You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
cryptonas/cbox-build.sh

290 lines
8.1 KiB

#!/bin/sh
#
# managing our work at the cryptobox
#
# usual workflow:
# dfsbuild - create the image directory with dfsbuild
# config - apply cryptobox specific changes to the image directory
# harden - remove unnecessary packages and disable developer features
# iso - create the iso image (out of the image directory)
# burn - tries to burn the the image on a cd-rw (maybe it works)
#
# development actions:
# chroot - run first tests in a chroot environment
# qemu - run the qemu emulation
# devel - enable developer features like sshd, writable templates and
# the test-suite
# upload - copy your local files to tmpfs on a running cryptobox
# diff - compare tmpfs-files on a running cryptobox with the original
# merge - apply the diff to the local copy
#
# final action:
# release - the same as "dfsbuild config harden iso"
#
#
# problems of this script:
# - has to run as root, because dfsbuild, config, iso, chroot, devel
# and release need root privileges
# - 'harden' is strangely integrated
#
# you may run this script with multiple arguments, e.g.:
# cb-build.sh dfsbuild config iso qemu
#
# the action "release" does what it says :)
# (all developer's features like sshd, writable templates and
# the test-suite are deactivated, some packages get removed)
#
set -ue
# get the path of a configuration file - local configuration files
# supersede default files
# parameter: base name of the configuration file
function get_config_file()
{
[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
echo "configuration file ($1) not found!" >&2
exit 1
}
# the base directory of your local development files
ROOT_DIR=$(dirname "$0")
# the template (default) configuration directory
DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
# your local configuration directory (existing files supersede the defaults)
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
# local configuration directory - contains scripts to be executed after
# 'configure'
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
# template directory for cryptobox specific configuration
TEMPLATE_DIR="cbox-tree.d"
# dfsbuild config
CONFIG=$(get_config_file dfs.cbox.conf)
# the chroot-wrapper within the cryptobox
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
# qemu network configuration file
QEMU_IFUP_FILE=$(get_config_file qemu-ifup)
# to connect to a development cryptobox with ssh
SSH_CONFIG_FILE=$(get_config_file ssh_config)
# extract the hostname of the cryptobox from the ssh_config file
SSH_HOST=$(grep "^Host " "$SSH_CONFIG_FILE" | head -1 | sed 's/^Host *\(.*\)$/\1/')
# the script within the box, that does the development 'diff'
DEVEL_FEATURES_SCRIPT="/usr/lib/cryptobox/devel-features.sh"
############# include local configuration ##############
if [ -e "$(get_config_file cbox-dev.conf)" ]
then source "$(get_config_file cbox-dev.conf)"
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
exit 1
fi
# image directory created by dfsbuild
# the BUILD_DIR is defined in the local cbox-dev.conf
IMAGE_DIR="$BUILD_DIR/image"
####################### functions ######################
function run_dfsbuild()
{
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
dfsbuild -c "$CONFIG" -w "$BUILD_DIR"
# remove iso image of dfsbuild - it is not necessary
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
}
function create_iso()
{
echo "Creating the iso ..."
mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
}
function qemu_boot()
{
# create a virtual harddisk image file
if [ ! -e "$HD_IMAGE" ]
then echo "Creating temporary harddisk image ..."
dd if=/dev/zero of="$HD_IMAGE" bs=1M count=20
fi
echo "Starting qemu ..."
qemu -cdrom "$IMAGE_FILE" -m 96 -hda "$IMAGE_FILE" -boot d -n "$QEMU_IFUP_FILE" || true
# remove iptables rules
"$QEMU_IFUP_FILE" stop
}
function configure_cb()
{
if [ ! -e "$IMAGE_DIR" ]; then
echo -e "Directory \"$IMAGE_DIR\" not found!"
echo -e "Did you run \"$0 dfsbuild\"?"
exit
fi
echo "Copying files to the box ..."
[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
rm -rf `find "$TMP_DIR" -type d -name ".svn"`
cp -dr "$TMP_DIR/." "$IMAGE_DIR"
rm -rf "$TMP_DIR"
echo "Configuring the cryptobox ..."
# "harden" removes /etc/issue ...
if [ -e "$IMAGE_DIR/etc/issue" ]
then sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGE_DIR/etc/issue"
else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
fi
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
# source local configure scripts
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
do echo "Sourcing custom configure script $(basename $file):"
# execute it in its own environment (to be safe)
# 'source' implicitly imports all current settings
# indent these lines to improve the output
( source "$file" ) 2>&1 | sed 's/^/\t/'
done
}
function fetch_revision()
{
svn -R info 2>&1 | grep ^Revision| cut -f2 -d " " | sort | tail -1 \
|| echo "unknown release"
}
function upload2devel()
# upload local files to a development cryptobox
# this is necessary to use an "old" development cd with
# new code - this affects only the web-interface and the
# cbox-manage.sh-script (the boot behaviour stays the same)
#
# of course, only the directories that are mapped to tmpfs can
# be updated this way
{
local DIRS="var/www usr/share/cryptobox usr/lib/cryptobox"
[ -e "$TMP_DIR" ] || mkdir -p "$TMP_DIR"
for a in $DIRS
do mkdir -p "$TMP_DIR/$a"
cp -r "$TEMPLATE_DIR/$a/." "$TMP_DIR/$a"
done
find "$TMP_DIR" -type d -name '\.svn' | while read a
do rm -rf "$a"
done
echo "Copying local files to the cryptobox ... "
if scp -F "$SSH_CONFIG_FILE" -rpq "$TMP_DIR/." cryptobox:/tmp/mirror
then echo "Set the base for future diffs to current state ..."
ssh -F "$SSH_CONFIG_FILE" "$SSH_HOST" "$DEVEL_FEATURES_SCRIPT" set_diff_base
else echo 'ERROR: copying failed!'
fi
rm -rf "$TMP_DIR"
}
function merge_from_devel()
# merge a diff from a running development cryptobox into
# your local copy
{
echo "Check for collisions ... (dry-run)"
if devel_diff | patch --dry-run -p1 -d "$TEMPLATE_DIR"
then echo
echo "Applying diff ..."
devel_diff | patch -p1 -d "$TEMPLATE_DIR"
echo
echo "Set the base for future diffs to current state ..."
ssh -F "$SSH_CONFIG_FILE" "$SSH_HOST" "$DEVEL_FEATURES_SCRIPT" set_diff_base
else echo "Merging will fail - do it manually!"
fi
}
# get the diff of a running cryptobox system between its current state
# and its original content
function devel_diff()
{
ssh -F "$SSH_CONFIG_FILE" "$SSH_HOST" "$DEVEL_FEATURES_SCRIPT" diff
}
function blanknburn_cdrw()
{
cdrecord -v dev=$CDWRITER blank=fast
cdrecord -v dev=$CDWRITER $IMAGE_FILE
}
################ do it! ######################
[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"
while [ $# -gt 0 ]
do case "$1" in
dfsbuild )
run_dfsbuild
;;
config )
configure_cb normal
;;
iso )
create_iso
;;
qemu )
qemu_boot
;;
diff )
# get a diff from a running development cryptobox
devel_diff
;;
merge )
merge_from_devel
;;
harden )
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
;;
upload )
upload2devel
;;
chroot )
if [ ! -x "$IMAGE_DIR/$CHROOT_START" ]
then echo "the chroot init script ("$IMAGE_DIR/$CHROOT_START") is not executable"
echo "maybe you should run '`basename $0` cb-config' first"
else chroot "$IMAGE_DIR" "$CHROOT_START"
fi
;;
burn )
blanknburn_cdrw
;;
release )
$0 dfsbuild config harden iso
;;
help|--help )
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | qemu | chroot | burn | upload | diff | merge | help )"
echo " (you may specify more than one action)"
echo
;;
* )
echo -e "unknown action: $1"
echo
$0 help
exit 1
;;
esac
shift
done