QubesOS
/
qubes-linux-template-builder
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '518b0a39da'
${ noResults }
qubes-linux-template-builder/scripts_debian/wheezy+whonix-gateway/02_install_groups_wheezy.sh

247 lines
10 KiB
Raw Blame History

#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
source "${SCRIPTSDIR}/vars.sh"
source "${SCRIPTSDIR}/distribution.sh"
##### '-------------------------------------------------------------------------
debug ' Installing and building Whonix'
##### '-------------------------------------------------------------------------
#### '--------------------------------------------------------------------------
info ' Trap ERR and EXIT signals and cleanup (umount)'
#### '--------------------------------------------------------------------------
trap cleanup ERR
trap cleanup EXIT
if ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ]; then
#### '----------------------------------------------------------------------
info ' Installing extra packages in packages_whonix.list file'
#### '----------------------------------------------------------------------
installPackages packages_whonix.list
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups"
fi
# ------------------------------------------------------------------------------
# chroot Whonix build script
# ------------------------------------------------------------------------------
read -r -d '' WHONIX_BUILD_SCRIPT <<'EOF' || true
################################################################################
# Pre Fixups
sudo mkdir -p /boot/grub2
sudo touch /boot/grub2/grub.cfg
sudo mkdir -p /boot/grub
sudo touch /boot/grub/grub.cfg
sudo mkdir --parents --mode=g+rw "/tmp/uwt"
# Whonix seems to re-install sysvinit even though there is a hold
# on the package. Things seem to work anyway. BUT hopfully the
# hold on grub* don't get removed
sudo apt-mark hold sysvinit
sudo apt-mark hold grub-pc grub-pc-bin grub-common grub2-common
# Whonix expects haveged to be started
sudo /etc/init.d/haveged start
################################################################################
# Whonix installation
export WHONIX_BUILD_UNATTENDED_PKG_INSTALL="1"
pushd ~/Whonix
sudo ~/Whonix/whonix_build \
--build $1 \
--64bit-linux \
--current-sources \
--enable-whonix-apt-repository \
--whonix-apt-repository-distribution $2 \
--install-to-root \
--skip-verifiable \
--minimal-report \
--skip-sanity-tests || { exit 1; }
popd
EOF
##### '-------------------------------------------------------------------------
debug ' Preparing Whonix for installation'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared_groups" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ]; then
info "Preparing Whonix system"
#### '----------------------------------------------------------------------
info ' Initializing Whonix submodules'
#### '----------------------------------------------------------------------
pushd "${WHONIX_DIR}"
{
git add Makefile || true
git commit Makefile -m 'Added Makefile' || true
su $(logname) -c "git submodule update --init --recursive";
}
popd
#### '----------------------------------------------------------------------
info ' Faking grub installation since Whonix has depends on grub-pc'
#### '----------------------------------------------------------------------
mkdir -p "${INSTALLDIR}/boot/grub"
cp "${INSTALLDIR}/usr/lib/grub/i386-pc/"* "${INSTALLDIR}/boot/grub"
rm -f "${INSTALLDIR}/usr/sbin/update-grub"
chroot ln -s /bin/true /usr/sbin/update-grub
#### '----------------------------------------------------------------------
info ' Adding a user account for Whonix to build with'
#### '----------------------------------------------------------------------
chroot id -u 'user' >/dev/null 2>&1 || \
{
# UID needs match host user to have access to Whonix sources
chroot groupadd -f user
[ -n "$SUDO_UID" ] && USER_OPTS="-u $SUDO_UID"
chroot useradd -g user $USER_OPTS -G sudo,audio -m -s /bin/bash user
if [ `chroot id -u user` != 1000 ]; then
chroot useradd -g user -u 1000 -M -s /bin/bash user-placeholder
fi
}
#### '----------------------------------------------------------------------
info ' Installing Whonix build scripts'
#### '----------------------------------------------------------------------
echo "${WHONIX_BUILD_SCRIPT}" > "${INSTALLDIR}/home/user/whonix_build.sh"
chmod 0755 "${INSTALLDIR}/home/user/whonix_build.sh"
#### '----------------------------------------------------------------------
info ' Removing apt-listchanges if it exists,so no prompts appear'
#### '----------------------------------------------------------------------
# Whonix does not handle this properly, but aptInstall packages will
aptRemove apt-listchanges || true
#### '----------------------------------------------------------------------
info ' Copying additional files required for build'
#### '----------------------------------------------------------------------
copyTree "files"
touch "${INSTALLDIR}/${TMPDIR}/.whonix_prepared"
fi
##### '-------------------------------------------------------------------------
debug ' Installing Whonix code base'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_prepared" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ]; then
if ! [ -d "${INSTALLDIR}/home/user/Whonix" ]; then
chroot su user -c 'mkdir /home/user/Whonix'
fi
mount --bind "../Whonix" "${INSTALLDIR}/home/user/Whonix"
if [ "${TEMPLATE_FLAVOR}" == "whonix-gateway" ]; then
BUILD_TYPE="--torgateway"
elif [ "${TEMPLATE_FLAVOR}" == "whonix-workstation" ]; then
BUILD_TYPE="--torworkstation"
else
error "Incorrent Whonix type \"${TEMPLATE_FLAVOR}\" selected. Not building Whonix modules"
error "You need to set TEMPLATE_FLAVOR environment variable to either"
error "whonix-gateway OR whonix-workstation"
exit 1
fi
# Whonix needs /dev/pts mounted during build
mount --bind /dev "${INSTALLDIR}/dev"
mount --bind /dev/pts "${INSTALLDIR}/dev/pts"
chroot su user -c "cd ~; ./whonix_build.sh ${BUILD_TYPE} ${DIST}" || { exit 1; }
touch "${INSTALLDIR}/${TMPDIR}/.whonix_installed"
fi
##### '-------------------------------------------------------------------------
debug ' Whonix Post Installation Configurations'
##### '-------------------------------------------------------------------------
if [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_installed" ] && ! [ -f "${INSTALLDIR}/${TMPDIR}/.whonix_post" ]; then
#### '----------------------------------------------------------------------
info ' Restoring original network interfaces'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc/network"
{
rm -f interfaces;
ln -s interfaces.backup interfaces;
}
popd
#### '----------------------------------------------------------------------
info ' Temporarily retore original resolv.conf for remainder of install process'
info ' (Will be restored back in wheezy+whonix/04_qubes_install_post.sh)'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc"
{
rm -f resolv.conf;
cp -p resolv.conf.backup resolv.conf;
}
popd
#### '----------------------------------------------------------------------
info ' Temporarily retore original hosts for remainder of install process'
info ' (Will be restored on initial boot)'
#### '----------------------------------------------------------------------
pushd "${INSTALLDIR}/etc"
{
rm -f hosts;
cp -p hosts.anondist-orig hosts;
}
popd
#### '----------------------------------------------------------------------
info ' Restore default user UID set to so same in all builds regardless of build host'
#### '----------------------------------------------------------------------
if [ -n "`chroot id -u user-placeholder`" ]; then
chroot userdel user-placeholder
chroot usermod -u 1000 user
fi
#### '----------------------------------------------------------------------
info ' Enable some aliases in .bashrc'
#### '----------------------------------------------------------------------
sed -i "s/^# export/export/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# eval/eval/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^# alias/alias/g" "${INSTALLDIR}/root/.bashrc"
sed -i "s/^#force_color_prompt/force_color_prompt/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/#alias/alias/g" "${INSTALLDIR}/home/user/.bashrc"
sed -i "s/alias l='ls -CF'/alias l='ls -l'/g" "${INSTALLDIR}/home/user/.bashrc"
#### '----------------------------------------------------------------------
info ' Remove apt-cacher-ng'
#### '----------------------------------------------------------------------
chroot service apt-cacher-ng stop || :
chroot update-rc.d apt-cacher-ng disable || :
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get.anondist-orig -y --force-yes remove --purge apt-cacher-ng
#### '----------------------------------------------------------------------
info ' Remove original sources.list (Whonix copied them to .../debian.list)'
#### '----------------------------------------------------------------------
rm -f "${INSTALLDIR}/etc/apt/sources.list"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot apt-get.anondist-orig update
touch "${INSTALLDIR}/${TMPDIR}/.whonix_post"
fi
##### '-------------------------------------------------------------------------
debug ' Temporarily retore original apt-get for remainder of install process'
##### '-------------------------------------------------------------------------
pushd "${INSTALLDIR}/usr/bin"
{
rm -f apt-get;
cp -p apt-get.anondist-orig apt-get;
}
popd
#### '----------------------------------------------------------------------
info ' Cleanup'
#### '----------------------------------------------------------------------
trap - ERR EXIT
trap
Reference in new issue View Git Blame Copy Permalink