The contents of this website are Copyright (c)2007 by Brian Manning <brian at antlinux dot com>. Please do not reuse any of the content on this website without permission from the author.

Go to: Naranja Home Page :: Naranja Done Todos :: Project Naranja User's Guide

Fun commands

Pick the first X number of keys in a directory and move them to another directory

 ls -t  | grep -v keylist | head -n 20 | xargs mv -t ../keys/

Naranja Todos

• keymonger - a manager of GPG/SSL keys
• Build Padlock-enabled versions of OpenSSL (and maybe OpenSSH) using the Debian source packages?
• add a diceware CGI script to the initramfs image, so you can generate passwords online if desired; add a 'passwords only' boot option, which basically makes it into a really expensive password appliance
• put supplemental config files into their own cpio archive that can then be tftp'ed from the server in order to set up the machine
• config.ini parser for the following variables
  • keydir - holds uploaded keys and keys copied from flashdisk
  • flashkeydir - flash disk mount point
  • root_dev - root device to mount loopback
  • httpd_port - port to run httpd on
  • stunnel_port - port to run stunnel on
• come up with a policy for the usage of INFO/TIP colorization and punctuation in the init scripts
• For PXE-boot machines, TXT records from DNS could be used to give the running system configuration hints.
• add hotplug support for devices in the initramfs image (to capture USB thumb drives being inserted)
• finish the install.sh script; it should prep the system (network, LVM volumes, encrypted loopback mounts) for running debootstrap
• See the LVM + Encryption HOWTO for more todo ideas
• GPG key-listing:

 sh list_keys.sh | head -n 3 | tail -n 1 | \ 
 sed 's/sec   1024D\///' | sed 's/ .*$//' | od -a

• Grabbing the name of the encrypted loopback partition (doesn't work 100% yet):

 losetup /dev/loop0 | tr '(' '{' | tr ')' '}' | sed 's/ {\(.*\)} encryption/\1/'

Scripting TODOs

• add a trap call to the rcS/init script so that if the user performs all of the hard drive mounting by hand, they can signal the shell to bypass the mounting portions that failed and exec() the new init() on the newly-mounted encrypted filesystem
• Create a scrub script, which basically wipes the partition table clean and then maybe restarts the installer. This is for testing of the installer script
• Add gen_init_cpio format output to depsh.pl, as well as adding a similar format for creating SquashFS archives (rework the Archive modules?)
• add code to the recipie files and to the make_initramfs.sh script so that recipe dependencies can be specified; all recipes depend on the _base package, but some packages will have additional dependencies; use uniq to filter the dependency list so that each recipe file that's needed to perform a system build is only included once
• add a stats script that gathers statistics on recipe files; numbrt of files|directories|symlinks|devices in a recipe, average number of files in all recipes, number of dependencies, recipe last modified time/CVS version, etc.
• Redo initramfs /init script so that common parts are pulled out, and specific per-system pieces are sourced in. Have some way to indicate what the system-specific file to be sourced in should be called... cat /etc/buildtype?
  • abstract the losetup command into ant_functions, and create a stub shell script that can be called in order to set up the loopback device when running inside the initramfs image

Docs/Website TODOs

• Use the Print version of the Project Naranja website as the primary documentation when the project goes live on Sourceforge. Have a cron job that dumps it nightly onto the Sourceforge site.
• After each step in the installer instructions, have a check step that users can perform prior to moving on to the next step; the user runs the check step, and gets the expected results, or they go back and redo the step or check their work
• Document diceparse.pl so that people can use it. Make the POD docs pretty, and use that in an appendix to the Project Naranja docs
• System disk key management (also see loop-aes docs for examples)
  • Document how to generate GPG keys using diceparse.pl, while at the same time documenting how to use diceware and GPG to hand-generate keys that were super important
  • Document how to use GPG keys that are not part of your private/public keyring. How to unlock the key, edit the password, and how to add keys not in your keyring to an encrypted disk key. Maybe have something in there about adding the real disk encryption keys to your normal keyring and using --key-id to select that key for unlocking the disk partitions
  • add the gnupg-batch.sh script to the website and document each group of steps it performs in the process of generating GNUPG keys; document setting up of rng-tools to speed key generation
  • Document how to use the make_initrd.sh script, including how to create recipe files.
  • Changing the GNUPG key password/passphrase:
    • GPG keys can be stored in any directory on your filesystem where you have write permission. You can specify the directory holding your keys either with the --homedir command, or the $GNUPGHOME environment variable
    • Edit the key you wish to change the password for (located in the current directory) with the following command:

 gpg --no-default-keyring --secret-keyring ./XXXXXXXX.sec --keyring
 ./XXXXXXXX.pub --edit-key 0xXXXXXXXX
 gpg (GnuPG) 1.4.1; Copyright (C) 2005 Free Software Foundation, Inc.
 This program comes with ABSOLUTELY NO WARRANTY.
 This is free software, and you are welcome to redistribute it
 under certain conditions. See the file COPYING for details.

 Secret key is available.

• If you don't see the string Secret key is available., check for permissions errors, missing files, etc.
• Issue the passwd command to change the password; you'll be prompted once for the current password, and twice for the new password

 Command> passwd
 Key is protected.

 You need a passphrase to unlock the secret key for
 user: "Disk Encryption Key (passphrase generated using Diceware) 
 <dns at antlinux dot com>"
 1024-bit DSA key, ID A43D6B6A, created 2006-11-19

 Enter passphrase:

 Enter the new passphrase for this secret key.

 Enter passphrase: [passphrase]
 Repeat passphrase: [passphrase]

 Command> q
 Save changes? (y/N) y

Booting Outline

1. boot the base image (containing loop-aes, rng-tools, UI::Shell, diceparse, and wordlist) via CD-ROM or PXE
   • Redirect kernel output to a file; this may not be possible, because during bootup, the kernel uses printk statements to write text to the console; there's nothing running during bootup to capture/redirect this output
2. Run the installer script
   • The installer script will run individual action scripts containing dialog/whiptail prompts for a specific part of the install process
   • The action scripts could be numbered from 00 to 99, like SRV4 startup scripts, so that they could be run in order by the installer script; each action script that is run can set environment variables for subsequent action scripts to use/act upon
     • Each action script would have a common function (action () {}?), once the script is sourced from the installer script, the action function is run, which will cause the action that the script is supposed to perform to be carried out; see the action demo script for an example of what the install/action scripts would look like
   • A count of action scripts could be taken at the beginning of the execution of the main installer script; this way, each action script that is run, the background title of the child action script could be called with the current step number that the user is within the install process:
     • Project Naranja Installer: Step XX of XX
   • Add a handler for DEBUG mode in all scripts
   • The action scripts would perform the following functions:
3. Set up the disk key file for encrypting the block device (partitions or disks).
   • Break key generation up into smaller chunks, so that key generation can be watched with a dialog/whiptail progress meter thingie
   • Generating the disk key would probably benefit from having rng-tools installed as a package so it can be used by the system installer
4. Set up or download (via USB thumbdrive or HTTP) the GPG encrypted
   • Write scripts that mount a USB drive for saving the disk key file and then unmounting the USB drive, then remounting it to use the disk key file to create the encrypted volume. When you create the encrypted volume, you will need the disk key file password (for keys protected with symmetrical encryption), or a GPG private key and passphrase if the disk key file was protected with GPG asymmetrical encryption
5. Set up the encrypted loopback partition
6. then set up LVM on top of it
7. Install Debian using debootstrap. Other flavors of Linux should be possible, it would depend on whether or not they could allow for some other program to set up partitions prior to running their installer
8. Set up/download SSL keys for system remote restarting
9. Build an initramfs image containing disk key file and SSL key which will allow for access to the system on subsequent reboots. Include:
   • a webserver of some kind, that brings up an SSL-secured web page, and then allows the user to type in a key that unlocks the disk encryption key, and then mounts the fileysystem
   • Wrap stunnel around the following non-HTTPS capable servers:
     • boa
     • thttpd - may also need syslogd to log correctly; test this
     • shttpd
   • maybe include iptables firewalls, along with using knockd to open those firewalls
   • Webserver requirements:
     • logs CGI errors somewhere (but this can be overcome by using CGI::Carp qw(fatalsToBrowser))
     • lets you do Basic Auth
     • allows the listen port to be set from the command line/config file instead of changing source code settings and recompiling
10. Reboot the system and test
11. Use VNC/rdesktop to connect to the Windows computers as needed to get serial console access to the broken Linux machine, or to do local disk mounting if something goes wrong with mounting the encrypted partition over the network