emdee/base_role
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

first

Browse source
This commit is contained in:
embed@git.macaw.me 2024-01-06 01:38:28 +00:00
commit b50fd16591
197 changed files with 41663 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

159
overlay/Linux/usr/local/sbin/base_chroot.bash Executable file
View file

@ -0,0 +1,159 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
# export PATH=$PATH:/usr/local/bin
. /usr/local/bin/usr_local_tput.bash
# MUST be silent
error () { retval=$1 ; shift; ERROR $prog $* >&2 ; exit $retval ; }
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
warn () { : ; }
info () { : ; }
debug () { : ; }
# must be run as root
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
[ -x /bin/chroot ] && EXE=/bin/chroot
[ -x /usr/sbin/chroot ] && EXE=/usr/sbin/chroot # debian
setcap CAP_SYS_PTRACE=+ep $EXE
if [ "$#" -eq "0" ] ; then
usage "give an absolute directory name as argument"
fi
LARGS=""
CMD=""
while true; do
case "$1" in
'-'*)
LARGS="$1"
shift
;;
*)
break
;;
esac
done
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
root=$1
shift
if [ ! -d "$root" ] ; then
error 1 "directory not found - $root"
fi
# unix partition
[ -d $root/lost+found ] || WARN "No $root/lost+found"
# linux partition
[ -e $root/usr/src/ ] || WARN "No $root/usr/src"
# check for /dev/loop devices - up to 255 on android
[ -e /dev/loop1 ] || \
( cd /dev && \
for i in 0 1 2 3 4 5 6 7 ; do
[ -e loop$i ] && continue
mknod loop$i b 7 $i
chmod 660 loop$i
chgrp disk loop$i
done )
cd $root || error 6 "Can't cd to $root"
# sbin/boostrap_chroot.bash
for file in .bashrc .bash_profile .bash_logout .emacs ; do
[ -f $root/root/$file ] && continue
cp -p /root/$file $root/root/
done
for file in tmp usr/tmp var/tmp ; do
[ -d $file ] && continue
mkdir $file || error 8 " missing directory $file"
chmod 1777 $file
done
# df /var/tmp | grep -q sd.12 || mount /var/tmp
for file in proc sys dev dev/pts dev/shm usr ; do
[ -d $file ] && continue
mkdir $file || error 9 "Cant mkdir $file"
chmod 755 $file
done
if false ; then
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
# what happens to dev/shm ? its own memory?
# required for ansible and firefox
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
[ -e dev/pts/ptmx ] || \
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
else
# https://wiki.gentoo.org/wiki/Chroot
[ -e dev/loop0 ] || \
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|| error 10 mount --rbind /dev $root/dev
[ -e proc/self ] || mount -t proc /proc $root/proc \
|| error 11 mount -t proc /proc
[ -e sys/block ] || \
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|| error 12 --rbind /sys $root/sys
df -a | grep -q $root/dev/shm || \
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
df -a | grep -q $root/tmp || mount --rbind /tmp $root/tmp \
|| error 13 mount --rbind /tmp $root/tmp
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
[ -e dev/pts/ptmx ] || \
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
fi
# user
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
cp ~/.Xauthority $root/$HOME
cp ~/.xauth* $root/$HOME
fi
base=$( basename $root )
[ -e ./start.rc ] || cat > ./start.rc << EOF
# env-update && . /etc/profile
export PS1='\${tty}\\u@${base}:\\W\\$ '
EOF
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
# openpty failed: 'out of pty devices'
# root@Flati:11# d /dev/pts/
# total 6
# 2 ./ 4 ../
# You'll also want to copy over resolv.conf in order to have proper DNS name
# resolution from inside the chroot:
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
#? set these to root or derive them? what about -l?
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
. /usr/local/bin/proxy_export.bash >/dev/null
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
for elt in $EELTS ; do
EARGS="$EARGS $( env|grep ^${elt}= )"
done
# mesg: ttyname failed: Success
tty=$( tty 2>/dev/null )
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
# was /bin/bash -l
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
# Now you can chroot into your new system. Use env before chroot to ensure that no
# environment variables from the installation media are used by your new system:
#? PATH=$PATH
# info chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
exec $EXE $LARGS $root /usr/bin/env -i $EARGS "$@"

155
overlay/Linux/usr/local/sbin/base_chroot_caps.bash Executable file
View file

@ -0,0 +1,155 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash
# MUST be silent
usage () { echo "USAGE: $prog chroot-dir [command args] -" $* >&2 ; exit 1 ; }
error () { retval=$1 ; shift; ERROR "$prog" $* >&2 ; exit $retval ; }
warn () { WARN "$prog" $* >&2 }
info () { INFO "$prog" $* >&2 }
debug () { DBUG "$prog" $* >&2 }
# must be run as root
[ "$( id -u )" -ne "0" ] && error 1 "must be run as root"
if [ "$#" -eq "0" ] ; then
usage "give an absolute directory name as argument"
fi
LARGS=""
CMD=""
while true; do
case "$1" in
'-'*)
LARGS="$1"
shift
;;
*)
break
;;
esac
done
[ -z "$LARGS" ] && LARGS="--userspec=0:0"
root=$1
shift
if [ ! -d "$root" ] ; then
error "directory not found - $root"
fi
# unix partition
[ -d $root/lost+found ] || warn "No $root/lost+found"
# linux partition
[ -e $root/usr/src/ ] || warn "No $root/usr/src"
# check for /dev/loop devices
[ -e /dev/loop1 ] || \
( cd /dev && \
for i in 0 1 2 3 4 5 6 7 ; do
[ -e loop$i ] && continue
mknod loop$i b 7 $i
chmod 660 loop$i
chgrp disk loop$i
done )
cd $root || error 6 "Can't cd to $root"
# sbin/boostrap_chroot.bash
for file in .bashrc .bash_profile .bash_logout .emacs ; do
[ -f $root/root/$file ] && continue
cp -p /root/$file $root/root/
done
for file in tmp usr/tmp var/tmp ; do
[ -d $file ] && continue
mkdir $file || error 8 " missing directory $file"
chmod 1777 $file
done
for file in proc sys dev dev/pts dev/shm usr ; do
[ -d $file ] && continue
mkdir $file || error 9 "Cant mkdir $file"
chmod 755 $file
done
if false ; then
[ -e proc/self ] || mount -o bind /proc $root/proc || error 10
# https://forums.gentoo.org/viewtopic-t-1061422-start-0.html
[ -e dev/null ] || mount -o bind /dev $root/dev || error 11
# what happens to dev/shm ? its own memory?
# required for ansible and firefox
df -a | grep -q $root/dev/shm || mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 12
[ -e dev/pts/ptmx ] || \
mount -t devpts -o rw,relatime,gid=5,mode=620,ptmxmode=000 devpts $root/dev/pts || error 13
else
# https://wiki.gentoo.org/wiki/Chroot
[ -e dev/null ] || \
{ mount --rbind /dev $root/dev ; mount --make-rslave $root/dev ; } \
|| error 10 mount --rbind /dev $root/dev
[ -e proc/self ] || mount -t proc /proc $root/proc \
|| error 11 mount -t proc /proc
[ -e sys/block ] || \
{ mount --rbind /sys $root/sys ; mount --make-rslave $root/sys ; } \
|| error 12 --rbind /sys $root/sys
df -a | grep -q $root/dev/shm || \
mount -t tmpfs -o noexec,size=5% tmpfs $root/dev/shm || error 14 $root/dev/shm
# https://wiki.gentoo.org/wiki/Project:X86/Chroot_Guide
[ -e dev/pts/ptmx ] || \
mount -o bind /dev/pts $root/dev/pts || error 14 mount -o bind /dev/pts $root/dev/pts
fi
# user
if [ -d $root/$HOME -a -f ~/.Xauthority ] ; then
cp ~/.Xauthority $root/$HOME
cp ~/.xauth* $root/$HOME
fi
base=$( basename $root )
[ -e ./start.rc ] || cat > ./start.rc << EOF
# env-update && . /etc/profile
export PS1='\${tty}\\u@${osl}${base}:\\W\\$ '
EOF
[ -z "$DISPLAY" ] || grep -q DISPLAY ./start.rc || \
echo export DISPLAY=\"$DISPLAY\" >> ./start.rc
# You'll also want to copy over resolv.conf in order to have proper DNS name
# resolution from inside the chroot:
cp -L /etc/resolv.conf etc || error 16 "Cant cp -L /etc/resolv.conf"
EARGS="CHROOT=$root PATH=/usr/sbin:/usr/bin:/sbin:/bin"
#? set these to root or derive them? what about -l?
EELTS="$EELTS TERM DISPLAY HOME LANG LC_ALL"
[ -z "$LC_COLLATE" ] && EELTS="$EELTS LC_COLLATE" || EARGS="$EARGS LC_COLLATE=C"
. /usr/local/bin/proxy_export.bash >/dev/null
EELTS="$EELTS http_proxy https_proxy socks_proxy no_proxy"
for elt in $EELTS ; do
EARGS="$EARGS $( env|grep ^${elt}= )"
done
[ -n "$BOX_DEBIAN10_VAR_APT_ARCHIVES" ] && \
EARGS="$EARGS $BOX_DEBIAN10_VAR_APT_ARCHIVES=$BOX_DEBIAN10_VAR_APT_ARCHIVES"
# mesg: ttyname failed: Success
tty=$( tty 2>/dev/null )
[ $? -eq 0 -a -n "$tty" ] && EARGS="$EARGS TTY=$tty"
# was /bin/bash -l
[ "$#" -eq 0 ] && set -- /bin/bash -i -l
# Now you can chroot into your new system. Use env before chroot to ensure that no
# environment variables from the installation media are used by your new system:
INFO capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 -- /usr/sbin/chroot $LARGS $root /usr/bin/env -i $EARGS "$@"
echo >$root/tmp/$$.bash \
capsh '--caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep"' --keep=1 -- /tmp/$$.sh
echo >$root/tmp/$$.sh \
'`which env`' -i $EARGS "$@"
capsh --caps="CAP_SYS_PTRACE+ep CAP_SYS_CHROOT+ep" --keep=1 --chroot=$root -- /tmp/$$.bash
# --chroot=$root -c /usr/bin/env -- -i $EARGS "$@"
# exec chroot $LARGS $root /usr/bin/env -i $EARGS "$@"

42
overlay/Linux/usr/local/sbin/base_chroot_unbind.bash Executable file
View file

@ -0,0 +1,42 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=base
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
error () { ERROR "$prog $2" ; exit $1 ; }
# must be run as root
if [ "$( id -u )" != "0" ] ; then
echo ERROR: $0 run as root
exit 0
fi
if [ "$#" -eq "0" ] ; then
error 2 "give an absolute directory name as argument"
fi
root=$1
if [ ! -d "$1" ] ; then
error 3 "give an absolute directory name for chroot - $root"
fi
mount | grep $root/ | while read a on elt rest ; do
umount $elt || { ERROR "unmounting $elt" ; exit 5 ; }
done
mount | grep bind | while read a on elt rest ; do
umount $elt || { ERROR "unmounting $elt" ; exit 6 ; }
done
umount -R $root
lsof $root/usr 2>/dev/null \
| sed -e 's@^[a-z]* *@@' -e 's@ .*@@' \
| grep -v "$$\\|COMMAND" | sort -r -u | while read pid ; do
INFO "killing $pid"
kill $pid
sleep 10
#? kill -9 $pid
done
exit 0

44
overlay/Linux/usr/local/sbin/base_patch_from_diff.bash Executable file
View file

@ -0,0 +1,44 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash || exit 2
[ "$DEBUG" = 1 ] && patch=patch || patch=echo
TODIR=/
[ $# -eq 0 ] && set -- *
INFO patching $@ in $PWD
find "$@" -name \*.diff |while read file ; do
echo $file
relf=$( echo $file | sed -e 's/^root//' )
base=$( echo $relf | sed -e 's/.diff$//' )
dest="${TODIR}$base"
if [ ! -f $dest ] && head -1 $file | grep -q /dev/null ; then
cp /dev/null $dest
$patch -b -z .dst $dest < $file
continue
fi
if [ ! -f $dest ] ; then
WARN BAD PATCH file missing dest=$dest for patch $file
continue
fi
if [ -f $dest.dst ] ; then
[ $dest -nt $file ] && DBUG $dest.dst done || WARN $dest -nt $PWD/$file
continue
fi
$patch -b -z .dst $dest < $file 2>$base.err
retval=$?
if [ $? -eq 0 ] ; then
INFO patched $file
else
WARN patch ERROR $file `cat $base.err`
[ -s $base.err ] || rm -f $base.err
fi
[ -f $dest.rej ] && WARN $dest.rej exists
done
exit 0

69
overlay/Linux/usr/local/sbin/base_shutdown.bash Executable file
View file

@ -0,0 +1,69 @@
#!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
ROLE=base
. /usr/local/bin/usr_local_base.bash || exit 2
. ~/.bash_logout
# these can hang unmounting partitions
pkill dirmngr
pkill bootlogd
[ -x /var/local/bin/privacy_home_cleaner.bash ] && /var/local/bin/privacy_home_cleaner.bash
[ -f ~/Makefile ] && grep -q ^stop: ~/Makefile && \
{ cd ~ ; make stop || exit 2 ; }
a=`virsh list | wc -l`
[ $? -eq 0 -a -n "$a" -a "$a" -gt 0 ] && proxy_whonix_host.bash stop
local_base_umount () {
local mount
cd /mnt
mount=`mount`
for file in linux* ; do
echo $mount | grep -q " on /mnt/$file " || continue
echo /mnt/$file
umount -R /mnt/$file || exit 1
done
# not l - a b f d n u x i j k o q w e h z
for file in ? ; do
echo $mount | grep -q " on /mnt/$file " || continue
# echo /mnt/$file
umount /mnt/$file || echo WARN: $prog error umounting /mnt/$file
done
umount -a
}
local_base_umount # || exit 3
# should be 0
NUM=`losetup -a |grep -c -v home`
if [ $NUM -gt 0 ] ; then
losetup -a |grep -v home
echo losetup still mounted
exit 5
fi
sleep 10
umount -a -t ntfs-3g
# should be 1
NUM=`ps ax | grep mount.ntfs-3g | grep -v grep | wc -l`
if [ $NUM -ge 1 ] ; then
ps ax | grep mount.ntfs-3g | grep -v grep
echo ERROR: mount.ntfs-3g still running
exit 6
fi
INFO Calling shutdown
if [ $# -lt 1 ] ; then
shutdown -r now
else
shutdown $*
fi

88
overlay/Linux/usr/local/sbin/bootstrap_chroot_kicksecure.bash Executable file
View file

@ -0,0 +1,88 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
set -e
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
ROLE=base
. /usr/local/bin/usr_local_tput.bash
error () { ERROR "$0 $2" ; exit $1 ; }
VERS=15.0.1.5.4
TYPE=XFCE
HTTP_DIR=/g/Privacy/net/Http
URL=download.whonix.org/ova/$VERS/Kicksecure-${TYPE}-$VERS
TMPDIR=URL=$HTTP_DIR/download.whonix.org/ova/
NBD_DEV=/dev/nbd1
if [ ! -f $HTTP_DIR/$URL.ova ] ; then
wget -xcP $HTTP_DIR/ https://$URL.ova || error 2 wget
fi
[ -d $TMPDIR ] || mkdir -p $TMPDIR || error 3 $TMPDIR
cd $TMPDIR || error 4 cd $TMPDIR
if [ ! -f Kicksecure-${TYPE}-$VERS-disk001.vmdk ] ; then
echo INFO: $HTTP_DIR/$URL.ova
tar xvf $HTTP_DIR/$URL.ova || error 4 tar
fi
if [ ! -f Kicksecure-${TYPE}-${VERS}-disk001.qcow2 ] ; then
echo INFO: Kicksecure-${TYPE}-$VERS-disk001.qcow2
qemu-img convert -O qcow2 Kicksecure-${TYPE}-$VERS-disk001.vmdk Kicksecure-${TYPE}-$VERS-disk001.qcow2
fi
# must be run as root
if [ "$( id -u )" != "0" ] ; then
echo ERROR: $0 run as root
exit 0
fi
if [ "$#" -eq "0" ] ; then
root=/mnt/qcow2/KickXFCE150154
else
root=$1
fi
[ -d "$root" ] || mkdir $root
if [ ! -d "$root" ] ; then
error 3 "give an absolute directory name for chroot - $root"
fi
if [ ! -e ${NBD_DEV}p1 ] ; then
echo INFO: qemu-nbd -c ${NBD_DEV} Kicksecure-${TYPE}-$VERS-disk001.qcow2
qemu-nbd -c ${NBD_DEV} Kicksecure-${TYPE}-${VERS}-disk001.qcow2
fi
fdisk -l ${NBD_DEV} | grep ${NBD_DEV}p1 || exit 6
df | grep " $root" || mount ${NBD_DEV}p1 $root
[ -d /usr/local/tmp/wheels ] || \
( cd /usr/local/tmp ; bash /usr/local/sbin/bootstrap_wheels.bash ; )
[ -d $root/usr/local/tmp ] || \
{ mkdir $root/usr/local/tmp ; chmod 1777 $root/usr/local/tmp ; }
[ -d $root/usr/local/tmp/wheels ] || \
cp -rip /usr/local/tmp/wheels $root/usr/local/tmp/wheels
[ -d $root/usr/local/sbin ] || \
{ mkdir $root/usr/local/sbin ; }
[ -f $root/usr/local/sbin/bootstrap_pip_ansible.bash ] || \
{ cp -p /usr/local/sbin/bootstrap_*.bash $root/usr/local/sbin ; }
[ -d $root/usr/local/etc/ssl ] || \
{ mkdir $root/usr/local/etc/ssl ; }
[ -f /usr/local/etc/ssl/cacert-testforge.pem -a \
! -f $root//usr/local/etc/ssl/cacert-testforge.pem ] && \
cp -p /usr/local/etc/ssl/cacert-testforge.pem $root/usr/local/etc/ssl/cacert-testforge.pem
. /usr/local/bin/proxy_export.bash
echo INFO: /usr/local/sbin/update_chroot.bash $root
echo BOX_DEBIAN10_VAR_APT_ARCHIVES=/mnt/o/Cache/Apt/Debian/10.6/var/cache/apt/archives
echo BOX_BOXUSER_PLAY_PIP_CACHE=/mnt/o/Cache/Pip
echo BOX_USER_NAME=user
echo export http_proxy=$http_proxy
echo export https_proxy=$https_proxy
echo export socks_proxy=$socks_proxy
echo /usr/local/sbin/bootstrap_pip_ansible.bash

56
overlay/Linux/usr/local/sbin/bootstrap_pentoo_virtualbox_guest.bash Executable file
View file

@ -0,0 +1,56 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=hostvms
export LANG=en_US.UTF-8
kernel=5.0.8-pentoo
hostname=pentoo
cd /lib/modules/$kernel
# These interfere with installing virtualbox-guest-additions requried for vboxsf
[ -f kernel/drivers/staging/vboxvideo/vboxvideo.ko.xz ] && \
mv kernel/drivers/staging/vboxvideo/vboxvideo.ko.xz kernel/drivers/staging/vboxvideo/vboxvideo.ko.xz.dst
[ -f kernel/drivers/virt/vboxguest/vboxguest.ko.xz ] && \
mv kernel/drivers/virt/vboxguest/vboxguest.ko.xz kernel/drivers/virt/vboxguest/vboxguest.ko.xz.dst
depmod -a 5.0.8-pentoo
cd /etc/modprobe.d/
if [ ! -f blacklist.conf.dst ] ; then
mv blacklist.conf blacklist.conf.dst
cp blacklist.conf.dst blacklist.conf
fi
# maybe not all are needed
for elt in drm vbox video ttm ; do
grep "blacklist $elt" blacklist.conf || \
echo "blacklist $elt" >> blacklist.conf
done
cd /etc/ssh/
if [ ! -f sshd_config.dst ] ; then
mv sshd_config sshd_config.dst
cp sshd_config.dst sshd_config
fi
#FixMe: nano sshd_config
rc-update add NetworkManager
rc-update add sshd default
cd /root/
date_slash=$( date +%Y/%m/%d )
[ -d var/tmp/$hostname/$date_slash ] || mkdir -p var/tmp/$hostname/$date_slash
cd var/tmp/Pentoo/$date_slash
eix brltty | grep -q Installed && \
emerge -C brltty>emerge-C_brltty.log 2>&1
if [ ! /etc/portage/make.conf.dst ] ; then
mv /etc/portage/make.conf /etc/portage/make.conf.dst
cp /etc/portage/make.conf.dst /etc/portage/make.conf
fi
# FixMe: nano /etc/portage/make.conf
emerge -fp =app-emulation/virtualbox-guest-additions-6.0.6>virtualbox-guest-additions-6.0.6.lis 2>&1
# get the files...
emerge -vb =app-emulation/virtualbox-guest-additions-6.0.6>virtualbox-guest-additions-6.0.6.log 2>&1
rc-update add virtualbox-guest-additions

509
overlay/Linux/usr/local/sbin/bootstrap_pip_ansible.bash Executable file
View file

@ -0,0 +1,509 @@
#!/bin/bash -e
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
PREFIX=/usr/local
ROLE=base
shopt -o -s pipefail
DEBUG=1
. /usr/local/bin/usr_local_tput.bash
[ $( id -u ) -eq 0 ] || { ERROR "this must be run as root" ; exit 1 ; }
. /usr/local/bin/proxy_export.bash
WD=$PWD
MV=mv
COPY="ln -s"
PYVER=3
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON2_MINOR" ] && \
BASE_PYTHON2_MINOR=$( python2 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
[ -z "$BASE_PYTHON3_MINOR" ] && \
BASE_PYTHON3_MINOR=$( python3 --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
if [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib
elif [ -z "$LIB" -a -d /usr/lib64/python$PYTHON_MINOR/site-packages ] ; then
LIB=lib64
elif [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/dist-packages ] ; then
LIB=lib
mkdir -p /usr/local/lib/python$PYTHON_MINOR/site-packages
ln -s /usr/local/lib/python$PYTHON_MINOR/dist-packages \
/usr/local/lib/python$PYTHON_MINOR/site-packages
elif [ -z "$LIB" -a -d /usr/lib/python$PYTHON_MINOR/dist-packages ] ; then
LIB=lib64
mkdir -p /usr/local/lib64/python$PYTHON_MINOR/site-packages
ln -s /usr/local/lib64/python$PYTHON_MINOR/dist-packages \
/usr/local/lib64/python$PYTHON_MINOR/site-packages
elif [ -z "$LIB" -a -d /usr/lib/python$PYVER/dist-packages ] ; then
LIB=lib
mkdir -p /usr/local/lib/python$PYTHON_MINOR/site-packages
ln -s /usr/local/lib/python$PYTHON_MINOR/dist-packages \
/usr/local/lib/python$PYTHON_MINOR/site-packages
elif [ -z "$LIB" -a -d /usr/lib/python$PYVER/dist-packages ] ; then
LIB=lib64
mkdir -p /usr/local/lib64/python$PYTHON_MINOR/site-packages
ln -s /usr/local/lib64/python$PYTHON_MINOR/dist-packages \
/usr/local/lib64/python$PYTHON_MINOR/site-packages
fi
if [ -z "$LIB" ] ; then
ERROR LIB=$LIB empty - no /usr/lib*/python$PYTHON_MINOR/site-packages
exit 3
elif [ -n "$LIB" -a ! -d /usr/$LIB/python$PYTHON_MINOR/site-packages ] ; then
ERROR LIB=$LIB but no /usr/$LIB/python$PYTHON_MINOR/site-packages
exit 3
fi
INFO LIB=$LIB /usr/$LIB/python$PYTHON_MINOR/site-packages
[ -z "$UPTMP" ] && UPTMP=$PREFIX/tmp
# With packer the files we need are not on the host - they are pushed up and $UPTMP is populated with:
PDIRS="authorized_keys archives boxuser_pip_cache root_pip_cache cacert.pem wheels"
# With vagrant the files may have been tarred on the host and be in their cannonical positions.
# We symlink to files under vagrant to /tmp to leave the packer scripts untouched.
# With packer and docker we can remote mount partitions and not even copy them up to the guest.
[ -n "$TESTF_DEBIAN10_VAR_APT_ARCHIVES" ] && [ -d "$TESTF_DEBIAN10_VAR_APT_ARCHIVES/" ] && \
[ ! -e $UPTMP/archives ] && ln -s $TESTF_DEBIAN10_VAR_APT_ARCHIVES/ $UPTMP/archives
ln -s $TESTF_DEBIAN10_VAR_APT_ARCHIVES/*.deb /var/cache/apt/archives 2>/dev/null
[ -n "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && [ -e "$HOSTVMS_BOXUSER_PLAY_PIP_CACHE" ] && \
[ ! -e $UPTMP/boxuser_pip_cache ] && ln -s $HOSTVMS_BOXUSER_PLAY_PIP_CACHE/ $UPTMP/boxuser_pip_cache
[ -n "$HOSTVMS_ROOT_PLAY_PIP_CACHE" ] && [ -d "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" ] && \
[ ! -e $UPTMP/root_pip_cache ] && ln -s "$HOSTVMS_ROOT_PLAY_PIP_CACHE/" $UPTMP/root_pip_cache
[ -d /usr/local/etc/testforge ] || mkdir -p /usr/local/etc/testforge
export PLAY_PIP_CERT="/usr/local/etc/ssl/cacert-testforge.pem"
[ -f $PLAY_PIP_CERT ] && \
[ ! -e $UPTMP/cacert.pem ] && ln -s $PLAY_PIP_CERT $UPTMP/cacert.pem
# config_file = os.environ.get('PIP_CONFIG_FILE', None)
# /usr/$LIB/python2.7/site-packages/pip/_internal/configuration.py
bootstrap_mkdir () { mkdir -p $1 ; chgrp $BOX_ALSO_GROUP $1 ; }
[ -d /usr/local/tmp ] || { mkdir -p /usr/local/tmp ; chmod 1777 /usr/local/tmp ; }
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
[ -d $site_packages ] || bootstrap_mkdir $site_packages
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
if [ ! -d /usr/local/tmp/wheels ] ; then
cd /usr/local
sh sbin/bootstrap_wheels.bash || exit 4
fi
[ ! -d $UPTMP/wheels/ ] && [ $UPTMP/ != /usr/local/tmp/ ] && \
ln -s /usr/local/tmp/wheels $UPTMP/wheels
# But with vagrant or docker we may have mounted the HOST partitions that contain the files
# [ -z "$TESTF_UBUNTU16_VAR_APT_ARCHIVES" ] && TESTF_UBUNTU16_VAR_APT_ARCHIVES -> $UPTMP/archives
[ -d /etc/portage -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=vagrant
[ -d /etc/apt -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=devuan
[ -z "$BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME
[ -z "$BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm
[ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp
[ -d $LOGDIR ] || { mkdir $LOGDIR ; chmod 1777 $LOGDIR ; }
# not needed: --no-binary :all: --upgrade-strategy only-if-needed
# not yet: --user
PIP_ARGS=""
PIP_INSTALL_ARGS="--disable-pip-version-check --prefix=$PREFIX"
scripts="ansible ansible-playbook ansible-pull ansible-doc ansible-galaxy ansible-console ansible-connection ansible-vault"
[ -d /etc/apt ] && export DEBIAN_FRONTEND=noninteractive
export PIP_DEFAULT_TIMEOUT=60
ANSIBLE_VER="2.9.10"
#2? PYYAML_VER="3.12"
ansible_tgz=ansible-$ANSIBLE_VER.tar.gz
#2? yaml_tgz=PyYAML-$PYYAML_VER.tar.gz
if [ -n "$BOX_USER_NAME" ] ; then
# Packer will not have created this and we will need it early.
[ -d $BOX_USER_HOME ] || \
bootstrap_mkdir $BOX_USER_HOME
#? useradd -d $BOX_USER_HOME -G root -m $BOX_USER_NAME
# If you want to use your own private key for packer
[ -d $BOX_USER_HOME/.ssh ] || \
bootstrap_mkdir $BOX_USER_HOME/.ssh
if [ -f $UPTMP/authorized_keys ] ; then
$COPY $UPTMP/authorized_keys $BOX_USER_HOME/.ssh && \
chmod 600 $BOX_USER_HOME/.ssh/authorized_keys
fi
chmod 700 $BOX_USER_HOME/.ssh/
fi
[ -d /etc/apt -a -d /var/cache/apt/archives ] || mkdir -p /var/cache/apt/archives
# If you upload your cache of Ubuntu .debs, it cuts down on the downloading
[ -d $UPTMP/archives ] && \
$COPY $UPTMP/archives/*.deb /var/cache/apt/archives 2>/dev/null
# leave this for cleanup:
# rm -rf $UPTMP/archives
# If you upload your cache of pip files, it cuts down on the downloading
if [ -d $UPTMP/boxuser_pip_cache ] ; then
bootstrap_mkdir $BOX_USER_HOME/.cache/ && \
cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \
chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \
chmod -R g+rw $BOX_USER_HOME/.cache/pip && \
chmod -R o-w $BOX_USER_HOME/.cache/pip
fi
if [ -d $UPTMP/root_pip_cache ] ; then
bootstrap_mkdir /root/.cache/ && \
cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \
chown -R root.root /root/.cache/pip && \
chmod -R g+rw /root/.cache/pip && \
chmod -R o-w /root/.cache/pip
fi
if [ -d /etc/apt ] ; then
if ! route | grep -q ^default ; then
DBUG "Not connected; skipping apt-get update"
elif [ ! -f /var/log/dpkg.log ] ; then
apt-get update # || exit 4
fi
which unzip || ! [ -f /var/cache/apt/archives/unzip_*_amd64.deb ] || \
dpkg -i /var/cache/apt/archives/unzip_*_amd64.deb
which curl || [ ! -f /var/cache/apt/archives/curl_*_amd64.deb ] || \
dpkg -i /var/cache/apt/archives/curl_*_amd64.deb \
/var/cache/apt/archives/libcurl4_*_amd64.deb \
/var/cache/apt/archives/libcurl4-openssl-dev_*_amd64.deb
apt-get install -y --force-yes wget unzip openssl || true
[ -f /usr/include/Python.h ] || \
apt-get install -y --force-yes \
libffi-dev libssl-dev python3-dev python3-pycparser \
python3-coverage || \
echo WARN you must run apt-get update
# msg: Could not find `coverage` module. ?python3-apt ?
elif [ -d /etc/portage ] ; then
# FixMe: put these in wheels?
[ -x /usr/bin/unzip ] || which unzip 2>/dev/null || emerge -vb app-arch/unzip
[ -x /usr/bin/wget ] || which wget 2>/dev/null || emerge -vb net-misc/wget
which openssl 2>/dev/null || timeout 600 emerge -vb dev-libs/openssl
# openssl installs:
# dev-python/pyopenssl-19.1.0
# dev-python/six-1.13.0
# dev-python/cryptography-2.8
# dev-python/cffi-1.12.3:0/1.12.3
# dev-python/pycparser-2.19-r1
# dev-python/ply-3.11:0/3.11
# virtual/python-ipaddress-1.0-r1
# dev-python/ipaddress-1.0.23
# virtual/python-enum34-2
# dev-python/enum34-1.1.6-r1
python$PYVER -c 'import OpenSSL' 2>/dev/null || \
timeout 600 emerge -vb dev-python/pyopenssl
python$PYVER -c 'import pycparser' 2>/dev/null || \
timeout 600 emerge -vb dev-python/pycparser
python$PYVER -c 'import yaml' 2>/dev/null || \
timeout 600 emerge -vb dev-python/pyyaml
DBUG "Gentoo Installed openssl and wget"
fi
# On a CORP laptop off the VPN we may need some CAs
[ -d $PREFIX/etc/ssl ] || mkdir -p $PREFIX/etc/ssl
[ ! -f $PLAY_PIP_CERT ] && \
[ -f $UPTMP/cacert.pem ] && \
$COPY $UPTMP/cacert.pem $PLAY_PIP_CERT
# pip gets confused
# or just delete $PREFIX/$LIB/python$PYTHON_MINOR/dist-packages afterwards
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
site_packages=$PREFIX/$LIB/python$PYTHON_MINOR/site-packages
[ -d $site_packages ] || bootstrap_mkdir $site_packages
[ -f $site_packages/__init__.py ] || touch $site_packages/__init__.py
if [ -d /etc/apt ] ; then
dist_packages=$PREFIX/lib/python$PYTHON_MINOR/dist-packages
WD=$PWD
if [ -d $dist_packages ] ; then
cd $PREFIX/lib/python$PYTHON_MINOR
ln -s $site_packages .
cd $WD
fi
fi
# we will use $PREFIX/bin/python3.bash NOT $PREFIX/bin/python3.sh
# to not conflict with what Ansible will push later/before.
if [ ! -e $PREFIX/bin/python$PYVER.bash ] ; then
INFO "bootstrapping $PREFIX/bin/python$PYVER.bash"
cat > $PREFIX/bin/python$PYVER.bash << EOF
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# from bootstrap_pip_ansible.bash
. /usr/local/bin/usr_local_tput.bash || exit 2
PREFIX=/usr/local
# pip gets confused
dist_packages=$site_packages
dist_packages=\$dist_packages:\${dist_packages}/pip/_vendor
if [ -z "$PYTHONPATH" ] ; then
export PYTHONPATH=\$dist_packages
else
export PYTHONPATH=\$PYTHONPATH:\$dist_packages
fi
exec python$PYVER "\$@"
EOF
chmod 755 $PREFIX/bin/python$PYVER.bash
fi
# pip may be loaded in the base iso
if [ -x $PREFIX/bin/python$PYVER.bash ] && \
$PREFIX/bin/python$PYVER.bash -c 'import pip' 2>/dev/null ; then
INFO pip$VER already installed
elif [ ! -d $UPTMP/wheels/ ] ; then
WARN $UPTMP/wheels not found
else
# we may be without the VPN/proxy but on a corporate laptop
# with a hosed chain of Certificate Authorities for the MITM proxy
# in which case http://bootstrap.pypa.io/get-pip.py will not work,
# so effective but groddy:
# just unzip the wheels into site-packages and force-reinstall later
cd $UPTMP/wheels/
INFO "installing pip - unzipping wheels into $site_packages"
for file in *.whl ; do
#a=$( echo $file | sed -e 's/-.*//' )
#b=$( basename $a|sed -e 's/Py//'|tr '[A-Z]' '[a-z]' )
#python$PYVER -c "import $b" 2>/dev/null >/dev/null && continue
unzip -n $file -d $site_packages >/dev/null
done
# morons
# -rwx------ 1 root root 8866 Jun 11 2018 /usr/local/$LIB/python$PYTHON_MINOR/site-packages/idna-2.7.dist-info/METADATA
find $site_packages -type d -exec chmod a+rx '{}' \;
find $site_packages -type f -exec chmod a+r '{}' \;
chgrp -R "$BOX_ALSO_GROUP" $site_packages
# hack in a PYTHONPATH for our unzipped wheels - removed later
for elt in pip ; do # is wheel needed?
INFO "Installing $elt"
# use $PYVER.bash for bootstrap - $PYVER.bash will come later
[ -f $PREFIX/bin/$elt$PYVER.bash ] || \
cat > $PREFIX/bin/$elt$PYVER.bash << EOF
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
export PLAY_PIP_CERT=$PIP_CERT
export PYTHONPATH=${site_packages}
export PYTHONPATH=\$PYTHONPATH:${site_packages}/pip/_vendor
#? FixMe: narrow to InsecurePlatformWarning
python$PYVER -W ignore -m $elt "\$@"
EOF
chmod 755 $PREFIX/bin/$elt$PYVER.bash
$PREFIX/bin/$elt$PYVER.bash --help >/dev/null
DBUG "Installed $elt$PYVER.bash"
done
fi
# do I still need this
#if [ -x $PREFIX/bin/pip$PYVER ] && [ -d $site_packages ] ; then
# export PYTHONPATH=$site_packages:$site_packages/pip/_vendor
#fi
if [ ! -x $PREFIX/bin/pip$PYVER.sh ] ; then
ERROR "Failed to Install pip$PYVER at $PREFIX/bin/pip$PYVER.sh"
exit 3
elif ! $PREFIX/bin/python$PYVER.bash -m pip -V ; then
ERROR "Failed to run pip$PYVER at $PREFIX/bin/pip$PYVER"
exit 4
fi
if [ -f $PLAY_PIP_CERT ] ; then
if [ ! -f $site_packages/pip/_vendor/requests/cacert.pem.dst ] && \
[ -f $site_packages/pip/_vendor/requests/cacert.pem ] && \
[ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
mv $site_packages/pip/_vendor/requests/cacert.pem \
$site_packages/pip/_vendor/requests/cacert.pem.dst
fi
if [ ! -h $site_packages/pip/_vendor/requests/cacert.pem ] ; then
rm -f $site_packages/pip/_vendor/requests/cacert.pem
fi
[ -e $site_packages/pip/_vendor/requests/cacert.pem ] || \
ln -s $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
INFO linked $PLAY_PIP_CERT $site_packages/pip/_vendor/requests/cacert.pem
fi
# dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert
if ! route | grep -q ^default ; then
DBUG "Not connected; skipping SSL Certificate Authority chain"
elif [ -n "$https_proxy" ] ; then
proxy=`echo "$https_proxy" | sed -e 's/https*:\/*//'`
openssl s_client -connect pypi.org:443 --proxy $proxy </dev/null | \
grep -q 'unable to get local issuer certificate' && \
echo "WARN: it looks like you have a hosed SSL Certificate Authority chain"
else
openssl s_client -connect pypi.org:443 </dev/null | \
grep -q 'unable to get local issuer certificate' && \
echo "WARN: it looks like you have a hosed SSL Certificate Authority chain"
fi
$PREFIX/bin/pip$PYVER.sh --version || exit 5
[ -d /usr/local/src ] || { bootstrap_mkdir /usr/local/src ; }
[ -d /usr/local/bin ] || { bootstrap_mkdir /usr/local/bin ; }
if [ -f "$PLAY_PIP_CERT" ] ; then
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
else
WARN "PLAY_PIP_CERT not found $PIP_CERT"
fi
if [ ! -f /etc/wgetrc ] ; then
sh $WD/bootstrap_proxy.bash
fi
# pip uses curl - and has a config file PIP_CONFIG
DBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
if [ -n "$https_proxy" ] ; then
INFO "Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
INFO "Adding to PIP_INSTALL_ARGS $proxy"
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
fi
# lengthen the timeout in case you are on a slow line
# or /etc/pip.conf
# [global]
# timeout = 60
cd $PREFIX/src || exit 6
boostrap_pip_ansible () {
local WD=$PWD
DBUG "$PREFIX/bin/pip$PYVER.sh install $PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz"
# install from the file to keep the version pinned
sudo -u $"$BOX_USER_NAME" \
$PREFIX/bin/pip$PYVER.sh $PIP_ARGS install \
$PIP_INSTALL_ARGS $UPTMP/wheels/$ansible_tgz \
>> $LOGDIR/pip_install_pip_ansible.log 2>&1 || {
ERROR pip$PYVER.sh $PIP_ARGS install $PIP_INSTALL_ARGS $ansible_tgz
tail $LOGDIR/pip_install_pip_ansible.log
exit 8
}
return 0
}
boostrap_patch_ansible () {
local WD=$PWD
[ -d /usr/local/patches/base ] || return 0
[ -f /usr/local/sbin/base_patch_from_diff.bash ] || return 0
cd /usr/local/patches/base || return 1
[ -d usr/local/src/ansible-$ANSIBLE_VER ] || return 0
# this vacuumns all diff files below the root
/usr/local/sbin/base_patch_from_diff.bash usr/local/src/ansible-$ANSIBLE_VER
return 0
}
boostrap_setup_ansible () {
local WD=$PWD
cd /usr/local/src
[ -d ansible-$ANSIBLE_VER ] || tar xfz $UPTMP/wheels/$ansible_tgz
cd ansible-$ANSIBLE_VER
/usr/local/sbin/base_patch_from_diff.bash usr/local/src/ansible-$ANSIBLE_VER
RARGS=" --user $RARGS"
# RARGS=" --install-layout=unix $RARGS"
export PYTHONPATH=/usr/local/$LIB/python$PYTHON_MINOR/site-packages
DBUG "/usr/local/bin/python$PYVER.bash setup.py install $RARGS"
sudo -u $"$BOX_USER_NAME" \
/usr/local/bin/python$PYVER.bash setup.py install $RARGS \
>> install.log
retval=$?
cd $WD
return $retval
}
# NOW we use our fresh pip to install ansible from source, into /usr/local
if [ -d $PREFIX/src/ansible-$ANSIBLE_VER ] ; then
INFO already installed $PREFIX/src/ansible-$ANSIBLE_VER
elif [ ! -f $UPTMP/wheels/$ansible_tgz ] ; then
ERROR tgz missing $UPTMP/wheels/$ansible_tgz
exit 7
else
if false ; then
boostrap_pip_ansible
else
boostrap_setup_ansible
[ $? -eq 0 ] || { ERROR installing ansible ; tail install.log ; exit 8 ; }
fi
boostrap_patch_ansible
if [ -d /etc/portage/ ] ; then
[ -d /etc/portage/profile ] || mkdir /etc/portage/profile
grep -q app-admin/ansible-$ANSIBLE_VER /etc/portage/profile/package.provided || \
echo app-admin/ansible-$ANSIBLE_VER >> /etc/portage/profile/package.provided
fi
cd $PREFIX/bin
[ -e ansible-doc ] || { ERROR installing ansible-doc ; exit 9 ; }
grep "#\!.$PREFIX/bin/python$PYVER.bash" ansible-doc || \
sed -e "s@^#\!.*python.*@#\!${PREFIX}/bin/python$PYVER.bash@" -i $scripts
fi
ansible --version || exit 10
if [ -f $PLAY_PIP_CERT ] ; then
export PLAY_PIP_CERT=$PIP_CERT
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS --cert $PLAY_PIP_CERT"
else
WARN "PLAY_PIP_CERT not found $PIP_CERT"
fi
[ ! -f /etc/wgetrc ] || sh $WD/bootstrap_proxy.bash
# pip uses curl - and has a config file PIP_CONFIG
DBUG "http_proxy=$http_proxy https_proxy=$https_proxy"
if [ -n "$https_proxy" ] ; then
INFO "Adding to PIP_INSTALL_ARGS --proxy=$https_proxy"
elif [ -f /etc/wgetrc ] && grep ^http_proxy /etc/wgetrc ; then
proxy=$( grep ^http_proxy /etc/wgetrc|sed -e 's@.*=@--proxy=@' )
INFO "Adding to PIP_INSTALL_ARGS $proxy"
PIP_INSTALL_ARGS="$PIP_INSTALL_ARGS $proxy"
fi
cd $PREFIX/src
# install pycurl as a test of pip and a requisite for proxyauth.py
if ! $PREFIX/bin/python$PYVER.bash -c 'import curl' 2>/dev/null ; then
if [ -d /etc/apt ] ; then
apt-get install -y --force-yes libcurl4-openssl-dev \
2>&1 | tee $LOGDIR/apt-get_install_libcurl4-openssl-dev.log
elif [ -d /etc/portage ] ; then
[ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl
fi
#? --allow-unverified pycurl
if ! route | grep -q ^default ; then
INFO "Not connected; not installing pycurl"
elif $PREFIX/bin/pip$PYVER.sh install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then
INFO "Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
# We dont fail the packer build if it errors - just fix it and rerun
$PREFIX/bin/python$PYVER.bash -c 'import curl; print curl.__file__' || true
else
WARN "Installing pycurl failed with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"
cat $LOGDIR/pip_install_pycurl.log
fi
fi
[ -e /usr/local/bin/python$PYVER.sh ] || \
[ -h /usr/local/bin/python$PYVER.sh ] || \
ln -s /usr/local/bin/python$PYVER.bash /usr/local/bin/python$PYVER.sh
find /usr/local/$LIB/python$PYTHON_MINOR/site-packages/ansible/modules/ -name \*.py \
-exec grep -q /usr/bin/python '{}' \; -print \
-exec sed -e "1,3s@#!/usr/bin/python@#!/usr/local/bin/python$PYVER.bash@" -i '{}' \;
exit 0

61
overlay/Linux/usr/local/sbin/bootstrap_proxy.bash Executable file
View file

@ -0,0 +1,61 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
set -e
shopt -o -s pipefail
prog=$( basename $0 .bash )
ROLE=base
. /usr/local/bin/usr_local_tput.bash
[ -z "$UPTMP"] && UPTMP=/usr/local/tmp
# [ $( id -u ) -eq 0 ] || { ERROR "this must be run as root" ; exit 1 ; }
# consider PIP_CONFIG_FILE [defaults] ini
export PLAY_PIP_CERT="/usr/local/etc/ssl/cacert-testforge.pem"
if [ -n "$http_proxy" ] || [ -n "$https_proxy" ] ; then
INFO "proxy.sh YES http_proxy=$http_proxy https_proxy=$https_proxy"
if [ -d /etc/portage ] ; then
grep ^http_proxy /etc/portage/make.conf || \
cat >> /etc/portage/make.conf << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
http_proxy="$http_proxy"
https_proxy="$https_proxy"
# END ANSIBLE MANAGED BLOCK proxy
EOF
elif [ ! -f /etc/apt/apt.conf.d/80proxy.conf ] || ! grep -q Proxy /etc/apt/apt.conf.d/80proxy.conf ; then \
cat > /etc/apt/apt.conf.d/80proxy.conf << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
Acquire::http::Proxy "$http_proxy";
Acquire::https::Proxy "$https_proxy";
# END ANSIBLE MANAGED BLOCK proxy
EOF
fi
# FixMe: should be able to remove check_certificate = off now
[ -z "$no_proxy" ] && no_proxy=localhost,127.0.0.1
if [ ! -f /etc/wgetrc ] || grep -q "^http_proxy=$http_proxy" /etc/wgetrc ; then
cat >> /etc/wgetrc << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
http_proxy=$http_proxy
https_proxy=$https_proxy
no_proxy=$no_proxy
ca-certificate=$PLAY_PIP_CERT
check_certificate = on
quiet = on
# END ANSIBLE MANAGED BLOCK proxy
EOF
fi
else
INFO "proxy.sh NO http_proxy=$http_proxy https_proxy=$https_proxy"
grep -q "^check_certificate = on" /etc/wgetrc || \
cat >> /etc/wgetrc << EOF
# BEGIN ANSIBLE MANAGED BLOCK proxy
check_certificate = on
quiet = on
# END ANSIBLE MANAGED BLOCK proxy
EOF
fi
exit 0

11
overlay/Linux/usr/local/sbin/bootstrap_wheels.bash Executable file
View file

@ -0,0 +1,11 @@
#!/bin/bash
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
set -e
ROLE=base
WD=$PWD
cd tmp
exit 0
[ -d wheels ] || mkdir wheels
cd wheels

62
overlay/Linux/usr/local/sbin/box_clean_empty.bash Executable file
View file

@ -0,0 +1,62 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
# in box, unix generic, builder generic
ROLE=hostvms
PREFIX=/var/local
prog=$( basename $0 .bash )
. /usr/local/bin/usr_local_tput.bash
if [ -d /etc/portage ] ; then
# maybe we should delete ALL the package.use and package.mask?
# we did most of them as workarounds or to set the distfiles.zip
rm -f "/etc/portage/package.use/grub.sh"
fi
### CLEANUP TO SHRINK THE BOX ###
# a fresh install probably shouldn't nag about news
# chroot "" /usr/bin/eselect news read all > /dev/null 2>&1
INFO "delete in /tmp and /var/tmp"
rm -rf /tmp/*
rm -rf /var/tmp/*
# there's some leftover junk by gem installation in the root folder
# don't know where this is from (/root/.gem/specs/rubygems.org%80/...), but it should go...
# we use a global ruby by default
# ...probably hard coded path by mistake, report to upstream? Which upstream?!?
[ -d /root/.gem ] && rm -rf /root/.gem
INFO "cleaning kernel"
ls -l /usr/src 2>/dev/null && \
for elt in /usr/src/linux-*/ ; do
[ -f .config ] || continue
INFO "kernel make clean in $elt"
[ -d "$elt" ] || continue
( cd "$elt" && make clean )
done
[ -f /root/bin/packer_clean_distfiles.bash ] && sh /root/bin/packer_clean_distfiles.bash
INFO "fill all free hdd space with zeros"
if df | grep /boot$ ; then
dd if=/dev/zero of="/boot/EMPTY" bs=1M 2>/dev/null
rm "/boot/EMPTY"
sync
fi
dd if=/dev/zero of="/EMPTY" bs=1M 2>/dev/null
rm "/EMPTY"
sync
INFO "fill all swap space with zeros and recreate swap"
cat /proc/swaps |grep ^/ | cut -f 1 -d ' '| while read dev ; do
swapoff $dev || continue
shred -n 0 -z $dev
# FixMe: label?
mkswap $dev
sync
done
exit 0

51
overlay/Linux/usr/local/sbin/box_gentoo_emerge.bash Executable file
View file

@ -0,0 +1,51 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
prog=$( basename $0 .bash )
ROLE=base
LOG_DIR=/usr/local/var/logs/portage
[ -d $LOG_DIR ] || mkdir -p $LOG_DIR
declare -a ARGS
if [ "$#" -eq 1 ] ; then
ARGS=( "$1" )
LOG=$( basename $1 ).log
elif [ "$#" -eq 0 ] ; then
ARGS="@world"
LOG=world.log
elif false && [ -f world.lib ] ; then # ?
ARGS="$( grep -v '^#' world.lib )"
LOG=world.log
else
ARGS=("$@")
LOG=world.log
fi
if mount | grep -q ' on /mnt/tmp' ; then
export TMPDIR=/mnt/tmp
# else
# echo "WARN: /mnt/tmp not mounted"
fi
# --changed-deps --deep --update
LARGS="-vb --changed-use --with-bdeps=y --changed-deps-report"
LARGS="$LARGS --backtrack=30 --ignore-built-slot-operator-deps=y --keep-going"
# Skips the packages specified on the command-line that have already been installed.
LARGS="$LARGS --noreplace"
# LARGS="$LARGS --exclude "
LOG=$LOG_DIR/$LOG
export PYTHONPATH=
echo INFO: $LARGS $ARGS >> $LOG 2>&1
nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1
[ $? -ne 0 ] && exit $?
if grep ImportError $LOG ; then
echo ERROR: ImportError $ARGS && exit 10
elif grep ParseError $LOG ; then
echo ERROR: ParseError $ARGS && exit 11
elif grep 'Your current profile is invalid' $LOG ; then
echo ERROR: Your current profile is invalid $ARGS && exit 12
fi
exit 0

26
overlay/Linux/usr/local/sbin/debian_cache_to_archives.bash Executable file
View file

@ -0,0 +1,26 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter
ROLE=base
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
[ -d "$CACHE" ] || exit 1$?
[ -d /etc/apt ] || exit 0
cd $CACHE || exit 2
[ -d var/cache/apt/archives ] || mkdir -p var/cache/apt/archives
find *.deb -type f -name \*.deb | while read file; do
base=$( basename $file )
[ ! -d /var/cache/apt/archives/ ] || \
[ -e /var/cache/apt/archives/$base ] || ln -s $PWD/$file /var/cache/apt/archives/$base
[ -f var/cache/apt/archives/$base -a ! -h var/cache/apt/archives/$base ] && rm var/cache/apt/archives/$base
[ -e var/cache/apt/archives/$base ] || ln -s $PWD/$file var/cache/apt/archives/$base
done
exit 0

13
overlay/Linux/usr/local/sbin/debian_elts_to_uris.bash Executable file
View file

@ -0,0 +1,13 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
[ "$#" -eq 0 ] && set -- *.elts
for elt in "$@" ; do
base=$( basename $elt .elts )
[ -f $base.uris ] && continue
apt-get install --print-uris $( cat $elt ) > $base.uris 2>$base.errs
done
exit 0

31
overlay/Linux/usr/local/sbin/debian_uris_to_urls.bash Executable file
View file

@ -0,0 +1,31 @@
#!/bin/sh
# -*-mode: sh; tab-width: 8; coding: utf-8-unix -*-
# filter or .uris
ROLE=base
[ -z "$CACHE" ] && CACHE=/mnt/o/Cache/Apt/Debian/10.6
[ -d "$CACHE" ] || mkdir $CACHE # || exit 1$?
# debian --print-uris
if [ $? -eq 0 ] ; then
# filter
grep 'https*://' | \
sed -e 's@ftp://[^ ]*@@g' -e 's@.*https*://@https://@g' -e "s@'.*@@g" | \
while read line ; do
for url in $line ; do
base=`basename "$url"`
pre=`sed -e "s@https*://@${CACHE}@" <<< $url`
[ -e $pre ] && break
echo $line
break
done
done
fi
for elt in "$@" ; do
base=$( basename $elt .elts )
[ -s $base.urls ] && continue
sh $0 < $elt > $base.urls
[ -s $base.urls ] || rm $base.urls
done
exit 0

70
overlay/Linux/usr/local/sbin/gentoo_scurl_urls.sh Executable file
View file

@ -0,0 +1,70 @@
#!/bin/bash
# filter - arguments are to wget - quoted?
prog=$( basename $0 .bash )
prog=ScurlU
ROOTDIR=/mnt/i/net/Http
ROLE=base
CACHE=/usr/portage/distfiles
. /usr/local/bin/proxy_curl_lib.bash
route | grep -q ^def || { echo ERROR: not connected ; exit 1 ; }
. /usr/local/bin/usr_local_tput.bash
FETCHCOMMAND='/usr/local/bin/scurl.bash --force-directories --directory-prefix "\${DISTDIR}" -- "\${URI}"'
# RARGS="--retry 1 --connect-timeout 10"
if [ "$#" -eq 0 ] ; then
LARGS="--force-directories --directory-prefix $ROOTDIR"
else
LARGS="$@"
fi
cp /dev/null /tmp/$prog$$.urls
# //www.simplesystems.org/users/bfriesen/public-key.txt no https:
# https://opencoder.net/WayneDavison.key cloudflare 403
# https://www.simplesystems.org/users/bfriesen/public-key.txt 503
# https://tiswww.case.edu/php/chet/gpgkey.asc 500 timeout
# https://botan.randombit.net/pgpkey.txt no tls1.3
# https://sourceware.org/elfutils/ftp/gpgkey-1AA44BE649DE760A.gpg no tls1.3
# https://gnutls.org/gnutls-release-keyring.gpg no tls1.3
retval=0
# NOT 1.3 -e 's@^https://distfiles.gentoo.org/distfiles/[^ ]* https://pypi.python.org/@https://pypi.python.org/@'
grep ^http | \
sed -e 's@ftp://[^ ]*@@' \
-e 's/http:/https:/' \
-e 's@^https://distfiles.gentoo.org/distfiles/openpgp-keys-[^ ]*.asc @@' \
-e 's@https*://distfiles.gentoo.org@https://gentoo.osuosl.org@g' \
-e 's@https://gentoo.osuosl.org@https://mirror.leaseweb.com/gentoo@g' \
-e 's@https*://download.sourceforge.net@https://download.sourceforge.net@g' | \
while read urls ; do
url=`echo $urls|sed -e 's@ .*@@'`
base=`basename "$url"`
[ -e $CACHE/$base ] && echo $CACHE/$base && continue
base=`echo $url | sed -e 's@ .*@@' -e 's@https*://@@'`
[ -e $ROOTDIR/"$base" ] && echo $ROOTDIR/"$base" && continue
for url in $urls ; do
for no in "${NOTLSV3[@]}" ; do
[[ $url =~ $no ]] && continue
done
domain=`sed -e 's@/.*@@' <<< $base`
ip=`tor-resolve $domain`
if [ $? -eq 0 -a -n "$ip" ] ; then
a=`proxy_ami_cloudflared $ip`
[ $? -eq 0 -a "$a" = True ] && \
WARN $url Cloudflared $ip $no && \
continue
fi
DBUG $prog /usr/local/bin/scurl.bash $LARGS -- $RARGS $url
/usr/local/bin/scurl.bash $LARGS -- $RARGS $url || {
retval=$?
continue
}
break
done
done
exit $retval

62
overlay/Linux/usr/local/sbin/gentoo_sec-keys_overlay.bash Executable file
View file

@ -0,0 +1,62 @@
#!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
shopt -s nullglob || exit 1
prog=`basename $0 .bash`
ROLE=base
export PATH=/sbin:$PATH
PREFIX=/usr/local
. /usr/local/bin/usr_local_tput.bash || exit 2
DEST=$PREFIX/portage/testforge/sec-keys
FROM=/usr/portage/sec-keys
cd /
grep /~sam/ /usr/portage/sec-keys/*/*d| \
sed -e 's@.*/@@' -e 's/"//' -e 's/.*-//'|grep -v P | \
while read f;do
b=`ls /usr/portage/distfiles/*"$f"`|| continue;
a=`readlink "$b"`;
echo $a;[ -h "$a" ] && continue;
echo $b;
done | \
sed -e 's@\.\./\.\.@/i@'|zip -m9 --symlinks sam.zip -@
cd $FROM
#
tar cf - *-* | tar xf - --keep-newer-files -C $DEST 2>/dev/null >/dev/null
[ -d $DEST ] || mkdir -p $DEST
cd $FROM
i=0
for dir in *-*; do
[ -d $dir ] || continue
[ -d $DEST/$dir ] || mkdir $DEST/$dir
ls $dir/*ebuild >/dev/null 2>/dev/null || { WARN no *ebuild in $dir ; continue ; }
for file in $dir/*ebuild ; do
[ -f $DEST/$file ] && [ $DEST/$file -nt $FROM/$file ] && continue
sed -e 's/^LICENSE=/RESTRICT="mirror"\nLICENSE=/' > $DEST/$file < $FROM/$file
if grep -q 'Mirrored from ' $FROM/$file ; then
url="`grep 'Mirrored from ' $FROM/$file|sed -e 's/.*Mirrored from //' -e 's/ .*//'`"
if [ -n "$url" ] ; then
i=`expr $i + 1`
rep=`sed -e 's/[$]/\\\\$/g' -e 's/[&]/\\\\&/g' <<< $url`
# could change some keyservers here
rep=`sed -e 's/http:/https:/' <<< $rep`
DBUG rep="$rep"
sed -e "s@https://dev.gentoo.org/.sam/[^ \"]*@$rep@" \
-i $DEST/$file
fi
fi
cd $DEST/$dir
for dfile in $dir/*ebuild ; do
ddir=`dirname $dfile`
cd $ddir
ebuild manifest *ebuild
done
cd $DEST
done
done
INFO $i $DEST