|
|
@ -4,13 +4,13 @@
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Source external scripts
|
|
|
|
# Source external scripts
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
. $SCRIPTSDIR/vars.sh
|
|
|
|
. ${SCRIPTSDIR}/vars.sh
|
|
|
|
. ./umount_kill.sh >/dev/null
|
|
|
|
. ./umount_kill.sh >/dev/null
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Configurations
|
|
|
|
# Configurations
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
|
|
|
|
if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
|
|
|
|
set -x
|
|
|
|
set -x
|
|
|
|
else
|
|
|
|
else
|
|
|
|
set -e
|
|
|
|
set -e
|
|
|
@ -20,16 +20,16 @@ fi
|
|
|
|
# XXX: Create a snapshot - Only for DEBUGGING!
|
|
|
|
# XXX: Create a snapshot - Only for DEBUGGING!
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Only execute if SNAPSHOT is set
|
|
|
|
# Only execute if SNAPSHOT is set
|
|
|
|
if [ "$SNAPSHOT" == "1" ]; then
|
|
|
|
if [ "${SNAPSHOT}" == "1" ]; then
|
|
|
|
splitPath "$IMG" path_parts
|
|
|
|
splitPath "${IMG}" path_parts
|
|
|
|
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
|
|
|
|
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
|
|
|
|
|
|
|
|
|
|
|
|
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
|
|
|
|
umount_kill "$INSTALLDIR" || :
|
|
|
|
umount_kill "${INSTALLDIR}" || :
|
|
|
|
warn "Copying $IMG to $PREPARED_IMG"
|
|
|
|
warn "Copying ${IMG} to ${PREPARED_IMG}"
|
|
|
|
cp -f "$IMG" "$PREPARED_IMG"
|
|
|
|
cp -f "${IMG}" "${PREPARED_IMG}"
|
|
|
|
mount -o loop "$IMG" "$INSTALLDIR" || exit 1
|
|
|
|
mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
|
|
|
|
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
|
|
|
|
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
|
|
|
|
--minimal-report \
|
|
|
|
--minimal-report \
|
|
|
|
--skip-sanity-tests || { exit 1; }
|
|
|
|
--skip-sanity-tests || { exit 1; }
|
|
|
|
popd
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
################################################################################
|
|
|
|
|
|
|
|
# Post Fixups
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pushd /etc/network
|
|
|
|
|
|
|
|
sudo rm -f interfaces
|
|
|
|
|
|
|
|
sudo ln -s interfaces.backup interfaces
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pushd /etc
|
|
|
|
|
|
|
|
sudo rm -f resolv.conf
|
|
|
|
|
|
|
|
sudo cp -p resolv.conf.backup resolv.conf
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable Tor
|
|
|
|
|
|
|
|
if [ "${1}" == "--torgateway" ]; then
|
|
|
|
|
|
|
|
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Fake that whonixsetup was already run
|
|
|
|
|
|
|
|
sudo mkdir -p /var/lib/whonix/do_once
|
|
|
|
|
|
|
|
sudo touch /var/lib/whonix/do_once/whonixsetup.done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Fake that initializer was already run
|
|
|
|
|
|
|
|
sudo mkdir -p /root/.whonix
|
|
|
|
|
|
|
|
sudo touch /root/.whonix/first_run_initializer.done
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Prevent whonixcheck error
|
|
|
|
|
|
|
|
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sudo update-rc.d network-manager disable
|
|
|
|
|
|
|
|
sudo update-rc.d spice-vdagent disable
|
|
|
|
|
|
|
|
sudo update-rc.d swap-file-creator disable
|
|
|
|
|
|
|
|
sudo update-rc.d whonix-initializer disable
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Remove original sources.list
|
|
|
|
|
|
|
|
sudo rm -f /etc/apt/sources.list
|
|
|
|
|
|
|
|
sudo apt-get.anondist-orig update
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Remove apt-cacher-ng
|
|
|
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
|
|
|
|
|
|
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
sudo touch "/tmp/.prepared_whonix"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
EOF
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
@ -164,8 +117,8 @@ EOF
|
|
|
|
# Cleanup function
|
|
|
|
# Cleanup function
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
function cleanup() {
|
|
|
|
function cleanup() {
|
|
|
|
error "Whonix error; umounting $INSTALLDIR to prevent further writes"
|
|
|
|
error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
|
|
|
|
umount_kill "$INSTALLDIR" || :
|
|
|
|
umount_kill "${INSTALLDIR}" || :
|
|
|
|
exit 1
|
|
|
|
exit 1
|
|
|
|
}
|
|
|
|
}
|
|
|
|
trap cleanup ERR
|
|
|
|
trap cleanup ERR
|
|
|
@ -174,15 +127,15 @@ trap cleanup EXIT
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Mount devices, etc required for Whonix installation
|
|
|
|
# Mount devices, etc required for Whonix installation
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
|
|
|
|
info "Installing Whonix system"
|
|
|
|
info "Preparing Whonix system"
|
|
|
|
|
|
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# Initialize Whonix submodules
|
|
|
|
# Initialize Whonix submodules
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
pushd "$WHONIX_DIR"
|
|
|
|
pushd "${WHONIX_DIR}"
|
|
|
|
{
|
|
|
|
{
|
|
|
|
su $(logname) -c "git submodule update --init --recursive"
|
|
|
|
su $(logname) -c "git submodule update --init --recursive";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
popd
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Patch anon-meta-packages to not depend on grub-pc
|
|
|
|
# Patch anon-meta-packages to not depend on grub-pc
|
|
|
|
pushd "$WHONIX_DIR"
|
|
|
|
pushd "${WHONIX_DIR}"
|
|
|
|
{
|
|
|
|
{
|
|
|
|
search_replace "grub-pc" "" "grml_packages" || :
|
|
|
|
search_replace "grub-pc" "" "grml_packages" || :
|
|
|
|
}
|
|
|
|
}
|
|
|
|
popd
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian"
|
|
|
|
pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
|
|
|
|
{
|
|
|
|
{
|
|
|
|
search1=" grub-pc,"
|
|
|
|
search1=" grub-pc,";
|
|
|
|
replace=""
|
|
|
|
replace="";
|
|
|
|
|
|
|
|
|
|
|
|
#checkout_branch qubes
|
|
|
|
#checkout_branch qubes
|
|
|
|
search_replace "$search1" "$replace" control && \
|
|
|
|
search_replace "$search1" "$replace" control && \
|
|
|
|
{
|
|
|
|
{
|
|
|
|
cd "$WHONIX_DIR/packages/anon-meta-packages"
|
|
|
|
cd "${WHONIX_DIR}/packages/anon-meta-packages";
|
|
|
|
:
|
|
|
|
:
|
|
|
|
#sudo -E -u $(logname) make deb-pkg || :
|
|
|
|
#sudo -E -u $(logname) make deb-pkg || :
|
|
|
|
#su $(logname) -c "dpkg-source --commit" || :
|
|
|
|
#su $(logname) -c "dpkg-source --commit" || :
|
|
|
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
}
|
|
|
|
}
|
|
|
|
popd
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
|
|
|
|
pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
|
|
|
|
{
|
|
|
|
{
|
|
|
|
search1="update-grub"
|
|
|
|
search1="update-grub";
|
|
|
|
replace=":"
|
|
|
|
replace=":";
|
|
|
|
|
|
|
|
|
|
|
|
#checkout_branch qubes
|
|
|
|
#checkout_branch qubes
|
|
|
|
search_replace "$search1" "$replace" 85_update_grub && \
|
|
|
|
search_replace "$search1" "$replace" 85_update_grub && \
|
|
|
|
{
|
|
|
|
{
|
|
|
|
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub"
|
|
|
|
cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
|
|
|
|
sudo -E -u $(logname) make deb-pkg || :
|
|
|
|
sudo -E -u $(logname) make deb-pkg || :
|
|
|
|
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub"
|
|
|
|
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
|
|
|
|
#git add .
|
|
|
|
#git add . ;
|
|
|
|
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
|
|
|
|
#su $(logname) -c "git commit -am 'removed grub-pc depend'"
|
|
|
|
} || :
|
|
|
|
} || :
|
|
|
|
}
|
|
|
|
}
|
|
|
|
popd
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
pushd "$WHONIX_DIR/build-steps.d"
|
|
|
|
pushd "${WHONIX_DIR}/build-steps.d"
|
|
|
|
{
|
|
|
|
{
|
|
|
|
search1=" check_for_uncommited_changes"
|
|
|
|
search1=" check_for_uncommited_changes";
|
|
|
|
replace=" #check_for_uncommited_changes"
|
|
|
|
replace=" #check_for_uncommited_changes";
|
|
|
|
|
|
|
|
|
|
|
|
search_replace "$search1" "$replace" 1200_create-debian-packages || :
|
|
|
|
search_replace "$search1" "$replace" 1200_create-debian-packages || :
|
|
|
|
}
|
|
|
|
}
|
|
|
@ -264,60 +217,53 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# Whonix system config dependancies
|
|
|
|
# Whonix system config dependancies
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
|
|
|
|
|
|
|
|
#cannot stat `/boot/grub/grub.cfg': No such file or directory
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Qubes needs a user named 'user'
|
|
|
|
# Qubes needs a user named 'user'
|
|
|
|
debug "Whonix Add user"
|
|
|
|
debug "Whonix Add user"
|
|
|
|
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \
|
|
|
|
chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
|
|
|
|
{
|
|
|
|
{
|
|
|
|
chroot "$INSTALLDIR" groupadd -f user
|
|
|
|
chroot "${INSTALLDIR}" groupadd -f user
|
|
|
|
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
|
|
|
chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
# Change hostname to 'host'
|
|
|
|
# Pin grub packages so they will not install
|
|
|
|
#debug "Whonix change host"
|
|
|
|
echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
|
|
|
|
#echo "host" > "$INSTALLDIR/etc/hostname"
|
|
|
|
chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
|
|
|
|
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then
|
|
|
|
# Install Whonix fix script
|
|
|
|
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes"
|
|
|
|
echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
|
|
|
|
#fi
|
|
|
|
chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install Whonix build scripts
|
|
|
|
|
|
|
|
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
|
|
|
|
|
|
|
|
chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Copy over any extra files
|
|
|
|
# Copy over any extra files
|
|
|
|
# XXX: Moved to 02_install_groups_packages_installed.sh
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
copyTree "files"
|
|
|
|
copyTree "files"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
touch "${INSTALLDIR}/tmp/.whonix_prepared"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
# Install Whonix
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
|
|
|
|
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
|
|
|
|
|
|
|
|
info "Installing Whonix system"
|
|
|
|
|
|
|
|
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# Install Whonix system
|
|
|
|
# Install Whonix code base
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
# --------------------------------------------------------------------------
|
|
|
|
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then
|
|
|
|
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
|
|
|
|
debug "Installing Whonix build environment..."
|
|
|
|
debug "Installing Whonix build environment..."
|
|
|
|
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix'
|
|
|
|
chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then
|
|
|
|
if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
|
|
|
|
debug "Building Whonix..."
|
|
|
|
debug "Building Whonix..."
|
|
|
|
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix"
|
|
|
|
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
|
|
|
|
|
|
|
|
fi
|
|
|
|
# XXX: Does this break Whonix build?
|
|
|
|
|
|
|
|
# Install apt-get preferences
|
|
|
|
|
|
|
|
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
|
|
|
|
|
|
|
|
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Pin grub packages so they will not install
|
|
|
|
|
|
|
|
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
|
|
|
|
|
|
|
|
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install Whonix fix script
|
|
|
|
|
|
|
|
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
|
|
|
|
|
|
|
|
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Install Whonix build scripts
|
|
|
|
|
|
|
|
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
|
|
|
|
|
|
|
|
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
|
|
|
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
|
|
|
BUILD_TYPE="--torgateway"
|
|
|
|
BUILD_TYPE="--torgateway"
|
|
|
@ -330,46 +276,93 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
|
|
|
|
exit 1
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; }
|
|
|
|
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
|
|
|
|
else
|
|
|
|
|
|
|
|
error "chroot /home/user/Whonix directory does not exist... exiting!"
|
|
|
|
touch "${INSTALLDIR}/tmp/.whonix_installed"
|
|
|
|
exit
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Execute any template flavor or sub flavor scripts
|
|
|
|
# Whonix Post Installation Configurations
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
buildStep "99_custom_configuration.sh"
|
|
|
|
if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
|
|
|
|
|
|
|
|
info "Post Configuring Whonix System"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pushd "${INSTALLDIR}/etc/network"
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
rm -f interfaces;
|
|
|
|
|
|
|
|
ln -s interfaces.backup interfaces;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
pushd "${INSTALLDIR}/etc"
|
|
|
|
|
|
|
|
{
|
|
|
|
|
|
|
|
rm -f resolv.conf;
|
|
|
|
|
|
|
|
cp -p resolv.conf.backup resolv.conf;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Enable Tor
|
|
|
|
|
|
|
|
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
|
|
|
|
|
|
|
|
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Fake that whonixsetup was already run
|
|
|
|
|
|
|
|
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
|
|
|
|
|
|
|
|
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Fake that initializer was already run
|
|
|
|
|
|
|
|
mkdir -p "${INSTALLDIR}/root/.whonix"
|
|
|
|
|
|
|
|
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Prevent whonixcheck error
|
|
|
|
|
|
|
|
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Disable unwanted applications
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
|
|
|
|
|
|
|
|
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Remove apt-cacher-ng
|
|
|
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
|
|
|
|
|
|
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# Remove original sources.list
|
|
|
|
|
|
|
|
rm -f "${INSTALLDIR}/etc/apt/sources.list"
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
|
|
|
|
|
|
|
|
chroot ${INSTALLDIR} apt-get.anondist-orig update
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
touch "${INSTALLDIR}/tmp/.whonix_post"
|
|
|
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
|
|
# XXX: Why do I need to move them out of the way? Lets try keeping them
|
|
|
|
|
|
|
|
# in place (modify post script too)
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Move Whonix sources out of way
|
|
|
|
# Execute any template flavor or sub flavor scripts
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
|
|
|
|
buildStep "99_custom_configuration.sh"
|
|
|
|
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
|
|
|
|
|
|
|
|
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
|
|
|
|
|
|
|
|
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
|
|
|
|
|
|
|
|
#fi
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Bring back original apt-get for installation of Qubues
|
|
|
|
# Bring back original apt-get for installation of Qubues
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then
|
|
|
|
pushd "${INSTALLDIR}/usr/bin"
|
|
|
|
rm "$INSTALLDIR/usr/bin/apt-get"
|
|
|
|
{
|
|
|
|
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get"
|
|
|
|
rm -f apt-get;
|
|
|
|
fi
|
|
|
|
cp -p apt-get.anondist-orig apt-get;
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
popd
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Make sure the temporary policy-rc.d to prevent apt from starting services
|
|
|
|
# Make sure the temporary policy-rc.d to prevent apt from starting services
|
|
|
|
# on package installation is still active; Whonix may have reset it
|
|
|
|
# on package installation is still active; Whonix may have reset it
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
|
|
|
|
cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
|
|
|
|
#!/bin/sh
|
|
|
|
#!/bin/sh
|
|
|
|
return 101 # Action forbidden by policy
|
|
|
|
return 101 # Action forbidden by policy
|
|
|
|
EOF
|
|
|
|
EOF
|
|
|
|
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
|
|
|
|
chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
|
|
|
|
|
|
|
|
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# Leave cleanup to calling function
|
|
|
|
# Leave cleanup to calling function
|
|
|
|