diff --git a/cbox-build.sh b/cbox-build.sh index aaa564b..230af06 100755 --- a/cbox-build.sh +++ b/cbox-build.sh @@ -3,20 +3,18 @@ # managing our work at the cryptobox # # usual workflow: -# dfsbuild - create the image directory with dfsbuild and copy it to -# the working directory -# config - apply cryptobox specific changes to the working directory +# dfsbuild - create the image directory with dfsbuild +# config - apply cryptobox specific changes to the image directory # harden - remove unnecessary packages and disable developer features -# iso - create the iso image (out of the working directory) +# iso - create the iso image (out of the image directory) # burn - tries to burn the the image on a cd-rw (maybe it works) # # development actions: # chroot - run first tests in a chroot environment # qemu - run the qemu emulation # devel - enable developer features like sshd, writable templates and -# the test-suite (can be undone by "revert") -# revert - reset the working directory to the image created by dfsbuild -# upload - copy local working copy to tmpfs on a running cryptobox +# the test-suite +# upload - copy your local files to tmpfs on a running cryptobox # diff - compare tmpfs-files on a running cryptobox with the original # merge - apply the diff to the local copy # @@ -25,8 +23,8 @@ # # # problems of this script: -# - has to run as root, because dfsbuild, config, iso, chroot, devel, -# revert and release need root privileges +# - has to run as root, because dfsbuild, config, iso, chroot, devel +# and release need root privileges # - 'harden' is strangely integrated # # you may run this script with multiple arguments, e.g.: @@ -50,6 +48,7 @@ function get_config_file() exit 1 } + # the base directory of your local development files ROOT_DIR=$(dirname "$0") @@ -59,39 +58,18 @@ DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d" # your local configuration directory (existing files supersede the defaults) LOCALCONF_DIR="$ROOT_DIR/etc-local.d" -# the build directory (will be ERASED without warning) -BUILDDIR="$ROOT_DIR/_builddir/cd1" - -# image directory created by dfsbuild -IMAGE_DIR_ORIG="$BUILDDIR/image" - -# a working copy of the image directory -IMAGE_DIR="$BUILDDIR/image-working" +# local configuration directory - contains scripts to be executed after +# 'configure' +CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d" # template directory for cryptobox specific configuration TEMPLATE_DIR="cbox-tree.d" -# the iso image -IMAGE_FILE="$BUILDDIR/cryptobox.iso" - # dfsbuild config CONFIG=$(get_config_file dfs.cbox.conf) -# temporary directory -TMP_DIR="/tmp/`basename $0`-$$" - -# the virtual harddisk image used for qemu -HD_IMAGE="/tmp/`basename $0`-testplatte.img" - -# mkisofs options (the option "-U" is not clean, but it prevents long -# filenames from getting mapped) -MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R" - # the chroot-wrapper within the cryptobox -CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh" - -# for burning a CD -CDWRITER="2,0,0" +CHROOT_START="/usr/lib/cryptobox/chroot-start.sh" # qemu network configuration file QEMU_IFUP_FILE=$(get_config_file qemu-ifup) @@ -100,25 +78,34 @@ QEMU_IFUP_FILE=$(get_config_file qemu-ifup) SSH_CONFIG_FILE=$(get_config_file ssh_config) # extract the hostname of the cryptobox from the ssh_config file -SSH_HOST=$(grep "^Host " $SSH_CONFIG_FILE | head -1 | sed 's/^Host *\(.*\)$/\1/') +SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/') # the script within the box, that does the development 'diff' DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh" -# local configuration directory - contains scripts to be executed after -# 'configure' -CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d" + +############# include local configuration ############## + +if [ -e "$(get_config_file cbox-dev.conf)" ] + then source "$(get_config_file cbox-dev.conf)" + else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2 + exit 1 + fi + +# image directory created by dfsbuild +# the BUILD_DIR is defined in the local cbox-dev.conf +IMAGE_DIR="$BUILD_DIR/image" ####################### functions ###################### function run_dfsbuild() { - [ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..." - dfsbuild -c "$CONFIG" -w "$BUILDDIR" + [ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..." + dfsbuild -c "$CONFIG" -w "$BUILD_DIR" # remove iso image of dfsbuild - it is not necessary - [ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso" + [ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso" } @@ -143,21 +130,11 @@ function qemu_boot() } -function init_working_directory() -{ - cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc" - [ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR" - echo "Copying the dfsbuild-image ..." - cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR" -} - - function configure_cb() { if [ ! -e "$IMAGE_DIR" ]; then echo -e "Directory \"$IMAGE_DIR\" not found!" echo -e "Did you run \"$0 dfsbuild\"?" - echo -e "Otherwise try \"$0 revert\" to fix this." exit fi @@ -175,7 +152,7 @@ function configure_cb() else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue" fi fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision" - chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal + chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal # source local configure scripts [ -d "$CUSTOM_CONFIGURE_DIR" ] && \ @@ -226,7 +203,7 @@ function upload2devel() function merge_from_devel() # merge a diff from a running development cryptobox into -# this working directory +# your local copy { echo "Check for collisions ... (dry-run)" if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR" @@ -261,7 +238,6 @@ while [ $# -gt 0 ] do case "$1" in dfsbuild ) run_dfsbuild - init_working_directory ;; config ) configure_cb normal @@ -272,9 +248,6 @@ while [ $# -gt 0 ] qemu ) qemu_boot ;; - revert ) - init_working_directory - ;; diff ) # get a diff from a running development cryptobox devel_diff @@ -283,16 +256,16 @@ while [ $# -gt 0 ] merge_from_devel ;; harden ) - chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure + chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure ;; upload ) upload2devel ;; chroot ) - if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ] - then echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable" + if [ ! -x "$IMAGE_DIR/$CHROOT_START" ] + then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable" echo "maybe you should run '`basename $0` cb-config' first" - else chroot "$IMAGE_DIR" "$CHROOTSTART" + else chroot "$IMAGE_DIR" "$CHROOT_START" fi ;; burn ) @@ -302,7 +275,7 @@ while [ $# -gt 0 ] $0 dfsbuild config harden iso ;; help|--help ) - echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | revert | chroot | burn | upload | diff | merge | help )" + echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )" echo " (you may specify more than one action)" echo ;; diff --git a/configure-examples.d/README b/configure-examples.d/README index 736939a..b5abb03 100644 --- a/configure-examples.d/README +++ b/configure-examples.d/README @@ -1,5 +1,5 @@ 1) Overview -the files in this directory are examples specific hook scripts to change the +the files in this directory are examples for specific hook scripts to change the configuration of the box 2) How to use these scripts @@ -18,6 +18,6 @@ set_root_pw import_authorized_keys - create a new rsa key (etc-local.d/id_rsa) and copy the public - key to the working image directory + key to the image directory - this is useful, if you secured the development cryptobox with a password (see 'set_root_pw') diff --git a/etc-defaults.d/README b/etc-defaults.d/README new file mode 100644 index 0000000..3f6e4c9 --- /dev/null +++ b/etc-defaults.d/README @@ -0,0 +1,4 @@ +this directory contains some configuration files for the development of the CryptoBox + +If you want to use different local settings, then you should copy the respective +configuration file to the directory "etc-local.d" and adapt it to your needs. diff --git a/etc-defaults.d/cbox-dev.conf b/etc-defaults.d/cbox-dev.conf new file mode 100644 index 0000000..20fb676 --- /dev/null +++ b/etc-defaults.d/cbox-dev.conf @@ -0,0 +1,42 @@ +# some local settings for cbox-build.sh and validate.sh +# +# previously defined settings: +# - ROOT_DIR +# + + +####################### cbox-build ######################## + +# the build directory (will be ERASED without warning) +BUILD_DIR="$ROOT_DIR/_builddir/cd1" + +# the iso image +IMAGE_FILE="$BUILD_DIR/cryptobox.iso" + +# temporary directory +TMP_DIR="/tmp/`basename $0`-$$" + +# the virtual harddisk image used for qemu +HD_IMAGE="/tmp/`basename $0`-testplatte.img" + +# mkisofs options (the option "-U" is not clean, but it prevents long +# filenames from getting mapped) +MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R" + +# for burning a CD +CDWRITER="2,0,0" + + +####################### validation ######################## + +VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases + +# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge") +# who knows, what this should mean? + +VALIDATE_HOST_ADDRESS=192.168.0.23:80 +VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$ +VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report +VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates + + diff --git a/validation/validate.sh b/validation/validate.sh index a8fcf4d..34381d9 100755 --- a/validation/validate.sh +++ b/validation/validate.sh @@ -7,14 +7,37 @@ set -eu -CB_ROOT_DIR=$(dirname $0)/.. -TEST_CASES_DIR=$CB_ROOT_DIR/validation/test-cases -# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge") -HOST_IP=192.168.0.24 -REPORT_DIR=/tmp/cryptobox-validation-$$ -REPORT_DIR=$CB_ROOT_DIR/validation/report -SUMMARY_TEMPLATE_DIR=$CB_ROOT_DIR/validation/templates +# get the path of a configuration file - local configuration files +# supersede default files +# parameter: base name of the configuration file +function get_config_file() +{ + [ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0 + [ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0 + echo "configuration file ($1) not found!" >&2 + exit 1 +} + +# the base directory of your local development files +ROOT_DIR=$(dirname "$0")/.. + +# the template (default) configuration directory +DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d" + +# your local configuration directory (existing files supersede the defaults) +LOCALCONF_DIR="$ROOT_DIR/etc-local.d" + + +############# include local configuration ############## + +if [ -e "$(get_config_file cbox-dev.conf)" ] + then source "$(get_config_file cbox-dev.conf)" + else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2 + exit 1 + fi + +#################### some functions #################### function error_die() { @@ -43,39 +66,39 @@ function do_single() function do_series() # parameter: name of the test case { - [ -d "$REPORT_DIR/$1" ] && rm -r "$REPORT_DIR/$1" - mkdir -p "$REPORT_DIR/$1" - find "$TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a - do do_single "$a" "$REPORT_DIR/$1" + [ -d "$VALIDATE_REPORT_DIR/$1" ] && rm -r "$VALIDATE_REPORT_DIR/$1" + mkdir -p "$VALIDATE_REPORT_DIR/$1" + find "$VALIDATE_TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a + do do_single "$a" "$VALIDATE_REPORT_DIR/$1" done - create_summary "$REPORT_DIR/$1" >"$REPORT_DIR/$1/summary.html" - tar czf "$REPORT_DIR/${1}-results.tar.gz" -C "$REPORT_DIR" "$1" - #echo "$REPORT_DIR/${1}-results.tar.gz" + create_summary "$VALIDATE_REPORT_DIR/$1" >"$VALIDATE_REPORT_DIR/$1/summary.html" + tar czf "$VALIDATE_REPORT_DIR/${1}-results.tar.gz" -C "$VALIDATE_REPORT_DIR" "$1" + #echo "$VALIDATE_REPORT_DIR/${1}-results.tar.gz" } create_summary() # parameter: directory of results { - cat "$SUMMARY_TEMPLATE_DIR/header" + cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/header" find "$1" -type f -name \*.desc -maxdepth 1 | sort | while read a do TESTNAME=$(basename ${a%.desc}) TESTDESCRIPTION=$(cat $a) - sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$SUMMARY_TEMPLATE_DIR/single_header" + sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_header" local DIFF_FILE=${a%.desc}.diff if [ -s "$DIFF_FILE" ] - then cat "$SUMMARY_TEMPLATE_DIR/result-error" + then cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-error" sed 's#$#
#' "$DIFF_FILE" - else cat "$SUMMARY_TEMPLATE_DIR/result-ok" + else cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-ok" echo "no differences found" # remove empty diff [ -e "$DIFF_FILE" ] && rm "$DIFF_FILE" fi - cat "$SUMMARY_TEMPLATE_DIR/single_footer" + cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_footer" # remove description file rm "$a" done - cat "$SUMMARY_TEMPLATE_DIR/footer" + cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/footer" } @@ -83,17 +106,17 @@ import_style() # get the stylesheet file and images # change the stylesheet link { - [ -d "REPORT_DIR/img" ] && rm -r "$REPORT_DIR/img" - mkdir -p "$REPORT_DIR/img" - [ -e "$REPORT_DIR/cryptobox.css" ] && rm "$REPORT_DIR/cryptobox.css" - wget -q -O "$REPORT_DIR/cryptobox.css" http://$HOST_IP/cryptobox.css + [ -d "VALIDATE_REPORT_DIR/img" ] && rm -r "$VALIDATE_REPORT_DIR/img" + mkdir -p "$VALIDATE_REPORT_DIR/img" + [ -e "$VALIDATE_REPORT_DIR/cryptobox.css" ] && rm "$VALIDATE_REPORT_DIR/cryptobox.css" + wget -q -O "$VALIDATE_REPORT_DIR/cryptobox.css" http://$VALIDATE_HOST_ADDRESS/cryptobox.css # extract image file names - grep "url(img/" "$REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a - do wget -q -O "$REPORT_DIR/img/$a" "http://$HOST_IP/img/$a" + grep "url(img/" "$VALIDATE_REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a + do wget -q -O "$VALIDATE_REPORT_DIR/img/$a" "http://$VALIDATE_HOST_ADDRESS/img/$a" done # change the stylesheet link in every html file in REPORT_DIR - find "$REPORT_DIR" -type f -name \*.html | while read a + find "$VALIDATE_REPORT_DIR" -type f -name \*.html | while read a do sed -i '#link rel="stylesheet"#s#href="/cryptobox.css"#href="../cryptobox.css"#g' "$a" done } @@ -104,14 +127,14 @@ ACTION="--help" case "$ACTION" in list ) - find "$TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a + find "$VALIDATE_TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a do echo $(basename "$a") done ;; check ) [ $# -ne 2 ] && error_die 1 "Syntax: $(basename $0) check NAME" - CASE_DIR="$TEST_CASES_DIR/$2" - [ ! -d "$CASE_DIR" ] && error_die 2 "the test case was not found ($CASE_DIR)!" + CASE_DIR="$VALIDATE_TEST_CASES_DIR/$2" + [ ! -d "$VALIDATE_CASE_DIR" ] && error_die 2 "the test case was not found ($VALIDATE_CASE_DIR)!" do_series "$2" import_style ;;