define TERM setting
comments for development actions added to cbox.sh source local configure scripts examples for local configure scripts added: - set_root_pw - import_authorized_keys
This commit is contained in:
parent
e3f4cb49e3
commit
6fec846638
|
@ -6,7 +6,7 @@
|
||||||
# dfsbuild - create the image directory with dfsbuild and copy it to
|
# dfsbuild - create the image directory with dfsbuild and copy it to
|
||||||
# the working directory
|
# the working directory
|
||||||
# config - apply cryptobox specific changes to the working directory
|
# config - apply cryptobox specific changes to the working directory
|
||||||
# harden - remove unnecessary packages (for release CD)
|
# harden - remove unnecessary packages and disable developer features
|
||||||
# iso - create the iso image (out of the working directory)
|
# iso - create the iso image (out of the working directory)
|
||||||
# burn - tries to burn the the image on a cd-rw (maybe it works)
|
# burn - tries to burn the the image on a cd-rw (maybe it works)
|
||||||
#
|
#
|
||||||
|
@ -16,6 +16,9 @@
|
||||||
# devel - enable developer features like sshd, writable templates and
|
# devel - enable developer features like sshd, writable templates and
|
||||||
# the test-suite (can be undone by "revert")
|
# the test-suite (can be undone by "revert")
|
||||||
# revert - reset the working directory to the image created by dfsbuild
|
# revert - reset the working directory to the image created by dfsbuild
|
||||||
|
# upload - copy local working copy to tmpfs on a running cryptobox
|
||||||
|
# diff - compare tmpfs-files on a running cryptobox with the original
|
||||||
|
# merge - apply the diff to the local copy
|
||||||
#
|
#
|
||||||
# final action:
|
# final action:
|
||||||
# release - the same as "dfsbuild config iso"
|
# release - the same as "dfsbuild config iso"
|
||||||
|
@ -60,7 +63,7 @@ LOCALCONF_DIR=local.conf.d
|
||||||
SSH_CONFIG_FILE="$LOCALCONF_DIR/ssh-options"
|
SSH_CONFIG_FILE="$LOCALCONF_DIR/ssh-options"
|
||||||
SSH_HOST=cryptobox
|
SSH_HOST=cryptobox
|
||||||
REMOTE_COMMAND="/usr/lib/cryptobox/devel-features.sh"
|
REMOTE_COMMAND="/usr/lib/cryptobox/devel-features.sh"
|
||||||
|
CUSTOM_CONFIGURE_DIR=$LOCALCONF_DIR/custom-configure.d
|
||||||
|
|
||||||
|
|
||||||
function run_dfsbuild()
|
function run_dfsbuild()
|
||||||
|
@ -117,7 +120,7 @@ function configure_cb()
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Copying files into the box ..."
|
echo "Copying files to the box ..."
|
||||||
[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
|
[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
|
||||||
cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
|
cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
|
||||||
rm -rf `find "$TMP_DIR" -type d -name ".svn"`
|
rm -rf `find "$TMP_DIR" -type d -name ".svn"`
|
||||||
|
@ -132,6 +135,16 @@ function configure_cb()
|
||||||
fi
|
fi
|
||||||
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
||||||
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
chroot "$IMAGE_DIR" "$CHROOTSTART" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
||||||
|
|
||||||
|
# source local configure scripts
|
||||||
|
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
||||||
|
find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
|
||||||
|
do echo "Sourcing custom configure script $(basename $file):"
|
||||||
|
# execute it in its own environment (to be safe)
|
||||||
|
# 'source' implicitly imports all current settings
|
||||||
|
# indent these lines to improve the output
|
||||||
|
( source "$file" ) 2>&1 | sed 's/^/\t/'
|
||||||
|
done
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -143,8 +156,9 @@ function fetch_revision()
|
||||||
|
|
||||||
function check_ssh_defaults()
|
function check_ssh_defaults()
|
||||||
{
|
{
|
||||||
|
[ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
|
||||||
if [ ! -e "$SSH_CONFIG_FILE" ]
|
if [ ! -e "$SSH_CONFIG_FILE" ]
|
||||||
then [ ! -d "$LOCALCONF_DIR" ] && mkdir "$LOCALCONF_DIR"
|
then echo "Copying default ssh_config file to '$SSH_CONFIG_FILE' ..."
|
||||||
cp misc/ssh-options.default "$SSH_CONFIG_FILE"
|
cp misc/ssh-options.default "$SSH_CONFIG_FILE"
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,10 +35,15 @@ function configure_normal()
|
||||||
|
|
||||||
######### bashrc ###########
|
######### bashrc ###########
|
||||||
# remove dfshints from bashrc
|
# remove dfshints from bashrc
|
||||||
sed -i "/^dfshints$/d" $RUNTIMEDIR/root/.bashrc
|
sed -i "/^dfshints$/d" "$RUNTIMEDIR/root/.bashrc"
|
||||||
|
|
||||||
|
########### TERM ###########
|
||||||
|
# set a usable default
|
||||||
|
sed -i '/^export TERM=/d' "$RUNTIMEDIR/root/.profile"
|
||||||
|
echo 'export TERM=vt100' >>"$RUNTIMEDIR/root/.profile"
|
||||||
|
|
||||||
if [ -e "/etc/ssh" ]; then
|
|
||||||
########## sshd ############
|
########## sshd ############
|
||||||
|
if [ -e "/etc/ssh" ]; then
|
||||||
# allow empty passwords for ssh
|
# allow empty passwords for ssh
|
||||||
# the daemon is NOT started automatically, so you have to start it
|
# the daemon is NOT started automatically, so you have to start it
|
||||||
# manually in case of need - as the root pw is empty and passwd is ro, you
|
# manually in case of need - as the root pw is empty and passwd is ro, you
|
||||||
|
@ -62,8 +67,12 @@ function configure_secure()
|
||||||
# remove unnecessary packages
|
# remove unnecessary packages
|
||||||
dpkg --force-all -P $SECURITY_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed."
|
dpkg --force-all -P $SECURITY_REMOVE_PACKAGES 2>&1 | grep -v "which isn't installed."
|
||||||
|
|
||||||
# remove development files
|
# remove the development features script
|
||||||
rm -f "$DEV_FEATURES_SCRIPT"
|
rm -f "$DEV_FEATURES_SCRIPT"
|
||||||
|
|
||||||
|
# maybe an authorized_keys file was created - but it is not dangerous,
|
||||||
|
# as the openssh package was removed anyway
|
||||||
|
rm -rf /root/.ssh
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
25
misc/custom-configure.d/README
Normal file
25
misc/custom-configure.d/README
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
1) Overview
|
||||||
|
the files in this directory are examples specific hook scripts to change the
|
||||||
|
configuration of the box
|
||||||
|
|
||||||
|
2) How to use these scripts
|
||||||
|
Copy the scripts, you would like to use into local.conf.d/custom-configure.d.
|
||||||
|
They will be sourced in alphabetic order AFTER the default configuration of the
|
||||||
|
cryptobox.
|
||||||
|
|
||||||
|
3) The examples
|
||||||
|
|
||||||
|
set_root_pw
|
||||||
|
- replace the empty root password (the default) with a choosen password
|
||||||
|
- useful if your development cryptobox:
|
||||||
|
- is located in an insecure environment
|
||||||
|
- or your development team is geographically distributed, so the
|
||||||
|
cryptobox for testing has to be publicly available
|
||||||
|
|
||||||
|
import_authorized_keys
|
||||||
|
- create a new rsa key (local.conf.d/id_rsa) and copy the public
|
||||||
|
key to the working image directory
|
||||||
|
- IMPORTANT: you have to activate the 'IdentityFile' setting in
|
||||||
|
local.conf.d/ssh-options to enable this feature
|
||||||
|
- this is useful, if you secured the development cryptobox with a
|
||||||
|
password (see 'set_root_pw')
|
23
misc/custom-configure.d/import_authorized_keys
Normal file
23
misc/custom-configure.d/import_authorized_keys
Normal file
|
@ -0,0 +1,23 @@
|
||||||
|
# import a public rsa key into the cryptobox for ssh authentication
|
||||||
|
#
|
||||||
|
# see README in misc/custom-configure.d for details
|
||||||
|
#
|
||||||
|
# do not forget to activate the 'IdentityFile' setting in
|
||||||
|
# local.conf.d/ssh-options
|
||||||
|
#
|
||||||
|
|
||||||
|
SSH_KEY_FILE="$LOCALCONF_DIR/id_rsa"
|
||||||
|
|
||||||
|
# create a rsa key if it does not yet exist
|
||||||
|
if [ ! -e "$SSH_KEY_FILE" ]
|
||||||
|
then echo "Creating ssh key ($SSH_KEY_FILE) ..."
|
||||||
|
mkdir -p $(dirname "$SSH_KEY_FILE")
|
||||||
|
ssh-keygen -t rsa -b 1024 -N '' -q -f "$SSH_KEY_FILE"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# copy new public ssh key to ~/.ssh/authorized_keys on cryptobox
|
||||||
|
check_ssh_defaults
|
||||||
|
echo "Copying local public ssh key file to the box ..."
|
||||||
|
mkdir -p "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh"
|
||||||
|
cp "${SSH_KEY_FILE}.pub" "$IMAGE_DIR/opt/dfsbuild/runtimerd/root/.ssh/authorized_keys"
|
||||||
|
|
10
misc/custom-configure.d/set_root_pw
Normal file
10
misc/custom-configure.d/set_root_pw
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
# replace the empty root password of an development cryptobox with a choosen one
|
||||||
|
#
|
||||||
|
# see misc/custom-configure.d/README for details
|
||||||
|
#
|
||||||
|
|
||||||
|
# set the password to your needs
|
||||||
|
NEW_ROOT_PASSWORD=foobar
|
||||||
|
|
||||||
|
echo "Setting a root password ..."
|
||||||
|
echo "root:$NEW_ROOT_PASSWORD" | chroot "$IMAGE_DIR" "$CHROOTSTART" chpasswd root
|
|
@ -4,6 +4,10 @@ Host cryptobox
|
||||||
HostName 192.168.0.23
|
HostName 192.168.0.23
|
||||||
Port 22
|
Port 22
|
||||||
|
|
||||||
|
# maybe you want to use rsa authentication?
|
||||||
|
# see misc/custom-configure.s/README for examples
|
||||||
|
#IdentityFile local.conf.d/id_rsa
|
||||||
|
|
||||||
# this should be valid for everyone
|
# this should be valid for everyone
|
||||||
User root
|
User root
|
||||||
CheckHostIP no
|
CheckHostIP no
|
||||||
|
|
Loading…
Reference in a new issue