From a66e5d3512ee2c2b7b51867831053c2fa61b32eb Mon Sep 17 00:00:00 2001 From: lars Date: Wed, 22 Nov 2006 15:21:21 +0000 Subject: [PATCH] packaging improved simplified use of uml-start script --- Makefile | 24 +++++- bin/CryptoBoxPlugin.py | 2 +- bin/CryptoBoxTools.py | 4 +- bin/CryptoBoxWebserver.py | 84 +++++++++++++++++-- bin/WebInterfaceSites.py | 2 +- bin/cryptoboxd | 39 --------- bin/uml-setup.sh | 11 ++- conf-examples/apache_proxypass.conf | 17 ++++ conf-examples/cryptobox.conf-dist | 83 ++++++++++++++++++ conf-examples/cryptoboxwebserver.conf-dist | 17 ++++ .../super.tab-example | 0 debian/compat | 1 + debian/control | 7 +- debian/cryptobox.default | 4 +- debian/cryptobox.init | 55 +++++++++--- debian/dirs | 2 +- debian/postinst | 68 ++++++++++++--- debian/postrm | 33 ++++++++ debian/pycompat | 1 + debian/rules | 14 +--- hook-scripts/README | 6 +- plugins/partition/partition.py | 1 - known_problems => stuff/known_problems | 0 stuff/uml-howto.txt | 5 ++ 24 files changed, 380 insertions(+), 100 deletions(-) delete mode 100755 bin/cryptoboxd create mode 100644 conf-examples/apache_proxypass.conf create mode 100644 conf-examples/cryptobox.conf-dist create mode 100644 conf-examples/cryptoboxwebserver.conf-dist rename bin/example-super.tab => conf-examples/super.tab-example (100%) create mode 100644 debian/compat mode change 100755 => 100644 debian/cryptobox.init mode change 100755 => 100644 debian/postinst mode change 100755 => 100644 debian/postrm create mode 100644 debian/pycompat rename known_problems => stuff/known_problems (100%) create mode 100644 stuff/uml-howto.txt diff --git a/Makefile b/Makefile index ee95511..85045f6 100644 --- a/Makefile +++ b/Makefile @@ -29,22 +29,38 @@ build: install: $(BUILD_DIR)-stamp + ## programs $(INSTALL) -d -m 755 $(LIB_DIR) $(INSTALL) -c -m 755 bin/*.py $(LIB_DIR)/ + $(INSTALL) -c -m 755 bin/*.sh $(LIB_DIR)/ + ## language files $(INSTALL) -d -m 755 $(SHARE_DIR)/lang $(INSTALL) -c -m 644 lang/* $(SHARE_DIR)/lang/ + ## template files $(INSTALL) -d -m 755 $(SHARE_DIR)/templates $(INSTALL) -c -m 644 templates/*.cs $(SHARE_DIR)/templates + ## html data $(INSTALL) -d -m 755 $(SHARE_DIR)/html $(INSTALL) -c -m 644 www-data/*.css $(SHARE_DIR)/html/ $(INSTALL) -c -m 644 www-data/*.png $(SHARE_DIR)/html/ $(INSTALL) -c -m 644 www-data/*.gif $(SHARE_DIR)/html/ + ## screenshots $(INSTALL) -d -m 755 $(SHARE_DIR)/html/screenshots $(INSTALL) -c -m 644 www-data/screenshots/*.png $(SHARE_DIR)/html/screenshots/ - $(INSTALL) -d -m 755 $(DOC_DIR)/html/en - $(INSTALL) -d -m 755 $(DOC_DIR)/html/de - $(INSTALL) -c -m 644 doc/html/en/* $(DOC_DIR)/html/en/ - $(INSTALL) -c -m 644 doc/html/de/* $(DOC_DIR)/html/de/ + ## documentation files (html) + ls doc/html | while read lang ;\ + do test -d "doc/html/$$lang" && \ + $(INSTALL) -d -m 755 "$(DOC_DIR)/html/$$lang" && \ + $(INSTALL) -c -m 644 "doc/html/$$lang"/* "$(DOC_DIR)/html/$$lang/" ;\ + done; true + ## configuration examples + $(INSTALL) -d -m 755 $(DOC_DIR)/conf-examples + $(INSTALL) -c -m 644 conf-examples/* $(DOC_DIR)/conf-examples/ + ## plugins + $(INSTALL) -d -m 755 $(SHARE_DIR)/plugins + for e in plugins/*; do cp -r "$$e" "$(SHARE_DIR)/plugins"; done + ## event scripts + $(INSTALL) -c -m 644 hook-scripts/README $(DOC_DIR)/README.events clean: diff --git a/bin/CryptoBoxPlugin.py b/bin/CryptoBoxPlugin.py index 324252c..a900b82 100644 --- a/bin/CryptoBoxPlugin.py +++ b/bin/CryptoBoxPlugin.py @@ -146,7 +146,7 @@ class CryptoBoxPlugin: if self.cbox.prefs.pluginConf[self.getName()]["rank"] is None: return self.rank return int(self.cbox.prefs.pluginConf[self.getName()]["rank"]) - except KeyError, TypeError: + except (KeyError, TypeError): return self.rank diff --git a/bin/CryptoBoxTools.py b/bin/CryptoBoxTools.py index 25ffa03..0a5e896 100644 --- a/bin/CryptoBoxTools.py +++ b/bin/CryptoBoxTools.py @@ -141,7 +141,7 @@ def isPartOfBlockDevice(parent, subdevice): if (str(par_major), str(par_minor)) == tuple([e for e in file(blpath)][0].strip().split(":",1)): parent_path = os.path.join(root, bldev) break - except IndexError, OSError: + except (IndexError, OSError): pass else: ## no block device with this major/minor combination found below '/sys/block' @@ -153,7 +153,7 @@ def isPartOfBlockDevice(parent, subdevice): if (str(sub_major), str(sub_minor)) == tuple([e for e in file(subblpath)][0].strip().split(":",1)): ## the name of the subdevice node is not important - we found it! return True - except IndexError, OSError: + except (IndexError, OSError): pass return False diff --git a/bin/CryptoBoxWebserver.py b/bin/CryptoBoxWebserver.py index 722438b..0cc8aa2 100755 --- a/bin/CryptoBoxWebserver.py +++ b/bin/CryptoBoxWebserver.py @@ -1,6 +1,7 @@ #!/usr/bin/python2.4 import os import WebInterfaceSites +from CryptoBoxExceptions import * import sys try: @@ -9,11 +10,21 @@ except: print "Could not import the cherrypy module! Try 'apt-get install python-cherrypy'." sys.exit(1) + + +## TODO: it should be possible to override this via commandline arguments +PID_FILE = '/var/run/cryptobox/webserver.pid' + class CryptoBoxWebserver: '''this class starts the cherryp webserver and serves the single sites''' def __init__(self): - cherrypy.root = WebInterfaceSites.WebInterfaceSites() + try: + cherrypy.root = WebInterfaceSites.WebInterfaceSites() + except (CBConfigError,CBEnvironmentError), errMsg: + sys.stderr.write("The CryptoBox is misconfigured - please fix it!\n") + sys.stderr.write("%s\n" % str(errMsg)) + sys.exit(1) #expose static content: #I currently have no idea how to cleanly extract the stylesheet path from #the config object without an extra CryptoBox.CryptoBoxProps instance. @@ -24,15 +35,76 @@ class CryptoBoxWebserver: cherrypy.config.configMap.update({ "/cryptobox-misc": { "staticFilter.on" : True, - "staticFilter.dir": os.path.abspath("../www-data" )} + "staticFilter.dir": os.path.abspath("/usr/share/cryptobox/html" )} }) def start(self): # just use this config, when we're started directly - cherrypy.config.update(file = "cryptoboxwebserver.conf") + cherrypy.config.update(file = "/etc/cryptobox/cryptoboxwebserver.conf") cherrypy.server.start() -if __name__ == "__main__": - cbw = CryptoBoxWebserver() - cbw.start() + +def fork_to_background(): + ## this is just copy'n'pasted from http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/278731 + ## check the original for exhaustive comments + try: + pid = os.fork() + except OSError, errMsg: + sys.stderr.write("Failed to fork cryptobox daemon process!\n") + sys.stderr.write("%s\n" % errMsg) + sys.exit(1) + if pid == 0: # the first child + os.setsid() + try: + pid = os.fork() + except OSError, errMsg: + sys.stderr.write("Failed to fork second cryptobox daemon process!\n") + sys.stderr.write("%s\n" % errMsg) + sys.exit(1) + if pid == 0: # the second child + os.chdir(os.path.sep) + os.umask(0) + else: + os._exit(0) + else: + os._exit(0) + import resource # Resource usage information. + maxfd = resource.getrlimit(resource.RLIMIT_NOFILE)[1] + if (maxfd == resource.RLIM_INFINITY): + maxfd = 1024 + for fd in range(0, maxfd): + try: + os.close(fd) + except OSError: # ERROR, fd wasn't open to begin with (ignored) + pass + os.open(os.devnull, os.O_RDWR) # standard input (0) + os.dup2(0, 1) # standard output (1) + os.dup2(0, 2) # standard error (2) + + +def write_pid_file(pid_file): + try: + pidf = open(pid_file,"w") + pidf.write(str(os.getpid())) + pidf.close() + except (IOError, OSError), errMsg: + sys.stderr.write("Failed to write pid file (%s): %s\n" % (pid_file, errMsg)) + ## it is just a warning - no need to break + + +if __name__ == "__main__": + ## TODO: add some argument checking: configFile, daemonMode, ... + cbw = CryptoBoxWebserver() + ## run the webserver as a daemon process + fork_to_background() + ## write pid file + write_pid_file(PID_FILE) + try: + cbw.start() + except Exceptions, errMsg: + sys.stderr.write("Failed to start the CryptoBox webserver!\n") + sys.stderr.write("%s\n" % str(errMsg)) + sys.stderr.write("Check the log file for details.\n") + sys.exit(1) + sys.exit(0) diff --git a/bin/WebInterfaceSites.py b/bin/WebInterfaceSites.py index 2ca897e..65fbb55 100755 --- a/bin/WebInterfaceSites.py +++ b/bin/WebInterfaceSites.py @@ -37,7 +37,7 @@ class WebInterfaceSites: def __init__(self): - import logging + import logging,sys self.cbox = CryptoBox.CryptoBoxProps() self.log = logging.getLogger("CryptoBox") self.prefs = self.cbox.prefs diff --git a/bin/cryptoboxd b/bin/cryptoboxd deleted file mode 100755 index 95ab559..0000000 --- a/bin/cryptoboxd +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/sh - -CBXSERVER=CryptoBoxWebserver.py - -if test -e "./$CBXSERVER" - then CBXPATH=$(pwd) - else CBXPATH=/usr/lib/cryptobox - fi - - - -set -e - -case "$1" in - start) - echo -n "Starting $DESC: " - start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS - echo "$NAME." - ;; - - stop) - echo -n "Stopping $DESC: " - # does the pid file exist? - test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1 - # kill all process with the parent pid that we saved before - pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE" - echo "$NAME." - ;; - restart ) - "$0" stop - "$0" start - ;; - *) - echo "Usage: $(basename $0) {start|stop|restart}" >&2 - exit 1 - ;; -esac - -exit 0 diff --git a/bin/uml-setup.sh b/bin/uml-setup.sh index 8826f3d..eb8c14e 100755 --- a/bin/uml-setup.sh +++ b/bin/uml-setup.sh @@ -1,10 +1,17 @@ #!/bin/sh -ROOT_IMG=/home/lars/devel-stuff/devel-chroots/cryptobox.img +ROOT_IMG=$(dirname $0)/cryptobox.img TEST_IMG=test.img -TEST_SIZE=256 +TEST_SIZE=128 MEM_SIZE=128M +if test ! -e "$ROOT_IMG" + then echo "Could not find the cryptobox system image ($ROOT_IMG)" + echo " see stuff/uml-howto.txt for information on how to build a system image" + echo " store (or link) the result as '$ROOT_IMG'" + exit 1 + fi + # Preparations: # echo "tun" >>/etc/modules # follow the instructions in /usr/share/doc/uml-utilities/README.Debian diff --git a/conf-examples/apache_proxypass.conf b/conf-examples/apache_proxypass.conf new file mode 100644 index 0000000..49d8a4e --- /dev/null +++ b/conf-examples/apache_proxypass.conf @@ -0,0 +1,17 @@ +# CryptoBox configuration file +# +# the following directives allow you to use the cryptobox web interface behind apache +# +# you need to enable the following modules: +# - proxy +# - headers +# (for debian: run "a2enmod MOD_NAME") +# +# IMPORTANT: for now it does not work! Any comments are appreciated ... +# + + + ProxyPass http://localhost:8080 + ProxyPassReverse http://localhost:8080 + RequestHeader set CBOX-Location /cbox + diff --git a/conf-examples/cryptobox.conf-dist b/conf-examples/cryptobox.conf-dist new file mode 100644 index 0000000..a4bda5c --- /dev/null +++ b/conf-examples/cryptobox.conf-dist @@ -0,0 +1,83 @@ +[Main] + +# comma separated list of possible prefixes for accesible devices +# beware: .e.g "/dev/hd" grants access to _all_ harddisks +AllowedDevices = /dev/loop, /dev/ubdb + +# use separate config partition? (1=yes / 0=no) +UseConfigPartition = 1 + +# the default name prefix of not unnamed containers +DefaultVolumePrefix = "Disk " + +# which cipher should cryptsetup-luks use? +#TODO: uml does not support this module - DefaultCipher = aes-cbc-essiv:sha256 +DefaultCipher = aes-plain + +# label of the configuration partition (you should never change this) +ConfigVolumeLabel = cbox_config + +# which plugins should be disabled? (comma seperated list) +#DisabledPlugins = network, shutdown, partition + + +[Locations] +# where should we mount volumes? +# this directory must be writeable by the cryptobox user (see above) +MountParentDir = /var/cache/cryptobox/mnt + +# settings directory: contains name database and plugin configuration +SettingsDir = /var/cache/cryptobox/settings + +# where are the clearsilver templates? +TemplateDir = /usr/share/cryptobox/templates + +# path to language files +LangDir = /usr/share/cryptobox/lang + +# path to documentation files +DocDir = /usr/share/doc/cryptobox/html + +# path to the plugin directory +PluginDir = /usr/share/cryptobox/plugins + +# path to the hook directory (e.g. containing some scripts) +HookDir = /etc/cryptobox/events.d + + +[Log] +# possible values are "debug", "info", "warn" and "error" or numbers from +# 0 (debug) to 7 (error) +Level = debug + +# where to write the log messages to? +# possible values are: file +# syslog support will be added later +Destination = file + +# depending on the choosen destination (see above) you may select +# details. Possible values for the different destinations are: +# file: $FILENAME +# syslog: $LOG_FACILITY +Details = /var/log/cryptobox.log + + +[WebSettings] +# URL of default stylesheet +Stylesheet = /cryptobox-misc/cryptobox.css + +# default language +Language = de + + +[Programs] +cryptsetup = /sbin/cryptsetup +mkfs-data = /sbin/mkfs.ext3 +blkid = /sbin/blkid +blockdev = /sbin/blockdev +mount = /bin/mount +umount = /bin/umount +super = /usr/bin/super +# this is the "program" name as defined in /etc/super.tab +CryptoBoxRootActions = CryptoBoxRootActions + diff --git a/conf-examples/cryptoboxwebserver.conf-dist b/conf-examples/cryptoboxwebserver.conf-dist new file mode 100644 index 0000000..b7f22dc --- /dev/null +++ b/conf-examples/cryptoboxwebserver.conf-dist @@ -0,0 +1,17 @@ +[global] +server.socketPort = 8080 +#server.environment = "production" +server.environment = "development" +server.logToScreen = False +server.log_tracebacks = True +server.threadPool = 1 +server.reverseDNS = False +server.logFile = "/var/log/cryptoboxwebserver.log" + +[/favicon.ico] +static_filter.on = True +# TODO: use live-cd/live-cd-tree.d/var/www/favicon.ico +static_filter.file = "/usr/share/doc/python-cherrypy/cherrypy/favicon.ico" + +[/test_stream] +stream_response = True diff --git a/bin/example-super.tab b/conf-examples/super.tab-example similarity index 100% rename from bin/example-super.tab rename to conf-examples/super.tab-example diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7ed6ff8 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +5 diff --git a/debian/control b/debian/control index c021e52..52839b2 100644 --- a/debian/control +++ b/debian/control @@ -2,13 +2,14 @@ Source: cryptobox Section: admin Priority: extra Maintainer: Lars Kruse -Build-Depends: debhelper (>>3.0.0), dpatch -Standards-Version: 3.6.2 +Build-Depends: debhelper (>= 5.0.37.2), dpatch, python-all-dev (>= 2.4) +Standards-Version: 3.7.2 Package: cryptobox Architecture: any -Depends: bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), httpd-cgi, hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver, super, dosfstools, python-cherrypy, python-confobj +Depends: ${python:Depends}, bash (>=2.0), sed (>=4.0), coreutils, grep (>=2.0), hashalot, cryptsetup (>=20050111), dmsetup, initscripts, e2fsprogs (>= 1.27), adduser, python (>=2.4), python-clearsilver, super, dosfstools, python-cherrypy, python-configobj Suggests: samba, stunnel, openssl +XB-Python-Version: 2.4 Description: Web interface for an encrypting fileserver This web interface allows you to manage the encrypted and plaintext disks of your system. The data is platform independently available diff --git a/debian/cryptobox.default b/debian/cryptobox.default index fffb4ca..6c5f111 100644 --- a/debian/cryptobox.default +++ b/debian/cryptobox.default @@ -4,8 +4,8 @@ # # the default setup of the cryptobox is complete inactivity -# set to "1" to turn off the cryptobox - otherwise "0" +# set to "0" to enable the startup of the cryptobox - otherwise "1" NO_START=1 # the use that should execute the cryptobox -RUNAS=lars +RUNAS=cryptobox diff --git a/debian/cryptobox.init b/debian/cryptobox.init old mode 100755 new mode 100644 index ef64166..480775d --- a/debian/cryptobox.init +++ b/debian/cryptobox.init @@ -7,6 +7,16 @@ # see LICENSE file in this package for details # +### BEGIN INIT INFO +# Provides: cryptobox +# Required-Start: $network $local_fs $remote_fs +# Required-Stop: $network $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: start CryptoBox webserver +### END INIT INFO + + # read the default setting file, if it exists [ -e /etc/default/cryptobox ] && source /etc/default/cryptobox @@ -18,7 +28,7 @@ if [ "$NO_START" = "1" ] then [ $# -eq 0 ] && exit 0 [ "$1" = "status" ] && exit 1 [ "$1" = "stop" ] && exit 0 - echo "CryptoBox is disabled by default" + echo "CryptoBox is disabled by default (check /etc/default/cryptobox)" exit 0 fi @@ -29,39 +39,58 @@ if test -e "./$CBXSERVER" else CBXPATH=/usr/lib/cryptobox fi -PIDFILE=/var/run/cryptobox.pid +PIDFILE=/var/run/cryptobox/webserver.pid DAEMON=/usr/bin/python2.4 DAEMON_OPTS=$CBXPATH/$CBXSERVER NAME=cryptoboxd DESC="CryptoBox Daemon (webinterface)" +# check if the package is installed test -e "$CBXPATH/$CBXSERVER" || exit 0 +# include some useful functions to unify our output format +. /lib/lsb/init-functions + case "$1" in start ) # TODO: mount config dir # TODO: create certificate # TODO: run stunnel # the lines above should go into the live-cd scripts - echo -n "Starting $DESC: " - start-stop-daemon --background --chdir "$CBXPATH" --chuid "$RUNAS" --start --quiet --user "$RUNAS" --make-pidfile --pidfile "$PIDFILE" --exec "$DAEMON" -- $DAEMON_OPTS - echo "$NAME." + test -e "$PIDFILE" && log_warning_msg "CryptoBox seems to running already (pid file exists) - we will try to start it anyway ..." + log_daemon_msg "Starting cryptobox webserver" "$DESC" + if start-stop-daemon \ + --chdir "$CBXPATH" --chuid "$RUNAS" --quiet --start \ + -oknodo --user "$RUNAS" --pidfile "$PIDFILE" \ + --exec "$DAEMON" -- $DAEMON_OPTS + then log_end_msg 0 + else log_end_msg 1 + exit 1 + fi ;; stop ) - echo -n "Stopping $DESC: " - # does the pid file exist? - test ! -e "$PIDFILE" && echo "pid file ($PIDFILE) not found!" && exit 1 - # kill all process with the parent pid that we saved before - pkill -f -P "$(cat $PIDFILE)" -u "$RUNAS" && rm "$PIDFILE" - echo "$NAME." + if test ! -e "$PIDFILE" + then log_warning_msg "CryptoBox is not running (no pid file found)" + exit 0 + fi + log_daemon_msg "Stopping cryptobox webserver" "$DESC" + if start-stop-daemon --quiet --stop --pidfile "$PIDFILE" + then rm "$PIDFILE" + log_end_msg 0 + else log_end_msg 1 + exit 1 + fi ;; - force-reload | restart ) + reload | force-reload | restart ) "$0" stop + sleep 1 "$0" start ;; * ) - echo "invalid action specified - try { start | stop | restart }" >&2 + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 exit 1 ;; esac +exit 0 + diff --git a/debian/dirs b/debian/dirs index c1e5540..c93de15 100644 --- a/debian/dirs +++ b/debian/dirs @@ -1,6 +1,6 @@ etc/cryptobox +etc/cryptobox/events.d etc/default etc/init.d usr/lib/cryptobox usr/share/cryptobox -var/cache/cryptobox diff --git a/debian/postinst b/debian/postinst old mode 100755 new mode 100644 index 3f27756..9ed87bf --- a/debian/postinst +++ b/debian/postinst @@ -1,25 +1,71 @@ #!/bin/sh LOG_FILE=/var/log/cryptobox.log +WEBLOG_FILE=/var/log/cryptoboxwebserver.log +PID_DIR=/var/run/cryptobox CRYPTOBOX_USER=cryptobox +USER_HOME=/var/cache/cryptobox +SUPER_FILE=/etc/super.tab -# create mount and config directories with appropriate permissions -test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" -if getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null - then # do nothing - the user already exists - true - else # create cryptobox user +create_user_home() +{ + # if the user already exists -> do nothing + getent passwd "$CRYPTOBOX_USER" 2>/dev/null >/dev/null && return 0 + # create cryptobox user echo "Creating new user '$CRYPTOBOX_USER' ..." - USER_HOME=/var/cache/cryptobox - adduser --system --group --home "$USER_HOME" cryptobox - mkdir "$USER_HOME/mnt" + adduser --system --group --groups disk --home "$USER_HOME" cryptobox + mkdir -p "$USER_HOME/mnt" + mkdir -p "$USER_HOME/settings" chown -R ${CRYPTOBOX_USER}: "$USER_HOME" # only members of the cryptobox group may access the user directory chmod 750 "$USER_HOME" - fi +} + +create_log_file() +{ + # create config directories with appropriate permissions + test ! -e "$LOG_FILE" && mkdir -p "$(dirname $LOG_FILE)" && touch "$LOG_FILE" && chown "$CRYPTOBOX_USER" "$LOG_FILE" + test ! -e "$WEBLOG_FILE" && mkdir -p "$(dirname $WEBLOG_FILE)" && touch "$WEBLOG_FILE" && chown "$CRYPTOBOX_USER" "$WEBLOG_FILE" +} + +create_add_super_permission() +{ + ## this will add some lines to the configuration file of 'super' + ## do nothing, if there is already a CryptoBox line + grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" && return 0 + echo >>"$SUPER_FILE" "## CRYPTOBOX_MARKER - please do not remove!" + echo >>"$SUPER_FILE" "CryptoBoxRootActions /usr/lib/cryptobox/CryptoBoxRootActions.py $CRYPTOBOX_USER" +} + +create_pid_dir() +{ + test ! -e "$PID_DIR" && mkdir -p "$PID_DIR" && chown "$CRYPTOBOX_USER" "$PID_DIR" +} + + +#################### main ###################### + +case "$1" in + configure) + create_user_home + create_log_file + create_pid_dir + create_add_super_permission + # continue at the end + ;; + abort-upgrade|abort-remove|abort-deconfigure) + # nothing to be done + exit 0 + ;; + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; + esac + #DEBHELPER# -true +exit 0 diff --git a/debian/postrm b/debian/postrm old mode 100755 new mode 100644 index b6933ef..1fffed4 --- a/debian/postrm +++ b/debian/postrm @@ -1,11 +1,44 @@ #!/bin/sh +LOG_FILE=/var/log/cryptobox.log +WEBLOG_FILE=/var/log/cryptoboxwebserver.log +PID_DIR=/var/run/cryptobox +SUPER_FILE=/etc/super.tab + +remove_super_lines() +{ + ## do nothing, if there is no CryptoBox line + grep -q "CRYPTOBOX_MARKER" "$SUPER_FILE" || return 0 + sed -i /CRYPTOBOX_MARKER/d "$SUPER_FILE" + sed -i /CryptoBoxRootActions/d "$SUPER_FILE" +} + + +remove_log_files() +{ + test -e "$LOG_FILE" && rm "$LOG_FILE" + test -e "$LOG_FILE" && rm "$WEBLOG_FILE" +} + + +remove_pid_dir() +{ + test -e "$PID_DIR" && rm -r "$PID_DIR" +} + +################## main ################### + if test "$1" = "purge" && getent passwd cryptobox 2>/dev/null >/dev/null \ && test "$(cd ~cryptobox;pwd)" = /var/cache/cryptobox then echo "Removing user 'cryptobox' ..." userdel -r cryptobox + remove_log_files + remove_pid_dir fi +## always remove the lines from the 'super' configuration file +remove_super_lines + #DEBHELPER# # return without error diff --git a/debian/pycompat b/debian/pycompat new file mode 100644 index 0000000..0cfbf08 --- /dev/null +++ b/debian/pycompat @@ -0,0 +1 @@ +2 diff --git a/debian/rules b/debian/rules index 1e8334a..200faa9 100755 --- a/debian/rules +++ b/debian/rules @@ -9,9 +9,6 @@ # Uncomment this to turn on verbose mode. #export DH_VERBOSE=1 -# This is the debhelper compatibility version to use. -export DH_COMPAT=4 - # necessary for dpatch .NOTPARALLEL: @@ -55,7 +52,8 @@ install: build dh_clean -k dh_installdirs $(MAKE) install PREFIX=$(DEB_BUILD_DIR)/usr - install -c -m 644 bin/cryptobox.conf $(DEB_BUILD_DIR)/etc/cryptobox/ + install -c -m 644 conf-examples/cryptobox.conf-dist $(DEB_BUILD_DIR)/etc/cryptobox/cryptobox.conf + install -c -m 644 conf-examples/cryptoboxwebserver.conf-dist $(DEB_BUILD_DIR)/etc/cryptobox/cryptoboxwebserver.conf # Build architecture-independent files here. @@ -68,19 +66,13 @@ binary-arch: build install dh_installchangelogs dh_installdocs dh_installexamples -# dh_install -# dh_installmenu -# dh_installdebconf -# dh_installlogrotate + dh_installlogrotate dh_installinit -# dh_installcron dh_installman dh_link dh_strip dh_compress dh_fixperms - dh_python -# dh_makeshlibs dh_installdeb dh_shlibdeps dh_gencontrol diff --git a/hook-scripts/README b/hook-scripts/README index b10fcb7..65fab4e 100644 --- a/hook-scripts/README +++ b/hook-scripts/README @@ -1,11 +1,11 @@ -Hook scripts for CryptoBox events +Event scripts for CryptoBox events If you want to execute specific actions according to changes of the cryptobox, then you can just add your own scripts to this directory. For every supported event of the CryptoBox, all scripts are called with root user permissions. -The common synopsis for all hook scripts is: +The common synopsis for all event scripts is: SCRIPTNAME EVENT [[EVENT_INFOS]...] Supported events: @@ -18,7 +18,7 @@ Supported events: - mount_dir: mountpoint of the volume -Every hook script has to fulfill the following conditions: +Every event script has to fulfill the following conditions: - be executable (for the cryptobox user and for root) - be writeable for root only - its parent directories must be writeable for root only diff --git a/plugins/partition/partition.py b/plugins/partition/partition.py index c6acf8c..e285fd1 100644 --- a/plugins/partition/partition.py +++ b/plugins/partition/partition.py @@ -340,7 +340,6 @@ class partition(CryptoBoxPlugin.CryptoBoxPlugin): def __formatPartitions(self, paramParts): - import threading parts = paramParts[:] part_num = 1 ## maybe a config partition? diff --git a/known_problems b/stuff/known_problems similarity index 100% rename from known_problems rename to stuff/known_problems diff --git a/stuff/uml-howto.txt b/stuff/uml-howto.txt new file mode 100644 index 0000000..908b499 --- /dev/null +++ b/stuff/uml-howto.txt @@ -0,0 +1,5 @@ +debootstrap etch _builddir +chroot _builddir + sed -i "/respawn:\/sbin\/getty/d" /etc/inittab + echo "0:1235:respawn:/sbin/getty 38400 console linux" >>/etc/inittab +