diff --git a/MANIFEST.in b/MANIFEST.in index 70274a9..8cf388d 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -1,6 +1,9 @@ include README include LICENSE -include CHANGELOG +include changelog +include copyright +graft man +graft scripts graft doc graft conf-examples graft event-scripts diff --git a/changelog b/changelog index a033861..b7e0306 100644 --- a/changelog +++ b/changelog @@ -1,8 +1,17 @@ -Version 0.3 - 01/??/02006 - * uses cryptsetup-luks instead of cryptsetup +Version 0.3 - 02/15/02007 + * completely new interface + * manage multiple disks + * support custom partitioning + * support plaintext partitions + * use cryptsetup-luks instead of plain cryptsetup + * allow to set time and date + * change of encryption passphrase without data losses + * support for pluggable features + * new kernel: 2.6.18 * bugfix: add /dev/hdd to device scan * support for usb, scsi and firewire cdrom drive - * seperated cryptobox package + * seperated cryptobox-server package available + * french translation added (thanks to 'rike') Version 0.2.1 - 10/22/02005 * fixed a critical bug in the initialisation process diff --git a/conf-examples/cryptobox.conf b/conf-examples/cryptobox.conf index a4bda5c..83c87a4 100644 --- a/conf-examples/cryptobox.conf +++ b/conf-examples/cryptobox.conf @@ -59,7 +59,7 @@ Destination = file # details. Possible values for the different destinations are: # file: $FILENAME # syslog: $LOG_FACILITY -Details = /var/log/cryptobox.log +Details = /var/log/cryptobox/cryptobox.log [WebSettings] diff --git a/conf-examples/samba-include.conf b/conf-examples/samba-include.conf index e69de29..9a1274c 100644 --- a/conf-examples/samba-include.conf +++ b/conf-examples/samba-include.conf @@ -0,0 +1,2 @@ +# DO NOT REMOVE OR EDIT THIS FILE +# the file was automatically generated by the cryptobox package diff --git a/man/CryptoBoxRootActions.8 b/man/CryptoBoxRootActions.8 new file mode 100644 index 0000000..856db91 --- /dev/null +++ b/man/CryptoBoxRootActions.8 @@ -0,0 +1,84 @@ +.TH CryptoBoxRootActions 1 "November 02006" "cryptobox" "suid script" +.SH NAME +CryptoBoxRootActions \- The CryptoBoxWebserver calls this script in order to execute various programs which require root privileges. +.SH SYNOPSIS +.B CryptoBoxRootActions +check +.br +.B CryptoBoxRootActions +plugin \fIFEATURE_SCRIPT\fR [\fIARGS\fR] +.br +.B CryptoBoxRootActions +hook \fIEVENT_SCRIPT\fR [\fIARGS\fR] +.br +.B CryptoBoxRootActions +hook \fIPROG\fR [\fIARGS\fR] +.SH DESCRIPTION +CryptoBoxRootActions is a script that is called by the \fBCryptoBox\fR to execute +programs which require root privileges. You will never call this program directly. This +manpage should only be useful as a reference for developers of the CryptoBox. +.PP +To let the CryptoBox gain root permissions you need the program \fBsuper\fR. +It is configured properly if it \fI/etc/super.tab\fR contains the following line: +.RS +.PP +CryptoBoxRootActions /usr/sbin/CryptoBoxRootActions cryptobox +.RE +.PP +We assume that the CryptoBoxRootActions script is located at +\fI/usr/sbin/CryptoBoxRootActions\fR. Furthermore the user running the CryptoBox +server is assumed to be \fIcryptobox\fR. +.SH CONFIGURATION CHECK +Call the CryptoBoxRootActions script with the argument \fIcheck\fR to test if +\fBsuper\fR is configured properly. Just type the following: +.RS +.PP +super CryptoBoxRootActions check; echo $? +.RE +.PP +This should output '0' for success. Any other value indicates a problem and should +be accompanied by a descriptive error message. +.SH FEATURE SCRIPTS +The CryptoBox can be easily extended with new features. Refer to the developer +documentation of the CryptoBox for more details. +.PP +If a feature needs root privileges to accomplish its function, then you have to write +a separate python script for these actions. This script mus fulfill the following +conditions: +.TP +writable only for root +The script and all its parent directories may not be writable for anyone except root. +.TP +must be executable +The execution permission bit of the script must be set. +.TP +marking member +The script must contain a member called \fBPLUGIN_TYPE\fR with the string value +\fIcryptobox\fR. This prevents the execution of arbitrary scripts. +.SH EVENT SCRIPTS +The CryptoBox calls all scripts within a given directory whenever specific events +occour. Possible events are mounting and unmounting of disks or the bootup or shutdown +of the CryptoBox. Refer to \fI/usr/share/doc/cryptobox/event-scripts/README\fR +for further details. +.PP +An event script must fulfill the following conditions: +.TP +writable only for root +The script and all its parent directories must not be writable for anyone except root. +.TP +must be executable +The execution permission bit of the script must be set. +.TP +marked directory +The directory of the script must also contain a file called \fI_cryptobox_events_\fR to prevent the execution of arbitrary scripts. +.SH SELECTED PROGRAMS +Very few selected programs may be called via CryptoBoxRootActions. Examples +are \fBcryptsetup\fR and \fBmount\fR. Refer to the source of CryptoBoxRootActions +for details. +.SH AUTHOR +Written by Lars Kruse +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 02006 Lars Kruse + diff --git a/man/CryptoBoxWebserver.8 b/man/CryptoBoxWebserver.8 new file mode 100644 index 0000000..494ca3c --- /dev/null +++ b/man/CryptoBoxWebserver.8 @@ -0,0 +1,55 @@ +.TH CryptoBoxWebserver 1 "November 02006" "cryptobox" "daemon" +.SH NAME +CryptoBoxWebserver \- start the webserver of the \fBCryptoBox\fR package. +.SH SYNOPSIS +.B CryptoBoxWebserver +[\fIOPTIONS\fR] +.SH DESCRIPTION +.PP +The CryptoBoxWebserver is a web interface that allows you to manage encrypted and +plaintext disks of your computer without using the commandline interface. It works +easily together with \fBsamba\fR, \fBapache2-dav\fI and \fBftp\fR servers to provide +simple access to your data. +.SH OPTIONS +The following options control the behaviour of the CryptoBoxWebserver: +.TP +\fB\-c\fR, \fB\-\-config\fR=\fBFILE\fR +Uses the named configuration file. +.TP +\fB\-p\fR, \fB\-\-port\fR=\fBPORT\fR +Specifiy a port to listen to. +.TP +\fB\-\-host\fR=\fBHOST\fR +Specifiy the interface to listen to by providing a resolvable name or an ip. The server +listens to all interfaces by default. +.TP +\fB\-B\fR +Run the webserver in the background. Otherwise the terminal will stay attached to the +process. +.TP +\fB\-q\fR +Quiet output - only errors will get reported. +.TP +\fB\-\-pidfile\fR=\fFILE\fR +Specify a pid file for the webserver. +.TP +\fB\-\-datadir\fR=\fDIRECTORY\fR +Specify the location of the data directory of the webserver. The default location is +\fI/usr/share/cryptobox/www-data\fR. +.TP +\fB\-\-version\fR +Show the version of the \fBCryptoBox\fR and exit immediately. +.TP +\fB\-h\fR, \fB\-\-help\fR +Show the help message and exit. +.SH ENVIRONMENT VARIABLES +.IP PYTHONPATH +You may want to define this variable in case that you installed the \fBCryptoBox\fR +python package in a non-default location. +.SH AUTHOR +Written by Lars Kruse +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 02006 Lars Kruse + diff --git a/package.exclude b/package.exclude index 7f6fad0..d7942cc 100644 --- a/package.exclude +++ b/package.exclude @@ -1,4 +1,5 @@ debian design stuff +bin-perl-old package.exclude diff --git a/setup.py b/setup.py index 59eb7da..3a3156a 100644 --- a/setup.py +++ b/setup.py @@ -8,25 +8,38 @@ import os IGNORE_FILES = [ '.svn' ] ## define the data destination directory (below the python directory - we will fix this for debian in the rules file) -datadir = distutils.sysconfig.get_python_lib() +pydir = distutils.sysconfig.get_python_lib() ## remove installation prefix to get relative path -datadir = datadir.replace(distutils.sysconfig.get_config_var("prefix") + os.path.sep, '') -datadir = os.path.join(datadir, 'cryptobox','share') +pydir = pydir.replace(distutils.sysconfig.get_config_var("prefix") + os.path.sep, '') +pydir = os.path.join(pydir, 'cryptobox') +## shared data dir +datadir = os.path.join(pydir, 'share') +## doc dir +docdir = os.path.join(pydir, 'doc') ## configuration directory confdir = os.path.join(os.path.sep, 'etc', 'cryptobox') -def listfiles(prefix,srcdir): - """get files below a directory recursively - map them to the appropriate datatype as expected by 'data_files' in setup""" + +def listfiles(prefix,src): + """create a list of files below a directory recursively + + If the src contains more then one path element (multiple levels), then only the + last one (basename part) is added to the prefix path (e.g.: 'dest','src1/src2' will + create a list below 'dest/src2'). + The result is a list of tuples: (destination, [srcfiles,...]). + This is the datatype expected by 'data_files' in setup.""" + ## we will not add the 'dirname' part of srcdir to the destination + src_dir, src_base = os.path.split(src) ## add the files of this directory - result = [(os.path.join(prefix,srcdir), [ os.path.join(srcdir, f) for f in os.listdir(srcdir) if os.path.isfile(os.path.join(srcdir, f)) and not f in IGNORE_FILES ])] + result = [(os.path.join(prefix,src_base), [ os.path.join(src,f) for f in os.listdir(src) if os.path.isfile(os.path.join(src,f)) and not f in IGNORE_FILES ])] ## add the files in subdirectories - for d in os.listdir(os.path.join(srcdir)): - if os.path.isdir(os.path.join(srcdir,d)) and not d in IGNORE_FILES: - result.extend(listfiles(prefix,os.path.join(srcdir,d))) + for d in os.listdir(src): + if os.path.isdir(os.path.join(src,d)) and not d in IGNORE_FILES: + result.extend(listfiles(os.path.join(prefix,src_base),os.path.join(src,d))) return result - - + + def getdatafiles(prefix,dirs): filelist = [] for d in dirs: @@ -50,9 +63,9 @@ setup( packages = [ 'cryptobox', 'cryptobox.core', 'cryptobox.web', 'cryptobox.plugins', 'cryptobox.tests' ], data_files = getdatafiles(datadir, ['templates','www-data','lang','plugins']) + getdatafiles(confdir, ['conf-examples/cryptobox.conf']) + - getdatafiles(os.path.join(confdir,'events.d'), ['event-scripts/README']) + - getdatafiles(datadir, ['doc']) + - getdatafiles(os.path.join(datadir,'doc'), ['conf-examples','event-scripts','README','changelog','LICENSE','copyright','doc/html']), + getdatafiles(os.path.join(confdir,'events.d'), ['event-scripts/README','event-scripts/_event_scripts_']) + + getdatafiles(docdir, ['doc/html']) + + getdatafiles(docdir, ['conf-examples','event-scripts','README','changelog','LICENSE','copyright','doc/html']), package_dir = { '': 'src' }, scripts = [ 'bin/CryptoBoxWebserver', 'bin/CryptoBoxRootActions' ], classifiers = [