From b2cbe7b7e6e98a09e80ccd09dd401ad3758a9faf Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Sun, 29 Jan 2017 22:58:35 -0500 Subject: [PATCH 01/16] Re-add LED files It turns out that some users were still using the LED functionality. Adding it back. --- diode_controller/Makefile | 2 + diode_controller/led.c | 81 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 83 insertions(+) create mode 100644 diode_controller/Makefile create mode 100644 diode_controller/led.c diff --git a/diode_controller/Makefile b/diode_controller/Makefile new file mode 100644 index 0000000..da190d5 --- /dev/null +++ b/diode_controller/Makefile @@ -0,0 +1,2 @@ +led: led.c + gcc -ggdb -o led led.c diff --git a/diode_controller/led.c b/diode_controller/led.c new file mode 100644 index 0000000..67f7342 --- /dev/null +++ b/diode_controller/led.c @@ -0,0 +1,81 @@ +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/* GPIO registers address */ +#define BCM2708_PERI_BASE 0x20000000 +#define GPIO_BASE (BCM2708_PERI_BASE + 0x200000) /* GPIO controller */ +#define BLOCK_SIZE (256) + +/* GPIO setup macros. Always use GPIO_IN(x) before using GPIO_OUT(x) or GPIO_ALT(x,y) */ +#define GPIO_IN(g) *(gpio+((g)/10)) &= ~(7<<(((g)%10)*3)) +#define GPIO_OUT(g) *(gpio+((g)/10)) |= (1<<(((g)%10)*3)) +#define GPIO_ALT(g,a) *(gpio+(((g)/10))) |= (((a)<=3?(a)+4:(a)==4?3:2)<<(((g)%10)*3)) + +#define GPIO_SET(g) *(gpio+7) = 1<<(g) /* sets bit which are 1, ignores bit which are 0 */ +#define GPIO_CLR(g) *(gpio+10) = 1<<(g) /* clears bit which are 1, ignores bit which are 0 */ +#define GPIO_LEV(g) (*(gpio+13) >> (g)) & 0x00000001 + + + +#define GPIO_4 4 + +int mem_fd; +void *gpio_map; +volatile uint32_t *gpio; + +int main(int argc, char* argv[]) +{ + int ret; + int i; + /* open /dev/mem */ + mem_fd = open("/dev/mem", O_RDWR|O_SYNC); + if (mem_fd == -1) { + perror("Cannot open /dev/mem"); + exit(1); + } + + /* mmap GPIO */ + gpio_map = mmap(NULL, BLOCK_SIZE, PROT_READ|PROT_WRITE, MAP_SHARED, mem_fd, GPIO_BASE); + if (gpio_map == MAP_FAILED) { + perror("mmap() failed"); + exit(1); + } + /* Always use volatile pointer! */ + gpio = (volatile uint32_t *)gpio_map; + + + GPIO_IN(GPIO_4); /* must use GPIO_IN before we can use GPIO_OUT */ + GPIO_OUT(GPIO_4); + + //Turn on led + while (1) { + //printf("Enable LED\n"); + GPIO_SET(GPIO_4); + usleep(1000000); + //printf("Disable GPIO\n"); // Does not seem to work? + //GPIO_CLR(GPIO_4); + //usleep(1000000); + } + /* Free up ressources */ + /* munmap GPIO */ + ret = munmap(gpio_map, BLOCK_SIZE); + if (ret == -1) { + perror("munmap() failed"); + exit(1); + } + /* close /dev/mem */ + ret = close(mem_fd); + if (ret == -1) { + perror("Cannot close /dev/mem"); + exit(1); + } + + return EXIT_SUCCESS; +} From 47f25c07b54478f2a828c19ca2ea862cd1a1a6a9 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Sun, 29 Jan 2017 22:59:36 -0500 Subject: [PATCH 02/16] Adjustments to match repo to working image --- fs_filecheck/etc/fstab | 0 fs_filecheck/etc/group | 3 ++- fs_filecheck/etc/rc.local | 6 ------ fs_filecheck/etc/systemd/system/rc-local.service | 8 +++++--- 4 files changed, 7 insertions(+), 10 deletions(-) mode change 100644 => 100755 fs_filecheck/etc/fstab diff --git a/fs_filecheck/etc/fstab b/fs_filecheck/etc/fstab old mode 100644 new mode 100755 diff --git a/fs_filecheck/etc/group b/fs_filecheck/etc/group index 6a7844f..f980fb0 100644 --- a/fs_filecheck/etc/group +++ b/fs_filecheck/etc/group @@ -19,7 +19,7 @@ cdrom:x:24:pi floppy:x:25: tape:x:26: sudo:x:27:pi -audio:x:29:pi +audio:x:29:pi,timidity dip:x:30: www-data:x:33: backup:x:34: @@ -52,3 +52,4 @@ indiecity:x:1001:root spi:x:1002:pi gpio:x:1003:pi kitten:x:1004: +timidity:x:110: diff --git a/fs_filecheck/etc/rc.local b/fs_filecheck/etc/rc.local index d0b2b9b..6635e4b 100755 --- a/fs_filecheck/etc/rc.local +++ b/fs_filecheck/etc/rc.local @@ -21,12 +21,6 @@ clean(){ echo "GROOMER: end of boot, running rc.local." -# Print the IP address (this doesn't work currently?) -# _IP=$(hostname -I) || true -# if [ "$_IP" ]; then -# printf "My IP address is %s\n" "$_IP" -# fi - if [ -e /dev/sda ]; then if [ -e /dev/sdb ]; then # Avoid possible misuse - turn off eth0 (ethernet port) diff --git a/fs_filecheck/etc/systemd/system/rc-local.service b/fs_filecheck/etc/systemd/system/rc-local.service index 7b0d9a7..4203bc2 100644 --- a/fs_filecheck/etc/systemd/system/rc-local.service +++ b/fs_filecheck/etc/systemd/system/rc-local.service @@ -1,12 +1,14 @@ [Unit] Description=/etc/rc.local Compatibility +ConditionPathExists=/etc/rc.local [Service] -Type=oneshot -ExecStart=/etc/rc.local +Type=forking +ExecStart=/etc/rc.local start TimeoutSec=0 -StandardInput=tty +StandardOutput=tty RemainAfterExit=yes +SysVStartPriority=99 [Install] WantedBy=multi-user.target From 23f9a7b869b1dfdc182723741512bc86982f2cbb Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 31 Jan 2017 15:44:13 -0500 Subject: [PATCH 03/16] Add debug flag --- fs_filecheck/opt/groomer/config.sh | 5 ++++- fs_filecheck/opt/groomer/groomer.sh | 8 ++++++-- fs_filecheck/opt/groomer/init.sh | 10 +++++++--- fs_filecheck/opt/groomer/mount_dest.sh | 9 ++++++--- shell_utils/copy_groomer_to_image.sh | 10 +++++----- 5 files changed, 28 insertions(+), 14 deletions(-) diff --git a/fs_filecheck/opt/groomer/config.sh b/fs_filecheck/opt/groomer/config.sh index f4612fc..f749abe 100755 --- a/fs_filecheck/opt/groomer/config.sh +++ b/fs_filecheck/opt/groomer/config.sh @@ -14,7 +14,7 @@ DST_MNT="/media/dst" TEMP="${DST_MNT}/temp" ZIPTEMP="${DST_MNT}/ziptemp" LOGS="${DST_MNT}/logs" -GROOM_LOG="/tmp/groom_log.txt" +DEBUG_LOG="/tmp/groomer_debug_log.txt" MUSIC="/opt/midi/" @@ -24,3 +24,6 @@ TIMIDITY="/usr/bin/timidity" MOUNT="/bin/mount" PMOUNT="/usr/bin/pmount -A -s" PUMOUNT="/usr/bin/pumount" + +# Config flags +DEBUG=true diff --git a/fs_filecheck/opt/groomer/groomer.sh b/fs_filecheck/opt/groomer/groomer.sh index 7a3e989..daeb027 100755 --- a/fs_filecheck/opt/groomer/groomer.sh +++ b/fs_filecheck/opt/groomer/groomer.sh @@ -12,7 +12,11 @@ if ! [ "${ID}" -ge "1000" ]; then exit fi -clean(){ +clean(){ + if [ ${DEBUG} = true ]; then + sleep 20 + fi + # Write anything in memory to disk ${SYNC} @@ -58,7 +62,7 @@ do # Create a directory on ${DST} named PARTION_$PARTCOUNT target_dir="/media/${DST}/FROM_PARTITION_${PARTCOUNT}" mkdir -p "${target_dir}" - LOGFILE="${LOGS}/processing.txt" + LOGFILE="${LOGS}/processing_log.txt" # Run the current partition through filecheck.py echo "==== Starting processing of /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE} diff --git a/fs_filecheck/opt/groomer/init.sh b/fs_filecheck/opt/groomer/init.sh index adc4b6d..e23f744 100755 --- a/fs_filecheck/opt/groomer/init.sh +++ b/fs_filecheck/opt/groomer/init.sh @@ -13,6 +13,9 @@ if [ ${ID} -ne 0 ]; then fi clean(){ + if [ ${DEBUG} = true ]; then + sleep 20 + fi echo "GROOMER: cleaning up after init.sh." ${SYNC} # Stop the music from playing @@ -30,7 +33,8 @@ setterm -powersave off -blank 0 echo $! > /tmp/music.pid # List block storage devices for debugging -# Make sure to set tee in append (-a) mode below if you uncomment -# lsblk |& tee ${GROOM_LOG} +if [ ${DEBUG} = true ]; then + lsblk |& tee -a ${DEBUG_LOG} +fi -su ${USERNAME} -c ./mount_dest.sh |& tee ${GROOM_LOG} +su ${USERNAME} -c ./mount_dest.sh |& tee -a ${DEBUG_LOG} diff --git a/fs_filecheck/opt/groomer/mount_dest.sh b/fs_filecheck/opt/groomer/mount_dest.sh index 720ac47..a32b45d 100755 --- a/fs_filecheck/opt/groomer/mount_dest.sh +++ b/fs_filecheck/opt/groomer/mount_dest.sh @@ -13,10 +13,13 @@ if ! [ "${ID}" -ge "1000" ]; then fi clean(){ - echo "GROOMER: Cleaning up in mount_keys.sh." + if [ ${DEBUG} = true ]; then + sleep 20 + # Copy the temporary logfile to the destination key + cp ${DEBUG_LOG} "${DST_MNT}/groomer_debug_log.txt" + fi - # Copy the temporary logfile to the destination key - cp ${GROOM_LOG} "${DST_MNT}/groomer_log_dst.txt" + echo "GROOMER: Cleaning up in mount_keys.sh." # Write anything in memory to disk ${SYNC} diff --git a/shell_utils/copy_groomer_to_image.sh b/shell_utils/copy_groomer_to_image.sh index fd1a7c1..8529318 100755 --- a/shell_utils/copy_groomer_to_image.sh +++ b/shell_utils/copy_groomer_to_image.sh @@ -2,11 +2,11 @@ set -x -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/init.sh /mnt/rpi/opt/groomer/init.sh -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/groomer.sh /mnt/rpi/opt/groomer/groomer.sh -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/config.sh /mnt/rpi/opt/groomer/config.sh -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/mount_dest.sh /mnt/rpi/opt/groomer/mount_dest.sh +cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/init.sh /mnt/rpi/opt/groomer/init.sh +cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/groomer.sh /mnt/rpi/opt/groomer/groomer.sh +cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/config.sh /mnt/rpi/opt/groomer/config.sh +cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/mount_dest.sh /mnt/rpi/opt/groomer/mount_dest.sh # cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/music.sh /mnt/rpi/opt/groomer/music.sh -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/rc.local /mnt/rpi/etc/rc.local +cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/rc.local /mnt/rpi/etc/rc.local # cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/pmount.allow /mnt/rpi/etc/pmount.allow # cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/udev/rules.d/10-usb.rules /mnt/rpi/etc/udev/rules.d/10-usb.rules From adef197f01b7d9e36fab09ef94a2c1d5307341d6 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 31 Jan 2017 16:44:59 -0500 Subject: [PATCH 04/16] Rename fs_filecheck and include it under /circlean as /root_partition --- .../root_partition}/etc/fstab | 0 .../root_partition}/etc/group | 0 .../root_partition}/etc/pam.d/su | 0 .../root_partition}/etc/passwd | 0 .../root_partition}/etc/pmount.allow | 0 .../etc/profile.d/raspi-config.sh | 0 .../root_partition}/etc/rc.local | 0 .../root_partition}/etc/security/limits.conf | 0 .../root_partition}/etc/sudoers | 0 .../etc/systemd/system/rc-local.service | 0 .../etc/udev/rules.d/10-usb.rules | 0 .../etc/udev/rules.d/50-blockhid.rules | 0 .../etc/udev/rules.d/90-qemu.rules | 0 .../root_partition}/opt/groomer/config.sh | 0 .../root_partition}/opt/groomer/groomer.sh | 0 .../root_partition}/opt/groomer/init.sh | 0 .../root_partition}/opt/groomer/mount_dest.sh | 0 .../root_partition}/opt/groomer/music.sh | 0 .../root_partition}/usr/local/bin/pdfid.py | 0 .../usr/local/bin/plugin_embeddedfile.py | 0 .../root_partition}/usr/local/bin/plugin_list | 0 .../usr/local/bin/plugin_nameobfuscation.py | 0 .../usr/local/bin/plugin_triage.py | 0 shell_utils/copy_groomer_to_image.sh | 16 ++++++++-------- 24 files changed, 8 insertions(+), 8 deletions(-) rename {fs_filecheck => circlean/root_partition}/etc/fstab (100%) rename {fs_filecheck => circlean/root_partition}/etc/group (100%) rename {fs_filecheck => circlean/root_partition}/etc/pam.d/su (100%) rename {fs_filecheck => circlean/root_partition}/etc/passwd (100%) rename {fs_filecheck => circlean/root_partition}/etc/pmount.allow (100%) rename {fs_filecheck => circlean/root_partition}/etc/profile.d/raspi-config.sh (100%) rename {fs_filecheck => circlean/root_partition}/etc/rc.local (100%) rename {fs_filecheck => circlean/root_partition}/etc/security/limits.conf (100%) rename {fs_filecheck => circlean/root_partition}/etc/sudoers (100%) rename {fs_filecheck => circlean/root_partition}/etc/systemd/system/rc-local.service (100%) rename {fs_filecheck => circlean/root_partition}/etc/udev/rules.d/10-usb.rules (100%) rename {fs_filecheck => circlean/root_partition}/etc/udev/rules.d/50-blockhid.rules (100%) rename {fs_filecheck => circlean/root_partition}/etc/udev/rules.d/90-qemu.rules (100%) rename {fs_filecheck => circlean/root_partition}/opt/groomer/config.sh (100%) rename {fs_filecheck => circlean/root_partition}/opt/groomer/groomer.sh (100%) rename {fs_filecheck => circlean/root_partition}/opt/groomer/init.sh (100%) rename {fs_filecheck => circlean/root_partition}/opt/groomer/mount_dest.sh (100%) rename {fs_filecheck => circlean/root_partition}/opt/groomer/music.sh (100%) rename {fs_filecheck => circlean/root_partition}/usr/local/bin/pdfid.py (100%) rename {fs_filecheck => circlean/root_partition}/usr/local/bin/plugin_embeddedfile.py (100%) rename {fs_filecheck => circlean/root_partition}/usr/local/bin/plugin_list (100%) rename {fs_filecheck => circlean/root_partition}/usr/local/bin/plugin_nameobfuscation.py (100%) rename {fs_filecheck => circlean/root_partition}/usr/local/bin/plugin_triage.py (100%) diff --git a/fs_filecheck/etc/fstab b/circlean/root_partition/etc/fstab similarity index 100% rename from fs_filecheck/etc/fstab rename to circlean/root_partition/etc/fstab diff --git a/fs_filecheck/etc/group b/circlean/root_partition/etc/group similarity index 100% rename from fs_filecheck/etc/group rename to circlean/root_partition/etc/group diff --git a/fs_filecheck/etc/pam.d/su b/circlean/root_partition/etc/pam.d/su similarity index 100% rename from fs_filecheck/etc/pam.d/su rename to circlean/root_partition/etc/pam.d/su diff --git a/fs_filecheck/etc/passwd b/circlean/root_partition/etc/passwd similarity index 100% rename from fs_filecheck/etc/passwd rename to circlean/root_partition/etc/passwd diff --git a/fs_filecheck/etc/pmount.allow b/circlean/root_partition/etc/pmount.allow similarity index 100% rename from fs_filecheck/etc/pmount.allow rename to circlean/root_partition/etc/pmount.allow diff --git a/fs_filecheck/etc/profile.d/raspi-config.sh b/circlean/root_partition/etc/profile.d/raspi-config.sh similarity index 100% rename from fs_filecheck/etc/profile.d/raspi-config.sh rename to circlean/root_partition/etc/profile.d/raspi-config.sh diff --git a/fs_filecheck/etc/rc.local b/circlean/root_partition/etc/rc.local similarity index 100% rename from fs_filecheck/etc/rc.local rename to circlean/root_partition/etc/rc.local diff --git a/fs_filecheck/etc/security/limits.conf b/circlean/root_partition/etc/security/limits.conf similarity index 100% rename from fs_filecheck/etc/security/limits.conf rename to circlean/root_partition/etc/security/limits.conf diff --git a/fs_filecheck/etc/sudoers b/circlean/root_partition/etc/sudoers similarity index 100% rename from fs_filecheck/etc/sudoers rename to circlean/root_partition/etc/sudoers diff --git a/fs_filecheck/etc/systemd/system/rc-local.service b/circlean/root_partition/etc/systemd/system/rc-local.service similarity index 100% rename from fs_filecheck/etc/systemd/system/rc-local.service rename to circlean/root_partition/etc/systemd/system/rc-local.service diff --git a/fs_filecheck/etc/udev/rules.d/10-usb.rules b/circlean/root_partition/etc/udev/rules.d/10-usb.rules similarity index 100% rename from fs_filecheck/etc/udev/rules.d/10-usb.rules rename to circlean/root_partition/etc/udev/rules.d/10-usb.rules diff --git a/fs_filecheck/etc/udev/rules.d/50-blockhid.rules b/circlean/root_partition/etc/udev/rules.d/50-blockhid.rules similarity index 100% rename from fs_filecheck/etc/udev/rules.d/50-blockhid.rules rename to circlean/root_partition/etc/udev/rules.d/50-blockhid.rules diff --git a/fs_filecheck/etc/udev/rules.d/90-qemu.rules b/circlean/root_partition/etc/udev/rules.d/90-qemu.rules similarity index 100% rename from fs_filecheck/etc/udev/rules.d/90-qemu.rules rename to circlean/root_partition/etc/udev/rules.d/90-qemu.rules diff --git a/fs_filecheck/opt/groomer/config.sh b/circlean/root_partition/opt/groomer/config.sh similarity index 100% rename from fs_filecheck/opt/groomer/config.sh rename to circlean/root_partition/opt/groomer/config.sh diff --git a/fs_filecheck/opt/groomer/groomer.sh b/circlean/root_partition/opt/groomer/groomer.sh similarity index 100% rename from fs_filecheck/opt/groomer/groomer.sh rename to circlean/root_partition/opt/groomer/groomer.sh diff --git a/fs_filecheck/opt/groomer/init.sh b/circlean/root_partition/opt/groomer/init.sh similarity index 100% rename from fs_filecheck/opt/groomer/init.sh rename to circlean/root_partition/opt/groomer/init.sh diff --git a/fs_filecheck/opt/groomer/mount_dest.sh b/circlean/root_partition/opt/groomer/mount_dest.sh similarity index 100% rename from fs_filecheck/opt/groomer/mount_dest.sh rename to circlean/root_partition/opt/groomer/mount_dest.sh diff --git a/fs_filecheck/opt/groomer/music.sh b/circlean/root_partition/opt/groomer/music.sh similarity index 100% rename from fs_filecheck/opt/groomer/music.sh rename to circlean/root_partition/opt/groomer/music.sh diff --git a/fs_filecheck/usr/local/bin/pdfid.py b/circlean/root_partition/usr/local/bin/pdfid.py similarity index 100% rename from fs_filecheck/usr/local/bin/pdfid.py rename to circlean/root_partition/usr/local/bin/pdfid.py diff --git a/fs_filecheck/usr/local/bin/plugin_embeddedfile.py b/circlean/root_partition/usr/local/bin/plugin_embeddedfile.py similarity index 100% rename from fs_filecheck/usr/local/bin/plugin_embeddedfile.py rename to circlean/root_partition/usr/local/bin/plugin_embeddedfile.py diff --git a/fs_filecheck/usr/local/bin/plugin_list b/circlean/root_partition/usr/local/bin/plugin_list similarity index 100% rename from fs_filecheck/usr/local/bin/plugin_list rename to circlean/root_partition/usr/local/bin/plugin_list diff --git a/fs_filecheck/usr/local/bin/plugin_nameobfuscation.py b/circlean/root_partition/usr/local/bin/plugin_nameobfuscation.py similarity index 100% rename from fs_filecheck/usr/local/bin/plugin_nameobfuscation.py rename to circlean/root_partition/usr/local/bin/plugin_nameobfuscation.py diff --git a/fs_filecheck/usr/local/bin/plugin_triage.py b/circlean/root_partition/usr/local/bin/plugin_triage.py similarity index 100% rename from fs_filecheck/usr/local/bin/plugin_triage.py rename to circlean/root_partition/usr/local/bin/plugin_triage.py diff --git a/shell_utils/copy_groomer_to_image.sh b/shell_utils/copy_groomer_to_image.sh index 8529318..636226d 100755 --- a/shell_utils/copy_groomer_to_image.sh +++ b/shell_utils/copy_groomer_to_image.sh @@ -2,11 +2,11 @@ set -x -cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/init.sh /mnt/rpi/opt/groomer/init.sh -cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/groomer.sh /mnt/rpi/opt/groomer/groomer.sh -cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/config.sh /mnt/rpi/opt/groomer/config.sh -cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/mount_dest.sh /mnt/rpi/opt/groomer/mount_dest.sh -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/opt/groomer/music.sh /mnt/rpi/opt/groomer/music.sh -cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/rc.local /mnt/rpi/etc/rc.local -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/pmount.allow /mnt/rpi/etc/pmount.allow -# cp /media/sf_ubuntu-shared/Circlean-Ubuntu/fs_filecheck/etc/udev/rules.d/10-usb.rules /mnt/rpi/etc/udev/rules.d/10-usb.rules +cp circlean/root_partition/opt/groomer/init.sh /mnt/rpi/opt/groomer/init.sh +cp circlean/root_partition/opt/groomer/groomer.sh /mnt/rpi/opt/groomer/groomer.sh +cp circlean/root_partition/opt/groomer/config.sh /mnt/rpi/opt/groomer/config.sh +cp circlean/root_partition/opt/groomer/mount_dest.sh /mnt/rpi/opt/groomer/mount_dest.sh +cp circlean/root_partition/etc/rc.local /mnt/rpi/etc/rc.local +# cp circlean/root_partition/opt/groomer/music.sh /mnt/rpi/opt/groomer/music.sh +# cp circlean/root_partition/etc/pmount.allow /mnt/rpi/etc/pmount.allow +# cp circlean/root_partition/etc/udev/rules.d/10-usb.rules /mnt/rpi/etc/udev/rules.d/10-usb.rules From cdf596439220d864a20edf806abaf28a37089eb5 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 31 Jan 2017 17:07:12 -0500 Subject: [PATCH 05/16] Fix to make read-only filesystem not cause crash on boot During boot, read-only boot partition was causing a crash due to sed trying to write to disk. Added a directory /circlean/boot_partition to hold changes to cmdline.txt that fix this issue. --- circlean/boot_partition/cmdline.txt | 1 + 1 file changed, 1 insertion(+) create mode 100755 circlean/boot_partition/cmdline.txt diff --git a/circlean/boot_partition/cmdline.txt b/circlean/boot_partition/cmdline.txt new file mode 100755 index 0000000..2b1f363 --- /dev/null +++ b/circlean/boot_partition/cmdline.txt @@ -0,0 +1 @@ +dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro From 8f6e8fb87b0fa4e8f9f4c8bebfb959ee133e8b76 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 31 Jan 2017 17:09:13 -0500 Subject: [PATCH 06/16] Change method for turning off display autosleep Previous strategy using setterm wasn't working. Switched to using consoleblank=0 in boot partition cmdline.txt --- circlean/boot_partition/cmdline.txt | 2 +- circlean/root_partition/opt/groomer/init.sh | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/circlean/boot_partition/cmdline.txt b/circlean/boot_partition/cmdline.txt index 2b1f363..f8d365d 100755 --- a/circlean/boot_partition/cmdline.txt +++ b/circlean/boot_partition/cmdline.txt @@ -1 +1 @@ -dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro +dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro consoleblank=0 diff --git a/circlean/root_partition/opt/groomer/init.sh b/circlean/root_partition/opt/groomer/init.sh index e23f744..5c68def 100755 --- a/circlean/root_partition/opt/groomer/init.sh +++ b/circlean/root_partition/opt/groomer/init.sh @@ -25,9 +25,6 @@ clean(){ trap clean EXIT TERM INT -# Stop hdmi display from sleeping after a period of time -setterm -powersave off -blank 0 - # Start music ./music.sh & echo $! > /tmp/music.pid From 8549ea35db4bed462429b6920151b21fce3ab456 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 31 Jan 2017 17:14:27 -0500 Subject: [PATCH 07/16] Rename circlean/ to circlean_fs/ --- {circlean/boot_partition => circlean_fs/boot}/cmdline.txt | 0 {circlean => circlean_fs}/root_partition/etc/fstab | 0 {circlean => circlean_fs}/root_partition/etc/group | 0 {circlean => circlean_fs}/root_partition/etc/pam.d/su | 0 {circlean => circlean_fs}/root_partition/etc/passwd | 0 {circlean => circlean_fs}/root_partition/etc/pmount.allow | 0 .../root_partition/etc/profile.d/raspi-config.sh | 0 {circlean => circlean_fs}/root_partition/etc/rc.local | 0 {circlean => circlean_fs}/root_partition/etc/security/limits.conf | 0 {circlean => circlean_fs}/root_partition/etc/sudoers | 0 .../root_partition/etc/systemd/system/rc-local.service | 0 .../root_partition/etc/udev/rules.d/10-usb.rules | 0 .../root_partition/etc/udev/rules.d/50-blockhid.rules | 0 .../root_partition/etc/udev/rules.d/90-qemu.rules | 0 {circlean => circlean_fs}/root_partition/opt/groomer/config.sh | 0 {circlean => circlean_fs}/root_partition/opt/groomer/groomer.sh | 0 {circlean => circlean_fs}/root_partition/opt/groomer/init.sh | 0 .../root_partition/opt/groomer/mount_dest.sh | 0 {circlean => circlean_fs}/root_partition/opt/groomer/music.sh | 0 {circlean => circlean_fs}/root_partition/usr/local/bin/pdfid.py | 0 .../root_partition/usr/local/bin/plugin_embeddedfile.py | 0 .../root_partition/usr/local/bin/plugin_list | 0 .../root_partition/usr/local/bin/plugin_nameobfuscation.py | 0 .../root_partition/usr/local/bin/plugin_triage.py | 0 24 files changed, 0 insertions(+), 0 deletions(-) rename {circlean/boot_partition => circlean_fs/boot}/cmdline.txt (100%) rename {circlean => circlean_fs}/root_partition/etc/fstab (100%) rename {circlean => circlean_fs}/root_partition/etc/group (100%) rename {circlean => circlean_fs}/root_partition/etc/pam.d/su (100%) rename {circlean => circlean_fs}/root_partition/etc/passwd (100%) rename {circlean => circlean_fs}/root_partition/etc/pmount.allow (100%) rename {circlean => circlean_fs}/root_partition/etc/profile.d/raspi-config.sh (100%) rename {circlean => circlean_fs}/root_partition/etc/rc.local (100%) rename {circlean => circlean_fs}/root_partition/etc/security/limits.conf (100%) rename {circlean => circlean_fs}/root_partition/etc/sudoers (100%) rename {circlean => circlean_fs}/root_partition/etc/systemd/system/rc-local.service (100%) rename {circlean => circlean_fs}/root_partition/etc/udev/rules.d/10-usb.rules (100%) rename {circlean => circlean_fs}/root_partition/etc/udev/rules.d/50-blockhid.rules (100%) rename {circlean => circlean_fs}/root_partition/etc/udev/rules.d/90-qemu.rules (100%) rename {circlean => circlean_fs}/root_partition/opt/groomer/config.sh (100%) rename {circlean => circlean_fs}/root_partition/opt/groomer/groomer.sh (100%) rename {circlean => circlean_fs}/root_partition/opt/groomer/init.sh (100%) rename {circlean => circlean_fs}/root_partition/opt/groomer/mount_dest.sh (100%) rename {circlean => circlean_fs}/root_partition/opt/groomer/music.sh (100%) rename {circlean => circlean_fs}/root_partition/usr/local/bin/pdfid.py (100%) rename {circlean => circlean_fs}/root_partition/usr/local/bin/plugin_embeddedfile.py (100%) rename {circlean => circlean_fs}/root_partition/usr/local/bin/plugin_list (100%) rename {circlean => circlean_fs}/root_partition/usr/local/bin/plugin_nameobfuscation.py (100%) rename {circlean => circlean_fs}/root_partition/usr/local/bin/plugin_triage.py (100%) diff --git a/circlean/boot_partition/cmdline.txt b/circlean_fs/boot/cmdline.txt similarity index 100% rename from circlean/boot_partition/cmdline.txt rename to circlean_fs/boot/cmdline.txt diff --git a/circlean/root_partition/etc/fstab b/circlean_fs/root_partition/etc/fstab similarity index 100% rename from circlean/root_partition/etc/fstab rename to circlean_fs/root_partition/etc/fstab diff --git a/circlean/root_partition/etc/group b/circlean_fs/root_partition/etc/group similarity index 100% rename from circlean/root_partition/etc/group rename to circlean_fs/root_partition/etc/group diff --git a/circlean/root_partition/etc/pam.d/su b/circlean_fs/root_partition/etc/pam.d/su similarity index 100% rename from circlean/root_partition/etc/pam.d/su rename to circlean_fs/root_partition/etc/pam.d/su diff --git a/circlean/root_partition/etc/passwd b/circlean_fs/root_partition/etc/passwd similarity index 100% rename from circlean/root_partition/etc/passwd rename to circlean_fs/root_partition/etc/passwd diff --git a/circlean/root_partition/etc/pmount.allow b/circlean_fs/root_partition/etc/pmount.allow similarity index 100% rename from circlean/root_partition/etc/pmount.allow rename to circlean_fs/root_partition/etc/pmount.allow diff --git a/circlean/root_partition/etc/profile.d/raspi-config.sh b/circlean_fs/root_partition/etc/profile.d/raspi-config.sh similarity index 100% rename from circlean/root_partition/etc/profile.d/raspi-config.sh rename to circlean_fs/root_partition/etc/profile.d/raspi-config.sh diff --git a/circlean/root_partition/etc/rc.local b/circlean_fs/root_partition/etc/rc.local similarity index 100% rename from circlean/root_partition/etc/rc.local rename to circlean_fs/root_partition/etc/rc.local diff --git a/circlean/root_partition/etc/security/limits.conf b/circlean_fs/root_partition/etc/security/limits.conf similarity index 100% rename from circlean/root_partition/etc/security/limits.conf rename to circlean_fs/root_partition/etc/security/limits.conf diff --git a/circlean/root_partition/etc/sudoers b/circlean_fs/root_partition/etc/sudoers similarity index 100% rename from circlean/root_partition/etc/sudoers rename to circlean_fs/root_partition/etc/sudoers diff --git a/circlean/root_partition/etc/systemd/system/rc-local.service b/circlean_fs/root_partition/etc/systemd/system/rc-local.service similarity index 100% rename from circlean/root_partition/etc/systemd/system/rc-local.service rename to circlean_fs/root_partition/etc/systemd/system/rc-local.service diff --git a/circlean/root_partition/etc/udev/rules.d/10-usb.rules b/circlean_fs/root_partition/etc/udev/rules.d/10-usb.rules similarity index 100% rename from circlean/root_partition/etc/udev/rules.d/10-usb.rules rename to circlean_fs/root_partition/etc/udev/rules.d/10-usb.rules diff --git a/circlean/root_partition/etc/udev/rules.d/50-blockhid.rules b/circlean_fs/root_partition/etc/udev/rules.d/50-blockhid.rules similarity index 100% rename from circlean/root_partition/etc/udev/rules.d/50-blockhid.rules rename to circlean_fs/root_partition/etc/udev/rules.d/50-blockhid.rules diff --git a/circlean/root_partition/etc/udev/rules.d/90-qemu.rules b/circlean_fs/root_partition/etc/udev/rules.d/90-qemu.rules similarity index 100% rename from circlean/root_partition/etc/udev/rules.d/90-qemu.rules rename to circlean_fs/root_partition/etc/udev/rules.d/90-qemu.rules diff --git a/circlean/root_partition/opt/groomer/config.sh b/circlean_fs/root_partition/opt/groomer/config.sh similarity index 100% rename from circlean/root_partition/opt/groomer/config.sh rename to circlean_fs/root_partition/opt/groomer/config.sh diff --git a/circlean/root_partition/opt/groomer/groomer.sh b/circlean_fs/root_partition/opt/groomer/groomer.sh similarity index 100% rename from circlean/root_partition/opt/groomer/groomer.sh rename to circlean_fs/root_partition/opt/groomer/groomer.sh diff --git a/circlean/root_partition/opt/groomer/init.sh b/circlean_fs/root_partition/opt/groomer/init.sh similarity index 100% rename from circlean/root_partition/opt/groomer/init.sh rename to circlean_fs/root_partition/opt/groomer/init.sh diff --git a/circlean/root_partition/opt/groomer/mount_dest.sh b/circlean_fs/root_partition/opt/groomer/mount_dest.sh similarity index 100% rename from circlean/root_partition/opt/groomer/mount_dest.sh rename to circlean_fs/root_partition/opt/groomer/mount_dest.sh diff --git a/circlean/root_partition/opt/groomer/music.sh b/circlean_fs/root_partition/opt/groomer/music.sh similarity index 100% rename from circlean/root_partition/opt/groomer/music.sh rename to circlean_fs/root_partition/opt/groomer/music.sh diff --git a/circlean/root_partition/usr/local/bin/pdfid.py b/circlean_fs/root_partition/usr/local/bin/pdfid.py similarity index 100% rename from circlean/root_partition/usr/local/bin/pdfid.py rename to circlean_fs/root_partition/usr/local/bin/pdfid.py diff --git a/circlean/root_partition/usr/local/bin/plugin_embeddedfile.py b/circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py similarity index 100% rename from circlean/root_partition/usr/local/bin/plugin_embeddedfile.py rename to circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py diff --git a/circlean/root_partition/usr/local/bin/plugin_list b/circlean_fs/root_partition/usr/local/bin/plugin_list similarity index 100% rename from circlean/root_partition/usr/local/bin/plugin_list rename to circlean_fs/root_partition/usr/local/bin/plugin_list diff --git a/circlean/root_partition/usr/local/bin/plugin_nameobfuscation.py b/circlean_fs/root_partition/usr/local/bin/plugin_nameobfuscation.py similarity index 100% rename from circlean/root_partition/usr/local/bin/plugin_nameobfuscation.py rename to circlean_fs/root_partition/usr/local/bin/plugin_nameobfuscation.py diff --git a/circlean/root_partition/usr/local/bin/plugin_triage.py b/circlean_fs/root_partition/usr/local/bin/plugin_triage.py similarity index 100% rename from circlean/root_partition/usr/local/bin/plugin_triage.py rename to circlean_fs/root_partition/usr/local/bin/plugin_triage.py From 67e87e6a5594fd498d786302f86ea29ea30805a0 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Mon, 6 Feb 2017 17:25:24 -0500 Subject: [PATCH 08/16] A few small cleanups --- circlean_fs/root_partition/opt/groomer/config.sh | 2 +- circlean_fs/root_partition/opt/groomer/music.sh | 3 ++- shell_utils/copy_groomer_to_image.sh | 12 ------------ 3 files changed, 3 insertions(+), 14 deletions(-) delete mode 100755 shell_utils/copy_groomer_to_image.sh diff --git a/circlean_fs/root_partition/opt/groomer/config.sh b/circlean_fs/root_partition/opt/groomer/config.sh index f749abe..e69bf2e 100755 --- a/circlean_fs/root_partition/opt/groomer/config.sh +++ b/circlean_fs/root_partition/opt/groomer/config.sh @@ -26,4 +26,4 @@ PMOUNT="/usr/bin/pmount -A -s" PUMOUNT="/usr/bin/pumount" # Config flags -DEBUG=true +DEBUG=false diff --git a/circlean_fs/root_partition/opt/groomer/music.sh b/circlean_fs/root_partition/opt/groomer/music.sh index c57639d..0ac07f1 100755 --- a/circlean_fs/root_partition/opt/groomer/music.sh +++ b/circlean_fs/root_partition/opt/groomer/music.sh @@ -17,5 +17,6 @@ amixer cset numid=3 1 files=(${MUSIC}*) while true; do - $TIMIDITY ${files[RANDOM % ${#files[@]}]} + # -id flags set interface to "dumb" and -qq silences most/all terminal output + $TIMIDITY -idqq ${files[RANDOM % ${#files[@]}]} done diff --git a/shell_utils/copy_groomer_to_image.sh b/shell_utils/copy_groomer_to_image.sh deleted file mode 100755 index 636226d..0000000 --- a/shell_utils/copy_groomer_to_image.sh +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -x - -cp circlean/root_partition/opt/groomer/init.sh /mnt/rpi/opt/groomer/init.sh -cp circlean/root_partition/opt/groomer/groomer.sh /mnt/rpi/opt/groomer/groomer.sh -cp circlean/root_partition/opt/groomer/config.sh /mnt/rpi/opt/groomer/config.sh -cp circlean/root_partition/opt/groomer/mount_dest.sh /mnt/rpi/opt/groomer/mount_dest.sh -cp circlean/root_partition/etc/rc.local /mnt/rpi/etc/rc.local -# cp circlean/root_partition/opt/groomer/music.sh /mnt/rpi/opt/groomer/music.sh -# cp circlean/root_partition/etc/pmount.allow /mnt/rpi/etc/pmount.allow -# cp circlean/root_partition/etc/udev/rules.d/10-usb.rules /mnt/rpi/etc/udev/rules.d/10-usb.rules From 51de40f2aac1b090849ad5c11485592bb788abac Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 13:24:32 -0500 Subject: [PATCH 09/16] Add basic_mount_image.sh --- shell_utils/basic_mount_image.sh | 39 ++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100755 shell_utils/basic_mount_image.sh diff --git a/shell_utils/basic_mount_image.sh b/shell_utils/basic_mount_image.sh new file mode 100755 index 0000000..c0a002a --- /dev/null +++ b/shell_utils/basic_mount_image.sh @@ -0,0 +1,39 @@ +#!/bin/bash + +# This script will mount a given image in loop mode. +# Make sure to change the path and offsets for the image you use. You can get +# the correct offsets using `file $PATH_TO_IMAGE` or fdisk. + +# To make debugging easier +echo "KittenGroomer: in mount_image.sh" 1>&2 + +if [ "$(id -u)" != "0" ]; then + echo "This script must be run as root" 1>&2 + exit 1 +fi + +set -e +set -x + +# Double check the path and offsets as noted above! +# Path to the image +IMAGE='/media/sf_ubuntu-shared/2017-02-02_CIRCLean.img' +# Start sector of boot (first) partition +BOOT_START=8192 +# Start sector of root (second) partition +ROOT_START=137216 +# Locations you'd like the partitions mounted +BOOT_PATH='/mnt/rpi-boot' +ROOTFS_PATH='/mnt/rpi-root' + +# Calculate offsets for each partition +offset_boot=$((${BOOT_START} * 512)) +offset_rootfs=$((${ROOT_START} * 512)) +# TODO: add logic for creating directories if they aren't already there +mkdir -p ${BOOT_PATH} +mkdir -p ${ROOTFS_PATH} +# Mount each partition in loop mode +mount -o loop,offset=${offset_boot} ${IMAGE} ${BOOT_PATH} +mount -o loop,offset=${offset_rootfs} ${IMAGE} ${ROOTFS_PATH} + +echo "Image mounted" 1>&2 From a2f2d395828c86e4cbab575f96b3054165cce388 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Thu, 26 Jan 2017 17:54:37 -0500 Subject: [PATCH 10/16] Add new documentation, move to docs/ --- CHANGELOG | 26 --------- CHANGELOG.md | 47 ++++++++++++++++ doc/{NOTES-RPI2 => NOTES-RPI2.md} | 0 doc/{NOTES => NOTES.md} | 0 README_setup.md => doc/README_setup.md | 12 ++--- doc/TODO | 36 ------------- doc/TODO.md | 13 +++++ doc/image-setup-checklist.md | 55 +++++++++++++++++++ doc/modifying_image.md | 24 +++++++++ doc/qemu-notes.md | 74 ++++++++++++++++++++++++++ doc/{resize_img.md => resize_image.md} | 0 doc/tests_TODO.md | 4 +- 12 files changed, 221 insertions(+), 70 deletions(-) delete mode 100644 CHANGELOG create mode 100644 CHANGELOG.md rename doc/{NOTES-RPI2 => NOTES-RPI2.md} (100%) rename doc/{NOTES => NOTES.md} (100%) rename README_setup.md => doc/README_setup.md (92%) delete mode 100644 doc/TODO create mode 100644 doc/TODO.md create mode 100644 doc/image-setup-checklist.md create mode 100644 doc/modifying_image.md create mode 100644 doc/qemu-notes.md rename doc/{resize_img.md => resize_image.md} (100%) diff --git a/CHANGELOG b/CHANGELOG deleted file mode 100644 index 44ce0ea..0000000 --- a/CHANGELOG +++ /dev/null @@ -1,26 +0,0 @@ -Version 1.2 - 2015-03-10 - -- Rollback the migration to Jessie and use Wheezy again: the only important dependency from Jessie was poppler, which is available in the backports -- Use the most recent security patches -- Do not wait for user input in case of password protected archive - -Version 1.1.1 - 2014-10-26 - -- General upgrade of Debian to avoid the system to fail in case there is no HDMI cable connected. - -Version 1.1 - 2014-10-01 - -- NTFS support added for USB key -- Updated to Debian Jessie including patches for [bash vulnerabilities CVE-2014-6271 - CVE-2014-7169](/pub/tr-27/) -- CIRCLean user are now removed from the sudoer - -Version 1.0 - 2014-05-20 - -- Based on Raspbian Jessie -- Fully automated tests with Qemu -- Mimetype: support of PDF, Office documents, archives, windows executables -- Filesystem: USB keys have to be formated in vfat -- Support of multiple partitions -- Renaming of autorun.inf on the source key -- Operating system is read only -- Use pdf2htmlEX v0.11 diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..cc12256 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,47 @@ +Version 2.1 - 2017-02-XX +- Updated to the newest version of Raspbian Jessie lite (January 11th 2017 release) +- NTFS files can be mounted + +Version 2.0.2 - 2016-05-12 +- Improve filename encoding + +Version 2.0.1 - 2016-04-26 +- Re-add [timidity](http://timidity.sourceforge.net/) so the MIDI files are played properly + +Version 2.0 - 2016-04-26 +- No critical bugs have been identified, this release uses the latest version of Raspbian Jessie lite, with all system updates + +Version 2.0-BETA - 2015-11-06 +- There a new beta version of CIRCLean which is a significant improvement from the latest version in term of speed and efficiency on low-end hardware like the first version of the Raspberry Pi. The new code base of CIRCLean is now based on [PyCIRCLean](https://github.com/CIRCL/PyCIRCLean) + +Version 1.3 - 2015-05-27 +- Fix a [critical security bug](https://www.circl.lu/projects/CIRCLean/security/advisory-01) related to [polyglot files](https://github.com/CIRCL/Circlean/issues/9) - thanks to the reporters ([Jann Horn](https://github.com/thejh), [seclab-solutions](http://www.seclab-solutions.com/)) +- Use [PyCIRCLean](https://github.com/CIRCL/PyCIRCLean) for conversion +- Convert PDF files to PDF/A before converting to HTML + +Version 1.2 - 2015-03-10 + +- Rollback the migration to Jessie and use Wheezy again: the only important dependency from Jessie was poppler, which is available in the backports +- Use the most recent security patches +- Do not wait for user input in case of password protected archive + +Version 1.1.1 - 2014-10-26 + +- General upgrade of Debian to avoid the system to fail in case there is no HDMI cable connected. + +Version 1.1 - 2014-10-01 + +- NTFS support added for USB key +- Updated to Debian Jessie including patches for [bash vulnerabilities CVE-2014-6271 - CVE-2014-7169](/pub/tr-27/) +- CIRCLean user are now removed from the sudoer + +Version 1.0 - 2014-05-20 + +- Based on Raspbian Jessie +- Fully automated tests with Qemu +- Mimetype: support of PDF, Office documents, archives, windows executables +- Filesystem: USB keys have to be formated in vfat +- Support of multiple partitions +- Renaming of autorun.inf on the source key +- Operating system is read only +- Use pdf2htmlEX v0.11 diff --git a/doc/NOTES-RPI2 b/doc/NOTES-RPI2.md similarity index 100% rename from doc/NOTES-RPI2 rename to doc/NOTES-RPI2.md diff --git a/doc/NOTES b/doc/NOTES.md similarity index 100% rename from doc/NOTES rename to doc/NOTES.md diff --git a/README_setup.md b/doc/README_setup.md similarity index 92% rename from README_setup.md rename to doc/README_setup.md index afb74a1..6e6c157 100644 --- a/README_setup.md +++ b/doc/README_setup.md @@ -53,16 +53,16 @@ larger than it was before (6852607 vs. 2658303 in the example). > fdisk XXXX-XX-XX-raspbian-jessie-lite.img Command (m for help): *p* - Disk XXXX-XX-XX-raspbian-jessie-lite.img: 3.3 GiB, 3508535296 bytes, 6852608 sectors + Disk XXXX-XX-XX-raspbian-jessie-lite.img: 3.3 GiB, 3537895424 bytes, 6909952 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos - Disk identifier: 0x6f92008e + Disk identifier: 0x244b8248 Device Boot Start End Sectors Size Id Type - XXXX-XX-XX-raspbian-jessie-lite.img1 8192 131071 122880 60M c W95 FAT32 (LBA) - XXXX-XX-XX-raspbian-jessie-lite.img2 131072 2658303 2527232 1.2G 83 Linux + XXXX-XX-XX-raspbian-jessie-lite.img1 8192 137215 129024 63M c W95 FAT32 (LBA) + XXXX-XX-XX-raspbian-jessie-lite.img2 137216 2715647 2578432 1.2G 83 Linux Command (m for help): *d* Partition number (1,2, default 2): *2* @@ -77,8 +77,8 @@ larger than it was before (6852607 vs. 2658303 in the example). Using default response p. Partition number (2-4, default 2): - First sector (2048-6852607, default 2048): *131072* - Last sector, +sectors or +size{K,M,G,T,P} (131072-6852607, default 6852607): + First sector (2048-6852607, default 2048): *137216* + Last sector, +sectors or +size{K,M,G,T,P} (131216-6909951, default 6909951): Created a new partition 2 of type 'Linux' and of size 3.2 GiB. diff --git a/doc/TODO b/doc/TODO deleted file mode 100644 index 1b4fd75..0000000 --- a/doc/TODO +++ /dev/null @@ -1,36 +0,0 @@ -TODO -==== - -* the script locations should be changed in the next version so they don't sit - next to the rPi's example development code that ships with the stock rPi -* the system isn't optimised and should be : cleanup and making it as close to - stock as possible -[Npot sure] Starting process should be more obfuscated -* strip exif data and leave it in a .txt file next to the image it came from - => exiftool -[Done with remount] set filesystem of OS in RO (physical switch and/or remount OS) -[OK] mount source key in RO and noexec <= also nosuid and nodev -[OK] mount target key with noexec <= also nosuid and nodev -* convert spreadsheets in csv ? -[done in HTML] convert documents (pdfs/*office/...) in images ? -[Not Needed] Have a look at Ghostscript to work on PDFs (.pdf -> .eps -> .png?) -[do everything as user] do not run the conversions as root -> run in chroot -* take eth0 down in /etc/network/interfaces or in the groomer script disable the - interface before anything happens -* hdmi should stay up: solvable by poking the power management timer - (better not to disable the PM completely) -[Done] get rid of pdfbox. remove need for java -[WIP] scripts to generate a SD card automatically (win/mac/linux) -* move the scripts away from /opt/ -* strip back libreoffice to minimum required packages. in particular, if possible, - remove libreoffice-java-common package -* Write the groomer log on the destination key -[Done] use /etc/mime.types and file -b --mime-type to find out the type of - the file -* Extract metadata from all the files => https://mat.boum.org/ - -HTML Files -========== - -- disable JS -- cleanup external imports (js/css/images) diff --git a/doc/TODO.md b/doc/TODO.md new file mode 100644 index 0000000..ee8be35 --- /dev/null +++ b/doc/TODO.md @@ -0,0 +1,13 @@ +TODO +==== + +* strip exif data and leave it in a .txt file next to the image it came from + => exiftool +* Scripts to generate a SD card automatically (win/mac/linux) +* Extract metadata from all the files => https://mat.boum.org/ + +HTML Files +========== + +- disable JS? +- cleanup external imports (js/css/images) diff --git a/doc/image-setup-checklist.md b/doc/image-setup-checklist.md new file mode 100644 index 0000000..e3d1d4e --- /dev/null +++ b/doc/image-setup-checklist.md @@ -0,0 +1,55 @@ +* Download qemu and qemu-user-static if not already installed +* Download the newest raspbian-lite image from raspberrypi.org +* Verify the sha1 hash of the downloaded .zip file +* Unzip the image +* Expand the image by 2GB using dd +* Expand the root partition using fdisk +* Mount both partitions in loop mode using /shell_utils/simple_mount_image.sh +* Use df to find the larger partition, and resize the filesystem to fill it +* Use proot to enter a chroot in the image: sudo proot -q qemu-arm -S /mnt/rpi-root -b /mnt/rpi-boot:/boot /bin/bash +* Run dpkg-reconfigure locales (this step + others using proot + qemu can be slow, be patient) +* apt-get update +* apt-get dist-upgrade (might have to run this and autoremove several times) +* apt-get autoremove +* apt-get install the linux dependencies: + - timidity # for playing music + - git # for installing python dependencies from github + - p7zip-full + - pmount ntfs-3g # for mounting, including ntfs + - python3 python3-pip + - python3-lxml + - libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev # dependencies for building pillow +* Compile p7zip-rar from source + - Change your source.list file + - Make a new directory and cd to it + - apt-get build-dep p7zip-rar + - dpkg -i +* Make sure the right pip executable is called by `pip3`, change your path if necessary +* Upgrade pip: pip3 install -U pip +* pip3 install python dependencies + - exifread + - pillow + - olefile + - git+https://github.com/decalage2/oletools.git + - git+https://github.com/grierforensics/officedissector.git + - git+https://github.com/CIRCL/PyCIRCLean.git +* Add a user named "kitten" +* Symlink /proc/mounts to /etc/mtab +* Copy circlean_fs/root_partition/systemd/system/rc-local.service into the equivalent location +* Turn on rc-local.service `systemctl enable rc.local` + - If it doesn't work, read these instructions: https://www.linuxbabe.com/linux-server/how-to-enable-etcrc-local-with-systemd +* Copy all of the project files from circlean_fs/ into the two partitions: + - rsync -vnri will do a dry run of what will be copied, remove the -n to copy. See the rsync manpage for details. + - diode_controller/ if you're using the led functionality and have an external led + - midi/ files into /opt/midi/ + - you might want to double check all of the permissions of the new files/directories +* apt-get autoclean +* apt-get autoremove +* Exit the chroot +* Copy the image over to the SD card: sudo dd bs=4M if= of=/dev/sd + - In newer versions of dd, you can add status=progress +* Mount the image +* Optional: fsck the root partition (sudo e2fsck -f /dev/sd2). +* Test with an rpi + - FAT32 partition + - NTFS partition diff --git a/doc/modifying_image.md b/doc/modifying_image.md new file mode 100644 index 0000000..6d59f24 --- /dev/null +++ b/doc/modifying_image.md @@ -0,0 +1,24 @@ +Modifying an already-built image +================================ +One way to debug the project or test changes quickly is to modify an already built +version of the project. Once you've got an image set up on an SD card, you can mount +the image and make changes to the files directly or copy changes you've made locally +onto the mounted image. The only requirement is a linux distro such as Debian or Ubuntu. +If you're using MacOS, you can download and install VirtualBox. + +Mounting an image +================= +* The steps listed in mount_image.sh are only necessary if you'd like to chroot +into and run executables from the image locally. +* To mount the image for the purpose of reading/writing to it, the process is much +* Plug the SD card into the computer. +* If you're on Virtualbox, you'll probably have to unmount the image on the host OS +(on MacOS this involves ejecting it or using diskutil unmountDisk) and then mount it +on the virtualized OS. You might have to select it under "Devices" first. +* Then, in linux, use sudo fdisk -l to find the location of the image. +* sudo mount $PATH_TO_IMAGE $PATH_TO_CHOSEN_MOUNT_POINT will mount the image. +* The path to the image will need to be the path to the partition with the OS on it, +which should be the second partition. So /dev/sdb2, not just dev/sdb. +* When you're done, sudo umount $PATH_TO_MOUNT_POINT will unmount it. +* If you get a warning about "No caching mode page found," it's safe to skip it +by pressing enter. diff --git a/doc/qemu-notes.md b/doc/qemu-notes.md new file mode 100644 index 0000000..cc22bc6 --- /dev/null +++ b/doc/qemu-notes.md @@ -0,0 +1,74 @@ +Various qemu startup commands +============================= + +From https://www.raspberrypi.org/forums/viewtopic.php?f=29&t=37386 +qemu-system-arm -kernel ~/qemu_vms/kernel-qemu-4.4.13-jessie -cpu arm1176 -m 256 -M versatilepb -no-reboot -serial stdio -append "root=/dev/sda2 panic=1" -hda ~/qemu_vms/2016-09-23-raspbian-jessie-lite.img -redir tcp:5022::22 + + +From https://github.com/dhruvvyas90/qemu-rpi-kernel +qemu-system-arm -kernel ~/qemu_vms/kernel-qemu-4.4.13-jessie -cpu arm1176 -m 256 -M versatilepb -serial stdio -append "root=/dev/sda2 rootfstype=ext4 rw" -hda ~/qemu_vms/2016-09-23-raspbian-jessie-lite.img + + +From http://pub.phyks.me/respawn/mypersonaldata/public/2014-05-20-11-08-01/ +qemu-system-arm -kernel <<>> -cpu arm1176 -m 256 -M versatilepb -no-reboot -serial stdio -append "root=/dev/sda2 panic=1 rootfstype=ext4 rw init=/bin/bash" -hda <<>> + + +Others: +qemu-system-arm -kernel ~/qemu_vms/kernel-qemu-3.10.25-wheezy -cpu arm1176 -m 256 -M versatilepb -serial stdio -append "root=/dev/sda2 rootfstype=ext4 rw" -hda ~/qemu_vms/2015-02-16-raspbian-wheezy.img + +qemu-system-arm -kernel qemu-rpi-kernel/kernel-qemu-3.10.25-wheezy -cpu arm1176 -m 256 -M versatilepb -serial stdio -append "root=/dev/sda2 rootfstype=ext4 rw" -hda 2015-02-16-raspbian-wheezy.img + + + +Places to get raspbian base images: +=================================== + +For Raspbian Wheezy image: +wget https://downloads.raspberrypi.org/raspbian/images/raspbian-2015-02-17/2015-02-16-raspbian-wheezy.zip + +For Raspbian Jessie Lite image: +wget https://downloads.raspberrypi.org/raspbian_lite/images/raspbian_lite-2016-09-28/2016-09-23-raspbian-jessie-lite.zip + + + + +Traceback of the qemu failure on digitalocean +============================================= + +pulseaudio: pa_context_connect() failed +pulseaudio: Reason: Connection refused +pulseaudio: Failed to initialize PA contextaudio: Could not init `pa' audio driver +ALSA lib confmisc.c:768:(parse_card) cannot find card '0' +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:4738:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize DAC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +ALSA lib confmisc.c:768:(parse_card) cannot find card '0' +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory +ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_concat returned error: No such file or directory +ALSA lib confmisc.c:1251:(snd_func_refer) error evaluating name +ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_refer returned error: No such file or directory +ALSA lib conf.c:4738:(snd_config_expand) Evaluate error: No such file or directory +ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM default +alsa: Could not initialize DAC +alsa: Failed to open `default': +alsa: Reason: No such file or directory +audio: Failed to create voice `lm4549.out' +Could not initialize SDL(No available video device) - exiting + + +Notes +===== +- The error message: it is probably not a big deal - can make them not being blocking by modifying https://github.com/CIRCL/Circlean/blob/master/tests/run.exp#L10 +- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760365 +- Could not initialize SDL(No available video device) - exiting <= this one is blocking +- I guess it is the vnc switch - requires x11 installed +- If you use a cloud instance, you will need to get qemu to open a port you can connect to with vnc +- The good thing of having VNC is that you can see what explodes when you're running the image diff --git a/doc/resize_img.md b/doc/resize_image.md similarity index 100% rename from doc/resize_img.md rename to doc/resize_image.md diff --git a/doc/tests_TODO.md b/doc/tests_TODO.md index b969896..f3e5fcf 100644 --- a/doc/tests_TODO.md +++ b/doc/tests_TODO.md @@ -16,14 +16,14 @@ Ideas ===== Source keys: -[DONE] Working documents, one / multiple partitions +- Working documents, one / multiple partitions - Non working documents: one / multiple partitions - different FS on different partitions - Non working FS - Malicious documents (very slow, might break the conversions) Destinations keys -[DONE] empty, big enough +- empty, big enough - empty, too small - broken - not empty From 58ae57634334c27db4f067da6f0048c304e99504 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 20:33:22 -0500 Subject: [PATCH 11/16] Update readme, changelog, and contributing --- CHANGELOG.md | 5 +- CONTRIBUTING.md | 51 ++++++-- README.md | 41 +++---- doc/README_setup.md | 196 ------------------------------ doc/image-setup-checklist.md | 29 +++-- doc/setup_with_proot.md | 224 +++++++++++++++++++++++++++++++++++ 6 files changed, 301 insertions(+), 245 deletions(-) delete mode 100644 doc/README_setup.md create mode 100644 doc/setup_with_proot.md diff --git a/CHANGELOG.md b/CHANGELOG.md index cc12256..15dd536 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,9 @@ Version 2.1 - 2017-02-XX - Updated to the newest version of Raspbian Jessie lite (January 11th 2017 release) -- NTFS files can be mounted +- NTFS files can now be mounted as source or destination keys +- Added udev rules that ensure the USB ports map deterministically to source and destination keys +- New debug flag and debug logging functionality to make working on Circlean without a monitor easier +- Turned off automatic display sleep Version 2.0.2 - 2016-05-12 - Improve filename encoding diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 2ed1ee4..b879e74 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,17 +1,52 @@ -Building the project -==================== +Getting started +=============== -To get started contributing to Circlean, first, fork the project and `git clone` -your fork. Then, follow the instructions in [README_setup.md](README_setup.md) -to build an image. +If you'd like to work on the Python code that processes files for Circlean, you should +take a look at [PyCIRCLean](https://github.com/CIRCL/PyCIRCLean), specifically the +filecheck.py script. To get started contributing to Circlean, first, fork the project and +`git clone` your fork. Then, follow the instructions in [setup_with_proot.md](doc/ +setup_with_proot.md) to build an image. To make things easier, you can also download a +prebuilt image as mentioned in the README, and then mount and make modifications to this +image to test your changes. The issue tracker ================= If you find a bug or see a problem with PyCIRCLean, please open an issue in the Github -repo. We'll do our best to respond as quickly as possible. Also, feel free to contribute a solution -to any of the open issues - we'll do our best to review your pull request in a timely manner. -This project is in active development, so any contributions are welcome! +repo. We'll do our best to respond as quickly as possible. Also, feel free to contribute a +solution to any of the open issues - we'll do our best to review your pull request in a +timely manner. This project is in active development, so any contributions are welcome! + +Dependencies +============ +* Timidity for playing midi files +* Git for installing some Python dependencies +* 7Zip for unpacking archives +* Pmount and ntfs-3g for mounting usb key partitions +* Python 3 and pip for installing and running Python dependencies +* Python3-lxml for handling ooxml and other Office files in filecheck.py +* libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev for various image formats ( +dependencies for pillow) +* Exifread for file metadata +* Pillow for handling images +* Olefile, oletools, and officedissector for handling various Office filetypes +* PyCIRCLean for main file handling code + +Helper scripts +============== + +Use the scripts in shell_utils/ as examples - do not run them blindly as you will most +probably have to change some constants/paths accordingly to your configuration. + +IN ALL CASES, PLEASE READ THE COMMENTS IN THE SCRIPTS AT LEAST ONCE. + +* proper_chroot.sh: uses qemu to chroot into a raspbian instance (.img or SD Card) +* prepare_rPI.sh: update the system, some configuration +* create_user.sh: create the user who will run the scripts, assign the proper sudo rights. +* copy_to_final.sh: populate the content of the directory fs/ in the image, + contains a sample of dd command to write the image on the SD card. + NOTE: TAKE CARE NOT TO USE THE WRONG DESTINATION + Running the tests ================= diff --git a/README.md b/README.md index 3ffacce..e9040e5 100644 --- a/README.md +++ b/README.md @@ -3,17 +3,20 @@ CIRCLean ![CIRCLean logo](https://www.circl.lu/assets/images/logos/circlean.png) ![Cleaner in action](http://www.circl.lu/assets/images/CIRCLean/CIRCLean.png) -How To -====== +How To Install +============== -[Graphical how-to and pre-built image](http://circl.lu/projects/CIRCLean/). +[Graphical how-to and pre-built image download](http://circl.lu/projects/CIRCLean/). -To prepare the SD card on Windows, you can use [Win32DiskImager](http://sourceforge.net/projects/win32diskimager/). +To prepare the SD card on Windows, you can use [Win32DiskImager](http://sourceforge.net/ +projects/win32diskimager/). On linux/macOS, use dd (see the how-to link for +instructions). -And the linux way is in the command line, via dd (see in copy_to_final.sh) +The current prebuilt image is based on the 1-11-17 release of Raspbian Jessie Lite. +The smallest SD card that Circlean can fit on is currently 4GB. If you'd like to contribute to the project or build the image yourself, see -[contributing](CONTRIBUTING.md) and the [setup readme](README_setup.md). +[contributing](CONTRIBUTING.md) and the [setup instructions](doc/setup_with_proot.md). This is a work in progress - contributions are welcome. Why/What @@ -21,11 +24,15 @@ Why/What This project aims to be useful when you get/find a USB key that you can't trust, and you want to look at its contents without taking the risk of plugging it into -your computer directly. +your computer directly. The official project page can be found at [https://www.circl.lu/projects/CIRCLean/] + +The Raspberry Pi Foundation blog has a [post](https://www.raspberrypi.org/blog/kittengroomercirclean-data-security-for-journalists-and-activists/) with more information +about an older version of the project and details of the inspiration behind it. CIRCLean is currently tested to work with USB keys that have FAT32, NTFS, or -ext2/3/4 filesystems. Currently, exFAT is not supported due to lack of support for -this format in pmount. The vast majority of USB keys will be FAT32 or NTFS. +ext2/3/4 filesystems (ext* filesystems can only be used as source keys, not destination +keys). Currently, exFAT is not supported due to lack of support for this format in pmount. +The vast majority of USB keys will be FAT32 or NTFS. The content of the untrusted key will be copied or/and converted to the second (blank) key following these rules (based on the mime type as determined bylibmagic): @@ -71,19 +78,3 @@ there are more than 2). connected the HDMI cable, check the screen. The process is slow and can take 30-60 minutes depending on how many document conversions take place. 6. Power off the device and disconnect the drives. - -Helper scripts -============== - -You should use them as examples when you are creating a new image and probably not -run them blindly as you will most probably have to change parameters accordingly to -your configuration. - -IN ALL CASES, PLEASE READ THE COMMENTS IN THE SCRIPTS AT LEAST ONCE. - -* proper_chroot.sh: uses qemu to chroot into a raspbian instance (.img or SD Card) -* prepare_rPI.sh: update the system, some configuration -* create_user.sh: create the user who will run the scripts, assign the proper sudo rights. -* copy_to_final.sh: populate the content of the directory fs/ in the image, - contains a sample of dd command to write the image on the SD card. - NOTE: TAKE CARE NOT TO USE THE WRONG DESTINATION diff --git a/doc/README_setup.md b/doc/README_setup.md deleted file mode 100644 index 6e6c157..0000000 --- a/doc/README_setup.md +++ /dev/null @@ -1,196 +0,0 @@ -Building the image from scratch -=============================== - -There is always a prebuilt image available for download and installation as -described in the [README](README.md). If you'd like to build the project yourself, -there are several steps involved: - -* Downloading a generic Raspbian Lite image -* Adding space to the image -* Downloading and building the dependencies -* Copying the project filesystem into the image - -This procedure will only work on Ubuntu or Debian Linux. If you use MacOS or -Windows, the best option is to install Linux in a virtual machine using -something like VirtualBox. - -Downloading the Raspbian image -============================== - -* Get the most recent version of Raspbian Jessie Lite: - -``` - wget https://downloads.raspberrypi.org/raspbian_lite_latest -``` - -* Unpack it: - -``` - unzip XXXX-XX-XX-raspbian-jessie-lite.zip -``` - -Adding space to the image -========================= - -* Use dd to add 2GB (2048 blocks at 1024k each). Using /dev/zero as the input -file yields an unlimited number of "0x00" bytes. - -``` - > dd if=/dev/zero bs=1024k count=2048 >> XXXX-XX-XX-raspbian-jessie-lite.img -``` - -* Grow the root partition using fdisk. The "p" command prints the current partition -table. The first partition listed is the boot partition, which shouldn't be changed. -The "d" command, when given the parameter "2", deletes the current root partition. -The "n" command then makes a new partition. It can take the default for "type" -and "number". The "First sector" should be the value that was the "start" sector of the root -partition (131072 in the example below, but this varies depending on the version of the -Raspbian image). The "Last sector" should be the default, and it should be significantly -larger than it was before (6852607 vs. 2658303 in the example). - - -``` - > fdisk XXXX-XX-XX-raspbian-jessie-lite.img - - Command (m for help): *p* - Disk XXXX-XX-XX-raspbian-jessie-lite.img: 3.3 GiB, 3537895424 bytes, 6909952 sectors - Units: sectors of 1 * 512 = 512 bytes - Sector size (logical/physical): 512 bytes / 512 bytes - I/O size (minimum/optimal): 512 bytes / 512 bytes - Disklabel type: dos - Disk identifier: 0x244b8248 - - Device Boot Start End Sectors Size Id Type - XXXX-XX-XX-raspbian-jessie-lite.img1 8192 137215 129024 63M c W95 FAT32 (LBA) - XXXX-XX-XX-raspbian-jessie-lite.img2 137216 2715647 2578432 1.2G 83 Linux - - Command (m for help): *d* - Partition number (1,2, default 2): *2* - - Partition 2 has been deleted. - - Command (m for help): *n* - Partition type - p primary (1 primary, 0 extended, 3 free) - e extended (container for logical partitions) - Select (default p): - - Using default response p. - Partition number (2-4, default 2): - First sector (2048-6852607, default 2048): *137216* - Last sector, +sectors or +size{K,M,G,T,P} (131216-6909951, default 6909951): - - Created a new partition 2 of type 'Linux' and of size 3.2 GiB. - - Command (m for help): *w* - The partition table has been altered. - Syncing disks. -``` - -* Mount the image in loop mode: first, edit /mount_image.sh to use the proper values -for $OFFSET_BOOT and $OFFSET_ROOTFS, which you can obtain using fdisk and "p" as -shown above. You must also change $IMAGE to the correct path. Then run: - -``` - sudo ./proper_chroot.sh -``` - -* After mounting the image, the above script will chroot into the mounted image. -While in a chroot, the / directory of the image appears as the system / directory -(thus the name, change root). To exit the chroot, run "exit" in the root directory. -Then, verify the path to the mounted partitions, and resize the filesystem -to fill the new larger partition using resize2fs: - -``` - > df | grep /mnt/arm - - /dev/loop0 3927752 1955672 1794172 53% /mnt/arm_rPi - /dev/loop1 57288 18960 38328 34% /mnt/arm_rPi/boot - - > sudo resize2fs /dev/loop0 -``` - -Installing the dependencies -=========================== - -* To install the dependencies, you'll have to reenter the chroot again: - -``` - sudo chroot /mnt/arm_rPi -``` - -* Change your user to root (your global variables may be broken as a result): - -``` - su root -``` - -* Change the locales (remove "en_GB.UTF-8 UTF-8", add "en_US.UTF-8 UTF-8"). The -arrow keys move the cursor, spacebar selects/deselects a locale, tab moves the cursor -to a different context, and enter lets you select "ok": - -``` - dpkg-reconfigure locales -``` - -* In the image, make sure everything is up-to-date and remove the old packages: - -``` - apt-get update - apt-get dist-upgrade - apt-get autoremove - apt-get install timidity git p7zip-full python-dev python-pip python-lxml pmount libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev tk-dev python-tk libxml2-dev libxslt1-dev -``` - -* Install the Python dependencies for PyCIRCLean. Currently, PyCIRCLean is -Python 2.7 and 3.3+ compatible, but Python 2 support might be dropped at some point. - -``` - pip install oletools olefile exifread Pillow - pip install git+https://github.com/Rafiot/officedissector.git - pip install git+https://github.com/CIRCL/PyCIRCLean.git -``` - -* Create a new user and make mounting work with a read-only filesystem. - -``` - useradd -m kitten - chown -R kitten:kitten /home/kitten - ln -s /proc/mounts /etc/mtab -``` - -* Enable rc.local, which ensures that the code in /etc/rc.local is run on boot. -This is what triggers CIRCLean to run. - -``` - systemctl enable rc-local.service -``` - -* Exit the chroot again, and copy the files from your repository into the mounted -image. - -``` - sudo ./copy_to_final.sh /mnt/arm_rPi/ -``` - -Write the image on a SD card -============================ - -* Plug your SD card into the computer. Then, find where it is mounted using df: - -``` - df -h -``` - -* If it has been automatically mounted, unmount the SD card (use the path you -found in the previous step): - -``` - umount $PATH_TO_YOUR_SD -``` - -* Write the image to the card: - -``` - sudo dd bs=4M if=$PATH_TO_YOUR_IMAGE of=$PATH_TO_YOUR_SD -``` diff --git a/doc/image-setup-checklist.md b/doc/image-setup-checklist.md index e3d1d4e..1a40527 100644 --- a/doc/image-setup-checklist.md +++ b/doc/image-setup-checklist.md @@ -1,24 +1,25 @@ -* Download qemu and qemu-user-static if not already installed +* Download qemu, qemu-user-static, and proot if not already installed * Download the newest raspbian-lite image from raspberrypi.org * Verify the sha1 hash of the downloaded .zip file * Unzip the image * Expand the image by 2GB using dd * Expand the root partition using fdisk -* Mount both partitions in loop mode using /shell_utils/simple_mount_image.sh +* Mount both partitions in loop mode using /shell_utils/basic_mount_image.sh * Use df to find the larger partition, and resize the filesystem to fill it +* Copy circlean_fs/root_partition/etc/systemd/system/rc-local.service into the equivalent location * Use proot to enter a chroot in the image: sudo proot -q qemu-arm -S /mnt/rpi-root -b /mnt/rpi-boot:/boot /bin/bash -* Run dpkg-reconfigure locales (this step + others using proot + qemu can be slow, be patient) +* Run dpkg-reconfigure locales * apt-get update * apt-get dist-upgrade (might have to run this and autoremove several times) * apt-get autoremove * apt-get install the linux dependencies: - - timidity # for playing music - - git # for installing python dependencies from github + - timidity + - git - p7zip-full - - pmount ntfs-3g # for mounting, including ntfs + - pmount ntfs-3g - python3 python3-pip - python3-lxml - - libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev # dependencies for building pillow + - libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev * Compile p7zip-rar from source - Change your source.list file - Make a new directory and cd to it @@ -35,21 +36,19 @@ - git+https://github.com/CIRCL/PyCIRCLean.git * Add a user named "kitten" * Symlink /proc/mounts to /etc/mtab -* Copy circlean_fs/root_partition/systemd/system/rc-local.service into the equivalent location -* Turn on rc-local.service `systemctl enable rc.local` +* Turn on rc-local.service `systemctl enable rc-local.service` - If it doesn't work, read these instructions: https://www.linuxbabe.com/linux-server/how-to-enable-etcrc-local-with-systemd +* apt-get autoclean +* apt-get autoremove +* Exit from proot * Copy all of the project files from circlean_fs/ into the two partitions: - rsync -vnri will do a dry run of what will be copied, remove the -n to copy. See the rsync manpage for details. - diode_controller/ if you're using the led functionality and have an external led - midi/ files into /opt/midi/ - you might want to double check all of the permissions of the new files/directories -* apt-get autoclean -* apt-get autoremove -* Exit the chroot * Copy the image over to the SD card: sudo dd bs=4M if= of=/dev/sd - In newer versions of dd, you can add status=progress -* Mount the image * Optional: fsck the root partition (sudo e2fsck -f /dev/sd2). * Test with an rpi - - FAT32 partition - - NTFS partition + - FAT32 filesystem + - NTFS filesystem diff --git a/doc/setup_with_proot.md b/doc/setup_with_proot.md new file mode 100644 index 0000000..edd1b1b --- /dev/null +++ b/doc/setup_with_proot.md @@ -0,0 +1,224 @@ +Building the image from scratch +=============================== + +There is always a prebuilt image available for download and installation as +described in the [README](README.md). If you'd like to build the project yourself, +there are several steps involved: + +* Downloading a generic Raspbian Lite image +* Resizing the image and partition +* Downloading and building the dependencies +* Modifying the image configuration +* Copying the project filesystem into the image + +This procedure will only work on Ubuntu or Debian Linux. If you use MacOS or +Windows, the best option is to install Linux in a virtual machine using +something like VirtualBox. + +It is recommended that you make a copy of image_setup_checklist.md and √ items off +on the list as you go. + +Preparation +=========== + +* Make sure your development environment is up to date: +``` + apt-get update + apt-get dist-upgrade +``` +* Install qemu, qemu-user-static, and proot if not already installed: +``` + apt-get install qemu qemu-user-static proot +``` + +Download the Raspbian image +============================== + +* Get the most recent version of Raspbian Jessie Lite from https://downloads.raspberrypi.org/raspbian_lite/images/: + +``` + wget https://downloads.raspberrypi.org/raspbian_lite_latest +``` +* Verify the hash of the downloaded file and compare it to the hash on the server: +``` + shasum XXXX-XX-XX-raspbian-jessie-lite.zip +``` +* Unpack it: +``` + unzip XXXX-XX-XX-raspbian-jessie-lite.zip +``` + +Add space to the image +========================= + +* Use dd to add 2GB (2048 blocks of 1024k each). Using /dev/zero as the input +file yields an unlimited number of "0x00" bytes. +``` + > dd if=/dev/zero bs=1024k count=2048 >> XXXX-XX-XX-raspbian-jessie-lite.img +``` +* Expand the root (second) partition using fdisk. The first partition listed is the boot +partition, which shouldn't be changed. In the new partition, the "First sector" should be +the value that was the "start" sector of the old root partition (137216 in the example +below, but this varies depending on the version of the Raspbian image). The "Last sector" +should be the default, and it should be significantly larger than it was before (6909951 vs. +2715647 in the example). + +``` + > fdisk XXXX-XX-XX-raspbian-jessie-lite.img + + Command (m for help): *p* + Disk XXXX-XX-XX-raspbian-jessie-lite.img: 3.3 GiB, 3537895424 bytes, 6909952 sectors + Units: sectors of 1 * 512 = 512 bytes + Sector size (logical/physical): 512 bytes / 512 bytes + I/O size (minimum/optimal): 512 bytes / 512 bytes + Disklabel type: dos + Disk identifier: 0x244b8248 + + Device Boot Start End Sectors Size Id Type + XXXX-XX-XX-raspbian-jessie-lite.img1 8192 137215 129024 63M c W95 FAT32 (LBA) + XXXX-XX-XX-raspbian-jessie-lite.img2 137216 2715647 2578432 1.2G 83 Linux + + Command (m for help): *d* + Partition number (1,2, default 2): *2* + + Partition 2 has been deleted. + + Command (m for help): *n* + Partition type + p primary (1 primary, 0 extended, 3 free) + e extended (container for logical partitions) + Select (default p): + + Using default response p. + Partition number (2-4, default 2): + First sector (2048-6852607, default 2048): *137216* + Last sector, +sectors or +size{K,M,G,T,P} (131216-6909951, default 6909951): + + Created a new partition 2 of type 'Linux' and of size 3.2 GiB. + + Command (m for help): *w* + The partition table has been altered. + Syncing disks. +``` +* Mount the image in loop mode: first, edit shell_utils/basic_mount_image.sh to use the +proper values for $BOOT_START and $ROOT_START, which you can obtain using fdisk and "p" +as in the previous step. You must also change $IMAGE to the correct path. Then run: +``` + sudo ./shell_utils/basic_mount_image.md +``` +* Verify the path to the mounted partitions in /dev, and resize the root (larger) filesystem +to fill the new larger partition using resize2fs: +``` + > df | grep /mnt/arm + + /dev/loop0 3927752 1955672 1794172 53% /mnt/rpi-root + /dev/loop1 57288 18960 38328 34% /mnt/rpi-boot + + > sudo resize2fs /dev/loop0 +``` + +Installing the dependencies +=========================== + +* Copy circlean_fs/root_partition/systemd/system/rc-local.service into the equivalent location in the image. +``` + cp circlean_fs/root_partition/systemd/system/rc-local.service /mnt/rpi-root/etc/systemd/system/rc-local.service +``` +* Use [proot](https://proot-me.github.io/) to enter the equivalent of a chroot inside +the mounted image. +``` + sudo proot -q qemu-arm -S /mnt/rpi-root -b /mnt/rpi-boot:/boot /bin/bash +``` +* Change your locales (remove "en_GB.UTF-8 UTF-8", add "en_US.UTF-8 UTF-8"). The +arrow keys move the cursor, spacebar selects/deselects a locale, tab moves the cursor +to a different context, and enter lets you select "ok". This step might take some time, +be patient: +``` + dpkg-reconfigure locales +``` +* In the image, make sure everything is up-to-date and remove old packages. You may have to +run dist-upgrade and autoremove several times for everything to be installed, and a few +raspbian-sys-mods related installs may fail - you can ignore them: +``` + apt-get update + apt-get dist-upgrade + apt-get autoremove +``` +* Install the linux dependencies (see CONTRIBUTING.md for more details): +``` + apt-get install timidity git p7zip-full python3 python3-pip python3-lxml pmount ntfs-3g libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev +``` +* Compile p7zip-rar from source. First, uncomment out the second line in /etc/apt/sources.list. Then: +``` + cd /home/pi + mkdir rar && cd rar/ + apt-get build-dep p7zip-rar + dpkg -i ${path to p7zip-rar .deb file} +``` +* Install the Python dependencies for PyCIRCLean/filecheck.py. PyCIRCLean is 3.3+ +compatible, so use pip -V to make sure you're using the right version of pip. You might +have to edit your PATH variable or use pip3 to get the correct pip. You also might want to +verify that these dependencies are current by checking in the PyCIRCLean git repo. +``` + pip install -U pip + pip install oletools exifread pillow + pip install git+https://github.com/decalage2/oletools.git + pip install git+https://github.com/Rafiot/officedissector.git + pip install git+https://github.com/CIRCL/PyCIRCLean.git +``` +* Create a new user named "kitten": +``` + useradd -m kitten + chown -R kitten:kitten /home/kitten +``` +* Symlinking /proc/mounts to /etc/mtab is necessary because /etc/mtab cannot be edited by +pmount if root is read-only. /proc/mounts is maintained by the kernel and is guaranteed to +be accurate. +``` + ln -s /proc/mounts /etc/mtab +``` +* Enable rc.local, which ensures that the code in /etc/rc.local is run on boot. +This is what triggers CIRCLean to run. +``` + systemctl enable rc-local.service +``` +* Clean up: +``` + apt-get clean + apt-get autoremove + apt-get autoclean +``` +* Exit proot, and copy the files from your repository into the mounted +image. Adding a -n flag will make rsync do a dry run instead of copying. See the rsync +manpage for more details. Make sure to include the trailing slashes on the paths: +``` + exit + sudo rsync -vri circlean_fs/boot/ /mnt/rpi-boot/ + sudo rsync -vri circlean_fs/root_partition/ /mnt/rpi-root/ + cp -rf midi /mnt/rpi-root/opt/ +``` +* If have an external hardware led and you're using the led functionality, copy +the led files from diode_controller/ as well. + +Write the image on a SD card +============================ + +* Plug your SD card into the computer. Then, find where it is mounted using lsblk or df: +``` + lsblk + df -h +``` +* If it has been automatically mounted, unmount the SD card (use the path you +found in the previous step): +``` + umount $PATH_TO_YOUR_SD +``` +* Write the image to the card. Newer versions of dd include a status option to monitor the +copying process: +``` + sudo dd bs=4M if=$PATH_TO_YOUR_IMAGE of=$PATH_TO_YOUR_SD status=progress +``` +* Use fsck to verify the root partition: +``` + sudo e2fsck -f /dev/sd2 +``` From 0dd86af8e8f17dd36824f600983577f10fed561a Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 20:34:40 -0500 Subject: [PATCH 12/16] Rename image setup checklist --- doc/{image-setup-checklist.md => image_setup_checklist.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename doc/{image-setup-checklist.md => image_setup_checklist.md} (100%) diff --git a/doc/image-setup-checklist.md b/doc/image_setup_checklist.md similarity index 100% rename from doc/image-setup-checklist.md rename to doc/image_setup_checklist.md From 66dee077ce52d686ec953f4b6412f70f2dd38e80 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 20:36:07 -0500 Subject: [PATCH 13/16] Remove path from helper script --- shell_utils/basic_mount_image.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/shell_utils/basic_mount_image.sh b/shell_utils/basic_mount_image.sh index c0a002a..bcfa3d1 100755 --- a/shell_utils/basic_mount_image.sh +++ b/shell_utils/basic_mount_image.sh @@ -17,7 +17,7 @@ set -x # Double check the path and offsets as noted above! # Path to the image -IMAGE='/media/sf_ubuntu-shared/2017-02-02_CIRCLean.img' +IMAGE='2017-02-02_CIRCLean.img' # Start sector of boot (first) partition BOOT_START=8192 # Start sector of root (second) partition From 5a811438f23737d56c835e86806d2cd20dcf0c89 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 21:18:40 -0500 Subject: [PATCH 14/16] Small doc bug fixes --- CHANGELOG.md | 2 +- CONTRIBUTING.md | 6 ++---- README.md | 13 ++++++------- doc/image_setup_checklist.md | 2 +- doc/qemu-notes.md | 8 ++++---- doc/setup_with_proot.md | 6 +++--- 6 files changed, 17 insertions(+), 20 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 15dd536..45e2a87 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,4 @@ -Version 2.1 - 2017-02-XX +Version 2.1 - 2017-02-02 - Updated to the newest version of Raspbian Jessie lite (January 11th 2017 release) - NTFS files can now be mounted as source or destination keys - Added udev rules that ensure the USB ports map deterministically to source and destination keys diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index b879e74..d7e7b00 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -4,8 +4,7 @@ Getting started If you'd like to work on the Python code that processes files for Circlean, you should take a look at [PyCIRCLean](https://github.com/CIRCL/PyCIRCLean), specifically the filecheck.py script. To get started contributing to Circlean, first, fork the project and -`git clone` your fork. Then, follow the instructions in [setup_with_proot.md](doc/ -setup_with_proot.md) to build an image. To make things easier, you can also download a +`git clone` your fork. Then, follow the instructions in [setup_with_proot.md](doc/setup_with_proot.md) to build an image. To make things easier, you can also download a prebuilt image as mentioned in the README, and then mount and make modifications to this image to test your changes. @@ -25,8 +24,7 @@ Dependencies * Pmount and ntfs-3g for mounting usb key partitions * Python 3 and pip for installing and running Python dependencies * Python3-lxml for handling ooxml and other Office files in filecheck.py -* libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev for various image formats ( -dependencies for pillow) +* libjpeg-dev, libtiff-dev, libwebp-dev, liblcms2-dev, tcl-dev, tk-dev, and python-tk for various image formats (dependencies for pillow) * Exifread for file metadata * Pillow for handling images * Olefile, oletools, and officedissector for handling various Office filetypes diff --git a/README.md b/README.md index e9040e5..4b90b39 100644 --- a/README.md +++ b/README.md @@ -8,15 +8,14 @@ How To Install [Graphical how-to and pre-built image download](http://circl.lu/projects/CIRCLean/). -To prepare the SD card on Windows, you can use [Win32DiskImager](http://sourceforge.net/ -projects/win32diskimager/). On linux/macOS, use dd (see the how-to link for +To prepare the SD card on Windows, you can use [Win32DiskImager](http://sourceforge.net/projects/win32diskimager/). On linux/macOS, use dd (see the how-to link for instructions). The current prebuilt image is based on the 1-11-17 release of Raspbian Jessie Lite. The smallest SD card that Circlean can fit on is currently 4GB. If you'd like to contribute to the project or build the image yourself, see -[contributing](CONTRIBUTING.md) and the [setup instructions](doc/setup_with_proot.md). +[contributing.md](CONTRIBUTING.md) and the [setup instructions](doc/setup_with_proot.md). This is a work in progress - contributions are welcome. Why/What @@ -26,7 +25,7 @@ This project aims to be useful when you get/find a USB key that you can't trust, and you want to look at its contents without taking the risk of plugging it into your computer directly. The official project page can be found at [https://www.circl.lu/projects/CIRCLean/] -The Raspberry Pi Foundation blog has a [post](https://www.raspberrypi.org/blog/kittengroomercirclean-data-security-for-journalists-and-activists/) with more information +The Raspberry Pi Foundation has a [blog post](https://www.raspberrypi.org/blog/kittengroomercirclean-data-security-for-journalists-and-activists/) with more information about an older version of the project and details of the inspiration behind it. CIRCLean is currently tested to work with USB keys that have FAT32, NTFS, or @@ -35,14 +34,14 @@ keys). Currently, exFAT is not supported due to lack of support for this format The vast majority of USB keys will be FAT32 or NTFS. The content of the untrusted key will be copied or/and converted to the second -(blank) key following these rules (based on the mime type as determined bylibmagic): +(blank) key following these rules (based on the mime type as determined by libmagic): - Direct copy of: - Plain text files (mime type: text/*) - Audio files (mime type: audio/*) - Video files (mime type: video/*) - Example files (mime type: example/*) - Multipart files (mime type: multipart/*) - - *xml* files, after being converted to text files + - xml files, after being converted to text files - Octet-stream files - Copied after verification: - Image files after verifying that they are not compression bombs (mime type: image/*) @@ -62,7 +61,7 @@ Usage ===== 0. Power off the device and unplug all connections. -1. Plug the untrusted key in the top USB slot of the Raspberry Pi. +1. Plug the untrusted key in the top left USB slot of the Raspberry Pi. 2. Plug your own key in the bottom USB slot (or use any of the other slots if there are more than 2). diff --git a/doc/image_setup_checklist.md b/doc/image_setup_checklist.md index 1a40527..8c12e59 100644 --- a/doc/image_setup_checklist.md +++ b/doc/image_setup_checklist.md @@ -19,7 +19,7 @@ - pmount ntfs-3g - python3 python3-pip - python3-lxml - - libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev + - libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev tk-dev python-tk * Compile p7zip-rar from source - Change your source.list file - Make a new directory and cd to it diff --git a/doc/qemu-notes.md b/doc/qemu-notes.md index cc22bc6..8cb820a 100644 --- a/doc/qemu-notes.md +++ b/doc/qemu-notes.md @@ -37,7 +37,7 @@ Traceback of the qemu failure on digitalocean pulseaudio: pa_context_connect() failed pulseaudio: Reason: Connection refused -pulseaudio: Failed to initialize PA contextaudio: Could not init `pa' audio driver +pulseaudio: Failed to initialize PA contextaudio: Could not init 'pa' audio driver ALSA lib confmisc.c:768:(parse_card) cannot find card '0' ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory ALSA lib confmisc.c:392:(snd_func_concat) error evaluating strings @@ -47,7 +47,7 @@ ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_refer returned err ALSA lib conf.c:4738:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC -alsa: Failed to open `default': +alsa: Failed to open 'default': alsa: Reason: No such file or directory ALSA lib confmisc.c:768:(parse_card) cannot find card '0' ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_card_driver returned error: No such file or directory @@ -58,9 +58,9 @@ ALSA lib conf.c:4259:(_snd_config_evaluate) function snd_func_refer returned err ALSA lib conf.c:4738:(snd_config_expand) Evaluate error: No such file or directory ALSA lib pcm.c:2239:(snd_pcm_open_noupdate) Unknown PCM default alsa: Could not initialize DAC -alsa: Failed to open `default': +alsa: Failed to open 'default': alsa: Reason: No such file or directory -audio: Failed to create voice `lm4549.out' +audio: Failed to create voice 'lm4549.out' Could not initialize SDL(No available video device) - exiting diff --git a/doc/setup_with_proot.md b/doc/setup_with_proot.md index edd1b1b..3fea3bc 100644 --- a/doc/setup_with_proot.md +++ b/doc/setup_with_proot.md @@ -2,7 +2,7 @@ Building the image from scratch =============================== There is always a prebuilt image available for download and installation as -described in the [README](README.md). If you'd like to build the project yourself, +described in the [README](../README.md). If you'd like to build the project yourself, there are several steps involved: * Downloading a generic Raspbian Lite image @@ -146,7 +146,7 @@ raspbian-sys-mods related installs may fail - you can ignore them: ``` * Install the linux dependencies (see CONTRIBUTING.md for more details): ``` - apt-get install timidity git p7zip-full python3 python3-pip python3-lxml pmount ntfs-3g libjpeg-dev libtiff-dev libwebp-dev liblcms2-dev tcl-dev + apt-get install timidity git p7zip-full python3 python3-pip python3-lxml pmount ntfs-3g libjpeg-dev libtiff-dev libwebp-dev tk-dev python-tk liblcms2-dev tcl-dev ``` * Compile p7zip-rar from source. First, uncomment out the second line in /etc/apt/sources.list. Then: ``` @@ -161,7 +161,7 @@ have to edit your PATH variable or use pip3 to get the correct pip. You also mig verify that these dependencies are current by checking in the PyCIRCLean git repo. ``` pip install -U pip - pip install oletools exifread pillow + pip install oletools exifread Pillow pip install git+https://github.com/decalage2/oletools.git pip install git+https://github.com/Rafiot/officedissector.git pip install git+https://github.com/CIRCL/PyCIRCLean.git From b2c0883bf7a2ce71204203ded6dc300594b48735 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Tue, 7 Feb 2017 21:30:40 -0500 Subject: [PATCH 15/16] Fix permissions for pdfid files --- circlean_fs/root_partition/usr/local/bin/pdfid.py | 0 circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py | 0 circlean_fs/root_partition/usr/local/bin/plugin_list | 0 .../root_partition/usr/local/bin/plugin_nameobfuscation.py | 0 circlean_fs/root_partition/usr/local/bin/plugin_triage.py | 0 5 files changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 circlean_fs/root_partition/usr/local/bin/pdfid.py mode change 100644 => 100755 circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py mode change 100644 => 100755 circlean_fs/root_partition/usr/local/bin/plugin_list mode change 100644 => 100755 circlean_fs/root_partition/usr/local/bin/plugin_nameobfuscation.py mode change 100644 => 100755 circlean_fs/root_partition/usr/local/bin/plugin_triage.py diff --git a/circlean_fs/root_partition/usr/local/bin/pdfid.py b/circlean_fs/root_partition/usr/local/bin/pdfid.py old mode 100644 new mode 100755 diff --git a/circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py b/circlean_fs/root_partition/usr/local/bin/plugin_embeddedfile.py old mode 100644 new mode 100755 diff --git a/circlean_fs/root_partition/usr/local/bin/plugin_list b/circlean_fs/root_partition/usr/local/bin/plugin_list old mode 100644 new mode 100755 diff --git a/circlean_fs/root_partition/usr/local/bin/plugin_nameobfuscation.py b/circlean_fs/root_partition/usr/local/bin/plugin_nameobfuscation.py old mode 100644 new mode 100755 diff --git a/circlean_fs/root_partition/usr/local/bin/plugin_triage.py b/circlean_fs/root_partition/usr/local/bin/plugin_triage.py old mode 100644 new mode 100755 From df958a1d3b77c105e29f3d19b48ad699496f6619 Mon Sep 17 00:00:00 2001 From: Dan Puttick Date: Wed, 8 Feb 2017 15:46:01 -0500 Subject: [PATCH 16/16] Add missing line in rc.local for led --- circlean_fs/root_partition/etc/rc.local | 1 + 1 file changed, 1 insertion(+) diff --git a/circlean_fs/root_partition/etc/rc.local b/circlean_fs/root_partition/etc/rc.local index 6635e4b..05a51e0 100755 --- a/circlean_fs/root_partition/etc/rc.local +++ b/circlean_fs/root_partition/etc/rc.local @@ -27,6 +27,7 @@ if [ -e /dev/sda ]; then /sbin/ifconfig eth0 down trap clean EXIT TERM INT cd /opt/groomer + /usr/sbin/led & ./init.sh fi fi