itinstallation script - coffin - secure lan file storage on a device Err parazyd.org 70 hgit clone git://parazyd.org/coffin.git URL:git://parazyd.org/coffin.git parazyd.org 70 1Log /git/coffin/log.gph parazyd.org 70 1Files /git/coffin/files.gph parazyd.org 70 1Refs /git/coffin/refs.gph parazyd.org 70 1Submodules /git/coffin/file/.gitmodules.gph parazyd.org 70 1README /git/coffin/file/README.md.gph parazyd.org 70 1LICENSE /git/coffin/file/LICENSE.gph parazyd.org 70 i--- Err parazyd.org 70 1commit f93af1133909fc68bb6a6d4aa83a219750a197b8 /git/coffin/commit/f93af1133909fc68bb6a6d4aa83a219750a197b8.gph parazyd.org 70 1parent 261391f4c40c528e0ae379dfb7eed32bf99a1e38 /git/coffin/commit/261391f4c40c528e0ae379dfb7eed32bf99a1e38.gph parazyd.org 70 hAuthor: parazyd URL:mailto:parazyd@dyne.org parazyd.org 70 iDate: Tue, 29 Mar 2016 17:00:43 +0200 Err parazyd.org 70 i Err parazyd.org 70 iinstallation script Err parazyd.org 70 i Err parazyd.org 70 iDiffstat: Err parazyd.org 70 i M Makefile | 5 +---- Err parazyd.org 70 i A conf/README | 9 +++++++++ Err parazyd.org 70 i A conf/coffindav.conf | 14 ++++++++++++++ Err parazyd.org 70 i A conf/config.sh | 102 +++++++++++++++++++++++++++++++ Err parazyd.org 70 i A conf/davpass | 3 +++ Err parazyd.org 70 i A conf/webdav.skel | 12 ++++++++++++ Err parazyd.org 70 i Err parazyd.org 70 i6 files changed, 141 insertions(+), 4 deletions(-) Err parazyd.org 70 i--- Err parazyd.org 70 1diff --git a/Makefile b/Makefile /git/coffin/file/Makefile.gph parazyd.org 70 it@@ -1,9 +1,6 @@ Err parazyd.org 70 i all: Err parazyd.org 70 i make -C src/tomb/kdf-keys Err parazyd.org 70 i- @echo Err parazyd.org 70 i- @echo "Stuff compiled. Run `make install` as root to install" Err parazyd.org 70 i- @echo "and configure coffin on this device..." Err parazyd.org 70 i- @echo Err parazyd.org 70 i+ @./conf/config.sh checkdep Err parazyd.org 70 i Err parazyd.org 70 i install: Err parazyd.org 70 i make -C src/tomb install Err parazyd.org 70 1diff --git a/conf/README b/conf/README /git/coffin/file/conf/README.gph parazyd.org 70 it@@ -0,0 +1,9 @@ Err parazyd.org 70 i+To generate a WebDAV login entry by yourself, issue Err parazyd.org 70 i+ Err parazyd.org 70 i+`echo -n "yourUsername:WebDAV:" \ Err parazyd.org 70 i+ && echo -n "yourUsername:WebDAV:yourDavPassword" \ Err parazyd.org 70 i+ | md5sum \ Err parazyd.org 70 i+ | awk '{print $1}'` Err parazyd.org 70 i+ Err parazyd.org 70 i+and add the output to 'davpasswd' which is located in the Err parazyd.org 70 i+apache directory. Or add it now here, before installing. Err parazyd.org 70 1diff --git a/conf/coffindav.conf b/conf/coffindav.conf /git/coffin/file/conf/coffindav.conf.gph parazyd.org 70 it@@ -0,0 +1,14 @@ Err parazyd.org 70 i+ Err parazyd.org 70 i+ Err parazyd.org 70 i+ # Apache2.4 configuration file for coffin's WebDAV Err parazyd.org 70 i+ # Will be additionally filled up after you use it. Err parazyd.org 70 i+ Err parazyd.org 70 i+ ServerAdmin dav@coffin Err parazyd.org 70 i+ DocumentRoot /var/www/html Err parazyd.org 70 i+ Err parazyd.org 70 i+ SSLEngine on Err parazyd.org 70 i+ SSLCertificateFile /etc/ssl/coffin/coffin.pem Err parazyd.org 70 i+ SSLCertificateKeyFile /etc/ssl/coffin/coffin.key Err parazyd.org 70 i+ Err parazyd.org 70 i+ Err parazyd.org 70 i+ Err parazyd.org 70 1diff --git a/conf/config.sh b/conf/config.sh /git/coffin/file/conf/config.sh.gph parazyd.org 70 it@@ -0,0 +1,102 @@ Err parazyd.org 70 i+#!/usr/bin/env zsh Err parazyd.org 70 i+# Err parazyd.org 70 i+# configuration script for coffin. run only through Makefile Err parazyd.org 70 i+# Err parazyd.org 70 i+# ~ parazyd Err parazyd.org 70 i+ Err parazyd.org 70 i+# `make` Err parazyd.org 70 i+[[ $1 == "checkdep" ]] && { Err parazyd.org 70 i+ missing=() Err parazyd.org 70 i+ which apache2 >/dev/null || missing+=(apache) Err parazyd.org 70 i+ which cryptsetup >/dev/null || missing+=(cryptsetup) Err parazyd.org 70 i+ which inotifywatch >/dev/null || missing+=(inotify-tools) Err parazyd.org 70 i+ which wipe >/dev/null || missing+=(wipe) Err parazyd.org 70 i+ which pinentry >/dev/null || missing+=(pinentry) Err parazyd.org 70 i+ which pwgen >/dev/null || missing+=(pwgen) Err parazyd.org 70 i+ which gettext >/dev/null || missing+=(gettext) Err parazyd.org 70 i+ which openssl >/dev/null || missing+=(openssl) Err parazyd.org 70 i+# Optional: Err parazyd.org 70 i+# which haveged || missing+=(haveged) Err parazyd.org 70 i+# which sshfs || missing+=(sshfs) Err parazyd.org 70 i+ (( $#missing == 0 )) || { Err parazyd.org 70 i+ for i in $missing; do Err parazyd.org 70 i+ print "$i is missing." Err parazyd.org 70 i+ done Err parazyd.org 70 i+ print "Please install and retry." Err parazyd.org 70 i+ return 1 Err parazyd.org 70 i+ } Err parazyd.org 70 i+ print "All dependencies solved, run 'make install' as root" Err parazyd.org 70 i+ print "to install and configure coffin on this device." Err parazyd.org 70 i+ return 0 Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i+# `make install` Err parazyd.org 70 i+[[ $1 == "snowman" || $1 == "unsnowman" ]] && { Err parazyd.org 70 i+ [[ $UID = 0 ]] || { Err parazyd.org 70 i+ print "You must run this as root!" Err parazyd.org 70 i+ return 1 Err parazyd.org 70 i+ } Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i+edit-sudo() { Err parazyd.org 70 i+ print "%coffin coffin=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo) Err parazyd.org 70 i+ [[ $? = 0 ]] && print "Added coffin group to sudoers" Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i+# because all cool software has snowmen in them Err parazyd.org 70 i+[[ $1 == "snowman" ]] && { Err parazyd.org 70 i+ pushd `pwd`/conf Err parazyd.org 70 i+ Err parazyd.org 70 i+ # install files Err parazyd.org 70 i+ install -m640 coffindav.conf /etc/apache2/sites-available/ Err parazyd.org 70 i+ install -m600 davpasswd /etc/apache2/ Err parazyd.org 70 i+ Err parazyd.org 70 i+ # ssl Err parazyd.org 70 i+ print "Generating ssl certificate..." Err parazyd.org 70 i+ openssl req -x509 -nodes -days 3650 -newkey rsa:4096 \ Err parazyd.org 70 i+ -keyout coffin.key -out coffin.pem Err parazyd.org 70 i+ [[ $? = 0 ]] || { Err parazyd.org 70 i+ print "Failed generating openssl certificate." Err parazyd.org 70 i+ return 1 Err parazyd.org 70 i+ } Err parazyd.org 70 i+ Err parazyd.org 70 i+ mkdir -p /etc/ssl/coffin Err parazyd.org 70 i+ install -m 444 coffin.pem /etc/ssl/coffin/ Err parazyd.org 70 i+ install -m 400 coffin.key /etc/ssl/coffin/ Err parazyd.org 70 i+ print "Done!" Err parazyd.org 70 i+ Err parazyd.org 70 i+ # Apache Err parazyd.org 70 i+ apachemods=(dav dav_fs dav_lock ssl) Err parazyd.org 70 i+ print "Enabling Apache modules..." Err parazyd.org 70 i+ for i in $apachemods; do Err parazyd.org 70 i+ a2enmod $i Err parazyd.org 70 i+ done Err parazyd.org 70 i+ Err parazyd.org 70 i+ a2ensite coffindav.conf Err parazyd.org 70 i+ Err parazyd.org 70 i+ print "Creating coffin group..." Err parazyd.org 70 i+ groupadd coffin && print "Done!" Err parazyd.org 70 i+ Err parazyd.org 70 i+ /etc/init.d/apache2 restart Err parazyd.org 70 i+ [[ -f /etc/init.d/ssh ]] && { /etc/init.d/ssh start } Err parazyd.org 70 i+ Err parazyd.org 70 i+ edit-sudo Err parazyd.org 70 i+ Err parazyd.org 70 i+ # TODO: add initscript Err parazyd.org 70 i+ Err parazyd.org 70 i+ print "Successfully installed and configured coffin!" Err parazyd.org 70 i+ Err parazyd.org 70 i+ print "######################################" Err parazyd.org 70 i+ fprint=`openssl x509 -noout -in coffin.pem -fingerprint \ Err parazyd.org 70 i+ awk -F\= '{print $2}'` Err parazyd.org 70 i+ print "The fingerptint of your SSL certificate is: $fprint" Err parazyd.org 70 i+ print "Compare it and/or set is as trusted when you connect to coffin." Err parazyd.org 70 i+ print "######################################" Err parazyd.org 70 i+ Err parazyd.org 70 i+ popd Err parazyd.org 70 i+} Err parazyd.org 70 i+ Err parazyd.org 70 i+[[ $1 == "unsnowman" ]] && { Err parazyd.org 70 i+ print "Uninstalling coffin. Why? Why? Why?" Err parazyd.org 70 i+ print "*cries*\n" Err parazyd.org 70 i+} Err parazyd.org 70 1diff --git a/conf/davpass b/conf/davpass /git/coffin/file/conf/davpass.gph parazyd.org 70 it@@ -0,0 +1,3 @@ Err parazyd.org 70 i+# This is the htpasswd file of coffin. It will be filled Err parazyd.org 70 i+# by usage, or you can fill it up manually. See the README Err parazyd.org 70 i+# for more info. Err parazyd.org 70 1diff --git a/conf/webdav.skel b/conf/webdav.skel /git/coffin/file/conf/webdav.skel.gph parazyd.org 70 it@@ -0,0 +1,12 @@ Err parazyd.org 70 i+# Add this to /etc/apache2/sites-enabled/coffindav.conf Err parazyd.org 70 i+ Err parazyd.org 70 i+alias /yourTombName /media/yourTombName Err parazyd.org 70 i+ Err parazyd.org 70 i+ Dav On Err parazyd.org 70 i+ AllowOverride none Err parazyd.org 70 i+ Options Indexes FollowSymlinks Err parazyd.org 70 i+ AuthType Digest Err parazyd.org 70 i+ AuthName WebDAV Err parazyd.org 70 i+ AuthUserFile /etc/apache2/davpasswd Err parazyd.org 70 i+ Require user yourCoffinUsername Err parazyd.org 70 i+ Err parazyd.org 70 .