2016-04-10 04:00:00 +00:00
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# Failsafe minimal text-mode firstboot
|
|
|
|
|
|
|
|
# Welcome
|
|
|
|
|
|
|
|
if [ "x$1" = "x--help" ]; then
|
|
|
|
echo "Failsafe minimal text-mode firstboot"
|
|
|
|
echo "For unattended mode use: $0 <username> <userpass> <vm-creation-option-number>"
|
|
|
|
exit 0
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "########################################################"
|
|
|
|
echo " Welcome to `cat /etc/qubes-release`"
|
|
|
|
echo "########################################################"
|
|
|
|
echo
|
|
|
|
echo "This is failsafe text-mode firstboot. If you see this message, you have"
|
|
|
|
echo "some problem with Xorg (most probably video driver)"
|
|
|
|
echo
|
|
|
|
echo "Anyway, some basic setup is needed to continue:"
|
|
|
|
|
|
|
|
# User creation
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo "1. Setup user account"
|
|
|
|
exists=0
|
|
|
|
user=$1
|
|
|
|
while [ -z "$user" ]; do
|
|
|
|
echo -n "Enter desired username (may already exist): "
|
|
|
|
read user
|
|
|
|
if echo "$user" | grep -q "[^a-z0-9]"; then
|
|
|
|
echo "ERROR: Invalid characters in username, try again"
|
|
|
|
user=
|
|
|
|
elif id $user > /dev/null 2>&1; then
|
|
|
|
if [ $(id -u ${user}) -ge 1000 ] && id -n -G ${user} | grep -q qubes; then
|
|
|
|
echo "OK: Using an existing user: \"${user}\""
|
|
|
|
exists=1
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
echo "ERROR: This user already exists or is not suitable. Please try again"
|
|
|
|
user=
|
|
|
|
else
|
|
|
|
break
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
if [ ${exists} -eq 0 ]; then
|
|
|
|
useradd -G qubes -m "$user" || exit 1
|
|
|
|
if [ -n "$2" ]; then
|
|
|
|
echo -e "$2\n$2" | passwd --stdin "$user"
|
|
|
|
else
|
|
|
|
while ! passwd "$user"; do true; done
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
# Create default VMs
|
|
|
|
|
|
|
|
echo
|
|
|
|
echo "2. Create default VMs"
|
|
|
|
echo
|
|
|
|
echo "Choose one option:"
|
|
|
|
echo " 1. Create default service VMs, and pre-defined AppVMs (work, banking, personal, untrusted)"
|
|
|
|
echo " 2. Just create default service VMs"
|
|
|
|
echo " 3. Do not create any VMs right now, but configure template(s)"
|
|
|
|
echo " 4. Do not do anything (not recommended, for advanced users only)"
|
|
|
|
vms_option=$3
|
|
|
|
while true; do
|
|
|
|
if [ -z "$vms_option" ]; then
|
|
|
|
echo -n "Enter your choice (1/2/3/4): "
|
|
|
|
read vms_option
|
|
|
|
fi
|
|
|
|
if [ "$vms_option" == "1" ]; then
|
|
|
|
vms_template=yes
|
|
|
|
vms_service=yes
|
|
|
|
vms_app=yes
|
|
|
|
break
|
|
|
|
elif [ "$vms_option" == "2" ]; then
|
|
|
|
vms_template=yes
|
|
|
|
vms_service=yes
|
|
|
|
break
|
|
|
|
elif [ "$vms_option" == "3" ]; then
|
|
|
|
vms_template=yes
|
|
|
|
break
|
|
|
|
elif [ "$vms_option" == "4" ]; then
|
|
|
|
break
|
|
|
|
else
|
|
|
|
echo "ERROR: Invalid choice, try again"
|
|
|
|
vms_option=
|
|
|
|
fi
|
|
|
|
done
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
2016-06-05 22:51:38 +00:00
|
|
|
for service in rdisc kdump libvirt-guests salt-minion; do
|
2016-04-10 04:00:00 +00:00
|
|
|
systemctl disable ${service}.service || :
|
|
|
|
systemctl stop ${service}.service || :
|
|
|
|
done
|
|
|
|
|
2016-04-10 04:00:00 +00:00
|
|
|
if [ "$vms_template" == "yes" ]; then
|
|
|
|
for template in `ls /var/lib/qubes/vm-templates`; do
|
|
|
|
echo "-> Configuring template $template..."
|
|
|
|
qvm-start --no-guid $template
|
|
|
|
su -g "qubes" -c "qvm-sync-appmenus $template" - $user
|
|
|
|
qvm-shutdown --wait $template
|
|
|
|
done
|
|
|
|
|
|
|
|
qubes-prefs --set default-template 'fedora-23'
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then
|
|
|
|
echo "-> Configuring Qubes OS management framework..."
|
|
|
|
|
|
|
|
if test -e /var/log/salt/minion; then
|
|
|
|
mv /var/log/salt/minion /var/log/salt/minion.install || :
|
|
|
|
fi
|
|
|
|
|
2016-06-05 22:51:38 +00:00
|
|
|
qubesctl saltutil.sync_all -l quiet --out quiet
|
2016-04-10 04:00:00 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
states=()
|
|
|
|
|
|
|
|
if [ "$vms_service" == "yes" ]; then
|
|
|
|
states=("${states[@]}" qvm.sys-net qvm.sys-firewall)
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$vms_app" == "yes" ]; then
|
|
|
|
states=("${states[@]}" qvm.personal qvm.work qvm.untrusted qvm.vault)
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then
|
|
|
|
for state in "${states[@]}"; do
|
|
|
|
echo "-> Requesting creation of VM: ${state#qvm.}"
|
2016-06-05 22:51:38 +00:00
|
|
|
qubesctl top.enable "${state}" -l quiet --out quiet
|
2016-04-10 04:00:00 +00:00
|
|
|
done
|
|
|
|
|
|
|
|
echo "-> Creating VMs"
|
|
|
|
qubesctl "state.highstate"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ "$vms_service" == "yes" ]; then
|
|
|
|
echo "--> Configuring service VMs"
|
|
|
|
default_netvm="sys-net"
|
|
|
|
default_firewallvm="sys-firewall"
|
|
|
|
|
|
|
|
su -g "qubes" -c "qvm-prefs --set ${default_firewallvm} netvm ${default_netvm}" - $user
|
|
|
|
su -g "qubes" -c "qubes-prefs --set default-netvm ${default_firewallvm}" - $user
|
|
|
|
su -g "qubes" -c "qubes-prefs --set updatevm ${default_firewallvm}" - $user
|
|
|
|
su -g "qubes" -c "qubes-prefs --set clockvm ${default_netvm}" - $user
|
|
|
|
|
|
|
|
echo "-> Starting network..."
|
|
|
|
service qubes-netvm start
|
|
|
|
|
|
|
|
# DispVM creation fails with the following error message, most likely due to missing $DISPLAY:
|
|
|
|
# "Cannot start qubes-guid!"
|
|
|
|
#echo "-> Creating DispVM savefile (can take long time)..."
|
|
|
|
#su -g "qubes" -c "/usr/bin/qvm-create-default-dvm --default-template --default-script" - $user || :
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "-> Done."
|