I think everything's working...

* Octopus changes
* Change how things start a little (hopefully cleaner)
* Fix bubblebabble bug
* other junk, I don't know

mcp/bin/addteam

@@ -15,6 +15,9 @@ set -C
 base=${CTF_BASE:-/var/lib/ctf}
 www=${CTF_BASE:-/var/www}
 
+mkdir -p $base/teams/names
+mkdir -p $base/teams/colors
+
 # Assign a color.  I spent two days selecting this color pallette for
 # people with protanopia.  Please don't change these colors.
 nteams=$(ls $base/teams/names/ | wc -l)

mcp/mcp.mk

@@ -4,8 +4,6 @@ MCP_PACKAGE = mcp.pkg
 mcp-install: mcp-build
 	mkdir -p $(MCP_PKGDIR)
 
-	cp mcp/setup $(MCP_PKGDIR)
-
 	$(call COPYTREE, mcp/bin, $(MCP_PKGDIR)/bin)
 	cp mcp/src/in.tokend $(MCP_PKGDIR)/bin/
 	cp mcp/src/tokencli $(MCP_PKGDIR)/bin/
@@ -14,6 +12,8 @@ mcp-install: mcp-build
 
 	$(call COPYTREE, mcp/service, $(MCP_PKGDIR)/service)
 
+	$(call COPYTREE, mcp/tokend.keys, $(MCP_PKGDIR)/tokend.keys)
+
 	$(call COPYTREE, mcp/www, $(MCP_PKGDIR)/www)
 	cp mcp/src/puzzler.cgi $(MCP_PKGDIR)/www/
 	cp mcp/src/claim.cgi $(MCP_PKGDIR)/www/
@@ -24,7 +24,7 @@ mcp-test: mcp-build
 	mcp/test.sh
 
 mcp-clean:
-	rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE)
+	rm -rf $(MCP_PKGDIR) $(MCP_PACKAGE) mcp-install
 	$(MAKE) -C mcp/src clean
 
 mcp-build:

mcp/service/eth0/run

@@ -1,5 +1,7 @@
 #! /bin/sh -e
 
+hostname mcp
+
 ifconfig eth0 10.0.0.1 netmask 255.0.0.0
 
 exec inotifyd true $(pwd):x

mcp/service/httpd/run

@@ -0,0 +1,21 @@
+#! /bin/sh
+
+mkdir -p /var/www
+cd /var/www
+
+# Link in puzzles and web pages
+for d in /opt/*; do
+    if [ -d $d/puzzles ]; then
+        ln -s $d/puzzles $(basename $d)
+    fi
+    if [ -d $d/www ]; then
+        ln -s $d/www/* .
+    fi
+done
+
+exec thttpd -D \
+    -nos \
+    -u ctf \
+    -c "**.cgi" \
+    -T "utf-8"
+

mcp/service/mathopd/run

@@ -1,3 +0,0 @@
-#! /bin/sh
-
-exec mathopd -n -f ./mathopd.conf >> /var/log/mathopd.log 2>> /var/log/mathopd.error.log

mcp/service/pointsd/run

@@ -1,4 +1,8 @@
 #! /bin/sh
 
 exec 2>&1
+
+install -o root -m 0644 /dev/null /var/lib/ctf/points.log
+install -o ctf -m 0755 -d /var/lib/ctf/points.new
+install -o ctf -m 0755 -d /var/lib/ctf/points.tmp
 exec ./pointsd

mcp/service/puzzled/run

@@ -2,8 +2,7 @@
 
 exec 2>&1
 
-# Give everybody a chance to mount
-sleep 5
+install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
 
 # Make an initial listing
 ./puzzled

mcp/service/tokend/run

@@ -1,4 +1,6 @@
 #! /bin/sh
 
 exec 2>&1
+install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
+install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
 exec tcpsvd -u ctf 0 1 /opt/mcp/bin/in.tokend

mcp/setup

@@ -1,21 +0,0 @@
-#! /bin/sh
-
-## Set up the MCP (Master Control Program) server
-
-hostname mcp
-
-
-cp -r service/* /var/service/
-cp -r www /var/
-
-install -o ctf -m 0644 /dev/null /var/lib/ctf/tokens.db
-install -o ctf -m 0644 /dev/null /var/lib/ctf/claim.db
-install -o ctf -m 0644 /dev/null /var/lib/ctf/puzzles.db
-install -o root -m 0644 /dev/null /var/lib/ctf/points.log
-
-install -o ctf -d /var/lib/ctf/points.new
-install -o ctf -d /var/lib/ctf/points.tmp
-install -o root -d /var/lib/ctf/teams/names
-install -o root -d /var/lib/ctf/teams/colors
-install -o root -d /var/lib/ctf/token.keys
-

mcp/src/common.c

@@ -282,27 +282,32 @@ fgrepx(char const *needle, char const *filename)
   return found;
 }
 
-int32_t
-my_random()
+void
+urandom(char *buf, size_t buflen)
 {
-  static int urandom = -2;
-  int        len;
-  int32_t    ret;
+  static int fd = -2;
 
-  if (-2 == urandom) {
-    urandom = open("/dev/urandom", O_RDONLY);
+  if (-2 == fd) {
     srandom(time(NULL) * getpid());
+    fd = open("/dev/urandom", O_RDONLY);
   }
-  if (-1 == urandom) {
-    return (int32_t)random();
+  if (-1 != fd) {
+    int len;
+
+    len = read(fd, buf, buflen);
+    if (len == buflen) {
+      return;
+    }
   }
 
-  len = read(urandom, &ret, sizeof(ret));
-  if (len != sizeof(ret)) {
-    return (int32_t)random();
-  }
+  /* Fall back to libc's crappy thing */
+  {
+    int i;
 
-  return ret;
+    for (i = 0; i < buflen; i += 1) {
+      buf[i] = (char)random();
+    }
+  }
 }
 
 int

mcp/src/common.h

@@ -6,7 +6,7 @@
 
 #define TEAM_MAX 40
 #define CAT_MAX 40
-#define TOKEN_MAX 40
+#define TOKEN_MAX 80
 
 
 int cgi_init(char *global_argv[]);
@@ -18,7 +18,7 @@ void cgi_error(char *fmt, ...);
 
 
 int fgrepx(char const *needle, char const *filename);
-int32_t my_random();
+void urandom(char *buf, size_t buflen);
 int my_snprintf(char *buf, size_t buflen, char *fmt, ...);
 char *state_path(char const *fmt, ...);
 char *package_path(char const *fmt, ...);

mcp/src/in.tokend.c

@@ -13,7 +13,7 @@
 #include "common.h"
 #include "arc4.h"
 
-#define itokenlen 3
+#define itokenlen 5
 
 char const consonants[] = "bcdfghklmnprstvz";
 char const vowels[]     = "aeiouy";
@@ -31,7 +31,9 @@ char const vowels[]     = "aeiouy";
  *     `Pineapple'       `xigak-nyryk-humil-bosek-sonax'
  */
 void
-bubblebabble(char *out, char const *in, const size_t inlen)
+bubblebabble(unsigned char *out,
+             unsigned char const *in,
+             const size_t inlen)
 {
   size_t pos  = 0;
   int    seed = 1;
@@ -70,38 +72,40 @@ bubblebabble(char *out, char const *in, const size_t inlen)
 int
 main(int argc, char *argv[])
 {
-  char    service[50];
-  size_t  servicelen;
-  char    token[80];
+  char    category[CAT_MAX];
+  size_t  categorylen;
+  char    token[TOKEN_MAX];
   size_t  tokenlen;
   uint8_t key[256];
   size_t  keylen;
 
-  /* Read service name. */
+  /* Read category name. */
   {
     ssize_t len;
 
-    len = read(0, service, sizeof(service));
+    len = read(0, category, sizeof(category));
     if (0 >= len) return 0;
-    for (servicelen = 0;
-         (servicelen < len) && isalnum(service[servicelen]);
-         servicelen += 1);
+    for (categorylen = 0;
+         (categorylen < len) && isalnum(category[categorylen]);
+         categorylen += 1);
   }
 
-  /* Read in that service's key. */
+  /* Read in that category's key. */
   {
     int fd;
     int ret;
 
-    fd = open(package_path("mcp/tokend.keys/%.*s", (int)servicelen, service), O_RDONLY);
+    fd = open(package_path("mcp/tokend.keys/%.*s", (int)categorylen, category), O_RDONLY);
     if (-1 == fd) {
-      perror("Open key");
+      fprintf(stderr, "Open key %.*s: %s\n",
+              (int)categorylen, category, strerror(errno));
       return 0;
     }
 
     ret = read(fd, &key, sizeof(key));
     if (-1 == ret) {
-      perror("Read key");
+      fprintf(stderr, "Read key %.*s: %s\n",
+              (int)categorylen, category, strerror(errno));
       return 0;
     }
     keylen = (size_t)ret;
@@ -111,9 +115,10 @@ main(int argc, char *argv[])
 
   /* Send a nonce, expect it back encrypted */
   {
-    int32_t nonce = my_random();
+    int32_t nonce;
     int32_t enonce = 0;
 
+    urandom((char *)&nonce, sizeof(nonce));
     write(1, &nonce, sizeof(nonce));
     arc4_crypt_buffer(key, keylen, (uint8_t *)&nonce, sizeof(nonce));
     read(0, &enonce, sizeof(enonce));
@@ -125,16 +130,18 @@ main(int argc, char *argv[])
 
   /* Create the token. */
   {
-    int32_t crap = my_random();
-    char    digest[bubblebabble_len(itokenlen)];
+    unsigned char crap[itokenlen];
+    unsigned char digest[bubblebabble_len(itokenlen)];
+
+    urandom((char *)crap, sizeof(crap));
 
     /* Digest some random junk. */
-    bubblebabble(digest, (char *)&crap, itokenlen);
+    bubblebabble(digest, (unsigned char *)&crap, itokenlen);
 
-    /* Append digest to service name. */
+    /* Append digest to category name. */
     tokenlen = (size_t)snprintf(token, sizeof(token),
                                "%.*s:%s",
-                                (int)servicelen, service, digest);
+                                (int)categorylen, category, digest);
   }
 
   /* Write that token out now. */

mcp/src/tokencli.c

@@ -1 +1 @@
-../../tokencli/src/tokencli.c
+../../tokens/src/tokencli.c

octopus/octopus.mk

@@ -6,6 +6,8 @@ octopus-install: octopus-build
 
 	$(call COPYTREE, octopus/service, $(OCTOPUS_PKGDIR)/service)
 
+	$(call COPYTREE, octopus/tokens, $(OCTOPUS_PKGDIR)/tokens)
+
 	cp octopus/src/octopus $(OCTOPUS_PKGDIR)/bin/
 
 octopus-clean:

octopus/src/octopus.c

@@ -20,10 +20,10 @@
 #define max(a,b) (((a)>(b))?(a):(b))
 #endif
 
-uint8_t const key[] = {0x7d, 0x47, 0x84, 0x28,
-                       0x09, 0x87, 0xb5, 0xd2,
-                       0xd8, 0xab, 0x1c, 0xf3,
-                       0xf2, 0x96, 0xd6, 0x68};
+uint8_t const key[] = {0x99, 0x5f, 0xcb, 0xde,
+                       0xf9, 0x6d, 0x02, 0xf3,
+                       0x47, 0x60, 0x0a, 0xe0,
+                       0x0a, 0x25, 0x4d, 0x16};
 
 char const octopus[] =
   ("                        ___\n"
@@ -48,7 +48,7 @@ char const octopus[] =
 
 const char *friends[8] = {
   ("Help Olive Octopus visit all 8 of her friends to receive a prize!\n"
-   "Hurry though, things change quickly!\n"
+   "Hurry though, things change quickly in the ocean!\n"
    "Next friend: %08o\n"
    "%s"
    ),

octopus/tokens/octopus/category

@@ -0,0 +1 @@
+octopus

octopus/tokens/octopus/category.key

@@ -0,0 +1,2 @@
+
+Àñõ®¶'çå6Œ™²¤Y=

octopus/tokens/octopus/enc.key

@@ -0,0 +1,3 @@
+™_ËÞùmóG`
+à
+%M

puzzles/mkpuzzles

@@ -99,11 +99,3 @@ done
 
 sort -n $uanswers > $outdir/answers.txt
 rm $uanswers
-
-cat <<EOF > $outdir/setup
-#! /bin/sh
-
-mkdir -p /var/www
-ln -s /opt/$cat/puzzles /var/www/$cat
-EOF
-chmod +x $outdir/setup

pwnables/pwnables.mk

@@ -4,12 +4,10 @@ PWNABLES_PACKAGE = pwnables.pkg
 pwnables-install: pwnables-build
 	mkdir -p $(PWNABLES_PKGDIR)
 
-	cp pwnables/setup $(PWNABLES_PKGDIR)
-
 	mkdir -p $(PWNABLES_PKGDIR)/bin/
 	$(MAKE) -C pwnables/src install DESTDIR=$(CURDIR)/$(PWNABLES_PKGDIR)
 
-	$(call COPYTREE, pwnables/tokencli, $(PWNABLES_PKGDIR)/tokencli)	
+	$(call COPYTREE, pwnables/tokens, $(PWNABLES_PKGDIR)/tokens)	
 
 	$(call COPYTREE, pwnables/service, $(PWNABLES_PKGDIR)/service)
 

pwnables/service/eth0.pwn/run

@@ -0,0 +1,8 @@
+#! /bin/sh
+
+if ! [ -d /opt/mcp ]; then
+    hostname pwnables
+    ifconfig eth0 10.1.1.2 netmask 255.0.0.0
+fi
+
+exec inotifyd true $(pwd):x

pwnables/service/pwnables/run

@@ -1,3 +1,38 @@
 #! /bin/sh -e
 
+# Set up chroot environment
+# We never umount any of this since it's all just in RAM
+mkdir -p /mnt/pwnables-root
+grep -q pwnables-root /proc/mounts || mount -o bind / /mnt/pwnables-root
+grep -q pwnables-var /proc/mounts  || mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
+grep -q pwnables-tmp /proc/mounts  || mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
+grep -q pwnables-home /proc/mounts || mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
+
+# Make some skeleton junk
+install -o root -m 0755 -d /mnt/pwnables-root/var/lib
+install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
+install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
+install -o root -m 0755 -d /mnt/pwnables-root/var/log
+install -o root -m 0755 -d /mnt/pwnables-root/var/spool
+install -o root -m 0755 -d /mnt/pwnables-root/var/cache
+install -o root -m 0777 -d /mnt/pwnables-root/var/run
+install -o root -m 0777 -d /mnt/pwnables-root/var/cache
+
+# Install the pwnables
+install -o root -d /mnt/pwnables-root/home/alice/
+install -o bob -m 0111 /opt/pwnables/bin/gimmie /mnt/pwnables-root/home/alice/
+
+# ltrace needs to read the binary
+install -o bob -m 0555 /opt/pwnables/bin/ltraceme /mnt/pwnables-root/home/alice/
+
+# straceme and killme need to be suid, to prevent LD_PRELOAD
+install -o bob -m 04111 /opt/pwnables/bin/straceme /mnt/pwnables-root/home/alice/
+install -o bob -m 04111 /opt/pwnables/bin/killme /mnt/pwnables-root/home/alice/
+    
+# Set up links for tokens
+mkdir -p /var/lib/ctf/tokens
+for puzzle in gimmie ltraceme straceme killme; do
+    ln -sf /mnt/pwnables-root/var/lib/ctf/tokens/$puzzle /var/lib/ctf/tokens/$puzzle
+done
+
 exec tcpsvd -C 5:"Let's not be greedy" 0 23 /sbin/telnetd -l ./pwnie

pwnables/setup

@@ -1,38 +0,0 @@
-#! /bin/sh
-
-if [ ! -d /opt/mcp ]; then
-    hostname pwnables
-fi
-
-# Set up a chroot environment by duplicating the base
-# image
-if [ ! -x /mnt/pwnables-root/bin/busybox ]; then
-    mkdir -p /mnt/pwnables-root
-    mount -o bind / /mnt/pwnables-root
-    mount -t tmpfs -o size=5m,mode=0755 pwnables-var /mnt/pwnables-root/var
-    mount -t tmpfs -o size=15k pwnables-tmp /mnt/pwnables-root/tmp
-    mount -t tmpfs -o size=5m pwnables-home /mnt/pwnables-root/home
-
-    # Make some skeleton junk
-    install -o root -m 0755 -d /mnt/pwnables-root/var/lib
-    install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf
-    install -o root -m 0755 -d /mnt/pwnables-root/var/lib/ctf/tokens
-    install -o root -m 0755 -d /mnt/pwnables-root/var/log
-    install -o root -m 0755 -d /mnt/pwnables-root/var/spool
-    install -o root -m 0755 -d /mnt/pwnables-root/var/cache
-    install -o root -m 0777 -d /mnt/pwnables-root/var/run
-    install -o root -m 0777 -d /mnt/pwnables-root/var/cache
-
-    # Install the pwnables
-    install -o root -d /mnt/pwnables-root/home/alice/
-    install -o bob -m 0111 bin/gimmie /mnt/pwnables-root/home/alice/
-
-    # ltrace needs to read the binary
-    install -o bob -m 0555 bin/ltraceme /mnt/pwnables-root/home/alice/
-
-    # straceme and killme need to be suid, to prevent LD_PRELOAD
-    install -o bob -m 04111 bin/straceme /mnt/pwnables-root/home/alice/
-    install -o bob -m 04111 bin/killme /mnt/pwnables-root/home/alice/
-fi
-
-cp -r service/* /var/service/

pwnables/src/gimmie.c

@@ -16,7 +16,7 @@ main(int argc, char *argv[])
                         key, sizeof(key),
                         token, sizeof(token) - 1);
   if (-1 == tokenlen) {
-    write(1, "Something's broken: I can't read my token.\n", 43);
+    write(1, "Something is broken\nI can't read my token.\n", 43);
     return 69;
   }
 

pwnables/src/killme.c

@@ -71,6 +71,13 @@ main(int argc, char *argv[])
     tokenlen = read_token("killme",
                           key, sizeof(key),
                           token, sizeof(token) - 1);
+    if (-1 == tokenlen) {
+      write(1, "Something is broken\nI can't read my token.\n", 43);
+      return 69;
+    }
+    token[tokenlen++] = '\n';
+
+    write(1, token, tokenlen);
   }
 
   return 0;

pwnables/src/ltraceme.c

@@ -42,7 +42,7 @@ main(int argc, char *argv[])
                         key, sizeof(key),
                         token, sizeof(token) - 1);
   if (-1 == tokenlen) {
-    printf("Unable to read token.\n");
+    write(1, "Something is broken\nI can't read my token.\n", 43);
     return 1;
   }
   token[tokenlen++] = '\0';

pwnables/src/straceme.c

@@ -80,10 +80,12 @@ main(int argc, char *argv[])
 
     tokenlen = read_token(cat,
                           key, sizeof(key),
-                          token, sizeof(token));
+                          token, sizeof(token) - 1);
     if (-1 == tokenlen) {
-      return EX_NOINPUT;
+      write(1, "Something is broken\nI can't read my token.\n", 43);
+      return 69;
     }
+    token[tokenlen++] = '\n';
 
     write(1, token, tokenlen);
   }

pwnables/tokens/killme/category

@@ -0,0 +1 @@
+pwnables

pwnables/tokens/killme/category.key

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

pwnables/tokens/killme/enc.key

@@ -0,0 +1 @@
+Q<EFBFBD>m<EFBFBD>!ј<>И	<09>ІЈА F

pwnables/tokens/ltraceme/category

@@ -0,0 +1 @@
+pwnables

pwnables/tokens/ltraceme/category.key

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

pwnables/tokens/straceme/category

@@ -0,0 +1 @@
+pwnables

pwnables/tokens/straceme/category.key

@@ -0,0 +1 @@
+<EFBFBD><EFBFBD>t322<EFBFBD>/<2F>0<EFBFBD>g<EFBFBD><67>ji

tokencli/service/tokengetd/run

@@ -1,4 +0,0 @@
-#! /bin/sh
-
-exec 2>&1
-exec ./tokengetd

tokencli/service/tokengetd/tokengetd

@@ -1,18 +0,0 @@
-#! /bin/sh
-
-chat=/tmp/tokencli.chatter
-token=/tmp/tokencli.token
-trap "rm -f $chat $token" 0
-
-mkfifo -m 0500 $chat $token
-
-while true; do
-    for dn in /opt/*/tokencli/*; do
-        [ -d $dn ] || continue
-        puzzle=$(basename $dn)
-        category=$(cat $dn/category)
-        nc 10.0.0.1 1 < $fifo | tokencli $category $dn/category.key > $fifo 3> $token
-        arc4 $dn/enc.key < $token > /var/lib/ctf/tokens/$category
-    done
-    sleep 60
-done

tokencli/setup

@@ -1,3 +0,0 @@
-#! /bin/sh
-
-cp -r service/* /var/service

tokencli/tokencli.mk

@@ -1,21 +0,0 @@
-TOKENCLI_PKGDIR = build/tokencli
-TOKENCLI_PACKAGE = tokencli.pkg
-
-tokencli-install: tokencli-build
-	mkdir -p $(TOKENCLI_PKGDIR)/bin/
-
-	$(call COPYTREE, tokencli/service, $(TOKENCLI_PKGDIR)/service)
-
-	cp tokencli/setup $(TOKENCLI_PKGDIR)/
-
-	cp tokencli/src/tokencli $(TOKENCLI_PKGDIR)/bin/
-	cp tokencli/src/arc4 $(TOKENCLI_PKGDIR)/bin/
-
-tokencli-clean:
-	rm -rf $(TOKENCLI_PKGDIR) $(TOKENCLI_PACKAGE)
-	$(MAKE) -C tokencli/src clean
-
-tokencli-build:
-	$(MAKE) -C tokencli/src build
-
-PACKAGES += tokencli

tokens/service/tokens/run

@@ -0,0 +1,5 @@
+#! /bin/sh
+
+exec 2>&1
+install -o root -m 0755 -d /var/lib/ctf/tokens
+exec ./tokens

tokens/service/tokens/tokens

@@ -0,0 +1,13 @@
+#! /bin/sh
+
+while true; do
+    for dn in /opt/*/tokens/*; do
+        [ -d $dn ] || continue
+        puzzle=$(basename $dn)
+        category=$(cat $dn/category)
+        busybox nc 10.0.0.1 1 \
+            -e /opt/tokens/bin/tokencli $category $dn/category.key 3>&1 | \
+            /opt/tokens/bin/arc4 $dn/enc.key > /var/lib/ctf/tokens/$puzzle
+    done
+    sleep 60
+done

tokens/setup

@@ -1,3 +1,4 @@
 #! /bin/sh
 
+cp -r service/* /var/service
 mkdir -p /var/lib/ctf/tokens

tokens/src/Makefile

@@ -5,4 +5,4 @@ arc4: arc4.o arc4-main.o
 tokencli: tokencli.o arc4.o
 
 clean:
-	rm *.o tokencli
+	rm -f *.o tokencli arc4

tokens/tokens.mk

@@ -0,0 +1,21 @@
+TOKENS_PKGDIR = build/tokens
+TOKENS_PACKAGE = tokens.pkg
+
+tokens-install: tokens-build
+	mkdir -p $(TOKENS_PKGDIR)/bin/
+
+	$(call COPYTREE, tokens/service, $(TOKENS_PKGDIR)/service)
+
+	cp tokens/setup $(TOKENS_PKGDIR)/
+
+	cp tokens/src/tokencli $(TOKENS_PKGDIR)/bin/
+	cp tokens/src/arc4 $(TOKENS_PKGDIR)/bin/
+
+tokens-clean:
+	rm -rf $(TOKENS_PKGDIR) $(TOKENS_PACKAGE)
+	$(MAKE) -C tokens/src clean
+
+tokens-build:
+	$(MAKE) -C tokens/src build
+
+PACKAGES += tokens