#!/bin/bash ################################################################################ ## base routines ## function list_modules() { # define help local help=$(cat < /dev/null printf "\n" fi else echo "Module does not exist" fi } function list_functions() { # define help local help=$(cat <> $MINTLEAF_HOME/modules/$module/$module.md $module ======= TODO EOF [ ! -f $MINTLEAF_HOME/modules/$module/$module.config ] && cat << EOF >> $MINTLEAF_HOME/modules/$module/$module.config EOF [ ! -f $MINTLEAF_HOME/modules/$module/$module.install ] && cat << EOF >> $MINTLEAF_HOME/modules/$module/$module.install #!/bin/bash function install_module() { echo "TODO" } EOF [ ! -f $MINTLEAF_HOME/modules/$module/$module.module ] && cat << EOF >> $MINTLEAF_HOME/modules/$module/$module.module #!/bin/bash EOF [ ! -f $MINTLEAF_HOME/modules/$module/$module.test ] && cat << EOF >> $MINTLEAF_HOME/modules/$module/$module.test #!/bin/bash function test_prerequisites() { echo "TODO" } function test_module() { assert_prerequisites echo "TODO" } EOF [ ! -f $MINTLEAF_HOME/modules/$module/$module.groovy ] && cat << EOF >> $MINTLEAF_HOME/modules/$module/$module.groovy EOF } ################################################################################ ## general routines ## function func_exists() { # define help local help=$(cat < /dev/null if [ "$?" == "0" ]; then echo $result_pos else echo $result_neg fi } function usleep() { # define help local help=$(cat < /dev/null 2>&1 || head -c $len) echo $str } function trim() { # define help local help=$(cat < --max-length HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 1 ]; then echo -e "${help}\n" return fi # get parameters local str=$1 local char=$2 # get optional parameters local allowed_characters= local max_length=255 if [ "$3" != "" ] && [ "$3" != "--allowed-characters" ]; then len=$3 fi while [ "$1" != "" ]; do case $1 in --allowed-characters) shift; allowed_characters=$1 ;; --max-length) shift; max_length=$1 ;; esac shift done # remove unwanted characters local sanitised=$(echo $str | sed "s/[^A-Za-z0-9$allowed_characters]/$char/g") # remove multiple instances of the replacement character sanitised=$(echo $sanitised | sed -r "s/($char)+/$char/g") # limit the length sanitised=$(echo $sanitised | cut -c1-${max_length}) # make it lower case echo $sanitised | tr '[:upper:]' '[:lower:]' } function str_substring() { # define help local help=$(cat < 10#${ver2[i]})); then echo 1 return fi if ((10#${ver1[i]} < 10#${ver2[i]})); then echo -1 return fi done # test the 2nd part if [ "$ver1b" \< "$ver2b" ]; then echo -1 return elif [ "$ver1b" \> "$ver2b" ]; then echo 1 return fi echo 0 } ################################################################################ ## file routines ## function file_escape_name() { # define help local help=$(cat < $tmp_file else sed "s/$str1/$str2/g" $file > $tmp_file fi mv $tmp_file $file } function file_remove_str() { # define help local help=$(cat < $tmp_file else str='1h;1!H;${;g;s/' sed -n "$str$1//g;p;}" $file > $tmp_file fi mv $tmp_file $file } function file_download() { # define help local help=$(cat < URL address of file to download (required). --file Name of output file. --cache-dir Cache directory; file name in that directory must match the file name given as the parameter. --donwload-directory Destination directory where file should be placed after download. --size Check file size after download. --hash Check file hash after download. --hash-algorithm Hash algorithm used to check file. --do-not-cache Do not cache file locally. --force Force to download from given URL address not using cached file or an alternative location. HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 4 ]; then echo -e "${help}\n" return fi # variables local url= local file= local cache_dir=$mintleaf_tmp_dir local download_dir=./ local expected_size=0 local expected_hash= local hash_algorithm="md5" local do_not_cache=$result_neg local force=$result_neg local current_dir=$(pwd) # get parameters while [ "$1" != "" ]; do case $1 in --url) shift; url=$1 ;; --file) shift; file=$1 ;; --cache-dir) shift; cache_dir=$1 ;; --download-directory) shift; download_dir=$1 ;; --size) shift; expected_size=$1 ;; --hash) shift; expected_hash=$1 ;; --hash-algorithm) shift; hash_algorithm=$1 ;; --do-not-cache) do_not_cache=$result_pos ;; --force) force=$result_pos ;; esac shift done # file may have already been downloaded if [ $force == $result_neg ] && [ -s $cache_dir/$file ] && [ ! -s $download_dir/$file ]; then cp -f $cache_dir/$file $download_dir else # download from local network # TODO # download from custom location # TODO # download from given url address if ([ -n $url ] && ([ ! -s $cache_dir/$file ] || [ $force == $result_pos ])); then # try to download wget --tries=1 --connect-timeout=10 $url -O $file # cache file if [ -s $file ]; then mv -f $file $cache_dir fi fi # copy file to the download directory if [ -s $cache_dir/$file ] && [ $cache_dir != $download_dir ]; then cp -f $cache_dir/$file $download_dir fi # do not cache if [ $do_not_cache == $result_pos ]; then rm -f $cache_dir/$file fi fi # check file size if [ $expected_size -ne 0 ] && [ -s $download_dir/$file ]; then local size=$(ls -l $download_dir/$file | awk '{ print $5 }') if [ $expected_size -gt $size ]; then rm -f $download_dir/$file fi fi # return value if [ -s $download_dir/$file ]; then # check file hash if [ -n "$expected_hash" ]; then file_valid_hash $download_dir/$file $expected_hash $hash_algorithm else echo $result_pos fi else echo $result_neg fi cd $current_dir } function file_valid_hash() { # define help local help=$(cat < /dev/null | grep "^/" | sort | uniq } function chroot_dependency_list_all() { # define help local help=$(cat < current depth of recursion (1 by default) --max-depth maximum depth of recursion (3 by default) HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 1 ]; then echo -e "${help}\n" return fi # get parameters local bin=$1 # get optional parameters local cur_depth=1 local max_depth=3 while [ "$1" != "" ]; do case $1 in --cur-depth) shift; cur_depth=$1 ;; --max-depth) shift; max_depth=$1 ;; esac shift done ( local output=$(chroot_dependency_list $bin) for file in $output; do echo "$file" if [ $cur_depth -lt $max_depth ]; then chroot_dependency_list_all $file --cur-depth $(expr $cur_depth + 1) --max-depth $max_depth fi done ) 2> /dev/null | grep "^/" | sort | uniq } function chroot_dependency_copy() { # define help local help=$(cat < /dev/null fi fi } function chroot_create_env() { # define help local help=$(cat < user name to mount their home directory --home-read-only whether user home directory should be mounted as read-only HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 1 ]; then echo -e "${help}\n" return fi # get parameters local dir=$1 # get additional parameters local user= local home_read_only= while [ "$1" != "" ]; do case $1 in --user) shift; user=$1 ;; --home-read-only) home_read_only="--read-only" ;; esac shift done [ ! -d $dir ] && mkdir $dir mkdir -p $dir/{bin,dev/pts,etc,home,lib,lib64,proc,root,sbin,tmp,usr/bin,usr/include,usr/lib,usr/lib64,usr/sbin} chmod 1777 $dir/tmp # /bin chroot_mount_dir /bin $dir/bin --read-only # /dev/pts chroot_mount_dir /dev/pts $dir/dev/pts # /etc chroot_mount_dir /etc $dir/etc --read-only # /lib chroot_mount_dir /lib $dir/lib --read-only # /lib64 chroot_mount_dir /lib64 $dir/lib64 --read-only # /proc chroot_mount_dir /proc $dir/proc # /sbin chroot_mount_dir /sbin $dir/sbin --read-only # /usr/bin chroot_mount_dir /usr/bin $dir/usr/bin --read-only # /usr/include chroot_mount_dir /usr/include $dir/usr/include --read-only # /usr/lib chroot_mount_dir /usr/lib $dir/usr/lib --read-only # /usr/lib64 chroot_mount_dir /usr/lib64 $dir/usr/lib64 --read-only # /usr/sbin chroot_mount_dir /usr/sbin $dir/usr/sbin --read-only rm -f $dir/dev/null mknod -m 666 $dir/dev/null c 1 3 rm -f $dir/dev/zero mknod -m 666 $dir/dev/zero c 1 5 rm -f $dir/dev/random mknod -m 444 $dir/dev/random c 1 8 rm -f $dir/dev/urandom mknod -m 444 $dir/dev/urandom c 1 9 # user home directory if [ -n "$user" ]; then local home_dir=/home/$user if [ "$user" == "root" ]; then home_dir=/root fi if [ -d $home_dir ]; then chroot_mount_dir $home_dir ${dir}${home_dir} $home_read_only fi fi } function chroot_remove_env() { # define help local help=$(cat < --gid --groups --home --shell HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 2 ]; then echo -e "${help}\n" return fi # get parameters local user=$1 local group=$2 # get optional parameters local uid="-K UID_MIN=${uid_min} -K UID_MAX=${uid_max}" local gid="-K GID_MIN=${gid_min} -K GID_MAX=${gid_max}" local groups= local home="-d /dev/null" local shell="-s /usr/sbin/nologin" while [ "$1" != "" ]; do case $1 in --uid) shift; uid="-u ${1}" ;; --gid) shift; gid="-g ${1}" ;; --groups) shift; groups="-G ${1}" ;; --home) shift; home="-d ${1}" ;; --shell) shift; shell="-s ${1}" ;; esac shift done groupadd $group $gid useradd $user $uid -g $group $groups $home $shell } function user_delete() { # define help local help=$(cat < /dev/null 2>&1 } ################################################################################ ## security routines ## function security_gen_cert() { # define help local help=$(cat < size of certificate (default is 2048) --days for how many days certificate remains valid (default is 3650) --dir output dirctory HEREDOC ) # check parameters if [ "$1" == "--help" ] || [ $# -lt 1 ]; then echo -e "${help}\n" return fi # get parameters local name=$1 local size=2048 local days=3650 local dir=. while [ "$1" != "" ]; do case $1 in --size) shift; size=$1 ;; --days) shift; days=$1 ;; --dir) shift; dir=$1 ;; esac shift done $cmd_openssl req \ -new -x509 -nodes -sha1 -newkey rsa:$size -days $days -subj "/O=unknown/OU=unknown/CN=$name" \ -keyout $dir/$name.key \ -out $dir/$name.crt cat $dir/$name.crt $dir/$name.key > $dir/$name.pem chmod 400 $dir/$name.{crt,key,pem} }