From 652c10720d8f028c7cdbd3528e74f151f0cd9606 Mon Sep 17 00:00:00 2001 From: frisco <> Date: Tue, 10 Jun 2008 02:36:38 +0000 Subject: [PATCH] Changes required to build CryptoNAS with Debian Live on my system, Debian 4.0r3. This should be "good enough to play with", but see "80-cn-run-config-script.sh". *The build works *The image should boot OK *Haven't begun work on the validation scripts or hardening *The image currently uses a DHCP-assigned address *If you have a good idea of the best way to add separation of local/default settings the way we were doing with etc-defaults.d, etc-local.d, and so on, send me an email so we can discuss it. --- Makefile | 33 +++++++++++++++ config/binary | 24 ++++++----- config/bootstrap | 14 ++++--- config/chroot | 35 ++++++++++++++-- .../init-bottom/80-cn-run-config-script.sh | 32 ++++++++++++++ .../lib/cryptobox-cd/configure-cryptobox.sh | 8 ++-- config/chroot_local-packageslists/cryptonas | 42 +++++++++++++++++++ .../cryptonas-devel | 14 +++++++ .../chroot_sources/systemausfall-org.chroot | 8 ++++ config/common | 17 +++++--- 10 files changed, 198 insertions(+), 29 deletions(-) create mode 100644 Makefile create mode 100755 config/chroot_local-includes/etc/initramfs-tools/scripts/init-bottom/80-cn-run-config-script.sh create mode 100644 config/chroot_local-packageslists/cryptonas create mode 100644 config/chroot_local-packageslists/cryptonas-devel create mode 100644 config/chroot_sources/systemausfall-org.chroot diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e2c545f --- /dev/null +++ b/Makefile @@ -0,0 +1,33 @@ + + + +# make-mode emacs thingamajig -*- makefile -*- + + +#manually configured directories +config_dirs := config binary_local-hooks chroot_local-hooks \ +chroot_local-includes chroot_local-packageslists \ +binary_syslinux + +emacs_files := $(wildcard *~ config/*~ config/*/*~ config/*/*/*~) + +#This is just a helper file, since emacs "foo~" files can sometimes break a +#build (files ending in ~ are considered valid shell scripts). +#If you want to build the disk image, use "lh_build" as documented at +# http://devel.cryptobox.org/wiki/DebianLiveBuild + +#Using a makefile for this is a bit of a drawback, since live-helper +#doesn't really require `make'. + + +# this makefile could eventually call the live-helper build system + +clean-config : + -rm -f $(emacs_files) +# -rm -f $(addsuffix /*~, $(config_dirs)) + +clean-all : + lh_clean --purge + +.PHONY : clean-all clean-config + diff --git a/config/binary b/config/binary index b343308..1de46e3 100644 --- a/config/binary +++ b/config/binary @@ -5,23 +5,24 @@ LH_BINARY_FILESYSTEM="fat16" # $LH_BINARY_IMAGES: set image type -# (Default: iso) -LH_BINARY_IMAGES="iso" +# (Default: usb-hdd) +# Set to "iso" for CD-ROM builds or "usb-hdd" for other block devices +LH_BINARY_IMAGES="usb-hdd" # $LH_BINARY_INDICES: set apt/aptitude generic indices # (Default: enabled) -LH_BINARY_INDICES="enabled" +LH_BINARY_INDICES="disabled" # $LH_BOOTAPPEND_LIVE: set boot parameters # (Default: empty) -LH_BOOTAPPEND_LIVE="" +LH_BOOTAPPEND_LIVE="autologin=false" # $LH_BOOTAPPEND_INSTALL: set boot parameters # (Default: empty) -LH_BOOTAPPEND_INSTALL="-- }" +LH_BOOTAPPEND_INSTALL="-- ${LH_BOOTAPPEND_LIVE}" # $LH_BOOTLOADER: set bootloader -# (Default: syslinux) +# (Default: grub) LH_BOOTLOADER="syslinux" # $LH_CHECKSUMS: set checksums @@ -50,8 +51,8 @@ LH_ENCRYPTION="disabled" LH_GRUB_SPLASH="" # $LH_HOSTNAME: set hostname -# (Default: debian) -LH_HOSTNAME="debian" +# (Default: cryptonas) +LH_HOSTNAME="cryptonas" # $LH_ISO_APPLICATION: set iso author # (Default: Debian Live) @@ -66,8 +67,8 @@ LH_ISO_PREPARER="live-helper 1.0~a46; http://packages.qa.debian.org/live-helper" LH_ISO_PUBLISHER="Debian Live project; http://debian-live.alioth.debian.org/; debian-live-devel@lists.alioth.debian.org" # $LH_ISO_VOLUME: set iso volume (max 32 chars) -# (Default: Debian Live 20080608-17:04) -LH_ISO_VOLUME="Debian Live 20080608-17:04" +# (Default: Debian Live $(date +%Y%m%d-%H:%M)) +LH_ISO_VOLUME="Debian Live $(date +%Y%m%d-%H:%M)" # $LH_JFFS2_ERASEBLOCK: set jffs2 eraseblock size # (Default: unset) @@ -119,7 +120,8 @@ LH_SYSLINUX_SPLASH="" # $LH_SYSLINUX_TIMEOUT: set custom syslinux timeout in seconds # (Default: 0) -LH_SYSLINUX_TIMEOUT="0" +# "0" does NOT appear to boot immediately +LH_SYSLINUX_TIMEOUT="3" # $LH_SYSLINUX_CFG: set custom syslinux configuration file # (Default: empty) diff --git a/config/bootstrap b/config/bootstrap index 6e2f0bc..8b639e9 100644 --- a/config/bootstrap +++ b/config/bootstrap @@ -2,6 +2,7 @@ # $LH_ARCHITECTURE: select chroot architecture # (Default: autodetected) +# Note: Debian Live is also designed to work on AMD64 and PowerPC LH_ARCHITECTURE="i386" # $LH_BOOTSTRAP_CONFIG: set distribution config directory @@ -17,8 +18,9 @@ LH_BOOTSTRAP_INCLUDE="" LH_BOOTSTRAP_EXCLUDE="" # $LH_BOOTSTRAP_FLAVOUR: select flavour to use -# (Default: ) -LH_BOOTSTRAP_FLAVOUR="" +# (Default: standard) +# FIXME: Set to "minimal" for CryptoNAS releases +LH_BOOTSTRAP_FLAVOUR="standard" # $LH_BOOTSTRAP_KEYRING: set distribution keyring # (Default: empty) @@ -26,19 +28,19 @@ LH_BOOTSTRAP_KEYRING="" # $LH_DISTRIBUTION: select distribution to use # (Default: lenny) -LH_DISTRIBUTION="lenny" +LH_DISTRIBUTION="etch" # $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from # (Default: http://ftp.us.debian.org/debian/) -LH_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/" +LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/" # $LH_MIRROR_CHROOT: set mirror to fetch packages from # (Default: http://ftp.us.debian.org/debian/) -LH_MIRROR_CHROOT="http://ftp.us.debian.org/debian/" +LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP # $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from # (Default: http://security.debian.org/) -LH_MIRROR_CHROOT_SECURITY="http://security.debian.org/" +LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/" # $LH_MIRROR_BINARY: set mirror which ends up in the image # (Default: http://ftp.us.debian.org/debian/) diff --git a/config/chroot b/config/chroot index 5355466..d1f59fe 100644 --- a/config/chroot +++ b/config/chroot @@ -6,7 +6,8 @@ LH_CHROOT_FILESYSTEM="squashfs" # $LH_UNION_FILESYSTEM: set union filesystem # (Default: aufs) -LH_UNION_FILESYSTEM="aufs" +# Default aufs not available in Etch +LH_UNION_FILESYSTEM="unionfs" # $LH_EXPOSED_ROOT: expose root as read only # (Default: disabled) @@ -30,11 +31,13 @@ LH_LANGUAGE="en" # $LH_LINUX_FLAVOURS: set kernel flavour to use # (Default: autodetected) -LH_LINUX_FLAVOURS="486 686" +#LH_LINUX_FLAVOURS="486 686" + # $LH_LINUX_PACKAGES: set kernel packages to use # (Default: autodetected) -LH_LINUX_PACKAGES="linux-image-2.6 aufs-modules-2.6 squashfs-modules-2.6" +LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6" +#LH_LINUX_PACKAGES="" # $LH_PACKAGES: set packages to install # (Default: empty) @@ -42,7 +45,8 @@ LH_PACKAGES="" # $LH_PACKAGES_LISTS: set package list to install # (Default: standard) -LH_PACKAGES_LISTS="standard" +# FIXME: Use "minimal cryptonas" for CryptoNAS releases +LH_PACKAGES_LISTS="standard cryptonas-devel" # $LH_TASKS: set tasks to install # (Default: empty) @@ -59,3 +63,26 @@ LH_SYMLINKS="disabled" # $LH_SYSVINIT: enable sysvinit # (Default: disabled) LH_SYSVINIT="disabled" + + +#FIXME: Note: Everything below represents brainstorming on the part of developer +#"frisco" and is not official. +############################################################### +# This is the CryptoNAS-specific part of the file. Default +# values are defined below. Since this config file is included +# as part of various shell scripts, any definitions present +# in the files we include below will override those defined +# in the present file. +# +# It is recommended that CryptoNAS-specific variable +# definitions follow the CN_FOO or _CN_FOO conventions to +# avoid polluting the shared live-helper namespace. +############################################################### + +#CN_DELETEFILES="/etc/rcS.d/*discover \ +#/etc/rcS.d/*lvm \ +#/var/log/dpkg.log \ +#/var/log/bootstrap.log" + +#CN_MAKEDIRS="" + diff --git a/config/chroot_local-includes/etc/initramfs-tools/scripts/init-bottom/80-cn-run-config-script.sh b/config/chroot_local-includes/etc/initramfs-tools/scripts/init-bottom/80-cn-run-config-script.sh new file mode 100755 index 0000000..f2ff47a --- /dev/null +++ b/config/chroot_local-includes/etc/initramfs-tools/scripts/init-bottom/80-cn-run-config-script.sh @@ -0,0 +1,32 @@ +#!/bin/sh + +##run /usr/lib/cryptobox-cd/configure-cryptobox.sh + + +##The contents of this script are commented out because this part +##isn't yet working. Running the script AFTER startup is complete +## seems to result in a working CryptoNAS, but I haven't yet +## made the changes necessary to get "configure-cryptobox.sh" +## to run in the initramfs context. +## +## To get an NAS "good enough to play with", uncomment everything with +## a single '#' after this point and run it once you get to the root +## prompt (use "sudo -s" to get to the root prompt). +## +echo "Boot-time configuration not implemented; run" +echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh as root" +#echo "Configuring the CryptoNAS live system..." +##if we're doing a release version, call it with "normal, then secure" +##disable for now to isolate smbd/nmbd other problems + +#/usr/lib/cryptobox-cd/configure-cryptobox.sh normal + + +## call it again with argument "secure" if we're building a release + + +#/sbin/telinit 3 + + +#/etc/init.d/cryptobox-server restart +#/etc/init.d/samba restart diff --git a/config/chroot_local-includes/usr/lib/cryptobox-cd/configure-cryptobox.sh b/config/chroot_local-includes/usr/lib/cryptobox-cd/configure-cryptobox.sh index a08233f..bc8c42c 100755 --- a/config/chroot_local-includes/usr/lib/cryptobox-cd/configure-cryptobox.sh +++ b/config/chroot_local-includes/usr/lib/cryptobox-cd/configure-cryptobox.sh @@ -63,9 +63,11 @@ function configure_normal() ############ webdav ############ #TODO: add apache2 packages; configure port; add webdav link in web frontend - sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2 - cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav - chmod +x /etc/cryptobox-server/events.d/apache2_dav + +#This breaks the build until apache2 is integrated into the package list +# sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2 +# cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav +# chmod +x /etc/cryptobox-server/events.d/apache2_dav ########### boot up ########### # turn off creation of "/etc/nologin" (read-only fs) diff --git a/config/chroot_local-packageslists/cryptonas b/config/chroot_local-packageslists/cryptonas new file mode 100644 index 0000000..575666e --- /dev/null +++ b/config/chroot_local-packageslists/cryptonas @@ -0,0 +1,42 @@ +## LH: cryptonas + +util-linux +grub +parted +dmsetup +perl +tar +bash +coreutils +module-init-tools +ifupdown +busybox +usbutils +pciutils +discover +hdparm +binutils +debconf +sysutils +stunnel4 +samba +#Apache was breaking the build before work started on the Debian Live changeover. FIXME: re-integrate +#apache2 +hashalot +python-clearsilver +python-cherrypy +python-configobj +python-central +super +dosfstools +cryptsetup +python-m2crypto +## support for file systems +e2tools +e2fsprogs +xfsprogs +hfsutils +jfsutils +cryptobox-server +## ntfs-3g is not in etch + diff --git a/config/chroot_local-packageslists/cryptonas-devel b/config/chroot_local-packageslists/cryptonas-devel new file mode 100644 index 0000000..902fd82 --- /dev/null +++ b/config/chroot_local-packageslists/cryptonas-devel @@ -0,0 +1,14 @@ +## LH: cryptonas-devel + +#include +subversion +strace +ssh +vim +nano +less +lynx +sysklogd +w3m +screen +elinks diff --git a/config/chroot_sources/systemausfall-org.chroot b/config/chroot_sources/systemausfall-org.chroot new file mode 100644 index 0000000..afe54f9 --- /dev/null +++ b/config/chroot_sources/systemausfall-org.chroot @@ -0,0 +1,8 @@ + +#Although `live-helper' claims to be able to install packages +#located in `config/chroot_local-packages', this doesn't appear +#to be working yet. As a workaround, download the cryptobox-server +#package from a repository or `apt-cacher' installation: + +deb http://systemausfall.org/toolforge/debian unstable main + diff --git a/config/common b/config/common index f999e72..5c19116 100644 --- a/config/common +++ b/config/common @@ -22,6 +22,8 @@ LH_APT_PIPELINE="" # $LH_APT_RECOMMENDS: set apt/aptitude recommends # (Default: enabled) +#LH_APT_RECOMMENDS="enabled" +#Enabled for CryptoNAS development. FIXME: Disable for releases LH_APT_RECOMMENDS="enabled" # $LH_APT_SECURE: set apt/aptitude security @@ -29,8 +31,9 @@ LH_APT_RECOMMENDS="enabled" LH_APT_SECURE="enabled" # $LH_BOOTSTRAP: set bootstrap program -# (Default: debootstrap) -LH_BOOTSTRAP="debootstrap" +# (Default: cdebootstrap) +#LH_BOOTSTRAP="cdebootstrap" +LH_BOOTSTRAP="cdebootstrap" # $LH_CACHE: control cache # (Default: enabled) @@ -62,7 +65,8 @@ LH_DEBCONF_PRIORITY="critical" # $LH_INITRAMFS: set initramfs hook # (Default: live-initramfs) -LH_INITRAMFS="live-initramfs" +# Building under Debian `etch' requires this set to `casper' +LH_INITRAMFS="casper" # $LH_FDISK: set fdisk program # (Default: autodetected) @@ -74,6 +78,7 @@ LH_LOSETUP="losetup" # $LH_MODE: set distribution mode # (Default: debian) +# FIXME: what are the other choices? LH_MODE="debian" # $LH_ROOT_COMMAND: use sudo or equivalent @@ -104,7 +109,7 @@ LH_TEMPLATES="/usr/share/live-helper/templates" # $LH_DEBUG: enable debug # (Default: disabled) -#LH_DEBUG="disabled" +LH_DEBUG="enabled" # $LH_FORCE: enable force # (Default: disabled) @@ -119,5 +124,7 @@ LH_QUIET="disabled" #LH_VERBOSE="disabled" # Internal stuff (FIXME) -APT_OPTIONS="--yes" +# The `--force-yes' option should be removed once `apt' is made to +# recognize and use all the relevant GPG keys. `--yes' can stay. +APT_OPTIONS="--yes --force-yes" APTITUDE_OPTIONS="--assume-yes"