first
This commit is contained in:
commit
b50fd16591
21
LICENSE
Normal file
21
LICENSE
Normal file
@ -0,0 +1,21 @@
|
||||
The MIT License
|
||||
|
||||
Copyright 2014 Jakub Jirutka <jakub@jirutka.cz>.
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in
|
||||
all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
||||
THE SOFTWARE.
|
22
Makefile
Normal file
22
Makefile
Normal file
@ -0,0 +1,22 @@
|
||||
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
PREFIX=/usr/local
|
||||
USER=`grep PRIV_SKEL_USERS_LIST /usr/local/etc/testforge/testforge.bash|sed -e 's/.*=//' -e 's/"//g'`
|
||||
WD=${PWD}
|
||||
|
||||
daily:: refresh
|
||||
refresh:: check lint
|
||||
|
||||
weekly:: update
|
||||
update:: test
|
||||
|
||||
check::
|
||||
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
|
||||
|
||||
lint::
|
||||
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
|
||||
|
||||
test::
|
||||
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
|
||||
|
3
README.md
Normal file
3
README.md
Normal file
@ -0,0 +1,3 @@
|
||||
|
||||
This base role is from https://github.com/gentoo-ansible/role-base/
|
||||
and is just a starting point.
|
135
defaults/main.yml
Executable file
135
defaults/main.yml
Executable file
@ -0,0 +1,135 @@
|
||||
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||||
|
||||
---
|
||||
|
||||
# these can be overridden using --extra-vars on the playbook command line
|
||||
|
||||
BASE_ROOT_USER: "{{BOX_ROOT_USER|default('root')}}"
|
||||
BASE_ROOT_GROUP: "{{BOX_ROOT_GROUP|default('root')}}"
|
||||
|
||||
BASE_PYTHON2_MINOR: "{{BOX_PYTHON2_MINOR}}"
|
||||
BASE_PYTHON3_MINOR: "{{BOX_PYTHON3_MINOR}}"
|
||||
BASE_PORTAGE_PYTHON_MINOR: "{{BOX_PORTAGE_PYTHON_MINOR}}"
|
||||
BASE_IPV6_DISABLE: "{{BOX_IPV6_DISABLE}}"
|
||||
|
||||
# These should come from the wrapper script
|
||||
BASE_USR_LOCAL: "{{ USR_LOCAL }}"
|
||||
BASE_PYVENV_ARGS: "--system-site-packages"
|
||||
BASE_PYVENV2_ARGS: "{{BASE_PYVENV_ARGS}}"
|
||||
BASE_PYVENV3_ARGS: "{{BASE_PYVENV_ARGS}}"
|
||||
|
||||
# this is now ignored and built into pip2.sh/pip3.sh as pip:extra_args is post the install keyword
|
||||
BASE_PIP_GLOBAL_ARGS: "--disable-pip-version-check --cache-dir {{ PLAY_PIP_CACHE|default('/mnt/o/Cache/Pip') }} --cert '{{ PLAY_CA_CERT|default('/usr/local/etc/ssl/cacert-testforge.pem') }}'"
|
||||
# force pip packages to be explicitly installed or fail
|
||||
BASE_PIP_INSTALL_ARGS: "{{ BASE_PIP_GLOBAL_ARGS +' --no-deps --prefix='+USR_LOCAL }}"
|
||||
# and/or to prevent pip form downloading from the internet
|
||||
#? BASE_PIP_INSTALL_ARGS: "{{ PIP_INSTALL_ARGS|default('--proxy=localhost:9999') }}"
|
||||
BASE_USER_NAME: "{{ BOX_USER_NAME }}"
|
||||
BASE_USER_HOME: "{{ BOX_USER_HOME }}"
|
||||
BASE_ALSO_GROUP: "{{ BOX_ALSO_GROUP }}"
|
||||
# These should come from the inventory hosts.yml
|
||||
HOST_MOUNT_SYMLINKS: []
|
||||
HOST_MOUNT_SYMLINK_CONTENTS: {}
|
||||
HOST_CONTAINER_MOUNTS: []
|
||||
BASE_HOST_CONTAINER_MOUNTS: "{{BOX_HOST_CONTAINER_MOUNTS}}"
|
||||
HOSTNAME_HARDWARE: ''
|
||||
BASE_ALSO_USERS: "{{BOX_ALSO_USERS}}"
|
||||
LXD_TRUST_PASSWORD: ""
|
||||
|
||||
# per-user config dir but expanduser is broken so we leave off the ~/ prefix
|
||||
BASE_USER_CONFIG_DIR: ".config/testforge"
|
||||
|
||||
# unused - seems to be built for zip only not tar
|
||||
BASE_UNTAR_ARGS:
|
||||
#? - "-C"
|
||||
- "--owner=root"
|
||||
- "--group=root"
|
||||
- "--no-same-owner"
|
||||
- "--keep-newer-files"
|
||||
# - "--no-same-permissions"
|
||||
|
||||
BASE_PKG_IGNORE_ERRORS: true # "{{ ansible_virtualization_role|replace('NA', 'host') == 'guest' }}"
|
||||
BASE_IGNORE_LOCAL_ERRORS: BASE_ARE_CONNECTED|default('') == ''
|
||||
|
||||
# Look for you timezone in /usr/share/zoneinfo.
|
||||
# Example: Europe/Prague
|
||||
BASE_timezone: "{{BOX_timezone}}"
|
||||
|
||||
# Is your hardware clock set local (true), or UTC (false)? - true is advised by created problems DB
|
||||
hwclock_local: "{{BOX_hwclock_local}}"
|
||||
|
||||
# Do you want to set the hardware clock to the current system time (software
|
||||
# clock) during shutdown?
|
||||
hwclock_systohc: "{{BOX_hwclock_systohc}}"
|
||||
|
||||
# Do you want to set the system time to the current hardware clock
|
||||
# during bootup?
|
||||
hwclock_hctosys: "{{BOX_hwclock_hctosys}}"
|
||||
|
||||
# Should be copies of the /etc/skel files inside the /home/${USER} updated?
|
||||
# Only files that were not modified by a user will be updated.
|
||||
skel_update_homes: false
|
||||
|
||||
# List of locales to generate.
|
||||
env_locales:
|
||||
- "C.UTF-8 UTF-8"
|
||||
- "en_US.UTF-8 UTF-8"
|
||||
- "en_GB.UTF-8 UTF-8"
|
||||
- "en_CA.UTF-8 UTF-8"
|
||||
|
||||
# The default system LANG.
|
||||
env_locale_lang: en_US.UTF-8
|
||||
|
||||
# The default EDITOR.
|
||||
env_editor: "/usr/bin/mg"
|
||||
|
||||
BASE_BOOT_DIR: "/boot"
|
||||
#BASE_BOOT_DIR: "/mnt/l/syslinux"
|
||||
BASE_ROOT_LOG_DIR: "/root/var/tmp/{{date_slash}}"
|
||||
|
||||
BASE_SCRIPT_DIR: "{{USR_LOCAL}}/sbin"
|
||||
BASE_LOG_DIR: "{{USR_LOCAL}}/var/log"
|
||||
|
||||
# subkeys.pgp.net does NOT work
|
||||
BASE_GENTOO_KEYSERVER: "keys.gentoo.org"
|
||||
BASE_GPG_SERVER: "{{BOX_GPG_SERVER}}"
|
||||
# I tried these four, I believe that number 3 finally worked and allowed me to download the keys in question for accessing the tor update servers.
|
||||
# https://github.com/Stadicus/RaspiBolt/issues/343
|
||||
# hkps.pool.sks-keyservers.net
|
||||
# keys.gnupg.net
|
||||
# pgp.uni-mainz.de
|
||||
# pgp.mit.edu
|
||||
|
||||
BASE_FUNTOO_PROFILES_DIRS:
|
||||
- /var/local/git/meta-repo/kits/core-kit/profiles/base
|
||||
|
||||
BASE_FUNTOO_MIXINS_DIRS:
|
||||
- /var/local/git/meta-repo/kits/core-kit/profiles/funtoo/1.0/linux-gnu/mix-ins
|
||||
|
||||
BASE_FUNTOO_MIXINS:
|
||||
- X
|
||||
- xfce
|
||||
- no-systemd
|
||||
|
||||
# This now gets overwritten in firewall.conf from route|grep ^default
|
||||
# should get replaced by BASE_ARE_CONNECTED if it's not null
|
||||
BASE_DEFAULT_OUTPUT_IF: "{{BOX_DEFAULT_OUTPUT_IF|default('wlan7')}}"
|
||||
|
||||
BASE_FEATURES: "{{BOX_BASE_FEATURES}}"
|
||||
BASE_LIB: "{{BOX_USR_LIB}}"
|
||||
LIB: "{{BASE_LIB}}"
|
||||
|
||||
base_ipv4_nat_dev: "{{ ansible_default_ipv4.alias }}" # enp0s3
|
||||
#? ansible_default_ipv4.address
|
||||
base_ipv4_nat_ip: "{{ ansible_default_ipv4.address }}" # 10.0.2.15"
|
||||
base_ipv4_nat_gw_ip: "{{ ansible_default_ipv4.gateway }}" # "10.0.2.2"
|
||||
# "ansible_dns": {"nameservers": [ "10.0.2.2"
|
||||
base_ipv4_nat_dns_ip: "{{ ansible_dns[0].nameseervers[0] }}" #? "10.0.2.3"
|
||||
|
||||
BASE_PASSWORDS_DATABASE: ""
|
||||
BASE_PASSWORDS_PASSWORD: ""
|
||||
BASE_HOSTNAME_HARDWARE: "{{BOX_HOST_NAME}}"
|
||||
BASE_TIMEZONE: Etc/UTC
|
||||
|
||||
base_passwords_database: "{{box_passwords_database}}"
|
||||
|
10
files/find_skels_to_update.sh
Normal file
10
files/find_skels_to_update.sh
Normal file
@ -0,0 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
filename="$1"
|
||||
|
||||
for homedir in /home/*; do
|
||||
if cmp "/etc/skel/$filename" "$homedir/$filename" &>/dev/null; then
|
||||
owner_group=$(find $homedir -maxdepth 0 -printf '%u:%g')
|
||||
echo "$filename:$homedir:${owner_group%:*}:${owner_group#*:}"
|
||||
fi
|
||||
done
|
151
handlers/main.yml
Normal file
151
handlers/main.yml
Normal file
@ -0,0 +1,151 @@
|
||||
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
|
||||
|
||||
---
|
||||
|
||||
- name: update facts
|
||||
shell: |
|
||||
# {{USR_LOCAL}}/bin/testforge_local_bin.bash
|
||||
true
|
||||
|
||||
# old base
|
||||
- name: "update locales"
|
||||
command: |
|
||||
locale-gen --update
|
||||
|
||||
- name: "update env"
|
||||
command: |
|
||||
env-update
|
||||
|
||||
- name: "update eix"
|
||||
# now done monthly
|
||||
command: |
|
||||
echo eix-update
|
||||
|
||||
- name: "update peruser facts"
|
||||
# broken this is yaml
|
||||
# /usr/local/bin/testforge_local_bin.bash {{item|expanduser}}
|
||||
command: |
|
||||
true
|
||||
with_items:
|
||||
- "~{{BOX_USER_NAME}}/{{ BASE_USER_CONFIG_DIR }}/facts.d"
|
||||
|
||||
# the tar step just before this may have added certificates to
|
||||
# /usr/local/share and we may need to run this. Run it anyway
|
||||
- name: "update-ca-certificates"
|
||||
shell: |
|
||||
# morons: this return rc=0 even when there is an exception - with java7 -
|
||||
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
|
||||
update-ca-certificates -f -v > /tmp/U$$.log 2>&1
|
||||
retval=$?
|
||||
[ $retval -eq 0 ] && exit 0
|
||||
if grep Exception: /tmp/U$$.log ; then
|
||||
retval=1
|
||||
cat /tmp/$$.log
|
||||
else
|
||||
retval=0
|
||||
fi
|
||||
exit $retval
|
||||
|
||||
# FixMe: was unused
|
||||
- name: "chmod /usr/local"
|
||||
shell: |
|
||||
# there are some exceptions in usr/local
|
||||
# chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" {{USR_LOCAL}}
|
||||
chmod -R g+rw,o-w {{USR_LOCAL}}
|
||||
# was TESTF_
|
||||
# this should not be needed but it still is because we execute src/var_local_*sh
|
||||
# as BOX_USER so they need to be writable - *before* the src/ files are run.
|
||||
chmod a+x {{VAR_LOCAL}}/*bin/*sh {{VAR_LOCAL}}/src/*sh
|
||||
chmod g+rw {{USR_LOCAL}}/*bin/*sh {{USR_LOCAL}}/src/*sh
|
||||
|
||||
# was unused - not
|
||||
- name: chmod /usr/local
|
||||
shell: |
|
||||
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
|
||||
#? chmod -R g+rw,o-w {{USR_LOCAL}}
|
||||
# FixMe: it breaks lynis - fix it here
|
||||
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
|
||||
{{USR_LOCAL}}/src \
|
||||
{{USR_LOCAL}}/share \
|
||||
{{USR_LOCAL}}/bin \
|
||||
{{USR_LOCAL}}/{{BASE_LIB}} \
|
||||
{{USR_LOCAL}}/net
|
||||
exit 0
|
||||
|
||||
# was in testforge - to fix problems caused by taring
|
||||
- name: chmod /var/local
|
||||
shell: |
|
||||
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
|
||||
#? chmod -R g+rw,o-w {{VAR_LOCAL}}
|
||||
# FixMe: it breaks lynis - fix it here
|
||||
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
|
||||
{{VAR_LOCAL}}/src \
|
||||
{{VAR_LOCAL}}/share \
|
||||
{{VAR_LOCAL}}/bin \
|
||||
{{VAR_LOCAL}}/{{BASE_LIB}} \
|
||||
{{VAR_LOCAL}}/net
|
||||
exit 0
|
||||
|
||||
# FixMe: somethings strange in /var/local/etc
|
||||
# drwxr-xr-x 2 1056888 1049089 4096 Nov 30 13:38 w3af
|
||||
|
||||
# FixMe: was PENT_
|
||||
# FixMe: unused
|
||||
- name: "strange ownership - coming from tar?"
|
||||
shell: |
|
||||
chown -R {{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}} {{VAR_LOCAL}}/src {{VAR_LOCAL}}/bin {{VAR_LOCAL}}/net
|
||||
|
||||
|
||||
- name: summary of logs
|
||||
debug:
|
||||
# lookup('vars', item ) returns a list of strings?; map yields generators
|
||||
# |map(attribute='stdout')|list|join('\n') -> 'str object' has no attribute 'stdout'
|
||||
msg: "{{ lookup('vars', item ) }}"
|
||||
when:
|
||||
- lookup('vars', item, default=[])|length > 0
|
||||
# base proxy
|
||||
with_items:
|
||||
# proxy
|
||||
- proxy_log_hourly
|
||||
# testforge
|
||||
- testforge_log_hourly
|
||||
- testforge_log_daily
|
||||
- testforge_log_weekly
|
||||
- testforge_log_monthly
|
||||
- testforge_log_test
|
||||
# pydev
|
||||
- pydev_log_test
|
||||
# text
|
||||
- text_log_test
|
||||
- text_log_hourly
|
||||
# testing
|
||||
- testing_log_test
|
||||
# harden
|
||||
- harden_log_hourly
|
||||
- harden_log_daily
|
||||
- harden_log_weekly
|
||||
- harden_log_monthly
|
||||
- harden_log_test
|
||||
# logging
|
||||
- logging_log_daily
|
||||
- logging_log_test
|
||||
# hostvms
|
||||
- hostvms_log_bin
|
||||
- hostvms_log_test
|
||||
# pentest
|
||||
- pentest_log_weekly
|
||||
- pentest_log_test
|
||||
# privacy
|
||||
- privacy_log_hourly
|
||||
- privacy_log_daily
|
||||
- privacy_log_weekly
|
||||
- privacy_log_monthly
|
||||
- privacy_log_test
|
||||
# gpgkey
|
||||
- gpgkey_log_weekly
|
||||
# trading
|
||||
- trading_log_test
|
||||
# update
|
||||
- update_log_daily
|
||||
- update_log_test
|
||||
|
13
meta/main.yml
Normal file
13
meta/main.yml
Normal file
@ -0,0 +1,13 @@
|
||||
---
|
||||
galaxy_info:
|
||||
author: Jakub Jirutka
|
||||
company: CTU in Prague
|
||||
description: Base system setup
|
||||
license: MIT
|
||||
min_ansible_version: 2.3 # maybe - curently tested under 2.7
|
||||
platforms:
|
||||
- name: "Gentoo"
|
||||
categories:
|
||||
- system
|
||||
|
||||
dependencies: []
|
15
overlay/Debian/usr/local/bin/de_bootstrap_gateway.bash
Executable file
15
overlay/Debian/usr/local/bin/de_bootstrap_gateway.bash
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
|
||||
ROLE=base
|
||||
|
||||
local_guest_fstab_mnt
|
||||
|
||||
. /usr/local/etc/local.d/local.bash || exit 1
|
||||
|
||||
local_guest || exit 3$?
|
||||
|
||||
#? local_guest_add_xorg_conf
|
||||
|
26
overlay/Debian/usr/local/sbin/debian_cache_to_archives.bash
Executable file
26
overlay/Debian/usr/local/sbin/debian_cache_to_archives.bash
Executable file
@ -0,0 +1,26 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter
|
||||
|
||||
ROLE=base
|
||||
|
||||
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
|
||||
[ -d "$CACHE" ] || exit 1$?
|
||||
|
||||
[ -d /etc/apt ] || exit 0
|
||||
|
||||
cd $CACHE || exit 2
|
||||
|
||||
[ -d var/cache/apt/archives ] || mkdir -p var/cache/apt/archives
|
||||
|
||||
find *.deb -type f -name \*.deb | while read file; do
|
||||
base=$( basename $file )
|
||||
[ ! -d /var/cache/apt/archives/ ] || \
|
||||
[ -e /var/cache/apt/archives/$base ] || ln -s $PWD/$file /var/cache/apt/archives/$base
|
||||
[ -f var/cache/apt/archives/$base -a ! -h var/cache/apt/archives/$base ] && rm var/cache/apt/archives/$base
|
||||
[ -e var/cache/apt/archives/$base ] || ln -s $PWD/$file var/cache/apt/archives/$base
|
||||
done
|
||||
|
||||
|
||||
exit 0
|
||||
|
31
overlay/Debian/usr/local/sbin/debian_uris_to_urls.bash
Executable file
31
overlay/Debian/usr/local/sbin/debian_uris_to_urls.bash
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter or .uris
|
||||
|
||||
ROLE=base
|
||||
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
|
||||
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
|
||||
|
||||
# debian --print-uris
|
||||
if [ $? -eq 0 ] ; then
|
||||
# filter
|
||||
grep 'https*://' | \
|
||||
sed -e 's@ftp://[^ ]*@@g' -e 's@.*https*://@https://@g' -e "s@'.*@@g" | \
|
||||
while read line ; do
|
||||
for url in $line ; do
|
||||
base=`basename "$url"`
|
||||
pre=`sed -e "s@https*://@${CACHE}@" <<< $url`
|
||||
[ -e $pre ] && break
|
||||
echo $line
|
||||
break
|
||||
done
|
||||
done
|
||||
fi
|
||||
for elt in "$@" ; do
|
||||
base=$( basename $elt .elts )
|
||||
[ -s $base.urls ] && continue
|
||||
sh $0 < $elt > $base.urls
|
||||
[ -s $base.urls ] || rm $base.urls
|
||||
done
|
||||
|
||||
exit 0
|
31
overlay/Debian/usr/local/sbin/parrot_uris_to_urls.bash
Executable file
31
overlay/Debian/usr/local/sbin/parrot_uris_to_urls.bash
Executable file
@ -0,0 +1,31 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter or .uris
|
||||
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Parrot/Rolling
|
||||
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
|
||||
|
||||
# debian --print-uris
|
||||
if [ $? -eq 0 ] ; then
|
||||
# filter
|
||||
grep 'https*://' | \
|
||||
sed -e 's@ftp://[^ ]*@@g' \
|
||||
-e 's@.*https*://@http://@g' -e "s@'.*@@g" \
|
||||
-e 's@mirror.parrot.sh/mirrors/parrot@mirrors.aliyun.com/parrot@' | \
|
||||
while read line ; do
|
||||
for url in $line ; do
|
||||
base=`basename "$url"`
|
||||
pre=`sed -e "s@https*://@${CACHE}@" <<< $url`
|
||||
[ -e $pre ] && break
|
||||
echo $line
|
||||
break
|
||||
done
|
||||
done
|
||||
fi
|
||||
for elt in "$@" ; do
|
||||
base=$( basename $elt .elts )
|
||||
[ -s $base.urls ] && continue
|
||||
sh $0 < $elt > $base.urls
|
||||
[ -s $base.urls ] || rm $base.urls
|
||||
done
|
||||
|
||||
exit 0
|
11
overlay/Devuan/usr/bin/dev_bootstrap.bash
Normal file
11
overlay/Devuan/usr/bin/dev_bootstrap.bash
Normal file
@ -0,0 +1,11 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
|
||||
ROLE=base
|
||||
|
||||
. /usr/local/etc/local.d/local.bash || exit 1
|
||||
|
||||
|
||||
/usr/local/etc/local.d/Whonix-Gateway.rc || exit 2$?
|
13
overlay/Devuan/usr/bin/dev_bootstrap_gateway.bash
Normal file
13
overlay/Devuan/usr/bin/dev_bootstrap_gateway.bash
Normal file
@ -0,0 +1,13 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
|
||||
ROLE=base
|
||||
|
||||
. /usr/local/etc/local.d/local.bash || exit 1
|
||||
|
||||
local_guest || exit 3$?
|
||||
|
||||
#? local_guest_add_xorg_conf
|
||||
|
15
overlay/Devuan/usr/local/bin/de_bootstrap_gateway.bash
Executable file
15
overlay/Devuan/usr/local/bin/de_bootstrap_gateway.bash
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
|
||||
ROLE=base
|
||||
|
||||
local_guest_fstab_mnt
|
||||
|
||||
. /usr/local/etc/local.d/local.bash || exit 1
|
||||
|
||||
local_guest || exit 3$?
|
||||
|
||||
#? local_guest_add_xorg_conf
|
||||
|
26
overlay/Devuan/usr/local/bin/devuan_curl_urls.sh
Normal file
26
overlay/Devuan/usr/local/bin/devuan_curl_urls.sh
Normal file
@ -0,0 +1,26 @@
|
||||
#!/bin/sh
|
||||
# filter - arguments are to wget - quoted?
|
||||
|
||||
ROOTDIR=/mnt/i
|
||||
ROLE=base
|
||||
|
||||
LARGS="-X -P /o/Cache/Apt/Devuan/4"
|
||||
RARGS="--retry 1"
|
||||
|
||||
grep ^http | \
|
||||
sed -e 's@http://@https://@g' \
|
||||
| \
|
||||
sed -e 's@ftp://[^ ]*@@' \
|
||||
-e 's@^https://distfiles.gentoo.org/distfiles/[^ ]* https://pypi.python.org/@https://pypi.python.org/@' \
|
||||
-e 's@https*://distfiles.gentoo.org@https://gentoo.osuosl.org@g' \
|
||||
-e 's@https*://gentoo.osuosl.org@https://mirror.leaseweb.com/gentoo@g' \
|
||||
-e 's@https*://download.sourceforge.net@https://download.sourceforge.net@g' | \
|
||||
while read urls ; do
|
||||
url=`echo $urls|sed -e 's@ .*@@'`
|
||||
base=`basename "$url"`
|
||||
[ -e /usr/portage/distfiles/$base ] && echo distfiles/$base && continue
|
||||
for url in $urls ; do
|
||||
/usr/local/bin/scurl.bash $LARGS -- $RARGS $url || continue
|
||||
break
|
||||
done
|
||||
done
|
42
overlay/Devuan/usr/local/bin/devuan_uris_to_urls.bash
Executable file
42
overlay/Devuan/usr/local/bin/devuan_uris_to_urls.bash
Executable file
@ -0,0 +1,42 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
|
||||
[ $# -eq 0 ] && USAGE $0 url-files...
|
||||
|
||||
cnt=beowulf-e22532c6f83a
|
||||
|
||||
cd /mnt/o/Cache/Apt || exit 3
|
||||
|
||||
cat "$@" | debian_uris_to_urls.bash \
|
||||
| grep deb$ \
|
||||
| while read url ; do
|
||||
root=`echo $url | sed -e 's@.*DEBIAN@@'`
|
||||
dir=`dirname $root`
|
||||
[ -f Debian/10.6/deb.debian.org/debian/pool/$root ] || {
|
||||
new=`echo $url | sed -e 's@deb.devuan.org/@mirrors.dotsrc.org/devuan/@'`
|
||||
newf=`echo $new | sed -e 's@^http*:/@Devuan/3@'`
|
||||
[ -f $newf ] || echo $new
|
||||
continue
|
||||
}
|
||||
[ -h Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir ] && \
|
||||
rm Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir
|
||||
[ -d Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir ] || \
|
||||
mkdir -p Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir
|
||||
[ -f Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root ] && \
|
||||
rm Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root
|
||||
[ -h Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root ] && continue
|
||||
ln -s $PWD/Debian/10.6/deb.debian.org/debian/pool/$root \
|
||||
Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root
|
||||
done
|
||||
|
||||
TODIR=/var/lib/lxd/storage-pools/default/containers/$cnt/rootfs
|
||||
TODIR=$TODIR/var/cache/apt/archives/
|
||||
find Devuan/ -name \*.deb -type l|while read file ; do \
|
||||
base=`basename $file`
|
||||
[ -e $TODIR/$base ] && continue
|
||||
ln -s $PWD/$file $TODIR
|
||||
done
|
11
overlay/Devuan/usr/local/sbin/de_unmarkauto.bash
Executable file
11
overlay/Devuan/usr/local/sbin/de_unmarkauto.bash
Executable file
@ -0,0 +1,11 @@
|
||||
#!/bin/sh
|
||||
|
||||
ROLE=base
|
||||
|
||||
[ $# -eq 0 ] && exit 1
|
||||
|
||||
apt-get remove $* </dev/null | \
|
||||
sed -e '1,/The following packages will be REMOVED:/d' \
|
||||
-e '/^WARNING:/,' -e 's/ /\n/g' | while read foo; do\
|
||||
aptitude unmarkauto $foo ;
|
||||
done
|
25
overlay/Devuan/usr/local/sbin/devuan_cache_to_archives.bash
Executable file
25
overlay/Devuan/usr/local/sbin/devuan_cache_to_archives.bash
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter
|
||||
|
||||
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Devuan/4
|
||||
[ -d "$CACHE" ] || exit 1$?
|
||||
|
||||
[ -d /etc/apt ] || exit 0
|
||||
|
||||
cd $CACHE || exit 2
|
||||
|
||||
[ -d var/cache/apt/archives ] || mkdir -p var/cache/apt/archives
|
||||
|
||||
find *.* -type f -name \*.deb | while read file; do
|
||||
base=$( basename $file )
|
||||
[ ! -d /var/cache/apt/archives/ ] || \
|
||||
[ -e /var/cache/apt/archives/$base ] || ln -s $PWD/$file /var/cache/apt/archives/$base
|
||||
[ -f var/cache/apt/archives/$base -a ! -h var/cache/apt/archives/$base ] && rm var/cache/apt/archives/$base
|
||||
[ -e var/cache/apt/archives/$base ] || ln -s $PWD/$file var/cache/apt/archives/$base
|
||||
done
|
||||
|
||||
cd /var/cache/apt/archives||exit 4
|
||||
|
||||
exit 0
|
||||
|
29
overlay/Devuan/usr/local/sbin/devuan_uris_to_urls.bash
Executable file
29
overlay/Devuan/usr/local/sbin/devuan_uris_to_urls.bash
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter or .uris
|
||||
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Devuan/4
|
||||
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
|
||||
|
||||
# debian --print-uris
|
||||
if [ $? -eq 0 ] ; then
|
||||
# filter
|
||||
grep 'https*://' | \
|
||||
sed -e 's@ftp://[^ ]*@@g' -e 's@.*https*://@https://@g' -e "s@'.*@@g" | \
|
||||
while read line ; do
|
||||
for url in $line ; do
|
||||
base=`basename "$url"`
|
||||
pre=`echo $url|sed -e "s@https*://@${CACHE}@"`
|
||||
[ -e $pre ] && break
|
||||
echo $line
|
||||
break
|
||||
done
|
||||
done
|
||||
fi
|
||||
for elt in "$@" ; do
|
||||
base=$( basename $elt .elts )
|
||||
[ -s $base.urls ] && continue
|
||||
sh $0 < $elt > $base.urls
|
||||
[ -s $base.urls ] || rm $base.urls
|
||||
done
|
||||
|
||||
exit 0
|
58
overlay/Gentoo/usr/local/bin/base_gnupg_test.bash
Executable file
58
overlay/Gentoo/usr/local/bin/base_gnupg_test.bash
Executable file
@ -0,0 +1,58 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 1
|
||||
|
||||
# The idea here is to run ansible_local.bash --tags daily
|
||||
# and then use this to do the parsing and throwing errors based on the output.
|
||||
# This was the ansible run can be free from erroring and this can be
|
||||
# run repeatedly anytime outside of ansible to deal with the issues raised.
|
||||
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
|
||||
|
||||
. /usr/local/etc/local.d/local.bash
|
||||
|
||||
MYID=$( id -u )
|
||||
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
|
||||
LOG_DIR=/usr/local/tmp
|
||||
|
||||
[ -d /etc/portage/gnupg ] || exit 0
|
||||
|
||||
KEY_ID=96D8BF6D
|
||||
KEY_SER=subkeys.pgp.net
|
||||
GPG="gpg --home /etc/portage/gnupg"
|
||||
|
||||
# * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
|
||||
# * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
|
||||
|
||||
if route | grep ^def ; then
|
||||
[ -f /usr/local/bin/base_daily.gpg ] || \
|
||||
/usr/local/bin/scurl.bash --output /usr/local/bin/base_daily.gpg \
|
||||
https://qa-reports.gentoo.org/output/service-keys.gpg || \
|
||||
exit 2$?
|
||||
fi
|
||||
|
||||
if [ -f /usr/local/bin/base_daily.gpg ] ; then
|
||||
: trusted
|
||||
# expired keys pass this
|
||||
if $GPG --list-keys --with-colons |grep $KEY_ID |grep :f: ; then
|
||||
: full trust?
|
||||
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep unknown ; then
|
||||
expect /usr/local/bin/base_daily.exp || exit 4$?
|
||||
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep trust ; then
|
||||
: this format does not exist
|
||||
else
|
||||
PANIC 3 $GPG --list-keys $KEY_ID not trusted
|
||||
fi
|
||||
else
|
||||
gpg --homedir /etc/portage/gnupg --keyserver $KEY_SER --recv-keys 0x$KEY_ID
|
||||
expect /usr/local/bin/base_daily.exp || exit 5$?
|
||||
# was gpg --homedir /etc/portage/gnupg --edit-key 0x$KEY_ID trust || exit 6
|
||||
fi
|
||||
|
||||
ls -ld /etc/portage/gnupg | grep -q drwx------ || chmod 700 /etc/portage/gnupg
|
336
overlay/Gentoo/usr/local/etc/python-exec/python-exec.lis
Normal file
336
overlay/Gentoo/usr/local/etc/python-exec/python-exec.lis
Normal file
@ -0,0 +1,336 @@
|
||||
#/usr/bin
|
||||
2to3
|
||||
UTscapy
|
||||
activate-global-python-argcomplete
|
||||
airdrop-ng
|
||||
airgraph-ng
|
||||
airodump-join
|
||||
alembic
|
||||
apirst2html.py
|
||||
automat-visualize
|
||||
autopep8
|
||||
bandit
|
||||
bandit-baseline
|
||||
bandit-config-generator
|
||||
behave
|
||||
binwalk
|
||||
bleachbit
|
||||
bokeh
|
||||
buildhtml.py
|
||||
buildout
|
||||
bumpversion
|
||||
bzr
|
||||
calc-prorate
|
||||
catalyst
|
||||
cftp
|
||||
change_tz
|
||||
chardetect
|
||||
cherryd
|
||||
ckeygen
|
||||
conch
|
||||
coverage
|
||||
coverage-2.7
|
||||
coverage-3.6
|
||||
coverage2
|
||||
coverage3
|
||||
cpuinfo
|
||||
csscapture
|
||||
csscombine
|
||||
cssparse
|
||||
csv2rdf
|
||||
cxfreeze
|
||||
cxfreeze-quickstart
|
||||
cygdb
|
||||
cython
|
||||
cythonize
|
||||
depend-java-query
|
||||
distro
|
||||
docker-compose
|
||||
doesitcache
|
||||
dropbox-cli
|
||||
easy_install
|
||||
echo_supervisord_conf
|
||||
eclean
|
||||
eclean-dist
|
||||
eclean-pkg
|
||||
edfviewer
|
||||
ekeyword
|
||||
elementsinfo
|
||||
enalyze
|
||||
epkginfo
|
||||
epsg_tr.py
|
||||
epydoc
|
||||
epylint
|
||||
equery
|
||||
eshowkw
|
||||
esri2wkt.py
|
||||
f2py
|
||||
fab
|
||||
fast-import-filter
|
||||
fast-import-info
|
||||
fast-import-query
|
||||
fbless
|
||||
flake8
|
||||
flask
|
||||
futurize
|
||||
gcps2vec.py
|
||||
gcps2wld.py
|
||||
gdal2tiles.py
|
||||
gdal2xyz.py
|
||||
gdal_auth.py
|
||||
gdal_calc.py
|
||||
gdal_edit.py
|
||||
gdal_fillnodata.py
|
||||
gdal_merge.py
|
||||
gdal_pansharpen.py
|
||||
gdal_polygonize.py
|
||||
gdal_proximity.py
|
||||
gdal_retile.py
|
||||
gdal_sieve.py
|
||||
gdalchksum.py
|
||||
gdalcompare.py
|
||||
gdalident.py
|
||||
gdalimport.py
|
||||
gdalmove.py
|
||||
gemato
|
||||
gertty
|
||||
gflags2man.py
|
||||
gjl
|
||||
glances
|
||||
gsettings-schema-convert
|
||||
helpviewer-2.8
|
||||
helpviewer-3.0
|
||||
http
|
||||
ics_diff
|
||||
idle
|
||||
img2png-2.8
|
||||
img2png-3.0
|
||||
img2py-2.8
|
||||
img2py-3.0
|
||||
img2xpm-2.8
|
||||
img2xpm-3.0
|
||||
imlate
|
||||
invoke
|
||||
iotop
|
||||
iptest
|
||||
iptest2
|
||||
iptest3
|
||||
ipython
|
||||
ipython2
|
||||
ipython3
|
||||
isort
|
||||
isympy
|
||||
java-config-2
|
||||
jsonpointer
|
||||
jsonschema
|
||||
jupyter
|
||||
jupyter-bundlerextension
|
||||
jupyter-kernel
|
||||
jupyter-kernelspec
|
||||
jupyter-migrate
|
||||
jupyter-nbconvert
|
||||
jupyter-nbextension
|
||||
jupyter-notebook
|
||||
jupyter-qtconsole
|
||||
jupyter-run
|
||||
jupyter-serverextension
|
||||
jupyter-trust
|
||||
kernprof
|
||||
keyczart
|
||||
kivy-garden
|
||||
layman
|
||||
layman-mounter
|
||||
layman-overlay-maker
|
||||
layman-updater
|
||||
livereload
|
||||
m2r
|
||||
mailmail
|
||||
mako-render
|
||||
margins
|
||||
markdown2
|
||||
markdown_py
|
||||
mca2edf
|
||||
meson
|
||||
mibcopy.py
|
||||
mibdump.py
|
||||
miniterm.py
|
||||
mkbootimg
|
||||
mkdocs
|
||||
mkgraticule.py
|
||||
ndg_httpclient
|
||||
nosetests
|
||||
nyx
|
||||
odo
|
||||
ogrmerge.py
|
||||
paster
|
||||
pasteurize
|
||||
paver
|
||||
pbr
|
||||
pct2rgb.py
|
||||
pdfshuffler
|
||||
pdoc
|
||||
peakidentifier
|
||||
pep8
|
||||
pidproxy
|
||||
pt2to3
|
||||
ptdump
|
||||
ptrepack
|
||||
pttree
|
||||
pudb
|
||||
pudb3
|
||||
pwiz.py
|
||||
pxml
|
||||
py.test
|
||||
pyalacarte-2.8
|
||||
pyalacarte-3.0
|
||||
pyalamode-2.8
|
||||
pyalamode-3.0
|
||||
pybabel
|
||||
pybitmessage
|
||||
pybot
|
||||
pycallgraph
|
||||
pycodestyle
|
||||
pycrust-2.8
|
||||
pycrust-3.0
|
||||
pydoc
|
||||
pyflakes
|
||||
pygmentize
|
||||
pygobject-codegen-2.0
|
||||
pyhtmlizer
|
||||
pyjwt
|
||||
pylint
|
||||
pylupdate5
|
||||
pymca
|
||||
pymcabatch
|
||||
pymcapostbatch
|
||||
pymcaroitool
|
||||
pyrcc5
|
||||
pyreverse
|
||||
pyro4-check-config
|
||||
pyro4-flameserver
|
||||
pyro4-httpgateway
|
||||
pyro4-ns
|
||||
pyro4-nsc
|
||||
pyro4-test-echoserver
|
||||
pyroma
|
||||
pyrsa-decrypt
|
||||
pyrsa-decrypt-bigfile
|
||||
pyrsa-encrypt
|
||||
pyrsa-encrypt-bigfile
|
||||
pyrsa-keygen
|
||||
pyrsa-priv2pub
|
||||
pyrsa-sign
|
||||
pyrsa-verify
|
||||
pyshell-2.8
|
||||
pyshell-3.0
|
||||
pytest
|
||||
python-argcomplete-check-easy-install-script
|
||||
python-config
|
||||
python2-config
|
||||
python3-config
|
||||
pyuic5
|
||||
pyvenv
|
||||
pywrap-2.8
|
||||
pywrap-3.0
|
||||
pywxrc-2.8
|
||||
pywxrc-3.0
|
||||
qemu-ga-client
|
||||
qmp-shell
|
||||
qr
|
||||
quicktest.py
|
||||
qutebrowser
|
||||
raven
|
||||
rdf2dot
|
||||
rdfgraphisomorphism
|
||||
rdfpipe
|
||||
rdfs2dot
|
||||
readelf.py
|
||||
rebot
|
||||
register-python-argcomplete
|
||||
repo
|
||||
repoman
|
||||
revdep-rebuild
|
||||
rgb2pct.py
|
||||
rgbcorrelator
|
||||
robot
|
||||
rpyc_classic.py
|
||||
rpyc_registry.py
|
||||
rst2html.py
|
||||
rst2html4.py
|
||||
rst2html5.py
|
||||
rst2latex.py
|
||||
rst2man.py
|
||||
rst2odt.py
|
||||
rst2odt_prepstyles.py
|
||||
rst2pdf
|
||||
rst2pseudoxml.py
|
||||
rst2s5.py
|
||||
rst2xetex.py
|
||||
rst2xml.py
|
||||
rstpep2html.py
|
||||
runxlrd.py
|
||||
safety
|
||||
scapy
|
||||
scons
|
||||
scons-configure-cache
|
||||
scons-time
|
||||
sconsign
|
||||
scour
|
||||
sphinx-apidoc
|
||||
sphinx-autogen
|
||||
sphinx-build
|
||||
sphinx-quickstart
|
||||
spyder3
|
||||
supervisorctl
|
||||
supervisord
|
||||
svg2rlg
|
||||
symilar
|
||||
tabulate
|
||||
tkconch
|
||||
tls.py
|
||||
tlsdb.py
|
||||
tor-prompt
|
||||
tox
|
||||
tox-quickstart
|
||||
trial
|
||||
twist
|
||||
twistd
|
||||
twisted-regen-cache
|
||||
umpv
|
||||
uniconvertor
|
||||
unit2
|
||||
vba_extract.py
|
||||
versioneer
|
||||
veusz
|
||||
virtualenv
|
||||
vmxcap
|
||||
vol.py
|
||||
waitress-serve
|
||||
watchmedo
|
||||
wheel
|
||||
wsdump.py
|
||||
xml2po
|
||||
xpra
|
||||
xpra_browser
|
||||
xpra_launcher
|
||||
xpra_signal_listener
|
||||
xrced-2.8
|
||||
xrced-3.0
|
||||
yamllint
|
||||
yolk
|
||||
yq
|
||||
zope-testrunner
|
||||
# /usr/sbin
|
||||
archive-conf
|
||||
dispatch-conf
|
||||
env-update
|
||||
fixpackages
|
||||
regenworld
|
||||
smbios-keyboard-ctl
|
||||
smbios-lcd-brightness
|
||||
smbios-passwd
|
||||
smbios-sys-info
|
||||
smbios-thermal-ctl
|
||||
smbios-token-ctl
|
||||
smbios-wakeup-ctl
|
||||
smbios-wireless-ctl
|
19
overlay/Gentoo/usr/local/etc/python-exec/python3-base.lis
Normal file
19
overlay/Gentoo/usr/local/etc/python-exec/python3-base.lis
Normal file
@ -0,0 +1,19 @@
|
||||
ebuild
|
||||
egencache
|
||||
emerge
|
||||
emirrordist
|
||||
glsa-check
|
||||
portageq
|
||||
quickpkg
|
||||
emaint
|
||||
ansible
|
||||
ansible-config
|
||||
ansible-connection
|
||||
ansible-console
|
||||
ansible-doc
|
||||
ansible-galaxy
|
||||
ansible-inventory
|
||||
ansible-playbook
|
||||
ansible-playbook.bash
|
||||
ansible-pull
|
||||
ansible-vault
|
30
overlay/Gentoo/usr/local/sbin/base_diff_from_dst.bash
Executable file
30
overlay/Gentoo/usr/local/sbin/base_diff_from_dst.bash
Executable file
@ -0,0 +1,30 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
. /usr/local/bin/usr_local_base.bash || exit 1
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
|
||||
TODIR=/o/data/TestForge/src/ansible
|
||||
BASE_DIR=`basename $PWD`
|
||||
|
||||
[ $# -ge 1 ] && ROLE=$1 || ROLE=
|
||||
if [ -z "$ROLE" ] ; then
|
||||
base=`basename $PWD`
|
||||
parent=`dirname $PWD`
|
||||
file=$parent/$base.bash
|
||||
if [ -f "$file" ] ; then
|
||||
ROLE=`grep '^ *ROLE=' $file | sed -e 's/=.*//'`
|
||||
fi
|
||||
fi
|
||||
shift
|
||||
|
||||
if [ $PWD = $PREFIX/src ] ; then
|
||||
ERROR $prog diffing in $PWD with "$@"
|
||||
exit 4
|
||||
fi
|
||||
INFO $prog diffing in $PWD with "$@"
|
||||
|
||||
PREFIX=$PREFIX ROLE="$ROLE" \
|
||||
/var/local/src/var_local_src.bash ols_testforge_diffs
|
||||
|
||||
exit 0
|
51
overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash
Executable file
51
overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash
Executable file
@ -0,0 +1,51 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
LOG_DIR=/usr/local/var/logs/portage
|
||||
[ -d $LOG_DIR ] || mkdir -p $LOG_DIR
|
||||
|
||||
declare -a ARGS
|
||||
if [ "$#" -eq 1 ] ; then
|
||||
ARGS=( "$1" )
|
||||
LOG=$( basename $1 ).log
|
||||
elif [ "$#" -eq 0 ] ; then
|
||||
ARGS="@world"
|
||||
LOG=world.log
|
||||
elif false && [ -f world.lib ] ; then # ?
|
||||
ARGS="$( grep -v '^#' world.lib )"
|
||||
LOG=world.log
|
||||
else
|
||||
ARGS=("$@")
|
||||
LOG=world.log
|
||||
fi
|
||||
|
||||
if mount | grep -q ' on /mnt/tmp' ; then
|
||||
export TMPDIR=/mnt/tmp
|
||||
# else
|
||||
# echo "WARN: /mnt/tmp not mounted"
|
||||
fi
|
||||
|
||||
# --changed-deps --deep --update
|
||||
LARGS="-vb --changed-use --with-bdeps=y --changed-deps-report"
|
||||
LARGS="$LARGS --backtrack=30 --ignore-built-slot-operator-deps=y --keep-going"
|
||||
|
||||
# Skips the packages specified on the command-line that have already been installed.
|
||||
LARGS="$LARGS --noreplace"
|
||||
|
||||
# LARGS="$LARGS --exclude "
|
||||
LOG=$LOG_DIR/$LOG
|
||||
export PYTHONPATH=
|
||||
echo INFO: $LARGS $ARGS >> $LOG 2>&1
|
||||
nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1
|
||||
[ $? -ne 0 ] && exit $?
|
||||
if grep ImportError $LOG ; then
|
||||
echo ERROR: ImportError $ARGS && exit 10
|
||||
elif grep ParseError $LOG ; then
|
||||
echo ERROR: ParseError $ARGS && exit 11
|
||||
elif grep 'Your current profile is invalid' $LOG ; then
|
||||
echo ERROR: Your current profile is invalid $ARGS && exit 12
|
||||
fi
|
||||
|
||||
exit 0
|
168
overlay/Gentoo/usr/local/sbin/gentoo_base_verify-sig.bash
Executable file
168
overlay/Gentoo/usr/local/sbin/gentoo_base_verify-sig.bash
Executable file
@ -0,0 +1,168 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
PYVER=3
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
[ -d /etc/portage ] || exit 0
|
||||
|
||||
usage () { echo "USAGE: $prog [command args] -" $* ; exit 1 ; }
|
||||
error () { retval=$1 ; shift; ERROR "$prog" $* ; exit $retval ; }
|
||||
warn () { : ; }
|
||||
info () { : ; }
|
||||
debug () { : ; }
|
||||
|
||||
# must be run as root
|
||||
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
|
||||
|
||||
[ -f /etc/portage/package.use/2021-00_verify-sig.txt ] || \
|
||||
touch /etc/portage/package.use/2021-00_verify-sig.txt || exit 2
|
||||
|
||||
equery h -F '$cp:$slot' verify-sig | \
|
||||
sed -e 's/:0.*//' | while read b ; do \
|
||||
grep -q "^$b " /etc/portage/package.use/2021-00_verify-sig.txt && continue
|
||||
eix -r "^$b$" | grep -q Installed && \
|
||||
echo '#' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt || \
|
||||
echo '##' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt
|
||||
done
|
||||
|
||||
[ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff ] || \
|
||||
cat > /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff << EOF
|
||||
*** eclass_cache.py.dst 2021-06-13 21:26:05.000000000 +0000
|
||||
--- eclass_cache.py 2021-06-24 10:45:12.422857990 +0000
|
||||
***************
|
||||
*** 166,175 ****
|
||||
--- 166,176 ----
|
||||
return d
|
||||
|
||||
def get_eclass_data(self, inherits):
|
||||
ec_dict = {}
|
||||
for x in inherits:
|
||||
+ if x not in self.eclasses: continue
|
||||
ec_dict[x] = self.eclasses[x]
|
||||
|
||||
return ec_dict
|
||||
|
||||
@property
|
||||
EOF
|
||||
[ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.dst ] || \
|
||||
patch -b -z .dst /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py \
|
||||
< /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff
|
||||
|
||||
[ -f /usr/portage/eclass/verify-sig.eclass.diff ] || \
|
||||
cat > /usr/portage/eclass/verify-sig.eclass.diff << EOF
|
||||
*** /usr/portage/eclass/verify-sig.eclass.dst 2021-07-29 06:09:55.000000000 +0000
|
||||
--- /usr/portage/eclass/verify-sig.eclass 2021-08-18 19:13:29.502980940 +0000
|
||||
***************
|
||||
*** 86,95 ****
|
||||
--- 86,99 ----
|
||||
[[ -n ${key} ]] ||
|
||||
die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
|
||||
|
||||
local extra_args=()
|
||||
[[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
|
||||
+ # gemato -R, --no-refresh-keys
|
||||
+ # Disable refreshing OpenPGP key (prevents network
|
||||
+ # access, applicable when using -K only)
|
||||
+ [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy )
|
||||
[[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
|
||||
--keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
|
||||
)
|
||||
|
||||
# GPG upstream knows better than to follow the spec, so we can't
|
||||
***************
|
||||
*** 98,110 ****
|
||||
addpredict /run/user
|
||||
|
||||
local filename=${file##*/}
|
||||
[[ ${file} == - ]] && filename='(stdin)'
|
||||
einfo "Verifying ${filename} ..."
|
||||
! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify "${sig}" "${file}" ||
|
||||
! die "PGP signature verification failed"
|
||||
}
|
||||
|
||||
# @FUNCTION: verify-sig_verify_message
|
||||
# @USAGE: <file> <output-file> [<key-file>]
|
||||
# @DESCRIPTION:
|
||||
--- 102,121 ----
|
||||
addpredict /run/user
|
||||
|
||||
local filename=${file##*/}
|
||||
[[ ${file} == - ]] && filename='(stdin)'
|
||||
einfo "Verifying ${filename} ..."
|
||||
! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify --disable-dirmngr \
|
||||
! "${sig}" "${file}"
|
||||
! # --keyserver-options http-proxy=http://localhost:3128
|
||||
! einfo `env |sort`
|
||||
! # env - is necessary andx sufficient
|
||||
! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify --disable-dirmngr \
|
||||
! "${sig}" "${file}" || \
|
||||
! die "PGP signature verification failed"
|
||||
}
|
||||
|
||||
# @FUNCTION: verify-sig_verify_message
|
||||
# @USAGE: <file> <output-file> [<key-file>]
|
||||
# @DESCRIPTION:
|
||||
***************
|
||||
*** 122,131 ****
|
||||
--- 133,143 ----
|
||||
[[ -n ${key} ]] ||
|
||||
die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
|
||||
|
||||
local extra_args=()
|
||||
[[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
|
||||
+ [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy )
|
||||
[[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
|
||||
--keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
|
||||
)
|
||||
|
||||
# GPG upstream knows better than to follow the spec, so we can't
|
||||
***************
|
||||
*** 134,146 ****
|
||||
addpredict /run/user
|
||||
|
||||
local filename=${file##*/}
|
||||
[[ ${file} == - ]] && filename='(stdin)'
|
||||
einfo "Verifying ${filename} ..."
|
||||
! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify --output="${output_file}" "${file}" ||
|
||||
! die "PGP signature verification failed"
|
||||
}
|
||||
|
||||
# @FUNCTION: verify-sig_verify_signed_checksums
|
||||
# @USAGE: <checksum-file> <algo> <files> [<key-file>]
|
||||
# @DESCRIPTION:
|
||||
--- 146,165 ----
|
||||
addpredict /run/user
|
||||
|
||||
local filename=${file##*/}
|
||||
[[ ${file} == - ]] && filename='(stdin)'
|
||||
einfo "Verifying ${filename} ..."
|
||||
! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify --disable-dirmngr --output="${output_file}" \
|
||||
! "${file}"
|
||||
! # --keyserver-options http-proxy=http://localhost:3128
|
||||
! einfo `env |sort`
|
||||
! # env - is necessary and sufficient
|
||||
! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
|
||||
! gpg --verify --disable-dirmngr --output="${output_file}" \
|
||||
! "${file}" || \
|
||||
! die "PGP signature verification failed"
|
||||
}
|
||||
|
||||
# @FUNCTION: verify-sig_verify_signed_checksums
|
||||
# @USAGE: <checksum-file> <algo> <files> [<key-file>]
|
||||
# @DESCRIPTION:
|
||||
EOF
|
||||
|
||||
[ -f /usr/portage/eclass/verify-sig.eclass.dst ] || \
|
||||
patch -b -z .dst /usr/portage/eclass/verify-sig.eclass \
|
||||
< /usr/portage/eclass/verify-sig.eclass.diff || exit 3
|
||||
|
13
overlay/Gentoo/usr/local/sbin/gentoo_bootstrap_sudo.bash
Executable file
13
overlay/Gentoo/usr/local/sbin/gentoo_bootstrap_sudo.bash
Executable file
@ -0,0 +1,13 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
ROLE=base
|
||||
root=$1
|
||||
if [ ! -f $root/usr/bin/sudo ] && [ -d $root/etc/portage/ ] ; then
|
||||
[ -d $root/usr/portage/distfiles/ ] || \
|
||||
mkdir -p $root/usr/portage/distfiles
|
||||
[ -f $root/usr/portage/distfiles/sudo-$SUDO_VER.tar.gz ] || \
|
||||
cp -p /usr/portage/distfiles/sudo-$SUDO_VER.tar.gz $root/usr/portage/distfiles/
|
||||
# env ROOT=$root emerge -vbp app-admin/sudo 2>&1| tee -a $root/root/sudo.log
|
||||
chroot $root emerge -vbp app-admin/sudo 2>&1| tee -a $root/root/sudo.log
|
||||
fi
|
||||
|
39
overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash
Executable file
39
overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash
Executable file
@ -0,0 +1,39 @@
|
||||
# This is recent - Pentoo not Funtoo
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
BASE_PORTDIR=/usr/portage
|
||||
|
||||
keyf=/usr/share/openpgp-keys/gentoo-release.asc
|
||||
[ -f $keyf ] || exit 1
|
||||
|
||||
gpg2 --disable-dirmngr --list-keys --with-sig-check --keyring $keyf >/tmp/G$$.log # 2>&1 || exit 1
|
||||
# gpg: 1 bad signature on Clipos
|
||||
# gpg: 1 bad signature on Pentoo19
|
||||
if grep 'bad signature' /tmp/G$$.log ; then
|
||||
echo ERROR: bad signature /tmp/G$$.log # exit 2
|
||||
# sig-3 BB572E0E2D182910 2009-08-25 Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
|
||||
gpg2 --disable-dirmngr --batch --delete-key BB572E0E2D182910
|
||||
fi
|
||||
|
||||
# numbers 1-3 for certificate check level (see --ask-cert-level)
|
||||
grep '^sig-[0-9]' /tmp/G$$.log && { echo WARN: bad signature ; exit 3 ;}
|
||||
# gpg: 104 signatures not checked due to missing keys
|
||||
|
||||
[ -f $BASE_PORTDIR/Manifest ] || exit 0
|
||||
# on stderr!
|
||||
gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit 3
|
||||
# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
|
||||
# grep 'This key has expired' /tmp/K$$.log && exit 3
|
||||
grep 'using RSA key' /tmp/K$$.log || exit 4
|
||||
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5
|
||||
|
||||
if route | grep -q ^default ; then
|
||||
. /root/bin/tor.sh
|
||||
wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
|
||||
grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {
|
||||
echo ERROR: failed 'Primary key fingerprint:' "`cat /tmp/K$$.key`"
|
||||
exit 5
|
||||
}
|
||||
fi
|
||||
|
||||
exit 0
|
120
overlay/Gentoo/usr/local/sbin/gentoo_chroot_pentoo.bash
Executable file
120
overlay/Gentoo/usr/local/sbin/gentoo_chroot_pentoo.bash
Executable file
@ -0,0 +1,120 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
ROLE=testforge
|
||||
# export PATH=$PATH:/usr/local/bin
|
||||
MOUNTS="mnt/i mnt/j mnt/o"
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
error () { retval=$1 ; shift; ERROR "$0" $* ; exit $retval ; }
|
||||
info () { INFO " $0 " $* ; }
|
||||
|
||||
# must be run as root
|
||||
[ "`id -u`" -ne "0" ] && error 1 "must be run as root"
|
||||
|
||||
if [ "$#" -eq "0" ] ; then
|
||||
error 2 "give an absolute directory name as argument"
|
||||
fi
|
||||
LARGS=""
|
||||
CMD=""
|
||||
while true; do
|
||||
case "$1" in
|
||||
'-'*)
|
||||
LARGS="$LARGS $1"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
root=$1
|
||||
shift
|
||||
if [ ! -d "$root" ] ; then
|
||||
error 3 "absolute directory name for chroot not found - $root"
|
||||
fi
|
||||
|
||||
# unix partition
|
||||
[ -d $root/lost+found ] || exit 4
|
||||
# linux partition
|
||||
[ -e $root/usr/src/ ] || exit 5
|
||||
cd $root || exit 6
|
||||
|
||||
if [ ! -d boot ] ; then
|
||||
error 7 "missing boot/"
|
||||
fi
|
||||
for file in tmp usr/tmp var/tmp ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || error 8 " missing directory $file"
|
||||
chmod 1777 $file
|
||||
done
|
||||
# df /var/tmp | grep -q sd.12 || mount /var/tmp
|
||||
|
||||
for file in proc sys dev dev/pts dev/shm usr ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || exit 9
|
||||
chmod 755 $file
|
||||
done
|
||||
|
||||
# Think -R is causing problems
|
||||
[ -e proc/self ] || mount -t proc none proc || error 10
|
||||
# this was rbind
|
||||
[ -e sys/kernel ] || mount -o bind /sys sys || error 12
|
||||
[ -e dev/null ] || mount -o bind /dev dev || error 11
|
||||
[ -e /dev/pts/0 ] || \
|
||||
mount -t devpts -o rw,relatime,mode=600 devpts dev/pts \
|
||||
|| error 12
|
||||
#? try mount| while read a on what type [ tmpfs cgroup binfmt_misc? ] without rbind
|
||||
mount| while read what foo on bar type rest ; do
|
||||
# cgroup devpts devtmpfs ecryptfs ext2 fuseblk proc rpc_pipefs sysfs tmpfs vfat
|
||||
# leave real disks for $MOUNTS
|
||||
[ $type = 'fuse' -o $type = 'ext2' -o $type = 'ext4' -o $type = 'vfat' -o ] && continue
|
||||
# have done these
|
||||
[ $type = 'proc' -o $type = 'sys' -o $type = 'dev' -o $type = 'devpts' -o ] && continue
|
||||
DBUG "Dunno $what $on $type"
|
||||
done
|
||||
# check for /dev/loop devices - up to 255 on android
|
||||
[ -e /dev/loop1 ] || \
|
||||
( cd /dev && \
|
||||
for i in 0 1 2 3 4 5 6 7 ; do
|
||||
[ -e loop$i ] && continue
|
||||
mknod loop$i b 7 $i
|
||||
chmod 660 loop$i
|
||||
chgrp disk loop$i
|
||||
done )
|
||||
|
||||
for elt in $MOUNTS ; do
|
||||
[ -d $elt ] || { mkdir $elt ; chmod 755 $elt ; }
|
||||
grep -q /$elt /proc/mounts || continue
|
||||
[ -d $elt/tmp ] && continue
|
||||
grep -q $root/$elt /proc/mounts && continue
|
||||
mount --bind /$elt $root/$elt
|
||||
done
|
||||
|
||||
# You'll also want to copy over resolv.conf in order to have proper DNS name
|
||||
# resolution from inside the chroot:
|
||||
# but in chroot, you'll need to change this to your connected IP address.
|
||||
cp -L /etc/resolv.conf etc || exit 16
|
||||
|
||||
for file in .bashrc .profile .jedrc ; do
|
||||
[ -f root/$file ] || \
|
||||
cp -p /root/$file root/$file
|
||||
done
|
||||
|
||||
|
||||
EARGS="CHROOT=1 LANG=en_US.UTF-8 LC_COLLATE=C"
|
||||
EELTS="$EELTS TERM DISPLAY HOME USER LOGNAME USERNAME PATH"
|
||||
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
|
||||
for elt in $EELTS ; do
|
||||
EARGS="$EARGS `env|grep ^${elt}=`"
|
||||
done
|
||||
|
||||
# was /bin/bash -l
|
||||
[ "$#" -eq 0 ] && set -- /bin/sh -i
|
||||
|
||||
# Now you can chroot into your new system. Use env before chroot to ensure that no
|
||||
# environment variables from the installation media are used by your new system:
|
||||
#? PATH=$PATH
|
||||
echo chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
|
||||
chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
|
45
overlay/Gentoo/usr/local/sbin/gentoo_clean_portage_packages.bash
Executable file
45
overlay/Gentoo/usr/local/sbin/gentoo_clean_portage_packages.bash
Executable file
@ -0,0 +1,45 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
# shopt -s nullglob
|
||||
|
||||
[ -f /etc/conf.d/hostname ] && . /etc/conf.d/hostname
|
||||
|
||||
if [ $# -eq 1 ] ; then
|
||||
TO=$1
|
||||
elif [ -n "$hostname" -a "$hostname" = "pentoo" ] ; then
|
||||
TO=/mnt/o/Cache/linuxPen19/var/cache/portage/packages
|
||||
elif [ -f /etc/dracut.conf.d/funtoo.conf ] ; then
|
||||
TO=/mnt/o/Cache/linuxFun64/var/cache/portage/packages
|
||||
elif [ -f /etc/dracut.conf.d/clipos.conf ] ; then
|
||||
TO=/mnt/o/Cache/linuxClipos/var/cache/portage/packages
|
||||
else
|
||||
exit 3
|
||||
fi
|
||||
|
||||
[ -n "$TO" ] || { echo ERROR: empty TO ; exit 4 ; }
|
||||
[ -d $TO ] || { echo ERROR: mkdir -p $TO ; exit 5 ; }
|
||||
|
||||
pushd $TO
|
||||
# -o -name \*.xpak
|
||||
find *-* virtual pentoo -type f -name \*tbz2 | grep -v '_sources\|_download_' | while read file ; do
|
||||
dir=`dirname $file`
|
||||
base=`basename $file`
|
||||
subdir=`sed -e 's/-[0-9].*//' <<< $base`
|
||||
xdir=$dir/$subdir
|
||||
[ -d $xdir ] || continue
|
||||
xpak=`sed -e 's/.tbz2/-?.xpak/' <<< $base`
|
||||
ls $file $xdir/$xpak 2>/dev/null && rm -f $xdir/$xpak
|
||||
done
|
||||
popd
|
||||
|
||||
cd $OUT
|
||||
rm -rf sys-firmware/intel-microcode* \
|
||||
sys-kernel/linux-firmware/* qpkg.*
|
||||
|
||||
find -L *-*/ -type l -delete 2>&1| \
|
||||
grep 'Too many levels'| \
|
||||
sed -e 's/find: .//' -e 's/xpak.:.*/xpak/'| \
|
||||
xargs rm -f
|
||||
|
||||
exit 0
|
8
overlay/Gentoo/usr/local/sbin/gentoo_eix-test-obsolete.bash
Executable file
8
overlay/Gentoo/usr/local/sbin/gentoo_eix-test-obsolete.bash
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# https://forums.gentoo.org/viewtopic-t-1044220-start-0.html
|
||||
|
||||
ROLE=base
|
||||
|
||||
eix-test-obsolete -H brief | grep -v -e "^No " -e "^Skipping " -e "^$"
|
||||
exit 0
|
109
overlay/Gentoo/usr/local/sbin/gentoo_etc_portage.bash
Executable file
109
overlay/Gentoo/usr/local/sbin/gentoo_etc_portage.bash
Executable file
@ -0,0 +1,109 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/var/local
|
||||
ROLE=base
|
||||
. /usr/local/etc/testforge/testforge.bash || exit 1
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
USAGE="$0 role-directory"
|
||||
#echo 1
|
||||
[ $# -ge 1 ] || { ERROR $USAGE ; exit 3 ; }
|
||||
|
||||
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
|
||||
base=`cat /etc/hostname`
|
||||
json="$TESTFORGE_ANSIBLE_SRC"/tmp/Hosts/$base.json
|
||||
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] ; then
|
||||
if [ ! -s $json ] || [ "$TESTFORGE_ANSIBLE_SRC"/hosts.yml -nt $json ] ; then
|
||||
/usr/local/sbin/gentoo_hosts_json.bash || exit 4$?
|
||||
fi
|
||||
fi
|
||||
|
||||
BOX_OS_FLAVOR=`/usr/local/sbin/gentoo_hosts_json.bash` || exit 4$?
|
||||
|
||||
# "BOX_PYTHON3_MINOR": "3.10"
|
||||
PYTHON3_VER=`grep BOX_PYTHON3_MINOR <$json|sed -e 's/.*\.//' -e 's/,//' -e 's/"//'`
|
||||
|
||||
TASKS="Gentoo/$BOX_OS_FLAVOR"
|
||||
YAML_HEAD="# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
|
||||
# This is an automatically generated file: do not edit
|
||||
|
||||
---
|
||||
|
||||
"""
|
||||
TEXT_HEAD="# -*- mode: text; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
"""
|
||||
|
||||
for dir in $* ; do
|
||||
[ -d $dir ] || { ERROR $dir ; exit 5 ; }
|
||||
[ -d $dir/vars ] || { WARN not a roles directory $dir/vars ; }
|
||||
YAML_BODY="- name: \"\\1\"\n blockinfile:\n dest: \\1\n create: true\n marker: \"# {mark} Ansible Managed Block $dir \\2\"\n block: |"
|
||||
for port in use mask unmask license accept_keywords ; do
|
||||
# DBUG $dir $port
|
||||
cp /dev/null $dir/vars/$port.txt
|
||||
grep '^ *- .*/' $dir/vars/Gentoo2.yml \
|
||||
| sed -e 's@^ *- @@' -e 's@ .*@@' \
|
||||
| uniq \
|
||||
| while read elt ; do
|
||||
base=`basename $elt`
|
||||
# override with $dir/tasks/$TASKS/portage.yml
|
||||
file=$dir/tasks/$TASKS/portage.yml
|
||||
[ -f $file ] && \
|
||||
grep -Hq "^ *[=>]*$elt" $file && \
|
||||
DBUG $port - "^ *[=>]*$elt" is already in $file && \
|
||||
continue
|
||||
file=$dir/vars/$port.txt
|
||||
[ -f $file ] && \
|
||||
grep -Hq "^ *[=>]*$elt" $file && \
|
||||
DBUG "^ *[=>]*$elt" is already in $file
|
||||
# && continue
|
||||
grep "^[=<>]*$elt" /etc/portage/package.$port/2*txt \
|
||||
| sed -e 's@^@# @' -e 's@.txt:@.txt '$base'\n@' \
|
||||
| sed -e 's@^\([^#][^ ]*\)@ \1%@' -e 's@^#@\n#@' \
|
||||
>> $dir/vars/$port.txt || exit 6
|
||||
#? grep "^#.*required by $elt" /etc/portage/package.$port/2*txt
|
||||
|
||||
done
|
||||
#echo 2
|
||||
if [ ! -s $dir/vars/$port.txt ] ; then
|
||||
rm -f $dir/vars/$port.txt $dir/tasks/$TASKS/$port.yml
|
||||
continue
|
||||
fi
|
||||
|
||||
INFO $port lines `wc -l $dir/vars/$port.txt`
|
||||
[ -d $dir/tasks/$TASKS ] || { ERROR no dir $dir/tasks/$TASKS ; continue ; }
|
||||
#echo 3
|
||||
to_yaml=$dir/tasks/$TASKS/$port.yml.new
|
||||
# overwrite if its there as .new
|
||||
echo "$YAML_HEAD" > $to_yaml
|
||||
# sed -e "s/\"\n block: |/ $base\0/"
|
||||
sed -e 's@^# \([^ ]*\) \([^ /]*\)$@'"$YAML_BODY"'@' $dir/vars/$port.txt \
|
||||
>> $to_yaml || exit 7
|
||||
# | sed -e "s/BLOCK $dir/BLOCK $dir $base/"
|
||||
if [ "$port" = "use" -o "$port" = "license" ] ; then
|
||||
sed -e 's@^ [=<>][=<>]*\([^:<>=]*\)-[0-9][-0-9.]*%@ \1@' -i $to_yaml || exit 8
|
||||
sed -e 's@^ [>=][>=]*\([^%]*\)%@ \1@' -i $to_yaml || exit 9
|
||||
elif [ "$port" = "mask" -o "$port" = "unmask" -o "$port" = "accept_keywords" ] ; then
|
||||
sed -e 's@^ \([^:]*\)/\([^%]*\)%@ \1/\2@' -i $to_yaml || exit 10
|
||||
fi
|
||||
sed -e 's@^ \([^:\n]*\)/\([^%\n]*\)%@ \1/\2@' -i $to_yaml || exit 11
|
||||
echo >> $to_yaml
|
||||
#echo 5
|
||||
grep % $to_yaml && ERROR "% in $to_yaml" && exit 12
|
||||
grep -q "^- [importinclude]*_tasks:.*$port.yml" $dir/tasks/$TASKS/main.yml || { \
|
||||
echo "- include_tasks: $TASKS/$port.yml" >> $dir/tasks/$TASKS/main.yml
|
||||
WARN "ADDED $port.yml to $dir/tasks/$TASKS/main.yml"
|
||||
}
|
||||
if [ ! -f $dir/tasks/$TASKS/$port.yml ] ; then
|
||||
mv $to_yaml $dir/tasks/$TASKS/$port.yml
|
||||
INFO created $dir/tasks/$TASKS/$port.yml
|
||||
elif diff -qw $to_yaml $dir/tasks/$TASKS/$port.yml ; then
|
||||
rm -f $to_yaml
|
||||
# DBUG unchanged $to_yaml
|
||||
else
|
||||
: diff is verbose
|
||||
fi
|
||||
done | sed -e 's/ and / /' -e 's/ differ$//' -e 's/^Files/mv/'
|
||||
done
|
||||
exit 0
|
119
overlay/Gentoo/usr/local/sbin/gentoo_funtoo_world.bash
Executable file
119
overlay/Gentoo/usr/local/sbin/gentoo_funtoo_world.bash
Executable file
@ -0,0 +1,119 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
if [ "$#" -ne 0 ] ; then
|
||||
ARGS=$*
|
||||
LARGS=""
|
||||
else
|
||||
ARGS="@world"
|
||||
# --changed-deps --deep
|
||||
LARGS="-vb --update"
|
||||
fi
|
||||
|
||||
|
||||
LARGS="$LARGS --changed-use --with-bdeps=y --changed-deps-report -k"
|
||||
LARGS="$LARGS --backtrack=30 --ignore-built-slot-operator-deps=y --keep-going"
|
||||
|
||||
# Skips the packages specified on the command-line that have already been installed.
|
||||
LARGS="$LARGS --noreplace"
|
||||
|
||||
# dangerous
|
||||
LARGS="$LARGS --exclude baselayout"
|
||||
|
||||
# gone
|
||||
LARGS="$LARGS --exclude sci-chemistry/PyMca"
|
||||
LARGS="$LARGS --exclude dev-python/PyQt4"
|
||||
LARGS="$LARGS --exclude dev-python/pyqwt"
|
||||
|
||||
# I wont do this routinely
|
||||
#?LARGS="$LARGS --exclude app-office/libreoffice"
|
||||
#?LARGS="$LARGS --exclude app-office/libreoffice-bin"
|
||||
|
||||
# /usr/local
|
||||
LARGS="$LARGS --exclude seamonkey"
|
||||
LARGS="$LARGS --exclude firefox"
|
||||
LARGS="$LARGS --exclude thunderbird"
|
||||
|
||||
LARGS="$LARGS --exclude gentoo-sources"
|
||||
|
||||
#? LARGS="$LARGS --exclude net-analyzer/openvas*"
|
||||
#LARGS="$LARGS --exclude "
|
||||
|
||||
#LARGS="$LARGS --exclude sys-libs/zlib"
|
||||
LARGS="$LARGS --exclude dev-util/android-sdk-update-manager"
|
||||
LARGS="$LARGS --exclude dev-util/android-ndk"
|
||||
|
||||
LARGS="$LARGS --exclude sys-kernel/clipos-kernel"
|
||||
|
||||
# always problems with icu
|
||||
LARGS="$LARGS --exclude dev-libs/icu"
|
||||
|
||||
#emerge: there are no ebuilds to satisfy ">=dev-libs/nsgenbind-0.7".
|
||||
LARGS="$LARGS --exclude www-client/netsurf"
|
||||
# emerge: there are no ebuilds to satisfy ">=dev-python/attrs-19.1.0[python_targets_python3_6(-)?,python_targets_python3_7(-)?,-python_single_target_python3_6(-),-python_single_target_python3_7(-)]".
|
||||
#LARGS="$LARGS --exclude www-client/qutebrowser"
|
||||
|
||||
LARGS="$LARGS --exclude dev-ruby/builder:3.1"
|
||||
|
||||
# required by dev-python/pyqtgraph-0.10.0-r1::python-modules-kit
|
||||
# required by @selected
|
||||
# required by @world (argument)
|
||||
# >=dev-python/PyQt5-5.10.1-r1 -opengl
|
||||
LARGS="$LARGS --exclude dev-python/pyqtgraph"
|
||||
LARGS="$LARGS --exclude net-print/hplip"
|
||||
|
||||
LARGS="$LARGS --exclude pentoo/pentoo-scanner"
|
||||
#LARGS="$LARGS --exclude net-analyzer/wpscan"
|
||||
#LARGS="$LARGS --exclude dev-ruby/cms_scanner"
|
||||
|
||||
LARGS="$LARGS --exclude net-wireless/gnuradio" # [python_single_target_python2_7,qt5]
|
||||
LARGS="$LARGS --exclude net-wireless/gr-iio"
|
||||
LARGS="$LARGS --exclude net-wireless/gr-iqbal"
|
||||
LARGS="$LARGS --exclude net-wireless/gr-osmosdr" # [iqbalance]
|
||||
LARGS="$LARGS --exclude pentoo/pentoo-radio"
|
||||
LARGS="$LARGS --exclude gnuradio"
|
||||
|
||||
# LARGS="$LARGS --exclude "
|
||||
|
||||
# morons
|
||||
#(dependency required by "dev-ruby/activesupport-4.2.11.1-r1::pentoo[ruby_targets_ruby26,-test]" [ebuild])
|
||||
#(dependency required by "dev-ruby/activemodel-4.2.11.1::pentoo[ruby_targets_ruby26]" [ebuild])
|
||||
#(dependency required by "dev-ruby/metasploit-model-2.0.4::pentoo[ruby_targets_ruby26]" [ebuild])
|
||||
#(dependency required by "net-analyzer/metasploit-4.17.21-r8::pentoo[ruby_targets_ruby25]" [ebuild])
|
||||
#
|
||||
#(dependency required by "dev-ruby/metasploit-concern-2.0.5::pentoo[ruby_targets_ruby26]" [ebuild])
|
||||
#(dependency required by "dev-ruby/metasploit-credential-2.0.14::pentoo[ruby_targets_ruby25]" [ebuild])
|
||||
#(dependency required by "net-analyzer/metasploit-4.17.21-r8::pentoo[ruby_targets_ruby25]" [ebuild])
|
||||
LARGS="$LARGS --exclude net-analyzer/metasploit"
|
||||
|
||||
# pentoo-rce
|
||||
#?LARGS="$LARGS --exclude dev-util/redasm --exclude pentoo-rce"
|
||||
|
||||
#(dependency required by "dev-ml/ocaml-gettext-0.3.7::gentoo" [ebuild])
|
||||
#(dependency required by "app-emulation/libguestfs-1.38.6::gentoo" [ebuild])
|
||||
LARGS="$LARGS --exclude dev-ml/ocaml-gettext --exclude app-emulation/libguestfs"
|
||||
|
||||
# broken
|
||||
#LARGS="$LARGS --exclude net-libs/libtorrent-rasterbar"
|
||||
#LARGS="$LARGS --exclude net-p2p/qbittorrent"
|
||||
# 9.0.1 even though it did work before
|
||||
LARGS="$LARGS --exclude sys-devel/llvm"
|
||||
# 6.1.6 even though app-emulation/virtualbox worked
|
||||
# cc1: error: incompatible gcc/plugin versions
|
||||
# cc1: error: fail to initialize plugin ./scripts/gcc-plugins/randomize_layout_plugin.so
|
||||
LARGS="$LARGS --exclude app-emulation/virtualbox-modules"
|
||||
# Unpacking NVIDIA-Linux-x86_64-440.82.run to /mnt/linuxBack52/mnt/tmp/Pentoo19/portage/x11-drivers/nvidia-drivers-440.82-r3/work
|
||||
#tar: Archive is compressed. Use -J option
|
||||
LARGS="$LARGS --exclude x11-drivers/nvidia-drivers"
|
||||
|
||||
#(dependency required by "dev-qt/qtx11extras-5.14.2::gentoo" [ebuild])
|
||||
#(dependency required by "app-emulation/virtualbox-6.1.6::gentoo[-headless,qt5]" [installed])
|
||||
#(dependency required by "app-emulation/libvirt-6.1.0-r1::gentoo[virtualbox]" [ebuild])
|
||||
#(dependency required by "app-emulation/qt-virt-manager-9999::testforge" [ebuild])
|
||||
LARGS="$LARGS --exclude dev-qt/qtx11extras --exclude app-emulation/virtualbox --exclude app-emulation/libvirt --exclude app-emulation/qt-virt-manager"
|
||||
|
||||
echo INFO: nice python3 emerge $LARGS $ARGS |tee -a world.log
|
||||
nice python3 `which emerge` $LARGS $ARGS >> world.log 2>&1
|
||||
# grep ' U ' world.log |grep -v =|sed -e 's@^.* \] @@' -e 's@-[0-9].*@@'
|
||||
# cat /var/lib/portage/world>world.elts;grep '^L.*exclude' world.sh|sed -e 's/.*exclude//' -e 's/"$//' -e 's/[*:].*$//' -e 's@/@\\\\/@' |sort -u |while read elt;do [ -z "$elt" ] && continue ; sed -e "/$elt/d" -i world.elts ;done
|
||||
|
32
overlay/Gentoo/usr/local/sbin/gentoo_gemato.bash
Executable file
32
overlay/Gentoo/usr/local/sbin/gentoo_gemato.bash
Executable file
@ -0,0 +1,32 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# Gentoo only
|
||||
|
||||
ROLE=base
|
||||
PY_MINOR=3.8
|
||||
|
||||
if [ $# -gt 0 -a $1 = --help ] ; then
|
||||
/usr/lib/python-exec/python${PY_MINOR}/gemato "$@"
|
||||
exit $?
|
||||
fi
|
||||
. /usr/local/bin/proxy_export.bash >/dev/null
|
||||
|
||||
declare -a G
|
||||
if [ $1 = gpg-wrap ] ; then
|
||||
G=(${*:1:1} -W ${*:2})
|
||||
# need --
|
||||
[[ $G =~ '--' ]] && G+=('--')
|
||||
[ -f /etc/gnupg/gpgconf.conf ] && G+=(--options /etc/gnupg/gpgconf.conf)
|
||||
else
|
||||
G=(${*:1:1} ${*:2})
|
||||
fi
|
||||
|
||||
# The --proxy code is for requests and is wrong: $http_proxy or $https_proxy
|
||||
#? [ -z "$https_proxy" ] || G=(${G:1:1} --proxy $https_proxy ${G:2})
|
||||
|
||||
echo INFO: /usr/lib/python-exec/python${PY_MINOR}/gemato ${G[@]} >> /tmp/G$$.log 2>&1
|
||||
/usr/lib/python-exec/python${PY_MINOR}/gemato "${G[@]}" >> /tmp/G$$.log 2>&1
|
||||
ret=$?
|
||||
DBUG "$ret" >> /tmp/G$$.log 2>&1
|
||||
cat /tmp/G$$.log
|
||||
exit 0
|
25
overlay/Gentoo/usr/local/sbin/gentoo_hosts_json.bash
Executable file
25
overlay/Gentoo/usr/local/sbin/gentoo_hosts_json.bash
Executable file
@ -0,0 +1,25 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/var/local
|
||||
ROLE=base
|
||||
. /usr/local/etc/testforge/testforge.bash || exit 1
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
|
||||
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
|
||||
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] ; then
|
||||
base=`cat /etc/hostname`
|
||||
json="$TESTFORGE_ANSIBLE_SRC"/tmp/Hosts/$base.json
|
||||
if [ ! -s $json ] || [ "$TESTFORGE_ANSIBLE_SRC"/hosts.yml -nt $json ] ; then
|
||||
ansible-inventory --playbook-dir $TESTFORGE_ANSIBLE_SRC -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
|
||||
--host=$base > $json || exit 1$?
|
||||
fi
|
||||
eval export BOX_OS_FLAVOR=`jq .BOX_OS_FLAVOR < $json`
|
||||
DBUG BOX_OS_FLAVOR=$BOX_OS_FLAVOR
|
||||
fi # 2>/dev/null
|
||||
[ -z "$BOX_OS_FLAVOR" ] && ERROR BOX_OS_FLAVOR not set && exit 1
|
||||
[ "$BOX_OS_FLAVOR" = Ubuntu16 ] && ERROR BOX_OS_FLAVOR = Ubuntu16 && exit 2
|
||||
[ "$BOX_OS_FLAVOR" = Devuan4 ] && ERROR BOX_OS_FLAVOR = Devuan4 && exit 2
|
||||
echo $BOX_OS_FLAVOR
|
||||
exit 0
|
27
overlay/Gentoo/usr/local/sbin/gentoo_hosts_update_pyver.bash
Executable file
27
overlay/Gentoo/usr/local/sbin/gentoo_hosts_update_pyver.bash
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/var/local
|
||||
ROLE=base
|
||||
. /usr/local/etc/testforge/testforge.bash || exit 1
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
|
||||
USAGE="$0 file"
|
||||
#echo 1
|
||||
[ $# -ge 1 ] || { ERROR $prog "#=$#" ; exit 3 ; }
|
||||
|
||||
BOX_OS_FLAVOR=`/usr/local/sbin/gentoo_hosts_json.bash` || exit 4$?
|
||||
|
||||
# "BOX_PYTHON3_MINOR": "3.10"
|
||||
PYTHON3_VER=`grep BOX_PYTHON3_MINOR <$json|sed -e 's/.*\.//' -e 's/,//' -e 's/"//'`
|
||||
|
||||
# failsafe
|
||||
# /mnt/o/data/TestForge/src/ansible/roles/base/overlay/Gentoo/usr/local/sbin/gentoo_etc_portage.bash
|
||||
for file in $* ; do
|
||||
[ -f $file ] || { WARN $file is not a file ; continue ; }
|
||||
sed -i $file \
|
||||
-e "s/python_single_target_python3_[0-9]*/python_single_target_python3_$PYTHON3_VER/" \
|
||||
-e "s/python_targets_python3_[0-9]*/python_targets_python3_$PYTHON3_VER/"
|
||||
done
|
||||
|
43
overlay/Gentoo/usr/local/sbin/gentoo_link_portage_packages.bash
Executable file
43
overlay/Gentoo/usr/local/sbin/gentoo_link_portage_packages.bash
Executable file
@ -0,0 +1,43 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
ROLE=testforge
|
||||
|
||||
shopt -s nullglob || exit 1
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
[ -f /etc/conf.d/hostname ] && . /etc/conf.d/hostname
|
||||
|
||||
if [ -n "$hostname" -a "$hostname" = "pentoo" ] ; then
|
||||
TO=/mnt/o/Cache/linuxPen19/var/cache/portage/packages
|
||||
elif [ -f /etc/dracut.conf.d/funtoo.conf ] ; then
|
||||
TO=/mnt/o/Cache/linuxFun64/var/cache/portage/packages
|
||||
elif [ -f /etc/dracut.conf.d/clipos.conf ] ; then
|
||||
TO=/mnt/o/Cache/linuxClipos/var/cache/portage/packages
|
||||
else
|
||||
exit 3
|
||||
fi
|
||||
|
||||
[ -n "$TO" ] || { echo ERROR: empty TO ; exit 4 ; }
|
||||
[ -d $TO ] || { echo ERROR: mkdir -p $TO ; exit 5 ; }
|
||||
|
||||
[ "$#" -eq 0 ] && set -- /usr/portage/packages
|
||||
|
||||
for root in $* ; do
|
||||
cd $root || exit 2$?
|
||||
INFO $root
|
||||
find -L $root -type l -delete &
|
||||
|
||||
pushd $TO
|
||||
# -o -name \*.xpak
|
||||
find *-* virtual pentoo -type f -name \*tbz2 | grep -v '_sources\|_download_' | while read file ; do
|
||||
[ -h $root/$file ] && [ -f $file ] && continue
|
||||
dir=`dirname $root/$file`
|
||||
[ -d $dir ] || mkdir $dir
|
||||
ln -s $TO/$file $root/$file
|
||||
done
|
||||
popd
|
||||
done
|
||||
exit 0
|
45
overlay/Gentoo/usr/local/sbin/gentoo_link_to_cache.bash
Executable file
45
overlay/Gentoo/usr/local/sbin/gentoo_link_to_cache.bash
Executable file
@ -0,0 +1,45 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=testforge
|
||||
TXT=/usr/local/sbin/gentoo_link_to_cache.txt
|
||||
|
||||
# replace /usr/net/Http/Makefile
|
||||
[ "$#" -gt 0 ] && cd $1 || cd /usr/net/Http
|
||||
[ -z "$DISTFILES" ] && DISTFILES=../../portage/distfiles
|
||||
|
||||
find -L $DISTFILES/ -type l -delete
|
||||
|
||||
find */ prdownloads.sourceforge.net/*/ github.com/*/ -type f -o -type l -name \*.\* | \
|
||||
grep -v ' \|\.[a-z]\|/archive/\|/tarball/' \
|
||||
| grep -v 'htm$\|html$\|txt$\|Makefile$\|\.py$\|~$' \
|
||||
| while read file ; do
|
||||
base=`basename $file`
|
||||
[ -h ${DISTFILES}/"$base" ] && continue
|
||||
from=$(readlink ../../net/Http/"$file")
|
||||
[ -z "$from" ] && from=../../net/Http/"$file"
|
||||
ln -s $from ${DISTFILES}/"$base"
|
||||
done
|
||||
|
||||
# golang/net/archive/8d16fa6dc9a8.tar.gz
|
||||
# burpsuite_community_v2020.9.1.jar portswigger.net/burp/releases/download@product=community&version=2020.9.1
|
||||
# burpsuite_community_v2020.4.jar mirror.leaseweb.com/gentoo/distfiles/0f/burpsuite_community_v2020.4.jar
|
||||
# burpsuite_community_v2020.4.jar portswigger.net/burp/releases/download@product=community&version=2020.4
|
||||
# burpsuite_community_v2020.4.1.jar portswigger.net/burp/releases/download@product=community&version=2020.4.1
|
||||
|
||||
grep -v '^#' $TXT | while read base file ; do
|
||||
if [ -z "$base" ] ; then
|
||||
continue
|
||||
fi
|
||||
if [ -z "$file" ] ; then
|
||||
echo ERROR: empty target for $base && continue
|
||||
fi
|
||||
|
||||
rm -f "${DISTFILES}/$base"
|
||||
ln -s ../../net/Http/"$file" ${DISTFILES}/"$base"
|
||||
[ -e /i/net/Http/distfiles.gentoo.org/distfiles/"$base" ] || \
|
||||
ln -s /i/net/Http/"$file" /i/net/Http/distfiles.gentoo.org/distfiles/"$base"
|
||||
base=""
|
||||
done
|
||||
exit 0
|
||||
# RfCatDonsCCBootloader-1.9.2.hex atlas0fd00m/rfcat/releases/download/v1.9.2/RfCatDonsCCBootloader.hex
|
18
overlay/Gentoo/usr/local/sbin/gentoo_lis_to_urls.bash
Executable file
18
overlay/Gentoo/usr/local/sbin/gentoo_lis_to_urls.bash
Executable file
@ -0,0 +1,18 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter
|
||||
|
||||
CACHE=/mnt/i/net/Http
|
||||
grep ^http:// | \
|
||||
sed -e 's@ftp://[^ ]*@@g' | \
|
||||
while read line ; do
|
||||
for url in $line ; do
|
||||
base=`basename "$url"`
|
||||
[ -e /usr/portage/distfiles/$base ] && break
|
||||
pre=`sed -e "s@http://@${CACHE}@" <<< $url`
|
||||
[ -e $pre ] && break
|
||||
echo $line
|
||||
break
|
||||
done
|
||||
done
|
||||
exit 0
|
9
overlay/Gentoo/usr/local/sbin/gentoo_qcheck_missing.bash
Executable file
9
overlay/Gentoo/usr/local/sbin/gentoo_qcheck_missing.bash
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# https://forums.gentoo.org/viewtopic-t-1044220-start-0.html
|
||||
qcheck -C \
|
||||
| grep -v -e '.*\.pyo$' -e '.*\.pyc$' \
|
||||
-e '.*/examples/.*' -e '^.*/doc/.*/[^/.]*$' \
|
||||
-e '^/usr/lib/debug/.*' -e '.*\.debug' \
|
||||
-e '^/usr/.*compiled' -e '^/usr/.*\.cache' \
|
||||
| grep -B 1 -e '^ MD5-DIGEST:' -e '^ AFK:' -e '^ MTIME:'
|
15
overlay/Gentoo/usr/local/sbin/gentoo_rebuild_missing.bash
Executable file
15
overlay/Gentoo/usr/local/sbin/gentoo_rebuild_missing.bash
Executable file
@ -0,0 +1,15 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
|
||||
# https://www.commandlinefu.com/commands/view/5988/re-emerge-all-ebuilds-with-missing-files-gentoo-linux
|
||||
# Re-emerge all ebuilds with missing files (Gentoo Linux)
|
||||
|
||||
qlist --installed --nocolor | uniq | while read cp; do
|
||||
qlist --exact $cp | grep -v '/usr/share/bash-completion\|/doc/' | while read file; do
|
||||
test -e "$file" || { echo $cp; echo "$cp: missing $file" 1>&2; break; };
|
||||
done;
|
||||
done
|
||||
|
||||
exit 0
|
24
overlay/Gentoo/usr/local/sbin/gentoo_wget_urls.bash
Executable file
24
overlay/Gentoo/usr/local/sbin/gentoo_wget_urls.bash
Executable file
@ -0,0 +1,24 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter - arguments are to wget - quoted?
|
||||
|
||||
ROOTDIR=/mnt/i
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
WARGS="-xc -P $ROOTDIR/net/Http --tries=1"
|
||||
else
|
||||
WARGS="$@"
|
||||
fi
|
||||
grep ^http | \
|
||||
sed -e 's@^\(https://distfiles.gentoo.org/distfiles/[a-f0-9][a-f0-9]/[^ ]*\) \(https://[^ ]*\) @\2 \1@' | \
|
||||
sed -e 's@ftp://[^ ]*@@' -e 's@^https://distfiles.gentoo.org/distfiles/[^ ]* https://pypi.python.org/@https://pypi.python.org/@' -e 's/http:/https:/' \
|
||||
-e 's@https*://mirror.leaseweb.com/gentoo/@https://gentoo.osuosl.org@g' \
|
||||
-e 's@https*://distfiles.gentoo.org@https://gentoo.osuosl.org@g' | \
|
||||
while read urls ; do
|
||||
url=`sed -e 's@ .*@@' <<< $urls`
|
||||
base=`basename "$url"`
|
||||
[ -e /usr/portage/distfiles/$base ] && echo distfiles/$base && continue
|
||||
for url in $urls ; do
|
||||
wget --restrict-file-names=windows --no-verbose $WARGS $url || continue
|
||||
break
|
||||
done
|
||||
done
|
6
overlay/Linux/etc/ssl/blacklist_yasat.lis
Normal file
6
overlay/Linux/etc/ssl/blacklist_yasat.lis
Normal file
@ -0,0 +1,6 @@
|
||||
# from yasat on Ubuntu16
|
||||
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
|
||||
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
|
||||
/etc/ssl/certs/DST_ACES_CA_X6.pem
|
||||
/etc/ssl/certs/GeoTrust_Global_CA_2.pem
|
||||
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem
|
4
overlay/Linux/etc/sysctl.d/10_ptrace.conf
Normal file
4
overlay/Linux/etc/sysctl.d/10_ptrace.conf
Normal file
@ -0,0 +1,4 @@
|
||||
# https://linux-audit.com/protect-ptrace-processes-kernel-yama-ptrace_scope/
|
||||
# kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as they have same uid. This is the classical way of how ptracing worked.
|
||||
sysctl kernel.yama.ptrace_scope = 0
|
||||
|
50
overlay/Linux/etc/udev/rules.d/70-persistent-net.rules
Normal file
50
overlay/Linux/etc/udev/rules.d/70-persistent-net.rules
Normal file
@ -0,0 +1,50 @@
|
||||
# This file was automatically generated by the /lib/udev/write_net_rules
|
||||
# program, run by the persistent-net-generator.rules rules file.
|
||||
#
|
||||
# You can modify it, as long as you keep each rule on a single
|
||||
# line, and change only the value of the NAME= key.
|
||||
|
||||
# PCI device 0x168c:0x0036 (ath9k)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="70:18:8b:7f:c3:bf", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"
|
||||
|
||||
# PCI device 0x10ec:0x8136 (r8169)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="74:86:7a:38:33:24", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
|
||||
|
||||
# USB device 0x148f:0x3070 (usb)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="48:02:2a:53:36:68", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan1"
|
||||
|
||||
# USB device 0x148f:0x5370 (usb)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:87:30:33:5f:38", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan2"
|
||||
|
||||
# USB device 0x148f:0x5370 (usb)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:43:44:5a:e8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan3"
|
||||
|
||||
# USB device 0x0cf3:0x9271 (usb)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:84:ac:4b", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan4"
|
||||
|
||||
# PCI device 0x168c:0x0036 (ath9k)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="70:18:8b:73:37:9f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan5"
|
||||
|
||||
# PCI device 0x8086:0x155a (e1000e)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:67:40:1e", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
|
||||
|
||||
# PCI device 0x8086:0x08b1 (iwlwifi)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="80:19:34:af:89:b7", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan6"
|
||||
|
||||
# PCI device 0x10ec:0x8168 (r8169)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="20:47:47:5f:35:2e", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
|
||||
|
||||
# PCI device 0x8086:0x095a (iwlwifi)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="4c:34:88:65:bc:f6", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan7"
|
||||
|
||||
# PCI device 0x8086:0x15a2 (e1000e)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:e6:d7:6b:66:0d", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
|
||||
|
||||
# PCI device 0x8086:0x095a (iwlwifi)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:02:86:d3:9e:e2", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan8"
|
||||
|
||||
# PCI device 0x8086:0x15a2 (e1000e)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:e6:d7:56:fa:c4", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth4"
|
||||
|
||||
# PCI device 0x8086:0x095a (iwlwifi)
|
||||
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:02:86:19:a5:e6", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan9"
|
435
overlay/Linux/usr/bootstrap_pip_ansible.bash
Executable file
435
overlay/Linux/usr/bootstrap_pip_ansible.bash
Executable file
@ -0,0 +1,435 @@
|
||||
#!/bin/bash -e
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
shopt -o -s pipefail
|
||||
|
||||
[ $( id -u ) -eq 0 ] || { echo "ERROR: this must be run as root" ; exit 1 ; }
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
WD=$PWD
|
||||
PYVER=3
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
MV=mv
|
||||
COPY="ln -s"
|
||||
|
||||
[ -z "$BASE_PYTHON2_MINOR" ] && \
|
||||
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
[ -z "$BASE_PYTHON3_MINOR" ] && \
|
||||
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
|
||||
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
|
||||
[ -z "$BOX_ALSO_GROUP" ] || BOX_ALSO_GROUP=adm
|
||||
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
|
||||
# With packer the files we need are not on the host - they are pushed up and $UPTMP is populated with:
|
||||
PDIRS="authorized_keys archives boxuser_pip_cache root_pip_cache cacert.pem wheels"
|
||||
# With vagrant the files may have been tarred on the host and be in their cannonical positions.
|
||||
# We symlink to files under vagrant to /tmp to leave the packer scripts untouched.
|
||||
# With packer and docker we can remote mount partitions and not even copy them up to the guest.
|
||||
|
||||
[ -n "$TESTF_DEBIAN10_VAR_APT_ARCHIVES" ] && [ -d "$TESTF_DEBIAN10_VAR_APT_ARCHIVES/" ] && \
|
||||
[ ! -e $UPTMP/archives ] && ln -s $TESTF_DEBIAN10_VAR_APT_ARCHIVES/ $UPTMP/archives
|
||||
[ -n "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && [ -e "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && \
|
||||
[ ! -e $UPTMP/boxuser_pip_cache ] && ln -s $HOSTVMS_BOXUSER_PLAY_PIP_CACHE/ $UPTMP/boxuser_pip_cache
|
||||
[ -n "$HOSTVMS_ROOT_PLAY_PIP_CACHE" ] && [ -d "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" ] && \
|
||||
[ ! -e $UPTMP/root_pip_cache ] && ln -s "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" $UPTMP/root_pip_cache
|
||||
|
||||
export PLAY_PIP_CERT="/usr/local/etc/ssl/cacert-testforge.pem"
|
||||
[ -f $PLAY_PIP_CERT ] && \
|
||||
[ ! -e $UPTMP/cacert.pem ] && ln -s $PLAY_PIP_CERT $UPTMP/cacert.pem
|
||||
|
||||
# config_file = os.environ.get('PIP_CONFIG_FILE', None)
|
||||
# /usr/$LIB/python2.7/site-packages/pip/_internal/configuration.py
|
||||
|
||||
bootstrap_mkdir () { mkdir $1 ; chgrp $BOX_ALSO_GROUP $1 ; }
|
||||
|
||||
[ -d /usr/local/tmp ] || { mkdir -p /usr/local/tmp ; chmod 1777 /usr/local/tmp ; }
|
||||
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
|
||||
[ -d $site_packages ] || bootstrap_mkdir $site_packages
|
||||
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
|
||||
if [ ! -d /usr/local/tmp/wheels ] ; then
|
||||
cd /usr/local
|
||||
sh sbin/bootstrap_wheels.bash || exit 2
|
||||
fi
|
||||
[ ! -d $UPTMP/wheels/ ] && [ $UPTMP/ != /usr/local/tmp/ ] && ln -s /usr/local/tmp/wheels $UPTMP/wheels
|
||||
|
||||
# But with vagrant or docker we may have mounted the HOST partitions that contain the files
|
||||
# [ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && TESTF_UBUNTU16_VAR_APT_ARCHIVES -> $UPTMP/archives
|
||||
|
||||
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=user
|
||||
[ -z "BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME
|
||||
[ -z "BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm
|
||||
[ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp
|
||||
|
||||
[ -d $LOGDIR ] || { mkdir $LOGDIR ; chmod 1777 $LOGDIR ; }
|
||||
|
||||
# not needed: --no-binary :all: --upgrade-strategy only-if-needed
|
||||
# not yet: --user
|
||||
PIP_INSTALL_ARGS="--disable-pip-version-check --prefix=$PREFIX --install-option=--prefix=$PREFIX"
|
||||
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
|
||||
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
export PIP_DEFAULT_TIMEOUT=60
|
||||
|
||||
ANSIBLE_VER="2.8.12"
|
||||
#2? PYYAML_VER="3.12"
|
||||
ansible_tgz=ansible-$ANSIBLE_VER.tar.gz
|
||||
#2? yaml_tgz=PyYAML-$PYYAML_VER.tar.gz
|
||||
|
||||
if [ -n "$BOX_USER_NAME" ] ; then
|
||||
# Packer will not have created this and we will need it early.
|
||||
[ -d $BOX_USER_HOME ] || \
|
||||
bootstrap_mkdir $BOX_USER_HOME
|
||||
#? useradd -d $BOX_USER_HOME -G root -m $BOX_USER_NAME
|
||||
|
||||
# If you want to use your own private key for packer
|
||||
[ -d $BOX_USER_HOME/.ssh ] || \
|
||||
bootstrap_mkdir $BOX_USER_HOME/.ssh
|
||||
|
||||
if [ -f $UPTMP/authorized_keys ] ; then
|
||||
$COPY $UPTMP/authorized_keys $BOX_USER_HOME/.ssh && \
|
||||
chmod 600 $BOX_USER_HOME/.ssh/authorized_keys
|
||||
fi
|
||||
chmod 700 $BOX_USER_HOME/.ssh/
|
||||
fi
|
||||
|
||||
[ -d /var/cache/apt/archives ] || mkdir -p /var/cache/apt/archives
|
||||
# If you upload your cache of Ubuntu .debs, it cuts down on the downloading
|
||||
[ -d $UPTMP/archives ] && \
|
||||
$COPY $UPTMP/archives/*.deb /var/cache/apt/archives 2>/dev/null
|
||||
# leave this for cleanup:
|
||||
# rm -rf $UPTMP/archives
|
||||
|
||||
# If you upload your cache of pip files, it cuts down on the downloading
|
||||
if [ -d $UPTMP/boxuser_pip_cache ] ; then
|
||||
bootstrap_mkdir $BOX_USER_HOME/.cache/ && \
|
||||
cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \
|
||||
chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \
|
||||
chmod -R g+rw $BOX_USER_HOME/.cache/pip && \
|
||||
chmod -R o-w $BOX_USER_HOME/.cache/pip
|
||||
fi
|
||||
if [ -d $UPTMP/root_pip_cache ] ; then
|
||||
bootstrap_mkdir /root/.cache/ && \
|
||||
cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \
|
||||
chown -R root.root /root/.cache/pip && \
|
||||
chmod -R g+rw /root/.cache/pip && \
|
||||
chmod -R o-w /root/.cache/pip
|
||||
fi
|
||||
|
||||
if [ -d /etc/apt ] ; then
|
||||
if ! route | grep -q ^default ; then
|
||||
DEBUG "Not connected; skipping apt-get update"
|
||||
elif [ ! -f /var/log/dpkg.log ] ; then
|
||||
apt-get update # || exit 4
|
||||
fi
|
||||
which unzip || ! [ -f /var/cache/apt/archives/unzip_6.0-23+deb10u1_amd64.deb ] || \
|
||||
dpkg -i /var/cache/apt/archives/unzip_6.0-23+deb10u1_amd64.deb
|
||||
which curl || [ ! -f /var/cache/apt/archives/curl_7.64.0-4+deb10u1_amd64.deb ] || \
|
||||
dpkg -i /var/cache/apt/archives/curl_7.64.0-4+deb10u1_amd64.deb \
|
||||
/var/cache/apt/archives/libcurl4_7.64.0-4+deb10u1_amd64.deb \
|
||||
/var/cache/apt/archives/libcurl4-openssl-dev_7.64.0-4+deb10u1_amd64.deb
|
||||
apt-get install -y --force-yes wget unzip openssl || true
|
||||
[ -f /usr/include/Python.h ] || \
|
||||
apt-get install -y --force-yes \
|
||||
libffi-dev libssl-dev python3-dev python3-apt python3-pycparser \
|
||||
python3-coverage || \
|
||||
echo WARN you must run apt-get update
|
||||
# msg: Could not find `coverage` module.
|
||||
|
||||
elif [ -d /etc/portage ] ; then
|
||||
# FixMe: put these in wheels?
|
||||
[ -x /usr/bin/unzip ] || which unzip 2>/dev/null || emerge -vb app-arch/unzip
|
||||
[ -x /usr/bin/wget ] || which wget 2>/dev/null || emerge -vb net-misc/wget
|
||||
which openssl 2>/dev/null || timeout 600 emerge -vb dev-libs/openssl
|
||||
# openssl installs:
|
||||
# dev-python/pyopenssl-19.1.0
|
||||
# dev-python/six-1.13.0
|
||||
# dev-python/cryptography-2.8
|
||||
# dev-python/cffi-1.12.3:0/1.12.3
|
||||
# dev-python/pycparser-2.19-r1
|
||||
# dev-python/ply-3.11:0/3.11
|
||||
# virtual/python-ipaddress-1.0-r1
|
||||
# dev-python/ipaddress-1.0.23
|
||||
# virtual/python-enum34-2
|
||||
# dev-python/enum34-1.1.6-r1
|
||||
python$PYVER -c 'import OpenSSL' 2>/dev/null || timeout 600 emerge -vb dev-python/pyopenssl
|
||||
python$PYVER -c 'import pycparser' 2>/dev/null || timeout 600 emerge -vb dev-python/pycparser
|
||||
python$PYVER -c 'import yaml' 2>/dev/null || timeout 600 emerge -vb dev-python/pyyaml
|
||||
DEBUG "Gentoo Installed openssl and wget"
|
||||
fi
|
||||
|
||||
# On a CORP laptop off the VPN we may need some CAs
|
||||
[ -d $PREFIX/etc/ssl ] || mkdir -p $PREFIX/etc/ssl
|
||||
[ ! -f $PLAY_PIP_CERT ] && \
|
||||
[ -f $UPTMP/cacert.pem ] && \
|
||||
$COPY $UPTMP/cacert.pem $PLAY_PIP_CERT
|
||||
|
||||
# pip gets confused
|
||||
# or just delete $PREFIX/$LIB/python$PYTHON_MINOR/dist-packages afterwards
|
||||
|
||||
for PYVER in 3 ; do
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
|
||||
[ -d $site_packages ] || bootstrap_mkdir $site_packages
|
||||
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
|
||||
if [ -d /etc/apt ] ; then
|
||||
dist_packages=$PREFIX/lib/python$PYTHON_MINOR/dist-packages
|
||||
WD=$PWD
|
||||
if [ -d $dist_packages ] ; then
|
||||
cd $PREFIX/lib/python$PYTHON_MINOR
|
||||
ln -s $site_packages .
|
||||
cd $WD
|
||||
fi
|
||||
fi
|
||||
|
||||
# we will use $PREFIX/bin/python3.bash NOT $PREFIX/bin/python3.sh
|
||||
# to not conflict with what Ansible will push later/before.
|
||||
if [ ! -e $PREFIX/bin/python$PYVER.bash ] ; then
|
||||
echo "INFO: bootstraping $PREFIX/bin/python$PYVER.bash"
|
||||
cat > $PREFIX/bin/python$PYVER.bash << EOF
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# from bootstrap_pip_ansible.bash
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
|
||||
# pip gets confused
|
||||
dist_packages=$site_packages
|
||||
dist_packages=\$dist_packages:\${dist_packages}/pip/_vendor
|
||||
if [ -z "$PYTHONPATH" ] ; then
|
||||
export PYTHONPATH=\$dist_packages
|
||||
else
|
||||
export PYTHONPATH=\$PYTHONPATH:\$dist_packages
|
||||
fi
|
||||
|
||||
exec python$PYTHON_MINOR "\$@"
|
||||
EOF
|
||||
chmod 755 $PREFIX/bin/python$PYVER.bash
|
||||
|
||||
fi
|
||||
|
||||
# pip may be loaded in the base iso
|
||||
if [ -x $PREFIX/bin/python$PYVER.bash ] && \
|
||||
$PREFIX/bin/python$PYVER.bash -c 'import pip' 2>/dev/null ; then
|
||||
INFO pip$VER already installed
|
||||
elif [ ! -d $UPTMP/wheels/ ] ; then
|
||||
WARN $UPTMP/wheels not found
|
||||
else
|
||||
# we may be without the VPN/proxy but on a corporate laptop
|
||||
# with a hosed chain of Certificate Authorities for the MITM proxy
|
||||
# in which case http://bootstrap.pypa.io/get-pip.py will not work,
|
||||
# so effective but groddy:
|
||||
# just unzip the wheels into site-packages and force-reinstall later
|
||||
cd $UPTMP/wheels/
|
||||
|
||||
echo "INFO: installing pip - unzipping wheels into $site_packages"
|
||||
for file in *.whl ; do
|
||||
#a=$( echo $file | sed -e 's/-.*//' )
|
||||
#b=$( basename $a|sed -e 's/Py//'|tr '[A-Z]' '[a-z]' )
|
||||
#python$PYVER -c "import $b" 2>/dev/null >/dev/null && continue
|
||||
unzip -n $file -d $site_packages >/dev/null
|
||||
done
|
||||
|
||||
# morons
|
||||
# -rwx------ 1 root root 8866 Jun 11 2018 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/idna-2.7.dist-info/METADATA
|
||||
find $site_packages -type d -exec chmod a+rx '{}' \;
|
||||
find $site_packages -type f -exec chmod a+r '{}' \;
|
||||
chgrp -R "$BOX_ALSO_GROUP" $site_packages
|
||||
|
||||
# hack in a PYTHONPATH for our unzipped wheels - removed later
|
||||
for elt in pip ; do # is wheel needed?
|
||||
echo "INFO: Installing $elt"
|
||||
# use $PYVER.bash for bootstrap - $PYVER.bash will come later
|
||||
cat > $PREFIX/bin/$elt$PYVER.bash << EOF
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
export PLAY_PIP_CERT=$PIP_CERT
|
||||
export PYTHONPATH=${site_packages}
|
||||
export PYTHONPATH=\$PYTHONPATH:${site_packages}/pip/_vendor
|
||||
#? FixMe: narrow to InsecurePlatformWarning
|
||||
python$PYVER -W ignore -m $elt "\$@"
|
||||
EOF
|
||||
chmod 755 $PREFIX/bin/$elt$PYVER.bash
|
||||
$PREFIX/bin/$elt$PYVER.bash --help >/dev/null
|
||||
DEBUG "Installed $elt$PYVER.bash"
|
||||
done
|
||||
fi
|
||||
|
||||
# do I still need this
|
||||
#if [ -x $PREFIX/bin/pip$PYVER ] && [ -d $site_packages ] ; then
|
||||
# export PYTHONPATH=$site_packages:$site_packages/pip/_vendor
|
||||
#fi
|
||||
|
||||
if [ ! -x $PREFIX/bin/pip$PYVER.bash ] ; then
|
||||
echo "ERROR: Failed to Install pip$PYVER at $PREFIX/bin/pip$PYVER.bash"
|
||||
exit 3
|
||||
elif ! $PREFIX/bin/python$PYVER.bash -m pip -V ; then
|
||||
echo "ERROR: Failed to run pip$PYVER at $PREFIX/bin/pip$PYVER"
|
||||
exit 4
|
||||
fi
|
||||
|
||||
if [ -f $PLAY_PIP_CERT ] ; then
|
||||
if [ ! -f $site_packages/pip/_vendor/requests/cacert.pem.dst ] && \
|
||||
[ -f $site_packages/pip/_vendor/requests/cacert.pem ] && \
|
||||
[ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
|
||||
mv $site_packages/pip/_vendor/requests/cacert.pem $site_packages/pip/_vendor/requests/cacert.pem.dst
|
||||
fi
|
||||
if [ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
|
||||
rm -f $site_packages/pip/_vendor/requests/cacert.pem
|
||||
fi
|
||||
[ -e $site_packages/pip/_vendor/requests/cacert.pem ] || \
|
||||
ln -s $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
|
||||
INFO linked $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
|
||||
fi
|
||||
done
|
||||
|
||||
# dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert
|
||||
if openssl s_client -connect pypi.org:443 </dev/null | \
|
||||
grep -q 'unable to get local issuer certificate' ; then
|
||||
echo "WARN: it looks like you have a hosed SSL Certificate Authority chain"
|
||||
fi
|
||||
|
||||
$PREFIX/bin/pip$PYVER.bash --version || exit 5
|
||||
|
||||
[ -d /usr/local/src ] || { bootstrap_mkdir /usr/local/src ; }
|
||||
[ -d /usr/local/bin ] || { bootstrap_mkdir /usr/local/bin ; }
|
||||
|
||||
if [ -f $PLAY_PIP_CERT ] ; then
|
||||
export PLAY_PIP_CERT=$PIP_CERT
|
||||
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
|
||||
else
|
||||
echo "WARN: PLAY_PIP_CERT not found $PIP_CERT"
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/wgetrc ] ; then
|
||||
sh $WD/bootstrap_proxy.bash
|
||||
fi
|
||||
|
||||
# pip uses curl - and has a config file PIP_CONFIG
|
||||
DEBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
|
||||
if [ -n "$https_proxy" ] ; then
|
||||
echo "INFO: Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
|
||||
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
|
||||
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
|
||||
echo "INFO: Adding to PIP_INSTALL_ARGS $proxy"
|
||||
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
|
||||
fi
|
||||
|
||||
# lengthen the timeout in case you are on a slow line
|
||||
# or /etc/pip.conf
|
||||
# [global]
|
||||
# timeout = 60
|
||||
|
||||
cd $PREFIX/src || exit 6
|
||||
|
||||
boostrap_setup_ansible () {
|
||||
local WD=$PWD
|
||||
cd /usr/local/src
|
||||
[ -d ansible-$ANSIBLE_VER ] || tar xfz $UPTMP/wheels/$ansible_tgz
|
||||
cd ansible-$ANSIBLE_VER
|
||||
RARGS=" --user $RARGS"
|
||||
# Can not combine '--user' and '--prefix'
|
||||
## RARGS=" --prefix=$PREFIX $RARGS"
|
||||
# Can not combine '--user' and '--install-option=--prefix' ?? - check for symlink
|
||||
# RARGS=" --prefix=/usr/local $RARGS"
|
||||
RARGS=" --install-scripts=/usr/local/bin $RARGS"
|
||||
RARGS=" --install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
|
||||
RARGS=" --install-layout=unix $RARGS"
|
||||
export PYTHONPATH=/usr/local/$LIB/python3.7/site-packages
|
||||
DEBUG "/usr/local/bin/python$PYVER.bash setup.py install $RARGS"
|
||||
su -c "/usr/local/bin/python$PYVER.bash setup.py install $RARGS" \
|
||||
${BOX_USER_NAME} >> install.log
|
||||
retval=$?
|
||||
cd $WD
|
||||
return $retval
|
||||
}
|
||||
# NOW we use our fresh pip to install ansible from source, into /usr/local
|
||||
if [ -x $PREFIX/bin/ansible ] ; then
|
||||
INFO already installed $PREFIX/bin/ansible
|
||||
else
|
||||
if true ; then
|
||||
DEBUG "$PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz"
|
||||
# install from the file to keep the version pinned
|
||||
$PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz \
|
||||
>> $LOGDIR/pip_install_pip_ansible.log 2>&1 || \
|
||||
{ ERROR installing $ansible_tgz ; cat $LOGDIR/pip_install_pip_ansible.log && exit 7 ; }
|
||||
else
|
||||
boostrap_setup_ansible
|
||||
[ $? -eq 0 ] || { ERROR installing ansible ; tail install.log ; exit 8 ; }
|
||||
fi
|
||||
if [ -d /etc/portage/ ] ; then
|
||||
[ -d /etc/portage/profile ] || mkdir /etc/portage/profile
|
||||
grep -q app-admin/ansible-$ANSIBLE_VER /etc/portage/profile/package.provided || \
|
||||
echo app-admin/ansible-$ANSIBLE_VER >> /etc/portage/profile/package.provided
|
||||
fi
|
||||
|
||||
cd $PREFIX/bin
|
||||
[ -e ansible-doc ] || { ERROR installing ansible-doc ; exit 9 ; }
|
||||
grep "#\!.$PREFIX/bin/python$PYVER.bash" ansible-doc || \
|
||||
sed -e "s@^#\!.*python.*@#\!${PREFIX}/bin/python$PYVER.bash@" -i $scripts
|
||||
fi
|
||||
|
||||
ansible --version || exit 10
|
||||
|
||||
if [ -f $PLAY_PIP_CERT ] ; then
|
||||
export PLAY_PIP_CERT=$PIP_CERT
|
||||
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
|
||||
else
|
||||
echo "WARN: PLAY_PIP_CERT not found $PIP_CERT"
|
||||
fi
|
||||
|
||||
if [ ! -f /etc/wgetrc ] ; then
|
||||
sh $WD/bootstrap_proxy.bash
|
||||
fi
|
||||
|
||||
# pip uses curl - and has a config file PIP_CONFIG
|
||||
DEBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
|
||||
if [ -n "$https_proxy" ] ; then
|
||||
echo "INFO: Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
|
||||
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
|
||||
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
|
||||
echo "INFO: Adding to PIP_INSTALL_ARGS $proxy"
|
||||
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
|
||||
fi
|
||||
|
||||
cd $PREFIX/src
|
||||
# install pycurl as a test of pip and a requisite for proxyauth.py
|
||||
if ! $PREFIX/bin/python$PYVER.bash -c 'import curl' 2>/dev/null ; then
|
||||
if [ -d /etc/apt ] ; then
|
||||
apt-get install -y --force-yes libcurl4-openssl-dev \
|
||||
2>&1|tee $LOGDIR/apt-get_install_libcurl4-openssl-dev.log
|
||||
elif [ -d /etc/portage ] ; then
|
||||
[ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl
|
||||
fi
|
||||
#? --allow-unverified pycurl
|
||||
if ! route | grep -q ^default ; then
|
||||
DEBUG "Not connected; not installing pycurl"
|
||||
elif $PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then
|
||||
echo "INFO: Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
|
||||
# We dont fail the packer build if it errors - just fix it and rerun
|
||||
$PREFIX/bin/python$PYVER.bash -c 'import curl; print curl.__file__' || true
|
||||
else
|
||||
echo "WARN: Installing pycurl failed with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
|
||||
cat $LOGDIR/pip_install_pycurl.log
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -e /usr/local/bin/python$PYVER.sh ] || \
|
||||
[ -h /usr/local/bin/python$PYVER.sh ] || \
|
||||
ln -s /usr/local/bin/python$PYVER.babash /usr/local/bin/python$PYVER.sh
|
||||
|
||||
find /usr/local/$LIB/python$PYVER.7/site-packages/ansible/modules/ -name \*.py \
|
||||
-exec grep -q /usr/bin/python '{}' \; -print \
|
||||
-exec sed -e "1,$PYVERs@#!/usr/bin/python@#!/usr/local/bin/python$PYVER.bash@" -i '{}' \;
|
||||
|
||||
exit 0
|
7
overlay/Linux/usr/local/bin/base_certdata2pem.bash
Executable file
7
overlay/Linux/usr/local/bin/base_certdata2pem.bash
Executable file
@ -0,0 +1,7 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
prog=$( basename $0 .bash )
|
||||
|
||||
exec python3.sh /usr/local/bin/base_certdata2pem.py "$@"
|
153
overlay/Linux/usr/local/bin/base_certdata2pem.py
Normal file
153
overlay/Linux/usr/local/bin/base_certdata2pem.py
Normal file
@ -0,0 +1,153 @@
|
||||
#!/usr/bin/python
|
||||
# vim:set et sw=4:
|
||||
#
|
||||
# certdata2pem.py - splits certdata.txt into multiple files
|
||||
#
|
||||
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
# the Free Software Foundation; either version 2 of the License, or
|
||||
# (at your option) any later version.
|
||||
#
|
||||
# This program is distributed in the hope that it will be useful,
|
||||
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
# GNU General Public License for more details.
|
||||
#
|
||||
# You should have received a copy of the GNU General Public License
|
||||
# along with this program; if not, write to the Free Software
|
||||
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
|
||||
# USA.
|
||||
|
||||
import base64
|
||||
import os.path
|
||||
import re
|
||||
import sys
|
||||
import textwrap
|
||||
import io
|
||||
|
||||
objects = []
|
||||
|
||||
# Dirty file parser.
|
||||
in_data, in_multiline, in_obj = False, False, False
|
||||
field, type, value, obj = None, None, None, dict()
|
||||
|
||||
# Python 3 will not let us decode non-ascii characters if we
|
||||
# have not specified an encoding, but Python 2's open does not
|
||||
# have an option to set the encoding. Python 3's open is io.open
|
||||
# and io.open has been backported to Python 2.6 and 2.7, so use io.open.
|
||||
for line in io.open('certdata.txt', 'rt', encoding='utf8'):
|
||||
# Ignore the file header.
|
||||
if not in_data:
|
||||
if line.startswith('BEGINDATA'):
|
||||
in_data = True
|
||||
continue
|
||||
# Ignore comment lines.
|
||||
if line.startswith('#'):
|
||||
continue
|
||||
# Empty lines are significant if we are inside an object.
|
||||
if in_obj and len(line.strip()) == 0:
|
||||
objects.append(obj)
|
||||
obj = dict()
|
||||
in_obj = False
|
||||
continue
|
||||
if len(line.strip()) == 0:
|
||||
continue
|
||||
if in_multiline:
|
||||
if not line.startswith('END'):
|
||||
if type == 'MULTILINE_OCTAL':
|
||||
line = line.strip()
|
||||
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
|
||||
value.append(int(i.group(1), 8))
|
||||
else:
|
||||
value += line
|
||||
continue
|
||||
obj[field] = value
|
||||
in_multiline = False
|
||||
continue
|
||||
if line.startswith('CKA_CLASS'):
|
||||
in_obj = True
|
||||
line_parts = line.strip().split(' ', 2)
|
||||
if len(line_parts) > 2:
|
||||
field, type = line_parts[0:2]
|
||||
value = ' '.join(line_parts[2:])
|
||||
elif len(line_parts) == 2:
|
||||
field, type = line_parts
|
||||
value = None
|
||||
else:
|
||||
raise NotImplementedError('line_parts < 2 not supported.')
|
||||
if type == 'MULTILINE_OCTAL':
|
||||
in_multiline = True
|
||||
value = bytearray()
|
||||
continue
|
||||
obj[field] = value
|
||||
if len(obj) > 0:
|
||||
objects.append(obj)
|
||||
|
||||
# Read blacklist.
|
||||
blacklist = []
|
||||
if os.path.exists('blacklist.txt'):
|
||||
for line in open('blacklist.txt', 'r'):
|
||||
line = line.strip()
|
||||
if line.startswith('#') or len(line) == 0:
|
||||
continue
|
||||
item = line.split('#', 1)[0].strip()
|
||||
blacklist.append(item)
|
||||
|
||||
# Build up trust database.
|
||||
trust = dict()
|
||||
for obj in objects:
|
||||
if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
|
||||
continue
|
||||
if obj['CKA_LABEL'] in blacklist:
|
||||
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
|
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
|
||||
trust[obj['CKA_LABEL']] = True
|
||||
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
|
||||
print('!'*74)
|
||||
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
|
||||
print('!'*74)
|
||||
else:
|
||||
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
|
||||
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
|
||||
obj['CKA_TRUST_EMAIL_PROTECTION']))
|
||||
|
||||
for obj in objects:
|
||||
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
|
||||
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
|
||||
continue
|
||||
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
|
||||
.replace(' ', '_')\
|
||||
.replace('(', '=')\
|
||||
.replace(')', '=')\
|
||||
.replace(',', '_')
|
||||
|
||||
# this is the only way to decode the way NSS stores multi-byte UTF-8
|
||||
# and we need an escaped string for checking existence of things
|
||||
# otherwise we're dependant on the user's current locale.
|
||||
if bytes != str:
|
||||
# We're in python 3, convert the utf-8 string to a
|
||||
# sequence of bytes that represents this utf-8 string
|
||||
# then encode the byte-sequence as an escaped string that
|
||||
# can be passed to open() and os.path.exists()
|
||||
bname = bname.encode('utf-8').decode('unicode_escape').encode('latin-1')
|
||||
else:
|
||||
# Python 2
|
||||
# Convert the unicode string back to its original byte form
|
||||
# (contents of files returned by io.open are returned as
|
||||
# unicode strings)
|
||||
# then to an escaped string that can be passed to open()
|
||||
# and os.path.exists()
|
||||
bname = bname.encode('utf-8').decode('string_escape')
|
||||
|
||||
fname = bname + b'.crt'
|
||||
if os.path.exists(fname):
|
||||
print("Found duplicate certificate name %s, renaming." % bname)
|
||||
fname = bname + b'_2.crt'
|
||||
f = open(fname, 'w')
|
||||
f.write("-----BEGIN CERTIFICATE-----\n")
|
||||
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
|
||||
f.write("\n".join(textwrap.wrap(encoded, 64)))
|
||||
f.write("\n-----END CERTIFICATE-----\n")
|
||||
|
90
overlay/Linux/usr/local/bin/base_check_site_py.bash
Executable file
90
overlay/Linux/usr/local/bin/base_check_site_py.bash
Executable file
@ -0,0 +1,90 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
[ "$#" -eq 0 ] && echo USAGE: $0 2.7 ... 3.9 3.10 3.11 && exit 1
|
||||
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
[ -f $PREFIX/etc/testforge/testforge.bash ] \
|
||||
&& . /usr/local/etc/testforge/testforge.bash
|
||||
|
||||
PYTHON_MINOR="$1"
|
||||
PYMAJ="${PYTHON_MINOR:0:1}"
|
||||
|
||||
if [ -z "$LIB" -a -f /usr/lib/python$PYTHON_MINOR/site.py ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -f /usr/lib64/python$PYTHON_MINOR/site.py ] ; then
|
||||
LIB=lib64
|
||||
fi
|
||||
[ -d /usr/local/lib/python$PYTHON_MINOR ] && \
|
||||
[ ! -e /usr/local/lib64/python$PYTHON_MINOR ] && \
|
||||
ln -s /usr/local/lib/python$PYTHON_MINOR /usr/local/lib64/python$PYTHON_MINOR
|
||||
|
||||
if [ "" = "$BASE_PYTHON2_MINOR" ] ; then
|
||||
not_PYTHON_MINOR=""
|
||||
elif [ $PYTHON_MINOR = "$BASE_PYTHON2_MINOR" ] ; then
|
||||
not_PYTHON_MINOR="$BASE_PYTHON3_MINOR"
|
||||
elif [ $PYTHON_MINOR = "$BASE_PYTHON3_MINOR" ] ; then
|
||||
not_PYTHON_MINOR="$BASE_PYTHON2_MINOR"
|
||||
else
|
||||
ERROR "$PYTHON_MINOR not in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR"
|
||||
exit 1
|
||||
fi
|
||||
INFO $prog PYMAJ=$PYMAJ PYTHON_MINOR=$PYTHON_MINOR not_PYTHON_MINOR=$not_PYTHON_MINOR PYTHONPATH=$PYTHONPATH
|
||||
export PYTHONPATH=""
|
||||
|
||||
if [ "$PYMAJ" = '2' ] ; then
|
||||
imp='import sys; print sys.path'
|
||||
elif [ "$PYMAJ" = '3' ] ; then
|
||||
imp='import sys; print(repr(sys.path))'
|
||||
fi
|
||||
|
||||
[ -x $PREFIX/bin/python$PYMAJ.sh ] || {
|
||||
echo >&2 ERROR: $prog 2 -x $PREFIX/bin/python$PYMAJ.sh "$PYTHON_MINOR" && exit 2 ;
|
||||
}
|
||||
if [ -f /etc/python-exec/python2.conf ] ; then
|
||||
grep -F "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf || {
|
||||
echo >&2 ERROR: $prog 3 "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf
|
||||
}
|
||||
fi
|
||||
if [ -f /etc/python-exec/python3.conf ] ; then
|
||||
grep -F "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf || {
|
||||
echo >&2 ERROR: $prog 4 "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf
|
||||
}
|
||||
fi
|
||||
|
||||
# echo -n DEBUG: $prog 2 python$PYTHON_MINOR -S -s
|
||||
python$PYMAJ -S -s -c "$imp" \
|
||||
|| { echo >&2 ERROR: $prog 22 $PYTHON_MAJ -S -s"$PYTHON_MINOR" && exit 22 ; }
|
||||
|
||||
# echo -n DEBUG: $prog 4 python$PYTHON_MINOR -s
|
||||
python$PYMAJ -s -c "$imp" \
|
||||
|| { echo >&2 ERROR: $prog 4 python$PYTHON_MINOR -s "$PYTHON_MINOR" && exit 4 ; }
|
||||
|
||||
# echo -n DEBUG: $0 6 $PREFIX/bin/python$PYMAJ.sh -S -s
|
||||
$PREFIX/bin/python$PYMAJ.sh -S -s -c "$imp" \
|
||||
|| { echo >&2 ERROR: $prog 6 python$PYMAJ.sh -S -s "$PYTHON_MINOR" && exit 6 ; }
|
||||
|
||||
|
||||
echo -n DEBUG: $0 8 $PREFIX/bin/python$PYMAJ.sh -s
|
||||
$PREFIX/bin/python$PYMAJ.sh -s -c "$imp" \
|
||||
|| { echo >&2 ERROR: $prog 8 python$PYMAJ.sh -s "$PYTHON_MINOR" && exit 8 ; }
|
||||
|
||||
# INFO $prog 10 $PREFIX/bin/python$PYMAJ.sh sitecustomize.py "$PYTHON_MINOR"
|
||||
a=$( $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ) || \
|
||||
{ echo >&2 ERROR: $prog "error 10 $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py" && exit 10 ; }
|
||||
#[ -x "$a" ] || \
|
||||
# { echo >&2 ERROR: $prog 11 "broken $PREFIX/bin/python$PYMAJ.sh /usr/local/bin/python2.sh - $a" && exit 11 ; }
|
||||
#echo >&2 INFO: $prog 11 "$a"
|
||||
|
||||
# INFO $prog 12 python$PYTHON_MINOR sitecustomize.py "$PYTHON_MINOR"
|
||||
python$PYMAJ $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py || \
|
||||
{ ERROR 12 $prog python$PYMAJ sitecustomize.py "$PYTHON_MINOR" && exit 12 ; }
|
||||
|
||||
exit 0
|
||||
# [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2
|
||||
# [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3
|
||||
# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python2.bash ] || exit 22
|
||||
# [ $( python3.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python3.bash ] || exit 33
|
27
overlay/Linux/usr/local/bin/base_clean_filenames.bash
Executable file
27
overlay/Linux/usr/local/bin/base_clean_filenames.bash
Executable file
@ -0,0 +1,27 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
PREFIX=/usr/local
|
||||
prog=$( basename $0 .bash )
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
# accepted files or directories -- to recusively look for files in
|
||||
[ "$#" -eq 0 ] && set -- $PWD/
|
||||
|
||||
# Clean the bad ones under Windows: [:] and other uglies ['"{}[]?!]
|
||||
# The Bad ones break rsync and but the others can cause trouble elsewhere
|
||||
re='[^ .,~%+=^@!0-9a-zA-z_()#-]'
|
||||
|
||||
find "$@" -type f -or -type d | while read file ; do
|
||||
dir=`dirname "$file"`
|
||||
base=`basename "$file"`
|
||||
# wierd = misses "ZeeRex The Explainable ``Explain__ Service.htm"
|
||||
new=`sed -f $PREFIX/share/sed/base_clean_filenames.sed <<< $base`
|
||||
[ "$base" = "$new" ] && continue
|
||||
[ -f "$file" -a -f "$dir/$new" ] && diff -qr "$file" "$dir/$new" && rm -f "$file" && continue
|
||||
DBUG \"$file\" \"$dir/$new\"
|
||||
mv -i "$file" "$dir/$new"
|
||||
done
|
||||
exit 0
|
24
overlay/Linux/usr/local/bin/base_clean_path.bash
Executable file
24
overlay/Linux/usr/local/bin/base_clean_path.bash
Executable file
@ -0,0 +1,24 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# we use stdout
|
||||
|
||||
ROLE=base
|
||||
prog=$( basename $0 .bash )
|
||||
|
||||
N=""
|
||||
IFS=':'
|
||||
[ -z "$UID" ] && UID=$( id -u )
|
||||
for elt in $PATH ; do
|
||||
[ $UID -eq 0 -a "$elt" = '.' ] && continue
|
||||
[ -d "$elt" ] || continue
|
||||
[ -z "$N" ] && N="$elt" && continue
|
||||
[[ $N =~ (^|:)${elt}(:|$) ]] && continue
|
||||
N="$N:$elt" && continue
|
||||
done
|
||||
IFS=' '
|
||||
|
||||
elt=/var/local/bin
|
||||
[[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt"
|
||||
|
||||
echo $N
|
||||
exit 0
|
40
overlay/Linux/usr/local/bin/base_clean_pythonpath.bash
Executable file
40
overlay/Linux/usr/local/bin/base_clean_pythonpath.bash
Executable file
@ -0,0 +1,40 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
# answer output
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
|
||||
[ $# -lt 2 ] && echo "USAGE: $0 PYTHON_MINOR PPATH" >>/proc/self/fd/2 && exit 1
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
PYTHON_MINOR=$1
|
||||
PPATH=$2
|
||||
|
||||
PYVER=$( echo $1|sed -e 's/.*python//' -e 's@/.*@@' )
|
||||
|
||||
[[ "$PYTHON_MINOR" =~ .*2\..* ]] && notPYVER="3." || notPYVER="2."
|
||||
# echo "DEBUG: $1 $PPATH $notPYVER" >>/proc/self/fd/2
|
||||
|
||||
N=""
|
||||
IFS=':'
|
||||
warns=0
|
||||
[ -z "$UID" ] && UID=$( id -u )
|
||||
for elt in $PPATH ; do
|
||||
[ -d "$elt" ] || continue
|
||||
|
||||
[[ $elt =~ .*python${notPYVER}.* ]] ; a=$?
|
||||
# DBUG $1 $elt $notPYVER a=$a >>/proc/self/fd/2
|
||||
[ $a -eq 0 ] && { WARN $prog wanted: $PYTHON_MINOR got: $elt >>/proc/self/fd/2 ; \
|
||||
warns=$( expr $warns + 1 ) ; continue ; }
|
||||
|
||||
[ -z "$N" ] && N="$elt" && continue
|
||||
[[ $N =~ $elt ]] && continue
|
||||
[ -n "$N" ] && N="$N:$elt"
|
||||
# DBUG $prog adding: $elt
|
||||
done
|
||||
IFS=' '
|
||||
|
||||
echo $N
|
||||
|
||||
exit $warns
|
95
overlay/Linux/usr/local/bin/base_daily.bash
Executable file
95
overlay/Linux/usr/local/bin/base_daily.bash
Executable file
@ -0,0 +1,95 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
# The idea here is to run ansible_local.bash --tags daily
|
||||
# and then use this to do the parsing and throwing errors based on the output.
|
||||
# This was the ansible run can be free from erroring and this can be
|
||||
# run repeatedly anytime outside of ansible to deal with the issues raised.
|
||||
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
|
||||
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
|
||||
|
||||
. /usr/local/etc/local.d/local.bash
|
||||
|
||||
MYID=$( id -u )
|
||||
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
|
||||
LOG_DIR=/usr/local/tmp
|
||||
|
||||
ly=daily
|
||||
errs=0
|
||||
warns=0
|
||||
|
||||
# sh /usr/local/bin/base_hourly.bash
|
||||
LOG_DIR=/usr/local/tmp/$ly
|
||||
[ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR"
|
||||
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
|
||||
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
|
||||
OUT=$LOG_DIR/O${prog}_${ly}$$.log
|
||||
rm -f $LOG_DIR/*${prog}_${ly}*.log
|
||||
|
||||
if [ -f /var/log/dmesg.log ] ; then
|
||||
grep 'IOMMU enabled' /var/log/dmesg.log || WARN NOT 'IOMMU enabled' | tee -a $WLOG
|
||||
fi
|
||||
|
||||
cp /dev/null /var/log/dirmngr.log
|
||||
/usr/local/bin/base_gnupg_test.bash || ERROR $retval /usr/local/bin/base_gnupg_test.bash >> $WLOG
|
||||
[ -d /etc/portage ] && \
|
||||
grep 'ERR 219 Server indicated a failure' /var/log/dirmngr.log >> $ELOG
|
||||
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && \
|
||||
. /usr/local/etc/testforge/testforge.bash
|
||||
|
||||
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
|
||||
if [ -d /etc/apt -a -d /o/Cache/Apt/Devuan/4 ] ; then
|
||||
[ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && \
|
||||
TESTF_UBUNTU16_VAR_APT_ARCHIVES=/o/Cache/Apt/Devuan/4
|
||||
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=devuan
|
||||
else
|
||||
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=vagrant
|
||||
fi
|
||||
if [ -d /o/Cache/Pip/ ] ; then
|
||||
[ -z "$HOSTVMS_BOXUSER_PIP_CACHE" ] && \
|
||||
HOSTVMS_BOXUSER_PIP_CACHE=/o/Cache/Pip/
|
||||
fi
|
||||
|
||||
# FixMe: bootstrap
|
||||
elt=pip ; DBUG $elt
|
||||
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
|
||||
for PYVER in 2 3 ; do
|
||||
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
|
||||
[ $? -eq 0 -a -f $pfile ] && continue
|
||||
# /usr/local/sbin/bootstrap_pip.bash
|
||||
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
|
||||
[ $? -eq 0 -a -f $pfile ] || WARN pip $PYVER not installed - $pfile
|
||||
for elt in $scripts ; do
|
||||
[ -e $PREFIX/bin/$elt ] || { WARN installing $elt $PYVER ; }
|
||||
done
|
||||
done
|
||||
|
||||
elt=doctest3
|
||||
if [ $MYID -ne 0 ] ; then
|
||||
/var/local/bin/testforge_python_doctest3.bash \
|
||||
/var/local/share/doc/txt/base3.txt \
|
||||
> "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG
|
||||
fi
|
||||
|
||||
[ -f $WLOG ] && warns=$( wc -l $WLOG | cut -f 1 -d ' ' )
|
||||
[ $? -eq 0 -a $warns -ne 0 ] && \
|
||||
WARN "$prog $warns $ly $prog warnings in $WLOG"
|
||||
|
||||
[ -f $ELOG ] && errs=$( wc -l $ELOG | cut -f 1 -d ' ' )
|
||||
[ $? -eq 0 -a $errs -ne 0 ] && \
|
||||
echo "ERROR: $prog $errs $ly $prog errors in $ELOG" && cat $ELOG
|
||||
|
||||
[ $errs -eq 0 ] && \
|
||||
[ $warns -eq 0 ] && \
|
||||
INFO "$prog No $ly errors" && \
|
||||
rm -f $WLOG $ELOG $OUT
|
||||
|
||||
exit $errs
|
51
overlay/Linux/usr/local/bin/base_daily.exp
Normal file
51
overlay/Linux/usr/local/bin/base_daily.exp
Normal file
@ -0,0 +1,51 @@
|
||||
#!/usr/bin/expect --
|
||||
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
set timeout 30
|
||||
|
||||
set KEY_ID 96D8BF6D
|
||||
#? stty raw -echo
|
||||
|
||||
spawn gpg --home /etc/portage/gnupg --edit-key $KEY_ID trust
|
||||
|
||||
# unknown] (1). Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
|
||||
# unknown] (2) Gentoo Portage Snapshot Signing Key (Automated Signing Key)
|
||||
|
||||
## tsign
|
||||
#expect "Really sign all user IDs? (y/N)?*"
|
||||
#send_user "Sending y\n"
|
||||
#send "y\n"
|
||||
# tsign -> gpg: no default secret key: No secret key
|
||||
|
||||
# trust
|
||||
expect "Your decision?*"
|
||||
send_user "Sending 4\n"
|
||||
send "4\n"
|
||||
|
||||
# No save is required for trust
|
||||
expect "gpg>*"
|
||||
send_user "Sending save\r"
|
||||
send "save\r"
|
||||
expect -re .+ {
|
||||
exp_continue
|
||||
} timeout {
|
||||
exit 1
|
||||
} eof {
|
||||
exit 0
|
||||
} "Key not changed so no update needed*" {
|
||||
exit 0
|
||||
}
|
||||
|
||||
expect "gpg>*"
|
||||
send_user "Sending quit\r"
|
||||
send "quit\r"
|
||||
|
||||
expect -re .+ {
|
||||
exp_continue
|
||||
} timeout {
|
||||
exit 1
|
||||
} eof {
|
||||
exit 0
|
||||
}
|
||||
|
||||
# expect -r .+ {send "\r"}
|
344
overlay/Linux/usr/local/bin/base_daily.html
Normal file
344
overlay/Linux/usr/local/bin/base_daily.html
Normal file
@ -0,0 +1,344 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
<title>Release media signatures – Gentoo Linux</title>
|
||||
|
||||
<meta name="theme-color" content="#54487a">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||||
<meta property="og:title" content="Release media signatures – Gentoo Linux">
|
||||
<meta property="og:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
|
||||
<meta property="og:description" content="News and information from Gentoo Linux">
|
||||
<meta name="twitter:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
|
||||
<link rel="apple-touch-icon" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
|
||||
<link rel="icon" sizes="192x192" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
|
||||
<link href="https://assets.gentoo.org/tyrian/v1/bootstrap.min.css" rel="stylesheet" media="screen">
|
||||
<link href="https://assets.gentoo.org/tyrian/v1/tyrian.min.css" rel="stylesheet" media="screen">
|
||||
<link href="/assets/css/screen.css" rel="stylesheet" media="screen">
|
||||
|
||||
<link rel="icon" href="/favicon.ico" type="image/x-icon">
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
|
||||
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
|
||||
|
||||
</head>
|
||||
|
||||
<body class="">
|
||||
<header>
|
||||
<div class="site-title">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="site-title-buttons">
|
||||
<div class="btn-group btn-group-sm">
|
||||
<a href="https://get.gentoo.org/" role="button" class="btn get-gentoo"><span class="fa fa-fw fa-download"></span> <strong>Get Gentoo!</strong></a>
|
||||
<div class="btn-group btn-group-sm">
|
||||
<a class="btn gentoo-org-sites dropdown-toggle" data-toggle="dropdown" data-target="#" href="#">
|
||||
<span class="fa fa-fw fa-map-o"></span> <span class="hidden-xs">gentoo.org sites</span> <span class="caret"></span>
|
||||
</a>
|
||||
<ul class="dropdown-menu dropdown-menu-right">
|
||||
<li><a href="https://www.gentoo.org/" title="Main Gentoo website"><span class="fa fa-home fa-fw"></span> gentoo.org</a></li>
|
||||
<li><a href="https://wiki.gentoo.org/" title="Find and contribute documentation"><span class="fa fa-file-text-o fa-fw"></span> Wiki</a></li>
|
||||
<li><a href="https://bugs.gentoo.org/" title="Report issues and find common issues"><span class="fa fa-bug fa-fw"></span> Bugs</a></li>
|
||||
<li><a href="https://forums.gentoo.org/" title="Discuss with the community"><span class="fa fa-comments-o fa-fw"></span> Forums</a></li>
|
||||
<li><a href="https://packages.gentoo.org/" title="Find software for your Gentoo"><span class="fa fa-hdd-o fa-fw"></span> Packages</a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="https://planet.gentoo.org/" title="Find out what's going on in the developer community"><span class="fa fa-rss fa-fw"></span> Planet</a></li>
|
||||
<li><a href="https://archives.gentoo.org/" title="Read up on past discussions"><span class="fa fa-archive fa-fw"></span> Archives</a></li>
|
||||
<li><a href="https://gitweb.gentoo.org/" title="Browse our source code in Gitweb"><span class="fa fa-code fa-fw"></span> Gitweb</a></li>
|
||||
<li class="divider"></li>
|
||||
<li><a href="https://infra-status.gentoo.org/" title="Get updates on the services provided by Gentoo"><span class="fa fa-server fa-fw"></span> Infra status</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="logo">
|
||||
<a href="/" title="Back to the homepage" class="site-logo">
|
||||
<object data="https://assets.gentoo.org/tyrian/v1/site-logo.svg" type="image/svg+xml">
|
||||
<img src="https://assets.gentoo.org/tyrian/v1/site-logo.png" alt="Gentoo Linux logo">
|
||||
</object>
|
||||
</a>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<nav class="tyrian-navbar" role="navigation">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="navbar-header">
|
||||
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-main-collapse">
|
||||
<span class="sr-only">Toggle navigation</span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="collapse navbar-collapse navbar-main-collapse">
|
||||
<ul class="nav navbar-nav">
|
||||
<li class=""><a href="/">Home</a></li>
|
||||
<li class=""><a href="/get-started/">Get started</a></li>
|
||||
<li class="active"><a href="/downloads/">Downloads</a></li>
|
||||
<li class=""><a href="/inside-gentoo/">Inside Gentoo</a></li>
|
||||
<li class=""><a href="/support/">Support</a></li>
|
||||
<li class=""><a href="/get-involved/">Get involved</a></li>
|
||||
|
||||
</ul>
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
<li class=""><a href="/donate/"><span class="fa fa-heart" style="color:#d9534f;"></span> Donate</a></li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
<nav class="navbar navbar-grey navbar-stick" role="navigation">
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="navbar-header">
|
||||
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-secondary-collapse">
|
||||
<span class="sr-only">Toggle secondary navigation</span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
<span class="icon-bar"></span>
|
||||
</button>
|
||||
</div>
|
||||
<div class="collapse navbar-collapse navbar-secondary-collapse">
|
||||
<ul class="nav navbar-nav">
|
||||
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
|
||||
<li class="active"><a href="/downloads/signatures/">Signatures</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</nav>
|
||||
|
||||
</header>
|
||||
|
||||
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div id="content" class="col-md-12">
|
||||
<h1 class="first-header">Release media signatures</h1>
|
||||
|
||||
<p>
|
||||
Our current releases are signed with either of these keys <strong>or any sub keys:</strong>
|
||||
</p>
|
||||
|
||||
<br>
|
||||
|
||||
<table class="table table-striped">
|
||||
<tr>
|
||||
<th>Key Fingerprint</th>
|
||||
<th>Description</th>
|
||||
<th>Created</th>
|
||||
<th>Expiry</th>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>13EBBDBEDE7A12775DFDB1BABB572E0E2D182910</kbd></td>
|
||||
<td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td>
|
||||
<td>2009-08-25</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D</kbd></td>
|
||||
<td>Gentoo ebuild repository signing key (Automated Signing Key)</td>
|
||||
<td>2011-11-25</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72</kbd></td>
|
||||
<td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors</a> (automated git signing key)</td>
|
||||
<td>2018-05-28</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td>
|
||||
<td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td>
|
||||
<td>2004-07-20</td>
|
||||
<td>2022-01-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>ABD00913019D6354BA1D9A132839FE0D796198B1</kbd></td>
|
||||
<td>Gentoo Authority Key L1</td>
|
||||
<td>2019-04-01</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>18F703D702B1B9591373148C55D3238EC050396E</kbd></td>
|
||||
<td>Gentoo Authority Key L2 for Services</td>
|
||||
<td>2019-04-01</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
<tr>
|
||||
<td><kbd>2C13823B8237310FA213034930D132FF0FF50EEB</kbd></td>
|
||||
<td>Gentoo Authority Key L2 for Developers</td>
|
||||
<td>2019-04-01</td>
|
||||
<td>2022-07-01</td>
|
||||
</tr>
|
||||
</table>
|
||||
|
||||
<br>
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">
|
||||
<h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying files</h3>
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<p>To verify downloaded files are not tampered with, you need the <tt>.DIGESTS</tt> file matching your release and the matching key from the table above.</p>
|
||||
|
||||
<p>Fetch the key:</p>
|
||||
|
||||
<p><kbd>gpg --keyserver hkps://keys.gentoo.org --recv-keys <key fingerprint></kbd></p>
|
||||
|
||||
<p>Alternatively, you can fetch a bundle containing all listed keys:</p>
|
||||
|
||||
<p><kbd>wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import</kbd></p>
|
||||
|
||||
<p>Verify the <tt>DIGESTS</tt> file:</p>
|
||||
|
||||
<p><kbd>gpg --verify <foo.DIGESTS.asc></kbd></p>
|
||||
|
||||
<p>Verify the download matches the digests. At least one of the following will exist:</p>
|
||||
|
||||
<p><kbd>sha512sum -c <foo.DIGESTS.asc></kbd></p>
|
||||
<p><kbd>sha256sum -c <foo.DIGESTS.asc></kbd></p>
|
||||
<p><kbd>sha1sum -c <foo.DIGESTS.asc></kbd></p>
|
||||
|
||||
<br>
|
||||
|
||||
<div class="alert alert-info">
|
||||
Detailed instructions are available in the <a href="https://wiki.gentoo.org/wiki/Handbook:Main_Page" class="alert-link">Gentoo Handbook</a>.
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<footer>
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-xs-12 col-md-offset-2 col-md-7">
|
||||
|
||||
</div>
|
||||
<div class="col-xs-12 col-md-3">
|
||||
<h3 class="footerhead">Questions or comments?</h3>
|
||||
Please feel free to <a href="/inside-gentoo/contact/">contact us</a>.
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="container-sitemap">
|
||||
<div class="container">
|
||||
<div class="row row-sitemap hidden-sm hidden-xs">
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/">Home</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/news/">News</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/get-started/">Get Started</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/get-started/about/">About Gentoo</a></li>
|
||||
<li class=""><a href="/get-started/philosophy/">Philosophy</a></li>
|
||||
<li class=""><a href="/get-started/screenshots/">Screenshots</a></li>
|
||||
<li class=""><a href="https://wiki.gentoo.org/wiki/FAQ">FAQ <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/downloads/">Downloads</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
|
||||
<li class=""><a href="/downloads/signatures/">Signatures</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/inside-gentoo/">Inside Gentoo</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/inside-gentoo/developers/">Developers</a></li>
|
||||
<li class=""><a href="https://wiki.gentoo.org/wiki/Project:Gentoo">Projects <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
|
||||
<li class=""><a href="/glep/">GLEPs</a></li>
|
||||
<li class=""><a href="/inside-gentoo/artwork/">Artwork</a></li>
|
||||
<li class=""><a href="/inside-gentoo/foundation/">Gentoo Foundation</a></li>
|
||||
<li class=""><a href="/inside-gentoo/sponsors/">Sponsors</a></li>
|
||||
<li class=""><a href="/inside-gentoo/stores/">Stores</a></li>
|
||||
<li class=""><a href="/inside-gentoo/contact/">Contact</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/support/">Support</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/support/consulting/">Consulting</a></li>
|
||||
<li class=""><a href="/support/documentation/">Documentation</a></li>
|
||||
<li class=""><a href="/support/news-items/">News items</a></li>
|
||||
<li class=""><a href="https://packages.gentoo.org/">Package database <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
|
||||
<li class=""><a href="/support/security/">Security</a></li>
|
||||
<li class=""><a href="/support/use-flags/">USE flags</a></li>
|
||||
<li class=""><a href="/support/rsync-mirrors/">rsync mirrors</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
<div class="col-xs-12 col-sm-4 col-md-2">
|
||||
<h3 class="footerhead"><a href="/get-involved/">Get Involved</a></h3>
|
||||
<ul class="sitemap">
|
||||
<li class=""><a href="/get-involved/irc-channels/">IRC channels</a></li>
|
||||
<li class=""><a href="https://forums.gentoo.org/">Forums <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
|
||||
<li class=""><a href="/get-involved/mailing-lists/">Mailing lists</a></li>
|
||||
<li class=""><a href="/get-involved/contribute/">Contribute</a></li>
|
||||
<li class=""><a href="/get-involved/become-developer/">Become a developer</a></li>
|
||||
<li class=""><a href="/get-involved/get-code/">Get the code</a></li>
|
||||
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="container">
|
||||
<div class="row">
|
||||
<div class="col-xs-3 col-md-2">
|
||||
<ul class="footerlinks three-icons">
|
||||
<li><a href="https://twitter.com/gentoo" title="@Gentoo on Twitter"><span class="fa fa-twitter fa-fw"></span></a></li>
|
||||
<li><a href="https://www.facebook.com/gentoo.org" title="Gentoo on Facebook"><span class="fa fa-facebook fa-fw"></span></a></li>
|
||||
</ul>
|
||||
<div>
|
||||
<div class="sitemap text-center">
|
||||
<a href="https://wiki.gentoo.org/wiki/Foundation:Privacy_Policy">Privacy Policy</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<div class="col-xs-8 col-md-8">
|
||||
<strong>© 2001–2021 Gentoo Authors</strong><br>
|
||||
<small>
|
||||
Gentoo is a trademark of the Gentoo Foundation, Inc.
|
||||
The contents of this document, unless otherwise expressly stated, are licensed under the
|
||||
<a href="https://creativecommons.org/licenses/by-sa/3.0/" rel="license">CC-BY-SA-3.0</a> license.
|
||||
The <a href="/inside-gentoo/foundation/name-logo-guidelines.html">Gentoo Name and Logo Usage Guidelines</a> apply.
|
||||
</small>
|
||||
</div>
|
||||
<div class="col-xs-1 col-md-1">
|
||||
<strong><a class="text-dark" href="https://gitweb.gentoo.org/sites/www.git/">Version</a></strong><br>
|
||||
<small>
|
||||
91e01cb
|
||||
|
||||
</small>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</footer>
|
||||
|
||||
|
||||
<script src="https://assets.gentoo.org/tyrian/v1/jquery.min.js"></script>
|
||||
<script src="https://assets.gentoo.org/tyrian/v1/bootstrap.min.js"></script>
|
||||
|
||||
|
||||
</body>
|
||||
</html>
|
10
overlay/Linux/usr/local/bin/base_get_if.bash
Executable file
10
overlay/Linux/usr/local/bin/base_get_if.bash
Executable file
@ -0,0 +1,10 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
# remove
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
exec bash /usr/local/bin/proxy_get_if.bash "$@"
|
56
overlay/Linux/usr/local/bin/base_hourly.bash
Executable file
56
overlay/Linux/usr/local/bin/base_hourly.bash
Executable file
@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
NOW=`date +%Y-%m-%d`
|
||||
NOWM=`date +%Y-%m`
|
||||
prog=$( basename $0 .bash )
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
|
||||
[ $( id -u ) -eq 0 ] || { ERROR $prog should be run as root ; exit 1 ; }
|
||||
|
||||
ly=hourly
|
||||
errs=0
|
||||
warns=0
|
||||
|
||||
elt=base
|
||||
LOG_DIR=/usr/local/tmp
|
||||
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
|
||||
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
|
||||
OUT=$LOG_DIR/O${prog}_${ly}$$.log
|
||||
find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete
|
||||
|
||||
ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG
|
||||
|
||||
if ip route | grep -v ^def ; then
|
||||
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$?
|
||||
dirmngr-client -v --ping </dev/null || exit 4$?
|
||||
fi
|
||||
|
||||
if [ $USER = root ] ; then
|
||||
DBUG /var/log/auth.log
|
||||
grep --text $NOW'.*\(Permission denied\|Could not\)' /var/log/auth.log
|
||||
# | less -Ps"$NOW sauth.log" -Pm"$NOW sauth.log"
|
||||
|
||||
dmesg |grep -q martian && WARN `dmesg |grep -c martian ` Martians
|
||||
|
||||
fi
|
||||
find /tmp -type f -empty -delete
|
||||
|
||||
[ -f $WLOG ] && warns=`wc -l $WLOG | cut -f 1 -d ' '`
|
||||
[ $? -eq 0 -a $warns -ne 0 ] && \
|
||||
WARN "$warns $ly $prog warnings in $WLOG"
|
||||
|
||||
[ -f $ELOG ] && errs=`wc -l $ELOG | cut -f 1 -d ' '`
|
||||
[ $? -eq 0 -a $errs -ne 0 ] && \
|
||||
ERROR "$errs $ly $prog errors in $ELOG" && cat $ELOG && exit $errs
|
||||
|
||||
[ $errs -eq 0 ] && \
|
||||
ols_clean_testforge_logs $HARDEN_LOG_DIR && \
|
||||
[ $warns -eq 0 ] && \
|
||||
INFO "$prog No $ly errors in $HARDEN_LOG_DIR"
|
||||
|
||||
exit 0
|
38
overlay/Linux/usr/local/bin/base_pip_update.bash
Executable file
38
overlay/Linux/usr/local/bin/base_pip_update.bash
Executable file
@ -0,0 +1,38 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
# pip installs into /usr/local/bin
|
||||
# export PATH=.:$PATH:/usr/local/bin
|
||||
|
||||
LARGS="$@"
|
||||
[ "$#" -ge 2 -a $1 = "-p" -a $2 = "2" ] && PYVER=2 || PYVER=3
|
||||
$PREFIX/bin/base_pip_upgrade.bash "$@" | grep -v 'INFO:\|ERROR:\|DEBUG:' | \
|
||||
tee /tmp/P$$.lis | \
|
||||
while read elt rest ; do
|
||||
[ $PYVER = 2 ] && str="import $elt;print $elt.__file__" || \
|
||||
str="import $elt;print($elt.__file__)"
|
||||
|
||||
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1
|
||||
if [ $? -ne 0 ] ; then
|
||||
lelt=$( echo $elt | tr '[:upper:]' '[:lower:]' )
|
||||
if [ "$lelt" != "$elt" ] ; then
|
||||
[ $PYVER = 2 ] && str="import $lelt;print $lelt.__file__" || \
|
||||
str="import $lelt;print($lelt.__file__)"
|
||||
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1 || \
|
||||
{ rm -f /tmp/P$$.log ; continue ; }
|
||||
fi
|
||||
fi
|
||||
|
||||
grep /usr/lib /tmp/P$$.log && DBUG $PYVER $elt $rest && continue
|
||||
grep $PREFIX /tmp/P$$.log && INFO $PYVER $elt $rest && continue
|
||||
cat /tmp/P$$.log && WARN $PYVER $elt $rest && continue
|
||||
|
||||
done
|
||||
|
||||
rm -f /tmp/P$$.log
|
||||
|
||||
exit 0
|
122
overlay/Linux/usr/local/bin/base_pip_upgrade.bash
Executable file
122
overlay/Linux/usr/local/bin/base_pip_upgrade.bash
Executable file
@ -0,0 +1,122 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
# pip installs into /usr/local/bin
|
||||
# export PATH=.:$PATH:/usr/local/bin
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
|
||||
. /usr/local/etc/testforge/testforge.bash || exit 1
|
||||
|
||||
[ -d PREFIX=/var/local/var/log ] && \
|
||||
BASE_LOG_DIR=/var/local/var/log || \
|
||||
BASE_LOG_DIR=/tmp
|
||||
|
||||
pyver=3
|
||||
inter=0
|
||||
verbose=3
|
||||
|
||||
usage() {
|
||||
echo "Usage: $0 [OPTIONS] dirs-or-files"
|
||||
echo
|
||||
echo " -i | --inter=$inter - interactivly upgrade 0 or 1 [0]"
|
||||
echo " -p | --pyver=$pyver - python version - 2 or 3"
|
||||
echo " -v | --verbose=$verbose - verbosity 0 least 5 most"
|
||||
echo
|
||||
echo " -V | --version - print version of this script"
|
||||
echo " -h | --help - print this help"
|
||||
}
|
||||
|
||||
exitWithErrMsg() {
|
||||
retval=$1
|
||||
shift
|
||||
echo "$1" 1>&2
|
||||
exit $retval
|
||||
}
|
||||
|
||||
SHORTOPTS="hVp:v:i:"
|
||||
LONGOPTS="help,version,pyver:,verbose:,inter:"
|
||||
PKGS=
|
||||
|
||||
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
|
||||
[ $? != 0 ] && exitWithErrMsg 1 "Aborting."
|
||||
|
||||
route | grep -q ^default || exitWithErrMsg 2 "We are not connected: Aborting."
|
||||
|
||||
eval set -- "$ARGS"
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
-p|--pyver)
|
||||
shift
|
||||
pyver="$1"
|
||||
;;
|
||||
-i|--inter)
|
||||
shift
|
||||
inter=1
|
||||
;;
|
||||
-v|--verbose)
|
||||
shift
|
||||
verbose="$1"
|
||||
;;
|
||||
-h|--help)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
'--')
|
||||
shift
|
||||
PKGS="$*"
|
||||
break
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
#echo $PKGS
|
||||
if [[ $pyver =~ 2.* ]] ; then
|
||||
LOG_DIR=$BASE_LOG_DIR/pip/$BASE_PYTHON2_MINOR
|
||||
pip_exe=/usr/local/bin/pip2.sh
|
||||
else
|
||||
LOG_DIR=$BASE_LOG_DIR/testforge/pip/$BASE_PYTHON3_MINOR
|
||||
pip_exe=/usr/local/bin/pip3.sh
|
||||
fi
|
||||
|
||||
cd /usr/local/bin
|
||||
# --process-dependency-links
|
||||
# this is missing many/most
|
||||
# --format: invalid choice: 'legacy' (choose from 'columns', 'freeze', 'json')
|
||||
$pip_exe list -o --format=columns --user | tee /tmp/$$.log
|
||||
# pyface (Current: 4.5.2 Latest: 5.0.0 [sdist])
|
||||
grep 'wheel$\|sdist$' /tmp/$$.log | while read pkg current latest rest ; do
|
||||
echo "INFO: $pkg from $current to $latest "
|
||||
if [ -n "$PKGS" ] ; then
|
||||
echo "$PKGS" | grep -v "grep" | grep -q "$pkg" || continue
|
||||
fi
|
||||
|
||||
# this is for the Msys distribution build from source
|
||||
if [ -f ../src/$pkg.bash ] && grep VER= ../src/$pkg.bash ; then
|
||||
[ -f ../src/$pkg.bash.old ] && WARN "$0 backup present $pkg.old" && continue
|
||||
grep -q "^VER=\"$latest\"" ../src/$pkg.bash && \
|
||||
WARN "$0 $pkg already $latest" && continue
|
||||
mv ../src/$pkg.bash ../src/$pkg.bash.old
|
||||
sed -e "s/VER=$current/VER=$latest/" ../src/$pkg.bash < ../src/$pkg.bash.old
|
||||
echo "INFO: package $pkg "
|
||||
fi
|
||||
# -u 2
|
||||
[ $inter -eq 0 ] && continue
|
||||
|
||||
read -p "READ: Upgrade $pkg from $current to $latest? " yn
|
||||
[ "$yn" = "q" ] && exit
|
||||
[ "$yn" = "y" ] || continue
|
||||
|
||||
$pip_exe $pkg $current $latest
|
||||
done
|
||||
|
||||
rm -f /tmp/$$.log
|
||||
exit 0
|
61
overlay/Linux/usr/local/bin/base_sheebang_after_pip.bash
Executable file
61
overlay/Linux/usr/local/bin/base_sheebang_after_pip.bash
Executable file
@ -0,0 +1,61 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
[ -z "$BASE_PYTHON2_MINOR" ] && \
|
||||
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
[ -z "$BASE_PYTHON3_MINOR" ] && \
|
||||
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
|
||||
[ -z "$PYTHON_MINOR" ] && continue
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
|
||||
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
done
|
||||
|
||||
umask 0022
|
||||
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
|
||||
|
||||
# FixMe? /usr/local/bin too? I think not, except for ours?
|
||||
|
||||
for prefix in /usr/local /var/local ; do
|
||||
cd $prefix/bin || exit 1
|
||||
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
|
||||
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
|
||||
while read file ; do
|
||||
head -1 $file | grep -q python || continue
|
||||
head -1 $file | grep -q $prefix/python..bash && continue
|
||||
base=$( echo $file | sed -e 's/\.bash$//' )
|
||||
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
|
||||
if [ -h /etc/python-exec/$base.conf ] ; then
|
||||
link=$( readlink /etc/python-exec/$base.conf )
|
||||
if [ "$link" = python2.conf ] ; then
|
||||
sed -f $prefix/share/sed/${under}_python2.sed -i $file
|
||||
else
|
||||
sed -f $prefix/share/sed/${under}_python3.sed -i $file
|
||||
fi
|
||||
else
|
||||
sed -f $prefix/share/sed/${under}_python2.sed -i $file
|
||||
sed -f $prefix/share/sed/${under}_python3.sed -i $file
|
||||
fi
|
||||
# echo $file
|
||||
done
|
||||
|
||||
# failsafe - Eberly - no longer active
|
||||
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
|
||||
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
|
||||
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
exit 0
|
67
overlay/Linux/usr/local/bin/base_shutdown.bash
Executable file
67
overlay/Linux/usr/local/bin/base_shutdown.bash
Executable file
@ -0,0 +1,67 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
PREFIX=/usr/local
|
||||
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
|
||||
. ~/.bash_logout
|
||||
|
||||
# these can hang unmounting partitions
|
||||
pkill dirmngr
|
||||
pkill bootlogd
|
||||
|
||||
[ -x /var/local/bin/privacy_home_cleaner.bash ] && /var/local/bin/privacy_home_cleaner.bash
|
||||
|
||||
[ -f ~/Makefile ] && grep -q ^stop: ~/Makefile && \
|
||||
{ cd ~ ; make stop || exit 2 ; }
|
||||
|
||||
local_base_umount () {
|
||||
local mount
|
||||
cd /mnt
|
||||
mount=`mount`
|
||||
for file in linux* ; do
|
||||
echo $mount | grep -q " on /mnt/$file " || continue
|
||||
echo /mnt/$file
|
||||
umount -R /mnt/$file || exit 1
|
||||
done
|
||||
|
||||
# not l - a b f d n u x i j k o q w e h z
|
||||
for file in ? ; do
|
||||
echo $mount | grep -q " on /mnt/$file " || continue
|
||||
# echo /mnt/$file
|
||||
umount /mnt/$file || WARN $prog error umounting /mnt/$file
|
||||
done
|
||||
umount -a
|
||||
}
|
||||
|
||||
local_base_umount || exit 3
|
||||
|
||||
# should be 0
|
||||
NUM=`losetup -a |grep -c -v home`
|
||||
if [ $NUM -gt 0 ] ; then
|
||||
losetup -a |grep -v home
|
||||
echo losetup still mounted
|
||||
exit 5
|
||||
fi
|
||||
|
||||
sleep 10
|
||||
umount -a -t ntfs-3g
|
||||
|
||||
# should be 1
|
||||
NUM=`ps ax | grep mount.ntfs-3g | grep -v grep | wc -l`
|
||||
if [ $NUM -ge 1 ] ; then
|
||||
ps ax | grep mount.ntfs-3g | grep -v grep
|
||||
ERROR mount.ntfs-3g still running
|
||||
exit 6
|
||||
fi
|
||||
|
||||
INFO Calling shutdown
|
||||
|
||||
if [ $# -lt 1 ] ; then
|
||||
shutdown -r now
|
||||
else
|
||||
shutdown $*
|
||||
fi
|
32
overlay/Linux/usr/local/bin/base_testforge_perm.bash
Executable file
32
overlay/Linux/usr/local/bin/base_testforge_perm.bash
Executable file
@ -0,0 +1,32 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
# very dangerous
|
||||
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
|
||||
[ -d "$ROOT" ] || exit 1
|
||||
|
||||
ROLE=base
|
||||
|
||||
cd $ROOT || exit 2
|
||||
GROUP=adm
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
|
||||
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP
|
||||
|
||||
if [ -d ${ROOT}/var/local ] ; then
|
||||
# allow
|
||||
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
|
||||
chmod -R g+rw,o-w ${ROOT}/var/local/{bin,data,lib64,src,net}
|
||||
chmod a+x ${ROOT}/var/local/{bin,src,share/bash}/*sh
|
||||
# if [ -d ${ROOT}/var/local/src/lynis ] ; then
|
||||
|
||||
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
|
||||
# forbid /var
|
||||
chgrp -R root ${ROOT}/var/local/{etc,var,share}
|
||||
chmod -R g-w,o-w ${ROOT}/var/local/{etc,var,share}
|
||||
fi
|
||||
if [ -d ${ROOT}/usr/local ] ; then
|
||||
# forbid /usr but lib/python* will be created and allowed on install
|
||||
chgrp -R root ${ROOT}/usr/local/
|
||||
chmod -R g-w,o-rw ${ROOT}/usr/local/
|
||||
fi
|
||||
exit 0
|
56
overlay/Linux/usr/local/bin/base_wall.bash
Executable file
56
overlay/Linux/usr/local/bin/base_wall.bash
Executable file
@ -0,0 +1,56 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
exit 0
|
||||
ROLE=base
|
||||
usage="
|
||||
Usage:
|
||||
wall [options] [message]
|
||||
|
||||
Write a message to all users.
|
||||
|
||||
Options:
|
||||
-n, --nobanner do not print banner
|
||||
-h, --help display this help and exit
|
||||
"
|
||||
|
||||
SHORT=nh
|
||||
LONG=nobanner,help
|
||||
|
||||
PARSED=$(getopt --options $SHORT --longoptions $LONG --name "$0" -- "$@")
|
||||
if [[ $? -ne 0 ]]; then
|
||||
echo "$usage"
|
||||
exit 2
|
||||
fi
|
||||
eval set -- "$PARSED"
|
||||
|
||||
while true; do
|
||||
case "$1" in
|
||||
-n|--nobanner)
|
||||
n=y
|
||||
shift
|
||||
;;
|
||||
-h|--help)
|
||||
echo "$usage"
|
||||
exit 0
|
||||
;;
|
||||
--)
|
||||
shift
|
||||
break
|
||||
;;
|
||||
*)
|
||||
exit 3
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
ps -ef | grep " pts/" | awk '{print $6}' | sort -u > /tmp/terminals_$$.tmp
|
||||
ps -ef | grep " tty" | awk '{print $6}' | sort -u | grep -v "pts" >> /tmp/terminals_$$.tmp
|
||||
if [ "$n" ]; then
|
||||
pre=""
|
||||
post=""
|
||||
else
|
||||
pre="-e \nBroadcast message from $(whoami)@$(hostname) ($(ps ax | grep "^$$" | awk '{ print $2 }')) ($(date +"%a %b %d %H:%M:%S %Y")):\n\n"
|
||||
post='\n'
|
||||
fi
|
||||
cat /tmp/terminals_$$.tmp | while read TTY_TO; do echo $pre"$*"$post | sudo tee /dev/$TTY_TO 1>/dev/null; done
|
||||
rm /tmp/terminals_$$.tmp
|
9
overlay/Linux/usr/local/bin/bash_to_bash.bash
Executable file
9
overlay/Linux/usr/local/bin/bash_to_bash.bash
Executable file
@ -0,0 +1,9 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# filter
|
||||
ROLE=base
|
||||
# extra cleanups to bash from yaml_to_bash
|
||||
sed -e '/\[/s@, @ @g' \
|
||||
-e '/\[/s@\([^"]\)u"@\1"@g' -e "/\[/s@\([^']\)u'@\1'@g" \
|
||||
-e 's@="*\[\(.*\)\]@=(\1)@' -e "s@='*\[\(.*\)\]@=(\1)@"
|
||||
|
29
overlay/Linux/usr/local/bin/fact_to_bash.bash
Executable file
29
overlay/Linux/usr/local/bin/fact_to_bash.bash
Executable file
@ -0,0 +1,29 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# N.B.: creates /usr/local/etc/testforge/testforge.bash
|
||||
|
||||
# filter or program
|
||||
# should be -f VAR_LOCAL/share/sed/fact_to_bash.sed
|
||||
# but /usr/local/etc/testforge/testforge.bash isnt created yet
|
||||
|
||||
ROLE=base
|
||||
|
||||
# wierd: doesnt work on Ubuntu - grep -F -e '=' $* | sed -e 's@^ *@@' | eval
|
||||
grep '=' $* | sed \
|
||||
-e "s@u*'@@g" \
|
||||
-e 's@^ *@@' \
|
||||
-e 's@\[@"@' \
|
||||
-e 's@\]@"@' \
|
||||
-e 's@, @ @g' \
|
||||
> /tmp/$$.bash
|
||||
. /tmp/$$.bash
|
||||
|
||||
|
||||
|
||||
IFS='\t' sed -e 's/=/\t/' -e 's/"//g' /tmp/$$.bash |sort -u | while read key val ; do
|
||||
# why filter these out?
|
||||
# echo $key | grep -q 'SOCKS_PROXY\|NO_PROXY\|HTTP_PROXY\|HTTPS_PROXY\|GIT_' && continue
|
||||
echo "export $key=\"$val\""
|
||||
done
|
||||
|
||||
# rm /tmp/$$.bash
|
8
overlay/Linux/usr/local/bin/fact_to_yaml.bash
Executable file
8
overlay/Linux/usr/local/bin/fact_to_yaml.bash
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
ROLE=base
|
||||
|
||||
# filter or program
|
||||
grep '=' "$*" \
|
||||
| sed -e "s@=@: @" -e "s@^ *@@"
|
108
overlay/Linux/usr/local/bin/pip.sh
Executable file
108
overlay/Linux/usr/local/bin/pip.sh
Executable file
@ -0,0 +1,108 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/usr_local_base.bash || exit 3
|
||||
|
||||
ROLE=base
|
||||
PREFIX=/usr/local
|
||||
[ -z "$PYVER" ] && PYVER=3
|
||||
declare -a TARGET
|
||||
|
||||
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
|
||||
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
fi
|
||||
|
||||
[ -n "$PYTHON_MINOR" ] || \
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
|
||||
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
|
||||
|
||||
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
|
||||
$PREFIX/bin/python$PYVER.sh -m pip "$@"
|
||||
exit $?
|
||||
elif [ "$1" = 'html' ] ; then
|
||||
wget -c -O - https://pypi.org/project/$2 2>/dev/null
|
||||
exit $?
|
||||
elif [ "$1" = 'lynx' ] ; then
|
||||
lynx https://pypi.org/project/$2
|
||||
exit $?
|
||||
elif [ "$1" = 'elinks' ] ; then
|
||||
elinks https://pypi.org/project/$2
|
||||
exit $?
|
||||
fi
|
||||
|
||||
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
|
||||
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
|
||||
fi
|
||||
|
||||
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
|
||||
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
|
||||
fi
|
||||
|
||||
# could from pip import download;print(download.__file__)
|
||||
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
|
||||
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
|
||||
mv $file $file.dst
|
||||
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
|
||||
> $file $file.dst
|
||||
fi
|
||||
|
||||
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
|
||||
|
||||
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
|
||||
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
|
||||
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
|
||||
fi
|
||||
if [ -e $PREFIX/net/Cache/Pip ] ; then
|
||||
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
|
||||
fi
|
||||
|
||||
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
|
||||
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
|
||||
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy http://localhost:3128"
|
||||
|
||||
MYID=$( id -u )
|
||||
if [ "$1" = 'uninstall' ] ; then
|
||||
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
|
||||
|
||||
elif [ "$1" = 'install' ] ; then
|
||||
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
|
||||
shift
|
||||
RARGS="$RARGS --progress-bar=off"
|
||||
# LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh"
|
||||
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
|
||||
# Can not combine '--user' and '--prefix'
|
||||
if true ; then # >9.0.1
|
||||
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
|
||||
:
|
||||
else
|
||||
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
|
||||
RARGS=" --prefix=$PREFIX $RARGS"
|
||||
fi
|
||||
else
|
||||
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
|
||||
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
|
||||
# no quotes around the --install-option arg
|
||||
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
|
||||
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
|
||||
fi
|
||||
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
|
||||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
|
||||
# fi
|
||||
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
|
||||
# this prohibits installing .egg dirs but maybe that means no multi-version
|
||||
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
|
||||
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
|
||||
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
|
||||
# require explicit package-by package installing - ? maybe only from ansible?
|
||||
RARGS="install $RARGS"
|
||||
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
TARGET=("$@")
|
||||
|
||||
echo DBUG $prog $LARGS $RARGS "$@"
|
||||
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1
|
8
overlay/Linux/usr/local/bin/pip2.sh
Executable file
8
overlay/Linux/usr/local/bin/pip2.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
|
||||
ROLE=base
|
||||
|
||||
export PYVER=2
|
||||
exec /usr/local/bin/pip.sh "$@"
|
108
overlay/Linux/usr/local/bin/pip3.11.sh
Normal file
108
overlay/Linux/usr/local/bin/pip3.11.sh
Normal file
@ -0,0 +1,108 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
. /usr/local/bin/usr_local_base.bash || exit 3
|
||||
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
|
||||
|
||||
ROLE=base
|
||||
PREFIX=/usr/local
|
||||
PYVER=3
|
||||
declare -a TARGET
|
||||
|
||||
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
|
||||
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
fi
|
||||
|
||||
[ -n "$PYTHON_MINOR" ] || \
|
||||
PYTHON_MINOR=$( python3.10 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
PYTHON_MINOR=3.11
|
||||
|
||||
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
|
||||
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
|
||||
|
||||
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
|
||||
$PREFIX/bin/python$PYVER.sh -m pip "$@"
|
||||
exit $?
|
||||
elif [ "$1" = 'html' ] ; then
|
||||
wget -c -O - https://pypi.org/project/$2 2>/dev/null
|
||||
exit $?
|
||||
elif [ "$1" = 'lynx' ] ; then
|
||||
lynx https://pypi.org/project/$2
|
||||
exit $?
|
||||
elif [ "$1" = 'elinks' ] ; then
|
||||
elinks https://pypi.org/project/$2
|
||||
exit $?
|
||||
fi
|
||||
|
||||
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
|
||||
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
|
||||
fi
|
||||
|
||||
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
|
||||
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
|
||||
fi
|
||||
|
||||
# could from pip import download;print(download.__file__)
|
||||
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
|
||||
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
|
||||
mv $file $file.dst
|
||||
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
|
||||
> $file $file.dst
|
||||
fi
|
||||
|
||||
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
|
||||
|
||||
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
|
||||
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
|
||||
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
|
||||
fi
|
||||
if [ -e $PREFIX/net/Cache/Pip ] ; then
|
||||
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
|
||||
fi
|
||||
|
||||
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
|
||||
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
|
||||
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy localhost:3128"
|
||||
|
||||
MYID=$( id -u )
|
||||
if [ "$1" = 'uninstall' ] ; then
|
||||
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
|
||||
|
||||
elif [ "$1" = 'install' ] ; then
|
||||
shift
|
||||
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
|
||||
RARGS="$BASE_PIP_INSTALL_ARGS"
|
||||
# Can not combine '--user' and '--prefix'
|
||||
if true ; then # >9.0.1
|
||||
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
|
||||
:
|
||||
else
|
||||
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
|
||||
RARGS=" --prefix=$PREFIX $RARGS"
|
||||
fi
|
||||
else
|
||||
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
|
||||
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
|
||||
# no quotes around the --install-option arg
|
||||
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
|
||||
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
|
||||
fi
|
||||
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
|
||||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
|
||||
# fi
|
||||
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
|
||||
# this prohibits installing .egg dirs but maybe that means no multi-version
|
||||
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
|
||||
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
|
||||
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
|
||||
# require explicit package-by package installing - ? maybe only from ansible?
|
||||
RARGS="install $RARGS"
|
||||
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
TARGET=("$@")
|
||||
|
||||
echo DBUG $prog $LARGS $RARGS "$@"
|
||||
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1
|
8
overlay/Linux/usr/local/bin/pip3.sh
Executable file
8
overlay/Linux/usr/local/bin/pip3.sh
Executable file
@ -0,0 +1,8 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
|
||||
ROLE=base
|
||||
|
||||
export PYVER=3
|
||||
exec /usr/local/bin/pip.sh "$@"
|
974
overlay/Linux/usr/local/bin/proxy_ping_test.bash
Executable file
974
overlay/Linux/usr/local/bin/proxy_ping_test.bash
Executable file
@ -0,0 +1,974 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
. /usr/local/bin/usr_local_tput.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=proxy
|
||||
PYVER=3
|
||||
|
||||
# DEBUG=1
|
||||
|
||||
. /usr/local/bin/proxy_ping_lib.bash || \
|
||||
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
|
||||
PL=/usr/local/bin/proxy_libvirt_lib.bash
|
||||
declare -a tests
|
||||
|
||||
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
|
||||
which dig 2>/dev/null >/dev/null && HAVE_DIG=1 || HAVE_DIG=0
|
||||
which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
|
||||
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
|
||||
|
||||
[ -z "$prog" ] || prog=proxy_ping_test
|
||||
proxy_ping_get_socks
|
||||
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
|
||||
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
|
||||
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
|
||||
HTTPS_PORT=9128
|
||||
HTTPS_HOST=127.0.0.1
|
||||
proxy_ping_get_https
|
||||
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
|
||||
HTTP_PORT=3128
|
||||
HTTP_PROXY_HOST=127.0.0.1
|
||||
proxy_ping_get_http
|
||||
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
|
||||
|
||||
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
|
||||
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
|
||||
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
[ -n "$PYTHON_MINOR" ] || \
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
[ -n "$PYTHON_MINOR" ] || exit 4
|
||||
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
|
||||
#? ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
|
||||
exit 5
|
||||
fi
|
||||
|
||||
THOPS=40
|
||||
NEEDED_BINS="ping traceroute nmap dig nslookup tor-resolve"
|
||||
NEEDED_SCRIPTS="
|
||||
/usr/local/bin/proxy_ping_lib.bash
|
||||
/usr/local/bin/proxy_ping_test.bash
|
||||
"
|
||||
|
||||
grep -q Debian /etc/os-release
|
||||
DEBIAN=$?
|
||||
TIMEOUT=30
|
||||
[ -n "$GATEW_DOM" ] || GATEW_DOM="$( proxy_testforge_get_gateway_dom )"
|
||||
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
|
||||
|
||||
DNS_HOST1="208.67.220.220"
|
||||
DNS_HOST2="8.8.8.8"ggggg
|
||||
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
|
||||
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
|
||||
HTTP_TARGET=www.whatismypublicip.com
|
||||
|
||||
# time.nist.gov 132.163.97.3
|
||||
NTP_HOST1=132.163.97.3
|
||||
# pool.ntp.org 78.46.53.2
|
||||
NTP_HOST2=78.46.53.2
|
||||
# --no-check-certificate
|
||||
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
|
||||
CURL="curl -o /dev/null $CURL_ARGS"
|
||||
SCURL="/usr/local/bin/scurl.bash --output /dev/null"
|
||||
NSL='nslookup -querytype=A -debug'
|
||||
NETS='netstat -nl4e'
|
||||
ALL=""
|
||||
|
||||
[ -z "$USER" ] && USER=$(id -un )
|
||||
[ $USER = root ] && DMESG_LINES=1 || DMESG_LINES=0
|
||||
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
|
||||
# fixme - required
|
||||
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
|
||||
|
||||
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw`
|
||||
# fixme - required
|
||||
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
|
||||
MODE=$( proxy_ping_mode )
|
||||
USAGE="$prog without arguments tests the current MODE=$MODE,
|
||||
or 0 to list the tests by number,
|
||||
or one or more of the groups:
|
||||
|
||||
"
|
||||
|
||||
DNS_HOST=$SOCKS_HOST
|
||||
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
|
||||
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
|
||||
|
||||
## proxy_test_netstat_dns
|
||||
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
|
||||
$NETS | grep -q ":53"
|
||||
retval=$?
|
||||
[ $retval -eq 0 ] && return 0
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" dns not running
|
||||
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
||||
}
|
||||
|
||||
## proxy_test_traceroute_icmp_gw
|
||||
proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
|
||||
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || return 1
|
||||
traceroute --icmp $PROXY_WLAN_GW
|
||||
retval=$?
|
||||
[ $retval -eq 0 ] && return 0
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
|
||||
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
||||
# works
|
||||
GREP="-i icmp"
|
||||
return 0
|
||||
}
|
||||
|
||||
## proxy_test_dig_direct
|
||||
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
|
||||
|
||||
dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null
|
||||
retval=$?
|
||||
[ $retval -eq 0 ] && return 0
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
|
||||
[ -z "$ALL" ] && exit $ARG$retval || return 1
|
||||
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" dig @$DNS_HOST1
|
||||
# works
|
||||
GREP="53"
|
||||
return 0
|
||||
}
|
||||
|
||||
## proxy_test_curl_firewall_bin
|
||||
proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ;
|
||||
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
|
||||
retval=$?
|
||||
[ $retval -eq 0 ] && return 0
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval \
|
||||
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER
|
||||
proxy_iptables_save|tail|grep PTABLES_filter_DROP-o
|
||||
[ -z "$ALL" ] && exit $ARG$retval || return $retval
|
||||
}
|
||||
|
||||
## proxy_ping_curl
|
||||
proxy_ping_curl () { DBUG proxy_ping_curl $* ;
|
||||
local retval
|
||||
timeout -k $TIMEOUT $TIMEOUT $CURL "$@"
|
||||
retval=$?
|
||||
# "DEBUG: wierd failure curl: (35) Encountered end of file"
|
||||
[ $retval -eq 0 -o $retval -eq 35 ] && return 0
|
||||
return $retval
|
||||
}
|
||||
|
||||
## proxy_ping_make_help
|
||||
proxy_ping_make_help () {
|
||||
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
|
||||
> /tmp/proxy_ping_test.hlp
|
||||
return 0
|
||||
}
|
||||
|
||||
## proxy_ping_test_virbr
|
||||
proxy_ping_test_virbr () {
|
||||
local n=$1
|
||||
[ -z "$n" ] && n=1
|
||||
[ -z "$CONN" ] || proxy_whonix_get_conn
|
||||
[ "$CONN" = guest ] && return 0
|
||||
[ -e /proc/sys/net/ipv4/conf/virbr$n ] || return 0
|
||||
proxy_ifconfig virbr$n >/dev/null && return 0
|
||||
return 0
|
||||
}
|
||||
|
||||
## proxy_ping_broken
|
||||
proxy_ping_broken () { DBUG proxy_ping_broken PROXY_WLAN=$PROXY_WLAN $* ;
|
||||
# 0 is true
|
||||
local a=$MODE
|
||||
if [ "$a" = vda -o "$a" = ws ]; then
|
||||
# grep 10.152.152.10 /etc/resolv.conf &&
|
||||
PING_BROKEN=0
|
||||
return 0
|
||||
elif [ "$a" = gateway ]; then
|
||||
PING_BROKEN=0
|
||||
return 0
|
||||
elif [ -z "$PROXY_WLAN_GW" ] ; then
|
||||
PING_BROKEN=0
|
||||
return 0
|
||||
fi
|
||||
|
||||
[ -n "$PING_BROKEN" ] && return $PING_BROKEN
|
||||
|
||||
DBUG $prog proxy_ping_mode=$a PROXY_WLAN=$PROXY_WLAN PROXY_WLAN_GW=$PROXY_WLAN_GW
|
||||
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $PROXY_WLAN_GW # 10.16.238.1
|
||||
if [ $? -ne 0 ] ; then
|
||||
PING_BROKEN=0
|
||||
else
|
||||
PING_BROKEN=1
|
||||
fi
|
||||
return $PING_BROKEN
|
||||
}
|
||||
|
||||
## proxy_do_ping
|
||||
proxy_do_ping () { DBUG proxy_do_ping $* ;
|
||||
proxy_route_check || { ERROR $prog route not connected ; return 1$? ; }
|
||||
|
||||
proxy_ping_broken && return 0
|
||||
|
||||
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_get_if` || {
|
||||
ERROR $prog unable to get wlan $? ; return 2 ;
|
||||
}
|
||||
|
||||
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
|
||||
retval=$?
|
||||
if [ $retval -eq 1 ] ; then
|
||||
# false negatives
|
||||
sleep 4
|
||||
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
|
||||
retval=$?
|
||||
fi
|
||||
[ $retval -lt 1 ] || {
|
||||
ERROR $prog do_ping $PROXY_WLAN retval=$retval
|
||||
rm /tmp/P$$.log
|
||||
PING_BROKEN=0
|
||||
return 3$retval
|
||||
}
|
||||
grep -q ' 0% ' /tmp/P$$.log || \
|
||||
{ ERROR $prog retval=$? test=$1 ping retval=$retval ; rm /tmp/P$$.log ; return 4 ; }
|
||||
PING=1
|
||||
grep 'packet\|bytes from' /tmp/P$$.log
|
||||
rm /tmp/P$$.log
|
||||
return 0
|
||||
}
|
||||
|
||||
proxy_run_as_root () { DBUG proxy_run_as_root $* ;
|
||||
[ $( id -u ) -eq 0 ] && return 0
|
||||
ERROR must be root
|
||||
[ -z "$ALL" ] && exit 9
|
||||
return 1
|
||||
}
|
||||
|
||||
## proxy_test_pretests
|
||||
proxy_test_pretests () {
|
||||
if [ "$1" = panic ] ; then
|
||||
: dont ping on panic
|
||||
proxy_ping_broken || proxy_do_ping || \
|
||||
{ WARN ping failed for panic so skipping ; exit 0 ; }
|
||||
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
|
||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
||||
proxy_ping_broken || proxy_do_ping || exit 3$?
|
||||
proxy_ping_test_resolv $MODE ||\
|
||||
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
|
||||
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
|
||||
elif [ "$1" = nat ] ; then
|
||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
||||
else
|
||||
proxy_do_ping || exit 4$?
|
||||
proxy_ping_test_resolv $MODE || \
|
||||
{ WARN "$prog proxy_ping_test_resolv=$? /etc/resolv.conf.$dire" MODE=$MODE
|
||||
exit 4 ; }
|
||||
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
## proxy_test_help_args
|
||||
proxy_test_help_args () {
|
||||
declare -a ret=()
|
||||
ret=( $(grep " -.* $1 " /tmp/proxy_ping_test.hlp | \
|
||||
sed -e 's/.=.*//' -e 's/.*tests.//') )
|
||||
echo "${ret[@]}"
|
||||
return 0
|
||||
}
|
||||
|
||||
ALL=0
|
||||
## proxy_ping_test_set_args
|
||||
proxy_ping_test_set_args () {
|
||||
local args="$@"
|
||||
local val="$@"
|
||||
declare -a aret=()
|
||||
rm -f /tmp/proxy_ping_test.hlp
|
||||
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
|
||||
## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition
|
||||
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
|
||||
aret=( 6 13 16 ) && \
|
||||
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
|
||||
|
||||
## vda - through the Gateway with the firewall - also polipo,panic - uses env
|
||||
[ "$1" = vda ] &&
|
||||
aret=( 35 3 20 ) #
|
||||
## tor - tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
|
||||
[ "$1" = tor ] &&
|
||||
aret=( 21 30 20 4 5 36 3 )
|
||||
## kick - open firewall with tor running - call dns,polipo +tor in addition
|
||||
[ "$1" = kick -o "$1" = host ] &&
|
||||
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
|
||||
## gateway - on the Gateway, trans firewall with tor running - call dns in addition
|
||||
[ "$1" = gateway ] &&
|
||||
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
|
||||
|
||||
# aliases
|
||||
[ "$1" = "$SOCKS_PORT" ] && set -- socks
|
||||
[ "$1" = "$HTTP_PORT" ] && set -- http
|
||||
[ "$1" = "$HTTPS_PORT" ] && set -- https
|
||||
[ "$1" = "53" ] && set -- dns
|
||||
[ "$1" = "9053" ] && set -- tordns
|
||||
|
||||
[ "$1" = scan ] && set -- iwlist
|
||||
[ "$1" = panic ] && set -- firewall
|
||||
[ "$1" = tor ] && set -- torhost
|
||||
[ "$1" = to_gateway ] && set -- whonix
|
||||
[ "$1" = from_tor ] && set -- whonix
|
||||
[ "$1" = from_gateway ] && set -- gateway
|
||||
[ "$1" = traceroute ] && set -- = trace
|
||||
[ "$1" = connected ] && set -- wifi
|
||||
[ "$1" = clear ] && set -- direct
|
||||
|
||||
# scenarios - modes: nat selektor
|
||||
## nat - through the Gateway via the nat
|
||||
[ "$1" = nat ] && \
|
||||
set -- ping dns socks http https tordns firefail libvirtguest
|
||||
# wifi?
|
||||
[ "$1" = whonix ] && \
|
||||
set -- ping tordns dns socks http https torhost tordns firefail gw
|
||||
[ "$1" = tor ] && \
|
||||
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
|
||||
[ "$1" = selektor ] && \
|
||||
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
|
||||
[ "$1" = direct -o "$1" = '' ] && \
|
||||
set -- ping dns trace nmap gw
|
||||
|
||||
## all - all tests not stopping on the first error
|
||||
[ "$1" = all ] && ALL=1
|
||||
# aret="${#tests[@]}"
|
||||
|
||||
## gw - test if we are connected to the gateway
|
||||
## torhost - running tor with the firewall
|
||||
## env - from the cmdline with a properly setup env
|
||||
## firefail - test the proxy without env vars to expect failure
|
||||
## http - assumes torhost or whonix and env setup
|
||||
## https - assumes torhost or whonix and env setup
|
||||
## socks - assumes torhost or whonix and env setup
|
||||
## ping - connected routed test the ping to DNS hosts
|
||||
## ntp - ntpdate through the firewall
|
||||
## nmap - nmap sgid through the firewall - does not assume env
|
||||
## iwlist - wlan scan
|
||||
## firewall - test that the firewall blocks
|
||||
## virbr1 - assumes tor or whonix
|
||||
## gateway - ssh to the whonix gateway
|
||||
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
|
||||
## wifi - test if we are connected - call scan in addition
|
||||
## libvirthost - hosting a libvirt container
|
||||
## libvirtguest - in a libvirt container
|
||||
## tordns - test 9053 for dns using tor-resolve
|
||||
## dns - dns using tor or the gateway, with the firewall - does not assume env
|
||||
## whonix - whonix to the Gateway with the firewall - also panic - not assume env
|
||||
## whonix - whonix gateway host side client setup with the firewall was from_to## direct - assume no firewall and no proxy - but may work depend on env
|
||||
r
|
||||
for elt in "$@" ; do
|
||||
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
|
||||
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
|
||||
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
|
||||
"$elt" = libvirthost -o "$elt" = libvirtguest -o "$elt" = virbr1 -o \
|
||||
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
|
||||
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
|
||||
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
|
||||
] ; then
|
||||
aret+=( `proxy_test_help_args $elt` )
|
||||
else
|
||||
WARN unrecognized: $elt >&2
|
||||
fi
|
||||
done
|
||||
|
||||
DBUG "${aret[@]}" >&2
|
||||
echo "${aret[@]}"
|
||||
return 0
|
||||
}
|
||||
|
||||
# -I $PROXY_WLAN -c 1 $DNS_HOST2
|
||||
if [ "$#" = 0 ] ; then
|
||||
# default to mode
|
||||
set -- $MODE
|
||||
fi
|
||||
if [ $1 = '-h' -o $1 = '--help' ] ; then
|
||||
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
|
||||
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
|
||||
exit 0
|
||||
elif [ "$1" = 0 ] ; then
|
||||
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
|
||||
echo 0 help /tmp/proxy_ping_test.hlp
|
||||
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
|
||||
. /tmp/proxy_ping_test.hlp
|
||||
for elt in "${!tests[@]}" ; do
|
||||
echo $elt "${tests[$elt]}"
|
||||
done
|
||||
exit 0
|
||||
elif [[ $1 =~ ^[0-9] ]] ; then
|
||||
: passthrough
|
||||
else
|
||||
set -- `proxy_ping_test_set_args "$@"`
|
||||
DBUG running tests numbered "$@"
|
||||
fi
|
||||
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
|
||||
|
||||
proxy_test_pretests "$1"
|
||||
|
||||
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
|
||||
if [ $( id -u ) -eq 0 ] ; then
|
||||
proxy_ping_chattr
|
||||
fi
|
||||
|
||||
DBUG $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE $*
|
||||
# $( sysctl net.ipv4.ping_group_range )
|
||||
|
||||
# proxy_iptables_save|grep 216
|
||||
|
||||
while [ "$#" -gt 0 ] ; do
|
||||
# DBUG $prog $1
|
||||
ARG=$1 ; shift
|
||||
|
||||
GREP=""
|
||||
if [ -z "$ARG" ] ; then
|
||||
continue
|
||||
|
||||
elif ! [ "$ARG" -ge 0 ] ; then
|
||||
ERROR $prog called with an unrecognized argument $ARG from $0
|
||||
exit 9
|
||||
|
||||
elif [ $ARG -le 0 ] ; then
|
||||
# do the ping and resov.conf
|
||||
true
|
||||
|
||||
elif [ $ARG -eq 1 ] ; then
|
||||
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
|
||||
[ -n "$https_proxy" ] && LARGS="" || \
|
||||
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
|
||||
$LARGS $WGET https://$HTTP_TARGET
|
||||
retval=$?
|
||||
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
else
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval test=$ARG
|
||||
[ -z "$ALL" ] && continue
|
||||
fi
|
||||
# works with fix
|
||||
GREP="${HTTPS_PORT}"
|
||||
|
||||
elif [ $ARG -eq 2 ] ; then
|
||||
[ -n "$https_proxy" ] && LARGS="--proxy $https_proxy" || \
|
||||
LARGS="--proxy https://${HTTPS_HOST}:${HTTPS_PORT}"
|
||||
tests[2]="curl_https_as_user curl $LARGS https://$HTTP_TARGET - https "
|
||||
proxy_ping_curl $LARGS https://$HTTP_TARGET >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $LARGS https://$HTTP_TARGET
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works with fix
|
||||
GREP="${HTTPS_PORT}"
|
||||
|
||||
elif [ $ARG -eq 3 ] ; then
|
||||
tests[3]="curl_socks_virbr1_as_user $SOCKS_HOST $SOCKS_PORT - torhost "
|
||||
# proxy_dest_port_wlan_config || { ERROR DEST=$DEST ; continue ; }
|
||||
|
||||
# curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision
|
||||
[ $DEBIAN -eq 0 ] && continue
|
||||
|
||||
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||
if [ $MODE = whonix ] ; then
|
||||
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
|
||||
retval=$?
|
||||
ERROR ssh -o ForwardX11=no user@10.0.2.15 netstat
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue ;
|
||||
}
|
||||
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||
proxy_ping_curl -x $socks_proxy \
|
||||
--interface virbr1 n--dns-interface virbr1 https://$HTTP_TARGET >/dev/null || {
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl -x $socks_proxy --interface virbr1 --dns-interface virbr1 https://$HTTP_TARGET
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
else
|
||||
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|
||||
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${SOCKS_HOST} $SOCKS_PORT
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue ; }
|
||||
fi
|
||||
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works with user/pass
|
||||
GREP="$SOCKS_PORT"
|
||||
|
||||
elif [ $ARG -eq 4 ] ; then
|
||||
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com - tordns "
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
if [ $MODE = whonix ] ; then
|
||||
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
|
||||
fi
|
||||
dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works with fix
|
||||
GREP="$SOCKS_DNS"
|
||||
|
||||
elif [ $ARG -eq 5 ] ; then
|
||||
tests[5]="nslookup_socks_as_user - tordns "
|
||||
[ $HAVE_NSLOOKUP = 1 ] || continue
|
||||
desc="$NSL -port=$SOCKS_DNS www.whatismypublicip.com ${DNS_HOST}"
|
||||
$desc >/dev/null || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" $desc
|
||||
# works with fix
|
||||
GREP="$SOCKS_DNS"
|
||||
|
||||
elif [ $ARG -eq 6 ] ; then
|
||||
proxy=`proxy_ping_get_https`
|
||||
desc="curl --proxy http://${proxy}"
|
||||
tests[6]="curl_https_as_user - https "
|
||||
proxy_ping_curl --proxy http://${proxy} \
|
||||
--proxy-insecure https://$HTTP_TARGET || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" $desc
|
||||
# works
|
||||
GREP="$HTTP_PORT"
|
||||
|
||||
elif [ $ARG -eq 7 ] ; then
|
||||
tests[8]="traceroute_icmp_dns_as_root --icmp - trace "
|
||||
[ $USER = root ] || continue
|
||||
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
||||
[ $HAVE_TRACEROUTE = 1 ] || continue
|
||||
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -m $THOPS || { \
|
||||
retval=$?
|
||||
ERROR $retval traceroute --icmp -m $THOPS
|
||||
[ -z "$ALL" ] && exit 7$retval
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="-i icmp"
|
||||
|
||||
elif [ $ARG -eq 8 ] ; then
|
||||
tests[8]="traceroute_tcp_dns_as_root -i $PROXY_WLAN -p 53 -T4 - trace "
|
||||
[ $USER = root ] || continue
|
||||
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
||||
[ $HAVE_TRACEROUTE = 1 ] || continue
|
||||
traceroute -i $PROXY_WLAN -p 53 -T4 $DNS_TARGET -m $THOPS || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -T4 -p 53 -m $THOPS
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 9 ] ; then
|
||||
tests[9]="traceroute_icmp_dns_as_user -p 53 - trace "
|
||||
[ $USER = root ] || continue
|
||||
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
||||
[ $HAVE_TRACEROUTE = 1 ] || continue
|
||||
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -p 53 -m $THOPS || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -i $PROXY_WLAN --icmp -m $THOPS
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 10 ] ; then
|
||||
tests[10]="wget_http_as_user $HTTP_PORT - http "
|
||||
proxy=`proxy_ping_get_http`
|
||||
env http_proxy=http://${proxy} \
|
||||
$WGET -S http://$HTTP_TARGET 2>/dev/null
|
||||
retval=$?
|
||||
# 8 is an oddball
|
||||
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" wget $HTTP_PORT
|
||||
else
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval wget $HTTP_PORT
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
fi
|
||||
GREP="$HTTP_PORT"
|
||||
|
||||
elif [ $ARG -eq 11 ] ; then
|
||||
tests[11]="curl_https_as_user - https "
|
||||
proxy=`proxy_ping_get_https`
|
||||
proxy_ping_curl --proxy http://${proxy} \
|
||||
--proxy-insecure https://$HTTP_TARGET || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $HTTP_PORT
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="$HTTP_PORT"
|
||||
|
||||
elif [ $ARG -eq 12 ] ; then
|
||||
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
|
||||
[ $USER = root ] || continue
|
||||
which nmap 2>/dev/null >/dev/null || continue
|
||||
[ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220"
|
||||
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 13 ] ; then
|
||||
tests[13]="curl_firewall_bin - wifi "
|
||||
[ $USER = root ] || continue
|
||||
proxy_test_curl_firewall_bin || continue
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" curl bin
|
||||
# works
|
||||
GREP="443"
|
||||
|
||||
elif [ $ARG -eq 14 ] ; then
|
||||
tests[14]="traceroute_icmp_gw_as_root --icmp $PROXY_WLAN_GW - gw wifi "
|
||||
[ $USER = root ] || continue
|
||||
[ $HAVE_TRACEROUTE = 1 ] || continue
|
||||
proxy_test_traceroute_icmp_gw || continue
|
||||
# works
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="-i icmp"
|
||||
|
||||
elif [ $ARG -eq 15 ] ; then
|
||||
tests[15]="test_dig_direct - direct "
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
proxy_test_dig_direct || continue
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
|
||||
|
||||
elif [ $ARG -eq 16 ] ; then
|
||||
tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost "
|
||||
[ $USER = root ] || continue
|
||||
[ $HAVE_NSLOOKUP = 1 ] || continue
|
||||
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works /fails but maybe a noop
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 17 ] ; then
|
||||
tests[17]="ntpdate_as_root ntpdate without service - ntp "
|
||||
proxy_run_as_root || exit 9
|
||||
[ -x /usr/sbin/ntpdate ] || continue
|
||||
# Curious: even though sgid 2755 ntp it fails as su ntp
|
||||
# 12 Nov 23:28:35 ntpdate[17341]: bind() fails: Permission denied
|
||||
/usr/sbin/ntpdate "$NTP_HOST1" || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="123"
|
||||
elif [ $ARG -eq 18 ] ; then
|
||||
tests[18]="ntpdate_as_root ntpdate with servie - ntp "
|
||||
proxy_run_as_root || exit 9
|
||||
proxy_rc_service ntpd status >/dev/null && \
|
||||
proxy_rc_service ntpd stop >/dev/null && sleep 2
|
||||
/usr/sbin/ntpdate $NTP_HOST1 || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
proxy_rc_service ntpd status >/dev/null || proxy_rc_service ntpd start
|
||||
GREP="123"
|
||||
elif [ $ARG -eq 19 ] ; then
|
||||
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
|
||||
proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \
|
||||
http://$HTTP_TARGET >/dev/null && {
|
||||
retval=$?
|
||||
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP=80
|
||||
|
||||
elif [ $ARG -eq 20 ] ; then
|
||||
tests[20]="curl_socksproxy_as_user curl $SOCKS_PORT - socks "
|
||||
# needs dns
|
||||
[ $DEBIAN -eq 0 ] && continue
|
||||
|
||||
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
|
||||
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|
||||
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works with user/pass
|
||||
GREP="$SOCKS_PORT"
|
||||
|
||||
elif [ $ARG -eq 21 ] ; then
|
||||
tests[21]="curl_httpsproxy_as_user - https "
|
||||
[ -z "$https_proxy" ] && https_proxy=http://${HTTPS_PROXY_HOST}:${HTTPS_PORT}
|
||||
proxy_ping_curl -x $https_proxy https://$HTTP_TARGET >/dev/null || { \
|
||||
if [ "$MODE" = gateway ] ; then
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} ${HTTPS_PORT}
|
||||
continue
|
||||
else
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} HTTPS_PORT=${HTTPS_PORT}
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
fi
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" curl ${HTTPS_HOST} ${HTTPS_PORT}
|
||||
GREP="${HTTPS_PORT}"
|
||||
|
||||
elif [ $ARG -eq 22 ] ; then
|
||||
tests[22]="iwlist_scan_as_user iwlist $PROXY_WLAN scan - iwlist "
|
||||
[ $USER = root ] || continue
|
||||
which iwlist 2>/dev/null || continue
|
||||
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
|
||||
iwlist $PROXY_WLAN scan >/dev/null || {
|
||||
ERROR $prog retval=$? test=$ARG $PROXY_WLAN scan
|
||||
[ -z "$ALL" ] && exit $ARG$1 || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
|
||||
elif [ $ARG -eq 23 ] ; then
|
||||
tests[23]="curl_proxy_as_user - direct "
|
||||
proxy_ping_curl --insecure https://$HTTP_TARGET >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl direct
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
|
||||
elif [ $ARG -eq 24 ] ; then
|
||||
tests[24]="dig_direct_or_dnsmasq dig -b $IP www.whatismypublicip.com - direct "
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
||||
[ -n "$IP" ] || continue
|
||||
dig -b $IP www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" dig -b $IP
|
||||
|
||||
elif [ $ARG -eq 25 ] ; then
|
||||
tests[25]="nslookup_as_user - direct "
|
||||
[ $HAVE_NSLOOKUP = 1 ] || continue
|
||||
# noenv with or without proxy
|
||||
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
|
||||
$NSL >/dev/null www.whatismypublicip.com || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup www.whatismypublicip.com
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
|
||||
|
||||
elif [ $ARG -eq 26 ] ; then
|
||||
tests[26]="route_connected_ping_scan - direct "
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
#? proxy_test_pretests
|
||||
proxy_do_ping && \
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||
|
||||
elif [ $ARG -eq 27 ] ; then
|
||||
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
|
||||
dig -b 127.0.0.1 www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
|
||||
elif [ $ARG -eq 28 ] ; then
|
||||
tests[28]="wget_as_user - direct "
|
||||
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
|
||||
$WGET -S https://$HTTP_TARGET 2>/dev/null
|
||||
retval=$?
|
||||
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
|
||||
INFO $prog test=$ARG "${tests[$ARG]}" wget
|
||||
else
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval wget
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
fi
|
||||
|
||||
elif [ $ARG -eq 29 ] ; then
|
||||
tests[29]="curl_as_user - direct "
|
||||
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
|
||||
proxy_ping_curl https://$HTTP_TARGET >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
|
||||
elif [ $ARG -eq 30 ] ; then
|
||||
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
|
||||
[ $MODE = tor -o $MODE = selektor ] || {
|
||||
ERROR $prog MODE != tor test=$ARG
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
port=$SOCKS_PORT
|
||||
$NETS | grep -q :$port || {
|
||||
ERROR $prog retval=$? test=$ARG tor not running on $port
|
||||
[ -z "$ALL" ] && exit $ARG || continue
|
||||
}
|
||||
[ $USER = root ] || continue
|
||||
|
||||
# was /usr/local/bin/tor_bootstrap_check.bash
|
||||
[ -f /usr/local/src/helper-scripts/tor_bootstrap_check.py ] || return 1
|
||||
python3.sh /usr/local/src/helper-scripts/tor_bootstrap_check.py
|
||||
# morons 100%
|
||||
retval=$?
|
||||
[ $retval -eq 0 -o $retval -eq 100 ] || { \
|
||||
retval=$?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor_bootstrap_check
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
|
||||
elif [ $ARG -eq 31 ] ; then
|
||||
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
|
||||
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
|
||||
retval=$?
|
||||
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval polipo http pages $HTTP_PORT
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
GREP="$HTTP_PORT"
|
||||
|
||||
elif [ $ARG -eq 32 ] ; then
|
||||
tests[32]="ping_nmap_direct_as_root nmap 53 - direct "
|
||||
[ $USER = root ] || continue
|
||||
which nmap 2>/dev/null >/dev/null || continue
|
||||
[ -n "$PROXY_WLAN" -a -n "$PROXY_WLAN_GW" ] || proxy_ping_get_wlan_gw || continue
|
||||
proxy_ping_nmap_direct $DNS_HOST1 "$PROXY_WLAN_GW" U:67 || {
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmapd 53
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 33 ] ; then
|
||||
tests[33]="host_virbr_as_user proxy_ping_test_virbr 1 - libvirthost "
|
||||
proxy_ping_test_virbr 1 || {
|
||||
retval=$?
|
||||
ERROR $CONN virbr1 not running
|
||||
[ -z "$ALL" ] && exit 1 || continue
|
||||
}
|
||||
# * Immediate connect fail for 10.0.2.15: Connection refused
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
|
||||
elif [ $ARG -eq 34 ] ; then
|
||||
tests[34]="python_ping_as_root traceroute --icmp $PROXY_WLAN_GW - wifi "
|
||||
[ $USER = root ] || continue
|
||||
[ -n "$PROXY_WLAN_GW" -a -n "$IP" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || continue
|
||||
[ -f /usr/local/bin/ping2.py ] || continue
|
||||
/usr/local/bin/ping2.py $IP $DNS_HOST1 $PROXY_WLAN_GW || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ping2.py $DNS_HOST1
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
# works
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP="-i icmp"
|
||||
|
||||
elif [ $ARG -eq 35 ] ; then
|
||||
tests[35]="dig_as_root - firewall dig @$DNS_HOST1 - torhost dns "
|
||||
[ $USER = root ] || continue
|
||||
[ $HAVE_DIG = 1 ] || continue
|
||||
# @$DNS_HOST1
|
||||
su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
GREP="53"
|
||||
|
||||
elif [ $ARG -eq 36 ] ; then
|
||||
tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns "
|
||||
[ $HAVE_TOR_RESOLVE = 1 ] || continue
|
||||
tor-resolve pool.ntp.org >/dev/null || { \
|
||||
retval=$?
|
||||
# dunno Failed parsing SOCKS5 response conf?
|
||||
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org
|
||||
continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
# works
|
||||
GREP="9053"
|
||||
|
||||
elif [ $ARG -eq 37 ] ; then
|
||||
tests[37]="qemu-guest-agent and ports - libvirtguest "
|
||||
ser=qemu-guest-agent
|
||||
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
|
||||
proxy_rc_service $ser status >/dev/null || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval $ser status
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
[ -d /dev/virtio-ports ] || { \
|
||||
retval=$?
|
||||
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval /dev/virtio-ports
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
GREP=""
|
||||
elif [ $ARG -eq 38 ] ; then
|
||||
tests[38]="qemu-guest-agent and ports - libvirthost whonix "
|
||||
[ $USER = root ] || continue
|
||||
$PL proxy_libvirt_list
|
||||
aret=$?
|
||||
if [ $aret -eq 10 ] ;then
|
||||
WARN proxy_libvirt_status hung
|
||||
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
|
||||
DBUG proxy_libvirt_status aret=$aret
|
||||
else
|
||||
$PL proxy_libvirt_list | grep -q "$GATEW_DOM" || {
|
||||
ERROR MODE=$MODE and $GATEW_DOM not running ;
|
||||
[ -z "$ALL" ] && exit $ARG$retval || continue
|
||||
}
|
||||
INFO $prog test=$ARG "${tests[$ARG]}"
|
||||
fi
|
||||
elif false ; then
|
||||
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
|
||||
$NETS | grep -q :53 || {
|
||||
ERROR $prog retval=$? test=$ARG local resolv.conf but :53 not running
|
||||
[ -z "$ALL" ] && exit 1 || continue
|
||||
}
|
||||
fi
|
||||
|
||||
fi
|
||||
[ -n "$GREP" ] && [ $DMESG_LINES -gt 0 ] && \
|
||||
DBUG `dmesg|tail|grep $GREP|tail -$DMESG_LINES`
|
||||
|
||||
done
|
||||
exit 0
|
||||
|
||||
1)
|
||||
env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate
|
||||
2)
|
||||
curl $D -k --proxy
|
||||
3)
|
||||
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
|
||||
5)
|
||||
nslookup -port=$SOCKS_DNS www.whatismypublicip.com ${SOCKS_HOST} \
|
||||
6)
|
||||
curl -k --proxy $HTTP_PORT
|
||||
16)
|
||||
nslookup $PRIV_BIN_OWNER
|
||||
18)
|
||||
ntpdate as sroot
|
||||
19)
|
||||
curl raw noproxy
|
||||
0)
|
||||
usage
|
||||
|
20100
overlay/Linux/usr/local/bin/proxy_testssl_lib.bash
Executable file
20100
overlay/Linux/usr/local/bin/proxy_testssl_lib.bash
Executable file
File diff suppressed because it is too large
Load Diff
60
overlay/Linux/usr/local/bin/python.sh
Executable file
60
overlay/Linux/usr/local/bin/python.sh
Executable file
@ -0,0 +1,60 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
[ -z "$PYVER" ] && PYVER=3
|
||||
export PYVER
|
||||
#[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
||||
# . /usr/local/bin/usr_local_tput.bash
|
||||
ROLE=base
|
||||
declare -a RARGS
|
||||
RARGS=("$@")
|
||||
|
||||
[ -f /usr/local/bin/pyver.sh ] && . /usr/local/bin/pyver.sh || {
|
||||
[ -f /usr/local/etc/testforge/testforge.bash ] && \
|
||||
. /usr/local/etc/testforge/testforge.bash >/dev/null
|
||||
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
[ -n "$PYTHON_MINOR" ] || \
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
|
||||
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR >&2 ; exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
if [ -z "$PYTHONPATH" ] ; then
|
||||
# sic - failsafe
|
||||
export PYTHONPATH=/usr/lib/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
|
||||
if [ -d /usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding ] ; then
|
||||
if [ -z "$LD_LIBRARY_PATH" ] ; then
|
||||
export LD_LIBRARY_PATH=/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
|
||||
else
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
|
||||
fi
|
||||
fi
|
||||
|
||||
# do I want $HOME/.local on the path? - no
|
||||
# do I want local/lib/.../dist-packages on the path? - no is already is
|
||||
# on Debian ~/.local/lib/python*/site-packages is already on the path
|
||||
for elt in usr/local ; do
|
||||
[ -d /$elt ] || continue
|
||||
[ -d /$elt/bin ] && [[ ! $PATH =~ /$elt/bin ]] && \
|
||||
export PATH=$PATH:/$elt/bin
|
||||
[ -e /$elt/$LIB ] || continue
|
||||
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/$elt/$LIB
|
||||
[ -d /$elt/$LIB/python$PYTHON_MINOR/site-packages ] || \
|
||||
mkdir /$elt/$LIB/python$PYTHON_MINOR/site-packages
|
||||
[ ! -f /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py ] && \
|
||||
touch /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py
|
||||
[[ ! $PYTHONPATH =~ /$elt/$LIB/python$PYTHON_MINOR/site-packages ]] && \
|
||||
export PYTHONPATH=$PYTHONPATH:/$elt/$LIB/python$PYTHON_MINOR/site-packages
|
||||
done
|
||||
|
||||
# echo INFO exec /usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"
|
||||
/usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"
|
5
overlay/Linux/usr/local/bin/python2.sh
Executable file
5
overlay/Linux/usr/local/bin/python2.sh
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
ROLE=bash
|
||||
export PYVER=2
|
||||
exec /usr/local/bin/python.sh "$@"
|
5
overlay/Linux/usr/local/bin/python3.sh
Executable file
5
overlay/Linux/usr/local/bin/python3.sh
Executable file
@ -0,0 +1,5 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
ROLE=bash
|
||||
export PYVER=3
|
||||
/usr/local/bin/python.sh "$@"
|
117
overlay/Linux/usr/local/bin/pyver.sh
Executable file
117
overlay/Linux/usr/local/bin/pyver.sh
Executable file
@ -0,0 +1,117 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
DBUG() { echo DEBUG $* >&2 ; }
|
||||
INFO() { echo INFO $* >&2 ; }
|
||||
WARN() { echo WARN $* >&2 ; }
|
||||
ERROR() { echo ERROR $* >&2 ; }
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
[ -z "$PYVER" ] && PYVER=3 # echo ERROR define PYVER >&2 && exit 1
|
||||
[ -z "$USER" ] && USER=$( id -un )
|
||||
|
||||
ini_file=/usr/local/etc/testforge/testforge.bash
|
||||
if [ ! -f $ini_file ] ; then
|
||||
# bootstrap
|
||||
[ -d /usr/local/etc/testforge ] || mkdir -p /usr/local/etc/testforge
|
||||
[ -x /usr/bin/python$PYVER ] && \
|
||||
echo export BASE_PYTHON${PYVER}_MINOR=`/usr/bin/python$PYVER --version|sed -e 's/.* //' -e 's/\.[0-9]*$//'` >> $ini_file
|
||||
else
|
||||
. $ini_file >/dev/null
|
||||
fi
|
||||
|
||||
set -- -x
|
||||
P="BASE_PYTHON${PYVER}_MINOR"
|
||||
PYTHON_MINOR="$(eval echo \$$P)"
|
||||
[ -n "$PYTHON_MINOR" ] || \
|
||||
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
|
||||
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ "$USER" = root ] ; then
|
||||
[ -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py ] && \
|
||||
mv /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py.bak && \
|
||||
rm -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.pyc
|
||||
fi
|
||||
|
||||
if [ ! -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] ; then
|
||||
if [ "$USER" = root ] ; then
|
||||
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
|
||||
chgrp adm /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
|
||||
chmod 775 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
|
||||
else
|
||||
ERROR Install error missing /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
|
||||
exit 2
|
||||
fi
|
||||
fi
|
||||
|
||||
[ -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] || \
|
||||
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
|
||||
[ -f /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ] || \
|
||||
cat > /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py << EOF
|
||||
# -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
|
||||
|
||||
from __future__ import print_function
|
||||
|
||||
import codecs
|
||||
codecs._codecs_lookup = codecs.lookup
|
||||
def lookup(s):
|
||||
if s.endswith('-unix'):
|
||||
s = s[:-5]
|
||||
elif s.endswith('-dos'):
|
||||
s = s[:-4]
|
||||
return codecs._codecs_lookup(s)
|
||||
codecs.lookup = lookup
|
||||
|
||||
import os,sys
|
||||
pyver = sys.version[:3]
|
||||
notver = "3" if sys.version[:1] == '2' else '2'
|
||||
|
||||
for elt in sys.path:
|
||||
if elt.find('python' + notver) < 0: continue
|
||||
p = os.environ.get('PYTHONPATH', '')
|
||||
sys.stderr.write('WARN: sitecustomize.py PYTHONPATH=' +p +' sys.path=' +repr(sys.path) +'\n')
|
||||
sys.stderr.write('"python' + notver +' in sys.path for ' +sys.executable +"\n")
|
||||
raise RuntimeError('"python' + notver +' in sys.path for ' +sys.executable)
|
||||
|
||||
dir=None
|
||||
for elt in ['var', 'usr']:
|
||||
if 'LD_LIBRARY_PATH' not in os.environ or 'PYTHONPATH' not in os.environ:
|
||||
continue
|
||||
dir = '/' + elt + '/local/bin'
|
||||
if dir not in os.environ['PATH'].split(os.pathsep):
|
||||
continue
|
||||
dir = '/' + elt + "/local/$LIB"
|
||||
if dir not in os.environ['LD_LIBRARY_PATH'].split(os.pathsep):
|
||||
continue
|
||||
dir = '/' + elt + "/local/$LIB/python" + pyver + '/site-packages'
|
||||
# the bash wrapper will have put this on
|
||||
if dir in os.environ['PYTHONPATH'].split(os.pathsep):
|
||||
# print(repr(sys.path))
|
||||
if dir not in sys.path:
|
||||
sys.path.insert(0, dir)
|
||||
bin = '/' + elt + '/local/bin/python' + pyver[0]
|
||||
if elt == 'var':
|
||||
bin += '.bash'
|
||||
else:
|
||||
bin += '.sh'
|
||||
if os.path.isfile(bin):
|
||||
# print(sys.executable + '=' + bin)
|
||||
sys.executable = bin
|
||||
# var takes precedence
|
||||
break
|
||||
|
||||
if __name__ == '__main__':
|
||||
print(sys.executable)
|
||||
del os, sys, dir, elt, pyver
|
||||
EOF
|
36
overlay/Linux/usr/local/bin/testforge_get_inventory.bash
Executable file
36
overlay/Linux/usr/local/bin/testforge_get_inventory.bash
Executable file
@ -0,0 +1,36 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
# on stdout - messages on stderr
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
base=AnsI
|
||||
|
||||
# quiet
|
||||
[ "$#" -eq 0 ] && exit 1
|
||||
VARIABLE=$1
|
||||
|
||||
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
|
||||
|
||||
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
|
||||
|
||||
name=`hostname`
|
||||
|
||||
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
|
||||
base=$name
|
||||
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
|
||||
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
|
||||
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
|
||||
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
|
||||
#!? export
|
||||
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
|
||||
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
|
||||
[ "$VALUE" = "null" ] && VALUE=""
|
||||
echo -n "$VALUE"
|
||||
fi
|
||||
rm -f /tmp/${AnsI}$$.json
|
||||
fi
|
||||
|
||||
exit 0
|
39
overlay/Linux/usr/local/bin/testforge_local_bin.bash
Executable file
39
overlay/Linux/usr/local/bin/testforge_local_bin.bash
Executable file
@ -0,0 +1,39 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
|
||||
umask 0022
|
||||
[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
|
||||
[ -f $inidir ] || mkdir -p $inidir
|
||||
|
||||
if [ -f $inidir ] ; then
|
||||
inifile=$inidir
|
||||
else
|
||||
inifile=$inidir/testforge.ini
|
||||
fi
|
||||
|
||||
# echo -n "DEBUG: $prog "; ls -l $inifile
|
||||
[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; }
|
||||
[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; }
|
||||
|
||||
bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' )
|
||||
if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then
|
||||
INFO "$inifile > $bashfile"
|
||||
/usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3
|
||||
echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile
|
||||
echo -n "DEBUG: $prog bashfile"; ls -l $bashfile
|
||||
fi
|
||||
|
||||
ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' )
|
||||
if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then
|
||||
INFO "$inifile > $ymlfile"
|
||||
/usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4
|
||||
echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile
|
||||
fi
|
||||
. $bashfile || exit $?
|
||||
|
||||
exec bash /usr/local/bin/base_sheebang_after_pip.bash
|
60
overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash
Executable file
60
overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash
Executable file
@ -0,0 +1,60 @@
|
||||
#!/bin/sh
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
. /usr/local/bin/usr_local_base.bash || exit 2
|
||||
PREFIX=/usr/local
|
||||
ROLE=base
|
||||
|
||||
[ -z "$BASE_PYTHON2_MINOR" ] && \
|
||||
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
[ -z "$BASE_PYTHON3_MINOR" ] && \
|
||||
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
|
||||
|
||||
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
|
||||
[ -z "$PYTHON_MINOR" ] && continue
|
||||
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib
|
||||
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
|
||||
LIB=lib64
|
||||
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
|
||||
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
|
||||
fi
|
||||
done
|
||||
|
||||
umask 0022
|
||||
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
|
||||
|
||||
# FixMe? /usr/local/bin too? I think not, except for ours?
|
||||
|
||||
for prefix in /usr/local /var/local ; do
|
||||
cd $prefix/bin || exit 1
|
||||
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
|
||||
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
|
||||
while read file ; do
|
||||
head -1 $file | grep -q python || continue
|
||||
head -1 $file | grep -q $prefix/python..bash && continue
|
||||
base=$( echo $file | sed -e 's/\.bash$//' )
|
||||
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
|
||||
if [ -h /etc/python-exec/$base.conf ] ; then
|
||||
link=$( readlink /etc/python-exec/$base.conf )
|
||||
if [ "$link" = python2.conf ] ; then
|
||||
sed -f $prefix/share/sed/${under}_python2.sed -i $file
|
||||
else
|
||||
sed -f $prefix/share/sed/${under}_python3.sed -i $file
|
||||
fi
|
||||
else
|
||||
sed -f $prefix/share/sed/${under}_python2.sed -i $file
|
||||
sed -f $prefix/share/sed/${under}_python3.sed -i $file
|
||||
fi
|
||||
# echo $file
|
||||
done
|
||||
|
||||
# failsafe - Eberly - no longer active
|
||||
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
|
||||
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
|
||||
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
|
||||
done
|
||||
|
||||
done
|
||||
|
||||
exit 0
|
425
overlay/Linux/usr/local/bin/toxcore_create-vm.bash
Executable file
425
overlay/Linux/usr/local/bin/toxcore_create-vm.bash
Executable file
@ -0,0 +1,425 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# from https://github.com/earlruby/create-vm/
|
||||
|
||||
[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
||||
. /usr/local/bin/usr_local_tput.bash || {
|
||||
DBUG() { echo DEBUG $* ; }
|
||||
INFO() { echo INFO $* ; }
|
||||
WARN() { echo WARN $* ; }
|
||||
ERROR() { echo ERROR $* ; }
|
||||
}
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=toxcore
|
||||
export PATH=$PATH:$PREFIX/bin
|
||||
have_genisoimage=true
|
||||
|
||||
# create-vm - Quickly create guest VMs using cloud image files and cloud-init.
|
||||
|
||||
# Copyright 2018-2023 Earl C. Ruby III
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
|
||||
# Set BOX_NBD_OVERLAY_DIR environment variable to override default storage location for VMs
|
||||
HOSTNAME=
|
||||
IMG_FQN=
|
||||
AUTH_KEYS_FQN=
|
||||
RAM=2048
|
||||
VCPUS=1
|
||||
STORAGE=20
|
||||
BRIDGE=virbr1
|
||||
MAC='52:54:00:1d:9c:6f'
|
||||
VERBOSE=
|
||||
PASS=
|
||||
OSINFO=gentoo
|
||||
password=ansible
|
||||
OUTDIR=${BOX_NBD_OVERLAY_DIRs:-"${HOME}/vms/virsh"}
|
||||
|
||||
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
usage: $0 options
|
||||
|
||||
Quickly create guest VMs using cloud image files and cloud-init.
|
||||
|
||||
OPTIONS:
|
||||
-h Show this message
|
||||
-n Host name (required)
|
||||
-i Full path and name of the base .img file to use (required)
|
||||
-k Full path and name of the ansible user's public key file (required)
|
||||
-d Output directory for the overlay qcow2 and related files
|
||||
-r RAM in MB (defaults to ${RAM})
|
||||
-c Number of VCPUs (defaults to ${VCPUS})
|
||||
-s Amount of storage to allocate in GB (defaults to ${STORAGE})
|
||||
-b Bridge interface to use (defaults to ${BRIDGE})
|
||||
-m MAC address to use (default is to use a randomly-generated MAC)
|
||||
-o OSINFO name like win11, win10, fedora32, gentoo, ububtu20
|
||||
-p ansible users plaintext password
|
||||
-v Verbose
|
||||
EOF
|
||||
}
|
||||
|
||||
while getopts "h:n:i:k:r:c:s:b:m:o:p:d:v" option; do
|
||||
case "${option}"
|
||||
in
|
||||
h)
|
||||
usage
|
||||
exit 0
|
||||
;;
|
||||
n) HOSTNAME=${OPTARG};;
|
||||
i) IMG_FQN=${OPTARG};;
|
||||
k) AUTH_KEYS_FQN=${OPTARG};;
|
||||
r) RAM=${OPTARG};;
|
||||
c) VCPUS=${OPTARG};;
|
||||
s) STORAGE=${OPTARG};;
|
||||
b) BRIDGE=${OPTARG};;
|
||||
m) MAC=${OPTARG};;
|
||||
p) PASS=${OPTARG};;
|
||||
o) password=${OPTARG};;
|
||||
d) OUTDIR=${OPTARG};
|
||||
BOX_NBD_OVERLAY_DIR=${OUTDIR};;
|
||||
v) VERBOSE=1;;
|
||||
*)
|
||||
ERROR unhandled option "${option}" ${OPTARG}
|
||||
usage
|
||||
exit 1
|
||||
;;
|
||||
esac
|
||||
done
|
||||
|
||||
if [[ -z $HOSTNAME ]]; then
|
||||
ERROR "Host name is required"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $IMG_FQN ]]; then
|
||||
ERROR "Base cloud image file name is required"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $BOX_NBD_OVERLAY_DIR ]]; then
|
||||
ERROR "Output image directory is required BOX_NBD_OVERLAY_DIR"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -z $AUTH_KEYS_FQN ]]; then
|
||||
ERROR "ansible public key file $AUTH_KEYS_FQN not found"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ! [[ -f $IMG_FQN ]]; then
|
||||
ERROR "$IMG_FQN file not found"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -n $VERBOSE ]]; then
|
||||
INFO "Building ${HOSTNAME} in $BOX_NBD_OVERLAY_DIR"
|
||||
set -xv
|
||||
fi
|
||||
|
||||
mkdir -p "$BOX_NBD_OVERLAY_DIR"/{images,xml,init,base} || exit 2
|
||||
|
||||
echo "Creating a qcow2 image file ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img that uses the cloud image file ${IMG_FQN} as its base"
|
||||
|
||||
INFO qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
|
||||
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G"
|
||||
qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
|
||||
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" || \
|
||||
exit 3
|
||||
|
||||
echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data"
|
||||
cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data" << EOF
|
||||
instance-id: ${HOSTNAME}
|
||||
local-hostname: ${HOSTNAME}
|
||||
EOF
|
||||
|
||||
# echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data.json"
|
||||
# cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data.json" << EOF
|
||||
cat > /dev/null << EOF
|
||||
{
|
||||
"admin_pass": "root",
|
||||
"availability_zone": "nova",
|
||||
"hostname": "test.novalocal",
|
||||
"launch_index": 0,
|
||||
"name": "gentoo6",
|
||||
"meta": {
|
||||
"role": "webservers",
|
||||
"essential": "false"
|
||||
},
|
||||
"public_keys": {
|
||||
"mykey": " ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
|
||||
|
||||
},
|
||||
"uuid": "83679162-1378-4288-a2d4-70e13ec132aa"
|
||||
}
|
||||
EOF
|
||||
|
||||
# password=`openssl passwd -1 -stdin <<< $password`
|
||||
echo "Creating user-data file $BOX_NBD_OVERLAY_DIR/init/user-data"
|
||||
# https://techglimpse.com/nova-boot-instance-with-password/
|
||||
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << EOF
|
||||
#cloud-config
|
||||
# password: ansible
|
||||
# chpasswd: { expire: False }
|
||||
|
||||
ssh_pwauth: true
|
||||
|
||||
runcmd:
|
||||
- "rc-update add qemu-guest-agent"
|
||||
- "chmod 755 /etc/init.d/qemu-guest-agent"
|
||||
- "/etc/init.d/qemu-guest-agent start"
|
||||
- "echo /etc/init.d/qemu-guest-agent start >> /etc/rc.local"
|
||||
|
||||
users:
|
||||
- default
|
||||
- name: ansible
|
||||
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
|
||||
groups:
|
||||
- wheel
|
||||
- adm
|
||||
shell: /bin/bash
|
||||
plain_text_password: "$password"
|
||||
chpasswd: { expire: False }
|
||||
homedir: /home/ansible
|
||||
ssh_pwauth: true
|
||||
ssh_authorized_keys:
|
||||
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
|
||||
EOF
|
||||
|
||||
echo "Adding keys from the public key file $AUTH_KEYS_FQN to the user-data file"
|
||||
while IFS= read -r key; do
|
||||
echo " - $key" >> "$BOX_NBD_OVERLAY_DIR/init/user-data"
|
||||
done < <(grep -v '^ *#' < "$AUTH_KEYS_FQN")
|
||||
|
||||
VM_IMAGE_DIR="$BOX_NBD_OVERLAY_DIR"
|
||||
#old . /usr/local/bin/toxcore_create-ga.sh || exit 4
|
||||
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << \EOF
|
||||
#!/bin/bash
|
||||
|
||||
# typically only executes on first boot
|
||||
|
||||
echo "############# user_data executing ##############"
|
||||
|
||||
#grep gentoo /etc/shadow
|
||||
|
||||
sed -e 's/#-:ALL:ALL/+:gentoo:ALL/' -i /etc/security/access.conf
|
||||
PW=`echo $PASS | openssl passwd -1 --stdin `
|
||||
grep -q ^gentoo /etc/passwd || \
|
||||
useradd --gid 4 --uid 1000 --home-dir /home/gentoo \
|
||||
--comment Gentoo --password "$PW" \
|
||||
-G adm,wheel --shell /bin/bash gentoo
|
||||
|
||||
usermod --password "$PW" -G adm,wheel gentoo
|
||||
# root
|
||||
usermod --password '$1$1Ho4y/W8$5VymfKWWAhLxwkkPZiWTZ1' root
|
||||
# unlock account
|
||||
passwd -u gentoo
|
||||
passwd -u root
|
||||
|
||||
sed -e 's/# %wheel /%wheel /' -i /etc/sudoers
|
||||
sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc//ssh/sshd_config
|
||||
sed -e 's/PermitRootLogin.*/PermitRootLogin yes/' -i /etc//ssh/sshd_config
|
||||
|
||||
grep net.ipv4.ip_forward=1 /etc/sysctl.conf || \
|
||||
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
|
||||
|
||||
cd /etc/init.d
|
||||
[ -e net.eth0 ] || ln -s net.lo net.eth0
|
||||
|
||||
for elt in i o linuxPen19 ; do
|
||||
grep -q $elt /etc/fstab && continue
|
||||
echo "$elt /mnt/$elt virtiofs defaults 0 0" >> /etc/fstab
|
||||
done
|
||||
|
||||
#grep gentoo /etc/shadow
|
||||
EOF
|
||||
|
||||
echo "Generating the cidata ISO file $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.iso"
|
||||
(
|
||||
cd "$BOX_NBD_OVERLAY_DIR/init/"
|
||||
genisoimage \
|
||||
-output "$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img" \
|
||||
-volid cidata \
|
||||
-rational-rock \
|
||||
-joliet \
|
||||
-input-charset utf-8 \
|
||||
user-data meta-data
|
||||
) || exit 5
|
||||
|
||||
MACCMD=
|
||||
if [[ -n $MAC ]]; then
|
||||
MACCMD="--mac=${MAC}"
|
||||
fi
|
||||
|
||||
[ -f ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img ] || exit 5
|
||||
[ -f $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img ] || exit 6
|
||||
|
||||
# libvirt.libvirtError: /usr/lib/qemu/qemu-bridge-helper --use-vnet --br=-c --fd=31: failed to communicate with bridge helper: stderr=failed to parse default acl file `/etc/qemu/bridge.conf'
|
||||
if [ ! -f "/etc/qemu/bridge.conf" ] ; then
|
||||
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
|
||||
elif ! grep $BRIDGE "/etc/qemu/bridge.conf" ; then
|
||||
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
|
||||
fi
|
||||
if [ $BRIDGE = virbr0 ] ; then
|
||||
network=default
|
||||
# 192.168.122.248/24
|
||||
elif [ $BRIDGE = virbr1 ] ; then
|
||||
network=Whonix-External
|
||||
else
|
||||
WARN unrecognized $BRIDGE
|
||||
fi
|
||||
if [ "$network" != '' ] ; then
|
||||
virsh net-list | grep -q $network || \
|
||||
virsh net-start $network
|
||||
else
|
||||
network=default
|
||||
fi
|
||||
file=/etc/libvirt/qemu/networks/$network.xml
|
||||
if [ ! -f $file ] ; then
|
||||
WARN no network file $file
|
||||
elif ! grep '<range ' $file ; then
|
||||
WARN no 'DHCP <range> in network file' $file
|
||||
fi
|
||||
|
||||
declare -a LARGS
|
||||
LARGS=(
|
||||
--name="${HOSTNAME}" \
|
||||
--osinfo "$OSINFO" \
|
||||
--import \
|
||||
--disk "path=${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img,format=qcow2" \
|
||||
--disk "path=$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" \
|
||||
--ram="${RAM}" \
|
||||
--vcpus="${VCPUS}" \
|
||||
--autostart \
|
||||
--hvm \
|
||||
--arch x86_64 \
|
||||
--accelerate \
|
||||
--check-cpu \
|
||||
--force \
|
||||
--watchdog=default \
|
||||
--channel type=spicevmc,target.type=virtio,target.name=com.redhat.spice.0 \
|
||||
--channel type=unix,target.type=virtio,target.name=org.qemu.guest_agent.0 \
|
||||
--rng /dev/urandom \
|
||||
--os-variant detect=on,name=$OSINFO \
|
||||
--noautoconsole \
|
||||
)
|
||||
|
||||
# not type=qemu-vdagent
|
||||
|
||||
NETWORK="--network network=$network,model=virtio"
|
||||
if [ -n "$NETWORK" ] ; then
|
||||
LARGS+=(
|
||||
$NETWORK \
|
||||
)
|
||||
fi
|
||||
LARGS+=(
|
||||
# --graphics spice,listen=socket \
|
||||
--boot init=/sbin/init
|
||||
--console pty
|
||||
--video vga
|
||||
--memorybacking source.type=memfd,access.mode=shared
|
||||
--filesystem /,/mnt/linuxPen19 \
|
||||
)
|
||||
|
||||
|
||||
INFO virt-install "${LARGS[@]}"
|
||||
# squelch warnings
|
||||
python3.sh `which virt-install` "${LARGS[@]}" || exit 7
|
||||
# --debug
|
||||
#? --shmem name=shmem_server,type="memfd",mode="shared"
|
||||
# --shmem name=shmem0 ivshmem device is not supported with this QEMU binary
|
||||
|
||||
# was --graphics vnc,listen=0.0.0.0
|
||||
# --osinfo "$OSINFO" \
|
||||
|
||||
# Make a backup of the VM's XML definition file
|
||||
virsh dumpxml "${HOSTNAME}" > "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" || exit 8
|
||||
INFO wrote xml `ls -l ${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml`
|
||||
|
||||
if [ -n "$VERBOSE" ]; then
|
||||
set +xv
|
||||
fi
|
||||
|
||||
# problems: type=qemu-vdagent unix unix=on
|
||||
# problems: type="spicevmc
|
||||
# ERROR Unknown --channel options: ['unix']
|
||||
cp "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" \
|
||||
"${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml".new
|
||||
|
||||
cat > /tmp/ga.works <<EOF
|
||||
<channel type="unix">
|
||||
<source mode="bind" path="/var/lib/libvirt/qemu/channel/target/domain-25-gentoo1/org.qemu.guest_agent.0"/>
|
||||
<target type="virtio" name="org.qemu.guest_agent.0" state="connected"/>
|
||||
<address type="virtio-serial" controller="0" bus="0" port="2"/>
|
||||
</channel>
|
||||
EOF
|
||||
cat > /tmp/sp.works <<EOF
|
||||
<channel type="spicevmc">
|
||||
<target type="virtio" name="com.redhat.spice.0" state="disconnected"/>
|
||||
<address type="virtio-serial" controller="0" bus="0" port="1"/>
|
||||
</channel>
|
||||
EOF
|
||||
|
||||
# Show running VMs
|
||||
virsh list | grep "${HOSTNAME}" && INFO "${HOSTNAME}" || {
|
||||
ERROR "${HOSTNAME}" ; exit 9$? ; }
|
||||
|
||||
# use the following passwordless demonstration key for testing or
|
||||
# replace with your own key pair
|
||||
#
|
||||
# -----BEGIN OPENSSH PRIVATE KEY-----
|
||||
# b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
# NhAAAAAwEAAQAAAYEA0QiQkNVA/ULJVg0sOT8LL22tFrH9aTuIaMOQbTWmZ9MS2aU6tp6h
|
||||
# RCbIVJHf8wlhew1soZjaYUPHPlPsHJnTVXINqSNZD8atFWcwX2e3A8IY4Hi7CL0171Ph1U
|
||||
# bbF4eHORZVF6UY3/8fmt76hUbzbEXdQxPuWakB2zlW57ErZNz2aaWgcjIPgGWTMeejlJNq
|
||||
# WQoL6QsI+iyIsasLsTSj8ZiX+OUcjrD1F8AsJKvVA+JnuY5LEzz5Ld6HlFsNWUkhfBf9eN
|
||||
# ZqFrBsUp3eTcQmz1FhqEX2HB3POuRO9JzeFq2ZDO0RSP7OZr0Lbo/HUS+uyVBML3bxAztB
|
||||
# Ac9tRVf4jq2nF3dqJpU1EivsGK1hrYsEMBIK+K+W4psQysvS/FJWiWfjjYS0z/HnEx2JGl
|
||||
# NQu+bC1/WWHeWLao4jRrDRfsHVulq160Ilnsqxiu2cGwO5WoEsSGu8nqpyg43ZHCb0FwmB
|
||||
# izPQDASlniWjqcKmfnTrpzAy3eVWawwlNpaQkidTAAAFgGKSj8diko/HAAAAB3NzaC1yc2
|
||||
# EAAAGBANEIkJDVQP1CyVYNLDk/Cy9trRax/Wk7iGjDkG01pmfTEtmlOraeoUQmyFSR3/MJ
|
||||
# YXsNbKGY2mFDxz5T7ByZ01VyDakjWQ/GrRVnMF9ntwPCGOB4uwi9Ne9T4dVG2xeHhzkWVR
|
||||
# elGN//H5re+oVG82xF3UMT7lmpAds5VuexK2Tc9mmloHIyD4BlkzHno5STalkKC+kLCPos
|
||||
# iLGrC7E0o/GYl/jlHI6w9RfALCSr1QPiZ7mOSxM8+S3eh5RbDVlJIXwX/XjWahawbFKd3k
|
||||
# 3EJs9RYahF9hwdzzrkTvSc3hatmQztEUj+zma9C26Px1EvrslQTC928QM7QQHPbUVX+I6t
|
||||
# pxd3aiaVNRIr7BitYa2LBDASCvivluKbEMrL0vxSVoln442EtM/x5xMdiRpTULvmwtf1lh
|
||||
# 3li2qOI0aw0X7B1bpatetCJZ7KsYrtnBsDuVqBLEhrvJ6qcoON2Rwm9BcJgYsz0AwEpZ4l
|
||||
# o6nCpn5066cwMt3lVmsMJTaWkJInUwAAAAMBAAEAAAGAEuz77Hu9EEZyujLOdTnAW9afRv
|
||||
# XDOZA6pS7yWEufjw5CSlMLwisR83yww09t1QWyvhRqEyYmvOBecsXgaSUtnYfftWz44apy
|
||||
# /gQYvMVELGKaJAC/q7vjMpGyrxUPkyLMhckALU2KYgV+/rj/j6pBMeVlchmk3pikYrffUX
|
||||
# JDY990WVO194Dm0buLRzJvfMKYF2BcfF4TvarjOXWAxSuR8www050oJ8HdKahW7Cm5S0po
|
||||
# FRnNXFGMnLA62vN00vJW8V7j7vui9ukBbhjRWaJuY5rdG/UYmzAe4wvdIEnpk9xIn6JGCp
|
||||
# FRYTRn7lTh5+/QlQ6FXRP8Ir1vXZFnhKzl0K8Vqh2sf4M79MsIUGAqGxg9xdhjIa5dmgp8
|
||||
# N18IEDoNEVKUbKuKe/Z5yf8Z9tmexfH1YttjmXMOojBvUHIjRS5hdI9NxnPGRLY2kjAzcm
|
||||
# gV9Rv3vtdF/+zalk3fAVLeK8hXK+di/7XTvYpfJ2EZBWiNrTeagfNNGiYydsQy3zjZAAAA
|
||||
# wBNRak7UrqnIHMZn7pkCTgceb1MfByaFtlNzd+Obah54HYIQj5WdZTBAITReMZNt9S5NAR
|
||||
# M8sQB8UoZPaVSC3ppILIOfLhs6KYj6RrGdiYwyIhMPJ5kRWF8xGCLUX5CjwH2EOq7XhIWt
|
||||
# MwEFtd/gF2Du7HUNFPsZGnzJ3e7pDKDnE7w2khZ8CIpTFgD769uBYGAtk45QYTDo5JroVM
|
||||
# ZPDq08Gb/RhIgJLmIpMwyreVpLLLe8SwoMJJ+rihmnJZxO8gAAAMEA0lhiKezeTshht4xu
|
||||
# rWc0NxxD84a29gSGfTphDPOrlKSEYbkSXhjqCsAZHd8S8kMr3iF6poOk3IWSvFJ6mbd3ie
|
||||
# qdRTgXH9Thwk4KgpjUhNsQuYRHBbI59Mo+BxSI1B1qzmJSGdmCBL54wwzZmFKDQPQKPxiL
|
||||
# n0Mlc7GooiDMjT1tbuW/O1EL5EqTRqwgWPTKhBA6r4PnGF150hZRIMooZkD2zX6b1sGojk
|
||||
# QpvKkEykTwnKCzF5TXO8+wJ3qbcEo9AAAAwQD+Z0r68c2YMNpsmyj3ZKtZNPSvJNcLmyD/
|
||||
# lWoNJq3djJN4s2JbK8l5ARUdW3xSFEDI9yx/wpfsXoaqWnygP3PoFw2CM4i0EiJiyvrLFU
|
||||
# r3JLfDUFRy3EJ24RsqbigmEsgQOzTl3xfzeFPfxFoOhokSvTG88PQji1AYHz5kA7p6Zfaz
|
||||
# Ok11rJYIe7+e9B0lhku0AFwGyqlWQmS/MhIpnjHIk5tP4heHGSmzKQWJDbTskNWd6aq1G7
|
||||
# 6HWfDpX4HgoM8AAAALaG9sbWFuYkBhcmM=
|
||||
# -----END OPENSSH PRIVATE KEY-----
|
||||
#
|
61
overlay/Linux/usr/local/bin/toxcore_delete-vm.bash
Executable file
61
overlay/Linux/usr/local/bin/toxcore_delete-vm.bash
Executable file
@ -0,0 +1,61 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# from https://github.com/earlruby/create-vm/
|
||||
|
||||
[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
||||
. /usr/local/bin/usr_local_tput.bash || {
|
||||
DBUG() { echo DEBUG $* ; }
|
||||
INFO() { echo INFO $* ; }
|
||||
WARN() { echo WARN $* ; }
|
||||
ERROR() { echo ERROR $* ; }
|
||||
}
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=toxcore
|
||||
|
||||
# delete-vm - Delete a virtual machine created with create-vm
|
||||
|
||||
# Copyright 2018-2023 Earl C. Ruby III
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
VM=$1
|
||||
|
||||
# Set VM_IMAGE_DIR environment variable to override default storage location for VMs
|
||||
VM_IMAGE_DIR=${VM_IMAGE_DIR:-"${HOME}/vms/virsh"}
|
||||
|
||||
VM_IMAGE="${VM_IMAGE_DIR}/images/$VM.img"
|
||||
CI_IMAGE="${VM_IMAGE_DIR}/images/$VM-cidata.img"
|
||||
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
usage: $0 vmname
|
||||
EOF
|
||||
}
|
||||
|
||||
if [[ -z $VM ]]; then
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ -e $VM_IMAGE ]]; then
|
||||
# VM exists
|
||||
virsh destroy "$VM"
|
||||
virsh undefine "$VM"
|
||||
rm -fv "$VM_IMAGE" "$CI_IMAGE"
|
||||
else
|
||||
echo "Cannot find an VM image file named '$VM_IMAGE'. Attempting undefine..."
|
||||
virsh undefine "$VM"
|
||||
fi
|
55
overlay/Linux/usr/local/bin/toxcore_get-vm-ip.bash
Executable file
55
overlay/Linux/usr/local/bin/toxcore_get-vm-ip.bash
Executable file
@ -0,0 +1,55 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# from https://github.com/earlruby/create-vm/
|
||||
|
||||
[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
||||
. /usr/local/bin/usr_local_tput.bash || {
|
||||
DBUG() { echo DEBUG $* ; }
|
||||
INFO() { echo INFO $* ; }
|
||||
WARN() { echo WARN $* ; }
|
||||
ERROR() { echo ERROR $* ; }
|
||||
}
|
||||
|
||||
prog=`basename $0 .bash`
|
||||
PREFIX=/usr/local
|
||||
ROLE=toxcore
|
||||
|
||||
. /usr/local/etc/testforge/testforge.bash
|
||||
[ -n "$HOSTVMS_VAR_LOCAL" ] && PREFIX=$HOSTVMS_VAR_LOCAL
|
||||
|
||||
# get-node-ip - Get the IP address of a VM managed by virsh.
|
||||
|
||||
# Copyright 2018-2023 Earl C. Ruby III
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
usage()
|
||||
{
|
||||
cat << EOF
|
||||
usage: $0 hostname
|
||||
|
||||
This script will take a virsh-managed VM hostname and return the IP address.
|
||||
EOF
|
||||
}
|
||||
|
||||
HOSTNAME=$1
|
||||
|
||||
if [[ -z $HOSTNAME ]]; then
|
||||
echo "ERROR: Hostname is required"
|
||||
usage
|
||||
exit 1
|
||||
fi
|
||||
|
||||
MAC=$(virsh domiflist $HOSTNAME | awk '{ print $5 }' | tail -2 | head -1)
|
||||
arp -a | grep $MAC | awk '{ print $2 }' | sed 's/[()]//g'
|
||||
INFO MAC=$MAC arp=$arp
|
70
overlay/Linux/usr/local/bin/usr_loc
Executable file
70
overlay/Linux/usr/local/bin/usr_loc
Executable file
@ -0,0 +1,70 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
[ -z "$prog" ] && prog=`basename $0 .bash`
|
||||
[ -z "$USER" ] && USER=$( id -un )
|
||||
[ -z "$DEBUG" ] && DEBUG=0
|
||||
|
||||
if [ -n "$TERM" ] ; then
|
||||
# vars that can be used to change font color
|
||||
blue=$(tput setaf 6)
|
||||
cyan=$(tput setaf 5)
|
||||
green=$(tput setaf 2)
|
||||
yellow=$(tput setaf 3)
|
||||
red=$(tput setaf 1)
|
||||
normal=$(tput sgr0) # default color
|
||||
else
|
||||
blue=
|
||||
cyan=
|
||||
green=
|
||||
yellow=
|
||||
red=
|
||||
normal=
|
||||
fi
|
||||
|
||||
FTAL () {
|
||||
echo ${red}FATL:${normal} $*
|
||||
exit $1
|
||||
}
|
||||
ftal () { FTAL >&2 "$@" ; }
|
||||
panic () { FTAL >&2 "$@" ; }
|
||||
|
||||
ERROR () {
|
||||
echo ${red}EROR:${normal} $*
|
||||
return 0
|
||||
}
|
||||
error () { ERROR >&2 $* ; }
|
||||
|
||||
WARN () {
|
||||
echo ${yellow}WARN:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
warn () { WARN >&2 $* ; }
|
||||
|
||||
USAGE () {
|
||||
echo ${yellow}USAGE:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
usage () { USAGE >&2 $* ; }
|
||||
|
||||
INFO () {
|
||||
echo ${green}INFO:${normal} $*
|
||||
return 0
|
||||
}
|
||||
info () { INFO >&2 $* ; }
|
||||
|
||||
DBUG () {
|
||||
[ -z "$DEBUG" -o "$DEBUG" -eq 0 ] || echo ${blue}DBUG:${normal} $*
|
||||
return 0
|
||||
}
|
||||
dbug () { DBUG >&2 $* ; }
|
||||
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
|
||||
|
||||
usage () {
|
||||
echo ${yellow}USAGE:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
USAGE () { usage $* ; }
|
36
overlay/Linux/usr/local/bin/usr_local_base.bash
Executable file
36
overlay/Linux/usr/local/bin/usr_local_base.bash
Executable file
@ -0,0 +1,36 @@
|
||||
#!/bin/bash
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
[ -z "$prog" ] && prog=`basename $0 .bash`
|
||||
[ -z "$USER" ] && USER=$( id -un )
|
||||
[ -f /usr/local/bin/usr_local_tput.bash ] && \
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
## box_gentoo_emerge
|
||||
box_gentoo_emerge () {
|
||||
[ "$#" -lt 1 ] && return 0
|
||||
local elt
|
||||
declare -a ARGS
|
||||
for elt in "$@" ; do
|
||||
[ -z "$elt" ] && continue
|
||||
grep -q "^$elt$" /var/lib/portage/world && continue
|
||||
ls /var/db/pkg/"$elt"-[0-9]* 2>/dev/null >/dev/null && continue
|
||||
qlist -IsS "$elt" | grep -q "^$elt" && continue
|
||||
equery l -f "^$elt$" | grep '^.I' && continue
|
||||
ARGS+=($elt)
|
||||
done
|
||||
[ "${#ARGS[@]}" -eq 0 ] && exit 0
|
||||
INFO "${ARGS[@]}"
|
||||
/usr/local/sbin/box_gentoo_emerge.bash "${ARGS[@]}" || return $?
|
||||
return 0
|
||||
}
|
||||
|
||||
base=usr_local_base
|
||||
# DBUG 0=$0
|
||||
if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then
|
||||
[ "$#" -eq 0 ] && exit 0
|
||||
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
|
||||
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'|sort && exit 0
|
||||
eval "$@"
|
||||
exit $?
|
||||
fi
|
76
overlay/Linux/usr/local/bin/usr_local_tput.bash
Executable file
76
overlay/Linux/usr/local/bin/usr_local_tput.bash
Executable file
@ -0,0 +1,76 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
[ -z "$TERM" ] && exit 0
|
||||
[ -z "$prog" ] && prog=`basename $0 .bash`
|
||||
[ -z "$USER" ] && USER=$( id -un )
|
||||
[ -z "$DEBUG" ] && DEBUG=0
|
||||
|
||||
if [ -n "$TERM" ] ; then
|
||||
# vars that can be used to change font color
|
||||
blue=$(tput setaf 6)
|
||||
cyan=$(tput setaf 5)
|
||||
green=$(tput setaf 2)
|
||||
yellow=$(tput setaf 3)
|
||||
red=$(tput setaf 1)
|
||||
normal=$(tput sgr0) # default color
|
||||
else
|
||||
blue=
|
||||
cyan=
|
||||
green=
|
||||
yellow=
|
||||
red=
|
||||
normal=
|
||||
fi
|
||||
|
||||
FATL () {
|
||||
[ $# -eq 1 ] && code=1
|
||||
[ $# -gt 1 ] && code=$1 && shift
|
||||
echo ${red}FATL:${normal} $*
|
||||
exit 1
|
||||
}
|
||||
ftal () { FATL >&2 "$@" ; }
|
||||
panic () { FATL >&2 "$@" ; }
|
||||
PANIC () { FATL >&2 "$@" ; }
|
||||
|
||||
ERROR () {
|
||||
echo ${red}EROR:${normal} $*
|
||||
return 0
|
||||
}
|
||||
error () { ERROR >&2 $* ; }
|
||||
|
||||
WARN () {
|
||||
echo ${yellow}WARN:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
warn () { WARN >&2 $* ; }
|
||||
|
||||
USAGE () {
|
||||
echo ${yellow}USAGE:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
usage () { USAGE >&2 $* ; }
|
||||
|
||||
INFO () {
|
||||
echo ${green}INFO:${normal} $*
|
||||
return 0
|
||||
}
|
||||
info () { INFO >&2 $* ; }
|
||||
|
||||
DBUG () {
|
||||
[ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || echo ${blue}DBUG:${normal} $*
|
||||
return 0
|
||||
}
|
||||
dbug () { DBUG >&2 $* ; }
|
||||
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
|
||||
|
||||
usage () {
|
||||
echo ${yellow}USAGE:${normal} $*
|
||||
return 0
|
||||
|
||||
}
|
||||
USAGE () { usage $* ; }
|
||||
|
||||
ols_are_we_connected () { route | grep -q ^default ; return $? ; }
|
35
overlay/Linux/usr/local/bin/yaml_to_bash.bash
Executable file
35
overlay/Linux/usr/local/bin/yaml_to_bash.bash
Executable file
@ -0,0 +1,35 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# pkuczynski/parse_yaml.sh
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
|
||||
# FixMe: lists should be space delineated not comma
|
||||
|
||||
parse_yaml() {
|
||||
local prefix
|
||||
local depth
|
||||
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
|
||||
|
||||
[ "$#" -eq 2 ] && prefix=$2 || prefix=""
|
||||
[ "$#" -gt 2 ] && depth=$3 || depth=""
|
||||
|
||||
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
|
||||
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
|
||||
awk -F$fs '{
|
||||
indent = length($1)/2;
|
||||
vname[indent] = $2;
|
||||
for (i in vname) {
|
||||
if (i > indent) {delete vname[i]}}
|
||||
if (length($3) > 0) {
|
||||
vn="";
|
||||
for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
|
||||
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
|
||||
}
|
||||
}'
|
||||
}
|
||||
|
||||
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash.bash' -o $( basename -- $0 ) = 'parse_yaml.sh' ] ; then
|
||||
parse_yaml "$@"
|
||||
fi
|
34
overlay/Linux/usr/local/bin/yaml_to_bash2.bash
Executable file
34
overlay/Linux/usr/local/bin/yaml_to_bash2.bash
Executable file
@ -0,0 +1,34 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# pkuczynski/parse_yaml.sh
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
|
||||
# FixMe: lists should be space delineated not comma
|
||||
# Read YAML file from Bash script
|
||||
# Credits: https://gist.github.com/pkuczynski/8665367
|
||||
# Updated to support single quotes
|
||||
parse_yaml() {
|
||||
local prefix
|
||||
local depth
|
||||
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
|
||||
[ "$#" -gt 1 ] && prefix=$2 || prefix=""
|
||||
[ "$#" -gt 2 ] && depth=$3 || depth=""
|
||||
|
||||
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
|
||||
-ne "s|^\($s\)\($w\)$s:$s'\(.*\)'$s\$|\1$fs\2$fs\3|p" \
|
||||
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
|
||||
awk -F$fs '{
|
||||
indent = length($1)/2;
|
||||
vname[indent] = $2;
|
||||
for (i in vname) {if (i > indent) {delete vname[i]}}
|
||||
if (length($3) > 0) {
|
||||
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
|
||||
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
|
||||
}
|
||||
}'
|
||||
}
|
||||
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash2.bash' -o $( basename -- $0 ) = 'parse_yaml2.sh' ] ; then
|
||||
parse_yaml "$@"
|
||||
fi
|
68
overlay/Linux/usr/local/bin/yaml_to_bash3.bash
Executable file
68
overlay/Linux/usr/local/bin/yaml_to_bash3.bash
Executable file
@ -0,0 +1,68 @@
|
||||
#!/usr/bin/env bash
|
||||
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
# shellcheck disable=SC1003
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
|
||||
# github.com/jasperes/bash-yaml/script/yaml.sh
|
||||
|
||||
# Based on https://gist.github.com/pkuczynski/8665367
|
||||
|
||||
parse_yaml() {
|
||||
local yaml_file=$1
|
||||
local prefix=$2
|
||||
local s
|
||||
local w
|
||||
local fs
|
||||
|
||||
s='[[:space:]]*'
|
||||
w='[a-zA-Z0-9_.-]*'
|
||||
fs="$(echo @|tr @ '\034')"
|
||||
|
||||
(
|
||||
sed -e '/- [^\“]'"[^\']"'.*: /s|\([ ]*\)- \([[:space:]]*\)|\1-\'$'\n'' \1\2|g' |
|
||||
|
||||
sed -ne '/^--/s|--||g; s|\"|\\\"|g; s/[[:space:]]*$//g;' \
|
||||
-e "/#.*[\"\']/!s| #.*||g; /^#/s|#.*||g;" \
|
||||
-e "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
|
||||
-e "s|^\($s\)\($w\)${s}[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" |
|
||||
|
||||
awk -F"$fs" '{
|
||||
indent = length($1)/2;
|
||||
if (length($2) == 0) { conj[indent]="+";} else {conj[indent]="";}
|
||||
vname[indent] = $2;
|
||||
for (i in vname) {if (i > indent) {delete vname[i]}}
|
||||
if (length($3) > 0) {
|
||||
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
|
||||
printf("%s%s%s%s=(\"%s\")\n", "'"$prefix"'",vn, $2, conj[indent-1],$3);
|
||||
}
|
||||
}' |
|
||||
|
||||
sed -e 's/_=/+=/g' |
|
||||
|
||||
awk 'BEGIN {
|
||||
FS="=";
|
||||
OFS="="
|
||||
}
|
||||
/(-|\.).*=/ {
|
||||
gsub("-|\\.", "_", $1)
|
||||
}
|
||||
{ print }'
|
||||
) < "$yaml_file"
|
||||
}
|
||||
|
||||
create_variables() {
|
||||
local yaml_file="$1"
|
||||
local prefix="$2"
|
||||
eval $(parse_yaml "$yaml_file" "$prefix")
|
||||
}
|
||||
|
||||
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash3.bash' -o $( basename -- $0 ) = 'parse_yaml3.sh' ] ; then
|
||||
[ "$#" -eq 0 ] && echo "USAGE: $0 yamlfile [ prefix ]" && exit 1
|
||||
file=$1
|
||||
shift
|
||||
[ "$#" -gt 1 ] && prefix=$1 || prefix=""
|
||||
echo "DEBUG: $file $prefix"
|
||||
create_variables $file $prefix
|
||||
fi
|
@ -0,0 +1,4 @@
|
||||
# -*-mode: conf; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
|
||||
# This is an auto-generated file - DO NOT EDIT
|
||||
# Edit the fragments in /usr/local/etc/ansible/ansible.cfg/
|
||||
|
@ -0,0 +1 @@
|
||||
[defaults]
|
@ -0,0 +1,44 @@
|
||||
# its a pretty broken debugger - fix it
|
||||
# debug = true
|
||||
inventory_enabled=yaml
|
||||
|
||||
# strategy_plugins = /usr/local/lib/python2.7/site-packages/mitogen-0.2.9-py2.7.egg/ansible_mitogen/plugins/strategy
|
||||
# strategy_plugins = /usr/local/lib/python2.7/site-packages/ansible_mitogen/plugins/strategy
|
||||
# do this in the env to make it easy to pop in and out
|
||||
# strategy = mitogen_linear
|
||||
|
||||
# yaml dense unixy yaml oneline selective skippy stderr myyaml actionable
|
||||
stdout_callback = yaml
|
||||
# skippy
|
||||
display_skipped_hosts = no
|
||||
# stderr
|
||||
# /usr/local/lib/python2.7/site-packages/ansible/plugins/callback/default.py
|
||||
display_failed_stderr = yes
|
||||
|
||||
log_path = var/tmp/2021/01/10/linuxKick150154/base_proxy.log
|
||||
# callback_plugins = /g/TestForge/src/ansible/lib/plugins/
|
||||
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
|
||||
# callback_whitelist = timer
|
||||
command_warnings = False
|
||||
deprecation_warnings = False
|
||||
display_args_to_stdout = False
|
||||
error_on_undefined_vars = True
|
||||
|
||||
force_color = False
|
||||
|
||||
#! fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/bin/lsblk --list --noheadings --paths --output NAME,UUID --exclude 2", "msg": "Timer expired after 30 seconds", "rc": 257}
|
||||
gather_timeout = 120
|
||||
handler_includes_static = True
|
||||
# Ansible by default will override variables in specific precedence orders, as described in Variables.
|
||||
# When a variable of higher precedence wins, it will replace the other value.
|
||||
#?! hash_behaviour = merged
|
||||
|
||||
local_tmp = /var/tmp
|
||||
# library = /usr/share/ansible
|
||||
library = /g/TestForge/src/ansible/library
|
||||
nocows = 0
|
||||
retry_files_enabled = False
|
||||
roles_path = /g/TestForge/src/ansible/roles
|
||||
# exists?
|
||||
plugins_path = /g/TestForge/src/ansible/library/plugins
|
||||
|
@ -0,0 +1,14 @@
|
||||
host_key_checking = False
|
||||
# http://chrisbergeron.com/2018/06/08/ansible_performance_tuning/
|
||||
gathering = smart
|
||||
fact_caching = jsonfile
|
||||
fact_caching_connection = var/tmp/.ansible_fact_cache
|
||||
|
||||
forks = 5
|
||||
timeout = 90
|
||||
# This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values
|
||||
# improve performance with large playbooks at the expense of extra CPU load. Higher values are more
|
||||
# suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage
|
||||
# might be a concern. Default corresponds to the value hardcoded in 2.1: was 1
|
||||
internal_poll_interval=5
|
||||
|
@ -0,0 +1,5 @@
|
||||
# new 2.8
|
||||
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html
|
||||
string_conversion_action = error
|
||||
conditional_bare_variables = false
|
||||
|
@ -0,0 +1,3 @@
|
||||
# https://thepracticalsysadmin.com/turbocharge-your-ansible-playbooks/
|
||||
[ssh_connection]
|
||||
pipelining = True
|
@ -0,0 +1,3 @@
|
||||
[inventory]
|
||||
enable_plugins = yaml
|
||||
|
@ -0,0 +1,3 @@
|
||||
[chroot_connection]
|
||||
# exe = /usr/local/sbin/base_chroot.bash
|
||||
exe = /bin/chroot
|
519
overlay/Linux/usr/local/etc/local.d/local.bash
Executable file
519
overlay/Linux/usr/local/etc/local.d/local.bash
Executable file
@ -0,0 +1,519 @@
|
||||
#!/bin/bash
|
||||
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
|
||||
|
||||
# prog=rc.local
|
||||
PREFIX=/usr/local
|
||||
ROLE=local
|
||||
|
||||
export PATH=$PATH:/usr/local/sbin:/usr/local/bin
|
||||
|
||||
if [ -x /sbin/rc-service ] ; then
|
||||
local_rc_service () { rc-service "$@" ; }
|
||||
local_rc_update () { rc-update "$@" ; }
|
||||
elif [ -x /bin/systemctl ] ; then
|
||||
local_rc_service () {
|
||||
systemctl list-units --no-pager | grep -q $1 && \
|
||||
echo INFO: /usr/sbin/service "$@" || \
|
||||
echo WARN: /usr/sbin/service "$@"
|
||||
/usr/sbin/service "$@" 2>/dev/null
|
||||
return $?
|
||||
}
|
||||
local_rc_update () {
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
systemctl list-units --no-pager
|
||||
return $?
|
||||
fi
|
||||
dir=$1 ; shift ;
|
||||
svc=$1 ; shift ;
|
||||
if [ $dir = add ] ; then
|
||||
dire=enable
|
||||
elif [ $dir = del ] ; then
|
||||
dire=disable
|
||||
else
|
||||
dire=$dir
|
||||
fi
|
||||
echo INFO: $prog systemctl --no-pager $dire $svc "$@"
|
||||
systemctl --no-pager $dire $svc "$@"
|
||||
return $?
|
||||
}
|
||||
elif [ -x /usr/sbin/service ] ; then
|
||||
local_rc_service () {
|
||||
/usr/sbin/service --status-all 2>&1 | grep -q $1 && \
|
||||
echo INFO: /usr/sbin/service "$@" || \
|
||||
echo WARN: /usr/sbin/service "$@"
|
||||
/usr/sbin/service "$@" 2>/dev/null
|
||||
return $?
|
||||
}
|
||||
local_rc_update () {
|
||||
if [ "$#" -eq 0 ] ; then
|
||||
/usr/sbin/service --status-all 2>&1 | sed -e 's/.* //'
|
||||
return $?
|
||||
fi
|
||||
dir=$1 ; shift ;
|
||||
svc=$1 ; shift ;
|
||||
# disable|enable |remove
|
||||
if [ $dir = add ] ; then
|
||||
dire=enable
|
||||
elif [ $dir = del ] ; then
|
||||
dire=disable
|
||||
else
|
||||
dire=$dir
|
||||
fi
|
||||
update-rc.d $svc $dire || echo WARN: update-rc.d $svc $dir $dire
|
||||
}
|
||||
fi
|
||||
proxy_rc_service () { local_rc_service $* ; }
|
||||
proxy_rc_update () { local_rc_update $* ; }
|
||||
|
||||
grep -q root=/dev/vda /proc/cmdline
|
||||
PROXY_IS_VDA=$?
|
||||
|
||||
## local_disable_lid
|
||||
local_disable_lid () {
|
||||
# https://bbs.archlinux.org/viewtopic.php?id=72779
|
||||
echo LID0 > /proc/acpi/wakeup
|
||||
# https://forums.linuxmint.com/viewtopic.php?f=208&t=106532
|
||||
if [ -f /etc/UPower/UPower.conf ] ; then
|
||||
[ -f /etc/UPower/UPower.conf.bak ] || \
|
||||
cp -p /etc/UPower/UPower.conf /etc/UPower/UPower.conf.bak
|
||||
grep -q '^IgnoreLid=true' /etc/UPower/UPower.conf || \
|
||||
sed -e 's@#*IgnoreLid=.*@IgnoreLid=true@' -i /etc/UPower/UPower.conf
|
||||
fi
|
||||
if [ -f /etc/systemd/logind.conf ] ; then
|
||||
[ -f /etc/systemd/logind.conf.bak ] || \
|
||||
cp -p /etc/systemd/logind.conf /etc/systemd/logind.conf.bak
|
||||
grep -q '^HandleLidSwitch=ignore' /etc/systemd/logind.conf || \
|
||||
sed -e 's@^#*HandleLidSwitch=.*@HandleLidSwitch=ignore@' -i /etc/systemd/logind.conf
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_neutersystemd
|
||||
local_config_neutersystemd () {
|
||||
[ ! -f /lib/lsb/init-functions.d/40-systemd ] || \
|
||||
mv /lib/lsb/init-functions.d/40-systemd /lib/lsb/.40-systemd
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_fstab_config
|
||||
local_guest_fstab_config () {
|
||||
|
||||
[ -d /mnt/mnt ] || mkdir /mnt/mnt
|
||||
grep -q 9p /etc/fstab || {
|
||||
echo mnt /mnt/mnt 9p trans=virtio,version=9p2000.L,posixacl,msize=10485760,cache=mmap \
|
||||
>> /etc/fstab
|
||||
}
|
||||
|
||||
# failsafe
|
||||
grep 9p /etc/modules-load.d/*conf 2>/dev/null >/dev/null || \
|
||||
cat > /etc/modules-load.d/9p.conf << EOF
|
||||
9p
|
||||
9pnet
|
||||
9pnet_virtio
|
||||
EOF
|
||||
lsmod | grep -q 9pnet_virtio || modprobe -a `cat /etc/modules-load.d/*.conf`
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_config
|
||||
local_guest_bootstrap () {
|
||||
local_guest_fstab_config
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_config
|
||||
local_guest_config () {
|
||||
local_guest_bootstrap
|
||||
local_guest_config_neutersystemd
|
||||
|
||||
[ -d /etc/qemu ] || mkdir /etc/qemu
|
||||
[ -f /etc/qemu/qemu-ga.conf ] || cat > /etc/qemu/qemu-ga.conf <<EOF
|
||||
[general]
|
||||
daemon=false
|
||||
method=virtio-serial
|
||||
path=/dev/virtio-ports/org.qemu.guest_agent.0
|
||||
pidfile=/run/qemu-ga.pid
|
||||
statedir=/run
|
||||
verbose=true
|
||||
retry-path=false
|
||||
blacklist=
|
||||
logfile=/var/log/libvirtd/qemu-ga.log
|
||||
EOF
|
||||
[ -d /var/log/libvirtd/ ] || mkdir /var/log/libvirtd/
|
||||
|
||||
[ -f /etc/default/qemu-guest-agent.diff ] || cat > /etc/default/qemu-guest-agent.diff <<EOF
|
||||
*** /etc/default/qemu-guest-agent.dst 2021-01-05 03:28:20.579117119 +0000
|
||||
--- /etc/default/qemu-guest-agent 2021-08-27 20:26:36.234739996 +0000
|
||||
***************
|
||||
*** 1 ****
|
||||
! DAEMON_ARGS="--logfile /var/log/libvirtd/qemu-ga.log"
|
||||
--- 1 ----
|
||||
! DAEMON_ARGS="--logfile /var/log/libvirtd/qemu-ga.log --verbose --pidfile /run/qemu-ga.pid"
|
||||
EOF
|
||||
|
||||
[ ! -f /etc/default/qemu-guest-agent ] || \
|
||||
[ -f /etc/default/qemu-guest-agent.dst ] || \
|
||||
patch -z .st -b /etc/default/qemu-guest-agent \
|
||||
< /etc/default/qemu-guest-agent.diff
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_modules_load
|
||||
local_guest_modules_load () {
|
||||
for file in /usr/local/etc/modules-load.d/vda*conf ; do
|
||||
[ -s $file ] || continue
|
||||
base=`basename $file`
|
||||
[ -e /etc/modules-load.d/$base ] && continue
|
||||
echo "# from $file" > /etc/modules-load.d/$base
|
||||
grep -v '^#' $file >> /etc/modules-load.d/$base
|
||||
done
|
||||
|
||||
# old
|
||||
if [ -d /usr/local/etc/modules-load.d/ ] ; then
|
||||
ls /etc/modules-load.d/vda*conf 2>/dev/null >/dev/null || \
|
||||
ln -s /usr/local/etc/modules-load.d/vda*conf /etc/modules-load.d
|
||||
fi
|
||||
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# all
|
||||
## local_lightdm_on_text
|
||||
local_lightdm_on_text () {
|
||||
return 0
|
||||
[ ! -f /usr/sbin/lightdm ] && return 0
|
||||
if [ ! -f /usr/sbin/lightdm.bin ] ; then
|
||||
[ -f /usr/sbin/lightdm.bad ] && mv /usr/sbin/lightdm.bad /usr/sbin/lightdm.bin
|
||||
[ ! -f /usr/sbin/lightdm.bin ] && mv /usr/sbin/lightdm /usr/sbin/lightdm.bin
|
||||
if [ -f /usr/sbin/lightdm.bin ] && [ -f /usr/sbin/lightdm ] ; then
|
||||
cat > /usr/sbin/lightdm << EOF
|
||||
#!/bin/sh
|
||||
grep -q ' text ' /proc/cmdline && exit 0
|
||||
exec /usr/sbin/lightdm.bin "$@"
|
||||
EOF
|
||||
chmod 755 /usr/sbin/lightdm
|
||||
fi
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_guest_start_services
|
||||
local_guest_start_services () { local_guest_start ; }
|
||||
## local_guest_start
|
||||
local_guest_start () {
|
||||
|
||||
local_guest_modules_load
|
||||
|
||||
lsmod | grep -q 9pnet_virtio || \
|
||||
grep -hv '#' /etc/modules-load.d/vda*.conf | xargs modprobe --all
|
||||
|
||||
# local_start_and_add_services $*
|
||||
|
||||
exit 0
|
||||
}
|
||||
|
||||
## local_guest_add_xorg_conf
|
||||
local_guest_add_xorg_conf () {
|
||||
[ -f /etc/X11/xorg.conf.d/80_qxl.conf ] || \
|
||||
grep -q 'Drive.*qxl' /etc/X11/xorg.conf.d/*.conf || \
|
||||
cat > /etc/X11/xorg.conf.d/80_qxl.conf << EOF
|
||||
# BEGIN ANSIBLE MANAGED BLOCK proxy whonix_guest.yml
|
||||
Section "Device"
|
||||
Identifier "qxl"
|
||||
Driver "qxl"
|
||||
Option "DPI" "96 x 96"
|
||||
Option "ENABLE_IMAGE_CACHE" "True"
|
||||
Option "ENABLE_FALLBACK_CACHE" "False"
|
||||
Option "ENABLE_SURFACES" "False"
|
||||
EndSection
|
||||
# END ANSIBLE MANAGED BLOCK proxy whonix_guest.yml
|
||||
EOF
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
## local_guest_status
|
||||
local_guest_status () {
|
||||
if [ ! -f /var/log/libvirtd/qemu-ga.log ] ; then
|
||||
echo WARN: missing /var/log/libvirtd/qemu-ga.log
|
||||
elif grep -q critical: /var/log/libvirtd/qemu-ga.log ; then
|
||||
echo ERROR: critical /var/log/libvirtd/qemu-ga.log
|
||||
fi
|
||||
return 0
|
||||
}
|
||||
|
||||
# vda
|
||||
## local_host_symlink_usr_src
|
||||
local_host_symlink_etc_fstab () {
|
||||
# guest
|
||||
[ -h /etc/fstab ] && [ -f /etc/fstab.vda ] && \
|
||||
rm -f /etc/fstab && ln -s /etc/fstab.vda /etc/fstab
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_host_make_dmcrypt_swap
|
||||
local_host_make_dmcrypt_swap () {
|
||||
local two five
|
||||
|
||||
if ! grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps ; then
|
||||
blkid > ~/blkid.txt
|
||||
five=`grep _05E ~/blkid.txt | head -1`
|
||||
if [ $? -eq 0 -a -n "$five" ] ; then
|
||||
two=`echo $five | sed -e 's/_.*//' -e 's/.*="//'`_02SWAP
|
||||
if ! grep $two ~/blkid.txt ; then
|
||||
dev=`echo $five | sed -e 's/:.*//' -e 's/5/2/'`
|
||||
[ $? -eq 0 -a -n "$dev" ] && mkswap -L $two $dev
|
||||
fi
|
||||
grep $two /etc/conf.d/dmcrypt && local_rc_service dmcrypt restart || echo WARN: $two not in /etc/conf.d/dmcrypt
|
||||
grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps || local_rc_service swap restart
|
||||
# if its not in fstab
|
||||
grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps || swapon /dev/mapper/cryptswap*
|
||||
fi
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# all
|
||||
local_start_services () { local_start_and_add_services ; }
|
||||
## local_start_and_add_services
|
||||
local_start_and_add_services () {
|
||||
|
||||
for elt in $*; do
|
||||
local_rc_service $elt status >/dev/null || local_rc_service $elt start
|
||||
local_rc_update | grep -q $elt || local_rc_update add $elt
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# all
|
||||
## local_manual_stop_services
|
||||
local_manual_stop_services () {
|
||||
# set these to stop now and restart them manually as we configure them
|
||||
# rsync on debian
|
||||
for elt in $* ; do
|
||||
local_rc_service $elt status >/dev/null && local_rc_service $elt stop
|
||||
local_rc_update | grep -q $elt && local_rc_update del $elt
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
# host
|
||||
## local_host_symlink_usr_src
|
||||
local_host_symlink_usr_src () {
|
||||
local dir
|
||||
# broken
|
||||
dir=`cat /proc/cmdline|sed -e 's/.*BOOT_IMAGE=kernel-pentoo-x86_64/linux/' -e 's/_.*//'`
|
||||
WD=$PWD
|
||||
cd /usr/src
|
||||
if [ -d $dir ] ; then
|
||||
rm -f linux
|
||||
ln -s $dir linux || echo WARN: $PWD/$dir not found
|
||||
fi
|
||||
cd $WD
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# host
|
||||
## local_host_restart_psmouse
|
||||
local_host_restart_psmouse () {
|
||||
local_rc_service gpm status && local_rc_service gpm stop
|
||||
rmmod psmouse; sleep 1; modprobe psmouse proto=exps
|
||||
local_rc_service gpm start
|
||||
return 0
|
||||
}
|
||||
|
||||
# host
|
||||
## local_host_restart_intel_sound
|
||||
local_host_restart_intel_sound () {
|
||||
which aplay >/dev/null 2>/dev/null || return 0
|
||||
|
||||
# both
|
||||
if ! aplay -L | grep -q default:CARD=PCH ; then
|
||||
rmmod snd_hda_intel ;
|
||||
sleep 5
|
||||
modprobe snd_hda_intel enable=1 ;
|
||||
sleep 1
|
||||
aplay -L >/dev/null || exit 2
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_kicksecure
|
||||
local_kicksecure () {
|
||||
local_guest || exit 1$?
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_gateway
|
||||
local_gateway () {
|
||||
local_guest || exit 1$?
|
||||
return 0
|
||||
}
|
||||
|
||||
ELTS="sdwdate rads"
|
||||
|
||||
## local_guest
|
||||
local_guest () {
|
||||
# grep -q text /proc/cmdline && local_lightdm_on_text
|
||||
local_all
|
||||
local_guest_config
|
||||
local_guest_start
|
||||
|
||||
if [ -d /etc/apt ] ; then
|
||||
# bootstrap for ansible
|
||||
if ! apt-cache search openssh-server | grep -q Size ; then
|
||||
apt-get install openssh-server
|
||||
fi
|
||||
local_start_and_add_services ssh
|
||||
if grep -q text /proc/cmdline ; then
|
||||
local_manual_stop_services graphical lightdm rads
|
||||
fi
|
||||
fi
|
||||
# local_manual_mask_services $ELTS
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_host
|
||||
local_host () {
|
||||
local_host_crit_boot || exit 1$?
|
||||
local_disable_lid
|
||||
local_host_restart_intel_sound
|
||||
local_host_restart_psmouse
|
||||
local_all
|
||||
return 0
|
||||
}
|
||||
|
||||
# local_null_machineid
|
||||
local_null_machineid () {
|
||||
[ -s /etc/machine-id ] && cp /dev/null /etc/machine-id
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_all
|
||||
local_all () {
|
||||
local_host_crit_boot || exit 2
|
||||
uuidgen > /etc/machine-id
|
||||
|
||||
local_config_neutersystemd
|
||||
local_null_machineid
|
||||
|
||||
touch /var/log/boot
|
||||
|
||||
chmod 775 /usr/local/*bin/*sh
|
||||
local_neuter_gvfs
|
||||
|
||||
( cd /var/tmp && rm -rf ansible-local-* Temp-* ssh-* pulse-* .xfsm-ICE-* )
|
||||
|
||||
local_systemd_stop_and_mask
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_manual_mask_services
|
||||
local_manual_mask_services () {
|
||||
if [ -d /usr/local/etc/systemd/ ] ; then
|
||||
local_systemd_stop_and_mask $* || return 1$?
|
||||
elif [ -x /usr/sbin/update-rc.d ] ; then
|
||||
/usr/sbin/invoke-rc.d $1 stop
|
||||
/usr/sbin/update-rc.d $1 remove || return 2$?
|
||||
elif [ /sbin/rc-update ] ; then
|
||||
/sbin/rc-service $1 stop
|
||||
/sbin/rc-update $1 del || return 3$?
|
||||
fi
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# local_guest_neutersystemd
|
||||
local_guest_neutersystemd () {
|
||||
local_systemd_stop_and_mask
|
||||
return $?
|
||||
}
|
||||
|
||||
## local_systemd_stop_and_mask
|
||||
local_systemd_stop_and_mask () {
|
||||
[ -d /lib/systemd/system/ ] || return 0
|
||||
[ $# -eq 0 ] && [ -d /usr/local/etc/systemd/ ] && \
|
||||
set - `grep -l -v '#\|@\.service' /usr/local/etc/systemd/*.mask`
|
||||
for file in $* ; do
|
||||
[ -e /lib/systemd/system/$file ] || continue
|
||||
elt=`basename $file`
|
||||
systemctl is-enabled $elt 2>/dev/null >/dev/null || continue
|
||||
echo INFO: local_systemd_stop_and_mask systemctl disable $elt
|
||||
systemctl disable --now $elt && systemctl mask $elt
|
||||
# [ -h /etc/systemd/system/$file ]
|
||||
# [ `readlink /etc/systemd/system/$file ` = /dev/null ]
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
## local_neuter_gvfs
|
||||
local_neuter_gvfs () {
|
||||
[ -d /usr/local/share/dbus-1/services ] || exit 0
|
||||
cd /usr/local/share/dbus-1/services
|
||||
for file in /usr/share/dbus-1/services/*vfs* ; do
|
||||
sed -e 's@^Exec=.*@Exec=/bin/false@' > `basename $file`
|
||||
done
|
||||
}
|
||||
|
||||
# local_link_linux
|
||||
local_link_linux () {
|
||||
|
||||
sed < /proc/cmdline -e 's@.*BOOT_IMAGE=vmlinuz-@linux-@' -e 's/[_ ].*//'| \
|
||||
while read line ; do
|
||||
[ -z "$line" ] && continue
|
||||
[ -d "/usr/src/$line" ] || { echo WARN: /usr/src/$line ; continue ; }
|
||||
rm -f /usr/src/linux
|
||||
echo INFO: /usr/src/$line /usr/src/linux
|
||||
ln -s /usr/src/$line /usr/src/linux
|
||||
done
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
# local_host_crit_boot
|
||||
local_host_crit_boot () {
|
||||
[ -d /mnt/l/syslinux ] || return 0
|
||||
local a=`grep BOOT_IMAGE /proc/cmdline |sed -e 's/.*BOOT_IMAGE=//' -e 's/ .*//'`
|
||||
[ -n "$a" ] || return 1
|
||||
[ -f "/boot/$a" ] || return 2
|
||||
[ -f "/mnt/l/syslinux/$a" ] || return 3
|
||||
|
||||
diff "/boot/$a" "/mnt/l/syslinux/$a" || {
|
||||
/usr/local/bin/base_wall.bash $prog 'CRIT: ' "/boot/$a" "/mnt/l/syslinux/$a"
|
||||
return 4
|
||||
}
|
||||
|
||||
a=`grep initrd= /proc/cmdline |sed -e 's/.*initrd=//' -e 's/ .*//' -e 's/.*,//'`
|
||||
[ -n "$a" ] || return 11
|
||||
[ -f "/boot/$a" ] || return 12
|
||||
[ -f "/mnt/l/syslinux/$a" ] || return 13
|
||||
diff "/boot/$a" "/mnt/l/syslinux/$a" || {
|
||||
/usr/local/bin/base_wall.bash $prog 'CRIT: ' "/boot/$a" "/mnt/l/syslinux/$a"
|
||||
return 14
|
||||
}
|
||||
|
||||
return 0
|
||||
}
|
||||
|
||||
base=local
|
||||
if [ -x /usr/bin/basename ] && [ `/usr/bin/basename -- $0` = $base'.bash' ] ; then
|
||||
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
|
||||
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'| sort \
|
||||
&& exit 0
|
||||
"$@"
|
||||
exit $?
|
||||
fi
|
||||
|
5
overlay/Linux/usr/local/etc/systemd/base.mask
Normal file
5
overlay/Linux/usr/local/etc/systemd/base.mask
Normal file
@ -0,0 +1,5 @@
|
||||
debug-shell.service
|
||||
multi-user.target.wants/swap-file-creator.service
|
||||
swap-file-creator.service
|
||||
systemd-backlight@.service
|
||||
systemd-backlight@backlight.service
|
159
overlay/Linux/usr/local/sbin/base_chroot.bash
Executable file
159
overlay/Linux/usr/local/sbin/base_chroot.bash
Executable file
@ -0,0 +1,159 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
# export PATH=$PATH:/usr/local/bin
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
# MUST be silent
|
||||
error () { retval=$1 ; shift; ERROR $prog $* >&2 ; exit $retval ; }
|
||||
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
|
||||
warn () { : ; }
|
||||
info () { : ; }
|
||||
debug () { : ; }
|
||||
|
||||
# must be run as root
|
||||
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
|
||||
|
||||
[ -x /bin/chroot ] && EXE=/bin/chroot
|
||||
[ -x /usr/sbin/chroot ] && EXE=/usr/sbin/chroot # debian
|
||||
|
||||
setcap CAP_SYS_PTRACE=+ep $EXE
|
||||
|
||||
if [ "$#" -eq "0" ] ; then
|
||||
usage "give an absolute directory name as argument"
|
||||
fi
|
||||
|
||||
LARGS=""
|
||||
CMD=""
|
||||
while true; do
|
||||
case "$1" in
|
||||
'-'*)
|
||||
LARGS="$1"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
|
||||
root=$1
|
||||
shift
|
||||
|
||||
if [ ! -d "$root" ] ; then
|
||||
error 1 "directory not found - $root"
|
||||
fi
|
||||
|
||||
# unix partition
|
||||
[ -d $root/lost+found ] || WARN "No $root/lost+found"
|
||||
# linux partition
|
||||
[ -e $root/usr/src/ ] || WARN "No $root/usr/src"
|
||||
|
||||
# check for /dev/loop devices - up to 255 on android
|
||||
[ -e /dev/loop1 ] || \
|
||||
( cd /dev && \
|
||||
for i in 0 1 2 3 4 5 6 7 ; do
|
||||
[ -e loop$i ] && continue
|
||||
mknod loop$i b 7 $i
|
||||
chmod 660 loop$i
|
||||
chgrp disk loop$i
|
||||
done )
|
||||
|
||||
cd $root || error 6 "Can't cd to $root"
|
||||
|
||||
# sbin/boostrap_chroot.bash
|
||||
for file in .bashrc .bash_profile .bash_logout .emacs ; do
|
||||
[ -f $root/root/$file ] && continue
|
||||
cp -p /root/$file $root/root/
|
||||
done
|
||||
|
||||
for file in tmp usr/tmp var/tmp ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || error 8 " missing directory $file"
|
||||
chmod 1777 $file
|
||||
done
|
||||
# df /var/tmp | grep -q sd.12 || mount /var/tmp
|
||||
|
||||
for file in proc sys dev dev/pts dev/shm usr ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || error 9 "Cant mkdir $file"
|
||||
chmod 755 $file
|
||||
done
|
||||
|
||||
if false ; then
|
||||
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
|
||||
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
|
||||
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
|
||||
# what happens to dev/shm ? its own memory?
|
||||
# required for ansible and firefox
|
||||
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
|
||||
[ -e dev/pts/ptmx ] || \
|
||||
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
|
||||
else
|
||||
# https://wiki.gentoo.org/wiki/Chroot
|
||||
[ -e dev/loop0 ] || \
|
||||
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|
||||
|| error 10 mount --rbind /dev $root/dev
|
||||
[ -e proc/self ] || mount -t proc /proc $root/proc \
|
||||
|| error 11 mount -t proc /proc
|
||||
[ -e sys/block ] || \
|
||||
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|
||||
|| error 12 --rbind /sys $root/sys
|
||||
df -a | grep -q $root/dev/shm || \
|
||||
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
|
||||
df -a | grep -q $root/tmp || mount --rbind /tmp $root/tmp \
|
||||
|| error 13 mount --rbind /tmp $root/tmp
|
||||
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
|
||||
[ -e dev/pts/ptmx ] || \
|
||||
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
|
||||
fi
|
||||
|
||||
# user
|
||||
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
|
||||
cp ~/.Xauthority $root/$HOME
|
||||
cp ~/.xauth* $root/$HOME
|
||||
fi
|
||||
|
||||
base=$( basename $root )
|
||||
[ -e ./start.rc ] || cat > ./start.rc << EOF
|
||||
# env-update && . /etc/profile
|
||||
export PS1='\${tty}\\u@${base}:\\W\\$ '
|
||||
EOF
|
||||
|
||||
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
|
||||
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
|
||||
|
||||
# openpty failed: 'out of pty devices'
|
||||
# root@Flati:11# d /dev/pts/
|
||||
# total 6
|
||||
# 2 ./ 4 ../
|
||||
|
||||
# You'll also want to copy over resolv.conf in order to have proper DNS name
|
||||
# resolution from inside the chroot:
|
||||
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
|
||||
|
||||
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
#? set these to root or derive them? what about -l?
|
||||
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
|
||||
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
|
||||
|
||||
. /usr/local/bin/proxy_export.bash >/dev/null
|
||||
|
||||
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
|
||||
for elt in $EELTS ; do
|
||||
EARGS="$EARGS $( env|grep ^${elt}= )"
|
||||
done
|
||||
|
||||
# mesg: ttyname failed: Success
|
||||
tty=$( tty 2>/dev/null )
|
||||
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
|
||||
|
||||
# was /bin/bash -l
|
||||
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
|
||||
|
||||
# Now you can chroot into your new system. Use env before chroot to ensure that no
|
||||
# environment variables from the installation media are used by your new system:
|
||||
#? PATH=$PATH
|
||||
# info chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
|
||||
exec $EXE $LARGS $root /usr/bin/env -i $EARGS "$@"
|
155
overlay/Linux/usr/local/sbin/base_chroot_caps.bash
Executable file
155
overlay/Linux/usr/local/sbin/base_chroot_caps.bash
Executable file
@ -0,0 +1,155 @@
|
||||
#!/bin/sh
|
||||
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
|
||||
|
||||
prog=$( basename $0 .bash )
|
||||
ROLE=base
|
||||
. /usr/local/bin/usr_local_tput.bash
|
||||
|
||||
# MUST be silent
|
||||
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
|
||||
error () { retval=$1 ; shift; ERROR "$prog" $* >&2 ; exit $retval ; }
|
||||
warn () { WARN "$prog" $* >&2 }
|
||||
info () { INFO "$prog" $* >&2 }
|
||||
debug () { DBUG "$prog" $* >&2 }
|
||||
|
||||
# must be run as root
|
||||
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
|
||||
|
||||
if [ "$#" -eq "0" ] ; then
|
||||
usage "give an absolute directory name as argument"
|
||||
fi
|
||||
|
||||
LARGS=""
|
||||
CMD=""
|
||||
while true; do
|
||||
case "$1" in
|
||||
'-'*)
|
||||
LARGS="$1"
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
break
|
||||
;;
|
||||
esac
|
||||
done
|
||||
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
|
||||
root=$1
|
||||
shift
|
||||
|
||||
if [ ! -d "$root" ] ; then
|
||||
error "directory not found - $root"
|
||||
fi
|
||||
|
||||
# unix partition
|
||||
[ -d $root/lost+found ] || warn "No $root/lost+found"
|
||||
# linux partition
|
||||
[ -e $root/usr/src/ ] || warn "No $root/usr/src"
|
||||
|
||||
# check for /dev/loop devices
|
||||
[ -e /dev/loop1 ] || \
|
||||
( cd /dev && \
|
||||
for i in 0 1 2 3 4 5 6 7 ; do
|
||||
[ -e loop$i ] && continue
|
||||
mknod loop$i b 7 $i
|
||||
chmod 660 loop$i
|
||||
chgrp disk loop$i
|
||||
done )
|
||||
|
||||
cd $root || error 6 "Can't cd to $root"
|
||||
|
||||
# sbin/boostrap_chroot.bash
|
||||
for file in .bashrc .bash_profile .bash_logout .emacs ; do
|
||||
[ -f $root/root/$file ] && continue
|
||||
cp -p /root/$file $root/root/
|
||||
done
|
||||
|
||||
for file in tmp usr/tmp var/tmp ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || error 8 " missing directory $file"
|
||||
chmod 1777 $file
|
||||
done
|
||||
|
||||
for file in proc sys dev dev/pts dev/shm usr ; do
|
||||
[ -d $file ] && continue
|
||||
mkdir $file || error 9 "Cant mkdir $file"
|
||||
chmod 755 $file
|
||||
done
|
||||
|
||||
if false ; then
|
||||
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
|
||||
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
|
||||
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
|
||||
# what happens to dev/shm ? its own memory?
|
||||
# required for ansible and firefox
|
||||
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
|
||||
[ -e dev/pts/ptmx ] || \
|
||||
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
|
||||
else
|
||||
# https://wiki.gentoo.org/wiki/Chroot
|
||||
[ -e dev/null ] || \
|
||||
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|
||||
|| error 10 mount --rbind /dev $root/dev
|
||||
[ -e proc/self ] || mount -t proc /proc $root/proc \
|
||||
|| error 11 mount -t proc /proc
|
||||
[ -e sys/block ] || \
|
||||
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|
||||
|| error 12 --rbind /sys $root/sys
|
||||
df -a | grep -q $root/dev/shm || \
|
||||
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
|
||||
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
|
||||
[ -e dev/pts/ptmx ] || \
|
||||
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
|
||||
fi
|
||||
|
||||
# user
|
||||
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
|
||||
cp ~/.Xauthority $root/$HOME
|
||||
cp ~/.xauth* $root/$HOME
|
||||
fi
|
||||
|
||||
base=$( basename $root )
|
||||
[ -e ./start.rc ] || cat > ./start.rc << EOF
|
||||
# env-update && . /etc/profile
|
||||
export PS1='\${tty}\\u@${osl}${base}:\\W\\$ '
|
||||
EOF
|
||||
|
||||
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
|
||||
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
|
||||
|
||||
# You'll also want to copy over resolv.conf in order to have proper DNS name
|
||||
# resolution from inside the chroot:
|
||||
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
|
||||
|
||||
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
|
||||
#? set these to root or derive them? what about -l?
|
||||
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
|
||||
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
|
||||
|
||||
. /usr/local/bin/proxy_export.bash >/dev/null
|
||||
|
||||
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
|
||||
for elt in $EELTS ; do
|
||||
EARGS="$EARGS $( env|grep ^${elt}= )"
|
||||
done
|
||||
|
||||
[ -n "$BOX_DEBIAN10_VAR_APT_ARCHIVES" ] && \
|
||||
EARGS="$EARGS $BOX_DEBIAN10_VAR_APT_ARCHIVES=$BOX_DEBIAN10_VAR_APT_ARCHIVES"
|
||||
|
||||
# mesg: ttyname failed: Success
|
||||
tty=$( tty 2>/dev/null )
|
||||
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
|
||||
|
||||
# was /bin/bash -l
|
||||
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
|
||||
|
||||
# Now you can chroot into your new system. Use env before chroot to ensure that no
|
||||
# environment variables from the installation media are used by your new system:
|
||||
|
||||
INFO capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 -- /usr/sbin/chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
|
||||
echo >$root/tmp/$$.bash \
|
||||
capsh '--caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep"' --keep=1 -- /tmp/$$.sh
|
||||
echo >$root/tmp/$$.sh \
|
||||
'`which env`' -i $EARGS "$@"
|
||||
capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 --chroot=$root -- /tmp/$$.bash
|
||||
# --chroot=$root -c /usr/bin/env -- -i $EARGS "$@"
|
||||
# exec chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user