cryptonas/cbox-build.sh

#!/bin/sh
#
# managing our work at the cryptobox
#
# usual workflow:
#   dfsbuild	- create the image directory with dfsbuild and copy it to
#		  the working directory
#   config	- apply cryptobox specific changes to the working directory
#   harden	- remove unnecessary packages (for release CD)
#   iso		- create the iso image (out of the working directory)
#   burn	- tries to burn the the image on a cd-rw (maybe it works)
#
# development actions:
#   chroot	- run first tests in a chroot environment
#   qemu	- run the qemu emulation
#   devel	- enable developer features like sshd, writable templates and
#		  the test-suite (can be undone by "revert")
#   revert	- reset the working directory to the image created by dfsbuild
#
# final action:
#   release	- the same as "dfsbuild config iso"
#
#
# problems of this script:
#  - has to run as root, because dfsbuild, config, iso, chroot, devel,
#    revert and release need root privileges
#
# you may run this script with multiple arguments, e.g.:
#   cb-build.sh dfsbuild config iso qemu
#
# the action "release" does what it says :)
#  (all developer's features like sshd, writable templates and
#   the test-suite are deactivated)
#


set -ue

# dfsbuild config
CONFIG="dfs.cbox.conf"
# the build directory (will be ERASED without warning)
BUILDDIR="_builddir/cd1"
# image directory created by dfsbuild
IMAGE_DIR_ORIG="$BUILDDIR/image"
# a working copy of the image directory
IMAGE_DIR="$BUILDDIR/image-working"
# template directory for cryptobox specific configuration
TEMPLATE_DIR="cryptobox.conf.d"
# the iso image
IMAGE_FILE="$BUILDDIR/cryptobox.iso"
# temporary directory
TMP_DIR="/tmp/`basename $0`-$$"
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
# mkisofs options (the option "-U" is not clean, but it prevents long filenames from getting mapped)
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh"
CDWRITER="0,0,0"
LOCALCONF_DIR=local.conf.d
# for development diffs and merges from a running cryptobox
SSH_CONFIG_FILE="$LOCALCONF_DIR/ssh-options"
SSH_HOST=cryptobox
REMOTE_COMMAND="/usr/lib/cryptobox/devel-features.sh"



function run_dfsbuild()
{
	[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
	dfsbuild -c "$CONFIG" -w "$BUILDDIR" 
	
	# remove iso image of dfsbuild - it is not necessary
	[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
}


function create_iso()
{
	echo "Creating the iso ..."
	mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
}


function qemu_boot()
{
	# create a virtual harddisk image file
	if [ ! -e "$HD_IMAGE" ]
		then	echo "Creating temporary harddisk image ..."
			dd if=/dev/zero of="$HD_IMAGE" bs=1M count=20
	  fi
	# create default qemu-ifup
	if [ ! -e "$LOCALCONF_DIR/qemu-ifup" ]
		then	[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
			cp "misc/qemu-ifup.default" "$LOCALCONF_DIR/qemu-ifup"
	  fi
	echo "Starting qemu ..."
	qemu -cdrom "$IMAGE_FILE" -m 96 -hda "$IMAGE_FILE" -boot d -n "$LOCALCONF_DIR/qemu-ifup" || true
	# remove iptables rules
	"$LOCALCONF_DIR/qemu-ifup" stop
}


function init_working_directory()
{
	cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc"
	[ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR"
	echo "Copying the dfsbuild-image ..."
	cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR"
}


function configure_cb()
{
	if [ ! -e "$IMAGE_DIR" ]; then 
		echo -e "Directory \"$IMAGE_DIR\" not found!"
		echo -e "Did you run \"$0 dfsbuild\"?" 
		echo -e "Otherwise try \"$0 revert\" to fix this."
		exit
	fi

	echo "Copying files into the box ..."
		[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
		cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
		rm -rf `find "$TMP_DIR" -type d -name ".svn"`
		cp -dr "$TMP_DIR/." "$IMAGE_DIR"
		rm -rf "$TMP_DIR"

	echo "Configuring the cryptobox ..."
		# "harden" removes /etc/issue ...
		if [ -e "$IMAGE_DIR/etc/issue" ]
		  then	sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGE_DIR/etc/issue"
		  else	echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
		 fi
		fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
		chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
}


function fetch_revision()
{
	svn -R info| grep ^Revision| cut -f2 -d " " | sort | tail -1
}


function check_ssh_defaults()
{
	if [ ! -e "$SSH_CONFIG_FILE" ]
		then	[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
			cp misc/ssh-options.default "$SSH_CONFIG_FILE"
	  fi
}


function upload2devel()
# upload local files to a development cryptobox
# this is necessary to use an "old" development cd with
# new code - this affects only the web-interface and the
# cbox-manage.sh-script (the boot behaviour stays the same)
#
# of course, only the directories that are mapped to tmpfs can
# be updated this way
{
	check_ssh_defaults
	local DIRS="var/www usr/share/cryptobox usr/lib/cryptobox"
	[ -e "$TMP_DIR" ] || mkdir -p "$TMP_DIR"
	for a in $DIRS
		do	mkdir -p "$TMP_DIR/$a"
			cp -r "$TEMPLATE_DIR/$a/." "$TMP_DIR/$a"
	  done
	find "$TMP_DIR" -type d -name '\.svn' | while read a
		do	rm -rf "$a"
	  done
	echo "Copying local files to the cryptobox ... "
	if scp -F "$SSH_CONFIG_FILE" -rpq "$TMP_DIR/." cryptobox:/tmp/mirror 
		then	echo "Set the base for future diffs to current state ..."
			ssh -F "$SSH_CONFIG_FILE" $SSH_HOST $REMOTE_COMMAND set_diff_base
		else	echo 'ERROR: copying failed!'
	  fi
	rm -rf "$TMP_DIR"
}
 

function merge_from_devel()
# merge a diff from a running development cryptobox into
# this working directory
{
	check_ssh_defaults
	echo "Check for collisions ... (dry-run)"
	if ssh -F "$SSH_CONFIG_FILE" $SSH_HOST $REMOTE_COMMAND diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
	  then	echo
	  	echo "Applying diff ..."
		ssh -F "$SSH_CONFIG_FILE" $SSH_HOST $REMOTE_COMMAND diff | patch -p1 -d "$TEMPLATE_DIR"
		echo
		echo "Set the base for future diffs to current state ..."
		ssh -F "$SSH_CONFIG_FILE" $SSH_HOST $REMOTE_COMMAND set_diff_base
	  else	echo "Merging will fail - do it manually!"
	 fi
}


function blanknburn_cdrw()
{
	cdrecord -v dev=$CDWRITER blank=fast
	cdrecord -v dev=$CDWRITER $IMAGE_FILE
}
################ do it! ######################

[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"

while [ $# -gt 0 ]
   do	case "$1" in
	    dfsbuild )
		run_dfsbuild
		init_working_directory
		;;
	    config )
		configure_cb normal
		;;
	    iso )
		create_iso
		;;
	    qemu )
		qemu_boot
		;;
	    revert )
		init_working_directory
		;;
	    diff )
	    	# get a diff from a running development cryptobox
		check_ssh_defaults
		ssh -F "$SSH_CONFIG_FILE" $SSH_HOST $REMOTE_COMMAND diff
		;;
	    merge )
	 	merge_from_devel
		;;
	    harden )
		chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure
	    	;;
	    upload )
	 	upload2devel
		;;
	    chroot )
		if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ]
		   then	echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable"
		    	echo "maybe you should run '`basename $0` cb-config' first"
		   else	chroot "$IMAGE_DIR" "$CHROOTSTART"
		  fi
		;;
	    burn )
		blanknburn_cdrw
		;;
	    release )
	    	$0 dfsbuild config harden iso
		;;
	    help|--help )
		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | release | qemu | revert | chroot | burn | upload | diff | merge | help )"
		echo "  (you may specify more than one action)"
		echo
	    	;;
	    * )
		echo -e "unknown action: $1"
		echo
		$0 help
		exit 1
		;;
	  esac
	  shift
  done