diff --git a/.gitignore b/.gitignore index 8216535..0b821ac 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,5 @@ mnt_* *.fs *.img install-templates.sh +yum_repo_qubes/* +scripts_fedora/base_rpms_fc21/* diff --git a/Makefile b/Makefile index 7bd1f3d..457e794 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,9 @@ endif fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames) TEMPLATE_NAME := $(word 1,$(fix_up)) +export DISTRIBUTION +export TEMPLATE_NAME + VERSION := $(shell cat version) TIMESTAMP := $(shell date -u +%Y%m%d%H%M) diff --git a/appmenus_fc21/netvm-whitelisted-appmenus.list b/appmenus_fc21/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_fc21/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_fc21/vm-whitelisted-appmenus.list b/appmenus_fc21/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..1711aed --- /dev/null +++ b/appmenus_fc21/vm-whitelisted-appmenus.list @@ -0,0 +1,3 @@ +gnome-terminal.desktop +nautilus.desktop +firefox.desktop diff --git a/appmenus_fc21/whitelisted-appmenus.list b/appmenus_fc21/whitelisted-appmenus.list new file mode 100644 index 0000000..107badc --- /dev/null +++ b/appmenus_fc21/whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-prefs.desktop +system-config-date.desktop +system-config-printer.desktop diff --git a/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list b/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/appmenus_fc21_minimal/vm-whitelisted-appmenus.list b/appmenus_fc21_minimal/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/vm-whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/appmenus_fc21_minimal/whitelisted-appmenus.list b/appmenus_fc21_minimal/whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/appmenus_jessie/vm-whitelisted-appmenus.list b/appmenus_jessie/vm-whitelisted-appmenus.list index 31d9cad..c6d575c 100644 --- a/appmenus_jessie/vm-whitelisted-appmenus.list +++ b/appmenus_jessie/vm-whitelisted-appmenus.list @@ -1,3 +1,5 @@ gnome-terminal.desktop -nautilus.desktop +org.gnome.Nautilus.desktop +iceweasel.desktop +icedove.desktop yelp.desktop diff --git a/appmenus_trusty/netvm-whitelisted-appmenus.list b/appmenus_trusty/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_trusty/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_trusty/vm-whitelisted-appmenus.list b/appmenus_trusty/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_trusty/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_trusty/whitelisted-appmenus.list b/appmenus_trusty/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_trusty/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list b/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_trusty_desktop/vm-whitelisted-appmenus.list b/appmenus_trusty_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_trusty_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_trusty_desktop/whitelisted-appmenus.list b/appmenus_trusty_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_trusty_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_utopic/netvm-whitelisted-appmenus.list b/appmenus_utopic/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_utopic/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_utopic/vm-whitelisted-appmenus.list b/appmenus_utopic/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_utopic/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_utopic/whitelisted-appmenus.list b/appmenus_utopic/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_utopic/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list b/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_utopic_desktop/vm-whitelisted-appmenus.list b/appmenus_utopic_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_utopic_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_utopic_desktop/whitelisted-appmenus.list b/appmenus_utopic_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_utopic_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_vivid/netvm-whitelisted-appmenus.list b/appmenus_vivid/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_vivid/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_vivid/vm-whitelisted-appmenus.list b/appmenus_vivid/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_vivid/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_vivid/whitelisted-appmenus.list b/appmenus_vivid/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_vivid/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list b/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_vivid_desktop/vm-whitelisted-appmenus.list b/appmenus_vivid_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_vivid_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_vivid_desktop/whitelisted-appmenus.list b/appmenus_vivid_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_vivid_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_wheezy/vm-whitelisted-appmenus.list b/appmenus_wheezy/vm-whitelisted-appmenus.list index 31d9cad..d479755 100644 --- a/appmenus_wheezy/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy/vm-whitelisted-appmenus.list @@ -1,3 +1,5 @@ gnome-terminal.desktop +iceweasel.desktop +icedove.desktop nautilus.desktop yelp.desktop diff --git a/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list index 68ed628..1bb50df 100644 --- a/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list @@ -1,21 +1,16 @@ gnome-terminal.desktop -nautilus.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop yelp.desktop -gateway-arm.desktop +gateway-firewall30default.desktop +gateway-firewall50user.desktop +gateway-torrc.desktop +gateway-torrcexamples.desktop gateway-firewall30default.desktop gateway-firewall50user.desktop gateway-firsttimesetup.desktop -gateway-reloadfirewall.desktop -gateway-reloadtor.desktop -gateway-restarttor.desktop -gateway-stoptor.desktop gateway-torrc.desktop gateway-torrcexamples.desktop -timesync.desktop -whonixcheck.desktop whonix_repository.desktop -dolphin.desktop -Help.desktop -ksystemlog.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list index 68ed628..ba57bde 100644 --- a/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list @@ -2,20 +2,9 @@ gnome-terminal.desktop nautilus.desktop yelp.desktop gateway-arm.desktop -gateway-firewall30default.desktop -gateway-firewall50user.desktop -gateway-firsttimesetup.desktop gateway-reloadfirewall.desktop gateway-reloadtor.desktop gateway-restarttor.desktop gateway-stoptor.desktop -gateway-torrc.desktop -gateway-torrcexamples.desktop timesync.desktop whonixcheck.desktop -whonix_repository.desktop -dolphin.desktop -Help.desktop -ksystemlog.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list index 25df4f2..1bb50df 100644 --- a/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list @@ -8,4 +8,9 @@ gateway-firewall30default.desktop gateway-firewall50user.desktop gateway-torrc.desktop gateway-torrcexamples.desktop -kwrite.desktop +gateway-firewall30default.desktop +gateway-firewall50user.desktop +gateway-firsttimesetup.desktop +gateway-torrc.desktop +gateway-torrcexamples.desktop +whonix_repository.desktop diff --git a/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list index 4371561..5bd390a 100644 --- a/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list @@ -1,12 +1,8 @@ gnome-terminal.desktop nautilus.desktop yelp.desktop - anondist-torbrowser.desktop -anondist-torbrowser_update.desktop -gateway-firsttimesetup.desktop timesync.desktop -vlc.desktop whonixcheck.desktop whonix-contribute.desktop whonix-documentation.desktop @@ -16,12 +12,3 @@ whonix-forum.desktop whonix-importantblog.desktop whonix-irc-chat-support.desktop whonix-mailinglist.desktop -whonix_repository.desktop -xchat.desktop -x-www-browser.desktop -dolphin.desktop -Help.desktop -kcalc.desktop -kgpg.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list index c9b6f00..cf2ba64 100644 --- a/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list @@ -4,93 +4,9 @@ gpk-update-viewer.desktop gpk-prefs.desktop gpk-log.desktop yelp.desktop - - -anondist-torbrowser.desktop +gnome-panel.desktop +gnome-printers-panel.desktop +gnome-system-log.desktop +tracker-preferences.desktop anondist-torbrowser_update.desktop -bluetooth-sendto.desktop -bluetooth-wizard.desktop -brasero.desktop -brasero-nautilus.desktop -display.im6.desktop -fpm2.desktop -gateway-firsttimesetup.desktop -gcr-prompter.desktop -gcr-viewer.desktop -gnome-terminal.desktop -gpk-application.desktop -gpk-dbus-service.desktop -gpk-install-catalog.desktop -gpk-install-local-file.desktop -gpk-log.desktop -gpk-prefs.desktop -gpk-service-pack.desktop -gpk-update-viewer.desktop -iceweasel.desktop -kde4 -mat.desktop -mimeinfo.cache -nact.desktop -nautilus-autorun-software.desktop -nautilus.desktop -nm-applet.desktop -nm-connection-editor.desktop -python2.7.desktop -timesync.desktop -vlc.desktop -whonixcheck.desktop -whonix-contribute.desktop -whonix-documentation.desktop -whonix-donate.desktop -whonix-featureblog.desktop -whonix-forum.desktop -whonix-importantblog.desktop -whonix-irc-chat-support.desktop -whonix-mailinglist.desktop whonix_repository.desktop -xchat.desktop -x-www-browser.desktop -yelp.desktop - - -akonaditray.desktop --rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop -dolphin.desktop -gwenview.desktop -Help.desktop -jovieapp.desktop -kcalc.desktop -kdepasswd.desktop -kdesystemsettings.desktop -keditbookmarks.desktop -kfind.desktop -kfontview.desktop -kgpg.desktop -klipper.desktop -kmag.desktop -kmailservice.desktop -kmix.desktop -kmousetool.desktop -kmouth.desktop -konsole.desktop -krandrtray.desktop -ksysguard.desktop -ksystemlog.desktop --rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop -kvkbd.desktop -kwrite.desktop -nepomukbackup.desktop -nepomukcontroller.desktop -okularApplication_comicbook.desktop -okularApplication_dvi.desktop -okularApplication_fax.desktop -okularApplication_fb.desktop -okularApplication_ghostview.desktop -okularApplication_kimgio.desktop -okularApplication_ooo.desktop -okularApplication_pdf.desktop -okularApplication_plucker.desktop -okularApplication_xps.desktop -okular.desktop -systemsettings.desktop - diff --git a/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..501abce --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list @@ -0,0 +1,22 @@ +gnome-terminal.desktop +nautilus.desktop +gcalctool.desktop +evolution.desktop +libreoffice-startcenter.desktop +gimp.desktop +eog.desktop +totem.desktop +shotwell.desktop +rhythmbox.desktop +anondist-torbrowser.desktop +timesync.desktop +whonixcheck.desktop +whonix-contribute.desktop +whonix-documentation.desktop +whonix-donate.desktop +whonix-featureblog.desktop +whonix-forum.desktop +whonix-importantblog.desktop +whonix-irc-chat-support.desktop +whonix-mailinglist.desktop +yelp.desktop diff --git a/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list new file mode 100644 index 0000000..ab251b6 --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list @@ -0,0 +1,14 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gnome-panel.desktop +gnome-printers-panel.desktop +gnome-system-log.desktop +tracker-preferences.desktop +anondist-torbrowser_update.desktop +yelp.desktop diff --git a/builder_setup b/builder_setup index ba265b9..61d4354 100755 --- a/builder_setup +++ b/builder_setup @@ -15,6 +15,18 @@ case "$DIST" in DISTRIBUTION=debian VERSION=8 ;; + trusty) + DISTRIBUTION=qubuntu + VERSION=14.04 + ;; + utopic) + DISTRIBUTION=qubuntu + VERSION=14.10 + ;; + vivid) + DISTRIBUTION=qubuntu + VERSION=15.04 + ;; *) DISTRIBUTION="$DIST" VERSION= diff --git a/functions-name.sh b/functions-name.sh index b2c3b0c..229a1c7 100644 --- a/functions-name.sh +++ b/functions-name.sh @@ -22,7 +22,12 @@ templateFlavorPrefix() { fi done - echo "${DIST}${template_flavor:++}" + # If template_flavor only contains a '+'; send back $DIST + if [ "${template_flavor}" == "+" ]; then + echo "${DIST}" + else + echo "${DIST}${template_flavor:++}" + fi } templateNameDist() { diff --git a/functions.sh b/functions.sh index 37b7d8b..bb713e7 100755 --- a/functions.sh +++ b/functions.sh @@ -11,6 +11,20 @@ DEBUG=${DEBUG:-0} ################################################################################ # Global functions ################################################################################ +# ------------------------------------------------------------------------------ +# Set xtrace verbose mode (-x or) +# ------------------------------------------------------------------------------ +XTRACE= +function setVerboseMode() { + # Cache xtrace current status so it can be restored on exit + [[ ${-/x} != $- ]] && XTRACE=0 || XTRACE=1 + + if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" -ge 2 ]; then + set -x + else + set +x + fi +} # ------------------------------------------------------------------------------ # Define colors @@ -69,12 +83,32 @@ if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then chroot() { local retval true ${blue} - /usr/sbin/chroot "$@" && { retval=$?; true; } || { retval=$?; true; } + if [ "${SYSTEMD_NSPAWN_ENABLE}" == "1" ]; then + systemd-nspawn $systemd_bind -D "${INSTALLDIR}" -M "${DIST}" "$@" && { retval=$?; true; } || { retval=$?; true; } + else + /usr/sbin/chroot "${INSTALLDIR}" "$@" && { retval=$?; true; } || { retval=$?; true; } + fi true ${reset} return $retval } fi +# ------------------------------------------------------------------------------ +# Return xtrace's current mode +# 0 is enables (-x); 1 is disables (+x) +# ------------------------------------------------------------------------------ +getXtrace() { + [[ ${-/x} != $- ]] && echo 0 || echo 1 +} + +# ------------------------------------------------------------------------------ +# Return xtrace to desired state +# 0 is enables (-x); 1 is disables (+x) +# ------------------------------------------------------------------------------ +setXtrace() { + [[ "${1}" -eq 0 ]] && set -x || set +x +} + # ------------------------------------------------------------------------------ # Display messages in color # ------------------------------------------------------------------------------ @@ -82,24 +116,30 @@ fi output() { if [ "${VERBOSE}" -ge 1 ]; then # Don't echo if -x is set since it will already be displayed via true - [[ ${-/x} != $- ]] || echo -e "${1}" + [[ ${-/x} != $- ]] || echo -e ""$@"" fi } +outputc() { + color=${1} + shift + output "${!color}"$@"${reset}" || : +} + info() { - output "${bold}${blue}INFO: ${1}${reset}" || : + output "${bold}${blue}INFO: "$@"${reset}" || : } debug() { - output "${bold}${green}DEBUG: ${1}${reset}" || : + output "${bold}${green}DEBUG: "$@"${reset}" || : } warn() { - output "${stout}${yellow}WARNING: ${1}${reset}" || : + output "${stout}${yellow}WARNING: "$@"${reset}" || : } error() { - output "${bold}${red}ERROR: ${1}${reset}" || : + output "${bold}${red}ERROR: "$@"${reset}" || : } # ------------------------------------------------------------------------------ @@ -166,17 +206,19 @@ templateDir() { do # (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome ) if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then - eval echo -e ${element#*:} + eval echo -e "${element#*:}" return # Very short name compare (+proxy) elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then - eval echo -e ${element#*:} + eval echo -e "${element#*:}" return fi done - if [ -n "${template_flavor}" ]; then - local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})" + local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})" + if [ -n "${template_flavor}" -a "${template_flavor}" == "+" ]; then + local dir="${SCRIPTSDIR}/${template_flavor_prefix}" + elif [ -n "${template_flavor}" ]; then local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}" else local dir="${SCRIPTSDIR}" @@ -223,6 +265,7 @@ buildStepExec() { # Cache $script GLOBAL_CACHE[$script]=1 + # Execute $script "${script}" fi @@ -266,11 +309,16 @@ callTemplateFunction() { local calling_arg="$2" local functionExec="$3" local template_flavor="${TEMPLATE_FLAVOR}" - + ${functionExec} "${calling_script}" \ "${calling_arg}" \ "${template_flavor}" + # Find a $DIST sub-directory + ${functionExec} "${calling_script}" \ + "${calling_arg}" \ + "+" + for option in ${TEMPLATE_OPTIONS[@]} do # Long name (wheezy+whonix-gateway+proxy) @@ -292,6 +340,17 @@ callTemplateFunction() { } # ------------------------------------------------------------------------------ +# Will return all files that match pattern of suffix +# Example: +# filename = packages.list +# suffix = ${DIST} (wheezy) +# +# Will look for a file name packages_wheezy.list in: +# the $SCRIPTSDIR; beside original +# the $SCRIPTSDIR/$DIST (wheezy) directory +# any included template module directories ($SCRIPTSDIR/gnome) +# +# All matches are returned and each will be able to be used # ------------------------------------------------------------------------------ getFileLocations() { local return_global_var=$1 @@ -311,6 +370,18 @@ getFileLocations() { # ------------------------------------------------------------------------------ # Executes any additional optional configuration steps if the configuration # scripts exist +# +# Will find all scripts with +# Example: +# filename = 04_install_qubes.sh +# suffix = post +# +# Will look for a file name 04_install_qubes_post in: +# the $SCRIPTSDIR; beside original +# the $SCRIPTSDIR/$DIST (wheezy) directory +# any included template module directories ($SCRIPTSDIR/gnome) +# +# All matches are executed # ------------------------------------------------------------------------------ buildStep() { local filename="$1" diff --git a/prepare_image b/prepare_image index f5a3fef..d2b4549 100755 --- a/prepare_image +++ b/prepare_image @@ -3,7 +3,7 @@ # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -export IMG="$1" +export IMG="${1}" export LC_ALL=POSIX RETCODE=0 @@ -13,52 +13,55 @@ RETCODE=0 . ./builder_setup >/dev/null . ./umount_kill.sh >/dev/null -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e fi if ! [ $# -eq 1 ]; then - echo "usage $0 " + echo "usage ${0} " exit fi -if [ "$VERBOSE" == "1" ]; then - export YUM_OPTS="$YUM_OPTS -q" +if [ "${VERBOSE}" == "1" ]; then + export YUM_OPTS="${YUM_OPTS} -q" fi # ------------------------------------------------------------------------------ -# Prepare for mount +# Make sure INSTALLDIR exists # ------------------------------------------------------------------------------ -echo "-> Preparing instalation of $DIST template..." export INSTALLDIR="$(readlink -m mnt)" -mkdir -p "$INSTALLDIR" -"$SCRIPTSDIR/00_prepare.sh" +mkdir -p "${INSTALLDIR}" # ------------------------------------------------------------------------------ -# Mount image and install core OS +# Prepare for mount # ------------------------------------------------------------------------------ +echo "-> Preparing instalation of ${DIST} template..." +"${SCRIPTSDIR}/00_prepare.sh" -if [ -f "$IMG" ]; then +# ------------------------------------------------------------------------------ +# Mount image and install core OS +# ------------------------------------------------------------------------------ +if [ -f "${IMG}" ]; then echo "-> Image file already exists, assuming *update*..." else echo "-> Initializing empty image..." - truncate -s 10G "$IMG" || exit 1 + truncate -s 10G "${IMG}" || exit 1 echo "-> Creating filesystem..." - mkfs.ext4 -q -F "$IMG" || exit 1 + mkfs.ext4 -q -F "${IMG}" || exit 1 fi -mount -o loop "$IMG" "$INSTALLDIR" || exit 1 -trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT -"$SCRIPTSDIR/01_install_core.sh" +mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 +trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT +"${SCRIPTSDIR}/01_install_core.sh" # ------------------------------------------------------------------------------ # Install package groups # ------------------------------------------------------------------------------ echo "-> Installing package groups..." -"$SCRIPTSDIR/02_install_groups.sh" +"${SCRIPTSDIR}/02_install_groups.sh" # ------------------------------------------------------------------------------ # Cleanup @@ -66,6 +69,6 @@ echo "-> Installing package groups..." trap - EXIT echo "-> Unmounting prepared_image..." -umount_kill "$(readlink -m $INSTALLDIR)" || : +umount_kill "$(readlink -m ${INSTALLDIR})" || true -exit $RETCODE +exit ${RETCODE} diff --git a/qubeize_image b/qubeize_image index 0333754..35e38eb 100755 --- a/qubeize_image +++ b/qubeize_image @@ -46,7 +46,11 @@ fi # Cleanup function # ------------------------------------------------------------------------------ function cleanup() { - umount_kill "$PWD/mnt" || : + errval=$? + trap - ERR + trap + umount_kill "$PWD/mnt" || true + exit $errval } trap cleanup ERR @@ -66,7 +70,7 @@ export INSTALLDIR=mnt # ------------------------------------------------------------------------------ # Run qubeize script # ------------------------------------------------------------------------------ -"$SCRIPTSDIR/04_install_qubes.sh" || { umount "$INSTALLDIR"; exit 1; } +"$SCRIPTSDIR/04_install_qubes.sh" # ------------------------------------------------------------------------------ # Create App Menus @@ -110,7 +114,7 @@ fi # Finsh - unmount image # ------------------------------------------------------------------------------ echo "--> Unmounting $IMG" -cleanup +umount_kill "$PWD/mnt" || true echo "Qubeized image stored at: $IMG" diff --git a/scripts_debian/00_prepare.sh b/scripts_debian/00_prepare.sh index 897bc0a..b12bb82 100755 --- a/scripts_debian/00_prepare.sh +++ b/scripts_debian/00_prepare.sh @@ -1,45 +1,82 @@ -#!/bin/bash -x +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ # Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + INSTALLDIR="$(readlink -m mnt)" -umount_kill "${INSTALLDIR}" || : -# ------------------------------------------------------------------------------ +# Make sure ${INSTALLDIR} is not mounted +umount_all "${INSTALLDIR}" || true + +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# ============================================================================== +buildStep "${0}" "pre" -# ------------------------------------------------------------------------------ -# Force overwrite of an existing image for now if debootstrap did not seem to complete... -# ------------------------------------------------------------------------------ -debug "Determine if ${IMG} should be reused or deleted..." -if [ -f "${IMG}" ]; then - # Assume a failed debootstrap installation if .prepare_debootstrap does not exist +# ============================================================================== +# Use a snapshot of the debootstraped debian image +# ============================================================================== +manage_snapshot() { + local snapshot="${1}" + + umount_kill "${INSTALLDIR}" || true mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - warn "Last build failed. Deleting ${IMG}" - rm -f "${IMG}" + + # Remove old snapshots if groups completed + if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then + outputc stout "Removing stale snapshots" + umount_kill "${INSTALLDIR}" || true + rm -rf "${debootstrap_snapshot}" + rm -rf "${packages_snapshot}" + return fi - # Umount image; don't fail if its already umounted - umount_kill "${INSTALLDIR}" || : + outputc stout "Replacing ${IMG} with snapshot ${snapshot}" + umount_kill "${INSTALLDIR}" || true + cp -f "${snapshot}" "${IMG}" +} + +# ============================================================================== +# Determine if a snapshot should be used, reuse an existing image or +# delete the existing image to start fresh based on configuration options +# +# SNAPSHOT=1 - Use snapshots; Will remove after successful build +# If debootstrap did not complete, the existing image will be deleted +# ============================================================================== +splitPath "${IMG}" path_parts +packages_snapshot="${path_parts[dir]}${path_parts[base]}-packages${path_parts[dotext]}" +debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" + +if [ -f "${IMG}" ]; then + if [ -f "${packages_snapshot}" -a "${SNAPSHOT}" == "1" ]; then + # Use 'packages' snapshot + manage_snapshot "${packages_snapshot}" + + elif [ -f "${debootstrap_snapshot}" -a "${SNAPSHOT}" == "1" ]; then + # Use 'debootstrap' snapshot + manage_snapshot "${debootstrap_snapshot}" + + else + # Use '$IMG' if debootstrap did not fail + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 + + # Assume a failed debootstrap installation if .prepared_debootstrap does not exist + if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then + debug "Reusing existing image ${IMG}" + else + outputc stout "Removing stale or incomplete ${IMG}" + umount_kill "${INSTALLDIR}" || true + rm -f "${IMG}" + fi + + # Umount image; don't fail if its already umounted + umount_kill "${INSTALLDIR}" || true + fi fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh index 0c99295..7fccc36 100755 --- a/scripts_debian/01_install_core.sh +++ b/scripts_debian/01_install_core.sh @@ -1,38 +1,61 @@ -#!/bin/sh +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ # Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### '------------------------------------------------------------------------- +debug ' Installing base system using debootstrap' +##### '------------------------------------------------------------------------- -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" - -# ------------------------------------------------------------------------------ -# Install base debian system -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - debug "Installing base ${DEBIANVERSION} system" - COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ - --components=main --keyring="${SCRIPTSDIR}/keys/${DEBIANVERSION}-debian-archive-keyring.gpg" \ - "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; } - chroot "${INSTALLDIR}" chmod 0666 "/dev/null" - touch "${INSTALLDIR}/tmp/.prepared_debootstrap" +# ============================================================================== +buildStep "${0}" "pre" + +if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then + #### "------------------------------------------------------------------ + info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system" + #### "------------------------------------------------------------------ + COMPONENTS="" debootstrap \ + --arch=amd64 \ + --include="ncurses-term locales tasksel" \ + --components=main \ + --keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \ + "${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { + error "Debootstrap failed!"; + exit 1; + } + + #### '---------------------------------------------------------------------- + info ' Configure keyboard' + #### '---------------------------------------------------------------------- + configureKeyboard + + #### '---------------------------------------------------------------------- + info ' Update locales' + #### '---------------------------------------------------------------------- + updateLocale + + #### '---------------------------------------------------------------------- + info 'Link mtab' + #### '---------------------------------------------------------------------- + chroot rm -f /etc/mtab + chroot ln -s /proc/self/mounts /etc/mtab + + # TMPDIR is set in vars. /tmp should not be used since it will be cleared + # if building template with LXC contaniners on a reboot + mkdir -p "${INSTALLDIR}/${TMPDIR}" + + # Mark section as complete + touch "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" + + # If SNAPSHOT=1, Create a snapshot of the already debootstraped image + createSnapshot "debootstrap" fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh index 7c1d4ca..3dc12e2 100755 --- a/scripts_debian/02_install_groups.sh +++ b/scripts_debian/02_install_groups.sh @@ -1,201 +1,84 @@ -#!/bin/sh +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +##### "========================================================================= +debug " Configuring and Installing packages for ${DIST}" +##### "========================================================================= -# ------------------------------------------------------------------------------ # If .prepared_debootstrap has not been completed, don't continue -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - error "prepared_debootstrap installataion has not completed!... Exiting" - umount_kill "${INSTALLDIR}" || : - exit 1 -fi +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" "prepared_debootstrap installataion has not completed!... Exiting" -# ------------------------------------------------------------------------------ -# Mount system mount points -# ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done -mount -t tmpfs none "${INSTALLDIR}/run" +# Create system mount points +prepareChroot -# ------------------------------------------------------------------------------ -# Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# Make sure there is a resolv.conf with network of this AppVM for building +createResolvConf -if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then - # ------------------------------------------------------------------------------ - # Cleanup function - # ------------------------------------------------------------------------------ - function cleanup() { - error "Install groups error and umount" - rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" - umount_kill "${INSTALLDIR}" || : - exit 1 - } +# ============================================================================== +# Execute any template flavor or sub flavor 'pre' scripts +# ============================================================================== +buildStep "${0}" "pre" + +# ============================================================================== +# Configure base system and install any adddtional packages which could +# include +TEMPLATE_FLAVOR such as gnome as set in configuration file +# ============================================================================== +if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then + #### '---------------------------------------------------------------------- + info ' Trap ERR and EXIT signals and cleanup (umount)' + #### '---------------------------------------------------------------------- trap cleanup ERR trap cleanup EXIT - # ------------------------------------------------------------------------------ - # Set up a temporary policy-rc.d to prevent apt from starting services - # on package installation - # ------------------------------------------------------------------------------ - cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <> "${INSTALLDIR}/etc/pam.d/common-session" - - # ------------------------------------------------------------------------------ - # Add debian security repository - # ------------------------------------------------------------------------------ - debug "Adding debian-security repository." - source="deb http://security.debian.org ${DEBIANVERSION}/updates main" - if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then - touch "${INSTALLDIR}/etc/apt/sources.list" - echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" - fi - source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" - if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then - touch "${INSTALLDIR}/etc/apt/sources.list" - echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + #### '---------------------------------------------------------------------- + info 'Install standard Debian packages' + #### '---------------------------------------------------------------------- + if ! [ -f "${INSTALLDIR}/${TMPDIR}/.debian_packages" ]; then + packages="$(chroot tasksel --new-install --task-packages standard)" + aptInstall ${packages} + touch "${INSTALLDIR}/${TMPDIR}/.debian_packages" fi - # ------------------------------------------------------------------------------ - # Upgrade system - # ------------------------------------------------------------------------------ - debug "Upgrading system" - chroot "${INSTALLDIR}" apt-get update - true "${stout}" - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} dist-upgrade - - # ------------------------------------------------------------------------------ - # Configure keyboard - # ------------------------------------------------------------------------------ - debug "Setting keyboard layout" - chroot "${INSTALLDIR}" debconf-set-selections < "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <> "${INSTALLDIR}/etc/apt/sources.list" - fi - chroot ${INSTALLDIR} apt-get update - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers - fi - - # ------------------------------------------------------------------------------ - # Cleanup - # ------------------------------------------------------------------------------ - # Remove temporary policy layer so services can start normally in the - # deployed template. - rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" - touch "${INSTALLDIR}/tmp/.prepared_groups" + #### '---------------------------------------------------------------------- + info ' Cleanup' + #### '---------------------------------------------------------------------- + touch "${INSTALLDIR}/${TMPDIR}/.prepared_groups" trap - ERR EXIT trap - - # Kill all processes and umount all mounts within ${INSTALLDIR}, - # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being - # umounted itself) - umount_kill "${INSTALLDIR}/" || : fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" + +# ============================================================================== +# Kill all processes and umount all mounts within ${INSTALLDIR}, but not +# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted) +# ============================================================================== +umount_all "${INSTALLDIR}/" || true diff --git a/scripts_debian/02_install_groups_jessie.sh b/scripts_debian/02_install_groups_jessie.sh new file mode 100755 index 0000000..51a82b5 --- /dev/null +++ b/scripts_debian/02_install_groups_jessie.sh @@ -0,0 +1,36 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### "========================================================================= +debug " Installing custom packages and customizing ${DIST}" +##### "========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Adding contrib, non-free and Debian security to repository.' +#### '-------------------------------------------------------------------------- +updateDebianSourceList +aptUpdate + +##### '========================================================================= +debug ' Replacing sysvinit with systemd' +##### '========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Remove sysvinit' +#### '-------------------------------------------------------------------------- +aptRemove sysvinit + +#### '-------------------------------------------------------------------------- +info ' Install Systemd' +#### '-------------------------------------------------------------------------- +aptUpdate +aptInstall systemd-sysv + +#### '-------------------------------------------------------------------------- +info ' Set multu-user.target as the default target (runlevel 3)' +#### '-------------------------------------------------------------------------- +chroot rm -f /etc/systemd/system/default.target +chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target diff --git a/scripts_debian/02_install_groups_wheezy.sh b/scripts_debian/02_install_groups_wheezy.sh new file mode 100755 index 0000000..541b9a9 --- /dev/null +++ b/scripts_debian/02_install_groups_wheezy.sh @@ -0,0 +1,89 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### "========================================================================= +debug " Installing custom packages and customizing ${DIST}" +##### "========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Adding contrib, non-free and Debian security to repository.' +#### '-------------------------------------------------------------------------- +updateDebianSourceList + +#### '---------------------------------------------------------------------- +info ' Adding wheezy backports repository.' +#### '---------------------------------------------------------------------- +source="deb ${DEBIAN_MIRROR} wheezy-backports main" +if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" +fi +aptUpdate + +##### '========================================================================= +debug ' Replace sysvinit with systemd' +##### '========================================================================= + +#### '---------------------------------------------------------------------- +info ' Remove sysvinit' +#### '---------------------------------------------------------------------- +echo 'Yes, do as I say!' | aptRemove sysvinit + +#### '---------------------------------------------------------------------- +info ' Preventing sysvinit re-installation' +#### '---------------------------------------------------------------------- +chroot apt-mark hold sysvinit + +#### '---------------------------------------------------------------------- +info ' Pin sysvinit to prevent being re-installed' +#### '---------------------------------------------------------------------- +cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" </dev/null +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +##### '------------------------------------------------------------------------- +debug ' Installing Qubes packages' +##### '------------------------------------------------------------------------- -# ------------------------------------------------------------------------------ -# If .prepared_groups has not been completed, don't continue -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then - error "prepared_groups installataion has not completed!... Exiting" - exit 1 -fi +# If .prepared_debootstrap has not been completed, don't continue +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_groups" "prepared_groups installataion has not completed!... Exiting" -# ------------------------------------------------------------------------------ -# Mount system mount points -# ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done -mount -t tmpfs none "${INSTALLDIR}/run" +# Create system mount points +prepareChroot -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" - -# ------------------------------------------------------------------------------ -# Install Qubes Packages -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then - debug "Installing qbues modules" - - # -------------------------------------------------------------------------- - # Set up a temporary policy-rc.d to prevent apt from starting services - # on package installation - # -------------------------------------------------------------------------- - cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <> "${INSTALLDIR}/etc/locale.gen" - chroot "${INSTALLDIR}" locale-gen - chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8 - - # -------------------------------------------------------------------------- - # Link mtab - # -------------------------------------------------------------------------- - rm -f "${INSTALLDIR}/etc/mtab" - ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab" - - # -------------------------------------------------------------------------- - # Start of Qubes package installation - # -------------------------------------------------------------------------- - debug "Installing qubes packages" - export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}" - - # -------------------------------------------------------------------------- - # Install keyrings - # -------------------------------------------------------------------------- - if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then - mkdir -p "${CACHEDIR}" - gpg --gen-key --batch < "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" </dev/null +source ./umount_kill.sh >/dev/null + +setVerboseMode +output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}" + +# ============================================================================== +# Cleanup function +# ============================================================================== +function cleanup() { + errval=$? + trap - ERR EXIT + trap + error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}" + umount_all || true + + # Return xtrace to original state + [[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x + + exit $errval +} + +# ============================================================================== +# If .prepared_debootstrap has not been completed, don't continue +# ============================================================================== +function exitOnNoFile() { + file="${1}" + message="${2}" + + if ! [ -f "${file}" ]; then + error "${message}" + umount_all || true + exit 1 + fi +} + +# ============================================================================== +# Umount everthing within INSTALLDIR or $1 but kill all processes within first +# ============================================================================== +function umount_all() { + directory="${1:-"${INSTALLDIR}"}" + + # Only remove dirvert policies, etc if base INSTALLDIR mount is being umounted + if [ "${directory}" == "${INSTALLDIR}" -o "${directory}" == "${INSTALLDIR}/" ]; then + if [ -n "$(mountPoints)" ]; then + removeDbusUuid + removeDivertPolicy + fi + fi + + umount_kill "${directory}" || true +} + +# ============================================================================== +# Create snapshot +# ============================================================================== +function createSnapshot() { + snapshot_name="${1}" + + if [ "${SNAPSHOT}" == "1" ]; then + splitPath "${IMG}" path_parts + snapshot_path="${path_parts[dir]}${path_parts[base]}-${snapshot_name}${path_parts[dotext]}" + + # create snapshot + info "Creating snapshot of ${IMG} to ${snapshot_path}" + sync + cp -f "${IMG}" "${snapshot_path}" + fi +} + +# ============================================================================== +# Create DBUS uuid +# ============================================================================== +function createDbusUuid() { + outputc green "Creating DBUS uuid..." + removeDbusUuid + if [ -e "${INSTALLDIR}/bin/dbus-uuidgen" ]; then + chroot dbus-uuidgen --ensure 1>/dev/null 2>&1 + fi +} + +# ============================================================================== +# Remove DBUS uuid +# ============================================================================== +function removeDbusUuid() { + if [ -e "${INSTALLDIR}"/var/lib/dbus/machine-id ]; then + outputc red "Removing generated machine uuid..." + rm -f "${INSTALLDIR}/var/lib/dbus/machine-id" + fi +} + +# ============================================================================== +# Set up a temporary dpkg-divert policy to prevent apt from starting services +# on package installation +# ============================================================================== +function addDivertPolicy() { + outputc green "Deactivating initctl..." + chroot dpkg-divert --local --rename --add /sbin/initctl || true + + # utopic systemd install still broken... + outputc green "Hacking invoke-rc.d to ignore missing init scripts..." + chroot sed -i -e "s/exit 100/exit 0 #exit 100/" /usr/sbin/invoke-rc.d +} + +# ============================================================================== +# Remove temporary dpkg-divert policy +# ============================================================================== +function removeDivertPolicy() { + outputc red "Reactivating initctl..." + chroot dpkg-divert --local --rename --remove /sbin/initctl || true + + outputc red "Restoring invoke-rc.d..." + chroot sed -i -e "s/exit 0 #exit 100/exit 100/" /usr/sbin/invoke-rc.d +} + +# ============================================================================== +# Create system mount points +# ============================================================================== +function prepareChroot() { + # Make sure nothing is mounted within $INSTALLDIR + umount_kill "${INSTALLDIR}/" + + mount -t tmpfs none "${INSTALLDIR}/run" + if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then + mount -t proc proc "${INSTALLDIR}/proc" + mount -t sysfs sys "${INSTALLDIR}/sys" + fi + createDbusUuid + addDivertPolicy +} + +# ============================================================================== +# apt-get upgrade +# ============================================================================== +function aptUpgrade() { + aptUpdate + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes +} + +# ============================================================================== +# apt-get dist-upgrade +# ============================================================================== +function aptDistUpgrade() { + aptUpdate + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes +} + +# ============================================================================== +# apt-get update +# ============================================================================== +function aptUpdate() { + debug "Updating system" + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get update +} + +# ============================================================================== +# apt-get remove +# ============================================================================== +function aptRemove() { + files="$@" + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get ${APT_GET_OPTIONS} remove ${files[@]} +} + +# ============================================================================== +# apt-get install +# ============================================================================== +function aptInstall() { + files="$@" + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get ${APT_GET_OPTIONS} install ${files[@]} +} + +# ============================================================================== +# Install extra packages in script_${DIST}/packages.list file +# -and / or- TEMPLATE_FLAVOR directories +# ============================================================================== +function installPackages() { + if [ -n "${1}" ]; then + # Locate packages within sub dirs + if [ ${#@} == "1" ]; then + getFileLocations packages_list "${1}" "" + else + packages_list="$@" + fi + else + getFileLocations packages_list "packages.list" "${DIST}" + if [ -z "${packages_list}" ]; then + error "Can not locate a package.list file!" + umount_all || true + exit 1 + fi + fi + + for package_list in ${packages_list[@]}; do + debug "Installing extra packages from: ${package_list}" + declare -a packages + readarray -t packages < "${package_list}" + + info "Packages: "${packages[@]}"" + aptInstall "${packages[@]}" || return $? + done +} + +# ============================================================================== +# Install Systemd +# ============================================================================== +function installSystemd() { + buildStep "$0" "pre-systemd" + chroot apt-get update + + aptInstall systemd + createDbusUuid + + # Set multi-user.target as default target + chroot rm -f /etc/systemd/system/default.target + chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + + # XXX: TEMP lets see how stuff work with upstart in control for now + # Boot using systemd + chroot rm -f /sbin/init + chroot ln -sf /lib/systemd/systemd /sbin/init + + buildStep "$0" "post-systemd" +} + +# ============================================================================== +# ------------------------------------------------------------------------------ +# C O N F I G U R A T I O N R E L A T E D +# ------------------------------------------------------------------------------ +# ============================================================================== + +# ============================================================================== +# Add universe to sources.list +# ============================================================================== +function updateDebianSourceList() { + # Add contrib and non-free component to repository + touch "${INSTALLDIR}/etc/apt/sources.list" + sed -i "s/${DIST} main$/${DIST} main contrib non-free/g" "${INSTALLDIR}/etc/apt/sources.list" + + # Add Debian security repositories + source="deb http://security.debian.org ${DEBIANVERSION}/updates main" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi +} + +# ============================================================================== +# Add universe to sources.list +# ============================================================================== +function updateQubuntuSourceList() { + sed -i "s/${DIST} main$/${DIST} main universe multiverse restricted/g" "${INSTALLDIR}/etc/apt/sources.list" + source="deb http://archive.canonical.com/ubuntu ${DIST} partner" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + source="deb-src http://archive.canonical.com/ubuntu ${DIST} partner" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + chroot apt-get update +} + +# ============================================================================== +# Make sure there is a resolv.conf with network of this AppVM for building +# ============================================================================== +function createResolvConf() { + rm -f "${INSTALLDIR}/etc/resolv.conf" + cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" +} + +# ============================================================================== +# Ensure umask set in /etc/login.defs is used (022) +# ============================================================================== +function configureUmask() { + echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session" +} + +# ============================================================================== +# Configure keyboard +# ============================================================================== +function configureKeyboard() { + debug "Setting keyboard layout" + cat > "${INSTALLDIR}/tmp/keyboard.conf" <<'EOF' +keyboard-configuration keyboard-configuration/variant select English (US) +keyboard-configuration keyboard-configuration/layout select English (US) +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/layoutcode string us +keyboard-configuration keyboard-configuration/variantcode string +keyboard-configuration keyboard-configuration/optionscode string +EOF + chroot debconf-set-selections /tmp/keyboard.conf +} + +# ============================================================================== +# Update locale +# ============================================================================== +function updateLocale() { + debug "Updating locales" + chroot localedef -f UTF-8 -i en_US -c en_US.UTF-8 + chroot update-locale LC_ALL=en_US.UTF-8 +} + + +# ============================================================================== +# ------------------------------------------------------------------------------ +# Q U B E S S P E C I F I C F U N C T I O N S +# ------------------------------------------------------------------------------ +# ============================================================================== + + +# ============================================================================== +# Install Keyrings +# ============================================================================== +function installKeyrings() { + if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then + mkdir -p "${CACHEDIR}" + gpg --gen-key --batch < "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" </dev/null 2>&1 || \ + { + # UID needs match host user to have access to Whonix sources + chroot groupadd -f user + [ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID" + chroot useradd -g user $USER_OPTS -G sudo,audio -m -s /bin/bash user + if [ `chroot id -u user` != 1000 ]; then + chroot useradd -g user -u 1000 -M -s /bin/bash user-placeholder + fi + } + + #### '---------------------------------------------------------------------- + info ' Installing Whonix build scripts' + #### '---------------------------------------------------------------------- + echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh" + chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh" + + #### '---------------------------------------------------------------------- + info ' Removing apt-listchanges if it exists,so no prompts appear' + #### '---------------------------------------------------------------------- + # Whonix does not handle this properly, but aptInstall packages will + aptRemove apt-listchanges || true + + #### '---------------------------------------------------------------------- + info ' Copying additional files required for build' + #### '---------------------------------------------------------------------- + copyTree "files" + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" +fi + + +##### '------------------------------------------------------------------------- +debug ' Installing Whonix code base' +##### '------------------------------------------------------------------------- +if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ]; then + if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then + chroot su user -c 'mkdir /home/user/Whonix' + fi + + mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix" + + if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then + BUILD_TYPE="--torgateway" + elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then + BUILD_TYPE="--torworkstation" + else + error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" + error "You need to set TEMPLATE_FLAVOR environment variable to either" + error "whonix-gateway OR whonix-workstation" + exit 1 + fi + + # Whonix needs /dev/pts mounted during build + mount --bind /dev "${INSTALLDIR}/dev" + mount --bind /dev/pts "${INSTALLDIR}/dev/pts" + + chroot su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; } + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_installed" +fi + + +##### '------------------------------------------------------------------------- +debug ' Whonix Post Installation Configurations' +##### '------------------------------------------------------------------------- +if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_post" ]; then + + #### '---------------------------------------------------------------------- + info ' Restoring original network interfaces' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc/network" + { + rm -f interfaces; + ln -s interfaces.backup interfaces; + } + popd + + #### '---------------------------------------------------------------------- + info ' Temporarily retore original resolv.conf for remainder of install process' + info ' (Will be restored back in wheezy+whonix/04_qubes_install_post.sh)' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc" + { + rm -f resolv.conf; + cp -p resolv.conf.backup resolv.conf; + } + popd + + #### '---------------------------------------------------------------------- + info ' Temporarily retore original hosts for remainder of install process' + info ' (Will be restored on initial boot)' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc" + { + rm -f hosts; + cp -p hosts.anondist-orig hosts; + } + popd + + #### '---------------------------------------------------------------------- + info ' Restore default user UID set to so same in all builds regardless of build host' + #### '---------------------------------------------------------------------- + if [ -n "`chroot id -u user-placeholder`" ]; then + chroot userdel user-placeholder + chroot usermod -u 1000 user + fi + + #### '---------------------------------------------------------------------- + info ' Enable some aliases in .bashrc' + #### '---------------------------------------------------------------------- + sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc" + sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc" + sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc" + + #### '---------------------------------------------------------------------- + info ' Remove apt-cacher-ng' + #### '---------------------------------------------------------------------- + chroot service apt-cacher-ng stop || : + chroot update-rc.d apt-cacher-ng disable || : + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng + + #### '---------------------------------------------------------------------- + info ' Remove original sources.list (Whonix copied them to .../debian.list)' + #### '---------------------------------------------------------------------- + rm -f "${INSTALLDIR}/etc/apt/sources.list" + + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot apt-get.anondist-orig update + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_post" +fi + + +##### '------------------------------------------------------------------------- +debug ' Temporarily retore original apt-get for remainder of install process' +##### '------------------------------------------------------------------------- +pushd "${INSTALLDIR}/usr/bin" +{ + rm -f apt-get; + cp -p apt-get.anondist-orig apt-get; +} +popd + +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +trap - ERR EXIT +trap diff --git a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh deleted file mode 120000 index db7d12f..0000000 --- a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/04_install_qubes_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh new file mode 100755 index 0000000..b97dcd1 --- /dev/null +++ b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### '------------------------------------------------------------------------- +debug ' Installing qubes-whonix package(s)' +##### '------------------------------------------------------------------------- + + +# If .prepared_debootstrap has not been completed, don't continue +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" "prepared_qubes installataion has not completed!... Exiting" + +# Create system mount points. +prepareChroot + + +#### '-------------------------------------------------------------------------- +info ' Trap ERR and EXIT signals and cleanup (umount)' +#### '-------------------------------------------------------------------------- +trap cleanup ERR +trap cleanup EXIT + +#### '-------------------------------------------------------------------------- +info ' Installing qubes-whonix and other required packages' +#### '-------------------------------------------------------------------------- +# whonix-setup-wizard expects '/usr/local/share/applications' directory to exist +chroot mkdir -p '/usr/local/share/applications' # whonix-setup-wizard needs this + +installQubesRepo +aptInstall python-guimessages whonix-setup-wizard qubes-whonix +uninstallQubesRepo + +#### '-------------------------------------------------------------------------- +info ' Cleanup' +#### '-------------------------------------------------------------------------- +umount_all "${INSTALLDIR}/" || true +trap - ERR EXIT +trap diff --git a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh deleted file mode 120000 index 9728555..0000000 --- a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/09_cleanup_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh new file mode 100755 index 0000000..34a1bdb --- /dev/null +++ b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### '------------------------------------------------------------------------- +debug ' Whonix post installation cleanup' +##### '------------------------------------------------------------------------- + + +#### '-------------------------------------------------------------------------- +info ' Restoring Whonix apt-get' +#### '-------------------------------------------------------------------------- +pushd "${INSTALLDIR}/usr/bin" +{ + rm -f apt-get; + cp -p apt-get.anondist apt-get; +} +popd + +#### '-------------------------------------------------------------------------- +info ' Restoring Whonix resolv.conf' +#### '-------------------------------------------------------------------------- +pushd "${INSTALLDIR}/etc" +{ + rm -f resolv.conf; + cp -p resolv.conf.anondist resolv.conf; +} +popd + +#### '-------------------------------------------------------------------------- +info ' Removing files created during installation that are no longer required' +#### '-------------------------------------------------------------------------- +rm -rf "${INSTALLDIR}/home.orig/user/Whonix" +rm -rf "${INSTALLDIR}/home.orig/user/whonix_binary" +rm -f "${INSTALLDIR}/home.orig/user/whonix_fix" +rm -f "${INSTALLDIR}/home.orig/user/whonix_build.sh" +rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build" +rm -f "${TMPDIR}/etc/sudoers.d/whonix-build" diff --git a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh deleted file mode 100755 index 4531e88..0000000 --- a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# whonix-netvm-gateway contains last known IP used to search and replace -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then - # -------------------------------------------------------------------------- - # Install Custom Configurations - # -------------------------------------------------------------------------- - echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" - touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/.facl b/scripts_debian/wheezy+whonix-gateway/files/.facl index 56e79de..3544554 100644 --- a/scripts_debian/wheezy+whonix-gateway/files/.facl +++ b/scripts_debian/wheezy+whonix-gateway/files/.facl @@ -1,108 +1,3 @@ -# file: . -# owner: user -# group: user -user::rwx -group::r-x -other::r-x - -# file: lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system/qubes-whonix-firewall.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-network.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-init.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/hosts -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/uwt.d -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/uwt.d/50_uwt_default -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/xdg -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart/qubes-whonixsetup.desktop -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/apt -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - # file: etc/hostname # owner: root # group: root @@ -114,7 +9,7 @@ other::r-- # owner: root # group: root user::rwx -group::r-x +group::--x other::--- # file: etc/sudoers.d/whonix-build @@ -124,129 +19,3 @@ user::r-- group::r-- other::--- -# file: .facl -# owner: user -# group: user -user::rw- -group::r-- -other::r-- - -# file: usr -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/utility_functions -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/bind-dirs.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-firewall.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-bind.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/init/replace-ips -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/init.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/whonixcheck.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/init/network-proxy-setup.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-tor.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/messages.yaml -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/alert -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/qubes-whonixsetup -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/enable-iptables-logging.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/hosts b/scripts_debian/wheezy+whonix-gateway/files/etc/hosts deleted file mode 100644 index cc0e30d..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/hosts +++ /dev/null @@ -1,7 +0,0 @@ -## Anonymity Distribution /etc/hosts - -## Anonymity Distribution specific -127.0.0.1 host.localdomain host -## End of Anonymity Distribution specific - -## End of Anonymity Distribution /etc/hosts diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default b/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default deleted file mode 100644 index bac9ef3..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default +++ /dev/null @@ -1,6 +0,0 @@ - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then - uwtwrapper["/usr/bin/apt-get"]="0" -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop b/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop deleted file mode 100644 index 260635d..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop +++ /dev/null @@ -1,8 +0,0 @@ -## This file is part of Whonix. -## Copyright (C) 2012 - 2014 Patrick Schleizer -## See the file COPYING for copying conditions. - -[Desktop Entry] -Type=Application -Terminal=false -Exec=/usr/lib/whonix/qubes-whonixsetup diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service deleted file mode 100644 index 89a5229..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes Whonix firewall updater -After=qubes-whonix-network.service -Before=network.target - -[Service] -ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-firewall.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service deleted file mode 100644 index 6215c2c..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Qubes Whonix initialization script -After=qubes-whonix-network.service -Before=qubes-whonix-firewall.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/init.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service deleted file mode 100644 index 4e71280..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes Whonix network proxy setup -ConditionPathExists=/var/run/qubes-service/qubes-network -Before=network.target -After=iptables.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-network.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert deleted file mode 100755 index e585475..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python - -# -# Copyright 2014 Jason Mehring (nrgaway@gmail.com) -# - -from PyQt4 import QtGui -import locale -import yaml - -DEFAULT_LANG = 'en' - -class Messages(): - filename = None - data = None - language = DEFAULT_LANG - title = None - icon = None - message = None - - def __init__(self, section, filename): - self.filename = filename - - language = locale.getdefaultlocale()[0].split('_')[0] - if language: - self.language = language - - try: - stream = file(filename, 'r') - data = yaml.load(stream) - - if section in data.keys(): - section = data[section] - - self.icon = section.get('icon', None) - - language = section.get(self.language, DEFAULT_LANG) - - self.title = language.get('title', None) - self.message = language.get('message', None) - - except (IOError): - pass - except (yaml.scanner.ScannerError, yaml.parser.ParserError): - pass - -class WhonixMessageBox(QtGui.QMessageBox): - def __init__(self, message): - super(WhonixMessageBox, self).__init__() - self.message = message - self.initUI() - - def initUI(self): - message = self.message - - if message.title: - self.setWindowTitle(message.title) - - if message.icon: - self.setIcon(getattr(QtGui.QMessageBox, message.icon)) - - if message.message: - self.setText(message.message) - self.exec_() - -import argparse -import sys - - - -def main(): - parser = argparse.ArgumentParser(description='Display a QT Message Box') - - parser.add_argument('section', help="Message section") - parser.add_argument('filename', help="File including full path") - - args = parser.parse_args() - - if not args.filename and args.section: - print parser.usage() - sys.exit(1) - - app = QtGui.QApplication(sys.argv) - - message = Messages(args.section, args.filename) - dialog = WhonixMessageBox(message) - sys.exit() - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh deleted file mode 100755 index ab2b0be..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# -# To umount all binds, just pass any arg in $1 -# - -. /usr/lib/whonix/utility_functions - -# Don't run if started as a template -if ! [ "${WHONIX}" == "template" ]; then - # Array of directories to bind - BINDS=( - '/rw/srv/whonix/root/.whonix:/root/.whonix' - '/rw/srv/whonix/root/.whonix.d:/root/.whonix.d' - '/rw/srv/whonix/var/lib/whonix:/var/lib/whonix' - '/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck' - '/rw/srv/whonix/etc/tor:/etc/tor' - ) - - for bind in ${BINDS[@]}; do - rw_dir="${bind%%:*}" - ro_dir="${bind##*:}" - - # Make sure ro directory is not mounted - umount "${ro_dir}" 2> /dev/null || true - - if [ -n "${1}" ]; then - echo "Umounting only..." - exit 0 - fi - - # Make sure ro directory exists - if ! [ -d "${ro_dir}" ]; then - mkdir -p "${ro_dir}" - fi - - # Initially copy over data directories to /rw if rw directory does not exist - if ! [ -d "${rw_dir}" ]; then - mkdir -p "${rw_dir}" - rsync -hax "${ro_dir}/." "${rw_dir}" - fi - - # Bind the directory - sync - mount --bind "${rw_dir}" "${ro_dir}" - done - sync -fi - -if [ "${WHONIX}" == "gateway" ]; then - # Make sure we remove whonixsetup.done if Tor is not enabled - # to allow choice of repo and prevent whonixcheck errors - grep "^DisableNetwork 0$" /etc/tor/torrc || { - sudo rm -f /var/lib/whonix/do_once/whonixsetup.done - } -fi - -exit 0 diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh deleted file mode 100755 index a8e1653..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Check /var/log/kern.log for logging results - -LOG_IP4=1 -LOG_IP6=0 - -# for IPv4 -if [ "$LOG_IP4" == "1" ]; then - iptables -t raw -A OUTPUT -p icmp -j TRACE - iptables -t raw -A PREROUTING -p icmp -j TRACE - modprobe ipt_LOG -fi - -# for IPv6 -if [ "$LOG_IP6" == "1" ]; then - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE - modprobe ip6t_LOG -fi - -# Redirect local port to remote via socat -#apt-get install socat -#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082 -# -# Works -# localhost/loopback maps localhost port 8082 to localhost port 8888 -#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888 diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh deleted file mode 100755 index 1839152..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" != "template" ]; then - # Files that will have the immutable bit set - # since we don't want them modified by other programs - IMMUTABLE_FILES=( - '/etc/resolv.conf' - '/etc/hostname' - '/etc/hosts' - ) - - # Make sure all .anondist files in list are immutable - immutableFilesEnable "${IMMUTABLE_FILES}" - immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist" - - # Make sure we are using a copy of the annondist file and if not - # copy the annondist file and set it immutable - copyAnondist "/etc/resolv.conf" - copyAnondist "/etc/hosts" - copyAnondist "/etc/hostname" - - # Replace IP addresses in known configuration files / scripts to - # currently discovered one - /usr/lib/whonix/init/replace-ips - - # Make sure hostname is correct - /bin/hostname host -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh deleted file mode 100755 index 71a43cf..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -INTERFACE="eth1" - -if [ "${WHONIX}" == "gateway" ]; then - - if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" - else - XENSTORE_READ="/usr/bin/xenstore-read" - fi - - # Setup Xen / Qubes proxy - network=$(xenstore-read qubes-netvm-network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(xenstore-read qubes-netvm-gateway) - netmask=$(xenstore-read qubes-netvm-netmask) - secondary_dns=$(xenstore-read qubes-netvm-secondary-dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes-ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns - #/usr/lib/qubes/qubes-setup-dnat-to-ns - echo "0" > /proc/sys/net/ipv4/ip_forward - /sbin/ethtool -K eth0 sg off || : - fi - - # Now, assign it the netvm-gateway IP address - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - if [ x${ip} != x ]; then - # Create a dummy eth1 interface so tor can bind to it if there - # are no DOMU virtual machines connected at the moment - /sbin/ip link add ${INTERFACE} type dummy - - netmask=$(${XENSTORE_READ} qubes-netvm-netmask) - gateway=$(${XENSTORE_READ} qubes-netvm-gateway) - /sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255 - /sbin/ifconfig ${INTERFACE} up - /sbin/ethtool -K ${INTERFACE} sg off || true - /sbin/ethtool -K ${INTERFACE} tx off || true - - ip link set ${INTERFACE} up - fi - - echo "0" > /proc/sys/net/ipv4/ip_forward - - # Allow whonix-gateway to act as an update-proxy - touch /var/run/qubes-service/qubes-updates-proxy - - # Search and replace tinyproxy error files so we can inject code that - # we can use to identify that its a tor proxy so updates are secure - error_file="/usr/share/tinyproxy/default.html" - grep -q "${PROXY_META}" "${error_file}" || { - sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}" - } -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh deleted file mode 100755 index 50c5cbc..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" -else - XENSTORE_READ="/usr/bin/xenstore-read" -fi - -# Make sure IP forwarding is disabled -echo "0" > /proc/sys/net/ipv4/ip_forward - -if [ "${WHONIX}" != "template" ]; then - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - - # Start Whonix Firewall - if [ "${WHONIX}" == "gateway" ]; then - export INT_IF="vif+" - export INT_TIF="vif+" - - # Inject custom firewall rules into whonix_firewall - sed -i -f - /usr/bin/whonix_firewall <<-EOF -/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\ -## IPv4 DROP INVALID INCOMING PACKAGES \\ -## \\ -## --- THE FOLLOWING WS INJECTED --- \\ -## Qubes Tiny Proxy Updater \\ -iptables -t nat -N PR-QBS-SERVICES \\ -iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\ -iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\ -iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\ -iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\ -iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\ -iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\ -\\ -# Route any traffic FROM netvm TO netvm BACK-TO localhost \\ -# Allows localhost access to tor network \\ -#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\ -###################################### -EOF - fi - - # Load the firewall - # XXX: TODO: Take down all network accesss if firewall fails - /usr/bin/whonix_firewall - - systemctl restart qubes-updates-proxy.service -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service deleted file mode 100644 index 0a83e1b..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description = Anonymizing overlay network for TCP -After = syslog.target network.target nss-lookup.target - -[Service] -Type = simple -ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --quiet -ExecReload = /bin/kill -HUP ${MAINPID} -ExecStop = /bin/kill -INT ${MAINPID} -TimeoutSec = 60 -Restart = on-failure -LimitNOFILE = 32768 - -[Install] -WantedBy = multi-user.target -Alias=tor.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips deleted file mode 100755 index 900a584..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -# Search though files and updates IP address to the current -# IP address(es) - -FILES=( - '/usr/lib/leaktest-workstation/simple_ping.py' - '/usr/lib/whonixcheck/preparation' - '/usr/share/anon-kde-streamiso/share/config/kioslaverc' - '/usr/bin/whonix_firewall' - '/etc/whonix_firewall.d/30_default' - '/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh' - '/usr/bin/uwt' - '/etc/uwt.d/30_uwt_default' - '/usr/share/tor/tor-service-defaults-torrc.anondist' - '/usr/bin/update-torbrowser' - '/etc/network/interfaces.whonix' - '/etc/resolv.conf.anondist' - '/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin' - '/etc/rinetd.conf.anondist' - '/etc/network/interfaces.whonix' - '/usr/share/anon-torchat/.torchat/torchat.ini' -) - -# sed search and replace. return 0 if replace happened, otherwise 1 -search_replace() { - local search="${1}" - local replace="${2}" - local file="${3}" - local retval=1 - - if ! [ -L "${file}" ]; then - ls_attrs="$(lsattr "${file}")" - ls_attrs=${ls_attrs:4:1} - if [ "${ls_attrs}" == "i" ]; then - chattr -i "${file}" - fi - fi - - sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" - retval=$? - - if [ "${ls_attrs}" = "i" ]; then - chattr +i "${file}" - fi - - return $retval -} - -function replace_ips() -{ - local search_ip="${1}" - local replace_ip="${2}" - local files=("${!3}") - local retval=1 - - # If IP is 10.152.152.10, network is 10.152.152.0 - search_network="${search_ip%[.]*}.0" - replace_network="${replace_ip%[.]*}.0" - - if ! [ "${search_ip}" = "${replace_ip}" ]; then - for file in "${files[@]}"; do - if [ -f "$file" ]; then - search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0 - search_replace "${search_network}" "${replace_network}" "${file}" && retval=0 - fi - done - fi - - return $retval -} - -update_ip() { - ip=${1} - - echo "${ip}" > /etc/whonix-netvm-gateway - grep '^DisableNetwork 0$' /etc/tor/torrc && { - service tor status && { - service tor reload || true; - } - } -} - -if [ "${WHONIX}" == "gateway" ]; then - ip="$(xenstore-read qubes-netvm-gateway)" - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}" - fi - -elif [ "${WHONIX}" == "workstation" ]; then - ip="$(xenstore-read qubes-ip)" - gateway="$(xenstore-read qubes-gateway)" - - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - fi - - if [ x${gateway} != x ]; then - # Compare to current gateway IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - fi -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service deleted file mode 100644 index 5f883d2..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Checks many important aspects of Whonix. -After=syslog.target network.target - -[Service] -Type=forking -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/run/whonixcheck -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonixcheck -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonix/whonixblog -ExecStart=/usr/lib/whonixcheckdaemon -PIDFile=/var/run/whonixcheck.pid -User=user -Group=user -UMask=0007 -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml deleted file mode 100644 index 075ab09..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -update: - icon: Critical - en: - title: Tor netvm required for updates - message: | -

Tor netvm required for updates!

-

Please ensure your template vm has a Whonix gateway as it's VM.

-

No updates are possible without an active (running) Whonix gateway VM.

diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup deleted file mode 100755 index f90d15b..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if ! [ "${WHONIX}" == "template" ]; then - sudo /usr/lib/whonix/bind-dirs.sh -fi - -if [ "${WHONIX}" == "gateway" ]; then - if grep "^DisableNetwork 0$" /etc/tor/torrc ;then - sudo service sdwdate restart - sudo service tor restart - else - sudo service sdwdate restart - sudo service tor stop - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "workstation" ]; then - sudo service sdwdate restart - if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then - # Set secure defaults. - sudo iptables -P INPUT DROP - sudo iptables -P FORWARD DROP - sudo iptables -P OUTPUT DROP - - # Flush old rules. - sudo iptables -F - sudo iptables -X - sudo iptables -t nat -F - sudo iptables -t nat -X - sudo iptables -t mangle -F - sudo iptables -t mangle -X - - # Display warning that netvm is not connected to a torvm - /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions deleted file mode 100755 index 8a3b4e7..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -# /etc/uwt.d/50_uwt_default relies on this in order to allow connection -# to proxy for template -PROXY_SERVER="http://10.137.255.254:8082/" -PROXY_META='' - -if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then - WHONIX="template" -elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then - WHONIX="gateway" -elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then - WHONIX="workstation" -else - WHONIX="unknown" -fi - -if [ "${WHONIX}" == "template" ]; then - curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && { - PROXY_SECURE=1 - } || { - PROXY_SECURE=0 - } -fi - -immutableFilesEnable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr +i "${file}${suffix}" - fi - done -} - -immutableFilesDisable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr -i "${file}${suffix}" - fi - done -} - -copyAnondist() { - file="${1}" - suffix="${2-.anondist}" - - # Remove any softlinks first - if [ -L "${file}" ]; then - sudo rm -f "${file}" - fi - - if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then - sudo chattr -i "${file}" - sudo rm -f "${file}" - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - elif ! [ -f "${file}" ]; then - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - fi -} - -# Will only enable / disable if service is not already in that state -enable_sysv() { - servicename=${1} - disable=${2-0} - - # Check to see if the service is already enabled and if not, enable it - string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}" - - if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then - case ${disable} in - 0) - echo "${1} is currently disabled; enabling it" - sudo systemctl --quiet enable ${servicename} - ;; - 1) - echo "${1} is currently enabled; disabling it" - sudo service ${servicename} stop - sudo systemctl --quiet disable ${servicename} - ;; - esac - fi -} - -disable_sysv() { - enable_sysv ${1} 1 -} - diff --git a/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list b/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list deleted file mode 120000 index d5dfb50..0000000 --- a/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/packages_wheezy.list \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix/packages_wheezy.list b/scripts_debian/wheezy+whonix-gateway/packages_whonix.list similarity index 87% rename from scripts_debian/wheezy+whonix/packages_wheezy.list rename to scripts_debian/wheezy+whonix-gateway/packages_whonix.list index 91e329e..8d44c4c 100644 --- a/scripts_debian/wheezy+whonix/packages_wheezy.list +++ b/scripts_debian/wheezy+whonix-gateway/packages_whonix.list @@ -1,7 +1,8 @@ -git -curl sudo locales +haveged + +curl console-data console-common initramfs-tools @@ -12,17 +13,14 @@ less lsof most pciutils -strace sysfsutils usbutils lsb-release -acpi-support-base -haveged build-essential:native gcc fakeroot lintian - rsync grub-pc + diff --git a/scripts_debian/wheezy+whonix-workstation b/scripts_debian/wheezy+whonix-workstation new file mode 120000 index 0000000..1a4e27a --- /dev/null +++ b/scripts_debian/wheezy+whonix-workstation @@ -0,0 +1 @@ +wheezy+whonix-gateway \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh b/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh deleted file mode 120000 index d1f0dd6..0000000 --- a/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/00_prepare_pre.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh b/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh deleted file mode 120000 index 3524b69..0000000 --- a/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/01_install_core_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh b/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh deleted file mode 120000 index 4b74627..0000000 --- a/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/02_install_groups_packages_installed.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh deleted file mode 120000 index db7d12f..0000000 --- a/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/04_install_qubes_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh deleted file mode 120000 index 9728555..0000000 --- a/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/09_cleanup_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh deleted file mode 100755 index e36dc97..0000000 --- a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# whonix-netvm-gateway contains last known IP used to search and replace -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then - # -------------------------------------------------------------------------- - # Install Custom Configurations - # -------------------------------------------------------------------------- - echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip" - echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" - - touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/.facl b/scripts_debian/wheezy+whonix-workstation/files/.facl deleted file mode 100644 index 9056544..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/.facl +++ /dev/null @@ -1,224 +0,0 @@ -# file: . -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system/qubes-whonix-firewall.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-network.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-init.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/hosts -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/uwt.d -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/uwt.d/50_uwt_default -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/xdg -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart/qubes-whonixsetup.desktop -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/hostname -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/sudoers.d -# owner: root -# group: root -user::rwx -group::r-x -other::--- - -# file: etc/sudoers.d/whonix-build -# owner: root -# group: root -user::r-- -group::r-- -other::--- - -# file: .facl -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/utility_functions -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/bind-dirs.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-firewall.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/replace-ips -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/init.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/network-proxy-setup.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/messages.yaml -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/alert -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/qubes-whonixsetup -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/enable-iptables-logging.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/hostname b/scripts_debian/wheezy+whonix-workstation/files/etc/hostname deleted file mode 100644 index c70dc2d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/hostname +++ /dev/null @@ -1 +0,0 @@ -host diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/hosts b/scripts_debian/wheezy+whonix-workstation/files/etc/hosts deleted file mode 100644 index cc0e30d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/hosts +++ /dev/null @@ -1,7 +0,0 @@ -## Anonymity Distribution /etc/hosts - -## Anonymity Distribution specific -127.0.0.1 host.localdomain host -## End of Anonymity Distribution specific - -## End of Anonymity Distribution /etc/hosts diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build b/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build deleted file mode 100644 index 5841129..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build +++ /dev/null @@ -1 +0,0 @@ -user ALL=(ALL) NOPASSWD: ALL diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default b/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default deleted file mode 100644 index bac9ef3..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default +++ /dev/null @@ -1,6 +0,0 @@ - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then - uwtwrapper["/usr/bin/apt-get"]="0" -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop b/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop deleted file mode 100644 index 260635d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop +++ /dev/null @@ -1,8 +0,0 @@ -## This file is part of Whonix. -## Copyright (C) 2012 - 2014 Patrick Schleizer -## See the file COPYING for copying conditions. - -[Desktop Entry] -Type=Application -Terminal=false -Exec=/usr/lib/whonix/qubes-whonixsetup diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service deleted file mode 100644 index 89a5229..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes Whonix firewall updater -After=qubes-whonix-network.service -Before=network.target - -[Service] -ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-firewall.service diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service deleted file mode 100644 index 6215c2c..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Qubes Whonix initialization script -After=qubes-whonix-network.service -Before=qubes-whonix-firewall.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/init.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service deleted file mode 100644 index 4e71280..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes Whonix network proxy setup -ConditionPathExists=/var/run/qubes-service/qubes-network -Before=network.target -After=iptables.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-network.service diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert deleted file mode 100755 index e585475..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python - -# -# Copyright 2014 Jason Mehring (nrgaway@gmail.com) -# - -from PyQt4 import QtGui -import locale -import yaml - -DEFAULT_LANG = 'en' - -class Messages(): - filename = None - data = None - language = DEFAULT_LANG - title = None - icon = None - message = None - - def __init__(self, section, filename): - self.filename = filename - - language = locale.getdefaultlocale()[0].split('_')[0] - if language: - self.language = language - - try: - stream = file(filename, 'r') - data = yaml.load(stream) - - if section in data.keys(): - section = data[section] - - self.icon = section.get('icon', None) - - language = section.get(self.language, DEFAULT_LANG) - - self.title = language.get('title', None) - self.message = language.get('message', None) - - except (IOError): - pass - except (yaml.scanner.ScannerError, yaml.parser.ParserError): - pass - -class WhonixMessageBox(QtGui.QMessageBox): - def __init__(self, message): - super(WhonixMessageBox, self).__init__() - self.message = message - self.initUI() - - def initUI(self): - message = self.message - - if message.title: - self.setWindowTitle(message.title) - - if message.icon: - self.setIcon(getattr(QtGui.QMessageBox, message.icon)) - - if message.message: - self.setText(message.message) - self.exec_() - -import argparse -import sys - - - -def main(): - parser = argparse.ArgumentParser(description='Display a QT Message Box') - - parser.add_argument('section', help="Message section") - parser.add_argument('filename', help="File including full path") - - args = parser.parse_args() - - if not args.filename and args.section: - print parser.usage() - sys.exit(1) - - app = QtGui.QApplication(sys.argv) - - message = Messages(args.section, args.filename) - dialog = WhonixMessageBox(message) - sys.exit() - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh deleted file mode 100755 index ab2b0be..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# -# To umount all binds, just pass any arg in $1 -# - -. /usr/lib/whonix/utility_functions - -# Don't run if started as a template -if ! [ "${WHONIX}" == "template" ]; then - # Array of directories to bind - BINDS=( - '/rw/srv/whonix/root/.whonix:/root/.whonix' - '/rw/srv/whonix/root/.whonix.d:/root/.whonix.d' - '/rw/srv/whonix/var/lib/whonix:/var/lib/whonix' - '/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck' - '/rw/srv/whonix/etc/tor:/etc/tor' - ) - - for bind in ${BINDS[@]}; do - rw_dir="${bind%%:*}" - ro_dir="${bind##*:}" - - # Make sure ro directory is not mounted - umount "${ro_dir}" 2> /dev/null || true - - if [ -n "${1}" ]; then - echo "Umounting only..." - exit 0 - fi - - # Make sure ro directory exists - if ! [ -d "${ro_dir}" ]; then - mkdir -p "${ro_dir}" - fi - - # Initially copy over data directories to /rw if rw directory does not exist - if ! [ -d "${rw_dir}" ]; then - mkdir -p "${rw_dir}" - rsync -hax "${ro_dir}/." "${rw_dir}" - fi - - # Bind the directory - sync - mount --bind "${rw_dir}" "${ro_dir}" - done - sync -fi - -if [ "${WHONIX}" == "gateway" ]; then - # Make sure we remove whonixsetup.done if Tor is not enabled - # to allow choice of repo and prevent whonixcheck errors - grep "^DisableNetwork 0$" /etc/tor/torrc || { - sudo rm -f /var/lib/whonix/do_once/whonixsetup.done - } -fi - -exit 0 diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh deleted file mode 100755 index a8e1653..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Check /var/log/kern.log for logging results - -LOG_IP4=1 -LOG_IP6=0 - -# for IPv4 -if [ "$LOG_IP4" == "1" ]; then - iptables -t raw -A OUTPUT -p icmp -j TRACE - iptables -t raw -A PREROUTING -p icmp -j TRACE - modprobe ipt_LOG -fi - -# for IPv6 -if [ "$LOG_IP6" == "1" ]; then - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE - modprobe ip6t_LOG -fi - -# Redirect local port to remote via socat -#apt-get install socat -#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082 -# -# Works -# localhost/loopback maps localhost port 8082 to localhost port 8888 -#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888 diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh deleted file mode 100755 index 1839152..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" != "template" ]; then - # Files that will have the immutable bit set - # since we don't want them modified by other programs - IMMUTABLE_FILES=( - '/etc/resolv.conf' - '/etc/hostname' - '/etc/hosts' - ) - - # Make sure all .anondist files in list are immutable - immutableFilesEnable "${IMMUTABLE_FILES}" - immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist" - - # Make sure we are using a copy of the annondist file and if not - # copy the annondist file and set it immutable - copyAnondist "/etc/resolv.conf" - copyAnondist "/etc/hosts" - copyAnondist "/etc/hostname" - - # Replace IP addresses in known configuration files / scripts to - # currently discovered one - /usr/lib/whonix/init/replace-ips - - # Make sure hostname is correct - /bin/hostname host -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh deleted file mode 100755 index 71a43cf..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -INTERFACE="eth1" - -if [ "${WHONIX}" == "gateway" ]; then - - if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" - else - XENSTORE_READ="/usr/bin/xenstore-read" - fi - - # Setup Xen / Qubes proxy - network=$(xenstore-read qubes-netvm-network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(xenstore-read qubes-netvm-gateway) - netmask=$(xenstore-read qubes-netvm-netmask) - secondary_dns=$(xenstore-read qubes-netvm-secondary-dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes-ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns - #/usr/lib/qubes/qubes-setup-dnat-to-ns - echo "0" > /proc/sys/net/ipv4/ip_forward - /sbin/ethtool -K eth0 sg off || : - fi - - # Now, assign it the netvm-gateway IP address - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - if [ x${ip} != x ]; then - # Create a dummy eth1 interface so tor can bind to it if there - # are no DOMU virtual machines connected at the moment - /sbin/ip link add ${INTERFACE} type dummy - - netmask=$(${XENSTORE_READ} qubes-netvm-netmask) - gateway=$(${XENSTORE_READ} qubes-netvm-gateway) - /sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255 - /sbin/ifconfig ${INTERFACE} up - /sbin/ethtool -K ${INTERFACE} sg off || true - /sbin/ethtool -K ${INTERFACE} tx off || true - - ip link set ${INTERFACE} up - fi - - echo "0" > /proc/sys/net/ipv4/ip_forward - - # Allow whonix-gateway to act as an update-proxy - touch /var/run/qubes-service/qubes-updates-proxy - - # Search and replace tinyproxy error files so we can inject code that - # we can use to identify that its a tor proxy so updates are secure - error_file="/usr/share/tinyproxy/default.html" - grep -q "${PROXY_META}" "${error_file}" || { - sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}" - } -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh deleted file mode 100755 index 50c5cbc..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" -else - XENSTORE_READ="/usr/bin/xenstore-read" -fi - -# Make sure IP forwarding is disabled -echo "0" > /proc/sys/net/ipv4/ip_forward - -if [ "${WHONIX}" != "template" ]; then - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - - # Start Whonix Firewall - if [ "${WHONIX}" == "gateway" ]; then - export INT_IF="vif+" - export INT_TIF="vif+" - - # Inject custom firewall rules into whonix_firewall - sed -i -f - /usr/bin/whonix_firewall <<-EOF -/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\ -## IPv4 DROP INVALID INCOMING PACKAGES \\ -## \\ -## --- THE FOLLOWING WS INJECTED --- \\ -## Qubes Tiny Proxy Updater \\ -iptables -t nat -N PR-QBS-SERVICES \\ -iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\ -iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\ -iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\ -iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\ -iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\ -iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\ -\\ -# Route any traffic FROM netvm TO netvm BACK-TO localhost \\ -# Allows localhost access to tor network \\ -#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\ -###################################### -EOF - fi - - # Load the firewall - # XXX: TODO: Take down all network accesss if firewall fails - /usr/bin/whonix_firewall - - systemctl restart qubes-updates-proxy.service -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips deleted file mode 100755 index 900a584..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -# Search though files and updates IP address to the current -# IP address(es) - -FILES=( - '/usr/lib/leaktest-workstation/simple_ping.py' - '/usr/lib/whonixcheck/preparation' - '/usr/share/anon-kde-streamiso/share/config/kioslaverc' - '/usr/bin/whonix_firewall' - '/etc/whonix_firewall.d/30_default' - '/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh' - '/usr/bin/uwt' - '/etc/uwt.d/30_uwt_default' - '/usr/share/tor/tor-service-defaults-torrc.anondist' - '/usr/bin/update-torbrowser' - '/etc/network/interfaces.whonix' - '/etc/resolv.conf.anondist' - '/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin' - '/etc/rinetd.conf.anondist' - '/etc/network/interfaces.whonix' - '/usr/share/anon-torchat/.torchat/torchat.ini' -) - -# sed search and replace. return 0 if replace happened, otherwise 1 -search_replace() { - local search="${1}" - local replace="${2}" - local file="${3}" - local retval=1 - - if ! [ -L "${file}" ]; then - ls_attrs="$(lsattr "${file}")" - ls_attrs=${ls_attrs:4:1} - if [ "${ls_attrs}" == "i" ]; then - chattr -i "${file}" - fi - fi - - sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" - retval=$? - - if [ "${ls_attrs}" = "i" ]; then - chattr +i "${file}" - fi - - return $retval -} - -function replace_ips() -{ - local search_ip="${1}" - local replace_ip="${2}" - local files=("${!3}") - local retval=1 - - # If IP is 10.152.152.10, network is 10.152.152.0 - search_network="${search_ip%[.]*}.0" - replace_network="${replace_ip%[.]*}.0" - - if ! [ "${search_ip}" = "${replace_ip}" ]; then - for file in "${files[@]}"; do - if [ -f "$file" ]; then - search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0 - search_replace "${search_network}" "${replace_network}" "${file}" && retval=0 - fi - done - fi - - return $retval -} - -update_ip() { - ip=${1} - - echo "${ip}" > /etc/whonix-netvm-gateway - grep '^DisableNetwork 0$' /etc/tor/torrc && { - service tor status && { - service tor reload || true; - } - } -} - -if [ "${WHONIX}" == "gateway" ]; then - ip="$(xenstore-read qubes-netvm-gateway)" - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}" - fi - -elif [ "${WHONIX}" == "workstation" ]; then - ip="$(xenstore-read qubes-ip)" - gateway="$(xenstore-read qubes-gateway)" - - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - fi - - if [ x${gateway} != x ]; then - # Compare to current gateway IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - fi -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml deleted file mode 100644 index 075ab09..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -update: - icon: Critical - en: - title: Tor netvm required for updates - message: | -

Tor netvm required for updates!

-

Please ensure your template vm has a Whonix gateway as it's VM.

-

No updates are possible without an active (running) Whonix gateway VM.

diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup deleted file mode 100755 index f90d15b..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if ! [ "${WHONIX}" == "template" ]; then - sudo /usr/lib/whonix/bind-dirs.sh -fi - -if [ "${WHONIX}" == "gateway" ]; then - if grep "^DisableNetwork 0$" /etc/tor/torrc ;then - sudo service sdwdate restart - sudo service tor restart - else - sudo service sdwdate restart - sudo service tor stop - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "workstation" ]; then - sudo service sdwdate restart - if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then - # Set secure defaults. - sudo iptables -P INPUT DROP - sudo iptables -P FORWARD DROP - sudo iptables -P OUTPUT DROP - - # Flush old rules. - sudo iptables -F - sudo iptables -X - sudo iptables -t nat -F - sudo iptables -t nat -X - sudo iptables -t mangle -F - sudo iptables -t mangle -X - - # Display warning that netvm is not connected to a torvm - /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions deleted file mode 100755 index 8a3b4e7..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -# /etc/uwt.d/50_uwt_default relies on this in order to allow connection -# to proxy for template -PROXY_SERVER="http://10.137.255.254:8082/" -PROXY_META='' - -if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then - WHONIX="template" -elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then - WHONIX="gateway" -elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then - WHONIX="workstation" -else - WHONIX="unknown" -fi - -if [ "${WHONIX}" == "template" ]; then - curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && { - PROXY_SECURE=1 - } || { - PROXY_SECURE=0 - } -fi - -immutableFilesEnable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr +i "${file}${suffix}" - fi - done -} - -immutableFilesDisable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr -i "${file}${suffix}" - fi - done -} - -copyAnondist() { - file="${1}" - suffix="${2-.anondist}" - - # Remove any softlinks first - if [ -L "${file}" ]; then - sudo rm -f "${file}" - fi - - if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then - sudo chattr -i "${file}" - sudo rm -f "${file}" - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - elif ! [ -f "${file}" ]; then - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - fi -} - -# Will only enable / disable if service is not already in that state -enable_sysv() { - servicename=${1} - disable=${2-0} - - # Check to see if the service is already enabled and if not, enable it - string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}" - - if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then - case ${disable} in - 0) - echo "${1} is currently disabled; enabling it" - sudo systemctl --quiet enable ${servicename} - ;; - 1) - echo "${1} is currently enabled; disabling it" - sudo service ${servicename} stop - sudo systemctl --quiet disable ${servicename} - ;; - esac - fi -} - -disable_sysv() { - enable_sysv ${1} 1 -} - diff --git a/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list b/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list deleted file mode 120000 index d5dfb50..0000000 --- a/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/packages_wheezy.list \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix/00_prepare_pre.sh b/scripts_debian/wheezy+whonix/00_prepare_pre.sh deleted file mode 100755 index 9b21b60..0000000 --- a/scripts_debian/wheezy+whonix/00_prepare_pre.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -x -# vim: set ts=4 sw=4 sts=4 et : - -################################################################################ -# Allows a pre-built image to be used (if it exists) for installing -# Whonix. This option is useful only for debugging Whonix installations -# -# To use, first create a regualr wheezy template and manually copy the prepared -# image to debian-7-x64-prepard.img -# -# Example: -# cp ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64.img ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64-whonix-gateway-prepard.img -################################################################################ - -# ------------------------------------------------------------------------------ -# Return if SNAPSHOT is not "1" -# ------------------------------------------------------------------------------ -# This script is only used if SNAPSHOT is set -if [ ! "${SNAPSHOT}" == "1" ]; then - exit 0 -fi - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -INSTALLDIR="$(readlink -m mnt)" - -# ------------------------------------------------------------------------------ -# Use a snapshot of the debootstraped debian image to install Whonix (for DEBUGGING) -# ------------------------------------------------------------------------------ - -manage_snapshot() { - umount_kill "${INSTALLDIR}" || : - - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - # Remove old snapshots if whonix completed - if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - warn "Removing stale snapshots" - umount_kill "${INSTALLDIR}" || : - rm -rf "$debootstrap_snapshot" - rm -rf "$updated_snapshot" - return - fi - - warn "Copying $1 to ${IMG}" - mount -o loop "$1" "${INSTALLDIR}" || exit 1 - rm -f "${INSTALLDIR}/tmp/.prepared_groups" - umount_kill "${INSTALLDIR}" || : - cp -f "$1" "${IMG}" -} - -splitPath "${IMG}" path_parts -debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" -updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" - -if [ -f "$updated_snapshot" ]; then - manage_snapshot "$updated_snapshot" -elif [ -f "$debootstrap_snapshot" ]; then - manage_snapshot "$debootstrap_snapshot" -fi - diff --git a/scripts_debian/wheezy+whonix/01_install_core_post.sh b/scripts_debian/wheezy+whonix/01_install_core_post.sh deleted file mode 100755 index 9534618..0000000 --- a/scripts_debian/wheezy+whonix/01_install_core_post.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Return if SNAPSHOT is not "1" -# ------------------------------------------------------------------------------ -# This script is only used if SNAPSHOT is set -if [ ! "${SNAPSHOT}" == "1" ]; then - exit 0 -fi - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# Create a snapshot of the already debootstraped image -# ------------------------------------------------------------------------------ -splitPath "${IMG}" path_parts -PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" - -if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - umount_kill "${INSTALLDIR}" || : - warn "Copying ${IMG} to ${PREPARED_IMG}" - cp -f "${IMG}" "${PREPARED_IMG}" - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 -fi diff --git a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh b/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh deleted file mode 100755 index 0b22bf2..0000000 --- a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh +++ /dev/null @@ -1,310 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# XXX: Create a snapshot - Only for DEBUGGING! -# ------------------------------------------------------------------------------ -# Only execute if SNAPSHOT is set -if [ "${SNAPSHOT}" == "1" ]; then - splitPath "${IMG}" path_parts - PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" - - if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then - umount_kill "${INSTALLDIR}" || : - warn "Copying ${IMG} to ${PREPARED_IMG}" - cp -f "${IMG}" "${PREPARED_IMG}" - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done - fi -fi - -# ------------------------------------------------------------------------------ -# chroot Whonix build script -# ------------------------------------------------------------------------------ -read -r -d '' WHONIX_BUILD_SCRIPT <<'EOF' || true -################################################################################ -# Pre Fixups -sudo mkdir -p /boot/grub2 -sudo touch /boot/grub2/grub.cfg -sudo mkdir -p /boot/grub -sudo touch /boot/grub/grub.cfg -sudo mkdir --parents --mode=g+rw "/tmp/uwt" - -# Whonix seems to re-install sysvinit even though there is a hold -# on the package. Things seem to work anyway. BUT hopfully the -# hold on grub* don't get removed -sudo apt-mark hold sysvinit -sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common - -# Whonix expects haveged to be started -sudo /etc/init.d/haveged start - -# Whonix does not always fix permissions after writing as sudo, especially -# when running whonixsetup so /var/lib/whonix/done_once is not readable by -# user, so set defualt umask for sudo -#sudo su -c 'echo "Defaults umask = 0002" >> /etc/sudoers' -#sudo su -c 'echo "Defaults umask_override" >> /etc/sudoers' - -################################################################################ -# Whonix installation -export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1" - -pushd ~/Whonix -sudo ~/Whonix/whonix_build \ - --build $1 \ - --64bit-linux \ - --current-sources \ - --enable-whonix-apt-repository \ - --whonix-apt-repository-distribution $2 \ - --install-to-root \ - --skip-verifiable \ - --minimal-report \ - --skip-sanity-tests || { exit 1; } -popd -EOF - -# ------------------------------------------------------------------------------ -# Cleanup function -# ------------------------------------------------------------------------------ -function cleanup() { - error "Whonix error; umounting ${INSTALLDIR} to prevent further writes" - umount_kill "${INSTALLDIR}" || : - exit 1 -} -trap cleanup ERR -trap cleanup EXIT - -# ------------------------------------------------------------------------------ -# Mount devices, etc required for Whonix installation -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then - info "Preparing Whonix system" - - # -------------------------------------------------------------------------- - # Initialize Whonix submodules - # -------------------------------------------------------------------------- - pushd "${WHONIX_DIR}" - { - git add Makefile || true - git commit Makefile -m 'Added Makefile' || true - su $(logname) -c "git submodule update --init --recursive"; - } - popd - - # -------------------------------------------------------------------------- - # Fake grub installation since Whonix has depends on grub-pc - # -------------------------------------------------------------------------- - mkdir -p "${INSTALLDIR}/boot/grub" - cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub" - rm -f "${INSTALLDIR}/usr/sbin/update-grub" - chroot "${INSTALLDIR}" ln -s /bin/true /usr/sbin/update-grub - - # -------------------------------------------------------------------------- - # sed search and replace. return 0 if replace happened, otherwise 1 - # -------------------------------------------------------------------------- - search_replace() { - local search="$1" - local replace="$2" - local file="$3" - sed -i.bak '/'"$search"'/,${s//'"$replace"'/;b};$q1' "$file" - } - - # -------------------------------------------------------------------------- - # Whonix system config dependancies - # -------------------------------------------------------------------------- - - # Qubes needs a user named 'user' - debug "Whonix Add user" - chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \ - { - # UID needs match host user to have access to Whonix sources - chroot "${INSTALLDIR}" groupadd -f user - [ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID" - chroot "${INSTALLDIR}" useradd -g user $USER_OPTS -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user - if [ `chroot "${INSTALLDIR}" id -u user` != 1000 ]; then - chroot "${INSTALLDIR}" useradd -g user -u 1000 -M -s /bin/bash user-placeholder - fi - } - - # Install Whonix build scripts - echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh" - chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh" - - # ------------------------------------------------------------------------------ - # Copy over any extra files - # ------------------------------------------------------------------------------ - copyTree "files" - - touch "${INSTALLDIR}/tmp/.whonix_prepared" -fi - -# ------------------------------------------------------------------------------ -# Install Whonix -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then - info "Installing Whonix system" - - # -------------------------------------------------------------------------- - # Install Whonix code base - # -------------------------------------------------------------------------- - if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then - debug "Installing Whonix build environment..." - chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix' - fi - - if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then - debug "Building Whonix..." - mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix" - fi - - if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then - BUILD_TYPE="--torgateway" - elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then - BUILD_TYPE="--torworkstation" - else - error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" - error "You need to set TEMPLATE_FLAVOR environment variable to either" - error "whonix-gateway OR whonix-workstation" - exit 1 - fi - - chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; } - - touch "${INSTALLDIR}/tmp/.whonix_installed" -fi - -# ------------------------------------------------------------------------------ -# Whonix Post Installation Configurations -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - info "Post Configuring Whonix System" - - # Don't need Whonix interfaces; restore original - pushd "${INSTALLDIR}/etc/network" - { - rm -f interfaces; - ln -s interfaces.backup interfaces; - } - popd - - # Qubes installation will need a normal resolv.conf; will be restored back - # in 04_qubes_install_post.sh within the wheezy+whonix-* directories - pushd "${INSTALLDIR}/etc" - { - rm -f resolv.conf; - cp -p resolv.conf.backup resolv.conf; - } - popd - - # Remove link to hosts file and copy original back - # Will get set back to Whonix hosts file when the - # /usr/lib/whonix/setup-ip is run on startup - pushd "${INSTALLDIR}/etc" - { - rm -f hosts; - cp -p hosts.anondist-orig hosts; - } - popd - - - # Enable Tor - #if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then - # sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc" - #fi - - # Restore default user UID to have the same in all builds regardless of build host - if [ -n "`chroot "${INSTALLDIR}" id -u user-placeholder`" ]; then - chroot "${INSTALLDIR}" userdel user-placeholder - chroot "${INSTALLDIR}" usermod -u 1000 user - fi - - # Enable aliases in .bashrc - sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc" - sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc" - sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc" - - # Fake that initializer was already run - mkdir -p "${INSTALLDIR}/root/.whonix" - touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done" - - # Prevent whonixcheck error - echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default" - - # Use gdialog as an alternative for dialog - mv -f "${INSTALLDIR}/usr/bin/dialog" "${INSTALLDIR}/usr/bin/dialog.dist" - chroot "${INSTALLDIR}" update-alternatives --force --install /usr/bin/dialog dialog /usr/bin/gdialog 999 - - # Disable unwanted applications - chroot "${INSTALLDIR}" update-rc.d network-manager disable || : - chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || : - chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || : - chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || : - - chroot "${INSTALLDIR}" service apt-cacher-ng stop || : - chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || : - - # Tor will be re-enabled upon initial configuration - chroot "${INSTALLDIR}" update-rc.d tor disable || : - chroot "${INSTALLDIR}" update-rc.d sdwdate disable || : - - # Remove apt-cacher-ng - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng - - # Remove original sources.list - rm -f "${INSTALLDIR}/etc/apt/sources.list" - - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get.anondist-orig update - - touch "${INSTALLDIR}/tmp/.whonix_post" -fi - -# ------------------------------------------------------------------------------ -# Execute any template flavor or sub flavor scripts -# ------------------------------------------------------------------------------ -buildStep "99_custom_configuration.sh" - -# ------------------------------------------------------------------------------ -# Bring back original apt-get for installation of Qubues -# ------------------------------------------------------------------------------ -pushd "${INSTALLDIR}/usr/bin" -{ - rm -f apt-get; - cp -p apt-get.anondist-orig apt-get; -} -popd - -# ------------------------------------------------------------------------------ -# Make sure the temporary policy-rc.d to prevent apt from starting services -# on package installation is still active; Whonix may have reset it -# ------------------------------------------------------------------------------ -cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" </dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build" diff --git a/scripts_fedora/01_install_core.sh b/scripts_fedora/01_install_core.sh index 63e8a46..760d73c 100755 --- a/scripts_fedora/01_install_core.sh +++ b/scripts_fedora/01_install_core.sh @@ -1,16 +1,28 @@ -#!/bin/sh +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/distribution.sh" if ! [ -f "${INSTALLDIR}/tmp/.prepared_base" ]; then echo "-> Initializing RPM database..." - rpm --initdb --root=$INSTALLDIR - rpm --import --root=$INSTALLDIR $SCRIPTSDIR/keys/* + rpm --initdb --root="${INSTALLDIR}" + rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/keys/"* + + if [ "$DIST" == "fc21" ]; then + echo "-> Retreiving core RPM packages..." + INITIAL_PACKAGES="filesystem setup fedora-release" + + yum --disablerepo=\* --enablerepo=fedora -y --installroot="${INSTALLDIR}" --releasever=${DIST/fc/} install --downloadonly --downloaddir="${SCRIPTSDIR}/base_rpms_${DIST}" ${INITIAL_PACKAGES} + + verifyPackages "${SCRIPTSDIR}/base_rpms_${DIST}"/* || exit 1 + fi echo "-> Installing core RPM packages..." - rpm -i --root=$INSTALLDIR $SCRIPTSDIR/base_rpms/*.rpm || exit 1 + rpm -i --root="${INSTALLDIR}" "${SCRIPTSDIR}/base_rpms/"*.rpm || exit 1 touch "${INSTALLDIR}/tmp/.prepared_base" fi -cp $SCRIPTSDIR/resolv.conf $INSTALLDIR/etc -cp $SCRIPTSDIR/network $INSTALLDIR/etc/sysconfig -cp -a /dev/null /dev/zero /dev/random /dev/urandom $INSTALLDIR/dev/ +cp "${SCRIPTSDIR}/resolv.conf" "${INSTALLDIR}/etc" +cp "${SCRIPTSDIR}/network" "${INSTALLDIR}/etc/sysconfig" +cp -a /dev/null /dev/zero /dev/random /dev/urandom "${INSTALLDIR}/dev/" diff --git a/scripts_fedora/02_install_groups.sh b/scripts_fedora/02_install_groups.sh index 90e9914..0daa8f7 100755 --- a/scripts_fedora/02_install_groups.sh +++ b/scripts_fedora/02_install_groups.sh @@ -1,26 +1,27 @@ -#!/bin/sh -if [ -n "${TEMPLATE_FLAVOR}" ]; then - PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}_${TEMPLATE_FLAVOR}.list" - if ! [ -r "${PKGLISTFILE}" ]; then - echo "ERROR: ${PKGLISTFILE} does not exists!" - exit 1 - fi -elif [ -r "$SCRIPTSDIR/packages_${DIST}.list" ]; then - PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}.list" -else - PKGLISTFILE="$SCRIPTSDIR/packages.list" -fi +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : -echo "--> Preparing environment..." -mount -t proc proc mnt/proc +source "${SCRIPTSDIR}/distribution.sh" -export PKGGROUPS=$(cat $PKGLISTFILE) +# Create system mount points +prepareChroot -export YUM0=$PWD/yum_repo_qubes -yum clean all -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR -yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR $PKGGROUPS || RETCODE=1 -yum update -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR || RETCODE=1 +#### '---------------------------------------------------------------------- +info ' Trap ERR and EXIT signals and cleanup (umount)' +#### '---------------------------------------------------------------------- +trap cleanup ERR +trap cleanup EXIT -umount mnt/proc +#### '---------------------------------------------------------------------- +info " Installing extra packages in script_${DIST}/packages.list file" +#### '---------------------------------------------------------------------- +export YUM0=${PWD}/yum_repo_qubes +yum clean all -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} +installPackages +yum update -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} || exit 1 -exit $RETCODE +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +trap - ERR EXIT +trap diff --git a/scripts_fedora/04_install_qubes.sh b/scripts_fedora/04_install_qubes.sh index 2b033d6..fbb855f 100755 --- a/scripts_fedora/04_install_qubes.sh +++ b/scripts_fedora/04_install_qubes.sh @@ -1,4 +1,5 @@ #!/bin/sh + echo "--> Preparing environment..." mount -t proc proc $PWD/mnt/proc @@ -23,4 +24,8 @@ if [ "$TEMPLATE_FLAVOR" != "minimal" ]; then $SCRIPTSDIR/add_3rd_party_software.sh || RETCODE=1 fi +# Distribution specific steps +source ./functions.sh +buildStep "${0}" "${DIST}" + exit $RETCODE diff --git a/scripts_fedora/04_install_qubes_fc21.sh b/scripts_fedora/04_install_qubes_fc21.sh new file mode 100755 index 0000000..e17dbef --- /dev/null +++ b/scripts_fedora/04_install_qubes_fc21.sh @@ -0,0 +1,13 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +echo "--> Creating Xwrapper.config override..." +cat > "${INSTALLDIR}/etc/X11/Xwrapper.config" < Setting locale to utf8..." +cat > "${INSTALLDIR}/etc/locale.conf" < +# - Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991 +# +# sudo rpm --import linux_signing_key.pub +# +# You can verify the key installation by running: +# - rpm -qi gpg-pubkey-7fac5991-* +# +# To manually verify an RPM package, you can run the command: +# - rpm --checksig -v packagename.rpm +# +# RPMFusion +# ========= +# RPM Fusion free for Fedora 20 +# - pub 4096R/AE688223 2013-01-01 RPM Fusion free repository for Fedora (20) +# Key fingerprint = 0017 DDFE FD13 2929 9D55 B1D3 963A 8848 AE68 8223 +# +# RPM Fusion nonfree for Fedora 20 +# - pub 4096R/B5F29883 2013-01-01 RPM Fusion nonfree repository for Fedora (20) +# Key fingerprint = A84D CF58 46CB 10B6 5C47 6C35 63C0 DE8C B5F2 9883 +# +# RPM Fusion free for Fedora 21 +# - pub 4096R/6446D859 2013-06-28 RPM Fusion free repository for Fedora (21) +# Key fingerprint = E9AF 4932 31E2 DF6F FDFE 0852 3C83 7D0D 6446 D859 +# +# RPM Fusion nonfree for Fedora 21 +# - pub 4096R/A668B376 2013-06-28 RPM Fusion nonfree repository for Fedora (21) +# Key fingerprint = E160 058E F06F A4C3 C15D 0F86 0174 46D1 A668 B376 + +#### '---------------------------------------------------------------------- +info ' Copying 3rd party software to "tmp" directory to prepare for installation' +#### '---------------------------------------------------------------------- +cp -a "${SCRIPTSDIR}/3rd_party_software" "${INSTALLDIR}/tmp" + +#### '---------------------------------------------------------------------- +info ' Installing google-chrome repos' +#### '---------------------------------------------------------------------- +install -m 0644 "${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub" "${INSTALLDIR}/etc/pki/rpm-gpg/" +cat << EOF > "${INSTALLDIR}/etc/yum.repos.d/google-chrome.repo" +[google-chrome] +name=google-chrome - \$basearch +baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/google-linux_signing_key.pub +EOF + +#### '---------------------------------------------------------------------- +info ' Installing adobe repo' +#### '---------------------------------------------------------------------- +yumInstall /tmp/3rd_party_software/adobe-release-x86_64.noarch.rpm -rpm -i --root=$INSTALLDIR $SCRIPTSDIR/3rd_party_software/adobe-release-x86_64-*.noarch.rpm || exit 1 if [ "$TEMPLATE_FLAVOR" == "fullyloaded" ]; then - rpm --import --root=$INSTALLDIR mnt/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux - yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR flash-plugin || exit 1 + #### '------------------------------------------------------------------ + info ' Installing 3rd party software' + #### '------------------------------------------------------------------ + yumInstall google-chrome-stable + yumInstall flash-plugin else - yum-config-manager -c $PWD/yum.conf --installroot=$INSTALLDIR --disable adobe-linux-x86_64 > /dev/null + chroot yum-config-manager --disable google-chrome > /dev/null + chroot yum-config-manager --disable adobe-linux-x86_64 > /dev/null fi + +#### '---------------------------------------------------------------------- +info ' Installing rpmfusion repos' +#### '---------------------------------------------------------------------- +if [ ${VERSION} -ge 20 ]; then + # Install repos + yumInstall /tmp/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm + yumInstall /tmp/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm + + # Disable rpmfusion-free repos + chroot yum-config-manager --disable rpmfusion-free > /dev/null + chroot yum-config-manager --disable rpmfusion-free-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide-source > /dev/null + + # Disable rpmfusion-nonfree repos + chroot yum-config-manager --disable rpmfusion-nonfree > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide-source > /dev/null +fi + +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +rm -rf "${INSTALLDIR}/tmp/3rd_party_software" +trap - ERR EXIT +trap diff --git a/scripts_fedora/distribution.sh b/scripts_fedora/distribution.sh new file mode 100644 index 0000000..abc8cc2 --- /dev/null +++ b/scripts_fedora/distribution.sh @@ -0,0 +1,107 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source ./functions.sh >/dev/null +source ./umount_kill.sh >/dev/null + +setVerboseMode +output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}" + +# ============================================================================== +# Cleanup function +# ============================================================================== +function cleanup() { + errval=$? + trap - ERR EXIT + trap + error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}" + umount_kill "${INSTALLDIR}" || true + + # Return xtrace to original state + [[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x + + exit $errval +} + +# ============================================================================== +# Create system mount points +# ============================================================================== +function prepareChroot() { + info "--> Preparing environment..." + mount -t proc proc "${INSTALLDIR}/proc" +} + +# ============================================================================== +# Yum install package(s) +# ============================================================================== +function yumInstall() { + files="$@" + mount --bind /etc/resolv.conf ${INSTALLDIR}/etc/resolv.conf + if [ -e "${INSTALLDIR}/usr/bin/yum" ]; then + chroot yum install ${YUM_OPTS} -y ${files[@]} || exit 1 + else + yum install -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} ${files[@]} || exit 1 + fi + umount ${INSTALLDIR}/etc/resolv.conf +} + +# ============================================================================== +# Verify RPM packages +# ============================================================================== +function verifyPackages() { + for file in $@; do + result=$(rpm --root="${INSTALLDIR}" --checksig "${file}") || { + echo "Filename: ${file} failed verification. Exiting!" + exit 1 + } + result_status="${result##*:}" + echo "${result_status}" | grep -q 'PGP' && { + echo "Filename: ${file} contains an invalid PGP signature. Exiting!" + exit 1 + } + echo "${result_status}" | grep -q 'pgp' || { + echo "Filename: ${file} is not signed. Exiting!" + exit 1 + } + done + + return 0 +} + +# ============================================================================== +# Install extra packages in script_${DIST}/packages.list file +# -and / or- TEMPLATE_FLAVOR directories +# ============================================================================== +function installPackages() { + if [ -n "${1}" ]; then + # Locate packages within sub dirs + if [ ${#@} == "1" ]; then + getFileLocations packages_list "${1}" "" + else + packages_list="$@" + fi + else + # TODO: Add into template flavor handler the ability to + # detect flavors that will not append recursive values + # Only file 'minimal' package lists + if [ "$TEMPLATE_FLAVOR" == "minimal" ]; then + getFileLocations packages_list "packages.list" "${DIST}_minimal" + else + getFileLocations packages_list "packages.list" "${DIST}" + fi + if [ -z "${packages_list}" ]; then + error "Can not locate a package.list file!" + umount_all || true + exit 1 + fi + fi + + for package_list in ${packages_list[@]}; do + debug "Installing extra packages from: ${package_list}" + declare -a packages + readarray -t packages < "${package_list}" + + info "Packages: "${packages[@]}"" + yumInstall "${packages[@]}" || return $? + done +} diff --git a/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary b/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary new file mode 100644 index 0000000..e8f1868 --- /dev/null +++ b/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary @@ -0,0 +1,31 @@ +pub 4096R/95A43F54 2013-11-14 Fedora (21) + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQINBFKEQVoBEADOb9mKZZtTIVRMMejO9dco+dsv6L2ZvnlidMVaudoD7pN9hl35 +xUZFwQxzATy2iCoFY92WU1zIKxCg9fa0gS9jGGl9rOI/1uQm+i/KxkzJCKW0CYpA +QVNNYHewQa7JHuTYbaN+kWEBGG0RWJw6BN2NxR3zDkLT2tgcf0zBobeUMi6XwFg4 +jikJ/vi84MEX4Gky/OtVXuzk0fGnP7xYPYfBkfG5FbMj3UxbfAAn1Sr9PxIFdCxP +c06h9kkO+gJPD7Cis1pNg9HWpssIEHIk0ZaL0sssMSpSsgP0f44UpKVCq0+JDJmM +EEu2KfeV9r2dEiEude+Gg4U3rbUh2PTZpQKKwPyggQwk6nPHbrqrr9zBIH5iyYuU +vdTVO7YrDqYK5o3WhqKYG19oNbtCziNuC9x8RLFkerr0amQjy1dZsofGYSLjZ8Er +3PgtUMunH4Y7O6FbRljniqYoQl8GDMaxhptvrOY+NqRAQiRLzpT6BB3nZhO9iSk9 +Lvb9hwjMFsN5xh2wCxYV+XNjnMSO+LZisJimKhyMVhimcYK1P0sU49RcglmS2mhP +OGb14pH+B94lMve/kQu4unnhKhtkPA0mOyeH8BGl63vvEbJtMzpMqbHvzr60h8PA +H7EsAsYJZp4Xa+F1wBRBJ3xKaUTQ7r7mmpFsdgzlI2wjNgLbyEV4YSNVjwARAQAB +tCZGZWRvcmEgKDIxKSA8ZmVkb3JhQGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIA +IgUCUoRBWgIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQia1Oh5WkP1S+ +rQ//V5WOPjl0UjEgRYsjwm6LGZe8/P4muXdKX1OuRF+MLZxW1Pbr43zjvfY9tZlD +v4QpI5uECX5To9phrOXI8ghFpI4aQbRe2enk4dksgdhzdBW0JgM3JRf8F+tPLKEF +kB2/tGqi/irp+Hij/tiHwUZjx8qKGbF0r2bxAkSS5qkmalTs6PwcWwEN4a6sKPgw +iVGL2VRM46YoNDORwH7HYeODbJtyJyX3NvcluNKf/D3OZFaNYH+nUISlaPAbC5HJ +sVmZD9vm2E2ypErbZzrY3N8PRgHuIrDmO+LmksWteofpWZO84lyuvgYgXPy8Q3Ls ++p0zfE5zv8EbX4WG+l1SF7hVdPC7UEPUuHmlm81Fi69tSvwO+N4PrDU094VHT+UQ +rKmtSGDOfSx6FvrEqMakiEyBgKNwhsVJbi6/LXHMBImbSN3tOxSMBxGEi2cSn/KF +LRukmMoEw4PHZK+gPpwsP1cTfxezs/aH/PMBaPUgg1qCu9uNNFmEs3d5LLSee9RM +U+gwECX+D44vqJUAT7xM1A4yij3rPF2RegOmNhu5wg4zNSGKoVV8QsMOKrjIZHmG +pFVvYFP4OxLEwh6OYZj9qfaw445ryqfcxSNzZ3m+VSwHuZ049v7u8fndZ8TREVXx +hdjPHxjtaiJ1R0Zb4ZvycUcDLl2Xc1CRJAMVvFJcg1SNrGs= +=xtMc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts_fedora/packages_fc21.list b/scripts_fedora/packages_fc21.list new file mode 100644 index 0000000..7c6d30c --- /dev/null +++ b/scripts_fedora/packages_fc21.list @@ -0,0 +1,32 @@ +@^workstation-product-environment +@libreoffice +emacs +vim-enhanced +gnupg +xterm +firefox +thunderbird +keepassx +perl-File-MimeInfo +network-manager-applet +xfce4-terminal +exo +--exclude=kdegames +--exclude=firstboot +--exclude=xorg-x11-drv-nouveau +--exclude=firewall-config,firewalld* +--exclude=gnome-boxes +--exclude=qemu-img,qemu-common,qemu-system +--exclude=qemu-*,libvirt*,spice-glib,spice-gtk3,vinagre +git +createrepo +rpm-build +qubes-core-vm-kernel-placeholder +linux-firmware +ltrace +strace +haveged +mate-notification-daemon +sudo +xorg-x11-fonts-100dpi +xorg-x11-fonts-Type1 diff --git a/scripts_fedora/packages_fc21_default.list b/scripts_fedora/packages_fc21_default.list new file mode 120000 index 0000000..3527e47 --- /dev/null +++ b/scripts_fedora/packages_fc21_default.list @@ -0,0 +1 @@ +packages_fc21.list \ No newline at end of file diff --git a/scripts_fedora/packages_fc21_minimal.list b/scripts_fedora/packages_fc21_minimal.list new file mode 100644 index 0000000..d58aa47 --- /dev/null +++ b/scripts_fedora/packages_fc21_minimal.list @@ -0,0 +1,6 @@ +xterm +--exclude=kdegames +--exclude=firstboot +--exclude=xorg-x11-drv-nouveau +--exclude=firewall-config,firewalld +--exclude=gnome-boxes diff --git a/scripts_qubuntu/00_prepare.sh b/scripts_qubuntu/00_prepare.sh new file mode 120000 index 0000000..ffd45cb --- /dev/null +++ b/scripts_qubuntu/00_prepare.sh @@ -0,0 +1 @@ +../scripts_debian/00_prepare.sh \ No newline at end of file diff --git a/scripts_qubuntu/01_install_core.sh b/scripts_qubuntu/01_install_core.sh new file mode 120000 index 0000000..d0cfd21 --- /dev/null +++ b/scripts_qubuntu/01_install_core.sh @@ -0,0 +1 @@ +../scripts_debian/01_install_core.sh \ No newline at end of file diff --git a/scripts_qubuntu/02_install_groups.sh b/scripts_qubuntu/02_install_groups.sh new file mode 120000 index 0000000..e2fdd1f --- /dev/null +++ b/scripts_qubuntu/02_install_groups.sh @@ -0,0 +1 @@ +../scripts_debian/02_install_groups.sh \ No newline at end of file diff --git a/scripts_qubuntu/02_install_groups_post.sh b/scripts_qubuntu/02_install_groups_post.sh new file mode 100755 index 0000000..c860afd --- /dev/null +++ b/scripts_qubuntu/02_install_groups_post.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +#### '------------------------------------------------------------------------- +info ' Installing pulseaudio 5' +#### '------------------------------------------------------------------------- +chroot add-apt-repository -y ppa:ubuntu-audio-dev/pulse-testing +aptUpdate +aptInstall pulseaudio diff --git a/scripts_qubuntu/02_install_groups_trusty.sh b/scripts_qubuntu/02_install_groups_trusty.sh new file mode 100755 index 0000000..c4d3d93 --- /dev/null +++ b/scripts_qubuntu/02_install_groups_trusty.sh @@ -0,0 +1,34 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +#### '-------------------------------------------------------------------------- +info 'HACK: Copying utopic sources.list to install systemd' +#### '-------------------------------------------------------------------------- +cat > "${INSTALLDIR}/etc/apt/sources.list.d/systemd-utopic.list" < Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting" - for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}") + output "${red}Attempting to kill any processes still running in '${mount_point}' before un-mounting${reset}" + mounts="$(mountPoints "${mount_point}")" + for dir in ${mounts[@]} do - sudo lsof "$dir" 2> /dev/null | \ - grep "$dir" | \ + # Escape filename (convert spaces to '\ ', etc + dir="$(printf "${dir}")" + + # Skip if already in cache + [[ ${cache["${dir}"]+_} ]] && continue || cache["${dir}"]=1 + + # Kill of any processes within mountpoint + sudo lsof "${dir}" 2> /dev/null | \ + grep "${dir}" | \ tail -n +2 | \ awk '{print $2}' | \ xargs --no-run-if-empty sudo kill -9 - if ! [ "$2" ] && $(mountpoint -q "$dir"); then - info "un-mounting $dir" - sudo umount -n "$dir" 2> /dev/null || \ - sudo umount -n -l "$dir" 2> /dev/null || \ - error "umount $dir unsuccessful!" - elif ! [ "$2" ]; then - # Look for (deleted) mountpoints - info "not a regular mount point: $dir" - base=$(basename "$dir") - dir=$(dirname "$dir") - base=$(echo "$base" | sed 's/[\].*$//') - dir="$dir/$base" - sudo umount -v -f -n "$dir" 2> /dev/null || \ - sudo umount -v -f -n -l "$dir" 2> /dev/null || \ - error "umount $dir unsuccessful!" + # Umount + if ! [ "${kill_only}" ]; then + + # Mount point found in mtab + if $(sudo /usr/bin/mountpoint -q "${dir}"); then + info "umount ${dir}" + sudo umount -n "${dir}" 2> /dev/null || \ + sudo umount -n -l "${dir}" 2> /dev/null || \ + error "umount ${dir} unsuccessful!" + + # Umount entries not found within '/usr/bin/mountpoint' + else + # Look for (deleted) mountpoints + info "not a regular mount point: ${dir}" + base="$(basename "${dir}")" + dir="$(dirname "${dir}")" + base="$(echo "${base}" | sed 's/[\].*$//')" + dir="${dir}/${base}" + sudo umount -v -f -n "${dir}" 2> /dev/null || \ + sudo umount -v -f -n -l "${dir}" 2> /dev/null || \ + error "umount ${dir} unsuccessful!" + fi fi done + + # Return xtrace to original state + setXtrace "${xtrace}" } kill_processes_in_mount() { - umount_kill $1 "false" || : + umount_kill ${1} "false" || : } -if [ $(basename "$0") == "umount_kill.sh" -a "$1" ]; then - umount_kill "$1" +if [ $(basename "${0}") == "umount_kill.sh" -a "${1}" ]; then + umount_kill "${1}" fi