QubesOS/qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Added initial configuration dialog setup for whonix-gateway

Browse Source
This commit is contained in:
Jason Mehring 2014-10-29 12:53:35 -04:00
parent f5ede83def
commit 82a68e9c87
16 changed files with 629 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

113
scripts_debian/wheezy+whonix-gateway/files/.facl
View File

@ -1,6 +1,6 @@
# file: . # file: .
# owner: root # owner: user
# group: root # group: user
user::rwx user::rwx
group::r-x group::r-x
other::r-x other::r-x
@ -19,6 +19,48 @@ user::rw-
group::r-- group::r--
other::r-- other::r--
# file: etc/xdg
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/xdg/autostart/qubes-whonixsetup.desktop
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/apt
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/apt/preferences.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/apt/preferences.d/whonix_qubes
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/udev # file: etc/udev
# owner: root # owner: root
# group: root # group: root
@ -49,7 +91,7 @@ other::r--
# file: etc/sudoers.d # file: etc/sudoers.d
# owner: root # owner: root
# group: user # group: root
user::rwx user::rwx
group::r-x group::r-x
other::r-x other::r-x
@ -61,9 +103,65 @@ user::r--
group::r-- group::r--
other::--- other::---
# file: .facl # file: home
# owner: root # owner: root
# group: root # group: root
user::rwx
group::r-x
other::r-x
# file: home/user
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/whonix_fix.sh
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/build-steps.d
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/build-steps.d/1000_qubes-patches.sh
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/build-steps.d/2900_qubes-post-installation.sh
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/whonix_build.sh
# owner: user
# group: user
user::rwx
group::r-x
other::r-x
# file: home/user/.whonix_build.sh.swp
# owner: user
# group: user
user::rw-
group::r--
other::r--
# file: .facl
# owner: user
# group: user
user::rw- user::rw-
group::r-- group::r--
other::r-- other::r--
@ -103,6 +201,13 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: usr/lib/whonix/qubes-whonixsetup
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/enable-iptables-logging.sh # file: usr/lib/whonix/enable-iptables-logging.sh
# owner: root # owner: root
# group: root # group: root

15
scripts_debian/wheezy+whonix-gateway/files/etc/apt/preferences.d/whonix_qubes Normal file
View File

@ -0,0 +1,15 @@
Package: grub-pc
Pin: version *
Pin-Priority: -100
Package: grub-pc-bin
Pin: version *
Pin-Priority: -100
Package: grub-common
Pin: version *
Pin-Priority: -100
Package: grub2-common
Pin: version *
Pin-Priority: -100

8
scripts_debian/wheezy+whonix-gateway/files/etc/xdg/autostart/qubes-whonixsetup.desktop Normal file
View File

@ -0,0 +1,8 @@
## This file is part of Whonix.
## Copyright (C) 2012 - 2014 Patrick Schleizer <adrelanos@riseup.net>
## See the file COPYING for copying conditions.
[Desktop Entry]
Type=Application
Terminal=false
Exec=/usr/lib/whonix/qubes-whonixsetup

BIN
scripts_debian/wheezy+whonix-gateway/files/home/user/.whonix_build.sh.swp Normal file
View File

Binary file not shown.

92
scripts_debian/wheezy+whonix-gateway/files/home/user/build-steps.d/1000_qubes-patches.sh Executable file
View File

@ -0,0 +1,92 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
set -x
WHONIX_DIR="$(readlink -m .)"
# --------------------------------------------------------------------------
# Initialize Whonix submodules
# --------------------------------------------------------------------------
pushd "${WHONIX_DIR}"
{
sudo git submodule update --init --recursive;
}
popd
# --------------------------------------------------------------------------
# Patch Whonix submodules
# --------------------------------------------------------------------------
# Chekout a branch; create a branch first if it does not exist
checkout_branch() {
branch=$(git symbolic-ref --short -q HEAD)
if ! [ "${branch}" == "${1}" ]; then
sudo -u "${user_name}" git checkout "${1}" >/dev/null 2>&1 || \
{
sudo -u "${user_name}" git branch "${1}"
sudo -u "${user_name}" git checkout "${1}"
}
fi
}
# sed search and replace. return 0 if replace happened, otherwise 1
search_replace() {
local search="${1}"
local replace="${2}"
local file="${3}"
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
}
# Patch anon-meta-packages to not depend on grub-pc
pushd "${WHONIX_DIR}"
{
search_replace "grub-pc" "" "grml_packages" || :
}
popd
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{
search1=" grub-pc,";
replace="";
#checkout_branch qubes
search_replace "${search1}" "${replace}" control && \
{
cd "${WHONIX_DIR}/packages/anon-meta-packages";
:
#sudo -E -u "${user_name}" make deb-pkg || :
#su "${user_name}" -c "dpkg-source --commit" || :
#git add .
#su "${user_name}" -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{
search1="update-grub";
replace=":";
#checkout_branch qubes
search_replace "${search1}" "${replace}" 85_update_grub && \
{
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u "${user_name}" make deb-pkg || :
su "${user_name}" -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . ;
#su "${user_name}" -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "${WHONIX_DIR}/build-steps.d"
{
search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes";
search_replace "${search1}" "${replace}" 1200_create-debian-packages || :
}
popd

60
scripts_debian/wheezy+whonix-gateway/files/home/user/build-steps.d/2900_qubes-post-installation.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Whonix Post Installation Configurations
# ------------------------------------------------------------------------------
echo "Post Configuring Whonix System"
pushd "/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
pushd "/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
# Enable Tor
#if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
# sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "/etc/tor/torrc"
#fi
# Fake that whonixsetup was already run
#mkdir -p "/var/lib/whonix/do_once"
#touch "/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run
mkdir -p "/root/.whonix"
touch "/root/.whonix/first_run_initializer.done"
# Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "/etc/whonix.d/30_whonixcheck_default"
# Use gdialog as an alternative for dialog
update-alternatives --install /usr/bin/dialog dialog /usr/bin/gdialog 999
# Disable unwanted applications
update-rc.d network-manager disable || :
update-rc.d spice-vdagent disable || :
update-rc.d swap-file-creator disable || :
update-rc.d whonix-initializer disable || :
service apt-cacher-ng stop || :
update-rc.d apt-cacher-ng disable || :
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
# Remove original sources.list
rm -f "/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
apt-get.anondist-orig update

41
scripts_debian/wheezy+whonix-gateway/files/home/user/whonix_build.sh Executable file
View File

@ -0,0 +1,41 @@
################################################################################
# Pre Fixups
sudo mkdir -p /boot/grub2
sudo touch /boot/grub2/grub.cfg
sudo mkdir -p /boot/grub
sudo touch /boot/grub/grub.cfg
sudo mkdir --parents --mode=g+rw "/tmp/uwt"
# Whonix seems to re-install sysvinit even though there is a hold
# on the package. Things seem to work anyway. BUT hopfully the
# hold on grub* don't get removed
sudo apt-mark hold sysvinit
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
# Whonix expects haveged to be started
sudo /etc/init.d/haveged start
# ------------------------------------------------------------------------------
# Link our build steps into Whonix build directory
# ------------------------------------------------------------------------------
#pushd /home/user/Whonix/build-steps.d
#cp -pf /home/user/build-steps.d/* .
#popd
# ------------------------------------------------------------------------------
# Whonix installation
# ------------------------------------------------------------------------------
export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1"
pushd ~/Whonix
sudo ~/Whonix/whonix_build \
--build $1 \
--64bit-linux \
--current-sources \
--enable-whonix-apt-repository \
--whonix-apt-repository-distribution $2 \
--install-to-root \
--skip-verifiable \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd

3
scripts_debian/wheezy+whonix-gateway/files/home/user/whonix_fix.sh Executable file
View File

@ -0,0 +1,3 @@
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get -y --force-yes remove grub-pc grub-common grub-pc-bin grub2-common
sudo apt-mark hold grub-common grub-pc-bin grub2-common

23
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup Executable file
View File

@ -0,0 +1,23 @@
#/bin/bash
# XXX: TODO:
# - Make sure we can't just run this from setup-ip
# - Alternatives? instead of deleting dialog?
#
# INSTALLATION NOTES:
# - Make sure /etc/tor/torrc is disabled initially
# - Make sure /var/lib/whonix/do_once/whonixsetup.done does not exist
# so repo questions will be asked
# - /etc/xdg/autostart/qubes-whonixsetup must be in place
# - this file must be in place
# - gdialog must have over-written dialog
# - patches to setup-ip:
# - bring eth1 up
# - remove old code that was trying to get setup working
grep "^DisableNetwork 0$" /etc/tor/torrc || {
sudo systemctl stop whonixcheck
sudo systemctl stop tor
sudo /usr/lib/whonix/setup-ip
sudo /usr/bin/whonixsetup
}

31
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips
View File

@ -52,7 +52,7 @@ function replace_ips()
local search_ip="${1}" local search_ip="${1}"
local replace_ip="${2}" local replace_ip="${2}"
local files=("${!3}") local files=("${!3}")
local restart_tor=0 local retval=1
# If IP is 10.152.152.10, network is 10.152.152.0 # If IP is 10.152.152.10, network is 10.152.152.0
search_network="${search_ip%[.]*}.0" search_network="${search_ip%[.]*}.0"
@ -61,29 +61,32 @@ function replace_ips()
if ! [ "${search_ip}" == "${replace_ip}" ]; then if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do for file in "${files[@]}"; do
if [ -f "$file" ]; then if [ -f "$file" ]; then
search_replace "${search_ip}" "${replace_ip}" "${file}" && restart_tor=1 search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0
search_replace "${search_network}" "${replace_network}" "${file}" && restart_tor=1 search_replace "${search_network}" "${replace_network}" "${file}" && retval=0
fi fi
done done
if [ "${restart_tor}" == "1" ]; then
echo "${replace_ip}" > /etc/whonix-netvm-gateway
grep "^DisableNetwork 0$" /etc/tor/torrc && {
service tor reload || true;
#sleep 1;
}
fi
fi fi
return $retval
}
update_ip() {
ip=${1}
echo "${ip}" > /etc/whonix-netvm-gateway
grep '^DisableNetwork 0$' /etc/tor/torrc && {
service tor reload || true;
}
} }
ip="$(xenstore-read qubes-netvm-gateway)" ip="$(xenstore-read qubes-netvm-gateway)"
# Compare to current IP address assiged by Qubes # Compare to current IP address assiged by Qubes
replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] replace_ips "$(cat /etc/whonix-netvm-gateway)" "${ip}" FILES[@] && update_ip "${ip}"
# Do again; checking for original 10.152.152.10 incase of update # Do again; checking for original 10.152.152.10 incase of update
replace_ips "10.152.152.10" "${ip}" FILES[@] replace_ips "10.152.152.10" "${ip}" FILES[@] && update_ip "${ip}"
# Do again; checking for original 10.152.152.11 incase of update # Do again; checking for original 10.152.152.11 incase of update
replace_ips "10.152.152.11" "${ip}" FILES[@] replace_ips "10.152.152.11" "${ip}" FILES[@] && update_ip "${ip}"

46
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip
View File

@ -23,6 +23,8 @@ ip link show ${INTERFACE} >> /dev/null || {
/sbin/ethtool -K ${INTERFACE} sg off /sbin/ethtool -K ${INTERFACE} sg off
/sbin/ethtool -K ${INTERFACE} tx off /sbin/ethtool -K ${INTERFACE} tx off
fi fi
ip link set ${INTERFACE} up
} }
# Files that will have the immutable bit set # Files that will have the immutable bit set
@ -90,7 +92,7 @@ copyAnondist "/etc/hostname"
/usr/lib/whonix/replace-ips /usr/lib/whonix/replace-ips
# Make sure hostname is correct # Make sure hostname is correct
/bin/hostname -b host /bin/hostname host
# Start Whonix Firewall # Start Whonix Firewall
export INT_IF="vif+" export INT_IF="vif+"
@ -101,21 +103,39 @@ export INT_TIF="vif+"
# Allows localhost access to tor network # Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
enable() { # Will only enable / disable if service is not already in that state
enable_sysv() {
servicename=${1} servicename=${1}
disable=${2-0}
grep "^DisableNetwork 0$" /etc/tor/torrc && { # Check to see if the service is already enabled and if not, enable it
# Check to see if the service is already enabled and if not, enable it string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then if [ $(find $string 2>/dev/null | wc -l) -eq ${disable} ] ; then
echo "${1} is currently disabled; enabling it" case ${disable} in
systemctl --quiet enable ${servicename} 0)
fi echo "${1} is currently disabled; enabling it"
} systemctl --quiet enable ${servicename}
;;
1)
echo "${1} is currently enabled; disabling it"
systemctl --quiet disable ${servicename}
;;
esac
fi
} }
#enable tor disable_sysv() {
#enable whonixcheck enable_sysv ${1} 1
#enable sdwdate }
# This would be a really good place to apply any hacks required and remove them
# from template build script
grep "^DisableNetwork 0$" /etc/tor/torrc && {
#enable_sysv tor
#enable_sysv whonixcheck
#enable_sysv sdwdate
:
} || {
:
}

41
scripts_debian/wheezy+whonix-workstation/files/home/user/whonix_build.sh Executable file
View File

@ -0,0 +1,41 @@
################################################################################
# Pre Fixups
sudo mkdir -p /boot/grub2
sudo touch /boot/grub2/grub.cfg
sudo mkdir -p /boot/grub
sudo touch /boot/grub/grub.cfg
sudo mkdir --parents --mode=g+rw "/tmp/uwt"
# Whonix seems to re-install sysvinit even though there is a hold
# on the package. Things seem to work anyway. BUT hopfully the
# hold on grub* don't get removed
sudo apt-mark hold sysvinit
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
# Whonix expects haveged to be started
sudo /etc/init.d/haveged start
# ------------------------------------------------------------------------------
# Link our build steps into Whonix build directory
# ------------------------------------------------------------------------------
#pushd /home/user/Whonix/build-steps.d
#cp -pf /home/user/build-steps.d/* .
#popd
# ------------------------------------------------------------------------------
# Whonix installation
# ------------------------------------------------------------------------------
export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1"
pushd ~/Whonix
sudo ~/Whonix/whonix_build \
--build $1 \
--64bit-linux \
--current-sources \
--enable-whonix-apt-repository \
--whonix-apt-repository-distribution $2 \
--install-to-root \
--skip-verifiable \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd

23
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/replace-ips
View File

@ -24,9 +24,9 @@ FILES=(
# sed search and replace. return 0 if replace happened, otherwise 1 # sed search and replace. return 0 if replace happened, otherwise 1
search_replace() { search_replace() {
local search="$1" local search="${1}"
local replace="$2" local replace="${2}"
local file="$3" local file="${3}"
local retval=1 local retval=1
if ! [ -L "${file}" ]; then if ! [ -L "${file}" ]; then
@ -36,7 +36,7 @@ search_replace() {
chattr -i "${file}" chattr -i "${file}"
fi fi
fi fi
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
retval=$? retval=$?
@ -52,22 +52,22 @@ function replace_ips()
local search_ip="${1}" local search_ip="${1}"
local replace_ip="${2}" local replace_ip="${2}"
local files=("${!3}") local files=("${!3}")
local replaced=0 local retval=1
# If IP is 10.152.152.10, network is 10.152.152.0 # If IP is 10.152.152.10, network is 10.152.152.0
replace_network="${replace_ip%.*}.0" search_network="${search_ip%[.]*}.0"
search_network="${search_ip%.*}.0" replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" == "${replace_ip}" ]; then if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do for file in "${files[@]}"; do
if [ -f "$file" ]; then if [ -f "$file" ]; then
search_replace "${search_ip}" "${replace_ip}" "${file}" && replaced=1 search_replace "${search_ip}" "${replace_ip}" "${file}" && retval=0
search_replace "${search_network}" "${replace_network}" "${file}" && replaced=1 search_replace "${search_network}" "${replace_network}" "${file}" && retval=0
fi fi
done done
fi fi
return $replaced return $retval
} }
ip="$(xenstore-read qubes-ip)" ip="$(xenstore-read qubes-ip)"
@ -85,4 +85,3 @@ replace_ips "$(cat /etc/whonix-netvm-gateway)" "${gateway}" FILES[@] && echo "${
# Do again; checking for original 10.152.152.10 incase of update # Do again; checking for original 10.152.152.10 incase of update
replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway replace_ips "10.152.152.10" "${gateway}" FILES[@] && echo "${gateway}" > /etc/whonix-netvm-gateway

5
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/setup-ip
View File

@ -3,7 +3,6 @@
# Files that will have the immutable bit set # Files that will have the immutable bit set
# since we don't want them modified by other programs # since we don't want them modified by other programs
IMMUTABLE_FILES=( IMMUTABLE_FILES=(
'/etc/resolv.conf'
'/etc/hostname' '/etc/hostname'
'/etc/hosts' '/etc/hosts'
) )
@ -56,7 +55,6 @@ immutableFilesEnable "${IMMUTABLE_FILES}" ".anondist"
# Make sure we are using a copy of the annondist file and if not # Make sure we are using a copy of the annondist file and if not
# copy the annondist file and set it immutable # copy the annondist file and set it immutable
copyAnondist "/etc/resolv.conf"
copyAnondist "/etc/hosts" copyAnondist "/etc/hosts"
copyAnondist "/etc/hostname" copyAnondist "/etc/hostname"
@ -65,7 +63,8 @@ copyAnondist "/etc/hostname"
/usr/lib/whonix/replace-ips /usr/lib/whonix/replace-ips
# Make sure hostname is correct # Make sure hostname is correct
/bin/hostname -b host /bin/hostname host
# Start Whonix Firewall # Start Whonix Firewall
/usr/bin/whonix_firewall /usr/bin/whonix_firewall

22
scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh
View File

@ -276,7 +276,7 @@ if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.who
exit 1 exit 1
fi fi
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; } chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/tmp/.whonix_installed" touch "${INSTALLDIR}/tmp/.whonix_installed"
fi fi
@ -302,13 +302,21 @@ if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.wh
popd popd
# Enable Tor # Enable Tor
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then #if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc" # sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
fi #fi
# Enable aliases in .bashrc
sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc"
# Fake that whonixsetup was already run # Fake that whonixsetup was already run
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once" mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done" #touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run # Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix" mkdir -p "${INSTALLDIR}/root/.whonix"
@ -317,6 +325,10 @@ if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.wh
# Prevent whonixcheck error # Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default" echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
# Use gdialog as an alternative for dialog
mv -f "${INSTALLDIR}/usr/bin/dialog" "${INSTALLDIR}/usr/bin/dialog.dist"
chroot "${INSTALLDIR}" update-alternatives --force --install /usr/bin/dialog dialog /usr/bin/gdialog 999
# Disable unwanted applications # Disable unwanted applications
chroot "${INSTALLDIR}" update-rc.d network-manager disable || : chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || : chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :

157
scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh.build-steps.d Executable file
View File

@ -0,0 +1,157 @@
#!/bin/bash
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# XXX: Create a snapshot - Only for DEBUGGING!
# ------------------------------------------------------------------------------
# Only execute if SNAPSHOT is set
if [ "${SNAPSHOT}" == "1" ]; then
splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
umount_kill "${INSTALLDIR}" || :
warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
fi
fi
# ------------------------------------------------------------------------------
# Set defualts for apt not to install recommended or extra packages
# ------------------------------------------------------------------------------
#read -r -d '' WHONIX_APT_PREFERENCES <<'EOF'
#Acquire::Languages "none";
#APT::Install-Recommends "false";
#APT::Install-Suggests "false";
#Dpkg::Options "--force-confold";
#EOF
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
umount_kill "${INSTALLDIR}" || :
exit 1
}
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------
if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
info "Preparing Whonix system"
# --------------------------------------------------------------------------
# Qubes needs a user named 'user'
# --------------------------------------------------------------------------
debug "Whonix Add user"
chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
{
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
}
# ------------------------------------------------------------------------------
# Copy over any extra files
# ------------------------------------------------------------------------------
copyTree "files"
touch "${INSTALLDIR}/tmp/.whonix_prepared"
fi
# ------------------------------------------------------------------------------
# Install Whonix
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
info "Installing Whonix system"
# ------------------------------------------------------------------------------
# Create Whonix mount point
# ------------------------------------------------------------------------------
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Installing Whonix build environment..."
chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
fi
# --------------------------------------------------------------------------
# Install Whonix code base
# --------------------------------------------------------------------------
if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Building Whonix..."
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
sync
sleep 1
fi
# ------------------------------------------------------------------------------
# Determine type of Whonix build
# ------------------------------------------------------------------------------
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
# ------------------------------------------------------------------------------
# Start Whonix build process
# ------------------------------------------------------------------------------
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/tmp/.whonix_installed"
touch "${INSTALLDIR}/tmp/.whonix_post"
fi
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts
# ------------------------------------------------------------------------------
buildStep "99_custom_configuration.sh"
# ------------------------------------------------------------------------------
# Bring back original apt-get for installation of Qubues
# ------------------------------------------------------------------------------
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist-orig apt-get;
}
popd
# ------------------------------------------------------------------------------
# Make sure the temporary policy-rc.d to prevent apt from starting services
# on package installation is still active; Whonix may have reset it
# ------------------------------------------------------------------------------
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Leave cleanup to calling function
# ------------------------------------------------------------------------------
trap - ERR EXIT
trap