warning for unusable cdebootstrap version added
chroot procedure simplified cryptobox and perl-clearsilver package added to dfsbuild config init.d-script moved closer to "debian" style uninitialized config partition does not cause error in boot script anymore /etc/default/cryptobox completed initialization of network, stunnel and iptables now depends on /etc/default settings removed hard-coded dependencies on samba and thttpd
This commit is contained in:
parent
8d19f7a1b5
commit
da3774d537
15 changed files with 202 additions and 97 deletions
|
@ -2,9 +2,25 @@
|
|||
#
|
||||
# $Id$
|
||||
#
|
||||
# the default setup of the cryptobox is complete inactivity
|
||||
|
||||
# set to "1" to turn off the cryptobox - otherwise "0"
|
||||
NO_START=0
|
||||
NO_START=1
|
||||
|
||||
# change the default configuration file if necessary
|
||||
#CONF_FILE=/etc/cryptobox/cryptobox.conf
|
||||
|
||||
# should the cryptobox skip the network interface configuration?
|
||||
# "0" means skip (default) --- "1" causes the cryptobox to configure it
|
||||
SKIP_NETWORK_CONFIG=1
|
||||
|
||||
# should the cryptobox set some firewall (iptables) rules?
|
||||
# if this is turned off, then you have to add the appropriate
|
||||
# rules manually (if you need the timeout feature of the cryptobox)
|
||||
# default is 0
|
||||
EXEC_FIREWALL_RULES=0
|
||||
|
||||
# use stunnel for https support?
|
||||
# default is 0
|
||||
USE_STUNNEL=0
|
||||
|
||||
|
|
|
@ -13,7 +13,13 @@ set -eu
|
|||
# startup switch defaults to zero (enabled)
|
||||
NO_START=${NO_START:-0}
|
||||
# check startup switch
|
||||
[ "$NO_START" = "1" ] && echo "CryptoBox is disabled" && exit 0
|
||||
if [ "$NO_START" = "1" ]
|
||||
then [ $# -eq 0 ] && exit 0
|
||||
[ "$1" = "status" ] && exit 1
|
||||
[ "$1" = "stop" ] && exit 0
|
||||
echo "CryptoBox is disabled"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# stop-on-errors
|
||||
set -eu
|
||||
|
@ -23,9 +29,9 @@ CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
|||
|
||||
# parse config file
|
||||
if [ -e "$CONF_FILE" ]
|
||||
then echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
|
||||
then . "$CONF_FILE"
|
||||
else echo "[$(basename $0)] - configuration file ($CONF_FILE) not found!" >&2
|
||||
exit 1
|
||||
else . "$CONF_FILE"
|
||||
fi
|
||||
|
||||
case "$1" in
|
||||
|
|
|
@ -17,8 +17,13 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
## configuration
|
||||
CERT_TEMP=/tmp/stunnel.pem
|
||||
|
@ -54,10 +59,10 @@ function create_partitions()
|
|||
{
|
||||
# TODO: allow different layouts
|
||||
# TODO: skip config partition if a configuration is already active
|
||||
local device="$1"
|
||||
local device=$1
|
||||
# first partition size is 1 sector, second goes til end
|
||||
# sfdisk -n doesn't actually write (for testing purpose)
|
||||
echo -e "0,1,L \n,,L\n" | $SFDISK "$device"
|
||||
echo -e "0,1,L \n,,L\n" | "$SFDISK" "$device"
|
||||
}
|
||||
|
||||
|
||||
|
@ -105,7 +110,7 @@ function config_get_value()
|
|||
function create_config()
|
||||
# Parameter: device
|
||||
{
|
||||
local device="$1"
|
||||
local device=$1
|
||||
# create the new configuration filesystem if it is not static
|
||||
if is_config_mounted
|
||||
then log_msg "Using static configuration ..."
|
||||
|
@ -228,6 +233,7 @@ function create_crypto()
|
|||
$MKFS_DATA "$CRYPTMAPPER_DIR/$uuid" | tr '\0101' ' '
|
||||
|
||||
# set user for samba
|
||||
# TODO: rename SAMBA_USER to something like FILE_USER
|
||||
mkdir -p "$MNT_PARENT/$name"
|
||||
mount "$CRYPTMAPPER_DIR/$uuid" "$MNT_PARENT/$name"
|
||||
chown $SAMBA_USER "$MNT_PARENT/$name"
|
||||
|
@ -301,7 +307,7 @@ function get_available_disks()
|
|||
{
|
||||
for scan in $SCAN_DEVICES
|
||||
do for avail in $ALL_PARTITIONS
|
||||
do [ "$scan" = "$avail" ] && echo "$a"
|
||||
do [ "$scan" = "$avail" ] && echo "/dev/$avail"
|
||||
done
|
||||
done
|
||||
}
|
||||
|
@ -319,10 +325,10 @@ function mount_config()
|
|||
# modify all scan_devices to get regular expressions like "^hda[0-9]*$"
|
||||
local scan_regex=$(echo "SCAN_DEVICES" | tr " " "\n" | sed 's/^/^/; s/$/[0-9]*$/')
|
||||
echo "$ALL_PARTITIONS" | grep "$scan_regex" | while read part
|
||||
do log_msg "Trying to load configuration from $part ..."
|
||||
if config_mount_test "$part"
|
||||
do log_msg "Trying to load configuration from /dev/$part ..."
|
||||
if config_mount_test "/dev/$part"
|
||||
then log_msg "configuraton found on $part"
|
||||
mount "$part" "$CONFIG_DIR"
|
||||
mount "/dev/$part" "$CONFIG_DIR"
|
||||
# copy certificate to /tmp in case of re-initialization
|
||||
# /tmp should be writable, so tmpfs has to be mounted before (/etc/rcS.d)
|
||||
cp "$CERT_FILE" "$CERT_TEMP"
|
||||
|
@ -351,16 +357,17 @@ function mount_crypto()
|
|||
local device=$1
|
||||
[ -z "$device" ] && error_msg 4 'No valid harddisk found!' && return 1
|
||||
is_crypto_mounted "$device" && echo "The crypto filesystem is already active!" && return
|
||||
local uuid=$(get_crypto_uuid $device)
|
||||
local name=$(get_crypto_name $device)
|
||||
local uuid=$(get_crypto_uuid "$device")
|
||||
local name=$(get_crypto_name "$device")
|
||||
# passphrase is read from stdin
|
||||
log_msg "Mounting crypto partition $name ($device)"
|
||||
$CRYPTSETUP luksOpen "$device" "$uuid"
|
||||
[ -e "$MNT_PARENT/$name" ] || mkdir -p "$MNT_PARENT/$name"
|
||||
if mount "$CRYPTMAPPER_DIR/$uuid" "$MNT_PARENT/$name"
|
||||
then log_msg "Mount succeeded - now starting samba ..."
|
||||
/etc/init.d/samba start
|
||||
return 0
|
||||
then true
|
||||
# log_msg "Mount succeeded - now starting samba ..."
|
||||
# /etc/init.d/samba start
|
||||
return 0
|
||||
else log_msg "Mount failed - removing the crypto device $uuid ..."
|
||||
$CRYPTSETUP luksClose "$uuid"
|
||||
return 1
|
||||
|
@ -375,14 +382,14 @@ function umount_crypto()
|
|||
# do not break on error
|
||||
set +e
|
||||
# TODO: do not stop samba - or do it just temporarily
|
||||
if ps -e | grep -q " [sn]mbd$"
|
||||
then log_msg "Stopping samba ..."
|
||||
/etc/init.d/samba stop
|
||||
ps -e | grep -q " smbd$" && killall smbd
|
||||
ps -e | grep -q " nmbd$" && killall nmbd
|
||||
ps -e | grep -q " smbd$" && killall -9 smbd
|
||||
ps -e | grep -q " nmbd$" && killall -9 nmbd
|
||||
fi
|
||||
#if ps -e | grep -q " [sn]mbd$"
|
||||
# then log_msg "Stopping samba ..."
|
||||
# /etc/init.d/samba stop
|
||||
# ps -e | grep -q " smbd$" && killall smbd
|
||||
# ps -e | grep -q " nmbd$" && killall nmbd
|
||||
# ps -e | grep -q " smbd$" && killall -9 smbd
|
||||
# ps -e | grep -q " nmbd$" && killall -9 nmbd
|
||||
# fi
|
||||
local uuid=$(get_crypto_uuid $device)
|
||||
local name=$(get_crypto_name $device)
|
||||
if mountpoint -q "$MNT_PARENT/$name"
|
||||
|
@ -439,46 +446,54 @@ export PATH=/usr/sbin:/usr/bin:/sbin:/bin
|
|||
|
||||
|
||||
ACTION=help
|
||||
[ $# -gt 0 ] && ACTION="$1" && shift
|
||||
[ $# -gt 0 ] && ACTION=$1 && shift
|
||||
|
||||
case "$ACTION" in
|
||||
config-up )
|
||||
if mount_config
|
||||
then echo "Cryptobox configuration successfully loaded"
|
||||
else error_msg 3 "Could not find a configuration partition!"
|
||||
else error_msg 0 "Could not find a configuration partition!"
|
||||
fi
|
||||
;;
|
||||
config-down )
|
||||
umount_config || error_msg 4 "Could not unmount configuration partition"
|
||||
;;
|
||||
network-up )
|
||||
kudzu -s -q --class network
|
||||
conf_ip=$(config_get_value "ip")
|
||||
log_msg "Configured $NET_IFACE for $conf_ip ..."
|
||||
ifconfig $NET_IFACE "$conf_ip"
|
||||
echo "Configured network interface for $NET_IFACE: $conf_ip"
|
||||
log_msg "Starting the firewall ..."
|
||||
"$FIREWALL_SCRIPT" start
|
||||
# start stunnel
|
||||
if [ -f "$CERT_FILE" ]
|
||||
then USE_CERT=$CERT_FILE
|
||||
else USE_CERT=$CERT_TEMP
|
||||
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
|
||||
if [ "${SKIP_NETWORK_CONFIG:-1}" != 1 ]
|
||||
then conf_ip=$(config_get_value "ip")
|
||||
log_msg "Configuring $NET_IFACE for $conf_ip ..."
|
||||
echo "Configuring network interface for $NET_IFACE: $conf_ip"
|
||||
ifconfig $NET_IFACE "$conf_ip"
|
||||
fi
|
||||
if [ "${EXEC_FIREWALL_RULES:-0}" = 1 ]
|
||||
then log_msg "Starting the firewall ..."
|
||||
"$FIREWALL_SCRIPT" start
|
||||
fi
|
||||
if [ "${USE_STUNNEL:-0}" = 1 ]
|
||||
then # start stunnel
|
||||
if [ -f "$CERT_FILE" ]
|
||||
then USE_CERT=$CERT_FILE
|
||||
else USE_CERT=$CERT_TEMP
|
||||
$MAKE_CERT_SCRIPT "$CERT_TEMP" >>"$LOG_FILE" 2>&1
|
||||
fi
|
||||
log_msg "Starting stunnel ..."
|
||||
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|
||||
|| echo "$USE_CERT not found - not starting stunnel"
|
||||
fi
|
||||
log_msg "Starting stunnel ..."
|
||||
stunnel -p "$USE_CERT" -r localhost:80 -d 443 \
|
||||
|| echo "$USE_CERT not found - not starting stunnel"
|
||||
# this ping allows other hosts to get the IP of
|
||||
# the box, in case of misconfiguration
|
||||
ping -b -c 1 $(ifconfig $NET_IFACE | grep Bcast | cut -d ":" -f 3 | cut -d " " -f 1) &>/dev/null
|
||||
;;
|
||||
network-down )
|
||||
log_msg "Stopping the firewall ..."
|
||||
"$FIREWALL_SCRIPT" stop
|
||||
log_msg "Stopping stunnel ..."
|
||||
killall stunnel
|
||||
log_msg "Shutting the network interface down ..."
|
||||
ifconfig "$NET_IFACE" down
|
||||
if [ "${EXEC_FIREWALL_RULES:-0}" = 1 ]
|
||||
then log_msg "Stopping the firewall ..."
|
||||
"$FIREWALL_SCRIPT" stop
|
||||
fi
|
||||
if [ "${USE_STUNNEL:-0}" = 1 ]
|
||||
then log_msg "Stopping stunnel ..."
|
||||
killall stunnel
|
||||
fi
|
||||
if [ "${SKIP_NETWORK_CONFIG:-1}" != 1 ]
|
||||
then log_msg "Shutting the network interface down ..."
|
||||
ifconfig "$NET_IFACE" down
|
||||
fi
|
||||
;;
|
||||
services-up )
|
||||
# the mount point has to be writeable
|
||||
|
@ -487,8 +502,9 @@ case "$ACTION" in
|
|||
;;
|
||||
services-down )
|
||||
umount "$MNT_PARENT"
|
||||
/etc/init.d/samba stop || true
|
||||
/etc/init.d/thttpd stop || true
|
||||
# TODO: we should not depend on samba and thttpd
|
||||
# /etc/init.d/samba stop || true
|
||||
# /etc/init.d/thttpd stop || true
|
||||
true
|
||||
;;
|
||||
crypto-up )
|
||||
|
@ -496,7 +512,7 @@ case "$ACTION" in
|
|||
mount_crypto "$1"
|
||||
;;
|
||||
crypto-down )
|
||||
[ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-up'"
|
||||
[ $# -ne 1 ] && error_msg "invalid number of parameters for 'crypto-down'"
|
||||
umount_crypto "$1"
|
||||
;;
|
||||
init )
|
||||
|
@ -543,7 +559,9 @@ case "$ACTION" in
|
|||
update_ip_address )
|
||||
# reconfigure the network interface to a new IP address
|
||||
# wait for 5 seconds to finish present http requests
|
||||
echo -n "sleep 5; ifconfig $NET_IFACE `config_get_value ip`" | at now
|
||||
if [ "${SKIP_NETWORK_CONFIG:-1}" != 1 ]
|
||||
then echo -n "sleep 5; ifconfig $NET_IFACE $(config_get_value ip)" | at now
|
||||
fi
|
||||
;;
|
||||
get_available_disks )
|
||||
get_available_disks
|
||||
|
@ -561,7 +579,7 @@ case "$ACTION" in
|
|||
;;
|
||||
diskinfo )
|
||||
get_available_disks | while read a
|
||||
do $SFDISK -L -q -l "$a"
|
||||
do "$SFDISK" -L -q -l "$a"
|
||||
done
|
||||
;;
|
||||
box-purge )
|
||||
|
@ -588,8 +606,8 @@ case "$ACTION" in
|
|||
echo " network-down - disable network interface"
|
||||
echo " services-up - run some cryptobox specific daemons"
|
||||
echo " services-down - stop some cryptobox specific daemons"
|
||||
echo " crypto-up - mount crypto partition and start samba"
|
||||
echo " crypto-down - unmount crypto partition and stop samba"
|
||||
echo " crypto-up - mount crypto partition"
|
||||
echo " crypto-down - unmount crypto partition"
|
||||
echo " box-init - initialize cryptobox (ALL data is LOST)"
|
||||
echo " box-init-fg - the first part of initialization"
|
||||
echo " box-init-bg - the last part of initialization (background)"
|
||||
|
|
|
@ -27,8 +27,13 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
|
||||
############# some functions ##################
|
||||
|
|
|
@ -17,8 +17,13 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
RUNTIMEDIR=/opt/dfsruntime/runtimerd
|
||||
TUNDEV=$RUNTIMEDIR/dev/net/tun
|
||||
|
@ -37,6 +42,12 @@ SERVICES_OFF="ssh samba setserial nviboot mountnfs ntpdate"
|
|||
function configure_normal()
|
||||
# the usual stuff - not optimized for security
|
||||
{
|
||||
##### cryptobox settings ######
|
||||
sed -i '/^NO_START=.*$/NO_START=0/'
|
||||
sed -i '/^SKIP_NETWORK_CONFIG=.*$/SKIP_NETWORK_CONFIG=0/'
|
||||
sed -i '/^EXEC_FIREWALL_RULES=.*$/EXEC_FIREWALL_RULES=1/'
|
||||
sed -i '/^USE_STUNNEL=.*$/USE_STUNNEL=1/'
|
||||
|
||||
########### boot up ###########
|
||||
# turn off creation of "/etc/nologin" (read-only fs)
|
||||
sed -i '/^DELAYLOGIN=/s/^DELAYLOGIN=.*$/DELAYLOGIN=no/' /etc/default/rcS
|
||||
|
|
|
@ -17,8 +17,13 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
MIRROR_DIR=/tmp/mirror
|
||||
MIRROR_ORIG_DIR=/tmp/mirror.orig
|
||||
|
|
|
@ -15,8 +15,13 @@
|
|||
|
||||
set -u
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
|
||||
ACTION="help"
|
||||
|
|
|
@ -17,11 +17,16 @@
|
|||
|
||||
set -eu
|
||||
|
||||
# read the default setting file, if it exists
|
||||
[ -e /etc/default/cryptobox ] && . /etc/default/cryptobox
|
||||
|
||||
# set CONF_FILE to default value, if not configured in /etc/default/cryptobox
|
||||
CONF_FILE=${CONF_FILE:-/etc/cryptobox/cryptobox.conf}
|
||||
# parse config file
|
||||
. /etc/cryptobox/cryptobox.conf
|
||||
. "$CONF_FILE"
|
||||
|
||||
|
||||
## vcert values are in openssl.conf
|
||||
# vcert values are in OPENSSL_CONF_FILE
|
||||
CERTFILE="$1"
|
||||
TMP_FILE=/tmp/cryptobox-cert.tmp
|
||||
|
||||
|
|
Binary file not shown.
|
@ -11,23 +11,26 @@
|
|||
BUILD_DIR="$ROOT_DIR/_builddir"
|
||||
|
||||
# the cryptobox development files
|
||||
TEMPLATE_DIR="$ROOT_DIR/live-cd-tree.d"
|
||||
CBOX_DEVEL_DIR=$ROOT_DIR/cbox-tree.d
|
||||
|
||||
# template for live-cd
|
||||
TEMPLATE_DIR=$ROOT_DIR/live-cd-tree.d
|
||||
|
||||
# the iso image
|
||||
IMAGE_FILE="$BUILD_DIR/cryptobox.iso"
|
||||
IMAGE_FILE=$BUILD_DIR/cryptobox.iso
|
||||
|
||||
# temporary directory
|
||||
TMP_DIR="/tmp/`basename $0`-$$"
|
||||
TMP_DIR=/tmp/$(basename $0)-$$
|
||||
|
||||
# the virtual harddisk image used for qemu
|
||||
HD_IMAGE="/tmp/`basename $0`-testplatte.img"
|
||||
HD_IMAGE=/tmp/$(basename $0)-testplatte.img
|
||||
|
||||
# mkisofs options (the option "-U" is not clean, but it prevents long
|
||||
# filenames from getting mapped)
|
||||
MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R"
|
||||
|
||||
# for burning a CD
|
||||
CDWRITER="0,0,0"
|
||||
CDWRITER=0,0,0
|
||||
|
||||
|
||||
####################### validation ########################
|
||||
|
|
|
@ -126,7 +126,7 @@ ramdisk_files = /etc/resolv.conf
|
|||
/var/spool/cron
|
||||
|
||||
# Directories to create on live fs
|
||||
makedirs = /root/.elinks
|
||||
makedirs =
|
||||
|
||||
# Files to delete from live fs
|
||||
deletefiles = /etc/rcS.d/*discover
|
||||
|
@ -145,18 +145,19 @@ deletefiles = /etc/rcS.d/*discover
|
|||
#modules = /lib/modules/2.4.27-2-386
|
||||
|
||||
# Debs from local fs to unpack on live FS (will not be configured)
|
||||
# cryptsetup-luks can not be install regurlarly, because of a weird dpkg error
|
||||
# ("statusoverride ... Debian-exim" - this can probably be fixed, by adding the group
|
||||
# Debian-exim to the host system)
|
||||
# cryptsetup-luks and perl-clearsilver can not be installed regurlarly, because of a weird
|
||||
# dpkg error ("statusoverride ... Debian-exim" - this can probably be fixed, by adding
|
||||
# the group Debian-exim to the host system)
|
||||
unpackdebs = packages/kernel-image-2.6.12.6_cryptobox0.3_i386.deb
|
||||
packages/cryptsetup-luks_1.0.1-3_i386.deb
|
||||
packages/perl-clearsilver_0.9.13-3.2_all.deb
|
||||
packages/cryptobox_0.3.0-1_all.deb
|
||||
|
||||
# Other packages to install besides the list in DEFAULT
|
||||
packages = %(allpackages)s
|
||||
|
||||
# Debs from local fs to isntall on live fs
|
||||
installdebs = packages/cryptobox_0.3.0-1_all.deb
|
||||
packages/perl-clearsilver_0.9.13-3.2_all.deb
|
||||
#installdebs =
|
||||
|
||||
# Bootloader (see options under default)
|
||||
bootloader = grub-no-emul
|
||||
|
|
|
@ -50,7 +50,10 @@ DFS_CONFIG=$(get_config_file dfs-cbox.conf)
|
|||
function run_dfsbuild()
|
||||
{
|
||||
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
|
||||
dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR"
|
||||
LANG=C dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR/"
|
||||
|
||||
# finish package installation
|
||||
echo "dpkg --configure --prending" | chroot_image
|
||||
|
||||
# remove iso image of dfsbuild - it is not necessary
|
||||
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
|
||||
|
@ -97,11 +100,11 @@ function configure_cb()
|
|||
exit 1
|
||||
fi
|
||||
|
||||
echo "Copying files to the box ..."
|
||||
echo "Copying files to the box ..."
|
||||
svn export --force "$TEMPLATE_DIR/." "$IMAGE_DIR"
|
||||
|
||||
echo "Configuring the cryptobox ..."
|
||||
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
||||
echo "/usr/lib/cryptobox/configure-cryptobox.sh normal" | chroot_image
|
||||
|
||||
# source local configure scripts
|
||||
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
||||
|
@ -144,6 +147,15 @@ while [ $# -gt 0 ]
|
|||
# check if we are in ROOT_DIR - otherwise we will have problems with
|
||||
# relative paths in dfs-box.conf
|
||||
[ "$ROOT_DIR" -ef "$(pwd)" ] || error_die 1 "Sorry: you have to run $0 while you are in '$ROOT_DIR'!"
|
||||
# check for cdebootstrap version (there are problems after 0.3.4)
|
||||
cde_version=$(cdebootstrap --version | head -1 | sed 's/[^0-9]//g')
|
||||
if [ "$cde_version" -gt 034 ]
|
||||
then echo "BEWARE: There have been problems with cdebootstrap after v0.3.4." >&2
|
||||
echo " Maybe you should consider downgrading cdebootstrap to sarge/stable," >&2
|
||||
echo " if you experience problems with dfsbuild." >&2
|
||||
echo "Press return key to continue ..."
|
||||
read
|
||||
fi
|
||||
run_dfsbuild
|
||||
;;
|
||||
config )
|
||||
|
@ -156,7 +168,7 @@ while [ $# -gt 0 ]
|
|||
create_compressed_iso
|
||||
;;
|
||||
harden )
|
||||
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
||||
echo "/usr/lib/cryptobox/configure-cryptobox.sh secure" | chroot_image
|
||||
;;
|
||||
burn )
|
||||
blanknburn_cdrw
|
||||
|
|
|
@ -40,9 +40,9 @@ SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1
|
|||
|
||||
|
||||
# read some cryptobox settings (especially "DEV_FEATURES_SCRIPT")
|
||||
if [ -e "$TEMPLATE_DIR/etc/cryptobox/cryptobox.conf" ]
|
||||
then source "$TEMPLATE_DIR/etc/cryptobox/cryptobox.conf"
|
||||
else echo "cryptobox.conf ($TEMPLATE_DIR/etc/cryptobox/cryptobox.conf) does not exist!" >&2
|
||||
if [ -e "$CBOX_DEVEL_DIR/etc/cryptobox/cryptobox.conf" ]
|
||||
then source "$CBOX_DEVEL_DIR/etc/cryptobox/cryptobox.conf"
|
||||
else echo "cryptobox.conf ($CBOX_DEVEL_DIR/etc/cryptobox/cryptobox.conf) does not exist!" >&2
|
||||
fi
|
||||
|
||||
####################### functions ######################
|
||||
|
@ -138,16 +138,12 @@ case "$1" in
|
|||
chroot )
|
||||
# chroot may only be called as root
|
||||
[ "$(id -u)" -ne 0 ] && echo "the action 'chroot' may only be called as root!" >&2 && exit 1
|
||||
if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
|
||||
then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
|
||||
echo "maybe you should run '`basename $0` cb-config' first"
|
||||
else echo
|
||||
echo "##############################################################################"
|
||||
echo "# BEWARE: you can severly harm your real harddisk in the chroot environment! #"
|
||||
echo "##############################################################################"
|
||||
echo
|
||||
chroot "$IMAGE_DIR" "$CHROOT_START"
|
||||
fi
|
||||
echo
|
||||
echo "##############################################################################"
|
||||
echo "# BEWARE: you can severly harm your real harddisk in the chroot environment! #"
|
||||
echo "##############################################################################"
|
||||
echo
|
||||
chroot_image
|
||||
;;
|
||||
qemu )
|
||||
qemu_boot "$IMAGE_FILE"
|
||||
|
|
|
@ -21,6 +21,32 @@ function error_die()
|
|||
exit $1
|
||||
}
|
||||
|
||||
function chroot_image()
|
||||
{
|
||||
MNT_SRC=$IMAGE_DIR/opt/dfsruntime/runtimerd
|
||||
MNT_DST=$IMAGE_DIR/opt/dfsruntime/runtimemnt
|
||||
TMP_DIR=/tmp/cryptobox-chroot-$(basename $0)-$$
|
||||
[ -d "$TMP_DIR" ] && rm -rf "$TMP_DIR"
|
||||
|
||||
cp -a "$MNT_SRC/." "$TMP_DIR"
|
||||
mount --bind "$TMP_DIR" "$MNT_DST"
|
||||
|
||||
[ ! -e "$TMP_DIR/dev/null" ] && mknod "$TMP_DIR/dev/null" c 1 3 && chmod 666 "$TMP_DIR/dev/null"
|
||||
[ ! -e "$TMP_DIR/dev/urandom" ] && mknod "$TMP_DIR/dev/urandom" c 1 9 && chmod 444 "$TMP_DIR/dev/urandom"
|
||||
[ ! -e "$TMP_DIR/dev/console" ] && mknod "$TMP_DIR/dev/console" c 1 5 && chmod 660 "$TMP_DIR/dev/console"
|
||||
|
||||
# remember, if proc was mounted before (e.g. because of a running chroot)
|
||||
local PROC_WAS_MOUNTED=no
|
||||
mount -t proc proc "$IMAGE_DIR/proc" 2>/dev/null || PROC_WAS_MOUNTED=yes
|
||||
|
||||
# default language setting - prevents dpkg error messages
|
||||
# set default terminal (good if you are running in a screen session)
|
||||
LANG=C TERM=linux chroot "$IMAGE_DIR" /bin/bash
|
||||
|
||||
umount "$MNT_DST"
|
||||
[ "$PROC_WAS_MOUNTED" = "no" ] && umount "$IMAGE_DIR/proc"
|
||||
rm -r "$TMP_DIR"
|
||||
}
|
||||
|
||||
################### general settings ###################
|
||||
|
||||
|
|
|
@ -19,7 +19,6 @@ source $(dirname $0)/common.sh.inc
|
|||
DEB_BUILD_DIR=/tmp/cryptobox-debian-$$
|
||||
[ -e "$DEB_BUILD_DIR" ] && rm -rf "$DEB_BUILD_DIR"
|
||||
|
||||
DEB_ROOT_DIR=$TEMPLATE_DIR
|
||||
DEB_CONTROL_DIR=$ROOT_DIR/DEBIAN
|
||||
DEB_PACKAGE_DIR=$ROOT_DIR/packages
|
||||
|
||||
|
@ -30,11 +29,8 @@ ACTION=build
|
|||
|
||||
case "$ACTION" in
|
||||
build )
|
||||
# check for uid=0 (necessary for building)
|
||||
#[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1
|
||||
svn export "$DEB_ROOT_DIR" "$DEB_BUILD_DIR" >/dev/null
|
||||
svn export "$CBOX_DEVEL_DIR" "$DEB_BUILD_DIR" >/dev/null
|
||||
svn export "$DEB_CONTROL_DIR" "$DEB_BUILD_DIR/DEBIAN" >/dev/null
|
||||
#chown -R root. "$DEB_BUILD_DIR/usr/share/doc/"
|
||||
fakeroot dpkg-deb --build "$DEB_BUILD_DIR" "$DEB_PACKAGE_DIR"
|
||||
rm -rf "$DEB_BUILD_DIR"
|
||||
;;
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue