QubesOS
/
qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Code cleanup - whonix* not tested

Browse Source
pull/1/head
Jason Mehring 10 years ago
parent fd7bc22a16
commit c238716d6a
18 changed files with 354 additions and 351 deletions
Show Stats Download Patch File Download Diff File

18
functions.sh
Unescape View File

@ -28,7 +28,7 @@ colors() {
export blink=$( tput blink || tput mb ) # Start blinking
export italic=$( tput sitm || tput ZH ) # Start italic
export eitalic=$( tput ritm || tput ZR ) # End italic
[[ $TERM != *-m ]] && {
[[ ${TERM} != *-m ]] && {
export red=$( tput setaf 1|| tput AF 1 )
export green=$( tput setaf 2|| tput AF 2 )
export yellow=$( tput setaf 3|| tput AF 3 )
@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
colors
fi
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() {
local retval
true ${blue}
@ -73,19 +73,19 @@ fi
# Display messages in color
# ------------------------------------------------------------------------------
info() {
[[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
}
debug() {
[[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
}
warn() {
[[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
}
error() {
[[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
}
# ------------------------------------------------------------------------------
@ -278,7 +278,7 @@ buildStepExec() {
script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
if [ -f "${script}" ]; then
[[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
[[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
# Execute $script
"${script}"
@ -372,7 +372,7 @@ buildStep() {
}
# ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR
# Copy extra file tree to ${INSTALLDIR}
# TODO: Allow copy per step (04_install_qubes.sh-files)
#
# To set file permissions is a PITA since git won't save them and will
@ -385,7 +385,7 @@ buildStep() {
# 5. Manually create facl backup used after copying: getfacl -R . > .facl
# 6. If git complains; reset file ownership back to user. The .facl file stored
# the file permissions and will be used to reset the file permissions after
# they get copied over to $INSTALLDIR
# they get copied over to ${INSTALLDIR}
# NOTE: Don't forget to redo this process if you add -OR- remove files
# ------------------------------------------------------------------------------
copyTree() {

20
scripts_debian/00_prepare.sh
Unescape View File

@ -4,19 +4,19 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
fi
INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
@ -26,17 +26,17 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------
debug "Determine if $IMG should be reused or deleted..."
if [ -f "$IMG" ]; then
debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting $IMG"
rm -f "$IMG"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting ${IMG}"
rm -f "${IMG}"
fi
# Umount image; don't fail if its already umounted
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
fi
# ------------------------------------------------------------------------------

12
scripts_debian/01_install_core.sh
Unescape View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,13 +23,13 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install base debian system
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; }
chroot "$INSTALLDIR" chmod 0666 "/dev/null"
touch "$INSTALLDIR/tmp/.prepared_debootstrap"
"${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
fi
# ------------------------------------------------------------------------------

90
scripts_debian/02_install_groups.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,30 +19,30 @@ fi
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
exit 1
fi
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------
buildStep "$0" "pre"
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || :
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "${INSTALLDIR}" || :
exit 1
}
trap cleanup ERR
@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022)
@ -68,30 +68,30 @@ EOF
# ------------------------------------------------------------------------------
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update
chroot "${INSTALLDIR}" apt-get update
true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF
chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
@ -102,20 +102,20 @@ keyboard-configuration keyboard-configuration/optionscode string
EOF
# ------------------------------------------------------------------------------
# Install extra packages in script_$DEBIANVERSION/packages.list file
# Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
exit 1
fi
for package_list in "${packages_list[@]}"; do
debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list"
xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
done
# ------------------------------------------------------------------------------
@ -132,51 +132,51 @@ EOF
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
debug "Installing systemd for debian ($DEBIANVERSION)"
if [ "$DEBIANVERSION" == "wheezy" ]; then
debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
fi
# Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit
chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed
cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF
cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit
Pin: version *
Pin-Priority: -100
EOF
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit"
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
chroot "$INSTALLDIR" apt-get update
chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv
chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
# ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------
#chroot "$INSTALLDIR" systemctl set-default multi-user.target
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
#chroot "${INSTALLDIR}" systemctl set-default multi-user.target
chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then
if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi
chroot $INSTALLDIR apt-get update
chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers
chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
fi
# ------------------------------------------------------------------------------
@ -184,15 +184,15 @@ EOF
# ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
touch "$INSTALLDIR/tmp/.prepared_groups"
rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "${INSTALLDIR}/tmp/.prepared_groups"
trap - ERR EXIT
trap
# Kill all processes and umount all mounts within $INSTALLDIR,
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being
# Kill all processes and umount all mounts within ${INSTALLDIR},
# but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself)
umount_kill "$INSTALLDIR/" || :
umount_kill "${INSTALLDIR}/" || :
fi
# ------------------------------------------------------------------------------

92
scripts_debian/04_install_qubes.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,7 +19,7 @@ fi
# ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting"
exit 1
fi
@ -27,7 +27,7 @@ fi
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts
@ -37,32 +37,32 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Install Qubes Packages
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then
if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules"
# --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# --------------------------------------------------------------------------
cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d
chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# --------------------------------------------------------------------------
# Generate locales
# --------------------------------------------------------------------------
debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen"
chroot "$INSTALLDIR" locale-gen
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8
echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "${INSTALLDIR}" locale-gen
chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# --------------------------------------------------------------------------
# Update /etc/fstab
# --------------------------------------------------------------------------
debug "Updating template fstab file..."
cat >> "$INSTALLDIR/etc/fstab" <<EOF
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0
@ -82,106 +82,106 @@ EOF
# --------------------------------------------------------------------------
# Link mtab
# --------------------------------------------------------------------------
rm -f "$INSTALLDIR/etc/mtab"
ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab"
rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# --------------------------------------------------------------------------
# Create modules directory
# --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/lib/modules"
mkdir -p "${INSTALLDIR}/lib/modules"
# --------------------------------------------------------------------------
# Start of Qubes package installation
# --------------------------------------------------------------------------
debug "Installing qubes packages"
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST"
export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# --------------------------------------------------------------------------
# Install keyrings
# --------------------------------------------------------------------------
if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then
mkdir -p "$CACHEDIR"
if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF
Key-Type: RSA
Key-Length: 1024
Key-Usage: sign
Name-Real: Qubes builder
Expire-Date: 0
%pubring $CACHEDIR/repo-pubring.gpg
%secring $CACHEDIR/repo-secring.gpg
%pubring ${CACHEDIR}/repo-pubring.gpg
%secring ${CACHEDIR}/repo-secring.gpg
%commit
EOF
fi
gpg -abs --no-default-keyring \
--secret-keyring "$CACHEDIR/repo-secring.gpg" \
--keyring "$CACHEDIR/repo-pubring.gpg" \
-o "$CUSTOMREPO/dists/$DIST/Release.gpg" \
"$CUSTOMREPO/dists/$DIST/Release"
cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
--secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"${CUSTOMREPO}/dists/${DIST}/Release"
cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# --------------------------------------------------------------------------
# Mount local qubes_repo
# --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/tmp/qubes_repo"
mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo"
mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# --------------------------------------------------------------------------
# Include qubes repo for apt
# --------------------------------------------------------------------------
cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo $DEBIANVERSION main
cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo ${DEBIANVERSION} main
EOF
# --------------------------------------------------------------------------
# Update system; exit is not successful
# --------------------------------------------------------------------------
chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; }
chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Install Qubes packages
# --------------------------------------------------------------------------
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \
{ umount_kill "$INSTALLDIR"; exit 1; }
chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
{ umount_kill "${INSTALLDIR}"; exit 1; }
# --------------------------------------------------------------------------
# Remove Quebes repo from sources.list.d
# --------------------------------------------------------------------------
rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list
umount_kill "$INSTALLDIR/tmp/qubes_repo"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
chroot "$INSTALLDIR" apt-get update || exit 1
rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
chroot "${INSTALLDIR}" apt-get update || exit 1
# --------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
# --------------------------------------------------------------------------
rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d"
rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
# --------------------------------------------------------------------------
# Qubes needs a user named 'user'
# --------------------------------------------------------------------------
if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then
if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
:
else
chroot "$INSTALLDIR" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
fi
# --------------------------------------------------------------------------
# Modules setup
# --------------------------------------------------------------------------
echo "xen_netfront" >> "$INSTALLDIR/etc/modules"
echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# --------------------------------------------------------------------------
# Remove `mesg` from root/.profile?
# --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile"
sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# --------------------------------------------------------------------------
# Need a xen log directory or xen scripts will fail
# --------------------------------------------------------------------------
mkdir -p -m 0700 "$INSTALLDIR/var/log/xen"
mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains:
@ -195,6 +195,8 @@ EOF
# --------------------------------------------------------------------------
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
fi
# ------------------------------------------------------------------------------
@ -203,8 +205,8 @@ fi
buildStep "$0" "post"
# ------------------------------------------------------------------------------
# Kill all processes and umount all mounts within $INSTALLDIR, but not
# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself)
# Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
# ------------------------------------------------------------------------------
umount_kill "$INSTALLDIR/" || :
umount_kill "${INSTALLDIR}/" || :

10
scripts_debian/09_cleanup.sh
Unescape View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,9 +23,9 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------
# Cleanup any left over files from installation
# ------------------------------------------------------------------------------
rm -rf "INSTALLDIR/var/cache/apt/archives/*"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# XXX: Whats this for?
rm -rf buildchroot

6
scripts_debian/gnome/04_install_qubes_post.sh
Unescape View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -23,4 +23,4 @@ fi
# Disable gnome network-manager since it will prevent networking
# ------------------------------------------------------------------------------
debug "Disabling gnome network-manager"
chroot "$INSTALLDIR" systemctl disable network-manager
chroot "${INSTALLDIR}" systemctl disable network-manager

4
scripts_debian/vars.sh
Unescape View File

@ -8,7 +8,7 @@
# The codename of the debian version to install.
# jessie = testing, wheezy = stable
DEBIANVERSION=$DIST
DEBIANVERSION=${DIST}
# Location to grab debian packages
#DEBIAN_MIRROR=http://http.debian.net/debian
@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
# XXX: Is this even used?
# make runs the scripts with sudo -E, so HOME is set to /home/user during
# build, which does not exist. We need to write to $HOME/.gnupg so set it
# build, which does not exist. We need to write to ${HOME}/.gnupg so set it
# to something valid.
HOME=/root

10
scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,10 +19,10 @@ fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

17
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips
Unescape View File

@ -24,9 +24,9 @@ FILES=(
# sed search and replace. return 0 if replace happened, otherwise 1
search_replace() {
local search="$1"
local replace="$2"
local file="$3"
local search="${1}"
local replace="${2}"
local file="${3}"
local retval=1
if ! [ -L "${file}" ]; then
@ -36,7 +36,7 @@ search_replace() {
chattr -i "${file}"
fi
fi
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
retval=$?
@ -55,8 +55,8 @@ function replace_ips()
local restart_tor=0
# If IP is 10.152.152.10, network is 10.152.152.0
replace_network="${replace_ip%.*}.0"
search_network="${search_ip%.*}.0"
search_network="${search_ip%[.]*}.0"
replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do
@ -68,7 +68,10 @@ function replace_ips()
if [ "${restart_tor}" == "1" ]; then
echo "${replace_ip}" > /etc/whonix-netvm-gateway
service tor restart
grep "^DisableNetwork 0$" /etc/tor/torrc && {
service tor reload || true;
#sleep 1;
}
fi
fi
}

21
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip
Unescape View File

@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
else
XENSTORE_READ="/usr/bin/xenstore-read"
fi
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
INTERFACE="eth1"
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment
@ -100,3 +100,22 @@ export INT_TIF="vif+"
# Route any traffic FROM netvm TO netvm BACK-TO localhost
# Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
enable() {
servicename=${1}
grep "^DisableNetwork 0$" /etc/tor/torrc && {
# Check to see if the service is already enabled and if not, enable it
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
echo "${1} is currently disabled; enabling it"
systemctl --quiet enable ${servicename}
fi
}
}
#enable tor
#enable whonixcheck
#enable sdwdate

12
scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -19,12 +19,12 @@ fi
# ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# --------------------------------------------------------------------------
# Install Custom Configurations
# --------------------------------------------------------------------------
echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip"
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi

26
scripts_debian/wheezy+whonix/00_prepare_pre.sh
Unescape View File

@ -16,20 +16,20 @@
# Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then
if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
# ------------------------------------------------------------------------------
manage_snapshot() {
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Remove old snapshots if whonix completed
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
warn "Removing stale snapshots"
umount_kill "$INSTALLDIR" || :
umount_kill "${INSTALLDIR}" || :
rm -rf "$debootstrap_snapshot"
rm -rf "$updated_snapshot"
return
fi
warn "Copying $1 to $IMG"
mount -o loop "$1" "$INSTALLDIR" || exit 1
rm -f "$INSTALLDIR/tmp/.prepared_groups"
umount_kill "$INSTALLDIR" || :
cp -f "$1" "$IMG"
warn "Copying $1 to ${IMG}"
mount -o loop "$1" "${INSTALLDIR}" || exit 1
rm -f "${INSTALLDIR}/tmp/.prepared_groups"
umount_kill "${INSTALLDIR}" || :
cp -f "$1" "${IMG}"
}
splitPath "$IMG" path_parts
splitPath "${IMG}" path_parts
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"

18
scripts_debian/wheezy+whonix/01_install_core_post.sh
Unescape View File

@ -5,20 +5,20 @@
# Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then
if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0
fi
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -27,12 +27,12 @@ fi
# ------------------------------------------------------------------------------
# Create a snapshot of the already debootstraped image
# ------------------------------------------------------------------------------
splitPath "$IMG" path_parts
splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
umount_kill "$INSTALLDIR" || :
warn "Copying $IMG to $PREPARED_IMG"
cp -f "$IMG" "$PREPARED_IMG"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
umount_kill "${INSTALLDIR}" || :
warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
fi

277
scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -20,16 +20,16 @@ fi
# XXX: Create a snapshot - Only for DEBUGGING!
# ------------------------------------------------------------------------------
# Only execute if SNAPSHOT is set
if [ "$SNAPSHOT" == "1" ]; then
splitPath "$IMG" path_parts
if [ "${SNAPSHOT}" == "1" ]; then
splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
umount_kill "$INSTALLDIR" || :
warn "Copying $IMG to $PREPARED_IMG"
cp -f "$IMG" "$PREPARED_IMG"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
umount_kill "${INSTALLDIR}" || :
warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
fi
fi
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd
################################################################################
# Post Fixups
set -e
pushd /etc/network
sudo rm -f interfaces
sudo ln -s interfaces.backup interfaces
popd
pushd /etc
sudo rm -f resolv.conf
sudo cp -p resolv.conf.backup resolv.conf
popd
# Enable Tor
if [ "${1}" == "--torgateway" ]; then
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
fi
# Fake that whonixsetup was already run
sudo mkdir -p /var/lib/whonix/do_once
sudo touch /var/lib/whonix/do_once/whonixsetup.done
# Fake that initializer was already run
sudo mkdir -p /root/.whonix
sudo touch /root/.whonix/first_run_initializer.done
# Prevent whonixcheck error
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
sudo update-rc.d network-manager disable
sudo update-rc.d spice-vdagent disable
sudo update-rc.d swap-file-creator disable
sudo update-rc.d whonix-initializer disable
# Remove original sources.list
sudo rm -f /etc/apt/sources.list
sudo apt-get.anondist-orig update
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
sudo touch "/tmp/.prepared_whonix"
EOF
# ------------------------------------------------------------------------------
@ -164,8 +117,8 @@ EOF
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Whonix error; umounting $INSTALLDIR to prevent further writes"
umount_kill "$INSTALLDIR" || :
error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
umount_kill "${INSTALLDIR}" || :
exit 1
}
trap cleanup ERR
@ -174,15 +127,15 @@ trap cleanup EXIT
# ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
info "Installing Whonix system"
if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
info "Preparing Whonix system"
# --------------------------------------------------------------------------
# Initialize Whonix submodules
# --------------------------------------------------------------------------
pushd "$WHONIX_DIR"
pushd "${WHONIX_DIR}"
{
su $(logname) -c "git submodule update --init --recursive"
su $(logname) -c "git submodule update --init --recursive";
}
popd
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
}
# Patch anon-meta-packages to not depend on grub-pc
pushd "$WHONIX_DIR"
pushd "${WHONIX_DIR}"
{
search_replace "grub-pc" "" "grml_packages" || :
}
popd
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{
search1=" grub-pc,"
replace=""
search1=" grub-pc,";
replace="";
#checkout_branch qubes
search_replace "$search1" "$replace" control && \
{
cd "$WHONIX_DIR/packages/anon-meta-packages"
cd "${WHONIX_DIR}/packages/anon-meta-packages";
:
#sudo -E -u $(logname) make deb-pkg || :
#su $(logname) -c "dpkg-source --commit" || :
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
}
popd
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{
search1="update-grub"
replace=":"
search1="update-grub";
replace=":";
#checkout_branch qubes
search_replace "$search1" "$replace" 85_update_grub && \
{
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub"
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u $(logname) make deb-pkg || :
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"
#git add .
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . ;
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || :
}
popd
pushd "$WHONIX_DIR/build-steps.d"
pushd "${WHONIX_DIR}/build-steps.d"
{
search1=" check_for_uncommited_changes"
replace=" #check_for_uncommited_changes"
search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes";
search_replace "$search1" "$replace" 1200_create-debian-packages || :
}
@ -264,112 +217,152 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# --------------------------------------------------------------------------
# Whonix system config dependancies
# --------------------------------------------------------------------------
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
#cannot stat `/boot/grub/grub.cfg': No such file or directory
# Qubes needs a user named 'user'
debug "Whonix Add user"
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \
chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
{
chroot "$INSTALLDIR" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
chroot "${INSTALLDIR}" groupadd -f user
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
}
# Change hostname to 'host'
#debug "Whonix change host"
#echo "host" > "$INSTALLDIR/etc/hostname"
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
# Pin grub packages so they will not install
echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes"
#fi
# Install Whonix build scripts
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
# ------------------------------------------------------------------------------
# Copy over any extra files
# XXX: Moved to 02_install_groups_packages_installed.sh
# ------------------------------------------------------------------------------
copyTree "files"
touch "${INSTALLDIR}/tmp/.whonix_prepared"
fi
# ------------------------------------------------------------------------------
# Install Whonix
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
info "Installing Whonix system"
# --------------------------------------------------------------------------
# Install Whonix system
# Install Whonix code base
# --------------------------------------------------------------------------
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Installing Whonix build environment..."
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
fi
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Building Whonix..."
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
# XXX: Does this break Whonix build?
# Install apt-get preferences
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
# Pin grub packages so they will not install
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
# Install Whonix build scripts
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
fi
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; }
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "chroot /home/user/Whonix directory does not exist... exiting!"
exit
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/tmp/.whonix_installed"
fi
# ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts
# Whonix Post Installation Configurations
# ------------------------------------------------------------------------------
buildStep "99_custom_configuration.sh"
if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
info "Post Configuring Whonix System"
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
# Enable Tor
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
fi
# Fake that whonixsetup was already run
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix"
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
# Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
# Disable unwanted applications
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
# Remove original sources.list
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig update
touch "${INSTALLDIR}/tmp/.whonix_post"
fi
# XXX: Why do I need to move them out of the way? Lets try keeping them
# in place (modify post script too)
# ------------------------------------------------------------------------------
# Move Whonix sources out of way
# Execute any template flavor or sub flavor scripts
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
buildStep "99_custom_configuration.sh"
# ------------------------------------------------------------------------------
# Bring back original apt-get for installation of Qubues
# ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
rm "$INSTALLDIR/usr/bin/apt-get"
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get"
fi
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist-orig apt-get;
}
popd
# ------------------------------------------------------------------------------
# Make sure the temporary policy-rc.d to prevent apt from starting services
# on package installation is still active; Whonix may have reset it
# ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Leave cleanup to calling function

44
scripts_debian/wheezy+whonix/04_install_qubes_post.sh
Unescape View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x
else
set -e
@ -22,41 +22,27 @@ fi
# ------------------------------------------------------------------------------
# Restore Whonix apt-get
# ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
rm "$INSTALLDIR/usr/bin/apt-get"
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist apt-get"
fi
# ------------------------------------------------------------------------------
# Restore Whonix sources
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# rm -rf "$INSTALLDIR/etc/apt/sources.list.d"
# mv "$INSTALLDIR/etc/apt/sources.list.d.qubes" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist apt-get;
}
popd
# ------------------------------------------------------------------------------
# Restore whonix resolv.conf
# ------------------------------------------------------------------------------
pushd "$INSTALLDIR/etc"
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf
cp -p resolv.conf.anondist resolv.conf
rm -f resolv.conf;
cp -p resolv.conf.anondist resolv.conf;
}
popd
# --------------------------------------------------------------------------
# Copy over any extra files that may be needed that are located in
# --------------------------------------------------------------------------
debug "Copy extra Qubes related files..."
copyTree "extra-qubes-files"
touch "$INSTALLDIR/tmp/.prepared_qubes"
# ------------------------------------------------------------------------------
# Cleanup Whonix Installation
# ------------------------------------------------------------------------------
rm -rf "$INSTALLDIR"/home/user/Whonix
rm -rf "$INSTALLDIR"/home/user/whonix_binary
rm -f "$INSTALLDIR"/home/user/whonix_fix
rm -f "$INSTALLDIR"/home/user/whonix_build
rm -rf "${INSTALLDIR}"/home/user/Whonix
rm -rf "${INSTALLDIR}"/home/user/whonix_binary
rm -f "${INSTALLDIR}"/home/user/whonix_fix
rm -f "${INSTALLDIR}"/home/user/whonix_build

20
tests/template-flavors/test.sh
Unescape View File

@ -45,7 +45,7 @@ declare -A VALUES=(
)
values() {
[[ -z $TEST ]] && {
[[ -z ${TEST} ]] && {
label=${1}
value="${1}[@]"
value="${!value}"
@ -61,11 +61,11 @@ values() {
}
info() {
[[ -z $TEST ]] && echo "${bold}${blue}${1}${reset}" || :
[[ -z ${TEST} ]] && echo "${bold}${blue}${1}${reset}" || :
}
debug() {
[[ -z $TEST ]] && echo -e "${magenta}${1}${reset}" || :
[[ -z ${TEST} ]] && echo -e "${magenta}${1}${reset}" || :
}
assertTest(){
@ -264,7 +264,7 @@ assertEnd
# ------------------------------------------------------------------------------
# 10. Template directory for options within $SCRIPTSDIR using short name filter
# 10. Template directory for options within ${SCRIPTSDIR} using short name filter
# ------------------------------------------------------------------------------
SCRIPTSDIR="tests/template-flavors"
DIST="wheezy"
@ -275,7 +275,7 @@ TEMPLATE_FLAVOR_DIR="wheezy+proxy:${SCRIPTSDIR}/proxy"
TEMPLATE_OPTIONS=('proxy')
header <<EOF
10. Template directory for options within $SCRIPTSDIR using short name filter
10. Template directory for options within ${SCRIPTSDIR} using short name filter
EOF
buildStep "$0" "pre"
assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh"
@ -455,12 +455,12 @@ header <<EOF
Just test copying from here to ${INSTALLDIR}
INSTALLDIR="${SCRIPTSDIR}/test_copy_location"
EOF
rm -f "$INSTALLDIR"/test1
rm -f "$INSTALLDIR"/test2
rm -f "$INSTALLDIR"/test3
rm -f "${INSTALLDIR}"/test1
rm -f "${INSTALLDIR}"/test2
rm -f "${INSTALLDIR}"/test3
copyTree "files"
ls -l "$INSTALLDIR"
assertTest "ls $INSTALLDIR" "test1\ntest2\ntest3"
ls -l "${INSTALLDIR}"
assertTest "ls ${INSTALLDIR}" "test1\ntest2\ntest3"
assertEnd

8
umount_kill.sh
Unescape View File

@ -31,16 +31,16 @@ umount_kill() {
MOUNTDIR="$1"
# We need absolute paths here so we don't kill everything
if ! [[ "$MOUNTDIR" = /* ]]; then
if ! [[ "${MOUNTDIR}" = /* ]]; then
MOUNTDIR="${PWD}/${MOUNTDIR}"
fi
# Strip any extra trailing slashes ('/') from path if they exist
# since we are doing an exact string match on the path
MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g)
MOUNTDIR=$(echo "${MOUNTDIR}" | sed s#//*#/#g)
warn "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting"
for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR")
warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting"
for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}")
do
sudo lsof "$dir" 2> /dev/null | \
grep "$dir" | \

Write Preview
Loading…
Cancel
Save