"secure" build now works; moved /usr/lib/cryptobox-cd to /usr/share/cryptonas-live; removed some obsolete files; added gettext to
development build
This commit is contained in:
parent
3ccc72f535
commit
91a0cfb6de
24
README.devel
24
README.devel
|
@ -12,7 +12,7 @@ live-helper scripts being used are located in
|
|||
the "tools" folder. The version of live-helper distributed
|
||||
with Ubuntu "Gutsy Gibbon" does NOT work for CryptoNAS.
|
||||
|
||||
You should add the following line to apt-cacher's source list
|
||||
You may want to add the following line to apt-cacher's source list
|
||||
(for example, /etc/apt/sources.list) and run "aptitude update":
|
||||
deb http://systemausfall.org/toolforge/debian unstable main
|
||||
|
||||
|
@ -20,6 +20,7 @@ The only files and folders relevant to this version are:
|
|||
tools/
|
||||
rm-tmps.sh
|
||||
config/
|
||||
Debian-Mirrors/
|
||||
README.devel.
|
||||
I'm keeping the folders from the legacy CryptoNAS build system around
|
||||
until I'm sure we don't need them. Don't be confused by their continued
|
||||
|
@ -27,7 +28,9 @@ presence in the "deb-live" SVN branch.
|
|||
|
||||
config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/modules and
|
||||
config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/network/interfaces
|
||||
will now be used at boot time if they exist.
|
||||
will now be used at boot time if they exist. The developer can specify
|
||||
alternative files using the $CNAS_KMODULES and $CNAS_INTERFACES
|
||||
variables.
|
||||
|
||||
|
||||
Source Code Info
|
||||
|
@ -47,31 +50,26 @@ A current list of mirrors is also located at
|
|||
|
||||
TODO
|
||||
----
|
||||
check against validation scripts
|
||||
check that "secure" build works
|
||||
|
||||
set up a firewall in the "secure" build
|
||||
|
||||
/etc/modules (make sure desired modules load at startup)
|
||||
|
||||
complete "cryptonas" name change
|
||||
possibly move /usr/lib/cryptobox-cd to /usr/share/cryptonas-cd
|
||||
get apt-secure working
|
||||
|
||||
enable apache2 DAV
|
||||
integrate with cryptobox-server 4.0
|
||||
for release version, try to isolate which parts of debian "standard" packages
|
||||
are really needed to avoid errors and which are extraneous
|
||||
integrate with cryptobox-server 0.4
|
||||
|
||||
custom splash screen for syslinux
|
||||
stream music
|
||||
check filesystems periodically
|
||||
make drive identification more user-friendly (not just "/dev/foo")
|
||||
"install to hard disk or similar device" function (not high priority)
|
||||
get COW working
|
||||
|
||||
|
||||
|
||||
Short term goals:
|
||||
----------------
|
||||
add explanatory text to etc-scoreboard file
|
||||
do any more files need copyright notices?
|
||||
set up reasonable defaults in cnas-default-settings (use gedit with multiple separate windows)
|
||||
/etc/network/interfaces
|
||||
|
@ -82,13 +80,11 @@ Known Issues:
|
|||
Debian Live boot media shown in list of available disks
|
||||
Mounted encrypted volumes shown twice in list of available disks (may have been fixed already)
|
||||
*syslinux splash screen needs customization
|
||||
*"secure"/minimal setup needs to be built and tested
|
||||
*needs to be built using a *.deb based on SVN "head" to make sure that glaring English-language
|
||||
issues were fixed since live-cd 3.1
|
||||
*When NOT using a user-supplied /etc/network/interfaces (haven't tried it *with* user-supplied
|
||||
"interfaces") and the user chooses a new IP address via the web interface, the old DHCP-assigned
|
||||
address is still accessible
|
||||
*Reading an encrypted live-cd image doesn't work using Etch as the build system
|
||||
*Reading an encrypted live-cd image doesn't work using Etch
|
||||
*LH_APT_SECURE must be set to "enabled" in Etch or else cdebootstrap fails
|
||||
|
||||
LH_SOURCE="enabled" doesn't work yet
|
||||
|
|
|
@ -16,24 +16,30 @@
|
|||
|
||||
set -eu
|
||||
|
||||
#FIXME: no longer using dfs:
|
||||
RUNTIMEDIR=/opt/dfsruntime/runtimerd
|
||||
TUNDEV=$RUNTIMEDIR/dev/net/tun
|
||||
|
||||
REMOVE_PACKAGES="strace
|
||||
nvi nano vim vim-common vim-tiny
|
||||
unzip zip aptitude tasksel locate
|
||||
ssh elinks curl wget netkit-inetd telnet
|
||||
unzip zip locate
|
||||
ssh elinks curl netkit-inetd telnet
|
||||
exim4-daemon-light exim4-config exim4-base
|
||||
ppp pppconfig pppoe pppoeconf iptables
|
||||
ppp pppconfig pppoe pppoeconf
|
||||
subversion w3m wget lynx less screen
|
||||
info iptables man-db manpages
|
||||
info man-db manpages
|
||||
openssh-server openssh-client"
|
||||
|
||||
# Removing these packages would be better for security, but
|
||||
# breaks the build:
|
||||
#aptitude tasksel wget iptables
|
||||
#TODO: evaluate whether to remove other packages under Debian Live
|
||||
|
||||
# remove rc symlinks for these services
|
||||
SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate"
|
||||
|
||||
#We run in a chroot environment, so source files accordingly.
|
||||
. /usr/lib/cryptobox-cd/etc-scoreboard
|
||||
. /usr/share/cryptonas-live/etc-scoreboard
|
||||
|
||||
function configure_normal()
|
||||
# the usual stuff - not optimized for security
|
||||
|
@ -145,8 +151,12 @@ function configure_secure()
|
|||
# remove doc files
|
||||
# remove man pages
|
||||
# some vim files stay behind?
|
||||
rm -rf /opt/packages /var/cache/bootstrap /var/cache/apt/ /var/cache/locate
|
||||
rm -rf /usr/share/man /usr/share/vim /var/lib/apt /var/cache/debconf /var/cache/man
|
||||
|
||||
# Need to keep these files for live-helper to complete successfully
|
||||
# rm -rf /var/cache/apt /var/lib/apt /var/cache/debconf /opt/packages
|
||||
|
||||
rm -rf /var/cache/bootstrap /var/cache/locate
|
||||
rm -rf /usr/share/man /usr/share/vim /var/cache/man
|
||||
# remove docs except for the cryptobox's
|
||||
ls /usr/share/doc | while read dname
|
||||
do test "$dname" == "cryptobox-server" || rm -rf "/usr/share/doc/$dname"
|
||||
|
@ -161,7 +171,7 @@ function configure_secure()
|
|||
done
|
||||
|
||||
# change some dir permissions
|
||||
chmod 660 /var/cache/cryptobox-server/settings/
|
||||
chmod 770 /var/cache/cryptobox-server/settings/
|
||||
|
||||
return 0
|
||||
}
|
||||
|
|
|
@ -1,54 +0,0 @@
|
|||
# some local settings for cbox-build.sh and validate.sh
|
||||
#
|
||||
# previously defined settings:
|
||||
# - ROOT_DIR
|
||||
#
|
||||
|
||||
|
||||
####################### cbox-build ########################
|
||||
|
||||
# the build directory (will be ERASED without warning)
|
||||
BUILD_DIR="$ROOT_DIR/_builddir"
|
||||
|
||||
# the cryptobox development files
|
||||
CBOX_DEVEL_DIR=$ROOT_DIR/cbox-tree.d
|
||||
|
||||
# template for live-cd
|
||||
TEMPLATE_DIR=$ROOT_DIR/live-cd-tree.d
|
||||
|
||||
# the iso image
|
||||
IMAGE_FILE=$BUILD_DIR/cryptobox.iso
|
||||
|
||||
# temporary directory
|
||||
TMP_DIR=/tmp/$(basename $0)-$$
|
||||
|
||||
# the virtual harddisk image used for qemu
|
||||
HD_IMAGE=/tmp/$(basename $0)-testplatte.img
|
||||
|
||||
# mkisofs options (the option "-U" is not clean, but it prevents long
|
||||
# filenames from getting mapped)
|
||||
# TODO: this may prevent windows user from reading the documentation
|
||||
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
|
||||
|
||||
# for burning a CD
|
||||
CDWRITER=0,0,0
|
||||
|
||||
|
||||
####################### validation ########################
|
||||
|
||||
# language of validation (select web interface language)
|
||||
VALIDATE_LANGUAGE=en
|
||||
|
||||
# directory of the test-cases
|
||||
VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases
|
||||
|
||||
# override these settings if the CryptoBox uses a non-default IP
|
||||
VALIDATE_HOST_IP_DEFAULT=192.168.0.23
|
||||
VALIDATE_HOST_IP_CHANGED=192.168.0.24
|
||||
|
||||
# destination directories for the results
|
||||
VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$
|
||||
VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report
|
||||
VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates
|
||||
|
||||
|
|
@ -1,236 +0,0 @@
|
|||
# arch-tag: Default configuration file
|
||||
# Copyright (c) 2004 John Goerzen
|
||||
|
||||
[DEFAULT]
|
||||
######################################################################
|
||||
# Overall settings, set defaults for all archs
|
||||
######################################################################
|
||||
|
||||
# Name of generated disc & hostname
|
||||
# BEWARE: hostname does not work - you have to set the hostname manually at the end of this file
|
||||
name = CryptoBox
|
||||
|
||||
# Version of generated disc
|
||||
version = 0.3.4
|
||||
|
||||
# Person that built it
|
||||
builder = sense.lab
|
||||
|
||||
# Repositories to mirror. Details about each one are configured below.
|
||||
dlrepos = stable
|
||||
|
||||
# Repository to build the CD with. Must be in above list.
|
||||
suite = stable
|
||||
|
||||
# Whether or not to use zftree compression on ISO image
|
||||
compress = no
|
||||
|
||||
# Files to never compress if the above is yes
|
||||
# If a dir is given, that dir and everything below is not compressed
|
||||
dontcompress = /boot
|
||||
/etc/*boot*
|
||||
/opt/dfsruntime/initrd.dfs
|
||||
|
||||
# Location of dfsbuild support files
|
||||
libdir = /usr/lib/dfsbuild
|
||||
|
||||
# Location of docs for CD
|
||||
docdir = /usr/share/doc/dfsbuild
|
||||
|
||||
# Bootloader to place on CD. Choices are:
|
||||
# grub-hd GRUB with ElTorito hard disk emulation (not working yet)
|
||||
# grub-no-emul "raw" ElTorito image
|
||||
# aboot Alpha SRM bootloader
|
||||
# yaboot PowerPC bootloader
|
||||
# (usually set in arch area)
|
||||
#bootloader = grub-no-emul
|
||||
|
||||
|
||||
# Packages to install on live FS, on all archs, besides base system
|
||||
allpackages =
|
||||
util-linux
|
||||
grub
|
||||
parted
|
||||
dmsetup
|
||||
perl
|
||||
tar
|
||||
bash
|
||||
coreutils
|
||||
module-init-tools
|
||||
ifupdown
|
||||
busybox
|
||||
usbutils
|
||||
pciutils
|
||||
discover
|
||||
hdparm
|
||||
binutils
|
||||
debconf
|
||||
sysutils
|
||||
stunnel4
|
||||
samba
|
||||
hashalot
|
||||
python-clearsilver
|
||||
python-cherrypy
|
||||
python-configobj
|
||||
python-central
|
||||
super
|
||||
dosfstools
|
||||
cryptsetup
|
||||
python-m2crypto
|
||||
# support for file systems
|
||||
e2tools
|
||||
e2fsprogs
|
||||
xfsprogs
|
||||
hfsutils
|
||||
jfsutils
|
||||
## ntfs-3g is not in etch
|
||||
#ntfs-3g
|
||||
# TODO: remove the following packages for the final version
|
||||
subversion
|
||||
strace
|
||||
ssh
|
||||
vim
|
||||
nano
|
||||
less
|
||||
lynx
|
||||
w3m
|
||||
screen
|
||||
elinks
|
||||
|
||||
|
||||
# select a mirror for the repository (apt-cacher, apt-proxy, no caching) by
|
||||
# uncommenting the line of your choice
|
||||
# (1) apt-cacher (default)
|
||||
mirror = http://127.0.0.1/apt-cacher/ftp.debian.org/debian
|
||||
# (2) apt-proxy
|
||||
#mirror = http://127.0.0.1:9999/debian
|
||||
# (3) no caching proxy for apt
|
||||
#mirror = http://ftp.debian.org/debian
|
||||
|
||||
|
||||
# Files to place on the ramdisk
|
||||
ramdisk_files = /etc/resolv.conf
|
||||
/etc/lvm*
|
||||
/tmp
|
||||
/var/tmp
|
||||
/dev
|
||||
/var/lib/dhcp
|
||||
/var/lib/samba
|
||||
/var/log
|
||||
/var/cache/samba
|
||||
/var/lock
|
||||
/var/run
|
||||
/var/state
|
||||
/etc/mtab
|
||||
/root
|
||||
/etc/network
|
||||
/var/lib/misc
|
||||
/var/lib/urandom
|
||||
#/etc/hotplug/.run
|
||||
/var/spool/cron
|
||||
|
||||
# Directories to create on live fs
|
||||
makedirs =
|
||||
|
||||
# Files to delete from live fs
|
||||
deletefiles = /etc/rcS.d/*discover
|
||||
/etc/rcS.d/*lvm
|
||||
/var/log/dpkg.log
|
||||
/var/log/bootstrap.log
|
||||
|
||||
preparescripts =
|
||||
../scripts/prepare_target.sh
|
||||
|
||||
cleanupscripts =
|
||||
../scripts/cleanup_target.sh
|
||||
|
||||
######################################################################
|
||||
# Arch settings: i386
|
||||
######################################################################
|
||||
|
||||
[i386]
|
||||
# Name of any kernel images to install directly from your current filesystem
|
||||
#kernels = /boot/vmlinuz-2.4.27-2-386
|
||||
|
||||
# Modules to copy from host filesystem
|
||||
#modules = /lib/modules/2.4.27-2-386
|
||||
|
||||
# Debs from local fs to unpack on live FS (will not be configured)
|
||||
unpackdebs =
|
||||
../packages/linux-image-2.6.20_cryptobox0.3.3_i386.deb
|
||||
|
||||
# Other packages to install besides the list in DEFAULT
|
||||
packages = %(allpackages)s
|
||||
|
||||
# Debs from local fs to install on live fs
|
||||
## fetch newest ntfs-3g from debian backports
|
||||
installdebs =
|
||||
../packages/cryptobox-server.deb
|
||||
../packages/ntfs-3g_1%3a1.516-1~bpo.1_i386.deb
|
||||
|
||||
# Bootloader (see options under default)
|
||||
bootloader = grub-no-emul
|
||||
|
||||
# Extra lines for grub config
|
||||
grubconfig = timeout 0
|
||||
password -md5 this_invalid_hash_protects_grub_config
|
||||
|
||||
#####################################################################
|
||||
# Repository configuration
|
||||
######################################################################
|
||||
|
||||
# Repositories to download
|
||||
[repo testing]
|
||||
suite = testing
|
||||
|
||||
[repo amd64]
|
||||
suite = unstable
|
||||
# Override default mirror
|
||||
#mirror = http://debian-amd64.alioth.debian.org/pure64/
|
||||
# Override default arch
|
||||
arch = amd64
|
||||
|
||||
######################################################################
|
||||
# Text to add to existing files
|
||||
######################################################################
|
||||
|
||||
[appendfiles]
|
||||
|
||||
/etc/network/interfaces =
|
||||
auto lo eth0
|
||||
iface lo inet loopback
|
||||
iface eth0 inet static
|
||||
address 192.168.0.23
|
||||
netmask 255.255.255.0
|
||||
|
||||
# /etc/modules =
|
||||
|
||||
/etc/profile = export TERM=vt100
|
||||
|
||||
######################################################################
|
||||
# Files to create or truncate
|
||||
######################################################################
|
||||
|
||||
[createfiles]
|
||||
/etc/hostname = CryptoBox
|
||||
|
||||
/etc/syslog.conf = *.* /dev/tty8
|
||||
*.info /dev/tty7
|
||||
|
||||
/etc/hosts = 127.0.0.1 localhost
|
||||
|
||||
/etc/kernel-img.conf = do_initrd = Yes
|
||||
|
||||
# exit the samba startup script during install immediately - otherwise
|
||||
# there would be /proc problems - it will get replaced later via
|
||||
# live-cd-tree.d/usr/lib/cryptobox-cd/configure-cryptobox.sh
|
||||
/etc/default/samba = exit
|
||||
|
||||
######################################################################
|
||||
# Symlinks to create (from = to format)
|
||||
######################################################################
|
||||
|
||||
# this does not work anymore
|
||||
#[symlinks]
|
||||
#/etc/mtab = /proc/mounts
|
||||
|
|
@ -0,0 +1,55 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# this is the qemu-ifup script that should be run at qemu's boot
|
||||
#
|
||||
|
||||
# determine the interface to the outside
|
||||
IF_WORLD=`/sbin/route -n | grep " UG " | sed "s/ */ /g" | cut -d " " -f 8 | head -1`
|
||||
# nothing found? - sorry!
|
||||
[ -z "$IF_WORLD" ] && IF_WORLD=eth0
|
||||
|
||||
|
||||
if [ "$UID" -ne 0 ]
|
||||
then sudo $0 $*
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Laufe als root ..."
|
||||
|
||||
IPT=/sbin/iptables
|
||||
[ ! -x $IPT ] && IPT=/usr/sbin/iptables
|
||||
|
||||
IPT_RULES=" FORWARD -i tun0 -o $IF_WORLD -j ACCEPT
|
||||
FORWARD -i $IF_WORLD -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
|
||||
POSTROUTING -t nat -o $IF_WORLD -j MASQUERADE
|
||||
INPUT -i tun0 -j ACCEPT
|
||||
OUTPUT -o tun0 -j ACCEPT"
|
||||
|
||||
aktiviere_forward()
|
||||
{
|
||||
echo "$IPT_RULES" | while read a
|
||||
do $IPT -A $a
|
||||
done
|
||||
echo 1 >/proc/sys/net/ipv4/ip_forward
|
||||
}
|
||||
|
||||
deaktiviere_forward()
|
||||
{
|
||||
echo "$IPT_RULES" | while read a
|
||||
do $IPT -D $a
|
||||
done
|
||||
echo 0 >/proc/sys/net/ipv4/ip_forward
|
||||
}
|
||||
|
||||
case "$1" in
|
||||
stop )
|
||||
deaktiviere_forward
|
||||
#/etc/init.d/dhcp stop
|
||||
;;
|
||||
* )
|
||||
/sbin/ifconfig $1 192.168.0.1
|
||||
#/etc/init.d/dhcp start
|
||||
aktiviere_forward
|
||||
;;
|
||||
esac
|
||||
|
|
@ -57,7 +57,7 @@ esac
|
|||
|
||||
log_begin_msg "$DESCRIPTION"
|
||||
|
||||
. ${CNAS_ROOT_DIR}/usr/lib/cryptobox-cd/etc-scoreboard
|
||||
. ${CNAS_ROOT_DIR}/usr/share/cryptonas-live/etc-scoreboard
|
||||
|
||||
# "/" must be writeable only by root, or else some CryptoNAS
|
||||
# scripts will refuse to run for security reasons.
|
||||
|
@ -70,18 +70,30 @@ test -e ${CNAS_ROOT_DIR}/etc/fstab && sed -i '#/var/cache/cryptobox-server/mnt#d
|
|||
# add new line
|
||||
echo "tmpfs /var/cache/cryptobox-server/mnt tmpfs defaults 0 0" >> ${CNAS_ROOT_DIR}/etc/fstab
|
||||
|
||||
#Set up /etc/modules with user-provided contents
|
||||
MODULES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/modules"
|
||||
if [ -f "$MODULES" ]
|
||||
#Set up /etc/modules with user-provided contents ('K' stands for "kernel")
|
||||
_CNAS_KMODULES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/modules"
|
||||
# if $CNAS_KMODULES is not null then use that file as /etc/modules
|
||||
if [ -n "$CNAS_KMODULES" ]
|
||||
then
|
||||
cp $MODULES ${CNAS_ROOT_DIR}/etc/modules
|
||||
_CNAS_KMODULES="${CNAS_KMODULES}"
|
||||
fi
|
||||
|
||||
if [ -f "$_CNAS_KMODULES" ]
|
||||
then
|
||||
cp $_CNAS_KMODULES ${CNAS_ROOT_DIR}/etc/modules
|
||||
fi
|
||||
|
||||
#Set up /etc/network/interfaces with user-provided contents
|
||||
INTERFACES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/network/interfaces"
|
||||
if [ -f "$INTERFACES" ]
|
||||
_CNAS_INTERFACES="$CNAS_ROOT_DIR/$CNAS_SCOREBOARD_DIR/etc.d/network/interfaces"
|
||||
# if $CNAS_INTERFACES is not null then use that file as /etc/network/interfaces
|
||||
if [ -n "$CNAS_INTERFACES" ]
|
||||
then
|
||||
cp $INTERFACES ${CNAS_ROOT_DIR}/etc/network/interfaces
|
||||
_CNAS_INTERFACES="${CNAS_INTERFACES}"
|
||||
fi
|
||||
|
||||
if [ -f "$CNAS_INTERFACES" ]
|
||||
then
|
||||
cp $_CNAS_INTERFACES ${CNAS_ROOT_DIR}/etc/network/interfaces
|
||||
fi
|
||||
|
||||
#"hard" and "secure" are synonyms, so test for both of them
|
||||
|
|
|
@ -12,3 +12,4 @@ sysklogd
|
|||
w3m
|
||||
screen
|
||||
elinks
|
||||
gettext
|
||||
|
|
|
@ -40,14 +40,15 @@ _CNAS_STAGE=".stage/chroot_cnas-scoreboard"
|
|||
#the settings scoreboard file, update it.
|
||||
_CNAS_FIND="find config -regextype posix-extended -maxdepth 1 -type f -newer ${_CNAS_STAGE} -true "
|
||||
|
||||
#FIXME: refine regexp, try remembering during a rebuild...?
|
||||
# -regex '[^~]+' "
|
||||
# \( -name 'common -o -name 'bootstrap' -o -name 'chroot' -o -name 'binary' -o -name 'source' -o -name 'cnas-default-settings' -o -name 'cnas-custom-settings' -o -name 'cnas-active-settings' \) "
|
||||
#echo ${_CNAS_FIND}
|
||||
#_CNAS_FOUND=`${_CNAS_FIND}`
|
||||
|
||||
_CNAS_SCOREBOARD="config/chroot_local-includes/usr/share/cryptonas-live/etc-scoreboard"
|
||||
|
||||
#supporting unnecessary synonyms complicates change control
|
||||
if [ "$CNAS_HARDNESS" == "hard" ] || [ "$CNAS_HARDNESS" == "normal" ]
|
||||
then
|
||||
echo "warning: \$CNAS_HARDNESS settings `hard' and `normal' deprecated; use `secure' or `devel' instead"
|
||||
fi
|
||||
|
||||
_CNAS_SCOREBOARD="config/chroot_local-includes/usr/lib/cryptobox-cd/etc-scoreboard"
|
||||
|
||||
#Only run the scoreboard hack if the ".stage" directory exists
|
||||
if [ -d ${_CNAS_STAGE_DIR} ]
|
||||
|
@ -57,9 +58,19 @@ then
|
|||
#If the stage file does not exist or the "find" found something
|
||||
if [ ! -f "${_CNAS_STAGE}" ] || [ -n "`${_CNAS_FIND}`" ]
|
||||
then
|
||||
#Add explanatory banner to scoreboard file
|
||||
cat > ${_CNAS_SCOREBOARD} <<EOF
|
||||
#/usr/share/cryptonas-live/etc-scoreboard
|
||||
# This file is used by the CryptoNAS Live system to pass
|
||||
# configuration settings within the build system and to
|
||||
# the Debian Live runtime. It should NOT be checked in to
|
||||
# the CryptoNAS project's SVN repository.
|
||||
|
||||
EOF
|
||||
|
||||
#Update the scoreboard file from the current shell vars
|
||||
echo "CryptoNAS: updating scoreboard file..."
|
||||
set | grep -e "^CNAS_" > ${_CNAS_SCOREBOARD}
|
||||
set | grep -e "^CNAS_" >> ${_CNAS_SCOREBOARD}
|
||||
|
||||
#If we updated the scoreboard, touch the .stage/...
|
||||
#file we use for time stamping.
|
||||
|
|
|
@ -152,20 +152,34 @@ LH_SOURCE="disabled"
|
|||
#CNAS_MAKEDIRS=""
|
||||
|
||||
|
||||
# $LH_BINARY_IMAGES: set image type
|
||||
# (Default: usb-hdd)
|
||||
# Valid choices are:
|
||||
# "iso" for CD-ROM builds
|
||||
# "usb-hdd" for other block devices
|
||||
# "net" for netboot
|
||||
# "tar" for ???
|
||||
LH_BINARY_IMAGES="usb-hdd"
|
||||
|
||||
|
||||
CNAS_ROOT_FS="/root"
|
||||
CNAS_HARDNESS="devel"
|
||||
|
||||
CNAS_SCOREBOARD_DIR="/usr/lib/cryptobox-cd"
|
||||
CNAS_SCOREBOARD_DIR="/usr/share/cryptonas-live"
|
||||
|
||||
|
||||
# remove rc symlinks for these services
|
||||
CNAS_SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate"
|
||||
|
||||
# This part only applies if CNAS_HARDNESS is set to "secure":
|
||||
#CNAS_REMOVE_PACKAGES="strace \
|
||||
# nvi nano vim vim-common vim-tiny \
|
||||
# unzip zip aptitude tasksel locate \
|
||||
# ssh elinks curl wget netkit-inetd telnet \
|
||||
# exim4-daemon-light exim4-config exim4-base \
|
||||
# ppp pppconfig pppoe pppoeconf iptables \
|
||||
# subversion w3m wget lynx less screen \
|
||||
# info iptables man-db manpages \
|
||||
# openssh-server openssh-client"
|
||||
|
||||
|
||||
#CNAS_REMOVE_PACKAGES="strace nvi nano vim vim-common vim-tiny unzip zip aptitude tasksel locate ssh elinks curl wget netkit-inetd telnet exim4-daemon-light exim4-config exim4-base ppp pppconfig pppoe pppoeconf iptables subversion w3m wget lynx less screen info iptables man-db manpages openssh-server openssh-client"
|
||||
|
||||
# config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/modules and
|
||||
# config/chroot_local-includes/usr/lib/cryptobox-cd/etc.d/network/interfaces
|
||||
# will now be used at boot time if they exist. The developer can specify
|
||||
# alternative files using the $CNAS_KMODULES and $CNAS_INTERFACES
|
||||
# variables.
|
||||
|
||||
#FIXME: add to etc.d/network/interfaces
|
||||
#\tauto lo eth0
|
||||
|
|
Binary file not shown.
|
@ -1,79 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="centercontent">
|
||||
<div><h1 id="UserDocumentation">User Documentation</h1>
|
||||
<p>
|
||||
The following pages are describing the basic usage of the CryptoBox live-CD.
|
||||
</p>
|
||||
<p>
|
||||
The online version of this manual is a wiki, which means you can help improving the pages. If you have a question regarding the documentation, please post it on the bottom of the relevant page. The developers will answer your questions and update the manual as fast as possible.
|
||||
</p>
|
||||
<h2 id="Documentationforxreleases">Documentation for 0.3.x releases</h2>
|
||||
<ol><li><a href="doc_0.0.html">CryptoBoxUserGettingStarted</a> -- first steps to get the Cryptobox up and running
|
||||
</li><li><a href="doc_0.1.html">CryptoBoxUserDailyUse</a> -- how to access your encrypted data
|
||||
</li></ol>
|
||||
<p>
|
||||
At the moment there is no automatic way of using an encrypted disk of the 0.2 series in a !Cryptobox running the 0.3 series. That's because we did a major redesign of the CryptoBox functionality within the last year. We're sorry for the unconveniance!
|
||||
</p>
|
||||
<h2 id="FrequentlyAskedQuestions">Frequently Asked Questions</h2>
|
||||
<ul><li><a href="faq.html">FAQ</a>
|
||||
</li></ul></div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 84 KiB |
|
@ -1,93 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="centercontent">
|
||||
<h2>What does the CryptoBox do?</h2>
|
||||
<p>Usually all your files like phone numbers, love letters, bank
|
||||
account data etc. are stored in plaintext on your computer's
|
||||
harddisk.
|
||||
All the data is accessible for everyone who has access to the harddisk.
|
||||
This is very bad in case someone you don't trust gets your harddisk.
|
||||
E.g. a thief that steals your notebook, or breaks into your house or company.
|
||||
If the thief has your disk he/she can also read all the files that
|
||||
where saved on it, no matter whether you have a login password or not -
|
||||
the files are always stored in plaintext.
|
||||
</p>
|
||||
|
||||
<p>The <b>CryptoBox</b> brings easy-to-use data encryption to your
|
||||
computer. This works out of the box and does not need complicated
|
||||
configuration steps.</p>
|
||||
|
||||
<p>Here comes a small usage example for the CryptoBox with an obsolete
|
||||
PC as a fileserver:</p>
|
||||
|
||||
<p>Boot up the old PC with the CryptoBox live-CD.
|
||||
Now you can access it with your browser via the network.
|
||||
Then you partition and reformat the harddisk of the old
|
||||
PC with encryption support. Therefore you provide a passphrase.
|
||||
This is all done through the user friendly webinterface.
|
||||
You can also plug in an external harddisk and use this to store
|
||||
your encrypted data.
|
||||
Afterwards you copy your sensitive data over the local
|
||||
network to the CryptoBox.
|
||||
It is stored on its harddisk in a secure way.
|
||||
Nobody can access your data without the right passphrase.
|
||||
</p>
|
||||
</div>
|
||||
|
||||
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,135 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="left">
|
||||
|
||||
<div class="leftcontent">
|
||||
<h2>You are server admin?</h2>
|
||||
<p>Take a look at the <a
|
||||
href="http://devel.cryptobox.org/file/trunk/README">README
|
||||
file</a>. There you find more detailed information about the
|
||||
installation and configuration of the CryptoBox-Server
|
||||
package.</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Requirements for the CryptoBox live-CD</h2>
|
||||
<p>The <i>CryptoBox live-CD</i> runs on any x86 compatible PC with:</p>
|
||||
<ul>
|
||||
<li>CPU: min. 200MHz</li>
|
||||
<li>RAM: 64 MB</li>
|
||||
<li>CD-ROM drive</li>
|
||||
<li>a network connection</li>
|
||||
<li>a harddisk for your data</li>
|
||||
</ul>
|
||||
<p>The harddisk does not need to inside the of CryptoBox computer. You
|
||||
can also use external devices like USB-drives.
|
||||
All drives supported by the Linux kernel (2.6.20) can be used: IDE,
|
||||
SCSI, USB, FireWire, SATA, RAID, ...</p>
|
||||
<p>Because of the high number of different supported storage media
|
||||
we call an encrypted disk a <i>volume</i>.
|
||||
This includes (e.g.): USB-sticks, firewire-disks, flash-drives, digital cameras,
|
||||
MP3-player, MMC/SD-cards.</p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Requirements of the CryptoBox-Server</h2>
|
||||
<p>The <i>CryptoBox-Server</i> package can be installed on any system with at least:</p>
|
||||
<ul>
|
||||
<li>Linux kernel 2.6</li>
|
||||
<li>cryptsetup with LUKS support</li>
|
||||
<li>kernel support for the <i>crypt</i> target of the <i>device mapper</i></li>
|
||||
<li>Python 2.4</li>
|
||||
</ul>
|
||||
<p>In general a server package should run on any Linux
|
||||
distribution, but we only provide Debian packages. So you have to
|
||||
install the necessary files on your own to the right places if
|
||||
you are using a different linux distribution.</p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>File access</h2>
|
||||
<p>Once you openend an encrypted volume through the web frontend of
|
||||
the <i>CryptoBox</i> you can access the volume's data within your local
|
||||
network via:</p>
|
||||
<ul>
|
||||
<li>Samba shares (also known as: <i>windows network share</i>)</li>
|
||||
<!-- <li>WebDAV (aka: <i>web folder</i>)</li>
|
||||
<li>nfs (*nix file sharing)</li> -->
|
||||
</ul>
|
||||
<p>The <i>CryptoBox-Server</i> package will smoothly integrate into your existing
|
||||
fileserver. It provides mount points which can be shared via your
|
||||
favourite protocols (e.g.: WebDAV or NFS).</p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Encryption</h2>
|
||||
<p>The encrypted disk partitions are <a href="http://luks.endorphin.org/">LUKS</a>
|
||||
volumes. This makes it also possible to access your data directly with
|
||||
every modern linux system or via <a href="http://freeotfe.org/">FreeOTFE</a>
|
||||
(for Microsoft products).</p>
|
||||
<p>You can select your favourite encryption algorithm from all
|
||||
ciphers supported by the linux kernel. The default is
|
||||
<i>aes-cbc-essiv:sha256</i> (AES in CBC mode with ESSIV based on
|
||||
SHA256).</p>
|
||||
</div>
|
||||
|
||||
|
||||
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,173 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="centercontent">
|
||||
<h2>Contribute</h2>
|
||||
<p>You are not just a consumer. At least not in the Open Source world.</p>
|
||||
<p>There are various ways to take part in improving the CryptoBox
|
||||
for all of us ...</p>
|
||||
</div>
|
||||
|
||||
<div class="left">
|
||||
<div class="leftcontent">
|
||||
<h2>Overview</h2>
|
||||
<ul>
|
||||
<li><a href="http://translate.cryptobox.org/projects/cryptobox/">Translation</a></li>
|
||||
<li><a href="http://devel.cryptobox.org/newticket">Bug Reports</a></li>
|
||||
<li><a href="Crypto0.html"">User Documentation</a></li>
|
||||
<li><a href="http://devel.cryptobox.org/">Development corner</a></li>
|
||||
<li><a href="https://systemausfall.org/mail-archive/?0">Mailing list archive</a>
|
||||
<li><a href="http://devel.cryptobox.org/file/trunk/README">README</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="leftcontent">
|
||||
<h2>Recent changes</h2>
|
||||
<ul class="recent_changes">
|
||||
<li><p class="date">Thu, 22 Feb 2007 12:10:04 GMT</p><a href="http://devel.cryptobox.org/changeset/858">Changeset [858] by lars</a><p>
|
||||
added configobj to "acknowledgements" (they linked us, too)
|
||||
</p></li>
|
||||
<li><p class="date">Thu, 22 Feb 2007 10:57:16 GMT</p><a href="http://devel.cryptobox.org/changeset/857">Changeset [857] by pootle-translation</a><p>
|
||||
Commit from Thorax Translation Center by user fabrizio. 24 of 24 messages translated (0 fuzzy).
|
||||
</p></li>
|
||||
<li><p class="date">Thu, 22 Feb 2007 10:54:29 GMT</p><a href="http://devel.cryptobox.org/changeset/856">Changeset [856] by pootle-translation</a><p>
|
||||
Commit from Thorax Translation Center by user fabrizio. 2 of 2 messages translated (0 fuzzy).
|
||||
</p></li>
|
||||
<li><p class="date">Thu, 22 Feb 2007 05:30:56 GMT</p><a href="http://devel.cryptobox.org/ticket/45">Ticket #45 resolved: not clear if it works - but there is at least some documentation about how ...</a><p>
|
||||
not clear if it works - but there is at least some documentation about how to find it manually (since [<a title="updated offline documentation ..." href="http://devel.cryptobox.org/changeset/855">855</a>])
|
||||
</p></li>
|
||||
<li><p class="date">Thu, 22 Feb 2007 05:16:45 GMT</p><a href="http://devel.cryptobox.org/changeset/855">Changeset [855] by lars</a><p>
|
||||
updated offline documentation
|
||||
moved offline documentation to a higher directory
|
||||
updated autorun links
|
||||
added mirror script to integrate offline documentation into the current website layout
|
||||
</p></li></ul>
|
||||
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<div class="content">
|
||||
<h2>Translation center</h2>
|
||||
<p>We want <i>you</i> to translate the CryptoBox!</p>
|
||||
<p>This way you can help others to access the CryptoBox in their native language.
|
||||
The <a href="http://translate.cryptobox.org/projects/cryptobox/">translation center</a> serves
|
||||
this purpose. Just register and use the webinterface for translations.
|
||||
It features a nice, motivating progress bar.</p>
|
||||
<p>For any questions send a mail to <a
|
||||
href="mailto:info@cryptobox.org">info@cryptobox.org</a>.</p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Development</h2>
|
||||
<p>If you are interested in what happens under the hood, visit the <a
|
||||
href="http://devel.cryptobox.org">development corner</a>. You can also report
|
||||
bugs there.</p>
|
||||
<p>The <a href="http://devel.cryptobox.org/roadmap">roadmap</a> shows our goals
|
||||
for the next release and the estimated release date.</p>
|
||||
<p><a href="mailto:cryptobox-dev-subscribe@lists.systemausfall.org">Join
|
||||
the development mailing list</a> or participate via <a
|
||||
href="http://dir.gmane.org/gmane.comp.encryption.cryptobox.devel">gmane</a>.</p>
|
||||
<p>You can also just browse the <a
|
||||
href="https://systemausfall.org/mail-archive/?0">mailing list archive</a>.</p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Bleeding edge source code</h2>
|
||||
<p>The current source code of the <i>CryptoBox-Server</i> package is always
|
||||
available via our <a href="https://svn.systemausfall.org/svn/cryptobox/"
|
||||
title="browse subversion repository">Subversion repository</a>.</p>
|
||||
<p><a href="SvnNotes.html"">Read more ...</a></p>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Thank you!</h2>
|
||||
<p>The whole is nothing without its parts. We would like to thank
|
||||
all the people for their help (in order of appearance). So, thank you!
|
||||
:)</p>
|
||||
<ul>
|
||||
<li><a href="http://codecoop.org">codecoop.org</a> - webspace</li>
|
||||
<li>Clavdia Horvat, Tadej Brce & Dusan Rebolj - slovenian translation</li>
|
||||
<li>Rike - french translation</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="content">
|
||||
<h2>Acknowledgements</h2>
|
||||
<p>The CryptoBox project heavily depends on the following Free Software
|
||||
projects. Thanks for your hard work!</p>
|
||||
<ul>
|
||||
<li><a href="http://kernel.org">Linux kernel</a></li>
|
||||
<li><a href="http://debian.org">Debian GNU/Linux</a></li>
|
||||
<li><a href="http://python.org">Python</a></li>
|
||||
<li><a href="http://cherrypy.org">CherryPy</a></li>
|
||||
<li><a href="http://clearsilver.net">ClearSilver</a></li>
|
||||
<li><a href="http://www.saout.de/misc/dm-crypt">DM-crypt</a></li>
|
||||
<li><a href="http://luks.endorphin.org">CryptSetup LUKS</a></li>
|
||||
<li><a href="http://www.voidspace.org.uk/python/configobj.html">ConfigObj</a></li>
|
||||
<li>...</li>
|
||||
</ul>
|
||||
<p>This list is by far incomplete - so: thanks to everyone involved in
|
||||
improving Free Software!</p>
|
||||
</div>
|
||||
|
||||
|
||||
</div>
|
||||
|
||||
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
Binary file not shown.
Before Width: | Height: | Size: 19 KiB |
|
@ -1,116 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="centercontent">
|
||||
<div><h1 id="Gettingstarted">Getting started</h1>
|
||||
<p>
|
||||
Read the following and you'll be able to set up your own CryptoBox within half an hour.
|
||||
</p>
|
||||
<p>
|
||||
It's pretty straight forward as we're always trying to make things as easy as possible for you.
|
||||
</p>
|
||||
<h2 id="StepbyStep">Step by Step</h2>
|
||||
<ol><li>You need:
|
||||
<ul><li>an old computer (remove the dust first)
|
||||
</li><li>this PC needs a network card and a CD drive
|
||||
</li><li>a medium to store your files on (e.g. a harddisk)
|
||||
</li><li>we will call this PC from now on CryptoBox-PC
|
||||
</li></ul></li><li>You don't need:
|
||||
<ul><li>a monitor, keyboard and mouse (with one exception, see below).
|
||||
</li><li>deeper knowledge of cryptography or server administration
|
||||
</li></ul></li><li>Download the latest version of the CryptoBox live-CD from CodeCoop. It's an ~100MB iso-image.
|
||||
<ul><li><a class="ext-link" title="http://codecoop.org/projects/cryptobox/" href="http://codecoop.org/projects/cryptobox/">http://codecoop.org/projects/cryptobox/</a>
|
||||
</li></ul></li><li>Burn the iso-image onto a CD.
|
||||
</li><li>Connect the CryptoBox-PC to your local area network.
|
||||
</li><li>Configure the CryptoBox-PC, so that it can boot the live-CD. Therefore you may have to enter the BIOS and configure the CD-ROM as boot device.
|
||||
</li><li>Put the burned CryptoBox live-CD into the CD drive and start the CryptoBox-PC.
|
||||
</li><li>Now go to your current desktop computer which must be connected to the same network as the CryptoBox-PC is and point your browser to <i>http://192.168.0.23</i>.
|
||||
</li></ol>
|
||||
<p>
|
||||
Now, if you see a website similar to the screenshots you're ready. :) Congratulations!
|
||||
Otherwise check the last steps again and take a look in the <i>caveats</i> section below.
|
||||
</p>
|
||||
<p>
|
||||
Follow this link for <a href="doc_0.1.html">further user documentation</a>. There you'll find a detailed desription, how to work with the CryptoBox.
|
||||
</p>
|
||||
<p>
|
||||
Some sites of your brand new CryptoBox require an administrative password. The default is <i>admin</i> as username _and_ as password. For your own sake change this as soon as possible (under "Preferences" -> "Users").
|
||||
</p>
|
||||
<h2 id="Hints">Hints</h2>
|
||||
<ul><li>The CryptoBox has an integrated help system. Enable it by clicking on the top-right help icon. It displays some useful tips. You can disable it again, as soon as you know how things work.
|
||||
</li><li>The CryptoBox-PC should at least have a 200MHz CPU and 64MB RAM (rule of thumb: bought after 1997)
|
||||
</li><li>Every modern PC system should work as a CryptoBox-PC. Try to get one with low energy consumption, there is not much CPU performance necessary.
|
||||
</li><li>The data storage media can be an internal harddisk or any external drive.
|
||||
</li><li>You can change external drives while the !CryptoBox-PC is running or even leave it running without a connected drive at all.
|
||||
</li><li>The "drive" may also be a USB-stick, firewire-disk, flash-drive, MMC/SD-card, MP3-player or a digital camera.
|
||||
</li><li>If you are going to buy a new harddisk and are using a very, very old PC as CryptoBox, please keep in mind that it probably cannot handle current disk sizes!
|
||||
</li></ul><h2 id="Caveats">Caveats</h2>
|
||||
<ul><li>Some old PCs are not able to boot from CD drives. In this case you cannot use it as CryptoBox.
|
||||
</li><li>If you want to change the default boot device but don't know what a BIOS is, ask somebody for help! It doesn't hurt. ;)
|
||||
</li><li>To configure the BIOS, you need a keyboard and a monitor. But this has to be done only once.
|
||||
</li><li>Don't forget to connect your PC to your local area network! Also don't forget to connect your desktop computer to the same network, if it isn't yet.
|
||||
</li><li>Make sure your desktop computer has a <i>192.168.0.x</i> IP address (at least for the first configuration). If this says nothing to you, again ask somebody for help!
|
||||
</li><li>If you're unsure about the network, you can also try to connect the CryptoBox-PC and your desktop computer directly with a crossover network cable.
|
||||
</li></ul><hr />
|
||||
<p>
|
||||
Move on to <a href="doc_0.1.html">further user documentation</a>.
|
||||
</p>
|
||||
<p>
|
||||
Or go back to <a href="Crypto0.html">user documentation overview</a>.
|
||||
</p>
|
||||
</div>
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,204 +0,0 @@
|
|||
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
||||
|
||||
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
|
||||
<head>
|
||||
<title>CryptoBox</title>
|
||||
<meta content="text/html; charset=iso-8859-1" http-equiv="Content-Type" />
|
||||
<meta content="" name="keywords" />
|
||||
<meta name="description" content="a secure fileserver, live-CD, web front-end" />
|
||||
<link rel="stylesheet" type="text/css" href="main.css" />
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<div class="container">
|
||||
|
||||
<div id="header"><!-- just the logo --></div>
|
||||
<div class="navbar">
|
||||
<p>
|
||||
<a href="index.html">Home</a> |
|
||||
<a href="news.html">News</a> |
|
||||
<a href="downlo0.html">Download</a> |
|
||||
<a href="support.html">Support</a> |
|
||||
<a href="develo0.html">Development</a>
|
||||
</p>
|
||||
</div>
|
||||
<!-- content starts here -->
|
||||
<div class="centercontent">
|
||||
<div><h1 id="HowtousetheCryptoBox">How to use the CryptoBox</h1>
|
||||
<p>
|
||||
<h4 id="TableofContents">Table of Contents</h4>
|
||||
<ol>
|
||||
<li><a href="doc_0.1.html#Basicsofthewebinterface">Basics of the web interface</a></li>
|
||||
<ol><li><a href="doc_0.1.html#OnlineHelp">Online Help</a></li>
|
||||
<li><a href="doc_0.1.html#Navigation">Navigation</a></li>
|
||||
<li><a href="doc_0.1.html#Configuration">Configuration</a></li>
|
||||
<li><a href="doc_0.1.html#Shutdown">Shutdown</a></li>
|
||||
</ol>
|
||||
<li><a href="doc_0.1.html#PreparingVolumes">Preparing Volumes</a></li>
|
||||
<li><a href="doc_0.1.html#AccessingData">Accessing Data</a></li>
|
||||
<li><a href="doc_0.1.html#UsingyourHarddiskswithoutreformatting">Using your Harddisks without reformatting</a></li>
|
||||
</ol>
|
||||
|
||||
|
||||
</p>
|
||||
<hr />
|
||||
<h2 id="Basicsofthewebinterface">Basics of the web interface</h2>
|
||||
<p>
|
||||
Here comes a detailed description of the web interface. We usually just call it <i>CryptoBox</i> as it is the part you'll have most contact with. It's basically the website you're browsing through after you typed <i>http://192.168.0.23</i> into your browser.
|
||||
</p>
|
||||
<h3 id="OnlineHelp">Online Help</h3>
|
||||
<p>
|
||||
The new (0.3) version of the CryptoBox is self explaining. Just follow the menu and click through the pages.
|
||||
</p>
|
||||
<p>
|
||||
The integrated help system may support you while using the CryptoBox. It displays some useful tips (e.g. what a single form is for). Enable it by clicking on the top-right help icon. You can disable it again, as soon as you know how things work.
|
||||
</p>
|
||||
<ul><li>help system is disabled by default:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="help_d0.jpg"format=raw" alt="website/screenshots/doc-0.3.x/help_d0.jpg" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<ul><li>looks like this, when enabled:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="help_e0.jpg"format=raw" alt="website/screenshots/doc-0.3.x/help_e0.jpg" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<h3 id="Navigation">Navigation</h3>
|
||||
<p>
|
||||
The central place of the CryptoBox is the "Disks" section, where you manage all your encrypted and unencrypted volumes. Every single storage medium is called a <i>volume</i>.
|
||||
</p>
|
||||
<p>
|
||||
You are able to use whole disks, partitions, usb-storage devices like (usb-sticks, flash-media etc.), firewire-storage devices, logical partitions and a lot more as a volume. There is a simple rule for the devices: everything that is supported by a recent Linux kernel, is also supported by the CryptoBox.
|
||||
</p>
|
||||
<ul><li>disk overview with one volume:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="disks_0.jpg"format=raw" alt="website/screenshots/doc-0.3.x/disks_0.jpg" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<p>
|
||||
Each disk-symbol is representing a volume with its name underlaying. Small icons on the disk-symbol give you some more information about the volume. A red cross means, that the volume currently is not activated. A lock symbolzises an encrypted partition. If the lock is closed the volume is not activated. If an encryted volume is activated there shows up an open lock and the CryptoBox Logo in the top-right corner opens itself, too.
|
||||
</p>
|
||||
<h3 id="Configuration">Configuration</h3>
|
||||
<p>
|
||||
In the "Preferences" section you can adapt the CryptoBox to your personal needs. You may set the date/time of the CryptoBox there, as well as its network address and so on. You also find the log messages there - this is very helpful in case something unexpected happened.
|
||||
</p>
|
||||
<ul><li>preferences overview:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="prefer0.jpg"format=raw" alt="website/screenshots/doc-0.3.x/prefer0.jpg" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<h3 id="Shutdown">Shutdown</h3>
|
||||
<p>
|
||||
Follow the link to the "Shutdown" section and you can reboot the CryptoBox or just turn it off.
|
||||
</p>
|
||||
<hr />
|
||||
<h2 id="PreparingVolumes">Preparing Volumes</h2>
|
||||
<p>
|
||||
Every drive you connect to the CryptoBox will be shown as one or more volumes. If the device was previously formatted with a rather exotic filesystem, then you may have to format it, before you can use it via the CryptoBox. BEWARE: all data of a volume will be deleted while formatting.
|
||||
</p>
|
||||
<p>
|
||||
If you want to store encrypted data on a volume (you should, as this is the key feature of the CryptoBox :) ), you also have to format it initially, too.
|
||||
</p>
|
||||
<ul><li>initialization of a disk:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="prepar0.jpg"format=raw" alt="website/screenshots/doc-0.3.x/prepar0.jpg" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<p>
|
||||
If you format a volume with encryption support, you have to provide a good passphrase (requiered in the next step). This passphrase protects your files from curious or evil eyes.
|
||||
</p>
|
||||
<p>
|
||||
It is good practice to give every volume a unique name (e.g.: "photo collection" or "my important files"), depending on what you're using it for. So you won't have trouble if you later connect more than one drive to the CryptoBox.
|
||||
</p>
|
||||
<p>
|
||||
If you don't like the aotumatic formattign modus, you can divide one disk into more than one volume by partitioning it. Keep in mind that all existing data on a volume or disk will be deleted if you format or repartition it!
|
||||
</p>
|
||||
<hr />
|
||||
<h2 id="AccessingData">Accessing Data</h2>
|
||||
<p>
|
||||
Now you know how to set up a CryptoBox and how to prepare volumes. So you finally can put some data on your configured volume. Click in the web frontend on "Open this volume" and give the correct passphrase.
|
||||
</p>
|
||||
<p>
|
||||
If you want to open or save files on the volumes of the CryptoBox, you just use its available network shares: click on <i>network neighbourhood</i> (or similar - depending on your operating system) and choose the <i>cryptobox</i> computer. Only currently open volumes are visible there.
|
||||
</p>
|
||||
<p>
|
||||
In case the <i>cryptobox</i> computer is not visible in your network overview, you may have to search for the hostname <i>cryptobox</i> or its configured IP address. Maybe it can also be necessary to reboot the CryptoBox after you changed its network settings.
|
||||
</p>
|
||||
<p>
|
||||
The following screenshots may help you to find the <i>cryptobox</i> in your network on different desktop systems:
|
||||
</p>
|
||||
<ul><li>Gnome:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="search0.png"format=raw" alt="website/screenshots/doc-0.3.x/search0.png" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<ul><li>KDE:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="search1.png"format=raw" alt="website/screenshots/doc-0.3.x/search1.png" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<ul><li>Windows:
|
||||
</li></ul><blockquote>
|
||||
<p>
|
||||
<img src="search2.png"format=raw" alt="website/screenshots/doc-0.3.x/search2.png" />
|
||||
</p>
|
||||
</blockquote>
|
||||
<p>
|
||||
Do not forget to close the volume again via the web frontend, as soon as you do not need the encrypted files any more.
|
||||
</p>
|
||||
<hr />
|
||||
<h2 id="UsingyourHarddiskswithoutreformatting">Using your Harddisks without reformatting</h2>
|
||||
<p>
|
||||
In some cases, a disk can be used in the CryptoBox without reformatting it. This depends on the filesystem of your disk. If it is a plain (unencrypted) one and supported by the linux kernel you will not have any problems. Encrypted disks are supported only if they use a cryptsetup-luks format. Other types of disk encryption will not be accessible.
|
||||
</p>
|
||||
<p>
|
||||
On the downside you won't be able to store your CryptoBox settings (e.g. volume name, network address) on this disk. Therefore you would need a small config partition, which is being created automatically when you partition a disk. A warning message appears if you are working without a writeable config partition.
|
||||
</p>
|
||||
<hr />
|
||||
<p>
|
||||
Go back to <a href="Crypto0.html">user documentation overview</a>.
|
||||
</p>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
<!-- content ends here -->
|
||||
<div id="footer">
|
||||
<p>-- a <a href="http://senselab.org">Sense.Lab</a> project -- <a href="http://senselab.org/component/option,com_dfcontact/Itemid,29/">Impressum</a> --</p>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
|
||||
<!-- /Creative Commons License -->
|
||||
<!--
|
||||
|
||||
<rdf:RDF xmlns="http://web.resource.org/cc/"
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">
|
||||
<Work rdf:about="">
|
||||
<dc:type rdf:resource="http://purl.org/dc/dcmitype/Text" />
|
||||
<license rdf:resource="http://creativecommons.org/licenses/by-sa/2.5/de/" />
|
||||
</Work>
|
||||
|
||||
<License rdf:about="http://creativecommons.org/licenses/by-sa/2.5/de/">
|
||||
<permits rdf:resource="http://web.resource.org/cc/Reproduction" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/Distribution" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Notice" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/Attribution" />
|
||||
<permits rdf:resource="http://web.resource.org/cc/DerivativeWorks" />
|
||||
<requires rdf:resource="http://web.resource.org/cc/ShareAlike" />
|
||||
</License>
|
||||
|
||||
</rdf:RDF>
|
||||
-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
@ -1,119 +0,0 @@
|