QubesOS
/
qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Code cleanup - whonix* not tested

Browse Source
pull/1/head
Jason Mehring 10 years ago
parent fd7bc22a16
commit c238716d6a
18 changed files with 354 additions and 351 deletions
Show Stats Download Patch File Download Diff File

18
functions.sh
Unescape View File

@ -28,7 +28,7 @@ colors() {
export blink=$( tput blink || tput mb ) # Start blinking export blink=$( tput blink || tput mb ) # Start blinking
export italic=$( tput sitm || tput ZH ) # Start italic export italic=$( tput sitm || tput ZH ) # Start italic
export eitalic=$( tput ritm || tput ZR ) # End italic export eitalic=$( tput ritm || tput ZR ) # End italic
[[ $TERM != *-m ]] && { [[ ${TERM} != *-m ]] && {
export red=$( tput setaf 1|| tput AF 1 ) export red=$( tput setaf 1|| tput AF 1 )
export green=$( tput setaf 2|| tput AF 2 ) export green=$( tput setaf 2|| tput AF 2 )
export yellow=$( tput setaf 3|| tput AF 3 ) export yellow=$( tput setaf 3|| tput AF 3 )
@ -58,7 +58,7 @@ if [ ! "$build_already_defined_colors" = "true" ]; then
colors colors
fi fi
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
chroot() { chroot() {
local retval local retval
true ${blue} true ${blue}
@ -73,19 +73,19 @@ fi
# Display messages in color # Display messages in color
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
info() { info() {
[[ -z $TEST ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${blue}INFO: ${1}${reset}" || :
} }
debug() { debug() {
[[ -z $TEST ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${green}DEBUG: ${1}${reset}" || :
} }
warn() { warn() {
[[ -z $TEST ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${stout}${yellow}WARNING: ${1}${reset}" || :
} }
error() { error() {
[[ -z $TEST ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${bold}${red}ERROR: ${1}${reset}" || :
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -278,7 +278,7 @@ buildStepExec() {
script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")" script="$(templateFile "${filename}" "${suffix}" "${template_flavor}")"
if [ -f "${script}" ]; then if [ -f "${script}" ]; then
[[ -n $TEST ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}" [[ -n ${TEST} ]] && echo "${script}" || echo "${bold}${under}INFO: Currently running script: ${script}${reset}"
# Execute $script # Execute $script
"${script}" "${script}"
@ -372,7 +372,7 @@ buildStep() {
} }
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Copy extra file tree to $INSTALLDIR # Copy extra file tree to ${INSTALLDIR}
# TODO: Allow copy per step (04_install_qubes.sh-files) # TODO: Allow copy per step (04_install_qubes.sh-files)
# #
# To set file permissions is a PITA since git won't save them and will # To set file permissions is a PITA since git won't save them and will
@ -385,7 +385,7 @@ buildStep() {
# 5. Manually create facl backup used after copying: getfacl -R . > .facl # 5. Manually create facl backup used after copying: getfacl -R . > .facl
# 6. If git complains; reset file ownership back to user. The .facl file stored # 6. If git complains; reset file ownership back to user. The .facl file stored
# the file permissions and will be used to reset the file permissions after # the file permissions and will be used to reset the file permissions after
# they get copied over to $INSTALLDIR # they get copied over to ${INSTALLDIR}
# NOTE: Don't forget to redo this process if you add -OR- remove files # NOTE: Don't forget to redo this process if you add -OR- remove files
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
copyTree() { copyTree() {

20
scripts_debian/00_prepare.sh
Unescape View File

@ -4,19 +4,19 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
fi fi
INSTALLDIR="$(readlink -m mnt)" INSTALLDIR="$(readlink -m mnt)"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
@ -26,17 +26,17 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Force overwrite of an existing image for now if debootstrap did not seem to complete... # Force overwrite of an existing image for now if debootstrap did not seem to complete...
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Determine if $IMG should be reused or deleted..." debug "Determine if ${IMG} should be reused or deleted..."
if [ -f "$IMG" ]; then if [ -f "${IMG}" ]; then
# Assume a failed debootstrap installation if .prepare_debootstrap does not exist # Assume a failed debootstrap installation if .prepare_debootstrap does not exist
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
warn "Last build failed. Deleting $IMG" warn "Last build failed. Deleting ${IMG}"
rm -f "$IMG" rm -f "${IMG}"
fi fi
# Umount image; don't fail if its already umounted # Umount image; don't fail if its already umounted
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

12
scripts_debian/01_install_core.sh
Unescape View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,13 +23,13 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install base debian system # Install base debian system
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
debug "Installing base ${DEBIANVERSION} system" debug "Installing base ${DEBIANVERSION} system"
COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \ COMPONENTS="" debootstrap --arch=amd64 --include=ncurses-term \
--components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \ --components=main --keyring="${SCRIPTSDIR}/keys/debian-${DEBIANVERSION}-archive-keyring.gpg" \
"$DEBIANVERSION" "$INSTALLDIR" "$DEBIAN_MIRROR" || { error "Debootstrap failed!"; exit 1; } "${DEBIANVERSION}" "${INSTALLDIR}" "${DEBIAN_MIRROR}" || { error "Debootstrap failed!"; exit 1; }
chroot "$INSTALLDIR" chmod 0666 "/dev/null" chroot "${INSTALLDIR}" chmod 0666 "/dev/null"
touch "$INSTALLDIR/tmp/.prepared_debootstrap" touch "${INSTALLDIR}/tmp/.prepared_debootstrap"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

90
scripts_debian/02_install_groups.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,30 +19,30 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue # If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting" error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount system mount points # Mount system mount points
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
buildStep "$0" "pre" buildStep "$0" "pre"
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup function # Cleanup function
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
function cleanup() { function cleanup() {
error "Install groups error and umount" error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
} }
trap cleanup ERR trap cleanup ERR
@ -52,11 +52,11 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# Set up a temporary policy-rc.d to prevent apt from starting services # Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation # on package installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d" chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Ensure umask set in /etc/login.defs is used (022) # Ensure umask set in /etc/login.defs is used (022)
@ -68,30 +68,30 @@ EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Adding debian-security repository." debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main" source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main" source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Upgrade system # Upgrade system
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Upgrading system" debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update chroot "${INSTALLDIR}" apt-get update
true "${stout}" true "${stout}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade chroot "${INSTALLDIR}" apt-get -y --force-yes dist-upgrade
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configure keyboard # Configure keyboard
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Setting keyboard layout" debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF chroot "${INSTALLDIR}" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US) keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US) keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
@ -102,20 +102,20 @@ keyboard-configuration keyboard-configuration/optionscode string
EOF EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install extra packages in script_$DEBIANVERSION/packages.list file # Install extra packages in script_${DEBIANVERSION}/packages.list file
# -and / or- TEMPLATE_FLAVOR directories # -and / or- TEMPLATE_FLAVOR directories
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
getFileLocations packages_list "packages.list" "${DIST}" getFileLocations packages_list "packages.list" "${DIST}"
if [ -z "${packages_list}" ]; then if [ -z "${packages_list}" ]; then
error "Can not locate a package.list file!" error "Can not locate a package.list file!"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
fi fi
for package_list in "${packages_list[@]}"; do for package_list in "${packages_list[@]}"; do
debug "Installing extra packages from: ${package_list}" debug "Installing extra packages from: ${package_list}"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$package_list" xargs chroot ${INSTALLDIR} apt-get -y --force-yes install < "${package_list}"
done done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -132,51 +132,51 @@ EOF
# For jessie and newer, sysvinit is provided by sysvinit-core which # For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package. # is not an essential package.
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Installing systemd for debian ($DEBIANVERSION)" debug "Installing systemd for debian (${DEBIANVERSION})"
if [ "$DEBIANVERSION" == "wheezy" ]; then if [ "${DEBIANVERSION}" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
else else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit chroot "${INSTALLDIR}" apt-get -y --force-yes remove sysvinit
fi fi
# Prevent sysvinit from being re-installed # Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation" debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit chroot "${INSTALLDIR}" apt-mark hold sysvinit
# Pin sysvinit to prevent being re-installed # Pin sysvinit to prevent being re-installed
cat > "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" <<EOF cat > "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit" <<EOF
Package: sysvinit Package: sysvinit
Pin: version * Pin: version *
Pin-Priority: -100 Pin-Priority: -100
EOF EOF
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/qubes_sysvinit" chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/qubes_sysvinit"
chroot "$INSTALLDIR" apt-get update chroot "${INSTALLDIR}" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv chroot "${INSTALLDIR}" apt-get -y --force-yes install systemd-sysv
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3) # Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
#chroot "$INSTALLDIR" systemctl set-default multi-user.target #chroot "${INSTALLDIR}" systemctl set-default multi-user.target
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target chroot "${INSTALLDIR}" rm -f /etc/systemd/system/default.target
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target chroot "${INSTALLDIR}" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy # Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then if [ "${DEBIANVERSION}" == "wheezy" ]; then
debug "Adding wheezy backports repository." debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main" source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then if ! grep -r -q "$source" "${INSTALLDIR}/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list" touch "${INSTALLDIR}/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list" echo "$source" >> "${INSTALLDIR}/etc/apt/sources.list"
fi fi
chroot $INSTALLDIR apt-get update chroot ${INSTALLDIR} apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers chroot ${INSTALLDIR} apt-get -y --force-yes -t wheezy-backports install init-system-helpers
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -184,15 +184,15 @@ EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the # Remove temporary policy layer so services can start normally in the
# deployed template. # deployed template.
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d" rm -f "${INSTALLDIR}/usr/sbin/policy-rc.d"
touch "$INSTALLDIR/tmp/.prepared_groups" touch "${INSTALLDIR}/tmp/.prepared_groups"
trap - ERR EXIT trap - ERR EXIT
trap trap
# Kill all processes and umount all mounts within $INSTALLDIR, # Kill all processes and umount all mounts within ${INSTALLDIR},
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being # but not ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being
# umounted itself) # umounted itself)
umount_kill "$INSTALLDIR/" || : umount_kill "${INSTALLDIR}/" || :
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------

92
scripts_debian/04_install_qubes.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,7 +19,7 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# If .prepared_groups has not been completed, don't continue # If .prepared_groups has not been completed, don't continue
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_groups" ]; then
error "prepared_groups installataion has not completed!... Exiting" error "prepared_groups installataion has not completed!... Exiting"
exit 1 exit 1
fi fi
@ -27,7 +27,7 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount system mount points # Mount system mount points
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor 'pre' scripts # Execute any template flavor or sub flavor 'pre' scripts
@ -37,32 +37,32 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Install Qubes Packages # Install Qubes Packages
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_qubes" ]; then if ! [ -f "${INSTALLDIR}/tmp/.prepared_qubes" ]; then
debug "Installing qbues modules" debug "Installing qbues modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services # Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation # on package installation
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
cat > "$INSTALLCHROOT/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLCHROOT}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 $INSTALLCHROOT/usr/sbin/policy-rc.d chmod 755 ${INSTALLCHROOT}/usr/sbin/policy-rc.d
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Generate locales # Generate locales
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Generate locales" debug "Generate locales"
echo "en_US.UTF-8 UTF-8" >> "$INSTALLDIR/etc/locale.gen" echo "en_US.UTF-8 UTF-8" >> "${INSTALLDIR}/etc/locale.gen"
chroot "$INSTALLDIR" locale-gen chroot "${INSTALLDIR}" locale-gen
chroot "$INSTALLDIR" update-locale LANG=en_US.UTF-8 chroot "${INSTALLDIR}" update-locale LANG=en_US.UTF-8
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Update /etc/fstab # Update /etc/fstab
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Updating template fstab file..." debug "Updating template fstab file..."
cat >> "$INSTALLDIR/etc/fstab" <<EOF cat >> "${INSTALLDIR}/etc/fstab" <<EOF
/dev/mapper/dmroot / ext4 defaults,noatime 1 1 /dev/mapper/dmroot / ext4 defaults,noatime 1 1
/dev/xvdc1 swap swap defaults 0 0 /dev/xvdc1 swap swap defaults 0 0
@ -82,106 +82,106 @@ EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Link mtab # Link mtab
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$INSTALLDIR/etc/mtab" rm -f "${INSTALLDIR}/etc/mtab"
ln -s "../proc/self/mounts" "$INSTALLDIR/etc/mtab" ln -s "../proc/self/mounts" "${INSTALLDIR}/etc/mtab"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Create modules directory # Create modules directory
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/lib/modules" mkdir -p "${INSTALLDIR}/lib/modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Start of Qubes package installation # Start of Qubes package installation
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
debug "Installing qubes packages" debug "Installing qubes packages"
export CUSTOMREPO="$PWD/yum_repo_qubes/$DIST" export CUSTOMREPO="${PWD}/yum_repo_qubes/${DIST}"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install keyrings # Install keyrings
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if ! [ -e "$CACHEDIR/repo-secring.gpg" ]; then if ! [ -e "${CACHEDIR}/repo-secring.gpg" ]; then
mkdir -p "$CACHEDIR" mkdir -p "${CACHEDIR}"
gpg --gen-key --batch <<EOF gpg --gen-key --batch <<EOF
Key-Type: RSA Key-Type: RSA
Key-Length: 1024 Key-Length: 1024
Key-Usage: sign Key-Usage: sign
Name-Real: Qubes builder Name-Real: Qubes builder
Expire-Date: 0 Expire-Date: 0
%pubring $CACHEDIR/repo-pubring.gpg %pubring ${CACHEDIR}/repo-pubring.gpg
%secring $CACHEDIR/repo-secring.gpg %secring ${CACHEDIR}/repo-secring.gpg
%commit %commit
EOF EOF
fi fi
gpg -abs --no-default-keyring \ gpg -abs --no-default-keyring \
--secret-keyring "$CACHEDIR/repo-secring.gpg" \ --secret-keyring "${CACHEDIR}/repo-secring.gpg" \
--keyring "$CACHEDIR/repo-pubring.gpg" \ --keyring "${CACHEDIR}/repo-pubring.gpg" \
-o "$CUSTOMREPO/dists/$DIST/Release.gpg" \ -o "${CUSTOMREPO}/dists/${DIST}/Release.gpg" \
"$CUSTOMREPO/dists/$DIST/Release" "${CUSTOMREPO}/dists/${DIST}/Release"
cp "$CACHEDIR/repo-pubring.gpg" "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg" cp "${CACHEDIR}/repo-pubring.gpg" "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Mount local qubes_repo # Mount local qubes_repo
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p "$INSTALLDIR/tmp/qubes_repo" mkdir -p "${INSTALLDIR}/tmp/qubes_repo"
mount --bind "$CUSTOMREPO" "$INSTALLDIR/tmp/qubes_repo" mount --bind "${CUSTOMREPO}" "${INSTALLDIR}/tmp/qubes_repo"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Include qubes repo for apt # Include qubes repo for apt
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
cat > "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" <<EOF cat > "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list" <<EOF
deb file:/tmp/qubes_repo $DEBIANVERSION main deb file:/tmp/qubes_repo ${DEBIANVERSION} main
EOF EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Update system; exit is not successful # Update system; exit is not successful
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
chroot "$INSTALLDIR" apt-get update || { umount_kill "$INSTALLDIR"; exit 1; } chroot "${INSTALLDIR}" apt-get update || { umount_kill "${INSTALLDIR}"; exit 1; }
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Qubes packages # Install Qubes packages
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \ DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install $(cat $SCRIPTSDIR/packages_qubes.list) || \ chroot "${INSTALLDIR}" apt-get -y --force-yes install $(cat ${SCRIPTSDIR}/packages_qubes.list) || \
{ umount_kill "$INSTALLDIR"; exit 1; } { umount_kill "${INSTALLDIR}"; exit 1; }
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove Quebes repo from sources.list.d # Remove Quebes repo from sources.list.d
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$INSTALLDIR"/etc/apt/sources.list.d/qubes*.list rm -f "${INSTALLDIR}"/etc/apt/sources.list.d/qubes*.list
umount_kill "$INSTALLDIR/tmp/qubes_repo" umount_kill "${INSTALLDIR}/tmp/qubes_repo"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
chroot "$INSTALLDIR" apt-get update || exit 1 chroot "${INSTALLDIR}" apt-get update || exit 1
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the # Remove temporary policy layer so services can start normally in the
# deployed template. # deployed template.
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
rm -f "$BUILDCHROOT/usr/sbin/policy-rc.d" rm -f "${BUILDCHROOT}/usr/sbin/policy-rc.d"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Qubes needs a user named 'user' # Qubes needs a user named 'user'
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1; then if chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1; then
: :
else else
chroot "$INSTALLDIR" groupadd -f user chroot "${INSTALLDIR}" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
fi fi
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Modules setup # Modules setup
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "xen_netfront" >> "$INSTALLDIR/etc/modules" echo "xen_netfront" >> "${INSTALLDIR}/etc/modules"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Remove `mesg` from root/.profile? # Remove `mesg` from root/.profile?
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
sed -i -e '/^mesg n/d' "$INSTALLDIR/root/.profile" sed -i -e '/^mesg n/d' "${INSTALLDIR}/root/.profile"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Need a xen log directory or xen scripts will fail # Need a xen log directory or xen scripts will fail
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
mkdir -p -m 0700 "$INSTALLDIR/var/log/xen" mkdir -p -m 0700 "${INSTALLDIR}/var/log/xen"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Copy extra files to installation directory. Contains: # Copy extra files to installation directory. Contains:
@ -195,6 +195,8 @@ EOF
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist" expand "${INSTALLDIR}/etc/hosts" > "${INSTALLDIR}/etc/hosts.dist"
mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts" mv "${INSTALLDIR}/etc/hosts.dist" "${INSTALLDIR}/etc/hosts"
touch "${INSTALLDIR}/tmp/.prepared_qubes"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -203,8 +205,8 @@ fi
buildStep "$0" "post" buildStep "$0" "post"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Kill all processes and umount all mounts within $INSTALLDIR, but not # Kill all processes and umount all mounts within ${INSTALLDIR}, but not
# $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being umounted itself) # ${INSTALLDIR} itself (extra '/' prevents ${INSTALLDIR} from being umounted itself)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
umount_kill "$INSTALLDIR/" || : umount_kill "${INSTALLDIR}/" || :

10
scripts_debian/09_cleanup.sh
Unescape View File

@ -4,12 +4,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,9 +23,9 @@ buildStep "$0" "pre"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup any left over files from installation # Cleanup any left over files from installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
rm -rf "INSTALLDIR/var/cache/apt/archives/*" rm -rf "${INSTALLDIR}/var/cache/apt/archives/*"
rm -f "$INSTALLDIR/etc/apt/sources.list.d/qubes-builder.list" rm -f "${INSTALLDIR}/etc/apt/sources.list.d/qubes-builder.list"
rm -f "$INSTALLDIR/etc/apt/trusted.gpg.d/qubes-builder.gpg" rm -f "${INSTALLDIR}/etc/apt/trusted.gpg.d/qubes-builder.gpg"
# XXX: Whats this for? # XXX: Whats this for?
rm -rf buildchroot rm -rf buildchroot

6
scripts_debian/gnome/04_install_qubes_post.sh
Unescape View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -23,4 +23,4 @@ fi
# Disable gnome network-manager since it will prevent networking # Disable gnome network-manager since it will prevent networking
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
debug "Disabling gnome network-manager" debug "Disabling gnome network-manager"
chroot "$INSTALLDIR" systemctl disable network-manager chroot "${INSTALLDIR}" systemctl disable network-manager

4
scripts_debian/vars.sh
Unescape View File

@ -8,7 +8,7 @@
# The codename of the debian version to install. # The codename of the debian version to install.
# jessie = testing, wheezy = stable # jessie = testing, wheezy = stable
DEBIANVERSION=$DIST DEBIANVERSION=${DIST}
# Location to grab debian packages # Location to grab debian packages
#DEBIAN_MIRROR=http://http.debian.net/debian #DEBIAN_MIRROR=http://http.debian.net/debian
@ -23,6 +23,6 @@ QUBESDEBIANGIT="http://dsg.is/qubes/"
# XXX: Is this even used? # XXX: Is this even used?
# make runs the scripts with sudo -E, so HOME is set to /home/user during # make runs the scripts with sudo -E, so HOME is set to /home/user during
# build, which does not exist. We need to write to $HOME/.gnupg so set it # build, which does not exist. We need to write to ${HOME}/.gnupg so set it
# to something valid. # to something valid.
HOME=/root HOME=/root

10
scripts_debian/wheezy+whonix-gateway/99_custom_configuration.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,10 +19,10 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace # whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_post" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Custom Configurations # Install Custom Configurations
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi fi

17
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/replace-ips
Unescape View File

@ -24,9 +24,9 @@ FILES=(
# sed search and replace. return 0 if replace happened, otherwise 1 # sed search and replace. return 0 if replace happened, otherwise 1
search_replace() { search_replace() {
local search="$1" local search="${1}"
local replace="$2" local replace="${2}"
local file="$3" local file="${3}"
local retval=1 local retval=1
if ! [ -L "${file}" ]; then if ! [ -L "${file}" ]; then
@ -36,7 +36,7 @@ search_replace() {
chattr -i "${file}" chattr -i "${file}"
fi fi
fi fi
sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}" sed -i.bak '/'"${search}"'/,${s//'"${replace}"'/;b};$q1' "${file}"
retval=$? retval=$?
@ -55,8 +55,8 @@ function replace_ips()
local restart_tor=0 local restart_tor=0
# If IP is 10.152.152.10, network is 10.152.152.0 # If IP is 10.152.152.10, network is 10.152.152.0
replace_network="${replace_ip%.*}.0" search_network="${search_ip%[.]*}.0"
search_network="${search_ip%.*}.0" replace_network="${replace_ip%[.]*}.0"
if ! [ "${search_ip}" == "${replace_ip}" ]; then if ! [ "${search_ip}" == "${replace_ip}" ]; then
for file in "${files[@]}"; do for file in "${files[@]}"; do
@ -68,7 +68,10 @@ function replace_ips()
if [ "${restart_tor}" == "1" ]; then if [ "${restart_tor}" == "1" ]; then
echo "${replace_ip}" > /etc/whonix-netvm-gateway echo "${replace_ip}" > /etc/whonix-netvm-gateway
service tor restart grep "^DisableNetwork 0$" /etc/tor/torrc && {
service tor reload || true;
#sleep 1;
}
fi fi
fi fi
} }

21
scripts_debian/wheezy+whonix-gateway/files/usr/lib/whonix/setup-ip
Unescape View File

@ -5,9 +5,9 @@ if [ -x /usr/sbin/xenstore-read ]; then
else else
XENSTORE_READ="/usr/bin/xenstore-read" XENSTORE_READ="/usr/bin/xenstore-read"
fi fi
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
INTERFACE="eth1" INTERFACE="eth1"
ip=$(${XENSTORE_READ} qubes-netvm-gateway 2> /dev/null)
# Create a dummy eth1 interface so tor can bind to it if there # Create a dummy eth1 interface so tor can bind to it if there
# are no DOMU virtual machines connected at the moment # are no DOMU virtual machines connected at the moment
@ -100,3 +100,22 @@ export INT_TIF="vif+"
# Route any traffic FROM netvm TO netvm BACK-TO localhost # Route any traffic FROM netvm TO netvm BACK-TO localhost
# Allows localhost access to tor network # Allows localhost access to tor network
iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1 iptables -t nat -A OUTPUT -s ${ip} -d ${ip} -j DNAT --to-destination 127.0.0.1
enable() {
servicename=${1}
grep "^DisableNetwork 0$" /etc/tor/torrc && {
# Check to see if the service is already enabled and if not, enable it
string="/etc/rc$(runlevel | awk '{ print $2 }').d/S[0-9][0-9]${servicename}"
if ! [ $(find $string 2>/dev/null | wc -l) -eq 1 ] ; then
echo "${1} is currently disabled; enabling it"
systemctl --quiet enable ${servicename}
fi
}
}
#enable tor
#enable whonixcheck
#enable sdwdate

12
scripts_debian/wheezy+whonix-workstation/99_custom_configuration.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -19,12 +19,12 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# whonix-netvm-gateway contains last known IP used to search and replace # whonix-netvm-gateway contains last known IP used to search and replace
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" -a ! -f "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" -a ! -f "${INSTALLDIR}/tmp/.whonix_custom_configurations" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Custom Configurations # Install Custom Configurations
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
echo "10.152.152.11" > "$INSTALLDIR/etc/whonix-ip" echo "10.152.152.11" > "${INSTALLDIR}/etc/whonix-ip"
echo "10.152.152.10" > "$INSTALLDIR/etc/whonix-netvm-gateway" echo "10.152.152.10" > "${INSTALLDIR}/etc/whonix-netvm-gateway"
touch "$INSTALLDIR/tmp/.prepared_whonix_custom_configurations" touch "${INSTALLDIR}/tmp/.whonix_custom_configurations"
fi fi

26
scripts_debian/wheezy+whonix/00_prepare_pre.sh
Unescape View File

@ -16,20 +16,20 @@
# Return if SNAPSHOT is not "1" # Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set # This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0 exit 0
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -42,26 +42,26 @@ INSTALLDIR="$(readlink -m mnt)"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
manage_snapshot() { manage_snapshot() {
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
# Remove old snapshots if whonix completed # Remove old snapshots if whonix completed
if [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
warn "Removing stale snapshots" warn "Removing stale snapshots"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
rm -rf "$debootstrap_snapshot" rm -rf "$debootstrap_snapshot"
rm -rf "$updated_snapshot" rm -rf "$updated_snapshot"
return return
fi fi
warn "Copying $1 to $IMG" warn "Copying $1 to ${IMG}"
mount -o loop "$1" "$INSTALLDIR" || exit 1 mount -o loop "$1" "${INSTALLDIR}" || exit 1
rm -f "$INSTALLDIR/tmp/.prepared_groups" rm -f "${INSTALLDIR}/tmp/.prepared_groups"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
cp -f "$1" "$IMG" cp -f "$1" "${IMG}"
} }
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" debootstrap_snapshot="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" updated_snapshot="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"

18
scripts_debian/wheezy+whonix/01_install_core_post.sh
Unescape View File

@ -5,20 +5,20 @@
# Return if SNAPSHOT is not "1" # Return if SNAPSHOT is not "1"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# This script is only used if SNAPSHOT is set # This script is only used if SNAPSHOT is set
if [ ! "$SNAPSHOT" == "1" ]; then if [ ! "${SNAPSHOT}" == "1" ]; then
exit 0 exit 0
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -27,12 +27,12 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Create a snapshot of the already debootstraped image # Create a snapshot of the already debootstraped image
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}" PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-debootstrap${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
warn "Copying $IMG to $PREPARED_IMG" warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "$IMG" "$PREPARED_IMG" cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
fi fi

277
scripts_debian/wheezy+whonix/02_install_groups_packages_installed.sh
Unescape View File

@ -4,13 +4,13 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
. ./umount_kill.sh >/dev/null . ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -20,16 +20,16 @@ fi
# XXX: Create a snapshot - Only for DEBUGGING! # XXX: Create a snapshot - Only for DEBUGGING!
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Only execute if SNAPSHOT is set # Only execute if SNAPSHOT is set
if [ "$SNAPSHOT" == "1" ]; then if [ "${SNAPSHOT}" == "1" ]; then
splitPath "$IMG" path_parts splitPath "${IMG}" path_parts
PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}" PREPARED_IMG="${path_parts[dir]}${path_parts[base]}-updated${path_parts[dotext]}"
if ! [ -f "$PREPARED_IMG" ] && ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${PREPARED_IMG}" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
warn "Copying $IMG to $PREPARED_IMG" warn "Copying ${IMG} to ${PREPARED_IMG}"
cp -f "$IMG" "$PREPARED_IMG" cp -f "${IMG}" "${PREPARED_IMG}"
mount -o loop "$IMG" "$INSTALLDIR" || exit 1 mount -o loop "${IMG}" "${INSTALLDIR}" || exit 1
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "${INSTALLDIR}/$fs"; done
fi fi
fi fi
@ -71,53 +71,6 @@ sudo ~/Whonix/whonix_build \
--minimal-report \ --minimal-report \
--skip-sanity-tests || { exit 1; } --skip-sanity-tests || { exit 1; }
popd popd
################################################################################
# Post Fixups
set -e
pushd /etc/network
sudo rm -f interfaces
sudo ln -s interfaces.backup interfaces
popd
pushd /etc
sudo rm -f resolv.conf
sudo cp -p resolv.conf.backup resolv.conf
popd
# Enable Tor
if [ "${1}" == "--torgateway" ]; then
sudo sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' /etc/tor/torrc
fi
# Fake that whonixsetup was already run
sudo mkdir -p /var/lib/whonix/do_once
sudo touch /var/lib/whonix/do_once/whonixsetup.done
# Fake that initializer was already run
sudo mkdir -p /root/.whonix
sudo touch /root/.whonix/first_run_initializer.done
# Prevent whonixcheck error
sudo su -c 'echo WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER=\"1\" >> /etc/whonix.d/30_whonixcheck_default'
sudo update-rc.d network-manager disable
sudo update-rc.d spice-vdagent disable
sudo update-rc.d swap-file-creator disable
sudo update-rc.d whonix-initializer disable
# Remove original sources.list
sudo rm -f /etc/apt/sources.list
sudo apt-get.anondist-orig update
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
sudo apt-get.anondist-orig -y --force-yes remove apt-cacher-ng
sudo touch "/tmp/.prepared_whonix"
EOF EOF
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
@ -164,8 +117,8 @@ EOF
# Cleanup function # Cleanup function
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
function cleanup() { function cleanup() {
error "Whonix error; umounting $INSTALLDIR to prevent further writes" error "Whonix error; umounting ${INSTALLDIR} to prevent further writes"
umount_kill "$INSTALLDIR" || : umount_kill "${INSTALLDIR}" || :
exit 1 exit 1
} }
trap cleanup ERR trap cleanup ERR
@ -174,15 +127,15 @@ trap cleanup EXIT
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Mount devices, etc required for Whonix installation # Mount devices, etc required for Whonix installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then if ! [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ]; then
info "Installing Whonix system" info "Preparing Whonix system"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Initialize Whonix submodules # Initialize Whonix submodules
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
pushd "$WHONIX_DIR" pushd "${WHONIX_DIR}"
{ {
su $(logname) -c "git submodule update --init --recursive" su $(logname) -c "git submodule update --init --recursive";
} }
popd popd
@ -211,21 +164,21 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
} }
# Patch anon-meta-packages to not depend on grub-pc # Patch anon-meta-packages to not depend on grub-pc
pushd "$WHONIX_DIR" pushd "${WHONIX_DIR}"
{ {
search_replace "grub-pc" "" "grml_packages" || : search_replace "grub-pc" "" "grml_packages" || :
} }
popd popd
pushd "$WHONIX_DIR/packages/anon-meta-packages/debian" pushd "${WHONIX_DIR}/packages/anon-meta-packages/debian"
{ {
search1=" grub-pc," search1=" grub-pc,";
replace="" replace="";
#checkout_branch qubes #checkout_branch qubes
search_replace "$search1" "$replace" control && \ search_replace "$search1" "$replace" control && \
{ {
cd "$WHONIX_DIR/packages/anon-meta-packages" cd "${WHONIX_DIR}/packages/anon-meta-packages";
: :
#sudo -E -u $(logname) make deb-pkg || : #sudo -E -u $(logname) make deb-pkg || :
#su $(logname) -c "dpkg-source --commit" || : #su $(logname) -c "dpkg-source --commit" || :
@ -235,27 +188,27 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
} }
popd popd
pushd "$WHONIX_DIR/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d" pushd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub/usr/lib/anon-dist/chroot-scripts-post.d"
{ {
search1="update-grub" search1="update-grub";
replace=":" replace=":";
#checkout_branch qubes #checkout_branch qubes
search_replace "$search1" "$replace" 85_update_grub && \ search_replace "$search1" "$replace" 85_update_grub && \
{ {
cd "$WHONIX_DIR/packages/anon-shared-build-fix-grub" cd "${WHONIX_DIR}/packages/anon-shared-build-fix-grub";
sudo -E -u $(logname) make deb-pkg || : sudo -E -u $(logname) make deb-pkg || :
su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub" su $(logname) -c "EDITOR=/bin/true dpkg-source -q --commit . no_grub";
#git add . #git add . ;
#su $(logname) -c "git commit -am 'removed grub-pc depend'" #su $(logname) -c "git commit -am 'removed grub-pc depend'"
} || : } || :
} }
popd popd
pushd "$WHONIX_DIR/build-steps.d" pushd "${WHONIX_DIR}/build-steps.d"
{ {
search1=" check_for_uncommited_changes" search1=" check_for_uncommited_changes";
replace=" #check_for_uncommited_changes" replace=" #check_for_uncommited_changes";
search_replace "$search1" "$replace" 1200_create-debian-packages || : search_replace "$search1" "$replace" 1200_create-debian-packages || :
} }
@ -264,112 +217,152 @@ if ! [ -f "$INSTALLDIR/tmp/.prepared_whonix" ]; then
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Whonix system config dependancies # Whonix system config dependancies
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
#/usr/sbin/grub-probe: error: cannot find a device for / (is /dev mounted?)
#cannot stat `/boot/grub/grub.cfg': No such file or directory
# Qubes needs a user named 'user' # Qubes needs a user named 'user'
debug "Whonix Add user" debug "Whonix Add user"
chroot "$INSTALLDIR" id -u 'user' >/dev/null 2>&1 || \ chroot "${INSTALLDIR}" id -u 'user' >/dev/null 2>&1 || \
{ {
chroot "$INSTALLDIR" groupadd -f user chroot "${INSTALLDIR}" groupadd -f user
chroot "$INSTALLDIR" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user chroot "${INSTALLDIR}" useradd -g user -G dialout,cdrom,floppy,sudo,audio,dip,video,plugdev -m -s /bin/bash user
} }
# Change hostname to 'host' # Pin grub packages so they will not install
#debug "Whonix change host" echo "${WHONIX_APT_PIN}" > "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
#echo "host" > "$INSTALLDIR/etc/hostname" chmod 0644 "${INSTALLDIR}/etc/apt/preferences.d/whonix_qubes"
#chroot "$INSTALLDIR" sed -i "s/localhost/host/g" /etc/hosts
# Install Whonix fix script
echo "${WHONIX_FIX_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_fix"
chmod 0755 "${INSTALLDIR}/home/user/whonix_fix"
#if ! [ -f "$INSTALLDIR/etc/sudoers.d/qubes" ]; then # Install Whonix build scripts
# cp -p /etc/sudoers.d/qubes "$INSTALLDIR/etc/sudoers.d/qubes" echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build"
#fi chmod 0755 "${INSTALLDIR}/home/user/whonix_build"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Copy over any extra files # Copy over any extra files
# XXX: Moved to 02_install_groups_packages_installed.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
copyTree "files" copyTree "files"
touch "${INSTALLDIR}/tmp/.whonix_prepared"
fi
# ------------------------------------------------------------------------------
# Install Whonix
# ------------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/tmp/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_installed" ]; then
info "Installing Whonix system"
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
# Install Whonix system # Install Whonix code base
# -------------------------------------------------------------------------- # --------------------------------------------------------------------------
if ! [ -d "$INSTALLDIR/home/user/Whonix" ]; then if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Installing Whonix build environment..." debug "Installing Whonix build environment..."
chroot "$INSTALLDIR" su user -c 'mkdir /home/user/Whonix' chroot "${INSTALLDIR}" su user -c 'mkdir /home/user/Whonix'
fi fi
if [ -d "$INSTALLDIR/home/user/Whonix" ]; then if [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
debug "Building Whonix..." debug "Building Whonix..."
mount --bind "../Whonix" "$INSTALLDIR/home/user/Whonix" mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
fi
# XXX: Does this break Whonix build?
# Install apt-get preferences
#echo "$WHONIX_APT_PREFERENCES" > "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
#chmod 0644 "$INSTALLDIR/etc/apt/apt.conf.d/99whonix"
# Pin grub packages so they will not install
echo "$WHONIX_APT_PIN" > "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
chmod 0644 "$INSTALLDIR/etc/apt/preferences.d/whonix_qubes"
# Install Whonix fix script
echo "$WHONIX_FIX_SCRIPT" > "$INSTALLDIR/home/user/whonix_fix"
chmod 0755 "$INSTALLDIR/home/user/whonix_fix"
# Install Whonix build scripts
echo "$WHONIX_BUILD_SCRIPT" > "$INSTALLDIR/home/user/whonix_build"
chmod 0755 "$INSTALLDIR/home/user/whonix_build"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
chroot "$INSTALLDIR" su user -c "cd ~; ./whonix_build $BUILD_TYPE $DIST" || { exit 1; } if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else else
error "chroot /home/user/Whonix directory does not exist... exiting!" error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
exit error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi fi
chroot "${INSTALLDIR}" su user -c "cd ~; ./whonix_build ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/tmp/.whonix_installed"
fi fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Execute any template flavor or sub flavor scripts # Whonix Post Installation Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
buildStep "99_custom_configuration.sh" if [ -f "${INSTALLDIR}/tmp/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/tmp/.whonix_post" ]; then
info "Post Configuring Whonix System"
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
# Enable Tor
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
sed -i 's/#DisableNetwork 0/DisableNetwork 0/g' "${INSTALLDIR}/etc/tor/torrc"
fi
# Fake that whonixsetup was already run
mkdir -p "${INSTALLDIR}/var/lib/whonix/do_once"
touch "${INSTALLDIR}/var/lib/whonix/do_once/whonixsetup.done"
# Fake that initializer was already run
mkdir -p "${INSTALLDIR}/root/.whonix"
touch "${INSTALLDIR}/root/.whonix/first_run_initializer.done"
# Prevent whonixcheck error
echo 'WHONIXCHECK_NO_EXIT_ON_UNSUPPORTED_VIRTUALIZER="1"' >> "${INSTALLDIR}/etc/whonix.d/30_whonixcheck_default"
# Disable unwanted applications
chroot "${INSTALLDIR}" update-rc.d network-manager disable || :
chroot "${INSTALLDIR}" update-rc.d spice-vdagent disable || :
chroot "${INSTALLDIR}" update-rc.d swap-file-creator disable || :
chroot "${INSTALLDIR}" update-rc.d whonix-initializer disable || :
chroot "${INSTALLDIR}" service apt-cacher-ng stop || :
chroot "${INSTALLDIR}" update-rc.d apt-cacher-ng disable || :
# Remove apt-cacher-ng
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
# Remove original sources.list
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot ${INSTALLDIR} apt-get.anondist-orig update
touch "${INSTALLDIR}/tmp/.whonix_post"
fi
# XXX: Why do I need to move them out of the way? Lets try keeping them
# in place (modify post script too)
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Move Whonix sources out of way # Execute any template flavor or sub flavor scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then buildStep "99_custom_configuration.sh"
# mv "$INSTALLDIR/etc/apt/sources.list.d" "$INSTALLDIR/etc/apt/sources.list.d.qubes"
# mkdir -p "$INSTALLDIR/etc/apt/sources.list.d"
# cp -p "$INSTALLDIR/etc/apt/sources.list.d.qubes/debian.list" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Bring back original apt-get for installation of Qubues # Bring back original apt-get for installation of Qubues
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then pushd "${INSTALLDIR}/usr/bin"
rm "$INSTALLDIR/usr/bin/apt-get" {
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist-orig apt-get" rm -f apt-get;
fi cp -p apt-get.anondist-orig apt-get;
}
popd
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Make sure the temporary policy-rc.d to prevent apt from starting services # Make sure the temporary policy-rc.d to prevent apt from starting services
# on package installation is still active; Whonix may have reset it # on package installation is still active; Whonix may have reset it
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF cat > "${INSTALLDIR}/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh #!/bin/sh
return 101 # Action forbidden by policy return 101 # Action forbidden by policy
EOF EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d" chmod 755 "${INSTALLDIR}/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Leave cleanup to calling function # Leave cleanup to calling function

44
scripts_debian/wheezy+whonix/04_install_qubes_post.sh
Unescape View File

@ -8,12 +8,12 @@
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Source external scripts # Source external scripts
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh . ${SCRIPTSDIR}/vars.sh
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Configurations # Configurations
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then if [ "${VERBOSE}" -ge 2 -o "${DEBUG}" == "1" ]; then
set -x set -x
else else
set -e set -e
@ -22,41 +22,27 @@ fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Restore Whonix apt-get # Restore Whonix apt-get
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
if [ -L "$INSTALLDIR/usr/bin/apt-get" ]; then pushd "${INSTALLDIR}/usr/bin"
rm "$INSTALLDIR/usr/bin/apt-get" {
chroot "$INSTALLDIR" su -c "cd /usr/bin/; ln -s apt-get.anondist apt-get" rm -f apt-get;
fi cp -p apt-get.anondist apt-get;
}
# ------------------------------------------------------------------------------ popd
# Restore Whonix sources
# ------------------------------------------------------------------------------
#if [ -L "$INSTALLDIR/etc/apt/sources.list.d" ]; then
# rm -rf "$INSTALLDIR/etc/apt/sources.list.d"
# mv "$INSTALLDIR/etc/apt/sources.list.d.qubes" "$INSTALLDIR/etc/apt/sources.list.d"
#fi
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Restore whonix resolv.conf # Restore whonix resolv.conf
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
pushd "$INSTALLDIR/etc" pushd "${INSTALLDIR}/etc"
{ {
rm -f resolv.conf rm -f resolv.conf;
cp -p resolv.conf.anondist resolv.conf cp -p resolv.conf.anondist resolv.conf;
} }
popd popd
# --------------------------------------------------------------------------
# Copy over any extra files that may be needed that are located in
# --------------------------------------------------------------------------
debug "Copy extra Qubes related files..."
copyTree "extra-qubes-files"
touch "$INSTALLDIR/tmp/.prepared_qubes"
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# Cleanup Whonix Installation # Cleanup Whonix Installation
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
rm -rf "$INSTALLDIR"/home/user/Whonix rm -rf "${INSTALLDIR}"/home/user/Whonix
rm -rf "$INSTALLDIR"/home/user/whonix_binary rm -rf "${INSTALLDIR}"/home/user/whonix_binary
rm -f "$INSTALLDIR"/home/user/whonix_fix rm -f "${INSTALLDIR}"/home/user/whonix_fix
rm -f "$INSTALLDIR"/home/user/whonix_build rm -f "${INSTALLDIR}"/home/user/whonix_build

20
tests/template-flavors/test.sh
Unescape View File

@ -45,7 +45,7 @@ declare -A VALUES=(
) )
values() { values() {
[[ -z $TEST ]] && { [[ -z ${TEST} ]] && {
label=${1} label=${1}
value="${1}[@]" value="${1}[@]"
value="${!value}" value="${!value}"
@ -61,11 +61,11 @@ values() {
} }
info() { info() {
[[ -z $TEST ]] && echo "${bold}${blue}${1}${reset}" || : [[ -z ${TEST} ]] && echo "${bold}${blue}${1}${reset}" || :
} }
debug() { debug() {
[[ -z $TEST ]] && echo -e "${magenta}${1}${reset}" || : [[ -z ${TEST} ]] && echo -e "${magenta}${1}${reset}" || :
} }
assertTest(){ assertTest(){
@ -264,7 +264,7 @@ assertEnd
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
# 10. Template directory for options within $SCRIPTSDIR using short name filter # 10. Template directory for options within ${SCRIPTSDIR} using short name filter
# ------------------------------------------------------------------------------ # ------------------------------------------------------------------------------
SCRIPTSDIR="tests/template-flavors" SCRIPTSDIR="tests/template-flavors"
DIST="wheezy" DIST="wheezy"
@ -275,7 +275,7 @@ TEMPLATE_FLAVOR_DIR="wheezy+proxy:${SCRIPTSDIR}/proxy"
TEMPLATE_OPTIONS=('proxy') TEMPLATE_OPTIONS=('proxy')
header <<EOF header <<EOF
10. Template directory for options within $SCRIPTSDIR using short name filter 10. Template directory for options within ${SCRIPTSDIR} using short name filter
EOF EOF
buildStep "$0" "pre" buildStep "$0" "pre"
assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh" assertTest "buildStep $0 pre" "tests/template-flavors/wheezy+whonix-gateway/test_pre.sh\ntests/template-flavors/proxy/test_pre.sh"
@ -455,12 +455,12 @@ header <<EOF
Just test copying from here to ${INSTALLDIR} Just test copying from here to ${INSTALLDIR}
INSTALLDIR="${SCRIPTSDIR}/test_copy_location" INSTALLDIR="${SCRIPTSDIR}/test_copy_location"
EOF EOF
rm -f "$INSTALLDIR"/test1 rm -f "${INSTALLDIR}"/test1
rm -f "$INSTALLDIR"/test2 rm -f "${INSTALLDIR}"/test2
rm -f "$INSTALLDIR"/test3 rm -f "${INSTALLDIR}"/test3
copyTree "files" copyTree "files"
ls -l "$INSTALLDIR" ls -l "${INSTALLDIR}"
assertTest "ls $INSTALLDIR" "test1\ntest2\ntest3" assertTest "ls ${INSTALLDIR}" "test1\ntest2\ntest3"
assertEnd assertEnd

8
umount_kill.sh
Unescape View File

@ -31,16 +31,16 @@ umount_kill() {
MOUNTDIR="$1" MOUNTDIR="$1"
# We need absolute paths here so we don't kill everything # We need absolute paths here so we don't kill everything
if ! [[ "$MOUNTDIR" = /* ]]; then if ! [[ "${MOUNTDIR}" = /* ]]; then
MOUNTDIR="${PWD}/${MOUNTDIR}" MOUNTDIR="${PWD}/${MOUNTDIR}"
fi fi
# Strip any extra trailing slashes ('/') from path if they exist # Strip any extra trailing slashes ('/') from path if they exist
# since we are doing an exact string match on the path # since we are doing an exact string match on the path
MOUNTDIR=$(echo "$MOUNTDIR" | sed s#//*#/#g) MOUNTDIR=$(echo "${MOUNTDIR}" | sed s#//*#/#g)
warn "-> Attempting to kill any processes still running in '$MOUNTDIR' before un-mounting" warn "-> Attempting to kill any processes still running in '${MOUNTDIR}' before un-mounting"
for dir in $(sudo grep "$MOUNTDIR" /proc/mounts | cut -f2 -d" " | sort -r | grep "^$MOUNTDIR") for dir in $(sudo grep "${MOUNTDIR}" /proc/mounts | cut -f2 -d" " | sort -r | grep "^${MOUNTDIR}")
do do
sudo lsof "$dir" 2> /dev/null | \ sudo lsof "$dir" 2> /dev/null | \
grep "$dir" | \ grep "$dir" | \

Write Preview
Loading…
Cancel
Save