qubes-linux-template-builder/scripts_debian/02_install_groups.sh
Jason Mehring 1334b8ae50 Added colorized messages and changed scripts to use them
Added a few more whonix replacement tweaks
Updated umount_kill.sh to be able to umount directories that have been deleted
Added a DEBUG feature to save / use already created debootstrap image to save time debugging
2014-10-16 12:03:05 -04:00

192 lines
8.9 KiB
Bash
Executable File

#!/bin/sh
# vim: set ts=4 sw=4 sts=4 et :
# ------------------------------------------------------------------------------
# Source external scripts
# ------------------------------------------------------------------------------
. $SCRIPTSDIR/vars.sh
. ./umount_kill.sh >/dev/null
# ------------------------------------------------------------------------------
# Configurations
# ------------------------------------------------------------------------------
if [ "$VERBOSE" -ge 2 -o "$DEBUG" == "1" ]; then
set -x
else
set -e
fi
# ------------------------------------------------------------------------------
# If .prepared_debootstrap has not been completed, don't continue
# ------------------------------------------------------------------------------
if ! [ -f "$INSTALLDIR/tmp/.prepared_debootstrap" ]; then
error "prepared_debootstrap installataion has not completed!... Exiting"
umount_kill "$INSTALLDIR" || :
exit 1
fi
# ------------------------------------------------------------------------------
# Mount system mount points
# ------------------------------------------------------------------------------
for fs in /dev /dev/pts /proc /sys /run; do mount -B $fs "$INSTALLDIR/$fs"; done
# ------------------------------------------------------------------------------
# Execute any custom pre configuration scripts
# ------------------------------------------------------------------------------
customStep "$0" "pre"
if ! [ -f "$INSTALLDIR/tmp/.prepared_groups" ]; then
# ------------------------------------------------------------------------------
# Cleanup function
# ------------------------------------------------------------------------------
function cleanup() {
error "Install groups error and umount"
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
umount_kill "$INSTALLDIR" || :
exit 1
}
trap cleanup ERR
trap cleanup EXIT
# ------------------------------------------------------------------------------
# Set up a temporary policy-rc.d to prevent apt from starting services
# on package installation
# ------------------------------------------------------------------------------
cat > "$INSTALLDIR/usr/sbin/policy-rc.d" <<EOF
#!/bin/sh
return 101 # Action forbidden by policy
EOF
chmod 755 "$INSTALLDIR/usr/sbin/policy-rc.d"
# ------------------------------------------------------------------------------
# Add debian security repository
# ------------------------------------------------------------------------------
debug "Adding debian-security repository."
source="deb http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
fi
source="deb-src http://security.debian.org ${DEBIANVERSION}/updates main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
fi
# ------------------------------------------------------------------------------
# Upgrade system
# ------------------------------------------------------------------------------
debug "Upgrading system"
chroot "$INSTALLDIR" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes dist-upgrade
# ------------------------------------------------------------------------------
# Configure keyboard
# ------------------------------------------------------------------------------
debug "Setting keyboard layout"
chroot "$INSTALLDIR" debconf-set-selections <<EOF
keyboard-configuration keyboard-configuration/variant select English (US)
keyboard-configuration keyboard-configuration/layout select English (US)
keyboard-configuration keyboard-configuration/model select Generic 105-key (Intl) PC
keyboard-configuration keyboard-configuration/modelcode string pc105
keyboard-configuration keyboard-configuration/layoutcode string us
keyboard-configuration keyboard-configuration/variantcode string
keyboard-configuration keyboard-configuration/optionscode string
EOF
# ------------------------------------------------------------------------------
# Install extra packages in script_$DEBIANVERSION/packages.list file
# ------------------------------------------------------------------------------
if [ -n "${TEMPLATE_FLAVOR}" ]; then
PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}_${TEMPLATE_FLAVOR}.list"
if ! [ -r "${PKGLISTFILE}" ]; then
error "ERROR: ${PKGLISTFILE} does not exists!"
umount_kill "$INSTALLDIR" || :
exit 1
fi
elif [ -r "$SCRIPTSDIR/packages_${DIST}.list" ]; then
PKGLISTFILE="$SCRIPTSDIR/packages_${DIST}.list"
else
PKGLISTFILE="$SCRIPTSDIR/packages.list"
fi
debug "Installing extra packages"
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
xargs chroot $INSTALLDIR apt-get -y --force-yes install < "$PKGLISTFILE"
# ------------------------------------------------------------------------------
# Execute any custom configuration scripts after file packages installed
# (Whonix needs dependancies installed before installation)
# ------------------------------------------------------------------------------
customStep "$0" "packages_installed"
# ------------------------------------------------------------------------------
# Install systemd
# ------------------------------------------------------------------------------
# - sysvinit gives problems with qubes initramfs, we depend on systemd
# for now. Apt *really* doesn't want to replace sysvinit in wheezy.
# For jessie and newer, sysvinit is provided by sysvinit-core which
# is not an essential package.
# ------------------------------------------------------------------------------
debug "Installing systemd for debian ($DEBIANVERSION)"
if [ "$DEBIANVERSION" == "wheezy" ]; then
echo 'Yes, do as I say!' | DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
else
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes remove sysvinit
fi
# Prevent sysvinit from being re-installed
debug "Preventing sysvinit re-installation"
chroot "$INSTALLDIR" apt-mark hold sysvinit
chroot "$INSTALLDIR" apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot "$INSTALLDIR" apt-get -y --force-yes install systemd-sysv
# ------------------------------------------------------------------------------
# Set multu-user.target as the default target (runlevel 3)
# ------------------------------------------------------------------------------
#chroot "$INSTALLDIR" systemctl set-default multi-user.target
chroot "$INSTALLDIR" rm -f /etc/systemd/system/default.target
chroot "$INSTALLDIR" ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
# ------------------------------------------------------------------------------
# Qubes is now being built with some SID packages; grab backport for wheezy
# ------------------------------------------------------------------------------
if [ "$DEBIANVERSION" == "wheezy" ]; then
debug "Adding wheezy backports repository."
source="deb ${DEBIAN_MIRROR} wheezy-backports main"
if ! grep -r -q "$source" "$INSTALLDIR/etc/apt/sources.list"*; then
touch "$INSTALLDIR/etc/apt/sources.list"
echo "$source" >> "$INSTALLDIR/etc/apt/sources.list"
fi
chroot $INSTALLDIR apt-get update
DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true \
chroot $INSTALLDIR apt-get -y --force-yes -t wheezy-backports install init-system-helpers
fi
# ------------------------------------------------------------------------------
# Cleanup
# ------------------------------------------------------------------------------
# Remove temporary policy layer so services can start normally in the
# deployed template.
rm -f "$INSTALLDIR/usr/sbin/policy-rc.d"
touch "$INSTALLDIR/tmp/.prepared_groups"
trap - ERR EXIT
trap
# Kill all processes and umount all mounts within $INSTALLDIR,
# but not $INSTALLDIR itself (extra '/' prevents $INSTALLDIR from being
# umounted itself)
umount_kill "$INSTALLDIR/" || :
fi
# ------------------------------------------------------------------------------
# Execute any custom post configuration scripts
# ------------------------------------------------------------------------------
customStep "$0" "post"