changed some setting names (CHROOTSTART and BUILDDIR)

removed the "revert" feature (too complicated and rarely used)
moved some settings to etc-defaults.d/cbox-dev.conf to allow local changes

cbox-build.sh

@@ -3,20 +3,18 @@
 # managing our work at the cryptobox
 #
 # usual workflow:
-#   dfsbuild	- create the image directory with dfsbuild and copy it to
-#		  the working directory
-#   config	- apply cryptobox specific changes to the working directory
+#   dfsbuild	- create the image directory with dfsbuild
+#   config	- apply cryptobox specific changes to the image directory
 #   harden	- remove unnecessary packages and disable developer features
-#   iso		- create the iso image (out of the working directory)
+#   iso		- create the iso image (out of the image directory)
 #   burn	- tries to burn the the image on a cd-rw (maybe it works)
 #
 # development actions:
 #   chroot	- run first tests in a chroot environment
 #   qemu	- run the qemu emulation
 #   devel	- enable developer features like sshd, writable templates and
-#		  the test-suite (can be undone by "revert")
-#   revert	- reset the working directory to the image created by dfsbuild
-#   upload	- copy local working copy to tmpfs on a running cryptobox
+#		  the test-suite
+#   upload	- copy your local files to tmpfs on a running cryptobox
 #   diff	- compare tmpfs-files on a running cryptobox with the original
 #   merge	- apply the diff to the local copy
 #
@@ -25,8 +23,8 @@
 #
 #
 # problems of this script:
-#  - has to run as root, because dfsbuild, config, iso, chroot, devel,
-#    revert and release need root privileges
+#  - has to run as root, because dfsbuild, config, iso, chroot, devel
+#    and release need root privileges
 #  - 'harden' is strangely integrated
 #
 # you may run this script with multiple arguments, e.g.:
@@ -50,6 +48,7 @@ function get_config_file()
 	exit 1
 }
 
+
 # the base directory of your local development files
 ROOT_DIR=$(dirname "$0")
 
@@ -59,39 +58,18 @@ DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
 # your local configuration directory (existing files supersede the defaults)
 LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
 
-# the build directory (will be ERASED without warning)
-BUILDDIR="$ROOT_DIR/_builddir/cd1"
-
-# image directory created by dfsbuild
-IMAGE_DIR_ORIG="$BUILDDIR/image"
-
-# a working copy of the image directory
-IMAGE_DIR="$BUILDDIR/image-working"
+# local configuration directory - contains scripts to be executed after
+# 'configure'
+CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
 
 # template directory for cryptobox specific configuration
 TEMPLATE_DIR="cbox-tree.d"
 
-# the iso image
-IMAGE_FILE="$BUILDDIR/cryptobox.iso"
-
 # dfsbuild config
 CONFIG=$(get_config_file dfs.cbox.conf)
 
-# temporary directory
-TMP_DIR="/tmp/`basename $0`-$$"
-
-# the virtual harddisk image used for qemu
-HD_IMAGE="/tmp/`basename $0`-testplatte.img"
-
-# mkisofs options (the option "-U" is not clean, but it prevents long
-# filenames from getting mapped)
-MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
-
 # the chroot-wrapper within the cryptobox
-CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh"
-
-# for burning a CD
-CDWRITER="2,0,0"
+CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
 
 # qemu network configuration file
 QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
@@ -100,25 +78,34 @@ QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
 SSH_CONFIG_FILE=$(get_config_file ssh_config)
 
 # extract the hostname of the cryptobox from the ssh_config file
-SSH_HOST=$(grep "^Host " $SSH_CONFIG_FILE | head -1 | sed 's/^Host *\(.*\)$/\1/')
+SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
 
 # the script within the box, that does the development 'diff'
 DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh"
 
-# local configuration directory - contains scripts to be executed after
-# 'configure'
-CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
+
+############# include local configuration ##############
+
+if [ -e "$(get_config_file cbox-dev.conf)" ]
+	then	source "$(get_config_file cbox-dev.conf)"
+	else	echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
+		exit 1
+  fi
+
+# image directory created by dfsbuild
+# the BUILD_DIR is defined in the local cbox-dev.conf
+IMAGE_DIR="$BUILD_DIR/image"
 
 
 ####################### functions ######################
 
 function run_dfsbuild()
 {
-	[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
-	dfsbuild -c "$CONFIG" -w "$BUILDDIR" 
+	[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
+	dfsbuild -c "$CONFIG" -w "$BUILD_DIR" 
 	
 	# remove iso image of dfsbuild - it is not necessary
-	[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
+	[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
 }
 
 
@@ -143,21 +130,11 @@ function qemu_boot()
 }
 
 
-function init_working_directory()
-{
-	cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc"
-	[ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR"
-	echo "Copying the dfsbuild-image ..."
-	cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR"
-}
-
-
 function configure_cb()
 {
 	if [ ! -e "$IMAGE_DIR" ]; then 
 		echo -e "Directory \"$IMAGE_DIR\" not found!"
 		echo -e "Did you run \"$0 dfsbuild\"?" 
-		echo -e "Otherwise try \"$0 revert\" to fix this."
 		exit
 	fi
 
@@ -175,7 +152,7 @@ function configure_cb()
 		  else	echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
 		 fi
 		fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
-		chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
+		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
 	
 	# source local configure scripts
 	[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
@@ -226,7 +203,7 @@ function upload2devel()
 
 function merge_from_devel()
 # merge a diff from a running development cryptobox into
-# this working directory
+# your local copy
 {
 	echo "Check for collisions ... (dry-run)"
 	if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
@@ -261,7 +238,6 @@ while [ $# -gt 0 ]
    do	case "$1" in
 	    dfsbuild )
 		run_dfsbuild
-		init_working_directory
 		;;
 	    config )
 		configure_cb normal
@@ -272,9 +248,6 @@ while [ $# -gt 0 ]
 	    qemu )
 		qemu_boot
 		;;
-	    revert )
-		init_working_directory
-		;;
 	    diff )
 	    	# get a diff from a running development cryptobox
 		devel_diff
@@ -283,16 +256,16 @@ while [ $# -gt 0 ]
 	 	merge_from_devel
 		;;
 	    harden )
-		chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure
+		chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
 	    	;;
 	    upload )
 	 	upload2devel
 		;;
 	    chroot )
-		if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ]
-		   then	echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable"
+		if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
+		   then	echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
 		    	echo "maybe you should run '`basename $0` cb-config' first"
-		   else	chroot "$IMAGE_DIR" "$CHROOTSTART"
+		   else	chroot "$IMAGE_DIR" "$CHROOT_START"
 		  fi
 		;;
 	    burn )
@@ -302,7 +275,7 @@ while [ $# -gt 0 ]
 	    	$0 dfsbuild config harden iso
 		;;
 	    help|--help )
-		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | revert | chroot | burn | upload | diff | merge | help )"
+		echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )"
 		echo "  (you may specify more than one action)"
 		echo
 	    	;;

configure-examples.d/README

@@ -1,5 +1,5 @@
 1) Overview
-the files in this directory are examples specific hook scripts to change the
+the files in this directory are examples for specific hook scripts to change the
 configuration of the box
 
 2) How to use these scripts
@@ -18,6 +18,6 @@ set_root_pw
 
 import_authorized_keys
 	- create a new rsa key (etc-local.d/id_rsa) and copy the public
-	  key to the working image directory
+	  key to the image directory
 	- this is useful, if you secured the development cryptobox with a
 	  password (see 'set_root_pw')

etc-defaults.d/README

@@ -0,0 +1,4 @@
+this directory contains some configuration files for the development of the CryptoBox
+
+If you want to use different local settings, then you should copy the respective
+configuration file to the directory "etc-local.d" and adapt it to your needs.

etc-defaults.d/cbox-dev.conf

@@ -0,0 +1,42 @@
+# some local settings for cbox-build.sh and validate.sh
+#
+# previously defined settings:
+#	- ROOT_DIR
+#
+
+
+####################### cbox-build ########################
+
+# the build directory (will be ERASED without warning)
+BUILD_DIR="$ROOT_DIR/_builddir/cd1"
+
+# the iso image
+IMAGE_FILE="$BUILD_DIR/cryptobox.iso"
+
+# temporary directory
+TMP_DIR="/tmp/`basename $0`-$$"
+
+# the virtual harddisk image used for qemu
+HD_IMAGE="/tmp/`basename $0`-testplatte.img"
+
+# mkisofs options (the option "-U" is not clean, but it prevents long
+# filenames from getting mapped)
+MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
+
+# for burning a CD
+CDWRITER="2,0,0"
+
+
+####################### validation ########################
+
+VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases
+
+# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
+# who knows, what this should mean?
+
+VALIDATE_HOST_ADDRESS=192.168.0.23:80
+VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$
+VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report
+VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates
+
+

validation/validate.sh

@@ -7,14 +7,37 @@
 
 set -eu
 
-CB_ROOT_DIR=$(dirname $0)/..
-TEST_CASES_DIR=$CB_ROOT_DIR/validation/test-cases
-# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
-HOST_IP=192.168.0.24
-REPORT_DIR=/tmp/cryptobox-validation-$$
-REPORT_DIR=$CB_ROOT_DIR/validation/report
-SUMMARY_TEMPLATE_DIR=$CB_ROOT_DIR/validation/templates
 
+# get the path of a configuration file - local configuration files
+# supersede default files
+# parameter: base name of the configuration file
+function get_config_file()
+{
+	[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
+	[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
+	echo "configuration file ($1) not found!" >&2
+	exit 1
+}
+
+# the base directory of your local development files
+ROOT_DIR=$(dirname "$0")/..
+
+# the template (default) configuration directory
+DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
+
+# your local configuration directory (existing files supersede the defaults)
+LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
+
+
+############# include local configuration ##############
+
+if [ -e "$(get_config_file cbox-dev.conf)" ]
+	then	source "$(get_config_file cbox-dev.conf)"
+	else	echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
+		exit 1
+  fi
+
+#################### some functions ####################
 
 function error_die()
 {
@@ -43,39 +66,39 @@ function do_single()
 function do_series()
 # parameter: name of the test case
 {
-	[ -d "$REPORT_DIR/$1" ] && rm -r "$REPORT_DIR/$1"
-	mkdir -p "$REPORT_DIR/$1"
-	find "$TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
-		do	do_single "$a" "$REPORT_DIR/$1"
+	[ -d "$VALIDATE_REPORT_DIR/$1" ] && rm -r "$VALIDATE_REPORT_DIR/$1"
+	mkdir -p "$VALIDATE_REPORT_DIR/$1"
+	find "$VALIDATE_TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
+		do	do_single "$a" "$VALIDATE_REPORT_DIR/$1"
 	  done
-	create_summary "$REPORT_DIR/$1" >"$REPORT_DIR/$1/summary.html"
-	tar czf "$REPORT_DIR/${1}-results.tar.gz" -C "$REPORT_DIR" "$1"
-	#echo "$REPORT_DIR/${1}-results.tar.gz"
+	create_summary "$VALIDATE_REPORT_DIR/$1" >"$VALIDATE_REPORT_DIR/$1/summary.html"
+	tar czf "$VALIDATE_REPORT_DIR/${1}-results.tar.gz" -C "$VALIDATE_REPORT_DIR" "$1"
+	#echo "$VALIDATE_REPORT_DIR/${1}-results.tar.gz"
 }
 
 
 create_summary()
 # parameter: directory of results
 {
-	cat "$SUMMARY_TEMPLATE_DIR/header"
+	cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/header"
 	find "$1" -type f -name \*.desc -maxdepth 1 | sort | while read a
 	    do	TESTNAME=$(basename ${a%.desc})
 		TESTDESCRIPTION=$(cat $a)
-	    	sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$SUMMARY_TEMPLATE_DIR/single_header"
+	    	sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_header"
 		local DIFF_FILE=${a%.desc}.diff
 		if [ -s "$DIFF_FILE" ]
-		   then	cat "$SUMMARY_TEMPLATE_DIR/result-error"
+		   then	cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-error"
 			sed 's#$#<br/>#' "$DIFF_FILE"
-		   else	cat "$SUMMARY_TEMPLATE_DIR/result-ok"
+		   else	cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-ok"
 			echo "no differences found"
 			# remove empty diff
 			[ -e "$DIFF_FILE" ] && rm "$DIFF_FILE"
 		 fi
-		cat "$SUMMARY_TEMPLATE_DIR/single_footer"
+		cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_footer"
 		# remove description file
 		rm "$a"
 	  done
-	cat "$SUMMARY_TEMPLATE_DIR/footer"
+	cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/footer"
 }
 
 
@@ -83,17 +106,17 @@ import_style()
 # get the stylesheet file and images
 # change the stylesheet link
 {
-	[ -d "REPORT_DIR/img" ] && rm -r "$REPORT_DIR/img"
-	mkdir -p "$REPORT_DIR/img"
-	[ -e "$REPORT_DIR/cryptobox.css" ] && rm "$REPORT_DIR/cryptobox.css"
-	wget -q -O "$REPORT_DIR/cryptobox.css" http://$HOST_IP/cryptobox.css
+	[ -d "VALIDATE_REPORT_DIR/img" ] && rm -r "$VALIDATE_REPORT_DIR/img"
+	mkdir -p "$VALIDATE_REPORT_DIR/img"
+	[ -e "$VALIDATE_REPORT_DIR/cryptobox.css" ] && rm "$VALIDATE_REPORT_DIR/cryptobox.css"
+	wget -q -O "$VALIDATE_REPORT_DIR/cryptobox.css" http://$VALIDATE_HOST_ADDRESS/cryptobox.css
 	# extract image file names
-	grep "url(img/" "$REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
-		do	wget -q -O "$REPORT_DIR/img/$a" "http://$HOST_IP/img/$a"
+	grep "url(img/" "$VALIDATE_REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
+		do	wget -q -O "$VALIDATE_REPORT_DIR/img/$a" "http://$VALIDATE_HOST_ADDRESS/img/$a"
 	  done
 	
 	# change the stylesheet link in every html file in REPORT_DIR
-	find "$REPORT_DIR" -type f -name \*.html | while read a
+	find "$VALIDATE_REPORT_DIR" -type f -name \*.html | while read a
 		do	sed -i '#link rel="stylesheet"#s#href="/cryptobox.css"#href="../cryptobox.css"#g' "$a"
 	  done
 }
@@ -104,14 +127,14 @@ ACTION="--help"
 
 case "$ACTION" in
 	list )
-		find "$TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
+		find "$VALIDATE_TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
 			do	echo $(basename "$a")
 		  done
 		;;
 	check )
 		[ $# -ne 2 ] && error_die 1 "Syntax: $(basename $0) check NAME"
-		CASE_DIR="$TEST_CASES_DIR/$2"
-		[ ! -d "$CASE_DIR" ] && error_die 2 "the test case was not found ($CASE_DIR)!"
+		CASE_DIR="$VALIDATE_TEST_CASES_DIR/$2"
+		[ ! -d "$VALIDATE_CASE_DIR" ] && error_die 2 "the test case was not found ($VALIDATE_CASE_DIR)!"
 		do_series "$2"
 		import_style
 		;;