diff --git a/README.devel b/README.devel index f48fba8..91bfecc 100644 --- a/README.devel +++ b/README.devel @@ -1,16 +1,52 @@ This is an EXPERIMENTAL version of CryptoNAS for Debian Live! -## To get an NAS "good enough to play with", run the following commands once -#you get to the root prompt (use "sudo -s" to get to the root prompt). +Read http://devel.cryptobox.org/wiki/DebianLiveBuild before +you do anything else. -#It is recommended that you run "./rm-tmps.sh" after making configuration -#changes using an editor but before starting a new build. - -/usr/lib/cryptobox-cd/configure-cryptobox.sh normal +It is recommended that you run "./rm-tmps.sh" after making configuration +changes using an editor but before starting a new build. -## optionally call it again with argument "secure" (again, EXPERIMENTAL) +For the convenience of other developers, the debian-patched +live-helper scripts being used are located in +the "tools" folder. The version of live-helper distributed +with Ubuntu "Gutsy Gibbon" does NOT work for CryptoNAS. -/sbin/telinit 3 -/etc/init.d/cryptobox-server restart -/etc/init.d/samba restart +You should add the following line to apt-cacher's source list +(for example, /etc/apt/sources.list) and run "aptitude update": +deb http://systemausfall.org/toolforge/debian unstable main + +The only files and folders relevant to this version are: +tools/ +rm-tmps.sh +config/ +README.devel. +I'm keeping the folders from the legacy CryptoNAS build system around +until I'm sure we don't need them. Don't be confused by their continued +presence in the "deb-live" SVN branch. + +TODO: +get "shutdown/reboot from web interface" working +get (configuration partition) formatting to work +check against validation scripts +check that "secure" build works +set up a firewall in the "secure" build + +/etc/modules (make sure desired modules load at startup) + +complete "cryptonas" name change +possibly move /usr/lib/cryptobox-cd to /usr/share/cryptonas-cd +get apt-secure working +enable apache2 DAV +integrate with cryptobox-server 4.0 +for release version, try to isolate which parts of debian "standard" packages +are really needed to avoid errors and which are extraneous + + +Short term goals (next couple of commits): +----- +add explanatory text to etc-scoreboard file +do any more files need copyright notices? +set up reasonable defaults in cnas-default-settings (use gedit with multiple separate windows) + +/etc/network/interfaces diff --git a/config/binary b/config/binary index 8bd6c21..c450ac1 100644 --- a/config/binary +++ b/config/binary @@ -146,3 +146,8 @@ LH_SYSLINUX_MENU_MEMTEST_ENTRY="Memory test" # $LH_USERNAME: set username # (Default: user) LH_USERNAME="user" + + +#Load CryptoNAS and user-customized settings +. config/cnas-active-settings + diff --git a/config/bootstrap b/config/bootstrap index 8b639e9..c2da7e1 100644 --- a/config/bootstrap +++ b/config/bootstrap @@ -32,7 +32,7 @@ LH_DISTRIBUTION="etch" # $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from # (Default: http://ftp.us.debian.org/debian/) -LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/" +LH_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/" # $LH_MIRROR_CHROOT: set mirror to fetch packages from # (Default: http://ftp.us.debian.org/debian/) @@ -40,7 +40,7 @@ LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP # $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from # (Default: http://security.debian.org/) -LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/" +LH_MIRROR_CHROOT_SECURITY="http://security.debian.org/" # $LH_MIRROR_BINARY: set mirror which ends up in the image # (Default: http://ftp.us.debian.org/debian/) @@ -53,3 +53,8 @@ LH_MIRROR_BINARY_SECURITY="http://security.debian.org/" # $LH_SECTIONS: select section(s) to use # (Default: main) LH_SECTIONS="main" + + +#Load CryptoNAS and user-customized settings +. config/cnas-active-settings + diff --git a/config/chroot b/config/chroot index 88e8148..0541577 100644 --- a/config/chroot +++ b/config/chroot @@ -33,7 +33,6 @@ LH_LANGUAGE="en" # (Default: autodetected) #LH_LINUX_FLAVOURS="486 686" - # $LH_LINUX_PACKAGES: set kernel packages to use # (Default: autodetected) LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6" @@ -45,8 +44,7 @@ LH_PACKAGES="" # $LH_PACKAGES_LISTS: set package list to install # (Default: standard) -# FIXME: Use "minimal cryptonas" for CryptoNAS releases -LH_PACKAGES_LISTS="standard cryptonas-devel" +LH_PACKAGES_LISTS="standard" # $LH_TASKS: set tasks to install # (Default: empty) @@ -64,3 +62,7 @@ LH_SYMLINKS="disabled" # (Default: disabled) LH_SYSVINIT="disabled" + +#Load CryptoNAS and user-customized settings +. config/cnas-active-settings + diff --git a/config/chroot_local-hooks/50cnas-config-chroot.sh b/config/chroot_local-hooks/50cnas-config-chroot.sh new file mode 100755 index 0000000..a9ee10d --- /dev/null +++ b/config/chroot_local-hooks/50cnas-config-chroot.sh @@ -0,0 +1,182 @@ +#!/bin/sh +# +# Copyright (c) 02005 sense.lab +# +# License: This script is distributed under the terms of version 2 +# of the GNU GPL. See the LICENSE file included with the package. +# +# $Id$ +# +# this script is part of the building process of the cryptobox +# the "normal" action is necessary for every cryptobox (development & release) +# the "secure" action is mandatory for every release CD +# +# 2008-06-21 Adapted by James Crofts for use with "live-helper" +# + +set -eu + +RUNTIMEDIR=/opt/dfsruntime/runtimerd +TUNDEV=$RUNTIMEDIR/dev/net/tun + +REMOVE_PACKAGES="strace + nvi nano vim vim-common vim-tiny + unzip zip aptitude tasksel locate + ssh elinks curl wget netkit-inetd telnet + exim4-daemon-light exim4-config exim4-base + ppp pppconfig pppoe pppoeconf iptables + subversion w3m wget lynx less screen + info iptables man-db manpages + openssh-server openssh-client" + +# remove rc symlinks for these services +SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate" + +#We run in a chroot environment, so source files accordingly. +. /usr/lib/cryptobox-cd/etc-scoreboard + +function configure_normal() +# the usual stuff - not optimized for security +{ + ##### cryptobox settings ###### + # start during bootup + sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/cryptobox-server + # listen to port 80 by default + sed -i 's/^PORT=.*$/PORT=80/' /etc/default/cryptobox-server + # use a separate configuration partition + sed -i 's/^UseConfigPartition.*$/UseConfigPartition = 1/' /etc/cryptobox-server/cryptobox.conf + # all plugins are enabled (especially: "encrypted_webinterface") + sed -i 's#^DisabledPlugins.*$#DisabledPlugins = #' /etc/cryptobox-server/cryptobox.conf + # change the selection of devices, that can be used as the crypto harddisk + sed -i 's#^AllowedDevices.*$#AllowedDevices = /dev/#' /etc/cryptobox-server/cryptobox.conf + + ############ samba ############ + # enable samba startup (disabled before via cbox-build.sh) + echo 'RUN_MODE="daemons"' >/etc/default/samba + # install the samba hook script + cp /usr/share/doc/cryptobox-server/event-scripts/samba /etc/cryptobox-server/events.d/samba + chmod +x /etc/cryptobox-server/events.d/samba + chown root:root /etc + + + ############ webdav ############ + #TODO: FIXME: add apache2 packages; configure port; add webdav link in web frontend +# sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2 +# cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav +# chmod +x /etc/cryptobox-server/events.d/apache2_dav + + + ########### boot up ########### + # turn off creation of "/etc/nologin" (read-only fs) + sed -i '/^DELAYLOGIN=/s/^DELAYLOGIN=.*$/DELAYLOGIN=no/' /etc/default/rcS + # turn off modifying /etc/motd (read-only fs) + sed -i '/^EDITMOTD=/s/^EDITMOTD=.*$/EDITMOTD=no/' /etc/default/rcS + + ######### shutdown ######### + # Remove the prompt to eject CD + rm -r /etc/rc0.d/*casper + rm -r /etc/rc6.d/*casper + + ######### devices ########## + # create tun device for running under qemu + if [ ! -e "$TUNDEV" ] + then mkdir -p `dirname "$TUNDEV"` + mknod "$TUNDEV" c 10 200 + fi + + ########## sshd ############ + if [ -e "/etc/ssh" ]; then + # allow empty passwords for ssh + # the daemon is NOT started automatically, so you have to start it + # manually in case of need - as the root pw is empty and passwd is ro, you + # have to allow empty passwords for this rare case + sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config + # turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour) + sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config + # allow input of password + sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config + fi + + # remove symlinks for unwanted services + for a in $SERVICES_OFF; do + # echo "Turning off service $a ..." + find /etc/rc?.d/ -type l -name "[SK][0-9][0-9]$a" | while read b + do rm "$b" + done + done + + return 0 +} + + +function configure_secure() +# remove everything that could weaken security +# configure_normal should be called too! +{ + # disable keyboard login + sed -i '/getty/d' /etc/inittab + + # remove unnecessary packages + dpkg --force-all -P $REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed." || true + + # maybe an authorized_keys file was created - but it is not dangerous, + # as the openssh package was removed anyway + [ -d /root/.ssh ] && rm -rf /root/.ssh + + # disable root account + passwd -l root + + ############## clean up ################ + # remove deb-files, that were left by dfsbuild + # remove packages and package lists + # remove locale files + # remove doc files + # remove man pages + # some vim files stay behind? + rm -rf /opt/packages /var/cache/bootstrap /var/cache/apt/ /var/cache/locate + rm -rf /usr/share/man /usr/share/vim /var/lib/apt /var/cache/debconf /var/cache/man + # remove docs except for the cryptobox's + ls /usr/share/doc | while read dname + do test "$dname" == "cryptobox-server" || rm -rf "/usr/share/doc/$dname" + done + # remove all locale files and symlinks except for the cryptobox's + (find /usr/share/locale -type f; find /usr/share/locale -type l) | grep -v "cryptobox-server" | while read fname + do rm "$fname" + done + # remove all empty locale directories + find /usr/share/locale -type d | while read dname + do test -d "$dname" && rmdir --ignore-fail-on-non-empty --parents "$dname" + done + + # change some dir permissions + chmod 660 /var/cache/cryptobox-server/settings/ + + return 0 +} + + +################ main #################### +# Allow this script to be run either manually by the +# developer using live-helper's "interactive chroot" +# mode or automatically by "lh_build". +ACTION="$CNAS_HARDNESS" +[ $# -gt 0 ] && ACTION=$1 + +case "$ACTION" in + normal|devel) + configure_normal + ;; + secure|hard) + configure_normal + configure_secure + ;; + * ) + echo "`basename $0`:warning: CryptoNAS security level\ + not specified; defaulting to \"secure\"" + configure_normal + configure_secure + ;; + esac + +#FIXME: Not ideal to unconditionally return "SUCCESS" +exit 0 diff --git a/config/chroot_local-includes/etc/init.d/cnas-groups b/config/chroot_local-includes/etc/init.d/cnas-groups new file mode 100755 index 0000000..cb5bc90 --- /dev/null +++ b/config/chroot_local-includes/etc/init.d/cnas-groups @@ -0,0 +1,32 @@ +#!/bin/sh +# /etc/init.d/cnas-groups +# Add user cryptobox (cryptonas) to required groups for Live CD +# $Id: $ +# Copyright 2005--2008 sense.lab +# +# This file is part of CryptoNAS. +# +# CryptoNAS is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# CryptoNAS is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with CryptoNAS. If not, see . +# +# 2008-06-21 James Crofts adapted existing CryptoNAS code +# for Debian Live +# + +ADD_GROUPS="floppy cdrom tape video plugdev" +# add the cryptobox user to some more groups +echo "Adding CryptoNAS user to required groups..." +for new_group in $ADD_GROUPS + do adduser cryptobox "$new_group" + done + diff --git a/config/chroot_local-includes/etc/rcS.d/S37cnas-groups b/config/chroot_local-includes/etc/rcS.d/S37cnas-groups new file mode 120000 index 0000000..673898b --- /dev/null +++ b/config/chroot_local-includes/etc/rcS.d/S37cnas-groups @@ -0,0 +1 @@ +../init.d/cnas-groups \ No newline at end of file diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc new file mode 100755 index 0000000..0268856 --- /dev/null +++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc @@ -0,0 +1,90 @@ +#! /bin/sh +#$BUILD_DIR/config/chroot_local-includes/usr/share/ +# initramfs-tools/scripts/casper-bottom/90cnas_setup_etc +# +# Fix files in /etc clobbered by casper at boot time +# +# $Id: $ +# Copyright 2005--2008 sense.lab +# +# This file is part of CryptoNAS. +# +# CryptoNAS is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 2 of the License, or +# (at your option) any later version. +# +# CryptoNAS is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with CryptoNAS. If not, see . +# +# 2008-06-21 Adapted from CryptoNAS (dfsbuild) by James Crofts for +# use with initramfs-tools + + +# Scripts hooked into initramfs or casper must NOT have odd +# characters in them due to the way they are parsed. +# This includes the hyphen '-'. They break the boot system! + + +#We don't actually depend on these +#"prerequisites", but if they exist (they do) we must +#run after them. +PREREQ="23networking 25configure_init" +DESCRIPTION="Preconfiguring CryptoNAS Live System..." + +#Location of "real" root as seen from initramfs +CNAS_ROOT_DIR="/root" + +. /scripts/casper-functions + +prereqs() +{ + echo "$PREREQ" +} + +case $1 in +# get pre-requisites +prereqs) + prereqs + exit 0 + ;; +esac + +log_begin_msg "$DESCRIPTION" + +. ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard + +# "/" must be writeable only by root, or else the CryptoNAS-Samba +# hook scripts will refuse to run for security reasons. +chmod go-w ${CNAS_ROOT_DIR} +#chmod 755 ${CNAS_ROOT_DIR} + +sed -i 's/^id:.*$/id:3:initdefault:/' ${CNAS_ROOT_DIR}/etc/inittab +# add tmpfs entry for mount parent +# remove old line, if fstab exists +test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d' ${CNAS_ROOT_DIR}/etc/fstab +# add new line +echo "tmpfs /var/cache/cryptobox-server/mnt tmpfs defaults 0 0" >> ${CNAS_ROOT_DIR}/etc/fstab + + +#"hard" and "secure" are synonyms, so test for both of them +if [ ${CNAS_HARDNESS} -eq "hard" -o ${CNAS_HARDNESS} -eq "secure" ] + then + + #FIXME: Since we're now doing this important step at runtime, + # it would be a good idea to call the initramfs-tools + # function "panic" if the substitution failed. How + # can we check whether it succeeded? + # Alternatively, a known-good inittab could be copied + # from /usr/lib/cryptobox-cd or someplace similar... + + # disable keyboard login + sed -i '/getty/d' /etc/inittab +fi + +log_end_msg diff --git a/config/cnas-active-settings b/config/cnas-active-settings index 3f174fb..6fd7f54 100644 --- a/config/cnas-active-settings +++ b/config/cnas-active-settings @@ -1,21 +1,72 @@ +#!/bin/sh #CryptoNAS Live include file #$BUILD_DIR/config/cnas-active-settings -# -*- bash -*- #configure Emacs for bash mode #This file includes the config files in the correct order. #It can be included by scripts both in the bootstrap and #chroot environments. Variable assignments in later #includes override earlier ones. +#This file also contains a hack to write the scoreboard +#file. +# Variable and function names starting with underscore +# are NOT intended to be used for user customization of builds. +# In addition, the names of variables to be included in the +# scoreboard file must begin with "CNAS_". -. ./cnas-default-settings +#This file is included by: +# config/common +# config/bootstrap +# config/chroot +# config/binary +# config/source + +CNAS_CONFIG_DIR="config" + +. ${CNAS_CONFIG_DIR}/cnas-default-settings -#May be necessary to include this file in the below files instead... -#. ./common -#. ./bootstrap -#. ./chroot -#. ./binary -#. ./source #Include cnas-custom-settings IFF this file exists -#. ./cnas-custom-settings -[ -f ./cnas-custom-settings ] && . ./cnas-custom-settings +[ -f ${CNAS_CONFIG_DIR}/cnas-custom-settings ] && . ${CNAS_CONFIG_DIR}/cnas-custom-settings + + +#The stage file tracks when the scoreboard update code +#needs to run. The path is relative to the build dir. +_CNAS_STAGE_DIR=".stage/" +_CNAS_STAGE=".stage/chroot_cnas-scoreboard" + + +#Search in the top level of config for settings files CryptoNAS +#depends on. If any of them changed more recently than +#the settings scoreboard file, update it. +_CNAS_FIND="find config -regextype posix-extended -maxdepth 1 -type f -newer ${_CNAS_STAGE} -true " + +#FIXME: refine regexp, try remembering during a rebuild...? +# -regex '[^~]+' " +# \( -name 'common -o -name 'bootstrap' -o -name 'chroot' -o -name 'binary' -o -name 'source' -o -name 'cnas-default-settings' -o -name 'cnas-custom-settings' -o -name 'cnas-active-settings' \) " +#echo ${_CNAS_FIND} +#_CNAS_FOUND=`${_CNAS_FIND}` + + +_CNAS_SCOREBOARD="config/chroot_local-includes/usr/lib/cryptobox-cd/etc-scoreboard" + +#Only run the scoreboard hack if the ".stage" directory exists +if [ -d ${_CNAS_STAGE_DIR} ] +then +#If the scoreboard file needs updating, update it: + +#If the stage file does not exist or the "find" found something +if [ ! -f "${_CNAS_STAGE}" ] || [ -n "`${_CNAS_FIND}`" ] + then + #Update the scoreboard file from the current shell vars + echo "CryptoNAS: updating scoreboard file..." + set | grep -e "^CNAS_" > ${_CNAS_SCOREBOARD} + + #If we updated the scoreboard, touch the .stage/... + #file we use for time stamping. + touch "${_CNAS_STAGE}" +fi + +fi # .stage directory exists + +#Unconditionally return success +/bin/true diff --git a/config/cnas-default-settings b/config/cnas-default-settings index 57ab8cf..a9e869f 100644 --- a/config/cnas-default-settings +++ b/config/cnas-default-settings @@ -1,15 +1,140 @@ - -#include file for CryptoNAS Live +#!/bin/sh +#cnas-default-settings +# Default settings file for CryptoNAS Live +# +# This file is a shell script included by the live-helper +# scripts. Settings in "cnas-custom-settings" override +# those here if that file exists. +# Therefore, if you want to make local customizations to +# your build settings, you should do: +# "cp cnas-default-settings cnas-custom-settings" +# and make changes to "cnas-custom-settings". +# +# Values in config/bootstrap, config/chroot, config/binary, +# etc. will be used if they are not redefined by +# cnas-custom-settings or cnas-default-settings. +# +# I've tried to include in this file the settings that +# are most likely to be changed by a developer or custom +# builder. If an option isn't here, you should look in +# config/bootstrap, config/chroot, config/binary, +# config/source, or config/common. +# An "effective inclusion" diagram in Open Office format +# will eventually be included in the repository for +# documentation. + + +# -----common----- +# Internal stuff (FIXME) +# The `--force-yes' option should be removed once `apt' is made to +# recognize and use all the relevant GPG keys. `--yes' can stay. +APT_OPTIONS="--yes --force-yes" + + +# $LH_ARCHITECTURE: select chroot architecture +# (Default: autodetected) +# Note: Debian Live is also designed to work on AMD64 and PowerPC +LH_ARCHITECTURE="i386" + + +#-----bootstrap----- +# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from +# (Default: http://ftp.us.debian.org/debian/) +LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/" + +# $LH_MIRROR_CHROOT: set mirror to fetch packages from +# (Default: http://ftp.us.debian.org/debian/) +LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP + +# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from +# (Default: http://security.debian.org/) +LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/" + +#-----chroot----- +# $LH_HOOKS: set hook commands +# (Default: empty) +LH_HOOKS="" + +# $LH_INTERACTIVE: set interactive build +# (Default: disabled) +LH_INTERACTIVE="disabled" + +# $LH_KEYRING_PACKAGES: set keyring packages +# (Default: empty) +LH_KEYRING_PACKAGES="" + +# $LH_LANGUAGE: set language to use +# (Default: empty) +LH_LANGUAGE="en" + +# $LH_LINUX_FLAVOURS: set kernel flavour to use +# (Default: autodetected) +# CryptoNAS will be VERY slow on anything less than a Pentium, +# but you can add other flavors here if you want to. +#LH_LINUX_FLAVOURS="486 686" +#LH_LINUX_FLAVOURS="686" + + +# $LH_LINUX_PACKAGES: set kernel packages to use +# (Default: autodetected) +LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6" +#LH_LINUX_PACKAGES="" + +# $LH_PACKAGES: set packages to install +# (Default: empty) +LH_PACKAGES="" + +# $LH_PACKAGES_LISTS: set package list to install +# (Default: standard) +# FIXME: Use "minimal cryptonas" for CryptoNAS releases +LH_PACKAGES_LISTS="standard cryptonas-devel" + +#-----binary----- +# $LH_BINARY_IMAGES: set image type +# (Default: usb-hdd) +# Valid choices are: +# "iso" for CD-ROM builds +# "usb-hdd" for other block devices +# "net" for netboot +# "tar" for ??? +LH_BINARY_IMAGES="usb-hdd" + +# $LH_ENCRYPTION: set encrytion +# (Default: disabled) +LH_ENCRYPTION="disabled" + +# $LH_HOSTNAME: set hostname +# (Default: cryptonas) +LH_HOSTNAME="cryptonas" + + +# $LH_ISO_PREPARER: set iso preparer +# (Default: live-helper 1.0~a46; http://packages.qa.debian.org/live-helper) +LH_ISO_PREPARER="live-helper 1.0~a46; http://packages.qa.debian.org/live-helper" + +# $LH_ISO_PUBLISHER: set iso publisher +# (Default: Debian Live project; http://debian-live.alioth.debian.org/; debian-live-devel@lists.alioth.debian.org) +LH_ISO_PUBLISHER="CryptoNAS project; http://cryptonas.org; cryptobox-dev@lists.systemausfall.org" + +# $LH_ISO_VOLUME: set iso volume (max 32 chars) +# (Default: Debian Live $(date +%Y%m%d-%H:%M)) +LH_ISO_VOLUME="CryptoNAS Live $(date +%Y%m%d-%H:%M)" + +#-----source----- +# $LH_SOURCE: set source option +# This is the easiest way to comply with the GNU GPL if you're +# redistributing CryptoNAS on a CD-ROM. +# (Default: disabled) +LH_SOURCE="disabled" + -#FIXME: move this somewhere else, such as "default settings" -#Set this to "devel" or "normal" for development, or -#set it to "hard" or "secure" for releases. -CNAS_HARDNESS="devel" # It is recommended that CryptoNAS-specific variable # definitions follow the CNAS_FOO or _CNAS_FOO conventions to -# avoid polluting the shared live-helper namespace. +# avoid polluting the shared live-helper namespace. Additionally, +# only variables starting with "CNAS_" will be available at +# runtime via the scoreboard file. ############################################################### #CNAS_DELETEFILES="/etc/rcS.d/*discover \ @@ -18,3 +143,17 @@ CNAS_HARDNESS="devel" #/var/log/bootstrap.log" #CNAS_MAKEDIRS="" + + +# $LH_BINARY_IMAGES: set image type +# (Default: usb-hdd) +# Valid choices are: +# "iso" for CD-ROM builds +# "usb-hdd" for other block devices +# "net" for netboot +# "tar" for ??? +LH_BINARY_IMAGES="usb-hdd" + + +CNAS_ROOT_FS="/root" +CNAS_HARDNESS="devel" diff --git a/config/common b/config/common index 5c19116..7953257 100644 --- a/config/common +++ b/config/common @@ -22,9 +22,7 @@ LH_APT_PIPELINE="" # $LH_APT_RECOMMENDS: set apt/aptitude recommends # (Default: enabled) -#LH_APT_RECOMMENDS="enabled" -#Enabled for CryptoNAS development. FIXME: Disable for releases -LH_APT_RECOMMENDS="enabled" +LH_APT_RECOMMENDS="disabled" # $LH_APT_SECURE: set apt/aptitude security # (Default: enabled) @@ -78,7 +76,7 @@ LH_LOSETUP="losetup" # $LH_MODE: set distribution mode # (Default: debian) -# FIXME: what are the other choices? +# Valid values are "debian" or "ubuntu" LH_MODE="debian" # $LH_ROOT_COMMAND: use sudo or equivalent @@ -123,8 +121,6 @@ LH_QUIET="disabled" # (Default: disabled) #LH_VERBOSE="disabled" -# Internal stuff (FIXME) -# The `--force-yes' option should be removed once `apt' is made to -# recognize and use all the relevant GPG keys. `--yes' can stay. -APT_OPTIONS="--yes --force-yes" +# Internal stuff +APT_OPTIONS="--yes" APTITUDE_OPTIONS="--assume-yes" diff --git a/config/source b/config/source index 1ac0ea6..a0323d7 100644 --- a/config/source +++ b/config/source @@ -7,3 +7,8 @@ LH_SOURCE="disabled" # $LH_SOURCE_IMAGES: set image type # (Default: tar) LH_SOURCE_IMAGES="tar" + + +#Load CryptoNAS and user-customized settings +. config/cnas-active-settings + diff --git a/tools/live-helper_1.0~a46-2.deb.tgz b/tools/live-helper_1.0~a46-2.deb.tgz new file mode 100644 index 0000000..e389854 Binary files /dev/null and b/tools/live-helper_1.0~a46-2.deb.tgz differ