/strongswan-5.0.0/testing/scripts/build-umlrootfs
#! | 446 lines | 357 code | 89 blank | 0 comment | 0 complexity | 79d899c7ada048d746f2b8e87b2baf59 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0
- #!/bin/bash
- # Create UML root filesystem
- #
- # Copyright (C) 2004 Eric Marchionni, Patrik Rayo
- # Zuercher Hochschule Winterthur
- #
- # This program is free software; you can redistribute it and/or modify it
- # under the terms of the GNU General Public License as published by the
- # Free Software Foundation; either version 2 of the License, or (at your
- # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
- #
- # This program is distributed in the hope that it will be useful, but
- # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
- # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
- # for more details.
- DIR=`dirname $0`
- source $DIR/function.sh
- [ -f $DIR/../testing.conf ] || die "!! Configuration file 'testing.conf' not found"
- source $DIR/../testing.conf
- STRONGSWANVERSION=`basename $STRONGSWAN .tar.bz2`
- cecho-n " * Looking for strongSwan at '$STRONGSWAN'.."
- if [ -f "$STRONGSWAN" ]
- then
- cecho "found it"
- cecho " * strongSwan version is '$STRONGSWANVERSION'"
- else
- cecho "none"
- exit
- fi
- cecho-n " * Looking for gentoo root filesystem at '$ROOTFS'.."
- if [ -f "$ROOTFS" ]
- then
- cecho "found it"
- else
- cecho "none"
- exit
- fi
- [ -d $BUILDDIR ] || die "!! Directory '$BUILDDIR' does not exist"
- HOSTCONFIGDIR=$BUILDDIR/hosts
- [ -d $HOSTCONFIGDIR ] || die "!! Directory '$HOSTCONFIGDIR' does not exist"
- LOGFILE=$BUILDDIR/testing.log
- if [ ! -f $LOGFILE ]
- then
- cecho-n " * Logfile '$LOGFILE' does not exist..creating.."
- touch $LOGFILE
- cgecho "done"
- fi
- ROOTFSDIR=$BUILDDIR/root-fs
- if [ ! -d $ROOTFSDIR ]
- then
- cecho-n " * Root file system directory '$ROOTFSDIR' does not exist..creating.."
- mkdir $ROOTFSDIR
- cgecho "done"
- fi
- cd $ROOTFSDIR
- LOOPDIR=$ROOTFSDIR/loop
- if [ ! -d $LOOPDIR ]
- then
- mkdir $LOOPDIR
- fi
- ######################################################
- # creating reiser-based uml root filesystem
- #
- cecho-n " * Building basic root filesystem (gentoo).."
- dd if=/dev/zero of=gentoo-fs count=$ROOTFSSIZE bs=1M >> $LOGFILE 2>&1
- mkreiserfs -q -f gentoo-fs >> $LOGFILE 2>&1
- mount -o loop gentoo-fs $LOOPDIR >> $LOGFILE 2>&1
- tar xjpf $ROOTFS -C $LOOPDIR >> $LOGFILE 2>&1
- cgecho "done"
- ######################################################
- # remove /etc/resolv.conf
- #
- cecho " * Removing /etc/resolv.conf"
- rm -f $LOOPDIR/etc/resolv.conf
- ######################################################
- # copying default /etc/hosts to the root filesystem
- #
- cecho " * Copying '$HOSTCONFIGDIR/default/etc/hosts' to the root filesystem"
- cp -fp $HOSTCONFIGDIR/default/etc/hosts $LOOPDIR/etc/hosts
- #####################################################
- # extracting strongSwan into the root filesystem
- #
- cecho " * Extracting strongSwan into the root filesystem"
- tar xjf $STRONGSWAN -C $LOOPDIR/root >> $LOGFILE 2>&1
- ######################################################
- # setting up mountpoint for shared source tree
- #
- if [ "${SHAREDTREE+set}" = "set" ]; then
- cecho " * setting up shared strongswan tree at '$SHAREDTREE'"
- mkdir $LOOPDIR/root/strongswan-shared
- echo "" >> $LOOPDIR/etc/fstab
- echo "none /root/strongswan-shared hostfs $SHAREDTREE" >> $LOOPDIR/etc/fstab
- fi
- ######################################################
- # installing strongSwan and setting the local timezone
- #
- INSTALLSHELL=${LOOPDIR}/install.sh
- cecho " * Preparing strongSwan installation script"
- echo "ln -sf /usr/share/zoneinfo/${TZUML} /etc/localtime" >> $INSTALLSHELL
- echo "cd /root/${STRONGSWANVERSION}" >> $INSTALLSHELL
- echo -n "./configure --sysconfdir=/etc" >> $INSTALLSHELL
- echo -n " --with-random-device=/dev/urandom" >> $INSTALLSHELL
- echo -n " --disable-load-warning" >> $INSTALLSHELL
- if [ "$USE_LIBCURL" = "yes" ]
- then
- echo -n " --enable-curl" >> $INSTALLSHELL
- fi
- if [ "$USE_LDAP" = "yes" ]
- then
- echo -n " --enable-ldap" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_AKA" = "yes" ]
- then
- echo -n " --enable-eap-aka" >> $INSTALLSHELL
- echo -n " --enable-eap-aka-3gpp2" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_SIM" = "yes" ]
- then
- echo -n " --enable-eap-sim" >> $INSTALLSHELL
- echo -n " --enable-eap-sim-file" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_MD5" = "yes" ]
- then
- echo -n " --enable-eap-md5" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_MSCHAPV2" = "yes" ]
- then
- echo -n " --enable-md4" >> $INSTALLSHELL
- echo -n " --enable-eap-mschapv2" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_IDENTITY" = "yes" ]
- then
- echo -n " --enable-eap-identity" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_RADIUS" = "yes" ]
- then
- echo -n " --enable-eap-radius" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_TLS" = "yes" ]
- then
- echo -n " --enable-eap-tls" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_TTLS" = "yes" ]
- then
- echo -n " --enable-eap-ttls" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_PEAP" = "yes" ]
- then
- echo -n " --enable-eap-peap" >> $INSTALLSHELL
- fi
- if [ "$USE_EAP_TNC" = "yes" ]
- then
- echo -n " --enable-eap-tnc" >> $INSTALLSHELL
- fi
- if [ "$USE_TNC_PDP" = "yes" ]
- then
- echo -n " --enable-tnc-pdp" >> $INSTALLSHELL
- fi
- if [ "$USE_TNC_IMC" = "yes" ]
- then
- echo -n " --enable-tnc-imc" >> $INSTALLSHELL
- fi
- if [ "$USE_TNC_IMV" = "yes" ]
- then
- echo -n " --enable-tnc-imv" >> $INSTALLSHELL
- fi
- if [ "$USE_TNCCS_11" = "yes" ]
- then
- echo -n " --enable-tnccs-11" >> $INSTALLSHELL
- fi
- if [ "$USE_TNCCS_20" = "yes" ]
- then
- echo -n " --enable-tnccs-20" >> $INSTALLSHELL
- fi
- if [ "$USE_TNCCS_DYNAMIC" = "yes" ]
- then
- echo -n " --enable-tnccs-dynamic" >> $INSTALLSHELL
- fi
- if [ "$USE_IMC_TEST" = "yes" ]
- then
- echo -n " --enable-imc-test" >> $INSTALLSHELL
- fi
- if [ "$USE_IMV_TEST" = "yes" ]
- then
- echo -n " --enable-imv-test" >> $INSTALLSHELL
- fi
- if [ "$USE_IMC_SCANNER" = "yes" ]
- then
- echo -n " --enable-imc-scanner" >> $INSTALLSHELL
- fi
- if [ "$USE_IMV_SCANNER" = "yes" ]
- then
- echo -n " --enable-imv-scanner" >> $INSTALLSHELL
- fi
- if [ "$USE_IMC_ATTESTATION" = "yes" ]
- then
- echo -n " --enable-imc-attestation" >> $INSTALLSHELL
- fi
- if [ "$USE_IMV_ATTESTATION" = "yes" ]
- then
- echo -n " --enable-imv-attestation" >> $INSTALLSHELL
- fi
- if [ "$USE_SQL" = "yes" ]
- then
- echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
- fi
- if [ "$USE_MEDIATION" = "yes" ]
- then
- echo -n " --enable-mediation" >> $INSTALLSHELL
- fi
- if [ "$USE_OPENSSL" = "yes" ]
- then
- echo -n " --enable-openssl" >> $INSTALLSHELL
- fi
- if [ "$USE_BLOWFISH" = "yes" ]
- then
- echo -n " --enable-blowfish" >> $INSTALLSHELL
- fi
- if [ "$USE_KERNEL_PFKEY" = "yes" ]
- then
- echo -n " --enable-kernel-pfkey" >> $INSTALLSHELL
- fi
-
- if [ "$USE_INTEGRITY_TEST" = "yes" ]
- then
- echo -n " --enable-integrity-test" >> $INSTALLSHELL
- fi
- if [ "$USE_LEAK_DETECTIVE" = "yes" ]
- then
- echo -n " --enable-leak-detective" >> $INSTALLSHELL
- fi
- if [ "$USE_LOAD_TESTER" = "yes" ]
- then
- echo -n " --enable-load-tester" >> $INSTALLSHELL
- fi
- if [ "$USE_TEST_VECTORS" = "yes" ]
- then
- echo -n " --enable-test-vectors" >> $INSTALLSHELL
- fi
- if [ "$USE_GCRYPT" = "yes" ]
- then
- echo -n " --enable-gcrypt" >> $INSTALLSHELL
- fi
- if [ "$USE_SOCKET_DEFAULT" = "yes" ]
- then
- echo -n " --enable-socket-default" >> $INSTALLSHELL
- fi
- if [ "$USE_SOCKET_DYNAMIC" = "yes" ]
- then
- echo -n " --enable-socket-dynamic" >> $INSTALLSHELL
- fi
- if [ "$USE_SOCKET_RAW" = "yes" ]
- then
- echo -n " --enable-socket-raw" >> $INSTALLSHELL
- fi
- if [ "$USE_DHCP" = "yes" ]
- then
- echo -n " --enable-dhcp" >> $INSTALLSHELL
- fi
- if [ "$USE_FARP" = "yes" ]
- then
- echo -n " --enable-farp" >> $INSTALLSHELL
- fi
- if [ "$USE_ADDRBLOCK" = "yes" ]
- then
- echo -n " --enable-addrblock" >> $INSTALLSHELL
- fi
- if [ "$USE_CTR" = "yes" ]
- then
- echo -n " --enable-ctr" >> $INSTALLSHELL
- fi
- if [ "$USE_CCM" = "yes" ]
- then
- echo -n " --enable-ccm" >> $INSTALLSHELL
- fi
- if [ "$USE_GCM" = "yes" ]
- then
- echo -n " --enable-gcm" >> $INSTALLSHELL
- fi
- if [ "$USE_CMAC" = "yes" ]
- then
- echo -n " --enable-cmac" >> $INSTALLSHELL
- fi
- if [ "$USE_HA" = "yes" ]
- then
- echo -n " --enable-ha" >> $INSTALLSHELL
- fi
- if [ "$USE_AF_ALG" = "yes" ]
- then
- echo -n " --enable-af-alg" >> $INSTALLSHELL
- fi
- if [ "$USE_WHITELIST" = "yes" ]
- then
- echo -n " --enable-whitelist" >> $INSTALLSHELL
- fi
- if [ "$USE_XAUTH_GENERIC" = "yes" ]
- then
- echo -n " --enable-xauth-generic" >> $INSTALLSHELL
- fi
- if [ "$USE_XAUTH_EAP" = "yes" ]
- then
- echo -n " --enable-xauth-eap" >> $INSTALLSHELL
- fi
- if [ "$USE_PKCS8" = "yes" ]
- then
- echo -n " --enable-pkcs8" >> $INSTALLSHELL
- fi
- if [ "$USE_IFMAP" = "yes" ]
- then
- echo -n " --enable-tnc-ifmap" >> $INSTALLSHELL
- fi
- if [ "$USE_CISCO_QUIRKS" = "yes" ]
- then
- echo -n " --enable-cisco-quirks" >> $INSTALLSHELL
- fi
- echo "" >> $INSTALLSHELL
- echo "make -j" >> $INSTALLSHELL
- echo "make install" >> $INSTALLSHELL
- echo "ldconfig" >> $INSTALLSHELL
- cecho-n " * Compiling $STRONGSWANVERSION within the root file system as chroot.."
- chroot $LOOPDIR /bin/bash /install.sh >> $LOGFILE 2>&1
- rm -f $INSTALLSHELL
- cgecho "done"
- ######################################################
- # copying default /etc/ipsec.d/tables.sql to the root filesystem
- #
- cecho " * Copying '$HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql' to the root filesystem"
- cp -fp $HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql $LOOPDIR/etc/ipsec.d/tables.sql
- ######################################################
- # copying the host's ssh public key
- #
- if [ ! -d $LOOPDIR/root/.ssh ]
- then
- mkdir $LOOPDIR/root/.ssh
- fi
- cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys
- ######################################################
- # setup public key based login among all hosts
- #
- cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa
- for host in $STRONGSWANHOSTS
- do
- eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
- echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
- echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
- done
- ######################################################
- # defining an empty modules.dep
- #
- if [ $UMLPATCH ]
- then
- mkdir $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um
- touch $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um/modules.dep
- else
- mkdir $LOOPDIR/lib/modules/$KERNELVERSION
- touch $LOOPDIR/lib/modules/$KERNELVERSION/modules.dep
- fi
- umount $LOOPDIR