Code cleanup - whonix* not tested

pull/1/head
Jason Mehring 10 years ago
parent fd7bc22a16
commit c238716d6a

@ -28,7 +28,7 @@ colors() {
export blink=$( tput blink || tput mb ) # Start blinking
export italic=$( tput sitm || tput ZH ) # Start italic
export eitalic=$( tput ritm || tput ZR ) # End italic
[[ $TERM != *-m ]] && {
[[ ${TERM} != *-m ]] && {
export red=$( tput setaf 1|| tput AF 1 )
export green=$( tput setaf 2|| tput AF 2 )
export yellow=$( tput setaf 3|| tput AF 3 )
@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
colors
fi
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() {
local retval
true ${blue}
@ -73,19 +73,19 @@ fi
# Display messages in color
# ------------------------------------------------------------------------------
info() {
[[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
}
debug() {
[[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
}
warn() {
[[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
}
error() {
[[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
}
# ------------------------------------------------------------------------------
@ -278,7 +278,7 @@ buildStepExec() {
script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
if [ -f "${script}" ]; then
[[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
[[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
# Execute $script
"${script}"
@ -372,7 +372,7 @@ buildStep() {
}
# ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR
# Copy extra file tree to ${INSTALLDIR}
# TODO: Allow copy per step (04_install_qubes.sh-files)
#
# To set file permissions is a PITA since git won't save them and will
@ -385,7 +385,7 @@ buildStep() {
# 5. Manually create facl backup used after copying: getfacl -R . > .facl
# 6. If git complains; reset file ownership back to user. The .facl file stored
# the file permissions and will be used to reset the file permissions after
# they get copied over to $INSTALLDIR
# they get copied over to ${INSTALLDIR}
# NOTE: Don't forget to redo this process if you add -OR- remove files
# ------------------------------------------------------------------------------
copyTree() {

@ -4,19 +4,19 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
@ -26,17 +26,17 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------
debug "Determine if $IMG should be reused or deleted..."
if [ -f "$IMG" ]; then
debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting $IMG"
rm -f "$IMG"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting ${IMG}"
rm -f "${IMG}"
fi
# Umount image; don't fail if its already umounted
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
fi
# ------------------------------------------------------------------------------

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,13 +23,13 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install base debian system
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; }
chroot "$INSTALLDIR" chmod 0666 "/dev/null"
touch "$INSTALLDIR/tmp/.prepared_debootstrap"
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
fi
# ------------------------------------------------------------------------------

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,30 +19,30 @@ fi
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
exit 1
fi
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || :
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "${INSTALLDIR}" || :
exit 1
}
trap cleanup ERR
@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022)
@ -68,30 +68,30 @@ EOF
# ------------------------------------------------------------------------------
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update
chroot "${INSTALLDIR}" apt-get update
true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
@ -102,20 +102,20 @@ keyboard-configuration keyboard-configuration/optionscode string
EOF
# ------------------------------------------------------------------------------
# Install extra packages in script_$DEBIANVERSION/packages.list file
# Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
exit 1
fi
for package_list in "${packages_list[@]}"; do
debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list"
xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
done
# ------------------------------------------------------------------------------
@ -132,51 +132,51 @@ EOF
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
debug "Installing systemd for debian ($DEBIANVERSION)"
if [ "$DEBIANVERSION" == "wheezy" ]; then
debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
fi
# Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit
chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed
cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit"
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
chroot "$INSTALLDIR" apt-get update
chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv
chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
# ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------
#chroot "$INSTALLDIR" systemctl set-default multi-user.target
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
#chroot "${INSTALLDIR}" systemctl set-default multi-user.target
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then
if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
chroot $INSTALLDIR apt-get update
chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers
chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
fi
# ------------------------------------------------------------------------------
@ -184,15 +184,15 @@ EOF
# ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
touch "$INSTALLDIR/tmp/.prepared_groups"
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "${INSTALLDIR}/tmp/.prepared_groups"
trap - ERR EXIT
trap
# Kill all processes and umount all mounts within $INSTALLDIR,
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being
# Kill all processes and umount all mounts within ${INSTALLDIR},
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself)
umount_kill "$INSTALLDIR/" || :
umount_kill "${INSTALLDIR}/" || :
fi
# ------------------------------------------------------------------------------

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,7 +19,7 @@ fi
# ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting"
exit 1
fi
@ -27,7 +27,7 @@ fi
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
@ -37,32 +37,32 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install Qubes Packages
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules"
# --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# --------------------------------------------------------------------------
cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# --------------------------------------------------------------------------
# Generate locales
# --------------------------------------------------------------------------
debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen"
chroot "$INSTALLDIR" locale-gen
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "${INSTALLDIR}" locale-gen
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
debug "Updating template fstab file..."
cat >> "$INSTALLDIR/etc/fstab" <<EOF
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
@ -82,106 +82,106 @@ EOF
# --------------------------------------------------------------------------
# Link mtab
# --------------------------------------------------------------------------
rm -f "$INSTALLDIR/etc/mtab"
ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab"
rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# --------------------------------------------------------------------------
# Create modules directory
# --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/lib/modules"
mkdir -p "${INSTALLDIR}/lib/modules"
# --------------------------------------------------------------------------
# Start of Qubes package installation
# --------------------------------------------------------------------------
debug "Installing qubes packages"
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST"
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# --------------------------------------------------------------------------
# Install keyrings
# --------------------------------------------------------------------------
if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then
mkdir -p "$CACHEDIR"
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes builder
Expire-Date: 0
%pubring $CACHEDIR/repo-pubring.gpg
%secring $CACHEDIR/repo-secring.gpg
%pubring ${CACHEDIR}/repo-pubring.gpg
%secring ${CACHEDIR}/repo-secring.gpg
%commit
EOF
fi
gpg -abs --no-default-keyring \
--secret-keyring "$CACHEDIR/repo-secring.gpg" \
--keyring "$CACHEDIR/repo-pubring.gpg" \
-o "$CUSTOMREPO/dists/$DIST/Release.gpg" \
"$CUSTOMREPO/dists/$DIST/Release"
cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"${CUSTOMREPO}/dists/${DIST}/Release"
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# --------------------------------------------------------------------------
# Mount local qubes_repo
# --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/tmp/qubes_repo"
mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo"
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# --------------------------------------------------------------------------
# Include qubes repo for apt
# --------------------------------------------------------------------------
cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo $DEBIANVERSION main
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo ${DEBIANVERSION} main
EOF
# --------------------------------------------------------------------------
# Update system; exit is not successful
# --------------------------------------------------------------------------
chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; }
chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Install Qubes packages
# --------------------------------------------------------------------------
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \
{ umount_kill "$INSTALLDIR"; exit 1; }
chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
{ umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Remove Quebes repo from sources.list.d
# --------------------------------------------------------------------------
rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list
umount_kill "$INSTALLDIR/tmp/qubes_repo"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
chroot "$INSTALLDIR" apt-get update || exit 1
rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
chroot "${INSTALLDIR}" apt-get update || exit 1
# --------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
# --------------------------------------------------------------------------
rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d"
rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
# --------------------------------------------------------------------------
# Qubes needs a user named 'user'
# --------------------------------------------------------------------------
if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then
if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
:
else
chroot "$INSTALLDIR" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
fi
# --------------------------------------------------------------------------
# Modules setup
# --------------------------------------------------------------------------
echo "xen_netfront" >> "$INSTALLDIR/etc/modules"
echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile"
sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# --------------------------------------------------------------------------
# Need a xen log directory or xen scripts will fail
# --------------------------------------------------------------------------
mkdir -p -m 0700 "$INSTALLDIR/var/log/xen"
mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains:
@ -195,6 +195,8 @@ EOF
# --------------------------------------------------------------------------
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
fi
# ------------------------------------------------------------------------------
@ -203,8 +205,8 @@ fi
buildStep "$0" "post"
# ------------------------------------------------------------------------------
# Kill all processes and umount all mounts within $INSTALLDIR, but not
# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself)
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
# ------------------------------------------------------------------------------
umount_kill "$INSTALLDIR/" || :
umount_kill "${INSTALLDIR}/" || :

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,9 +23,9 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Cleanup any left over files from installation
# ------------------------------------------------------------------------------
rm -rf "INSTALLDIR/var/cache/apt/archives/*"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# XXX: Whats this for?
rm -rf buildchroot

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,4 +23,4 @@ fi
# Disable gnome network-manager since it will prevent networking
# ------------------------------------------------------------------------------
debug "Disabling gnome network-manager"
chroot "$INSTALLDIR" systemctl disable network-manager
chroot "${INSTALLDIR}" systemctl disable network-manager

@ -8,7 +8,7 @@
# The codename of the debian version to install.
# jessie = testing, wheezy = stable
DEBIANVERSION=$DIST
DEBIANVERSION=${DIST}
# Location to grab debian packages
#DEBIAN_MIRROR=http://http.debian.net/debian
@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
# XXX: Is this even used?
# make runs the scripts with sudo -E, so HOME is set to /home/user during
# build, which does not exist. We need to write to $HOME/.gnupg so set it
# build, which does not exist. We need to write to ${HOME}/.gnupg so set it
# to something valid.
HOME=/root

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,10 +19,10 @@ fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

@ -24,9 +24,9 @@ FILES=(
# sed search and replace. return 0 if replace happened, otherwise 1
search_replace() {
local search="$1"
local replace="$2"
local file="$3"
local search="${1}"
local replace="${2}"
local file="${3}"
local retval=1
if ! [ -L "${file}" ]; then
@ -36,7 +36,7 @@ search_replace() {
chattr -i "${file}"
fi
fi
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
retval=$?
@ -55,8 +55,8 @@ function replace_ips()
local restart_tor=0
# If IP is 10.152.152.10, network is 10.152.152.0
replace_network="${replace_ip%.*}.0"
search_network="${search_ip%.*}.0"
search_network="${search_ip%[.]*}.0"
replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do
@ -68,7 +68,10 @@ function replace_ips()
if [ "${restart_tor}" == "1" ]; then
echo "${replace_ip}" > /etc/whonix-netvm-gateway
service tor restart
grep "^DisableNetwork 0$" /etc/tor/torrc && {
service tor reload || true;
#sleep 1;
}
fi
fi
}

@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
INTERFACE="eth1"
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment
@ -100,3 +100,22 @@ export INT_TIF="vif+"
# Route any traffic FROM netvm TO netvm BACK-TO localhost
# Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
enable() {
servicename=${1}
grep "^DisableNetwork 0$" /etc/tor/torrc && {
# Check to see if the service is already enabled and if not, enable it
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
echo "${1} is currently disabled; enabling it"
systemctl --quiet enable ${servicename}
fi
}
}
#enable tor
#enable whonixcheck
#enable sdwdate

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,12 +19,12 @@ fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip"
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

@ -16,20 +16,20 @@
# Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then
if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
# ------------------------------------------------------------------------------
manage_snapshot() {
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Remove old snapshots if whonix completed
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
warn "Removing stale snapshots"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
rm -rf "$debootstrap_snapshot"
rm -rf "$updated_snapshot"
return
fi
warn "Copying $1 to $IMG"
mount -o loop "$1" "$INSTALLDIR" || exit 1
rm -f "$INSTALLDIR/tmp/.prepared_groups"
umount_kill "$INSTALLDIR" || :
cp -f "$1" "$IMG"
warn "Copying $1 to ${IMG}"
mount -o loop "$1" "${INSTALLDIR}" || exit 1
rm -f "${INSTALLDIR}/tmp/.prepared_groups"
umount_kill "${INSTALLDIR}" || :
cp -f "$1" "${IMG}"
}
splitPath "$IMG" path_parts
splitPath "${IMG}" path_parts
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"

@ -5,20 +5,20 @@
# Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then
if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -27,12 +27,12 @@ fi
# ------------------------------------------------------------------------------
# Create a snapshot of the already debootstraped image
# ------------------------------------------------------------------------------
splitPath "$IMG" path_parts
splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
umount_kill "$INSTALLDIR" || :
warn "Copying $IMG to $PREPARED_IMG"
cp -f "$IMG" "$PREPARED_IMG"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
umount_kill "${INSTALLDIR}" || :
warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
fi

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -20,16 +20,16 @@ fi
# XXX: Create a snapshot - Only for DEBUGGING!
# ------------------------------------------------------------------------------
# Only execute if SNAPSHOT is set
if [ "$SNAPSHOT" == "1" ]; then
splitPath "$IMG" path_parts
if [ "${SNAPSHOT}" == "1" ]; then
splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
umount_kill "$INSTALLDIR" || :
warn "Copying $IMG to $PREPARED_IMG"
cp -f "$IMG" "$PREPARED_IMG"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
umount_kill "${INSTALLDIR}" || :
warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
fi
fi
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd
################################################################################
# Post Fixups
set -e
pushd /etc/network
sudo rm -f interfaces
sudo ln -s interfaces.backup interfaces
popd
pushd /etc
sudo rm -f resolv.conf
sudo cp -p resolv.conf.backup resolv.conf
popd
# Enable Tor
if [ "${1}" == "--torgateway" ]; then
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
fi
# Fake that whonixsetup was already run
sudo mkdir -p /var/lib/whonix/do_once
sudo touch /var/lib/whonix/do_once/whonixsetup.done
# Fake that initializer was already run
sudo mkdir -p /root/.whonix
sudo touch /root/.whonix/first_run_initializer.done
# Prevent whonixcheck error
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
sudo update-rc.d network-manager disable
sudo update-rc.d spice-vdagent disable
sudo update-rc.d swap-file-creator disable
sudo update-rc.d whonix-initializer disable
# Remove original sources.list
sudo rm -f /etc/apt/sources.list
sudo apt-get.anondist-orig update
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
sudo touch "/tmp/.prepared_whonix"
EOF
# ------------------------------------------------------------------------------
@ -164,8 +117,8 @@ EOF
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Whonix error; umounting $INSTALLDIR to prevent further writes"
umount_kill "$INSTALLDIR" || :
error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
umount_kill "${INSTALLDIR}" || :
exit 1
}
trap cleanup ERR
@ -174,15 +127,15 @@ trap cleanup EXIT
# ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
info "Installing Whonix system"
if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
info "Preparing Whonix system"
# --------------------------------------------------------------------------
# Initialize Whonix submodules
# --------------------------------------------------------------------------
pushd "$WHONIX_DIR"
pushd "${WHONIX_DIR}"
{
su $(logname) -c "git submodule update --init --recursive"
su $(logname) -c "git submodule update --init --recursive";
}
popd
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
}
# Patch anon-meta-packages to not depend on grub-pc
pushd "$WHONIX_DIR"
pushd "${WHONIX_DIR}"
{
search_replace "grub-pc" "" "grml_packages" || :
}
popd
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{
search1=" grub-pc,"
replace=""
search1=" grub-pc,";
replace="";
#checkout_branch qubes
search_replace "$search1" "$replace" control && \
{
cd "$WHONIX_DIR/packages/anon-meta-packages"
cd "${WHONIX_DIR}/packages/anon-meta-packages";
:
#sudo -E -u $(logname) make deb-pkg || :
#su $(logname) -c "dpkg-source --commit" || :
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
}
popd
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{
search1="update-grub"
replace=":"
search1="update-grub";
replace=":";
#checkout_branch qubes
search_replace "$search1" "$replace" 85_update_grub && \
{
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub"
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u $(logname) make deb-pkg || :
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"
#git add .
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . ;
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "$WHONIX_DIR/build-steps.d"
pushd "${WHONIX_DIR}/build-steps.d"
{
search1=" check_for_uncommited_changes"
replace=" #check_for_uncommited_changes"
search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes";
search_replace "$search1" "$replace" 1200_create-debian-packages || :
}
@ -264,112 +217,152 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# --------------------------------------------------------------------------
# Whonix system config dependancies
# --------------------------------------------------------------------------
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
#cannot stat `/boot/grub/grub.cfg': No such file or directory
# Qubes needs a user named 'user'
debug "Whonix Add user"
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \
chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
{
chroot "$INSTALLDIR" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
}
# Change hostname to 'host'
#debug "Whonix change host"
#echo "host" > "$INSTALLDIR/etc/hostname"
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
# Pin grub packages so they will not install
echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes"
#fi
# Install Whonix build scripts
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
# ------------------------------------------------------------------------------
# Copy over any extra files
# XXX: Moved to 02_install_groups_packages_installed.sh
# ------------------------------------------------------------------------------
copyTree "files"
touch "${INSTALLDIR}/tmp/.whonix_prepared"
fi
# ------------------------------------------------------------------------------
# Install Whonix
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
info "Installing Whonix system"
# --------------------------------------------------------------------------
# Install Whonix system
# Install Whonix code base
# --------------------------------------------------------------------------
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Installing Whonix build environment..."
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
fi
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Building Whonix..."
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
# XXX: Does this break Whonix build?
# Install apt-get preferences
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
# Pin grub packages so they will not install
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
# Install Whonix build scripts
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
fi
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; }
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "chroot /home/user/Whonix directory does not exist... exiting!"
exit
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/tmp/.whonix_installed"
fi
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts
# Whonix Post Installation Configurations
# ------------------------------------------------------------------------------
buildStep "99_custom_configuration.sh"
if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
info "Post Configuring Whonix System"
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
# Enable Tor
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
fi
# Fake that whonixsetup was already run
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix"
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
# Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
# Disable unwanted applications
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
# Remove original sources.list
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig update
touch "${INSTALLDIR}/tmp/.whonix_post"
fi
# XXX: Why do I need to move them out of the way? Lets try keeping them
# in place (modify post script too)
# ------------------------------------------------------------------------------
# Move Whonix sources out of way
# Execute any template flavor or sub flavor scripts
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
buildStep "99_custom_configuration.sh"
# ------------------------------------------------------------------------------
# Bring back original apt-get for installation of Qubues
# ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
rm "$INSTALLDIR/usr/bin/apt-get"
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get"
fi
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist-orig apt-get;
}
popd
# ------------------------------------------------------------------------------
# Make sure the temporary policy-rc.d to prevent apt from starting services
# on package installation is still active; Whonix may have reset it
# ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Leave cleanup to calling function

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -22,41 +22,27 @@ fi
# ------------------------------------------------------------------------------
# Restore Whonix apt-get
# ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
rm "$INSTALLDIR/usr/bin/apt-get"