use the existence of $DEV_FEATURES_SCRIPT" instead of "$DEVELOPMENT_MARKER" - fits better for "harden"
This commit is contained in:
parent
7aaba8761c
commit
b399722dca
|
@ -47,7 +47,7 @@ IMAGEDIR="$BUILDDIR/image-working"
|
||||||
# template directory for cryptobox specific configuration
|
# template directory for cryptobox specific configuration
|
||||||
TEMPLATEDIR="cryptobox.conf.d"
|
TEMPLATEDIR="cryptobox.conf.d"
|
||||||
# the iso image
|
# the iso image
|
||||||
IMAGEFILE="$BUILDDIR/image.iso"
|
IMAGEFILE="$BUILDDIR/cryptobox.iso"
|
||||||
# temporary directory
|
# temporary directory
|
||||||
TMPDIR="/tmp/`basename $0`-$$"
|
TMPDIR="/tmp/`basename $0`-$$"
|
||||||
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
||||||
|
@ -216,11 +216,6 @@ while [ $# -gt 0 ]
|
||||||
else chroot "$IMAGEDIR" "$CHROOTSTART"
|
else chroot "$IMAGEDIR" "$CHROOTSTART"
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
devel )
|
|
||||||
echo "Developer's features are enabled - do NOT use this CD in a production system!"
|
|
||||||
# add the development marker to the working copy
|
|
||||||
echo "BEWARE: this CryptoBox is not usable" > "$IMAGEDIR/DEVELOPMENT_CRYPTOBOX"
|
|
||||||
;;
|
|
||||||
burn )
|
burn )
|
||||||
blanknburn_cdrw
|
blanknburn_cdrw
|
||||||
;;
|
;;
|
||||||
|
@ -228,7 +223,7 @@ while [ $# -gt 0 ]
|
||||||
$0 dfsbuild config harden iso
|
$0 dfsbuild config harden iso
|
||||||
;;
|
;;
|
||||||
help|--help )
|
help|--help )
|
||||||
echo "Syntax: `basename $0` ( dfsbuild | config | iso | release | qemu | revert | chroot | devel | burn | harden | release | help )"
|
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | release | qemu | revert | chroot | burn | upload | diff | merge | help )"
|
||||||
echo " (you may specify more than one action)"
|
echo " (you may specify more than one action)"
|
||||||
echo
|
echo
|
||||||
;;
|
;;
|
||||||
|
|
|
@ -24,7 +24,6 @@ DEV_FEATURES_SCRIPT=/usr/lib/cryptobox/devel-features.sh
|
||||||
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
|
FIREWALL_SCRIPT=/usr/lib/cryptobox/firewall.sh
|
||||||
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
|
MAKE_CERT_SCRIPT=/usr/lib/cryptobox/make_stunnel_cert.sh
|
||||||
LOG_FILE=/var/log/cryptobox.log
|
LOG_FILE=/var/log/cryptobox.log
|
||||||
DEVELOPMENT_MARKER=/DEVELOPMENT_CRYPTOBOX
|
|
||||||
CERT_FILE=/mnt/cb-etc/stunnel.pem
|
CERT_FILE=/mnt/cb-etc/stunnel.pem
|
||||||
OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf
|
OPENSSL_CONF_FILE=/etc/cryptobox/openssl.cnf
|
||||||
|
|
||||||
|
|
|
@ -11,7 +11,7 @@ set -eu
|
||||||
. /etc/cryptobox/cryptobox.conf
|
. /etc/cryptobox/cryptobox.conf
|
||||||
|
|
||||||
# return, if it does not exist
|
# return, if it does not exist
|
||||||
[ ! -e "$DEVELOPMENT_MARKER" ] && exit 0
|
[ ! -e "$DEV_FEATURES_SCRIPT" ] && exit 0
|
||||||
|
|
||||||
echo
|
echo
|
||||||
echo "#---------------------------------------------------------------#"
|
echo "#---------------------------------------------------------------#"
|
||||||
|
|
|
@ -63,7 +63,6 @@ function configure_secure()
|
||||||
dpkg --force-all -P $SECURITY_REMOVE_PACKAGES
|
dpkg --force-all -P $SECURITY_REMOVE_PACKAGES
|
||||||
|
|
||||||
# remove development files
|
# remove development files
|
||||||
rm -f "$DEVELOPMENT_MARKER"
|
|
||||||
rm -f "$DEV_FEATURES_SCRIPT"
|
rm -f "$DEV_FEATURES_SCRIPT"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,10 +2,10 @@
|
||||||
#
|
#
|
||||||
# this script is part of the boot process of a developer's cryptobox
|
# this script is part of the boot process of a developer's cryptobox
|
||||||
#
|
#
|
||||||
# it should really NEVER be executed on a production system
|
# it should really NEVER be found on a release CD
|
||||||
#
|
#
|
||||||
# called by:
|
# called by:
|
||||||
# - /etc/rc2.d/S99cb-devel-features (only if $DEVELPMENT_MARKER exists)
|
# - /etc/rc2.d/S99cb-devel-features
|
||||||
#
|
#
|
||||||
|
|
||||||
set -eu
|
set -eu
|
||||||
|
|
|
@ -22,7 +22,7 @@ use ConfigFile;
|
||||||
my ($pagedata, $pagename);
|
my ($pagedata, $pagename);
|
||||||
|
|
||||||
my ($LANGUAGE_DIR, $LANGUAGE, $TEMPLATE_DIR, $DOC_DIR);
|
my ($LANGUAGE_DIR, $LANGUAGE, $TEMPLATE_DIR, $DOC_DIR);
|
||||||
my ($CB_SCRIPT, $LOG_FILE, $DEVELOPMENT_MARKER);
|
my ($CB_SCRIPT, $LOG_FILE, $IS_DEV);
|
||||||
|
|
||||||
my $config = ConfigFile::read_config_file('/etc/cryptobox/cryptobox.conf');
|
my $config = ConfigFile::read_config_file('/etc/cryptobox/cryptobox.conf');
|
||||||
|
|
||||||
|
@ -32,7 +32,7 @@ $LANGUAGE_DIR = $config->{LANGUAGE_DIR};
|
||||||
$LANGUAGE = $config->{LANGUAGE};
|
$LANGUAGE = $config->{LANGUAGE};
|
||||||
$TEMPLATE_DIR = $config->{TEMPLATE_DIR};
|
$TEMPLATE_DIR = $config->{TEMPLATE_DIR};
|
||||||
$DOC_DIR = $config->{DOC_DIR};
|
$DOC_DIR = $config->{DOC_DIR};
|
||||||
$DEVELOPMENT_MARKER = $config->{DEVELOPMENT_MARKER};
|
$IS_DEV = ( -e $config->{DEV_FEATURES_SCRIPT});
|
||||||
|
|
||||||
|
|
||||||
#################### subs ######################
|
#################### subs ######################
|
||||||
|
@ -391,7 +391,7 @@ $pagedata->setValue('Data.Config.Language', `$CB_SCRIPT get_config language`);
|
||||||
$output = (-e "$LOG_FILE") ? `cat '$LOG_FILE' | sed 's/^/<br>/'` : '';
|
$output = (-e "$LOG_FILE") ? `cat '$LOG_FILE' | sed 's/^/<br>/'` : '';
|
||||||
$pagedata->setValue('Data.Log',"$output");
|
$pagedata->setValue('Data.Log',"$output");
|
||||||
|
|
||||||
$pagedata->setValue('Data.Status.DevelopmentMode', 1) if (-e "$DEVELOPMENT_MARKER");
|
$pagedata->setValue('Data.Status.DevelopmentMode', 1) if ($IS_DEV);
|
||||||
|
|
||||||
&render();
|
&render();
|
||||||
|
|
||||||
|
|
|
@ -122,7 +122,7 @@ CASE=$(get_cgi_param case)
|
||||||
|
|
||||||
header
|
header
|
||||||
|
|
||||||
if [ ! -e "$DEVELOPMENT_MARKER" ]
|
if [ ! -e "$DEV_FEATURES_SCRIPT" ]
|
||||||
then echo '<p align="center">This action is only availbale for a development CryptoBox-CD.</p>'
|
then echo '<p align="center">This action is only availbale for a development CryptoBox-CD.</p>'
|
||||||
elif [ "$ACTION" = "generate" -a -n "$GROUP" ]
|
elif [ "$ACTION" = "generate" -a -n "$GROUP" ]
|
||||||
then $VALIDATE_SCRIPT check "$GROUP" </dev/null &>/dev/null &
|
then $VALIDATE_SCRIPT check "$GROUP" </dev/null &>/dev/null &
|
||||||
|
|
Loading…
Reference in New Issue