...
 
Commits (2)
......@@ -16,66 +16,93 @@ build/server_data.vdi:
qemu-img convert -f vvfat -O vdi fat:32:build/empty $@
@VBoxManage internalcommands sethduuid $@ 11111111-99aa-0000-8899-aabbccddeeff
.PHONY: start-vms
start-vms: build/server.vmdk
vagrant up
#XXX Get deps right to reprovision VMs w/ files change? Probably need explicit "provision" targets...
INET=build/stamp/inet
inet: $(INET)
$(INET):
@mkdir -p build/stamp
vagrant up inet
@test -f $@ || ( echo "provisioning $(notdir $@) failed" && false )
BOUNDERY=build/stamp/boundery.me
boundery: $(BOUNDERY)
$(BOUNDERY): $(INET)
@mkdir -p build/stamp
vagrant up boundery.me
@test -f $@ || ( echo "provisioning $(notdir $@) failed" && false )
ROUTER=build/stamp/router
router: $(ROUTER)
$(ROUTER):
@mkdir -p build/stamp
vagrant up router
@test -f $@ || ( echo "provisioning $(notdir $@) failed" && false )
CLIENT=build/stamp/client
client: $(CLIENT)
$(CLIENT): $(ROUTER) $(INET) build/server.vmdk
@mkdir -p build/stamp
vagrant up client
@test -f $@ || ( echo "provisioning $(notdir $@) failed" && false )
BOUNDERY_SSHCONF=build/boundery.sshconf
boundery-sshconf: $(BOUNDERY_SSHCONF)
$(BOUNDERY_SSHCONF): start-vms
$(BOUNDERY_SSHCONF): $(BOUNDERY)
@mkdir -p build
@vagrant ssh-config boundery.me | grep -v User > $@
vagrant ssh boundery.me -c 'sudo cp -r .ssh /root/'
upload-central: start-vms $(BOUNDERY_SSHCONF)
@test $(CENTRAL_SRC) || ( echo 'set CENTRAL_SRC' && false)
upload-central: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(CENTRAL_SRC) || ( echo 'set CENTRAL_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
vagrant upload $(CENTRAL_SRC)/setupserver /tmp/setupserver boundery.me
vagrant ssh boundery.me -c 'echo fakepasswd | sudo /tmp/setupserver'
SERVER=boundery.me SSH_CONF=`readlink -f $(BOUNDERY_SSHCONF)` make -C $(CENTRAL_SRC) deploy
#XXX Change client/image uploads to use make deploy just like upload-central.
upload-linux: start-vms $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false)
upload-linux: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
make -C $(CLIENT_SRC) linux
vagrant ssh boundery.me -c 'sudo mkdir -p /root/data/sslnginx/html/clients'
scp -F $(BOUNDERY_SSHCONF) $(CLIENT_SRC)/linux/*.tar.gz \
root@boundery.me:/root/data/sslnginx/html/clients/
upload-windows: start-vms $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false)
upload-windows: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
make -C $(CLIENT_SRC) windows
vagrant ssh boundery.me -c 'sudo mkdir -p /root/data/sslnginx/html/clients'
scp -F $(BOUNDERY_SSHCONF) $(CLIENT_SRC)/windows/*.msi \
root@boundery.me:/root/data/sslnginx/html/clients/
upload-macos: start-vms $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false)
upload-macos: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(CLIENT_SRC) || ( echo 'set CLIENT_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
make -C $(CLIENT_SRC) macos
vagrant ssh boundery.me -c 'sudo mkdir -p /root/data/sslnginx/html/clients'
scp -F $(BOUNDERY_SSHCONF) $(CLIENT_SRC)/macOS/*.dmg \
root@boundery.me:/root/data/sslnginx/html/clients/
upload-pczip: start-vms $(BOUNDERY_SSHCONF)
@test $(OS_SRC) || ( echo 'set OS_SRC' && false)
upload-pczip: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(OS_SRC) || ( echo 'set OS_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
make -C $(OS_SRC) pc_zip
vagrant ssh boundery.me -c 'sudo mkdir -p /root/data/sslnginx/html/images'
scp -F $(BOUNDERY_SSHCONF) $(OS_SRC)/build/amd64/images/pc.zip \
root@boundery.me:/root/data/sslnginx/html/images/
upload-rpi3zip: start-vms $(BOUNDERY_SSHCONF)
@test $(OS_SRC) || ( echo 'set OS_SRC' && false)
upload-rpi3zip: $(BOUNDERY) $(BOUNDERY_SSHCONF)
@test $(OS_SRC) || ( echo 'set OS_SRC' && false )
vagrant ssh boundery.me -c '[ -f /usr/local/share/ca-certificates/pebble.minica.crt ]'
make -C $(OS_SRC) rpi3_zip
vagrant ssh boundery.me -c 'sudo mkdir -p /root/data/sslnginx/html/images'
scp -F $(BOUNDERY_SSHCONF) $(OS_SRC)/build/arm64/images/rpi3.zip \
root@boundery.me:/root/data/sslnginx/html/images/
test-linux-pczip: start-vms build/server_data.vdi
#XXX Make this depend on a stamp that pczip/linux/central are uploaded...
test-linux-pczip: $(CLIENT) $(BOUNDERY) build/server_data.vdi
vagrant halt -f server
vagrant provision --provision-with install client
@mdel -ibuild/server.img@@1M ::/pairingkey 2>/dev/null || true
......
......@@ -12,6 +12,12 @@ Vagrant.configure("2") do |config|
vb.linked_clone = true
end
config.trigger.after :destroy do |trigger|
trigger.ruby do |env, machine|
`rm -f build/stamp/#{machine.name}`
end
end
################# SIMULATED INTERNET #################
config.vm.define "inet" do |inet|
inet.vm.hostname = "inet"
......@@ -20,6 +26,8 @@ Vagrant.configure("2") do |config|
inet.vm.network "private_network", ip: "30.0.1.1",
virtualbox__intnet: "boundery_inet"
inet.vm.provision "shell", inline: <<-SHELL
set -e
sudo apt-get update
sudo apt-get install -y --no-install-recommends python3-dnslib dnsutils socat netsed
......@@ -28,12 +36,6 @@ Vagrant.configure("2") do |config|
sudo cp /vagrant/inet/intercept.py /usr/local/sbin/
#https://github.com/hal/testsuite.next/blob/master/how-run-pebble.md
#docker run --rm -it -v `pwd`:/output modedemploi/minica \
# -ca-cert pebble.minica.pem -ca-key pebble.minica.key.pem \
# -domains acme-v02.api.letsencrypt.org,acme-staging-v02.api.letsencrypt.org,localhost \
# -ip-addresses 30.0.0.1,30.0.1.1,127.0.0.1
#sudo chown -R ...
if ! [ -x /usr/local/sbin/pebble ]; then
sudo wget https://github.com/letsencrypt/pebble/releases/download/v2.3.0/pebble_linux-amd64 -O /usr/local/sbin/pebble
sudo chmod a+x /usr/local/sbin/pebble
......@@ -46,6 +48,8 @@ Vagrant.configure("2") do |config|
sudo cp /vagrant/inet/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
touch /vagrant/build/stamp/inet
SHELL
end
......@@ -55,6 +59,8 @@ Vagrant.configure("2") do |config|
boundery.vm.network "private_network", auto_config: false,
virtualbox__intnet: "boundery_inet"
boundery.vm.provision "shell", inline: <<-SHELL
set -e
sudo cp /vagrant/boundery/nodnsupdate /etc/dhcp/dhclient-enter-hooks.d/
sudo chmod a+x /etc/dhcp/dhclient-enter-hooks.d/nodnsupdate
......@@ -70,6 +76,8 @@ Vagrant.configure("2") do |config|
sudo cp /vagrant/boundery/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
touch /vagrant/build/stamp/boundery.me
SHELL
end
......@@ -81,6 +89,8 @@ Vagrant.configure("2") do |config|
router.vm.network "private_network", auto_config: false,
virtualbox__intnet: "router_inet"
router.vm.provision "shell", inline: <<-SHELL
set -e
sudo apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get install -y dnsmasq iptables-persistent
......@@ -92,6 +102,8 @@ Vagrant.configure("2") do |config|
sudo cp /vagrant/router/dhcp.conf /vagrant/router/dns.conf /etc/dnsmasq.d/
sudo /etc/init.d/dnsmasq restart
touch /vagrant/build/stamp/router
SHELL
end
......@@ -111,6 +123,8 @@ Vagrant.configure("2") do |config|
client.vm.network "forwarded_port", host: 5900, guest: 5900
client.vm.network "forwarded_port", host: 22222, guest: 22222
client.vm.provision "shell", inline: <<-SHELL
set -e
sudo apt-get update
#XXX We install python3-cffi-backend here due to a briefcase bug. bug 44?
sudo apt-get install -y --no-install-recommends network-manager xvfb x11vnc \
......@@ -122,9 +136,13 @@ Vagrant.configure("2") do |config|
sudo cp /vagrant/client/rc.local /etc/
sudo chmod a+x /etc/rc.local
sudo /etc/rc.local
touch /vagrant/build/stamp/client
SHELL
client.vm.provision "install", type: "shell", run: "never", privileged: false, inline: <<-SHELL
set -e
#XXX Sanity check fakedns, other environment stuff?
if mount | grep -q ^/dev/sdb1; then
......
#!/bin/bash
rm /usr/local/share/ca-certificates/fakeroot.crt
rm -f /usr/local/share/ca-certificates/fakeroot.crt
while [ ! -f /usr/local/share/ca-certificates/fakeroot.crt ]; do
wget --timeout 3 --no-check-certificate https://acme-v02.api.letsencrypt.org:15000/roots/0 -O /usr/local/share/ca-certificates/fakeroot.crt
done
......