define TERM setting
comments for development actions added to cbox.sh source local configure scripts examples for local configure scripts added: - set_root_pw - import_authorized_keys
This commit is contained in:
parent
e3f4cb49e3
commit
6fec846638
6 changed files with 93 additions and 8 deletions
|
|
@ -6,7 +6,7 @@
|
|||
# dfsbuild - create the image directory with dfsbuild and copy it to
|
||||
# the working directory
|
||||
# config - apply cryptobox specific changes to the working directory
|
||||
# harden - remove unnecessary packages (for release CD)
|
||||
# harden - remove unnecessary packages and disable developer features
|
||||
# iso - create the iso image (out of the working directory)
|
||||
# burn - tries to burn the the image on a cd-rw (maybe it works)
|
||||
#
|
||||
|
|
@ -16,6 +16,9 @@
|
|||
# devel - enable developer features like sshd, writable templates and
|
||||
# the test-suite (can be undone by "revert")
|
||||
# revert - reset the working directory to the image created by dfsbuild
|
||||
# upload - copy local working copy to tmpfs on a running cryptobox
|
||||
# diff - compare tmpfs-files on a running cryptobox with the original
|
||||
# merge - apply the diff to the local copy
|
||||
#
|
||||
# final action:
|
||||
# release - the same as "dfsbuild config iso"
|
||||
|
|
@ -60,7 +63,7 @@ LOCALCONF_DIR=local.conf.d
|
|||
SSH_CONFIG_FILE="$LOCALCONF_DIR/ssh-options"
|
||||
SSH_HOST=cryptobox
|
||||
REMOTE_COMMAND="/usr/lib/cryptobox/devel-features.sh"
|
||||
|
||||
CUSTOM_CONFIGURE_DIR=$LOCALCONF_DIR/custom-configure.d
|
||||
|
||||
|
||||
function run_dfsbuild()
|
||||
|
|
@ -117,13 +120,13 @@ function configure_cb()
|
|||
exit
|
||||
fi
|
||||
|
||||
echo "Copying files into the box ..."
|
||||
echo "Copying files to the box ..."
|
||||
[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
|
||||
cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
|
||||
rm -rf `find "$TMP_DIR" -type d -name ".svn"`
|
||||
cp -dr "$TMP_DIR/." "$IMAGE_DIR"
|
||||
rm -rf "$TMP_DIR"
|
||||
|
||||
|
||||
echo "Configuring the cryptobox ..."
|
||||
# "harden" removes /etc/issue ...
|
||||
if [ -e "$IMAGE_DIR/etc/issue" ]
|
||||
|
|
@ -132,6 +135,16 @@ function configure_cb()
|
|||
fi
|
||||
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
||||
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
||||
|
||||
# source local configure scripts
|
||||
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
||||
find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
|
||||
do echo "Sourcing custom configure script $(basename $file):"
|
||||
# execute it in its own environment (to be safe)
|
||||
# 'source' implicitly imports all current settings
|
||||
# indent these lines to improve the output
|
||||
( source "$file" ) 2>&1 | sed 's/^/\t/'
|
||||
done
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -143,8 +156,9 @@ function fetch_revision()
|
|||
|
||||
function check_ssh_defaults()
|
||||
{
|
||||
[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
|
||||
if [ ! -e "$SSH_CONFIG_FILE" ]
|
||||
then [ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
|
||||
then echo "Copying default ssh_config file to '$SSH_CONFIG_FILE' ..."
|
||||
cp misc/ssh-options.default "$SSH_CONFIG_FILE"
|
||||
fi
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,10 +35,15 @@ function configure_normal()
|
|||
|
||||
######### bashrc ###########
|
||||
# remove dfshints from bashrc
|
||||
sed -i "/^dfshints$/d" $RUNTIMEDIR/root/.bashrc
|
||||
sed -i "/^dfshints$/d" "$RUNTIMEDIR/root/.bashrc"
|
||||
|
||||
########### TERM ###########
|
||||
# set a usable default
|
||||
sed -i '/^export TERM=/d' "$RUNTIMEDIR/root/.profile"
|
||||
echo 'export TERM=vt100' >>"$RUNTIMEDIR/root/.profile"
|
||||
|
||||
########## sshd ############
|
||||
if [ -e "/etc/ssh" ]; then
|
||||
########## sshd ############
|
||||
# allow empty passwords for ssh
|
||||
# the daemon is NOT started automatically, so you have to start it
|
||||
# manually in case of need - as the root pw is empty and passwd is ro, you
|
||||
|
|
@ -62,8 +67,12 @@ function configure_secure()
|
|||
# remove unnecessary packages
|
||||
dpkg --force-all -P $SECURITY_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed."
|
||||
|
||||
# remove development files
|
||||
# remove the development features script
|
||||
rm -f "$DEV_FEATURES_SCRIPT"
|
||||
|
||||
# maybe an authorized_keys file was created - but it is not dangerous,
|
||||
# as the openssh package was removed anyway
|
||||
rm -rf /root/.ssh
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
25
misc/custom-configure.d/README
Normal file
25
misc/custom-configure.d/README
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
1) Overview
|
||||
the files in this directory are examples specific hook scripts to change the
|
||||
configuration of the box
|
||||
|
||||
2) How to use these scripts
|
||||
Copy the scripts, you would like to use into local.conf.d/custom-configure.d.
|
||||
They will be sourced in alphabetic order AFTER the default configuration of the
|
||||
cryptobox.
|
||||
|
||||
3) The examples
|
||||
|
||||
set_root_pw
|
||||
- replace the empty root password (the default) with a choosen password
|
||||
- useful if your development cryptobox:
|
||||
- is located in an insecure environment
|
||||
- or your development team is geographically distributed, so the
|
||||
cryptobox for testing has to be publicly available
|
||||
|
||||
import_authorized_keys
|
||||
- create a new rsa key (local.conf.d/id_rsa) and copy the public
|
||||
key to the working image directory
|
||||
- IMPORTANT: you have to activate the 'IdentityFile' setting in
|
||||
local.conf.d/ssh-options to enable this feature
|
||||
- this is useful, if you secured the development cryptobox with a
|
||||
password (see 'set_root_pw')
|
||||
23
misc/custom-configure.d/import_authorized_keys
Normal file
23
misc/custom-configure.d/import_authorized_keys
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
# import a public rsa key into the cryptobox for ssh authentication
|
||||
#
|
||||
# see README in misc/custom-configure.d for details
|
||||
#
|
||||
# do not forget to activate the 'IdentityFile' setting in
|
||||
# local.conf.d/ssh-options
|
||||
#
|
||||
|
||||
SSH_KEY_FILE="$LOCALCONF_DIR/id_rsa"
|
||||
|
||||
# create a rsa key if it does not yet exist
|
||||
if [ ! -e "$SSH_KEY_FILE" ]
|
||||
then echo "Creating ssh key ($SSH_KEY_FILE) ..."
|
||||
mkdir -p $(dirname "$SSH_KEY_FILE")
|
||||
ssh-keygen -t rsa -b 1024 -N '' -q -f "$SSH_KEY_FILE"
|
||||
fi
|
||||
|
||||
# copy new public ssh key to ~/.ssh/authorized_keys on cryptobox
|
||||
check_ssh_defaults
|
||||
echo "Copying local public ssh key file to the box ..."
|
||||
mkdir -p "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh"
|
||||
cp "${SSH_KEY_FILE}.pub" "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh/authorized_keys"
|
||||
|
||||
10
misc/custom-configure.d/set_root_pw
Normal file
10
misc/custom-configure.d/set_root_pw
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
# replace the empty root password of an development cryptobox with a choosen one
|
||||
#
|
||||
# see misc/custom-configure.d/README for details
|
||||
#
|
||||
|
||||
# set the password to your needs
|
||||
NEW_ROOT_PASSWORD=foobar
|
||||
|
||||
echo "Setting a root password ..."
|
||||
echo "root:$NEW_ROOT_PASSWORD" | chroot "$IMAGE_DIR" "$CHROOTSTART" chpasswd root
|
||||
|
|
@ -4,6 +4,10 @@ Host cryptobox
|
|||
HostName 192.168.0.23
|
||||
Port 22
|
||||
|
||||
# maybe you want to use rsa authentication?
|
||||
# see misc/custom-configure.s/README for examples
|
||||
#IdentityFile local.conf.d/id_rsa
|
||||
|
||||
# this should be valid for everyone
|
||||
User root
|
||||
CheckHostIP no
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue