From c238716d6ad67a2e26623658903623b17c4ffb32 Mon Sep 17 00:00:00 2001 From: Jason Mehring Date: Tue, 28 Oct 2014 04:09:55 -0400 Subject: [PATCH] Code cleanup - whonix* not tested --- functions.sh | 18 +- scripts_debian/00_prepare.sh | 20 +- scripts_debian/01_install_core.sh | 12 +- scripts_debian/02_install_groups.sh | 90 +++--- scripts_debian/04_install_qubes.sh | 92 +++--- scripts_debian/09_cleanup.sh | 10 +- scripts_debian/gnome/04_install_qubes_post.sh | 6 +- scripts_debian/vars.sh | 4 +- .../99_custom_configuration.sh | 10 +- .../files/usr/lib/whonix/replace-ips | 17 +- .../files/usr/lib/whonix/setup-ip | 21 +- .../99_custom_configuration.sh | 12 +- .../wheezy+whonix/00_prepare_pre.sh | 26 +- .../wheezy+whonix/01_install_core_post.sh | 18 +- .../02_install_groups_packages_installed.sh | 277 +++++++++--------- .../wheezy+whonix/04_install_qubes_post.sh | 44 +-- tests/template-flavors/test.sh | 20 +- umount_kill.sh | 8 +- 18 files changed, 354 insertions(+), 351 deletions(-) diff --git a/functions.sh b/functions.sh index cf02873..913198c 100755 --- a/functions.sh +++ b/functions.sh @@ -28,7 +28,7 @@ colors() { export blink=$( tput blink || tput mb ) # Start blinking export italic=$( tput sitm || tput ZH ) # Start italic export eitalic=$( tput ritm || tput ZR ) # End italic - [[ $TERM != *-m ]] && { + [[ ${TERM} != *-m ]] && { export red=$( tput setaf 1|| tput AF 1 ) export green=$( tput setaf 2|| tput AF 2 ) export yellow=$( tput setaf 3|| tput AF 3 ) @@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then colors fi -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then chroot() { local retval true ${blue} @@ -73,19 +73,19 @@ fi # Display messages in color # ------------------------------------------------------------------------------ info() { - [[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || : + [[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || : } debug() { - [[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || : + [[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || : } warn() { - [[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || : + [[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || : } error() { - [[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || : + [[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || : } # ------------------------------------------------------------------------------ @@ -278,7 +278,7 @@ buildStepExec() { script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")" if [ -f "${script}" ]; then - [[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}" + [[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}" # Execute $script "${script}" @@ -372,7 +372,7 @@ buildStep() { } # ------------------------------------------------------------------------------ -# Copy extra file tree to $INSTALLDIR +# Copy extra file tree to ${INSTALLDIR} # TODO: Allow copy per step (04_install_qubes.sh-files) # # To set file permissions is a PITA since git won't save them and will @@ -385,7 +385,7 @@ buildStep() { # 5. Manually create facl backup used after copying: getfacl -R . > .facl # 6. If git complains; reset file ownership back to user. The .facl file stored # the file permissions and will be used to reset the file permissions after -# they get copied over to $INSTALLDIR +# they get copied over to ${INSTALLDIR} # NOTE: Don't forget to redo this process if you add -OR- remove files # ------------------------------------------------------------------------------ copyTree() { diff --git a/scripts_debian/00_prepare.sh b/scripts_debian/00_prepare.sh index 1dcc836..5b7be6f 100755 --- a/scripts_debian/00_prepare.sh +++ b/scripts_debian/00_prepare.sh @@ -4,19 +4,19 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e fi INSTALLDIR="$(readlink -m mnt)" -umount_kill "$INSTALLDIR" || : +umount_kill "${INSTALLDIR}" || : # ------------------------------------------------------------------------------ # Execute any template flavor or sub flavor 'pre' scripts @@ -26,17 +26,17 @@ buildStep "$0" "pre" # ------------------------------------------------------------------------------ # Force overwrite of an existing image for now if debootstrap did not seem to complete... # ------------------------------------------------------------------------------ -debug "Determine if $IMG should be reused or deleted..." -if [ -f "$IMG" ]; then +debug "Determine if ${IMG} should be reused or deleted..." +if [ -f "${IMG}" ]; then # Assume a failed debootstrap installation if .prepare_debootstrap does not exist - mount -o loop "$IMG" "$INSTALLDIR" || exit 1 - if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then - warn "Last build failed. Deleting $IMG" - rm -f "$IMG" + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 + if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then + warn "Last build failed. Deleting ${IMG}" + rm -f "${IMG}" fi # Umount image; don't fail if its already umounted - umount_kill "$INSTALLDIR" || : + umount_kill "${INSTALLDIR}" || : fi # ------------------------------------------------------------------------------ diff --git a/scripts_debian/01_install_core.sh b/scripts_debian/01_install_core.sh index cd742f5..6ff9357 100755 --- a/scripts_debian/01_install_core.sh +++ b/scripts_debian/01_install_core.sh @@ -4,12 +4,12 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -23,13 +23,13 @@ buildStep "$0" "pre" # ------------------------------------------------------------------------------ # Install base debian system # ------------------------------------------------------------------------------ -if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then +if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then debug "Installing base ${DEBIANVERSION} system" COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ --components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \ - "$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; } - chroot "$INSTALLDIR" chmod 0666 "/dev/null" - touch "$INSTALLDIR/tmp/.prepared_debootstrap" + "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; } + chroot "${INSTALLDIR}" chmod 0666 "/dev/null" + touch "${INSTALLDIR}/tmp/.prepared_debootstrap" fi # ------------------------------------------------------------------------------ diff --git a/scripts_debian/02_install_groups.sh b/scripts_debian/02_install_groups.sh index bfd3772..0754348 100755 --- a/scripts_debian/02_install_groups.sh +++ b/scripts_debian/02_install_groups.sh @@ -4,13 +4,13 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -19,30 +19,30 @@ fi # ------------------------------------------------------------------------------ # If .prepared_debootstrap has not been completed, don't continue # ------------------------------------------------------------------------------ -if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then +if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then error "prepared_debootstrap installataion has not completed!... Exiting" - umount_kill "$INSTALLDIR" || : + umount_kill "${INSTALLDIR}" || : exit 1 fi # ------------------------------------------------------------------------------ # Mount system mount points # ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done +for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done # ------------------------------------------------------------------------------ # Execute any template flavor or sub flavor 'pre' scripts # ------------------------------------------------------------------------------ buildStep "$0" "pre" -if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then +if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then # ------------------------------------------------------------------------------ # Cleanup function # ------------------------------------------------------------------------------ function cleanup() { error "Install groups error and umount" - rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" - umount_kill "$INSTALLDIR" || : + rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" + umount_kill "${INSTALLDIR}" || : exit 1 } trap cleanup ERR @@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then # Set up a temporary policy-rc.d to prevent apt from starting services # on package installation # ------------------------------------------------------------------------------ - cat > "$INSTALLDIR/usr/sbin/policy-rc.d" < "${INSTALLDIR}/usr/sbin/policy-rc.d" <> "$INSTALLDIR/etc/apt/sources.list" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" fi source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" - if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then - touch "$INSTALLDIR/etc/apt/sources.list" - echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" fi # ------------------------------------------------------------------------------ # Upgrade system # ------------------------------------------------------------------------------ debug "Upgrading system" - chroot "$INSTALLDIR" apt-get update + chroot "${INSTALLDIR}" apt-get update true "${stout}" DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade + chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade # ------------------------------------------------------------------------------ # Configure keyboard # ------------------------------------------------------------------------------ debug "Setting keyboard layout" - chroot "$INSTALLDIR" debconf-set-selections < "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" < "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <> "$INSTALLDIR/etc/apt/sources.list" + if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then + touch "${INSTALLDIR}/etc/apt/sources.list" + echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list" fi - chroot $INSTALLDIR apt-get update + chroot ${INSTALLDIR} apt-get update DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers + chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers fi # ------------------------------------------------------------------------------ @@ -184,15 +184,15 @@ EOF # ------------------------------------------------------------------------------ # Remove temporary policy layer so services can start normally in the # deployed template. - rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" - touch "$INSTALLDIR/tmp/.prepared_groups" + rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d" + touch "${INSTALLDIR}/tmp/.prepared_groups" trap - ERR EXIT trap - # Kill all processes and umount all mounts within $INSTALLDIR, - # but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being + # Kill all processes and umount all mounts within ${INSTALLDIR}, + # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being # umounted itself) - umount_kill "$INSTALLDIR/" || : + umount_kill "${INSTALLDIR}/" || : fi # ------------------------------------------------------------------------------ diff --git a/scripts_debian/04_install_qubes.sh b/scripts_debian/04_install_qubes.sh index 85ed9eb..2afd7e0 100755 --- a/scripts_debian/04_install_qubes.sh +++ b/scripts_debian/04_install_qubes.sh @@ -4,13 +4,13 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -19,7 +19,7 @@ fi # ------------------------------------------------------------------------------ # If .prepared_groups has not been completed, don't continue # ------------------------------------------------------------------------------ -if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then +if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then error "prepared_groups installataion has not completed!... Exiting" exit 1 fi @@ -27,7 +27,7 @@ fi # ------------------------------------------------------------------------------ # Mount system mount points # ------------------------------------------------------------------------------ -for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done +for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done # ------------------------------------------------------------------------------ # Execute any template flavor or sub flavor 'pre' scripts @@ -37,32 +37,32 @@ buildStep "$0" "pre" # ------------------------------------------------------------------------------ # Install Qubes Packages # ------------------------------------------------------------------------------ -if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then +if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then debug "Installing qbues modules" # -------------------------------------------------------------------------- # Set up a temporary policy-rc.d to prevent apt from starting services # on package installation # -------------------------------------------------------------------------- - cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" < "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <> "$INSTALLDIR/etc/locale.gen" - chroot "$INSTALLDIR" locale-gen - chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8 + echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen" + chroot "${INSTALLDIR}" locale-gen + chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8 # -------------------------------------------------------------------------- # Update /etc/fstab # -------------------------------------------------------------------------- debug "Updating template fstab file..." - cat >> "$INSTALLDIR/etc/fstab" <> "${INSTALLDIR}/etc/fstab" < "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" < "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" </dev/null 2>&1; then + if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then : else - chroot "$INSTALLDIR" groupadd -f user - chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user + chroot "${INSTALLDIR}" groupadd -f user + chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user fi # -------------------------------------------------------------------------- # Modules setup # -------------------------------------------------------------------------- - echo "xen_netfront" >> "$INSTALLDIR/etc/modules" + echo "xen_netfront" >> "${INSTALLDIR}/etc/modules" # -------------------------------------------------------------------------- # Remove `mesg` from root/.profile? # -------------------------------------------------------------------------- - sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile" + sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile" # -------------------------------------------------------------------------- # Need a xen log directory or xen scripts will fail # -------------------------------------------------------------------------- - mkdir -p -m 0700 "$INSTALLDIR/var/log/xen" + mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen" # -------------------------------------------------------------------------- # Copy extra files to installation directory. Contains: @@ -195,6 +195,8 @@ EOF # -------------------------------------------------------------------------- expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist" mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts" + + touch "${INSTALLDIR}/tmp/.prepared_qubes" fi # ------------------------------------------------------------------------------ @@ -203,8 +205,8 @@ fi buildStep "$0" "post" # ------------------------------------------------------------------------------ -# Kill all processes and umount all mounts within $INSTALLDIR, but not -# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself) +# Kill all processes and umount all mounts within ${INSTALLDIR}, but not +# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself) # ------------------------------------------------------------------------------ -umount_kill "$INSTALLDIR/" || : +umount_kill "${INSTALLDIR}/" || : diff --git a/scripts_debian/09_cleanup.sh b/scripts_debian/09_cleanup.sh index dce636e..215024d 100755 --- a/scripts_debian/09_cleanup.sh +++ b/scripts_debian/09_cleanup.sh @@ -4,12 +4,12 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -23,9 +23,9 @@ buildStep "$0" "pre" # ------------------------------------------------------------------------------ # Cleanup any left over files from installation # ------------------------------------------------------------------------------ -rm -rf "INSTALLDIR/var/cache/apt/archives/*" -rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" -rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg" +rm -rf "${INSTALLDIR}/var/cache/apt/archives/*" +rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" +rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg" # XXX: Whats this for? rm -rf buildchroot diff --git a/scripts_debian/gnome/04_install_qubes_post.sh b/scripts_debian/gnome/04_install_qubes_post.sh index 269b8b2..fcb309e 100755 --- a/scripts_debian/gnome/04_install_qubes_post.sh +++ b/scripts_debian/gnome/04_install_qubes_post.sh @@ -8,12 +8,12 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -23,4 +23,4 @@ fi # Disable gnome network-manager since it will prevent networking # ------------------------------------------------------------------------------ debug "Disabling gnome network-manager" -chroot "$INSTALLDIR" systemctl disable network-manager +chroot "${INSTALLDIR}" systemctl disable network-manager diff --git a/scripts_debian/vars.sh b/scripts_debian/vars.sh index 5f191ee..bcceee8 100755 --- a/scripts_debian/vars.sh +++ b/scripts_debian/vars.sh @@ -8,7 +8,7 @@ # The codename of the debian version to install. # jessie = testing, wheezy = stable -DEBIANVERSION=$DIST +DEBIANVERSION=${DIST} # Location to grab debian packages #DEBIAN_MIRROR=http://http.debian.net/debian @@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/" # XXX: Is this even used? # make runs the scripts with sudo -E, so HOME is set to /home/user during -# build, which does not exist. We need to write to $HOME/.gnupg so set it +# build, which does not exist. We need to write to ${HOME}/.gnupg so set it # to something valid. HOME=/root diff --git a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh index 9e0a543..4531e88 100755 --- a/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh +++ b/scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh @@ -4,13 +4,13 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -19,10 +19,10 @@ fi # ------------------------------------------------------------------------------ # whonix-netvm-gateway contains last known IP used to search and replace # ------------------------------------------------------------------------------ -if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then +if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then # -------------------------------------------------------------------------- # Install Custom Configurations # -------------------------------------------------------------------------- - echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" - touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" + echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" + touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" fi diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips index 7f818b8..d41f88a 100755 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips +++ b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips @@ -24,9 +24,9 @@ FILES=( # sed search and replace. return 0 if replace happened, otherwise 1 search_replace() { - local search="$1" - local replace="$2" - local file="$3" + local search="${1}" + local replace="${2}" + local file="${3}" local retval=1 if ! [ -L "${file}" ]; then @@ -36,7 +36,7 @@ search_replace() { chattr -i "${file}" fi fi - + sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" retval=$? @@ -55,8 +55,8 @@ function replace_ips() local restart_tor=0 # If IP is 10.152.152.10, network is 10.152.152.0 - replace_network="${replace_ip%.*}.0" - search_network="${search_ip%.*}.0" + search_network="${search_ip%[.]*}.0" + replace_network="${replace_ip%[.]*}.0" if ! [ "${search_ip}" == "${replace_ip}" ]; then for file in "${files[@]}"; do @@ -68,7 +68,10 @@ function replace_ips() if [ "${restart_tor}" == "1" ]; then echo "${replace_ip}" > /etc/whonix-netvm-gateway - service tor restart + grep "^DisableNetwork 0$" /etc/tor/torrc && { + service tor reload || true; + #sleep 1; + } fi fi } diff --git a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip index 2044731..0aadc68 100755 --- a/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip +++ b/scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip @@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then else XENSTORE_READ="/usr/bin/xenstore-read" fi -ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) INTERFACE="eth1" +ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null) # Create a dummy eth1 interface so tor can bind to it if there # are no DOMU virtual machines connected at the moment @@ -100,3 +100,22 @@ export INT_TIF="vif+" # Route any traffic FROM netvm TO netvm BACK-TO localhost # Allows localhost access to tor network iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 + +enable() { + servicename=${1} + + grep "^DisableNetwork 0$" /etc/tor/torrc && { + # Check to see if the service is already enabled and if not, enable it + string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}" + + if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then + echo "${1} is currently disabled; enabling it" + systemctl --quiet enable ${servicename} + fi + } +} + +#enable tor +#enable whonixcheck +#enable sdwdate + diff --git a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh b/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh index e19d7d9..e36dc97 100755 --- a/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh +++ b/scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh @@ -4,13 +4,13 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -19,12 +19,12 @@ fi # ------------------------------------------------------------------------------ # whonix-netvm-gateway contains last known IP used to search and replace # ------------------------------------------------------------------------------ -if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then +if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then # -------------------------------------------------------------------------- # Install Custom Configurations # -------------------------------------------------------------------------- - echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip" - echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" + echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip" + echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway" - touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" + touch "${INSTALLDIR}/tmp/.whonix_custom_configurations" fi diff --git a/scripts_debian/wheezy+whonix/00_prepare_pre.sh b/scripts_debian/wheezy+whonix/00_prepare_pre.sh index 32bd835..9b21b60 100755 --- a/scripts_debian/wheezy+whonix/00_prepare_pre.sh +++ b/scripts_debian/wheezy+whonix/00_prepare_pre.sh @@ -16,20 +16,20 @@ # Return if SNAPSHOT is not "1" # ------------------------------------------------------------------------------ # This script is only used if SNAPSHOT is set -if [ ! "$SNAPSHOT" == "1" ]; then +if [ ! "${SNAPSHOT}" == "1" ]; then exit 0 fi # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)" # ------------------------------------------------------------------------------ manage_snapshot() { - umount_kill "$INSTALLDIR" || : + umount_kill "${INSTALLDIR}" || : - mount -o loop "$IMG" "$INSTALLDIR" || exit 1 + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 # Remove old snapshots if whonix completed - if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then + if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then warn "Removing stale snapshots" - umount_kill "$INSTALLDIR" || : + umount_kill "${INSTALLDIR}" || : rm -rf "$debootstrap_snapshot" rm -rf "$updated_snapshot" return fi - warn "Copying $1 to $IMG" - mount -o loop "$1" "$INSTALLDIR" || exit 1 - rm -f "$INSTALLDIR/tmp/.prepared_groups" - umount_kill "$INSTALLDIR" || : - cp -f "$1" "$IMG" + warn "Copying $1 to ${IMG}" + mount -o loop "$1" "${INSTALLDIR}" || exit 1 + rm -f "${INSTALLDIR}/tmp/.prepared_groups" + umount_kill "${INSTALLDIR}" || : + cp -f "$1" "${IMG}" } -splitPath "$IMG" path_parts +splitPath "${IMG}" path_parts debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" diff --git a/scripts_debian/wheezy+whonix/01_install_core_post.sh b/scripts_debian/wheezy+whonix/01_install_core_post.sh index 2c53338..9534618 100755 --- a/scripts_debian/wheezy+whonix/01_install_core_post.sh +++ b/scripts_debian/wheezy+whonix/01_install_core_post.sh @@ -5,20 +5,20 @@ # Return if SNAPSHOT is not "1" # ------------------------------------------------------------------------------ # This script is only used if SNAPSHOT is set -if [ ! "$SNAPSHOT" == "1" ]; then +if [ ! "${SNAPSHOT}" == "1" ]; then exit 0 fi # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -27,12 +27,12 @@ fi # ------------------------------------------------------------------------------ # Create a snapshot of the already debootstraped image # ------------------------------------------------------------------------------ -splitPath "$IMG" path_parts +splitPath "${IMG}" path_parts PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" -if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then - umount_kill "$INSTALLDIR" || : - warn "Copying $IMG to $PREPARED_IMG" - cp -f "$IMG" "$PREPARED_IMG" - mount -o loop "$IMG" "$INSTALLDIR" || exit 1 +if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then + umount_kill "${INSTALLDIR}" || : + warn "Copying ${IMG} to ${PREPARED_IMG}" + cp -f "${IMG}" "${PREPARED_IMG}" + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 fi diff --git a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh b/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh index f1b0ce9..e25ced8 100755 --- a/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh +++ b/scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh @@ -4,13 +4,13 @@ # ------------------------------------------------------------------------------ # Source external scripts # ------------------------------------------------------------------------------ -. $SCRIPTSDIR/vars.sh +. ${SCRIPTSDIR}/vars.sh . ./umount_kill.sh >/dev/null # ------------------------------------------------------------------------------ # Configurations # ------------------------------------------------------------------------------ -if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then +if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then set -x else set -e @@ -20,16 +20,16 @@ fi # XXX: Create a snapshot - Only for DEBUGGING! # ------------------------------------------------------------------------------ # Only execute if SNAPSHOT is set -if [ "$SNAPSHOT" == "1" ]; then - splitPath "$IMG" path_parts +if [ "${SNAPSHOT}" == "1" ]; then + splitPath "${IMG}" path_parts PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" - if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then - umount_kill "$INSTALLDIR" || : - warn "Copying $IMG to $PREPARED_IMG" - cp -f "$IMG" "$PREPARED_IMG" - mount -o loop "$IMG" "$INSTALLDIR" || exit 1 - for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done + if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then + umount_kill "${INSTALLDIR}" || : + warn "Copying ${IMG} to ${PREPARED_IMG}" + cp -f "${IMG}" "${PREPARED_IMG}" + mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1 + for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done fi fi @@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \ --minimal-report \ --skip-sanity-tests || { exit 1; } popd - -################################################################################ -# Post Fixups - -set -e - -pushd /etc/network -sudo rm -f interfaces -sudo ln -s interfaces.backup interfaces -popd - -pushd /etc -sudo rm -f resolv.conf -sudo cp -p resolv.conf.backup resolv.conf -popd - -# Enable Tor -if [ "${1}" == "--torgateway" ]; then - sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc -fi - -# Fake that whonixsetup was already run -sudo mkdir -p /var/lib/whonix/do_once -sudo touch /var/lib/whonix/do_once/whonixsetup.done - -# Fake that initializer was already run -sudo mkdir -p /root/.whonix -sudo touch /root/.whonix/first_run_initializer.done - -# Prevent whonixcheck error -sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default' - -sudo update-rc.d network-manager disable -sudo update-rc.d spice-vdagent disable -sudo update-rc.d swap-file-creator disable -sudo update-rc.d whonix-initializer disable - -# Remove original sources.list -sudo rm -f /etc/apt/sources.list -sudo apt-get.anondist-orig update - -# Remove apt-cacher-ng -DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ - sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng - -sudo touch "/tmp/.prepared_whonix" - EOF # ------------------------------------------------------------------------------ @@ -164,8 +117,8 @@ EOF # Cleanup function # ------------------------------------------------------------------------------ function cleanup() { - error "Whonix error; umounting $INSTALLDIR to prevent further writes" - umount_kill "$INSTALLDIR" || : + error "Whonix error; umounting ${INSTALLDIR} to prevent further writes" + umount_kill "${INSTALLDIR}" || : exit 1 } trap cleanup ERR @@ -174,15 +127,15 @@ trap cleanup EXIT # ------------------------------------------------------------------------------ # Mount devices, etc required for Whonix installation # ------------------------------------------------------------------------------ -if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then - info "Installing Whonix system" +if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then + info "Preparing Whonix system" # -------------------------------------------------------------------------- # Initialize Whonix submodules # -------------------------------------------------------------------------- - pushd "$WHONIX_DIR" + pushd "${WHONIX_DIR}" { - su $(logname) -c "git submodule update --init --recursive" + su $(logname) -c "git submodule update --init --recursive"; } popd @@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then } # Patch anon-meta-packages to not depend on grub-pc - pushd "$WHONIX_DIR" + pushd "${WHONIX_DIR}" { search_replace "grub-pc" "" "grml_packages" || : } popd - pushd "$WHONIX_DIR/packages/anon-meta-packages/debian" + pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian" { - search1=" grub-pc," - replace="" + search1=" grub-pc,"; + replace=""; #checkout_branch qubes search_replace "$search1" "$replace" control && \ { - cd "$WHONIX_DIR/packages/anon-meta-packages" + cd "${WHONIX_DIR}/packages/anon-meta-packages"; : #sudo -E -u $(logname) make deb-pkg || : #su $(logname) -c "dpkg-source --commit" || : @@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then } popd - pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d" + pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d" { - search1="update-grub" - replace=":" + search1="update-grub"; + replace=":"; #checkout_branch qubes search_replace "$search1" "$replace" 85_update_grub && \ { - cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub" + cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub"; sudo -E -u $(logname) make deb-pkg || : - su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub" - #git add . + su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"; + #git add . ; #su $(logname) -c "git commit -am 'removed grub-pc depend'" } || : } popd - pushd "$WHONIX_DIR/build-steps.d" + pushd "${WHONIX_DIR}/build-steps.d" { - search1=" check_for_uncommited_changes" - replace=" #check_for_uncommited_changes" + search1=" check_for_uncommited_changes"; + replace=" #check_for_uncommited_changes"; search_replace "$search1" "$replace" 1200_create-debian-packages || : } @@ -264,112 +217,152 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then # -------------------------------------------------------------------------- # Whonix system config dependancies # -------------------------------------------------------------------------- - #/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?) - #cannot stat `/boot/grub/grub.cfg': No such file or directory # Qubes needs a user named 'user' debug "Whonix Add user" - chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \ + chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \ { - chroot "$INSTALLDIR" groupadd -f user - chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user + chroot "${INSTALLDIR}" groupadd -f user + chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user } - # Change hostname to 'host' - #debug "Whonix change host" - #echo "host" > "$INSTALLDIR/etc/hostname" - #chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts + # Pin grub packages so they will not install + echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes" + chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes" + + # Install Whonix fix script + echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix" + chmod 0755 "${INSTALLDIR}/home/user/whonix_fix" - #if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then - # cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes" - #fi + # Install Whonix build scripts + echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build" + chmod 0755 "${INSTALLDIR}/home/user/whonix_build" # ------------------------------------------------------------------------------ # Copy over any extra files - # XXX: Moved to 02_install_groups_packages_installed.sh # ------------------------------------------------------------------------------ copyTree "files" + touch "${INSTALLDIR}/tmp/.whonix_prepared" +fi + +# ------------------------------------------------------------------------------ +# Install Whonix +# ------------------------------------------------------------------------------ +if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then + info "Installing Whonix system" + # -------------------------------------------------------------------------- - # Install Whonix system + # Install Whonix code base # -------------------------------------------------------------------------- - if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then + if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then debug "Installing Whonix build environment..." - chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix' + chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix' fi - if [ -d "$INSTALLDIR/home/user/Whonix" ]; then + if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then debug "Building Whonix..." - mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix" - - # XXX: Does this break Whonix build? - # Install apt-get preferences - #echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix" - #chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix" - - # Pin grub packages so they will not install - echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes" - chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes" - - # Install Whonix fix script - echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix" - chmod 0755 "$INSTALLDIR/home/user/whonix_fix" - - # Install Whonix build scripts - echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build" - chmod 0755 "$INSTALLDIR/home/user/whonix_build" - - if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then - BUILD_TYPE="--torgateway" - elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then - BUILD_TYPE="--torworkstation" - else - error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" - error "You need to set TEMPLATE_FLAVOR environment variable to either" - error "whonix-gateway OR whonix-workstation" - exit 1 - fi + mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix" + fi - chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; } + if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then + BUILD_TYPE="--torgateway" + elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then + BUILD_TYPE="--torworkstation" else - error "chroot /home/user/Whonix directory does not exist... exiting!" - exit + error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules" + error "You need to set TEMPLATE_FLAVOR environment variable to either" + error "whonix-gateway OR whonix-workstation" + exit 1 fi + + chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; } + + touch "${INSTALLDIR}/tmp/.whonix_installed" fi # ------------------------------------------------------------------------------ -# Execute any template flavor or sub flavor scripts +# Whonix Post Installation Configurations # ------------------------------------------------------------------------------ -buildStep "99_custom_configuration.sh" +if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then + info "Post Configuring Whonix System" + + pushd "${INSTALLDIR}/etc/network" + { + rm -f interfaces; + ln -s interfaces.backup interfaces; + } + popd + + pushd "${INSTALLDIR}/etc" + { + rm -f resolv.conf; + cp -p resolv.conf.backup resolv.conf; + } + popd + + # Enable Tor + if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then + sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc" + fi + + # Fake that whonixsetup was already run + mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once" + touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done" + + # Fake that initializer was already run + mkdir -p "${INSTALLDIR}/root/.whonix" + touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done" + + # Prevent whonixcheck error + echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default" + + # Disable unwanted applications + chroot "${INSTALLDIR}" update-rc.d network-manager disable || : + chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || : + chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || : + chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || : + + chroot "${INSTALLDIR}" service apt-cacher-ng stop || : + chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || : + + # Remove apt-cacher-ng + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng + + # Remove original sources.list + rm -f "${INSTALLDIR}/etc/apt/sources.list" + + DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ + chroot ${INSTALLDIR} apt-get.anondist-orig update + + touch "${INSTALLDIR}/tmp/.whonix_post" +fi -# XXX: Why do I need to move them out of the way? Lets try keeping them -# in place (modify post script too) # ------------------------------------------------------------------------------ -# Move Whonix sources out of way +# Execute any template flavor or sub flavor scripts # ------------------------------------------------------------------------------ -#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then -# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes" -# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d" -# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d" -#fi +buildStep "99_custom_configuration.sh" # ------------------------------------------------------------------------------ # Bring back original apt-get for installation of Qubues # ------------------------------------------------------------------------------ -if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then - rm "$INSTALLDIR/usr/bin/apt-get" - chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get" -fi +pushd "${INSTALLDIR}/usr/bin" +{ + rm -f apt-get; + cp -p apt-get.anondist-orig apt-get; +} +popd # ------------------------------------------------------------------------------ # Make sure the temporary policy-rc.d to prevent apt from starting services # on package installation is still active; Whonix may have reset it # ------------------------------------------------------------------------------ -cat > "$INSTALLDIR/usr/sbin/policy-rc.d" < "${INSTALLDIR}/usr/sbin/policy-rc.d" < Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting" - for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR") + warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting" + for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}") do sudo lsof "$dir" 2> /dev/null | \ grep "$dir" | \