Code cleanup - whonix* not tested

This commit is contained in:
Jason Mehring 2014-10-28 04:09:55 -04:00
parent fd7bc22a16
commit c238716d6a
18 changed files with 357 additions and 354 deletions

View File

@ -28,7 +28,7 @@ colors() {
export blink=$( tput blink || tput mb ) # Start blinking export blink=$( tput blink || tput mb ) # Start blinking
export italic=$( tput sitm || tput ZH ) # Start italic export italic=$( tput sitm || tput ZH ) # Start italic
export eitalic=$( tput ritm || tput ZR ) # End italic export eitalic=$( tput ritm || tput ZR ) # End italic
[[ $TERM != *-m ]] && { [[ ${TERM} != *-m ]] && {
export red=$( tput setaf 1|| tput AF 1 ) export red=$( tput setaf 1|| tput AF 1 )
export green=$( tput setaf 2|| tput AF 2 ) export green=$( tput setaf 2|| tput AF 2 )
export yellow=$( tput setaf 3|| tput AF 3 ) export yellow=$( tput setaf 3|| tput AF 3 )
@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
colors colors
fi fi
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() { chroot() {
local retval local retval
true ${blue} true ${blue}
@ -73,19 +73,19 @@ fi
# Display messages in color # Display messages in color
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
info() { info() {
[[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
} }
debug() { debug() {
[[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
} }
warn() { warn() {
[[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
} }
error() { error() {
[[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -278,7 +278,7 @@ buildStepExec() {
script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")" script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
if [ -f "${script}" ]; then if [ -f "${script}" ]; then
[[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}" [[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
# Execute $script # Execute $script
"${script}" "${script}"
@ -372,7 +372,7 @@ buildStep() {
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR # Copy extra file tree to ${INSTALLDIR}
# TODO: Allow copy per step (04_install_qubes.sh-files) # TODO: Allow copy per step (04_install_qubes.sh-files)
# #
# To set file permissions is a PITA since git won't save them and will # To set file permissions is a PITA since git won't save them and will
@ -385,7 +385,7 @@ buildStep() {
# 5. Manually create facl backup used after copying: getfacl -R . > .facl # 5. Manually create facl backup used after copying: getfacl -R . > .facl
# 6. If git complains; reset file ownership back to user. The .facl file stored # 6. If git complains; reset file ownership back to user. The .facl file stored
# the file permissions and will be used to reset the file permissions after # the file permissions and will be used to reset the file permissions after
# they get copied over to $INSTALLDIR # they get copied over to ${INSTALLDIR}
# NOTE: Don't forget to redo this process if you add -OR- remove files # NOTE: Don't forget to redo this process if you add -OR- remove files
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
copyTree() { copyTree() {

View File

@ -4,19 +4,19 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
fi fi
INSTALLDIR="$(readlink -m mnt)" INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
@ -26,17 +26,17 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete... # Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Determine if $IMG should be reused or deleted..." debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "$IMG" ]; then if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist # Assume a failed debootstrap installation if .prepare_debootstrap does not exist
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting $IMG" warn "Last build failed. Deleting ${IMG}"
rm -f "$IMG" rm -f "${IMG}"
fi fi
# Umount image; don't fail if its already umounted # Umount image; don't fail if its already umounted
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,13 +23,13 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install base debian system # Install base debian system
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system" debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \ --components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; } "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "$INSTALLDIR" chmod 0666 "/dev/null" chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "$INSTALLDIR/tmp/.prepared_debootstrap" touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,30 +19,30 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue # If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting" error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount system mount points # Mount system mount points
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
buildStep "$0" "pre" buildStep "$0" "pre"
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup function # Cleanup function
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
function cleanup() { function cleanup() {
error "Install groups error and umount" error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
} }
trap cleanup ERR trap cleanup ERR
@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# Set up a temporary policy-rc.d to prevent apt from starting services # Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation # on package installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d" chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022) # Ensure umask set in /etc/login.defs is used (022)
@ -68,30 +68,30 @@ EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Adding debian-security repository." debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main" source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Upgrade system # Upgrade system
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Upgrading system" debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update chroot "${INSTALLDIR}" apt-get update
true "${stout}" true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configure keyboard # Configure keyboard
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Setting keyboard layout" debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US) keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US) keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
@ -102,20 +102,20 @@ keyboard-configuration keyboard-configuration/optionscode string
EOF EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install extra packages in script_$DEBIANVERSION/packages.list file # Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories # -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}" getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!" error "Can not locate a package.list file!"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
fi fi
for package_list in "${packages_list[@]}"; do for package_list in "${packages_list[@]}"; do
debug "Installing extra packages from: ${package_list}" debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list" xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
done done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -132,51 +132,51 @@ EOF
# For jessie and newer, sysvinit is provided by sysvinit-core which # For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package. # is not an essential package.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Installing systemd for debian ($DEBIANVERSION)" debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "$DEBIANVERSION" == "wheezy" ]; then if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
else else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
fi fi
# Prevent sysvinit from being re-installed # Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation" debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed # Pin sysvinit to prevent being re-installed
cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit Package: sysvinit
Pin: version * Pin: version *
Pin-Priority: -100 Pin-Priority: -100
EOF EOF
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
chroot "$INSTALLDIR" apt-get update chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3) # Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
#chroot "$INSTALLDIR" systemctl set-default multi-user.target #chroot "${INSTALLDIR}" systemctl set-default multi-user.target
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy # Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository." debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main" source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
chroot $INSTALLDIR apt-get update chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -184,15 +184,15 @@ EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the # Remove temporary policy layer so services can start normally in the
# deployed template. # deployed template.
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "$INSTALLDIR/tmp/.prepared_groups" touch "${INSTALLDIR}/tmp/.prepared_groups"
trap - ERR EXIT trap - ERR EXIT
trap trap
# Kill all processes and umount all mounts within $INSTALLDIR, # Kill all processes and umount all mounts within ${INSTALLDIR},
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself) # umounted itself)
umount_kill "$INSTALLDIR/" || : umount_kill "${INSTALLDIR}/" || :
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,7 +19,7 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue # If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting" error "prepared_groups installataion has not completed!... Exiting"
exit 1 exit 1
fi fi
@ -27,7 +27,7 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount system mount points # Mount system mount points
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
@ -37,32 +37,32 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install Qubes Packages # Install Qubes Packages
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules" debug "Installing qbues modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services # Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation # on package installation
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Generate locales # Generate locales
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Generate locales" debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen" echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "$INSTALLDIR" locale-gen chroot "${INSTALLDIR}" locale-gen
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8 chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Update /etc/fstab # Update /etc/fstab
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Updating template fstab file..." debug "Updating template fstab file..."
cat >> "$INSTALLDIR/etc/fstab" <<EOF cat >> "${INSTALLDIR}/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1 /dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0 /dev/xvdc1 swap swap defaults 0 0
@ -82,106 +82,106 @@ EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Link mtab # Link mtab
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$INSTALLDIR/etc/mtab" rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab" ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Create modules directory # Create modules directory
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/lib/modules" mkdir -p "${INSTALLDIR}/lib/modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Start of Qubes package installation # Start of Qubes package installation
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Installing qubes packages" debug "Installing qubes packages"
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST" export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install keyrings # Install keyrings
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "$CACHEDIR" mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF gpg --gen-key --batch <<EOF
Key-Type: RSA Key-Type: RSA
Key-Length: 1024 Key-Length: 1024
Key-Usage: sign Key-Usage: sign
Name-Real: Qubes builder Name-Real: Qubes builder
Expire-Date: 0 Expire-Date: 0
%pubring $CACHEDIR/repo-pubring.gpg %pubring ${CACHEDIR}/repo-pubring.gpg
%secring $CACHEDIR/repo-secring.gpg %secring ${CACHEDIR}/repo-secring.gpg
%commit %commit
EOF EOF
fi fi
gpg -abs --no-default-keyring \ gpg -abs --no-default-keyring \
--secret-keyring "$CACHEDIR/repo-secring.gpg" \ --secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "$CACHEDIR/repo-pubring.gpg" \ --keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "$CUSTOMREPO/dists/$DIST/Release.gpg" \ -o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"$CUSTOMREPO/dists/$DIST/Release" "${CUSTOMREPO}/dists/${DIST}/Release"
cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg" cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Mount local qubes_repo # Mount local qubes_repo
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/tmp/qubes_repo" mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo" mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Include qubes repo for apt # Include qubes repo for apt
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo $DEBIANVERSION main deb file:/tmp/qubes_repo ${DEBIANVERSION} main
EOF EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Update system; exit is not successful # Update system; exit is not successful
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; } chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Qubes packages # Install Qubes packages
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \ chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
{ umount_kill "$INSTALLDIR"; exit 1; } { umount_kill "${INSTALLDIR}"; exit 1; }
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove Quebes repo from sources.list.d # Remove Quebes repo from sources.list.d
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
umount_kill "$INSTALLDIR/tmp/qubes_repo" umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
chroot "$INSTALLDIR" apt-get update || exit 1 chroot "${INSTALLDIR}" apt-get update || exit 1
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the # Remove temporary policy layer so services can start normally in the
# deployed template. # deployed template.
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d" rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Qubes needs a user named 'user' # Qubes needs a user named 'user'
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
: :
else else
chroot "$INSTALLDIR" groupadd -f user chroot "${INSTALLDIR}" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
fi fi
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Modules setup # Modules setup
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "xen_netfront" >> "$INSTALLDIR/etc/modules" echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove `mesg` from root/.profile? # Remove `mesg` from root/.profile?
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile" sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Need a xen log directory or xen scripts will fail # Need a xen log directory or xen scripts will fail
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p -m 0700 "$INSTALLDIR/var/log/xen" mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains: # Copy extra files to installation directory. Contains:
@ -195,6 +195,8 @@ EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist" expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts" mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -203,8 +205,8 @@ fi
buildStep "$0" "post" buildStep "$0" "post"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Kill all processes and umount all mounts within $INSTALLDIR, but not # Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself) # ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
umount_kill "$INSTALLDIR/" || : umount_kill "${INSTALLDIR}/" || :

View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,9 +23,9 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup any left over files from installation # Cleanup any left over files from installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
rm -rf "INSTALLDIR/var/cache/apt/archives/*" rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg" rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# XXX: Whats this for? # XXX: Whats this for?
rm -rf buildchroot rm -rf buildchroot

View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,4 +23,4 @@ fi
# Disable gnome network-manager since it will prevent networking # Disable gnome network-manager since it will prevent networking
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Disabling gnome network-manager" debug "Disabling gnome network-manager"
chroot "$INSTALLDIR" systemctl disable network-manager chroot "${INSTALLDIR}" systemctl disable network-manager

View File

@ -8,7 +8,7 @@
# The codename of the debian version to install. # The codename of the debian version to install.
# jessie = testing, wheezy = stable # jessie = testing, wheezy = stable
DEBIANVERSION=$DIST DEBIANVERSION=${DIST}
# Location to grab debian packages # Location to grab debian packages
#DEBIAN_MIRROR=http://http.debian.net/debian #DEBIAN_MIRROR=http://http.debian.net/debian
@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
# XXX: Is this even used? # XXX: Is this even used?
# make runs the scripts with sudo -E, so HOME is set to /home/user during # make runs the scripts with sudo -E, so HOME is set to /home/user during
# build, which does not exist. We need to write to $HOME/.gnupg so set it # build, which does not exist. We need to write to ${HOME}/.gnupg so set it
# to something valid. # to something valid.
HOME=/root HOME=/root

View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,10 +19,10 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace # whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Custom Configurations # Install Custom Configurations
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi fi

View File

@ -24,9 +24,9 @@ FILES=(
# sed search and replace. return 0 if replace happened, otherwise 1 # sed search and replace. return 0 if replace happened, otherwise 1
search_replace() { search_replace() {
local search="$1" local search="${1}"
local replace="$2" local replace="${2}"
local file="$3" local file="${3}"
local retval=1 local retval=1
if ! [ -L "${file}" ]; then if ! [ -L "${file}" ]; then
@ -55,8 +55,8 @@ function replace_ips()
local restart_tor=0 local restart_tor=0
# If IP is 10.152.152.10, network is 10.152.152.0 # If IP is 10.152.152.10, network is 10.152.152.0
replace_network="${replace_ip%.*}.0" search_network="${search_ip%[.]*}.0"
search_network="${search_ip%.*}.0" replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" == "${replace_ip}" ]; then if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do for file in "${files[@]}"; do
@ -68,7 +68,10 @@ function replace_ips()
if [ "${restart_tor}" == "1" ]; then if [ "${restart_tor}" == "1" ]; then
echo "${replace_ip}" > /etc/whonix-netvm-gateway echo "${replace_ip}" > /etc/whonix-netvm-gateway
service tor restart grep "^DisableNetwork 0$" /etc/tor/torrc && {
service tor reload || true;
#sleep 1;
}
fi fi
fi fi
} }

View File

@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
else else
XENSTORE_READ="/usr/bin/xenstore-read" XENSTORE_READ="/usr/bin/xenstore-read"
fi fi
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
INTERFACE="eth1" INTERFACE="eth1"
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Create a dummy eth1 interface so tor can bind to it if there # Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment # are no DOMU virtual machines connected at the moment
@ -100,3 +100,22 @@ export INT_TIF="vif+"
# Route any traffic FROM netvm TO netvm BACK-TO localhost # Route any traffic FROM netvm TO netvm BACK-TO localhost
# Allows localhost access to tor network # Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
enable() {
servicename=${1}
grep "^DisableNetwork 0$" /etc/tor/torrc && {
# Check to see if the service is already enabled and if not, enable it
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
echo "${1} is currently disabled; enabling it"
systemctl --quiet enable ${servicename}
fi
}
}
#enable tor
#enable whonixcheck
#enable sdwdate

View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,12 +19,12 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace # whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Custom Configurations # Install Custom Configurations
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip" echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi fi

View File

@ -16,20 +16,20 @@
# Return if SNAPSHOT is not "1" # Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set # This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0 exit 0
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
manage_snapshot() { manage_snapshot() {
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Remove old snapshots if whonix completed # Remove old snapshots if whonix completed
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
warn "Removing stale snapshots" warn "Removing stale snapshots"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
rm -rf "$debootstrap_snapshot" rm -rf "$debootstrap_snapshot"
rm -rf "$updated_snapshot" rm -rf "$updated_snapshot"
return return
fi fi
warn "Copying $1 to $IMG" warn "Copying $1 to ${IMG}"
mount -o loop "$1" "$INSTALLDIR" || exit 1 mount -o loop "$1" "${INSTALLDIR}" || exit 1
rm -f "$INSTALLDIR/tmp/.prepared_groups" rm -f "${INSTALLDIR}/tmp/.prepared_groups"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
cp -f "$1" "$IMG" cp -f "$1" "${IMG}"
} }
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"

View File

@ -5,20 +5,20 @@
# Return if SNAPSHOT is not "1" # Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set # This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0 exit 0
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -27,12 +27,12 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Create a snapshot of the already debootstraped image # Create a snapshot of the already debootstraped image
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
warn "Copying $IMG to $PREPARED_IMG" warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "$IMG" "$PREPARED_IMG" cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
fi fi

View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -20,16 +20,16 @@ fi
# XXX: Create a snapshot - Only for DEBUGGING! # XXX: Create a snapshot - Only for DEBUGGING!
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Only execute if SNAPSHOT is set # Only execute if SNAPSHOT is set
if [ "$SNAPSHOT" == "1" ]; then if [ "${SNAPSHOT}" == "1" ]; then
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
warn "Copying $IMG to $PREPARED_IMG" warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "$IMG" "$PREPARED_IMG" cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
fi fi
fi fi
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
--minimal-report \ --minimal-report \
--skip-sanity-tests || { exit 1; } --skip-sanity-tests || { exit 1; }
popd popd
################################################################################
# Post Fixups
set -e
pushd /etc/network
sudo rm -f interfaces
sudo ln -s interfaces.backup interfaces
popd
pushd /etc
sudo rm -f resolv.conf
sudo cp -p resolv.conf.backup resolv.conf
popd
# Enable Tor
if [ "${1}" == "--torgateway" ]; then
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
fi
# Fake that whonixsetup was already run
sudo mkdir -p /var/lib/whonix/do_once
sudo touch /var/lib/whonix/do_once/whonixsetup.done
# Fake that initializer was already run
sudo mkdir -p /root/.whonix
sudo touch /root/.whonix/first_run_initializer.done
# Prevent whonixcheck error
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
sudo update-rc.d network-manager disable
sudo update-rc.d spice-vdagent disable
sudo update-rc.d swap-file-creator disable
sudo update-rc.d whonix-initializer disable
# Remove original sources.list
sudo rm -f /etc/apt/sources.list
sudo apt-get.anondist-orig update
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
sudo touch "/tmp/.prepared_whonix"
EOF EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -164,8 +117,8 @@ EOF
# Cleanup function # Cleanup function
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
function cleanup() { function cleanup() {
error "Whonix error; umounting $INSTALLDIR to prevent further writes" error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
} }
trap cleanup ERR trap cleanup ERR
@ -174,15 +127,15 @@ trap cleanup EXIT
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation # Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
info "Installing Whonix system" info "Preparing Whonix system"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Initialize Whonix submodules # Initialize Whonix submodules
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
pushd "$WHONIX_DIR" pushd "${WHONIX_DIR}"
{ {
su $(logname) -c "git submodule update --init --recursive" su $(logname) -c "git submodule update --init --recursive";
} }
popd popd
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
} }
# Patch anon-meta-packages to not depend on grub-pc # Patch anon-meta-packages to not depend on grub-pc
pushd "$WHONIX_DIR" pushd "${WHONIX_DIR}"
{ {
search_replace "grub-pc" "" "grml_packages" || : search_replace "grub-pc" "" "grml_packages" || :
} }
popd popd
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian" pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{ {
search1=" grub-pc," search1=" grub-pc,";
replace="" replace="";
#checkout_branch qubes #checkout_branch qubes
search_replace "$search1" "$replace" control && \ search_replace "$search1" "$replace" control && \
{ {
cd "$WHONIX_DIR/packages/anon-meta-packages" cd "${WHONIX_DIR}/packages/anon-meta-packages";
: :
#sudo -E -u $(logname) make deb-pkg || : #sudo -E -u $(logname) make deb-pkg || :
#su $(logname) -c "dpkg-source --commit" || : #su $(logname) -c "dpkg-source --commit" || :
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
} }
popd popd
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d" pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{ {
search1="update-grub" search1="update-grub";
replace=":" replace=":";
#checkout_branch qubes #checkout_branch qubes
search_replace "$search1" "$replace" 85_update_grub && \ search_replace "$search1" "$replace" 85_update_grub && \
{ {
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub" cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u $(logname) make deb-pkg || : sudo -E -u $(logname) make deb-pkg || :
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub" su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . #git add . ;
#su $(logname) -c "git commit -am 'removed grub-pc depend'" #su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || : } || :
} }
popd popd
pushd "$WHONIX_DIR/build-steps.d" pushd "${WHONIX_DIR}/build-steps.d"
{ {
search1=" check_for_uncommited_changes" search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes" replace=" #check_for_uncommited_changes";
search_replace "$search1" "$replace" 1200_create-debian-packages || : search_replace "$search1" "$replace" 1200_create-debian-packages || :
} }
@ -264,60 +217,53 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Whonix system config dependancies # Whonix system config dependancies
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
#cannot stat `/boot/grub/grub.cfg': No such file or directory
# Qubes needs a user named 'user' # Qubes needs a user named 'user'
debug "Whonix Add user" debug "Whonix Add user"
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \ chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
{ {
chroot "$INSTALLDIR" groupadd -f user chroot "${INSTALLDIR}" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
} }
# Change hostname to 'host' # Pin grub packages so they will not install
#debug "Whonix change host" echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
#echo "host" > "$INSTALLDIR/etc/hostname" chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then # Install Whonix fix script
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes" echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
#fi chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
# Install Whonix build scripts
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Copy over any extra files # Copy over any extra files
# XXX: Moved to 02_install_groups_packages_installed.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
copyTree "files" copyTree "files"
touch "${INSTALLDIR}/tmp/.whonix_prepared"
fi
# ------------------------------------------------------------------------------
# Install Whonix
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
info "Installing Whonix system"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Whonix system # Install Whonix code base
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Installing Whonix build environment..." debug "Installing Whonix build environment..."
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix' chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
fi fi
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Building Whonix..." debug "Building Whonix..."
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix" mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
fi
# XXX: Does this break Whonix build?
# Install apt-get preferences
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
# Pin grub packages so they will not install
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
# Install Whonix build scripts
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway" BUILD_TYPE="--torgateway"
@ -330,11 +276,67 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
exit 1 exit 1
fi fi
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; } chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
else
error "chroot /home/user/Whonix directory does not exist... exiting!" touch "${INSTALLDIR}/tmp/.whonix_installed"
exit fi
# ------------------------------------------------------------------------------
# Whonix Post Installation Configurations
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
info "Post Configuring Whonix System"
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
# Enable Tor
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
fi fi
# Fake that whonixsetup was already run
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix"
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
# Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
# Disable unwanted applications
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
# Remove original sources.list
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig update
touch "${INSTALLDIR}/tmp/.whonix_post"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -342,34 +344,25 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
buildStep "99_custom_configuration.sh" buildStep "99_custom_configuration.sh"
# XXX: Why do I need to move them out of the way? Lets try keeping them
# in place (modify post script too)
# ------------------------------------------------------------------------------
# Move Whonix sources out of way
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Bring back original apt-get for installation of Qubues # Bring back original apt-get for installation of Qubues
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then pushd "${INSTALLDIR}/usr/bin"
rm "$INSTALLDIR/usr/bin/apt-get" {
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get" rm -f apt-get;
fi cp -p apt-get.anondist-orig apt-get;
}
popd
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Make sure the temporary policy-rc.d to prevent apt from starting services # Make sure the temporary policy-rc.d to prevent apt from starting services
# on package installation is still active; Whonix may have reset it # on package installation is still active; Whonix may have reset it
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d" chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Leave cleanup to calling function # Leave cleanup to calling function

View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -22,41 +22,27 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Restore Whonix apt-get # Restore Whonix apt-get
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then pushd "${INSTALLDIR}/usr/bin"
rm "$INSTALLDIR/usr/bin/apt-get" {
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist apt-get" rm -f apt-get;
fi cp -p apt-get.anondist apt-get;
}
# ------------------------------------------------------------------------------ popd
# Restore Whonix sources
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# rm -rf "$INSTALLDIR/etc/apt/sources.list.d"
# mv "$INSTALLDIR/etc/apt/sources.list.d.qubes" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Restore whonix resolv.conf # Restore whonix resolv.conf
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
pushd "$INSTALLDIR/etc" pushd "${INSTALLDIR}/etc"
{ {
rm -f resolv.conf rm -f resolv.conf;
cp -p resolv.conf.anondist resolv.conf cp -p resolv.conf.anondist resolv.conf;
} }
popd popd
# --------------------------------------------------------------------------
# Copy over any extra files that may be needed that are located in
# --------------------------------------------------------------------------
debug "Copy extra Qubes related files..."
copyTree "extra-qubes-files"
touch "$INSTALLDIR/tmp/.prepared_qubes"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup Whonix Installation # Cleanup Whonix Installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
rm -rf "$INSTALLDIR"/home/user/Whonix rm -rf "${INSTALLDIR}"/home/user/Whonix
rm -rf "$INSTALLDIR"/home/user/whonix_binary rm -rf "${INSTALLDIR}"/home/user/whonix_binary
rm -f "$INSTALLDIR"/home/user/whonix_fix rm -f "${INSTALLDIR}"/home/user/whonix_fix
rm -f "$INSTALLDIR"/home/user/whonix_build rm -f "${INSTALLDIR}"/home/user/whonix_build

View File

@ -45,7 +45,7 @@ declare -A VALUES=(
) )
values() { values() {
[[ -z $TEST ]] && { [[ -z ${TEST} ]] && {
label=${1} label=${1}
value="${1}[@]" value="${1}[@]"
value="${!value}" value="${!value}"
@ -61,11 +61,11 @@ values() {
} }
info() { info() {
[[ -z $TEST ]] && echo "${bold}${blue}${1}${reset}" || : [[ -z ${TEST} ]] && echo "${bold}${blue}${1}${reset}" || :
} }
debug() { debug() {
[[ -z $TEST ]] && echo -e "${magenta}${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${magenta}${1}${reset}" || :
} }
assertTest(){ assertTest(){
@ -264,7 +264,7 @@ assertEnd
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# 10. Template directory for options within $SCRIPTSDIR using short name filter # 10. Template directory for options within ${SCRIPTSDIR} using short name filter
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
SCRIPTSDIR="tests/template-flavors" SCRIPTSDIR="tests/template-flavors"
DIST="wheezy" DIST="wheezy"
@ -275,7 +275,7 @@ TEMPLATE_FLAVOR_DIR="wheezy+proxy:${SCRIPTSDIR}/proxy"
TEMPLATE_OPTIONS=('proxy') TEMPLATE_OPTIONS=('proxy')
header <<EOF header <<EOF
10. Template directory for options within $SCRIPTSDIR using short name filter 10. Template directory for options within ${SCRIPTSDIR} using short name filter
EOF EOF
buildStep "$0" "pre" buildStep "$0" "pre"
assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh" assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh"
@ -455,12 +455,12 @@ header <<EOF
Just test copying from here to ${INSTALLDIR} Just test copying from here to ${INSTALLDIR}
INSTALLDIR="${SCRIPTSDIR}/test_copy_location" INSTALLDIR="${SCRIPTSDIR}/test_copy_location"
EOF EOF
rm -f "$INSTALLDIR"/test1 rm -f "${INSTALLDIR}"/test1
rm -f "$INSTALLDIR"/test2 rm -f "${INSTALLDIR}"/test2
rm -f "$INSTALLDIR"/test3 rm -f "${INSTALLDIR}"/test3
copyTree "files" copyTree "files"
ls -l "$INSTALLDIR" ls -l "${INSTALLDIR}"
assertTest "ls $INSTALLDIR" "test1\ntest2\ntest3" assertTest "ls ${INSTALLDIR}" "test1\ntest2\ntest3"
assertEnd assertEnd

View File

@ -31,16 +31,16 @@ umount_kill() {
MOUNTDIR="$1" MOUNTDIR="$1"
# We need absolute paths here so we don't kill everything # We need absolute paths here so we don't kill everything
if ! [[ "$MOUNTDIR" = /* ]]; then if ! [[ "${MOUNTDIR}" = /* ]]; then
MOUNTDIR="${PWD}/${MOUNTDIR}" MOUNTDIR="${PWD}/${MOUNTDIR}"
fi fi
# Strip any extra trailing slashes ('/') from path if they exist # Strip any extra trailing slashes ('/') from path if they exist
# since we are doing an exact string match on the path # since we are doing an exact string match on the path
MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g) MOUNTDIR=$(echo "${MOUNTDIR}" | sed s#//*#/#g)
warn "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting" warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting"
for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR") for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}")
do do
sudo lsof "$dir" 2> /dev/null | \ sudo lsof "$dir" 2> /dev/null | \
grep "$dir" | \ grep "$dir" | \