#!/bin/sh # # managing our work at the cryptobox # # usual workflow: # dfsbuild - create the image directory with dfsbuild and copy it to # the working directory # config - apply cryptobox specific changes to the working directory # iso - create the iso image (out of the working directory) # burn - tries to burn the the image on a cd-rw (maybe it works) # # development actions: # chroot - run first tests in a chroot environment # qemu - run the qemu emulation # devel - enable developer features like sshd, writable templates and # the test-suite (can be undone by "revert") # revert - reset the working directory to the image created by dfsbuild # # final action: # release - the same as "dfsbuild config iso" # # # problems of this script: # - has to run as root, because dfsbuild, config, iso, chroot, devel, # revert and release need root privileges # # you may run this script with multiple arguments, e.g.: # cb-build.sh dfsbuild config iso qemu # # the action "release" does what it says :) # (all developer's features like sshd, writable templates and # the test-suite are deactivated) # set -ue # dfsbuild config CONFIG="dfs.cbox.conf" # the build directory (will be ERASED without warning) BUILDDIR="_builddir/cd1" # image directory created by dfsbuild IMAGEDIR_ORIG="$BUILDDIR/image" # a working copy of the image directory IMAGEDIR="$BUILDDIR/image-working" # template directory for cryptobox specific configuration TEMPLATEDIR="cryptobox.conf.d" # the iso image IMAGEFILE="$BUILDDIR/image.iso" # temporary directory TMPDIR="/tmp/`basename $0`-$$" HD_IMAGE="/tmp/`basename $0`-testplatte.img" # mkisofs options (the option "-U" is not clean, but it prevents long filenames from getting mapped) MKISOFS_OPTIONS="-allow-multidot -U -D -iso-level 3 -b boot/grub/stage2_eltorito -no-emul-boot -boot-load-size 1 -boot-info-table -pad -R" CHROOTSTART="/scripts/chroot-start.sh" CDWRITER="0,0,0" # for development diffs and merges from a running cryptobox REMOTE_COMMAND="ssh -l root `cat \"$TEMPLATEDIR/usr/share/cryptobox/defaults/ip\"` /scripts/devel-features.sh" REMOTE_COPY_DEST="root@`cat \"$TEMPLATEDIR/usr/share/cryptobox/defaults/ip\"`:/tmp/mirror/" function run_dfsbuild() { [ ! -e "$BUILDDIR" ] && mkdir -p "$BUILDDIR" && echo "das BuildDir ($BUILDDIR) wurde angelegt ..." dfsbuild -c "$CONFIG" -w "$BUILDDIR" } function create_iso() { echo "Creating the iso ..." mkisofs $MKISOFS_OPTIONS -o "$IMAGEFILE" "$IMAGEDIR" } function qemu_boot() { if [ ! -e "$HD_IMAGE" ] then echo "Creating temporary harddisk image ..." dd if=/dev/zero of="$HD_IMAGE" bs=1M count=5 fi echo "Starting qemu ..." qemu -cdrom "$IMAGEFILE" -m 64 -hda "$IMAGEFILE" -boot d -n misc/qemu-ifup || true # remove iptables rules misc/qemu-ifup stop } function init_working_directory() { [ -e "$IMAGEDIR" ] && echo "Removing old image dir ..." && rm -r "$IMAGEDIR" echo "Copying the dfsbuild-image ..." cp -a "$IMAGEDIR_ORIG" "$IMAGEDIR" } function configure_cb() { if [ ! -e "$IMAGEDIR" ]; then echo -e "Directory \"$IMAGEDIR\" not found!" echo -e "Did you run \"$0 dfsbuild\"?" echo -e "Otherwise try \"$0 revert\" to fix this." exit fi echo "Copying files into the box ..." [ -e "$TMPDIR" ] && rm -rf "$TMPDIR" cp -r "$TEMPLATEDIR/." "$TMPDIR" rm -rf `find "$TMPDIR" -type d -name ".svn"` cp -r "$TMPDIR/." "$IMAGEDIR" rm -rf "$TMPDIR" echo "Configuring the cryptobox ..." sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGEDIR/etc/issue" fetch_revision >"$IMAGEDIR/etc/cryptobox/revision" chroot "$IMAGEDIR" "/scripts/configure-cryptobox.sh" } function fetch_revision() { svn -R info| grep ^Revision| cut -f2 -d " " | sort | tail -1 } function upload2devel() # upload local files to a development cryptobox # this is necessary to use an "old" development cd with # new code - this affects only the web-interface and the # cryptobox.sh-script (the boot behaviour stays the same) # # of course, only the directories that are mapped to tmpfs can # be updated this way { local DIRS="scripts var/www usr/share/cryptobox usr/lib/cryptobox" [ -e "$TMPDIR" ] || mkdir -p "$TMPDIR" for a in $DIRS do mkdir -p "$TMPDIR/$a" cp -r "$TEMPLATEDIR/$a/." "$TMPDIR/$a" done find "$TMPDIR" -type d -name '\.svn' | while read a do rm -rf "$a" done scp -rpq "$TMPDIR/." "$REMOTE_COPY_DEST" rm -rf "$TMPDIR" $REMOTE_COMMAND set_diff_base } function merge_from_devel() # merge a diff from a running development cryptobox into # this working directory { cd "$TEMPLATEDIR" echo "Check for collisions ... (dry-run)" if $REMOTE_COMMAND diff | patch --dry-run -p1 then echo echo "Applying diff ..." $REMOTE_COMMAND diff | patch -p1 # set the base for the next diff to present state $REMOTE_COMMAND set_diff_base else echo "Merging will fail - do it manually!" fi } function blanknburn_cdrw() { cdrecord -v dev=$CDWRITER blank=fast cdrecord -v dev=$CDWRITER $IMAGEFILE } ################ do it! ###################### [ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'" while [ $# -gt 0 ] do case "$1" in dfsbuild ) run_dfsbuild init_working_directory ;; config ) configure_cb ;; iso ) create_iso ;; qemu ) qemu_boot ;; revert ) init_working_directory ;; diff ) # get a diff from a running development cryptobox $REMOTE_COMMAND diff ;; merge ) merge_from_devel ;; upload ) upload2devel ;; chroot ) if [ ! -x "$IMAGEDIR/$CHROOTSTART" ] then echo "the chroot init script ("$IMAGEDIR/$CHROOTSTART") is not executable" echo "maybe you should run '`basename $0` cb-config' first" else chroot "$IMAGEDIR" "$CHROOTSTART" fi ;; devel ) echo "Developer's features are enabled - do NOT use this CD in a production system!" # add the development marker to the working copy echo "BEWARE: this CryptoBox is not usable" > "$IMAGEDIR/DEVELOPMENT_CRYPTOBOX" ;; burn ) blanknburn_cdrw ;; release ) $0 dfsbuild config iso ;; help|--help ) echo "Syntax: `basename $0` ( dfsbuild | config | iso | release | qemu | revert | chroot | devel | burn | help )" echo " (you may specify more than one action)" echo ;; * ) echo -e "unknown action: $1" echo $0 help exit 1 ;; esac shift done