/strongswan-5.0.0/testing/scripts/build-umlrootfs

#!/bin/bash
# Create UML root filesystem
#
# Copyright (C) 2004  Eric Marchionni, Patrik Rayo
# Zuercher Hochschule Winterthur
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
# for more details.

DIR=`dirname $0`

source $DIR/function.sh

[ -f $DIR/../testing.conf ] || die "!! Configuration file 'testing.conf' not found"

source $DIR/../testing.conf

STRONGSWANVERSION=`basename $STRONGSWAN .tar.bz2`

cecho-n " * Looking for strongSwan at '$STRONGSWAN'.."
if [ -f "$STRONGSWAN" ]
then
    cecho "found it"
    cecho " * strongSwan version is '$STRONGSWANVERSION'"
else
    cecho "none"
    exit
fi

cecho-n " * Looking for gentoo root filesystem at '$ROOTFS'.."
if [ -f "$ROOTFS" ]
then
    cecho "found it"
else
    cecho "none"
    exit
fi

[ -d $BUILDDIR ] || die "!! Directory '$BUILDDIR' does not exist"

HOSTCONFIGDIR=$BUILDDIR/hosts

[ -d $HOSTCONFIGDIR ] || die "!! Directory '$HOSTCONFIGDIR' does not exist"

LOGFILE=$BUILDDIR/testing.log

if [ ! -f $LOGFILE ]
then
    cecho-n " * Logfile '$LOGFILE' does not exist..creating.."
    touch $LOGFILE
    cgecho "done"
fi

ROOTFSDIR=$BUILDDIR/root-fs

if [ ! -d $ROOTFSDIR ]
then
    cecho-n " * Root file system directory '$ROOTFSDIR' does not exist..creating.."
    mkdir $ROOTFSDIR
    cgecho "done"
fi

cd $ROOTFSDIR

LOOPDIR=$ROOTFSDIR/loop

if [ ! -d $LOOPDIR ]
then
    mkdir $LOOPDIR
fi

######################################################
# creating reiser-based uml root filesystem
#

cecho-n " * Building basic root filesystem (gentoo).."
dd if=/dev/zero of=gentoo-fs count=$ROOTFSSIZE bs=1M >> $LOGFILE 2>&1
mkreiserfs -q -f gentoo-fs       >> $LOGFILE 2>&1
mount -o loop gentoo-fs $LOOPDIR >> $LOGFILE 2>&1
tar xjpf $ROOTFS -C $LOOPDIR     >> $LOGFILE 2>&1
cgecho "done"

######################################################
# remove /etc/resolv.conf
#
cecho " * Removing /etc/resolv.conf"
rm -f $LOOPDIR/etc/resolv.conf

######################################################
# copying default /etc/hosts to the root filesystem
#
cecho " * Copying '$HOSTCONFIGDIR/default/etc/hosts' to the root filesystem"
cp -fp $HOSTCONFIGDIR/default/etc/hosts $LOOPDIR/etc/hosts

#####################################################
# extracting strongSwan into the root filesystem
#
cecho " * Extracting strongSwan into the root filesystem"
tar xjf $STRONGSWAN -C $LOOPDIR/root >> $LOGFILE 2>&1

######################################################
# setting up mountpoint for shared source tree
#
if [ "${SHAREDTREE+set}" = "set" ]; then
    cecho " * setting up shared strongswan tree at '$SHAREDTREE'"
    mkdir $LOOPDIR/root/strongswan-shared
    echo "" >> $LOOPDIR/etc/fstab
    echo "none /root/strongswan-shared hostfs $SHAREDTREE" >> $LOOPDIR/etc/fstab
fi

######################################################
# installing strongSwan and setting the local timezone
#

INSTALLSHELL=${LOOPDIR}/install.sh

cecho " * Preparing strongSwan installation script"
echo "ln -sf /usr/share/zoneinfo/${TZUML} /etc/localtime" >> $INSTALLSHELL

echo "cd /root/${STRONGSWANVERSION}" >> $INSTALLSHELL
echo -n "./configure --sysconfdir=/etc" >> $INSTALLSHELL
echo -n " --with-random-device=/dev/urandom" >> $INSTALLSHELL
echo -n " --disable-load-warning" >> $INSTALLSHELL

if [ "$USE_LIBCURL" = "yes" ]
then
    echo -n " --enable-curl" >> $INSTALLSHELL
fi

if [ "$USE_LDAP" = "yes" ]
then
    echo -n " --enable-ldap" >> $INSTALLSHELL
fi

if [ "$USE_EAP_AKA" = "yes" ]
then
    echo -n " --enable-eap-aka" >> $INSTALLSHELL
    echo -n " --enable-eap-aka-3gpp2" >> $INSTALLSHELL
fi

if [ "$USE_EAP_SIM" = "yes" ]
then
    echo -n " --enable-eap-sim" >> $INSTALLSHELL
    echo -n " --enable-eap-sim-file" >> $INSTALLSHELL
fi

if [ "$USE_EAP_MD5" = "yes" ]
then
    echo -n " --enable-eap-md5" >> $INSTALLSHELL
fi

if [ "$USE_EAP_MSCHAPV2" = "yes" ]
then
    echo -n " --enable-md4" >> $INSTALLSHELL
    echo -n " --enable-eap-mschapv2" >> $INSTALLSHELL
fi

if [ "$USE_EAP_IDENTITY" = "yes" ]
then
    echo -n " --enable-eap-identity" >> $INSTALLSHELL
fi

if [ "$USE_EAP_RADIUS" = "yes" ]
then
    echo -n " --enable-eap-radius" >> $INSTALLSHELL
fi

if [ "$USE_EAP_TLS" = "yes" ]
then
    echo -n " --enable-eap-tls" >> $INSTALLSHELL
fi

if [ "$USE_EAP_TTLS" = "yes" ]
then
    echo -n " --enable-eap-ttls" >> $INSTALLSHELL
fi

if [ "$USE_EAP_PEAP" = "yes" ]
then
    echo -n " --enable-eap-peap" >> $INSTALLSHELL
fi

if [ "$USE_EAP_TNC" = "yes" ]
then
    echo -n " --enable-eap-tnc" >> $INSTALLSHELL
fi

if [ "$USE_TNC_PDP" = "yes" ]
then
    echo -n " --enable-tnc-pdp" >> $INSTALLSHELL
fi

if [ "$USE_TNC_IMC" = "yes" ]
then
    echo -n " --enable-tnc-imc" >> $INSTALLSHELL
fi

if [ "$USE_TNC_IMV" = "yes" ]
then
    echo -n " --enable-tnc-imv" >> $INSTALLSHELL
fi

if [ "$USE_TNCCS_11" = "yes" ]
then
    echo -n " --enable-tnccs-11" >> $INSTALLSHELL
fi

if [ "$USE_TNCCS_20" = "yes" ]
then
    echo -n " --enable-tnccs-20" >> $INSTALLSHELL
fi

if [ "$USE_TNCCS_DYNAMIC" = "yes" ]
then
    echo -n " --enable-tnccs-dynamic" >> $INSTALLSHELL
fi

if [ "$USE_IMC_TEST" = "yes" ]
then
    echo -n " --enable-imc-test" >> $INSTALLSHELL
fi

if [ "$USE_IMV_TEST" = "yes" ]
then
    echo -n " --enable-imv-test" >> $INSTALLSHELL
fi

if [ "$USE_IMC_SCANNER" = "yes" ]
then
    echo -n " --enable-imc-scanner" >> $INSTALLSHELL
fi

if [ "$USE_IMV_SCANNER" = "yes" ]
then
    echo -n " --enable-imv-scanner" >> $INSTALLSHELL
fi

if [ "$USE_IMC_ATTESTATION" = "yes" ]
then
    echo -n " --enable-imc-attestation" >> $INSTALLSHELL
fi

if [ "$USE_IMV_ATTESTATION" = "yes" ]
then
    echo -n " --enable-imv-attestation" >> $INSTALLSHELL
fi

if [ "$USE_SQL" = "yes" ]
then
    echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
    fi

if [ "$USE_MEDIATION" = "yes" ]
then
    echo -n " --enable-mediation" >> $INSTALLSHELL
fi

if [ "$USE_OPENSSL" = "yes" ]
then
    echo -n " --enable-openssl" >> $INSTALLSHELL
fi

if [ "$USE_BLOWFISH" = "yes" ]
then
    echo -n " --enable-blowfish" >> $INSTALLSHELL
fi

if [ "$USE_KERNEL_PFKEY" = "yes" ]
then
    echo -n " --enable-kernel-pfkey" >> $INSTALLSHELL
fi
  
if [ "$USE_INTEGRITY_TEST" = "yes" ]
then
    echo -n " --enable-integrity-test" >> $INSTALLSHELL
fi

if [ "$USE_LEAK_DETECTIVE" = "yes" ]
then
    echo -n " --enable-leak-detective" >> $INSTALLSHELL
fi

if [ "$USE_LOAD_TESTER" = "yes" ]
then
    echo -n " --enable-load-tester" >> $INSTALLSHELL
fi

if [ "$USE_TEST_VECTORS" = "yes" ]
then
    echo -n " --enable-test-vectors" >> $INSTALLSHELL
fi

if [ "$USE_GCRYPT" = "yes" ]
then
    echo -n " --enable-gcrypt" >> $INSTALLSHELL
fi

if [ "$USE_SOCKET_DEFAULT" = "yes" ]
then
    echo -n " --enable-socket-default" >> $INSTALLSHELL
fi

if [ "$USE_SOCKET_DYNAMIC" = "yes" ]
then
    echo -n " --enable-socket-dynamic" >> $INSTALLSHELL
fi

if [ "$USE_SOCKET_RAW" = "yes" ]
then
    echo -n " --enable-socket-raw" >> $INSTALLSHELL
fi

if [ "$USE_DHCP" = "yes" ]
then
    echo -n " --enable-dhcp" >> $INSTALLSHELL
fi

if [ "$USE_FARP" = "yes" ]
then
    echo -n " --enable-farp" >> $INSTALLSHELL
fi

if [ "$USE_ADDRBLOCK" = "yes" ]
then
    echo -n " --enable-addrblock" >> $INSTALLSHELL
fi

if [ "$USE_CTR" = "yes" ]
then
    echo -n " --enable-ctr" >> $INSTALLSHELL
fi

if [ "$USE_CCM" = "yes" ]
then
    echo -n " --enable-ccm" >> $INSTALLSHELL
fi

if [ "$USE_GCM" = "yes" ]
then
    echo -n " --enable-gcm" >> $INSTALLSHELL
fi

if [ "$USE_CMAC" = "yes" ]
then
    echo -n " --enable-cmac" >> $INSTALLSHELL
fi

if [ "$USE_HA" = "yes" ]
then
    echo -n " --enable-ha" >> $INSTALLSHELL
fi

if [ "$USE_AF_ALG" = "yes" ]
then
    echo -n " --enable-af-alg" >> $INSTALLSHELL
fi

if [ "$USE_WHITELIST" = "yes" ]
then
    echo -n " --enable-whitelist" >> $INSTALLSHELL
fi

if [ "$USE_XAUTH_GENERIC" = "yes" ]
then
    echo -n " --enable-xauth-generic" >> $INSTALLSHELL
fi

if [ "$USE_XAUTH_EAP" = "yes" ]
then
    echo -n " --enable-xauth-eap" >> $INSTALLSHELL
fi

if [ "$USE_PKCS8" = "yes" ]
then
    echo -n " --enable-pkcs8" >> $INSTALLSHELL
fi

if [ "$USE_IFMAP" = "yes" ]
then
    echo -n " --enable-tnc-ifmap" >> $INSTALLSHELL
fi

if [ "$USE_CISCO_QUIRKS" = "yes" ]
then
    echo -n " --enable-cisco-quirks" >> $INSTALLSHELL
fi

echo "" >> $INSTALLSHELL
echo "make -j" >> $INSTALLSHELL
echo "make install" >> $INSTALLSHELL
echo "ldconfig" >> $INSTALLSHELL

cecho-n " * Compiling $STRONGSWANVERSION within the root file system as chroot.."
chroot $LOOPDIR /bin/bash /install.sh >> $LOGFILE 2>&1
rm -f $INSTALLSHELL
cgecho "done"

######################################################
# copying default /etc/ipsec.d/tables.sql to the root filesystem
#
cecho " * Copying '$HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql' to the root filesystem"
cp -fp $HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql $LOOPDIR/etc/ipsec.d/tables.sql

######################################################
# copying the host's ssh public key
#

if [ ! -d $LOOPDIR/root/.ssh ]
then
    mkdir $LOOPDIR/root/.ssh
fi
cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys

######################################################
# setup public key based login among all hosts
#
cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa

for host in $STRONGSWANHOSTS
do
    eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
    echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
    echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
done

######################################################
# defining an empty modules.dep
#

if [ $UMLPATCH ]
then
    mkdir $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um
    touch $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um/modules.dep
else
    mkdir $LOOPDIR/lib/modules/$KERNELVERSION
    touch $LOOPDIR/lib/modules/$KERNELVERSION/modules.dep
fi

umount $LOOPDIR