#!/usr/bin/env zsh # Copyright (c) 2017-2018 Dyne.org Foundation # # decode.blend is written and maintained by Ivan J. # # This source code is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This software is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this source code. If not, see . ## libdevuansdk build script for decode-os BLENDPATH="${BLENDPATH:-$(dirname $0)}" #source "$R/../config" source $BLENDPATH/config source $BLENDPATH/helpers source $BLENDPATH/sysconf source $BLENDPATH/gpt_uuid_list source $BLENDPATH/install_custom_uname blend_release_path=$BLENDPATH/$release blend_packages=${blend_release_path}/packages blend_scripts=${blend_release_path}/scripts blend_bootstrap_setup() { fn blend_bootstrap_setup "(override)" req=(strapdir) ckreq || return 1 sudo cp -v "$R/../extra/deb.torproject.org.asc" "$strapdir" cat <<-EOF | sudo tee ${strapdir}/blend-bootstrap-setup >/dev/null #!/bin/sh echo " * Adding deb.torproject.org repo key to apt..." #cat /deb.torproject.asc | apt-key add - #rm -f /deb.torproject.asc #wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \ # gpg --dearmor | \ # tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null EOF chroot-script -d blend-bootstrap-setup || zerr } blend_preinst() { fn blend_preinst req=(strapdir) ckreq || return 1 notice "executing $blend_name preinst" add-user default default # FIXME:if we move the configure_bootloader to after rsync_to_raw_image # in lib/libdevuansdk/zlibs/helpers this may not be necessary as we would # run it not in the chroot but on the mounted rsync_to_raw_image_image cp ${BLENDPATH}/extra/custom_grub-mkconfig $strapdir/usr/local/bin/grub-mkconfig chmod +x $strapdir/usr/local/bin/grub-mkconfig cat <<-EOF | sudo tee ${strapdir}/update_path >/dev/null export PATH=/usr/local/bin:${PATH} EOF chroot-script -d update_path || zerr } blend_postinst() { fn blend_postinst req=(strapdir) ckreq || return 1 notice "executing $blend_name postinst" #nopackage=(musl tomb golang tordam stem netdata zenroom chainspace) #nopackage=(musl tomb golang tordam netdata zenroom chainspace) nopackage=() for app in $nopackage; do blend_install_${app} || zerr done || zerr notice "copying rootfs overlays" rootfs_overlay_path="$R/../rootfs-overlay" sudo rsync -raX "${rootfs_overlay_path}/common/" "${strapdir}" if [[ -n "$vmsdk_version" ]]; then _sdk="vm" elif [[ -n "$armsdk_version" ]]; then _sdk="arm" elif [[ -n "$livesdk_version" ]]; then _sdk="live" fi sudo rsync -raX "${rootfs_overlay_path}/${_sdk}/" "${strapdir}" # FIXME:if we move the configure_bootloader to after rsync_to_raw_image this # may not be necessary as we would run it not in the chroot but on the # mounted rsync_to_raw_image_image remove_custom_uname rm "$strapdir/usr/local/bin/grub-mkconfig" blend_finalize || zerr } ## {{{ blend_install_musl() blend_install_musl() { fn blend_install_musl req=(strapdir musl_version musl_url) ckreq || return 1 notice "cloning musl gits" sudo git clone "$musl_url" "$strapdir/root/musl" || zerr notice "installing musl in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-musl >/dev/null #!/bin/sh cd /root/musl git checkout ${musl_version} ./configure && \ make ${MAKEOPTS} && make install || exit 1 cd .. rm -rf musl EOF # chroot-script install-musl || zerr } ## }}} ## {{{ blend_install_tomb() blend_install_tomb() { fn blend_install_tomb req=(strapdir tomb_version tomb_url) ckreq || return 1 notice "cloning tomb gits" sudo git clone "$tomb_url" "$strapdir/root/tomb" || zerr notice "installing tomb in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-tomb >/dev/null #!/bin/sh cd /root/tomb git checkout ${tomb_version} make install cd extras/kdf-keys make && make install || exit 1 cd /root rm -rf tomb EOF # chroot-script install-tomb || zerr } ## }}} ## {{{ blend_install_golang() blend_install_golang() { fn blend_install_golang req=(strapdir golang_url) ckreq || return 1 notice "installing golang in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-golang >/dev/null #!/bin/sh cd /usr/local wget ${golang_url} || exit 1 tar xf $(basename ${golang_url}) rm -f $(basename ${golang_url}) ln -snvf /usr/local/go/bin/go /usr/local/bin/go ln -snvf /usr/local/go/bin/gofmt /usr/local/bin/gofmt EOF # chroot-script install-golang || zerr } ## }}} ## {{{ blend_install_tordam() blend_install_tordam() { fn blend_install_tordam req=(strapdir tordam_url) ckreq || return 1 notice "installing tor-dam in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-tordam >/dev/null #!/bin/sh cd /home/decode sudo -u decode go get -v -u ${tordam_url} cd /home/decode/go/src/github.com/decodeproject/tor-dam # A random password for the Tor Controlport auth torpass="\$(echo "\$(shuf -n 2 /usr/share/dict/words --random-source=/dev/urandom | tr '\n' '-')")" sed -i python/damhs.py -e "s/topkek/\${torpass}/" sed -i python/damauth.py -e "s/topkek/\${torpass}/" make install make -C contrib install-init torpass="\$(sudo -u debian-tor tor --hash-password "\${torpass}")" sed -e 's/User tor/User debian-tor/' < contrib/torrc > /etc/tor/torrc sed -e 's/HashedControlPassword .*//' -i /etc/tor/torrc echo "HashedControlPassword \${torpass}" >> /etc/tor/torrc EOF # chroot-script -d install-tordam || zerr } ## }}} ## {{{ blend_install_netdata() blend_install_netdata() { fn blend_install_netdata req=(strapdir netdata_version netdata_url) ckreq || return 1 notice "downloading netdata tarball" sudo wget -O "$strapdir/root/netdata.tgz" "$netdata_url" || zerr notice "installing netdata in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-netdata >/dev/null #!/bin/sh cd /root tar xvf netdata.tgz || exit 1 cd netdata-${netdata_version} ./netdata-installer.sh --dont-wait --dont-start-it || exit 1 cd .. rm -rf netdata.tgz netdata-${netdata_version} EOF # chroot-script install-netdata || zerr } ## }}} ## {{{ blend_install_stem() blend_install_stem() { fn blend_install_stem req=(strapdir stem_version stem_url) ckreq || return 1 notice "installing stem tor library" sudo git clone "$stem_url" "$strapdir/root/stem" || zerr notice "installing stem in $strapdir" cat <<-EOF | sudo tee ${strapdir}/install-stem >/dev/null #!/bin/sh cd /root/stem git checkout ${stem_version} python3 setup.py install || exit 1 cd .. rm -rf stem EOF # chroot-script install-stem || zerr } ## }}} ## {{{ blend_install_zenroom() blend_install_zenroom() { fn blend_install_zenroom req=(strapdir zenroom_url) ckreq || return 1 # notice "installing zenroom" # sudo wget -O "$strapdir/usr/local/bin/zenroom" "$zenroom_url" || zerr # sudo chmod +x "$strapdir/usr/local/bin/zenroom" } ## }}} ## {{{ blend_install_chainspace() blend_install_chainspace() { fn blend_install_chainspace req=(strapdir chainspace_url chainspacedist_url) ckreq || return 1 local p="$strapdir/home/decode/chainspace" notice "installing chainspace" sudo git clone "$chainspace_url" "$p" || zerr pushd "${p}" # FIXME: no longer being provided # sudo wget --no-check-certificate ${chainspacedist_url} || zerr # sudo tar xvf $(basename $chainspacedist_url) || zerr popd sudo chown -R 1000:1000 "$strapdir/home/decode" cat <<-EOF | sudo tee "${strapdir}/install-chainspace" #!/bin/sh paxctl -c /usr/bin/python* paxctl -m /usr/bin/python* pip3 install petlib pip3 install bplib cd /home/decode/chainspace pip3 install -e ./chainspacecontract pip3 install -e ./chainspaceapi rm -f /install-chainspace EOF # chroot-script -d install-chainspace } ## }}} ## {{{ blend_finalize() blend_finalize() { fn blend_finalize req=(strapdir) ckreq || return 1 cat <<-EOF | sudo tee ${strapdir}/finalize >/dev/null #!/bin/sh chsh -s /bin/bash ${username} for i in users ; do gpasswd -a ${username} \$i done sed -e 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config rc-update del redis-server default rc-update add dam-dir default rc-update add dam-client default ## misc sed -i -e 's/devuan/${hostname}/' /etc/hosts echo ${hostname} > /etc/hostname mkdir -p /var/lib/tor useradd devuan-tor -s /bin/false -d /var/lib/tor -M chown -R devuan-tor:devuan-tor /var/lib/tor rm -rf /var/lib/tor/hidden_service zfs_autoinstall_set "yes" ## cleanup apt-get --yes ${force_packages_option} purge ${finalize_purge_packages} apt-get --yes ${force_packages_option} autoremove apt-get clean apt-get update cleanupfiles=" /var/log/bootstrap.log /var/log/dpkg.log /var/log/alternatives.log /var/log/fontconfig.log /var/log/apt /var/log/fsck /var/log/ConsoleKit /var/lib/polkit-1 /usr/local/share/zsh/site-functions " echo "\$cleanupfiles" | xargs rm -rf EOF chroot-script -d finalize || zerr } ## }}} ## {{{ conf_print_sourceslist() conf_print_sourceslist() { fn conf_print_sourceslist "(override)" #tor_url=tor://deb.torproject.org/torproject.org/torproject.org tor_url=tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org cat <<-EOF ## package repositories deb http://deb.devuan.org/merged $release main contrib non-free #deb http://deb.devuan.org/merged $release-updates main contrib non-free #deb http://deb.devuan.org/merged $release-security main contrib non-free #deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url bookworm main #deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url tor-nightly-0.4.6.x-bookworm main ## source repositories #deb-src http://pkgmaster.devuan.org/merged $release main contrib non-free #deb-src http://pkgmaster.devuan.org/merged $release-updates main contrib non-free #deb-src http://pkgmaster.devuan.org/merged $release-security main contrib non-free #deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url bookworm main #deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url tor-nightly-0.4.6.x-bookworm main EOF } ## }}}