clean

Makefile

@@ -1,4 +1,4 @@
-VER := 0.1-beta8c
+VER := 0.1-beta8d
 
 all:
 	make -C guest

docker-compose.yml

@@ -70,6 +70,7 @@ services:
     entrypoint: ["/init.sh"]
 
   router-fix-network:
+    build: router
     image: sf-router
     network_mode: host # host's stack
     cap_add:

guest/fs-root/sf/bin/sf-destructor.sh

@@ -0,0 +1,23 @@
+#! /bin/bash
+
+# Script to keep detached docker instance alive until all the user's
+# processes have terminated (and all shells disconnected)
+
+# Started from 'segfaultsh' via 'docker run' command.
+# This runs inside the sf-guest context (e.g. no access to docker socket)
+
+echo "Processes running: $(ps --no-headers aux|wc -l)"
+# Give user time to attach to a detached docker instance (docker exec)
+sleep 29
+
+while :; do
+	n="$(ps --no-headers aux|wc -l)"
+	[[ -n $SF_DEBUG ]] && { echo "Running: $n"; ps --no-headers aux; }
+	# init, destructor, ps, wc, sub-shell
+	[[ "$n" -lt 6 ]] && break
+	# If encfs died (/sec no longer a directory)
+	[[ -d /sec ]] || break
+	sleep 30
+done
+echo "sf-destructor.sh: DONE"
+

guest/fs-root/sf/bin/sf-motd.sh

@@ -0,0 +1,52 @@
+#! /bin/bash
+
+# CY="\033[1;33m" # yellow
+# CG="\033[1;32m" # green
+CR="\033[1;31m" # red
+# CC="\033[1;36m" # cyan
+# CM="\033[1;35m" # magenta
+# CW="\033[1;37m" # white
+CF="\033[2m"    # faint
+CN="\033[0m"    # none
+
+# CBG="\033[42;1m" # Background Green
+
+# night-mode
+CDY="\033[0;33m" # yellow
+CDG="\033[0;32m" # green
+# CDR="\033[0;31m" # red
+CDC="\033[0;36m" # cyan
+# CDM="\033[0;35m" # magenta
+
+# BINDIR="$(cd "$(dirname "${0}")" || exit; pwd)"
+
+# shellcheck disable=SC1091
+source "/sf/run/vpn/vpn_status" 2>/dev/null
+
+[[ -z $IS_VPN_CONNECTED ]] && VPN_DST="${CR}TOR ${CF}(no VPN)${CN}" || VPN_DST="${CDG}${VPN_EXIT_IP} (${VPN_LOCATION:-UNKNOWN})${CN}"
+YOURIP="${SSH_CONNECTION%%[[:space:]]*}"
+
+echo -e "\
+Your workstation  : ${CDY}${YOURIP:-UNKNOWN}${CN}
+VPN Exit Node     : ${VPN_DST}
+DNS over HTTPS    : ${CDG}Cloudflare${CN}
+TOR Proxy         : ${CDG}${SF_TOR:-UNKNOWN}:9050${CN}
+Persistent storage: ${CDC}/sec ${CF}(encrypted)${CN}"
+[[ -e /config/onion_hostname-80 ]] && {
+	echo -e "\
+Your Web Page     : ${CDC}http://$(cat /config/onion_hostname-80)/${SF_HOSTNAME,,}/${CN}"
+}
+[[ -e /config/onion_hostname-22 ]] && {
+	echo -e "\
+SSH (TOR)         : ${CDC}torsocks ssh -o \"SetEnv SECRET=${SF_SEC:-UNKNOWN}\" \\ \n\
+                       ${SF_USER:-UNKNOWN}@$(cat /config/onion_hostname-22)${CN}"
+}
+[[ -e /sf/run/gsnc-access-22.txt ]] && {
+	echo -e "\
+SSH (gsocket)     : ${CDC}gsocket -s $(cat /sf/run/gsnc-access-22.txt) ssh -o \"SetEnv SECRET=${SF_SEC:-UNKNOWN}\" \\ \n\
+                       ${SF_USER:-UNKNOWN}@${SF_FQDN%.*}.gsocket${CN}"
+}
+
+[[ -n $SF_SSH_PORT ]] && PORTSTR="-p${SF_SSH_PORT} "
+echo -e "\
+SSH               : ${CDC}ssh -o \"SetEnv SECRET=${SF_SEC:-UNKNOWN}\" ${PORTSTR}${SF_USER:-UNKNOWN}@${SF_FQDN:-UNKNOWN}${CN}"

guest/fs-root/sf/bin/sf-setup.sh

@@ -0,0 +1,113 @@
+#! /bin/bash
+
+# Called when guest instance is booting up (created) and before
+# the user shell is spawned.
+# Called within sf-guest context.
+
+# - Set up user's directories (if they dont exist already)
+# - Execute /sec/usr/etc/rc.local
+
+# NOTE: Possible that /sec/root etc already exists (old SECRET used after
+# earlier instance exited) - in which case do nothing.
+
+CR="\033[1;31m" # red
+CN="\033[0m"    # none
+
+ERREXIT()
+{
+	local code
+	code="$1"
+	[[ -z $code ]] && code=99
+
+	shift 1
+	[[ -n $1 ]] && echo -e >&2 "${CR}ERROR:${CN} $*"
+
+	exit "$code"
+}
+
+if [[ -z $SF_DEBUG ]]; then
+	DEBUGF(){ :;}
+else
+	DEBUGF(){ echo -e "${CY}DEBUG:${CN} $*";}
+fi
+
+mkhome()
+{
+	local dir
+	local dirname
+	local usergroup
+	usergroup="$1"
+	dirname="$2"
+
+	dir="/sec/${dirname}"
+
+	# e.g. /sec/root and /sec/home/user
+	[[ -d "$dir" ]] && return # already exists
+
+	DEBUGF "Creating /sec/${dirname}..."
+	cp -a /etc/skel "${dir}"
+	chown -R "${usergroup}" "${dir}"
+	chmod 700 "${dir}"	
+}
+
+# rmsymdir src dst
+# - Clear src and link to dst.
+rmsymdir()
+{
+	local src
+	local dst
+	src="${1:-BAD}"
+	dst="${2:-BAD}"
+
+	# Remove old directory and symlink to /sec/home/user or /sec/root
+	[[ -L "${src}" ]] && return # Already a sym-link
+	[[ -e "${src}" ]] && rm -rf "${src}"
+
+	ln -s "${dst}" "${src}"
+}
+
+setup_rclocal()
+{
+	mkdir -p /sec/usr/etc
+	cp -a /etc/rc.local-example /sec/usr/etc/rc.local
+}
+
+xmkdir()
+{
+	[[ -d "$1" ]] && return
+
+	mkdir -p "$1"
+}
+
+# Setup the instance
+# - Create home directories in /sec/root and /sec/home
+# - 
+setup()
+{
+	cd /
+	[[ -d /sec ]] || ERREXIT 254 "Not found: /sec" # EncFS failed (?)
+
+	# Setup home-directories to /sec
+	mkhome root:root root
+	[[ -d /sec/home ]] || mkdir /sec/home
+	mkhome user:user home/user
+
+	# Fix symlinks
+	DEBUGF "Fixing symlinks..."
+	rmsymdir /home /sec/home
+	rmsymdir /root /sec/root
+
+	# Create useful directory
+	xmkdir /sec/usr/lib
+	xmkdir /sec/usr/bin
+	xmkdir /sec/usr/sbin
+	xmkdir /sec/usr/share
+
+	# Setup rc.local (if not exist) and execute rc.local
+	[[ ! -f /sec/usr/etc/rc.local ]] && setup_rclocal
+	/bin/bash /sec/usr/etc/rc.local
+}
+
+DEBUGF "Setting up user's instance..."
+setup
+

guest/fs-root/usr/sbin/halt

@@ -0,0 +1,6 @@
+#! /bin/sh
+
+# In docker this will 'halt' (hard crash) the instance
+# Send SIGTERM to init (which will send SIGTERM to all childs).
+kill 1
+