From 65167272a3ba52dc4d032a1c60a9ff030408047d Mon Sep 17 00:00:00 2001 From: Silvino Silva Date: Wed, 2 Aug 2017 01:01:58 +0100 Subject: first hardened test --- core/scripts/act-chroot.sh | 18 ++-- core/scripts/setup-install.sh | 217 +++++++++++++-------------------------- core/scripts/setup-target.sh | 229 ++++++++++++++++++++++++++++++++++++------ 3 files changed, 280 insertions(+), 184 deletions(-) mode change 100644 => 100755 core/scripts/setup-install.sh mode change 100644 => 100755 core/scripts/setup-target.sh (limited to 'core/scripts') diff --git a/core/scripts/act-chroot.sh b/core/scripts/act-chroot.sh index f8ae571..5411bc5 100644 --- a/core/scripts/act-chroot.sh +++ b/core/scripts/act-chroot.sh @@ -21,15 +21,15 @@ BLK_HOME="${DEV}8" #read CHROOT CHROOT="/mnt" -mount $BLK_ROOT $CHROOT - -mount $BLK_BOOT $CHROOT/boot -mount $BLK_EFI $CHROOT/boot/efi - -mount $BLK_VAR $CHROOT/var -mount $BLK_USR $CHROOT/usr -mount $BLK_PRT $CHROOT/usr/ports -mount $BLK_HOME $CHROOT/home +#mount $BLK_ROOT $CHROOT +# +#mount $BLK_BOOT $CHROOT/boot +#mount $BLK_EFI $CHROOT/boot/efi +# +#mount $BLK_VAR $CHROOT/var +#mount $BLK_USR $CHROOT/usr +#mount $BLK_PRT $CHROOT/usr/ports +#mount $BLK_HOME $CHROOT/home #mount -vt devpts devpts $CHROOT/dev/pts #mount -vt tmpfs shm $CHROOT/dev/shm diff --git a/core/scripts/setup-install.sh b/core/scripts/setup-install.sh old mode 100644 new mode 100755 index 0e0a720..c1d2765 --- a/core/scripts/setup-install.sh +++ b/core/scripts/setup-install.sh @@ -1,24 +1,9 @@ -#!/bin/sh +#!/bin/bash # Set Global Vars ADMIN_USER=c9admin DEV=$1 - -CHROOT="/mnt" -##read BLK_EFI -BLK_EFI="${DEV}2" -##read BLK_BOOT -BLK_BOOT="${DEV}3" -##read BLK_ROOT -BLK_ROOT="${DEV}4" -##read BLK_VAR -BLK_VAR="${DEV}5" -##read BLK_USR -BLK_USR="${DEV}6" -##read BLK_SWP -BLK_SWP="${DEV}7" -##read BLK_HOME -BLK_HOME="${DEV}8" +CHROOT=$2 # Absolute path to this script, # e.g. /home/user/c9-doc/core/scripts/foo.sh @@ -57,133 +42,37 @@ ConfirmOrExit () } -setup_target () { - echo "1.1.2 Creating File System on $BLK_EFI with fat32:" - mkfs.fat -F 32 $BLK_EFI - echo "1.1.2 Creating File System on $BLK_BOOT with ext4:" - mkfs.ext4 $BLK_BOOT - echo "1.1.2 Creating File System on $BLK_ROOT with ext4:" - mkfs.ext4 $BLK_ROOT - echo "1.1.2 Creating File System on $BLK_VAR with ext4:" - mkfs.ext4 $BLK_VAR - echo "1.1.2 Creating File System on $BLK_USR with ext4:" - mkfs.ext4 $BLK_USR - echo "1.1.2 Creating Swap File System on $BLK_SWP:" - mkswap $BLK_SWP - echo "1.1.2 Creating File System on $BLK_HOME with ext4:" - mkfs.ext4 $BLK_HOME - - echo "1.1.3 mount point to chroot (/mnt):\n" - mount $BLK_ROOT $CHROOT - - mkdir -p $CHROOT/boot - mount $BLK_BOOT $CHROOT/boot - mkdir -p $CHROOT/boot/efi - mount $BLK_EFI $CHROOT/boot/efi - mkdir -p $CHROOT/var - mount $BLK_VAR $CHROOT/var - mkdir -p $CHROOT/usr - mount $BLK_USR $CHROOT/usr - mkdir -p $CHROOT/home - mount $BLK_HOME $CHROOT/home - - - mkdir -p $CHROOT/dev - mkdir -p $CHROOT/tmp - mkdir -p $CHROOT/proc - mkdir -p $CHROOT/sys - - mkdir -p $CHROOT/var/lib/pkg - mkdir -p $CHROOT/usr/ports - - mkdir -p $CHROOT/media - - mount --bind /dev $CHROOT/dev - mount -vt devpts devpts $CHROOT/dev/pts - mount -vt tmpfs shm $CHROOT/dev/shm - mount -vt proc proc $CHROOT/proc - mount -vt sysfs sysfs $CHROOT/sys - - modprobe isofs - modprobe loop - mount -o loop $ISO_FILE $CHROOT/media -} - -install_packages() { +install_core() { echo "1.1.4 Create core.lst and install pkgadd" - for p in $CHROOT/media/crux/core/*; do echo $p >> $CHROOT/core.lst; done + for p in ${CHROOT}mnt/media/crux/core/*; do echo $p >> ${CHROOT}core.lst; done - tar xf "$CHROOT/media/crux/core/pkgutils#5.40-1.pkg.tar.xz" usr/bin/pkgadd -O > $CHROOT/pkgadd + tar xf "${CHROOT}mnt/media/crux/core/pkgutils#5.40-1.pkg.tar.xz" usr/bin/pkgadd -O > ${CHROOT}pkgadd - chmod +x $CHROOT/pkgadd + chmod +x ${CHROOT}pkgadd echo "1.1.4 File core.lst complete, review list of packages before continue..." read PAUSE - vim $CHROOT/core.lst + vim ${CHROOT}core.lst echo "1.1.4 Starting install" - touch $CHROOT/var/lib/pkg/db + touch ${CHROOT}/var/lib/pkg/db cd $CHROOT while read line; do echo "Installing $line;\n" - $CHROOT/pkgadd -f -r $CHROOT $line - done < core.lst + ${CHROOT}pkgadd -u -f -r ${CHROOT} ${line} + done < ${CHROOT}core.lst - rm $CHROOT/pkgadd - rm $CHROOT/core.lst + rm ${CHROOT}pkgadd + rm ${CHROOT}core.lst - echo "1.1.5. Install extra packages;" - - mkdir $CHROOT/usr/ports/packages - cp $CHROOT/media/crux/core/* $CHROOT/usr/ports/packages - cp $CHROOT/media/crux/opt/* $CHROOT/usr/ports/packages - cp $CHROOT/media/crux/xorg/* $CHROOT/usr/ports/packages + mkdir ${CHROOT}usr/ports/packages + cp ${CHROOT}media/crux/core/* ${CHROOT}usr/ports/packages - echo "Installing $CHROOT/usr/ports/packages/fakeroot" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/fakeroot#* - echo "Installing $CHROOT/usr/ports/packages/dbus" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/dbus#* - echo "Installing $CHROOT/usr/ports/packages/expat" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/expat#* - echo "Installing $CHROOT/usr/ports/packages/libnl" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libnl#* - echo "Installing $CHROOT/usr/ports/packages/libpng" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libpng#* - echo "Installing $CHROOT/usr/ports/packages/freetype" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/freetype#* - echo "Installing $CHROOT/usr/ports/packages/libffi" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libffi#* - echo "Installing $CHROOT/usr/ports/packages/sqlite3" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/sqlite3#* - echo "Installing $CHROOT/usr/ports/packages/python" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/python#* - echo "Installing $CHROOT/usr/ports/packages/glib" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/glib#* - echo "Installing $CHROOT/usr/ports/packages/grub2" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/grub2#* - echo "Installing $CHROOT/usr/ports/packages/grub2-efi" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/grub2-efi#* - echo "Installing $CHROOT/usr/ports/packages/wireless-tools" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/wireless-tools#* - echo "Installing $CHROOT/usr/ports/packages/wpa_supplicant" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/wpa_supplicant#* - echo "Installing $CHROOT/usr/ports/packages/lvm2" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/lvm2#* - echo "Installing $CHROOT/usr/ports/packages/mdadm" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/mdadm#* - echo "Installing $CHROOT/usr/ports/packages/efivar" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/efivar#* - echo "Installing $CHROOT/usr/ports/packages/efibootmgr" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/efibootmgr#* - echo "Installing $CHROOT/usr/ports/packages/dosfstools" - $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/dosfstools#* - - echo "1.1.6. Install extra ports;\n" +} - mkdir $CHROOT/usr/ports/c9-ports - cp -r $DIR_PRT/* $CHROOT/usr/ports/c9-ports/ +setup_core() { echo "1.1.7. dns resolver, copy resolv.conf;\n" cp /etc/resolv.conf $CHROOT/etc @@ -193,9 +82,6 @@ install_packages() { echo "1.1.9. Install Skeletons\n" cp -r $DIR_CONF/skel $CHROOT/etc/ -} - -host_metadata() { echo "1.2.1. Set hostname and hosts;" cp $DIR_CONF/hosts $CHROOT/etc/ @@ -229,9 +115,6 @@ host_metadata() { cp $DIR_CONF/rc.conf $CHROOT/etc/ vim $CHROOT/etc/rc.conf -} - -setup_ports() { echo "1.3.1. Build as unprivileged user;" chroot $CHROOT /usr/bin/env -i \ @@ -284,18 +167,59 @@ setup_ports() { #vim $CHROOT/etc/prt-get.conf } -echo "SCRIPT=$SCRIPT"; -echo "SCRIPTPATH=$SCRIPTPATH"; +install_packages() { -echo "Device: $DEV\n" + echo "1.1.5. Install extra packages;" + cp $CHROOT/media/crux/opt/* $CHROOT/usr/ports/packages + cp $CHROOT/media/crux/xorg/* $CHROOT/usr/ports/packages -echo "1.1.2 EFI block; ($BLK_EFI)" -echo "1.1.2 boot block; ($BLK_BOOT)" -echo "1.1.2 root block; ($BLK_ROOT)" -echo "1.1.2 var block; ($BLK_VAR)" -echo "1.1.2 usr block; ($BLK_USR)" -echo "1.1.2 swap block; ($BLK_SWP)" -echo "1.1.2 home block; ($BLK_HOME)\n" + echo "Installing $CHROOT/usr/ports/packages/fakeroot" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/fakeroot#* + echo "Installing $CHROOT/usr/ports/packages/dbus" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/dbus#* + echo "Installing $CHROOT/usr/ports/packages/expat" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/expat#* + echo "Installing $CHROOT/usr/ports/packages/libnl" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libnl#* + echo "Installing $CHROOT/usr/ports/packages/libpng" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libpng#* + echo "Installing $CHROOT/usr/ports/packages/freetype" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/freetype#* + echo "Installing $CHROOT/usr/ports/packages/libffi" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/libffi#* + echo "Installing $CHROOT/usr/ports/packages/sqlite3" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/sqlite3#* + echo "Installing $CHROOT/usr/ports/packages/python" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/python#* + echo "Installing $CHROOT/usr/ports/packages/glib" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/glib#* + echo "Installing $CHROOT/usr/ports/packages/grub2" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/grub2#* + echo "Installing $CHROOT/usr/ports/packages/grub2-efi" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/grub2-efi#* + echo "Installing $CHROOT/usr/ports/packages/wireless-tools" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/wireless-tools#* + echo "Installing $CHROOT/usr/ports/packages/wpa_supplicant" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/wpa_supplicant#* + echo "Installing $CHROOT/usr/ports/packages/lvm2" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/lvm2#* + echo "Installing $CHROOT/usr/ports/packages/mdadm" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/mdadm#* + echo "Installing $CHROOT/usr/ports/packages/efivar" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/efivar#* + echo "Installing $CHROOT/usr/ports/packages/efibootmgr" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/efibootmgr#* + echo "Installing $CHROOT/usr/ports/packages/dosfstools" + $CHROOT/usr/bin/pkgadd -f -r $CHROOT $CHROOT/usr/ports/packages/dosfstools#* + + echo "1.1.6. Install extra ports;\n" + + mkdir $CHROOT/usr/ports/c9-ports + cp -r $DIR_PRT/* $CHROOT/usr/ports/c9-ports/ + +} +echo "SCRIPT=$SCRIPT"; +echo "SCRIPTPATH=$SCRIPTPATH"; echo "ADMIN_USER="$ADMIN_USER"\n" echo "CHROOT=$CHROOT"; @@ -307,9 +231,8 @@ echo "ISO_FILE=$ISO_FILE"; ConfirmOrExit echo "press enter to continue" read -setup_target -install_packages -host_metadata -setup_ports +install_core +#setup_core +#install_packages echo "Ready to chroot $CHROOT /bin/bash \n" diff --git a/core/scripts/setup-target.sh b/core/scripts/setup-target.sh old mode 100644 new mode 100755 index 6931fe9..d46d4bb --- a/core/scripts/setup-target.sh +++ b/core/scripts/setup-target.sh @@ -1,5 +1,36 @@ #!/bin/sh +DEV=/dev + +SETUP_TARGET="print" +CHROOT="/mnt" + +# Absolute path to this script, e.g. /home/user/bin/foo.sh +SCRIPT=$(readlink -f "$0") +# Absolute path this script is in, thus /home/user/bin +SCRIPTPATH=$(dirname "$SCRIPT") + +DIR=$(dirname "$SCRIPTPATH"); +DIR_LOCAL="$(dirname $(dirname ${DIR}))/local"; + +ISO_FILE="${DIR_LOCAL}/crux-3.3.iso" + +##read BLK_EFI +BLK_EFI="${DEV}2" +##read BLK_BOOT +BLK_BOOT="${DEV}3" +##read BLK_ROOT +BLK_ROOT="${DEV}4" +##read BLK_VAR +BLK_VAR="${DEV}5" +##read BLK_USR +BLK_USR="${DEV}6" +##read BLK_SWP +BLK_SWP="${DEV}7" +##read BLK_HOME +BLK_HOME="${DEV}8" + + # First we define the function ConfirmOrExit () { @@ -19,31 +50,173 @@ ConfirmOrExit () echo "You entered $CONFIRM. Continuing ..." } -DEV=$1 - -echo "Device: $DEV\n" -ConfirmOrExit - -parted --script $DEV \ - mklabel gpt \ - unit mib \ - mkpart primary 1 3 \ - name 1 grub \ - set 1 bios_grub on \ - mkpart ESP fat32 3 125 \ - name 2 efi \ - set 2 boot on \ - mkpart primary ext4 125 1128 \ - name 3 boot \ - mkpart primary ext4 1128 5128 \ - name 4 root \ - mkpart primary ext4 5128 6128 \ - name 5 var \ - mkpart primary ext4 6128 14128 \ - name 6 usr \ - mkpart primary linux-swap 14128 18128 \ - name 7 swap \ - mkpart primary ext4 18128 100% \ - name 8 home - -exit 0; + +partition_target () { + + parted --script $DEV \ + mklabel gpt \ + unit mib \ + mkpart primary 1 3 \ + name 1 grub \ + set 1 bios_grub on \ + mkpart ESP fat32 3 125 \ + name 2 efi \ + set 2 boot on \ + mkpart primary ext4 125 1128 \ + name 3 boot \ + mkpart primary ext4 1128 5128 \ + name 4 root \ + mkpart primary ext4 5128 6128 \ + name 5 var \ + mkpart primary ext4 6128 14128 \ + name 6 usr \ + mkpart primary linux-swap 14128 18128 \ + name 7 swap \ + mkpart primary ext4 18128 100% \ + name 8 home +} + +mount_target () { + echo "1.1.2 Creating File System on $BLK_EFI with fat32:" + mkfs.fat -F 32 $BLK_EFI + echo "1.1.2 Creating File System on $BLK_BOOT with ext4:" + mkfs.ext4 $BLK_BOOT + echo "1.1.2 Creating File System on $BLK_ROOT with ext4:" + mkfs.ext4 $BLK_ROOT + echo "1.1.2 Creating File System on $BLK_VAR with ext4:" + mkfs.ext4 $BLK_VAR + echo "1.1.2 Creating File System on $BLK_USR with ext4:" + mkfs.ext4 $BLK_USR + echo "1.1.2 Creating Swap File System on $BLK_SWP:" + mkswap $BLK_SWP + echo "1.1.2 Creating File System on $BLK_HOME with ext4:" + mkfs.ext4 $BLK_HOME + + echo "1.1.3 mount point to chroot (/mnt):\n" + mount $BLK_ROOT $CHROOT + + mkdir -p $CHROOT/boot + mount $BLK_BOOT $CHROOT/boot + + mkdir -p $CHROOT/boot/efi + mount $BLK_EFI $CHROOT/boot/efi + + mkdir -p $CHROOT/var + mount $BLK_VAR $CHROOT/var + + mkdir -p $CHROOT/usr + mount $BLK_USR $CHROOT/usr + + mkdir -p $CHROOT/home + mount $BLK_HOME $CHROOT/home + + mkdir -p $CHROOT/var/lib/pkg + mkdir -p $CHROOT/usr/ports + + mkdir -p $CHROOT/media + + mkdir -p $CHROOT/dev + mkdir -p $CHROOT/tmp + mkdir -p $CHROOT/proc + mkdir -p $CHROOT/sys + +} + +directory_target () { + + mkdir -p $CHROOT/home + mkdir -p $CHROOT/boot/efi + mkdir -p $CHROOT/var/lib/pkg + mkdir -p $CHROOT/usr/ports + + mkdir -p $CHROOT/media + + mkdir -p $CHROOT/dev + mkdir -p $CHROOT/tmp + mkdir -p $CHROOT/proc + mkdir -p $CHROOT/sys + +} + + +enable_target () { + + mount --bind /dev $CHROOT/dev + mount -vt devpts devpts $CHROOT/dev/pts + mount -vt tmpfs shm $CHROOT/dev/shm + mount -vt proc proc $CHROOT/proc + mount -vt sysfs sysfs $CHROOT/sys + + modprobe isofs + modprobe loop + mount -o loop $ISO_FILE $CHROOT/media +} + +print_target() { + echo "Device: $DEV" + echo "CHROOT: $CHROOT" + echo "ISO_FILE: $ISO_FILE" + echo "Option Selected: $SETUP_TARGET\n" + + echo "1.1.2 EFI block; ($BLK_EFI)" + echo "1.1.2 boot block; ($BLK_BOOT)" + echo "1.1.2 root block; ($BLK_ROOT)" + echo "1.1.2 var block; ($BLK_VAR)" + echo "1.1.2 usr block; ($BLK_USR)" + echo "1.1.2 swap block; ($BLK_SWP)" + echo "1.1.2 home block; ($BLK_HOME)\n" + + +} + +print_help() { + echo "usage: setup_target [options]" + echo "options:" + echo " -p, --partition create partitions and file systems" + echo " -m, --mount mount partitions on chroot" + echo " -d, --directory keep temporary working directory" + echo " -e, --enable enable chroot (proc,dev, sys...)" + echo " -v, --view view environment vars and exit" + echo " -h, --help print help and exit" +} + + +while [ "$1" ]; do + case $1 in + -p|--partition) + SETUP_TARGET="partition" + print_target + ConfirmOrExit + partition_target + exit 0 ;; + -m|--mount) + SETUP_TARGET="mount" + print_target + ConfirmOrExit + mount_target + exit 0 ;; + -d|--directory) + SETUP_TARGET="directory" + print_target + ConfirmOrExit + directory_target + exit 0 ;; + -e|--enable) + SETUP_TARGET="enable" + print_target + ConfirmOrExit + enable_target + exit 0 ;; + -v|--view) + SETUP_TARGET="view" + print_target + exit 0 ;; + -h|--help) + print_help + exit 0 ;; + *) + echo "setup-target: invalid option $1" + exit 1 ;; + esac + shift +done -- cgit 1.4.1-2-gfad0