lars
989a64d3d7
cbox-build.sh: CONFIG renamed to DFS_CONFIG removed some unnecessary settings from cbox-build.sh and cbox-dev.sh
190 lines
5.1 KiB
Bash
Executable file
190 lines
5.1 KiB
Bash
Executable file
#!/bin/sh
|
|
#
|
|
# managing our work at the cryptobox
|
|
#
|
|
# usual workflow:
|
|
# dfsbuild - create the image directory with dfsbuild
|
|
# config - apply cryptobox specific changes to the image directory
|
|
# harden - remove unnecessary packages and disable developer features
|
|
# iso - create the iso image
|
|
# burn - burns the image on a cd-rw
|
|
#
|
|
# final action:
|
|
# release - the same as "dfsbuild config harden iso"
|
|
#
|
|
#
|
|
# problems of this script:
|
|
# - has to run as root
|
|
# - 'harden' is strangely integrated
|
|
#
|
|
# you may run this script with multiple arguments, e.g.:
|
|
# cb-build.sh dfsbuild config iso
|
|
#
|
|
# the action "release" does what it says :)
|
|
# (all developer's features like sshd, writable templates and
|
|
# the test-suite are deactivated, some packages get removed)
|
|
#
|
|
|
|
set -ue
|
|
|
|
# get the path of a configuration file - local configuration files
|
|
# supersede default files
|
|
# parameter: base name of the configuration file
|
|
function get_config_file()
|
|
{
|
|
[ -e "$LOCALCONF_DIR/$1" ] && echo "$LOCALCONF_DIR/$1" && return 0
|
|
[ -e "$DEFAULTCONF_DIR/$1" ] && echo "$DEFAULTCONF_DIR/$1" && return 0
|
|
echo "configuration file ($1) not found!" >&2
|
|
exit 1
|
|
}
|
|
|
|
|
|
# the base directory of your local development files
|
|
ROOT_DIR=$(dirname "$0")
|
|
|
|
# the template (default) configuration directory
|
|
DEFAULTCONF_DIR="$ROOT_DIR/etc-defaults.d"
|
|
|
|
# your local configuration directory (existing files supersede the defaults)
|
|
LOCALCONF_DIR="$ROOT_DIR/etc-local.d"
|
|
|
|
# local configuration directory - contains scripts to be executed after
|
|
# 'configure'
|
|
CUSTOM_CONFIGURE_DIR="$ROOT_DIR/configure-local.d"
|
|
|
|
# template directory for cryptobox specific configuration
|
|
TEMPLATE_DIR="cbox-tree.d"
|
|
|
|
# dfsbuild config
|
|
DFS_CONFIG=$(get_config_file dfs-cbox.conf)
|
|
|
|
# the chroot-wrapper within the cryptobox
|
|
CHROOT_START="/usr/lib/cryptobox/chroot-start.sh"
|
|
|
|
|
|
############# include local configuration ##############
|
|
|
|
if [ -e "$(get_config_file cbox-dev.conf)" ]
|
|
then source "$(get_config_file cbox-dev.conf)"
|
|
else echo "local cbox-dev.conf ($(get_config_file cbox-dev.conf)) does not exist!" >&2
|
|
exit 1
|
|
fi
|
|
|
|
# image directory created by dfsbuild
|
|
# the BUILD_DIR is defined in the local cbox-dev.conf
|
|
IMAGE_DIR="$BUILD_DIR/image"
|
|
|
|
|
|
####################### functions ######################
|
|
|
|
function run_dfsbuild()
|
|
{
|
|
[ ! -e "$BUILD_DIR" ] && mkdir -p "$BUILD_DIR" && echo "das BuildDir ($BUILD_DIR) wurde angelegt ..."
|
|
dfsbuild -c "$DFS_CONFIG" -w "$BUILD_DIR"
|
|
|
|
# remove iso image of dfsbuild - it is not necessary
|
|
[ -e "$BUILD_DIR/image.iso" ] && rm "$BUILD_DIR/image.iso"
|
|
}
|
|
|
|
|
|
function create_iso()
|
|
{
|
|
echo "Creating the iso ..."
|
|
mkisofs $MKISOFS_OPTIONS -o "$IMAGE_FILE" "$IMAGE_DIR"
|
|
}
|
|
|
|
|
|
function configure_cb()
|
|
{
|
|
if [ ! -e "$IMAGE_DIR" ]; then
|
|
echo -e "Directory \"$IMAGE_DIR\" not found!"
|
|
echo -e "Did you run \"$0 dfsbuild\"?"
|
|
exit
|
|
fi
|
|
|
|
echo "Copying files to the box ..."
|
|
[ -e "$TMP_DIR" ] && rm -rf "$TMP_DIR"
|
|
cp -dr "$TEMPLATE_DIR/." "$TMP_DIR"
|
|
rm -rf `find "$TMP_DIR" -type d -name ".svn"`
|
|
cp -dr "$TMP_DIR/." "$IMAGE_DIR"
|
|
rm -rf "$TMP_DIR"
|
|
|
|
echo "Configuring the cryptobox ..."
|
|
# "harden" removes /etc/issue ...
|
|
if [ -e "$IMAGE_DIR/etc/issue" ]
|
|
then sed -i "s/^Version:.*/Revision: $(fetch_revision)/" "$IMAGE_DIR/etc/issue"
|
|
else echo "Version:.*/Revision: $(fetch_revision)" >"$IMAGE_DIR/etc/issue"
|
|
fi
|
|
fetch_revision >"$IMAGE_DIR/etc/cryptobox/revision"
|
|
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh normal
|
|
|
|
# source local configure scripts
|
|
[ -d "$CUSTOM_CONFIGURE_DIR" ] && \
|
|
find "$CUSTOM_CONFIGURE_DIR" -xtype f | sort | while read file
|
|
do echo "Sourcing custom configure script $(basename $file):"
|
|
# execute it in its own environment (to be safe)
|
|
# 'source' implicitly imports all current settings
|
|
# indent these lines to improve the output
|
|
( source "$file" ) 2>&1 | sed 's/^/\t/'
|
|
done
|
|
}
|
|
|
|
|
|
function fetch_revision()
|
|
{
|
|
svn -R info 2>&1 | grep ^Revision| cut -f2 -d " " | sort | tail -1 \
|
|
|| echo "unknown release"
|
|
}
|
|
|
|
|
|
function blanknburn_cdrw()
|
|
{
|
|
cdrecord -v dev=$CDWRITER blank=fast
|
|
cdrecord -v dev=$CDWRITER $IMAGE_FILE
|
|
}
|
|
################ do it! ######################
|
|
|
|
[ $# -eq 0 ] && echo "[`basename $0`] - no arguments supplied - maybe you want to use '--help'"
|
|
|
|
# initialize local directories (easier for users)
|
|
for a in $LOCALCONF_DIR $CUSTOM_CONFIGURE_DIR
|
|
do [ ! -e "$a" ] && mkdir "$a" && chown --reference=. "$a"
|
|
done
|
|
|
|
# check for uid=0 (necessary for all operations)
|
|
[ "$(id -u)" -ne 0 ] && echo "this script ($0) has to be called as root" >&2 && exit 1
|
|
|
|
while [ $# -gt 0 ]
|
|
do case "$1" in
|
|
dfsbuild )
|
|
run_dfsbuild
|
|
;;
|
|
config )
|
|
configure_cb normal
|
|
;;
|
|
iso )
|
|
create_iso
|
|
;;
|
|
harden )
|
|
chroot "$IMAGE_DIR" "$CHROOT_START" /usr/lib/cryptobox/configure-cryptobox.sh secure
|
|
;;
|
|
burn )
|
|
blanknburn_cdrw
|
|
;;
|
|
release )
|
|
$0 dfsbuild config harden iso
|
|
;;
|
|
help|--help )
|
|
echo "Syntax: `basename $0` ( release | dfsbuild | config | harden | iso | burn | help )"
|
|
echo " (you may specify more than one action)"
|
|
echo
|
|
;;
|
|
* )
|
|
echo -e "unknown action: $1"
|
|
echo
|
|
$0 help
|
|
exit 1
|
|
;;
|
|
esac
|
|
shift
|
|
done
|