Tag for commit 620739019a
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAABAgAGBQJU4oOBAAoJEBu5sftaTG2tMMsP/21u8/oyKtCAhC7D5YTcK+E6
bYMjM8aFtptJUdCy1EjEUjv5FMGcC9CMoe/sXzMkxQHsegkzPS9PsOK2aELytyxI
x/GyQwEjI8wyzigQtsBXGzGkIePUqJtngmh67KFsVYINlXf1wx21AguSR/ZsHwCf
hNBxNciZhUCwPfZt1Luk10jRdmSkKlcx77U52Z5ZMU4qOZGY5WVmvUttdKAR3JfG
EcZG8JDa2sPV+8ryAqK7MCMzVqE+zkb6zYf6JwJSaR1OGvr91hbL8T3rSer6eXu+
lu39eLSz1ITm91jeDirgTgPUMfplLOt+Y3luDpY2Uth+7rDSN6V7XLcuLJJzbRIC
t8t84i2e+wL9iTWLxyo8v2lDS+PIKfhYbxHHvaoo/k9o6qvqqsy9VgYgA/toKfdg
Fv+i4jwmqTXE+8+qxjT74boYP8FWpqKSpWWr/Aou5wBzG1bdKSxmqyMAYSCTsWmB
wOHomBtQFpl5G3SCV/3FZHOroxwNlKgfzSalwxNpWN6nRTO1shBNOM+er6PBvIPT
coJdpdQSR5aREg2IzrwoHH/1xE1KPJV2QbelMJg0p2Ca+9v2Ge5wLODotwRFYRDN
j3nFnNr6kn5Rw9/wrCnZh61t4syKctQ6Kpg2/14AuogI2ut5IpSpNvlaA47df7Vi
BuBRHBx+969YN1bYSP21
=wO05
-----END PGP SIGNATURE-----
Merge tag 'jm_62073901'
Tag for commit 620739019a
# gpg: Signature made Tue Feb 17 00:55:45 2015 CET using RSA key ID 5A4C6DAD
# gpg: Good signature from "Jason Mehring (Qubes OS Signing Key) <nrgaway@gmail.com>"
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: E0E3 2283 FDCA C1A5 1007 8F27 1BB9 B1FB 5A4C 6DAD
This commit is contained in:
commit
1980e023bb
2
.gitignore
vendored
2
.gitignore
vendored
@ -7,3 +7,5 @@ mnt_*
|
|||||||
*.fs
|
*.fs
|
||||||
*.img
|
*.img
|
||||||
install-templates.sh
|
install-templates.sh
|
||||||
|
yum_repo_qubes/*
|
||||||
|
scripts_fedora/base_rpms_fc21/*
|
||||||
|
3
Makefile
3
Makefile
@ -19,6 +19,9 @@ endif
|
|||||||
fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames)
|
fix_up := $(shell TEMPLATE_NAME=$(TEMPLATE_NAME) ./builder_fix_filenames)
|
||||||
TEMPLATE_NAME := $(word 1,$(fix_up))
|
TEMPLATE_NAME := $(word 1,$(fix_up))
|
||||||
|
|
||||||
|
export DISTRIBUTION
|
||||||
|
export TEMPLATE_NAME
|
||||||
|
|
||||||
VERSION := $(shell cat version)
|
VERSION := $(shell cat version)
|
||||||
TIMESTAMP := $(shell date -u +%Y%m%d%H%M)
|
TIMESTAMP := $(shell date -u +%Y%m%d%H%M)
|
||||||
|
|
||||||
|
1
appmenus_fc21/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_fc21/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
3
appmenus_fc21/vm-whitelisted-appmenus.list
Normal file
3
appmenus_fc21/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
firefox.desktop
|
5
appmenus_fc21/whitelisted-appmenus.list
Normal file
5
appmenus_fc21/whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
system-config-date.desktop
|
||||||
|
system-config-printer.desktop
|
1
appmenus_fc21_minimal/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_fc21_minimal/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
xterm.desktop
|
1
appmenus_fc21_minimal/vm-whitelisted-appmenus.list
Normal file
1
appmenus_fc21_minimal/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
xterm.desktop
|
1
appmenus_fc21_minimal/whitelisted-appmenus.list
Normal file
1
appmenus_fc21_minimal/whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
xterm.desktop
|
@ -1,3 +1,5 @@
|
|||||||
gnome-terminal.desktop
|
gnome-terminal.desktop
|
||||||
nautilus.desktop
|
org.gnome.Nautilus.desktop
|
||||||
|
iceweasel.desktop
|
||||||
|
icedove.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
|
1
appmenus_trusty/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_trusty/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_trusty/vm-whitelisted-appmenus.list
Normal file
5
appmenus_trusty/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_trusty/whitelisted-appmenus.list
Normal file
6
appmenus_trusty/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
1
appmenus_trusty_desktop/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_trusty_desktop/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_trusty_desktop/vm-whitelisted-appmenus.list
Normal file
5
appmenus_trusty_desktop/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_trusty_desktop/whitelisted-appmenus.list
Normal file
6
appmenus_trusty_desktop/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
1
appmenus_utopic/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_utopic/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_utopic/vm-whitelisted-appmenus.list
Normal file
5
appmenus_utopic/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_utopic/whitelisted-appmenus.list
Normal file
6
appmenus_utopic/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
1
appmenus_utopic_desktop/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_utopic_desktop/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_utopic_desktop/vm-whitelisted-appmenus.list
Normal file
5
appmenus_utopic_desktop/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_utopic_desktop/whitelisted-appmenus.list
Normal file
6
appmenus_utopic_desktop/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
1
appmenus_vivid/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_vivid/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_vivid/vm-whitelisted-appmenus.list
Normal file
5
appmenus_vivid/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_vivid/whitelisted-appmenus.list
Normal file
6
appmenus_vivid/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
1
appmenus_vivid_desktop/netvm-whitelisted-appmenus.list
Normal file
1
appmenus_vivid_desktop/netvm-whitelisted-appmenus.list
Normal file
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
5
appmenus_vivid_desktop/vm-whitelisted-appmenus.list
Normal file
5
appmenus_vivid_desktop/vm-whitelisted-appmenus.list
Normal file
@ -0,0 +1,5 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
firefox.desktop
|
||||||
|
thunderbird.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
yelp.desktop
|
6
appmenus_vivid_desktop/whitelisted-appmenus.list
Normal file
6
appmenus_vivid_desktop/whitelisted-appmenus.list
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
yelp.desktop
|
@ -1,3 +1,5 @@
|
|||||||
gnome-terminal.desktop
|
gnome-terminal.desktop
|
||||||
|
iceweasel.desktop
|
||||||
|
icedove.desktop
|
||||||
nautilus.desktop
|
nautilus.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
|
@ -1,21 +1,16 @@
|
|||||||
gnome-terminal.desktop
|
gnome-terminal.desktop
|
||||||
nautilus.desktop
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
gateway-arm.desktop
|
gateway-firewall30default.desktop
|
||||||
|
gateway-firewall50user.desktop
|
||||||
|
gateway-torrc.desktop
|
||||||
|
gateway-torrcexamples.desktop
|
||||||
gateway-firewall30default.desktop
|
gateway-firewall30default.desktop
|
||||||
gateway-firewall50user.desktop
|
gateway-firewall50user.desktop
|
||||||
gateway-firsttimesetup.desktop
|
gateway-firsttimesetup.desktop
|
||||||
gateway-reloadfirewall.desktop
|
|
||||||
gateway-reloadtor.desktop
|
|
||||||
gateway-restarttor.desktop
|
|
||||||
gateway-stoptor.desktop
|
|
||||||
gateway-torrc.desktop
|
gateway-torrc.desktop
|
||||||
gateway-torrcexamples.desktop
|
gateway-torrcexamples.desktop
|
||||||
timesync.desktop
|
|
||||||
whonixcheck.desktop
|
|
||||||
whonix_repository.desktop
|
whonix_repository.desktop
|
||||||
dolphin.desktop
|
|
||||||
Help.desktop
|
|
||||||
ksystemlog.desktop
|
|
||||||
kwrite.desktop
|
|
||||||
|
|
||||||
|
@ -2,20 +2,9 @@ gnome-terminal.desktop
|
|||||||
nautilus.desktop
|
nautilus.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
gateway-arm.desktop
|
gateway-arm.desktop
|
||||||
gateway-firewall30default.desktop
|
|
||||||
gateway-firewall50user.desktop
|
|
||||||
gateway-firsttimesetup.desktop
|
|
||||||
gateway-reloadfirewall.desktop
|
gateway-reloadfirewall.desktop
|
||||||
gateway-reloadtor.desktop
|
gateway-reloadtor.desktop
|
||||||
gateway-restarttor.desktop
|
gateway-restarttor.desktop
|
||||||
gateway-stoptor.desktop
|
gateway-stoptor.desktop
|
||||||
gateway-torrc.desktop
|
|
||||||
gateway-torrcexamples.desktop
|
|
||||||
timesync.desktop
|
timesync.desktop
|
||||||
whonixcheck.desktop
|
whonixcheck.desktop
|
||||||
whonix_repository.desktop
|
|
||||||
dolphin.desktop
|
|
||||||
Help.desktop
|
|
||||||
ksystemlog.desktop
|
|
||||||
kwrite.desktop
|
|
||||||
|
|
||||||
|
@ -8,4 +8,9 @@ gateway-firewall30default.desktop
|
|||||||
gateway-firewall50user.desktop
|
gateway-firewall50user.desktop
|
||||||
gateway-torrc.desktop
|
gateway-torrc.desktop
|
||||||
gateway-torrcexamples.desktop
|
gateway-torrcexamples.desktop
|
||||||
kwrite.desktop
|
gateway-firewall30default.desktop
|
||||||
|
gateway-firewall50user.desktop
|
||||||
|
gateway-firsttimesetup.desktop
|
||||||
|
gateway-torrc.desktop
|
||||||
|
gateway-torrcexamples.desktop
|
||||||
|
whonix_repository.desktop
|
||||||
|
@ -1,12 +1,8 @@
|
|||||||
gnome-terminal.desktop
|
gnome-terminal.desktop
|
||||||
nautilus.desktop
|
nautilus.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
|
|
||||||
anondist-torbrowser.desktop
|
anondist-torbrowser.desktop
|
||||||
anondist-torbrowser_update.desktop
|
|
||||||
gateway-firsttimesetup.desktop
|
|
||||||
timesync.desktop
|
timesync.desktop
|
||||||
vlc.desktop
|
|
||||||
whonixcheck.desktop
|
whonixcheck.desktop
|
||||||
whonix-contribute.desktop
|
whonix-contribute.desktop
|
||||||
whonix-documentation.desktop
|
whonix-documentation.desktop
|
||||||
@ -16,12 +12,3 @@ whonix-forum.desktop
|
|||||||
whonix-importantblog.desktop
|
whonix-importantblog.desktop
|
||||||
whonix-irc-chat-support.desktop
|
whonix-irc-chat-support.desktop
|
||||||
whonix-mailinglist.desktop
|
whonix-mailinglist.desktop
|
||||||
whonix_repository.desktop
|
|
||||||
xchat.desktop
|
|
||||||
x-www-browser.desktop
|
|
||||||
dolphin.desktop
|
|
||||||
Help.desktop
|
|
||||||
kcalc.desktop
|
|
||||||
kgpg.desktop
|
|
||||||
kwrite.desktop
|
|
||||||
|
|
||||||
|
@ -4,93 +4,9 @@ gpk-update-viewer.desktop
|
|||||||
gpk-prefs.desktop
|
gpk-prefs.desktop
|
||||||
gpk-log.desktop
|
gpk-log.desktop
|
||||||
yelp.desktop
|
yelp.desktop
|
||||||
|
gnome-panel.desktop
|
||||||
|
gnome-printers-panel.desktop
|
||||||
anondist-torbrowser.desktop
|
gnome-system-log.desktop
|
||||||
|
tracker-preferences.desktop
|
||||||
anondist-torbrowser_update.desktop
|
anondist-torbrowser_update.desktop
|
||||||
bluetooth-sendto.desktop
|
|
||||||
bluetooth-wizard.desktop
|
|
||||||
brasero.desktop
|
|
||||||
brasero-nautilus.desktop
|
|
||||||
display.im6.desktop
|
|
||||||
fpm2.desktop
|
|
||||||
gateway-firsttimesetup.desktop
|
|
||||||
gcr-prompter.desktop
|
|
||||||
gcr-viewer.desktop
|
|
||||||
gnome-terminal.desktop
|
|
||||||
gpk-application.desktop
|
|
||||||
gpk-dbus-service.desktop
|
|
||||||
gpk-install-catalog.desktop
|
|
||||||
gpk-install-local-file.desktop
|
|
||||||
gpk-log.desktop
|
|
||||||
gpk-prefs.desktop
|
|
||||||
gpk-service-pack.desktop
|
|
||||||
gpk-update-viewer.desktop
|
|
||||||
iceweasel.desktop
|
|
||||||
kde4
|
|
||||||
mat.desktop
|
|
||||||
mimeinfo.cache
|
|
||||||
nact.desktop
|
|
||||||
nautilus-autorun-software.desktop
|
|
||||||
nautilus.desktop
|
|
||||||
nm-applet.desktop
|
|
||||||
nm-connection-editor.desktop
|
|
||||||
python2.7.desktop
|
|
||||||
timesync.desktop
|
|
||||||
vlc.desktop
|
|
||||||
whonixcheck.desktop
|
|
||||||
whonix-contribute.desktop
|
|
||||||
whonix-documentation.desktop
|
|
||||||
whonix-donate.desktop
|
|
||||||
whonix-featureblog.desktop
|
|
||||||
whonix-forum.desktop
|
|
||||||
whonix-importantblog.desktop
|
|
||||||
whonix-irc-chat-support.desktop
|
|
||||||
whonix-mailinglist.desktop
|
|
||||||
whonix_repository.desktop
|
whonix_repository.desktop
|
||||||
xchat.desktop
|
|
||||||
x-www-browser.desktop
|
|
||||||
yelp.desktop
|
|
||||||
|
|
||||||
|
|
||||||
akonaditray.desktop
|
|
||||||
-rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop
|
|
||||||
dolphin.desktop
|
|
||||||
gwenview.desktop
|
|
||||||
Help.desktop
|
|
||||||
jovieapp.desktop
|
|
||||||
kcalc.desktop
|
|
||||||
kdepasswd.desktop
|
|
||||||
kdesystemsettings.desktop
|
|
||||||
keditbookmarks.desktop
|
|
||||||
kfind.desktop
|
|
||||||
kfontview.desktop
|
|
||||||
kgpg.desktop
|
|
||||||
klipper.desktop
|
|
||||||
kmag.desktop
|
|
||||||
kmailservice.desktop
|
|
||||||
kmix.desktop
|
|
||||||
kmousetool.desktop
|
|
||||||
kmouth.desktop
|
|
||||||
konsole.desktop
|
|
||||||
krandrtray.desktop
|
|
||||||
ksysguard.desktop
|
|
||||||
ksystemlog.desktop
|
|
||||||
-rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop
|
|
||||||
kvkbd.desktop
|
|
||||||
kwrite.desktop
|
|
||||||
nepomukbackup.desktop
|
|
||||||
nepomukcontroller.desktop
|
|
||||||
okularApplication_comicbook.desktop
|
|
||||||
okularApplication_dvi.desktop
|
|
||||||
okularApplication_fax.desktop
|
|
||||||
okularApplication_fb.desktop
|
|
||||||
okularApplication_ghostview.desktop
|
|
||||||
okularApplication_kimgio.desktop
|
|
||||||
okularApplication_ooo.desktop
|
|
||||||
okularApplication_pdf.desktop
|
|
||||||
okularApplication_plucker.desktop
|
|
||||||
okularApplication_xps.desktop
|
|
||||||
okular.desktop
|
|
||||||
systemsettings.desktop
|
|
||||||
|
|
||||||
|
@ -0,0 +1 @@
|
|||||||
|
gnome-terminal.desktop
|
@ -0,0 +1,22 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
nautilus.desktop
|
||||||
|
gcalctool.desktop
|
||||||
|
evolution.desktop
|
||||||
|
libreoffice-startcenter.desktop
|
||||||
|
gimp.desktop
|
||||||
|
eog.desktop
|
||||||
|
totem.desktop
|
||||||
|
shotwell.desktop
|
||||||
|
rhythmbox.desktop
|
||||||
|
anondist-torbrowser.desktop
|
||||||
|
timesync.desktop
|
||||||
|
whonixcheck.desktop
|
||||||
|
whonix-contribute.desktop
|
||||||
|
whonix-documentation.desktop
|
||||||
|
whonix-donate.desktop
|
||||||
|
whonix-featureblog.desktop
|
||||||
|
whonix-forum.desktop
|
||||||
|
whonix-importantblog.desktop
|
||||||
|
whonix-irc-chat-support.desktop
|
||||||
|
whonix-mailinglist.desktop
|
||||||
|
yelp.desktop
|
@ -0,0 +1,14 @@
|
|||||||
|
gnome-terminal.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gpk-log.desktop
|
||||||
|
gpk-application.desktop
|
||||||
|
gpk-update-viewer.desktop
|
||||||
|
gpk-prefs.desktop
|
||||||
|
gnome-panel.desktop
|
||||||
|
gnome-printers-panel.desktop
|
||||||
|
gnome-system-log.desktop
|
||||||
|
tracker-preferences.desktop
|
||||||
|
anondist-torbrowser_update.desktop
|
||||||
|
yelp.desktop
|
@ -15,6 +15,18 @@ case "$DIST" in
|
|||||||
DISTRIBUTION=debian
|
DISTRIBUTION=debian
|
||||||
VERSION=8
|
VERSION=8
|
||||||
;;
|
;;
|
||||||
|
trusty)
|
||||||
|
DISTRIBUTION=qubuntu
|
||||||
|
VERSION=14.04
|
||||||
|
;;
|
||||||
|
utopic)
|
||||||
|
DISTRIBUTION=qubuntu
|
||||||
|
VERSION=14.10
|
||||||
|
;;
|
||||||
|
vivid)
|
||||||
|
DISTRIBUTION=qubuntu
|
||||||
|
VERSION=15.04
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
DISTRIBUTION="$DIST"
|
DISTRIBUTION="$DIST"
|
||||||
VERSION=
|
VERSION=
|
||||||
|
@ -22,7 +22,12 @@ templateFlavorPrefix() {
|
|||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# If template_flavor only contains a '+'; send back $DIST
|
||||||
|
if [ "${template_flavor}" == "+" ]; then
|
||||||
|
echo "${DIST}"
|
||||||
|
else
|
||||||
echo "${DIST}${template_flavor:++}"
|
echo "${DIST}${template_flavor:++}"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
templateNameDist() {
|
templateNameDist() {
|
||||||
|
89
functions.sh
89
functions.sh
@ -11,6 +11,20 @@ DEBUG=${DEBUG:-0}
|
|||||||
################################################################################
|
################################################################################
|
||||||
# Global functions
|
# Global functions
|
||||||
################################################################################
|
################################################################################
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# Set xtrace verbose mode (-x or)
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
XTRACE=
|
||||||
|
function setVerboseMode() {
|
||||||
|
# Cache xtrace current status so it can be restored on exit
|
||||||
|
[[ ${-/x} != $- ]] && XTRACE=0 || XTRACE=1
|
||||||
|
|
||||||
|
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" -ge 2 ]; then
|
||||||
|
set -x
|
||||||
|
else
|
||||||
|
set +x
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Define colors
|
# Define colors
|
||||||
@ -69,12 +83,32 @@ if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|||||||
chroot() {
|
chroot() {
|
||||||
local retval
|
local retval
|
||||||
true ${blue}
|
true ${blue}
|
||||||
/usr/sbin/chroot "$@" && { retval=$?; true; } || { retval=$?; true; }
|
if [ "${SYSTEMD_NSPAWN_ENABLE}" == "1" ]; then
|
||||||
|
systemd-nspawn $systemd_bind -D "${INSTALLDIR}" -M "${DIST}" "$@" && { retval=$?; true; } || { retval=$?; true; }
|
||||||
|
else
|
||||||
|
/usr/sbin/chroot "${INSTALLDIR}" "$@" && { retval=$?; true; } || { retval=$?; true; }
|
||||||
|
fi
|
||||||
true ${reset}
|
true ${reset}
|
||||||
return $retval
|
return $retval
|
||||||
}
|
}
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# Return xtrace's current mode
|
||||||
|
# 0 is enables (-x); 1 is disables (+x)
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
getXtrace() {
|
||||||
|
[[ ${-/x} != $- ]] && echo 0 || echo 1
|
||||||
|
}
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# Return xtrace to desired state
|
||||||
|
# 0 is enables (-x); 1 is disables (+x)
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
setXtrace() {
|
||||||
|
[[ "${1}" -eq 0 ]] && set -x || set +x
|
||||||
|
}
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Display messages in color
|
# Display messages in color
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
@ -82,24 +116,30 @@ fi
|
|||||||
output() {
|
output() {
|
||||||
if [ "${VERBOSE}" -ge 1 ]; then
|
if [ "${VERBOSE}" -ge 1 ]; then
|
||||||
# Don't echo if -x is set since it will already be displayed via true
|
# Don't echo if -x is set since it will already be displayed via true
|
||||||
[[ ${-/x} != $- ]] || echo -e "${1}"
|
[[ ${-/x} != $- ]] || echo -e ""$@""
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
outputc() {
|
||||||
|
color=${1}
|
||||||
|
shift
|
||||||
|
output "${!color}"$@"${reset}" || :
|
||||||
|
}
|
||||||
|
|
||||||
info() {
|
info() {
|
||||||
output "${bold}${blue}INFO: ${1}${reset}" || :
|
output "${bold}${blue}INFO: "$@"${reset}" || :
|
||||||
}
|
}
|
||||||
|
|
||||||
debug() {
|
debug() {
|
||||||
output "${bold}${green}DEBUG: ${1}${reset}" || :
|
output "${bold}${green}DEBUG: "$@"${reset}" || :
|
||||||
}
|
}
|
||||||
|
|
||||||
warn() {
|
warn() {
|
||||||
output "${stout}${yellow}WARNING: ${1}${reset}" || :
|
output "${stout}${yellow}WARNING: "$@"${reset}" || :
|
||||||
}
|
}
|
||||||
|
|
||||||
error() {
|
error() {
|
||||||
output "${bold}${red}ERROR: ${1}${reset}" || :
|
output "${bold}${red}ERROR: "$@"${reset}" || :
|
||||||
}
|
}
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
@ -166,17 +206,19 @@ templateDir() {
|
|||||||
do
|
do
|
||||||
# (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome )
|
# (wheezy+whonix-gateway / wheezy+whonix-gateway+gnome[+++] / wheezy+gnome )
|
||||||
if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then
|
if [ "${element%:*}" == "$(templateName ${template_flavor})" ]; then
|
||||||
eval echo -e ${element#*:}
|
eval echo -e "${element#*:}"
|
||||||
return
|
return
|
||||||
# Very short name compare (+proxy)
|
# Very short name compare (+proxy)
|
||||||
elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then
|
elif [ "${element:0:1}" == "+" -a "${element%:*}" == "+${template_flavor}" ]; then
|
||||||
eval echo -e ${element#*:}
|
eval echo -e "${element#*:}"
|
||||||
return
|
return
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
if [ -n "${template_flavor}" ]; then
|
|
||||||
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
|
local template_flavor_prefix="$(templateFlavorPrefix ${template_flavor})"
|
||||||
|
if [ -n "${template_flavor}" -a "${template_flavor}" == "+" ]; then
|
||||||
|
local dir="${SCRIPTSDIR}/${template_flavor_prefix}"
|
||||||
|
elif [ -n "${template_flavor}" ]; then
|
||||||
local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}"
|
local dir="${SCRIPTSDIR}/${template_flavor_prefix}${template_flavor}"
|
||||||
else
|
else
|
||||||
local dir="${SCRIPTSDIR}"
|
local dir="${SCRIPTSDIR}"
|
||||||
@ -223,6 +265,7 @@ buildStepExec() {
|
|||||||
|
|
||||||
# Cache $script
|
# Cache $script
|
||||||
GLOBAL_CACHE[$script]=1
|
GLOBAL_CACHE[$script]=1
|
||||||
|
|
||||||
# Execute $script
|
# Execute $script
|
||||||
"${script}"
|
"${script}"
|
||||||
fi
|
fi
|
||||||
@ -271,6 +314,11 @@ callTemplateFunction() {
|
|||||||
"${calling_arg}" \
|
"${calling_arg}" \
|
||||||
"${template_flavor}"
|
"${template_flavor}"
|
||||||
|
|
||||||
|
# Find a $DIST sub-directory
|
||||||
|
${functionExec} "${calling_script}" \
|
||||||
|
"${calling_arg}" \
|
||||||
|
"+"
|
||||||
|
|
||||||
for option in ${TEMPLATE_OPTIONS[@]}
|
for option in ${TEMPLATE_OPTIONS[@]}
|
||||||
do
|
do
|
||||||
# Long name (wheezy+whonix-gateway+proxy)
|
# Long name (wheezy+whonix-gateway+proxy)
|
||||||
@ -292,6 +340,17 @@ callTemplateFunction() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
# Will return all files that match pattern of suffix
|
||||||
|
# Example:
|
||||||
|
# filename = packages.list
|
||||||
|
# suffix = ${DIST} (wheezy)
|
||||||
|
#
|
||||||
|
# Will look for a file name packages_wheezy.list in:
|
||||||
|
# the $SCRIPTSDIR; beside original
|
||||||
|
# the $SCRIPTSDIR/$DIST (wheezy) directory
|
||||||
|
# any included template module directories ($SCRIPTSDIR/gnome)
|
||||||
|
#
|
||||||
|
# All matches are returned and each will be able to be used
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
getFileLocations() {
|
getFileLocations() {
|
||||||
local return_global_var=$1
|
local return_global_var=$1
|
||||||
@ -311,6 +370,18 @@ getFileLocations() {
|
|||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Executes any additional optional configuration steps if the configuration
|
# Executes any additional optional configuration steps if the configuration
|
||||||
# scripts exist
|
# scripts exist
|
||||||
|
#
|
||||||
|
# Will find all scripts with
|
||||||
|
# Example:
|
||||||
|
# filename = 04_install_qubes.sh
|
||||||
|
# suffix = post
|
||||||
|
#
|
||||||
|
# Will look for a file name 04_install_qubes_post in:
|
||||||
|
# the $SCRIPTSDIR; beside original
|
||||||
|
# the $SCRIPTSDIR/$DIST (wheezy) directory
|
||||||
|
# any included template module directories ($SCRIPTSDIR/gnome)
|
||||||
|
#
|
||||||
|
# All matches are executed
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
buildStep() {
|
buildStep() {
|
||||||
local filename="$1"
|
local filename="$1"
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Configurations
|
# Configurations
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
export IMG="$1"
|
export IMG="${1}"
|
||||||
export LC_ALL=POSIX
|
export LC_ALL=POSIX
|
||||||
|
|
||||||
RETCODE=0
|
RETCODE=0
|
||||||
@ -13,52 +13,55 @@ RETCODE=0
|
|||||||
. ./builder_setup >/dev/null
|
. ./builder_setup >/dev/null
|
||||||
. ./umount_kill.sh >/dev/null
|
. ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||||
set -x
|
set -x
|
||||||
else
|
else
|
||||||
set -e
|
set -e
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! [ $# -eq 1 ]; then
|
if ! [ $# -eq 1 ]; then
|
||||||
echo "usage $0 <img_file_name>"
|
echo "usage ${0} <img_file_name>"
|
||||||
exit
|
exit
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$VERBOSE" == "1" ]; then
|
if [ "${VERBOSE}" == "1" ]; then
|
||||||
export YUM_OPTS="$YUM_OPTS -q"
|
export YUM_OPTS="${YUM_OPTS} -q"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# Make sure INSTALLDIR exists
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
export INSTALLDIR="$(readlink -m mnt)"
|
||||||
|
mkdir -p "${INSTALLDIR}"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Prepare for mount
|
# Prepare for mount
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
echo "-> Preparing instalation of $DIST template..."
|
echo "-> Preparing instalation of ${DIST} template..."
|
||||||
export INSTALLDIR="$(readlink -m mnt)"
|
"${SCRIPTSDIR}/00_prepare.sh"
|
||||||
mkdir -p "$INSTALLDIR"
|
|
||||||
"$SCRIPTSDIR/00_prepare.sh"
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Mount image and install core OS
|
# Mount image and install core OS
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
if [ -f "${IMG}" ]; then
|
||||||
if [ -f "$IMG" ]; then
|
|
||||||
echo "-> Image file already exists, assuming *update*..."
|
echo "-> Image file already exists, assuming *update*..."
|
||||||
else
|
else
|
||||||
echo "-> Initializing empty image..."
|
echo "-> Initializing empty image..."
|
||||||
truncate -s 10G "$IMG" || exit 1
|
truncate -s 10G "${IMG}" || exit 1
|
||||||
|
|
||||||
echo "-> Creating filesystem..."
|
echo "-> Creating filesystem..."
|
||||||
mkfs.ext4 -q -F "$IMG" || exit 1
|
mkfs.ext4 -q -F "${IMG}" || exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||||
trap "umount_kill $(readlink -m $INSTALLDIR)" EXIT
|
trap "umount_kill $(readlink -m ${INSTALLDIR})" EXIT
|
||||||
"$SCRIPTSDIR/01_install_core.sh"
|
"${SCRIPTSDIR}/01_install_core.sh"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Install package groups
|
# Install package groups
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
echo "-> Installing package groups..."
|
echo "-> Installing package groups..."
|
||||||
"$SCRIPTSDIR/02_install_groups.sh"
|
"${SCRIPTSDIR}/02_install_groups.sh"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Cleanup
|
# Cleanup
|
||||||
@ -66,6 +69,6 @@ echo "-> Installing package groups..."
|
|||||||
trap - EXIT
|
trap - EXIT
|
||||||
|
|
||||||
echo "-> Unmounting prepared_image..."
|
echo "-> Unmounting prepared_image..."
|
||||||
umount_kill "$(readlink -m $INSTALLDIR)" || :
|
umount_kill "$(readlink -m ${INSTALLDIR})" || true
|
||||||
|
|
||||||
exit $RETCODE
|
exit ${RETCODE}
|
||||||
|
@ -46,7 +46,11 @@ fi
|
|||||||
# Cleanup function
|
# Cleanup function
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
function cleanup() {
|
function cleanup() {
|
||||||
umount_kill "$PWD/mnt" || :
|
errval=$?
|
||||||
|
trap - ERR
|
||||||
|
trap
|
||||||
|
umount_kill "$PWD/mnt" || true
|
||||||
|
exit $errval
|
||||||
}
|
}
|
||||||
trap cleanup ERR
|
trap cleanup ERR
|
||||||
|
|
||||||
@ -66,7 +70,7 @@ export INSTALLDIR=mnt
|
|||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Run qubeize script
|
# Run qubeize script
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
"$SCRIPTSDIR/04_install_qubes.sh" || { umount "$INSTALLDIR"; exit 1; }
|
"$SCRIPTSDIR/04_install_qubes.sh"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
# Create App Menus
|
# Create App Menus
|
||||||
@ -110,7 +114,7 @@ fi
|
|||||||
# Finsh - unmount image
|
# Finsh - unmount image
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
echo "--> Unmounting $IMG"
|
echo "--> Unmounting $IMG"
|
||||||
cleanup
|
umount_kill "$PWD/mnt" || true
|
||||||
|
|
||||||
echo "Qubeized image stored at: $IMG"
|
echo "Qubeized image stored at: $IMG"
|
||||||
|
|
||||||
|
@ -1,45 +1,82 @@
|
|||||||
#!/bin/bash -x
|
#!/bin/bash -e
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Source external scripts
|
# Source external scripts
|
||||||
# ------------------------------------------------------------------------------
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
. ./umount_kill.sh >/dev/null
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Configurations
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
INSTALLDIR="$(readlink -m mnt)"
|
INSTALLDIR="$(readlink -m mnt)"
|
||||||
umount_kill "${INSTALLDIR}" || :
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# Make sure ${INSTALLDIR} is not mounted
|
||||||
|
umount_all "${INSTALLDIR}" || true
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'pre' scripts
|
# Execute any template flavor or sub flavor 'pre' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "pre"
|
buildStep "${0}" "pre"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
|
# Use a snapshot of the debootstraped debian image
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
debug "Determine if ${IMG} should be reused or deleted..."
|
manage_snapshot() {
|
||||||
if [ -f "${IMG}" ]; then
|
local snapshot="${1}"
|
||||||
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
|
|
||||||
|
umount_kill "${INSTALLDIR}" || true
|
||||||
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
|
||||||
warn "Last build failed. Deleting ${IMG}"
|
# Remove old snapshots if groups completed
|
||||||
|
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
|
||||||
|
outputc stout "Removing stale snapshots"
|
||||||
|
umount_kill "${INSTALLDIR}" || true
|
||||||
|
rm -rf "${debootstrap_snapshot}"
|
||||||
|
rm -rf "${packages_snapshot}"
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
outputc stout "Replacing ${IMG} with snapshot ${snapshot}"
|
||||||
|
umount_kill "${INSTALLDIR}" || true
|
||||||
|
cp -f "${snapshot}" "${IMG}"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Determine if a snapshot should be used, reuse an existing image or
|
||||||
|
# delete the existing image to start fresh based on configuration options
|
||||||
|
#
|
||||||
|
# SNAPSHOT=1 - Use snapshots; Will remove after successful build
|
||||||
|
# If debootstrap did not complete, the existing image will be deleted
|
||||||
|
# ==============================================================================
|
||||||
|
splitPath "${IMG}" path_parts
|
||||||
|
packages_snapshot="${path_parts[dir]}${path_parts[base]}-packages${path_parts[dotext]}"
|
||||||
|
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
|
||||||
|
|
||||||
|
if [ -f "${IMG}" ]; then
|
||||||
|
if [ -f "${packages_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
|
||||||
|
# Use 'packages' snapshot
|
||||||
|
manage_snapshot "${packages_snapshot}"
|
||||||
|
|
||||||
|
elif [ -f "${debootstrap_snapshot}" -a "${SNAPSHOT}" == "1" ]; then
|
||||||
|
# Use 'debootstrap' snapshot
|
||||||
|
manage_snapshot "${debootstrap_snapshot}"
|
||||||
|
|
||||||
|
else
|
||||||
|
# Use '$IMG' if debootstrap did not fail
|
||||||
|
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||||
|
|
||||||
|
# Assume a failed debootstrap installation if .prepared_debootstrap does not exist
|
||||||
|
if [ -e "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
|
||||||
|
debug "Reusing existing image ${IMG}"
|
||||||
|
else
|
||||||
|
outputc stout "Removing stale or incomplete ${IMG}"
|
||||||
|
umount_kill "${INSTALLDIR}" || true
|
||||||
rm -f "${IMG}"
|
rm -f "${IMG}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Umount image; don't fail if its already umounted
|
# Umount image; don't fail if its already umounted
|
||||||
umount_kill "${INSTALLDIR}" || :
|
umount_kill "${INSTALLDIR}" || true
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'post' scripts
|
# Execute any template flavor or sub flavor 'post' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "post"
|
buildStep "${0}" "post"
|
||||||
|
@ -1,38 +1,61 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash -e
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Source external scripts
|
# Source external scripts
|
||||||
# ------------------------------------------------------------------------------
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
##### '-------------------------------------------------------------------------
|
||||||
# Configurations
|
debug ' Installing base system using debootstrap'
|
||||||
# ------------------------------------------------------------------------------
|
##### '-------------------------------------------------------------------------
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'pre' scripts
|
# Execute any template flavor or sub flavor 'pre' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "pre"
|
buildStep "${0}" "pre"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" ]; then
|
||||||
# Install base debian system
|
#### "------------------------------------------------------------------
|
||||||
# ------------------------------------------------------------------------------
|
info " $(templateName): Installing base '${DISTRIBUTION}-${DIST}' system"
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
#### "------------------------------------------------------------------
|
||||||
debug "Installing base ${DEBIANVERSION} system"
|
COMPONENTS="" debootstrap \
|
||||||
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
|
--arch=amd64 \
|
||||||
--components=main --keyring="${SCRIPTSDIR}/keys/${DEBIANVERSION}-debian-archive-keyring.gpg" \
|
--include="ncurses-term locales tasksel" \
|
||||||
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
|
--components=main \
|
||||||
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
|
--keyring="${SCRIPTSDIR}/keys/${DIST}-${DISTRIBUTION}-archive-keyring.gpg" \
|
||||||
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
|
"${DIST}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || {
|
||||||
|
error "Debootstrap failed!";
|
||||||
|
exit 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Configure keyboard'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
configureKeyboard
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Update locales'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
updateLocale
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info 'Link mtab'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
chroot rm -f /etc/mtab
|
||||||
|
chroot ln -s /proc/self/mounts /etc/mtab
|
||||||
|
|
||||||
|
# TMPDIR is set in vars. /tmp should not be used since it will be cleared
|
||||||
|
# if building template with LXC contaniners on a reboot
|
||||||
|
mkdir -p "${INSTALLDIR}/${TMPDIR}"
|
||||||
|
|
||||||
|
# Mark section as complete
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap"
|
||||||
|
|
||||||
|
# If SNAPSHOT=1, Create a snapshot of the already debootstraped image
|
||||||
|
createSnapshot "debootstrap"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'post' scripts
|
# Execute any template flavor or sub flavor 'post' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "post"
|
buildStep "${0}" "post"
|
||||||
|
@ -1,201 +1,84 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash -e
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
# Source external scripts
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
|
||||||
. ./umount_kill.sh >/dev/null
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
##### "=========================================================================
|
||||||
# Configurations
|
debug " Configuring and Installing packages for ${DIST}"
|
||||||
# ------------------------------------------------------------------------------
|
##### "=========================================================================
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# If .prepared_debootstrap has not been completed, don't continue
|
# If .prepared_debootstrap has not been completed, don't continue
|
||||||
# ------------------------------------------------------------------------------
|
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_debootstrap" "prepared_debootstrap installataion has not completed!... Exiting"
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
|
||||||
error "prepared_debootstrap installataion has not completed!... Exiting"
|
|
||||||
umount_kill "${INSTALLDIR}" || :
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# Create system mount points
|
||||||
# Mount system mount points
|
prepareChroot
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
|
||||||
mount -t tmpfs none "${INSTALLDIR}/run"
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# Make sure there is a resolv.conf with network of this AppVM for building
|
||||||
|
createResolvConf
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'pre' scripts
|
# Execute any template flavor or sub flavor 'pre' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "pre"
|
buildStep "${0}" "pre"
|
||||||
|
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
|
# ==============================================================================
|
||||||
# ------------------------------------------------------------------------------
|
# Configure base system and install any adddtional packages which could
|
||||||
# Cleanup function
|
# include +TEMPLATE_FLAVOR such as gnome as set in configuration file
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
function cleanup() {
|
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_groups" ]; then
|
||||||
error "Install groups error and umount"
|
#### '----------------------------------------------------------------------
|
||||||
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
info ' Trap ERR and EXIT signals and cleanup (umount)'
|
||||||
umount_kill "${INSTALLDIR}" || :
|
#### '----------------------------------------------------------------------
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
trap cleanup ERR
|
trap cleanup ERR
|
||||||
trap cleanup EXIT
|
trap cleanup EXIT
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Set up a temporary policy-rc.d to prevent apt from starting services
|
info 'Install standard Debian packages'
|
||||||
# on package installation
|
#### '----------------------------------------------------------------------
|
||||||
# ------------------------------------------------------------------------------
|
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.debian_packages" ]; then
|
||||||
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
|
packages="$(chroot tasksel --new-install --task-packages standard)"
|
||||||
#!/bin/sh
|
aptInstall ${packages}
|
||||||
return 101 # Action forbidden by policy
|
touch "${INSTALLDIR}/${TMPDIR}/.debian_packages"
|
||||||
EOF
|
|
||||||
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Ensure umask set in /etc/login.defs is used (022)
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session"
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Add debian security repository
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
debug "Adding debian-security repository."
|
|
||||||
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
|
|
||||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
|
||||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
fi
|
|
||||||
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
|
|
||||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
|
||||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Upgrade system
|
info ' Distribution specific steps (install systemd, add sources, etc)'
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
debug "Upgrading system"
|
buildStep "$0" "${DIST}"
|
||||||
chroot "${INSTALLDIR}" apt-get update
|
|
||||||
true "${stout}"
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} dist-upgrade
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Configure keyboard
|
info " Installing extra packages in script_${DIST}/packages.list file"
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
debug "Setting keyboard layout"
|
installPackages
|
||||||
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
|
createSnapshot "packages"
|
||||||
keyboard-configuration keyboard-configuration/variant select English (US)
|
touch "${INSTALLDIR}/${TMPDIR}/.prepared_packages"
|
||||||
keyboard-configuration keyboard-configuration/layout select English (US)
|
|
||||||
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
|
|
||||||
keyboard-configuration keyboard-configuration/modelcode string pc105
|
|
||||||
keyboard-configuration keyboard-configuration/layoutcode string us
|
|
||||||
keyboard-configuration keyboard-configuration/variantcode string
|
|
||||||
keyboard-configuration keyboard-configuration/optionscode string
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Install extra packages in script_${DEBIANVERSION}/packages.list file
|
info ' Execute any template flavor or sub flavor scripts after packages are installed'
|
||||||
# -and / or- TEMPLATE_FLAVOR directories
|
#### '----------------------------------------------------------------------
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
getFileLocations packages_list "packages.list" "${DIST}"
|
|
||||||
if [ -z "${packages_list}" ]; then
|
|
||||||
error "Can not locate a package.list file!"
|
|
||||||
umount_kill "${INSTALLDIR}" || :
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
for package_list in ${packages_list[@]}; do
|
|
||||||
debug "Installing extra packages from: ${package_list}"
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
xargs chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} install < "${package_list}"
|
|
||||||
done
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Execute any template flavor or sub flavor scripts after packages are installed
|
|
||||||
# (Whonix needs dependancies installed before installation)
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
buildStep "$0" "packages_installed"
|
buildStep "$0" "packages_installed"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Install systemd
|
info ' apt-get dist-upgrade'
|
||||||
# ------------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# - sysvinit gives problems with qubes initramfs, we depend on systemd
|
aptDistUpgrade
|
||||||
# for now. Apt *really* doesn't want to replace sysvinit in wheezy.
|
|
||||||
# For jessie and newer, sysvinit is provided by sysvinit-core which
|
|
||||||
# is not an essential package.
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
debug "Installing systemd for debian (${DEBIANVERSION})"
|
|
||||||
if [ "${DEBIANVERSION}" == "wheezy" ]; then
|
|
||||||
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
|
|
||||||
else
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} remove sysvinit
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Prevent sysvinit from being re-installed
|
#### '----------------------------------------------------------------------
|
||||||
debug "Preventing sysvinit re-installation"
|
info ' Cleanup'
|
||||||
chroot "${INSTALLDIR}" apt-mark hold sysvinit
|
#### '----------------------------------------------------------------------
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.prepared_groups"
|
||||||
# Pin sysvinit to prevent being re-installed
|
|
||||||
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
|
|
||||||
Package: sysvinit
|
|
||||||
Pin: version *
|
|
||||||
Pin-Priority: -100
|
|
||||||
EOF
|
|
||||||
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
|
|
||||||
|
|
||||||
chroot "${INSTALLDIR}" apt-get update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} install systemd-sysv
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Set multu-user.target as the default target (runlevel 3)
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
|
|
||||||
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Qubes is now being built with some SID packages; grab backport for wheezy
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ "${DEBIANVERSION}" == "wheezy" ]; then
|
|
||||||
debug "Adding wheezy backports repository."
|
|
||||||
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
|
|
||||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
|
||||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
|
||||||
fi
|
|
||||||
chroot ${INSTALLDIR} apt-get update
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot ${INSTALLDIR} apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Cleanup
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Remove temporary policy layer so services can start normally in the
|
|
||||||
# deployed template.
|
|
||||||
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
|
||||||
touch "${INSTALLDIR}/tmp/.prepared_groups"
|
|
||||||
trap - ERR EXIT
|
trap - ERR EXIT
|
||||||
trap
|
trap
|
||||||
|
|
||||||
# Kill all processes and umount all mounts within ${INSTALLDIR},
|
|
||||||
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
|
|
||||||
# umounted itself)
|
|
||||||
umount_kill "${INSTALLDIR}/" || :
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'post' scripts
|
# Execute any template flavor or sub flavor 'post' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "post"
|
buildStep "${0}" "post"
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
|
||||||
|
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted)
|
||||||
|
# ==============================================================================
|
||||||
|
umount_all "${INSTALLDIR}/" || true
|
||||||
|
36
scripts_debian/02_install_groups_jessie.sh
Executable file
36
scripts_debian/02_install_groups_jessie.sh
Executable file
@ -0,0 +1,36 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
##### "=========================================================================
|
||||||
|
debug " Installing custom packages and customizing ${DIST}"
|
||||||
|
##### "=========================================================================
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Adding contrib, non-free and Debian security to repository.'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
updateDebianSourceList
|
||||||
|
aptUpdate
|
||||||
|
|
||||||
|
##### '=========================================================================
|
||||||
|
debug ' Replacing sysvinit with systemd'
|
||||||
|
##### '=========================================================================
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Remove sysvinit'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
aptRemove sysvinit
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Install Systemd'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
aptUpdate
|
||||||
|
aptInstall systemd-sysv
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Set multu-user.target as the default target (runlevel 3)'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
chroot rm -f /etc/systemd/system/default.target
|
||||||
|
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
89
scripts_debian/02_install_groups_wheezy.sh
Executable file
89
scripts_debian/02_install_groups_wheezy.sh
Executable file
@ -0,0 +1,89 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
##### "=========================================================================
|
||||||
|
debug " Installing custom packages and customizing ${DIST}"
|
||||||
|
##### "=========================================================================
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Adding contrib, non-free and Debian security to repository.'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
updateDebianSourceList
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Adding wheezy backports repository.'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
|
||||||
|
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
fi
|
||||||
|
aptUpdate
|
||||||
|
|
||||||
|
##### '=========================================================================
|
||||||
|
debug ' Replace sysvinit with systemd'
|
||||||
|
##### '=========================================================================
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Remove sysvinit'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
echo 'Yes, do as I say!' | aptRemove sysvinit
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Preventing sysvinit re-installation'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
chroot apt-mark hold sysvinit
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Pin sysvinit to prevent being re-installed'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
|
||||||
|
Package: sysvinit
|
||||||
|
Pin: version *
|
||||||
|
Pin-Priority: -100
|
||||||
|
EOF
|
||||||
|
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Install Systemd'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
aptUpdate
|
||||||
|
aptInstall systemd-sysv
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Set multu-user.target as the default target (runlevel 3)'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
chroot rm -f /etc/systemd/system/default.target
|
||||||
|
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install backports
|
||||||
|
#
|
||||||
|
# NOTE: This needs to be done after systemd has been installed or risk backport
|
||||||
|
# being un-installed
|
||||||
|
# ==============================================================================
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing init-system-helpers'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
aptUpdate
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||||
|
chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install init-system-helpers
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing pulseaudo backport'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
|
||||||
|
# /usr/lib/pulse-4.0/modules/
|
||||||
|
# start-pulseaudio-with-vchan
|
||||||
|
|
||||||
|
#DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||||
|
# chroot apt-get ${APT_GET_OPTIONS} -t wheezy-backports install pulseaudio \
|
||||||
|
# libpulse0 \
|
||||||
|
# pulseaudio-utils \
|
||||||
|
# libpulse-mainloop-glib0 \
|
||||||
|
# pulseaudio-module-x11
|
@ -1,154 +1,61 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash -e
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
# Source external scripts
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
|
||||||
. ./umount_kill.sh >/dev/null
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
##### '-------------------------------------------------------------------------
|
||||||
# Configurations
|
debug ' Installing Qubes packages'
|
||||||
# ------------------------------------------------------------------------------
|
##### '-------------------------------------------------------------------------
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# If .prepared_debootstrap has not been completed, don't continue
|
||||||
# If .prepared_groups has not been completed, don't continue
|
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_groups" "prepared_groups installataion has not completed!... Exiting"
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
|
|
||||||
error "prepared_groups installataion has not completed!... Exiting"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# Create system mount points
|
||||||
# Mount system mount points
|
prepareChroot
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
for fs in /dev /dev/pts /proc /sys; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
|
||||||
mount -t tmpfs none "${INSTALLDIR}/run"
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'pre' scripts
|
# Execute any template flavor or sub flavor 'pre' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "pre"
|
buildStep "${0}" "pre"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" ]; then
|
||||||
# Install Qubes Packages
|
#### '----------------------------------------------------------------------
|
||||||
# ------------------------------------------------------------------------------
|
info ' Trap ERR and EXIT signals and cleanup (umount)'
|
||||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
|
#### '----------------------------------------------------------------------
|
||||||
debug "Installing qbues modules"
|
trap cleanup ERR
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Set up a temporary policy-rc.d to prevent apt from starting services
|
info ' Install Qubes packages listed in packages_qubes.list file(s)'
|
||||||
# on package installation
|
#### '----------------------------------------------------------------------
|
||||||
# --------------------------------------------------------------------------
|
installQubesRepo
|
||||||
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
|
aptUpdate
|
||||||
#!/bin/sh
|
installPackages packages_qubes.list
|
||||||
return 101 # Action forbidden by policy
|
uninstallQubesRepo
|
||||||
EOF
|
|
||||||
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Generate locales
|
info ' Re-update locales'
|
||||||
# --------------------------------------------------------------------------
|
# Locales get reset during package installation sometimes
|
||||||
debug "Generate locales"
|
#### '----------------------------------------------------------------------
|
||||||
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
|
updateLocale
|
||||||
chroot "${INSTALLDIR}" locale-gen
|
|
||||||
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
# Link mtab
|
info ' Cleanup'
|
||||||
# --------------------------------------------------------------------------
|
#### '----------------------------------------------------------------------
|
||||||
rm -f "${INSTALLDIR}/etc/mtab"
|
umount_all "${INSTALLDIR}/" || true
|
||||||
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
|
touch "${INSTALLDIR}/${TMPDIR}/.prepared_qubes"
|
||||||
|
trap - ERR EXIT
|
||||||
# --------------------------------------------------------------------------
|
trap
|
||||||
# Start of Qubes package installation
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
debug "Installing qubes packages"
|
|
||||||
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Install keyrings
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
|
|
||||||
mkdir -p "${CACHEDIR}"
|
|
||||||
gpg --gen-key --batch <<EOF
|
|
||||||
Key-Type: RSA
|
|
||||||
Key-Length: 1024
|
|
||||||
Key-Usage: sign
|
|
||||||
Name-Real: Qubes builder
|
|
||||||
Expire-Date: 0
|
|
||||||
%pubring ${CACHEDIR}/repo-pubring.gpg
|
|
||||||
%secring ${CACHEDIR}/repo-secring.gpg
|
|
||||||
%commit
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
gpg -abs --no-default-keyring \
|
|
||||||
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
|
|
||||||
--keyring "${CACHEDIR}/repo-pubring.gpg" \
|
|
||||||
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
|
|
||||||
"${CUSTOMREPO}/dists/${DIST}/Release"
|
|
||||||
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Mount local qubes_repo
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
|
|
||||||
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Include qubes repo for apt
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
|
|
||||||
deb file:/tmp/qubes_repo ${DEBIANVERSION} main
|
|
||||||
EOF
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Update system; exit is not successful
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Install Qubes packages
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
||||||
chroot "${INSTALLDIR}" apt-get ${APT_GET_OPTIONS} install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
|
|
||||||
{ umount_kill "${INSTALLDIR}"; exit 1; }
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Remove Qubes Builder repo from sources.list.d
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
|
|
||||||
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
|
||||||
chroot "${INSTALLDIR}" apt-get update || exit 1
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Remove temporary policy layer so services can start normally in the
|
|
||||||
# deployed template.
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
|
||||||
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Copy extra files to installation directory. Contains:
|
|
||||||
# - font fixes for display issues
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
copyTree "qubes-files" "${SCRIPTSDIR}" "${INSTALLDIR}"
|
|
||||||
|
|
||||||
touch "${INSTALLDIR}/tmp/.prepared_qubes"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'post' scripts
|
# Execute any template flavor or sub flavor 'post' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "post"
|
buildStep "${0}" "post"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
|
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
|
||||||
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
|
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted)
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
umount_kill "${INSTALLDIR}/" || :
|
umount_all "${INSTALLDIR}/" || true
|
||||||
|
|
||||||
|
@ -1,33 +1,27 @@
|
|||||||
#!/bin/sh
|
#!/bin/bash -e
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
# Source external scripts
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
##### '=========================================================================
|
||||||
# Configurations
|
debug ' Cleaning up...'
|
||||||
# ------------------------------------------------------------------------------
|
##### '=========================================================================
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'pre' scripts
|
# Execute any template flavor or sub flavor 'pre' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "pre"
|
buildStep "${0}" "pre"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
#### '-------------------------------------------------------------------------
|
||||||
# Cleanup any left over files from installation
|
info ' Cleaning up any left over files from installation'
|
||||||
# ------------------------------------------------------------------------------
|
#### '-------------------------------------------------------------------------
|
||||||
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
|
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
|
||||||
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
||||||
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||||
|
rm -rf "${INSTALLDIR}/${TMPDIR}"
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
# Execute any template flavor or sub flavor 'post' scripts
|
# Execute any template flavor or sub flavor 'post' scripts
|
||||||
# ------------------------------------------------------------------------------
|
# ==============================================================================
|
||||||
buildStep "$0" "post"
|
buildStep "${0}" "post"
|
||||||
|
75
scripts_debian/NOTES
Normal file
75
scripts_debian/NOTES
Normal file
@ -0,0 +1,75 @@
|
|||||||
|
issues
|
||||||
|
------
|
||||||
|
Think it makes most sense to run whonix setup right after qubes, then whonix can install qubes-whonix last.
|
||||||
|
hook into bfore qubes removes its links to repo
|
||||||
|
|
||||||
|
|
||||||
|
installing whonix after qubes-whonix; wq thinks its a template; tries to use proxy. Need to add
|
||||||
|
a chroot option maybe' touch /var/run/qubes/qubes-service/choot and ignore everything; maybe even
|
||||||
|
in postinit? -- gotta be sure IP addresses don't get changed
|
||||||
|
|
||||||
|
tests
|
||||||
|
-----
|
||||||
|
|
||||||
|
test all the vms listed below plus make sure each works with:
|
||||||
|
|
||||||
|
- netvm
|
||||||
|
- proxyvm
|
||||||
|
- sound
|
||||||
|
- notifications
|
||||||
|
|
||||||
|
NOTE: Backup EXISTING jessie-gnome; its what I use for web access!
|
||||||
|
Make a special version name; test with that and copy my root.img to it after test as my future template to keep
|
||||||
|
wheezy
|
||||||
|
wheezy+gnome
|
||||||
|
jessie
|
||||||
|
jessie+gnome
|
||||||
|
whonix-gateway
|
||||||
|
whonix-workstation
|
||||||
|
|
||||||
|
# Before building ubuntu again; combine code base again
|
||||||
|
trusty
|
||||||
|
trusty+gnome
|
||||||
|
utopic
|
||||||
|
utopic+gnome
|
||||||
|
|
||||||
|
test qubes-whonix package update... at first just add a local file base repo in appvm
|
||||||
|
|
||||||
|
|
||||||
|
ubuntu fixups
|
||||||
|
-------------
|
||||||
|
network manager
|
||||||
|
application menus
|
||||||
|
- can I convert the hvm? -- or install real ubuntu from live but automated?
|
||||||
|
- combine codebase of ubuntu / debian
|
||||||
|
|
||||||
|
whonix fixups
|
||||||
|
-------------
|
||||||
|
move code to qhonix-qubes that can go there
|
||||||
|
see if I can get rid of grub yet with new APT-opts command
|
||||||
|
review all snapshot code; remove remerences to /run; swap with tmp
|
||||||
|
|
||||||
|
todo
|
||||||
|
----
|
||||||
|
add firfox, etc to installed apps like fedora has - gnome only build; keep minimum debian builds
|
||||||
|
flashplayer
|
||||||
|
mirror list
|
||||||
|
automated test? build, deploy to dom0, install guest + appvm, run some tests in appvm
|
||||||
|
|
||||||
|
add in qubes-apps-linux-* during qubes-setup; maybe need to remove thunderbird?
|
||||||
|
duplicate 01proxy
|
||||||
|
fix the gui-linux commmit
|
||||||
|
restore dash -- fix any qubes scripts to use dash or indicated they need bash
|
||||||
|
fix any qubes scripts that use sysconfig; since we dont
|
||||||
|
|
||||||
|
|
||||||
|
condsider
|
||||||
|
---------
|
||||||
|
salt module; maybe can use for tests
|
||||||
|
|
||||||
|
|
||||||
|
merge
|
||||||
|
-----
|
||||||
|
merge to debian first
|
||||||
|
then from debian to master
|
||||||
|
then from master to ubuntu -- rebase whonix again
|
385
scripts_debian/distribution.sh
Normal file
385
scripts_debian/distribution.sh
Normal file
@ -0,0 +1,385 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source ./functions.sh >/dev/null
|
||||||
|
source ./umount_kill.sh >/dev/null
|
||||||
|
|
||||||
|
setVerboseMode
|
||||||
|
output "${bold}${under}INFO: ${SCRIPTSDIR}/distribution.sh imported by: ${0}${reset}"
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Cleanup function
|
||||||
|
# ==============================================================================
|
||||||
|
function cleanup() {
|
||||||
|
errval=$?
|
||||||
|
trap - ERR EXIT
|
||||||
|
trap
|
||||||
|
error "${1:-"${0}: Error. Cleaning up and un-mounting any existing mounts"}"
|
||||||
|
umount_all || true
|
||||||
|
|
||||||
|
# Return xtrace to original state
|
||||||
|
[[ -n "${XTRACE}" ]] && [[ "${XTRACE}" -eq 0 ]] && set -x || set +x
|
||||||
|
|
||||||
|
exit $errval
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# If .prepared_debootstrap has not been completed, don't continue
|
||||||
|
# ==============================================================================
|
||||||
|
function exitOnNoFile() {
|
||||||
|
file="${1}"
|
||||||
|
message="${2}"
|
||||||
|
|
||||||
|
if ! [ -f "${file}" ]; then
|
||||||
|
error "${message}"
|
||||||
|
umount_all || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Umount everthing within INSTALLDIR or $1 but kill all processes within first
|
||||||
|
# ==============================================================================
|
||||||
|
function umount_all() {
|
||||||
|
directory="${1:-"${INSTALLDIR}"}"
|
||||||
|
|
||||||
|
# Only remove dirvert policies, etc if base INSTALLDIR mount is being umounted
|
||||||
|
if [ "${directory}" == "${INSTALLDIR}" -o "${directory}" == "${INSTALLDIR}/" ]; then
|
||||||
|
if [ -n "$(mountPoints)" ]; then
|
||||||
|
removeDbusUuid
|
||||||
|
removeDivertPolicy
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
umount_kill "${directory}" || true
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Create snapshot
|
||||||
|
# ==============================================================================
|
||||||
|
function createSnapshot() {
|
||||||
|
snapshot_name="${1}"
|
||||||
|
|
||||||
|
if [ "${SNAPSHOT}" == "1" ]; then
|
||||||
|
splitPath "${IMG}" path_parts
|
||||||
|
snapshot_path="${path_parts[dir]}${path_parts[base]}-${snapshot_name}${path_parts[dotext]}"
|
||||||
|
|
||||||
|
# create snapshot
|
||||||
|
info "Creating snapshot of ${IMG} to ${snapshot_path}"
|
||||||
|
sync
|
||||||
|
cp -f "${IMG}" "${snapshot_path}"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Create DBUS uuid
|
||||||
|
# ==============================================================================
|
||||||
|
function createDbusUuid() {
|
||||||
|
outputc green "Creating DBUS uuid..."
|
||||||
|
removeDbusUuid
|
||||||
|
if [ -e "${INSTALLDIR}/bin/dbus-uuidgen" ]; then
|
||||||
|
chroot dbus-uuidgen --ensure 1>/dev/null 2>&1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Remove DBUS uuid
|
||||||
|
# ==============================================================================
|
||||||
|
function removeDbusUuid() {
|
||||||
|
if [ -e "${INSTALLDIR}"/var/lib/dbus/machine-id ]; then
|
||||||
|
outputc red "Removing generated machine uuid..."
|
||||||
|
rm -f "${INSTALLDIR}/var/lib/dbus/machine-id"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Set up a temporary dpkg-divert policy to prevent apt from starting services
|
||||||
|
# on package installation
|
||||||
|
# ==============================================================================
|
||||||
|
function addDivertPolicy() {
|
||||||
|
outputc green "Deactivating initctl..."
|
||||||
|
chroot dpkg-divert --local --rename --add /sbin/initctl || true
|
||||||
|
|
||||||
|
# utopic systemd install still broken...
|
||||||
|
outputc green "Hacking invoke-rc.d to ignore missing init scripts..."
|
||||||
|
chroot sed -i -e "s/exit 100/exit 0 #exit 100/" /usr/sbin/invoke-rc.d
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Remove temporary dpkg-divert policy
|
||||||
|
# ==============================================================================
|
||||||
|
function removeDivertPolicy() {
|
||||||
|
outputc red "Reactivating initctl..."
|
||||||
|
chroot dpkg-divert --local --rename --remove /sbin/initctl || true
|
||||||
|
|
||||||
|
outputc red "Restoring invoke-rc.d..."
|
||||||
|
chroot sed -i -e "s/exit 0 #exit 100/exit 100/" /usr/sbin/invoke-rc.d
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Create system mount points
|
||||||
|
# ==============================================================================
|
||||||
|
function prepareChroot() {
|
||||||
|
# Make sure nothing is mounted within $INSTALLDIR
|
||||||
|
umount_kill "${INSTALLDIR}/"
|
||||||
|
|
||||||
|
mount -t tmpfs none "${INSTALLDIR}/run"
|
||||||
|
if [ "${SYSTEMD_NSPAWN_ENABLE}" != "1" ]; then
|
||||||
|
mount -t proc proc "${INSTALLDIR}/proc"
|
||||||
|
mount -t sysfs sys "${INSTALLDIR}/sys"
|
||||||
|
fi
|
||||||
|
createDbusUuid
|
||||||
|
addDivertPolicy
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# apt-get upgrade
|
||||||
|
# ==============================================================================
|
||||||
|
function aptUpgrade() {
|
||||||
|
aptUpdate
|
||||||
|
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
|
||||||
|
chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# apt-get dist-upgrade
|
||||||
|
# ==============================================================================
|
||||||
|
function aptDistUpgrade() {
|
||||||
|
aptUpdate
|
||||||
|
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
|
||||||
|
chroot env APT_LISTCHANGES_FRONTEND=none apt-get dist-upgrade -u -y --force-yes
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# apt-get update
|
||||||
|
# ==============================================================================
|
||||||
|
function aptUpdate() {
|
||||||
|
debug "Updating system"
|
||||||
|
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
|
||||||
|
chroot apt-get update
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# apt-get remove
|
||||||
|
# ==============================================================================
|
||||||
|
function aptRemove() {
|
||||||
|
files="$@"
|
||||||
|
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
|
||||||
|
chroot apt-get ${APT_GET_OPTIONS} remove ${files[@]}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# apt-get install
|
||||||
|
# ==============================================================================
|
||||||
|
function aptInstall() {
|
||||||
|
files="$@"
|
||||||
|
DEBIAN_FRONTEND="noninteractive" DEBIAN_PRIORITY="critical" DEBCONF_NOWARNINGS="yes" \
|
||||||
|
chroot apt-get ${APT_GET_OPTIONS} install ${files[@]}
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install extra packages in script_${DIST}/packages.list file
|
||||||
|
# -and / or- TEMPLATE_FLAVOR directories
|
||||||
|
# ==============================================================================
|
||||||
|
function installPackages() {
|
||||||
|
if [ -n "${1}" ]; then
|
||||||
|
# Locate packages within sub dirs
|
||||||
|
if [ ${#@} == "1" ]; then
|
||||||
|
getFileLocations packages_list "${1}" ""
|
||||||
|
else
|
||||||
|
packages_list="$@"
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
getFileLocations packages_list "packages.list" "${DIST}"
|
||||||
|
if [ -z "${packages_list}" ]; then
|
||||||
|
error "Can not locate a package.list file!"
|
||||||
|
umount_all || true
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
for package_list in ${packages_list[@]}; do
|
||||||
|
debug "Installing extra packages from: ${package_list}"
|
||||||
|
declare -a packages
|
||||||
|
readarray -t packages < "${package_list}"
|
||||||
|
|
||||||
|
info "Packages: "${packages[@]}""
|
||||||
|
aptInstall "${packages[@]}" || return $?
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install Systemd
|
||||||
|
# ==============================================================================
|
||||||
|
function installSystemd() {
|
||||||
|
buildStep "$0" "pre-systemd"
|
||||||
|
chroot apt-get update
|
||||||
|
|
||||||
|
aptInstall systemd
|
||||||
|
createDbusUuid
|
||||||
|
|
||||||
|
# Set multi-user.target as default target
|
||||||
|
chroot rm -f /etc/systemd/system/default.target
|
||||||
|
chroot ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||||
|
|
||||||
|
# XXX: TEMP lets see how stuff work with upstart in control for now
|
||||||
|
# Boot using systemd
|
||||||
|
chroot rm -f /sbin/init
|
||||||
|
chroot ln -sf /lib/systemd/systemd /sbin/init
|
||||||
|
|
||||||
|
buildStep "$0" "post-systemd"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# C O N F I G U R A T I O N R E L A T E D
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# ==============================================================================
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Add universe to sources.list
|
||||||
|
# ==============================================================================
|
||||||
|
function updateDebianSourceList() {
|
||||||
|
# Add contrib and non-free component to repository
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
sed -i "s/${DIST} main$/${DIST} main contrib non-free/g" "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
|
||||||
|
# Add Debian security repositories
|
||||||
|
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
|
||||||
|
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
fi
|
||||||
|
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
|
||||||
|
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Add universe to sources.list
|
||||||
|
# ==============================================================================
|
||||||
|
function updateQubuntuSourceList() {
|
||||||
|
sed -i "s/${DIST} main$/${DIST} main universe multiverse restricted/g" "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
source="deb http://archive.canonical.com/ubuntu ${DIST} partner"
|
||||||
|
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
fi
|
||||||
|
source="deb-src http://archive.canonical.com/ubuntu ${DIST} partner"
|
||||||
|
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||||
|
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
fi
|
||||||
|
chroot apt-get update
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Make sure there is a resolv.conf with network of this AppVM for building
|
||||||
|
# ==============================================================================
|
||||||
|
function createResolvConf() {
|
||||||
|
rm -f "${INSTALLDIR}/etc/resolv.conf"
|
||||||
|
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Ensure umask set in /etc/login.defs is used (022)
|
||||||
|
# ==============================================================================
|
||||||
|
function configureUmask() {
|
||||||
|
echo "session optional pam_umask.so" >> "${INSTALLDIR}/etc/pam.d/common-session"
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Configure keyboard
|
||||||
|
# ==============================================================================
|
||||||
|
function configureKeyboard() {
|
||||||
|
debug "Setting keyboard layout"
|
||||||
|
cat > "${INSTALLDIR}/tmp/keyboard.conf" <<'EOF'
|
||||||
|
keyboard-configuration keyboard-configuration/variant select English (US)
|
||||||
|
keyboard-configuration keyboard-configuration/layout select English (US)
|
||||||
|
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
|
||||||
|
keyboard-configuration keyboard-configuration/modelcode string pc105
|
||||||
|
keyboard-configuration keyboard-configuration/layoutcode string us
|
||||||
|
keyboard-configuration keyboard-configuration/variantcode string
|
||||||
|
keyboard-configuration keyboard-configuration/optionscode string
|
||||||
|
EOF
|
||||||
|
chroot debconf-set-selections /tmp/keyboard.conf
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Update locale
|
||||||
|
# ==============================================================================
|
||||||
|
function updateLocale() {
|
||||||
|
debug "Updating locales"
|
||||||
|
chroot localedef -f UTF-8 -i en_US -c en_US.UTF-8
|
||||||
|
chroot update-locale LC_ALL=en_US.UTF-8
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# Q U B E S S P E C I F I C F U N C T I O N S
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# ==============================================================================
|
||||||
|
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install Keyrings
|
||||||
|
# ==============================================================================
|
||||||
|
function installKeyrings() {
|
||||||
|
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
|
||||||
|
mkdir -p "${CACHEDIR}"
|
||||||
|
gpg --gen-key --batch <<EOF
|
||||||
|
Key-Type: RSA
|
||||||
|
Key-Length: 1024
|
||||||
|
Key-Usage: sign
|
||||||
|
Name-Real: Qubes builder
|
||||||
|
Expire-Date: 0
|
||||||
|
%pubring ${CACHEDIR}/repo-pubring.gpg
|
||||||
|
%secring ${CACHEDIR}/repo-secring.gpg
|
||||||
|
%commit
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ ! -e "${CUSTOMREPO}/dists/${DIST}/Release.gpg" ]; then
|
||||||
|
gpg -abs --no-default-keyring \
|
||||||
|
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
|
||||||
|
--keyring "${CACHEDIR}/repo-pubring.gpg" \
|
||||||
|
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
|
||||||
|
"${CUSTOMREPO}/dists/${DIST}/Release"
|
||||||
|
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Install Qubes Repo
|
||||||
|
# ==============================================================================
|
||||||
|
installQubesRepo() {
|
||||||
|
info " Defining Qubes CUSTOMREPO Location: ${PWD}/yum_repo_qubes/${DIST}"
|
||||||
|
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
|
||||||
|
|
||||||
|
info "Mounting local qubes_repo"
|
||||||
|
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
|
||||||
|
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
|
||||||
|
|
||||||
|
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
|
||||||
|
deb file:/tmp/qubes_repo ${DIST} main
|
||||||
|
EOF
|
||||||
|
|
||||||
|
# XXX: Moved keyring install last in process; not sure if mount was ready
|
||||||
|
# all the time in its previous place
|
||||||
|
info ' Installing keyrings' # Relies on $CUSTOMREPO
|
||||||
|
installKeyrings
|
||||||
|
}
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
|
# Uninstall Qubes Repo
|
||||||
|
# ==============================================================================
|
||||||
|
uninstallQubesRepo() {
|
||||||
|
info ' Removing Quebes build repo from sources.list.d'
|
||||||
|
|
||||||
|
# Lets not umount; we do that anyway when 04 exits
|
||||||
|
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
|
||||||
|
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
||||||
|
}
|
10
scripts_debian/flash/02_install_groups_packages_installed.sh
Executable file
10
scripts_debian/flash/02_install_groups_packages_installed.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing flash plugin'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
aptInstall flashplugin-nonfree
|
13
scripts_debian/gnome/02_install_groups_packages_installed.sh
Executable file
13
scripts_debian/gnome/02_install_groups_packages_installed.sh
Executable file
@ -0,0 +1,13 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing Gnome'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
#packages="$(chroot tasksel --new-install --task-packages desktop)"
|
||||||
|
#packages+=" $(chroot tasksel --new-install --task-packages gnome-desktop)"
|
||||||
|
packages="$(chroot tasksel --new-install --task-packages gnome-desktop)"
|
||||||
|
aptInstall ${packages}
|
@ -1,2 +0,0 @@
|
|||||||
gnome-desktop-environment
|
|
||||||
gnome-accessibility-themes
|
|
@ -1,2 +0,0 @@
|
|||||||
gnome-desktop-environment
|
|
||||||
gnome-accessibility-themes
|
|
@ -1,10 +1,22 @@
|
|||||||
gnome-terminal
|
ncurses-term
|
||||||
locales
|
aptitude
|
||||||
|
tasksel
|
||||||
sudo
|
sudo
|
||||||
|
locales
|
||||||
dmsetup
|
dmsetup
|
||||||
psmisc
|
psmisc
|
||||||
ncurses-term
|
emacs
|
||||||
xserver-xorg-core
|
vim-nox
|
||||||
x11-xserver-utils
|
gnupg
|
||||||
xinit
|
iceweasel
|
||||||
acpid
|
icedove
|
||||||
|
keepassx
|
||||||
|
git
|
||||||
|
gnome-terminal
|
||||||
|
xterm
|
||||||
|
libfile-mimeinfo-perl
|
||||||
|
libglib2.0-bin
|
||||||
|
ltrace
|
||||||
|
strace
|
||||||
|
haveged
|
||||||
|
firmware-linux
|
||||||
|
@ -6,3 +6,10 @@ xsettingsd
|
|||||||
gnome-packagekit
|
gnome-packagekit
|
||||||
chrony
|
chrony
|
||||||
ntpdate
|
ntpdate
|
||||||
|
|
||||||
|
libxvmc1
|
||||||
|
x11-session-utils
|
||||||
|
xfonts-100dpi
|
||||||
|
xfonts-75dpi
|
||||||
|
xfonts-scalable
|
||||||
|
|
||||||
|
@ -1,10 +1,22 @@
|
|||||||
gnome-terminal
|
ncurses-term
|
||||||
locales
|
aptitude
|
||||||
|
tasksel
|
||||||
sudo
|
sudo
|
||||||
|
locales
|
||||||
dmsetup
|
dmsetup
|
||||||
psmisc
|
psmisc
|
||||||
ncurses-term
|
emacs
|
||||||
xserver-xorg-core
|
vim-nox
|
||||||
x11-xserver-utils
|
gnupg
|
||||||
xinit
|
iceweasel
|
||||||
acpid
|
icedove
|
||||||
|
keepassx
|
||||||
|
git
|
||||||
|
gnome-terminal
|
||||||
|
xterm
|
||||||
|
libfile-mimeinfo-perl
|
||||||
|
libglib2.0-bin
|
||||||
|
ltrace
|
||||||
|
strace
|
||||||
|
haveged
|
||||||
|
firmware-linux
|
||||||
|
@ -1,70 +0,0 @@
|
|||||||
# file: .
|
|
||||||
# owner: user
|
|
||||||
# group: user
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg/Xresources
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/xdg/fonts.conf
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/xdg/xsettingsd
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/X11
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/X11/Xsession.d
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/X11/Xsession.d/25xdg-qubes-settings
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: .facl
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
34
scripts_debian/vars.sh
Executable file → Normal file
34
scripts_debian/vars.sh
Executable file → Normal file
@ -1,18 +1,36 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
source ./functions.sh
|
||||||
|
|
||||||
|
# ==============================================================================
|
||||||
# Global variables and functions
|
# Global variables and functions
|
||||||
|
# ==============================================================================
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
# ------------------------------------------------------------------------------
|
||||||
|
# Temp directory to place installation files and progress markers
|
||||||
|
# (Do not use /tmp since if built in a real VM, /tmp will be empty on a reboot)
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
TMPDIR="/var/lib/qubes-whonix/install"
|
||||||
|
|
||||||
. ./functions.sh
|
# ------------------------------------------------------------------------------
|
||||||
|
|
||||||
# The codename of the debian version to install.
|
# The codename of the debian version to install.
|
||||||
# jessie = testing, wheezy = stable
|
# jessie = testing, wheezy = stable
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
DEBIANVERSION=${DIST}
|
DEBIANVERSION=${DIST}
|
||||||
|
|
||||||
# Location to grab debian packages
|
# ------------------------------------------------------------------------------
|
||||||
|
# Location to grab Debian packages
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
DEBIAN_MIRROR=http://ftp.us.debian.org/debian
|
DEBIAN_MIRROR=http://ftp.us.debian.org/debian
|
||||||
#DEBIAN_MIRROR=http://http.debian.net/debian
|
|
||||||
#DEBIAN_MIRROR=http://ftp.ca.debian.org/debian
|
|
||||||
|
|
||||||
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes -y"
|
# TODO: Not yet implemented
|
||||||
|
DEBIAN_MIRRORS=('http://ftp.us.debian.org/debian',
|
||||||
|
'http://http.debian.net/debian,
|
||||||
|
'http://ftp.ca.debian.org/debian,
|
||||||
|
)
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# apt-get configuration options
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
APT_GET_OPTIONS="-o Dpkg::Options::="--force-confnew" --force-yes --yes"
|
||||||
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/00_prepare_pre.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/01_install_core_post.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/02_install_groups_packages_installed.sh
|
|
246
scripts_debian/wheezy+whonix-gateway/02_install_groups_wheezy.sh
Executable file
246
scripts_debian/wheezy+whonix-gateway/02_install_groups_wheezy.sh
Executable file
@ -0,0 +1,246 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Installing and building Whonix'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Trap ERR and EXIT signals and cleanup (umount)'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
trap cleanup ERR
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ]; then
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing extra packages in packages_whonix.list file'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
installPackages packages_whonix.list
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
# chroot Whonix build script
|
||||||
|
# ------------------------------------------------------------------------------
|
||||||
|
read -r -d '' WHONIX_BUILD_SCRIPT <<'EOF' || true
|
||||||
|
################################################################################
|
||||||
|
# Pre Fixups
|
||||||
|
sudo mkdir -p /boot/grub2
|
||||||
|
sudo touch /boot/grub2/grub.cfg
|
||||||
|
sudo mkdir -p /boot/grub
|
||||||
|
sudo touch /boot/grub/grub.cfg
|
||||||
|
sudo mkdir --parents --mode=g+rw "/tmp/uwt"
|
||||||
|
|
||||||
|
# Whonix seems to re-install sysvinit even though there is a hold
|
||||||
|
# on the package. Things seem to work anyway. BUT hopfully the
|
||||||
|
# hold on grub* don't get removed
|
||||||
|
sudo apt-mark hold sysvinit
|
||||||
|
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
|
||||||
|
|
||||||
|
# Whonix expects haveged to be started
|
||||||
|
sudo /etc/init.d/haveged start
|
||||||
|
################################################################################
|
||||||
|
# Whonix installation
|
||||||
|
export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1"
|
||||||
|
|
||||||
|
pushd ~/Whonix
|
||||||
|
sudo ~/Whonix/whonix_build \
|
||||||
|
--build $1 \
|
||||||
|
--64bit-linux \
|
||||||
|
--current-sources \
|
||||||
|
--enable-whonix-apt-repository \
|
||||||
|
--whonix-apt-repository-distribution $2 \
|
||||||
|
--install-to-root \
|
||||||
|
--skip-verifiable \
|
||||||
|
--minimal-report \
|
||||||
|
--skip-sanity-tests || { exit 1; }
|
||||||
|
popd
|
||||||
|
EOF
|
||||||
|
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Preparing Whonix for installation'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ]; then
|
||||||
|
info "Preparing Whonix system"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Initializing Whonix submodules'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
pushd "${WHONIX_DIR}"
|
||||||
|
{
|
||||||
|
git add Makefile || true
|
||||||
|
git commit Makefile -m 'Added Makefile' || true
|
||||||
|
su $(logname) -c "git submodule update --init --recursive";
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Faking grub installation since Whonix has depends on grub-pc'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
mkdir -p "${INSTALLDIR}/boot/grub"
|
||||||
|
cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub"
|
||||||
|
rm -f "${INSTALLDIR}/usr/sbin/update-grub"
|
||||||
|
chroot ln -s /bin/true /usr/sbin/update-grub
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Adding a user account for Whonix to build with'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
chroot id -u 'user' >/dev/null 2>&1 || \
|
||||||
|
{
|
||||||
|
# UID needs match host user to have access to Whonix sources
|
||||||
|
chroot groupadd -f user
|
||||||
|
[ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID"
|
||||||
|
chroot useradd -g user $USER_OPTS -G sudo,audio -m -s /bin/bash user
|
||||||
|
if [ `chroot id -u user` != 1000 ]; then
|
||||||
|
chroot useradd -g user -u 1000 -M -s /bin/bash user-placeholder
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Installing Whonix build scripts'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh"
|
||||||
|
chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Removing apt-listchanges if it exists,so no prompts appear'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
# Whonix does not handle this properly, but aptInstall packages will
|
||||||
|
aptRemove apt-listchanges || true
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Copying additional files required for build'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
copyTree "files"
|
||||||
|
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Installing Whonix code base'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ]; then
|
||||||
|
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
|
||||||
|
chroot su user -c 'mkdir /home/user/Whonix'
|
||||||
|
fi
|
||||||
|
|
||||||
|
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
|
||||||
|
|
||||||
|
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
||||||
|
BUILD_TYPE="--torgateway"
|
||||||
|
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
|
||||||
|
BUILD_TYPE="--torworkstation"
|
||||||
|
else
|
||||||
|
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
|
||||||
|
error "You need to set TEMPLATE_FLAVOR environment variable to either"
|
||||||
|
error "whonix-gateway OR whonix-workstation"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Whonix needs /dev/pts mounted during build
|
||||||
|
mount --bind /dev "${INSTALLDIR}/dev"
|
||||||
|
mount --bind /dev/pts "${INSTALLDIR}/dev/pts"
|
||||||
|
|
||||||
|
chroot su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; }
|
||||||
|
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.whonix_installed"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Whonix Post Installation Configurations'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_post" ]; then
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Restoring original network interfaces'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/etc/network"
|
||||||
|
{
|
||||||
|
rm -f interfaces;
|
||||||
|
ln -s interfaces.backup interfaces;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Temporarily retore original resolv.conf for remainder of install process'
|
||||||
|
info ' (Will be restored back in wheezy+whonix/04_qubes_install_post.sh)'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/etc"
|
||||||
|
{
|
||||||
|
rm -f resolv.conf;
|
||||||
|
cp -p resolv.conf.backup resolv.conf;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Temporarily retore original hosts for remainder of install process'
|
||||||
|
info ' (Will be restored on initial boot)'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/etc"
|
||||||
|
{
|
||||||
|
rm -f hosts;
|
||||||
|
cp -p hosts.anondist-orig hosts;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Restore default user UID set to so same in all builds regardless of build host'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
if [ -n "`chroot id -u user-placeholder`" ]; then
|
||||||
|
chroot userdel user-placeholder
|
||||||
|
chroot usermod -u 1000 user
|
||||||
|
fi
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Enable some aliases in .bashrc'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc"
|
||||||
|
sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc"
|
||||||
|
sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc"
|
||||||
|
sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc"
|
||||||
|
sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc"
|
||||||
|
sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc"
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Remove apt-cacher-ng'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
chroot service apt-cacher-ng stop || :
|
||||||
|
chroot update-rc.d apt-cacher-ng disable || :
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||||
|
chroot apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Remove original sources.list (Whonix copied them to .../debian.list)'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
rm -f "${INSTALLDIR}/etc/apt/sources.list"
|
||||||
|
|
||||||
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||||
|
chroot apt-get.anondist-orig update
|
||||||
|
|
||||||
|
touch "${INSTALLDIR}/${TMPDIR}/.whonix_post"
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Temporarily retore original apt-get for remainder of install process'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/usr/bin"
|
||||||
|
{
|
||||||
|
rm -f apt-get;
|
||||||
|
cp -p apt-get.anondist-orig apt-get;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
info ' Cleanup'
|
||||||
|
#### '----------------------------------------------------------------------
|
||||||
|
trap - ERR EXIT
|
||||||
|
trap
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/04_install_qubes_post.sh
|
|
40
scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh
Executable file
40
scripts_debian/wheezy+whonix-gateway/04_install_qubes_post.sh
Executable file
@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Installing qubes-whonix package(s)'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
# If .prepared_debootstrap has not been completed, don't continue
|
||||||
|
exitOnNoFile "${INSTALLDIR}/${TMPDIR}/.prepared_qubes" "prepared_qubes installataion has not completed!... Exiting"
|
||||||
|
|
||||||
|
# Create system mount points.
|
||||||
|
prepareChroot
|
||||||
|
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Trap ERR and EXIT signals and cleanup (umount)'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
trap cleanup ERR
|
||||||
|
trap cleanup EXIT
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Installing qubes-whonix and other required packages'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
# whonix-setup-wizard expects '/usr/local/share/applications' directory to exist
|
||||||
|
chroot mkdir -p '/usr/local/share/applications' # whonix-setup-wizard needs this
|
||||||
|
|
||||||
|
installQubesRepo
|
||||||
|
aptInstall python-guimessages whonix-setup-wizard qubes-whonix
|
||||||
|
uninstallQubesRepo
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Cleanup'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
umount_all "${INSTALLDIR}/" || true
|
||||||
|
trap - ERR EXIT
|
||||||
|
trap
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/09_cleanup_post.sh
|
|
40
scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh
Executable file
40
scripts_debian/wheezy+whonix-gateway/09_cleanup_post.sh
Executable file
@ -0,0 +1,40 @@
|
|||||||
|
#!/bin/bash -e
|
||||||
|
# vim: set ts=4 sw=4 sts=4 et :
|
||||||
|
|
||||||
|
source "${SCRIPTSDIR}/vars.sh"
|
||||||
|
source "${SCRIPTSDIR}/distribution.sh"
|
||||||
|
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
debug ' Whonix post installation cleanup'
|
||||||
|
##### '-------------------------------------------------------------------------
|
||||||
|
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Restoring Whonix apt-get'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/usr/bin"
|
||||||
|
{
|
||||||
|
rm -f apt-get;
|
||||||
|
cp -p apt-get.anondist apt-get;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Restoring Whonix resolv.conf'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
pushd "${INSTALLDIR}/etc"
|
||||||
|
{
|
||||||
|
rm -f resolv.conf;
|
||||||
|
cp -p resolv.conf.anondist resolv.conf;
|
||||||
|
}
|
||||||
|
popd
|
||||||
|
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
info ' Removing files created during installation that are no longer required'
|
||||||
|
#### '--------------------------------------------------------------------------
|
||||||
|
rm -rf "${INSTALLDIR}/home.orig/user/Whonix"
|
||||||
|
rm -rf "${INSTALLDIR}/home.orig/user/whonix_binary"
|
||||||
|
rm -f "${INSTALLDIR}/home.orig/user/whonix_fix"
|
||||||
|
rm -f "${INSTALLDIR}/home.orig/user/whonix_build.sh"
|
||||||
|
rm -f "${INSTALLDIR}/etc/sudoers.d/whonix-build"
|
||||||
|
rm -f "${TMPDIR}/etc/sudoers.d/whonix-build"
|
@ -1,28 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Source external scripts
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
|
||||||
. ./umount_kill.sh >/dev/null
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Configurations
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# whonix-netvm-gateway contains last known IP used to search and replace
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Install Custom Configurations
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
|
|
||||||
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
|
|
||||||
fi
|
|
@ -1,108 +1,3 @@
|
|||||||
# file: .
|
|
||||||
# owner: user
|
|
||||||
# group: user
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd/system
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-firewall.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-network.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-init.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/hosts
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/uwt.d
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/uwt.d/50_uwt_default
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/xdg
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg/autostart
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg/autostart/qubes-whonixsetup.desktop
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/apt
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/hostname
|
# file: etc/hostname
|
||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
@ -114,7 +9,7 @@ other::r--
|
|||||||
# owner: root
|
# owner: root
|
||||||
# group: root
|
# group: root
|
||||||
user::rwx
|
user::rwx
|
||||||
group::r-x
|
group::--x
|
||||||
other::---
|
other::---
|
||||||
|
|
||||||
# file: etc/sudoers.d/whonix-build
|
# file: etc/sudoers.d/whonix-build
|
||||||
@ -124,129 +19,3 @@ user::r--
|
|||||||
group::r--
|
group::r--
|
||||||
other::---
|
other::---
|
||||||
|
|
||||||
# file: .facl
|
|
||||||
# owner: user
|
|
||||||
# group: user
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/utility_functions
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/bind-dirs.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-whonix-bind.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/replace-ips
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/init.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/whonixcheck.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/network-proxy-setup.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-whonix-tor.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/messages.yaml
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/alert
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/qubes-whonixsetup
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/enable-iptables-logging.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
## Anonymity Distribution /etc/hosts
|
|
||||||
|
|
||||||
## Anonymity Distribution specific
|
|
||||||
127.0.0.1 host.localdomain host
|
|
||||||
## End of Anonymity Distribution specific
|
|
||||||
|
|
||||||
## End of Anonymity Distribution /etc/hosts
|
|
@ -1,6 +0,0 @@
|
|||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "1" ]; then
|
|
||||||
uwtwrapper["/usr/bin/apt-get"]="0"
|
|
||||||
fi
|
|
@ -1,8 +0,0 @@
|
|||||||
## This file is part of Whonix.
|
|
||||||
## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
|
|
||||||
## See the file COPYING for copying conditions.
|
|
||||||
|
|
||||||
[Desktop Entry]
|
|
||||||
Type=Application
|
|
||||||
Terminal=false
|
|
||||||
Exec=/usr/lib/whonix/qubes-whonixsetup
|
|
@ -1,12 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Qubes Whonix firewall updater
|
|
||||||
After=qubes-whonix-network.service
|
|
||||||
Before=network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
ExecStart=/usr/lib/whonix/init/qubes-whonix-firewall.sh
|
|
||||||
StandardOutput=syslog
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
Alias=qubes-firewall.service
|
|
@ -1,13 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Qubes Whonix initialization script
|
|
||||||
After=qubes-whonix-network.service
|
|
||||||
Before=qubes-whonix-firewall.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStart=/usr/lib/whonix/init/init.sh
|
|
||||||
StandardOutput=syslog
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,15 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Qubes Whonix network proxy setup
|
|
||||||
ConditionPathExists=/var/run/qubes-service/qubes-network
|
|
||||||
Before=network.target
|
|
||||||
After=iptables.service
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=oneshot
|
|
||||||
RemainAfterExit=yes
|
|
||||||
ExecStart=/usr/lib/whonix/init/network-proxy-setup.sh
|
|
||||||
StandardOutput=syslog
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
||||||
Alias=qubes-network.service
|
|
@ -1,90 +0,0 @@
|
|||||||
#!/usr/bin/python
|
|
||||||
|
|
||||||
#
|
|
||||||
# Copyright 2014 Jason Mehring (nrgaway@gmail.com)
|
|
||||||
#
|
|
||||||
|
|
||||||
from PyQt4 import QtGui
|
|
||||||
import locale
|
|
||||||
import yaml
|
|
||||||
|
|
||||||
DEFAULT_LANG = 'en'
|
|
||||||
|
|
||||||
class Messages():
|
|
||||||
filename = None
|
|
||||||
data = None
|
|
||||||
language = DEFAULT_LANG
|
|
||||||
title = None
|
|
||||||
icon = None
|
|
||||||
message = None
|
|
||||||
|
|
||||||
def __init__(self, section, filename):
|
|
||||||
self.filename = filename
|
|
||||||
|
|
||||||
language = locale.getdefaultlocale()[0].split('_')[0]
|
|
||||||
if language:
|
|
||||||
self.language = language
|
|
||||||
|
|
||||||
try:
|
|
||||||
stream = file(filename, 'r')
|
|
||||||
data = yaml.load(stream)
|
|
||||||
|
|
||||||
if section in data.keys():
|
|
||||||
section = data[section]
|
|
||||||
|
|
||||||
self.icon = section.get('icon', None)
|
|
||||||
|
|
||||||
language = section.get(self.language, DEFAULT_LANG)
|
|
||||||
|
|
||||||
self.title = language.get('title', None)
|
|
||||||
self.message = language.get('message', None)
|
|
||||||
|
|
||||||
except (IOError):
|
|
||||||
pass
|
|
||||||
except (yaml.scanner.ScannerError, yaml.parser.ParserError):
|
|
||||||
pass
|
|
||||||
|
|
||||||
class WhonixMessageBox(QtGui.QMessageBox):
|
|
||||||
def __init__(self, message):
|
|
||||||
super(WhonixMessageBox, self).__init__()
|
|
||||||
self.message = message
|
|
||||||
self.initUI()
|
|
||||||
|
|
||||||
def initUI(self):
|
|
||||||
message = self.message
|
|
||||||
|
|
||||||
if message.title:
|
|
||||||
self.setWindowTitle(message.title)
|
|
||||||
|
|
||||||
if message.icon:
|
|
||||||
self.setIcon(getattr(QtGui.QMessageBox, message.icon))
|
|
||||||
|
|
||||||
if message.message:
|
|
||||||
self.setText(message.message)
|
|
||||||
self.exec_()
|
|
||||||
|
|
||||||
import argparse
|
|
||||||
import sys
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def main():
|
|
||||||
parser = argparse.ArgumentParser(description='Display a QT Message Box')
|
|
||||||
|
|
||||||
parser.add_argument('section', help="Message section")
|
|
||||||
parser.add_argument('filename', help="File including full path")
|
|
||||||
|
|
||||||
args = parser.parse_args()
|
|
||||||
|
|
||||||
if not args.filename and args.section:
|
|
||||||
print parser.usage()
|
|
||||||
sys.exit(1)
|
|
||||||
|
|
||||||
app = QtGui.QApplication(sys.argv)
|
|
||||||
|
|
||||||
message = Messages(args.section, args.filename)
|
|
||||||
dialog = WhonixMessageBox(message)
|
|
||||||
sys.exit()
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
|
||||||
main()
|
|
@ -1,58 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
#
|
|
||||||
# To umount all binds, just pass any arg in $1
|
|
||||||
#
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
# Don't run if started as a template
|
|
||||||
if ! [ "${WHONIX}" == "template" ]; then
|
|
||||||
# Array of directories to bind
|
|
||||||
BINDS=(
|
|
||||||
'/rw/srv/whonix/root/.whonix:/root/.whonix'
|
|
||||||
'/rw/srv/whonix/root/.whonix.d:/root/.whonix.d'
|
|
||||||
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
|
|
||||||
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
|
|
||||||
'/rw/srv/whonix/etc/tor:/etc/tor'
|
|
||||||
)
|
|
||||||
|
|
||||||
for bind in ${BINDS[@]}; do
|
|
||||||
rw_dir="${bind%%:*}"
|
|
||||||
ro_dir="${bind##*:}"
|
|
||||||
|
|
||||||
# Make sure ro directory is not mounted
|
|
||||||
umount "${ro_dir}" 2> /dev/null || true
|
|
||||||
|
|
||||||
if [ -n "${1}" ]; then
|
|
||||||
echo "Umounting only..."
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Make sure ro directory exists
|
|
||||||
if ! [ -d "${ro_dir}" ]; then
|
|
||||||
mkdir -p "${ro_dir}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Initially copy over data directories to /rw if rw directory does not exist
|
|
||||||
if ! [ -d "${rw_dir}" ]; then
|
|
||||||
mkdir -p "${rw_dir}"
|
|
||||||
rsync -hax "${ro_dir}/." "${rw_dir}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Bind the directory
|
|
||||||
sync
|
|
||||||
mount --bind "${rw_dir}" "${ro_dir}"
|
|
||||||
done
|
|
||||||
sync
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
|
||||||
# Make sure we remove whonixsetup.done if Tor is not enabled
|
|
||||||
# to allow choice of repo and prevent whonixcheck errors
|
|
||||||
grep "^DisableNetwork 0$" /etc/tor/torrc || {
|
|
||||||
sudo rm -f /var/lib/whonix/do_once/whonixsetup.done
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
|
|
||||||
exit 0
|
|
@ -1,30 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# Check /var/log/kern.log for logging results
|
|
||||||
|
|
||||||
LOG_IP4=1
|
|
||||||
LOG_IP6=0
|
|
||||||
|
|
||||||
# for IPv4
|
|
||||||
if [ "$LOG_IP4" == "1" ]; then
|
|
||||||
iptables -t raw -A OUTPUT -p icmp -j TRACE
|
|
||||||
iptables -t raw -A PREROUTING -p icmp -j TRACE
|
|
||||||
modprobe ipt_LOG
|
|
||||||
fi
|
|
||||||
|
|
||||||
# for IPv6
|
|
||||||
if [ "$LOG_IP6" == "1" ]; then
|
|
||||||
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-request -j TRACE
|
|
||||||
ip6tables -t raw -A OUTPUT -p icmpv6 --icmpv6-type echo-reply -j TRACE
|
|
||||||
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-request -j TRACE
|
|
||||||
ip6tables -t raw -A PREROUTING -p icmpv6 --icmpv6-type echo-reply -j TRACE
|
|
||||||
modprobe ip6t_LOG
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Redirect local port to remote via socat
|
|
||||||
#apt-get install socat
|
|
||||||
#socat TCP4-LISTEN:8082,fork,mode=0666,user=root,group=root TCP4:10.137.255.254:8082
|
|
||||||
#
|
|
||||||
# Works
|
|
||||||
# localhost/loopback maps localhost port 8082 to localhost port 8888
|
|
||||||
#iptables -t nat -I OUTPUT -p tcp -d 127.0.0.1 --dport 8082 -j REDIRECT --to-ports 8888
|
|
@ -1,30 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
if [ "${WHONIX}" != "template" ]; then
|
|
||||||
# Files that will have the immutable bit set
|
|
||||||
# since we don't want them modified by other programs
|
|
||||||
IMMUTABLE_FILES=(
|
|
||||||
'/etc/resolv.conf'
|
|
||||||
'/etc/hostname'
|
|
||||||
'/etc/hosts'
|
|
||||||
)
|
|
||||||
|
|
||||||
# Make sure all .anondist files in list are immutable
|
|
||||||
immutableFilesEnable "${IMMUTABLE_FILES}"
|
|
||||||
immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"
|
|
||||||
|
|
||||||
# Make sure we are using a copy of the annondist file and if not
|
|
||||||
# copy the annondist file and set it immutable
|
|
||||||
copyAnondist "/etc/resolv.conf"
|
|
||||||
copyAnondist "/etc/hosts"
|
|
||||||
copyAnondist "/etc/hostname"
|
|
||||||
|
|
||||||
# Replace IP addresses in known configuration files / scripts to
|
|
||||||
# currently discovered one
|
|
||||||
/usr/lib/whonix/init/replace-ips
|
|
||||||
|
|
||||||
# Make sure hostname is correct
|
|
||||||
/bin/hostname host
|
|
||||||
fi
|
|
@ -1,57 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
INTERFACE="eth1"
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
|
||||||
|
|
||||||
if [ -x /usr/sbin/xenstore-read ]; then
|
|
||||||
XENSTORE_READ="/usr/sbin/xenstore-read"
|
|
||||||
else
|
|
||||||
XENSTORE_READ="/usr/bin/xenstore-read"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Setup Xen / Qubes proxy
|
|
||||||
network=$(xenstore-read qubes-netvm-network 2>/dev/null)
|
|
||||||
if [ "x$network" != "x" ]; then
|
|
||||||
gateway=$(xenstore-read qubes-netvm-gateway)
|
|
||||||
netmask=$(xenstore-read qubes-netvm-netmask)
|
|
||||||
secondary_dns=$(xenstore-read qubes-netvm-secondary-dns)
|
|
||||||
modprobe netbk 2> /dev/null || modprobe xen-netback
|
|
||||||
echo "NS1=$gateway" > /var/run/qubes/qubes-ns
|
|
||||||
echo "NS2=$secondary_dns" >> /var/run/qubes/qubes-ns
|
|
||||||
#/usr/lib/qubes/qubes-setup-dnat-to-ns
|
|
||||||
echo "0" > /proc/sys/net/ipv4/ip_forward
|
|
||||||
/sbin/ethtool -K eth0 sg off || :
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Now, assign it the netvm-gateway IP address
|
|
||||||
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
|
|
||||||
if [ x${ip} != x ]; then
|
|
||||||
# Create a dummy eth1 interface so tor can bind to it if there
|
|
||||||
# are no DOMU virtual machines connected at the moment
|
|
||||||
/sbin/ip link add ${INTERFACE} type dummy
|
|
||||||
|
|
||||||
netmask=$(${XENSTORE_READ} qubes-netvm-netmask)
|
|
||||||
gateway=$(${XENSTORE_READ} qubes-netvm-gateway)
|
|
||||||
/sbin/ifconfig ${INTERFACE} ${ip} netmask 255.255.255.255
|
|
||||||
/sbin/ifconfig ${INTERFACE} up
|
|
||||||
/sbin/ethtool -K ${INTERFACE} sg off || true
|
|
||||||
/sbin/ethtool -K ${INTERFACE} tx off || true
|
|
||||||
|
|
||||||
ip link set ${INTERFACE} up
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "0" > /proc/sys/net/ipv4/ip_forward
|
|
||||||
|
|
||||||
# Allow whonix-gateway to act as an update-proxy
|
|
||||||
touch /var/run/qubes-service/qubes-updates-proxy
|
|
||||||
|
|
||||||
# Search and replace tinyproxy error files so we can inject code that
|
|
||||||
# we can use to identify that its a tor proxy so updates are secure
|
|
||||||
error_file="/usr/share/tinyproxy/default.html"
|
|
||||||
grep -q "${PROXY_META}" "${error_file}" || {
|
|
||||||
sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
|
|
||||||
}
|
|
||||||
fi
|
|
@ -1,49 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
if [ -x /usr/sbin/xenstore-read ]; then
|
|
||||||
XENSTORE_READ="/usr/sbin/xenstore-read"
|
|
||||||
else
|
|
||||||
XENSTORE_READ="/usr/bin/xenstore-read"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Make sure IP forwarding is disabled
|
|
||||||
echo "0" > /proc/sys/net/ipv4/ip_forward
|
|
||||||
|
|
||||||
if [ "${WHONIX}" != "template" ]; then
|
|
||||||
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
|
|
||||||
|
|
||||||
# Start Whonix Firewall
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
|
||||||
export INT_IF="vif+"
|
|
||||||
export INT_TIF="vif+"
|
|
||||||
|
|
||||||
# Inject custom firewall rules into whonix_firewall
|
|
||||||
sed -i -f - /usr/bin/whonix_firewall <<-EOF
|
|
||||||
/^## IPv4 DROP INVALID INCOMING PACKAGES/,/######################################/c \\
|
|
||||||
## IPv4 DROP INVALID INCOMING PACKAGES \\
|
|
||||||
## \\
|
|
||||||
## --- THE FOLLOWING WS INJECTED --- \\
|
|
||||||
## Qubes Tiny Proxy Updater \\
|
|
||||||
iptables -t nat -N PR-QBS-SERVICES \\
|
|
||||||
iptables -A INPUT -i vif+ -p tcp -m tcp --dport 8082 -j ACCEPT \\
|
|
||||||
iptables -A OUTPUT -o vif+ -p tcp -m tcp --sport 8082 -j ACCEPT \\
|
|
||||||
iptables -t nat -A PREROUTING -j PR-QBS-SERVICES \\
|
|
||||||
iptables -t nat -A PR-QBS-SERVICES -d 10.137.255.254/32 -i vif+ -p tcp -m tcp --dport 8082 -j REDIRECT \\
|
|
||||||
iptables -t nat -A OUTPUT -p udp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:53 \\
|
|
||||||
iptables -t nat -A OUTPUT -p tcp -m owner --uid-owner tinyproxy -m conntrack --ctstate NEW -j DNAT --to ${ip}:9040 \\
|
|
||||||
\\
|
|
||||||
# Route any traffic FROM netvm TO netvm BACK-TO localhost \\
|
|
||||||
# Allows localhost access to tor network \\
|
|
||||||
#iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 \\
|
|
||||||
######################################
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Load the firewall
|
|
||||||
# XXX: TODO: Take down all network accesss if firewall fails
|
|
||||||
/usr/bin/whonix_firewall
|
|
||||||
|
|
||||||
systemctl restart qubes-updates-proxy.service
|
|
||||||
fi
|
|
@ -1,16 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description = Anonymizing overlay network for TCP
|
|
||||||
After = syslog.target network.target nss-lookup.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type = simple
|
|
||||||
ExecStart = /usr/bin/tor --runasdaemon 0 --defaults-torrc /usr/share/tor/tor-service-defaults-torrc -f /etc/tor/torrc --quiet
|
|
||||||
ExecReload = /bin/kill -HUP ${MAINPID}
|
|
||||||
ExecStop = /bin/kill -INT ${MAINPID}
|
|
||||||
TimeoutSec = 60
|
|
||||||
Restart = on-failure
|
|
||||||
LimitNOFILE = 32768
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy = multi-user.target
|
|
||||||
Alias=tor.service
|
|
@ -1,118 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
# Search though files and updates IP address to the current
|
|
||||||
# IP address(es)
|
|
||||||
|
|
||||||
FILES=(
|
|
||||||
'/usr/lib/leaktest-workstation/simple_ping.py'
|
|
||||||
'/usr/lib/whonixcheck/preparation'
|
|
||||||
'/usr/share/anon-kde-streamiso/share/config/kioslaverc'
|
|
||||||
'/usr/bin/whonix_firewall'
|
|
||||||
'/etc/whonix_firewall.d/30_default'
|
|
||||||
'/usr/lib/anon-shared-helper-scripts/tor_bootstrap_check.bsh'
|
|
||||||
'/usr/bin/uwt'
|
|
||||||
'/etc/uwt.d/30_uwt_default'
|
|
||||||
'/usr/share/tor/tor-service-defaults-torrc.anondist'
|
|
||||||
'/usr/bin/update-torbrowser'
|
|
||||||
'/etc/network/interfaces.whonix'
|
|
||||||
'/etc/resolv.conf.anondist'
|
|
||||||
'/etc/sdwdate.d/31_anon_dist_stream_isolation_plugin'
|
|
||||||
'/etc/rinetd.conf.anondist'
|
|
||||||
'/etc/network/interfaces.whonix'
|
|
||||||
'/usr/share/anon-torchat/.torchat/torchat.ini'
|
|
||||||
)
|
|
||||||
|
|
||||||
# sed search and replace. return 0 if replace happened, otherwise 1
|
|
||||||
search_replace() {
|
|
||||||
local search="${1}"
|
|
||||||
local replace="${2}"
|
|
||||||
local file="${3}"
|
|
||||||
local retval=1
|
|
||||||
|
|
||||||
if ! [ -L "${file}" ]; then
|
|
||||||
ls_attrs="$(lsattr "${file}")"
|
|
||||||
ls_attrs=${ls_attrs:4:1}
|
|
||||||
if [ "${ls_attrs}" == "i" ]; then
|
|
||||||
chattr -i "${file}"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
|
|
||||||
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
|
|
||||||
retval=$?
|
|
||||||
|
|
||||||
if [ "${ls_attrs}" = "i" ]; then
|
|
||||||
chattr +i "${file}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
return $retval
|
|
||||||
}
|
|
||||||
|
|
||||||
function replace_ips()
|
|
||||||
{
|
|
||||||
local search_ip="${1}"
|
|
||||||
local replace_ip="${2}"
|
|
||||||
local files=("${!3}")
|
|
||||||
local retval=1
|
|
||||||
|
|
||||||
# If IP is 10.152.152.10, network is 10.152.152.0
|
|
||||||
search_network="${search_ip%[.]*}.0"
|
|
||||||
replace_network="${replace_ip%[.]*}.0"
|
|
||||||
|
|
||||||
if ! [ "${search_ip}" = "${replace_ip}" ]; then
|
|
||||||
for file in "${files[@]}"; do
|
|
||||||
if [ -f "$file" ]; then
|
|
||||||
search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0
|
|
||||||
search_replace "${search_network}" "${replace_network}" "${file}" && retval=0
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
fi
|
|
||||||
|
|
||||||
return $retval
|
|
||||||
}
|
|
||||||
|
|
||||||
update_ip() {
|
|
||||||
ip=${1}
|
|
||||||
|
|
||||||
echo "${ip}" > /etc/whonix-netvm-gateway
|
|
||||||
grep '^DisableNetwork 0$' /etc/tor/torrc && {
|
|
||||||
service tor status && {
|
|
||||||
service tor reload || true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
|
||||||
ip="$(xenstore-read qubes-netvm-gateway)"
|
|
||||||
if [ x${ip} != x ]; then
|
|
||||||
# Compare to current IP address assiged by Qubes
|
|
||||||
replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}"
|
|
||||||
|
|
||||||
# Do again; checking for original 10.152.152.10 incase of update
|
|
||||||
replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}"
|
|
||||||
|
|
||||||
# Do again; checking for original 10.152.152.11 incase of update
|
|
||||||
replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${WHONIX}" == "workstation" ]; then
|
|
||||||
ip="$(xenstore-read qubes-ip)"
|
|
||||||
gateway="$(xenstore-read qubes-gateway)"
|
|
||||||
|
|
||||||
if [ x${ip} != x ]; then
|
|
||||||
# Compare to current IP address assiged by Qubes
|
|
||||||
replace_ips "$(cat /etc/whonix-ip)" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip
|
|
||||||
|
|
||||||
# Do again; checking for original 10.152.152.11 incase of update
|
|
||||||
replace_ips "10.152.152.11" "${ip}" FILES[@] && echo "${ip}" > /etc/whonix-ip
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ x${gateway} != x ]; then
|
|
||||||
# Compare to current gateway IP address assiged by Qubes
|
|
||||||
replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway
|
|
||||||
|
|
||||||
# Do again; checking for original 10.152.152.10 incase of update
|
|
||||||
replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway
|
|
||||||
fi
|
|
||||||
fi
|
|
@ -1,18 +0,0 @@
|
|||||||
[Unit]
|
|
||||||
Description=Checks many important aspects of Whonix.
|
|
||||||
After=syslog.target network.target
|
|
||||||
|
|
||||||
[Service]
|
|
||||||
Type=forking
|
|
||||||
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/run/whonixcheck
|
|
||||||
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonixcheck
|
|
||||||
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonix/whonixblog
|
|
||||||
ExecStart=/usr/lib/whonixcheckdaemon
|
|
||||||
PIDFile=/var/run/whonixcheck.pid
|
|
||||||
User=user
|
|
||||||
Group=user
|
|
||||||
UMask=0007
|
|
||||||
StandardOutput=syslog
|
|
||||||
|
|
||||||
[Install]
|
|
||||||
WantedBy=multi-user.target
|
|
@ -1,9 +0,0 @@
|
|||||||
|
|
||||||
update:
|
|
||||||
icon: Critical
|
|
||||||
en:
|
|
||||||
title: Tor netvm required for updates
|
|
||||||
message: |
|
|
||||||
<p><B>Tor netvm required for updates!</B></p>
|
|
||||||
<p>Please ensure your template vm has a Whonix gateway as it's VM.</p>
|
|
||||||
<p>No updates are possible without an active (running) Whonix gateway VM.</p>
|
|
@ -1,41 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
. /usr/lib/whonix/utility_functions
|
|
||||||
|
|
||||||
if ! [ "${WHONIX}" == "template" ]; then
|
|
||||||
sudo /usr/lib/whonix/bind-dirs.sh
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "gateway" ]; then
|
|
||||||
if grep "^DisableNetwork 0$" /etc/tor/torrc ;then
|
|
||||||
sudo service sdwdate restart
|
|
||||||
sudo service tor restart
|
|
||||||
else
|
|
||||||
sudo service sdwdate restart
|
|
||||||
sudo service tor stop
|
|
||||||
sudo /usr/bin/whonixsetup
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${WHONIX}" == "workstation" ]; then
|
|
||||||
sudo service sdwdate restart
|
|
||||||
if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then
|
|
||||||
sudo /usr/bin/whonixsetup
|
|
||||||
fi
|
|
||||||
|
|
||||||
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
|
|
||||||
# Set secure defaults.
|
|
||||||
sudo iptables -P INPUT DROP
|
|
||||||
sudo iptables -P FORWARD DROP
|
|
||||||
sudo iptables -P OUTPUT DROP
|
|
||||||
|
|
||||||
# Flush old rules.
|
|
||||||
sudo iptables -F
|
|
||||||
sudo iptables -X
|
|
||||||
sudo iptables -t nat -F
|
|
||||||
sudo iptables -t nat -X
|
|
||||||
sudo iptables -t mangle -F
|
|
||||||
sudo iptables -t mangle -X
|
|
||||||
|
|
||||||
# Display warning that netvm is not connected to a torvm
|
|
||||||
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml
|
|
||||||
fi
|
|
@ -1,94 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# /etc/uwt.d/50_uwt_default relies on this in order to allow connection
|
|
||||||
# to proxy for template
|
|
||||||
PROXY_SERVER="http://10.137.255.254:8082/"
|
|
||||||
PROXY_META='<meta name=\"application-name\" content=\"tor proxy\"\/>'
|
|
||||||
|
|
||||||
if [ -f "/var/run/qubes-service/updates-proxy-setup" ]; then
|
|
||||||
WHONIX="template"
|
|
||||||
elif [ -f "/usr/share/anon-gw-base-files/gateway" ]; then
|
|
||||||
WHONIX="gateway"
|
|
||||||
elif [ -f "/usr/share/anon-ws-base-files/workstation" ]; then
|
|
||||||
WHONIX="workstation"
|
|
||||||
else
|
|
||||||
WHONIX="unknown"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ "${WHONIX}" == "template" ]; then
|
|
||||||
curl.anondist-orig "${PROXY_SERVER}" | grep -q "${PROXY_META}" && {
|
|
||||||
PROXY_SECURE=1
|
|
||||||
} || {
|
|
||||||
PROXY_SECURE=0
|
|
||||||
}
|
|
||||||
fi
|
|
||||||
|
|
||||||
immutableFilesEnable() {
|
|
||||||
files="${1}"
|
|
||||||
suffix="${2}"
|
|
||||||
|
|
||||||
for file in "${files[@]}"; do
|
|
||||||
if [ -f "${file}" ] && ! [ -L "${file}" ]; then
|
|
||||||
sudo chattr +i "${file}${suffix}"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
immutableFilesDisable() {
|
|
||||||
files="${1}"
|
|
||||||
suffix="${2}"
|
|
||||||
|
|
||||||
for file in "${files[@]}"; do
|
|
||||||
if [ -f "${file}" ] && ! [ -L "${file}" ]; then
|
|
||||||
sudo chattr -i "${file}${suffix}"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
copyAnondist() {
|
|
||||||
file="${1}"
|
|
||||||
suffix="${2-.anondist}"
|
|
||||||
|
|
||||||
# Remove any softlinks first
|
|
||||||
if [ -L "${file}" ]; then
|
|
||||||
sudo rm -f "${file}"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -f "${file}" ] && [ -n "$(diff ${file} ${file}${suffix})" ]; then
|
|
||||||
sudo chattr -i "${file}"
|
|
||||||
sudo rm -f "${file}"
|
|
||||||
sudo cp -p "${file}${suffix}" "${file}"
|
|
||||||
sudo chattr +i "${file}"
|
|
||||||
elif ! [ -f "${file}" ]; then
|
|
||||||
sudo cp -p "${file}${suffix}" "${file}"
|
|
||||||
sudo chattr +i "${file}"
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
# Will only enable / disable if service is not already in that state
|
|
||||||
enable_sysv() {
|
|
||||||
servicename=${1}
|
|
||||||
disable=${2-0}
|
|
||||||
|
|
||||||
# Check to see if the service is already enabled and if not, enable it
|
|
||||||
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
|
|
||||||
|
|
||||||
if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then
|
|
||||||
case ${disable} in
|
|
||||||
0)
|
|
||||||
echo "${1} is currently disabled; enabling it"
|
|
||||||
sudo systemctl --quiet enable ${servicename}
|
|
||||||
;;
|
|
||||||
1)
|
|
||||||
echo "${1} is currently enabled; disabling it"
|
|
||||||
sudo service ${servicename} stop
|
|
||||||
sudo systemctl --quiet disable ${servicename}
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
disable_sysv() {
|
|
||||||
enable_sysv ${1} 1
|
|
||||||
}
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/packages_wheezy.list
|
|
@ -1,7 +1,8 @@
|
|||||||
git
|
|
||||||
curl
|
|
||||||
sudo
|
sudo
|
||||||
locales
|
locales
|
||||||
|
haveged
|
||||||
|
|
||||||
|
curl
|
||||||
console-data
|
console-data
|
||||||
console-common
|
console-common
|
||||||
initramfs-tools
|
initramfs-tools
|
||||||
@ -12,17 +13,14 @@ less
|
|||||||
lsof
|
lsof
|
||||||
most
|
most
|
||||||
pciutils
|
pciutils
|
||||||
strace
|
|
||||||
sysfsutils
|
sysfsutils
|
||||||
usbutils
|
usbutils
|
||||||
lsb-release
|
lsb-release
|
||||||
acpi-support-base
|
|
||||||
haveged
|
|
||||||
|
|
||||||
build-essential:native
|
build-essential:native
|
||||||
gcc
|
gcc
|
||||||
fakeroot
|
fakeroot
|
||||||
lintian
|
lintian
|
||||||
|
|
||||||
rsync
|
rsync
|
||||||
grub-pc
|
grub-pc
|
||||||
|
|
1
scripts_debian/wheezy+whonix-workstation
Symbolic link
1
scripts_debian/wheezy+whonix-workstation
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
wheezy+whonix-gateway
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/00_prepare_pre.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/01_install_core_post.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/02_install_groups_packages_installed.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/04_install_qubes_post.sh
|
|
@ -1 +0,0 @@
|
|||||||
../wheezy+whonix/09_cleanup_post.sh
|
|
@ -1,30 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
# vim: set ts=4 sw=4 sts=4 et :
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Source external scripts
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
. ${SCRIPTSDIR}/vars.sh
|
|
||||||
. ./umount_kill.sh >/dev/null
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# Configurations
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
||||||
set -x
|
|
||||||
else
|
|
||||||
set -e
|
|
||||||
fi
|
|
||||||
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
# whonix-netvm-gateway contains last known IP used to search and replace
|
|
||||||
# ------------------------------------------------------------------------------
|
|
||||||
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
# Install Custom Configurations
|
|
||||||
# --------------------------------------------------------------------------
|
|
||||||
echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
|
|
||||||
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
|
|
||||||
|
|
||||||
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
|
|
||||||
fi
|
|
@ -1,224 +0,0 @@
|
|||||||
# file: .
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd/system
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-firewall.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-network.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: lib/systemd/system/qubes-whonix-init.service
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/hosts
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/uwt.d
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/uwt.d/50_uwt_default
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/xdg
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg/autostart
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: etc/xdg/autostart/qubes-whonixsetup.desktop
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/hostname
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: etc/sudoers.d
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::---
|
|
||||||
|
|
||||||
# file: etc/sudoers.d/whonix-build
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::r--
|
|
||||||
group::r--
|
|
||||||
other::---
|
|
||||||
|
|
||||||
# file: .facl
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/utility_functions
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/bind-dirs.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/qubes-whonix-firewall.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/replace-ips
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/init.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/init/network-proxy-setup.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/messages.yaml
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rw-
|
|
||||||
group::r--
|
|
||||||
other::r--
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/alert
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/qubes-whonixsetup
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
||||||
# file: usr/lib/whonix/enable-iptables-logging.sh
|
|
||||||
# owner: root
|
|
||||||
# group: root
|
|
||||||
user::rwx
|
|
||||||
group::r-x
|
|
||||||
other::r-x
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
host
|
|
@ -1,7 +0,0 @@
|
|||||||
## Anonymity Distribution /etc/hosts
|
|
||||||
|
|
||||||
## Anonymity Distribution specific
|
|
||||||
127.0.0.1 host.localdomain host
|
|
||||||
## End of Anonymity Distribution specific
|
|
||||||
|
|
||||||
## End of Anonymity Distribution /etc/hosts
|
|
@ -1 +0,0 @@
|
|||||||
user ALL=(ALL) NOPASSWD: ALL
|
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user