diff --git a/cbox-build.sh b/cbox-build.sh new file mode 100755 index 0000000..60dff4d --- /dev/null +++ b/cbox-build.sh @@ -0,0 +1,234 @@ +#!/bin/sh +# +# managing our work at the cryptobox +# +# usual workflow: +# dfsbuild - create the image directory with dfsbuild and copy it to +# the working directory +# config - apply cryptobox specific changes to the working directory +# iso - create the iso image (out of the working directory) +# burn - tries to burn the the image on a cd-rw (maybe it works) +# +# development actions: +# chroot - run first tests in a chroot environment +# qemu - run the qemu emulation +# devel - enable developer features like sshd, writable templates and +# the test-suite (can be undone by "revert") +# revert - reset the working directory to the image created by dfsbuild +# +# final action: +# release - the same as "dfsbuild config iso" +# +# +# problems of this script: +# - has to run as root, because dfsbuild, config, iso, chroot, devel, +# revert and release need root privileges +# +# you may run this script with multiple arguments, e.g.: +# cb-build.sh dfsbuild config iso qemu +# +# the action "release" does what it says :) +# (all developer's features like sshd, writable templates and +# the test-suite are deactivated) +# + + +set -ue + +# dfsbuild config +CONFIG="dfs.cbox.conf" +# the build directory (will be ERASED without warning) +BUILDDIR="_builddir/cd1" +# image directory created by dfsbuild +IMAGEDIR_ORIG="$BUILDDIR/image" +# a working copy of the image directory +IMAGEDIR="$BUILDDIR/image-working" +# template directory for cryptobox specific configuration +TEMPLATEDIR="cryptobox.conf.d" +# the iso image +IMAGEFILE="$BUILDDIR/image.iso" +# temporary directory +TMPDIR="/tmp/`basename $0`-$$" +HD_IMAGE="/tmp/`basename $0`-testplatte.img" +# mkisofs options (the option "-U" is not clean, but it prevents long filenames from getting mapped) +MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R" +CHROOTSTART="/scripts/chroot-start.sh" +CDWRITER="0,0,0" +# for development diffs and merges from a running cryptobox +REMOTE_COMMAND="ssh -l root `cat \"$TEMPLATEDIR/usr/share/cryptobox/defaults/ip\"` /scripts/devel-features.sh" +REMOTE_COPY_DEST="root@`cat \"$TEMPLATEDIR/usr/share/cryptobox/defaults/ip\"`:/tmp/mirror/" + + + +function run_dfsbuild() +{ + [ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..." + dfsbuild -c "$CONFIG" -w "$BUILDDIR" +} + + +function create_iso() +{ + echo "Creating the iso ..." + mkisofs $MKISOFS_OPTIONS -o "$IMAGEFILE" "$IMAGEDIR" +} + + +function qemu_boot() +{ + if [ ! -e "$HD_IMAGE" ] + then echo "Creating temporary harddisk image ..." + dd if=/dev/zero of="$HD_IMAGE" bs=1M count=5 + fi + echo "Starting qemu ..." + qemu -cdrom "$IMAGEFILE" -m 64 -hda "$IMAGEFILE" -boot d -n misc/qemu-ifup || true + # remove iptables rules + misc/qemu-ifup stop +} + + +function init_working_directory() +{ + [ -e "$IMAGEDIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGEDIR" + echo "Copying the dfsbuild-image ..." + cp -a "$IMAGEDIR_ORIG" "$IMAGEDIR" +} + + +function configure_cb() +{ + if [ ! -e "$IMAGEDIR" ]; then + echo -e "Directory \"$IMAGEDIR\" not found!" + echo -e "Did you run \"$0 dfsbuild\"?" + echo -e "Otherwise try \"$0 revert\" to fix this." + exit + fi + + echo "Copying files into the box ..." + [ -e "$TMPDIR" ] && rm -rf "$TMPDIR" + cp -r "$TEMPLATEDIR/." "$TMPDIR" + rm -rf `find "$TMPDIR" -type d -name ".svn"` + cp -r "$TMPDIR/." "$IMAGEDIR" + rm -rf "$TMPDIR" + + echo "Configuring the cryptobox ..." + sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGEDIR/etc/issue" + fetch_revision >"$IMAGEDIR/etc/cryptobox/revision" + chroot "$IMAGEDIR" "/scripts/configure-cryptobox.sh" +} + +function fetch_revision() +{ + svn -R info| grep ^Revision| cut -f2 -d " " | sort | tail -1 +} + +function upload2devel() +# upload local files to a development cryptobox +# this is necessary to use an "old" development cd with +# new code - this affects only the web-interface and the +# cryptobox.sh-script (the boot behaviour stays the same) +# +# of course, only the directories that are mapped to tmpfs can +# be updated this way +{ + local DIRS="scripts var/www usr/share/cryptobox usr/lib/cryptobox" + [ -e "$TMPDIR" ] || mkdir -p "$TMPDIR" + for a in $DIRS + do mkdir -p "$TMPDIR/$a" + cp -r "$TEMPLATEDIR/$a/." "$TMPDIR/$a" + done + find "$TMPDIR" -type d -name '\.svn' | while read a + do rm -rf "$a" + done + scp -rpq "$TMPDIR/." "$REMOTE_COPY_DEST" + rm -rf "$TMPDIR" + $REMOTE_COMMAND set_diff_base +} + + +function merge_from_devel() +# merge a diff from a running development cryptobox into +# this working directory +{ + cd "$TEMPLATEDIR" + echo "Check for collisions ... (dry-run)" + if $REMOTE_COMMAND diff | patch --dry-run -p1 + then echo + echo "Applying diff ..." + $REMOTE_COMMAND diff | patch -p1 + # set the base for the next diff to present state + $REMOTE_COMMAND set_diff_base + else echo "Merging will fail - do it manually!" + fi +} + + +function blanknburn_cdrw() +{ + cdrecord -v dev=$CDWRITER blank=fast + cdrecord -v dev=$CDWRITER $IMAGEFILE +} +################ do it! ###################### + +[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'" + +while [ $# -gt 0 ] + do case "$1" in + dfsbuild ) + run_dfsbuild + init_working_directory + ;; + config ) + configure_cb + ;; + iso ) + create_iso + ;; + qemu ) + qemu_boot + ;; + revert ) + init_working_directory + ;; + diff ) + # get a diff from a running development cryptobox + $REMOTE_COMMAND diff + ;; + merge ) + merge_from_devel + ;; + upload ) + upload2devel + ;; + chroot ) + if [ ! -x "$IMAGEDIR/$CHROOTSTART" ] + then echo "the chroot init script ("$IMAGEDIR/$CHROOTSTART") is not executable" + echo "maybe you should run '`basename $0` cb-config' first" + else chroot "$IMAGEDIR" "$CHROOTSTART" + fi + ;; + devel ) + echo "Developer's features are enabled - do NOT use this CD in a production system!" + # add the development marker to the working copy + echo "BEWARE: this CryptoBox is not usable" > "$IMAGEDIR/DEVELOPMENT_CRYPTOBOX" + ;; + burn ) + blanknburn_cdrw + ;; + release ) + $0 dfsbuild config iso + ;; + help|--help ) + echo "Syntax: `basename $0` ( dfsbuild | config | iso | release | qemu | revert | chroot | devel | burn | help )" + echo " (you may specify more than one action)" + echo + ;; + * ) + echo -e "unknown action: $1" + echo + $0 help + exit 1 + ;; + esac + shift + done