Daemons now start up correctly on their own.
Volumes can now be mounted, unmounted, and accessed using CIFS, including encrypted volumes. Streamlined build customization capability, including addition of "scoreboard" file. Added live-helper scripts to the repository.
This commit is contained in:
parent
443dd1f163
commit
13e8c341a1
13 changed files with 584 additions and 40 deletions
56
README.devel
56
README.devel
|
@ -1,16 +1,52 @@
|
||||||
This is an EXPERIMENTAL version of CryptoNAS for Debian Live!
|
This is an EXPERIMENTAL version of CryptoNAS for Debian Live!
|
||||||
|
|
||||||
## To get an NAS "good enough to play with", run the following commands once
|
Read http://devel.cryptobox.org/wiki/DebianLiveBuild before
|
||||||
#you get to the root prompt (use "sudo -s" to get to the root prompt).
|
you do anything else.
|
||||||
|
|
||||||
#It is recommended that you run "./rm-tmps.sh" after making configuration
|
|
||||||
#changes using an editor but before starting a new build.
|
|
||||||
|
|
||||||
|
|
||||||
/usr/lib/cryptobox-cd/configure-cryptobox.sh normal
|
It is recommended that you run "./rm-tmps.sh" after making configuration
|
||||||
|
changes using an editor but before starting a new build.
|
||||||
|
|
||||||
## optionally call it again with argument "secure" (again, EXPERIMENTAL)
|
For the convenience of other developers, the debian-patched
|
||||||
|
live-helper scripts being used are located in
|
||||||
|
the "tools" folder. The version of live-helper distributed
|
||||||
|
with Ubuntu "Gutsy Gibbon" does NOT work for CryptoNAS.
|
||||||
|
|
||||||
/sbin/telinit 3
|
You should add the following line to apt-cacher's source list
|
||||||
/etc/init.d/cryptobox-server restart
|
(for example, /etc/apt/sources.list) and run "aptitude update":
|
||||||
/etc/init.d/samba restart
|
deb http://systemausfall.org/toolforge/debian unstable main
|
||||||
|
|
||||||
|
The only files and folders relevant to this version are:
|
||||||
|
tools/
|
||||||
|
rm-tmps.sh
|
||||||
|
config/
|
||||||
|
README.devel.
|
||||||
|
I'm keeping the folders from the legacy CryptoNAS build system around
|
||||||
|
until I'm sure we don't need them. Don't be confused by their continued
|
||||||
|
presence in the "deb-live" SVN branch.
|
||||||
|
|
||||||
|
TODO:
|
||||||
|
get "shutdown/reboot from web interface" working
|
||||||
|
get (configuration partition) formatting to work
|
||||||
|
check against validation scripts
|
||||||
|
check that "secure" build works
|
||||||
|
set up a firewall in the "secure" build
|
||||||
|
|
||||||
|
/etc/modules (make sure desired modules load at startup)
|
||||||
|
|
||||||
|
complete "cryptonas" name change
|
||||||
|
possibly move /usr/lib/cryptobox-cd to /usr/share/cryptonas-cd
|
||||||
|
get apt-secure working
|
||||||
|
enable apache2 DAV
|
||||||
|
integrate with cryptobox-server 4.0
|
||||||
|
for release version, try to isolate which parts of debian "standard" packages
|
||||||
|
are really needed to avoid errors and which are extraneous
|
||||||
|
|
||||||
|
|
||||||
|
Short term goals (next couple of commits):
|
||||||
|
-----
|
||||||
|
add explanatory text to etc-scoreboard file
|
||||||
|
do any more files need copyright notices?
|
||||||
|
set up reasonable defaults in cnas-default-settings (use gedit with multiple separate windows)
|
||||||
|
|
||||||
|
/etc/network/interfaces
|
||||||
|
|
|
@ -146,3 +146,8 @@ LH_SYSLINUX_MENU_MEMTEST_ENTRY="Memory test"
|
||||||
# $LH_USERNAME: set username
|
# $LH_USERNAME: set username
|
||||||
# (Default: user)
|
# (Default: user)
|
||||||
LH_USERNAME="user"
|
LH_USERNAME="user"
|
||||||
|
|
||||||
|
|
||||||
|
#Load CryptoNAS and user-customized settings
|
||||||
|
. config/cnas-active-settings
|
||||||
|
|
||||||
|
|
|
@ -32,7 +32,7 @@ LH_DISTRIBUTION="etch"
|
||||||
|
|
||||||
# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
|
# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
|
||||||
# (Default: http://ftp.us.debian.org/debian/)
|
# (Default: http://ftp.us.debian.org/debian/)
|
||||||
LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/"
|
LH_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/"
|
||||||
|
|
||||||
# $LH_MIRROR_CHROOT: set mirror to fetch packages from
|
# $LH_MIRROR_CHROOT: set mirror to fetch packages from
|
||||||
# (Default: http://ftp.us.debian.org/debian/)
|
# (Default: http://ftp.us.debian.org/debian/)
|
||||||
|
@ -40,7 +40,7 @@ LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP
|
||||||
|
|
||||||
# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
|
# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
|
||||||
# (Default: http://security.debian.org/)
|
# (Default: http://security.debian.org/)
|
||||||
LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/"
|
LH_MIRROR_CHROOT_SECURITY="http://security.debian.org/"
|
||||||
|
|
||||||
# $LH_MIRROR_BINARY: set mirror which ends up in the image
|
# $LH_MIRROR_BINARY: set mirror which ends up in the image
|
||||||
# (Default: http://ftp.us.debian.org/debian/)
|
# (Default: http://ftp.us.debian.org/debian/)
|
||||||
|
@ -53,3 +53,8 @@ LH_MIRROR_BINARY_SECURITY="http://security.debian.org/"
|
||||||
# $LH_SECTIONS: select section(s) to use
|
# $LH_SECTIONS: select section(s) to use
|
||||||
# (Default: main)
|
# (Default: main)
|
||||||
LH_SECTIONS="main"
|
LH_SECTIONS="main"
|
||||||
|
|
||||||
|
|
||||||
|
#Load CryptoNAS and user-customized settings
|
||||||
|
. config/cnas-active-settings
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,6 @@ LH_LANGUAGE="en"
|
||||||
# (Default: autodetected)
|
# (Default: autodetected)
|
||||||
#LH_LINUX_FLAVOURS="486 686"
|
#LH_LINUX_FLAVOURS="486 686"
|
||||||
|
|
||||||
|
|
||||||
# $LH_LINUX_PACKAGES: set kernel packages to use
|
# $LH_LINUX_PACKAGES: set kernel packages to use
|
||||||
# (Default: autodetected)
|
# (Default: autodetected)
|
||||||
LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
|
LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
|
||||||
|
@ -45,8 +44,7 @@ LH_PACKAGES=""
|
||||||
|
|
||||||
# $LH_PACKAGES_LISTS: set package list to install
|
# $LH_PACKAGES_LISTS: set package list to install
|
||||||
# (Default: standard)
|
# (Default: standard)
|
||||||
# FIXME: Use "minimal cryptonas" for CryptoNAS releases
|
LH_PACKAGES_LISTS="standard"
|
||||||
LH_PACKAGES_LISTS="standard cryptonas-devel"
|
|
||||||
|
|
||||||
# $LH_TASKS: set tasks to install
|
# $LH_TASKS: set tasks to install
|
||||||
# (Default: empty)
|
# (Default: empty)
|
||||||
|
@ -64,3 +62,7 @@ LH_SYMLINKS="disabled"
|
||||||
# (Default: disabled)
|
# (Default: disabled)
|
||||||
LH_SYSVINIT="disabled"
|
LH_SYSVINIT="disabled"
|
||||||
|
|
||||||
|
|
||||||
|
#Load CryptoNAS and user-customized settings
|
||||||
|
. config/cnas-active-settings
|
||||||
|
|
||||||
|
|
182
config/chroot_local-hooks/50cnas-config-chroot.sh
Executable file
182
config/chroot_local-hooks/50cnas-config-chroot.sh
Executable file
|
@ -0,0 +1,182 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
|
||||||
|
#
|
||||||
|
# License: This script is distributed under the terms of version 2
|
||||||
|
# of the GNU GPL. See the LICENSE file included with the package.
|
||||||
|
#
|
||||||
|
# $Id$
|
||||||
|
#
|
||||||
|
# this script is part of the building process of the cryptobox
|
||||||
|
# the "normal" action is necessary for every cryptobox (development & release)
|
||||||
|
# the "secure" action is mandatory for every release CD
|
||||||
|
#
|
||||||
|
# 2008-06-21 Adapted by James Crofts for use with "live-helper"
|
||||||
|
#
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
|
||||||
|
RUNTIMEDIR=/opt/dfsruntime/runtimerd
|
||||||
|
TUNDEV=$RUNTIMEDIR/dev/net/tun
|
||||||
|
|
||||||
|
REMOVE_PACKAGES="strace
|
||||||
|
nvi nano vim vim-common vim-tiny
|
||||||
|
unzip zip aptitude tasksel locate
|
||||||
|
ssh elinks curl wget netkit-inetd telnet
|
||||||
|
exim4-daemon-light exim4-config exim4-base
|
||||||
|
ppp pppconfig pppoe pppoeconf iptables
|
||||||
|
subversion w3m wget lynx less screen
|
||||||
|
info iptables man-db manpages
|
||||||
|
openssh-server openssh-client"
|
||||||
|
|
||||||
|
# remove rc symlinks for these services
|
||||||
|
SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate"
|
||||||
|
|
||||||
|
#We run in a chroot environment, so source files accordingly.
|
||||||
|
. /usr/lib/cryptobox-cd/etc-scoreboard
|
||||||
|
|
||||||
|
function configure_normal()
|
||||||
|
# the usual stuff - not optimized for security
|
||||||
|
{
|
||||||
|
##### cryptobox settings ######
|
||||||
|
# start during bootup
|
||||||
|
sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/cryptobox-server
|
||||||
|
# listen to port 80 by default
|
||||||
|
sed -i 's/^PORT=.*$/PORT=80/' /etc/default/cryptobox-server
|
||||||
|
# use a separate configuration partition
|
||||||
|
sed -i 's/^UseConfigPartition.*$/UseConfigPartition = 1/' /etc/cryptobox-server/cryptobox.conf
|
||||||
|
# all plugins are enabled (especially: "encrypted_webinterface")
|
||||||
|
sed -i 's#^DisabledPlugins.*$#DisabledPlugins = #' /etc/cryptobox-server/cryptobox.conf
|
||||||
|
# change the selection of devices, that can be used as the crypto harddisk
|
||||||
|
sed -i 's#^AllowedDevices.*$#AllowedDevices = /dev/#' /etc/cryptobox-server/cryptobox.conf
|
||||||
|
|
||||||
|
############ samba ############
|
||||||
|
# enable samba startup (disabled before via cbox-build.sh)
|
||||||
|
echo 'RUN_MODE="daemons"' >/etc/default/samba
|
||||||
|
# install the samba hook script
|
||||||
|
cp /usr/share/doc/cryptobox-server/event-scripts/samba /etc/cryptobox-server/events.d/samba
|
||||||
|
chmod +x /etc/cryptobox-server/events.d/samba
|
||||||
|
chown root:root /etc
|
||||||
|
|
||||||
|
|
||||||
|
############ webdav ############
|
||||||
|
#TODO: FIXME: add apache2 packages; configure port; add webdav link in web frontend
|
||||||
|
# sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
|
||||||
|
# cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
|
||||||
|
# chmod +x /etc/cryptobox-server/events.d/apache2_dav
|
||||||
|
|
||||||
|
|
||||||
|
########### boot up ###########
|
||||||
|
# turn off creation of "/etc/nologin" (read-only fs)
|
||||||
|
sed -i '/^DELAYLOGIN=/s/^DELAYLOGIN=.*$/DELAYLOGIN=no/' /etc/default/rcS
|
||||||
|
# turn off modifying /etc/motd (read-only fs)
|
||||||
|
sed -i '/^EDITMOTD=/s/^EDITMOTD=.*$/EDITMOTD=no/' /etc/default/rcS
|
||||||
|
|
||||||
|
######### shutdown #########
|
||||||
|
# Remove the prompt to eject CD
|
||||||
|
rm -r /etc/rc0.d/*casper
|
||||||
|
rm -r /etc/rc6.d/*casper
|
||||||
|
|
||||||
|
######### devices ##########
|
||||||
|
# create tun device for running under qemu
|
||||||
|
if [ ! -e "$TUNDEV" ]
|
||||||
|
then mkdir -p `dirname "$TUNDEV"`
|
||||||
|
mknod "$TUNDEV" c 10 200
|
||||||
|
fi
|
||||||
|
|
||||||
|
########## sshd ############
|
||||||
|
if [ -e "/etc/ssh" ]; then
|
||||||
|
# allow empty passwords for ssh
|
||||||
|
# the daemon is NOT started automatically, so you have to start it
|
||||||
|
# manually in case of need - as the root pw is empty and passwd is ro, you
|
||||||
|
# have to allow empty passwords for this rare case
|
||||||
|
sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
|
||||||
|
# turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour)
|
||||||
|
sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config
|
||||||
|
# allow input of password
|
||||||
|
sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config
|
||||||
|
fi
|
||||||
|
|
||||||
|
# remove symlinks for unwanted services
|
||||||
|
for a in $SERVICES_OFF; do
|
||||||
|
# echo "Turning off service $a ..."
|
||||||
|
find /etc/rc?.d/ -type l -name "[SK][0-9][0-9]$a" | while read b
|
||||||
|
do rm "$b"
|
||||||
|
done
|
||||||
|
done
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function configure_secure()
|
||||||
|
# remove everything that could weaken security
|
||||||
|
# configure_normal should be called too!
|
||||||
|
{
|
||||||
|
# disable keyboard login
|
||||||
|
sed -i '/getty/d' /etc/inittab
|
||||||
|
|
||||||
|
# remove unnecessary packages
|
||||||
|
dpkg --force-all -P $REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed." || true
|
||||||
|
|
||||||
|
# maybe an authorized_keys file was created - but it is not dangerous,
|
||||||
|
# as the openssh package was removed anyway
|
||||||
|
[ -d /root/.ssh ] && rm -rf /root/.ssh
|
||||||
|
|
||||||
|
# disable root account
|
||||||
|
passwd -l root
|
||||||
|
|
||||||
|
############## clean up ################
|
||||||
|
# remove deb-files, that were left by dfsbuild
|
||||||
|
# remove packages and package lists
|
||||||
|
# remove locale files
|
||||||
|
# remove doc files
|
||||||
|
# remove man pages
|
||||||
|
# some vim files stay behind?
|
||||||
|
rm -rf /opt/packages /var/cache/bootstrap /var/cache/apt/ /var/cache/locate
|
||||||
|
rm -rf /usr/share/man /usr/share/vim /var/lib/apt /var/cache/debconf /var/cache/man
|
||||||
|
# remove docs except for the cryptobox's
|
||||||
|
ls /usr/share/doc | while read dname
|
||||||
|
do test "$dname" == "cryptobox-server" || rm -rf "/usr/share/doc/$dname"
|
||||||
|
done
|
||||||
|
# remove all locale files and symlinks except for the cryptobox's
|
||||||
|
(find /usr/share/locale -type f; find /usr/share/locale -type l) | grep -v "cryptobox-server" | while read fname
|
||||||
|
do rm "$fname"
|
||||||
|
done
|
||||||
|
# remove all empty locale directories
|
||||||
|
find /usr/share/locale -type d | while read dname
|
||||||
|
do test -d "$dname" && rmdir --ignore-fail-on-non-empty --parents "$dname"
|
||||||
|
done
|
||||||
|
|
||||||
|
# change some dir permissions
|
||||||
|
chmod 660 /var/cache/cryptobox-server/settings/
|
||||||
|
|
||||||
|
return 0
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
################ main ####################
|
||||||
|
# Allow this script to be run either manually by the
|
||||||
|
# developer using live-helper's "interactive chroot"
|
||||||
|
# mode or automatically by "lh_build".
|
||||||
|
ACTION="$CNAS_HARDNESS"
|
||||||
|
[ $# -gt 0 ] && ACTION=$1
|
||||||
|
|
||||||
|
case "$ACTION" in
|
||||||
|
normal|devel)
|
||||||
|
configure_normal
|
||||||
|
;;
|
||||||
|
secure|hard)
|
||||||
|
configure_normal
|
||||||
|
configure_secure
|
||||||
|
;;
|
||||||
|
* )
|
||||||
|
echo "`basename $0`:warning: CryptoNAS security level\
|
||||||
|
not specified; defaulting to \"secure\""
|
||||||
|
configure_normal
|
||||||
|
configure_secure
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
#FIXME: Not ideal to unconditionally return "SUCCESS"
|
||||||
|
exit 0
|
32
config/chroot_local-includes/etc/init.d/cnas-groups
Executable file
32
config/chroot_local-includes/etc/init.d/cnas-groups
Executable file
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/sh
|
||||||
|
# /etc/init.d/cnas-groups
|
||||||
|
# Add user cryptobox (cryptonas) to required groups for Live CD
|
||||||
|
# $Id: $
|
||||||
|
# Copyright 2005--2008 sense.lab <senselab@systemausfall.org>
|
||||||
|
#
|
||||||
|
# This file is part of CryptoNAS.
|
||||||
|
#
|
||||||
|
# CryptoNAS is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# CryptoNAS is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with CryptoNAS. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# 2008-06-21 James Crofts adapted existing CryptoNAS code
|
||||||
|
# for Debian Live
|
||||||
|
#
|
||||||
|
|
||||||
|
ADD_GROUPS="floppy cdrom tape video plugdev"
|
||||||
|
# add the cryptobox user to some more groups
|
||||||
|
echo "Adding CryptoNAS user to required groups..."
|
||||||
|
for new_group in $ADD_GROUPS
|
||||||
|
do adduser cryptobox "$new_group"
|
||||||
|
done
|
||||||
|
|
1
config/chroot_local-includes/etc/rcS.d/S37cnas-groups
Symbolic link
1
config/chroot_local-includes/etc/rcS.d/S37cnas-groups
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../init.d/cnas-groups
|
|
@ -0,0 +1,90 @@
|
||||||
|
#! /bin/sh
|
||||||
|
#$BUILD_DIR/config/chroot_local-includes/usr/share/
|
||||||
|
# initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
|
||||||
|
#
|
||||||
|
# Fix files in /etc clobbered by casper at boot time
|
||||||
|
#
|
||||||
|
# $Id: $
|
||||||
|
# Copyright 2005--2008 sense.lab <senselab@systemausfall.org>
|
||||||
|
#
|
||||||
|
# This file is part of CryptoNAS.
|
||||||
|
#
|
||||||
|
# CryptoNAS is free software: you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation, either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# CryptoNAS is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License
|
||||||
|
# along with CryptoNAS. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
#
|
||||||
|
# 2008-06-21 Adapted from CryptoNAS (dfsbuild) by James Crofts for
|
||||||
|
# use with initramfs-tools
|
||||||
|
|
||||||
|
|
||||||
|
# Scripts hooked into initramfs or casper must NOT have odd
|
||||||
|
# characters in them due to the way they are parsed.
|
||||||
|
# This includes the hyphen '-'. They break the boot system!
|
||||||
|
|
||||||
|
|
||||||
|
#We don't actually depend on these
|
||||||
|
#"prerequisites", but if they exist (they do) we must
|
||||||
|
#run after them.
|
||||||
|
PREREQ="23networking 25configure_init"
|
||||||
|
DESCRIPTION="Preconfiguring CryptoNAS Live System..."
|
||||||
|
|
||||||
|
#Location of "real" root as seen from initramfs
|
||||||
|
CNAS_ROOT_DIR="/root"
|
||||||
|
|
||||||
|
. /scripts/casper-functions
|
||||||
|
|
||||||
|
prereqs()
|
||||||
|
{
|
||||||
|
echo "$PREREQ"
|
||||||
|
}
|
||||||
|
|
||||||
|
case $1 in
|
||||||
|
# get pre-requisites
|
||||||
|
prereqs)
|
||||||
|
prereqs
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
log_begin_msg "$DESCRIPTION"
|
||||||
|
|
||||||
|
. ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard
|
||||||
|
|
||||||
|
# "/" must be writeable only by root, or else the CryptoNAS-Samba
|
||||||
|
# hook scripts will refuse to run for security reasons.
|
||||||
|
chmod go-w ${CNAS_ROOT_DIR}
|
||||||
|
#chmod 755 ${CNAS_ROOT_DIR}
|
||||||
|
|
||||||
|
sed -i 's/^id:.*$/id:3:initdefault:/' ${CNAS_ROOT_DIR}/etc/inittab
|
||||||
|
# add tmpfs entry for mount parent
|
||||||
|
# remove old line, if fstab exists
|
||||||
|
test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d' ${CNAS_ROOT_DIR}/etc/fstab
|
||||||
|
# add new line
|
||||||
|
echo "tmpfs /var/cache/cryptobox-server/mnt tmpfs defaults 0 0" >> ${CNAS_ROOT_DIR}/etc/fstab
|
||||||
|
|
||||||
|
|
||||||
|
#"hard" and "secure" are synonyms, so test for both of them
|
||||||
|
if [ ${CNAS_HARDNESS} -eq "hard" -o ${CNAS_HARDNESS} -eq "secure" ]
|
||||||
|
then
|
||||||
|
|
||||||
|
#FIXME: Since we're now doing this important step at runtime,
|
||||||
|
# it would be a good idea to call the initramfs-tools
|
||||||
|
# function "panic" if the substitution failed. How
|
||||||
|
# can we check whether it succeeded?
|
||||||
|
# Alternatively, a known-good inittab could be copied
|
||||||
|
# from /usr/lib/cryptobox-cd or someplace similar...
|
||||||
|
|
||||||
|
# disable keyboard login
|
||||||
|
sed -i '/getty/d' /etc/inittab
|
||||||
|
fi
|
||||||
|
|
||||||
|
log_end_msg
|
|
@ -1,21 +1,72 @@
|
||||||
|
#!/bin/sh
|
||||||
#CryptoNAS Live include file
|
#CryptoNAS Live include file
|
||||||
#$BUILD_DIR/config/cnas-active-settings
|
#$BUILD_DIR/config/cnas-active-settings
|
||||||
# -*- bash -*- #configure Emacs for bash mode
|
|
||||||
#This file includes the config files in the correct order.
|
#This file includes the config files in the correct order.
|
||||||
#It can be included by scripts both in the bootstrap and
|
#It can be included by scripts both in the bootstrap and
|
||||||
#chroot environments. Variable assignments in later
|
#chroot environments. Variable assignments in later
|
||||||
#includes override earlier ones.
|
#includes override earlier ones.
|
||||||
|
#This file also contains a hack to write the scoreboard
|
||||||
|
#file.
|
||||||
|
|
||||||
|
# Variable and function names starting with underscore
|
||||||
|
# are NOT intended to be used for user customization of builds.
|
||||||
|
# In addition, the names of variables to be included in the
|
||||||
|
# scoreboard file must begin with "CNAS_".
|
||||||
|
|
||||||
. ./cnas-default-settings
|
#This file is included by:
|
||||||
|
# config/common
|
||||||
|
# config/bootstrap
|
||||||
|
# config/chroot
|
||||||
|
# config/binary
|
||||||
|
# config/source
|
||||||
|
|
||||||
|
CNAS_CONFIG_DIR="config"
|
||||||
|
|
||||||
|
. ${CNAS_CONFIG_DIR}/cnas-default-settings
|
||||||
|
|
||||||
#May be necessary to include this file in the below files instead...
|
|
||||||
#. ./common
|
|
||||||
#. ./bootstrap
|
|
||||||
#. ./chroot
|
|
||||||
#. ./binary
|
|
||||||
#. ./source
|
|
||||||
|
|
||||||
#Include cnas-custom-settings IFF this file exists
|
#Include cnas-custom-settings IFF this file exists
|
||||||
#. ./cnas-custom-settings
|
[ -f ${CNAS_CONFIG_DIR}/cnas-custom-settings ] && . ${CNAS_CONFIG_DIR}/cnas-custom-settings
|
||||||
[ -f ./cnas-custom-settings ] && . ./cnas-custom-settings
|
|
||||||
|
|
||||||
|
#The stage file tracks when the scoreboard update code
|
||||||
|
#needs to run. The path is relative to the build dir.
|
||||||
|
_CNAS_STAGE_DIR=".stage/"
|
||||||
|
_CNAS_STAGE=".stage/chroot_cnas-scoreboard"
|
||||||
|
|
||||||
|
|
||||||
|
#Search in the top level of config for settings files CryptoNAS
|
||||||
|
#depends on. If any of them changed more recently than
|
||||||
|
#the settings scoreboard file, update it.
|
||||||
|
_CNAS_FIND="find config -regextype posix-extended -maxdepth 1 -type f -newer ${_CNAS_STAGE} -true "
|
||||||
|
|
||||||
|
#FIXME: refine regexp, try remembering during a rebuild...?
|
||||||
|
# -regex '[^~]+' "
|
||||||
|
# \( -name 'common -o -name 'bootstrap' -o -name 'chroot' -o -name 'binary' -o -name 'source' -o -name 'cnas-default-settings' -o -name 'cnas-custom-settings' -o -name 'cnas-active-settings' \) "
|
||||||
|
#echo ${_CNAS_FIND}
|
||||||
|
#_CNAS_FOUND=`${_CNAS_FIND}`
|
||||||
|
|
||||||
|
|
||||||
|
_CNAS_SCOREBOARD="config/chroot_local-includes/usr/lib/cryptobox-cd/etc-scoreboard"
|
||||||
|
|
||||||
|
#Only run the scoreboard hack if the ".stage" directory exists
|
||||||
|
if [ -d ${_CNAS_STAGE_DIR} ]
|
||||||
|
then
|
||||||
|
#If the scoreboard file needs updating, update it:
|
||||||
|
|
||||||
|
#If the stage file does not exist or the "find" found something
|
||||||
|
if [ ! -f "${_CNAS_STAGE}" ] || [ -n "`${_CNAS_FIND}`" ]
|
||||||
|
then
|
||||||
|
#Update the scoreboard file from the current shell vars
|
||||||
|
echo "CryptoNAS: updating scoreboard file..."
|
||||||
|
set | grep -e "^CNAS_" > ${_CNAS_SCOREBOARD}
|
||||||
|
|
||||||
|
#If we updated the scoreboard, touch the .stage/...
|
||||||
|
#file we use for time stamping.
|
||||||
|
touch "${_CNAS_STAGE}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
fi # .stage directory exists
|
||||||
|
|
||||||
|
#Unconditionally return success
|
||||||
|
/bin/true
|
||||||
|
|
|
@ -1,15 +1,140 @@
|
||||||
|
#!/bin/sh
|
||||||
#include file for CryptoNAS Live
|
#cnas-default-settings
|
||||||
|
# Default settings file for CryptoNAS Live
|
||||||
|
#
|
||||||
|
# This file is a shell script included by the live-helper
|
||||||
|
# scripts. Settings in "cnas-custom-settings" override
|
||||||
|
# those here if that file exists.
|
||||||
|
# Therefore, if you want to make local customizations to
|
||||||
|
# your build settings, you should do:
|
||||||
|
# "cp cnas-default-settings cnas-custom-settings"
|
||||||
|
# and make changes to "cnas-custom-settings".
|
||||||
|
#
|
||||||
|
# Values in config/bootstrap, config/chroot, config/binary,
|
||||||
|
# etc. will be used if they are not redefined by
|
||||||
|
# cnas-custom-settings or cnas-default-settings.
|
||||||
|
#
|
||||||
|
# I've tried to include in this file the settings that
|
||||||
|
# are most likely to be changed by a developer or custom
|
||||||
|
# builder. If an option isn't here, you should look in
|
||||||
|
# config/bootstrap, config/chroot, config/binary,
|
||||||
|
# config/source, or config/common.
|
||||||
|
# An "effective inclusion" diagram in Open Office format
|
||||||
|
# will eventually be included in the repository for
|
||||||
|
# documentation.
|
||||||
|
|
||||||
|
|
||||||
|
# -----common-----
|
||||||
|
# Internal stuff (FIXME)
|
||||||
|
# The `--force-yes' option should be removed once `apt' is made to
|
||||||
|
# recognize and use all the relevant GPG keys. `--yes' can stay.
|
||||||
|
APT_OPTIONS="--yes --force-yes"
|
||||||
|
|
||||||
|
|
||||||
|
# $LH_ARCHITECTURE: select chroot architecture
|
||||||
|
# (Default: autodetected)
|
||||||
|
# Note: Debian Live is also designed to work on AMD64 and PowerPC
|
||||||
|
LH_ARCHITECTURE="i386"
|
||||||
|
|
||||||
|
|
||||||
|
#-----bootstrap-----
|
||||||
|
# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
|
||||||
|
# (Default: http://ftp.us.debian.org/debian/)
|
||||||
|
LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/"
|
||||||
|
|
||||||
|
# $LH_MIRROR_CHROOT: set mirror to fetch packages from
|
||||||
|
# (Default: http://ftp.us.debian.org/debian/)
|
||||||
|
LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP
|
||||||
|
|
||||||
|
# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
|
||||||
|
# (Default: http://security.debian.org/)
|
||||||
|
LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/"
|
||||||
|
|
||||||
|
#-----chroot-----
|
||||||
|
# $LH_HOOKS: set hook commands
|
||||||
|
# (Default: empty)
|
||||||
|
LH_HOOKS=""
|
||||||
|
|
||||||
|
# $LH_INTERACTIVE: set interactive build
|
||||||
|
# (Default: disabled)
|
||||||
|
LH_INTERACTIVE="disabled"
|
||||||
|
|
||||||
|
# $LH_KEYRING_PACKAGES: set keyring packages
|
||||||
|
# (Default: empty)
|
||||||
|
LH_KEYRING_PACKAGES=""
|
||||||
|
|
||||||
|
# $LH_LANGUAGE: set language to use
|
||||||
|
# (Default: empty)
|
||||||
|
LH_LANGUAGE="en"
|
||||||
|
|
||||||
|
# $LH_LINUX_FLAVOURS: set kernel flavour to use
|
||||||
|
# (Default: autodetected)
|
||||||
|
# CryptoNAS will be VERY slow on anything less than a Pentium,
|
||||||
|
# but you can add other flavors here if you want to.
|
||||||
|
#LH_LINUX_FLAVOURS="486 686"
|
||||||
|
#LH_LINUX_FLAVOURS="686"
|
||||||
|
|
||||||
|
|
||||||
|
# $LH_LINUX_PACKAGES: set kernel packages to use
|
||||||
|
# (Default: autodetected)
|
||||||
|
LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
|
||||||
|
#LH_LINUX_PACKAGES=""
|
||||||
|
|
||||||
|
# $LH_PACKAGES: set packages to install
|
||||||
|
# (Default: empty)
|
||||||
|
LH_PACKAGES=""
|
||||||
|
|
||||||
|
# $LH_PACKAGES_LISTS: set package list to install
|
||||||
|
# (Default: standard)
|
||||||
|
# FIXME: Use "minimal cryptonas" for CryptoNAS releases
|
||||||
|
LH_PACKAGES_LISTS="standard cryptonas-devel"
|
||||||
|
|
||||||
|
#-----binary-----
|
||||||
|
# $LH_BINARY_IMAGES: set image type
|
||||||
|
# (Default: usb-hdd)
|
||||||
|
# Valid choices are:
|
||||||
|
# "iso" for CD-ROM builds
|
||||||
|
# "usb-hdd" for other block devices
|
||||||
|
# "net" for netboot
|
||||||
|
# "tar" for ???
|
||||||
|
LH_BINARY_IMAGES="usb-hdd"
|
||||||
|
|
||||||
|
# $LH_ENCRYPTION: set encrytion
|
||||||
|
# (Default: disabled)
|
||||||
|
LH_ENCRYPTION="disabled"
|
||||||
|
|
||||||
|
# $LH_HOSTNAME: set hostname
|
||||||
|
# (Default: cryptonas)
|
||||||
|
LH_HOSTNAME="cryptonas"
|
||||||
|
|
||||||
|
|
||||||
|
# $LH_ISO_PREPARER: set iso preparer
|
||||||
|
# (Default: live-helper 1.0~a46; http://packages.qa.debian.org/live-helper)
|
||||||
|
LH_ISO_PREPARER="live-helper 1.0~a46; http://packages.qa.debian.org/live-helper"
|
||||||
|
|
||||||
|
# $LH_ISO_PUBLISHER: set iso publisher
|
||||||
|
# (Default: Debian Live project; http://debian-live.alioth.debian.org/; debian-live-devel@lists.alioth.debian.org)
|
||||||
|
LH_ISO_PUBLISHER="CryptoNAS project; http://cryptonas.org; cryptobox-dev@lists.systemausfall.org"
|
||||||
|
|
||||||
|
# $LH_ISO_VOLUME: set iso volume (max 32 chars)
|
||||||
|
# (Default: Debian Live $(date +%Y%m%d-%H:%M))
|
||||||
|
LH_ISO_VOLUME="CryptoNAS Live $(date +%Y%m%d-%H:%M)"
|
||||||
|
|
||||||
|
#-----source-----
|
||||||
|
# $LH_SOURCE: set source option
|
||||||
|
# This is the easiest way to comply with the GNU GPL if you're
|
||||||
|
# redistributing CryptoNAS on a CD-ROM.
|
||||||
|
# (Default: disabled)
|
||||||
|
LH_SOURCE="disabled"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
#FIXME: move this somewhere else, such as "default settings"
|
|
||||||
#Set this to "devel" or "normal" for development, or
|
|
||||||
#set it to "hard" or "secure" for releases.
|
|
||||||
CNAS_HARDNESS="devel"
|
|
||||||
|
|
||||||
# It is recommended that CryptoNAS-specific variable
|
# It is recommended that CryptoNAS-specific variable
|
||||||
# definitions follow the CNAS_FOO or _CNAS_FOO conventions to
|
# definitions follow the CNAS_FOO or _CNAS_FOO conventions to
|
||||||
# avoid polluting the shared live-helper namespace.
|
# avoid polluting the shared live-helper namespace. Additionally,
|
||||||
|
# only variables starting with "CNAS_" will be available at
|
||||||
|
# runtime via the scoreboard file.
|
||||||
###############################################################
|
###############################################################
|
||||||
|
|
||||||
#CNAS_DELETEFILES="/etc/rcS.d/*discover \
|
#CNAS_DELETEFILES="/etc/rcS.d/*discover \
|
||||||
|
@ -18,3 +143,17 @@ CNAS_HARDNESS="devel"
|
||||||
#/var/log/bootstrap.log"
|
#/var/log/bootstrap.log"
|
||||||
|
|
||||||
#CNAS_MAKEDIRS=""
|
#CNAS_MAKEDIRS=""
|
||||||
|
|
||||||
|
|
||||||
|
# $LH_BINARY_IMAGES: set image type
|
||||||
|
# (Default: usb-hdd)
|
||||||
|
# Valid choices are:
|
||||||
|
# "iso" for CD-ROM builds
|
||||||
|
# "usb-hdd" for other block devices
|
||||||
|
# "net" for netboot
|
||||||
|
# "tar" for ???
|
||||||
|
LH_BINARY_IMAGES="usb-hdd"
|
||||||
|
|
||||||
|
|
||||||
|
CNAS_ROOT_FS="/root"
|
||||||
|
CNAS_HARDNESS="devel"
|
||||||
|
|
|
@ -22,9 +22,7 @@ LH_APT_PIPELINE=""
|
||||||
|
|
||||||
# $LH_APT_RECOMMENDS: set apt/aptitude recommends
|
# $LH_APT_RECOMMENDS: set apt/aptitude recommends
|
||||||
# (Default: enabled)
|
# (Default: enabled)
|
||||||
#LH_APT_RECOMMENDS="enabled"
|
LH_APT_RECOMMENDS="disabled"
|
||||||
#Enabled for CryptoNAS development. FIXME: Disable for releases
|
|
||||||
LH_APT_RECOMMENDS="enabled"
|
|
||||||
|
|
||||||
# $LH_APT_SECURE: set apt/aptitude security
|
# $LH_APT_SECURE: set apt/aptitude security
|
||||||
# (Default: enabled)
|
# (Default: enabled)
|
||||||
|
@ -78,7 +76,7 @@ LH_LOSETUP="losetup"
|
||||||
|
|
||||||
# $LH_MODE: set distribution mode
|
# $LH_MODE: set distribution mode
|
||||||
# (Default: debian)
|
# (Default: debian)
|
||||||
# FIXME: what are the other choices?
|
# Valid values are "debian" or "ubuntu"
|
||||||
LH_MODE="debian"
|
LH_MODE="debian"
|
||||||
|
|
||||||
# $LH_ROOT_COMMAND: use sudo or equivalent
|
# $LH_ROOT_COMMAND: use sudo or equivalent
|
||||||
|
@ -123,8 +121,6 @@ LH_QUIET="disabled"
|
||||||
# (Default: disabled)
|
# (Default: disabled)
|
||||||
#LH_VERBOSE="disabled"
|
#LH_VERBOSE="disabled"
|
||||||
|
|
||||||
# Internal stuff (FIXME)
|
# Internal stuff
|
||||||
# The `--force-yes' option should be removed once `apt' is made to
|
APT_OPTIONS="--yes"
|
||||||
# recognize and use all the relevant GPG keys. `--yes' can stay.
|
|
||||||
APT_OPTIONS="--yes --force-yes"
|
|
||||||
APTITUDE_OPTIONS="--assume-yes"
|
APTITUDE_OPTIONS="--assume-yes"
|
||||||
|
|
|
@ -7,3 +7,8 @@ LH_SOURCE="disabled"
|
||||||
# $LH_SOURCE_IMAGES: set image type
|
# $LH_SOURCE_IMAGES: set image type
|
||||||
# (Default: tar)
|
# (Default: tar)
|
||||||
LH_SOURCE_IMAGES="tar"
|
LH_SOURCE_IMAGES="tar"
|
||||||
|
|
||||||
|
|
||||||
|
#Load CryptoNAS and user-customized settings
|
||||||
|
. config/cnas-active-settings
|
||||||
|
|
||||||
|
|
BIN
tools/live-helper_1.0~a46-2.deb.tgz
Normal file
BIN
tools/live-helper_1.0~a46-2.deb.tgz
Normal file
Binary file not shown.
Loading…
Reference in a new issue