mirror of https://github.com/CIRCL/Circlean
parent
a6b029b6ad
commit
fa87f0deba
|
@ -2,4 +2,5 @@ proc /proc proc defaults 0 0
|
||||||
/dev/mmcblk0p1 /boot vfat ro,defaults 0 0
|
/dev/mmcblk0p1 /boot vfat ro,defaults 0 0
|
||||||
/dev/mmcblk0p2 / ext4 ro,defaults,noatime 0 0
|
/dev/mmcblk0p2 / ext4 ro,defaults,noatime 0 0
|
||||||
tmpfs /tmp tmpfs rw,size=64M,noexec,nodev,nosuid,mode=1777 0 0
|
tmpfs /tmp tmpfs rw,size=64M,noexec,nodev,nosuid,mode=1777 0 0
|
||||||
|
tmpfs /media tmpfs rw,size=64M,noexec,nodev,nosuid,mode=1777 0 0
|
||||||
# a swapfile is not a swap partition, so no using swapon|off from here on, use dphys-swapfile swap[on|off] for that
|
# a swapfile is not a swap partition, so no using swapon|off from here on, use dphys-swapfile swap[on|off] for that
|
||||||
|
|
|
@ -26,5 +26,3 @@ Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/b
|
||||||
|
|
||||||
#includedir /etc/sudoers.d
|
#includedir /etc/sudoers.d
|
||||||
#pi ALL=(ALL) NOPASSWD: ALL
|
#pi ALL=(ALL) NOPASSWD: ALL
|
||||||
Cmnd_Alias GROOMER_CMDS = /home/kitten/kitten_mount_src, /home/kitten/kitten_mount_dst, /home/kitten/kitten_umount
|
|
||||||
kitten ALL = NOPASSWD: GROOMER_CMDS
|
|
||||||
|
|
|
@ -1,20 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
if [ $# -eq 3 ]; then
|
|
||||||
if ! [ "${1}" -ge "1000" ] ; then
|
|
||||||
# avoid the risk of passing other options to mount, and enforce uid >= 1000
|
|
||||||
echo "$1 is not a valid uid (>= 1000)"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
# uid= only works on a vfat FS. What should we do if we get an ext* FS ?
|
|
||||||
# the main problem is that we need the rw rights on the dest key.
|
|
||||||
# It is not possible to ensure it on a non-vfat USB key.
|
|
||||||
mount -t vfat -o user,noexec,nosuid,nodev,rw,uid="${1}",utf8=1 "${2}" "${3}"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
echo 'Invalid number of arguments.'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -1,15 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
if [ $# -eq 2 ]; then
|
|
||||||
mount -o noexec,nosuid,nodev,utf8=1 "${1}" "${2}"
|
|
||||||
# renaming autorun.inf on the source key. As it it case insensitive, we have to do the following...
|
|
||||||
ls "${2}" | grep -i autorun.inf | xargs -I {} mv "${2}"/{} "${2}"/DANGEROUS_{}_DANGEROUS || true
|
|
||||||
mount -o remount,ro "${1}" "${2}"
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
echo 'Invalid number of arguments.'
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -1,12 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -e
|
|
||||||
#set -x
|
|
||||||
|
|
||||||
if [ $# -eq 1 ]; then
|
|
||||||
umount $1
|
|
||||||
exit 0
|
|
||||||
else
|
|
||||||
echo "Invalid number of arguments."
|
|
||||||
exit 1
|
|
||||||
fi
|
|
|
@ -1,31 +1,23 @@
|
||||||
DEV_SRC='/dev/sda'
|
DEV_SRC='/dev/sda'
|
||||||
DEV_DST='/dev/sdb1'
|
DEV_DST='sdb1'
|
||||||
|
|
||||||
# User allowed to do the following commands without password
|
# User allowed to do the following commands without password
|
||||||
USERNAME='kitten'
|
USERNAME='kitten'
|
||||||
HOME="/home/${USERNAME}"
|
|
||||||
MUSIC="/opt/midi/"
|
MUSIC="/opt/midi/"
|
||||||
|
|
||||||
TMP="/tmp"
|
ID=`/usr/bin/id -u`
|
||||||
|
|
||||||
# Paths used in multiple scripts
|
# Paths used in multiple scripts
|
||||||
SRC="${TMP}/src"
|
SRC="src"
|
||||||
DST="${TMP}/dst"
|
DST="dst"
|
||||||
TEMP="${DST}/temp"
|
TEMP="/media/${DST}/temp"
|
||||||
ZIPTEMP="${DST}/ziptemp"
|
ZIPTEMP="/media/${DST}/ziptemp"
|
||||||
LOGS="${DST}/logs"
|
LOGS="/media/${DST}/logs"
|
||||||
|
|
||||||
|
|
||||||
# commands
|
# commands
|
||||||
SUDO='/usr/bin/sudo'
|
|
||||||
ID=`/usr/bin/id -u`
|
|
||||||
SYNC='/bin/sync'
|
SYNC='/bin/sync'
|
||||||
TIMIDITY='/usr/bin/timidity'
|
TIMIDITY='/usr/bin/timidity'
|
||||||
MOUNT='/bin/mount'
|
MOUNT='/bin/mount'
|
||||||
|
PMOUNT='/usr/bin/pmount'
|
||||||
# root commands.
|
PUMOUNT='/usr/bin/pumount'
|
||||||
# To avoid the risk that an attacker use -o remount on mount and other nasty
|
|
||||||
# commands, we use our own scripts to invoke mount and umount.
|
|
||||||
MOUNT_DST="${HOME}/kitten_mount_dst"
|
|
||||||
MOUNT_SRC="${HOME}/kitten_mount_src"
|
|
||||||
UMOUNT="${HOME}/kitten_umount"
|
|
||||||
|
|
|
@ -73,7 +73,7 @@ archive(){
|
||||||
rm -rf "${2}"
|
rm -rf "${2}"
|
||||||
rm -rf "${2}_temp"
|
rm -rf "${2}_temp"
|
||||||
fi
|
fi
|
||||||
CURRENT_SRC=${SRC}
|
CURRENT_SRC="/media/${SRC}"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -149,7 +149,7 @@ main(){
|
||||||
set -x
|
set -x
|
||||||
|
|
||||||
if [ -z ${2} ]; then
|
if [ -z ${2} ]; then
|
||||||
CURRENT_SRC=${SRC}
|
CURRENT_SRC="/media/${SRC}"
|
||||||
RECURSIVE_ARCHIVE_CURRENT=0
|
RECURSIVE_ARCHIVE_CURRENT=0
|
||||||
ARCHIVE_BOMB=0
|
ARCHIVE_BOMB=0
|
||||||
else
|
else
|
||||||
|
|
|
@ -16,14 +16,12 @@ clean(){
|
||||||
${SYNC}
|
${SYNC}
|
||||||
|
|
||||||
# Cleanup source
|
# Cleanup source
|
||||||
${SUDO} ${UMOUNT} ${SRC}
|
pumount ${SRC}
|
||||||
rm -rf ${SRC}
|
|
||||||
|
|
||||||
# Cleanup destination
|
# Cleanup destination
|
||||||
rm -rf ${TEMP}
|
rm -rf ${TEMP}
|
||||||
rm -rf ${ZIPTEMP}
|
rm -rf ${ZIPTEMP}
|
||||||
${SUDO} ${UMOUNT} ${DST}
|
pumount ${DST}
|
||||||
rm -rf ${DST}
|
|
||||||
|
|
||||||
exit
|
exit
|
||||||
}
|
}
|
||||||
|
@ -43,31 +41,23 @@ if [ -z "${DEV_PARTITIONS}" ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Do we have a destination device
|
# Do we have a destination device
|
||||||
if [ ! -b ${DEV_DST} ]; then
|
if [ ! -b "/dev/${DEV_DST}" ]; then
|
||||||
echo "Destination device (${DEV_DST}) does not exists."
|
echo "Destination device (/dev/${DEV_DST}) does not exists."
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Prepare mount points
|
|
||||||
if [ ! -d ${SRC} ]; then
|
|
||||||
mkdir ${SRC}
|
|
||||||
fi
|
|
||||||
if [ ! -d ${DST} ]; then
|
|
||||||
mkdir ${DST}
|
|
||||||
fi
|
|
||||||
|
|
||||||
# mount and prepare destination device
|
# mount and prepare destination device
|
||||||
if ${MOUNT}|grep ${DST}; then
|
if ${MOUNT}|grep ${DST}; then
|
||||||
${SUDO} ${UMOUNT} ${DST} || true
|
${PUMOUNT} ${DST} || true
|
||||||
fi
|
fi
|
||||||
# uid= only works on a vfat FS. What should wedo if we get an ext* FS ?
|
# uid= only works on a vfat FS. What should wedo if we get an ext* FS ?
|
||||||
${SUDO} ${MOUNT_DST} ${ID} ${DEV_DST} ${DST}
|
${PMOUNT} -w ${DEV_DST} ${DST}
|
||||||
if [ ${?} -ne 0 ]; then
|
if [ ${?} -ne 0 ]; then
|
||||||
echo "Unable to mount ${DEV_DST} on ${DST}"
|
echo "Unable to mount /dev/${DEV_DST} on /media/${DST}"
|
||||||
exit
|
exit
|
||||||
else
|
else
|
||||||
echo "Target USB device (${DEV_DST}) mounted at ${DST}"
|
echo "Target USB device (/dev/${DEV_DST}) mounted at /media/${DST}"
|
||||||
rm -rf "${DST}/FROM_PARTITION_"*
|
rm -rf "/media/${DST}/FROM_PARTITION_"*
|
||||||
|
|
||||||
# prepare temp dirs and make sure it's empty
|
# prepare temp dirs and make sure it's empty
|
||||||
mkdir -p "${TEMP}"
|
mkdir -p "${TEMP}"
|
||||||
|
@ -87,27 +77,30 @@ do
|
||||||
# Processing a partition
|
# Processing a partition
|
||||||
echo "Processing partition: ${partition}"
|
echo "Processing partition: ${partition}"
|
||||||
if [ `${MOUNT} | grep -c ${SRC}` -ne 0 ]; then
|
if [ `${MOUNT} | grep -c ${SRC}` -ne 0 ]; then
|
||||||
${SUDO} ${UMOUNT} ${SRC}
|
${PUMOUNT} ${SRC}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
${SUDO} ${MOUNT_SRC} ${partition} ${SRC}
|
${PMOUNT} -w ${partition} ${SRC}
|
||||||
|
ls "/media/${SRC}" | grep -i autorun.inf | xargs -I {} mv "/media/${SRC}"/{} "/media/${SRC}"/DANGEROUS_{}_DANGEROUS || true
|
||||||
|
${PUMOUNT} ${SRC}
|
||||||
|
${PMOUNT} -r ${partition} ${SRC}
|
||||||
if [ ${?} -ne 0 ]; then
|
if [ ${?} -ne 0 ]; then
|
||||||
echo "Unable to mount ${partition} on ${SRC}"
|
echo "Unable to mount ${partition} on /media/${SRC}"
|
||||||
else
|
else
|
||||||
echo "${partition} mounted at ${SRC}"
|
echo "${partition} mounted at /media/${SRC}"
|
||||||
|
|
||||||
# Print the filenames on the current partition in a logfile
|
# Print the filenames on the current partition in a logfile
|
||||||
find "${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt"
|
find "/media/${SRC}" -fls "${LOGS}/Content_partition_${PARTCOUNT}.txt"
|
||||||
|
|
||||||
# create a directory on ${DST} named PARTION_$PARTCOUNT
|
# create a directory on ${DST} named PARTION_$PARTCOUNT
|
||||||
target_dir="${DST}/FROM_PARTITION_${PARTCOUNT}"
|
target_dir="/media/${DST}/FROM_PARTITION_${PARTCOUNT}"
|
||||||
echo "copying to: ${target_dir}"
|
echo "copying to: ${target_dir}"
|
||||||
mkdir -p "${target_dir}"
|
mkdir -p "${target_dir}"
|
||||||
LOGFILE="${LOGS}/processing.txt"
|
LOGFILE="${LOGS}/processing.txt"
|
||||||
|
|
||||||
echo "==== Starting processing of ${SRC} to ${target_dir}. ====" >> ${LOGFILE}
|
echo "==== Starting processing of /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE}
|
||||||
main ${target_dir} || true
|
main ${target_dir} || true
|
||||||
echo "==== Done with ${SRC} to ${target_dir}. ====" >> ${LOGFILE}
|
echo "==== Done with /media/${SRC} to ${target_dir}. ====" >> ${LOGFILE}
|
||||||
|
|
||||||
ls -lR "${target_dir}"
|
ls -lR "${target_dir}"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -3,14 +3,15 @@
|
||||||
# change locales to en_US.UTF-8
|
# change locales to en_US.UTF-8
|
||||||
dpkg-reconfigure locales
|
dpkg-reconfigure locales
|
||||||
|
|
||||||
|
sed -i "s/wheezy/jessie/" /etc/apt/sources.list
|
||||||
apt-get update
|
apt-get update
|
||||||
apt-get dist-upgrade
|
apt-get dist-upgrade
|
||||||
apt-get autoremove
|
apt-get autoremove
|
||||||
apt-get install libreoffice p7zip-full libfontforge1 timidity freepats
|
apt-get install libreoffice p7zip-full libfontforge1 timidity freepats pmount
|
||||||
dpkg -i --ignore-depends=libpoppler27 pdf2htmlex*.deb
|
dpkg -i pdf2htmlex*.deb
|
||||||
|
|
||||||
# Make Libreoffice usable on a RO filesystem
|
# Make Libreoffice usable on a RO filesystem
|
||||||
|
useradd -m kitten
|
||||||
pushd /home/kitten
|
pushd /home/kitten
|
||||||
ln -s /tmp/libreoffice
|
ln -s /tmp/libreoffice
|
||||||
popd
|
popd
|
||||||
|
@ -21,3 +22,6 @@ ln -s /proc/mounts /etc/mtab
|
||||||
|
|
||||||
# Disable swap
|
# Disable swap
|
||||||
dphys-swapfile uninstall
|
dphys-swapfile uninstall
|
||||||
|
|
||||||
|
# enable rc.local
|
||||||
|
systemctl enable rc-local.service
|
||||||
|
|
Loading…
Reference in New Issue