qubes-linux-template-builder/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip

#!/bin/bash

. /usr/lib/whonix/utility_functions

if [ "${WHONIX}" == "gateway" ]; then
    if [ -x /usr/sbin/xenstore-read ]; then
        XENSTORE_READ="/usr/sbin/xenstore-read"
    else
        XENSTORE_READ="/usr/bin/xenstore-read"
    fi

    INTERFACE="eth1"
    ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)

    # Create a dummy eth1 interface so tor can bind to it if there
    # are no DOMU virtual machines connected at the moment
    ip link show ${INTERFACE} >> /dev/null || {
        /sbin/ip link add ${INTERFACE} type dummy

        # Now, assign it the netvm-gateway IP address
        if [ x${ip} != x ]; then
            netmask=$(${XENSTORE_READ} qubes-netvm-netmask)
            gateway=$(${XENSTORE_READ} qubes-netvm-gateway)
            /sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255
            /sbin/ifconfig ${INTERFACE} up
            /sbin/ethtool -K ${INTERFACE} sg off || true
            /sbin/ethtool -K ${INTERFACE} tx off || true
        fi

        ip link set ${INTERFACE} up
    }
fi

if [ "${WHONIX}" != "template" ]; then
    # Files that will have the immutable bit set 
    # since we don't want them modified by other programs
    IMMUTABLE_FILES=( 
        '/etc/resolv.conf'
        '/etc/hostname'
        '/etc/hosts'
    )

    # Make sure all .anondist files in list are immutable
    immutableFilesEnable "${IMMUTABLE_FILES}"
    immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"

    # Make sure we are using a copy of the annondist file and if not
    # copy the annondist file and set it immutable
    copyAnondist "/etc/resolv.conf"
    copyAnondist "/etc/hosts"
    copyAnondist "/etc/hostname"

    # Replace IP addresses in known configuration files / scripts to 
    # currently discovered one
    /usr/lib/whonix/replace-ips

    # Make sure hostname is correct
    /bin/hostname host

    # Start Whonix Firewall
    if [ "${WHONIX}" == "gateway" ]; then
        export INT_IF="vif+"
        export INT_TIF="vif+"
    fi
    /usr/bin/whonix_firewall

    if [ "${WHONIX}" == "gateway" ]; then
        # Route any traffic FROM netvm TO netvm BACK-TO localhost
        # Allows localhost access to tor network
        iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
    fi

    # Make sure we remove whonixsetup.done if Tor is not enabled
    # to allow choice of repo and prevent whonixcheck errors
    grep "^DisableNetwork 0$" /etc/tor/torrc || {
	rm -f /var/lib/whonix/do_once/whonixsetup.done
    }
fi
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00			`#!/bin/bash`
Debian Wheezy template addition and refactoring to allow Whonix TEMPLATE_FLAVOR 2014-10-14 16:02:12 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`. /usr/lib/whonix/utility_functions`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`if [ "${WHONIX}" == "gateway" ]; then`
			`if [ -x /usr/sbin/xenstore-read ]; then`
			`XENSTORE_READ="/usr/sbin/xenstore-read"`
			`else`
			`XENSTORE_READ="/usr/bin/xenstore-read"`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00			`fi`
Added initial configuration dialog setup for whonix-gateway 2014-10-29 16:53:35 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`INTERFACE="eth1"`
			`ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)`

			`# Create a dummy eth1 interface so tor can bind to it if there`
			`# are no DOMU virtual machines connected at the moment`
			`ip link show ${INTERFACE} >> /dev/null \|\| {`
			`/sbin/ip link add ${INTERFACE} type dummy`

			`# Now, assign it the netvm-gateway IP address`
			`if [ x${ip} != x ]; then`
			`netmask=$(${XENSTORE_READ} qubes-netvm-netmask)`
			`gateway=$(${XENSTORE_READ} qubes-netvm-gateway)`
			`/sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255`
			`/sbin/ifconfig ${INTERFACE} up`
			`/sbin/ethtool -K ${INTERFACE} sg off \|\| true`
			`/sbin/ethtool -K ${INTERFACE} tx off \|\| true`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00			`fi`

Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`ip link set ${INTERFACE} up`
			`}`
			`fi`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`if [ "${WHONIX}" != "template" ]; then`
			`# Files that will have the immutable bit set`
			`# since we don't want them modified by other programs`
			`IMMUTABLE_FILES=(`
			`'/etc/resolv.conf'`
			`'/etc/hostname'`
			`'/etc/hosts'`
			`)`

			`# Make sure all .anondist files in list are immutable`
			`immutableFilesEnable "${IMMUTABLE_FILES}"`
			`immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"`

			`# Make sure we are using a copy of the annondist file and if not`
			`# copy the annondist file and set it immutable`
			`copyAnondist "/etc/resolv.conf"`
			`copyAnondist "/etc/hosts"`
			`copyAnondist "/etc/hostname"`

			`# Replace IP addresses in known configuration files / scripts to`
			`# currently discovered one`
			`/usr/lib/whonix/replace-ips`

			`# Make sure hostname is correct`
			`/bin/hostname host`

			`# Start Whonix Firewall`
			`if [ "${WHONIX}" == "gateway" ]; then`
			`export INT_IF="vif+"`
			`export INT_TIF="vif+"`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00			`fi`
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`/usr/bin/whonix_firewall`
More whonix-gateway tweaks. It should be working now 2014-10-25 16:49:49 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`if [ "${WHONIX}" == "gateway" ]; then`
			`# Route any traffic FROM netvm TO netvm BACK-TO localhost`
			`# Allows localhost access to tor network`
			`iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1`
Added initial configuration dialog setup for whonix-gateway 2014-10-29 16:53:35 +00:00			`fi`
Code cleanup - whonix* not tested 2014-10-28 08:09:55 +00:00
Whonix setup GUI now run on first start to allow configuration Added alternate for dialag (gdialog) so some of Whonix programs run Changed sudo permissions to fix umask and not use QT shared memory Changed whonix to use basic hosts file Added detection if template is active for updating Added startup code for tinyproxy Added code to disable uwt so apt-get can be used as proxy Created a python GUI Message Alert using yaml for messages (internationalization) 2014-11-02 21:14:36 +00:00			`# Make sure we remove whonixsetup.done if Tor is not enabled`
			`# to allow choice of repo and prevent whonixcheck errors`
			`grep "^DisableNetwork 0$" /etc/tor/torrc \|\| {`
			`rm -f /var/lib/whonix/do_once/whonixsetup.done`
			`}`
			`fi`