-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQIcBAABAgAGBQJU4oOBAAoJEBu5sftaTG2tMMsP/21u8/oyKtCAhC7D5YTcK+E6
 bYMjM8aFtptJUdCy1EjEUjv5FMGcC9CMoe/sXzMkxQHsegkzPS9PsOK2aELytyxI
 x/GyQwEjI8wyzigQtsBXGzGkIePUqJtngmh67KFsVYINlXf1wx21AguSR/ZsHwCf
 hNBxNciZhUCwPfZt1Luk10jRdmSkKlcx77U52Z5ZMU4qOZGY5WVmvUttdKAR3JfG
 EcZG8JDa2sPV+8ryAqK7MCMzVqE+zkb6zYf6JwJSaR1OGvr91hbL8T3rSer6eXu+
 lu39eLSz1ITm91jeDirgTgPUMfplLOt+Y3luDpY2Uth+7rDSN6V7XLcuLJJzbRIC
 t8t84i2e+wL9iTWLxyo8v2lDS+PIKfhYbxHHvaoo/k9o6qvqqsy9VgYgA/toKfdg
 Fv+i4jwmqTXE+8+qxjT74boYP8FWpqKSpWWr/Aou5wBzG1bdKSxmqyMAYSCTsWmB
 wOHomBtQFpl5G3SCV/3FZHOroxwNlKgfzSalwxNpWN6nRTO1shBNOM+er6PBvIPT
 coJdpdQSR5aREg2IzrwoHH/1xE1KPJV2QbelMJg0p2Ca+9v2Ge5wLODotwRFYRDN
 j3nFnNr6kn5Rw9/wrCnZh61t4syKctQ6Kpg2/14AuogI2ut5IpSpNvlaA47df7Vi
 BuBRHBx+969YN1bYSP21
 =wO05
 -----END PGP SIGNATURE-----

Merge tag 'jm_62073901'

Tag for commit 620739019a

# gpg: Signature made Tue Feb 17 00:55:45 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007  8F27 1BB9 B1FB 5A4C 6DAD
pull/1/head
Marek Marczykowski-Górecki 10 years ago
commit 1980e023bb

2
.gitignore vendored

@ -7,3 +7,5 @@ mnt_*
*.fs
*.img
install-templates.sh
yum_repo_qubes/*
scripts_fedora/base_rpms_fc21/*

@ -19,6 +19,9 @@ endif
fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames)
TEMPLATE_NAME := $(word 1,$(fix_up))
export DISTRIBUTION
export TEMPLATE_NAME
VERSION := $(shell cat version)
TIMESTAMP := $(shell date -u +%Y%m%d%H%M)

@ -0,0 +1,3 @@
gnome-terminal.desktop
nautilus.desktop
firefox.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-prefs.desktop
system-config-date.desktop
system-config-printer.desktop

@ -1,3 +1,5 @@
gnome-terminal.desktop
nautilus.desktop
org.gnome.Nautilus.desktop
iceweasel.desktop
icedove.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -0,0 +1,5 @@
gnome-terminal.desktop
firefox.desktop
thunderbird.desktop
nautilus.desktop
yelp.desktop

@ -0,0 +1,6 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop

@ -1,3 +1,5 @@
gnome-terminal.desktop
iceweasel.desktop
icedove.desktop
nautilus.desktop
yelp.desktop

@ -1,21 +1,16 @@
gnome-terminal.desktop
nautilus.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

@ -2,20 +2,9 @@ gnome-terminal.desktop
nautilus.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

@ -8,4 +8,9 @@ gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
kwrite.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
whonix_repository.desktop

@ -1,12 +1,8 @@
gnome-terminal.desktop
nautilus.desktop
yelp.desktop
anondist-torbrowser.desktop
anondist-torbrowser_update.desktop
gateway-firsttimesetup.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
@ -16,12 +12,3 @@ whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
dolphin.desktop
Help.desktop
kcalc.desktop
kgpg.desktop
kwrite.desktop

@ -4,93 +4,9 @@ gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
anondist-torbrowser.desktop
gnome-panel.desktop
gnome-printers-panel.desktop
gnome-system-log.desktop
tracker-preferences.desktop
anondist-torbrowser_update.desktop
bluetooth-sendto.desktop
bluetooth-wizard.desktop
brasero.desktop
brasero-nautilus.desktop
display.im6.desktop
fpm2.desktop
gateway-firsttimesetup.desktop
gcr-prompter.desktop
gcr-viewer.desktop
gnome-terminal.desktop
gpk-application.desktop
gpk-dbus-service.desktop
gpk-install-catalog.desktop
gpk-install-local-file.desktop
gpk-log.desktop
gpk-prefs.desktop
gpk-service-pack.desktop
gpk-update-viewer.desktop
iceweasel.desktop
kde4
mat.desktop
mimeinfo.cache
nact.desktop
nautilus-autorun-software.desktop
nautilus.desktop
nm-applet.desktop
nm-connection-editor.desktop
python2.7.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
yelp.desktop
akonaditray.desktop
-rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop
dolphin.desktop
gwenview.desktop
Help.desktop
jovieapp.desktop
kcalc.desktop
kdepasswd.desktop
kdesystemsettings.desktop
keditbookmarks.desktop
kfind.desktop
kfontview.desktop
kgpg.desktop
klipper.desktop
kmag.desktop
kmailservice.desktop
kmix.desktop
kmousetool.desktop
kmouth.desktop
konsole.desktop
krandrtray.desktop
ksysguard.desktop
ksystemlog.desktop
-rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop
kvkbd.desktop
kwrite.desktop
nepomukbackup.desktop
nepomukcontroller.desktop
okularApplication_comicbook.desktop
okularApplication_dvi.desktop
okularApplication_fax.desktop
okularApplication_fb.desktop
okularApplication_ghostview.desktop
okularApplication_kimgio.desktop
okularApplication_ooo.desktop
okularApplication_pdf.desktop
okularApplication_plucker.desktop
okularApplication_xps.desktop
okular.desktop
systemsettings.desktop

@ -0,0 +1,22 @@
gnome-terminal.desktop
nautilus.desktop
gcalctool.desktop
evolution.desktop
libreoffice-startcenter.desktop
gimp.desktop
eog.desktop
totem.desktop
shotwell.desktop
rhythmbox.desktop
anondist-torbrowser.desktop
timesync.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
yelp.desktop

@ -0,0 +1,14 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gnome-panel.desktop
gnome-printers-panel.desktop
gnome-system-log.desktop
tracker-preferences.desktop
anondist-torbrowser_update.desktop
yelp.desktop

@ -15,6 +15,18 @@ case "$DIST" in
DISTRIBUTION=debian
VERSION=8
;;
trusty)
DISTRIBUTION=qubuntu
VERSION=14.04
;;
utopic)
DISTRIBUTION=qubuntu
VERSION=14.10
;;
vivid)
DISTRIBUTION=qubuntu
VERSION=15.04
;;
*)
DISTRIBUTION="$DIST"
VERSION=

@ -22,7 +22,12 @@ templateFlavorPrefix() {
fi
done
echo "${DIST}${template_flavor:++}"
# If template_flavor only contains a '+'; send back $DIST
if [ "${template_flavor}" == "+" ]; then
echo "${DIST}"
else
echo "${DIST}${template_flavor:++}"
fi
}
templateNameDist() {

@ -11,6 +11,20 @@ DEBUG=${DEBUG:-0}
################################################################################
# Global functions
################################################################################
# ------------------------------------------------------------------------------
# Set xtrace verbose mode (-x or)
# ------------------------------------------------------------------------------
XTRACE=
function setVerboseMode() {
# Cache xtrace current status so it can be restored on exit
[[ ${-/x} != $- ]] && XTRACE=0 || XTRACE=1
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" -ge 2 ]; then
set -x
else
set +x
fi
}
# ------------------------------------------------------------------------------
# Define colors
@ -69,12 +83,32 @@ if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() {
local retval
true ${blue}
/usr/sbin/chroot "$@" && { retval=$?; true; } || { retval=$?; true; }
if [ "${SYSTEMD_NSPAWN_ENABLE}" == "1" ]; then
systemd-nspawn $systemd_bind -D "${INSTALLDIR}" -M "${DIST}" "$@" && { retval=$?; true; } || { retval=$?; true; }
else
/usr/sbin/chroot "${INSTALLDIR}" "$@" && { retval=$?; true; } || { retval=$?; true; }
fi
true ${reset}
return $retval
}
fi
# ------------------------------------------------------------------------------
# Return xtrace's current mode
# 0 is enables (-x); 1 is disables (+x)
# ------------------------------------------------------------------------------
getXtrace() {
[[ ${-/x} != $- ]] && echo 0 || echo 1
}
# ------------------------------------------------------------------------------
# Return xtrace to desired state
# 0 is enables (-x); 1 is disables (+x)
# ------------------------------------------------------------------------------
setXtrace() {
[[ "${1}" -eq 0 ]] && set -x || set +x
}
# ------------------------------------------------------------------------------
# Display messages in color
# ------------------------------------------------------------------------------
@ -82,24 +116,30 @@ fi
output() {
if [ "${VERBOSE}" -ge 1 ]; then
# Don't echo if -x is set since it will already be displayed via true
[[ ${-/x} != $- ]] || echo -e "${1}"
[[ ${-/x} != $- ]] || echo -e ""$@""
fi
}
outputc() {
color=${1}
shift
output "${!color}"$@"${reset}" || :
}
info() {
output "${bold}${blue}INFO: ${1}${reset}" || :
output "${bold}${blue}INFO: "$@"${reset}" || :
}
debug() {
output "${bold}${green}DEBUG: ${1}${reset}" || :
output "${bold}${green}DEBUG: "$@"${reset}" || :
}
warn() {
output "${stout}${yellow}WARNING: ${1}${reset}" || :
output "${stout}${yellow}WARNING: "$@"${reset}" || :
}
error() {
output "${bold}${red}ERROR: ${1}${reset}" || :
output "${bold}${red}ERROR: "$@"${reset}" || :
}
# ------------------------------------------------------------------------------
@ -166,17 +206,19 @@ templateDir() {
do
# (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome )
if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then
eval echo -e ${element#*:}
eval echo -e "${element#*:}"
return
# Very short name compare (+proxy)
elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then
eval echo -e ${element#*:}
eval echo -e "${element#*:}"
return
fi
done
if [ -n "${template_flavor}" ]; then
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
if [ -n "${template_flavor}" -a "${template_flavor}" == "+" ]; then
local dir="${SCRIPTSDIR}/${template_flavor_prefix}"
elif [ -n "${template_flavor}" ]; then
local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}"
else
local dir="${SCRIPTSDIR}"
@ -223,6 +265,7 @@ buildStepExec() {
# Cache $script
GLOBAL_CACHE[$script]=1
# Execute $script
"${script}"
fi
@ -266,11 +309,16 @@ callTemplateFunction() {
local calling_arg="$2"
local functionExec="$3"
local template_flavor="${TEMPLATE_FLAVOR}"
${functionExec} "${calling_script}" \
"${calling_arg}" \
"${template_flavor}"
# Find a $DIST sub-directory
${functionExec} "${calling_script}" \
"${calling_arg}" \
"+"
for option in ${TEMPLATE_OPTIONS[@]}
do
# Long name (wheezy+whonix-gateway+proxy)
@ -292,6 +340,17 @@ callTemplateFunction() {
}
# ------------------------------------------------------------------------------
# Will return all files that match pattern of suffix
# Example:
# filename = packages.list
# suffix = ${DIST} (wheezy)
#
# Will look for a file name packages_wheezy.list in:
# the $SCRIPTSDIR; beside original
# the $SCRIPTSDIR/$DIST (wheezy) directory
# any included template module directories ($SCRIPTSDIR/gnome)
#
# All matches are returned and each will be able to be used
# ------------------------------------------------------------------------------
getFileLocations() {
local return_global_var=$1
@ -311,6 +370,18 @@ getFileLocations() {
# ------------------------------------------------------------------------------
# Executes any additional optional configuration steps if the configuration
# scripts exist
#
# Will find all scripts with
# Example:
# filename = 04_install_qubes.sh
# suffix = post
#
# Will look for a file name 04_install_qubes_post in:
# the $SCRIPTSDIR; beside original
# the $SCRIPTSDIR/$DIST (wheezy) directory
# any included template module directories ($SCRIPTSDIR/gnome)
#
# All matches are executed
# ------------------------------------------------------------------------------
buildStep() {
local filename="$1"

@ -3,7 +3,7 @@
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
export IMG="$1"
export IMG="${1}"
export LC_ALL=POSIX
RETCODE=0
@ -13,52 +13,55 @@ RETCODE=0
. ./builder_setup >/dev/null
. ./umount_kill.sh >/dev/null
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
if ! [ $# -eq 1 ]; then
echo "usage $0 <img_file_name>"
echo "usage ${0} <img_file_name>"
exit
fi
if [ "$VERBOSE" == "1" ]; then
export YUM_OPTS="$YUM_OPTS -q"
if [ "${VERBOSE}" == "1" ]; then
export YUM_OPTS="${YUM_OPTS} -q"
fi
# ------------------------------------------------------------------------------
# Prepare for mount
# Make sure INSTALLDIR exists
# ------------------------------------------------------------------------------
echo "-> Preparing instalation of $DIST template..."
export INSTALLDIR="$(readlink -m mnt)"
mkdir -p "$INSTALLDIR"
"$SCRIPTSDIR/00_prepare.sh"
mkdir -p "${INSTALLDIR}"
# ------------------------------------------------------------------------------
# Mount image and install core OS
# Prepare for mount
# ------------------------------------------------------------------------------
echo "-> Preparing instalation of ${DIST} template..."
"${SCRIPTSDIR}/00_prepare.sh"
if [ -f "$IMG" ]; then
# ------------------------------------------------------------------------------
# Mount image and install core OS
# ------------------------------------------------------------------------------
if [ -f "${IMG}" ]; then
echo "-> Image file already exists, assuming *update*..."
else
echo "-> Initializing empty image..."
truncate -s 10G "$IMG" || exit 1
truncate -s 10G "${IMG}" || exit 1
echo "-> Creating filesystem..."
mkfs.ext4 -q -F "$IMG" || exit 1
mkfs.ext4 -q -F "${IMG}" || exit 1
fi
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT
"$SCRIPTSDIR/01_install_core.sh"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
"${SCRIPTSDIR}/01_install_core.sh"
# ------------------------------------------------------------------------------
# Install package groups
# ------------------------------------------------------------------------------
echo "-> Installing package groups..."
"$SCRIPTSDIR/02_install_groups.sh"
"${SCRIPTSDIR}/02_install_groups.sh"
# ------------------------------------------------------------------------------
# Cleanup
@ -66,6 +69,6 @@ echo "-> Installing package groups..."
trap - EXIT
echo "-> Unmounting prepared_image..."
umount_kill "$(readlink -m $INSTALLDIR)" || :
umount_kill "$(readlink -m ${INSTALLDIR})" || true
exit $RETCODE
exit ${RETCODE}

@ -46,7 +46,11 @@ fi
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
umount_kill "$PWD/mnt" || :
errval=$?
trap - ERR
trap
umount_kill "$PWD/mnt" || true
exit $errval
}
trap cleanup ERR
@ -66,7 +70,7 @@ export INSTALLDIR=mnt
# ------------------------------------------------------------------------------
# Run qubeize script
# ------------------------------------------------------------------------------
"$SCRIPTSDIR/04_install_qubes.sh" || { umount "$INSTALLDIR"; exit 1; }
"$SCRIPTSDIR/04_install_qubes.sh"
# ------------------------------------------------------------------------------
# Create App Menus
@ -110,7 +114,7 @@ fi
# Finsh - unmount image
# ------------------------------------------------------------------------------
echo "--> Unmounting $IMG"
cleanup
umount_kill "$PWD/mnt" || true
echo "Qubeized image stored at: $IMG"

@ -1,45 +1,82 @@
#!/bin/bash -x
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
INSTALLDIR="$(readlink -m mnt)"
umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------
# Make sure ${INSTALLDIR} is not mounted
umount_all "${INSTALLDIR}" || true
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ==============================================================================
buildStep "${0}" "pre"
# ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------
debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
# ==============================================================================
# Use a snapshot of the debootstraped debian image
# ==============================================================================
manage_snapshot() {
local snapshot="${1}"
umount_kill "${INSTALLDIR}" || true
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting ${IMG}"
rm -f "${IMG}"
# Remove old snapshots if groups completed
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
outputc stout "Removing stale snapshots"
umount_kill "${INSTALLDIR}" || true
rm -rf "${debootstrap_snapshot}"
rm -rf "${packages_snapshot}"
return
fi
# Umount image; don't fail if its already umounted
umount_kill "${INSTALLDIR}" || :
outputc stout "Replacing ${IMG} with snapshot ${snapshot}"
umount_kill "${INSTALLDIR}" || true
cp -f "${snapshot}" "${IMG}"
}
# ==============================================================================
# Determine if a snapshot should be used, reuse an existing image or
# delete the existing image to start fresh based on configuration options
#
# SNAPSHOT=1 - Use snapshots; Will remove after successful build
# If debootstrap did not complete, the existing image will be deleted
# ==============================================================================
splitPath "${IMG}" path_parts
packages_snapshot="${path_parts[dir]}${path_parts[base]}-packages${path_parts[dotext]}"
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if [ -f "${IMG}" ]; then
if [ -f "${packages_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
# Use 'packages' snapshot
manage_snapshot "${packages_snapshot}"
elif [ -f "${debootstrap_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
# Use 'debootstrap' snapshot
manage_snapshot "${debootstrap_snapshot}"
else
# Use '$IMG' if debootstrap did not fail
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Assume a failed debootstrap installation if .prepared_debootstrap does not exist
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
debug "Reusing existing image ${IMG}"
else
outputc stout "Removing stale or incomplete ${IMG}"
umount_kill "${INSTALLDIR}" || true
rm -f "${IMG}"
fi
# Umount image; don't fail if its already umounted
umount_kill "${INSTALLDIR}" || true
fi
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"

@ -1,38 +1,61 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Installing base system using debootstrap'
##### '-------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install base debian system
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/${DEBIANVERSION}-debian-archive-keyring.gpg" \
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
# ==============================================================================
buildStep "${0}" "pre"
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
#### "------------------------------------------------------------------
info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system"
#### "------------------------------------------------------------------
COMPONENTS="" debootstrap \
--arch=amd64 \
--include="ncurses-term locales tasksel" \
--components=main \
--keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \
"${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || {
error "Debootstrap failed!";
exit 1;
}
#### '----------------------------------------------------------------------
info ' Configure keyboard'
#### '----------------------------------------------------------------------
configureKeyboard
#### '----------------------------------------------------------------------
info ' Update locales'
#### '----------------------------------------------------------------------
updateLocale
#### '----------------------------------------------------------------------
info 'Link mtab'
#### '----------------------------------------------------------------------
chroot rm -f /etc/mtab
chroot ln -s /proc/self/mounts /etc/mtab
# TMPDIR is set in vars. /tmp should not be used since it will be cleared
# if building template with LXC contaniners on a reboot
mkdir -p "${INSTALLDIR}/${TMPDIR}"
# Mark section as complete
touch "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap"
# If SNAPSHOT=1, Create a snapshot of the already debootstraped image
createSnapshot "debootstrap"
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"

@ -1,201 +1,84 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
##### "=========================================================================
debug " Configuring and Installing packages for ${DIST}"
##### "=========================================================================
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "${INSTALLDIR}" || :
exit 1
fi
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" "prepared_debootstrap installataion has not completed!... Exiting"
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
mount -t tmpfs none "${INSTALLDIR}/run"
# Create system mount points
prepareChroot
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# Make sure there is a resolv.conf with network of this AppVM for building
createResolvConf
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Install groups error and umount"
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "${INSTALLDIR}" || :
exit 1
}
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ==============================================================================
buildStep "${0}" "pre"
# ==============================================================================
# Configure base system and install any adddtional packages which could
# include +TEMPLATE_FLAVOR such as gnome as set in configuration file
# ==============================================================================
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
#### '----------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '----------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# ------------------------------------------------------------------------------
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022)
# ------------------------------------------------------------------------------
echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session"
# ------------------------------------------------------------------------------
# Add debian security repository
# ------------------------------------------------------------------------------
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
#### '----------------------------------------------------------------------
info 'Install standard Debian packages'
#### '----------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.debian_packages" ]; then
packages="$(chroot tasksel --new-install --task-packages standard)"
aptInstall ${packages}
touch "${INSTALLDIR}/${TMPDIR}/.debian_packages"
fi
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
debug "Upgrading system"
chroot "${INSTALLDIR}" apt-get update
true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} dist-upgrade
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
debug "Setting keyboard layout"
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/layoutcode string us
keyboard-configuration keyboard-configuration/variantcode string
keyboard-configuration keyboard-configuration/optionscode string
EOF
# ------------------------------------------------------------------------------
# Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!"
umount_kill "${INSTALLDIR}" || :
exit 1
fi
for package_list in ${packages_list[@]}; do
debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} install < "${package_list}"
done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts after packages are installed
# (Whonix needs dependancies installed before installation)
# ------------------------------------------------------------------------------
#### '----------------------------------------------------------------------
info ' Distribution specific steps (install systemd, add sources, etc)'
#### '----------------------------------------------------------------------
buildStep "$0" "${DIST}"
#### '----------------------------------------------------------------------
info " Installing extra packages in script_${DIST}/packages.list file"
#### '----------------------------------------------------------------------
installPackages
createSnapshot "packages"
touch "${INSTALLDIR}/${TMPDIR}/.prepared_packages"
#### '----------------------------------------------------------------------
info ' Execute any template flavor or sub flavor scripts after packages are installed'
#### '----------------------------------------------------------------------
buildStep "$0" "packages_installed"
# ------------------------------------------------------------------------------
# Install systemd
# ------------------------------------------------------------------------------
# - sysvinit gives problems with qubes initramfs, we depend on systemd
# for now. Apt *really* doesn't want to replace sysvinit in wheezy.
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
fi
# Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation"
chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
#### '----------------------------------------------------------------------
info ' apt-get dist-upgrade'
#### '----------------------------------------------------------------------
aptDistUpgrade
chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} install systemd-sysv
# ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
fi
# ------------------------------------------------------------------------------
# Cleanup
# ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "${INSTALLDIR}/tmp/.prepared_groups"
#### '----------------------------------------------------------------------
info ' Cleanup'
#### '----------------------------------------------------------------------
touch "${INSTALLDIR}/${TMPDIR}/.prepared_groups"
trap - ERR EXIT
trap
# Kill all processes and umount all mounts within ${INSTALLDIR},
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself)
umount_kill "${INSTALLDIR}/" || :
fi
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'post' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "post"
# ==============================================================================
buildStep "${0}" "post"
# ==============================================================================
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted)
# ==============================================================================
umount_all "${INSTALLDIR}/" || true

@ -0,0 +1,36 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### "=========================================================================
debug " Installing custom packages and customizing ${DIST}"
##### "=========================================================================
#### '--------------------------------------------------------------------------
info ' Adding contrib, non-free and Debian security to repository.'
#### '--------------------------------------------------------------------------
updateDebianSourceList
aptUpdate
##### '=========================================================================
debug ' Replacing sysvinit with systemd'
##### '=========================================================================
#### '--------------------------------------------------------------------------
info ' Remove sysvinit'
#### '--------------------------------------------------------------------------
aptRemove sysvinit
#### '--------------------------------------------------------------------------
info ' Install Systemd'
#### '--------------------------------------------------------------------------
aptUpdate
aptInstall systemd-sysv
#### '--------------------------------------------------------------------------
info ' Set multu-user.target as the default target (runlevel 3)'
#### '--------------------------------------------------------------------------
chroot rm -f /etc/systemd/system/default.target
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target

@ -0,0 +1,89 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### "=========================================================================
debug " Installing custom packages and customizing ${DIST}"
##### "=========================================================================
#### '--------------------------------------------------------------------------
info ' Adding contrib, non-free and Debian security to repository.'
#### '--------------------------------------------------------------------------
updateDebianSourceList
#### '----------------------------------------------------------------------
info ' Adding wheezy backports repository.'
#### '----------------------------------------------------------------------
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
aptUpdate
##### '=========================================================================
debug ' Replace sysvinit with systemd'
##### '=========================================================================
#### '----------------------------------------------------------------------
info ' Remove sysvinit'
#### '----------------------------------------------------------------------
echo 'Yes, do as I say!' | aptRemove sysvinit
#### '----------------------------------------------------------------------
info ' Preventing sysvinit re-installation'
#### '----------------------------------------------------------------------
chroot apt-mark hold sysvinit
#### '----------------------------------------------------------------------
info ' Pin sysvinit to prevent being re-installed'
#### '----------------------------------------------------------------------
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
#### '----------------------------------------------------------------------
info ' Install Systemd'
#### '----------------------------------------------------------------------
aptUpdate
aptInstall systemd-sysv
#### '----------------------------------------------------------------------
info ' Set multu-user.target as the default target (runlevel 3)'
#### '----------------------------------------------------------------------
chroot rm -f /etc/systemd/system/default.target
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ==============================================================================
# Install backports
#
# NOTE: This needs to be done after systemd has been installed or risk backport
# being un-installed
# ==============================================================================
#### '----------------------------------------------------------------------
info ' Installing init-system-helpers'
#### '----------------------------------------------------------------------
aptUpdate
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
#### '----------------------------------------------------------------------
info ' Installing pulseaudo backport'
#### '----------------------------------------------------------------------
# /usr/lib/pulse-4.0/modules/
# start-pulseaudio-with-vchan
#DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
# chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install pulseaudio \
# libpulse0 \
# pulseaudio-utils \
# libpulse-mainloop-glib0 \
# pulseaudio-module-x11

@ -1,154 +1,61 @@
#!/bin/sh
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
##### '-------------------------------------------------------------------------
debug ' Installing Qubes packages'
##### '-------------------------------------------------------------------------
# ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting"
exit 1
fi
# If .prepared_debootstrap has not been completed, don't continue
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_groups" "prepared_groups installataion has not completed!... Exiting"
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
mount -t tmpfs none "${INSTALLDIR}/run"
# Create system mount points
prepareChroot
# ------------------------------------------------------------------------------
# ==============================================================================
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install Qubes Packages
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules"
# --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# --------------------------------------------------------------------------
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# --------------------------------------------------------------------------
# Generate locales
# --------------------------------------------------------------------------
debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "${INSTALLDIR}" locale-gen
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# --------------------------------------------------------------------------
# Link mtab
# --------------------------------------------------------------------------
rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# --------------------------------------------------------------------------
# Start of Qubes package installation
# --------------------------------------------------------------------------
debug "Installing qubes packages"
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# --------------------------------------------------------------------------
# Install keyrings
# --------------------------------------------------------------------------
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes builder
Expire-Date: 0
%pubring ${CACHEDIR}/repo-pubring.gpg
%secring ${CACHEDIR}/repo-secring.gpg
%commit
EOF
fi
gpg -abs --no-default-keyring \
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"${CUSTOMREPO}/dists/${DIST}/Release"
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# --------------------------------------------------------------------------
# Mount local qubes_repo
# --------------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# --------------------------------------------------------------------------