The EJBCA+SignServer LiveCD is a bootable CD image based on some Ubuntu Linux desktop containing an basic installation of the two open source projects EJBCA and SignServer. A live CD/DVD is a great way to get others to try out EJBCA and SignServer with your specific configuration using either virtualization or simple booting the CD.
Running the live CD
Download the latest CD image (ISO, ~700MB, checksum).
Burn to a CD-R disc or DVD or setup a virtual machine to run the image. Booting from the CD might take a long time. After the CD has started the web browser will open.
Note: You will need to have at least 1.5 GB of RAM to run the image. If not you will not be able to login.
Installing to harddrive
As with a regular Ubuntu Live CD the content can also be installed to the harddrive. There is a menu option when booting the CD and also a shortcut on the desktop.
Note: The current version requires the username to be "jboss" and host "livecd" when installing to a harddrive to get automatic startup of EJBCA and SignServer just like on the CD.
Troubleshooting
The live CD will deny user login if it runs out of memory (1512M worked for me) and also EJBCA and SignServer will fail to deploy if JBoss runs out of memory.
Changelog
EJBCA+SignServer LiveCD 2011-jun
- Based on stripped down version of XUbuntu 10.04
- EJBCA 4.0.3
- SignServer 3.2-svn (rXXXX)
- JBoss 5.1.0.GA
- OpenSC 0.12.1
EJBCA+SignServer LiveCD 2010-aug
- Based on stripped down version of XUbuntu 10.04
- EJBCA 3.10.4
- SignServer 3.2-svn (rXXXX)
- JBoss 4.2.3.GA
- OpenSC 0.12.0-svn-r4636
EJBCA+SignServer LiveCD 2010-feb
EJBCA+SignServer LiveCD 2009-nov
EJBCA LiveCD 2008
Building the Live CD
This chapter is for those interested in how we did to build live CD.
Setting up the base
Download xubuntu-10.04-desktop-i386
Setup new virtual machine for Ubuntu 32-bit with 1512 MB RAM and with two network interfaces one NAT and one host only in a new virtual machine (I used VirtualBox but previous versions was setup using VMware).
"Insert" the CD ISO image and power on the machine and follow the instructions to install.
# Username: jboss
# Hostname: livecd
# [X] Login authomatically
Open a terminal and check disk space usage:
df -h
# / is 1.8G
Install OpenSSH server to be able to do remote login
sudo apt-get install openssh-server
(Optional) Login remotely with SSH
ssh jboss@192.168.56.101
Setup Remastersys
For Karmic and newer with Grub2 add the following to /etc/apt/sources.list:
# EJBCA+SignServer Repository with latest
deb http://www.geekconnection.org/remastersys/repository karmic/
Then continue with:
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install remastersys
patch /usr/bin/remastersys (needed for 2.0.7):
Search for HOST piped into /etc/casper.conf and replace $LIVEUSER with $HOST
Comment out removal of sshd host keys, so we can ssh into the livecd.
Install dependencies
# Install JDK
sudo apt-get install openjdk-6-jdk
# Install ANT (without installing GCJ)
sudo apt-get install --no-install-recommends ant ant-optional
(old line: sudo apt-get install ant ant-optional ant-gcj- ant-optional-gcj- gcj-4.4-base- libgcj-common-)
Install JBoss
# Install JBoss 5.1.0.GA
wget "https://sourceforge.net/projects/jboss/files/JBoss/JBoss-5.1.0.GA-jdk6/
jboss-5.1.0.GA-jdk6.zip/download"
unzip jboss-5.1.0.GA-jdk6.zip
ln -s jboss-5.1.0.GA jboss
rm jboss-5.1.0.GA.zip
Configure jboss-log4j.xml to log only INFO level for all other packages than ejbca and signserver.
Also configure it to overwrite the log file on every startup (Append="false").
Create /etc/inid.d/jboss with below content:
### BEGIN INIT INFO
# Provides: jboss
# Short-Description: JBoss AS init script
### END INIT INFO
PATH=/usr/sbin:/usr/bin:/sbin:/bin
NAME=jboss
SCRIPTNAME=/etc/init.d/${NAME}
DO_SNAPSHOT=/sbin/${NAME}-snapshot
case "$1" in
start)
sudo su jboss -c '/home/jboss/jboss/bin/run.sh' &
;;
stop)
sudo su jboss -c '/home/jboss/jboss/bin/shutdown.sh -S'
;;
*)
echo "Usage: $SCRIPTNAME {start|stop}" >&2
exit 3
;;
esac
Make executable and install startup service:
sudo chmod +x /etc/init.d/jboss
sudo update-rc.d jboss defaults
Adjust memory options in jboss/bin/run.conf, adding -XX:MaxPermSize=192m to JAVA_OPTS.
Create autorstart for Firefox:
echo "[Desktop Entry]
Type=Application
Encoding=UTF-8
Version=1.0
Name=No Name
Name[en_US]=Firefox
Exec=/home/jboss/bin/waitAndStart.sh
X-GNOME-Autostart-enabled=true" > /home/jboss/.config/autostart/firefox.desktop
mkdir bin
Create a file /home/jboss/bin/waitAndStart.sh with content:
#!/bin/bash
FILE=file.txt
while [ "`grep Server.*JBoss.*Started /home/jboss/jboss/server/default/log/server.log 2>/dev/null`x" = "x" ]
do
echo .
sleep 2
done | zenity --progress --pulsate --auto-close --title='Please wait' --text='Waiting for JBoss to start...'
if [ "$?" = 1 ] ; then
echo 'Cancel'
else
firefox
fi
Make executable:
chmod +x /home/jboss/bin/waitAndStart.sh
Install EJBCA
wget "http://downloads.sourceforge.net/ejbca/ejbca_4_0_3.zip"
unzip ejbca_4_0_3.zip
rm ejbca_4_0_3.zip
ln -s ejbca_4_0_3 ejbca
mkdir -p ejbca-custom/conf
cp ejbca/conf/ejbca.properties.sample ejbca-custom/conf/ejbca.properties
Edit ejbca-custom/conf/ejbca.properties and set appserver.home:
appserver.home=/home/jboss/jboss
Edit ejbca-custom/conf/install.properties:
ca.dn=CN=AdminCA1,O=EJBCA LiveCD,C=SE
Edit ejbca-custom/conf/web.properties:
httpsserver.hostname=livecd
httpsserver.dn=CN=${httpsserver.hostname},O=EJBCA LiveCD,C=SE
Follow instructions at ejbca.org
ant bootstrap
#start jboss
ant install
#stop jboss
ant deploy
#start jboss
Configure Firefox to show the Admin GUI and import the right superadmin cert from EJBCA.
Also make sure the Root CA certificate of AdminCA1 is installed and trusted.
Install SignServer
Checkout latest SignServer from SVN
sudo apt-get install subversion
mkdir signserver-trunk
cd signserver-trunk
svn co https://signserver.svn.sourceforge.net/svnroot/signserver/trunk/ .
cd ..
ln -s signserver-trunk/signserver signserver
Follow instructions at signserver.org
cd signserver
cp signserver_build.properties.sample signserver_build.properties
Edit signserver_build.propertes and set appserver.home and some other properties:
appserver.home=/home/jboss/jboss
j2ee.web-nohttps=false
httpsserver.keystore=/home/jboss/ejbca/p12/tomcat.jks
validationws.enabled=true
validationclient.enabled=false
includemodulesinbuild=true
Edit /etc/skel/.bashrc:
export SIGNSERVER_NODEID=node1
Edit /home/jboss/.bashrc adding:
export SIGNSERVER_NODEID=node1
export ANT_HOME=/usr/share/ant
export APPSRV_HOME=/home/jboss/jboss
Deploy SignServer
ant deploy
Setup demo signers
chmod +x bin/signserver.sh
bin/signserver.sh module add dist-server/tsa.mar demo
bin/signserver.sh reload 1
bin/signserver.sh module add dist-server/pdfsigner.mar demo
bin/signserver.sh reload 2
bin/signserver.sh module add dist-server/odfsigner.mar demo
bin/signserver.sh reload 3
bin/signserver.sh module add dist-server/ooxmlsigner.mar demo
bin/signserver.sh reload 4
bin/signserver.sh module add dist-server/xmlsigner.mar demo
bin/signserver.sh reload 5
bin/signserver.sh module add dist-server/xmlvalidator.mar demo
bin/signserver.sh reload 6
bin/signserver.sh module add dist-server/mrtdsodsigner.mar demo
bin/signserver.sh reload 7
bin/signserver.sh module add dist-server/cmssigner.mar demo
bin/signserver.sh reload 8
Test each signer
firefox http://livecd:8080/signserver
Fix ODF/OOXML problem
Because of a bug in the version of xmlsec that is included in OpenJDK signing with both ODF signer and OOXML signer will not work unless performing the workaround described in:
https://jira.primekey.se/browse/DSS-168
cp lib/module/ooxmlsigner/*.jar /home/jboss/jboss/lib/endorsed/
sudo apt-get install libxml-security-java
ln -s /usr/share/java/xml-security-1.4.3.jar /home/jboss/jboss/lib/endorsed/xmlsec-1.4.3.jar
cp lib/module/wsra/dom4j.jar /home/jboss/jboss/lib/endorsed/
cp lib/log4j.jar /home/jboss/jboss/lib/endorsed/
cp /home/jboss/jboss/lib/commons-logging.jar /home/jboss/jboss/lib/endorsed/
cp lib/1.6/bcprov-jdk.jar /home/jboss/jboss/lib/endorsed/
Stop JBoss and then deploy
ant clean deploy
Build SignServer-AdminGUI
cd modules/SignServer-AdminGUI
Fix GTK LookAndFeel: Workaround in https://jira.primekey.se/browse/DSS-319
In src/org/signserver/admin/gui/resources/SignServerAdminGUIApplication.properties, change:
Application.lookAndFeel = system
To:
Application.lookAndFeel = com.sun.java.swing.plaf.gtk.GTKLookAndFeel
Build with
ant jar
(Optional) Explode EARs
In order to save space the deployed JAR-files (EAR and WAR etc) can be unzipped and there libraries replaced with symbolic links. However there is no evidence yet that this actually works.
# Explode EARs
cd jboss/server/default/deploy
FILE=signserver && mv $FILE.ear $FILE.zip && mkdir $FILE.ear && unzip $FILE.zip -d $FILE.ear && rm $FILE.zip
cd signserver.ear
FILE=healthcheck && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=signserverws && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=validationws && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=web && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
cd ..
FILE=ejbca && mv $FILE.ear $FILE.zip && mkdir $FILE.ear && unzip $FILE.zip -d $FILE.ear && rm $FILE.zip
cd ejbca.ear
FILE=adminweb && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=cmp && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=doc && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=ejbcaws && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=healthcheck && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=publicweb && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=scep && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=status && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
FILE=webdist && mv $FILE.war $FILE.zip && mkdir $FILE.war && unzip $FILE.zip -d $FILE.war && rm $FILE.zip
# Create symlinks instead of libs in exploded ear for SignServer
cd /home/jboss/jboss/server/default/deploy/signserver.ear/lib
rm activation.jar && ln -s /home/jboss/signserver/lib/jaxws/activation.jar
#asm-3.1.jar
#asm-commons-3.1.jar
#asm-tree-3.1.ja
rm bcmail-jdk.jar && ln -s /home/jboss/signserver/lib/1.6/bcmail-jdk.jar
rm bcprov-jdk.jar && ln -s /home/jboss/signserver/lib/1.6/bcprov-jdk.jar
#bctsp-jdk.jar
#cert-cvc.jar
#commons-fileupload-1.2.1.jar
rm commons-io-1.4.jar && ln -s /home/jboss/signserver/lib/commons-io-1.4.jar
rm commons-lang-2.4.jar && ln -s /home/jboss/signserver/lib/commons-lang-2.4.jar
rm ejbca-util.jar && ln -s /home/jboss/signserver/lib/ejbca-util.jar
rm FastInfoset.jar && ln -s /home/jboss/signserver/lib/jaxws/FastInfoset.jar
rm http.jar && ln -s /home/jboss/signserver/lib/jaxws/http.jar
rm itext.jar && ln -s /home/jboss/signserver/lib/module/pdfsigner/itext/itext.jar
#jaxb-api.jar
#jaxb-impl.jar
#jaxb-xjc.jar
#jaxen-1.1.jar
#jaxws-api.jar
#jaxws-rt.jar
#jsr173_api.jar
#jsr181-api.jar
#jsr250-api.jar
rm log4j.jar && ln -s /home/jboss/signserver/lib/log4j.jar
#mimepull.jar
rm odfdom.jar && ln -s /home/jboss/signserver/lib/module/odfsigner/odfdom.jar
rm openxml4j_beta_v538.jar && ln -s /home/jboss/signserver/lib/module/ooxmlsigner/openxml4j_beta_v538.jar
rm quartz-1.6.0.jar && ln -s /home/jboss/signserver/lib/quartz/quartz-1.6.0.jar
#resolver.jar
#saaj-api.jar
#saaj-impl.jar
#sjsxp.jar
#stax-ex.jar
#streambuffer.jar
rm xercesImpl.jar && ln -s /home/jboss/signserver/lib/module/ooxmlsigner/xercesImpl.jar
# Create symlinks instead of libs in exploded ear for EJBCA
cd /home/jboss/jboss/server/default/deploy/ejbca.ear/lib
#batik/
rm bcmail-jdk15.jar && ln -s /home/jboss/ejbca/lib/bcmail-jdk15.jar
rm bcprov-jdk15.jar && ln -s /home/jboss/ejbca/lib/bcprov-jdk15.jar
rm bctsp-jdk15.jar && ln -s /home/jboss/ejbca/lib/bctsp-jdk15.jar
#cert-cvc.jar
#Optionally: continue to replace more libraries with symblinks...
Other adjustments
Create desktop shortcuts for:
- Live CD index page
- EJBCA CLI
- SignServer CLI
- SignServer Admin GUI
- PDF documents
It's a good idea disable network connectivity checking in Firefox, since your local pages will appear broken if the user doesn't start the LiveDVD with a connected network interface. Enter "about:config" in the URL-bar in Firefox and change the key "toolkit.networkmanager.disable" to "true".
Add product manuals and documentation
cd /home/jboss/jboss/server/default/deploy/jboss-web.deployer/ROOT.war/
cp index.html jboss-index.html
#Replace index.html with the livecd-version of it
mkdir info
#Copy PDFs to info
# Create link to info in home folder and Desktop
ln -s /home/jboss/jboss/server/default/deploy/jboss-web.deployer/ROOT.war/info /home/jboss/info
ln -s /home/jboss/info /home/jboss/Desktop/Products
Enable directory listings in /home/jboss/jboss/server/default/deploy/jboss-web.deployer/conf/web.xml by changing:
<param-name>listings</param-name>
<param-value>false</param-value>
To:
<param-name>listings</param-name>
<param-value>true</param-value>
Copy superadmin.p12
cp /home/jboss/ejbca/p12/superadmin.p12 .
Configure Firefox start page.
Install smart card middleware
Build opensc package
On the latest LiveCD (jun 2011) I simply built from source using the instructions at http://blog.ejbca.org/2011/02/smart-cards-working-with.html.
After building and installing I apt-get removed the installed build dependencies again.
We can have the latest OpenSC from their SVN so we checkout it and builds an debian package for it to install on the live CD. This section can be skipped if using a pre-built opensc package (such as that one we will create now).
# On host computer: Checkout latest opensc snapshot
wget http://www.opensc-project.org/files/opensc/opensc-0.12.1.tar.gz
tar xvf opensc-0.12.1.tar.gz
# get the previous Ubuntu package
sudo apt-get install dpkg-dev
apt-get source opensc
# copy the old debian folder to the new folder
cp -R opensc-0.11.8/debian/ opensc-0.12.1/debian
Remove "debian/tmp/usr/bin/cardos-info" from debian/opensc.install
Remove from debian/libopensc2-dev.install:
debian/tmp/usr/include/*
debian/tmp/usr/bin/opensc-config
debian/tmp/usr/lib/pkgconfig
debian/tmp/usr/share/man/man1/opensc-config.1
debian/tmp/usr/share/man/man3/*
Remove from debian/libopensc2.install:
debian/tmp/usr/lib/libpkcs15init.so.*
debian/tmp/usr/lib/libscconf
Remove from debian/opensc-mozilla.install:
debian/tmp/usr/lib/opensc-signer.so
debian/tmp/usr/lib/opensc-signer.la
Remove from debian/libopensc2-dev.docs:
doc/html.out/api.html
Build and upload source package to repository:
# Test build package
dpkg-buildpackage -rfakeroot
# Build source-only package and sign with GPG key
dpkg-buildpackage -rfakeroot -S -kCC3763C8
# Upload packages to Personal Package Archive (alternatively install .deb manually on livecd)
dput ppa:markuskilas/ppa ../opensc_0.12.0-svn-r4636-0markus1_source.changes
Install the packages
sudo add-apt-repository ppa:user/ppa-name
sudo apt-get update
sudo apt-get install pcscd libccid opensc pcsc-tools
Setup OpenSC in Firefox
- Edit -> Preferences
- Advanced -> Encryption -> Security Devices
- Load
Module Name: OpenSC PKCS#11 Module
Module filename: /usr/lib/opensc/opensc-pkcs11.so
Follow tutorial for initialization of Feitian PKI card
http://www.gooze.eu/howto/smartcard-quickstarter-guide/smart-card-initialization
Prepare for building the distribution
Check disk space usage
df -B 1M
# Used 4751 in /
Clean out as much as possible.
# Extra jboss domains
rm /home/jboss/jboss/server/minimal -rf
rm /home/jboss/jboss/server/all -rf
rm /home/jboss/jboss/server/standard -rf
rm /home/jboss/jboss/server/web -rf
# Libs not yet used by SignServer
rm lib/javaee-api-6.0/ lib/javaee-web-api-6.0/ -rf
rm SignServer-AdminGUI/lib/toplink/ -rf
rm SignServer-AdminGUI/lib/junit* -rf
Remove packages
sudo apt-get remove --yes --purge hplip hplip-data # ~40Mb Printing support
sudo apt-get remove --yes --purge gimp gimp-data # ~48Mb
sudo apt-get remove --yes --purge smbclient # ~34Mb Samba CLI tools (+desktop package removed)
sudo apt-get remove --yes --purge thunderbird # ~30Mb
sudo apt-get remove --yes --purge pidgin pidgin-data # ~28Mb
sudo apt-get remove --yes --purge purple* # ~5Mb
sudo apt-get remove --yes --purge vim-runtime # ~25Mb
sudo apt-get remove --yes --purge gimp-help-common # ~28Mb
sudo apt-get remove --yes --purge foomatic-db cups lpr hpijs # ~43Mb
sudo apt-get remove --yes --purge gnome-games-common # ~33Mb
sudo apt-get remove --yes --purge samba-common # ~14Mb
sudo apt-get remove --yes --purge gnumeric* # ~28Mb
sudo apt-get remove --yes --purge tango-icon-theme # ~4Mb
sudo apt-get remove --yes --purge sane* # ~12Mb
# We don't need movie player but burning CD is good
sudo apt-get remove --yes --purge totem* # ~16Mb
sudo apt-get install brasero # ~+4Mb
sudo apt-get remove --yes --purge gcalctool # ~9Mb
sudo apt-get remove --yes --purge abiword* # ~21Mb
sudo apt-get remove --yes --purge cups-common # ~7Mb
sudo apt-get remove --yes --purge libgutenprint2 # ~7Mb
sudo apt-get remove --yes --purge orage # ~6Mb
sudo apt-get remove --yes --purge vinagre # ~6Mb
sudo apt-get remove --yes --purge exaile # ~6Mb
sudo apt-get remove --yes --purge yelp # ~9Mb
sudo apt-get remove --yes --purge gstreamer0.10-plugins-good # ~5Mb
sudo apt-get remove --yes --purge xulrunner-1.9.2 # ~25Mb
sudo apt-get remove --yes --purge gstreamer0.10-pulseaudio libasound2-plugins libpulse-browse0 libpulse-mainloop-glib0 alsa-base alsa-utils bluez-alsa bluez linux-sound-base cdparanoia gstreamer0.10-nice libavc1394-0 libiec61883-0 libjack0 libnice0 libpulse-browse0 libsamplerate0 libsdl1.2debian libsdl1.2debian-alsa libshout3 libspeex1 libspeexdsp1 libtag1-vanilla libtag1c2a libtagc0 libvisual-0.4-plugins libwavpack1 pulseaudio-esound-compat python-cddb python-mutagen aumix # ~22Mb
sudo apt-get remove --yes --purge xfce4-notes xfce4-mixer xfce4-clipman xfce4-dict # ~6Mb
sudo apt-get remove --yes --purge xubuntu-icon-theme # ~12Mb
sudo apt-get remove --yes --purge xfce4-appfinder apt-xapian-index # ~1Mb
sudo apt-get remove --yes --purge aptitude # ~16Mb
sudo apt-get remove --yes --purge libmagickcore2 libopenobex1 libgnome-bluetooth7 libbluetooth3 # ~12Mb
sudo apt-get remove --yes --purge gnome-doc-utils # ~4Mb
sudo apt-get remove --yes --purge libsmbclient # ~6Mb
sudo apt-get remove --yes --purge libgucharmap7 # ~4Mb
sudo apt-get remove --yes --purge libgtkmm-2.4-1c2a gnome-system-monitor # ~13Mb
sudo apt-get remove --yes --purge libgsl0ldbl # ~3Mb
sudo apt-get remove --yes --purge libgoffice* # ~7Mb
sudo apt-get remove --yes --purge libgtkmathview0c2a # ~3Mb
sudo apt-get remove --yes --purge libtelepathy-glib0 # ~1Mb
sudo apt-get remove --yes --purge a2ps brasero brasero-common dmz-cursor-theme dvd+rw-tools groff-base gstreamer0.10-alsa gstreamer0.10-x libcdio-cdda0 libcdio10 libcdparanoia0 libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libotr2 libwebkit-1.0-common python-gst0.10 wodim gstreamer0.10-plugins-base will be removed libbrasero-media0 libcdio-paranoia0 man-db xfprint4 # ~43Mb
sudo apt-get remove --yes --purge aumix bogofilter-common dictionaries-common docbook-xml esound-clients geoip-database ghostscript gnome-codec-install libcupscgi1 libcupsdriver1 libcupsmime1 libcupsppdc1 libgomp1 liblircclient0 xchat-common xcursor-themes xfce4-mailwatch-plugin xfce4-quicklancher-plugin xfce4-smartbookmark-plugin xfce4-volumed xfce4-weather-plugin # ~23Mb
Optional
sudo apt-get remove --yes --purge xfwm4-themes
sudo apt-get remove --yes --purge app-install-data # ~27Mb
sudo apt-get remove --yes --purge libwebkit-1.0-2
sudo apt-get remove --yes --purge aspell* hunspell* myspell* ubufox # ~26Mb
sudo apt-get remove --yes --purge xscreensaver # ~2Mb
sudo apt-get remove --yes --purge libgphoto2-2 # ~8Mb also removed gvfs-backends
sudo apt-get remove --yes --purge language-pack-gnome-en # ~24Mb
sudo apt-get remove --yes --purge gsfonts libfont-afm-perl libt1-5 ttf-dejavu-extra ttf-opensymbol ttf-unfonts-core # ~14Mb
sudo apt-get remove --yes --purge gnome-screensaver update-notifier compiz-fusion-plugins-extra gnome-orca samba-common
sudo apt-get remove --yes --purge ttf-indic-fonts-core ttf-kacst-one ttf-khmeros-core lao ttf-lyx ttf-punjabi-fonts ttf-takao-pgothic ttf-thai-tlwg ttf-wqy-microhei # ~21Mb
sudo apt-get remove --yes --purge update-manager-core # ~7Mb
sudo apt-get remove --yes --purge libsnmp # ~7Mb
sudo apt-get remove --yes --purge libgimp2.0 # ~4Mb
sudo apt-get autoremove
Search for other packages to remove with
dpkg-query --show --showformat='${Package;-50}\t${Installed-Size} ${Status}\n' | sort -k 2 -n | grep -v deinstall
Remove duplicate and unneeded libraries
rm signserver/lib/jaxws/jaxb-xjc.jar
ln -s /home/jboss/ejbca_3_10_4/lib/jaxws/jaxb-xjc.jar signserver/lib/jaxws/jaxb-xjc.jar
rm signserver/lib/jaxws/jaxb-impl.jar
ln -s /home/jboss/ejbca_3_10_4/lib/jaxws/jaxb-impl.jar signserver/lib/jaxws/
Building the distribution
Start Firefox and clean all history etc: Ctrl+Shift+Delete and then exit Firefox.
Clean everything and then copy files:
# Clean all caches
sudo su
apt-get clean
cd /home/jboss
rm .mozilla/firefox/88onqo92.default/urlclassifier3.sqlite
rm /var/cache/apt/pkgcache.bin
rm /var/cache/apt/srcpkgcache.bin
rm /var/cache/debconf/config.dat-old
rm /var/cache/debconf/templates.dat-old
# Clean JBoss
rm jboss/server/default/log/*
rm jboss/server/default/work/* -rf
rm jboss/server/default/tmp/* -rf
# Clean built files
rm signserver/build -rf
rm signserver/dist-server/signserver.ear
rm signserver/dist-server/signserver-ejb.jar
rm signserver/dist-server/*.war
rm signserver/dist-server/*-module.jar
rm signserver/tmp/ -rf
rm signserver/modules/SignServer-AdminGUI/build -rf
rm signserver/modules/SignServer-Module-MRTDSODSigner/dist/SignServer-Module-MRTDSODSigner.jar
rm signserver/modules/SignServer-Module-Renewal/dist/SignServer-Module-Renewal.jar
rm signserver/modules/SignServer-ejb-SignServerWS/dist/SignServer-ejb-SignServerWS.jar
rm signserver/modules/SignServer-Module-PDFSigner/dist/SignServer-Module-PDFSigner.jar
rm signserver/modules/SignServer-Module-CMSSigner/dist/SignServer-Module-CMSSigner.jar
rm signserver/modules/SignServer-Module-XMLSigner/dist/SignServer-Module-XMLSigner.jar
rm signserver/modules/SignServer-Module-OOXMLSigner/dist/SignServer-Module-OOXMLSigner.jar
rm signserver/modules/SignServer-Module-TSA/dist/SignServer-Module-TSA.jar
rm signserver/modules/SignServer-Module-Log4j/dist/SignServer-Module-Log4j.jar
rm signserver/modules/SignServer-Module-MRTDSigner/dist/SignServer-Module-MRTDSigner.jar
rm signserver/modules/SignServer-Module-XMLValidator/dist/SignServer-Module-XMLValidator.jar
rm signserver/modules/SignServer-ejb-ValidationWS/dist/SignServer-ejb-ValidationWS.jar
rm signserver/modules/SignServer-Module-WSRA/dist/wsra-module.jar
rm signserver/modules/SignServer-Module-WSRA/dist/SignServer-Module-WSRA.jar
rm signserver/modules/SignServer-Module-WSRA/dist/genericws-module-common.jar
rm signserver/modules/SignServer-Module-WSRA/dist/dummyws-module.jar
rm signserver/modules/SignServer-Module-ODFSigner/dist/SignServer-Module-ODFSigner.jar
rm -rf signserver/modules/SignServer-ejb/build
rm -rf signserver/modules/SignServer-Module-MRTDSODSigner/build
rm -rf signserver/modules/SignServer-Module-Renewal/build
rm -rf signserver/modules/SignServer-ejb-SignServerWS/build
rm -rf signserver/modules/SignServer-Module-PDFSigner/build
rm -rf signserver/modules/SignServer-Module-CMSSigner/build
rm -rf signserver/modules/SignServer-Module-XMLSigner/build
rm -rf signserver/modules/SignServer-Module-OOXMLSigner/build
rm -rf signserver/modules/SignServer-Module-TSA/build
rm -rf signserver/modules/SignServer-Module-Log4j/build
rm -rf signserver/modules/SignServer-Module-MRTDSigner/build
rm -rf signserver/modules/SignServer-Client-SignServerWS/build
rm -rf signserver/modules/SignServer-Client-SigningAndValidationAPI/build
rm -rf signserver/modules/SignServer-Module-XMLValidator/build
rm -rf signserver/modules/SignServer-ejb-AdminWS/build
rm -rf signserver/modules/SignServer-ejb-ValidationWS/build
rm -rf signserver/modules/SignServer-Module-WSRA/build
rm -rf signserver/modules/SignServer-Module-ODFSigner/build
rm -rf signserver/modules/SignServer-AdminCLI/build
rm -rf signserver/modules/SignServer-Common/build
find . -name "dist" -exec rm -rf {} \;
find . -name ".svn" -exec rm -rf {} \;
rm ejbca/tmp -rf
rm ejbca/modules/ejbca-ejb/build-util/ -rf
rm ejbca/modules/dist/ejbcaws.war
rm ejbca/dist/*.war
rm ejbca/dist/ejbca.ear
rm ejbca/dist/ejbca-ejb.jar
rm ejbca/dist/ejbca-util.jar
# Copy user data
sudo rm /etc/skel/* -r
sudo rm /etc/skel/.mozilla -r
sudo rm /etc/skel/.config -r
sudo cp -r /home/jboss/Desktop /etc/skel/
sudo cp -r /home/jboss/.mozilla /etc/skel/
sudo cp -r /home/jboss/.config /etc/skel/ # You probably only want .config/autostart here
sudo cp -r /home/jboss/ejbca_4_0_3 /etc/skel/
sudo cp -r /home/jboss/ejbca /etc/skel/
sudo cp -r /home/jboss/ejbca-custom /etc/skel/
sudo cp -r /home/jboss/jboss-5.1.0.GA /etc/skel/
sudo cp -r /home/jboss/jboss /etc/skel/
sudo cp -r /home/jboss/signserver-trunk /etc/skel/
sudo cp -r /home/jboss/signserver /etc/skel/
sudo cp -r /home/jboss/bin /etc/skel/
sudo cp -r /home/jboss/info /etc/skel/
sudo cp /home/jboss/Download/sample.* /etc/skel/.
sudo chown -R root:root /etc/skel/*
sudo chown -R root:root /etc/skel/.*
# Check disk space usage
df -B 1M
# Used 2048 in /
Build
sudo su
cd
remastersys dist
Copy the created iso and checksum files to the host system.
Clean remastersys
remastersys clean
Test the ISO
- Booting using virtual machine manager
- Run the SignServer tests
cd signserver
ant test:run
firefox TODO-Test-results-URL
Run the EJBCA tests
cd ../ejbca
#Change productionmode to false in ejbca-custom/conf/ejbca.properties
ant test:run
firefox TODO-Test-results-URL1
firefox TODO-Test-results-URL2
Note: some of the system tests will fail as the hostname is "livecd"
Burn to CD-RW and test on multiple different computers.
Test smart card.
Test installation.
Troubleshooting
The LiveDVD will deny user login if it runs out of memory (1512M worked for me) or any dir in /etc/skel/ is not owned by root.
Also EJBCA and SignServer will fail to deploy if JBoss runs out of memory.
