From 5d115ef935b6ecc2df4d5ac9aa86cc055990ad69 Mon Sep 17 00:00:00 2001 From: ficus Date: Sun, 23 Sep 2012 20:03:04 +0200 Subject: add missing files --- .gitignore | 8 +- freedom-maker/bin/install.sh | 18 ++--- freedom-maker/bin/packages-chroot | 4 +- freedom-maker/buildrootfs.sh | 4 +- packages/torouter-prep/configs/etc/ssh/sshd_config | 87 ++++++++++++++++++++++ .../configs/etc/ssh/sshd_config/sshd_config | 87 ---------------------- packages/torouter-prep/src/torouter_preboot.sh | 80 ++++++++++++++++++++ 7 files changed, 188 insertions(+), 100 deletions(-) create mode 100644 packages/torouter-prep/configs/etc/ssh/sshd_config delete mode 100644 packages/torouter-prep/configs/etc/ssh/sshd_config/sshd_config create mode 100755 packages/torouter-prep/src/torouter_preboot.sh diff --git a/.gitignore b/.gitignore index 04c6618..75c28a6 100644 --- a/.gitignore +++ b/.gitignore @@ -7,4 +7,10 @@ *.tmp *.old packages/packages-for-upload/* - +*.debhelper +*.debhelper.log +*.substvars +packages/torouter-prep/debian/torouter-prep/ +packages/torouter-web/build/ +packages/torouter-web/debian/files +packages/torouter-web/debian/torouter-tui/ diff --git a/freedom-maker/bin/install.sh b/freedom-maker/bin/install.sh index 615f6a4..2c3385d 100755 --- a/freedom-maker/bin/install.sh +++ b/freedom-maker/bin/install.sh @@ -14,7 +14,7 @@ export FK_MACHINE="Globalscale Technologies Dreamplug" # configure all packages unpacked earlier by multistrap dpkg --configure -a -echo "Adding source packages to filesystem" +echo "[NOT] Adding source packages to filesystem" dpkg --get-selections > /tmp/selections mkdir -p /sourcecode cd sourcecode @@ -50,24 +50,24 @@ echo "Running torouter_preboot.sh..." echo "Mangling kernel..." mkdir /tmp/initrd-repack (cd /tmp/initrd-repack ; \ - zcat /boot/initrd.img-3.2.0-3-kirkwood | cpio -i ; \ + zcat /boot/initrd.img-$kernelversion | cpio -i ; \ rm -f conf/param.conf ; \ find . | cpio --quiet -o -H newc | \ - gzip -9 > /boot/initrd.img-3.2.0-3-kirkwood ) + gzip -9 > /boot/initrd.img-$kernelversion) rm -rf /tmp/initrd-repack (cd /boot ; \ - cp /usr/lib/linux-image-3.2.0-3-kirkwood/kirkwood-dreamplug.dtb dtb ; \ - cat vmlinuz-3.2.0-3-kirkwood dtb >> temp-kernel ; \ - mkimage -A arm -O linux -T kernel -n 'Debian kernel 3.2.0-3-kirkwood' \ + cp /usr/lib/linux-image-$kernelversion/kirkwood-dreamplug.dtb dtb ; \ + cat vmlinuz-$kernelversion dtb >> temp-kernel ; \ + mkimage -A arm -O linux -T kernel -n 'Debian kernel $kernelversion' \ -C none -a 0x8000 -e 0x8000 -d temp-kernel uImage ; \ rm -f temp-kernel ; \ mkimage -A arm -O linux -T ramdisk -C gzip -a 0x0 -e 0x0 \ - -n 'Debian ramdisk 3.2.0-3-kirkwood' \ - -d initrd.img-3.2.0-3-kirkwood uInitrd ) + -n 'Debian ramdisk $kernelversion' \ + -d initrd.img-$kernelversion uInitrd ) # Establish an initial root password -echo "Set root password to "$rootpassword +echo "Set root password to $rootpassword" echo root:$rootpassword | /usr/sbin/chpasswd # Create a default user diff --git a/freedom-maker/bin/packages-chroot b/freedom-maker/bin/packages-chroot index f2f0e4c..29a7ae4 100755 --- a/freedom-maker/bin/packages-chroot +++ b/freedom-maker/bin/packages-chroot @@ -1,8 +1,8 @@ -#! /bin/sh +#!/bin/sh # try to install locally-sourced torouter .deb files dpkg -i /tmp/dpkg/*.deb # try to install libertas_uap hack -cd /tmp/uap_hack/dreamplug_libertas_$(uname -r) && ./install.sh +cd /tmp/uap_hack/dreamplug_libertas_$kernelversion && ./install.sh diff --git a/freedom-maker/buildrootfs.sh b/freedom-maker/buildrootfs.sh index 10ba598..b3dc568 100755 --- a/freedom-maker/buildrootfs.sh +++ b/freedom-maker/buildrootfs.sh @@ -35,11 +35,13 @@ # We don't tolerate errors. set -e -architecture=armel +architecture='armel' +kernelversion='3.2.0-3-kirkwood' if [ -n "$1" ] then architecture=$1 fi +export kernelversion config=multistrap-configs/torouter-$architecture.conf if [ -n "$2" ] diff --git a/packages/torouter-prep/configs/etc/ssh/sshd_config b/packages/torouter-prep/configs/etc/ssh/sshd_config new file mode 100644 index 0000000..d079ac0 --- /dev/null +++ b/packages/torouter-prep/configs/etc/ssh/sshd_config @@ -0,0 +1,87 @@ +# Package generated configuration file +# See the sshd_config(5) manpage for details + +# What ports, IPs and protocols we listen for +Port 22 +# Use these options to restrict which interfaces/protocols sshd will bind to +#ListenAddress :: +#ListenAddress 0.0.0.0 +Protocol 2 +# HostKeys for protocol version 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +#Privilege Separation is turned on for security +UsePrivilegeSeparation yes + +# Lifetime and size of ephemeral version 1 server key +KeyRegenerationInterval 3600 +ServerKeyBits 768 + +# Logging +SyslogFacility AUTH +LogLevel INFO + +# Authentication: +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes + +RSAAuthentication yes +PubkeyAuthentication yes +#AuthorizedKeysFile %h/.ssh/authorized_keys + +# Don't read the user's ~/.rhosts and ~/.shosts files +IgnoreRhosts yes +# For this to work you will also need host keys in /etc/ssh_known_hosts +RhostsRSAAuthentication no +# similar for protocol version 2 +HostbasedAuthentication no +# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication +#IgnoreUserKnownHosts yes + +# To enable empty passwords, change to yes (NOT RECOMMENDED) +PermitEmptyPasswords no + +# Change to yes to enable challenge-response passwords (beware issues with +# some PAM modules and threads) +ChallengeResponseAuthentication no + +# Change to no to disable tunnelled clear text passwords +#PasswordAuthentication yes + +# Kerberos options +#KerberosAuthentication no +#KerberosGetAFSToken no +#KerberosOrLocalPasswd yes +#KerberosTicketCleanup yes + +# GSSAPI options +#GSSAPIAuthentication no +#GSSAPICleanupCredentials yes + +X11Forwarding yes +X11DisplayOffset 10 +PrintMotd no +PrintLastLog yes +TCPKeepAlive yes +#UseLogin no + +#MaxStartups 10:30:60 +#Banner /etc/issue.net + +# Allow client to pass locale environment variables +AcceptEnv LANG LC_* + +Subsystem sftp /usr/lib/openssh/sftp-server + +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will +# be allowed through the ChallengeResponseAuthentication and +# PasswordAuthentication. Depending on your PAM configuration, +# PAM authentication via ChallengeResponseAuthentication may bypass +# the setting of "PermitRootLogin without-password". +# If you just want the PAM account and session checks to run without +# PAM authentication, then enable this but set PasswordAuthentication +# and ChallengeResponseAuthentication to 'no'. +UsePAM yes +AddressFamily inet diff --git a/packages/torouter-prep/configs/etc/ssh/sshd_config/sshd_config b/packages/torouter-prep/configs/etc/ssh/sshd_config/sshd_config deleted file mode 100644 index d079ac0..0000000 --- a/packages/torouter-prep/configs/etc/ssh/sshd_config/sshd_config +++ /dev/null @@ -1,87 +0,0 @@ -# Package generated configuration file -# See the sshd_config(5) manpage for details - -# What ports, IPs and protocols we listen for -Port 22 -# Use these options to restrict which interfaces/protocols sshd will bind to -#ListenAddress :: -#ListenAddress 0.0.0.0 -Protocol 2 -# HostKeys for protocol version 2 -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -#Privilege Separation is turned on for security -UsePrivilegeSeparation yes - -# Lifetime and size of ephemeral version 1 server key -KeyRegenerationInterval 3600 -ServerKeyBits 768 - -# Logging -SyslogFacility AUTH -LogLevel INFO - -# Authentication: -LoginGraceTime 120 -PermitRootLogin yes -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes -#AuthorizedKeysFile %h/.ssh/authorized_keys - -# Don't read the user's ~/.rhosts and ~/.shosts files -IgnoreRhosts yes -# For this to work you will also need host keys in /etc/ssh_known_hosts -RhostsRSAAuthentication no -# similar for protocol version 2 -HostbasedAuthentication no -# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication -#IgnoreUserKnownHosts yes - -# To enable empty passwords, change to yes (NOT RECOMMENDED) -PermitEmptyPasswords no - -# Change to yes to enable challenge-response passwords (beware issues with -# some PAM modules and threads) -ChallengeResponseAuthentication no - -# Change to no to disable tunnelled clear text passwords -#PasswordAuthentication yes - -# Kerberos options -#KerberosAuthentication no -#KerberosGetAFSToken no -#KerberosOrLocalPasswd yes -#KerberosTicketCleanup yes - -# GSSAPI options -#GSSAPIAuthentication no -#GSSAPICleanupCredentials yes - -X11Forwarding yes -X11DisplayOffset 10 -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -#UseLogin no - -#MaxStartups 10:30:60 -#Banner /etc/issue.net - -# Allow client to pass locale environment variables -AcceptEnv LANG LC_* - -Subsystem sftp /usr/lib/openssh/sftp-server - -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will -# be allowed through the ChallengeResponseAuthentication and -# PasswordAuthentication. Depending on your PAM configuration, -# PAM authentication via ChallengeResponseAuthentication may bypass -# the setting of "PermitRootLogin without-password". -# If you just want the PAM account and session checks to run without -# PAM authentication, then enable this but set PasswordAuthentication -# and ChallengeResponseAuthentication to 'no'. -UsePAM yes -AddressFamily inet diff --git a/packages/torouter-prep/src/torouter_preboot.sh b/packages/torouter-prep/src/torouter_preboot.sh new file mode 100755 index 0000000..7ebcc63 --- /dev/null +++ b/packages/torouter-prep/src/torouter_preboot.sh @@ -0,0 +1,80 @@ +#!/usr/bin/env dash + +echo "Inside torouter_preboot.sh..." + +export VERSION="0.2" + +export config_dir="/usr/share/torouter-prep/example-configs/" + +# Add a user to administrate the Torouter later +export ADMINUSER="torouter" +export ADMINGROUP="torouter" +export TORADMINGROUP="debian-tor" + +# TODO: check that dependancies are already installed, or fail +# tor, torouterui, ttdnsd, etc +apt-get --simulate install apt-utils tor torouterui ttdnsd + +# Set us to have a default host name and hosts file +cp $config_dir/etc/hostname /etc/hostname +cp $config_dir/etc/hosts /etc/hosts + +# We need to prep apt to understand that we want packages from other repos +cp $config_dir/etc/apt/sources.list /etc/apt/sources.list + +# We're creating this file to ensure we get updates +cp $config_dir/etc/apt/preferences.d/backports /etc/apt/preferences.d/backports +#cp $config_dir/etc/apt/apt.conf /etc/apt/apt.conf + +# Reconfigure /etc/inittab here +cp $config_dir/etc/inittab /etc/inittab + +# Reconfigure fstab +cp $config_dir/etc/fstab /etc/fstab + +# Configure the network +# eth0 is our "internet" interface with a dhcp client +cp $config_dir/etc/network/interfaces /etc/network/interfaces + +# Configure dnsmasq +cp $config_dir/etc/dnsmasq.conf /etc/dnsmasq.conf + +# Configure ntp +cp $config_dir/etc/ntp.conf /etc/ntp.conf +cp $config_dir/etc/default/openntpd /etc/default/openntpd + +# Configure ssh +cp $config_dir/etc/ssh/sshd_config /etc/ssh/sshd_config + +# XXX We should configure ufw here +# XXX We should configure denyhosts + +cp $config_dir/etc/tor/torrc /etc/tor/torrc +cp $config_dir/etc/default/ttdnsd /etc/default/ttdnsd + +# Remove a bunch of stuff +apt-get -f -y remove --purge polipo minissdpd +apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus + +# Clean up apt +#apt-get -y autoremove +apt-get install -f +apt-get -y clean + +## Disable ipv6 support for now +cp $config_dir/etc/modprobe.d/blacklist.conf /etc/modprobe.d/blacklist.conf + +## add users and groups (ignore failures if groups already exist) +addgroup $ADMINGROUP +useradd -g $ADMINGROUP -G $TORADMINGROUP -s /bin/bash $ADMINUSER +# TODO: $ADMINUSER passwd? + +# Configure arm +zcat $config_dir/armrc.sample.gz > /home/$ADMINUSER/.armrc + +## Add arm startup trick with cron for shared screen run as $ADMINUSER +crontab -u $ADMINUSER $config_dir/tor-arm-crontab + +## Touch a stamp to show that we're now a Torouter +echo "torouter $VERSION" > /etc/torouter + -- cgit v1.2.3