From 22c1f73e1297981e93a72e3dd6b7f08aed7a4c6b Mon Sep 17 00:00:00 2001
From: r00t <bts@square-r00t.net>
Date: Sun, 20 Nov 2016 05:02:18 -0500
Subject: [PATCH] and some more changes. fleshed out default/distributed ini
 file.

---
 TODO                 |   1 -
 bdisk/chroot.py      |   2 +-
 default.cfg          |   0
 extra/bin/hashgen.py |   8 +
 extra/dist.build.ini | 388 +++++++++++++++++++++++++++++++++++++++++++
 5 files changed, 397 insertions(+), 2 deletions(-)
 delete mode 100644 default.cfg
 create mode 100755 extra/bin/hashgen.py
 create mode 100644 extra/dist.build.ini

diff --git a/TODO b/TODO
index 72e6030..f781a7a 100644
--- a/TODO
+++ b/TODO
@@ -1,4 +1,3 @@
 - maybe use ZConfig? https://pypi.python.org/pypi/ZConfig
 - templating via jinja2:
--- for VERSION_INFO.txt
 -- for syslinux/isolinux configs
diff --git a/bdisk/chroot.py b/bdisk/chroot.py
index 5bf5365..2610c75 100755
--- a/bdisk/chroot.py
+++ b/bdisk/chroot.py
@@ -18,7 +18,7 @@ import pychroot
 #            namespace.mountpoints = {}
 #        namespace.mountpoints.update(values)
 
-def chroot(chrootdir, chroot_hostname, cmd):
+def chroot(chrootdir, chroot_hostname, cmd = '/root/pre-build.sh'):
     # MOUNT the chroot
     mountpoints = psutil.disk_partitions(all = True)
     mounts = []
diff --git a/default.cfg b/default.cfg
deleted file mode 100644
index e69de29..0000000
diff --git a/extra/bin/hashgen.py b/extra/bin/hashgen.py
new file mode 100755
index 0000000..5553465
--- /dev/null
+++ b/extra/bin/hashgen.py
@@ -0,0 +1,8 @@
+#!/bin/env python3
+import crypt
+import getpass
+
+password = getpass.getpass("\nWhat password would you like to hash/salt?\n(NOTE: will NOT echo back!)\n")
+salt = crypt.mksalt(crypt.METHOD_SHA512)
+salthash = crypt.crypt(password, salt)
+print("\nYour salted hash is:\n\t{0}\n".format(salthash))
diff --git a/extra/dist.build.ini b/extra/dist.build.ini
new file mode 100644
index 0000000..2803dab
--- /dev/null
+++ b/extra/dist.build.ini
@@ -0,0 +1,388 @@
+###########################################################
+##                BUILD.CONF SAMPLE FILE                 ##
+###########################################################
+#
+# This file is used to define various variables/settings
+# used by the build script. 
+#
+# It is well-commented, and uses INI syntax.
+# See https://wiki.python.org/moin/ConfigParserExamples
+# for some advanced features if you would like to use
+# them.
+# Blank lines are ignored. Section integrity is important.
+# #- and ;-prefixed lines are comments and are not parsed.
+# If restrictions on input are present, they will be
+# given in a numerical list.
+
+#---------------------------------------------------------#
+# This section controls some aspects about the live
+#	environment itself.
+#---------------------------------------------------------#
+[bdisk]
+
+; The name of the project. If you roll your own and don't
+;	want it called the default, here's where you change it.
+; 0.) Alphanumeric only
+; 1.) 8 characters total or less
+; 2.) No whitespace
+; 3.) ASCII *only*
+; 4.) Will be converted to uppercase if it isn't already
+name = BDISK
+
+; This is used for filenames, etc.
+; I highly recommend it be the same as 'name', but
+;	lowercase.
+; 0.) Alphanumeric only
+; 1.) No whitespace
+; 2.) ASCII *only*
+; 3.) Will be converted to lowercase if it isn't already
+uxname = bdisk
+
+; This string is used for "pretty-printing" of the name.
+; 0.) Can contain whitespace
+; 1.) Can be mixed-case, uppercase, or lowercase
+; 2.) ASCII *only*
+pname = BDisk
+
+; Your/your organization's name.
+; The same rules as 'pname' apply:
+; 0.) Can contain whitespace
+; 1.) Can be mixed-case, uppercase, or lowercase
+; 2.) ASCII *only*
+dev = r00t^2
+
+; What this distribution/project is used for.
+; 0.) Can contain whitespace
+; 1.) Can be mixed-case, uppercase, or lowercase
+; 2.) ASCII *only*
+desc = j00 got 0wnz0r3d lulz.
+
+; Should the root user have a password? IF THIS IS NOT SET,
+;	PASSWORD LOGIN WILL BE DISABLED!
+; If you wish to have a blank password, use the string:
+;	BLANK
+; Do NOT use a plaintext password here. You will need to
+;	generate a salted and hashed string in a
+;	shadow-compatible format.
+; If you need help generating one, see docs/HOWTO.hashgen.
+; If an assistance script is available, the path will be given
+;	(i.e. extras/bin/hashgen.py).
+;
+; Note that if you want an automatic login, this is NOT where
+;	it would be set. It should instead be controlled via:
+;	overlay/etc/systemd/system/getty@ttyN.service.d/autologin.conf
+; In the following format:
+;	[Service]
+;	Type=idle
+;	ExecStart=
+;	ExecStart=-/usr/bin/agetty --autologin <USERNAME> --noclear %I 38400 linux
+;(where N is the TTY number). Alternatively, if booting to a GUI,
+;	it can be set as according to that GUI (e.g. for LXDE,
+; 	overlay/etc/lxdm/lxdm.conf, "autologin=<USERNAME>")
+root_password =
+
+; Should we create a non-root user on the image?
+; Note that this user has full sudo access.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+user = yes
+
+
+#---------------------------------------------------------#
+# This section controls aspects about bdisk:user.
+# Only used if bdisk:user set to True/yes/etc.
+#---------------------------------------------------------#
+[user]
+
+; What username should we use for the live system?
+; Standard *nix username rules apply:
+;	0.) ASCII only
+;	1.) 32 characters or less
+;	2.) Alphanumeric only
+;	3.) Lowercase only
+;	4.) No whitespace
+;	5.) Cannot start with a number
+username = ${bdisk:uxname}
+
+; What comment/description should be used for the user?
+; See passwd(5) if you need details on this.
+; 0.) ASCII only
+name = Default user
+
+; What password should be set for the user, if any?
+; See bdisk:root_password for how to generate this.
+; DO NOT PUT A PLAINTEXT PASSWORD HERE.
+password =
+
+#---------------------------------------------------------#
+# This section controls some aspects about the host
+#	and things like filesystem paths, etc.
+#---------------------------------------------------------#
+[build]
+
+; Where is the base of the BDisk project located?
+; In other words, if you cloned BDisk from git,
+; what is BDisk's working tree directory?
+; 0.) No whitespace
+; 1.) Must exist and be populated with the BDisk's files
+basedir = /opt/dev/bdisk
+
+; This is the output directory of the ISO files when
+; done building. This should not be checked into git.
+; (The files will be very big!)
+; 0.) No whitespace
+; 1.) Will be created if it doesn't exist
+isodir = ${basedir}/iso
+
+; This is a directory where we should save extra
+; source code we download (if we need it).
+; 0.) No whitespace
+; 1.) Will be created if it doesn't exist, and is needed
+srcdir = ${basedir}/extrasrc
+
+; What directory should we use for staging?
+; 0.) No whitespace
+; 1.) Will be created if it doesn't exist
+tempdir = ${basedir}/temp
+
+; Where should we stage the boot files?
+; This should not be the same dir as other options!
+; The default is recommended.
+; 0.) No whitespace
+; 1.) Will be created if it doesn't exist
+archboot = ${tempdir}/${bdisk:name}
+
+; What directory/path should we use as a base 
+; directory for mountpoints?
+; 0.) No whitespace
+; 1.) Will be created if it doesn't exist
+mountpt = /mnt/${bdisk:uxname}
+
+; Should we build a multiarch image? That is to say, the
+; same ISO file can be used for both i686 and x86_64.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+multiarch = yes
+
+; Would you like to enable iPXE functionality?
+; Note that this has no bearing on the 'sync' sections,
+; so one can build e.g. only http files.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+ipxe = yes
+
+; This option should only be enabled if you are on a fairly
+;	powerful, multicore system with plenty of RAM.
+; It will speed the build process along, but will have
+;	some seriously adverse effects if your system
+;	can't handle it.
+; Most modern systems should be fine with leaving it enabled.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+i_am_a_racecar = yes
+
+
+#---------------------------------------------------------#
+# This section controls what we should do with the
+#	resulting build and how to handle uploads, if we
+#	choose to use those features.
+#---------------------------------------------------------#
+[sync]
+
+; Should we generate/prepare HTTP files?
+; This is mostly only useful if you plan on using iPXE.
+; However, it can also include the built ISO file(s).
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+http = yes
+
+; Should we generate/prepare TFTP files?
+; This is mostly only useful if you plan on using more 
+;	traditional (non-iPXE) setups and regualar PXE
+;	bootstrapping into iPXE.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+tftp = yes
+
+; Enable automatic Git pushing for any changes done to the
+;	project itself?
+; If you don't have upstream write access, you'll want to
+;	set this to False.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+git = yes
+
+; Enable rsync pushing for the ISO (and other files, if
+; you choose- useful for iPXE over HTTP(S)).
+rsync = yes
+
+
+#---------------------------------------------------------#
+# This section controls details about HTTP file preparation/
+#	generation. Only used if sync:http = True (or
+#	'yes', etc.)
+#---------------------------------------------------------#
+[http]
+
+; This directory is where to build an HTTP webroot.
+; 0.) No whitespace
+; 1.) If blank, HTTP preparation/generation will not be done
+; 2.) If specified, it will be created if it doesn't exist
+path = ${build:basedir}/http
+
+; What user and group, if applicable, should the HTTP files
+; be owned as? This is most likely going to be either 'http',
+; 'nginx', or 'apache'.
+; 0.) No whitespace
+; 1.) User must exist on system
+; 2.) If sync:httpdir is blank, they will not be used
+user = http
+group = http
+
+
+#---------------------------------------------------------#
+# This section controls details about TFTP file
+#	preparation/generation. Only used if
+#	sync:tftp = True (or 'yes', etc.)
+#---------------------------------------------------------#
+[tftp]
+
+; The directory where we want to build a TFTP root.
+; 0.) No whitespace
+; 1.) If blank, TFTP preparation/generation will not be done
+; 2.) If specified, it will be created if it doesn't exist
+path = ${build:basedir}/tftpboot
+
+; What user and group, if applicable, should the TFTP files
+;	be owned as? This is most likely going to be either
+;	'tftp' or 'root'.
+; 0.) No whitespace
+; 1.) User must exist on system
+; 2.) If sync:tftpdir is blank, they will not be used
+user = root
+group = root
+
+
+#---------------------------------------------------------#
+# This section controls aspects of iPXE building. Only used
+#	if build:ipxe = True (or 'yes', etc.)
+#---------------------------------------------------------#
+[ipxe]
+
+; Build a "mini-ISO"; that is, an ISO file that can be used
+;	to bootstrap an iPXE environment (so you don't need
+;	to set up a traditional PXE environment on your LAN).
+;We'll still build a full standalone ISO no matter what.
+; 0.) Only accepts (case-insensitive):
+;	yes|no
+;	true|false
+;	1|0
+; If it is undefined/commented out, it is assumed to be no.
+iso = yes
+
+; Build a "mini-USB" image? Same concept as the ISO file
+;	but this can be dd'd onto a USB thumbdrive for the
+;	same effect.
+usb = yes
+
+; What URI should iPXE's EMBED script use?
+; DO NOT USE A ',' (comma); instead, replace it with:
+;	%%COMMA%%
+; If you require HTTP BASIC Authentication or HTTP Digest
+; Authentication (untested), you can format it via the
+;	following:
+;
+;	https://user:password@domain.tld/page.php
+;
+; This currently does not work for HTTPS with self-signed
+;	certificates.
+; 0.) REQUIRED if iso and/or usb is set to True/yes/etc.
+; 1.) Must be a valid URI understood by minimal versions
+;	of curl.
+uri = https://bdisk.square-r00t.net
+
+; Path to the (root) CA certificate file iPXE should use.
+; Note that you can use your own CA to sign existing certs.
+; See http://ipxe.org/crypto for more info. This is handy if
+;	you run a third-party/"Trusted" root-CA-signed
+;	certificate for the HTTPS target.
+; 0.) No whitespace
+; 1.) Must be in PEM/X509 format
+; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
+; 3.) If specified, a matching key (ssl_cakey) MUST be
+;	specified
+; 4.) HOWEVER, if left blank, one will be automatically
+;	generated
+ssl_ca =
+
+; Path to the (root) CA key file iPXE should use.
+; 0.) No whitespace
+; 1.) Must be in PEM/X509 format
+; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
+; 3.) If left blank (and ssl_ca is also blank),
+; 	one will be automatically generated
+; 4.) MUST match ssl_ca if specified
+; 5.) MUST NOT be passphrase-protected
+ssl_cakey =
+
+; Path to the CLIENT certificate iPXE should use.
+; 0.) No whitespace
+; 1.) Must be in PEM/X509 format
+; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
+; 3.) If unspecified, a CA cert (ssl_ca) and key
+;	(ssl_cakey) MUST be specified
+; 4.) HOWEVER, if left blank one will be generated
+; 5.) MUST be signed by ssl_ca/ssl_ca if specified
+ssl_crt =
+
+; Path to the CLIENT key iPXE should use.
+; 0.) No whitespace
+; 1.) Must be in PEM/X509 format
+; 2.) REQUIRED if iso and/or usb is set to True/yes/etc.
+; 4.) If left blank (and ssl_ca is also blank),
+;	one will be automatically generated
+ssl_key =
+
+
+#---------------------------------------------------------#
+# This section controls aspects of rsync pushing. Only used
+# if sync:rsync = True (or 'yes', etc.)
+#---------------------------------------------------------#
+[rsync]
+
+; This is the rsync destination host.
+host = bdisk.square-r00t.net
+
+; This is the remote user we should use when performing the
+; rsync push.
+user = root
+
+; This is the remote destination path we should use for
+;	pushing via rsync.
+; 0.) No whitespace
+; 1.) The path MUST exist on the remote host
+; 2.) The path MUST be writable by rsync:user
+; RECOMMENDED: you'll probably want to set http:(user|group)
+;	to what it'll need to be on the destination.
+path = /srv/http/${bdisk:uxname}_ipxe