ittomb makefile mods, uninstall fn, fixes - coffin - secure lan file storage on a device Err parazyd.org 70 hgit clone git://parazyd.org/coffin.git URL:git://parazyd.org/coffin.git parazyd.org 70 1Log /git/coffin/log.gph parazyd.org 70 1Files /git/coffin/files.gph parazyd.org 70 1Refs /git/coffin/refs.gph parazyd.org 70 1Submodules /git/coffin/file/.gitmodules.gph parazyd.org 70 1README /git/coffin/file/README.md.gph parazyd.org 70 1LICENSE /git/coffin/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit 1c14dae88f3588d768af3fa52c35d275cc3f5e56 /git/coffin/commit/1c14dae88f3588d768af3fa52c35d275cc3f5e56.gph parazyd.org 70 1parent b51b18dfcb05b9a27dcf56a8e6d7e319da794d0c /git/coffin/commit/b51b18dfcb05b9a27dcf56a8e6d7e319da794d0c.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Tue, 29 Mar 2016 21:21:40 +0200 Err parazyd.org 70 i Err parazyd.org 70 ittomb makefile mods, uninstall fn, fixes Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M .gitignore | 1 + Err parazyd.org 70 i M README.md | 4 ++-- Err parazyd.org 70 i M conf/config.sh | 67 ++++++++++++++++++++++++------- Err parazyd.org 70 i R conf/davpass -> conf/davpasswd | 0 Err parazyd.org 70 i M src/sacrist | 2 +- Err parazyd.org 70 i M src/tomb/Makefile | 7 +++---- Err parazyd.org 70 i M src/tomb/kdf-keys/Makefile | 13 +++++++------ Err parazyd.org 70 i Err parazyd.org 70 i7 files changed, 66 insertions(+), 28 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/.gitignore b/.gitignore /git/coffin/file/.gitignore.gph parazyd.org 70 it@@ -1,2 +1,3 @@ Err parazyd.org 70 i NOTES.md Err parazyd.org 70 i .*.swp Err parazyd.org 70 i+test/* Err parazyd.org 70 1diff --git a/README.md b/README.md /git/coffin/file/README.md.gph parazyd.org 70 it@@ -15,8 +15,8 @@ files are once again unreadable. Err parazyd.org 70 i Install the needed dependencies, some from the following list may vary Err parazyd.org 70 i depending on the distro you are using: Err parazyd.org 70 i ``` Err parazyd.org 70 i-zsh cryptsetup libgcrypt20-dev apache2 wipe sshfs inotify-tools Err parazyd.org 70 i-pinentry-curses pwgen gettext haveged sudo Err parazyd.org 70 i+# zsh cryptsetup libgcrypt20-dev apache2 wipe sshfs inotify-tools Err parazyd.org 70 i+pinentry-curses pwgen gettext haveged sudo Err parazyd.org 70 i ``` Err parazyd.org 70 i Err parazyd.org 70 i Clone this repository to the device you will be using. Err parazyd.org 70 1diff --git a/conf/config.sh b/conf/config.sh /git/coffin/file/conf/config.sh.gph parazyd.org 70 it@@ -39,16 +39,22 @@ Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i edit-sudo() { Err parazyd.org 70 i- print "%coffin coffin=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo) Err parazyd.org 70 i- [[ $? = 0 ]] && print "Added coffin group to sudoers" Err parazyd.org 70 i+ if [[ $1 == "add" ]]; then Err parazyd.org 70 i+ print "%coffin `hostname`=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo) Err parazyd.org 70 i+ [[ $? = 0 ]] && print "Added coffin group to sudoers" Err parazyd.org 70 i+ elif [[ $1 == "remove" ]]; then Err parazyd.org 70 i+ tmp=`sed '/^%coffin / d' /etc/sudoers` Err parazyd.org 70 i+ print $tmp | (EDITOR="tee" visudo) Err parazyd.org 70 i+ [[ $? = 0 ]] && print "Removed coffin group from sudoers" Err parazyd.org 70 i+ fi Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i # because all cool software has snowmen in them Err parazyd.org 70 i [[ $1 == "snowman" ]] && { Err parazyd.org 70 i pushd `pwd`/conf Err parazyd.org 70 i Err parazyd.org 70 i- print "Creating coffin group..." Err parazyd.org 70 i- groupadd coffin && print "Done!" Err parazyd.org 70 i+ groupadd coffin && print "created coffin group" Err parazyd.org 70 i+ gpasswd -a www-data coffin && print "added www-data to coffin group" Err parazyd.org 70 i Err parazyd.org 70 i # ssl Err parazyd.org 70 i print "Generating ssl certificate..." Err parazyd.org 70 it@@ -59,16 +65,18 @@ edit-sudo() { Err parazyd.org 70 i return 1 Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i- install -m 640 -d /etc/ssl/coffin Err parazyd.org 70 i- install -m 440 coffin.pem /etc/ssl/coffin/ Err parazyd.org 70 i- install -m 400 coffin.key /etc/ssl/coffin/ Err parazyd.org 70 i+ install -Dm640 -d /etc/ssl/coffin Err parazyd.org 70 i+ install -Dm440 coffin.pem /etc/ssl/coffin/ Err parazyd.org 70 i+ install -Dm400 coffin.key /etc/ssl/coffin/ Err parazyd.org 70 i print "Done!" Err parazyd.org 70 i Err parazyd.org 70 i # Apache Err parazyd.org 70 i- install -m 774 -g www-data -d /etc/apache2/DAV Err parazyd.org 70 i- print "DAVLockDB /etc/apache2/DAV/DAVLock" >> /etc/apache2/apache2.conf Err parazyd.org 70 i- install -m 600 davpasswd /etc/apache2/DAV/ Err parazyd.org 70 i- install -m 640 coffindav.conf /etc/apache2/sites-available/ Err parazyd.org 70 i+ install -Dm774 -g www-data -d /etc/apache2/DAV Err parazyd.org 70 i+ [[ `grep '^DAVLockDB ' /etc/apache2/apache2.conf` ]] || { Err parazyd.org 70 i+ print "DAVLockDB /etc/apache2/DAV/DAVLock" >> /etc/apache2/apache2.conf Err parazyd.org 70 i+ } Err parazyd.org 70 i+ install -Dm600 davpasswd /etc/apache2/DAV/ Err parazyd.org 70 i+ install -Dm640 coffindav.conf /etc/apache2/sites-available/ Err parazyd.org 70 i Err parazyd.org 70 i apachemods=(dav dav_fs dav_lock ssl) Err parazyd.org 70 i print "Enabling Apache modules..." Err parazyd.org 70 it@@ -76,13 +84,15 @@ edit-sudo() { Err parazyd.org 70 i a2enmod $i Err parazyd.org 70 i done Err parazyd.org 70 i Err parazyd.org 70 i- a2ensite coffindav.conf Err parazyd.org 70 i+ # [[ -f /etc/apache2/sites-enabled/000-default.conf ]] && a2dissite 000-default.conf Err parazyd.org 70 i+ [[ -f /etc/apache2/sites-enabled/coffindav.conf ]] || a2ensite coffindav.conf Err parazyd.org 70 i+ Err parazyd.org 70 i /etc/init.d/apache2 restart Err parazyd.org 70 i [[ -f /etc/init.d/ssh ]] && { /etc/init.d/ssh start } Err parazyd.org 70 i Err parazyd.org 70 i- edit-sudo Err parazyd.org 70 i+ edit-sudo add Err parazyd.org 70 i Err parazyd.org 70 i- install -m 770 -g coffin -d /home/graveyard Err parazyd.org 70 i+ install -Dm770 -g coffin -d /home/graveyard Err parazyd.org 70 i Err parazyd.org 70 i # TODO: add initscript Err parazyd.org 70 i Err parazyd.org 70 it@@ -90,7 +100,7 @@ edit-sudo() { Err parazyd.org 70 i Err parazyd.org 70 i print "######################################" Err parazyd.org 70 i fprint=`openssl x509 -noout -in coffin.pem -fingerprint \ Err parazyd.org 70 i- awk -F\= '{print $2}'` Err parazyd.org 70 i+ | awk -F\= '{print $2}'` Err parazyd.org 70 i print "The fingerptint of your SSL certificate is: $fprint" Err parazyd.org 70 i print "Compare it and/or set is as trusted when you connect to coffin." Err parazyd.org 70 i print "######################################" Err parazyd.org 70 it@@ -98,7 +108,34 @@ edit-sudo() { Err parazyd.org 70 i popd Err parazyd.org 70 i } Err parazyd.org 70 i Err parazyd.org 70 i+# `make uninstall` Err parazyd.org 70 i [[ $1 == "unsnowman" ]] && { Err parazyd.org 70 i print "Uninstalling coffin. Why? Why? Why?" Err parazyd.org 70 i print "*cries*\n" Err parazyd.org 70 i+ Err parazyd.org 70 i+ # /etc/init.d/coffin stop Err parazyd.org 70 i+ Err parazyd.org 70 i+ # uncomment if you wish to revert apache Err parazyd.org 70 i+ #revert=1 Err parazyd.org 70 i+ [[ $revert = 0 ]] || { Err parazyd.org 70 i+ a2dissite coffindav.conf Err parazyd.org 70 i+ a2ensite 000-default.conf Err parazyd.org 70 i+ rm -rv /home/graveyard/DAV Err parazyd.org 70 i+ rm -v /etc/apache2/sites-available/coffindav.conf Err parazyd.org 70 i+ Err parazyd.org 70 i+ /etc/init.d/apache2 restart Err parazyd.org 70 i+ } Err parazyd.org 70 i+ sed -i '/^DAVLockDB / d' /etc/apache2/apache2.conf Err parazyd.org 70 i+ [[ $? = 0 ]] && print "removed entry from apache2.conf" Err parazyd.org 70 i+ Err parazyd.org 70 i+ # groupdel coffin Err parazyd.org 70 i+ edit-sudo remove Err parazyd.org 70 i+ Err parazyd.org 70 i+ # rm -v /etc/init.d/coffin Err parazyd.org 70 i+ rm -rv /etc/ssl/coffin Err parazyd.org 70 i+ rm -v ../src/tomb-kdb-hexencode Err parazyd.org 70 i+ rm -v ../src/tomb-kdb-pbkdf2 Err parazyd.org 70 i+ rm -v ../src/tomb-kdb-pbkdf2-gensalt Err parazyd.org 70 i+ rm -v ../src/tomb-kdb-pbkdf2-getiter Err parazyd.org 70 i+ rm -v ../src/tomb Err parazyd.org 70 i } Err parazyd.org 70 1diff --git a/conf/davpass b/conf/davpasswd /git/coffin/file/conf/davpasswd.gph parazyd.org 70 1diff --git a/src/sacrist b/src/sacrist /git/coffin/file/src/sacrist.gph parazyd.org 70 it@@ -54,7 +54,7 @@ KEYMOUNT="${KEYMOUNT:-/media/tombkey}" # Directory where keys get mounted Err parazyd.org 70 i COFFINDOT="$KEYMOUNT/.coffin" # .coffin directory on the usb key Err parazyd.org 70 i TTAB="$COFFINDOT/ttab" # Our ttab Err parazyd.org 70 i HOOKS="$COFFINDOT/hook" Err parazyd.org 70 i-TOMB="${TOMB:-/usr/local/bin/tomb}" Err parazyd.org 70 i+TOMB="$R/src/tomb/tomb" Err parazyd.org 70 i Err parazyd.org 70 i # Main Err parazyd.org 70 i req=(happenz device) Err parazyd.org 70 1diff --git a/src/tomb/Makefile b/src/tomb/Makefile /git/coffin/file/src/tomb/Makefile.gph parazyd.org 70 it@@ -1,6 +1,6 @@ Err parazyd.org 70 i PROG = tomb Err parazyd.org 70 i-PREFIX ?= /usr/local Err parazyd.org 70 i-MANDIR ?= ${PREFIX}/share/man Err parazyd.org 70 i+PREFIX = ../ Err parazyd.org 70 i+REALPREFIX = $(realpath $(PREFIX)) Err parazyd.org 70 i Err parazyd.org 70 i all: Err parazyd.org 70 i @echo Err parazyd.org 70 it@@ -13,8 +13,7 @@ all: Err parazyd.org 70 i @echo Err parazyd.org 70 i Err parazyd.org 70 i install: Err parazyd.org 70 i- install -Dm755 ${PROG} ${DESTDIR}${PREFIX}/bin/${PROG} Err parazyd.org 70 i- install -Dm644 doc/${PROG}.1 ${DESTDIR}${MANDIR}/man1/${PROG}.1 Err parazyd.org 70 i+ install -Dm755 ${PROG} ${REALPREFIX}/${PROG} Err parazyd.org 70 i @echo Err parazyd.org 70 i @echo "Tomb is installed succesfully. To install language translations, make sure" Err parazyd.org 70 i @echo "gettext is also installed, then 'cd extras/translations' and 'make install' there." Err parazyd.org 70 1diff --git a/src/tomb/kdf-keys/Makefile b/src/tomb/kdf-keys/Makefile /git/coffin/file/src/tomb/kdf-keys/Makefile.gph parazyd.org 70 it@@ -1,5 +1,6 @@ Err parazyd.org 70 i Err parazyd.org 70 i-PREFIX ?= /usr/local Err parazyd.org 70 i+PREFIX ?= ../../ Err parazyd.org 70 i+REALPREFIX = $(realpath $(PREFIX)) Err parazyd.org 70 i Err parazyd.org 70 i all: Err parazyd.org 70 i $(CC) -O2 -o tomb-kdb-pbkdf2 pbkdf2.c -lgcrypt Err parazyd.org 70 it@@ -11,8 +12,8 @@ clean: Err parazyd.org 70 i rm -f tomb-kdb-pbkdf2 tomb-kdb-pbkdf2-getiter tomb-kdb-pbkdf2-gensalt tomb-kdb-hexencode Err parazyd.org 70 i Err parazyd.org 70 i install: Err parazyd.org 70 i- install -Dm755 tomb-kdb-pbkdf2 ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2 Err parazyd.org 70 i- install -Dm755 tomb-kdb-pbkdf2-getiter ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-getiter Err parazyd.org 70 i- install -Dm755 tomb-kdb-pbkdf2-gensalt ${DESTDIR}${PREFIX}/bin/tomb-kdb-pbkdf2-gensalt Err parazyd.org 70 i- install -Dm755 tomb-kdb-hexencode ${DESTDIR}${PREFIX}/bin/tomb-kdb-hexencode Err parazyd.org 70 i- @echo "Tomb-kdb auxiliary binaries installed in ${DESTDIR}${PREFIX}/bin" Err parazyd.org 70 i+ install -Dm755 tomb-kdb-pbkdf2 ${REALPREFIX}/tomb-kdb-pbkdf2 Err parazyd.org 70 i+ install -Dm755 tomb-kdb-pbkdf2-getiter ${REALPREFIX}/tomb-kdb-pbkdf2-getiter Err parazyd.org 70 i+ install -Dm755 tomb-kdb-pbkdf2-gensalt ${REALPREFIX}/tomb-kdb-pbkdf2-gensalt Err parazyd.org 70 i+ install -Dm755 tomb-kdb-hexencode ${REALPREFIX}/tomb-kdb-hexencode Err parazyd.org 70 i+ @echo "Tomb-kdb auxiliary binaries installed in ${REALPREFIX}" Err parazyd.org 70 .