#!/bin/sh
#
# this script is part of the building process of the cryptobox
#
# called by:
#	- cbox-build.sh after copying custom files and before creating the iso image
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf

RUNTIMEDIR=/opt/dfsruntime/runtimerd
TUNDEV=$RUNTIMEDIR/dev/net/tun

[ ! -e "/proc/mounts" ] && mount -t proc proc /proc

######### devices ##########
# create tun device for running under qemu
if [ ! -e "$TUNDEV" ]
	then	mkdir -p `dirname "$TUNDEV"`
		mknod "$TUNDEV" c 10 200
  fi

######### thttpd ###########
# change thttpd's config from 'chroot' to 'nochroot' - otherwise no perl script will run
sed -i "s/^chroot$/nochroot/" /etc/thttpd/thttpd.conf
# change thttpd-user from www-data to root (permissions for mount, cryptsetup, ...)
sed -i "s/^user=.*/user=root/" /etc/thttpd/thttpd.conf

######### bashrc ###########
# remove dfshints from bashrc
sed -i "/^dfshints$/d" $RUNTIMEDIR/root/.bashrc

########## sshd ############
# allow empty passwords for ssh
#  the daemon is NOT started automatically, so you have to start it
#  manually in case of need - as the root pw is empty and passwd is ro, you
#  have to allow empty passwords for this rare case
sed -i 's/^PermitEmptyPass.*$/PermitEmptyPasswords yes/' /etc/ssh/sshd_config
# turn off PAM for ssh, as it prevents the use of empty passwords (stange behaviour)
sed -i 's/^UsePAM.*$/UsePAM no/' /etc/ssh/sshd_config
# allow nput of password
sed -i 's/^PasswordAuthentication.*$/PasswordAuthentication yes/' /etc/ssh/sshd_config

umount /proc