From 2b2b1f4616727be9cc66ac8e0fa9334296c318e0 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 09:49:15 -0500 Subject: [PATCH 01/18] Added yum_repo_qubes to gitignore --- .gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.gitignore b/.gitignore index 8216535..ac4c2b9 100644 --- a/.gitignore +++ b/.gitignore @@ -7,3 +7,4 @@ mnt_* *.fs *.img install-templates.sh +yum_repo_qubes/* From 6bc56dd7cd1c7194822ff99254f8dd8277d9807e Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 09:50:45 -0500 Subject: [PATCH 02/18] export DISTRIBUTION and TEMPLATE_NAME --- Makefile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/Makefile b/Makefile index 7bd1f3d..457e794 100644 --- a/Makefile +++ b/Makefile @@ -19,6 +19,9 @@ endif fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames) TEMPLATE_NAME := $(word 1,$(fix_up)) +export DISTRIBUTION +export TEMPLATE_NAME + VERSION := $(shell cat version) TIMESTAMP := $(shell date -u +%Y%m%d%H%M) From f1142db5356efdf5e5de2486a67a5359c0044ff0 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 09:52:42 -0500 Subject: [PATCH 03/18] Added qubuntu evn vars indentifiers to builder_setup --- builder_setup | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/builder_setup b/builder_setup index ba265b9..61d4354 100755 --- a/builder_setup +++ b/builder_setup @@ -15,6 +15,18 @@ case "$DIST" in DISTRIBUTION=debian VERSION=8 ;; + trusty) + DISTRIBUTION=qubuntu + VERSION=14.04 + ;; + utopic) + DISTRIBUTION=qubuntu + VERSION=14.10 + ;; + vivid) + DISTRIBUTION=qubuntu + VERSION=15.04 + ;; *) DISTRIBUTION="$DIST" VERSION= From 0f6cdceb618fcbc3ee4e9283984c636875972adb Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 09:54:40 -0500 Subject: [PATCH 04/18] If template_flavor only contains a '+'; send back $DIST --- functions-name.sh | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/functions-name.sh b/functions-name.sh index b2c3b0c..229a1c7 100644 --- a/functions-name.sh +++ b/functions-name.sh @@ -22,7 +22,12 @@ templateFlavorPrefix() { fi done - echo "${DIST}${template_flavor:++}" + # If template_flavor only contains a '+'; send back $DIST + if [ "${template_flavor}" == "+" ]; then + echo "${DIST}" + else + echo "${DIST}${template_flavor:++}" + fi } templateNameDist() { From b342a11c65eee54578992de732364b9b9d0cbf35 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:03:27 -0500 Subject: [PATCH 05/18] Various improvements to functions lib - Set xtrace verbose mode (-x or +x) - Added systemd-nspawn alternate to chroot - Fix message display of multiple paramaters - templateDir was missing quotes around element which could end up splittng a directory that contained spaces - added functionality to find template flavors within $SCRIPTSDIR and not have to be located within a sub-directory - Added a few more comments --- functions.sh | 93 +++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 82 insertions(+), 11 deletions(-) diff --git a/functions.sh b/functions.sh index 37b7d8b..3e2031a 100755 --- a/functions.sh +++ b/functions.sh @@ -11,6 +11,20 @@ DEBUG=${DEBUG:-0} ################################################################################ # Global functions ################################################################################ + # ------------------------------------------------------------------------------ +# Set xtrace verbose mode (-x or) +# ------------------------------------------------------------------------------ +XTRACE= +function setVerboseMode() { + # Cache xtrace current status so it can be restored on exit + [[ ${-/x} != $- ]] && XTRACE=0 || XTRACE=1 + + if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" -ge 2 ]; then + set -x + else + set +x + fi +} # ------------------------------------------------------------------------------ # Define colors @@ -69,12 +83,32 @@ if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then chroot() { local retval true ${blue} - /usr/sbin/chroot "$@" && { retval=$?; true; } || { retval=$?; true; } + if [ "${SYSTEMD_NSPAWN_ENABLE}" == "1" ]; then + systemd-nspawn $systemd_bind -D "${INSTALLDIR}" -M "${DIST}" "$@" && { retval=$?; true; } || { retval=$?; true; } + else + /usr/sbin/chroot "${INSTALLDIR}" "$@" && { retval=$?; true; } || { retval=$?; true; } + fi true ${reset} return $retval } fi +# ------------------------------------------------------------------------------ +# Return xtrace's current mode +# 0 is enables (-x); 1 is disables (+x) +# ------------------------------------------------------------------------------ +getXtrace() { + [[ ${-/x} != $- ]] && echo 0 || echo 1 +} + +# ------------------------------------------------------------------------------ +# Return xtrace to desired state +# 0 is enables (-x); 1 is disables (+x) +# ------------------------------------------------------------------------------ +setXtrace() { + [[ "${1}" -eq 0 ]] && set -x || set +x +} + # ------------------------------------------------------------------------------ # Display messages in color # ------------------------------------------------------------------------------ @@ -82,24 +116,30 @@ fi output() { if [ "${VERBOSE}" -ge 1 ]; then # Don't echo if -x is set since it will already be displayed via true - [[ ${-/x} != $- ]] || echo -e "${1}" + [[ ${-/x} != $- ]] || echo -e ""$@"" fi } +outputc() { + color=${1} + shift + output "${!color}"$@"${reset}" || : +} + info() { - output "${bold}${blue}INFO: ${1}${reset}" || : + output "${bold}${blue}INFO: "$@"${reset}" || : } debug() { - output "${bold}${green}DEBUG: ${1}${reset}" || : + output "${bold}${green}DEBUG: "$@"${reset}" || : } warn() { - output "${stout}${yellow}WARNING: ${1}${reset}" || : + output "${stout}${yellow}WARNING: "$@"${reset}" || : } error() { - output "${bold}${red}ERROR: ${1}${reset}" || : + output "${bold}${red}ERROR: "$@"${reset}" || : } # ------------------------------------------------------------------------------ @@ -166,17 +206,19 @@ templateDir() { do # (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome ) if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then - eval echo -e ${element#*:} + eval echo -e "${element#*:}" return # Very short name compare (+proxy) elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then - eval echo -e ${element#*:} + eval echo -e "${element#*:}" return fi done - if [ -n "${template_flavor}" ]; then - local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})" + local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})" + if [ -n "${template_flavor}" -a "${template_flavor}" == "+" ]; then + local dir="${SCRIPTSDIR}/${template_flavor_prefix}" + elif [ -n "${template_flavor}" ]; then local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}" else local dir="${SCRIPTSDIR}" @@ -223,6 +265,7 @@ buildStepExec() { # Cache $script GLOBAL_CACHE[$script]=1 + # Execute $script "${script}" fi @@ -266,11 +309,16 @@ callTemplateFunction() { local calling_arg="$2" local functionExec="$3" local template_flavor="${TEMPLATE_FLAVOR}" - + ${functionExec} "${calling_script}" \ "${calling_arg}" \ "${template_flavor}" + # Find a $DIST sub-directory + ${functionExec} "${calling_script}" \ + "${calling_arg}" \ + "+" + for option in ${TEMPLATE_OPTIONS[@]} do # Long name (wheezy+whonix-gateway+proxy) @@ -292,6 +340,17 @@ callTemplateFunction() { } # ------------------------------------------------------------------------------ +# Will return all files that match pattern of suffix +# Example: +# filename = packages.list +# suffix = ${DIST} (wheezy) +# +# Will look for a file name packages_wheezy.list in: +# the $SCRIPTSDIR; beside original +# the $SCRIPTSDIR/$DIST (wheezy) directory +# any included template module directories ($SCRIPTSDIR/gnome) +# +# All matches are returned and each will be able to be used # ------------------------------------------------------------------------------ getFileLocations() { local return_global_var=$1 @@ -311,6 +370,18 @@ getFileLocations() { # ------------------------------------------------------------------------------ # Executes any additional optional configuration steps if the configuration # scripts exist +# +# Will find all scripts with +# Example: +# filename = 04_install_qubes.sh +# suffix = post +# +# Will look for a file name 04_install_qubes_post in: +# the $SCRIPTSDIR; beside original +# the $SCRIPTSDIR/$DIST (wheezy) directory +# any included template module directories ($SCRIPTSDIR/gnome) +# +# All matches are executed # ------------------------------------------------------------------------------ buildStep() { local filename="$1" From 14762b89e743173960f45c09698ba7b986f96e14 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:04:56 -0500 Subject: [PATCH 06/18] Fixed a formatting glitch --- functions.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/functions.sh b/functions.sh index 3e2031a..bb713e7 100755 --- a/functions.sh +++ b/functions.sh @@ -11,7 +11,7 @@ DEBUG=${DEBUG:-0} ################################################################################ # Global functions ################################################################################ - # ------------------------------------------------------------------------------ +# ------------------------------------------------------------------------------ # Set xtrace verbose mode (-x or) # ------------------------------------------------------------------------------ XTRACE= From 60c1d075383667f8e3d7c568a9531f7b6558def7 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:07:44 -0500 Subject: [PATCH 07/18] Reformatted script --- prepare_image | 41 ++++++++++++++++++++++------------------- 1 file changed, 22 insertions(+), 19 deletions(-) diff --git a/prepare_image b/prepare_image index f5a3fef..d2b4549 100755 --- a/prepare_image +++ b/prepare_image @@ -3,7 +3,7 @@ # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -export IMG="$1" +export IMG="${1}" export LC_ALL=POSIX RETCODE=0 @@ -13,52 +13,55 @@ RETCODE=0 . ./builder_setup >/dev/null . ./umount_kill.sh >/dev/null -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e fi if ! [ $# -eq 1 ]; then - echo "usage $0 " + echo "usage ${0} " exit fi -if [ "$VERBOSE" == "1" ]; then - export YUM_OPTS="$YUM_OPTS -q" +if [ "${VERBOSE}" == "1" ]; then + export YUM_OPTS="${YUM_OPTS} -q" fi +# ------------------------------------------------------------------------------ +# Make sure INSTALLDIR exists +# ------------------------------------------------------------------------------ +export INSTALLDIR="$(readlink -m mnt)" +mkdir -p "${INSTALLDIR}" + # ------------------------------------------------------------------------------ # Prepare for mount # ------------------------------------------------------------------------------ -echo "-> Preparing instalation of $DIST template..." -export INSTALLDIR="$(readlink -m mnt)" -mkdir -p "$INSTALLDIR" -"$SCRIPTSDIR/00_prepare.sh" +echo "-> Preparing instalation of ${DIST} template..." +"${SCRIPTSDIR}/00_prepare.sh" # ------------------------------------------------------------------------------ # Mount image and install core OS # ------------------------------------------------------------------------------ - -if [ -f "$IMG" ]; then +if [ -f "${IMG}" ]; then echo "-> Image file already exists, assuming *update*..." else echo "-> Initializing empty image..." - truncate -s 10G "$IMG" || exit 1 + truncate -s 10G "${IMG}" || exit 1 echo "-> Creating filesystem..." - mkfs.ext4 -q -F "$IMG" || exit 1 + mkfs.ext4 -q -F "${IMG}" || exit 1 fi -mount -o loop "$IMG" "$INSTALLDIR" || exit 1 -trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT -"$SCRIPTSDIR/01_install_core.sh" +mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 +trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT +"${SCRIPTSDIR}/01_install_core.sh" # ------------------------------------------------------------------------------ # Install package groups # ------------------------------------------------------------------------------ echo "-> Installing package groups..." -"$SCRIPTSDIR/02_install_groups.sh" +"${SCRIPTSDIR}/02_install_groups.sh" # ------------------------------------------------------------------------------ # Cleanup @@ -66,6 +69,6 @@ echo "-> Installing package groups..." trap - EXIT echo "-> Unmounting prepared_image..." -umount_kill "$(readlink -m $INSTALLDIR)" || : +umount_kill "$(readlink -m ${INSTALLDIR})" || true -exit $RETCODE +exit ${RETCODE} From 00bf13005274c46f124b9c2a6ad64976ca96b694 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:09:04 -0500 Subject: [PATCH 08/18] Use cleanup function to trap errors --- qubeize_image | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/qubeize_image b/qubeize_image index 0333754..35e38eb 100755 --- a/qubeize_image +++ b/qubeize_image @@ -46,7 +46,11 @@ fi # Cleanup function # ------------------------------------------------------------------------------ function cleanup() { - umount_kill "$PWD/mnt" || : + errval=$? + trap - ERR + trap + umount_kill "$PWD/mnt" || true + exit $errval } trap cleanup ERR @@ -66,7 +70,7 @@ export INSTALLDIR=mnt # ------------------------------------------------------------------------------ # Run qubeize script # ------------------------------------------------------------------------------ -"$SCRIPTSDIR/04_install_qubes.sh" || { umount "$INSTALLDIR"; exit 1; } +"$SCRIPTSDIR/04_install_qubes.sh" # ------------------------------------------------------------------------------ # Create App Menus @@ -110,7 +114,7 @@ fi # Finsh - unmount image # ------------------------------------------------------------------------------ echo "--> Unmounting $IMG" -cleanup +umount_kill "$PWD/mnt" || true echo "Qubeized image stored at: $IMG" From d9282fceaf83f14c8db4fe66a0d38f528f2fda0a Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:10:52 -0500 Subject: [PATCH 09/18] Improve mount detection and better able to umount problem mounts Disable xtrace (-x) during execution since it was too verbose --- umount_kill.sh | 95 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 64 insertions(+), 31 deletions(-) diff --git a/umount_kill.sh b/umount_kill.sh index 57778c9..3742fd5 100755 --- a/umount_kill.sh +++ b/umount_kill.sh @@ -1,4 +1,5 @@ #!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : # # Written by Jason Mehring (nrgaway@gmail.com) @@ -9,7 +10,7 @@ # # To keep the actual mount mounted, add a '/' to end # -# $1: directory to umount +# ${1}: directory to umount # # Examples: # To kill all processes and mounts within 'chroot-jessie' but keep @@ -25,55 +26,87 @@ . ./functions.sh -# $1 = full path to mount; -# $2 = if set will not umount; only kill processes in mount -umount_kill() { - MOUNTDIR="$1" +mountPoint() { + local mount_point="${1}" # We need absolute paths here so we don't kill everything - if ! [[ "${MOUNTDIR}" = /* ]]; then - MOUNTDIR="${PWD}/${MOUNTDIR}" + if ! [[ "${mount_point}" = /* ]]; then + mount_point="$(readlink -m .)/${mount_point}" fi # Strip any extra trailing slashes ('/') from path if they exist # since we are doing an exact string match on the path - MOUNTDIR=$(echo "${MOUNTDIR}" | sed s#//*#/#g) + echo "$(echo "${mount_point}" | sed s#//*#/#g)" +} - # Sync the disk befoe un-mounting to be sure everything is written +mountPoints() { + local mount_point="$(mountPoint "${1}")" + echo "$(sudo grep "${mount_point}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${mount_point}")" +} + +# ${1} = full path to mountpoint; +# ${2} = if set will not umount; only kill processes in mount +umount_kill() { + # Turn off xtrace; but remember its current setting + local xtrace=$(getXtrace) && set +x + + local mount_point="$(mountPoint "${1}")" + local kill_only="${2}" + declare -A cache + + # Sync the disk before un-mounting to be sure everything is written sync - warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting" - for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}") + output "${red}Attempting to kill any processes still running in '${mount_point}' before un-mounting${reset}" + mounts="$(mountPoints "${mount_point}")" + for dir in ${mounts[@]} do - sudo lsof "$dir" 2> /dev/null | \ - grep "$dir" | \ + # Escape filename (convert spaces to '\ ', etc + dir="$(printf "${dir}")" + + # Skip if already in cache + [[ ${cache["${dir}"]+_} ]] && continue || cache["${dir}"]=1 + + # Kill of any processes within mountpoint + sudo lsof "${dir}" 2> /dev/null | \ + grep "${dir}" | \ tail -n +2 | \ awk '{print $2}' | \ xargs --no-run-if-empty sudo kill -9 - if ! [ "$2" ] && $(mountpoint -q "$dir"); then - info "un-mounting $dir" - sudo umount -n "$dir" 2> /dev/null || \ - sudo umount -n -l "$dir" 2> /dev/null || \ - error "umount $dir unsuccessful!" - elif ! [ "$2" ]; then - # Look for (deleted) mountpoints - info "not a regular mount point: $dir" - base=$(basename "$dir") - dir=$(dirname "$dir") - base=$(echo "$base" | sed 's/[\].*$//') - dir="$dir/$base" - sudo umount -v -f -n "$dir" 2> /dev/null || \ - sudo umount -v -f -n -l "$dir" 2> /dev/null || \ - error "umount $dir unsuccessful!" + # Umount + if ! [ "${kill_only}" ]; then + + # Mount point found in mtab + if $(sudo /usr/bin/mountpoint -q "${dir}"); then + info "umount ${dir}" + sudo umount -n "${dir}" 2> /dev/null || \ + sudo umount -n -l "${dir}" 2> /dev/null || \ + error "umount ${dir} unsuccessful!" + + # Umount entries not found within '/usr/bin/mountpoint' + else + # Look for (deleted) mountpoints + info "not a regular mount point: ${dir}" + base="$(basename "${dir}")" + dir="$(dirname "${dir}")" + base="$(echo "${base}" | sed 's/[\].*$//')" + dir="${dir}/${base}" + sudo umount -v -f -n "${dir}" 2> /dev/null || \ + sudo umount -v -f -n -l "${dir}" 2> /dev/null || \ + error "umount ${dir} unsuccessful!" + fi fi done + + # Return xtrace to original state + setXtrace "${xtrace}" } kill_processes_in_mount() { - umount_kill $1 "false" || : + umount_kill ${1} "false" || : } -if [ $(basename "$0") == "umount_kill.sh" -a "$1" ]; then - umount_kill "$1" +if [ $(basename "${0}") == "umount_kill.sh" -a "${1}" ]; then + umount_kill "${1}" fi From d6b87ecacb64f9f1189694abc32b71f886d3a2a5 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:12:53 -0500 Subject: [PATCH 10/18] New tests to work with updated functions.sh --- tests/template-flavors/test.sh | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/tests/template-flavors/test.sh b/tests/template-flavors/test.sh index b341ce1..60fad4b 100755 --- a/tests/template-flavors/test.sh +++ b/tests/template-flavors/test.sh @@ -93,7 +93,7 @@ header < Date: Tue, 10 Feb 2015 10:18:02 -0500 Subject: [PATCH 11/18] debian: Completely refactored Debian and Whonix - New refactor allow qubuntu to share most of Debian's codebase - Installation now more closely mimiks Debian's installation methods - Added a shared functions lib named distributions.sh - Any portions of Whonix that may need to be updatable have been moved to a new package named qubes-whonix which will be updatable via Debian package manager. qubes-whonix is also added as part of installation process --- appmenus_jessie/vm-whitelisted-appmenus.list | 4 +- appmenus_wheezy/vm-whitelisted-appmenus.list | 2 + scripts_debian/00_prepare.sh | 99 +++- scripts_debian/01_install_core.sh | 89 ++- scripts_debian/02_install_groups.sh | 237 ++------ scripts_debian/02_install_groups_jessie.sh | 36 ++ scripts_debian/02_install_groups_wheezy.sh | 89 +++ scripts_debian/04_install_qubes.sh | 183 ++---- scripts_debian/09_cleanup.sh | 38 +- scripts_debian/NOTES | 75 +++ scripts_debian/distribution.sh | 528 ++++++++++++++++++ .../02_install_groups_packages_installed.sh | 10 + .../02_install_groups_packages_installed.sh | 13 + scripts_debian/gnome/packages_jessie.list | 2 - scripts_debian/gnome/packages_wheezy.list | 2 - scripts_debian/packages_jessie.list | 26 +- scripts_debian/packages_qubes.list | 7 + scripts_debian/packages_wheezy.list | 26 +- scripts_debian/qubes-files/.facl | 70 --- scripts_debian/vars.sh | 34 +- .../wheezy+whonix-gateway/00_prepare_pre.sh | 1 - .../01_install_core_post.sh | 1 - .../02_install_groups_packages_installed.sh | 1 - .../02_install_groups_wheezy.sh | 246 ++++++++ .../04_install_qubes_post.sh | 41 +- .../wheezy+whonix-gateway/09_cleanup_post.sh | 41 +- .../99_custom_configuration.sh | 28 - .../wheezy+whonix-gateway/files/.facl | 233 +------- .../wheezy+whonix-gateway/files/etc/hosts | 7 - .../files/etc/uwt.d/50_uwt_default | 6 - .../xdg/autostart/qubes-whonixsetup.desktop | 8 - .../system/qubes-whonix-firewall.service | 12 - .../systemd/system/qubes-whonix-init.service | 13 - .../system/qubes-whonix-network.service | 15 - .../files/usr/lib/whonix/alert | 90 --- .../files/usr/lib/whonix/bind-dirs.sh | 58 -- .../usr/lib/whonix/enable-iptables-logging.sh | 30 - .../files/usr/lib/whonix/init/init.sh | 30 - .../lib/whonix/init/network-proxy-setup.sh | 57 -- .../lib/whonix/init/qubes-whonix-firewall.sh | 49 -- .../lib/whonix/init/qubes-whonix-tor.service | 16 - .../files/usr/lib/whonix/init/replace-ips | 118 ---- .../usr/lib/whonix/init/whonixcheck.service | 18 - .../files/usr/lib/whonix/messages.yaml | 9 - .../files/usr/lib/whonix/qubes-whonixsetup | 41 -- .../files/usr/lib/whonix/utility_functions | 94 ---- .../packages_wheezy.list | 1 - .../packages_whonix.list} | 10 +- scripts_debian/wheezy+whonix-workstation | 1 + .../00_prepare_pre.sh | 1 - .../01_install_core_post.sh | 1 - .../02_install_groups_packages_installed.sh | 1 - .../04_install_qubes_post.sh | 1 - .../09_cleanup_post.sh | 1 - .../99_custom_configuration.sh | 30 - .../wheezy+whonix-workstation/files/.facl | 224 -------- .../files/etc/hostname | 1 - .../wheezy+whonix-workstation/files/etc/hosts | 7 - .../files/etc/sudoers.d/whonix-build | 1 - .../files/etc/uwt.d/50_uwt_default | 6 - .../xdg/autostart/qubes-whonixsetup.desktop | 8 - .../system/qubes-whonix-firewall.service | 12 - .../systemd/system/qubes-whonix-init.service | 13 - .../system/qubes-whonix-network.service | 15 - .../files/usr/lib/whonix/alert | 90 --- .../files/usr/lib/whonix/bind-dirs.sh | 58 -- .../usr/lib/whonix/enable-iptables-logging.sh | 30 - .../files/usr/lib/whonix/init/init.sh | 30 - .../lib/whonix/init/network-proxy-setup.sh | 57 -- .../lib/whonix/init/qubes-whonix-firewall.sh | 49 -- .../files/usr/lib/whonix/init/replace-ips | 118 ---- .../files/usr/lib/whonix/messages.yaml | 9 - .../files/usr/lib/whonix/qubes-whonixsetup | 41 -- .../files/usr/lib/whonix/utility_functions | 94 ---- .../packages_wheezy.list | 1 - .../wheezy+whonix/00_prepare_pre.sh | 73 --- .../wheezy+whonix/01_install_core_post.sh | 38 -- .../02_install_groups_packages_installed.sh | 310 ---------- .../wheezy+whonix/04_install_qubes_post.sh | 59 -- .../wheezy+whonix/09_cleanup_post.sh | 18 - 80 files changed, 1409 insertions(+), 2833 deletions(-) create mode 100755 scripts_debian/02_install_groups_jessie.sh create mode 100755 scripts_debian/02_install_groups_wheezy.sh create mode 100644 scripts_debian/NOTES create mode 100644 scripts_debian/distribution.sh create mode 100755 scripts_debian/flash/02_install_groups_packages_installed.sh create mode 100755 scripts_debian/gnome/02_install_groups_packages_installed.sh delete mode 100644 scripts_debian/gnome/packages_jessie.list delete mode 100644 scripts_debian/gnome/packages_wheezy.list delete mode 100644 scripts_debian/qubes-files/.facl mode change 100755 => 100644 scripts_debian/vars.sh delete mode 120000 scripts_debian/wheezy+whonix-gateway/00_prepare_pre.sh delete mode 120000 scripts_debian/wheezy+whonix-gateway/01_install_core_post.sh delete mode 120000 scripts_debian/wheezy+whonix-gateway/02_install_groups_packages_installed.sh create mode 100755 scripts_debian/wheezy+whonix-gateway/02_install_groups_wheezy.sh mode change 120000 => 100755 scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh mode change 120000 => 100755 scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh delete mode 100755 scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/etc/hosts delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service delete mode 100644 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup delete mode 100755 scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions delete mode 120000 scripts_debian/wheezy+whonix-gateway/packages_wheezy.list rename scripts_debian/{wheezy+whonix/packages_wheezy.list => wheezy+whonix-gateway/packages_whonix.list} (87%) create mode 120000 scripts_debian/wheezy+whonix-workstation delete mode 120000 scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh delete mode 120000 scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh delete mode 120000 scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh delete mode 120000 scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh delete mode 120000 scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/.facl delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/etc/hostname delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/etc/hosts delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips delete mode 100644 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup delete mode 100755 scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions delete mode 120000 scripts_debian/wheezy+whonix-workstation/packages_wheezy.list delete mode 100755 scripts_debian/wheezy+whonix/00_prepare_pre.sh delete mode 100755 scripts_debian/wheezy+whonix/01_install_core_post.sh delete mode 100755 scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh delete mode 100755 scripts_debian/wheezy+whonix/04_install_qubes_post.sh delete mode 100755 scripts_debian/wheezy+whonix/09_cleanup_post.sh diff --git a/appmenus_jessie/vm-whitelisted-appmenus.list b/appmenus_jessie/vm-whitelisted-appmenus.list index 31d9cad..c6d575c 100644 --- a/appmenus_jessie/vm-whitelisted-appmenus.list +++ b/appmenus_jessie/vm-whitelisted-appmenus.list @@ -1,3 +1,5 @@ gnome-terminal.desktop -nautilus.desktop +org.gnome.Nautilus.desktop +iceweasel.desktop +icedove.desktop yelp.desktop diff --git a/appmenus_wheezy/vm-whitelisted-appmenus.list b/appmenus_wheezy/vm-whitelisted-appmenus.list index 31d9cad..d479755 100644 --- a/appmenus_wheezy/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy/vm-whitelisted-appmenus.list @@ -1,3 +1,5 @@ gnome-terminal.desktop +iceweasel.desktop +icedove.desktop nautilus.desktop yelp.desktop diff --git a/scripts_debian/00_prepare.sh b/scripts_debian/00_prepare.sh index 897bc0a..b12bb82 100755 --- a/scripts_debian/00_prepare.sh +++ b/scripts_debian/00_prepare.sh @@ -1,45 +1,82 @@ -#!/bin/bash -x +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ # Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi INSTALLDIR="$(readlink -m mnt)" -umount_kill "${INSTALLDIR}" || : -# ------------------------------------------------------------------------------ +# Make sure ${INSTALLDIR} is not mounted +umount_all "${INSTALLDIR}" || true + +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# ============================================================================== +buildStep "${0}" "pre" -# ------------------------------------------------------------------------------ -# Force overwrite of an existing image for now if debootstrap did not seem to complete... -# ------------------------------------------------------------------------------ -debug "Determine if ${IMG} should be reused or deleted..." -if [ -f "${IMG}" ]; then - # Assume a failed debootstrap installation if .prepare_debootstrap does not exist +# ============================================================================== +# Use a snapshot of the debootstraped debian image +# ============================================================================== +manage_snapshot() { + local snapshot="${1}" + + umount_kill "${INSTALLDIR}" || true mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - warn "Last build failed. Deleting ${IMG}" - rm -f "${IMG}" + + # Remove old snapshots if groups completed + if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then + outputc stout "Removing stale snapshots" + umount_kill "${INSTALLDIR}" || true + rm -rf "${debootstrap_snapshot}" + rm -rf "${packages_snapshot}" + return fi - # Umount image; don't fail if its already umounted - umount_kill "${INSTALLDIR}" || : + outputc stout "Replacing ${IMG} with snapshot ${snapshot}" + umount_kill "${INSTALLDIR}" || true + cp -f "${snapshot}" "${IMG}" +} + +# ============================================================================== +# Determine if a snapshot should be used, reuse an existing image or +# delete the existing image to start fresh based on configuration options +# +# SNAPSHOT=1 - Use snapshots; Will remove after successful build +# If debootstrap did not complete, the existing image will be deleted +# ============================================================================== +splitPath "${IMG}" path_parts +packages_snapshot="${path_parts[dir]}${path_parts[base]}-packages${path_parts[dotext]}" +debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" + +if [ -f "${IMG}" ]; then + if [ -f "${packages_snapshot}" -a "${SNAPSHOT}" == "1" ]; then + # Use 'packages' snapshot + manage_snapshot "${packages_snapshot}" + + elif [ -f "${debootstrap_snapshot}" -a "${SNAPSHOT}" == "1" ]; then + # Use 'debootstrap' snapshot + manage_snapshot "${debootstrap_snapshot}" + + else + # Use '$IMG' if debootstrap did not fail + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 + + # Assume a failed debootstrap installation if .prepared_debootstrap does not exist + if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then + debug "Reusing existing image ${IMG}" + else + outputc stout "Removing stale or incomplete ${IMG}" + umount_kill "${INSTALLDIR}" || true + rm -f "${IMG}" + fi + + # Umount image; don't fail if its already umounted + umount_kill "${INSTALLDIR}" || true + fi fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh index 0c99295..a6138ff 100755 --- a/scripts_debian/01_install_core.sh +++ b/scripts_debian/01_install_core.sh @@ -1,38 +1,71 @@ -#!/bin/sh +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ # Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +##### '------------------------------------------------------------------------- +debug ' Installing base system using debootstrap' +##### '------------------------------------------------------------------------- -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# ============================================================================== +buildStep "${0}" "pre" -# ------------------------------------------------------------------------------ -# Install base debian system -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - debug "Installing base ${DEBIANVERSION} system" - COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ - --components=main --keyring="${SCRIPTSDIR}/keys/${DEBIANVERSION}-debian-archive-keyring.gpg" \ - "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; } - chroot "${INSTALLDIR}" chmod 0666 "/dev/null" - touch "${INSTALLDIR}/tmp/.prepared_debootstrap" + +if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then + if [ "${LXC_ENABLE}" == "1" ]; then + #### "------------------------------------------------------------------ + info " $(templateName): LXC: Installing base '${DISTRIBUTION}-${DIST}' system" + #### "------------------------------------------------------------------ + lxc-create -P "${LXC_DIR}" --dir="${INSTALLDIR}" -t download -n "${DIST}" -- \ + --dist "${DISTRIBUTION}" --release "${DIST}" --arch amd64 + + else + #### "------------------------------------------------------------------ + info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system" + #### "------------------------------------------------------------------ + COMPONENTS="" debootstrap \ + --arch=amd64 \ + --include="ncurses-term locales tasksel" \ + --components=main \ + --keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \ + "${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { + error "Debootstrap failed!"; + exit 1; + } + fi + + #### '---------------------------------------------------------------------- + info ' Configure keyboard' + #### '---------------------------------------------------------------------- + configureKeyboard + + #### '---------------------------------------------------------------------- + info ' Update locales' + #### '---------------------------------------------------------------------- + updateLocale + + #### '---------------------------------------------------------------------- + info 'Link mtab' + #### '---------------------------------------------------------------------- + chroot rm -f /etc/mtab + chroot ln -s /proc/self/mounts /etc/mtab + + # TMPDIR is set in vars. /tmp should not be used since it will be cleared + # if building template with LXC contaniners on a reboot + mkdir -p "${INSTALLDIR}/${TMPDIR}" + + # Mark section as complete + touch "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" + + # If SNAPSHOT=1, Create a snapshot of the already debootstraped image + createSnapshot "debootstrap" fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh index 7c1d4ca..3dc12e2 100755 --- a/scripts_debian/02_install_groups.sh +++ b/scripts_debian/02_install_groups.sh @@ -1,201 +1,84 @@ -#!/bin/sh +#!/bin/bash -e # vim: set ts=4 sw=4 sts=4 et : -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +##### "========================================================================= +debug " Configuring and Installing packages for ${DIST}" +##### "========================================================================= -# ------------------------------------------------------------------------------ # If .prepared_debootstrap has not been completed, don't continue -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then - error "prepared_debootstrap installataion has not completed!... Exiting" - umount_kill "${INSTALLDIR}" || : - exit 1 -fi +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" "prepared_debootstrap installataion has not completed!... Exiting" -# ------------------------------------------------------------------------------ -# Mount system mount points -# ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done -mount -t tmpfs none "${INSTALLDIR}/run" +# Create system mount points +prepareChroot -# ------------------------------------------------------------------------------ +# Make sure there is a resolv.conf with network of this AppVM for building +createResolvConf + +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# ============================================================================== +buildStep "${0}" "pre" -if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then - # ------------------------------------------------------------------------------ - # Cleanup function - # ------------------------------------------------------------------------------ - function cleanup() { - error "Install groups error and umount" - rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" - umount_kill "${INSTALLDIR}" || : - exit 1 - } +# ============================================================================== +# Configure base system and install any adddtional packages which could +# include +TEMPLATE_FLAVOR such as gnome as set in configuration file +# ============================================================================== +if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then + #### '---------------------------------------------------------------------- + info ' Trap ERR and EXIT signals and cleanup (umount)' + #### '---------------------------------------------------------------------- trap cleanup ERR trap cleanup EXIT - # ------------------------------------------------------------------------------ - # Set up a temporary policy-rc.d to prevent apt from starting services - # on package installation - # ------------------------------------------------------------------------------ - cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <> "${INSTALLDIR}/etc/pam.d/common-session" - - # ------------------------------------------------------------------------------ - # Add debian security repository - # ------------------------------------------------------------------------------ - debug "Adding debian-security repository." - source="deb http://security.debian.org ${DEBIANVERSION}/updates main" - if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then - touch "${INSTALLDIR}/etc/apt/sources.list" - echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" - fi - source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" - if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then - touch "${INSTALLDIR}/etc/apt/sources.list" - echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + #### '---------------------------------------------------------------------- + info 'Install standard Debian packages' + #### '---------------------------------------------------------------------- + if ! [ -f "${INSTALLDIR}/${TMPDIR}/.debian_packages" ]; then + packages="$(chroot tasksel --new-install --task-packages standard)" + aptInstall ${packages} + touch "${INSTALLDIR}/${TMPDIR}/.debian_packages" fi - # ------------------------------------------------------------------------------ - # Upgrade system - # ------------------------------------------------------------------------------ - debug "Upgrading system" - chroot "${INSTALLDIR}" apt-get update - true "${stout}" - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} dist-upgrade + #### '---------------------------------------------------------------------- + info ' Distribution specific steps (install systemd, add sources, etc)' + #### '---------------------------------------------------------------------- + buildStep "$0" "${DIST}" - # ------------------------------------------------------------------------------ - # Configure keyboard - # ------------------------------------------------------------------------------ - debug "Setting keyboard layout" - chroot "${INSTALLDIR}" debconf-set-selections < "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <> "${INSTALLDIR}/etc/apt/sources.list" - fi - chroot ${INSTALLDIR} apt-get update - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers - fi - - # ------------------------------------------------------------------------------ - # Cleanup - # ------------------------------------------------------------------------------ - # Remove temporary policy layer so services can start normally in the - # deployed template. - rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" - touch "${INSTALLDIR}/tmp/.prepared_groups" + #### '---------------------------------------------------------------------- + info ' Cleanup' + #### '---------------------------------------------------------------------- + touch "${INSTALLDIR}/${TMPDIR}/.prepared_groups" trap - ERR EXIT trap - - # Kill all processes and umount all mounts within ${INSTALLDIR}, - # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being - # umounted itself) - umount_kill "${INSTALLDIR}/" || : fi -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'post' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "post" +# ============================================================================== +buildStep "${0}" "post" + +# ============================================================================== +# Kill all processes and umount all mounts within ${INSTALLDIR}, but not +# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted) +# ============================================================================== +umount_all "${INSTALLDIR}/" || true diff --git a/scripts_debian/02_install_groups_jessie.sh b/scripts_debian/02_install_groups_jessie.sh new file mode 100755 index 0000000..51a82b5 --- /dev/null +++ b/scripts_debian/02_install_groups_jessie.sh @@ -0,0 +1,36 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### "========================================================================= +debug " Installing custom packages and customizing ${DIST}" +##### "========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Adding contrib, non-free and Debian security to repository.' +#### '-------------------------------------------------------------------------- +updateDebianSourceList +aptUpdate + +##### '========================================================================= +debug ' Replacing sysvinit with systemd' +##### '========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Remove sysvinit' +#### '-------------------------------------------------------------------------- +aptRemove sysvinit + +#### '-------------------------------------------------------------------------- +info ' Install Systemd' +#### '-------------------------------------------------------------------------- +aptUpdate +aptInstall systemd-sysv + +#### '-------------------------------------------------------------------------- +info ' Set multu-user.target as the default target (runlevel 3)' +#### '-------------------------------------------------------------------------- +chroot rm -f /etc/systemd/system/default.target +chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target diff --git a/scripts_debian/02_install_groups_wheezy.sh b/scripts_debian/02_install_groups_wheezy.sh new file mode 100755 index 0000000..541b9a9 --- /dev/null +++ b/scripts_debian/02_install_groups_wheezy.sh @@ -0,0 +1,89 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### "========================================================================= +debug " Installing custom packages and customizing ${DIST}" +##### "========================================================================= + +#### '-------------------------------------------------------------------------- +info ' Adding contrib, non-free and Debian security to repository.' +#### '-------------------------------------------------------------------------- +updateDebianSourceList + +#### '---------------------------------------------------------------------- +info ' Adding wheezy backports repository.' +#### '---------------------------------------------------------------------- +source="deb ${DEBIAN_MIRROR} wheezy-backports main" +if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" +fi +aptUpdate + +##### '========================================================================= +debug ' Replace sysvinit with systemd' +##### '========================================================================= + +#### '---------------------------------------------------------------------- +info ' Remove sysvinit' +#### '---------------------------------------------------------------------- +echo 'Yes, do as I say!' | aptRemove sysvinit + +#### '---------------------------------------------------------------------- +info ' Preventing sysvinit re-installation' +#### '---------------------------------------------------------------------- +chroot apt-mark hold sysvinit + +#### '---------------------------------------------------------------------- +info ' Pin sysvinit to prevent being re-installed' +#### '---------------------------------------------------------------------- +cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" </dev/null +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi +##### '------------------------------------------------------------------------- +debug ' Installing Qubes packages' +##### '------------------------------------------------------------------------- -# ------------------------------------------------------------------------------ -# If .prepared_groups has not been completed, don't continue -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then - error "prepared_groups installataion has not completed!... Exiting" - exit 1 -fi +# If .prepared_debootstrap has not been completed, don't continue +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_groups" "prepared_groups installataion has not completed!... Exiting" -# ------------------------------------------------------------------------------ -# Mount system mount points -# ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done -mount -t tmpfs none "${INSTALLDIR}/run" +# Create system mount points +prepareChroot -# ------------------------------------------------------------------------------ +# ============================================================================== # Execute any template flavor or sub flavor 'pre' scripts -# ------------------------------------------------------------------------------ -buildStep "$0" "pre" +# ============================================================================== +buildStep "${0}" "pre" -# ------------------------------------------------------------------------------ -# Install Qubes Packages -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then - debug "Installing qbues modules" +if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" ]; then + #### '---------------------------------------------------------------------- + info ' Trap ERR and EXIT signals and cleanup (umount)' + #### '---------------------------------------------------------------------- + trap cleanup ERR + trap cleanup EXIT - # -------------------------------------------------------------------------- - # Set up a temporary policy-rc.d to prevent apt from starting services - # on package installation - # -------------------------------------------------------------------------- - cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <> "${INSTALLDIR}/etc/locale.gen" - chroot "${INSTALLDIR}" locale-gen - chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8 + #### '---------------------------------------------------------------------- + info ' Re-update locales' + # Locales get reset during package installation sometimes + #### '---------------------------------------------------------------------- + updateLocale - # -------------------------------------------------------------------------- - # Link mtab - # -------------------------------------------------------------------------- - rm -f "${INSTALLDIR}/etc/mtab" - ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab" - - # -------------------------------------------------------------------------- - # Start of Qubes package installation - # -------------------------------------------------------------------------- - debug "Installing qubes packages" - export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}" - - # -------------------------------------------------------------------------- - # Install keyrings - # -------------------------------------------------------------------------- - if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then - mkdir -p "${CACHEDIR}" - gpg --gen-key --batch < "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" </dev/null +source ./umount_kill.sh >/dev/null + +setVerboseMode +output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}" + +# ============================================================================== +# Cleanup function +# ============================================================================== +function cleanup() { + errval=$? + trap - ERR EXIT + trap + error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}" + umount_all || true + + # Return xtrace to original state + [[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x + + exit $errval +} + +# ============================================================================== +# If .prepared_debootstrap has not been completed, don't continue +# ============================================================================== +function exitOnNoFile() { + file="${1}" + message="${2}" + + if ! [ -f "${file}" ]; then + error "${message}" + umount_all || true + exit 1 + fi +} + +# ============================================================================== +# Umount everthing within INSTALLDIR or $1 but kill all processes within first +# ============================================================================== +function umount_all() { + directory="${1:-"${INSTALLDIR}"}" + + # Only remove dirvert policies, etc if base INSTALLDIR mount is being umounted + if [ "${directory}" == "${INSTALLDIR}" -o "${directory}" == "${INSTALLDIR}/" ]; then + if [ -n "$(mountPoints)" ]; then + removeDbusUuid + removeDivertPolicy + fi + fi + + if [ "${directory}" == "${INSTALLDIR}" -a "${LXC_ENABLE}" == "1" ]; then + lxcStop + fi + + umount_kill "${directory}" || true +} + +# ============================================================================== +# Create snapshot +# ============================================================================== +function createSnapshot() { + snapshot_name="${1}" + + if [ "${SNAPSHOT}" == "1" ]; then + splitPath "${IMG}" path_parts + snapshot_path="${path_parts[dir]}${path_parts[base]}-${snapshot_name}${path_parts[dotext]}" + + # create snapshot + info "Creating snapshot of ${IMG} to ${snapshot_path}" + sync + cp -f "${IMG}" "${snapshot_path}" + fi +} + +# ============================================================================== +# Create DBUS uuid +# ============================================================================== +function createDbusUuid() { + outputc green "Creating DBUS uuid..." + removeDbusUuid + if [ -e "${INSTALLDIR}/bin/dbus-uuidgen" ]; then + chroot dbus-uuidgen --ensure 1>/dev/null 2>&1 + fi +} + +# ============================================================================== +# Remove DBUS uuid +# ============================================================================== +function removeDbusUuid() { + if [ -e "${INSTALLDIR}"/var/lib/dbus/machine-id ]; then + outputc red "Removing generated machine uuid..." + rm -f "${INSTALLDIR}/var/lib/dbus/machine-id" + fi +} + +# ============================================================================== +# Set up a temporary dpkg-divert policy to prevent apt from starting services +# on package installation +# ============================================================================== +function addDivertPolicy() { + outputc green "Deactivating initctl..." + chroot dpkg-divert --local --rename --add /sbin/initctl || true + + # Only move if its a regualr file; not soft link + #if [ -f "${INSTALLDIR}/sbin/initctl" ]; then + # mv "${INSTALLDIR}"/sbin/initctl "${INSTALLDIR}"/sbin/initctl.dist + #else + # rm -f "${INSTALLDIR}"/sbin/initctl || true + #fi + #chroot ln -fs /bin/true /sbin/initctl + + # utopic systemd install still broken... + outputc green "Hacking invoke-rc.d to ignore missing init scripts..." + chroot sed -i -e "s/exit 100/exit 0 #exit 100/" /usr/sbin/invoke-rc.d +} + +# ============================================================================== +# Remove temporary dpkg-divert policy +# ============================================================================== +function removeDivertPolicy() { + outputc red "Reactivating initctl..." + + #if [ -f "${INSTALLDIR}/sbin/initctl.dist" ]; then + # rm -f "${INSTALLDIR}"/sbin/initctl || true + # mv "${INSTALLDIR}"/sbin/initctl.dist "${INSTALLDIR}"/sbin/initctl + #fi + + chroot dpkg-divert --local --rename --remove /sbin/initctl || true + + outputc red "Restoring invoke-rc.d..." + chroot sed -i -e "s/exit 0 #exit 100/exit 100/" /usr/sbin/invoke-rc.d +} + +# ============================================================================== +# Create system mount points +# ============================================================================== +function prepareChroot() { + # Make sure nothing is mounted within $INSTALLDIR + umount_kill "${INSTALLDIR}/" + + #mkdir -p "${INSTALLDIR}/lib/modules" + #mount --bind /lib/modules "${INSTALLDIR}/lib/modules" + + if [ "${LXC_ENABLE}" == "1" ]; then + # Shutdown lxc container if its running + chroot echo && lxcStop || true + + # Start lxc container + lxcStart + sleep 3 + debug "lxc root: /proc/$(lxc-info -P "${LXC_DIR}" -n ${DIST} -p -H)/root" + else + mount -t tmpfs none "${INSTALLDIR}/run" + if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then + #mount --bind /dev "${INSTALLDIR}/dev" + ###mount --bind /dev/pts "${INSTALLDIR}/dev/pts" + mount -t proc proc "${INSTALLDIR}/proc" + mount -t sysfs sys "${INSTALLDIR}/sys" + fi + createDbusUuid + addDivertPolicy + fi + + # Does lxc need this; moving away for now + ###createDbusUuid +} + +# ============================================================================== +# apt-get upgrade +# ============================================================================== +function aptUpgrade() { + aptUpdate + #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + # chroot apt-get ${APT_GET_OPTIONS} upgrade + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes +} + +# ============================================================================== +# apt-get dist-upgrade +# ============================================================================== +function aptDistUpgrade() { + aptUpdate + #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + # chroot apt-get ${APT_GET_OPTIONS} dist-upgrade + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes +} + +# ============================================================================== +# apt-get update +# ============================================================================== +function aptUpdate() { + debug "Updating system" + #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get update +} + +# ============================================================================== +# apt-get remove +# ============================================================================== +function aptRemove() { + files="$@" + #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get ${APT_GET_OPTIONS} remove ${files[@]} +} + +# ============================================================================== +# apt-get install +# ============================================================================== +function aptInstall() { + files="$@" + #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ + chroot apt-get ${APT_GET_OPTIONS} install ${files[@]} +} + +# ============================================================================== +# Install extra packages in script_${DIST}/packages.list file +# -and / or- TEMPLATE_FLAVOR directories +# ============================================================================== +function installPackages() { + if [ -n "${1}" ]; then + # Locate packages within sub dirs + if [ ${#@} == "1" ]; then + getFileLocations packages_list "${1}" "" + else + packages_list="$@" + fi + else + getFileLocations packages_list "packages.list" "${DIST}" + if [ -z "${packages_list}" ]; then + error "Can not locate a package.list file!" + umount_all || true + exit 1 + fi + fi + + for package_list in ${packages_list[@]}; do + debug "Installing extra packages from: ${package_list}" + declare -a packages + readarray -t packages < "${package_list}" + + info "Packages: "${packages[@]}"" + aptInstall "${packages[@]}" || return $? + done +} + +# ============================================================================== +# Install Systemd +# ============================================================================== +function installSystemd() { + buildStep "$0" "pre-systemd" + chroot apt-get update + + aptInstall systemd + createDbusUuid + + # Set multi-user.target as default target + chroot rm -f /etc/systemd/system/default.target + chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target + + # XXX: TEMP lets see how stuff work with upstart in control for now + # Boot using systemd + chroot rm -f /sbin/init + chroot ln -sf /lib/systemd/systemd /sbin/init + + if [ "${LXC_ENABLE}" == "1" ]; then + # XXX: Patch resolvconf (may only be trusy specific; if so move into buildStep + sed -i 's/RUN_CANONICALDIR/RUN_DIR/g' "${INSTALLDIR}/sbin/resolvconf" + + # Enable resolvconf + chroot systemctl enable resolvconf + + # XXX: Do I really need to restart it? + # Restart lxc container + lxcRestart + fi + + buildStep "$0" "post-systemd" +} + +# ============================================================================== +# Destroy LXC container +# ============================================================================== +function lxcDestroy() { + if [ "${LXC_ENABLE}" == "1" ]; then + warn "Destroying LXC container..." + lxc-destroy -P "${LXC_DIR}" -n "${DIST}" || true + mkdir -p "${INSTALLDIR}" + fi +} + +# ============================================================================== +# Restart LXC container and wait for network +# ============================================================================== +function lxcRestart() { + lxcStop + lxcStart + prepareChroot +} + +# ============================================================================== +# Start LXC container and wait for network +# ============================================================================== +function lxcStart() { + LXC_IF=eth0 + + info "Launching lxc-wait in background..." + lxc-wait -P "${LXC_DIR}" -n "${DIST}" -s RUNNING & + lxc_wait_pid=$! + + info "Starting LXC container..." + lxc-start -d -P "${LXC_DIR}" -n "${DIST}" + + info "Waiting for LXC container RUNNING state..." + wait ${lxc_wait_pid} + sleep 1 + + info "Waiting for LXC container network ${LXC_IF} up state..." + lxc-attach -P "${LXC_DIR}" -n "${DIST}" -- \ + su -c "while ! ip a | sed -rn '/: '"${LXC_IF}"':.*state UP/{N;N;s/.*inet (\S*).*/\1/p}' | grep -q '.'; do printf '.'; sleep 1; done; echo ''" || sleep 3 + + info "Network state is active." + + # Re-map install directory to lxc container + ###ORIG_INSTALLDIR="${INSTALLDIR}" + ###INSTALLDIR="/proc/$(lxc-info -P "${LXC_DIR}" -n ${DIST} -p -H)/root" +} + +# ============================================================================== +# Start LXC container and wait for network +# ============================================================================== +function lxcStop() { + # XXX - Should not umount here in case of restart + # umount anything in the lxc container (using _kill, not _all) + umount_kill "${INSTALLDIR}/" + + # XXX: Is this needed + #rm -rf "${INSTALLDIR}/run/*" | true + + # Re-set install directory to original location + ###INSTALLDIR="${ORIG_INSTALLDIR-"${INSTALLDIR}"}" + + info "Launching lxc-wait in background..." + lxc-wait -P "${LXC_DIR}" -n "${DIST}" -s STOPPED & + lxc_wait_pid=$! + + info "Stopping LXC container..." + sync + lxc-stop --kill -P "${LXC_DIR}" -n "${DIST}" || true + + info "Waiting for LXC container STOPPED state..." + wait ${lxc_wait_pid} + sleep 1 + + info "LXC container stopped." +} + + +# ============================================================================== +# ------------------------------------------------------------------------------ +# C O N F I G U R A T I O N R E L A T E D +# ------------------------------------------------------------------------------ +# ============================================================================== + +# ============================================================================== +# Add universe to sources.list +# ============================================================================== +function updateDebianSourceList() { + # Add contrib and non-free component to repository + touch "${INSTALLDIR}/etc/apt/sources.list" + sed -i "s/${DIST} main$/${DIST} main contrib non-free/g" "${INSTALLDIR}/etc/apt/sources.list" + + # Add Debian security repositories + source="deb http://security.debian.org ${DEBIANVERSION}/updates main" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi +} + +# ============================================================================== +# Add universe to sources.list +# ============================================================================== +function updateQubuntuSourceList() { + sed -i "s/${DIST} main$/${DIST} main universe multiverse restricted/g" "${INSTALLDIR}/etc/apt/sources.list" + source="deb http://archive.canonical.com/ubuntu ${DIST} partner" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + source="deb-src http://archive.canonical.com/ubuntu ${DIST} partner" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" + fi + chroot apt-get update +} + +# ============================================================================== +# Make sure there is a resolv.conf with network of this AppVM for building +# ============================================================================== +function createResolvConf() { + if [ "${LXC_ENABLE}" != "1" ]; then + rm -f "${INSTALLDIR}/etc/resolv.conf" + cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" + fi +} + +# ============================================================================== +# Ensure umask set in /etc/login.defs is used (022) +# ============================================================================== +function configureUmask() { + echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session" +} + +# ============================================================================== +# Configure keyboard +# ============================================================================== +function configureKeyboard() { + debug "Setting keyboard layout" + cat > "${INSTALLDIR}/tmp/keyboard.conf" <<'EOF' +keyboard-configuration keyboard-configuration/variant select English (US) +keyboard-configuration keyboard-configuration/layout select English (US) +keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC +keyboard-configuration keyboard-configuration/modelcode string pc105 +keyboard-configuration keyboard-configuration/layoutcode string us +keyboard-configuration keyboard-configuration/variantcode string +keyboard-configuration keyboard-configuration/optionscode string +EOF + chroot debconf-set-selections /tmp/keyboard.conf +} + +# ============================================================================== +# Update locale +# ============================================================================== +function updateLocale() { + debug "Updating locales" + + #echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen" + #chroot "${INSTALLDIR}" locale-gen + #chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8 + + chroot localedef -f UTF-8 -i en_US -c en_US.UTF-8 + chroot update-locale LC_ALL=en_US.UTF-8 +} + + +# ============================================================================== +# ------------------------------------------------------------------------------ +# Q U B E S S P E C I F I C F U N C T I O N S +# ------------------------------------------------------------------------------ +# ============================================================================== + + +# ============================================================================== +# Install Keyrings +# ============================================================================== +function installKeyrings() { + if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then + mkdir -p "${CACHEDIR}" + gpg --gen-key --batch < "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" </dev/null 2>&1 || \ + { + # UID needs match host user to have access to Whonix sources + chroot groupadd -f user + [ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID" + chroot useradd -g user $USER_OPTS -G sudo,audio -m -s /bin/bash user + if [ `chroot id -u user` != 1000 ]; then + chroot useradd -g user -u 1000 -M -s /bin/bash user-placeholder + fi + } + + #### '---------------------------------------------------------------------- + info ' Installing Whonix build scripts' + #### '---------------------------------------------------------------------- + echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh" + chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh" + + #### '---------------------------------------------------------------------- + info ' Removing apt-listchanges if it exists,so no prompts appear' + #### '---------------------------------------------------------------------- + # Whonix does not handle this properly, but aptInstall packages will + aptRemove apt-listchanges || true + + #### '---------------------------------------------------------------------- + info ' Copying additional files required for build' + #### '---------------------------------------------------------------------- + copyTree "files" + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" +fi + + +##### '------------------------------------------------------------------------- +debug ' Installing Whonix code base' +##### '------------------------------------------------------------------------- +if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ]; then + if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then + chroot su user -c 'mkdir /home/user/Whonix' + fi + + mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix" + + if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then + BUILD_TYPE="--torgateway" + elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then + BUILD_TYPE="--torworkstation" + else + error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" + error "You need to set TEMPLATE_FLAVOR environment variable to either" + error "whonix-gateway OR whonix-workstation" + exit 1 + fi + + # Whonix needs /dev/pts mounted during build + mount --bind /dev "${INSTALLDIR}/dev" + mount --bind /dev/pts "${INSTALLDIR}/dev/pts" + + chroot su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; } + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_installed" +fi + + +##### '------------------------------------------------------------------------- +debug ' Whonix Post Installation Configurations' +##### '------------------------------------------------------------------------- +if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_post" ]; then + + #### '---------------------------------------------------------------------- + info ' Restoring original network interfaces' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc/network" + { + rm -f interfaces; + ln -s interfaces.backup interfaces; + } + popd + + #### '---------------------------------------------------------------------- + info ' Temporarily retore original resolv.conf for remainder of install process' + info ' (Will be restored back in wheezy+whonix/04_qubes_install_post.sh)' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc" + { + rm -f resolv.conf; + cp -p resolv.conf.backup resolv.conf; + } + popd + + #### '---------------------------------------------------------------------- + info ' Temporarily retore original hosts for remainder of install process' + info ' (Will be restored on initial boot)' + #### '---------------------------------------------------------------------- + pushd "${INSTALLDIR}/etc" + { + rm -f hosts; + cp -p hosts.anondist-orig hosts; + } + popd + + #### '---------------------------------------------------------------------- + info ' Restore default user UID set to so same in all builds regardless of build host' + #### '---------------------------------------------------------------------- + if [ -n "`chroot id -u user-placeholder`" ]; then + chroot userdel user-placeholder + chroot usermod -u 1000 user + fi + + #### '---------------------------------------------------------------------- + info ' Enable some aliases in .bashrc' + #### '---------------------------------------------------------------------- + sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc" + sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc" + sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc" + sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc" + + #### '---------------------------------------------------------------------- + info ' Remove apt-cacher-ng' + #### '---------------------------------------------------------------------- + chroot service apt-cacher-ng stop || : + chroot update-rc.d apt-cacher-ng disable || : + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng + + #### '---------------------------------------------------------------------- + info ' Remove original sources.list (Whonix copied them to .../debian.list)' + #### '---------------------------------------------------------------------- + rm -f "${INSTALLDIR}/etc/apt/sources.list" + + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot apt-get.anondist-orig update + + touch "${INSTALLDIR}/${TMPDIR}/.whonix_post" +fi + + +##### '------------------------------------------------------------------------- +debug ' Temporarily retore original apt-get for remainder of install process' +##### '------------------------------------------------------------------------- +pushd "${INSTALLDIR}/usr/bin" +{ + rm -f apt-get; + cp -p apt-get.anondist-orig apt-get; +} +popd + +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +trap - ERR EXIT +trap diff --git a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh deleted file mode 120000 index db7d12f..0000000 --- a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/04_install_qubes_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh new file mode 100755 index 0000000..b97dcd1 --- /dev/null +++ b/scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### '------------------------------------------------------------------------- +debug ' Installing qubes-whonix package(s)' +##### '------------------------------------------------------------------------- + + +# If .prepared_debootstrap has not been completed, don't continue +exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" "prepared_qubes installataion has not completed!... Exiting" + +# Create system mount points. +prepareChroot + + +#### '-------------------------------------------------------------------------- +info ' Trap ERR and EXIT signals and cleanup (umount)' +#### '-------------------------------------------------------------------------- +trap cleanup ERR +trap cleanup EXIT + +#### '-------------------------------------------------------------------------- +info ' Installing qubes-whonix and other required packages' +#### '-------------------------------------------------------------------------- +# whonix-setup-wizard expects '/usr/local/share/applications' directory to exist +chroot mkdir -p '/usr/local/share/applications' # whonix-setup-wizard needs this + +installQubesRepo +aptInstall python-guimessages whonix-setup-wizard qubes-whonix +uninstallQubesRepo + +#### '-------------------------------------------------------------------------- +info ' Cleanup' +#### '-------------------------------------------------------------------------- +umount_all "${INSTALLDIR}/" || true +trap - ERR EXIT +trap diff --git a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh deleted file mode 120000 index 9728555..0000000 --- a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/09_cleanup_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh new file mode 100755 index 0000000..34a1bdb --- /dev/null +++ b/scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh @@ -0,0 +1,40 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +##### '------------------------------------------------------------------------- +debug ' Whonix post installation cleanup' +##### '------------------------------------------------------------------------- + + +#### '-------------------------------------------------------------------------- +info ' Restoring Whonix apt-get' +#### '-------------------------------------------------------------------------- +pushd "${INSTALLDIR}/usr/bin" +{ + rm -f apt-get; + cp -p apt-get.anondist apt-get; +} +popd + +#### '-------------------------------------------------------------------------- +info ' Restoring Whonix resolv.conf' +#### '-------------------------------------------------------------------------- +pushd "${INSTALLDIR}/etc" +{ + rm -f resolv.conf; + cp -p resolv.conf.anondist resolv.conf; +} +popd + +#### '-------------------------------------------------------------------------- +info ' Removing files created during installation that are no longer required' +#### '-------------------------------------------------------------------------- +rm -rf "${INSTALLDIR}/home.orig/user/Whonix" +rm -rf "${INSTALLDIR}/home.orig/user/whonix_binary" +rm -f "${INSTALLDIR}/home.orig/user/whonix_fix" +rm -f "${INSTALLDIR}/home.orig/user/whonix_build.sh" +rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build" +rm -f "${TMPDIR}/etc/sudoers.d/whonix-build" diff --git a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh deleted file mode 100755 index 4531e88..0000000 --- a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# whonix-netvm-gateway contains last known IP used to search and replace -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then - # -------------------------------------------------------------------------- - # Install Custom Configurations - # -------------------------------------------------------------------------- - echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" - touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/.facl b/scripts_debian/wheezy+whonix-gateway/files/.facl index 56e79de..3544554 100644 --- a/scripts_debian/wheezy+whonix-gateway/files/.facl +++ b/scripts_debian/wheezy+whonix-gateway/files/.facl @@ -1,108 +1,3 @@ -# file: . -# owner: user -# group: user -user::rwx -group::r-x -other::r-x - -# file: lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system/qubes-whonix-firewall.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-network.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-init.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/hosts -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/uwt.d -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/uwt.d/50_uwt_default -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/xdg -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart/qubes-whonixsetup.desktop -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/apt -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - # file: etc/hostname # owner: root # group: root @@ -114,7 +9,7 @@ other::r-- # owner: root # group: root user::rwx -group::r-x +group::--x other::--- # file: etc/sudoers.d/whonix-build @@ -124,129 +19,3 @@ user::r-- group::r-- other::--- -# file: .facl -# owner: user -# group: user -user::rw- -group::r-- -other::r-- - -# file: usr -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/utility_functions -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/bind-dirs.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-firewall.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-bind.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/init/replace-ips -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/init.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/whonixcheck.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/init/network-proxy-setup.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-tor.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/messages.yaml -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/alert -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/qubes-whonixsetup -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/enable-iptables-logging.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/hosts b/scripts_debian/wheezy+whonix-gateway/files/etc/hosts deleted file mode 100644 index cc0e30d..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/hosts +++ /dev/null @@ -1,7 +0,0 @@ -## Anonymity Distribution /etc/hosts - -## Anonymity Distribution specific -127.0.0.1 host.localdomain host -## End of Anonymity Distribution specific - -## End of Anonymity Distribution /etc/hosts diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default b/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default deleted file mode 100644 index bac9ef3..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/uwt.d/50_uwt_default +++ /dev/null @@ -1,6 +0,0 @@ - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then - uwtwrapper["/usr/bin/apt-get"]="0" -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop b/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop deleted file mode 100644 index 260635d..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop +++ /dev/null @@ -1,8 +0,0 @@ -## This file is part of Whonix. -## Copyright (C) 2012 - 2014 Patrick Schleizer -## See the file COPYING for copying conditions. - -[Desktop Entry] -Type=Application -Terminal=false -Exec=/usr/lib/whonix/qubes-whonixsetup diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service deleted file mode 100644 index 89a5229..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-firewall.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes Whonix firewall updater -After=qubes-whonix-network.service -Before=network.target - -[Service] -ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-firewall.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service deleted file mode 100644 index 6215c2c..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Qubes Whonix initialization script -After=qubes-whonix-network.service -Before=qubes-whonix-firewall.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/init.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service b/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service deleted file mode 100644 index 4e71280..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/lib/systemd/system/qubes-whonix-network.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes Whonix network proxy setup -ConditionPathExists=/var/run/qubes-service/qubes-network -Before=network.target -After=iptables.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-network.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert deleted file mode 100755 index e585475..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/alert +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python - -# -# Copyright 2014 Jason Mehring (nrgaway@gmail.com) -# - -from PyQt4 import QtGui -import locale -import yaml - -DEFAULT_LANG = 'en' - -class Messages(): - filename = None - data = None - language = DEFAULT_LANG - title = None - icon = None - message = None - - def __init__(self, section, filename): - self.filename = filename - - language = locale.getdefaultlocale()[0].split('_')[0] - if language: - self.language = language - - try: - stream = file(filename, 'r') - data = yaml.load(stream) - - if section in data.keys(): - section = data[section] - - self.icon = section.get('icon', None) - - language = section.get(self.language, DEFAULT_LANG) - - self.title = language.get('title', None) - self.message = language.get('message', None) - - except (IOError): - pass - except (yaml.scanner.ScannerError, yaml.parser.ParserError): - pass - -class WhonixMessageBox(QtGui.QMessageBox): - def __init__(self, message): - super(WhonixMessageBox, self).__init__() - self.message = message - self.initUI() - - def initUI(self): - message = self.message - - if message.title: - self.setWindowTitle(message.title) - - if message.icon: - self.setIcon(getattr(QtGui.QMessageBox, message.icon)) - - if message.message: - self.setText(message.message) - self.exec_() - -import argparse -import sys - - - -def main(): - parser = argparse.ArgumentParser(description='Display a QT Message Box') - - parser.add_argument('section', help="Message section") - parser.add_argument('filename', help="File including full path") - - args = parser.parse_args() - - if not args.filename and args.section: - print parser.usage() - sys.exit(1) - - app = QtGui.QApplication(sys.argv) - - message = Messages(args.section, args.filename) - dialog = WhonixMessageBox(message) - sys.exit() - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh deleted file mode 100755 index ab2b0be..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# -# To umount all binds, just pass any arg in $1 -# - -. /usr/lib/whonix/utility_functions - -# Don't run if started as a template -if ! [ "${WHONIX}" == "template" ]; then - # Array of directories to bind - BINDS=( - '/rw/srv/whonix/root/.whonix:/root/.whonix' - '/rw/srv/whonix/root/.whonix.d:/root/.whonix.d' - '/rw/srv/whonix/var/lib/whonix:/var/lib/whonix' - '/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck' - '/rw/srv/whonix/etc/tor:/etc/tor' - ) - - for bind in ${BINDS[@]}; do - rw_dir="${bind%%:*}" - ro_dir="${bind##*:}" - - # Make sure ro directory is not mounted - umount "${ro_dir}" 2> /dev/null || true - - if [ -n "${1}" ]; then - echo "Umounting only..." - exit 0 - fi - - # Make sure ro directory exists - if ! [ -d "${ro_dir}" ]; then - mkdir -p "${ro_dir}" - fi - - # Initially copy over data directories to /rw if rw directory does not exist - if ! [ -d "${rw_dir}" ]; then - mkdir -p "${rw_dir}" - rsync -hax "${ro_dir}/." "${rw_dir}" - fi - - # Bind the directory - sync - mount --bind "${rw_dir}" "${ro_dir}" - done - sync -fi - -if [ "${WHONIX}" == "gateway" ]; then - # Make sure we remove whonixsetup.done if Tor is not enabled - # to allow choice of repo and prevent whonixcheck errors - grep "^DisableNetwork 0$" /etc/tor/torrc || { - sudo rm -f /var/lib/whonix/do_once/whonixsetup.done - } -fi - -exit 0 diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh deleted file mode 100755 index a8e1653..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/enable-iptables-logging.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Check /var/log/kern.log for logging results - -LOG_IP4=1 -LOG_IP6=0 - -# for IPv4 -if [ "$LOG_IP4" == "1" ]; then - iptables -t raw -A OUTPUT -p icmp -j TRACE - iptables -t raw -A PREROUTING -p icmp -j TRACE - modprobe ipt_LOG -fi - -# for IPv6 -if [ "$LOG_IP6" == "1" ]; then - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE - modprobe ip6t_LOG -fi - -# Redirect local port to remote via socat -#apt-get install socat -#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082 -# -# Works -# localhost/loopback maps localhost port 8082 to localhost port 8888 -#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888 diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh deleted file mode 100755 index 1839152..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" != "template" ]; then - # Files that will have the immutable bit set - # since we don't want them modified by other programs - IMMUTABLE_FILES=( - '/etc/resolv.conf' - '/etc/hostname' - '/etc/hosts' - ) - - # Make sure all .anondist files in list are immutable - immutableFilesEnable "${IMMUTABLE_FILES}" - immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist" - - # Make sure we are using a copy of the annondist file and if not - # copy the annondist file and set it immutable - copyAnondist "/etc/resolv.conf" - copyAnondist "/etc/hosts" - copyAnondist "/etc/hostname" - - # Replace IP addresses in known configuration files / scripts to - # currently discovered one - /usr/lib/whonix/init/replace-ips - - # Make sure hostname is correct - /bin/hostname host -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh deleted file mode 100755 index 71a43cf..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -INTERFACE="eth1" - -if [ "${WHONIX}" == "gateway" ]; then - - if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" - else - XENSTORE_READ="/usr/bin/xenstore-read" - fi - - # Setup Xen / Qubes proxy - network=$(xenstore-read qubes-netvm-network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(xenstore-read qubes-netvm-gateway) - netmask=$(xenstore-read qubes-netvm-netmask) - secondary_dns=$(xenstore-read qubes-netvm-secondary-dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes-ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns - #/usr/lib/qubes/qubes-setup-dnat-to-ns - echo "0" > /proc/sys/net/ipv4/ip_forward - /sbin/ethtool -K eth0 sg off || : - fi - - # Now, assign it the netvm-gateway IP address - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - if [ x${ip} != x ]; then - # Create a dummy eth1 interface so tor can bind to it if there - # are no DOMU virtual machines connected at the moment - /sbin/ip link add ${INTERFACE} type dummy - - netmask=$(${XENSTORE_READ} qubes-netvm-netmask) - gateway=$(${XENSTORE_READ} qubes-netvm-gateway) - /sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255 - /sbin/ifconfig ${INTERFACE} up - /sbin/ethtool -K ${INTERFACE} sg off || true - /sbin/ethtool -K ${INTERFACE} tx off || true - - ip link set ${INTERFACE} up - fi - - echo "0" > /proc/sys/net/ipv4/ip_forward - - # Allow whonix-gateway to act as an update-proxy - touch /var/run/qubes-service/qubes-updates-proxy - - # Search and replace tinyproxy error files so we can inject code that - # we can use to identify that its a tor proxy so updates are secure - error_file="/usr/share/tinyproxy/default.html" - grep -q "${PROXY_META}" "${error_file}" || { - sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}" - } -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh deleted file mode 100755 index 50c5cbc..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-firewall.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" -else - XENSTORE_READ="/usr/bin/xenstore-read" -fi - -# Make sure IP forwarding is disabled -echo "0" > /proc/sys/net/ipv4/ip_forward - -if [ "${WHONIX}" != "template" ]; then - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - - # Start Whonix Firewall - if [ "${WHONIX}" == "gateway" ]; then - export INT_IF="vif+" - export INT_TIF="vif+" - - # Inject custom firewall rules into whonix_firewall - sed -i -f - /usr/bin/whonix_firewall <<-EOF -/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\ -## IPv4 DROP INVALID INCOMING PACKAGES \\ -## \\ -## --- THE FOLLOWING WS INJECTED --- \\ -## Qubes Tiny Proxy Updater \\ -iptables -t nat -N PR-QBS-SERVICES \\ -iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\ -iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\ -iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\ -iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\ -iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\ -iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\ -\\ -# Route any traffic FROM netvm TO netvm BACK-TO localhost \\ -# Allows localhost access to tor network \\ -#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\ -###################################### -EOF - fi - - # Load the firewall - # XXX: TODO: Take down all network accesss if firewall fails - /usr/bin/whonix_firewall - - systemctl restart qubes-updates-proxy.service -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service deleted file mode 100644 index 0a83e1b..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-tor.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description = Anonymizing overlay network for TCP -After = syslog.target network.target nss-lookup.target - -[Service] -Type = simple -ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --quiet -ExecReload = /bin/kill -HUP ${MAINPID} -ExecStop = /bin/kill -INT ${MAINPID} -TimeoutSec = 60 -Restart = on-failure -LimitNOFILE = 32768 - -[Install] -WantedBy = multi-user.target -Alias=tor.service diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips deleted file mode 100755 index 900a584..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/replace-ips +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -# Search though files and updates IP address to the current -# IP address(es) - -FILES=( - '/usr/lib/leaktest-workstation/simple_ping.py' - '/usr/lib/whonixcheck/preparation' - '/usr/share/anon-kde-streamiso/share/config/kioslaverc' - '/usr/bin/whonix_firewall' - '/etc/whonix_firewall.d/30_default' - '/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh' - '/usr/bin/uwt' - '/etc/uwt.d/30_uwt_default' - '/usr/share/tor/tor-service-defaults-torrc.anondist' - '/usr/bin/update-torbrowser' - '/etc/network/interfaces.whonix' - '/etc/resolv.conf.anondist' - '/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin' - '/etc/rinetd.conf.anondist' - '/etc/network/interfaces.whonix' - '/usr/share/anon-torchat/.torchat/torchat.ini' -) - -# sed search and replace. return 0 if replace happened, otherwise 1 -search_replace() { - local search="${1}" - local replace="${2}" - local file="${3}" - local retval=1 - - if ! [ -L "${file}" ]; then - ls_attrs="$(lsattr "${file}")" - ls_attrs=${ls_attrs:4:1} - if [ "${ls_attrs}" == "i" ]; then - chattr -i "${file}" - fi - fi - - sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" - retval=$? - - if [ "${ls_attrs}" = "i" ]; then - chattr +i "${file}" - fi - - return $retval -} - -function replace_ips() -{ - local search_ip="${1}" - local replace_ip="${2}" - local files=("${!3}") - local retval=1 - - # If IP is 10.152.152.10, network is 10.152.152.0 - search_network="${search_ip%[.]*}.0" - replace_network="${replace_ip%[.]*}.0" - - if ! [ "${search_ip}" = "${replace_ip}" ]; then - for file in "${files[@]}"; do - if [ -f "$file" ]; then - search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0 - search_replace "${search_network}" "${replace_network}" "${file}" && retval=0 - fi - done - fi - - return $retval -} - -update_ip() { - ip=${1} - - echo "${ip}" > /etc/whonix-netvm-gateway - grep '^DisableNetwork 0$' /etc/tor/torrc && { - service tor status && { - service tor reload || true; - } - } -} - -if [ "${WHONIX}" == "gateway" ]; then - ip="$(xenstore-read qubes-netvm-gateway)" - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}" - fi - -elif [ "${WHONIX}" == "workstation" ]; then - ip="$(xenstore-read qubes-ip)" - gateway="$(xenstore-read qubes-gateway)" - - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - fi - - if [ x${gateway} != x ]; then - # Compare to current gateway IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - fi -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service deleted file mode 100644 index 5f883d2..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=Checks many important aspects of Whonix. -After=syslog.target network.target - -[Service] -Type=forking -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/run/whonixcheck -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonixcheck -ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonix/whonixblog -ExecStart=/usr/lib/whonixcheckdaemon -PIDFile=/var/run/whonixcheck.pid -User=user -Group=user -UMask=0007 -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml deleted file mode 100644 index 075ab09..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/messages.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -update: - icon: Critical - en: - title: Tor netvm required for updates - message: | -

Tor netvm required for updates!

-

Please ensure your template vm has a Whonix gateway as it's VM.

-

No updates are possible without an active (running) Whonix gateway VM.

diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup deleted file mode 100755 index f90d15b..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if ! [ "${WHONIX}" == "template" ]; then - sudo /usr/lib/whonix/bind-dirs.sh -fi - -if [ "${WHONIX}" == "gateway" ]; then - if grep "^DisableNetwork 0$" /etc/tor/torrc ;then - sudo service sdwdate restart - sudo service tor restart - else - sudo service sdwdate restart - sudo service tor stop - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "workstation" ]; then - sudo service sdwdate restart - if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then - # Set secure defaults. - sudo iptables -P INPUT DROP - sudo iptables -P FORWARD DROP - sudo iptables -P OUTPUT DROP - - # Flush old rules. - sudo iptables -F - sudo iptables -X - sudo iptables -t nat -F - sudo iptables -t nat -X - sudo iptables -t mangle -F - sudo iptables -t mangle -X - - # Display warning that netvm is not connected to a torvm - /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml -fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions deleted file mode 100755 index 8a3b4e7..0000000 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/utility_functions +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -# /etc/uwt.d/50_uwt_default relies on this in order to allow connection -# to proxy for template -PROXY_SERVER="http://10.137.255.254:8082/" -PROXY_META='' - -if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then - WHONIX="template" -elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then - WHONIX="gateway" -elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then - WHONIX="workstation" -else - WHONIX="unknown" -fi - -if [ "${WHONIX}" == "template" ]; then - curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && { - PROXY_SECURE=1 - } || { - PROXY_SECURE=0 - } -fi - -immutableFilesEnable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr +i "${file}${suffix}" - fi - done -} - -immutableFilesDisable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr -i "${file}${suffix}" - fi - done -} - -copyAnondist() { - file="${1}" - suffix="${2-.anondist}" - - # Remove any softlinks first - if [ -L "${file}" ]; then - sudo rm -f "${file}" - fi - - if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then - sudo chattr -i "${file}" - sudo rm -f "${file}" - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - elif ! [ -f "${file}" ]; then - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - fi -} - -# Will only enable / disable if service is not already in that state -enable_sysv() { - servicename=${1} - disable=${2-0} - - # Check to see if the service is already enabled and if not, enable it - string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}" - - if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then - case ${disable} in - 0) - echo "${1} is currently disabled; enabling it" - sudo systemctl --quiet enable ${servicename} - ;; - 1) - echo "${1} is currently enabled; disabling it" - sudo service ${servicename} stop - sudo systemctl --quiet disable ${servicename} - ;; - esac - fi -} - -disable_sysv() { - enable_sysv ${1} 1 -} - diff --git a/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list b/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list deleted file mode 120000 index d5dfb50..0000000 --- a/scripts_debian/wheezy+whonix-gateway/packages_wheezy.list +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/packages_wheezy.list \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix/packages_wheezy.list b/scripts_debian/wheezy+whonix-gateway/packages_whonix.list similarity index 87% rename from scripts_debian/wheezy+whonix/packages_wheezy.list rename to scripts_debian/wheezy+whonix-gateway/packages_whonix.list index 91e329e..8d44c4c 100644 --- a/scripts_debian/wheezy+whonix/packages_wheezy.list +++ b/scripts_debian/wheezy+whonix-gateway/packages_whonix.list @@ -1,7 +1,8 @@ -git -curl sudo locales +haveged + +curl console-data console-common initramfs-tools @@ -12,17 +13,14 @@ less lsof most pciutils -strace sysfsutils usbutils lsb-release -acpi-support-base -haveged build-essential:native gcc fakeroot lintian - rsync grub-pc + diff --git a/scripts_debian/wheezy+whonix-workstation b/scripts_debian/wheezy+whonix-workstation new file mode 120000 index 0000000..1a4e27a --- /dev/null +++ b/scripts_debian/wheezy+whonix-workstation @@ -0,0 +1 @@ +wheezy+whonix-gateway \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh b/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh deleted file mode 120000 index d1f0dd6..0000000 --- a/scripts_debian/wheezy+whonix-workstation/00_prepare_pre.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/00_prepare_pre.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh b/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh deleted file mode 120000 index 3524b69..0000000 --- a/scripts_debian/wheezy+whonix-workstation/01_install_core_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/01_install_core_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh b/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh deleted file mode 120000 index 4b74627..0000000 --- a/scripts_debian/wheezy+whonix-workstation/02_install_groups_packages_installed.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/02_install_groups_packages_installed.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh b/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh deleted file mode 120000 index db7d12f..0000000 --- a/scripts_debian/wheezy+whonix-workstation/04_install_qubes_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/04_install_qubes_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh b/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh deleted file mode 120000 index 9728555..0000000 --- a/scripts_debian/wheezy+whonix-workstation/09_cleanup_post.sh +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/09_cleanup_post.sh \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh deleted file mode 100755 index e36dc97..0000000 --- a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# whonix-netvm-gateway contains last known IP used to search and replace -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then - # -------------------------------------------------------------------------- - # Install Custom Configurations - # -------------------------------------------------------------------------- - echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip" - echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" - - touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/.facl b/scripts_debian/wheezy+whonix-workstation/files/.facl deleted file mode 100644 index 9056544..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/.facl +++ /dev/null @@ -1,224 +0,0 @@ -# file: . -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: lib/systemd/system/qubes-whonix-firewall.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-network.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: lib/systemd/system/qubes-whonix-init.service -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/hosts -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/uwt.d -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/uwt.d/50_uwt_default -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/xdg -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: etc/xdg/autostart/qubes-whonixsetup.desktop -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/hostname -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: etc/sudoers.d -# owner: root -# group: root -user::rwx -group::r-x -other::--- - -# file: etc/sudoers.d/whonix-build -# owner: root -# group: root -user::r-- -group::r-- -other::--- - -# file: .facl -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/utility_functions -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/bind-dirs.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/qubes-whonix-firewall.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/replace-ips -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/init.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/init/network-proxy-setup.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/messages.yaml -# owner: root -# group: root -user::rw- -group::r-- -other::r-- - -# file: usr/lib/whonix/alert -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/qubes-whonixsetup -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - -# file: usr/lib/whonix/enable-iptables-logging.sh -# owner: root -# group: root -user::rwx -group::r-x -other::r-x - diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/hostname b/scripts_debian/wheezy+whonix-workstation/files/etc/hostname deleted file mode 100644 index c70dc2d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/hostname +++ /dev/null @@ -1 +0,0 @@ -host diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/hosts b/scripts_debian/wheezy+whonix-workstation/files/etc/hosts deleted file mode 100644 index cc0e30d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/hosts +++ /dev/null @@ -1,7 +0,0 @@ -## Anonymity Distribution /etc/hosts - -## Anonymity Distribution specific -127.0.0.1 host.localdomain host -## End of Anonymity Distribution specific - -## End of Anonymity Distribution /etc/hosts diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build b/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build deleted file mode 100644 index 5841129..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/sudoers.d/whonix-build +++ /dev/null @@ -1 +0,0 @@ -user ALL=(ALL) NOPASSWD: ALL diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default b/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default deleted file mode 100644 index bac9ef3..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/uwt.d/50_uwt_default +++ /dev/null @@ -1,6 +0,0 @@ - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then - uwtwrapper["/usr/bin/apt-get"]="0" -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop b/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop deleted file mode 100644 index 260635d..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/etc/xdg/autostart/qubes-whonixsetup.desktop +++ /dev/null @@ -1,8 +0,0 @@ -## This file is part of Whonix. -## Copyright (C) 2012 - 2014 Patrick Schleizer -## See the file COPYING for copying conditions. - -[Desktop Entry] -Type=Application -Terminal=false -Exec=/usr/lib/whonix/qubes-whonixsetup diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service deleted file mode 100644 index 89a5229..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-firewall.service +++ /dev/null @@ -1,12 +0,0 @@ -[Unit] -Description=Qubes Whonix firewall updater -After=qubes-whonix-network.service -Before=network.target - -[Service] -ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-firewall.service diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service deleted file mode 100644 index 6215c2c..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-init.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=Qubes Whonix initialization script -After=qubes-whonix-network.service -Before=qubes-whonix-firewall.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/init.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target diff --git a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service b/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service deleted file mode 100644 index 4e71280..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/lib/systemd/system/qubes-whonix-network.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=Qubes Whonix network proxy setup -ConditionPathExists=/var/run/qubes-service/qubes-network -Before=network.target -After=iptables.service - -[Service] -Type=oneshot -RemainAfterExit=yes -ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh -StandardOutput=syslog - -[Install] -WantedBy=multi-user.target -Alias=qubes-network.service diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert deleted file mode 100755 index e585475..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/alert +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/python - -# -# Copyright 2014 Jason Mehring (nrgaway@gmail.com) -# - -from PyQt4 import QtGui -import locale -import yaml - -DEFAULT_LANG = 'en' - -class Messages(): - filename = None - data = None - language = DEFAULT_LANG - title = None - icon = None - message = None - - def __init__(self, section, filename): - self.filename = filename - - language = locale.getdefaultlocale()[0].split('_')[0] - if language: - self.language = language - - try: - stream = file(filename, 'r') - data = yaml.load(stream) - - if section in data.keys(): - section = data[section] - - self.icon = section.get('icon', None) - - language = section.get(self.language, DEFAULT_LANG) - - self.title = language.get('title', None) - self.message = language.get('message', None) - - except (IOError): - pass - except (yaml.scanner.ScannerError, yaml.parser.ParserError): - pass - -class WhonixMessageBox(QtGui.QMessageBox): - def __init__(self, message): - super(WhonixMessageBox, self).__init__() - self.message = message - self.initUI() - - def initUI(self): - message = self.message - - if message.title: - self.setWindowTitle(message.title) - - if message.icon: - self.setIcon(getattr(QtGui.QMessageBox, message.icon)) - - if message.message: - self.setText(message.message) - self.exec_() - -import argparse -import sys - - - -def main(): - parser = argparse.ArgumentParser(description='Display a QT Message Box') - - parser.add_argument('section', help="Message section") - parser.add_argument('filename', help="File including full path") - - args = parser.parse_args() - - if not args.filename and args.section: - print parser.usage() - sys.exit(1) - - app = QtGui.QApplication(sys.argv) - - message = Messages(args.section, args.filename) - dialog = WhonixMessageBox(message) - sys.exit() - -if __name__ == "__main__": - main() \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh deleted file mode 100755 index ab2b0be..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/bash - -# -# To umount all binds, just pass any arg in $1 -# - -. /usr/lib/whonix/utility_functions - -# Don't run if started as a template -if ! [ "${WHONIX}" == "template" ]; then - # Array of directories to bind - BINDS=( - '/rw/srv/whonix/root/.whonix:/root/.whonix' - '/rw/srv/whonix/root/.whonix.d:/root/.whonix.d' - '/rw/srv/whonix/var/lib/whonix:/var/lib/whonix' - '/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck' - '/rw/srv/whonix/etc/tor:/etc/tor' - ) - - for bind in ${BINDS[@]}; do - rw_dir="${bind%%:*}" - ro_dir="${bind##*:}" - - # Make sure ro directory is not mounted - umount "${ro_dir}" 2> /dev/null || true - - if [ -n "${1}" ]; then - echo "Umounting only..." - exit 0 - fi - - # Make sure ro directory exists - if ! [ -d "${ro_dir}" ]; then - mkdir -p "${ro_dir}" - fi - - # Initially copy over data directories to /rw if rw directory does not exist - if ! [ -d "${rw_dir}" ]; then - mkdir -p "${rw_dir}" - rsync -hax "${ro_dir}/." "${rw_dir}" - fi - - # Bind the directory - sync - mount --bind "${rw_dir}" "${ro_dir}" - done - sync -fi - -if [ "${WHONIX}" == "gateway" ]; then - # Make sure we remove whonixsetup.done if Tor is not enabled - # to allow choice of repo and prevent whonixcheck errors - grep "^DisableNetwork 0$" /etc/tor/torrc || { - sudo rm -f /var/lib/whonix/do_once/whonixsetup.done - } -fi - -exit 0 diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh deleted file mode 100755 index a8e1653..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/enable-iptables-logging.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -# Check /var/log/kern.log for logging results - -LOG_IP4=1 -LOG_IP6=0 - -# for IPv4 -if [ "$LOG_IP4" == "1" ]; then - iptables -t raw -A OUTPUT -p icmp -j TRACE - iptables -t raw -A PREROUTING -p icmp -j TRACE - modprobe ipt_LOG -fi - -# for IPv6 -if [ "$LOG_IP6" == "1" ]; then - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE - ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE - modprobe ip6t_LOG -fi - -# Redirect local port to remote via socat -#apt-get install socat -#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082 -# -# Works -# localhost/loopback maps localhost port 8082 to localhost port 8888 -#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888 diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh deleted file mode 100755 index 1839152..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ "${WHONIX}" != "template" ]; then - # Files that will have the immutable bit set - # since we don't want them modified by other programs - IMMUTABLE_FILES=( - '/etc/resolv.conf' - '/etc/hostname' - '/etc/hosts' - ) - - # Make sure all .anondist files in list are immutable - immutableFilesEnable "${IMMUTABLE_FILES}" - immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist" - - # Make sure we are using a copy of the annondist file and if not - # copy the annondist file and set it immutable - copyAnondist "/etc/resolv.conf" - copyAnondist "/etc/hosts" - copyAnondist "/etc/hostname" - - # Replace IP addresses in known configuration files / scripts to - # currently discovered one - /usr/lib/whonix/init/replace-ips - - # Make sure hostname is correct - /bin/hostname host -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh deleted file mode 100755 index 71a43cf..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -INTERFACE="eth1" - -if [ "${WHONIX}" == "gateway" ]; then - - if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" - else - XENSTORE_READ="/usr/bin/xenstore-read" - fi - - # Setup Xen / Qubes proxy - network=$(xenstore-read qubes-netvm-network 2>/dev/null) - if [ "x$network" != "x" ]; then - gateway=$(xenstore-read qubes-netvm-gateway) - netmask=$(xenstore-read qubes-netvm-netmask) - secondary_dns=$(xenstore-read qubes-netvm-secondary-dns) - modprobe netbk 2> /dev/null || modprobe xen-netback - echo "NS1=$gateway" > /var/run/qubes/qubes-ns - echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns - #/usr/lib/qubes/qubes-setup-dnat-to-ns - echo "0" > /proc/sys/net/ipv4/ip_forward - /sbin/ethtool -K eth0 sg off || : - fi - - # Now, assign it the netvm-gateway IP address - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - if [ x${ip} != x ]; then - # Create a dummy eth1 interface so tor can bind to it if there - # are no DOMU virtual machines connected at the moment - /sbin/ip link add ${INTERFACE} type dummy - - netmask=$(${XENSTORE_READ} qubes-netvm-netmask) - gateway=$(${XENSTORE_READ} qubes-netvm-gateway) - /sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255 - /sbin/ifconfig ${INTERFACE} up - /sbin/ethtool -K ${INTERFACE} sg off || true - /sbin/ethtool -K ${INTERFACE} tx off || true - - ip link set ${INTERFACE} up - fi - - echo "0" > /proc/sys/net/ipv4/ip_forward - - # Allow whonix-gateway to act as an update-proxy - touch /var/run/qubes-service/qubes-updates-proxy - - # Search and replace tinyproxy error files so we can inject code that - # we can use to identify that its a tor proxy so updates are secure - error_file="/usr/share/tinyproxy/default.html" - grep -q "${PROXY_META}" "${error_file}" || { - sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}" - } -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh deleted file mode 100755 index 50c5cbc..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/qubes-whonix-firewall.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if [ -x /usr/sbin/xenstore-read ]; then - XENSTORE_READ="/usr/sbin/xenstore-read" -else - XENSTORE_READ="/usr/bin/xenstore-read" -fi - -# Make sure IP forwarding is disabled -echo "0" > /proc/sys/net/ipv4/ip_forward - -if [ "${WHONIX}" != "template" ]; then - ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) - - # Start Whonix Firewall - if [ "${WHONIX}" == "gateway" ]; then - export INT_IF="vif+" - export INT_TIF="vif+" - - # Inject custom firewall rules into whonix_firewall - sed -i -f - /usr/bin/whonix_firewall <<-EOF -/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\ -## IPv4 DROP INVALID INCOMING PACKAGES \\ -## \\ -## --- THE FOLLOWING WS INJECTED --- \\ -## Qubes Tiny Proxy Updater \\ -iptables -t nat -N PR-QBS-SERVICES \\ -iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\ -iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\ -iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\ -iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\ -iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\ -iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\ -\\ -# Route any traffic FROM netvm TO netvm BACK-TO localhost \\ -# Allows localhost access to tor network \\ -#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\ -###################################### -EOF - fi - - # Load the firewall - # XXX: TODO: Take down all network accesss if firewall fails - /usr/bin/whonix_firewall - - systemctl restart qubes-updates-proxy.service -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips deleted file mode 100755 index 900a584..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/replace-ips +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -# Search though files and updates IP address to the current -# IP address(es) - -FILES=( - '/usr/lib/leaktest-workstation/simple_ping.py' - '/usr/lib/whonixcheck/preparation' - '/usr/share/anon-kde-streamiso/share/config/kioslaverc' - '/usr/bin/whonix_firewall' - '/etc/whonix_firewall.d/30_default' - '/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh' - '/usr/bin/uwt' - '/etc/uwt.d/30_uwt_default' - '/usr/share/tor/tor-service-defaults-torrc.anondist' - '/usr/bin/update-torbrowser' - '/etc/network/interfaces.whonix' - '/etc/resolv.conf.anondist' - '/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin' - '/etc/rinetd.conf.anondist' - '/etc/network/interfaces.whonix' - '/usr/share/anon-torchat/.torchat/torchat.ini' -) - -# sed search and replace. return 0 if replace happened, otherwise 1 -search_replace() { - local search="${1}" - local replace="${2}" - local file="${3}" - local retval=1 - - if ! [ -L "${file}" ]; then - ls_attrs="$(lsattr "${file}")" - ls_attrs=${ls_attrs:4:1} - if [ "${ls_attrs}" == "i" ]; then - chattr -i "${file}" - fi - fi - - sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" - retval=$? - - if [ "${ls_attrs}" = "i" ]; then - chattr +i "${file}" - fi - - return $retval -} - -function replace_ips() -{ - local search_ip="${1}" - local replace_ip="${2}" - local files=("${!3}") - local retval=1 - - # If IP is 10.152.152.10, network is 10.152.152.0 - search_network="${search_ip%[.]*}.0" - replace_network="${replace_ip%[.]*}.0" - - if ! [ "${search_ip}" = "${replace_ip}" ]; then - for file in "${files[@]}"; do - if [ -f "$file" ]; then - search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0 - search_replace "${search_network}" "${replace_network}" "${file}" && retval=0 - fi - done - fi - - return $retval -} - -update_ip() { - ip=${1} - - echo "${ip}" > /etc/whonix-netvm-gateway - grep '^DisableNetwork 0$' /etc/tor/torrc && { - service tor status && { - service tor reload || true; - } - } -} - -if [ "${WHONIX}" == "gateway" ]; then - ip="$(xenstore-read qubes-netvm-gateway)" - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}" - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}" - fi - -elif [ "${WHONIX}" == "workstation" ]; then - ip="$(xenstore-read qubes-ip)" - gateway="$(xenstore-read qubes-gateway)" - - if [ x${ip} != x ]; then - # Compare to current IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - - # Do again; checking for original 10.152.152.11 incase of update - replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip - fi - - if [ x${gateway} != x ]; then - # Compare to current gateway IP address assiged by Qubes - replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - - # Do again; checking for original 10.152.152.10 incase of update - replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway - fi -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml deleted file mode 100644 index 075ab09..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/messages.yaml +++ /dev/null @@ -1,9 +0,0 @@ - -update: - icon: Critical - en: - title: Tor netvm required for updates - message: | -

Tor netvm required for updates!

-

Please ensure your template vm has a Whonix gateway as it's VM.

-

No updates are possible without an active (running) Whonix gateway VM.

diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup deleted file mode 100755 index f90d15b..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -. /usr/lib/whonix/utility_functions - -if ! [ "${WHONIX}" == "template" ]; then - sudo /usr/lib/whonix/bind-dirs.sh -fi - -if [ "${WHONIX}" == "gateway" ]; then - if grep "^DisableNetwork 0$" /etc/tor/torrc ;then - sudo service sdwdate restart - sudo service tor restart - else - sudo service sdwdate restart - sudo service tor stop - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "workstation" ]; then - sudo service sdwdate restart - if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then - sudo /usr/bin/whonixsetup - fi - -elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then - # Set secure defaults. - sudo iptables -P INPUT DROP - sudo iptables -P FORWARD DROP - sudo iptables -P OUTPUT DROP - - # Flush old rules. - sudo iptables -F - sudo iptables -X - sudo iptables -t nat -F - sudo iptables -t nat -X - sudo iptables -t mangle -F - sudo iptables -t mangle -X - - # Display warning that netvm is not connected to a torvm - /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml -fi diff --git a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions b/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions deleted file mode 100755 index 8a3b4e7..0000000 --- a/scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/utility_functions +++ /dev/null @@ -1,94 +0,0 @@ -#!/bin/bash - -# /etc/uwt.d/50_uwt_default relies on this in order to allow connection -# to proxy for template -PROXY_SERVER="http://10.137.255.254:8082/" -PROXY_META='' - -if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then - WHONIX="template" -elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then - WHONIX="gateway" -elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then - WHONIX="workstation" -else - WHONIX="unknown" -fi - -if [ "${WHONIX}" == "template" ]; then - curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && { - PROXY_SECURE=1 - } || { - PROXY_SECURE=0 - } -fi - -immutableFilesEnable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr +i "${file}${suffix}" - fi - done -} - -immutableFilesDisable() { - files="${1}" - suffix="${2}" - - for file in "${files[@]}"; do - if [ -f "${file}" ] && ! [ -L "${file}" ]; then - sudo chattr -i "${file}${suffix}" - fi - done -} - -copyAnondist() { - file="${1}" - suffix="${2-.anondist}" - - # Remove any softlinks first - if [ -L "${file}" ]; then - sudo rm -f "${file}" - fi - - if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then - sudo chattr -i "${file}" - sudo rm -f "${file}" - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - elif ! [ -f "${file}" ]; then - sudo cp -p "${file}${suffix}" "${file}" - sudo chattr +i "${file}" - fi -} - -# Will only enable / disable if service is not already in that state -enable_sysv() { - servicename=${1} - disable=${2-0} - - # Check to see if the service is already enabled and if not, enable it - string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}" - - if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then - case ${disable} in - 0) - echo "${1} is currently disabled; enabling it" - sudo systemctl --quiet enable ${servicename} - ;; - 1) - echo "${1} is currently enabled; disabling it" - sudo service ${servicename} stop - sudo systemctl --quiet disable ${servicename} - ;; - esac - fi -} - -disable_sysv() { - enable_sysv ${1} 1 -} - diff --git a/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list b/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list deleted file mode 120000 index d5dfb50..0000000 --- a/scripts_debian/wheezy+whonix-workstation/packages_wheezy.list +++ /dev/null @@ -1 +0,0 @@ -../wheezy+whonix/packages_wheezy.list \ No newline at end of file diff --git a/scripts_debian/wheezy+whonix/00_prepare_pre.sh b/scripts_debian/wheezy+whonix/00_prepare_pre.sh deleted file mode 100755 index 9b21b60..0000000 --- a/scripts_debian/wheezy+whonix/00_prepare_pre.sh +++ /dev/null @@ -1,73 +0,0 @@ -#!/bin/bash -x -# vim: set ts=4 sw=4 sts=4 et : - -################################################################################ -# Allows a pre-built image to be used (if it exists) for installing -# Whonix. This option is useful only for debugging Whonix installations -# -# To use, first create a regualr wheezy template and manually copy the prepared -# image to debian-7-x64-prepard.img -# -# Example: -# cp ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64.img ~/qubes-builder/qubes-src/linux-template-builder/prepared_images/debian-7-x64-whonix-gateway-prepard.img -################################################################################ - -# ------------------------------------------------------------------------------ -# Return if SNAPSHOT is not "1" -# ------------------------------------------------------------------------------ -# This script is only used if SNAPSHOT is set -if [ ! "${SNAPSHOT}" == "1" ]; then - exit 0 -fi - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -INSTALLDIR="$(readlink -m mnt)" - -# ------------------------------------------------------------------------------ -# Use a snapshot of the debootstraped debian image to install Whonix (for DEBUGGING) -# ------------------------------------------------------------------------------ - -manage_snapshot() { - umount_kill "${INSTALLDIR}" || : - - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - # Remove old snapshots if whonix completed - if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - warn "Removing stale snapshots" - umount_kill "${INSTALLDIR}" || : - rm -rf "$debootstrap_snapshot" - rm -rf "$updated_snapshot" - return - fi - - warn "Copying $1 to ${IMG}" - mount -o loop "$1" "${INSTALLDIR}" || exit 1 - rm -f "${INSTALLDIR}/tmp/.prepared_groups" - umount_kill "${INSTALLDIR}" || : - cp -f "$1" "${IMG}" -} - -splitPath "${IMG}" path_parts -debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" -updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" - -if [ -f "$updated_snapshot" ]; then - manage_snapshot "$updated_snapshot" -elif [ -f "$debootstrap_snapshot" ]; then - manage_snapshot "$debootstrap_snapshot" -fi - diff --git a/scripts_debian/wheezy+whonix/01_install_core_post.sh b/scripts_debian/wheezy+whonix/01_install_core_post.sh deleted file mode 100755 index 9534618..0000000 --- a/scripts_debian/wheezy+whonix/01_install_core_post.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Return if SNAPSHOT is not "1" -# ------------------------------------------------------------------------------ -# This script is only used if SNAPSHOT is set -if [ ! "${SNAPSHOT}" == "1" ]; then - exit 0 -fi - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# Create a snapshot of the already debootstraped image -# ------------------------------------------------------------------------------ -splitPath "${IMG}" path_parts -PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" - -if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - umount_kill "${INSTALLDIR}" || : - warn "Copying ${IMG} to ${PREPARED_IMG}" - cp -f "${IMG}" "${PREPARED_IMG}" - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 -fi diff --git a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh b/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh deleted file mode 100755 index 0b22bf2..0000000 --- a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh +++ /dev/null @@ -1,310 +0,0 @@ -#!/bin/bash -# vim: set ts=4 sw=4 sts=4 et : - -# ------------------------------------------------------------------------------ -# Source external scripts -# ------------------------------------------------------------------------------ -. ${SCRIPTSDIR}/vars.sh -. ./umount_kill.sh >/dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -# ------------------------------------------------------------------------------ -# XXX: Create a snapshot - Only for DEBUGGING! -# ------------------------------------------------------------------------------ -# Only execute if SNAPSHOT is set -if [ "${SNAPSHOT}" == "1" ]; then - splitPath "${IMG}" path_parts - PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" - - if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then - umount_kill "${INSTALLDIR}" || : - warn "Copying ${IMG} to ${PREPARED_IMG}" - cp -f "${IMG}" "${PREPARED_IMG}" - mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 - for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done - fi -fi - -# ------------------------------------------------------------------------------ -# chroot Whonix build script -# ------------------------------------------------------------------------------ -read -r -d '' WHONIX_BUILD_SCRIPT <<'EOF' || true -################################################################################ -# Pre Fixups -sudo mkdir -p /boot/grub2 -sudo touch /boot/grub2/grub.cfg -sudo mkdir -p /boot/grub -sudo touch /boot/grub/grub.cfg -sudo mkdir --parents --mode=g+rw "/tmp/uwt" - -# Whonix seems to re-install sysvinit even though there is a hold -# on the package. Things seem to work anyway. BUT hopfully the -# hold on grub* don't get removed -sudo apt-mark hold sysvinit -sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common - -# Whonix expects haveged to be started -sudo /etc/init.d/haveged start - -# Whonix does not always fix permissions after writing as sudo, especially -# when running whonixsetup so /var/lib/whonix/done_once is not readable by -# user, so set defualt umask for sudo -#sudo su -c 'echo "Defaults umask = 0002" >> /etc/sudoers' -#sudo su -c 'echo "Defaults umask_override" >> /etc/sudoers' - -################################################################################ -# Whonix installation -export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1" - -pushd ~/Whonix -sudo ~/Whonix/whonix_build \ - --build $1 \ - --64bit-linux \ - --current-sources \ - --enable-whonix-apt-repository \ - --whonix-apt-repository-distribution $2 \ - --install-to-root \ - --skip-verifiable \ - --minimal-report \ - --skip-sanity-tests || { exit 1; } -popd -EOF - -# ------------------------------------------------------------------------------ -# Cleanup function -# ------------------------------------------------------------------------------ -function cleanup() { - error "Whonix error; umounting ${INSTALLDIR} to prevent further writes" - umount_kill "${INSTALLDIR}" || : - exit 1 -} -trap cleanup ERR -trap cleanup EXIT - -# ------------------------------------------------------------------------------ -# Mount devices, etc required for Whonix installation -# ------------------------------------------------------------------------------ -if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then - info "Preparing Whonix system" - - # -------------------------------------------------------------------------- - # Initialize Whonix submodules - # -------------------------------------------------------------------------- - pushd "${WHONIX_DIR}" - { - git add Makefile || true - git commit Makefile -m 'Added Makefile' || true - su $(logname) -c "git submodule update --init --recursive"; - } - popd - - # -------------------------------------------------------------------------- - # Fake grub installation since Whonix has depends on grub-pc - # -------------------------------------------------------------------------- - mkdir -p "${INSTALLDIR}/boot/grub" - cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub" - rm -f "${INSTALLDIR}/usr/sbin/update-grub" - chroot "${INSTALLDIR}" ln -s /bin/true /usr/sbin/update-grub - - # -------------------------------------------------------------------------- - # sed search and replace. return 0 if replace happened, otherwise 1 - # -------------------------------------------------------------------------- - search_replace() { - local search="$1" - local replace="$2" - local file="$3" - sed -i.bak '/'"$search"'/,${s//'"$replace"'/;b};$q1' "$file" - } - - # -------------------------------------------------------------------------- - # Whonix system config dependancies - # -------------------------------------------------------------------------- - - # Qubes needs a user named 'user' - debug "Whonix Add user" - chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \ - { - # UID needs match host user to have access to Whonix sources - chroot "${INSTALLDIR}" groupadd -f user - [ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID" - chroot "${INSTALLDIR}" useradd -g user $USER_OPTS -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user - if [ `chroot "${INSTALLDIR}" id -u user` != 1000 ]; then - chroot "${INSTALLDIR}" useradd -g user -u 1000 -M -s /bin/bash user-placeholder - fi - } - - # Install Whonix build scripts - echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh" - chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh" - - # ------------------------------------------------------------------------------ - # Copy over any extra files - # ------------------------------------------------------------------------------ - copyTree "files" - - touch "${INSTALLDIR}/tmp/.whonix_prepared" -fi - -# ------------------------------------------------------------------------------ -# Install Whonix -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then - info "Installing Whonix system" - - # -------------------------------------------------------------------------- - # Install Whonix code base - # -------------------------------------------------------------------------- - if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then - debug "Installing Whonix build environment..." - chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix' - fi - - if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then - debug "Building Whonix..." - mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix" - fi - - if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then - BUILD_TYPE="--torgateway" - elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then - BUILD_TYPE="--torworkstation" - else - error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" - error "You need to set TEMPLATE_FLAVOR environment variable to either" - error "whonix-gateway OR whonix-workstation" - exit 1 - fi - - chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; } - - touch "${INSTALLDIR}/tmp/.whonix_installed" -fi - -# ------------------------------------------------------------------------------ -# Whonix Post Installation Configurations -# ------------------------------------------------------------------------------ -if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then - info "Post Configuring Whonix System" - - # Don't need Whonix interfaces; restore original - pushd "${INSTALLDIR}/etc/network" - { - rm -f interfaces; - ln -s interfaces.backup interfaces; - } - popd - - # Qubes installation will need a normal resolv.conf; will be restored back - # in 04_qubes_install_post.sh within the wheezy+whonix-* directories - pushd "${INSTALLDIR}/etc" - { - rm -f resolv.conf; - cp -p resolv.conf.backup resolv.conf; - } - popd - - # Remove link to hosts file and copy original back - # Will get set back to Whonix hosts file when the - # /usr/lib/whonix/setup-ip is run on startup - pushd "${INSTALLDIR}/etc" - { - rm -f hosts; - cp -p hosts.anondist-orig hosts; - } - popd - - - # Enable Tor - #if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then - # sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc" - #fi - - # Restore default user UID to have the same in all builds regardless of build host - if [ -n "`chroot "${INSTALLDIR}" id -u user-placeholder`" ]; then - chroot "${INSTALLDIR}" userdel user-placeholder - chroot "${INSTALLDIR}" usermod -u 1000 user - fi - - # Enable aliases in .bashrc - sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc" - sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc" - sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc" - sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc" - - # Fake that initializer was already run - mkdir -p "${INSTALLDIR}/root/.whonix" - touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done" - - # Prevent whonixcheck error - echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default" - - # Use gdialog as an alternative for dialog - mv -f "${INSTALLDIR}/usr/bin/dialog" "${INSTALLDIR}/usr/bin/dialog.dist" - chroot "${INSTALLDIR}" update-alternatives --force --install /usr/bin/dialog dialog /usr/bin/gdialog 999 - - # Disable unwanted applications - chroot "${INSTALLDIR}" update-rc.d network-manager disable || : - chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || : - chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || : - chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || : - - chroot "${INSTALLDIR}" service apt-cacher-ng stop || : - chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || : - - # Tor will be re-enabled upon initial configuration - chroot "${INSTALLDIR}" update-rc.d tor disable || : - chroot "${INSTALLDIR}" update-rc.d sdwdate disable || : - - # Remove apt-cacher-ng - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng - - # Remove original sources.list - rm -f "${INSTALLDIR}/etc/apt/sources.list" - - DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot ${INSTALLDIR} apt-get.anondist-orig update - - touch "${INSTALLDIR}/tmp/.whonix_post" -fi - -# ------------------------------------------------------------------------------ -# Execute any template flavor or sub flavor scripts -# ------------------------------------------------------------------------------ -buildStep "99_custom_configuration.sh" - -# ------------------------------------------------------------------------------ -# Bring back original apt-get for installation of Qubues -# ------------------------------------------------------------------------------ -pushd "${INSTALLDIR}/usr/bin" -{ - rm -f apt-get; - cp -p apt-get.anondist-orig apt-get; -} -popd - -# ------------------------------------------------------------------------------ -# Make sure the temporary policy-rc.d to prevent apt from starting services -# on package installation is still active; Whonix may have reset it -# ------------------------------------------------------------------------------ -cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" </dev/null - -# ------------------------------------------------------------------------------ -# Configurations -# ------------------------------------------------------------------------------ -if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then - set -x -else - set -e -fi - -rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build" From dd70031ba0f7bfbecac13f17a633fdbf2486d83d Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 10 Feb 2015 10:25:35 -0500 Subject: [PATCH 12/18] qubuntu: Added trusty, utopic and vivid templates Considered experimential at this stage. vivid has not had any testing trusty and utopic work as proxyvm's --- .../netvm-whitelisted-appmenus.list | 1 + appmenus_trusty/vm-whitelisted-appmenus.list | 5 +++ appmenus_trusty/whitelisted-appmenus.list | 6 ++++ .../netvm-whitelisted-appmenus.list | 1 + .../vm-whitelisted-appmenus.list | 5 +++ .../whitelisted-appmenus.list | 6 ++++ .../netvm-whitelisted-appmenus.list | 1 + appmenus_utopic/vm-whitelisted-appmenus.list | 5 +++ appmenus_utopic/whitelisted-appmenus.list | 6 ++++ .../netvm-whitelisted-appmenus.list | 1 + .../vm-whitelisted-appmenus.list | 5 +++ .../whitelisted-appmenus.list | 6 ++++ .../netvm-whitelisted-appmenus.list | 1 + appmenus_vivid/vm-whitelisted-appmenus.list | 5 +++ appmenus_vivid/whitelisted-appmenus.list | 6 ++++ .../netvm-whitelisted-appmenus.list | 1 + .../vm-whitelisted-appmenus.list | 5 +++ .../whitelisted-appmenus.list | 6 ++++ scripts_qubuntu/00_prepare.sh | 1 + scripts_qubuntu/01_install_core.sh | 1 + scripts_qubuntu/02_install_groups.sh | 1 + scripts_qubuntu/02_install_groups_post.sh | 12 +++++++ scripts_qubuntu/02_install_groups_trusty.sh | 34 ++++++++++++++++++ scripts_qubuntu/02_install_groups_utopic.sh | 16 +++++++++ scripts_qubuntu/02_install_groups_vivid.sh | 16 +++++++++ scripts_qubuntu/04_install_qubes.sh | 1 + scripts_qubuntu/04_install_qubes_post.sh | 14 ++++++++ scripts_qubuntu/09_cleanup.sh | 1 + scripts_qubuntu/desktop/packages_trusty.list | 1 + scripts_qubuntu/desktop/packages_utopic.list | 1 + scripts_qubuntu/desktop/packages_vivid.list | 1 + scripts_qubuntu/distribution.sh | 1 + .../02_install_groups_packages_installed.sh | 10 ++++++ scripts_qubuntu/fstab | 6 ++++ .../keys/trusty-qubuntu-archive-keyring.gpg | Bin 0 -> 12335 bytes .../keys/utopic-qubuntu-archive-keyring.gpg | Bin 0 -> 12335 bytes .../keys/vivid-qubuntu-archive-keyring.gpg | Bin 0 -> 12335 bytes scripts_qubuntu/packages_qubes.list | 1 + scripts_qubuntu/packages_trusty.list | 25 +++++++++++++ scripts_qubuntu/packages_utopic.list | 25 +++++++++++++ scripts_qubuntu/packages_vivid.list | 25 +++++++++++++ scripts_qubuntu/vars.sh | 31 ++++++++++++++++ 42 files changed, 296 insertions(+) create mode 100644 appmenus_trusty/netvm-whitelisted-appmenus.list create mode 100644 appmenus_trusty/vm-whitelisted-appmenus.list create mode 100644 appmenus_trusty/whitelisted-appmenus.list create mode 100644 appmenus_trusty_desktop/netvm-whitelisted-appmenus.list create mode 100644 appmenus_trusty_desktop/vm-whitelisted-appmenus.list create mode 100644 appmenus_trusty_desktop/whitelisted-appmenus.list create mode 100644 appmenus_utopic/netvm-whitelisted-appmenus.list create mode 100644 appmenus_utopic/vm-whitelisted-appmenus.list create mode 100644 appmenus_utopic/whitelisted-appmenus.list create mode 100644 appmenus_utopic_desktop/netvm-whitelisted-appmenus.list create mode 100644 appmenus_utopic_desktop/vm-whitelisted-appmenus.list create mode 100644 appmenus_utopic_desktop/whitelisted-appmenus.list create mode 100644 appmenus_vivid/netvm-whitelisted-appmenus.list create mode 100644 appmenus_vivid/vm-whitelisted-appmenus.list create mode 100644 appmenus_vivid/whitelisted-appmenus.list create mode 100644 appmenus_vivid_desktop/netvm-whitelisted-appmenus.list create mode 100644 appmenus_vivid_desktop/vm-whitelisted-appmenus.list create mode 100644 appmenus_vivid_desktop/whitelisted-appmenus.list create mode 120000 scripts_qubuntu/00_prepare.sh create mode 120000 scripts_qubuntu/01_install_core.sh create mode 120000 scripts_qubuntu/02_install_groups.sh create mode 100755 scripts_qubuntu/02_install_groups_post.sh create mode 100755 scripts_qubuntu/02_install_groups_trusty.sh create mode 100755 scripts_qubuntu/02_install_groups_utopic.sh create mode 100755 scripts_qubuntu/02_install_groups_vivid.sh create mode 120000 scripts_qubuntu/04_install_qubes.sh create mode 100755 scripts_qubuntu/04_install_qubes_post.sh create mode 120000 scripts_qubuntu/09_cleanup.sh create mode 100644 scripts_qubuntu/desktop/packages_trusty.list create mode 100644 scripts_qubuntu/desktop/packages_utopic.list create mode 100644 scripts_qubuntu/desktop/packages_vivid.list create mode 120000 scripts_qubuntu/distribution.sh create mode 100755 scripts_qubuntu/flash/02_install_groups_packages_installed.sh create mode 100644 scripts_qubuntu/fstab create mode 100644 scripts_qubuntu/keys/trusty-qubuntu-archive-keyring.gpg create mode 100644 scripts_qubuntu/keys/utopic-qubuntu-archive-keyring.gpg create mode 100644 scripts_qubuntu/keys/vivid-qubuntu-archive-keyring.gpg create mode 120000 scripts_qubuntu/packages_qubes.list create mode 100644 scripts_qubuntu/packages_trusty.list create mode 100644 scripts_qubuntu/packages_utopic.list create mode 100644 scripts_qubuntu/packages_vivid.list create mode 100755 scripts_qubuntu/vars.sh diff --git a/appmenus_trusty/netvm-whitelisted-appmenus.list b/appmenus_trusty/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_trusty/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_trusty/vm-whitelisted-appmenus.list b/appmenus_trusty/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_trusty/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_trusty/whitelisted-appmenus.list b/appmenus_trusty/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_trusty/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list b/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_trusty_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_trusty_desktop/vm-whitelisted-appmenus.list b/appmenus_trusty_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_trusty_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_trusty_desktop/whitelisted-appmenus.list b/appmenus_trusty_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_trusty_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_utopic/netvm-whitelisted-appmenus.list b/appmenus_utopic/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_utopic/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_utopic/vm-whitelisted-appmenus.list b/appmenus_utopic/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_utopic/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_utopic/whitelisted-appmenus.list b/appmenus_utopic/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_utopic/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list b/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_utopic_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_utopic_desktop/vm-whitelisted-appmenus.list b/appmenus_utopic_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_utopic_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_utopic_desktop/whitelisted-appmenus.list b/appmenus_utopic_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_utopic_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_vivid/netvm-whitelisted-appmenus.list b/appmenus_vivid/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_vivid/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_vivid/vm-whitelisted-appmenus.list b/appmenus_vivid/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_vivid/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_vivid/whitelisted-appmenus.list b/appmenus_vivid/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_vivid/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list b/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_vivid_desktop/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_vivid_desktop/vm-whitelisted-appmenus.list b/appmenus_vivid_desktop/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..85d045c --- /dev/null +++ b/appmenus_vivid_desktop/vm-whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +firefox.desktop +thunderbird.desktop +nautilus.desktop +yelp.desktop diff --git a/appmenus_vivid_desktop/whitelisted-appmenus.list b/appmenus_vivid_desktop/whitelisted-appmenus.list new file mode 100644 index 0000000..84a4b50 --- /dev/null +++ b/appmenus_vivid_desktop/whitelisted-appmenus.list @@ -0,0 +1,6 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +yelp.desktop diff --git a/scripts_qubuntu/00_prepare.sh b/scripts_qubuntu/00_prepare.sh new file mode 120000 index 0000000..ffd45cb --- /dev/null +++ b/scripts_qubuntu/00_prepare.sh @@ -0,0 +1 @@ +../scripts_debian/00_prepare.sh \ No newline at end of file diff --git a/scripts_qubuntu/01_install_core.sh b/scripts_qubuntu/01_install_core.sh new file mode 120000 index 0000000..d0cfd21 --- /dev/null +++ b/scripts_qubuntu/01_install_core.sh @@ -0,0 +1 @@ +../scripts_debian/01_install_core.sh \ No newline at end of file diff --git a/scripts_qubuntu/02_install_groups.sh b/scripts_qubuntu/02_install_groups.sh new file mode 120000 index 0000000..e2fdd1f --- /dev/null +++ b/scripts_qubuntu/02_install_groups.sh @@ -0,0 +1 @@ +../scripts_debian/02_install_groups.sh \ No newline at end of file diff --git a/scripts_qubuntu/02_install_groups_post.sh b/scripts_qubuntu/02_install_groups_post.sh new file mode 100755 index 0000000..c860afd --- /dev/null +++ b/scripts_qubuntu/02_install_groups_post.sh @@ -0,0 +1,12 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +#### '------------------------------------------------------------------------- +info ' Installing pulseaudio 5' +#### '------------------------------------------------------------------------- +chroot add-apt-repository -y ppa:ubuntu-audio-dev/pulse-testing +aptUpdate +aptInstall pulseaudio diff --git a/scripts_qubuntu/02_install_groups_trusty.sh b/scripts_qubuntu/02_install_groups_trusty.sh new file mode 100755 index 0000000..c4d3d93 --- /dev/null +++ b/scripts_qubuntu/02_install_groups_trusty.sh @@ -0,0 +1,34 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/vars.sh" +source "${SCRIPTSDIR}/distribution.sh" + +#### '-------------------------------------------------------------------------- +info 'HACK: Copying utopic sources.list to install systemd' +#### '-------------------------------------------------------------------------- +cat > "${INSTALLDIR}/etc/apt/sources.list.d/systemd-utopic.list" <p3d59eS7V-&v&l#d(L^k zRnI$SJ!4c=I#2Z4)br)O%B zY3{Bm!~Fn)=O4;r8SQ=guxp9zG*f;M_;434$*opL#zC<`Om}JgJNZZVzvAN}I2Y+6 zHqng;jlV&~4%SgARVWgH`qY}(nu^4zzvVmwZ6k^O(4Q|+d4pTboOUuq>|r-*wfxbA8D>3EyJ zef3jLnu!yqMJ%0D`eq~uaHM`HMksmg>ARO%QjevSjov0!JZQT`Y|WRV>ZzEbYt*WlTK? zdCgoLYz>`VOq~Q>|M)(=vAr#S_$N>lBwzqO81Tn?2F3vahk=5G009O;0|o&>2L=Mh z2Li_M2S7t13Z~lCi1>gtkxl|~ReBL6A0IXFE0~89_O%F;uy8S0FVe^Tu>AsU;y~S)sXPx#XyhNNdFUvR%{xh~@^1xD5klX=- zg!$0g;Z@E4b#2XT@y1B{Gxs*4ueR;#%CKgdDWg_OcHyFU1!_W zh|1T6t53EgZLHmfLLA|DP|aOfaLfni2Ry0@{${crQy&HRrp1{%lIifc$&!s^gl(ya z#%-Jv>(bfabL(h;YS?ZSbnX)6+$wdiNia>9CUvOqQEqH2bp8th_do;VO`w)`t0kZG zhrCy3xJy*SUQXj8=y{LZr&|hgt-=ncowqIsT~(8rVz9)efRK`~8kPe}W}g^8j;j)1 zFNl*1dpuIhOu1L~Zb;O5(fG2WPkNz{58tZAB@;@;-J0%^?rUG4DO^0mXrQMtT}QOc zewgxUA>i{0T(TeB%LWCxIrZ=`ze=Ae?D)H1Qw|u1o@n(^1aQ-+IL_2v0 zH6R-=l&s^hD6D@O6iRFdXDBIxI+OB0Sz-`w%x?iUEL)H~;DEfCExjXPO}iIO z!jUj9LVM;DYd0eC<*cKbAIYut6S#(^T^J%nbk!=)$_ATMe7W^78^E_UZQElWN-g&5n15b?iQ z!XGRcE=Ys%QZp>{L_ii4DkVt0pfk})AmY9Z@Z2hBTvQGqhl2Cg&z~1Z-B89)^EHBp z4jgDB|G!uUA1wOHl(=HWqu>H!K;G&UY16PvI^lk2X?QZ0I_G)`{23tE^>h&xua~YZ ziju&wzV2>rD3>+)A1w1#?+;e;E<}~DjBcu`Hz0@U%1Hq82DixBj-r1)DWN8sBy9nZ z!!bfuz8xme;-gRaX*Y+hP%PU9`X8)3AgT|RRzTZan9S)2H8ddCk1Ajq)CRl_A6;Td zy`A}l_^507x9a4@Ll_HhM)qOsIrdRXw7&0Jd;f#gh==#V@)2L;J>P3GlU#TT(v#3k%ZU;@1D5+PnLM~ zL-q&jVS@!2@kw^pI|q;}jFm0R>WW#L`Cz*0%wMXz=7|0Skd4T(zdyPU6!H+Y^cC@; zB5y#>ncz>>M~nIW-xkge>Hc6bTC0f;#q&PE!~AX~#w$(;UY#DUyQ*@o({PO`HQL3djpxj?T&U^s4qZB920f z>dqhb-*^DzHP{+rXU>#IMKu&Q+_TSYlayBp{K1m?W6gmA0~X74_y!CC_!t^QG+A^# zVbu_E03cVIq5eEREtzfPB`(3IBQ{Q74yG267o03r!q#^H59)4yGi3)$Nb$g={ek=F za)|%xauTdV$saJ7=U_hp3I-k2N<=_yT`Jt6pP+Y|kKuH6nlGTXYY!_k`L6mJp;wfT zPlIGP!xO2AM8X^vM?U*yY*6*i-mK8WKtz66@GW&H0Hg+GBN@w)Xm1yhsoF%)e!U~Kmz(kRS^h8oqscn z#PumEvi~4AkcxO7J66+*K)&?>=b7#X>wzB8puixg+3kK8R2kK4g!M8TzQUj zSBv@~JmeFhOQ(=&Oz{`O$PG`}D&zofQ^LWC_#6ssrqQ|wxQ<_>_i@l&ax!n&`WH^s?}`c2w-x9ROzx6 zm0@@M(_A3KRz_K-^M;reN^^JEE)}0`h7<*C?~6t7pmViHf=K8&m(B!#pk5R}msYpu zY0p&@OgDRG!F<;i3d3{XILa|1ZbO;Y*seQe-G3Ltmzd6Q4m(PD+(Ruw2O-bG^*O8o_Ijok z`*v~kd6pK~CCUY0&KSs^jR&IbSDsCW!-!N<^?X?qUba&(yp`a->MjeRmX-($Jw0p4@#p0hvvQ~N0x*) zSF4yPr*1v%F5ad3!<4JyLhTg5+bQGSUeJ71{v;iU|tNR7$Vw1 zQ!#U%%|n);pSe;CvhuD1^R8;)y^- zd>Cgk{LXk@{R>N8y&i*4$=2Y+QHVfz5s>#2%V4z#19YA3zF%coMj4w9qJ;vbAFeJd zsMMmNq2e+8rEN8S2G&VEQLVwWxjCmq8VOY%bm+PKZ6B!QK;MV1q*XxwnOsB^P;Q$4~ze`v=(X;S|+^N6$u9?2Oux^O~-vQR;dvd{~cJ){4qNu80{StkW{MI zvbm^$^n;*4x_mXoZj|&%OnkeNBq5_|f-R+4eSW2h(qv-XrXk8sL<|x!6MY9BdJhDG zUx!U5GWm$@9&_oM=hG;o=`Q0hcHb|kQU<8XIx?+2{5WNoFT}xm56KcdaZZad4!{g4 z*$fY1?=uEcDapcXg+;xdUMlJILm=-)-zr`(ehpTK>3d@`Za1c9Eqr!u7ANjDeEW>R zL}&19g64!nLqWUn}kX9I!Mon%#g`WfD;lXe$e>A@H$5jZ!a57!x)hwgf3 zkYjLzkhPn?HHvwdf;SQ2YOW^N>@U8@gTbMz~FiCo6MUP{1(&?h~dt8Q|$gd~*SFLDv zB5ON~#-28#4FAdc?Zp3ZH-9wg>C8C&jivC zfE(S5pgT-q+CXmu$4mUsP{ty^E290XdA-jtoVL0sdq1wR~$L z#iF&|rxt(U*8j3zBK9WuABCG;Q3i!N&R>{^0|zt?((7B7U^kS9QQC4raPP$n481#r z5*YWs*0GCYp?MgSMT)uV`YqW5yd8D5!K4k2AQK*lKp1)*`kK%J*4a8YdiQoGxsQ=A zT_$_&+gV`x$)E{O1p7Yk{^%${ld=C?8(#|e22(g?#6qzq7Rd>wG3(d00q+s&X`aoh zGLtpUFLC+E2x;n<%>un-@12?HqS!|4cJk@;fOQHi@W`~{Tv3seF*RogYPS+A2Ovkc zQG?sndNGF56mHmSZ~yQy!w8`NahIZdUmrfEXlYLDOxqt%h|Lc1Ch!S+QYnk2MD4Jv65CxX=-va#WID_Xwt#T?(`<^&OXx|1ec>$ zlTe*09($q&;zU*N^t&%FZAhKs>Sf6nW}X;KXR%J@<>=4MSq(gBF4aY~#TAAzJ19>Q z!3r=5v=1lm(qft0jg!1nijUT1uw=+F&&_02@J_fB;i(y|GvJoSZxyTM>b-Y_T&r(~ z1-93&W;r0>#b57Eyoi1!Oc_`=paol5j}7%!)3OdI^rm*N=JJ9TQ=ICF2paF6*d})z zQ2TaZlk+cupTAzYd=EY|B=>|&_euPP8jR>3ykr)3;kvOQm=XP;< z>^vma%A%jiO=q9HfEg(2^q-ZB{RqB$k^tB1td;y#BF2AZ z6w$qMqQ94D2?65W`te>NhI8GW2Uf8I-KB>MqFLW>KhK|OY8LusR!{$N*AQj8S-qt* zRz4Ye9(rKh!~O*1`O8&YPf6d&RCx9sLfo*cT=o`ER&$i_;_v`-?lB&GFFFVhIK1~E z--|azxzCrLZ|lsL<>dMZvs%vDF_CVPKNy%Y%6#-xKkw|Y{SaXY5H9SwSrNd{-MB2s zBqRu@abvbjY&|33JaQ2^J5X+@xn@371B>ok@us@#w1z+^n#YSUKcCiC0+Moapmg?x zYgYGRv!5ZQh)pF_jPN?^2SMvGf(WT#Z{dEi<6x>`#zo-!*&P>97Mf-wG4~vax1Y&4hqF8 z4s{QNE-EgQKGtDi$A&o%xf1T?uijvfadlpemPI+wQ|}<YToUD z%Nh6-Xo$x8`nF!C0EvQ%1nt{L}l8%Y+G3Od{$k$iM`C znR?Rnc|{xH5>!V=51a;%;2$OWkEEOPQKG++?q&(Xn}E%W$y_`o-?F+xX-DFaLzq(9 zwGG_H#5>QVoVU!tl*3z}mravwG=`n;fg%DdGj>ykfFIjeJ-lMxz?%zN7Z~tC)cuM+ zfqgHbm9uk)=8JF%UmK96&5kdusd|D7?6kF4U5ptp%1&D}oKNnMP5rKD87&jm>sKm%Mey$7!eKhw#gAW266W_e zbGOd4Cc6AIowo#Ub=H4*!#A7<38(_r{1yD89dfokrJFi3`?CXCEOOTu9^u-rYc`?Z z?X7i#U*YR0tpi)WI^HK=$dlsUg)uA5ZnVvcwu0@dRaF6{X#+xb!lH$iX#1bbpcOEz zdNhNlayAFdMR;a*Stv(E+`Ow$5Fkldj@4ybhNuA6x-$B~dD2WhEjg*MRL{WQzzabG zg-re2E&_IRXRPsK3wkD{Qw(QRJRVoDYjQKFosV!vfn~iGv=0JBJ#TM4Zq&pjqM2=! znt%y1pIT;9MJK?ouTWUaf+j0VgTX_hs1}u1$<-iZh}p*oY4HZMVKZWm17DlRcXRB^ zoyaIR@6be;TuL(Khhw$o01yTXJbc2#C08F3N&lU66{-TytTb8({3Kq;r0NRGy+`y zlfR@syz29>h}N%rBaZ-`jfI)fRC5SFnivjWzgw>*D(^egCnAvsueisNr}6_#bZ|}G zzE>dd=<}ypxU|BPE#@ylNFK5Ep=xDs11KXTzOK9CWeqQwT!!Gk?4X8h>I(3zjb*lh ziRR`je)`6!mL0WT-2{_1j<^k~VCC7 zEd#oEsmni!6_X^NzE8z#YYDB>PznGM@O+CRvyDo2+04B*srZ8Ot6VSmbAdK#WyOsL zr^MD=eHa+r7EQ~I`hi?!yv{N;l?Cz*4C+P6i_KD1VYG-v$p-G(Ni=xS59JUs5H#fC z9YzrNy2>eg(X%Kfiu~7z?`^o9+CSs1QiP3SN-Y`FjsQqN0H8+U|F1JDN@hkTW~%?? zs44=O^N(XBVldzjY5hC?fTKYILqWrUq635c?YxRd;jr>sJpr?xFCrj*-laOnU?Re) zPGO5UwMiV2IVDVVdMhO|y>Z7d#T-U;1c>$I&b^~oMOfFI+!A+u#fh{ZbTIWQO4v|y z)|2CoMoOX6aTY6|r=>tbO)zK5SqFA>iZ8?=Sy|7dA>+rd-~-czPwBjEjJ(};@jO;@ zYhDBAa#X@V(0V?X!a!N)b)%NQe?JsI|6LE8fe+-Gzi z+gy;*NesGpa{2ddJ;dqP)*152iXbt*+-7EZnWQ?;GMTIBw9E;w6(e~c*VvCjojx%= z@~Y5bBe)+0E#9arh!=ksLuSgelrF3wx2S&sn8$9UV;(X}X6o&!VlqH@7_?{}s9p8+ zha;4Pr#tY!AcVtdwdP6gBcNeOPvY6lsP}fpBgDeGBe{*{m$JqOQNhjsgg%y4b|`+K zFO-I!D{B?`RwCYk24}a8jYZ9Q435qw5q#{e1xs{sqBFQv9vb_&DvIE(;e^+Kh9VL9 zU8?3Rj?|asEw)+t*LM)hT_vUiG{S&Xoads z-H)!t#TK^W6RHT)^c~?{-_+D{laojkZ4LTIw0?wWMfFIx7)I`Z$uA8sbUARynkGis zgdu)`(6~nYm8IZVowp3LboQZ_^ow3`m=<`j|`h_ltp%E!LT&F})O-Pt)VIku=t8RcX5RJhjVRR@zfWwa}HmVLLM zx+`L8cgA0;AdclZfy?F!A#gOlb{BD{q{I*JxhN5262zu3A`)KaRC)G1hCTRvgO=on z)&sdR8BnEv^og*;NUyj=*MnQ?yWe}cHz~t@oS1<%DAtt>P@F>~`fL(;?RiTjg22li zgi)pn5^ldy%$i`dtC^OGW>}XbFGHUc+fO&}`C+aHoe5>6h0i{uDc%Aqsr*Y?2Sz7h;d|y@9<_yH@w@N8UXWf-)1dD2jTmmZ$A&UHV zT$Xfb{WN2N30YKWvrTib#anAfkNo)DJ1(XxNY6?k%ErVW9WRng$0SGhUB)7&`>G0X zgSTW+)mq-xNz%AHM>OtBlfSp+niYtdl4vJFGRGcO%#Ep$X%y4;K2IyMw8v%5>Z#Pv zZUi)XvHmK`?EZ(bQK*VA`n$0)w?YIIy(MkV;)Xkv3M961_mUBX7$INOB)y`;xuykX ziY)7?enY-@?()$e-afL3;_uELS|q+?$$F-?=8VlJq7UQ;uEbcF;95suiSeWvC8@4& zrzmR3p57ay_qTvux6P1Mq-Yq?fCfzlOLa#;LF^@PxcgQ838=JA898+HRldRbmqfNOMtZ}LZoGkPD{jIR3f#r(b zOi`r1;_LRJTVv4>z0~_Bp*}FUV)(Vd`=;QdZiswg50-VCsQ8nDavOU44ivqJd?gxZ zms@r=$4ov|a5k^D7MhFBTHK#Wr@8(h#Eku08JO=;Mn7AC6V8G<*m#l5VQuVZzUnOy zn9Y+&E9@{y#_ul1^>;*k59E65&RLtWFlzyCn{AlMNn_5?Aglc{C#u(ue7k!Eo?OC# zu*!CK6tZ$;P)wpJRpaP9iG7Awjv|N z_6tiVp8OSZLPomrG)ymf3WPe2zBi9#ki;tfi*s;uKZf_w*cK6ZQ0qc`shyOk$ywxd ze?BVTh~lEM@UO$qW>6q;q*Wx-sO!c=>kQm*7P;YHL9`U7QAMfO#LAWIY?lTQ#N7F? zQsAFi4bn&XEc=W1aoS*#mPFTj=Zx-S)j9uG+Z+4@e(Eip!tvbax=Pw6p>! zDw{Kbr*G_&ALvI4FVAdcloR5_7_^vrlO7 zpucKCissd|L?U_94$_ROXgf>P*4L$7z=}aTzgc)`OqO(}4R*ST<#9l^i{0p#U~l6~ z7*J`BwM#*kVXstjgX~{?TN*>LcmGm}9Og=&N1Xb(k!~$ zNsQ_5l6o(5G_1j@G8^AZ932VR2Omy&?5|twyH`My@bm>hN}H_`fXBwU50KR0LuHVj z3E8*=HCAP#=-uXK4}uS1-0ZkmGUr``Y3y?0&@PB9c2L<-7$LHLpZO7ao0R!T7`NXHnCis{ zm;xu3=F5vZlGA)2Cci`l4Qvsi1s4-RTn4SZ(8%Zhl1~8if<-tV>=l%iIa$+4K(nC7raSFWTE5ChbRTuw#v`WmQnV-Xt2l zq(z0aJ)L72mCTXLO8}V-KiB3c?GSwB#=zM*LTuY&mNO|Ucu5tr_n{wRGIx~9X*ybt z&4a)N;vA^5$b->c#O=?MTOAzp)4PrS9a$BaUdIXb#U9?oiev`9mT3EzFQ>KH((a^X z=}k5BE8@}$BsbM}%b~fqG(HcYQr8jaoThgqAc2gjaIC43nxM?%&P9Xdb8GPLT=#+n zb#9%^3u)SIvKwJT=+h<(<|T|h^q0%*ur-7mD*FhVhzDgSZP(zL-Oz6mF&X2$j?h5* z3ks-X%8Q1=3g<~K#&^oMWB?Aj*?e;l7@hlnd0(Obza9U-%2hz!TnUK>w zp_qp}Kk_A0g-s>&^(a|%Iex`DNR8$wMURB=IE1SQkas7VH`;S?3KTc8V!vFoYa!=% zl%tZnta)Umn(=Upv+<=dg*WFS6ge(mZab+WG=vi1$Kp^Sau(|Ge77994&ZmAmGlQ? zJZ-!Vtu}I5x6#hbrmm4%xY^EJ-tR{aEBxlWnpLpa8i=#5?v%a$@HzZ+7%br~u5?^a5PI_z&)Aq84-Dl)fe0EYi z91%r~{9Lr&1ga<}i(KEq<=I&qA zqp}vhDN9{~#WtcSh125E@Y$+Cfos#M!0CO)pAobX==78@il2y)unnO9;>y#b9t!G< zk*+aHWGyz6#>XWGbS=A>7uH*R$77qMM25R&-(klM*cih8!ss3V;PQ#ikJ&Xzo@MlH zP1d_B5?t3TQP*z&iZC(R&)$M(W7>u^T=?1iDesyRT%wvVBdPX2fDU-B%z`^Rx^6uj z)d<;YlMNwLa090Nwawq0VYRwF3r#Swi?^YEsb?*`5Ksad1@t|Lao_~vnLFa-M$Vzz ziT3yuBuZ%ux;bD$;C{{11!B;yA9C;Rq>hB|>4-AEmc(JDmWCQHeaHJ;R@(Ui%2%n& z_Js9zu#y3t7M`7m8$105hll@LqiJ0gwx=H0w<7aijxQ&~Him~|+*T@jL6F}=rnT^$ zpVdPd4S!+%DpeNclVbt64qC!mrof@r{9@UNiZ`^k^Tl09oJBsF|jzwJ;4FZr#20Y_mRcNigH)#ZzAK68EW`ZsOgtyC%K0L z6BX<=y;?}KntDS0fI;)?vMmHvHhCCSbjMV-4lw^bR0k&AT+lQ28R5 zIaUG_iV8Ua+1=Gz!95jAyE2~onxORYLQ&MF*4^ecO85st`p1LoyT_AWZ)N&=>A^md zX7(GsIKv^k#$^J6iJ~I~qJ^a#0SE*+vZh^mCbROb`d;f0ga)B}$6)9ljaH~trm6`E z7qc|GQ>%LlTj@BD+CFLjL^+gWN+!5!^~M9`eaDm&bK3s0FuT{nZ_>2~oib>-L9mg&GZSR2?04DB-RJ&-x7iT zBR^MTbA3oeL+e%%s9f6QCJf=-ORKaY!GI10<3M!@Al99f@p%qmI#&l)%n{$|ORUhH zIB})=&aU204%D{l*-=Jslv{q`E)9qSeR4@``Ci#@cJn=-F~4~&^O=r={)%pkXj~Lz z;Qp(y9-8byF6af`>W^-AeBTtKI$2tNC5XoFfCj5gtzIEoX6ae!%K$=92a(H$?OK2t zmfo!Eh4chlY0Y(vBU{>(+d(*w;ZpBnS6>K%eNps#LPO$E?9GNeKb7OG|9sh zA4hy?aW6CSg{*;#Z@r&=RbkTXKgR-2We)|tIqE7?cHZ1H@Gab~B`C=S*MyP%>0XoR zf9N|(_hFTQ+eMpMw!dg6&pS!nEJ6a~SHQniX*dlOdC%=TVZw0^NXJjw@u)k<099QW zaaKmQv}<7VQZG*G#ab8Mv)wd8KSI17DqY@6xG<)0BbUw#`Q>;Ub6^+*>^-JzOV3S= zw^Sw2qZ%vVTY%moTVw&w!Ust0$<9W+&@o1MqM} UnOq+SNSh5L9s@*gi4TeVAAw^TU;qFB literal 0 HcmV?d00001 diff --git a/scripts_qubuntu/keys/utopic-qubuntu-archive-keyring.gpg b/scripts_qubuntu/keys/utopic-qubuntu-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..b18548d05852ea37cd60e1d6a015c36eafc9a271 GIT binary patch literal 12335 zcma)?V|b;@+O217+qP}ncG9uUj_q`8JL%X~$7aWNI(E_>p3d59eS7V-&v&l#d(L^k zRnI$SJ!4c=I#2Z4)br)O%B zY3{Bm!~Fn)=O4;r8SQ=guxp9zG*f;M_;434$*opL#zC<`Om}JgJNZZVzvAN}I2Y+6 zHqng;jlV&~4%SgARVWgH`qY}(nu^4zzvVmwZ6k^O(4Q|+d4pTboOUuq>|r-*wfxbA8D>3EyJ zef3jLnu!yqMJ%0D`eq~uaHM`HMksmg>ARO%QjevSjov0!JZQT`Y|WRV>ZzEbYt*WlTK? zdCgoLYz>`VOq~Q>|M)(=vAr#S_$N>lBwzqO81Tn?2F3vahk=5G009O;0|o&>2L=Mh z2Li_M2S7t13Z~lCi1>gtkxl|~ReBL6A0IXFE0~89_O%F;uy8S0FVe^Tu>AsU;y~S)sXPx#XyhNNdFUvR%{xh~@^1xD5klX=- zg!$0g;Z@E4b#2XT@y1B{Gxs*4ueR;#%CKgdDWg_OcHyFU1!_W zh|1T6t53EgZLHmfLLA|DP|aOfaLfni2Ry0@{${crQy&HRrp1{%lIifc$&!s^gl(ya z#%-Jv>(bfabL(h;YS?ZSbnX)6+$wdiNia>9CUvOqQEqH2bp8th_do;VO`w)`t0kZG zhrCy3xJy*SUQXj8=y{LZr&|hgt-=ncowqIsT~(8rVz9)efRK`~8kPe}W}g^8j;j)1 zFNl*1dpuIhOu1L~Zb;O5(fG2WPkNz{58tZAB@;@;-J0%^?rUG4DO^0mXrQMtT}QOc zewgxUA>i{0T(TeB%LWCxIrZ=`ze=Ae?D)H1Qw|u1o@n(^1aQ-+IL_2v0 zH6R-=l&s^hD6D@O6iRFdXDBIxI+OB0Sz-`w%x?iUEL)H~;DEfCExjXPO}iIO z!jUj9LVM;DYd0eC<*cKbAIYut6S#(^T^J%nbk!=)$_ATMe7W^78^E_UZQElWN-g&5n15b?iQ z!XGRcE=Ys%QZp>{L_ii4DkVt0pfk})AmY9Z@Z2hBTvQGqhl2Cg&z~1Z-B89)^EHBp z4jgDB|G!uUA1wOHl(=HWqu>H!K;G&UY16PvI^lk2X?QZ0I_G)`{23tE^>h&xua~YZ ziju&wzV2>rD3>+)A1w1#?+;e;E<}~DjBcu`Hz0@U%1Hq82DixBj-r1)DWN8sBy9nZ z!!bfuz8xme;-gRaX*Y+hP%PU9`X8)3AgT|RRzTZan9S)2H8ddCk1Ajq)CRl_A6;Td zy`A}l_^507x9a4@Ll_HhM)qOsIrdRXw7&0Jd;f#gh==#V@)2L;J>P3GlU#TT(v#3k%ZU;@1D5+PnLM~ zL-q&jVS@!2@kw^pI|q;}jFm0R>WW#L`Cz*0%wMXz=7|0Skd4T(zdyPU6!H+Y^cC@; zB5y#>ncz>>M~nIW-xkge>Hc6bTC0f;#q&PE!~AX~#w$(;UY#DUyQ*@o({PO`HQL3djpxj?T&U^s4qZB920f z>dqhb-*^DzHP{+rXU>#IMKu&Q+_TSYlayBp{K1m?W6gmA0~X74_y!CC_!t^QG+A^# zVbu_E03cVIq5eEREtzfPB`(3IBQ{Q74yG267o03r!q#^H59)4yGi3)$Nb$g={ek=F za)|%xauTdV$saJ7=U_hp3I-k2N<=_yT`Jt6pP+Y|kKuH6nlGTXYY!_k`L6mJp;wfT zPlIGP!xO2AM8X^vM?U*yY*6*i-mK8WKtz66@GW&H0Hg+GBN@w)Xm1yhsoF%)e!U~Kmz(kRS^h8oqscn z#PumEvi~4AkcxO7J66+*K)&?>=b7#X>wzB8puixg+3kK8R2kK4g!M8TzQUj zSBv@~JmeFhOQ(=&Oz{`O$PG`}D&zofQ^LWC_#6ssrqQ|wxQ<_>_i@l&ax!n&`WH^s?}`c2w-x9ROzx6 zm0@@M(_A3KRz_K-^M;reN^^JEE)}0`h7<*C?~6t7pmViHf=K8&m(B!#pk5R}msYpu zY0p&@OgDRG!F<;i3d3{XILa|1ZbO;Y*seQe-G3Ltmzd6Q4m(PD+(Ruw2O-bG^*O8o_Ijok z`*v~kd6pK~CCUY0&KSs^jR&IbSDsCW!-!N<^?X?qUba&(yp`a->MjeRmX-($Jw0p4@#p0hvvQ~N0x*) zSF4yPr*1v%F5ad3!<4JyLhTg5+bQGSUeJ71{v;iU|tNR7$Vw1 zQ!#U%%|n);pSe;CvhuD1^R8;)y^- zd>Cgk{LXk@{R>N8y&i*4$=2Y+QHVfz5s>#2%V4z#19YA3zF%coMj4w9qJ;vbAFeJd zsMMmNq2e+8rEN8S2G&VEQLVwWxjCmq8VOY%bm+PKZ6B!QK;MV1q*XxwnOsB^P;Q$4~ze`v=(X;S|+^N6$u9?2Oux^O~-vQR;dvd{~cJ){4qNu80{StkW{MI zvbm^$^n;*4x_mXoZj|&%OnkeNBq5_|f-R+4eSW2h(qv-XrXk8sL<|x!6MY9BdJhDG zUx!U5GWm$@9&_oM=hG;o=`Q0hcHb|kQU<8XIx?+2{5WNoFT}xm56KcdaZZad4!{g4 z*$fY1?=uEcDapcXg+;xdUMlJILm=-)-zr`(ehpTK>3d@`Za1c9Eqr!u7ANjDeEW>R zL}&19g64!nLqWUn}kX9I!Mon%#g`WfD;lXe$e>A@H$5jZ!a57!x)hwgf3 zkYjLzkhPn?HHvwdf;SQ2YOW^N>@U8@gTbMz~FiCo6MUP{1(&?h~dt8Q|$gd~*SFLDv zB5ON~#-28#4FAdc?Zp3ZH-9wg>C8C&jivC zfE(S5pgT-q+CXmu$4mUsP{ty^E290XdA-jtoVL0sdq1wR~$L z#iF&|rxt(U*8j3zBK9WuABCG;Q3i!N&R>{^0|zt?((7B7U^kS9QQC4raPP$n481#r z5*YWs*0GCYp?MgSMT)uV`YqW5yd8D5!K4k2AQK*lKp1)*`kK%J*4a8YdiQoGxsQ=A zT_$_&+gV`x$)E{O1p7Yk{^%${ld=C?8(#|e22(g?#6qzq7Rd>wG3(d00q+s&X`aoh zGLtpUFLC+E2x;n<%>un-@12?HqS!|4cJk@;fOQHi@W`~{Tv3seF*RogYPS+A2Ovkc zQG?sndNGF56mHmSZ~yQy!w8`NahIZdUmrfEXlYLDOxqt%h|Lc1Ch!S+QYnk2MD4Jv65CxX=-va#WID_Xwt#T?(`<^&OXx|1ec>$ zlTe*09($q&;zU*N^t&%FZAhKs>Sf6nW}X;KXR%J@<>=4MSq(gBF4aY~#TAAzJ19>Q z!3r=5v=1lm(qft0jg!1nijUT1uw=+F&&_02@J_fB;i(y|GvJoSZxyTM>b-Y_T&r(~ z1-93&W;r0>#b57Eyoi1!Oc_`=paol5j}7%!)3OdI^rm*N=JJ9TQ=ICF2paF6*d})z zQ2TaZlk+cupTAzYd=EY|B=>|&_euPP8jR>3ykr)3;kvOQm=XP;< z>^vma%A%jiO=q9HfEg(2^q-ZB{RqB$k^tB1td;y#BF2AZ z6w$qMqQ94D2?65W`te>NhI8GW2Uf8I-KB>MqFLW>KhK|OY8LusR!{$N*AQj8S-qt* zRz4Ye9(rKh!~O*1`O8&YPf6d&RCx9sLfo*cT=o`ER&$i_;_v`-?lB&GFFFVhIK1~E z--|azxzCrLZ|lsL<>dMZvs%vDF_CVPKNy%Y%6#-xKkw|Y{SaXY5H9SwSrNd{-MB2s zBqRu@abvbjY&|33JaQ2^J5X+@xn@371B>ok@us@#w1z+^n#YSUKcCiC0+Moapmg?x zYgYGRv!5ZQh)pF_jPN?^2SMvGf(WT#Z{dEi<6x>`#zo-!*&P>97Mf-wG4~vax1Y&4hqF8 z4s{QNE-EgQKGtDi$A&o%xf1T?uijvfadlpemPI+wQ|}<YToUD z%Nh6-Xo$x8`nF!C0EvQ%1nt{L}l8%Y+G3Od{$k$iM`C znR?Rnc|{xH5>!V=51a;%;2$OWkEEOPQKG++?q&(Xn}E%W$y_`o-?F+xX-DFaLzq(9 zwGG_H#5>QVoVU!tl*3z}mravwG=`n;fg%DdGj>ykfFIjeJ-lMxz?%zN7Z~tC)cuM+ zfqgHbm9uk)=8JF%UmK96&5kdusd|D7?6kF4U5ptp%1&D}oKNnMP5rKD87&jm>sKm%Mey$7!eKhw#gAW266W_e zbGOd4Cc6AIowo#Ub=H4*!#A7<38(_r{1yD89dfokrJFi3`?CXCEOOTu9^u-rYc`?Z z?X7i#U*YR0tpi)WI^HK=$dlsUg)uA5ZnVvcwu0@dRaF6{X#+xb!lH$iX#1bbpcOEz zdNhNlayAFdMR;a*Stv(E+`Ow$5Fkldj@4ybhNuA6x-$B~dD2WhEjg*MRL{WQzzabG zg-re2E&_IRXRPsK3wkD{Qw(QRJRVoDYjQKFosV!vfn~iGv=0JBJ#TM4Zq&pjqM2=! znt%y1pIT;9MJK?ouTWUaf+j0VgTX_hs1}u1$<-iZh}p*oY4HZMVKZWm17DlRcXRB^ zoyaIR@6be;TuL(Khhw$o01yTXJbc2#C08F3N&lU66{-TytTb8({3Kq;r0NRGy+`y zlfR@syz29>h}N%rBaZ-`jfI)fRC5SFnivjWzgw>*D(^egCnAvsueisNr}6_#bZ|}G zzE>dd=<}ypxU|BPE#@ylNFK5Ep=xDs11KXTzOK9CWeqQwT!!Gk?4X8h>I(3zjb*lh ziRR`je)`6!mL0WT-2{_1j<^k~VCC7 zEd#oEsmni!6_X^NzE8z#YYDB>PznGM@O+CRvyDo2+04B*srZ8Ot6VSmbAdK#WyOsL zr^MD=eHa+r7EQ~I`hi?!yv{N;l?Cz*4C+P6i_KD1VYG-v$p-G(Ni=xS59JUs5H#fC z9YzrNy2>eg(X%Kfiu~7z?`^o9+CSs1QiP3SN-Y`FjsQqN0H8+U|F1JDN@hkTW~%?? zs44=O^N(XBVldzjY5hC?fTKYILqWrUq635c?YxRd;jr>sJpr?xFCrj*-laOnU?Re) zPGO5UwMiV2IVDVVdMhO|y>Z7d#T-U;1c>$I&b^~oMOfFI+!A+u#fh{ZbTIWQO4v|y z)|2CoMoOX6aTY6|r=>tbO)zK5SqFA>iZ8?=Sy|7dA>+rd-~-czPwBjEjJ(};@jO;@ zYhDBAa#X@V(0V?X!a!N)b)%NQe?JsI|6LE8fe+-Gzi z+gy;*NesGpa{2ddJ;dqP)*152iXbt*+-7EZnWQ?;GMTIBw9E;w6(e~c*VvCjojx%= z@~Y5bBe)+0E#9arh!=ksLuSgelrF3wx2S&sn8$9UV;(X}X6o&!VlqH@7_?{}s9p8+ zha;4Pr#tY!AcVtdwdP6gBcNeOPvY6lsP}fpBgDeGBe{*{m$JqOQNhjsgg%y4b|`+K zFO-I!D{B?`RwCYk24}a8jYZ9Q435qw5q#{e1xs{sqBFQv9vb_&DvIE(;e^+Kh9VL9 zU8?3Rj?|asEw)+t*LM)hT_vUiG{S&Xoads z-H)!t#TK^W6RHT)^c~?{-_+D{laojkZ4LTIw0?wWMfFIx7)I`Z$uA8sbUARynkGis zgdu)`(6~nYm8IZVowp3LboQZ_^ow3`m=<`j|`h_ltp%E!LT&F})O-Pt)VIku=t8RcX5RJhjVRR@zfWwa}HmVLLM zx+`L8cgA0;AdclZfy?F!A#gOlb{BD{q{I*JxhN5262zu3A`)KaRC)G1hCTRvgO=on z)&sdR8BnEv^og*;NUyj=*MnQ?yWe}cHz~t@oS1<%DAtt>P@F>~`fL(;?RiTjg22li zgi)pn5^ldy%$i`dtC^OGW>}XbFGHUc+fO&}`C+aHoe5>6h0i{uDc%Aqsr*Y?2Sz7h;d|y@9<_yH@w@N8UXWf-)1dD2jTmmZ$A&UHV zT$Xfb{WN2N30YKWvrTib#anAfkNo)DJ1(XxNY6?k%ErVW9WRng$0SGhUB)7&`>G0X zgSTW+)mq-xNz%AHM>OtBlfSp+niYtdl4vJFGRGcO%#Ep$X%y4;K2IyMw8v%5>Z#Pv zZUi)XvHmK`?EZ(bQK*VA`n$0)w?YIIy(MkV;)Xkv3M961_mUBX7$INOB)y`;xuykX ziY)7?enY-@?()$e-afL3;_uELS|q+?$$F-?=8VlJq7UQ;uEbcF;95suiSeWvC8@4& zrzmR3p57ay_qTvux6P1Mq-Yq?fCfzlOLa#;LF^@PxcgQ838=JA898+HRldRbmqfNOMtZ}LZoGkPD{jIR3f#r(b zOi`r1;_LRJTVv4>z0~_Bp*}FUV)(Vd`=;QdZiswg50-VCsQ8nDavOU44ivqJd?gxZ zms@r=$4ov|a5k^D7MhFBTHK#Wr@8(h#Eku08JO=;Mn7AC6V8G<*m#l5VQuVZzUnOy zn9Y+&E9@{y#_ul1^>;*k59E65&RLtWFlzyCn{AlMNn_5?Aglc{C#u(ue7k!Eo?OC# zu*!CK6tZ$;P)wpJRpaP9iG7Awjv|N z_6tiVp8OSZLPomrG)ymf3WPe2zBi9#ki;tfi*s;uKZf_w*cK6ZQ0qc`shyOk$ywxd ze?BVTh~lEM@UO$qW>6q;q*Wx-sO!c=>kQm*7P;YHL9`U7QAMfO#LAWIY?lTQ#N7F? zQsAFi4bn&XEc=W1aoS*#mPFTj=Zx-S)j9uG+Z+4@e(Eip!tvbax=Pw6p>! zDw{Kbr*G_&ALvI4FVAdcloR5_7_^vrlO7 zpucKCissd|L?U_94$_ROXgf>P*4L$7z=}aTzgc)`OqO(}4R*ST<#9l^i{0p#U~l6~ z7*J`BwM#*kVXstjgX~{?TN*>LcmGm}9Og=&N1Xb(k!~$ zNsQ_5l6o(5G_1j@G8^AZ932VR2Omy&?5|twyH`My@bm>hN}H_`fXBwU50KR0LuHVj z3E8*=HCAP#=-uXK4}uS1-0ZkmGUr``Y3y?0&@PB9c2L<-7$LHLpZO7ao0R!T7`NXHnCis{ zm;xu3=F5vZlGA)2Cci`l4Qvsi1s4-RTn4SZ(8%Zhl1~8if<-tV>=l%iIa$+4K(nC7raSFWTE5ChbRTuw#v`WmQnV-Xt2l zq(z0aJ)L72mCTXLO8}V-KiB3c?GSwB#=zM*LTuY&mNO|Ucu5tr_n{wRGIx~9X*ybt z&4a)N;vA^5$b->c#O=?MTOAzp)4PrS9a$BaUdIXb#U9?oiev`9mT3EzFQ>KH((a^X z=}k5BE8@}$BsbM}%b~fqG(HcYQr8jaoThgqAc2gjaIC43nxM?%&P9Xdb8GPLT=#+n zb#9%^3u)SIvKwJT=+h<(<|T|h^q0%*ur-7mD*FhVhzDgSZP(zL-Oz6mF&X2$j?h5* z3ks-X%8Q1=3g<~K#&^oMWB?Aj*?e;l7@hlnd0(Obza9U-%2hz!TnUK>w zp_qp}Kk_A0g-s>&^(a|%Iex`DNR8$wMURB=IE1SQkas7VH`;S?3KTc8V!vFoYa!=% zl%tZnta)Umn(=Upv+<=dg*WFS6ge(mZab+WG=vi1$Kp^Sau(|Ge77994&ZmAmGlQ? zJZ-!Vtu}I5x6#hbrmm4%xY^EJ-tR{aEBxlWnpLpa8i=#5?v%a$@HzZ+7%br~u5?^a5PI_z&)Aq84-Dl)fe0EYi z91%r~{9Lr&1ga<}i(KEq<=I&qA zqp}vhDN9{~#WtcSh125E@Y$+Cfos#M!0CO)pAobX==78@il2y)unnO9;>y#b9t!G< zk*+aHWGyz6#>XWGbS=A>7uH*R$77qMM25R&-(klM*cih8!ss3V;PQ#ikJ&Xzo@MlH zP1d_B5?t3TQP*z&iZC(R&)$M(W7>u^T=?1iDesyRT%wvVBdPX2fDU-B%z`^Rx^6uj z)d<;YlMNwLa090Nwawq0VYRwF3r#Swi?^YEsb?*`5Ksad1@t|Lao_~vnLFa-M$Vzz ziT3yuBuZ%ux;bD$;C{{11!B;yA9C;Rq>hB|>4-AEmc(JDmWCQHeaHJ;R@(Ui%2%n& z_Js9zu#y3t7M`7m8$105hll@LqiJ0gwx=H0w<7aijxQ&~Him~|+*T@jL6F}=rnT^$ zpVdPd4S!+%DpeNclVbt64qC!mrof@r{9@UNiZ`^k^Tl09oJBsF|jzwJ;4FZr#20Y_mRcNigH)#ZzAK68EW`ZsOgtyC%K0L z6BX<=y;?}KntDS0fI;)?vMmHvHhCCSbjMV-4lw^bR0k&AT+lQ28R5 zIaUG_iV8Ua+1=Gz!95jAyE2~onxORYLQ&MF*4^ecO85st`p1LoyT_AWZ)N&=>A^md zX7(GsIKv^k#$^J6iJ~I~qJ^a#0SE*+vZh^mCbROb`d;f0ga)B}$6)9ljaH~trm6`E z7qc|GQ>%LlTj@BD+CFLjL^+gWN+!5!^~M9`eaDm&bK3s0FuT{nZ_>2~oib>-L9mg&GZSR2?04DB-RJ&-x7iT zBR^MTbA3oeL+e%%s9f6QCJf=-ORKaY!GI10<3M!@Al99f@p%qmI#&l)%n{$|ORUhH zIB})=&aU204%D{l*-=Jslv{q`E)9qSeR4@``Ci#@cJn=-F~4~&^O=r={)%pkXj~Lz z;Qp(y9-8byF6af`>W^-AeBTtKI$2tNC5XoFfCj5gtzIEoX6ae!%K$=92a(H$?OK2t zmfo!Eh4chlY0Y(vBU{>(+d(*w;ZpBnS6>K%eNps#LPO$E?9GNeKb7OG|9sh zA4hy?aW6CSg{*;#Z@r&=RbkTXKgR-2We)|tIqE7?cHZ1H@Gab~B`C=S*MyP%>0XoR zf9N|(_hFTQ+eMpMw!dg6&pS!nEJ6a~SHQniX*dlOdC%=TVZw0^NXJjw@u)k<099QW zaaKmQv}<7VQZG*G#ab8Mv)wd8KSI17DqY@6xG<)0BbUw#`Q>;Ub6^+*>^-JzOV3S= zw^Sw2qZ%vVTY%moTVw&w!Ust0$<9W+&@o1MqM} UnOq+SNSh5L9s@*gi4TeVAAw^TU;qFB literal 0 HcmV?d00001 diff --git a/scripts_qubuntu/keys/vivid-qubuntu-archive-keyring.gpg b/scripts_qubuntu/keys/vivid-qubuntu-archive-keyring.gpg new file mode 100644 index 0000000000000000000000000000000000000000..b18548d05852ea37cd60e1d6a015c36eafc9a271 GIT binary patch literal 12335 zcma)?V|b;@+O217+qP}ncG9uUj_q`8JL%X~$7aWNI(E_>p3d59eS7V-&v&l#d(L^k zRnI$SJ!4c=I#2Z4)br)O%B zY3{Bm!~Fn)=O4;r8SQ=guxp9zG*f;M_;434$*opL#zC<`Om}JgJNZZVzvAN}I2Y+6 zHqng;jlV&~4%SgARVWgH`qY}(nu^4zzvVmwZ6k^O(4Q|+d4pTboOUuq>|r-*wfxbA8D>3EyJ zef3jLnu!yqMJ%0D`eq~uaHM`HMksmg>ARO%QjevSjov0!JZQT`Y|WRV>ZzEbYt*WlTK? zdCgoLYz>`VOq~Q>|M)(=vAr#S_$N>lBwzqO81Tn?2F3vahk=5G009O;0|o&>2L=Mh z2Li_M2S7t13Z~lCi1>gtkxl|~ReBL6A0IXFE0~89_O%F;uy8S0FVe^Tu>AsU;y~S)sXPx#XyhNNdFUvR%{xh~@^1xD5klX=- zg!$0g;Z@E4b#2XT@y1B{Gxs*4ueR;#%CKgdDWg_OcHyFU1!_W zh|1T6t53EgZLHmfLLA|DP|aOfaLfni2Ry0@{${crQy&HRrp1{%lIifc$&!s^gl(ya z#%-Jv>(bfabL(h;YS?ZSbnX)6+$wdiNia>9CUvOqQEqH2bp8th_do;VO`w)`t0kZG zhrCy3xJy*SUQXj8=y{LZr&|hgt-=ncowqIsT~(8rVz9)efRK`~8kPe}W}g^8j;j)1 zFNl*1dpuIhOu1L~Zb;O5(fG2WPkNz{58tZAB@;@;-J0%^?rUG4DO^0mXrQMtT}QOc zewgxUA>i{0T(TeB%LWCxIrZ=`ze=Ae?D)H1Qw|u1o@n(^1aQ-+IL_2v0 zH6R-=l&s^hD6D@O6iRFdXDBIxI+OB0Sz-`w%x?iUEL)H~;DEfCExjXPO}iIO z!jUj9LVM;DYd0eC<*cKbAIYut6S#(^T^J%nbk!=)$_ATMe7W^78^E_UZQElWN-g&5n15b?iQ z!XGRcE=Ys%QZp>{L_ii4DkVt0pfk})AmY9Z@Z2hBTvQGqhl2Cg&z~1Z-B89)^EHBp z4jgDB|G!uUA1wOHl(=HWqu>H!K;G&UY16PvI^lk2X?QZ0I_G)`{23tE^>h&xua~YZ ziju&wzV2>rD3>+)A1w1#?+;e;E<}~DjBcu`Hz0@U%1Hq82DixBj-r1)DWN8sBy9nZ z!!bfuz8xme;-gRaX*Y+hP%PU9`X8)3AgT|RRzTZan9S)2H8ddCk1Ajq)CRl_A6;Td zy`A}l_^507x9a4@Ll_HhM)qOsIrdRXw7&0Jd;f#gh==#V@)2L;J>P3GlU#TT(v#3k%ZU;@1D5+PnLM~ zL-q&jVS@!2@kw^pI|q;}jFm0R>WW#L`Cz*0%wMXz=7|0Skd4T(zdyPU6!H+Y^cC@; zB5y#>ncz>>M~nIW-xkge>Hc6bTC0f;#q&PE!~AX~#w$(;UY#DUyQ*@o({PO`HQL3djpxj?T&U^s4qZB920f z>dqhb-*^DzHP{+rXU>#IMKu&Q+_TSYlayBp{K1m?W6gmA0~X74_y!CC_!t^QG+A^# zVbu_E03cVIq5eEREtzfPB`(3IBQ{Q74yG267o03r!q#^H59)4yGi3)$Nb$g={ek=F za)|%xauTdV$saJ7=U_hp3I-k2N<=_yT`Jt6pP+Y|kKuH6nlGTXYY!_k`L6mJp;wfT zPlIGP!xO2AM8X^vM?U*yY*6*i-mK8WKtz66@GW&H0Hg+GBN@w)Xm1yhsoF%)e!U~Kmz(kRS^h8oqscn z#PumEvi~4AkcxO7J66+*K)&?>=b7#X>wzB8puixg+3kK8R2kK4g!M8TzQUj zSBv@~JmeFhOQ(=&Oz{`O$PG`}D&zofQ^LWC_#6ssrqQ|wxQ<_>_i@l&ax!n&`WH^s?}`c2w-x9ROzx6 zm0@@M(_A3KRz_K-^M;reN^^JEE)}0`h7<*C?~6t7pmViHf=K8&m(B!#pk5R}msYpu zY0p&@OgDRG!F<;i3d3{XILa|1ZbO;Y*seQe-G3Ltmzd6Q4m(PD+(Ruw2O-bG^*O8o_Ijok z`*v~kd6pK~CCUY0&KSs^jR&IbSDsCW!-!N<^?X?qUba&(yp`a->MjeRmX-($Jw0p4@#p0hvvQ~N0x*) zSF4yPr*1v%F5ad3!<4JyLhTg5+bQGSUeJ71{v;iU|tNR7$Vw1 zQ!#U%%|n);pSe;CvhuD1^R8;)y^- zd>Cgk{LXk@{R>N8y&i*4$=2Y+QHVfz5s>#2%V4z#19YA3zF%coMj4w9qJ;vbAFeJd zsMMmNq2e+8rEN8S2G&VEQLVwWxjCmq8VOY%bm+PKZ6B!QK;MV1q*XxwnOsB^P;Q$4~ze`v=(X;S|+^N6$u9?2Oux^O~-vQR;dvd{~cJ){4qNu80{StkW{MI zvbm^$^n;*4x_mXoZj|&%OnkeNBq5_|f-R+4eSW2h(qv-XrXk8sL<|x!6MY9BdJhDG zUx!U5GWm$@9&_oM=hG;o=`Q0hcHb|kQU<8XIx?+2{5WNoFT}xm56KcdaZZad4!{g4 z*$fY1?=uEcDapcXg+;xdUMlJILm=-)-zr`(ehpTK>3d@`Za1c9Eqr!u7ANjDeEW>R zL}&19g64!nLqWUn}kX9I!Mon%#g`WfD;lXe$e>A@H$5jZ!a57!x)hwgf3 zkYjLzkhPn?HHvwdf;SQ2YOW^N>@U8@gTbMz~FiCo6MUP{1(&?h~dt8Q|$gd~*SFLDv zB5ON~#-28#4FAdc?Zp3ZH-9wg>C8C&jivC zfE(S5pgT-q+CXmu$4mUsP{ty^E290XdA-jtoVL0sdq1wR~$L z#iF&|rxt(U*8j3zBK9WuABCG;Q3i!N&R>{^0|zt?((7B7U^kS9QQC4raPP$n481#r z5*YWs*0GCYp?MgSMT)uV`YqW5yd8D5!K4k2AQK*lKp1)*`kK%J*4a8YdiQoGxsQ=A zT_$_&+gV`x$)E{O1p7Yk{^%${ld=C?8(#|e22(g?#6qzq7Rd>wG3(d00q+s&X`aoh zGLtpUFLC+E2x;n<%>un-@12?HqS!|4cJk@;fOQHi@W`~{Tv3seF*RogYPS+A2Ovkc zQG?sndNGF56mHmSZ~yQy!w8`NahIZdUmrfEXlYLDOxqt%h|Lc1Ch!S+QYnk2MD4Jv65CxX=-va#WID_Xwt#T?(`<^&OXx|1ec>$ zlTe*09($q&;zU*N^t&%FZAhKs>Sf6nW}X;KXR%J@<>=4MSq(gBF4aY~#TAAzJ19>Q z!3r=5v=1lm(qft0jg!1nijUT1uw=+F&&_02@J_fB;i(y|GvJoSZxyTM>b-Y_T&r(~ z1-93&W;r0>#b57Eyoi1!Oc_`=paol5j}7%!)3OdI^rm*N=JJ9TQ=ICF2paF6*d})z zQ2TaZlk+cupTAzYd=EY|B=>|&_euPP8jR>3ykr)3;kvOQm=XP;< z>^vma%A%jiO=q9HfEg(2^q-ZB{RqB$k^tB1td;y#BF2AZ z6w$qMqQ94D2?65W`te>NhI8GW2Uf8I-KB>MqFLW>KhK|OY8LusR!{$N*AQj8S-qt* zRz4Ye9(rKh!~O*1`O8&YPf6d&RCx9sLfo*cT=o`ER&$i_;_v`-?lB&GFFFVhIK1~E z--|azxzCrLZ|lsL<>dMZvs%vDF_CVPKNy%Y%6#-xKkw|Y{SaXY5H9SwSrNd{-MB2s zBqRu@abvbjY&|33JaQ2^J5X+@xn@371B>ok@us@#w1z+^n#YSUKcCiC0+Moapmg?x zYgYGRv!5ZQh)pF_jPN?^2SMvGf(WT#Z{dEi<6x>`#zo-!*&P>97Mf-wG4~vax1Y&4hqF8 z4s{QNE-EgQKGtDi$A&o%xf1T?uijvfadlpemPI+wQ|}<YToUD z%Nh6-Xo$x8`nF!C0EvQ%1nt{L}l8%Y+G3Od{$k$iM`C znR?Rnc|{xH5>!V=51a;%;2$OWkEEOPQKG++?q&(Xn}E%W$y_`o-?F+xX-DFaLzq(9 zwGG_H#5>QVoVU!tl*3z}mravwG=`n;fg%DdGj>ykfFIjeJ-lMxz?%zN7Z~tC)cuM+ zfqgHbm9uk)=8JF%UmK96&5kdusd|D7?6kF4U5ptp%1&D}oKNnMP5rKD87&jm>sKm%Mey$7!eKhw#gAW266W_e zbGOd4Cc6AIowo#Ub=H4*!#A7<38(_r{1yD89dfokrJFi3`?CXCEOOTu9^u-rYc`?Z z?X7i#U*YR0tpi)WI^HK=$dlsUg)uA5ZnVvcwu0@dRaF6{X#+xb!lH$iX#1bbpcOEz zdNhNlayAFdMR;a*Stv(E+`Ow$5Fkldj@4ybhNuA6x-$B~dD2WhEjg*MRL{WQzzabG zg-re2E&_IRXRPsK3wkD{Qw(QRJRVoDYjQKFosV!vfn~iGv=0JBJ#TM4Zq&pjqM2=! znt%y1pIT;9MJK?ouTWUaf+j0VgTX_hs1}u1$<-iZh}p*oY4HZMVKZWm17DlRcXRB^ zoyaIR@6be;TuL(Khhw$o01yTXJbc2#C08F3N&lU66{-TytTb8({3Kq;r0NRGy+`y zlfR@syz29>h}N%rBaZ-`jfI)fRC5SFnivjWzgw>*D(^egCnAvsueisNr}6_#bZ|}G zzE>dd=<}ypxU|BPE#@ylNFK5Ep=xDs11KXTzOK9CWeqQwT!!Gk?4X8h>I(3zjb*lh ziRR`je)`6!mL0WT-2{_1j<^k~VCC7 zEd#oEsmni!6_X^NzE8z#YYDB>PznGM@O+CRvyDo2+04B*srZ8Ot6VSmbAdK#WyOsL zr^MD=eHa+r7EQ~I`hi?!yv{N;l?Cz*4C+P6i_KD1VYG-v$p-G(Ni=xS59JUs5H#fC z9YzrNy2>eg(X%Kfiu~7z?`^o9+CSs1QiP3SN-Y`FjsQqN0H8+U|F1JDN@hkTW~%?? zs44=O^N(XBVldzjY5hC?fTKYILqWrUq635c?YxRd;jr>sJpr?xFCrj*-laOnU?Re) zPGO5UwMiV2IVDVVdMhO|y>Z7d#T-U;1c>$I&b^~oMOfFI+!A+u#fh{ZbTIWQO4v|y z)|2CoMoOX6aTY6|r=>tbO)zK5SqFA>iZ8?=Sy|7dA>+rd-~-czPwBjEjJ(};@jO;@ zYhDBAa#X@V(0V?X!a!N)b)%NQe?JsI|6LE8fe+-Gzi z+gy;*NesGpa{2ddJ;dqP)*152iXbt*+-7EZnWQ?;GMTIBw9E;w6(e~c*VvCjojx%= z@~Y5bBe)+0E#9arh!=ksLuSgelrF3wx2S&sn8$9UV;(X}X6o&!VlqH@7_?{}s9p8+ zha;4Pr#tY!AcVtdwdP6gBcNeOPvY6lsP}fpBgDeGBe{*{m$JqOQNhjsgg%y4b|`+K zFO-I!D{B?`RwCYk24}a8jYZ9Q435qw5q#{e1xs{sqBFQv9vb_&DvIE(;e^+Kh9VL9 zU8?3Rj?|asEw)+t*LM)hT_vUiG{S&Xoads z-H)!t#TK^W6RHT)^c~?{-_+D{laojkZ4LTIw0?wWMfFIx7)I`Z$uA8sbUARynkGis zgdu)`(6~nYm8IZVowp3LboQZ_^ow3`m=<`j|`h_ltp%E!LT&F})O-Pt)VIku=t8RcX5RJhjVRR@zfWwa}HmVLLM zx+`L8cgA0;AdclZfy?F!A#gOlb{BD{q{I*JxhN5262zu3A`)KaRC)G1hCTRvgO=on z)&sdR8BnEv^og*;NUyj=*MnQ?yWe}cHz~t@oS1<%DAtt>P@F>~`fL(;?RiTjg22li zgi)pn5^ldy%$i`dtC^OGW>}XbFGHUc+fO&}`C+aHoe5>6h0i{uDc%Aqsr*Y?2Sz7h;d|y@9<_yH@w@N8UXWf-)1dD2jTmmZ$A&UHV zT$Xfb{WN2N30YKWvrTib#anAfkNo)DJ1(XxNY6?k%ErVW9WRng$0SGhUB)7&`>G0X zgSTW+)mq-xNz%AHM>OtBlfSp+niYtdl4vJFGRGcO%#Ep$X%y4;K2IyMw8v%5>Z#Pv zZUi)XvHmK`?EZ(bQK*VA`n$0)w?YIIy(MkV;)Xkv3M961_mUBX7$INOB)y`;xuykX ziY)7?enY-@?()$e-afL3;_uELS|q+?$$F-?=8VlJq7UQ;uEbcF;95suiSeWvC8@4& zrzmR3p57ay_qTvux6P1Mq-Yq?fCfzlOLa#;LF^@PxcgQ838=JA898+HRldRbmqfNOMtZ}LZoGkPD{jIR3f#r(b zOi`r1;_LRJTVv4>z0~_Bp*}FUV)(Vd`=;QdZiswg50-VCsQ8nDavOU44ivqJd?gxZ zms@r=$4ov|a5k^D7MhFBTHK#Wr@8(h#Eku08JO=;Mn7AC6V8G<*m#l5VQuVZzUnOy zn9Y+&E9@{y#_ul1^>;*k59E65&RLtWFlzyCn{AlMNn_5?Aglc{C#u(ue7k!Eo?OC# zu*!CK6tZ$;P)wpJRpaP9iG7Awjv|N z_6tiVp8OSZLPomrG)ymf3WPe2zBi9#ki;tfi*s;uKZf_w*cK6ZQ0qc`shyOk$ywxd ze?BVTh~lEM@UO$qW>6q;q*Wx-sO!c=>kQm*7P;YHL9`U7QAMfO#LAWIY?lTQ#N7F? zQsAFi4bn&XEc=W1aoS*#mPFTj=Zx-S)j9uG+Z+4@e(Eip!tvbax=Pw6p>! zDw{Kbr*G_&ALvI4FVAdcloR5_7_^vrlO7 zpucKCissd|L?U_94$_ROXgf>P*4L$7z=}aTzgc)`OqO(}4R*ST<#9l^i{0p#U~l6~ z7*J`BwM#*kVXstjgX~{?TN*>LcmGm}9Og=&N1Xb(k!~$ zNsQ_5l6o(5G_1j@G8^AZ932VR2Omy&?5|twyH`My@bm>hN}H_`fXBwU50KR0LuHVj z3E8*=HCAP#=-uXK4}uS1-0ZkmGUr``Y3y?0&@PB9c2L<-7$LHLpZO7ao0R!T7`NXHnCis{ zm;xu3=F5vZlGA)2Cci`l4Qvsi1s4-RTn4SZ(8%Zhl1~8if<-tV>=l%iIa$+4K(nC7raSFWTE5ChbRTuw#v`WmQnV-Xt2l zq(z0aJ)L72mCTXLO8}V-KiB3c?GSwB#=zM*LTuY&mNO|Ucu5tr_n{wRGIx~9X*ybt z&4a)N;vA^5$b->c#O=?MTOAzp)4PrS9a$BaUdIXb#U9?oiev`9mT3EzFQ>KH((a^X z=}k5BE8@}$BsbM}%b~fqG(HcYQr8jaoThgqAc2gjaIC43nxM?%&P9Xdb8GPLT=#+n zb#9%^3u)SIvKwJT=+h<(<|T|h^q0%*ur-7mD*FhVhzDgSZP(zL-Oz6mF&X2$j?h5* z3ks-X%8Q1=3g<~K#&^oMWB?Aj*?e;l7@hlnd0(Obza9U-%2hz!TnUK>w zp_qp}Kk_A0g-s>&^(a|%Iex`DNR8$wMURB=IE1SQkas7VH`;S?3KTc8V!vFoYa!=% zl%tZnta)Umn(=Upv+<=dg*WFS6ge(mZab+WG=vi1$Kp^Sau(|Ge77994&ZmAmGlQ? zJZ-!Vtu}I5x6#hbrmm4%xY^EJ-tR{aEBxlWnpLpa8i=#5?v%a$@HzZ+7%br~u5?^a5PI_z&)Aq84-Dl)fe0EYi z91%r~{9Lr&1ga<}i(KEq<=I&qA zqp}vhDN9{~#WtcSh125E@Y$+Cfos#M!0CO)pAobX==78@il2y)unnO9;>y#b9t!G< zk*+aHWGyz6#>XWGbS=A>7uH*R$77qMM25R&-(klM*cih8!ss3V;PQ#ikJ&Xzo@MlH zP1d_B5?t3TQP*z&iZC(R&)$M(W7>u^T=?1iDesyRT%wvVBdPX2fDU-B%z`^Rx^6uj z)d<;YlMNwLa090Nwawq0VYRwF3r#Swi?^YEsb?*`5Ksad1@t|Lao_~vnLFa-M$Vzz ziT3yuBuZ%ux;bD$;C{{11!B;yA9C;Rq>hB|>4-AEmc(JDmWCQHeaHJ;R@(Ui%2%n& z_Js9zu#y3t7M`7m8$105hll@LqiJ0gwx=H0w<7aijxQ&~Him~|+*T@jL6F}=rnT^$ zpVdPd4S!+%DpeNclVbt64qC!mrof@r{9@UNiZ`^k^Tl09oJBsF|jzwJ;4FZr#20Y_mRcNigH)#ZzAK68EW`ZsOgtyC%K0L z6BX<=y;?}KntDS0fI;)?vMmHvHhCCSbjMV-4lw^bR0k&AT+lQ28R5 zIaUG_iV8Ua+1=Gz!95jAyE2~onxORYLQ&MF*4^ecO85st`p1LoyT_AWZ)N&=>A^md zX7(GsIKv^k#$^J6iJ~I~qJ^a#0SE*+vZh^mCbROb`d;f0ga)B}$6)9ljaH~trm6`E z7qc|GQ>%LlTj@BD+CFLjL^+gWN+!5!^~M9`eaDm&bK3s0FuT{nZ_>2~oib>-L9mg&GZSR2?04DB-RJ&-x7iT zBR^MTbA3oeL+e%%s9f6QCJf=-ORKaY!GI10<3M!@Al99f@p%qmI#&l)%n{$|ORUhH zIB})=&aU204%D{l*-=Jslv{q`E)9qSeR4@``Ci#@cJn=-F~4~&^O=r={)%pkXj~Lz z;Qp(y9-8byF6af`>W^-AeBTtKI$2tNC5XoFfCj5gtzIEoX6ae!%K$=92a(H$?OK2t zmfo!Eh4chlY0Y(vBU{>(+d(*w;ZpBnS6>K%eNps#LPO$E?9GNeKb7OG|9sh zA4hy?aW6CSg{*;#Z@r&=RbkTXKgR-2We)|tIqE7?cHZ1H@Gab~B`C=S*MyP%>0XoR zf9N|(_hFTQ+eMpMw!dg6&pS!nEJ6a~SHQniX*dlOdC%=TVZw0^NXJjw@u)k<099QW zaaKmQv}<7VQZG*G#ab8Mv)wd8KSI17DqY@6xG<)0BbUw#`Q>;Ub6^+*>^-JzOV3S= zw^Sw2qZ%vVTY%moTVw&w!Ust0$<9W+&@o1MqM} UnOq+SNSh5L9s@*gi4TeVAAw^TU;qFB literal 0 HcmV?d00001 diff --git a/scripts_qubuntu/packages_qubes.list b/scripts_qubuntu/packages_qubes.list new file mode 120000 index 0000000..8a0ce58 --- /dev/null +++ b/scripts_qubuntu/packages_qubes.list @@ -0,0 +1 @@ +../scripts_debian/packages_qubes.list \ No newline at end of file diff --git a/scripts_qubuntu/packages_trusty.list b/scripts_qubuntu/packages_trusty.list new file mode 100644 index 0000000..4f16d31 --- /dev/null +++ b/scripts_qubuntu/packages_trusty.list @@ -0,0 +1,25 @@ +ubuntu-standard +ncurses-term +aptitude +tasksel +sudo +locales +dmsetup +psmisc +emacs +vim-nox +gnupg +firefox +thunderbird +keepassx +git +gnome-terminal +xterm +libfile-mimeinfo-perl +libglib2.0-bin +ltrace +strace +haveged +linux-firmware +linux-firmware-nonfree +software-properties-common diff --git a/scripts_qubuntu/packages_utopic.list b/scripts_qubuntu/packages_utopic.list new file mode 100644 index 0000000..4f16d31 --- /dev/null +++ b/scripts_qubuntu/packages_utopic.list @@ -0,0 +1,25 @@ +ubuntu-standard +ncurses-term +aptitude +tasksel +sudo +locales +dmsetup +psmisc +emacs +vim-nox +gnupg +firefox +thunderbird +keepassx +git +gnome-terminal +xterm +libfile-mimeinfo-perl +libglib2.0-bin +ltrace +strace +haveged +linux-firmware +linux-firmware-nonfree +software-properties-common diff --git a/scripts_qubuntu/packages_vivid.list b/scripts_qubuntu/packages_vivid.list new file mode 100644 index 0000000..4f16d31 --- /dev/null +++ b/scripts_qubuntu/packages_vivid.list @@ -0,0 +1,25 @@ +ubuntu-standard +ncurses-term +aptitude +tasksel +sudo +locales +dmsetup +psmisc +emacs +vim-nox +gnupg +firefox +thunderbird +keepassx +git +gnome-terminal +xterm +libfile-mimeinfo-perl +libglib2.0-bin +ltrace +strace +haveged +linux-firmware +linux-firmware-nonfree +software-properties-common diff --git a/scripts_qubuntu/vars.sh b/scripts_qubuntu/vars.sh new file mode 100755 index 0000000..391cafe --- /dev/null +++ b/scripts_qubuntu/vars.sh @@ -0,0 +1,31 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source ./functions.sh + +# ============================================================================== +# Global variables and functions +# ============================================================================== + +# ------------------------------------------------------------------------------ +# Temp directory to place installation files and progress markers +# (Do not use /tmp since if built in a real VM, /tmp will be empty on a reboot) +# ------------------------------------------------------------------------------ +TMPDIR="/var/lib/qubes-whonix/install" + +# Location to grab ubuntu packages +DEBIAN_MIRROR=http://archive.ubuntu.com/ubuntu + +# ------------------------------------------------------------------------------ +# Location to grab Ubuntu packages +# ------------------------------------------------------------------------------ +DEBIAN_MIRROR=http://archive.ubuntu.com/ubuntu + +# TODO: Not yet implemented +DEBIAN_MIRRORS=('http://archive.ubuntu.com/ubuntu', + ) + +# ------------------------------------------------------------------------------ +# apt-get configuration options +# ------------------------------------------------------------------------------ +APT_GET_OPTIONS="-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes --yes" From d4261919e62aadcf260768c0e7bf5b9079be49f9 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Thu, 12 Feb 2015 13:22:17 -0500 Subject: [PATCH 13/18] debian: qubuntu: Overwrite existing configuration files by default Recent changes to core-admin-linux has fstab and iptables being installed by installer and not in postinit which prevented these files from being written on initial template creation. --- scripts_debian/vars.sh | 6 +++--- scripts_qubuntu/vars.sh | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts_debian/vars.sh b/scripts_debian/vars.sh index ffa3d80..0d33664 100644 --- a/scripts_debian/vars.sh +++ b/scripts_debian/vars.sh @@ -27,10 +27,10 @@ DEBIAN_MIRROR=http://ftp.us.debian.org/debian # TODO: Not yet implemented DEBIAN_MIRRORS=('http://ftp.us.debian.org/debian', 'http://http.debian.net/debian, - 'http://ftp.ca.debian.org/debian, - ) + 'http://ftp.ca.debian.org/debian, + ) # ------------------------------------------------------------------------------ # apt-get configuration options # ------------------------------------------------------------------------------ -APT_GET_OPTIONS="-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes --yes" +APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes" diff --git a/scripts_qubuntu/vars.sh b/scripts_qubuntu/vars.sh index 391cafe..4e15c21 100755 --- a/scripts_qubuntu/vars.sh +++ b/scripts_qubuntu/vars.sh @@ -28,4 +28,4 @@ DEBIAN_MIRRORS=('http://archive.ubuntu.com/ubuntu', # ------------------------------------------------------------------------------ # apt-get configuration options # ------------------------------------------------------------------------------ -APT_GET_OPTIONS="-o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" --force-yes --yes" +APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes" From c4fa8ce41bcced62a3da97d4e015c7ce9a0caaef Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Fri, 13 Feb 2015 11:22:07 -0500 Subject: [PATCH 14/18] debian: Remove all remaining LXC code --- scripts_debian/01_install_core.sh | 34 +++---- scripts_debian/distribution.sh | 159 ++---------------------------- 2 files changed, 20 insertions(+), 173 deletions(-) diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh index a6138ff..7fccc36 100755 --- a/scripts_debian/01_install_core.sh +++ b/scripts_debian/01_install_core.sh @@ -14,29 +14,19 @@ debug ' Installing base system using debootstrap' # ============================================================================== buildStep "${0}" "pre" - if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then - if [ "${LXC_ENABLE}" == "1" ]; then - #### "------------------------------------------------------------------ - info " $(templateName): LXC: Installing base '${DISTRIBUTION}-${DIST}' system" - #### "------------------------------------------------------------------ - lxc-create -P "${LXC_DIR}" --dir="${INSTALLDIR}" -t download -n "${DIST}" -- \ - --dist "${DISTRIBUTION}" --release "${DIST}" --arch amd64 - - else - #### "------------------------------------------------------------------ - info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system" - #### "------------------------------------------------------------------ - COMPONENTS="" debootstrap \ - --arch=amd64 \ - --include="ncurses-term locales tasksel" \ - --components=main \ - --keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \ - "${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { - error "Debootstrap failed!"; - exit 1; - } - fi + #### "------------------------------------------------------------------ + info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system" + #### "------------------------------------------------------------------ + COMPONENTS="" debootstrap \ + --arch=amd64 \ + --include="ncurses-term locales tasksel" \ + --components=main \ + --keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \ + "${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { + error "Debootstrap failed!"; + exit 1; + } #### '---------------------------------------------------------------------- info ' Configure keyboard' diff --git a/scripts_debian/distribution.sh b/scripts_debian/distribution.sh index fedd1b8..5a1f150 100644 --- a/scripts_debian/distribution.sh +++ b/scripts_debian/distribution.sh @@ -51,10 +51,6 @@ function umount_all() { fi fi - if [ "${directory}" == "${INSTALLDIR}" -a "${LXC_ENABLE}" == "1" ]; then - lxcStop - fi - umount_kill "${directory}" || true } @@ -104,14 +100,6 @@ function addDivertPolicy() { outputc green "Deactivating initctl..." chroot dpkg-divert --local --rename --add /sbin/initctl || true - # Only move if its a regualr file; not soft link - #if [ -f "${INSTALLDIR}/sbin/initctl" ]; then - # mv "${INSTALLDIR}"/sbin/initctl "${INSTALLDIR}"/sbin/initctl.dist - #else - # rm -f "${INSTALLDIR}"/sbin/initctl || true - #fi - #chroot ln -fs /bin/true /sbin/initctl - # utopic systemd install still broken... outputc green "Hacking invoke-rc.d to ignore missing init scripts..." chroot sed -i -e "s/exit 100/exit 0 #exit 100/" /usr/sbin/invoke-rc.d @@ -122,12 +110,6 @@ function addDivertPolicy() { # ============================================================================== function removeDivertPolicy() { outputc red "Reactivating initctl..." - - #if [ -f "${INSTALLDIR}/sbin/initctl.dist" ]; then - # rm -f "${INSTALLDIR}"/sbin/initctl || true - # mv "${INSTALLDIR}"/sbin/initctl.dist "${INSTALLDIR}"/sbin/initctl - #fi - chroot dpkg-divert --local --rename --remove /sbin/initctl || true outputc red "Restoring invoke-rc.d..." @@ -141,31 +123,13 @@ function prepareChroot() { # Make sure nothing is mounted within $INSTALLDIR umount_kill "${INSTALLDIR}/" - #mkdir -p "${INSTALLDIR}/lib/modules" - #mount --bind /lib/modules "${INSTALLDIR}/lib/modules" - - if [ "${LXC_ENABLE}" == "1" ]; then - # Shutdown lxc container if its running - chroot echo && lxcStop || true - - # Start lxc container - lxcStart - sleep 3 - debug "lxc root: /proc/$(lxc-info -P "${LXC_DIR}" -n ${DIST} -p -H)/root" - else - mount -t tmpfs none "${INSTALLDIR}/run" - if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then - #mount --bind /dev "${INSTALLDIR}/dev" - ###mount --bind /dev/pts "${INSTALLDIR}/dev/pts" - mount -t proc proc "${INSTALLDIR}/proc" - mount -t sysfs sys "${INSTALLDIR}/sys" - fi - createDbusUuid - addDivertPolicy + mount -t tmpfs none "${INSTALLDIR}/run" + if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then + mount -t proc proc "${INSTALLDIR}/proc" + mount -t sysfs sys "${INSTALLDIR}/sys" fi - - # Does lxc need this; moving away for now - ###createDbusUuid + createDbusUuid + addDivertPolicy } # ============================================================================== @@ -173,8 +137,6 @@ function prepareChroot() { # ============================================================================== function aptUpgrade() { aptUpdate - #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - # chroot apt-get ${APT_GET_OPTIONS} upgrade DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes } @@ -184,8 +146,6 @@ function aptUpgrade() { # ============================================================================== function aptDistUpgrade() { aptUpdate - #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - # chroot apt-get ${APT_GET_OPTIONS} dist-upgrade DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes } @@ -195,7 +155,6 @@ function aptDistUpgrade() { # ============================================================================== function aptUpdate() { debug "Updating system" - #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot apt-get update } @@ -205,7 +164,6 @@ function aptUpdate() { # ============================================================================== function aptRemove() { files="$@" - #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot apt-get ${APT_GET_OPTIONS} remove ${files[@]} } @@ -215,7 +173,6 @@ function aptRemove() { # ============================================================================== function aptInstall() { files="$@" - #DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \ chroot apt-get ${APT_GET_OPTIONS} install ${files[@]} } @@ -270,99 +227,9 @@ function installSystemd() { chroot rm -f /sbin/init chroot ln -sf /lib/systemd/systemd /sbin/init - if [ "${LXC_ENABLE}" == "1" ]; then - # XXX: Patch resolvconf (may only be trusy specific; if so move into buildStep - sed -i 's/RUN_CANONICALDIR/RUN_DIR/g' "${INSTALLDIR}/sbin/resolvconf" - - # Enable resolvconf - chroot systemctl enable resolvconf - - # XXX: Do I really need to restart it? - # Restart lxc container - lxcRestart - fi - buildStep "$0" "post-systemd" } -# ============================================================================== -# Destroy LXC container -# ============================================================================== -function lxcDestroy() { - if [ "${LXC_ENABLE}" == "1" ]; then - warn "Destroying LXC container..." - lxc-destroy -P "${LXC_DIR}" -n "${DIST}" || true - mkdir -p "${INSTALLDIR}" - fi -} - -# ============================================================================== -# Restart LXC container and wait for network -# ============================================================================== -function lxcRestart() { - lxcStop - lxcStart - prepareChroot -} - -# ============================================================================== -# Start LXC container and wait for network -# ============================================================================== -function lxcStart() { - LXC_IF=eth0 - - info "Launching lxc-wait in background..." - lxc-wait -P "${LXC_DIR}" -n "${DIST}" -s RUNNING & - lxc_wait_pid=$! - - info "Starting LXC container..." - lxc-start -d -P "${LXC_DIR}" -n "${DIST}" - - info "Waiting for LXC container RUNNING state..." - wait ${lxc_wait_pid} - sleep 1 - - info "Waiting for LXC container network ${LXC_IF} up state..." - lxc-attach -P "${LXC_DIR}" -n "${DIST}" -- \ - su -c "while ! ip a | sed -rn '/: '"${LXC_IF}"':.*state UP/{N;N;s/.*inet (\S*).*/\1/p}' | grep -q '.'; do printf '.'; sleep 1; done; echo ''" || sleep 3 - - info "Network state is active." - - # Re-map install directory to lxc container - ###ORIG_INSTALLDIR="${INSTALLDIR}" - ###INSTALLDIR="/proc/$(lxc-info -P "${LXC_DIR}" -n ${DIST} -p -H)/root" -} - -# ============================================================================== -# Start LXC container and wait for network -# ============================================================================== -function lxcStop() { - # XXX - Should not umount here in case of restart - # umount anything in the lxc container (using _kill, not _all) - umount_kill "${INSTALLDIR}/" - - # XXX: Is this needed - #rm -rf "${INSTALLDIR}/run/*" | true - - # Re-set install directory to original location - ###INSTALLDIR="${ORIG_INSTALLDIR-"${INSTALLDIR}"}" - - info "Launching lxc-wait in background..." - lxc-wait -P "${LXC_DIR}" -n "${DIST}" -s STOPPED & - lxc_wait_pid=$! - - info "Stopping LXC container..." - sync - lxc-stop --kill -P "${LXC_DIR}" -n "${DIST}" || true - - info "Waiting for LXC container STOPPED state..." - wait ${lxc_wait_pid} - sleep 1 - - info "LXC container stopped." -} - - # ============================================================================== # ------------------------------------------------------------------------------ # C O N F I G U R A T I O N R E L A T E D @@ -412,10 +279,8 @@ function updateQubuntuSourceList() { # Make sure there is a resolv.conf with network of this AppVM for building # ============================================================================== function createResolvConf() { - if [ "${LXC_ENABLE}" != "1" ]; then - rm -f "${INSTALLDIR}/etc/resolv.conf" - cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" - fi + rm -f "${INSTALLDIR}/etc/resolv.conf" + cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" } # ============================================================================== @@ -447,11 +312,6 @@ EOF # ============================================================================== function updateLocale() { debug "Updating locales" - - #echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen" - #chroot "${INSTALLDIR}" locale-gen - #chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8 - chroot localedef -f UTF-8 -i en_US -c en_US.UTF-8 chroot update-locale LC_ALL=en_US.UTF-8 } @@ -499,9 +359,6 @@ installQubesRepo() { info " Defining Qubes CUSTOMREPO Location: ${PWD}/yum_repo_qubes/${DIST}" export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}" -# info ' Installing keyrings' # Relies on $CUSTOMREPO -# installKeyrings - info "Mounting local qubes_repo" mkdir -p "${INSTALLDIR}/tmp/qubes_repo" mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo" From 0b3eab85914d7c4f90fedcc8f8d8e8699906ef80 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 14 Feb 2015 12:16:19 -0500 Subject: [PATCH 15/18] whonix: Updated appmenus and added a gnome appmenu definition --- .../netvm-whitelisted-appmenus.list | 21 ++--- .../vm-whitelisted-appmenus.list | 11 --- .../whitelisted-appmenus.list | 7 +- .../vm-whitelisted-appmenus.list | 13 --- .../whitelisted-appmenus.list | 92 +------------------ .../netvm-whitelisted-appmenus.list | 1 + .../vm-whitelisted-appmenus.list | 22 +++++ .../whitelisted-appmenus.list | 14 +++ 8 files changed, 55 insertions(+), 126 deletions(-) create mode 100644 appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list create mode 100644 appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list create mode 100644 appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list diff --git a/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list index 68ed628..1bb50df 100644 --- a/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list @@ -1,21 +1,16 @@ gnome-terminal.desktop -nautilus.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop yelp.desktop -gateway-arm.desktop +gateway-firewall30default.desktop +gateway-firewall50user.desktop +gateway-torrc.desktop +gateway-torrcexamples.desktop gateway-firewall30default.desktop gateway-firewall50user.desktop gateway-firsttimesetup.desktop -gateway-reloadfirewall.desktop -gateway-reloadtor.desktop -gateway-restarttor.desktop -gateway-stoptor.desktop gateway-torrc.desktop gateway-torrcexamples.desktop -timesync.desktop -whonixcheck.desktop whonix_repository.desktop -dolphin.desktop -Help.desktop -ksystemlog.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list index 68ed628..ba57bde 100644 --- a/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list @@ -2,20 +2,9 @@ gnome-terminal.desktop nautilus.desktop yelp.desktop gateway-arm.desktop -gateway-firewall30default.desktop -gateway-firewall50user.desktop -gateway-firsttimesetup.desktop gateway-reloadfirewall.desktop gateway-reloadtor.desktop gateway-restarttor.desktop gateway-stoptor.desktop -gateway-torrc.desktop -gateway-torrcexamples.desktop timesync.desktop whonixcheck.desktop -whonix_repository.desktop -dolphin.desktop -Help.desktop -ksystemlog.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list b/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list index 25df4f2..1bb50df 100644 --- a/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list @@ -8,4 +8,9 @@ gateway-firewall30default.desktop gateway-firewall50user.desktop gateway-torrc.desktop gateway-torrcexamples.desktop -kwrite.desktop +gateway-firewall30default.desktop +gateway-firewall50user.desktop +gateway-firsttimesetup.desktop +gateway-torrc.desktop +gateway-torrcexamples.desktop +whonix_repository.desktop diff --git a/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list index 4371561..5bd390a 100644 --- a/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list @@ -1,12 +1,8 @@ gnome-terminal.desktop nautilus.desktop yelp.desktop - anondist-torbrowser.desktop -anondist-torbrowser_update.desktop -gateway-firsttimesetup.desktop timesync.desktop -vlc.desktop whonixcheck.desktop whonix-contribute.desktop whonix-documentation.desktop @@ -16,12 +12,3 @@ whonix-forum.desktop whonix-importantblog.desktop whonix-irc-chat-support.desktop whonix-mailinglist.desktop -whonix_repository.desktop -xchat.desktop -x-www-browser.desktop -dolphin.desktop -Help.desktop -kcalc.desktop -kgpg.desktop -kwrite.desktop - diff --git a/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list index c9b6f00..cf2ba64 100644 --- a/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list +++ b/appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list @@ -4,93 +4,9 @@ gpk-update-viewer.desktop gpk-prefs.desktop gpk-log.desktop yelp.desktop - - -anondist-torbrowser.desktop +gnome-panel.desktop +gnome-printers-panel.desktop +gnome-system-log.desktop +tracker-preferences.desktop anondist-torbrowser_update.desktop -bluetooth-sendto.desktop -bluetooth-wizard.desktop -brasero.desktop -brasero-nautilus.desktop -display.im6.desktop -fpm2.desktop -gateway-firsttimesetup.desktop -gcr-prompter.desktop -gcr-viewer.desktop -gnome-terminal.desktop -gpk-application.desktop -gpk-dbus-service.desktop -gpk-install-catalog.desktop -gpk-install-local-file.desktop -gpk-log.desktop -gpk-prefs.desktop -gpk-service-pack.desktop -gpk-update-viewer.desktop -iceweasel.desktop -kde4 -mat.desktop -mimeinfo.cache -nact.desktop -nautilus-autorun-software.desktop -nautilus.desktop -nm-applet.desktop -nm-connection-editor.desktop -python2.7.desktop -timesync.desktop -vlc.desktop -whonixcheck.desktop -whonix-contribute.desktop -whonix-documentation.desktop -whonix-donate.desktop -whonix-featureblog.desktop -whonix-forum.desktop -whonix-importantblog.desktop -whonix-irc-chat-support.desktop -whonix-mailinglist.desktop whonix_repository.desktop -xchat.desktop -x-www-browser.desktop -yelp.desktop - - -akonaditray.desktop --rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop -dolphin.desktop -gwenview.desktop -Help.desktop -jovieapp.desktop -kcalc.desktop -kdepasswd.desktop -kdesystemsettings.desktop -keditbookmarks.desktop -kfind.desktop -kfontview.desktop -kgpg.desktop -klipper.desktop -kmag.desktop -kmailservice.desktop -kmix.desktop -kmousetool.desktop -kmouth.desktop -konsole.desktop -krandrtray.desktop -ksysguard.desktop -ksystemlog.desktop --rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop -kvkbd.desktop -kwrite.desktop -nepomukbackup.desktop -nepomukcontroller.desktop -okularApplication_comicbook.desktop -okularApplication_dvi.desktop -okularApplication_fax.desktop -okularApplication_fb.desktop -okularApplication_ghostview.desktop -okularApplication_kimgio.desktop -okularApplication_ooo.desktop -okularApplication_pdf.desktop -okularApplication_plucker.desktop -okularApplication_xps.desktop -okular.desktop -systemsettings.desktop - diff --git a/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..501abce --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/vm-whitelisted-appmenus.list @@ -0,0 +1,22 @@ +gnome-terminal.desktop +nautilus.desktop +gcalctool.desktop +evolution.desktop +libreoffice-startcenter.desktop +gimp.desktop +eog.desktop +totem.desktop +shotwell.desktop +rhythmbox.desktop +anondist-torbrowser.desktop +timesync.desktop +whonixcheck.desktop +whonix-contribute.desktop +whonix-documentation.desktop +whonix-donate.desktop +whonix-featureblog.desktop +whonix-forum.desktop +whonix-importantblog.desktop +whonix-irc-chat-support.desktop +whonix-mailinglist.desktop +yelp.desktop diff --git a/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list b/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list new file mode 100644 index 0000000..ab251b6 --- /dev/null +++ b/appmenus_wheezy_whonix-workstation_gnome/whitelisted-appmenus.list @@ -0,0 +1,14 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gpk-log.desktop +gpk-application.desktop +gpk-update-viewer.desktop +gpk-prefs.desktop +gnome-panel.desktop +gnome-printers-panel.desktop +gnome-system-log.desktop +tracker-preferences.desktop +anondist-torbrowser_update.desktop +yelp.desktop From 96442c83cb342a5988e109d764066db193c8d831 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Sat, 14 Feb 2015 12:45:00 -0500 Subject: [PATCH 16/18] fedora: fc21: Added Fedora 21 template and related configurations --- .gitignore | 1 + appmenus_fc21/netvm-whitelisted-appmenus.list | 1 + appmenus_fc21/vm-whitelisted-appmenus.list | 3 + appmenus_fc21/whitelisted-appmenus.list | 5 + .../netvm-whitelisted-appmenus.list | 1 + .../vm-whitelisted-appmenus.list | 1 + .../whitelisted-appmenus.list | 1 + scripts_fedora/01_install_core.sh | 6 + scripts_fedora/02_install_groups.sh | 43 +++--- scripts_fedora/04_install_qubes.sh | 5 + scripts_fedora/04_install_qubes_fc21.sh | 13 ++ .../RPM-GPG-KEY-rpmfusion-free-fedora-20 | 30 ++++ .../RPM-GPG-KEY-rpmfusion-free-fedora-21 | 30 ++++ .../RPM-GPG-KEY-rpmfusion-nonfree-fedora-20 | 30 ++++ .../RPM-GPG-KEY-rpmfusion-nonfree-fedora-21 | 30 ++++ .../google-linux_signing_key.pub | 31 ++++ .../rpmfusion-free-release-20.noarch.rpm | Bin 0 -> 15548 bytes .../rpmfusion-free-release-21.noarch.rpm | Bin 0 -> 19848 bytes .../rpmfusion-nonfree-release-20.noarch.rpm | Bin 0 -> 15660 bytes .../rpmfusion-nonfree-release-21.noarch.rpm | Bin 0 -> 19964 bytes scripts_fedora/add_3rd_party_software.sh | 134 +++++++++++++++++- scripts_fedora/distribution.sh | 84 +++++++++++ .../keys_fc21/RPM-GPG-KEY-fedora-21-primary | 31 ++++ scripts_fedora/packages_fc21.list | 32 +++++ scripts_fedora/packages_fc21_default.list | 1 + scripts_fedora/packages_fc21_minimal.list | 6 + 26 files changed, 492 insertions(+), 27 deletions(-) create mode 100644 appmenus_fc21/netvm-whitelisted-appmenus.list create mode 100644 appmenus_fc21/vm-whitelisted-appmenus.list create mode 100644 appmenus_fc21/whitelisted-appmenus.list create mode 100644 appmenus_fc21_minimal/netvm-whitelisted-appmenus.list create mode 100644 appmenus_fc21_minimal/vm-whitelisted-appmenus.list create mode 100644 appmenus_fc21_minimal/whitelisted-appmenus.list create mode 100755 scripts_fedora/04_install_qubes_fc21.sh create mode 100644 scripts_fedora/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-20 create mode 100644 scripts_fedora/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-21 create mode 100644 scripts_fedora/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-20 create mode 100644 scripts_fedora/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-21 create mode 100644 scripts_fedora/3rd_party_software/google-linux_signing_key.pub create mode 100644 scripts_fedora/3rd_party_software/rpmfusion-free-release-20.noarch.rpm create mode 100644 scripts_fedora/3rd_party_software/rpmfusion-free-release-21.noarch.rpm create mode 100644 scripts_fedora/3rd_party_software/rpmfusion-nonfree-release-20.noarch.rpm create mode 100644 scripts_fedora/3rd_party_software/rpmfusion-nonfree-release-21.noarch.rpm create mode 100644 scripts_fedora/distribution.sh create mode 100644 scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary create mode 100644 scripts_fedora/packages_fc21.list create mode 120000 scripts_fedora/packages_fc21_default.list create mode 100644 scripts_fedora/packages_fc21_minimal.list diff --git a/.gitignore b/.gitignore index ac4c2b9..0b821ac 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ mnt_* *.img install-templates.sh yum_repo_qubes/* +scripts_fedora/base_rpms_fc21/* diff --git a/appmenus_fc21/netvm-whitelisted-appmenus.list b/appmenus_fc21/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..4b744f7 --- /dev/null +++ b/appmenus_fc21/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +gnome-terminal.desktop diff --git a/appmenus_fc21/vm-whitelisted-appmenus.list b/appmenus_fc21/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..1711aed --- /dev/null +++ b/appmenus_fc21/vm-whitelisted-appmenus.list @@ -0,0 +1,3 @@ +gnome-terminal.desktop +nautilus.desktop +firefox.desktop diff --git a/appmenus_fc21/whitelisted-appmenus.list b/appmenus_fc21/whitelisted-appmenus.list new file mode 100644 index 0000000..107badc --- /dev/null +++ b/appmenus_fc21/whitelisted-appmenus.list @@ -0,0 +1,5 @@ +gnome-terminal.desktop +gpk-application.desktop +gpk-prefs.desktop +system-config-date.desktop +system-config-printer.desktop diff --git a/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list b/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/netvm-whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/appmenus_fc21_minimal/vm-whitelisted-appmenus.list b/appmenus_fc21_minimal/vm-whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/vm-whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/appmenus_fc21_minimal/whitelisted-appmenus.list b/appmenus_fc21_minimal/whitelisted-appmenus.list new file mode 100644 index 0000000..24cbff5 --- /dev/null +++ b/appmenus_fc21_minimal/whitelisted-appmenus.list @@ -0,0 +1 @@ +xterm.desktop diff --git a/scripts_fedora/01_install_core.sh b/scripts_fedora/01_install_core.sh index 63e8a46..c246864 100755 --- a/scripts_fedora/01_install_core.sh +++ b/scripts_fedora/01_install_core.sh @@ -5,6 +5,12 @@ if ! [ -f "${INSTALLDIR}/tmp/.prepared_base" ]; then rpm --initdb --root=$INSTALLDIR rpm --import --root=$INSTALLDIR $SCRIPTSDIR/keys/* + if [ "$DIST" == "fc21" ]; then + echo "-> Retreiving core RPM packages..." + INITIAL_PACKAGES="filesystem setup fedora-release" + yum --disablerepo=\* --enablerepo=fedora -y --installroot="${INSTALLDIR}" --releasever=${DIST/fc/} install --downloadonly --downloaddir="$SCRIPTSDIR/base_rpms_${DIST}" ${INITIAL_PACKAGES} + fi + echo "-> Installing core RPM packages..." rpm -i --root=$INSTALLDIR $SCRIPTSDIR/base_rpms/*.rpm || exit 1 diff --git a/scripts_fedora/02_install_groups.sh b/scripts_fedora/02_install_groups.sh index 90e9914..0daa8f7 100755 --- a/scripts_fedora/02_install_groups.sh +++ b/scripts_fedora/02_install_groups.sh @@ -1,26 +1,27 @@ -#!/bin/sh -if [ -n "${TEMPLATE_FLAVOR}" ]; then - PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}_${TEMPLATE_FLAVOR}.list" - if ! [ -r "${PKGLISTFILE}" ]; then - echo "ERROR: ${PKGLISTFILE} does not exists!" - exit 1 - fi -elif [ -r "$SCRIPTSDIR/packages_${DIST}.list" ]; then - PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}.list" -else - PKGLISTFILE="$SCRIPTSDIR/packages.list" -fi +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : -echo "--> Preparing environment..." -mount -t proc proc mnt/proc +source "${SCRIPTSDIR}/distribution.sh" -export PKGGROUPS=$(cat $PKGLISTFILE) +# Create system mount points +prepareChroot -export YUM0=$PWD/yum_repo_qubes -yum clean all -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR -yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR $PKGGROUPS || RETCODE=1 -yum update -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR || RETCODE=1 +#### '---------------------------------------------------------------------- +info ' Trap ERR and EXIT signals and cleanup (umount)' +#### '---------------------------------------------------------------------- +trap cleanup ERR +trap cleanup EXIT -umount mnt/proc +#### '---------------------------------------------------------------------- +info " Installing extra packages in script_${DIST}/packages.list file" +#### '---------------------------------------------------------------------- +export YUM0=${PWD}/yum_repo_qubes +yum clean all -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} +installPackages +yum update -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} || exit 1 -exit $RETCODE +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +trap - ERR EXIT +trap diff --git a/scripts_fedora/04_install_qubes.sh b/scripts_fedora/04_install_qubes.sh index 2b033d6..fbb855f 100755 --- a/scripts_fedora/04_install_qubes.sh +++ b/scripts_fedora/04_install_qubes.sh @@ -1,4 +1,5 @@ #!/bin/sh + echo "--> Preparing environment..." mount -t proc proc $PWD/mnt/proc @@ -23,4 +24,8 @@ if [ "$TEMPLATE_FLAVOR" != "minimal" ]; then $SCRIPTSDIR/add_3rd_party_software.sh || RETCODE=1 fi +# Distribution specific steps +source ./functions.sh +buildStep "${0}" "${DIST}" + exit $RETCODE diff --git a/scripts_fedora/04_install_qubes_fc21.sh b/scripts_fedora/04_install_qubes_fc21.sh new file mode 100755 index 0000000..e17dbef --- /dev/null +++ b/scripts_fedora/04_install_qubes_fc21.sh @@ -0,0 +1,13 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +echo "--> Creating Xwrapper.config override..." +cat > "${INSTALLDIR}/etc/X11/Xwrapper.config" < Setting locale to utf8..." +cat > "${INSTALLDIR}/etc/locale.conf" <vsOH$r*W=8cqZ_n?^`+xuc|Lt>}`#R@3*SXI3T<1FHzRtWp*8M;M1)c$+ zAdDR@;_!JGwh%!uLWGOZMF@s~!{A~4pFDCXrN6Un%zq{)D;thNDJFpTxgf!JG00U> zC^;1=4gRC#wE#UDybP1Rqd;4QXMk1&v<=81{Q~5my}Z4YN8y!}Rty9=kf-nl-_wsBSng(|>_TenP8L(G2H-5RzzY)#~zW)E!sH@%j9uM(Cz*ZGuG*{X%UXLx_jeH*%Ay2s<2R|jfV zJ<6EP5H{qj!YjNA+xubMqH>GmYKyJM*mbFI*L986LO(V8gqMFVOgcDn#shWXRg>!O z8K-V)26JQTwH{E-k5r^t`p=LnTW^u8e^$S5Ziw}=fG4gYJNaAZtNWUFwd$>WOn74A za3soX*Y{J0Gw29%{KMP{1`E@V=B)Z~+34t#{M7Qc+TE9TZJKzfH}Ps!7tv3z=d6Q@ zM}Jpii*d33s3|kdR7OsX>DzUyh#Q?^HgC);^~cvWW{O{46Qm~OSScUaM!7Oqywc4h zcgF0r2?cho7lIoVHfBWe8=BKC(j6b)c2!LGNe$F0`1*YJz|u>+-jBgg zJ4_3$PMxkSNzx82vOU!IQom}VTJdDnMpP}LgA8ogvS|PpKp|5YL?)4h!{ZP-3D2Su zaCj1v$R^?#WG010q_c2jCYj6zHUu83_wVeeHDK%jztI*KUwj06xN&b>aM=n*qP;Hv zxk|6R*$Ioc-HRV)^sZYJu(R!5^~+ep9WPu|N-CD3&-c#{@smH4_F>J(un`f>k0( z%&f388@F1ueD%UP^X&>w-5nNFaLM|lb;%2lyt?H%t`m;UVlSKIzeKmbWtp|VoTldc zg>zQLVbZT%bE31u(e27}`U+H9W_>sJ-Vme|e`CKdm3z*>*JnY$Yugpp?GZY1X3_Xu ze8sTB*fP#pk;~O*-_);N8rKpK_UdBOlKm5#-bWu$xl&U&L8R*DUo!)fSu;UBFm`1Z zd*J$`isDVfJW^Coy}uv7vPdxMDRSJAwM(oqtEIZM=s{q^!rUbYyK04J8uhchocy{p z)r-T5`BPt_P`Ho4U?e_nU|?V~cn3ZSh5E%08lzCti$KvlkbobXeh}o4hXv9Ikl-`u z_kbTn$;;^HAcyos84dj)q^HPe=m$rFq%EUg%V-A~-3@Z!7v)-HH1w08y$jQ%F0gJtx08O@W@ zia-~rkNk3wgFQhJv_*lfNV+TCqb$!+i$u zD?vS>d^j#pKg>`@!#RO;n2d&UfDXe7Kn~_dQ3K?l{jhpjy(Y*3|8S5XXo_0W`r#HJ z2kjK$yuo^384YoR^m7?KTbhr6dO`WdAP4eCz<#mdl?HOaKjM~*Hj&b5kuus2bqq05-B~c6y&fy z1LRg&8^=C}Z*0W{w5gE;u(MM&p803m56uKPbu>Wuw-7BLbKn}(; z9nKf*AL0P`r$gKz|8f}(uJQ z1bh)k%oj$Xt@%7QCn#J<7lXsnudKqKJWM`MOy}@KXubg9p+)>~ArnEk1p`Gz61mQt2p%2%Ljw*X!YV6!2LllTIy00WgrI+@1ZDm*Ks$FkbSM&qri;*# z2$u`c+ z;Bljre~eZfOqYxiNEUHeh!A1HzTF^TUQ)ok27#e7nS3FO!wW)-`4SYQC@D+F2FruO zfe0>#2gVIfd#)Oca1Iy9#AEpp!Pp;DjpfpzcR}gBmkL08(t&;~&*w#OgnV8Y!V?==fs-;y*5+qtfE@)?3SW-m@##Wl zFzgvT&|X0rcINjvtW#_P={87PKuX^?ux}v#;Lil#q<>J{?;nT(Ozxe=Au#v2J?x#N ztN?#xu+9^_d)Vz@!5k(OicVut$W$_eY)m85nN%i=N}?ka1R)w5Q%DHHMwo0eLSa(K zWCD}UqEHxA3KLJFGH5s|nMotiQ78f#XG~_}CVq_7ZB%ff@>7DB_bXuv1nC@c~Vuu||u28lssvk(T2MJLjT2#JOea3q9^ z5NXC_3Y$%!;mIUC&6tX(P=F33Cg>1>tDl7@8#CE-8t8|}qEL;AbT*kxWYZ})JVK=* zY$gst2sAc{&ScYwL;{74!xN|olR;$A@pvYah%z?D0i}Sp3_Kf$FbEVnnT|t@iDU-R zm_R2{@FWru2qWX@R4@)29-%Q=EH;&dV;M65epD2lP9)(GhB0DHBe4l2GL^=_;ixz& zo=OM0kceaoiHRo=2@D1Rkwm7mK{p7HixBa2Fmg7EKw_|s@kB5QM4T}|i%208jHv`V z9!F;ZB&ZBF=#t7H&_NdrgaVGTY;c676Ny9y9&j?DMPtCy#yHJig!y5T(oZ|K#Kpib zJAsfBMi)j6jrmWw@jpcW2{&O#+&^Xi!5DuL{riRT`%*Pf{38kZd@<_(@4tWkHphyD zOz5J3!r;6)Q|3<4D|6TJE^|9glcojz7H&=g3pa|dh3oZ93)d64GS{PaWiBuIWiIWVWzJ`} zmN}ouEpuv!vv9iGYT;DrVc|4#R+;0#YYRu*yE4bI{T7lmCb!HHB!?PCnM3)#G6#%_ zg@g9lGKVow%j}=}mDxX1FSCERtjxX*Z6Qf_t;+0=vMlTm@yqNFYFpUvzg1?xFUG=^ z!{l?p)@dC~505~^XtU5rPBdL8wg?KNbGTS0KWr`{2wyoX&5jQ zLt!Qkh51i)mZ|5!3){$t5hV0?duGM)VZcQG5#N8BJAX^>#Xn3K?Qi1-$RCD`gJT}Dxky_5r#^qXXe6zM zjPKB=ga*e%9^yPo8Vz-^Ng53mJxQaXf+uN&M|p`6@VzcZTe9e3XfqL(4s!rDi^FDv zk5T^MmP^A>hrml20xx+8yhDZ)SmK|LkT3*ZJPLzeAYjqO2>gy`6L27oz@u|PsU?dg z2|`FB3es#7f#&g@*|w-AP3uETA3U_@7$9ieJVF$B4#LCEQ_9 zdoKZ(BZd&LkO+j!7f50Vcq$m|e4ZpC^y4^g0EP?k5@A3R1KW}bk?6vZ3=4!!fG$wF zB<3Nh5&i&0BGpF77yN)1Fp~i@1PYuC1;A_}QV@7p19X5j4m^>V&gDu%Trlzkdw_hP zp=_#T(VxF|^b+jDAO7}TL!9(1`{Mh9hj3uX=wyh5~WuidXP!tT-un3x`BwQ;oEG~@ELa7i( z0WfM1)rHn1T}m>*2J3$;N<0A;N%R$kK@jPzkZ_Ushc3`QM8HQ5HUx3%K`Q`w1B($w za>T&2*tX7(@e5r_c3A4erA zf^ZGVR*guaBA3gLM1!9eM4`oCiGr9qG;DyWEgp{sng*kJNF+K)5F}YDa6JMi4woi~ zn1?gP;X>%p|7wT;pg+P#iu?Z>JW{-5=m4dD9VyiDe`BD(dKrid1c{B%Aq*lJ4zPI8 zSiI~l31kXd#0la_c>pqSiAZb&?1eu;lq?X?4BQ?7^OFPw(Ja11r~?no3D~iI`nN&v zgvWwDe<{Y`;if5D@URb=QU3)QnTf$g2U*}slo}vtDnyorgB1%51cuZH<2Zm7kaTca z!j`EvSOc1fRJIth5(;06HX$)J@S6C}t%kMcWz3XNd_oMrC2(=&yMHI(a`3!@`@BpBjOY zL1lkGk-rKUIe=0w70#TO5(mpkJ1HR1jjs$S%(Y{j}u149u@= z2B1&#ly1y+?#@6VCJ+ss3kYMfB%X=RmENy~(V0TN#P`GX1kW1K=SmD&f+PcMYts3Z zxGd=e1L@Lz1|D3)1#pt2M?Ve^n1;j}WZaU#JX)e1oF8ENJYXoCAj#437v+EI%i@Q_ zyF12X3Xt+|~(F;7Cfd`hJInfx*+(A17S`99FpupgkCXI`OkS@Hd z9dZKqvG8sl-p5LQ69(>u;cp$_eJu*!+rzthct5WK61bcF>jN&{A>Rl|#8UF_ul4_d z`irjrdOd*pR}OGV@<&WRE-?N;qU3t{-|l9HcFFN4I{v%~`F9<`!5@5X{DD-NoBVJ0 z1kw|>#P9yS?r$G7|B2^!b<#2;M9ef2gmR34i@|`yf)Pqm5)~dMsTW~cMktIM0gVYl zV+0%lg2wp3qZ7tQV2H6bb*8}EP8h}B%$ja)pG?fK^P^EbA!O=yqwk54)&;?Yk5Jt**d51f$H>8swcche%@12d+$gqEneaE(w*(NX48G2 zc1|Xi-Z}kkVSr8hj z@>XWH;X0nSTVCAR+O;!IMvgiDd7HD)-v*bpZ05D@+SmC{6p+A>@`~XH3sEN$+wvFX zq`ffBvZ|elRli4U^19=o5w$(3HvWLFqi3CNLo2!KOY`Fpx#& z?V(=Yt9LM>|D@2X6BUh3u*^$*|zULaouIoJB{N8_geDjd+O3GcYW(l_vsBV ziSueL(r0Lque=Km_aC#yUU}_6<)@7=Z<^?DS*Ou^(raU`+iJmLZhgiDg|DxxXX;%) zcH=6Q^4{mRCCB03#AgT84kdOx4)}0*|CZam_wP0a_2oQmEpj*Ab?@S4&(K^(+Jsf7 z9$0gI?wE9C5N%WV);{{k*0?`)a*O`8LBMer` z4fD@)&gF90W2{tnMRXdUtGzs9*S(uXn;VKc*4rgG;YNvktH~UP?Mh1@y`*^`44&(# zZzjLK8Rs$6_S>Z6bJiF+omwd0bnn2YHC1Eh>$`Fy^5hdsPZky(v(uT{k#r&dnYSPH zYWCi)FZ4*IF(X`fDQ2HNR_(2~9lLb z1>FBwG*9?$vGEbYT zIKI@%RN5zqx}`3M;3^*%j&rdy@OWPEpaHcly1n=LDua_Zd1c>{UX&KiqIE61-aU~s zZS?|X(xi`*mHY%Jx0yX0Kip(zYE4#)?~*SbT}LVp)Qk@_j9+&ouo!jgHl=^}I#kf4 z?z%_h_^Nr^*EYEKtgV{73%|fc_(kq@3ETX#MMIt$%et4PRy$(WO6BYC6A(4|+3EG8 z*Oc5G{yhXu8)q^v`SbkX47Y$IH}D00i&^REvnPF{nUXbbDCj@B6ntQIe%KkEDTyPl zX@73Fajp$;DUBWJ`$e2EZn&H~clRdu@P6m}&KZ~5TDB)1@^U6sf2og4bKaD!cgfsfli`5Sz+C-SO?v9m6L9JX%1Bhi+9GXRZHbAapjtHyOnBg%WeAdeC3Q?ZyBS~ zY|oTrG828q_tax9-MhD^!l6p{JGN-#Jyx!(h40;`C=1%&Z1wiKkSUKdT^x|hW7ac5 z&xN|S%L}`$-0anMstNBYrd`>~UxoS_l@Qga>GU%ElCs4>TuRc8kLOa~Dh;$oPp#{+ zvHx7AnYzz^gJv-Xt zvHrb_P`x+o?`-YQDB7ts$<-@sw(q3Z^NzZ@=2l-ywm3X{PLan^{fGl0OFqV5Jd<*2 z>p~tmwkF2})iB9E_K^8OtnYy$SEcL_m9IBfZyBX9BB3)Y=EBY$;xIkS`ZFkMhq8Xl zGVjvQS5C|%o$6FLXm0-Mvpm7^6E282%c9D-SkG^J`)I2C{Cv%v(-ZUd$c=GvR1a+? zIN98cJfw;1bid~n@;23d-S(15TwBqlzi})<){)bJ7#smYu7$_8zI@R^b@FB}Dh5N|#r#|J}V? zG$}V!9&dW{_3e{28>i_^EgFqWdwBlz$tCxXYfLw|a>9Mv^+M;}_{k6Y0?sFInjDq) zb^oM}k8Qpbr&(sZXnl%R3mi0k+mTMaT2G}FHP5dV4=?5^GOBz;_~zpgF`Z+Ucg7OL zMo(|}n65l%Zg2pPBUlOg4tJ4a)gN&TZVN6x(=~K@=N)E7)LZfR;E0d%{?|HlEyFvs z?@xZ@MNXPNjegC$jxnliS@x10?5qWGcMo|~YgaCGOP~H(e&Mj~m*&--t+I(+b<5rn zRX_-uP{Tijb~158~5>?$kfd& z)AJPJ+((7R&|&Yg*Lk$YXQgFtZaRHzhkejg6uD)!m-p3$BWB5`rJ&_zBq_IlxNouS zfYHTe_f(d?_86s+9zXKh)r=TsSY+d!#Owne&8T$|lYx050@?BS&N4+h?*n8|v;*Bt-Wv&7-qmY@T6fvp%X4HU3K7YvXd!o1N9bmf6fQ$;`()&jou80BG%cs#qQpt3oT-ul{PGY&^Y$# z;nT91+L`ps*3 znT74+J~N`VE3HE3Y8N&Pv>(5&)iRYotN@oLzt_@t`LnhYypE19Z;nk#{nmyr@|l4yc+!Cy=CtK3_i(~)! z7(F}gylUB*YB-JX`0|o=TF}P6WhH^m@0tqavjPg|SAKh^=AxZ=kn?urUVjI4%=szX zx^8xCq;8|APUEm_ZQbV|VU=2MRe08K_-eD|8*d)l!Q{gEC~DF^gNIgx_Tfq~t2Si~ z^u6@baV2%HTu%4NTNUB*EKI}o~WnHTo;5X8rXHC zCvEHZ;Xz^6CLF7YF~Q4jk9uLcU|xs1h0%83uOqNeUhV%(YxO(zbnW^Y*O>n6w9&gs zj;c>Z)h{e@8aZFxS}RLlO=>YPoSr$oNN;h%rq}9?EdrMDl^L1g-hwgl6P>PeCOS_! z+HAw=bi1R=CET-CYd!o}%lpG5U0aJh-S3N>9L%eTJ44B<$-qLg(!1PBZi^)83DIa2zwsv39Z%<_=mc*G%Y8S&?Xyqi`+g4kqUf zqh`zfmp%LE@7_}$#Pb@NYSRAZ5$?tv_j=7k4O&Xo%Zd0i(aK{2h`w_1uIO5$&q?L> zw?7eFda}+9i*byx(I~!y?>J~}-W%vkpI_|CPTqqrWEgykQ=IFl{3dGr?Np~YK9Xgs zAs5&ApxiJ|OD%uKm;$pB)ESMI7iW^A=B_(9v;Ik)(*1>J@$AankqD=|XaAO#3ttQQ zxkr#RkN$73uLujfe3RT+Q_c|=kJzUAWY4@gS44BuKUmxE^Ba9|qjl)>_*Banr;y8K z6KW>qwRP;>k2|w;jCUQK!k>8-d$iZBS~Wax7MV zsp9rz`I;3+-5X6-xz^U04;=9xHO+4M<`%nQVV|-K>#`}cJTowL1`&4$wgi3JFk|F) zzYC}veso3oI`Nld7mr1{W$CXToq4QT+3?PRE^=sl{=4&i&(G?dSaiS9*C?r0{f6EL zi{~dljhmFYzd09!xjcHJs=U}vUbIhnS9U?E61^}mELdxLJE>-J)y8_WMCx>2bETk0 znAws@m*47J+4*kaJPkeHqetG|SoX;+`gxn6eCBcHrSYf6_UH*85j}41>7Y1^9n)M* zbFHi+s_tx8=yY4V=1sTD*t8Q~n3p{b<(Bh?2ff!SebAhN&nyivW@M^$srTf)d3)=4 zuUYr%I|m+Dn1+Xx)_zvuT6u1!R5#royUhaA6z~)?|Jg=fVMJ#0nUo&e&VrqyJ<9u5 zpH?r;Nh=LZ8U7`PIj=gnGUL+Yb$1_@PmhUQYpC$*wU*AzL(Glkp<~E)yZerfOsv|u zw|bRMir$FE&oOFuCcb;zHf-ws&)?Tfe0}zv=GO`5a|-ty@oRqnW_Y=7^OP+{32x7~ z1Zdd{40K0q$=aM?F*-E?qezgOr2O4~!qo=-m(FsTN%YI%`IAn};oPTIzVf{`U8VL) zap%~sstLY+he|GY`X?)JJEyi+jsNzwJh%GAGm`;L)5I+8icgyjVp^`GME7bn+jpsP zQ`1&kMwGkNng@3^F%ysA_v?A5GaT!R?q2d>xNM!mf418c*`nSWlvXq^3dMAM{-Kdp z$?K1KSm&U)tg|DakeYsSMdOA~&jYP;)D)&}T+gI^vsVg87JtAz#7@~txt|_WaXm*Z zdB-}VxnGZA9Yn3RH*=E)&<{eBb zVyz7yNOk92SWx+_crzt2aT>d2g?nw~1~cpIQPZrIpKZitC?(Hq?{10VTBW@AwGg4B( zuO+w(b4wQ%^r7Q6vlK*W;+KsbV&^kfcQd_C2j!hNRxb%~4pvPxoYZCrh3N9`0fuOKG`b(-_5GSX6W&+fh-&AN29 z#8>ll2a+G=VRr2D+BF?~pTzAqELAp+9DXrU3+>sn+H9}4VZi~nxh=#tyE%FbPhk}N#$V6!eH#*~S#KRT9d}vv>*5gO;fZ^Kauzyo-JNpme1oZr zLaf=;^G(CwHXfy_iDH7amnsUdfum1sv#l?Cy#|Fk#%g_LvW$7SylF+;$Ij4}KG*Ju oSxR%hb(Ajac;vJ~7bW*f_ahyJ(u_X9I{p0N6c}7aDKGN-FYc#1s{jB1 literal 0 HcmV?d00001 diff --git a/scripts_fedora/3rd_party_software/rpmfusion-free-release-21.noarch.rpm b/scripts_fedora/3rd_party_software/rpmfusion-free-release-21.noarch.rpm new file mode 100644 index 0000000000000000000000000000000000000000..163ef4d2be7a0a0308b90edd85d78cbb7a7701c4 GIT binary patch literal 19848 zcmeHv2UwHI*Ka_IAPNd1C}MzBKn zp}?nKz>i>wg=`)d!xA6}Mu2b-nh?R@aTpw|AIwJqrTka6ydl%gJ>M}i+Jvfn5mJM1N(l>qGoa!9v<9LOuW$#{l!$Y`Y{AP4$} zb%7l4EAc@N`QLyX@GF7#v``xq#|~3Q1tt{d+pJkJlIij=SYi0pt(yJIdyYloW{-2Y zD;y;(i@8`FtL=4+Q*acgIDqSoZ2_+N1ZYzK*ECq(&XMx@IXovM9bSc*-$Th1BzV93C3fqL$zA zcv~}k6UNVfZ22FN9W}$6U#vah-5U7E%?(ZZb#EO{8|Gm@ky`9K@25R)47i}QZ-E=r ztm^*G)VKva;beVpr?@a9uFUZBu;Hz03#{q<{) z-HQ?x$}cw6zt6?%-YOfHe&*g~XZxm>TW2TM61=7-TjIPe+l*R#ZSJMLcUb$`^h=Unj@If?#F7(Ta?w2P<^9`lvqgzPEkSgU`{$lN@SN zlj`2CWf)1EjTgGr>dvjA!R3@I6*&q zetYNMJF^7G407(yBJw~&ua4}zJb?&PI+@w?5K4otMbxwXBuW&IkIAJ;SS$zzz z&5MS!!Vz#d9D__^Q0WMZMP)D$ghzVD7q8kgW*Dua9E3(=@Vze;fz?E(T@2rr?*|vHgS1kXUx`LgY zOA)#6nRp5t{bJD$wWrprwS5*T*4Sj7w4MI$^&cdM#MJpJSQqmd!ycv-ohx=#>htK{ z`I19P-9p;lGCyZeq26j$x64yak2_a(g<2!F@xFnxrrs@&3M(CM#dM2lv9Jw~88!M1 zYnn}9^RSw;JGJd9Nf!0J%Xh3&>9cfrRnwD za5~~=w+$v4Y9Cjc$xg4X_Z_d(kohbva@1S0YHDt`@}q3Utd3KXb@NX2}LRov$vDhww`f>#(HCn#X*WbsSSWqNH!n zi=!vL-SC}wDB|Yk$_f60#o}Elr=CVs+TC}|PS(9$apZDeF5cq|_F9d!e@C$)o z2>e3e7XrT!_=UhP1pYrqKpOMx@9&QX{RA;e6zZqAC>4b=UIL0{fdt}|#ApHvDkk*&eFfIyd133-jqG})+%IQuy?JlQZgB-+36<~Y<>Vt7p zAg}OLPQL{?tnZW4??4XfVe?Y{_i|cOPIt@c@pAf;oc`W^51@fPiZkT(P%qRMAg8~| z=`cC{O-^%Vv=Xod+M^f^au6d{0h_Yr(s_qeO*qggBu{)66C;MqlX}e?Zb8_VvhDl_&gz7#1q7z9eG?9J5(&7iNNK_&#ZzUJPaOJL}PP>XdWNoqJ=!M zfPtWCTqc?)3PS{FCR->Hu<2qEjm|+pHA@sl6Ch|7PoVCCFnI!+1=?MNW((1P8y$fN zLV*mAC8eBz91xn0b`c=LFkq-qs@IDh$)%wOEMOx-3w8CtFrb1@V=SeGBIp5=pw6E< z=sMdKy%dQ-(}d_Kgu{V(usC8sEP}=b(gJlL{-f7u7Mp_zp}jw8G8LkYAy~#g%!rwe zjtXNl!q8zn4ikXE<;18D^i~u`llBp47P6U$0Aa$meIZ~0GQa}914CmlcmgJy8;Tb3 zq$tQxQkV4&mWPUg3J#kK`VDS-NL%S*HV5d$S@0smECzFA;1Y`6DAVztt~BKcYc!Q2|_JxQ2{YR5fXuR=0>swJZ=QS69qy4$I3Xey;=hL_gPUOqj!jLg7hRDv5<9tR1%rR!du};M4T0sf+LeDbSokQG>A}9C@Y2)flMJW2_y;ukEamG zR62tW^nk|bL`0Gios;EC`2riN+$u3P&68Wh(qX9 z1Y9Gr@I(^DijKunuoN7H25cb`NMs@dhbQ3abTXMvB+*!)83gD>2sj$Rj)lS#=`1Ra zKx0q{SSrAqKqld-6g&-wr7;1P6gmquNulFupb0ucCNKyr3LZ-%5D0V};AB9L#(=4f z@pKNx47jB1s+T2QV&F|LU%-x_31WuEJQ!~Lfa<|;6Nbe7L-!#1_><~?m??i-JQ|b^ zBms{nLjAw}`scfP3!#7kmndK`IByR5BU{$Z{^B9>mjTTGX_J&5Scij6Uj63;Owjmu zeH=F3%#jzt2iunrVY+~g#D^Av2&HYoI#}Yw4n>5bA7!&?F&rLE$}DuFMIy5W2#Xy( zAR@1J7tV_{M+v3N^Y`}|zQzWyE10}x2R zv-7#J)6VAvR^pTAD)DaTNxYvvlX#s;mw25xBJsQ*Z|7P4*v_-e&(2fLRN~R!Y3G4` zEAi0mvy-M#MRQd6Nv0WBWP@n1%nr1 zi^ia(pbVN7A~Q&42=0V#`1vU>_Gh`mL zX3C(41V;gSNrS}#G7lPM$UJD2A@iWSN58UpZDboF z8XQMC@-hoHm&JoK1xE&^3{iwM^j3&cFo)O<6e0}OI4Few?+6VU2Ex!`AV^1kh%mrK ze25}A3oE!%4OMFBB3KL&703opRo*nPDBHlNLD|Egod}d#aKX+e^)f654CJ8r{?phk zun!CwaAEWUCtpAgI5HOYdC2Y}mHJO@{_UiZN(~v`p$~}_>=S8-<0usZ!!o3GKq@p; z^rS*V1y3r3Lj{Ns5EBrg?U}R)w2jb$26F&5lg(m*2VUOyt=tMj83HeP2)v{r@D3SH z;E99pA$|zFI1~mQ#Anh(2#giDu(>o2+66r8fMN%61YZ`jkUjNV%FBPSv+!6D+5jSe z+n&jk#zmw-j-Le7G3Wq3!jOhQ&EEgl@OSOZD!(Y{7L4^xD8V#PrKzIa(S>Tk1 z+yWXG#6?^%IIDkd3rah{K*nFxN@WImBU6PiL3eP}f0BR|KlM`z3yvb?j)2w&@HuP| zM2v|4GBy%LPaTFB18IH4YEh2i!^?A;S@XATcCdk!5aBp5QNUZdjY^3c#JTLEdr~b ztPe1*{5_xy-AITCq|U_zp>MW8z!Pvlv>f(P9gUWk$b-_*&He>GJORKraI%si27_bjtzGY91aaE4MTI0D0C=4R614Qd<2U)oSGnrFJ_3u z0=S_6*%1LigThCK`~Mg`GQ8yI0Hc2HDYWr_qN6{rG7uLC5(}Y07=&^hVDWcn32?K= zlgMZxJCrNq0m#59BJ~ll7ybZIIzfOKxX=LZCyh~}nLMddcPOUbPcQH8WAPby{G6w{r0%VyO%vj(cFv|Zuj09K#NdxycEV*gl zYk-I_j>(JS!T{Bu?+ONraepZ{MNhSWjY21hql3ExcspPT;@jd-%O5mP_`S#&S~~Un zA`B%#t8h;o*pz>Sc+sL5&>J&aD7bzyhgi$bLPBu_jPydUmLb9cI|mJHvfzdT4K`XX zxZVLjfnND3LApiB1_6itz5xJza%iQ;1SxWGMftn+6goo?9B3qh4{o$T+dt1{sGiG< znl4?1AOvCoN9q7@K%_{Zr+^tGy*HDtl>gFWd1JCBgn!2S=fN95%mQBK{ICf03>y3Q z1NpOp?;L*_Q_#LIxZMJr42~GATma-qaIqw`{Jt*BR#Xu6#K`aSzOU2LD?Bj1@)3Y* zn!jvgcAf173}OJ)aB%^VRi<=hqH$zbei1Z=fG1u1;e3K;4Y=k?9a)Mb9c*i|@s%!F zvH=F#W%~>~xQh93kYqt)Eng7(z^n*)H*mm!1cMnQP`o0!wpc=V4N*b~`cf->m1GT_lc{$5}OmYq4#7>wEEq^yJ-0S1-wH>!FLJZ`vdTu0S%DAee<6`S~9-j(#Waw>(BN7f%=oZ z|9WMC`d1G4Ff$mYflHM^FyjZKacCDWgVFfocIMx01Sfy+yfFx^@^$jR++E0y*wTgf zuXTTUqWMoee^)0fvqVG;Oa4-}C0JuH;Iv?gl9t4XBc%003#KIs~fK#Q0u6!I~2F^h$O8g?u)lL(p@An-OF z6Utymi{1%D1$V{3D9LX>&a5w_bt3WkREX0VpQEV;~ zBYk^8h+^>BJXCZn3NOFr20J4Y9P%*It8Yvw7rwXgfAaIE`Gv9%aCCPEn@%)*edPbz z2d*K~_qqD}`{KcGt*?~WdGo=V($uSwt%x#G7y}ATN)x9)#Wsw-5rWbi`B;gL|18#U zXlTLuCzf7IztY>$IBsf&y+&Da1?R&T73UAC#$6_pjeN?RmTP^8Uc7hItk?6p^A;%U zM=92(at>W1T5=`^C~zDNuA^VCU6Q7j>WQ-BgH;P|3AeQ0 z-SO?&rX<5wY?xPx)8=y(!veM+xg@-%?c@-=bn~RB!UgV?nTpOSF5gzi6{WPTK|8KCJz1sVrgYjrXx^~i=DSxUv~im<>^wcLH9A|5 z7j9hTv8X~>Fm_6r6*d&{d%GfO={M^a56a1nbGZuX{_*P>8%@WxE)k!7*Q!L`)3=w> z(OlS_QaB3z8b~csf@Kz zTeKe!6MfxUZE#|ntKR!2J4T6{!j5YduJ5w-)HgfN;Z$$Wa8djHaBdT`uONNd_2h-N zQ~OUEoVa;YBXi2t%{!mP{AOk_YER!*?u@0_3VMRjE@e+(~{Ox3U-!oY|pege$nfC+iRGpWp=0NN~W1n2s_r2 z{cZT?*9PI3O>;&JBjjqnRh-+g((?B(hv@qk_B8iW+nJOy!`d#D%XI&`O2Sx4baAxE zW8JWl;*9AcpLE~0yoJPZ83sr6166YBo_Jau*V;YT#7$|OWB$wqXX(+FtIBjO^;0gN zT#R9lU(+@Z7e(spawIe7v>eWvb`X>6p@F7MC7;y}D5+_z5{zAX=3Uj?o#SW;j^p#k z`c*|%+3d`?6rt>2skWtPR60q|<+(w>p`HjJ9T z(@QO(_~4yJ%Pr)j(`K=cKDXDMzuh1=F;d|pFLymO%Ph_X#Zk; zfA+MK+M~IL4&7(Zn1Ju`e7N|tBu+iBd8KvB@j2tw7Ghhyqrd2$tK?sD*sYP9)MQq^ zW?yx94P)`CTN&S~wxpl>6jxnnznA|l=j!CnGedRE)ec^eX(~+ zTAedY z+MKps<1_EW7~@ET4LYv+W0_|)@mA|h&=_w_g8I6g@@-a29PG2kX?a=M;NRUCRrE?h z$II~Dh$pop1p&j1nm<4M@WI;K zy)-u|UOQlW+pstE_dZck$E-PH{fLuS`@f@BSlo(#e|M|?m`HlWolh6I2Nkm1j!ysd z4DULfi#|WzBiFF4@k<8AtojDpic)*)5g{gL>v$7|Ijhd4)ta=rozaUfTl0o+X7B3g z?8x4X9KYytjAwSi_1aCd7Fx%rSNCtdmuhml&Pu*Ok*x3@eBLCIx zV~OHJ*H_FIV^zb2ai>&QCF*l@CkOc|l%%}5J}s}GU9{)Tk!Wu|F87>0bbeJ{(^XrK@$B}P z-ov9@fAb7JUMjSy^WCIsn6^A5j&D3dzjfhy4a>PA1y=65L)W*7bf2po_DaYjtXX#5 zJtDtdZZ!1gwNcm^uFk=jlP(ol*bI=dNnjwTf4Sf4w4FV}F!`0a#QTZ5}U zD{Gz}!#tYd*+bIl)%C1P@;cQJ-WYJZ`21Lf!fAQodtZ2rsSi~!T|m~v+_2AnzCUPK zvaR1riNwvgZdqb%l-;s<<1UaspDjbpX*_wPYhq(aPUwOdMt$vwwQ9;jqujpy`7Y(x zv@e-t)&?S*_u;>u-8REw8Ft5ftMxpc!~2Fuok<*f+t(jS)Ee!W(zfrdf8>l6sN)@n zwI0Vh9@#c)=aDTZ=Peqg&~NYYCE~X7qI}=E2gOs}b{4Nm2>C>Czfy?3cwrZRgs^Fn zOG(Fwpt|MT%d)3Ltq3{y^}^CSNe#Pq*DQWnaSeY+zxQR|$9)mS%#s<@H#ud0gwB~B z{y^0P^X;~HpXd6$iU;b?pEL^5SK* zd3Hr*5uhI&Mt9kmhcE z=0Ijsdgs;B@eT%!D_SNtoc(RpEHka}Pp3E3eR7&U{kGNDePVso6m#{-9CPLJk&*Gn z)ZTCVSL7uc#Sz~LGvBs&_h)Tx9lcPv?$)mRqsFshE`LOuYu(d1D!$cDbgU`$j%@u@ zzUDb?e3Xd^H>P)j#hv}n!dfLp$;}yWOcLg~iLOl9V4k$z@!`>1 zlOD%UcOBK7Tz|>s?6CSPV>&}?pQ>-!7}B;s`Axmzg9Xbhv!~3^Q(9W`BK%2IO4{XJ zm-ZiXyi{?p?WUcU8m?%)05^i*)kM+GH$y9U9{05ucaSgl9a$DNY1Y^rw`n_`7z?Wx z)U#Y|3)KR@t_~T$)<5x^Q|}Y!^#rHeA!q8YaQBalyhShAUrBmDY>T}=m3Gm$xl6^V zb+2_33A<082#nj_pZkrwh^*dq|v*VH!pHyd>H4`aRW8&Q9<^O?qxD=|o< z@SV9$ct<&NqPfN$LxPX{%L`u$n2TTU2(`Opm`mHOws>Rble3O%)3t0{h)bu87=2u{ z-)$Ah(Yrg8SS zCTl7jMIHKTyiqOceeoX~SHIXi%U?47+|8G0TPx!?#@3#i!94H751f88Nb|Z_lyYtC z7*kbIsPoK;>vPw3kcplipTS>!-1ip5_qlypg!Woq=+OVNaM>L1{pyo8F376N{&q#P z$-z7_^W&igQ;p0!?ZW)ZM7Na$G`2lHWs6B(Si?6B2{q+S@~$-E;aR^GOpF6WkbWl5HtEj=qW$Bik-bVd(jKq}z5*n3S1q9MerP4e=~KZg`1N60Yz%a8plL z;d+}n5AH40p7zZ>BD(s^tMe6O8jjwb=oYyB(WblCE>AOgb=$t{#!?SHv)^Rd%@4;v z?l&&;NqM>3>kn+On|k!!x{T6QR)??j=9$gSda_Vyg7!q)*XQkDw+VX4mq$8zWNmfu z`?v&Eb!gqFB+?m6QdxJqUf9Z_#+~bzl)E&y87PPr^bRL?k5{)Gzq6O?`OfX#3hw>) z)9*d{1c=R2E|eMw`L z9Z#RWoE*mf8t^Rjcy(FO%~p^2;?hUkU!<({F)9@VXGAP^E*MczRpju8!>b!_+n4mF z*k5cLaiFU(t8z{Jns=mWUuF~(WcFwUZvg*Qk4pFRDftOkmbW>Zo>c7}cY164hsBNS z`u9B9*>U1&T3ma=!qDp$W7F@aDAT$f@14=AkMbC&SIF>c<=k;4C+tyLH*>f8kr6My zh8$d1_^LQgLsxkoGd5Joc1wGalIx=Ie#2uu%dPxM7U>XG z#$N1t5>wOBr*fxHr@q@6rIx~3nTg30pQPouR4FQdTXtq$MREV>&Ue2T>SujCGNULH zy>WL;Y5uT{?;rDn?0PebFFlLcy0o+}+QtaIE3STJfZ85jMfjOHjoUx3X6n2-pYZz~ z$?2lZYf}}pY(KBNYRVgJne|6{*6=l>$K)xG!n?I-BKtr2HCxVUPff7z_2nJ>ME#1p zyaTz;iPl_KrmB8>IIA)sJ7p99?S;VA_F`k>08&8!?w(rW>AgLB_H8t|zOuN^#51k| zqoLv0Rh0_U+RUqqF^$iX3{MK5x->A~Ryj>5pMz}EZ>S>Ncd5GVki0_O-(QJ)n&5f(!`x*#Wux=76W2ej z8x~c|UI^ZbN6jyIF>49#c*g2Osjo|GndDm?drENGnZ(G870G>XHLvU~6Xok>`ID6- z2^T*vd)=zKSf!xz;~rdb5I&hJ*mq8KL}Hw|Q$-xYh&e-jSod|?)@aR#kb`&^LrE48+hJ8sw}eJ3`usP0GdRhqA1*xj zh&Xi*-!gn`)5RM9Pht;xw#nFMtCxp*w&}Wlcs@?BC*{`s-x8mx?b|_0v937W9e<<4 zWSmx>aN?YnvG{`70q&VrUB@O}-4<1{5v3Ark`n(|jgr2)V%yxKtYu%tv4y@K&%YSH zZ`yD)JD{NM zh}AmrFp+AhoA9B;e08$Um?<+1H++AwcEk>E n7jyM{6GWz`15tV?g;O+nb0`ghG;#kV*_v zmTZxbr4re~YbhoA-8(bkeSh!w`>o&q_y7N&K2P^K_nvd^x#ymH?z!hqN71{cAsF!V z2?boXM8x6qa6CSbEkseA5RF3-5sD+?aRi9+A0H)*>fdqFi(e`!>V{%4DyzY_9eCll z7?dM17$q$^4E|%3#{+mc_)wF7V*u@tmjG4)urnwj{2G*iUfE5KGvuutR*3>7;5Xzw zC;`5T0F+8=m34=xV*HPBe3;TF8%}=QzDh~`iIH}n*RzE4+XE6pcx(MiI$e)!+Wmko zHi(#WyxdWJjPshMx_6@kez%@Gp(9kI2uLNDHHzF_RM+uO>FE+BH-9_I%k1>&j)+ zG*v5ST8ok94F}7cv@a(7(qkPJ>sC?&r1QE}MX?>W%IDBKd$XtC@H@gST4&_0v9~An z5VKM{i27zvjC-45muTGdOq+e(w8Z@AnW@JD!)&wrrp4!^>#Q50B3N9~u`F{;>5H@M zBR$m?A!PrJZEm-?VQw*PU#E8*`(!?LsP-!j%PU8SmxAvVUfnt~Ca+y&bnl4fwLSH1 zFN&u`KazH3P1=-JoRFgVxqB)#hlw+`nptqSu4LraRa1sei#pzPbD~4_uy2+DWfOJ& zocZ4Lmd`lzOWIGi-k!Oia8GH&089jW2wX>$( z^r}&>W5ZIeryb1HeP-J@v@A7w*8!j6GwDw;E|`lWgL(2TW5OVit5Z$ z$jv2}R9EjWQ!4g<>-=ZqZM(3t;q|(s7H1{&Vkdu2rFow3@YT3vZhhH`LT3|MbRwIC zkWez2%Air%bTW&~vZAr6WEP%HA`-}Wnia4i@X)IN$&MTYwR^P=C|9jAy!QQ;|7qU` zPFd>>bu8X8^*OF@!#Zy0k1O?7PwOrTLapYHXld-EXdm``Wt~m*FmR5{j&vRte%rTb z=)%kiNw(LUF=o_VC#CBr@K44hd^6MTdXsN4#&cF+Nkq=_lkrQ&EIYkuNx}D_%2CAi zmNO6SNj|l4WB!bal^c3RnCXQ#s8{#JWPSB{u;-=nDDxpoMmI-K;%-z6yMQOLVz+AU z4HNCmyV6s;|L)=D*p>T?4?fCFvHK=*ZQGd~-5wp;!4KmvCoNmx=S9EUp^b(-&O3eWS4$<$E+>@ewMx~J zYgfl&Y^RwtdPnL=5*bVTHsvk*gTCdlWdX)bqW{|Qn&vQVY`fc{PZt;4oFbT~HwYWw zkDM2_qAu6T_U8WCCLvndbC_zz-SzsxLHDLjILZ4gS?d4zIsd)i@VA|rt9IGxIMmfv ze)Q_dx8Po#@vX6-qeK}o;~iUA@x!{}$KB{G4%($!{7gC(8pj1&>zWsTwh;b2KWX(34{5~57IFhLx6{w1zzCC459ynI4tn0 zgBL#ieh>ITjIsiL1xg4*+I~L>;VB9j_NxJ20|nfnfPED3J5U0@sMMx_p`QfwO3=ST zet*i_l>v?n{wQx(hBCqSPYQUP0`646h6=b#0Z&!HUqK1vQFc|py^8io1^itBixlt= z1)L;@RiGT;RbCECuqUVhSutR%Qa+)8;aDMjLjh}o65_-0K>T5#1hNl-`hqajGk{f~ z9w7`~h_4294`FS2yPC5ChV=knEkyy30VR+@tp=1pA1b<_g!CU2?NBcOf2c7i!JMgp zy$rSwjRGay@ANr^V>*`NgYlVU&#$K$4ecPe0aPy+f%w-hks3-Oyl3FVy!O4$BV0f&PUwtogC@-k9dIl(g{Mdf^S#sC_&I=q5s(_)MAlmBElx1adEJmC*l4i<03pjEz|_$zebH^bK+1Dl=nAIrXsANLSKfzBuScq zO^D$zW3Vy&IF?BB=UBxth-`#Bz8H!o;;>L5%7VT7K$Qi^RTj{%8idK@3t1dqG*--q zdQj*|AttPkmH-xU93B`si2CNtVn{e~fG5F%A0K1!bIL8^5FW4sjA^A@(O7>3h{r;I zn@5aefHTG>Ml2RsTUsgx^cw@dFxt`%6Obelqg<>DFPC+=}antL?$C-6tTiHNJJV1LGdVy zXvMH1FzIZRjL=XJGg0Vd3LRz9m~@mzVIz2i&Y+_RI4z(wf)$l!MWe771U5p$vnd1y znT{t|S&`T*JQW07WITgTAfY5Gn}}yp7*r;n%>Za57Ky?jQ85@Qlg1>|nFJbmDS$D; zz!S&>212%C0Ac79D=LWH=oB`aOa_4*i@>H+0Y8LDAyWxtG9G#x8i7PbC~ST zNGvcIvK0%l0;~xX5cRPLbTXboqY~&8sui6?r6FW0f)E%qP)lMl$QS~RLI482wO{iOoh428lqR;%Rs*ASs1OXHl6%DvdxSQo*>17zT?*B2$@UJb}&v z0#k_y3)nD;&SY4TC@7xACJ|^fJc_qMscZx#0QJy`V7PQL5oMDRgpMII2n0401!Bo674rFF z%>Uni|MtvoArdm7%Yp*|vFM;5xwAL>?^dHo44D6$Jro2faG%uz8@Xox+Yb+h@9&8S z*j*flVdli=3c$7}LRqe01Db@BTDLKX(PTyJ&8*IS2(n>I1|BBn!L+8GMp0s1~q_Ec*`{C>BH+NFZ1MuZO|- z7w?ezT~C(!%~q27IaEsh>=)Skw%(Nb5~oUi4Fjbx{}P_Mm@r@-EaI@f+qZMOZK z61;Ry;cTh*8@|-L`I*$KJX7jba!Bggu-x9W{;|F1Wj}jQ4O6K{Ux&R1{!gigcCWqc z9dStN0bci;45@qdJ*hj++TML~xzv3`yVR{cRO;3`M(Xx-q15dO)?W73J4)ROS@v%G z`BJxilkMH|>ZERa7unC@F!^y{+jWXTB=M*iYZIHmNk)WX`)Dr0iL+qxxpr6_R;G>t zqv9=ym_Z;D28c|s!hy*c3^Hjj$ODyGCdPnerURJ=%o!pNm@^I7-@vp?paH&=!5|M< z%aHScwG5F5EHf2H7`Wm9GA1yFF9cB;59@`Z+!zUneQo5s92SI{af&(%4v)=;7EPc6 zQ3gpu8GJ8fFl6#z`+-EH{|OQCe?l~9HIN3c29j*%2dQr8UPv(JuNc^t zf{9EPhHO|M!(1!eG zCs5oO@V7+x%B6Qci3-Jte&`4o96OIHFJNG?RV{CM=2t_ehd{?n`! zsVo8s7_MUSEC7+O1eggJ8xRoQ?m{0!AYs`;K37%^=13^Ezyd_MiufWiR>Tx?1Y*G3 zl|TfY%5H%NJM@1N7cRx$N9QWn^3QdskQ!^IP^tn36Qs~OFejPN^8BeR&uK0blkk5a zrbL8d4Y{ZocwjLyA59c+gs3fzWhk5U-{w`;9T-8N5ad$9z6&z8T#!(WL3rS}DOV@~ zk6T0{FTt8|lSF77+uT|c_jA@j;u9JIT&EzT%g6E=B7PhS+?Yba{kc{JD{$}?#eg*| zg61hp_R0(^4rX{ESExq;Flvw!hSnrsN(zPbxBpy}1R|`G$t&VQB_gZ^5|Q|)EYLng zz(@8If-HBx6##t$ixDMo#K8N>#{g5n{kdOgMj})wGcFd$QgehtzAz3Xw&55xu~_4cFNCN8n87j#&2-lEe)re#w#>Mdyu;8}|Nmwyhq97v=4IAjxl|aA(Nn@}) zGyxkeh?XrCxE_HMhf5RW+a*k~L-~RCJ#u|1v;&0teWXyv|BZqE z?q#4}ppro15~@L@&;zXQH*|@avY!;xI|<&0`|gRN|Y@SKnCs}fceQX ziC7k2#?+k$<^=3mzx-RjcOqDTK7Xsm5#Xk&Sn#k9g;D=SGYS)fiw>f|l_)nrKq^ER zO2CQ*1_E>O{n;FV3P1#0wXhYU^|t^L(P9=qfd_L!f6eIstS0=e-V{5{0(J_GWHAF| z_+bv;k_Fs%wB;|DFY2!{gpy9{cfybo^a}UHpPTZpTr5_c1V&?qM1z|mbEs>1a3hj% zVLldGwOk`{VCO)w9OXey6!-y4~$-5B! zRo}l)-cOBLz$=$u5`mFHVgGp|e`nB-@wYhz{rm8MPB}bgoCJ6-pyYUP10=HS_sepR z3KESt#noHCpO)RWf%#R;0Q718@{M`6uNM%A30Ont0@9o;nP)=cJ3vie3Gca(K2;d~iLq84=n1;+66xcW!Ad?Qx4={Zm zFceO-EOh)$_+Rp}_!4;YC<~SxfJOgmfg_PmCa8mkD_1-=$lnWiV0p}m#o_Gw?F>lO zzvO`c{aYGLh|2DA;eGC)UvQ@j@Au)IuIzVZ;BFb-qs#Kj@a`YpE5kc}c&`ucd;j_< z^3Upu1THw)5BT|utOL1A7~qWtexP_iZ$1XnIXK`9knf-`NCwFF*G0;Jz9+rXV z6N}@L0B^8kFk@^vR5}%WizPhN77>F04aWwd5;(mA)_jQwC*dV;R$pK5 za_~L!J1u!`DDW>W-?a8BV+@qw4^)g!r_E?4ywN!uff+yiu?mCOEzxppYQy`doxYTL z(R=;3M@vPM{PN3p+*Xf`2~w#MU)r|uZuk1Z220RLqIrG0dw^yr}+_=GDEZTVBsoyYS%L zoxMwrsxIbektKGMgkMX1kIYYgI%K?Xg$8a}qMPcGR}n9_8!?KW+ANDNZ@;jYZM?On z`;xVb`1_@ix}_1f7KNnLd6bq_-@DFRVx&Pf^(adjom$~Tez0xF;abzq@-Efw$GO&j zj^NJ62hpjkvLxO6j^Cet$>hx906U!<8`oA>6)JZedEFxl+$Dp-O;lPE^2&dq>bSKRtvrX1Z)$zhwNsDHeBYaFdSVstcGyh9?T_rFqo$=}x5pl~ zj!wE>qnos?V%W6B7ifs%?Taxx9*=PAD$vlk-Cgm0zYXa{!{)cST-5qcPut+(Z|
UI~0jaPbX8R(K;Hf{v{LurS%S9fk#bQ8aCmFeM| zj+OBtQD@>}Lj1{{{GiJ^KA);4&N^b&pi#dUj*P!Z8upoh!N@Ig2KgE_JPZcPit3@Q{v| z;?W}A`jq02bz%EDCu#Z}FVO9}cP;7IsAC^e3|_P!8`q|{cyG$3#)WA|?&ciJ&s{PS z8=Td&DB9p|-TK3?kw0p#*$jzLwO^cN(1|Qto6E6HA5yDr50gX-dY$=tH4xM{?y zI>$W2$~fIh-%ywRL)o+N<~m=uneU!=DC$|ac3R>eja3hpe*CIZGrOpOd;P&_oiNJ6 zl52g}qg}U0IOk2+@Yx;B^X}8A{{5sFgulG ze0gHe99E91@g=wAqo-AUKU%Pztu)nfX8WbaNBTKqOUz56mN}#5(M6Hop*9ER7kxQU z>STKGTyD#m1w+%3u&{WHwHncXM>srk#h1O~z$5%%wR^WTHW-4#y9# z^I_ik>OXX5*>@iohp+3t9cyg6kfHDGb(YhR|8B+58Ma?)^$ZWpS&3?iZEY_sVS0Wk zUw*A&W5Ay6`v-#R;X zclCDDy2Fkus=M>o)JxAz$qhEyx|(vzBe*j6PFrzxxX*rkoN>>VFU)Vxrr0z)T-LK% zOPRd;LC)oAA1@_z+xRW=ZQ?35Z_CaxjQK$?a{1Kpb*!q&>xK(yCRqmazn1Nop(gk) zzO&*F&AzkSk4M@YO!#z||N0Gmb^X>WRZU%Cvo=jRZ*Cv7=3ubL5y#2cgFOphEaWIn zyeHBnWvkR|=JaZt$1Y>$bXA*2r1#ymtJN|A zwY6;vPWD~VG)k*2-Aes_zo+c*M03(1os_Po?m4@yCg$U=8*Vp=Zp^x|dr7PDTYKhB zvi=hDeRJwkqpW;hzIf|@YVxW@dD8kEkIB(P;wGL6XZ5b$tyBE2Z^{OZFEyX$wm)x( zPvo7Sq4LFS%ECW4m6E-lzQ6o1Gv?+f;tpimMA3%PYuJVc8e2t-AmvHw*LQ=N>d~{$ng@#nAfnjQLaANejh?%vkfV=C8cm z{hqe%TrRxUX}&xvH)FHWZC=@@sY{*9ADo$RE7xdg!-SJ^QLQXsNy|sN2{{CWoBat)7deO}d zPb{*&7mRzApSrfZN$+(b`^K{Iv7#{nL7%%Kmi8E|boW{veWHfY=wx)EbJd0u+Y+Z} zel0pa@s*9>V5?+b9HJ7^JZ*#hzS=)Ri=6U|p7C4J2Nu^ft{;pUO-sZ3nhjrc($~y> z#_g|&Rwe(7Vf@vMvrW4GxmrZp-tyFC=b33_(|q2G>7yRDM>Za8T+=(cZJ5L7;hGnp zhna*-S&EDx6&&+$F?xEk?PRG*J(jU{l}6vg)sIyi99G}x)U?~R)3)L1+VYE)i1^K? zozg=_*)A(@Sv^e!`tNnzz zt%PO6rT4NgRcXxcoRo@HwGWA@)Y*l}x~$r~dEu){fo>w3&#LL;k9@9mV~l-3ULsnY z-?L9=uE$y1f&=p+KCd)hIzL}3uF3|F^Hx!Dw=J0Wlq!Vup3>CQkt4%bx>v6+d0d8hFe{+oUL`VPcKVR+ z=qGmz5-K`hWcqBF7rK`4GPCFmIiTR+6PmiPYu^j?&Zcqpp_q#Hx%7jY4GEfC7S24h z4QbLlf0t9D`<_U&6kbgIq@NNkR3>>-gP$u$FDfbvztT~6hV`REnR2zGrLo;?*UZEa zWT<0!GXG-L+AF%o6+0cZBctrhPLtLZ;@s?AE%!O(&cD-Zdv-!cU`KxbyK7nzA*!nG zPOmq)vc<^;>r|`k8VS}bbhoZ~#}0p#f3$D|Y1;T@&H6@ptRk}r@!RwimD^LP&8Xo~ z|D7v3yWT~TqqnjIjaI>hN>3lV`)5Z9!c3=IrLc7UVkV!A&KduSy47`U&o3PO zU^McEa8|&YxGxU~Ed}O|K2}1{_f zz=whRZhZ*XJF)mPUc1?4A6jrfW=ckA%;A=xyrgNL6PM2#wpVxSJL=c_Cfle}zR&38 zc5klB8=Y5sc*(NIu@|O}$B!0wWbI9$Gg9)-pWN2jIyGvi%OXSPtCE=I2Mf)2Tj+&; zO!6+Qy>-84%h~sTxRndo0^*CxJFA;7bWutt#_X=VYOwGVXA-q+AeHQ+tX)A@0OHQxX5#7le2@6A)*cI7UsFEuYDA+By&*Y z{3KB^)*@cq;^&w$O**UTOISjz!3LAo#UnjiNoBbXD)!E*YR7M-iS;d>Qi7c-=!i~AoH~p7xfPjyUmEje!W)2B- zyba}!*6kNp@95D!ynjZHxiEU$nIqbfhBG9Q&C>O2h#AH{dq@taVpqMmJ$toxYLogH zR$<%N%Eq#$K>U^`$|uh1+`rNq^o3Nf6YqTAyc_57YV+pzH-A-GC}etb5(5U z%1H0I9o3Vi-_yohczGpEK5{+RDdzeWjY(-W%X)+HCdG3qk7iU~rRJyJbfD>Cu@MV> zc;8C`!V{l5<%}Aed*LakYO>b5U8mq0jd*tKi!y1ves_MGo%vs95p|kEW_q3UH?!FsJ~HU4^TZGP&uGu2QfszlS~oJ0Go8cS?Q&k;9~mE& zcHA&|_ps{h?n&mZ7ed49cN#L!oy)TJ*wE5`{{+#bbds1+g(+w~&3JXQYS^{sOk}v^ z-TpB8b%*plqTwlsZSC09C8<=d_vx9HE;W%yKN}WA{SGOig8_7pR7W*S6&QakHOWm~ikq_Rwpyp6_%(>-V zpX{3A%{zBJx7WDUJDqr-;_a$5H+>KC8P41lQEI^zk>@5oJ})qTruqGFTirKbz2hBL zK^^H$*QS=)4GRc)IWsF*e}t*Z&$C?)~V# z?tK(hW%u~QPZmxbjpOZini3YBT|qsg#`)BqXlXwc;nJ(7_}&p#UI{Nay2Lm&?_6Hc zrOqzik8imP-lk1U&eq9``XaPbDQmwUPPRxqzRu^Ry6drrKgL9JrfR0lTv@j{y)MCH zd-9|A$97~2GJS38kKD4h$x@pU>fE|Wcf*0Jk6iALG5#}c^P#TViXY!%c{}z7x_Z5g z6r9h#)p>LzFDu#X_}PQ}!oo%5jrltc4VxJs8o2SPJtjk=;qdJqBy#@xNd@Fju_dMj zNX`4G1p8SX$-#bqUf=y#<8u1Zw~SLRRns~$+N`%cY2_$eDYw1Nx5~z(80VfnSL@?7 zO?hY6&YAXG`Hjn^;wLtDo=(hb$p}50Yf>FFR)>J|F8TOCYeD#WAOG?puiMJk2<%Q8 zReLT#11&;xmfyO1wNdK=w`ZY!{MXI7E-H0Jo=PtJj%~fH|9(;Hi|Bb1dN$bf1?$@5FLuY>tO|RLhbuF}IcZ4TBUTu;7_*1WD zSFRC^@Nf+bH5r$1x?!Okg}XMRWX)x*#jq#(849WA+FWL1@-%~&NedA$`&174gjaBeg1J4dl-;oy6aeJ^iN6&*) z4#rfirFHHe;+M9dVB>Xm9rrHw1)xPoH-4^n!(mZXb?+e4>B? zPrp#WWkrhEd>)3!=dpwcf)OGdgeF2TcpL@?S^n)KhZ_D@p3NuU$jQn^pipCzz;A1i zl)!H>$kkCOIaMhQ{zu7A0Q4yELs9x01!NW80D2gp9Y7B0w;%`d@-9*yh4)f=SSZMW zK80401O8zGkVF1YAP4-zKzr(_b@JmBhNJwGFGR|To$enAKN}@CBHc)>&*Bs5_@Si+ zsmR5ggsi>*yGi}e&)v=2RlJ@)tK#$hO>?(;Q{`(u>(Tpy3*EQYsB4y9UGgQSAY#F+ zW&LLN6ioZ4-rBq~Vy*fiO3mgon>>!K%$FncH(t7pi+DGG#FvZ;6FL3x73y@GZwo9; zm38->AEnj5GeO_v`J#ze1AES0?$F&xJvz~zOD+yvQOMB1-z)#Jm3X$`ZT0Eucc(}7 zkIhISnss=#X_4G%EotY^-q~+)Wo+^2hi8$(>)opqX$Cg_M<=zpQ@iI}<~&$8>;5*u zz6~C6-96U33we7wFRu%`c6iSs4Fi`?A(I`&3W}v$=q(e-+UJ^SpBGQA4qZHh<{2K@ zTfgdI-{u3mKHfhN$UXYG0+BB>IJ6<^M2%d1$$OWM!b6+ItFCL>C^wv)Mm)|^%uoI! zvMfeFOYf$A!;X{h=8kUb3oh$5Ia6+(q56K2LvuoIRd7kwvE?(7dxjxn4sU;A6+h|a zJfqhq_4M245Wb1(KG7%NGaNR>S#EAirva_=z~=_%sCkub>0@qQ$ZU;$qyGu5_x)9| zvB4kadhuWMkdRBpbXDc|Pc^F^ADFY!(RP*Hl1$vw4}x(MSUtkzZz>P+&)f-D3%XZf zJR|3b&W^qO=BRcfg{fXM7nC#QEFHgX_!5Tq`gmeNwT9n#&0hVzN}BW0t}dafQ%d5z zl&aVBsdOR>OUANT3>+1~5lK`6lSUy^5C((9qGD+bD$5+pVz5ZSm%u|!`a3@gNK{89 z<<>qd^n5on-QsKF)2)`1$UX~}FwgC5sor3n+PHq&u{mwUYZhLc!!L7^Q(SD7m9$d3 z1{ZW;-^=zH^KgfE_H}DVUCx=9)H>#SV<5hnH*UgKwUi|pn-~4@r2XTCnJ;I#uPC)+ zoNw%YlxK8qMP2Q~nwbU{-j&~4Q{^@}OwDrUj>}Wz*H4I6HZ74~w}vQ*t->ub|f z@{JewE_aTauR;mv#~eyMH-2N=s3lrD1xssd99|Jekrt-h(N|fh`*pj?os-AR#v5La zPuH$}do7BzuvP`7saEb|HzF`-F9$WjEO(wa`_lWI%~z8Xo@~3*bK+*S_EqBE;v_9C zwO%87^tU~e3gY$eT|GN8h8}k+WZtx{PR&tk5_?ZBGV!vW(~%|@-9FyEQqZrLkyP+r zz1$@^bj4Pagx&y^wd!oY#$M2lwkBfWBGVwAP^P;5u#rcf|X7Z)vjy&`d*V1C6wbCy)IakAO{U_cT?Jb9nPIdQC^=ikXYa8BSCK)YW#;EUJ^ZW+V zW6~6B`eD_IQ=*kSi?1FP?9adZwyxgkFsnKhtWmfcsn7iW|2G1^5%`V3Zv=iL@Ed{O z2>eFiHv+#A_>I7C1b!p%8-f4h2uNa{{r&w3pr0T{i9-Dn7p0<5Q%XS5Y>+^la!MY^ zArBKI5HpoLKjNSuE{c)|3DPYfhx8;F4dbGao-CtbTy!Kz`ZD^1jP{bzA3+Y{q;gF% z8pch5yc~?TLj9km_40s6Lbpll<)KZmzFkI-m(iUvdWwwhlF`#;^jDArd*q#D^mkc( zh>Y%)(IOe$C!=Gf^e|`#Nb(6F2QlJdz*ZCpUCTqfAPxHp>ANyo8RU>3_6OFhfE?Ja z0P%t}j5`B*7{n3MAVGdbh&`m$r1gppG8&cxe#O-?dMwC+4T_~82Y3t{2XZL?NmdVW z0sKl+K@P@j7>I4ddZkd1!+5kd$YFh)jGic^M;OXzBaj3ABRoM4^#ebF@*@I4js-u> zK@Q|cLcNf-kkT4DGTIsBfM543$YFn6q_m!ijCKV%kk<>9(NHho*Asvo+B+ZQus%jc zFO=0MfgI`!mepU7(Qq6AKe_UPiNIG?a(@92tFC zMvFlX?9;CSIcz^tN>2f8O6Vw%gWppuK@QuGmesq+>R~^C{1k{ckk{NUqjNznXOH^F z`wtWzhr*$Jz2~5vB=;j|BiRMX474vI;EUK|zAzST4=zpEVUa?b7+j(J$}RlK!{GD8 zG&WC!<_i!WTEveOG7vP4$3*kR;fN5;WQ)W?Ha${IqjL~Y%@Rk`gb13&7b-g;Oumq2 zigp#F*&;OHMspEi7?9z!B$NY?141TfCm|vV2eyhNdOg@tJQ{ky0yZKtRaW*72PyE{zAIg~~wuXRpyLHU|+wdw;Wg!_C9x*x=x{b8939T*Fh$A(eHDk(Bt7Ku#n3bnn~4Y!CT!gcLgpuh%WBH%B-IW z{*wL!694c(3}EuPtGF8GzNhdvrDf!nA9eo8E-V#!1@ortAVaRh`wX5q065}nMzvgm+~z$B391TqRmW>6SJDg#FW ziG-z5X>=@(h@;bp=5z{)MkSe(Sp<-=SVSV8NoC?#R5H*uHw5Q$72m53!#$T%vAY)&PRDKsLPMg!_WDS=5R zqHq+FSNL85AmsNF$Lz-x)MKnS{dw3+OB+i^-rN2!)Cxk`Wq0VzTf6csi6N5h(-~ z^k@v2+!%Mq`IrHJ9JumjN!A&7<0}xdxin$ykogBGfFEdJkOG9E3jAzga9#eTfq$4g ze^WdLlno>ypD#xJ@Ba5M@9<4ULIzy2U_ZcFbjXi%u{Zk9UL*TZV8*}LL)9gFGfEX~ z?8?6;V2bKc^#1x`0&I@MrW@JwxdO25i4dj}*nm7~Ttp->1=hh52X+`D68|jorp0pj zGzqiFg%*W)3lSDOWJg#bqZ@F@g14-ibTrbO_QXi7H4N^Y!P%rud;S4^}hI90LY>keVgT zgrP7G)@F(3LEB6PHV;}eWFE9;%Akh?M*(_CgT(?e4;p32JZO|5^Psy&#^44I9AHNI zhx3Kt)W<`6AP6@+5}d6qrMoB^9A!DOGE+8>#fLKmM+T-0QG_(~R)`WXhu97jA`I0y zD1`s72n`tq!q8zLNJf5$Fu*l@h$1*sbGT9sRch!WSPT*6&j#;fb7){uwuJAI($`2E zF(@_VfxS=SWmpUt$U*V_tFa5R^$#9!VRVp#7a#{584LS7WOtEB{i`sRHleqHr*W zMbJGZv1f^6abUn1YK1rofK!7IHS{LwRFVPqqkdpg;_$FYVy}n`L8LJkM~cJ)wm|<7 zfi?1nAPBnu@B)B0@EB1vTMSk|X&+!j`bQ`lx{(MGN}P)cg63?YkT2wbI6Lg4G8!!_ zk%hCNoBbR3@B{$gz{yIAAe=+8StF8|$l>s#(cn)fV$otSMZpCDbZoeL;BaVQX*imP zM5Dt5VUno==Ob9e;nW1-|44>7QV19HKRY4-Xi)e_asO|FM~asW9bnY2J%u*@cXagE zRR-b$K>~492!lw511$dGEPgJwcoG>cVu$ghJOCLuMI=4~_QIbaN+t*p16Luy{Um`+ zG?On;>dFIS0ygrW>)Vgj31ljWG)6L9b|zsQR;v|RER8z z1Tz*m2)r8j5l8~8fTV$&AC}CtA2mQk6vyO8^I(YT&ld~>#kjwe8={R(VWZGV;^^SQ z0bVJXF~Ra3X7-cji+&VMftDKoScIV@Xcg{>1Do>C&@fsY3wmQj3j-HdGa%N|vydo~ z3&X?EtEGr=z|KJfn=JUlAvD-%Wj7>1uk4f{*`lO_fW!XS0DwLjw31_j1Ua~({M~vA zonbBOcVVFIUuQE^&*Mj%NLC>TL8Oo)aR4|V5+u;m!3>hzxJg#Zf74@GW6~x> zf5!XQ!5cu#6y5;+v#*tnYa%l`9U$XYY z`2^1zaLtuCvII#w*w&=uD_OFne33|JWOMgZPJ z2B%xLg#O*Vhx7n0S(g8%`Y*3M|Ay@!s-?wdh?rp}h+vz6r3eEK6=o<&No*unQZF)P znxQaWcr+#qjS;W~2pSUrk64%h1fGSgz{1I;i7_IC5h;Yne@uYD1mm#C$;;Q@)oK1B zKd-sI_KsFSoQ1?N5CJ^OhyVf3<%|e$CC3*d4DkH}1{_`Z-~@xg2xvkY*GeQ3VCa$H zJ`~ijmm*d~(7X_Vm-U!11_L8KuYqGJ8p9<3-C!$Wgj=!6R5JK2j^rU$G%+~2VOZb{ z1zu}`YJQ{$6UmEa^OzXP=Mf?lL%`;vVwR%tvMY43fil5a5F@!($At0V=OO=N&!6TX z%GS@`)fH?^G4K(E1g5Pacewp~FdHc?=^_3eHdncLU(`QT+9O}Gr{z$ZE{o$!NRA(I3_~05=xWr8}I@{`jqPXW}8JA2RR(*;Y9d(e5*p;Z|D(>@pxJ8ld zR9u^HyKCmr`OkMQ++W)K^4-ca-z}mI4s30Ff2Pv{`=KmpZ0<1oyi=eFfNu{d=y1@tbFUzZX)MQxiteD^a)Z=SIZe!5rh zk{l+1?XmuT5oW*2mDu4ilWGf6u39cWo{+I{!brx(=WAc{4R=!}?o355TT%QmXw|KA z+S+&Y4=z7=l1ggDHTR#2dCv7&u>JIw#Npu|63zykK0a>Zva+ITD_lW-VE2sU8eJ!g zju_}H6(7z#Tj*QZScB?&uPU$E*_1wJTx4FMEu!nJ|A*6v`dX_u`(`WTjCVfM{b6x4 z_h?E;h4OX73iqUDWpHji?;5?3c-(5n&SUT>R~0ZZ@Lck$&}|c5iF1A(vZJQ0^KlH`K7#_Y|@$_q{#y@lIXo@>gGa z=09!hzUy#x?cUe+ZBgqR($(jTFAsdXEGGu9=1WqWKk&6%dH0H~x!Xeu7v7F~I{Iwy72PK( zr)tlFzca7iYOwE*=Qj?j9;wi4naH{5qah!!@rZgt)NOWNX=$%+I;4!*}I6)czVi{9Thq&^6YY!wAhEcmO3xch+Mx8f0@H5`7%5vbJ@pz zejVp%Q?JWK=}?}wDr?y9Bl?vkenGc3ls=_4zR=wfU6Dzf+AI`1>@PXQ#GPrm)w77ZHr_(zNwD1OZ(8MtvT*VlNd;e&oD*4 zCN8VDwChLJtm(4tHM@ND`hJp|Txc(ctX1N6=;Cq*y^RccksNTZ{ehvg4Ib*;KEN^tk~~kKFQJG>(qh zvNXrz$yi@Mdi9fG*Q&-XbJYD7Kc1jfzH!NEg@PTCZ!giO7u+3H^Z?mM=M-5Rao63D&f3n7g^sgAO?QxIxYy<%Dzd7HeCq_N}hZ@JD7bRNh zY1Qty`r5~J-qB6*!sbBDOPF@S77SyO@dU5gXl|?hlx=JE zo_AUCgH#G{SJ@*kW2)OzmUh;ZT-Lj1v@pW1ZfecOPZROlGh6#oCx&gv!Z#Xsd5wIl z(tEyZ!Mk4K)yY@OmyBk7u-+2VU3TvdRlhgwUZ`diDj==7wBYWO?yn#U^OF zrK4n5%$=e2a?P29=~gLmY?0;D8&5?in;x#X+EYLNtNwby)f0a2s$O=vuG~3~-nY99G`{#MHwLJ*iALvv(ol&n;m)cr6+F#_X{H#dx zmg07u2^xv-={Kksxx5`$xPr9inJbNF+*WxXp?mQ3mi5#{*X8_P%X4o{zMEz%8ui7w z72{DZ*!?<`F^4~?6?vtu?zI)2 zlj}dd_H3#`xbBnaf_4a*RtP7?dUzaX!WH^ zSJ(aqr`lPjv0HELNxv3Y@a@oc^9Ebdm{T=!fB;bJNO?EF;|?0CE9T(4VVv^#lQ>_=z+Q3imcHBhR)!d|y zS6aPl_xD?tG7vNGZ#oHe2W)tcwIkYt&dSvg>)PIKusOyIL`U;K>{r{f%@cRxnVz63 zDy3f)y;>u3)b<1GYV-TIRBYSxHtzDf*0q`atqZsf+ddjj^V#HG$69o3?HN<|nFx7> znO6K`>^#6n;V+CBj^wNTbk^Pt8;>D<@eamzZ|>%!5i%6D@C8iw^?m49QSe(o^vWAAl+u% zp4^9NC)wepwmXgc`qfh$9F4wBFz!$-(`&YDu+2^{dt8D`ZAtIFJ<>1uVX$|_F_%?r ztq{3f6UJk;VRy6g^6?8TOiB zk|Te*-r_~bEM{P2>p?V3?`bJnd8FD2H))2NaO?P|%#qBhqAG~d^yY^I+g zA4#*C&dSh#Wl$Vm*mAI{&EaX5tBRGX|NePx!%rn^t-3YM)8O-l%ZB&yqZiS>b_rV! zXQAph=FHyvK1A2>b9}_Y2iJ{0#I1bO;GU8A*j)8M)+HCLj@6|-{mnktZK7SPYzi3Q>7_F$0?7u8U3j)W!3kam9fsM z*>9D{G>_l4quV~mJ-~9Wc5QkmNm#twHCVAj4f8$Ef$M(S-oX3fcCLkm@|)VjyRM*v z8Yk>)55xzkIc8AS*kfDg9!>*e&_9dN&#Igr<tC$u+}DjNB^U9Q)@8P%_2*Y2X2|Gcm2p^d4xrrOuERFZP@Va@p_ z&*p4$clP~Wa)=*O8E~S$FF;4Z^S0ZZX&G;=7*WK@VMKLp57iCX_-(D;d$+%|i}qb= z@GQz@zNz{|72TPUkzFS*Ii568cYHm}QX_fVRdc=ETY(AF-zzqX&z})2u0=mk@(JGO zaJO4!*JlII?LDu)9`HE)Mc49K^PA*}#%_D&(jykQSg@a#S>TXi&q9)qo^TEx<@ZTF z>DBC`;hr0m(yE!ki|3&1zlDa~-dBQDbh=`b`VYL<^0QqTxAx1F&u-DpMwidEs7!v_ z-LXRPE%gwFEq`hGw|fhk+|D)Om2TF3^ggiT!&keC?{&o9+N+C??_Y!4RhM{Q*&db~!tg`*u?Hy^WH}AhT!VV+q%iCnvyKzxP*V&6o z7e{p()!Md)NB+U&?{8bYt0BFD;_aH zR};&%DrddK?2}`kI^x9R#-Uf1w=FJxr8?$x#tLiPbf2=bApsX-Jwr_bA8xI_e`S4= znB-;WRx<0f)#zYuOtAhGt2H^-f{K(ctdtYqXj4&ASw*;i|HQWldm@R1nz+gY-MdTa zHeItYD4;WyQmSLGUza`2~HgtWW zerI-8JUg}P+?=QNW9@g`8=qF7%~DIO4>z1R;*PO@#D4OAMw;WokflDi8+F%|eGQGs zZ=LF6u&!(EYRC5YM-R_7J+~hDIC~PhYb58Pk44|X_VoJ09*c?oNtYK-c;J^e`Sh!2 zS?_vh@Is7FqrD&&pJZ_rNBQ6$W{IhE6y zmKLgka +# - Fingerprint: 4CCA 1EAF 950C EE4A B839 76DC A040 830F 7FAC 5991 +# +# sudo rpm --import linux_signing_key.pub +# +# You can verify the key installation by running: +# - rpm -qi gpg-pubkey-7fac5991-* +# +# To manually verify an RPM package, you can run the command: +# - rpm --checksig -v packagename.rpm +# +# RPMFusion +# ========= +# RPM Fusion free for Fedora 20 +# - pub 4096R/AE688223 2013-01-01 RPM Fusion free repository for Fedora (20) +# Key fingerprint = 0017 DDFE FD13 2929 9D55 B1D3 963A 8848 AE68 8223 +# +# RPM Fusion nonfree for Fedora 20 +# - pub 4096R/B5F29883 2013-01-01 RPM Fusion nonfree repository for Fedora (20) +# Key fingerprint = A84D CF58 46CB 10B6 5C47 6C35 63C0 DE8C B5F2 9883 +# +# RPM Fusion free for Fedora 21 +# - pub 4096R/6446D859 2013-06-28 RPM Fusion free repository for Fedora (21) +# Key fingerprint = E9AF 4932 31E2 DF6F FDFE 0852 3C83 7D0D 6446 D859 +# +# RPM Fusion nonfree for Fedora 21 +# - pub 4096R/A668B376 2013-06-28 RPM Fusion nonfree repository for Fedora (21) +# Key fingerprint = E160 058E F06F A4C3 C15D 0F86 0174 46D1 A668 B376 + +#### '---------------------------------------------------------------------- +info ' Copying 3rd party software to "tmp" directory to prepare for installation' +#### '---------------------------------------------------------------------- +cp -rp ${SCRIPTSDIR}/3rd_party_software ${INSTALLDIR}/tmp + +#### '---------------------------------------------------------------------- +info ' Installing google-chrome repos' +#### '---------------------------------------------------------------------- +cp ${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub ${INSTALLDIR}/etc/pki/rpm-gpg/ +cat << EOF > ${INSTALLDIR}/etc/yum.repos.d/google-chrome.repo +[google-chrome] +name=google-chrome - \$basearch +baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch +enabled=1 +gpgcheck=1 +gpgkey=file:///etc/pki/rpm-gpg/google-linux_signing_key.pub +EOF + +#### '---------------------------------------------------------------------- +info ' Installing adobe repo' +#### '---------------------------------------------------------------------- +rpm -i --root=${INSTALLDIR} ${SCRIPTSDIR}/3rd_party_software/adobe-release-x86_64-*.noarch.rpm || exit 1 -rpm -i --root=$INSTALLDIR $SCRIPTSDIR/3rd_party_software/adobe-release-x86_64-*.noarch.rpm || exit 1 if [ "$TEMPLATE_FLAVOR" == "fullyloaded" ]; then - rpm --import --root=$INSTALLDIR mnt/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux - yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=$INSTALLDIR flash-plugin || exit 1 + #### '------------------------------------------------------------------ + info ' Installing 3rd party software' + #### '------------------------------------------------------------------ + mount --bind /etc/resolv.conf ${INSTALLDIR}/etc/resolv.conf + chroot yum install $YUM_OPTS -y google-chrome-stable + rpm --import --root=${INSTALLDIR} ${INSTALLDIR}/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux + yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=${INSTALLDIR} flash-plugin || exit 1 else - yum-config-manager -c $PWD/yum.conf --installroot=$INSTALLDIR --disable adobe-linux-x86_64 > /dev/null + chroot yum-config-manager --disable google-chrome > /dev/null + chroot yum-config-manager --disable adobe-linux-x86_64 > /dev/null fi + +#### '---------------------------------------------------------------------- +info ' Installing rpmfusion repos' +#### '---------------------------------------------------------------------- +if [ ${VERSION} -ge 20 ]; then + # Import repo keys + chroot rpm --import /tmp/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-21 + chroot rpm --import /tmp/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-21 + + # Verify repos + chroot rpm --checksig /tmp/3rd_party_software/rpmfusion-free-release-21.noarch.rpm + chroot rpm --checksig /tmp/3rd_party_software/rpmfusion-nonfree-release-21.noarch.rpm + + # Install repos + chroot rpm -i /tmp/3rd_party_software/rpmfusion-free-release-21.noarch.rpm + chroot rpm -i /tmp/3rd_party_software/rpmfusion-nonfree-release-21.noarch.rpm + + # Disable rpmfusion-free repos + chroot yum-config-manager --disable rpmfusion-free > /dev/null + chroot yum-config-manager --disable rpmfusion-free-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-updates-testing-source > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-free-rawhide-source > /dev/null + + # Disable rpmfusion-nonfree repos + chroot yum-config-manager --disable rpmfusion-nonfree > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-updates-testing-source > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide-debuginfo > /dev/null + chroot yum-config-manager --disable rpmfusion-nonfree-rawhide-source > /dev/null +fi + +#### '---------------------------------------------------------------------- +info ' Cleanup' +#### '---------------------------------------------------------------------- +rm -rf ${INSTALLDIR}/tmp/3rd_party_software +trap - ERR EXIT +trap diff --git a/scripts_fedora/distribution.sh b/scripts_fedora/distribution.sh new file mode 100644 index 0000000..67fb5d5 --- /dev/null +++ b/scripts_fedora/distribution.sh @@ -0,0 +1,84 @@ +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source ./functions.sh >/dev/null +source ./umount_kill.sh >/dev/null + +setVerboseMode +output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}" + +# ============================================================================== +# Cleanup function +# ============================================================================== +function cleanup() { + errval=$? + trap - ERR EXIT + trap + error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}" + umount_kill "${INSTALLDIR}" || true + + # Return xtrace to original state + [[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x + + exit $errval +} + +# ============================================================================== +# Create system mount points +# ============================================================================== +function prepareChroot() { + info "--> Preparing environment..." + mount -t proc proc "${INSTALLDIR}/proc" +} + +# ============================================================================== +# Yum install package(s) +# ============================================================================== +function yumInstall() { + files="$@" + mount --bind /etc/resolv.conf ${INSTALLDIR}/etc/resolv.conf + if [ -e "${INSTALLDIR}/usr/bin/yum" ]; then + chroot yum install ${YUM_OPTS} -y ${files[@]} || exit 1 + else + yum install -c ${PWD}/yum.conf ${YUM_OPTS} -y --installroot=${INSTALLDIR} ${files[@]} || exit 1 + fi + umount ${INSTALLDIR}/etc/resolv.conf +} + +# ============================================================================== +# Install extra packages in script_${DIST}/packages.list file +# -and / or- TEMPLATE_FLAVOR directories +# ============================================================================== +function installPackages() { + if [ -n "${1}" ]; then + # Locate packages within sub dirs + if [ ${#@} == "1" ]; then + getFileLocations packages_list "${1}" "" + else + packages_list="$@" + fi + else + # TODO: Add into template flavor handler the ability to + # detect flavors that will not append recursive values + # Only file 'minimal' package lists + if [ "$TEMPLATE_FLAVOR" == "minimal" ]; then + getFileLocations packages_list "packages.list" "${DIST}_minimal" + else + getFileLocations packages_list "packages.list" "${DIST}" + fi + if [ -z "${packages_list}" ]; then + error "Can not locate a package.list file!" + umount_all || true + exit 1 + fi + fi + + for package_list in ${packages_list[@]}; do + debug "Installing extra packages from: ${package_list}" + declare -a packages + readarray -t packages < "${package_list}" + + info "Packages: "${packages[@]}"" + yumInstall "${packages[@]}" || return $? + done +} diff --git a/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary b/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary new file mode 100644 index 0000000..e8f1868 --- /dev/null +++ b/scripts_fedora/keys_fc21/RPM-GPG-KEY-fedora-21-primary @@ -0,0 +1,31 @@ +pub 4096R/95A43F54 2013-11-14 Fedora (21) + +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.11 (GNU/Linux) + +mQINBFKEQVoBEADOb9mKZZtTIVRMMejO9dco+dsv6L2ZvnlidMVaudoD7pN9hl35 +xUZFwQxzATy2iCoFY92WU1zIKxCg9fa0gS9jGGl9rOI/1uQm+i/KxkzJCKW0CYpA +QVNNYHewQa7JHuTYbaN+kWEBGG0RWJw6BN2NxR3zDkLT2tgcf0zBobeUMi6XwFg4 +jikJ/vi84MEX4Gky/OtVXuzk0fGnP7xYPYfBkfG5FbMj3UxbfAAn1Sr9PxIFdCxP +c06h9kkO+gJPD7Cis1pNg9HWpssIEHIk0ZaL0sssMSpSsgP0f44UpKVCq0+JDJmM +EEu2KfeV9r2dEiEude+Gg4U3rbUh2PTZpQKKwPyggQwk6nPHbrqrr9zBIH5iyYuU +vdTVO7YrDqYK5o3WhqKYG19oNbtCziNuC9x8RLFkerr0amQjy1dZsofGYSLjZ8Er +3PgtUMunH4Y7O6FbRljniqYoQl8GDMaxhptvrOY+NqRAQiRLzpT6BB3nZhO9iSk9 +Lvb9hwjMFsN5xh2wCxYV+XNjnMSO+LZisJimKhyMVhimcYK1P0sU49RcglmS2mhP +OGb14pH+B94lMve/kQu4unnhKhtkPA0mOyeH8BGl63vvEbJtMzpMqbHvzr60h8PA +H7EsAsYJZp4Xa+F1wBRBJ3xKaUTQ7r7mmpFsdgzlI2wjNgLbyEV4YSNVjwARAQAB +tCZGZWRvcmEgKDIxKSA8ZmVkb3JhQGZlZG9yYXByb2plY3Qub3JnPokCOAQTAQIA +IgUCUoRBWgIbDwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQia1Oh5WkP1S+ +rQ//V5WOPjl0UjEgRYsjwm6LGZe8/P4muXdKX1OuRF+MLZxW1Pbr43zjvfY9tZlD +v4QpI5uECX5To9phrOXI8ghFpI4aQbRe2enk4dksgdhzdBW0JgM3JRf8F+tPLKEF +kB2/tGqi/irp+Hij/tiHwUZjx8qKGbF0r2bxAkSS5qkmalTs6PwcWwEN4a6sKPgw +iVGL2VRM46YoNDORwH7HYeODbJtyJyX3NvcluNKf/D3OZFaNYH+nUISlaPAbC5HJ +sVmZD9vm2E2ypErbZzrY3N8PRgHuIrDmO+LmksWteofpWZO84lyuvgYgXPy8Q3Ls ++p0zfE5zv8EbX4WG+l1SF7hVdPC7UEPUuHmlm81Fi69tSvwO+N4PrDU094VHT+UQ +rKmtSGDOfSx6FvrEqMakiEyBgKNwhsVJbi6/LXHMBImbSN3tOxSMBxGEi2cSn/KF +LRukmMoEw4PHZK+gPpwsP1cTfxezs/aH/PMBaPUgg1qCu9uNNFmEs3d5LLSee9RM +U+gwECX+D44vqJUAT7xM1A4yij3rPF2RegOmNhu5wg4zNSGKoVV8QsMOKrjIZHmG +pFVvYFP4OxLEwh6OYZj9qfaw445ryqfcxSNzZ3m+VSwHuZ049v7u8fndZ8TREVXx +hdjPHxjtaiJ1R0Zb4ZvycUcDLl2Xc1CRJAMVvFJcg1SNrGs= +=xtMc +-----END PGP PUBLIC KEY BLOCK----- diff --git a/scripts_fedora/packages_fc21.list b/scripts_fedora/packages_fc21.list new file mode 100644 index 0000000..7c6d30c --- /dev/null +++ b/scripts_fedora/packages_fc21.list @@ -0,0 +1,32 @@ +@^workstation-product-environment +@libreoffice +emacs +vim-enhanced +gnupg +xterm +firefox +thunderbird +keepassx +perl-File-MimeInfo +network-manager-applet +xfce4-terminal +exo +--exclude=kdegames +--exclude=firstboot +--exclude=xorg-x11-drv-nouveau +--exclude=firewall-config,firewalld* +--exclude=gnome-boxes +--exclude=qemu-img,qemu-common,qemu-system +--exclude=qemu-*,libvirt*,spice-glib,spice-gtk3,vinagre +git +createrepo +rpm-build +qubes-core-vm-kernel-placeholder +linux-firmware +ltrace +strace +haveged +mate-notification-daemon +sudo +xorg-x11-fonts-100dpi +xorg-x11-fonts-Type1 diff --git a/scripts_fedora/packages_fc21_default.list b/scripts_fedora/packages_fc21_default.list new file mode 120000 index 0000000..3527e47 --- /dev/null +++ b/scripts_fedora/packages_fc21_default.list @@ -0,0 +1 @@ +packages_fc21.list \ No newline at end of file diff --git a/scripts_fedora/packages_fc21_minimal.list b/scripts_fedora/packages_fc21_minimal.list new file mode 100644 index 0000000..d58aa47 --- /dev/null +++ b/scripts_fedora/packages_fc21_minimal.list @@ -0,0 +1,6 @@ +xterm +--exclude=kdegames +--exclude=firstboot +--exclude=xorg-x11-drv-nouveau +--exclude=firewall-config,firewalld +--exclude=gnome-boxes From 1bffbd88133c30b7b04d2eedec313c9a654576ed Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Mon, 16 Feb 2015 07:33:25 -0500 Subject: [PATCH 17/18] fc21: Verify all packages downloaded for installation are signed and verify --- scripts_fedora/01_install_core.sh | 22 ++++++++----- scripts_fedora/add_3rd_party_software.sh | 41 +++++++++++++----------- scripts_fedora/distribution.sh | 23 +++++++++++++ 3 files changed, 60 insertions(+), 26 deletions(-) diff --git a/scripts_fedora/01_install_core.sh b/scripts_fedora/01_install_core.sh index c246864..760d73c 100755 --- a/scripts_fedora/01_install_core.sh +++ b/scripts_fedora/01_install_core.sh @@ -1,22 +1,28 @@ -#!/bin/sh +#!/bin/bash -e +# vim: set ts=4 sw=4 sts=4 et : + +source "${SCRIPTSDIR}/distribution.sh" if ! [ -f "${INSTALLDIR}/tmp/.prepared_base" ]; then echo "-> Initializing RPM database..." - rpm --initdb --root=$INSTALLDIR - rpm --import --root=$INSTALLDIR $SCRIPTSDIR/keys/* + rpm --initdb --root="${INSTALLDIR}" + rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/keys/"* if [ "$DIST" == "fc21" ]; then echo "-> Retreiving core RPM packages..." INITIAL_PACKAGES="filesystem setup fedora-release" - yum --disablerepo=\* --enablerepo=fedora -y --installroot="${INSTALLDIR}" --releasever=${DIST/fc/} install --downloadonly --downloaddir="$SCRIPTSDIR/base_rpms_${DIST}" ${INITIAL_PACKAGES} + + yum --disablerepo=\* --enablerepo=fedora -y --installroot="${INSTALLDIR}" --releasever=${DIST/fc/} install --downloadonly --downloaddir="${SCRIPTSDIR}/base_rpms_${DIST}" ${INITIAL_PACKAGES} + + verifyPackages "${SCRIPTSDIR}/base_rpms_${DIST}"/* || exit 1 fi echo "-> Installing core RPM packages..." - rpm -i --root=$INSTALLDIR $SCRIPTSDIR/base_rpms/*.rpm || exit 1 + rpm -i --root="${INSTALLDIR}" "${SCRIPTSDIR}/base_rpms/"*.rpm || exit 1 touch "${INSTALLDIR}/tmp/.prepared_base" fi -cp $SCRIPTSDIR/resolv.conf $INSTALLDIR/etc -cp $SCRIPTSDIR/network $INSTALLDIR/etc/sysconfig -cp -a /dev/null /dev/zero /dev/random /dev/urandom $INSTALLDIR/dev/ +cp "${SCRIPTSDIR}/resolv.conf" "${INSTALLDIR}/etc" +cp "${SCRIPTSDIR}/network" "${INSTALLDIR}/etc/sysconfig" +cp -a /dev/null /dev/zero /dev/random /dev/urandom "${INSTALLDIR}/dev/" diff --git a/scripts_fedora/add_3rd_party_software.sh b/scripts_fedora/add_3rd_party_software.sh index 49016a7..4180c60 100755 --- a/scripts_fedora/add_3rd_party_software.sh +++ b/scripts_fedora/add_3rd_party_software.sh @@ -44,16 +44,29 @@ trap cleanup EXIT # - pub 4096R/A668B376 2013-06-28 RPM Fusion nonfree repository for Fedora (21) # Key fingerprint = E160 058E F06F A4C3 C15D 0F86 0174 46D1 A668 B376 +#### "---------------------------------------------------------------------- +info " Verifing any repos before copying over to ${INSTALLDIR}" +#### "---------------------------------------------------------------------- +if [ ${VERSION} -ge 20 ]; then + # Import repo keys + rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-${VERSION}" + rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-${VERSION}" + + # Verify repos + verifyPackages "${SCRIPTSDIR}/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm" \ + "${SCRIPTSDIR}/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm" \ + || exit 1 + #### '---------------------------------------------------------------------- info ' Copying 3rd party software to "tmp" directory to prepare for installation' #### '---------------------------------------------------------------------- -cp -rp ${SCRIPTSDIR}/3rd_party_software ${INSTALLDIR}/tmp +cp -rp "${SCRIPTSDIR}/3rd_party_software" "${INSTALLDIR}/tmp" #### '---------------------------------------------------------------------- info ' Installing google-chrome repos' #### '---------------------------------------------------------------------- -cp ${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub ${INSTALLDIR}/etc/pki/rpm-gpg/ -cat << EOF > ${INSTALLDIR}/etc/yum.repos.d/google-chrome.repo +cp "${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub" "${INSTALLDIR}/etc/pki/rpm-gpg/" +cat << EOF > "${INSTALLDIR}/etc/yum.repos.d/google-chrome.repo" [google-chrome] name=google-chrome - \$basearch baseurl=http://dl.google.com/linux/chrome/rpm/stable/\$basearch @@ -65,16 +78,16 @@ EOF #### '---------------------------------------------------------------------- info ' Installing adobe repo' #### '---------------------------------------------------------------------- -rpm -i --root=${INSTALLDIR} ${SCRIPTSDIR}/3rd_party_software/adobe-release-x86_64-*.noarch.rpm || exit 1 +rpm -i --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/adobe-release-x86_64-"*.noarch.rpm || exit 1 if [ "$TEMPLATE_FLAVOR" == "fullyloaded" ]; then #### '------------------------------------------------------------------ info ' Installing 3rd party software' #### '------------------------------------------------------------------ - mount --bind /etc/resolv.conf ${INSTALLDIR}/etc/resolv.conf + mount --bind /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" chroot yum install $YUM_OPTS -y google-chrome-stable - rpm --import --root=${INSTALLDIR} ${INSTALLDIR}/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux - yum install -c $PWD/yum.conf $YUM_OPTS -y --installroot=${INSTALLDIR} flash-plugin || exit 1 + rpm --import --root="${INSTALLDIR}" "${INSTALLDIR}/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux" + yum install -c "$PWD/yum.conf" $YUM_OPTS -y --installroot="${INSTALLDIR}" flash-plugin || exit 1 else chroot yum-config-manager --disable google-chrome > /dev/null chroot yum-config-manager --disable adobe-linux-x86_64 > /dev/null @@ -83,18 +96,10 @@ fi #### '---------------------------------------------------------------------- info ' Installing rpmfusion repos' #### '---------------------------------------------------------------------- -if [ ${VERSION} -ge 20 ]; then - # Import repo keys - chroot rpm --import /tmp/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-21 - chroot rpm --import /tmp/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-21 - - # Verify repos - chroot rpm --checksig /tmp/3rd_party_software/rpmfusion-free-release-21.noarch.rpm - chroot rpm --checksig /tmp/3rd_party_software/rpmfusion-nonfree-release-21.noarch.rpm # Install repos - chroot rpm -i /tmp/3rd_party_software/rpmfusion-free-release-21.noarch.rpm - chroot rpm -i /tmp/3rd_party_software/rpmfusion-nonfree-release-21.noarch.rpm + chroot rpm -i /tmp/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm + chroot rpm -i /tmp/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm # Disable rpmfusion-free repos chroot yum-config-manager --disable rpmfusion-free > /dev/null @@ -128,6 +133,6 @@ fi #### '---------------------------------------------------------------------- info ' Cleanup' #### '---------------------------------------------------------------------- -rm -rf ${INSTALLDIR}/tmp/3rd_party_software +rm -rf "${INSTALLDIR}/tmp/3rd_party_software" trap - ERR EXIT trap diff --git a/scripts_fedora/distribution.sh b/scripts_fedora/distribution.sh index 67fb5d5..abc8cc2 100644 --- a/scripts_fedora/distribution.sh +++ b/scripts_fedora/distribution.sh @@ -45,6 +45,29 @@ function yumInstall() { umount ${INSTALLDIR}/etc/resolv.conf } +# ============================================================================== +# Verify RPM packages +# ============================================================================== +function verifyPackages() { + for file in $@; do + result=$(rpm --root="${INSTALLDIR}" --checksig "${file}") || { + echo "Filename: ${file} failed verification. Exiting!" + exit 1 + } + result_status="${result##*:}" + echo "${result_status}" | grep -q 'PGP' && { + echo "Filename: ${file} contains an invalid PGP signature. Exiting!" + exit 1 + } + echo "${result_status}" | grep -q 'pgp' || { + echo "Filename: ${file} is not signed. Exiting!" + exit 1 + } + done + + return 0 +} + # ============================================================================== # Install extra packages in script_${DIST}/packages.list file # -and / or- TEMPLATE_FLAVOR directories From 620739019a36f6866e1300e22ad8377eefa0a62b Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Mon, 16 Feb 2015 18:55:36 -0500 Subject: [PATCH 18/18] fc21: Changed 3rd party software not to import package keys --- .../adobe-release-x86_64.noarch.rpm | 1 + scripts_fedora/add_3rd_party_software.sh | 31 +++++-------------- 2 files changed, 9 insertions(+), 23 deletions(-) create mode 120000 scripts_fedora/3rd_party_software/adobe-release-x86_64.noarch.rpm diff --git a/scripts_fedora/3rd_party_software/adobe-release-x86_64.noarch.rpm b/scripts_fedora/3rd_party_software/adobe-release-x86_64.noarch.rpm new file mode 120000 index 0000000..bcd2ca3 --- /dev/null +++ b/scripts_fedora/3rd_party_software/adobe-release-x86_64.noarch.rpm @@ -0,0 +1 @@ +adobe-release-x86_64-1.0-1.noarch.rpm \ No newline at end of file diff --git a/scripts_fedora/add_3rd_party_software.sh b/scripts_fedora/add_3rd_party_software.sh index 4180c60..56ea23b 100755 --- a/scripts_fedora/add_3rd_party_software.sh +++ b/scripts_fedora/add_3rd_party_software.sh @@ -44,28 +44,15 @@ trap cleanup EXIT # - pub 4096R/A668B376 2013-06-28 RPM Fusion nonfree repository for Fedora (21) # Key fingerprint = E160 058E F06F A4C3 C15D 0F86 0174 46D1 A668 B376 -#### "---------------------------------------------------------------------- -info " Verifing any repos before copying over to ${INSTALLDIR}" -#### "---------------------------------------------------------------------- -if [ ${VERSION} -ge 20 ]; then - # Import repo keys - rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/RPM-GPG-KEY-rpmfusion-free-fedora-${VERSION}" - rpm --import --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/RPM-GPG-KEY-rpmfusion-nonfree-fedora-${VERSION}" - - # Verify repos - verifyPackages "${SCRIPTSDIR}/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm" \ - "${SCRIPTSDIR}/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm" \ - || exit 1 - #### '---------------------------------------------------------------------- info ' Copying 3rd party software to "tmp" directory to prepare for installation' #### '---------------------------------------------------------------------- -cp -rp "${SCRIPTSDIR}/3rd_party_software" "${INSTALLDIR}/tmp" +cp -a "${SCRIPTSDIR}/3rd_party_software" "${INSTALLDIR}/tmp" #### '---------------------------------------------------------------------- info ' Installing google-chrome repos' #### '---------------------------------------------------------------------- -cp "${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub" "${INSTALLDIR}/etc/pki/rpm-gpg/" +install -m 0644 "${SCRIPTSDIR}/3rd_party_software/google-linux_signing_key.pub" "${INSTALLDIR}/etc/pki/rpm-gpg/" cat << EOF > "${INSTALLDIR}/etc/yum.repos.d/google-chrome.repo" [google-chrome] name=google-chrome - \$basearch @@ -78,16 +65,14 @@ EOF #### '---------------------------------------------------------------------- info ' Installing adobe repo' #### '---------------------------------------------------------------------- -rpm -i --root="${INSTALLDIR}" "${SCRIPTSDIR}/3rd_party_software/adobe-release-x86_64-"*.noarch.rpm || exit 1 +yumInstall /tmp/3rd_party_software/adobe-release-x86_64.noarch.rpm if [ "$TEMPLATE_FLAVOR" == "fullyloaded" ]; then #### '------------------------------------------------------------------ info ' Installing 3rd party software' #### '------------------------------------------------------------------ - mount --bind /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf" - chroot yum install $YUM_OPTS -y google-chrome-stable - rpm --import --root="${INSTALLDIR}" "${INSTALLDIR}/etc/pki/rpm-gpg/RPM-GPG-KEY-adobe-linux" - yum install -c "$PWD/yum.conf" $YUM_OPTS -y --installroot="${INSTALLDIR}" flash-plugin || exit 1 + yumInstall google-chrome-stable + yumInstall flash-plugin else chroot yum-config-manager --disable google-chrome > /dev/null chroot yum-config-manager --disable adobe-linux-x86_64 > /dev/null @@ -96,10 +81,10 @@ fi #### '---------------------------------------------------------------------- info ' Installing rpmfusion repos' #### '---------------------------------------------------------------------- - +if [ ${VERSION} -ge 20 ]; then # Install repos - chroot rpm -i /tmp/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm - chroot rpm -i /tmp/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm + yumInstall /tmp/3rd_party_software/rpmfusion-free-release-${VERSION}.noarch.rpm + yumInstall /tmp/3rd_party_software/rpmfusion-nonfree-release-${VERSION}.noarch.rpm # Disable rpmfusion-free repos chroot yum-config-manager --disable rpmfusion-free > /dev/null