emdee/base_role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first

Browse source
This commit is contained in:
embed@git.macaw.me 2024-01-06 01:38:28 +00:00
commit b50fd16591
197 changed files with 41663 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
overlay/Linux/usr/local/bin/base_certdata2pem.bash Executable file
View file

@ -0,0 +1,7 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
prog=$( basename $0 .bash )
exec python3.sh /usr/local/bin/base_certdata2pem.py "$@"

153
overlay/Linux/usr/local/bin/base_certdata2pem.py Normal file
View file

@ -0,0 +1,153 @@
#!/usr/bin/python
# vim:set et sw=4:
#
# certdata2pem.py - splits certdata.txt into multiple files
#
# Copyright (C) 2009 Philipp Kern <pkern@debian.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301,
# USA.
import base64
import os.path
import re
import sys
import textwrap
import io
objects = []
# Dirty file parser.
in_data, in_multiline, in_obj = False, False, False
field, type, value, obj = None, None, None, dict()
# Python 3 will not let us decode non-ascii characters if we
# have not specified an encoding, but Python 2's open does not
# have an option to set the encoding. Python 3's open is io.open
# and io.open has been backported to Python 2.6 and 2.7, so use io.open.
for line in io.open('certdata.txt', 'rt', encoding='utf8'):
# Ignore the file header.
if not in_data:
if line.startswith('BEGINDATA'):
in_data = True
continue
# Ignore comment lines.
if line.startswith('#'):
continue
# Empty lines are significant if we are inside an object.
if in_obj and len(line.strip()) == 0:
objects.append(obj)
obj = dict()
in_obj = False
continue
if len(line.strip()) == 0:
continue
if in_multiline:
if not line.startswith('END'):
if type == 'MULTILINE_OCTAL':
line = line.strip()
for i in re.finditer(r'\\([0-3][0-7][0-7])', line):
value.append(int(i.group(1), 8))
else:
value += line
continue
obj[field] = value
in_multiline = False
continue
if line.startswith('CKA_CLASS'):
in_obj = True
line_parts = line.strip().split(' ', 2)
if len(line_parts) > 2:
field, type = line_parts[0:2]
value = ' '.join(line_parts[2:])
elif len(line_parts) == 2:
field, type = line_parts
value = None
else:
raise NotImplementedError('line_parts < 2 not supported.')
if type == 'MULTILINE_OCTAL':
in_multiline = True
value = bytearray()
continue
obj[field] = value
if len(obj) > 0:
objects.append(obj)
# Read blacklist.
blacklist = []
if os.path.exists('blacklist.txt'):
for line in open('blacklist.txt', 'r'):
line = line.strip()
if line.startswith('#') or len(line) == 0:
continue
item = line.split('#', 1)[0].strip()
blacklist.append(item)
# Build up trust database.
trust = dict()
for obj in objects:
if obj['CKA_CLASS'] != 'CKO_NSS_TRUST':
continue
if obj['CKA_LABEL'] in blacklist:
print("Certificate %s blacklisted, ignoring." % obj['CKA_LABEL'])
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_TRUSTED_DELEGATOR':
trust[obj['CKA_LABEL']] = True
elif obj['CKA_TRUST_SERVER_AUTH'] == 'CKT_NSS_NOT_TRUSTED':
print('!'*74)
print("UNTRUSTED BUT NOT BLACKLISTED CERTIFICATE FOUND: %s" % obj['CKA_LABEL'])
print('!'*74)
else:
print("Ignoring certificate %s. SAUTH=%s, EPROT=%s" % \
(obj['CKA_LABEL'], obj['CKA_TRUST_SERVER_AUTH'],
obj['CKA_TRUST_EMAIL_PROTECTION']))
for obj in objects:
if obj['CKA_CLASS'] == 'CKO_CERTIFICATE':
if not obj['CKA_LABEL'] in trust or not trust[obj['CKA_LABEL']]:
continue
bname = obj['CKA_LABEL'][1:-1].replace('/', '_')\
.replace(' ', '_')\
.replace('(', '=')\
.replace(')', '=')\
.replace(',', '_')
# this is the only way to decode the way NSS stores multi-byte UTF-8
# and we need an escaped string for checking existence of things
# otherwise we're dependant on the user's current locale.
if bytes != str:
# We're in python 3, convert the utf-8 string to a
# sequence of bytes that represents this utf-8 string
# then encode the byte-sequence as an escaped string that
# can be passed to open() and os.path.exists()
bname = bname.encode('utf-8').decode('unicode_escape').encode('latin-1')
else:
# Python 2
# Convert the unicode string back to its original byte form
# (contents of files returned by io.open are returned as
# unicode strings)
# then to an escaped string that can be passed to open()
# and os.path.exists()
bname = bname.encode('utf-8').decode('string_escape')
fname = bname + b'.crt'
if os.path.exists(fname):
print("Found duplicate certificate name %s, renaming." % bname)
fname = bname + b'_2.crt'
f = open(fname, 'w')
f.write("-----BEGIN CERTIFICATE-----\n")
encoded = base64.b64encode(obj['CKA_VALUE']).decode('utf-8')
f.write("\n".join(textwrap.wrap(encoded, 64)))
f.write("\n-----END CERTIFICATE-----\n")

90
overlay/Linux/usr/local/bin/base_check_site_py.bash Executable file
View file

@ -0,0 +1,90 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
[ "$#" -eq 0 ] && echo USAGE: $0 2.7 ... 3.9 3.10 3.11 && exit 1
. /usr/local/bin/usr_local_base.bash || exit 2
[ -f $PREFIX/etc/testforge/testforge.bash ] \
&& . /usr/local/etc/testforge/testforge.bash
PYTHON_MINOR="$1"
PYMAJ="${PYTHON_MINOR:0:1}"
if [ -z "$LIB" -a -f /usr/lib/python$PYTHON_MINOR/site.py ] ; then
LIB=lib
elif [ -z "$LIB" -a -f /usr/lib64/python$PYTHON_MINOR/site.py ] ; then
LIB=lib64
fi
[ -d /usr/local/lib/python$PYTHON_MINOR ] && \
[ ! -e /usr/local/lib64/python$PYTHON_MINOR ] && \
ln -s /usr/local/lib/python$PYTHON_MINOR /usr/local/lib64/python$PYTHON_MINOR
if [ "" = "$BASE_PYTHON2_MINOR" ] ; then
not_PYTHON_MINOR=""
elif [ $PYTHON_MINOR = "$BASE_PYTHON2_MINOR" ] ; then
not_PYTHON_MINOR="$BASE_PYTHON3_MINOR"
elif [ $PYTHON_MINOR = "$BASE_PYTHON3_MINOR" ] ; then
not_PYTHON_MINOR="$BASE_PYTHON2_MINOR"
else
ERROR "$PYTHON_MINOR not in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR"
exit 1
fi
INFO $prog PYMAJ=$PYMAJ PYTHON_MINOR=$PYTHON_MINOR not_PYTHON_MINOR=$not_PYTHON_MINOR PYTHONPATH=$PYTHONPATH
export PYTHONPATH=""
if [ "$PYMAJ" = '2' ] ; then
imp='import sys; print sys.path'
elif [ "$PYMAJ" = '3' ] ; then
imp='import sys; print(repr(sys.path))'
fi
[ -x $PREFIX/bin/python$PYMAJ.sh ] || {
echo >&2 ERROR: $prog 2 -x $PREFIX/bin/python$PYMAJ.sh "$PYTHON_MINOR" && exit 2 ;
}
if [ -f /etc/python-exec/python2.conf ] ; then
grep -F "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf || {
echo >&2 ERROR: $prog 3 "$BASE_PYTHON2_MINOR" /etc/python-exec/python2.conf
}
fi
if [ -f /etc/python-exec/python3.conf ] ; then
grep -F "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf || {
echo >&2 ERROR: $prog 4 "$BASE_PYTHON3_MINOR" /etc/python-exec/python3.conf
}
fi
# echo -n DEBUG: $prog 2 python$PYTHON_MINOR -S -s
python$PYMAJ -S -s -c "$imp" \
|| { echo >&2 ERROR: $prog 22 $PYTHON_MAJ -S -s"$PYTHON_MINOR" && exit 22 ; }
# echo -n DEBUG: $prog 4 python$PYTHON_MINOR -s
python$PYMAJ -s -c "$imp" \
|| { echo >&2 ERROR: $prog 4 python$PYTHON_MINOR -s "$PYTHON_MINOR" && exit 4 ; }
# echo -n DEBUG: $0 6 $PREFIX/bin/python$PYMAJ.sh -S -s
$PREFIX/bin/python$PYMAJ.sh -S -s -c "$imp" \
|| { echo >&2 ERROR: $prog 6 python$PYMAJ.sh -S -s "$PYTHON_MINOR" && exit 6 ; }
echo -n DEBUG: $0 8 $PREFIX/bin/python$PYMAJ.sh -s
$PREFIX/bin/python$PYMAJ.sh -s -c "$imp" \
|| { echo >&2 ERROR: $prog 8 python$PYMAJ.sh -s "$PYTHON_MINOR" && exit 8 ; }
# INFO $prog 10 $PREFIX/bin/python$PYMAJ.sh sitecustomize.py "$PYTHON_MINOR"
a=$( $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ) || \
{ echo >&2 ERROR: $prog "error 10 $PREFIX/bin/python$PYMAJ.sh $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py" && exit 10 ; }
#[ -x "$a" ] || \
# { echo >&2 ERROR: $prog 11 "broken $PREFIX/bin/python$PYMAJ.sh /usr/local/bin/python2.sh - $a" && exit 11 ; }
#echo >&2 INFO: $prog 11 "$a"
# INFO $prog 12 python$PYTHON_MINOR sitecustomize.py "$PYTHON_MINOR"
python$PYMAJ $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py || \
{ ERROR 12 $prog python$PYMAJ sitecustomize.py "$PYTHON_MINOR" && exit 12 ; }
exit 0
# [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2
# [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3
# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python2.bash ] || exit 22
# [ $( python3.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python3.bash ] || exit 33

27
overlay/Linux/usr/local/bin/base_clean_filenames.bash Executable file
View file

@ -0,0 +1,27 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
PREFIX=/usr/local
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
# accepted files or directories -- to recusively look for files in
[ "$#" -eq 0 ] && set -- $PWD/
# Clean the bad ones under Windows: [:] and other uglies ['"{}[]?!]
# The Bad ones break rsync and but the others can cause trouble elsewhere
re='[^ .,~%+=^@!0-9a-zA-z_()#-]'
find "$@" -type f -or -type d | while read file ; do
dir=`dirname "$file"`
base=`basename "$file"`
# wierd = misses "ZeeRex The Explainable ``Explain__ Service.htm"
new=`sed -f $PREFIX/share/sed/base_clean_filenames.sed <<< $base`
[ "$base" = "$new" ] && continue
[ -f "$file" -a -f "$dir/$new" ] && diff -qr "$file" "$dir/$new" && rm -f "$file" && continue
DBUG \"$file\" \"$dir/$new\"
mv -i "$file" "$dir/$new"
done
exit 0

24
overlay/Linux/usr/local/bin/base_clean_path.bash Executable file
View file

@ -0,0 +1,24 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# we use stdout
ROLE=base
prog=$( basename $0 .bash )
N=""
IFS=':'
[ -z "$UID" ] && UID=$( id -u )
for elt in $PATH ; do
[ $UID -eq 0 -a "$elt" = '.' ] && continue
[ -d "$elt" ] || continue
[ -z "$N" ] && N="$elt" && continue
[[ $N =~ (^|:)${elt}(:|$) ]] && continue
N="$N:$elt" && continue
done
IFS=' '
elt=/var/local/bin
[[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt"
echo $N
exit 0

40
overlay/Linux/usr/local/bin/base_clean_pythonpath.bash Executable file
View file

@ -0,0 +1,40 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# answer output
prog=$( basename $0 .bash )
ROLE=base
[ $# -lt 2 ] && echo "USAGE: $0 PYTHON_MINOR PPATH" >>/proc/self/fd/2 && exit 1
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
PYTHON_MINOR=$1
PPATH=$2
PYVER=$( echo $1|sed -e 's/.*python//' -e 's@/.*@@' )
[[ "$PYTHON_MINOR" =~ .*2\..* ]] && notPYVER="3." || notPYVER="2."
# echo "DEBUG: $1 $PPATH $notPYVER" >>/proc/self/fd/2
N=""
IFS=':'
warns=0
[ -z "$UID" ] && UID=$( id -u )
for elt in $PPATH ; do
[ -d "$elt" ] || continue
[[ $elt =~ .*python${notPYVER}.* ]] ; a=$?
# DBUG $1 $elt $notPYVER a=$a >>/proc/self/fd/2
[ $a -eq 0 ] && { WARN $prog wanted: $PYTHON_MINOR got: $elt >>/proc/self/fd/2 ; \
warns=$( expr $warns + 1 ) ; continue ; }
[ -z "$N" ] && N="$elt" && continue
[[ $N =~ $elt ]] && continue
[ -n "$N" ] && N="$N:$elt"
# DBUG $prog adding: $elt
done
IFS=' '
echo $N
exit $warns

95
overlay/Linux/usr/local/bin/base_daily.bash Executable file
View file

@ -0,0 +1,95 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
# The idea here is to run ansible_local.bash --tags daily
# and then use this to do the parsing and throwing errors based on the output.
# This was the ansible run can be free from erroring and this can be
# run repeatedly anytime outside of ansible to deal with the issues raised.
# It is also run at the end of ansible_local.bash --tags daily to raise the issues.
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
. /usr/local/etc/local.d/local.bash
MYID=$( id -u )
[ $MYID -eq 0 ] || { ERROR $prog must be run as root $MYID ; exit 1 ; }
LOG_DIR=/usr/local/tmp
ly=daily
errs=0
warns=0
# sh /usr/local/bin/base_hourly.bash
LOG_DIR=/usr/local/tmp/$ly
[ -d "$LOG_DIR" ] || mkdir -p "$LOG_DIR"
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
OUT=$LOG_DIR/O${prog}_${ly}$$.log
rm -f $LOG_DIR/*${prog}_${ly}*.log
if [ -f /var/log/dmesg.log ] ; then
grep 'IOMMU enabled' /var/log/dmesg.log || WARN NOT 'IOMMU enabled' | tee -a $WLOG
fi
cp /dev/null /var/log/dirmngr.log
/usr/local/bin/base_gnupg_test.bash || ERROR $retval /usr/local/bin/base_gnupg_test.bash >> $WLOG
[ -d /etc/portage ] && \
grep 'ERR 219 Server indicated a failure' /var/log/dirmngr.log >> $ELOG
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
if [ -d /etc/apt -a -d /o/Cache/Apt/Devuan/4 ] ; then
[ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && \
TESTF_UBUNTU16_VAR_APT_ARCHIVES=/o/Cache/Apt/Devuan/4
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=devuan
else
[ -z "BOX_USER_NAME" ] && BOX_USER_NAME=vagrant
fi
if [ -d /o/Cache/Pip/ ] ; then
[ -z "$HOSTVMS_BOXUSER_PIP_CACHE" ] && \
HOSTVMS_BOXUSER_PIP_CACHE=/o/Cache/Pip/
fi
# FixMe: bootstrap
elt=pip ; DBUG $elt
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
for PYVER in 2 3 ; do
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
[ $? -eq 0 -a -f $pfile ] && continue
# /usr/local/sbin/bootstrap_pip.bash
pfile=`python$PYVER.sh -c 'import pip; print(pip.__file__)'`
[ $? -eq 0 -a -f $pfile ] || WARN pip $PYVER not installed - $pfile
for elt in $scripts ; do
[ -e $PREFIX/bin/$elt ] || { WARN installing $elt $PYVER ; }
done
done
elt=doctest3
if [ $MYID -ne 0 ] ; then
/var/local/bin/testforge_python_doctest3.bash \
/var/local/share/doc/txt/base3.txt \
> "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG
fi
[ -f $WLOG ] && warns=$( wc -l $WLOG | cut -f 1 -d ' ' )
[ $? -eq 0 -a $warns -ne 0 ] && \
WARN "$prog $warns $ly $prog warnings in $WLOG"
[ -f $ELOG ] && errs=$( wc -l $ELOG | cut -f 1 -d ' ' )
[ $? -eq 0 -a $errs -ne 0 ] && \
echo "ERROR: $prog $errs $ly $prog errors in $ELOG" && cat $ELOG
[ $errs -eq 0 ] && \
[ $warns -eq 0 ] && \
INFO "$prog No $ly errors" && \
rm -f $WLOG $ELOG $OUT
exit $errs

51
overlay/Linux/usr/local/bin/base_daily.exp Normal file
View file

@ -0,0 +1,51 @@
#!/usr/bin/expect --
# -*- mode: tcl; tab-width: 8; encoding: utf-8-unix -*-
set timeout 30
set KEY_ID 96D8BF6D
#? stty raw -echo
spawn gpg --home /etc/portage/gnupg --edit-key $KEY_ID trust
# unknown] (1). Gentoo ebuild repository signing key (Automated Signing Key) <infrastructure@gentoo.org>
# unknown] (2) Gentoo Portage Snapshot Signing Key (Automated Signing Key)
## tsign
#expect "Really sign all user IDs? (y/N)?*"
#send_user "Sending y\n"
#send "y\n"
# tsign -> gpg: no default secret key: No secret key
# trust
expect "Your decision?*"
send_user "Sending 4\n"
send "4\n"
# No save is required for trust
expect "gpg>*"
send_user "Sending save\r"
send "save\r"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
} "Key not changed so no update needed*" {
exit 0
}
expect "gpg>*"
send_user "Sending quit\r"
send "quit\r"
expect -re .+ {
exp_continue
} timeout {
exit 1
} eof {
exit 0
}
# expect -r .+ {send "\r"}

344
overlay/Linux/usr/local/bin/base_daily.html Normal file
View file

@ -0,0 +1,344 @@
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Release media signatures Gentoo Linux</title>
<meta name="theme-color" content="#54487a">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta property="og:title" content="Release media signatures Gentoo Linux">
<meta property="og:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
<meta property="og:description" content="News and information from Gentoo Linux">
<meta name="twitter:image" content="https://www.gentoo.org/assets/img/logo/gentoo-g.png">
<link rel="apple-touch-icon" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
<link rel="icon" sizes="192x192" href="https://www.gentoo.org/assets/img/logo/icon-192.png">
<link href="https://assets.gentoo.org/tyrian/v1/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="https://assets.gentoo.org/tyrian/v1/tyrian.min.css" rel="stylesheet" media="screen">
<link href="/assets/css/screen.css" rel="stylesheet" media="screen">
<link rel="icon" href="/favicon.ico" type="image/x-icon">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/www-gentoo-org.xml" title="Gentoo Website">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/forums-gentoo-org.xml" title="Gentoo Forums">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/bugs-gentoo-org.xml" title="Gentoo Bugzilla">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/packages-gentoo-org.xml" title="Gentoo Packages">
<link rel="search" type="application/opensearchdescription+xml" href="https://www.gentoo.org/search/archives-gentoo-org.xml" title="Gentoo List Archives">
</head>
<body class="">
<header>
<div class="site-title">
<div class="container">
<div class="row">
<div class="site-title-buttons">
<div class="btn-group btn-group-sm">
<a href="https://get.gentoo.org/" role="button" class="btn get-gentoo"><span class="fa fa-fw fa-download"></span> <strong>Get Gentoo!</strong></a>
<div class="btn-group btn-group-sm">
<a class="btn gentoo-org-sites dropdown-toggle" data-toggle="dropdown" data-target="#" href="#">
<span class="fa fa-fw fa-map-o"></span> <span class="hidden-xs">gentoo.org sites</span> <span class="caret"></span>
</a>
<ul class="dropdown-menu dropdown-menu-right">
<li><a href="https://www.gentoo.org/" title="Main Gentoo website"><span class="fa fa-home fa-fw"></span> gentoo.org</a></li>
<li><a href="https://wiki.gentoo.org/" title="Find and contribute documentation"><span class="fa fa-file-text-o fa-fw"></span> Wiki</a></li>
<li><a href="https://bugs.gentoo.org/" title="Report issues and find common issues"><span class="fa fa-bug fa-fw"></span> Bugs</a></li>
<li><a href="https://forums.gentoo.org/" title="Discuss with the community"><span class="fa fa-comments-o fa-fw"></span> Forums</a></li>
<li><a href="https://packages.gentoo.org/" title="Find software for your Gentoo"><span class="fa fa-hdd-o fa-fw"></span> Packages</a></li>
<li class="divider"></li>
<li><a href="https://planet.gentoo.org/" title="Find out what's going on in the developer community"><span class="fa fa-rss fa-fw"></span> Planet</a></li>
<li><a href="https://archives.gentoo.org/" title="Read up on past discussions"><span class="fa fa-archive fa-fw"></span> Archives</a></li>
<li><a href="https://gitweb.gentoo.org/" title="Browse our source code in Gitweb"><span class="fa fa-code fa-fw"></span> Gitweb</a></li>
<li class="divider"></li>
<li><a href="https://infra-status.gentoo.org/" title="Get updates on the services provided by Gentoo"><span class="fa fa-server fa-fw"></span> Infra status</a></li>
</ul>
</div>
</div>
</div>
<div class="logo">
<a href="/" title="Back to the homepage" class="site-logo">
<object data="https://assets.gentoo.org/tyrian/v1/site-logo.svg" type="image/svg+xml">
<img src="https://assets.gentoo.org/tyrian/v1/site-logo.png" alt="Gentoo Linux logo">
</object>
</a>
</div>
</div>
</div>
</div>
<nav class="tyrian-navbar" role="navigation">
<div class="container">
<div class="row">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-main-collapse">
<span class="sr-only">Toggle navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse navbar-main-collapse">
<ul class="nav navbar-nav">
<li class=""><a href="/">Home</a></li>
<li class=""><a href="/get-started/">Get started</a></li>
<li class="active"><a href="/downloads/">Downloads</a></li>
<li class=""><a href="/inside-gentoo/">Inside Gentoo</a></li>
<li class=""><a href="/support/">Support</a></li>
<li class=""><a href="/get-involved/">Get involved</a></li>
</ul>
<ul class="nav navbar-nav navbar-right">
<li class=""><a href="/donate/"><span class="fa fa-heart" style="color:#d9534f;"></span> Donate</a></li>
</ul>
</div>
</div>
</div>
</nav>
<nav class="navbar navbar-grey navbar-stick" role="navigation">
<div class="container">
<div class="row">
<div class="navbar-header">
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-secondary-collapse">
<span class="sr-only">Toggle secondary navigation</span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
</div>
<div class="collapse navbar-collapse navbar-secondary-collapse">
<ul class="nav navbar-nav">
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
<li class="active"><a href="/downloads/signatures/">Signatures</a></li>
</ul>
</div>
</div>
</div>
</nav>
</header>
<div class="container">
<div class="row">
<div id="content" class="col-md-12">
<h1 class="first-header">Release media signatures</h1>
<p>
Our current releases are signed with either of these keys <strong>or any sub keys:</strong>
</p>
<br>
<table class="table table-striped">
<tr>
<th>Key Fingerprint</th>
<th>Description</th>
<th>Created</th>
<th>Expiry</th>
</tr>
<tr>
<td><kbd>13EBBDBEDE7A12775DFDB1BABB572E0E2D182910</kbd></td>
<td>Gentoo Linux Release Engineering (Automated Weekly Release Key)</td>
<td>2009-08-25</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>DCD05B71EAB94199527F44ACDB6B8C1F96D8BF6D</kbd></td>
<td>Gentoo ebuild repository signing key (Automated Signing Key)</td>
<td>2011-11-25</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>EF9538C9E8E64311A52CDEDFA13D0EF1914E7A72</kbd></td>
<td><a rel='external' href='https://github.com/gentoo-mirror/'>Gentoo repository mirrors</a> (automated git signing key)</td>
<td>2018-05-28</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>D99EAC7379A850BCE47DA5F29E6438C817072058</kbd></td>
<td>Gentoo Linux Release Engineering (Gentoo Linux Release Signing Key)</td>
<td>2004-07-20</td>
<td>2022-01-01</td>
</tr>
<tr>
<td><kbd>ABD00913019D6354BA1D9A132839FE0D796198B1</kbd></td>
<td>Gentoo Authority Key L1</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>18F703D702B1B9591373148C55D3238EC050396E</kbd></td>
<td>Gentoo Authority Key L2 for Services</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
<tr>
<td><kbd>2C13823B8237310FA213034930D132FF0FF50EEB</kbd></td>
<td>Gentoo Authority Key L2 for Developers</td>
<td>2019-04-01</td>
<td>2022-07-01</td>
</tr>
</table>
<br>
<div class="panel panel-default">
<div class="panel-heading">
<h3 class="panel-title"><span class="fa fa-fw fa-check-circle-o"></span> Verifying files</h3>
</div>
<div class="panel-body">
<p>To verify downloaded files are not tampered with, you need the <tt>.DIGESTS</tt> file matching your release and the matching key from the table above.</p>
<p>Fetch the key:</p>
<p><kbd>gpg --keyserver hkps://keys.gentoo.org --recv-keys &lt;key fingerprint&gt;</kbd></p>
<p>Alternatively, you can fetch a bundle containing all listed keys:</p>
<p><kbd>wget -O - https://qa-reports.gentoo.org/output/service-keys.gpg | gpg --import</kbd></p>
<p>Verify the <tt>DIGESTS</tt> file:</p>
<p><kbd>gpg --verify &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p>Verify the download matches the digests. At least one of the following will exist:</p>
<p><kbd>sha512sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p><kbd>sha256sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<p><kbd>sha1sum -c &lt;foo.DIGESTS.asc&gt;</kbd></p>
<br>
<div class="alert alert-info">
Detailed instructions are available in the <a href="https://wiki.gentoo.org/wiki/Handbook:Main_Page" class="alert-link">Gentoo Handbook</a>.
</div>
</div>
</div>
</div>
</div>
</div>
<footer>
<div class="container">
<div class="row">
<div class="col-xs-12 col-md-offset-2 col-md-7">
</div>
<div class="col-xs-12 col-md-3">
<h3 class="footerhead">Questions or comments?</h3>
Please feel free to <a href="/inside-gentoo/contact/">contact us</a>.
</div>
</div>
</div>
<div class="container-sitemap">
<div class="container">
<div class="row row-sitemap hidden-sm hidden-xs">
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/">Home</a></h3>
<ul class="sitemap">
<li class=""><a href="/news/">News</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/get-started/">Get Started</a></h3>
<ul class="sitemap">
<li class=""><a href="/get-started/about/">About Gentoo</a></li>
<li class=""><a href="/get-started/philosophy/">Philosophy</a></li>
<li class=""><a href="/get-started/screenshots/">Screenshots</a></li>
<li class=""><a href="https://wiki.gentoo.org/wiki/FAQ">FAQ <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/downloads/">Downloads</a></h3>
<ul class="sitemap">
<li class=""><a href="/downloads/mirrors/">Mirrors</a></li>
<li class=""><a href="/downloads/signatures/">Signatures</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/inside-gentoo/">Inside Gentoo</a></h3>
<ul class="sitemap">
<li class=""><a href="/inside-gentoo/developers/">Developers</a></li>
<li class=""><a href="https://wiki.gentoo.org/wiki/Project:Gentoo">Projects <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/glep/">GLEPs</a></li>
<li class=""><a href="/inside-gentoo/artwork/">Artwork</a></li>
<li class=""><a href="/inside-gentoo/foundation/">Gentoo Foundation</a></li>
<li class=""><a href="/inside-gentoo/sponsors/">Sponsors</a></li>
<li class=""><a href="/inside-gentoo/stores/">Stores</a></li>
<li class=""><a href="/inside-gentoo/contact/">Contact</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/support/">Support</a></h3>
<ul class="sitemap">
<li class=""><a href="/support/consulting/">Consulting</a></li>
<li class=""><a href="/support/documentation/">Documentation</a></li>
<li class=""><a href="/support/news-items/">News items</a></li>
<li class=""><a href="https://packages.gentoo.org/">Package database <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/support/security/">Security</a></li>
<li class=""><a href="/support/use-flags/">USE flags</a></li>
<li class=""><a href="/support/rsync-mirrors/">rsync mirrors</a></li>
</ul>
</div>
<div class="col-xs-12 col-sm-4 col-md-2">
<h3 class="footerhead"><a href="/get-involved/">Get Involved</a></h3>
<ul class="sitemap">
<li class=""><a href="/get-involved/irc-channels/">IRC channels</a></li>
<li class=""><a href="https://forums.gentoo.org/">Forums <span class="fa fa-fw fa-external-link-square external-link" title="This link will leave www.gentoo.org."></span></a></li>
<li class=""><a href="/get-involved/mailing-lists/">Mailing lists</a></li>
<li class=""><a href="/get-involved/contribute/">Contribute</a></li>
<li class=""><a href="/get-involved/become-developer/">Become a developer</a></li>
<li class=""><a href="/get-involved/get-code/">Get the code</a></li>
</ul>
</div>
</div>
</div>
</div>
<div class="container">
<div class="row">
<div class="col-xs-3 col-md-2">
<ul class="footerlinks three-icons">
<li><a href="https://twitter.com/gentoo" title="@Gentoo on Twitter"><span class="fa fa-twitter fa-fw"></span></a></li>
<li><a href="https://www.facebook.com/gentoo.org" title="Gentoo on Facebook"><span class="fa fa-facebook fa-fw"></span></a></li>
</ul>
<div>
<div class="sitemap text-center">
<a href="https://wiki.gentoo.org/wiki/Foundation:Privacy_Policy">Privacy Policy</a>
</div>
</div>
</div>
<div class="col-xs-8 col-md-8">
<strong>&copy; 2001&ndash;2021 Gentoo Authors</strong><br>
<small>
Gentoo is a trademark of the Gentoo Foundation, Inc.
The contents of this document, unless otherwise expressly stated, are licensed under the
<a href="https://creativecommons.org/licenses/by-sa/3.0/" rel="license">CC-BY-SA-3.0</a> license.
The <a href="/inside-gentoo/foundation/name-logo-guidelines.html">Gentoo Name and Logo Usage Guidelines</a> apply.
</small>
</div>
<div class="col-xs-1 col-md-1">
<strong><a class="text-dark" href="https://gitweb.gentoo.org/sites/www.git/">Version</a></strong><br>
<small>
91e01cb
</small>
</div>
</div>
</div>
</footer>
<script src="https://assets.gentoo.org/tyrian/v1/jquery.min.js"></script>
<script src="https://assets.gentoo.org/tyrian/v1/bootstrap.min.js"></script>
</body>
</html>

10
overlay/Linux/usr/local/bin/base_get_if.bash Executable file
View file

@ -0,0 +1,10 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# remove
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
exec bash /usr/local/bin/proxy_get_if.bash "$@"

56
overlay/Linux/usr/local/bin/base_hourly.bash Executable file
View file

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
PREFIX=/usr/local
ROLE=base
NOW=`date +%Y-%m-%d`
NOWM=`date +%Y-%m`
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ $( id -u ) -eq 0 ] || { ERROR $prog should be run as root ; exit 1 ; }
ly=hourly
errs=0
warns=0
elt=base
LOG_DIR=/usr/local/tmp
ELOG=$LOG_DIR/E${prog}_${ly}$$.log
WLOG=$LOG_DIR/W${prog}_${ly}$$.log
OUT=$LOG_DIR/O${prog}_${ly}$$.log
find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete
ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG
if ip route | grep -v ^def ; then
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$?
dirmngr-client -v --ping </dev/null || exit 4$?
fi
if [ $USER = root ] ; then
DBUG /var/log/auth.log
grep --text $NOW'.*\(Permission denied\|Could not\)' /var/log/auth.log
# | less -Ps"$NOW sauth.log" -Pm"$NOW sauth.log"
dmesg |grep -q martian && WARN `dmesg |grep -c martian ` Martians
fi
find /tmp -type f -empty -delete
[ -f $WLOG ] && warns=`wc -l $WLOG | cut -f 1 -d ' '`
[ $? -eq 0 -a $warns -ne 0 ] && \
WARN "$warns $ly $prog warnings in $WLOG"
[ -f $ELOG ] && errs=`wc -l $ELOG | cut -f 1 -d ' '`
[ $? -eq 0 -a $errs -ne 0 ] && \
ERROR "$errs $ly $prog errors in $ELOG" && cat $ELOG && exit $errs
[ $errs -eq 0 ] && \
ols_clean_testforge_logs $HARDEN_LOG_DIR && \
[ $warns -eq 0 ] && \
INFO "$prog No $ly errors in $HARDEN_LOG_DIR"
exit 0

38
overlay/Linux/usr/local/bin/base_pip_update.bash Executable file
View file

@ -0,0 +1,38 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
# pip installs into /usr/local/bin
# export PATH=.:$PATH:/usr/local/bin
LARGS="$@"
[ "$#" -ge 2 -a $1 = "-p" -a $2 = "2" ] && PYVER=2 || PYVER=3
$PREFIX/bin/base_pip_upgrade.bash "$@" | grep -v 'INFO:\|ERROR:\|DEBUG:' | \
tee /tmp/P$$.lis | \
while read elt rest ; do
[ $PYVER = 2 ] && str="import $elt;print $elt.__file__" || \
str="import $elt;print($elt.__file__)"
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1
if [ $? -ne 0 ] ; then
lelt=$( echo $elt | tr '[:upper:]' '[:lower:]' )
if [ "$lelt" != "$elt" ] ; then
[ $PYVER = 2 ] && str="import $lelt;print $lelt.__file__" || \
str="import $lelt;print($lelt.__file__)"
$PREFIX/bin/python$PYVER.sh -c $str >/tmp/P$$.log 2>&1 || \
{ rm -f /tmp/P$$.log ; continue ; }
fi
fi
grep /usr/lib /tmp/P$$.log && DBUG $PYVER $elt $rest && continue
grep $PREFIX /tmp/P$$.log && INFO $PYVER $elt $rest && continue
cat /tmp/P$$.log && WARN $PYVER $elt $rest && continue
done
rm -f /tmp/P$$.log
exit 0

122
overlay/Linux/usr/local/bin/base_pip_upgrade.bash Executable file
View file

@ -0,0 +1,122 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pip installs into /usr/local/bin
# export PATH=.:$PATH:/usr/local/bin
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
. /usr/local/etc/testforge/testforge.bash || exit 1
[ -d PREFIX=/var/local/var/log ] && \
BASE_LOG_DIR=/var/local/var/log || \
BASE_LOG_DIR=/tmp
pyver=3
inter=0
verbose=3
usage() {
echo "Usage: $0 [OPTIONS] dirs-or-files"
echo
echo " -i | --inter=$inter - interactivly upgrade 0 or 1 [0]"
echo " -p | --pyver=$pyver - python version - 2 or 3"
echo " -v | --verbose=$verbose - verbosity 0 least 5 most"
echo
echo " -V | --version - print version of this script"
echo " -h | --help - print this help"
}
exitWithErrMsg() {
retval=$1
shift
echo "$1" 1>&2
exit $retval
}
SHORTOPTS="hVp:v:i:"
LONGOPTS="help,version,pyver:,verbose:,inter:"
PKGS=
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && exitWithErrMsg 1 "Aborting."
route | grep -q ^default || exitWithErrMsg 2 "We are not connected: Aborting."
eval set -- "$ARGS"
while true; do
case "$1" in
-p|--pyver)
shift
pyver="$1"
;;
-i|--inter)
shift
inter=1
;;
-v|--verbose)
shift
verbose="$1"
;;
-h|--help)
usage
exit 0
;;
'--')
shift
PKGS="$*"
break
;;
*)
break
;;
esac
shift
done
#echo $PKGS
if [[ $pyver =~ 2.* ]] ; then
LOG_DIR=$BASE_LOG_DIR/pip/$BASE_PYTHON2_MINOR
pip_exe=/usr/local/bin/pip2.sh
else
LOG_DIR=$BASE_LOG_DIR/testforge/pip/$BASE_PYTHON3_MINOR
pip_exe=/usr/local/bin/pip3.sh
fi
cd /usr/local/bin
# --process-dependency-links
# this is missing many/most
# --format: invalid choice: 'legacy' (choose from 'columns', 'freeze', 'json')
$pip_exe list -o --format=columns --user | tee /tmp/$$.log
# pyface (Current: 4.5.2 Latest: 5.0.0 [sdist])
grep 'wheel$\|sdist$' /tmp/$$.log | while read pkg current latest rest ; do
echo "INFO: $pkg from $current to $latest "
if [ -n "$PKGS" ] ; then
echo "$PKGS" | grep -v "grep" | grep -q "$pkg" || continue
fi
# this is for the Msys distribution build from source
if [ -f ../src/$pkg.bash ] && grep VER= ../src/$pkg.bash ; then
[ -f ../src/$pkg.bash.old ] && WARN "$0 backup present $pkg.old" && continue
grep -q "^VER=\"$latest\"" ../src/$pkg.bash && \
WARN "$0 $pkg already $latest" && continue
mv ../src/$pkg.bash ../src/$pkg.bash.old
sed -e "s/VER=$current/VER=$latest/" ../src/$pkg.bash < ../src/$pkg.bash.old
echo "INFO: package $pkg "
fi
# -u 2
[ $inter -eq 0 ] && continue
read -p "READ: Upgrade $pkg from $current to $latest? " yn
[ "$yn" = "q" ] && exit
[ "$yn" = "y" ] || continue
$pip_exe $pkg $current $latest
done
rm -f /tmp/$$.log
exit 0

61
overlay/Linux/usr/local/bin/base_sheebang_after_pip.bash Executable file
View file

@ -0,0 +1,61 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

67
overlay/Linux/usr/local/bin/base_shutdown.bash Executable file
View file

@ -0,0 +1,67 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
PREFIX=/usr/local
. /usr/local/bin/usr_local_base.bash || exit 2
. ~/.bash_logout
# these can hang unmounting partitions
pkill dirmngr
pkill bootlogd
[ -x /var/local/bin/privacy_home_cleaner.bash ] && /var/local/bin/privacy_home_cleaner.bash
[ -f ~/Makefile ] && grep -q ^stop: ~/Makefile && \
{ cd ~ ; make stop || exit 2 ; }
local_base_umount () {
local mount
cd /mnt
mount=`mount`
for file in linux* ; do
echo $mount | grep -q " on /mnt/$file " || continue
echo /mnt/$file
umount -R /mnt/$file || exit 1
done
# not l - a b f d n u x i j k o q w e h z
for file in ? ; do
echo $mount | grep -q " on /mnt/$file " || continue
# echo /mnt/$file
umount /mnt/$file || WARN $prog error umounting /mnt/$file
done
umount -a
}
local_base_umount || exit 3
# should be 0
NUM=`losetup -a |grep -c -v home`
if [ $NUM -gt 0 ] ; then
losetup -a |grep -v home
echo losetup still mounted
exit 5
fi
sleep 10
umount -a -t ntfs-3g
# should be 1
NUM=`ps ax | grep mount.ntfs-3g | grep -v grep | wc -l`
if [ $NUM -ge 1 ] ; then
ps ax | grep mount.ntfs-3g | grep -v grep
ERROR mount.ntfs-3g still running
exit 6
fi
INFO Calling shutdown
if [ $# -lt 1 ] ; then
shutdown -r now
else
shutdown $*
fi

32
overlay/Linux/usr/local/bin/base_testforge_perm.bash Executable file
View file

@ -0,0 +1,32 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# very dangerous
[ "$#" -gt 0 ] && ROOT=$1 || ROOT=/
[ -d "$ROOT" ] || exit 1
ROLE=base
cd $ROOT || exit 2
GROUP=adm
[ -f /usr/local/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash
[ -n "$BOX_ALSO_GROUP" ] && GROUP=$BOX_ALSO_GROUP
if [ -d ${ROOT}/var/local ] ; then
# allow
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
chmod -R g+rw,o-w ${ROOT}/var/local/{bin,data,lib64,src,net}
chmod a+x ${ROOT}/var/local/{bin,src,share/bash}/*sh
# if [ -d ${ROOT}/var/local/src/lynis ] ; then
chgrp -R $GROUP ${ROOT}/var/local/{bin,data,lib64,src,net}
# forbid /var
chgrp -R root ${ROOT}/var/local/{etc,var,share}
chmod -R g-w,o-w ${ROOT}/var/local/{etc,var,share}
fi
if [ -d ${ROOT}/usr/local ] ; then
# forbid /usr but lib/python* will be created and allowed on install
chgrp -R root ${ROOT}/usr/local/
chmod -R g-w,o-rw ${ROOT}/usr/local/
fi
exit 0

56
overlay/Linux/usr/local/bin/base_wall.bash Executable file
View file

@ -0,0 +1,56 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
exit 0
ROLE=base
usage="
Usage:
wall [options] [message]
Write a message to all users.
Options:
-n, --nobanner do not print banner
-h, --help display this help and exit
"
SHORT=nh
LONG=nobanner,help
PARSED=$(getopt --options $SHORT --longoptions $LONG --name "$0" -- "$@")
if [[ $? -ne 0 ]]; then
echo "$usage"
exit 2
fi
eval set -- "$PARSED"
while true; do
case "$1" in
-n|--nobanner)
n=y
shift
;;
-h|--help)
echo "$usage"
exit 0
;;
--)
shift
break
;;
*)
exit 3
;;
esac
done
ps -ef | grep " pts/" | awk '{print $6}' | sort -u > /tmp/terminals_$$.tmp
ps -ef | grep " tty" | awk '{print $6}' | sort -u | grep -v "pts" >> /tmp/terminals_$$.tmp
if [ "$n" ]; then
pre=""
post=""
else
pre="-e \nBroadcast message from $(whoami)@$(hostname) ($(ps ax | grep "^$$" | awk '{ print $2 }')) ($(date +"%a %b %d %H:%M:%S %Y")):\n\n"
post='\n'
fi
cat /tmp/terminals_$$.tmp | while read TTY_TO; do echo $pre"$*"$post | sudo tee /dev/$TTY_TO 1>/dev/null; done
rm /tmp/terminals_$$.tmp

9
overlay/Linux/usr/local/bin/bash_to_bash.bash Executable file
View file

@ -0,0 +1,9 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
ROLE=base
# extra cleanups to bash from yaml_to_bash
sed -e '/\[/s@, @ @g' \
-e '/\[/s@\([^"]\)u"@\1"@g' -e "/\[/s@\([^']\)u'@\1'@g" \
-e 's@="*\[\(.*\)\]@=(\1)@' -e "s@='*\[\(.*\)\]@=(\1)@"

29
overlay/Linux/usr/local/bin/fact_to_bash.bash Executable file
View file

@ -0,0 +1,29 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# N.B.: creates /usr/local/etc/testforge/testforge.bash
# filter or program
# should be -f VAR_LOCAL/share/sed/fact_to_bash.sed
# but /usr/local/etc/testforge/testforge.bash isnt created yet
ROLE=base
# wierd: doesnt work on Ubuntu - grep -F -e '=' $* | sed -e 's@^ *@@' | eval
grep '=' $* | sed \
-e "s@u*'@@g" \
-e 's@^ *@@' \
-e 's@\[@"@' \
-e 's@\]@"@' \
-e 's@, @ @g' \
> /tmp/$$.bash
. /tmp/$$.bash
IFS='\t' sed -e 's/=/\t/' -e 's/"//g' /tmp/$$.bash |sort -u | while read key val ; do
# why filter these out?
# echo $key | grep -q 'SOCKS_PROXY\|NO_PROXY\|HTTP_PROXY\|HTTPS_PROXY\|GIT_' && continue
echo "export $key=\"$val\""
done
# rm /tmp/$$.bash

8
overlay/Linux/usr/local/bin/fact_to_yaml.bash Executable file
View file

@ -0,0 +1,8 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
# filter or program
grep '=' "$*" \
| sed -e "s@=@: @" -e "s@^ *@@"

108
overlay/Linux/usr/local/bin/pip.sh Executable file
View file

@ -0,0 +1,108 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/usr_local_base.bash || exit 3
ROLE=base
PREFIX=/usr/local
[ -z "$PYVER" ] && PYVER=3
declare -a TARGET
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
fi
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
$PREFIX/bin/python$PYVER.sh -m pip "$@"
exit $?
elif [ "$1" = 'html' ] ; then
wget -c -O - https://pypi.org/project/$2 2>/dev/null
exit $?
elif [ "$1" = 'lynx' ] ; then
lynx https://pypi.org/project/$2
exit $?
elif [ "$1" = 'elinks' ] ; then
elinks https://pypi.org/project/$2
exit $?
fi
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
fi
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
fi
# could from pip import download;print(download.__file__)
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
mv $file $file.dst
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
> $file $file.dst
fi
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
fi
if [ -e $PREFIX/net/Cache/Pip ] ; then
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
fi
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy http://localhost:3128"
MYID=$( id -u )
if [ "$1" = 'uninstall' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
elif [ "$1" = 'install' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
shift
RARGS="$RARGS --progress-bar=off"
# LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh"
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
# Can not combine '--user' and '--prefix'
if true ; then # >9.0.1
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
:
else
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
RARGS=" --prefix=$PREFIX $RARGS"
fi
else
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
# no quotes around the --install-option arg
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
fi
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
# fi
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
# this prohibits installing .egg dirs but maybe that means no multi-version
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
# require explicit package-by package installing - ? maybe only from ansible?
RARGS="install $RARGS"
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
fi
TARGET=("$@")
echo DBUG $prog $LARGS $RARGS "$@"
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1

8
overlay/Linux/usr/local/bin/pip2.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
export PYVER=2
exec /usr/local/bin/pip.sh "$@"

108
overlay/Linux/usr/local/bin/pip3.11.sh Normal file
View file

@ -0,0 +1,108 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/usr_local_base.bash || exit 3
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
PREFIX=/usr/local
PYVER=3
declare -a TARGET
if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
fi
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python3.10 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
PYTHON_MINOR=3.11
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
if [ "$#" -eq 0 ] || [[ "$*" =~ "--version" ]] || [[ "$*" =~ "--help" ]] ; then
$PREFIX/bin/python$PYVER.sh -m pip "$@"
exit $?
elif [ "$1" = 'html' ] ; then
wget -c -O - https://pypi.org/project/$2 2>/dev/null
exit $?
elif [ "$1" = 'lynx' ] ; then
lynx https://pypi.org/project/$2
exit $?
elif [ "$1" = 'elinks' ] ; then
elinks https://pypi.org/project/$2
exit $?
fi
if [ -x $PREFIX/bin/base_check_site_py.bash ] ; then
$PREFIX/bin/base_check_site_py.bash $PYTHON_MINOR >/dev/null || exit $?
fi
if [ -n "$PYTHONPATH" ] && [ -x $PREFIX/bin/base_clean_pythonpath.bash ] ; then
PYTHONPATH="$( $PREFIX/bin/base_clean_pythonpath.bash $PYTHON_MINOR $PYTHONPATH )"
fi
# could from pip import download;print(download.__file__)
file=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages/pip/download.py
if [ -f $file ] && grep -q 'if not check_path_owner' $file ; then
mv $file $file.dst
sed -e 's/if not check_path_owner/if False and not check_path_owner/' \
> $file $file.dst
fi
#DBUG $prog PYTHON_MINOR=$PYTHON_MINOR PYTHONPATH=$PYTHONPATH
LARGS="$BASE_PIP_GLOBAL_ARGS" # --no-python-version-warning
if [ -f /usr/local/etc/ssl/cacert-testforge.pem ] ; then
[[ "$*" =~ "--cert" ]] || [[ $LARGS =~ "--cert" ]] || LARGS="--cert $PREFIX/etc/ssl/cacert-testforge.pem $LARGS"
fi
if [ -e $PREFIX/net/Cache/Pip ] ; then
[[ "$*" =~ "--cache-dir" ]] || [[ $LARGS =~ "--cache-dir" ]] || LARGS="--cache-dir $PREFIX/net/Cache/Pip $LARGS"
fi
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy localhost:3128"
MYID=$( id -u )
if [ "$1" = 'uninstall' ] ; then
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
elif [ "$1" = 'install' ] ; then
shift
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
RARGS="$BASE_PIP_INSTALL_ARGS"
# Can not combine '--user' and '--prefix'
if true ; then # >9.0.1
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then
:
else
[ $MYID -eq 0 ] && ERROR $prog should not be run as root $MYID && exit 2
RARGS=" --prefix=$PREFIX $RARGS"
fi
else
# this is required, with the ~/.local symlinks, or it tries to uninstall from the system
[[ $RARGS =~ " --user" ]] || RARGS=" --user $RARGS"
# no quotes around the --install-option arg
[[ $RARGS =~ "--install-scripts" ]] || RARGS=" --install-option=--install-scripts=/usr/local/bin $RARGS"
[[ $RARGS =~ "--install-lib" ]] || RARGS=" --install-option=--install-lib=/usr/local/$LIB/python$PYTHON_MINOR/site-packages $RARGS"
fi
# if [ -d /etc/apt ] ; then # ! uname -a | grep Debian ||
# [[ $RARGS =~ "--install-layout" ]] || RARGS=" --install-option=--install-layout=unix $RARGS"
# fi
#? [[ $RARGS =~ "--no-binary" ]] || RARGS="--no-binary :all: $RARGS"
# this prohibits installing .egg dirs but maybe that means no multi-version
[[ $RARGS =~ "--only-binary" ]] || RARGS="--only-binary :none: $RARGS"
! $PREFIX/bin/python$PYVER.sh -m pip --help | grep -q upgrade-strategy || \
[[ $RARGS =~ "--upgrade-strategy" ]] || RARGS="--upgrade-strategy only-if-needed $RARGS"
# require explicit package-by package installing - ? maybe only from ansible?
RARGS="install $RARGS"
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
fi
TARGET=("$@")
echo DBUG $prog $LARGS $RARGS "$@"
exec $PREFIX/bin/python$PYVER.sh -W ignore::UserWarning -m pip $LARGS $RARGS "$@" 2>&1

8
overlay/Linux/usr/local/bin/pip3.sh Executable file
View file

@ -0,0 +1,8 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || { ERROR use bash ; exit 1 ; }
ROLE=base
export PYVER=3
exec /usr/local/bin/pip.sh "$@"

974
overlay/Linux/usr/local/bin/proxy_ping_test.bash Executable file
View file

@ -0,0 +1,974 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
ROLE=proxy
PYVER=3
# DEBUG=1
. /usr/local/bin/proxy_ping_lib.bash || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
PL=/usr/local/bin/proxy_libvirt_lib.bash
declare -a tests
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
which dig 2>/dev/null >/dev/null && HAVE_DIG=1 || HAVE_DIG=0
which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
[ -z "$prog" ] || prog=proxy_ping_test
proxy_ping_get_socks
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
HTTPS_PORT=9128
HTTPS_HOST=127.0.0.1
proxy_ping_get_https
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
HTTP_PORT=3128
HTTP_PROXY_HOST=127.0.0.1
proxy_ping_get_http
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -n "$PYTHON_MINOR" ] || exit 4
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
#? ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
exit 5
fi
THOPS=40
NEEDED_BINS="ping traceroute nmap dig nslookup tor-resolve"
NEEDED_SCRIPTS="
/usr/local/bin/proxy_ping_lib.bash
/usr/local/bin/proxy_ping_test.bash
"
grep -q Debian /etc/os-release
DEBIAN=$?
TIMEOUT=30
[ -n "$GATEW_DOM" ] || GATEW_DOM="$( proxy_testforge_get_gateway_dom )"
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
DNS_HOST1="208.67.220.220"
DNS_HOST2="8.8.8.8"ggggg
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
HTTP_TARGET=www.whatismypublicip.com
# time.nist.gov 132.163.97.3
NTP_HOST1=132.163.97.3
# pool.ntp.org 78.46.53.2
NTP_HOST2=78.46.53.2
# --no-check-certificate
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
CURL="curl -o /dev/null $CURL_ARGS"
SCURL="/usr/local/bin/scurl.bash --output /dev/null"
NSL='nslookup -querytype=A -debug'
NETS='netstat -nl4e'
ALL=""
[ -z "$USER" ] && USER=$(id -un )
[ $USER = root ] && DMESG_LINES=1 || DMESG_LINES=0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_ping_get_wlan`
# fixme - required
PROXY_WLAN=$( echo $PROXY_WLAN | grep ^wlan |sed -e 's/:.*//' )
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw`
# fixme - required
PROXY_WLAN_GW=$( echo $PROXY_WLAN_GW | grep ^wlan |sed -e 's/:.*//' )
MODE=$( proxy_ping_mode )
USAGE="$prog without arguments tests the current MODE=$MODE,
or 0 to list the tests by number,
or one or more of the groups:
"
DNS_HOST=$SOCKS_HOST
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
## proxy_test_netstat_dns
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
$NETS | grep -q ":53"
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" dns not running
[ -z "$ALL" ] && exit $ARG$retval || return 1
}
## proxy_test_traceroute_icmp_gw
proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
[ -n "$PROXY_WLAN_GW" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || return 1
traceroute --icmp $PROXY_WLAN_GW
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
[ -z "$ALL" ] && exit $ARG$retval || return 1
# works
GREP="-i icmp"
return 0
}
## proxy_test_dig_direct
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || return 1
INFO $prog test=$ARG "${tests[$ARG]}" dig @$DNS_HOST1
# works
GREP="53"
return 0
}
## proxy_test_curl_firewall_bin
proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ;
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
retval=$?
[ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval \
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER
proxy_iptables_save|tail|grep PTABLES_filter_DROP-o
[ -z "$ALL" ] && exit $ARG$retval || return $retval
}
## proxy_ping_curl
proxy_ping_curl () { DBUG proxy_ping_curl $* ;
local retval
timeout -k $TIMEOUT $TIMEOUT $CURL "$@"
retval=$?
# "DEBUG: wierd failure curl: (35) Encountered end of file"
[ $retval -eq 0 -o $retval -eq 35 ] && return 0
return $retval
}
## proxy_ping_make_help
proxy_ping_make_help () {
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
> /tmp/proxy_ping_test.hlp
return 0
}
## proxy_ping_test_virbr
proxy_ping_test_virbr () {
local n=$1
[ -z "$n" ] && n=1
[ -z "$CONN" ] || proxy_whonix_get_conn
[ "$CONN" = guest ] && return 0
[ -e /proc/sys/net/ipv4/conf/virbr$n ] || return 0
proxy_ifconfig virbr$n >/dev/null && return 0
return 0
}
## proxy_ping_broken
proxy_ping_broken () { DBUG proxy_ping_broken PROXY_WLAN=$PROXY_WLAN $* ;
# 0 is true
local a=$MODE
if [ "$a" = vda -o "$a" = ws ]; then
# grep 10.152.152.10 /etc/resolv.conf &&
PING_BROKEN=0
return 0
elif [ "$a" = gateway ]; then
PING_BROKEN=0
return 0
elif [ -z "$PROXY_WLAN_GW" ] ; then
PING_BROKEN=0
return 0
fi
[ -n "$PING_BROKEN" ] && return $PING_BROKEN
DBUG $prog proxy_ping_mode=$a PROXY_WLAN=$PROXY_WLAN PROXY_WLAN_GW=$PROXY_WLAN_GW
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $PROXY_WLAN_GW # 10.16.238.1
if [ $? -ne 0 ] ; then
PING_BROKEN=0
else
PING_BROKEN=1
fi
return $PING_BROKEN
}
## proxy_do_ping
proxy_do_ping () { DBUG proxy_do_ping $* ;
proxy_route_check || { ERROR $prog route not connected ; return 1$? ; }
proxy_ping_broken && return 0
[ -n "$PROXY_WLAN" ] || PROXY_WLAN=`proxy_get_if` || {
ERROR $prog unable to get wlan $? ; return 2 ;
}
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
if [ $retval -eq 1 ] ; then
# false negatives
sleep 4
ping -4 -I $PROXY_WLAN -c 1 -W $TIMEOUT $DNS_HOST2 >/tmp/P$$.log 2>&1
retval=$?
fi
[ $retval -lt 1 ] || {
ERROR $prog do_ping $PROXY_WLAN retval=$retval
rm /tmp/P$$.log
PING_BROKEN=0
return 3$retval
}
grep -q ' 0% ' /tmp/P$$.log || \
{ ERROR $prog retval=$? test=$1 ping retval=$retval ; rm /tmp/P$$.log ; return 4 ; }
PING=1
grep 'packet\|bytes from' /tmp/P$$.log
rm /tmp/P$$.log
return 0
}
proxy_run_as_root () { DBUG proxy_run_as_root $* ;
[ $( id -u ) -eq 0 ] && return 0
ERROR must be root
[ -z "$ALL" ] && exit 9
return 1
}
## proxy_test_pretests
proxy_test_pretests () {
if [ "$1" = panic ] ; then
: dont ping on panic
proxy_ping_broken || proxy_do_ping || \
{ WARN ping failed for panic so skipping ; exit 0 ; }
elif [ "$1" = direct -o "$1" = gateway -o "$1" = vda -o "$1" = kick ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_ping_broken || proxy_do_ping || exit 3$?
proxy_ping_test_resolv $MODE ||\
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
elif [ "$1" = nat ] ; then
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
else
proxy_do_ping || exit 4$?
proxy_ping_test_resolv $MODE || \
{ WARN "$prog proxy_ping_test_resolv=$? /etc/resolv.conf.$dire" MODE=$MODE
exit 4 ; }
fi
return 0
}
## proxy_test_help_args
proxy_test_help_args () {
declare -a ret=()
ret=( $(grep " -.* $1 " /tmp/proxy_ping_test.hlp | \
sed -e 's/.=.*//' -e 's/.*tests.//') )
echo "${ret[@]}"
return 0
}
ALL=0
## proxy_ping_test_set_args
proxy_ping_test_set_args () {
local args="$@"
local val="$@"
declare -a aret=()
rm -f /tmp/proxy_ping_test.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
aret=( 6 13 16 ) && \
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
## vda - through the Gateway with the firewall - also polipo,panic - uses env
[ "$1" = vda ] &&
aret=( 35 3 20 ) #
## tor - tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
[ "$1" = tor ] &&
aret=( 21 30 20 4 5 36 3 )
## kick - open firewall with tor running - call dns,polipo +tor in addition
[ "$1" = kick -o "$1" = host ] &&
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
## gateway - on the Gateway, trans firewall with tor running - call dns in addition
[ "$1" = gateway ] &&
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
# aliases
[ "$1" = "$SOCKS_PORT" ] && set -- socks
[ "$1" = "$HTTP_PORT" ] && set -- http
[ "$1" = "$HTTPS_PORT" ] && set -- https
[ "$1" = "53" ] && set -- dns
[ "$1" = "9053" ] && set -- tordns
[ "$1" = scan ] && set -- iwlist
[ "$1" = panic ] && set -- firewall
[ "$1" = tor ] && set -- torhost
[ "$1" = to_gateway ] && set -- whonix
[ "$1" = from_tor ] && set -- whonix
[ "$1" = from_gateway ] && set -- gateway
[ "$1" = traceroute ] && set -- = trace
[ "$1" = connected ] && set -- wifi
[ "$1" = clear ] && set -- direct
# scenarios - modes: nat selektor
## nat - through the Gateway via the nat
[ "$1" = nat ] && \
set -- ping dns socks http https tordns firefail libvirtguest
# wifi?
[ "$1" = whonix ] && \
set -- ping tordns dns socks http https torhost tordns firefail gw
[ "$1" = tor ] && \
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
[ "$1" = selektor ] && \
set -- ping tordns dns trace socks http https torhost tordns firefail nmap gw
[ "$1" = direct -o "$1" = '' ] && \
set -- ping dns trace nmap gw
## all - all tests not stopping on the first error
[ "$1" = all ] && ALL=1
# aret="${#tests[@]}"
## gw - test if we are connected to the gateway
## torhost - running tor with the firewall
## env - from the cmdline with a properly setup env
## firefail - test the proxy without env vars to expect failure
## http - assumes torhost or whonix and env setup
## https - assumes torhost or whonix and env setup
## socks - assumes torhost or whonix and env setup
## ping - connected routed test the ping to DNS hosts
## ntp - ntpdate through the firewall
## nmap - nmap sgid through the firewall - does not assume env
## iwlist - wlan scan
## firewall - test that the firewall blocks
## virbr1 - assumes tor or whonix
## gateway - ssh to the whonix gateway
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
## wifi - test if we are connected - call scan in addition
## libvirthost - hosting a libvirt container
## libvirtguest - in a libvirt container
## tordns - test 9053 for dns using tor-resolve
## dns - dns using tor or the gateway, with the firewall - does not assume env
## whonix - whonix to the Gateway with the firewall - also panic - not assume env
## whonix - whonix gateway host side client setup with the firewall was from_to## direct - assume no firewall and no proxy - but may work depend on env
r
for elt in "$@" ; do
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \
"$elt" = libvirthost -o "$elt" = libvirtguest -o "$elt" = virbr1 -o \
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \
] ; then
aret+=( `proxy_test_help_args $elt` )
else
WARN unrecognized: $elt >&2
fi
done
DBUG "${aret[@]}" >&2
echo "${aret[@]}"
return 0
}
# -I $PROXY_WLAN -c 1 $DNS_HOST2
if [ "$#" = 0 ] ; then
# default to mode
set -- $MODE
fi
if [ $1 = '-h' -o $1 = '--help' ] ; then
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
exit 0
elif [ "$1" = 0 ] ; then
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
echo 0 help /tmp/proxy_ping_test.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help
. /tmp/proxy_ping_test.hlp
for elt in "${!tests[@]}" ; do
echo $elt "${tests[$elt]}"
done
exit 0
elif [[ $1 =~ ^[0-9] ]] ; then
: passthrough
else
set -- `proxy_ping_test_set_args "$@"`
DBUG running tests numbered "$@"
fi
proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
proxy_test_pretests "$1"
# https://stackoverflow.com/questions/8290046/icmp-sockets-linux/20105379#20105379
if [ $( id -u ) -eq 0 ] ; then
proxy_ping_chattr
fi
DBUG $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE $*
# $( sysctl net.ipv4.ping_group_range )
# proxy_iptables_save|grep 216
while [ "$#" -gt 0 ] ; do
# DBUG $prog $1
ARG=$1 ; shift
GREP=""
if [ -z "$ARG" ] ; then
continue
elif ! [ "$ARG" -ge 0 ] ; then
ERROR $prog called with an unrecognized argument $ARG from $0
exit 9
elif [ $ARG -le 0 ] ; then
# do the ping and resov.conf
true
elif [ $ARG -eq 1 ] ; then
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
[ -n "$https_proxy" ] && LARGS="" || \
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
$LARGS $WGET https://$HTTP_TARGET
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}"
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval test=$ARG
[ -z "$ALL" ] && continue
fi
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 2 ] ; then
[ -n "$https_proxy" ] && LARGS="--proxy $https_proxy" || \
LARGS="--proxy https://${HTTPS_HOST}:${HTTPS_PORT}"
tests[2]="curl_https_as_user curl $LARGS https://$HTTP_TARGET - https "
proxy_ping_curl $LARGS https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $LARGS https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 3 ] ; then
tests[3]="curl_socks_virbr1_as_user $SOCKS_HOST $SOCKS_PORT - torhost "
# proxy_dest_port_wlan_config || { ERROR DEST=$DEST ; continue ; }
# curl: (4) A requested feature, protocol or option was not found built-in in this libcurl due to a build-time decision
[ $DEBIAN -eq 0 ] && continue
[ -z "$socks_proxy" ] && socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e| grep 15:$SOCKS_PORT || {
retval=$?
ERROR ssh -o ForwardX11=no user@10.0.2.15 netstat
[ -z "$ALL" ] && exit $ARG$retval || continue ;
}
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy \
--interface virbr1 n--dns-interface virbr1 https://$HTTP_TARGET >/dev/null || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl -x $socks_proxy --interface virbr1 --dns-interface virbr1 https://$HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue
}
else
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${SOCKS_HOST} $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue ; }
fi
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 4 ] ; then
tests[4]="dig_socks_through_as_user @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com - tordns "
[ $HAVE_DIG = 1 ] || continue
if [ $MODE = whonix ] ; then
ssh -o ForwardX11=no user@10.0.2.15 netstat -nl4e | grep 15:$SOCKS_DNS
fi
dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @${SOCKS_HOST} -p $SOCKS_DNS www.whatismypublicip.com
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 5 ] ; then
tests[5]="nslookup_socks_as_user - tordns "
[ $HAVE_NSLOOKUP = 1 ] || continue
desc="$NSL -port=$SOCKS_DNS www.whatismypublicip.com ${DNS_HOST}"
$desc >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works with fix
GREP="$SOCKS_DNS"
elif [ $ARG -eq 6 ] ; then
proxy=`proxy_ping_get_https`
desc="curl --proxy http://${proxy}"
tests[6]="curl_https_as_user - https "
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval $desc
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" $desc
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 7 ] ; then
tests[8]="traceroute_icmp_dns_as_root --icmp - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -m $THOPS || { \
retval=$?
ERROR $retval traceroute --icmp -m $THOPS
[ -z "$ALL" ] && exit 7$retval
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 8 ] ; then
tests[8]="traceroute_tcp_dns_as_root -i $PROXY_WLAN -p 53 -T4 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN -p 53 -T4 $DNS_TARGET -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -T4 -p 53 -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 9 ] ; then
tests[9]="traceroute_icmp_dns_as_user -p 53 - trace "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
traceroute -i $PROXY_WLAN --icmp $DNS_TARGET -p 53 -m $THOPS || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute -i $PROXY_WLAN --icmp -m $THOPS
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="53"
elif [ $ARG -eq 10 ] ; then
tests[10]="wget_http_as_user $HTTP_PORT - http "
proxy=`proxy_ping_get_http`
env http_proxy=http://${proxy} \
$WGET -S http://$HTTP_TARGET 2>/dev/null
retval=$?
# 8 is an oddball
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget $HTTP_PORT
else
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval wget $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
GREP="$HTTP_PORT"
elif [ $ARG -eq 11 ] ; then
tests[11]="curl_https_as_user - https "
proxy=`proxy_ping_get_https`
proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="$HTTP_PORT"
elif [ $ARG -eq 12 ] ; then
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
[ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220"
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 13 ] ; then
tests[13]="curl_firewall_bin - wifi "
[ $USER = root ] || continue
proxy_test_curl_firewall_bin || continue
INFO $prog test=$ARG "${tests[$ARG]}" curl bin
# works
GREP="443"
elif [ $ARG -eq 14 ] ; then
tests[14]="traceroute_icmp_gw_as_root --icmp $PROXY_WLAN_GW - gw wifi "
[ $USER = root ] || continue
[ $HAVE_TRACEROUTE = 1 ] || continue
proxy_test_traceroute_icmp_gw || continue
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 15 ] ; then
tests[15]="test_dig_direct - direct "
[ $HAVE_DIG = 1 ] || continue
proxy_test_dig_direct || continue
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
elif [ $ARG -eq 16 ] ; then
tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost "
[ $USER = root ] || continue
[ $HAVE_NSLOOKUP = 1 ] || continue
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works /fails but maybe a noop
GREP="53"
elif [ $ARG -eq 17 ] ; then
tests[17]="ntpdate_as_root ntpdate without service - ntp "
proxy_run_as_root || exit 9
[ -x /usr/sbin/ntpdate ] || continue
# Curious: even though sgid 2755 ntp it fails as su ntp
# 12 Nov 23:28:35 ntpdate[17341]: bind() fails: Permission denied
/usr/sbin/ntpdate "$NTP_HOST1" || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="123"
elif [ $ARG -eq 18 ] ; then
tests[18]="ntpdate_as_root ntpdate with servie - ntp "
proxy_run_as_root || exit 9
proxy_rc_service ntpd status >/dev/null && \
proxy_rc_service ntpd stop >/dev/null && sleep 2
/usr/sbin/ntpdate $NTP_HOST1 || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ntpdate
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
proxy_rc_service ntpd status >/dev/null || proxy_rc_service ntpd start
GREP="123"
elif [ $ARG -eq 19 ] ; then
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \
http://$HTTP_TARGET >/dev/null && {
retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=80
elif [ $ARG -eq 20 ] ; then
tests[20]="curl_socksproxy_as_user curl $SOCKS_PORT - socks "
# needs dns
[ $DEBIAN -eq 0 ] && continue
socks_proxy=socks5h://${SOCKS_HOST}:$SOCKS_PORT
proxy_ping_curl -x $socks_proxy https://$HTTP_TARGET >/dev/null \
|| { retval=$? ; ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl $SOCKS_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works with user/pass
GREP="$SOCKS_PORT"
elif [ $ARG -eq 21 ] ; then
tests[21]="curl_httpsproxy_as_user - https "
[ -z "$https_proxy" ] && https_proxy=http://${HTTPS_PROXY_HOST}:${HTTPS_PORT}
proxy_ping_curl -x $https_proxy https://$HTTP_TARGET >/dev/null || { \
if [ "$MODE" = gateway ] ; then
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} ${HTTPS_PORT}
continue
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl ${HTTPS_HOST} HTTPS_PORT=${HTTPS_PORT}
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
}
INFO $prog test=$ARG "${tests[$ARG]}" curl ${HTTPS_HOST} ${HTTPS_PORT}
GREP="${HTTPS_PORT}"
elif [ $ARG -eq 22 ] ; then
tests[22]="iwlist_scan_as_user iwlist $PROXY_WLAN scan - iwlist "
[ $USER = root ] || continue
which iwlist 2>/dev/null || continue
[ -n "$PROXY_WLAN" ] || proxy_get_if || continue
iwlist $PROXY_WLAN scan >/dev/null || {
ERROR $prog retval=$? test=$ARG $PROXY_WLAN scan
[ -z "$ALL" ] && exit $ARG$1 || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
elif [ $ARG -eq 23 ] ; then
tests[23]="curl_proxy_as_user - direct "
proxy_ping_curl --insecure https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl direct
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 24 ] ; then
tests[24]="dig_direct_or_dnsmasq dig -b $IP www.whatismypublicip.com - direct "
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
[ -n "$IP" ] || continue
dig -b $IP www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" dig -b $IP
elif [ $ARG -eq 25 ] ; then
tests[25]="nslookup_as_user - direct "
[ $HAVE_NSLOOKUP = 1 ] || continue
# noenv with or without proxy
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working
$NSL >/dev/null www.whatismypublicip.com || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup www.whatismypublicip.com
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}" nslookup
elif [ $ARG -eq 26 ] ; then
tests[26]="route_connected_ping_scan - direct "
[ $HAVE_DIG = 1 ] || continue
#? proxy_test_pretests
proxy_do_ping && \
INFO $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP || \
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
elif [ $ARG -eq 27 ] ; then
tests[27]="dns_as_user dig -b 127.0.0.1 - direct "
[ $HAVE_DIG = 1 ] || continue
[ -n "$PROXY_WLAN" -a -n "$IP" ] || proxy_ping_get_wlan_gw || continue
dig -b 127.0.0.1 www.whatismypublicip.com +timeout=$TIMEOUT >/dev/null || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval dig -b $IP
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 28 ] ; then
tests[28]="wget_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
$WGET -S https://$HTTP_TARGET 2>/dev/null
retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" wget
else
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval wget
[ -z "$ALL" ] && exit $ARG$retval || continue
fi
elif [ $ARG -eq 29 ] ; then
tests[29]="curl_as_user - direct "
proxy_ping_test_env || { WARN $prog test=$ARG "${tests[$ARG]}" no proxy in env ; }
proxy_ping_curl https://$HTTP_TARGET >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval curl
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 30 ] ; then
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
[ $MODE = tor -o $MODE = selektor ] || {
ERROR $prog MODE != tor test=$ARG
[ -z "$ALL" ] && exit $ARG$retval || continue
}
port=$SOCKS_PORT
$NETS | grep -q :$port || {
ERROR $prog retval=$? test=$ARG tor not running on $port
[ -z "$ALL" ] && exit $ARG || continue
}
[ $USER = root ] || continue
# was /usr/local/bin/tor_bootstrap_check.bash
[ -f /usr/local/src/helper-scripts/tor_bootstrap_check.py ] || return 1
python3.sh /usr/local/src/helper-scripts/tor_bootstrap_check.py
# morons 100%
retval=$?
[ $retval -eq 0 -o $retval -eq 100 ] || { \
retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor_bootstrap_check
}
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 31 ] ; then
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \
retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval polipo http pages $HTTP_PORT
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="$HTTP_PORT"
elif [ $ARG -eq 32 ] ; then
tests[32]="ping_nmap_direct_as_root nmap 53 - direct "
[ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue
[ -n "$PROXY_WLAN" -a -n "$PROXY_WLAN_GW" ] || proxy_ping_get_wlan_gw || continue
proxy_ping_nmap_direct $DNS_HOST1 "$PROXY_WLAN_GW" U:67 || {
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmapd 53
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 33 ] ; then
tests[33]="host_virbr_as_user proxy_ping_test_virbr 1 - libvirthost "
proxy_ping_test_virbr 1 || {
retval=$?
ERROR $CONN virbr1 not running
[ -z "$ALL" ] && exit 1 || continue
}
# * Immediate connect fail for 10.0.2.15: Connection refused
INFO $prog test=$ARG "${tests[$ARG]}"
elif [ $ARG -eq 34 ] ; then
tests[34]="python_ping_as_root traceroute --icmp $PROXY_WLAN_GW - wifi "
[ $USER = root ] || continue
[ -n "$PROXY_WLAN_GW" -a -n "$IP" ] || PROXY_WLAN_GW=`proxy_ping_get_wlan_gw` || continue
[ -f /usr/local/bin/ping2.py ] || continue
/usr/local/bin/ping2.py $IP $DNS_HOST1 $PROXY_WLAN_GW || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval ping2.py $DNS_HOST1
[ -z "$ALL" ] && exit $ARG$retval || continue
}
# works
INFO $prog test=$ARG "${tests[$ARG]}"
GREP="-i icmp"
elif [ $ARG -eq 35 ] ; then
tests[35]="dig_as_root - firewall dig @$DNS_HOST1 - torhost dns "
[ $USER = root ] || continue
[ $HAVE_DIG = 1 ] || continue
# @$DNS_HOST1
su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="53"
elif [ $ARG -eq 36 ] ; then
tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns "
[ $HAVE_TOR_RESOLVE = 1 ] || continue
tor-resolve pool.ntp.org >/dev/null || { \
retval=$?
# dunno Failed parsing SOCKS5 response conf?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org
continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
# works
GREP="9053"
elif [ $ARG -eq 37 ] ; then
tests[37]="qemu-guest-agent and ports - libvirtguest "
ser=qemu-guest-agent
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
proxy_rc_service $ser status >/dev/null || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval $ser status
[ -z "$ALL" ] && exit $ARG$retval || continue
}
[ -d /dev/virtio-ports ] || { \
retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval /dev/virtio-ports
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
GREP=""
elif [ $ARG -eq 38 ] ; then
tests[38]="qemu-guest-agent and ports - libvirthost whonix "
[ $USER = root ] || continue
$PL proxy_libvirt_list
aret=$?
if [ $aret -eq 10 ] ;then
WARN proxy_libvirt_status hung
elif [ $aret -ne 10 -a $aret -ne 0 ] ; then
DBUG proxy_libvirt_status aret=$aret
else
$PL proxy_libvirt_list | grep -q "$GATEW_DOM" || {
ERROR MODE=$MODE and $GATEW_DOM not running ;
[ -z "$ALL" ] && exit $ARG$retval || continue
}
INFO $prog test=$ARG "${tests[$ARG]}"
fi
elif false ; then
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
$NETS | grep -q :53 || {
ERROR $prog retval=$? test=$ARG local resolv.conf but :53 not running
[ -z "$ALL" ] && exit 1 || continue
}
fi
fi
[ -n "$GREP" ] && [ $DMESG_LINES -gt 0 ] && \
DBUG `dmesg|tail|grep $GREP|tail -$DMESG_LINES`
done
exit 0
1)
env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate
2)
curl $D -k --proxy
3)
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
5)
nslookup -port=$SOCKS_DNS www.whatismypublicip.com ${SOCKS_HOST} \
6)
curl -k --proxy $HTTP_PORT
16)
nslookup $PRIV_BIN_OWNER
18)
ntpdate as sroot
19)
curl raw noproxy
0)
usage

20100
overlay/Linux/usr/local/bin/proxy_testssl_lib.bash Executable file
View file

File diff suppressed because it is too large Load diff

60
overlay/Linux/usr/local/bin/python.sh Executable file
View file

@ -0,0 +1,60 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
[ -z "$PYVER" ] && PYVER=3
export PYVER
#[ -f /usr/local/bin/usr_local_tput.bash ] && \
# . /usr/local/bin/usr_local_tput.bash
ROLE=base
declare -a RARGS
RARGS=("$@")
[ -f /usr/local/bin/pyver.sh ] && . /usr/local/bin/pyver.sh || {
[ -f /usr/local/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR >&2 ; exit 1
fi
}
if [ -z "$PYTHONPATH" ] ; then
# sic - failsafe
export PYTHONPATH=/usr/lib/python$PYTHON_MINOR/site-packages
fi
if [ -d /usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding ] ; then
if [ -z "$LD_LIBRARY_PATH" ] ; then
export LD_LIBRARY_PATH=/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
else
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/$LIB/python$PYTHON_MINOR/site-packages/llvmlite/binding
fi
fi
# do I want $HOME/.local on the path? - no
# do I want local/lib/.../dist-packages on the path? - no is already is
# on Debian ~/.local/lib/python*/site-packages is already on the path
for elt in usr/local ; do
[ -d /$elt ] || continue
[ -d /$elt/bin ] && [[ ! $PATH =~ /$elt/bin ]] && \
export PATH=$PATH:/$elt/bin
[ -e /$elt/$LIB ] || continue
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/$elt/$LIB
[ -d /$elt/$LIB/python$PYTHON_MINOR/site-packages ] || \
mkdir /$elt/$LIB/python$PYTHON_MINOR/site-packages
[ ! -f /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py ] && \
touch /$elt/$LIB/python$PYTHON_MINOR/site-packages/__init__.py
[[ ! $PYTHONPATH =~ /$elt/$LIB/python$PYTHON_MINOR/site-packages ]] && \
export PYTHONPATH=$PYTHONPATH:/$elt/$LIB/python$PYTHON_MINOR/site-packages
done
# echo INFO exec /usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"
/usr/bin/python$PYTHON_MINOR -W ignore::DeprecationWarning "${RARGS[@]}"

5
overlay/Linux/usr/local/bin/python2.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=bash
export PYVER=2
exec /usr/local/bin/python.sh "$@"

5
overlay/Linux/usr/local/bin/python3.sh Executable file
View file

@ -0,0 +1,5 @@
#!/bin/bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=bash
export PYVER=3
/usr/local/bin/python.sh "$@"

117
overlay/Linux/usr/local/bin/pyver.sh Executable file
View file

@ -0,0 +1,117 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
DBUG() { echo DEBUG $* >&2 ; }
INFO() { echo INFO $* >&2 ; }
WARN() { echo WARN $* >&2 ; }
ERROR() { echo ERROR $* >&2 ; }
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
[ -z "$PYVER" ] && PYVER=3 # echo ERROR define PYVER >&2 && exit 1
[ -z "$USER" ] && USER=$( id -un )
ini_file=/usr/local/etc/testforge/testforge.bash
if [ ! -f $ini_file ] ; then
# bootstrap
[ -d /usr/local/etc/testforge ] || mkdir -p /usr/local/etc/testforge
[ -x /usr/bin/python$PYVER ] && \
echo export BASE_PYTHON${PYVER}_MINOR=`/usr/bin/python$PYVER --version|sed -e 's/.* //' -e 's/\.[0-9]*$//'` >> $ini_file
else
. $ini_file >/dev/null
fi
set -- -x
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR
exit 1
fi
if [ "$USER" = root ] ; then
[ -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py ] && \
mv /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py /usr/$LIB/python$PYTHON_MINOR/sitecustomize.py.bak && \
rm -f /usr/$LIB/python$PYTHON_MINOR/sitecustomize.pyc
fi
if [ ! -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] ; then
if [ "$USER" = root ] ; then
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
chgrp adm /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
chmod 775 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
else
ERROR Install error missing /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
exit 2
fi
fi
[ -d /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ ] || \
mkdir -p /usr/local/$LIB/python$PYTHON_MINOR/site-packages/
[ -f /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ] || \
cat > /usr/local/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py << EOF
# -*- mode: python; indent-tabs-mode: nil; py-indent-offset: 4; coding: utf-8 -*-
from __future__ import print_function
import codecs
codecs._codecs_lookup = codecs.lookup
def lookup(s):
if s.endswith('-unix'):
s = s[:-5]
elif s.endswith('-dos'):
s = s[:-4]
return codecs._codecs_lookup(s)
codecs.lookup = lookup
import os,sys
pyver = sys.version[:3]
notver = "3" if sys.version[:1] == '2' else '2'
for elt in sys.path:
if elt.find('python' + notver) < 0: continue
p = os.environ.get('PYTHONPATH', '')
sys.stderr.write('WARN: sitecustomize.py PYTHONPATH=' +p +' sys.path=' +repr(sys.path) +'\n')
sys.stderr.write('"python' + notver +' in sys.path for ' +sys.executable +"\n")
raise RuntimeError('"python' + notver +' in sys.path for ' +sys.executable)
dir=None
for elt in ['var', 'usr']:
if 'LD_LIBRARY_PATH' not in os.environ or 'PYTHONPATH' not in os.environ:
continue
dir = '/' + elt + '/local/bin'
if dir not in os.environ['PATH'].split(os.pathsep):
continue
dir = '/' + elt + "/local/$LIB"
if dir not in os.environ['LD_LIBRARY_PATH'].split(os.pathsep):
continue
dir = '/' + elt + "/local/$LIB/python" + pyver + '/site-packages'
# the bash wrapper will have put this on
if dir in os.environ['PYTHONPATH'].split(os.pathsep):
# print(repr(sys.path))
if dir not in sys.path:
sys.path.insert(0, dir)
bin = '/' + elt + '/local/bin/python' + pyver[0]
if elt == 'var':
bin += '.bash'
else:
bin += '.sh'
if os.path.isfile(bin):
# print(sys.executable + '=' + bin)
sys.executable = bin
# var takes precedence
break
if __name__ == '__main__':
print(sys.executable)
del os, sys, dir, elt, pyver
EOF

36
overlay/Linux/usr/local/bin/testforge_get_inventory.bash Executable file
View file

@ -0,0 +1,36 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# on stdout - messages on stderr
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
base=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$TESTFORGE_ANSIBLE_SRC" ] || TESTFORGE_ANSIBLE_SRC=/g/TestForge/src/ansible
name=`hostname`
if [ -d "$TESTFORGE_ANSIBLE_SRC" ] && [ -f $TESTFORGE_ANSIBLE_SRC/hosts.yml ] ; then
base=$name
ansible-inventory -i $TESTFORGE_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$TESTFORGE_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
if [ $? -eq 0 -a -f /tmp/${AnsI}$$.json ] ; then
#!? export
VALUE=`jq .$VARIABLE </tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
# [ -n "$DEBUG" ] && echo >&2 "DEBUG: $prog base=$base VALUE=$VALUE"
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
fi
rm -f /tmp/${AnsI}$$.json
fi
exit 0

39
overlay/Linux/usr/local/bin/testforge_local_bin.bash Executable file
View file

@ -0,0 +1,39 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
. /usr/local/bin/usr_local_base.bash || exit 2
umask 0022
[ "$#" -gt 0 ] && inidir=$1 || inidir=/usr/local/etc/testforge
[ -f $inidir ] || mkdir -p $inidir
if [ -f $inidir ] ; then
inifile=$inidir
else
inifile=$inidir/testforge.ini
fi
# echo -n "DEBUG: $prog "; ls -l $inifile
[ -e $inifile ] || { ERROR no file $inifile ; exit 1 ; }
[ -s $inifile ] || { ERROR empty file $inifile ; exit 2 ; }
bashfile=$( echo $inifile | sed -e 's/.ini$/.bash/' )
if [ ! -s $bashfile ] || [ $inifile -nt $bashfile ] ; then
INFO "$inifile > $bashfile"
/usr/local/bin/fact_to_bash.bash < $inifile > $bashfile || exit 3
echo 'export PATH=$PATH:/sbin:/usr/local/bin:/var/local/bin' >> $bashfile
echo -n "DEBUG: $prog bashfile"; ls -l $bashfile
fi
ymlfile=$( echo $inifile | sed -e 's/.ini$/.yml/' )
if [ ! -s $ymlfile ] || [ $inifile -nt $ymlfile ] ; then
INFO "$inifile > $ymlfile"
/usr/local/bin/fact_to_yaml.bash < $inifile > $ymlfile || exit 4
echo -n "DEBUG: $prog ymlfile "; ls -l $ymlfile
fi
. $bashfile || exit $?
exec bash /usr/local/bin/base_sheebang_after_pip.bash

60
overlay/Linux/usr/local/bin/testforge_sheebang_after_pip.bash Executable file
View file

@ -0,0 +1,60 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
. /usr/local/bin/usr_local_base.bash || exit 2
PREFIX=/usr/local
ROLE=base
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
for PYTHON_MINOR in "$BASE_PYTHON2_MINOR" "$BASE_PYTHON3_MINOR" ; do
[ -z "$PYTHON_MINOR" ] && continue
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
fi
done
umask 0022
# [ "$#" -eq 0 ] && set -- $PREFIX/bin
# FixMe? /usr/local/bin too? I think not, except for ours?
for prefix in /usr/local /var/local ; do
cd $prefix/bin || exit 1
#? ls -1d * | grep -v '~' | xargs file | grep -i python | sed -e 's/:.*//'|while read file ; do
ls -1 | grep -v '~' | xargs file | grep script | sed -e 's/:.*//' | \
while read file ; do
head -1 $file | grep -q python || continue
head -1 $file | grep -q $prefix/python..bash && continue
base=$( echo $file | sed -e 's/\.bash$//' )
under=$( echo $prefix | sed -e 's/^.//' -e 's@/@_@g' )
if [ -h /etc/python-exec/$base.conf ] ; then
link=$( readlink /etc/python-exec/$base.conf )
if [ "$link" = python2.conf ] ; then
sed -f $prefix/share/sed/${under}_python2.sed -i $file
else
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
else
sed -f $prefix/share/sed/${under}_python2.sed -i $file
sed -f $prefix/share/sed/${under}_python3.sed -i $file
fi
# echo $file
done
# failsafe - Eberly - no longer active
for elt in $BASE_PYTHON2_MINOR $BASE_PYTHON3_MINOR ; do
[ -f $prefix/${LIB}/python$elt/site-packages/site.py ]
# WARN missing $prefix/${LIB}/python$elt/site-packages/site.py
done
done
exit 0

425
overlay/Linux/usr/local/bin/toxcore_create-vm.bash Executable file
View file

@ -0,0 +1,425 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
export PATH=$PATH:$PREFIX/bin
have_genisoimage=true
# create-vm - Quickly create guest VMs using cloud image files and cloud-init.
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# Set BOX_NBD_OVERLAY_DIR environment variable to override default storage location for VMs
HOSTNAME=
IMG_FQN=
AUTH_KEYS_FQN=
RAM=2048
VCPUS=1
STORAGE=20
BRIDGE=virbr1
MAC='52:54:00:1d:9c:6f'
VERBOSE=
PASS=
OSINFO=gentoo
password=ansible
OUTDIR=${BOX_NBD_OVERLAY_DIRs:-"${HOME}/vms/virsh"}
usage()
{
cat << EOF
usage: $0 options
Quickly create guest VMs using cloud image files and cloud-init.
OPTIONS:
-h Show this message
-n Host name (required)
-i Full path and name of the base .img file to use (required)
-k Full path and name of the ansible user's public key file (required)
-d Output directory for the overlay qcow2 and related files
-r RAM in MB (defaults to ${RAM})
-c Number of VCPUs (defaults to ${VCPUS})
-s Amount of storage to allocate in GB (defaults to ${STORAGE})
-b Bridge interface to use (defaults to ${BRIDGE})
-m MAC address to use (default is to use a randomly-generated MAC)
-o OSINFO name like win11, win10, fedora32, gentoo, ububtu20
-p ansible users plaintext password
-v Verbose
EOF
}
while getopts "h:n:i:k:r:c:s:b:m:o:p:d:v" option; do
case "${option}"
in
h)
usage
exit 0
;;
n) HOSTNAME=${OPTARG};;
i) IMG_FQN=${OPTARG};;
k) AUTH_KEYS_FQN=${OPTARG};;
r) RAM=${OPTARG};;
c) VCPUS=${OPTARG};;
s) STORAGE=${OPTARG};;
b) BRIDGE=${OPTARG};;
m) MAC=${OPTARG};;
p) PASS=${OPTARG};;
o) password=${OPTARG};;
d) OUTDIR=${OPTARG};
BOX_NBD_OVERLAY_DIR=${OUTDIR};;
v) VERBOSE=1;;
*)
ERROR unhandled option "${option}" ${OPTARG}
usage
exit 1
;;
esac
done
if [[ -z $HOSTNAME ]]; then
ERROR "Host name is required"
usage
exit 1
fi
if [[ -z $IMG_FQN ]]; then
ERROR "Base cloud image file name is required"
usage
exit 1
fi
if [[ -z $BOX_NBD_OVERLAY_DIR ]]; then
ERROR "Output image directory is required BOX_NBD_OVERLAY_DIR"
usage
exit 1
fi
if [[ -z $AUTH_KEYS_FQN ]]; then
ERROR "ansible public key file $AUTH_KEYS_FQN not found"
usage
exit 1
fi
if ! [[ -f $IMG_FQN ]]; then
ERROR "$IMG_FQN file not found"
usage
exit 1
fi
if [[ -n $VERBOSE ]]; then
INFO "Building ${HOSTNAME} in $BOX_NBD_OVERLAY_DIR"
set -xv
fi
mkdir -p "$BOX_NBD_OVERLAY_DIR"/{images,xml,init,base} || exit 2
echo "Creating a qcow2 image file ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img that uses the cloud image file ${IMG_FQN} as its base"
INFO qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G"
qemu-img create -b "${IMG_FQN}" -f qcow2 -F qcow2 \
"${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img" "${STORAGE}G" || \
exit 3
echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data"
cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data" << EOF
instance-id: ${HOSTNAME}
local-hostname: ${HOSTNAME}
EOF
# echo "Creating meta-data file $BOX_NBD_OVERLAY_DIR/init/meta-data.json"
# cat > "$BOX_NBD_OVERLAY_DIR/init/meta-data.json" << EOF
cat > /dev/null << EOF
{
"admin_pass": "root",
"availability_zone": "nova",
"hostname": "test.novalocal",
"launch_index": 0,
"name": "gentoo6",
"meta": {
"role": "webservers",
"essential": "false"
},
"public_keys": {
"mykey": " ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
},
"uuid": "83679162-1378-4288-a2d4-70e13ec132aa"
}
EOF
# password=`openssl passwd -1 -stdin <<< $password`
echo "Creating user-data file $BOX_NBD_OVERLAY_DIR/init/user-data"
# https://techglimpse.com/nova-boot-instance-with-password/
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << EOF
#cloud-config
# password: ansible
# chpasswd: { expire: False }
ssh_pwauth: true
runcmd:
- "rc-update add qemu-guest-agent"
- "chmod 755 /etc/init.d/qemu-guest-agent"
- "/etc/init.d/qemu-guest-agent start"
- "echo /etc/init.d/qemu-guest-agent start >> /etc/rc.local"
users:
- default
- name: ansible
sudo: ["ALL=(ALL) NOPASSWD:ALL"]
groups:
- wheel
- adm
shell: /bin/bash
plain_text_password: "$password"
chpasswd: { expire: False }
homedir: /home/ansible
ssh_pwauth: true
ssh_authorized_keys:
- "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRCJCQ1UD9QslWDSw5Pwsvba0Wsf1pO4how5BtNaZn0xLZpTq2nqFEJshUkd/zCWF7DWyhmNphQ8c+U+wcmdNVcg2pI1kPxq0VZzBfZ7cDwhjgeLsIvTXvU+HVRtsXh4c5FlUXpRjf/x+a3vqFRvNsRd1DE+5ZqQHbOVbnsStk3PZppaByMg+AZZMx56OUk2pZCgvpCwj6LIixqwuxNKPxmJf45RyOsPUXwCwkq9UD4me5jksTPPkt3oeUWw1ZSSF8F/141moWsGxSnd5NxCbPUWGoRfYcHc865E70nN4WrZkM7RFI/s5mvQtuj8dRL67JUEwvdvEDO0EBz21FV/iOracXd2omlTUSK+wYrWGtiwQwEgr4r5bimxDKy9L8UlaJZ+ONhLTP8ecTHYkaU1C75sLX9ZYd5YtqjiNGsNF+wdW6WrXrQiWeyrGK7ZwbA7lagSxIa7yeqnKDjdkcJvQXCYGLM9AMBKWeJaOpwqZ+dOunMDLd5VZrDCU2lpCSJ1M="
EOF
echo "Adding keys from the public key file $AUTH_KEYS_FQN to the user-data file"
while IFS= read -r key; do
echo " - $key" >> "$BOX_NBD_OVERLAY_DIR/init/user-data"
done < <(grep -v '^ *#' < "$AUTH_KEYS_FQN")
VM_IMAGE_DIR="$BOX_NBD_OVERLAY_DIR"
#old . /usr/local/bin/toxcore_create-ga.sh || exit 4
cat > "$BOX_NBD_OVERLAY_DIR/init/user-data" << \EOF
#!/bin/bash
# typically only executes on first boot
echo "############# user_data executing ##############"
#grep gentoo /etc/shadow
sed -e 's/#-:ALL:ALL/+:gentoo:ALL/' -i /etc/security/access.conf
PW=`echo $PASS | openssl passwd -1 --stdin `
grep -q ^gentoo /etc/passwd || \
useradd --gid 4 --uid 1000 --home-dir /home/gentoo \
--comment Gentoo --password "$PW" \
-G adm,wheel --shell /bin/bash gentoo
usermod --password "$PW" -G adm,wheel gentoo
# root
usermod --password '$1$1Ho4y/W8$5VymfKWWAhLxwkkPZiWTZ1' root
# unlock account
passwd -u gentoo
passwd -u root
sed -e 's/# %wheel /%wheel /' -i /etc/sudoers
sed -e 's/PasswordAuthentication no/PasswordAuthentication yes/' -i /etc//ssh/sshd_config
sed -e 's/PermitRootLogin.*/PermitRootLogin yes/' -i /etc//ssh/sshd_config
grep net.ipv4.ip_forward=1 /etc/sysctl.conf || \
echo net.ipv4.ip_forward=1 >> /etc/sysctl.conf
cd /etc/init.d
[ -e net.eth0 ] || ln -s net.lo net.eth0
for elt in i o linuxPen19 ; do
grep -q $elt /etc/fstab && continue
echo "$elt /mnt/$elt virtiofs defaults 0 0" >> /etc/fstab
done
#grep gentoo /etc/shadow
EOF
echo "Generating the cidata ISO file $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.iso"
(
cd "$BOX_NBD_OVERLAY_DIR/init/"
genisoimage \
-output "$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img" \
-volid cidata \
-rational-rock \
-joliet \
-input-charset utf-8 \
user-data meta-data
) || exit 5
MACCMD=
if [[ -n $MAC ]]; then
MACCMD="--mac=${MAC}"
fi
[ -f ${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img ] || exit 5
[ -f $BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img ] || exit 6
# libvirt.libvirtError: /usr/lib/qemu/qemu-bridge-helper --use-vnet --br=-c --fd=31: failed to communicate with bridge helper: stderr=failed to parse default acl file `/etc/qemu/bridge.conf'
if [ ! -f "/etc/qemu/bridge.conf" ] ; then
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
elif ! grep $BRIDGE "/etc/qemu/bridge.conf" ; then
echo allow $BRIDGE >> "/etc/qemu/bridge.conf"
fi
if [ $BRIDGE = virbr0 ] ; then
network=default
# 192.168.122.248/24
elif [ $BRIDGE = virbr1 ] ; then
network=Whonix-External
else
WARN unrecognized $BRIDGE
fi
if [ "$network" != '' ] ; then
virsh net-list | grep -q $network || \
virsh net-start $network
else
network=default
fi
file=/etc/libvirt/qemu/networks/$network.xml
if [ ! -f $file ] ; then
WARN no network file $file
elif ! grep '<range ' $file ; then
WARN no 'DHCP <range> in network file' $file
fi
declare -a LARGS
LARGS=(
--name="${HOSTNAME}" \
--osinfo "$OSINFO" \
--import \
--disk "path=${BOX_NBD_OVERLAY_DIR}/images/${HOSTNAME}.img,format=qcow2" \
--disk "path=$BOX_NBD_OVERLAY_DIR/images/${HOSTNAME}-cidata.img,device=cdrom" \
--ram="${RAM}" \
--vcpus="${VCPUS}" \
--autostart \
--hvm \
--arch x86_64 \
--accelerate \
--check-cpu \
--force \
--watchdog=default \
--channel type=spicevmc,target.type=virtio,target.name=com.redhat.spice.0 \
--channel type=unix,target.type=virtio,target.name=org.qemu.guest_agent.0 \
--rng /dev/urandom \
--os-variant detect=on,name=$OSINFO \
--noautoconsole \
)
# not type=qemu-vdagent
NETWORK="--network network=$network,model=virtio"
if [ -n "$NETWORK" ] ; then
LARGS+=(
$NETWORK \
)
fi
LARGS+=(
# --graphics spice,listen=socket \
--boot init=/sbin/init
--console pty
--video vga
--memorybacking source.type=memfd,access.mode=shared
--filesystem /,/mnt/linuxPen19 \
)
INFO virt-install "${LARGS[@]}"
# squelch warnings
python3.sh `which virt-install` "${LARGS[@]}" || exit 7
# --debug
#? --shmem name=shmem_server,type="memfd",mode="shared"
# --shmem name=shmem0 ivshmem device is not supported with this QEMU binary
# was --graphics vnc,listen=0.0.0.0
# --osinfo "$OSINFO" \
# Make a backup of the VM's XML definition file
virsh dumpxml "${HOSTNAME}" > "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" || exit 8
INFO wrote xml `ls -l ${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml`
if [ -n "$VERBOSE" ]; then
set +xv
fi
# problems: type=qemu-vdagent unix unix=on
# problems: type="spicevmc
# ERROR Unknown --channel options: ['unix']
cp "${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml" \
"${BOX_NBD_OVERLAY_DIR}/xml/${HOSTNAME}.xml".new
cat > /tmp/ga.works <<EOF
<channel type="unix">
<source mode="bind" path="/var/lib/libvirt/qemu/channel/target/domain-25-gentoo1/org.qemu.guest_agent.0"/>
<target type="virtio" name="org.qemu.guest_agent.0" state="connected"/>
<address type="virtio-serial" controller="0" bus="0" port="2"/>
</channel>
EOF
cat > /tmp/sp.works <<EOF
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0" state="disconnected"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
EOF
# Show running VMs
virsh list | grep "${HOSTNAME}" && INFO "${HOSTNAME}" || {
ERROR "${HOSTNAME}" ; exit 9$? ; }
# use the following passwordless demonstration key for testing or
# replace with your own key pair
#
# -----BEGIN OPENSSH PRIVATE KEY-----
# b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
# NhAAAAAwEAAQAAAYEA0QiQkNVA/ULJVg0sOT8LL22tFrH9aTuIaMOQbTWmZ9MS2aU6tp6h
# RCbIVJHf8wlhew1soZjaYUPHPlPsHJnTVXINqSNZD8atFWcwX2e3A8IY4Hi7CL0171Ph1U
# bbF4eHORZVF6UY3/8fmt76hUbzbEXdQxPuWakB2zlW57ErZNz2aaWgcjIPgGWTMeejlJNq
# WQoL6QsI+iyIsasLsTSj8ZiX+OUcjrD1F8AsJKvVA+JnuY5LEzz5Ld6HlFsNWUkhfBf9eN
# ZqFrBsUp3eTcQmz1FhqEX2HB3POuRO9JzeFq2ZDO0RSP7OZr0Lbo/HUS+uyVBML3bxAztB
# Ac9tRVf4jq2nF3dqJpU1EivsGK1hrYsEMBIK+K+W4psQysvS/FJWiWfjjYS0z/HnEx2JGl
# NQu+bC1/WWHeWLao4jRrDRfsHVulq160Ilnsqxiu2cGwO5WoEsSGu8nqpyg43ZHCb0FwmB
# izPQDASlniWjqcKmfnTrpzAy3eVWawwlNpaQkidTAAAFgGKSj8diko/HAAAAB3NzaC1yc2
# EAAAGBANEIkJDVQP1CyVYNLDk/Cy9trRax/Wk7iGjDkG01pmfTEtmlOraeoUQmyFSR3/MJ
# YXsNbKGY2mFDxz5T7ByZ01VyDakjWQ/GrRVnMF9ntwPCGOB4uwi9Ne9T4dVG2xeHhzkWVR
# elGN//H5re+oVG82xF3UMT7lmpAds5VuexK2Tc9mmloHIyD4BlkzHno5STalkKC+kLCPos
# iLGrC7E0o/GYl/jlHI6w9RfALCSr1QPiZ7mOSxM8+S3eh5RbDVlJIXwX/XjWahawbFKd3k
# 3EJs9RYahF9hwdzzrkTvSc3hatmQztEUj+zma9C26Px1EvrslQTC928QM7QQHPbUVX+I6t
# pxd3aiaVNRIr7BitYa2LBDASCvivluKbEMrL0vxSVoln442EtM/x5xMdiRpTULvmwtf1lh
# 3li2qOI0aw0X7B1bpatetCJZ7KsYrtnBsDuVqBLEhrvJ6qcoON2Rwm9BcJgYsz0AwEpZ4l
# o6nCpn5066cwMt3lVmsMJTaWkJInUwAAAAMBAAEAAAGAEuz77Hu9EEZyujLOdTnAW9afRv
# XDOZA6pS7yWEufjw5CSlMLwisR83yww09t1QWyvhRqEyYmvOBecsXgaSUtnYfftWz44apy
# /gQYvMVELGKaJAC/q7vjMpGyrxUPkyLMhckALU2KYgV+/rj/j6pBMeVlchmk3pikYrffUX
# JDY990WVO194Dm0buLRzJvfMKYF2BcfF4TvarjOXWAxSuR8www050oJ8HdKahW7Cm5S0po
# FRnNXFGMnLA62vN00vJW8V7j7vui9ukBbhjRWaJuY5rdG/UYmzAe4wvdIEnpk9xIn6JGCp
# FRYTRn7lTh5+/QlQ6FXRP8Ir1vXZFnhKzl0K8Vqh2sf4M79MsIUGAqGxg9xdhjIa5dmgp8
# N18IEDoNEVKUbKuKe/Z5yf8Z9tmexfH1YttjmXMOojBvUHIjRS5hdI9NxnPGRLY2kjAzcm
# gV9Rv3vtdF/+zalk3fAVLeK8hXK+di/7XTvYpfJ2EZBWiNrTeagfNNGiYydsQy3zjZAAAA
# wBNRak7UrqnIHMZn7pkCTgceb1MfByaFtlNzd+Obah54HYIQj5WdZTBAITReMZNt9S5NAR
# M8sQB8UoZPaVSC3ppILIOfLhs6KYj6RrGdiYwyIhMPJ5kRWF8xGCLUX5CjwH2EOq7XhIWt
# MwEFtd/gF2Du7HUNFPsZGnzJ3e7pDKDnE7w2khZ8CIpTFgD769uBYGAtk45QYTDo5JroVM
# ZPDq08Gb/RhIgJLmIpMwyreVpLLLe8SwoMJJ+rihmnJZxO8gAAAMEA0lhiKezeTshht4xu
# rWc0NxxD84a29gSGfTphDPOrlKSEYbkSXhjqCsAZHd8S8kMr3iF6poOk3IWSvFJ6mbd3ie
# qdRTgXH9Thwk4KgpjUhNsQuYRHBbI59Mo+BxSI1B1qzmJSGdmCBL54wwzZmFKDQPQKPxiL
# n0Mlc7GooiDMjT1tbuW/O1EL5EqTRqwgWPTKhBA6r4PnGF150hZRIMooZkD2zX6b1sGojk
# QpvKkEykTwnKCzF5TXO8+wJ3qbcEo9AAAAwQD+Z0r68c2YMNpsmyj3ZKtZNPSvJNcLmyD/
# lWoNJq3djJN4s2JbK8l5ARUdW3xSFEDI9yx/wpfsXoaqWnygP3PoFw2CM4i0EiJiyvrLFU
# r3JLfDUFRy3EJ24RsqbigmEsgQOzTl3xfzeFPfxFoOhokSvTG88PQji1AYHz5kA7p6Zfaz
# Ok11rJYIe7+e9B0lhku0AFwGyqlWQmS/MhIpnjHIk5tP4heHGSmzKQWJDbTskNWd6aq1G7
# 6HWfDpX4HgoM8AAAALaG9sbWFuYkBhcmM=
# -----END OPENSSH PRIVATE KEY-----
#

61
overlay/Linux/usr/local/bin/toxcore_delete-vm.bash Executable file
View file

@ -0,0 +1,61 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
# delete-vm - Delete a virtual machine created with create-vm
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
VM=$1
# Set VM_IMAGE_DIR environment variable to override default storage location for VMs
VM_IMAGE_DIR=${VM_IMAGE_DIR:-"${HOME}/vms/virsh"}
VM_IMAGE="${VM_IMAGE_DIR}/images/$VM.img"
CI_IMAGE="${VM_IMAGE_DIR}/images/$VM-cidata.img"
usage()
{
cat << EOF
usage: $0 vmname
EOF
}
if [[ -z $VM ]]; then
usage
exit 1
fi
if [[ -e $VM_IMAGE ]]; then
# VM exists
virsh destroy "$VM"
virsh undefine "$VM"
rm -fv "$VM_IMAGE" "$CI_IMAGE"
else
echo "Cannot find an VM image file named '$VM_IMAGE'. Attempting undefine..."
virsh undefine "$VM"
fi

55
overlay/Linux/usr/local/bin/toxcore_get-vm-ip.bash Executable file
View file

@ -0,0 +1,55 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# from https://github.com/earlruby/create-vm/
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash || {
DBUG() { echo DEBUG $* ; }
INFO() { echo INFO $* ; }
WARN() { echo WARN $* ; }
ERROR() { echo ERROR $* ; }
}
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
. /usr/local/etc/testforge/testforge.bash
[ -n "$HOSTVMS_VAR_LOCAL" ] && PREFIX=$HOSTVMS_VAR_LOCAL
# get-node-ip - Get the IP address of a VM managed by virsh.
# Copyright 2018-2023 Earl C. Ruby III
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
usage()
{
cat << EOF
usage: $0 hostname
This script will take a virsh-managed VM hostname and return the IP address.
EOF
}
HOSTNAME=$1
if [[ -z $HOSTNAME ]]; then
echo "ERROR: Hostname is required"
usage
exit 1
fi
MAC=$(virsh domiflist $HOSTNAME | awk '{ print $5 }' | tail -2 | head -1)
arp -a | grep $MAC | awk '{ print $2 }' | sed 's/[()]//g'
INFO MAC=$MAC arp=$arp

70
overlay/Linux/usr/local/bin/usr_loc Executable file
View file

@ -0,0 +1,70 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -z "$DEBUG" ] && DEBUG=0
if [ -n "$TERM" ] ; then
# vars that can be used to change font color
blue=$(tput setaf 6)
cyan=$(tput setaf 5)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
red=$(tput setaf 1)
normal=$(tput sgr0) # default color
else
blue=
cyan=
green=
yellow=
red=
normal=
fi
FTAL () {
echo ${red}FATL:${normal} $*
exit $1
}
ftal () { FTAL >&2 "$@" ; }
panic () { FTAL >&2 "$@" ; }
ERROR () {
echo ${red}EROR:${normal} $*
return 0
}
error () { ERROR >&2 $* ; }
WARN () {
echo ${yellow}WARN:${normal} $*
return 0
}
warn () { WARN >&2 $* ; }
USAGE () {
echo ${yellow}USAGE:${normal} $*
return 0
}
usage () { USAGE >&2 $* ; }
INFO () {
echo ${green}INFO:${normal} $*
return 0
}
info () { INFO >&2 $* ; }
DBUG () {
[ -z "$DEBUG" -o "$DEBUG" -eq 0 ] || echo ${blue}DBUG:${normal} $*
return 0
}
dbug () { DBUG >&2 $* ; }
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
usage () {
echo ${yellow}USAGE:${normal} $*
return 0
}
USAGE () { usage $* ; }

36
overlay/Linux/usr/local/bin/usr_local_base.bash Executable file
View file

@ -0,0 +1,36 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash
## box_gentoo_emerge
box_gentoo_emerge () {
[ "$#" -lt 1 ] && return 0
local elt
declare -a ARGS
for elt in "$@" ; do
[ -z "$elt" ] && continue
grep -q "^$elt$" /var/lib/portage/world && continue
ls /var/db/pkg/"$elt"-[0-9]* 2>/dev/null >/dev/null && continue
qlist -IsS "$elt" | grep -q "^$elt" && continue
equery l -f "^$elt$" | grep '^.I' && continue
ARGS+=($elt)
done
[ "${#ARGS[@]}" -eq 0 ] && exit 0
INFO "${ARGS[@]}"
/usr/local/sbin/box_gentoo_emerge.bash "${ARGS[@]}" || return $?
return 0
}
base=usr_local_base
# DBUG 0=$0
if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then
[ "$#" -eq 0 ] && exit 0
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \
echo USAGE: $0 && grep '^[a-z].*()\|^## ' $0 | sed -e 's/().*//'|sort && exit 0
eval "$@"
exit $?
fi

76
overlay/Linux/usr/local/bin/usr_local_tput.bash Executable file
View file

@ -0,0 +1,76 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$TERM" ] && exit 0
[ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un )
[ -z "$DEBUG" ] && DEBUG=0
if [ -n "$TERM" ] ; then
# vars that can be used to change font color
blue=$(tput setaf 6)
cyan=$(tput setaf 5)
green=$(tput setaf 2)
yellow=$(tput setaf 3)
red=$(tput setaf 1)
normal=$(tput sgr0) # default color
else
blue=
cyan=
green=
yellow=
red=
normal=
fi
FATL () {
[ $# -eq 1 ] && code=1
[ $# -gt 1 ] && code=$1 && shift
echo ${red}FATL:${normal} $*
exit 1
}
ftal () { FATL >&2 "$@" ; }
panic () { FATL >&2 "$@" ; }
PANIC () { FATL >&2 "$@" ; }
ERROR () {
echo ${red}EROR:${normal} $*
return 0
}
error () { ERROR >&2 $* ; }
WARN () {
echo ${yellow}WARN:${normal} $*
return 0
}
warn () { WARN >&2 $* ; }
USAGE () {
echo ${yellow}USAGE:${normal} $*
return 0
}
usage () { USAGE >&2 $* ; }
INFO () {
echo ${green}INFO:${normal} $*
return 0
}
info () { INFO >&2 $* ; }
DBUG () {
[ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || echo ${blue}DBUG:${normal} $*
return 0
}
dbug () { DBUG >&2 $* ; }
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
usage () {
echo ${yellow}USAGE:${normal} $*
return 0
}
USAGE () { usage $* ; }
ols_are_we_connected () { route | grep -q ^default ; return $? ; }

35
overlay/Linux/usr/local/bin/yaml_to_bash.bash Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pkuczynski/parse_yaml.sh
prog=$( basename $0 .bash )
ROLE=base
# FixMe: lists should be space delineated not comma
parse_yaml() {
local prefix
local depth
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
[ "$#" -eq 2 ] && prefix=$2 || prefix=""
[ "$#" -gt 2 ] && depth=$3 || depth=""
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {
if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn="";
for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash.bash' -o $( basename -- $0 ) = 'parse_yaml.sh' ] ; then
parse_yaml "$@"
fi

34
overlay/Linux/usr/local/bin/yaml_to_bash2.bash Executable file
View file

@ -0,0 +1,34 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# pkuczynski/parse_yaml.sh
prog=$( basename $0 .bash )
ROLE=base
# FixMe: lists should be space delineated not comma
# Read YAML file from Bash script
# Credits: https://gist.github.com/pkuczynski/8665367
# Updated to support single quotes
parse_yaml() {
local prefix
local depth
local s='[[:space:]]*' w='[a-zA-Z0-9_]*' fs=$(echo @|tr @ '\034')
[ "$#" -gt 1 ] && prefix=$2 || prefix=""
[ "$#" -gt 2 ] && depth=$3 || depth=""
sed -ne "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-ne "s|^\($s\)\($w\)$s:$s'\(.*\)'$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)$s:$s\(.*\)$s\$|\1$fs\2$fs\3|p" $1 |
awk -F$fs '{
indent = length($1)/2;
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("'$depth'")}
printf("%s%s%s=\"%s\"\n", "'$prefix'",vn, $2, $3);
}
}'
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash2.bash' -o $( basename -- $0 ) = 'parse_yaml2.sh' ] ; then
parse_yaml "$@"
fi

68
overlay/Linux/usr/local/bin/yaml_to_bash3.bash Executable file
View file

@ -0,0 +1,68 @@
#!/usr/bin/env bash
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# shellcheck disable=SC1003
prog=$( basename $0 .bash )
ROLE=base
# github.com/jasperes/bash-yaml/script/yaml.sh
# Based on https://gist.github.com/pkuczynski/8665367
parse_yaml() {
local yaml_file=$1
local prefix=$2
local s
local w
local fs
s='[[:space:]]*'
w='[a-zA-Z0-9_.-]*'
fs="$(echo @|tr @ '\034')"
(
sed -e '/- [^\“]'"[^\']"'.*: /s|\([ ]*\)- \([[:space:]]*\)|\1-\'$'\n'' \1\2|g' |
sed -ne '/^--/s|--||g; s|\"|\\\"|g; s/[[:space:]]*$//g;' \
-e "/#.*[\"\']/!s| #.*||g; /^#/s|#.*||g;" \
-e "s|^\($s\)\($w\)$s:$s\"\(.*\)\"$s\$|\1$fs\2$fs\3|p" \
-e "s|^\($s\)\($w\)${s}[:-]$s\(.*\)$s\$|\1$fs\2$fs\3|p" |
awk -F"$fs" '{
indent = length($1)/2;
if (length($2) == 0) { conj[indent]="+";} else {conj[indent]="";}
vname[indent] = $2;
for (i in vname) {if (i > indent) {delete vname[i]}}
if (length($3) > 0) {
vn=""; for (i=0; i<indent; i++) {vn=(vn)(vname[i])("_")}
printf("%s%s%s%s=(\"%s\")\n", "'"$prefix"'",vn, $2, conj[indent-1],$3);
}
}' |
sed -e 's/_=/+=/g' |
awk 'BEGIN {
FS="=";
OFS="="
}
/(-|\.).*=/ {
gsub("-|\\.", "_", $1)
}
{ print }'
) < "$yaml_file"
}
create_variables() {
local yaml_file="$1"
local prefix="$2"
eval $(parse_yaml "$yaml_file" "$prefix")
}
if [ -x /usr/bin/basename ] && [ $( basename -- $0 ) = 'yaml_to_bash3.bash' -o $( basename -- $0 ) = 'parse_yaml3.sh' ] ; then
[ "$#" -eq 0 ] && echo "USAGE: $0 yamlfile [ prefix ]" && exit 1
file=$1
shift
[ "$#" -gt 1 ] && prefix=$1 || prefix=""
echo "DEBUG: $file $prefix"
create_variables $file $prefix
fi