diff options
author | Charlie Root <root@eurobsd.lan> | 2015-02-20 11:23:19 +0100 |
---|---|---|
committer | Charlie Root <root@eurobsd.lan> | 2015-02-20 11:23:19 +0100 |
commit | c58f9900c95794277376bdcd5d21c242b79d2061 (patch) | |
tree | 7d31ed2a2aef3c2a7bf5acdc15f59e5704fd9d69 /build.sh | |
download | OpenBSD-firewall-c58f9900c95794277376bdcd5d21c242b79d2061.tar.gz OpenBSD-firewall-c58f9900c95794277376bdcd5d21c242b79d2061.tar.bz2 |
imported initial version
Diffstat (limited to 'build.sh')
-rwxr-xr-x | build.sh | 323 |
1 files changed, 323 insertions, 0 deletions
diff --git a/build.sh b/build.sh new file mode 100755 index 0000000..6ce3708 --- /dev/null +++ b/build.sh @@ -0,0 +1,323 @@ +#!/bin/sh + +DEVICE=vnd0 +MOUNTPOINT=/mnt/fw + +if test X$1 = X"-h"; then + print "Usage: build.sh [ <machine> [ <flash layout> ] ]" + print " the default for <flash layout> is <machine>" + print " the default for <machine> is 'firewall-test'" + exit 0 +fi + +if test X$1 = X""; then + HOSTNAME=firewall-test +else + HOSTNAME=$1 +fi + +if test X$2 = X""; then + HARDWARE_FILE=hardware/$HOSTNAME/flash_params +else + HARDWARE_FILE=hardware/$2/flash_params +fi + +. $HARDWARE_FILE + +IMAGE_FILE=$HOSTNAME.img + +nof_sectors=`expr $SECTORS_PER_TRACK \* $TRACKS_PER_CYLINDER \* $CYLINDERS` + +echo "Using the following disk geometry:" +echo "Bytes/sector: $BYTES_PER_SECTOR" +echo "Sectors/track: $SECTORS_PER_TRACK" +echo "Tracks/cylinder: $TRACKS_PER_CYLINDER" +echo "Sectors/cylinder: $SECTORES_PER_CYLINDER" +echo "Cylinders: $CYLINDERS" +echo "Number of sectors: $nof_sectors" + +echo "Clean up from previous invocations." + +umount $MOUNTPOINT +vnconfig -u $DEVICE +rm -f $IMAGE_FILE + +echo "Using image $IMAGE_FILE as virtual device $DEVICE with $nof_sectors a $BYTES_PER_SECTOR bytes per sector." + +dd if=/dev/zero of=$IMAGE_FILE bs=$BYTES_PER_SECTOR count=$nof_sectors + +vnconfig -c $DEVICE $IMAGE_FILE +vnconfig -l + +echo "Installing MBR and creating PC partition table." + +fdisk -c $CYLINDERS -h $TRACKS_PER_CYLINDER -s $SECTORS_PER_TRACK -f /usr/mdec/mbr -e $DEVICE <<EOF +reinit +update +write +quit +EOF + +echo "Setting up BSD disklabel." + +# leave first cylinder empty for MBR and boot code +astart=`expr $SECTORS_PER_TRACK` +asize=`expr $nof_sectors - $SECTORS_PER_TRACK` + +cat > /tmp/disklabel.$$ <<EOF +type: ESDI +label: root +bytes/sector: $BYTES_PER_SECTOR +sectors/track: $SECTORS_PER_TRACK +tracks/cylinder: $TRACKS_PER_CYLINDER +sectors/cylinder: $SECTORES_PER_CYLINDER +cylinders: $CYLINDERS +total sectors: $nof_sectors + + a: $asize $astart 4.2BSD 1024 8192 16 + c: 120960 0 unused +EOF + +disklabel -R $DEVICE /tmp/disklabel.$$ + +echo "Making file system." + +newfs -S $BYTES_PER_SECTOR /dev/r${DEVICE}a + +mkdir $MOUNTPOINT +mount -o async /dev/${DEVICE}a $MOUNTPOINT + +echo "Installing boot blocks." + +# Blocks are written to the boot code and are used for bootstrapping +# Don't move the file after calling 'installboot' or call 'installboot' again. + +cp -R /usr/mdec/boot $MOUNTPOINT/ +installboot -v -r $MOUNTPOINT -v $DEVICE /usr/mdec/biosboot /boot + +# eventually build a custom kernel first. Not for space reasons, but +# maybe security (security patches) + +cp -R /bsd $MOUNTPOINT/ + +echo "Creating directory structure." + +mkdir $MOUNTPOINT/{bin,etc,sbin,dev,usr,usr/libexec,usr/libexec/auth,usr/sbin,usr/bin,usr/lib,usr/share,usr/share/misc,root,etc/ssh} +chmod 0755 $MOUNTPOINT/{bin,etc,sbin,dev,usr,usr/libexec,usr/libexec/auth,usr/sbin,usr/bin,usr/lib,etc/ssh} +chmod 0700 $MOUNTPOINT/root + +mkdir $MOUNTPOINT/tmp +chmod 0777 $MOUNTPOINT/tmp +chmod +t $MOUNTPOINT/tmp + +echo "Populating /dev filesystem with minimal set up startup devices." + +cp -R /dev/MAKEDEV $MOUNTPOINT/dev/. +( cd $MOUNTPOINT/dev && ./MAKEDEV std wd0 random crypto pf bpf ttyC0 tty00 ) + +echo "Installing files." + +cp -R /sbin/init $MOUNTPOINT/sbin/. +cp -R /bin/cat $MOUNTPOINT/bin/. +cp -R /bin/chgrp $MOUNTPOINT/bin/. +cp -R /bin/chmod $MOUNTPOINT/bin/. +cp -R /bin/cp $MOUNTPOINT/bin/. +cp -R /bin/date $MOUNTPOINT/bin/. +cp -R /bin/df $MOUNTPOINT/bin/. +cp -R /bin/domainname $MOUNTPOINT/bin/. +cp -R /bin/echo $MOUNTPOINT/bin/. +cp -R /bin/expr $MOUNTPOINT/bin/. +cp -R /bin/hostname $MOUNTPOINT/bin/. +cp -R /bin/kill $MOUNTPOINT/bin/. +cp -R /bin/ksh $MOUNTPOINT/bin/. +cp -R /bin/ln $MOUNTPOINT/bin/. +cp -R /bin/ls $MOUNTPOINT/bin/. +cp -R /bin/mkdir $MOUNTPOINT/bin/. +cp -R /bin/mv $MOUNTPOINT/bin/. +cp -R /bin/ps $MOUNTPOINT/bin/. +cp -R /bin/pwd $MOUNTPOINT/bin/. +cp -R /bin/rm $MOUNTPOINT/bin/. +cp -R /bin/rmdir $MOUNTPOINT/bin/. +cp -R /bin/sh $MOUNTPOINT/bin/. +cp -R /bin/sleep $MOUNTPOINT/bin/. +cp -R /bin/stty $MOUNTPOINT/bin/. +cp -R /bin/sync $MOUNTPOINT/bin/. +cp -R /bin/systrace $MOUNTPOINT/bin/. +cp -R /bin/tar $MOUNTPOINT/bin/. +cp -R /bin/test $MOUNTPOINT/bin/. + +cp -R /sbin/chown $MOUNTPOINT/sbin/. +cp -R /sbin/dhclient $MOUNTPOINT/sbin/. +cp -R /sbin/dmesg $MOUNTPOINT/sbin/. +cp -R /sbin/fsck $MOUNTPOINT/sbin/. +cp -R /sbin/fsck_ffs $MOUNTPOINT/sbin/. +cp -R /sbin/halt $MOUNTPOINT/sbin/. +cp -R /sbin/ifconfig $MOUNTPOINT/sbin/. +cp -R /sbin/init $MOUNTPOINT/sbin/. +cp -R /sbin/ldconfig $MOUNTPOINT/sbin/. +cp -R /sbin/mkfifo $MOUNTPOINT/sbin/. +cp -R /sbin/mknod $MOUNTPOINT/sbin/. +cp -R /sbin/mount $MOUNTPOINT/sbin/. +cp -R /sbin/mount_ffs $MOUNTPOINT/sbin/. +cp -R /sbin/mount_mfs $MOUNTPOINT/sbin/. +cp -R /sbin/mount_tmpfs $MOUNTPOINT/sbin/. +cp -R /sbin/newfs $MOUNTPOINT/sbin/. +cp -R /sbin/nologin $MOUNTPOINT/sbin/. +cp -R /sbin/pfctl $MOUNTPOINT/sbin/. +cp -R /sbin/pflogd $MOUNTPOINT/sbin/. +cp -R /sbin/ping $MOUNTPOINT/sbin/. +cp -R /sbin/reboot $MOUNTPOINT/sbin/. +cp -R /sbin/route $MOUNTPOINT/sbin/. +cp -R /sbin/scan_ffs $MOUNTPOINT/sbin/. +cp -R /sbin/shutdown $MOUNTPOINT/sbin/. +cp -R /sbin/sysctl $MOUNTPOINT/sbin/. +cp -R /sbin/umount $MOUNTPOINT/sbin/. + +# dynamic binaries from here, find libraries and copy them too + +cp -R /usr/libexec/getty $MOUNTPOINT/usr/libexec +cp -R /usr/libexec/ld.so $MOUNTPOINT/usr/libexec + +cp -R /usr/sbin/arp $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/bgpctl $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/bgpd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/cron $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/dev_mkdb $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/dhcrelay $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/dig $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/ftp-proxy $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/ntpctl $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/ntpd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/ospfctl $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/ospfd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/pwd_mkdb $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/rdate $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/sensorsd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/snmpctl $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/snmpd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/sshd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/syslogc $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/syslogd $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/tcpdump $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/tftp-proxy $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/traceroute $MOUNTPOINT/usr/sbin/. +cp -R /usr/sbin/vipw $MOUNTPOINT/usr/sbin/. + +cp -R /usr/bin/crontab $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/du $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/grep $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/gzip $MOUNTPOINT/usr/bin/. +# handy for debugging +#cp -R /usr/bin/ldd $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/less $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/logger $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/login $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/more $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/netstat $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/newsyslog $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/passwd $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/pkill $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/scp $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/sed $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/sort $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/ssh $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/ssh-add $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/ssh-agent $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/ssh-keygen $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/tail $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/telnet $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/top $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/touch $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/uname $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/uniq $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/uptime $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/vi $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/wall $MOUNTPOINT/usr/bin/. +cp -R /usr/bin/zcat $MOUNTPOINT/usr/bin/. + +# copy libraries + +echo "Installing shared libraries." + +for i in `ldd $MOUNTPOINT/{bin,sbin,usr/bin,usr/sbin}/* 2>/dev/null | grep /usr/lib | tr -s ' ' '\t' | cut -f 8 | sort | uniq`; do + echo $i + cp -R $i $MOUNTPOINT/usr/lib/. +done +rm $MOUNTPOINT/usr/lib/ld.so + +echo "Installing additional files." + +# authentication plugins (needed for logging into the machine) + +cp -R /usr/libexec/auth/login_crypto $MOUNTPOINT/usr/libexec/auth/. +cp -R /usr/libexec/auth/login_lchpass $MOUNTPOINT/usr/libexec/auth/. +cp -R /usr/libexec/auth/login_passwd $MOUNTPOINT/usr/libexec/auth/. +cp -R /usr/libexec/auth/login_reject $MOUNTPOINT/usr/libexec/auth/. +cp -R /usr/libexec/auth/login_skey $MOUNTPOINT/usr/libexec/auth/. + +# symlinking /var to /tmp/var (tmp is a MFS) + +ln -s /tmp/var $MOUNTPOINT/var + +cp -R /usr/share/misc/terminfo.db $MOUNTPOINT/usr/share/misc/. + +echo "Installing common configuration." + +cp -R template/etc/boot.conf $MOUNTPOINT/etc/. +cp -R template/etc/fstab $MOUNTPOINT/etc/. +cp -R template/etc/login.conf $MOUNTPOINT/etc/. +cp -R template/etc/protocols $MOUNTPOINT/etc/. +cp -R template/etc/services $MOUNTPOINT/etc/. +cp -R template/etc/passwd $MOUNTPOINT/etc/. +cp -R template/etc/group $MOUNTPOINT/etc/. +cp -R template/etc/master.passwd $MOUNTPOINT/etc/. +cp -R template/etc/gettytab $MOUNTPOINT/etc/. +cp -R template/etc/ttys $MOUNTPOINT/etc/. +cp -R template/etc/pf.os $MOUNTPOINT/etc/. +cp -R template/etc/syslog.conf $MOUNTPOINT/etc/. +cp -R template/etc/resolv.conf $MOUNTPOINT/etc/. +cp -R template/etc/ntpd.conf $MOUNTPOINT/etc/. +cp -R template/etc/dhclient.conf $MOUNTPOINT/etc/. +cp -R template/etc/tabs $MOUNTPOINT/etc/. +chmod 0600 $MOUNTPOINT/etc/tabs/* +cp -R template/etc/newsyslog.conf $MOUNTPOINT/etc/. +cp -R template/etc/ssh/sshd_config $MOUNTPOINT/etc/ssh/. +cp -R template/etc/moduli $MOUNTPOINT/etc/. +cp -R /usr/share/zoneinfo/Europe/Zurich $MOUNTPOINT/etc/localtime + +cp -R template/root/.profile $MOUNTPOINT/root/. + +echo "Installing specific configuration for $HOSTNAME." + +cp -R config/$HOSTNAME/hosts $MOUNTPOINT/etc/. +cp -R config/$HOSTNAME/networks $MOUNTPOINT/etc/. +cp -R config/$HOSTNAME/pf.conf $MOUNTPOINT/etc/. +m4 -DHOSTNAME=$HOSTNAME template/etc/rc > $MOUNTPOINT/etc/rc +if test -f config/$HOSTNAME/dhcpd.conf; then + cp -R config/$HOSTNAME/dhcpd.conf $MOUNTPOINT/etc/. +fi + +echo "Generating databases." + +# TODO: encrypt: changer master.passwd root password +pwd_mkdb -p -d $MOUNTPOINT/etc/ $MOUNTPOINT/etc/master.passwd + +echo "Generating SSH keys." + +ssh-keygen -b 2048 -t rsa -f $MOUNTPOINT/etc/ssh/ssh_host_rsa_key -N '' +chmod 400 $MOUNTPOINT/etc/ssh/ssh_host_rsa_key + +echo "Installing specific configuration." + +echo "Cleaning up." + +sync +umount $MOUNTPOINT + +rm -f /tmp/disklabel.$$ + +echo "Done." + +exit 0 + + |