#!/bin/bash # # .---. . . # | | | # |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. # | | (.-' (.-' ( | ( )| | | | )( )| | (.-' # ' ' --' --' -' - -' ' ' -' -' -' ' - --' # # Freedom in the Cloud # # Based on bin/freedombox-customize from freedom-maker # # License # ======= # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . set -e set -x PROJECT_NAME='freedombone' INSTALL_DIR=/root/build COMPLETION_FILE=$HOME/${PROJECT_NAME}-completed.txt PROJECT_REPO="https://github.com/bashrc/${PROJECT_NAME}" VARIANT='full' # username created by default within a debian image GENERIC_IMAGE_USERNAME='fbone' export TEXTDOMAIN=${PROJECT_NAME}-image-customise export TEXTDOMAINDIR="/usr/share/locale" # Whether to minimise the number of decisions during interactive install MINIMAL_INSTALL="yes" MY_USERNAME='debian' MY_PASSWORD="${PROJECT_NAME}" # Minimum number of characters in a password MINIMUM_PASSWORD_LENGTH=10 # IP address of the router (gateway) ROUTER_IP_ADDRESS="192.168.1.254" # The fixed IP address of the Beaglebone Black on your local network BOX_IP_ADDRESS="192.168.1.55" # DNS NAMESERVER1='213.73.91.35' NAMESERVER2='85.214.20.141' # optional configuration file containing freedombone settings CONFIG_FILENAME= # Optional ssh public key to allow SSH_PUBKEY="no" # Whether this is a generic image for mass redistribution on the interwebs GENERIC_IMAGE="no" # default SSH port SSH_PORT=2222 # for mesh installs TRACKER_PORT=6969 # Whether sites are accessible only within a Tor browser ONION_ONLY="no" # Whether to only install debian and nothing else DEBIAN_INSTALL_ONLY="no" # wifi settings WIFI_INTERFACE='wlan0' WIFI_SSID= WIFI_TYPE='wpa2-psk' WIFI_PASSPHRASE= WIFI_HOTSPOT='no' WIFI_NETWORKS_FILE=~/${PROJECT_NAME}-wifi.cfg # Whether to install non-free wifi drivers for the mesh client INSECURE='no' # optional desktop background image for mesh MESH_DESKTOP_BACKGROUND_IMAGE=/usr/local/share/${PROJECT_NAME}_mesh_initial_background.png # The browser application to use BROWSER=midori MESH_INSTALL_DIR=/var/lib # for mesh installs whether to delete all data and generate # a new identity at every shutdown/boot AMNESIC='no' # defines the initial keyboard layout KEYBOARD_MAP='gb' # Strings used for setting the username MESH_TITLE=$"Freedombone Mesh" MESH_SET_USERNAME=$"Welcome to the Freedombone mesh.\n\nThe first thing you will need to do is set a username so that other peers can find you." # Whether to enable zeronet on the mesh ENABLE_ZERONET= MESH_TEXT_EDITOR='pluma' PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin function configure_backports { echo "deb http://${DEBIAN_REPO}/debian/ ${DEBIAN_VERSION}-backports main" >> $rootdir/etc/apt/sources.list } function configure_contrib_repo { if ! grep -q "contrib" $rootdir/etc/apt/sources.list; then chroot "$rootdir" /bin/sed -i "s| main| main contrib|g" /etc/apt/sources.list fi } enable_eatmydata_override() { chroot $rootdir apt-get install -y eatmydata if [ -x $rootdir/usr/bin/eatmydata ] && \ [ ! -f $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata ]; then echo $"info: Adding apt config to call dpkg via eatmydata" printf "#!/bin/sh\nexec eatmydata dpkg \"\$@\"\n" \ > $rootdir/var/tmp/dpkg-eatmydata chmod 755 $rootdir/var/tmp/dpkg-eatmydata cat > $rootdir/etc/apt/apt.conf.d/95debian-edu-install-dpkg-eatmydata < etc/apt/sources.list deb $NEW_MIRROR $SUITE $COMPONENTS deb-src $NEW_MIRROR $SUITE $COMPONENTS #deb http://security.debian.org/ $SUITE/updates main #deb-src http://security.debian.org/ $SUITE/updates main EOF } configure_networking() { if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then return fi if [[ $GENERIC_IMAGE == "no" ]]; then echo "# This file describes the network interfaces available on your system # and how to activate them. For more information, see interfaces(5). # The loopback network interface auto lo iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet static address $BOX_IP_ADDRESS netmask 255.255.255.0 gateway $ROUTER_IP_ADDRESS dns-nameservers $NAMESERVER1 $NAMESERVER2 # Example to keep MAC address between reboots #hwaddress ether B5:A2:BE:3F:1A:FE # The secondary network interface #auto eth1 #iface eth1 inet dhcp # WiFi Example #auto wlan0 #iface wlan0 inet dhcp # wpa-ssid \"essid\" # wpa-psk \"password\" # Ethernet/RNDIS gadget (g_ether) # ... or on host side, usbnet and random hwaddr # Note on some boards, usb0 is automaticly setup with an init script #iface usb0 inet static # address 192.168.7.2 # netmask 255.255.255.0 # network 192.168.7.0 # gateway 192.168.7.1" > $rootdir/etc/network/interfaces hexarray=( 1 2 3 4 5 6 7 8 9 0 a b c d e f ) a=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} b=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} c=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} d=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} e=${hexarray[$RANDOM%16]}${hexarray[$RANDOM%16]} sed -i "s|#hwaddress ether.*|hwaddress ether de:$a:$b:$c:$d:$e|g" \ $rootdir/etc/network/interfaces fi sed -i "s/nameserver.*/nameserver $NAMESERVER1/g" $rootdir/etc/resolv.conf sed -i "/nameserver $NAMESERVER1/a\nameserver $NAMESERVER2" $rootdir/etc/resolv.conf if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then # change the motd to show further install instructions echo $" .---. . . | | | |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. | | (.-' (.-' ( | ( )| | | | )( )| | (.-' ' ' --' --' -' - -' ' ' -' -' -' ' - --' Initial base install Your system is not yet installed. To complete the process run the following commands, then enter your details. sudo su ${PROJECT_NAME} menuconfig " > $rootdir/etc/motd else echo $" .---. . . | | | |--- .--. .-. .-. .-.| .-. .--.--. |.-. .-. .--. .-. | | (.-' (.-' ( | ( )| | | | )( )| | (.-' ' ' --' --' -' - -' ' ' -' -' -' ' - --' Freedom in the Mesh " > $rootdir/etc/motd fi } configure_ssh() { if [[ $VARIANT == "mesh" || $VARIANT == "meshclient" || $VARIANT == "meshusb" ]]; then return fi sed -i "s/Port .*/Port ${SSH_PORT}/g" $rootdir/etc/ssh/sshd_config if [[ "$SSH_PUBKEY" != "no" ]]; then if [ ! -d $rootdir/home/$MY_USERNAME/.ssh ]; then mkdir $rootdir/home/$MY_USERNAME/.ssh fi echo "$SSH_PUBKEY" > $rootdir/home/$MY_USERNAME/.ssh/authorized_keys chroot $rootdir /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.ssh sed -i 's|PasswordAuthentication.*|PasswordAuthentication no|g' $rootdir/etc/ssh/sshd_config echo $"Using ssh public key:" echo $SSH_PUBKEY echo $'Password ssh authentication turned off' fi } create_generic_image() { if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then return fi if [[ $GENERIC_IMAGE == "no" ]]; then return fi if [ $CONFIG_FILENAME ]; then if [[ "$CONFIG_FILENAME" == *"mesh.cfg"* ]]; then VARIANT="mesh" fi fi # Don't install any configuration. This will be a base system if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then CONFIG_FILENAME= else touch $rootdir/root/.initial_mesh_setup fi # Stick with the existing login for mesh clients if [[ $VARIANT == "meshclient" || $VARIANT == "meshusb" ]]; then return fi # The presence of this file indicates that the initial # setup has not yet been completed touch $rootdir/home/$MY_USERNAME/.initial_setup chroot $rootdir /bin/chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.initial_setup touch $rootdir/root/.initial_setup cat >> $rootdir/home/$MY_USERNAME/.bashrc <> $rootdir/root/.bashrc echo "SSH_PORT=${SSH_PORT}" >> $rootdir/root/.bashrc echo '# initial setup of the system' >> $rootdir/root/.bashrc echo 'if [ -f ~/.initial_setup ]; then' >> $rootdir/root/.bashrc echo ' if [ -f ~/login.txt ]; then' >> $rootdir/root/.bashrc echo ' NEW_USER_PASSWORD=$(printf `cat ~/login.txt`)' >> $rootdir/root/.bashrc echo ' else' >> $rootdir/root/.bashrc echo ' ENTROPY=$(cat /proc/sys/kernel/random/entropy_avail)' >> $rootdir/root/.bashrc echo ' if [ $ENTROPY -lt 500 ]; then' >> $rootdir/root/.bashrc ENTROPY_MESSAGE1=$'Initial setup process' ENTROPY_MESSAGE2=$'Password Generation' ENTROPY_MESSAGE3=$'WARNING: The entropy available on this system is too low to generate a password.\n\nThe installation process cannot continue.' echo " dialog --backtitle \"${ENTROPY_MESSAGE1}\" --title \"${ENTROPY_MESSAGE2}\" --msgbox \"${ENTROPY_MESSAGE3}\" 8 50" >> $rootdir/root/.bashrc echo ' exit' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo -n ' NEW_USER_PASSWORD="$(openssl rand -base64 30 | cut -c1-' >> $rootdir/root/.bashrc echo "${DEFAULT_PASSWORD_LENGTH})\"" >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo ' echo "${NEW_USER_PASSWORD}" > ~/login.txt' >> $rootdir/root/.bashrc echo ' clear' >> $rootdir/root/.bashrc echo ' echo ""' >> $rootdir/root/.bashrc NEW_LOGIN_PASSWORD_MESSAGE1=$'Your new login password is:' NEW_LOGIN_PASSWORD_MESSAGE2=$'Use it whenever you wish to ssh into this system.' NEW_LOGIN_PASSWORD_MESSAGE3=$'IMPORTANT: Please take a moment to enter the above password into a\npassword manager or write it down somewhere.' PRESS_KEY_MESSAGE=$'Press any key to continue...' echo " echo \"${NEW_LOGIN_PASSWORD_MESSAGE1}\"" >> $rootdir/root/.bashrc echo ' echo ""' >> $rootdir/root/.bashrc echo ' echo " ${NEW_USER_PASSWORD}"' >> $rootdir/root/.bashrc echo ' echo ""' >> $rootdir/root/.bashrc echo " echo \"${NEW_LOGIN_PASSWORD_MESSAGE2}\"" >> $rootdir/root/.bashrc echo ' echo ""' >> $rootdir/root/.bashrc echo " echo \"${NEW_LOGIN_PASSWORD_MESSAGE3}\"" >> $rootdir/root/.bashrc echo ' echo ""' >> $rootdir/root/.bashrc echo " read -n1 -r -p \"${PRESS_KEY_MESSAGE}\" key" >> $rootdir/root/.bashrc # change the password for the admin user echo -n " echo \"${MY_USERNAME}:" >> $rootdir/root/.bashrc echo '$(printf `cat ~/login.txt`)"|chpasswd' >> $rootdir/root/.bashrc # update before continuing echo " cd /root/${PROJECT_NAME}" >> $rootdir/root/.bashrc echo " git stash" >> $rootdir/root/.bashrc echo " git pull" >> $rootdir/root/.bashrc echo " make install" >> $rootdir/root/.bashrc if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then if [[ $ONION_ONLY == "no" ]]; then if [[ $MINIMAL_INSTALL == "no" ]]; then echo " ${PROJECT_NAME} menuconfig-full" >> $rootdir/root/.bashrc else echo " ${PROJECT_NAME} menuconfig" >> $rootdir/root/.bashrc fi else echo " ${PROJECT_NAME} menuconfig-onion" >> $rootdir/root/.bashrc fi else echo " echo ''" >> $rootdir/root/.bashrc fi echo ' if [ "$?" = "0" ]; then' >> $rootdir/root/.bashrc echo " if [ -f ~/${PROJECT_NAME}-completed.txt ]; then" >> $rootdir/root/.bashrc # Remove the initial setup files echo ' rm /root/.initial_setup' >> $rootdir/root/.bashrc echo ' rm /home/fbone/.initial_setup' >> $rootdir/root/.bashrc echo " touch /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc echo ' shred -zu ~/login.txt' >> $rootdir/root/.bashrc END_MESSAGE1=$'Congratulations!' if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then END_MESSAGE2=$'\nYour system has now installed\n\nThe onion ssh service is at:\n\n ${SSH_ONION_HOSTNAME}\n\nTo copy the above address hold down the shift key and double left click on it, then right click and select "copy".\n\nPress any key to reboot and begin using the system' echo ' SSH_ONION_HOSTNAME=$(cat /var/lib/tor/hidden_service_ssh/hostname)' >> $rootdir/root/.bashrc echo ' if [ ${#SSH_ONION_HOSTNAME} -lt 2 ]; then' >> $rootdir/root/.bashrc echo ' exit 62392' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc END_MESSAGE_HEIGHT=16 else END_MESSAGE2=$'\nYour system has now installed\n\nPress any key to reboot and begin using it' END_MESSAGE_HEIGHT=12 fi echo " if [ -f /root/${PROJECT_NAME}-wifi.cfg ]; then" >> $rootdir/root/.bashrc echo " echo '[Unit]' > /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'Description=WifiStartup (Start wifi networking)' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'After=syslog.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'After=network.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'After=remote-fs.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo '[Service]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'Type=simple' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'User=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'Group=root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'WorkingDirectory=/root' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'ExecStart=/usr/local/bin/freedombone-wifi --wait 5 2> /dev/null' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo '' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo '[Install]' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " echo 'WantedBy=multi-user.target' >> /etc/systemd/system/wifistart.service" >> $rootdir/root/.bashrc echo " systemctl enable wifistart" >> $rootdir/root/.bashrc echo " systemctl daemon-reload" >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo " dialog --title '$END_MESSAGE1' --msgbox \"$END_MESSAGE2\" ${END_MESSAGE_HEIGHT} 60" >> $rootdir/root/.bashrc echo ' reboot' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo ' else' >> $rootdir/root/.bashrc echo ' key=' >> $rootdir/root/.bashrc echo ' while [[ $key != "x" ]]; do' >> $rootdir/root/.bashrc INSTALL_FAIL_MESSAGE=$"Install failed. Press x to continue..." echo " read -n1 -r -p \"${INSTALL_FAIL_MESSAGE}\" key" >> $rootdir/root/.bashrc echo ' done' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo ' exit' >> $rootdir/root/.bashrc echo 'else' >> $rootdir/root/.bashrc echo ' # Remove default account after install' >> $rootdir/root/.bashrc echo " if [ -f /root/.remove_${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc echo " if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc echo " userdel -r ${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc echo " if [ -d /home/${GENERIC_IMAGE_USERNAME} ]; then" >> $rootdir/root/.bashrc echo " rm -rf /home/${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc echo " rm /root/.remove_${GENERIC_IMAGE_USERNAME}" >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo ' fi' >> $rootdir/root/.bashrc echo 'fi' >> $rootdir/root/.bashrc } continue_installation() { # If a configuration file exists then run with it # otherwise the interactive installer can be used # This is equivalent to installing freedombox-setup on freedombox if [ $CONFIG_FILENAME ]; then if [ ${#CONFIG_FILENAME} -gt 2 ]; then cp $CONFIG_FILENAME $rootdir/root/$PROJECT_NAME.cfg cat $rootdir/root/$PROJECT_NAME.cfg chroot "$rootdir" su -c "$PROJECT_NAME -c /root/$PROJECT_NAME.cfg" - root fi fi } atheros_wifi() { firmware_filename="open-ath9k-htc-firmware_1.3-1_all.deb" firmware_hash='5fea58ffefdf0ef15b504db7fbe3bc078c03e0d927bba64085e4b6f2546102f5' firmware_url="http://us.archive.trisquel.info/trisquel/pool/main/o/open-ath9k-htc-firmware/$firmware_filename" firmware_tempfile="/tmp/$firmware_filename" wget "$firmware_url" -O "$rootdir$firmware_tempfile" downloaded_firmware_hash=$(sha256sum "$rootdir$firmware_tempfile" | awk -F ' ' '{print $1}') if [[ "$downloaded_firmware_hash" == "$firmware_hash" ]]; then chroot "$rootdir" dpkg -i "$firmware_tempfile" else echo 'WARNING: Atheros Wifi firmware hash does not match. The driver has not been installed.' fi } configure_wifi() { if [[ $VARIANT == "mesh"* ]]; then return fi if [ -f $WIFI_NETWORKS_FILE ]; then chroot "$rootdir" ${PROJECT_NAME}-wifi --networks $WIFI_NETWORKS_FILE return fi if [[ $WIFI_TYPE != 'none' ]]; then if [ ${#WIFI_PASSPHRASE} -lt 2 ]; then return fi chroot "$rootdir" ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE -p $WIFI_PASSPHRASE --hotspot $WIFI_HOTSPOT else chroot "$rootdir" ${PROJECT_NAME}-wifi -s $WIFI_SSID -t $WIFI_TYPE --hotspot $WIFI_HOTSPOT fi } ############################################################################## # Mesh networking ############################################################################## # for mesh installs TRACKER_PORT=6969 WIFI_CHANNEL=2 # B.A.T.M.A.N settings BATMAN_CELLID='02:BA:00:00:03:01' WIFI_SSID='mesh' # To avoid confusions these are obtained from the main project file TOXID_REPO= TOX_PORT= TOXCORE_REPO= TOXIC_REPO= TOXCORE_COMMIT= TOXIC_COMMIT= # These are some default nodes, but you can replace them with trusted nodes # as you prefer. See https://wiki.tox.im/Nodes TOX_NODES= #TOX_NODES=( # '192.254.75.102,2607:5600:284::2,33445,951C88B7E75C867418ACDB5D273821372BB5BD652740BCDF623A4FA293E75D2F,Tox RELENG,US' # '144.76.60.215,2a01:4f8:191:64d6::1,33445,04119E835DF3E78BACF0F84235B300546AF8B936F035185E2A8E9E0A67C8924F,sonOfRa,DE' #) # To avoid confusions these are obtained from the main project file ZERONET_REPO= ZERONET_COMMIT= ZERONET_PORT= ZERONET_BLOG_REPO= ZERONET_BLOG_COMMIT= ZERONET_MAIL_REPO= ZERONET_MAIL_COMMIT= ZERONET_FORUM_REPO= ZERONET_FORUM_COMMIT= ZERONET_ID_REPO= ZERONET_ID_COMMIT= # Directory where source code is downloaded and compiled INSTALL_DIR=$HOME/build INSTALLING_MESH= initialise_mesh() { if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then return fi if [[ $DEBIAN_INSTALL_ONLY != "no" ]]; then return fi if [[ $INSECURE == $'yes' ]]; then echo '*********************************************************' echo $'WARNING: non-free wifi drivers are being installed.' echo $' This may compromise the security of your system.' echo '*********************************************************' # enable non-free repo if ! grep -q "non-free" $rootdir/etc/apt/sources.list; then chroot "$rootdir" /bin/sed -i "s| main| main non-free|g" /etc/apt/sources.list fi chroot "$rootdir" apt-get update # install proprietary wifi drivers # see https://wiki.debian.org/iwlwifi chroot "$rootdir" apt-get -y install firmware-iwlwifi firmware-b43-installer firmware-brcm80211 fi INSTALLING_MESH=1 configure_firewall install_avahi install_batman install_tomb #install_tahoelafs #install_librevault install_ipfs install_tox install_web_server install_pelican if [ $ENABLE_ZERONET ]; then install_zeronet fi MESH_SERVICE='mesh-setup.service' MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE MESH_STARTUP_PARAMS="${MY_USERNAME}" if [[ $AMNESIC != 'no' ]]; then MESH_STARTUP_PARAMS="${MY_USERNAME} amnesic" fi echo '[Unit]' > $MESH_SETUP_DAEMON echo 'Description=Initial mesh router configuration' >> $MESH_SETUP_DAEMON echo 'After=syslog.target' >> $MESH_SETUP_DAEMON echo 'After=network.target' >> $MESH_SETUP_DAEMON echo '[Service]' >> $MESH_SETUP_DAEMON echo 'Type=simple' >> $MESH_SETUP_DAEMON echo 'User=root' >> $MESH_SETUP_DAEMON echo 'Group=root' >> $MESH_SETUP_DAEMON echo 'WorkingDirectory=/root' >> $MESH_SETUP_DAEMON echo "ExecStart=/usr/local/bin/${PROJECT_NAME}-image-mesh ${MESH_STARTUP_PARAMS} > /var/log/mesh-setup.log" >> $MESH_SETUP_DAEMON echo '' >> $MESH_SETUP_DAEMON echo 'TimeoutSec=99999' >> $MESH_SETUP_DAEMON echo '' >> $MESH_SETUP_DAEMON echo '[Install]' >> $MESH_SETUP_DAEMON echo 'WantedBy=multi-user.target' >> $MESH_SETUP_DAEMON chroot "$rootdir" systemctl enable $MESH_SERVICE } # User interface for USB drive installs ###################################### function mesh_client_startup_applications { if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then mkdir -p $rootdir/home/$MY_USERNAME/Desktop fi if [ ! -d $rootdir/home/$MY_USERNAME/.config/autostart ]; then mkdir -p $rootdir/home/$MY_USERNAME/.config/autostart chroot "$rootdir" /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/.config fi START_DESKTOP=$rootdir/home/$MY_USERNAME/mesh-desktop.sh FIRST_BOOT=/home/$MY_USERNAME/.first_boot TAHOE_COMMAND="cd /var/lib/tahoelafs && venv/bin/tahoe" echo '#!/bin/bash' > $START_DESKTOP echo "setxkbmap ${KEYBOARD_MAP}" > $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/volumes-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/computer-icon-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/home-icon-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/network-icon-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/trash-icon-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/caja/desktop/volumes-visible false' >> $START_DESKTOP echo 'dconf write /org/mate/desktop/media-handling/automount-open false' >> $START_DESKTOP echo 'dconf write /org/mate/screensaver/lock-enabled false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-keyring-suspend false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-suspend false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-use-screensaver false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-blank-screen false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-hibernate false' >> $START_DESKTOP echo 'dconf write /org/mate/power-manager/lock-keyring-hibernate false' >> $START_DESKTOP echo 'dconf write /org/mate/desktop/peripherals/touchpad/scroll-method 2' >> $START_DESKTOP echo "touch /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP echo "chmod 600 /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP echo "env | grep DBUS_SESSION_BUS_ADDRESS > /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP echo "echo 'export DBUS_SESSION_BUS_ADDRESS' >> /home/$MY_USERNAME/.dbus/Xdbus" >> $START_DESKTOP echo '' >> $START_DESKTOP echo "amixer set 'Master' unmute" >> $START_DESKTOP echo "amixer set 'Master' 50%" >> $START_DESKTOP echo '' >> $START_DESKTOP echo '' >> $START_DESKTOP echo "if [ ! -f $FIRST_BOOT ]; then" >> $START_DESKTOP echo " $TAHOE_COMMAND start" >> $START_DESKTOP echo ' exit 0' >> $START_DESKTOP echo 'fi' >> $START_DESKTOP echo '' >> $START_DESKTOP echo 'INITIAL_TOX_USERNAME=""' >> $START_DESKTOP echo 'while [ ${#INITIAL_TOX_USERNAME} -eq 0 ]; do' >> $START_DESKTOP echo ' data=$(tempfile 2>/dev/null)' >> $START_DESKTOP echo ' trap "rm -f $data" 0 1 2 5 15' >> $START_DESKTOP echo -n " dialog --title \"${MESH_TITLE}\" " >> $START_DESKTOP echo -n "--backtitle \"${MESH_TITLE}\" " >> $START_DESKTOP echo -n "--inputbox \"${MESH_SET_USERNAME}\" 12 60 Anon " >> $START_DESKTOP echo '2>$data' >> $START_DESKTOP echo ' sel=$?' >> $START_DESKTOP echo ' case $sel in' >> $START_DESKTOP echo ' 0)' >> $START_DESKTOP echo ' INITIAL_TOX_USERNAME=$(<$data)' >> $START_DESKTOP echo ' ;;' >> $START_DESKTOP echo ' esac' >> $START_DESKTOP echo 'done' >> $START_DESKTOP echo '' >> $START_DESKTOP echo 'toxid --setuser "$INITIAL_TOX_USERNAME"' >> $START_DESKTOP echo '' >> $START_DESKTOP echo "if [ -f /home/$MY_USERNAME/.tahoe/tahoe.cfg ]; then" >> $START_DESKTOP echo " sed -i 's|nickname =.*|nickname = \$INITIAL_TOX_USERNAME|g' /home/$MY_USERNAME/.tahoe/tahoe.cfg" >> $START_DESKTOP echo " $TAHOE_COMMAND restart" >> $START_DESKTOP echo 'fi' >> $START_DESKTOP echo '' >> $START_DESKTOP echo "rm -f $FIRST_BOOT" >> $START_DESKTOP echo '' >> $START_DESKTOP echo 'exit 0' >> $START_DESKTOP chmod +x $START_DESKTOP START_DESKTOP2=$rootdir/home/$MY_USERNAME/.config/autostart/mesh-start.desktop echo '[Desktop Entry]' > $START_DESKTOP2 echo 'Type=Application' >> $START_DESKTOP2 echo 'Name=Mesh start desktop script' >> $START_DESKTOP2 echo "Exec=bash -c '~/mesh-desktop.sh'" >> $START_DESKTOP2 echo 'X-GNOME-Autostart-enabled=true' >> $START_DESKTOP2 chmod +x $START_DESKTOP2 START_DESKTOP3=$rootdir/home/$MY_USERNAME/.config/autostart/set_username.desktop echo '[Desktop Entry]' > $START_DESKTOP3 echo 'Version=1.0' >> $START_DESKTOP3 echo 'Name=Set Username' >> $START_DESKTOP3 echo 'Type=Application' >> $START_DESKTOP3 echo 'Comment=Set username' >> $START_DESKTOP3 echo "Exec=mate-terminal -e \"bash -c /home/${MY_USERNAME}/mesh-desktop.sh\"" >> $START_DESKTOP3 echo 'Icon=user-away' >> $START_DESKTOP3 echo 'Terminal=false' >> $START_DESKTOP3 echo 'Categories=Application;' >> $START_DESKTOP3 chmod +x $START_DESKTOP3 } function mesh_desktop_icons { if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then mkdir -p $rootdir/home/$MY_USERNAME/Desktop fi # Terminal #echo '[Desktop Entry]' > $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'Name=MATE Terminal' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'Type=Application' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'Comment=Use the command line' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'TryExec=mate-terminal' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'Exec=mate-terminal' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'Icon=terminal' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop #echo 'StartupNotify=true' >> $rootdir/home/$MY_USERNAME/Desktop/terminal.desktop chroot "$rootdir" /bin/chown -R $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop } function configure_user_interface { if [[ $VARIANT != "meshclient" && $VARIANT != "meshusb" && $VARIANT != "usb" ]]; then return fi # desktop chroot "$rootdir" apt-get -y install mate-desktop-environment # tool to change desktop settings from command line chroot "$rootdir" apt-get -y install dconf-cli dconf-gsettings-backend dbus dbus-x11 # for tomb chroot "$rootdir" apt-get -y install pinentry-gtk2 # for tox video chroot "$rootdir" apt-get -y install ffmpeg cheese v4l-utils # to provide notifications chroot "$rootdir" apt-get -y install libnotify-bin # for video/audio chroot "$rootdir" apt-get -y install libtheora-bin libvorbis-dev v4l-utils # a sane editor chroot "$rootdir" apt-get -y install emacs24 # for wifi monitoring chroot "$rootdir" apt-get -y install horst # for sound level control chroot "$rootdir" apt-get -y install alsa-utils # to play various media types chroot "$rootdir" apt-get -y install vlc # android adb to allow phones to be connected and for example transfer photos/documents chroot "$rootdir" apt-get -y install android-tools-adb # Produce a text file on the desktop listing users on the mesh cat < $rootdir/usr/bin/list-tox-users #!/bin/bash users_list=\$(lstox | awk -F ' ' '{\$1=""; print \$0}' | sed -e 's/^[[:space:]]*//' | sort -d) if [ ! \$users_list ]; then no_of_users=0 else no_of_users=\$(echo "\$users_list" | wc -l) fi if [ \$no_of_users -gt 0 ]; then echo "\$users_list" > /tmp/Users.txt chown $MY_USERNAME:$MY_USERNAME /tmp/Users.txt echo 'showing_users=\$(ps aux | grep $MESH_TEXT_EDITOR | grep "Users.txt")' > /home/$MY_USERNAME/showusers echo 'if [ \${#showing_users} -eq 0 ]; then' >> /home/$MY_USERNAME/showusers echo ' $MESH_TEXT_EDITOR /tmp/Users.txt' >> /home/$MY_USERNAME/showusers echo 'fi' >> /home/$MY_USERNAME/showusers echo 'exit 0' >> /home/$MY_USERNAME/showusers chmod +x /home/$MY_USERNAME/showusers chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/showusers echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/Users.desktop if [ \$no_of_users -lt 2 ]; then echo "Name=\$no_of_users Other User" >> /home/$MY_USERNAME/Desktop/Users.desktop else echo "Name=\$no_of_users Other Users" >> /home/$MY_USERNAME/Desktop/Users.desktop fi echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/Users.desktop echo 'Comment=List of users' >> /home/$MY_USERNAME/Desktop/Users.desktop echo 'Exec=bash /home/$MY_USERNAME/showusers' >> /home/$MY_USERNAME/Desktop/Users.desktop echo 'Icon=/usr/share/$PROJECT_NAME/avatars/otheruser.png' >> /home/$MY_USERNAME/Desktop/Users.desktop echo 'StartupNotify=false' >> /home/$MY_USERNAME/Desktop/Users.desktop chmod +x /home/$MY_USERNAME/Desktop/Users.desktop chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/Users.desktop if [ -f /tmp/.ipfs-users ]; then echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/sites.desktop echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/sites.desktop echo "Name=Visit a site" >> /home/$MY_USERNAME/Desktop/sites.desktop echo 'Comment=Visit a site' >> /home/$MY_USERNAME/Desktop/sites.desktop echo 'Exec=mate-terminal -e /usr/local/bin/${PROJECT_NAME}-mesh-visit-site' >> /home/$MY_USERNAME/Desktop/sites.desktop echo 'Icon=/usr/share/${PROJECT_NAME}/avatars/ipfs.jpg' >> /home/$MY_USERNAME/Desktop/sites.desktop echo 'StartupNotify=false' >> /home/$MY_USERNAME/Desktop/sites.desktop chmod +x /home/$MY_USERNAME/Desktop/sites.desktop chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/sites.desktop echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/blog.desktop echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/blog.desktop echo "Name=Blog" >> /home/$MY_USERNAME/Desktop/blog.desktop echo 'Comment=View or create blog entries' >> /home/$MY_USERNAME/Desktop/blog.desktop echo 'Exec=mate-terminal -e /usr/local/bin/${PROJECT_NAME}-mesh-blog' >> /home/$MY_USERNAME/Desktop/blog.desktop echo 'Icon=/usr/share/${PROJECT_NAME}/avatars/blog.png' >> /home/$MY_USERNAME/Desktop/blog.desktop echo 'StartupNotify=false' >> /home/$MY_USERNAME/Desktop/blog.desktop chmod +x /home/$MY_USERNAME/Desktop/blog.desktop chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/blog.desktop fi if [ ! -f /home/$MY_USERNAME/runtox ]; then echo 'qtox_running=\$(ps aux | grep qtox | grep data)' > /home/$MY_USERNAME/runtox echo 'if [ \${#qtox_running} -eq 0 ]; then' >> /home/$MY_USERNAME/runtox echo ' bash -c "qtox -p data"' >> /home/$MY_USERNAME/runtox echo 'fi' >> /home/$MY_USERNAME/runtox echo 'exit 0' >> /home/$MY_USERNAME/runtox chmod +x /home/$MY_USERNAME/runtox chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/runtox fi if [ ! -f /home/$MY_USERNAME/Desktop/tox.desktop ]; then echo '[Desktop Entry]' > /home/$MY_USERNAME/Desktop/tox.desktop echo 'Name=Chat' >> /home/$MY_USERNAME/Desktop/tox.desktop echo 'Type=Application' >> /home/$MY_USERNAME/Desktop/tox.desktop echo 'Comment=Chat, Voice and Video' >> /home/$MY_USERNAME/Desktop/tox.desktop echo 'Exec=bash /home/$MY_USERNAME/runtox' >> /home/$MY_USERNAME/Desktop/tox.desktop echo "Icon=/usr/share/$PROJECT_NAME/avatars/chat.png" >> /home/$MY_USERNAME/Desktop/tox.desktop echo 'StartupNotify=true' >> /home/$MY_USERNAME/Desktop/tox.desktop chmod +x /home/$MY_USERNAME/Desktop/tox.desktop chown $MY_USERNAME:$MY_USERNAME /home/$MY_USERNAME/Desktop/tox.desktop fi else if [ -f /tmp/Users.txt ]; then rm /tmp/Users.txt rm /home/$MY_USERNAME/Desktop/Users.desktop if [ -f /home/$MY_USERNAME/Desktop/Users.desktop ]; then rm /home/$MY_USERNAME/Desktop/Users.desktop fi if [ -f /home/$MY_USERNAME/Desktop/sites.desktop ]; then rm /home/$MY_USERNAME/Desktop/sites.desktop fi if [ -f /home/$MY_USERNAME/Desktop/blog.desktop ]; then rm /home/$MY_USERNAME/Desktop/blog.desktop fi if [ -f /home/$MY_USERNAME/Desktop/tox.desktop ]; then rm /home/$MY_USERNAME/Desktop/tox.desktop fi pkill qtox fi fi EOF chroot "$rootdir" /bin/chown $MY_USERNAME:$MY_USERNAME /usr/bin/list-tox-users chroot "$rootdir" /bin/chmod +x /usr/bin/list-tox-users echo "* * * * * $MY_USERNAME bash -c /usr/bin/list-tox-users > /dev/null" >> $rootdir/etc/crontab if [[ $VARIANT != "usb" ]]; then # log in automatically chroot "$rootdir" apt-get -y install nodm xinit echo 'NODM_ENABLED=true' > /etc/default/nodm echo "NODM_USER=$MY_USERNAME" >> /etc/default/nodm chroot "$rootdir" mkdir /etc/systemd/system/getty@tty1.service.d echo '[Service]' > $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf echo 'ExecStart=' >> $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf echo 'ExecStart=-/sbin/agetty --autologin fbone --noclear %I $TERM' >> $rootdir/etc/systemd/system/getty@tty1.service.d/override.conf echo '[[ -z $DISPLAY && $XDG_VTNR -eq 1 ]] && exec startx' >> $rootdir/home/$MY_USERNAME/.profile chroot "$rootdir" systemctl set-default multi-user.target mesh_client_startup_applications mesh_desktop_icons # Different desktop background for amnesic if [[ $AMNESIC != 'no' ]]; then MESH_DESKTOP_BACKGROUND_IMAGE=/usr/local/share/${PROJECT_NAME}_mesh_amnesic_background.png fi # change the desktop background if [ $MESH_DESKTOP_BACKGROUND_IMAGE ]; then if [ -f $MESH_DESKTOP_BACKGROUND_IMAGE ]; then if [ -d $rootdir/usr/share/images/desktop-base ]; then cp $MESH_DESKTOP_BACKGROUND_IMAGE $rootdir/usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png chroot "$rootdir" /bin/rm /usr/share/images/desktop-base/desktop-background chroot "$rootdir" ln -s /usr/share/images/desktop-base/${PROJECT_NAME}_mesh_background.png /usr/share/images/desktop-base/desktop-background fi fi fi else chroot "$rootdir" apt-get -y install lightdm fi # browser chroot "$rootdir" apt-get -y install $BROWSER # help mkdir -p $rootdir/home/${MY_USERNAME}/help/images cd $rootdir/root/${PROJECT_NAME}/website ./deploy.sh EN $rootdir/home/${MY_USERNAME}/help chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/help # Tox user interface enable_tox_repo mesh_tox_qtox # copy the default qtox ini file if [ ! -d ${rootdir}/home/${MY_USERNAME}/.config/tox ]; then mkdir ${rootdir}/home/${MY_USERNAME}/.config/tox cp /usr/local/bin/${PROJECT_NAME}-config-qtox ${rootdir}/home/${MY_USERNAME}/.config/tox/qtox.ini chroot "$rootdir" /bin/chown -R ${MY_USERNAME}:${MY_USERNAME} /home/${MY_USERNAME}/.config fi if [[ $VARIANT == "usb" ]]; then # tor chroot "$rootdir" apt-get -y install tor # xmpp client chroot "$rootdir" echo "deb ftp://ftp.gajim.org/debian unstable main" > /etc/apt/sources.list.d/gajim.list chroot "$rootdir" apt-get update chroot "$rootdir" apt-get -y install gajim-dev-keyring chroot "$rootdir" apt-get -y install git python-dev python-pip gajim-nightly chroot "$rootdir" mkdir /home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins -p chroot "$rootdir" git clone https://github.com/omemo/gajim-omemo /home/$GENERIC_IMAGE_USERNAME/.local/share/gajim/plugins/gajim-omemo chroot "$rootdir" pip install protobuf==2.6.1, python-axolotl==0.1.35 chroot "$rootdir" /bin/chown -R $GENERIC_IMAGE_USERNAME:$GENERIC_IMAGE_USERNAME /home/$GENERIC_IMAGE_USERNAME/.local # IRC client chroot "$rootdir" apt-get -y install hexchat profanity fi } ############################################################################## # Set to true/false to control if eatmydata is used during build use_eatmydata=true rootdir="$1" fmdir="$(pwd)" image="$fmdir"/"$2" cd "$rootdir" echo info: building $MACHINE for $ARCHITECTURE export DEBIAN_FRONTEND=noninteractive DEBCONF_NONINTERACTIVE_SEEN=true export LC_ALL=C LANGUAGE=C LANG=C # Override libpam-tmpdir setting during build, as the directories # are not created yet. export TMP=/tmp/ TMPDIR=/tmp/ if [ ! $MY_USERNAME ]; then echo $'No username was specified' exit 52825 fi username=$MY_USERNAME echo $"warning: creating initial user $username with well known password!" password=$MY_PASSWORD chroot "$rootdir" /usr/bin/env -i \ HOME=/root \ PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin echo "export PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin:" >> $rootdir/root/.bashrc chroot "$rootdir" adduser --gecos $username --disabled-password $username echo $username:$password | chroot "$rootdir" /usr/sbin/chpasswd chroot "$rootdir" adduser $username sudo if [ ! $DEBIAN_REPO ]; then DEBIAN_REPO='ftp.de.debian.org' fi if [ ! $DEBIAN_VERSION ]; then DEBIAN_VERSION='jessie' fi set_apt_sources $BUILD_MIRROR chroot "$rootdir" apt-get clean chroot "$rootdir" /bin/rm -rf /var/lib/apt/lists/* chroot "$rootdir" apt-get clean set_apt_sources $MIRROR configure_backports configure_contrib_repo chroot "$rootdir" apt-get update chroot "$rootdir" apt-get install -y apt-utils cat > $rootdir/usr/sbin/policy-rc.d <&1 | \ tee $rootdir/var/log/${PROJECT_NAME}-image-hardware-setup.log rm $rootdir/usr/sbin/policy-rc.d # Set up HRNG for systems known to have one # Otherwise install haveged if [[ "$MACHINE" != "beaglebone" ]]; then chroot $rootdir apt-get -y install haveged else chroot $rootdir apt-get -y install rng-tools sed -i 's|#HRNGDEVICE=/dev/hwrng|HRNGDEVICE=/dev/hwrng|g' $rootdir/etc/default/rng-tools fi # copy u-boot to beginning of image case "$MACHINE" in beaglebone) dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/MLO of="$image" \ count=1 seek=1 conv=notrunc bs=128k dd if=$rootdir/usr/lib/u-boot/am335x_boneblack/u-boot.img of="$image" \ count=2 seek=1 conv=notrunc bs=384k ;; cubieboard2) dd if=$rootdir/usr/lib/u-boot/Cubieboard2/u-boot-sunxi-with-spl.bin of="$image" \ seek=8 conv=notrunc bs=1k ;; a20-olinuxino-lime) dd if=$rootdir/usr/lib/u-boot/A20-OLinuXino-Lime/u-boot-sunxi-with-spl.bin \ of="$image" seek=8 conv=notrunc bs=1k ;; esac if $use_eatmydata ; then disable_eatmydata_override fi configure_ssh configure_networking admin_user_sudo create_generic_image atheros_wifi continue_installation initialise_mesh configure_wifi configure_user_interface # remove downloaded packages chroot $rootdir apt-get clean cd / echo $"info: killing leftover processes in chroot" fuser -mvk $rootdir/. || true exit 0