changed some setting names (CHROOTSTART and BUILDDIR)

removed the "revert" feature (too complicated and rarely used)
moved some settings to etc-defaults.d/cbox-dev.conf to allow local changes
master
lars 18 years ago
parent 6de670828e
commit 5cf24ebede
  1. 97
      cbox-build.sh
  2. 4
      configure-examples.d/README
  3. 4
      etc-defaults.d/README
  4. 42
      etc-defaults.d/cbox-dev.conf
  5. 83
      validation/validate.sh

@ -3,20 +3,18 @@
# managing our work at the cryptobox
#
# usual workflow:
# dfsbuild - create the image directory with dfsbuild and copy it to
# the working directory
# config - apply cryptobox specific changes to the working directory
# dfsbuild - create the image directory with dfsbuild
# config - apply cryptobox specific changes to the image directory
# harden - remove unnecessary packages and disable developer features
# iso - create the iso image (out of the working directory)
# iso - create the iso image (out of the image directory)
# burn - tries to burn the the image on a cd-rw (maybe it works)
#
# development actions:
# chroot - run first tests in a chroot environment
# qemu - run the qemu emulation
# devel - enable developer features like sshd, writable templates and
# the test-suite (can be undone by "revert")
# revert - reset the working directory to the image created by dfsbuild
# upload - copy local working copy to tmpfs on a running cryptobox
# the test-suite
# upload - copy your local files to tmpfs on a running cryptobox
# diff - compare tmpfs-files on a running cryptobox with the original
# merge - apply the diff to the local copy
#
@ -25,8 +23,8 @@
#
#
# problems of this script:
# - has to run as root, because dfsbuild, config, iso, chroot, devel,
# revert and release need root privileges
# - has to run as root, because dfsbuild, config, iso, chroot, devel
# and release need root privileges
# - 'harden' is strangely integrated
#
# you may run this script with multiple arguments, e.g.:
@ -50,6 +48,7 @@ function get_config_file()
exit 1
}
# the base directory of your local development files
ROOT_DIR=$(dirname "$0")
@ -59,39 +58,18 @@ DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
# your local configuration directory (existing files supersede the defaults)
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
# the build directory (will be ERASED without warning)
BUILDDIR="$ROOT_DIR/_builddir/cd1"
# image directory created by dfsbuild
IMAGE_DIR_ORIG="$BUILDDIR/image"
# a working copy of the image directory
IMAGE_DIR="$BUILDDIR/image-working"
# local configuration directory - contains scripts to be executed after
# 'configure'
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
# template directory for cryptobox specific configuration
TEMPLATE_DIR="cbox-tree.d"
# the iso image
IMAGE_FILE="$BUILDDIR/cryptobox.iso"
# dfsbuild config
CONFIG=$(get_config_file dfs.cbox.conf)
# temporary directory
TMP_DIR="/tmp/`basename $0`-$$"
# the virtual harddisk image used for qemu
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
# mkisofs options (the option "-U" is not clean, but it prevents long
# filenames from getting mapped)
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
# the chroot-wrapper within the cryptobox
CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh"
# for burning a CD
CDWRITER="2,0,0"
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
# qemu network configuration file
QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
@ -100,25 +78,34 @@ QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
SSH_CONFIG_FILE=$(get_config_file ssh_config)
# extract the hostname of the cryptobox from the ssh_config file
SSH_HOST=$(grep "^Host " $SSH_CONFIG_FILE | head -1 | sed 's/^Host *\(.*\)$/\1/')
SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
# the script within the box, that does the development 'diff'
DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh"
# local configuration directory - contains scripts to be executed after
# 'configure'
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
############# include local configuration ##############
if [ -e "$(get_config_file cbox-dev.conf)" ]
then source "$(get_config_file cbox-dev.conf)"
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
exit 1
fi
# image directory created by dfsbuild
# the BUILD_DIR is defined in the local cbox-dev.conf
IMAGE_DIR="$BUILD_DIR/image"
####################### functions ######################
function run_dfsbuild()
{
[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
dfsbuild -c "$CONFIG" -w "$BUILDDIR"
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
dfsbuild -c "$CONFIG" -w "$BUILD_DIR"
# remove iso image of dfsbuild - it is not necessary
[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
}
@ -143,21 +130,11 @@ function qemu_boot()
}
function init_working_directory()
{
cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc"
[ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR"
echo "Copying the dfsbuild-image ..."
cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR"
}
function configure_cb()
{
if [ ! -e "$IMAGE_DIR" ]; then
echo -e "Directory \"$IMAGE_DIR\" not found!"
echo -e "Did you run \"$0 dfsbuild\"?"
echo -e "Otherwise try \"$0 revert\" to fix this."
exit
fi
@ -175,7 +152,7 @@ function configure_cb()
else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
fi
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
# source local configure scripts
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
@ -226,7 +203,7 @@ function upload2devel()
function merge_from_devel()
# merge a diff from a running development cryptobox into
# this working directory
# your local copy
{
echo "Check for collisions ... (dry-run)"
if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
@ -261,7 +238,6 @@ while [ $# -gt 0 ]
do case "$1" in
dfsbuild )
run_dfsbuild
init_working_directory
;;
config )
configure_cb normal
@ -272,9 +248,6 @@ while [ $# -gt 0 ]
qemu )
qemu_boot
;;
revert )
init_working_directory
;;
diff )
# get a diff from a running development cryptobox
devel_diff
@ -283,16 +256,16 @@ while [ $# -gt 0 ]
merge_from_devel
;;
harden )
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
;;
upload )
upload2devel
;;
chroot )
if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ]
then echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable"
if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
echo "maybe you should run '`basename $0` cb-config' first"
else chroot "$IMAGE_DIR" "$CHROOTSTART"
else chroot "$IMAGE_DIR" "$CHROOT_START"
fi
;;
burn )
@ -302,7 +275,7 @@ while [ $# -gt 0 ]
$0 dfsbuild config harden iso
;;
help|--help )
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | revert | chroot | burn | upload | diff | merge | help )"
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )"
echo " (you may specify more than one action)"
echo
;;

@ -1,5 +1,5 @@
1) Overview
the files in this directory are examples specific hook scripts to change the
the files in this directory are examples for specific hook scripts to change the
configuration of the box
2) How to use these scripts
@ -18,6 +18,6 @@ set_root_pw
import_authorized_keys
- create a new rsa key (etc-local.d/id_rsa) and copy the public
key to the working image directory
key to the image directory
- this is useful, if you secured the development cryptobox with a
password (see 'set_root_pw')

@ -0,0 +1,4 @@
this directory contains some configuration files for the development of the CryptoBox
If you want to use different local settings, then you should copy the respective
configuration file to the directory "etc-local.d" and adapt it to your needs.

@ -0,0 +1,42 @@
# some local settings for cbox-build.sh and validate.sh
#
# previously defined settings:
# - ROOT_DIR
#
####################### cbox-build ########################
# the build directory (will be ERASED without warning)
BUILD_DIR="$ROOT_DIR/_builddir/cd1"
# the iso image
IMAGE_FILE="$BUILD_DIR/cryptobox.iso"
# temporary directory
TMP_DIR="/tmp/`basename $0`-$$"
# the virtual harddisk image used for qemu
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
# mkisofs options (the option "-U" is not clean, but it prevents long
# filenames from getting mapped)
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
# for burning a CD
CDWRITER="2,0,0"
####################### validation ########################
VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases
# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
# who knows, what this should mean?
VALIDATE_HOST_ADDRESS=192.168.0.23:80
VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$
VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report
VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates

@ -7,14 +7,37 @@
set -eu
CB_ROOT_DIR=$(dirname $0)/..
TEST_CASES_DIR=$CB_ROOT_DIR/validation/test-cases
# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
HOST_IP=192.168.0.24
REPORT_DIR=/tmp/cryptobox-validation-$$
REPORT_DIR=$CB_ROOT_DIR/validation/report
SUMMARY_TEMPLATE_DIR=$CB_ROOT_DIR/validation/templates
# get the path of a configuration file - local configuration files
# supersede default files
# parameter: base name of the configuration file
function get_config_file()
{
[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
echo "configuration file ($1) not found!" >&2
exit 1
}
# the base directory of your local development files
ROOT_DIR=$(dirname "$0")/..
# the template (default) configuration directory
DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
# your local configuration directory (existing files supersede the defaults)
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
############# include local configuration ##############
if [ -e "$(get_config_file cbox-dev.conf)" ]
then source "$(get_config_file cbox-dev.conf)"
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
exit 1
fi
#################### some functions ####################
function error_die()
{
@ -43,39 +66,39 @@ function do_single()
function do_series()
# parameter: name of the test case
{
[ -d "$REPORT_DIR/$1" ] && rm -r "$REPORT_DIR/$1"
mkdir -p "$REPORT_DIR/$1"
find "$TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
do do_single "$a" "$REPORT_DIR/$1"
[ -d "$VALIDATE_REPORT_DIR/$1" ] && rm -r "$VALIDATE_REPORT_DIR/$1"
mkdir -p "$VALIDATE_REPORT_DIR/$1"
find "$VALIDATE_TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
do do_single "$a" "$VALIDATE_REPORT_DIR/$1"
done
create_summary "$REPORT_DIR/$1" >"$REPORT_DIR/$1/summary.html"
tar czf "$REPORT_DIR/${1}-results.tar.gz" -C "$REPORT_DIR" "$1"
#echo "$REPORT_DIR/${1}-results.tar.gz"
create_summary "$VALIDATE_REPORT_DIR/$1" >"$VALIDATE_REPORT_DIR/$1/summary.html"
tar czf "$VALIDATE_REPORT_DIR/${1}-results.tar.gz" -C "$VALIDATE_REPORT_DIR" "$1"
#echo "$VALIDATE_REPORT_DIR/${1}-results.tar.gz"
}
create_summary()
# parameter: directory of results
{
cat "$SUMMARY_TEMPLATE_DIR/header"
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/header"
find "$1" -type f -name \*.desc -maxdepth 1 | sort | while read a
do TESTNAME=$(basename ${a%.desc})
TESTDESCRIPTION=$(cat $a)
sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$SUMMARY_TEMPLATE_DIR/single_header"
sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_header"
local DIFF_FILE=${a%.desc}.diff
if [ -s "$DIFF_FILE" ]
then cat "$SUMMARY_TEMPLATE_DIR/result-error"
then cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-error"
sed 's#$#<br/>#' "$DIFF_FILE"
else cat "$SUMMARY_TEMPLATE_DIR/result-ok"
else cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-ok"
echo "no differences found"
# remove empty diff
[ -e "$DIFF_FILE" ] && rm "$DIFF_FILE"
fi
cat "$SUMMARY_TEMPLATE_DIR/single_footer"
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_footer"
# remove description file
rm "$a"
done
cat "$SUMMARY_TEMPLATE_DIR/footer"
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/footer"
}
@ -83,17 +106,17 @@ import_style()
# get the stylesheet file and images
# change the stylesheet link
{
[ -d "REPORT_DIR/img" ] && rm -r "$REPORT_DIR/img"
mkdir -p "$REPORT_DIR/img"
[ -e "$REPORT_DIR/cryptobox.css" ] && rm "$REPORT_DIR/cryptobox.css"
wget -q -O "$REPORT_DIR/cryptobox.css" http://$HOST_IP/cryptobox.css
[ -d "VALIDATE_REPORT_DIR/img" ] && rm -r "$VALIDATE_REPORT_DIR/img"
mkdir -p "$VALIDATE_REPORT_DIR/img"
[ -e "$VALIDATE_REPORT_DIR/cryptobox.css" ] && rm "$VALIDATE_REPORT_DIR/cryptobox.css"
wget -q -O "$VALIDATE_REPORT_DIR/cryptobox.css" http://$VALIDATE_HOST_ADDRESS/cryptobox.css
# extract image file names
grep "url(img/" "$REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
do wget -q -O "$REPORT_DIR/img/$a" "http://$HOST_IP/img/$a"
grep "url(img/" "$VALIDATE_REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
do wget -q -O "$VALIDATE_REPORT_DIR/img/$a" "http://$VALIDATE_HOST_ADDRESS/img/$a"
done
# change the stylesheet link in every html file in REPORT_DIR
find "$REPORT_DIR" -type f -name \*.html | while read a
find "$VALIDATE_REPORT_DIR" -type f -name \*.html | while read a
do sed -i '#link rel="stylesheet"#s#href="/cryptobox.css"#href="../cryptobox.css"#g' "$a"
done
}
@ -104,14 +127,14 @@ ACTION="--help"
case "$ACTION" in
list )
find "$TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
find "$VALIDATE_TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
do echo $(basename "$a")
done
;;
check )
[ $# -ne 2 ] && error_die 1 "Syntax: $(basename $0) check NAME"
CASE_DIR="$TEST_CASES_DIR/$2"
[ ! -d "$CASE_DIR" ] && error_die 2 "the test case was not found ($CASE_DIR)!"
CASE_DIR="$VALIDATE_TEST_CASES_DIR/$2"
[ ! -d "$VALIDATE_CASE_DIR" ] && error_die 2 "the test case was not found ($VALIDATE_CASE_DIR)!"
do_series "$2"
import_style
;;

Loading…
Cancel
Save