Daemons now start up correctly on their own.

Volumes can now be mounted, unmounted, and accessed using CIFS, including encrypted volumes.
Streamlined build customization capability, including addition of "scoreboard" file.
Added live-helper scripts to the repository.
This commit is contained in:
frisco 2008-07-04 05:33:24 +00:00
parent 443dd1f163
commit 13e8c341a1
13 changed files with 584 additions and 40 deletions

View file

@ -1,16 +1,52 @@
This is an EXPERIMENTAL version of CryptoNAS for Debian Live! This is an EXPERIMENTAL version of CryptoNAS for Debian Live!
## To get an NAS "good enough to play with", run the following commands once Read http://devel.cryptobox.org/wiki/DebianLiveBuild before
#you get to the root prompt (use "sudo -s" to get to the root prompt). you do anything else.
#It is recommended that you run "./rm-tmps.sh" after making configuration
#changes using an editor but before starting a new build.
/usr/lib/cryptobox-cd/configure-cryptobox.sh normal It is recommended that you run "./rm-tmps.sh" after making configuration
changes using an editor but before starting a new build.
## optionally call it again with argument "secure" (again, EXPERIMENTAL) For the convenience of other developers, the debian-patched
live-helper scripts being used are located in
the "tools" folder. The version of live-helper distributed
with Ubuntu "Gutsy Gibbon" does NOT work for CryptoNAS.
/sbin/telinit 3 You should add the following line to apt-cacher's source list
/etc/init.d/cryptobox-server restart (for example, /etc/apt/sources.list) and run "aptitude update":
/etc/init.d/samba restart deb http://systemausfall.org/toolforge/debian unstable main
The only files and folders relevant to this version are:
tools/
rm-tmps.sh
config/
README.devel.
I'm keeping the folders from the legacy CryptoNAS build system around
until I'm sure we don't need them. Don't be confused by their continued
presence in the "deb-live" SVN branch.
TODO:
get "shutdown/reboot from web interface" working
get (configuration partition) formatting to work
check against validation scripts
check that "secure" build works
set up a firewall in the "secure" build
/etc/modules (make sure desired modules load at startup)
complete "cryptonas" name change
possibly move /usr/lib/cryptobox-cd to /usr/share/cryptonas-cd
get apt-secure working
enable apache2 DAV
integrate with cryptobox-server 4.0
for release version, try to isolate which parts of debian "standard" packages
are really needed to avoid errors and which are extraneous
Short term goals (next couple of commits):
-----
add explanatory text to etc-scoreboard file
do any more files need copyright notices?
set up reasonable defaults in cnas-default-settings (use gedit with multiple separate windows)
/etc/network/interfaces

View file

@ -146,3 +146,8 @@ LH_SYSLINUX_MENU_MEMTEST_ENTRY="Memory test"
# $LH_USERNAME: set username # $LH_USERNAME: set username
# (Default: user) # (Default: user)
LH_USERNAME="user" LH_USERNAME="user"
#Load CryptoNAS and user-customized settings
. config/cnas-active-settings

View file

@ -32,7 +32,7 @@ LH_DISTRIBUTION="etch"
# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from # $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
# (Default: http://ftp.us.debian.org/debian/) # (Default: http://ftp.us.debian.org/debian/)
LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/" LH_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/"
# $LH_MIRROR_CHROOT: set mirror to fetch packages from # $LH_MIRROR_CHROOT: set mirror to fetch packages from
# (Default: http://ftp.us.debian.org/debian/) # (Default: http://ftp.us.debian.org/debian/)
@ -40,7 +40,7 @@ LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP
# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from # $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
# (Default: http://security.debian.org/) # (Default: http://security.debian.org/)
LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/" LH_MIRROR_CHROOT_SECURITY="http://security.debian.org/"
# $LH_MIRROR_BINARY: set mirror which ends up in the image # $LH_MIRROR_BINARY: set mirror which ends up in the image
# (Default: http://ftp.us.debian.org/debian/) # (Default: http://ftp.us.debian.org/debian/)
@ -53,3 +53,8 @@ LH_MIRROR_BINARY_SECURITY="http://security.debian.org/"
# $LH_SECTIONS: select section(s) to use # $LH_SECTIONS: select section(s) to use
# (Default: main) # (Default: main)
LH_SECTIONS="main" LH_SECTIONS="main"
#Load CryptoNAS and user-customized settings
. config/cnas-active-settings

View file

@ -33,7 +33,6 @@ LH_LANGUAGE="en"
# (Default: autodetected) # (Default: autodetected)
#LH_LINUX_FLAVOURS="486 686" #LH_LINUX_FLAVOURS="486 686"
# $LH_LINUX_PACKAGES: set kernel packages to use # $LH_LINUX_PACKAGES: set kernel packages to use
# (Default: autodetected) # (Default: autodetected)
LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6" LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
@ -45,8 +44,7 @@ LH_PACKAGES=""
# $LH_PACKAGES_LISTS: set package list to install # $LH_PACKAGES_LISTS: set package list to install
# (Default: standard) # (Default: standard)
# FIXME: Use "minimal cryptonas" for CryptoNAS releases LH_PACKAGES_LISTS="standard"
LH_PACKAGES_LISTS="standard cryptonas-devel"
# $LH_TASKS: set tasks to install # $LH_TASKS: set tasks to install
# (Default: empty) # (Default: empty)
@ -64,3 +62,7 @@ LH_SYMLINKS="disabled"
# (Default: disabled) # (Default: disabled)
LH_SYSVINIT="disabled" LH_SYSVINIT="disabled"
#Load CryptoNAS and user-customized settings
. config/cnas-active-settings

View file

@ -0,0 +1,182 @@
#!/bin/sh
#
# Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
#
# License: This script is distributed under the terms of version 2
# of the GNU GPL. See the LICENSE file included with the package.
#
# $Id$
#
# this script is part of the building process of the cryptobox
# the "normal" action is necessary for every cryptobox (development & release)
# the "secure" action is mandatory for every release CD
#
# 2008-06-21 Adapted by James Crofts for use with "live-helper"
#
set -eu
RUNTIMEDIR=/opt/dfsruntime/runtimerd
TUNDEV=$RUNTIMEDIR/dev/net/tun
REMOVE_PACKAGES="strace
nvi nano vim vim-common vim-tiny
unzip zip aptitude tasksel locate
ssh elinks curl wget netkit-inetd telnet
exim4-daemon-light exim4-config exim4-base
ppp pppconfig pppoe pppoeconf iptables
subversion w3m wget lynx less screen
info iptables man-db manpages
openssh-server openssh-client"
# remove rc symlinks for these services
SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate"
#We run in a chroot environment, so source files accordingly.
. /usr/lib/cryptobox-cd/etc-scoreboard
function configure_normal()
# the usual stuff - not optimized for security
{
##### cryptobox settings ######
# start during bootup
sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/cryptobox-server
# listen to port 80 by default
sed -i 's/^PORT=.*$/PORT=80/' /etc/default/cryptobox-server
# use a separate configuration partition
sed -i 's/^UseConfigPartition.*$/UseConfigPartition = 1/' /etc/cryptobox-server/cryptobox.conf
# all plugins are enabled (especially: "encrypted_webinterface")
sed -i 's#^DisabledPlugins.*$#DisabledPlugins = #' /etc/cryptobox-server/cryptobox.conf
# change the selection of devices, that can be used as the crypto harddisk
sed -i 's#^AllowedDevices.*$#AllowedDevices = /dev/#' /etc/cryptobox-server/cryptobox.conf
############ samba ############
# enable samba startup (disabled before via cbox-build.sh)
echo 'RUN_MODE="daemons"' >/etc/default/samba
# install the samba hook script
cp /usr/share/doc/cryptobox-server/event-scripts/samba /etc/cryptobox-server/events.d/samba
chmod +x /etc/cryptobox-server/events.d/samba
chown root:root /etc
############ webdav ############
#TODO: FIXME: add apache2 packages; configure port; add webdav link in web frontend
# sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
# cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
# chmod +x /etc/cryptobox-server/events.d/apache2_dav
########### boot up ###########
# turn off creation of "/etc/nologin" (read-only fs)
sed -i '/^DELAYLOGIN=/s/^DELAYLOGIN=.*$/DELAYLOGIN=no/' /etc/default/rcS
# turn off modifying /etc/motd (read-only fs)
sed -i '/^EDITMOTD=/s/^EDITMOTD=.*$/EDITMOTD=no/' /etc/default/rcS
######### shutdown #########
# Remove the prompt to eject CD
rm -r /etc/rc0.d/*casper
rm -r /etc/rc6.d/*casper
######### devices ##########
# create tun device for running under qemu
if [ ! -e "$TUNDEV" ]
then mkdir -p `dirname "$TUNDEV"`
mknod "$TUNDEV" c 10 200
fi
########## sshd ############
if [ -e "/etc/ssh" ]; then
# allow empty passwords for ssh
# the daemon is NOT started automatically, so you have to start it
# manually in case of need - as the root pw is empty and passwd is ro, you
# have to allow empty passwords for this rare case
sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
# turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour)
sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config
# allow input of password
sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config
fi
# remove symlinks for unwanted services
for a in $SERVICES_OFF; do
# echo "Turning off service $a ..."
find /etc/rc?.d/ -type l -name "[SK][0-9][0-9]$a" | while read b
do rm "$b"
done
done
return 0
}
function configure_secure()
# remove everything that could weaken security
# configure_normal should be called too!
{
# disable keyboard login
sed -i '/getty/d' /etc/inittab
# remove unnecessary packages
dpkg --force-all -P $REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed." || true
# maybe an authorized_keys file was created - but it is not dangerous,
# as the openssh package was removed anyway
[ -d /root/.ssh ] && rm -rf /root/.ssh
# disable root account
passwd -l root
############## clean up ################
# remove deb-files, that were left by dfsbuild
# remove packages and package lists
# remove locale files
# remove doc files
# remove man pages
# some vim files stay behind?
rm -rf /opt/packages /var/cache/bootstrap /var/cache/apt/ /var/cache/locate
rm -rf /usr/share/man /usr/share/vim /var/lib/apt /var/cache/debconf /var/cache/man
# remove docs except for the cryptobox's
ls /usr/share/doc | while read dname
do test "$dname" == "cryptobox-server" || rm -rf "/usr/share/doc/$dname"
done
# remove all locale files and symlinks except for the cryptobox's
(find /usr/share/locale -type f; find /usr/share/locale -type l) | grep -v "cryptobox-server" | while read fname
do rm "$fname"
done
# remove all empty locale directories
find /usr/share/locale -type d | while read dname
do test -d "$dname" && rmdir --ignore-fail-on-non-empty --parents "$dname"
done
# change some dir permissions
chmod 660 /var/cache/cryptobox-server/settings/
return 0
}
################ main ####################
# Allow this script to be run either manually by the
# developer using live-helper's "interactive chroot"
# mode or automatically by "lh_build".
ACTION="$CNAS_HARDNESS"
[ $# -gt 0 ] && ACTION=$1
case "$ACTION" in
normal|devel)
configure_normal
;;
secure|hard)
configure_normal
configure_secure
;;
* )
echo "`basename $0`:warning: CryptoNAS security level\
not specified; defaulting to \"secure\""
configure_normal
configure_secure
;;
esac
#FIXME: Not ideal to unconditionally return "SUCCESS"
exit 0

View file

@ -0,0 +1,32 @@
#!/bin/sh
# /etc/init.d/cnas-groups
# Add user cryptobox (cryptonas) to required groups for Live CD
# $Id: $
# Copyright 2005--2008 sense.lab <senselab@systemausfall.org>
#
# This file is part of CryptoNAS.
#
# CryptoNAS is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# CryptoNAS is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CryptoNAS. If not, see <http://www.gnu.org/licenses/>.
#
# 2008-06-21 James Crofts adapted existing CryptoNAS code
# for Debian Live
#
ADD_GROUPS="floppy cdrom tape video plugdev"
# add the cryptobox user to some more groups
echo "Adding CryptoNAS user to required groups..."
for new_group in $ADD_GROUPS
do adduser cryptobox "$new_group"
done

View file

@ -0,0 +1 @@
../init.d/cnas-groups

View file

@ -0,0 +1,90 @@
#! /bin/sh
#$BUILD_DIR/config/chroot_local-includes/usr/share/
# initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
#
# Fix files in /etc clobbered by casper at boot time
#
# $Id: $
# Copyright 2005--2008 sense.lab <senselab@systemausfall.org>
#
# This file is part of CryptoNAS.
#
# CryptoNAS is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# CryptoNAS is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CryptoNAS. If not, see <http://www.gnu.org/licenses/>.
#
# 2008-06-21 Adapted from CryptoNAS (dfsbuild) by James Crofts for
# use with initramfs-tools
# Scripts hooked into initramfs or casper must NOT have odd
# characters in them due to the way they are parsed.
# This includes the hyphen '-'. They break the boot system!
#We don't actually depend on these
#"prerequisites", but if they exist (they do) we must
#run after them.
PREREQ="23networking 25configure_init"
DESCRIPTION="Preconfiguring CryptoNAS Live System..."
#Location of "real" root as seen from initramfs
CNAS_ROOT_DIR="/root"
. /scripts/casper-functions
prereqs()
{
echo "$PREREQ"
}
case $1 in
# get pre-requisites
prereqs)
prereqs
exit 0
;;
esac
log_begin_msg "$DESCRIPTION"
. ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard
# "/" must be writeable only by root, or else the CryptoNAS-Samba
# hook scripts will refuse to run for security reasons.
chmod go-w ${CNAS_ROOT_DIR}
#chmod 755 ${CNAS_ROOT_DIR}
sed -i 's/^id:.*$/id:3:initdefault:/' ${CNAS_ROOT_DIR}/etc/inittab
# add tmpfs entry for mount parent
# remove old line, if fstab exists
test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d' ${CNAS_ROOT_DIR}/etc/fstab
# add new line
echo "tmpfs /var/cache/cryptobox-server/mnt tmpfs defaults 0 0" >> ${CNAS_ROOT_DIR}/etc/fstab
#"hard" and "secure" are synonyms, so test for both of them
if [ ${CNAS_HARDNESS} -eq "hard" -o ${CNAS_HARDNESS} -eq "secure" ]
then
#FIXME: Since we're now doing this important step at runtime,
# it would be a good idea to call the initramfs-tools
# function "panic" if the substitution failed. How
# can we check whether it succeeded?
# Alternatively, a known-good inittab could be copied
# from /usr/lib/cryptobox-cd or someplace similar...
# disable keyboard login
sed -i '/getty/d' /etc/inittab
fi
log_end_msg

View file

@ -1,21 +1,72 @@
#!/bin/sh
#CryptoNAS Live include file #CryptoNAS Live include file
#$BUILD_DIR/config/cnas-active-settings #$BUILD_DIR/config/cnas-active-settings
# -*- bash -*- #configure Emacs for bash mode
#This file includes the config files in the correct order. #This file includes the config files in the correct order.
#It can be included by scripts both in the bootstrap and #It can be included by scripts both in the bootstrap and
#chroot environments. Variable assignments in later #chroot environments. Variable assignments in later
#includes override earlier ones. #includes override earlier ones.
#This file also contains a hack to write the scoreboard
#file.
# Variable and function names starting with underscore
# are NOT intended to be used for user customization of builds.
# In addition, the names of variables to be included in the
# scoreboard file must begin with "CNAS_".
. ./cnas-default-settings #This file is included by:
# config/common
# config/bootstrap
# config/chroot
# config/binary
# config/source
CNAS_CONFIG_DIR="config"
. ${CNAS_CONFIG_DIR}/cnas-default-settings
#May be necessary to include this file in the below files instead...
#. ./common
#. ./bootstrap
#. ./chroot
#. ./binary
#. ./source
#Include cnas-custom-settings IFF this file exists #Include cnas-custom-settings IFF this file exists
#. ./cnas-custom-settings [ -f ${CNAS_CONFIG_DIR}/cnas-custom-settings ] && . ${CNAS_CONFIG_DIR}/cnas-custom-settings
[ -f ./cnas-custom-settings ] && . ./cnas-custom-settings
#The stage file tracks when the scoreboard update code
#needs to run. The path is relative to the build dir.
_CNAS_STAGE_DIR=".stage/"
_CNAS_STAGE=".stage/chroot_cnas-scoreboard"
#Search in the top level of config for settings files CryptoNAS
#depends on. If any of them changed more recently than
#the settings scoreboard file, update it.
_CNAS_FIND="find config -regextype posix-extended -maxdepth 1 -type f -newer ${_CNAS_STAGE} -true "
#FIXME: refine regexp, try remembering during a rebuild...?
# -regex '[^~]+' "
# \( -name 'common -o -name 'bootstrap' -o -name 'chroot' -o -name 'binary' -o -name 'source' -o -name 'cnas-default-settings' -o -name 'cnas-custom-settings' -o -name 'cnas-active-settings' \) "
#echo ${_CNAS_FIND}
#_CNAS_FOUND=`${_CNAS_FIND}`
_CNAS_SCOREBOARD="config/chroot_local-includes/usr/lib/cryptobox-cd/etc-scoreboard"
#Only run the scoreboard hack if the ".stage" directory exists
if [ -d ${_CNAS_STAGE_DIR} ]
then
#If the scoreboard file needs updating, update it:
#If the stage file does not exist or the "find" found something
if [ ! -f "${_CNAS_STAGE}" ] || [ -n "`${_CNAS_FIND}`" ]
then
#Update the scoreboard file from the current shell vars
echo "CryptoNAS: updating scoreboard file..."
set | grep -e "^CNAS_" > ${_CNAS_SCOREBOARD}
#If we updated the scoreboard, touch the .stage/...
#file we use for time stamping.
touch "${_CNAS_STAGE}"
fi
fi # .stage directory exists
#Unconditionally return success
/bin/true

View file

@ -1,15 +1,140 @@
#!/bin/sh
#include file for CryptoNAS Live #cnas-default-settings
# Default settings file for CryptoNAS Live
#
# This file is a shell script included by the live-helper
# scripts. Settings in "cnas-custom-settings" override
# those here if that file exists.
# Therefore, if you want to make local customizations to
# your build settings, you should do:
# "cp cnas-default-settings cnas-custom-settings"
# and make changes to "cnas-custom-settings".
#
# Values in config/bootstrap, config/chroot, config/binary,
# etc. will be used if they are not redefined by
# cnas-custom-settings or cnas-default-settings.
#
# I've tried to include in this file the settings that
# are most likely to be changed by a developer or custom
# builder. If an option isn't here, you should look in
# config/bootstrap, config/chroot, config/binary,
# config/source, or config/common.
# An "effective inclusion" diagram in Open Office format
# will eventually be included in the repository for
# documentation.
# -----common-----
# Internal stuff (FIXME)
# The `--force-yes' option should be removed once `apt' is made to
# recognize and use all the relevant GPG keys. `--yes' can stay.
APT_OPTIONS="--yes --force-yes"
# $LH_ARCHITECTURE: select chroot architecture
# (Default: autodetected)
# Note: Debian Live is also designed to work on AMD64 and PowerPC
LH_ARCHITECTURE="i386"
#-----bootstrap-----
# $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
# (Default: http://ftp.us.debian.org/debian/)
LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/"
# $LH_MIRROR_CHROOT: set mirror to fetch packages from
# (Default: http://ftp.us.debian.org/debian/)
LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP
# $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
# (Default: http://security.debian.org/)
LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/"
#-----chroot-----
# $LH_HOOKS: set hook commands
# (Default: empty)
LH_HOOKS=""
# $LH_INTERACTIVE: set interactive build
# (Default: disabled)
LH_INTERACTIVE="disabled"
# $LH_KEYRING_PACKAGES: set keyring packages
# (Default: empty)
LH_KEYRING_PACKAGES=""
# $LH_LANGUAGE: set language to use
# (Default: empty)
LH_LANGUAGE="en"
# $LH_LINUX_FLAVOURS: set kernel flavour to use
# (Default: autodetected)
# CryptoNAS will be VERY slow on anything less than a Pentium,
# but you can add other flavors here if you want to.
#LH_LINUX_FLAVOURS="486 686"
#LH_LINUX_FLAVOURS="686"
# $LH_LINUX_PACKAGES: set kernel packages to use
# (Default: autodetected)
LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
#LH_LINUX_PACKAGES=""
# $LH_PACKAGES: set packages to install
# (Default: empty)
LH_PACKAGES=""
# $LH_PACKAGES_LISTS: set package list to install
# (Default: standard)
# FIXME: Use "minimal cryptonas" for CryptoNAS releases
LH_PACKAGES_LISTS="standard cryptonas-devel"
#-----binary-----
# $LH_BINARY_IMAGES: set image type
# (Default: usb-hdd)
# Valid choices are:
# "iso" for CD-ROM builds
# "usb-hdd" for other block devices
# "net" for netboot
# "tar" for ???
LH_BINARY_IMAGES="usb-hdd"
# $LH_ENCRYPTION: set encrytion
# (Default: disabled)
LH_ENCRYPTION="disabled"
# $LH_HOSTNAME: set hostname
# (Default: cryptonas)
LH_HOSTNAME="cryptonas"
# $LH_ISO_PREPARER: set iso preparer
# (Default: live-helper 1.0~a46; http://packages.qa.debian.org/live-helper)
LH_ISO_PREPARER="live-helper 1.0~a46; http://packages.qa.debian.org/live-helper"
# $LH_ISO_PUBLISHER: set iso publisher
# (Default: Debian Live project; http://debian-live.alioth.debian.org/; debian-live-devel@lists.alioth.debian.org)
LH_ISO_PUBLISHER="CryptoNAS project; http://cryptonas.org; cryptobox-dev@lists.systemausfall.org"
# $LH_ISO_VOLUME: set iso volume (max 32 chars)
# (Default: Debian Live $(date +%Y%m%d-%H:%M))
LH_ISO_VOLUME="CryptoNAS Live $(date +%Y%m%d-%H:%M)"
#-----source-----
# $LH_SOURCE: set source option
# This is the easiest way to comply with the GNU GPL if you're
# redistributing CryptoNAS on a CD-ROM.
# (Default: disabled)
LH_SOURCE="disabled"
#FIXME: move this somewhere else, such as "default settings"
#Set this to "devel" or "normal" for development, or
#set it to "hard" or "secure" for releases.
CNAS_HARDNESS="devel"
# It is recommended that CryptoNAS-specific variable # It is recommended that CryptoNAS-specific variable
# definitions follow the CNAS_FOO or _CNAS_FOO conventions to # definitions follow the CNAS_FOO or _CNAS_FOO conventions to
# avoid polluting the shared live-helper namespace. # avoid polluting the shared live-helper namespace. Additionally,
# only variables starting with "CNAS_" will be available at
# runtime via the scoreboard file.
############################################################### ###############################################################
#CNAS_DELETEFILES="/etc/rcS.d/*discover \ #CNAS_DELETEFILES="/etc/rcS.d/*discover \
@ -18,3 +143,17 @@ CNAS_HARDNESS="devel"
#/var/log/bootstrap.log" #/var/log/bootstrap.log"
#CNAS_MAKEDIRS="" #CNAS_MAKEDIRS=""
# $LH_BINARY_IMAGES: set image type
# (Default: usb-hdd)
# Valid choices are:
# "iso" for CD-ROM builds
# "usb-hdd" for other block devices
# "net" for netboot
# "tar" for ???
LH_BINARY_IMAGES="usb-hdd"
CNAS_ROOT_FS="/root"
CNAS_HARDNESS="devel"

View file

@ -22,9 +22,7 @@ LH_APT_PIPELINE=""
# $LH_APT_RECOMMENDS: set apt/aptitude recommends # $LH_APT_RECOMMENDS: set apt/aptitude recommends
# (Default: enabled) # (Default: enabled)
#LH_APT_RECOMMENDS="enabled" LH_APT_RECOMMENDS="disabled"
#Enabled for CryptoNAS development. FIXME: Disable for releases
LH_APT_RECOMMENDS="enabled"
# $LH_APT_SECURE: set apt/aptitude security # $LH_APT_SECURE: set apt/aptitude security
# (Default: enabled) # (Default: enabled)
@ -78,7 +76,7 @@ LH_LOSETUP="losetup"
# $LH_MODE: set distribution mode # $LH_MODE: set distribution mode
# (Default: debian) # (Default: debian)
# FIXME: what are the other choices? # Valid values are "debian" or "ubuntu"
LH_MODE="debian" LH_MODE="debian"
# $LH_ROOT_COMMAND: use sudo or equivalent # $LH_ROOT_COMMAND: use sudo or equivalent
@ -123,8 +121,6 @@ LH_QUIET="disabled"
# (Default: disabled) # (Default: disabled)
#LH_VERBOSE="disabled" #LH_VERBOSE="disabled"
# Internal stuff (FIXME) # Internal stuff
# The `--force-yes' option should be removed once `apt' is made to APT_OPTIONS="--yes"
# recognize and use all the relevant GPG keys. `--yes' can stay.
APT_OPTIONS="--yes --force-yes"
APTITUDE_OPTIONS="--assume-yes" APTITUDE_OPTIONS="--assume-yes"

View file

@ -7,3 +7,8 @@ LH_SOURCE="disabled"
# $LH_SOURCE_IMAGES: set image type # $LH_SOURCE_IMAGES: set image type
# (Default: tar) # (Default: tar)
LH_SOURCE_IMAGES="tar" LH_SOURCE_IMAGES="tar"
#Load CryptoNAS and user-customized settings
. config/cnas-active-settings

Binary file not shown.