Begin combining mesh install functions

This commit is contained in:
Bob Mottram 2016-07-12 08:27:11 +01:00
parent e158148c1f
commit 2a3c1bb429
9 changed files with 781 additions and 760 deletions

View File

@ -84,7 +84,49 @@ function remove_batman {
sed -i '/configure_firewall_for_batman/d' $COMPLETION_FILE
}
function mesh_install_batman {
chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
chroot "$rootdir" apt-get -y install wireless-tools rfkill
if ! grep -q "batman_adv" $rootdir/etc/modules; then
echo 'batman_adv' >> $rootdir/etc/modules
fi
BATMAN_SCRIPT=$rootdir/var/lib/batman
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
else
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
echo 'After=network.target' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Service]' >> $BATMAN_DAEMON
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
echo 'Restart=on-failure' >> $BATMAN_DAEMON
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
echo 'TimeoutSec=300' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Install]' >> $BATMAN_DAEMON
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
chroot "$rootdir" systemctl enable batman
}
function install_batman {
if [ $INSTALLING_MESH ]; then
mesh_install_batman
return
fi
if grep -Fxq "install_batman" $COMPLETION_FILE; then
return
fi

View File

@ -255,7 +255,48 @@ function configure_firewall_for_syncthing {
echo 'configure_firewall_for_syncthing' >> $COMPLETION_FILE
}
function mesh_install_syncthing {
chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
chroot "$rootdir" apt-get update
chroot "$rootdir" apt-get -y --force-yes install syncthing
# This probably does need to run as root so that it can access the Sync directories
# in each user's home directory
chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" systemctl enable syncthing
chroot "$rootdir" systemctl daemon-reload
if ! grep -q "syncthing" $rootdir/etc/crontab; then
chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab
chroot "$rootdir" systemctl restart cron
fi
echo 'mesh_install_syncthing'
}
function install_syncthing {
if [ $INSTALLING_MESH ]; then
mesh_install_syncthing
return
fi
if grep -Fxq "install_syncthing" $COMPLETION_FILE; then
return
fi

View File

@ -246,6 +246,11 @@ function tox_avahi {
}
function install_tox_node {
if [ $INSTALLING_MESH ]; then
mesh_tox_node
return
fi
if grep -Fxq "install_tox_node" $COMPLETION_FILE; then
return
fi
@ -327,4 +332,239 @@ function install_tox {
echo 'install_tox' >> $COMPLETION_FILE
}
function mesh_tox_node {
# obtain commits from the main file
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
fi
if [ ! $TOXCORE_COMMIT ]; then
echo $'No Tox commit was specified'
exit 76325
fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN
fi
if [ ! $TOX_PORT ]; then
echo $'No Tox port was specified'
exit 32856
fi
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
TOXCORE_REPO=$TOXCORE_REPO_MAIN
fi
if [ ! $TOXCORE_REPO ]; then
echo $'No Tox repo was specified'
exit 16865
fi
chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev
chroot "$rootdir" apt-get -y install automake checkinstall check git yasm
chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin
chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev
TEMP_SCRIPT_NAME=fbtmp37272.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT
echo 'autoreconf -i' >> $TEMP_SCRIPT
echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT
echo 'make' >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT
echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT
echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT
echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
SECONDS=0
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
duration=$SECONDS
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
echo $'Unable to make toxcore'
rm $TEMP_SCRIPT
exit 73835
fi
duration=$SECONDS
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
rm $TEMP_SCRIPT
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
echo $"File not found /usr/local/bin/tox-bootstrapd"
exit 37825
fi
chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd
# remove Maildir
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
fi
# create configuration file
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
if [ $TOX_NODES ]; then
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ]
do
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
if [[ $toxval_ipv6 != 'NONE' ]]; then
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
else
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
fi
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
toxcount=$(( $toxcount + 1 ))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
echo "}," >> $TOX_BOOTSTRAP_CONFIG
else
echo "}" >> $TOX_BOOTSTRAP_CONFIG
fi
done
echo ')' >> $TOX_BOOTSTRAP_CONFIG
fi
}
function mesh_tox_avahi {
if [ ! -d $rootdir/etc/avahi ]; then
echo $'tox_avahi: avahi is not installed'
exit 87359
fi
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
TOXID_REPO=$TOXID_REPO_MAIN
fi
if [ ! $TOXID_REPO ]; then
echo $'No ToxID repo was specified'
exit 78252
fi
TEMP_SCRIPT_NAME=fbtmp5328252.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
echo "make" >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 2' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT
echo ' exit 3' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'toxavahi' >> $TEMP_SCRIPT
echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT
echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
echo $"Unable to install toxid, returned $?"
rm $TEMP_SCRIPT
exit 62835
fi
rm $TEMP_SCRIPT
}
function mesh_tox_client {
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
# obtain commits from the main file
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
fi
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
TOXIC_REPO=$TOXIC_REPO_MAIN
fi
chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev
chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev
TEMP_SCRIPT_NAME=fbtmp728353.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
echo 'make' >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
SECONDS=0
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
duration=$SECONDS
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
echo $'Unable to make tox client'
rm $TEMP_SCRIPT
exit 74872
fi
rm $TEMP_SCRIPT
if [ ! -f $rootdir$TOXIC_FILE ]; then
echo $"Tox client was not installed to $TOXIC_FILE"
exit 63278
fi
duration=$SECONDS
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
}
function enable_tox_repo {
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add -
chroot "$rootdir" apt-get update
echo "Tox Repository Installed."
}
# NOTE: deliberately no exit 0

View File

@ -48,7 +48,7 @@ ZERONET_ID_REPO="https://github.com/HelloZeroNet/ZeroID"
ZERONET_ID_COMMIT='ccf14fdc96fa9cdb2ddd8a7ab283a8e17a4f234b'
function reconfigure_zeronet {
echo -n ''
echo -n ''
}
function upgrade_zeronet {
@ -454,7 +454,170 @@ function install_zeronet_main {
echo 'install_zeronet_main' >> $COMPLETION_FILE
}
function mesh_zeronet {
# obtain commits from the main file
ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then
ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
fi
if [ ! $ZERONET_COMMIT ]; then
echo $'No Tox commit was specified'
exit 37046
fi
ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then
ZERONET_REPO=$ZERONET_REPO_MAIN
fi
if [ ! $ZERONET_REPO ]; then
echo $'No Tox commit was specified'
exit 37046
fi
ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then
ZERONET_PORT=$ZERONET_PORT_MAIN
fi
if [ ! $ZERONET_PORT ]; then
echo $'No zeronet port was specified'
exit 67433
fi
chroot "$rootdir" apt-get -y install python python-msgpack python-gevent
chroot "$rootdir" apt-get -y install python-pip bittornado
chroot "$rootdir" pip install msgpack-python --upgrade
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
echo 'WARNING: Unable to clone zeronet'
return
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
else
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
fi
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
# Hack to ensure that the file access port is opened
# This is because zeronet normally relies on an internet site
# to do this, but on a purely local mesh the internet isn't available
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
echo '[Unit]' > $ZERONET_DAEMON
echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
echo 'After=syslog.target' >> $ZERONET_DAEMON
echo 'After=network.target' >> $ZERONET_DAEMON
echo '[Service]' >> $ZERONET_DAEMON
echo 'Type=simple' >> $ZERONET_DAEMON
echo 'User=zeronet' >> $ZERONET_DAEMON
echo 'Group=zeronet' >> $ZERONET_DAEMON
echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
echo '' >> $ZERONET_DAEMON
echo 'TimeoutSec=300' >> $ZERONET_DAEMON
echo '' >> $ZERONET_DAEMON
echo '[Install]' >> $ZERONET_DAEMON
echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
echo '[Unit]' > $TRACKER_DAEMON
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
echo 'After=syslog.target' >> $TRACKER_DAEMON
echo 'After=network.target' >> $TRACKER_DAEMON
echo '[Service]' >> $TRACKER_DAEMON
echo 'Type=simple' >> $TRACKER_DAEMON
echo 'User=tracker' >> $TRACKER_DAEMON
echo 'Group=tracker' >> $TRACKER_DAEMON
echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo '[Install]' >> $TRACKER_DAEMON
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
mkdir $rootdir$MESH_INSTALL_DIR/tracker
fi
chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
# publish regularly
echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
chroot "$rootdir" systemctl enable tracker.service
chroot "$rootdir" systemctl enable zeronet.service
}
function mesh_zeronet_blog {
ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
echo $'ZeroBlog repo could not be cloned'
exit 6739
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_mail {
ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
echo $'ZeroMail repo could not be cloned'
exit 78493
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_forum {
ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
echo $'ZeroTalk repo could not be cloned'
exit 78252
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_id {
ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
echo $'ZeroID repo could not be cloned'
exit 37936
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function install_zeronet {
if [ $INSTALLING_MESH ]; then
mesh_zeronet
mesh_zeronet_blog
mesh_zeronet_mail
mesh_zeronet_forum
return
fi
if grep -Fxq "install_zeronet" $COMPLETION_FILE; then
return
fi

View File

@ -491,534 +491,7 @@ ZERONET_ID_COMMIT=
# Directory where source code is downloaded and compiled
INSTALL_DIR=$HOME/build
function mesh_avahi {
chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
decarray=( 1 2 3 4 5 6 7 8 9 0 )
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
if [ ! -d $rootdir/etc/avahi/services ]; then
mkdir -p $rootdir/etc/avahi/services
fi
# remove an avahi service which isn't used
if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
rm $rootdir/etc/avahi/services/udisks.service
fi
# Add an ssh service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <service>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
echo " <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
echo ' </service>' >> $rootdir/etc/avahi/services/ssh.service
echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
# keep the daemon running
WATCHDOG_SCRIPT_NAME="keepon"
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
}
function install_batman {
chroot "$rootdir" apt-get -y install iproute bridge-utils libnetfilter-conntrack3 batctl
chroot "$rootdir" apt-get -y install python-dev libevent-dev ebtables python-pip git
chroot "$rootdir" apt-get -y install wireless-tools rfkill
if ! grep -q "batman_adv" $rootdir/etc/modules; then
echo 'batman_adv' >> $rootdir/etc/modules
fi
BATMAN_SCRIPT=$rootdir/var/lib/batman
if [ -f /usr/local/bin/${PROJECT_NAME}-mesh-batman ]; then
cp /usr/local/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
else
cp /usr/bin/${PROJECT_NAME}-mesh-batman $BATMAN_SCRIPT
fi
BATMAN_DAEMON=$rootdir/etc/systemd/system/batman.service
echo '[Unit]' > $BATMAN_DAEMON
echo 'Description=B.A.T.M.A.N. Advanced' >> $BATMAN_DAEMON
echo 'After=network.target' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Service]' >> $BATMAN_DAEMON
echo 'RemainAfterExit=yes' >> $BATMAN_DAEMON
echo "ExecStart=/var/lib/batman start" >> $BATMAN_DAEMON
echo "ExecStop=/var/lib/batman stop" >> $BATMAN_DAEMON
echo 'Restart=on-failure' >> $BATMAN_DAEMON
echo 'SuccessExitStatus=3 4' >> $BATMAN_DAEMON
echo 'RestartForceExitStatus=3 4' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '# Allow time for the server to start/stop' >> $BATMAN_DAEMON
echo 'TimeoutSec=300' >> $BATMAN_DAEMON
echo '' >> $BATMAN_DAEMON
echo '[Install]' >> $BATMAN_DAEMON
echo 'WantedBy=multi-user.target' >> $BATMAN_DAEMON
chroot "$rootdir" systemctl enable batman
}
function mesh_firewall {
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
chmod +x $MESH_FIREWALL_SCRIPT
echo '[Unit]' > $FIREWALL_FILENAME
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Service]' >> $FIREWALL_FILENAME
echo 'Type=oneshot' >> $FIREWALL_FILENAME
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Install]' >> $FIREWALL_FILENAME
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
chroot "$rootdir" systemctl enable meshfirewall
}
function mesh_tox_node {
# obtain commits from the main file
TOXCORE_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXCORE_COMMIT_MAIN} -gt 10 ]; then
TOXCORE_COMMIT=$TOXCORE_COMMIT_MAIN
fi
if [ ! $TOXCORE_COMMIT ]; then
echo $'No Tox commit was specified'
exit 76325
fi
TOX_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOX_PORT=" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#TOX_PORT_MAIN} -gt 2 ]; then
TOX_PORT=$TOX_PORT_MAIN
fi
if [ ! $TOX_PORT ]; then
echo $'No Tox port was specified'
exit 32856
fi
TOXCORE_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXCORE_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXCORE_REPO_MAIN} -gt 10 ]; then
TOXCORE_REPO=$TOXCORE_REPO_MAIN
fi
if [ ! $TOXCORE_REPO ]; then
echo $'No Tox repo was specified'
exit 16865
fi
chroot "$rootdir" apt-get -y install build-essential libtool autotools-dev
chroot "$rootdir" apt-get -y install automake checkinstall check git yasm
chroot "$rootdir" apt-get -y install libsodium13 libsodium-dev libcap2-bin
chroot "$rootdir" apt-get -y install libconfig9 libconfig-dev
TEMP_SCRIPT_NAME=fbtmp37272.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXCORE_REPO $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxcore" >> $TEMP_SCRIPT
echo "git checkout $TOXCORE_COMMIT -b $TOXCORE_COMMIT" >> $TEMP_SCRIPT
echo 'autoreconf -i' >> $TEMP_SCRIPT
echo './configure --enable-daemon --disable-av' >> $TEMP_SCRIPT
echo 'make' >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'cp /usr/local/lib/libtoxcore* /usr/lib/' >> $TEMP_SCRIPT
echo "cp $INSTALL_DIR/toxcore/other/bootstrap_daemon/tox-bootstrapd.service /etc/systemd/system/" >> $TEMP_SCRIPT
echo "sed -i 's|ExecStart=.*|ExecStart=/usr/local/bin/tox-bootstrapd --config /etc/tox-bootstrapd.conf|g' /etc/systemd/system/tox-bootstrapd.service" >> $TEMP_SCRIPT
echo 'systemctl enable tox-bootstrapd.service' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
SECONDS=0
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
duration=$SECONDS
echo $"Toxcore compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
echo $'Unable to make toxcore'
rm $TEMP_SCRIPT
exit 73835
fi
duration=$SECONDS
echo $"Toxcore compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
rm $TEMP_SCRIPT
if [ ! -f $rootdir/usr/local/bin/tox-bootstrapd ]; then
echo $"File not found /usr/local/bin/tox-bootstrapd"
exit 37825
fi
chroot "$rootdir" useradd --home-dir /var/lib/tox-bootstrapd --create-home --system --shell /sbin/nologin --comment $"Account to run Tox's DHT bootstrap daemon" --user-group tox-bootstrapd
chroot "$rootdir" chmod 700 /var/lib/tox-bootstrapd
# remove Maildir
if [ -d $rootdir/var/lib/tox-bootstrapd/Maildir ]; then
rm -rf $rootdir/var/lib/tox-bootstrapd/Maildir
fi
# create configuration file
TOX_BOOTSTRAP_CONFIG=$rootdir/etc/tox-bootstrapd.conf
echo "port = $TOX_PORT" > $TOX_BOOTSTRAP_CONFIG
echo 'keys_file_path = "/var/lib/tox-bootstrapd/keys"' >> $TOX_BOOTSTRAP_CONFIG
echo 'pid_file_path = "/var/run/tox-bootstrapd/tox-bootstrapd.pid"' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_ipv6 = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_ipv4_fallback = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_lan_discovery = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_tcp_relay = true' >> $TOX_BOOTSTRAP_CONFIG
echo "tcp_relay_ports = [443, 3389, $TOX_PORT]" >> $TOX_BOOTSTRAP_CONFIG
echo 'enable_motd = true' >> $TOX_BOOTSTRAP_CONFIG
echo 'motd = "tox-bootstrapd"' >> $TOX_BOOTSTRAP_CONFIG
if [ $TOX_NODES ]; then
echo 'bootstrap_nodes = (' >> $TOX_BOOTSTRAP_CONFIG
toxcount=0
while [ "x${TOX_NODES[toxcount]}" != "x" ]
do
toxval_ipv4=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $1}')
toxval_ipv6=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $2}')
toxval_port=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $3}')
toxval_pubkey=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $4}')
toxval_maintainer=$(echo $TOX_NODES[toxcount] | awk -F ',' '{print $5}')
echo "{ // $toxval_maintainer" >> $TOX_BOOTSTRAP_CONFIG
if [[ $toxval_ipv6 != 'NONE' ]]; then
echo " address = \"$toxval_ipv6\"" >> $TOX_BOOTSTRAP_CONFIG
else
echo " address = \"$toxval_ipv4\"" >> $TOX_BOOTSTRAP_CONFIG
fi
echo " port = $toxval_port" >> $TOX_BOOTSTRAP_CONFIG
echo " public_key = \"$toxval_pubkey\"" >> $TOX_BOOTSTRAP_CONFIG
toxcount=$(( $toxcount + 1 ))
if [ "x${TOX_NODES[toxcount]}" != "x" ]; then
echo "}," >> $TOX_BOOTSTRAP_CONFIG
else
echo "}" >> $TOX_BOOTSTRAP_CONFIG
fi
done
echo ')' >> $TOX_BOOTSTRAP_CONFIG
fi
}
function mesh_tox_avahi {
if [ ! -d $rootdir/etc/avahi ]; then
echo $'tox_avahi: avahi is not installed'
exit 87359
fi
TOXID_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXID_REPO_MAIN} -gt 5 ]; then
TOXID_REPO=$TOXID_REPO_MAIN
fi
if [ ! $TOXID_REPO ]; then
echo $'No ToxID repo was specified'
exit 78252
fi
TEMP_SCRIPT_NAME=fbtmp5328252.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXID_REPO $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
echo "if [ ! -d $INSTALL_DIR/toxid ]; then" >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxid" >> $TEMP_SCRIPT
echo "make" >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 2' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'if [ ! -f /usr/local/bin/toxavahi ]; then' >> $TEMP_SCRIPT
echo ' exit 3' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'toxavahi' >> $TEMP_SCRIPT
echo 'echo "* * * * * root /usr/local/bin/toxavahi > /dev/null" >> /etc/crontab' >> $TEMP_SCRIPT
echo 'systemctl restart avahi-daemon' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
echo $"Unable to install toxid, returned $?"
rm $TEMP_SCRIPT
exit 62835
fi
rm $TEMP_SCRIPT
}
function mesh_tox_client {
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
# obtain commits from the main file
TOXIC_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#TOXIC_COMMIT_MAIN} -gt 10 ]; then
TOXIC_COMMIT=$TOXIC_COMMIT_MAIN
fi
TOXIC_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#TOXIC_REPO_MAIN} -gt 5 ]; then
TOXIC_REPO=$TOXIC_REPO_MAIN
fi
chroot "$rootdir" apt-get -y install libncursesw5-dev libconfig-dev libqrencode-dev
chroot "$rootdir" apt-get -y install libcurl4-openssl-dev libvpx-dev libopenal-dev
TEMP_SCRIPT_NAME=fbtmp728353.sh
TEMP_SCRIPT=/tmp/$TEMP_SCRIPT_NAME
echo '#!/bin/bash' > $TEMP_SCRIPT
echo "mkdir -p $INSTALL_DIR" >> $TEMP_SCRIPT
echo "git clone $TOXIC_REPO $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo "cd $INSTALL_DIR/toxic" >> $TEMP_SCRIPT
echo "git checkout $TOXIC_COMMIT -b $TOXIC_COMMIT" >> $TEMP_SCRIPT
echo 'make' >> $TEMP_SCRIPT
echo 'if [ ! "$?" = "0" ]; then' >> $TEMP_SCRIPT
echo ' exit 1' >> $TEMP_SCRIPT
echo 'fi' >> $TEMP_SCRIPT
echo 'make install' >> $TEMP_SCRIPT
echo 'exit 0' >> $TEMP_SCRIPT
chmod +x $TEMP_SCRIPT
cp $TEMP_SCRIPT $rootdir/root/
TOXIC_FILE=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-tox | grep "TOXIC_FILE=" | head -n 1 | awk -F '=' '{print $2}')
SECONDS=0
chroot "$rootdir" /root/$TEMP_SCRIPT_NAME
if [ ! "$?" = "0" ]; then
duration=$SECONDS
echo $"Toxic client compile failed at $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
echo $'Unable to make tox client'
rm $TEMP_SCRIPT
exit 74872
fi
rm $TEMP_SCRIPT
if [ ! -f $rootdir$TOXIC_FILE ]; then
echo $"Tox client was not installed to $TOXIC_FILE"
exit 63278
fi
duration=$SECONDS
echo $"Toxic client compile $(($duration / 60)) minutes and $(($duration % 60)) seconds elapsed."
}
function mesh_zeronet {
# obtain commits from the main file
ZERONET_COMMIT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
if [ ${#ZERONET_COMMIT_MAIN} -gt 10 ]; then
ZERONET_COMMIT=$ZERONET_COMMIT_MAIN
fi
if [ ! $ZERONET_COMMIT ]; then
echo $'No Tox commit was specified'
exit 37046
fi
ZERONET_REPO_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_REPO=" | head -n 1 | awk -F '"' '{print $2}')
if [ ${#ZERONET_REPO_MAIN} -gt 5 ]; then
ZERONET_REPO=$ZERONET_REPO_MAIN
fi
if [ ! $ZERONET_REPO ]; then
echo $'No Tox commit was specified'
exit 37046
fi
ZERONET_PORT_MAIN=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_PORT=" | head -n 1 | awk -F '=' '{print $2}')
if [ ${#ZERONET_PORT_MAIN} -gt 1 ]; then
ZERONET_PORT=$ZERONET_PORT_MAIN
fi
if [ ! $ZERONET_PORT ]; then
echo $'No zeronet port was specified'
exit 67433
fi
chroot "$rootdir" apt-get -y install python python-msgpack python-gevent
chroot "$rootdir" apt-get -y install python-pip bittornado
chroot "$rootdir" pip install msgpack-python --upgrade
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/zeronet/ -s /bin/false zeronet
git clone $ZERONET_REPO $rootdir$MESH_INSTALL_DIR/zeronet
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet ]; then
echo 'WARNING: Unable to clone zeronet'
return
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet
git checkout $ZERONET_COMMIT -b $ZERONET_COMMIT
if ! grep -q "ZeroNet commit" $COMPLETION_FILE; then
echo "ZeroNet commit:$ZERONET_COMMIT" >> $rootdir$COMPLETION_FILE
else
sed -i "s/ZeroNet commit.*/ZeroNet commit:$ZERONET_COMMIT/g" $COMPLETION_FILE
fi
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
# Hack to ensure that the file access port is opened
# This is because zeronet normally relies on an internet site
# to do this, but on a purely local mesh the internet isn't available
sed -i 's|fileserver_port = 0|fileserver_port = config.fileserver_port\n sys.modules["main"].file_server.port_opened = True|g' $rootdir$MESH_INSTALL_DIR/zeronet/src/Site/Site.py
ZERONET_DAEMON=$rootdir/etc/systemd/system/zeronet.service
echo '[Unit]' > $ZERONET_DAEMON
echo 'Description=Zeronet Server' >> $ZERONET_DAEMON
echo 'After=syslog.target' >> $ZERONET_DAEMON
echo 'After=network.target' >> $ZERONET_DAEMON
echo '[Service]' >> $ZERONET_DAEMON
echo 'Type=simple' >> $ZERONET_DAEMON
echo 'User=zeronet' >> $ZERONET_DAEMON
echo 'Group=zeronet' >> $ZERONET_DAEMON
echo "WorkingDirectory=$MESH_INSTALL_DIR/zeronet" >> $ZERONET_DAEMON
echo "ExecStart=/usr/bin/python zeronet.py --ip_external replace.local --trackers_file $MESH_INSTALL_DIR/zeronet/bootstrap" >> $ZERONET_DAEMON
echo '' >> $ZERONET_DAEMON
echo 'TimeoutSec=300' >> $ZERONET_DAEMON
echo '' >> $ZERONET_DAEMON
echo '[Install]' >> $ZERONET_DAEMON
echo 'WantedBy=multi-user.target' >> $ZERONET_DAEMON
TRACKER_DAEMON=$rootdir/etc/systemd/system/tracker.service
echo '[Unit]' > $TRACKER_DAEMON
echo 'Description=Torrent Tracker' >> $TRACKER_DAEMON
echo 'After=syslog.target' >> $TRACKER_DAEMON
echo 'After=network.target' >> $TRACKER_DAEMON
echo '[Service]' >> $TRACKER_DAEMON
echo 'Type=simple' >> $TRACKER_DAEMON
echo 'User=tracker' >> $TRACKER_DAEMON
echo 'Group=tracker' >> $TRACKER_DAEMON
echo "WorkingDirectory=$MESH_INSTALL_DIR/tracker" >> $TRACKER_DAEMON
echo "ExecStart=/usr/bin/bttrack --port $TRACKER_PORT --dfile $MESH_INSTALL_DIR/tracker/dstate --logfile $MESH_INSTALL_DIR/tracker/tracker.log --nat_check 0 --scrape_allowed full --ipv6_enabled 0" >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo 'TimeoutSec=300' >> $TRACKER_DAEMON
echo '' >> $TRACKER_DAEMON
echo '[Install]' >> $TRACKER_DAEMON
echo 'WantedBy=multi-user.target' >> $TRACKER_DAEMON
chroot "$rootdir" useradd -d $MESH_INSTALL_DIR/tracker/ -s /bin/false tracker
if [ ! -d $rootdir$MESH_INSTALL_DIR/tracker ]; then
mkdir $rootdir$MESH_INSTALL_DIR/tracker
fi
chroot "$rootdir" chown -R tracker:tracker $MESH_INSTALL_DIR/tracker
# publish regularly
echo "* * * * * root zeronetavahi > /dev/null" >> $rootdir/etc/crontab
chroot "$rootdir" systemctl enable tracker.service
chroot "$rootdir" systemctl enable zeronet.service
}
function mesh_zeronet_blog {
ZERONET_BLOG_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_BLOG_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_BLOG_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_BLOG_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog ]; then
echo $'ZeroBlog repo could not be cloned'
exit 6739
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroBlog
git checkout $ZERONET_BLOG_COMMIT -b $ZERONET_BLOG_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_mail {
ZERONET_MAIL_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_MAIL_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_MAIL_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_MAIL_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail ]; then
echo $'ZeroMail repo could not be cloned'
exit 78493
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroMail
git checkout $ZERONET_MAIL_COMMIT -b $ZERONET_MAIL_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_forum {
ZERONET_FORUM_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_FORUM_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_FORUM_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_FORUM_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk ]; then
echo $'ZeroTalk repo could not be cloned'
exit 78252
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroTalk
git checkout $ZERONET_FORUM_COMMIT -b $ZERONET_FORUM_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_zeronet_id {
ZERONET_ID_REPO=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_REPO=" | head -n 1 | awk -F '"' '{print $2}')
ZERONET_ID_COMMIT=$(cat /usr/share/${PROJECT_NAME}/apps/${PROJECT_NAME}-app-zeronet | grep "ZERONET_ID_COMMIT=" | head -n 1 | awk -F "'" '{print $2}')
git clone $ZERONET_ID_REPO $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
if [ ! -d $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID ]; then
echo $'ZeroID repo could not be cloned'
exit 37936
fi
cd $rootdir$MESH_INSTALL_DIR/zeronet/ZeroID
git checkout $ZERONET_ID_COMMIT -b $ZERONET_ID_COMMIT
chroot "$rootdir" chown -R zeronet:zeronet $MESH_INSTALL_DIR/zeronet
}
function mesh_web_server {
if [ -d /etc/apache2 ]; then
chroot "$rootdir" apt-get -y remove --purge apache2
chroot "$rootdir" rm -rf /etc/apache2
fi
chroot "$rootdir" apt-get -y install nginx
if [ ! -d $rootdir/etc/nginx ]; then
echo $'Unable to install web server'
exit 346825
fi
}
INSTALLING_MESH=
initialise_mesh() {
if [[ $VARIANT != "mesh" && $VARIANT != "meshclient" && $VARIANT != "meshusb" ]]; then
@ -1045,17 +518,16 @@ initialise_mesh() {
chroot "$rootdir" apt-get -y install firmware-iwlwifi
fi
INSTALLING_MESH=1
mesh_firewall
mesh_avahi
install_batman
mesh_tox_node
install_tox_node
mesh_tox_avahi
mesh_tox_client
mesh_web_server
mesh_zeronet
mesh_zeronet_blog
mesh_zeronet_mail
mesh_zeronet_forum
install_zeronet
MESH_SERVICE='mesh-setup.service'
MESH_SETUP_DAEMON=$rootdir/etc/systemd/system/$MESH_SERVICE
@ -1080,55 +552,6 @@ initialise_mesh() {
# User interface for USB drive installs ######################################
function enable_tox_repo {
echo 'deb http://download.opensuse.org/repositories/home:/antonbatenev:/tox/Debian_8.0/ /' > $rootdir/etc/apt/sources.list.d/tox.list
chroot "$rootdir" wget -q http://download.opensuse.org/repositories/home:antonbatenev:tox/Debian_8.0/Release.key -O- | apt-key add -
chroot "$rootdir" apt-get update
echo "Tox Repository Installed."
}
function install_syncthing {
if [[ $SYSTEM_TYPE == "$VARIANT_WRITER" || $SYSTEM_TYPE == "$VARIANT_MAILBOX" || $SYSTEM_TYPE == "$VARIANT_CHAT" || $SYSTEM_TYPE == "$VARIANT_SOCIAL" || $SYSTEM_TYPE == "$VARIANT_MEDIA" || $SYSTEM_TYPE == "$VARIANT_DEVELOPER" ]]; then
return
fi
chroot "$rootdir" wget -q https://syncthing.net/release-key.txt -O- | apt-key add -
echo "deb http://apt.syncthing.net/ syncthing release" | tee $rootdir/etc/apt/sources.list.d/syncthing.list
chroot "$rootdir" apt-get update
chroot "$rootdir" apt-get -y --force-yes install syncthing
# This probably does need to run as root so that it can access the Sync directories
# in each user's home directory
chroot "$rootdir" echo '[Unit]' > /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Description=Syncthing - Open Source Continuous File Synchronization' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Documentation=man:syncthing(1)' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'After=network.target' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Wants=syncthing-inotify@.service' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '[Service]' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'User=root' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo "Environment='all_proxy=socks5://localhost:9050'" >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'ExecStart=/usr/bin/syncthing -no-browser -no-restart -logflags=0' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'Restart=on-failure' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'SuccessExitStatus=3 4' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'RestartForceExitStatus=3 4' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo '[Install]' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" echo 'WantedBy=multi-user.target' >> /etc/systemd/system/syncthing.service
chroot "$rootdir" systemctl enable syncthing
chroot "$rootdir" systemctl daemon-reload
if ! grep -q "syncthing" $rootdir/etc/crontab; then
chroot "$rootdir" echo "*/1 * * * * root /usr/local/bin/${PROJECT_NAME}-syncthing > /dev/null" >> /etc/crontab
chroot "$rootdir" systemctl restart cron
fi
echo 'install_syncthing'
}
function mesh_client_startup_applications {
if [ ! -d $rootdir/home/$MY_USERNAME/Desktop ]; then
mkdir -p $rootdir/home/$MY_USERNAME/Desktop

View File

@ -54,6 +54,46 @@ function create_avahi_service {
echo '</service-group>' >> /etc/avahi/services/${service_name}.service
}
function mesh_avahi {
chroot "$rootdir" apt-get -y install avahi-utils avahi-autoipd avahi-dnsconfd
decarray=( 1 2 3 4 5 6 7 8 9 0 )
PEER_ID=${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}${decarray[$RANDOM%10]}
sed -i "s|#host-name=.*|host-name=P$PEER_ID|g" $rootdir/etc/avahi/avahi-daemon.conf
if [ ! -d $rootdir/etc/avahi/services ]; then
mkdir -p $rootdir/etc/avahi/services
fi
# remove an avahi service which isn't used
if [ -f $rootdir/etc/avahi/services/udisks.service ]; then
rm $rootdir/etc/avahi/services/udisks.service
fi
# Add an ssh service
echo '<?xml version="1.0" standalone="no"?><!--*-nxml-*-->' > $rootdir/etc/avahi/services/ssh.service
echo '<!DOCTYPE service-group SYSTEM "avahi-service.dtd">' >> $rootdir/etc/avahi/services/ssh.service
echo '<service-group>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <name replace-wildcards="yes">%h SSH</name>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <service>' >> $rootdir/etc/avahi/services/ssh.service
echo ' <type>_ssh._tcp</type>' >> $rootdir/etc/avahi/services/ssh.service
echo " <port>$SSH_PORT</port>" >> $rootdir/etc/avahi/services/ssh.service
echo ' </service>' >> $rootdir/etc/avahi/services/ssh.service
echo '</service-group>' >> $rootdir/etc/avahi/services/ssh.service
# keep the daemon running
WATCHDOG_SCRIPT_NAME="keepon"
echo '' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo '# keep avahi daemon running' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'AVAHI_RUNNING=$(pgrep avahi-daemon > /dev/null && echo Running)' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'if [ ! $AVAHI_RUNNING ]; then' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' systemctl start avahi-daemon' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo -n $CURRENT_DATE >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo ' echo " Avahi daemon restarted" >> $LOGFILE' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
echo 'fi' >> $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
chmod +x $rootdir/usr/bin/$WATCHDOG_SCRIPT_NAME
}
function configure_avahi {
if grep -Fxq "configure_avahi" $COMPLETION_FILE; then
return

View File

@ -29,220 +29,275 @@
# along with this program. If not, see <http://www.gnu.org/licenses/>.
function save_firewall_settings {
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
iptables-save > /etc/firewall.conf
ip6tables-save > /etc/firewall6.conf
printf '#!/bin/sh\n' > /etc/network/if-up.d/iptables
printf 'iptables-restore < /etc/firewall.conf\n' >> /etc/network/if-up.d/iptables
printf 'ip6tables-restore < /etc/firewall6.conf\n' >> /etc/network/if-up.d/iptables
chmod +x /etc/network/if-up.d/iptables
}
function enable_ipv6 {
# endure that ipv6 is enabled and can route
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
# endure that ipv6 is enabled and can route
sed -i 's/net.ipv6.conf.all.disable_ipv6.*/net.ipv6.conf.all.disable_ipv6 = 0/g' /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_redirects.*/net.ipv6.conf.all.accept_redirects = 1/g" /etc/sysctl.conf
#sed -i "s/net.ipv6.conf.all.accept_source_route.*/net.ipv6.conf.all.accept_source_route = 1/g" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.forwarding.*/net.ipv6.conf.all.forwarding=1/g" /etc/sysctl.conf
echo 1 > /proc/sys/net/ipv6/conf/all/forwarding
}
function configure_firewall {
if grep -q "RELATED" /etc/firewall.conf; then
# recreate the firewall to remove RELATED
sed -i "/firewall/d" $COMPLETION_FILE
fi
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
iptables -F
ip6tables -F
iptables -t nat -F
ip6tables -t nat -F
iptables -X
ip6tables -X
iptables -P INPUT DROP
ip6tables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
if grep -q "RELATED" /etc/firewall.conf; then
# recreate the firewall to remove RELATED
sed -i "/firewall/d" $COMPLETION_FILE
fi
if grep -Fxq "configure_firewall" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -P INPUT ACCEPT
ip6tables -P INPUT ACCEPT
iptables -F
ip6tables -F
iptables -t nat -F
ip6tables -t nat -F
iptables -X
ip6tables -X
iptables -P INPUT DROP
ip6tables -P INPUT DROP
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Make sure incoming tcp connections are SYN packets
iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop packets with incoming fragments
iptables -A INPUT -f -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Drop bogons
iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP
iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
# Incoming malformed NULL packets:
iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP
echo 'configure_firewall' >> $COMPLETION_FILE
echo 'configure_firewall' >> $COMPLETION_FILE
}
function configure_firewall_ping {
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
return
fi
# Only allow ping for mesh installs
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_ping' >> $COMPLETION_FILE
if grep -Fxq "configure_firewall_ping" $COMPLETION_FILE; then
return
fi
# Only allow ping for mesh installs
if [[ $SYSTEM_TYPE != "$VARIANT_MESH" ]]; then
return
fi
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_ping' >> $COMPLETION_FILE
}
function configure_firewall_for_avahi {
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
iptables -A INPUT -p udp --dport 548 -j ACCEPT
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
if grep -Fxq "configure_firewall_for_avahi" $COMPLETION_FILE; then
return
fi
iptables -A INPUT -p tcp --dport 548 -j ACCEPT
iptables -A INPUT -p udp --dport 548 -j ACCEPT
iptables -A INPUT -p tcp --dport 5353 -j ACCEPT
iptables -A INPUT -p udp --dport 5353 -j ACCEPT
iptables -A INPUT -p tcp --dport 5354 -j ACCEPT
iptables -A INPUT -p udp --dport 5354 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_avahi' >> $COMPLETION_FILE
}
function configure_firewall_for_dns {
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
if grep -Fxq "configure_firewall_for_dns" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p udp -m udp --dport 1024:65535 --sport 53 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_dns' >> $COMPLETION_FILE
}
function configure_firewall_for_web_access {
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
if grep -Fxq "configure_firewall_for_web_access" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 32768:61000 --sport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 32768:61000 --sport 443 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
echo 'configure_firewall_for_web_access' >> $COMPLETION_FILE
}
function configure_firewall_for_web_server {
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
if grep -Fxq "configure_firewall_for_web_server" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=('HTTP 80')
OPEN_PORTS+=('HTTPS 443')
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
OPEN_PORTS+=('HTTP 80')
OPEN_PORTS+=('HTTPS 443')
echo 'configure_firewall_for_web_server' >> $COMPLETION_FILE
}
function configure_firewall_for_ssh {
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
if grep -Fxq "configure_firewall_for_ssh" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport $SSH_PORT -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("SSH $SSH_PORT")
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
OPEN_PORTS+=("SSH $SSH_PORT")
echo 'configure_firewall_for_ssh' >> $COMPLETION_FILE
}
function configure_firewall_for_git {
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
if grep -Fxq "configure_firewall_for_git" $COMPLETION_FILE; then
return
fi
if [[ $INSTALLED_WITHIN_DOCKER == "yes" ]]; then
# docker does its own firewalling
return
fi
if [[ $ONION_ONLY != "no" ]]; then
return
fi
iptables -A INPUT -p tcp --dport 9418 -j ACCEPT
function_check save_firewall_settings
save_firewall_settings
OPEN_PORTS+=("Git 9418")
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
OPEN_PORTS+=("Git 9418")
echo 'configure_firewall_for_git' >> $COMPLETION_FILE
}
function configure_internet_protocol {
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
if ! grep -q "ignore pings" /etc/sysctl.conf; then
echo '# ignore pings' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
fi
if ! grep -q "disable ipv6" /etc/sysctl.conf; then
echo '# disable ipv6' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
fi
if ! grep -q "keepalive" /etc/sysctl.conf; then
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
fi
echo 'configure_internet_protocol' >> $COMPLETION_FILE
if grep -Fxq "configure_internet_protocol" $COMPLETION_FILE; then
return
fi
if [[ $SYSTEM_TYPE == "$VARIANT_MESH" ]]; then
return
fi
sed -i "s/#net.ipv4.tcp_syncookies=1/net.ipv4.tcp_syncookies=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_redirects = 0/net.ipv4.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_redirects = 0/net.ipv6.conf.all.accept_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.send_redirects = 0/net.ipv4.conf.all.send_redirects = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.accept_source_route = 0/net.ipv4.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.accept_source_route = 0/net.ipv6.conf.all.accept_source_route = 0/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.default.rp_filter=1/net.ipv4.conf.default.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.conf.all.rp_filter=1/net.ipv4.conf.all.rp_filter=1/g" /etc/sysctl.conf
sed -i "s/#net.ipv4.ip_forward=1/net.ipv4.ip_forward=0/g" /etc/sysctl.conf
sed -i "s/#net.ipv6.conf.all.forwarding=1/net.ipv6.conf.all.forwarding=0/g" /etc/sysctl.conf
if ! grep -q "ignore pings" /etc/sysctl.conf; then
echo '# ignore pings' >> /etc/sysctl.conf
echo 'net.ipv4.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
echo 'net.ipv6.icmp_echo_ignore_all = 1' >> /etc/sysctl.conf
fi
if ! grep -q "disable ipv6" /etc/sysctl.conf; then
echo '# disable ipv6' >> /etc/sysctl.conf
echo 'net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
fi
if ! grep -q "net.ipv4.tcp_synack_retries" /etc/sysctl.conf; then
echo 'net.ipv4.tcp_synack_retries = 2' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_syn_retries = 1' >> /etc/sysctl.conf
fi
if ! grep -q "keepalive" /etc/sysctl.conf; then
echo '# keepalive' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_probes = 9' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_intvl = 75' >> /etc/sysctl.conf
echo 'net.ipv4.tcp_keepalive_time = 7200' >> /etc/sysctl.conf
fi
echo 'configure_internet_protocol' >> $COMPLETION_FILE
}
function mesh_firewall {
FIREWALL_FILENAME=${rootdir}/etc/systemd/system/meshfirewall.service
MESH_FIREWALL_SCRIPT=${rootdir}/usr/bin/mesh-firewall
echo '#!/bin/bash' > $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -t nat -F' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -X' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -X' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'ip6tables -P INPUT DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -i lo -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Make sure incoming tcp connections are SYN packets' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop packets with incoming fragments' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -f -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Drop bogons' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL FIN,PSH,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo '# Incoming malformed NULL packets:' >> $MESH_FIREWALL_SCRIPT
echo 'iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP' >> $MESH_FIREWALL_SCRIPT
echo '' >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -p tcp --dport $TOX_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $ZERONET_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p tcp --dport $TRACKER_PORT -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
echo "iptables -A INPUT -i $WIFI_INTERFACE -p udp --dport 1900 -j ACCEPT" >> $MESH_FIREWALL_SCRIPT
chmod +x $MESH_FIREWALL_SCRIPT
echo '[Unit]' > $FIREWALL_FILENAME
echo 'Description=Mesh Firewall' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Service]' >> $FIREWALL_FILENAME
echo 'Type=oneshot' >> $FIREWALL_FILENAME
echo 'ExecStart=/usr/bin/mesh-firewall' >> $FIREWALL_FILENAME
echo 'RemainAfterExit=no' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo 'TimeoutSec=30' >> $FIREWALL_FILENAME
echo '' >> $FIREWALL_FILENAME
echo '[Install]' >> $FIREWALL_FILENAME
echo 'WantedBy=multi-user.target' >> $FIREWALL_FILENAME
chroot "$rootdir" systemctl enable meshfirewall
}

View File

@ -548,4 +548,18 @@ function install_command_line_browser {
echo 'install_command_line_browser' >> $COMPLETION_FILE
}
function mesh_web_server {
if [ -d /etc/apache2 ]; then
chroot "$rootdir" apt-get -y remove --purge apache2
chroot "$rootdir" rm -rf /etc/apache2
fi
chroot "$rootdir" apt-get -y install nginx
if [ ! -d $rootdir/etc/nginx ]; then
echo $'Unable to install web server'
exit 346825
fi
}
# NOTE: deliberately no exit 0

View File

@ -97,4 +97,7 @@ done
# optionally specify your name to appear on the blog
MY_NAME=$DEFAULT_DOMAIN_NAME
# used to select mesh install functions when creating a mesh image
INSTALLING_MESH=
# NOTE: deliberately there is no "exit 0"