Code cleanup - whonix* not tested
This commit is contained in:
parent
fd7bc22a16
commit
c238716d6a
18
functions.sh
18
functions.sh
@ -28,7 +28,7 @@ colors() {
|
||||
export blink=$( tput blink || tput mb ) # Start blinking
|
||||
export italic=$( tput sitm || tput ZH ) # Start italic
|
||||
export eitalic=$( tput ritm || tput ZR ) # End italic
|
||||
[[ $TERM != *-m ]] && {
|
||||
[[ ${TERM} != *-m ]] && {
|
||||
export red=$( tput setaf 1|| tput AF 1 )
|
||||
export green=$( tput setaf 2|| tput AF 2 )
|
||||
export yellow=$( tput setaf 3|| tput AF 3 )
|
||||
@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
|
||||
colors
|
||||
fi
|
||||
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
chroot() {
|
||||
local retval
|
||||
true ${blue}
|
||||
@ -73,19 +73,19 @@ fi
|
||||
# Display messages in color
|
||||
# ------------------------------------------------------------------------------
|
||||
info() {
|
||||
[[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
|
||||
[[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
|
||||
}
|
||||
|
||||
debug() {
|
||||
[[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
|
||||
[[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
|
||||
}
|
||||
|
||||
warn() {
|
||||
[[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
|
||||
[[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
|
||||
}
|
||||
|
||||
error() {
|
||||
[[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
|
||||
[[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -278,7 +278,7 @@ buildStepExec() {
|
||||
script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
|
||||
|
||||
if [ -f "${script}" ]; then
|
||||
[[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
|
||||
[[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
|
||||
|
||||
# Execute $script
|
||||
"${script}"
|
||||
@ -372,7 +372,7 @@ buildStep() {
|
||||
}
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Copy extra file tree to $INSTALLDIR
|
||||
# Copy extra file tree to ${INSTALLDIR}
|
||||
# TODO: Allow copy per step (04_install_qubes.sh-files)
|
||||
#
|
||||
# To set file permissions is a PITA since git won't save them and will
|
||||
@ -385,7 +385,7 @@ buildStep() {
|
||||
# 5. Manually create facl backup used after copying: getfacl -R . > .facl
|
||||
# 6. If git complains; reset file ownership back to user. The .facl file stored
|
||||
# the file permissions and will be used to reset the file permissions after
|
||||
# they get copied over to $INSTALLDIR
|
||||
# they get copied over to ${INSTALLDIR}
|
||||
# NOTE: Don't forget to redo this process if you add -OR- remove files
|
||||
# ------------------------------------------------------------------------------
|
||||
copyTree() {
|
||||
|
@ -4,19 +4,19 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
fi
|
||||
INSTALLDIR="$(readlink -m mnt)"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Execute any template flavor or sub flavor 'pre' scripts
|
||||
@ -26,17 +26,17 @@ buildStep "$0" "pre"
|
||||
# ------------------------------------------------------------------------------
|
||||
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Determine if $IMG should be reused or deleted..."
|
||||
if [ -f "$IMG" ]; then
|
||||
debug "Determine if ${IMG} should be reused or deleted..."
|
||||
if [ -f "${IMG}" ]; then
|
||||
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
|
||||
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
|
||||
warn "Last build failed. Deleting $IMG"
|
||||
rm -f "$IMG"
|
||||
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
||||
warn "Last build failed. Deleting ${IMG}"
|
||||
rm -f "${IMG}"
|
||||
fi
|
||||
|
||||
# Umount image; don't fail if its already umounted
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
@ -4,12 +4,12 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -23,13 +23,13 @@ buildStep "$0" "pre"
|
||||
# ------------------------------------------------------------------------------
|
||||
# Install base debian system
|
||||
# ------------------------------------------------------------------------------
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
||||
debug "Installing base ${DEBIANVERSION} system"
|
||||
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
|
||||
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
|
||||
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; }
|
||||
chroot "$INSTALLDIR" chmod 0666 "/dev/null"
|
||||
touch "$INSTALLDIR/tmp/.prepared_debootstrap"
|
||||
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
|
||||
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
|
||||
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
@ -4,13 +4,13 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -19,30 +19,30 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# If .prepared_debootstrap has not been completed, don't continue
|
||||
# ------------------------------------------------------------------------------
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
|
||||
error "prepared_debootstrap installataion has not completed!... Exiting"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Mount system mount points
|
||||
# ------------------------------------------------------------------------------
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Execute any template flavor or sub flavor 'pre' scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
buildStep "$0" "pre"
|
||||
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
|
||||
# ------------------------------------------------------------------------------
|
||||
# Cleanup function
|
||||
# ------------------------------------------------------------------------------
|
||||
function cleanup() {
|
||||
error "Install groups error and umount"
|
||||
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
exit 1
|
||||
}
|
||||
trap cleanup ERR
|
||||
@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
|
||||
# Set up a temporary policy-rc.d to prevent apt from starting services
|
||||
# on package installation
|
||||
# ------------------------------------------------------------------------------
|
||||
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
|
||||
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
|
||||
#!/bin/sh
|
||||
return 101 # Action forbidden by policy
|
||||
EOF
|
||||
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
|
||||
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Ensure umask set in /etc/login.defs is used (022)
|
||||
@ -68,30 +68,30 @@ EOF
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Adding debian-security repository."
|
||||
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
|
||||
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
|
||||
touch "$INSTALLDIR/etc/apt/sources.list"
|
||||
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
|
||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||
fi
|
||||
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
|
||||
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
|
||||
touch "$INSTALLDIR/etc/apt/sources.list"
|
||||
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
|
||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Upgrade system
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Upgrading system"
|
||||
chroot "$INSTALLDIR" apt-get update
|
||||
chroot "${INSTALLDIR}" apt-get update
|
||||
true "${stout}"
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
|
||||
chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configure keyboard
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Setting keyboard layout"
|
||||
chroot "$INSTALLDIR" debconf-set-selections <<EOF
|
||||
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
|
||||
keyboard-configuration keyboard-configuration/variant select English (US)
|
||||
keyboard-configuration keyboard-configuration/layout select English (US)
|
||||
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
|
||||
@ -102,20 +102,20 @@ keyboard-configuration keyboard-configuration/optionscode string
|
||||
EOF
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Install extra packages in script_$DEBIANVERSION/packages.list file
|
||||
# Install extra packages in script_${DEBIANVERSION}/packages.list file
|
||||
# -and / or- TEMPLATE_FLAVOR directories
|
||||
# ------------------------------------------------------------------------------
|
||||
getFileLocations packages_list "packages.list" "${DIST}"
|
||||
if [ -z "${packages_list}" ]; then
|
||||
error "Can not locate a package.list file!"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
exit 1
|
||||
fi
|
||||
|
||||
for package_list in "${packages_list[@]}"; do
|
||||
debug "Installing extra packages from: ${package_list}"
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list"
|
||||
xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
|
||||
done
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -132,51 +132,51 @@ EOF
|
||||
# For jessie and newer, sysvinit is provided by sysvinit-core which
|
||||
# is not an essential package.
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Installing systemd for debian ($DEBIANVERSION)"
|
||||
if [ "$DEBIANVERSION" == "wheezy" ]; then
|
||||
debug "Installing systemd for debian (${DEBIANVERSION})"
|
||||
if [ "${DEBIANVERSION}" == "wheezy" ]; then
|
||||
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
|
||||
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
|
||||
else
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
|
||||
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
|
||||
fi
|
||||
|
||||
# Prevent sysvinit from being re-installed
|
||||
debug "Preventing sysvinit re-installation"
|
||||
chroot "$INSTALLDIR" apt-mark hold sysvinit
|
||||
chroot "${INSTALLDIR}" apt-mark hold sysvinit
|
||||
|
||||
# Pin sysvinit to prevent being re-installed
|
||||
cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF
|
||||
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
|
||||
Package: sysvinit
|
||||
Pin: version *
|
||||
Pin-Priority: -100
|
||||
EOF
|
||||
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit"
|
||||
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
|
||||
|
||||
chroot "$INSTALLDIR" apt-get update
|
||||
chroot "${INSTALLDIR}" apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv
|
||||
chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Set multu-user.target as the default target (runlevel 3)
|
||||
# ------------------------------------------------------------------------------
|
||||
#chroot "$INSTALLDIR" systemctl set-default multi-user.target
|
||||
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target
|
||||
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
#chroot "${INSTALLDIR}" systemctl set-default multi-user.target
|
||||
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
|
||||
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Qubes is now being built with some SID packages; grab backport for wheezy
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$DEBIANVERSION" == "wheezy" ]; then
|
||||
if [ "${DEBIANVERSION}" == "wheezy" ]; then
|
||||
debug "Adding wheezy backports repository."
|
||||
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
|
||||
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
|
||||
touch "$INSTALLDIR/etc/apt/sources.list"
|
||||
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
|
||||
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
|
||||
touch "${INSTALLDIR}/etc/apt/sources.list"
|
||||
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
|
||||
fi
|
||||
chroot $INSTALLDIR apt-get update
|
||||
chroot ${INSTALLDIR} apt-get update
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers
|
||||
chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -184,15 +184,15 @@ EOF
|
||||
# ------------------------------------------------------------------------------
|
||||
# Remove temporary policy layer so services can start normally in the
|
||||
# deployed template.
|
||||
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
|
||||
touch "$INSTALLDIR/tmp/.prepared_groups"
|
||||
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
||||
touch "${INSTALLDIR}/tmp/.prepared_groups"
|
||||
trap - ERR EXIT
|
||||
trap
|
||||
|
||||
# Kill all processes and umount all mounts within $INSTALLDIR,
|
||||
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being
|
||||
# Kill all processes and umount all mounts within ${INSTALLDIR},
|
||||
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
|
||||
# umounted itself)
|
||||
umount_kill "$INSTALLDIR/" || :
|
||||
umount_kill "${INSTALLDIR}/" || :
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
|
@ -4,13 +4,13 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -19,7 +19,7 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# If .prepared_groups has not been completed, don't continue
|
||||
# ------------------------------------------------------------------------------
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
|
||||
error "prepared_groups installataion has not completed!... Exiting"
|
||||
exit 1
|
||||
fi
|
||||
@ -27,7 +27,7 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# Mount system mount points
|
||||
# ------------------------------------------------------------------------------
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Execute any template flavor or sub flavor 'pre' scripts
|
||||
@ -37,32 +37,32 @@ buildStep "$0" "pre"
|
||||
# ------------------------------------------------------------------------------
|
||||
# Install Qubes Packages
|
||||
# ------------------------------------------------------------------------------
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
|
||||
debug "Installing qbues modules"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Set up a temporary policy-rc.d to prevent apt from starting services
|
||||
# on package installation
|
||||
# --------------------------------------------------------------------------
|
||||
cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF
|
||||
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
|
||||
#!/bin/sh
|
||||
return 101 # Action forbidden by policy
|
||||
EOF
|
||||
chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d
|
||||
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Generate locales
|
||||
# --------------------------------------------------------------------------
|
||||
debug "Generate locales"
|
||||
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen"
|
||||
chroot "$INSTALLDIR" locale-gen
|
||||
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8
|
||||
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
|
||||
chroot "${INSTALLDIR}" locale-gen
|
||||
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Update /etc/fstab
|
||||
# --------------------------------------------------------------------------
|
||||
debug "Updating template fstab file..."
|
||||
cat >> "$INSTALLDIR/etc/fstab" <<EOF
|
||||
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
|
||||
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
|
||||
/dev/xvdc1 swap swap defaults 0 0
|
||||
|
||||
@ -82,106 +82,106 @@ EOF
|
||||
# --------------------------------------------------------------------------
|
||||
# Link mtab
|
||||
# --------------------------------------------------------------------------
|
||||
rm -f "$INSTALLDIR/etc/mtab"
|
||||
ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab"
|
||||
rm -f "${INSTALLDIR}/etc/mtab"
|
||||
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Create modules directory
|
||||
# --------------------------------------------------------------------------
|
||||
mkdir -p "$INSTALLDIR/lib/modules"
|
||||
mkdir -p "${INSTALLDIR}/lib/modules"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Start of Qubes package installation
|
||||
# --------------------------------------------------------------------------
|
||||
debug "Installing qubes packages"
|
||||
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST"
|
||||
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Install keyrings
|
||||
# --------------------------------------------------------------------------
|
||||
if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then
|
||||
mkdir -p "$CACHEDIR"
|
||||
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
|
||||
mkdir -p "${CACHEDIR}"
|
||||
gpg --gen-key --batch <<EOF
|
||||
Key-Type: RSA
|
||||
Key-Length: 1024
|
||||
Key-Usage: sign
|
||||
Name-Real: Qubes builder
|
||||
Expire-Date: 0
|
||||
%pubring $CACHEDIR/repo-pubring.gpg
|
||||
%secring $CACHEDIR/repo-secring.gpg
|
||||
%pubring ${CACHEDIR}/repo-pubring.gpg
|
||||
%secring ${CACHEDIR}/repo-secring.gpg
|
||||
%commit
|
||||
EOF
|
||||
fi
|
||||
gpg -abs --no-default-keyring \
|
||||
--secret-keyring "$CACHEDIR/repo-secring.gpg" \
|
||||
--keyring "$CACHEDIR/repo-pubring.gpg" \
|
||||
-o "$CUSTOMREPO/dists/$DIST/Release.gpg" \
|
||||
"$CUSTOMREPO/dists/$DIST/Release"
|
||||
cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
|
||||
--keyring "${CACHEDIR}/repo-pubring.gpg" \
|
||||
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
|
||||
"${CUSTOMREPO}/dists/${DIST}/Release"
|
||||
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Mount local qubes_repo
|
||||
# --------------------------------------------------------------------------
|
||||
mkdir -p "$INSTALLDIR/tmp/qubes_repo"
|
||||
mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo"
|
||||
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
|
||||
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Include qubes repo for apt
|
||||
# --------------------------------------------------------------------------
|
||||
cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF
|
||||
deb file:/tmp/qubes_repo $DEBIANVERSION main
|
||||
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
|
||||
deb file:/tmp/qubes_repo ${DEBIANVERSION} main
|
||||
EOF
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Update system; exit is not successful
|
||||
# --------------------------------------------------------------------------
|
||||
chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; }
|
||||
chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Install Qubes packages
|
||||
# --------------------------------------------------------------------------
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \
|
||||
{ umount_kill "$INSTALLDIR"; exit 1; }
|
||||
chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
|
||||
{ umount_kill "${INSTALLDIR}"; exit 1; }
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Remove Quebes repo from sources.list.d
|
||||
# --------------------------------------------------------------------------
|
||||
rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list
|
||||
umount_kill "$INSTALLDIR/tmp/qubes_repo"
|
||||
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
|
||||
chroot "$INSTALLDIR" apt-get update || exit 1
|
||||
rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
|
||||
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
|
||||
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
||||
chroot "${INSTALLDIR}" apt-get update || exit 1
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Remove temporary policy layer so services can start normally in the
|
||||
# deployed template.
|
||||
# --------------------------------------------------------------------------
|
||||
rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d"
|
||||
rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Qubes needs a user named 'user'
|
||||
# --------------------------------------------------------------------------
|
||||
if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then
|
||||
if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
|
||||
:
|
||||
else
|
||||
chroot "$INSTALLDIR" groupadd -f user
|
||||
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
||||
chroot "${INSTALLDIR}" groupadd -f user
|
||||
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
||||
fi
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Modules setup
|
||||
# --------------------------------------------------------------------------
|
||||
echo "xen_netfront" >> "$INSTALLDIR/etc/modules"
|
||||
echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Remove `mesg` from root/.profile?
|
||||
# --------------------------------------------------------------------------
|
||||
sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile"
|
||||
sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Need a xen log directory or xen scripts will fail
|
||||
# --------------------------------------------------------------------------
|
||||
mkdir -p -m 0700 "$INSTALLDIR/var/log/xen"
|
||||
mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Copy extra files to installation directory. Contains:
|
||||
@ -195,6 +195,8 @@ EOF
|
||||
# --------------------------------------------------------------------------
|
||||
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
|
||||
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
|
||||
|
||||
touch "${INSTALLDIR}/tmp/.prepared_qubes"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -203,8 +205,8 @@ fi
|
||||
buildStep "$0" "post"
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Kill all processes and umount all mounts within $INSTALLDIR, but not
|
||||
# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself)
|
||||
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
|
||||
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
|
||||
# ------------------------------------------------------------------------------
|
||||
umount_kill "$INSTALLDIR/" || :
|
||||
umount_kill "${INSTALLDIR}/" || :
|
||||
|
||||
|
@ -4,12 +4,12 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -23,9 +23,9 @@ buildStep "$0" "pre"
|
||||
# ------------------------------------------------------------------------------
|
||||
# Cleanup any left over files from installation
|
||||
# ------------------------------------------------------------------------------
|
||||
rm -rf "INSTALLDIR/var/cache/apt/archives/*"
|
||||
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
|
||||
rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
|
||||
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
|
||||
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
|
||||
|
||||
# XXX: Whats this for?
|
||||
rm -rf buildchroot
|
||||
|
@ -8,12 +8,12 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -23,4 +23,4 @@ fi
|
||||
# Disable gnome network-manager since it will prevent networking
|
||||
# ------------------------------------------------------------------------------
|
||||
debug "Disabling gnome network-manager"
|
||||
chroot "$INSTALLDIR" systemctl disable network-manager
|
||||
chroot "${INSTALLDIR}" systemctl disable network-manager
|
||||
|
@ -8,7 +8,7 @@
|
||||
|
||||
# The codename of the debian version to install.
|
||||
# jessie = testing, wheezy = stable
|
||||
DEBIANVERSION=$DIST
|
||||
DEBIANVERSION=${DIST}
|
||||
|
||||
# Location to grab debian packages
|
||||
#DEBIAN_MIRROR=http://http.debian.net/debian
|
||||
@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
|
||||
|
||||
# XXX: Is this even used?
|
||||
# make runs the scripts with sudo -E, so HOME is set to /home/user during
|
||||
# build, which does not exist. We need to write to $HOME/.gnupg so set it
|
||||
# build, which does not exist. We need to write to ${HOME}/.gnupg so set it
|
||||
# to something valid.
|
||||
HOME=/root
|
||||
|
@ -4,13 +4,13 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -19,10 +19,10 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# whonix-netvm-gateway contains last known IP used to search and replace
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
|
||||
if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
|
||||
# --------------------------------------------------------------------------
|
||||
# Install Custom Configurations
|
||||
# --------------------------------------------------------------------------
|
||||
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
|
||||
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
|
||||
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
|
||||
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
|
||||
fi
|
||||
|
@ -24,9 +24,9 @@ FILES=(
|
||||
|
||||
# sed search and replace. return 0 if replace happened, otherwise 1
|
||||
search_replace() {
|
||||
local search="$1"
|
||||
local replace="$2"
|
||||
local file="$3"
|
||||
local search="${1}"
|
||||
local replace="${2}"
|
||||
local file="${3}"
|
||||
local retval=1
|
||||
|
||||
if ! [ -L "${file}" ]; then
|
||||
@ -36,7 +36,7 @@ search_replace() {
|
||||
chattr -i "${file}"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
|
||||
retval=$?
|
||||
|
||||
@ -55,8 +55,8 @@ function replace_ips()
|
||||
local restart_tor=0
|
||||
|
||||
# If IP is 10.152.152.10, network is 10.152.152.0
|
||||
replace_network="${replace_ip%.*}.0"
|
||||
search_network="${search_ip%.*}.0"
|
||||
search_network="${search_ip%[.]*}.0"
|
||||
replace_network="${replace_ip%[.]*}.0"
|
||||
|
||||
if ! [ "${search_ip}" == "${replace_ip}" ]; then
|
||||
for file in "${files[@]}"; do
|
||||
@ -68,7 +68,10 @@ function replace_ips()
|
||||
|
||||
if [ "${restart_tor}" == "1" ]; then
|
||||
echo "${replace_ip}" > /etc/whonix-netvm-gateway
|
||||
service tor restart
|
||||
grep "^DisableNetwork 0$" /etc/tor/torrc && {
|
||||
service tor reload || true;
|
||||
#sleep 1;
|
||||
}
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
|
||||
else
|
||||
XENSTORE_READ="/usr/bin/xenstore-read"
|
||||
fi
|
||||
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
|
||||
|
||||
INTERFACE="eth1"
|
||||
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
|
||||
|
||||
# Create a dummy eth1 interface so tor can bind to it if there
|
||||
# are no DOMU virtual machines connected at the moment
|
||||
@ -100,3 +100,22 @@ export INT_TIF="vif+"
|
||||
# Route any traffic FROM netvm TO netvm BACK-TO localhost
|
||||
# Allows localhost access to tor network
|
||||
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
|
||||
|
||||
enable() {
|
||||
servicename=${1}
|
||||
|
||||
grep "^DisableNetwork 0$" /etc/tor/torrc && {
|
||||
# Check to see if the service is already enabled and if not, enable it
|
||||
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
|
||||
|
||||
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
|
||||
echo "${1} is currently disabled; enabling it"
|
||||
systemctl --quiet enable ${servicename}
|
||||
fi
|
||||
}
|
||||
}
|
||||
|
||||
#enable tor
|
||||
#enable whonixcheck
|
||||
#enable sdwdate
|
||||
|
||||
|
@ -4,13 +4,13 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -19,12 +19,12 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# whonix-netvm-gateway contains last known IP used to search and replace
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
|
||||
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
|
||||
# --------------------------------------------------------------------------
|
||||
# Install Custom Configurations
|
||||
# --------------------------------------------------------------------------
|
||||
echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip"
|
||||
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
|
||||
echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
|
||||
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
|
||||
|
||||
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
|
||||
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
|
||||
fi
|
||||
|
@ -16,20 +16,20 @@
|
||||
# Return if SNAPSHOT is not "1"
|
||||
# ------------------------------------------------------------------------------
|
||||
# This script is only used if SNAPSHOT is set
|
||||
if [ ! "$SNAPSHOT" == "1" ]; then
|
||||
if [ ! "${SNAPSHOT}" == "1" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
|
||||
# ------------------------------------------------------------------------------
|
||||
|
||||
manage_snapshot() {
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
|
||||
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
||||
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||
# Remove old snapshots if whonix completed
|
||||
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
|
||||
warn "Removing stale snapshots"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
rm -rf "$debootstrap_snapshot"
|
||||
rm -rf "$updated_snapshot"
|
||||
return
|
||||
fi
|
||||
|
||||
warn "Copying $1 to $IMG"
|
||||
mount -o loop "$1" "$INSTALLDIR" || exit 1
|
||||
rm -f "$INSTALLDIR/tmp/.prepared_groups"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
cp -f "$1" "$IMG"
|
||||
warn "Copying $1 to ${IMG}"
|
||||
mount -o loop "$1" "${INSTALLDIR}" || exit 1
|
||||
rm -f "${INSTALLDIR}/tmp/.prepared_groups"
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
cp -f "$1" "${IMG}"
|
||||
}
|
||||
|
||||
splitPath "$IMG" path_parts
|
||||
splitPath "${IMG}" path_parts
|
||||
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
|
||||
updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
|
||||
|
||||
|
@ -5,20 +5,20 @@
|
||||
# Return if SNAPSHOT is not "1"
|
||||
# ------------------------------------------------------------------------------
|
||||
# This script is only used if SNAPSHOT is set
|
||||
if [ ! "$SNAPSHOT" == "1" ]; then
|
||||
if [ ! "${SNAPSHOT}" == "1" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -27,12 +27,12 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
# Create a snapshot of the already debootstraped image
|
||||
# ------------------------------------------------------------------------------
|
||||
splitPath "$IMG" path_parts
|
||||
splitPath "${IMG}" path_parts
|
||||
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
|
||||
|
||||
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
warn "Copying $IMG to $PREPARED_IMG"
|
||||
cp -f "$IMG" "$PREPARED_IMG"
|
||||
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
||||
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
warn "Copying ${IMG} to ${PREPARED_IMG}"
|
||||
cp -f "${IMG}" "${PREPARED_IMG}"
|
||||
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||
fi
|
||||
|
@ -4,13 +4,13 @@
|
||||
# ------------------------------------------------------------------------------
|
||||
# Source external scripts
|
||||
# ------------------------------------------------------------------------------
|
||||
. $SCRIPTSDIR/vars.sh
|
||||
. ${SCRIPTSDIR}/vars.sh
|
||||
. ./umount_kill.sh >/dev/null
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
||||
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
||||
set -x
|
||||
else
|
||||
set -e
|
||||
@ -20,16 +20,16 @@ fi
|
||||
# XXX: Create a snapshot - Only for DEBUGGING!
|
||||
# ------------------------------------------------------------------------------
|
||||
# Only execute if SNAPSHOT is set
|
||||
if [ "$SNAPSHOT" == "1" ]; then
|
||||
splitPath "$IMG" path_parts
|
||||
if [ "${SNAPSHOT}" == "1" ]; then
|
||||
splitPath "${IMG}" path_parts
|
||||
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
|
||||
|
||||
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
warn "Copying $IMG to $PREPARED_IMG"
|
||||
cp -f "$IMG" "$PREPARED_IMG"
|
||||
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
|
||||
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
warn "Copying ${IMG} to ${PREPARED_IMG}"
|
||||
cp -f "${IMG}" "${PREPARED_IMG}"
|
||||
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
||||
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
||||
fi
|
||||
fi
|
||||
|
||||
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
|
||||
--minimal-report \
|
||||
--skip-sanity-tests || { exit 1; }
|
||||
popd
|
||||
|
||||
################################################################################
|
||||
# Post Fixups
|
||||
|
||||
set -e
|
||||
|
||||
pushd /etc/network
|
||||
sudo rm -f interfaces
|
||||
sudo ln -s interfaces.backup interfaces
|
||||
popd
|
||||
|
||||
pushd /etc
|
||||
sudo rm -f resolv.conf
|
||||
sudo cp -p resolv.conf.backup resolv.conf
|
||||
popd
|
||||
|
||||
# Enable Tor
|
||||
if [ "${1}" == "--torgateway" ]; then
|
||||
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
|
||||
fi
|
||||
|
||||
# Fake that whonixsetup was already run
|
||||
sudo mkdir -p /var/lib/whonix/do_once
|
||||
sudo touch /var/lib/whonix/do_once/whonixsetup.done
|
||||
|
||||
# Fake that initializer was already run
|
||||
sudo mkdir -p /root/.whonix
|
||||
sudo touch /root/.whonix/first_run_initializer.done
|
||||
|
||||
# Prevent whonixcheck error
|
||||
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
|
||||
|
||||
sudo update-rc.d network-manager disable
|
||||
sudo update-rc.d spice-vdagent disable
|
||||
sudo update-rc.d swap-file-creator disable
|
||||
sudo update-rc.d whonix-initializer disable
|
||||
|
||||
# Remove original sources.list
|
||||
sudo rm -f /etc/apt/sources.list
|
||||
sudo apt-get.anondist-orig update
|
||||
|
||||
# Remove apt-cacher-ng
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
|
||||
|
||||
sudo touch "/tmp/.prepared_whonix"
|
||||
|
||||
EOF
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -164,8 +117,8 @@ EOF
|
||||
# Cleanup function
|
||||
# ------------------------------------------------------------------------------
|
||||
function cleanup() {
|
||||
error "Whonix error; umounting $INSTALLDIR to prevent further writes"
|
||||
umount_kill "$INSTALLDIR" || :
|
||||
error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
|
||||
umount_kill "${INSTALLDIR}" || :
|
||||
exit 1
|
||||
}
|
||||
trap cleanup ERR
|
||||
@ -174,15 +127,15 @@ trap cleanup EXIT
|
||||
# ------------------------------------------------------------------------------
|
||||
# Mount devices, etc required for Whonix installation
|
||||
# ------------------------------------------------------------------------------
|
||||
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
info "Installing Whonix system"
|
||||
if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
|
||||
info "Preparing Whonix system"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Initialize Whonix submodules
|
||||
# --------------------------------------------------------------------------
|
||||
pushd "$WHONIX_DIR"
|
||||
pushd "${WHONIX_DIR}"
|
||||
{
|
||||
su $(logname) -c "git submodule update --init --recursive"
|
||||
su $(logname) -c "git submodule update --init --recursive";
|
||||
}
|
||||
popd
|
||||
|
||||
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
}
|
||||
|
||||
# Patch anon-meta-packages to not depend on grub-pc
|
||||
pushd "$WHONIX_DIR"
|
||||
pushd "${WHONIX_DIR}"
|
||||
{
|
||||
search_replace "grub-pc" "" "grml_packages" || :
|
||||
}
|
||||
popd
|
||||
|
||||
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
|
||||
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
|
||||
{
|
||||
search1=" grub-pc,"
|
||||
replace=""
|
||||
search1=" grub-pc,";
|
||||
replace="";
|
||||
|
||||
#checkout_branch qubes
|
||||
search_replace "$search1" "$replace" control && \
|
||||
{
|
||||
cd "$WHONIX_DIR/packages/anon-meta-packages"
|
||||
cd "${WHONIX_DIR}/packages/anon-meta-packages";
|
||||
:
|
||||
#sudo -E -u $(logname) make deb-pkg || :
|
||||
#su $(logname) -c "dpkg-source --commit" || :
|
||||
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
}
|
||||
popd
|
||||
|
||||
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
|
||||
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
|
||||
{
|
||||
search1="update-grub"
|
||||
replace=":"
|
||||
search1="update-grub";
|
||||
replace=":";
|
||||
|
||||
#checkout_branch qubes
|
||||
search_replace "$search1" "$replace" 85_update_grub && \
|
||||
{
|
||||
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub"
|
||||
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
|
||||
sudo -E -u $(logname) make deb-pkg || :
|
||||
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"
|
||||
#git add .
|
||||
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
|
||||
#git add . ;
|
||||
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
|
||||
} || :
|
||||
}
|
||||
popd
|
||||
|
||||
pushd "$WHONIX_DIR/build-steps.d"
|
||||
pushd "${WHONIX_DIR}/build-steps.d"
|
||||
{
|
||||
search1=" check_for_uncommited_changes"
|
||||
replace=" #check_for_uncommited_changes"
|
||||
search1=" check_for_uncommited_changes";
|
||||
replace=" #check_for_uncommited_changes";
|
||||
|
||||
search_replace "$search1" "$replace" 1200_create-debian-packages || :
|
||||
}
|
||||
@ -264,77 +217,126 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
||||
# --------------------------------------------------------------------------
|
||||
# Whonix system config dependancies
|
||||
# --------------------------------------------------------------------------
|
||||
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
|
||||
#cannot stat `/boot/grub/grub.cfg': No such file or directory
|
||||
|
||||
# Qubes needs a user named 'user'
|
||||
debug "Whonix Add user"
|
||||
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \
|
||||
chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
|
||||
{
|
||||
chroot "$INSTALLDIR" groupadd -f user
|
||||
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
||||
chroot "${INSTALLDIR}" groupadd -f user
|
||||
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
||||
}
|
||||
|
||||
# Change hostname to 'host'
|
||||
#debug "Whonix change host"
|
||||
#echo "host" > "$INSTALLDIR/etc/hostname"
|
||||
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
|
||||
# Pin grub packages so they will not install
|
||||
echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
|
||||
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
|
||||
|
||||
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then
|
||||
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes"
|
||||
#fi
|
||||
# Install Whonix fix script
|
||||
echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
|
||||
chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
|
||||
|
||||
# Install Whonix build scripts
|
||||
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
|
||||
chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Copy over any extra files
|
||||
# XXX: Moved to 02_install_groups_packages_installed.sh
|
||||
# ------------------------------------------------------------------------------
|
||||
copyTree "files"
|
||||
|
||||
touch "${INSTALLDIR}/tmp/.whonix_prepared"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Install Whonix
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
|
||||
info "Installing Whonix system"
|
||||
|
||||
# --------------------------------------------------------------------------
|
||||
# Install Whonix system
|
||||
# Install Whonix code base
|
||||
# --------------------------------------------------------------------------
|
||||
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
|
||||
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
|
||||
debug "Installing Whonix build environment..."
|
||||
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
|
||||
chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
|
||||
fi
|
||||
|
||||
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
|
||||
if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
|
||||
debug "Building Whonix..."
|
||||
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
|
||||
|
||||
# XXX: Does this break Whonix build?
|
||||
# Install apt-get preferences
|
||||
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
|
||||
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
|
||||
|
||||
# Pin grub packages so they will not install
|
||||
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
|
||||
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
|
||||
|
||||
# Install Whonix fix script
|
||||
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
|
||||
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
|
||||
|
||||
# Install Whonix build scripts
|
||||
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
|
||||
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
|
||||
|
||||
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
||||
BUILD_TYPE="--torgateway"
|
||||
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
|
||||
BUILD_TYPE="--torworkstation"
|
||||
else
|
||||
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
|
||||
error "You need to set TEMPLATE_FLAVOR environment variable to either"
|
||||
error "whonix-gateway OR whonix-workstation"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; }
|
||||
else
|
||||
error "chroot /home/user/Whonix directory does not exist... exiting!"
|
||||
exit
|
||||
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
|
||||
fi
|
||||
|
||||
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
||||
BUILD_TYPE="--torgateway"
|
||||
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
|
||||
BUILD_TYPE="--torworkstation"
|
||||
else
|
||||
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
|
||||
error "You need to set TEMPLATE_FLAVOR environment variable to either"
|
||||
error "whonix-gateway OR whonix-workstation"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
|
||||
|
||||
touch "${INSTALLDIR}/tmp/.whonix_installed"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Whonix Post Installation Configurations
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
|
||||
info "Post Configuring Whonix System"
|
||||
|
||||
pushd "${INSTALLDIR}/etc/network"
|
||||
{
|
||||
rm -f interfaces;
|
||||
ln -s interfaces.backup interfaces;
|
||||
}
|
||||
popd
|
||||
|
||||
pushd "${INSTALLDIR}/etc"
|
||||
{
|
||||
rm -f resolv.conf;
|
||||
cp -p resolv.conf.backup resolv.conf;
|
||||
}
|
||||
popd
|
||||
|
||||
# Enable Tor
|
||||
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
||||
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
|
||||
fi
|
||||
|
||||
# Fake that whonixsetup was already run
|
||||
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
|
||||
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
|
||||
|
||||
# Fake that initializer was already run
|
||||
mkdir -p "${INSTALLDIR}/root/.whonix"
|
||||
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
|
||||
|
||||
# Prevent whonixcheck error
|
||||
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
|
||||
|
||||
# Disable unwanted applications
|
||||
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
|
||||
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
|
||||
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
|
||||
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
|
||||
|
||||
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
|
||||
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
|
||||
|
||||
# Remove apt-cacher-ng
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
|
||||
|
||||
# Remove original sources.list
|
||||
rm -f "${INSTALLDIR}/etc/apt/sources.list"
|
||||
|
||||
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
||||
chroot ${INSTALLDIR} apt-get.anondist-orig update
|
||||
|
||||
touch "${INSTALLDIR}/tmp/.whonix_post"
|
||||
fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
@ -342,34 +344,25 @@ fi
|
||||
# ------------------------------------------------------------------------------
|
||||
buildStep "99_custom_configuration.sh"
|
||||
|
||||
# XXX: Why do I need to move them out of the way? Lets try keeping them
|
||||
# in place (modify post script too)
|
||||
# ------------------------------------------------------------------------------
|
||||
# Move Whonix sources out of way
|
||||
# ------------------------------------------------------------------------------
|
||||
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
|
||||
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
|
||||
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
|
||||
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
|
||||
#fi
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Bring back original apt-get for installation of Qubues
|
||||
# ------------------------------------------------------------------------------
|
||||
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
|
||||
rm "$INSTALLDIR/usr/bin/apt-get"
|
||||
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get"
|
||||
fi
|
||||
pushd "${INSTALLDIR}/usr/bin"
|
||||
{
|
||||
rm -f apt-get;
|
||||
cp -p apt-get.anondist-orig apt-get;
|
||||
}
|
||||
popd
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Make sure the temporary policy-rc.d to prevent apt from starting services
|
||||
# on package installation is still active; Whonix may have reset it
|
||||
# ------------------------------------------------------------------------------
|
||||
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
|
||||
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
|
||||
#!/bin/sh
|
||||
return 101 # Action forbidden by policy
|
||||
EOF
|
||||
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
|
||||
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
||||
|
||||
# ------------------------------------------------------------------------------
|
||||
# Leave cleanup to calling function
|
||||
|
@ -8,12 +8,12 @@
|
||||