parent
855bf4742c
commit
a66e5d3512
@ -1,39 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
CBXSERVER=CryptoBoxWebserver.py
|
||||
|
||||
if test -e "./$CBXSERVER"
|
||||
then CBXPATH=$(pwd)
|
||||
else CBXPATH=/usr/lib/cryptobox
|
||||
fi
|
||||
|
||||
|
||||
|
||||
set -e
|
||||
|
||||
case "$1" in
|
||||
start)
|
||||
echo -n "Starting $DESC: "
|
||||
start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS
|
||||
echo "$NAME."
|
||||
;;
|
||||
|
||||
stop)
|
||||
echo -n "Stopping $DESC: "
|
||||
# does the pid file exist?
|
||||
test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1
|
||||
# kill all process with the parent pid that we saved before
|
||||
pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE"
|
||||
echo "$NAME."
|
||||
;;
|
||||
restart )
|
||||
"$0" stop
|
||||
"$0" start
|
||||
;;
|
||||
*)
|
||||
echo "Usage: $(basename $0) {start|stop|restart}" >&2
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
@ -0,0 +1,17 @@
|
||||
# CryptoBox configuration file
|
||||
#
|
||||
# the following directives allow you to use the cryptobox web interface behind apache
|
||||
#
|
||||
# you need to enable the following modules:
|
||||
# - proxy
|
||||
# - headers
|
||||
# (for debian: run "a2enmod MOD_NAME")
|
||||
#
|
||||
# IMPORTANT: for now it does not work! Any comments are appreciated ...
|
||||
#
|
||||
|
||||
<Location /cbox>
|
||||
ProxyPass http://localhost:8080
|
||||
ProxyPassReverse http://localhost:8080
|
||||
RequestHeader set CBOX-Location /cbox
|
||||
</Location>
|
@ -0,0 +1,83 @@
|
||||
[Main]
|
||||
|
||||
# comma separated list of possible prefixes for accesible devices
|
||||
# beware: .e.g "/dev/hd" grants access to _all_ harddisks
|
||||
AllowedDevices = /dev/loop, /dev/ubdb
|
||||
|
||||
# use separate config partition? (1=yes / 0=no)
|
||||
UseConfigPartition = 1
|
||||
|
||||
# the default name prefix of not unnamed containers
|
||||
DefaultVolumePrefix = "Disk "
|
||||
|
||||
# which cipher should cryptsetup-luks use?
|
||||
#TODO: uml does not support this module - DefaultCipher = aes-cbc-essiv:sha256
|
||||
DefaultCipher = aes-plain
|
||||
|
||||
# label of the configuration partition (you should never change this)
|
||||
ConfigVolumeLabel = cbox_config
|
||||
|
||||
# which plugins should be disabled? (comma seperated list)
|
||||
#DisabledPlugins = network, shutdown, partition
|
||||
|
||||
|
||||
[Locations]
|
||||
# where should we mount volumes?
|
||||
# this directory must be writeable by the cryptobox user (see above)
|
||||
MountParentDir = /var/cache/cryptobox/mnt
|
||||
|
||||
# settings directory: contains name database and plugin configuration
|
||||
SettingsDir = /var/cache/cryptobox/settings
|
||||
|
||||
# where are the clearsilver templates?
|
||||
TemplateDir = /usr/share/cryptobox/templates
|
||||
|
||||
# path to language files
|
||||
LangDir = /usr/share/cryptobox/lang
|
||||
|
||||
# path to documentation files
|
||||
DocDir = /usr/share/doc/cryptobox/html
|
||||
|
||||
# path to the plugin directory
|
||||
PluginDir = /usr/share/cryptobox/plugins
|
||||
|
||||
# path to the hook directory (e.g. containing some scripts)
|
||||
HookDir = /etc/cryptobox/events.d
|
||||
|
||||
|
||||
[Log]
|
||||
# possible values are "debug", "info", "warn" and "error" or numbers from
|
||||
# 0 (debug) to 7 (error)
|
||||
Level = debug
|
||||
|
||||
# where to write the log messages to?
|
||||
# possible values are: file
|
||||
# syslog support will be added later
|
||||
Destination = file
|
||||
|
||||
# depending on the choosen destination (see above) you may select
|
||||
# details. Possible values for the different destinations are:
|
||||
# file: $FILENAME
|
||||
# syslog: $LOG_FACILITY
|
||||
Details = /var/log/cryptobox.log
|
||||
|
||||
|
||||
[WebSettings]
|
||||
# URL of default stylesheet
|
||||
Stylesheet = /cryptobox-misc/cryptobox.css
|
||||
|
||||
# default language
|
||||
Language = de
|
||||
|
||||
|
||||
[Programs]
|
||||
cryptsetup = /sbin/cryptsetup
|
||||
mkfs-data = /sbin/mkfs.ext3
|
||||
blkid = /sbin/blkid
|
||||
blockdev = /sbin/blockdev
|
||||
mount = /bin/mount
|
||||
umount = /bin/umount
|
||||
super = /usr/bin/super
|
||||
# this is the "program" name as defined in /etc/super.tab
|
||||
CryptoBoxRootActions = CryptoBoxRootActions
|
||||
|
@ -0,0 +1,17 @@
|
||||
[global]
|
||||
server.socketPort = 8080
|
||||
#server.environment = "production"
|
||||
server.environment = "development"
|
||||
server.logToScreen = False
|
||||
server.log_tracebacks = True
|
||||
server.threadPool = 1
|
||||
server.reverseDNS = False
|
||||
server.logFile = "/var/log/cryptoboxwebserver.log"
|
||||
|
||||
[/favicon.ico]
|
||||
static_filter.on = True
|
||||
# TODO: use live-cd/live-cd-tree.d/var/www/favicon.ico
|
||||
static_filter.file = "/usr/share/doc/python-cherrypy/cherrypy/favicon.ico"
|
||||
|
||||
[/test_stream]
|
||||
stream_response = True
|
@ -0,0 +1 @@
|
||||
5
|
@ -1,25 +1,71 @@
|
||||
#!/bin/sh
|
||||
|
||||
LOG_FILE=/var/log/cryptobox.log
|
||||
WEBLOG_FILE=/var/log/cryptoboxwebserver.log
|
||||
PID_DIR=/var/run/cryptobox
|
||||
CRYPTOBOX_USER=cryptobox
|
||||
USER_HOME=/var/cache/cryptobox
|
||||
SUPER_FILE=/etc/super.tab
|
||||
|
||||
# create mount and config directories with appropriate permissions
|
||||
test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
|
||||
|
||||
if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null
|
||||
then # do nothing - the user already exists
|
||||
true
|
||||
else # create cryptobox user
|
||||
create_user_home()
|
||||
{
|
||||
# if the user already exists -> do nothing
|
||||
getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null && return 0
|
||||
# create cryptobox user
|
||||
echo "Creating new user '$CRYPTOBOX_USER' ..."
|
||||
USER_HOME=/var/cache/cryptobox
|
||||
adduser --system --group --home "$USER_HOME" cryptobox
|
||||
mkdir "$USER_HOME/mnt"
|
||||
adduser --system --group --groups disk --home "$USER_HOME" cryptobox
|
||||
mkdir -p "$USER_HOME/mnt"
|
||||
mkdir -p "$USER_HOME/settings"
|
||||
chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
|
||||
# only members of the cryptobox group may access the user directory
|
||||
chmod 750 "$USER_HOME"
|
||||
fi
|
||||
}
|
||||
|
||||
create_log_file()
|
||||
{
|
||||
# create config directories with appropriate permissions
|
||||
test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
|
||||
test ! -e "$WEBLOG_FILE" && mkdir -p "$(dirname $WEBLOG_FILE)" && touch "$WEBLOG_FILE" && chown "$CRYPTOBOX_USER" "$WEBLOG_FILE"
|
||||
}
|
||||
|
||||
create_add_super_permission()
|
||||
{
|
||||
## this will add some lines to the configuration file of 'super'
|
||||
## do nothing, if there is already a CryptoBox line
|
||||
grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" && return 0
|
||||
echo >>"$SUPER_FILE" "## CRYPTOBOX_MARKER - please do not remove!"
|
||||
echo >>"$SUPER_FILE" "CryptoBoxRootActions /usr/lib/cryptobox/CryptoBoxRootActions.py $CRYPTOBOX_USER"
|
||||
}
|
||||
|
||||
create_pid_dir()
|
||||
{
|
||||
test ! -e "$PID_DIR" && mkdir -p "$PID_DIR" && chown "$CRYPTOBOX_USER" "$PID_DIR"
|
||||
}
|
||||
|
||||
|
||||
#################### main ######################
|
||||
|
||||
case "$1" in
|
||||
configure)
|
||||
create_user_home
|
||||
create_log_file
|
||||
create_pid_dir
|
||||
create_add_super_permission
|
||||
# continue at the end
|
||||
;;
|
||||
abort-upgrade|abort-remove|abort-deconfigure)
|
||||
# nothing to be done
|
||||
exit 0
|
||||
;;
|
||||
*)
|
||||
echo "postinst called with unknown argument \`$1'" >&2
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
|
||||
#DEBHELPER#
|
||||
|
||||
true
|
||||
exit 0
|
||||
|
||||
|
@ -0,0 +1 @@
|
||||
2
|
@ -0,0 +1,5 @@
|
||||
debootstrap etch _builddir
|
||||
chroot _builddir
|
||||
sed -i "/respawn:\/sbin\/getty/d" /etc/inittab
|
||||
echo "0:1235:respawn:/sbin/getty 38400 console linux" >>/etc/inittab
|
||||
|
Loading…
Reference in New Issue