Added colorized messages and changed scripts to use them

Added a few more whonix replacement tweaks
Updated umount_kill.sh to be able to umount directories that have been deleted
Added a DEBUG feature to save / use already created debootstrap image to save time debugging
This commit is contained in:
Jason Mehring 2014-10-16 12:03:05 -04:00
parent fb1a2dbf92
commit 1334b8ae50
18 changed files with 435 additions and 161 deletions

183
functions.sh Executable file
View File

@ -0,0 +1,183 @@
################################################################################
# Global functions
################################################################################
# ------------------------------------------------------------------------------
# Define colors
# ------------------------------------------------------------------------------
colors() {
## Thanks to:
## http://mywiki.wooledge.org/BashFAQ/037
## Variables for terminal requests.
[[ -t 2 ]] && {
export alt=$( tput smcup || tput ti ) # Start alt display
export ealt=$( tput rmcup || tput te ) # End alt display
export hide=$( tput civis || tput vi ) # Hide cursor
export show=$( tput cnorm || tput ve ) # Show cursor
export save=$( tput sc ) # Save cursor
export load=$( tput rc ) # Load cursor
export bold=$( tput bold || tput md ) # Start bold
export stout=$( tput smso || tput so ) # Start stand-out
export estout=$( tput rmso || tput se ) # End stand-out
export under=$( tput smul || tput us ) # Start underline
export eunder=$( tput rmul || tput ue ) # End underline
export reset=$( tput sgr0 || tput me ) # Reset cursor
export blink=$( tput blink || tput mb ) # Start blinking
export italic=$( tput sitm || tput ZH ) # Start italic
export eitalic=$( tput ritm || tput ZR ) # End italic
[[ $TERM != *-m ]] && {
export red=$( tput setaf 1|| tput AF 1 )
export green=$( tput setaf 2|| tput AF 2 )
export yellow=$( tput setaf 3|| tput AF 3 )
export blue=$( tput setaf 4|| tput AF 4 )
export magenta=$( tput setaf 5|| tput AF 5 )
export cyan=$( tput setaf 6|| tput AF 6 )
}
export white=$( tput setaf 7|| tput AF 7 )
export default=$( tput op )
export eed=$( tput ed || tput cd ) # Erase to end of display
export eel=$( tput el || tput ce ) # Erase to end of line
export ebl=$( tput el1 || tput cb ) # Erase to beginning of line
export ewl=$eel$ebl # Erase whole line
export draw=$( tput -S <<< ' enacs
smacs
acsc
rmacs' || { \
tput eA; tput as;
tput ac; tput ae; } ) # Drawing characters
export back=$'\b'
} 2>/dev/null ||:
export build_already_defined_colors="true"
}
if [ ! "$build_already_defined_colors" = "true" ]; then
colors
fi
# ------------------------------------------------------------------------------
# Display messages in color
# ------------------------------------------------------------------------------
info() {
echo "${bold}${cyan}INFO: ${1}${reset}"
}
debug() {
echo "${bold}${green}DEBUG: ${1}${reset}"
}
warn() {
echo "${stout}${yellow}WARNING: ${1}${reset}"
}
error() {
echo "${bold}${red}ERROR: ${1}${reset}"
}
# ------------------------------------------------------------------------------
# Takes an array and exports it a global variable
#
# $1: Array to export
# $2: Global variable name to use for export
#
# http://ihaveabackup.net/2012/01/29/a-workaround-for-passing-arrays-in-bash/
#
# ------------------------------------------------------------------------------
setArrayAsGlobal() {
local array="$1"
local export_as="$2"
local code=$(declare -p "$array")
local replaced="${code/$array/$export_as}"
eval ${replaced/declare -/declare -g}
}
# ------------------------------------------------------------------------------
# Spilts the path and returns an array of parts
#
# $1: Full path of file to split
# $2: Global variable name to use for export
# Returns:
# ([full]='original name' [dir]='directory' [base]='filename' [ext]='extension')
#
# Original concept path split from:
# https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash
#
# ------------------------------------------------------------------------------
splitPath() {
local return_global_var=$2
local filename="${1##*/}" # Strip longest match of */ from start
local dir="${1:0:${#1} - ${#filename}}" # Substring from 0 thru pos of filename
local base="${filename%.[^.]*}" # Strip shortest match of . plus at least one non-dot char from end
local ext="${filename:${#base} + 1}" # Substring from len of base thru end
if [ "$ext" ]; then
local dotext=".$ext"
else
local dotext=""
fi
if [[ -z "$base" && -n "$ext" ]]; then # If we have an extension and no base, it's really the base
base=".$ext"
ext=""
dotext=""
fi
declare -A PARTS=([full]="$1" [dir]="$dir" [base]="$base" [ext]="$ext" [dotext]="$dotext")
setArrayAsGlobal PARTS $return_global_var
}
# ------------------------------------------------------------------------------
# Executes any additional optional configuration steps if the configuration
# scripts exist
# ------------------------------------------------------------------------------
customStep() {
info "Checking for any custom $2 configuration scripts for $1..."
splitPath "$1" path_parts
if [ "$2" ]; then
script_name="${path_parts[base]}_$2${path_parts[dotext]}"
else
script_name="${path_parts[base]}${path_parts[dotext]}"
fi
if [ -n "${TEMPLATE_FLAVOR}" ]; then
script="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${script_name}"
else
script="$SCRIPTSDIR/custom_${DIST}/${script_name}"
fi
if [ -f "$script" ]; then
echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
"$script"
fi
}
# ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR
# ------------------------------------------------------------------------------
copy_dirs() {
DIR="$1"
info "Entering Copy extra file tree to $INSTALLDIR..."
if [ -n "${TEMPLATE_FLAVOR}" ]; then
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}"
else
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}"
fi
if [ -d "$CUSTOMDIR" ]; then
debug "Copying $CUSTOMDIR/* $INSTALLDIR..."
cp -rp "$CUSTOMDIR/"* "$INSTALLDIR"
elif [ -d "$SCRIPTSDIR/${DIR}" ]; then
debug "Copying $SCRIPTSDIR/${DIR}/* $INSTALLDIR"
cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR"
else
debug "No extra files to copy"
fi
}
# $0 is module that sourced vars.sh
echo "${bold}${under}INFO: Currently running script: ${0}${reset}"

View File

@ -38,6 +38,7 @@ echo "-> Preparing instalation of $DIST template..."
# Mount image and install core OS
# ------------------------------------------------------------------------------
export INSTALLDIR="$(readlink -m mnt)"
mkdir -p "$INSTALLDIR"
if [ -f "$IMG" ]; then
echo "-> Image file already exists, assuming *update*..."
@ -49,7 +50,6 @@ else
mkfs.ext4 -q -F "$IMG" || exit 1
fi
mkdir -p "$INSTALLDIR"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT
"$SCRIPTSDIR/01_install_core.sh"

View File

@ -2,16 +2,17 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || :
# ------------------------------------------------------------------------------
# Set debug display
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
@ -26,12 +27,13 @@ customStep "$0" "pre"
# ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------
debug "Determine if $IMG should be reused or deleted..."
if [ -f "$IMG" ]; then
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
echo "-> Failed Image file $IMG already exists, deleting..."
warn "Failed Image file $IMG already exists, deleting..."
rm -f "$IMG"
# Allow qubes to be updated
elif [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then

View File

@ -2,13 +2,17 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
set -e
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
@ -20,10 +24,10 @@ customStep "$0" "pre"
# Install base debian system
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
echo "-> Installing base ${DEBIANVERSION} system"
debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { echo "Debootstrap failed!"; exit 1; }
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; }
chroot "$INSTALLDIR" chmod 0666 "/dev/null"
touch "$INSTALLDIR/tmp/.prepared_debootstrap"
fi
@ -32,4 +36,3 @@ fi
# Execute any custom post configuration scripts
# ------------------------------------------------------------------------------
customStep "$0" "post"

View File

@ -2,18 +2,26 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
set -x
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
echo "--> prepared_debootstrap installataion has not completed!... Exiting"
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || :
exit 1
fi
@ -31,14 +39,14 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function error() {
echo "--> Install groups error and umount"
function cleanup() {
error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || :
exit 1
}
trap error ERR
trap error EXIT
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
@ -53,7 +61,7 @@ EOF
# ------------------------------------------------------------------------------
# Add debian security repository
# ------------------------------------------------------------------------------
echo "--> Adding debian-security repository."
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
@ -68,7 +76,7 @@ EOF
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
echo "--> Upgrading system"
debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
@ -76,7 +84,7 @@ EOF
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
echo "--> Setting keyboard layout"
debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
@ -93,7 +101,8 @@ EOF
if [ -n "${TEMPLATE_FLAVOR}" ]; then
PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}_${TEMPLATE_FLAVOR}.list"
if ! [ -r "${PKGLISTFILE}" ]; then
echo "ERROR: ${PKGLISTFILE} does not exists!"
error "ERROR: ${PKGLISTFILE} does not exists!"
umount_kill "$INSTALLDIR" || :
exit 1
fi
elif [ -r "$SCRIPTSDIR/packages_${DIST}.list" ]; then
@ -102,7 +111,7 @@ EOF
PKGLISTFILE="$SCRIPTSDIR/packages.list"
fi
echo "--> Installing extra packages"
debug "Installing extra packages"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$PKGLISTFILE"
@ -120,7 +129,7 @@ EOF
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
echo "--> Installing systemd for debian ($DEBIANVERSION)"
debug "Installing systemd for debian ($DEBIANVERSION)"
if [ "$DEBIANVERSION" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
@ -130,7 +139,7 @@ EOF
fi
# Prevent sysvinit from being re-installed
echo "--> Preventing sysvinit re-installation"
debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit
chroot "$INSTALLDIR" apt-get update
@ -148,7 +157,7 @@ EOF
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then
echo "--> Adding wheezy backports repository."
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"

View File

@ -1,22 +1,26 @@
#!/bin/sh
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
set -x
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
echo "--> prepared_groups installataion has not completed!... Exiting"
error "prepared_groups installataion has not completed!... Exiting"
exit 1
fi
@ -34,7 +38,7 @@ customStep "$0" "pre"
# Install Qubes Packages
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then
echo "--> Installing qbues modules"
debug "Installing qbues modules"
# --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
@ -49,7 +53,7 @@ EOF
# --------------------------------------------------------------------------
# Generate locales
# --------------------------------------------------------------------------
echo "--> Generate locales"
debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen"
chroot "$INSTALLDIR" locale-gen
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8
@ -57,7 +61,7 @@ EOF
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
echo "--> Updating template fstab file..."
debug "Updating template fstab file..."
cat >> "$INSTALLDIR/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
@ -89,7 +93,7 @@ EOF
# --------------------------------------------------------------------------
# Start of Qubes package installation
# --------------------------------------------------------------------------
echo "--> Installing qubes packages"
debug "Installing qubes packages"
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST"
# --------------------------------------------------------------------------
@ -183,7 +187,7 @@ EOF
# Copy over any extra files that may be needed that are located in
# $SCRIPT_DIR/extra-qubes-files
# --------------------------------------------------------------------------
echo "-> Copy extra files..."
debug "Copy extra files..."
copy_dirs "extra-qubes-files"
touch "$INSTALLDIR/tmp/.prepared_qubes"

View File

@ -2,10 +2,19 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# Execute any custom pre configuration scripts
# ------------------------------------------------------------------------------

View File

@ -0,0 +1 @@
../custom_wheezy_whonix/00_prepare_pre.sh

View File

@ -0,0 +1 @@
../custom_wheezy_whonix/01_install_core_post.sh

View File

@ -2,15 +2,23 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
#
# ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations

View File

@ -0,0 +1 @@
../custom_wheezy_whonix/00_prepare_pre.sh

View File

@ -0,0 +1 @@
../custom_wheezy_whonix/01_install_core_post.sh

View File

@ -0,0 +1,54 @@
#!/bin/bash -x
# vim: set ts=4 sw=4 sts=4 et :
################################################################################
# Allows a pre-built image to be used (if it exists) for installing
# Whonix. This option is useful only for debugging Whonix installations
#
# To use, first create a regualr wheezy template and manually copy the prepared
# image to debian-7-x64-prepard.img
#
# Example:
# cp ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64.img ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64-whonix-gateway-prepard.img
################################################################################
# ------------------------------------------------------------------------------
# Return if DEBUG is not "1"
# ------------------------------------------------------------------------------
# This script is only used if DEBUG is set
if [ ! "$DEBUG" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || :
# ------------------------------------------------------------------------------
# Use an already prepared debian image to install Whonix (for DEBUGGING)
# ------------------------------------------------------------------------------
splitPath "$IMG" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-prepared${path_parts[dotext]}"
if [ -f "$PREPARED_IMG" ]; then
warn "Copying $PREPARED_IMG to $IMG"
mount -o loop "$PREPARED_IMG" "$INSTALLDIR" || exit 1
rm -f "$INSTALLDIR/tmp/.prepared_groups"
umount_kill "$INSTALLDIR" || :
cp -f "$PREPARED_IMG" "$IMG"
fi

View File

@ -0,0 +1,38 @@
#!/bin/sh
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Return if DEBUG is not "1"
# ------------------------------------------------------------------------------
# This script is only used if DEBUG is set
if [ ! "$DEBUG" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# Create a copy of an already prepared bootstraped image if it does not exist
# ------------------------------------------------------------------------------
splitPath "$IMG" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-prepared${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ]; then
umount_kill "$INSTALLDIR" || :
warn "Copying $IMG to $PREPARED_IMG"
cp -f "$IMG" "$PREPARED_IMG"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
fi

View File

@ -2,13 +2,18 @@
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
@ -28,7 +33,7 @@ sudo mkdir --parents --mode=g+rw "/tmp/uwt"
# on the package. Things seem to work anyway. BUT hopfully the
# hold on grub* don't get removed
sudo apt-mark hold sysvinit
sudo apt-mark hold grub-common grub-pc-bin grub2-common
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
# Whonix expects haveged to be started
sudo /etc/init.d/haveged start
@ -89,7 +94,6 @@ sudo touch "/tmp/.prepared_whonix"
EOF
# ------------------------------------------------------------------------------
# chroot Whonix fix script (Make sure set -e is not set)
# Run ../whonix_fix when whonix gives grub-pc error
@ -98,10 +102,27 @@ EOF
# ignore certain errors
read -r -d '' WHONIX_FIX_SCRIPT <<'EOF'
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get -y --force-yes remove grub-common grub-pc-bin grub2-common
sudo apt-get -y --force-yes remove grub-pc grub-common grub-pc-bin grub2-common
sudo apt-mark hold grub-common grub-pc-bin grub2-common
EOF
read -r -d '' WHONIX_APT_PIN <<'EOF'
Package: grub-pc
Pin: version *
Pin-Priority: -100
Package: grub-pc-bin
Pin: version *
Pin-Priority: -100
Package: grub-common
Pin: version *
Pin-Priority: -100
Package: grub2-common
Pin: version *
Pin-Priority: -100
EOF
# ------------------------------------------------------------------------------
# Set defualts for apt not to install recommended or extra packages
@ -116,19 +137,19 @@ EOF
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function error() {
echo "--> Whonix error; umounting $INSTALLDIR to prevent further writes"
function cleanup() {
error "Whonix error; umounting $INSTALLDIR to prevent further writes"
umount_kill "$INSTALLDIR" || :
exit 1
}
trap error ERR
trap error EXIT
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
echo "-> Installing whonix system"
info "Installing Whonix system"
# --------------------------------------------------------------------------
# Initialize Whonix submodules
@ -147,17 +168,31 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# XXX: Seems like the error disappears, but then whonix updates to original code?
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
{
sed -i 's/ grub-pc,//g' control;
#git commit -am 'removed grub-pc depend';
sed -i 's/ grub-pc,//g' control || :;
su $USER -c "git commit -am 'removed grub-pc depend'" || :;
}
popd
pushd "$WHONIX_DIR/build-steps.d"
pushd "$WHONIX_DIR"
{
sed -i 's/ check_for_uncommited_changes/ #check_for_uncommited_changes/g' 1200_create-debian-packages;
sed -i 's/grub-pc//g' grml_packages || :;
su $USER -c "git commit -am 'removed grub-pc depend'" || :;
}
popd
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{
sed -i 's/update-grub/:/g' 85_update_grub || :;
su $USER -c "git commit -am 'removed grub-pc depend'" || :;
}
popd
#pushd "$WHONIX_DIR/build-steps.d"
#{
# sed -i 's/ check_for_uncommited_changes/ #check_for_uncommited_changes/g' 1200_create-debian-packages;
#}
#popd
# --------------------------------------------------------------------------
# Whonix system config dependancies
# --------------------------------------------------------------------------
@ -184,18 +219,22 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# Install Whonix system
# --------------------------------------------------------------------------
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
echo "-> Installing Whonix build environment..."
debug "Installing Whonix build environment..."
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
fi
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
debug "Building Whonix..."
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
echo "-> Building Whonix..."
# Install apt-get preferences
echo "$WHONIX_APT_PREFERENCE" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
# Pin grub packages so they will not install
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
@ -209,9 +248,9 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
echo "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
echo "You need to set TEMPLATE_FLAVOR environment variable to either"
echo "whonix-gateway OR whonix-workstation"
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi

View File

@ -6,12 +6,17 @@
#
# ------------------------------------------------------------------------------
# Configurations
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
@ -43,7 +48,6 @@ fi
# ------------------------------------------------------------------------------
# Copy over any extra files
# ------------------------------------------------------------------------------
echo "-> Copy extra files..."
copy_dirs "extra-whonix-files"
# ------------------------------------------------------------------------------

View File

@ -1,6 +1,9 @@
# ------------------------------------------------------------------------------
# Global variables and functions
# ------------------------------------------------------------------------------
. ./functions.sh
# The codename of the debian version to install.
# jessie = testing, wheezy = stable
DEBIANVERSION=$DIST
@ -21,101 +24,3 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
# build, which does not exist. We need to write to $HOME/.gnupg so set it
# to something valid.
HOME=/root
# ------------------------------------------------------------------------------
# Takes an array and exports it a global variable
#
# $1: Array to export
# $2: Global variable name to use for export
#
# http://ihaveabackup.net/2012/01/29/a-workaround-for-passing-arrays-in-bash/
#
# ------------------------------------------------------------------------------
setArrayAsGlobal() {
local array="$1"
local export_as="$2"
local code=$(declare -p "$array")
local replaced="${code/$array/$export_as}"
eval ${replaced/declare -/declare -g}
}
# ------------------------------------------------------------------------------
# Spilts the path and returns an array of parts
#
# $1: Full path of file to split
# $2: Global variable name to use for export
# Returns:
# ([full]='original name' [dir]='directory' [base]='filename' [ext]='extension')
#
# Original concept path split from:
# https://stackoverflow.com/questions/965053/extract-filename-and-extension-in-bash
#
# ------------------------------------------------------------------------------
splitPath() {
local return_global_var=$2
local filename="${1##*/}" # Strip longest match of */ from start
local dir="${1:0:${#1} - ${#filename}}" # Substring from 0 thru pos of filename
local base="${filename%.[^.]*}" # Strip shortest match of . plus at least one non-dot char from end
local ext="${filename:${#base} + 1}" # Substring from len of base thru end
if [ "$ext" ]; then
local dotext=".$ext"
else
local dotext=""
fi
if [[ -z "$base" && -n "$ext" ]]; then # If we have an extension and no base, it's really the base
base=".$ext"
ext=""
dotext=""
fi
declare -A PARTS=([full]="$1" [dir]="$dir" [base]="$base" [ext]="$ext" [dotext]="$dotext")
setArrayAsGlobal PARTS $return_global_var
}
# ------------------------------------------------------------------------------
# Executes any additional optional configuration steps if the configuration
# scripts exist
# ------------------------------------------------------------------------------
customStep() {
echo "--> Checking for any custom $2 configuration scripts for $1..."
splitPath "$1" path_parts
if [ "$2" ]; then
script_name="${path_parts[base]}_$2${path_parts[dotext]}"
else
script_name="${path_parts[base]}${path_parts[dotext]}"
fi
if [ -n "${TEMPLATE_FLAVOR}" ]; then
script="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${script_name}"
else
script="$SCRIPTSDIR/custom_${DIST}/${script_name}"
fi
if [ -f "$script" ]; then
"$script"
fi
}
# ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR
# ------------------------------------------------------------------------------
copy_dirs() {
DIR="$1"
if [ -n "${TEMPLATE_FLAVOR}" ]; then
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}_${TEMPLATE_FLAVOR}/${DIR}"
else
CUSTOMDIR="$SCRIPTSDIR/custom_${DIST}/${DIR}"
fi
if [ -d "$CUSTOMDIR" ]; then
cp -rp "$CUSTOMDIR/"* "$INSTALLDIR"
elif [ -d "$SCRIPTSDIR/${DIR}" ]; then
cp -rp "$SCRIPTSDIR/${DIR}/"* "$INSTALLDIR"
fi
}

View File

@ -23,6 +23,8 @@
# ./umount_kill.sh chroot-jessie
#
. ./functions.sh
# $1 = full path to mount;
# $2 = if set will not umount; only kill processes in mount
umount_kill() {
@ -37,7 +39,7 @@ umount_kill() {
# since we are doing an exact string match on the path
MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g)
echo "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting"
debug "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting"
for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR")
do
sudo lsof "$dir" 2> /dev/null | \
@ -46,11 +48,21 @@ umount_kill() {
awk '{print $2}' | \
xargs --no-run-if-empty sudo kill -9
echo "un-mounting $dir"
if ! [ "$2" ] && $(mountpoint -q "$dir"); then
debug "un-mounting $dir"
sudo umount -n "$dir" 2> /dev/null || \
sudo umount -n -l "$dir" 2> /dev/null || \
echo "umount $dir unsuccessful!"
error "umount $dir unsuccessful!"
elif ! [ "$2" ]; then
# Look for (deleted) mountpoints
debug "not a regular mount point: $dir"
base=$(basename "$dir")
dir=$(dirname "$dir")
base=$(echo "$base" | sed 's/[\].*$//')
dir="$dir/$base"
sudo umount -v -f -n "$dir" 2> /dev/null || \
sudo umount -v -f -n -l "$dir" 2> /dev/null || \
error "umount $dir unsuccessful!"
fi
done
}