"secure" build now works; moved /usr/lib/cryptobox-cd to /usr/share/cryptonas-live; removed some obsolete files; added gettext to

development build

config/chroot_local-includes/etc/cbox-dev.conf

@@ -1,54 +0,0 @@
-# some local settings for cbox-build.sh and validate.sh
-#
-# previously defined settings:
-#	- ROOT_DIR
-#
-
-
-####################### cbox-build ########################
-
-# the build directory (will be ERASED without warning)
-BUILD_DIR="$ROOT_DIR/_builddir"
-
-# the cryptobox development files
-CBOX_DEVEL_DIR=$ROOT_DIR/cbox-tree.d
-
-# template for live-cd
-TEMPLATE_DIR=$ROOT_DIR/live-cd-tree.d
-
-# the iso image
-IMAGE_FILE=$BUILD_DIR/cryptobox.iso
-
-# temporary directory
-TMP_DIR=/tmp/$(basename $0)-$$
-
-# the virtual harddisk image used for qemu
-HD_IMAGE=/tmp/$(basename $0)-testplatte.img
-
-# mkisofs options (the option "-U" is not clean, but it prevents long
-# filenames from getting mapped)
-# TODO: this may prevent windows user from reading the documentation
-MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
-
-# for burning a CD
-CDWRITER=0,0,0
-
-
-####################### validation ########################
-
-# language of validation (select web interface language)
-VALIDATE_LANGUAGE=en
-
-# directory of the test-cases
-VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases
-
-# override these settings if the CryptoBox uses a non-default IP
-VALIDATE_HOST_IP_DEFAULT=192.168.0.23
-VALIDATE_HOST_IP_CHANGED=192.168.0.24
-
-# destination directories for the results
-VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$
-VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report
-VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates
-
-

config/chroot_local-includes/etc/dfs-cbox.conf

@@ -1,236 +0,0 @@
-# arch-tag: Default configuration file
-# Copyright (c) 2004 John Goerzen
-
-[DEFAULT]
-######################################################################
-# Overall settings, set defaults for all archs
-######################################################################
-
-# Name of generated disc & hostname
-# BEWARE: hostname does not work - you have to set the hostname manually at the end of this file
-name = CryptoBox
-
-# Version of generated disc
-version = 0.3.4
-
-# Person that built it
-builder = sense.lab
-
-# Repositories to mirror.  Details about each one are configured below.
-dlrepos = stable
-
-# Repository to build the CD with.  Must be in above list.
-suite = stable
-
-# Whether or not to use zftree compression on ISO image
-compress = no
-
-# Files to never compress if the above is yes
-# If a dir is given, that dir and everything below is not compressed
-dontcompress = /boot
-	/etc/*boot*
-	/opt/dfsruntime/initrd.dfs
-
-# Location of dfsbuild support files
-libdir = /usr/lib/dfsbuild
-
-# Location of docs for CD
-docdir = /usr/share/doc/dfsbuild
-
-# Bootloader to place on CD.  Choices are:
-# grub-hd              GRUB with ElTorito hard disk emulation (not working yet)
-# grub-no-emul         "raw" ElTorito image
-# aboot                Alpha SRM bootloader
-# yaboot               PowerPC bootloader
-# (usually set in arch area)
-#bootloader = grub-no-emul
-
-
-# Packages to install on live FS, on all archs, besides base system
-allpackages =	
-		util-linux
-		grub
-		parted
-		dmsetup
-		perl
-		tar 
-		bash 
-		coreutils 
-		module-init-tools 
-		ifupdown 
-		busybox
-		usbutils 
-		pciutils 
-		discover 
-		hdparm 
-		binutils
-		debconf 
-		sysutils 
-		stunnel4
-		samba
-		hashalot
-		python-clearsilver
-		python-cherrypy
-		python-configobj
-		python-central
-		super
-		dosfstools
-		cryptsetup
-		python-m2crypto
-		# support for file systems
-		e2tools 
-		e2fsprogs
-		xfsprogs
-		hfsutils
-		jfsutils
-		## ntfs-3g is not in etch
-		#ntfs-3g
-		# TODO: remove the following packages for the final version
-		subversion
-		strace
-		ssh
-		vim
-		nano 
-		less 
-		lynx
-		w3m
-		screen
-		elinks
-
-
-# select a mirror for the repository (apt-cacher, apt-proxy, no caching) by
-# uncommenting the line of your choice
-# (1) apt-cacher (default)
-mirror = http://127.0.0.1/apt-cacher/ftp.debian.org/debian
-# (2) apt-proxy
-#mirror = http://127.0.0.1:9999/debian
-# (3) no caching proxy for apt
-#mirror = http://ftp.debian.org/debian
-
-
-# Files to place on the ramdisk
-ramdisk_files = /etc/resolv.conf
-	/etc/lvm*
-	/tmp
-	/var/tmp
-	/dev
-	/var/lib/dhcp
-	/var/lib/samba
-	/var/log
-	/var/cache/samba
-	/var/lock
-	/var/run
-	/var/state
-	/etc/mtab
-	/root
-	/etc/network
-	/var/lib/misc
-	/var/lib/urandom
-	#/etc/hotplug/.run
-	/var/spool/cron
-
-# Directories to create on live fs
-makedirs = 
-
-# Files to delete from live fs
-deletefiles = /etc/rcS.d/*discover 
-	/etc/rcS.d/*lvm
-	/var/log/dpkg.log
-	/var/log/bootstrap.log
-
-preparescripts =
-	../scripts/prepare_target.sh
-
-cleanupscripts =
-	../scripts/cleanup_target.sh
-
-######################################################################
-# Arch settings: i386
-######################################################################
-
-[i386]
-# Name of any kernel images to install directly from your current filesystem
-#kernels = /boot/vmlinuz-2.4.27-2-386
-
-# Modules to copy from host filesystem
-#modules = /lib/modules/2.4.27-2-386
-
-# Debs from local fs to unpack on live FS (will not be configured)
-unpackdebs =
-	../packages/linux-image-2.6.20_cryptobox0.3.3_i386.deb
-
-# Other packages to install besides the list in DEFAULT
-packages = %(allpackages)s
-
-# Debs from local fs to install on live fs
-## fetch newest ntfs-3g from debian backports
-installdebs = 
-	../packages/cryptobox-server.deb
-	../packages/ntfs-3g_1%3a1.516-1~bpo.1_i386.deb
-
-# Bootloader (see options under default)
-bootloader = grub-no-emul
-
-# Extra lines for grub config
-grubconfig = timeout 0
-	password -md5 this_invalid_hash_protects_grub_config
-
-#####################################################################
-# Repository configuration
-######################################################################
-
-# Repositories to download
-[repo testing]
-suite = testing
-
-[repo amd64]
-suite = unstable
-# Override default mirror
-#mirror = http://debian-amd64.alioth.debian.org/pure64/
-# Override default arch
-arch = amd64
-
-######################################################################
-# Text to add to existing files
-######################################################################
-
-[appendfiles]
-
-/etc/network/interfaces =
-	auto lo eth0
-	iface lo inet loopback
-	iface eth0 inet static
-		address 192.168.0.23
-		netmask 255.255.255.0
-
-# /etc/modules =
-
-/etc/profile = export TERM=vt100
-
-######################################################################
-# Files to create or truncate
-######################################################################
-
-[createfiles]
-/etc/hostname = CryptoBox
-
-/etc/syslog.conf = *.*	/dev/tty8
-	*.info	/dev/tty7
-
-/etc/hosts = 127.0.0.1 localhost
-
-/etc/kernel-img.conf = do_initrd = Yes
-
-# exit the samba startup script during install immediately - otherwise
-# there would be /proc problems - it will get replaced later via
-# live-cd-tree.d/usr/lib/cryptobox-cd/configure-cryptobox.sh
-/etc/default/samba = exit
-
-######################################################################
-# Symlinks to create (from = to format)
-######################################################################
-
-# this does not work anymore
-#[symlinks]
-#/etc/mtab = /proc/mounts
-

config/chroot_local-includes/etc/init.d/qemu-ifup

@@ -0,0 +1,55 @@
+#!/bin/sh
+#
+# this is the qemu-ifup script that should be run at qemu's boot
+#
+
+# determine the interface to the outside
+IF_WORLD=`/sbin/route -n | grep " UG " | sed "s/  */ /g" | cut -d " " -f 8 | head -1`
+# nothing found? - sorry!
+[ -z "$IF_WORLD" ] && IF_WORLD=eth0
+
+
+if [ "$UID" -ne 0 ] 
+	then	sudo $0 $*
+		exit 0
+  fi
+
+echo "Laufe als root ..."
+
+IPT=/sbin/iptables
+[ ! -x $IPT ] && IPT=/usr/sbin/iptables
+
+IPT_RULES="	FORWARD -i tun0 -o $IF_WORLD -j ACCEPT
+		FORWARD -i $IF_WORLD -o tun0 -m state --state ESTABLISHED,RELATED -j ACCEPT
+		POSTROUTING -t nat -o $IF_WORLD -j MASQUERADE
+		INPUT -i tun0 -j ACCEPT
+		OUTPUT -o tun0 -j ACCEPT"
+
+aktiviere_forward()
+{
+	echo "$IPT_RULES" | while read a
+		do	$IPT -A $a
+	  done
+	echo 1 >/proc/sys/net/ipv4/ip_forward
+}
+
+deaktiviere_forward()
+{
+	echo "$IPT_RULES" | while read a
+		do	$IPT -D $a
+	  done
+	echo 0 >/proc/sys/net/ipv4/ip_forward
+}
+
+case "$1" in
+	stop )
+		deaktiviere_forward
+		#/etc/init.d/dhcp stop
+		;;
+	* )
+		/sbin/ifconfig $1 192.168.0.1
+		#/etc/init.d/dhcp start
+		aktiviere_forward
+		;;
+  esac
+