2006-04-28 07:14:48 +00:00
|
|
|
#!/bin/bash
|
|
|
|
# Create UML root filesystem
|
|
|
|
#
|
|
|
|
# Copyright (C) 2004 Eric Marchionni, Patrik Rayo
|
|
|
|
# Zuercher Hochschule Winterthur
|
|
|
|
#
|
|
|
|
# This program is free software; you can redistribute it and/or modify it
|
|
|
|
# under the terms of the GNU General Public License as published by the
|
|
|
|
# Free Software Foundation; either version 2 of the License, or (at your
|
|
|
|
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
|
|
|
|
#
|
|
|
|
# This program is distributed in the hope that it will be useful, but
|
|
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
|
|
|
|
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
|
|
# for more details.
|
|
|
|
|
|
|
|
DIR=`dirname $0`
|
|
|
|
|
|
|
|
source $DIR/function.sh
|
|
|
|
|
|
|
|
[ -f $DIR/../testing.conf ] || die "!! Configuration file 'testing.conf' not found"
|
|
|
|
|
|
|
|
source $DIR/../testing.conf
|
|
|
|
|
|
|
|
STRONGSWANVERSION=`basename $STRONGSWAN .tar.bz2`
|
|
|
|
|
|
|
|
cecho-n " * Looking for strongSwan at '$STRONGSWAN'.."
|
|
|
|
if [ -f "$STRONGSWAN" ]
|
|
|
|
then
|
|
|
|
cecho "found it"
|
|
|
|
cecho " * strongSwan version is '$STRONGSWANVERSION'"
|
|
|
|
else
|
|
|
|
cecho "none"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
cecho-n " * Looking for gentoo root filesystem at '$ROOTFS'.."
|
|
|
|
if [ -f "$ROOTFS" ]
|
|
|
|
then
|
|
|
|
cecho "found it"
|
|
|
|
else
|
|
|
|
cecho "none"
|
|
|
|
exit
|
|
|
|
fi
|
|
|
|
|
|
|
|
[ -d $BUILDDIR ] || die "!! Directory '$BUILDDIR' does not exist"
|
|
|
|
|
|
|
|
HOSTCONFIGDIR=$BUILDDIR/hosts
|
|
|
|
|
|
|
|
[ -d $HOSTCONFIGDIR ] || die "!! Directory '$HOSTCONFIGDIR' does not exist"
|
|
|
|
|
|
|
|
LOGFILE=$BUILDDIR/testing.log
|
|
|
|
|
|
|
|
if [ ! -f $LOGFILE ]
|
|
|
|
then
|
|
|
|
cecho-n " * Logfile '$LOGFILE' does not exist..creating.."
|
|
|
|
touch $LOGFILE
|
2007-08-03 10:58:45 +00:00
|
|
|
cgecho "done"
|
2006-04-28 07:14:48 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
ROOTFSDIR=$BUILDDIR/root-fs
|
|
|
|
|
|
|
|
if [ ! -d $ROOTFSDIR ]
|
|
|
|
then
|
|
|
|
cecho-n " * Root file system directory '$ROOTFSDIR' does not exist..creating.."
|
|
|
|
mkdir $ROOTFSDIR
|
2007-08-03 10:58:45 +00:00
|
|
|
cgecho "done"
|
2006-04-28 07:14:48 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
cd $ROOTFSDIR
|
|
|
|
|
|
|
|
LOOPDIR=$ROOTFSDIR/loop
|
|
|
|
|
|
|
|
if [ ! -d $LOOPDIR ]
|
|
|
|
then
|
|
|
|
mkdir $LOOPDIR
|
|
|
|
fi
|
|
|
|
|
|
|
|
######################################################
|
|
|
|
# creating reiser-based uml root filesystem
|
|
|
|
#
|
|
|
|
|
|
|
|
cecho-n " * Building basic root filesystem (gentoo).."
|
|
|
|
dd if=/dev/zero of=gentoo-fs count=$ROOTFSSIZE bs=1M >> $LOGFILE 2>&1
|
|
|
|
mkreiserfs -q -f gentoo-fs >> $LOGFILE 2>&1
|
|
|
|
mount -o loop gentoo-fs $LOOPDIR >> $LOGFILE 2>&1
|
|
|
|
tar xjpf $ROOTFS -C $LOOPDIR >> $LOGFILE 2>&1
|
2007-08-03 10:58:45 +00:00
|
|
|
cgecho "done"
|
2006-04-28 07:14:48 +00:00
|
|
|
|
2007-03-15 15:00:51 +00:00
|
|
|
######################################################
|
|
|
|
# remove /etc/resolv.conf
|
|
|
|
#
|
|
|
|
cecho " * Removing /etc/resolv.conf"
|
|
|
|
rm -f $LOOPDIR/etc/resolv.conf
|
|
|
|
|
2006-04-28 07:14:48 +00:00
|
|
|
######################################################
|
|
|
|
# copying default /etc/hosts to the root filesystem
|
|
|
|
#
|
|
|
|
cecho " * Copying '$HOSTCONFIGDIR/default/etc/hosts' to the root filesystem"
|
|
|
|
cp -fp $HOSTCONFIGDIR/default/etc/hosts $LOOPDIR/etc/hosts
|
|
|
|
|
|
|
|
#####################################################
|
|
|
|
# extracting strongSwan into the root filesystem
|
|
|
|
#
|
|
|
|
cecho " * Extracting strongSwan into the root filesystem"
|
|
|
|
tar xjf $STRONGSWAN -C $LOOPDIR/root >> $LOGFILE 2>&1
|
|
|
|
|
2007-04-04 05:29:20 +00:00
|
|
|
######################################################
|
|
|
|
# setting up mountpoint for shared source tree
|
|
|
|
#
|
|
|
|
if [ "${SHAREDTREE+set}" = "set" ]; then
|
|
|
|
cecho " * setting up shared strongswan tree at '$SHAREDTREE'"
|
|
|
|
mkdir $LOOPDIR/root/strongswan-shared
|
|
|
|
echo "" >> $LOOPDIR/etc/fstab
|
|
|
|
echo "none /root/strongswan-shared hostfs $SHAREDTREE" >> $LOOPDIR/etc/fstab
|
|
|
|
fi
|
|
|
|
|
2006-04-28 07:14:48 +00:00
|
|
|
######################################################
|
|
|
|
# installing strongSwan and setting the local timezone
|
|
|
|
#
|
|
|
|
|
|
|
|
INSTALLSHELL=${LOOPDIR}/install.sh
|
|
|
|
|
|
|
|
cecho " * Preparing strongSwan installation script"
|
|
|
|
echo "ln -sf /usr/share/zoneinfo/${TZUML} /etc/localtime" >> $INSTALLSHELL
|
|
|
|
|
2006-05-17 14:24:18 +00:00
|
|
|
echo "cd /root/${STRONGSWANVERSION}" >> $INSTALLSHELL
|
|
|
|
echo -n "./configure --sysconfdir=/etc" >> $INSTALLSHELL
|
|
|
|
echo -n " --with-random-device=/dev/urandom" >> $INSTALLSHELL
|
2010-08-04 05:47:08 +00:00
|
|
|
echo -n " --disable-load-warning" >> $INSTALLSHELL
|
2007-10-02 19:10:24 +00:00
|
|
|
|
2006-04-28 07:14:48 +00:00
|
|
|
if [ "$USE_LIBCURL" = "yes" ]
|
|
|
|
then
|
2008-03-29 19:33:02 +00:00
|
|
|
echo -n " --enable-curl" >> $INSTALLSHELL
|
2006-04-28 07:14:48 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_LDAP" = "yes" ]
|
|
|
|
then
|
2007-04-04 05:26:21 +00:00
|
|
|
echo -n " --enable-ldap" >> $INSTALLSHELL
|
2006-04-28 07:14:48 +00:00
|
|
|
fi
|
2006-07-03 08:36:47 +00:00
|
|
|
|
2007-12-19 00:47:56 +00:00
|
|
|
if [ "$USE_EAP_AKA" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-aka" >> $INSTALLSHELL
|
2009-10-15 13:22:48 +00:00
|
|
|
echo -n " --enable-eap-aka-3gpp2" >> $INSTALLSHELL
|
2007-12-19 00:47:56 +00:00
|
|
|
fi
|
|
|
|
|
2008-02-14 21:25:38 +00:00
|
|
|
if [ "$USE_EAP_SIM" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-sim" >> $INSTALLSHELL
|
2008-10-13 22:54:09 +00:00
|
|
|
echo -n " --enable-eap-sim-file" >> $INSTALLSHELL
|
2009-02-19 22:02:28 +00:00
|
|
|
fi
|
2008-02-14 21:25:38 +00:00
|
|
|
|
2008-05-28 14:13:40 +00:00
|
|
|
if [ "$USE_EAP_MD5" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-md5" >> $INSTALLSHELL
|
2009-02-19 22:02:28 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_EAP_MSCHAPV2" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-md4" >> $INSTALLSHELL
|
|
|
|
echo -n " --enable-eap-mschapv2" >> $INSTALLSHELL
|
|
|
|
fi
|
2008-05-28 14:13:40 +00:00
|
|
|
|
2008-08-26 19:17:14 +00:00
|
|
|
if [ "$USE_EAP_IDENTITY" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-identity" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2009-03-25 07:26:53 +00:00
|
|
|
if [ "$USE_EAP_RADIUS" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-radius" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-08-04 05:47:08 +00:00
|
|
|
if [ "$USE_EAP_TLS" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-tls" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-08-14 19:40:05 +00:00
|
|
|
if [ "$USE_EAP_TTLS" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-ttls" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-04-06 12:42:02 +00:00
|
|
|
if [ "$USE_EAP_PEAP" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-peap" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-08-30 13:36:24 +00:00
|
|
|
if [ "$USE_EAP_TNC" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-eap-tnc" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-10-07 21:31:23 +00:00
|
|
|
if [ "$USE_TNC_IMC" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-tnc-imc" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_TNC_IMV" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-tnc-imv" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-09-28 21:34:04 +00:00
|
|
|
if [ "$USE_TNCCS_11" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-tnccs-11" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-01-31 04:47:05 +00:00
|
|
|
if [ "$USE_TNCCS_20" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-tnccs-20" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_TNCCS_DYNAMIC" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-tnccs-dynamic" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-05-30 19:31:50 +00:00
|
|
|
if [ "$USE_IMC_TEST" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-imc-test" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_IMV_TEST" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-imv-test" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2008-04-06 12:05:42 +00:00
|
|
|
if [ "$USE_SQL" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-sql --enable-sqlite" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2008-03-29 19:33:02 +00:00
|
|
|
if [ "$USE_MEDIATION" = "yes" ]
|
2007-11-26 00:29:52 +00:00
|
|
|
then
|
2008-03-27 12:31:35 +00:00
|
|
|
echo -n " --enable-mediation" >> $INSTALLSHELL
|
2007-11-26 00:29:52 +00:00
|
|
|
fi
|
2008-05-28 14:13:40 +00:00
|
|
|
|
|
|
|
if [ "$USE_OPENSSL" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-openssl" >> $INSTALLSHELL
|
|
|
|
fi
|
2008-10-13 00:09:44 +00:00
|
|
|
|
2009-05-14 23:28:48 +00:00
|
|
|
if [ "$USE_BLOWFISH" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-blowfish" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2008-10-13 00:09:44 +00:00
|
|
|
if [ "$USE_KERNEL_PFKEY" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-kernel-pfkey" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2008-03-29 19:33:02 +00:00
|
|
|
if [ "$USE_INTEGRITY_TEST" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-integrity-test" >> $INSTALLSHELL
|
|
|
|
fi
|
2008-04-06 12:05:42 +00:00
|
|
|
|
2006-07-03 08:36:47 +00:00
|
|
|
if [ "$USE_LEAK_DETECTIVE" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-leak-detective" >> $INSTALLSHELL
|
|
|
|
fi
|
2007-11-26 00:29:52 +00:00
|
|
|
|
2010-05-02 09:47:24 +00:00
|
|
|
if [ "$USE_LOAD_TESTER" = "yes" ]
|
2009-02-19 22:02:28 +00:00
|
|
|
then
|
2010-05-02 09:47:24 +00:00
|
|
|
echo -n " --enable-load-tester" >> $INSTALLSHELL
|
2009-02-19 22:02:28 +00:00
|
|
|
fi
|
|
|
|
|
2009-06-16 16:05:59 +00:00
|
|
|
if [ "$USE_TEST_VECTORS" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-test-vectors" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_GCRYPT" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-gcrypt" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-03-11 20:53:18 +00:00
|
|
|
if [ "$USE_SOCKET_DEFAULT" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-socket-default" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-05-02 09:47:24 +00:00
|
|
|
if [ "$USE_SOCKET_DYNAMIC" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-socket-dynamic" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-03-28 20:40:20 +00:00
|
|
|
if [ "$USE_DHCP" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-dhcp" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_FARP" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-farp" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-07-13 19:04:20 +00:00
|
|
|
if [ "$USE_ADDRBLOCK" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-addrblock" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-08-14 19:40:05 +00:00
|
|
|
if [ "$USE_CTR" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-ctr" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-08-20 10:47:15 +00:00
|
|
|
if [ "$USE_CCM" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-ccm" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$USE_GCM" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-gcm" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2010-11-20 20:52:40 +00:00
|
|
|
if [ "$USE_HA" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-ha" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-03-17 21:53:09 +00:00
|
|
|
if [ "$USE_AF_ALG" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-af-alg" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-05-12 19:11:01 +00:00
|
|
|
if [ "$USE_WHITELIST" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-whitelist" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2011-01-31 04:47:05 +00:00
|
|
|
if [ "$USE_CISCO_QUIRKS" = "yes" ]
|
|
|
|
then
|
|
|
|
echo -n " --enable-cisco-quirks" >> $INSTALLSHELL
|
|
|
|
fi
|
|
|
|
|
2006-05-17 14:24:18 +00:00
|
|
|
echo "" >> $INSTALLSHELL
|
2010-08-03 14:34:47 +00:00
|
|
|
echo "make -j" >> $INSTALLSHELL
|
2006-04-28 07:14:48 +00:00
|
|
|
echo "make install" >> $INSTALLSHELL
|
2006-05-04 07:55:42 +00:00
|
|
|
echo "ldconfig" >> $INSTALLSHELL
|
2006-04-28 07:14:48 +00:00
|
|
|
|
|
|
|
cecho-n " * Compiling $STRONGSWANVERSION within the root file system as chroot.."
|
|
|
|
chroot $LOOPDIR /bin/bash /install.sh >> $LOGFILE 2>&1
|
2007-04-04 05:29:20 +00:00
|
|
|
rm -f $INSTALLSHELL
|
2007-08-03 10:58:45 +00:00
|
|
|
cgecho "done"
|
2007-04-04 05:29:20 +00:00
|
|
|
|
2008-06-05 07:25:27 +00:00
|
|
|
######################################################
|
|
|
|
# copying default /etc/ipsec.d/tables.sql to the root filesystem
|
|
|
|
#
|
|
|
|
cecho " * Copying '$HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql' to the root filesystem"
|
|
|
|
cp -fp $HOSTCONFIGDIR/default/etc/ipsec.d/tables.sql $LOOPDIR/etc/ipsec.d/tables.sql
|
|
|
|
|
2006-04-28 07:14:48 +00:00
|
|
|
######################################################
|
|
|
|
# copying the host's ssh public key
|
|
|
|
#
|
|
|
|
|
|
|
|
if [ ! -d $LOOPDIR/root/.ssh ]
|
|
|
|
then
|
|
|
|
mkdir $LOOPDIR/root/.ssh
|
|
|
|
fi
|
|
|
|
cp ~/.ssh/id_rsa.pub $LOOPDIR/root/.ssh/authorized_keys
|
|
|
|
|
|
|
|
######################################################
|
|
|
|
# setup public key based login among all hosts
|
|
|
|
#
|
|
|
|
cp $LOOPDIR/etc/ssh/ssh_host_rsa_key $LOOPDIR/root/.ssh/id_rsa
|
|
|
|
|
|
|
|
for host in $STRONGSWANHOSTS
|
|
|
|
do
|
2006-06-06 05:41:21 +00:00
|
|
|
eval ip="`echo $HOSTNAMEIPV4 | sed -n -e "s/^.*${host},//gp" | awk -F- '{ print $1 }' | awk '{ print $1 }'`"
|
2006-04-28 07:14:48 +00:00
|
|
|
echo "$host,$ip `cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub`" >> $LOOPDIR/root/.ssh/known_hosts
|
|
|
|
echo "`cat $HOSTCONFIGDIR/ssh_host_rsa_key.pub` root@$host" >> $LOOPDIR/root/.ssh/authorized_keys
|
|
|
|
done
|
|
|
|
|
|
|
|
######################################################
|
|
|
|
# defining an empty modules.dep
|
|
|
|
#
|
|
|
|
|
|
|
|
if [ $UMLPATCH ]
|
|
|
|
then
|
|
|
|
mkdir $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um
|
|
|
|
touch $LOOPDIR/lib/modules/`basename $UMLPATCH .bz2 | sed s/uml-patch-//`um/modules.dep
|
|
|
|
else
|
|
|
|
mkdir $LOOPDIR/lib/modules/$KERNELVERSION
|
|
|
|
touch $LOOPDIR/lib/modules/$KERNELVERSION/modules.dep
|
|
|
|
fi
|
|
|
|
|
|
|
|
umount $LOOPDIR
|