diff --git a/debian/control b/debian/control index 26058dc..c021e52 100644 --- a/debian/control +++ b/debian/control @@ -2,17 +2,17 @@ Source: cryptobox Section: admin Priority: extra Maintainer: Lars Kruse -Build-Depends: debhelper (>>3.0.0), dpatch, gcc (>=2.95) +Build-Depends: debhelper (>>3.0.0), dpatch Standards-Version: 3.6.2 Package: cryptobox Architecture: any -Depends: bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), httpd-cgi, hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver -Suggests: cron, samba +Depends: bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), httpd-cgi, hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver, super, dosfstools, python-cherrypy, python-confobj +Suggests: samba, stunnel, openssl Description: Web interface for an encrypting fileserver - This bundle of scripts and cgis allow you to manage an encrypted harddisk - via a web interface. The data is platform independently available + This web interface allows you to manage the encrypted and plaintext + disks of your system. The data is platform independently available via samba file shares. - Even non-technical users are able to encrypt their private data with the - CryptoBox. + Even non-technical users are able to encrypt their private data with + the CryptoBox. diff --git a/debian/cryptobox.default b/debian/cryptobox.default index 175e245..fffb4ca 100644 --- a/debian/cryptobox.default +++ b/debian/cryptobox.default @@ -7,6 +7,5 @@ # set to "1" to turn off the cryptobox - otherwise "0" NO_START=1 -# change the default configuration file if necessary -#CONF_FILE=/etc/cryptobox/cryptobox.conf - +# the use that should execute the cryptobox +RUNAS=lars diff --git a/debian/cryptobox.init b/debian/cryptobox.init index bb13012..ef64166 100755 --- a/debian/cryptobox.init +++ b/debian/cryptobox.init @@ -7,40 +7,53 @@ # see LICENSE file in this package for details # -# check if the cryptobox is installed -[ -e "/usr/lib/cryptobox/cbox-manage.sh" ] || exit 0 - # read the default setting file, if it exists [ -e /etc/default/cryptobox ] && source /etc/default/cryptobox # startup switch defaults to zero (enabled) NO_START=${NO_START:-0} +RUNAS=${RUNAS:-cryptobox} -#if [ "$NO_START" = "1" ] -# then [ $# -eq 0 ] && exit 0 -# [ "$1" = "status" ] && exit 1 -# [ "$1" = "stop" ] && exit 0 -# echo "CryptoBox is disabled by default" -# exit 0 -# fi - -# set CONF_FILE to default value, if not configured in /etc/default/cryptobox -CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} - -# parse config file -if [ -e "$CONF_FILE" ] - then source "$CONF_FILE" - else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2 - exit 1 +if [ "$NO_START" = "1" ] + then [ $# -eq 0 ] && exit 0 + [ "$1" = "status" ] && exit 1 + [ "$1" = "stop" ] && exit 0 + echo "CryptoBox is disabled by default" + exit 0 fi +CBXSERVER=CryptoBoxWebserver.py + +if test -e "./$CBXSERVER" + then CBXPATH=$(pwd) + else CBXPATH=/usr/lib/cryptobox + fi + +PIDFILE=/var/run/cryptobox.pid +DAEMON=/usr/bin/python2.4 +DAEMON_OPTS=$CBXPATH/$CBXSERVER +NAME=cryptoboxd +DESC="CryptoBox Daemon (webinterface)" + +test -e "$CBXPATH/$CBXSERVER" || exit 0 + case "$1" in start ) - # nothing to be done + # TODO: mount config dir + # TODO: create certificate + # TODO: run stunnel + # the lines above should go into the live-cd scripts + echo -n "Starting $DESC: " + start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS + echo "$NAME." ;; stop ) - # unmount all active containers - "/usr/lib/cryptobox/cbox-manage.sh" umount_all + echo -n "Stopping $DESC: " + # does the pid file exist? + test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1 + # kill all process with the parent pid that we saved before + pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE" + echo "$NAME." ;; force-reload | restart ) "$0" stop diff --git a/debian/dirs b/debian/dirs index 7135fc4..c1e5540 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1,4 +1,6 @@ etc/cryptobox etc/default etc/init.d -usr/lib/cgi-bin +usr/lib/cryptobox +usr/share/cryptobox +var/cache/cryptobox diff --git a/debian/links b/debian/links deleted file mode 100644 index bd32720..0000000 --- a/debian/links +++ /dev/null @@ -1 +0,0 @@ -/usr/share/cryptobox/html /var/www/cryptobox-misc diff --git a/debian/postinst b/debian/postinst index 3dd5ec1..3f27756 100755 --- a/debian/postinst +++ b/debian/postinst @@ -1,42 +1,24 @@ #!/bin/sh -# read the default setting file, if it exists -[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox +LOG_FILE=/var/log/cryptobox.log +CRYPTOBOX_USER=cryptobox -# set CONF_FILE to default value, if not configured in /etc/default/cryptobox -CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf} - -# parse config file -if test -e "$CONF_FILE" - then . "$CONF_FILE" - # create mount and config directories with appropriate permissions - test ! -e "$LOG_FILE" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" - fi +# create mount and config directories with appropriate permissions +test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null then # do nothing - the user already exists true else # create cryptobox user echo "Creating new user '$CRYPTOBOX_USER' ..." - USER_HOME=/var/lib/cryptobox + USER_HOME=/var/cache/cryptobox adduser --system --group --home "$USER_HOME" cryptobox - # add the user to the group "plugdev" (necessary for pmount) - adduser cryptobox plugdev - cp -r "$CONFIG_DEFAULTS_DIR" "$USER_HOME/config" mkdir "$USER_HOME/mnt" chown -R ${CRYPTOBOX_USER}: "$USER_HOME" # only members of the cryptobox group may access the user directory chmod 750 "$USER_HOME" - # no one may look into the config directory (protect init passwords) - chmod 700 "$USER_HOME/config" fi -# set permissions for suid wrappers -chown root:$CRYPTOBOX_USER "/usr/lib/cryptobox/cryptobox_root_wrapper" -chmod 4750 "/usr/lib/cryptobox/cryptobox_root_wrapper" -chown $CRYPTOBOX_USER: "/usr/lib/cgi-bin/cryptobox" -chmod 6755 "/usr/lib/cgi-bin/cryptobox" - #DEBHELPER# true diff --git a/debian/postrm b/debian/postrm index b96ff52..b6933ef 100755 --- a/debian/postrm +++ b/debian/postrm @@ -1,7 +1,7 @@ #!/bin/sh if test "$1" = "purge" && getent passwd cryptobox 2>/dev/null >/dev/null \ - && test "$(cd ~cryptobox;pwd)" = /var/lib/cryptobox + && test "$(cd ~cryptobox;pwd)" = /var/cache/cryptobox then echo "Removing user 'cryptobox' ..." userdel -r cryptobox fi diff --git a/debian/rules b/debian/rules index 5d6d90b..1e8334a 100755 --- a/debian/rules +++ b/debian/rules @@ -55,9 +55,7 @@ install: build dh_clean -k dh_installdirs $(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr - install -c -m 644 build_dir/etc/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/ - install -c -m 644 build_dir/etc/distribution.conf $(DEB_BUILD_DIR)/etc/cryptobox/ - install -c -m 755 bin/cryptobox_cgi_wrapper $(DEB_BUILD_DIR)/usr/lib/cgi-bin/cryptobox + install -c -m 644 bin/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/ # Build architecture-independent files here.