Changes required to build CryptoNAS with Debian Live on my system, Debian 4.0r3.

This should be "good enough to play with", but see
"80-cn-run-config-script.sh".

*The build works
*The image should boot OK
*Haven't begun work on the validation scripts or hardening
*The image currently uses a DHCP-assigned address
*If you have a good idea of the best way to add separation of local/default settings the way we were doing with etc-defaults.d, etc-local.d, and so on, send me an email so we can discuss it.

Makefile

@@ -0,0 +1,33 @@
+
+
+
+# make-mode emacs thingamajig -*- makefile -*-
+
+
+#manually configured directories
+config_dirs := config binary_local-hooks chroot_local-hooks \
+chroot_local-includes chroot_local-packageslists \
+binary_syslinux
+
+emacs_files := $(wildcard *~ config/*~ config/*/*~ config/*/*/*~)
+
+#This is just a helper file, since emacs "foo~" files can sometimes break a 
+#build (files ending in ~ are considered valid shell scripts).
+#If you want to build the disk image, use "lh_build" as documented at
+# http://devel.cryptobox.org/wiki/DebianLiveBuild
+
+#Using a makefile for this is a bit of a drawback, since live-helper
+#doesn't really require `make'.
+
+
+# this makefile could eventually call the live-helper build system
+
+clean-config :
+	-rm -f $(emacs_files)
+#	-rm -f $(addsuffix /*~, $(config_dirs))
+
+clean-all :
+	lh_clean --purge
+
+.PHONY : clean-all clean-config
+

config/binary

@@ -5,23 +5,24 @@
 LH_BINARY_FILESYSTEM="fat16"
 
 # $LH_BINARY_IMAGES: set image type
-# (Default: iso)
+# (Default: usb-hdd)
-LH_BINARY_IMAGES="iso"
+# Set to "iso" for CD-ROM builds or "usb-hdd" for other block devices
+LH_BINARY_IMAGES="usb-hdd"
 
 # $LH_BINARY_INDICES: set apt/aptitude generic indices
 # (Default: enabled)
-LH_BINARY_INDICES="enabled"
+LH_BINARY_INDICES="disabled"
 
 # $LH_BOOTAPPEND_LIVE: set boot parameters
 # (Default: empty)
-LH_BOOTAPPEND_LIVE=""
+LH_BOOTAPPEND_LIVE="autologin=false"
 
 # $LH_BOOTAPPEND_INSTALL: set boot parameters
 # (Default: empty)
-LH_BOOTAPPEND_INSTALL="-- }"
+LH_BOOTAPPEND_INSTALL="-- ${LH_BOOTAPPEND_LIVE}"
 
 # $LH_BOOTLOADER: set bootloader
-# (Default: syslinux)
+# (Default: grub)
 LH_BOOTLOADER="syslinux"
 
 # $LH_CHECKSUMS: set checksums
@@ -50,8 +51,8 @@ LH_ENCRYPTION="disabled"
 LH_GRUB_SPLASH=""
 
 # $LH_HOSTNAME: set hostname
-# (Default: debian)
+# (Default: cryptonas)
-LH_HOSTNAME="debian"
+LH_HOSTNAME="cryptonas"
 
 # $LH_ISO_APPLICATION: set iso author
 # (Default: Debian Live)
@@ -66,8 +67,8 @@ LH_ISO_PREPARER="live-helper 1.0~a46; http://packages.qa.debian.org/live-helper"
 LH_ISO_PUBLISHER="Debian Live project; http://debian-live.alioth.debian.org/; debian-live-devel@lists.alioth.debian.org"
 
 # $LH_ISO_VOLUME: set iso volume (max 32 chars)
-# (Default: Debian Live 20080608-17:04)
+# (Default: Debian Live $(date +%Y%m%d-%H:%M))
-LH_ISO_VOLUME="Debian Live 20080608-17:04"
+LH_ISO_VOLUME="Debian Live $(date +%Y%m%d-%H:%M)"
 
 # $LH_JFFS2_ERASEBLOCK: set jffs2 eraseblock size
 # (Default: unset)
@@ -119,7 +120,8 @@ LH_SYSLINUX_SPLASH=""
 
 # $LH_SYSLINUX_TIMEOUT: set custom syslinux timeout in seconds
 # (Default: 0)
-LH_SYSLINUX_TIMEOUT="0"
+# "0" does NOT appear to boot immediately
+LH_SYSLINUX_TIMEOUT="3"
 
 # $LH_SYSLINUX_CFG: set custom syslinux configuration file
 # (Default: empty)

config/bootstrap

@@ -2,6 +2,7 @@
 
 # $LH_ARCHITECTURE: select chroot architecture
 # (Default: autodetected)
+# Note: Debian Live is also designed to work on AMD64 and PowerPC
 LH_ARCHITECTURE="i386"
 
 # $LH_BOOTSTRAP_CONFIG: set distribution config directory
@@ -17,8 +18,9 @@ LH_BOOTSTRAP_INCLUDE=""
 LH_BOOTSTRAP_EXCLUDE=""
 
 # $LH_BOOTSTRAP_FLAVOUR: select flavour to use
-# (Default: )
+# (Default: standard)
-LH_BOOTSTRAP_FLAVOUR=""
+# FIXME: Set to "minimal" for CryptoNAS releases
+LH_BOOTSTRAP_FLAVOUR="standard"
 
 # $LH_BOOTSTRAP_KEYRING: set distribution keyring
 # (Default: empty)
@@ -26,19 +28,19 @@ LH_BOOTSTRAP_KEYRING=""
 
 # $LH_DISTRIBUTION: select distribution to use
 # (Default: lenny)
-LH_DISTRIBUTION="lenny"
+LH_DISTRIBUTION="etch"
 
 # $LH_MIRROR_BOOTSTRAP: set mirror to bootstrap from
 # (Default: http://ftp.us.debian.org/debian/)
-LH_MIRROR_BOOTSTRAP="http://ftp.us.debian.org/debian/"
+LH_MIRROR_BOOTSTRAP="http://127.0.0.1:3142/apt-cacher/ftp.debian.org/debian/"
 
 # $LH_MIRROR_CHROOT: set mirror to fetch packages from
 # (Default: http://ftp.us.debian.org/debian/)
-LH_MIRROR_CHROOT="http://ftp.us.debian.org/debian/"
+LH_MIRROR_CHROOT=$LH_MIRROR_BOOTSTRAP
 
 # $LH_MIRROR_CHROOT_SECURITY: set security mirror to fetch packages from
 # (Default: http://security.debian.org/)
-LH_MIRROR_CHROOT_SECURITY="http://security.debian.org/"
+LH_MIRROR_CHROOT_SECURITY="http://127.0.0.1:3142/apt-cacher/security.debian.org/"
 
 # $LH_MIRROR_BINARY: set mirror which ends up in the image
 # (Default: http://ftp.us.debian.org/debian/)

config/chroot

@@ -6,7 +6,8 @@ LH_CHROOT_FILESYSTEM="squashfs"
 
 # $LH_UNION_FILESYSTEM: set union filesystem
 # (Default: aufs)
-LH_UNION_FILESYSTEM="aufs"
+# Default aufs not available in Etch
+LH_UNION_FILESYSTEM="unionfs"
 
 # $LH_EXPOSED_ROOT: expose root as read only
 # (Default: disabled)
@@ -30,11 +31,13 @@ LH_LANGUAGE="en"
 
 # $LH_LINUX_FLAVOURS: set kernel flavour to use
 # (Default: autodetected)
-LH_LINUX_FLAVOURS="486 686"
+#LH_LINUX_FLAVOURS="486 686"
+
 
 # $LH_LINUX_PACKAGES: set kernel packages to use
 # (Default: autodetected)
-LH_LINUX_PACKAGES="linux-image-2.6 aufs-modules-2.6 squashfs-modules-2.6"
+LH_LINUX_PACKAGES="linux-image-2.6 ${LH_UNION_FILESYSTEM}-modules-2.6 squashfs-modules-2.6"
+#LH_LINUX_PACKAGES=""
 
 # $LH_PACKAGES: set packages to install
 # (Default: empty)
@@ -42,7 +45,8 @@ LH_PACKAGES=""
 
 # $LH_PACKAGES_LISTS: set package list to install
 # (Default: standard)
-LH_PACKAGES_LISTS="standard"
+# FIXME: Use "minimal cryptonas" for CryptoNAS releases
+LH_PACKAGES_LISTS="standard cryptonas-devel"
 
 # $LH_TASKS: set tasks to install
 # (Default: empty)
@@ -59,3 +63,26 @@ LH_SYMLINKS="disabled"
 # $LH_SYSVINIT: enable sysvinit
 # (Default: disabled)
 LH_SYSVINIT="disabled"
+
+
+#FIXME: Note: Everything below represents brainstorming on the part of developer
+#"frisco" and is not official.
+###############################################################
+# This is the CryptoNAS-specific part of the file. Default
+# values are defined below. Since this config file is included
+# as part of various shell scripts, any definitions present
+# in the files we include below will override those defined
+# in the present file.
+#
+# It is recommended that CryptoNAS-specific variable
+# definitions follow the CN_FOO or _CN_FOO conventions to
+# avoid polluting the shared live-helper namespace.
+###############################################################
+
+#CN_DELETEFILES="/etc/rcS.d/*discover \
+#/etc/rcS.d/*lvm \
+#/var/log/dpkg.log \
+#/var/log/bootstrap.log"
+
+#CN_MAKEDIRS=""
+

config/chroot_local-includes/etc/initramfs-tools/scripts/init-bottom/80-cn-run-config-script.sh

@@ -0,0 +1,32 @@
+#!/bin/sh
+
+##run /usr/lib/cryptobox-cd/configure-cryptobox.sh
+
+
+##The contents of this script are commented out because this part 
+##isn't yet working. Running the script AFTER startup is complete
+## seems to result in a working CryptoNAS, but I haven't yet
+## made the changes necessary to get "configure-cryptobox.sh"
+## to run in the initramfs context.
+##
+## To get an NAS "good enough to play with", uncomment everything with
+## a single '#' after this point and run it once you get to the root
+## prompt (use "sudo -s" to get to the root prompt).
+##
+echo "Boot-time configuration not implemented; run"
+echo "/usr/lib/cryptobox-cd/configure-cryptobox.sh as root"
+#echo "Configuring the CryptoNAS live system..."
+##if we're doing a release version, call it with "normal, then secure"
+##disable for now to isolate smbd/nmbd other problems
+
+#/usr/lib/cryptobox-cd/configure-cryptobox.sh normal
+
+
+## call it again with argument "secure" if we're building a release
+
+
+#/sbin/telinit 3
+
+
+#/etc/init.d/cryptobox-server restart
+#/etc/init.d/samba restart

config/chroot_local-includes/usr/lib/cryptobox-cd/configure-cryptobox.sh

@@ -63,9 +63,11 @@ function configure_normal()
 
 	############ webdav ############
     #TODO: add apache2 packages; configure port; add webdav link in web frontend
-	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
+
-	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
+#This breaks the build until apache2 is integrated into the package list
-	chmod +x /etc/cryptobox-server/events.d/apache2_dav
+#	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
+#	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
+#	chmod +x /etc/cryptobox-server/events.d/apache2_dav
 	
 	########### boot up ###########
 	# turn off creation of "/etc/nologin" (read-only fs)

config/chroot_local-packageslists/cryptonas

@@ -0,0 +1,42 @@
+## LH: cryptonas
+
+util-linux
+grub
+parted
+dmsetup
+perl
+tar
+bash
+coreutils
+module-init-tools
+ifupdown
+busybox
+usbutils
+pciutils
+discover
+hdparm
+binutils
+debconf
+sysutils
+stunnel4
+samba
+#Apache was breaking the build before work started on the Debian Live changeover. FIXME: re-integrate
+#apache2
+hashalot
+python-clearsilver
+python-cherrypy
+python-configobj
+python-central
+super
+dosfstools
+cryptsetup
+python-m2crypto
+## support for file systems
+e2tools
+e2fsprogs
+xfsprogs
+hfsutils
+jfsutils
+cryptobox-server
+## ntfs-3g is not in etch
+

config/chroot_local-packageslists/cryptonas-devel

@@ -0,0 +1,14 @@
+## LH: cryptonas-devel
+
+#include <cryptonas>
+subversion
+strace
+ssh
+vim
+nano
+less
+lynx
+sysklogd
+w3m
+screen
+elinks

config/chroot_sources/systemausfall-org.chroot

@@ -0,0 +1,8 @@
+
+#Although `live-helper' claims to be able to install packages
+#located in `config/chroot_local-packages', this doesn't appear
+#to be working yet. As a workaround, download the cryptobox-server
+#package from a repository or `apt-cacher' installation:
+
+deb http://systemausfall.org/toolforge/debian unstable main
+

config/common

@@ -22,6 +22,8 @@ LH_APT_PIPELINE=""
 
 # $LH_APT_RECOMMENDS: set apt/aptitude recommends
 # (Default: enabled)
+#LH_APT_RECOMMENDS="enabled"
+#Enabled for CryptoNAS development. FIXME: Disable for releases
 LH_APT_RECOMMENDS="enabled"
 
 # $LH_APT_SECURE: set apt/aptitude security
@@ -29,8 +31,9 @@ LH_APT_RECOMMENDS="enabled"
 LH_APT_SECURE="enabled"
 
 # $LH_BOOTSTRAP: set bootstrap program
-# (Default: debootstrap)
+# (Default: cdebootstrap)
-LH_BOOTSTRAP="debootstrap"
+#LH_BOOTSTRAP="cdebootstrap"
+LH_BOOTSTRAP="cdebootstrap"
 
 # $LH_CACHE: control cache
 # (Default: enabled)
@@ -62,7 +65,8 @@ LH_DEBCONF_PRIORITY="critical"
 
 # $LH_INITRAMFS: set initramfs hook
 # (Default: live-initramfs)
-LH_INITRAMFS="live-initramfs"
+# Building under Debian `etch' requires this set to `casper'
+LH_INITRAMFS="casper"
 
 # $LH_FDISK: set fdisk program
 # (Default: autodetected)
@@ -74,6 +78,7 @@ LH_LOSETUP="losetup"
 
 # $LH_MODE: set distribution mode
 # (Default: debian)
+# FIXME: what are the other choices?
 LH_MODE="debian"
 
 # $LH_ROOT_COMMAND: use sudo or equivalent
@@ -104,7 +109,7 @@ LH_TEMPLATES="/usr/share/live-helper/templates"
 
 # $LH_DEBUG: enable debug
 # (Default: disabled)
-#LH_DEBUG="disabled"
+LH_DEBUG="enabled"
 
 # $LH_FORCE: enable force
 # (Default: disabled)
@@ -119,5 +124,7 @@ LH_QUIET="disabled"
 #LH_VERBOSE="disabled"
 
 # Internal stuff (FIXME)
-APT_OPTIONS="--yes"
+# The `--force-yes' option should be removed once `apt' is made to
+# recognize and use all the relevant GPG keys. `--yes' can stay.
+APT_OPTIONS="--yes --force-yes"
 APTITUDE_OPTIONS="--assume-yes"