|
|
|
@ -3,20 +3,18 @@
|
|
|
|
|
# managing our work at the cryptobox
|
|
|
|
|
#
|
|
|
|
|
# usual workflow:
|
|
|
|
|
# dfsbuild - create the image directory with dfsbuild and copy it to
|
|
|
|
|
# the working directory
|
|
|
|
|
# config - apply cryptobox specific changes to the working directory
|
|
|
|
|
# dfsbuild - create the image directory with dfsbuild
|
|
|
|
|
# config - apply cryptobox specific changes to the image directory
|
|
|
|
|
# harden - remove unnecessary packages and disable developer features
|
|
|
|
|
# iso - create the iso image (out of the working directory)
|
|
|
|
|
# iso - create the iso image (out of the image directory)
|
|
|
|
|
# burn - tries to burn the the image on a cd-rw (maybe it works)
|
|
|
|
|
#
|
|
|
|
|
# development actions:
|
|
|
|
|
# chroot - run first tests in a chroot environment
|
|
|
|
|
# qemu - run the qemu emulation
|
|
|
|
|
# devel - enable developer features like sshd, writable templates and
|
|
|
|
|
# the test-suite (can be undone by "revert")
|
|
|
|
|
# revert - reset the working directory to the image created by dfsbuild
|
|
|
|
|
# upload - copy local working copy to tmpfs on a running cryptobox
|
|
|
|
|
# the test-suite
|
|
|
|
|
# upload - copy your local files to tmpfs on a running cryptobox
|
|
|
|
|
# diff - compare tmpfs-files on a running cryptobox with the original
|
|
|
|
|
# merge - apply the diff to the local copy
|
|
|
|
|
#
|
|
|
|
@ -25,8 +23,8 @@
|
|
|
|
|
#
|
|
|
|
|
#
|
|
|
|
|
# problems of this script:
|
|
|
|
|
# - has to run as root, because dfsbuild, config, iso, chroot, devel,
|
|
|
|
|
# revert and release need root privileges
|
|
|
|
|
# - has to run as root, because dfsbuild, config, iso, chroot, devel
|
|
|
|
|
# and release need root privileges
|
|
|
|
|
# - 'harden' is strangely integrated
|
|
|
|
|
#
|
|
|
|
|
# you may run this script with multiple arguments, e.g.:
|
|
|
|
@ -50,6 +48,7 @@ function get_config_file()
|
|
|
|
|
exit 1
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# the base directory of your local development files
|
|
|
|
|
ROOT_DIR=$(dirname "$0")
|
|
|
|
|
|
|
|
|
@ -59,39 +58,18 @@ DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
|
|
|
|
|
# your local configuration directory (existing files supersede the defaults)
|
|
|
|
|
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
|
|
|
|
|
|
|
|
|
|
# the build directory (will be ERASED without warning)
|
|
|
|
|
BUILDDIR="$ROOT_DIR/_builddir/cd1"
|
|
|
|
|
|
|
|
|
|
# image directory created by dfsbuild
|
|
|
|
|
IMAGE_DIR_ORIG="$BUILDDIR/image"
|
|
|
|
|
|
|
|
|
|
# a working copy of the image directory
|
|
|
|
|
IMAGE_DIR="$BUILDDIR/image-working"
|
|
|
|
|
# local configuration directory - contains scripts to be executed after
|
|
|
|
|
# 'configure'
|
|
|
|
|
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
|
|
|
|
|
|
|
|
|
|
# template directory for cryptobox specific configuration
|
|
|
|
|
TEMPLATE_DIR="cbox-tree.d"
|
|
|
|
|
|
|
|
|
|
# the iso image
|
|
|
|
|
IMAGE_FILE="$BUILDDIR/cryptobox.iso"
|
|
|
|
|
|
|
|
|
|
# dfsbuild config
|
|
|
|
|
CONFIG=$(get_config_file dfs.cbox.conf)
|
|
|
|
|
|
|
|
|
|
# temporary directory
|
|
|
|
|
TMP_DIR="/tmp/`basename $0`-$$"
|
|
|
|
|
|
|
|
|
|
# the virtual harddisk image used for qemu
|
|
|
|
|
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
|
|
|
|
|
|
|
|
|
# mkisofs options (the option "-U" is not clean, but it prevents long
|
|
|
|
|
# filenames from getting mapped)
|
|
|
|
|
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
|
|
|
|
|
|
|
|
|
|
# the chroot-wrapper within the cryptobox
|
|
|
|
|
CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh"
|
|
|
|
|
|
|
|
|
|
# for burning a CD
|
|
|
|
|
CDWRITER="2,0,0"
|
|
|
|
|
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
|
|
|
|
|
|
|
|
|
|
# qemu network configuration file
|
|
|
|
|
QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
|
|
|
|
@ -100,25 +78,34 @@ QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
|
|
|
|
|
SSH_CONFIG_FILE=$(get_config_file ssh_config)
|
|
|
|
|
|
|
|
|
|
# extract the hostname of the cryptobox from the ssh_config file
|
|
|
|
|
SSH_HOST=$(grep "^Host " $SSH_CONFIG_FILE | head -1 | sed 's/^Host *\(.*\)$/\1/')
|
|
|
|
|
SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
|
|
|
|
|
|
|
|
|
|
# the script within the box, that does the development 'diff'
|
|
|
|
|
DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh"
|
|
|
|
|
|
|
|
|
|
# local configuration directory - contains scripts to be executed after
|
|
|
|
|
# 'configure'
|
|
|
|
|
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
|
|
|
|
|
|
|
|
|
|
############# include local configuration ##############
|
|
|
|
|
|
|
|
|
|
if [ -e "$(get_config_file cbox-dev.conf)" ]
|
|
|
|
|
then source "$(get_config_file cbox-dev.conf)"
|
|
|
|
|
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# image directory created by dfsbuild
|
|
|
|
|
# the BUILD_DIR is defined in the local cbox-dev.conf
|
|
|
|
|
IMAGE_DIR="$BUILD_DIR/image"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
####################### functions ######################
|
|
|
|
|
|
|
|
|
|
function run_dfsbuild()
|
|
|
|
|
{
|
|
|
|
|
[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
|
|
|
|
|
dfsbuild -c "$CONFIG" -w "$BUILDDIR"
|
|
|
|
|
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
|
|
|
|
|
dfsbuild -c "$CONFIG" -w "$BUILD_DIR"
|
|
|
|
|
|
|
|
|
|
# remove iso image of dfsbuild - it is not necessary
|
|
|
|
|
[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
|
|
|
|
|
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@ -143,21 +130,11 @@ function qemu_boot()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function init_working_directory()
|
|
|
|
|
{
|
|
|
|
|
cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc"
|
|
|
|
|
[ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR"
|
|
|
|
|
echo "Copying the dfsbuild-image ..."
|
|
|
|
|
cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR"
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function configure_cb()
|
|
|
|
|
{
|
|
|
|
|
if [ ! -e "$IMAGE_DIR" ]; then
|
|
|
|
|
echo -e "Directory \"$IMAGE_DIR\" not found!"
|
|
|
|
|
echo -e "Did you run \"$0 dfsbuild\"?"
|
|
|
|
|
echo -e "Otherwise try \"$0 revert\" to fix this."
|
|
|
|
|
exit
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
@ -175,7 +152,7 @@ function configure_cb()
|
|
|
|
|
else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
|
|
|
|
|
fi
|
|
|
|
|
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
|
|
|
|
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
|
|
|
|
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
|
|
|
|
|
|
|
|
|
# source local configure scripts
|
|
|
|
|
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
|
|
|
@ -226,7 +203,7 @@ function upload2devel()
|
|
|
|
|
|
|
|
|
|
function merge_from_devel()
|
|
|
|
|
# merge a diff from a running development cryptobox into
|
|
|
|
|
# this working directory
|
|
|
|
|
# your local copy
|
|
|
|
|
{
|
|
|
|
|
echo "Check for collisions ... (dry-run)"
|
|
|
|
|
if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
|
|
|
|
@ -261,7 +238,6 @@ while [ $# -gt 0 ]
|
|
|
|
|
do case "$1" in
|
|
|
|
|
dfsbuild )
|
|
|
|
|
run_dfsbuild
|
|
|
|
|
init_working_directory
|
|
|
|
|
;;
|
|
|
|
|
config )
|
|
|
|
|
configure_cb normal
|
|
|
|
@ -272,9 +248,6 @@ while [ $# -gt 0 ]
|
|
|
|
|
qemu )
|
|
|
|
|
qemu_boot
|
|
|
|
|
;;
|
|
|
|
|
revert )
|
|
|
|
|
init_working_directory
|
|
|
|
|
;;
|
|
|
|
|
diff )
|
|
|
|
|
# get a diff from a running development cryptobox
|
|
|
|
|
devel_diff
|
|
|
|
@ -283,16 +256,16 @@ while [ $# -gt 0 ]
|
|
|
|
|
merge_from_devel
|
|
|
|
|
;;
|
|
|
|
|
harden )
|
|
|
|
|
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
|
|
|
|
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
|
|
|
|
;;
|
|
|
|
|
upload )
|
|
|
|
|
upload2devel
|
|
|
|
|
;;
|
|
|
|
|
chroot )
|
|
|
|
|
if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ]
|
|
|
|
|
then echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable"
|
|
|
|
|
if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
|
|
|
|
|
then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
|
|
|
|
|
echo "maybe you should run '`basename $0` cb-config' first"
|
|
|
|
|
else chroot "$IMAGE_DIR" "$CHROOTSTART"
|
|
|
|
|
else chroot "$IMAGE_DIR" "$CHROOT_START"
|
|
|
|
|
fi
|
|
|
|
|
;;
|
|
|
|
|
burn )
|
|
|
|
@ -302,7 +275,7 @@ while [ $# -gt 0 ]
|
|
|
|
|
$0 dfsbuild config harden iso
|
|
|
|
|
;;
|
|
|
|
|
help|--help )
|
|
|
|
|
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | revert | chroot | burn | upload | diff | merge | help )"
|
|
|
|
|
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )"
|
|
|
|
|
echo " (you may specify more than one action)"
|
|
|
|
|
echo
|
|
|
|
|
;;
|
|
|
|
|