changed some setting names (CHROOTSTART and BUILDDIR)
removed the "revert" feature (too complicated and rarely used) moved some settings to etc-defaults.d/cbox-dev.conf to allow local changes
This commit is contained in:
parent
6de670828e
commit
5cf24ebede
|
@ -3,20 +3,18 @@
|
|||
# managing our work at the cryptobox
|
||||
#
|
||||
# usual workflow:
|
||||
# dfsbuild - create the image directory with dfsbuild and copy it to
|
||||
# the working directory
|
||||
# config - apply cryptobox specific changes to the working directory
|
||||
# dfsbuild - create the image directory with dfsbuild
|
||||
# config - apply cryptobox specific changes to the image directory
|
||||
# harden - remove unnecessary packages and disable developer features
|
||||
# iso - create the iso image (out of the working directory)
|
||||
# iso - create the iso image (out of the image directory)
|
||||
# burn - tries to burn the the image on a cd-rw (maybe it works)
|
||||
#
|
||||
# development actions:
|
||||
# chroot - run first tests in a chroot environment
|
||||
# qemu - run the qemu emulation
|
||||
# devel - enable developer features like sshd, writable templates and
|
||||
# the test-suite (can be undone by "revert")
|
||||
# revert - reset the working directory to the image created by dfsbuild
|
||||
# upload - copy local working copy to tmpfs on a running cryptobox
|
||||
# the test-suite
|
||||
# upload - copy your local files to tmpfs on a running cryptobox
|
||||
# diff - compare tmpfs-files on a running cryptobox with the original
|
||||
# merge - apply the diff to the local copy
|
||||
#
|
||||
|
@ -25,8 +23,8 @@
|
|||
#
|
||||
#
|
||||
# problems of this script:
|
||||
# - has to run as root, because dfsbuild, config, iso, chroot, devel,
|
||||
# revert and release need root privileges
|
||||
# - has to run as root, because dfsbuild, config, iso, chroot, devel
|
||||
# and release need root privileges
|
||||
# - 'harden' is strangely integrated
|
||||
#
|
||||
# you may run this script with multiple arguments, e.g.:
|
||||
|
@ -50,6 +48,7 @@ function get_config_file()
|
|||
exit 1
|
||||
}
|
||||
|
||||
|
||||
# the base directory of your local development files
|
||||
ROOT_DIR=$(dirname "$0")
|
||||
|
||||
|
@ -59,39 +58,18 @@ DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
|
|||
# your local configuration directory (existing files supersede the defaults)
|
||||
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
|
||||
|
||||
# the build directory (will be ERASED without warning)
|
||||
BUILDDIR="$ROOT_DIR/_builddir/cd1"
|
||||
|
||||
# image directory created by dfsbuild
|
||||
IMAGE_DIR_ORIG="$BUILDDIR/image"
|
||||
|
||||
# a working copy of the image directory
|
||||
IMAGE_DIR="$BUILDDIR/image-working"
|
||||
# local configuration directory - contains scripts to be executed after
|
||||
# 'configure'
|
||||
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
|
||||
|
||||
# template directory for cryptobox specific configuration
|
||||
TEMPLATE_DIR="cbox-tree.d"
|
||||
|
||||
# the iso image
|
||||
IMAGE_FILE="$BUILDDIR/cryptobox.iso"
|
||||
|
||||
# dfsbuild config
|
||||
CONFIG=$(get_config_file dfs.cbox.conf)
|
||||
|
||||
# temporary directory
|
||||
TMP_DIR="/tmp/`basename $0`-$$"
|
||||
|
||||
# the virtual harddisk image used for qemu
|
||||
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
||||
|
||||
# mkisofs options (the option "-U" is not clean, but it prevents long
|
||||
# filenames from getting mapped)
|
||||
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
|
||||
|
||||
# the chroot-wrapper within the cryptobox
|
||||
CHROOTSTART="/usr/lib/cryptobox/chroot-start.sh"
|
||||
|
||||
# for burning a CD
|
||||
CDWRITER="2,0,0"
|
||||
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
|
||||
|
||||
# qemu network configuration file
|
||||
QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
|
||||
|
@ -100,25 +78,34 @@ QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
|
|||
SSH_CONFIG_FILE=$(get_config_file ssh_config)
|
||||
|
||||
# extract the hostname of the cryptobox from the ssh_config file
|
||||
SSH_HOST=$(grep "^Host " $SSH_CONFIG_FILE | head -1 | sed 's/^Host *\(.*\)$/\1/')
|
||||
SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
|
||||
|
||||
# the script within the box, that does the development 'diff'
|
||||
DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh"
|
||||
|
||||
# local configuration directory - contains scripts to be executed after
|
||||
# 'configure'
|
||||
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
|
||||
|
||||
############# include local configuration ##############
|
||||
|
||||
if [ -e "$(get_config_file cbox-dev.conf)" ]
|
||||
then source "$(get_config_file cbox-dev.conf)"
|
||||
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# image directory created by dfsbuild
|
||||
# the BUILD_DIR is defined in the local cbox-dev.conf
|
||||
IMAGE_DIR="$BUILD_DIR/image"
|
||||
|
||||
|
||||
####################### functions ######################
|
||||
|
||||
function run_dfsbuild()
|
||||
{
|
||||
[ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..."
|
||||
dfsbuild -c "$CONFIG" -w "$BUILDDIR"
|
||||
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
|
||||
dfsbuild -c "$CONFIG" -w "$BUILD_DIR"
|
||||
|
||||
# remove iso image of dfsbuild - it is not necessary
|
||||
[ -e "$BUILDDIR/image.iso" ] && rm "$BUILDDIR/image.iso"
|
||||
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
|
||||
}
|
||||
|
||||
|
||||
|
@ -143,21 +130,11 @@ function qemu_boot()
|
|||
}
|
||||
|
||||
|
||||
function init_working_directory()
|
||||
{
|
||||
cat /proc/mounts | grep -q "`basename $IMAGE_DIR`/proc" && umount "$IMAGE_DIR/proc"
|
||||
[ -e "$IMAGE_DIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGE_DIR"
|
||||
echo "Copying the dfsbuild-image ..."
|
||||
cp -a "$IMAGE_DIR_ORIG" "$IMAGE_DIR"
|
||||
}
|
||||
|
||||
|
||||
function configure_cb()
|
||||
{
|
||||
if [ ! -e "$IMAGE_DIR" ]; then
|
||||
echo -e "Directory \"$IMAGE_DIR\" not found!"
|
||||
echo -e "Did you run \"$0 dfsbuild\"?"
|
||||
echo -e "Otherwise try \"$0 revert\" to fix this."
|
||||
exit
|
||||
fi
|
||||
|
||||
|
@ -175,7 +152,7 @@ function configure_cb()
|
|||
else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
|
||||
fi
|
||||
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
||||
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
||||
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
||||
|
||||
# source local configure scripts
|
||||
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
||||
|
@ -226,7 +203,7 @@ function upload2devel()
|
|||
|
||||
function merge_from_devel()
|
||||
# merge a diff from a running development cryptobox into
|
||||
# this working directory
|
||||
# your local copy
|
||||
{
|
||||
echo "Check for collisions ... (dry-run)"
|
||||
if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
|
||||
|
@ -261,7 +238,6 @@ while [ $# -gt 0 ]
|
|||
do case "$1" in
|
||||
dfsbuild )
|
||||
run_dfsbuild
|
||||
init_working_directory
|
||||
;;
|
||||
config )
|
||||
configure_cb normal
|
||||
|
@ -272,9 +248,6 @@ while [ $# -gt 0 ]
|
|||
qemu )
|
||||
qemu_boot
|
||||
;;
|
||||
revert )
|
||||
init_working_directory
|
||||
;;
|
||||
diff )
|
||||
# get a diff from a running development cryptobox
|
||||
devel_diff
|
||||
|
@ -283,16 +256,16 @@ while [ $# -gt 0 ]
|
|||
merge_from_devel
|
||||
;;
|
||||
harden )
|
||||
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
||||
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
||||
;;
|
||||
upload )
|
||||
upload2devel
|
||||
;;
|
||||
chroot )
|
||||
if [ ! -x "$IMAGE_DIR/$CHROOTSTART" ]
|
||||
then echo "the chroot init script ("$IMAGE_DIR/$CHROOTSTART") is not executable"
|
||||
if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
|
||||
then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
|
||||
echo "maybe you should run '`basename $0` cb-config' first"
|
||||
else chroot "$IMAGE_DIR" "$CHROOTSTART"
|
||||
else chroot "$IMAGE_DIR" "$CHROOT_START"
|
||||
fi
|
||||
;;
|
||||
burn )
|
||||
|
@ -302,7 +275,7 @@ while [ $# -gt 0 ]
|
|||
$0 dfsbuild config harden iso
|
||||
;;
|
||||
help|--help )
|
||||
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | revert | chroot | burn | upload | diff | merge | help )"
|
||||
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )"
|
||||
echo " (you may specify more than one action)"
|
||||
echo
|
||||
;;
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
1) Overview
|
||||
the files in this directory are examples specific hook scripts to change the
|
||||
the files in this directory are examples for specific hook scripts to change the
|
||||
configuration of the box
|
||||
|
||||
2) How to use these scripts
|
||||
|
@ -18,6 +18,6 @@ set_root_pw
|
|||
|
||||
import_authorized_keys
|
||||
- create a new rsa key (etc-local.d/id_rsa) and copy the public
|
||||
key to the working image directory
|
||||
key to the image directory
|
||||
- this is useful, if you secured the development cryptobox with a
|
||||
password (see 'set_root_pw')
|
||||
|
|
4
etc-defaults.d/README
Normal file
4
etc-defaults.d/README
Normal file
|
@ -0,0 +1,4 @@
|
|||
this directory contains some configuration files for the development of the CryptoBox
|
||||
|
||||
If you want to use different local settings, then you should copy the respective
|
||||
configuration file to the directory "etc-local.d" and adapt it to your needs.
|
42
etc-defaults.d/cbox-dev.conf
Normal file
42
etc-defaults.d/cbox-dev.conf
Normal file
|
@ -0,0 +1,42 @@
|
|||
# some local settings for cbox-build.sh and validate.sh
|
||||
#
|
||||
# previously defined settings:
|
||||
# - ROOT_DIR
|
||||
#
|
||||
|
||||
|
||||
####################### cbox-build ########################
|
||||
|
||||
# the build directory (will be ERASED without warning)
|
||||
BUILD_DIR="$ROOT_DIR/_builddir/cd1"
|
||||
|
||||
# the iso image
|
||||
IMAGE_FILE="$BUILD_DIR/cryptobox.iso"
|
||||
|
||||
# temporary directory
|
||||
TMP_DIR="/tmp/`basename $0`-$$"
|
||||
|
||||
# the virtual harddisk image used for qemu
|
||||
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
||||
|
||||
# mkisofs options (the option "-U" is not clean, but it prevents long
|
||||
# filenames from getting mapped)
|
||||
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
|
||||
|
||||
# for burning a CD
|
||||
CDWRITER="2,0,0"
|
||||
|
||||
|
||||
####################### validation ########################
|
||||
|
||||
VALIDATE_TEST_CASES_DIR=$ROOT_DIR/validation/test-cases
|
||||
|
||||
# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
|
||||
# who knows, what this should mean?
|
||||
|
||||
VALIDATE_HOST_ADDRESS=192.168.0.23:80
|
||||
VALIDATE_REPORT_DIR=/tmp/cryptobox-validation-$$
|
||||
VALIDATE_REPORT_DIR=$ROOT_DIR/validation/report
|
||||
VALIDATE_SUMMARY_TEMPLATE_DIR=$ROOT_DIR/validation/templates
|
||||
|
||||
|
|
@ -7,14 +7,37 @@
|
|||
|
||||
set -eu
|
||||
|
||||
CB_ROOT_DIR=$(dirname $0)/..
|
||||
TEST_CASES_DIR=$CB_ROOT_DIR/validation/test-cases
|
||||
# TODO: take care, that this file exists! (it is created during "upload", "diff" or "merge")
|
||||
HOST_IP=192.168.0.24
|
||||
REPORT_DIR=/tmp/cryptobox-validation-$$
|
||||
REPORT_DIR=$CB_ROOT_DIR/validation/report
|
||||
SUMMARY_TEMPLATE_DIR=$CB_ROOT_DIR/validation/templates
|
||||
|
||||
# get the path of a configuration file - local configuration files
|
||||
# supersede default files
|
||||
# parameter: base name of the configuration file
|
||||
function get_config_file()
|
||||
{
|
||||
[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
|
||||
[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
|
||||
echo "configuration file ($1) not found!" >&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
# the base directory of your local development files
|
||||
ROOT_DIR=$(dirname "$0")/..
|
||||
|
||||
# the template (default) configuration directory
|
||||
DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
|
||||
|
||||
# your local configuration directory (existing files supersede the defaults)
|
||||
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
|
||||
|
||||
|
||||
############# include local configuration ##############
|
||||
|
||||
if [ -e "$(get_config_file cbox-dev.conf)" ]
|
||||
then source "$(get_config_file cbox-dev.conf)"
|
||||
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
|
||||
exit 1
|
||||
fi
|
||||
|
||||
#################### some functions ####################
|
||||
|
||||
function error_die()
|
||||
{
|
||||
|
@ -43,39 +66,39 @@ function do_single()
|
|||
function do_series()
|
||||
# parameter: name of the test case
|
||||
{
|
||||
[ -d "$REPORT_DIR/$1" ] && rm -r "$REPORT_DIR/$1"
|
||||
mkdir -p "$REPORT_DIR/$1"
|
||||
find "$TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
|
||||
do do_single "$a" "$REPORT_DIR/$1"
|
||||
[ -d "$VALIDATE_REPORT_DIR/$1" ] && rm -r "$VALIDATE_REPORT_DIR/$1"
|
||||
mkdir -p "$VALIDATE_REPORT_DIR/$1"
|
||||
find "$VALIDATE_TEST_CASES_DIR/$1" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
|
||||
do do_single "$a" "$VALIDATE_REPORT_DIR/$1"
|
||||
done
|
||||
create_summary "$REPORT_DIR/$1" >"$REPORT_DIR/$1/summary.html"
|
||||
tar czf "$REPORT_DIR/${1}-results.tar.gz" -C "$REPORT_DIR" "$1"
|
||||
#echo "$REPORT_DIR/${1}-results.tar.gz"
|
||||
create_summary "$VALIDATE_REPORT_DIR/$1" >"$VALIDATE_REPORT_DIR/$1/summary.html"
|
||||
tar czf "$VALIDATE_REPORT_DIR/${1}-results.tar.gz" -C "$VALIDATE_REPORT_DIR" "$1"
|
||||
#echo "$VALIDATE_REPORT_DIR/${1}-results.tar.gz"
|
||||
}
|
||||
|
||||
|
||||
create_summary()
|
||||
# parameter: directory of results
|
||||
{
|
||||
cat "$SUMMARY_TEMPLATE_DIR/header"
|
||||
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/header"
|
||||
find "$1" -type f -name \*.desc -maxdepth 1 | sort | while read a
|
||||
do TESTNAME=$(basename ${a%.desc})
|
||||
TESTDESCRIPTION=$(cat $a)
|
||||
sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$SUMMARY_TEMPLATE_DIR/single_header"
|
||||
sed "s#_TESTNAME_#$TESTNAME#g; s/_TESTDESCRIPTION_/$TESTDESCRIPTION/" "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_header"
|
||||
local DIFF_FILE=${a%.desc}.diff
|
||||
if [ -s "$DIFF_FILE" ]
|
||||
then cat "$SUMMARY_TEMPLATE_DIR/result-error"
|
||||
then cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-error"
|
||||
sed 's#$#<br/>#' "$DIFF_FILE"
|
||||
else cat "$SUMMARY_TEMPLATE_DIR/result-ok"
|
||||
else cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/result-ok"
|
||||
echo "no differences found"
|
||||
# remove empty diff
|
||||
[ -e "$DIFF_FILE" ] && rm "$DIFF_FILE"
|
||||
fi
|
||||
cat "$SUMMARY_TEMPLATE_DIR/single_footer"
|
||||
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/single_footer"
|
||||
# remove description file
|
||||
rm "$a"
|
||||
done
|
||||
cat "$SUMMARY_TEMPLATE_DIR/footer"
|
||||
cat "$VALIDATE_SUMMARY_TEMPLATE_DIR/footer"
|
||||
}
|
||||
|
||||
|
||||
|
@ -83,17 +106,17 @@ import_style()
|
|||
# get the stylesheet file and images
|
||||
# change the stylesheet link
|
||||
{
|
||||
[ -d "REPORT_DIR/img" ] && rm -r "$REPORT_DIR/img"
|
||||
mkdir -p "$REPORT_DIR/img"
|
||||
[ -e "$REPORT_DIR/cryptobox.css" ] && rm "$REPORT_DIR/cryptobox.css"
|
||||
wget -q -O "$REPORT_DIR/cryptobox.css" http://$HOST_IP/cryptobox.css
|
||||
[ -d "VALIDATE_REPORT_DIR/img" ] && rm -r "$VALIDATE_REPORT_DIR/img"
|
||||
mkdir -p "$VALIDATE_REPORT_DIR/img"
|
||||
[ -e "$VALIDATE_REPORT_DIR/cryptobox.css" ] && rm "$VALIDATE_REPORT_DIR/cryptobox.css"
|
||||
wget -q -O "$VALIDATE_REPORT_DIR/cryptobox.css" http://$VALIDATE_HOST_ADDRESS/cryptobox.css
|
||||
# extract image file names
|
||||
grep "url(img/" "$REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
|
||||
do wget -q -O "$REPORT_DIR/img/$a" "http://$HOST_IP/img/$a"
|
||||
grep "url(img/" "$VALIDATE_REPORT_DIR/cryptobox.css" | sed 's#^.*url(img/\(.*\)).*$#\1#' | while read a
|
||||
do wget -q -O "$VALIDATE_REPORT_DIR/img/$a" "http://$VALIDATE_HOST_ADDRESS/img/$a"
|
||||
done
|
||||
|
||||
# change the stylesheet link in every html file in REPORT_DIR
|
||||
find "$REPORT_DIR" -type f -name \*.html | while read a
|
||||
find "$VALIDATE_REPORT_DIR" -type f -name \*.html | while read a
|
||||
do sed -i '#link rel="stylesheet"#s#href="/cryptobox.css"#href="../cryptobox.css"#g' "$a"
|
||||
done
|
||||
}
|
||||
|
@ -104,14 +127,14 @@ ACTION="--help"
|
|||
|
||||
case "$ACTION" in
|
||||
list )
|
||||
find "$TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
|
||||
find "$VALIDATE_TEST_CASES_DIR" -type d -maxdepth 1 -mindepth 1 | grep -v "/\.[^/]*$" | sort | while read a
|
||||
do echo $(basename "$a")
|
||||
done
|
||||
;;
|
||||
check )
|
||||
[ $# -ne 2 ] && error_die 1 "Syntax: $(basename $0) check NAME"
|
||||
CASE_DIR="$TEST_CASES_DIR/$2"
|
||||
[ ! -d "$CASE_DIR" ] && error_die 2 "the test case was not found ($CASE_DIR)!"
|
||||
CASE_DIR="$VALIDATE_TEST_CASES_DIR/$2"
|
||||
[ ! -d "$VALIDATE_CASE_DIR" ] && error_die 2 "the test case was not found ($VALIDATE_CASE_DIR)!"
|
||||
do_series "$2"
|
||||
import_style
|
||||
;;
|
||||
|
|
Loading…
Reference in a new issue