diff --git a/fs/etc/fstab b/fs/etc/fstab index 4c1b13e..0aae1ee 100644 --- a/fs/etc/fstab +++ b/fs/etc/fstab @@ -2,4 +2,5 @@ proc /proc proc defaults 0 0 /dev/mmcblk0p1 /boot vfat ro,defaults 0 0 /dev/mmcblk0p2 / ext4 ro,defaults,noatime 0 0 tmpfs /tmp tmpfs rw,size=64M,noexec,nodev,nosuid,mode=1777 0 0 +tmpfs /media tmpfs rw,size=64M,noexec,nodev,nosuid,mode=1777 0 0 # a swapfile is not a swap partition, so no using swapon|off from here on, use dphys-swapfile swap[on|off] for that diff --git a/fs/etc/sudoers b/fs/etc/sudoers index c217a94..7bdb828 100644 --- a/fs/etc/sudoers +++ b/fs/etc/sudoers @@ -26,5 +26,3 @@ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b #includedir /etc/sudoers.d #pi ALL=(ALL) NOPASSWD: ALL -Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src, /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount -kitten ALL = NOPASSWD: GROOMER_CMDS diff --git a/fs/home/kitten/kitten_mount_dst b/fs/home/kitten/kitten_mount_dst deleted file mode 100755 index 19c7663..0000000 --- a/fs/home/kitten/kitten_mount_dst +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -e -#set -x - -if [ $# -eq 3 ]; then - if ! [ "${1}" -ge "1000" ] ; then - # avoid the risk of passing other options to mount, and enforce uid >= 1000 - echo "$1 is not a valid uid (>= 1000)" - exit 1 - fi - # uid= only works on a vfat FS. What should we do if we get an ext* FS ? - # the main problem is that we need the rw rights on the dest key. - # It is not possible to ensure it on a non-vfat USB key. - mount -t vfat -o user,noexec,nosuid,nodev,rw,uid="${1}",utf8=1 "${2}" "${3}" - exit 0 -else - echo 'Invalid number of arguments.' - exit 1 -fi diff --git a/fs/home/kitten/kitten_mount_src b/fs/home/kitten/kitten_mount_src deleted file mode 100755 index 1721084..0000000 --- a/fs/home/kitten/kitten_mount_src +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -e -#set -x - -if [ $# -eq 2 ]; then - mount -o noexec,nosuid,nodev,utf8=1 "${1}" "${2}" - # renaming autorun.inf on the source key. As it it case insensitive, we have to do the following... - ls "${2}" | grep -i autorun.inf | xargs -I {} mv "${2}"/{} "${2}"/DANGEROUS_{}_DANGEROUS || true - mount -o remount,ro "${1}" "${2}" - exit 0 -else - echo 'Invalid number of arguments.' - exit 1 -fi diff --git a/fs/home/kitten/kitten_umount b/fs/home/kitten/kitten_umount deleted file mode 100755 index b0b142d..0000000 --- a/fs/home/kitten/kitten_umount +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/bash - -set -e -#set -x - -if [ $# -eq 1 ]; then - umount $1 - exit 0 -else - echo "Invalid number of arguments." - exit 1 -fi diff --git a/fs/opt/groomer/constraint.sh b/fs/opt/groomer/constraint.sh index 2290d47..eb0022b 100644 --- a/fs/opt/groomer/constraint.sh +++ b/fs/opt/groomer/constraint.sh @@ -1,31 +1,23 @@ DEV_SRC='/dev/sda' -DEV_DST='/dev/sdb1' +DEV_DST='sdb1' # User allowed to do the following commands without password USERNAME='kitten' -HOME="/home/${USERNAME}" MUSIC="/opt/midi/" -TMP="/tmp" +ID=`/usr/bin/id -u` # Paths used in multiple scripts -SRC="${TMP}/src" -DST="${TMP}/dst" -TEMP="${DST}/temp" -ZIPTEMP="${DST}/ziptemp" -LOGS="${DST}/logs" +SRC="src" +DST="dst" +TEMP="/media/${DST}/temp" +ZIPTEMP="/media/${DST}/ziptemp" +LOGS="/media/${DST}/logs" # commands -SUDO='/usr/bin/sudo' -ID=`/usr/bin/id -u` SYNC='/bin/sync' TIMIDITY='/usr/bin/timidity' MOUNT='/bin/mount' - -# root commands. -# To avoid the risk that an attacker use -o remount on mount and other nasty -# commands, we use our own scripts to invoke mount and umount. -MOUNT_DST="${HOME}/kitten_mount_dst" -MOUNT_SRC="${HOME}/kitten_mount_src" -UMOUNT="${HOME}/kitten_umount" +PMOUNT='/usr/bin/pmount' +PUMOUNT='/usr/bin/pumount' diff --git a/fs/opt/groomer/functions.sh b/fs/opt/groomer/functions.sh index f52a31f..639d0a1 100755 --- a/fs/opt/groomer/functions.sh +++ b/fs/opt/groomer/functions.sh @@ -73,7 +73,7 @@ archive(){ rm -rf "${2}" rm -rf "${2}_temp" fi - CURRENT_SRC=${SRC} + CURRENT_SRC="/media/${SRC}" } @@ -149,7 +149,7 @@ main(){ set -x if [ -z ${2} ]; then - CURRENT_SRC=${SRC} + CURRENT_SRC="/media/${SRC}" RECURSIVE_ARCHIVE_CURRENT=0 ARCHIVE_BOMB=0 else diff --git a/fs/opt/groomer/groomer.sh b/fs/opt/groomer/groomer.sh index 4fd65eb..596d479 100755 --- a/fs/opt/groomer/groomer.sh +++ b/fs/opt/groomer/groomer.sh @@ -16,14 +16,12 @@ clean(){ ${SYNC} # Cleanup source - ${SUDO} ${UMOUNT} ${SRC} - rm -rf ${SRC} + pumount ${SRC} # Cleanup destination rm -rf ${TEMP} rm -rf ${ZIPTEMP} - ${SUDO} ${UMOUNT} ${DST} - rm -rf ${DST} + pumount ${DST} exit } @@ -43,31 +41,23 @@ if [ -z "${DEV_PARTITIONS}" ]; then fi # Do we have a destination device -if [ ! -b ${DEV_DST} ]; then - echo "Destination device (${DEV_DST}) does not exists." +if [ ! -b "/dev/${DEV_DST}" ]; then + echo "Destination device (/dev/${DEV_DST}) does not exists." exit fi -# Prepare mount points -if [ ! -d ${SRC} ]; then - mkdir ${SRC} -fi -if [ ! -d ${DST} ]; then - mkdir ${DST} -fi - # mount and prepare destination device if ${MOUNT}|grep ${DST}; then - ${SUDO} ${UMOUNT} ${DST} || true + ${PUMOUNT} ${DST} || true fi # uid= only works on a vfat FS. What should wedo if we get an ext* FS ? -${SUDO} ${MOUNT_DST} ${ID} ${DEV_DST} ${DST} +${PMOUNT} -w ${DEV_DST} ${DST} if [ ${?} -ne 0 ]; then - echo "Unable to mount ${DEV_DST} on ${DST}" + echo "Unable to mount /dev/${DEV_DST} on /media/${DST}" exit else - echo "Target USB device (${DEV_DST}) mounted at ${DST}" - rm -rf "${DST}/FROM_PARTITION_"* + echo "Target USB device (/dev/${DEV_DST}) mounted at /media/${DST}" + rm -rf "/media/${DST}/FROM_PARTITION_"* # prepare temp dirs and make sure it's empty mkdir -p "${TEMP}" @@ -87,27 +77,30 @@ do # Processing a partition echo "Processing partition: ${partition}" if [ `${MOUNT} | grep -c ${SRC}` -ne 0 ]; then - ${SUDO} ${UMOUNT} ${SRC} + ${PUMOUNT} ${SRC} fi - ${SUDO} ${MOUNT_SRC} ${partition} ${SRC} + ${PMOUNT} -w ${partition} ${SRC} + ls "/media/${SRC}" | grep -i autorun.inf | xargs -I {} mv "/media/${SRC}"/{} "/media/${SRC}"/DANGEROUS_{}_DANGEROUS || true + ${PUMOUNT} ${SRC} + ${PMOUNT} -r ${partition} ${SRC} if [ ${?} -ne 0 ]; then - echo "Unable to mount ${partition} on ${SRC}" + echo "Unable to mount ${partition} on /media/${SRC}" else - echo "${partition} mounted at ${SRC}" + echo "${partition} mounted at /media/${SRC}" # Print the filenames on the current partition in a logfile - find "${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt" + find "/media/${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt" # create a directory on ${DST} named PARTION_$PARTCOUNT - target_dir="${DST}/FROM_PARTITION_${PARTCOUNT}" + target_dir="/media/${DST}/FROM_PARTITION_${PARTCOUNT}" echo "copying to: ${target_dir}" mkdir -p "${target_dir}" LOGFILE="${LOGS}/processing.txt" - echo "==== Starting processing of ${SRC} to ${target_dir}. ====" >> ${LOGFILE} + echo "==== Starting processing of /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE} main ${target_dir} || true - echo "==== Done with ${SRC} to ${target_dir}. ====" >> ${LOGFILE} + echo "==== Done with /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE} ls -lR "${target_dir}" fi diff --git a/prepare_rPI.sh b/prepare_rPI.sh index 1053c56..e408bfd 100755 --- a/prepare_rPI.sh +++ b/prepare_rPI.sh @@ -3,14 +3,15 @@ # change locales to en_US.UTF-8 dpkg-reconfigure locales - +sed -i "s/wheezy/jessie/" /etc/apt/sources.list apt-get update apt-get dist-upgrade apt-get autoremove -apt-get install libreoffice p7zip-full libfontforge1 timidity freepats -dpkg -i --ignore-depends=libpoppler27 pdf2htmlex*.deb +apt-get install libreoffice p7zip-full libfontforge1 timidity freepats pmount +dpkg -i pdf2htmlex*.deb # Make Libreoffice usable on a RO filesystem +useradd -m kitten pushd /home/kitten ln -s /tmp/libreoffice popd @@ -21,3 +22,6 @@ ln -s /proc/mounts /etc/mtab # Disable swap dphys-swapfile uninstall + +# enable rc.local +systemctl enable rc-local.service