191 lines
6 KiB
Bash
191 lines
6 KiB
Bash
function create_config()
|
|
# Parameter: device
|
|
{
|
|
local device=$1
|
|
unload_config
|
|
# create the new configuration filesystem if it is not static
|
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" != "1" ]
|
|
then log_msg "Using static configuration ..."
|
|
else log_msg "Creating config filesystem ..."
|
|
"$ROOT_PERM_SCRIPT" create_config "$device"
|
|
log_msg "Mounting config partition ..."
|
|
"$ROOT_PERM_SCRIPT" mount_config "$device"
|
|
"$ROOT_PERM_SCRIPT" remount_config rw
|
|
fi
|
|
log_msg "Copying configuration defaults ..."
|
|
cp -a "$CONFIG_DEFAULTS_DIR/." "$CONFIG_DIR"
|
|
|
|
log_msg "Copying temporary certificate file to config filesystem ..."
|
|
log_msg "Setting inital values ..."
|
|
# beware: config_set_value remounts the config partition read-only
|
|
config_set_value "ip" "$(get_current_ip)"
|
|
# create database of readable names
|
|
config_set_value "names.db" ""
|
|
# create a marker to recognize a cryptobox partition
|
|
# this should be the last step, to prevent a half-initialized state
|
|
config_set_value "$CONFIG_MARKER" "$(date -I)"
|
|
}
|
|
|
|
|
|
function find_harddisk()
|
|
# look for the harddisk to be partitioned
|
|
{
|
|
local device=$(get_available_disks | head -1)
|
|
if [ -z "$device" ] ; then
|
|
log_msg "no valid harddisk for initialisation found!"
|
|
cat /proc/partitions >>"$LOG_FILE"
|
|
# do not return with an error, to avoid a failing of the script ('break on error')
|
|
# the caller of this function should handle an empty return string
|
|
fi
|
|
echo -n "$device"
|
|
}
|
|
|
|
|
|
function load_config()
|
|
{
|
|
unload_config
|
|
local status=0
|
|
# look for a configuration partition
|
|
[ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ] && \
|
|
list_partitions_of_type config | while read part && [ "$status" = 0 ]
|
|
do log_msg "configuraton found on $part"
|
|
# error check?
|
|
"$ROOT_PERM_SCRIPT" mount_config "/dev/$part"
|
|
status=1
|
|
done
|
|
if is_config_active
|
|
then return 0
|
|
else log_msg "failed to locate config partition"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
|
|
function unload_config()
|
|
{
|
|
is_config_active || return
|
|
# only try to unmount, if it is not static (the config of a live-cd is always dynamic)
|
|
if [ "$USE_SEPERATE_CONFIG_PARTITION" = "1" ]
|
|
then "$ROOT_PERM_SCRIPT" umount_config
|
|
else return 0
|
|
fi
|
|
}
|
|
|
|
|
|
# rename to "prepare_cryptobox"
|
|
function init_cryptobox()
|
|
# this is only the first part of initialisation that takes no time - good for a smooth web interface
|
|
{
|
|
local device=$(find_harddisk)
|
|
[ -z "$device" ] && log_msg 'No valid harddisk found!' && return 1
|
|
turn_off_all_crypto
|
|
unload_config || true
|
|
log_msg "Partitioning the device ($device) ..."
|
|
"$ROOT_PERM_SCRIPT" partition_disk "$device" "0,1,L \n,,L\n"
|
|
log_msg "Initializing config partition on ${device}1 ..."
|
|
# TODO: this should not be hard-coded
|
|
create_config "${device}1"
|
|
}
|
|
|
|
|
|
case "$ACTION" of
|
|
network-up )
|
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
|
then conf_ip=$(config_get_value "ip")
|
|
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
|
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
|
"$IFCONFIG" "$NET_IFACE" "$conf_ip"
|
|
fi
|
|
if [ "$EXEC_FIREWALL_RULES" = 1 ]
|
|
then log_msg "Starting the firewall ..."
|
|
"$FIREWALL_SCRIPT" start
|
|
fi
|
|
if [ "$USE_STUNNEL" = 1 ]
|
|
then # start stunnel
|
|
if [ -f "$CERT_FILE" ]
|
|
then USE_CERT=$CERT_FILE
|
|
else USE_CERT=$CERT_TEMP
|
|
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
|
|
# TODO: this could be dangerous - right?
|
|
# this is necessary, to allow www-data to copy the certificate
|
|
chown "$WEB_USER" "$CERT_TEMP"
|
|
fi
|
|
log_msg "Starting stunnel ..."
|
|
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|
|
|| echo "$USE_CERT not found - not starting stunnel"
|
|
fi
|
|
;;
|
|
network-down )
|
|
if [ "$EXEC_FIREWALL_RULES" = 1 ]
|
|
then log_msg "Stopping the firewall ..."
|
|
"$FIREWALL_SCRIPT" stop
|
|
fi
|
|
if [ "$USE_STUNNEL" = 1 ]
|
|
then log_msg "Stopping stunnel ..."
|
|
# TODO: what about a pid?
|
|
killall stunnel 2>/dev/null || true
|
|
fi
|
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
|
then log_msg "Shutting the network interface down ..."
|
|
"$IFCONFIG" "$NET_IFACE" down
|
|
fi
|
|
;;
|
|
services-up )
|
|
# the mount point has to be writeable
|
|
# this action is called as root - so we are allowed to umount
|
|
# TODO: do this only for ro-filesystem
|
|
# TODO: this way of mounting is evil
|
|
if mountpoint -q "$MNT_PARENT"
|
|
then true
|
|
else mount -t tmpfs tmpfs "$MNT_PARENT"
|
|
fi
|
|
true
|
|
;;
|
|
services-down )
|
|
# this action is called as root - so we are allowed to umount
|
|
mountpoint -q "$MNT_PARENT" && umount "$MNT_PARENT"
|
|
# TODO: we should not depend on samba and thttpd
|
|
# /etc/init.d/samba stop || true
|
|
# /etc/init.d/thttpd stop || true
|
|
true
|
|
;;
|
|
is_harddisk_available )
|
|
[ -z "$(find_harddisk)" ] && exit 1
|
|
exit 0
|
|
;;
|
|
update_ip_address )
|
|
# reconfigure the network interface to a new IP address
|
|
# wait for 5 seconds to finish present http requests
|
|
if [ "$SKIP_NETWORK_CONFIG" != 1 ]
|
|
then echo -n "sleep 5; \"$ROOT_PERM_SCRIPT\" update_network" | at now
|
|
fi
|
|
;;
|
|
poweroff )
|
|
log_msg "Turning off the CryptoBox ..."
|
|
turn_off_all_crypto
|
|
echo "poweroff" | at now
|
|
;;
|
|
reboot )
|
|
log_msg "Rebooting the CryptoBox ..."
|
|
turn_off_all_crypto
|
|
echo "reboot" | at now
|
|
;;
|
|
* )
|
|
echo "Syntax: $(basename $0) ACTION"
|
|
echo " config-up - scan for configuration partition and mount it"
|
|
echo " config-down - unmount configuration partition"
|
|
echo " network-up - enable network interface"
|
|
echo " network-down - disable network interface"
|
|
echo " services-up - run some cryptobox specific daemons"
|
|
echo " services-down - stop some cryptobox specific daemons"
|
|
echo " update_ip_address - update the network interface after reconfiguration"
|
|
echo " is_config_mounted - check, if configuration partition is mounted"
|
|
echo " box-init - initialize cryptobox (ALL data is LOST)"
|
|
echo " box-init-fg - the first part of initialization"
|
|
echo " box-init-bg - the last part of initialization (background)"
|
|
echo " is_harddisk_available - check, if there is a usable harddisk"
|
|
echo " poweroff - shutdown the cryptobox"
|
|
echo " reboot - reboot the cryptobox"
|
|
echo
|
|
;;
|
|
esac
|