QubesOS/qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #5 from nrgaway/whonix9.4

Browse Source 
Whonix9.4
This commit is contained in:
nrgaway 2014-11-14 14:17:26 -05:00
commit b37711b876
21 changed files with 403 additions and 226 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
appmenus_wheezy_whonix-gateway/netvm-whitelisted-appmenus.list Normal file
View File

@ -0,0 +1,21 @@
gnome-terminal.desktop
nautilus.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

21
appmenus_wheezy_whonix-gateway/vm-whitelisted-appmenus.list Normal file
View File

@ -0,0 +1,21 @@
gnome-terminal.desktop
nautilus.desktop
yelp.desktop
gateway-arm.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-firsttimesetup.desktop
gateway-reloadfirewall.desktop
gateway-reloadtor.desktop
gateway-restarttor.desktop
gateway-stoptor.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
timesync.desktop
whonixcheck.desktop
whonix_repository.desktop
dolphin.desktop
Help.desktop
ksystemlog.desktop
kwrite.desktop

11
appmenus_wheezy_whonix-gateway/whitelisted-appmenus.list Normal file
View File

@ -0,0 +1,11 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
gateway-firewall30default.desktop
gateway-firewall50user.desktop
gateway-torrc.desktop
gateway-torrcexamples.desktop
kwrite.desktop

1
appmenus_wheezy_whonix-workstation/netvm-whitelisted-appmenus.list Normal file
View File

@ -0,0 +1 @@
gnome-terminal.desktop

27
appmenus_wheezy_whonix-workstation/vm-whitelisted-appmenus.list Normal file
View File

@ -0,0 +1,27 @@
gnome-terminal.desktop
nautilus.desktop
yelp.desktop
anondist-torbrowser.desktop
anondist-torbrowser_update.desktop
gateway-firsttimesetup.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
dolphin.desktop
Help.desktop
kcalc.desktop
kgpg.desktop
kwrite.desktop

96
appmenus_wheezy_whonix-workstation/whitelisted-appmenus.list Normal file
View File

@ -0,0 +1,96 @@
gnome-terminal.desktop
gpk-application.desktop
gpk-update-viewer.desktop
gpk-prefs.desktop
gpk-log.desktop
yelp.desktop
anondist-torbrowser.desktop
anondist-torbrowser_update.desktop
bluetooth-sendto.desktop
bluetooth-wizard.desktop
brasero.desktop
brasero-nautilus.desktop
display.im6.desktop
fpm2.desktop
gateway-firsttimesetup.desktop
gcr-prompter.desktop
gcr-viewer.desktop
gnome-terminal.desktop
gpk-application.desktop
gpk-dbus-service.desktop
gpk-install-catalog.desktop
gpk-install-local-file.desktop
gpk-log.desktop
gpk-prefs.desktop
gpk-service-pack.desktop
gpk-update-viewer.desktop
iceweasel.desktop
kde4
mat.desktop
mimeinfo.cache
nact.desktop
nautilus-autorun-software.desktop
nautilus.desktop
nm-applet.desktop
nm-connection-editor.desktop
python2.7.desktop
timesync.desktop
vlc.desktop
whonixcheck.desktop
whonix-contribute.desktop
whonix-documentation.desktop
whonix-donate.desktop
whonix-featureblog.desktop
whonix-forum.desktop
whonix-importantblog.desktop
whonix-irc-chat-support.desktop
whonix-mailinglist.desktop
whonix_repository.desktop
xchat.desktop
x-www-browser.desktop
yelp.desktop
akonaditray.desktop
-rw-r--r-- 1 root root 5000 Jun 22 2012 ark.desktop
dolphin.desktop
gwenview.desktop
Help.desktop
jovieapp.desktop
kcalc.desktop
kdepasswd.desktop
kdesystemsettings.desktop
keditbookmarks.desktop
kfind.desktop
kfontview.desktop
kgpg.desktop
klipper.desktop
kmag.desktop
kmailservice.desktop
kmix.desktop
kmousetool.desktop
kmouth.desktop
konsole.desktop
krandrtray.desktop
ksysguard.desktop
ksystemlog.desktop
-rw-r--r-- 1 root root 1766 Jun 6 2012 ktelnetservice.desktop
kvkbd.desktop
kwrite.desktop
nepomukbackup.desktop
nepomukcontroller.desktop
okularApplication_comicbook.desktop
okularApplication_dvi.desktop
okularApplication_fax.desktop
okularApplication_fb.desktop
okularApplication_ghostview.desktop
okularApplication_kimgio.desktop
okularApplication_ooo.desktop
okularApplication_pdf.desktop
okularApplication_plucker.desktop
okularApplication_xps.desktop
okular.desktop
systemsettings.desktop

35
scripts_debian/wheezy+whonix-gateway/files/.facl
View File

@ -103,20 +103,6 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: etc/apt/preferences.d
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: etc/apt/preferences.d/whonix_qubes
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: etc/hostname # file: etc/hostname
# owner: root # owner: root
# group: root # group: root
@ -173,6 +159,13 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: usr/lib/whonix/bind-dirs.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init # file: usr/lib/whonix/init
# owner: root # owner: root
# group: root # group: root
@ -187,6 +180,13 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: usr/lib/whonix/init/qubes-whonix-bind.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/init/replace-ips # file: usr/lib/whonix/init/replace-ips
# owner: root # owner: root
# group: root # group: root
@ -201,6 +201,13 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: usr/lib/whonix/init/whonixcheck.service
# owner: root
# group: root
user::rw-
group::r--
other::r--
# file: usr/lib/whonix/init/network-proxy-setup.sh # file: usr/lib/whonix/init/network-proxy-setup.sh
# owner: root # owner: root
# group: root # group: root

15
scripts_debian/wheezy+whonix-gateway/files/etc/apt/preferences.d/whonix_qubes
View File

@ -1,15 +0,0 @@
Package: grub-pc
Pin: version *
Pin-Priority: -100
Package: grub-pc-bin
Pin: version *
Pin-Priority: -100
Package: grub-common
Pin: version *
Pin-Priority: -100
Package: grub2-common
Pin: version *
Pin-Priority: -100

58
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/bind-dirs.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# To umount all binds, just pass any arg in $1
#
. /usr/lib/whonix/utility_functions
# Don't run if started as a template
if ! [ "${WHONIX}" == "template" ]; then
# Array of directories to bind
BINDS=(
'/rw/srv/whonix/root/.whonix:/root/.whonix'
'/rw/srv/whonix/root/.whonix.d:/root/.whonix.d'
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
'/rw/srv/whonix/etc/tor:/etc/tor'
)
for bind in ${BINDS[@]}; do
rw_dir="${bind%%:*}"
ro_dir="${bind##*:}"
# Make sure ro directory is not mounted
umount "${ro_dir}" 2> /dev/null || true
if [ -n "${1}" ]; then
echo "Umounting only..."
exit 0
fi
# Make sure ro directory exists
if ! [ -d "${ro_dir}" ]; then
mkdir -p "${ro_dir}"
fi
# Initially copy over data directories to /rw if rw directory does not exist
if ! [ -d "${rw_dir}" ]; then
mkdir -p "${rw_dir}"
rsync -hax "${ro_dir}/." "${rw_dir}"
fi
# Bind the directory
sync
mount --bind "${rw_dir}" "${ro_dir}"
done
sync
fi
if [ "${WHONIX}" == "gateway" ]; then
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
sudo rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
exit 0

8
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/init.sh
View File

@ -27,12 +27,4 @@ if [ "${WHONIX}" != "template" ]; then
# Make sure hostname is correct # Make sure hostname is correct
/bin/hostname host /bin/hostname host
if [ "${WHONIX}" == "gateway" ]; then
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
fi fi

1
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/network-proxy-setup.sh
View File

@ -47,7 +47,6 @@ if [ "${WHONIX}" == "gateway" ]; then
# Allow whonix-gateway to act as an update-proxy # Allow whonix-gateway to act as an update-proxy
touch /var/run/qubes-service/qubes-updates-proxy touch /var/run/qubes-service/qubes-updates-proxy
#systemctl stop qubes-updates-proxy.service
# Search and replace tinyproxy error files so we can inject code that # Search and replace tinyproxy error files so we can inject code that
# we can use to identify that its a tor proxy so updates are secure # we can use to identify that its a tor proxy so updates are secure

14
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/qubes-whonix-bind.service Normal file
View File

@ -0,0 +1,14 @@
[Unit]
Description=Qubes Whonix bind /rw to ro dirs script
DefaultDependencies=no
Before=sysinit.target
After=qubes-sysinit.service
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=/usr/lib/whonix/init/bind-dirs.sh
StandardOutput=syslog
[Install]
WantedBy=sysinit.target

18
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/init/whonixcheck.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=Checks many important aspects of Whonix.
After=syslog.target network.target
[Service]
Type=forking
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/run/whonixcheck
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonixcheck
ExecStartPre=/usr/bin/install -m 0775 -d --owner user --group user /var/lib/whonix/whonixblog
ExecStart=/usr/lib/whonixcheckdaemon
PIDFile=/var/run/whonixcheck.pid
User=user
Group=user
UMask=0007
StandardOutput=syslog
[Install]
WantedBy=multi-user.target

58
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/qubes-whonixsetup
View File

@ -2,57 +2,39 @@
. /usr/lib/whonix/utility_functions . /usr/lib/whonix/utility_functions
if ! [ "${WHONIX}" == "template" ]; then
sudo /usr/lib/whonix/bind-dirs.sh
fi
if [ "${WHONIX}" == "gateway" ]; then if [ "${WHONIX}" == "gateway" ]; then
grep "^DisableNetwork 0$" /etc/tor/torrc || { if grep "^DisableNetwork 0$" /etc/tor/torrc ;then
sudo service sdwdate restart
sudo service tor restart
else
sudo service sdwdate restart sudo service sdwdate restart
sudo service tor stop sudo service tor stop
sudo /usr/bin/whonixsetup && { sudo /usr/bin/whonixsetup
enable_sysv tor fi
sleep 1
enable_sysv sdwdate
} || {
sed -i 's/^DisableNetwork 0/#DisableNetwork 0/g' "/etc/tor/torrc"
disable_sysv tor
disable_sysv sdwdate
sudo /sbin/poweroff
}
}
# Allow whonix-gateway to act as an update-proxy
sudo systemctl status qubes-updates-proxy.service || {
error_file="/usr/share/tinyproxy/default.html"
# Search and replace tinyproxy error files so we can inject code that
# we can use to identify that its a tor proxy so updates are secure
grep -q "${PROXY_META}" "${error_file}" || {
sudo sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
}
sudo touch /var/run/qubes-service/qubes-updates-proxy
sudo iptables -t nat -N PR-QBS-SERVICES
sudo systemctl start qubes-updates-proxy.service
}
elif [ "${WHONIX}" == "workstation" ]; then elif [ "${WHONIX}" == "workstation" ]; then
sudo service sdwdate restart
if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then
enable_sysv sdwdate
sudo service sdwdate restart
sudo /usr/bin/whonixsetup sudo /usr/bin/whonixsetup
fi fi
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
# Set secure defaults. # Set secure defaults.
iptables -P INPUT DROP sudo iptables -P INPUT DROP
iptables -P FORWARD DROP sudo iptables -P FORWARD DROP
iptables -P OUTPUT DROP sudo iptables -P OUTPUT DROP
# Flush old rules. # Flush old rules.
iptables -F sudo iptables -F
iptables -X sudo iptables -X
iptables -t nat -F sudo iptables -t nat -F
iptables -t nat -X sudo iptables -t nat -X
iptables -t mangle -F sudo iptables -t mangle -F
iptables -t mangle -X sudo iptables -t mangle -X
# Display warning that netvm is not connected to a torvm # Display warning that netvm is not connected to a torvm
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml

7
scripts_debian/wheezy+whonix-workstation/files/.facl
View File

@ -152,6 +152,13 @@ user::rwx
group::r-x group::r-x
other::r-x other::r-x
# file: usr/lib/whonix/bind-dirs.sh
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
# file: usr/lib/whonix/init # file: usr/lib/whonix/init
# owner: root # owner: root
# group: root # group: root

58
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/bind-dirs.sh Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
#
# To umount all binds, just pass any arg in $1
#
. /usr/lib/whonix/utility_functions
# Don't run if started as a template
if ! [ "${WHONIX}" == "template" ]; then
# Array of directories to bind
BINDS=(
'/rw/srv/whonix/root/.whonix:/root/.whonix'
'/rw/srv/whonix/root/.whonix.d:/root/.whonix.d'
'/rw/srv/whonix/var/lib/whonix:/var/lib/whonix'
'/rw/srv/whonix/var/lib/whonixcheck:/var/lib/whonixcheck'
'/rw/srv/whonix/etc/tor:/etc/tor'
)
for bind in ${BINDS[@]}; do
rw_dir="${bind%%:*}"
ro_dir="${bind##*:}"
# Make sure ro directory is not mounted
umount "${ro_dir}" 2> /dev/null || true
if [ -n "${1}" ]; then
echo "Umounting only..."
exit 0
fi
# Make sure ro directory exists
if ! [ -d "${ro_dir}" ]; then
mkdir -p "${ro_dir}"
fi
# Initially copy over data directories to /rw if rw directory does not exist
if ! [ -d "${rw_dir}" ]; then
mkdir -p "${rw_dir}"
rsync -hax "${ro_dir}/." "${rw_dir}"
fi
# Bind the directory
sync
mount --bind "${rw_dir}" "${ro_dir}"
done
sync
fi
if [ "${WHONIX}" == "gateway" ]; then
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
sudo rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
exit 0

8
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/init.sh
View File

@ -27,12 +27,4 @@ if [ "${WHONIX}" != "template" ]; then
# Make sure hostname is correct # Make sure hostname is correct
/bin/hostname host /bin/hostname host
if [ "${WHONIX}" == "gateway" ]; then
# Make sure we remove whonixsetup.done if Tor is not enabled
# to allow choice of repo and prevent whonixcheck errors
grep "^DisableNetwork 0$" /etc/tor/torrc || {
rm -f /var/lib/whonix/do_once/whonixsetup.done
}
fi
fi fi

1
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/init/network-proxy-setup.sh
View File

@ -47,7 +47,6 @@ if [ "${WHONIX}" == "gateway" ]; then
# Allow whonix-gateway to act as an update-proxy # Allow whonix-gateway to act as an update-proxy
touch /var/run/qubes-service/qubes-updates-proxy touch /var/run/qubes-service/qubes-updates-proxy
#systemctl stop qubes-updates-proxy.service
# Search and replace tinyproxy error files so we can inject code that # Search and replace tinyproxy error files so we can inject code that
# we can use to identify that its a tor proxy so updates are secure # we can use to identify that its a tor proxy so updates are secure

58
scripts_debian/wheezy+whonix-workstation/files/usr/lib/whonix/qubes-whonixsetup
View File

@ -2,57 +2,39 @@
. /usr/lib/whonix/utility_functions . /usr/lib/whonix/utility_functions
if ! [ "${WHONIX}" == "template" ]; then
sudo /usr/lib/whonix/bind-dirs.sh
fi
if [ "${WHONIX}" == "gateway" ]; then if [ "${WHONIX}" == "gateway" ]; then
grep "^DisableNetwork 0$" /etc/tor/torrc || { if grep "^DisableNetwork 0$" /etc/tor/torrc ;then
sudo service sdwdate restart
sudo service tor restart
else
sudo service sdwdate restart sudo service sdwdate restart
sudo service tor stop sudo service tor stop
sudo /usr/bin/whonixsetup && { sudo /usr/bin/whonixsetup
enable_sysv tor fi
sleep 1
enable_sysv sdwdate
} || {
sed -i 's/^DisableNetwork 0/#DisableNetwork 0/g' "/etc/tor/torrc"
disable_sysv tor
disable_sysv sdwdate
sudo /sbin/poweroff
}
}
# Allow whonix-gateway to act as an update-proxy
sudo systemctl status qubes-updates-proxy.service || {
error_file="/usr/share/tinyproxy/default.html"
# Search and replace tinyproxy error files so we can inject code that
# we can use to identify that its a tor proxy so updates are secure
grep -q "${PROXY_META}" "${error_file}" || {
sudo sed -i "s/<\/head>/${PROXY_META}\n<\/head>/" "${error_file}"
}
sudo touch /var/run/qubes-service/qubes-updates-proxy
sudo iptables -t nat -N PR-QBS-SERVICES
sudo systemctl start qubes-updates-proxy.service
}
elif [ "${WHONIX}" == "workstation" ]; then elif [ "${WHONIX}" == "workstation" ]; then
sudo service sdwdate restart
if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then if ! [ -f "/var/lib/whonix/do_once/whonixsetup.done" ]; then
enable_sysv sdwdate
sudo service sdwdate restart
sudo /usr/bin/whonixsetup sudo /usr/bin/whonixsetup
fi fi
elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then elif [ "${WHONIX}" == "template" -a "${PROXY_SECURE}" == "0" ]; then
# Set secure defaults. # Set secure defaults.
iptables -P INPUT DROP sudo iptables -P INPUT DROP
iptables -P FORWARD DROP sudo iptables -P FORWARD DROP
iptables -P OUTPUT DROP sudo iptables -P OUTPUT DROP
# Flush old rules. # Flush old rules.
iptables -F sudo iptables -F
iptables -X sudo iptables -X
iptables -t nat -F sudo iptables -t nat -F
iptables -t nat -X sudo iptables -t nat -X
iptables -t mangle -F sudo iptables -t mangle -F
iptables -t mangle -X sudo iptables -t mangle -X
# Display warning that netvm is not connected to a torvm # Display warning that netvm is not connected to a torvm
/usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml /usr/lib/whonix/alert update /usr/lib/whonix/messages.yaml

110
scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh
View File

@ -78,37 +78,6 @@ sudo ~/Whonix/whonix_build \
popd popd
EOF EOF
# ------------------------------------------------------------------------------
# Pin grub so it won't install
# ------------------------------------------------------------------------------
read -r -d '' WHONIX_APT_PIN <<'EOF' || true
Package: grub-pc
Pin: version *
Pin-Priority: -100
Package: grub-pc-bin
Pin: version *
Pin-Priority: -100
Package: grub-common
Pin: version *
Pin-Priority: -100
Package: grub2-common
Pin: version *
Pin-Priority: -100
EOF
# ------------------------------------------------------------------------------
# Set defualts for apt not to install recommended or extra packages
# ------------------------------------------------------------------------------
read -r -d '' WHONIX_APT_PREFERENCES <<'EOF' || true
Acquire::Languages "none";
APT::Install-Recommends "false";
APT::Install-Suggests "false";
Dpkg::Options "--force-confold";
EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup function # Cleanup function
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -136,22 +105,16 @@ if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
popd popd
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Patch Whonix submodules # Fake grub installation since Whonix has depends on grub-pc
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/boot/grub"
cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub"
rm -f "${INSTALLDIR}/usr/sbin/update-grub"
chroot "${INSTALLDIR}" ln -s /bin/true /usr/sbin/update-grub
# Chekout a branch; create a branch first if it does not exist # --------------------------------------------------------------------------
checkout_branch() {
branch=$(git symbolic-ref --short -q HEAD)
if ! [ "$branch" == "$1" ]; then
su $(logname) -c git checkout "$1" >/dev/null 2>&1 || \
{
su $(logname) -c git branch "$1"
su $(logname) -c git checkout "$1"
}
fi
}
# sed search and replace. return 0 if replace happened, otherwise 1 # sed search and replace. return 0 if replace happened, otherwise 1
# --------------------------------------------------------------------------
search_replace() { search_replace() {
local search="$1" local search="$1"
local replace="$2" local replace="$2"
@ -159,57 +122,6 @@ if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
sed -i.bak '/'"$search"'/,${s//'"$replace"'/;b};$q1' "$file" sed -i.bak '/'"$search"'/,${s//'"$replace"'/;b};$q1' "$file"
} }
# Patch anon-meta-packages to not depend on grub-pc
pushd "${WHONIX_DIR}"
{
search_replace "grub-pc" "" "grml_packages" || :
}
popd
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{
search1=" grub-pc,";
replace="";
#checkout_branch qubes
search_replace "$search1" "$replace" control && \
{
cd "${WHONIX_DIR}/packages/anon-meta-packages";
:
#sudo -E -u $(logname) make deb-pkg || :
#su $(logname) -c "dpkg-source --commit" || :
#git add .
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{
search1="update-grub";
replace=":";
#checkout_branch qubes
search_replace "$search1" "$replace" 85_update_grub && \
{
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u $(logname) make deb-pkg || :
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . ;
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "${WHONIX_DIR}/build-steps.d"
{
search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes";
search_replace "$search1" "$replace" 1200_create-debian-packages || :
}
popd
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Whonix system config dependancies # Whonix system config dependancies
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
@ -222,10 +134,6 @@ if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
} }
# Pin grub packages so they will not install
echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
# Install Whonix build scripts # Install Whonix build scripts
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh" echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh" chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh"
@ -320,10 +228,6 @@ if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.wh
sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc" sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc" sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc"
# Fake that whonixsetup was already run
#mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
#touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run # Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix" mkdir -p "${INSTALLDIR}/root/.whonix"
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done" touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"

3
scripts_debian/wheezy+whonix/packages_wheezy.list
View File

@ -23,3 +23,6 @@ build-essential:native
gcc gcc
fakeroot fakeroot
lintian lintian
rsync
grub-pc