From 8a9d8a7b571c2dd158a68edc23313ee2553e637a Mon Sep 17 00:00:00 2001
From: frisco <>
Date: Sat, 12 Jul 2008 03:27:05 +0000
Subject: [PATCH] Disk format, shutdown, restart now work---is anything still
 broken?? Re-enabled apache2 install; not yet configured properly. Builder is
 now able to provide /etc/modules and /etc/network/interfaces

---
 README.devel                                  | 17 ++++++++++----
 .../50cnas-config-chroot.sh                   | 22 ++++++++++++++-----
 .../scripts/casper-bottom/90cnas_setup_etc    | 20 +++++++++++++----
 config/chroot_local-packageslists/cryptonas   |  2 +-
 .../chroot_sources/systemausfall-org.chroot   |  8 +++++--
 config/cnas-default-settings                  |  9 ++++++++
 6 files changed, 62 insertions(+), 16 deletions(-)

diff --git a/README.devel b/README.devel
index 91bfecc..d7ad6b4 100644
--- a/README.devel
+++ b/README.devel
@@ -25,9 +25,12 @@ I'm keeping the folders from the legacy CryptoNAS build system around
 until I'm sure we don't need them. Don't be confused by their continued
 presence in the "deb-live" SVN branch.
 
+config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/modules and
+config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/network/interfaces
+will now be used at boot time if they exist.
+
+
 TODO:
-get "shutdown/reboot from web interface" working
-get (configuration partition) formatting to work
 check against validation scripts
 check that "secure" build works
 set up a firewall in the "secure" build
@@ -42,11 +45,17 @@ integrate with cryptobox-server 4.0
 for release version, try to isolate which parts of debian "standard" packages
 are really needed to avoid errors and which are extraneous
 
+custom splash screen for syslinux
+stream music
+check filesystems periodically
+make drive identification more user-friendly (not just "/dev/foo")
+"install to hard disk or similar device" function (not high priority)
+get COW working
 
-Short term goals (next couple of commits):
+
+Short term goals:
 -----
 add explanatory text to etc-scoreboard file
 do any more files need copyright notices?
 set up reasonable defaults in cnas-default-settings (use gedit with multiple separate windows)
-
 /etc/network/interfaces
diff --git a/config/chroot_local-hooks/50cnas-config-chroot.sh b/config/chroot_local-hooks/50cnas-config-chroot.sh
index a9ee10d..2c1cc3a 100755
--- a/config/chroot_local-hooks/50cnas-config-chroot.sh
+++ b/config/chroot_local-hooks/50cnas-config-chroot.sh
@@ -56,14 +56,26 @@ function configure_normal()
 	# install the samba hook script
 	cp /usr/share/doc/cryptobox-server/event-scripts/samba /etc/cryptobox-server/events.d/samba 
 	chmod +x /etc/cryptobox-server/events.d/samba
-	chown root:root /etc
 
+	############ dir perms ########
+	# For security reasons, many CryptoNAS scripts will refuse
+	# to run if their parent directories have unsafe permissions.
+	# The files in config/chroot_local-includes are, by default,
+	# owned by the user who did the SVN checkout. Therefore
+	# reset the important directories there to being owned by root.
+	# Debian Policy specifies that local users and package-created
+	# users have different uid ranges, so the set of files with
+	# unrecognized uid's should be the same as the set of files added
+	# by "config/chroot_local-includes/".
+	# Note that we are doing this at build time, not run time!
+	# Only fix files that are neither setuid nor setgid:
+	chown root:root `find / -xdev -nouser ! -perm -4000 ! -perm -2000`
 
 	############ webdav ############
-    #TODO: FIXME: add apache2 packages; configure port; add webdav link in web frontend
-#	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
-#	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
-#	chmod +x /etc/cryptobox-server/events.d/apache2_dav
+    #TODO: FIXME: configure port; add webdav link in web frontend
+	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
+	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
+	chmod +x /etc/cryptobox-server/events.d/apache2_dav
 	
 
         ########### boot up ###########
diff --git a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
index 0268856..db35695 100755
--- a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
@@ -59,10 +59,9 @@ log_begin_msg "$DESCRIPTION"
 
 . ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard
 
-# "/" must be writeable only by root, or else the CryptoNAS-Samba
-# hook scripts will refuse to run for security reasons.
+# "/" must be writeable only by root, or else some CryptoNAS
+# scripts will refuse to run for security reasons.
 chmod go-w ${CNAS_ROOT_DIR}
-#chmod 755 ${CNAS_ROOT_DIR}
 
 sed -i 's/^id:.*$/id:3:initdefault:/' ${CNAS_ROOT_DIR}/etc/inittab
 # add tmpfs entry for mount parent
@@ -71,9 +70,22 @@ test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d
 # add new line
 echo "tmpfs	/var/cache/cryptobox-server/mnt	tmpfs	defaults	0	0" >> ${CNAS_ROOT_DIR}/etc/fstab
 
+#Set up /etc/modules with user-provided contents
+MODULES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/modules"
+if [ -f "$MODULES"  ]
+    then
+    cp $MODULES ${CNAS_ROOT_DIR}/etc/modules
+fi
+
+#Set up /etc/network/interfaces with user-provided contents
+INTERFACES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/network/interfaces"
+if [ -f "$INTERFACES" ]
+    then
+    cp $INTERFACES ${CNAS_ROOT_DIR}/etc/network/interfaces
+fi
 
 #"hard" and "secure" are synonyms, so test for both of them
-if [ ${CNAS_HARDNESS} -eq "hard" -o ${CNAS_HARDNESS} -eq "secure" ]
+if [ ${CNAS_HARDNESS} = "hard" -o ${CNAS_HARDNESS} = "secure" ]
     then
 
     #FIXME: Since we're now doing this important step at runtime,
diff --git a/config/chroot_local-packageslists/cryptonas b/config/chroot_local-packageslists/cryptonas
index 575666e..ce7dc00 100644
--- a/config/chroot_local-packageslists/cryptonas
+++ b/config/chroot_local-packageslists/cryptonas
@@ -21,7 +21,7 @@ sysutils
 stunnel4
 samba
 #Apache was breaking the build before work started on the Debian Live changeover. FIXME: re-integrate
-#apache2
+apache2
 hashalot
 python-clearsilver
 python-cherrypy
diff --git a/config/chroot_sources/systemausfall-org.chroot b/config/chroot_sources/systemausfall-org.chroot
index afe54f9..fa4e7e2 100644
--- a/config/chroot_sources/systemausfall-org.chroot
+++ b/config/chroot_sources/systemausfall-org.chroot
@@ -4,5 +4,9 @@
 #to be working yet. As a workaround, download the cryptobox-server
 #package from a repository or `apt-cacher' installation:
 
-deb http://systemausfall.org/toolforge/debian unstable main
-
+#Use apt-cacher to reduce load on the server. Be sure to add:
+#
+# deb http://systemausfall.org/toolforge/debian unstable main
+#
+#to /etc/apt/sources.list on the computer used for your build.
+deb http://127.0.0.1:3142/apt-cacher/systemausfall.org/toolforge/debian unstable main
diff --git a/config/cnas-default-settings b/config/cnas-default-settings
index a9e869f..47ff9b3 100644
--- a/config/cnas-default-settings
+++ b/config/cnas-default-settings
@@ -157,3 +157,12 @@ LH_BINARY_IMAGES="usb-hdd"
 
 CNAS_ROOT_FS="/root"
 CNAS_HARDNESS="devel"
+
+CNAS_SCOREBOARD_DIR="/usr/lib/cryptobox-cd"
+
+#FIXME: add to etc.d/network/interfaces
+#\tauto lo eth0
+#\tiface lo inet loopback
+#\tiface eth0 inet static
+#\t\taddress 192.168.0.23
+#\t\tnetmask 255.255.255.0