QubesOS
/
qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Tag for commit 620739019a

Browse Source 
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU4oOBAAoJEBu5sftaTG2tMMsP/21u8/oyKtCAhC7D5YTcK+E6
 bYMjM8aFtptJUdCy1EjEUjv5FMGcC9CMoe/sXzMkxQHsegkzPS9PsOK2aELytyxI
 x/GyQwEjI8wyzigQtsBXGzGkIePUqJtngmh67KFsVYINlXf1wx21AguSR/ZsHwCf
 hNBxNciZhUCwPfZt1Luk10jRdmSkKlcx77U52Z5ZMU4qOZGY5WVmvUttdKAR3JfG
 EcZG8JDa2sPV+8ryAqK7MCMzVqE+zkb6zYf6JwJSaR1OGvr91hbL8T3rSer6eXu+
 lu39eLSz1ITm91jeDirgTgPUMfplLOt+Y3luDpY2Uth+7rDSN6V7XLcuLJJzbRIC
 t8t84i2e+wL9iTWLxyo8v2lDS+PIKfhYbxHHvaoo/k9o6qvqqsy9VgYgA/toKfdg
 Fv+i4jwmqTXE+8+qxjT74boYP8FWpqKSpWWr/Aou5wBzG1bdKSxmqyMAYSCTsWmB
 wOHomBtQFpl5G3SCV/3FZHOroxwNlKgfzSalwxNpWN6nRTO1shBNOM+er6PBvIPT
 coJdpdQSR5aREg2IzrwoHH/1xE1KPJV2QbelMJg0p2Ca+9v2Ge5wLODotwRFYRDN
 j3nFnNr6kn5Rw9/wrCnZh61t4syKctQ6Kpg2/14AuogI2ut5IpSpNvlaA47df7Vi
 BuBRHBx+969YN1bYSP21
 =wO05
 -----END PGP SIGNATURE-----

Merge tag 'jm_62073901'

Tag for commit 620739019a

# gpg: Signature made Tue Feb 17 00:55:45 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD
pull/1/head
Marek Marczykowski-Górecki 9 years ago
parent addf4530e7 620739019a
commit 1980e023bb
165 changed files with 2344 additions and 3079 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape View File

@ -7,3 +7,5 @@ mnt_*
*.fs
*.img
install-templates.sh
yum_repo_qubes/*
scripts_fedora/base_rpms_fc21/*

3
Makefile
Unescape View File

@ -19,6 +19,9 @@ endif
fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames)
TEMPLATE_NAME := $(word 1,$(fix_up))
export DISTRIBUTION
export TEMPLATE_NAME
VERSION := $(shell cat version)
TIMESTAMP := $(shell date -u +%Y%m%d%H%M)

1
appmenus_fc21/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

3
appmenus_fc21/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,3 @@
gnome-terminal.desktop
nautilus.desktop
firefox.desktop

5
appmenus_fc21/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-prefs.desktop
system-config-date.desktop
system-config-printer.desktop

1
appmenus_fc21_minimal/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
xterm.desktop

1
appmenus_fc21_minimal/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
xterm.desktop

1
appmenus_fc21_minimal/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
xterm.desktop

4
appmenus_jessie/vm-whitelisted-appmenus.list
Unescape View File

@ -1,3 +1,5 @@
gnome-terminal.desktop
nautilus.desktop
org.gnome.Nautilus.desktop
iceweasel.desktop
icedove.desktop
yelp.desktop

1
appmenus_trusty/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_trusty/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_trusty/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

1
appmenus_trusty_desktop/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_trusty_desktop/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_trusty_desktop/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

1
appmenus_utopic/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_utopic/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_utopic/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

1
appmenus_utopic_desktop/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_utopic_desktop/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_utopic_desktop/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

1
appmenus_vivid/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_vivid/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_vivid/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

1
appmenus_vivid_desktop/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

5
appmenus_vivid_desktop/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

6
appmenus_vivid_desktop/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

2
appmenus_wheezy/vm-whitelisted-appmenus.list
Unescape View File

@ -1,3 +1,5 @@
gnome-terminal.desktop
iceweasel.desktop
icedove.desktop
nautilus.desktop
yelp.desktop

21
appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list
Unescape View File

@ -1,21 +1,16 @@
gnome-terminal.desktop
nautilus.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

11
appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list
Unescape View File

@ -2,20 +2,9 @@ gnome-terminal.desktop
nautilus.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

7
appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list
Unescape View File

@ -8,4 +8,9 @@ gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
kwrite.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
whonix_repository.desktop

13
appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list
Unescape View File

@ -1,12 +1,8 @@
gnome-terminal.desktop
nautilus.desktop
yelp.desktop
anondist-torbrowser.desktop
anondist-torbrowser_update.desktop
gateway-firsttimesetup.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
@ -16,12 +12,3 @@ whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
dolphin.desktop
Help.desktop
kcalc.desktop
kgpg.desktop
kwrite.desktop

92
appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list
Unescape View File

@ -4,93 +4,9 @@ gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
anondist-torbrowser.desktop
gnome-panel.desktop
gnome-printers-panel.desktop
gnome-system-log.desktop
tracker-preferences.desktop
anondist-torbrowser_update.desktop
bluetooth-sendto.desktop
bluetooth-wizard.desktop
brasero.desktop
brasero-nautilus.desktop
display.im6.desktop
fpm2.desktop
gateway-firsttimesetup.desktop
gcr-prompter.desktop
gcr-viewer.desktop
gnome-terminal.desktop
gpk-application.desktop
gpk-dbus-service.desktop
gpk-install-catalog.desktop
gpk-install-local-file.desktop
gpk-log.desktop
gpk-prefs.desktop
gpk-service-pack.desktop
gpk-update-viewer.desktop
iceweasel.desktop
kde4
mat.desktop
mimeinfo.cache
nact.desktop
nautilus-autorun-software.desktop
nautilus.desktop
nm-applet.desktop
nm-connection-editor.desktop
python2.7.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
yelp.desktop
akonaditray.desktop
-rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop
dolphin.desktop
gwenview.desktop
Help.desktop
jovieapp.desktop
kcalc.desktop
kdepasswd.desktop
kdesystemsettings.desktop
keditbookmarks.desktop
kfind.desktop
kfontview.desktop
kgpg.desktop
klipper.desktop
kmag.desktop
kmailservice.desktop
kmix.desktop
kmousetool.desktop
kmouth.desktop
konsole.desktop
krandrtray.desktop
ksysguard.desktop
ksystemlog.desktop
-rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop
kvkbd.desktop
kwrite.desktop
nepomukbackup.desktop
nepomukcontroller.desktop
okularApplication_comicbook.desktop
okularApplication_dvi.desktop
okularApplication_fax.desktop
okularApplication_fb.desktop
okularApplication_ghostview.desktop
okularApplication_kimgio.desktop
okularApplication_ooo.desktop
okularApplication_pdf.desktop
okularApplication_plucker.desktop
okularApplication_xps.desktop
okular.desktop
systemsettings.desktop

1
appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1 @@
gnome-terminal.desktop

22
appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,22 @@
gnome-terminal.desktop
nautilus.desktop
gcalctool.desktop
evolution.desktop
libreoffice-startcenter.desktop
gimp.desktop
eog.desktop
totem.desktop
shotwell.desktop
rhythmbox.desktop
anondist-torbrowser.desktop
timesync.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
yelp.desktop

14
appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list
Unescape View File

@ -0,0 +1,14 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gnome-panel.desktop
gnome-printers-panel.desktop
gnome-system-log.desktop
tracker-preferences.desktop
anondist-torbrowser_update.desktop
yelp.desktop

12
builder_setup
Unescape View File

@ -15,6 +15,18 @@ case "$DIST" in
DISTRIBUTION=debian
VERSION=8
;;
trusty)
DISTRIBUTION=qubuntu
VERSION=14.04
;;
utopic)
DISTRIBUTION=qubuntu
VERSION=14.10
;;
vivid)
DISTRIBUTION=qubuntu
VERSION=15.04
;;
*)
DISTRIBUTION="$DIST"
VERSION=

7
functions-name.sh
Unescape View File

@ -22,7 +22,12 @@ templateFlavorPrefix() {
fi
done
echo "${DIST}${template_flavor:++}"
# If template_flavor only contains a '+'; send back $DIST
if [ "${template_flavor}" == "+" ]; then
echo "${DIST}"
else
echo "${DIST}${template_flavor:++}"
fi
}
templateNameDist() {

93
functions.sh
Unescape View File

@ -11,6 +11,20 @@ DEBUG=${DEBUG:-0}
################################################################################
# Global functions
################################################################################
# ------------------------------------------------------------------------------
# Set xtrace verbose mode (-x or)
# ------------------------------------------------------------------------------
XTRACE=
function setVerboseMode() {
# Cache xtrace current status so it can be restored on exit
[[ ${-/x} != $- ]] && XTRACE=0 || XTRACE=1
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" -ge 2 ]; then
set -x
else
set +x
fi
}
# ------------------------------------------------------------------------------
# Define colors
@ -69,12 +83,32 @@ if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() {
local retval
true ${blue}
/usr/sbin/chroot "$@" && { retval=$?; true; } || { retval=$?; true; }
if [ "${SYSTEMD_NSPAWN_ENABLE}" == "1" ]; then
systemd-nspawn $systemd_bind -D "${INSTALLDIR}" -M "${DIST}" "$@" && { retval=$?; true; } || { retval=$?; true; }
else
/usr/sbin/chroot "${INSTALLDIR}" "$@" && { retval=$?; true; } || { retval=$?; true; }
fi
true ${reset}
return $retval
}
fi
# ------------------------------------------------------------------------------
# Return xtrace's current mode
# 0 is enables (-x); 1 is disables (+x)
# ------------------------------------------------------------------------------
getXtrace() {
[[ ${-/x} != $- ]] && echo 0 || echo 1
}
# ------------------------------------------------------------------------------
# Return xtrace to desired state
# 0 is enables (-x); 1 is disables (+x)
# ------------------------------------------------------------------------------
setXtrace() {
[[ "${1}" -eq 0 ]] && set -x || set +x
}
# ------------------------------------------------------------------------------
# Display messages in color
# ------------------------------------------------------------------------------
@ -82,24 +116,30 @@ fi
output() {
if [ "${VERBOSE}" -ge 1 ]; then
# Don't echo if -x is set since it will already be displayed via true
[[ ${-/x} != $- ]] || echo -e "${1}"
[[ ${-/x} != $- ]] || echo -e ""$@""
fi
}
outputc() {
color=${1}
shift
output "${!color}"$@"${reset}" || :
}
info() {
output "${bold}${blue}INFO: ${1}${reset}" || :
output "${bold}${blue}INFO: "$@"${reset}" || :
}
debug() {
output "${bold}${green}DEBUG: ${1}${reset}" || :
output "${bold}${green}DEBUG: "$@"${reset}" || :
}
warn() {
output "${stout}${yellow}WARNING: ${1}${reset}" || :
output "${stout}${yellow}WARNING: "$@"${reset}" || :
}
error() {
output "${bold}${red}ERROR: ${1}${reset}" || :
output "${bold}${red}ERROR: "$@"${reset}" || :
}
# ------------------------------------------------------------------------------
@ -166,17 +206,19 @@ templateDir() {
do
# (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome )
if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then
eval echo -e ${element#*:}
eval echo -e "${element#*:}"
return
# Very short name compare (+proxy)
elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then
eval echo -e ${element#*:}
eval echo -e "${element#*:}"
return
fi
done
if [ -n "${template_flavor}" ]; then
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
if [ -n "${template_flavor}" -a "${template_flavor}" == "+" ]; then
local dir="${SCRIPTSDIR}/${template_flavor_prefix}"
elif [ -n "${template_flavor}" ]; then
local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}"
else
local dir="${SCRIPTSDIR}"
@ -223,6 +265,7 @@ buildStepExec() {
# Cache $script
GLOBAL_CACHE[$script]=1
# Execute $script
"${script}"
fi
@ -266,11 +309,16 @@ callTemplateFunction() {
local calling_arg="$2"
local functionExec="$3"
local template_flavor="${TEMPLATE_FLAVOR}"
${functionExec} "${calling_script}" \
"${calling_arg}" \
"${template_flavor}"
# Find a $DIST sub-directory
${functionExec} "${calling_script}" \
"${calling_arg}" \
"+"
for option in ${TEMPLATE_OPTIONS[@]}
do
# Long name (wheezy+whonix-gateway+proxy)
@ -292,6 +340,17 @@ callTemplateFunction() {
}
# ------------------------------------------------------------------------------
# Will return all files that match pattern of suffix
# Example:
# filename = packages.list
# suffix = ${DIST} (wheezy)
#
# Will look for a file name packages_wheezy.list in:
# the $SCRIPTSDIR; beside original
# the $SCRIPTSDIR/$DIST (wheezy) directory
# any included template module directories ($SCRIPTSDIR/gnome)
#
# All matches are returned and each will be able to be used
# ------------------------------------------------------------------------------
getFileLocations() {
local return_global_var=$1
@ -311,6 +370,18 @@ getFileLocations() {
# ------------------------------------------------------------------------------
# Executes any additional optional configuration steps if the configuration
# scripts exist
#
# Will find all scripts with
# Example:
# filename = 04_install_qubes.sh
# suffix = post
#
# Will look for a file name 04_install_qubes_post in:
# the $SCRIPTSDIR; beside original
# the $SCRIPTSDIR/$DIST (wheezy) directory
# any included template module directories ($SCRIPTSDIR/gnome)
#
# All matches are executed
# ------------------------------------------------------------------------------
buildStep() {
local filename="$1"

41
prepare_image
Unescape View File

@ -3,7 +3,7 @@
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
export IMG="$1"
export IMG="${1}"
export LC_ALL=POSIX
RETCODE=0
@ -13,52 +13,55 @@ RETCODE=0
. ./builder_setup >/dev/null
. ./umount_kill.sh >/dev/null
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
if ! [ $# -eq 1 ]; then
echo "usage $0 <img_file_name>"
echo "usage ${0} <img_file_name>"
exit
fi
if [ "$VERBOSE" == "1" ]; then
export YUM_OPTS="$YUM_OPTS -q"
if [ "${VERBOSE}" == "1" ]; then
export YUM_OPTS="${YUM_OPTS} -q"
fi
# ------------------------------------------------------------------------------
# Prepare for mount
# Make sure INSTALLDIR exists
# ------------------------------------------------------------------------------
echo "-> Preparing instalation of $DIST template..."
export INSTALLDIR="$(readlink -m mnt)"
mkdir -p "$INSTALLDIR"
"$SCRIPTSDIR/00_prepare.sh"
mkdir -p "${INSTALLDIR}"
# ------------------------------------------------------------------------------
# Mount image and install core OS
# Prepare for mount
# ------------------------------------------------------------------------------
echo "-> Preparing instalation of ${DIST} template..."
"${SCRIPTSDIR}/00_prepare.sh"
if [ -f "$IMG" ]; then
# ------------------------------------------------------------------------------
# Mount image and install core OS
# ------------------------------------------------------------------------------
if [ -f "${IMG}" ]; then
echo "-> Image file already exists, assuming *update*..."
else
echo "-> Initializing empty image..."
truncate -s 10G "$IMG" || exit 1
truncate -s 10G "${IMG}" || exit 1
echo "-> Creating filesystem..."
mkfs.ext4 -q -F "$IMG" || exit 1
mkfs.ext4 -q -F "${IMG}" || exit 1
fi
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT
"$SCRIPTSDIR/01_install_core.sh"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
"${SCRIPTSDIR}/01_install_core.sh"
# ------------------------------------------------------------------------------
# Install package groups
# ------------------------------------------------------------------------------
echo "-> Installing package groups..."
"$SCRIPTSDIR/02_install_groups.sh"
"${SCRIPTSDIR}/02_install_groups.sh"
# ------------------------------------------------------------------------------
# Cleanup
@ -66,6 +69,6 @@ echo "-> Installing package groups..."
trap - EXIT
echo "-> Unmounting prepared_image..."
umount_kill "$(readlink -m $INSTALLDIR)" || :
umount_kill "$(readlink -m ${INSTALLDIR})" || true
exit $RETCODE
exit ${RETCODE}

10
qubeize_image
Unescape View File

@ -46,7 +46,11 @@ fi
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
umount_kill "$PWD/mnt" || :
errval=$?
trap - ERR
trap
umount_kill "$PWD/mnt" || true
exit $errval
}
trap cleanup ERR
@ -66,7 +70,7 @@ export INSTALLDIR=mnt
# ------------------------------------------------------------------------------
# Run qubeize script
# ------------------------------------------------------------------------------
"$SCRIPTSDIR/04_install_qubes.sh" || { umount "$INSTALLDIR"; exit 1; }
"$SCRIPTSDIR/04_install_qubes.sh"
# ------------------------------------------------------------------------------
# Create App Menus
@ -110,7 +114,7 @@ fi
# Finsh - unmount image
# ------------------------------------------------------------------------------
echo "--> Unmounting $IMG"
cleanup
umount_kill "$PWD/mnt" || true
echo "Qubeized image stored at: $IMG"

101
scripts_debian/00_prepare.sh
Unescape View File

@ -1,45 +1,82 @@
#!/bin/bash -x
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
INSTALLDIR="$(readlink -m mnt)"
umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------
# Make sure ${INSTALLDIR} is not mounted
umount_all "${INSTALLDIR}" || true
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ==============================================================================
buildStep "${0}" "pre"
# ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------
debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
# ==============================================================================
# Use a snapshot of the debootstraped debian image
# ==============================================================================
manage_snapshot() {
local snapshot="${1}"
umount_kill "${INSTALLDIR}" || true
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting ${IMG}"
rm -f "${IMG}"
# Remove old snapshots if groups completed
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
outputc stout "Removing stale snapshots"
umount_kill "${INSTALLDIR}" || true
rm -rf "${debootstrap_snapshot}"
rm -rf "${packages_snapshot}"
return
fi
# Umount image; don't fail if its already umounted
umount_kill "${INSTALLDIR}" || :
outputc stout "Replacing ${IMG} with snapshot ${snapshot}"
umount_kill "${INSTALLDIR}" || true
cp -f "${snapshot}" "${IMG}"
}
# ==============================================================================
# Determine if a snapshot should be used, reuse an existing image or
# delete the existing image to start fresh based on configuration options
#
# SNAPSHOT=1 - Use snapshots; Will remove after successful build
# If debootstrap did not complete, the existing image will be deleted
# ==============================================================================
splitPath "${IMG}" path_parts
packages_snapshot="${path_parts[dir]}${path_parts[base]}-packages${path_parts[dotext]}"
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if [ -f "${IMG}" ]; then
if [ -f "${packages_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
# Use 'packages' snapshot
manage_snapshot "${packages_snapshot}"
elif [ -f "${debootstrap_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
# Use 'debootstrap' snapshot
manage_snapshot "${debootstrap_snapshot}"
else
# Use '$IMG' if debootstrap did not fail
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Assume a failed debootstrap installation if .prepared_debootstrap does not exist
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
debug "Reusing existing image ${IMG}"
else
outputc stout "Removing stale or incomplete ${IMG}"
umount_kill "${INSTALLDIR}" || true
rm -f "${IMG}"
fi
# Umount image; don't fail if its already umounted
umount_kill "${INSTALLDIR}" || true
fi
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"

83
scripts_debian/01_install_core.sh
Unescape View File

@ -1,38 +1,61 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Installing base system using debootstrap'
##### '-------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install base debian system
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/${DEBIANVERSION}-debian-archive-keyring.gpg" \
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
# ==============================================================================
buildStep "${0}" "pre"
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
#### "------------------------------------------------------------------
info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system"
#### "------------------------------------------------------------------
COMPONENTS="" debootstrap \
--arch=amd64 \
--include="ncurses-term locales tasksel" \
--components=main \
--keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \
"${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || {
error "Debootstrap failed!";
exit 1;
}
#### '----------------------------------------------------------------------
info ' Configure keyboard'
#### '----------------------------------------------------------------------
configureKeyboard
#### '----------------------------------------------------------------------
info ' Update locales'
#### '----------------------------------------------------------------------
updateLocale
#### '----------------------------------------------------------------------
info 'Link mtab'
#### '----------------------------------------------------------------------
chroot rm -f /etc/mtab
chroot ln -s /proc/self/mounts /etc/mtab
# TMPDIR is set in vars. /tmp should not be used since it will be cleared
# if building template with LXC contaniners on a reboot
mkdir -p "${INSTALLDIR}/${TMPDIR}"
# Mark section as complete
touch "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap"
# If SNAPSHOT=1, Create a snapshot of the already debootstraped image
createSnapshot "debootstrap"
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"

243
scripts_debian/02_install_groups.sh
Unescape View File

@ -1,201 +1,84 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
##### "=========================================================================
debug " Configuring and Installing packages for ${DIST}"
##### "=========================================================================
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "${INSTALLDIR}" || :
exit 1
fi
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" "prepared_debootstrap installataion has not completed!... Exiting"
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
mount -t tmpfs none "${INSTALLDIR}/run"
# Create system mount points
prepareChroot
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# Make sure there is a resolv.conf with network of this AppVM for building
createResolvConf
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Install groups error and umount"
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "${INSTALLDIR}" || :
exit 1
}
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ==============================================================================
buildStep "${0}" "pre"
# ==============================================================================
# Configure base system and install any adddtional packages which could
# include +TEMPLATE_FLAVOR such as gnome as set in configuration file
# ==============================================================================
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
#### '----------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '----------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# ------------------------------------------------------------------------------
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022)
# ------------------------------------------------------------------------------
echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session"
# ------------------------------------------------------------------------------
# Add debian security repository
# ------------------------------------------------------------------------------
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
#### '----------------------------------------------------------------------
info 'Install standard Debian packages'
#### '----------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.debian_packages" ]; then
packages="$(chroot tasksel --new-install --task-packages standard)"
aptInstall ${packages}
touch "${INSTALLDIR}/${TMPDIR}/.debian_packages"
fi
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
debug "Upgrading system"
chroot "${INSTALLDIR}" apt-get update
true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} dist-upgrade
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
debug "Setting keyboard layout"
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/layoutcode string us
keyboard-configuration keyboard-configuration/variantcode string
keyboard-configuration keyboard-configuration/optionscode string
EOF
# ------------------------------------------------------------------------------
# Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!"
umount_kill "${INSTALLDIR}" || :
exit 1
fi
for package_list in ${packages_list[@]}; do
debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} install < "${package_list}"
done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts after packages are installed
# (Whonix needs dependancies installed before installation)
# ------------------------------------------------------------------------------
#### '----------------------------------------------------------------------
info ' Distribution specific steps (install systemd, add sources, etc)'
#### '----------------------------------------------------------------------
buildStep "$0" "${DIST}"
#### '----------------------------------------------------------------------
info " Installing extra packages in script_${DIST}/packages.list file"
#### '----------------------------------------------------------------------
installPackages
createSnapshot "packages"
touch "${INSTALLDIR}/${TMPDIR}/.prepared_packages"
#### '----------------------------------------------------------------------
info ' Execute any template flavor or sub flavor scripts after packages are installed'
#### '----------------------------------------------------------------------
buildStep "$0" "packages_installed"
# ------------------------------------------------------------------------------
# Install systemd
# ------------------------------------------------------------------------------
# - sysvinit gives problems with qubes initramfs, we depend on systemd
# for now. Apt *really* doesn't want to replace sysvinit in wheezy.
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
fi
# Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation"
chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
#### '----------------------------------------------------------------------
info ' apt-get dist-upgrade'
#### '----------------------------------------------------------------------
aptDistUpgrade
chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} install systemd-sysv
# ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
fi
# ------------------------------------------------------------------------------
# Cleanup
# ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "${INSTALLDIR}/tmp/.prepared_groups"
#### '----------------------------------------------------------------------
info ' Cleanup'
#### '----------------------------------------------------------------------
touch "${INSTALLDIR}/${TMPDIR}/.prepared_groups"
trap - ERR EXIT
trap
# Kill all processes and umount all mounts within ${INSTALLDIR},
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself)
umount_kill "${INSTALLDIR}/" || :
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"
# ==============================================================================
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted)
# ==============================================================================
umount_all "${INSTALLDIR}/" || true

36
scripts_debian/02_install_groups_jessie.sh
Unescape View File

@ -0,0 +1,36 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### "=========================================================================
debug " Installing custom packages and customizing ${DIST}"
##### "=========================================================================
#### '--------------------------------------------------------------------------
info ' Adding contrib, non-free and Debian security to repository.'
#### '--------------------------------------------------------------------------
updateDebianSourceList
aptUpdate
##### '=========================================================================
debug ' Replacing sysvinit with systemd'
##### '=========================================================================
#### '--------------------------------------------------------------------------
info ' Remove sysvinit'
#### '--------------------------------------------------------------------------
aptRemove sysvinit
#### '--------------------------------------------------------------------------
info ' Install Systemd'
#### '--------------------------------------------------------------------------
aptUpdate
aptInstall systemd-sysv
#### '--------------------------------------------------------------------------
info ' Set multu-user.target as the default target (runlevel 3)'
#### '--------------------------------------------------------------------------
chroot rm -f /etc/systemd/system/default.target
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

89
scripts_debian/02_install_groups_wheezy.sh
Unescape View File

@ -0,0 +1,89 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### "=========================================================================
debug " Installing custom packages and customizing ${DIST}"
##### "=========================================================================
#### '--------------------------------------------------------------------------
info ' Adding contrib, non-free and Debian security to repository.'
#### '--------------------------------------------------------------------------
updateDebianSourceList
#### '----------------------------------------------------------------------
info ' Adding wheezy backports repository.'
#### '----------------------------------------------------------------------
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
aptUpdate
##### '=========================================================================
debug ' Replace sysvinit with systemd'
##### '=========================================================================
#### '----------------------------------------------------------------------
info ' Remove sysvinit'
#### '----------------------------------------------------------------------
echo 'Yes, do as I say!' | aptRemove sysvinit
#### '----------------------------------------------------------------------
info ' Preventing sysvinit re-installation'
#### '----------------------------------------------------------------------
chroot apt-mark hold sysvinit
#### '----------------------------------------------------------------------
info ' Pin sysvinit to prevent being re-installed'
#### '----------------------------------------------------------------------
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
#### '----------------------------------------------------------------------
info ' Install Systemd'
#### '----------------------------------------------------------------------
aptUpdate
aptInstall systemd-sysv
#### '----------------------------------------------------------------------
info ' Set multu-user.target as the default target (runlevel 3)'
#### '----------------------------------------------------------------------
chroot rm -f /etc/systemd/system/default.target
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ==============================================================================
# Install backports
#
# NOTE: This needs to be done after systemd has been installed or risk backport
# being un-installed
# ==============================================================================
#### '----------------------------------------------------------------------
info ' Installing init-system-helpers'
#### '----------------------------------------------------------------------
aptUpdate
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
#### '----------------------------------------------------------------------
info ' Installing pulseaudo backport'
#### '----------------------------------------------------------------------
# /usr/lib/pulse-4.0/modules/
# start-pulseaudio-with-vchan
#DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
# chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install pulseaudio \
# libpulse0 \
# pulseaudio-utils \
# libpulse-mainloop-glib0 \
# pulseaudio-module-x11

191
scripts_debian/04_install_qubes.sh
Unescape View File

@ -1,154 +1,61 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
##### '-------------------------------------------------------------------------
debug ' Installing Qubes packages'
##### '-------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting"
exit 1
fi
# If .prepared_debootstrap has not been completed, don't continue
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_groups" "prepared_groups installataion has not completed!... Exiting"
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
mount -t tmpfs none "${INSTALLDIR}/run"
# Create system mount points
prepareChroot
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install Qubes Packages
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules"
# --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# --------------------------------------------------------------------------
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# --------------------------------------------------------------------------
# Generate locales
# --------------------------------------------------------------------------
debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "${INSTALLDIR}" locale-gen
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# --------------------------------------------------------------------------
# Link mtab
# --------------------------------------------------------------------------
rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# --------------------------------------------------------------------------
# Start of Qubes package installation
# --------------------------------------------------------------------------
debug "Installing qubes packages"
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# --------------------------------------------------------------------------
# Install keyrings
# --------------------------------------------------------------------------
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes builder
Expire-Date: 0
%pubring ${CACHEDIR}/repo-pubring.gpg
%secring ${CACHEDIR}/repo-secring.gpg
%commit
EOF
fi
gpg -abs --no-default-keyring \
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"${CUSTOMREPO}/dists/${DIST}/Release"
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# --------------------------------------------------------------------------
# Mount local qubes_repo
# --------------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# --------------------------------------------------------------------------
# Include qubes repo for apt
# --------------------------------------------------------------------------
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo ${DEBIANVERSION} main
EOF
# --------------------------------------------------------------------------
# Update system; exit is not successful
# --------------------------------------------------------------------------
chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Install Qubes packages
# --------------------------------------------------------------------------
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
{ umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Remove Qubes Builder repo from sources.list.d
# --------------------------------------------------------------------------
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
chroot "${INSTALLDIR}" apt-get update || exit 1
# --------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
# --------------------------------------------------------------------------
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
# --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains:
# - font fixes for display issues
# --------------------------------------------------------------------------
copyTree "qubes-files" "${SCRIPTSDIR}" "${INSTALLDIR}"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
# ==============================================================================
buildStep "${0}" "pre"
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" ]; then
#### '----------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '----------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
#### '----------------------------------------------------------------------
info ' Install Qubes packages listed in packages_qubes.list file(s)'
#### '----------------------------------------------------------------------
installQubesRepo
aptUpdate
installPackages packages_qubes.list
uninstallQubesRepo
#### '----------------------------------------------------------------------
info ' Re-update locales'
# Locales get reset during package installation sometimes
#### '----------------------------------------------------------------------
updateLocale
#### '----------------------------------------------------------------------
info ' Cleanup'
#### '----------------------------------------------------------------------
umount_all "${INSTALLDIR}/" || true
touch "${INSTALLDIR}/${TMPDIR}/.prepared_qubes"
trap - ERR EXIT
trap
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"
# ------------------------------------------------------------------------------
# ==============================================================================
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
# ------------------------------------------------------------------------------
umount_kill "${INSTALLDIR}/" || :
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted)
# ==============================================================================
umount_all "${INSTALLDIR}/" || true

38
scripts_debian/09_cleanup.sh
Unescape View File

@ -1,33 +1,27 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
##### '=========================================================================
debug ' Cleaning up...'
##### '=========================================================================
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ==============================================================================
buildStep "${0}" "pre"
# ------------------------------------------------------------------------------
# Cleanup any left over files from installation
# ------------------------------------------------------------------------------
#### '-------------------------------------------------------------------------
info ' Cleaning up any left over files from installation'
#### '-------------------------------------------------------------------------
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
rm -rf "${INSTALLDIR}/${TMPDIR}"
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"

75
scripts_debian/NOTES
Unescape View File

@ -0,0 +1,75 @@
issues
------
Think it makes most sense to run whonix setup right after qubes, then whonix can install qubes-whonix last.
hook into bfore qubes removes its links to repo
installing whonix after qubes-whonix; wq thinks its a template; tries to use proxy. Need to add
a chroot option maybe' touch /var/run/qubes/qubes-service/choot and ignore everything; maybe even
in postinit? -- gotta be sure IP addresses don't get changed
tests
-----
test all the vms listed below plus make sure each works with:
- netvm
- proxyvm
- sound
- notifications
NOTE: Backup EXISTING jessie-gnome; its what I use for web access!
Make a special version name; test with that and copy my root.img to it after test as my future template to keep
wheezy
wheezy+gnome
jessie
jessie+gnome
whonix-gateway
whonix-workstation
# Before building ubuntu again; combine code base again
trusty
trusty+gnome
utopic
utopic+gnome
test qubes-whonix package update... at first just add a local file base repo in appvm
ubuntu fixups
-------------
network manager
application menus
- can I convert the hvm? -- or install real ubuntu from live but automated?
- combine codebase of ubuntu / debian
whonix fixups
-------------
move code to qhonix-qubes that can go there
see if I can get rid of grub yet with new APT-opts command
review all snapshot code; remove remerences to /run; swap with tmp
todo
----
add firfox, etc to installed apps like fedora has - gnome only build; keep minimum debian builds
flashplayer
mirror list
automated test? build, deploy to dom0, install guest + appvm, run some tests in appvm
add in qubes-apps-linux-* during qubes-setup; maybe need to remove thunderbird?
duplicate 01proxy
fix the gui-linux commmit
restore dash -- fix any qubes scripts to use dash or indicated they need bash
fix any qubes scripts that use sysconfig; since we dont
condsider
---------
salt module; maybe can use for tests
merge
-----
merge to debian first
then from debian to master
then from master to ubuntu -- rebase whonix again

385
scripts_debian/distribution.sh
Unescape View File

@ -0,0 +1,385 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source ./functions.sh >/dev/null
source ./umount_kill.sh >/dev/null
setVerboseMode
output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}"
# ==============================================================================
# Cleanup function
# ==============================================================================
function cleanup() {
errval=$?
trap - ERR EXIT
trap
error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}"
umount_all || true
# Return xtrace to original state
[[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x
exit $errval
}
# ==============================================================================
# If .prepared_debootstrap has not been completed, don't continue
# ==============================================================================
function exitOnNoFile() {
file="${1}"
message="${2}"
if ! [ -f "${file}" ]; then
error "${message}"
umount_all || true
exit 1
fi
}
# ==============================================================================
# Umount everthing within INSTALLDIR or $1 but kill all processes within first
# ==============================================================================
function umount_all() {
directory="${1:-"${INSTALLDIR}"}"
# Only remove dirvert policies, etc if base INSTALLDIR mount is being umounted
if [ "${directory}" == "${INSTALLDIR}" -o "${directory}" == "${INSTALLDIR}/" ]; then
if [ -n "$(mountPoints)" ]; then
removeDbusUuid
removeDivertPolicy
fi
fi
umount_kill "${directory}" || true
}
# ==============================================================================
# Create snapshot
# ==============================================================================
function createSnapshot() {
snapshot_name="${1}"
if [ "${SNAPSHOT}" == "1" ]; then
splitPath "${IMG}" path_parts
snapshot_path="${path_parts[dir]}${path_parts[base]}-${snapshot_name}${path_parts[dotext]}"
# create snapshot
info "Creating snapshot of ${IMG} to ${snapshot_path}"
sync
cp -f "${IMG}" "${snapshot_path}"
fi
}
# ==============================================================================
# Create DBUS uuid
# ==============================================================================
function createDbusUuid() {
outputc green "Creating DBUS uuid..."
removeDbusUuid
if [ -e "${INSTALLDIR}/bin/dbus-uuidgen" ]; then
chroot dbus-uuidgen --ensure 1>/dev/null 2>&1
fi
}
# ==============================================================================
# Remove DBUS uuid
# ==============================================================================
function removeDbusUuid() {
if [ -e "${INSTALLDIR}"/var/lib/dbus/machine-id ]; then
outputc red "Removing generated machine uuid..."
rm -f "${INSTALLDIR}/var/lib/dbus/machine-id"
fi
}
# ==============================================================================
# Set up a temporary dpkg-divert policy to prevent apt from starting services
# on package installation
# ==============================================================================
function addDivertPolicy() {
outputc green "Deactivating initctl..."
chroot dpkg-divert --local --rename --add /sbin/initctl || true
# utopic systemd install still broken...
outputc green "Hacking invoke-rc.d to ignore missing init scripts..."
chroot sed -i -e "s/exit 100/exit 0 #exit 100/" /usr/sbin/invoke-rc.d
}
# ==============================================================================
# Remove temporary dpkg-divert policy
# ==============================================================================
function removeDivertPolicy() {
outputc red "Reactivating initctl..."
chroot dpkg-divert --local --rename --remove /sbin/initctl || true
outputc red "Restoring invoke-rc.d..."
chroot sed -i -e "s/exit 0 #exit 100/exit 100/" /usr/sbin/invoke-rc.d
}
# ==============================================================================
# Create system mount points
# ==============================================================================
function prepareChroot() {
# Make sure nothing is mounted within $INSTALLDIR
umount_kill "${INSTALLDIR}/"
mount -t tmpfs none "${INSTALLDIR}/run"
if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then
mount -t proc proc "${INSTALLDIR}/proc"
mount -t sysfs sys "${INSTALLDIR}/sys"
fi
createDbusUuid
addDivertPolicy
}
# ==============================================================================
# apt-get upgrade
# ==============================================================================
function aptUpgrade() {
aptUpdate
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes
}
# ==============================================================================
# apt-get dist-upgrade
# ==============================================================================
function aptDistUpgrade() {
aptUpdate
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes
}
# ==============================================================================
# apt-get update
# ==============================================================================
function aptUpdate() {
debug "Updating system"
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
chroot apt-get update
}
# ==============================================================================
# apt-get remove
# ==============================================================================
function aptRemove() {
files="$@"
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
chroot apt-get ${APT_GET_OPTIONS} remove ${files[@]}
}
# ==============================================================================
# apt-get install
# ==============================================================================
function aptInstall() {
files="$@"
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
chroot apt-get ${APT_GET_OPTIONS} install ${files[@]}
}
# ==============================================================================
# Install extra packages in script_${DIST}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories
# ==============================================================================
function installPackages() {
if [ -n "${1}" ]; then
# Locate packages within sub dirs
if [ ${#@} == "1" ]; then
getFileLocations packages_list "${1}" ""
else
packages_list="$@"
fi
else
getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!"
umount_all || true
exit 1
fi
fi
for package_list in ${packages_list[@]}; do
debug "Installing extra packages from: ${package_list}"
declare -a packages
readarray -t packages < "${package_list}"
info "Packages: "${packages[@]}""
aptInstall "${packages[@]}" || return $?
done
}
# ==============================================================================
# Install Systemd
# ==============================================================================
function installSystemd() {
buildStep "$0" "pre-systemd"
chroot apt-get update
aptInstall systemd
createDbusUuid
# Set multi-user.target as default target
chroot rm -f /etc/systemd/system/default.target
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# XXX: TEMP lets see how stuff work with upstart in control for now
# Boot using systemd
chroot rm -f /sbin/init
chroot ln -sf /lib/systemd/systemd /sbin/init
buildStep "$0" "post-systemd"
}
# ==============================================================================
# ------------------------------------------------------------------------------
# C O N F I G U R A T I O N R E L A T E D
# ------------------------------------------------------------------------------
# ==============================================================================
# ==============================================================================
# Add universe to sources.list
# ==============================================================================
function updateDebianSourceList() {
# Add contrib and non-free component to repository
touch "${INSTALLDIR}/etc/apt/sources.list"
sed -i "s/${DIST} main$/${DIST} main contrib non-free/g" "${INSTALLDIR}/etc/apt/sources.list"
# Add Debian security repositories
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
}
# ==============================================================================
# Add universe to sources.list
# ==============================================================================
function updateQubuntuSourceList() {
sed -i "s/${DIST} main$/${DIST} main universe multiverse restricted/g" "${INSTALLDIR}/etc/apt/sources.list"
source="deb http://archive.canonical.com/ubuntu ${DIST} partner"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://archive.canonical.com/ubuntu ${DIST} partner"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
chroot apt-get update
}
# ==============================================================================
# Make sure there is a resolv.conf with network of this AppVM for building
# ==============================================================================
function createResolvConf() {
rm -f "${INSTALLDIR}/etc/resolv.conf"
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
}
# ==============================================================================
# Ensure umask set in /etc/login.defs is used (022)
# ==============================================================================
function configureUmask() {
echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session"
}
# ==============================================================================
# Configure keyboard
# ==============================================================================
function configureKeyboard() {
debug "Setting keyboard layout"
cat > "${INSTALLDIR}/tmp/keyboard.conf" <<'EOF'
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/layoutcode string us
keyboard-configuration keyboard-configuration/variantcode string
keyboard-configuration keyboard-configuration/optionscode string
EOF
chroot debconf-set-selections /tmp/keyboard.conf
}
# ==============================================================================
# Update locale
# ==============================================================================
function updateLocale() {
debug "Updating locales"
chroot localedef -f UTF-8 -i en_US -c en_US.UTF-8
chroot update-locale LC_ALL=en_US.UTF-8
}
# ==============================================================================
# ------------------------------------------------------------------------------
# Q U B E S S P E C I F I C F U N C T I O N S
# ------------------------------------------------------------------------------
# ==============================================================================
# ==============================================================================
# Install Keyrings
# ==============================================================================
function installKeyrings() {
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes builder
Expire-Date: 0
%pubring ${CACHEDIR}/repo-pubring.gpg
%secring ${CACHEDIR}/repo-secring.gpg
%commit
EOF
fi
if [ ! -e "${CUSTOMREPO}/dists/${DIST}/Release.gpg" ]; then
gpg -abs --no-default-keyring \
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"${CUSTOMREPO}/dists/${DIST}/Release"
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
fi
}
# ==============================================================================
# Install Qubes Repo
# ==============================================================================
installQubesRepo() {
info " Defining Qubes CUSTOMREPO Location: ${PWD}/yum_repo_qubes/${DIST}"
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
info "Mounting local qubes_repo"
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo ${DIST} main
EOF
# XXX: Moved keyring install last in process; not sure if mount was ready
# all the time in its previous place
info ' Installing keyrings' # Relies on $CUSTOMREPO
installKeyrings
}
# ==============================================================================
# Uninstall Qubes Repo
# ==============================================================================
uninstallQubesRepo() {
info ' Removing Quebes build repo from sources.list.d'
# Lets not umount; we do that anyway when 04 exits
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
}

10
scripts_debian/flash/02_install_groups_packages_installed.sh
Unescape View File

@ -0,0 +1,10 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
#### '----------------------------------------------------------------------
info ' Installing flash plugin'
#### '----------------------------------------------------------------------
aptInstall flashplugin-nonfree

13
scripts_debian/gnome/02_install_groups_packages_installed.sh
Unescape View File

@ -0,0 +1,13 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
#### '----------------------------------------------------------------------
info ' Installing Gnome'
#### '----------------------------------------------------------------------
#packages="$(chroot tasksel --new-install --task-packages desktop)"
#packages+=" $(chroot tasksel --new-install --task-packages gnome-desktop)"
packages="$(chroot tasksel --new-install --task-packages gnome-desktop)"
aptInstall ${packages}

2
scripts_debian/gnome/packages_jessie.list
Unescape View File

@ -1,2 +0,0 @@
gnome-desktop-environment
gnome-accessibility-themes

2
scripts_debian/gnome/packages_wheezy.list
Unescape View File

@ -1,2 +0,0 @@
gnome-desktop-environment
gnome-accessibility-themes

26
scripts_debian/packages_jessie.list
Unescape View File

@ -1,10 +1,22 @@
gnome-terminal
locales
ncurses-term
aptitude
tasksel
sudo
locales
dmsetup
psmisc
ncurses-term
xserver-xorg-core
x11-xserver-utils
xinit
acpid
emacs
vim-nox
gnupg
iceweasel
icedove
keepassx
git
gnome-terminal
xterm
libfile-mimeinfo-perl
libglib2.0-bin
ltrace
strace
haveged
firmware-linux

7
scripts_debian/packages_qubes.list
Unescape View File

@ -6,3 +6,10 @@ xsettingsd
gnome-packagekit
chrony
ntpdate
libxvmc1
x11-session-utils
xfonts-100dpi
xfonts-75dpi
xfonts-scalable

26
scripts_debian/packages_wheezy.list
Unescape View File

@ -1,10 +1,22 @@
gnome-terminal
locales
ncurses-term
aptitude
tasksel
sudo
locales
dmsetup
psmisc
ncurses-term
xserver-xorg-core
x11-xserver-utils
xinit
acpid
emacs
vim-nox
gnupg
iceweasel
icedove
keepassx
git
gnome-terminal
xterm
libfile-mimeinfo-perl
libglib2.0-bin
ltrace
strace
haveged
firmware-linux

70
scripts_debian/qubes-files/.facl
Unescape View File

@ -1,70 +0,0 @@
# file: .
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/Xresources
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/xdg/fonts.conf
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/xdg/xsettingsd
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/X11
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/X11/Xsession.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/X11/Xsession.d/25xdg-qubes-settings
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: .facl
# owner: root
# group: root
user::rw-
group::r--
other::r--

34
scripts_debian/vars.sh
Unescape View File

@ -1,18 +1,36 @@
#!/bin/bash
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
source ./functions.sh
# ==============================================================================
# Global variables and functions
# ------------------------------------------------------------------------------
# ==============================================================================
. ./functions.sh
# ------------------------------------------------------------------------------
# Temp directory to place installation files and progress markers
# (Do not use /tmp since if built in a real VM, /tmp will be empty on a reboot)
# ------------------------------------------------------------------------------
TMPDIR="/var/lib/qubes-whonix/install"
# ------------------------------------------------------------------------------
# The codename of the debian version to install.
# jessie = testing, wheezy = stable
# ------------------------------------------------------------------------------
DEBIANVERSION=${DIST}
# Location to grab debian packages
# ------------------------------------------------------------------------------
# Location to grab Debian packages
# ------------------------------------------------------------------------------
DEBIAN_MIRROR=http://ftp.us.debian.org/debian
#DEBIAN_MIRROR=http://http.debian.net/debian
#DEBIAN_MIRROR=http://ftp.ca.debian.org/debian
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes -y"
# TODO: Not yet implemented
DEBIAN_MIRRORS=('http://ftp.us.debian.org/debian',
'http://http.debian.net/debian,
'http://ftp.ca.debian.org/debian,
)
# ------------------------------------------------------------------------------
# apt-get configuration options
# ------------------------------------------------------------------------------
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"

1
scripts_debian/wheezy+whonix-gateway/00_prepare_pre.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/00_prepare_pre.sh

1
scripts_debian/wheezy+whonix-gateway/01_install_core_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/01_install_core_post.sh

1
scripts_debian/wheezy+whonix-gateway/02_install_groups_packages_installed.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/02_install_groups_packages_installed.sh

246
scripts_debian/wheezy+whonix-gateway/02_install_groups_wheezy.sh
Unescape View File

@ -0,0 +1,246 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Installing and building Whonix'
##### '-------------------------------------------------------------------------
#### '--------------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '--------------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ]; then
#### '----------------------------------------------------------------------
info ' Installing extra packages in packages_whonix.list file'
#### '----------------------------------------------------------------------
installPackages packages_whonix.list
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups"
fi
# ------------------------------------------------------------------------------
# chroot Whonix build script
# ------------------------------------------------------------------------------
read -r -d '' WHONIX_BUILD_SCRIPT <<'EOF' || true
################################################################################
# Pre Fixups
sudo mkdir -p /boot/grub2
sudo touch /boot/grub2/grub.cfg
sudo mkdir -p /boot/grub
sudo touch /boot/grub/grub.cfg
sudo mkdir --parents --mode=g+rw "/tmp/uwt"
# Whonix seems to re-install sysvinit even though there is a hold
# on the package. Things seem to work anyway. BUT hopfully the
# hold on grub* don't get removed
sudo apt-mark hold sysvinit
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
# Whonix expects haveged to be started
sudo /etc/init.d/haveged start
################################################################################
# Whonix installation
export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1"
pushd ~/Whonix
sudo ~/Whonix/whonix_build \
--build $1 \
--64bit-linux \
--current-sources \
--enable-whonix-apt-repository \
--whonix-apt-repository-distribution $2 \
--install-to-root \
--skip-verifiable \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd
EOF
##### '-------------------------------------------------------------------------
debug ' Preparing Whonix for installation'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ]; then
info "Preparing Whonix system"
#### '----------------------------------------------------------------------
info ' Initializing Whonix submodules'
#### '----------------------------------------------------------------------
pushd "${WHONIX_DIR}"
{
git add Makefile || true
git commit Makefile -m 'Added Makefile' || true
su $(logname) -c "git submodule update --init --recursive";
}
popd
#### '----------------------------------------------------------------------
info ' Faking grub installation since Whonix has depends on grub-pc'
#### '----------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/boot/grub"
cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub"
rm -f "${INSTALLDIR}/usr/sbin/update-grub"
chroot ln -s /bin/true /usr/sbin/update-grub
#### '----------------------------------------------------------------------
info ' Adding a user account for Whonix to build with'
#### '----------------------------------------------------------------------
chroot id -u 'user' >/dev/null 2>&1 || \
{
# UID needs match host user to have access to Whonix sources
chroot groupadd -f user
[ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID"
chroot useradd -g user $USER_OPTS -G sudo,audio -m -s /bin/bash user
if [ `chroot id -u user` != 1000 ]; then
chroot useradd -g user -u 1000 -M -s /bin/bash user-placeholder
fi
}
#### '----------------------------------------------------------------------
info ' Installing Whonix build scripts'
#### '----------------------------------------------------------------------
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh"
#### '----------------------------------------------------------------------
info ' Removing apt-listchanges if it exists,so no prompts appear'
#### '----------------------------------------------------------------------
# Whonix does not handle this properly, but aptInstall packages will
aptRemove apt-listchanges || true
#### '----------------------------------------------------------------------
info ' Copying additional files required for build'
#### '----------------------------------------------------------------------
copyTree "files"
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared"
fi
##### '-------------------------------------------------------------------------
debug ' Installing Whonix code base'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ]; then
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
chroot su user -c 'mkdir /home/user/Whonix'
fi
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
# Whonix needs /dev/pts mounted during build
mount --bind /dev "${INSTALLDIR}/dev"
mount --bind /dev/pts "${INSTALLDIR}/dev/pts"
chroot su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/${TMPDIR}/.whonix_installed"
fi
##### '-------------------------------------------------------------------------
debug ' Whonix Post Installation Configurations'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_post" ]; then
#### '----------------------------------------------------------------------
info ' Restoring original network interfaces'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
#### '----------------------------------------------------------------------
info ' Temporarily retore original resolv.conf for remainder of install process'
info ' (Will be restored back in wheezy+whonix/04_qubes_install_post.sh)'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
#### '----------------------------------------------------------------------
info ' Temporarily retore original hosts for remainder of install process'
info ' (Will be restored on initial boot)'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc"
{
rm -f hosts;
cp -p hosts.anondist-orig hosts;
}
popd
#### '----------------------------------------------------------------------
info ' Restore default user UID set to so same in all builds regardless of build host'
#### '----------------------------------------------------------------------
if [ -n "`chroot id -u user-placeholder`" ]; then
chroot userdel user-placeholder
chroot usermod -u 1000 user
fi
#### '----------------------------------------------------------------------
info ' Enable some aliases in .bashrc'
#### '----------------------------------------------------------------------
sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc"
#### '----------------------------------------------------------------------
info ' Remove apt-cacher-ng'
#### '----------------------------------------------------------------------
chroot service apt-cacher-ng stop || :
chroot update-rc.d apt-cacher-ng disable || :
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
#### '----------------------------------------------------------------------
info ' Remove original sources.list (Whonix copied them to .../debian.list)'
#### '----------------------------------------------------------------------
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get.anondist-orig update
touch "${INSTALLDIR}/${TMPDIR}/.whonix_post"
fi
##### '-------------------------------------------------------------------------
debug ' Temporarily retore original apt-get for remainder of install process'
##### '-------------------------------------------------------------------------
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist-orig apt-get;
}
popd
#### '----------------------------------------------------------------------
info ' Cleanup'
#### '----------------------------------------------------------------------
trap - ERR EXIT
trap

1
scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/04_install_qubes_post.sh

40
scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh
Unescape View File

@ -0,0 +1,40 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Installing qubes-whonix package(s)'
##### '-------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" "prepared_qubes installataion has not completed!... Exiting"
# Create system mount points.
prepareChroot
#### '--------------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '--------------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
#### '--------------------------------------------------------------------------
info ' Installing qubes-whonix and other required packages'
#### '--------------------------------------------------------------------------
# whonix-setup-wizard expects '/usr/local/share/applications' directory to exist
chroot mkdir -p '/usr/local/share/applications' # whonix-setup-wizard needs this
installQubesRepo
aptInstall python-guimessages whonix-setup-wizard qubes-whonix
uninstallQubesRepo
#### '--------------------------------------------------------------------------
info ' Cleanup'
#### '--------------------------------------------------------------------------
umount_all "${INSTALLDIR}/" || true
trap - ERR EXIT
trap

1
scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/09_cleanup_post.sh

40
scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh
Unescape View File

@ -0,0 +1,40 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Whonix post installation cleanup'
##### '-------------------------------------------------------------------------
#### '--------------------------------------------------------------------------
info ' Restoring Whonix apt-get'
#### '--------------------------------------------------------------------------
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist apt-get;
}
popd
#### '--------------------------------------------------------------------------
info ' Restoring Whonix resolv.conf'
#### '--------------------------------------------------------------------------
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.anondist resolv.conf;
}
popd
#### '--------------------------------------------------------------------------
info ' Removing files created during installation that are no longer required'
#### '--------------------------------------------------------------------------
rm -rf "${INSTALLDIR}/home.orig/user/Whonix"
rm -rf "${INSTALLDIR}/home.orig/user/whonix_binary"
rm -f "${INSTALLDIR}/home.orig/user/whonix_fix"
rm -f "${INSTALLDIR}/home.orig/user/whonix_build.sh"
rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build"
rm -f "${TMPDIR}/etc/sudoers.d/whonix-build"

28
scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh
Unescape View File

@ -1,28 +0,0 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

233
scripts_debian/wheezy+whonix-gateway/files/.facl
Unescape View File

@ -1,108 +1,3 @@
# file: .
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd/system
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd/system/qubes-whonix-firewall.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: lib/systemd/system/qubes-whonix-network.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: lib/systemd/system/qubes-whonix-init.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/hosts
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/uwt.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/uwt.d/50_uwt_default
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/xdg
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart/qubes-whonixsetup.desktop
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/apt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/hostname
# owner: root
# group: root
@ -114,7 +9,7 @@ other::r--
# owner: root
# group: root
user::rwx
group::r-x
group::--x
other::---
# file: etc/sudoers.d/whonix-build
@ -124,129 +19,3 @@ user::r--
group::r--
other::---
# file: .facl
# owner: user
# group: user
user::rw-
group::r--
other::r--
# file: usr
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/utility_functions
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/bind-dirs.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/qubes-whonix-bind.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/init/replace-ips
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/init.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/whonixcheck.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/init/network-proxy-setup.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/qubes-whonix-tor.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/messages.yaml
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/alert
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/qubes-whonixsetup
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/enable-iptables-logging.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

7
scripts_debian/wheezy+whonix-gateway/files/etc/hosts
Unescape View File

@ -1,7 +0,0 @@
## Anonymity Distribution /etc/hosts
## Anonymity Distribution specific
127.0.0.1 host.localdomain host
## End of Anonymity Distribution specific
## End of Anonymity Distribution /etc/hosts

6
scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default
Unescape View File

@ -1,6 +0,0 @@
. /usr/lib/whonix/utility_functions
if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then
uwtwrapper["/usr/bin/apt-get"]="0"
fi

8
scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop
Unescape View File

@ -1,8 +0,0 @@
## This file is part of Whonix.
## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
[Desktop Entry]
Type=Application
Terminal=false
Exec=/usr/lib/whonix/qubes-whonixsetup

12
scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service
Unescape View File

@ -1,12 +0,0 @@
[Unit]
Description=Qubes Whonix firewall updater
After=qubes-whonix-network.service
Before=network.target
[Service]
ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Alias=qubes-firewall.service

13
scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service
Unescape View File

@ -1,13 +0,0 @@
[Unit]
Description=Qubes Whonix initialization script
After=qubes-whonix-network.service
Before=qubes-whonix-firewall.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/whonix/init/init.sh
StandardOutput=syslog
[Install]
WantedBy=multi-user.target

15
scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service
Unescape View File

@ -1,15 +0,0 @@
[Unit]
Description=Qubes Whonix network proxy setup
ConditionPathExists=/var/run/qubes-service/qubes-network
Before=network.target
After=iptables.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh
StandardOutput=syslog
[Install]
WantedBy=multi-user.target
Alias=qubes-network.service

90
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert
Unescape View File

@ -1,90 +0,0 @@
#!/usr/bin/python
#
# Copyright 2014 Jason Mehring (nrgaway@gmail.com)
#
from PyQt4 import QtGui
import locale
import yaml
DEFAULT_LANG = 'en'
class Messages():
filename = None
data = None
language = DEFAULT_LANG
title = None
icon = None
message = None
def __init__(self, section, filename):
self.filename = filename
language = locale.getdefaultlocale()[0].split('_')[0]
if language:
self.language = language
try:
stream = file(filename, 'r')
data = yaml.load(stream)
if section in data.keys():
section = data[section]
self.icon = section.get('icon', None)
language = section.get(self.language, DEFAULT_LANG)
self.title = language.get('title', None)
self.message = language.get('message', None)
except (IOError):
pass
except (yaml.scanner.ScannerError, yaml.parser.ParserError):
pass
class WhonixMessageBox(QtGui.QMessageBox):
def __init__(self, message):
super(WhonixMessageBox, self).__init__()
self.message = message
self.initUI()
def initUI(self):
message = self.message
if message.title:
self.setWindowTitle(message.title)
if message.icon:
self.setIcon(getattr(QtGui.QMessageBox, message.icon))
if message.message:
self.setText(message.message)
self.exec_()
import argparse
import sys
def main():
parser = argparse.ArgumentParser(description='Display a QT Message Box')
parser.add_argument('section', help="Message section")
parser.add_argument('filename', help="File including full path")
args = parser.parse_args()
if not args.filename and args.section:
print parser.usage()
sys.exit(1)
app = QtGui.QApplication(sys.argv)
message = Messages(args.section, args.filename)
dialog = WhonixMessageBox(message)
sys.exit()
if __name__ == "__main__":
main()

58
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh
Unescape View File

@ -1,58 +0,0 @@
#!/bin/bash
#
# To umount all binds, just pass any arg in $1
#
. /usr/lib/whonix/utility_functions
# Don't run if started as a template
if ! [ "${WHONIX}" == "template" ]; then
# Array of directories to bind
BINDS=(
'/rw/srv/whonix/root/.whonix:/root/.whonix'
'/rw/srv/whonix/root/.whonix.d:/root/.whonix.d'
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
'/rw/srv/whonix/etc/tor:/etc/tor'
)
for bind in ${BINDS[@]}; do
rw_dir="${bind%%:*}"
ro_dir="${bind##*:}"
# Make sure ro directory is not mounted
umount "${ro_dir}" 2> /dev/null || true
if [ -n "${1}" ]; then
echo "Umounting only..."
exit 0
fi
# Make sure ro directory exists
if ! [ -d "${ro_dir}" ]; then
mkdir -p "${ro_dir}"
fi
# Initially copy over data directories to /rw if rw directory does not exist
if ! [ -d "${rw_dir}" ]; then
mkdir -p "${rw_dir}"
rsync -hax "${ro_dir}/." "${rw_dir}"
fi
# Bind the directory
sync
mount --bind "${rw_dir}" "${ro_dir}"
done
sync
fi
if [ "${WHONIX}" == "gateway" ]; then
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
sudo rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
exit 0

30
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# Check /var/log/kern.log for logging results
LOG_IP4=1
LOG_IP6=0
# for IPv4
if [ "$LOG_IP4" == "1" ]; then
iptables -t raw -A OUTPUT -p icmp -j TRACE
iptables -t raw -A PREROUTING -p icmp -j TRACE
modprobe ipt_LOG
fi
# for IPv6
if [ "$LOG_IP6" == "1" ]; then
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE
modprobe ip6t_LOG
fi
# Redirect local port to remote via socat
#apt-get install socat
#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082
#
# Works
# localhost/loopback maps localhost port 8082 to localhost port 8888
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888

30
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
. /usr/lib/whonix/utility_functions
if [ "${WHONIX}" != "template" ]; then
# Files that will have the immutable bit set
# since we don't want them modified by other programs
IMMUTABLE_FILES=(
'/etc/resolv.conf'
'/etc/hostname'
'/etc/hosts'
)
# Make sure all .anondist files in list are immutable
immutableFilesEnable "${IMMUTABLE_FILES}"
immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"
# Make sure we are using a copy of the annondist file and if not
# copy the annondist file and set it immutable
copyAnondist "/etc/resolv.conf"
copyAnondist "/etc/hosts"
copyAnondist "/etc/hostname"
# Replace IP addresses in known configuration files / scripts to
# currently discovered one
/usr/lib/whonix/init/replace-ips
# Make sure hostname is correct
/bin/hostname host
fi

57
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh
Unescape View File

@ -1,57 +0,0 @@
#!/bin/bash
. /usr/lib/whonix/utility_functions
INTERFACE="eth1"
if [ "${WHONIX}" == "gateway" ]; then
if [ -x /usr/sbin/xenstore-read ]; then
XENSTORE_READ="/usr/sbin/xenstore-read"
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
# Setup Xen / Qubes proxy
network=$(xenstore-read qubes-netvm-network 2>/dev/null)
if [ "x$network" != "x" ]; then
gateway=$(xenstore-read qubes-netvm-gateway)
netmask=$(xenstore-read qubes-netvm-netmask)
secondary_dns=$(xenstore-read qubes-netvm-secondary-dns)
modprobe netbk 2> /dev/null || modprobe xen-netback
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
#/usr/lib/qubes/qubes-setup-dnat-to-ns
echo "0" > /proc/sys/net/ipv4/ip_forward
/sbin/ethtool -K eth0 sg off || :
fi
# Now, assign it the netvm-gateway IP address
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
if [ x${ip} != x ]; then
# Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment
/sbin/ip link add ${INTERFACE} type dummy
netmask=$(${XENSTORE_READ} qubes-netvm-netmask)
gateway=$(${XENSTORE_READ} qubes-netvm-gateway)
/sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255
/sbin/ifconfig ${INTERFACE} up
/sbin/ethtool -K ${INTERFACE} sg off || true
/sbin/ethtool -K ${INTERFACE} tx off || true
ip link set ${INTERFACE} up
fi
echo "0" > /proc/sys/net/ipv4/ip_forward
# Allow whonix-gateway to act as an update-proxy
touch /var/run/qubes-service/qubes-updates-proxy
# Search and replace tinyproxy error files so we can inject code that
# we can use to identify that its a tor proxy so updates are secure
error_file="/usr/share/tinyproxy/default.html"
grep -q "${PROXY_META}" "${error_file}" || {
sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
}
fi

49
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh
Unescape View File

@ -1,49 +0,0 @@
#!/bin/bash
. /usr/lib/whonix/utility_functions
if [ -x /usr/sbin/xenstore-read ]; then
XENSTORE_READ="/usr/sbin/xenstore-read"
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
# Make sure IP forwarding is disabled
echo "0" > /proc/sys/net/ipv4/ip_forward
if [ "${WHONIX}" != "template" ]; then
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Start Whonix Firewall
if [ "${WHONIX}" == "gateway" ]; then
export INT_IF="vif+"
export INT_TIF="vif+"
# Inject custom firewall rules into whonix_firewall
sed -i -f - /usr/bin/whonix_firewall <<-EOF
/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\
## IPv4 DROP INVALID INCOMING PACKAGES \\
## \\
## --- THE FOLLOWING WS INJECTED --- \\
## Qubes Tiny Proxy Updater \\
iptables -t nat -N PR-QBS-SERVICES \\
iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\
iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\
iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\
iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\
iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\
\\
# Route any traffic FROM netvm TO netvm BACK-TO localhost \\
# Allows localhost access to tor network \\
#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\
######################################
EOF
fi
# Load the firewall
# XXX: TODO: Take down all network accesss if firewall fails
/usr/bin/whonix_firewall
systemctl restart qubes-updates-proxy.service
fi

16
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service
Unescape View File

@ -1,16 +0,0 @@
[Unit]
Description = Anonymizing overlay network for TCP
After = syslog.target network.target nss-lookup.target
[Service]
Type = simple
ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --quiet
ExecReload = /bin/kill -HUP ${MAINPID}
ExecStop = /bin/kill -INT ${MAINPID}
TimeoutSec = 60
Restart = on-failure
LimitNOFILE = 32768
[Install]
WantedBy = multi-user.target
Alias=tor.service

118
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips
Unescape View File

@ -1,118 +0,0 @@
#!/bin/bash
. /usr/lib/whonix/utility_functions
# Search though files and updates IP address to the current
# IP address(es)
FILES=(
'/usr/lib/leaktest-workstation/simple_ping.py'
'/usr/lib/whonixcheck/preparation'
'/usr/share/anon-kde-streamiso/share/config/kioslaverc'
'/usr/bin/whonix_firewall'
'/etc/whonix_firewall.d/30_default'
'/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh'
'/usr/bin/uwt'
'/etc/uwt.d/30_uwt_default'
'/usr/share/tor/tor-service-defaults-torrc.anondist'
'/usr/bin/update-torbrowser'
'/etc/network/interfaces.whonix'
'/etc/resolv.conf.anondist'
'/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin'
'/etc/rinetd.conf.anondist'
'/etc/network/interfaces.whonix'
'/usr/share/anon-torchat/.torchat/torchat.ini'
)
# sed search and replace. return 0 if replace happened, otherwise 1
search_replace() {
local search="${1}"
local replace="${2}"
local file="${3}"
local retval=1
if ! [ -L "${file}" ]; then
ls_attrs="$(lsattr "${file}")"
ls_attrs=${ls_attrs:4:1}
if [ "${ls_attrs}" == "i" ]; then
chattr -i "${file}"
fi
fi
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
retval=$?
if [ "${ls_attrs}" = "i" ]; then
chattr +i "${file}"
fi
return $retval
}
function replace_ips()
{
local search_ip="${1}"
local replace_ip="${2}"
local files=("${!3}")
local retval=1
# If IP is 10.152.152.10, network is 10.152.152.0
search_network="${search_ip%[.]*}.0"
replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" = "${replace_ip}" ]; then
for file in "${files[@]}"; do
if [ -f "$file" ]; then
search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0
search_replace "${search_network}" "${replace_network}" "${file}" && retval=0
fi
done
fi
return $retval
}
update_ip() {
ip=${1}
echo "${ip}" > /etc/whonix-netvm-gateway
grep '^DisableNetwork 0$' /etc/tor/torrc && {
service tor status && {
service tor reload || true;
}
}
}
if [ "${WHONIX}" == "gateway" ]; then
ip="$(xenstore-read qubes-netvm-gateway)"
if [ x${ip} != x ]; then
# Compare to current IP address assiged by Qubes
replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}"
# Do again; checking for original 10.152.152.10 incase of update
replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}"
# Do again; checking for original 10.152.152.11 incase of update
replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}"
fi
elif [ "${WHONIX}" == "workstation" ]; then
ip="$(xenstore-read qubes-ip)"
gateway="$(xenstore-read qubes-gateway)"
if [ x${ip} != x ]; then
# Compare to current IP address assiged by Qubes
replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip
# Do again; checking for original 10.152.152.11 incase of update
replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip
fi
if [ x${gateway} != x ]; then
# Compare to current gateway IP address assiged by Qubes
replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway
# Do again; checking for original 10.152.152.10 incase of update
replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway
fi
fi

18
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service
Unescape View File

@ -1,18 +0,0 @@
[Unit]
Description=Checks many important aspects of Whonix.
After=syslog.target network.target
[Service]
Type=forking
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/run/whonixcheck
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonixcheck
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonix/whonixblog
ExecStart=/usr/lib/whonixcheckdaemon
PIDFile=/var/run/whonixcheck.pid
User=user
Group=user
UMask=0007
StandardOutput=syslog
[Install]
WantedBy=multi-user.target

9
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml
Unescape View File

@ -1,9 +0,0 @@
update:
icon: Critical
en:
title: Tor netvm required for updates
message: |
<p><B>Tor netvm required for updates!</B></p>
<p>Please ensure your template vm has a Whonix gateway as it's VM.</p>
<p>No updates are possible without an active (running) Whonix gateway VM.</p>

41
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup
Unescape View File

@ -1,41 +0,0 @@
#!/bin/bash
. /usr/lib/whonix/utility_functions
if ! [ "${WHONIX}" == "template" ]; then
sudo /usr/lib/whonix/bind-dirs.sh
fi
if [ "${WHONIX}" == "gateway" ]; then
if grep "^DisableNetwork 0$" /etc/tor/torrc ;then
sudo service sdwdate restart
sudo service tor restart
else
sudo service sdwdate restart
sudo service tor stop
sudo /usr/bin/whonixsetup
fi
elif [ "${WHONIX}" == "workstation" ]; then
sudo service sdwdate restart
if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then
sudo /usr/bin/whonixsetup
fi
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
# Set secure defaults.
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
sudo iptables -P OUTPUT DROP
# Flush old rules.
sudo iptables -F
sudo iptables -X
sudo iptables -t nat -F
sudo iptables -t nat -X
sudo iptables -t mangle -F
sudo iptables -t mangle -X
# Display warning that netvm is not connected to a torvm
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml
fi

94
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions
Unescape View File

@ -1,94 +0,0 @@
#!/bin/bash
# /etc/uwt.d/50_uwt_default relies on this in order to allow connection
# to proxy for template
PROXY_SERVER="http://10.137.255.254:8082/"
PROXY_META='<meta name=\"application-name\" content=\"tor proxy\"\/>'
if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then
WHONIX="template"
elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then
WHONIX="gateway"
elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then
WHONIX="workstation"
else
WHONIX="unknown"
fi
if [ "${WHONIX}" == "template" ]; then
curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && {
PROXY_SECURE=1
} || {
PROXY_SECURE=0
}
fi
immutableFilesEnable() {
files="${1}"
suffix="${2}"
for file in "${files[@]}"; do
if [ -f "${file}" ] && ! [ -L "${file}" ]; then
sudo chattr +i "${file}${suffix}"
fi
done
}
immutableFilesDisable() {
files="${1}"
suffix="${2}"
for file in "${files[@]}"; do
if [ -f "${file}" ] && ! [ -L "${file}" ]; then
sudo chattr -i "${file}${suffix}"
fi
done
}
copyAnondist() {
file="${1}"
suffix="${2-.anondist}"
# Remove any softlinks first
if [ -L "${file}" ]; then
sudo rm -f "${file}"
fi
if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then
sudo chattr -i "${file}"
sudo rm -f "${file}"
sudo cp -p "${file}${suffix}" "${file}"
sudo chattr +i "${file}"
elif ! [ -f "${file}" ]; then
sudo cp -p "${file}${suffix}" "${file}"
sudo chattr +i "${file}"
fi
}
# Will only enable / disable if service is not already in that state
enable_sysv() {
servicename=${1}
disable=${2-0}
# Check to see if the service is already enabled and if not, enable it
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then
case ${disable} in
0)
echo "${1} is currently disabled; enabling it"
sudo systemctl --quiet enable ${servicename}
;;
1)
echo "${1} is currently enabled; disabling it"
sudo service ${servicename} stop
sudo systemctl --quiet disable ${servicename}
;;
esac
fi
}
disable_sysv() {
enable_sysv ${1} 1
}

1
scripts_debian/wheezy+whonix-gateway/packages_wheezy.list
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/packages_wheezy.list

10
scripts_debian/wheezy+whonix/packages_wheezy.list → scripts_debian/wheezy+whonix-gateway/packages_whonix.list
Unescape View File

@ -1,7 +1,8 @@
git
curl
sudo
locales
haveged
curl
console-data
console-common
initramfs-tools
@ -12,17 +13,14 @@ less
lsof
most
pciutils
strace
sysfsutils
usbutils
lsb-release
acpi-support-base
haveged
build-essential:native
gcc
fakeroot
lintian
rsync
grub-pc

1
scripts_debian/wheezy+whonix-workstation
Unescape View File

@ -0,0 +1 @@
wheezy+whonix-gateway

1
scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/00_prepare_pre.sh

1
scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/01_install_core_post.sh

1
scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/02_install_groups_packages_installed.sh

1
scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/04_install_qubes_post.sh

1
scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh
Unescape View File

@ -1 +0,0 @@
../wheezy+whonix/09_cleanup_post.sh

30
scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh
Unescape View File

@ -1,30 +0,0 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

224
scripts_debian/wheezy+whonix-workstation/files/.facl
Unescape View File

@ -1,224 +0,0 @@
# file: .
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd/system
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: lib/systemd/system/qubes-whonix-firewall.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: lib/systemd/system/qubes-whonix-network.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: lib/systemd/system/qubes-whonix-init.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/hosts
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/uwt.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/uwt.d/50_uwt_default
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/xdg
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart/qubes-whonixsetup.desktop
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/hostname
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/sudoers.d
# owner: root
# group: root
user::rwx
group::r-x
other::---
# file: etc/sudoers.d/whonix-build
# owner: root
# group: root
user::r--
group::r--
other::---
# file: .facl
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/utility_functions
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/bind-dirs.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/replace-ips
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/init.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init/network-proxy-setup.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/messages.yaml
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/alert
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/qubes-whonixsetup
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/enable-iptables-logging.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x

1
scripts_debian/wheezy+whonix-workstation/files/etc/hostname
Unescape View File

@ -1 +0,0 @@
host

7
scripts_debian/wheezy+whonix-workstation/files/etc/hosts
Unescape View File

@ -1,7 +0,0 @@
## Anonymity Distribution /etc/hosts
## Anonymity Distribution specific
127.0.0.1 host.localdomain host
## End of Anonymity Distribution specific
## End of Anonymity Distribution /etc/hosts

1
scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build
Unescape View File

@ -1 +0,0 @@
user ALL=(ALL) NOPASSWD: ALL

Some files were not shown because too many files have changed in this diff Show More

Write Preview
Loading…
Cancel
Save