From 345a927fbd6aa18a2bcd13331cbc2e22ef2e0639 Mon Sep 17 00:00:00 2001 From: amnesia Date: Sat, 20 Jun 2009 21:09:15 +0200 Subject: [PATCH] initial source tree import /home/amnesia is missing, as no clean way to include it is implemented yet. --- .gitignore | 14 ++ Changelog | 1 + TODO | 1 + config/amnesia | 47 ++++++ config/amnesia.local | 4 + config/chroot_apt/apt.conf | 1 + config/chroot_apt/preferences | 19 +++ config/chroot_local-hooks/01-password | 11 ++ config/chroot_local-hooks/02-loopback | 4 + config/chroot_local-hooks/03-noswap | 4 + config/chroot_local-hooks/10-splashy | 4 + config/chroot_local-hooks/20-remove_packages | 3 + config/chroot_local-hooks/30-home_permissions | 4 + config/chroot_local-hooks/99-resolv | 24 +++ config/chroot_local-includes/etc/amnesia/version | 1 + .../etc/apt/apt.conf.d/00defaultrelease | 1 + config/chroot_local-includes/etc/apt/preferences | 19 +++ config/chroot_local-includes/etc/default/pdnsd | 6 + .../chroot_local-includes/etc/dhcp3/dhclient.conf | 55 +++++++ config/chroot_local-includes/etc/environment | 4 + config/chroot_local-includes/etc/firewall.conf | 43 ++++++ .../etc/network/if-up.d/000firewall | 12 ++ .../etc/network/if-up.d/600tor | 4 + config/chroot_local-includes/etc/pdnsd.conf | 52 +++++++ config/chroot_local-includes/etc/polipo/config | 164 ++++++++++++++++++++ .../chroot_local-includes/etc/tor/tor-tsocks.conf | 19 +++ config/chroot_local-includes/etc/tor/torrc | 172 +++++++++++++++++++++ .../usr/local/sbin/do_not_ever_run_me | 36 +++++ .../usr/share/doc/amnesia/Changelog | 119 ++++++++++++++ .../usr/share/doc/amnesia/README | 37 +++++ .../usr/share/doc/amnesia/README.eCAFE | 45 ++++++ .../usr/share/doc/amnesia/TODO | 92 +++++++++++ .../usr/share/doc/amnesia/examples/eCAFE/X11_fixup | 7 + .../usr/share/doc/amnesia/examples/eCAFE/xorg.conf | 47 ++++++ config/chroot_local-packageslists/amnesia-common | 83 ++++++++++ config/chroot_local-packageslists/amnesia-de | 10 ++ config/chroot_local-packageslists/amnesia-fr | 12 ++ config/chroot_local-packageslists/amnesia-gnome | 10 ++ config/chroot_local-packageslists/amnesia-xfce | 3 + config/chroot_local-preseed/firmware | 3 + config/chroot_local-preseed/user | 1 + config/chroot_sources/backports.binary | 1 + config/chroot_sources/backports.binary.gpg | 1 + config/chroot_sources/backports.chroot | 1 + config/chroot_sources/backports.chroot.gpg | 33 ++++ config/chroot_sources/live-snapshots.binary | 1 + config/chroot_sources/live-snapshots.binary.gpg | 1 + config/chroot_sources/live-snapshots.chroot | 1 + config/chroot_sources/live-snapshots.chroot.gpg | 31 ++++ config/chroot_sources/squeeze.binary | 1 + config/chroot_sources/squeeze.chroot | 1 + doc | 1 + home-refresh | 29 ++++ scripts/build | 68 ++++++++ scripts/clean | 22 +++ scripts/config | 65 ++++++++ 56 files changed, 1455 insertions(+) create mode 100644 .gitignore create mode 120000 Changelog create mode 120000 TODO create mode 100644 config/amnesia create mode 100644 config/amnesia.local create mode 100644 config/chroot_apt/apt.conf create mode 100644 config/chroot_apt/preferences create mode 100755 config/chroot_local-hooks/01-password create mode 100755 config/chroot_local-hooks/02-loopback create mode 100755 config/chroot_local-hooks/03-noswap create mode 100755 config/chroot_local-hooks/10-splashy create mode 100755 config/chroot_local-hooks/20-remove_packages create mode 100755 config/chroot_local-hooks/30-home_permissions create mode 100755 config/chroot_local-hooks/99-resolv create mode 100644 config/chroot_local-includes/etc/amnesia/version create mode 100644 config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease create mode 100644 config/chroot_local-includes/etc/apt/preferences create mode 100644 config/chroot_local-includes/etc/default/pdnsd create mode 100644 config/chroot_local-includes/etc/dhcp3/dhclient.conf create mode 100644 config/chroot_local-includes/etc/environment create mode 100644 config/chroot_local-includes/etc/firewall.conf create mode 100755 config/chroot_local-includes/etc/network/if-up.d/000firewall create mode 100755 config/chroot_local-includes/etc/network/if-up.d/600tor create mode 100644 config/chroot_local-includes/etc/pdnsd.conf create mode 100644 config/chroot_local-includes/etc/polipo/config create mode 100644 config/chroot_local-includes/etc/tor/tor-tsocks.conf create mode 100644 config/chroot_local-includes/etc/tor/torrc create mode 100755 config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me create mode 100644 config/chroot_local-includes/usr/share/doc/amnesia/Changelog create mode 100644 config/chroot_local-includes/usr/share/doc/amnesia/README create mode 100644 config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE create mode 100644 config/chroot_local-includes/usr/share/doc/amnesia/TODO create mode 100755 config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup create mode 100644 config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf create mode 100644 config/chroot_local-packageslists/amnesia-common create mode 100644 config/chroot_local-packageslists/amnesia-de create mode 100644 config/chroot_local-packageslists/amnesia-fr create mode 100644 config/chroot_local-packageslists/amnesia-gnome create mode 100644 config/chroot_local-packageslists/amnesia-xfce create mode 100644 config/chroot_local-preseed/firmware create mode 100644 config/chroot_local-preseed/user create mode 120000 config/chroot_sources/backports.binary create mode 120000 config/chroot_sources/backports.binary.gpg create mode 100644 config/chroot_sources/backports.chroot create mode 100644 config/chroot_sources/backports.chroot.gpg create mode 120000 config/chroot_sources/live-snapshots.binary create mode 120000 config/chroot_sources/live-snapshots.binary.gpg create mode 100644 config/chroot_sources/live-snapshots.chroot create mode 100644 config/chroot_sources/live-snapshots.chroot.gpg create mode 120000 config/chroot_sources/squeeze.binary create mode 100644 config/chroot_sources/squeeze.chroot create mode 120000 doc create mode 100755 home-refresh create mode 100755 scripts/build create mode 100755 scripts/clean create mode 100755 scripts/config diff --git a/.gitignore b/.gitignore new file mode 100644 index 000000000..36d18d182 --- /dev/null +++ b/.gitignore @@ -0,0 +1,14 @@ +/*.img +/*.iso +/*.list +/*.packages +/binary +/cache +/chroot/ +/config/binary +/config/bootstrap +/config/chroot +/config/common +/config/source +/.stage +/source diff --git a/Changelog b/Changelog new file mode 120000 index 000000000..d0812d222 --- /dev/null +++ b/Changelog @@ -0,0 +1 @@ +config/chroot_local-includes/usr/share/doc/amnesia/Changelog \ No newline at end of file diff --git a/TODO b/TODO new file mode 120000 index 000000000..21c5004c0 --- /dev/null +++ b/TODO @@ -0,0 +1 @@ +config/chroot_local-includes/usr/share/doc/amnesia/TODO \ No newline at end of file diff --git a/config/amnesia b/config/amnesia new file mode 100644 index 000000000..2b7a18ec8 --- /dev/null +++ b/config/amnesia @@ -0,0 +1,47 @@ +# -*- mode: sh; -*- + +# Configuration file for the Amnesia live system +# +# You'd better never directly edit this file: rather put your custom +# variable assignments in a new file called 'amnesia.local', in the +# same directory as this one. The values found in the '.local' file +# will override the ones from this one. +# +# These configuration files are actually shell scripts, and are +# sourced by various other scripts. + +# Supported: gnome|xfce +# Default: gnome +AMNESIA_BASE="gnome" + +# Images types to build, as a space-separated list. +# Every element of this list must be a valid argument for "lh_config -b". +# Only iso, usb-hdd and tar are currently supported. +AMNESIA_IMAGES="iso" + +# Base for the string that will be passed to "lh_config --bootappend-live" +AMNESIA_APPEND="quiet splash vga=791 live-media=removable live-media-timeout=15 noprompt" + +# Refresh the live user's $HOME directory by copying the build system's +# /home/amnesia. See also AMNESIA_HOME_EXCLUDES. +# Supported: yes|no +# Default: no +AMNESIA_REFRESH_HOME="no" + +# Patterns to exclude when refreshing /home/amnesia +AMNESIA_HOME_EXCLUDES="/home/amnesia/.bash_history \ + /home/amnesia/.dbus/session-bus/* \ + /home/amnesia/.gconf/desktop/gnome/peripherals/keyboard/host-* \ + /home/amnesia/.kde/cache-* \ + /home/amnesia/.kde/socket-* \ + /home/amnesia/.kde/tmp-* \ + /home/amnesia/.mozilla/firefox/*/bookmarkbackups/* \ + /home/amnesia/.mozilla/firefox/*/urlclassifier3.sqlite \ + /home/amnesia/.nautilus/metafiles/ \ + /home/amnesia/.nautilus/saved-session-* \ + /home/amnesia/.xsession-errors" + +### You should not have to change anything bellow this line #################### + +# Compute the current Amnesia's version once for all +AMNESIA_TODAY="`date '+%Y%m%d'`" diff --git a/config/amnesia.local b/config/amnesia.local new file mode 100644 index 000000000..2721d3c37 --- /dev/null +++ b/config/amnesia.local @@ -0,0 +1,4 @@ +# -*- mode: sh; -*- + +#AMNESIA_IMAGES="iso tar usb-hdd" +AMNESIA_IMAGES="tar" diff --git a/config/chroot_apt/apt.conf b/config/chroot_apt/apt.conf new file mode 100644 index 000000000..4143a94fa --- /dev/null +++ b/config/chroot_apt/apt.conf @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences new file mode 100644 index 000000000..574fb5629 --- /dev/null +++ b/config/chroot_apt/preferences @@ -0,0 +1,19 @@ +Package: firmware-linux +Pin: release a=lenny-backports +Pin-Priority: 999 + +Package: kvkbd +Pin: release a=lenny-backports +Pin-Priority: 999 + +Package: * +Pin: release a=stable +Pin-Priority: 900 + +Package: * +Pin: release a=lenny-backports +Pin-Priority: 200 + +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/config/chroot_local-hooks/01-password b/config/chroot_local-hooks/01-password new file mode 100755 index 000000000..eb5316d49 --- /dev/null +++ b/config/chroot_local-hooks/01-password @@ -0,0 +1,11 @@ +#! /bin/sh + +# Change the root password to "amnesia" +echo "I: update password" +echo "root:amnesia" | chpasswd + +# Change the autogenerated user password to "amnesia" +plain_password="amnesia" +password=$(echo "${plain_password}" | mkpasswd -s) +sed -i -e 's/\(user_crypted=\)\(.*\)\( #.*\)/\1\"'${password}'\"\3/' /usr/share/initramfs-tools/scripts/live-bottom/10adduser +update-initramfs -tu -kall diff --git a/config/chroot_local-hooks/02-loopback b/config/chroot_local-hooks/02-loopback new file mode 100755 index 000000000..653d7943f --- /dev/null +++ b/config/chroot_local-hooks/02-loopback @@ -0,0 +1,4 @@ +#! /bin/sh + +echo " +iface lo inet loopback" >>/etc/network/interfaces diff --git a/config/chroot_local-hooks/03-noswap b/config/chroot_local-hooks/03-noswap new file mode 100755 index 000000000..cbb27d7c8 --- /dev/null +++ b/config/chroot_local-hooks/03-noswap @@ -0,0 +1,4 @@ +#!/bin/sh + +# We don't want to swap to the local machine +rm -f /usr/share/initramfs-tools/scripts/live-bottom/13swap diff --git a/config/chroot_local-hooks/10-splashy b/config/chroot_local-hooks/10-splashy new file mode 100755 index 000000000..3861f73a8 --- /dev/null +++ b/config/chroot_local-hooks/10-splashy @@ -0,0 +1,4 @@ +#!/bin/sh + +splashy_config --set-theme moreblue-orbit +update-initramfs -u -k all diff --git a/config/chroot_local-hooks/20-remove_packages b/config/chroot_local-hooks/20-remove_packages new file mode 100755 index 000000000..9941cf18f --- /dev/null +++ b/config/chroot_local-hooks/20-remove_packages @@ -0,0 +1,3 @@ +#!/bin/sh + +apt-get remove --yes --purge epiphany-browser epiphany-browser-data epiphany-extensions epiphany-gecko \ No newline at end of file diff --git a/config/chroot_local-hooks/30-home_permissions b/config/chroot_local-hooks/30-home_permissions new file mode 100755 index 000000000..a260ac03d --- /dev/null +++ b/config/chroot_local-hooks/30-home_permissions @@ -0,0 +1,4 @@ +#!/bin/sh + +chown -R 1000:1000 /home/amnesia + diff --git a/config/chroot_local-hooks/99-resolv b/config/chroot_local-hooks/99-resolv new file mode 100755 index 000000000..1e798b3e1 --- /dev/null +++ b/config/chroot_local-hooks/99-resolv @@ -0,0 +1,24 @@ +#!/bin/sh + +# Nota bene: if the custom /etc/resolv.conf file was in +# chroot_local-includes, it would be installed inside the chroot +# before our chroot_local-hooks run. Some of these scripts, needing +# a working networking setup, would then awfully break. + +# Including common functions +. "${LH_BASE:-/usr/share/live-helper}"/functions.sh + +# Setting static variables +DESCRIPTION="$(Echo 'setup custom /etc/resolv.conf')" +HELP="" +USAGE="${PROGRAM}" + +# Reading configuration files +Read_conffiles config/all config/common config/chroot +Set_defaults + +Echo_message "Configuring file /etc/resolv.conf" +echo 'nameserver 127.0.0.1' > /etc/resolv.conf +# make sure lh_chroot_resolv will not overwrite our nice, +# custom /etc/resolv.conf with a random .orig one +echo 'nameserver 127.0.0.1' > /etc/resolv.conf.orig diff --git a/config/chroot_local-includes/etc/amnesia/version b/config/chroot_local-includes/etc/amnesia/version new file mode 100644 index 000000000..5798f6f27 --- /dev/null +++ b/config/chroot_local-includes/etc/amnesia/version @@ -0,0 +1 @@ +20090620 diff --git a/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease new file mode 100644 index 000000000..4143a94fa --- /dev/null +++ b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease @@ -0,0 +1 @@ +APT::Default-Release "stable"; diff --git a/config/chroot_local-includes/etc/apt/preferences b/config/chroot_local-includes/etc/apt/preferences new file mode 100644 index 000000000..574fb5629 --- /dev/null +++ b/config/chroot_local-includes/etc/apt/preferences @@ -0,0 +1,19 @@ +Package: firmware-linux +Pin: release a=lenny-backports +Pin-Priority: 999 + +Package: kvkbd +Pin: release a=lenny-backports +Pin-Priority: 999 + +Package: * +Pin: release a=stable +Pin-Priority: 900 + +Package: * +Pin: release a=lenny-backports +Pin-Priority: 200 + +Package: * +Pin: release o=Debian +Pin-Priority: -10 diff --git a/config/chroot_local-includes/etc/default/pdnsd b/config/chroot_local-includes/etc/default/pdnsd new file mode 100644 index 000000000..6350dda67 --- /dev/null +++ b/config/chroot_local-includes/etc/default/pdnsd @@ -0,0 +1,6 @@ +# do we start pdnsd ? +START_DAEMON=yes +# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/] +AUTO_MODE= +# optional CLI options to pass to pdnsd(8) +START_OPTIONS= diff --git a/config/chroot_local-includes/etc/dhcp3/dhclient.conf b/config/chroot_local-includes/etc/dhcp3/dhclient.conf new file mode 100644 index 000000000..dc80d9395 --- /dev/null +++ b/config/chroot_local-includes/etc/dhcp3/dhclient.conf @@ -0,0 +1,55 @@ +# Configuration file for /sbin/dhclient, which is included in Debian's +# dhcp3-client package. +# +# This is a sample configuration file for dhclient. See dhclient.conf's +# man page for more information about the syntax of this file +# and a more comprehensive list of the parameters understood by +# dhclient. +# +# Normally, if the DHCP server provides reasonable information and does +# not leave anything out (like the domain name, for example), then +# few changes must be made to this file, if any. +# + +option rfc3442-classless-static-routes code 121 = array of unsigned integer 8; + +send host-name "titanic"; +#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c; +#send dhcp-lease-time 3600; +#supersede domain-name "fugue.com home.vix.com"; +#prepend domain-name-servers 127.0.0.1; +request subnet-mask, broadcast-address, time-offset, routers, + domain-name, domain-name-servers, domain-search, host-name, + netbios-name-servers, netbios-scope, interface-mtu, + rfc3442-classless-static-routes; +supersede domain-name-servers 127.0.0.1; +supersede domain-name "localdomain"; +#require subnet-mask, domain-name-servers; +#timeout 60; +#retry 60; +#reboot 10; +#select-timeout 5; +#initial-interval 2; +#script "/etc/dhcp3/dhclient-script"; +#media "-link0 -link1 -link2", "link0 link1"; +#reject 192.33.137.209; + +#alias { +# interface "eth0"; +# fixed-address 192.5.5.213; +# option subnet-mask 255.255.255.255; +#} + +#lease { +# interface "eth0"; +# fixed-address 192.33.137.200; +# medium "link0 link1"; +# option host-name "andare.swiftmedia.com"; +# option subnet-mask 255.255.255.0; +# option broadcast-address 192.33.137.255; +# option routers 192.33.137.250; +# option domain-name-servers 127.0.0.1; +# renew 2 2000/1/12 00:00:01; +# rebind 2 2000/1/12 00:00:01; +# expire 2 2000/1/12 00:00:01; +#} diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment new file mode 100644 index 000000000..2460f1e5c --- /dev/null +++ b/config/chroot_local-includes/etc/environment @@ -0,0 +1,4 @@ +http_proxy=http://localhost:8118 +HTTP_PROXY=http://localhost:8118 +SOCKS_SERVER=localhost:9050 +SOCKS5_SERVER=localhost:9050 diff --git a/config/chroot_local-includes/etc/firewall.conf b/config/chroot_local-includes/etc/firewall.conf new file mode 100644 index 000000000..f8c9e1150 --- /dev/null +++ b/config/chroot_local-includes/etc/firewall.conf @@ -0,0 +1,43 @@ +*filter +:INPUT ACCEPT [0:0] +:FORWARD ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +# Established connections are accepted. +[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT + +# Local network connections should not fo through Tor. +[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT +[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT +[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT +[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT + +# Tor is allowed to do anything it wants to, everything else is dropped. +[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT +[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable + +COMMIT + +*nat +:PREROUTING ACCEPT [0:0] +:POSTROUTING ACCEPT [0:0] +:OUTPUT ACCEPT [0:0] + +# Local network connections should not fo through Tor. Note that we +# exclude the VirtualAddrNetwork used for .onion:s here. +[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN +[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN +[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN +[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN +[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN + +# Tor is allowed to do anything it wants to. +[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN + +# .onion mapped addresses redirection to Tor. +[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040 + +# Redirect all remaining TCP traffic to Tor. +[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040 + +COMMIT diff --git a/config/chroot_local-includes/etc/network/if-up.d/000firewall b/config/chroot_local-includes/etc/network/if-up.d/000firewall new file mode 100755 index 000000000..f57681e51 --- /dev/null +++ b/config/chroot_local-includes/etc/network/if-up.d/000firewall @@ -0,0 +1,12 @@ +#!/bin/sh + +# Exit if lo interface +[ "$METHOD" = "loopback" ] && exit 0 + +IPTABLES_RULES=/etc/firewall.conf + +[ -x /sbin/iptables-restore ] || exit 2 +[ -n "$IPTABLES_RULES" ] || exit 3 +[ -r "$IPTABLES_RULES" ] || exit 4 + +/sbin/iptables-restore < "$IPTABLES_RULES" diff --git a/config/chroot_local-includes/etc/network/if-up.d/600tor b/config/chroot_local-includes/etc/network/if-up.d/600tor new file mode 100755 index 000000000..6f1341f39 --- /dev/null +++ b/config/chroot_local-includes/etc/network/if-up.d/600tor @@ -0,0 +1,4 @@ +#! /bin/sh + +/etc/init.d/tor restart + diff --git a/config/chroot_local-includes/etc/pdnsd.conf b/config/chroot_local-includes/etc/pdnsd.conf new file mode 100644 index 000000000..19197dd2b --- /dev/null +++ b/config/chroot_local-includes/etc/pdnsd.conf @@ -0,0 +1,52 @@ +// Read the pdnsd.conf(5) manpage for an explanation of the options. + +/* Note: this file is overriden by automatic config files when + /etc/default/pdnsd AUTO_MODE is set and that + /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists + */ + +global { + perm_cache=2048; + cache_dir="/var/cache/pdnsd"; + run_as="pdnsd"; + server_ip = 127.0.0.1; // Use eth0 here if you want to allow other + // machines on your network to query pdnsd. + status_ctl = on; +// paranoid=on; +// query_method=tcp_udp; // pdnsd must be compiled with tcp + // query support for this to work. + min_ttl=15m; // Retain cached entries at least 15 minutes. + max_ttl=1w; // One week. + timeout=120; // Global timeout option (10 seconds). + + // Don't enable if you don't recurse yourself, can lead to problems + // delegation_only="com","net"; +} + +# Tor DNS resolver +server { + label = "tor"; + ip = 127.0.0.1; + port = 8853; + uptest = none; + exclude=".invalid"; + policy=included; + proxy_only = on; + lean_query = on; +} + +source { + owner=localhost; +// serve_aliases=on; + file="/etc/hosts"; +} + +rr { + name=localhost; + reverse=on; + a=127.0.0.1; + owner=localhost; + soa=localhost,root.localhost,42,86400,900,86400,86400; +} + +/* vim:set ft=c: */ diff --git a/config/chroot_local-includes/etc/polipo/config b/config/chroot_local-includes/etc/polipo/config new file mode 100644 index 000000000..883f77587 --- /dev/null +++ b/config/chroot_local-includes/etc/polipo/config @@ -0,0 +1,164 @@ +# Sample configuration file for Polipo. -*-sh-*- + +# You should not need to edit this configuration file; all configuration +# variables have reasonable defaults. + +# This file only contains some of the configuration variables; see the +# list given by ``polipo -v'' and the manual for more. + + +### Basic configuration +### ******************* + +# Uncomment one of these if you want to allow remote clients to +# connect: + +# proxyAddress = "::0" # both IPv4 and IPv6 +# proxyAddress = "0.0.0.0" # IPv4 only +proxyAddress = "127.0.0.1" # IPv4 only +proxyPort = 8118 + +# If you are enabling 'proxyAddress' above, then you want to enable the +# 'allowedClients' variable to the address of your network, e.g. +# allowedClients = 127.0.0.1, 192.168.42.0/24 + +# allowedClients = 127.0.0.1 + +# Uncomment this if you want your Polipo to identify itself by +# something else than the host name: + +proxyName = "localhost" + +# Uncomment this if there's only one user using this instance of Polipo: + +cacheIsShared = false + +# Uncomment this if you want to use a parent proxy: + +# parentProxy = "squid.example.org:3128" + +# Uncomment this if you want to use a parent SOCKS proxy: + +socksParentProxy = "localhost:9050" +socksProxyType = socks5 + + +### Memory +### ****** + +# Uncomment this if you want Polipo to use a ridiculously small amount +# of memory (a hundred C-64 worth or so): + +# chunkHighMark = 819200 +# objectHighMark = 128 + +# Uncomment this if you've got plenty of memory: + +# chunkHighMark = 50331648 +# objectHighMark = 16384 + + +### On-disk data +### ************ + +# Uncomment this if you want to disable the on-disk cache: + +diskCacheRoot = "" + +# Uncomment this if you want to put the on-disk cache in a +# non-standard location: + +# diskCacheRoot = "~/.polipo-cache/" + +# Uncomment this if you want to disable the local web server: + +# localDocumentRoot = "" + +# Uncomment this if you want to enable the pages under /polipo/index? +# and /polipo/servers?. This is a serious privacy leak if your proxy +# is shared. + +# disableIndexing = false +# disableServersList = false + +disableLocalInterface = true + +### Domain Name System +### ****************** + +# Uncomment this if you want to contact IPv4 hosts only (and make DNS +# queries somewhat faster): + +# dnsQueryIPv6 = no + +# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for +# double-stack hosts: + +# dnsQueryIPv6 = reluctantly + +# Uncomment this to disable Polipo's DNS resolver and use the system's +# default resolver instead. If you do that, Polipo will freeze during +# every DNS query: + +# dnsUseGethostbyname = yes + + +### HTTP +### **** + +# Uncomment this if you want to enable detection of proxy loops. +# This will cause your hostname (or whatever you put into proxyName +# above) to be included in every request: + +disableVia = true + +# Uncomment this if you want to slightly reduce the amount of +# information that you leak about yourself: + +censoredHeaders = from, accept-language, x-pad +censorReferer = maybe + +# Uncomment this if you're paranoid. This will break a lot of sites, +# though: + +# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language +# censorReferer = true + +# Uncomment this if you want to use Poor Man's Multiplexing; increase +# the sizes if you're on a fast line. They should each amount to a few +# seconds' worth of transfer; if pmmSize is small, you'll want +# pmmFirstSize to be larger. + +# Note that PMM is somewhat unreliable. + +# pmmFirstSize = 16384 +# pmmSize = 8192 + +# Uncomment this if your user-agent does something reasonable with +# Warning headers (most don't): + +# relaxTransparency = maybe + +# Uncomment this if you never want to revalidate instances for which +# data is available (this is not a good idea): + +# relaxTransparency = yes + +# Uncomment this if you have no network: + +# proxyOffline = yes + +# Uncomment this if you want to avoid revalidating instances with a +# Vary header (this is not a good idea): + +# mindlesslyCacheVary = true + +### Tor-specific configuration +### ************************** + +serverSlots = 2 +serverMaxSlots = 8 +allowedPorts = 1-65535 +tunnelAllowedPorts = 1-65535 +maxConnectionAge = 5m +maxConnectionRequests = 120 diff --git a/config/chroot_local-includes/etc/tor/tor-tsocks.conf b/config/chroot_local-includes/etc/tor/tor-tsocks.conf new file mode 100644 index 000000000..dd58d8bed --- /dev/null +++ b/config/chroot_local-includes/etc/tor/tor-tsocks.conf @@ -0,0 +1,19 @@ +# This is the configuration for libtsocks (transparent socks) for use +# with tor, which is providing a socks server on port 9050 by default. +# +# See tsocks.conf(5) and torify(1) manpages. + +server = 127.0.0.1 +server_port = 9050 + +# We specify local as 127.0.0.0 - 127.191.255.255 because the +# Tor MAPADDRESS virtual IP range is the rest of net 127. +local = 127.0.0.0/255.128.0.0 +local = 127.128.0.0/255.192.0.0 + + +# My local networks +local = 10.0.0.0/255.0.0.0 +local = 172.16.0.0/255.255.0.0 +local = 192.168.0.0/255.255.0.0 + diff --git a/config/chroot_local-includes/etc/tor/torrc b/config/chroot_local-includes/etc/tor/torrc new file mode 100644 index 000000000..9da08e2ca --- /dev/null +++ b/config/chroot_local-includes/etc/tor/torrc @@ -0,0 +1,172 @@ +## Configuration file for a typical Tor user +## Last updated 22 December 2007 for Tor 0.2.0.14-alpha. +## (May or may not work for much older or much newer versions of Tor.) +## +## Lines that begin with "## " try to explain what's going on. Lines +## that begin with just "#" are disabled commands: you can enable them +## by removing the "#" symbol. +## +## See the man page, or https://www.torproject.org/tor-manual-dev.html, +## for more options you can use in this file. +## +## Tor will look for this file in various places based on your platform: +## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc + + +## Replace this with "SocksPort 0" if you plan to run Tor only as a +## server, and not make any local application connections yourself. +SocksPort 9050 # what port to open for local application connections +SocksListenAddress 127.0.0.1 # accept connections only from localhost +#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also + +## Entry policies to allow/deny SOCKS requests based on IP address. +## First entry that matches wins. If no SocksPolicy is set, we accept +## all (and only) requests from SocksListenAddress. +#SocksPolicy accept 192.168.0.0/16 +#SocksPolicy reject * + +## Logs go to stdout at level "notice" unless redirected by something +## else, like one of the below lines. You can have as many Log lines as +## you want. +## +## We advise using "notice" in most cases, since anything more verbose +## may provide sensitive information to an attacker who obtains the logs. +## +## Send all messages of level 'notice' or higher to /var/log/tor/notices.log +#Log notice file /var/log/tor/notices.log +## Send every possible message to /var/log/tor/debug.log +#Log debug file /var/log/tor/debug.log +## Use the system log instead of Tor's logfiles +#Log notice syslog +## To send all messages to stderr: +#Log debug stderr + +## Uncomment this to start the process in the background... or use +## --runasdaemon 1 on the command line. This is ignored on Windows; +## see the FAQ entry if you want Tor to run as an NT service. +#RunAsDaemon 1 + +## The directory for keeping all the keys/etc. By default, we store +## things in $HOME/.tor on Unix, and in Application Data\tor on Windows. +#DataDirectory /var/lib/tor + +## The port on which Tor will listen for local connections from Tor +## controller applications, as documented in control-spec.txt. +ControlPort 9051 +ControlListenAddress 127.0.0.1 + +## Tor unconditionnally chmod's DataDirectory (/var/lib/tor) at startup, +## and the debian-tor group can thus not access it, so we have it put +## the auth cookie elsewhere. +CookieAuthentication 1 +CookieAuthFile /tmp/control_auth_cookie +CookieAuthFileGroupReadable 1 + +############### This section is just for location-hidden services ### + +## Once you have configured a hidden service, you can look at the +## contents of the file ".../hidden_service/hostname" for the address +## to tell people. +## +## HiddenServicePort x y:z says to redirect requests on port x to the +## address y:z. + +#HiddenServiceDir /var/lib/tor/hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 + +#HiddenServiceDir /var/lib/tor/other_hidden_service/ +#HiddenServicePort 80 127.0.0.1:80 +#HiddenServicePort 22 127.0.0.1:22 + +################ This section is just for relays ##################### +# +## See https://www.torproject.org/docs/tor-doc-relay for details. + +## A unique handle for your server. +#Nickname ididnteditheconfig + +## The IP or FQDN for your server. Leave commented out and Tor will guess. +#Address noname.example.com + +## Define these to limit the bandwidth usage of relayed (server) +## traffic. Your own traffic is still unthrottled. +## Note that RelayBandwidthRate must be at least 20 KB. +#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps) +#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps) + +## Contact info to be published in the directory, so we can contact you +## if your server is misconfigured or something else goes wrong. +#ContactInfo Random Person +## You might also include your PGP or GPG fingerprint if you have one: +#ContactInfo 1234D/FFFFFFFF Random Person + +## Required: what port to advertise for Tor connections. +#ORPort 9001 +## If you need to listen on a port other than the one advertised +## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the +## line below too. You'll need to do ipchains or other port forwarding +## yourself to make this work. +#ORListenAddress 0.0.0.0:9090 + +## Uncomment this to mirror directory information for others. Please do +## if you have enough bandwidth. +#DirPort 9030 # what port to advertise for directory connections +## If you need to listen on a port other than the one advertised +## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line +## below too. You'll need to do ipchains or other port forwarding yourself +## to make this work. +#DirListenAddress 0.0.0.0:9091 + +## Uncomment this if you run more than one Tor server, and add the +## nickname of each Tor server you control, even if they're on different +## networks. You declare it here so Tor clients can avoid using more than +## one of your servers in a single circuit. See +## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers +#MyFamily nickname1,nickname2,... + +## A comma-separated list of exit policies. They're considered first +## to last, and the first match wins. If you want to _replace_ +## the default exit policy, end this with either a reject *:* or an +## accept *:*. Otherwise, you're _augmenting_ (prepending to) the +## default exit policy. Leave commented to just use the default, which is +## available in the man page or at https://www.torproject.org/documentation.html +## +## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses +## for issues you might encounter if you use the default exit policy. +## +## If certain IPs and ports are blocked externally, e.g. by your firewall, +## you should update your exit policy to reflect this -- otherwise Tor +## users will be told that those destinations are down. +## +#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more +#ExitPolicy accept *:119 # accept nntp as well as default exit policy +#ExitPolicy reject *:* # no exits allowed +# +################ This section is just for bridge relays ############## +# +## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the +## main directory. Since there is no complete public list of them, even if an +## ISP is filtering connections to all the known Tor relays, they probably +## won't be able to block all the bridges. Unlike running an exit relay, +## running a bridge relay just passes data to and from the Tor network -- +## so it shouldn't expose the operator to abuse complaints. + +#ORPort 443 +#BridgeRelay 1 +#RelayBandwidthRate 50KBytes +#ExitPolicy reject *:* + + +################ Local settings ######################################## + +## Torified DNS +DNSPort 8853 +AutomapHostsOnResolve 1 +AutomapHostsSuffixes .exit,.onion + +## Transparent proxy +TransPort 9040 +TransListenAddress 127.0.0.1 + +## Misc +AvoidDiskWrites 1 diff --git a/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me new file mode 100755 index 000000000..4a4236737 --- /dev/null +++ b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me @@ -0,0 +1,36 @@ +#!/bin/sh +# +# This script fully disables the iptables firewall, and thus the +# transparent forwarding thru Tor of all non-local network +# connections... which defeats the whole purpose of this OS, hence +# this script's name. + +IPT=/sbin/iptables + +[ -x "$IPT" ] || exit 67 + +$IPT -P INPUT ACCEPT +$IPT -P FORWARD ACCEPT +$IPT -P OUTPUT ACCEPT + +$IPT -t nat -P PREROUTING ACCEPT +$IPT -t nat -P POSTROUTING ACCEPT +$IPT -t nat -P OUTPUT ACCEPT + +$IPT -t mangle -P PREROUTING ACCEPT +$IPT -t mangle -P INPUT ACCEPT +$IPT -t mangle -P FORWARD ACCEPT +$IPT -t mangle -P OUTPUT ACCEPT +$IPT -t mangle -P POSTROUTING ACCEPT + +$IPT -F +$IPT -t nat -F +$IPT -t mangle -F + +$IPT -X +$IPT -t nat -X +$IPT -t mangle -X + +echo "You might want to unset http_proxy and HTTP_PROXY environment variables as well:" +echo " unset http_proxy" +echo " unset HTTP_PROXY" diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/Changelog b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog new file mode 100644 index 000000000..8070c437d --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog @@ -0,0 +1,119 @@ +2009 06 20 - dev + + * hardware support: + - install firmware-linux from backports.org + - install system-config-printer + * APT/pinning: give backports.org priority 200, so that we track + upgrades of packages installed from there. + * build system: allow building several images at once + +2009 06 19 - dev + + * Tor: added a "Restart Tor" launcher to the Gnome panel, + that runs "/etc/init.d/tor restart" + * APT: re-configure pinning and sources to use squeeze rather than + unstable to fetch newer or not-in-Lenny software + * hardware support: added instructions in README.eCAFE to support the + Hercules eCAFÉ™ EC-800 netbook + * release: include the Changelog and TODO in the generated images, + in the /usr/share/doc/amnesia/ directory + * torbutton: install newer version from Squeeze + +2009 06 18 - dev + + * software: install gnomebaker when building Gnome-based live OS, to + easily clone myself when running from CD + +2009 06 17 - dev + + * Tor vs. Network Manager: added a restart tor hook to if-up.d (used by + Network Manager as well), so that Tor does work immediately even if + the network cable was plugged late in/after the boot process + * build system cleanup + - migrated most of lh_config invocations to scripts/config + - append "noprompt" so that halting/rebooting work with splashy + - moved our own variables to config/amnesia, using the namespace + $AMNESIA_* + * APT: configure pinning to support installing chosen packages from sid; + the APT source for unstable is hardcoded in chroot_sources/sid, since + there is no way to use $LH_CHROOT_MIRROR there: the chroot_local-hooks + have no access to such configuration variables :/ + * iceweasel: install NoScript plugin from Debian sid + +2009 06 16 - dev + + * iceweasel: delete urlclassifier3.sqlite on $HOME refresh: as we + disabled "safebrowsing", this huge file is of no use + * build system + - rely on standard live-initramfs adduser to do our user setup + (including sudo vs. Gnome/KDE, etc.) + - stop "supporting" KDE + * linux: removed non-686 kernel flavours when building i386 images + * compatibility: append "live-media=removable live-media-timeout=15", to + prevent blindly booting another debian-live installed on the hard disk + * software: install scribus + +2009 XX XX - dev + + * Forked Privatix 9.03.15, by Markus Mandalka: + http://mandalka.name/privatix/index.html.en + Everything has since been rewritten or so heavily changed that nothing + remains from the original code... apart of a bunch of Gnome settings. + * iceweasel + - default search engine is now Scroogle SSL, configured to search pages + in French language; the English one is also installed + - never ask to save passwords or forms content + - configured the torbutton extension to use polipo + - installed the CACert root certificate + - installed the SSL Blacklist extension and the blacklist data + - installed the FireGPG extension + - installed the CS Lite extension + - installed the NoScript extension + - NoScript, CS Lite: replaced the default whitelists with a list of + trusted, non-commercial Internet Service Providers + - configure extensions (add to prefs.js): + user_pref("extensions.torbutton.startup", true); + user_pref("extensions.torbutton.startup_state", 1); + user_pref("extensions.torbutton.tor_enabled", true); + user_pref("noscript.notify.hide", true); + user_pref("capability.policy.maonoscript.sites", "about: + about:blank about:certerror about:config about:credits + about:neterror about:plugins about:privatebrowsing + about:sessionrestore chrome: resource:"); + user_pref("extensions.firegpg.no_updates", true); + * Tor + - enable the transparent proxy, the DNS resolver, and the control port + - save authentication cookie to /tmp/control_auth_cookie, so that the + live user can use Tork and co. + - autostart Tork with Gnome + - Tork: installed, disabled most notifications and startup tips + * build system + - build i386 images when the build host is amd64 + - added a version file: /etc/amnesia/version + - use snapshot live-* packages inside the images + - setup timezone depending on the chosen build locale + * $HOME + - added a nautilus-script to wipe files and directories + - bash with working completion for the live user + * software: added + - gnome-app-install + - iwconfig + - cryptkeeper: Gnome system tray applet to encrypt files with EncFS + - kvkbd: virtual keyboard (installed from backports.org) + - sshfs (and added live user to the fuse group) + - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g + * polipo: install and configure this HTTP proxy to forward requests + through Tor + * DNS: install and configure pdnsd to forward any DNS request through + the Tor resolver + * firewall: force every outgoing TCP connection through the Tor + transparent proxy, discard any outgoing UDP connection + * hardware support + - install a bunch of non-free wifi firmwares + - install xsane and add the live user to the scanner group + - install aircrack-ng + - install xserver-xorg-video-geode on i386 (eCafe support) + - install xserver-xorg-video-all + * misc + - set syslinux timeout to 4 seconds + - use splashy for more user-friendly boot/halt sequences diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README b/config/chroot_local-includes/usr/share/doc/amnesia/README new file mode 100644 index 000000000..79a79df3e --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/README @@ -0,0 +1,37 @@ +-*- mode: markdown; -*- + +Building an image +================= + +Customization +------------- + +The settings that can be customized can be found in `config/amnesia`; +e.g. images types to build, desktop environment. + +You'd better never directly edit this file: rather put your custom +variable assignments in a new `config/amnesia.local` file. The values +found in the `.local` file will override the ones from the +upstream one. + +These configuration files are actually shell scripts, and are sourced +by various other scripts. + +How to build +------------ + +All following commands must be run as `root`, at the root of the +source directory: a Git checkout, an extracted tarball. + +Initialize the Live system's configuration with `lh_config`: + + lh_config + +Optionally set your preferred language for the generated images; only +"fr" is currently fully supported, but other languages are still worth +trying: + + lh_config --language fr + +You can then use the standard live-helper commands to build the chosen +images (`lh build`) and to cleanup the build directory (`lh clean`). diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE new file mode 100644 index 000000000..f1592a357 --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE @@ -0,0 +1,45 @@ +-*- mode: markdown; -*- + +Hercules eCAFÉ™ EC-800 +====================== + +Linux kernel +------------ + +`lh_config --linux-flavours 486` + +X.Org +----- + +### Custom configuration file + +- copy, and optionally adapt, the custom `./examples/eCAFE/xorg.conf` + to `config/chroot_local-includes/etc/X11/` ; beware of the + permissions, non-root users must have read access to the including + X11 directory and to the `xorg.conf` file + +### Disable automatic X.Org configuration + +In `config/privatix`, add `noxautoconfig` to the `PRIVATIX_APPEND` +boot parameters list. + +### Weird bugfix + +Probably due to a bug in `live-helper` or `live-initramfs`, one also has +to create in the chroot: +- the `/etc/X11` directory +- the `/etc/X11/X` symbolic link. + +This can be easily achieved by copying `./examples/eCAFE/X11_fixup` to +`config/chroot_local-hooks`. The copied file must have executable +permissions set. + +Console frame buffer +-------------------- + +In `config/privatix`, edit the `PRIVATIX_APPEND` boot parameters list +to: +- remove `vga=791` +- add `video=lxfb:800x480@60` + + diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/TODO b/config/chroot_local-includes/usr/share/doc/amnesia/TODO new file mode 100644 index 000000000..6ade95ca6 --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/TODO @@ -0,0 +1,92 @@ +-*- mode: markdown; -*- + +release +======= + +- add copyright +- setup Git repository +- setup web site + +build system +============ + +- bundle (and maybe adapt) home-refresh in the generated images + +hardware support +================ + +PowerPC +------- + +- http://machine-cycle.blogspot.com/2009/05/running-debian-on-qemu-powerpc.html +- /usr/share/doc/qemu/README.Debian +- http://mac-on-linux.svn.sourceforge.net/viewvc/mac-on-linux/trunk/mollib/drivers/ + +install/upgrade +=============== + +- install on (optionally encrypted) USB from CD +- install on CD from USB? +- clone the source directory to /usr/local/src/, and allow easy + remastering from the live system itself? +- add 2nd encrypted data partition +- USB: allow upgrading only the live system, not touching the other + partitions (use the iso + grub trick ? tar image + cp?) + +documentation +============= + +- copy and adapt the privatix documentation +- write documentation for install/upgrade + +iceweasel +========= + +- do *not* ask to remember passwords +- install some trusted, non-commercial SSL certificates (e.g. + Autistici/Inventati) +- easily build a live system with a custom JavaScript/cookies + whitelist +- remove *.sqlite *.db ? + +switch to Debian-packaged extensions +------------------------------------ + +- mozilla-noscript: done, deinstall + remove from $HOME +- torbutton: done, deinstall + remove from $HOME +- CS Lite: is another nice cookie manager already packaged? +- SSL Blacklist: serious licensing problem, see thread on + pkg-mozext-maintainers@lists.alioth.debian.org, could be solved + +FireGPG +------- + +- disable the buggy auto-detection feature +- disable link to firegpg's homepage in generated pgp messages + +Pidgin +====== + +- base config? +- add irc.indymedia.org + SSL certificate + +usecases +======== + +switch between use cases in syslinux menu +- Tor enforcement +- persistence + +steal some Incognito tricks +=========================== + +- look at `fsscript.sh` (Tor auth cookie, Tork user config, etc.) +- smem +- macchanger + +Misc. +===== + +- fix TorK iconify on startup +- is `allow-user-other` necessary for sshfs? (`/etc/fuse.conf`) +- install seahorse-plugins (e.g. for Gedit) which is not in Lenny diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup new file mode 100755 index 000000000..52b9a3b1b --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup @@ -0,0 +1,7 @@ +#!/bin/sh + +if [ ! -d /etc/X11 ]; then + mkdir /etc/X11 + chmod 755 /etc/X11 +fi +ln -s --force /usr/bin/Xorg /etc/X11/X diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf new file mode 100644 index 000000000..37e2f6d7c --- /dev/null +++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf @@ -0,0 +1,47 @@ +# xorg.conf (X.Org X Window System server configuration file) + +Section "InputDevice" + Identifier "Generic Keyboard" + Driver "kbd" + Option "XkbRules" "xorg" + Option "XkbModel" "pc105" + Option "XkbLayout" "fr" +EndSection + +Section "InputDevice" + Identifier "Configured Mouse" + Driver "mouse" +EndSection + +Section "Device" + Identifier "Configured Video Device" + Driver "geode" + BusID "PCI:0:1:1" + Option "UseFBDev" "true" + Option "PanelGeometry" "800x480" +EndSection + +Section "Monitor" + Identifier "Configured Monitor" + Option "DPMS" + HorizSync 25 - 50 + VertRefresh 50.0 - 75.0 + Modeline "800x480" 33.45 800 840 968 1056 480 490 492 525 -hsync -vsync + Modeline "1024x600" 48.96 1024 1064 1168 1312 600 601 604 622 -hsync +vsync + Modeline "1024x768" 64.56 1024 1056 1296 1328 768 783 791 807 -hsync +vsync + DisplaySize 255 150 +EndSection + +Section "Screen" + Identifier "Default Screen" + Monitor "Configured Monitor" + Device "Configured Video Device" + DefaultDepth 16 + SubSection "Display" + Depth 16 + Modes "800x480" + Viewport 0 0 + EndSubSection + #Virtual 1024 768 +EndSection + diff --git a/config/chroot_local-packageslists/amnesia-common b/config/chroot_local-packageslists/amnesia-common new file mode 100644 index 000000000..ba0a5b39d --- /dev/null +++ b/config/chroot_local-packageslists/amnesia-common @@ -0,0 +1,83 @@ +# Self-installer +bash +cryptsetup +dialog +dosfstools +e2fsprogs +grep +grub +initramfs-tools +live-helper +mkisofs +parted +pv +util-linux +xdialog +xterm + +# Self-bla +# contains mkpasswd, needed in chroot_local-hooks/01-password +whois + +# Software +mc +rsync +aircrack-ng +bash-completion +enigmail +evince +exiv2 +file-roller +gcalctool +gimp +gstreamer0.10-ffmpeg +gstreamer0.10-plugins-base +gstreamer0.10-plugins-good +gstreamer0.10-plugins-ugly +icedove +iceweasel +iceweasel-torbutton/testing +iptables +kvkbd +less +macchanger +mozilla-noscript/testing +network-manager-gnome +network-manager-openvpn +network-manager-openvpn-gnome +ntfs-3g +openoffice.org +openoffice.org-hyphenation-en-us +openoffice.org-thesaurus-en-us +openssh-client +pidgin +pidgin-otr +pmount +polipo +pppoeconf +scribus +seahorse +secure-delete +splashy +sshfs +system-config-printer +tor +pdnsd +tork +totem-gstreamer +wireless-tools +wipe +xsane + +# Firmwares +firmware-ipw2x00 +firmware-iwlwifi +firmware-linux +firmware-ralink +zd1211-firmware + +# Xorg +#if ARCHITECTURE i386 +xserver-xorg-video-geode +#endif +xserver-xorg-video-all diff --git a/config/chroot_local-packageslists/amnesia-de b/config/chroot_local-packageslists/amnesia-de new file mode 100644 index 000000000..9ba5cd301 --- /dev/null +++ b/config/chroot_local-packageslists/amnesia-de @@ -0,0 +1,10 @@ +# Locales +icedove-l10n-de +iceweasel-l10n-de +openoffice.org-l10n-de +openoffice.org-help-de +openoffice.org-hyphenation-de +openoffice.org-thesaurus-de + +# Tork translation, at least +kde-i18n-de diff --git a/config/chroot_local-packageslists/amnesia-fr b/config/chroot_local-packageslists/amnesia-fr new file mode 100644 index 000000000..a3028d749 --- /dev/null +++ b/config/chroot_local-packageslists/amnesia-fr @@ -0,0 +1,12 @@ +# Locales +icedove-l10n-fr +iceweasel-l10n-fr +openoffice.org-l10n-fr +openoffice.org-help-fr + +# not in Lenny +# openoffice.org-hyphenation-fr +# openoffice.org-thesaurus-fr + +# Tork translation, at least +kde-i18n-fr diff --git a/config/chroot_local-packageslists/amnesia-gnome b/config/chroot_local-packageslists/amnesia-gnome new file mode 100644 index 000000000..b1978dabd --- /dev/null +++ b/config/chroot_local-packageslists/amnesia-gnome @@ -0,0 +1,10 @@ +#include + +cryptkeeper +gnomebaker +hunspell +hunspell-en-us +icedove-gnome-support +iceweasel-gnome-support +nautilus-actions +openoffice.org-gnome diff --git a/config/chroot_local-packageslists/amnesia-xfce b/config/chroot_local-packageslists/amnesia-xfce new file mode 100644 index 000000000..d08d3eb1f --- /dev/null +++ b/config/chroot_local-packageslists/amnesia-xfce @@ -0,0 +1,3 @@ +#include + +xfce4-xfapplet-plugin diff --git a/config/chroot_local-preseed/firmware b/config/chroot_local-preseed/firmware new file mode 100644 index 000000000..0fce95d45 --- /dev/null +++ b/config/chroot_local-preseed/firmware @@ -0,0 +1,3 @@ +firmware-ipw2x00 firmware-ipw2x00/license/accepted boolean true +firmware-iwlwifi firmware-iwlwifi/license/accepted boolean true +firmware-ralink firmware-ralink/license/accepted boolean true diff --git a/config/chroot_local-preseed/user b/config/chroot_local-preseed/user new file mode 100644 index 000000000..75685780c --- /dev/null +++ b/config/chroot_local-preseed/user @@ -0,0 +1 @@ +debconf passwd/user-default-groups string audio cdrom dialout floppy video plugdev netdev powerdev fuse debian-tor scanner \ No newline at end of file diff --git a/config/chroot_sources/backports.binary b/config/chroot_sources/backports.binary new file mode 120000 index 000000000..112607a14 --- /dev/null +++ b/config/chroot_sources/backports.binary @@ -0,0 +1 @@ +backports.chroot \ No newline at end of file diff --git a/config/chroot_sources/backports.binary.gpg b/config/chroot_sources/backports.binary.gpg new file mode 120000 index 000000000..12669930f --- /dev/null +++ b/config/chroot_sources/backports.binary.gpg @@ -0,0 +1 @@ +backports.chroot.gpg \ No newline at end of file diff --git a/config/chroot_sources/backports.chroot b/config/chroot_sources/backports.chroot new file mode 100644 index 000000000..22c24f515 --- /dev/null +++ b/config/chroot_sources/backports.chroot @@ -0,0 +1 @@ +deb http://www.backports.org/debian lenny-backports main non-free diff --git a/config/chroot_sources/backports.chroot.gpg b/config/chroot_sources/backports.chroot.gpg new file mode 100644 index 000000000..6e6640476 --- /dev/null +++ b/config/chroot_sources/backports.chroot.gpg @@ -0,0 +1,33 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.3 (GNU/Linux) + +mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx +Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc +/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz +onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd +kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex +Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6 +m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq +bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR +bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz +Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR +AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S +cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD +FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48 +OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD +FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44 +Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ +FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn +DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO +90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN +StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D +JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD +BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0 +AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB +TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr +O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8 +cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC ++FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs +VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg== +=fBrI +-----END PGP PUBLIC KEY BLOCK----- diff --git a/config/chroot_sources/live-snapshots.binary b/config/chroot_sources/live-snapshots.binary new file mode 120000 index 000000000..40be6d90f --- /dev/null +++ b/config/chroot_sources/live-snapshots.binary @@ -0,0 +1 @@ +live-snapshots.chroot \ No newline at end of file diff --git a/config/chroot_sources/live-snapshots.binary.gpg b/config/chroot_sources/live-snapshots.binary.gpg new file mode 120000 index 000000000..24646fde5 --- /dev/null +++ b/config/chroot_sources/live-snapshots.binary.gpg @@ -0,0 +1 @@ +live-snapshots.chroot.gpg \ No newline at end of file diff --git a/config/chroot_sources/live-snapshots.chroot b/config/chroot_sources/live-snapshots.chroot new file mode 100644 index 000000000..908d111b6 --- /dev/null +++ b/config/chroot_sources/live-snapshots.chroot @@ -0,0 +1 @@ +deb http://live.debian.net/debian/ ./ diff --git a/config/chroot_sources/live-snapshots.chroot.gpg b/config/chroot_sources/live-snapshots.chroot.gpg new file mode 100644 index 000000000..de6088db2 --- /dev/null +++ b/config/chroot_sources/live-snapshots.chroot.gpg @@ -0,0 +1,31 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1.4.9 (GNU/Linux) + +mQGiBEl/CO4RBACcpjLvmL+j4QL7FaYK8VuQKu8jNflLCwAU6glCHOGpLRiXboFN +A6Z1rQHAoQTUiIva7ZH0M5glIItqjivZDFZknUlEbEWzTYIzbiOyjU0lACy+qJXA +jl2M5Eh+9mCIn1vWI4NP4EZSZ3PmZnZHI9V8mV4Nz+fKt2oZ9qdOloXN8wCg+qZt +pGzHy7angIsZSP0olc+Nt6ED/1oZtrqIpcu9VDldPnK30lQM+IkQ1XJ6Vptm0TWv +pmbRDdtvPaoFRx0XmI+2NR7RAIZ9/t+qEdO0lSf4FJJ7u5Sb5as1fUglB9e0+p87 +9gByiERFw+c5NsX6ZjohSd2vvYuZowPTaiyQMI+/ksLL2kRxakK+igF+66IbhXVf +FV1IA/4ky3xuZziUnOEYdydxmYN5rN81u02tZ8VrDt8CmX+c5ADejetFjhqw98tf +fUrtTCnljwkjsjupbv4yBsP3XJVCHkWGzzrdi67rO1wsWCIRjxxr7v8Mddv1Q42+ +C9SnloHCasBfVYKMlI8ubQTtCWVER2nkpGKRc/eYWG7/wdb3cLRYRGViaWFuIFVu +b2ZmaWNpYWwgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMDkpIDxm +dHBtYXN0ZXJAZGViaWFuLXVub2ZmaWNpYWwub3JnPohmBBMRAgAmBQJJfwjuAhsD +BQkB58sABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQIsrkBFB8zktuMACePy/o +gXyOdQ2JeLnKFOBAlb2YQooAoKCG1cRMVqNzcBb4nxfeK5sauzLluQINBEl/CO4Q +CADJ5BP5ftcUz9LWNCa0DNtzWNBNg3tTsiFO5V9zOdQn/DLczg5u0GSmEPpa6CGv +/oOANkq32TKmiP2XgqUyhGj1sTkM2MCqj1dzfDKBsV+pvJ3+5irsbCQyP/JywD/X +cdAo/GkieCpth4ZOyjAYQ8AaGDtBFWd1SBl5+ybtk3z1/Uxcubhz8U6Jgar93O+z +a+YW+4sG/Zfcej30Fus4HKFR6HUBSNDxUmnQ9XT74cjWVGn33vHiCZofhmHWlqEx +roI6fHDP/6yyHiqHxRJ34IN3/sD0ksHMK7HOZvzfL6B4YfgtUkUAC447QtdWsIYl +xJaD8GrcdREIl0Ojd/9OLar7AAMFB/0UpsmEYdv/AkG6rd4l2Yrdilx/Q5sIqKQU +BOlJfh5I5x9JUfBwgofXSjIXwDRKl6P9MXWDidPFgqyQGpURoellX33mhFkA42JH +Qkix6ASr//cfwszVe7j3VG4dHZklC/AxjuObY+52k+/PFuhYxRZ7F4jLGOcr6IdS +9ViwE6fhP/oQkb6i9SbM15gnmZZ/Ul0wbku5kuf+jIUjhmooYydamPxceuqyKf6v +Bbopg5YpZL7Lw2MwCgrV7DhqqDRXUyZCw/+bc5dBW52g4I3UGjPqam+Xi1A93jOb +su+J/dTy7vTobhCrOmkmlsgpYlyTRfMrqjhkQImHCUk2Z8MBSm1iiE8EGBECAA8F +Akl/CO4CGwwFCQHnywAACgkQIsrkBFB8zkt5RwCg8R9IakCa0mhKa3/wA8Qukjet +5bcAoOc+kLVMJpMjVgLxdX1sQfTUg3l6 +=3ZYD +-----END PGP PUBLIC KEY BLOCK----- diff --git a/config/chroot_sources/squeeze.binary b/config/chroot_sources/squeeze.binary new file mode 120000 index 000000000..7a0a9455f --- /dev/null +++ b/config/chroot_sources/squeeze.binary @@ -0,0 +1 @@ +squeeze.chroot \ No newline at end of file diff --git a/config/chroot_sources/squeeze.chroot b/config/chroot_sources/squeeze.chroot new file mode 100644 index 000000000..5d8a69d4c --- /dev/null +++ b/config/chroot_sources/squeeze.chroot @@ -0,0 +1 @@ +deb http://ftp.fr.debian.org/debian/ squeeze main diff --git a/doc b/doc new file mode 120000 index 000000000..6dc5f3ded --- /dev/null +++ b/doc @@ -0,0 +1 @@ +config/chroot_local-includes/usr/share/doc/amnesia \ No newline at end of file diff --git a/home-refresh b/home-refresh new file mode 100755 index 000000000..02164f2c8 --- /dev/null +++ b/home-refresh @@ -0,0 +1,29 @@ +#!/bin/bash + +. config/amnesia +if [ -e config/amnesia.local ] ; then + . config/amnesia.local +fi + +# How to use $TAR_OPTS: +# - $TAR_OPTS should be used unquoted +# - 'set -o noglob' has to be run before any $TAR_OPTS use +# - 'set +o noglob' has to be run after any $TAR_OPTS use +TAR_OPTS="" +set -o noglob +for pattern in $AMNESIA_HOME_EXCLUDES; do + TAR_OPTS="$TAR_OPTS --exclude=$pattern" +done +set +o noglob + +echo "Deleting old home.tar.bz2" +rm home/home.tar.bz2 + +echo "Creating new home.tar.bz2" +set -o noglob +tar \ + jcf home/home.tar.bz2 \ + --atime-preserve --same-owner --numeric-owner --same-permissions \ + $TAR_OPTS \ + /home/amnesia +set +o noglob diff --git a/scripts/build b/scripts/build new file mode 100755 index 000000000..94333ece1 --- /dev/null +++ b/scripts/build @@ -0,0 +1,68 @@ +#!/bin/sh + +# set -x + +BASEDIR="`dirname $0`/.." +. "${BASEDIR}/config/amnesia" +if [ -e "${BASEDIR}/config/amnesia.local" ] ; then + . "${BASEDIR}/config/amnesia.local" +fi + +extract_home () { + tar \ + jxf home/home.tar.bz2 \ + --atime-preserve --same-permissions \ + --directory="config/chroot_local-includes/" +} + +# a clean starting point +rm -rf cache/stages_rootfs + +# home +[ "${AMNESIA_REFRESH_HOME}" = "no" ] || ./home-refresh + +# build all configured image types +for BUILD_TYPE in ${AMNESIA_IMAGES} ; do + + case "$BUILD_TYPE" in + iso) + BUILD_FILENAME_EXT=iso + BUILD_FILENAME=binary + ;; + tar) + BUILD_FILENAME_EXT=tar.gz + BUILD_FILENAME=binary-tar + ;; + usb-hdd) + BUILD_FILENAME_EXT=img + BUILD_FILENAME=binary + ;; + *) + echo "Image type ${BUILD_TYPE} is not supported." >&2 + exit 1 + ;; + esac + . config/chroot # get LH_LANGUAGE + BUILD_BASENAME="amnesia-${AMNESIA_BASE}-${LH_LANGUAGE}-${AMNESIA_TODAY}" + BUILD_DEST_FILENAME="${BUILD_BASENAME}.${BUILD_FILENAME_EXT}" + BUILD_LOG="build-${BUILD_BASENAME}.log" + + echo "Cleaning binary stage..." + lh clean noautoconfig --binary + + echo "Running lh config..." + lh config noautoconfig --binary-images "${BUILD_TYPE}" + + echo "Extracting home.tar.bz2 to chroot ..." + extract_home + + echo "Building $BUILD_TYPE image ${BUILD_BASENAME}..." + if lh build noautoconfig ${@} 2>&1 | tee "${BUILD_LOG}" ; then + echo "Image was successfully created, moving it to ${BUILD_DEST_FILENAME}" + mv -i "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" "${BUILD_DEST_FILENAME}" + else + echo "lh build failed." >&2 + exit 1 + fi + +done diff --git a/scripts/clean b/scripts/clean new file mode 100755 index 000000000..78885b6a9 --- /dev/null +++ b/scripts/clean @@ -0,0 +1,22 @@ +#!/bin/sh + +for dir in chroot/{dev/pts,proc,sys} ; do + if mountpoint -q "$dir" ; then + umount "$dir" + fi +done + +lh clean noautoconfig ${@} + +# rm -f build-*.log + +# Remove generated files +rm -f config/binary config/bootstrap config/chroot config/common config/source + +# Remove empty directories in config tree +if ls config/*/ > /dev/null 2>&1 ; then + rmdir --ignore-fail-on-non-empty config/*/ +fi + +# Remove unpacked /home/amnesia +rm -rf config/chroot_local-includes/home/ diff --git a/scripts/config b/scripts/config new file mode 100755 index 000000000..69e83e3c2 --- /dev/null +++ b/scripts/config @@ -0,0 +1,65 @@ +#! /bin/sh +# automatically run by lh_config + +BASEDIR="`dirname $0`/.." +. "${BASEDIR}/config/amnesia" +if [ -e "${BASEDIR}/config/amnesia.local" ] ; then + . "${BASEDIR}/config/amnesia.local" +fi + +RUN_LH_CONFIG="lh config noautoconfig" + +# init config/ with defaults +$RUN_LH_CONFIG ${@} + +# set Amnesia's general options +$RUN_LH_CONFIG \ + --apt-recommends disabled \ + --cache-stages "bootstrap rootfs" \ + --categories "main non-free" \ + --distribution lenny \ + --hostname="amnesia" \ + --iso-application="Amnesia live system" \ + --iso-publisher="https://amnesia.boum.org/" \ + --iso-volume="Amnesia ${AMNESIA_TODAY}" \ + --memtest none \ + --username="amnesia" \ + --syslinux-timeout 4 \ + ${@} + +# build i386 images on amd64 as well, +# include only 686 kernel when building for i386 +hw_arch="`dpkg --print-architecture`" +if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then + $RUN_LH_CONFIG \ + --architecture i386 \ + --linux-flavours 686 \ + ${@} +fi + +# locale-dependent configuration +. "${BASEDIR}/config/chroot" +case "${LH_LANGUAGE}" in + de) + AMNESIA_APPEND="${AMNESIA_APPEND} locale=de_DE.UTF-8 keyb=de timezone=Europe/Berlin" + ;; + fr) + AMNESIA_APPEND="${AMNESIA_APPEND} locale=fr_FR.UTF-8 keyb=fr timezone=Europe/Paris" + ;; + *) + ;; +esac +$RUN_LH_CONFIG --bootappend-live "${AMNESIA_APPEND}" ${@} + +case "${LH_LANGUAGE}" in + de|fr) + PACKAGES_LISTS="standard amnesia-common amnesia-${AMNESIA_BASE} amnesia-${LH_LANGUAGE}" + ;; + *) + PACKAGES_LISTS="standard amnesia-common amnesia-${AMNESIA_BASE}" + ;; +esac +$RUN_LH_CONFIG --packages-lists="$PACKAGES_LISTS" ${@} + +# version +echo "${AMNESIA_TODAY}" > "${BASEDIR}/config/chroot_local-includes/etc/amnesia/version" -- 2.11.4.GIT