#!/bin/bash # Failsafe minimal text-mode firstboot # Welcome if [ "x$1" = "x--help" ]; then echo "Failsafe minimal text-mode firstboot" echo "For unattended mode use: $0 " exit 0 fi echo "########################################################" echo " Welcome to `cat /etc/qubes-release`" echo "########################################################" echo echo "This is failsafe text-mode firstboot. If you see this message, you have" echo "some problem with Xorg (most probably video driver)" echo echo "Anyway, some basic setup is needed to continue:" # User creation echo echo "1. Setup user account" exists=0 user=$1 while [ -z "$user" ]; do echo -n "Enter desired username (may already exist): " read user if echo "$user" | grep -q "[^a-z0-9]"; then echo "ERROR: Invalid characters in username, try again" user= elif id $user > /dev/null 2>&1; then if [ $(id -u ${user}) -ge 1000 ] && id -n -G ${user} | grep -q qubes; then echo "OK: Using an existing user: \"${user}\"" exists=1 break fi echo "ERROR: This user already exists or is not suitable. Please try again" user= else break fi done if [ ${exists} -eq 0 ]; then useradd -G qubes -m "$user" || exit 1 if [ -n "$2" ]; then echo -e "$2\n$2" | passwd --stdin "$user" else while ! passwd "$user"; do true; done fi fi # Create default VMs echo echo "2. Create default VMs" echo echo "Choose one option:" echo " 1. Create default service VMs, and pre-defined AppVMs (personal, work, untrusted, vault)" echo " 2. Just create default service VMs" echo " 3. Do not create any VMs right now, but configure template(s)" echo " 4. Do not do anything (not recommended, for advanced users only)" vms_option=$3 while true; do if [ -z "$vms_option" ]; then echo -n "Enter your choice (1/2/3/4): " read vms_option fi if [ "$vms_option" == "1" ]; then vms_template=yes vms_service=yes vms_app=yes break elif [ "$vms_option" == "2" ]; then vms_template=yes vms_service=yes break elif [ "$vms_option" == "3" ]; then vms_template=yes break elif [ "$vms_option" == "4" ]; then break else echo "ERROR: Invalid choice, try again" vms_option= fi done set -e for service in rdisc kdump libvirt-guests salt-minion; do systemctl disable ${service}.service || : systemctl stop ${service}.service || : done if [ "$vms_template" == "yes" ]; then for template in `ls /var/lib/qubes/vm-templates`; do echo "-> Configuring template $template..." qvm-start --no-guid $template su -g "qubes" -c "qvm-sync-appmenus $template" - $user qvm-shutdown --wait $template done qubes-prefs --set default-template 'fedora-26' fi if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then echo "-> Configuring Qubes OS management framework..." if test -e /var/log/salt/minion; then mv /var/log/salt/minion /var/log/salt/minion.install || : fi qubesctl saltutil.clear_cache -l quiet --out quiet qubesctl saltutil.sync_all -l quiet --out quiet fi states=() if [ "$vms_service" == "yes" ]; then states=("${states[@]}" qvm.sys-net qvm.sys-firewall) fi if [ "$vms_app" == "yes" ]; then states=("${states[@]}" qvm.personal qvm.work qvm.untrusted qvm.vault) fi if [ "$vms_service" == "yes" -o "$vms_app" == "yes" ]; then for state in "${states[@]}"; do echo "-> Requesting creation of VM: ${state#qvm.}" qubesctl top.enable "${state}" -l quiet --out quiet done echo "-> Creating VMs" qubesctl "state.highstate" fi if [ "$vms_service" == "yes" ]; then echo "--> Configuring service VMs" default_netvm="sys-net" default_firewallvm="sys-firewall" su -g "qubes" -c "qvm-prefs --set ${default_firewallvm} netvm ${default_netvm}" - $user su -g "qubes" -c "qubes-prefs --set default-netvm ${default_firewallvm}" - $user su -g "qubes" -c "qubes-prefs --set updatevm ${default_firewallvm}" - $user su -g "qubes" -c "qubes-prefs --set clockvm ${default_netvm}" - $user echo "-> Starting network..." service qubes-netvm start # DispVM creation fails with the following error message, most likely due to missing $DISPLAY: # "Cannot start qubes-guid!" #echo "-> Creating DispVM savefile (can take long time)..." #su -g "qubes" -c "/usr/bin/qvm-create-default-dvm --default-template --default-script" - $user || : fi echo "-> Done."