From 1334b8ae50d30018caa44bdbe8ba4ee654e15c24 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 16 Oct 2014 12:03:05 -0400 Subject: [PATCH] Added colorized messages and changed scripts to use them Added a few more whonix replacement tweaks Updated umount_kill.sh to be able to umount directories that have been deleted Added a DEBUG feature to save / use already created debootstrap image to save time debugging --- functions.sh | 183 ++++++++++++++++++ prepare_image | 2 +- scripts_debian/00_prepare.sh | 12 +- scripts_debian/01_install_core.sh | 13 +- scripts_debian/02_install_groups.sh | 41 ++-- scripts_debian/04_install_qubes.sh | 26 +-- scripts_debian/09_cleanup.sh | 11 +- .../00_prepare_pre.sh | 1 + .../01_install_core_post.sh | 1 + .../99_custom_configuration.sh | 10 +- .../00_prepare_pre.sh | 1 + .../01_install_core_post.sh | 1 + .../custom_wheezy_whonix/00_prepare_pre.sh | 54 ++++++ .../01_install_core_post.sh | 38 ++++ .../02_install_groups_packages_installed.sh | 75 +++++-- .../04_install_qubes_post.sh | 8 +- scripts_debian/vars.sh | 101 +--------- umount_kill.sh | 18 +- 18 files changed, 435 insertions(+), 161 deletions(-) create mode 100755 functions.sh create mode 120000 scripts_debian/custom_wheezy_whonix-gateway/00_prepare_pre.sh create mode 120000 scripts_debian/custom_wheezy_whonix-gateway/01_install_core_post.sh create mode 120000 scripts_debian/custom_wheezy_whonix-workstation/00_prepare_pre.sh create mode 120000 scripts_debian/custom_wheezy_whonix-workstation/01_install_core_post.sh create mode 100755 scripts_debian/custom_wheezy_whonix/00_prepare_pre.sh create mode 100755 scripts_debian/custom_wheezy_whonix/01_install_core_post.sh diff --git a/functions.sh b/functions.sh new file mode 100755 index 0000000..0f93b7c --- /dev/null +++ b/functions.sh @@ -0,0 +1,183 @@ +################################################################################ +# Global functions +################################################################################ + +# ------------------------------------------------------------------------------ +# Define colors +# ------------------------------------------------------------------------------ +colors() { + ## Thanks to: + ## http://mywiki.wooledge.org/BashFAQ/037 + ## Variables for terminal requests. + [[ -t 2 ]] && { + export alt=$( tput smcup || tput ti ) # Start alt display + export ealt=$( tput rmcup || tput te ) # End alt display + export hide=$( tput civis || tput vi ) # Hide cursor + export show=$( tput cnorm || tput ve ) # Show cursor + export save=$( tput sc ) # Save cursor + export load=$( tput rc ) # Load cursor + export bold=$( tput bold || tput md ) # Start bold + export stout=$( tput smso || tput so ) # Start stand-out + export estout=$( tput rmso || tput se ) # End stand-out + export under=$( tput smul || tput us ) # Start underline + export eunder=$( tput rmul || tput ue ) # End underline + export reset=$( tput sgr0 || tput me ) # Reset cursor + export blink=$( tput blink || tput mb ) # Start blinking + export italic=$( tput sitm || tput ZH ) # Start italic + export eitalic=$( tput ritm || tput ZR ) # End italic + [[ $TERM != *-m ]] && { + export red=$( tput setaf 1|| tput AF 1 ) + export green=$( tput setaf 2|| tput AF 2 ) + export yellow=$( tput setaf 3|| tput AF 3 ) + export blue=$( tput setaf 4|| tput AF 4 ) + export magenta=$( tput setaf 5|| tput AF 5 ) + export cyan=$( tput setaf 6|| tput AF 6 ) + } + export white=$( tput setaf 7|| tput AF 7 ) + export default=$( tput op ) + export eed=$( tput ed || tput cd ) # Erase to end of display + export eel=$( tput el || tput ce ) # Erase to end of line + export ebl=$( tput el1 || tput cb ) # Erase to beginning of line + export ewl=$eel$ebl # Erase whole line + export draw=$( tput -S <<< ' enacs + smacs + acsc + rmacs' || { \ + tput eA; tput as; + tput ac; tput ae; } ) # Drawing characters + export back=$'\b' + } 2>/dev/null ||: + + export build_already_defined_colors="true" +} + +if [ ! "$build_already_defined_colors" = "true" ]; then + colors +fi + + +# ------------------------------------------------------------------------------ +# Display messages in color +# ------------------------------------------------------------------------------ +info() { + echo "${bold}${cyan}INFO: ${1}${reset}" +} + +debug() { + echo "${bold}${green}DEBUG: ${1}${reset}" +} + +warn() { + echo "${stout}${yellow}WARNING: ${1}${reset}" +} + +error() { + echo "${bold}${red}ERROR: ${1}${reset}" +} + + +# ------------------------------------------------------------------------------ +# Takes an array and exports it a global variable +# +# $1: Array to export +# $2: Global variable name to use for export +# +# http://ihaveabackup.net/2012/01/29/a-workaround-for-passing-arrays-in-bash/ +# +# ------------------------------------------------------------------------------ +setArrayAsGlobal() { + local array="$1" + local export_as="$2" + local code=$(declare -p "$array") + local replaced="${code/$array/$export_as}" + eval ${replaced/declare -/declare -g} +} + + +# ------------------------------------------------------------------------------ +# Spilts the path and returns an array of parts +# +# $1: Full path of file to split +# $2: Global variable name to use for export +# Returns: +# ([full]='original name' [dir]='directory' [base]='filename' [ext]='extension') +# +# Original concept path split from: +# https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash +# +# ------------------------------------------------------------------------------ +splitPath() { + + local return_global_var=$2 + local filename="${1##*/}" # Strip longest match of */ from start + local dir="${1:0:${#1} - ${#filename}}" # Substring from 0 thru pos of filename + local base="${filename%.[^.]*}" # Strip shortest match of . plus at least one non-dot char from end + local ext="${filename:${#base} + 1}" # Substring from len of base thru end + if [ "$ext" ]; then + local dotext=".$ext" + else + local dotext="" + fi + if [[ -z "$base" && -n "$ext" ]]; then # If we have an extension and no base, it's really the base + base=".$ext" + ext="" + dotext="" + fi + + declare -A PARTS=([full]="$1" [dir]="$dir" [base]="$base" [ext]="$ext" [dotext]="$dotext") + setArrayAsGlobal PARTS $return_global_var +} + + +# ------------------------------------------------------------------------------ +# Executes any additional optional configuration steps if the configuration +# scripts exist +# ------------------------------------------------------------------------------ +customStep() { + info "Checking for any custom $2 configuration scripts for $1..." + splitPath "$1" path_parts + + if [ "$2" ]; then + script_name="${path_parts[base]}_$2${path_parts[dotext]}" + else + script_name="${path_parts[base]}${path_parts[dotext]}" + fi + + if [ -n "${TEMPLATE_FLAVOR}" ]; then + script="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${script_name}" + else + script="$SCRIPTSDIR/custom_${DIST}/${script_name}" + fi + + if [ -f "$script" ]; then + echo "${bold}${under}INFO: Currently running script: ${script}${reset}" + "$script" + fi +} + + +# ------------------------------------------------------------------------------ +# Copy extra file tree to $INSTALLDIR +# ------------------------------------------------------------------------------ +copy_dirs() { + DIR="$1" + info "Entering Copy extra file tree to $INSTALLDIR..." + if [ -n "${TEMPLATE_FLAVOR}" ]; then + CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}" + else + CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}" + fi + + if [ -d "$CUSTOMDIR" ]; then + debug "Copying $CUSTOMDIR/* $INSTALLDIR..." + cp -rp "$CUSTOMDIR/"* "$INSTALLDIR" + elif [ -d "$SCRIPTSDIR/${DIR}" ]; then + debug "Copying $SCRIPTSDIR/${DIR}/* $INSTALLDIR" + cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR" + else + debug "No extra files to copy" + fi +} + +# $0 is module that sourced vars.sh +echo "${bold}${under}INFO: Currently running script: ${0}${reset}" diff --git a/prepare_image b/prepare_image index 09f98b0..bd4a4fa 100755 --- a/prepare_image +++ b/prepare_image @@ -38,6 +38,7 @@ echo "-> Preparing instalation of $DIST template..." # Mount image and install core OS # ------------------------------------------------------------------------------ export INSTALLDIR="$(readlink -m mnt)" +mkdir -p "$INSTALLDIR" if [ -f "$IMG" ]; then echo "-> Image file already exists, assuming *update*..." @@ -49,7 +50,6 @@ else mkfs.ext4 -q -F "$IMG" || exit 1 fi -mkdir -p "$INSTALLDIR" mount -o loop "$IMG" "$INSTALLDIR" || exit 1 trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT "$SCRIPTSDIR/01_install_core.sh" diff --git a/scripts_debian/00_prepare.sh b/scripts_debian/00_prepare.sh index a811826..c35aa05 100755 --- a/scripts_debian/00_prepare.sh +++ b/scripts_debian/00_prepare.sh @@ -2,16 +2,17 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ +. $SCRIPTSDIR/vars.sh . ./umount_kill.sh >/dev/null +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ INSTALLDIR="$(readlink -m mnt)" umount_kill "$INSTALLDIR" || : -# ------------------------------------------------------------------------------ -# Set debug display -# ------------------------------------------------------------------------------ if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then set -x else @@ -26,12 +27,13 @@ customStep "$0" "pre" # ------------------------------------------------------------------------------ # Force overwrite of an existing image for now if debootstrap did not seem to complete... # ------------------------------------------------------------------------------ +debug "Determine if $IMG should be reused or deleted..." if [ -f "$IMG" ]; then mount -o loop "$IMG" "$INSTALLDIR" || exit 1 # Assume a failed debootstrap installation if .prepare_debootstrap does not exist if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then - echo "-> Failed Image file $IMG already exists, deleting..." + warn "Failed Image file $IMG already exists, deleting..." rm -f "$IMG" # Allow qubes to be updated elif [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh index 65f29b6..177da2b 100755 --- a/scripts_debian/01_install_core.sh +++ b/scripts_debian/01_install_core.sh @@ -2,13 +2,17 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh -set -e +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then set -x +else + set -e fi # ------------------------------------------------------------------------------ @@ -20,10 +24,10 @@ customStep "$0" "pre" # Install base debian system # ------------------------------------------------------------------------------ if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then - echo "-> Installing base ${DEBIANVERSION} system" + debug "Installing base ${DEBIANVERSION} system" COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ --components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \ - "$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { echo "Debootstrap failed!"; exit 1; } + "$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; } chroot "$INSTALLDIR" chmod 0666 "/dev/null" touch "$INSTALLDIR/tmp/.prepared_debootstrap" fi @@ -32,4 +36,3 @@ fi # Execute any custom post configuration scripts # ------------------------------------------------------------------------------ customStep "$0" "post" - diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh index 80a6c9e..1fa0c3e 100755 --- a/scripts_debian/02_install_groups.sh +++ b/scripts_debian/02_install_groups.sh @@ -2,18 +2,26 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ -set -x - . $SCRIPTSDIR/vars.sh . ./umount_kill.sh >/dev/null +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ +if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then + set -x +else + set -e +fi + # ------------------------------------------------------------------------------ # If .prepared_debootstrap has not been completed, don't continue # ------------------------------------------------------------------------------ if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then - echo "--> prepared_debootstrap installataion has not completed!... Exiting" + error "prepared_debootstrap installataion has not completed!... Exiting" + umount_kill "$INSTALLDIR" || : exit 1 fi @@ -31,14 +39,14 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then # ------------------------------------------------------------------------------ # Cleanup function # ------------------------------------------------------------------------------ - function error() { - echo "--> Install groups error and umount" + function cleanup() { + error "Install groups error and umount" rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" umount_kill "$INSTALLDIR" || : exit 1 } - trap error ERR - trap error EXIT + trap cleanup ERR + trap cleanup EXIT # ------------------------------------------------------------------------------ # Set up a temporary policy-rc.d to prevent apt from starting services @@ -53,7 +61,7 @@ EOF # ------------------------------------------------------------------------------ # Add debian security repository # ------------------------------------------------------------------------------ - echo "--> Adding debian-security repository." + debug "Adding debian-security repository." source="deb http://security.debian.org ${DEBIANVERSION}/updates main" if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then touch "$INSTALLDIR/etc/apt/sources.list" @@ -68,7 +76,7 @@ EOF # ------------------------------------------------------------------------------ # Upgrade system # ------------------------------------------------------------------------------ - echo "--> Upgrading system" + debug "Upgrading system" chroot "$INSTALLDIR" apt-get update DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade @@ -76,7 +84,7 @@ EOF # ------------------------------------------------------------------------------ # Configure keyboard # ------------------------------------------------------------------------------ - echo "--> Setting keyboard layout" + debug "Setting keyboard layout" chroot "$INSTALLDIR" debconf-set-selections < Installing extra packages" + debug "Installing extra packages" DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$PKGLISTFILE" @@ -120,7 +129,7 @@ EOF # For jessie and newer, sysvinit is provided by sysvinit-core which # is not an essential package. # ------------------------------------------------------------------------------ - echo "--> Installing systemd for debian ($DEBIANVERSION)" + debug "Installing systemd for debian ($DEBIANVERSION)" if [ "$DEBIANVERSION" == "wheezy" ]; then echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit @@ -130,7 +139,7 @@ EOF fi # Prevent sysvinit from being re-installed - echo "--> Preventing sysvinit re-installation" + debug "Preventing sysvinit re-installation" chroot "$INSTALLDIR" apt-mark hold sysvinit chroot "$INSTALLDIR" apt-get update @@ -148,7 +157,7 @@ EOF # Qubes is now being built with some SID packages; grab backport for wheezy # ------------------------------------------------------------------------------ if [ "$DEBIANVERSION" == "wheezy" ]; then - echo "--> Adding wheezy backports repository." + debug "Adding wheezy backports repository." source="deb ${DEBIAN_MIRROR} wheezy-backports main" if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then touch "$INSTALLDIR/etc/apt/sources.list" diff --git a/scripts_debian/04_install_qubes.sh b/scripts_debian/04_install_qubes.sh index 423a7d2..88a7612 100755 --- a/scripts_debian/04_install_qubes.sh +++ b/scripts_debian/04_install_qubes.sh @@ -1,22 +1,26 @@ #!/bin/sh # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -set -x - # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh . ./umount_kill.sh >/dev/null +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ +if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then + set -x +else + set -e +fi + # ------------------------------------------------------------------------------ # If .prepared_groups has not been completed, don't continue # ------------------------------------------------------------------------------ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then - echo "--> prepared_groups installataion has not completed!... Exiting" + error "prepared_groups installataion has not completed!... Exiting" exit 1 fi @@ -34,7 +38,7 @@ customStep "$0" "pre" # Install Qubes Packages # ------------------------------------------------------------------------------ if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then - echo "--> Installing qbues modules" + debug "Installing qbues modules" # -------------------------------------------------------------------------- # Set up a temporary policy-rc.d to prevent apt from starting services @@ -49,7 +53,7 @@ EOF # -------------------------------------------------------------------------- # Generate locales # -------------------------------------------------------------------------- - echo "--> Generate locales" + debug "Generate locales" echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen" chroot "$INSTALLDIR" locale-gen chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8 @@ -57,7 +61,7 @@ EOF # -------------------------------------------------------------------------- # Update /etc/fstab # -------------------------------------------------------------------------- - echo "--> Updating template fstab file..." + debug "Updating template fstab file..." cat >> "$INSTALLDIR/etc/fstab" < Installing qubes packages" + debug "Installing qubes packages" export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST" # -------------------------------------------------------------------------- @@ -183,7 +187,7 @@ EOF # Copy over any extra files that may be needed that are located in # $SCRIPT_DIR/extra-qubes-files # -------------------------------------------------------------------------- - echo "-> Copy extra files..." + debug "Copy extra files..." copy_dirs "extra-qubes-files" touch "$INSTALLDIR/tmp/.prepared_qubes" diff --git a/scripts_debian/09_cleanup.sh b/scripts_debian/09_cleanup.sh index 5411a9c..d2b6f2b 100755 --- a/scripts_debian/09_cleanup.sh +++ b/scripts_debian/09_cleanup.sh @@ -2,10 +2,19 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ +if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then + set -x +else + set -e +fi + # ------------------------------------------------------------------------------ # Execute any custom pre configuration scripts # ------------------------------------------------------------------------------ diff --git a/scripts_debian/custom_wheezy_whonix-gateway/00_prepare_pre.sh b/scripts_debian/custom_wheezy_whonix-gateway/00_prepare_pre.sh new file mode 120000 index 0000000..9ad8e72 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix-gateway/00_prepare_pre.sh @@ -0,0 +1 @@ +../custom_wheezy_whonix/00_prepare_pre.sh \ No newline at end of file diff --git a/scripts_debian/custom_wheezy_whonix-gateway/01_install_core_post.sh b/scripts_debian/custom_wheezy_whonix-gateway/01_install_core_post.sh new file mode 120000 index 0000000..ba75217 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix-gateway/01_install_core_post.sh @@ -0,0 +1 @@ +../custom_wheezy_whonix/01_install_core_post.sh \ No newline at end of file diff --git a/scripts_debian/custom_wheezy_whonix-gateway/99_custom_configuration.sh b/scripts_debian/custom_wheezy_whonix-gateway/99_custom_configuration.sh index c359eea..048dc79 100755 --- a/scripts_debian/custom_wheezy_whonix-gateway/99_custom_configuration.sh +++ b/scripts_debian/custom_wheezy_whonix-gateway/99_custom_configuration.sh @@ -2,15 +2,23 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh . ./umount_kill.sh >/dev/null +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then set -x +else + set -e fi +# ------------------------------------------------------------------------------ +# +# ------------------------------------------------------------------------------ if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then # -------------------------------------------------------------------------- # Install Custom Configurations diff --git a/scripts_debian/custom_wheezy_whonix-workstation/00_prepare_pre.sh b/scripts_debian/custom_wheezy_whonix-workstation/00_prepare_pre.sh new file mode 120000 index 0000000..9ad8e72 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix-workstation/00_prepare_pre.sh @@ -0,0 +1 @@ +../custom_wheezy_whonix/00_prepare_pre.sh \ No newline at end of file diff --git a/scripts_debian/custom_wheezy_whonix-workstation/01_install_core_post.sh b/scripts_debian/custom_wheezy_whonix-workstation/01_install_core_post.sh new file mode 120000 index 0000000..ba75217 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix-workstation/01_install_core_post.sh @@ -0,0 +1 @@ +../custom_wheezy_whonix/01_install_core_post.sh \ No newline at end of file diff --git a/scripts_debian/custom_wheezy_whonix/00_prepare_pre.sh b/scripts_debian/custom_wheezy_whonix/00_prepare_pre.sh new file mode 100755 index 0000000..8916154 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix/00_prepare_pre.sh @@ -0,0 +1,54 @@ +#!/bin/bash -x +# vim: set ts=4 sw=4 sts=4 et : + +################################################################################ +# Allows a pre-built image to be used (if it exists) for installing +# Whonix. This option is useful only for debugging Whonix installations +# +# To use, first create a regualr wheezy template and manually copy the prepared +# image to debian-7-x64-prepard.img +# +# Example: +# cp ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64.img ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64-whonix-gateway-prepard.img +################################################################################ + +# ------------------------------------------------------------------------------ +# Return if DEBUG is not "1" +# ------------------------------------------------------------------------------ +# This script is only used if DEBUG is set +if [ ! "$DEBUG" == "1" ]; then + exit 0 +fi + +# ------------------------------------------------------------------------------ +# Source external scripts +# ------------------------------------------------------------------------------ +. $SCRIPTSDIR/vars.sh +. ./umount_kill.sh >/dev/null + +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ +if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then + set -x +else + set -e +fi + +INSTALLDIR="$(readlink -m mnt)" +umount_kill "$INSTALLDIR" || : + +# ------------------------------------------------------------------------------ +# Use an already prepared debian image to install Whonix (for DEBUGGING) +# ------------------------------------------------------------------------------ +splitPath "$IMG" path_parts +PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-prepared${path_parts[dotext]}" + +if [ -f "$PREPARED_IMG" ]; then + warn "Copying $PREPARED_IMG to $IMG" + mount -o loop "$PREPARED_IMG" "$INSTALLDIR" || exit 1 + rm -f "$INSTALLDIR/tmp/.prepared_groups" + umount_kill "$INSTALLDIR" || : + cp -f "$PREPARED_IMG" "$IMG" +fi + diff --git a/scripts_debian/custom_wheezy_whonix/01_install_core_post.sh b/scripts_debian/custom_wheezy_whonix/01_install_core_post.sh new file mode 100755 index 0000000..2590b59 --- /dev/null +++ b/scripts_debian/custom_wheezy_whonix/01_install_core_post.sh @@ -0,0 +1,38 @@ +#!/bin/sh +# vim: set ts=4 sw=4 sts=4 et : + +# ------------------------------------------------------------------------------ +# Return if DEBUG is not "1" +# ------------------------------------------------------------------------------ +# This script is only used if DEBUG is set +if [ ! "$DEBUG" == "1" ]; then + exit 0 +fi + +# ------------------------------------------------------------------------------ +# Source external scripts +# ------------------------------------------------------------------------------ +. $SCRIPTSDIR/vars.sh +. ./umount_kill.sh >/dev/null + +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ +if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then + set -x +else + set -e +fi + +# ------------------------------------------------------------------------------ +# Create a copy of an already prepared bootstraped image if it does not exist +# ------------------------------------------------------------------------------ +splitPath "$IMG" path_parts +PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-prepared${path_parts[dotext]}" + +if ! [ -f "$PREPARED_IMG" ]; then + umount_kill "$INSTALLDIR" || : + warn "Copying $IMG to $PREPARED_IMG" + cp -f "$IMG" "$PREPARED_IMG" + mount -o loop "$IMG" "$INSTALLDIR" || exit 1 +fi diff --git a/scripts_debian/custom_wheezy_whonix/02_install_groups_packages_installed.sh b/scripts_debian/custom_wheezy_whonix/02_install_groups_packages_installed.sh index e5ab664..6258a1c 100755 --- a/scripts_debian/custom_wheezy_whonix/02_install_groups_packages_installed.sh +++ b/scripts_debian/custom_wheezy_whonix/02_install_groups_packages_installed.sh @@ -2,13 +2,18 @@ # vim: set ts=4 sw=4 sts=4 et : # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh . ./umount_kill.sh >/dev/null +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then set -x +else + set -e fi # ------------------------------------------------------------------------------ @@ -28,7 +33,7 @@ sudo mkdir --parents --mode=g+rw "/tmp/uwt" # on the package. Things seem to work anyway. BUT hopfully the # hold on grub* don't get removed sudo apt-mark hold sysvinit -sudo apt-mark hold grub-common grub-pc-bin grub2-common +sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common # Whonix expects haveged to be started sudo /etc/init.d/haveged start @@ -89,7 +94,6 @@ sudo touch "/tmp/.prepared_whonix" EOF - # ------------------------------------------------------------------------------ # chroot Whonix fix script (Make sure set -e is not set) # Run ../whonix_fix when whonix gives grub-pc error @@ -98,10 +102,27 @@ EOF # ignore certain errors read -r -d '' WHONIX_FIX_SCRIPT <<'EOF' DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - sudo apt-get -y --force-yes remove grub-common grub-pc-bin grub2-common + sudo apt-get -y --force-yes remove grub-pc grub-common grub-pc-bin grub2-common sudo apt-mark hold grub-common grub-pc-bin grub2-common EOF +read -r -d '' WHONIX_APT_PIN <<'EOF' +Package: grub-pc +Pin: version * +Pin-Priority: -100 + +Package: grub-pc-bin +Pin: version * +Pin-Priority: -100 + +Package: grub-common +Pin: version * +Pin-Priority: -100 + +Package: grub2-common +Pin: version * +Pin-Priority: -100 +EOF # ------------------------------------------------------------------------------ # Set defualts for apt not to install recommended or extra packages @@ -116,19 +137,19 @@ EOF # ------------------------------------------------------------------------------ # Cleanup function # ------------------------------------------------------------------------------ -function error() { - echo "--> Whonix error; umounting $INSTALLDIR to prevent further writes" +function cleanup() { + error "Whonix error; umounting $INSTALLDIR to prevent further writes" umount_kill "$INSTALLDIR" || : exit 1 } -trap error ERR -trap error EXIT +trap cleanup ERR +trap cleanup EXIT # ------------------------------------------------------------------------------ # Mount devices, etc required for Whonix installation # ------------------------------------------------------------------------------ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then - echo "-> Installing whonix system" + info "Installing Whonix system" # -------------------------------------------------------------------------- # Initialize Whonix submodules @@ -147,17 +168,31 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then # XXX: Seems like the error disappears, but then whonix updates to original code? pushd "$WHONIX_DIR/packages/anon-meta-packages/debian" { - sed -i 's/ grub-pc,//g' control; - #git commit -am 'removed grub-pc depend'; + sed -i 's/ grub-pc,//g' control || :; + su $USER -c "git commit -am 'removed grub-pc depend'" || :; + } + popd + + pushd "$WHONIX_DIR" + { + sed -i 's/grub-pc//g' grml_packages || :; + su $USER -c "git commit -am 'removed grub-pc depend'" || :; } popd - pushd "$WHONIX_DIR/build-steps.d" + pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d" { - sed -i 's/ check_for_uncommited_changes/ #check_for_uncommited_changes/g' 1200_create-debian-packages; + sed -i 's/update-grub/:/g' 85_update_grub || :; + su $USER -c "git commit -am 'removed grub-pc depend'" || :; } popd + #pushd "$WHONIX_DIR/build-steps.d" + #{ + # sed -i 's/ check_for_uncommited_changes/ #check_for_uncommited_changes/g' 1200_create-debian-packages; + #} + #popd + # -------------------------------------------------------------------------- # Whonix system config dependancies # -------------------------------------------------------------------------- @@ -184,18 +219,22 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then # Install Whonix system # -------------------------------------------------------------------------- if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then - echo "-> Installing Whonix build environment..." + debug "Installing Whonix build environment..." chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix' fi if [ -d "$INSTALLDIR/home/user/Whonix" ]; then + debug "Building Whonix..." mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix" - echo "-> Building Whonix..." # Install apt-get preferences echo "$WHONIX_APT_PREFERENCE" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix" chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix" + # Pin grub packages so they will not install + echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes" + chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes" + # Install Whonix fix script echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix" chmod 0755 "$INSTALLDIR/home/user/whonix_fix" @@ -209,9 +248,9 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then BUILD_TYPE="--torworkstation" else - echo "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" - echo "You need to set TEMPLATE_FLAVOR environment variable to either" - echo "whonix-gateway OR whonix-workstation" + error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" + error "You need to set TEMPLATE_FLAVOR environment variable to either" + error "whonix-gateway OR whonix-workstation" exit 1 fi diff --git a/scripts_debian/custom_wheezy_whonix/04_install_qubes_post.sh b/scripts_debian/custom_wheezy_whonix/04_install_qubes_post.sh index 11f4193..11d7e32 100755 --- a/scripts_debian/custom_wheezy_whonix/04_install_qubes_post.sh +++ b/scripts_debian/custom_wheezy_whonix/04_install_qubes_post.sh @@ -6,12 +6,17 @@ # # ------------------------------------------------------------------------------ -# Configurations +# Source external scripts # ------------------------------------------------------------------------------ . $SCRIPTSDIR/vars.sh +# ------------------------------------------------------------------------------ +# Configurations +# ------------------------------------------------------------------------------ if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then set -x +else + set -e fi # ------------------------------------------------------------------------------ @@ -43,7 +48,6 @@ fi # ------------------------------------------------------------------------------ # Copy over any extra files # ------------------------------------------------------------------------------ -echo "-> Copy extra files..." copy_dirs "extra-whonix-files" # ------------------------------------------------------------------------------ diff --git a/scripts_debian/vars.sh b/scripts_debian/vars.sh index be2ee69..aeb5940 100755 --- a/scripts_debian/vars.sh +++ b/scripts_debian/vars.sh @@ -1,6 +1,9 @@ # ------------------------------------------------------------------------------ # Global variables and functions # ------------------------------------------------------------------------------ + +. ./functions.sh + # The codename of the debian version to install. # jessie = testing, wheezy = stable DEBIANVERSION=$DIST @@ -21,101 +24,3 @@ QUBESDEBIANGIT="http://dsg.is/qubes/" # build, which does not exist. We need to write to $HOME/.gnupg so set it # to something valid. HOME=/root - - -# ------------------------------------------------------------------------------ -# Takes an array and exports it a global variable -# -# $1: Array to export -# $2: Global variable name to use for export -# -# http://ihaveabackup.net/2012/01/29/a-workaround-for-passing-arrays-in-bash/ -# -# ------------------------------------------------------------------------------ -setArrayAsGlobal() { - local array="$1" - local export_as="$2" - local code=$(declare -p "$array") - local replaced="${code/$array/$export_as}" - eval ${replaced/declare -/declare -g} -} - - -# ------------------------------------------------------------------------------ -# Spilts the path and returns an array of parts -# -# $1: Full path of file to split -# $2: Global variable name to use for export -# Returns: -# ([full]='original name' [dir]='directory' [base]='filename' [ext]='extension') -# -# Original concept path split from: -# https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash -# -# ------------------------------------------------------------------------------ -splitPath() { - - local return_global_var=$2 - local filename="${1##*/}" # Strip longest match of */ from start - local dir="${1:0:${#1} - ${#filename}}" # Substring from 0 thru pos of filename - local base="${filename%.[^.]*}" # Strip shortest match of . plus at least one non-dot char from end - local ext="${filename:${#base} + 1}" # Substring from len of base thru end - if [ "$ext" ]; then - local dotext=".$ext" - else - local dotext="" - fi - if [[ -z "$base" && -n "$ext" ]]; then # If we have an extension and no base, it's really the base - base=".$ext" - ext="" - dotext="" - fi - - declare -A PARTS=([full]="$1" [dir]="$dir" [base]="$base" [ext]="$ext" [dotext]="$dotext") - setArrayAsGlobal PARTS $return_global_var -} - - -# ------------------------------------------------------------------------------ -# Executes any additional optional configuration steps if the configuration -# scripts exist -# ------------------------------------------------------------------------------ -customStep() { - echo "--> Checking for any custom $2 configuration scripts for $1..." - splitPath "$1" path_parts - - if [ "$2" ]; then - script_name="${path_parts[base]}_$2${path_parts[dotext]}" - else - script_name="${path_parts[base]}${path_parts[dotext]}" - fi - - if [ -n "${TEMPLATE_FLAVOR}" ]; then - script="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${script_name}" - else - script="$SCRIPTSDIR/custom_${DIST}/${script_name}" - fi - - if [ -f "$script" ]; then - "$script" - fi -} - - -# ------------------------------------------------------------------------------ -# Copy extra file tree to $INSTALLDIR -# ------------------------------------------------------------------------------ -copy_dirs() { - DIR="$1" - if [ -n "${TEMPLATE_FLAVOR}" ]; then - CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}" - else - CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}" - fi - - if [ -d "$CUSTOMDIR" ]; then - cp -rp "$CUSTOMDIR/"* "$INSTALLDIR" - elif [ -d "$SCRIPTSDIR/${DIR}" ]; then - cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR" - fi -} diff --git a/umount_kill.sh b/umount_kill.sh index 4d1644e..4e64834 100755 --- a/umount_kill.sh +++ b/umount_kill.sh @@ -23,6 +23,8 @@ # ./umount_kill.sh chroot-jessie # +. ./functions.sh + # $1 = full path to mount; # $2 = if set will not umount; only kill processes in mount umount_kill() { @@ -37,7 +39,7 @@ umount_kill() { # since we are doing an exact string match on the path MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g) - echo "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting" + debug "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting" for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR") do sudo lsof "$dir" 2> /dev/null | \ @@ -46,11 +48,21 @@ umount_kill() { awk '{print $2}' | \ xargs --no-run-if-empty sudo kill -9 - echo "un-mounting $dir" if ! [ "$2" ] && $(mountpoint -q "$dir"); then + debug "un-mounting $dir" sudo umount -n "$dir" 2> /dev/null || \ sudo umount -n -l "$dir" 2> /dev/null || \ - echo "umount $dir unsuccessful!" + error "umount $dir unsuccessful!" + elif ! [ "$2" ]; then + # Look for (deleted) mountpoints + debug "not a regular mount point: $dir" + base=$(basename "$dir") + dir=$(dirname "$dir") + base=$(echo "$base" | sed 's/[\].*$//') + dir="$dir/$base" + sudo umount -v -f -n "$dir" 2> /dev/null || \ + sudo umount -v -f -n -l "$dir" 2> /dev/null || \ + error "umount $dir unsuccessful!" fi done }