Code cleanup - whonix* not tested

functions.sh

@@ -28,7 +28,7 @@ colors() {
        export blink=$(    tput blink  || tput mb      ) # Start blinking
        export italic=$(   tput sitm   || tput ZH      ) # Start italic
        export eitalic=$(  tput ritm   || tput ZR      ) # End   italic
-   [[ $TERM != *-m ]] && {
+   [[ ${TERM} != *-m ]] && {
        export red=$(      tput setaf 1|| tput AF 1    )
        export green=$(    tput setaf 2|| tput AF 2    )
        export yellow=$(   tput setaf 3|| tput AF 3    )
@@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
    colors
 fi
 
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     chroot() {
         local retval
         true ${blue}
@@ -73,19 +73,19 @@ fi
 # Display messages in color
 # ------------------------------------------------------------------------------
 info() {
-    [[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
 }
 
 debug() {
-    [[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
 }
 
 warn() {
-    [[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
 }
 
 error() {
-    [[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
 }
 
 # ------------------------------------------------------------------------------
@@ -278,7 +278,7 @@ buildStepExec() {
     script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
 
     if [ -f "${script}" ]; then
-        [[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
+        [[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
 
         # Execute $script
         "${script}"
@@ -372,7 +372,7 @@ buildStep() {
 }
 
 # ------------------------------------------------------------------------------
-# Copy extra file tree to $INSTALLDIR 
+# Copy extra file tree to ${INSTALLDIR} 
 # TODO:  Allow copy per step (04_install_qubes.sh-files)
 #
 # To set file permissions is a PITA since git won't save them and will
@@ -385,7 +385,7 @@ buildStep() {
 # 5. Manually create facl backup used after copying: getfacl -R . > .facl
 # 6. If git complains; reset file ownership back to user.  The .facl file stored
 #    the file permissions and will be used to reset the file permissions after
-#    they get copied over to $INSTALLDIR
+#    they get copied over to ${INSTALLDIR}
 # NOTE: Don't forget to redo this process if you add -OR- remove files
 # ------------------------------------------------------------------------------
 copyTree() {

scripts_debian/00_prepare.sh

@@ -4,19 +4,19 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
 fi
 INSTALLDIR="$(readlink -m mnt)"
-umount_kill "$INSTALLDIR" || :
+umount_kill "${INSTALLDIR}" || :
 
 # ------------------------------------------------------------------------------
 # Execute any template flavor or sub flavor 'pre' scripts
@@ -26,17 +26,17 @@ buildStep "$0" "pre"
 # ------------------------------------------------------------------------------
 # Force overwrite of an existing image for now if debootstrap did not seem to complete...
 # ------------------------------------------------------------------------------
-debug "Determine if $IMG should be reused or deleted..."
+debug "Determine if ${IMG} should be reused or deleted..."
-if [ -f "$IMG" ]; then
+if [ -f "${IMG}" ]; then
     # Assume a failed debootstrap installation if .prepare_debootstrap does not exist
-    mount -o loop "$IMG" "$INSTALLDIR" || exit 1
+    mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
-    if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
+    if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
-        warn "Last build failed. Deleting $IMG"
+        warn "Last build failed. Deleting ${IMG}"
-        rm -f "$IMG"
+        rm -f "${IMG}"
     fi
 
     # Umount image; don't fail if its already umounted
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
 fi
 
 # ------------------------------------------------------------------------------

scripts_debian/01_install_core.sh

@@ -4,12 +4,12 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -23,13 +23,13 @@ buildStep "$0" "pre"
 # ------------------------------------------------------------------------------
 # Install base debian system
 # ------------------------------------------------------------------------------
-if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
     debug "Installing base ${DEBIANVERSION} system"
     COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
         --components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
-        "$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; }
+        "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
-    chroot "$INSTALLDIR" chmod 0666 "/dev/null"
+    chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
-    touch "$INSTALLDIR/tmp/.prepared_debootstrap"
+    touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
 fi
 
 # ------------------------------------------------------------------------------

scripts_debian/02_install_groups.sh

@@ -4,13 +4,13 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -19,30 +19,30 @@ fi
 # ------------------------------------------------------------------------------
 # If .prepared_debootstrap has not been completed, don't continue
 # ------------------------------------------------------------------------------
-if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
     error "prepared_debootstrap installataion has not completed!... Exiting"
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
     exit 1
 fi
 
 # ------------------------------------------------------------------------------
 # Mount system mount points
 # ------------------------------------------------------------------------------
-for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
+for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
 
 # ------------------------------------------------------------------------------
 # Execute any template flavor or sub flavor 'pre' scripts
 # ------------------------------------------------------------------------------
 buildStep "$0" "pre"
 
-if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
     # ------------------------------------------------------------------------------
     # Cleanup function
     # ------------------------------------------------------------------------------
     function cleanup() {
         error "Install groups error and umount"
-        rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
+        rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
-        umount_kill "$INSTALLDIR" || :
+        umount_kill "${INSTALLDIR}" || :
         exit 1
     }
     trap cleanup ERR
@@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
     # Set up a temporary policy-rc.d to prevent apt from starting services
     # on package installation
     # ------------------------------------------------------------------------------
-    cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
+    cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
 #!/bin/sh
 return 101 # Action forbidden by policy
 EOF
-    chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
+    chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
 
     # ------------------------------------------------------------------------------
     # Ensure umask set in /etc/login.defs is used (022)
@@ -68,30 +68,30 @@ EOF
     # ------------------------------------------------------------------------------
     debug "Adding debian-security repository."
     source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
-    if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
+    if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
-        touch "$INSTALLDIR/etc/apt/sources.list"
+        touch "${INSTALLDIR}/etc/apt/sources.list"
-        echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
+        echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
     fi
     source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
-    if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
+    if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
-        touch "$INSTALLDIR/etc/apt/sources.list"
+        touch "${INSTALLDIR}/etc/apt/sources.list"
-        echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
+        echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
     fi
 
     # ------------------------------------------------------------------------------
     # Upgrade system
     # ------------------------------------------------------------------------------
     debug "Upgrading system"
-    chroot "$INSTALLDIR" apt-get update
+    chroot "${INSTALLDIR}" apt-get update
     true "${stout}"
     DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-        chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
+        chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
 
     # ------------------------------------------------------------------------------
     # Configure keyboard
     # ------------------------------------------------------------------------------
     debug "Setting keyboard layout"
-    chroot "$INSTALLDIR" debconf-set-selections <<EOF
+    chroot "${INSTALLDIR}" debconf-set-selections <<EOF
 keyboard-configuration  keyboard-configuration/variant  select  English (US)
 keyboard-configuration  keyboard-configuration/layout   select  English (US)
 keyboard-configuration  keyboard-configuration/model    select  Generic 105-key (Intl) PC
@@ -102,20 +102,20 @@ keyboard-configuration  keyboard-configuration/optionscode  string
 EOF
 
     # ------------------------------------------------------------------------------
-    # Install extra packages in script_$DEBIANVERSION/packages.list file
+    # Install extra packages in script_${DEBIANVERSION}/packages.list file
     # -and / or- TEMPLATE_FLAVOR directories
     # ------------------------------------------------------------------------------
     getFileLocations packages_list "packages.list" "${DIST}"
     if [ -z "${packages_list}" ]; then
         error "Can not locate a package.list file!"
-        umount_kill "$INSTALLDIR" || :
+        umount_kill "${INSTALLDIR}" || :
         exit 1
     fi
 
     for package_list in "${packages_list[@]}"; do
         debug "Installing extra packages from: ${package_list}"
         DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-            xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list"
+            xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
     done
 
     # ------------------------------------------------------------------------------
@@ -132,51 +132,51 @@ EOF
     #   For jessie and newer, sysvinit is provided by sysvinit-core which
     #   is not an essential package.
     # ------------------------------------------------------------------------------
-    debug "Installing systemd for debian ($DEBIANVERSION)"
+    debug "Installing systemd for debian (${DEBIANVERSION})"
-    if [ "$DEBIANVERSION" == "wheezy" ]; then
+    if [ "${DEBIANVERSION}" == "wheezy" ]; then
         echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-            chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
+            chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
     else
         DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-            chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
+            chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
     fi
 
     # Prevent sysvinit from being re-installed
     debug "Preventing sysvinit re-installation"
-    chroot "$INSTALLDIR" apt-mark hold sysvinit
+    chroot "${INSTALLDIR}" apt-mark hold sysvinit
 
     # Pin sysvinit to prevent being re-installed 
-    cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF
+    cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
 Package: sysvinit
 Pin: version *
 Pin-Priority: -100
 EOF
-    chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit"
+    chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
 
-    chroot "$INSTALLDIR" apt-get update
+    chroot "${INSTALLDIR}" apt-get update
     DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-        chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv
+        chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
 
     # ------------------------------------------------------------------------------
     # Set multu-user.target as the default target (runlevel 3)
     # ------------------------------------------------------------------------------
-    #chroot "$INSTALLDIR" systemctl set-default multi-user.target
+    #chroot "${INSTALLDIR}" systemctl set-default multi-user.target
-    chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target
+    chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
-    chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
+    chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
     
     # ------------------------------------------------------------------------------
     # Qubes is now being built with some SID packages; grab backport for wheezy
     # ------------------------------------------------------------------------------
-    if [ "$DEBIANVERSION" == "wheezy" ]; then
+    if [ "${DEBIANVERSION}" == "wheezy" ]; then
         debug "Adding wheezy backports repository."
         source="deb ${DEBIAN_MIRROR} wheezy-backports main"
-        if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
+        if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
-            touch "$INSTALLDIR/etc/apt/sources.list"
+            touch "${INSTALLDIR}/etc/apt/sources.list"
-            echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
+            echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
         fi
-        chroot $INSTALLDIR apt-get update
+        chroot ${INSTALLDIR} apt-get update
         DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-            chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers
+            chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
     fi
 
     # ------------------------------------------------------------------------------
@@ -184,15 +184,15 @@ EOF
     # ------------------------------------------------------------------------------
     # Remove temporary policy layer so services can start normally in the
     # deployed template.
-    rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
+    rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
-    touch "$INSTALLDIR/tmp/.prepared_groups"
+    touch "${INSTALLDIR}/tmp/.prepared_groups"
     trap - ERR EXIT
     trap
 
-    # Kill all processes and umount all mounts within $INSTALLDIR, 
+    # Kill all processes and umount all mounts within ${INSTALLDIR}, 
-    # but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being
+    # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
     # umounted itself)
-    umount_kill "$INSTALLDIR/" || :
+    umount_kill "${INSTALLDIR}/" || :
 fi
 
 # ------------------------------------------------------------------------------

scripts_debian/04_install_qubes.sh

@@ -4,13 +4,13 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -19,7 +19,7 @@ fi
 # ------------------------------------------------------------------------------
 # If .prepared_groups has not been completed, don't continue
 # ------------------------------------------------------------------------------
-if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
     error "prepared_groups installataion has not completed!... Exiting"
     exit 1
 fi
@@ -27,7 +27,7 @@ fi
 # ------------------------------------------------------------------------------
 # Mount system mount points
 # ------------------------------------------------------------------------------
-for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
+for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
 
 # ------------------------------------------------------------------------------
 # Execute any template flavor or sub flavor 'pre' scripts
@@ -37,32 +37,32 @@ buildStep "$0" "pre"
 # ------------------------------------------------------------------------------
 # Install Qubes Packages
 # ------------------------------------------------------------------------------
-if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
     debug "Installing qbues modules"
 
     # --------------------------------------------------------------------------
     # Set up a temporary policy-rc.d to prevent apt from starting services
     # on package installation
     # --------------------------------------------------------------------------
-    cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF
+    cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
 #!/bin/sh
 return 101 # Action forbidden by policy
 EOF
-    chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d
+    chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
 
     # --------------------------------------------------------------------------
     # Generate locales
     # --------------------------------------------------------------------------
     debug "Generate locales"
-    echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen"
+    echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
-    chroot "$INSTALLDIR" locale-gen
+    chroot "${INSTALLDIR}" locale-gen
-    chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8
+    chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
 
     # --------------------------------------------------------------------------
     # Update /etc/fstab
     # --------------------------------------------------------------------------
     debug "Updating template fstab file..."
-    cat >> "$INSTALLDIR/etc/fstab" <<EOF
+    cat >> "${INSTALLDIR}/etc/fstab" <<EOF
 /dev/mapper/dmroot /         ext4 defaults,noatime 1 1
 /dev/xvdc1 swap              swap    defaults 0 0
 
@@ -82,106 +82,106 @@ EOF
     # --------------------------------------------------------------------------
     # Link mtab
     # --------------------------------------------------------------------------
-    rm -f "$INSTALLDIR/etc/mtab"
+    rm -f "${INSTALLDIR}/etc/mtab"
-    ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab"
+    ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
 
     # --------------------------------------------------------------------------
     # Create modules directory
     # --------------------------------------------------------------------------
-    mkdir -p "$INSTALLDIR/lib/modules"
+    mkdir -p "${INSTALLDIR}/lib/modules"
 
     # --------------------------------------------------------------------------
     # Start of Qubes package installation
     # --------------------------------------------------------------------------
     debug "Installing qubes packages"
-    export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST"
+    export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
 
     # --------------------------------------------------------------------------
     # Install keyrings
     # --------------------------------------------------------------------------
-    if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then
+    if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
-        mkdir -p "$CACHEDIR"
+        mkdir -p "${CACHEDIR}"
         gpg --gen-key --batch <<EOF
 Key-Type: RSA
 Key-Length: 1024
 Key-Usage: sign
 Name-Real: Qubes builder
 Expire-Date: 0
-%pubring $CACHEDIR/repo-pubring.gpg
+%pubring ${CACHEDIR}/repo-pubring.gpg
-%secring $CACHEDIR/repo-secring.gpg
+%secring ${CACHEDIR}/repo-secring.gpg
 %commit
 EOF
     fi
     gpg -abs --no-default-keyring \
-        --secret-keyring "$CACHEDIR/repo-secring.gpg" \
+        --secret-keyring "${CACHEDIR}/repo-secring.gpg" \
-        --keyring "$CACHEDIR/repo-pubring.gpg" \
+        --keyring "${CACHEDIR}/repo-pubring.gpg" \
-        -o "$CUSTOMREPO/dists/$DIST/Release.gpg" \
+        -o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
-        "$CUSTOMREPO/dists/$DIST/Release"
+        "${CUSTOMREPO}/dists/${DIST}/Release"
-    cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
+    cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
 
     # --------------------------------------------------------------------------
     # Mount local qubes_repo
     # --------------------------------------------------------------------------
-    mkdir -p "$INSTALLDIR/tmp/qubes_repo"
+    mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
-    mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo"
+    mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
 
     # --------------------------------------------------------------------------
     # Include qubes repo for apt
     # --------------------------------------------------------------------------
-    cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF
+    cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
-deb file:/tmp/qubes_repo $DEBIANVERSION main
+deb file:/tmp/qubes_repo ${DEBIANVERSION} main
 EOF
 
     # --------------------------------------------------------------------------
     # Update system; exit is not successful
     # --------------------------------------------------------------------------
-    chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; }
+    chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
 
     # --------------------------------------------------------------------------
     # Install Qubes packages
     # --------------------------------------------------------------------------
     DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-        chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \
+        chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
-        { umount_kill "$INSTALLDIR"; exit 1; }
+        { umount_kill "${INSTALLDIR}"; exit 1; }
 
     # --------------------------------------------------------------------------
     # Remove Quebes repo from sources.list.d
     # --------------------------------------------------------------------------
-    rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list
+    rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
-    umount_kill "$INSTALLDIR/tmp/qubes_repo"
+    umount_kill "${INSTALLDIR}/tmp/qubes_repo"
-    rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
+    rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
-    chroot "$INSTALLDIR" apt-get update || exit 1
+    chroot "${INSTALLDIR}" apt-get update || exit 1
 
     # --------------------------------------------------------------------------
     # Remove temporary policy layer so services can start normally in the
     # deployed template.
     # --------------------------------------------------------------------------
-    rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d"
+    rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
 
     # --------------------------------------------------------------------------
     # Qubes needs a user named 'user'
     # --------------------------------------------------------------------------
-    if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then
+    if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
         :
     else
-        chroot "$INSTALLDIR" groupadd -f user
+        chroot "${INSTALLDIR}" groupadd -f user
-        chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
+        chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
     fi
 
     # --------------------------------------------------------------------------
     # Modules setup
     # --------------------------------------------------------------------------
-    echo "xen_netfront" >> "$INSTALLDIR/etc/modules"
+    echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
 
     # --------------------------------------------------------------------------
     # Remove `mesg` from root/.profile?
     # --------------------------------------------------------------------------
-    sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile"
+    sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
 
     # --------------------------------------------------------------------------
     # Need a xen log directory or xen scripts will fail
     # --------------------------------------------------------------------------
-    mkdir -p -m 0700 "$INSTALLDIR/var/log/xen"
+    mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
 
     # --------------------------------------------------------------------------
     # Copy extra files to installation directory.  Contains:
@@ -195,6 +195,8 @@ EOF
     # --------------------------------------------------------------------------
     expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
     mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
+
+    touch "${INSTALLDIR}/tmp/.prepared_qubes"
 fi
 
 # ------------------------------------------------------------------------------
@@ -203,8 +205,8 @@ fi
 buildStep "$0" "post"
 
 # ------------------------------------------------------------------------------
-# Kill all processes and umount all mounts within $INSTALLDIR, but not 
+# Kill all processes and umount all mounts within ${INSTALLDIR}, but not 
-# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself)
+# ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
 # ------------------------------------------------------------------------------
-umount_kill "$INSTALLDIR/" || :
+umount_kill "${INSTALLDIR}/" || :
 

scripts_debian/09_cleanup.sh

@@ -4,12 +4,12 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -23,9 +23,9 @@ buildStep "$0" "pre"
 # ------------------------------------------------------------------------------
 # Cleanup any left over files from installation
 # ------------------------------------------------------------------------------
-rm -rf "INSTALLDIR/var/cache/apt/archives/*"
+rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
-rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list"
+rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
-rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg"
+rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
 
 # XXX: Whats this for?
 rm -rf buildchroot

scripts_debian/gnome/04_install_qubes_post.sh

@@ -8,12 +8,12 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -23,4 +23,4 @@ fi
 # Disable gnome network-manager since it will prevent networking
 # ------------------------------------------------------------------------------
 debug "Disabling gnome network-manager"
-chroot "$INSTALLDIR" systemctl disable network-manager
+chroot "${INSTALLDIR}" systemctl disable network-manager

scripts_debian/vars.sh

@@ -8,7 +8,7 @@
 
 # The codename of the debian version to install.
 # jessie = testing, wheezy = stable
-DEBIANVERSION=$DIST
+DEBIANVERSION=${DIST}
 
 # Location to grab debian packages
 #DEBIAN_MIRROR=http://http.debian.net/debian
@@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
 
 # XXX: Is this even used?
 # make runs the scripts with sudo -E, so HOME is set to /home/user during
-# build, which does not exist. We need to write to $HOME/.gnupg so set it
+# build, which does not exist. We need to write to ${HOME}/.gnupg so set it
 # to something valid.
 HOME=/root

scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh

@@ -4,13 +4,13 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -19,10 +19,10 @@ fi
 # ------------------------------------------------------------------------------
 # whonix-netvm-gateway contains last known IP used to search and replace
 # ------------------------------------------------------------------------------
-if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
+if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
     # --------------------------------------------------------------------------
     # Install Custom Configurations
     # --------------------------------------------------------------------------
-    echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
+    echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
-    touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
+    touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
 fi

scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips

@@ -24,9 +24,9 @@ FILES=(
 
 # sed search and replace. return 0 if replace happened, otherwise 1
 search_replace() {
-    local search="$1"
+    local search="${1}"
-    local replace="$2"
+    local replace="${2}"
-    local file="$3"
+    local file="${3}"
     local retval=1
 
     if ! [ -L "${file}" ]; then 
@@ -55,8 +55,8 @@ function replace_ips()
     local restart_tor=0
 
     # If IP is 10.152.152.10, network is 10.152.152.0
-    replace_network="${replace_ip%.*}.0"
+    search_network="${search_ip%[.]*}.0"
-    search_network="${search_ip%.*}.0"
+    replace_network="${replace_ip%[.]*}.0"
 
     if ! [ "${search_ip}" == "${replace_ip}" ]; then
         for file in "${files[@]}"; do
@@ -68,7 +68,10 @@ function replace_ips()
 
         if [ "${restart_tor}" == "1" ]; then
             echo "${replace_ip}" > /etc/whonix-netvm-gateway
-    	    service tor restart
+            grep "^DisableNetwork 0$" /etc/tor/torrc && {
+                service tor reload || true;
+                #sleep 1;
+            }
         fi
     fi
 }

scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip

@@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
 else
 	XENSTORE_READ="/usr/bin/xenstore-read"
 fi
-ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
 
 INTERFACE="eth1"
+ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
 
 # Create a dummy eth1 interface so tor can bind to it if there
 # are no DOMU virtual machines connected at the moment
@@ -100,3 +100,22 @@ export INT_TIF="vif+"
 # Route any traffic FROM netvm TO netvm BACK-TO localhost
 # Allows localhost access to tor network
 iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
+
+enable() {
+    servicename=${1}
+
+    grep "^DisableNetwork 0$" /etc/tor/torrc && {
+        # Check to see if the service is already enabled and if not, enable it
+        string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
+
+        if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
+            echo "${1} is currently disabled; enabling it"
+            systemctl --quiet enable ${servicename}
+        fi
+    }
+}
+
+#enable tor
+#enable whonixcheck
+#enable sdwdate
+

scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh

@@ -4,13 +4,13 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -19,12 +19,12 @@ fi
 # ------------------------------------------------------------------------------
 # whonix-netvm-gateway contains last known IP used to search and replace
 # ------------------------------------------------------------------------------
-if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then
+if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
     # --------------------------------------------------------------------------
     # Install Custom Configurations
     # --------------------------------------------------------------------------
-    echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip"
+    echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
-    echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway"
+    echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
 
-    touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations"
+    touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
 fi

scripts_debian/wheezy+whonix/00_prepare_pre.sh

@@ -16,20 +16,20 @@
 # Return if SNAPSHOT is not "1"
 # ------------------------------------------------------------------------------
 # This script is only used if SNAPSHOT is set
-if [ ! "$SNAPSHOT" == "1" ]; then
+if [ ! "${SNAPSHOT}" == "1" ]; then
     exit 0
 fi
 
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
 # ------------------------------------------------------------------------------
 
 manage_snapshot() {
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
 
-    mount -o loop "$IMG" "$INSTALLDIR" || exit 1
+    mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
     # Remove old snapshots if whonix completed
-    if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
+    if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
         warn "Removing stale snapshots"
-        umount_kill "$INSTALLDIR" || :
+        umount_kill "${INSTALLDIR}" || :
         rm -rf "$debootstrap_snapshot"
         rm -rf "$updated_snapshot"
         return
     fi
 
-    warn "Copying $1 to $IMG"
+    warn "Copying $1 to ${IMG}"
-    mount -o loop "$1" "$INSTALLDIR" || exit 1
+    mount -o loop "$1" "${INSTALLDIR}" || exit 1
-    rm -f "$INSTALLDIR/tmp/.prepared_groups"
+    rm -f "${INSTALLDIR}/tmp/.prepared_groups"
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
-    cp -f "$1" "$IMG"
+    cp -f "$1" "${IMG}"
 }
 
-splitPath "$IMG" path_parts
+splitPath "${IMG}" path_parts
 debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
 updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
 

scripts_debian/wheezy+whonix/01_install_core_post.sh

@@ -5,20 +5,20 @@
 # Return if SNAPSHOT is not "1"
 # ------------------------------------------------------------------------------
 # This script is only used if SNAPSHOT is set
-if [ ! "$SNAPSHOT" == "1" ]; then
+if [ ! "${SNAPSHOT}" == "1" ]; then
     exit 0
 fi
 
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -27,12 +27,12 @@ fi
 # ------------------------------------------------------------------------------
 # Create a snapshot of the already debootstraped image
 # ------------------------------------------------------------------------------
-splitPath "$IMG" path_parts
+splitPath "${IMG}" path_parts
 PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
 
-if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
+if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
-    warn "Copying $IMG to $PREPARED_IMG"
+    warn "Copying ${IMG} to ${PREPARED_IMG}"
-    cp -f "$IMG" "$PREPARED_IMG"
+    cp -f "${IMG}" "${PREPARED_IMG}"
-    mount -o loop "$IMG" "$INSTALLDIR" || exit 1
+    mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
 fi

scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh

@@ -4,13 +4,13 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 . ./umount_kill.sh >/dev/null
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -20,16 +20,16 @@ fi
 # XXX: Create a snapshot - Only for DEBUGGING!
 # ------------------------------------------------------------------------------
 # Only execute if SNAPSHOT is set
-if [ "$SNAPSHOT" == "1" ]; then
+if [ "${SNAPSHOT}" == "1" ]; then
-    splitPath "$IMG" path_parts
+    splitPath "${IMG}" path_parts
     PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
 
-    if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
+    if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
-        umount_kill "$INSTALLDIR" || :
+        umount_kill "${INSTALLDIR}" || :
-        warn "Copying $IMG to $PREPARED_IMG"
+        warn "Copying ${IMG} to ${PREPARED_IMG}"
-        cp -f "$IMG" "$PREPARED_IMG"
+        cp -f "${IMG}" "${PREPARED_IMG}"
-        mount -o loop "$IMG" "$INSTALLDIR" || exit 1
+        mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
-        for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
+        for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
     fi
 fi
 
@@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
     --minimal-report \
     --skip-sanity-tests || { exit 1; }
 popd
-
-################################################################################
-# Post Fixups
-
-set -e
-
-pushd /etc/network
-sudo rm -f interfaces
-sudo ln -s interfaces.backup interfaces
-popd
-
-pushd /etc
-sudo rm -f resolv.conf
-sudo cp -p resolv.conf.backup resolv.conf
-popd
-
-# Enable Tor
-if [ "${1}" == "--torgateway" ]; then
-    sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
-fi
-
-# Fake that whonixsetup was already run
-sudo mkdir -p /var/lib/whonix/do_once
-sudo touch /var/lib/whonix/do_once/whonixsetup.done
-
-# Fake that initializer was already run
-sudo mkdir -p /root/.whonix
-sudo touch /root/.whonix/first_run_initializer.done
-
-# Prevent whonixcheck error
-sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
-
-sudo update-rc.d network-manager disable
-sudo update-rc.d spice-vdagent disable
-sudo update-rc.d swap-file-creator disable
-sudo update-rc.d whonix-initializer disable
-
-# Remove original sources.list
-sudo rm -f /etc/apt/sources.list
-sudo apt-get.anondist-orig update
-
-# Remove apt-cacher-ng
-DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
-    sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
-
-sudo touch "/tmp/.prepared_whonix"
-
 EOF
 
 # ------------------------------------------------------------------------------
@@ -164,8 +117,8 @@ EOF
 # Cleanup function
 # ------------------------------------------------------------------------------
 function cleanup() {
-    error "Whonix error; umounting $INSTALLDIR to prevent further writes"
+    error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
-    umount_kill "$INSTALLDIR" || :
+    umount_kill "${INSTALLDIR}" || :
     exit 1
 }
 trap cleanup ERR
@@ -174,15 +127,15 @@ trap cleanup EXIT
 # ------------------------------------------------------------------------------
 # Mount devices, etc required for Whonix installation
 # ------------------------------------------------------------------------------
-if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
+if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
-    info "Installing Whonix system"
+    info "Preparing Whonix system"
 
     # --------------------------------------------------------------------------
     # Initialize Whonix submodules
     # --------------------------------------------------------------------------
-    pushd "$WHONIX_DIR"
+    pushd "${WHONIX_DIR}"
     {
-        su $(logname) -c "git submodule update --init --recursive"
+        su $(logname) -c "git submodule update --init --recursive";
     }
     popd
 
@@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
     }
 
     # Patch anon-meta-packages to not depend on grub-pc
-    pushd "$WHONIX_DIR"
+    pushd "${WHONIX_DIR}"
     {
         search_replace "grub-pc" "" "grml_packages" || :
     }
     popd
 
-    pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
+    pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
     {
-        search1=" grub-pc,"
+        search1=" grub-pc,";
-        replace=""
+        replace="";
 
         #checkout_branch qubes
         search_replace "$search1" "$replace" control && \
         {
-            cd "$WHONIX_DIR/packages/anon-meta-packages"
+            cd "${WHONIX_DIR}/packages/anon-meta-packages";
             :
             #sudo -E -u $(logname) make deb-pkg || :
             #su $(logname) -c "dpkg-source --commit" || :
@@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
     }
     popd
 
-    pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
+    pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
     {
-        search1="update-grub"
+        search1="update-grub";
-        replace=":"
+        replace=":";
 
         #checkout_branch qubes
         search_replace "$search1" "$replace" 85_update_grub && \
         {
-            cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub"
+            cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
             sudo -E -u $(logname) make deb-pkg || :
-            su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"
+            su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
-            #git add .
+            #git add . ;
             #su $(logname) -c "git commit -am 'removed grub-pc depend'"
         } || :
     }
     popd
 
-    pushd "$WHONIX_DIR/build-steps.d"
+    pushd "${WHONIX_DIR}/build-steps.d"
     {
-        search1="   check_for_uncommited_changes" 
+        search1="   check_for_uncommited_changes";
-        replace="   #check_for_uncommited_changes" 
+        replace="   #check_for_uncommited_changes";
 
         search_replace "$search1" "$replace" 1200_create-debian-packages || :
     }
@@ -264,60 +217,53 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
     # --------------------------------------------------------------------------
     # Whonix system config dependancies
     # --------------------------------------------------------------------------
-    #/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
-    #cannot stat `/boot/grub/grub.cfg': No such file or directory
 
     # Qubes needs a user named 'user'
     debug "Whonix Add user"
-    chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \
+    chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
     {
-        chroot "$INSTALLDIR" groupadd -f user
+        chroot "${INSTALLDIR}" groupadd -f user
-        chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
+        chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
     }
 
-    # Change hostname to 'host'
+    # Pin grub packages so they will not install
-    #debug "Whonix change host"
+    echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
-    #echo "host" > "$INSTALLDIR/etc/hostname"
+    chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
-    #chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
 
-    #if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then
+    # Install Whonix fix script
-    #    cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes"
+    echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
-    #fi
+    chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
+
+    # Install Whonix build scripts
+    echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
+    chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
 
     # ------------------------------------------------------------------------------
     # Copy over any extra files
-    # XXX: Moved to 02_install_groups_packages_installed.sh
     # ------------------------------------------------------------------------------
     copyTree "files"
 
-    # --------------------------------------------------------------------------
+    touch "${INSTALLDIR}/tmp/.whonix_prepared"
-    # Install Whonix system
-    # --------------------------------------------------------------------------
-    if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
-        debug "Installing Whonix build environment..."
-        chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
 fi
 
-    if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
+# ------------------------------------------------------------------------------
+# Install Whonix
+# ------------------------------------------------------------------------------
+if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
+    info "Installing Whonix system"
+
+    # --------------------------------------------------------------------------
+    # Install Whonix code base
+    # --------------------------------------------------------------------------
+    if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
+        debug "Installing Whonix build environment..."
+        chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
+    fi
+
+    if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
         debug "Building Whonix..."
-        mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
+        mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
-
+    fi
-        # XXX: Does this break Whonix build?
-        # Install apt-get preferences
-        #echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
-        #chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
-
-        # Pin grub packages so they will not install
-        echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
-        chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
-
-        # Install Whonix fix script
-        echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
-        chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
-
-        # Install Whonix build scripts
-        echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
-        chmod 0755 "$INSTALLDIR/home/user/whonix_build"
 
     if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
         BUILD_TYPE="--torgateway"
@@ -330,11 +276,67 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
         exit 1
     fi
 
-        chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; }
+    chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
-    else
+
-        error "chroot /home/user/Whonix directory does not exist... exiting!"
+    touch "${INSTALLDIR}/tmp/.whonix_installed"
-        exit 
 fi
+
+# ------------------------------------------------------------------------------
+# Whonix Post Installation Configurations
+# ------------------------------------------------------------------------------
+if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
+    info "Post Configuring Whonix System"
+
+    pushd "${INSTALLDIR}/etc/network"
+    {
+        rm -f interfaces;
+        ln -s interfaces.backup interfaces;
+    }
+    popd
+
+    pushd "${INSTALLDIR}/etc"
+    {
+        rm -f resolv.conf;
+        cp -p resolv.conf.backup resolv.conf;
+    }
+    popd
+
+    # Enable Tor
+    if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
+        sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
+    fi
+
+    # Fake that whonixsetup was already run
+    mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
+    touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
+
+    # Fake that initializer was already run
+    mkdir -p "${INSTALLDIR}/root/.whonix"
+    touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
+
+    # Prevent whonixcheck error
+    echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
+
+    # Disable unwanted applications
+    chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
+    chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
+    chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
+    chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
+
+    chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
+    chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
+
+    # Remove apt-cacher-ng
+    DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
+        chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
+
+    # Remove original sources.list
+    rm -f "${INSTALLDIR}/etc/apt/sources.list"
+
+    DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
+        chroot ${INSTALLDIR} apt-get.anondist-orig update
+
+    touch "${INSTALLDIR}/tmp/.whonix_post"
 fi
 
 # ------------------------------------------------------------------------------
@@ -342,34 +344,25 @@ fi
 # ------------------------------------------------------------------------------
 buildStep "99_custom_configuration.sh"
 
-# XXX: Why do I need to move them out of the way?  Lets try keeping them
-# in place (modify post script too)
-# ------------------------------------------------------------------------------
-# Move Whonix sources out of way
-# ------------------------------------------------------------------------------
-#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
-#    mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
-#    mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
-#    cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
-#fi
-
 # ------------------------------------------------------------------------------
 # Bring back original apt-get for installation of Qubues
 # ------------------------------------------------------------------------------
-if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
+pushd "${INSTALLDIR}/usr/bin" 
-    rm "$INSTALLDIR/usr/bin/apt-get"
+{
-    chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get"
+    rm -f apt-get;
-fi
+    cp -p apt-get.anondist-orig apt-get;
+}
+popd
 
 # ------------------------------------------------------------------------------
 # Make sure the temporary policy-rc.d to prevent apt from starting services
 # on package installation is still active; Whonix may have reset it
 # ------------------------------------------------------------------------------
-cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
+cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
 #!/bin/sh
 return 101 # Action forbidden by policy
 EOF
-chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
+chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
 
 # ------------------------------------------------------------------------------
 # Leave cleanup to calling function

scripts_debian/wheezy+whonix/04_install_qubes_post.sh

@@ -8,12 +8,12 @@
 # ------------------------------------------------------------------------------
 # Source external scripts
 # ------------------------------------------------------------------------------
-. $SCRIPTSDIR/vars.sh
+. ${SCRIPTSDIR}/vars.sh
 
 # ------------------------------------------------------------------------------
 # Configurations
 # ------------------------------------------------------------------------------
-if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
+if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
     set -x
 else
     set -e
@@ -22,41 +22,27 @@ fi
 # ------------------------------------------------------------------------------
 # Restore Whonix apt-get
 # ------------------------------------------------------------------------------
-if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
+pushd "${INSTALLDIR}/usr/bin" 
-    rm "$INSTALLDIR/usr/bin/apt-get"
+{
-    chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist apt-get"
+    rm -f apt-get;
-fi
+    cp -p apt-get.anondist apt-get;
-
+}
-# ------------------------------------------------------------------------------
+popd
-# Restore Whonix sources
-# ------------------------------------------------------------------------------
-#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
-#    rm -rf "$INSTALLDIR/etc/apt/sources.list.d"
-#    mv "$INSTALLDIR/etc/apt/sources.list.d.qubes" "$INSTALLDIR/etc/apt/sources.list.d"
-#fi
 
 # ------------------------------------------------------------------------------
 # Restore whonix resolv.conf
 # ------------------------------------------------------------------------------
-pushd "$INSTALLDIR/etc"
+pushd "${INSTALLDIR}/etc"
 {
-    rm -f resolv.conf
+    rm -f resolv.conf;
-    cp -p resolv.conf.anondist resolv.conf
+    cp -p resolv.conf.anondist resolv.conf;
 }
 popd
 
-# --------------------------------------------------------------------------
-# Copy over any extra files that may be needed that are located in
-# --------------------------------------------------------------------------
-debug "Copy extra Qubes related files..." 
-copyTree "extra-qubes-files"
-
-touch "$INSTALLDIR/tmp/.prepared_qubes"
-
 # ------------------------------------------------------------------------------
 # Cleanup Whonix Installation
 # ------------------------------------------------------------------------------
-rm -rf "$INSTALLDIR"/home/user/Whonix
+rm -rf "${INSTALLDIR}"/home/user/Whonix
-rm -rf "$INSTALLDIR"/home/user/whonix_binary
+rm -rf "${INSTALLDIR}"/home/user/whonix_binary
-rm -f "$INSTALLDIR"/home/user/whonix_fix
+rm -f "${INSTALLDIR}"/home/user/whonix_fix
-rm -f "$INSTALLDIR"/home/user/whonix_build
+rm -f "${INSTALLDIR}"/home/user/whonix_build

tests/template-flavors/test.sh

@@ -45,7 +45,7 @@ declare -A VALUES=(
 )
 
 values() {
-    [[ -z $TEST ]] && {
+    [[ -z ${TEST} ]] && {
         label=${1}
         value="${1}[@]"
         value="${!value}"
@@ -61,11 +61,11 @@ values() {
 }
 
 info() {
-    [[ -z $TEST ]] && echo "${bold}${blue}${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo "${bold}${blue}${1}${reset}" || :
 }
 
 debug() {
-    [[ -z $TEST ]] && echo -e "${magenta}${1}${reset}" || :
+    [[ -z ${TEST} ]] && echo -e "${magenta}${1}${reset}" || :
 }
 
 assertTest(){
@@ -264,7 +264,7 @@ assertEnd
 
 
 # ------------------------------------------------------------------------------
-# 10. Template directory for options within $SCRIPTSDIR using short name filter
+# 10. Template directory for options within ${SCRIPTSDIR} using short name filter
 # ------------------------------------------------------------------------------
 SCRIPTSDIR="tests/template-flavors"
 DIST="wheezy"
@@ -275,7 +275,7 @@ TEMPLATE_FLAVOR_DIR="wheezy+proxy:${SCRIPTSDIR}/proxy"
 TEMPLATE_OPTIONS=('proxy')
 
 header <<EOF
-10. Template directory for options within $SCRIPTSDIR using short name filter
+10. Template directory for options within ${SCRIPTSDIR} using short name filter
 EOF
 buildStep "$0" "pre"
 assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh"
@@ -455,12 +455,12 @@ header <<EOF
     Just test copying from here to ${INSTALLDIR}
     INSTALLDIR="${SCRIPTSDIR}/test_copy_location"
 EOF
-rm -f "$INSTALLDIR"/test1
+rm -f "${INSTALLDIR}"/test1
-rm -f "$INSTALLDIR"/test2
+rm -f "${INSTALLDIR}"/test2
-rm -f "$INSTALLDIR"/test3
+rm -f "${INSTALLDIR}"/test3
 copyTree "files"
-ls -l "$INSTALLDIR"
+ls -l "${INSTALLDIR}"
-assertTest "ls $INSTALLDIR" "test1\ntest2\ntest3"
+assertTest "ls ${INSTALLDIR}" "test1\ntest2\ntest3"
 assertEnd
 
 

umount_kill.sh

@@ -31,16 +31,16 @@ umount_kill() {
     MOUNTDIR="$1"
 
     # We need absolute paths here so we don't kill everything
-    if ! [[ "$MOUNTDIR" = /* ]]; then
+    if ! [[ "${MOUNTDIR}" = /* ]]; then
         MOUNTDIR="${PWD}/${MOUNTDIR}"
     fi
 
     # Strip any extra trailing slashes ('/') from path if they exist
     # since we are doing an exact string match on the path
-    MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g)
+    MOUNTDIR=$(echo "${MOUNTDIR}" | sed s#//*#/#g)
 
-    warn "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting"
+    warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting"
-    for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR")
+    for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}")
     do
         sudo lsof "$dir" 2> /dev/null | \
             grep "$dir" | \