"secure" build now works; moved /usr/lib/cryptobox-cd to /usr/share/cryptonas-live; removed some obsolete files; added gettext to
development build
This commit is contained in:
frisco
parent
3ccc72f535
commit
91a0cfb6de
60 changed files with 147 additions and 2581 deletions
|
|
@ -16,24 +16,30 @@
|
|||
|
||||
set -eu
|
||||
|
||||
#FIXME: no longer using dfs:
|
||||
RUNTIMEDIR=/opt/dfsruntime/runtimerd
|
||||
TUNDEV=$RUNTIMEDIR/dev/net/tun
|
||||
|
||||
REMOVE_PACKAGES="strace
|
||||
nvi nano vim vim-common vim-tiny
|
||||
unzip zip aptitude tasksel locate
|
||||
ssh elinks curl wget netkit-inetd telnet
|
||||
unzip zip locate
|
||||
ssh elinks curl netkit-inetd telnet
|
||||
exim4-daemon-light exim4-config exim4-base
|
||||
ppp pppconfig pppoe pppoeconf iptables
|
||||
ppp pppconfig pppoe pppoeconf
|
||||
subversion w3m wget lynx less screen
|
||||
info iptables man-db manpages
|
||||
info man-db manpages
|
||||
openssh-server openssh-client"
|
||||
|
||||
# Removing these packages would be better for security, but
|
||||
# breaks the build:
|
||||
#aptitude tasksel wget iptables
|
||||
#TODO: evaluate whether to remove other packages under Debian Live
|
||||
|
||||
# remove rc symlinks for these services
|
||||
SERVICES_OFF="ssh setserial nviboot mountnfs ntpdate"
|
||||
|
||||
#We run in a chroot environment, so source files accordingly.
|
||||
. /usr/lib/cryptobox-cd/etc-scoreboard
|
||||
. /usr/share/cryptonas-live/etc-scoreboard
|
||||
|
||||
function configure_normal()
|
||||
# the usual stuff - not optimized for security
|
||||
|
|
@ -145,8 +151,12 @@ function configure_secure()
|
|||
# remove doc files
|
||||
# remove man pages
|
||||
# some vim files stay behind?
|
||||
rm -rf /opt/packages /var/cache/bootstrap /var/cache/apt/ /var/cache/locate
|
||||
rm -rf /usr/share/man /usr/share/vim /var/lib/apt /var/cache/debconf /var/cache/man
|
||||
|
||||
# Need to keep these files for live-helper to complete successfully
|
||||
# rm -rf /var/cache/apt /var/lib/apt /var/cache/debconf /opt/packages
|
||||
|
||||
rm -rf /var/cache/bootstrap /var/cache/locate
|
||||
rm -rf /usr/share/man /usr/share/vim /var/cache/man
|
||||
# remove docs except for the cryptobox's
|
||||
ls /usr/share/doc | while read dname
|
||||
do test "$dname" == "cryptobox-server" || rm -rf "/usr/share/doc/$dname"
|
||||
|
|
@ -161,7 +171,7 @@ function configure_secure()
|
|||
done
|
||||
|
||||
# change some dir permissions
|
||||
chmod 660 /var/cache/cryptobox-server/settings/
|
||||
chmod 770 /var/cache/cryptobox-server/settings/
|
||||
|
||||
return 0
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue