diff --git a/qubeize_image b/qubeize_image index 848fcfb..a4acbc1 100755 --- a/qubeize_image +++ b/qubeize_image @@ -83,7 +83,7 @@ echo "--> Linking /usr/local to /rw/usrlocal..." mv mnt/usr/local mnt/usr/local.orig ln -sf /rw/usrlocal mnt/usr/local -if ! [ -r mnt/etc/sysconfig/i18n ]; then +if [ -e mnt/etc/sysconfig/i18n ]; then echo "--> Setting up default locale..." echo LC_CTYPE=en_US.UTF-8 > mnt/etc/sysconfig/i18n fi diff --git a/scripts_debian/00_prepare.sh b/scripts_debian/00_prepare.sh new file mode 100755 index 0000000..c530c0f --- /dev/null +++ b/scripts_debian/00_prepare.sh @@ -0,0 +1,5 @@ +#!/bin/sh -x +# vim: set ts=4 sw=4 sts=4 et : + +# This script does nothing now. + diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh new file mode 100755 index 0000000..f814f6c --- /dev/null +++ b/scripts_debian/01_install_core.sh @@ -0,0 +1,11 @@ +#!/bin/sh +# vim: set ts=4 sw=4 sts=4 et : + +. $SCRIPTSDIR/vars.sh + +echo "-> Installing base debian system" + +COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ + --components=main --keyring=${SCRIPTSDIR}/debian-archive-keyring.gpg \ + $DEBIANVERSION "$INSTALLDIR" || { echo "Debootstrap failed!"; exit 1; } + diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh new file mode 100755 index 0000000..5acd628 --- /dev/null +++ b/scripts_debian/02_install_groups.sh @@ -0,0 +1,44 @@ +#!/bin/sh +# vim: set ts=4 sw=4 sts=4 et : + +. $SCRIPTSDIR/vars.sh + +# Set up a temporary policy-rc.d to prevent apt from starting services +# on package installation +cat > $BUILDCHROOT/usr/sbin/policy-rc.d < Adding debian-security repository." + # security.debian.org only makes sense for stable/wheezy + echo "deb http://security.debian.org/ ${DEBIANVERSION}/updates main" \ + >> "$INSTALLDIR/etc/apt/sources.list" + echo "deb-src http://security.debian.org/ ${DEBIANVERSION}/updates main" \ + >> "$INSTALLDIR/etc/apt/sources.list" + + echo "--> Installing systemd" + # sysvinit gives problems with qubes initramfs, we depend on systemd + # for now. Apt *really* doesn't want to replace sysvinit in wheezy. + # For jessie and newer, sysvinit is provided by sysvinit-core which + # is not an essential package. + echo 'Yes, do as I say!' | chroot $INSTALLDIR apt-get -y \ + --force-yes install systemd-sysv +else # testing/unstable + echo "--> Installing systemd" + chroot $INSTALLDIR apt-get -y install systemd-sysv +fi + +echo "--> Upgrading system" +chroot $INSTALLDIR apt-get update +chroot $INSTALLDIR apt-get -y upgrade + +echo "--> Installing extra packages" +xargs chroot $INSTALLDIR apt-get -y install < $SCRIPTSDIR/packages.list + +# Remove temporary policy layer so services can start normally in the +# deployed template. +rm -f $BUILDCHROOT/usr/sbin/policy-rc.d + diff --git a/scripts_debian/04_install_qubes.sh b/scripts_debian/04_install_qubes.sh new file mode 100755 index 0000000..d97630b --- /dev/null +++ b/scripts_debian/04_install_qubes.sh @@ -0,0 +1,54 @@ +#!/bin/sh +# vim: set ts=4 sw=4 sts=4 et : + +. $SCRIPTSDIR/vars.sh + +# Set up a temporary policy-rc.d to prevent apt from starting services +# on package installation +cat > $INSTALLCHROOT/usr/sbin/policy-rc.d < Generate locales" +echo "en_US.UTF-8 UTF-8" >> $INSTALLDIR/etc/locale.gen +chroot $INSTALLDIR locale-gen +chroot $INSTALLDIR update-locale LANG=en_US.UTF-8 + +echo "--> Updating template fstab file..." +cat >> $INSTALLDIR/etc/fstab < Installing qubes packages" +export CUSTOMREPO="$PWD/yum_repo_qubes/debian" +mkdir -p $INSTALLDIR/tmp/qubesdebs +find $CUSTOMREPO/apt -name '*.deb' -exec cp -t $INSTALLDIR/tmp/qubesdebs '{}' \; +chroot $INSTALLDIR /bin/sh -c 'dpkg -i /tmp/qubesdebs/*.deb' +rm -rf $INSTALLDIR/tmp/qubesdebs +# Install dependencies for qubes packages +chroot $INSTALLDIR apt-get -f -y install + +# Remove temporary policy layer so services can start normally in the +# deployed template. +rm -f $BUILDCHROOT/usr/sbin/policy-rc.d + +chroot $INSTALLDIR groupadd user +chroot $INSTALLDIR useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user + +echo "xen_netfront" >> $INSTALLDIR/etc/modules + + +# Kill any processes that might have been started by apt before unmounting +lsof $INSTALLDIR | tail -n +2 | awk '{print $2}' | xargs kill + + diff --git a/scripts_debian/09_cleanup.sh b/scripts_debian/09_cleanup.sh new file mode 100755 index 0000000..767614a --- /dev/null +++ b/scripts_debian/09_cleanup.sh @@ -0,0 +1,7 @@ +#!/bin/sh +# vim: set ts=4 sw=4 sts=4 et : + +rm -f $INSTALLDIR/var/cache/apt/archives/* + +rm -rf buildchroot + diff --git a/scripts_debian/clean-volatile.img.tar b/scripts_debian/clean-volatile.img.tar new file mode 100644 index 0000000..5257a10 Binary files /dev/null and b/scripts_debian/clean-volatile.img.tar differ diff --git a/scripts_debian/debian-archive-keyring.gpg b/scripts_debian/debian-archive-keyring.gpg new file mode 100644 index 0000000..46d1f0e Binary files /dev/null and b/scripts_debian/debian-archive-keyring.gpg differ diff --git a/scripts_debian/packages.list b/scripts_debian/packages.list new file mode 100644 index 0000000..1558b9e --- /dev/null +++ b/scripts_debian/packages.list @@ -0,0 +1,6 @@ +gnome-terminal +locales +sudo +dmsetup +psmisc +ncurses-term diff --git a/scripts_debian/vars.sh b/scripts_debian/vars.sh new file mode 100755 index 0000000..fc103a7 --- /dev/null +++ b/scripts_debian/vars.sh @@ -0,0 +1,13 @@ +# The codename of the debian version to install. +# jessie = testing, wheezy = stable +DEBIANVERSION='jessie' + +EXTRAPKGS="openssh-clients,screen,vim-nox,less" + +QUBESDEBIANGIT="http://dsg.is/qubes/" + +# make runs the scripts with sudo -E, so HOME is set to /home/user during +# build, which does not exist. We need to write to $HOME/.gnupg so set it +# to something valid. +HOME=/root +