diff --git a/Makefile b/Makefile
index ee95511..85045f6 100644
--- a/Makefile
+++ b/Makefile
@@ -29,22 +29,38 @@ build:
install: $(BUILD_DIR)-stamp
+ ## programs
$(INSTALL) -d -m 755 $(LIB_DIR)
$(INSTALL) -c -m 755 bin/*.py $(LIB_DIR)/
+ $(INSTALL) -c -m 755 bin/*.sh $(LIB_DIR)/
+ ## language files
$(INSTALL) -d -m 755 $(SHARE_DIR)/lang
$(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/
+ ## template files
$(INSTALL) -d -m 755 $(SHARE_DIR)/templates
$(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates
+ ## html data
$(INSTALL) -d -m 755 $(SHARE_DIR)/html
$(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/
$(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/
$(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/
+ ## screenshots
$(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots
$(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/
- $(INSTALL) -d -m 755 $(DOC_DIR)/html/en
- $(INSTALL) -d -m 755 $(DOC_DIR)/html/de
- $(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/
- $(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/
+ ## documentation files (html)
+ ls doc/html | while read lang ;\
+ do test -d "doc/html/$$lang" && \
+ $(INSTALL) -d -m 755 "$(DOC_DIR)/html/$$lang" && \
+ $(INSTALL) -c -m 644 "doc/html/$$lang"/* "$(DOC_DIR)/html/$$lang/" ;\
+ done; true
+ ## configuration examples
+ $(INSTALL) -d -m 755 $(DOC_DIR)/conf-examples
+ $(INSTALL) -c -m 644 conf-examples/* $(DOC_DIR)/conf-examples/
+ ## plugins
+ $(INSTALL) -d -m 755 $(SHARE_DIR)/plugins
+ for e in plugins/*; do cp -r "$$e" "$(SHARE_DIR)/plugins"; done
+ ## event scripts
+ $(INSTALL) -c -m 644 hook-scripts/README $(DOC_DIR)/README.events
clean:
diff --git a/bin/CryptoBoxPlugin.py b/bin/CryptoBoxPlugin.py
index 324252c..a900b82 100644
--- a/bin/CryptoBoxPlugin.py
+++ b/bin/CryptoBoxPlugin.py
@@ -146,7 +146,7 @@ class CryptoBoxPlugin:
if self.cbox.prefs.pluginConf[self.getName()]["rank"] is None:
return self.rank
return int(self.cbox.prefs.pluginConf[self.getName()]["rank"])
- except KeyError, TypeError:
+ except (KeyError, TypeError):
return self.rank
diff --git a/bin/CryptoBoxTools.py b/bin/CryptoBoxTools.py
index 25ffa03..0a5e896 100644
--- a/bin/CryptoBoxTools.py
+++ b/bin/CryptoBoxTools.py
@@ -141,7 +141,7 @@ def isPartOfBlockDevice(parent, subdevice):
if (str(par_major), str(par_minor)) == tuple([e for e in file(blpath)][0].strip().split(":",1)):
parent_path = os.path.join(root, bldev)
break
- except IndexError, OSError:
+ except (IndexError, OSError):
pass
else:
## no block device with this major/minor combination found below '/sys/block'
@@ -153,7 +153,7 @@ def isPartOfBlockDevice(parent, subdevice):
if (str(sub_major), str(sub_minor)) == tuple([e for e in file(subblpath)][0].strip().split(":",1)):
## the name of the subdevice node is not important - we found it!
return True
- except IndexError, OSError:
+ except (IndexError, OSError):
pass
return False
diff --git a/bin/CryptoBoxWebserver.py b/bin/CryptoBoxWebserver.py
index 722438b..0cc8aa2 100755
--- a/bin/CryptoBoxWebserver.py
+++ b/bin/CryptoBoxWebserver.py
@@ -1,6 +1,7 @@
#!/usr/bin/python2.4
import os
import WebInterfaceSites
+from CryptoBoxExceptions import *
import sys
try:
@@ -9,11 +10,21 @@ except:
print "Could not import the cherrypy module! Try 'apt-get install python-cherrypy'."
sys.exit(1)
+
+
+## TODO: it should be possible to override this via commandline arguments
+PID_FILE = '/var/run/cryptobox/webserver.pid'
+
class CryptoBoxWebserver:
'''this class starts the cherryp webserver and serves the single sites'''
def __init__(self):
- cherrypy.root = WebInterfaceSites.WebInterfaceSites()
+ try:
+ cherrypy.root = WebInterfaceSites.WebInterfaceSites()
+ except (CBConfigError,CBEnvironmentError), errMsg:
+ sys.stderr.write("The CryptoBox is misconfigured - please fix it!\n")
+ sys.stderr.write("%s\n" % str(errMsg))
+ sys.exit(1)
#expose static content:
#I currently have no idea how to cleanly extract the stylesheet path from
#the config object without an extra CryptoBox.CryptoBoxProps instance.
@@ -24,15 +35,76 @@ class CryptoBoxWebserver:
cherrypy.config.configMap.update({
"/cryptobox-misc": {
"staticFilter.on" : True,
- "staticFilter.dir": os.path.abspath("../www-data" )}
+ "staticFilter.dir": os.path.abspath("/usr/share/cryptobox/html" )}
})
def start(self):
# just use this config, when we're started directly
- cherrypy.config.update(file = "cryptoboxwebserver.conf")
+ cherrypy.config.update(file = "/etc/cryptobox/cryptoboxwebserver.conf")
cherrypy.server.start()
-if __name__ == "__main__":
- cbw = CryptoBoxWebserver()
- cbw.start()
+
+def fork_to_background():
+ ## this is just copy'n'pasted from http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731
+ ## check the original for exhaustive comments
+ try:
+ pid = os.fork()
+ except OSError, errMsg:
+ sys.stderr.write("Failed to fork cryptobox daemon process!\n")
+ sys.stderr.write("%s\n" % errMsg)
+ sys.exit(1)
+ if pid == 0: # the first child
+ os.setsid()
+ try:
+ pid = os.fork()
+ except OSError, errMsg:
+ sys.stderr.write("Failed to fork second cryptobox daemon process!\n")
+ sys.stderr.write("%s\n" % errMsg)
+ sys.exit(1)
+ if pid == 0: # the second child
+ os.chdir(os.path.sep)
+ os.umask(0)
+ else:
+ os._exit(0)
+ else:
+ os._exit(0)
+ import resource # Resource usage information.
+ maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1]
+ if (maxfd == resource.RLIM_INFINITY):
+ maxfd = 1024
+ for fd in range(0, maxfd):
+ try:
+ os.close(fd)
+ except OSError: # ERROR, fd wasn't open to begin with (ignored)
+ pass
+ os.open(os.devnull, os.O_RDWR) # standard input (0)
+ os.dup2(0, 1) # standard output (1)
+ os.dup2(0, 2) # standard error (2)
+
+
+def write_pid_file(pid_file):
+ try:
+ pidf = open(pid_file,"w")
+ pidf.write(str(os.getpid()))
+ pidf.close()
+ except (IOError, OSError), errMsg:
+ sys.stderr.write("Failed to write pid file (%s): %s\n" % (pid_file, errMsg))
+ ## it is just a warning - no need to break
+
+
+if __name__ == "__main__":
+ ## TODO: add some argument checking: configFile, daemonMode, ...
+ cbw = CryptoBoxWebserver()
+ ## run the webserver as a daemon process
+ fork_to_background()
+ ## write pid file
+ write_pid_file(PID_FILE)
+ try:
+ cbw.start()
+ except Exceptions, errMsg:
+ sys.stderr.write("Failed to start the CryptoBox webserver!\n")
+ sys.stderr.write("%s\n" % str(errMsg))
+ sys.stderr.write("Check the log file for details.\n")
+ sys.exit(1)
+ sys.exit(0)
diff --git a/bin/WebInterfaceSites.py b/bin/WebInterfaceSites.py
index 2ca897e..65fbb55 100755
--- a/bin/WebInterfaceSites.py
+++ b/bin/WebInterfaceSites.py
@@ -37,7 +37,7 @@ class WebInterfaceSites:
def __init__(self):
- import logging
+ import logging,sys
self.cbox = CryptoBox.CryptoBoxProps()
self.log = logging.getLogger("CryptoBox")
self.prefs = self.cbox.prefs
diff --git a/bin/cryptoboxd b/bin/cryptoboxd
deleted file mode 100755
index 95ab559..0000000
--- a/bin/cryptoboxd
+++ /dev/null
@@ -1,39 +0,0 @@
-#!/bin/sh
-
-CBXSERVER=CryptoBoxWebserver.py
-
-if test -e "./$CBXSERVER"
- then CBXPATH=$(pwd)
- else CBXPATH=/usr/lib/cryptobox
- fi
-
-
-
-set -e
-
-case "$1" in
- start)
- echo -n "Starting $DESC: "
- start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS
- echo "$NAME."
- ;;
-
- stop)
- echo -n "Stopping $DESC: "
- # does the pid file exist?
- test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1
- # kill all process with the parent pid that we saved before
- pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE"
- echo "$NAME."
- ;;
- restart )
- "$0" stop
- "$0" start
- ;;
- *)
- echo "Usage: $(basename $0) {start|stop|restart}" >&2
- exit 1
- ;;
-esac
-
-exit 0
diff --git a/bin/uml-setup.sh b/bin/uml-setup.sh
index 8826f3d..eb8c14e 100755
--- a/bin/uml-setup.sh
+++ b/bin/uml-setup.sh
@@ -1,10 +1,17 @@
#!/bin/sh
-ROOT_IMG=/home/lars/devel-stuff/devel-chroots/cryptobox.img
+ROOT_IMG=$(dirname $0)/cryptobox.img
TEST_IMG=test.img
-TEST_SIZE=256
+TEST_SIZE=128
MEM_SIZE=128M
+if test ! -e "$ROOT_IMG"
+ then echo "Could not find the cryptobox system image ($ROOT_IMG)"
+ echo " see stuff/uml-howto.txt for information on how to build a system image"
+ echo " store (or link) the result as '$ROOT_IMG'"
+ exit 1
+ fi
+
# Preparations:
# echo "tun" >>/etc/modules
# follow the instructions in /usr/share/doc/uml-utilities/README.Debian
diff --git a/conf-examples/apache_proxypass.conf b/conf-examples/apache_proxypass.conf
new file mode 100644
index 0000000..49d8a4e
--- /dev/null
+++ b/conf-examples/apache_proxypass.conf
@@ -0,0 +1,17 @@
+# CryptoBox configuration file
+#
+# the following directives allow you to use the cryptobox web interface behind apache
+#
+# you need to enable the following modules:
+# - proxy
+# - headers
+# (for debian: run "a2enmod MOD_NAME")
+#
+# IMPORTANT: for now it does not work! Any comments are appreciated ...
+#
+
+
+ ProxyPass http://localhost:8080
+ ProxyPassReverse http://localhost:8080
+ RequestHeader set CBOX-Location /cbox
+
diff --git a/conf-examples/cryptobox.conf-dist b/conf-examples/cryptobox.conf-dist
new file mode 100644
index 0000000..a4bda5c
--- /dev/null
+++ b/conf-examples/cryptobox.conf-dist
@@ -0,0 +1,83 @@
+[Main]
+
+# comma separated list of possible prefixes for accesible devices
+# beware: .e.g "/dev/hd" grants access to _all_ harddisks
+AllowedDevices = /dev/loop, /dev/ubdb
+
+# use separate config partition? (1=yes / 0=no)
+UseConfigPartition = 1
+
+# the default name prefix of not unnamed containers
+DefaultVolumePrefix = "Disk "
+
+# which cipher should cryptsetup-luks use?
+#TODO: uml does not support this module - DefaultCipher = aes-cbc-essiv:sha256
+DefaultCipher = aes-plain
+
+# label of the configuration partition (you should never change this)
+ConfigVolumeLabel = cbox_config
+
+# which plugins should be disabled? (comma seperated list)
+#DisabledPlugins = network, shutdown, partition
+
+
+[Locations]
+# where should we mount volumes?
+# this directory must be writeable by the cryptobox user (see above)
+MountParentDir = /var/cache/cryptobox/mnt
+
+# settings directory: contains name database and plugin configuration
+SettingsDir = /var/cache/cryptobox/settings
+
+# where are the clearsilver templates?
+TemplateDir = /usr/share/cryptobox/templates
+
+# path to language files
+LangDir = /usr/share/cryptobox/lang
+
+# path to documentation files
+DocDir = /usr/share/doc/cryptobox/html
+
+# path to the plugin directory
+PluginDir = /usr/share/cryptobox/plugins
+
+# path to the hook directory (e.g. containing some scripts)
+HookDir = /etc/cryptobox/events.d
+
+
+[Log]
+# possible values are "debug", "info", "warn" and "error" or numbers from
+# 0 (debug) to 7 (error)
+Level = debug
+
+# where to write the log messages to?
+# possible values are: file
+# syslog support will be added later
+Destination = file
+
+# depending on the choosen destination (see above) you may select
+# details. Possible values for the different destinations are:
+# file: $FILENAME
+# syslog: $LOG_FACILITY
+Details = /var/log/cryptobox.log
+
+
+[WebSettings]
+# URL of default stylesheet
+Stylesheet = /cryptobox-misc/cryptobox.css
+
+# default language
+Language = de
+
+
+[Programs]
+cryptsetup = /sbin/cryptsetup
+mkfs-data = /sbin/mkfs.ext3
+blkid = /sbin/blkid
+blockdev = /sbin/blockdev
+mount = /bin/mount
+umount = /bin/umount
+super = /usr/bin/super
+# this is the "program" name as defined in /etc/super.tab
+CryptoBoxRootActions = CryptoBoxRootActions
+
diff --git a/conf-examples/cryptoboxwebserver.conf-dist b/conf-examples/cryptoboxwebserver.conf-dist
new file mode 100644
index 0000000..b7f22dc
--- /dev/null
+++ b/conf-examples/cryptoboxwebserver.conf-dist
@@ -0,0 +1,17 @@
+[global]
+server.socketPort = 8080
+#server.environment = "production"
+server.environment = "development"
+server.logToScreen = False
+server.log_tracebacks = True
+server.threadPool = 1
+server.reverseDNS = False
+server.logFile = "/var/log/cryptoboxwebserver.log"
+
+[/favicon.ico]
+static_filter.on = True
+# TODO: use live-cd/live-cd-tree.d/var/www/favicon.ico
+static_filter.file = "/usr/share/doc/python-cherrypy/cherrypy/favicon.ico"
+
+[/test_stream]
+stream_response = True
diff --git a/bin/example-super.tab b/conf-examples/super.tab-example
similarity index 100%
rename from bin/example-super.tab
rename to conf-examples/super.tab-example
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..7ed6ff8
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+5
diff --git a/debian/control b/debian/control
index c021e52..52839b2 100644
--- a/debian/control
+++ b/debian/control
@@ -2,13 +2,14 @@ Source: cryptobox
Section: admin
Priority: extra
Maintainer: Lars Kruse
-Build-Depends: debhelper (>>3.0.0), dpatch
-Standards-Version: 3.6.2
+Build-Depends: debhelper (>= 5.0.37.2), dpatch, python-all-dev (>= 2.4)
+Standards-Version: 3.7.2
Package: cryptobox
Architecture: any
-Depends: bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), httpd-cgi, hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver, super, dosfstools, python-cherrypy, python-confobj
+Depends: ${python:Depends}, bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver, super, dosfstools, python-cherrypy, python-configobj
Suggests: samba, stunnel, openssl
+XB-Python-Version: 2.4
Description: Web interface for an encrypting fileserver
This web interface allows you to manage the encrypted and plaintext
disks of your system. The data is platform independently available
diff --git a/debian/cryptobox.default b/debian/cryptobox.default
index fffb4ca..6c5f111 100644
--- a/debian/cryptobox.default
+++ b/debian/cryptobox.default
@@ -4,8 +4,8 @@
#
# the default setup of the cryptobox is complete inactivity
-# set to "1" to turn off the cryptobox - otherwise "0"
+# set to "0" to enable the startup of the cryptobox - otherwise "1"
NO_START=1
# the use that should execute the cryptobox
-RUNAS=lars
+RUNAS=cryptobox
diff --git a/debian/cryptobox.init b/debian/cryptobox.init
old mode 100755
new mode 100644
index ef64166..480775d
--- a/debian/cryptobox.init
+++ b/debian/cryptobox.init
@@ -7,6 +7,16 @@
# see LICENSE file in this package for details
#
+### BEGIN INIT INFO
+# Provides: cryptobox
+# Required-Start: $network $local_fs $remote_fs
+# Required-Stop: $network $local_fs $remote_fs
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: start CryptoBox webserver
+### END INIT INFO
+
+
# read the default setting file, if it exists
[ -e /etc/default/cryptobox ] && source /etc/default/cryptobox
@@ -18,7 +28,7 @@ if [ "$NO_START" = "1" ]
then [ $# -eq 0 ] && exit 0
[ "$1" = "status" ] && exit 1
[ "$1" = "stop" ] && exit 0
- echo "CryptoBox is disabled by default"
+ echo "CryptoBox is disabled by default (check /etc/default/cryptobox)"
exit 0
fi
@@ -29,39 +39,58 @@ if test -e "./$CBXSERVER"
else CBXPATH=/usr/lib/cryptobox
fi
-PIDFILE=/var/run/cryptobox.pid
+PIDFILE=/var/run/cryptobox/webserver.pid
DAEMON=/usr/bin/python2.4
DAEMON_OPTS=$CBXPATH/$CBXSERVER
NAME=cryptoboxd
DESC="CryptoBox Daemon (webinterface)"
+# check if the package is installed
test -e "$CBXPATH/$CBXSERVER" || exit 0
+# include some useful functions to unify our output format
+. /lib/lsb/init-functions
+
case "$1" in
start )
# TODO: mount config dir
# TODO: create certificate
# TODO: run stunnel
# the lines above should go into the live-cd scripts
- echo -n "Starting $DESC: "
- start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS
- echo "$NAME."
+ test -e "$PIDFILE" && log_warning_msg "CryptoBox seems to running already (pid file exists) - we will try to start it anyway ..."
+ log_daemon_msg "Starting cryptobox webserver" "$DESC"
+ if start-stop-daemon \
+ --chdir "$CBXPATH" --chuid "$RUNAS" --quiet --start \
+ -oknodo --user "$RUNAS" --pidfile "$PIDFILE" \
+ --exec "$DAEMON" -- $DAEMON_OPTS
+ then log_end_msg 0
+ else log_end_msg 1
+ exit 1
+ fi
;;
stop )
- echo -n "Stopping $DESC: "
- # does the pid file exist?
- test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1
- # kill all process with the parent pid that we saved before
- pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE"
- echo "$NAME."
+ if test ! -e "$PIDFILE"
+ then log_warning_msg "CryptoBox is not running (no pid file found)"
+ exit 0
+ fi
+ log_daemon_msg "Stopping cryptobox webserver" "$DESC"
+ if start-stop-daemon --quiet --stop --pidfile "$PIDFILE"
+ then rm "$PIDFILE"
+ log_end_msg 0
+ else log_end_msg 1
+ exit 1
+ fi
;;
- force-reload | restart )
+ reload | force-reload | restart )
"$0" stop
+ sleep 1
"$0" start
;;
* )
- echo "invalid action specified - try { start | stop | restart }" >&2
+ echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
+exit 0
+
diff --git a/debian/dirs b/debian/dirs
index c1e5540..c93de15 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -1,6 +1,6 @@
etc/cryptobox
+etc/cryptobox/events.d
etc/default
etc/init.d
usr/lib/cryptobox
usr/share/cryptobox
-var/cache/cryptobox
diff --git a/debian/postinst b/debian/postinst
old mode 100755
new mode 100644
index 3f27756..9ed87bf
--- a/debian/postinst
+++ b/debian/postinst
@@ -1,25 +1,71 @@
#!/bin/sh
LOG_FILE=/var/log/cryptobox.log
+WEBLOG_FILE=/var/log/cryptoboxwebserver.log
+PID_DIR=/var/run/cryptobox
CRYPTOBOX_USER=cryptobox
+USER_HOME=/var/cache/cryptobox
+SUPER_FILE=/etc/super.tab
-# create mount and config directories with appropriate permissions
-test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
-if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null
- then # do nothing - the user already exists
- true
- else # create cryptobox user
+create_user_home()
+{
+ # if the user already exists -> do nothing
+ getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null && return 0
+ # create cryptobox user
echo "Creating new user '$CRYPTOBOX_USER' ..."
- USER_HOME=/var/cache/cryptobox
- adduser --system --group --home "$USER_HOME" cryptobox
- mkdir "$USER_HOME/mnt"
+ adduser --system --group --groups disk --home "$USER_HOME" cryptobox
+ mkdir -p "$USER_HOME/mnt"
+ mkdir -p "$USER_HOME/settings"
chown -R ${CRYPTOBOX_USER}: "$USER_HOME"
# only members of the cryptobox group may access the user directory
chmod 750 "$USER_HOME"
- fi
+}
+
+create_log_file()
+{
+ # create config directories with appropriate permissions
+ test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE"
+ test ! -e "$WEBLOG_FILE" && mkdir -p "$(dirname $WEBLOG_FILE)" && touch "$WEBLOG_FILE" && chown "$CRYPTOBOX_USER" "$WEBLOG_FILE"
+}
+
+create_add_super_permission()
+{
+ ## this will add some lines to the configuration file of 'super'
+ ## do nothing, if there is already a CryptoBox line
+ grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" && return 0
+ echo >>"$SUPER_FILE" "## CRYPTOBOX_MARKER - please do not remove!"
+ echo >>"$SUPER_FILE" "CryptoBoxRootActions /usr/lib/cryptobox/CryptoBoxRootActions.py $CRYPTOBOX_USER"
+}
+
+create_pid_dir()
+{
+ test ! -e "$PID_DIR" && mkdir -p "$PID_DIR" && chown "$CRYPTOBOX_USER" "$PID_DIR"
+}
+
+
+#################### main ######################
+
+case "$1" in
+ configure)
+ create_user_home
+ create_log_file
+ create_pid_dir
+ create_add_super_permission
+ # continue at the end
+ ;;
+ abort-upgrade|abort-remove|abort-deconfigure)
+ # nothing to be done
+ exit 0
+ ;;
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 0
+ ;;
+ esac
+
#DEBHELPER#
-true
+exit 0
diff --git a/debian/postrm b/debian/postrm
old mode 100755
new mode 100644
index b6933ef..1fffed4
--- a/debian/postrm
+++ b/debian/postrm
@@ -1,11 +1,44 @@
#!/bin/sh
+LOG_FILE=/var/log/cryptobox.log
+WEBLOG_FILE=/var/log/cryptoboxwebserver.log
+PID_DIR=/var/run/cryptobox
+SUPER_FILE=/etc/super.tab
+
+remove_super_lines()
+{
+ ## do nothing, if there is no CryptoBox line
+ grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" || return 0
+ sed -i /CRYPTOBOX_MARKER/d "$SUPER_FILE"
+ sed -i /CryptoBoxRootActions/d "$SUPER_FILE"
+}
+
+
+remove_log_files()
+{
+ test -e "$LOG_FILE" && rm "$LOG_FILE"
+ test -e "$LOG_FILE" && rm "$WEBLOG_FILE"
+}
+
+
+remove_pid_dir()
+{
+ test -e "$PID_DIR" && rm -r "$PID_DIR"
+}
+
+################## main ###################
+
if test "$1" = "purge" && getent passwd cryptobox 2>/dev/null >/dev/null \
&& test "$(cd ~cryptobox;pwd)" = /var/cache/cryptobox
then echo "Removing user 'cryptobox' ..."
userdel -r cryptobox
+ remove_log_files
+ remove_pid_dir
fi
+## always remove the lines from the 'super' configuration file
+remove_super_lines
+
#DEBHELPER#
# return without error
diff --git a/debian/pycompat b/debian/pycompat
new file mode 100644
index 0000000..0cfbf08
--- /dev/null
+++ b/debian/pycompat
@@ -0,0 +1 @@
+2
diff --git a/debian/rules b/debian/rules
index 1e8334a..200faa9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,9 +9,6 @@
# Uncomment this to turn on verbose mode.
#export DH_VERBOSE=1
-# This is the debhelper compatibility version to use.
-export DH_COMPAT=4
-
# necessary for dpatch
.NOTPARALLEL:
@@ -55,7 +52,8 @@ install: build
dh_clean -k
dh_installdirs
$(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr
- install -c -m 644 bin/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/
+ install -c -m 644 conf-examples/cryptobox.conf-dist $(DEB_BUILD_DIR)/etc/cryptobox/cryptobox.conf
+ install -c -m 644 conf-examples/cryptoboxwebserver.conf-dist $(DEB_BUILD_DIR)/etc/cryptobox/cryptoboxwebserver.conf
# Build architecture-independent files here.
@@ -68,19 +66,13 @@ binary-arch: build install
dh_installchangelogs
dh_installdocs
dh_installexamples
-# dh_install
-# dh_installmenu
-# dh_installdebconf
-# dh_installlogrotate
+ dh_installlogrotate
dh_installinit
-# dh_installcron
dh_installman
dh_link
dh_strip
dh_compress
dh_fixperms
- dh_python
-# dh_makeshlibs
dh_installdeb
dh_shlibdeps
dh_gencontrol
diff --git a/hook-scripts/README b/hook-scripts/README
index b10fcb7..65fab4e 100644
--- a/hook-scripts/README
+++ b/hook-scripts/README
@@ -1,11 +1,11 @@
-Hook scripts for CryptoBox events
+Event scripts for CryptoBox events
If you want to execute specific actions according to changes of the cryptobox,
then you can just add your own scripts to this directory.
For every supported event of the CryptoBox, all scripts are called with root user
permissions.
-The common synopsis for all hook scripts is:
+The common synopsis for all event scripts is:
SCRIPTNAME EVENT [[EVENT_INFOS]...]
Supported events:
@@ -18,7 +18,7 @@ Supported events:
- mount_dir: mountpoint of the volume
-Every hook script has to fulfill the following conditions:
+Every event script has to fulfill the following conditions:
- be executable (for the cryptobox user and for root)
- be writeable for root only
- its parent directories must be writeable for root only
diff --git a/plugins/partition/partition.py b/plugins/partition/partition.py
index c6acf8c..e285fd1 100644
--- a/plugins/partition/partition.py
+++ b/plugins/partition/partition.py
@@ -340,7 +340,6 @@ class partition(CryptoBoxPlugin.CryptoBoxPlugin):
def __formatPartitions(self, paramParts):
- import threading
parts = paramParts[:]
part_num = 1
## maybe a config partition?
diff --git a/known_problems b/stuff/known_problems
similarity index 100%
rename from known_problems
rename to stuff/known_problems
diff --git a/stuff/uml-howto.txt b/stuff/uml-howto.txt
new file mode 100644
index 0000000..908b499
--- /dev/null
+++ b/stuff/uml-howto.txt
@@ -0,0 +1,5 @@
+debootstrap etch _builddir
+chroot _builddir
+ sed -i "/respawn:\/sbin\/getty/d" /etc/inittab
+ echo "0:1235:respawn:/sbin/getty 38400 console linux" >>/etc/inittab
+