#!/bin/sh DEVICE=vnd0 MOUNTPOINT=/mnt/fw # depends on the hardware sdX for SCSI and wd0 for flashes/IDE/PATA # (also adapt in template/etc/fstab for instance) ROOT=sd0 if test X$1 = X"-h"; then print "Usage: build.sh [ [ ] ]" print " the default for is " print " the default for is 'firewall-test'" exit 0 fi if test X$1 = X""; then HOSTNAME=firewall-test else HOSTNAME=$1 fi if test X$2 = X""; then HARDWARE_FILE=hardware/$HOSTNAME/flash_params else HARDWARE_FILE=hardware/$2/flash_params fi . $HARDWARE_FILE IMAGE_FILE=$HOSTNAME.img nof_sectors=`expr $SECTORS_PER_TRACK \* $TRACKS_PER_CYLINDER \* $CYLINDERS` echo "Using the following disk geometry:" echo "Bytes/sector: $BYTES_PER_SECTOR" echo "Sectors/track: $SECTORS_PER_TRACK" echo "Tracks/cylinder: $TRACKS_PER_CYLINDER" echo "Sectors/cylinder: $SECTORS_PER_CYLINDER" echo "Cylinders: $CYLINDERS" echo "Offset: $OFFSET" echo "Number of sectors: $nof_sectors" echo "Clean up from previous invocations." umount $MOUNTPOINT vnconfig -u $DEVICE rm -f $IMAGE_FILE echo "Using image $IMAGE_FILE as virtual device $DEVICE with $nof_sectors a $BYTES_PER_SECTOR bytes per sector." dd if=/dev/zero of=$IMAGE_FILE bs=$BYTES_PER_SECTOR count=$nof_sectors vnconfig $DEVICE $IMAGE_FILE vnconfig -l echo "Installing MBR and creating PC partition table." fdisk -c $CYLINDERS -h $TRACKS_PER_CYLINDER -s $SECTORS_PER_TRACK -f /usr/mdec/mbr -e $DEVICE < /tmp/disklabel.$$ < $MOUNTPOINT/etc/rc # depending on the existence of some config files for the specific build # we copy the configuration and the binaries (and scripts) to the flash # only if necessary echo "Installing optional specific configuration for $HOSTNAME." # when running a DHCP client for an uplink if test -f config/$HOSTNAME/dhclient.conf; then cp -R config/$HOSTNAME/dhclient.conf $MOUNTPOINT/etc/. cp -R /sbin/dhclient $MOUNTPOINT/sbin/. fi if test -f config/$HOSTNAME/dhcpleased.conf; then cp -R config/$HOSTNAME/dhcpleased.conf $MOUNTPOINT/etc/. cp -R /sbin/dhcpleased $MOUNTPOINT/sbin/. cp -R /usr/sbin/dhcpleasectl $MOUNTPOINT/sbin/. fi # when running a DHCP server for the local network if test -f config/$HOSTNAME/dhcpd.conf; then cp -R config/$HOSTNAME/dhcpd.conf $MOUNTPOINT/etc/. cp -R /usr/sbin/dhcpd $MOUNTPOINT/usr/sbin/. cp -R template/usr/sbin/restart_dhcpd $MOUNTPOINT/usr/sbin/. fi # synchronizing time is always a good idea if test -f config/$HOSTNAME/ntpd.conf; then mkdir $MOUNTPOINT/etc/ssl cp -R /etc/ssl/cert.pem $MOUNTPOINT/etc/ssl/. cp -R config/$HOSTNAME/ntpd.conf $MOUNTPOINT/etc/. cp -R /usr/sbin/ntpctl $MOUNTPOINT/usr/sbin/. cp -R /usr/sbin/ntpd $MOUNTPOINT/usr/sbin/. fi # when we want joe instead of vi (I do) if test -d config/$HOSTNAME/joe/; then cp -R config/$HOSTNAME/joe $MOUNTPOINT/etc/. cp -R /usr/local/bin/joe $MOUNTPOINT/usr/bin/jstar fi # when we run an authorative name server for local DNS spoofing, # split horizon entries and we don't like to stuff data from # zone files into unbound's configuration as local data if test -d config/$HOSTNAME/nsd-internal/; then cp -R config/$HOSTNAME/nsd-internal $MOUNTPOINT/etc/. cp -R /usr/sbin/nsd $MOUNTPOINT/usr/sbin/. cp -R /usr/sbin/nsd-{checkconf,checkzone,control,control-setup} $MOUNTPOINT/usr/sbin/. nsd-control-setup -d $MOUNTPOINT/etc/nsd-internal/etc cp -R template/usr/sbin/restart_dns $MOUNTPOINT/usr/sbin/. fi # when we run an authorative name server for public zones (in this # case one DNS master and buddyns as public slaves) if test -d config/$HOSTNAME/nsd-external/; then cp -R config/$HOSTNAME/nsd-external $MOUNTPOINT/etc/. cp -R /usr/sbin/nsd $MOUNTPOINT/usr/sbin/. cp -R /usr/sbin/nsd-{checkconf,checkzone,control,control-setup} $MOUNTPOINT/usr/sbin/. nsd-control-setup -d $MOUNTPOINT/etc/nsd-external/etc cp -R template/usr/sbin/restart_dns $MOUNTPOINT/usr/sbin/. fi # when we run a DNS resolver if test -d config/$HOSTNAME/unbound/; then cp -R config/$HOSTNAME/unbound $MOUNTPOINT/etc/. wget ftp://FTP.INTERNIC.NET/domain/named.cache -O config/$HOSTNAME/unbound/etc/root.hints cp -R /usr/sbin/unbound $MOUNTPOINT/usr/sbin/. cp -R /usr/sbin/unbound-{checkconf,control-setup,anchor,control,host} $MOUNTPOINT/usr/sbin/. unbound-control-setup -d $MOUNTPOINT/etc/unbound/etc cp -R template/usr/sbin/restart_dns $MOUNTPOINT/usr/sbin/. fi # when we run a relayer if test -f config/$HOSTNAME/relayd.conf; then cp -R config/$HOSTNAME/relayd.conf $MOUNTPOINT/etc/. cp -R /usr/sbin/relayd $MOUNTPOINT/usr/sbin/. cp -R /usr/sbin/relayctl $MOUNTPOINT/usr/sbin/. fi # autodetect shared libraries needed for all the binaries installed before, then # copy them to the flash echo "Installing required shared libraries." for i in `ldd $MOUNTPOINT/{bin,sbin,usr/bin,usr/sbin}/* 2>/dev/null | grep /usr/lib | tr -s ' ' '\t' | cut -f 8 | sort | uniq`; do cp -R $i $MOUNTPOINT/usr/lib/. done rm $MOUNTPOINT/usr/lib/ld.so echo "Generating databases." # TODO: encrypt: changer master.passwd root password pwd_mkdb -p -d $MOUNTPOINT/etc/ $MOUNTPOINT/etc/master.passwd echo "Generating SSH keys." ssh-keygen -b 2048 -t rsa -f $MOUNTPOINT/etc/ssh/ssh_host_rsa_key -N '' chmod 400 $MOUNTPOINT/etc/ssh/ssh_host_rsa_key echo "Cleaning up." find $MOUNTPOINT -name .gitkeep -exec rm {} \; sync sleep 2 umount $MOUNTPOINT vnconfig -u $DEVICE rm -f /tmp/disklabel.$$ echo "Done." exit 0