emdee
/
base_role
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

first

This commit is contained in:
embed@git.macaw.me 2024-01-06 01:38:28 +00:00
commit b50fd16591
197 changed files with 41663 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
LICENSE Normal file
View File

@ -0,0 +1,21 @@
The MIT License
Copyright 2014 Jakub Jirutka <jakub@jirutka.cz>.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.

22
Makefile Normal file
View File

@ -0,0 +1,22 @@
# -*-mode: makefile; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
PREFIX=/usr/local
USER=`grep PRIV_SKEL_USERS_LIST /usr/local/etc/testforge/testforge.bash|sed -e 's/.*=//' -e 's/"//g'`
WD=${PWD}
daily:: refresh
refresh:: check lint
weekly:: update
update:: test
check::
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
lint::
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@
test::
sudo -u ${USER} /var/local/src/var_local_$(ROLE).bash $@

3
README.md Normal file
View File

@ -0,0 +1,3 @@
This base role is from https://github.com/gentoo-ansible/role-base/
and is just a starting point.

135
defaults/main.yml Executable file
View File

@ -0,0 +1,135 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
# these can be overridden using --extra-vars on the playbook command line
BASE_ROOT_USER: "{{BOX_ROOT_USER|default('root')}}"
BASE_ROOT_GROUP: "{{BOX_ROOT_GROUP|default('root')}}"
BASE_PYTHON2_MINOR: "{{BOX_PYTHON2_MINOR}}"
BASE_PYTHON3_MINOR: "{{BOX_PYTHON3_MINOR}}"
BASE_PORTAGE_PYTHON_MINOR: "{{BOX_PORTAGE_PYTHON_MINOR}}"
BASE_IPV6_DISABLE: "{{BOX_IPV6_DISABLE}}"
# These should come from the wrapper script
BASE_USR_LOCAL: "{{ USR_LOCAL }}"
BASE_PYVENV_ARGS: "--system-site-packages"
BASE_PYVENV2_ARGS: "{{BASE_PYVENV_ARGS}}"
BASE_PYVENV3_ARGS: "{{BASE_PYVENV_ARGS}}"
# this is now ignored and built into pip2.sh/pip3.sh as pip:extra_args is post the install keyword
BASE_PIP_GLOBAL_ARGS: "--disable-pip-version-check --cache-dir {{ PLAY_PIP_CACHE|default('/mnt/o/Cache/Pip') }} --cert '{{ PLAY_CA_CERT|default('/usr/local/etc/ssl/cacert-testforge.pem') }}'"
# force pip packages to be explicitly installed or fail
BASE_PIP_INSTALL_ARGS: "{{ BASE_PIP_GLOBAL_ARGS +' --no-deps --prefix='+USR_LOCAL }}"
# and/or to prevent pip form downloading from the internet
#? BASE_PIP_INSTALL_ARGS: "{{ PIP_INSTALL_ARGS|default('--proxy=localhost:9999') }}"
BASE_USER_NAME: "{{ BOX_USER_NAME }}"
BASE_USER_HOME: "{{ BOX_USER_HOME }}"
BASE_ALSO_GROUP: "{{ BOX_ALSO_GROUP }}"
# These should come from the inventory hosts.yml
HOST_MOUNT_SYMLINKS: []
HOST_MOUNT_SYMLINK_CONTENTS: {}
HOST_CONTAINER_MOUNTS: []
BASE_HOST_CONTAINER_MOUNTS: "{{BOX_HOST_CONTAINER_MOUNTS}}"
HOSTNAME_HARDWARE: ''
BASE_ALSO_USERS: "{{BOX_ALSO_USERS}}"
LXD_TRUST_PASSWORD: ""
# per-user config dir but expanduser is broken so we leave off the ~/ prefix
BASE_USER_CONFIG_DIR: ".config/testforge"
# unused - seems to be built for zip only not tar
BASE_UNTAR_ARGS:
#? - "-C"
- "--owner=root"
- "--group=root"
- "--no-same-owner"
- "--keep-newer-files"
# - "--no-same-permissions"
BASE_PKG_IGNORE_ERRORS: true # "{{ ansible_virtualization_role|replace('NA', 'host') == 'guest' }}"
BASE_IGNORE_LOCAL_ERRORS: BASE_ARE_CONNECTED|default('') == ''
# Look for you timezone in /usr/share/zoneinfo.
# Example: Europe/Prague
BASE_timezone: "{{BOX_timezone}}"
# Is your hardware clock set local (true), or UTC (false)? - true is advised by created problems DB
hwclock_local: "{{BOX_hwclock_local}}"
# Do you want to set the hardware clock to the current system time (software
# clock) during shutdown?
hwclock_systohc: "{{BOX_hwclock_systohc}}"
# Do you want to set the system time to the current hardware clock
# during bootup?
hwclock_hctosys: "{{BOX_hwclock_hctosys}}"
# Should be copies of the /etc/skel files inside the /home/${USER} updated?
# Only files that were not modified by a user will be updated.
skel_update_homes: false
# List of locales to generate.
env_locales:
- "C.UTF-8 UTF-8"
- "en_US.UTF-8 UTF-8"
- "en_GB.UTF-8 UTF-8"
- "en_CA.UTF-8 UTF-8"
# The default system LANG.
env_locale_lang: en_US.UTF-8
# The default EDITOR.
env_editor: "/usr/bin/mg"
BASE_BOOT_DIR: "/boot"
#BASE_BOOT_DIR: "/mnt/l/syslinux"
BASE_ROOT_LOG_DIR: "/root/var/tmp/{{date_slash}}"
BASE_SCRIPT_DIR: "{{USR_LOCAL}}/sbin"
BASE_LOG_DIR: "{{USR_LOCAL}}/var/log"
# subkeys.pgp.net does NOT work
BASE_GENTOO_KEYSERVER: "keys.gentoo.org"
BASE_GPG_SERVER: "{{BOX_GPG_SERVER}}"
# I tried these four, I believe that number 3 finally worked and allowed me to download the keys in question for accessing the tor update servers.
# https://github.com/Stadicus/RaspiBolt/issues/343
# hkps.pool.sks-keyservers.net
# keys.gnupg.net
# pgp.uni-mainz.de
# pgp.mit.edu
BASE_FUNTOO_PROFILES_DIRS:
- /var/local/git/meta-repo/kits/core-kit/profiles/base
BASE_FUNTOO_MIXINS_DIRS:
- /var/local/git/meta-repo/kits/core-kit/profiles/funtoo/1.0/linux-gnu/mix-ins
BASE_FUNTOO_MIXINS:
- X
- xfce
- no-systemd
# This now gets overwritten in firewall.conf from route|grep ^default
# should get replaced by BASE_ARE_CONNECTED if it's not null
BASE_DEFAULT_OUTPUT_IF: "{{BOX_DEFAULT_OUTPUT_IF|default('wlan7')}}"
BASE_FEATURES: "{{BOX_BASE_FEATURES}}"
BASE_LIB: "{{BOX_USR_LIB}}"
LIB: "{{BASE_LIB}}"
base_ipv4_nat_dev: "{{ ansible_default_ipv4.alias }}" # enp0s3
#? ansible_default_ipv4.address
base_ipv4_nat_ip: "{{ ansible_default_ipv4.address }}" # 10.0.2.15"
base_ipv4_nat_gw_ip: "{{ ansible_default_ipv4.gateway }}" # "10.0.2.2"
# "ansible_dns": {"nameservers": [ "10.0.2.2"
base_ipv4_nat_dns_ip: "{{ ansible_dns[0].nameseervers[0] }}" #? "10.0.2.3"
BASE_PASSWORDS_DATABASE: ""
BASE_PASSWORDS_PASSWORD: ""
BASE_HOSTNAME_HARDWARE: "{{BOX_HOST_NAME}}"
BASE_TIMEZONE: Etc/UTC
base_passwords_database: "{{box_passwords_database}}"

10
files/find_skels_to_update.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/bash
filename="$1"
for homedir in /home/*; do
if cmp "/etc/skel/$filename" "$homedir/$filename" &>/dev/null; then
owner_group=$(find $homedir -maxdepth 0 -printf '%u:%g')
echo "$filename:$homedir:${owner_group%:*}:${owner_group#*:}"
fi
done

151
handlers/main.yml Normal file
View File

@ -0,0 +1,151 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: update facts
shell: |
# {{USR_LOCAL}}/bin/testforge_local_bin.bash
true
# old base
- name: "update locales"
command: |
locale-gen --update
- name: "update env"
command: |
env-update
- name: "update eix"
# now done monthly
command: |
echo eix-update
- name: "update peruser facts"
# broken this is yaml
# /usr/local/bin/testforge_local_bin.bash {{item|expanduser}}
command: |
true
with_items:
- "~{{BOX_USER_NAME}}/{{ BASE_USER_CONFIG_DIR }}/facts.d"
# the tar step just before this may have added certificates to
# /usr/local/share and we may need to run this. Run it anyway
- name: "update-ca-certificates"
shell: |
# morons: this return rc=0 even when there is an exception - with java7 -
# org.debian.security.InvalidKeystorePasswordException: Cannot open Java keystore. Is the password correct?
update-ca-certificates -f -v > /tmp/U$$.log 2>&1
retval=$?
[ $retval -eq 0 ] && exit 0
if grep Exception: /tmp/U$$.log ; then
retval=1
cat /tmp/$$.log
else
retval=0
fi
exit $retval
# FixMe: was unused
- name: "chmod /usr/local"
shell: |
# there are some exceptions in usr/local
# chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" {{USR_LOCAL}}
chmod -R g+rw,o-w {{USR_LOCAL}}
# was TESTF_
# this should not be needed but it still is because we execute src/var_local_*sh
# as BOX_USER so they need to be writable - *before* the src/ files are run.
chmod a+x {{VAR_LOCAL}}/*bin/*sh {{VAR_LOCAL}}/src/*sh
chmod g+rw {{USR_LOCAL}}/*bin/*sh {{USR_LOCAL}}/src/*sh
# was unused - not
- name: chmod /usr/local
shell: |
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
#? chmod -R g+rw,o-w {{USR_LOCAL}}
# FixMe: it breaks lynis - fix it here
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
{{USR_LOCAL}}/src \
{{USR_LOCAL}}/share \
{{USR_LOCAL}}/bin \
{{USR_LOCAL}}/{{BASE_LIB}} \
{{USR_LOCAL}}/net
exit 0
# was in testforge - to fix problems caused by taring
- name: chmod /var/local
shell: |
# do I need this? should it be in hourly? it breaks lynis but I think we still need it
#? chmod -R g+rw,o-w {{VAR_LOCAL}}
# FixMe: it breaks lynis - fix it here
chown -R "{{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}}" \
{{VAR_LOCAL}}/src \
{{VAR_LOCAL}}/share \
{{VAR_LOCAL}}/bin \
{{VAR_LOCAL}}/{{BASE_LIB}} \
{{VAR_LOCAL}}/net
exit 0
# FixMe: somethings strange in /var/local/etc
# drwxr-xr-x 2 1056888 1049089 4096 Nov 30 13:38 w3af
# FixMe: was PENT_
# FixMe: unused
- name: "strange ownership - coming from tar?"
shell: |
chown -R {{BOX_USER_NAME}}.{{BOX_ALSO_GROUP}} {{VAR_LOCAL}}/src {{VAR_LOCAL}}/bin {{VAR_LOCAL}}/net
- name: summary of logs
debug:
# lookup('vars', item ) returns a list of strings?; map yields generators
# |map(attribute='stdout')|list|join('\n') -> 'str object' has no attribute 'stdout'
msg: "{{ lookup('vars', item ) }}"
when:
- lookup('vars', item, default=[])|length > 0
# base proxy
with_items:
# proxy
- proxy_log_hourly
# testforge
- testforge_log_hourly
- testforge_log_daily
- testforge_log_weekly
- testforge_log_monthly
- testforge_log_test
# pydev
- pydev_log_test
# text
- text_log_test
- text_log_hourly
# testing
- testing_log_test
# harden
- harden_log_hourly
- harden_log_daily
- harden_log_weekly
- harden_log_monthly
- harden_log_test
# logging
- logging_log_daily
- logging_log_test
# hostvms
- hostvms_log_bin
- hostvms_log_test
# pentest
- pentest_log_weekly
- pentest_log_test
# privacy
- privacy_log_hourly
- privacy_log_daily
- privacy_log_weekly
- privacy_log_monthly
- privacy_log_test
# gpgkey
- gpgkey_log_weekly
# trading
- trading_log_test
# update
- update_log_daily
- update_log_test

13
meta/main.yml Normal file
View File

@ -0,0 +1,13 @@
---
galaxy_info:
author: Jakub Jirutka
company: CTU in Prague
description: Base system setup
license: MIT
min_ansible_version: 2.3 # maybe - curently tested under 2.7
platforms:
- name: "Gentoo"
categories:
- system
dependencies: []

15
overlay/Debian/usr/local/bin/de_bootstrap_gateway.bash Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
local_guest_fstab_mnt
. /usr/local/etc/local.d/local.bash || exit 1
local_guest || exit 3$?
#? local_guest_add_xorg_conf

26
overlay/Debian/usr/local/sbin/debian_cache_to_archives.bash Executable file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
ROLE=base
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
[ -d "$CACHE" ] || exit 1$?
[ -d /etc/apt ] || exit 0
cd $CACHE || exit 2
[ -d var/cache/apt/archives ] || mkdir -p var/cache/apt/archives
find *.deb -type f -name \*.deb | while read file; do
base=$( basename $file )
[ ! -d /var/cache/apt/archives/ ] || \
[ -e /var/cache/apt/archives/$base ] || ln -s $PWD/$file /var/cache/apt/archives/$base
[ -f var/cache/apt/archives/$base -a ! -h var/cache/apt/archives/$base ] && rm var/cache/apt/archives/$base
[ -e var/cache/apt/archives/$base ] || ln -s $PWD/$file var/cache/apt/archives/$base
done
exit 0

31
overlay/Debian/usr/local/sbin/debian_uris_to_urls.bash Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter or .uris
ROLE=base
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
# debian --print-uris
if [ $? -eq 0 ] ; then
# filter
grep 'https*://' | \
sed -e 's@ftp://[^ ]*@@g' -e 's@.*https*://@https://@g' -e "s@'.*@@g" | \
while read line ; do
for url in $line ; do
base=`basename "$url"`
pre=`sed -e "s@https*://@${CACHE}@" <<< $url`
[ -e $pre ] && break
echo $line
break
done
done
fi
for elt in "$@" ; do
base=$( basename $elt .elts )
[ -s $base.urls ] && continue
sh $0 < $elt > $base.urls
[ -s $base.urls ] || rm $base.urls
done
exit 0

31
overlay/Debian/usr/local/sbin/parrot_uris_to_urls.bash Executable file
View File

@ -0,0 +1,31 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter or .uris
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Parrot/Rolling
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
# debian --print-uris
if [ $? -eq 0 ] ; then
# filter
grep 'https*://' | \
sed -e 's@ftp://[^ ]*@@g' \
-e 's@.*https*://@http://@g' -e "s@'.*@@g" \
-e 's@mirror.parrot.sh/mirrors/parrot@mirrors.aliyun.com/parrot@' | \
while read line ; do
for url in $line ; do
base=`basename "$url"`
pre=`sed -e "s@https*://@${CACHE}@" <<< $url`
[ -e $pre ] && break
echo $line
break
done
done
fi
for elt in "$@" ; do
base=$( basename $elt .elts )
[ -s $base.urls ] && continue
sh $0 < $elt > $base.urls
[ -s $base.urls ] || rm $base.urls
done
exit 0

11
overlay/Devuan/usr/bin/dev_bootstrap.bash Normal file
View File

@ -0,0 +1,11 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
. /usr/local/etc/local.d/local.bash || exit 1
/usr/local/etc/local.d/Whonix-Gateway.rc || exit 2$?

13
overlay/Devuan/usr/bin/dev_bootstrap_gateway.bash Normal file
View File

@ -0,0 +1,13 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
. /usr/local/etc/local.d/local.bash || exit 1
local_guest || exit 3$?
#? local_guest_add_xorg_conf

15
overlay/Devuan/usr/local/bin/de_bootstrap_gateway.bash Executable file
View File

@ -0,0 +1,15 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
local_guest_fstab_mnt
. /usr/local/etc/local.d/local.bash || exit 1
local_guest || exit 3$?
#? local_guest_add_xorg_conf

26
overlay/Devuan/usr/local/bin/devuan_curl_urls.sh Normal file
View File

@ -0,0 +1,26 @@
#!/bin/sh
# filter - arguments are to wget - quoted?
ROOTDIR=/mnt/i
ROLE=base
LARGS="-X -P /o/Cache/Apt/Devuan/4"
RARGS="--retry 1"
grep ^http | \
sed -e 's@http://@https://@g' \
| \
sed -e 's@ftp://[^ ]*@@' \
-e 's@^https://distfiles.gentoo.org/distfiles/[^ ]* https://pypi.python.org/@https://pypi.python.org/@' \
-e 's@https*://distfiles.gentoo.org@https://gentoo.osuosl.org@g' \
-e 's@https*://gentoo.osuosl.org@https://mirror.leaseweb.com/gentoo@g' \
-e 's@https*://download.sourceforge.net@https://download.sourceforge.net@g' | \
while read urls ; do
url=`echo $urls|sed -e 's@ .*@@'`
base=`basename "$url"`
[ -e /usr/portage/distfiles/$base ] && echo distfiles/$base && continue
for url in $urls ; do
/usr/local/bin/scurl.bash $LARGS -- $RARGS $url || continue
break
done
done

42
overlay/Devuan/usr/local/bin/devuan_uris_to_urls.bash Executable file
View File

@ -0,0 +1,42 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
. /usr/local/bin/usr_local_tput.bash || exit 2
[ $# -eq 0 ] && USAGE $0 url-files...
cnt=beowulf-e22532c6f83a
cd /mnt/o/Cache/Apt || exit 3
cat "$@" | debian_uris_to_urls.bash \
| grep deb$ \
| while read url ; do
root=`echo $url | sed -e 's@.*DEBIAN@@'`
dir=`dirname $root`
[ -f Debian/10.6/deb.debian.org/debian/pool/$root ] || {
new=`echo $url | sed -e 's@deb.devuan.org/@mirrors.dotsrc.org/devuan/@'`
newf=`echo $new | sed -e 's@^http*:/@Devuan/3@'`
[ -f $newf ] || echo $new
continue
}
[ -h Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir ] && \
rm Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir
[ -d Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir ] || \
mkdir -p Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$dir
[ -f Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root ] && \
rm Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root
[ -h Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root ] && continue
ln -s $PWD/Debian/10.6/deb.debian.org/debian/pool/$root \
Devuan/3/deb.devuan.org/merged/pool/DEBIAN/$root
done
TODIR=/var/lib/lxd/storage-pools/default/containers/$cnt/rootfs
TODIR=$TODIR/var/cache/apt/archives/
find Devuan/ -name \*.deb -type l|while read file ; do \
base=`basename $file`
[ -e $TODIR/$base ] && continue
ln -s $PWD/$file $TODIR
done

11
overlay/Devuan/usr/local/sbin/de_unmarkauto.bash Executable file
View File

@ -0,0 +1,11 @@
#!/bin/sh
ROLE=base
[ $# -eq 0 ] && exit 1
apt-get remove $* </dev/null | \
sed -e '1,/The following packages will be REMOVED:/d' \
-e '/^WARNING:/,' -e 's/ /\n/g' | while read foo; do\
aptitude unmarkauto $foo ;
done

25
overlay/Devuan/usr/local/sbin/devuan_cache_to_archives.bash Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Devuan/4
[ -d "$CACHE" ] || exit 1$?
[ -d /etc/apt ] || exit 0
cd $CACHE || exit 2
[ -d var/cache/apt/archives ] || mkdir -p var/cache/apt/archives
find *.* -type f -name \*.deb | while read file; do
base=$( basename $file )
[ ! -d /var/cache/apt/archives/ ] || \
[ -e /var/cache/apt/archives/$base ] || ln -s $PWD/$file /var/cache/apt/archives/$base
[ -f var/cache/apt/archives/$base -a ! -h var/cache/apt/archives/$base ] && rm var/cache/apt/archives/$base
[ -e var/cache/apt/archives/$base ] || ln -s $PWD/$file var/cache/apt/archives/$base
done
cd /var/cache/apt/archives||exit 4
exit 0

29
overlay/Devuan/usr/local/sbin/devuan_uris_to_urls.bash Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter or .uris
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Devuan/4
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
# debian --print-uris
if [ $? -eq 0 ] ; then
# filter
grep 'https*://' | \
sed -e 's@ftp://[^ ]*@@g' -e 's@.*https*://@https://@g' -e "s@'.*@@g" | \
while read line ; do
for url in $line ; do
base=`basename "$url"`
pre=`echo $url|sed -e "s@https*://@${CACHE}@"`
[ -e $pre ] && break
echo $line
break
done
done
fi
for elt in "$@" ; do
base=$( basename $elt .elts )
[ -s $base.urls ] && continue
sh $0 < $elt > $base.urls
[ -s $base.urls ] || rm $base.urls
done
exit 0

58
overlay/Gentoo/usr/local/bin/base_gnupg_test.bash Executable file
View File

@ -0,0 +1,58 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
. /usr/local/bin/usr_local_tput.bash || exit 1
# The idea here is to run ansible_local.bash --tags daily
# and then use this to do the parsing and throwing errors based on the output.
# This was the ansible run can be free from erroring and this can be
# run repeatedly anytime outside of ansible to deal with the issues raised.
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
. /usr/local/etc/local.d/local.bash
MYID=$( id -u )
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
LOG_DIR=/usr/local/tmp
[ -d /etc/portage/gnupg ] || exit 0
KEY_ID=96D8BF6D
KEY_SER=subkeys.pgp.net
GPG="gpg --home /etc/portage/gnupg"
# * - primary key: DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
# * - subkey: E1D6ABB63BFCFB4BA02FDF1CEC590EEAC9189250
if route | grep ^def ; then
[ -f /usr/local/bin/base_daily.gpg ] || \
/usr/local/bin/scurl.bash --output /usr/local/bin/base_daily.gpg \
https://qa-reports.gentoo.org/output/service-keys.gpg || \
exit 2$?
fi
if [ -f /usr/local/bin/base_daily.gpg ] ; then
: trusted
# expired keys pass this
if $GPG --list-keys --with-colons |grep $KEY_ID |grep :f: ; then
: full trust?
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep unknown ; then
expect /usr/local/bin/base_daily.exp || exit 4$?
elif $GPG --list-keys |grep -A1 $KEY_ID |tail -1| grep trust ; then
: this format does not exist
else
PANIC 3 $GPG --list-keys $KEY_ID not trusted
fi
else
gpg --homedir /etc/portage/gnupg --keyserver $KEY_SER --recv-keys 0x$KEY_ID
expect /usr/local/bin/base_daily.exp || exit 5$?
# was gpg --homedir /etc/portage/gnupg --edit-key 0x$KEY_ID trust || exit 6
fi
ls -ld /etc/portage/gnupg | grep -q drwx------ || chmod 700 /etc/portage/gnupg

336
overlay/Gentoo/usr/local/etc/python-exec/python-exec.lis Normal file
View File

@ -0,0 +1,336 @@
#/usr/bin
2to3
UTscapy
activate-global-python-argcomplete
airdrop-ng
airgraph-ng
airodump-join
alembic
apirst2html.py
automat-visualize
autopep8
bandit
bandit-baseline
bandit-config-generator
behave
binwalk
bleachbit
bokeh
buildhtml.py
buildout
bumpversion
bzr
calc-prorate
catalyst
cftp
change_tz
chardetect
cherryd
ckeygen
conch
coverage
coverage-2.7
coverage-3.6
coverage2
coverage3
cpuinfo
csscapture
csscombine
cssparse
csv2rdf
cxfreeze
cxfreeze-quickstart
cygdb
cython
cythonize
depend-java-query
distro
docker-compose
doesitcache
dropbox-cli
easy_install
echo_supervisord_conf
eclean
eclean-dist
eclean-pkg
edfviewer
ekeyword
elementsinfo
enalyze
epkginfo
epsg_tr.py
epydoc
epylint
equery
eshowkw
esri2wkt.py
f2py
fab
fast-import-filter
fast-import-info
fast-import-query
fbless
flake8
flask
futurize
gcps2vec.py
gcps2wld.py
gdal2tiles.py
gdal2xyz.py
gdal_auth.py
gdal_calc.py
gdal_edit.py
gdal_fillnodata.py
gdal_merge.py
gdal_pansharpen.py
gdal_polygonize.py
gdal_proximity.py
gdal_retile.py
gdal_sieve.py
gdalchksum.py
gdalcompare.py
gdalident.py
gdalimport.py
gdalmove.py
gemato
gertty
gflags2man.py
gjl
glances
gsettings-schema-convert
helpviewer-2.8
helpviewer-3.0
http
ics_diff
idle
img2png-2.8
img2png-3.0
img2py-2.8
img2py-3.0
img2xpm-2.8
img2xpm-3.0
imlate
invoke
iotop
iptest
iptest2
iptest3
ipython
ipython2
ipython3
isort
isympy
java-config-2
jsonpointer
jsonschema
jupyter
jupyter-bundlerextension
jupyter-kernel
jupyter-kernelspec
jupyter-migrate
jupyter-nbconvert
jupyter-nbextension
jupyter-notebook
jupyter-qtconsole
jupyter-run
jupyter-serverextension
jupyter-trust
kernprof
keyczart
kivy-garden
layman
layman-mounter
layman-overlay-maker
layman-updater
livereload
m2r
mailmail
mako-render
margins
markdown2
markdown_py
mca2edf
meson
mibcopy.py
mibdump.py
miniterm.py
mkbootimg
mkdocs
mkgraticule.py
ndg_httpclient
nosetests
nyx
odo
ogrmerge.py
paster
pasteurize
paver
pbr
pct2rgb.py
pdfshuffler
pdoc
peakidentifier
pep8
pidproxy
pt2to3
ptdump
ptrepack
pttree
pudb
pudb3
pwiz.py
pxml
py.test
pyalacarte-2.8
pyalacarte-3.0
pyalamode-2.8
pyalamode-3.0
pybabel
pybitmessage
pybot
pycallgraph
pycodestyle
pycrust-2.8
pycrust-3.0
pydoc
pyflakes
pygmentize
pygobject-codegen-2.0
pyhtmlizer
pyjwt
pylint
pylupdate5
pymca
pymcabatch
pymcapostbatch
pymcaroitool
pyrcc5
pyreverse
pyro4-check-config
pyro4-flameserver
pyro4-httpgateway
pyro4-ns
pyro4-nsc
pyro4-test-echoserver
pyroma
pyrsa-decrypt
pyrsa-decrypt-bigfile
pyrsa-encrypt
pyrsa-encrypt-bigfile
pyrsa-keygen
pyrsa-priv2pub
pyrsa-sign
pyrsa-verify
pyshell-2.8
pyshell-3.0
pytest
python-argcomplete-check-easy-install-script
python-config
python2-config
python3-config
pyuic5
pyvenv
pywrap-2.8
pywrap-3.0
pywxrc-2.8
pywxrc-3.0
qemu-ga-client
qmp-shell
qr
quicktest.py
qutebrowser
raven
rdf2dot
rdfgraphisomorphism
rdfpipe
rdfs2dot
readelf.py
rebot
register-python-argcomplete
repo
repoman
revdep-rebuild
rgb2pct.py
rgbcorrelator
robot
rpyc_classic.py
rpyc_registry.py
rst2html.py
rst2html4.py
rst2html5.py
rst2latex.py
rst2man.py
rst2odt.py
rst2odt_prepstyles.py
rst2pdf
rst2pseudoxml.py
rst2s5.py
rst2xetex.py
rst2xml.py
rstpep2html.py
runxlrd.py
safety
scapy
scons
scons-configure-cache
scons-time
sconsign
scour
sphinx-apidoc
sphinx-autogen
sphinx-build
sphinx-quickstart
spyder3
supervisorctl
supervisord
svg2rlg
symilar
tabulate
tkconch
tls.py
tlsdb.py
tor-prompt
tox
tox-quickstart
trial
twist
twistd
twisted-regen-cache
umpv
uniconvertor
unit2
vba_extract.py
versioneer
veusz
virtualenv
vmxcap
vol.py
waitress-serve
watchmedo
wheel
wsdump.py
xml2po
xpra
xpra_browser
xpra_launcher
xpra_signal_listener
xrced-2.8
xrced-3.0
yamllint
yolk
yq
zope-testrunner
# /usr/sbin
archive-conf
dispatch-conf
env-update
fixpackages
regenworld
smbios-keyboard-ctl
smbios-lcd-brightness
smbios-passwd
smbios-sys-info
smbios-thermal-ctl
smbios-token-ctl
smbios-wakeup-ctl
smbios-wireless-ctl

0
overlay/Gentoo/usr/local/etc/python-exec/python2-base.lis Normal file
View File

19
overlay/Gentoo/usr/local/etc/python-exec/python3-base.lis Normal file
View File

@ -0,0 +1,19 @@
ebuild
egencache
emerge
emirrordist
glsa-check
portageq
quickpkg
emaint
ansible
ansible-config
ansible-connection
ansible-console
ansible-doc
ansible-galaxy
ansible-inventory
ansible-playbook
ansible-playbook.bash
ansible-pull
ansible-vault

30
overlay/Gentoo/usr/local/sbin/base_diff_from_dst.bash Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 1
. /usr/local/bin/usr_local_tput.bash || exit 2
TODIR=/o/data/TestForge/src/ansible
BASE_DIR=`basename $PWD`
[ $# -ge 1 ] && ROLE=$1 || ROLE=
if [ -z "$ROLE" ] ; then
base=`basename $PWD`
parent=`dirname $PWD`
file=$parent/$base.bash
if [ -f "$file" ] ; then
ROLE=`grep '^ *ROLE=' $file | sed -e 's/=.*//'`
fi
fi
shift
if [ $PWD = $PREFIX/src ] ; then
ERROR $prog diffing in $PWD with "$@"
exit 4
fi
INFO $prog diffing in $PWD with "$@"
PREFIX=$PREFIX ROLE="$ROLE" \
/var/local/src/var_local_src.bash ols_testforge_diffs
exit 0

51
overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
LOG_DIR=/usr/local/var/logs/portage
[ -d $LOG_DIR ] || mkdir -p $LOG_DIR
declare -a ARGS
if [ "$#" -eq 1 ] ; then
ARGS=( "$1" )
LOG=$( basename $1 ).log
elif [ "$#" -eq 0 ] ; then
ARGS="@world"
LOG=world.log
elif false && [ -f world.lib ] ; then # ?
ARGS="$( grep -v '^#' world.lib )"
LOG=world.log
else
ARGS=("$@")
LOG=world.log
fi
if mount | grep -q ' on /mnt/tmp' ; then
export TMPDIR=/mnt/tmp
# else
# echo "WARN: /mnt/tmp not mounted"
fi
# --changed-deps --deep --update
LARGS="-vb --changed-use --with-bdeps=y --changed-deps-report"
LARGS="$LARGS --backtrack=30 --ignore-built-slot-operator-deps=y --keep-going"
# Skips the packages specified on the command-line that have already been installed.
LARGS="$LARGS --noreplace"
# LARGS="$LARGS --exclude "
LOG=$LOG_DIR/$LOG
export PYTHONPATH=
echo INFO: $LARGS $ARGS >> $LOG 2>&1
nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1
[ $? -ne 0 ] && exit $?
if grep ImportError $LOG ; then
echo ERROR: ImportError $ARGS && exit 10
elif grep ParseError $LOG ; then
echo ERROR: ParseError $ARGS && exit 11
elif grep 'Your current profile is invalid' $LOG ; then
echo ERROR: Your current profile is invalid $ARGS && exit 12
fi
exit 0

168
overlay/Gentoo/usr/local/sbin/gentoo_base_verify-sig.bash Executable file
View File

@ -0,0 +1,168 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash
PYVER=3
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -d /etc/portage ] || exit 0
usage () { echo "USAGE: $prog [command args] -" $* ; exit 1 ; }
error () { retval=$1 ; shift; ERROR "$prog" $* ; exit $retval ; }
warn () { : ; }
info () { : ; }
debug () { : ; }
# must be run as root
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
[ -f /etc/portage/package.use/2021-00_verify-sig.txt ] || \
touch /etc/portage/package.use/2021-00_verify-sig.txt || exit 2
equery h -F '$cp:$slot' verify-sig | \
sed -e 's/:0.*//' | while read b ; do \
grep -q "^$b " /etc/portage/package.use/2021-00_verify-sig.txt && continue
eix -r "^$b$" | grep -q Installed && \
echo '#' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt || \
echo '##' $b verify-sig>>/etc/portage/package.use/2021-00_verify-sig.txt
done
[ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff ] || \
cat > /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff << EOF
*** eclass_cache.py.dst 2021-06-13 21:26:05.000000000 +0000
--- eclass_cache.py 2021-06-24 10:45:12.422857990 +0000
***************
*** 166,175 ****
--- 166,176 ----
return d
def get_eclass_data(self, inherits):
ec_dict = {}
for x in inherits:
+ if x not in self.eclasses: continue
ec_dict[x] = self.eclasses[x]
return ec_dict
@property
EOF
[ -f /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.dst ] || \
patch -b -z .dst /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py \
< /usr/lib/python$PYTHON_MINOR/site-packages/portage/eclass_cache.py.diff
[ -f /usr/portage/eclass/verify-sig.eclass.diff ] || \
cat > /usr/portage/eclass/verify-sig.eclass.diff << EOF
*** /usr/portage/eclass/verify-sig.eclass.dst 2021-07-29 06:09:55.000000000 +0000
--- /usr/portage/eclass/verify-sig.eclass 2021-08-18 19:13:29.502980940 +0000
***************
*** 86,95 ****
--- 86,99 ----
[[ -n ${key} ]] ||
die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
local extra_args=()
[[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
+ # gemato -R, --no-refresh-keys
+ # Disable refreshing OpenPGP key (prevents network
+ # access, applicable when using -K only)
+ [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy )
[[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
--keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
)
# GPG upstream knows better than to follow the spec, so we can't
***************
*** 98,110 ****
addpredict /run/user
local filename=${file##*/}
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify "${sig}" "${file}" ||
! die "PGP signature verification failed"
}
# @FUNCTION: verify-sig_verify_message
# @USAGE: <file> <output-file> [<key-file>]
# @DESCRIPTION:
--- 102,121 ----
addpredict /run/user
local filename=${file##*/}
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify --disable-dirmngr \
! "${sig}" "${file}"
! # --keyserver-options http-proxy=http://localhost:3128
! einfo `env |sort`
! # env - is necessary andx sufficient
! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify --disable-dirmngr \
! "${sig}" "${file}" || \
! die "PGP signature verification failed"
}
# @FUNCTION: verify-sig_verify_message
# @USAGE: <file> <output-file> [<key-file>]
# @DESCRIPTION:
***************
*** 122,131 ****
--- 133,143 ----
[[ -n ${key} ]] ||
die "${FUNCNAME}: no key passed and VERIFY_SIG_OPENPGP_KEY_PATH unset"
local extra_args=()
[[ ${VERIFY_SIG_OPENPGP_KEY_REFRESH} == yes ]] || extra_args+=( -R )
+ [ -z "$http_proxy" ] || extra_args+=( --proxy $http_proxy )
[[ -n ${VERIFY_SIG_OPENPGP_KEYSERVER+1} ]] && extra_args+=(
--keyserver "${VERIFY_SIG_OPENPGP_KEYSERVER}"
)
# GPG upstream knows better than to follow the spec, so we can't
***************
*** 134,146 ****
addpredict /run/user
local filename=${file##*/}
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
! gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify --output="${output_file}" "${file}" ||
! die "PGP signature verification failed"
}
# @FUNCTION: verify-sig_verify_signed_checksums
# @USAGE: <checksum-file> <algo> <files> [<key-file>]
# @DESCRIPTION:
--- 146,165 ----
addpredict /run/user
local filename=${file##*/}
[[ ${file} == - ]] && filename='(stdin)'
einfo "Verifying ${filename} ..."
! einfo gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify --disable-dirmngr --output="${output_file}" \
! "${file}"
! # --keyserver-options http-proxy=http://localhost:3128
! einfo `env |sort`
! # env - is necessary and sufficient
! env - gemato gpg-wrap -K "${key}" "${extra_args[@]}" -- \
! gpg --verify --disable-dirmngr --output="${output_file}" \
! "${file}" || \
! die "PGP signature verification failed"
}
# @FUNCTION: verify-sig_verify_signed_checksums
# @USAGE: <checksum-file> <algo> <files> [<key-file>]
# @DESCRIPTION:
EOF
[ -f /usr/portage/eclass/verify-sig.eclass.dst ] || \
patch -b -z .dst /usr/portage/eclass/verify-sig.eclass \
< /usr/portage/eclass/verify-sig.eclass.diff || exit 3

13
overlay/Gentoo/usr/local/sbin/gentoo_bootstrap_sudo.bash Executable file
View File

@ -0,0 +1,13 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=base
root=$1
if [ ! -f $root/usr/bin/sudo ] && [ -d $root/etc/portage/ ] ; then
[ -d $root/usr/portage/distfiles/ ] || \
mkdir -p $root/usr/portage/distfiles
[ -f $root/usr/portage/distfiles/sudo-$SUDO_VER.tar.gz ] || \
cp -p /usr/portage/distfiles/sudo-$SUDO_VER.tar.gz $root/usr/portage/distfiles/
# env ROOT=$root emerge -vbp app-admin/sudo 2>&1| tee -a $root/root/sudo.log
chroot $root emerge -vbp app-admin/sudo 2>&1| tee -a $root/root/sudo.log
fi

39
overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash Executable file
View File

@ -0,0 +1,39 @@
# This is recent - Pentoo not Funtoo
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
BASE_PORTDIR=/usr/portage
keyf=/usr/share/openpgp-keys/gentoo-release.asc
[ -f $keyf ] || exit 1
gpg2 --disable-dirmngr --list-keys --with-sig-check --keyring $keyf >/tmp/G$$.log # 2>&1 || exit 1
# gpg: 1 bad signature on Clipos
# gpg: 1 bad signature on Pentoo19
if grep 'bad signature' /tmp/G$$.log ; then
echo ERROR: bad signature /tmp/G$$.log # exit 2
# sig-3 BB572E0E2D182910 2009-08-25 Gentoo Linux Release Engineering (Automated Weekly Release Key) <releng@gentoo.org>
gpg2 --disable-dirmngr --batch --delete-key BB572E0E2D182910
fi
# numbers 1-3 for certificate check level (see --ask-cert-level)
grep '^sig-[0-9]' /tmp/G$$.log && { echo WARN: bad signature ; exit 3 ;}
# gpg: 104 signatures not checked due to missing keys
[ -f $BASE_PORTDIR/Manifest ] || exit 0
# on stderr!
gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit 3
# DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D
# grep 'This key has expired' /tmp/K$$.log && exit 3
grep 'using RSA key' /tmp/K$$.log || exit 4
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5
if route | grep -q ^default ; then
. /root/bin/tor.sh
wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {
echo ERROR: failed 'Primary key fingerprint:' "`cat /tmp/K$$.key`"
exit 5
}
fi
exit 0

120
overlay/Gentoo/usr/local/sbin/gentoo_chroot_pentoo.bash Executable file
View File

@ -0,0 +1,120 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=testforge
# export PATH=$PATH:/usr/local/bin
MOUNTS="mnt/i mnt/j mnt/o"
. /usr/local/bin/usr_local_tput.bash
error () { retval=$1 ; shift; ERROR "$0" $* ; exit $retval ; }
info () { INFO " $0 " $* ; }
# must be run as root
[ "`id -u`" -ne "0" ] && error 1 "must be run as root"
if [ "$#" -eq "0" ] ; then
error 2 "give an absolute directory name as argument"
fi
LARGS=""
CMD=""
while true; do
case "$1" in
'-'*)
LARGS="$LARGS $1"
shift
;;
*)
break
;;
esac
done
root=$1
shift
if [ ! -d "$root" ] ; then
error 3 "absolute directory name for chroot not found - $root"
fi
# unix partition
[ -d $root/lost+found ] || exit 4
# linux partition
[ -e $root/usr/src/ ] || exit 5
cd $root || exit 6
if [ ! -d boot ] ; then
error 7 "missing boot/"
fi
for file in tmp usr/tmp var/tmp ; do
[ -d $file ] && continue
mkdir $file || error 8 " missing directory $file"
chmod 1777 $file
done
# df /var/tmp | grep -q sd.12 || mount /var/tmp
for file in proc sys dev dev/pts dev/shm usr ; do
[ -d $file ] && continue
mkdir $file || exit 9
chmod 755 $file
done
# Think -R is causing problems
[ -e proc/self ] || mount -t proc none proc || error 10
# this was rbind
[ -e sys/kernel ] || mount -o bind /sys sys || error 12
[ -e dev/null ] || mount -o bind /dev dev || error 11
[ -e /dev/pts/0 ] || \
mount -t devpts -o rw,relatime,mode=600 devpts dev/pts \
|| error 12
#? try mount| while read a on what type [ tmpfs cgroup binfmt_misc? ] without rbind
mount| while read what foo on bar type rest ; do
# cgroup devpts devtmpfs ecryptfs ext2 fuseblk proc rpc_pipefs sysfs tmpfs vfat
# leave real disks for $MOUNTS
[ $type = 'fuse' -o $type = 'ext2' -o $type = 'ext4' -o $type = 'vfat' -o ] && continue
# have done these
[ $type = 'proc' -o $type = 'sys' -o $type = 'dev' -o $type = 'devpts' -o ] && continue
DBUG "Dunno $what $on $type"
done
# check for /dev/loop devices - up to 255 on android
[ -e /dev/loop1 ] || \
( cd /dev && \
for i in 0 1 2 3 4 5 6 7 ; do
[ -e loop$i ] && continue
mknod loop$i b 7 $i
chmod 660 loop$i
chgrp disk loop$i
done )
for elt in $MOUNTS ; do
[ -d $elt ] || { mkdir $elt ; chmod 755 $elt ; }
grep -q /$elt /proc/mounts || continue
[ -d $elt/tmp ] && continue
grep -q $root/$elt /proc/mounts && continue
mount --bind /$elt $root/$elt
done
# You'll also want to copy over resolv.conf in order to have proper DNS name
# resolution from inside the chroot:
# but in chroot, you'll need to change this to your connected IP address.
cp -L /etc/resolv.conf etc || exit 16
for file in .bashrc .profile .jedrc ; do
[ -f root/$file ] || \
cp -p /root/$file root/$file
done
EARGS="CHROOT=1 LANG=en_US.UTF-8 LC_COLLATE=C"
EELTS="$EELTS TERM DISPLAY HOME USER LOGNAME USERNAME PATH"
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
for elt in $EELTS ; do
EARGS="$EARGS `env|grep ^${elt}=`"
done
# was /bin/bash -l
[ "$#" -eq 0 ] && set -- /bin/sh -i
# Now you can chroot into your new system. Use env before chroot to ensure that no
# environment variables from the installation media are used by your new system:
#? PATH=$PATH
echo chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
chroot $LARGS $root /usr/bin/env -i $EARGS "$@"

45
overlay/Gentoo/usr/local/sbin/gentoo_clean_portage_packages.bash Executable file
View File

@ -0,0 +1,45 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# shopt -s nullglob
[ -f /etc/conf.d/hostname ] && . /etc/conf.d/hostname
if [ $# -eq 1 ] ; then
TO=$1
elif [ -n "$hostname" -a "$hostname" = "pentoo" ] ; then
TO=/mnt/o/Cache/linuxPen19/var/cache/portage/packages
elif [ -f /etc/dracut.conf.d/funtoo.conf ] ; then
TO=/mnt/o/Cache/linuxFun64/var/cache/portage/packages
elif [ -f /etc/dracut.conf.d/clipos.conf ] ; then
TO=/mnt/o/Cache/linuxClipos/var/cache/portage/packages
else
exit 3
fi
[ -n "$TO" ] || { echo ERROR: empty TO ; exit 4 ; }
[ -d $TO ] || { echo ERROR: mkdir -p $TO ; exit 5 ; }
pushd $TO
# -o -name \*.xpak
find *-* virtual pentoo -type f -name \*tbz2 | grep -v '_sources\|_download_' | while read file ; do
dir=`dirname $file`
base=`basename $file`
subdir=`sed -e 's/-[0-9].*//' <<< $base`
xdir=$dir/$subdir
[ -d $xdir ] || continue
xpak=`sed -e 's/.tbz2/-?.xpak/' <<< $base`
ls $file $xdir/$xpak 2>/dev/null && rm -f $xdir/$xpak
done
popd
cd $OUT
rm -rf sys-firmware/intel-microcode* \
sys-kernel/linux-firmware/* qpkg.*
find -L *-*/ -type l -delete 2>&1| \
grep 'Too many levels'| \
sed -e 's/find: .//' -e 's/xpak.:.*/xpak/'| \
xargs rm -f
exit 0

8
overlay/Gentoo/usr/local/sbin/gentoo_eix-test-obsolete.bash Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# https://forums.gentoo.org/viewtopic-t-1044220-start-0.html
ROLE=base
eix-test-obsolete -H brief | grep -v -e "^No " -e "^Skipping " -e "^$"
exit 0

109
overlay/Gentoo/usr/local/sbin/gentoo_etc_portage.bash Executable file
View File

@ -0,0 +1,109 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/var/local
ROLE=base
. /usr/local/etc/testforge/testforge.bash || exit 1
. /usr/local/bin/usr_local_base.bash || exit 2
USAGE="$0 role-directory"
#echo 1
[ $# -ge 1 ] || { ERROR $USAGE ; exit 3 ; }
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
base=`cat /etc/hostname`
json="$TESTFORGE_ANSIBLE_SRC"/tmp/Hosts/$base.json
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] ; then
if [ ! -s $json ] || [ "$TESTFORGE_ANSIBLE_SRC"/hosts.yml -nt $json ] ; then
/usr/local/sbin/gentoo_hosts_json.bash || exit 4$?
fi
fi
BOX_OS_FLAVOR=`/usr/local/sbin/gentoo_hosts_json.bash` || exit 4$?
# "BOX_PYTHON3_MINOR": "3.10"
PYTHON3_VER=`grep BOX_PYTHON3_MINOR <$json|sed -e 's/.*\.//' -e 's/,//' -e 's/"//'`
TASKS="Gentoo/$BOX_OS_FLAVOR"
YAML_HEAD="# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
"""
TEXT_HEAD="# -*- mode: text; tab-width: 8; coding: utf-8-unix -*-
"""
for dir in $* ; do
[ -d $dir ] || { ERROR $dir ; exit 5 ; }
[ -d $dir/vars ] || { WARN not a roles directory $dir/vars ; }
YAML_BODY="- name: \"\\1\"\n blockinfile:\n dest: \\1\n create: true\n marker: \"# {mark} Ansible Managed Block $dir \\2\"\n block: |"
for port in use mask unmask license accept_keywords ; do
# DBUG $dir $port
cp /dev/null $dir/vars/$port.txt
grep '^ *- .*/' $dir/vars/Gentoo2.yml \
| sed -e 's@^ *- @@' -e 's@ .*@@' \
| uniq \
| while read elt ; do
base=`basename $elt`
# override with $dir/tasks/$TASKS/portage.yml
file=$dir/tasks/$TASKS/portage.yml
[ -f $file ] && \
grep -Hq "^ *[=>]*$elt" $file && \
DBUG $port - "^ *[=>]*$elt" is already in $file && \
continue
file=$dir/vars/$port.txt
[ -f $file ] && \
grep -Hq "^ *[=>]*$elt" $file && \
DBUG "^ *[=>]*$elt" is already in $file
# && continue
grep "^[=<>]*$elt" /etc/portage/package.$port/2*txt \
| sed -e 's@^@# @' -e 's@.txt:@.txt '$base'\n@' \
| sed -e 's@^\([^#][^ ]*\)@ \1%@' -e 's@^#@\n#@' \
>> $dir/vars/$port.txt || exit 6
#? grep "^#.*required by $elt" /etc/portage/package.$port/2*txt
done
#echo 2
if [ ! -s $dir/vars/$port.txt ] ; then
rm -f $dir/vars/$port.txt $dir/tasks/$TASKS/$port.yml
continue
fi
INFO $port lines `wc -l $dir/vars/$port.txt`
[ -d $dir/tasks/$TASKS ] || { ERROR no dir $dir/tasks/$TASKS ; continue ; }
#echo 3
to_yaml=$dir/tasks/$TASKS/$port.yml.new
# overwrite if its there as .new
echo "$YAML_HEAD" > $to_yaml
# sed -e "s/\"\n block: |/ $base\0/"
sed -e 's@^# \([^ ]*\) \([^ /]*\)$@'"$YAML_BODY"'@' $dir/vars/$port.txt \
>> $to_yaml || exit 7
# | sed -e "s/BLOCK $dir/BLOCK $dir $base/"
if [ "$port" = "use" -o "$port" = "license" ] ; then
sed -e 's@^ [=<>][=<>]*\([^:<>=]*\)-[0-9][-0-9.]*%@ \1@' -i $to_yaml || exit 8
sed -e 's@^ [>=][>=]*\([^%]*\)%@ \1@' -i $to_yaml || exit 9
elif [ "$port" = "mask" -o "$port" = "unmask" -o "$port" = "accept_keywords" ] ; then
sed -e 's@^ \([^:]*\)/\([^%]*\)%@ \1/\2@' -i $to_yaml || exit 10
fi
sed -e 's@^ \([^:\n]*\)/\([^%\n]*\)%@ \1/\2@' -i $to_yaml || exit 11
echo >> $to_yaml
#echo 5
grep % $to_yaml && ERROR "% in $to_yaml" && exit 12
grep -q "^- [importinclude]*_tasks:.*$port.yml" $dir/tasks/$TASKS/main.yml || { \
echo "- include_tasks: $TASKS/$port.yml" >> $dir/tasks/$TASKS/main.yml
WARN "ADDED $port.yml to $dir/tasks/$TASKS/main.yml"
}
if [ ! -f $dir/tasks/$TASKS/$port.yml ] ; then
mv $to_yaml $dir/tasks/$TASKS/$port.yml
INFO created $dir/tasks/$TASKS/$port.yml
elif diff -qw $to_yaml $dir/tasks/$TASKS/$port.yml ; then
rm -f $to_yaml
# DBUG unchanged $to_yaml
else
: diff is verbose
fi
done | sed -e 's/ and / /' -e 's/ differ$//' -e 's/^Files/mv/'
done
exit 0

119
overlay/Gentoo/usr/local/sbin/gentoo_funtoo_world.bash Executable file
View File

@ -0,0 +1,119 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
if [ "$#" -ne 0 ] ; then
ARGS=$*
LARGS=""
else
ARGS="@world"
# --changed-deps --deep
LARGS="-vb --update"
fi
LARGS="$LARGS --changed-use --with-bdeps=y --changed-deps-report -k"
LARGS="$LARGS --backtrack=30 --ignore-built-slot-operator-deps=y --keep-going"
# Skips the packages specified on the command-line that have already been installed.
LARGS="$LARGS --noreplace"
# dangerous
LARGS="$LARGS --exclude baselayout"
# gone
LARGS="$LARGS --exclude sci-chemistry/PyMca"
LARGS="$LARGS --exclude dev-python/PyQt4"
LARGS="$LARGS --exclude dev-python/pyqwt"
# I wont do this routinely
#?LARGS="$LARGS --exclude app-office/libreoffice"
#?LARGS="$LARGS --exclude app-office/libreoffice-bin"
# /usr/local
LARGS="$LARGS --exclude seamonkey"
LARGS="$LARGS --exclude firefox"
LARGS="$LARGS --exclude thunderbird"
LARGS="$LARGS --exclude gentoo-sources"
#? LARGS="$LARGS --exclude net-analyzer/openvas*"
#LARGS="$LARGS --exclude "
#LARGS="$LARGS --exclude sys-libs/zlib"
LARGS="$LARGS --exclude dev-util/android-sdk-update-manager"
LARGS="$LARGS --exclude dev-util/android-ndk"
LARGS="$LARGS --exclude sys-kernel/clipos-kernel"
# always problems with icu
LARGS="$LARGS --exclude dev-libs/icu"
#emerge: there are no ebuilds to satisfy ">=dev-libs/nsgenbind-0.7".
LARGS="$LARGS --exclude www-client/netsurf"
# emerge: there are no ebuilds to satisfy ">=dev-python/attrs-19.1.0[python_targets_python3_6(-)?,python_targets_python3_7(-)?,-python_single_target_python3_6(-),-python_single_target_python3_7(-)]".
#LARGS="$LARGS --exclude www-client/qutebrowser"
LARGS="$LARGS --exclude dev-ruby/builder:3.1"
# required by dev-python/pyqtgraph-0.10.0-r1::python-modules-kit
# required by @selected
# required by @world (argument)
# >=dev-python/PyQt5-5.10.1-r1 -opengl
LARGS="$LARGS --exclude dev-python/pyqtgraph"
LARGS="$LARGS --exclude net-print/hplip"
LARGS="$LARGS --exclude pentoo/pentoo-scanner"
#LARGS="$LARGS --exclude net-analyzer/wpscan"
#LARGS="$LARGS --exclude dev-ruby/cms_scanner"
LARGS="$LARGS --exclude net-wireless/gnuradio" # [python_single_target_python2_7,qt5]
LARGS="$LARGS --exclude net-wireless/gr-iio"
LARGS="$LARGS --exclude net-wireless/gr-iqbal"
LARGS="$LARGS --exclude net-wireless/gr-osmosdr" # [iqbalance]
LARGS="$LARGS --exclude pentoo/pentoo-radio"
LARGS="$LARGS --exclude gnuradio"
# LARGS="$LARGS --exclude "
# morons
#(dependency required by "dev-ruby/activesupport-4.2.11.1-r1::pentoo[ruby_targets_ruby26,-test]" [ebuild])
#(dependency required by "dev-ruby/activemodel-4.2.11.1::pentoo[ruby_targets_ruby26]" [ebuild])
#(dependency required by "dev-ruby/metasploit-model-2.0.4::pentoo[ruby_targets_ruby26]" [ebuild])
#(dependency required by "net-analyzer/metasploit-4.17.21-r8::pentoo[ruby_targets_ruby25]" [ebuild])
#
#(dependency required by "dev-ruby/metasploit-concern-2.0.5::pentoo[ruby_targets_ruby26]" [ebuild])
#(dependency required by "dev-ruby/metasploit-credential-2.0.14::pentoo[ruby_targets_ruby25]" [ebuild])
#(dependency required by "net-analyzer/metasploit-4.17.21-r8::pentoo[ruby_targets_ruby25]" [ebuild])
LARGS="$LARGS --exclude net-analyzer/metasploit"
# pentoo-rce
#?LARGS="$LARGS --exclude dev-util/redasm --exclude pentoo-rce"
#(dependency required by "dev-ml/ocaml-gettext-0.3.7::gentoo" [ebuild])
#(dependency required by "app-emulation/libguestfs-1.38.6::gentoo" [ebuild])
LARGS="$LARGS --exclude dev-ml/ocaml-gettext --exclude app-emulation/libguestfs"
# broken
#LARGS="$LARGS --exclude net-libs/libtorrent-rasterbar"
#LARGS="$LARGS --exclude net-p2p/qbittorrent"
# 9.0.1 even though it did work before
LARGS="$LARGS --exclude sys-devel/llvm"
# 6.1.6 even though app-emulation/virtualbox worked
# cc1: error: incompatible gcc/plugin versions
# cc1: error: fail to initialize plugin ./scripts/gcc-plugins/randomize_layout_plugin.so
LARGS="$LARGS --exclude app-emulation/virtualbox-modules"
# Unpacking NVIDIA-Linux-x86_64-440.82.run to /mnt/linuxBack52/mnt/tmp/Pentoo19/portage/x11-drivers/nvidia-drivers-440.82-r3/work
#tar: Archive is compressed. Use -J option
LARGS="$LARGS --exclude x11-drivers/nvidia-drivers"
#(dependency required by "dev-qt/qtx11extras-5.14.2::gentoo" [ebuild])
#(dependency required by "app-emulation/virtualbox-6.1.6::gentoo[-headless,qt5]" [installed])
#(dependency required by "app-emulation/libvirt-6.1.0-r1::gentoo[virtualbox]" [ebuild])
#(dependency required by "app-emulation/qt-virt-manager-9999::testforge" [ebuild])
LARGS="$LARGS --exclude dev-qt/qtx11extras --exclude app-emulation/virtualbox --exclude app-emulation/libvirt --exclude app-emulation/qt-virt-manager"
echo INFO: nice python3 emerge $LARGS $ARGS |tee -a world.log
nice python3 `which emerge` $LARGS $ARGS >> world.log 2>&1
# grep ' U ' world.log |grep -v =|sed -e 's@^.* \] @@' -e 's@-[0-9].*@@'
# cat /var/lib/portage/world>world.elts;grep '^L.*exclude' world.sh|sed -e 's/.*exclude//' -e 's/"$//' -e 's/[*:].*$//' -e 's@/@\\\\/@' |sort -u |while read elt;do [ -z "$elt" ] && continue ; sed -e "/$elt/d" -i world.elts ;done

32
overlay/Gentoo/usr/local/sbin/gentoo_gemato.bash Executable file
View File

@ -0,0 +1,32 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# Gentoo only
ROLE=base
PY_MINOR=3.8
if [ $# -gt 0 -a $1 = --help ] ; then
/usr/lib/python-exec/python${PY_MINOR}/gemato "$@"
exit $?
fi
. /usr/local/bin/proxy_export.bash >/dev/null
declare -a G
if [ $1 = gpg-wrap ] ; then
G=(${*:1:1} -W ${*:2})
# need --
[[ $G =~ '--' ]] && G+=('--')
[ -f /etc/gnupg/gpgconf.conf ] && G+=(--options /etc/gnupg/gpgconf.conf)
else
G=(${*:1:1} ${*:2})
fi
# The --proxy code is for requests and is wrong: $http_proxy or $https_proxy
#? [ -z "$https_proxy" ] || G=(${G:1:1} --proxy $https_proxy ${G:2})
echo INFO: /usr/lib/python-exec/python${PY_MINOR}/gemato ${G[@]} >> /tmp/G$$.log 2>&1
/usr/lib/python-exec/python${PY_MINOR}/gemato "${G[@]}" >> /tmp/G$$.log 2>&1
ret=$?
DBUG "$ret" >> /tmp/G$$.log 2>&1
cat /tmp/G$$.log
exit 0

25
overlay/Gentoo/usr/local/sbin/gentoo_hosts_json.bash Executable file
View File

@ -0,0 +1,25 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/var/local
ROLE=base
. /usr/local/etc/testforge/testforge.bash || exit 1
. /usr/local/bin/usr_local_base.bash || exit 2
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] ; then
base=`cat /etc/hostname`
json="$TESTFORGE_ANSIBLE_SRC"/tmp/Hosts/$base.json
if [ ! -s $json ] || [ "$TESTFORGE_ANSIBLE_SRC"/hosts.yml -nt $json ] ; then
ansible-inventory --playbook-dir $TESTFORGE_ANSIBLE_SRC -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--host=$base > $json || exit 1$?
fi
eval export BOX_OS_FLAVOR=`jq .BOX_OS_FLAVOR < $json`
DBUG BOX_OS_FLAVOR=$BOX_OS_FLAVOR
fi # 2>/dev/null
[ -z "$BOX_OS_FLAVOR" ] && ERROR BOX_OS_FLAVOR not set && exit 1
[ "$BOX_OS_FLAVOR" = Ubuntu16 ] && ERROR BOX_OS_FLAVOR = Ubuntu16 && exit 2
[ "$BOX_OS_FLAVOR" = Devuan4 ] && ERROR BOX_OS_FLAVOR = Devuan4 && exit 2
echo $BOX_OS_FLAVOR
exit 0

27
overlay/Gentoo/usr/local/sbin/gentoo_hosts_update_pyver.bash Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/var/local
ROLE=base
. /usr/local/etc/testforge/testforge.bash || exit 1
. /usr/local/bin/usr_local_base.bash || exit 2
USAGE="$0 file"
#echo 1
[ $# -ge 1 ] || { ERROR $prog "#=$#" ; exit 3 ; }
BOX_OS_FLAVOR=`/usr/local/sbin/gentoo_hosts_json.bash` || exit 4$?
# "BOX_PYTHON3_MINOR": "3.10"
PYTHON3_VER=`grep BOX_PYTHON3_MINOR <$json|sed -e 's/.*\.//' -e 's/,//' -e 's/"//'`
# failsafe
# /mnt/o/data/TestForge/src/ansible/roles/base/overlay/Gentoo/usr/local/sbin/gentoo_etc_portage.bash
for file in $* ; do
[ -f $file ] || { WARN $file is not a file ; continue ; }
sed -i $file \
-e "s/python_single_target_python3_[0-9]*/python_single_target_python3_$PYTHON3_VER/" \
-e "s/python_targets_python3_[0-9]*/python_targets_python3_$PYTHON3_VER/"
done

43
overlay/Gentoo/usr/local/sbin/gentoo_link_portage_packages.bash Executable file
View File

@ -0,0 +1,43 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
ROLE=testforge
shopt -s nullglob || exit 1
. /usr/local/bin/usr_local_tput.bash
[ -f /etc/conf.d/hostname ] && . /etc/conf.d/hostname
if [ -n "$hostname" -a "$hostname" = "pentoo" ] ; then
TO=/mnt/o/Cache/linuxPen19/var/cache/portage/packages
elif [ -f /etc/dracut.conf.d/funtoo.conf ] ; then
TO=/mnt/o/Cache/linuxFun64/var/cache/portage/packages
elif [ -f /etc/dracut.conf.d/clipos.conf ] ; then
TO=/mnt/o/Cache/linuxClipos/var/cache/portage/packages
else
exit 3
fi
[ -n "$TO" ] || { echo ERROR: empty TO ; exit 4 ; }
[ -d $TO ] || { echo ERROR: mkdir -p $TO ; exit 5 ; }
[ "$#" -eq 0 ] && set -- /usr/portage/packages
for root in $* ; do
cd $root || exit 2$?
INFO $root
find -L $root -type l -delete &
pushd $TO
# -o -name \*.xpak
find *-* virtual pentoo -type f -name \*tbz2 | grep -v '_sources\|_download_' | while read file ; do
[ -h $root/$file ] && [ -f $file ] && continue
dir=`dirname $root/$file`
[ -d $dir ] || mkdir $dir
ln -s $TO/$file $root/$file
done
popd
done
exit 0

45
overlay/Gentoo/usr/local/sbin/gentoo_link_to_cache.bash Executable file
View File

@ -0,0 +1,45 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=testforge
TXT=/usr/local/sbin/gentoo_link_to_cache.txt
# replace /usr/net/Http/Makefile
[ "$#" -gt 0 ] && cd $1 || cd /usr/net/Http
[ -z "$DISTFILES" ] && DISTFILES=../../portage/distfiles
find -L $DISTFILES/ -type l -delete
find */ prdownloads.sourceforge.net/*/ github.com/*/ -type f -o -type l -name \*.\* | \
grep -v ' \|\.[a-z]\|/archive/\|/tarball/' \
| grep -v 'htm$\|html$\|txt$\|Makefile$\|\.py$\|~$' \
| while read file ; do
base=`basename $file`
[ -h ${DISTFILES}/"$base" ] && continue
from=$(readlink ../../net/Http/"$file")
[ -z "$from" ] && from=../../net/Http/"$file"
ln -s $from ${DISTFILES}/"$base"
done
# golang/net/archive/8d16fa6dc9a8.tar.gz
# burpsuite_community_v2020.9.1.jar portswigger.net/burp/releases/download@product=community&version=2020.9.1
# burpsuite_community_v2020.4.jar mirror.leaseweb.com/gentoo/distfiles/0f/burpsuite_community_v2020.4.jar
# burpsuite_community_v2020.4.jar portswigger.net/burp/releases/download@product=community&version=2020.4
# burpsuite_community_v2020.4.1.jar portswigger.net/burp/releases/download@product=community&version=2020.4.1
grep -v '^#' $TXT | while read base file ; do
if [ -z "$base" ] ; then
continue
fi
if [ -z "$file" ] ; then
echo ERROR: empty target for $base && continue
fi
rm -f "${DISTFILES}/$base"
ln -s ../../net/Http/"$file" ${DISTFILES}/"$base"
[ -e /i/net/Http/distfiles.gentoo.org/distfiles/"$base" ] || \
ln -s /i/net/Http/"$file" /i/net/Http/distfiles.gentoo.org/distfiles/"$base"
base=""
done
exit 0
# RfCatDonsCCBootloader-1.9.2.hex atlas0fd00m/rfcat/releases/download/v1.9.2/RfCatDonsCCBootloader.hex

18
overlay/Gentoo/usr/local/sbin/gentoo_lis_to_urls.bash Executable file
View File

@ -0,0 +1,18 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
CACHE=/mnt/i/net/Http
grep ^http:// | \
sed -e 's@ftp://[^ ]*@@g' | \
while read line ; do
for url in $line ; do
base=`basename "$url"`
[ -e /usr/portage/distfiles/$base ] && break
pre=`sed -e "s@http://@${CACHE}@" <<< $url`
[ -e $pre ] && break
echo $line
break
done
done
exit 0

9
overlay/Gentoo/usr/local/sbin/gentoo_qcheck_missing.bash Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# https://forums.gentoo.org/viewtopic-t-1044220-start-0.html
qcheck -C \
| grep -v -e '.*\.pyo$' -e '.*\.pyc$' \
-e '.*/examples/.*' -e '^.*/doc/.*/[^/.]*$' \
-e '^/usr/lib/debug/.*' -e '.*\.debug' \
-e '^/usr/.*compiled' -e '^/usr/.*\.cache' \
| grep -B 1 -e '^ MD5-DIGEST:' -e '^ AFK:' -e '^ MTIME:'

15
overlay/Gentoo/usr/local/sbin/gentoo_rebuild_missing.bash Executable file
View File

@ -0,0 +1,15 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
# https://www.commandlinefu.com/commands/view/5988/re-emerge-all-ebuilds-with-missing-files-gentoo-linux
# Re-emerge all ebuilds with missing files (Gentoo Linux)
qlist --installed --nocolor | uniq | while read cp; do
qlist --exact $cp | grep -v '/usr/share/bash-completion\|/doc/' | while read file; do
test -e "$file" || { echo $cp; echo "$cp: missing $file" 1>&2; break; };
done;
done
exit 0

24
overlay/Gentoo/usr/local/sbin/gentoo_wget_urls.bash Executable file
View File

@ -0,0 +1,24 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter - arguments are to wget - quoted?
ROOTDIR=/mnt/i
if [ "$#" -eq 0 ] ; then
WARGS="-xc -P $ROOTDIR/net/Http --tries=1"
else
WARGS="$@"
fi
grep ^http | \
sed -e 's@^\(https://distfiles.gentoo.org/distfiles/[a-f0-9][a-f0-9]/[^ ]*\) \(https://[^ ]*\) @\2 \1@' | \
sed -e 's@ftp://[^ ]*@@' -e 's@^https://distfiles.gentoo.org/distfiles/[^ ]* https://pypi.python.org/@https://pypi.python.org/@' -e 's/http:/https:/' \
-e 's@https*://mirror.leaseweb.com/gentoo/@https://gentoo.osuosl.org@g' \
-e 's@https*://distfiles.gentoo.org@https://gentoo.osuosl.org@g' | \
while read urls ; do
url=`sed -e 's@ .*@@' <<< $urls`
base=`basename "$url"`
[ -e /usr/portage/distfiles/$base ] && echo distfiles/$base && continue
for url in $urls ; do
wget --restrict-file-names=windows --no-verbose $WARGS $url || continue
break
done
done

6
overlay/Linux/etc/ssl/blacklist_yasat.lis Normal file
View File

@ -0,0 +1,6 @@
# from yasat on Ubuntu16
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
/etc/ssl/certs/DST_ACES_CA_X6.pem
/etc/ssl/certs/GeoTrust_Global_CA_2.pem
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem

4
overlay/Linux/etc/sysctl.d/10_ptrace.conf Normal file
View File

@ -0,0 +1,4 @@
# https://linux-audit.com/protect-ptrace-processes-kernel-yama-ptrace_scope/
# kernel.yama.ptrace_scope = 0: all processes can be debugged, as long as they have same uid. This is the classical way of how ptracing worked.
sysctl kernel.yama.ptrace_scope = 0

50
overlay/Linux/etc/udev/rules.d/70-persistent-net.rules Normal file
View File

@ -0,0 +1,50 @@
# This file was automatically generated by the /lib/udev/write_net_rules
# program, run by the persistent-net-generator.rules rules file.
#
# You can modify it, as long as you keep each rule on a single
# line, and change only the value of the NAME= key.
# PCI device 0x168c:0x0036 (ath9k)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="70:18:8b:7f:c3:bf", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan0"
# PCI device 0x10ec:0x8136 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="74:86:7a:38:33:24", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth0"
# USB device 0x148f:0x3070 (usb)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="48:02:2a:53:36:68", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan1"
# USB device 0x148f:0x5370 (usb)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:87:30:33:5f:38", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan2"
# USB device 0x148f:0x5370 (usb)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:0c:43:44:5a:e8", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan3"
# USB device 0x0cf3:0x9271 (usb)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="00:c0:ca:84:ac:4b", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan4"
# PCI device 0x168c:0x0036 (ath9k)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="70:18:8b:73:37:9f", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan5"
# PCI device 0x8086:0x155a (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="ec:f4:bb:67:40:1e", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth1"
# PCI device 0x8086:0x08b1 (iwlwifi)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="80:19:34:af:89:b7", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan6"
# PCI device 0x10ec:0x8168 (r8169)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="20:47:47:5f:35:2e", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth2"
# PCI device 0x8086:0x095a (iwlwifi)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="4c:34:88:65:bc:f6", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan7"
# PCI device 0x8086:0x15a2 (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:e6:d7:6b:66:0d", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth3"
# PCI device 0x8086:0x095a (iwlwifi)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:02:86:d3:9e:e2", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan8"
# PCI device 0x8086:0x15a2 (e1000e)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:e6:d7:56:fa:c4", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="eth4"
# PCI device 0x8086:0x095a (iwlwifi)
SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="34:02:86:19:a5:e6", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="wlan*", NAME="wlan9"

435
overlay/Linux/usr/bootstrap_pip_ansible.bash Executable file
View File

@ -0,0 +1,435 @@
#!/bin/bash -e
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -o -s pipefail
[ $( id -u ) -eq 0 ] || { echo "ERROR: this must be run as root" ; exit 1 ; }
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
WD=$PWD
PYVER=3
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
MV=mv
COPY="ln -s"
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
[ -z "$BOX_ALSO_GROUP" ] || BOX_ALSO_GROUP=adm
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
# With packer the files we need are not on the host - they are pushed up and $UPTMP is populated with:
PDIRS="authorized_keys archives boxuser_pip_cache root_pip_cache cacert.pem wheels"
# With vagrant the files may have been tarred on the host and be in their cannonical positions.
# We symlink to files under vagrant to /tmp to leave the packer scripts untouched.
# With packer and docker we can remote mount partitions and not even copy them up to the guest.
[ -n "$TESTF_DEBIAN10_VAR_APT_ARCHIVES" ] && [ -d "$TESTF_DEBIAN10_VAR_APT_ARCHIVES/" ] && \
[ ! -e $UPTMP/archives ] && ln -s $TESTF_DEBIAN10_VAR_APT_ARCHIVES/ $UPTMP/archives
[ -n "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && [ -e "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && \
[ ! -e $UPTMP/boxuser_pip_cache ] && ln -s $HOSTVMS_BOXUSER_PLAY_PIP_CACHE/ $UPTMP/boxuser_pip_cache
[ -n "$HOSTVMS_ROOT_PLAY_PIP_CACHE" ] && [ -d "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" ] && \
[ ! -e $UPTMP/root_pip_cache ] && ln -s "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" $UPTMP/root_pip_cache
export PLAY_PIP_CERT="/usr/local/etc/ssl/cacert-testforge.pem"
[ -f $PLAY_PIP_CERT ] && \
[ ! -e $UPTMP/cacert.pem ] && ln -s $PLAY_PIP_CERT $UPTMP/cacert.pem
# config_file = os.environ.get('PIP_CONFIG_FILE', None)
# /usr/$LIB/python2.7/site-packages/pip/_internal/configuration.py
bootstrap_mkdir () { mkdir $1 ; chgrp $BOX_ALSO_GROUP $1 ; }
[ -d /usr/local/tmp ] || { mkdir -p /usr/local/tmp ; chmod 1777 /usr/local/tmp ; }
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
[ -d $site_packages ] || bootstrap_mkdir $site_packages
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
if [ ! -d /usr/local/tmp/wheels ] ; then
cd /usr/local
sh sbin/bootstrap_wheels.bash || exit 2
fi
[ ! -d $UPTMP/wheels/ ] && [ $UPTMP/ != /usr/local/tmp/ ] && ln -s /usr/local/tmp/wheels $UPTMP/wheels
# But with vagrant or docker we may have mounted the HOST partitions that contain the files
# [ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && TESTF_UBUNTU16_VAR_APT_ARCHIVES -> $UPTMP/archives
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=user
[ -z "BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME
[ -z "BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm
[ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp
[ -d $LOGDIR ] || { mkdir $LOGDIR ; chmod 1777 $LOGDIR ; }
# not needed: --no-binary :all: --upgrade-strategy only-if-needed
# not yet: --user
PIP_INSTALL_ARGS="--disable-pip-version-check --prefix=$PREFIX --install-option=--prefix=$PREFIX"
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
export DEBIAN_FRONTEND=noninteractive
export PIP_DEFAULT_TIMEOUT=60
ANSIBLE_VER="2.8.12"
#2? PYYAML_VER="3.12"
ansible_tgz=ansible-$ANSIBLE_VER.tar.gz
#2? yaml_tgz=PyYAML-$PYYAML_VER.tar.gz
if [ -n "$BOX_USER_NAME" ] ; then
# Packer will not have created this and we will need it early.
[ -d $BOX_USER_HOME ] || \
bootstrap_mkdir $BOX_USER_HOME
#? useradd -d $BOX_USER_HOME -G root -m $BOX_USER_NAME
# If you want to use your own private key for packer
[ -d $BOX_USER_HOME/.ssh ] || \
bootstrap_mkdir $BOX_USER_HOME/.ssh
if [ -f $UPTMP/authorized_keys ] ; then
$COPY $UPTMP/authorized_keys $BOX_USER_HOME/.ssh && \
chmod 600 $BOX_USER_HOME/.ssh/authorized_keys
fi
chmod 700 $BOX_USER_HOME/.ssh/
fi
[ -d /var/cache/apt/archives ] || mkdir -p /var/cache/apt/archives
# If you upload your cache of Ubuntu .debs, it cuts down on the downloading
[ -d $UPTMP/archives ] && \
$COPY $UPTMP/archives/*.deb /var/cache/apt/archives 2>/dev/null
# leave this for cleanup:
# rm -rf $UPTMP/archives
# If you upload your cache of pip files, it cuts down on the downloading
if [ -d $UPTMP/boxuser_pip_cache ] ; then
bootstrap_mkdir $BOX_USER_HOME/.cache/ && \
cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \
chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \
chmod -R g+rw $BOX_USER_HOME/.cache/pip && \
chmod -R o-w $BOX_USER_HOME/.cache/pip
fi
if [ -d $UPTMP/root_pip_cache ] ; then
bootstrap_mkdir /root/.cache/ && \
cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \
chown -R root.root /root/.cache/pip && \
chmod -R g+rw /root/.cache/pip && \
chmod -R o-w /root/.cache/pip
fi
if [ -d /etc/apt ] ; then
if ! route | grep -q ^default ; then
DEBUG "Not connected; skipping apt-get update"
elif [ ! -f /var/log/dpkg.log ] ; then
apt-get update # || exit 4
fi
which unzip || ! [ -f /var/cache/apt/archives/unzip_6.0-23+deb10u1_amd64.deb ] || \
dpkg -i /var/cache/apt/archives/unzip_6.0-23+deb10u1_amd64.deb
which curl || [ ! -f /var/cache/apt/archives/curl_7.64.0-4+deb10u1_amd64.deb ] || \
dpkg -i /var/cache/apt/archives/curl_7.64.0-4+deb10u1_amd64.deb \
/var/cache/apt/archives/libcurl4_7.64.0-4+deb10u1_amd64.deb \
/var/cache/apt/archives/libcurl4-openssl-dev_7.64.0-4+deb10u1_amd64.deb
apt-get install -y --force-yes wget unzip openssl || true
[ -f /usr/include/Python.h ] || \
apt-get install -y --force-yes \
libffi-dev libssl-dev python3-dev python3-apt python3-pycparser \
python3-coverage || \
echo WARN you must run apt-get update
# msg: Could not find `coverage` module.
elif [ -d /etc/portage ] ; then
# FixMe: put these in wheels?
[ -x /usr/bin/unzip ] || which unzip 2>/dev/null || emerge -vb app-arch/unzip
[ -x /usr/bin/wget ] || which wget 2>/dev/null || emerge -vb net-misc/wget
which openssl 2>/dev/null || timeout 600 emerge -vb dev-libs/openssl
# openssl installs:
# dev-python/pyopenssl-19.1.0
# dev-python/six-1.13.0
# dev-python/cryptography-2.8
# dev-python/cffi-1.12.3:0/1.12.3
# dev-python/pycparser-2.19-r1
# dev-python/ply-3.11:0/3.11
# virtual/python-ipaddress-1.0-r1
# dev-python/ipaddress-1.0.23
# virtual/python-enum34-2
# dev-python/enum34-1.1.6-r1
python$PYVER -c 'import OpenSSL' 2>/dev/null || timeout 600 emerge -vb dev-python/pyopenssl
python$PYVER -c 'import pycparser' 2>/dev/null || timeout 600 emerge -vb dev-python/pycparser
python$PYVER -c 'import yaml' 2>/dev/null || timeout 600 emerge -vb dev-python/pyyaml
DEBUG "Gentoo Installed openssl and wget"
fi
# On a CORP laptop off the VPN we may need some CAs
[ -d $PREFIX/etc/ssl ] || mkdir -p $PREFIX/etc/ssl
[ ! -f $PLAY_PIP_CERT ] && \
[ -f $UPTMP/cacert.pem ] && \
$COPY $UPTMP/cacert.pem $PLAY_PIP_CERT
# pip gets confused
# or just delete $PREFIX/$LIB/python$PYTHON_MINOR/dist-packages afterwards
for PYVER in 3 ; do
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
[ -d $site_packages ] || bootstrap_mkdir $site_packages
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
if [ -d /etc/apt ] ; then
dist_packages=$PREFIX/lib/python$PYTHON_MINOR/dist-packages
WD=$PWD
if [ -d $dist_packages ] ; then
cd $PREFIX/lib/python$PYTHON_MINOR
ln -s $site_packages .
cd $WD
fi
fi
# we will use $PREFIX/bin/python3.bash NOT $PREFIX/bin/python3.sh
# to not conflict with what Ansible will push later/before.
if [ ! -e $PREFIX/bin/python$PYVER.bash ] ; then
echo "INFO: bootstraping $PREFIX/bin/python$PYVER.bash"
cat > $PREFIX/bin/python$PYVER.bash << EOF
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# from bootstrap_pip_ansible.bash
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
# pip gets confused
dist_packages=$site_packages
dist_packages=\$dist_packages:\${dist_packages}/pip/_vendor
if [ -z "$PYTHONPATH" ] ; then
export PYTHONPATH=\$dist_packages
else
export PYTHONPATH=\$PYTHONPATH:\$dist_packages
fi
exec python$PYTHON_MINOR "\$@"
EOF
chmod 755 $PREFIX/bin/python$PYVER.bash
fi
# pip may be loaded in the base iso
if [ -x $PREFIX/bin/python$PYVER.bash ] && \
$PREFIX/bin/python$PYVER.bash -c 'import pip' 2>/dev/null ; then
INFO pip$VER already installed
elif [ ! -d $UPTMP/wheels/ ] ; then
WARN $UPTMP/wheels not found
else
# we may be without the VPN/proxy but on a corporate laptop
# with a hosed chain of Certificate Authorities for the MITM proxy
# in which case http://bootstrap.pypa.io/get-pip.py will not work,
# so effective but groddy:
# just unzip the wheels into site-packages and force-reinstall later
cd $UPTMP/wheels/
echo "INFO: installing pip - unzipping wheels into $site_packages"
for file in *.whl ; do
#a=$( echo $file | sed -e 's/-.*//' )
#b=$( basename $a|sed -e 's/Py//'|tr '[A-Z]' '[a-z]' )
#python$PYVER -c "import $b" 2>/dev/null >/dev/null && continue
unzip -n $file -d $site_packages >/dev/null
done
# morons
# -rwx------ 1 root root 8866 Jun 11 2018 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/idna-2.7.dist-info/METADATA
find $site_packages -type d -exec chmod a+rx '{}' \;
find $site_packages -type f -exec chmod a+r '{}' \;
chgrp -R "$BOX_ALSO_GROUP" $site_packages
# hack in a PYTHONPATH for our unzipped wheels - removed later
for elt in pip ; do # is wheel needed?
echo "INFO: Installing $elt"
# use $PYVER.bash for bootstrap - $PYVER.bash will come later
cat > $PREFIX/bin/$elt$PYVER.bash << EOF
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
export PLAY_PIP_CERT=$PIP_CERT
export PYTHONPATH=${site_packages}
export PYTHONPATH=\$PYTHONPATH:${site_packages}/pip/_vendor
#? FixMe: narrow to InsecurePlatformWarning
python$PYVER -W ignore -m $elt "\$@"
EOF
chmod 755 $PREFIX/bin/$elt$PYVER.bash
$PREFIX/bin/$elt$PYVER.bash --help >/dev/null
DEBUG "Installed $elt$PYVER.bash"
done
fi
# do I still need this
#if [ -x $PREFIX/bin/pip$PYVER ] && [ -d $site_packages ] ; then
# export PYTHONPATH=$site_packages:$site_packages/pip/_vendor
#fi
if [ ! -x $PREFIX/bin/pip$PYVER.bash ] ; then
echo "ERROR: Failed to Install pip$PYVER at $PREFIX/bin/pip$PYVER.bash"
exit 3
elif ! $PREFIX/bin/python$PYVER.bash -m pip -V ; then
echo "ERROR: Failed to run pip$PYVER at $PREFIX/bin/pip$PYVER"
exit 4
fi
if [ -f $PLAY_PIP_CERT ] ; then
if [ ! -f $site_packages/pip/_vendor/requests/cacert.pem.dst ] && \
[ -f $site_packages/pip/_vendor/requests/cacert.pem ] && \
[ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
mv $site_packages/pip/_vendor/requests/cacert.pem $site_packages/pip/_vendor/requests/cacert.pem.dst
fi
if [ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
rm -f $site_packages/pip/_vendor/requests/cacert.pem
fi
[ -e $site_packages/pip/_vendor/requests/cacert.pem ] || \
ln -s $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
INFO linked $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
fi
done
# dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert
if openssl s_client -connect pypi.org:443 </dev/null | \
grep -q 'unable to get local issuer certificate' ; then
echo "WARN: it looks like you have a hosed SSL Certificate Authority chain"
fi
$PREFIX/bin/pip$PYVER.bash --version || exit 5
[ -d /usr/local/src ] || { bootstrap_mkdir /usr/local/src ; }
[ -d /usr/local/bin ] || { bootstrap_mkdir /usr/local/bin ; }
if [ -f $PLAY_PIP_CERT ] ; then
export PLAY_PIP_CERT=$PIP_CERT
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
else
echo "WARN: PLAY_PIP_CERT not found $PIP_CERT"
fi
if [ ! -f /etc/wgetrc ] ; then
sh $WD/bootstrap_proxy.bash
fi
# pip uses curl - and has a config file PIP_CONFIG
DEBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
if [ -n "$https_proxy" ] ; then
echo "INFO: Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
echo "INFO: Adding to PIP_INSTALL_ARGS $proxy"
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
fi
# lengthen the timeout in case you are on a slow line
# or /etc/pip.conf
# [global]
# timeout = 60
cd $PREFIX/src || exit 6
boostrap_setup_ansible () {
local WD=$PWD
cd /usr/local/src
[ -d ansible-$ANSIBLE_VER ] || tar xfz $UPTMP/wheels/$ansible_tgz
cd ansible-$ANSIBLE_VER
RARGS=" --user $RARGS"
# Can not combine '--user' and '--prefix'
## RARGS=" --prefix=$PREFIX $RARGS"
# Can not combine '--user' and '--install-option=--prefix' ?? - check for symlink
# RARGS=" --prefix=/usr/local $RARGS"
RARGS=" --install-scripts=/usr/local/bin $RARGS"
RARGS=" --install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
RARGS=" --install-layout=unix $RARGS"
export PYTHONPATH=/usr/local/$LIB/python3.7/site-packages
DEBUG "/usr/local/bin/python$PYVER.bash setup.py install $RARGS"
su -c "/usr/local/bin/python$PYVER.bash setup.py install $RARGS" \
${BOX_USER_NAME} >> install.log
retval=$?
cd $WD
return $retval
}
# NOW we use our fresh pip to install ansible from source, into /usr/local
if [ -x $PREFIX/bin/ansible ] ; then
INFO already installed $PREFIX/bin/ansible
else
if true ; then
DEBUG "$PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz"
# install from the file to keep the version pinned
$PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz \
>> $LOGDIR/pip_install_pip_ansible.log 2>&1 || \
{ ERROR installing $ansible_tgz ; cat $LOGDIR/pip_install_pip_ansible.log && exit 7 ; }
else
boostrap_setup_ansible
[ $? -eq 0 ] || { ERROR installing ansible ; tail install.log ; exit 8 ; }
fi
if [ -d /etc/portage/ ] ; then
[ -d /etc/portage/profile ] || mkdir /etc/portage/profile
grep -q app-admin/ansible-$ANSIBLE_VER /etc/portage/profile/package.provided || \
echo app-admin/ansible-$ANSIBLE_VER >> /etc/portage/profile/package.provided
fi
cd $PREFIX/bin
[ -e ansible-doc ] || { ERROR installing ansible-doc ; exit 9 ; }
grep "#\!.$PREFIX/bin/python$PYVER.bash" ansible-doc || \
sed -e "s@^#\!.*python.*@#\!${PREFIX}/bin/python$PYVER.bash@" -i $scripts
fi
ansible --version || exit 10
if [ -f $PLAY_PIP_CERT ] ; then
export PLAY_PIP_CERT=$PIP_CERT
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
else
echo "WARN: PLAY_PIP_CERT not found $PIP_CERT"
fi
if [ ! -f /etc/wgetrc ] ; then
sh $WD/bootstrap_proxy.bash
fi
# pip uses curl - and has a config file PIP_CONFIG
DEBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
if [ -n "$https_proxy" ] ; then
echo "INFO: Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
echo "INFO: Adding to PIP_INSTALL_ARGS $proxy"
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
fi
cd $PREFIX/src
# install pycurl as a test of pip and a requisite for proxyauth.py
if ! $PREFIX/bin/python$PYVER.bash -c 'import curl' 2>/dev/null ; then
if [ -d /etc/apt ] ; then
apt-get install -y --force-yes libcurl4-openssl-dev \
2>&1|tee $LOGDIR/apt-get_install_libcurl4-openssl-dev.log
elif [ -d /etc/portage ] ; then
[ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl
fi
#? --allow-unverified pycurl
if ! route | grep -q ^default ; then
DEBUG "Not connected; not installing pycurl"
elif $PREFIX/bin/pip$PYVER.bash install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then
echo "INFO: Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
# We dont fail the packer build if it errors - just fix it and rerun
$PREFIX/bin/python$PYVER.bash -c 'import curl; print curl.__file__' || true
else
echo "WARN: Installing pycurl failed with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
cat $LOGDIR/pip_install_pycurl.log
fi
fi
[ -e /usr/local/bin/python$PYVER.sh ] || \
[ -h /usr/local/bin/python$PYVER.sh ] || \
ln -s /usr/local/bin/python$PYVER.babash /usr/local/bin/python$PYVER.sh
find /usr/local/$LIB/python$PYVER.7/site-packages/ansible/modules/ -name \*.py \
-exec grep -q /usr/bin/python '{}' \; -print \
-exec sed -e "1,$PYVERs@#!/usr/bin/python@#!/usr/local/bin/python$PYVER.bash@" -i '{}' \;
exit 0

7
overlay/Linux/usr/local/bin/base_certdata2pem.bash Executable file
View File

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
prog=$( basename $0 .bash )
exec python3.sh /usr/local/bin/base_certdata2pem.py "$@"

153
overlay/Linux/usr/local/bin/base_certdata2pem.py Normal file
View File

@ -0,0 +1,153 @@
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
# USA.
import base64
import os.path
import re
import sys
import textwrap
import io
objects = []
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
# Python 3 will not let us decode non-ascii characters if we
# have not specified an encoding, but Python 2's open does not
# have an option to set the encoding. Python 3's open is io.open
# and io.open has been backported to Python 2.6 and 2.7, so use io.open.
for line in io.open('certdata.txt', 'rt', encoding='utf8'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty lines are significant if we are inside an object.
if in_obj and len(line.strip()) == 0:
objects.append(obj)
obj = dict()
in_obj = False
continue
if len(line.strip()) == 0:
continue
if in_multiline:
if not line.startswith('END'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value.append(int(i.group(1), 8))
else:
value += line
continue
obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
field, type = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
field, type = line_parts
value = None
else:
raise NotImplementedError('line_parts < 2 not supported.')
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = bytearray()
continue
obj[field] = value
if len(obj) > 0:
objects.append(obj)
# Read blacklist.
blacklist = []
if os.path.exists('blacklist.txt'):
for line in open('blacklist.txt', 'r'):
line = line.strip()
if line.startswith('#') or len(line) == 0:
continue
item = line.split('#', 1)[0].strip()
blacklist.append(item)
# Build up trust database.
trust = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
continue
if obj['CKA_LABEL'] in blacklist:
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
print('!'*74)
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
print('!'*74)
else:
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION']))
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
# this is the only way to decode the way NSS stores multi-byte UTF-8
# and we need an escaped string for checking existence of things
# otherwise we're dependant on the user's current locale.
if bytes != str:
# We're in python 3, convert the utf-8 string to a
# sequence of bytes that represents this utf-8 string
# then encode the byte-sequence as an escaped string that
# can be passed to open() and os.path.exists()
bname = bname.encode('utf-8').decode('unicode_escape').encode('latin-1')
else:
# Python 2
# Convert the unicode string back to its original byte form
# (contents of files returned by io.open are returned as
# unicode strings)
# then to an escaped string that can be passed to open()
# and os.path.exists()
bname = bname.encode('utf-8').decode('string_escape')
fname = bname + b'.crt'
if os.path.exists(fname):
print("Found duplicate certificate name %s, renaming." % bname)
fname = bname + b'_2.crt'
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
f.write("\n".join(textwrap.wrap(encoded, 64)))
f.write("\n-----END CERTIFICATE-----\n")

90
overlay/Linux/usr/local/bin/base_check_site_py.bash Executable file
View File

@ -0,0 +1,90 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
[ "$#" -eq 0 ] && echo USAGE: $0 2.7 ... 3.9 3.10 3.11 && exit 1
. /usr/local/bin/usr_local_base.bash || exit 2
[ -f $PREFIX/etc/testforge/testforge.bash ] \
&& . /usr/local/etc/testforge/testforge.bash
PYTHON_MINOR="$1"
PYMAJ="${PYTHON_MINOR:0:1}"
if [ -z "$LIB" -a -f /usr/lib/python$PYTHON_MINOR/site.py ] ; then
LIB=lib
elif [ -z "$LIB" -a -f /usr/lib64/python$PYTHON_MINOR/site.py ] ; then
LIB=lib64
fi
[ -d /usr/local/lib/python$PYTHON_MINOR ] && \
[ ! -e /usr/local/lib64/python$PYTHON_MINOR ] && \
ln -s /usr/local/lib/python$PYTHON_MINOR /usr/local/lib64/python$PYTHON_MINOR
if [ "" = "$BASE_PYTHON2_MINOR" ] ; then
not_PYTHON_MINOR=""
elif [ $PYTHON_MINOR = "$BASE_PYTHON2_MINOR" ] ; then
not_PYTHON_MINOR="$BASE_PYTHON3_MINOR"
elif [ $PYTHON_MINOR = "$BASE_PYTHON3_MINOR" ] ; then
not_PYTHON_MINOR="$BASE_PYTHON2_MINOR"
else
ERROR "$PYTHON_MINOR not in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR"
exit 1
fi
INFO $prog PYMAJ=$PYMAJ PYTHON_MINOR=$PYTHON_MINOR not_PYTHON_MINOR=$not_PYTHON_MINOR PYTHONPATH=$PYTHONPATH
export PYTHONPATH=""
if [ "$PYMAJ" = '2' ] ; then
imp='import sys; print sys.path'
elif [ "$PYMAJ" = '3' ] ; then
imp='import sys; print(repr(sys.path))'
fi
[ -x $PREFIX/bin/python$PYMAJ.sh ] || {
echo >&2 ERROR: $prog 2 -x $PREFIX/bin/python$PYMAJ.sh "$PYTHON_MINOR" && exit 2 ;
}
if [ -f /etc/python-exec/python2.conf ] ; then
grep -F "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf || {
echo >&2 ERROR: $prog 3 "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf
}
fi
if [ -f /etc/python-exec/python3.conf ] ; then
grep -F "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf || {
echo >&2 ERROR: $prog 4 "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf
}
fi
# echo -n DEBUG: $prog 2 python$PYTHON_MINOR -S -s
python$PYMAJ -S -s -c "$imp" \
|| { echo >&2 ERROR: $prog 22 $PYTHON_MAJ -S -s"$PYTHON_MINOR" && exit 22 ; }
# echo -n DEBUG: $prog 4 python$PYTHON_MINOR -s
python$PYMAJ -s -c "$imp" \
|| { echo >&2 ERROR: $prog 4 python$PYTHON_MINOR -s "$PYTHON_MINOR" && exit 4 ; }
# echo -n DEBUG: $0 6 $PREFIX/bin/python$PYMAJ.sh -S -s
$PREFIX/bin/python$PYMAJ.sh -S -s -c "$imp" \
|| { echo >&2 ERROR: $prog 6 python$PYMAJ.sh -S -s "$PYTHON_MINOR" && exit 6 ; }
echo -n DEBUG: $0 8 $PREFIX/bin/python$PYMAJ.sh -s
$PREFIX/bin/python$PYMAJ.sh -s -c "$imp" \
|| { echo >&2 ERROR: $prog 8 python$PYMAJ.sh -s "$PYTHON_MINOR" && exit 8 ; }
# INFO $prog 10 $PREFIX/bin/python$PYMAJ.sh sitecustomize.py "$PYTHON_MINOR"
a=$( $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ) || \
{ echo >&2 ERROR: $prog "error 10 $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py" && exit 10 ; }
#[ -x "$a" ] || \
# { echo >&2 ERROR: $prog 11 "broken $PREFIX/bin/python$PYMAJ.sh /usr/local/bin/python2.sh - $a" && exit 11 ; }
#echo >&2 INFO: $prog 11 "$a"
# INFO $prog 12 python$PYTHON_MINOR sitecustomize.py "$PYTHON_MINOR"
python$PYMAJ $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py || \
{ ERROR 12 $prog python$PYMAJ sitecustomize.py "$PYTHON_MINOR" && exit 12 ; }
exit 0
# [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2
# [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3
# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python2.bash ] || exit 22
# [ $( python3.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python3.bash ] || exit 33

27
overlay/Linux/usr/local/bin/base_clean_filenames.bash Executable file
View File

@ -0,0 +1,27 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
PREFIX=/usr/local
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
# accepted files or directories -- to recusively look for files in
[ "$#" -eq 0 ] && set -- $PWD/
# Clean the bad ones under Windows: [:] and other uglies ['"{}[]?!]
# The Bad ones break rsync and but the others can cause trouble elsewhere
re='[^ .,~%+=^@!0-9a-zA-z_()#-]'
find "$@" -type f -or -type d | while read file ; do
dir=`dirname "$file"`
base=`basename "$file"`
# wierd = misses "ZeeRex The Explainable ``Explain__ Service.htm"
new=`sed -f $PREFIX/share/sed/base_clean_filenames.sed <<< $base`
[ "$base" = "$new" ] && continue
[ -f "$file" -a -f "$dir/$new" ] && diff -qr "$file" "$dir/$new" && rm -f "$file" && continue
DBUG \"$file\" \"$dir/$new\"
mv -i "$file" "$dir/$new"
done
exit 0

24
overlay/Linux/usr/local/bin/base_clean_path.bash Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# we use stdout
ROLE=base
prog=$( basename $0 .bash )
N=""
IFS=':'
[ -z "$UID" ] && UID=$( id -u )
for elt in $PATH ; do
[ $UID -eq 0 -a "$elt" = '.' ] && continue
[ -d "$elt" ] || continue
[ -z "$N" ] && N="$elt" && continue
[[ $N =~ (^|:)${elt}(:|$) ]] && continue
N="$N:$elt" && continue
done
IFS=' '
elt=/var/local/bin
[[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt"
echo $N
exit 0

40
overlay/Linux/usr/local/bin/base_clean_pythonpath.bash Executable file
View File

@ -0,0 +1,40 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# answer output
prog=$( basename $0 .bash )
ROLE=base
[ $# -lt 2 ] && echo "USAGE: $0 PYTHON_MINOR PPATH" >>/proc/self/fd/2 && exit 1
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
PYTHON_MINOR=$1
PPATH=$2
PYVER=$( echo $1|sed -e 's/.*python//' -e 's@/.*@@' )
[[ "$PYTHON_MINOR" =~ .*2\..* ]] && notPYVER="3." || notPYVER="2."
# echo "DEBUG: $1 $PPATH $notPYVER" >>/proc/self/fd/2
N=""
IFS=':'
warns=0
[ -z "$UID" ] && UID=$( id -u )
for elt in $PPATH ; do
[ -d "$elt" ] || continue
[[ $elt =~ .*python${notPYVER}.* ]] ; a=$?
# DBUG $1 $elt $notPYVER a=$a >>/proc/self/fd/2
[ $a -eq 0 ] && { WARN $prog wanted: $PYTHON_MINOR got: $elt >>/proc/self/fd/2 ; \
warns=$( expr $warns + 1 ) ; continue ; }
[ -z "$N" ] && N="$elt" && continue
[[ $N =~ $elt ]] && continue
[ -n "$N" ] && N="$N:$elt"
# DBUG $prog adding: $elt
done
IFS=' '
echo $N
exit $warns

95
overlay/Linux/usr/local/bin/base_daily.bash Executable file
View File

@ -0,0 +1,95 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
# The idea here is to run ansible_local.bash --tags daily
# and then use this to do the parsing and throwing errors based on the output.
# This was the ansible run can be free from erroring and this can be
# run repeatedly anytime outside of ansible to deal with the issues raised.
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
. /usr/local/etc/local.d/local.bash
MYID=$( id -u )
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
LOG_DIR=/usr/local/tmp
ly=daily
errs=0
warns=0
# sh /usr/local/bin/base_hourly.bash
LOG_DIR=/usr/local/tmp/$ly
[ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR"
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
OUT=$LOG_DIR/O${prog}_${ly}$$.log
rm -f $LOG_DIR/*${prog}_${ly}*.log
if [ -f /var/log/dmesg.log ] ; then
grep 'IOMMU enabled' /var/log/dmesg.log || WARN NOT 'IOMMU enabled' | tee -a $WLOG
fi
cp /dev/null /var/log/dirmngr.log
/usr/local/bin/base_gnupg_test.bash || ERROR $retval /usr/local/bin/base_gnupg_test.bash >> $WLOG
[ -d /etc/portage ] && \
grep 'ERR 219 Server indicated a failure' /var/log/dirmngr.log >> $ELOG
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
if [ -d /etc/apt -a -d /o/Cache/Apt/Devuan/4 ] ; then
[ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && \
TESTF_UBUNTU16_VAR_APT_ARCHIVES=/o/Cache/Apt/Devuan/4
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=devuan
else
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=vagrant
fi
if [ -d /o/Cache/Pip/ ] ; then
[ -z "$HOSTVMS_BOXUSER_PIP_CACHE" ] && \
HOSTVMS_BOXUSER_PIP_CACHE=/o/Cache/Pip/
fi
# FixMe: bootstrap
elt=pip ; DBUG $elt
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
for PYVER in 2 3 ; do
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
[ $? -eq 0 -a -f $pfile ] && continue
# /usr/local/sbin/bootstrap_pip.bash
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
[ $? -eq 0 -a -f $pfile ] || WARN pip $PYVER not installed - $pfile
for elt in $scripts ; do
[ -e $PREFIX/bin/$elt ] || { WARN installing $elt $PYVER ; }
done
done
elt=doctest3
if [ $MYID -ne 0 ] ; then
/var/local/bin/testforge_python_doctest3.bash \
/var/local/share/doc/txt/base3.txt \
> "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG
fi
[ -f $WLOG ] && warns=$( wc -l $WLOG | cut -f 1 -d ' ' )
[ $? -eq 0 -a $warns -ne 0 ] && \
WARN "$prog $warns $ly $prog warnings in $WLOG"
[ -f $ELOG ] && errs=$( wc -l $ELOG | cut -f 1 -d ' ' )
[ $? -eq 0 -a $errs -ne 0 ] && \
echo "ERROR: $prog $errs $ly $prog errors in $ELOG" && cat $ELOG
[ $errs -eq 0 ] && \
[ $warns -eq 0 ] && \
INFO "$prog No $ly errors" && \
rm -f $WLOG $ELOG $OUT
exit $errs

51
overlay/Linux/usr/local/bin/base_daily.exp Normal file
View File

@ -0,0 +1,51 @@
#!/usr/bin/expect --
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
set timeout 30
set KEY_ID 96D8BF6D
#? stty raw -echo
spawn gpg --home /etc/portage/gnupg --edit-key $KEY_ID trust
# unknown] (1). Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
# unknown] (2) Gentoo Portage Snapshot Signing Key (Automated Signing Key)
## tsign
#expect "Really sign all user IDs? (y/N)?*"
#send_user "Sending y\n"
#send "y\n"
# tsign -> gpg: no default secret key: No secret key
# trust
expect "Your decision?*"
send_user "Sending 4\n"
send "4\n"
# No save is required for trust
expect "gpg>*"
send_user "Sending save\r"
send "save\r"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
} "Key not changed so no update needed*" {
exit 0
}
expect "gpg>*"
send_user "Sending quit\r"
send "quit\r"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
}
# expect -r .+ {send "\r"}

344
overlay/Linux/usr/local/bin/base_daily.html Normal file
View File

@ -0,0 +1,344 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Release media signatures Gentoo Linux</title>
<meta name="theme-color" content="#54487a">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta property="og:title" content="Release media signatures Gentoo Linux">
<meta property="og:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
<meta property="og:description" content="News and information from Gentoo Linux">
<meta name="twitter:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
<link rel="apple-touch-icon" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
<link rel="icon" sizes="192x192" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
<link href="https://assets.gentoo.org/tyrian/v1/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="https://assets.gentoo.org/tyrian/v1/tyrian.min.css" rel="stylesheet" media="screen">
<link href="/assets/css/screen.css" rel="stylesheet" media="screen">
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
</head>
<body class="">
<header>
<div class="site-title">
<div class="container">
<div class="row">
<div class="site-title-buttons">
<div class="btn-group btn-group-sm">
<a href="https://get.gentoo.org/" role="button" class="btn get-gentoo"><span class="fa fa-fw fa-download"></span> <strong>Get Gentoo!</strong></a>
<div class="btn-group btn-group-sm">
<a class="btn gentoo-org-sites dropdown-toggle" data-toggle="dropdown" data-target="#" href="#">
<span class="fa fa-fw fa-map-o"></span> <span class="hidden-xs">gentoo.org sites</span> <span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right">
<li><a href="https://www.gentoo.org/" title="Main Gentoo website"><span class="fa fa-home fa-fw"></span> gentoo.org</a></li>
<li><a href="https://wiki.gentoo.org/" title="Find and contribute documentation"><span class="fa fa-file-text-o fa-fw"></span> Wiki</a></li>
<li><a href="https://bugs.gentoo.org/" title="Report issues and find common issues"><span class="fa fa-bug fa-fw"></span> Bugs</a></li>
<li><a href="https://forums.gentoo.org/" title="Discuss with the community"><span class="fa fa-comments-o fa-fw"></span> Forums</a></li>
<li><a href="https://packages.gentoo.org/" title="Find software for your Gentoo"><span class="fa fa-hdd-o fa-fw"></span> Packages</a></li>
<li class="divider"></li>
<li><a href="https://planet.gentoo.org/" title="Find out what's going on in the developer community"><span class="fa fa-rss fa-fw"></span> Planet</a></li>
<li><a href="https://archives.gentoo.org/" title="Read up on past discussions"><span class="fa fa-archive fa-fw"></span> Archives</a></li>
<li><a href="https://gitweb.gentoo.org/" title="Browse our source code in Gitweb"><span class="fa fa-code fa-fw"></span> Gitweb</a></li>
<li class="divider"></li>
<li><a href="https://infra-status.gentoo.org/" title="Get updates on the services provided by Gentoo"><span class="fa fa-server fa-fw"></span> Infra status</a></li>
</ul>
</div>
</div>
</div>
<div class="logo">
<a href="/" title="Back to the homepage" class="site-logo">
<object data="https://assets.gentoo.org/tyrian/v1/site-logo.svg" type="image/svg+xml">
<img src="https://assets.gentoo.org/tyrian/v1/site-logo.png" alt="Gentoo Linux logo">
</object>
</a>
</div>
</div>
</div>
</div>
<nav class="tyrian-navbar" role="navigation">
<div class="container">
<div class="row">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-main-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse navbar-main-collapse">
<ul class="nav navbar-nav">
<li class=""><a href="/">Home</a></li>
<li class=""><a href="/get-started/">Get started</a></li>
<li class="active"><a href="/downloads/">Downloads</a></li>
<li class=""><a href="/inside-gentoo/">Inside Gentoo</a></li>
<li class=""><a href="/support/">Support</a></li>
<li class=""><a href="/get-involved/">Get involved</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class=""><a href="/donate/"><span class="fa fa-heart" style="color:#d9534f;"></span> Donate</a></li>
</ul>
</div>
</div>
</div>
</nav>
<nav class="navbar navbar-grey navbar-stick" role="navigation">
<div class="container">
<div class="row">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-secondary-collapse">
<span class="sr-only">Toggle secondary navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse navbar-secondary-collapse">
<ul class="nav navbar-nav">
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
<li class="active"><a href="/downloads/signatures/">Signatures</a></li>
</ul>
</div>
</div>
</div>
</nav>
</header>
<div class="container">
<div class="row">
<div id="content" class="col-md-12">
<h1 class="first-header">Release media signatures</h1>
<p>
Our current releases are signed with either of these keys <strong>or any sub keys:</strong>
</p>
<br>
<table class="table table-striped">
<tr>
<th>Key Fingerprint</th>
<th>Description</th>
<th>Created</th>
<th>Expiry</th>
</tr>
<tr>
<td><kbd>13EBBDBEDE7A12775DFDB1BABB572E0E2D182910</kbd></td>
<td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td>
<td>2009-08-25</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D</kbd></td>
<td>Gentoo ebuild repository signing key (Automated Signing Key)</td>
<td>2011-11-25</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72</kbd></td>
<td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors</a> (automated git signing key)</td>
<td>2018-05-28</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td>
<td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td>
<td>2004-07-20</td>
<td>2022-01-01</td>
</tr>
<tr>
<td><kbd>ABD00913019D6354BA1D9A132839FE0D796198B1</kbd></td>
<td>Gentoo Authority Key L1</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>18F703D702B1B9591373148C55D3238EC050396E</kbd></td>
<td>Gentoo Authority Key L2 for Services</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>2C13823B8237310FA213034930D132FF0FF50EEB</kbd></td>
<td>Gentoo Authority Key L2 for Developers</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
</table>
<br>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying files</h3>
</div>
<div class="panel-body">
<p>To verify downloaded files are not tampered with, you need the <tt>.DIGESTS</tt> file matching your release and the matching key from the table above.</p>
<p>Fetch the key:</p>
<p><kbd>gpg --keyserver hkps://keys.gentoo.org --recv-keys &lt;key fingerprint&gt;</kbd></p>
<p>Alternatively, you can fetch a bundle containing all listed keys:</p>
<p><kbd>wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import</kbd></p>
<p>Verify the <tt>DIGESTS</tt> file:</p>
<p><kbd>gpg --verify &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p>Verify the download matches the digests. At least one of the following will exist:</p>
<p><kbd>sha512sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p><kbd>sha256sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p><kbd>sha1sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<br>
<div class="alert alert-info">
Detailed instructions are available in the <a href="https://wiki.gentoo.org/wiki/Handbook:Main_Page" class="alert-link">Gentoo Handbook</a>.
</div>
</div>
</div>
</div>
</div>
</div>
<footer>
<div class="container">
<div class="row">
<div class="col-xs-12 col-md-offset-2 col-md-7">
</div>
<div class="col-xs-12 col-md-3">
<h3 class="footerhead">Questions or comments?</h3>
Please feel free to <a href="/inside-gentoo/contact/">contact us</a>.
</div>
</div>
</div>
<div class="container-sitemap">
<div class="container">
<div class="row row-sitemap hidden-sm hidden-xs">
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/">Home</a></h3>
<ul class="sitemap">
<li class=""><a href="/news/">News</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/get-started/">Get Started</a></h3>
<ul class="sitemap">
<li class=""><a href="/get-started/about/">About Gentoo</a></li>
<li class=""><a href="/get-started/philosophy/">Philosophy</a></li>
<li class=""><a href="/get-started/screenshots/">Screenshots</a></li>
<li class=""><a href="https://wiki.gentoo.org/wiki/FAQ">FAQ <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/downloads/">Downloads</a></h3>
<ul class="sitemap">
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
<li class=""><a href="/downloads/signatures/">Signatures</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/inside-gentoo/">Inside Gentoo</a></h3>
<ul class="sitemap">
<li class=""><a href="/inside-gentoo/developers/">Developers</a></li>
<li class=""><a href="https://wiki.gentoo.org/wiki/Project:Gentoo">Projects <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/glep/">GLEPs</a></li>
<li class=""><a href="/inside-gentoo/artwork/">Artwork</a></li>
<li class=""><a href="/inside-gentoo/foundation/">Gentoo Foundation</a></li>
<li class=""><a href="/inside-gentoo/sponsors/">Sponsors</a></li>
<li class=""><a href="/inside-gentoo/stores/">Stores</a></li>
<li class=""><a href="/inside-gentoo/contact/">Contact</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/support/">Support</a></h3>
<ul class="sitemap">
<li class=""><a href="/support/consulting/">Consulting</a></li>
<li class=""><a href="/support/documentation/">Documentation</a></li>
<li class=""><a href="/support/news-items/">News items</a></li>
<li class=""><a href="https://packages.gentoo.org/">Package database <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/support/security/">Security</a></li>
<li class=""><a href="/support/use-flags/">USE flags</a></li>
<li class=""><a href="/support/rsync-mirrors/">rsync mirrors</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/get-involved/">Get Involved</a></h3>
<ul class="sitemap">
<li class=""><a href="/get-involved/irc-channels/">IRC channels</a></li>
<li class=""><a href="https://forums.gentoo.org/">Forums <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/get-involved/mailing-lists/">Mailing lists</a></li>
<li class=""><a href="/get-involved/contribute/">Contribute</a></li>
<li class=""><a href="/get-involved/become-developer/">Become a developer</a></li>
<li class=""><a href="/get-involved/get-code/">Get the code</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-xs-3 col-md-2">
<ul class="footerlinks three-icons">
<li><a href="https://twitter.com/gentoo" title="@Gentoo on Twitter"><span class="fa fa-twitter fa-fw"></span></a></li>
<li><a href="https://www.facebook.com/gentoo.org" title="Gentoo on Facebook"><span class="fa fa-facebook fa-fw"></span></a></li>
</ul>
<div>
<div class="sitemap text-center">
<a href="https://wiki.gentoo.org/wiki/Foundation:Privacy_Policy">Privacy Policy</a>
</div>
</div>
</div>
<div class="col-xs-8 col-md-8">
<strong>&copy; 2001&ndash;2021 Gentoo Authors</strong><br>
<small>
Gentoo is a trademark of the Gentoo Foundation, Inc.
The contents of this document, unless otherwise expressly stated, are licensed under the
<a href="https://creativecommons.org/licenses/by-sa/3.0/" rel="license">CC-BY-SA-3.0</a> license.
The <a href="/inside-gentoo/foundation/name-logo-guidelines.html">Gentoo Name and Logo Usage Guidelines</a> apply.
</small>
</div>
<div class="col-xs-1 col-md-1">
<strong><a class="text-dark" href="https://gitweb.gentoo.org/sites/www.git/">Version</a></strong><br>
<small>
91e01cb
</small>
</div>
</div>
</div>
</footer>
<script src="https://assets.gentoo.org/tyrian/v1/jquery.min.js"></script>
<script src="https://assets.gentoo.org/tyrian/v1/bootstrap.min.js"></script>
</body>
</html>

10
overlay/Linux/usr/local/bin/base_get_if.bash Executable file
View File

@ -0,0 +1,10 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# remove
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
exec bash /usr/local/bin/proxy_get_if.bash "$@"

56
overlay/Linux/usr/local/bin/base_hourly.bash Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
NOW=`date +%Y-%m-%d`
NOWM=`date +%Y-%m`
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ $( id -u ) -eq 0 ] || { ERROR $prog should be run as root ; exit 1 ; }
ly=hourly
errs=0
warns=0
elt=base
LOG_DIR=/usr/local/tmp
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
OUT=$LOG_DIR/O${prog}_${ly}$$.log
find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete
ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG
if ip route | grep -v ^def ; then
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$?
dirmngr-client -v --ping </dev/null || exit 4$?
fi
if [ $USER = root ] ; then
DBUG /var/log/auth.log
grep --text $NOW'.*\(Permission denied\|Could not\)' /var/log/auth.log
# | less -Ps"$NOW sauth.log" -Pm"$NOW sauth.log"
dmesg |grep -q martian && WARN `dmesg |grep -c martian ` Martians
fi
find /tmp -type f -empty -delete
[ -f $WLOG ] && warns=`wc -l $WLOG | cut -f 1 -d ' '`
[ $? -eq 0 -a $warns -ne 0 ] && \
WARN "$warns $ly $prog warnings in $WLOG"
[ -f $ELOG ] && errs=`wc -l $ELOG | cut -f 1 -d ' '`
[ $? -eq 0 -a $errs -ne 0 ] && \
ERROR "$errs $ly $prog errors in $ELOG" && cat $ELOG && exit $errs
[ $errs -eq 0 ] && \
ols_clean_testforge_logs $HARDEN_LOG_DIR && \
[ $warns -eq 0 ] && \
INFO "$prog No $ly errors in $HARDEN_LOG_DIR"
exit 0

38
overlay/Linux/usr/local/bin/base_pip_update.bash Executable file
View File

@ -0,0 +1,38 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
# pip installs into /usr/local/bin
# export PATH=.:$PATH:/usr/local/bin
LARGS="$@"
[ "$#" -ge 2 -a $1 = "-p" -a $2 = "2" ] && PYVER=2 || PYVER=3
$PREFIX/bin/base_pip_upgrade.bash "$@" | grep -v 'INFO:\|ERROR:\|DEBUG:' | \
tee /tmp/P$$.lis | \
while read elt rest ; do
[ $PYVER = 2 ] && str="import $elt;print $elt.__file__" || \
str="import $elt;print($elt.__file__)"
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1
if [ $? -ne 0 ] ; then
lelt=$( echo $elt | tr '[:upper:]' '[:lower:]' )
if [ "$lelt" != "$elt" ] ; then
[ $PYVER = 2 ] && str="import $lelt;print $lelt.__file__" || \
str="import $lelt;print($lelt.__file__)"
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1 || \
{ rm -f /tmp/P$$.log ; continue ; }
fi
fi
grep /usr/lib /tmp/P$$.log && DBUG $PYVER $elt $rest && continue
grep $PREFIX /tmp/P$$.log && INFO $PYVER $elt $rest && continue
cat /tmp/P$$.log && WARN $PYVER $elt $rest && continue
done
rm -f /tmp/P$$.log
exit 0

122
overlay/Linux/usr/local/bin/base_pip_upgrade.bash Executable file
View File

@ -0,0 +1,122 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pip installs into /usr/local/bin
# export PATH=.:$PATH:/usr/local/bin
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
. /usr/local/etc/testforge/testforge.bash || exit 1
[ -d PREFIX=/var/local/var/log ] && \
BASE_LOG_DIR=/var/local/var/log || \
BASE_LOG_DIR=/tmp
pyver=3
inter=0
verbose=3
usage() {
echo "Usage: $0 [OPTIONS] dirs-or-files"
echo
echo " -i | --inter=$inter - interactivly upgrade 0 or 1 [0]"
echo " -p | --pyver=$pyver - python version - 2 or 3"
echo " -v | --verbose=$verbose - verbosity 0 least 5 most"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
exitWithErrMsg() {
retval=$1
shift
echo "$1" 1>&2
exit $retval
}
SHORTOPTS="hVp:v:i:"
LONGOPTS="help,version,pyver:,verbose:,inter:"
PKGS=
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && exitWithErrMsg 1 "Aborting."
route | grep -q ^default || exitWithErrMsg 2 "We are not connected: Aborting."
eval set -- "$ARGS"
while true; do
case "$1" in
-p|--pyver)
shift
pyver="$1"
;;
-i|--inter)
shift
inter=1
;;
-v|--verbose)
shift
verbose="$1"
;;
-h|--help)
usage
exit 0
;;
'--')
shift
PKGS="$*"
break
;;
*)
break
;;
esac
shift
done
#echo $PKGS
if [[ $pyver =~ 2.* ]] ; then
LOG_DIR=$BASE_LOG_DIR/pip/$BASE_PYTHON2_MINOR
pip_exe=/usr/local/bin/pip2.sh
else
LOG_DIR=$BASE_LOG_DIR/testforge/pip/$BASE_PYTHON3_MINOR
pip_exe=/usr/local/bin/pip3.sh
fi
cd /usr/local/bin
# --process-dependency-links
# this is missing many/most
# --format: invalid choice: 'legacy' (choose from 'columns', 'freeze', 'json')
$pip_exe list -o --format=columns --user | tee /tmp/$$.log
# pyface (Current: 4.5.2 Latest: 5.0.0 [sdist])
grep 'wheel$\|sdist$' /tmp/$$.log | while read pkg current latest rest ; do
echo "INFO: $pkg from $current to $latest "
if [ -n "$PKGS" ] ; then
echo "$PKGS" | grep -v "grep" | grep -q "$pkg" || continue
fi
# this is for the Msys distribution build from source
if [ -f ../src/$pkg.bash ] && grep VER= ../src/$pkg.bash ; then
[ -f ../src/$pkg.bash.old ] && WARN "$0 backup present $pkg.old" && continue
grep -q "^VER=\"$latest\"" ../src/$pkg.bash && \
WARN "$0 $pkg already $latest" && continue
mv ../src/$pkg.bash ../src/$pkg.bash.old
sed -e "s/VER=$current/VER=$latest/" ../src/$pkg.bash < ../src/$pkg.bash.old
echo "INFO: package $pkg "
fi
# -u 2
[ $inter -eq 0 ] && continue
read -p "READ: Upgrade $pkg from $current to $latest? " yn
[ "$yn" = "q" ] && exit
[ "$yn" = "y" ] || continue
$pip_exe $pkg $current $latest
done
rm -f /tmp/$$.log
exit 0

61
overlay/Linux/usr/local/bin/base_sheebang_after_pip.bash Executable file
View File

@ -0,0 +1,61 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

67
overlay/Linux/usr/local/bin/base_shutdown.bash Executable file
View File

@ -0,0 +1,67 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
PREFIX=/usr/local
. /usr/local/bin/usr_local_base.bash || exit 2
. ~/.bash_logout
# these can hang unmounting partitions
pkill dirmngr
pkill bootlogd
[ -x /var/local/bin/privacy_home_cleaner.bash ] && /var/local/bin/privacy_home_cleaner.bash
[ -f ~/Makefile ] && grep -q ^stop: ~/Makefile && \
{ cd ~ ; make stop || exit 2 ; }
local_base_umount () {
local mount
cd /mnt
mount=`mount`
for file in linux* ; do
echo $mount | grep -q " on /mnt/$file " || continue
echo /mnt/$file
umount -R /mnt/$file || exit 1
done
# not l - a b f d n u x i j k o q w e h z
for file in ? ; do
echo $mount | grep -q " on /mnt/$file " || continue
# echo /mnt/$file
umount /mnt/$file || WARN $prog error umounting /mnt/$file
done
umount -a
}
local_base_umount || exit 3
# should be 0
NUM=`losetup -a |grep -c -v home`
if [ $NUM -gt 0 ] ; then
losetup -a |grep -v home
echo losetup still mounted
exit 5
fi
sleep 10
umount -a -t ntfs-3g
# should be 1
NUM=`ps ax | grep mount.ntfs-3g | grep -v grep | wc -l`
if [ $NUM -ge 1 ] ; then
ps ax | grep mount.ntfs-3g | grep -v grep
ERROR mount.ntfs-3g still running
exit 6
fi
INFO Calling shutdown
if [ $# -lt 1 ] ; then
shutdown -r now
else
shutdown $*
fi

32
overlay/Linux/usr/local/bin/base_testforge_perm.bash Executable file
View File

@ -0,0 +1,32 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# very dangerous
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
[ -d "$ROOT" ] || exit 1
ROLE=base
cd $ROOT || exit 2
GROUP=adm
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP
if [ -d ${ROOT}/var/local ] ; then
# allow
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
chmod -R g+rw,o-w ${ROOT}/var/local/{bin,data,lib64,src,net}
chmod a+x ${ROOT}/var/local/{bin,src,share/bash}/*sh
# if [ -d ${ROOT}/var/local/src/lynis ] ; then
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
# forbid /var
chgrp -R root ${ROOT}/var/local/{etc,var,share}
chmod -R g-w,o-w ${ROOT}/var/local/{etc,var,share}
fi
if [ -d ${ROOT}/usr/local ] ; then
# forbid /usr but lib/python* will be created and allowed on install
chgrp -R root ${ROOT}/usr/local/
chmod -R g-w,o-rw ${ROOT}/usr/local/
fi
exit 0

56
overlay/Linux/usr/local/bin/base_wall.bash Executable file
View File

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
exit 0
ROLE=base
usage="
Usage:
wall [options] [message]
Write a message to all users.
Options:
-n, --nobanner do not print banner
-h, --help display this help and exit
"
SHORT=nh
LONG=nobanner,help
PARSED=$(getopt --options $SHORT --longoptions $LONG --name "$0" -- "$@")
if [[ $? -ne 0 ]]; then
echo "$usage"
exit 2
fi
eval set -- "$PARSED"
while true; do
case "$1" in
-n|--nobanner)
n=y
shift
;;
-h|--help)
echo "$usage"
exit 0
;;
--)
shift
break
;;
*)
exit 3
;;
esac
done
ps -ef | grep " pts/" | awk '{print $6}' | sort -u > /tmp/terminals_$$.tmp
ps -ef | grep " tty" | awk '{print $6}' | sort -u | grep -v "pts" >> /tmp/terminals_$$.tmp
if [ "$n" ]; then
pre=""
post=""
else
pre="-e \nBroadcast message from $(whoami)@$(hostname) ($(ps ax | grep "^$$" | awk '{ print $2 }')) ($(date +"%a %b %d %H:%M:%S %Y")):\n\n"
post='\n'
fi
cat /tmp/terminals_$$.tmp | while read TTY_TO; do echo $pre"$*"$post | sudo tee /dev/$TTY_TO 1>/dev/null; done
rm /tmp/terminals_$$.tmp

9
overlay/Linux/usr/local/bin/bash_to_bash.bash Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
ROLE=base
# extra cleanups to bash from yaml_to_bash
sed -e '/\[/s@, @ @g' \
-e '/\[/s@\([^"]\)u"@\1"@g' -e "/\[/s@\([^']\)u'@\1'@g" \
-e 's@="*\[\(.*\)\]@=(\1)@' -e "s@='*\[\(.*\)\]@=(\1)@"

29
overlay/Linux/usr/local/bin/fact_to_bash.bash Executable file
View File

@ -0,0 +1,29 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# N.B.: creates /usr/local/etc/testforge/testforge.bash
# filter or program
# should be -f VAR_LOCAL/share/sed/fact_to_bash.sed
# but /usr/local/etc/testforge/testforge.bash isnt created yet
ROLE=base
# wierd: doesnt work on Ubuntu - grep -F -e '=' $* | sed -e 's@^ *@@' | eval
grep '=' $* | sed \
-e "s@u*'@@g" \
-e 's@^ *@@' \
-e 's@\[@"@' \
-e 's@\]@"@' \
-e 's@, @ @g' \
> /tmp/$$.bash
. /tmp/$$.bash
IFS='\t' sed -e 's/=/\t/' -e 's/"//g' /tmp/$$.bash |sort -u | while read key val ; do
# why filter these out?
# echo $key | grep -q 'SOCKS_PROXY\|NO_PROXY\|HTTP_PROXY\|HTTPS_PROXY\|GIT_' && continue
echo "export $key=\"$val\""
done
# rm /tmp/$$.bash

8
overlay/Linux/usr/local/bin/fact_to_yaml.bash Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
# filter or program
grep '=' "$*" \
| sed -e "s@=@: @" -e "s@^ *@@"

108
overlay/Linux/usr/local/bin/pip.sh Executable file
View File

@ -0,0 +1,108 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/usr_local_base.bash || exit 3
ROLE=base
PREFIX=/usr/local
[ -z "$PYVER" ] && PYVER=3
declare -a TARGET
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
fi
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
$PREFIX/bin/python$PYVER.sh -m pip "$@"
exit $?
elif [ "$1" = 'html' ] ; then
wget -c -O - https://pypi.org/project/$2 2>/dev/null
exit $?
elif [ "$1" = 'lynx' ] ; then
lynx https://pypi.org/project/$2
exit $?
elif [ "$1" = 'elinks' ] ; then
elinks https://pypi.org/project/$2
exit $?
fi
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
fi
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
fi
# could from pip import download;print(download.__file__)
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
mv $file $file.dst
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
> $file $file.dst
fi
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
fi
if [ -e $PREFIX/net/Cache/Pip ] ; then
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
fi
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy http://localhost:3128"
MYID=$( id -u )
if [ "$1" = 'uninstall' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
elif [ "$1" = 'install' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
shift
RARGS="$RARGS --progress-bar=off"
# LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh"
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
# Can not combine '--user' and '--prefix'
if true ; then # >9.0.1
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
:
else
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
RARGS=" --prefix=$PREFIX $RARGS"
fi
else
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
# no quotes around the --install-option arg
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
fi
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
# fi
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
# this prohibits installing .egg dirs but maybe that means no multi-version
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
# require explicit package-by package installing - ? maybe only from ansible?
RARGS="install $RARGS"
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
fi
TARGET=("$@")
echo DBUG $prog $LARGS $RARGS "$@"
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1

8
overlay/Linux/usr/local/bin/pip2.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
export PYVER=2
exec /usr/local/bin/pip.sh "$@"

108
overlay/Linux/usr/local/bin/pip3.11.sh Normal file
View File

@ -0,0 +1,108 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/usr_local_base.bash || exit 3
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
PREFIX=/usr/local
PYVER=3
declare -a TARGET
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
fi
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python3.10 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
PYTHON_MINOR=3.11
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
$PREFIX/bin/python$PYVER.sh -m pip "$@"
exit $?
elif [ "$1" = 'html' ] ; then
wget -c -O - https://pypi.org/project/$2 2>/dev/null
exit $?
elif [ "$1" = 'lynx' ] ; then
lynx https://pypi.org/project/$2
exit $?
elif [ "$1" = 'elinks' ] ; then
elinks https://pypi.org/project/$2
exit $?
fi
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
fi
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
fi
# could from pip import download;print(download.__file__)
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
mv $file $file.dst
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
> $file $file.dst
fi
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
fi
if [ -e $PREFIX/net/Cache/Pip ] ; then
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
fi
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy localhost:3128"
MYID=$( id -u )
if [ "$1" = 'uninstall' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
elif [ "$1" = 'install' ] ; then
shift
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
RARGS="$BASE_PIP_INSTALL_ARGS"
# Can not combine '--user' and '--prefix'
if true ; then # >9.0.1
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
:
else
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
RARGS=" --prefix=$PREFIX $RARGS"
fi
else
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
# no quotes around the --install-option arg
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
fi
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
# fi
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
# this prohibits installing .egg dirs but maybe that means no multi-version
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
# require explicit package-by package installing - ? maybe only from ansible?
RARGS="install $RARGS"
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
fi
TARGET=("$@")
echo DBUG $prog $LARGS $RARGS "$@"
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1

8
overlay/Linux/usr/local/bin/pip3.sh Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
export PYVER=3
exec /usr/local/bin/pip.sh "$@"

974
overlay/Linux/usr/local/bin/proxy_ping_test.bash Executable file
View File

@ -0,0 +1,974 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=proxy
PYVER=3
# DEBUG=1
. /usr/local/bin/proxy_ping_lib.bash || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
PL=/usr/local/bin/proxy_libvirt_lib.bash
declare -a tests
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
which dig 2>/dev/null >/dev/null && HAVE_DIG=1 || HAVE_DIG=0
which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
[ -z "$prog" ] || prog=proxy_ping_test
proxy_ping_get_socks
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
HTTPS_PORT=9128
HTTPS_HOST=127.0.0.1
proxy_ping_get_https
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
HTTP_PORT=3128
HTTP_PROXY_HOST=127.0.0.1
proxy_ping_get_http
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -n "$PYTHON_MINOR" ] || exit 4
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
#? ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
exit 5
fi
THOPS=40
NEEDED_BINS="ping traceroute nmap dig nslookup tor-resolve"
NEEDED_SCRIPTS="
/usr/local/bin/proxy_ping_lib.bash
/usr/local/bin/proxy_ping_test.bash
"
grep -q Debian /etc/os-release
DEBIAN=$?
TIMEOUT=30
[ -n "$GATEW_DOM" ] || GATEW_DOM="$( proxy_testforge_get_gateway_dom )"
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
DNS_HOST1="208.67.220.220"
DNS_HOST2="8.8.8.8"ggggg
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
HTTP_TARGET=www.whatismypublicip.com
# time.nist.gov 132.163.97.3
NTP_HOST1=132.163.97.3
# pool.ntp.org 78.46.53.2
NTP_HOST2=78.46.53.2
# --no-check-certificate
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
CURL="curl -o /dev/null $CURL_ARGS"
SCURL="/usr/local/bin/scurl.bash --output /dev/null"
NSL='nslookup -querytype=A -debug'
NETS='netstat -nl4e'
ALL=""
[ -z "$USER" ] && USER=$(id -un )
[ $USER = root ] && DMESG_LINES=1 || DMESG_LINES=0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
# fixme - required
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw`
# fixme - required
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
MODE=$( proxy_ping_mode )
USAGE="$prog without arguments tests the current MODE=$MODE,
or 0 to list the tests by number,
or one or more of the groups:
"
DNS_HOST=$SOCKS_HOST
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
## proxy_test_netstat_dns
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
$NETS | grep -q ":53"
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" dns not running
[ -z "$ALL" ] && exit $ARG$retval || return 1
}
## proxy_test_traceroute_icmp_gw
proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || return 1
traceroute --icmp $PROXY_WLAN_GW
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
[ -z "$ALL" ] && exit $ARG$retval || return 1
# works
GREP="-i icmp"
return 0
}
## proxy_test_dig_direct
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || return 1
INFO $prog test=$ARG "${tests[$ARG]}" dig @$DNS_HOST1
# works
GREP="53"
return 0
}
## proxy_test_curl_firewall_bin
proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ;
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval \
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER
proxy_iptables_save|tail|grep PTABLES_filter_DROP-o
[ -z "$ALL" ] && exit $ARG$retval || return $retval
}
## proxy_ping_curl
proxy_ping_curl () { DBUG proxy_ping_curl $* ;
local retval
timeout -k $TIMEOUT $TIMEOUT $CURL "$@"
retval=$?
# "DEBUG: wierd failure curl: (35) Encountered end of file"
[ $retval -eq 0 -o $retval -eq 35 ] && return 0
return $retval
}
## proxy_ping_make_help
proxy_ping_make_help () {
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
> /tmp/proxy_ping_test.hlp
return 0
}
## proxy_ping_test_virbr
proxy_ping_test_virbr () {
local n=$1
[ -z "$n" ] && n=1
[ -z "$CONN" ] || proxy_whonix_get_conn
[ "$CONN" = guest ] && return 0
[ -e /proc/sys/net/ipv4/conf/virbr$n ] || return 0
proxy_ifconfig virbr$n >/dev/null && return 0
return 0
}
## proxy_ping_broken
proxy_ping_broken () { DBUG proxy_ping_broken PROXY_WLAN=$PROXY_WLAN $* ;
# 0 is true
local a=$MODE
if [ "$a" = vda -o "$a" = ws ]; then
# grep 10.152.152.10 /etc/resolv.conf &&
PING_BROKEN=0
return 0
elif [ "$a" = gateway ]; then
PING_BROKEN=0
return 0
elif [ -z "$PROXY_WLAN_GW" ] ; then
PING_BROKEN=0
return 0
fi
[ -n "$PING_BROKEN" ] && return $PING_BROKEN
DBUG $prog proxy_ping_mode=$a PROXY_WLAN=$PROXY_WLAN PROXY_WLAN_GW=$PROXY_WLAN_GW
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $PROXY_WLAN_GW # 10.16.238.1
if [ $? -ne 0 ] ; then
PING_BROKEN=0
else
PING_BROKEN=1
fi
return $PING_BROKEN
}
## proxy_do_ping
proxy_do_ping () { DBUG proxy_do_ping $* ;
proxy_route_check || { ERROR $prog route not connected ; return 1$? ; }
proxy_ping_broken && return 0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_get_if` || {
ERROR $prog unable to get wlan $? ; return 2 ;
}
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
if [ $retval -eq 1 ] ; then
# false negatives
sleep 4
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
fi
[ $retval -lt 1 ] || {
ERROR $prog do_ping $PROXY_WLAN retval=$retval
rm /tmp/P$$.log
PING_BROKEN=0
return 3$retval
}
grep -q ' 0% ' /tmp/P$$.log || \
{ ERROR $prog retval=$? test=$1 ping retval=$retval ; rm /tmp/P$$.log ; return 4 ; }
PING=1
grep 'packet\|bytes from' /tmp/P$$.log
rm /tmp/P$$.log
return 0
}
proxy_run_as_root () { DBUG proxy_run_as_root $* ;
[ $( id -u ) -eq 0 ] && return 0
ERROR must be root
[ -z "$ALL" ] && exit 9
return 1
}
## proxy_test_pretests
proxy_test_pretests () {
if [ "$1" = panic ] ; then
: dont ping on panic
proxy_ping_broken || proxy_do_ping || \
{ WARN ping failed for panic so skipping ; exit 0 ; }
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_ping_broken || proxy_do_ping || exit 3$?
proxy_ping_test_resolv $MODE ||\
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
elif [ "$1" = nat ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
else
proxy_do_ping || exit 4$?
proxy_ping_test_resolv $MODE || \
{ WARN "$prog proxy_ping_test_resolv=$? /etc/resolv.conf.$dire" MODE=$MODE
exit 4 ; }
fi
return 0
}
## proxy_test_help_args
proxy_test_help_args () {
declare -a ret=()
ret=( $(grep " -.* $1 " /tmp/proxy_ping_test.hlp | \
sed -e 's/.=.*//' -e 's/.*tests.//') )
echo "${ret[@]}"
return 0
}
ALL=0
## proxy_ping_test_set_args
proxy_ping_test_set_args () {
local args="$@"
local val="$@"
declare -a aret=()
rm -f /tmp/proxy_ping_test.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
aret=( 6 13 16 ) && \
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
## vda - through the Gateway with the firewall - also polipo,panic - uses env
[ "$1" = vda ] &&
aret=( 35 3 20 ) #
## tor - tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
[ "$1" = tor ] &&
aret=( 21 30 20 4 5 36 3 )
## kick - open firewall with tor running - call dns,polipo +tor in addition
[ "$1" = kick -o "$1" = host ] &&
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
## gateway - on the Gateway, trans firewall with tor running - call dns in addition
[ "$1" = gateway ] &&
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
# aliases
[ "$1" = "$SOCKS_PORT" ] && set -- socks
[ "$1" = "$HTTP_PORT" ] && set -- http
[ "$1" = "$HTTPS_PORT" ] && set -- https
[ "$1" = "53" ] && set -- dns
[ "$1" = "9053" ] && set -- tordns
[ "$1" = scan ] && set -- iwlist
[ "$1" = panic ] && set -- firewall
[ "$1" = tor ] && set -- torhost
[ "$1" = to_gateway ] && set -- whonix
[ "$1" = from_tor ] && set -- whonix
[ "$1" = from_gateway ] && set -- gateway
[ "$1" = traceroute ] && set -- = trace
[ "$1" = connected ] && set -- wifi
[ "$1" = clear ] && set -- direct
# scenarios - modes: nat selektor
## nat - through the Gateway via the nat
[ "$1" = nat ] && \
set -- ping dns socks http https tordns firefail libvirtguest
# wifi?
[ "$1" = whonix ] && \
set -- ping tordns dns socks http https torhost tordns firefail gw
[ "$1" = tor ] && \
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
[ "$1" = selektor ] && \
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
[ "$1" = direct -o "$1" = '' ] && \
set -- ping dns trace nmap gw
## all - all tests not stopping on the first error
[ "$1" = all ] && ALL=1
# aret="${#tests[@]}"
## gw - test if we are connected to the gateway
## torhost - running tor with the firewall
## env - from the cmdline with a properly setup env
## firefail - test the proxy without env vars to expect failure
## http - assumes torhost or whonix and env setup
## https - assumes torhost or whonix and env setup
## socks - assumes torhost or whonix and env setup
## ping - connected routed test the ping to DNS hosts
## ntp - ntpdate through the firewall
## nmap - nmap sgid through the firewall - does not assume env
## iwlist - wlan scan
## firewall - test that the firewall blocks
## virbr1 - assumes tor or whonix
## gateway - ssh to the whonix gateway
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
## wifi - test if we are connected - call scan in addition
## libvirthost - hosting a libvirt container
## libvirtguest - in a libvirt container
## tordns - test 9053 for dns using tor-resolve
## dns - dns using tor or the gateway, with the firewall - does not assume env
## whonix - whonix to the Gateway with the firewall - also panic - not assume env
## whonix - whonix gateway host side client setup with the firewall was from_to## direct - assume no firewall and no proxy - but may work depend on env
r
for elt in "$@" ; do
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
"$elt" = libvirthost -o "$elt" = libvirtguest -o "$elt" = virbr1 -o \
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
] ; then
aret+=( `proxy_test_help_args $elt` )
else
WARN unrecognized: $elt >&2
fi
done
DBUG "${aret[@]}" >&2
echo "${aret[@]}"
return 0
}
# -I $PROXY_WLAN -c 1 $DNS_HOST2
if [ "$#" = 0 ] ; then
# default to mode
set -- $MODE
fi
if [ $1 = '-h' -o $1 = '--help' ] ; then
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
exit 0
elif [ "$1" = 0 ] ; then
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
echo 0 help /tmp/proxy_ping_test.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
. /tmp/proxy_ping_test.hlp
for elt in "${!tests[@]}" ; do
echo $elt "${tests[$elt]}"
done
exit 0
elif [[ $1 =~ ^[0-9] ]] ; then
: passthrough
else
set -- `proxy_ping_test_set_args "$@"`
DBUG running tests numbered "$@"
fi
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_test_pretests "$1"
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
if [ $( id -u ) -eq 0 ] ; then
proxy_ping_chattr
fi
DBUG $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE $*
# $( sysctl net.ipv4.ping_group_range )
# proxy_iptables_save|grep 216
while [ "$#" -gt 0 ] ; do
# DBUG $prog $1
ARG=$1 ; shift
GREP=""
if [ -z "$ARG" ] ; then
continue
elif ! [ "$ARG" -ge 0 ] ; then
ERROR $prog called with an unrecognized argument $ARG from $0
exit 9
elif [ $ARG -le 0 ] ; then
# do the ping and resov.conf
true
elif [ $ARG -eq 1 ] ; then
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
[ -n "$https_proxy" ] && LARGS="" || \
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
$LARGS $WGET https://$HTTP_TARGET
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}"
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval test=$ARG
[ -z "$ALL" ] && continue
fi
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 2 ] ; then
[ -n "$https_proxy" ] && LARGS="--proxy $https_proxy" || \
LARGS="--proxy https://${HTTPS_HOST}:${HTTPS_PORT}"
tests[2]="curl_https_as_user curl $LARGS https://$HTTP_TARGET - https "
proxy_ping_curl $LARGS https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $LARGS https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 3 ] ; then
tests[3]="curl_socks_virbr1_as_user $SOCKS_HOST $SOCKS_PORT - torhost "
# proxy_dest_port_wlan_config || { ERROR DEST=$DEST ; continue ; }
# curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision
[ $DEBIAN -eq 0 ] && continue
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
retval=$?
ERROR ssh -o ForwardX11=no user@10.0.2.15 netstat
[ -z "$ALL" ] && exit $ARG$retval || continue ;
}
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy \
--interface virbr1 n--dns-interface virbr1 https://$HTTP_TARGET >/dev/null || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl -x $socks_proxy --interface virbr1 --dns-interface virbr1 https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
else
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${SOCKS_HOST} $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue ; }
fi
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 4 ] ; then
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com - tordns "
[ $HAVE_DIG = 1 ] || continue
if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
fi
dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 5 ] ; then
tests[5]="nslookup_socks_as_user - tordns "
[ $HAVE_NSLOOKUP = 1 ] || continue
desc="$NSL -port=$SOCKS_DNS www.whatismypublicip.com ${DNS_HOST}"
$desc >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 6 ] ; then
proxy=`proxy_ping_get_https`
desc="curl --proxy http://${proxy}"
tests[6]="curl_https_as_user - https "
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 7 ] ; then
tests[8]="traceroute_icmp_dns_as_root --icmp - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -m $THOPS || { \
retval=$?
ERROR $retval traceroute --icmp -m $THOPS
[ -z "$ALL" ] && exit 7$retval
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 8 ] ; then
tests[8]="traceroute_tcp_dns_as_root -i $PROXY_WLAN -p 53 -T4 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN -p 53 -T4 $DNS_TARGET -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -T4 -p 53 -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 9 ] ; then
tests[9]="traceroute_icmp_dns_as_user -p 53 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -p 53 -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -i $PROXY_WLAN --icmp -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 10 ] ; then
tests[10]="wget_http_as_user $HTTP_PORT - http "
proxy=`proxy_ping_get_http`
env http_proxy=http://${proxy} \
$WGET -S http://$HTTP_TARGET 2>/dev/null
retval=$?
# 8 is an oddball
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget $HTTP_PORT
else
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval wget $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
GREP="$HTTP_PORT"
elif [ $ARG -eq 11 ] ; then
tests[11]="curl_https_as_user - https "
proxy=`proxy_ping_get_https`
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="$HTTP_PORT"
elif [ $ARG -eq 12 ] ; then
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
[ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220"
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 13 ] ; then
tests[13]="curl_firewall_bin - wifi "
[ $USER = root ] || continue
proxy_test_curl_firewall_bin || continue
INFO $prog test=$ARG "${tests[$ARG]}" curl bin
# works
GREP="443"
elif [ $ARG -eq 14 ] ; then
tests[14]="traceroute_icmp_gw_as_root --icmp $PROXY_WLAN_GW - gw wifi "
[ $USER = root ] || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
proxy_test_traceroute_icmp_gw || continue
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 15 ] ; then
tests[15]="test_dig_direct - direct "
[ $HAVE_DIG = 1 ] || continue
proxy_test_dig_direct || continue
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
elif [ $ARG -eq 16 ] ; then
tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost "
[ $USER = root ] || continue
[ $HAVE_NSLOOKUP = 1 ] || continue
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works /fails but maybe a noop
GREP="53"
elif [ $ARG -eq 17 ] ; then
tests[17]="ntpdate_as_root ntpdate without service - ntp "
proxy_run_as_root || exit 9
[ -x /usr/sbin/ntpdate ] || continue
# Curious: even though sgid 2755 ntp it fails as su ntp
# 12 Nov 23:28:35 ntpdate[17341]: bind() fails: Permission denied
/usr/sbin/ntpdate "$NTP_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="123"
elif [ $ARG -eq 18 ] ; then
tests[18]="ntpdate_as_root ntpdate with servie - ntp "
proxy_run_as_root || exit 9
proxy_rc_service ntpd status >/dev/null && \
proxy_rc_service ntpd stop >/dev/null && sleep 2
/usr/sbin/ntpdate $NTP_HOST1 || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
proxy_rc_service ntpd status >/dev/null || proxy_rc_service ntpd start
GREP="123"
elif [ $ARG -eq 19 ] ; then
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \
http://$HTTP_TARGET >/dev/null && {
retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=80
elif [ $ARG -eq 20 ] ; then
tests[20]="curl_socksproxy_as_user curl $SOCKS_PORT - socks "
# needs dns
[ $DEBIAN -eq 0 ] && continue
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 21 ] ; then
tests[21]="curl_httpsproxy_as_user - https "
[ -z "$https_proxy" ] && https_proxy=http://${HTTPS_PROXY_HOST}:${HTTPS_PORT}
proxy_ping_curl -x $https_proxy https://$HTTP_TARGET >/dev/null || { \
if [ "$MODE" = gateway ] ; then
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} ${HTTPS_PORT}
continue
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} HTTPS_PORT=${HTTPS_PORT}
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
}
INFO $prog test=$ARG "${tests[$ARG]}" curl ${HTTPS_HOST} ${HTTPS_PORT}
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 22 ] ; then
tests[22]="iwlist_scan_as_user iwlist $PROXY_WLAN scan - iwlist "
[ $USER = root ] || continue
which iwlist 2>/dev/null || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
iwlist $PROXY_WLAN scan >/dev/null || {
ERROR $prog retval=$? test=$ARG $PROXY_WLAN scan
[ -z "$ALL" ] && exit $ARG$1 || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
elif [ $ARG -eq 23 ] ; then
tests[23]="curl_proxy_as_user - direct "
proxy_ping_curl --insecure https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl direct
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 24 ] ; then
tests[24]="dig_direct_or_dnsmasq dig -b $IP www.whatismypublicip.com - direct "
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
[ -n "$IP" ] || continue
dig -b $IP www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" dig -b $IP
elif [ $ARG -eq 25 ] ; then
tests[25]="nslookup_as_user - direct "
[ $HAVE_NSLOOKUP = 1 ] || continue
# noenv with or without proxy
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
$NSL >/dev/null www.whatismypublicip.com || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup www.whatismypublicip.com
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
elif [ $ARG -eq 26 ] ; then
tests[26]="route_connected_ping_scan - direct "
[ $HAVE_DIG = 1 ] || continue
#? proxy_test_pretests
proxy_do_ping && \
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
elif [ $ARG -eq 27 ] ; then
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
dig -b 127.0.0.1 www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 28 ] ; then
tests[28]="wget_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
$WGET -S https://$HTTP_TARGET 2>/dev/null
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval wget
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
elif [ $ARG -eq 29 ] ; then
tests[29]="curl_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
proxy_ping_curl https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 30 ] ; then
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
[ $MODE = tor -o $MODE = selektor ] || {
ERROR $prog MODE != tor test=$ARG
[ -z "$ALL" ] && exit $ARG$retval || continue
}
port=$SOCKS_PORT
$NETS | grep -q :$port || {
ERROR $prog retval=$? test=$ARG tor not running on $port
[ -z "$ALL" ] && exit $ARG || continue
}
[ $USER = root ] || continue
# was /usr/local/bin/tor_bootstrap_check.bash
[ -f /usr/local/src/helper-scripts/tor_bootstrap_check.py ] || return 1
python3.sh /usr/local/src/helper-scripts/tor_bootstrap_check.py
# morons 100%
retval=$?
[ $retval -eq 0 -o $retval -eq 100 ] || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor_bootstrap_check
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 31 ] ; then
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval polipo http pages $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 32 ] ; then
tests[32]="ping_nmap_direct_as_root nmap 53 - direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
[ -n "$PROXY_WLAN" -a -n "$PROXY_WLAN_GW" ] || proxy_ping_get_wlan_gw || continue
proxy_ping_nmap_direct $DNS_HOST1 "$PROXY_WLAN_GW" U:67 || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmapd 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 33 ] ; then
tests[33]="host_virbr_as_user proxy_ping_test_virbr 1 - libvirthost "
proxy_ping_test_virbr 1 || {
retval=$?
ERROR $CONN virbr1 not running
[ -z "$ALL" ] && exit 1 || continue
}
# * Immediate connect fail for 10.0.2.15: Connection refused
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 34 ] ; then
tests[34]="python_ping_as_root traceroute --icmp $PROXY_WLAN_GW - wifi "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN_GW" -a -n "$IP" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || continue
[ -f /usr/local/bin/ping2.py ] || continue
/usr/local/bin/ping2.py $IP $DNS_HOST1 $PROXY_WLAN_GW || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ping2.py $DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || continue
}
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 35 ] ; then
tests[35]="dig_as_root - firewall dig @$DNS_HOST1 - torhost dns "
[ $USER = root ] || continue
[ $HAVE_DIG = 1 ] || continue
# @$DNS_HOST1
su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 36 ] ; then
tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns "
[ $HAVE_TOR_RESOLVE = 1 ] || continue
tor-resolve pool.ntp.org >/dev/null || { \
retval=$?
# dunno Failed parsing SOCKS5 response conf?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org
continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="9053"
elif [ $ARG -eq 37 ] ; then
tests[37]="qemu-guest-agent and ports - libvirtguest "
ser=qemu-guest-agent
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
proxy_rc_service $ser status >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval $ser status
[ -z "$ALL" ] && exit $ARG$retval || continue
}
[ -d /dev/virtio-ports ] || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval /dev/virtio-ports
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=""
elif [ $ARG -eq 38 ] ; then
tests[38]="qemu-guest-agent and ports - libvirthost whonix "
[ $USER = root ] || continue
$PL proxy_libvirt_list
aret=$?
if [ $aret -eq 10 ] ;then
WARN proxy_libvirt_status hung
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
DBUG proxy_libvirt_status aret=$aret
else
$PL proxy_libvirt_list | grep -q "$GATEW_DOM" || {
ERROR MODE=$MODE and $GATEW_DOM not running ;
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
fi
elif false ; then
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
$NETS | grep -q :53 || {
ERROR $prog retval=$? test=$ARG local resolv.conf but :53 not running
[ -z "$ALL" ] && exit 1 || continue
}
fi
fi
[ -n "$GREP" ] && [ $DMESG_LINES -gt 0 ] && \
DBUG `dmesg|tail|grep $GREP|tail -$DMESG_LINES`
done
exit 0
1)
env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate
2)
curl $D -k --proxy
3)
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
5)
nslookup -port=$SOCKS_DNS www.whatismypublicip.com ${SOCKS_HOST} \
6)
curl -k --proxy $HTTP_PORT
16)
nslookup $PRIV_BIN_OWNER
18)
ntpdate as sroot
19)
curl raw noproxy
0)
usage

20100
overlay/Linux/usr/local/bin/proxy_testssl_lib.bash Executable file
View File

File diff suppressed because it is too large Load Diff

60
overlay/Linux/usr/local/bin/python.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
[ -z "$PYVER" ] && PYVER=3
export PYVER
#[ -f /usr/local/bin/usr_local_tput.bash ] && \
# . /usr/local/bin/usr_local_tput.bash
ROLE=base
declare -a RARGS
RARGS=("$@")
[ -f /usr/local/bin/pyver.sh ] && . /usr/local/bin/pyver.sh || {
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR >&2 ; exit 1
fi
}
if [ -z "$PYTHONPATH" ] ; then
# sic - failsafe
export PYTHONPATH=/usr/lib/python$PYTHON_MINOR/site-packages
fi
if [ -d /usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding ] ; then
if [ -z "$LD_LIBRARY_PATH" ] ; then
export LD_LIBRARY_PATH=/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
else
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
fi
fi
# do I want $HOME/.local on the path? - no
# do I want local/lib/.../dist-packages on the path? - no is already is
# on Debian ~/.local/lib/python*/site-packages is already on the path
for elt in usr/local ; do
[ -d /$elt ] || continue
[ -d /$elt/bin ] && [[ ! $PATH =~ /$elt/bin ]] && \
export PATH=$PATH:/$elt/bin
[ -e /$elt/$LIB ] || continue
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/$elt/$LIB
[ -d /$elt/$LIB/python$PYTHON_MINOR/site-packages ] || \
mkdir /$elt/$LIB/python$PYTHON_MINOR/site-packages
[ ! -f /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py ] && \
touch /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py
[[ ! $PYTHONPATH =~ /$elt/$LIB/python$PYTHON_MINOR/site-packages ]] && \
export PYTHONPATH=$PYTHONPATH:/$elt/$LIB/python$PYTHON_MINOR/site-packages
done
# echo INFO exec /usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"
/usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"

5
overlay/Linux/usr/local/bin/python2.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=bash
export PYVER=2
exec /usr/local/bin/python.sh "$@"

5
overlay/Linux/usr/local/bin/python3.sh Executable file
View File

@ -0,0 +1,5 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=bash
export PYVER=3
/usr/local/bin/python.sh "$@"

117
overlay/Linux/usr/local/bin/pyver.sh Executable file
View File

@ -0,0 +1,117 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
DBUG() { echo DEBUG $* >&2 ; }
INFO() { echo INFO $* >&2 ; }
WARN() { echo WARN $* >&2 ; }
ERROR() { echo ERROR $* >&2 ; }
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
[ -z "$PYVER" ] && PYVER=3 # echo ERROR define PYVER >&2 && exit 1
[ -z "$USER" ] && USER=$( id -un )
ini_file=/usr/local/etc/testforge/testforge.bash
if [ ! -f $ini_file ] ; then
# bootstrap
[ -d /usr/local/etc/testforge ] || mkdir -p /usr/local/etc/testforge
[ -x /usr/bin/python$PYVER ] && \
echo export BASE_PYTHON${PYVER}_MINOR=`/usr/bin/python$PYVER --version|sed -e 's/.* //' -e 's/\.[0-9]*$//'` >> $ini_file
else
. $ini_file >/dev/null
fi
set -- -x
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
exit 1
fi
if [ "$USER" = root ] ; then
[ -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py ] && \
mv /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py.bak && \
rm -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.pyc
fi
if [ ! -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] ; then
if [ "$USER" = root ] ; then
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
chgrp adm /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
chmod 775 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
else
ERROR Install error missing /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
exit 2
fi
fi
[ -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] || \
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
[ -f /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ] || \
cat > /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py << EOF
# -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
from __future__ import print_function
import codecs
codecs._codecs_lookup = codecs.lookup
def lookup(s):
if s.endswith('-unix'):
s = s[:-5]
elif s.endswith('-dos'):
s = s[:-4]
return codecs._codecs_lookup(s)
codecs.lookup = lookup
import os,sys
pyver = sys.version[:3]
notver = "3" if sys.version[:1] == '2' else '2'
for elt in sys.path:
if elt.find('python' + notver) < 0: continue
p = os.environ.get('PYTHONPATH', '')
sys.stderr.write('WARN: sitecustomize.py PYTHONPATH=' +p +' sys.path=' +repr(sys.path) +'\n')
sys.stderr.write('"python' + notver +' in sys.path for ' +sys.executable +"\n")
raise RuntimeError('"python' + notver +' in sys.path for ' +sys.executable)
dir=None
for elt in ['var', 'usr']:
if 'LD_LIBRARY_PATH' not in os.environ or 'PYTHONPATH' not in os.environ:
continue
dir = '/' + elt + '/local/bin'
if dir not in os.environ['PATH'].split(os.pathsep):
continue
dir = '/' + elt + "/local/$LIB"
if dir not in os.environ['LD_LIBRARY_PATH'].split(os.pathsep):
continue
dir = '/' + elt + "/local/$LIB/python" + pyver + '/site-packages'
# the bash wrapper will have put this on
if dir in os.environ['PYTHONPATH'].split(os.pathsep):
# print(repr(sys.path))
if dir not in sys.path:
sys.path.insert(0, dir)
bin = '/' + elt + '/local/bin/python' + pyver[0]
if elt == 'var':
bin += '.bash'
else:
bin += '.sh'
if os.path.isfile(bin):
# print(sys.executable + '=' + bin)
sys.executable = bin
# var takes precedence
break
if __name__ == '__main__':
print(sys.executable)
del os, sys, dir, elt, pyver
EOF

36
overlay/Linux/usr/local/bin/testforge_get_inventory.bash Executable file
View File

@ -0,0 +1,36 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# on stdout - messages on stderr
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
base=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
name=`hostname`
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
base=$name
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
#!? export
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
fi
rm -f /tmp/${AnsI}$$.json
fi
exit 0

39
overlay/Linux/usr/local/bin/testforge_local_bin.bash Executable file
View File

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
. /usr/local/bin/usr_local_base.bash || exit 2
umask 0022
[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
[ -f $inidir ] || mkdir -p $inidir
if [ -f $inidir ] ; then
inifile=$inidir
else
inifile=$inidir/testforge.ini
fi
# echo -n "DEBUG: $prog "; ls -l $inifile
[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; }
[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; }
bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' )
if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then
INFO "$inifile > $bashfile"
/usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3
echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile
echo -n "DEBUG: $prog bashfile"; ls -l $bashfile
fi
ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' )
if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then
INFO "$inifile > $ymlfile"
/usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4
echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile
fi
. $bashfile || exit $?
exec bash /usr/local/bin/base_sheebang_after_pip.bash

60
overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash Executable file
View File

@ -0,0 +1,60 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

425
overlay/Linux/usr/local/bin/toxcore_create-vm.bash Executable file
View File

@ -0,0 +1,425 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
export PATH=$PATH:$PREFIX/bin
have_genisoimage=true
# create-vm - Quickly create guest VMs using cloud image files and cloud-init.
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# Set BOX_NBD_OVERLAY_DIR environment variable to override default storage location for VMs
HOSTNAME=
IMG_FQN=
AUTH_KEYS_FQN=
RAM=2048
VCPUS=1
STORAGE=20
BRIDGE=virbr1
MAC='52:54:00:1d:9c:6f'
VERBOSE=
PASS=
OSINFO=gentoo
password=ansible
OUTDIR=${BOX_NBD_OVERLAY_DIRs:-"${HOME}/vms/virsh"}
usage()
{
cat << EOF
usage: $0 options
Quickly create guest VMs using cloud image files and cloud-init.
OPTIONS:
-h Show this message
-n Host name (required)
-i Full path and name of the base .img file to use (required)
-k Full path and name of the ansible user's public key file (required)
-d Output directory for the overlay qcow2 and related files
-r RAM in MB (defaults to ${RAM})
-c Number of VCPUs (defaults to ${VCPUS})
-s Amount of storage to allocate in GB (defaults to ${STORAGE})
-b Bridge interface to use (defaults to ${BRIDGE})
-m MAC address to use (default is to use a randomly-generated MAC)
-o OSINFO name like win11, win10, fedora32, gentoo, ububtu20
-p ansible users plaintext password
-v Verbose
EOF
}
while getopts "h:n:i:k:r:c:s:b:m:o:p:d:v" option; do
case "${option}"
in
h)
usage
exit 0
;;
n) HOSTNAME=${OPTARG};;
i) IMG_FQN=${OPTARG};;
k) AUTH_KEYS_FQN=${OPTARG};;
r) RAM=${OPTARG};;
c) VCPUS=${OPTARG};;
s) STORAGE=${OPTARG};;
b) BRIDGE=${OPTARG};;
m) MAC=${OPTARG};;
p) PASS=${OPTARG};;
o) password=${OPTARG};;
d) OUTDIR=${OPTARG};
BOX_NBD_OVERLAY_DIR=${OUTDIR};;
v) VERBOSE=1;;
*)
ERROR unhandled option "${option}" ${OPTARG}
usage
exit 1
;;
esac
done
if [[ -z $HOSTNAME ]]; then
ERROR "Host name is required"
usage
exit 1
fi
if [[ -z $IMG_FQN ]]; then
ERROR "Base cloud image file name is required"
usage
exit 1
fi
if [[ -z $BOX_NBD_OVERLAY_DIR ]]; then
ERROR "Output image directory is required BOX_NBD_OVERLAY_DIR"
usage
exit 1
fi
if [[ -z $AUTH_KEYS_FQN ]]; then
ERROR "ansible public key file $AUTH_KEYS_FQN not found"
usage
exit 1
fi
if ! [[ -f $IMG_FQN ]]; then
ERROR "$IMG_FQN file not found"
usage
exit 1
fi
if [[ -n $VERBOSE ]]; then
INFO "Building ${HOSTNAME} in $BOX_NBD_OVERLAY_DIR"
set -xv
fi
mkdir -p "$BOX_NBD_OVERLAY_DIR"/{images,xml,init,base} || exit 2
echo "Creating a qcow2 image file ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img that uses the cloud image file ${IMG_FQN} as its base"
INFO qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G"
qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" || \
exit 3
echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data"
cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data" << EOF
instance-id: ${HOSTNAME}
local-hostname: ${HOSTNAME}
EOF
# echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data.json"
# cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data.json" << EOF
cat > /dev/null << EOF
{
"admin_pass": "root",
"availability_zone": "nova",
"hostname": "test.novalocal",
"launch_index": 0,
"name": "gentoo6",
"meta": {
"role": "webservers",
"essential": "false"
},
"public_keys": {
"mykey": " ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
},
"uuid": "83679162-1378-4288-a2d4-70e13ec132aa"
}
EOF
# password=`openssl passwd -1 -stdin <<< $password`
echo "Creating user-data file $BOX_NBD_OVERLAY_DIR/init/user-data"
# https://techglimpse.com/nova-boot-instance-with-password/
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << EOF
#cloud-config
# password: ansible
# chpasswd: { expire: False }
ssh_pwauth: true
runcmd:
- "rc-update add qemu-guest-agent"
- "chmod 755 /etc/init.d/qemu-guest-agent"
- "/etc/init.d/qemu-guest-agent start"
- "echo /etc/init.d/qemu-guest-agent start >> /etc/rc.local"
users:
- default
- name: ansible
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
groups:
- wheel
- adm
shell: /bin/bash
plain_text_password: "$password"
chpasswd: { expire: False }
homedir: /home/ansible
ssh_pwauth: true
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
EOF
echo "Adding keys from the public key file $AUTH_KEYS_FQN to the user-data file"
while IFS= read -r key; do
echo " - $key" >> "$BOX_NBD_OVERLAY_DIR/init/user-data"
done < <(grep -v '^ *#' < "$AUTH_KEYS_FQN")
VM_IMAGE_DIR="$BOX_NBD_OVERLAY_DIR"
#old . /usr/local/bin/toxcore_create-ga.sh || exit 4
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << \EOF
#!/bin/bash
# typically only executes on first boot
echo "############# user_data executing ##############"
#grep gentoo /etc/shadow
sed -e 's/#-:ALL:ALL/+:gentoo:ALL/' -i /etc/security/access.conf
PW=`echo $PASS | openssl passwd -1 --stdin `
grep -q ^gentoo /etc/passwd || \
useradd --gid 4 --uid 1000 --home-dir /home/gentoo \
--comment Gentoo --password "$PW" \
-G adm,wheel --shell /bin/bash gentoo
usermod --password "$PW" -G adm,wheel gentoo
# root
usermod --password '$1$1Ho4y/W8$5VymfKWWAhLxwkkPZiWTZ1' root
# unlock account
passwd -u gentoo
passwd -u root
sed -e 's/# %wheel /%wheel /' -i /etc/sudoers
sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc//ssh/sshd_config
sed -e 's/PermitRootLogin.*/PermitRootLogin yes/' -i /etc//ssh/sshd_config
grep net.ipv4.ip_forward=1 /etc/sysctl.conf || \
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
cd /etc/init.d
[ -e net.eth0 ] || ln -s net.lo net.eth0
for elt in i o linuxPen19 ; do
grep -q $elt /etc/fstab && continue
echo "$elt /mnt/$elt virtiofs defaults 0 0" >> /etc/fstab
done
#grep gentoo /etc/shadow
EOF
echo "Generating the cidata ISO file $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.iso"
(
cd "$BOX_NBD_OVERLAY_DIR/init/"
genisoimage \
-output "$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img" \
-volid cidata \
-rational-rock \
-joliet \
-input-charset utf-8 \
user-data meta-data
) || exit 5
MACCMD=
if [[ -n $MAC ]]; then
MACCMD="--mac=${MAC}"
fi
[ -f ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img ] || exit 5
[ -f $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img ] || exit 6
# libvirt.libvirtError: /usr/lib/qemu/qemu-bridge-helper --use-vnet --br=-c --fd=31: failed to communicate with bridge helper: stderr=failed to parse default acl file `/etc/qemu/bridge.conf'
if [ ! -f "/etc/qemu/bridge.conf" ] ; then
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
elif ! grep $BRIDGE "/etc/qemu/bridge.conf" ; then
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
fi
if [ $BRIDGE = virbr0 ] ; then
network=default
# 192.168.122.248/24
elif [ $BRIDGE = virbr1 ] ; then
network=Whonix-External
else
WARN unrecognized $BRIDGE
fi
if [ "$network" != '' ] ; then
virsh net-list | grep -q $network || \
virsh net-start $network
else
network=default
fi
file=/etc/libvirt/qemu/networks/$network.xml
if [ ! -f $file ] ; then
WARN no network file $file
elif ! grep '<range ' $file ; then
WARN no 'DHCP <range> in network file' $file
fi
declare -a LARGS
LARGS=(
--name="${HOSTNAME}" \
--osinfo "$OSINFO" \
--import \
--disk "path=${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img,format=qcow2" \
--disk "path=$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" \
--ram="${RAM}" \
--vcpus="${VCPUS}" \
--autostart \
--hvm \
--arch x86_64 \
--accelerate \
--check-cpu \
--force \
--watchdog=default \
--channel type=spicevmc,target.type=virtio,target.name=com.redhat.spice.0 \
--channel type=unix,target.type=virtio,target.name=org.qemu.guest_agent.0 \
--rng /dev/urandom \
--os-variant detect=on,name=$OSINFO \
--noautoconsole \
)
# not type=qemu-vdagent
NETWORK="--network network=$network,model=virtio"
if [ -n "$NETWORK" ] ; then
LARGS+=(
$NETWORK \
)
fi
LARGS+=(
# --graphics spice,listen=socket \
--boot init=/sbin/init
--console pty
--video vga
--memorybacking source.type=memfd,access.mode=shared
--filesystem /,/mnt/linuxPen19 \
)
INFO virt-install "${LARGS[@]}"
# squelch warnings
python3.sh `which virt-install` "${LARGS[@]}" || exit 7
# --debug
#? --shmem name=shmem_server,type="memfd",mode="shared"
# --shmem name=shmem0 ivshmem device is not supported with this QEMU binary
# was --graphics vnc,listen=0.0.0.0
# --osinfo "$OSINFO" \
# Make a backup of the VM's XML definition file
virsh dumpxml "${HOSTNAME}" > "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" || exit 8
INFO wrote xml `ls -l ${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml`
if [ -n "$VERBOSE" ]; then
set +xv
fi
# problems: type=qemu-vdagent unix unix=on
# problems: type="spicevmc
# ERROR Unknown --channel options: ['unix']
cp "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" \
"${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml".new
cat > /tmp/ga.works <<EOF
<channel type="unix">
<source mode="bind" path="/var/lib/libvirt/qemu/channel/target/domain-25-gentoo1/org.qemu.guest_agent.0"/>
<target type="virtio" name="org.qemu.guest_agent.0" state="connected"/>
<address type="virtio-serial" controller="0" bus="0" port="2"/>
</channel>
EOF
cat > /tmp/sp.works <<EOF
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0" state="disconnected"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
EOF
# Show running VMs
virsh list | grep "${HOSTNAME}" && INFO "${HOSTNAME}" || {
ERROR "${HOSTNAME}" ; exit 9$? ; }
# use the following passwordless demonstration key for testing or
# replace with your own key pair
#
# -----BEGIN OPENSSH PRIVATE KEY-----
# b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
# NhAAAAAwEAAQAAAYEA0QiQkNVA/ULJVg0sOT8LL22tFrH9aTuIaMOQbTWmZ9MS2aU6tp6h
# RCbIVJHf8wlhew1soZjaYUPHPlPsHJnTVXINqSNZD8atFWcwX2e3A8IY4Hi7CL0171Ph1U
# bbF4eHORZVF6UY3/8fmt76hUbzbEXdQxPuWakB2zlW57ErZNz2aaWgcjIPgGWTMeejlJNq
# WQoL6QsI+iyIsasLsTSj8ZiX+OUcjrD1F8AsJKvVA+JnuY5LEzz5Ld6HlFsNWUkhfBf9eN
# ZqFrBsUp3eTcQmz1FhqEX2HB3POuRO9JzeFq2ZDO0RSP7OZr0Lbo/HUS+uyVBML3bxAztB
# Ac9tRVf4jq2nF3dqJpU1EivsGK1hrYsEMBIK+K+W4psQysvS/FJWiWfjjYS0z/HnEx2JGl
# NQu+bC1/WWHeWLao4jRrDRfsHVulq160Ilnsqxiu2cGwO5WoEsSGu8nqpyg43ZHCb0FwmB
# izPQDASlniWjqcKmfnTrpzAy3eVWawwlNpaQkidTAAAFgGKSj8diko/HAAAAB3NzaC1yc2
# EAAAGBANEIkJDVQP1CyVYNLDk/Cy9trRax/Wk7iGjDkG01pmfTEtmlOraeoUQmyFSR3/MJ
# YXsNbKGY2mFDxz5T7ByZ01VyDakjWQ/GrRVnMF9ntwPCGOB4uwi9Ne9T4dVG2xeHhzkWVR
# elGN//H5re+oVG82xF3UMT7lmpAds5VuexK2Tc9mmloHIyD4BlkzHno5STalkKC+kLCPos
# iLGrC7E0o/GYl/jlHI6w9RfALCSr1QPiZ7mOSxM8+S3eh5RbDVlJIXwX/XjWahawbFKd3k
# 3EJs9RYahF9hwdzzrkTvSc3hatmQztEUj+zma9C26Px1EvrslQTC928QM7QQHPbUVX+I6t
# pxd3aiaVNRIr7BitYa2LBDASCvivluKbEMrL0vxSVoln442EtM/x5xMdiRpTULvmwtf1lh
# 3li2qOI0aw0X7B1bpatetCJZ7KsYrtnBsDuVqBLEhrvJ6qcoON2Rwm9BcJgYsz0AwEpZ4l
# o6nCpn5066cwMt3lVmsMJTaWkJInUwAAAAMBAAEAAAGAEuz77Hu9EEZyujLOdTnAW9afRv
# XDOZA6pS7yWEufjw5CSlMLwisR83yww09t1QWyvhRqEyYmvOBecsXgaSUtnYfftWz44apy
# /gQYvMVELGKaJAC/q7vjMpGyrxUPkyLMhckALU2KYgV+/rj/j6pBMeVlchmk3pikYrffUX
# JDY990WVO194Dm0buLRzJvfMKYF2BcfF4TvarjOXWAxSuR8www050oJ8HdKahW7Cm5S0po
# FRnNXFGMnLA62vN00vJW8V7j7vui9ukBbhjRWaJuY5rdG/UYmzAe4wvdIEnpk9xIn6JGCp
# FRYTRn7lTh5+/QlQ6FXRP8Ir1vXZFnhKzl0K8Vqh2sf4M79MsIUGAqGxg9xdhjIa5dmgp8
# N18IEDoNEVKUbKuKe/Z5yf8Z9tmexfH1YttjmXMOojBvUHIjRS5hdI9NxnPGRLY2kjAzcm
# gV9Rv3vtdF/+zalk3fAVLeK8hXK+di/7XTvYpfJ2EZBWiNrTeagfNNGiYydsQy3zjZAAAA
# wBNRak7UrqnIHMZn7pkCTgceb1MfByaFtlNzd+Obah54HYIQj5WdZTBAITReMZNt9S5NAR
# M8sQB8UoZPaVSC3ppILIOfLhs6KYj6RrGdiYwyIhMPJ5kRWF8xGCLUX5CjwH2EOq7XhIWt
# MwEFtd/gF2Du7HUNFPsZGnzJ3e7pDKDnE7w2khZ8CIpTFgD769uBYGAtk45QYTDo5JroVM
# ZPDq08Gb/RhIgJLmIpMwyreVpLLLe8SwoMJJ+rihmnJZxO8gAAAMEA0lhiKezeTshht4xu
# rWc0NxxD84a29gSGfTphDPOrlKSEYbkSXhjqCsAZHd8S8kMr3iF6poOk3IWSvFJ6mbd3ie
# qdRTgXH9Thwk4KgpjUhNsQuYRHBbI59Mo+BxSI1B1qzmJSGdmCBL54wwzZmFKDQPQKPxiL
# n0Mlc7GooiDMjT1tbuW/O1EL5EqTRqwgWPTKhBA6r4PnGF150hZRIMooZkD2zX6b1sGojk
# QpvKkEykTwnKCzF5TXO8+wJ3qbcEo9AAAAwQD+Z0r68c2YMNpsmyj3ZKtZNPSvJNcLmyD/
# lWoNJq3djJN4s2JbK8l5ARUdW3xSFEDI9yx/wpfsXoaqWnygP3PoFw2CM4i0EiJiyvrLFU
# r3JLfDUFRy3EJ24RsqbigmEsgQOzTl3xfzeFPfxFoOhokSvTG88PQji1AYHz5kA7p6Zfaz
# Ok11rJYIe7+e9B0lhku0AFwGyqlWQmS/MhIpnjHIk5tP4heHGSmzKQWJDbTskNWd6aq1G7
# 6HWfDpX4HgoM8AAAALaG9sbWFuYkBhcmM=
# -----END OPENSSH PRIVATE KEY-----
#

61
overlay/Linux/usr/local/bin/toxcore_delete-vm.bash Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
# delete-vm - Delete a virtual machine created with create-vm
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
VM=$1
# Set VM_IMAGE_DIR environment variable to override default storage location for VMs
VM_IMAGE_DIR=${VM_IMAGE_DIR:-"${HOME}/vms/virsh"}
VM_IMAGE="${VM_IMAGE_DIR}/images/$VM.img"
CI_IMAGE="${VM_IMAGE_DIR}/images/$VM-cidata.img"
usage()
{
cat << EOF
usage: $0 vmname
EOF
}
if [[ -z $VM ]]; then
usage
exit 1
fi
if [[ -e $VM_IMAGE ]]; then
# VM exists
virsh destroy "$VM"
virsh undefine "$VM"
rm -fv "$VM_IMAGE" "$CI_IMAGE"
else
echo "Cannot find an VM image file named '$VM_IMAGE'. Attempting undefine..."
virsh undefine "$VM"
fi

55
overlay/Linux/usr/local/bin/toxcore_get-vm-ip.bash Executable file
View File

@ -0,0 +1,55 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/etc/testforge/testforge.bash
[ -n "$HOSTVMS_VAR_LOCAL" ] && PREFIX=$HOSTVMS_VAR_LOCAL
# get-node-ip - Get the IP address of a VM managed by virsh.
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
usage()
{
cat << EOF
usage: $0 hostname
This script will take a virsh-managed VM hostname and return the IP address.
EOF
}
HOSTNAME=$1
if [[ -z $HOSTNAME ]]; then
echo "ERROR: Hostname is required"
usage
exit 1
fi
MAC=$(virsh domiflist $HOSTNAME | awk '{ print $5 }' | tail -2 | head -1)
arp -a | grep $MAC | awk '{ print $2 }' | sed 's/[()]//g'
INFO MAC=$MAC arp=$arp

70
overlay/Linux/usr/local/bin/usr_loc Executable file
View File

@ -0,0 +1,70 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -z "$DEBUG" ] && DEBUG=0
if [ -n "$TERM" ] ; then
# vars that can be used to change font color
blue=$(tput setaf 6)
cyan=$(tput setaf 5)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
red=$(tput setaf 1)
normal=$(tput sgr0) # default color
else
blue=
cyan=
green=
yellow=
red=
normal=
fi
FTAL () {
echo ${red}FATL:${normal} $*
exit $1
}
ftal () { FTAL >&2 "$@" ; }
panic () { FTAL >&2 "$@" ; }
ERROR () {
echo ${red}EROR:${normal} $*
return 0
}
error () { ERROR >&2 $* ; }
WARN () {
echo ${yellow}WARN:${normal} $*
return 0
}
warn () { WARN >&2 $* ; }
USAGE () {
echo ${yellow}USAGE:${normal} $*
return 0
}
usage () { USAGE >&2 $* ; }
INFO () {
echo ${green}INFO:${normal} $*
return 0
}
info () { INFO >&2 $* ; }
DBUG () {
[ -z "$DEBUG" -o "$DEBUG" -eq 0 ] || echo ${blue}DBUG:${normal} $*
return 0
}
dbug () { DBUG >&2 $* ; }
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
usage () {
echo ${yellow}USAGE:${normal} $*
return 0
}
USAGE () { usage $* ; }

36
overlay/Linux/usr/local/bin/usr_local_base.bash Executable file
View File

@ -0,0 +1,36 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
## box_gentoo_emerge
box_gentoo_emerge () {
[ "$#" -lt 1 ] && return 0
local elt
declare -a ARGS
for elt in "$@" ; do
[ -z "$elt" ] && continue
grep -q "^$elt$" /var/lib/portage/world && continue
ls /var/db/pkg/"$elt"-[0-9]* 2>/dev/null >/dev/null && continue
qlist -IsS "$elt" | grep -q "^$elt" && continue
equery l -f "^$elt$" | grep '^.I' && continue
ARGS+=($elt)
done
[ "${#ARGS[@]}" -eq 0 ] && exit 0
INFO "${ARGS[@]}"
/usr/local/sbin/box_gentoo_emerge.bash "${ARGS[@]}" || return $?
return 0
}
base=usr_local_base
# DBUG 0=$0
if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then
[ "$#" -eq 0 ] && exit 0
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'|sort && exit 0
eval "$@"
exit $?
fi

76
overlay/Linux/usr/local/bin/usr_local_tput.bash Executable file
View File

@ -0,0 +1,76 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$TERM" ] && exit 0
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -z "$DEBUG" ] && DEBUG=0
if [ -n "$TERM" ] ; then
# vars that can be used to change font color
blue=$(tput setaf 6)
cyan=$(tput setaf 5)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
red=$(tput setaf 1)
normal=$(tput sgr0) # default color
else
blue=
cyan=
green=
yellow=
red=
normal=
fi
FATL () {
[ $# -eq 1 ] && code=1
[ $# -gt 1 ] && code=$1 && shift
echo ${red}FATL:${normal} $*
exit 1
}
ftal () { FATL >&2 "$@" ; }
panic () { FATL >&2 "$@" ; }
PANIC () { FATL >&2 "$@" ; }
ERROR () {
echo ${red}EROR:${normal} $*
return 0
}
error () { ERROR >&2 $* ; }
WARN () {
echo ${yellow}WARN:${normal} $*
return 0
}
warn () { WARN >&2 $* ; }
USAGE () {
echo ${yellow}USAGE:${normal} $*
return 0
}
usage () { USAGE >&2 $* ; }
INFO () {
echo ${green}INFO:${normal} $*
return 0
}
info () { INFO >&2 $* ; }
DBUG () {
[ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || echo ${blue}DBUG:${normal} $*
return 0
}
dbug () { DBUG >&2 $* ; }
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
usage () {
echo ${yellow}USAGE:${normal} $*
return 0
}
USAGE () { usage $* ; }
ols_are_we_connected () { route | grep -q ^default ; return $? ; }

35
overlay/Linux/usr/local/bin/yaml_to_bash.bash Executable file
View File

@ -0,0 +1,35 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pkuczynski/parse_yaml.sh
prog=$( basename $0 .bash )
ROLE=base
# FixMe: lists should be space delineated not comma
parse_yaml() {
local prefix
local depth
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
[ "$#" -eq 2 ] && prefix=$2 || prefix=""
[ "$#" -gt 2 ] && depth=$3 || depth=""
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {
if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn="";
for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash.bash' -o $( basename -- $0 ) = 'parse_yaml.sh' ] ; then
parse_yaml "$@"
fi

34
overlay/Linux/usr/local/bin/yaml_to_bash2.bash Executable file
View File

@ -0,0 +1,34 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pkuczynski/parse_yaml.sh
prog=$( basename $0 .bash )
ROLE=base
# FixMe: lists should be space delineated not comma
# Read YAML file from Bash script
# Credits: https://gist.github.com/pkuczynski/8665367
# Updated to support single quotes
parse_yaml() {
local prefix
local depth
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
[ "$#" -gt 1 ] && prefix=$2 || prefix=""
[ "$#" -gt 2 ] && depth=$3 || depth=""
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-ne "s|^\($s\)\($w\)$s:$s'\(.*\)'$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash2.bash' -o $( basename -- $0 ) = 'parse_yaml2.sh' ] ; then
parse_yaml "$@"
fi

68
overlay/Linux/usr/local/bin/yaml_to_bash3.bash Executable file
View File

@ -0,0 +1,68 @@
#!/usr/bin/env bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# shellcheck disable=SC1003
prog=$( basename $0 .bash )
ROLE=base
# github.com/jasperes/bash-yaml/script/yaml.sh
# Based on https://gist.github.com/pkuczynski/8665367
parse_yaml() {
local yaml_file=$1
local prefix=$2
local s
local w
local fs
s='[[:space:]]*'
w='[a-zA-Z0-9_.-]*'
fs="$(echo @|tr @ '\034')"
(
sed -e '/- [^\“]'"[^\']"'.*: /s|\([ ]*\)- \([[:space:]]*\)|\1-\'$'\n'' \1\2|g' |
sed -ne '/^--/s|--||g; s|\"|\\\"|g; s/[[:space:]]*$//g;' \
-e "/#.*[\"\']/!s| #.*||g; /^#/s|#.*||g;" \
-e "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)${s}[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" |
awk -F"$fs" '{
indent = length($1)/2;
if (length($2) == 0) { conj[indent]="+";} else {conj[indent]="";}
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s%s%s%s=(\"%s\")\n", "'"$prefix"'",vn, $2, conj[indent-1],$3);
}
}' |
sed -e 's/_=/+=/g' |
awk 'BEGIN {
FS="=";
OFS="="
}
/(-|\.).*=/ {
gsub("-|\\.", "_", $1)
}
{ print }'
) < "$yaml_file"
}
create_variables() {
local yaml_file="$1"
local prefix="$2"
eval $(parse_yaml "$yaml_file" "$prefix")
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash3.bash' -o $( basename -- $0 ) = 'parse_yaml3.sh' ] ; then
[ "$#" -eq 0 ] && echo "USAGE: $0 yamlfile [ prefix ]" && exit 1
file=$1
shift
[ "$#" -gt 1 ] && prefix=$1 || prefix=""
echo "DEBUG: $file $prefix"
create_variables $file $prefix
fi

4
overlay/Linux/usr/local/etc/ansible/ansible.cfg/0000mode.cfg Normal file
View File

@ -0,0 +1,4 @@
# -*-mode: conf; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# This is an auto-generated file - DO NOT EDIT
# Edit the fragments in /usr/local/etc/ansible/ansible.cfg/

1
overlay/Linux/usr/local/etc/ansible/ansible.cfg/000defaults.cfg Normal file
View File

@ -0,0 +1 @@
[defaults]

44
overlay/Linux/usr/local/etc/ansible/ansible.cfg/00defaults.cfg Normal file
View File

@ -0,0 +1,44 @@
# its a pretty broken debugger - fix it
# debug = true
inventory_enabled=yaml
# strategy_plugins = /usr/local/lib/python2.7/site-packages/mitogen-0.2.9-py2.7.egg/ansible_mitogen/plugins/strategy
# strategy_plugins = /usr/local/lib/python2.7/site-packages/ansible_mitogen/plugins/strategy
# do this in the env to make it easy to pop in and out
# strategy = mitogen_linear
# yaml dense unixy yaml oneline selective skippy stderr myyaml actionable
stdout_callback = yaml
# skippy
display_skipped_hosts = no
# stderr
# /usr/local/lib/python2.7/site-packages/ansible/plugins/callback/default.py
display_failed_stderr = yes
log_path = var/tmp/2021/01/10/linuxKick150154/base_proxy.log
# callback_plugins = /g/TestForge/src/ansible/lib/plugins/
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
# callback_whitelist = timer
command_warnings = False
deprecation_warnings = False
display_args_to_stdout = False
error_on_undefined_vars = True
force_color = False
#! fatal: [localhost]: FAILED! => {"changed": false, "cmd": "/bin/lsblk --list --noheadings --paths --output NAME,UUID --exclude 2", "msg": "Timer expired after 30 seconds", "rc": 257}
gather_timeout = 120
handler_includes_static = True
# Ansible by default will override variables in specific precedence orders, as described in Variables.
# When a variable of higher precedence wins, it will replace the other value.
#?! hash_behaviour = merged
local_tmp = /var/tmp
# library = /usr/share/ansible
library = /g/TestForge/src/ansible/library
nocows = 0
retry_files_enabled = False
roles_path = /g/TestForge/src/ansible/roles
# exists?
plugins_path = /g/TestForge/src/ansible/library/plugins

14
overlay/Linux/usr/local/etc/ansible/ansible.cfg/16optimize.cfg Normal file
View File

@ -0,0 +1,14 @@
host_key_checking = False
# http://chrisbergeron.com/2018/06/08/ansible_performance_tuning/
gathering = smart
fact_caching = jsonfile
fact_caching_connection = var/tmp/.ansible_fact_cache
forks = 5
timeout = 90
# This sets the interval (in seconds) of Ansible internal processes polling each other. Lower values
# improve performance with large playbooks at the expense of extra CPU load. Higher values are more
# suitable for Ansible usage in automation scenarios, when UI responsiveness is not required but CPU usage
# might be a concern. Default corresponds to the value hardcoded in 2.1: was 1
internal_poll_interval=5

5
overlay/Linux/usr/local/etc/ansible/ansible.cfg/28version.cfg Normal file
View File

@ -0,0 +1,5 @@
# new 2.8
# https://docs.ansible.com/ansible/latest/porting_guides/porting_guide_2.8.html
string_conversion_action = error
conditional_bare_variables = false

3
overlay/Linux/usr/local/etc/ansible/ansible.cfg/40ssh_connection.cfg Normal file
View File

@ -0,0 +1,3 @@
# https://thepracticalsysadmin.com/turbocharge-your-ansible-playbooks/
[ssh_connection]
pipelining = True

3
overlay/Linux/usr/local/etc/ansible/ansible.cfg/50inventory.cfg Normal file
View File

@ -0,0 +1,3 @@
[inventory]
enable_plugins = yaml

3
overlay/Linux/usr/local/etc/ansible/ansible.cfg/60chroot_connection.cfg Normal file
View File

@ -0,0 +1,3 @@
[chroot_connection]
# exe = /usr/local/sbin/base_chroot.bash
exe = /bin/chroot

519
overlay/Linux/usr/local/etc/local.d/local.bash Executable file
View File

@ -0,0 +1,519 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# prog=rc.local
PREFIX=/usr/local
ROLE=local
export PATH=$PATH:/usr/local/sbin:/usr/local/bin
if [ -x /sbin/rc-service ] ; then
local_rc_service () { rc-service "$@" ; }
local_rc_update () { rc-update "$@" ; }
elif [ -x /bin/systemctl ] ; then
local_rc_service () {
systemctl list-units --no-pager | grep -q $1 && \
echo INFO: /usr/sbin/service "$@" || \
echo WARN: /usr/sbin/service "$@"
/usr/sbin/service "$@" 2>/dev/null
return $?
}
local_rc_update () {
if [ "$#" -eq 0 ] ; then
systemctl list-units --no-pager
return $?
fi
dir=$1 ; shift ;
svc=$1 ; shift ;
if [ $dir = add ] ; then
dire=enable
elif [ $dir = del ] ; then
dire=disable
else
dire=$dir
fi
echo INFO: $prog systemctl --no-pager $dire $svc "$@"
systemctl --no-pager $dire $svc "$@"
return $?
}
elif [ -x /usr/sbin/service ] ; then
local_rc_service () {
/usr/sbin/service --status-all 2>&1 | grep -q $1 && \
echo INFO: /usr/sbin/service "$@" || \
echo WARN: /usr/sbin/service "$@"
/usr/sbin/service "$@" 2>/dev/null
return $?
}
local_rc_update () {
if [ "$#" -eq 0 ] ; then
/usr/sbin/service --status-all 2>&1 | sed -e 's/.* //'
return $?
fi
dir=$1 ; shift ;
svc=$1 ; shift ;
# disable|enable |remove
if [ $dir = add ] ; then
dire=enable
elif [ $dir = del ] ; then
dire=disable
else
dire=$dir
fi
update-rc.d $svc $dire || echo WARN: update-rc.d $svc $dir $dire
}
fi
proxy_rc_service () { local_rc_service $* ; }
proxy_rc_update () { local_rc_update $* ; }
grep -q root=/dev/vda /proc/cmdline
PROXY_IS_VDA=$?
## local_disable_lid
local_disable_lid () {
# https://bbs.archlinux.org/viewtopic.php?id=72779
echo LID0 > /proc/acpi/wakeup
# https://forums.linuxmint.com/viewtopic.php?f=208&t=106532
if [ -f /etc/UPower/UPower.conf ] ; then
[ -f /etc/UPower/UPower.conf.bak ] || \
cp -p /etc/UPower/UPower.conf /etc/UPower/UPower.conf.bak
grep -q '^IgnoreLid=true' /etc/UPower/UPower.conf || \
sed -e 's@#*IgnoreLid=.*@IgnoreLid=true@' -i /etc/UPower/UPower.conf
fi
if [ -f /etc/systemd/logind.conf ] ; then
[ -f /etc/systemd/logind.conf.bak ] || \
cp -p /etc/systemd/logind.conf /etc/systemd/logind.conf.bak
grep -q '^HandleLidSwitch=ignore' /etc/systemd/logind.conf || \
sed -e 's@^#*HandleLidSwitch=.*@HandleLidSwitch=ignore@' -i /etc/systemd/logind.conf
fi
return 0
}
## local_guest_neutersystemd
local_config_neutersystemd () {
[ ! -f /lib/lsb/init-functions.d/40-systemd ] || \
mv /lib/lsb/init-functions.d/40-systemd /lib/lsb/.40-systemd
return 0
}
## local_guest_fstab_config
local_guest_fstab_config () {
[ -d /mnt/mnt ] || mkdir /mnt/mnt
grep -q 9p /etc/fstab || {
echo mnt /mnt/mnt 9p trans=virtio,version=9p2000.L,posixacl,msize=10485760,cache=mmap \
>> /etc/fstab
}
# failsafe
grep 9p /etc/modules-load.d/*conf 2>/dev/null >/dev/null || \
cat > /etc/modules-load.d/9p.conf << EOF
9p
9pnet
9pnet_virtio
EOF
lsmod | grep -q 9pnet_virtio || modprobe -a `cat /etc/modules-load.d/*.conf`
return 0
}
## local_guest_config
local_guest_bootstrap () {
local_guest_fstab_config
return 0
}
## local_guest_config
local_guest_config () {
local_guest_bootstrap
local_guest_config_neutersystemd
[ -d /etc/qemu ] || mkdir /etc/qemu
[ -f /etc/qemu/qemu-ga.conf ] || cat > /etc/qemu/qemu-ga.conf <<EOF
[general]
daemon=false
method=virtio-serial
path=/dev/virtio-ports/org.qemu.guest_agent.0
pidfile=/run/qemu-ga.pid
statedir=/run
verbose=true
retry-path=false
blacklist=
logfile=/var/log/libvirtd/qemu-ga.log
EOF
[ -d /var/log/libvirtd/ ] || mkdir /var/log/libvirtd/
[ -f /etc/default/qemu-guest-agent.diff ] || cat > /etc/default/qemu-guest-agent.diff <<EOF
*** /etc/default/qemu-guest-agent.dst 2021-01-05 03:28:20.579117119 +0000
--- /etc/default/qemu-guest-agent 2021-08-27 20:26:36.234739996 +0000
***************
*** 1 ****
! DAEMON_ARGS="--logfile /var/log/libvirtd/qemu-ga.log"
--- 1 ----
! DAEMON_ARGS="--logfile /var/log/libvirtd/qemu-ga.log --verbose --pidfile /run/qemu-ga.pid"
EOF
[ ! -f /etc/default/qemu-guest-agent ] || \
[ -f /etc/default/qemu-guest-agent.dst ] || \
patch -z .st -b /etc/default/qemu-guest-agent \
< /etc/default/qemu-guest-agent.diff
return 0
}
## local_guest_modules_load
local_guest_modules_load () {
for file in /usr/local/etc/modules-load.d/vda*conf ; do
[ -s $file ] || continue
base=`basename $file`
[ -e /etc/modules-load.d/$base ] && continue
echo "# from $file" > /etc/modules-load.d/$base
grep -v '^#' $file >> /etc/modules-load.d/$base
done
# old
if [ -d /usr/local/etc/modules-load.d/ ] ; then
ls /etc/modules-load.d/vda*conf 2>/dev/null >/dev/null || \
ln -s /usr/local/etc/modules-load.d/vda*conf /etc/modules-load.d
fi
return 0
}
# all
## local_lightdm_on_text
local_lightdm_on_text () {
return 0
[ ! -f /usr/sbin/lightdm ] && return 0
if [ ! -f /usr/sbin/lightdm.bin ] ; then
[ -f /usr/sbin/lightdm.bad ] && mv /usr/sbin/lightdm.bad /usr/sbin/lightdm.bin
[ ! -f /usr/sbin/lightdm.bin ] && mv /usr/sbin/lightdm /usr/sbin/lightdm.bin
if [ -f /usr/sbin/lightdm.bin ] && [ -f /usr/sbin/lightdm ] ; then
cat > /usr/sbin/lightdm << EOF
#!/bin/sh
grep -q ' text ' /proc/cmdline && exit 0
exec /usr/sbin/lightdm.bin "$@"
EOF
chmod 755 /usr/sbin/lightdm
fi
fi
return 0
}
## local_guest_start_services
local_guest_start_services () { local_guest_start ; }
## local_guest_start
local_guest_start () {
local_guest_modules_load
lsmod | grep -q 9pnet_virtio || \
grep -hv '#' /etc/modules-load.d/vda*.conf | xargs modprobe --all
# local_start_and_add_services $*
exit 0
}
## local_guest_add_xorg_conf
local_guest_add_xorg_conf () {
[ -f /etc/X11/xorg.conf.d/80_qxl.conf ] || \
grep -q 'Drive.*qxl' /etc/X11/xorg.conf.d/*.conf || \
cat > /etc/X11/xorg.conf.d/80_qxl.conf << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy whonix_guest.yml
Section "Device"
Identifier "qxl"
Driver "qxl"
Option "DPI" "96 x 96"
Option "ENABLE_IMAGE_CACHE" "True"
Option "ENABLE_FALLBACK_CACHE" "False"
Option "ENABLE_SURFACES" "False"
EndSection
# END ANSIBLE MANAGED BLOCK proxy whonix_guest.yml
EOF
return 0
}
## local_guest_status
local_guest_status () {
if [ ! -f /var/log/libvirtd/qemu-ga.log ] ; then
echo WARN: missing /var/log/libvirtd/qemu-ga.log
elif grep -q critical: /var/log/libvirtd/qemu-ga.log ; then
echo ERROR: critical /var/log/libvirtd/qemu-ga.log
fi
return 0
}
# vda
## local_host_symlink_usr_src
local_host_symlink_etc_fstab () {
# guest
[ -h /etc/fstab ] && [ -f /etc/fstab.vda ] && \
rm -f /etc/fstab && ln -s /etc/fstab.vda /etc/fstab
return 0
}
## local_host_make_dmcrypt_swap
local_host_make_dmcrypt_swap () {
local two five
if ! grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps ; then
blkid > ~/blkid.txt
five=`grep _05E ~/blkid.txt | head -1`
if [ $? -eq 0 -a -n "$five" ] ; then
two=`echo $five | sed -e 's/_.*//' -e 's/.*="//'`_02SWAP
if ! grep $two ~/blkid.txt ; then
dev=`echo $five | sed -e 's/:.*//' -e 's/5/2/'`
[ $? -eq 0 -a -n "$dev" ] && mkswap -L $two $dev
fi
grep $two /etc/conf.d/dmcrypt && local_rc_service dmcrypt restart || echo WARN: $two not in /etc/conf.d/dmcrypt
grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps || local_rc_service swap restart
# if its not in fstab
grep -q '/dev/mapper\|/dev/sd\|/dev/dm' /proc/swaps || swapon /dev/mapper/cryptswap*
fi
fi
return 0
}
# all
local_start_services () { local_start_and_add_services ; }
## local_start_and_add_services
local_start_and_add_services () {
for elt in $*; do
local_rc_service $elt status >/dev/null || local_rc_service $elt start
local_rc_update | grep -q $elt || local_rc_update add $elt
done
return 0
}
# all
## local_manual_stop_services
local_manual_stop_services () {
# set these to stop now and restart them manually as we configure them
# rsync on debian
for elt in $* ; do
local_rc_service $elt status >/dev/null && local_rc_service $elt stop
local_rc_update | grep -q $elt && local_rc_update del $elt
done
return 0
}
# host
## local_host_symlink_usr_src
local_host_symlink_usr_src () {
local dir
# broken
dir=`cat /proc/cmdline|sed -e 's/.*BOOT_IMAGE=kernel-pentoo-x86_64/linux/' -e 's/_.*//'`
WD=$PWD
cd /usr/src
if [ -d $dir ] ; then
rm -f linux
ln -s $dir linux || echo WARN: $PWD/$dir not found
fi
cd $WD
return 0
}
# host
## local_host_restart_psmouse
local_host_restart_psmouse () {
local_rc_service gpm status && local_rc_service gpm stop
rmmod psmouse; sleep 1; modprobe psmouse proto=exps
local_rc_service gpm start
return 0
}
# host
## local_host_restart_intel_sound
local_host_restart_intel_sound () {
which aplay >/dev/null 2>/dev/null || return 0
# both
if ! aplay -L | grep -q default:CARD=PCH ; then
rmmod snd_hda_intel ;
sleep 5
modprobe snd_hda_intel enable=1 ;
sleep 1
aplay -L >/dev/null || exit 2
fi
return 0
}
## local_kicksecure
local_kicksecure () {
local_guest || exit 1$?
return 0
}
## local_gateway
local_gateway () {
local_guest || exit 1$?
return 0
}
ELTS="sdwdate rads"
## local_guest
local_guest () {
# grep -q text /proc/cmdline && local_lightdm_on_text
local_all
local_guest_config
local_guest_start
if [ -d /etc/apt ] ; then
# bootstrap for ansible
if ! apt-cache search openssh-server | grep -q Size ; then
apt-get install openssh-server
fi
local_start_and_add_services ssh
if grep -q text /proc/cmdline ; then
local_manual_stop_services graphical lightdm rads
fi
fi
# local_manual_mask_services $ELTS
return 0
}
## local_host
local_host () {
local_host_crit_boot || exit 1$?
local_disable_lid
local_host_restart_intel_sound
local_host_restart_psmouse
local_all
return 0
}
# local_null_machineid
local_null_machineid () {
[ -s /etc/machine-id ] && cp /dev/null /etc/machine-id
return 0
}
## local_all
local_all () {
local_host_crit_boot || exit 2
uuidgen > /etc/machine-id
local_config_neutersystemd
local_null_machineid
touch /var/log/boot
chmod 775 /usr/local/*bin/*sh
local_neuter_gvfs
( cd /var/tmp && rm -rf ansible-local-* Temp-* ssh-* pulse-* .xfsm-ICE-* )
local_systemd_stop_and_mask
return 0
}
## local_manual_mask_services
local_manual_mask_services () {
if [ -d /usr/local/etc/systemd/ ] ; then
local_systemd_stop_and_mask $* || return 1$?
elif [ -x /usr/sbin/update-rc.d ] ; then
/usr/sbin/invoke-rc.d $1 stop
/usr/sbin/update-rc.d $1 remove || return 2$?
elif [ /sbin/rc-update ] ; then
/sbin/rc-service $1 stop
/sbin/rc-update $1 del || return 3$?
fi
return 0
}
# local_guest_neutersystemd
local_guest_neutersystemd () {
local_systemd_stop_and_mask
return $?
}
## local_systemd_stop_and_mask
local_systemd_stop_and_mask () {
[ -d /lib/systemd/system/ ] || return 0
[ $# -eq 0 ] && [ -d /usr/local/etc/systemd/ ] && \
set - `grep -l -v '#\|@\.service' /usr/local/etc/systemd/*.mask`
for file in $* ; do
[ -e /lib/systemd/system/$file ] || continue
elt=`basename $file`
systemctl is-enabled $elt 2>/dev/null >/dev/null || continue
echo INFO: local_systemd_stop_and_mask systemctl disable $elt
systemctl disable --now $elt && systemctl mask $elt
# [ -h /etc/systemd/system/$file ]
# [ `readlink /etc/systemd/system/$file ` = /dev/null ]
done
return 0
}
## local_neuter_gvfs
local_neuter_gvfs () {
[ -d /usr/local/share/dbus-1/services ] || exit 0
cd /usr/local/share/dbus-1/services
for file in /usr/share/dbus-1/services/*vfs* ; do
sed -e 's@^Exec=.*@Exec=/bin/false@' > `basename $file`
done
}
# local_link_linux
local_link_linux () {
sed < /proc/cmdline -e 's@.*BOOT_IMAGE=vmlinuz-@linux-@' -e 's/[_ ].*//'| \
while read line ; do
[ -z "$line" ] && continue
[ -d "/usr/src/$line" ] || { echo WARN: /usr/src/$line ; continue ; }
rm -f /usr/src/linux
echo INFO: /usr/src/$line /usr/src/linux
ln -s /usr/src/$line /usr/src/linux
done
return 0
}
# local_host_crit_boot
local_host_crit_boot () {
[ -d /mnt/l/syslinux ] || return 0
local a=`grep BOOT_IMAGE /proc/cmdline |sed -e 's/.*BOOT_IMAGE=//' -e 's/ .*//'`
[ -n "$a" ] || return 1
[ -f "/boot/$a" ] || return 2
[ -f "/mnt/l/syslinux/$a" ] || return 3
diff "/boot/$a" "/mnt/l/syslinux/$a" || {
/usr/local/bin/base_wall.bash $prog 'CRIT: ' "/boot/$a" "/mnt/l/syslinux/$a"
return 4
}
a=`grep initrd= /proc/cmdline |sed -e 's/.*initrd=//' -e 's/ .*//' -e 's/.*,//'`
[ -n "$a" ] || return 11
[ -f "/boot/$a" ] || return 12
[ -f "/mnt/l/syslinux/$a" ] || return 13
diff "/boot/$a" "/mnt/l/syslinux/$a" || {
/usr/local/bin/base_wall.bash $prog 'CRIT: ' "/boot/$a" "/mnt/l/syslinux/$a"
return 14
}
return 0
}
base=local
if [ -x /usr/bin/basename ] && [ `/usr/bin/basename -- $0` = $base'.bash' ] ; then
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'| sort \
&& exit 0
"$@"
exit $?
fi

5
overlay/Linux/usr/local/etc/systemd/base.mask Normal file
View File

@ -0,0 +1,5 @@
debug-shell.service
multi-user.target.wants/swap-file-creator.service
swap-file-creator.service
systemd-backlight@.service
systemd-backlight@backlight.service

159
overlay/Linux/usr/local/sbin/base_chroot.bash Executable file
View File

@ -0,0 +1,159 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
# export PATH=$PATH:/usr/local/bin
. /usr/local/bin/usr_local_tput.bash
# MUST be silent
error () { retval=$1 ; shift; ERROR $prog $* >&2 ; exit $retval ; }
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
warn () { : ; }
info () { : ; }
debug () { : ; }
# must be run as root
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
[ -x /bin/chroot ] && EXE=/bin/chroot
[ -x /usr/sbin/chroot ] && EXE=/usr/sbin/chroot # debian
setcap CAP_SYS_PTRACE=+ep $EXE
if [ "$#" -eq "0" ] ; then
usage "give an absolute directory name as argument"
fi
LARGS=""
CMD=""
while true; do
case "$1" in
'-'*)
LARGS="$1"
shift
;;
*)
break
;;
esac
done
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
root=$1
shift
if [ ! -d "$root" ] ; then
error 1 "directory not found - $root"
fi
# unix partition
[ -d $root/lost+found ] || WARN "No $root/lost+found"
# linux partition
[ -e $root/usr/src/ ] || WARN "No $root/usr/src"
# check for /dev/loop devices - up to 255 on android
[ -e /dev/loop1 ] || \
( cd /dev && \
for i in 0 1 2 3 4 5 6 7 ; do
[ -e loop$i ] && continue
mknod loop$i b 7 $i
chmod 660 loop$i
chgrp disk loop$i
done )
cd $root || error 6 "Can't cd to $root"
# sbin/boostrap_chroot.bash
for file in .bashrc .bash_profile .bash_logout .emacs ; do
[ -f $root/root/$file ] && continue
cp -p /root/$file $root/root/
done
for file in tmp usr/tmp var/tmp ; do
[ -d $file ] && continue
mkdir $file || error 8 " missing directory $file"
chmod 1777 $file
done
# df /var/tmp | grep -q sd.12 || mount /var/tmp
for file in proc sys dev dev/pts dev/shm usr ; do
[ -d $file ] && continue
mkdir $file || error 9 "Cant mkdir $file"
chmod 755 $file
done
if false ; then
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
# what happens to dev/shm ? its own memory?
# required for ansible and firefox
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
[ -e dev/pts/ptmx ] || \
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
else
# https://wiki.gentoo.org/wiki/Chroot
[ -e dev/loop0 ] || \
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|| error 10 mount --rbind /dev $root/dev
[ -e proc/self ] || mount -t proc /proc $root/proc \
|| error 11 mount -t proc /proc
[ -e sys/block ] || \
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|| error 12 --rbind /sys $root/sys
df -a | grep -q $root/dev/shm || \
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
df -a | grep -q $root/tmp || mount --rbind /tmp $root/tmp \
|| error 13 mount --rbind /tmp $root/tmp
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
[ -e dev/pts/ptmx ] || \
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
fi
# user
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
cp ~/.Xauthority $root/$HOME
cp ~/.xauth* $root/$HOME
fi
base=$( basename $root )
[ -e ./start.rc ] || cat > ./start.rc << EOF
# env-update && . /etc/profile
export PS1='\${tty}\\u@${base}:\\W\\$ '
EOF
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
# openpty failed: 'out of pty devices'
# root@Flati:11# d /dev/pts/
# total 6
# 2 ./ 4 ../
# You'll also want to copy over resolv.conf in order to have proper DNS name
# resolution from inside the chroot:
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
#? set these to root or derive them? what about -l?
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
. /usr/local/bin/proxy_export.bash >/dev/null
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
for elt in $EELTS ; do
EARGS="$EARGS $( env|grep ^${elt}= )"
done
# mesg: ttyname failed: Success
tty=$( tty 2>/dev/null )
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
# was /bin/bash -l
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
# Now you can chroot into your new system. Use env before chroot to ensure that no
# environment variables from the installation media are used by your new system:
#? PATH=$PATH
# info chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
exec $EXE $LARGS $root /usr/bin/env -i $EARGS "$@"

155
overlay/Linux/usr/local/sbin/base_chroot_caps.bash Executable file
View File

@ -0,0 +1,155 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash
# MUST be silent
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
error () { retval=$1 ; shift; ERROR "$prog" $* >&2 ; exit $retval ; }
warn () { WARN "$prog" $* >&2 }
info () { INFO "$prog" $* >&2 }
debug () { DBUG "$prog" $* >&2 }
# must be run as root
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
if [ "$#" -eq "0" ] ; then
usage "give an absolute directory name as argument"
fi
LARGS=""
CMD=""
while true; do
case "$1" in
'-'*)
LARGS="$1"
shift
;;
*)
break
;;
esac
done
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
root=$1
shift
if [ ! -d "$root" ] ; then
error "directory not found - $root"
fi
# unix partition
[ -d $root/lost+found ] || warn "No $root/lost+found"
# linux partition
[ -e $root/usr/src/ ] || warn "No $root/usr/src"
# check for /dev/loop devices
[ -e /dev/loop1 ] || \
( cd /dev && \
for i in 0 1 2 3 4 5 6 7 ; do
[ -e loop$i ] && continue
mknod loop$i b 7 $i
chmod 660 loop$i
chgrp disk loop$i
done )
cd $root || error 6 "Can't cd to $root"
# sbin/boostrap_chroot.bash
for file in .bashrc .bash_profile .bash_logout .emacs ; do
[ -f $root/root/$file ] && continue
cp -p /root/$file $root/root/
done
for file in tmp usr/tmp var/tmp ; do
[ -d $file ] && continue
mkdir $file || error 8 " missing directory $file"
chmod 1777 $file
done
for file in proc sys dev dev/pts dev/shm usr ; do
[ -d $file ] && continue
mkdir $file || error 9 "Cant mkdir $file"
chmod 755 $file
done
if false ; then
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
# what happens to dev/shm ? its own memory?
# required for ansible and firefox
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
[ -e dev/pts/ptmx ] || \
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
else
# https://wiki.gentoo.org/wiki/Chroot
[ -e dev/null ] || \
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|| error 10 mount --rbind /dev $root/dev
[ -e proc/self ] || mount -t proc /proc $root/proc \
|| error 11 mount -t proc /proc
[ -e sys/block ] || \
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|| error 12 --rbind /sys $root/sys
df -a | grep -q $root/dev/shm || \
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
[ -e dev/pts/ptmx ] || \
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
fi
# user
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
cp ~/.Xauthority $root/$HOME
cp ~/.xauth* $root/$HOME
fi
base=$( basename $root )
[ -e ./start.rc ] || cat > ./start.rc << EOF
# env-update && . /etc/profile
export PS1='\${tty}\\u@${osl}${base}:\\W\\$ '
EOF
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
# You'll also want to copy over resolv.conf in order to have proper DNS name
# resolution from inside the chroot:
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
#? set these to root or derive them? what about -l?
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
. /usr/local/bin/proxy_export.bash >/dev/null
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
for elt in $EELTS ; do
EARGS="$EARGS $( env|grep ^${elt}= )"
done
[ -n "$BOX_DEBIAN10_VAR_APT_ARCHIVES" ] && \
EARGS="$EARGS $BOX_DEBIAN10_VAR_APT_ARCHIVES=$BOX_DEBIAN10_VAR_APT_ARCHIVES"
# mesg: ttyname failed: Success
tty=$( tty 2>/dev/null )
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
# was /bin/bash -l
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
# Now you can chroot into your new system. Use env before chroot to ensure that no
# environment variables from the installation media are used by your new system:
INFO capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 -- /usr/sbin/chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
echo >$root/tmp/$$.bash \
capsh '--caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep"' --keep=1 -- /tmp/$$.sh
echo >$root/tmp/$$.sh \
'`which env`' -i $EARGS "$@"
capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 --chroot=$root -- /tmp/$$.bash
# --chroot=$root -c /usr/bin/env -- -i $EARGS "$@"
# exec chroot $LARGS $root /usr/bin/env -i $EARGS "$@"

Some files were not shown because too many files have changed in this diff Show More