On 08/17/2015 10:14 PM, Sunil Mohan Adapa wrote: [...] > Avahi service files from directory avahi-services seem to be installed > incorrectly. According to the man page, avahi-daemon reads service files from > /etc/avahi/services/*.service . However, freedombox-setup seems to install the > files as /etc/avahi/service/avahi-services/*.service > > I have not confirmed that this is indeed a bug that is causing the intended > function to not work correctly.
The attached patchset fixes the problem. In addition it also moves various configurations into files properly instead of outputting them during setup process. The advantage of this approach is that we can upgrade these files properly during an upgrade to the next version. Remove freedombox-setup also removes all these files properly. Tests performed on a full build image: - Avahi services should get installed in /etc/avahi/services/*.service - Apache configuration should be /etc/apache2/conf-available/freedombox.conf -- Should be enabled by default -- Plinth should work - /etc/sysctl.d/freedombox.conf should exist and kernel parameters should be set - /usr/share/lxc/templates/lxc-debian-freedombox should exist - For /usr/share/pam-configs/access-freedombox and /usr/share/pam-configs/mkhomedir-freedombox -- Contents should be proper -- /etc/pam.d/common-session should have pam_mkhomedir -- /etc/pam.d/common-account should have pam_access -- (admin) root fbx should be able to login -- Others should not be able to login -- On login home directory should get created - /etc/sudoers.d/freedombox should exist -- Contents should be proper -- Users in admin group should be able to sudo - /usr/lib/freedombox/machine-detect should exist and work -- Sunil
From 5782d176928d93e8876e4bcec56e8f487c50a28c Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 19:59:27 +0530 Subject: [PATCH 01/10] Install avahi service files properly Accordingly the man page avahi.service(5) files must be installed as /etc/avahi/services/*.service . However we are installing in /etc/avahi/services/avahi-services/*.service . Fix this. Also move the files to a more heirarchy that is easier to understand. --- avahi-services/domain.service | 12 ------------ avahi-services/sftp-ssh.service | 14 -------------- avahi-services/ssh.service | 12 ------------ avahi-services/xmpp-server.service | 12 ------------ data/etc/avahi/services/domain.service | 12 ++++++++++++ data/etc/avahi/services/sftp-ssh.service | 14 ++++++++++++++ data/etc/avahi/services/ssh.service | 12 ++++++++++++ data/etc/avahi/services/xmpp-server.service | 12 ++++++++++++ debian/freedombox-setup.install | 2 +- 9 files changed, 51 insertions(+), 51 deletions(-) delete mode 100644 avahi-services/domain.service delete mode 100644 avahi-services/sftp-ssh.service delete mode 100644 avahi-services/ssh.service delete mode 100644 avahi-services/xmpp-server.service create mode 100644 data/etc/avahi/services/domain.service create mode 100644 data/etc/avahi/services/sftp-ssh.service create mode 100644 data/etc/avahi/services/ssh.service create mode 100644 data/etc/avahi/services/xmpp-server.service diff --git a/avahi-services/domain.service b/avahi-services/domain.service deleted file mode 100644 index f6210c1..0000000 --- a/avahi-services/domain.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_domain._udp</type> - <port>53</port> - </service> - -</service-group> diff --git a/avahi-services/sftp-ssh.service b/avahi-services/sftp-ssh.service deleted file mode 100644 index bfe1a0f..0000000 --- a/avahi-services/sftp-ssh.service +++ /dev/null @@ -1,14 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_sftp-ssh._tcp</type> - <port>22</port> - <txt-record>path=/home/fbx</txt-record> - <txt-record>u=fbx</txt-record> - </service> - -</service-group> diff --git a/avahi-services/ssh.service b/avahi-services/ssh.service deleted file mode 100644 index 7090f20..0000000 --- a/avahi-services/ssh.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_ssh._tcp</type> - <port>22</port> - </service> - -</service-group> diff --git a/avahi-services/xmpp-server.service b/avahi-services/xmpp-server.service deleted file mode 100644 index 4dc9b06..0000000 --- a/avahi-services/xmpp-server.service +++ /dev/null @@ -1,12 +0,0 @@ -<?xml version="1.0" standalone='no'?><!--*-nxml-*--> -<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> -<service-group> - - <name replace-wildcards="yes">%h</name> - - <service> - <type>_xmpp-server._tcp</type> - <port>5269</port> - </service> - -</service-group> diff --git a/data/etc/avahi/services/domain.service b/data/etc/avahi/services/domain.service new file mode 100644 index 0000000..f6210c1 --- /dev/null +++ b/data/etc/avahi/services/domain.service @@ -0,0 +1,12 @@ +<?xml version="1.0" standalone='no'?><!--*-nxml-*--> +<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> +<service-group> + + <name replace-wildcards="yes">%h</name> + + <service> + <type>_domain._udp</type> + <port>53</port> + </service> + +</service-group> diff --git a/data/etc/avahi/services/sftp-ssh.service b/data/etc/avahi/services/sftp-ssh.service new file mode 100644 index 0000000..bfe1a0f --- /dev/null +++ b/data/etc/avahi/services/sftp-ssh.service @@ -0,0 +1,14 @@ +<?xml version="1.0" standalone='no'?><!--*-nxml-*--> +<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> +<service-group> + + <name replace-wildcards="yes">%h</name> + + <service> + <type>_sftp-ssh._tcp</type> + <port>22</port> + <txt-record>path=/home/fbx</txt-record> + <txt-record>u=fbx</txt-record> + </service> + +</service-group> diff --git a/data/etc/avahi/services/ssh.service b/data/etc/avahi/services/ssh.service new file mode 100644 index 0000000..7090f20 --- /dev/null +++ b/data/etc/avahi/services/ssh.service @@ -0,0 +1,12 @@ +<?xml version="1.0" standalone='no'?><!--*-nxml-*--> +<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> +<service-group> + + <name replace-wildcards="yes">%h</name> + + <service> + <type>_ssh._tcp</type> + <port>22</port> + </service> + +</service-group> diff --git a/data/etc/avahi/services/xmpp-server.service b/data/etc/avahi/services/xmpp-server.service new file mode 100644 index 0000000..4dc9b06 --- /dev/null +++ b/data/etc/avahi/services/xmpp-server.service @@ -0,0 +1,12 @@ +<?xml version="1.0" standalone='no'?><!--*-nxml-*--> +<!DOCTYPE service-group SYSTEM "avahi-service.dtd"> +<service-group> + + <name replace-wildcards="yes">%h</name> + + <service> + <type>_xmpp-server._tcp</type> + <port>5269</port> + </service> + +</service-group> diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 8bfed71..ecbebd5 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -8,4 +8,4 @@ sbin/machine-detect usr/sbin sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin lxc-templates/lxc-debian-freedombox usr/share/lxc/templates -avahi-services etc/avahi/services +data/etc/avahi/services/*.service etc/avahi/services -- 2.5.0 From be0e01ab886cc15202e608383ef970484606665e Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:05:02 +0530 Subject: [PATCH 02/10] Move Apache configuration to a file If Apache configuration is output as a file, it makes upgrades to that file difficult when newer version of freedombox-setup is avialable. Moving to a file managed by Debian infrastucture solves that issue. Also place the file as a available configuration rather than available site as a new site is not created. --- data/etc/apache2/conf-available/freedombox.conf | 11 +++++++++++ debian/freedombox-setup.install | 1 + setup.d/90_apache2 | 17 ++--------------- 3 files changed, 14 insertions(+), 15 deletions(-) create mode 100644 data/etc/apache2/conf-available/freedombox.conf diff --git a/data/etc/apache2/conf-available/freedombox.conf b/data/etc/apache2/conf-available/freedombox.conf new file mode 100644 index 0000000..3156b37 --- /dev/null +++ b/data/etc/apache2/conf-available/freedombox.conf @@ -0,0 +1,11 @@ +## +## Enable HSTS, even for subdomains. +## +Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS + +## +## Redirect traffic on home to /plinth as part of turning the machine +## into FreedomBox server. Plinth then acts as a portal to reach all +## other services. +## +RedirectMatch "^/$" "/plinth" diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index ecbebd5..3c6b5d2 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -8,4 +8,5 @@ sbin/machine-detect usr/sbin sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin lxc-templates/lxc-debian-freedombox usr/share/lxc/templates +data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf data/etc/avahi/services/*.service etc/avahi/services diff --git a/setup.d/90_apache2 b/setup.d/90_apache2 index 802eaa7..f307df8 100755 --- a/setup.d/90_apache2 +++ b/setup.d/90_apache2 @@ -17,21 +17,8 @@ a2enmod alias a2enmod headers # setup freedombox site -cat > /etc/apache2/sites-available/fbx.conf <<'EOF' -## -## Enable HSTS, even for subdomains. -## -Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=HTTPS - -## -## Redirect traffic on home to /plinth as part of turning the machine -## into FreedomBox server. Plinth then acts as a portal to reach all -## other services. -## -RedirectMatch "^/$" "/plinth" -EOF - -a2ensite fbx +a2enconf freedombox + a2ensite 000-default a2ensite default-ssl -- 2.5.0 From 9c87ddd2d0e6c967f19099ffebbc493d8f12d50b Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:10:04 +0530 Subject: [PATCH 03/10] Move sysctl configuration to new heirarchy --- data/etc/sysctl.d/freedombox.conf | 11 +++++++++++ debian/freedombox-setup.install | 2 +- sysctl.d/freedombox-setup.conf | 11 ----------- 3 files changed, 12 insertions(+), 12 deletions(-) create mode 100644 data/etc/sysctl.d/freedombox.conf delete mode 100644 sysctl.d/freedombox-setup.conf diff --git a/data/etc/sysctl.d/freedombox.conf b/data/etc/sysctl.d/freedombox.conf new file mode 100644 index 0000000..f284705 --- /dev/null +++ b/data/etc/sysctl.d/freedombox.conf @@ -0,0 +1,11 @@ +# Reduce writes to flash drives +vm.laptop_mode=5 +vm.swappiness=0 +vm.dirty_writeback_centisecs=1500 +vm.dirty_expire_centisecs=1500 + +# Uncomment the next line to enable packet forwarding for IPv6 +# Enabling this option disables Stateless Address Autoconfiguration +# based on Router Advertisements for this host +net.ipv6.conf.all.forwarding=1 + diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 3c6b5d2..2c5b296 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -2,7 +2,6 @@ setup usr/lib/freedombox setup.d usr/lib/freedombox testsuite usr/lib/freedombox first-run.d usr/lib/freedombox -sysctl.d/freedombox-setup.conf etc/sysctl.d sbin/copy2dream usr/sbin sbin/machine-detect usr/sbin sbin/interface-detect usr/sbin @@ -10,3 +9,4 @@ sbin/tor-get-orport usr/sbin lxc-templates/lxc-debian-freedombox usr/share/lxc/templates data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf data/etc/avahi/services/*.service etc/avahi/services +data/etc/sysctl.d/freedombox.conf etc/sysctl.d diff --git a/sysctl.d/freedombox-setup.conf b/sysctl.d/freedombox-setup.conf deleted file mode 100644 index f284705..0000000 --- a/sysctl.d/freedombox-setup.conf +++ /dev/null @@ -1,11 +0,0 @@ -# Reduce writes to flash drives -vm.laptop_mode=5 -vm.swappiness=0 -vm.dirty_writeback_centisecs=1500 -vm.dirty_expire_centisecs=1500 - -# Uncomment the next line to enable packet forwarding for IPv6 -# Enabling this option disables Stateless Address Autoconfiguration -# based on Router Advertisements for this host -net.ipv6.conf.all.forwarding=1 - -- 2.5.0 From a4079f98756825a25a331d701f5153f37e7107bf Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:11:20 +0530 Subject: [PATCH 04/10] Move LXC template to new heirarchy --- data/usr/share/lxc/templates/lxc-debian-freedombox | 370 +++++++++++++++++++++ debian/freedombox-setup.install | 2 +- lxc-templates/lxc-debian-freedombox | 370 --------------------- 3 files changed, 371 insertions(+), 371 deletions(-) create mode 100755 data/usr/share/lxc/templates/lxc-debian-freedombox delete mode 100755 lxc-templates/lxc-debian-freedombox diff --git a/data/usr/share/lxc/templates/lxc-debian-freedombox b/data/usr/share/lxc/templates/lxc-debian-freedombox new file mode 100755 index 0000000..753bc78 --- /dev/null +++ b/data/usr/share/lxc/templates/lxc-debian-freedombox @@ -0,0 +1,370 @@ +#!/bin/bash + +# +# lxc: linux Container library + +# Authors: +# Daniel Lezcano <daniel.lezc...@free.fr> + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# ============================================================== +# This is a slightly modified version by Rob van der Hoeven +# I use it for my FreedomBox project: http://freedomboxblog.nl +# ============================================================== + +SUITE=${SUITE:-squeeze} +MIRROR=${MIRROR:-http://http.debian.net/debian} + +configure_debian() +{ + rootfs=$1 + hostname=$2 + + # squeeze only has /dev/tty and /dev/tty0 by default, + # therefore creating missing device nodes for tty1-4. + for tty in $(seq 1 4); do + if [ ! -e $rootfs/dev/tty$tty ]; then + mknod $rootfs/dev/tty$tty c 4 $tty + fi + done + + # configure the inittab + cat <<EOF > $rootfs/etc/inittab +id:3:initdefault: +si::sysinit:/etc/init.d/rcS +l0:0:wait:/etc/init.d/rc 0 +l1:1:wait:/etc/init.d/rc 1 +l2:2:wait:/etc/init.d/rc 2 +l3:3:wait:/etc/init.d/rc 3 +l4:4:wait:/etc/init.d/rc 4 +l5:5:wait:/etc/init.d/rc 5 +l6:6:wait:/etc/init.d/rc 6 +# Normally not reached, but fallthrough in case of emergency. +z6:6:respawn:/sbin/sulogin +1:2345:respawn:/sbin/getty 38400 console +c1:12345:respawn:/sbin/getty 38400 tty1 linux +c2:12345:respawn:/sbin/getty 38400 tty2 linux +c3:12345:respawn:/sbin/getty 38400 tty3 linux +c4:12345:respawn:/sbin/getty 38400 tty4 linux +p6::ctrlaltdel:/sbin/init 6 +p0::powerfail:/sbin/init 0 +EOF + + # disable selinux in debian + mkdir -p $rootfs/selinux + echo 0 > $rootfs/selinux/enforce + + # configure the network using the dhcp + cat <<EOF > $rootfs/etc/network/interfaces +auto lo +iface lo inet loopback + +auto eth0 +iface eth0 inet dhcp +EOF + + # set the hostname + cat <<EOF > $rootfs/etc/hostname +$hostname +EOF + + # let dhcp client report the hostname to DHCP server + cat <<EOF >> $rootfs/etc/dhcp/dhclient.conf +send host-name "$hostname"; +send vendor-class-identifier "lxc.module"; +EOF + + # reconfigure some services + if [ -z "$LANG" ]; then + chroot $rootfs locale-gen en_US.UTF-8 UTF-8 + chroot $rootfs update-locale LANG=en_US.UTF-8 + else + chroot $rootfs locale-gen $LANG $(echo $LANG | cut -d. -f2) + chroot $rootfs update-locale LANG=$LANG + fi + + # remove pointless services in a container + chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove + chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove + chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove + chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove + + echo "root:root" | chroot $rootfs chpasswd + echo "Root password is 'root', please change !" + + return 0 +} + +cleanup() +{ + rm -rf $cache/partial-$SUITE-$arch + rm -rf $cache/rootfs-$SUITE-$arch +} + +download_debian() +{ + packages=\ +ifupdown,\ +locales,\ +libui-dialog-perl,\ +dialog,\ +isc-dhcp-client,\ +netbase,\ +net-tools,\ +iproute,\ +openssh-server + + cache=$1 + arch=$2 + + trap cleanup EXIT SIGHUP SIGINT SIGTERM + # check the mini debian was not already downloaded + mkdir -p "$cache/partial-$SUITE-$arch" + if [ $? -ne 0 ]; then + echo "Failed to create '$cache/partial-$SUITE-$arch' directory" + return 1 + fi + + # download a mini debian into a cache + echo "Downloading debian minimal ..." + debootstrap --verbose --variant=minbase --arch=$arch \ + --include=$packages \ + "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR + if [ $? -ne 0 ]; then + echo "Failed to download the rootfs, aborting." + return 1 + fi + + mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch" + echo "Download complete." + trap EXIT + trap SIGINT + trap SIGTERM + trap SIGHUP + + return 0 +} + +copy_debian() +{ + cache=$1 + arch=$2 + rootfs=$3 + + # make a local copy of the minidebian + echo -n "Copying rootfs to $rootfs..." + mkdir -p $rootfs + rsync -Ha "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1 + return 0 +} + +install_debian() +{ + cache="/var/cache/lxc/debian-$SUITE" + rootfs=$1 + mkdir -p /var/lock/subsys/ + ( + flock -n -x 200 + if [ $? -ne 0 ]; then + echo "Cache repository is busy." + return 1 + fi + + arch=$(dpkg --print-architecture) + + echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... " + if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then + download_debian $cache $arch + if [ $? -ne 0 ]; then + echo "Failed to download 'debian base'" + return 1 + fi + fi + + copy_debian $cache $arch $rootfs + if [ $? -ne 0 ]; then + echo "Failed to copy rootfs" + return 1 + fi + + return 0 + + ) 200>/var/lock/subsys/lxc-debian + + return $? +} + +# nice trick from: http://mindref.blogspot.com/2011/01/debian-lxc-create.html +hex() +{ + echo "`tr -dc A-F0-9 < /dev/urandom | head -c 2 | xargs`" +} + +copy_configuration() +{ + path=$1 + rootfs=$2 + hostname=$3 + + grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config + cat <<EOF >> $path/config +lxc.tty = 4 +lxc.pts = 1024 +lxc.utsname = $hostname + +# When using LXC with apparmor, uncomment the next line to run unconfined: +#lxc.aa_profile = unconfined + +lxc.cgroup.devices.deny = a +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +# consoles +lxc.cgroup.devices.allow = c 5:1 rwm +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 4:0 rwm +lxc.cgroup.devices.allow = c 4:1 rwm +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:9 rwm +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 136:* rwm +lxc.cgroup.devices.allow = c 5:2 rwm +# rtc +lxc.cgroup.devices.allow = c 254:0 rwm + +# mounts point +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = devpts dev/pts devpts defaults 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 + +# networking +lxc.network.type = veth +lxc.network.flags = up +lxc.network.link = br0 +lxc.network.ipv4 = 0.0.0.0/24 +lxc.network.hwaddr = 00:1E:$(hex):$(hex):$(hex):$(hex) +EOF + + if [ $? -ne 0 ]; then + echo "Failed to add configuration" + return 1 + fi + + return 0 +} + +clean() +{ + cache="/var/cache/lxc/debian-$SUITE" + + if [ ! -e $cache ]; then + exit 0 + fi + + # lock, so we won't purge while someone is creating a repository + ( + flock -x 200 + if [ $? != 0 ]; then + echo "Cache repository is busy." + exit 1 + fi + + echo -n "Purging the download cache..." + rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 + exit 0 + + ) 200>/var/lock/subsys/lxc-debian +} + +usage() +{ + cat <<EOF +$1 -h|--help -p|--path=<path> --clean +EOF + return 0 +} + +options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@") +if [ $? -ne 0 ]; then + usage $(basename $0) + exit 1 +fi +eval set -- "$options" + +while true +do + case "$1" in + -h|--help) usage $0 && exit 0;; + -p|--path) path=$2; shift 2;; + -n|--name) name=$2; shift 2;; + -c|--clean) clean=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +if [ ! -z "$clean" -a -z "$path" ]; then + clean || exit 1 + exit 0 +fi + +type debootstrap +if [ $? -ne 0 ]; then + echo "'debootstrap' command is missing" + exit 1 +fi + +if [ -z "$path" ]; then + echo "'path' parameter is required" + exit 1 +fi + +if [ "$(id -u)" != "0" ]; then + echo "This script should be run as 'root'" + exit 1 +fi + +# detect rootfs +config="$path/config" +if grep -q '^lxc.rootfs' $config 2>/dev/null ; then + rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'` +else + rootfs=$path/rootfs +fi + + +install_debian $rootfs +if [ $? -ne 0 ]; then + echo "failed to install debian" + exit 1 +fi + +configure_debian $rootfs $name +if [ $? -ne 0 ]; then + echo "failed to configure debian for a container" + exit 1 +fi + +copy_configuration $path $rootfs $name +if [ $? -ne 0 ]; then + echo "failed write configuration file" + exit 1 +fi + +if [ ! -z $clean ]; then + clean || exit 1 + exit 0 +fi diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 2c5b296..76e2a6d 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -6,7 +6,7 @@ sbin/copy2dream usr/sbin sbin/machine-detect usr/sbin sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin -lxc-templates/lxc-debian-freedombox usr/share/lxc/templates data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf data/etc/avahi/services/*.service etc/avahi/services data/etc/sysctl.d/freedombox.conf etc/sysctl.d +data/usr/share/lxc/templates/lxc-debian-freedombox usr/share/lxc/templates diff --git a/lxc-templates/lxc-debian-freedombox b/lxc-templates/lxc-debian-freedombox deleted file mode 100755 index 753bc78..0000000 --- a/lxc-templates/lxc-debian-freedombox +++ /dev/null @@ -1,370 +0,0 @@ -#!/bin/bash - -# -# lxc: linux Container library - -# Authors: -# Daniel Lezcano <daniel.lezc...@free.fr> - -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. - -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. - -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -# ============================================================== -# This is a slightly modified version by Rob van der Hoeven -# I use it for my FreedomBox project: http://freedomboxblog.nl -# ============================================================== - -SUITE=${SUITE:-squeeze} -MIRROR=${MIRROR:-http://http.debian.net/debian} - -configure_debian() -{ - rootfs=$1 - hostname=$2 - - # squeeze only has /dev/tty and /dev/tty0 by default, - # therefore creating missing device nodes for tty1-4. - for tty in $(seq 1 4); do - if [ ! -e $rootfs/dev/tty$tty ]; then - mknod $rootfs/dev/tty$tty c 4 $tty - fi - done - - # configure the inittab - cat <<EOF > $rootfs/etc/inittab -id:3:initdefault: -si::sysinit:/etc/init.d/rcS -l0:0:wait:/etc/init.d/rc 0 -l1:1:wait:/etc/init.d/rc 1 -l2:2:wait:/etc/init.d/rc 2 -l3:3:wait:/etc/init.d/rc 3 -l4:4:wait:/etc/init.d/rc 4 -l5:5:wait:/etc/init.d/rc 5 -l6:6:wait:/etc/init.d/rc 6 -# Normally not reached, but fallthrough in case of emergency. -z6:6:respawn:/sbin/sulogin -1:2345:respawn:/sbin/getty 38400 console -c1:12345:respawn:/sbin/getty 38400 tty1 linux -c2:12345:respawn:/sbin/getty 38400 tty2 linux -c3:12345:respawn:/sbin/getty 38400 tty3 linux -c4:12345:respawn:/sbin/getty 38400 tty4 linux -p6::ctrlaltdel:/sbin/init 6 -p0::powerfail:/sbin/init 0 -EOF - - # disable selinux in debian - mkdir -p $rootfs/selinux - echo 0 > $rootfs/selinux/enforce - - # configure the network using the dhcp - cat <<EOF > $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp -EOF - - # set the hostname - cat <<EOF > $rootfs/etc/hostname -$hostname -EOF - - # let dhcp client report the hostname to DHCP server - cat <<EOF >> $rootfs/etc/dhcp/dhclient.conf -send host-name "$hostname"; -send vendor-class-identifier "lxc.module"; -EOF - - # reconfigure some services - if [ -z "$LANG" ]; then - chroot $rootfs locale-gen en_US.UTF-8 UTF-8 - chroot $rootfs update-locale LANG=en_US.UTF-8 - else - chroot $rootfs locale-gen $LANG $(echo $LANG | cut -d. -f2) - chroot $rootfs update-locale LANG=$LANG - fi - - # remove pointless services in a container - chroot $rootfs /usr/sbin/update-rc.d -f checkroot.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f umountfs remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove - chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove - - echo "root:root" | chroot $rootfs chpasswd - echo "Root password is 'root', please change !" - - return 0 -} - -cleanup() -{ - rm -rf $cache/partial-$SUITE-$arch - rm -rf $cache/rootfs-$SUITE-$arch -} - -download_debian() -{ - packages=\ -ifupdown,\ -locales,\ -libui-dialog-perl,\ -dialog,\ -isc-dhcp-client,\ -netbase,\ -net-tools,\ -iproute,\ -openssh-server - - cache=$1 - arch=$2 - - trap cleanup EXIT SIGHUP SIGINT SIGTERM - # check the mini debian was not already downloaded - mkdir -p "$cache/partial-$SUITE-$arch" - if [ $? -ne 0 ]; then - echo "Failed to create '$cache/partial-$SUITE-$arch' directory" - return 1 - fi - - # download a mini debian into a cache - echo "Downloading debian minimal ..." - debootstrap --verbose --variant=minbase --arch=$arch \ - --include=$packages \ - "$SUITE" "$cache/partial-$SUITE-$arch" $MIRROR - if [ $? -ne 0 ]; then - echo "Failed to download the rootfs, aborting." - return 1 - fi - - mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch" - echo "Download complete." - trap EXIT - trap SIGINT - trap SIGTERM - trap SIGHUP - - return 0 -} - -copy_debian() -{ - cache=$1 - arch=$2 - rootfs=$3 - - # make a local copy of the minidebian - echo -n "Copying rootfs to $rootfs..." - mkdir -p $rootfs - rsync -Ha "$cache/rootfs-$SUITE-$arch"/ $rootfs/ || return 1 - return 0 -} - -install_debian() -{ - cache="/var/cache/lxc/debian-$SUITE" - rootfs=$1 - mkdir -p /var/lock/subsys/ - ( - flock -n -x 200 - if [ $? -ne 0 ]; then - echo "Cache repository is busy." - return 1 - fi - - arch=$(dpkg --print-architecture) - - echo "Checking cache download in $cache/rootfs-$SUITE-$arch ... " - if [ ! -e "$cache/rootfs-$SUITE-$arch" ]; then - download_debian $cache $arch - if [ $? -ne 0 ]; then - echo "Failed to download 'debian base'" - return 1 - fi - fi - - copy_debian $cache $arch $rootfs - if [ $? -ne 0 ]; then - echo "Failed to copy rootfs" - return 1 - fi - - return 0 - - ) 200>/var/lock/subsys/lxc-debian - - return $? -} - -# nice trick from: http://mindref.blogspot.com/2011/01/debian-lxc-create.html -hex() -{ - echo "`tr -dc A-F0-9 < /dev/urandom | head -c 2 | xargs`" -} - -copy_configuration() -{ - path=$1 - rootfs=$2 - hostname=$3 - - grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config - cat <<EOF >> $path/config -lxc.tty = 4 -lxc.pts = 1024 -lxc.utsname = $hostname - -# When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined - -lxc.cgroup.devices.deny = a -# /dev/null and zero -lxc.cgroup.devices.allow = c 1:3 rwm -lxc.cgroup.devices.allow = c 1:5 rwm -# consoles -lxc.cgroup.devices.allow = c 5:1 rwm -lxc.cgroup.devices.allow = c 5:0 rwm -lxc.cgroup.devices.allow = c 4:0 rwm -lxc.cgroup.devices.allow = c 4:1 rwm -# /dev/{,u}random -lxc.cgroup.devices.allow = c 1:9 rwm -lxc.cgroup.devices.allow = c 1:8 rwm -lxc.cgroup.devices.allow = c 136:* rwm -lxc.cgroup.devices.allow = c 5:2 rwm -# rtc -lxc.cgroup.devices.allow = c 254:0 rwm - -# mounts point -lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 -lxc.mount.entry = devpts dev/pts devpts defaults 0 0 -lxc.mount.entry = sysfs sys sysfs defaults 0 0 - -# networking -lxc.network.type = veth -lxc.network.flags = up -lxc.network.link = br0 -lxc.network.ipv4 = 0.0.0.0/24 -lxc.network.hwaddr = 00:1E:$(hex):$(hex):$(hex):$(hex) -EOF - - if [ $? -ne 0 ]; then - echo "Failed to add configuration" - return 1 - fi - - return 0 -} - -clean() -{ - cache="/var/cache/lxc/debian-$SUITE" - - if [ ! -e $cache ]; then - exit 0 - fi - - # lock, so we won't purge while someone is creating a repository - ( - flock -x 200 - if [ $? != 0 ]; then - echo "Cache repository is busy." - exit 1 - fi - - echo -n "Purging the download cache..." - rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 - exit 0 - - ) 200>/var/lock/subsys/lxc-debian -} - -usage() -{ - cat <<EOF -$1 -h|--help -p|--path=<path> --clean -EOF - return 0 -} - -options=$(getopt -o hp:n:c -l help,path:,name:,clean -- "$@") -if [ $? -ne 0 ]; then - usage $(basename $0) - exit 1 -fi -eval set -- "$options" - -while true -do - case "$1" in - -h|--help) usage $0 && exit 0;; - -p|--path) path=$2; shift 2;; - -n|--name) name=$2; shift 2;; - -c|--clean) clean=$2; shift 2;; - --) shift 1; break ;; - *) break ;; - esac -done - -if [ ! -z "$clean" -a -z "$path" ]; then - clean || exit 1 - exit 0 -fi - -type debootstrap -if [ $? -ne 0 ]; then - echo "'debootstrap' command is missing" - exit 1 -fi - -if [ -z "$path" ]; then - echo "'path' parameter is required" - exit 1 -fi - -if [ "$(id -u)" != "0" ]; then - echo "This script should be run as 'root'" - exit 1 -fi - -# detect rootfs -config="$path/config" -if grep -q '^lxc.rootfs' $config 2>/dev/null ; then - rootfs=`grep 'lxc.rootfs =' $config | awk -F= '{ print $2 }'` -else - rootfs=$path/rootfs -fi - - -install_debian $rootfs -if [ $? -ne 0 ]; then - echo "failed to install debian" - exit 1 -fi - -configure_debian $rootfs $name -if [ $? -ne 0 ]; then - echo "failed to configure debian for a container" - exit 1 -fi - -copy_configuration $path $rootfs $name -if [ $? -ne 0 ]; then - echo "failed write configuration file" - exit 1 -fi - -if [ ! -z $clean ]; then - clean || exit 1 - exit 0 -fi -- 2.5.0 From 1229c2cf4e7b731eb84d5567c149e05a993085bb Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:12:57 +0530 Subject: [PATCH 05/10] Move PAM configurations to a files - Allows for upgrades and proper removals --- data/usr/share/pam-configs/access-freedombox | 6 ++++++ data/usr/share/pam-configs/mkhomedir-freedombox | 7 +++++++ debian/freedombox-setup.install | 1 + setup.d/30_ldap-server | 23 ++++------------------- 4 files changed, 18 insertions(+), 19 deletions(-) create mode 100644 data/usr/share/pam-configs/access-freedombox create mode 100644 data/usr/share/pam-configs/mkhomedir-freedombox diff --git a/data/usr/share/pam-configs/access-freedombox b/data/usr/share/pam-configs/access-freedombox new file mode 100644 index 0000000..19e6d2c --- /dev/null +++ b/data/usr/share/pam-configs/access-freedombox @@ -0,0 +1,6 @@ +Name: Restrict login using access control table file +Default: yes +Priority: 0 +Account-Type: Additional +Account-Final: + required pam_access.so diff --git a/data/usr/share/pam-configs/mkhomedir-freedombox b/data/usr/share/pam-configs/mkhomedir-freedombox new file mode 100644 index 0000000..ea8601d --- /dev/null +++ b/data/usr/share/pam-configs/mkhomedir-freedombox @@ -0,0 +1,7 @@ +Name: Create home directory during login +Default: yes +Priority: 900 +Session-Type: Additional +Session: + required pam_mkhomedir.so umask=0022 skel=/etc/skel +EOF diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index 76e2a6d..e22a244 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -10,3 +10,4 @@ data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freed data/etc/avahi/services/*.service etc/avahi/services data/etc/sysctl.d/freedombox.conf etc/sysctl.d data/usr/share/lxc/templates/lxc-debian-freedombox usr/share/lxc/templates +data/usr/share/pam-configs/*-freedombox usr/share/pam-configs diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server index 344becd..d83b77a 100755 --- a/setup.d/30_ldap-server +++ b/setup.d/30_ldap-server @@ -31,25 +31,10 @@ echo libnss-ldapd libnss-ldapd/nsswitch multiselect group, passwd, shadow \ | debconf-set-selections DEBIAN_FRONTEND=noninteractive apt-get install -y nslcd libpam-ldapd libnss-ldapd -# Only users in admin group can login -cat <<EOF > /usr/share/pam-configs/access -Name: restrict login using access control table file -Default: yes -Priority: 0 -Account-Type: Additional -Account-Final: - required pam_access.so -EOF - -# Create home directories for LDAP users logging in for the first time -cat <<EOF > /usr/share/pam-configs/mkhomedir -Name: Create home directory during login -Default: yes -Priority: 900 -Session-Type: Additional -Session: - required pam_mkhomedir.so umask=0022 skel=/etc/skel -EOF +# Allow only users in admin group to login: /usr/share/pam-configs/access +# +# Create home directories for LDAP users logging in for the first time: +# /usr/share/pam-configs/mkhomedir-freedombox pam-auth-update --package -- 2.5.0 From 40bd28d8ba9421ce5d60c02b4cafb42503e6e725 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:15:42 +0530 Subject: [PATCH 06/10] Move sudoers configuration to a file --- data/etc/sudoers.d/freedombox | 6 ++++++ debian/freedombox-setup.install | 1 + setup.d/30_ldap-server | 3 ++- 3 files changed, 9 insertions(+), 1 deletion(-) create mode 100644 data/etc/sudoers.d/freedombox diff --git a/data/etc/sudoers.d/freedombox b/data/etc/sudoers.d/freedombox new file mode 100644 index 0000000..8919220 --- /dev/null +++ b/data/etc/sudoers.d/freedombox @@ -0,0 +1,6 @@ +# +# On FreedomBox, allow all users in the 'admin' LDAP group to execute +# commands as root. +# + +%admin ALL=(root) ALL diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index e22a244..d105b4c 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -8,6 +8,7 @@ sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf data/etc/avahi/services/*.service etc/avahi/services +data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d data/usr/share/lxc/templates/lxc-debian-freedombox usr/share/lxc/templates data/usr/share/pam-configs/*-freedombox usr/share/pam-configs diff --git a/setup.d/30_ldap-server b/setup.d/30_ldap-server index d83b77a..73b88ee 100755 --- a/setup.d/30_ldap-server +++ b/setup.d/30_ldap-server @@ -44,4 +44,5 @@ if ! grep -q -- "^-:ALL EXCEPT root fbx (admin):ALL$" \ >> /etc/security/access.conf fi -echo "%admin ALL=(root) ALL" > /etc/sudoers.d/freedombox +# Allow all user of 'admin' LDAP to run commands as root: +# /etc/sudoers.d/freedombox -- 2.5.0 From 0739bf6a010780a3d6bad0f3ad4a69b98ca68cfb Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Thu, 27 Aug 2015 20:27:05 +0530 Subject: [PATCH 07/10] Move machine-detect file to /usr/lib/freedombox This is not a command really useful on the command line for administrators. It is an internal library used by scripts. Hence it is more proper to place it in /usr/lib. --- debian/freedombox-setup.install | 2 +- first-run.d/80_flash-kernel | 2 +- lib/machine-detect | 55 +++++++++++++++++++++++++++++++++++++++++ sbin/machine-detect | 55 ----------------------------------------- 4 files changed, 57 insertions(+), 57 deletions(-) create mode 100755 lib/machine-detect delete mode 100755 sbin/machine-detect diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index d105b4c..afda625 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -2,8 +2,8 @@ setup usr/lib/freedombox setup.d usr/lib/freedombox testsuite usr/lib/freedombox first-run.d usr/lib/freedombox +lib/machine-detect usr/lib/freedombox sbin/copy2dream usr/sbin -sbin/machine-detect usr/sbin sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf diff --git a/first-run.d/80_flash-kernel b/first-run.d/80_flash-kernel index 862462f..9370c87 100755 --- a/first-run.d/80_flash-kernel +++ b/first-run.d/80_flash-kernel @@ -14,7 +14,7 @@ then log_warning_msg "Skipped Flashing Kernel." return else - . machine-detect + . /usr/lib/freedombox/machine-detect if [ "$MACHINE" = "dreamplug" ]; then kernel_version="$(/bin/ls $mountpoint/boot/vmlinuz-*-kirkwood | sort -rn | head -n1 | sed s#$mountpoint/boot/vmlinuz-##)" else diff --git a/lib/machine-detect b/lib/machine-detect new file mode 100755 index 0000000..be1e0f2 --- /dev/null +++ b/lib/machine-detect @@ -0,0 +1,55 @@ +#!/bin/sh +# +# Exports the currently-detected hardware to MACHINE. +# +# Return true if the MACHINE was detected, and false otherwise. +# +# Currently look in /sys/devices for indicators. +# +# Other possibilities: +# +# echo $(cat /proc/device-tree/model) +# Globalscale Technologies Dreamplug + +MACHINE="" + +case $(dpkg --print-architecture) in + armel) + # Matches these: + # /sys/devices/gpio-leds.1/leds/dreamplug:blue:bluetooth + # /sys/devices/gpio-leds.1/leds/dreamplug:green:wifi_ap + # /sys/devices/gpio-leds.1/leds/dreamplug:green:wifi + if find /sys/devices -name 'dreamplug:*' | grep -q dreamplug: ; then + MACHINE=dreamplug + fi + + # Matches these: + # /sys/devices/leds.7/leds/beaglebone:green:heartbeat + # /sys/devices/leds.7/leds/beaglebone:green:mmc0 + # /sys/devices/leds.7/leds/beaglebone:green:usr2 + # /sys/devices/leds.7/leds/beaglebone:green:usr3 + if find /sys/devices -name 'beaglebone:*' | grep -q beaglebone: ; then + MACHINE=beaglebone + fi + ;; + + armhf) + # Matches these: + # /sys/devices/leds.7/leds/beaglebone:green:heartbeat + # /sys/devices/leds.7/leds/beaglebone:green:mmc0 + # /sys/devices/leds.7/leds/beaglebone:green:usr2 + # /sys/devices/leds.7/leds/beaglebone:green:usr3 + if find /sys/devices -name 'beaglebone:*' | grep -q beaglebone: ; then + MACHINE=beaglebone + fi + ;; +esac + +export MACHINE + +if [ -n "$MACHINE" ] +then + return 0 +fi + +return 1 diff --git a/sbin/machine-detect b/sbin/machine-detect deleted file mode 100755 index be1e0f2..0000000 --- a/sbin/machine-detect +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/sh -# -# Exports the currently-detected hardware to MACHINE. -# -# Return true if the MACHINE was detected, and false otherwise. -# -# Currently look in /sys/devices for indicators. -# -# Other possibilities: -# -# echo $(cat /proc/device-tree/model) -# Globalscale Technologies Dreamplug - -MACHINE="" - -case $(dpkg --print-architecture) in - armel) - # Matches these: - # /sys/devices/gpio-leds.1/leds/dreamplug:blue:bluetooth - # /sys/devices/gpio-leds.1/leds/dreamplug:green:wifi_ap - # /sys/devices/gpio-leds.1/leds/dreamplug:green:wifi - if find /sys/devices -name 'dreamplug:*' | grep -q dreamplug: ; then - MACHINE=dreamplug - fi - - # Matches these: - # /sys/devices/leds.7/leds/beaglebone:green:heartbeat - # /sys/devices/leds.7/leds/beaglebone:green:mmc0 - # /sys/devices/leds.7/leds/beaglebone:green:usr2 - # /sys/devices/leds.7/leds/beaglebone:green:usr3 - if find /sys/devices -name 'beaglebone:*' | grep -q beaglebone: ; then - MACHINE=beaglebone - fi - ;; - - armhf) - # Matches these: - # /sys/devices/leds.7/leds/beaglebone:green:heartbeat - # /sys/devices/leds.7/leds/beaglebone:green:mmc0 - # /sys/devices/leds.7/leds/beaglebone:green:usr2 - # /sys/devices/leds.7/leds/beaglebone:green:usr3 - if find /sys/devices -name 'beaglebone:*' | grep -q beaglebone: ; then - MACHINE=beaglebone - fi - ;; -esac - -export MACHINE - -if [ -n "$MACHINE" ] -then - return 0 -fi - -return 1 -- 2.5.0 From 3592bb06a604aed3914df4106af82fb6bb275d77 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Fri, 28 Aug 2015 20:13:56 +0530 Subject: [PATCH 08/10] Add Lintian override for Apache configuration name --- debian/freedombox-setup.lintian-overrides | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 debian/freedombox-setup.lintian-overrides diff --git a/debian/freedombox-setup.lintian-overrides b/debian/freedombox-setup.lintian-overrides new file mode 100644 index 0000000..5eb42c8 --- /dev/null +++ b/debian/freedombox-setup.lintian-overrides @@ -0,0 +1,6 @@ +# This lintian check is meant for making sure there are no clashes +# when Apache configuration files are installed. Given the uniqueness +# of the name for FreedomBox configuration (freedombox.conf), this is +# taken care of. freedombox-setup is configure Apache for FreedomBox +# and not for itself. +freedombox-setup binary: non-standard-apache2-configuration-name freedombox.conf != freedombox-setup.conf -- 2.5.0 From b0a76bd4cf0e0dd9cf2cd105965e2b4ac9debfda Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Fri, 28 Aug 2015 20:46:49 +0530 Subject: [PATCH 09/10] Fix install path of Apache configuration file --- debian/freedombox-setup.install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/freedombox-setup.install b/debian/freedombox-setup.install index afda625..fa31e65 100644 --- a/debian/freedombox-setup.install +++ b/debian/freedombox-setup.install @@ -6,7 +6,7 @@ lib/machine-detect usr/lib/freedombox sbin/copy2dream usr/sbin sbin/interface-detect usr/sbin sbin/tor-get-orport usr/sbin -data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available/freedombox.conf +data/etc/apache2/conf-available/freedombox.conf etc/apache2/conf-available data/etc/avahi/services/*.service etc/avahi/services data/etc/sudoers.d/freedombox etc/sudoers.d data/etc/sysctl.d/freedombox.conf etc/sysctl.d -- 2.5.0 From 22c2fc34a4966939b0842784cf4df218042003c1 Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa <su...@medhas.org> Date: Sat, 29 Aug 2015 16:55:22 +0530 Subject: [PATCH 10/10] Fix issue with PAM configuration --- data/usr/share/pam-configs/mkhomedir-freedombox | 1 - 1 file changed, 1 deletion(-) diff --git a/data/usr/share/pam-configs/mkhomedir-freedombox b/data/usr/share/pam-configs/mkhomedir-freedombox index ea8601d..eedc8b7 100644 --- a/data/usr/share/pam-configs/mkhomedir-freedombox +++ b/data/usr/share/pam-configs/mkhomedir-freedombox @@ -4,4 +4,3 @@ Priority: 900 Session-Type: Additional Session: required pam_mkhomedir.so umask=0022 skel=/etc/skel -EOF -- 2.5.0
signature.asc
Description: OpenPGP digital signature
