Disk format, shutdown, restart now work---is anything still broken??

Re-enabled apache2 install; not yet configured properly. Builder is now able to provide /etc/modules and /etc/network/interfaces
2008-07-12 03:27:05 +00:00 · 2008-07-12 03:27:05 +00:00 · 8a9d8a7b57
commit 8a9d8a7b57
parent 9141c377d0
6 changed files with 62 additions and 16 deletions
--- a/config/chroot_local-hooks/50cnas-config-chroot.sh
+++ b/config/chroot_local-hooks/50cnas-config-chroot.sh
@ -56,14 +56,26 @@ function configure_normal()
 	# install the samba hook script
 	cp /usr/share/doc/cryptobox-server/event-scripts/samba /etc/cryptobox-server/events.d/samba 
 	chmod +x /etc/cryptobox-server/events.d/samba
-	chown root:root /etc

+	############ dir perms ########
+	# For security reasons, many CryptoNAS scripts will refuse
+	# to run if their parent directories have unsafe permissions.
+	# The files in config/chroot_local-includes are, by default,
+	# owned by the user who did the SVN checkout. Therefore
+	# reset the important directories there to being owned by root.
+	# Debian Policy specifies that local users and package-created
+	# users have different uid ranges, so the set of files with
+	# unrecognized uid's should be the same as the set of files added
+	# by "config/chroot_local-includes/".
+	# Note that we are doing this at build time, not run time!
+	# Only fix files that are neither setuid nor setgid:
+	chown root:root `find / -xdev -nouser ! -perm -4000 ! -perm -2000`

 	############ webdav ############
-    #TODO: FIXME: add apache2 packages; configure port; add webdav link in web frontend
-#	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
-#	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
-#	chmod +x /etc/cryptobox-server/events.d/apache2_dav
+    #TODO: FIXME: configure port; add webdav link in web frontend
+	sed -i 's/^NO_START=.*$/NO_START=0/' /etc/default/apache2
+	cp /usr/share/doc/cryptobox-server/event-scripts/apache2_dav /etc/cryptobox-server/events.d/apache2_dav
+	chmod +x /etc/cryptobox-server/events.d/apache2_dav
 	

        ########### boot up ###########
--- a/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
+++ b/config/chroot_local-includes/usr/share/initramfs-tools/scripts/casper-bottom/90cnas_setup_etc
@ -59,10 +59,9 @@ log_begin_msg "$DESCRIPTION"

 . ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard

-# "/" must be writeable only by root, or else the CryptoNAS-Samba
-# hook scripts will refuse to run for security reasons.
+# "/" must be writeable only by root, or else some CryptoNAS
+# scripts will refuse to run for security reasons.
 chmod go-w ${CNAS_ROOT_DIR}
-#chmod 755 ${CNAS_ROOT_DIR}

 sed -i 's/^id:.*$/id:3:initdefault:/' ${CNAS_ROOT_DIR}/etc/inittab
 # add tmpfs entry for mount parent
@ -71,9 +70,22 @@ test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d
 # add new line
 echo "tmpfs	/var/cache/cryptobox-server/mnt	tmpfs	defaults	0	0" >> ${CNAS_ROOT_DIR}/etc/fstab

+#Set up /etc/modules with user-provided contents
+MODULES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/modules"
+if [ -f "$MODULES"  ]
+    then
+    cp $MODULES ${CNAS_ROOT_DIR}/etc/modules
+fi
+
+#Set up /etc/network/interfaces with user-provided contents
+INTERFACES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/network/interfaces"
+if [ -f "$INTERFACES" ]
+    then
+    cp $INTERFACES ${CNAS_ROOT_DIR}/etc/network/interfaces
+fi

 #"hard" and "secure" are synonyms, so test for both of them
-if [ ${CNAS_HARDNESS} -eq "hard" -o ${CNAS_HARDNESS} -eq "secure" ]
+if [ ${CNAS_HARDNESS} = "hard" -o ${CNAS_HARDNESS} = "secure" ]
    then

    #FIXME: Since we're now doing this important step at runtime,
--- a/config/chroot_local-packageslists/cryptonas
+++ b/config/chroot_local-packageslists/cryptonas
@ -21,7 +21,7 @@ sysutils
 stunnel4
 samba
 #Apache was breaking the build before work started on the Debian Live changeover. FIXME: re-integrate
-#apache2
+apache2
 hashalot
 python-clearsilver
 python-cherrypy
--- a/config/chroot_sources/systemausfall-org.chroot
+++ b/config/chroot_sources/systemausfall-org.chroot
@ -4,5 +4,9 @@
 #to be working yet. As a workaround, download the cryptobox-server
 #package from a repository or `apt-cacher' installation:

-deb http://systemausfall.org/toolforge/debian unstable main
-
+#Use apt-cacher to reduce load on the server. Be sure to add:
+#
+# deb http://systemausfall.org/toolforge/debian unstable main
+#
+#to /etc/apt/sources.list on the computer used for your build.
+deb http://127.0.0.1:3142/apt-cacher/systemausfall.org/toolforge/debian unstable main
--- a/config/cnas-default-settings
+++ b/config/cnas-default-settings
@ -157,3 +157,12 @@ LH_BINARY_IMAGES="usb-hdd"

 CNAS_ROOT_FS="/root"
 CNAS_HARDNESS="devel"
+
+CNAS_SCOREBOARD_DIR="/usr/lib/cryptobox-cd"
+
+#FIXME: add to etc.d/network/interfaces
+#\tauto lo eth0
+#\tiface lo inet loopback
+#\tiface eth0 inet static
+#\t\taddress 192.168.0.23
+#\t\tnetmask 255.255.255.0