +# Parameter: DEVICE +function is_plain() { + "$ROOT_PERM_SCRIPT" is_plain_partition "$1" +} + + +# Parameter: DEVICE +function is_encrypted() { + "$ROOT_PERM_SCRIPT" is_crypto_partition "$1" +} + + +# list which allowed disks are at the moment connected with the cbox +function get_available_disks() { + for scan in $SCAN_DEVICES + do for avail in $ALL_PARTITIONS + do echo "$avail" | grep -q "^$scan[^/]*" && echo "/dev/$avail" + done + done + return 0 +} + + +# Parameter: DEVICE +function mount_crypto() { + local device=$1 + test -z "$device" && error_msg 4 'No valid harddisk found!' + is_mounted "$device" && echo "The crypto filesystem is already active!" && return + # passphrase is read from stdin + log_msg "Mounting a crypto partition from $device" + "$ROOT_PERM_SCRIPT" mount "$device" >>"$LOG_FILE" 2>&1 +} + + +function umount_partition() { +# Parameter: device + local container=$(get_device_name "$1") + "$ROOT_PERM_SCRIPT" umount "$1" +} + + +function box_purge() +# removing just the first bytes from the harddisk should be enough +# every harddisk will be overriden! +# this feature is only useful for validation +{ + # TODO: not ALL harddisks, please! + get_available_disks | while read a + do log_msg "Purging $a ..." + "$ROOT_PERM_SCRIPT" trash_device "$a" + done +} + + +function turn_off_all_containers() { + # TODO - needs to be implemented + return 0 +} + + +### main ### + +# set PATH because thttpd removes /sbin and /usr/sbin for cgis +export PATH=/usr/sbin:/usr/bin:/sbin:/bin + + +ACTION=help +test $# -gt 0 && ACTION=$1 && shift + +case "$ACTION" in + crypto-up ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'crypto-up'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + mount_crypto "$1" + ;; + crypto-down ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'crypto-down'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + umount_partition "$1" + ;; + init ) + init_cryptobox >"$LOG_FILE" 2>&1 + ;; + list_container ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'list_container'" + case "$1" in + config | unused | plaindata | crypto ) + list_partitions_of_type "$1" + ;; + * ) + return 1 + ;; + esac + return 0 + ;; + get_device_name ) + # Parameter: DEVICE + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'get_device_name'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + get_device_name "$1" + ;; + set_device_name ) + # Parameter: DEVICE NAME + test $# -ne 2 && error_msg 10 "invalid number of parameters for 'set_device_name'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + set_device_name "$1" "$2" + ;; + device_init ) + # Parameter: DEVICE [KEYFILE] + test $# -lt 1 && error_msg 10 "invalid number of parameters for 'device_init' ($@)" + test $# -gt 2 && error_msg 10 "invalid number of parameters for 'device_init' ($@)" + if test $# -eq 2 + then test -z "$2" -o ! -e "$2" && error_msg 11 "invalid keyfile ($2) given for 'device_init'" + fi + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + if test $# -eq 2 + then "$ROOT_PERM_SCRIPT" create_crypto "$1" "$2" + else "$ROOT_PERM_SCRIPT" create_plain "$1" + fi + true + ;; + is_mounted ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_mounted'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + is_mounted "$1" + ;; + is_encrypted ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_encrypted'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + is_encrypted "$1" + ;; + is_plain ) + test $# -ne 1 && error_msg 10 "invalid number of parameters for 'is_plain'" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + is_plain "$1" + ;; + check_config) + is_config_active + ;; + get_available_disks ) + get_available_disks + ;; + set_config ) + test $# -ne 2 && error_msg 7 "'set_config' requires two parameters" + config_set_value "$1" "$2" + ;; + get_config ) + test $# -ne 1 && error_msg 6 "'get_config' requires exactly one parameter" + config_get_value "$1" + ;; + get_capacity_info ) + test $# -ne 1 && error_msg 6 "'get_capacity_info' requires exactly one parameter" + is_device_allowed "$1" || error_msg 12 "invalid device: $1" + is_mounted "$1" || error_msg 13 "the device is not mounted: $1" + name=$(get_device_mnt_name "$1") + df -h "$MNT_PARENT/$name" | tail -1 + ;; + diskinfo ) + get_available_disks | while read a + do "$ROOT_PERM_SCRIPT" diskinfo "$a" + done 2>/dev/null + ;; + box-purge ) + log_msg "Cleaning the CryptoBox ..." + turn_off_all_containers + "$0" config-down + box_purge >>"$LOG_FILE" 2>&1 + ;; + poweroff ) + log_msg "Shutting down the Cryptobox ..." + turn_off_all_containers + "$ROOT_PERM_SCRIPT" poweroff + ;; + reboot ) + log_msg "Rebooting the Cryptobox ..." + turn_off_all_containers + "$ROOT_PERM_SCRIPT" reboot + ;; + umount_all ) + log_msg "Unmounting all volumes ..." + turn_off_all_containers + ;; + * ) + echo "[$(basename $0)] - unknown action: $ACTION" >&2 + echo "Syntax: $(basename $0) ACTION [PARAMS]" + echo " crypto-up - mount crypto partition" + echo " crypto-down - unmount crypto partition" + echo " crypto-create - a wrapper for 'crypto-create-bg'" + echo " crypto-create-bg - create encrypted blockdevice and run mkfs" + echo " is_mounted - check, if crypto partition is mounted" + echo " check_config - check, if the configuration is usable" + echo " get_available_disks - shows all accessible disks" + echo " get_current_ip - get the current IP of the network interface" + echo " set_config NAME VALUE - change a configuration setting" + echo " get_config NAME - retrieve a configuration setting" + echo " get_device_name DEVICE - retrieve the human readable name of a partition" + echo " set_device_name DEVICE - set the human readable name of a partition" + echo " device_init DEVICE KEYFILE - initialize the filesystem of a partition (the keyfile just contains the passphrase)" + echo " get_capacity_info - print the output of 'df' for the (mounted) partition" + echo " diskinfo - show the partition table of the harddisk" + echo " box-purge - destroy the partition tables of all harddisks (delete everything)" + echo " poweroff - turn off the computer" + echo " reboot - reboot the computer" + echo + ;; + esac + +exit 0 + diff --git a/pythonrewrite/bin/cbox-root-actions.sh b/pythonrewrite/bin/cbox-root-actions.sh new file mode 100755 index 0000000..9e25d7d --- /dev/null +++ b/pythonrewrite/bin/cbox-root-actions.sh @@ -0,0 +1,341 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# this script is responsible for all dangerous actions, that require root privileges +# every action should be checked at least TWICE a day for open holes :) +# usually will get call via sudo +# +# called by: +# - cbox-manage.sh +# + +set -eu + +LIB_DIR=$(dirname "$0") +LIB_DIR=$(cd "$LIB_DIR"; pwd) + +test "$(id -u)" -ne 0 && echo "$(basename $0) - only root may call this script" >&2 && exit 100 + +# read the default setting file, if it exists +test -e /etc/default/cryptobox && . /etc/default/cryptobox + +# set CONF_FILE to default value, if not configured in /etc/default/cryptobox +CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} +# parse config file +. "$CONF_FILE" +# parse distribution specific file +. "$DISTRIBUTION_CONF" + +CB_SCRIPT="$LIB_DIR/cbox-manage.sh" +CONFIG_MARKER=cryptobox.marker + + +############ some useful functions ############### + +# check if the given device is part of the SCAN_DEVICE list +# every entry in SCAN_DEVICES is matched as "^/dev/${SCAN_DEVICE}[^/]*$" against +# the given device +# other devices may not be touched +function is_device_allowed() +# parameter: device +{ + for a in $SCAN_DEVICES + do echo "$1" | grep -q "^/dev/${a}[^/]*$" && return 0 + done + return 1 +} + + +# return the uuid of the partition (if possible) +# this works at least for luks, ext2/3 and vfat partitions +function get_device_uuid() { + local UUID + # check for luksUUID or ext2/3-uuid + if is_luks_device "$1" + then UUID=$("$CRYPTSETUP" luksUUID "$1") + else test -x "$BLKID" && UUID=$("$BLKID" -s UUID -o value -c /dev/null -w /dev/null "$1" 2>/dev/null) + fi + if test -z "$UUID" + then get_device_flat_name "$1" + else echo "$UUID" + fi + return 0 +} + + +# the device name is "flattened" +function get_device_flat_name() { + echo "$1" | sed 's#/#_#g' +} + + +# the basename of the mountpoint for this device - should be somehow human_readable +function get_device_mnt_name() { + "$CB_SCRIPT" get_device_name "$1" +} + + +# every devmapper name should look like a UUID +function is_uuid_valid() { + local hex=[0-9a-f] + echo "$1" | grep -q "^$hex\{8\}-$hex\{4\}-$hex\{4\}-$hex\{4\}-$hex\{12\}$" +} + + +# parameter ExitCode ErrorMessage +function error_msg() { + echo "CBOX-ERROR: [$(basename $0) - $ACTION] - $2" >&2 + exit $1 +} + + +# parameter: device sfdisk_layout_setup +# e.g.: /dev/hda "0,1,L \n,,L\n" +function partition_device() { + # TODO: allow different layouts + # TODO: skip config partition if a configuration is already active + # sfdisk -n doesn't actually write (for testing purpose) + if echo -e "$2" | "$SFDISK" -n "$1" + then echo -e "$2" | "$SFDISK" "$1" || return 1 + else return 2 + fi + true +} + + +function is_luks_device() +# parameter: device +{ + "$CRYPTSETUP" isLuks "$1" 2>/dev/null +} + + +################ main #################### + +ACTION=unknown +test $# -gt 0 && ACTION=$1 && shift + + +case "$ACTION" in + partition_disk ) + test $# -ne 2 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + partition_device "$1" "$2" || \ + error_msg 2 "failed to create new partition table on device $1" + ;; + mount ) + # parameters: device + # returns the relative name of the mointpoint for success + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + mnt_name=$(get_device_mnt_name "$1") + mountpoint -q "$MNT_PARENT/$mnt_name" && \ + error_msg 5 "a device with the same name ($mnt_name) is already mounted" + mkdir -p "$MNT_PARENT/$mnt_name" + if is_luks_device "$1" + then "$CRYPTSETUP" luksOpen "$1" "$mnt_name" || \ + error_msg 6 "could not open encrypted device $1" + if mount "$DEV_MAPPER_DIR/$mnt_name" "$MNT_PARENT/$mnt_name" + then true + else "$CRYPTSETUP" luksClose "$mnt_name" || true + error_msg 7 "wrong password for $1 supplied" + fi + else mount "$1" "$MNT_PARENT/$mnt_name" || \ + error_msg 8 "invalid filesystem on device $1" + fi + # just in case, that there is no ext2/3 filesystem: + # set uid option (will fail silently for ext2/3) + # TODO: there is no FILE_USER setting anymore - do we still need it? + #mount -o remount,uid="$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true + # adapt top-level permission to current setup - again: may fail silently + #chown "$FILE_USER" "$MNT_PARENT/$name" 2>/dev/null || true + true + ;; + umount ) + #parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + mnt_name=$(get_device_mnt_name "$1") + mountpoint -q "$MNT_PARENT/$mnt_name" || \ + error_msg 9 "the device ($1) is not mounted as '$mnt_name'" + # try to unmount - do it in lazy mode + umount -l "$MNT_PARENT/$mnt_name" + # TODO: check, what happens, if there are open files - does the device gets mapping removed? + # remove (if necessary) the device mapping + if test -e "$DEV_MAPPER_DIR/$mnt_name" + then "$CRYPTSETUP" luksClose "$mnt_name" || \ + error_msg 11 "could not remove the device mapper ($mnt_name) for device $1" + fi + # try to remove the mountpoint - a failure is not important + rmdir "$MNT_PARENT/$mnt_name" || true + # set exitcode + mountpoint -q "$MNT_PARENT/$mnt_name" && exit 1 + true + ;; + create_crypto ) + # parameter: device keyfile + test $# -ne 2 && error_msg 1 "wrong number of parameters" + keyfile=$2 + test -e "$keyfile" || error_msg 2 "keyfile ($keyfile) not found" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + # read the passphrase from stdin + # the iter-time is in milliseconds - keep it low for fast mounting + cat "$keyfile" | \ + "$CRYPTSETUP" --cipher "$DEFAULT_CIPHER" --iter-time 2000 --batch-mode luksFormat "$1" || \ + error_msg 11 "failed to create the encrypted partition" + name=$(get_device_mnt_name "$1") + cat "$keyfile" | "$CRYPTSETUP" --batch-mode luksOpen "$1" "$name" || \ + error_msg 12 "failed to open the encrypted partition" + # trash the passphrase in keyfile + echo "0123456789abcdefghijklmnopqrstuvwxyz" > "$keyfile" + # the disk cache surely prevents the previous line from being written, but we do it anyway ... + echo "zyxwvutsrqponmlkjihgfedcba9876543210" > "$keyfile" + rm "$keyfile" + # complete in background + ( + "$MKFS_DATA" "$DEV_MAPPER_DIR/$name" || \ + error_msg 13 "failed to create the encrypted filesystem" + "$CRYPTSETUP" --batch-mode luksClose "$name" || \ + error_msg 14 "failed to close the encrypted mapped device" + ) /dev/null 2>/dev/null & + true + ;; + create_plain ) + # parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters for 'create_plain'" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + # complete in background + ( + "$MKFS_DATA" "$1" || \ + error_msg 15 "failed to create the plaintext filesystem" + ) /dev/null 2>/dev/null & + true + ;; + get_device_mnt_name ) + # parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + get_device_mnt_name "$1" + ;; + get_device_uuid ) + # parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + get_device_uuid "$1" + ;; + is_config_partition ) + # parameter: device + # returns exitcode 0 if the device contains a configuration + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + is_config=0 + tmp_dir=/tmp/$(basename $0)-$$-mnt + mkdir -p "$tmp_dir" + # error means "no config partition" + if mount "$1" "$CONFIG_DIR" + then test -e "$CONFIG_DIR/$CONFIG_MARKER" && is_config=1 + umount "$CONFIG_DIR" || \ + error_msg 14 "unable to unmount configation partition after probing" + fi + rmdir "$tmp_dir" || true + # return 0 if $device is a config partition + test "$is_config" -eq 1 && exit 0 + exit 1 + ;; + is_crypto_partition ) + # parameter: device + # returns exitcode 0 if the device contains a luks header + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + is_luks_device "$1" + ;; + is_plain_partition ) + # parameter: device + # returns exitcode 0 if the device contains a readable filesystem + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + status=0 + tmp_dir=/tmp/$(basename $0)-$$-mnt + mkdir -p "$tmp_dir" + if mount "$1" "$tmp_dir" >/dev/null 2>/dev/null + then test ! -e "$tmp_dir/$CONFIG_MARKER" && status=1 + umount "$tmp_dir" + fi + rmdir "$tmp_dir" || true + test "$status" -eq 1 && exit 0 + exit 1 + ;; + trash_device ) + # parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + dd if=/dev/urandom of="$1" bs=512 count=1 2>/dev/null + ;; + diskinfo ) + # parameter: device + test $# -ne 1 && error_msg 1 "wrong number of parameters" + is_device_allowed "$1" || \ + error_msg 3 "this device ($1) is not listed in SCAN_DEVICES (see $CONF_FILE)" + "$SFDISK" -L -q -l "$1" + ;; + update_network ) + # parameter: none + ip= + # TODO: can we avoid to hard-code the filename ($CONFIG_DIR/ip) here? + test -e "$CONFIG_DIR/ip" && ip=$(<"$CONFIG_DIR/ip") + test -n "$z" && ifconfig "$NET_IFACE" "$ip" + ;; + poweroff ) + # TODO: check configuration setting before + "$POWEROFF" + ;; + reboot ) + # TODO: check configuration setting before + "$REBOOT" + ;; + * ) + echo "[$(basename $0)] - unknown action: $ACTION" >&2 + echo "Syntax: $(basename $0) ACTION PARAMETERS" + echo ' partition_disk $device $disk_layout' + echo ' get_device_name $device' + echo ' get_device_uuid $device' + echo ' create_crypto $device' + echo ' mount $device' + echo ' umount $name' + echo ' create_config $device' + echo ' mount_config $device' + echo ' remount_config { ro | rw }' + echo ' umount_config' + echo ' is_config_partition $device' + echo ' is_plain_partition $device' + echo ' is_crypto_partition $device' + echo ' trash_device $device' + echo ' diskinfo $device' + echo ' update_network' + echo ' poweroff' + echo ' reboot' + echo ' help' + echo + test "$ACTION" = "help" && exit 0 + # return error for any unknown/unspecified action + exit 1 + ;; + esac + diff --git a/pythonrewrite/bin/cryptobox.pl b/pythonrewrite/bin/cryptobox.pl new file mode 100755 index 0000000..7f36806 --- /dev/null +++ b/pythonrewrite/bin/cryptobox.pl @@ -0,0 +1,946 @@ +#!/usr/bin/perl +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# the web interface of the CryptoBox +# + + +############################################### + +use strict; +use CGI; +use ClearSilver; +use ConfigFile; +use English; +use CGI::Carp; +use IO::File; +use POSIX; + +use constant CRYPTOBOX_VERSION => 0.3; + +# debug levels +use constant DEBUG_NONE => 0; +use constant DEBUG_ERROR => 1; +use constant DEBUG_WARN => 2; +use constant DEBUG_INFO => 3; + +# drop privileges +$UID = $EUID; +$GID = $EGID; + +# necessary for suid perl scripts (see 'man perlsec' for details) +$ENV{'PATH'} = '/bin:/usr/bin'; +delete @ENV{qw(IFS CDPATH ENV BASH_ENV)}; # Make %ENV safer + +my $CONFIG_FILE = '/etc/cryptobox/cryptobox.conf'; + +my $pagedata; + +my ($LANGUAGE_DIR, $DEFAULT_LANGUAGE, $HTML_TEMPLATE_DIR, $DOC_DIR); +my ($CB_SCRIPT, $LOG_FILE, $IS_DEVEL, $STYLESHEET_URL, $DEBUG_LEVEL); + +# get the directory of the cryptobox scripts/binaries and untaint it +$CB_SCRIPT = $0; +$CB_SCRIPT =~ m/^(.*)\/[^\/]*$/; +$CB_SCRIPT = ($1)? "$1/cbox-manage.sh" : './cbox-manage.sh'; + +&fatal_error ("could not find configuration file ($CONFIG_FILE)") unless (-e $CONFIG_FILE); +my $config = ConfigFile::read_config_file($CONFIG_FILE); + +$LOG_FILE = $config->{LOG_FILE}; +$LANGUAGE_DIR = $config->{LANGUAGE_DIR}; +$DEFAULT_LANGUAGE = $config->{LANGUAGE}; +$HTML_TEMPLATE_DIR = $config->{HTML_TEMPLATE_DIR}; +$DOC_DIR = $config->{DOC_DIR}; +$IS_DEVEL = ( -e $config->{DEV_FEATURES_SCRIPT}); +$STYLESHEET_URL = $config->{STYLESHEET_URL}; +if (defined($config->{DEBUG_LEVEL})) { + $DEBUG_LEVEL = $config->{DEBUG_LEVEL}; +} else { + $DEBUG_LEVEL = DEBUG_ERROR; # default debug level +} + +my $query = new CGI; + +#################### subs ###################### + +# for fatal errors without the chance of clearsilver-rendering +sub fatal_error() { + my $message = shift; + + print "Content-Type: text/html\n\n"; + print "CryptoBox\n"; + print "\n"; + print '

' . $message . "

\n"; + print "\n"; + die "[CryptoBox]: $message"; +} + + +sub debug_msg() { + my ($level, $message) = @_; + return 0 unless ($level >= $DEBUG_LEVEL); + warn "[cryptobox]: $message"; +} + + +sub load_hdf { + my $hdf = ClearSilver::HDF->new(); + + my $fname = "$HTML_TEMPLATE_DIR/main.cs"; + &fatal_error ("Template directory is invalid ($fname not found)!") unless (-e "$fname"); + $hdf->setValue("Settings.TemplateDir","$HTML_TEMPLATE_DIR"); + + &fatal_error ("Documentation directory ($DOC_DIR) not found!") unless (-d "$DOC_DIR"); + $hdf->setValue("Settings.DocDir","$DOC_DIR"); + + # if it was requested as directory index (link from index.html), we should + # set a real script name - otherwise links with a query string will break + # ignore POST part of the SCRIPT_NAME (after "&") + (my $script_url = $ENV{'SCRIPT_NAME'}) =~ m/^[^&]*/; + $hdf->setValue("ScriptName", ($ENV{'SCRIPT_NAME'} eq '/')? '/cryptobox' : $script_url ); + + # set stylesheet url + $hdf->setValue("Settings.Stylesheet",$STYLESHEET_URL); + + &load_selected_language($hdf); + + &get_available_languages($hdf); + + return $hdf; +} + + +sub load_selected_language { + my $data = shift; + my $config_language; + + # load $DEFAULT_LANGUAGE - this is necessary, if a translation is incomplete + $data->readFile("$LANGUAGE_DIR/$DEFAULT_LANGUAGE" . ".hdf"); + + # load configured language, if it is valid + $config_language = &get_cbox_config("language"); + $config_language = $DEFAULT_LANGUAGE unless (&validate_language("$config_language")); + + # check for preferred browser language, if the box was not initialized yet + if ( ! &check_config()) + { + my $prefLang = &get_browser_language(); + # take it, if a supported browser language was found + $config_language = $prefLang unless ($prefLang eq ''); + } + + ######### temporary language setting? ############ + # the default language can be overriden by the language links in the + # upper right of the page + if ($query->param('weblang')) { + my $weblang = $query->param('weblang'); + if (&validate_language($weblang)) { + # load the data + $config_language = "$weblang"; + # add the setting to every link + # how it should be done now ... + $data->setValue('Settings.LinkAttrs.weblang', "$weblang"); + # old way of doing this ... (TODO: to be removed) + $data->setValue('Data.PostData.weblang', "$weblang"); + } else { + # no valid language was selected - so you may ignore it + $data->setValue('Data.Warning', 'InvalidLanguage'); + } + } + # import the configured resp. the temporarily selected language + $data->readFile("$LANGUAGE_DIR/$config_language" . ".hdf"); + + ########## select documentation language ########## + if (&validate_doc_language($config_language)) { + # selected web interface language + $data->setValue('Settings.DocLang', "$config_language"); + } elsif (&validate_doc_language($DEFAULT_LANGUAGE)) { + # configured CryptoBox language + $data->setValue('Settings.DocLang', "$DEFAULT_LANGUAGE"); + } else { + # default hardcoded language (english) + $data->setValue('Settings.DocLang', "en"); + } +} + + +# import the names of all available languages +sub get_available_languages { + my $data = shift; + my ($file, @files, $hdf, $lang_name); + + opendir(DIR, $LANGUAGE_DIR) or &fatal_error ("Language directory ($LANGUAGE_DIR) not accessible!"); + @files = sort grep { /.*\.hdf$/ } readdir(DIR); + close(DIR); + + foreach $file (@files) { + $hdf = ClearSilver::HDF->new(); + $hdf->readFile("$LANGUAGE_DIR/$file"); + substr($file, -4) = ""; + $lang_name = $hdf->getValue("Lang.Name", "$file"); + $data->setValue("Data.Languages." . "$file", "$lang_name"); + } +} + + +# look for preferred browser language setting +# this code was adapted from Per Cederberg - http://www.percederberg.net/home/perl/select.perl +# it returns an empty string, if no supported language was found +sub get_browser_language { + my ($str, @langs, @res); + + # Use language preference settings + if ($ENV{'HTTP_ACCEPT_LANGUAGE'} ne '') + { + @langs = split(/,/, $ENV{'HTTP_ACCEPT_LANGUAGE'}); + foreach (@langs) + { + # get the first part of the language setting + ($str) = ($_ =~ m/([a-z]+)/); + # check, if it supported by the cryptobox + $res[$#res+1] = $str if validate_language($str); + } + } + + # if everything fails - return empty string + $res[0] = "" if ($#res lt 0); + return $res[0]; +} + + +sub log_msg { + my $text = shift; + open(LOGFILE,">> $LOG_FILE"); + print LOGFILE "$text"; + close(LOGFILE); +} + + +sub check_ssl { + # check, if we are behind a proxy with ssl (e.g. pound) + return (0==0) if ($ENV{'HTTP_FRONT_END_HTTPS'} =~ m/^on$/i); + # environment variable set (e.g. via apache directive "SetEnv HTTPS On") + return (0==0) if ($ENV{'HTTPS'} =~ m/^on$/i); + # port 80 -> not encrypted + return (0==1) if ($ENV{'SERVER_PORT'} == 80); + # other ports -> maybe ok - we accept it + return (0==0); +} + + +# check, if the given device is mounted/used somehow +# Paramter: device +sub check_mounted { + my ($dev) = @_; + return (system($CB_SCRIPT,"is_mounted",$dev) == 0); +} + + +sub check_config { + return (system($CB_SCRIPT,"check_config") == 0); +} + + +sub exec_cb_script { + my (@params) = @_; + my ($pid, @result); + &fatal_error("unable to fork process") unless defined($pid = open(PROG_OUT, "-|")); + if (!$pid) { + # child + exec($CB_SCRIPT, @params) or &fatal_error("failed to execute $CB_SCRIPT!"); + exit 0; + } else { + # parent + # only read lines containing at least one non-whitespace character + @result = grep /\S/, ; + foreach (@result) { chomp; } + unless (close PROG_OUT) { + &debug_msg(DEBUG_WARN, "error while running $CB_SCRIPT (params:" . join(" ",@params) . "): $?"); + return undef; + } + } + if (wantarray) { + return @result; + } elsif (@result > 0) { + return join('',@result); + } else { + return ""; + } +} + + +sub check_init_running { + # TODO: improve this + return (0==1); +} + + +# Parameter: device +sub check_device_plaintext { + return (system("$CB_SCRIPT","is_plain",$1) == 0); +} + + +# Parameter: device +sub check_device_encryption { + return (system("$CB_SCRIPT","is_encrypted",$1) == 0); +} + + +sub is_harddisk_available { + my @all_disks = &exec_cb_script("get_available_disks"); + return @all_disks > 0; +} + + +sub get_available_disks { + my @all_disks = &exec_cb_script("get_available_disks"); + my ($disk, @return_disks); + foreach $disk (@all_disks) { + $disk =~ m#^([/\._\-\w]*)$#; + push @return_disks, $1 if ($1); + } + return @return_disks; +} + + +sub get_disk_name { + my ($dev) = @_; + my $disk_name = &exec_cb_script("get_device_name", $dev); + return $disk_name; +} + + +# return the value of a configuration setting (timeout, language, ip, ...) +# Parameter: setting_name +sub get_cbox_config { + my ($setting) = @_; + # tell the exec function, that we want a scalar instead of an array + my $scalar = &exec_cb_script("get_config",$setting); + return $scalar; +} + + +sub render { + my $pagefile = "$HTML_TEMPLATE_DIR/main.cs"; + print "Content-Type: text/html\n\n"; + + my $cs = ClearSilver::CS->new($pagedata); + $cs->parseFile($pagefile); + + print $cs->render(); +} + + +# mount an encrypted volume +# Parameter: device password +sub mount_vol { + my ($device, $pw) = @_; + + if (&check_mounted($device)) { + $pagedata->setValue('Data.Warning', 'IsMounted'); + } else { + if ($pw eq '') { + &exec_cb_script("crypto-up", $device); + } else { + open(PW_INPUT, "| $CB_SCRIPT crypto-up $device"); + print PW_INPUT $pw; + close(PW_INPUT); + } + } +} + + +# unmount a volume +# Parameter: device +sub umount_vol { + my ($device) = @_; + if (&check_mounted($device)) { + system($CB_SCRIPT, "crypto-down",$device); + } else { + $pagedata->setValue('Data.Warning', 'NotMounted'); + } +} + + +# Parameter: device passphrase +# ignore passphrase (or leave it empty) to create a plaintext volume +sub volume_init { + my ($device, $crypto_pw) = @_; + my $result; + + # only for encrypted volumes: + # write passphrase to a file - necessary as perl in secured mode does not allow + # the 'open(FH, "|/bin/prog ....")' call because of possible shell expansion - stupid 'open' :( + if ($crypto_pw) { + my ($fh, $temp_file); + # generate a temporary filename (as suggested by the Perl Cookbook) + do { $temp_file = POSIX::tmpnam() } + # TODO: reduce the file mask to the minimum - maybe 0600 would be a good choice + until $fh = IO::File->new($temp_file, O_RDWR|O_CREAT|O_EXCL); + close $fh; + unless (open(TMP, ">$temp_file")) { + &debug_msg(DEBUG_ERROR, "could not open a temporary file"); + return (1==0); + } + print TMP $crypto_pw; + close TMP; + $result = &exec_cb_script("device_init", $device, $temp_file); + unlink ($temp_file) if (-e $temp_file); + } else { + $result = &exec_cb_script("device_init", $device); + } + # just to be sure, that the file does not get left behind + # usually the script should overwrite and remove it + return defined($result); +} + + +sub box_purge { + &exec_cb_script("box-purge"); +} + + +sub system_poweroff { + &exec_cb_script("poweroff"); +} + + +sub system_reboot { + &exec_cb_script("reboot"); +} + + +sub validate_ip { + my $ip = shift; + my @octets = split /\./, $ip; + return 0 if ($#octets == 4); + # check for values and non-digits + return 0 if (($octets[0] <= 0) || ($octets[0] >= 255) || ($octets[0] =~ /\D/)); + return 0 if (($octets[1] < 0) || ($octets[1] >= 255) || ($octets[1] =~ /\D/)); + return 0 if (($octets[2] < 0) || ($octets[2] >= 255) || ($octets[2] =~ /\D/)); + return 0 if (($octets[3] <= 0) || ($octets[3] >= 255) || ($octets[3] =~ /\D/)); + return 1; +} + + +sub validate_timeout { + my $timeout = shift; + return 0 if ($timeout =~ /\D/); + return 1; +} + + +# check for a valid interface language +sub validate_language { + my $language = shift; + # check for non-alphanumeric character + return 0 if ($language =~ /\W/); + return 0 if ($language eq ""); + return 0 if ( ! -e "$LANGUAGE_DIR/$language" . '.hdf'); + return 1; +} + + +# check for a valid documentation language +sub validate_doc_language { + my $language = shift; + # check for non-alphanumeric character + return 0 if ($language =~ /\W/); + return 0 if ($language eq ""); + return 0 if ( ! -e "$DOC_DIR/$language"); + return 1; +} + + +################### main ######################### + + +$pagedata = load_hdf(); +my $current_admin_pw; + +my $action = $query->param('action'); +$action =~ m#^([\w\._\-]*)$#; +$action = ($1)? $1 : ''; + +my $device = $query->param('device'); +$device =~ m#^([/_\-\w\.]*)$#; +$device = ($1)? $1 : ''; + +# BEWARE: there are two kinds of actions: +# * some require a harddisk +# * some do not require a harddisk +# take care, that you put a new action into the appropriate block below + +# first: check for ssl! +if ( ! &check_ssl()) { + $pagedata->setValue('Data.Error', 'NoSSL'); + # remove port number from HTTP_HOST + my $hostname = $ENV{'HTTP_HOST'}; + $hostname =~ s/:[0-9]*//; + $pagedata->setValue('Data.Redirect.URL', "https://" . $hostname . $ENV{'SCRIPT_NAME'}); + $pagedata->setValue('Data.Redirect.Delay', "3"); +} elsif ($query->param('action')) { + #--------------------------------------------------------------# + # here you may define all cases that do not require a harddisk # + # put all other cases below the harddisk check # + #--------------------------------------------------------------# + #################### show_log ####################### + if ($action eq 'show_log') { + $pagedata->setValue('Data.Action', 'show_log'); + ##################### doc ############################ + } elsif ($action eq 'doc') { + if ($query->param('page')) { + $pagedata->setValue('Data.Doc.Page', $query->param('page')); + $pagedata->setValue('Data.Action', 'show_doc'); + } else { + $pagedata->setValue('Data.Doc.Page', 'CryptoBoxUser'); + $pagedata->setValue('Data.Action', 'show_doc'); + } + ##################### poweroff ###################### + } elsif ($action eq 'system_ask') { + $pagedata->setValue('Data.Action', 'form_system'); + ##################### reboot ######################## + } elsif ($action eq 'shutdown_do') { + if ($query->param('type') eq 'reboot') { + &system_reboot(); + $pagedata->setValue('Data.Success', 'ReBoot'); + $pagedata->setValue('Data.Redirect.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Delay', "180"); + } else { + &system_poweroff(); + $pagedata->setValue('Data.Success', 'PowerOff'); + } + $pagedata->setValue('Data.Action', 'empty'); + ##################### check for a harddisk ########################## + # catch this error, to prevent all following actions from execution # + ##################################################################### + } elsif ( ! &is_harddisk_available()) { + $pagedata->setValue('Data.Error', 'NoHardDisk'); + #-------------------------------------------------------# + # here you may define all cases that require a harddisk # + #-------------------------------------------------------# + ################ umount_do ####################### + } elsif ($action eq 'umount_do') { + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'emptu'); + } elsif ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'empty'); + $pagedata->setValue('Data.Redirect.Action', 'form_config'); + $pagedata->setValue('Data.Redirect.Delay', "30"); + } elsif ( ! &check_mounted($device)) { + $pagedata->setValue('Data.Warning', 'NotMounted'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + # unmounten + &umount_vol($device); + if (&check_mounted($device)) { + $pagedata->setValue('Data.Warning', 'UmountFailed'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + #$pagedata->setValue('Data.Success', 'UmountDone'); + $pagedata->setValue('Data.Action', 'show_volume'); + } + } + ################ mount_do ######################## + } elsif ($action eq 'mount_do') { + my $is_encrypted = &check_device_encryption($device) if ($device ne ''); + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'empty'); + } elsif ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'empty'); + $pagedata->setValue('Data.Redirect.Action', 'form_config'); + $pagedata->setValue('Data.Redirect.Delay', "30"); + } elsif (&check_mounted($device)) { + $pagedata->setValue('Data.Warning', 'IsMounted'); + $pagedata->setValue('Data.Action', 'show_volume'); + } elsif ($is_encrypted && ($query->param('crypto_password') eq '')) { + # leeres Passwort + $pagedata->setValue('Data.Warning', 'EmptyCryptoPassword'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + # mounten + if ($is_encrypted) { + &mount_vol($device, $query->param('crypto_password')); + } else { + &mount_vol($device); + } + if (!&check_mounted($device)) { + $pagedata->setValue('Data.Warning', 'MountFailed'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + #$pagedata->setValue('Data.Success', 'MountDone'); + $pagedata->setValue('Data.Action', 'show_volume'); + } + } + ################## mount_ask ####################### + } elsif ($action eq 'mount_ask') { + if ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'empty'); + $pagedata->setValue('Data.Redirect.Action', 'form_config'); + $pagedata->setValue('Data.Redirect.Delay', "30"); + } else { + $pagedata->setValue('Data.Action', 'form_mount'); + } + ################# umount_ask ######################## + } elsif ($action eq 'umount_ask') { + if ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } else { + $pagedata->setValue('Data.Action', 'form_umount'); + } + ################## init_ask ######################### + } elsif ($action eq 'init_ask') { + if (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'form_config'); + } elsif (&check_config()) { + $pagedata->setValue('Data.Warning', 'AlreadyConfigured'); + $pagedata->setValue('Data.Action', 'form_init'); + } else { + $pagedata->setValue('Data.Action', 'form_init'); + } + #################### init_do ######################## + } elsif ($action eq 'init_do') { + $current_admin_pw = &get_cbox_config("admin_pw"); + if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) { + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif ($query->param('admin_password') ne $query->param('admin_password2')) { + # different admin-passwords + $pagedata->setValue('Data.Warning', 'DifferentAdminPasswords'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif ($query->param('crypto_password') ne $query->param('crypto_password2')) { + # different crypto-passwords + $pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif ($query->param('crypto_password') eq '') { + # empty password + $pagedata->setValue('Data.Warning', 'EmptyCryptoPassword'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) { + # wrong confirm string + $pagedata->setValue('Data.Warning', 'InitNotConfirmed'); + $pagedata->setValue('Data.Action', 'form_init'); + } else { + if (&volume_init($query->param('crypto_password'),$query->param('admin_password'))) { + #$pagedata->setValue('Data.Success', 'InitRunning'); + $pagedata->setValue('Data.Action', 'form_config'); + } else { + $pagedata->setValue('Data.Error', 'InitFailed'); + } + } + #################### config_ask ###################### + } elsif ($action eq 'config_ask') { + if ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } else { + $pagedata->setValue('Data.Action', 'form_config'); + } + #################### config_do ####################### + } elsif ($action eq 'config_do') { + my $query_language = $query->param('language'); + $query_language =~ m/^(\w+)$/; $query_language = $1; + my $query_timeout = $query->param('timeout'); + $query_timeout =~ m/^(\d+)$/; $query_timeout = $1; + if ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } else { + $current_admin_pw = &get_cbox_config("admin_pw"); + if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) { + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'form_config'); + } elsif ( ! &validate_language($query_language)) { + $pagedata->setValue('Data.Warning', 'InvalidLanguage'); + $pagedata->setValue('Data.Action', 'form_config'); + } elsif ( ! &validate_timeout($query_timeout)) { + $pagedata->setValue('Data.Warning', 'InvalidTimeOut'); + $pagedata->setValue('Data.Action', 'form_config'); + } else { + system($CB_SCRIPT, "set_config", "language", $query_language); + &load_selected_language($pagedata); + system($CB_SCRIPT, "set_config", "timeout", $query_timeout); + # check, if the ip was reconfigured + # TODO: IP stuff should be moved to the live-cd stuff + if (defined($query->param('ip')) && ($query->param('ip') ne &get_cbox_config("ip"))) { + # set the new value + system($CB_SCRIPT, "set_config", "ip", $query->param('ip')); + # redirect to the new address + $pagedata->setValue('Data.Redirect.URL', "https://" . $query->param('ip') . $ENV{'SCRIPT_NAME'}); + $pagedata->setValue('Data.Redirect.Delay', "5"); + # display a warning for the redirection + $pagedata->setValue('Data.Warning', 'IPAddressChanged'); + } + # check for success + if (defined($query->param('timeout')) + && (&get_cbox_config("timeout") ne $query->param('timeout'))) { + $pagedata->setValue('Data.Warning', 'ConfigTimeOutFailed'); + } elsif (defined($query->param('ip')) && + (&get_cbox_config("ip") ne $query->param('ip'))) { + $pagedata->setValue('Data.Warning', 'ConfigIPFailed'); + } elsif (defined($query->param('language')) + && (&get_cbox_config("language") ne $query->param('language'))) { + $pagedata->setValue('Data.Warning', 'ConfigLanguageFailed'); + } else { + #$pagedata->setValue('Data.Success', 'ConfigSaved'); + } + $pagedata->setValue('Data.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Delay', "30"); + } + } + ############## change volume name ################### + } elsif ($action eq 'volume_name_set') { + my $volume_name = $query->param('volume_name'); + # remove all special characters which are not white-listed + $volume_name =~ s#[^\w \-_\#/\(\)\[\]]##g; + # untaint variable + $volume_name =~ m#^(.*)$#; $volume_name = $1; + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'show_status'); + } elsif (&check_mounted($device)) { + $pagedata->setValue('Data.Warning','VolumeMayNotBeMounted'); + $pagedata->setValue('Data.Action', 'show_volume'); + } elsif ($volume_name eq '') { + $pagedata->setValue('Data.Warning','InvalidVolumeName'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + &exec_cb_script('set_device_name',$device,$volume_name); + my $new_volume_name = &exec_cb_script('get_device_name',$device); + $pagedata->setValue('Data.Warning','SetVolumeNameFailed') unless ($new_volume_name eq $volume_name); + $pagedata->setValue('Data.Action', 'show_volume'); + } + ############ initialize volume (form) ############### + } elsif ($action eq 'volume_init_ask') { + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'show_status'); + } elsif (&check_mounted($device)) { + $pagedata->setValue('Data.Warning','VolumeMayNotBeMounted'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + $pagedata->setValue('Data.CurrentDisk.InitParams.encrypted',defined($query->param('encryption'))? 1 : 0); + $pagedata->setValue('Data.Action', 'form_init_partition'); + } + ############### initialize volume ################### + } elsif ($action eq 'volume_init_do') { + $current_admin_pw = &get_cbox_config("admin_pw"); + # remember the current "encryption" setting - just in case, we want to emit a warning and + # return to the same screen + $pagedata->setValue('Data.CurrentDisk.InitParams.encrypted',defined($query->param('encryption'))? 1 : 0); + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'show_status'); + } elsif (&check_mounted($device)) { + $pagedata->setValue('Data.Warning','VolumeMayNotBeMounted'); + $pagedata->setValue('Data.Action', 'show_volume'); + } elsif ($current_admin_pw ne '' + && $current_admin_pw ne $query->param('current_admin_password')) { + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'form_init_partition'); + } elsif (defined($query->param('encryption')) && ($query->param('crypto_password') ne $query->param('crypto_password2'))) { + # different crypto-passwords + $pagedata->setValue('Data.Warning', 'DifferentCryptoPasswords'); + $pagedata->setValue('Data.Action', 'form_init_partition'); + } elsif (defined($query->param('encryption')) && ($query->param('crypto_password') eq '')) { + # empty password + $pagedata->setValue('Data.Warning', 'EmptyCryptoPassword'); + $pagedata->setValue('Data.Action', 'form_init_partition'); + } elsif ($query->param('confirm') ne $pagedata->getValue('Lang.Text.ConfirmInit','')) { + # wrong confirm string + $pagedata->setValue('Data.Warning', 'InitNotConfirmed'); + $pagedata->setValue('Data.Action', 'form_init_partition'); + } else { + my $init_result; + if (defined($query->param('encryption'))) { + $init_result = &volume_init($device,$query->param('crypto_password')); + } else { + $init_result = &volume_init($device); + } + if ($init_result) { + #$pagedata->setValue('Data.Success', 'InitRunning'); + $pagedata->setValue('Data.Action', 'show_volume'); + } else { + $pagedata->setValue('Data.Error', 'InitFailed'); + $pagedata->setValue('Data.Action', 'show_volume'); + } + } + ################## volume info ###################### + } elsif ($action eq 'show_volume') { + if ($device eq '') { + &debug_msg(DEBUG_INFO, "invalid device: " . $query->param('device')); + $pagedata->setValue('Data.Warning', 'InvalidDevice'); + $pagedata->setValue('Data.Action', 'show_status'); + } else { + $pagedata->setValue('Data.Action', 'show_volume'); + } + #################### status ######################### + } elsif ($action eq 'show_status') { + if ( ! &check_config()) { + $pagedata->setValue('Data.Warning', 'NotInitialized'); + $pagedata->setValue('Data.Action', 'form_init'); + } elsif (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'empty'); + $pagedata->setValue('Data.Redirect.Action', 'form_config'); + $pagedata->setValue('Data.Redirect.Delay', "30"); + } else { + $pagedata->setValue('Data.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Delay', "60"); + } + ################### box_purge ####################### + # if we find an existing config partition, then check the adminpw + } elsif ($action eq 'do_purge') { + if ( &check_config()) { + $current_admin_pw = &get_cbox_config("admin_pw"); + if ($current_admin_pw ne '' && $current_admin_pw ne $query->param('current_admin_password')) { + $pagedata->setValue('Data.Warning', 'WrongAdminPassword'); + $pagedata->setValue('Data.Action', 'form_config'); + } else { + &box_purge; + $pagedata->setValue('Data.Action', 'form_init'); + } + } + ################### unknown ######################### + } else { + $pagedata->setValue('Data.Error', 'UnknownAction'); + } +#################### default action ########################## +# check for a harddisk again, as this check was skipped +# because there was no action defined +} elsif ( ! &is_harddisk_available()) { + $pagedata->setValue('Data.Error', 'NoHardDisk'); +} else { + if (&check_init_running()) { + $pagedata->setValue('Data.Warning', 'InitNotFinished'); + $pagedata->setValue('Data.Action', 'empty'); + $pagedata->setValue('Data.Redirect.Action', 'form_config'); + $pagedata->setValue('Data.Redirect.Delay', "60"); + } elsif (&check_config()) { + $pagedata->setValue('Data.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Action', 'show_status'); + $pagedata->setValue('Data.Redirect.Delay', "60"); + } else { + $pagedata->setValue('Data.Action', 'form_init'); + } +} + +# check state of the cryptobox +$pagedata->setValue('Data.Status.Config', &check_config() ? 1 : 0); +$pagedata->setValue('Data.Status.InitRunning', &check_init_running() ? 1 : 0); + +my $output = &get_cbox_config("admin_pw"); +$pagedata->setValue('Data.Config.AdminPasswordIsSet', 1) if ($output ne ''); + +$output = join ("
", &exec_cb_script("diskinfo")); +$pagedata->setValue('Data.PartitionInfo',"$output"); + +# preset config settings for clearsilver +$pagedata->setValue('Data.Config.IP', &get_cbox_config("ip")); +$pagedata->setValue('Data.Config.TimeOut', &get_cbox_config("timeout")); +$pagedata->setValue('Data.Config.Language', &get_cbox_config("language")); + +# read log and add html linebreaks +$output = ''; +if (-e "$LOG_FILE") { + open(LOGFILE, "< $LOG_FILE"); + while () { $output .= "$_
" } + close(LOGFILE); +} +$pagedata->setValue('Data.Log',"$output"); + +$pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEVEL); + +# save QUERY_STRING (e.g. for weblang-links) +my $querystring = $ENV{'QUERY_STRING'}; +# remove weblang setting +$querystring =~ s/weblang=\w\w&?//; +$pagedata->setValue('Data.QueryString', "$querystring") if ($querystring ne ''); + +$pagedata->setValue('Data.Version', CRYPTOBOX_VERSION); + +my ($one_disk, $one_name, $isActive, $isEncrypted, $isPlaintext); +my $avail_counter = 0; my $active_counter = 0; my $passive_counter = 0; +for $one_disk (&get_available_disks()) { + $one_name = &get_disk_name($one_disk); + $isEncrypted = &check_device_encryption($one_disk); + $isPlaintext = &check_device_plaintext($one_disk); + $pagedata->setValue("Data.Disks.available.${avail_counter}.device",$one_disk); + $pagedata->setValue("Data.Disks.available.${avail_counter}.name",$one_name); + $pagedata->setValue("Data.Disks.available.${avail_counter}.encryption", $isEncrypted? 1 : 0); + $pagedata->setValue("Data.Disks.available.${avail_counter}.plaintext", $isPlaintext? 1 : 0); + $isActive = &check_mounted($one_disk); + if ($isActive) { + $pagedata->setValue("Data.Disks.available.${avail_counter}.isActive",1); + $pagedata->setValue("Data.Disks.active.${active_counter}.device",$one_disk); + $pagedata->setValue("Data.Disks.active.${active_counter}.name",$one_name); + $pagedata->setValue("Data.Disks.active.${active_counter}.encryption", $isEncrypted? 1 : 0); + $pagedata->setValue("Data.Disks.active.${active_counter}.plaintext", $isPlaintext? 1 : 0); + $active_counter++; + } else { + $pagedata->setValue("Data.Disks.available.${avail_counter}.isActive",0); + $pagedata->setValue("Data.Disks.passive.${passive_counter}.device",$one_disk); + $pagedata->setValue("Data.Disks.passive.${passive_counter}.name",$one_name); + $pagedata->setValue("Data.Disks.passive.${passive_counter}.encryption", $isEncrypted? 1 : 0); + $pagedata->setValue("Data.Disks.passive.${passive_counter}.plaintext", $isPlaintext? 1 : 0); + $passive_counter++; + } + if ($device eq $one_disk) { + $pagedata->setValue('Data.CurrentDisk.device', $one_disk); + $pagedata->setValue('Data.CurrentDisk.name', $one_name); + $pagedata->setValue('Data.CurrentDisk.active', $isActive? 1 : 0); + $pagedata->setValue("Data.CurrentDisk.encryption", $isEncrypted? 1 : 0); + $pagedata->setValue("Data.CurrentDisk.plaintext", $isPlaintext? 1 : 0); + # retrieve capacity information if the device is mounted + if (&check_mounted($device)) { + my $cap_info = &exec_cb_script("get_capacity_info",$device); + # filter the relevant values (a simple split is not working, as the device name may + # contain spaces + $cap_info =~ m#^.*\s+([0-9\.,]+\w)\s+([0-9\.,]+\w)\s+([0-9\.,]+\w)\s+([0-9\.,]+\%)\s+#; + my ($cap_size, $cap_used, $cap_free, $cap_percent) = ($1, $2, $3, $4); + $pagedata->setValue('Data.CurrentDisk.capacity.used', $cap_used); + $pagedata->setValue('Data.CurrentDisk.capacity.free', $cap_free); + $pagedata->setValue('Data.CurrentDisk.capacity.size', $cap_size); + $pagedata->setValue('Data.CurrentDisk.capacity.percent', $cap_percent); + } + } + $avail_counter++; +} + +&render(); + +close STDOUT; + +exit 0; + diff --git a/pythonrewrite/bin/cryptobox_wrapper.c b/pythonrewrite/bin/cryptobox_wrapper.c new file mode 100644 index 0000000..b2f6e5b --- /dev/null +++ b/pythonrewrite/bin/cryptobox_wrapper.c @@ -0,0 +1,21 @@ +/* $Id$ */ + +// define the location of your cryptobox.pl file in this header file +#include "cryptobox_wrapper.h" + +#include +#include + +/* C wrapper to allow cryptobox to run under a different uid */ +/* Copyright (C) 02006, senselab, All Rights Reserved */ +/* See the LICENSE file in this distribution for copyright information */ + +int main(int argc, char *argv[]) { + + // necessary for mount action of the root-script + setreuid(geteuid(), -1); + + argv[0] = EXEC_PATH; + execv(EXEC_PATH, argv); + +} diff --git a/pythonrewrite/bin/ro-system.sh b/pythonrewrite/bin/ro-system.sh new file mode 100644 index 0000000..2d6e9d7 --- /dev/null +++ b/pythonrewrite/bin/ro-system.sh @@ -0,0 +1,191 @@ +function create_config() +# Parameter: device +{ + local device=$1 + unload_config + # create the new configuration filesystem if it is not static + if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ] + then log_msg "Using static configuration ..." + else log_msg "Creating config filesystem ..." + "$ROOT_PERM_SCRIPT" create_config "$device" + log_msg "Mounting config partition ..." + "$ROOT_PERM_SCRIPT" mount_config "$device" + "$ROOT_PERM_SCRIPT" remount_config rw + fi + log_msg "Copying configuration defaults ..." + cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR" + + log_msg "Copying temporary certificate file to config filesystem ..." + log_msg "Setting inital values ..." + # beware: config_set_value remounts the config partition read-only + config_set_value "ip" "$(get_current_ip)" + # create database of readable names + config_set_value "names.db" "" + # create a marker to recognize a cryptobox partition + # this should be the last step, to prevent a half-initialized state + config_set_value "$CONFIG_MARKER" "$(date -I)" +} + + +function find_harddisk() +# look for the harddisk to be partitioned +{ + local device=$(get_available_disks | head -1) + if [ -z "$device" ] ; then + log_msg "no valid harddisk for initialisation found!" + cat /proc/partitions >>"$LOG_FILE" + # do not return with an error, to avoid a failing of the script ('break on error') + # the caller of this function should handle an empty return string + fi + echo -n "$device" +} + + +function load_config() +{ + unload_config + local status=0 + # look for a configuration partition + [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \ + list_partitions_of_type config | while read part && [ "$status" = 0 ] + do log_msg "configuraton found on $part" + # error check? + "$ROOT_PERM_SCRIPT" mount_config "/dev/$part" + status=1 + done + if is_config_active + then return 0 + else log_msg "failed to locate config partition" + return 1 + fi +} + + +function unload_config() +{ + is_config_active || return + # only try to unmount, if it is not static (the config of a live-cd is always dynamic) + if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] + then "$ROOT_PERM_SCRIPT" umount_config + else return 0 + fi +} + + +# rename to "prepare_cryptobox" +function init_cryptobox() +# this is only the first part of initialisation that takes no time - good for a smooth web interface +{ + local device=$(find_harddisk) + [ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1 + turn_off_all_crypto + unload_config || true + log_msg "Partitioning the device ($device) ..." + "$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n" + log_msg "Initializing config partition on ${device}1 ..." + # TODO: this should not be hard-coded + create_config "${device}1" +} + + +case "$ACTION" of + network-up ) + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then conf_ip=$(config_get_value "ip") + log_msg "Configuring $NET_IFACE for $conf_ip ..." + echo "Configuring network interface for $NET_IFACE: $conf_ip" + "$IFCONFIG" "$NET_IFACE" "$conf_ip" + fi + if [ "$EXEC_FIREWALL_RULES" = 1 ] + then log_msg "Starting the firewall ..." + "$FIREWALL_SCRIPT" start + fi + if [ "$USE_STUNNEL" = 1 ] + then # start stunnel + if [ -f "$CERT_FILE" ] + then USE_CERT=$CERT_FILE + else USE_CERT=$CERT_TEMP + $MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1 + # TODO: this could be dangerous - right? + # this is necessary, to allow www-data to copy the certificate + chown "$WEB_USER" "$CERT_TEMP" + fi + log_msg "Starting stunnel ..." + stunnel -p "$USE_CERT" -r localhost:80 -d 443 \ + || echo "$USE_CERT not found - not starting stunnel" + fi + ;; + network-down ) + if [ "$EXEC_FIREWALL_RULES" = 1 ] + then log_msg "Stopping the firewall ..." + "$FIREWALL_SCRIPT" stop + fi + if [ "$USE_STUNNEL" = 1 ] + then log_msg "Stopping stunnel ..." + # TODO: what about a pid? + killall stunnel 2>/dev/null || true + fi + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then log_msg "Shutting the network interface down ..." + "$IFCONFIG" "$NET_IFACE" down + fi + ;; + services-up ) + # the mount point has to be writeable + # this action is called as root - so we are allowed to umount + # TODO: do this only for ro-filesystem + # TODO: this way of mounting is evil + if mountpoint -q "$MNT_PARENT" + then true + else mount -t tmpfs tmpfs "$MNT_PARENT" + fi + true + ;; + services-down ) + # this action is called as root - so we are allowed to umount + mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT" + # TODO: we should not depend on samba and thttpd + # /etc/init.d/samba stop || true + # /etc/init.d/thttpd stop || true + true + ;; + is_harddisk_available ) + [ -z "$(find_harddisk)" ] && exit 1 + exit 0 + ;; + update_ip_address ) + # reconfigure the network interface to a new IP address + # wait for 5 seconds to finish present http requests + if [ "$SKIP_NETWORK_CONFIG" != 1 ] + then echo -n "sleep 5; \"$ROOT_PERM_SCRIPT\" update_network" | at now + fi + ;; + poweroff ) + log_msg "Turning off the CryptoBox ..." + turn_off_all_crypto + echo "poweroff" | at now + ;; + reboot ) + log_msg "Rebooting the CryptoBox ..." + turn_off_all_crypto + echo "reboot" | at now + ;; + * ) + echo "Syntax: $(basename $0) ACTION" + echo " config-up - scan for configuration partition and mount it" + echo " config-down - unmount configuration partition" + echo " network-up - enable network interface" + echo " network-down - disable network interface" + echo " services-up - run some cryptobox specific daemons" + echo " services-down - stop some cryptobox specific daemons" + echo " update_ip_address - update the network interface after reconfiguration" + echo " is_config_mounted - check, if configuration partition is mounted" + echo " box-init - initialize cryptobox (ALL data is LOST)" + echo " box-init-fg - the first part of initialization" + echo " box-init-bg - the last part of initialization (background)" + echo " is_harddisk_available - check, if there is a usable harddisk" + echo " poweroff - shutdown the cryptobox" + echo " reboot - reboot the cryptobox" + echo + ;; + esac diff --git a/pythonrewrite/conf-examples/cryptobox.conf b/pythonrewrite/conf-examples/cryptobox.conf new file mode 100644 index 0000000..4ac399a --- /dev/null +++ b/pythonrewrite/conf-examples/cryptobox.conf @@ -0,0 +1,36 @@ +# this file is directly sourced by some bash scripts +# so there should be no space around the "=" + +LANGUAGE=en +CRYPTOBOX_USER=cryptobox +SCAN_DEVICES="sd loop" + +# web interface +HTML_TEMPLATE_DIR=/usr/share/cryptobox/templates +STYLESHEET_URL=/cryptobox-misc/cryptobox.css + +# directories +LANGUAGE_DIR=/usr/share/cryptobox/lang +DOC_DIR=/usr/share/doc/cryptobox/html +CONFIG_DEFAULTS_DIR=/usr/share/cryptobox/defaults + +# some files +LOG_FILE=/var/log/cryptobox.log + +# crypto settings +# TODO: for now, the usual default cipher does not work on ARM, so we enable it during development +#DEFAULT_CIPHER=aes-cbc-essiv:sha256 +DEFAULT_CIPHER=aes +DEV_MAPPER_DIR=/dev/mapper + +# distribution specific configuration +# examples can be found in /usr/local/share/cryptobox/distributions +DISTRIBUTION_CONF=/etc/cryptobox/distribution.conf + +# choose a debug level: +# 0 => no debug messages at all +# 1 => critical errors (default) +# 2 => warning messages +# 3 => information +DEBUG_LEVEL=1 + diff --git a/pythonrewrite/conf-examples/default-settings/admin_pw b/pythonrewrite/conf-examples/default-settings/admin_pw new file mode 100644 index 0000000..e69de29 diff --git a/pythonrewrite/conf-examples/default-settings/cryptobox.marker b/pythonrewrite/conf-examples/default-settings/cryptobox.marker new file mode 100644 index 0000000..e69de29 diff --git a/pythonrewrite/conf-examples/default-settings/ip b/pythonrewrite/conf-examples/default-settings/ip new file mode 100644 index 0000000..1cad3c7 --- /dev/null +++ b/pythonrewrite/conf-examples/default-settings/ip @@ -0,0 +1 @@ +192.168.0.23 diff --git a/pythonrewrite/conf-examples/default-settings/language b/pythonrewrite/conf-examples/default-settings/language new file mode 100644 index 0000000..c574d07 --- /dev/null +++ b/pythonrewrite/conf-examples/default-settings/language @@ -0,0 +1 @@ +en diff --git a/pythonrewrite/conf-examples/default-settings/names.db b/pythonrewrite/conf-examples/default-settings/names.db new file mode 100644 index 0000000..e69de29 diff --git a/pythonrewrite/conf-examples/default-settings/timeout b/pythonrewrite/conf-examples/default-settings/timeout new file mode 100644 index 0000000..64bb6b7 --- /dev/null +++ b/pythonrewrite/conf-examples/default-settings/timeout @@ -0,0 +1 @@ +30 diff --git a/pythonrewrite/conf-examples/default-settings/version b/pythonrewrite/conf-examples/default-settings/version new file mode 100644 index 0000000..be58634 --- /dev/null +++ b/pythonrewrite/conf-examples/default-settings/version @@ -0,0 +1 @@ +0.3 diff --git a/pythonrewrite/conf-examples/distributions/README b/pythonrewrite/conf-examples/distributions/README new file mode 100644 index 0000000..7a9edfa --- /dev/null +++ b/pythonrewrite/conf-examples/distributions/README @@ -0,0 +1,11 @@ +You need to copy one of these files to /etc/cryptobox/distribution.conf. +Choose the one, that fits to your particular operating system - if you are +not sure which operation system you are using, then you should run + uname -o +to get to know yourself :) + +If the file for your specific operating system is not available, then you +may consider to send a copy of the one you wrote for yourself to + devel@systemausfall.org. +Thanks! + diff --git a/pythonrewrite/conf-examples/distributions/gnu_linux b/pythonrewrite/conf-examples/distributions/gnu_linux new file mode 100644 index 0000000..7bf9377 --- /dev/null +++ b/pythonrewrite/conf-examples/distributions/gnu_linux @@ -0,0 +1,12 @@ +# program locations for debian +SFDISK=/sbin/sfdisk +MKFS_DATA=/sbin/mkfs.ext3 +MKFS_CONFIG=/sbin/mkfs.ext2 +CRYPTSETUP=/sbin/cryptsetup +IFCONFIG=/sbin/ifconfig +PMOUNT=/bin/pmount +PUMOUNT=/bin/pumount +BLKID=/sbin/blkid +POWEROFF=/sbin/poweroff +REBOOT=/sbin/reboot + diff --git a/pythonrewrite/debian/README.Debian b/pythonrewrite/debian/README.Debian new file mode 100644 index 0000000..8a503fc --- /dev/null +++ b/pythonrewrite/debian/README.Debian @@ -0,0 +1,6 @@ +CryptoBox for Debian - installation notes + +be aware of two things: +1) you need cryptsetup with luks support (for now only in unstable) +2) the debian perl-clearsilver package is broken (at least until April 02006) + diff --git a/pythonrewrite/debian/changelog b/pythonrewrite/debian/changelog new file mode 100644 index 0000000..f9c1d29 --- /dev/null +++ b/pythonrewrite/debian/changelog @@ -0,0 +1,3 @@ +cryptobox (0.3.0-1) unstable; urgency=low + * Initial release + -- Lars Kruse Wed, 10 May 2006 20:26:47 +0100 diff --git a/pythonrewrite/debian/control b/pythonrewrite/debian/control new file mode 100644 index 0000000..b2dba57 --- /dev/null +++ b/pythonrewrite/debian/control @@ -0,0 +1,19 @@ +Source: cryptobox +Section: admin +Priority: extra +Maintainer: Lars Kruse +Build-Depends: debhelper (>>3.0.0), dpatch, gcc (>=2.95) +Standards-Version: 3.6.2 + +Package: cryptobox +Architecture: any +Depends: bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), perl, httpd-cgi, hashalot, libconfigfile-perl, cryptsetup (>=20050111), dmsetup, pmount, initscripts, e2fsprogs (>= 1.27), adduser +Recommends: perl-clearsilver +Suggests: cron, samba +Description: Web interface for an encrypting fileserver + This bundle of scripts and cgis allow you to manage an encrypted harddisk + via a web interface. The data is platform independently available + via samba file shares. + Even non-technical users are able to encrypt their private data with the + CryptoBox. + diff --git a/pythonrewrite/debian/copyright b/pythonrewrite/debian/copyright new file mode 100644 index 0000000..0219b29 --- /dev/null +++ b/pythonrewrite/debian/copyright @@ -0,0 +1,27 @@ +This package was debianized by Lars Kruse on +Wed, May 10 21:23:16 CEST 2006 + +It was downloaded from http://cryptobox.org/ + +Upstream Authors: + sense.lab development + +Copyright: + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the + Free Software Foundation, Inc., + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA. + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + diff --git a/pythonrewrite/debian/cryptobox.default b/pythonrewrite/debian/cryptobox.default new file mode 100644 index 0000000..175e245 --- /dev/null +++ b/pythonrewrite/debian/cryptobox.default @@ -0,0 +1,12 @@ +# boot configuration file for the CryptoBox +# +# $Id$ +# +# the default setup of the cryptobox is complete inactivity + +# set to "1" to turn off the cryptobox - otherwise "0" +NO_START=1 + +# change the default configuration file if necessary +#CONF_FILE=/etc/cryptobox/cryptobox.conf + diff --git a/pythonrewrite/debian/cryptobox.init b/pythonrewrite/debian/cryptobox.init new file mode 100755 index 0000000..bb13012 --- /dev/null +++ b/pythonrewrite/debian/cryptobox.init @@ -0,0 +1,54 @@ +#!/bin/sh +# +# runlevel script of the cryptobox package +# +# Copyright (c) 02006, senselab +# +# see LICENSE file in this package for details +# + +# check if the cryptobox is installed +[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0 + +# read the default setting file, if it exists +[ -e /etc/default/cryptobox ] && source /etc/default/cryptobox + +# startup switch defaults to zero (enabled) +NO_START=${NO_START:-0} + +#if [ "$NO_START" = "1" ] +# then [ $# -eq 0 ] && exit 0 +# [ "$1" = "status" ] && exit 1 +# [ "$1" = "stop" ] && exit 0 +# echo "CryptoBox is disabled by default" +# exit 0 +# fi + +# set CONF_FILE to default value, if not configured in /etc/default/cryptobox +CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} + +# parse config file +if [ -e "$CONF_FILE" ] + then source "$CONF_FILE" + else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2 + exit 1 + fi + +case "$1" in + start ) + # nothing to be done + ;; + stop ) + # unmount all active containers + "/usr/lib/cryptobox/cbox-manage.sh" umount_all + ;; + force-reload | restart ) + "$0" stop + "$0" start + ;; + * ) + echo "invalid action specified - try { start | stop | restart }" >&2 + exit 1 + ;; + esac + diff --git a/pythonrewrite/debian/dirs b/pythonrewrite/debian/dirs new file mode 100644 index 0000000..7135fc4 --- /dev/null +++ b/pythonrewrite/debian/dirs @@ -0,0 +1,4 @@ +etc/cryptobox +etc/default +etc/init.d +usr/lib/cgi-bin diff --git a/pythonrewrite/debian/links b/pythonrewrite/debian/links new file mode 100644 index 0000000..bd32720 --- /dev/null +++ b/pythonrewrite/debian/links @@ -0,0 +1 @@ +/usr/share/cryptobox/html /var/www/cryptobox-misc diff --git a/pythonrewrite/debian/patches/00list b/pythonrewrite/debian/patches/00list new file mode 100644 index 0000000..e69de29 diff --git a/pythonrewrite/debian/postinst b/pythonrewrite/debian/postinst new file mode 100755 index 0000000..3dd5ec1 --- /dev/null +++ b/pythonrewrite/debian/postinst @@ -0,0 +1,43 @@ +#!/bin/sh + +# read the default setting file, if it exists +[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox + +# set CONF_FILE to default value, if not configured in /etc/default/cryptobox +CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} + +# parse config file +if test -e "$CONF_FILE" + then . "$CONF_FILE" + # create mount and config directories with appropriate permissions + test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" + fi + +if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null + then # do nothing - the user already exists + true + else # create cryptobox user + echo "Creating new user '$CRYPTOBOX_USER' ..." + USER_HOME=/var/lib/cryptobox + adduser --system --group --home "$USER_HOME" cryptobox + # add the user to the group "plugdev" (necessary for pmount) + adduser cryptobox plugdev + cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config" + mkdir "$USER_HOME/mnt" + chown -R ${CRYPTOBOX_USER}: "$USER_HOME" + # only members of the cryptobox group may access the user directory + chmod 750 "$USER_HOME" + # no one may look into the config directory (protect init passwords) + chmod 700 "$USER_HOME/config" + fi + +# set permissions for suid wrappers +chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper" +chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper" +chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox" +chmod 6755 "/usr/lib/cgi-bin/cryptobox" + +#DEBHELPER# + +true + diff --git a/pythonrewrite/debian/postrm b/pythonrewrite/debian/postrm new file mode 100755 index 0000000..b96ff52 --- /dev/null +++ b/pythonrewrite/debian/postrm @@ -0,0 +1,12 @@ +#!/bin/sh + +if test "$1" = "purge" && getent passwd cryptobox 2>/dev/null >/dev/null \ + && test "$(cd ~cryptobox;pwd)" = /var/lib/cryptobox + then echo "Removing user 'cryptobox' ..." + userdel -r cryptobox + fi + +#DEBHELPER# + +# return without error +true diff --git a/pythonrewrite/debian/rules b/pythonrewrite/debian/rules new file mode 100755 index 0000000..33284e8 --- /dev/null +++ b/pythonrewrite/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatibility version to use. +export DH_COMPAT=4 + +# necessary for dpatch +.NOTPARALLEL: + +DEB_BUILD_DIR=$(CURDIR)/debian/cryptobox + +configure: configure-stamp +configure-stamp: patch + dh_testdir + @# PUT SOMETHING HERE + touch configure-stamp + + +build: build-stamp + +build-stamp: configure-stamp + dh_testdir + $(MAKE) build PREFIX=/usr + touch build-stamp + +clean: clean-patched unpatch + +clean-patched: + dh_testdir + dh_testroot + $(MAKE) clean + rm -f build-stamp configure-stamp + dh_clean + +patch: patch-stamp +patch-stamp: + dpatch apply-all + touch patch-stamp + +unpatch: + dpatch deapply-all + rm -rf patch-stamp debian/patched + +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + $(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr + install -c -m 644 build_dir/etc/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/ + install -c -m 644 build_dir/etc/distribution.conf $(DEB_BUILD_DIR)/etc/cryptobox/ + install -c -m 755 bin/cryptobox_cgi_wrapper $(DEB_BUILD_DIR)/usr/lib/cgi-bin/cryptobox + + +# Build architecture-independent files here. +binary-indep: build install + +# Build architecture-dependent files here. +binary-arch: build install + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples +# dh_install +# dh_installmenu +# dh_installdebconf +# dh_installlogrotate +# dh_installemacsen +# dh_installpam +# dh_installmime + dh_installinit +# dh_installcron +# dh_installinfo + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_perl +# dh_python +# dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure clean-patched patch patch-stamp unpatch diff --git a/pythonrewrite/design/logo/ameisenkopp.svg b/pythonrewrite/design/logo/ameisenkopp.svg new file mode 100644 index 0000000..d018f39 --- /dev/null +++ b/pythonrewrite/design/logo/ameisenkopp.svg @@ -0,0 +1,3242 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/antlogo100px.png b/pythonrewrite/design/logo/antlogo100px.png new file mode 100644 index 0000000..454709d Binary files /dev/null and b/pythonrewrite/design/logo/antlogo100px.png differ diff --git a/pythonrewrite/design/logo/antlogo100px_green.png b/pythonrewrite/design/logo/antlogo100px_green.png new file mode 100644 index 0000000..fd1d2d9 Binary files /dev/null and b/pythonrewrite/design/logo/antlogo100px_green.png differ diff --git a/pythonrewrite/design/logo/antlogo100px_red.png b/pythonrewrite/design/logo/antlogo100px_red.png new file mode 100644 index 0000000..18e33d4 Binary files /dev/null and b/pythonrewrite/design/logo/antlogo100px_red.png differ diff --git a/pythonrewrite/design/logo/antlogo100px_transp_red.png b/pythonrewrite/design/logo/antlogo100px_transp_red.png new file mode 100644 index 0000000..77a52b0 Binary files /dev/null and b/pythonrewrite/design/logo/antlogo100px_transp_red.png differ diff --git a/pythonrewrite/design/logo/boesetest.svg b/pythonrewrite/design/logo/boesetest.svg new file mode 100644 index 0000000..f987d53 --- /dev/null +++ b/pythonrewrite/design/logo/boesetest.svg @@ -0,0 +1,392 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/bubblebutton.svg b/pythonrewrite/design/logo/bubblebutton.svg new file mode 100644 index 0000000..92cfc73 --- /dev/null +++ b/pythonrewrite/design/logo/bubblebutton.svg @@ -0,0 +1,774 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/entwurf.svg b/pythonrewrite/design/logo/entwurf.svg new file mode 100644 index 0000000..456a84a --- /dev/null +++ b/pythonrewrite/design/logo/entwurf.svg @@ -0,0 +1,945 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + doire wrote to mention a Physicsweb piecerevealing some of the first bits of data fromthe Deep Impact mission. From the article:"Based on data from the flyby spacecraft andthe impactor, Michael O'Hearn of theUniversity of Maryland and colleagues saythat Tempel 1 belongs to the Jupiter family ofcomets, although its overall shape and surfacefeatures are quite different from the nuclei ofthe two other comets that have been studiedin detail -- Wild 2 and Borelly. They also reportthat Tempel 1 consists largely of extremelyfine particles that seem to be very looselybound together: in other words, the comet ismore like a pile of powder than a solid rock."Looks like the Electric Universe folks were off.Yours sincerely,Big Brother + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/evil_stick.png b/pythonrewrite/design/logo/evil_stick.png new file mode 100644 index 0000000..0f711c6 Binary files /dev/null and b/pythonrewrite/design/logo/evil_stick.png differ diff --git a/pythonrewrite/design/logo/evil_stick.svg b/pythonrewrite/design/logo/evil_stick.svg new file mode 100644 index 0000000..adb361e --- /dev/null +++ b/pythonrewrite/design/logo/evil_stick.svg @@ -0,0 +1,811 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + + + + + + During the course of our ongoing review of the Secure Flight program,we found that TSA did not fully disclose to the public its use of personalinformation in its fall 2004 privacy notices as required by the Privacy Act.In particular, the public was not made fully aware of, nor had theopportunity to comment on, TSA's use of personal information drawnfrom commercial sources to test aspects of the Secure Flight program.In September 2004 and November 2004, TSA issued privacy notices inthe Federal Register that included descriptions of how such informationwould be used. However, these notices did not fully inform the publicbefore testing began about the procedures that TSA and its contractorswould follow for collecting, using, and storing commercial data. Inaddition, the scope of the data used during commercial data testing wasnot fully disclosed in the notices. Specifically, a TSA contractor, acting onbehalf of the agency, collected more than 100 million commercial datarecords containing personal information such as name, date of birth, andtelephone number without informing the public. As a result of TSA'sactions, the public did not receive the full protections of the Privacy Act.Yours sincerely,Big Brother + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/evil_stick2.png b/pythonrewrite/design/logo/evil_stick2.png new file mode 100644 index 0000000..a7a48a9 Binary files /dev/null and b/pythonrewrite/design/logo/evil_stick2.png differ diff --git a/pythonrewrite/design/logo/evil_stick2.svg b/pythonrewrite/design/logo/evil_stick2.svg new file mode 100644 index 0000000..4153b9b --- /dev/null +++ b/pythonrewrite/design/logo/evil_stick2.svg @@ -0,0 +1,820 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + During the course of our ongoing review of the Secure Flight program,we found that TSA did not fully disclose to the public its use of personalinformation in its fall 2004 privacy notices as required by the Privacy Act.In particular, the public was not made fully aware of, nor had theopportunity to comment on, TSA's use of personal information drawnfrom commercial sources to test aspects of the Secure Flight program.In September 2004 and November 2004, TSA issued privacy notices inthe Federal Register that included descriptions of how such informationwould be used. However, these notices did not fully inform the publicbefore testing began about the procedures that TSA and its contractorswould follow for collecting, using, and storing commercial data. Inaddition, the scope of the data used during commercial data testing wasnot fully disclosed in the notices. Specifically, a TSA contractor, acting onbehalf of the agency, collected more than 100 million commercial datarecords containing personal information such as name, date of birth, andtelephone number without informing the public. As a result of TSA'sactions, the public did not receive the full protections of the Privacy Act.Yours sincerely,Big Brother + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/evil_stick3.png b/pythonrewrite/design/logo/evil_stick3.png new file mode 100644 index 0000000..efc372c Binary files /dev/null and b/pythonrewrite/design/logo/evil_stick3.png differ diff --git a/pythonrewrite/design/logo/evil_stick3.svg b/pythonrewrite/design/logo/evil_stick3.svg new file mode 100644 index 0000000..1d59177 --- /dev/null +++ b/pythonrewrite/design/logo/evil_stick3.svg @@ -0,0 +1,909 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + + + + + + + + + + + During the course of our ongoing review of the Secure Flight program,we found that TSA did not fully disclose to the public its use of personalinformation in its fall 2004 privacy notices as required by the Privacy Act.In particular, the public was not made fully aware of, nor had theopportunity to comment on, TSA's use of personal information drawnfrom commercial sources to test aspects of the Secure Flight program.In September 2004 and November 2004, TSA issued privacy notices inthe Federal Register that included descriptions of how such informationwould be used. However, these notices did not fully inform the publicbefore testing began about the procedures that TSA and its contractorswould follow for collecting, using, and storing commercial data. Inaddition, the scope of the data used during commercial data testing wasnot fully disclosed in the notices. Specifically, a TSA contractor, acting onbehalf of the agency, collected more than 100 million commercial datarecords containing personal information such as name, date of birth, andtelephone number without informing the public. As a result of TSA'sactions, the public did not receive the full protections of the Privacy Act.Yours sincerely,Big Brother + + + + + + + + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/design/logo/vault_pingu_gross.png b/pythonrewrite/design/logo/vault_pingu_gross.png new file mode 100644 index 0000000..51c320a Binary files /dev/null and b/pythonrewrite/design/logo/vault_pingu_gross.png differ diff --git a/pythonrewrite/design/logo/vault_pingu_uncut.png b/pythonrewrite/design/logo/vault_pingu_uncut.png new file mode 100644 index 0000000..c367dd4 Binary files /dev/null and b/pythonrewrite/design/logo/vault_pingu_uncut.png differ diff --git a/pythonrewrite/doc/README b/pythonrewrite/doc/README new file mode 100644 index 0000000..7161412 --- /dev/null +++ b/pythonrewrite/doc/README @@ -0,0 +1,24 @@ +$Id$ +CryptoBox version 0.3 + +1) Documentation +The documentation is available at https://systemausfall.org/trac/cryptobox/wiki/CryptoBoxUser + +2) Building a LiveCD +try: "scripts/cbox-build.sh release" +or look at the developer's documentation: https://systemausfall.org/trac/cryptobox/wiki/CryptoBoxDev + +3) Bug reporting +Use our issue tracker at https://systemausfall.org/trac/cryptobox/newticket + +4) Licence +All scripts are GPL code (v2.0 or above). +The documentation is licenced under "Creative Commons 2.5 share-alike" (http://creativecommons.org/licenses/by-sa/2.5/). + +5) Contributors +Clavdia Horvat, Tadej Brce & Dušan Rebolj - slovenian translation + +6) Contact +email: cryptobox@systemausfall.org + +The CryptoBox project is mainly driven by sense.lab (https://systemausfall.org/senselab). diff --git a/pythonrewrite/doc/changelog b/pythonrewrite/doc/changelog new file mode 100644 index 0000000..a033861 --- /dev/null +++ b/pythonrewrite/doc/changelog @@ -0,0 +1,28 @@ +Version 0.3 - 01/??/02006 + * uses cryptsetup-luks instead of cryptsetup + * bugfix: add /dev/hdd to device scan + * support for usb, scsi and firewire cdrom drive + * seperated cryptobox package + +Version 0.2.1 - 10/22/02005 + * fixed a critical bug in the initialisation process + * default cipher changed to "aes-cbc-essiv:sha256" (more secure) + * the boot menue (grub) is now protected + * support for usb and firewire harddisks + * new kernel: Linux 2.6.12.6 + * minor language improvements + +Version 0.2 - 10/04/02005 + * first public release + * fully configurable via web interface + * AES encryption via device-mapper + * Samba v3.0.14a-3 + * Linux 2.6.11 + * based on Debian GNU/Linux 3.1 + * documentation languages: + * English + * German + * interface languages: + * English + * German + * Slovenian diff --git a/pythonrewrite/doc/copyright b/pythonrewrite/doc/copyright new file mode 100644 index 0000000..5441f59 --- /dev/null +++ b/pythonrewrite/doc/copyright @@ -0,0 +1,18 @@ +Copyright (c) 02005 sense.lab + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License as published by +the Free Software Foundation, version 2. + +This program is distributed in the hope that it will be useful, but +WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +General Public License for more details. + +You should have received a copy of the GNU General Public License with +your Debian GNU/Linux system, in /usr/share/common-licenses/GPL, or with the +Debian GNU/Linux hello source package as the file COPYING. If not, +write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +Boston, MA 02110-1301 USA + +$Id$ diff --git a/pythonrewrite/doc/html/de/CryptoBox.html b/pythonrewrite/doc/html/de/CryptoBox.html new file mode 100644 index 0000000..fe28780 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBox.html @@ -0,0 +1,132 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Neuigkeiten
    2. +
  2. Überblick
    3. +
  3. Spezifikation
    4. +
  4. Download
    5. +
  5. Für dich von uns
    6. +
  6. Von dir für andere
    7. +
  7. Entwicklung
    8. +
  8. Mitwirkende
    9. +
  9. Rechtliches
    10. +
  10. Kommentare
    11. +
+
+ +

+

Die CryptoBox

+

+English version +

+

Neuigkeiten

+
  • [14.04.02006] Leider ist codecoop.org wahrscheinlich noch bis 17. April offline. Update: der Download funktioniert wieder, die aktuellste Version findest du hier. +
  • [07.03.02006] Wir strukturieren die CryptoBox gerade um. Zukünftig wird es das CryptoBox-Webfrontend als einzelnes Paket geben, so dass du es in ein bestehendes Linuxsystem installieren kannst. stay tuned.. +
  • [30.10.02005] Die neue CryptoBox Version 0.2.1 ist verfügbar: codecoop.org +
  • [21.10.02005] Wir haben einen Fehler im Release v0.2 entdeckt, der unter bestimmten Umständen die Initialisierung fehlschlagen lässt. Die Veröffentlichung der v0.2.1 behebt diesen Fehler. Wir raten sehr, nur noch v0.2.1 und nachfolgende Versionen zu benutzen und entschuldigen uns, euch Umstände bereitet zu haben. +
  • [04.10.02005] Das erste Release (v0.2) der CryptoBox ist unter Codecoop.org verfügbar. +

Überblick

+

+Die CryptoBox ist eine Live-CD mit der sich jeder alte Rechner in Sekundenschnelle in einen verschlüsselnden Server umwandeln lässt. Damit kannst du sensible Daten speichern, ohne dass du etwas über Kryptografie wissen musst. +

+

+Damit sprechen wir hauptsächlich Menschen an, die ihre Daten (Ideen, Werke, Geheimnisse ...) auf einfachem Wege vor unbefugtem Zugriff sichern wollen. Kurzum: Privatsphäre, als grundlegendes Menschenrecht sichern! +

+

+Die Bedienung erfolgt vollständig per Webbrowser. Wirf einen Blick auf die ScreenShots. +

+

+Nutze das Web-Interface der CryptoBox in deiner Lieblingssprache: +

+
  • deutsch +
  • englisch +
  • slowenisch +

Spezifikation

+

+einige eher technische Details: +

+ +
SystemDebian GNU/Linux-basierte Live-CD +
benötigter Computer"ausrangierter" PC (i386 ab p1 mind. 32MB RAM) +
unterstützte Clients*nix; *bsd; Windows; Mac OS +
interner Fileserversamba (Netzwerkfreigaben) +
Benutzerschnittstelleper Browser bedienbares Web-Interface +
VerschlüsselungAES via device-mapper +
+

Download

+

+Wenn du die CryptoBox benutzen möchtest, kannst du ein aktuelles Image herunterladen und auf eine CD brennen. +

+

+Denk bitte daran, dass dies ein Open Source Projekt ist! Wir bitten dich deshalb, deine Erfahrungen (vor allem auch negative) im Umgang mit der CryptoBox, mit uns zu teilen. So können wir etwaige Fehler schneller beheben und letztlich der Community ein besseres "Produkt" bereitstellen. +

+
  • Zur aktuellsten Version führt dich dieser Link +
    • Vielen Dank an die Menschen der Codecoop für die Bereitstellung der Download-Möglichkeit! +

Für dich von uns

+

+Wir wollen dir, soweit wir können, beim Umgang mit der CryptoBox helfen. +

+
  • Im Nutzerhandbuch findest du eine ausführliche Hilfe. +
  • Schreibe eine eMail an cryptobox[at]systemausfall.org, wenn du weitere Fragen hast. +

Von dir für andere

+

+Du bist nicht nur Konsument. Durch deine Taten kannst du anderen Menschen helfen. + +

+
  • Wir suchen noch Übersetzungen in andere Sprachen. Wenn du dich beteiligen möchtest, wirf einen Blick in die Übersetzungen-Sektion. Dort gibt es eine "README" Datei in der genauere Beschreibungen stehen. +
  • Probleme und Anregungen kannst du in unserer Fehlerdatenbank melden. (Dabei kannst du alle Eingabefelder, die dir unklar sind, getrost ignorieren.) +

Entwicklung

+

+Beteilige dich an der Entwicklung der CryptoBox und werde reich und schön! ;)
+Nee im Ernst, wir freuen uns über jeden partizipierenden Menschen. Du wirst in einem entspannten Team reichlich Erfahrungen sammeln, eine nützliche Sache voranbringen und - wer weiß - vielleicht macht dich das auch schön.
+Trage dich einfach in die Entwickler-Mailingliste ein: cryptobox-dev-subscribe@lists.systemausfall.org und hab Spaß. +

+

+Das Mailinglisten-Archiv ist verfügbar unter https://systemausfall.org/mail-archive. +

+

+Die englischsprachige Entwickler-Doku findest du unter CryptoBoxDev. Dort wird detailiert beschrieben, wie du die Entwicklungsumgebung der CryptoBox verwenden kannst. +

+

+Unsere Enwticklungspläne kannst du dir in der Roadmap anschauen. +

+

Mitwirkende

+

+Vielen Dank an alle HelferInnen - ihr macht die CryptoBox erst richtig rund! :) +

+

+

  • Clavdia Horvat, Tadej Brce & Dušan Rebolj - slovenian translation +
  • http://codecoop.org - webspace +
+

+

Rechtliches

+
  1. Alle Skripte unterliegen der GPL - sie sind also quasi vollständig frei. +
  2. Die Dokumentation unterliegt einer Creative Commons-Lizenz, damit wird die Möglichkeit der freien Verbreitung des gesammelten Wissens gewährleistet. +
  3. Wir übernehmen keinerlei Haftung für eventuelle Folgen, die durch die Nutzung einer CryptoBox entstehen könnten. +
+

Kommentare

+

Comment by anonymous on Tue Nov 29 10:54:06 2005

+

+Ein feines Projekt! +

+

+Das würde ich gerne in meinen Server integrieren. +Ein Howto für Debian wäre nicht schlecht. +

+
+

+den Rest der Diskussion findest du in Ticket #84* +

+
+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDev.html b/pythonrewrite/doc/html/de/CryptoBoxDev.html new file mode 100644 index 0000000..98072d8 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDev.html @@ -0,0 +1,94 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Preparations for developers
    2. +
    1. Software requirements
      2. +
    2. Get the source
      3. +
    3. First build
      4. +
    4. Finished
      5. +
    5. Comments
      6. +
    +
  2. Development workflow
    3. +
    1. Preparations
      2. +
    2. Create a CryptoBox-LiveCD
      3. +
    3. Test the CryptoBox-LiveCD
      4. +
    4. Debugging and merging
      5. +
    5. Setting up a new Release
      6. +
    6. Comments
      7. +
    +
  3. Custom builds of the CryptoBox
    4. +
    1. Overview
      2. +
    2. Settings
      3. +
    3. Comments
      4. +
    +
  4. Custom configuration of the CryptoBox
    5. +
    1. Overview
      2. +
    2. Locations
      3. +
    3. Examples
      4. +
    4. Comments
      5. +
    +
  5. Validation of the CryptoBox
    6. +
    1. Overview
      2. +
    2. Validate
      3. +
    3. How to create a test
      4. +
    4. Comments
      5. +
    +
  6. Details of the CryptoBox
    7. +
    1. dfsbuild
      2. +
    2. the kernel
      3. +
    3. qemu
      4. +
    4. alternative LiveCDs
      5. +
    5. Comments
      6. +
    +
  7. Known problems
    8. +
    1. qemu
      2. +
    2. dfsbuild
      3. +
    3. Comments
      4. +
    +
+
+ +

+

+Navigation: ( CryptoBox/de, CryptoBox/en) + +

+
+

Development documentation

+

+The following pages are written for developers only.
+Users of the CryptoBox should read CryptoBoxUser instead. +

+

Source

+

+You may browse the source code. +

+

Contact

+

+Join the mailing list: cryptobox-dev-subscribe@lists.systemausfall.org. +

+

Bug reports

+

+If you think you found a bug or you get an error message, please help us to fix the problem and file a ticket (a bug report). Follow these steps: +

+
  1. Have a look at Open bugs that need to be fixed +
  2. Create a New Ticket +
+
+ + + diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevBackground.html b/pythonrewrite/doc/html/de/CryptoBoxDevBackground.html new file mode 100644 index 0000000..2c1ae1b --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevBackground.html @@ -0,0 +1,64 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. dfsbuild
    2. +
  2. the kernel
    3. +
  3. qemu
    4. +
  4. alternative LiveCDs
    5. +
  5. Comments
    6. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Details of the CryptoBox

+

dfsbuild

+

+The base system of the CryptoBox Live-CD is created by dfsbuild. +

+

+It is recommended to use some kind of caching tool for the retrieval of the debian packages (e.g.: apt-cacher, apt-proxy or approx). This saves a lot of bandwidth and time. +

+

+The documentation for dfsbuild is sparse. But it is quite unlikely, that you will get in direct contact with it, as it is wrapped by cbox-build. However the following links may help you for specific problems: +

+

the kernel

+

+The linux kernel for the CryptoBox is compiled statically. If you want to change it, you could follow this steps: +

+
  1. get the sources: apt-get install kernel-tree-2.6.11 (or the version of your choice) +
  2. copy the exisiting config file kernel/config-2.6.11 as .config into your kernel source directory +
  3. build the debian kernel package make-kpkg --revision=1.dfs --rootcmd=fakeroot kernel_image +
  4. change the kernel in the unpackdebs setting in dfs-cbox.conf (see CryptoBoxDevCustomBuild for details) +

+See source:trunk/hints/kernel-build.txt for more details. +

+

qemu

+

+Qemu is a portable system emulator. It is a convenient tool to ease the development workflow, as you do not need to burn LiveCDs for testing. +

+

alternative LiveCDs

+

+We tried some other LiveCDs before we decided to use dfsbuild. The following pages describe their advantages and disadvantages as the base system for the CryptoBox: +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevCustomBuild.html b/pythonrewrite/doc/html/de/CryptoBoxDevCustomBuild.html new file mode 100644 index 0000000..1abfd92 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevCustomBuild.html @@ -0,0 +1,85 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Settings
    3. +
    1. dfsbuild settings
      2. +
    2. CryptoBox development configuration
      3. +
    3. SSH connection
      4. +
    4. qemu network configuration
      5. +
  3. Comments
    4. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevBackground, CryptoBoxDevPreparation, CryptoBoxDevWorkFlow) + +

+
+

Custom builds of the CryptoBox

+

Overview

+

+The following sections are useful, if you want to change the default settings of your personal CryptoBox development environment. +

+

+You should have completed the steps described in CryptoBoxDevPreparation. +

+

Settings

+

dfsbuild settings

+

+All settings for dfsbuild can be found in etc-defaults.d/dfs-cbox.conf. +

+

+If you want to change any of them, you should do the following: +

+
  1. copy etc-defaults.d/dfs-cbox.conf file to etc-local.d/ +
  2. change etc-local.d/dfs-cbox.conf according to your needs +

+This allows you to use your own (personal) settings, without interfering with files under version control. +

+

CryptoBox development configuration

+

+Some settings regarding the building, configuring and validating of the CryptoBox can be found in etc-defaults.d/cbox-dev.conf. +

+

+If you want to change any of them, you should do the following: +

+
  1. copy etc-defaults.d/cbox-dev.conf file to etc-local.d/ +
  2. change etc-local.d/cbox-dev.conf according to your needs +

SSH connection

+

+The file ssh_config is used to establish a connection to a running CryptoBox system. +

+

+It can be necessary to change these settings, if: +

+
  • you do not want to use the default IP for the CryptoBox +
  • or the CryptoBox is not within your local network. +

+If you want to change some settings, you should do the following: +

+
  1. copy etc-defaults.d/ssh_config file to etc-local.d/ +
  2. change etc-local.d/ssh_config according to your needs +

qemu network configuration

+

+The file etc-defauolts.d/qemu-ifup is used for the CryptoBox emulation with qemu. See man qemu for details. +

+

+If you want to change some settings, you should do the following: +

+
  1. copy etc-defaults.d/qemu-ifup file to etc-local.d/ +
  2. change etc-local.d/qemu-ifup according to your needs +
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevCustomConfigure.html b/pythonrewrite/doc/html/de/CryptoBoxDevCustomConfigure.html new file mode 100644 index 0000000..67d3fb1 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevCustomConfigure.html @@ -0,0 +1,60 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Locations
    3. +
  3. Examples
    4. +
  4. Comments
    5. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Custom configuration of the CryptoBox

+

Overview

+

+You may change nearly every aspect of the CryptoBox by using the custom configuration hook directory. +

+

+Any script inside of this directory will be executed after the default configuration procedure (see CryptoBoxDevWorkFlow). +

+

+The order of execution is defined by the names of the scripts (alphabetically). +

+

Locations

+

+Some example customization scripts can be found in configure-examples.d/. +

+

+You may put your scripts into configure-local.d/. They will be sourced by cbox-build.sh. +

+

Examples

+

+The examples in configure-examples.d/ can be copied to configure-local.d/ and adjusted to your needs. +

+ +
set_default_ipchange the default IP address of the CryptoBox +
set_default_languageset the default language +
set_default_timeoutset the default idle time for automatic unmounting +
set_hostnamechange the default hostname +
set_root_pwchange the password of root (only useful for a development CryptoBox) +
import_authorized_keysupload a ssh key for passwordless access to a development CryptoBox +
set_scan_deviceswhere to look for usable harddisks +
+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevKnownProblems.html b/pythonrewrite/doc/html/de/CryptoBoxDevKnownProblems.html new file mode 100644 index 0000000..861b783 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevKnownProblems.html @@ -0,0 +1,46 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. qemu
    2. +
    1. interleaved files not (yet) supported
      2. +
    2. smbd: segfault
      3. +
  2. dfsbuild
    3. +
    1. can't cd to _builddir/target/var/lib/apt/lists
      2. +
  3. Comments
    4. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Known problems

+

qemu

+

interleaved files not (yet) supported

+

+You should update qemu to version 0.7 or higher. +

+

smbd: segfault

+

+This happens under certain circumstances. We do not know a solution for this problem. +

+

dfsbuild

+

can't cd to _builddir/target/var/lib/apt/lists

+

+Try to downgrade cdebootstrap to v0.3.4 (for debian: apt-get install cdebootstrap/stable). This problem occours at least up to v0.3.8 of cdebootstrap. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevPreparation.html b/pythonrewrite/doc/html/de/CryptoBoxDevPreparation.html new file mode 100644 index 0000000..849b714 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevPreparation.html @@ -0,0 +1,77 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Software requirements
    2. +
    1. Packages
      2. +
    2. Kernel
      3. +
  2. Get the source
    3. +
  3. First build
    4. +
  4. Finished
    5. +
  5. Comments
    6. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevCustomBuild, CryptoBoxDevWorkFlow) + +

+
+

Preparations for developers

+

Software requirements

+

Packages

+

+We use Debian as our development environment. This was a natural choice, as the CryptoBox-LiveCD is also based on Debian. Other distributions should work too, of course - your mileage may vary. +

+

+required: +

+

+recommended: +

+

Kernel

+

+If you want to use qemu to test your CryptoBox in a virtual environment, then you will need the tun/tap kernel feature. +

+
CONFIG_TUN=m
+

Get the source

+

+Download the latest release from our subversion-Repository: +

+
svn checkout https://svn.systemausfall.org/svn/cryptobox/trunk
+

First build

+

+run scripts/cbox-build.sh release as root - hopefully, there should be no errors :) +

+

+Hint: This step will fail, if you did not install apt-cacher. See CryptoBoxDevCustomBuild for details on how to change the build-configuration settings (in this case: mirror in dfs-cbox.conf). +

+

Finished

+

+Now you can start to pariticipate in the development of the CryptoBox or simply customize your own CryptoBox-LiveCD. +

+

+See CryptoBoxDevWorkFlow for details of how to use the developer's tools of the CryptoBox. +

+

+CryptoBoxDevCustomBuild shows some examples for local customizations of the CryptoBox. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevValidation.html b/pythonrewrite/doc/html/de/CryptoBoxDevValidation.html new file mode 100644 index 0000000..df9c2e2 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevValidation.html @@ -0,0 +1,78 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Validate
    3. +
  3. How to create a test
    4. +
  4. Comments
    5. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Validation of the CryptoBox

+

Overview

+

+The validation feature helps you to check the programming logic of the CryptoBox. A lot of test cases are defined to verify as many functions of the CryptoBox as possible. +

+

+The requests are processed with curl. +

+

+The received web page is saved to allow a later design review or css debugging. +

+

+The current state of the CryptoBox is represented by ten single values (e.g.: box is configured, IP of the box, current language setting, ...), which are invisibly a part of each html page (as comments). The returned status of every request is compared to the predicted value of the test case. +

+

+Similar test cases are pooled into test groups (e.g.: initialization, configuration and mounting). +

+

Validate

+

+Run scripts/validate.sh] to conduct all tests of all groups. See scripts/validate.sh help for other actions. +

+

+The results will be saved in validation/report. +

+

+In addition to every single retrieved page, a html page called summary-?.html is created, which contains the state checks of all tests in a group. +

+

How to create a test

+

+All test cases can be found in validation/test-cases. +

+

+Every test consists of the following files: +

+ +
input.curlthe configuration file for the curl request +
outputthe predicted state of the CryptoBox after the call +
descriptiona short description of the test (will be used for the summary) +
delay[optional] time to wait after this test +
+

+Use the existing test cases as templates for new tests. +

+

+Read validation/test-cases/README for details. +

+

+Every logical path of the web interface CGI should be validated by a test case. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxDevWorkFlow.html b/pythonrewrite/doc/html/de/CryptoBoxDevWorkFlow.html new file mode 100644 index 0000000..015bf8c --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxDevWorkFlow.html @@ -0,0 +1,156 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Preparations
    2. +
  2. Create a CryptoBox-LiveCD
    3. +
    1. Build the base system
      2. +
    2. Configure the base image
      3. +
    3. Remove development features
      4. +
    4. Create an iso image
      5. +
    5. Burn the CD
      6. +
  3. Test the CryptoBox-LiveCD
    4. +
    1. Chroot: quick & dirty tests
      2. +
    2. Qemu: nearly complete emulation
      3. +
  4. Debugging and merging
    5. +
    1. Development on a running system
      2. +
    2. Copying a testversion
      3. +
  5. Setting up a new Release
    6. +
  6. Comments
    7. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevCustomConfigure, CryptoBoxDevPreparation) + +

+
+

Development workflow

+

Preparations

+

+You should have completed the steps described in CryptoBoxDevPreparation. +

+

Create a CryptoBox-LiveCD

+

+The following steps can be executed in the order of their appearance. +

+

+Usually there is no need to repeat the whole process, after you changed some parts of the CryptoBox. Especially the first step (building of the base system with dfsbuild) may usually be skipped. +

+

+Every step of the building process must be executed as root. +

+

Build the base system

+

+Run scripts/cbox-build.sh dfsbuild to create the base system for the LiveCD. +

+

+The result can be found in _builddir/cd1/image. +

+

+If you do not want to use the apt-cacher to save bandwidth and time, then you should modify the mirror-setting in dfs-cbox.conf (see CryptoBoxDevCustomBuild for details). +

+

Configure the base image

+

+Run scripts/cbox-build.sh config to copy the CryptoBox-specific files to the base image. +

+

+TODO: link to cbox-build.sh-manpage +

+

Remove development features

+

+The original base system, that was created by dfsbuild contains a lot packages and some scripts, that are only useful during development. You should remove them, as they cause severe security implications. +

+

+To reduce the CryptoBox-LiveCD to the usable minimum for operational use, you should run scripts/cbox-build.sh harden. +

+

Create an iso image

+

+To burn a CryptoBox-LiveCD, you need an bootable iso9660-image. +

+

+Create the iso image with scripts/cbox-build.sh iso. The resulting file can be found at _builddir/cd1/cryptobox.iso. +

+

Burn the CD

+

+Do it manually: +

+
cdrecord -v dev=0,0,0 _builddir/cryptobox.iso
+

+(change the dev setting according to your setup). +

+

+Let the script do it for you: scripts/cbox-build.sh burn (maybe you have to change the CDWRITER setting in cbox-dev.conf - see CryptoBoxDevCustomBuild). +

+

+Of course, it is not wise to use CD-R media. CD-RW consume less resources. +

+

Test the CryptoBox-LiveCD

+

+This section is only useful for developers, who want to improve or change the CryptoBox system. +

+

Chroot: quick & dirty tests

+

+If you modified the perl- or shell-scripts of the CryptoBox, then you can check for syntax errors by running them in a chroot environment. Be careful: you have access to all ressources of your computer, while you are working within a chroot environment - so you can easily repartition your real disk ... +

+

+To start a chroot environment, you can execute scripts/cbox-dev.sh chroot. +

+

+For more intensive tests, you may use qemu (see below) or burn real LiveCDs - of course this would take much more time. +

+

Qemu: nearly complete emulation

+

+The processor emulator qemu allows you test the CryptoBox in a virtual environment, that is completely separated from your real computer's resources. It is the tool of choice, if you do nat have a real computer around for testing. +

+

+Beware - there are some problems, when using qemu: +

+
  • smbd does not start (segfault) +
  • ??? +

+To start a qemu emulation of the iso image, you may type: +

+
scripts/cbox-dev.sh qemu
+

Debugging and merging

+

+This section is only useful for developers, who want to develop on a running CryptoBox system (emulated or real). +

+

+You may access the CryptoBox directly or you can use ssh to open a remote session: +

+
./cbox-dev.sh ssh
+

Development on a running system

+

+When you run an emulation or test a real LiveCD, you may encounter problems and bugs. To test your fixes for these problems, it is convenient, to change the running test system. Afterwards you can merge these changes to your local development copy. +

+

+Type scripts/cbox-dev.sh diff to see the changes, you made on the running CryptoBox system. +

+

+Type scripts/cbox-dev.sh merge to merge these changes to your local working copy. +

+

Copying a testversion

+

+Alternatively you may also upload a new version of your local working copy to the running CryptoBox system. +

+

+Type scripts/cbox-dev.sh upload - beware: all recent changes you made to the running CryptoBox system, are lost. +

+

Setting up a new Release

+

+Once you finished your development, you surely want to make a new release. Please read the instructions in the releas-policy.txt it will save you a lot of time! Then you basically just have to run scripts/cbox-build.sh release and get yourself a good coffee. After the command has finished you'll see the releasefiles in _buildir. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxUser.html b/pythonrewrite/doc/html/de/CryptoBoxUser.html new file mode 100644 index 0000000..4687081 --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxUser.html @@ -0,0 +1,59 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Wie geht es los
    2. +
    1. Erste Schritte
      2. +
    2. Hinweise / Fallstricke
      3. +
    3. Kommentare
      4. +
    +
  2. Die Konfiguration deiner CryptoBox
    3. +
    1. Überblick
      2. +
    2. Vorwort
      3. +
    3. Initialisierung
      4. +
    4. Konfiguration
      5. +
    5. Hinweise / Fallstricke
      6. +
    6. Kommentare
      7. +
    +
  3. Tägliche Nutzung
    4. +
    1. Aktivieren des verschlüsselten Dateisystems
      2. +
    2. Zugriff auf die verschlüsselten Daten
      3. +
    3. Abschalten des verschlüsselten Dateisystems
      4. +
    4. Abschaltung der CryptoBox
      5. +
    5. Notfall-Abschaltung
      6. +
    6. Fragen und Antworten
      7. +
    7. Kommentare
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBox/de) + +

+
+

Nutzerhandbuch

+

+Die folgenden Seiten beschreiben die Nutzung der CryptoBox. +

+

+Die online-Version dieses Handbuchs ist ein Wiki. Das bedeutet, dass du diese Seiten verändern kannst. Falls du also Fragen oder Anregungen hast, schreibe bitte deine Anmerkungen in den Kommentar-Abschnitt am Ende der jeweiligen Seite. Die Entwickler werden deine Fragen beantworten und das Handbuch schnellstmöglich aktualisieren. Auf diese Art und Weise kannst du die Nutzbarkeit der CryptoBox für alle Nutzer verbessern! +

+
  1. CryptoBoxUserGettingStarted -- die Vorbereitung der Hardware +
  2. CryptoBoxUserConfiguration -- die Einrichtung deines neuen verschlüsselten Dateiservers +
  3. CryptoBoxUserDailyUse -- die tägliche Nutzung der CryptoBox +

+Die online-Version dieses Handbuchs befindet sich unter https://systemausfall.org/trac/cryptobox/wiki/CryptoBoxUser/de. +

+
+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxUserConfiguration.html b/pythonrewrite/doc/html/de/CryptoBoxUserConfiguration.html new file mode 100644 index 0000000..5ee43de --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxUserConfiguration.html @@ -0,0 +1,125 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Wie geht es los
    2. +
    1. Erste Schritte
      2. +
    2. Hinweise / Fallstricke
      3. +
    3. Kommentare
      4. +
    +
  2. Die Konfiguration deiner CryptoBox
    3. +
    1. Überblick
      2. +
    2. Vorwort
      3. +
    3. Initialisierung
      4. +
    4. Konfiguration
      5. +
    5. Hinweise / Fallstricke
      6. +
    6. Kommentare
      7. +
    +
  3. Tägliche Nutzung
    4. +
    1. Aktivieren des verschlüsselten Dateisystems
      2. +
    2. Zugriff auf die verschlüsselten Daten
      3. +
    3. Abschalten des verschlüsselten Dateisystems
      4. +
    4. Abschaltung der CryptoBox
      5. +
    5. Notfall-Abschaltung
      6. +
    6. Fragen und Antworten
      7. +
    7. Kommentare
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/de) + +

+
+

Die Konfiguration deiner CryptoBox

+

Überblick

+

+Alle Funktionen der CryptoBox können durch das komfortable Web-Interface bedient werden. Zur Erst-Einrichtung der CryptoBox folge einfach den folgenden Schritten. +

+

+Falls du in Eile bist, kannst du das Vorwort überspringen. +

+

+Die Initialisierung erklärt die Einrichtung der Festplatte. Dieser Schritt ist nur bei der ersten Einrichtung oder nach einem Festplattenwechsel notwendig. +

+

+Im Konfigurations-Abschnitt werden die verfügbaren Einstellungen der CryptoBox beschrieben. Hier kannst du beispielsweise die Sprache des Web-Interfaces oder die Netzwerkadresse deiner CryptoBox einstellen. +

+

+Vergiss nicht, auch den Hinweise/Fallstricke-Abschnitt zu lesen. +

+

Vorwort

+

+Du bist den Anweisungen aus CryptoBoxUserGettingStarted gefolgt und sitzt nun vor deinem Arbeits-Rechner. Nun kannst du in deinem Web-Browser das Web-Interface der CryptoBox ansteuern: https://192.168.0.23. +

+

+Bevor du Daten auf deiner CryptoBox speichern kannst, muss die Festplatte mit einem verschlüsselten Dateisystem versehen werden. Das klingt kompliziert, ist jedoch mit einem Klick erledigt. :) +

+

Initialisierung

+

+Klicke auf Initialisierung in der Menü-Zeile. +

+

+Jetzt wirst du zur Eingabe zweier Passworte aufgefordert (jeweils mit Wiederholung - zum Training deiner Tipp-Fertigkeiten ;)). +

+

+de_init.png +

+
  • Das erste Passwort ist das Administrations-Password. +
    • Es schützt die Konfiguration deiner CryptoBox. +
    • Dies ist notwendig, um zu verhindern, dass jemand unerlaubt die Daten auf deiner CryptoBox durch eine erneute Initialisierung löscht. +
    • Wahrscheinlich wirst du dieses Passwort nie wieder benötigen. +
    • Du kannst das Administrations-Passwort leer lassen - dies wird jedoch nicht empfohlen. +
  • Das Crypto-Passwort ist wesentlich wichtiger, da es der einzige Schutz der Daten auf der verschlüsselten Festplatte ist. Wähle es mit Sorgfalt! +
    • Du benötigst es, um auf deine Daten zuzugreifen. +
    • Ein sicheres Passwort sollte aus mindestens 15 Zeichen (einschließlich Ziffern und Sonderzeichen) bestehen. Die Sicherheit deiner Daten steht und fällt mit der Qualität dieses Passworts. +
  • Um dich daran zu erinnern, dass dieser Schritt die Festplatte der CryptoBox komplett löschen wird, musst du den angezeigten roten Warnhinweis im letzten Formularfeld eingeben. +
  • Nun kannst du die Initialisierung durch einen Klick auf Initialisiere die CryptoBox abschließen. +

+Das war es dann auch schon. Kryptographie war wohl nie einfacher zu verwenden, oder? ;) +

+

+Der Initialisierungsvorgang läuft nun im Hintergrund ab und wird nach wenigen Minuten (abhängig von der Größe deiner Festplatte) abgeschlossen. +

+

Konfiguration

+

+Im Gegensatz zur Initialisierung, die nur einmal durchgeführt werden muss, kannst du die Konfiguration jederzeit deinen Wünschen anpassen. Dazu klickst du einfach auf Konfiguration in der Menü-Zeile des Web-Interfaces. Nun wird dir ein Formular mit vier Feldern präsentiert: +

+

+de_config.png +

+
  • Falls du ein Administrator-Passwort während der Initialisierung festgelegt hast, musst du es nun eingeben. Andernfalls wird dieses Formularfeld nicht angezeigt. +
  • Du kannst die voreingestellte Netzwerk-Adresse (IP) verändern, falls sie nicht zu deiner Netzwerk-Struktur passt. +
  • Die Zeitabschaltung sorgt dafür, dass nach einer festgelegten Dauer von Inaktivität (in Minuten), das Crypto-Dateisystem deaktiviert wird (damit sind deine Daten wieder geschützt). Laufende Dateiübertragungen werden dadurch natürlich nicht gestört. +
    • Es ist ratsam, eine kurze Abschalt-Zeit einzustellen (wenige Minuten). +
    • Der Wert 0 deaktiviert die automatische Abschaltung. +
  • Die Sprache ist der Standard für alle Nutzer des CryptoBox-Web-Interfaces. Sie kann individuell durch die Sprach-Links am rechten oberen Bildschirmrand überschrieben werden. +

+Speichere deine neuen Einstellungen durch einen Klick auf Speichere Konfiguration. +

+

+Das ist alles - deine CryptoBox ist jetzt bereit für die tägliche Nutzung! +

+

Hinweise / Fallstricke

+
  • Alle Daten auf der Festplatte in der CryptoBox werden bei der Initialisierung gelöscht. +
  • Die Passworte müssen jeweils zweimal eingegeben werden, um die Gefahr von Tipp-Fehlern zu vermindern. +
  • Das optionale Administrations-Passwort ist nur für die Konfiguration oder eine erneute Initialisierung erforderlich. +
  • Das Crypto-Passwort beschützt deine sensiblen Daten. +
  • Falls die CryptoBox nicht über die Adresse 192.168.0.23 erreichbar ist, musst du die Netzwerk-Adresse deines Arbeits-Rechners für die Dauer der Initialisierung der CryptoBox vorübergehend ändern. +

+zurück zu CryptoBoxUser +

+
+

Kommentare

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxUserDailyUse.html b/pythonrewrite/doc/html/de/CryptoBoxUserDailyUse.html new file mode 100644 index 0000000..8f214ac --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxUserDailyUse.html @@ -0,0 +1,139 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Wie geht es los
    2. +
    1. Erste Schritte
      2. +
    2. Hinweise / Fallstricke
      3. +
    3. Kommentare
      4. +
    +
  2. Die Konfiguration deiner CryptoBox
    3. +
    1. Überblick
      2. +
    2. Vorwort
      3. +
    3. Initialisierung
      4. +
    4. Konfiguration
      5. +
    5. Hinweise / Fallstricke
      6. +
    6. Kommentare
      7. +
    +
  3. Tägliche Nutzung
    4. +
    1. Aktivieren des verschlüsselten Dateisystems
      2. +
    2. Zugriff auf die verschlüsselten Daten
      3. +
    3. Abschalten des verschlüsselten Dateisystems
      4. +
    4. Abschaltung der CryptoBox
      5. +
    5. Notfall-Abschaltung
      6. +
    6. Fragen und Antworten
      7. +
    7. Kommentare
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/de, CryptoBoxUserConfiguration/de) + +

+
+

Tägliche Nutzung

+

Aktivieren des verschlüsselten Dateisystems

+

+Du kannst dein verschlüsseltes Dateisystem mit folgenden Schritten aktivieren: +

+
  • Wähle mit deinem Web-Browser die Adresse deiner CryptoBox an. Die Voreinstellung ist https://192.168.0.23. +
  • Klicke auf Aktivieren der Crypto-Daten. Daraufhin erscheint ein Formular zur Eingabe des Crypto-Passworts. +
  • Gib dein Crypto-Passwort ein und klicke auf die darunterliegende Schaltfläche. +

+de_mount.png +

+

+Nun ist das verschlüsselte Dateisystem verfügbar. Um es zu nutzen, suche in deiner Netzwerkumgebung nach der Netzwerk-Adresse deiner CryptoBox (Voreinstellung: 192.168.0.23). Nun kannst du das Netzlaufwerk wie üblich verwenden. +

+

Zugriff auf die verschlüsselten Daten

+

Linux - Kommandozeile

+

+Um als normaler Nutzer auf die Crypto-Partition zuzugreifen, solltest du folgende Zeile zur /etc/fstab hinzufügen: +

+
//192.168.0.23/public   /mnt/    smbfs   defaults,noexec,noauto,user,guest      0       0
+

+Nun kannst du die Crypto-Partition nach /mnt mounten: +

+
mount /mnt/
+

+bzw. unmounten: +

+
smbumount /mnt
+

Windows

+

+Starte den Windows Explorer und wähle im Menü unter Extras die Option Netzlaufwerke verbinden aus. +

+

+de_w98_network_drive.png +

+

+Trage unter Pfad die Adresse des Verzeichnisse der CryptoBox ein, auf das du zugreifen willst (Standard: \\192.168.0.23\public). Soll die Verbindung beim jedem Start von Windows wiederhergestellt werden, aktiviere Verbindung beim Start wiederherstellen. +

+

+Nun kannst du auf das verschlüsselte Dateisystem wie jedes andere Laufwerk benutzen. +

+

Abschalten des verschlüsselten Dateisystems

+

+Du kannst das verschlüsselte Dateisystem abschalten, indem du in der Menü-Zeile des Web-Interfaces der CryptoBox auf Deaktivierung der Crypto-Daten klickst. +

+

+Deine Daten sind nun wieder vor jedem Zugriff geschützt. +

+

Abschaltung der CryptoBox

+

+Klicke auf System in der Menü-Zeile des Web-Interfaces. Nun kannst du zwischen Abschaltung und Neustart wählen. Die Abschaltung dauert einige Sekunden. +

+

+Falls dein CryptoBox-Rechner relativ neu ist (ungefähr ab Baujahr 02000), wird er sich nun selbständig abschalten. Andernfalls musst du dies per Hand tun. +

+

Notfall-Abschaltung

+

+Falls du deine Daten wirklich schnell vor neugierigen Augen schützen musst, dann ziehe einfach den Stecker der CryptoBox. Dies ist nicht besonders sauber und kann (in sehr seltenen Ausnahmefällen) geöffnete Dateien beschädigen. Es ist jedoch die schnellste Methode zur Sicherung deiner Daten vor unbefugtem Zugriff. +

+

+zurück zu CryptoBoxUser +

+
+

Fragen und Antworten

+

Windows: Netzlaufwerk kann nicht verbunden werden

+

+de_w98_not_logged_in.png +

+

+Erscheint diese Fehlermeldung, hast du dich beim Start von Windows nicht angemeldet bzw. das Anmeldefenster mit der Taste Esc (Escape) verschwinden lassen. Klicke auf Start und Abmelden und melde dich neu an - sobald das Anmeldefenster erscheint, klicke auf OK: +

+

+de_w98_login.png +

+

Linux: only root can unmount //192.168.0.23/public

+

+Das Unmounten der Crypto-Partition mit umount funktioniert nicht. +

+

+Lösung: Verwende stattdessen: +

+
smbumount /mnt
+

Linux: Operation not permitted / smbmnt failed: 1

+

+Der Versuch die Partition als normaler Nutzer zu mounten schlägt fehl: +

+
cannot mount on /mnt/: Operation not permitted
+smbmnt failed: 1
+

+Lösung: Das Mount-Verzeichnis muss dem selben Nutzer gehören, der den mount-Befehl ausführt (bspw. phil): +

+
chown phil. /mnt
+
+

Kommentare

+

+ +

+
diff --git a/pythonrewrite/doc/html/de/CryptoBoxUserGettingStarted.html b/pythonrewrite/doc/html/de/CryptoBoxUserGettingStarted.html new file mode 100644 index 0000000..04ffe7a --- /dev/null +++ b/pythonrewrite/doc/html/de/CryptoBoxUserGettingStarted.html @@ -0,0 +1,76 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Wie geht es los
    2. +
    1. Erste Schritte
      2. +
    2. Hinweise / Fallstricke
      3. +
    3. Kommentare
      4. +
    +
  2. Die Konfiguration deiner CryptoBox
    3. +
    1. Überblick
      2. +
    2. Vorwort
      3. +
    3. Initialisierung
      4. +
    4. Konfiguration
      5. +
    5. Hinweise / Fallstricke
      6. +
    6. Kommentare
      7. +
    +
  3. Tägliche Nutzung
    4. +
    1. Aktivieren des verschlüsselten Dateisystems
      2. +
    2. Zugriff auf die verschlüsselten Daten
      3. +
    3. Abschalten des verschlüsselten Dateisystems
      4. +
    4. Abschaltung der CryptoBox
      5. +
    5. Notfall-Abschaltung
      6. +
    6. Fragen und Antworten
      7. +
    7. Kommentare
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/de, CryptoBoxUserConfiguration/de, CryptoBoxUserDailyUse/de) + +

+
+

Wie geht es los

+

Erste Schritte

+

+Die CryptoBox ist schnell aufgebaut: +

+
  1. Du brauchst einen alten Computer (mindestens 100MHZ, 48MB RAM) (Faustregel: nach 1996 gekauft). Dazu eine passende Netzwerkkarte, ein CD-ROM Laufwerk und eine riesige Festplatte. +
    • Die Festplatte muss nicht riesig sein, je nachdem was du speichern willst, reicht auch 'ne kleine ;) +
    • Du brauchst keinen Monitor, keine Tastatur und keine Maus, um die CryptoBox zu benutzen (bzw. nur für die Erst-Einrichtung). +
    • Du kannst natürlich einen schnelleren Rechner verwenden - der unbedeutende Performance-Zuwachs wird jedoch wohl nicht durch den erhöhten Energiebedarf gerechtfertigt. +
  2. Lade die aktuellste Version der CryptoBox als iso-image herunter und brenne dieses auf einen CD-Rohling. +
  3. Konfiguriere den PC, so dass er vom CD Laufwerk bootet. Dazu solltest du im BIOS als "boot device" "CD-ROM" einstellen. +
  4. Pack die frisch gebrannte CryptoBox CD ins Laufwerk und starte den Computer. +

+Wenn der Computer jetzt von der CD startet, hast du alle Anforderungen erfüllt. +

+

+Du kannst nun zu deinem Arbeits-Rechner in demselben Netzwerk gehen und "https://192.168.0.23" ansurfen. Dort sollte die CryptoBox-Konfigurationsseite erscheinen. Ist doch kinderleicht, oder? +

+

+Die weiteren Schritte werden unter CryptoBoxUserConfiguration beschrieben. +

+

Hinweise / Fallstricke

+
  • Eventuell musst du für die Einrichtung der CryptoBox kurzzeitig deine Netzwerkaddresse (IP) ändern. Falls du nicht weißt, wie und warum, dann frage jemanden um Rat ... (wahrscheinlich klappt es aber ohne Änderungen) +
  • Falls du eine neue Festplatte kaufen willst, beachte, dass alte PCs nicht mit modernen Festplattengrößen klarkommen. +
  • Einige alte PCs können nicht vom CD-ROM-Laufwerk booten. +
  • Falls dir der Begriff "BIOS" nichts sagt, bitte Menschen um Hilfe, bevor du was veränderst ;) +
  • Vergiss nicht, den CryptoBox-Rechner ans Netzwerk anzuschliessen! +
  • Du brauchst einen Monitor und eine Tastatur für die Konfiguration des BIOS. +
+

Kommentare

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBox.html b/pythonrewrite/doc/html/en/CryptoBox.html new file mode 100644 index 0000000..9c514e5 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBox.html @@ -0,0 +1,154 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. News
    2. +
  2. Overview
    3. +
  3. Specifications
    4. +
  4. Download
    5. +
  5. What we share
    6. +
  6. What you might share
    7. +
  7. Development
    8. +
  8. Acknowledgements
    9. +
  9. Legal stuff
    10. +
  10. Comments
    11. +
+
+ +

+

The CryptoBox

+

+deutschsprachige Version +

+

News

+
  • [14/04/02006] Sorry folks, codecoop.org is temporarly down. Update: it's up and running again. Fetch the latest version here +
  • [07/03/02006] We're currently splitting the CryptoBox up in the CryptoBox-Webfrontend and the Cryptobox-CD. This will let you use the CryptoBox-Webfrontend in your favourite Linux Installation. stay tuned.. +
  • [30/10/02005] The new CryptoBox version 0.2.1 is available at codecoop.org! +
  • [21/10/02005] We discovered a bug in v0.2, which in some cases prevents the intialization of the CryptoBox. Please wait for v0.2.1 to obtain a working release. We recommend not using v0.2 and are very sorry for the inconvenience. +
  • [04/10/02005] The first release (v0.2) of the CryptoBox is available at Codecoop.org. +

Overview

+

+The CryptoBox is a Debian/Linux based live-cd. This CD boots up, starting a secure fileserver. Even non-technical users are able to store their data on its encrypted harddisk. There is no special knowledge about cryptography or servers required at all.
+The CryptoBox is fully controllable via your web browser. Have a look at the ScreenShots. +

+

+Use the web interface of the CryptoBox in your favourite language: +

+
  • English +
  • German +
  • Slovenian +

Specifications

+

+some rather technical details: +

+ +
systemDebian/Linux based Live-CD +
needed hardware "outdated" PC (i386 p1-100 32MB RAM minimum) +
supported clients*nix; *bsd; Windows; Mac OS +
fileserversamba (network shares) +
userinterfacefully remote controlled via webbrowser +
encryptionAES via device-mapper +
+

Download

+

What we share

+

+We do our best to help you using the CryptoBox. +

+
  • You can find detailed information in the user manual. +
  • For further questions write an email to cryptobox[at]systemausfall.org +

What you might share

+

+You are not just a consumer. You can help others with your knowledge. + +

+
  • We are looking for more translations. Take a look at the "README"-file in our language section. There you can find further instructions if you'd like to contribute. +
  • Open up a ticket for your feature requests and bugs. +

Development

+

Acknowledgements

+

+

  • Clavdia Horvat, Tadej Brce & Dušan Rebolj - slovenian translation +
  • http://codecoop.org - webspace +
+

+

Legal stuff

+
  1. All scripts are GPL licensed +
  2. The documentation is licensed under a Creative Commons License +
  3. We do not take any warranty for the functionality or usability of the CryptoBox. +
+

Comments

+

Comment by anonymous on Tue Nov 29 13:54:27 2005

+

+Let me just make sure I understand correctly. +The protected data is encrypted on the Cryptobox drive, +but is available in clear on the network, between the cryptobox and the user. Right? +

+
+

+see the whole discussion at ticket #83* +

+
+

Comment by anonymous on Sun Dec 4 06:51:50 2005

+

+Do you have suggestions on how to secure the file transfer in a platform independent way? +

+

+Perhaps the simplest thing to do would be make (one version of) CryptoBox be a https (secure web server). +(Instead of, or in addition to, being a samba file server). +

+

+Web browsers use encryption when they upload a file to a "https:// " web server, right? +(using a <FORM> with <INPUT type="file" name="name_of_files">, see +http://www.w3.org/TR/html4/interact/forms.html#h-17.4 +). +Then one (static) web page on that server asks users to upload files using such a form. +

+

+All https servers use encryption when they download files, right? +So another (dynamic) web page on that server lists all of that user's files. Each one is hotlinked, so the user simply clicks on it to download / view it. +

+

+Perhaps a bit kludgy, but I think even unexperienced users could figure it out. +

+
+

+see the whole discussion at ticket #83*, too +

+
+

Comment by anonymous on Sat Dec 10 12:15:55 2005

+

+What happens when there are multiple hard drives in the machine? Will it erase all? Does it combine them to one share with something like raid or lvm, or will they be mountable as different shares? I'd try myself, but I currently only have one free hdd to test with. +btw, wonderful tool, keep up the good work, and tell us if you need more testers :-) +

+
+

+If there are multiple harddisks available, then it will use only the first.
+We are going to implement an interface to manually partition harddisks and choose more than one of them for (seperated) encrypted containers. This feature should be available in the next release (v0.3).
+If you would like to help us (e.g. by testing), then you could subscribe to the mailing list. +

+
+

Comment by anonymous on Sat May 6 10:41:21 2006

+

+Could the hdd be external usb or firewire? +

+
+

+yes - version 2.1 should support usb drives (firewire will work with 3.0) +

+
+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDev.html b/pythonrewrite/doc/html/en/CryptoBoxDev.html new file mode 100644 index 0000000..4690ee3 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDev.html @@ -0,0 +1,94 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Preparations for developers
    2. +
    1. Software requirements
      2. +
    2. Get the source
      3. +
    3. First build
      4. +
    4. Finished
      5. +
    5. Comments
      6. +
    +
  2. Development workflow
    3. +
    1. Preparations
      2. +
    2. Create a CryptoBox-LiveCD
      3. +
    3. Test the CryptoBox-LiveCD
      4. +
    4. Debugging and merging
      5. +
    5. Setting up a new Release
      6. +
    6. Comments
      7. +
    +
  3. Custom builds of the CryptoBox
    4. +
    1. Overview
      2. +
    2. Settings
      3. +
    3. Comments
      4. +
    +
  4. Custom configuration of the CryptoBox
    5. +
    1. Overview
      2. +
    2. Locations
      3. +
    3. Examples
      4. +
    4. Comments
      5. +
    +
  5. Validation of the CryptoBox
    6. +
    1. Overview
      2. +
    2. Validate
      3. +
    3. How to create a test
      4. +
    4. Comments
      5. +
    +
  6. Details of the CryptoBox
    7. +
    1. dfsbuild
      2. +
    2. the kernel
      3. +
    3. qemu
      4. +
    4. alternative LiveCDs
      5. +
    5. Comments
      6. +
    +
  7. Known problems
    8. +
    1. qemu
      2. +
    2. dfsbuild
      3. +
    3. Comments
      4. +
    +
+
+ +

+

+Navigation: ( CryptoBox/de, CryptoBox/en) + +

+
+

Development documentation

+

+The following pages are written for developers only.
+Users of the CryptoBox should read CryptoBoxUser instead. +

+

Source

+

+You may browse the source code. +

+

Contact

+

+Join the mailing list: cryptobox-dev-subscribe@lists.systemausfall.org. +

+

Bug reports

+

+If you think you found a bug or you get an error message, please help us to fix the problem and file a ticket (a bug report). Follow these steps: +

+
  1. Have a look at Open bugs that need to be fixed +
  2. Create a New Ticket +
+
+ + + diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevBackground.html b/pythonrewrite/doc/html/en/CryptoBoxDevBackground.html new file mode 100644 index 0000000..9caa67c --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevBackground.html @@ -0,0 +1,64 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. dfsbuild
    2. +
  2. the kernel
    3. +
  3. qemu
    4. +
  4. alternative LiveCDs
    5. +
  5. Comments
    6. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Details of the CryptoBox

+

dfsbuild

+

+The base system of the CryptoBox Live-CD is created by dfsbuild. +

+

+It is recommended to use some kind of caching tool for the retrieval of the debian packages (e.g.: apt-cacher, apt-proxy or approx). This saves a lot of bandwidth and time. +

+

+The documentation for dfsbuild is sparse. But it is quite unlikely, that you will get in direct contact with it, as it is wrapped by cbox-build. However the following links may help you for specific problems: +

+

the kernel

+

+The linux kernel for the CryptoBox is compiled statically. If you want to change it, you could follow this steps: +

+
  1. get the sources: apt-get install kernel-tree-2.6.11 (or the version of your choice) +
  2. copy the exisiting config file kernel/config-2.6.11 as .config into your kernel source directory +
  3. build the debian kernel package make-kpkg --revision=1.dfs --rootcmd=fakeroot kernel_image +
  4. change the kernel in the unpackdebs setting in dfs-cbox.conf (see CryptoBoxDevCustomBuild for details) +

+See source:trunk/hints/kernel-build.txt for more details. +

+

qemu

+

+Qemu is a portable system emulator. It is a convenient tool to ease the development workflow, as you do not need to burn LiveCDs for testing. +

+

alternative LiveCDs

+

+We tried some other LiveCDs before we decided to use dfsbuild. The following pages describe their advantages and disadvantages as the base system for the CryptoBox: +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevCustomBuild.html b/pythonrewrite/doc/html/en/CryptoBoxDevCustomBuild.html new file mode 100644 index 0000000..f364dbe --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevCustomBuild.html @@ -0,0 +1,85 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Settings
    3. +
    1. dfsbuild settings
      2. +
    2. CryptoBox development configuration
      3. +
    3. SSH connection
      4. +
    4. qemu network configuration
      5. +
  3. Comments
    4. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevBackground, CryptoBoxDevPreparation, CryptoBoxDevWorkFlow) + +

+
+

Custom builds of the CryptoBox

+

Overview

+

+The following sections are useful, if you want to change the default settings of your personal CryptoBox development environment. +

+

+You should have completed the steps described in CryptoBoxDevPreparation. +

+

Settings

+

dfsbuild settings

+

+All settings for dfsbuild can be found in etc-defaults.d/dfs-cbox.conf. +

+

+If you want to change any of them, you should do the following: +

+
  1. copy etc-defaults.d/dfs-cbox.conf file to etc-local.d/ +
  2. change etc-local.d/dfs-cbox.conf according to your needs +

+This allows you to use your own (personal) settings, without interfering with files under version control. +

+

CryptoBox development configuration

+

+Some settings regarding the building, configuring and validating of the CryptoBox can be found in etc-defaults.d/cbox-dev.conf. +

+

+If you want to change any of them, you should do the following: +

+
  1. copy etc-defaults.d/cbox-dev.conf file to etc-local.d/ +
  2. change etc-local.d/cbox-dev.conf according to your needs +

SSH connection

+

+The file ssh_config is used to establish a connection to a running CryptoBox system. +

+

+It can be necessary to change these settings, if: +

+
  • you do not want to use the default IP for the CryptoBox +
  • or the CryptoBox is not within your local network. +

+If you want to change some settings, you should do the following: +

+
  1. copy etc-defaults.d/ssh_config file to etc-local.d/ +
  2. change etc-local.d/ssh_config according to your needs +

qemu network configuration

+

+The file etc-defauolts.d/qemu-ifup is used for the CryptoBox emulation with qemu. See man qemu for details. +

+

+If you want to change some settings, you should do the following: +

+
  1. copy etc-defaults.d/qemu-ifup file to etc-local.d/ +
  2. change etc-local.d/qemu-ifup according to your needs +
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevCustomConfigure.html b/pythonrewrite/doc/html/en/CryptoBoxDevCustomConfigure.html new file mode 100644 index 0000000..536ae8a --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevCustomConfigure.html @@ -0,0 +1,60 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Locations
    3. +
  3. Examples
    4. +
  4. Comments
    5. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Custom configuration of the CryptoBox

+

Overview

+

+You may change nearly every aspect of the CryptoBox by using the custom configuration hook directory. +

+

+Any script inside of this directory will be executed after the default configuration procedure (see CryptoBoxDevWorkFlow). +

+

+The order of execution is defined by the names of the scripts (alphabetically). +

+

Locations

+

+Some example customization scripts can be found in configure-examples.d/. +

+

+You may put your scripts into configure-local.d/. They will be sourced by cbox-build.sh. +

+

Examples

+

+The examples in configure-examples.d/ can be copied to configure-local.d/ and adjusted to your needs. +

+ +
set_default_ipchange the default IP address of the CryptoBox +
set_default_languageset the default language +
set_default_timeoutset the default idle time for automatic unmounting +
set_hostnamechange the default hostname +
set_root_pwchange the password of root (only useful for a development CryptoBox) +
import_authorized_keysupload a ssh key for passwordless access to a development CryptoBox +
set_scan_deviceswhere to look for usable harddisks +
+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevKnownProblems.html b/pythonrewrite/doc/html/en/CryptoBoxDevKnownProblems.html new file mode 100644 index 0000000..3dcc08e --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevKnownProblems.html @@ -0,0 +1,46 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. qemu
    2. +
    1. interleaved files not (yet) supported
      2. +
    2. smbd: segfault
      3. +
  2. dfsbuild
    3. +
    1. can't cd to _builddir/target/var/lib/apt/lists
      2. +
  3. Comments
    4. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Known problems

+

qemu

+

interleaved files not (yet) supported

+

+You should update qemu to version 0.7 or higher. +

+

smbd: segfault

+

+This happens under certain circumstances. We do not know a solution for this problem. +

+

dfsbuild

+

can't cd to _builddir/target/var/lib/apt/lists

+

+Try to downgrade cdebootstrap to v0.3.4 (for debian: apt-get install cdebootstrap/stable). This problem occours at least up to v0.3.8 of cdebootstrap. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevPreparation.html b/pythonrewrite/doc/html/en/CryptoBoxDevPreparation.html new file mode 100644 index 0000000..a5e9ba8 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevPreparation.html @@ -0,0 +1,77 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Software requirements
    2. +
    1. Packages
      2. +
    2. Kernel
      3. +
  2. Get the source
    3. +
  3. First build
    4. +
  4. Finished
    5. +
  5. Comments
    6. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevCustomBuild, CryptoBoxDevWorkFlow) + +

+
+

Preparations for developers

+

Software requirements

+

Packages

+

+We use Debian as our development environment. This was a natural choice, as the CryptoBox-LiveCD is also based on Debian. Other distributions should work too, of course - your mileage may vary. +

+

+required: +

+

+recommended: +

+

Kernel

+

+If you want to use qemu to test your CryptoBox in a virtual environment, then you will need the tun/tap kernel feature. +

+
CONFIG_TUN=m
+

Get the source

+

+Download the latest release from our subversion-Repository: +

+
svn checkout https://svn.systemausfall.org/svn/cryptobox/trunk
+

First build

+

+run scripts/cbox-build.sh release as root - hopefully, there should be no errors :) +

+

+Hint: This step will fail, if you did not install apt-cacher. See CryptoBoxDevCustomBuild for details on how to change the build-configuration settings (in this case: mirror in dfs-cbox.conf). +

+

Finished

+

+Now you can start to pariticipate in the development of the CryptoBox or simply customize your own CryptoBox-LiveCD. +

+

+See CryptoBoxDevWorkFlow for details of how to use the developer's tools of the CryptoBox. +

+

+CryptoBoxDevCustomBuild shows some examples for local customizations of the CryptoBox. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevValidation.html b/pythonrewrite/doc/html/en/CryptoBoxDevValidation.html new file mode 100644 index 0000000..2f62d45 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevValidation.html @@ -0,0 +1,78 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Overview
    2. +
  2. Validate
    3. +
  3. How to create a test
    4. +
  4. Comments
    5. +
+
+ +

+

+Navigation: ( CryptoBoxDev) + +

+
+

Validation of the CryptoBox

+

Overview

+

+The validation feature helps you to check the programming logic of the CryptoBox. A lot of test cases are defined to verify as many functions of the CryptoBox as possible. +

+

+The requests are processed with curl. +

+

+The received web page is saved to allow a later design review or css debugging. +

+

+The current state of the CryptoBox is represented by ten single values (e.g.: box is configured, IP of the box, current language setting, ...), which are invisibly a part of each html page (as comments). The returned status of every request is compared to the predicted value of the test case. +

+

+Similar test cases are pooled into test groups (e.g.: initialization, configuration and mounting). +

+

Validate

+

+Run scripts/validate.sh] to conduct all tests of all groups. See scripts/validate.sh help for other actions. +

+

+The results will be saved in validation/report. +

+

+In addition to every single retrieved page, a html page called summary-?.html is created, which contains the state checks of all tests in a group. +

+

How to create a test

+

+All test cases can be found in validation/test-cases. +

+

+Every test consists of the following files: +

+ +
input.curlthe configuration file for the curl request +
outputthe predicted state of the CryptoBox after the call +
descriptiona short description of the test (will be used for the summary) +
delay[optional] time to wait after this test +
+

+Use the existing test cases as templates for new tests. +

+

+Read validation/test-cases/README for details. +

+

+Every logical path of the web interface CGI should be validated by a test case. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxDevWorkFlow.html b/pythonrewrite/doc/html/en/CryptoBoxDevWorkFlow.html new file mode 100644 index 0000000..f70a97e --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxDevWorkFlow.html @@ -0,0 +1,156 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Preparations
    2. +
  2. Create a CryptoBox-LiveCD
    3. +
    1. Build the base system
      2. +
    2. Configure the base image
      3. +
    3. Remove development features
      4. +
    4. Create an iso image
      5. +
    5. Burn the CD
      6. +
  3. Test the CryptoBox-LiveCD
    4. +
    1. Chroot: quick & dirty tests
      2. +
    2. Qemu: nearly complete emulation
      3. +
  4. Debugging and merging
    5. +
    1. Development on a running system
      2. +
    2. Copying a testversion
      3. +
  5. Setting up a new Release
    6. +
  6. Comments
    7. +
+
+ +

+

+Navigation: ( CryptoBoxDev, CryptoBoxDevCustomConfigure, CryptoBoxDevPreparation) + +

+
+

Development workflow

+

Preparations

+

+You should have completed the steps described in CryptoBoxDevPreparation. +

+

Create a CryptoBox-LiveCD

+

+The following steps can be executed in the order of their appearance. +

+

+Usually there is no need to repeat the whole process, after you changed some parts of the CryptoBox. Especially the first step (building of the base system with dfsbuild) may usually be skipped. +

+

+Every step of the building process must be executed as root. +

+

Build the base system

+

+Run scripts/cbox-build.sh dfsbuild to create the base system for the LiveCD. +

+

+The result can be found in _builddir/cd1/image. +

+

+If you do not want to use the apt-cacher to save bandwidth and time, then you should modify the mirror-setting in dfs-cbox.conf (see CryptoBoxDevCustomBuild for details). +

+

Configure the base image

+

+Run scripts/cbox-build.sh config to copy the CryptoBox-specific files to the base image. +

+

+TODO: link to cbox-build.sh-manpage +

+

Remove development features

+

+The original base system, that was created by dfsbuild contains a lot packages and some scripts, that are only useful during development. You should remove them, as they cause severe security implications. +

+

+To reduce the CryptoBox-LiveCD to the usable minimum for operational use, you should run scripts/cbox-build.sh harden. +

+

Create an iso image

+

+To burn a CryptoBox-LiveCD, you need an bootable iso9660-image. +

+

+Create the iso image with scripts/cbox-build.sh iso. The resulting file can be found at _builddir/cd1/cryptobox.iso. +

+

Burn the CD

+

+Do it manually: +

+
cdrecord -v dev=0,0,0 _builddir/cryptobox.iso
+

+(change the dev setting according to your setup). +

+

+Let the script do it for you: scripts/cbox-build.sh burn (maybe you have to change the CDWRITER setting in cbox-dev.conf - see CryptoBoxDevCustomBuild). +

+

+Of course, it is not wise to use CD-R media. CD-RW consume less resources. +

+

Test the CryptoBox-LiveCD

+

+This section is only useful for developers, who want to improve or change the CryptoBox system. +

+

Chroot: quick & dirty tests

+

+If you modified the perl- or shell-scripts of the CryptoBox, then you can check for syntax errors by running them in a chroot environment. Be careful: you have access to all ressources of your computer, while you are working within a chroot environment - so you can easily repartition your real disk ... +

+

+To start a chroot environment, you can execute scripts/cbox-dev.sh chroot. +

+

+For more intensive tests, you may use qemu (see below) or burn real LiveCDs - of course this would take much more time. +

+

Qemu: nearly complete emulation

+

+The processor emulator qemu allows you test the CryptoBox in a virtual environment, that is completely separated from your real computer's resources. It is the tool of choice, if you do nat have a real computer around for testing. +

+

+Beware - there are some problems, when using qemu: +

+
  • smbd does not start (segfault) +
  • ??? +

+To start a qemu emulation of the iso image, you may type: +

+
scripts/cbox-dev.sh qemu
+

Debugging and merging

+

+This section is only useful for developers, who want to develop on a running CryptoBox system (emulated or real). +

+

+You may access the CryptoBox directly or you can use ssh to open a remote session: +

+
./cbox-dev.sh ssh
+

Development on a running system

+

+When you run an emulation or test a real LiveCD, you may encounter problems and bugs. To test your fixes for these problems, it is convenient, to change the running test system. Afterwards you can merge these changes to your local development copy. +

+

+Type scripts/cbox-dev.sh diff to see the changes, you made on the running CryptoBox system. +

+

+Type scripts/cbox-dev.sh merge to merge these changes to your local working copy. +

+

Copying a testversion

+

+Alternatively you may also upload a new version of your local working copy to the running CryptoBox system. +

+

+Type scripts/cbox-dev.sh upload - beware: all recent changes you made to the running CryptoBox system, are lost. +

+

Setting up a new Release

+

+Once you finished your development, you surely want to make a new release. Please read the instructions in the releas-policy.txt it will save you a lot of time! Then you basically just have to run scripts/cbox-build.sh release and get yourself a good coffee. After the command has finished you'll see the releasefiles in _buildir. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxUser.html b/pythonrewrite/doc/html/en/CryptoBoxUser.html new file mode 100644 index 0000000..4f8ccbc --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxUser.html @@ -0,0 +1,60 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Getting started
    2. +
    1. First Steps
      2. +
    2. Hints / Caveats
      3. +
    3. Comments
      4. +
    +
  2. Configuration of your CryptoBox
    3. +
    1. Overview
      2. +
    2. Foreword
      3. +
    3. Initialization
      4. +
    4. Configuration
      5. +
    5. Hints / Caveats
      6. +
    6. Comments
      7. +
    +
  3. Daily use of the CryptoBox
    4. +
    1. Activate your encrypted filesystem
      2. +
    2. Use your encrypted data
      3. +
    3. Deactivate your encrypted filesystem
      4. +
    4. Shut down your CryptoBox
      5. +
    5. In case of emergency
      6. +
    6. Questions and Answers
      7. +
    7. Comments
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBox/en, CryptoBoxUser) + +

+
+

User Documentation

+

+The following pages describe the easy use of the CryptoBox. +

+

+The online version of this manual is a wiki, which means you can edit the pages. So if you have a question or you perceive a description as unclear, please post it on the bottom of the relevant page. The developers will answer your questions and update the manual as fast as possible. This way you can contribute in making the CryptoBox a better experience for everyone! +

+
  1. CryptoBoxUserGettingStarted -- first steps to get the Cryptobox up and running +
  2. CryptoBoxUserConfiguration -- configure the details of your new encrypted fileserver +
  3. CryptoBoxUserDailyUse -- daily use of your CryptoBox +

+The online version of this manual can be found at https://systemausfall.org/trac/cryptobox/wiki/CryptoBoxUser/en. +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxUserConfiguration.html b/pythonrewrite/doc/html/en/CryptoBoxUserConfiguration.html new file mode 100644 index 0000000..7664310 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxUserConfiguration.html @@ -0,0 +1,125 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Getting started
    2. +
    1. First Steps
      2. +
    2. Hints / Caveats
      3. +
    3. Comments
      4. +
    +
  2. Configuration of your CryptoBox
    3. +
    1. Overview
      2. +
    2. Foreword
      3. +
    3. Initialization
      4. +
    4. Configuration
      5. +
    5. Hints / Caveats
      6. +
    6. Comments
      7. +
    +
  3. Daily use of the CryptoBox
    4. +
    1. Activate your encrypted filesystem
      2. +
    2. Use your encrypted data
      3. +
    3. Deactivate your encrypted filesystem
      4. +
    4. Shut down your CryptoBox
      5. +
    5. In case of emergency
      6. +
    6. Questions and Answers
      7. +
    7. Comments
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/en, CryptoBoxUserConfiguration) + +

+
+

Configuration of your CryptoBox

+

Overview

+

+All parts of administration of the CryptoBox are done through a comfortable web interface. If this is the first time you use the CryptoBox, just follow the steps below. +

+

+You can safely ignore the Foreword if you are in a hurry. +

+

+Initialization describes the process of integrating a new harddisk. You usually have to perform this steps if you start with a new CryptoBox or after replacing the harddisk. +

+

+In the Configuration section, you can configure the CryptoBox according to your personal needs, e.g. change your desired language for the web interface or change the IP address of the CryptoBox. +

+

+Do not forget to read the Hints / Caveats section too. +

+

Foreword

+

+Okay, you finished the CryptoBoxUserGettingStarted and are now sitting in front of a computer that is connected via network with your CryptoBox. You point a browser to "https://192.168.0.23" and the CryptoBox interface appears. +

+

+Before you can save data on your CryptoBox, its harddisk has to be formatted with a cryptographic filesystem. Sounds complicated but don't be scared - it's really a "one click" thing. :) +

+

Initialization

+

+Click on Initialize CryptoBox in the title bar. +

+

+en_init.png +

+

+Now you are promted to enter two passwords twice (because we want to train your typing skills ;). +

+
  • The first password is the administration password. +
    • It is used to protect the configuration of the CryptoBox. +
    • This is necessary to make sure, that no one without your permission can destroy your data by re-initializing the CryptoBox. +
    • Chances are good, that you will only need it once. +
    • You may leave it empty, but this is not recommended. +
  • The crypto password is the more important password, protecting the data on your harddisk. Choose it wisely! +
    • You will need it, whenever you want to access your encrypted data. +
    • For a secure password consider a length of at least 15 characters including digits and special characters. The security of your encrypted data stands or falls with a good password. +
  • To avoid mistakes and to remind you on what you're going to do, you have to type the displayed red phrase into the last field. +
  • Now you can complete the initialization by clicking on the Initialize !CryptoBox button at the bottom of the form. +

+That's all. Wasn't it a real "one click" thing? Cryptography has never been easier to use. ;) +

+

+The initialization process takes place in the background and will be completed after a few minutes, depending on your harddisk's size. +

+

Configuration

+

+While the initialization is usually done only once, the configuration can be changed at any time you want. You can reach it by clicking at Configuration in the menu bar of the website. Now you see a form with four fields: +

+

+en_config.png +

+
  • If you defined an administration password during Initialization, you have to enter it first. Otherwise this field does not appear. +
  • If the default network address (IP) doesn't fit into your network infrastructure, you can change it in the second field. +
  • The timeout defines the amount of time (in minutes) after that the CryptoBox deactivates the access to the encrypted data. If you e.g. copy a file on the box, it starts counting at zero, so down-/uploads won't be interrupted. +
  • It's good choice to enter a small number (few minutes). +
  • A timeout of 0 turns off the automatic deactivation - this is not recommended. +
  • At language preferences you can select the default language for the CryptoBox interface. +

+Complete your changes by clicking on Save configuration. +

+

+That's all - your CryptoBox is now ready for daily use! +

+

Hints / Caveats

+
  • All data on the CryptoBox harddisk will be erased during Initialization. +
  • All passwords have to be typed twice to reduce the chance of a typo. +
  • The optional adminstration password is necessary for configuration only. +
  • The crypto password protects your beloved data. +
  • If the cryptobox is not reachable by browsing to 192.168.0.23, you may have to adjust the network settings of your computer for initialization of the CryptoBox. +

+back to CryptoBoxUser +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxUserDailyUse.html b/pythonrewrite/doc/html/en/CryptoBoxUserDailyUse.html new file mode 100644 index 0000000..8d0a00d --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxUserDailyUse.html @@ -0,0 +1,138 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Getting started
    2. +
    1. First Steps
      2. +
    2. Hints / Caveats
      3. +
    3. Comments
      4. +
    +
  2. Configuration of your CryptoBox
    3. +
    1. Overview
      2. +
    2. Foreword
      3. +
    3. Initialization
      4. +
    4. Configuration
      5. +
    5. Hints / Caveats
      6. +
    6. Comments
      7. +
    +
  3. Daily use of the CryptoBox
    4. +
    1. Activate your encrypted filesystem
      2. +
    2. Use your encrypted data
      3. +
    3. Deactivate your encrypted filesystem
      4. +
    4. Shut down your CryptoBox
      5. +
    5. In case of emergency
      6. +
    6. Questions and Answers
      7. +
    7. Comments
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/en, CryptoBoxUserConfiguration/en, CryptoBoxUserDailyUse) + +

+
+

Daily use of the CryptoBox

+

Activate your encrypted filesystem

+

+You can activate your encrypted filesystem by doing following these steps: +

+
  • Point your web browser at the address of your CryptoBox. The default is https://192.168.0.23. +
  • Click on Activation of encrypted data. A new page asking for your crypto password appears. +
  • Enter your crypto password and click on the button below labeled activate encrypted filesystem. +

+Now the filesystem is accessible. To use it, search for a computer in your network neighborhood. When asked for the name, enter the above IP address (default: 192.168.0.23). Now you can use it like any other network resource. +

+

Use your encrypted data

+

Linux - command line

+

+To use the encrypted data partition with regular user rights add the line below to your /etc/fstab: +

+
//192.168.0.23/public   /mnt/    smbfs   defaults,noexec,noauto,user,guest      0       0
+

+Now you can mount the encrypted data partition to /mnt: +

+
mount /mnt
+

+resp. unmount: +

+
smbumount /mnt
+

Windows

+

+Run the the Windows Explorer and choose Map network drive in the Tools menu: +

+
  • select a drive of your choice +
  • enter \\192.168.0.23\public (default setting) as target +

+en_w98_network_drive.png +

+

+Now you can use your encrypted data like any other network resource. +

+

Deactivate your encrypted filesystem

+

+You can deactivate the encrypted filesystem by clicking at Deactivation of encrypted data in the web interface of your CryptoBox. +

+

+Your data is now protected again. +

+

Shut down your CryptoBox

+

+Click at the Shutdown link in the menu of the web interface. There you can choose poweroff or reboot. The shutdown takes some seconds. +

+

+If the hardware of your CryptoBox is quite recent, it will power-off automatically. Otherwise you have to do it manually. +

+

In case of emergency

+

+If you have to protect the drive really fast, just power-off the CryptoBox machine instantly by pulling the plug or pushing the power button. This is not very clean and can (in very rare circumstances) corrupt open files, but it is the fastest method to secure your data. +

+

+back to CryptoBoxUser +

+
+

Questions and Answers

+

Windows: network drive cannot be mapped

+

+en_w98_not_logged_in.png +

+

+This error message may appear, if you did not login during the booting of you windows machine (or you closed the login dialog by pressing ESC). +

+

+Solution: Choose Logout in the Start menu and login again. +

+

+en_w98_login.png +

+

Linux: only root can unmount //192.168.0.23/public

+

+You can't unmount the partition with umount. +

+

+Solution: Use smbumount instead: +

+
smbumount /mnt
+

Linux: Operation not permitted / smbmnt failed: 1

+

+The attempt to mount the partition as a regular user ends up with: +

+
cannot mount on /mnt/: Operation not permitted
+smbmnt failed: 1
+

+Solution: Set the directory's owner to the same user that mounts the share (e.g. phil): +

+
chown phil. /mnt
+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/doc/html/en/CryptoBoxUserGettingStarted.html b/pythonrewrite/doc/html/en/CryptoBoxUserGettingStarted.html new file mode 100644 index 0000000..3a37b84 --- /dev/null +++ b/pythonrewrite/doc/html/en/CryptoBoxUserGettingStarted.html @@ -0,0 +1,83 @@ + + + + + +
+

+

+

Table of Contents

+
    +
  1. Getting started
    2. +
    1. First Steps
      2. +
    2. Hints / Caveats
      3. +
    3. Comments
      4. +
    +
  2. Configuration of your CryptoBox
    3. +
    1. Overview
      2. +
    2. Foreword
      3. +
    3. Initialization
      4. +
    4. Configuration
      5. +
    5. Hints / Caveats
      6. +
    6. Comments
      7. +
    +
  3. Daily use of the CryptoBox
    4. +
    1. Activate your encrypted filesystem
      2. +
    2. Use your encrypted data
      3. +
    3. Deactivate your encrypted filesystem
      4. +
    4. Shut down your CryptoBox
      5. +
    5. In case of emergency
      6. +
    6. Questions and Answers
      7. +
    7. Comments
      8. +
    +
+
+ +

+

+Navigation: ( CryptoBoxUser/en, CryptoBoxUserConfiguration/en, CryptoBoxUserDailyUse/en, CryptoBoxUserGettingStarted) + +

+
+

Getting started

+

First Steps

+

+Getting the CryptoBox started doesn't take much: +

+
  1. You need an old Computer (at least 100MHz, 48MB RAM) (rule of thumb: bought at least after 1996). This PC needs a network card, a CD-ROM drive and a huge harddisk. +
    • Well the disk doesn't need to be huge, it should just suit your filestorage needs ;) +
    • You don't need a monitor or a keyboard to use your CryptoBox (with one exception, see below). +
    • Of course, you may use a faster computer, but they usually consume much more energy and do not provide signifcant advantages. +
  2. Then download the latest version of the CryptoBox as an iso-image and burn this image onto a CD. +
  3. Configure your PC, so it can boot from the CD. Therefore you have to enter the BIOS and configure the CD-ROM as boot device. +
  4. Insert the shiny new CryptoBox CD you've just burned and start the computer. +

+ +If it now boots from the CD, you accomplished all of the requirements. +

+

+Now you can just go to your current desktop computer and point your browser to https://192.168.0.23 where the CryptoBox interface should be displayed. Easy - isn't it? +

+

+For further steps go to CryptoBoxUserConfiguration. +

+

Hints / Caveats

+

+ +

+
  • Maybe you need to change the network address (IP) of your PC to configure the CryptoBox for the first time. Ask someone for help, if you don't know how and why ... +
  • If you're going to buy a new harddisk keep in mind that very old hardware can't handle current disk sizes! +
  • Some old PCs are not able to boot from CD. +
  • If you don't know what a BIOS is, better ask someone, before you try to change something. ;) +
  • Don't forget to connect your PC to your local area network! +
  • To configure the BIOS, you need a keyboard and a monitor. But this has to be done only once. +

+back to CryptoBoxUser +

+
+

Comments

+

+ +

+
diff --git a/pythonrewrite/lang/README b/pythonrewrite/lang/README new file mode 100644 index 0000000..8edf0b0 --- /dev/null +++ b/pythonrewrite/lang/README @@ -0,0 +1,28 @@ +$Id$ + +You may want to translate the CryptoBox into another language? +Most welcome! + +Existing translation can be found in the .hdf files. There are three +easy steps, that won't take longer than one hour to go through: + +1.) Download one .hdf in your preferred language (e.g. en.hdf if you're a native english speaker). + +2.) Start to change the text behind the equal sign line for line. + +3.) Send us your changed .hdf file. That's it - thank you! + + +Hints: +We are available via mail (cryptobox@systemausfall.org) for any questions. Don't worry to ask us if +something is vague. We prefer "utf" encoded hdf-files. If you don't +know what udf means - just don't care, send us your file and +everything else will be fine. You don't have to translate the whole +file, some minor parts are enough to send back. The community will do +the rest. ;) + +Again, thanks for your help! We do the Cryptobox things in our +freetime for fun and to provide an open source solution for this +special purpose. By helping us, you're taking part in this +development. + diff --git a/pythonrewrite/lang/TODO b/pythonrewrite/lang/TODO new file mode 100644 index 0000000..8afaa30 --- /dev/null +++ b/pythonrewrite/lang/TODO @@ -0,0 +1,16 @@ +$Id$ + +Here are some minor fixes that have to be done. Thanks a lot for your +help! + + +################################ slovenian ################################## + +- SuccessMessage.InitRunning contains only the first sentence +- SuccessMessage.ReBoot: add a hint for automatic redirection (3rd sentence) +- EmptyCryptoPassword: change 'Text' accordingly to English string. + +Below are some smaller changes in English sentences. Someone may change it accordingly. +- MountFailed: add 'Pleasy try again' to the end of the string. +- UmountFailed: changed 'Also close all unclean programs' to 'Close all unclean programs'. +- InitRunning: changed 'You may configure it now. You may activate the encrypted filesystem in a few minutes.' to 'You may configure it now and activate the encrypted filesystem in a few minutes.' diff --git a/pythonrewrite/lang/de.hdf b/pythonrewrite/lang/de.hdf new file mode 100644 index 0000000..4bfd1ee --- /dev/null +++ b/pythonrewrite/lang/de.hdf @@ -0,0 +1,215 @@ +Lang { + + Name = deutsch + + Status = $Id$ + + Title { + Top = Die CryptoBox + Slogan = ... und 1984 war gestern! + Init = Initialisierung der CryptoBox + Mount = Aktivierung der Crypto-Daten + Umount = Deaktivierung der Crypto-Daten + Config = Konfiguration der CryptoBox + Log = Protokoll der CryptoBox + System = System + Status = Status der CryptoBox + } + + + Text { + EnterCurrentCryptoPassword = Das Crypto-Passwort eingeben: + EnterNewCryptoPassword = Das neue Crypto-Passwort eingeben: + EnterSameCryptoPassword = Das Crypto-Passwort wiederholen: + EnterCurrentAdminPassword = Das aktuelle Admin-Passwort eingeben: + EnterNewAdminPassword = Das neue Admin-Passwort eingeben: + EnterSameAdminPassword = Das neue Admin-Passwort wiederholen: + InitWarning = Bei der Initialisierung werden ALLE DATEN auf der Festplatte GELÖSCHT! + ConfirmInitHint = Um zu bestätigen, dass du weisst, was du tust, tippe hier bitte exakt Folgendes ein: + ConfirmInit = Ja, loesche alle Daten! + PartitionInfo = Derzeitige Partitionierung der Festplatte: + IPAddress = Netzwerk-Adresse (IP) der CryptoBox: + TimeOut = Zeitabschaltung des Crypto-Dateisystems (in Minuten): + EmptyLog = Das Logbuch der CryptoBox ist leer. + SelectLanguage = Spracheinstellung: + RedirectNote = Klicke hier, falls dein Browser die automatische Weiterleitung nicht unterstützt. + ProjectHomePage = Projekt-Seite + ProjectNote = Die CryptoBox ist ein Projekt von + DoUmount = Deaktivierung des verschlüsselten Dateisystems + DoMount = Aktivierung des verschlüsselten Dateisystems + Configuration = Einstellungen + CryptoIsActive = Die Crypto-Daten sind verfügbar. + CryptoIsDown = Die Crypto-Daten sind vor jedem Zugriff geschützt. + } + + + Button { + DoInit = Initialisierung + SaveConfig = Speichere Konfiguration + Update = Aktualisieren + Mount = Crypto-Daten aktivieren + Umount = Crypto-Daten deaktivieren + Config = Einstellungen + PowerOff = ausschalten + ReBoot = neu starten + Protocol = Protokoll anzeigen + Documentation = Hilfe + Status = Status + } + + + WarningMessage { + InitNotConfirmed { + Title = Bestätigung schlug fehl + Text = Der Bestätigungssatz muss exakt eingegeben werden! + } + + EmptyCryptoPassword { + Title = Ungültiges Crypto-Passwort + Text = Du musst ein Crypto-Passwort eingeben! + } + + DifferentCryptoPasswords { + Title = Ungleiche Crypto-Passworte + Text = Die beiden Passworte müssen identisch sein, um Eingabefehler zu verhindern. + } + + DifferentAdminPasswords { + Title = Ungleiche Administrations-Passworte + Text = Die beiden Passworte müssen identisch sein, um Eingabefehler zu verhindern. + } + + WrongAdminPassword { + Title = Falsches Administrations-Passwort + Text = Das eingegebene Administrations-Passwort ist falsch. Versuche es noch einmal. + } + + MountFailed { + Title = Aktivierung schlug fehl + Text = Das verschlüsselte Dateisystem konnte nicht aktiviert werden. Wahrscheinlich war das Passwort falsch. Versuche es noch einmal. + } + + UmountFailed { + Title = Deaktivierung schlug fehl + Text = Das verschlüsselte Dateisystem konnte nicht abgeschaltet werden. Wahrscheinlich sind noch Dateien geöffnet. Schließe alle potentiell unsauberen Programme (beispielsweise die weitverbreitete Textverarbeitung). Notfalls einfach die CryptoBox ausschalten! + } + + NotInitialized { + Title = Keine Konfiguration gefunden + Text = Die CryptoBox wurde noch nicht eingerichtet. + } + + InitNotFinished { + Title = Initalisierung noch nicht abgeschlossen + Text = Die Initialisierung wird in wenigen Minuten beendet sein. Erst danach ist diese Aktion möglich. + } + + IsMounted { + Title = Bereits aktiv + Text = Das verschlüsselte Dateisystem ist bereits aktiv. + } + + NotMounted { + Title = Nicht aktiv + Text = Das verschlüsselte Dateisystem ist derzeit nicht aktiv. + } + + AlreadyConfigured { + Title = Konfiguration gefunden + Text = Die CryptoBox wurde bereits eingerichtet. Bei einer erneuten Initialisierung werden alle Daten gelöscht! + } + + InvalidLanguage { + Title = Ungültige Sprache + Text = Die ausgewählte Sprache ist nicht verfügbar! + } + + InvalidIP { + Title = Ungültige IP + Text = Die ausgewählte Netzwerkadresse ist nicht gültig! + } + + InvalidTimeOut { + Title = Ungültige Zeitabschaltung + Text = Der ausgewählte Wert der Zeitabschaltung ist nicht gültig! + } + + ConfigTimeOutFailed { + Title = Fehler beim Ändern der Zeitabschaltung + Text = Der Wert der Zeitabschaltung konnte nicht geändert werden! + } + + ConfigLanguageFailed { + Title = Fehler beim Ändern der Spracheinstellung + Text = Die Spracheinstellung konnte nicht geändert werden! + } + + ConfigIPFailed { + Title = Fehler beim Ändern der Netzwerkadresse + Text = Die Netzwerkadresse konnte nicht geändert werden! + } + + IPAddressChanged { + Title = Änderung der Netzwerk-Adresse + Text = Die Netzwerk-Adresse der CryptoBox wurde verändert. In wenigen Sekunden werden sie zu der neuen Adresse umgeleitet. + } + } + + + SuccessMessage { + InitRunning { + Title = Initialisierung läuft + Text = Die Initialisierung der CryptoBox wird im Hintergrund abgeschlossen. Du kannst die CryptoBox nun konfigurieren und das verschlüsselte Dateisystem in ein paar Minuten aktivieren. + } + + ConfigSaved { + Title = Konfiguration gespeichert + Text = Die neuen Einstellungen der CryptoBox wurden übernommem. + } + + MountDone { + Title = Crypto-Daten aktiviert + Text = Das verschlüsselte Dateisystem ist nun verfügbar. + } + + UmountDone { + Title = Crypto-Daten deaktiviert + Text = Das verschlüsselte Dateisystem ist nun vor jedem Zugriff geschützt. + } + + PowerOff { + Title = Abschaltung + Text = Die CryptoBox wird gerade heruntergefahren. In wenigen Sekunden kannst du sie ausschalten (falls dies nicht automatisch geschieht). + } + + ReBoot { + Title = Neustart + Text = Die CryptoBox wird gerade neu gestartet. In wenigen Sekunden ist sie wieder verfügbar. Bitte warte solange - du wirst automatisch weitergeleitet. + } + } + + + ErrorMessage { + + UnknownAction { + Title = Unbekannte Aktion + Text = Du hast eine undefinierte Aktion angefordert. + } + + NoSSL { + Title = Unverschlüsselte Verbindung + Text = Die CryptoBox akzeptiert nur verschlüsselte Verbindungen (https). So bleibt das Passwort vor neugierigen Augen geschützt. In wenigen Sekunden wird eine verschlüsselte Verbindung hergestellt. + } + + InitFailed { + Title = Initialisierung fehlgeschlagen + Text = Sende bitte den Inhalt des Protokolls (siehe oben) an die Entwickler der CryptoBox (cryptobox@systemausfall.org). + } + + NoHardDisk { + Title = Keine Festplatte + Text = Es wurde kein Datenträger gefunden, der zur Speicherung der verschlüsselten Daten geeignet ist. Prüfe bitte, ob beim Anschalten des Computers eine Festplatte vom BIOS erkannt wurde. + } + } + +} diff --git a/pythonrewrite/lang/en.hdf b/pythonrewrite/lang/en.hdf new file mode 100644 index 0000000..8cd6ccf --- /dev/null +++ b/pythonrewrite/lang/en.hdf @@ -0,0 +1,255 @@ +Lang { + + Name = english + + Status = $Id$ + + Title { + Top = The CryptoBox + Slogan = Privacy for the rest of us. + Init = CryptoBox initialization + Mount = Activation of encrypted data + Umount = Deactivation of encrypted data + Config = CryptoBox configuration + Log = CryptoBox logfiles + System = System + Status = Status + Volume = Properties of + } + + + Text { + EnterCurrentCryptoPassword = Enter the crypto password: + EnterNewCryptoPassword = Enter the new crypto password: + EnterSameCryptoPassword = Repeat the new crypto password: + EnterCurrentAdminPassword = Enter the current administration password: + EnterNewAdminPassword = Enter the new administration password: + EnterSameAdminPassword = Repeat the new administration password: + InitWarning = During the process of initialization ALL DATA on the disk WILL BE DELETED! + ConfirmInitHint = To confirm that you know what you are doing, please enter exactly the following sequence: + ConfirmInit = Yes, delete all data! + PartitionInfo = Current partioning of the disk: + IPAddress = Network address (IP) of the CryptoBox: + TimeOut = Timeout for deactivation of the encrypted filesystem (in minutes): + EmptyLog = The logfiles of the CryptoBox are empty. + SelectLanguage = Language preferences: + RedirectNote = Click here if your browser does not support automatic redirection. + ProjectHomePage = Website of project + ProjectNote = The CryptoBox is a project of + DoUmount = Deactivation of the encrypted filesystem + DoMount = Activation of the encrypted filesystem + Configuration = Configuration + CryptoIsActive = The encrypted data is accessible. + CryptoIsDown = The encrypted data is protected from any access. + ChoosePartition = Which container do you want to enable? + ChosenPartition = The chosen container is + ActivePartitions = The following containers are enabled + PassivePartitions = The following containers are disabled + ContainerName = Container's name: + ContainerEncryption = Enable encryption + } + + + Button { + DoInit = Initialization + SaveConfig = Save configuration + Update = Refresh + Mount = Activate filesystem + Umount = Deactivate filesystem + Config = Configuration + PowerOff = Shutdown + ReBoot = Reboot + Protocol = Show logfiles + Documentation = Help + Status = Status + System = System + ContainerNameSet = Change name + InitContainer = Initialize container + } + + + WarningMessage { + InitNotConfirmed { + Title = Confirmation failed + Text = The sentence has to be entered exactly as shown! + } + + EmptyCryptoPassword { + Title = Invalid crypto password + Text = You have to enter a crypto password! + } + + DifferentCryptoPasswords { + Title = Crypto passwords do not match + Text = Both entered passwords have to be identical to ensure this is the desired password. + } + + DifferentAdminPasswords { + Title = Administration passwords do not match + Text = Both entered passwords have to be identical to ensure this is the desired password. + } + + WrongAdminPassword { + Title = Wrong Administration password + Text = The entered administration password is wrong. Please try again. + } + + MountFailed { + Title = Activation failed + Text = The encrypted filesystem could not be activated. Probably the given password was wrong. Please try again. + } + + UmountFailed { + Title = Deactivation failed + Text = The encrypted filesystem could not be deactivated. Probably some files are still in use. Close all unclean programs (for example that widely used word processor). In case of emergency just shut down the CryptoBox! + } + + NotInitialized { + Title = No configuration found + Text = The CryptoBox has not yet been configured. + } + + InitNotFinished { + Title = Initialization not yet completed + Text = Initialization will be completed in a few minutes. After completed initialization this action will become available. + } + + IsMounted { + Title = Already active + Text = The encrypted filesystem has already been activated. + } + + NotMounted { + Title = Inactive + Text = The encrypted filesystem is currently not active. + } + + AlreadyConfigured { + Title = Configuration found + Text = The CryptoBox has already been configured. If you initialize again, all data will be deleted! + } + + InvalidLanguage { + Title = Invalid language + Text = The selected language is not available! + } + + InvalidIP { + Title = Invalid IP address + Text = The selected network address is not valid! + } + + InvalidTimeOut { + Title = Invalid timeout + Text = The selected timeout is not valid! + } + + ConfigTimeOutFailed { + Title = Error during change of timeout + Text = The timeout value could not be changed! + } + + ConfigLanguageFailed { + Title = Error during change of language preferences + Text = The language preferences could not be changed! + } + + ConfigIPFailed { + Title = Error during change of network address + Text = The network address could not be changed! + } + + IPAddressChanged { + Title = Change of network address + Text = The network address has been changed. In a few seconds you will get redirected to the new address. + } + + NoDiskAvailableForMount { + Title = No partition available + Text = There is no unused container available. Maybe all containers are already mounted? + } + + NoDiskAvailableForUmount { + Title = No partition available + Text = There is no active container available for turning off. Maybe there is no active container? + } + + InvalidDevice { + Title = Invalid device + Text = The device you have chosen is invalid! + } + + InvalidVolumeName { + Title = Changing of container's name failed + Text = The supplied new name of the container was invalid. Please try again! + } + + SetVolumeNameFailed { + Title = Changing of container's name failed + Text = Could not change the name of the container. Take a look at the log files for details. + } + + VolumeMayNotBeMounted { + Title = The container is mounted + Text = This action is not available while the container is active. Please turn it off first. + } + } + + + SuccessMessage { + InitRunning { + Title = Initialization running + Text = The initialization will be completed in background. You may configure it now and activate the encrypted filesystem in a few minutes. + } + + ConfigSaved { + Title = Configuration saved + Text = The new settings have been accepted. + } + + MountDone { + Title = Encrypted filesystem activated + Text = The encrypted filesystem is now available. + } + + UmountDone { + Title = Encrypted filesystem deactivated + Text = The encrypted filesystem is now secured from all forms of access. + } + + PowerOff { + Title = Shutdown + Text = The CryptoBox is currently going to halt. In a few seconds you can power it off (in case this does not happen automatically). + } + + ReBoot { + Title = Reboot + Text = The CryptoBox is currently rebooting. In a few seconds it will be available again. Please wait - you will get redirected, when the reboot has finished. + } + } + + + ErrorMessage { + + UnknownAction { + Title = Unknown action + Text = You have requested an undefined action. + } + + NoSSL { + Title = Unencrypted connection + Text = The CryptoBox only accepts encrypted connections (https), so the password is safe from curious eyes. The encrypted connection will be established in a few seconds. + } + + InitFailed { + Title = Initialization failed + Text = Please send the logfiles (see above) to the developers of the CryptoBox (cryptobox@systemausfall.org). + } + + NoHardDisk { + Title = No hard disk + Text = No disk suitable for an encrypted filesystem found. Please ensure the BIOS detected the disk during power-on of the computer. + } + } + +} diff --git a/pythonrewrite/lang/si.hdf b/pythonrewrite/lang/si.hdf new file mode 100644 index 0000000..2ec7a35 --- /dev/null +++ b/pythonrewrite/lang/si.hdf @@ -0,0 +1,215 @@ +Lang { + + Name = slovenščina + + Status = $Id$ + + Title { + Top = The CryptoBox + Slogan = Privatnost v vsako vas! + Init = CryptoBox zagon + Mount = Aktivacija kriptiranih podatkov + Umount = Deaktivacija kriptiranih podatkov + Config = CryptoBox konfiguracija + Log = CryptoBox dnevnik + ShutDown = Ugasni + Status = Stanje + } + + + Text { + EnterCurrentCryptoPassword = Vpišite geslo: + EnterNewCryptoPassword = Vpišite novo geslo: + EnterSameCryptoPassword = Ponovite novo geslo: + EnterCurrentAdminPassword = Vnesite trenutno obstoječe geslo administratorja/ke: + EnterNewAdminPassword = Vnesite novo geslo administratorja/ke: + EnterSameAdminPassword = Ponovite novo geslo administratorja/ke: + InitWarning = Med incializacijo bodo VSI PODATKI z vašega trdega diska IZBRISANI! + ConfirmInitHint = Vsled potrditve vaših dejanj vpišite naslednje besedilo: + ConfirmInit = Da, zbirši vse podatke! + PartitionInfo = trenutna porazdelitev trdega diska: + IPAddress = IP CryptoBoxa: + TimeOut = Čas preklica deaktivacije kriptiranega datotečnega sistema:(v minutah) + EmptyLog = Dnevnik CryptoBoxa je prazen. + SelectLanguage = Jezikovne nastavitve: + RedirectNote = Kliknite če vaš iskalnik ne podpira avtomatične preusmeritve. + ProjectHomePage = Spletna stran projekta + ProjectNote = CryptoBox je projekt + DoUmount = Deaktivacija kriptiranega datotečnega sistema + DoMount = Aktivacija kriptiranega datotečnega sistema + Configuration = Konfiguracija + CryptoIsActive = Kriptirani podatki so dostopni. + CryptoIsDown = Kriptirani podatki soso zaèiteni pred kakr nimkoli dostopom. + } + + + Button { + DoInit = Zagon CryptoBoxa + SaveConfig = Shrani konfiguracijo + Update = Osveži + Mount = Aktivacija kriptiranega datotečnega sistema + Umount = Deaktivacija kriptiranega datotečnega sistema + Config = Konfiguracija + PowerOff = Ugasni + ReBoot = Ponovni zagon + Protocol = Dnevnik + Documentation = Priročnik + Status = Stanje + } + + + WarningMessage { + InitNotConfirmed { + Title = Potrditev ni uspela + Text = Besedilo mora biti vpisano natanko kot je prikazano! + } + + EmptyCryptoPassword { + Title = Nepravilno geslo + Text = Geslo ne sme biti prazno! + } + + DifferentCryptoPasswords { + Title = Gesli se ne ujemata! + Text = Obe vnešeni gesli morata biti identični, v zagotovilo, da je vpisano željeno geslo. + } + + DifferentAdminPasswords { + Title = Administracijski gesli se ne ujemata + Text = Obe vnešeni gesli morata biti identični, v zagotovilo da je vpisano željeno geslo. + } + + WrongAdminPassword { + Title = Napačno administracijsko geslo! + Text = Vnešeno administracijsko geslo je nepravilno. Prosimo poskusite znova! + } + + MountFailed { + Title = Aktivacija ni uspela + Text = Kriptiran datotečni sistem se ni aktiviral.Po vsej verjetnosti je bilo geslo napačno. + } + + UmountFailed { + Title = Deaktivacija ni uspela + Text = Kriptiran datotečni sistem se ni aktiviral.Datoteke so morda v uporabi. Zaprite vse programe. (naprimer ta nadvse razširjen urejevalnik besedil). V primeru nuje ugasnite CryptoBox! + } + + NotInitialized { + Title = Konfiguracija ni najdena + Text = CryptoBox še ni bil konfiguriran. + } + + InitNotFinished { + Title = Zagon še ni dovršen + Text = Zagon bo dovršen v nekaj minutah. Po končanem zagonu bo ta možnost omogočena. + } + + IsMounted { + Title = Že aktivno + Text = Kriptiran datotečni sistem je že aktiviran. + } + + NotMounted { + Title = Onemogočeno + Text = Kriptiran datotečni sistem trenutno ni aktiven. + } + + AlreadyConfigured { + Title = Konfiguracija uspela + Text = CryptoBox je đe bil konfiguriran. Če ponovno zaženete bodo vsi podatki izbrisani! + } + + InvalidLanguage { + Title = Nepravilna izbira jezika + Text = Izbrani jezik ni na voljo! + } + + InvalidIP { + Title = Napačen IP naslov + Text = Izbran omrežni naslov ni veljaven! + } + + InvalidTimeOut { + Title = Nepravilen čas preklica + Text = Izbran čas preklica ni veljaven! + } + + ConfigTimeOutFailed { + Title = Napaka med spremembo časa preklica + Text = Časa preklica ne morete spremeniti! + } + + ConfigLanguageFailed { + Title = Napaka med spremembo jezikovnih nastavitev + Text = Spreminjanje jezikovnih nastavitev ni mogoče. + } + + ConfigIPFailed { + Title = Napaka med spreminjanjem omrežnega naslova. + Text = Spreminjanje omrežnega naslova ni mogoče. + } + + IPAddressChanged { + Title = Sprememba omrežnega naslova + Text = Omrežni naslov je spremenjen. V nekaj sekundah boste preusmerjeni na nov naslov. + } + } + + + SuccessMessage { + InitRunning { + Title = Zagon poteka + Text = Zagon bo dokončan v ozadju. + } + + ConfigSaved { + Title = Konfiguracija spravljena + Text = Nove nastavitve so sprejete. + } + + MountDone { + Title = Kriptiran datotečni sistem aktiviran + Text = Kriptiran datotečni sistem je na voljo. + } + + UmountDone { + Title = Kriptiran datotečni sistem deaktiviran. + Text = Kriptiran datotečni sistem je varovan pred vstopom. + } + + PowerOff { + Title = Ugasni + Text = CryptoBox se zaustavlja. V nekaj sekundah ga lahko izklopite.(v kolikor se to ne zgodi avtomatično). + } + + ReBoot { + Title = Ponovni zagon + Text = CryptoBox se zaganja. V nekaj sekundah bo zopet na voljo. + } + } + + + ErrorMessage { + + UnknownAction { + Title = Neznan zahtevek + Text = Podali ste nedefiniran zahtevek. + } + + NoSSL { + Title = Nekriptirana povezava + Text = CryptoBox sprejme le kriptirane povezave (https), da je geslo zaščiteno pred radovednimi očmi. V nekaj sekundah bo kriptirana povezava vzpostavljena. + } + + InitFailed { + Title = Zagon ni uspel + Text = Prosim pošljite dnevnik (poglejte zgoraj) razvijalcem CryptoBoxa (cryptobox@systemausfall.org). + } + + NoHardDisk { + Title = Ni trdega diska + Text = Primeren trdi disk za shranjenje kriptiranega datotečnega sistema ni zaznan. Poskrbite da bo med zagonom BIOS zaznal trdi disk. + } + } + +} diff --git a/pythonrewrite/scripts/check_languages.sh b/pythonrewrite/scripts/check_languages.sh new file mode 100755 index 0000000..502dbe9 --- /dev/null +++ b/pythonrewrite/scripts/check_languages.sh @@ -0,0 +1,26 @@ +#!/bin/sh +# +# compare the defined fields of a language file with the english translation +# +# nice for finding unavailable definitions +# +# Parameter: LANGUAGE +# (e.g. "de") +# + +set -u + +LANG_DIR=$(dirname $0)/../lang +DEFAULT_LANG=en +TMP_FILE1=/tmp/$(basename $0)-$$-1 +TMP_FILE2=/tmp/$(basename $0)-$$-2 + +[ $# -ne 1 ] && echo -e "Syntax: $(basename $0) LANGUAGE\n" >&2 && exit 1 + +grep "=" "$LANG_DIR/${DEFAULT_LANG}.hdf" | grep -v "^[[:space:]]*#" | cut -f 1 -d "=" >"$TMP_FILE1" +grep "=" "$LANG_DIR/${1}.hdf" | grep -v "^[[:space:]]*#" | cut -f 1 -d "=" >"$TMP_FILE2" + +diff -wu "$TMP_FILE1" "$TMP_FILE2" + +rm "$TMP_FILE1" "$TMP_FILE2" + diff --git a/pythonrewrite/scripts/debian b/pythonrewrite/scripts/debian new file mode 100755 index 0000000..95498a8 --- /dev/null +++ b/pythonrewrite/scripts/debian @@ -0,0 +1,49 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id: cbox-build.sh 336 2005-11-29 22:28:28Z lars $ +# +# build a debian package +# + +set -ue + +# include common functions and settings +source $(dirname $0)/common.sh.inc + +######### some settings ########### +DEB_BUILD_DIR=/tmp/cryptobox-debian-$$ +[ -e "$DEB_BUILD_DIR" ] && rm -rf "$DEB_BUILD_DIR" + +DEB_CONTROL_DIR=$ROOT_DIR/DEBIAN +DEB_PACKAGE_DIR=$ROOT_DIR/packages + +############# do it ############### + +ACTION=build +[ $# -gt 0 ] && ACTION=$1 && shift + +case "$ACTION" in + build ) + svn export "$CBOX_DEVEL_DIR" "$DEB_BUILD_DIR" >/dev/null + svn export "$DEB_CONTROL_DIR" "$DEB_BUILD_DIR/DEBIAN" >/dev/null + fakeroot dpkg-deb --build "$DEB_BUILD_DIR" "$DEB_PACKAGE_DIR" + rm -rf "$DEB_BUILD_DIR" + ;; + check ) + PACKAGE_FILE=$(find "$DEB_PACKAGE_DIR" -type f -name "cryptobox*" | grep "\.deb$" | sort -n | tail -1) + if [ -z "$PACKAGE_FILE" ] + then echo "no debian package found in $DEB_PACKAGE_DIR" + else lintian "$PACKAGE_FILE" + fi + ;; + * ) + echo "Syntax: $(basename $0) [ build | check help ]" + echo + ;; + esac + diff --git a/pythonrewrite/scripts/show_TODO.sh b/pythonrewrite/scripts/show_TODO.sh new file mode 100755 index 0000000..a2904ec --- /dev/null +++ b/pythonrewrite/scripts/show_TODO.sh @@ -0,0 +1,9 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# + +grep "TODO" $(find "$(dirname $0)/.." -type f | grep -v "\.svn" | grep -v "$(basename $0)") diff --git a/pythonrewrite/scripts/userdocexport.sh b/pythonrewrite/scripts/userdocexport.sh new file mode 100755 index 0000000..192c296 --- /dev/null +++ b/pythonrewrite/scripts/userdocexport.sh @@ -0,0 +1,135 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# export wiki pages to the cryptobox development tree +# this creates static and integrated pages +# + +set -ue + +# root directory of the cryptobox development environment +ROOT_DIR="$(dirname $0)/.." + +# retrieve these pages from the wiki +PAGES="CryptoBox CryptoBoxUser CryptoBoxUserGettingStarted + CryptoBoxUserConfiguration CryptoBoxUserDailyUse CryptoBoxDev + CryptoBoxDevPreparation CryptoBoxDevCustomBuild CryptoBoxDevWorkFlow + CryptoBoxDevValidation CryptoBoxDevCustomConfigure CryptoBoxDevBackground + CryptoBoxDevKnownProblems" +#PAGES="CryptoBox" + +# base URL +WIKI_HOST="https://systemausfall.org" +# the trailing slash is important +WIKI_URL=/trac/cryptobox/wiki/ + +CBOX_CGI="?action=doc\&page=" + +LANGUAGES="de en" + +DEST_DIR="$ROOT_DIR/doc/html" +OFFLINE_DIR="$ROOT_DIR/../live-cd/live-cd-tree.d/_offline/doc" +IMAGE_DIR="$ROOT_DIR/cbox-tree.d/var/www/cryptobox-misc" +TMP_DIR=/tmp/$(basename $0)-$$.d + +HEADER_FILE=doc_header.inc +FOOTER_FILE=doc_footer.inc + +WGET_OPTS="--quiet --no-check-certificate" + +[ ! -e "$DEST_DIR" ] && echo "$DEST_DIR does not exist" && exit 1 + +for LANG in $LANGUAGES; do + for PAGE in $PAGES; do + PAGE_SRC="$WIKI_HOST$WIKI_URL$PAGE/$LANG" + echo "Importing $PAGE/$LANG:" + + # replace sub-page-style '/' like moin does it (by '_2f') + TMP_FILE=$TMP_DIR/${PAGE}.html + mkdir -p "$TMP_DIR" + + echo " downloading the page ..." + wget $WGET_OPTS --output-document="$TMP_FILE" "$PAGE_SRC" || { echo "Downloading ($PAGE_SRC) failed!"; exit 1; } + + # check if this page exists + if grep -q "^describe $PAGE/$LANG here$" "$TMP_FILE" + then rm "$TMP_FILE" + PAGE_SRC=$(dirname $PAGE_SRC) + echo " trying to download default language page instead" + wget $WGET_OPTS --output-document="$TMP_FILE" "$PAGE_SRC" || { echo "Downloading ($PAGE_SRC) failed!" >&2; exit 1; } + # check, if there is even no default page + grep -q "^describe $PAGE/$LANG here$" "$TMP_FILE" && echo "This page ($PAGE_SRC) was not found!" >&2 && exit 1 + fi + + echo " removing header and footer ..." + # break lines before start of content + sed -i 's#
#_END_OF_HEADER_\n#' "$TMP_FILE" + # the 'edit' buttons mark the end of the page + sed -i 's#
#\n_START_OF_FOOTER_#' "$TMP_FILE" + # cut off a possible comment - section + sed -i "s#
]*\#commentpreview#\n_START_OF_FOOTER_#" "$TMP_FILE" + # remove all lines before and after "body" + sed -i '1,/_END_OF_HEADER_/d; /_START_OF_FOOTER_/,$d' "$TMP_FILE" + + # close open divs + while [ "$(grep '' "$TMP_FILE" | wc -l)" ] + do echo "
" >>"$TMP_FILE" + done + + #echo " removing link images (moin specific) ..." + # remove inter-wiki images + #sed -i 's#<[^<]*moin-inter.png[^>]*>##g' "$TMP_FILE" + # remove moin-www images + #sed -i 's#<[^<]*moin-www.png[^>]*> ##g' "$TMP_FILE" + + # not necessary, because everything is a part of the repository + #echo " downloading requisites ..." + #wget --quiet --ignore-tags=a --no-clobber --page-requisites --convert-links --no-directories --base="$WIKI_HOST$WIKI_URL" --directory-prefix="$TMP_DIR" --html-extension --force-html --input-file="$TMP_FILE" || { echo "Downloading requisites for ($PAGE_SRC) failed!"; exit 1; } + + echo " adjusting links for images ..." + sed -i "s#='[^']*/cryptobox-misc/\([^']*\)'#='/cryptobox-misc/\1'#g" "$TMP_FILE" + + echo " adjusting wiki links ..." + # redirect wiki links to cryptobox cgi + sed -i "s#=\"$WIKI_URL\([^\.]*\)\"#=\"$CBOX_CGI\1\"#g" "$TMP_FILE" + # do it twice - somehow, the "g" flag does not work (it should replace multiple occurrences on a line) + sed -i "s#=\"$WIKI_URL\([^\.]*\)\"#=\"$CBOX_CGI\1\"#g" "$TMP_FILE" + # remove language specific part of moin link + for TLANG in $LANGUAGES + do sed -i "s#=\"$CBOX_CGI\([^\"]*\)/$TLANG#=\"$CBOX_CGI\1#g" "$TMP_FILE" + done + + + # build the static pages + echo " building static doc page" + offline_file=$OFFLINE_DIR/$LANG/$(basename $TMP_FILE) + mkdir -p "$OFFLINE_DIR/$LANG" + cat "$OFFLINE_DIR/$HEADER_FILE" "$OFFLINE_DIR/$LANG/$HEADER_FILE" "$TMP_FILE" "$OFFLINE_DIR/$LANG/$FOOTER_FILE" "$OFFLINE_DIR/$FOOTER_FILE" >"$offline_file" + sed -i "s%=\"$CBOX_CGI\([^\"#]*\)%=\"\1.html%g" "$offline_file" + # do it twice - this should not be necessary + sed -i "s%=\"$CBOX_CGI\([^#\"]*\)%=\"\1.html%g" "$offline_file" + sed -i "s#='/cryptobox-misc#='../../../var/www/cryptobox-misc#g" "$offline_file" + + # split language specific part of moin link and replace it by current language + for TLANG in $LANGUAGES + do sed -i "s#=\"\([^/]*\)/${TLANG}.html\"#=\"\1.html\"#g" "$offline_file" + done + + # some last changes to the dynamic pages (must be done _after_ the static pages) + # add weblang for current language to query string + sed -i "s;=\"$CBOX_CGI\([^#\"]*\)\([#\"]\);=\"$CBOX_CGI\1\&weblang=$LANG\2;g" "$TMP_FILE" + # move cgi-doc + mv "$TMP_FILE" "$DEST_DIR/$LANG" + + echo " finished!" + done + done + +[ -n "$(find "$TMP_DIR" -type f)" ] && mv "$TMP_DIR"/* "$IMAGE_DIR" +rmdir "$TMP_DIR" diff --git a/pythonrewrite/stuff/cron-cryptobox b/pythonrewrite/stuff/cron-cryptobox new file mode 100644 index 0000000..67d9661 --- /dev/null +++ b/pythonrewrite/stuff/cron-cryptobox @@ -0,0 +1 @@ +* * * * * root [ -e /usr/lib/cryptobox/cbox-manage.sh ] && /usr/lib/cryptobox/check_smb_idle.sh diff --git a/pythonrewrite/templates/empty.cs b/pythonrewrite/templates/empty.cs new file mode 100644 index 0000000..a8716a3 --- /dev/null +++ b/pythonrewrite/templates/empty.cs @@ -0,0 +1,3 @@ + + + diff --git a/pythonrewrite/templates/error.cs b/pythonrewrite/templates/error.cs new file mode 100644 index 0000000..18ac8f1 --- /dev/null +++ b/pythonrewrite/templates/error.cs @@ -0,0 +1,3 @@ + + + diff --git a/pythonrewrite/templates/footer.cs b/pythonrewrite/templates/footer.cs new file mode 100644 index 0000000..a784024 --- /dev/null +++ b/pythonrewrite/templates/footer.cs @@ -0,0 +1,36 @@ + + + +

+ + +
+ + + + + + + + + + + + + diff --git a/pythonrewrite/templates/form_config.cs b/pythonrewrite/templates/form_config.cs new file mode 100644 index 0000000..4b94e31 --- /dev/null +++ b/pythonrewrite/templates/form_config.cs @@ -0,0 +1,34 @@ + + +
+

+ + + +


+

+ + + + +


+

+ +


+

+ + + + + +
+ diff --git a/pythonrewrite/templates/form_init.cs b/pythonrewrite/templates/form_init.cs new file mode 100644 index 0000000..3118718 --- /dev/null +++ b/pythonrewrite/templates/form_init.cs @@ -0,0 +1,27 @@ + + +

+ +
+ + +

+


+

+ + + +
+ +
+ + diff --git a/pythonrewrite/templates/form_init_partition.cs b/pythonrewrite/templates/form_init_partition.cs new file mode 100644 index 0000000..91bee8a --- /dev/null +++ b/pythonrewrite/templates/form_init_partition.cs @@ -0,0 +1,33 @@ + + +

+ + + +

+ +


+

+ +


+

+


+ +

+ + +


+

+ +

+ +

+ + diff --git a/pythonrewrite/templates/form_mount.cs b/pythonrewrite/templates/form_mount.cs new file mode 100644 index 0000000..bf5c8fd --- /dev/null +++ b/pythonrewrite/templates/form_mount.cs @@ -0,0 +1,40 @@ + + + + + + + + +

+ +
+ + + + 1 ?> +

+

+ +

:

+ + +

+

+ + + + + +
+ + + diff --git a/pythonrewrite/templates/form_system.cs b/pythonrewrite/templates/form_system.cs new file mode 100644 index 0000000..4ae64d2 --- /dev/null +++ b/pythonrewrite/templates/form_system.cs @@ -0,0 +1,29 @@ + + +

+ +

    + + +
    • + + +
    • + + +
    • + + +
    • + + +
    • + +

+ + diff --git a/pythonrewrite/templates/form_umount.cs b/pythonrewrite/templates/form_umount.cs new file mode 100644 index 0000000..3a5b2ac --- /dev/null +++ b/pythonrewrite/templates/form_umount.cs @@ -0,0 +1,37 @@ + + + + + + + + +

+ +
+ + + 1 ?> +

+

+ + +

:

+ + + + + + +
+ + + diff --git a/pythonrewrite/templates/header.cs b/pythonrewrite/templates/header.cs new file mode 100644 index 0000000..8bbf8a7 --- /dev/null +++ b/pythonrewrite/templates/header.cs @@ -0,0 +1,54 @@ + + + + + + + CryptoBox + + + + + + + + + + + 0 ?> +
+ +
+ + +
+ +
+ +
+ +
+ 0 ?> +
+ +
+ +

+

+
+ +
+ + +
+ diff --git a/pythonrewrite/templates/macros.cs b/pythonrewrite/templates/macros.cs new file mode 100644 index 0000000..e15f8c4 --- /dev/null +++ b/pythonrewrite/templates/macros.cs @@ -0,0 +1,82 @@ +
+

+

+ +

unknown warning message

+

could not find warning message: ''

+
+

+

+ +

unknown error message

+

could not find error message: ''

+
+

+

+ +

unknown success message

+

could not find success message: ''

+
0 + ?>?&=
" method="post" enctype="application/x-www-from-urlencoded" accept-charset="utf-8"> + diff --git a/pythonrewrite/templates/main.cs b/pythonrewrite/templates/main.cs new file mode 100644 index 0000000..33a2335 --- /dev/null +++ b/pythonrewrite/templates/main.cs @@ -0,0 +1,16 @@ + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/templates/nav.cs b/pythonrewrite/templates/nav.cs new file mode 100644 index 0000000..5c4efac --- /dev/null +++ b/pythonrewrite/templates/nav.cs @@ -0,0 +1,26 @@ + + + + + + + + + + + + + + + + diff --git a/pythonrewrite/templates/show_doc.cs b/pythonrewrite/templates/show_doc.cs new file mode 100644 index 0000000..4f8af80 --- /dev/null +++ b/pythonrewrite/templates/show_doc.cs @@ -0,0 +1,7 @@ + + +
+ + + +
diff --git a/pythonrewrite/templates/show_log.cs b/pythonrewrite/templates/show_log.cs new file mode 100644 index 0000000..e8b134c --- /dev/null +++ b/pythonrewrite/templates/show_log.cs @@ -0,0 +1,13 @@ + + +
+ +

+ + +

+ +

+ + +
diff --git a/pythonrewrite/templates/show_status.cs b/pythonrewrite/templates/show_status.cs new file mode 100644 index 0000000..803b281 --- /dev/null +++ b/pythonrewrite/templates/show_status.cs @@ -0,0 +1,28 @@ + + +

+ + + + +

Sorry - you should have never seen this ...

+ + + + + + + + + 0 ?> +

: +

    +
+ 0 ?> +

: +

    +
+ + diff --git a/pythonrewrite/templates/show_volume.cs b/pythonrewrite/templates/show_volume.cs new file mode 100644 index 0000000..61d7174 --- /dev/null +++ b/pythonrewrite/templates/show_volume.cs @@ -0,0 +1,71 @@ + + +

+ + + + + +

Mount container

+ +

+ + + + + + +

+
+ +

Unmount container

+ +

+ +

+ + + + + + +

Change the name of the container

+ +

+ + + +

+ + + + + + +

Reinitialize container

+ +

+ + + +

+ + + +

Some more stuff

+

For example: changing password? / backup? / access control?

+ +

Details

+

    +
  • Name of container:
    • +
  • Name of device:
    • +
  • Current status: activepassive
    • +
  • Encryption: onoff
    • + +
  • Size of container:
    • +
  • Available space of container:
    • +
  • Used space of container: /
    • + +

+ diff --git a/pythonrewrite/templates/show_volumes.cs b/pythonrewrite/templates/show_volumes.cs new file mode 100644 index 0000000..7a5d8a8 --- /dev/null +++ b/pythonrewrite/templates/show_volumes.cs @@ -0,0 +1,15 @@ + + + + + + +
+

+
+ + + + diff --git a/pythonrewrite/www-data/antlogo100px.png b/pythonrewrite/www-data/antlogo100px.png new file mode 100644 index 0000000..454709d Binary files /dev/null and b/pythonrewrite/www-data/antlogo100px.png differ diff --git a/pythonrewrite/www-data/antlogo100px_green.png b/pythonrewrite/www-data/antlogo100px_green.png new file mode 100644 index 0000000..fd1d2d9 Binary files /dev/null and b/pythonrewrite/www-data/antlogo100px_green.png differ diff --git a/pythonrewrite/www-data/antlogo100px_red.png b/pythonrewrite/www-data/antlogo100px_red.png new file mode 100644 index 0000000..18e33d4 Binary files /dev/null and b/pythonrewrite/www-data/antlogo100px_red.png differ diff --git a/pythonrewrite/www-data/backg.gif b/pythonrewrite/www-data/backg.gif new file mode 100644 index 0000000..8e37ccc Binary files /dev/null and b/pythonrewrite/www-data/backg.gif differ diff --git a/pythonrewrite/www-data/cryptobox.css b/pythonrewrite/www-data/cryptobox.css new file mode 100644 index 0000000..3fc24c1 --- /dev/null +++ b/pythonrewrite/www-data/cryptobox.css @@ -0,0 +1,424 @@ +body { + background-image: url(backg.gif); + background-position: top center; + background-attachment: fixed; + background-repeat: no-repeat; + text-align: center; + margin: 0; + padding: 0; + font-family: verdana, lucida, arial, helvetica, sans-serif; + } + +#main { + background: none; + width: 600px; + padding: 0px; + margin-left: auto; + margin-right: auto; + } + +#main h1, h2, h3 { + font-family: sans-serif, arial; + font-weight: normal; + letter-spacing: 0.05em; + color: #acacac; + font-variant: small-caps; + padding: 0 1em; + text-align: left; + } + +#main h1 { + font-size: 2em; + } + +#main h2 { + font-size: 1.5em; + } + +#main h3 { + font-size: 1.2em; + } + +#head { + width: 600px; + height: 120px; + margin: 0; + padding: 0; + background-image: url(antlogo100px.png); + background-position: top right; + background-attachment: scroll; + background-repeat: no-repeat; + } + +#head_green { + width: 600px; + height: 120px; + margin: 0; + padding: 0; + background-image: url(antlogo100px_green.png); + background-position: top right; + background-attachment: scroll; + background-repeat: no-repeat; + } + +#head_red { + width: 600px; + height: 120px; + margin: 0; + padding: 0; + background-image: url(antlogo100px_red.png); + background-position: top right; + background-attachment: scroll; + background-repeat: no-repeat; + } +#development { + font-weight: bold; +} + + +#content { + margin: 0; + padding: 0; + width: 600px; + font-size: 0.9em; + min-height: 300px; + } + +#content a { + line-height: 1.2em; + color: black; + text-decoration: none; + font-weight: bold; + font-size: 0.9em; + } + +#content a:hover { + text-decoration: underline; + } + +#content a:visited { + color: #acacac; + } + +#content p { + font-size: 0.9em; + padding: 0 1em; + text-align: justify; + } + +#menu { + text-align: center; + border-top: 1px solid #5e5e5e; + border-bottom: 1px solid #5e5e5e; + background-color: #ACE149; + } + +#menu a:link, #menu a:visited { + color: #5e5e5e; + margin: 5px; + text-decoration: none; + border: none; + padding: 4px; + font-size: 0.8em; + } + +#menu a:hover { + color: #8e8e8e; + } + +#words { + width: 565px; + padding: 1.1em 0em 1.1em 1.1em; + margin-top: 0; + } + +#words h1{ + font-size: 1.8em; + } + +#words h2{ + font-size: 1.4em; + } + +#words ol, #words ul { + font-size: 0.9em; + } + +#words ol li { + padding: 0 1em; + line-height: 1.7em; + } + +#words ul li { + padding: 0 1em; + line-height: 1.7em; + list-style-image: url(list.gif); + } + +#footer { + clear: both; + text-align: center; + border-top: 1px solid #5e5e5e; + border-bottom: 1px solid #5e5e5e; + background-color: #ACE149; + font-size: 0.8em; + color: #5e5e5e; + } + +#footer a:link, #footer a:visited { + color: #5e5e5e; + margin: 5px; + text-decoration: none; + border: none; + padding: 4px; + } + +#footer a:hover { + text-decoration: underline; + } + +#confirmtext span { + color: red; + font-weight: bold; + } + + +/* -------=-=-=- warnings, errors and success messages-=-=-=-------- */ + +#words div.warning,div.error,div.success { + margin-top: 20px; + margin-bottom: 20px; + padding-top: 10px; + padding-bottom: 15px; + color: #707070; + } + +#words .warning,.error,.success { + border: 1px dashed #808080; + text-align: center; + color: #5e5e5e; + text-decoration: none; + font-weight: bold; + font-size: 0.9em; + padding-left: 40px; + padding-right: 40px; + } + +#words .warning { + background-color: #f5f5f5; + } + +#words .error { + background-color: #f5f5f5; + } + +#words .success { +/* nice green color - but no one likes it right? + background-color: #90EE90; */ + } + +#words div.warning,div.error,div.success h1,h2 { + color: #808080; + } + +#words .warning,.error,.success a { + color: #5e5e5e; + text-decoration: none; + font-weight: bold; + font-size: 0.9em; +} + +#words .note { + text-align: center; + color: #F48659; + font-style: italic; + } + +/* ----------------------=-=-=- Forms -=-=-=--------------------- */ +/* pretty forms and buttons */ +input { + border: 1px solid #BFBFBF; + color: #949494; + background-color: white; + padding: 2px 5px 1px 5px; + font-size: 1em; + } + +input:hover { + border: 1px solid #ACE149; + color: #7DA721; + background-color: white; + font-size: 1em; + } + +textarea { + font-family: arial, verdana, helvetica, sans-serif; + font-size: 1.1em; + border: 1px solid #BFBFBF; + color: #949494; + padding: 2px 5px 1px 5px; + width: 450px; + } + +textarea:hover { + color: #7DA721; + background-color: white; + border: 1px solid #ACE149; + } + +button { + color: #5e5e5e; + background-color: #ACE149; + border: 1px solid #5e5e5e; + font-size: 0.8em; + font-weight: bold; + cursor: pointer; + margin: 2px 10px 2px 10px; + } + +button:hover { + color: #5e5e5e; + background-color: #D0F0A0; + border: 1px solid #ACE149; + font-size: 0.8em; + font-weight: bold; + cursor: pointer; + } + +#words form label { + min-width: 20em; + } + +#words form p { + text-align: center; + } + +/* -------------=-=-=- volume selection -=-=-=-------------- */ + +#volumes { + position: absolute; + float: left; + right: 5px; + left: 5px; + width: 140px; + } + +#volumes div { + height: 80px; + padding: 5px; + margin: 5px; + background-repeat: no-repeat; + background-position: center; + } + +#volumes div.active { + background-image: url(disc_red.png); + } + +#volumes div.passive { + background-image: url(disc_green.png); + } + +#volumes div.current { + border-style: dashed; + border-width: 2px; + border-color: gray; + } + +/* ------------=-=-=- language selection -=-=-=------------- */ + +#lang { + position: absolute; + float: right; + right: 5px; + top: 5px; + text-align: right; + } + +#lang a { + color: #acacac; + font-family: verdana, lucida, arial, helvetica, sans-serif; + font-size: smaller; + } + +#lang a:hover { + color: #707070; + } + + +/* ------------=-=-=- documentation -=-=-=------------- */ + +#doc ol,ul li { + text-align: left; + margin-left: 20px; + } + +#doc dl dt { + text-align: left; + margin-left: 20px; + font-style: italic; + } + +#doc h1 { + padding-top: 25px; +} + +#doc h2 { + padding-top: 20px; +} + +#doc h3 { + padding-top: 10px; + } + +/* ------------=-=-=- special things -=-=-=------------- */ + +#partition_info p, #log p.console { + margin-left: 10%; + margin-right: 10%; + font-family: monospace + text-align: left; + } + +/* ---------=-=-=-=- onscreen help -=-=-=-=--------- */ +/* not active anymore */ + +#words a.popup { + line-height: inherit; + color: inherit; + background-color: inherit; + text-decoration: inherit; + font-weight: inherit; + font-size: inherit; + } + +#words a.popup:hover { + text-decoration: inherit; + } + +#words a.popup span { + display: none; + position: fixed; + bottom: 10px; + left: 9%; + width: 80%; + background: #f0f0f0; + padding: 10px; + border-color: #e0e0e0; + border-width: 2px; + border-style: solid; + margin: 0; + } + +#words a.popup:hover span { + display: inline; + } + +#words a.popup span p { + text-align: left; + } + +#words a.popup span h3 { + color: #909090; + margin-top: 0px; + } diff --git a/pythonrewrite/www-data/disc_green.png b/pythonrewrite/www-data/disc_green.png new file mode 100644 index 0000000..887bd54 Binary files /dev/null and b/pythonrewrite/www-data/disc_green.png differ diff --git a/pythonrewrite/www-data/disc_red.png b/pythonrewrite/www-data/disc_red.png new file mode 100644 index 0000000..7ee121a Binary files /dev/null and b/pythonrewrite/www-data/disc_red.png differ diff --git a/pythonrewrite/www-data/list.gif b/pythonrewrite/www-data/list.gif new file mode 100644 index 0000000..fe15cc9 Binary files /dev/null and b/pythonrewrite/www-data/list.gif differ diff --git a/pythonrewrite/www-data/screenshots/de_config.png b/pythonrewrite/www-data/screenshots/de_config.png new file mode 100644 index 0000000..3dc3228 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_config.png differ diff --git a/pythonrewrite/www-data/screenshots/de_init.png b/pythonrewrite/www-data/screenshots/de_init.png new file mode 100644 index 0000000..abb7b2a Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_init.png differ diff --git a/pythonrewrite/www-data/screenshots/de_mount.png b/pythonrewrite/www-data/screenshots/de_mount.png new file mode 100644 index 0000000..37920b2 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_mount.png differ diff --git a/pythonrewrite/www-data/screenshots/de_w98_login.png b/pythonrewrite/www-data/screenshots/de_w98_login.png new file mode 100644 index 0000000..f7cef41 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_w98_login.png differ diff --git a/pythonrewrite/www-data/screenshots/de_w98_network_drive.png b/pythonrewrite/www-data/screenshots/de_w98_network_drive.png new file mode 100644 index 0000000..da72c6f Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_w98_network_drive.png differ diff --git a/pythonrewrite/www-data/screenshots/de_w98_not_logged_in.png b/pythonrewrite/www-data/screenshots/de_w98_not_logged_in.png new file mode 100644 index 0000000..33a6766 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/de_w98_not_logged_in.png differ diff --git a/pythonrewrite/www-data/screenshots/en_config.png b/pythonrewrite/www-data/screenshots/en_config.png new file mode 100644 index 0000000..e74b416 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/en_config.png differ diff --git a/pythonrewrite/www-data/screenshots/en_mount.png b/pythonrewrite/www-data/screenshots/en_mount.png new file mode 100644 index 0000000..eca7049 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/en_mount.png differ diff --git a/pythonrewrite/www-data/screenshots/en_w98_login.png b/pythonrewrite/www-data/screenshots/en_w98_login.png new file mode 100644 index 0000000..9ff45fb Binary files /dev/null and b/pythonrewrite/www-data/screenshots/en_w98_login.png differ diff --git a/pythonrewrite/www-data/screenshots/en_w98_network_drive.png b/pythonrewrite/www-data/screenshots/en_w98_network_drive.png new file mode 100644 index 0000000..d1e89d7 Binary files /dev/null and b/pythonrewrite/www-data/screenshots/en_w98_network_drive.png differ diff --git a/pythonrewrite/www-data/screenshots/en_w98_not_logged_in.png b/pythonrewrite/www-data/screenshots/en_w98_not_logged_in.png new file mode 100644 index 0000000..adb129a Binary files /dev/null and b/pythonrewrite/www-data/screenshots/en_w98_not_logged_in.png differ diff --git a/pythonrewrite/www-data/smile.png b/pythonrewrite/www-data/smile.png new file mode 100644 index 0000000..b51b3ff Binary files /dev/null and b/pythonrewrite/www-data/smile.png differ diff --git a/pythonrewrite/www-data/smile4.png b/pythonrewrite/www-data/smile4.png new file mode 100644 index 0000000..f8f5b52 Binary files /dev/null and b/pythonrewrite/www-data/smile4.png differ diff --git a/pythonrewrite/www-data/somerights20.gif b/pythonrewrite/www-data/somerights20.gif new file mode 100644 index 0000000..0860fa9 Binary files /dev/null and b/pythonrewrite/www-data/somerights20.gif differ