update torouter_config.sh to copy files

11 files changed, 242 insertions, 104 deletions

diff --git a/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key b/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key
new file mode 100644
index 0000000..5b6a4d3
--- /dev/null
+++ b/packages/torouter-prep/configs/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key
diff --git a/packages/torouter-prep/configs/apt-preferences.d-backports b/packages/torouter-prep/configs/apt-preferences.d-backports
new file mode 100644
index 0000000..8e9275b
--- /dev/null
+++ b/packages/torouter-prep/configs/apt-preferences.d-backports
@@ -0,0 +1,3 @@
+Package: *
+Pin: release a=squeeze-backports
+Pin-Priority: 200
diff --git a/packages/torouter-prep/configs/armrc.sample.gz b/packages/torouter-prep/configs/armrc.sample.gz
new file mode 100644
index 0000000..c86b6f1
--- /dev/null
+++ b/packages/torouter-prep/configs/armrc.sample.gz
diff --git a/packages/torouter-prep/configs/dnsmasq.conf b/packages/torouter-prep/configs/dnsmasq.conf
index 8845e80..2711486 100644
--- a/packages/torouter-prep/configs/dnsmasq.conf
+++ b/packages/torouter-prep/configs/dnsmasq.conf
@@ -83,9 +83,10 @@ no-poll
 # interface (eg eth0) here.
 # Repeat the line for more than one interface.
 interface=eth1
-#interface=uap0
+interface=uap0
 # Or you can specify which interface _not_ to listen on
 except-interface=eth0
+except-interface=lo
 # Or which to listen on by address (remember to include 127.0.0.1 if
 # you use this.)
 #listen-address=
diff --git a/packages/torouter-prep/configs/inittab b/packages/torouter-prep/configs/inittab
new file mode 100644
index 0000000..98dca83
--- /dev/null
+++ b/packages/torouter-prep/configs/inittab
@@ -0,0 +1,70 @@
+# /etc/inittab: init(8) configuration.
+# $Id: inittab,v 1.91 2002/01/25 13:35:21 miquels Exp $
+
+# The default runlevel.
+id:2:initdefault:
+
+# Boot-time system configuration/initialization script.
+# This is run first except when booting in emergency (-b) mode.
+si::sysinit:/etc/init.d/rcS
+
+# What to do in single-user mode.
+~~:S:wait:/sbin/sulogin
+
+# /etc/init.d executes the S and K scripts upon change
+# of runlevel.
+#
+# Runlevel 0 is halt.
+# Runlevel 1 is single-user.
+# Runlevels 2-5 are multi-user.
+# Runlevel 6 is reboot.
+
+l0:0:wait:/etc/init.d/rc 0
+l1:1:wait:/etc/init.d/rc 1
+l2:2:wait:/etc/init.d/rc 2
+l3:3:wait:/etc/init.d/rc 3
+l4:4:wait:/etc/init.d/rc 4
+l5:5:wait:/etc/init.d/rc 5
+l6:6:wait:/etc/init.d/rc 6
+# Normally not reached, but fallthrough in case of emergency.
+z6:6:respawn:/sbin/sulogin
+
+# What to do when CTRL-ALT-DEL is pressed.
+ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
+
+# Action on special keypress (ALT-UpArrow).
+#kb::kbrequest:/bin/echo "Keyboard Request--edit /etc/inittab to let this work."
+
+# What to do when the power fails/returns.
+pf::powerwait:/etc/init.d/powerfail start
+pn::powerfailnow:/etc/init.d/powerfail now
+po::powerokwait:/etc/init.d/powerfail stop
+
+# /sbin/getty invocations for the runlevels.
+#
+# The "id" field MUST be the same as the last
+# characters of the device (after "tty").
+#
+# Format:
+#  <id>:<runlevels>:<action>:<process>
+#
+# Note that on most Debian systems tty7 is used by the X Window System,
+# so if you want to add more getty's go ahead but skip tty7 if you run X.
+#
+1:2345:respawn:/sbin/getty 38400 tty1
+#2:23:respawn:/sbin/getty 38400 tty2
+#3:23:respawn:/sbin/getty 38400 tty3
+#4:23:respawn:/sbin/getty 38400 tty4
+#5:23:respawn:/sbin/getty 38400 tty5
+#6:23:respawn:/sbin/getty 38400 tty6
+
+# Example how to put a getty on a serial line (for a terminal)
+#
+#T0:23:respawn:/sbin/getty -L ttyS0 9600 vt100
+#T1:23:respawn:/sbin/getty -L ttyS1 9600 vt100
+
+# Example how to put a getty on a modem line.
+#
+#T3:23:respawn:/sbin/mgetty -x0 -s 57600 ttyS3
+
+T0:2345:respawn:/sbin/getty -L ttyS0 115200 linux
diff --git a/packages/torouter-prep/configs/interfaces b/packages/torouter-prep/configs/interfaces
index d1a5fa6..903bdb4 100644
--- a/packages/torouter-prep/configs/interfaces
+++ b/packages/torouter-prep/configs/interfaces
@@ -30,9 +30,9 @@ iface uap0 inet static
 	broadcast 172.16.23.255
         pre-up ifconfig uap0 hw ether 00:66:66:66:66:66
         post-up /etc/init.d/tor reload
-        #post-up /etc/init.d/udhcpd restart
         post-up /etc/init.d/dnsmasq restart
-        post-up /root/tor-wireless-firewall.sh
-	post-up /root/uaputl/uaputl sys_cfg_ssid "torproject" 
-	post-up /root/uaputl/uaputl bss_start 
-        pre-down /root/uaputl/uaputl bss_stop
+        post-up /etc/init.d/ttdnsd restart
+	post-up /usr/bin/uaputl sys_cfg_ssid "torproject" 
+	post-up /usr/bin/uaputl bss_start 
+        post-up /usr/share/torouter-prep/example-configs/tor-wireless-firewall.sh
+        pre-down /usr/bin/uaputl bss_stop
diff --git a/packages/torouter-prep/configs/modprobe.d-blacklist.conf b/packages/torouter-prep/configs/modprobe.d-blacklist.conf
new file mode 100644
index 0000000..87c6fbe
--- /dev/null
+++ b/packages/torouter-prep/configs/modprobe.d-blacklist.conf
@@ -0,0 +1,26 @@
+# This file lists modules which will not be loaded as the result of
+# alias expansion, with the purpose of preventing the hotplug subsystem
+# to load them. It does not affect autoloading of modules by the kernel.
+# This file is provided by the udev package.
+
+# evbug is a debug tool and should be loaded explicitly
+blacklist evbug
+
+# these drivers are very simple, the HID drivers are usually preferred
+blacklist usbmouse
+blacklist usbkbd
+
+# replaced by e100
+blacklist eepro100
+
+# replaced by tulip
+blacklist de4x5
+
+# replaced by tmscsim
+blacklist am53c974
+
+# these watchdog drivers break some systems
+blacklist iTCO_wdt
+
+
+blacklist ipv6
diff --git a/packages/torouter-prep/configs/ntp.conf b/packages/torouter-prep/configs/ntp.conf
new file mode 100644
index 0000000..cb7d021
--- /dev/null
+++ b/packages/torouter-prep/configs/ntp.conf
@@ -0,0 +1,55 @@
+# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
+driftfile /var/lib/ntp/ntp.drift
+
+
+# Enable this if you want statistics to be logged.
+#statsdir /var/log/ntpstats/
+
+statistics loopstats peerstats clockstats
+filegen loopstats file loopstats type day enable
+filegen peerstats file peerstats type day enable
+filegen clockstats file clockstats type day enable
+
+
+# You do need to talk to an NTP server or two (or three).
+#server ntp.your-provider.example
+
+# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+# pick a different set every time it starts up.  Please consider joining the
+# pool: <http://www.pool.ntp.org/join.html>
+server 0.debian.pool.ntp.org iburst
+server 1.debian.pool.ntp.org iburst
+server 2.debian.pool.ntp.org iburst
+server 3.debian.pool.ntp.org iburst
+
+
+# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+# might also be helpful.
+#
+# Note that "restrict" applies to both servers and clients, so a configuration
+# that might be intended to block requests from certain clients could also end
+# up blocking replies from your own upstream servers.
+
+# By default, exchange time with everybody, but don't allow configuration.
+restrict -4 default kod notrap nomodify nopeer noquery
+restrict -6 default kod notrap nomodify nopeer noquery
+
+# Local users may interrogate the ntp server more closely.
+restrict 127.0.0.1
+restrict ::1
+
+# Clients from this (example!) subnet have unlimited access, but only if
+# cryptographically authenticated.
+#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
+
+# If you want to provide time to your local subnet, change the next line.
+# (Again, the address is an example only.)
+#broadcast 192.168.123.255
+
+# If you want to listen to time broadcasts on your local subnet, de-comment the
+# next lines.  Please do this only if you trust everybody on the network!
+#disable auth
+#broadcastclient
diff --git a/packages/torouter-prep/configs/torrc b/packages/torouter-prep/configs/torrc
index b4c5de3..7a12e73 100644
--- a/packages/torouter-prep/configs/torrc
+++ b/packages/torouter-prep/configs/torrc
@@ -35,7 +35,7 @@ SocksListenAddress 127.0.0.1 # accept connections only from localhost
 ## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
 Log notice file /var/log/tor/notices.log
 ## Send every possible message to /var/log/tor/debug.log
-Log debug file /var/log/tor/debug.log
+#Log debug file /var/log/tor/debug.log
 ## Use the system log instead of Tor's logfiles
 #Log notice syslog
 ## To send all messages to stderr:
@@ -67,8 +67,9 @@ DataDirectory /var/lib/tor
 ## HiddenServicePort x y:z says to redirect requests on port x to the
 ## address y:z.
 
-HiddenServiceDir /var/lib/tor/hidden_service/
-HiddenServicePort 22 127.0.0.1:22
+# Uncomment this to allow ssh access to the Torouter over your own Hidden Service
+#HiddenServiceDir /var/lib/tor/hidden_service/
+#HiddenServicePort 22 127.0.0.1:22
 
 #HiddenServiceDir /var/lib/tor/other_hidden_service/
 #HiddenServicePort 80 127.0.0.1:80
@@ -78,16 +79,15 @@ HiddenServicePort 22 127.0.0.1:22
 #
 ## See https://www.torproject.org/docs/tor-doc-relay for details.
 
-## Required: what port to advertise for incoming Tor connections.
-ORPort 9001 
+### Required: what port to advertise for incoming Tor connections.
+ORPort 9001
 ## If you want to listen on a port other than the one advertised
 ## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
 ## line below too. You'll need to do ipchains or other port forwarding
 ## yourself to make this work.
 #ORListenAddress 0.0.0.0:9090
-
-## A handle for your relay, so people don't have to refer to it by key.
-#Nickname ididnteditheconfig
+#ORListenAddress 0.0.0.0:9090
+Nickname Torouter
 
 ## The IP address or full DNS name for your relay. Leave commented out
 ## and Tor will guess.
@@ -150,9 +150,10 @@ ORPort 9001
 ## ISP is filtering connections to all the known Tor relays, they probably
 ## won't be able to block all the bridges. Also, websites won't treat you
 ## differently because they won't know you're running Tor. If you can
-## be a real relay, please do; but if not, be a bridge!
-#BridgeRelay 1
+# be a real relay, please do; but if not, be a bridge!
 ExitPolicy reject *:*
+ExitPolicy accept *:*
+
 
 AvoidDiskWrites 1
 
@@ -160,14 +161,16 @@ AvoidDiskWrites 1
 VirtualAddrNetwork 10.192.0.0/10
 AutomapHostsOnResolve 1
 TransPort 9040
-TransListenAddress 172.16.23.1 
+TransListenAddress 172.16.23.1
 DNSPort 5353
-DNSListenAddress 172.16.23.1 
+DNSListenAddress 172.16.23.1
+DNSListenAddress 127.0.0.1:53
 
 User debian-tor
 
-PortForwarding 1
-PortForwardingHelper /usr/local/bin/tor-fw-helper
+# By default we do not have PortForwarding support
+# PortForwarding 1
+# PortForwardingHelper /usr/local/bin/tor-fw-helper
 
 PIDFile /var/run/tor/tor.pid
 
diff --git a/packages/torouter-prep/configs/ttdnsd-default b/packages/torouter-prep/configs/ttdnsd-default
new file mode 100755
index 0000000..0a22bc4
--- /dev/null
+++ b/packages/torouter-prep/configs/ttdnsd-default
@@ -0,0 +1,17 @@
+# /etc/default/ttdnsd
+
+# Address to bind to - usually this should be 127.0.0.1
+# unless a copy of ttdnsd runs on 127.0.0.n
+ADDR_ARG="-b 172.16.23.1"
+
+# Port to listen on - almost always this should be port 53
+# unless an additional local DNS cache (like unbound, dnscache, pdnsd)
+# listen on port 53 as system resolver and is used in front of ttdnsd
+# for caching purposes.
+PORT_ARG="-p 5354"
+
+# Debug logging
+# DEBUG_LOGGING="-l"
+
+# Glue all of it together below
+DEFAULTS="$ADDR_ARG $PORT_ARG"
diff --git a/packages/torouter-prep/src/torouter_config.sh b/packages/torouter-prep/src/torouter_config.sh
index 7c79862..aec9b48 100644
--- a/packages/torouter-prep/src/torouter_config.sh
+++ b/packages/torouter-prep/src/torouter_config.sh
@@ -1,60 +1,47 @@
 #!/bin/bash -x
 
+export VERSION="0.1"
+
 echo "This program will reconfigure your Debian system into a Torouter"
 exit 0
 echo "This is where we'd take over the entire Torouter system"
 
 # For every file we touch, move it to the temp_dir and then tar it up in the end
-temp_dir="`mktemp -d`"
-config_dir="/usr/share/doc/torouter-prep/example-configs/"
+export temp_dir="`mktemp -d`"
+export config_dir="/usr/share/doc/torouter-prep/example-configs/"
 
-# Add a user
-ADMINUSER="toradmin"
-ADMINGROUP="toradmin"
+# Add a user to administrate the Torouter later
+export ADMINUSER="torouter"
+export ADMINGROUP="torouter"
 
-# Install the Tor repo key
-gpg --keyserver keys.gnupg.net --recv 886DDD89
-gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
+addgroup $ADMINGROUP
+useradd -g $ADMINGROUP -s /bin/bash $ADMINUSER
 
-cp /etc/hosts $temp_dir/
-# Stomp on the hosts file
-cat << EOF > /etc/hosts
-127.0.0.1 localhost
-EOF
+# Install the Tor repo key
+# gpg --keyserver keys.gnupg.net --recv 886DDD89
+# gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
+apt-get add $config_dir/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.apt-key
 
-cp /etc/hostname $temp_dir/
-# Set us to have a default host name
-cp /usr/share/doc/
+# Set us to have a default host name and hosts file
+cp $config_dir/hostname /etc/hostname
+cp $config_dir/hosts /etc/hosts
 
 # We need to prep apt to understand that we want packages from other repos
-# We append to the current package list
-cat << EOF >> /etc/apt/sources.list
-# Tor's debian package repo:
-deb http://deb.torproject.org/torproject.org squeeze main
-deb http://deb.torproject.org/torproject.org experimental-squeeze main
-
-# Add Debian backports for OpenNTPD, libminiupnpc-dev, libminiupnpc5
-# http://packages.debian.org/squeeze-backports/libminiupnpc-dev
-deb http://backports.debian.org/debian-backports squeeze-backports main contrib non-free
-
-# Add Debian experimental for libnatpmp0
-# http://packages.debian.org/experimental/libnatpmp0
-deb http://ftp.debian.org/debian experimental main
-deb-src http://ftp.debian.org/debian experimental main
-
-EOF
+cp $config_dir/sources.list /etc/apt/sources.list
 
 # We're creating this file to ensure we get updates
-cat << 'EOF' > /etc/apt/preferences.d/backports
-Package: *
-Pin: release a=squeeze-backports
-Pin-Priority: 200
-EOF
+cp $config_dir/apt-preferences.d-backports /etc/apt/preferences.d/backports
 
 apt-get -y update
 
+# Remove a bunch of stuff:
+apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus
+
+# Install the weird wireless control for the DreamPlug
+apt-get install -y -t sid uaputl
+
 # Install some other packages here:
-apt-get -y install denyhosts ufw 
+apt-get -y install denyhosts ufw
 
 # Allow us to set the clock:
 apt-get -y -t squeeze-backports install openntpd
@@ -63,6 +50,7 @@ apt-get -y -t squeeze-backports install openntpd
 apt-get -y install tor tor-geoipdb
 
 # To build with natpmp support
+apt-get -y -t experimental install libnatpmp-dev
 apt-get -y -t experimental install libnatpmp0
 
 # To build with miniupnpc support
@@ -76,6 +64,9 @@ apt-get -y -t squeeze-backports install libminiupnpc5
 # Install a Tor controller:
 apt-get -y install tor-arm
 
+# Install the ttdnsd program:
+apt-get -y install ttdnsd
+
 # Install a normal dns cache for eth1
 apt-get -y install dnsmasq
 
@@ -84,65 +75,36 @@ apt-get -y install dnsmasq
 ##
 
 # Configure arm
-zcat /usr/share/doc/tor-arm/armrc.sample.gz > ~$(ADMINUSER)/.armrc
-# XXX This is where we will call torrc-takeover.py when it is packaged
+zcat $config_dir/armrc.sample.gz > ~$(ADMINUSER)/.armrc
 
-# XXX We should reconfigure /etc/inittab here
+# Reconfigure /etc/inittab here
+cp $config_dir/inittab /etc/inittab
 
 # Configure the network
 # eth0 is our "internet" interface with a dhcp client
-cat << 'EOF' >  /etc/network/interfaces
-# The primary network interface
-allow-hotplug eth0
-iface eth0 inet dhcp
+cp $config_dir/interfaces /etc/network/interfaces
 
-#
-# XXX Configure eth1 and ap0 here
-#
+# Configure dnsmasq
+cp $config_dir/dnsmasq.conf /etc/dnsmasq.conf
 
-EOF
+# Configure ntp
+cp $config_dir/ntp.conf /etc/ntp.conf
 
 # XXX We should configure ufw here
-# ufw allow 
 # XXX We should configure denyhosts
-# XXX We should configure dnsmasq
-# XXX We should configure the DHCP server here
-
-cp /etc/tor/torrc $temp_dir/
-# configure Tor and stomp on the current Tor config
-cat << 'EOF' > /etc/tor/torrc
-# Run Tor as a bridge/relay only, not as a client
-SocksPort 0
-
-# What port to advertise for incoming Tor connections
-ORPort 443
 
-# We're on a flash file system
-AvoidDiskWrites 1
+cp $config_dir/torrc /etc/tor/torrc
+cp $config_dir/ttdnsd-default /etc/default/ttdnsd
 
-# Be a bridge
-BridgeRelay 1
+# Configure sshd
+cp $config_dir/sshd_config /etc/ssh/sshd_config
 
-# Rate limited
-BandwidthRate 50KB
-
-# Don't allow any Tor traffic to exit
-Exitpolicy reject *:*
-
-# Allow a controller (tor-arm) on this system to configure Tor:
-ControlPort 9051
-ControlListenAddress 127.0.0.1:9051
-CookieAuthentication 1
-EOF
-
-# Remove a bunch of stuff:
-apt-get -y remove exim4-base exim4-config exim4-daemon-light dbus 
+# Clean up our cache
+apt-get -y clean
 
-## Disable ipv6 support
-cp /etc/sysctl.d/disableipv6.conf $temp_dir/
+## Disable ipv6 support for now
+cp $config_dir/modprobe.d-blacklist.conf /etc/modprobe.d/blacklist.conf
 echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
-cp /etc/sshd_config $temp_dir/
-echo "AddressFamily inet" >> /etc/ssh/ssh_config
 
 ##
 ## Restart services here
@@ -150,9 +112,10 @@ echo "AddressFamily inet" >> /etc/ssh/ssh_config
 
 /etc/init.d/ssh restart
 /etc/init.d/tor restart
+/etc/init.d/ttdnsd restart
 
 ##
 ## Touch a stamp to show that we're now a Torouter
 ##
 
-echo "torouter" > /etc/torouter
+echo "torouter $VERSION" > /etc/torouter