371 lines
10 KiB
Bash
371 lines
10 KiB
Bash
#!/usr/bin/env zsh
|
|
# Copyright (c) 2017-2018 Dyne.org Foundation
|
|
#
|
|
# decode.blend is written and maintained by Ivan J. <parazyd@dyne.org>
|
|
#
|
|
# This source code is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
#
|
|
# This software is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this source code. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
## libdevuansdk build script for decode-os
|
|
|
|
BLENDPATH="${BLENDPATH:-$(dirname $0)}"
|
|
|
|
#source "$R/../config"
|
|
|
|
source $BLENDPATH/config
|
|
source $BLENDPATH/helpers
|
|
source $BLENDPATH/sysconf
|
|
source $BLENDPATH/gpt_uuid_list
|
|
source $BLENDPATH/install_custom_uname
|
|
|
|
blend_release_path=$BLENDPATH/$release
|
|
blend_packages=${blend_release_path}/packages
|
|
blend_scripts=${blend_release_path}/scripts
|
|
|
|
blend_bootstrap_setup() {
|
|
fn blend_bootstrap_setup "(override)"
|
|
req=(strapdir)
|
|
ckreq || return 1
|
|
|
|
sudo cp -v "$R/../extra/deb.torproject.org.asc" "$strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/blend-bootstrap-setup >/dev/null
|
|
#!/bin/sh
|
|
echo " * Adding deb.torproject.org repo key to apt..."
|
|
#cat /deb.torproject.asc | apt-key add -
|
|
#rm -f /deb.torproject.asc
|
|
#wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \
|
|
# gpg --dearmor | \
|
|
# tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null
|
|
EOF
|
|
chroot-script -d blend-bootstrap-setup || zerr
|
|
}
|
|
|
|
blend_preinst() {
|
|
fn blend_preinst
|
|
req=(strapdir)
|
|
ckreq || return 1
|
|
|
|
notice "executing $blend_name preinst"
|
|
|
|
add-user default default
|
|
|
|
# FIXME:if we move the configure_bootloader to after rsync_to_raw_image
|
|
# in lib/libdevuansdk/zlibs/helpers this may not be necessary as we would
|
|
# run it not in the chroot but on the mounted rsync_to_raw_image_image
|
|
cp ${BLENDPATH}/extra/custom_grub-mkconfig $strapdir/usr/local/bin/grub-mkconfig
|
|
chmod +x $strapdir/usr/local/bin/grub-mkconfig
|
|
|
|
cat <<-EOF | sudo tee ${strapdir}/update_path >/dev/null
|
|
export PATH=/usr/local/bin:${PATH}
|
|
EOF
|
|
chroot-script -d update_path || zerr
|
|
}
|
|
|
|
blend_postinst() {
|
|
fn blend_postinst
|
|
req=(strapdir)
|
|
ckreq || return 1
|
|
|
|
notice "executing $blend_name postinst"
|
|
|
|
#nopackage=(musl tomb golang tordam stem netdata zenroom chainspace)
|
|
#nopackage=(musl tomb golang tordam netdata zenroom chainspace)
|
|
nopackage=()
|
|
for app in $nopackage; do
|
|
blend_install_${app} || zerr
|
|
done || zerr
|
|
|
|
notice "copying rootfs overlays"
|
|
rootfs_overlay_path="$R/../rootfs-overlay"
|
|
sudo rsync -raX "${rootfs_overlay_path}/common/" "${strapdir}"
|
|
if [[ -n "$vmsdk_version" ]]; then
|
|
_sdk="vm"
|
|
elif [[ -n "$armsdk_version" ]]; then
|
|
_sdk="arm"
|
|
elif [[ -n "$livesdk_version" ]]; then
|
|
_sdk="live"
|
|
fi
|
|
sudo rsync -raX "${rootfs_overlay_path}/${_sdk}/" "${strapdir}"
|
|
|
|
# FIXME:if we move the configure_bootloader to after rsync_to_raw_image this
|
|
# may not be necessary as we would run it not in the chroot but on the
|
|
# mounted rsync_to_raw_image_image
|
|
remove_custom_uname
|
|
rm "$strapdir/usr/local/bin/grub-mkconfig"
|
|
|
|
blend_finalize || zerr
|
|
}
|
|
|
|
## {{{ blend_install_musl()
|
|
blend_install_musl() {
|
|
fn blend_install_musl
|
|
req=(strapdir musl_version musl_url)
|
|
ckreq || return 1
|
|
|
|
notice "cloning musl gits"
|
|
sudo git clone "$musl_url" "$strapdir/root/musl" || zerr
|
|
|
|
notice "installing musl in $strapdir"
|
|
|
|
cat <<-EOF | sudo tee ${strapdir}/install-musl >/dev/null
|
|
#!/bin/sh
|
|
cd /root/musl
|
|
git checkout ${musl_version}
|
|
./configure && \
|
|
make ${MAKEOPTS} && make install || exit 1
|
|
cd ..
|
|
rm -rf musl
|
|
EOF
|
|
# chroot-script install-musl || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_tomb()
|
|
blend_install_tomb() {
|
|
fn blend_install_tomb
|
|
req=(strapdir tomb_version tomb_url)
|
|
ckreq || return 1
|
|
|
|
notice "cloning tomb gits"
|
|
sudo git clone "$tomb_url" "$strapdir/root/tomb" || zerr
|
|
|
|
notice "installing tomb in $strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/install-tomb >/dev/null
|
|
#!/bin/sh
|
|
cd /root/tomb
|
|
git checkout ${tomb_version}
|
|
make install
|
|
|
|
cd extras/kdf-keys
|
|
make && make install || exit 1
|
|
|
|
cd /root
|
|
rm -rf tomb
|
|
EOF
|
|
# chroot-script install-tomb || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_golang()
|
|
blend_install_golang() {
|
|
fn blend_install_golang
|
|
req=(strapdir golang_url)
|
|
ckreq || return 1
|
|
|
|
notice "installing golang in $strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/install-golang >/dev/null
|
|
#!/bin/sh
|
|
cd /usr/local
|
|
wget ${golang_url} || exit 1
|
|
tar xf $(basename ${golang_url})
|
|
rm -f $(basename ${golang_url})
|
|
|
|
ln -snvf /usr/local/go/bin/go /usr/local/bin/go
|
|
ln -snvf /usr/local/go/bin/gofmt /usr/local/bin/gofmt
|
|
EOF
|
|
# chroot-script install-golang || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_tordam()
|
|
blend_install_tordam() {
|
|
fn blend_install_tordam
|
|
req=(strapdir tordam_url)
|
|
ckreq || return 1
|
|
|
|
notice "installing tor-dam in $strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/install-tordam >/dev/null
|
|
#!/bin/sh
|
|
cd /home/decode
|
|
sudo -u decode go get -v -u ${tordam_url}
|
|
cd /home/decode/go/src/github.com/decodeproject/tor-dam
|
|
|
|
# A random password for the Tor Controlport auth
|
|
torpass="\$(echo "\$(shuf -n 2 /usr/share/dict/words --random-source=/dev/urandom | tr '\n' '-')")"
|
|
sed -i python/damhs.py -e "s/topkek/\${torpass}/"
|
|
sed -i python/damauth.py -e "s/topkek/\${torpass}/"
|
|
make install
|
|
make -C contrib install-init
|
|
|
|
torpass="\$(sudo -u debian-tor tor --hash-password "\${torpass}")"
|
|
sed -e 's/User tor/User debian-tor/' < contrib/torrc > /etc/tor/torrc
|
|
sed -e 's/HashedControlPassword .*//' -i /etc/tor/torrc
|
|
echo "HashedControlPassword \${torpass}" >> /etc/tor/torrc
|
|
EOF
|
|
# chroot-script -d install-tordam || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_netdata()
|
|
blend_install_netdata() {
|
|
fn blend_install_netdata
|
|
req=(strapdir netdata_version netdata_url)
|
|
ckreq || return 1
|
|
|
|
notice "downloading netdata tarball"
|
|
sudo wget -O "$strapdir/root/netdata.tgz" "$netdata_url" || zerr
|
|
|
|
notice "installing netdata in $strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/install-netdata >/dev/null
|
|
#!/bin/sh
|
|
cd /root
|
|
tar xvf netdata.tgz || exit 1
|
|
cd netdata-${netdata_version}
|
|
./netdata-installer.sh --dont-wait --dont-start-it || exit 1
|
|
cd ..
|
|
rm -rf netdata.tgz netdata-${netdata_version}
|
|
EOF
|
|
# chroot-script install-netdata || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_stem()
|
|
blend_install_stem() {
|
|
fn blend_install_stem
|
|
req=(strapdir stem_version stem_url)
|
|
ckreq || return 1
|
|
|
|
notice "installing stem tor library"
|
|
sudo git clone "$stem_url" "$strapdir/root/stem" || zerr
|
|
|
|
notice "installing stem in $strapdir"
|
|
cat <<-EOF | sudo tee ${strapdir}/install-stem >/dev/null
|
|
#!/bin/sh
|
|
cd /root/stem
|
|
git checkout ${stem_version}
|
|
python3 setup.py install || exit 1
|
|
cd ..
|
|
rm -rf stem
|
|
EOF
|
|
# chroot-script install-stem || zerr
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_zenroom()
|
|
blend_install_zenroom() {
|
|
fn blend_install_zenroom
|
|
req=(strapdir zenroom_url)
|
|
ckreq || return 1
|
|
|
|
# notice "installing zenroom"
|
|
# sudo wget -O "$strapdir/usr/local/bin/zenroom" "$zenroom_url" || zerr
|
|
# sudo chmod +x "$strapdir/usr/local/bin/zenroom"
|
|
}
|
|
## }}}
|
|
## {{{ blend_install_chainspace()
|
|
blend_install_chainspace() {
|
|
fn blend_install_chainspace
|
|
req=(strapdir chainspace_url chainspacedist_url)
|
|
ckreq || return 1
|
|
|
|
local p="$strapdir/home/decode/chainspace"
|
|
|
|
notice "installing chainspace"
|
|
|
|
sudo git clone "$chainspace_url" "$p" || zerr
|
|
pushd "${p}"
|
|
# FIXME: no longer being provided
|
|
# sudo wget --no-check-certificate ${chainspacedist_url} || zerr
|
|
# sudo tar xvf $(basename $chainspacedist_url) || zerr
|
|
popd
|
|
sudo chown -R 1000:1000 "$strapdir/home/decode"
|
|
|
|
cat <<-EOF | sudo tee "${strapdir}/install-chainspace"
|
|
#!/bin/sh
|
|
paxctl -c /usr/bin/python*
|
|
paxctl -m /usr/bin/python*
|
|
|
|
pip3 install petlib
|
|
pip3 install bplib
|
|
cd /home/decode/chainspace
|
|
pip3 install -e ./chainspacecontract
|
|
pip3 install -e ./chainspaceapi
|
|
|
|
rm -f /install-chainspace
|
|
EOF
|
|
# chroot-script -d install-chainspace
|
|
}
|
|
## }}}
|
|
|
|
## {{{ blend_finalize()
|
|
blend_finalize() {
|
|
fn blend_finalize
|
|
req=(strapdir)
|
|
ckreq || return 1
|
|
|
|
cat <<-EOF | sudo tee ${strapdir}/finalize >/dev/null
|
|
#!/bin/sh
|
|
|
|
chsh -s /bin/bash ${username}
|
|
for i in users ; do
|
|
gpasswd -a ${username} \$i
|
|
done
|
|
|
|
sed -e 's/UsePAM yes/UsePAM no/' -i /etc/ssh/sshd_config
|
|
|
|
rc-update del redis-server default
|
|
rc-update add dam-dir default
|
|
rc-update add dam-client default
|
|
|
|
## misc
|
|
sed -i -e 's/devuan/${hostname}/' /etc/hosts
|
|
echo ${hostname} > /etc/hostname
|
|
mkdir -p /var/lib/tor
|
|
useradd devuan-tor -s /bin/false -d /var/lib/tor -M
|
|
chown -R devuan-tor:devuan-tor /var/lib/tor
|
|
rm -rf /var/lib/tor/hidden_service
|
|
|
|
zfs_autoinstall_set "yes"
|
|
|
|
## cleanup
|
|
apt-get --yes ${force_packages_option} purge ${finalize_purge_packages}
|
|
apt-get --yes ${force_packages_option} autoremove
|
|
apt-get clean
|
|
apt-get update
|
|
|
|
cleanupfiles="
|
|
/var/log/bootstrap.log
|
|
/var/log/dpkg.log
|
|
/var/log/alternatives.log
|
|
/var/log/fontconfig.log
|
|
/var/log/apt
|
|
/var/log/fsck
|
|
/var/log/ConsoleKit
|
|
/var/lib/polkit-1
|
|
/usr/local/share/zsh/site-functions
|
|
"
|
|
echo "\$cleanupfiles" | xargs rm -rf
|
|
EOF
|
|
|
|
chroot-script -d finalize || zerr
|
|
}
|
|
## }}}
|
|
## {{{ conf_print_sourceslist()
|
|
conf_print_sourceslist() {
|
|
fn conf_print_sourceslist "(override)"
|
|
|
|
#tor_url=tor://deb.torproject.org/torproject.org/torproject.org
|
|
tor_url=tor://apow7mjfryruh65chtdydfmqfpj5btws7nbocgtaovhvezgccyjazpqd.onion/torproject.org
|
|
|
|
cat <<-EOF
|
|
## package repositories
|
|
deb http://deb.devuan.org/merged $release main contrib non-free
|
|
#deb http://deb.devuan.org/merged $release-updates main contrib non-free
|
|
#deb http://deb.devuan.org/merged $release-security main contrib non-free
|
|
#deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url bookworm main
|
|
#deb [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url tor-nightly-0.4.6.x-bookworm main
|
|
|
|
## source repositories
|
|
#deb-src http://pkgmaster.devuan.org/merged $release main contrib non-free
|
|
#deb-src http://pkgmaster.devuan.org/merged $release-updates main contrib non-free
|
|
#deb-src http://pkgmaster.devuan.org/merged $release-security main contrib non-free
|
|
#deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url bookworm main
|
|
#deb-src [signed-by=/usr/share/keyrings/tor-archive-keyring.gpg] $tor_url tor-nightly-0.4.6.x-bookworm main
|
|
EOF
|
|
}
|
|
## }}}
|