cryptonas-livecd/scripts/cbox-build.sh

#!/bin/bash
#
#  Copyright (c) 02005-02006 sense.lab <devel@senselab.org.org>
#
#  License:  This script is distributed under the terms of version 2
#            of the GNU GPL. See the LICENSE file included with the package.
#
# $Id$
#
# managing our work at the cryptobox
#
# usual workflow:
#   dfsbuild	- create the image directory with dfsbuild
#   config	- apply cryptobox specific changes to the image directory
#   harden	- remove unnecessary packages and disable developer features
#   iso		- create the iso image
#   isoz	- create a compressed iso image
#   burn	- burns the image on a cd-rw
#
# final action:
#   release	- the same as "dfsbuild config harden isoz"
#
#
# problems of this script:
#  - has to run as root
#  - 'harden' is strangely integrated
#
# you may run this script with multiple arguments, e.g.:
#   cb-build.sh dfsbuild config isoz
#
# the action "release" does what it says :)
#  (all developer's features like sshd, writable templates and
#   the test-suite are deactivated, some packages get removed)
#

set -ue

# include common functions and settings
source "$(dirname $0)/common.sh.inc"


################### some settings ######################

# dfsbuild config
DFS_CONFIG=$(get_config_file dfs-cbox.conf)

# debian package of cryptobox-server
DEB_PACKAGE=$ROOT_DIR/packages/cryptobox-server.deb


####################### functions ######################

# samba fails to install if /proc/ is empty
# we force samba to skip startup during configuring
function workaround_samba_proc()
{
	# let dfsbuild start first
	sleep 15
	local DEFAULT_DIR=$IMAGE_DIR/etc/default
	mkdir -p "$DEFAULT_DIR"
	echo "exit" >"$DEFAULT_DIR/samba"
}


function run_dfsbuild()
{
	# we need a secret gpg key for apt-move/reprepro(?) - very strange
	# see: http://lists.debian.org/debian-user/2005/09/msg03288.html
	if test -z "$(gpg --list-secret-keys 2>/dev/null)"
	  then	echo "*************************************************************"
			echo "* Sorry - for some strange reason you/root need a secret    *"
			echo "* gpg key without a passphrase!                             *"
			echo "* Please create a key first: 'gpg --gen-key'                *"
			echo "*************************************************************"
			exit 1
	 fi >&2
	if [ -e "$BUILD_DIR" ]
	  then	## umount all other directories below
		mount | cut -d " " -f 3- | sed "s/ type .*$//" | grep "$IMAGE_DIR" | while read mdir
		  do	umount "$mdir"
		 done
		echo "removing the build directory ($BUILD_DIR) to guarantee a clean build ..."
		rm -r "$BUILD_DIR"
	 fi

	workaround_samba_proc &

	# build the target directory
	LANG=C dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR/" 
	
	# remove iso image of dfsbuild - it is not necessary
	[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"

	# finish package installation
	echo "dpkg --configure --pending" | chroot_image
}


function create_uncompressed_iso()
{
	# check for a mounted procfs
	mount | grep -q " $IMAGE_DIR/proc " && umount "$IMAGE_DIR/proc"
	echo "Creating the iso ..."
	mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
}


function create_compressed_iso()
{
	# check for a mounted procfs
	mount | grep -q " $IMAGE_DIR/proc " && umount "$IMAGE_DIR/proc"
	echo "Creating the compressed iso ..."
	[ -e "$IMAGEZ_DIR" ] && rm -r "$IMAGEZ_DIR"
	mkdir "$IMAGEZ_DIR"
	for a in $(ls "$IMAGE_DIR")
		do	if echo "$UNCOMPRESSED_ITEMS" | grep -q -w "$a"
				then	echo "	Copying uncompressed item: $a ..."
					cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"
				else	if [ -h "$IMAGE_DIR/$a" ]
						then	echo "	Copying link: $a ..."
							cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"
						else	echo "	Compressing item: $a ..."
							mkzftree "$IMAGE_DIR/$a" "$IMAGEZ_DIR/$a"
					  fi
			  fi
	  done
	mkisofs -z $MKISOFS_OPTIONS -o "$IMAGEZ_FILE" "$IMAGEZ_DIR"
}


function configure_cb()
{
	if [ ! -e "$IMAGE_DIR" ]; then 
		echo -e "Directory \"$IMAGE_DIR\" not found!"
		echo -e "Did you run \"$0 dfsbuild\"?" 
		exit 1
	fi

	echo "Copying files to the box ..."
		svn export --force "$TEMPLATE_DIR/." "$IMAGE_DIR"
	
	echo "Configuring the cryptobox ..."
		echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh normal" | chroot_image
	
	# source local configure scripts
	[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
	  find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
	     do	echo "Sourcing custom configure script $(basename $file) ..."
		# execute it in its own environment (to be safe)
		# 'source' implicitly imports all current settings
		# indent these lines to improve the output
		( source "$file" ) 2>&1 | sed 's/^/\t/'
	done
}


function install_package()
{
	## first disable automatic startup to avoid conflicts with local servers
	local conf_file=$IMAGE_DIR/etc/default/cryptobox-server
	test -e "$conf_file" && sed -i 's/^NO_START=.*$/NO_START=1/' "$conf_file"
	local chroot_deb_file=/cryptobox-server.deb
	cp "$DEB_PACKAGE" "$IMAGE_DIR$chroot_deb_file"
	echo "dpkg -i $chroot_deb_file" | chroot_image
	rm "$IMAGE_DIR$chroot_deb_file"
}


function blanknburn_cdrw()
{
	cdrecord -v dev=$CDWRITER blank=fast
	if [ -e "$IMAGEZ_FILE" ]; then
		cdrecord -v dev=$CDWRITER $IMAGEZ_FILE
	elif [ -e "IMAGE_FILE" ]; then
		cdrecord -v dev=$CDWRITER $IMAGE_FILE
	else
		echo "can't find CryptoBox image to burn" && exit 1
	fi
}


################ do it! ######################

[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"

# initialize local directories (easier for users)
for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR
	do	[ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"
done

# check for uid=0 (necessary for all operations)
[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1

while [ $# -gt 0 ]
  do	case "$1" in
	dfsbuild )
		# check if we are in ROOT_DIR - otherwise we will have problems with
		# relative paths in dfs-box.conf
		[ "$ROOT_DIR" -ef "$(pwd)" ] || error_die 1 "Sorry: you have to run $0 while you are in '$ROOT_DIR'!"
		run_dfsbuild
		;;
	config )
		install_package
		configure_cb normal
		;;
	iso )
		create_uncompressed_iso
		;;
	isoz )
		create_compressed_iso
		;;
	harden )
		echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh normal" | chroot_image
		echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh secure" | chroot_image
		;;
	burn )
		blanknburn_cdrw
		;;
	release )
		"$0" dfsbuild config harden isoz
		md5sum $IMAGEZ_FILE > ${IMAGEZ_FILE}.md5sum
		sha1sum $IMAGEZ_FILE > ${IMAGEZ_FILE}.sha1sum
		;;
	help|--help )
		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | isoz | burn | help )"
		echo "  (you may specify more than one action)"
		echo
		;;
	* )
		echo -e "unknown action: $1"
		echo
		$0 help
		exit 1
		;;
	esac
	shift
  done
Created new branch for Debian Live live-cd build system development. This commit includes the default configuration files, which don't work with Debian "etch". 2008-06-09 02:10:03 +02:00			`#!/bin/bash`
			`#`
			`# Copyright (c) 02005-02006 sense.lab <devel@senselab.org.org>`
			`#`
			`# License: This script is distributed under the terms of version 2`
			`# of the GNU GPL. See the LICENSE file included with the package.`
			`#`
			`# $Id$`
			`#`
			`# managing our work at the cryptobox`
			`#`
			`# usual workflow:`
			`# dfsbuild - create the image directory with dfsbuild`
			`# config - apply cryptobox specific changes to the image directory`
			`# harden - remove unnecessary packages and disable developer features`
			`# iso - create the iso image`
			`# isoz - create a compressed iso image`
			`# burn - burns the image on a cd-rw`
			`#`
			`# final action:`
			`# release - the same as "dfsbuild config harden isoz"`
			`#`
			`#`
			`# problems of this script:`
			`# - has to run as root`
			`# - 'harden' is strangely integrated`
			`#`
			`# you may run this script with multiple arguments, e.g.:`
			`# cb-build.sh dfsbuild config isoz`
			`#`
			`# the action "release" does what it says :)`
			`# (all developer's features like sshd, writable templates and`
			`# the test-suite are deactivated, some packages get removed)`
			`#`

			`set -ue`

			`# include common functions and settings`
			`source "$(dirname $0)/common.sh.inc"`


			`################### some settings ######################`

			`# dfsbuild config`
			`DFS_CONFIG=$(get_config_file dfs-cbox.conf)`

			`# debian package of cryptobox-server`
			`DEB_PACKAGE=$ROOT_DIR/packages/cryptobox-server.deb`


			`####################### functions ######################`

			`# samba fails to install if /proc/ is empty`
			`# we force samba to skip startup during configuring`
			`function workaround_samba_proc()`
			`{`
			`# let dfsbuild start first`
			`sleep 15`
			`local DEFAULT_DIR=$IMAGE_DIR/etc/default`
			`mkdir -p "$DEFAULT_DIR"`
			`echo "exit" >"$DEFAULT_DIR/samba"`
			`}`


			`function run_dfsbuild()`
			`{`
			`# we need a secret gpg key for apt-move/reprepro(?) - very strange`
			`# see: http://lists.debian.org/debian-user/2005/09/msg03288.html`
			`if test -z "$(gpg --list-secret-keys 2>/dev/null)"`
			`then echo "*************************************************************"`
			`echo "* Sorry - for some strange reason you/root need a secret *"`
			`echo "* gpg key without a passphrase! *"`
			`echo "* Please create a key first: 'gpg --gen-key' *"`
			`echo "*************************************************************"`
			`exit 1`
			`fi >&2`
			`if [ -e "$BUILD_DIR" ]`
			`then ## umount all other directories below`
			`mount \| cut -d " " -f 3- \| sed "s/ type .*$//" \| grep "$IMAGE_DIR" \| while read mdir`
			`do umount "$mdir"`
			`done`
			`echo "removing the build directory ($BUILD_DIR) to guarantee a clean build ..."`
			`rm -r "$BUILD_DIR"`
			`fi`

			`workaround_samba_proc &`

			`# build the target directory`
			`LANG=C dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR/"`

			`# remove iso image of dfsbuild - it is not necessary`
			`[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"`

			`# finish package installation`
			`echo "dpkg --configure --pending" \| chroot_image`
			`}`


			`function create_uncompressed_iso()`
			`{`
			`# check for a mounted procfs`
			`mount \| grep -q " $IMAGE_DIR/proc " && umount "$IMAGE_DIR/proc"`
			`echo "Creating the iso ..."`
			`mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"`
			`}`


			`function create_compressed_iso()`
			`{`
			`# check for a mounted procfs`
			`mount \| grep -q " $IMAGE_DIR/proc " && umount "$IMAGE_DIR/proc"`
			`echo "Creating the compressed iso ..."`
			`[ -e "$IMAGEZ_DIR" ] && rm -r "$IMAGEZ_DIR"`
			`mkdir "$IMAGEZ_DIR"`
			`for a in $(ls "$IMAGE_DIR")`
			`do if echo "$UNCOMPRESSED_ITEMS" \| grep -q -w "$a"`
			`then echo " Copying uncompressed item: $a ..."`
			`cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"`
			`else if [ -h "$IMAGE_DIR/$a" ]`
			`then echo " Copying link: $a ..."`
			`cp -a "$IMAGE_DIR/$a" "$IMAGEZ_DIR"`
			`else echo " Compressing item: $a ..."`
			`mkzftree "$IMAGE_DIR/$a" "$IMAGEZ_DIR/$a"`
			`fi`
			`fi`
			`done`
			`mkisofs -z $MKISOFS_OPTIONS -o "$IMAGEZ_FILE" "$IMAGEZ_DIR"`
			`}`


			`function configure_cb()`
			`{`
			`if [ ! -e "$IMAGE_DIR" ]; then`
			`echo -e "Directory \"$IMAGE_DIR\" not found!"`
			`echo -e "Did you run \"$0 dfsbuild\"?"`
			`exit 1`
			`fi`

			`echo "Copying files to the box ..."`
			`svn export --force "$TEMPLATE_DIR/." "$IMAGE_DIR"`

			`echo "Configuring the cryptobox ..."`
			`echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh normal" \| chroot_image`

			`# source local configure scripts`
			`[ -d "$CUSTOM_CONFIGURE_DIR" ] && \`
			`find "$CUSTOM_CONFIGURE_DIR" -xtype f \| sort \| while read file`
			`do echo "Sourcing custom configure script $(basename $file) ..."`
			`# execute it in its own environment (to be safe)`
			`# 'source' implicitly imports all current settings`
			`# indent these lines to improve the output`
			`( source "$file" ) 2>&1 \| sed 's/^/\t/'`
			`done`
			`}`


			`function install_package()`
			`{`
			`## first disable automatic startup to avoid conflicts with local servers`
			`local conf_file=$IMAGE_DIR/etc/default/cryptobox-server`
			`test -e "$conf_file" && sed -i 's/^NO_START=.*$/NO_START=1/' "$conf_file"`
			`local chroot_deb_file=/cryptobox-server.deb`
			`cp "$DEB_PACKAGE" "$IMAGE_DIR$chroot_deb_file"`
			`echo "dpkg -i $chroot_deb_file" \| chroot_image`
			`rm "$IMAGE_DIR$chroot_deb_file"`
			`}`


			`function blanknburn_cdrw()`
			`{`
			`cdrecord -v dev=$CDWRITER blank=fast`
			`if [ -e "$IMAGEZ_FILE" ]; then`
			`cdrecord -v dev=$CDWRITER $IMAGEZ_FILE`
			`elif [ -e "IMAGE_FILE" ]; then`
			`cdrecord -v dev=$CDWRITER $IMAGE_FILE`
			`else`
			`echo "can't find CryptoBox image to burn" && exit 1`
			`fi`
			`}`


			`################ do it! ######################`

			[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"

			`# initialize local directories (easier for users)`
			`for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR`
			`do [ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"`
			`done`

			`# check for uid=0 (necessary for all operations)`
			`[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1`

			`while [ $# -gt 0 ]`
			`do case "$1" in`
			`dfsbuild )`
			`# check if we are in ROOT_DIR - otherwise we will have problems with`
			`# relative paths in dfs-box.conf`
			`[ "$ROOT_DIR" -ef "$(pwd)" ] \|\| error_die 1 "Sorry: you have to run $0 while you are in '$ROOT_DIR'!"`
			`run_dfsbuild`
			`;;`
			`config )`
			`install_package`
			`configure_cb normal`
			`;;`
			`iso )`
			`create_uncompressed_iso`
			`;;`
			`isoz )`
			`create_compressed_iso`
			`;;`
			`harden )`
			`echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh normal" \| chroot_image`
			`echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh secure" \| chroot_image`
			`;;`
			`burn )`
			`blanknburn_cdrw`
			`;;`
			`release )`
			`"$0" dfsbuild config harden isoz`
			`md5sum $IMAGEZ_FILE > ${IMAGEZ_FILE}.md5sum`
			`sha1sum $IMAGEZ_FILE > ${IMAGEZ_FILE}.sha1sum`
			`;;`
			`help\|--help )`
			echo "Syntax: `basename $0` ( release \| dfsbuild \| config \| harden \| iso \| isoz \| burn \| help )"
			`echo " (you may specify more than one action)"`
			`echo`
			`;;`
			`* )`
			`echo -e "unknown action: $1"`
			`echo`
			`$0 help`
			`exit 1`
			`;;`
			`esac`
			`shift`
			`done`