From ddb600ead283c367bdff7cb8857d89da953a7605 Mon Sep 17 00:00:00 2001 From: emdee Date: Tue, 9 Jan 2024 15:39:19 +0000 Subject: [PATCH] bash --- .../usr/local/share/genkernel/overlay.bash | 28 ++ .../usr/local/share/genkernel/overlay.list | 43 ++ .../usr/local/sbin/box_gentoo_emerge.bash | 14 +- .../usr/local/sbin/gentoo_check_manifest.bash | 2 +- .../usr/local/share/genkernel/overlay.bash | 28 ++ .../usr/local/share/genkernel/overlay.list | 43 ++ .../usr/local/bin/ansible_get_inventory.bash | 52 +++ overlay/Linux/usr/local/bin/base_ansible.bash | 9 + .../usr/local/bin/base_check_site_py.bash | 4 +- .../Linux/usr/local/bin/base_clean_path.bash | 2 +- overlay/Linux/usr/local/bin/base_daily.bash | 4 +- overlay/Linux/usr/local/bin/base_hourly.bash | 2 +- .../Linux/usr/local/bin/base_pip_upgrade.bash | 2 +- overlay/Linux/usr/local/bin/pip.sh | 13 +- .../Linux/usr/local/bin/proxy_ping_test.bash | 391 ++++++++++++------ .../Linux/usr/local/bin/usr_local_base.bash | 33 +- .../Linux/usr/local/bin/usr_local_tput.bash | 146 ++++--- .../usr/local/sbin/bootstrap_pip_ansible.bash | 12 +- .../usr/local/sbin/box_gentoo_emerge.bash | 14 +- .../Linux/usr/local/src/usr_local_base.bash | 5 +- .../Linux/usr/local/src/usr_local_python.bash | 14 + tasks/Debian.yml | 2 +- tasks/Devuan.yml | 2 +- tasks/Gentoo.yml | 25 +- tasks/Gentoo/Pentoo/use.yml | 16 - tasks/Lati.yml | 8 +- tasks/ansible.yml | 2 +- tasks/base.yml | 46 +-- tasks/base_Gentoo.yml | 2 +- tasks/base_proxy.yml | 6 +- tasks/bootstrap.yml | 14 +- tasks/main.yml | 85 +++- tasks/qerc_user.yml | 2 +- tasks/users.yml | 42 +- 34 files changed, 770 insertions(+), 343 deletions(-) create mode 100755 overlay/Devuan/usr/local/share/genkernel/overlay.bash create mode 100644 overlay/Devuan/usr/local/share/genkernel/overlay.list create mode 100755 overlay/Gentoo/usr/local/share/genkernel/overlay.bash create mode 100644 overlay/Gentoo/usr/local/share/genkernel/overlay.list create mode 100755 overlay/Linux/usr/local/bin/ansible_get_inventory.bash create mode 100755 overlay/Linux/usr/local/bin/base_ansible.bash diff --git a/overlay/Devuan/usr/local/share/genkernel/overlay.bash b/overlay/Devuan/usr/local/share/genkernel/overlay.bash new file mode 100755 index 0000000..5a99784 --- /dev/null +++ b/overlay/Devuan/usr/local/share/genkernel/overlay.bash @@ -0,0 +1,28 @@ +#!/bin/sh + +ROLE=gpgkey + +cd /usr/local/share/genkernel/overlay + +[ -d dev ] || mkdir dev +cd dev +[ -e urandom ] || mknod urandom c 1 9 +chmod 666 urandom +cd .. + +[ -d sbin ] || mkdir sbin +cd sbin +[ -f staticgpggrid ] || cp -p /usr/local/bin/staticgpggrid . +[ -f staticgpg ] || cp -p /usr/local/bin/staticgpg . +chmod 755 static* +cd .. + +cd / +cat /usr/local/share/genkernel/overlay.list | \ + tar cf - -T - \ + tar xvf - -C /usr/local/share/genkernel/overlay + +find -L /usr/local/share/genkernel/overlay -type l + + +exit 0 diff --git a/overlay/Devuan/usr/local/share/genkernel/overlay.list b/overlay/Devuan/usr/local/share/genkernel/overlay.list new file mode 100644 index 0000000..2fdf628 --- /dev/null +++ b/overlay/Devuan/usr/local/share/genkernel/overlay.list @@ -0,0 +1,43 @@ +bin/busybox +bin/keyctl +bin/kmod +bin/lsmod +bin/nano +etc/conf.d/keymaps +etc/keymaps/linux-with-altgr.inc +etc/keymaps/us.map +etc/modprobe.d/blacklist.conf +lib/ld-linux.so.2 +lib64/ld-linux-x86-64.so.2 +lib64/libacl.so.1 +lib64/libacl.so.1.1.2301 +lib64/libblkid.so.1 +lib64/libblkid.so.1.1.0 +lib64/libc.so.6 +lib64/libcap.so.2 +lib64/libcap.so.2.65 +lib64/libkmod.so.2 +lib64/libkmod.so.2.4.0 +lib64/liblzma.so.5 +lib64/liblzma.so.5.2.5 +lib64/libm.so.6 +lib64/libpthread.so.0 +lib64/libz.so.1 +lib64/libz.so.1.2.12 +lib64/libzstd.so.1 +lib64/libzstd.so.1.5.2 +sbin/e2label +sbin/fdisk +sbin/modprobe +sbin/tune2fs +usr/bin/clear +usr/bin/mg +usr/bin/ntfs-3g +usr/local/bin/gridfire.pyi +usr/local/bin/staticgpg +usr/local/bin/staticgpggrid +usr/share/consolefonts/ter-v24b.psf.gz +usr/share/consolefonts/ter-v28b.psf.gz +usr/share/keymaps/i386/include/euro.map.gz +usr/share/keymaps/i386/include/qwerty-layout.inc +usr/share/keymaps/include/compose.latin diff --git a/overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash b/overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash index 9256c81..7c8cd2b 100755 --- a/overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash +++ b/overlay/Gentoo/usr/local/sbin/box_gentoo_emerge.bash @@ -3,6 +3,7 @@ prog=$( basename $0 .bash ) ROLE=base +PYVER=3 LOG_DIR=/usr/local/var/logs/portage [ -d $LOG_DIR ] || mkdir -p $LOG_DIR @@ -37,15 +38,16 @@ LARGS="$LARGS --noreplace" # LARGS="$LARGS --exclude " LOG=$LOG_DIR/$LOG export PYTHONPATH= -echo INFO: $LARGS $ARGS >> $LOG 2>&1 -nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 -[ $? -ne 0 ] && exit $? +echo INFO: emerge $LARGS $ARGS |tee -a $LOG >&2 +nice python$PYVER $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 +retval=$? +[ $retval -ne 0 ] && echo ERROR: $retval $LOG && tail $LOG && exit $retval if grep ImportError $LOG ; then - echo ERROR: ImportError $ARGS && exit 10 + echo ERROR: ImportError $LOG && exit 10 elif grep ParseError $LOG ; then - echo ERROR: ParseError $ARGS && exit 11 + echo ERROR: ParseError $LOG && exit 11 elif grep 'Your current profile is invalid' $LOG ; then - echo ERROR: Your current profile is invalid $ARGS && exit 12 + echo ERROR: Your current profile is invalid $LOG && exit 12 fi exit 0 diff --git a/overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash b/overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash index 85ffbf9..3162883 100755 --- a/overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash +++ b/overlay/Gentoo/usr/local/sbin/gentoo_check_manifest.bash @@ -27,7 +27,7 @@ gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit grep 'using RSA key' /tmp/K$$.log || exit 4 grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5 -if route | grep -q ^default ; then +if grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then . /root/bin/tor.sh wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0 grep "`cat /tmp/K$$.key`" /tmp/K$$.html || { diff --git a/overlay/Gentoo/usr/local/share/genkernel/overlay.bash b/overlay/Gentoo/usr/local/share/genkernel/overlay.bash new file mode 100755 index 0000000..5a99784 --- /dev/null +++ b/overlay/Gentoo/usr/local/share/genkernel/overlay.bash @@ -0,0 +1,28 @@ +#!/bin/sh + +ROLE=gpgkey + +cd /usr/local/share/genkernel/overlay + +[ -d dev ] || mkdir dev +cd dev +[ -e urandom ] || mknod urandom c 1 9 +chmod 666 urandom +cd .. + +[ -d sbin ] || mkdir sbin +cd sbin +[ -f staticgpggrid ] || cp -p /usr/local/bin/staticgpggrid . +[ -f staticgpg ] || cp -p /usr/local/bin/staticgpg . +chmod 755 static* +cd .. + +cd / +cat /usr/local/share/genkernel/overlay.list | \ + tar cf - -T - \ + tar xvf - -C /usr/local/share/genkernel/overlay + +find -L /usr/local/share/genkernel/overlay -type l + + +exit 0 diff --git a/overlay/Gentoo/usr/local/share/genkernel/overlay.list b/overlay/Gentoo/usr/local/share/genkernel/overlay.list new file mode 100644 index 0000000..2fdf628 --- /dev/null +++ b/overlay/Gentoo/usr/local/share/genkernel/overlay.list @@ -0,0 +1,43 @@ +bin/busybox +bin/keyctl +bin/kmod +bin/lsmod +bin/nano +etc/conf.d/keymaps +etc/keymaps/linux-with-altgr.inc +etc/keymaps/us.map +etc/modprobe.d/blacklist.conf +lib/ld-linux.so.2 +lib64/ld-linux-x86-64.so.2 +lib64/libacl.so.1 +lib64/libacl.so.1.1.2301 +lib64/libblkid.so.1 +lib64/libblkid.so.1.1.0 +lib64/libc.so.6 +lib64/libcap.so.2 +lib64/libcap.so.2.65 +lib64/libkmod.so.2 +lib64/libkmod.so.2.4.0 +lib64/liblzma.so.5 +lib64/liblzma.so.5.2.5 +lib64/libm.so.6 +lib64/libpthread.so.0 +lib64/libz.so.1 +lib64/libz.so.1.2.12 +lib64/libzstd.so.1 +lib64/libzstd.so.1.5.2 +sbin/e2label +sbin/fdisk +sbin/modprobe +sbin/tune2fs +usr/bin/clear +usr/bin/mg +usr/bin/ntfs-3g +usr/local/bin/gridfire.pyi +usr/local/bin/staticgpg +usr/local/bin/staticgpggrid +usr/share/consolefonts/ter-v24b.psf.gz +usr/share/consolefonts/ter-v28b.psf.gz +usr/share/keymaps/i386/include/euro.map.gz +usr/share/keymaps/i386/include/qwerty-layout.inc +usr/share/keymaps/include/compose.latin diff --git a/overlay/Linux/usr/local/bin/ansible_get_inventory.bash b/overlay/Linux/usr/local/bin/ansible_get_inventory.bash new file mode 100755 index 0000000..be85170 --- /dev/null +++ b/overlay/Linux/usr/local/bin/ansible_get_inventory.bash @@ -0,0 +1,52 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- + +# retval on stdout - messages on stderr +. /usr/local/bin/usr_local_tput.bash + +prog=`basename $0 .bash` +PREFIX=/usr/local +ROLE=base +AnsI=AnsI + +# quiet +[ "$#" -eq 0 ] && exit 1 +VARIABLE=$1 +shift +[ "$#" -eq 0 ] && base=`hostname` || base=$1 +base=gentoo1 + +[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash + +[ -n "$PLAY_ANSIBLE_SRC" ] || PLAY_ANSIBLE_SRC=$BASE_ANSIBLE_SRC +[ -z "$PLAY_ANSIBLE_SRC" ] && ERROR export "PLAY_ANSIBLE_SRC" >&2 && exit 3 +[ ! -d "$PLAY_ANSIBLE_SRC" ] && ERROR ! -d "PLAY_ANSIBLE_SRC" >&2 && exit 4 +[ ! -f "$PLAY_ANSIBLE_SRC"/hosts.yml ] && ERROR ! -f "PLAY_ANSIBLE_SRC"/hosts.yml >&2 && exit 4 + +DBUG ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \ + --playbook-dir=$PLAY_ANSIBLE_SRC \ + --host=$base >&2 +ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \ + --playbook-dir=$PLAY_ANSIBLE_SRC \ + --host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err + retval=$? + if [ $retval -eq 0 ] ; then + [ ! -s /tmp/${AnsI}$$.json ] && ERROR empty /tmp/${AnsI}$$.json >&2 && exit 4 + #!? export + VALUE=`jq .$VARIABLE < /tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo` + jretval=$? + if [ $jretval -eq 0 ] ; then + [ -n "$DEBUG" ] && DBUG "$prog base=$base VALUE=$VALUE" >&2 + [ "$VALUE" = "null" ] && VALUE="" + echo -n "$VALUE" + else + WARN $VARIABLE jretval=$jretval /tmp/${AnsI}$$.json >&2 + fi + else + ERROR $VARIABLE retval=$retval /tmp/${AnsI}$$.json /tmp/${AnsI}$$.err >&2 + cat /tmp/${AnsI}$$.err >&2 + exit 8 + fi +# rm -f /tmp/${AnsI}$$.json + +exit 0 diff --git a/overlay/Linux/usr/local/bin/base_ansible.bash b/overlay/Linux/usr/local/bin/base_ansible.bash new file mode 100755 index 0000000..3cc5b95 --- /dev/null +++ b/overlay/Linux/usr/local/bin/base_ansible.bash @@ -0,0 +1,9 @@ +#!/bin/sh +# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*- + +ROLE=base +prog=$( basename $0 .bash ) + +export ANSIBLE_CONFIG=/o/data/TestForge/src/ansible + +/usr/local/bin/python3.sh /usr/local/bin/ansible "$@" diff --git a/overlay/Linux/usr/local/bin/base_check_site_py.bash b/overlay/Linux/usr/local/bin/base_check_site_py.bash index 40ff88a..3763991 100755 --- a/overlay/Linux/usr/local/bin/base_check_site_py.bash +++ b/overlay/Linux/usr/local/bin/base_check_site_py.bash @@ -86,5 +86,5 @@ python$PYMAJ $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py || exit 0 # [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2 # [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3 -# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python2.bash ] || exit 22 -# [ $( python3.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python3.bash ] || exit 33 +# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = $PREFIX/bin/python2.bash ] || exit 22 +# [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = $PREFIX/bin/python3.sh ] || exit 33 diff --git a/overlay/Linux/usr/local/bin/base_clean_path.bash b/overlay/Linux/usr/local/bin/base_clean_path.bash index bf7e2ab..de24700 100755 --- a/overlay/Linux/usr/local/bin/base_clean_path.bash +++ b/overlay/Linux/usr/local/bin/base_clean_path.bash @@ -17,7 +17,7 @@ for elt in $PATH ; do done IFS=' ' -elt=/var/local/bin +elt=$PREFIX/bin [[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt" echo $N diff --git a/overlay/Linux/usr/local/bin/base_daily.bash b/overlay/Linux/usr/local/bin/base_daily.bash index c619ebc..9a2afdf 100755 --- a/overlay/Linux/usr/local/bin/base_daily.bash +++ b/overlay/Linux/usr/local/bin/base_daily.bash @@ -74,8 +74,8 @@ done elt=doctest3 if [ $MYID -ne 0 ] ; then - /var/local/bin/testforge_python_doctest3.bash \ - /var/local/share/doc/txt/base3.txt \ + $PREFIX/bin/testforge_python_doctest3.bash \ + $PREFIX/share/doc/txt/base3.txt \ > "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG fi diff --git a/overlay/Linux/usr/local/bin/base_hourly.bash b/overlay/Linux/usr/local/bin/base_hourly.bash index 77d2efe..9726f23 100755 --- a/overlay/Linux/usr/local/bin/base_hourly.bash +++ b/overlay/Linux/usr/local/bin/base_hourly.bash @@ -25,7 +25,7 @@ find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG -if ip route | grep -v ^def ; then +if ip route | grep -q ^def ; then gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$? dirmngr-client -v --ping /dev/null || exit 1 P="BASE_PYTHON${PYVER}_MINOR" PYTHON_MINOR="$(eval echo \$$P)" +else + [ -n "$PYTHON_MINOR" ] || \ + PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) fi - -[ -n "$PYTHON_MINOR" ] || \ - PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) [ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib [ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64 @@ -63,7 +63,8 @@ fi [[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS" [[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS" -[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy http://localhost:3128" +[[ "$*" =~ '--proxy' ]] || [ -z "$https_proxy" ] || \ + LARGS="$LARGS --proxy $https_proxy" MYID=$( id -u ) if [ "$1" = 'uninstall' ] ; then @@ -74,7 +75,7 @@ elif [ "$1" = 'install' ] ; then shift RARGS="$RARGS --progress-bar=off" # LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh" - /usr/local/bin/proxy_ping_test.bash wifi # || exit 3$? +# /usr/local/bin/proxy_ping_test.bash wifi # || exit 3$? # Can not combine '--user' and '--prefix' if true ; then # >9.0.1 if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then diff --git a/overlay/Linux/usr/local/bin/proxy_ping_test.bash b/overlay/Linux/usr/local/bin/proxy_ping_test.bash index b4c2195..11be1fc 100755 --- a/overlay/Linux/usr/local/bin/proxy_ping_test.bash +++ b/overlay/Linux/usr/local/bin/proxy_ping_test.bash @@ -11,7 +11,10 @@ PYVER=3 . /usr/local/bin/proxy_ping_lib.bash || \ { ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; } +[ -f $PREFIX/etc/testforge/testforge.bash ] && \ + . /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1 PL=/usr/local/bin/proxy_libvirt_lib.bash + declare -a tests which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0 @@ -20,22 +23,19 @@ which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0 which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0 [ -z "$prog" ] || prog=proxy_ping_test -proxy_ping_get_socks >/dev/null -[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1 -[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050 +SOCKS_PAIR=`proxy_ping_get_socks` +[ -z "$SOCKS_HOST" ] && SOCKS_HOST=`echo $SOCKS_PAIR|sed -e 's/:.*//'` +[ -z "$SOCKS_PORT" ] && SOCKS_PORT=`echo $SOCKS_PAIR|sed -e 's/.*://'` [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 -HTTPS_PORT=9128 -HTTPS_HOST=127.0.0.1 -proxy_ping_get_https >/dev/null +HTTPS_PORT=`echo $HTTPS_PAIR|sed -e 's/.*://'` +HTTPS_HOST=`echo $HTTPS_PAIR|sed -e 's/:.*//'` +HTTPS_PAIR=`proxy_ping_get_https` [ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1 -HTTP_PORT=3128 -HTTP_PROXY_HOST=127.0.0.1 -proxy_ping_get_http >/dev/null +HTTP_PAIR=`proxy_ping_get_http` +HTTP_PORT=`echo $HTTP_PAIR|sed -e 's/.*://'` +HTTP_HOST=`echo $HTTP_PAIR|sed -e 's/:.*//'` [ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1 -[ -f $PREFIX/etc/testforge/testforge.bash ] && \ - . /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1 - P="BASE_PYTHON${PYVER}_MINOR" PYTHON_MINOR="$(eval echo \$$P)" [ -n "$PYTHON_MINOR" ] || \ @@ -65,14 +65,14 @@ TIMEOUT=30 [ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway" DNS_HOST1="208.67.220.220" -DNS_HOST2="8.8.8.8"ggggg +DNS_HOST2="1.1.1.1" [ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39 [ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39 HTTP_TARGET=www.whatismypublicip.com # time.nist.gov 132.163.97.3 NTP_HOST1=132.163.97.3 -# pool.ntp.org 78.46.53.2 +# pool.ntp.org 78.46.53.2 205.206.70.7 NTP_HOST2=78.46.53.2 # --no-check-certificate WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null" @@ -103,6 +103,113 @@ DNS_HOST=$SOCKS_HOST [ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin [ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 ) +PROXY_GPG_KEYSERVER=keys.openpgp.org +declare -a GPG_KEYSERVERS=( + hkp://$PROXY_GPG_KEYSERVER + hkp://gpg.mit.edu + hkp://keys.gnupg.net +) +## proxy_test_dirmngr +proxy_test_dirmngr () { + [ $# -eq 0 ] && set -- "${GPG_KEYSERVERS[@]}" + DBUG proxy_test_dirmngr MODE=$MODE $* ; + # shellcheck disable=SC2154 + [ -z "$ELOG" ] && ELOG=/tmp/proxy_test_dirmngr$$.err + # shellcheck disable=SC2154 + [ -z "$WLOG" ] && WLOG=/tmp/proxy_test_dirmngr$$.log + + [ -h /usr/bin/dirmngr ] || { + WARN /usr/bin/dirmngr not a symlink + #fixed? return 2 + } + + grep ^hkp-cacert /etc/dirmngr/dirmngr.conf | while read a b; do + [ -f $b ] || WARN file not found $b in /etc/dirmngr/dirmngr.conf + done + /usr/bin/dirmngr --version /dev/null && \ + INFO /usr/bin/dirmngr working --version || { + ERROR /usr/bin/dirmngr not working --version + return 3 + } + # grep ^OK + DM=`grep ' keyserver ' /etc/dirmngr/dirmngr.conf | head -1 | sed -e 's/.* //'` + + grep -q "^wlan[1-9][ ]00000000" /proc/net/route || { + DBUG not connected + return 0 + } + + echo 'loadswdb --force' /bye | \ + gpg-connect-agent --dirmngr \ + >/tmp/GpgL$$.tmp 2>&1 + retval=$? + [ $retval -ne 0 ] && \ + WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye /tmp/GpgL$$.tmp && \ + cat /tmp/GpgL$$.tmp && \ + # return 5$retval + ! grep -q OK /tmp/GpgL$$.tmp && \ + WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye OK not found /tmp/GpgL$$.tmp && \ + # return 6$retval + + INFO elt=gpg-connect-agent --dirmngr 'loadswdb --force' OK + rm -f /tmp/GpgL$$.tmp + + # gpg-connect-agent --dirmngr 'help keyserver' /bye + echo 'keyserver --resolve' /bye | \ + gpg-connect-agent --dirmngr \ + >/tmp/GpgG$$.tmp 2>&1 + retval=$? + grep 'ERR\|failed:' /tmp/GpgG$$.tmp >> $ELOG && \ + ERROR gpg-connect-agent $elt `tail -1 $ELOG` && \ + return 10 + grep -q ^S /tmp/GpgG$$.tmp || { \ + WARN gpg-connect-agent 'keyserver' no S /tmp/GpgG$$.tmp && \ + return 8$retval + } + INFO elt=gpg-connect-agent 'keyserver --resolve' S + cat /tmp/GpgG$$.tmp + rm -f /tmp/GpgG$$.tmp + + if [ ! -d /root/.emacs.d/elpa/gnupg ] || \ + ! ps ax | grep -q -e '--homedir /root/.emacs.d/elpa/gnupg' ; then + WARN no running /root/.emacs.d/elpa/gnupg agent + else + INFO running /root/.emacs.d/elpa/gnupg agent + echo keyserver --resolve | \ + gpg-connect-agent --dirmngr \ + --homedir /root/.emacs.d/elpa/gnupg \ + >/tmp/GpgC$$.tmp 2>&1 + retval=$? + if grep 'ERR\|failed:' /tmp/GpgC$$.tmp >> $ELOG ; then + WARN /root/.emacs.d/elpa/gnupg gpg-connect-agent `tail -1 $ELOG` && \ + cat /tmp/GpgC$$.tmp + else + INFO elt=gpg-connect-agent + cat /tmp/GpgC$$.tmp + rm -f /tmp/GpgC$$.tmp + fi + fi + + return 0 +} + +## proxy_test_privoxy_test +proxy_test_privoxy_test () { DBUG proxy_test_privoxy_test $* ; + return 0 + /etc/init.d/privoxy status || /etc/init.d/privoxy start + /etc/init.d/privoxy status && \ + DBUG /etc/init.d/privoxy running || { + WARN /etc/init.d/privoxy not running $PROXY_HTTP_PROXY_PORT + } + # /usr/local/bin/proxy_ping_test.bash 3128 + netstat -nlpe4 | grep -q :$PROXY_HTTP_PROXY_PORT || { + ERROR /etc/init.d/privoxy not working $PROXY_HTTP_PROXY_PORT + return 4 + } + INFO elt=/etc/init.d/privoxy working $PROXY_HTTP_PROXY_PORT + return 0 +} + ## proxy_test_netstat_dns proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ; $NETS | grep -q ":53" @@ -119,7 +226,7 @@ proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ; retval=$? [ $retval -eq 0 ] && return 0 ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW - [ -z "$ALL" ] && exit $ARG$retval || return 1 + [ -z "$ALL" ] && exit "$ARG$retval" || return 1 # works GREP="-i icmp" return 0 @@ -128,7 +235,7 @@ proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ; ## proxy_test_dig_direct proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ; - dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null + dig @$DNS_HOST1 $NTP_HOST2 +timeout=$TIMEOUT >/dev/null retval=$? [ $retval -eq 0 ] && return 0 ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1 @@ -140,8 +247,8 @@ proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ; return 0 } -## proxy_test_curl_firewall_bin -proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ; +## proxy_test_curl_firewall_asbin +proxy_test_curl_firewall_asbin () { DBUG proxy_test_curl_firewall_asbin $* ; su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null retval=$? [ $retval -eq 0 ] && return 0 @@ -154,7 +261,7 @@ proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ; ## proxy_ping_curl proxy_ping_curl () { DBUG proxy_ping_curl $* ; local retval - timeout -k $TIMEOUT $TIMEOUT $CURL "$@" + timeout -k $TIMEOUT $TIMEOUT $CURL "$@" retval=$? # "DEBUG: wierd failure curl: (35) Encountered end of file" [ $retval -eq 0 -o $retval -eq 35 ] && return 0 @@ -164,7 +271,7 @@ proxy_ping_curl () { DBUG proxy_ping_curl $* ; ## proxy_ping_make_help proxy_ping_make_help () { grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \ - > /tmp/proxy_ping_test.hlp + > /tmp/proxy_ping_test-$USER.hlp return 0 } @@ -260,7 +367,7 @@ proxy_test_pretest_exit () { { WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; } proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; } elif [ "$1" = nat ] ; then - : proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; } + proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; } else proxy_do_ping || exit 4$? proxy_ping_test_resolv $MODE || \ @@ -276,19 +383,19 @@ proxy_test_help_args () { declare -a elts=() declare -a ret=() local elt - if [ "$1" = selektor -o "$1" = whonix -o "$1" = torhost ] ; then - elts=($1 socks http dns https tordns firefail) - elif [ "$1" = torlibvirthost ] ; then - elts=($1 libvirthost socks http https tordns firefail) + if [ "$1" = selektor -o "$1" = torhost ] ; then + elts=($1 socks dns http https dirmngr tordns firefail) + elif [ "$1" = torlibvirthost -o "$1" = whonix ] ; then + elts=(libvirthost socks http https dirmngr tordns firefail) elts+=($MODE) - elif [ "$1" = gateway ] ; then - elts=($1 libvirtguest socks dns http https firefail) + elif [ "$1" = gateway -o "$1" = nat ] ; then + elts=($1 libvirtguest socks dns http https dirmngr firefail) else elts=($1) fi for elt in "${elts[@]}" ; do # DBUG proxy_test_help_args $elt $1 >&2 - ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test.hlp | \ + ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test-$USER.hlp | \ sed -e 's/.=.*//' -e 's/.*tests.//') ) done DBUG proxy_test_help_args "${ret[@]}" >&2 @@ -302,66 +409,88 @@ proxy_ping_test_set_args () { local args="$@" local val="$@" declare -a aret=() - rm -f /tmp/proxy_ping_test.hlp - [ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help -## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition + rm -f /tmp/proxy_ping_test-$USER.hlp + [ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help + +## to_tor - tor with the firewall host side client setup tor server - gateway [ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] && aret=( 6 13 16 ) && \ ! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv -## vda - through the Gateway with the firewall - also polipo,panic - uses env -[ "$1" = vda ] && - aret=( 35 3 20 ) # ## kick - open firewall with tor running - call dns,polipo +tor in addition [ "$1" = kick -o "$1" = host ] && aret=( 24 31 13 16 6 )# 30 24 31 6 13 16 -## gateway - on the Gateway, trans firewall with tor running - call dns in addition -[ "$1" = gateway ] && - aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16 -# aliases -# socks defines http as the target of a user using socks -[ "$1" = "$SOCKS_PORT" ] && set -- socks -# http defines http as the target of a user using http -[ "$1" = "$HTTP_PORT" ] && set -- http -# https defines http as the target of a user using https -[ "$1" = "$HTTPS_PORT" ] && set -- https -# dns defines http as the target of a user using dns -[ "$1" = "53" ] && set -- dns -# tordns defines http as the target of a user using tordns -[ "$1" = "9053" ] && set -- tordns + # aliases + # socks defines http as the target of a user using socks + [ "$1" = "$SOCKS_PORT" ] && set -- socks + # http defines http as the target of a user using http + [ "$1" = "$HTTP_PORT" ] && set -- http + # https defines http as the target of a user using https + [ "$1" = "$HTTPS_PORT" ] && set -- https + # dns defines http as the target of a user using dns + [ "$1" = "53" ] && set -- dns + # tordns defines http as the target of a user using tordns + [ "$1" = "9053" ] && set -- tordns + + # old aliases + [ "$1" = scan ] && set -- iwlist + [ "$1" = panic ] && set -- firewall + [ "$1" = asbin ] && set -- firewall + + [ "$1" = to_gateway ] && set -- whonix + [ "$1" = from_tor ] && set -- whonix + [ "$1" = from_gateway ] && set -- gateway + [ "$1" = to_tor ] && set -- gateway + [ "$1" = workstation ] && set -- ws -[ "$1" = scan ] && set -- iwlist -[ "$1" = panic ] && set -- firewall -[ "$1" = to_gateway ] && set -- whonix -[ "$1" = from_tor ] && set -- whonix -[ "$1" = from_gateway ] && set -- gateway -[ "$1" = traceroute ] && set -- = trace -[ "$1" = connected ] && set -- wifi -[ "$1" = clear ] && set -- direct - -# scenarios - modes: nat selektor + [ "$1" = traceroute ] && set -- = trace + [ "$1" = connected ] && set -- wifi + [ "$1" = clear ] && set -- direct + [ "$1" = tor ] && set -- torhost + + # scenarios - modes: nat selektor + # wifi? ## nat - through the Gateway via the nat -[ "$1" = nat ] && \ - set -- ping dns socks http https tordns firefail libvirtguest -# wifi? -[ "$1" = whonix ] && \ - set -- ping tordns dns socks http https torhost tordns firefail gw -[ "$1" = tor -o "$1" = selektor ] && \ - set -- ping tordns dns trace torhost nmap gw -## torhost implies - -#? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition -[ "$1" = direct -o "$1" = '' ] && \ - set -- ping dns trace nmap gw - -## all - all tests not stopping on the first error -[ "$1" = all ] && ALL=1 -# aret="${#tests[@]}" - + if [ "$1" = nat ] ; then + set -- $1 ping dns socks http https dirmngr tordns firefail libvirtguest + [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT" +## vda - through the Gateway with the firewall - also polipo,panic - uses env +## ws - through the Gateway with the firewall - it is a vda + [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT" + elif [ "$1" = vda -o "$1" = ws ] ; then + # Fixme - guessing + # was aret=( 35 3 20 ) + set -- ping dns socks http https dirmngr tordns firefail libvirtguest +## gateway - ssh to the whonix gateway from the torhost + elif [ "$1" = gateway ] ; then + ## gateway - on the Gateway, trans firewall with tor running - + #? looks like it had direct in gateway; + #? aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16 + set -- ping dns socks http https dirmngr tordns firefail libvirtguest + [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT" +## whonix - whonix torhost with libvirt container running gateway behind firewa + elif [ "$1" = whonix ] ; then + set -- ping libvirtguest tordns dns socks http https dirmngr torhost tordns firefail gw + [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT" +## torhost - running tor with the firewall + [ "$1" = torhost -o "$1" = selektor ] && \ + set -- ping torhost tordns dns trace nmap gw + [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT" + #? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition +## direct - assume no firewall and no proxy - but may work depend on env + elif [ "$1" = direct -o "$1" = '' ] ; then + set -- ping dns trace nmap gw + + ## all - all tests not stopping on the first error + elif [ "$1" = all ] ; then + ALL=1 + # aret="${#tests[@]}" + fi + ## gw - test if we are connected to the gateway ## env - from the cmdline with a properly setup env ## firefail - test the proxy without env vars to expect failure -## torhost - running tor with the firewall ## http - assumes torhost or whonix and env setup ## https - assumes torhost or whonix and env setup ## socks - assumes torhost or whonix and env setup @@ -373,23 +502,21 @@ proxy_ping_test_set_args () { ## iwlist - wlan scan of a wifi host ## firewall - test that the firewall blocks ## virbr1 - looks for virbr1 on a libvirt host torhost or whonix -## gateway - ssh to the whonix gateway from the torhost ## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda ## wifi - test if we are connected - call scan in addition ## libvirthost - hosting a libvirt container ## libvirtguest - in a libvirt container -## whonix - whonix torhost with libvirt container running gateway behind firewall - aliases: to_gateway from_tor -## direct - assume no firewall and no proxy - but may work depend on env - + for elt in "$@" ; do - if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \ + if [ "$elt" = gw -o "$elt" = env -o \ "$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \ - "$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \ + "$elt" = torhost -o "$elt" = 'nat' -o "$elt" = whonix -o "$elt" = selektor -o \ + "$elt" = tordns -o \ "$elt" = libvirthost -o "$elt" = torlibvirthost -o \ "$elt" = libvirtguest -o "$elt" = virbr1 -o \ "$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \ "$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \ - "$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \ + "$elt" = trace -o "$elt" = wifi -o "$elt" = 'dirmngr' -o "$elt" = 'test' \ ] ; then aret+=( `proxy_test_help_args $elt` ) else @@ -407,21 +534,23 @@ if [ "$#" = 0 ] ; then # default to mode set -- $MODE fi -if [ $1 = '-h' -o $1 = '--help' ] ; then +if [ "$1" = '-h' -o $1 = '--help' ] ; then echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g' grep '^## [a-oq-z]' $0 | sed -e 's/^## / /' exit 0 elif [ "$1" = 0 ] ; then INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE - echo 0 help /tmp/proxy_ping_test.hlp - [ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help - . /tmp/proxy_ping_test.hlp + echo 0 help /tmp/proxy_ping_test-$USER.hlp + [ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help + . /tmp/proxy_ping_test-$USER.hlp for elt in "${!tests[@]}" ; do echo $elt "${tests[$elt]}" done exit 0 elif [[ $1 =~ ^[0-9] ]] ; then : passthrough + elif [ $1 = 'test' -o $1 = '--test' ] ; then + set -- 99 else set -- `proxy_ping_test_set_args "$@"` DBUG running tests numbered "$@" @@ -459,7 +588,7 @@ while [ "$#" -gt 0 ] ; do tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https " [ -n "$https_proxy" ] && LARGS="" || \ LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}" - $LARGS $WGET https://$HTTP_TARGET + $LARGS $WGET https://$HTTP_TARGET 2>/dev/null retval=$? if [ $retval -eq 8 -o $retval -eq 0 ] ; then INFO $prog test=$ARG "${tests[$ARG]}" @@ -547,9 +676,9 @@ while [ "$#" -gt 0 ] ; do GREP="$SOCKS_DNS" elif [ $ARG -eq 6 ] ; then + tests[6]="curl_https_as_user - https " proxy=`proxy_ping_get_https` desc="curl --proxy http://${proxy}" - tests[6]="curl_https_as_user - https " proxy_ping_curl --proxy http://${proxy} \ --proxy-insecure https://$HTTP_TARGET || { \ retval=$? @@ -630,7 +759,6 @@ while [ "$#" -gt 0 ] ; do tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct " [ $USER = root ] || continue which nmap 2>/dev/null >/dev/null || continue - [ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220" nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \ retval=$? ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53 @@ -641,9 +769,9 @@ while [ "$#" -gt 0 ] ; do GREP="53" elif [ $ARG -eq 13 ] ; then - tests[13]="curl_firewall_bin - wifi " + tests[13]="curl_firewall_bin - firewall " [ $USER = root ] || continue - proxy_test_curl_firewall_bin || continue + proxy_test_curl_firewall_asbin || continue INFO $prog test=$ARG "${tests[$ARG]}" curl bin # works GREP="443" @@ -664,7 +792,7 @@ while [ "$#" -gt 0 ] ; do INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct elif [ $ARG -eq 16 ] ; then - tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost " + tests[16]="nslookup_as_root nslookup ${DNS_HOST1} $PRIV_BIN_OWNER - firewall " [ $USER = root ] || continue [ $HAVE_NSLOOKUP = 1 ] || continue su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \ @@ -705,7 +833,8 @@ while [ "$#" -gt 0 ] ; do GREP="123" elif [ $ARG -eq 19 ] ; then tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail " - proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \ + timeout -k $TIMEOUT $TIMEOUT env - $CURL \ + --noproxy "'*.*'" --connect-timeout $TIMEOUT \ http://$HTTP_TARGET >/dev/null && { retval=$? ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy @@ -782,7 +911,7 @@ while [ "$#" -gt 0 ] ; do [ $HAVE_NSLOOKUP = 1 ] || continue # noenv with or without proxy # @$DNS_HOST1 should fail for firewall unless dnsmasq is working - $NSL >/dev/null $DNS_TARGET || { \ + $NSL >/dev/null $DNS_TARGET ${DNS_HOST} || { \ retval=$? WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET [ -z "$ALL" ] && exit $ARG$retval || continue @@ -832,7 +961,7 @@ while [ "$#" -gt 0 ] ; do elif [ $ARG -eq 30 ] ; then tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost " - [ $MODE = tor -o $MODE = whonix -o $MODE = selektor ] || { + [ $MODE = tor -o $MODE = whonix -o $MODE = gateway -o $MODE = selektor ] || { # are there other roles that run tor? WARN $prog MODE != tor test=$ARG } @@ -856,9 +985,10 @@ while [ "$#" -gt 0 ] ; do elif [ $ARG -eq 31 ] ; then tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http " - proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \ + timeout -k $TIMEOUT $TIMEOUT env - $CURL \ + --noproxy '*' http://${HTTP_TARGET} && { \ retval=$? - ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval http to $HTTP_PORT + ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval $HTTP_TARGET [ -z "$ALL" ] && exit $ARG$retval || continue } INFO $prog test=$ARG "${tests[$ARG]}" @@ -908,9 +1038,9 @@ while [ "$#" -gt 0 ] ; do [ $USER = root ] || continue [ $HAVE_DIG = 1 ] || continue # @$DNS_HOST1 - su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \ + su -c "dig $NTP_HOST2 +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \ retval=$? - ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER + ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig $NTP_HOST2 $PRIV_BIN_OWNER [ -z "$ALL" ] && exit $ARG$retval || continue } INFO $prog test=$ARG "${tests[$ARG]}" @@ -918,12 +1048,12 @@ while [ "$#" -gt 0 ] ; do GREP="53" elif [ $ARG -eq 36 ] ; then - tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns " + tests[36]="tor_resolve_as_user tor-resolve $NTP_HOST2 - tordns " [ $HAVE_TOR_RESOLVE = 1 ] || continue - tor-resolve pool.ntp.org >/dev/null || { \ + tor-resolve $NTP_HOST2 >/dev/null || { \ retval=$? # dunno Failed parsing SOCKS5 response conf? - WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org + WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve $NTP_HOST2 continue } INFO $prog test=$ARG "${tests[$ARG]}" @@ -931,7 +1061,7 @@ while [ "$#" -gt 0 ] ; do GREP="9053" elif [ $ARG -eq 37 ] ; then - tests[37]="qemu-guest-agent and ports - libvirtguest " + tests[37]="qemu_guest_agent_ports - libvirtguest " ser=qemu-guest-agent proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start proxy_rc_service $ser status >/dev/null || { \ @@ -946,8 +1076,9 @@ while [ "$#" -gt 0 ] ; do } INFO $prog test=$ARG "${tests[$ARG]}" GREP="" + elif [ $ARG -eq 38 ] ; then - tests[38]="qemu-guest-agent and ports - libvirthost " + tests[38]="check_libvirt_running - libvirthost " [ $USER = root ] || continue $PL proxy_libvirt_list aret=$? @@ -957,12 +1088,42 @@ while [ "$#" -gt 0 ] ; do DBUG proxy_libvirt_status aret=$aret else # was $GATEW_DOM but now can be gentoo_vm-2 etc - $PL proxy_libvirt_list 2>&1 | grep -q "running" || { - WARN MODE=$MODE and nothing libvirt running ; + $PL proxy_libvirt_list 2>&1| grep -q "running" || { + WARN MODE=$MODE and nothing libvirt running continue } INFO $prog test=$ARG "${tests[$ARG]}" fi + + elif [ $ARG -eq 39 ] ; then + tests[39]="proxy_test_dirmngr - dirmngr " + [ $USER = root ] || continue + proxy_test_dirmngr + + elif [ $ARG -eq 99 ] ; then + tests[99]="test_all_modes unfinished not sure" + [ $USER = root ] || continue + for elt in vda selektor ws gateway nat tor whonix; do + INFO testing $elt + if [ "$MODE" = vda ] ; then + : vda + elif [ "$MODE" = selektor ] ; then + : selektor + elif [ "$MODE" = ws ] ; then + : ws + elif [ "$MODE" = gateway ] ; then + : gateway + elif [ "$MODE" = nat ] ; then + : nat + elif [ "$MODE" = tor ] ; then + : tor + elif [ "$MODE" = whonix ] ; then + : whonix + else + WARN unrecognized mode MODE=$elt + fi + done + elif false ; then if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then $NETS | grep -q :53 || { @@ -977,21 +1138,3 @@ while [ "$#" -gt 0 ] ; do done exit 0 - - 1) - env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate - 2) - curl $D -k --proxy - 3) - curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure - 6) - curl -k --proxy $HTTP_PORT - 16) - nslookup $PRIV_BIN_OWNER - 18) - ntpdate as sroot - 19) - curl raw noproxy - 0) - usage - diff --git a/overlay/Linux/usr/local/bin/usr_local_base.bash b/overlay/Linux/usr/local/bin/usr_local_base.bash index 24b6d53..5d6c053 100755 --- a/overlay/Linux/usr/local/bin/usr_local_base.bash +++ b/overlay/Linux/usr/local/bin/usr_local_base.bash @@ -1,32 +1,25 @@ #!/bin/bash # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- +# this should be unused + [ -z "$prog" ] && prog=`basename $0 .bash` [ -z "$USER" ] && USER=$( id -un ) +ROLE=base [ -f /usr/local/bin/usr_local_tput.bash ] && \ - . /usr/local/bin/usr_local_tput.bash - -## box_gentoo_emerge -box_gentoo_emerge () { - [ "$#" -lt 1 ] && return 0 - local elt - declare -a ARGS - for elt in "$@" ; do - [ -z "$elt" ] && continue - grep -q "^$elt$" /var/lib/portage/world && continue - ls /var/db/pkg/"$elt"-[0-9]* 2>/dev/null >/dev/null && continue - qlist -IsS "$elt" | grep -q "^$elt" && continue - equery l -f "^$elt$" | grep '^.I' && continue - ARGS+=($elt) - done - [ "${#ARGS[@]}" -eq 0 ] && exit 0 - INFO "${ARGS[@]}" - /usr/local/sbin/box_gentoo_emerge.bash "${ARGS[@]}" || return $? - return 0 -} +. /usr/local/bin/usr_local_tput.bash +. /usr/local/src/usr_local_src.bash base=usr_local_base # DBUG 0=$0 + +## box_gentoo_emerge - unused? +box_gentoo_emerge () { + msys_gentoo_emerge "$@" + return $? +} + + if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then [ "$#" -eq 0 ] && exit 0 [ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \ diff --git a/overlay/Linux/usr/local/bin/usr_local_tput.bash b/overlay/Linux/usr/local/bin/usr_local_tput.bash index 9dd0947..cc92769 100755 --- a/overlay/Linux/usr/local/bin/usr_local_tput.bash +++ b/overlay/Linux/usr/local/bin/usr_local_tput.bash @@ -1,77 +1,87 @@ #!/bin/sh # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- -[ -z "$TERM" ] && exit 0 [ -z "$prog" ] && prog=`basename $0 .bash` [ -z "$USER" ] && USER=$( id -un ) [ -z "$DEBUG" ] && DEBUG=0 - -if [ -n "$TERM" ] ; then - # vars that can be used to change font color - blue=$(tput setaf 6) - cyan=$(tput setaf 5) - green=$(tput setaf 2) - yellow=$(tput setaf 3) - red=$(tput setaf 1) - normal=$(tput sgr0) # default color +if [ -z "$TERM" ] || [ "`tty`" == '' ] ; then + USAGE () { echo "USAGE: " $* ; exit 0 ; } + ERROR () { echo "ERROR: $prog" $* ; } + WARN () { echo "WARN: $prog" $* ; } + INFO () { echo "INFO: $prog" $* ; } + DBUG () { echo "DBUG: $prog" $* ; } + PANIC () { echo "PANIC: $prog" $* ; exit 1; } + FATL () { echo "PANIC: $prog" $* ; exit 1; } + + usage () { echo "USAGE: " $* >&2 ; exit 0 >&2 ; } + error () { echo "ERROR: $prog" $* >&2 ; } + warn () { echo "WARN: $prog" $* >&2 ; } + info () { echo "INFO: $prog" $* >&2 ; } + dbug () { echo "DBUG: $prog" $* >&2 ; } + panic () { echo "PANIC: $prog" $* >&2 ; exit 1; } + fatl () { echo "PANIC: $prog" $* >&2 ; exit 1; } else - blue= - cyan= - green= - yellow= - red= - normal= + + if [ -n "$TERM" ] ; then + # vars that can be used to change font color + blue=$(tput setaf 6) + cyan=$(tput setaf 5) + green=$(tput setaf 2) + yellow=$(tput setaf 3) + red=$(tput setaf 1) + normal=$(tput sgr0) # default color + else + blue= + cyan= + green= + yellow= + red= + normal= + fi + + FATL () { + local code=0 + [ $# -eq 1 ] && code=1 + [ $# -gt 1 ] && code=$1 && shift + echo ${red}FATL:${normal} $* + exit $code + } + ftal () { FATL >&2 "$@" ; } + panic () { FATL >&2 "$@" ; } + PANIC () { FATL >&2 "$@" ; } + + ERROR () { + echo ${red}EROR:${normal} $* + return 0 + } + error () { ERROR >&2 $* ; } + + WARN () { + echo ${yellow}WARN:${normal} $* + return 0 + + } + warn () { WARN >&2 $* ; } + + INFO () { + echo ${green}INFO:${normal} $* + return 0 + } + info () { INFO >&2 $* ; } + + DBUG () { + [ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || echo ${blue}DBUG:${normal} $* + return 0 + } + dbug () { DBUG >&2 $* ; } + debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; } + + USAGE () { + echo ${yellow}USAGE:${normal} $* + return 0 + + } + usage () { USAGE >&2 $* ; } fi -FATL () { - local code=0 - [ $# -eq 1 ] && code=1 - [ $# -gt 1 ] && code=$1 && shift - echo ${red}FATL:${normal} $* - exit $code -} -ftal () { FATL >&2 "$@" ; } -panic () { FATL >&2 "$@" ; } -PANIC () { FATL >&2 "$@" ; } - -ERROR () { - echo ${red}EROR:${normal} $* - return 0 -} -error () { ERROR >&2 $* ; } - -WARN () { - echo ${yellow}WARN:${normal} $* - return 0 - -} -warn () { WARN >&2 $* ; } - -USAGE () { - echo ${yellow}USAGE:${normal} $* - return 0 - -} -usage () { USAGE >&2 $* ; } - -INFO () { - echo ${green}INFO:${normal} $* - return 0 -} -info () { INFO >&2 $* ; } - -DBUG () { - [ -z "$DEBUG" ] || [ "$DEBUG" = 0 ] || echo ${blue}DBUG:${normal} $* - return 0 -} -dbug () { DBUG >&2 $* ; } -debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; } - -usage () { - echo ${yellow}USAGE:${normal} $* - return 0 - -} -USAGE () { usage $* ; } - -ols_are_we_connected () { route | grep -q ^default ; return $? ; } +msys_are_we_connected () { grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; return $? ; } diff --git a/overlay/Linux/usr/local/sbin/bootstrap_pip_ansible.bash b/overlay/Linux/usr/local/sbin/bootstrap_pip_ansible.bash index d04a6bf..c19922f 100755 --- a/overlay/Linux/usr/local/sbin/bootstrap_pip_ansible.bash +++ b/overlay/Linux/usr/local/sbin/bootstrap_pip_ansible.bash @@ -100,7 +100,7 @@ fi [ -d /etc/portage -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=vagrant [ -d /etc/apt -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=devuan -[ -z "$BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME +[ -z "$BOX_USER_HOME" -o ! -d "$BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME [ -z "$BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm [ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp @@ -148,20 +148,20 @@ fi if [ -d $UPTMP/boxuser_pip_cache ] ; then bootstrap_mkdir $BOX_USER_HOME/.cache/ && \ cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \ - chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \ +#? chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \ chmod -R g+rw $BOX_USER_HOME/.cache/pip && \ chmod -R o-w $BOX_USER_HOME/.cache/pip fi if [ -d $UPTMP/root_pip_cache ] ; then bootstrap_mkdir /root/.cache/ && \ cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \ - chown -R root.root /root/.cache/pip && \ +#? chown -R ${BOX_USER_NAME}:{BOX_ALSO_GROUP} /root/.cache/pip && \ chmod -R g+rw /root/.cache/pip && \ chmod -R o-w /root/.cache/pip fi if [ -d /etc/apt ] ; then - if ! route | grep -q ^default ; then + if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then DBUG "Not connected; skipping apt-get update" elif [ ! -f /var/log/dpkg.log ] ; then apt-get update # || exit 4 @@ -332,7 +332,7 @@ EOF fi # dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert -if ! route | grep -q ^default ; then +if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then DBUG "Not connected; skipping SSL Certificate Authority chain" elif [ -n "$https_proxy" ] ; then proxy=`echo "$https_proxy" | sed -e 's/https*:\/*//'` @@ -486,7 +486,7 @@ if ! $PREFIX/bin/python$PYVER.bash -c 'import curl' 2>/dev/null ; then [ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl fi #? --allow-unverified pycurl - if ! route | grep -q ^default ; then + if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then INFO "Not connected; not installing pycurl" elif $PREFIX/bin/pip$PYVER.sh install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then INFO "Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS" diff --git a/overlay/Linux/usr/local/sbin/box_gentoo_emerge.bash b/overlay/Linux/usr/local/sbin/box_gentoo_emerge.bash index 9256c81..7c8cd2b 100755 --- a/overlay/Linux/usr/local/sbin/box_gentoo_emerge.bash +++ b/overlay/Linux/usr/local/sbin/box_gentoo_emerge.bash @@ -3,6 +3,7 @@ prog=$( basename $0 .bash ) ROLE=base +PYVER=3 LOG_DIR=/usr/local/var/logs/portage [ -d $LOG_DIR ] || mkdir -p $LOG_DIR @@ -37,15 +38,16 @@ LARGS="$LARGS --noreplace" # LARGS="$LARGS --exclude " LOG=$LOG_DIR/$LOG export PYTHONPATH= -echo INFO: $LARGS $ARGS >> $LOG 2>&1 -nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 -[ $? -ne 0 ] && exit $? +echo INFO: emerge $LARGS $ARGS |tee -a $LOG >&2 +nice python$PYVER $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 +retval=$? +[ $retval -ne 0 ] && echo ERROR: $retval $LOG && tail $LOG && exit $retval if grep ImportError $LOG ; then - echo ERROR: ImportError $ARGS && exit 10 + echo ERROR: ImportError $LOG && exit 10 elif grep ParseError $LOG ; then - echo ERROR: ParseError $ARGS && exit 11 + echo ERROR: ParseError $LOG && exit 11 elif grep 'Your current profile is invalid' $LOG ; then - echo ERROR: Your current profile is invalid $ARGS && exit 12 + echo ERROR: Your current profile is invalid $LOG && exit 12 fi exit 0 diff --git a/overlay/Linux/usr/local/src/usr_local_base.bash b/overlay/Linux/usr/local/src/usr_local_base.bash index ac00267..f484d86 100755 --- a/overlay/Linux/usr/local/src/usr_local_base.bash +++ b/overlay/Linux/usr/local/src/usr_local_base.bash @@ -4,9 +4,10 @@ ROLE=proxy PREFIX=/usr/local -# should be usable per user +# should be usable per user or by root as a user + . /usr/local/src/usr_local_src.bash || exit 2 -ols_check_site_py >/dev/null || exit 3$? +msys_check_site_py >/dev/null || exit 3$? DESC="" export LOG_DIR=$PREFIX/var/log/$ROLE diff --git a/overlay/Linux/usr/local/src/usr_local_python.bash b/overlay/Linux/usr/local/src/usr_local_python.bash index 9bc46ab..bb72801 100755 --- a/overlay/Linux/usr/local/src/usr_local_python.bash +++ b/overlay/Linux/usr/local/src/usr_local_python.bash @@ -56,6 +56,20 @@ if [ "$#" -eq 0 ] ; then done exit 0 +elif [ "$1" = check ] ; then + + msys_var_local_src_prog_key $1 || exit 10$? + +elif [ "$1" = 'lint' ] ; then +# sudo chown -R 1000:4 /usr/local/var/log/testforge/shellcheck + msys_var_local_src_prog_key $1 || exit 20$? + # ols_run_tests_shellcheck $ROLE || exit 21$? + # ols_run_tests_pylint || exit 22$? + +elif [ "$1" = 'test' ] ; then + + msys_var_local_src_prog_key $1 || exit 51$? + fi #? FixMe: sed *sed - just /var/local diff --git a/tasks/Debian.yml b/tasks/Debian.yml index 158bb54..a5db54a 100644 --- a/tasks/Debian.yml +++ b/tasks/Debian.yml @@ -4,7 +4,7 @@ - name: "/usr/local/etc/local.d/Whonix-Lati.rc" blockinfile: - dest: /usr/local/etc/local.d/Whonix-Lati.rc + dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc" create: yes mode: 0770 owner: "{{ BOX_USER_NAME }}" diff --git a/tasks/Devuan.yml b/tasks/Devuan.yml index 63eeee0..055fa46 100644 --- a/tasks/Devuan.yml +++ b/tasks/Devuan.yml @@ -4,7 +4,7 @@ - name: "/usr/local/etc/local.d/Whonix-Lati.rc" blockinfile: - dest: /usr/local/etc/local.d/Whonix-Lati.rc + dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc" create: yes mode: 0770 owner: "{{ BOX_USER_NAME }}" diff --git a/tasks/Gentoo.yml b/tasks/Gentoo.yml index b2458a5..5138476 100755 --- a/tasks/Gentoo.yml +++ b/tasks/Gentoo.yml @@ -11,7 +11,7 @@ - name: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python" file: # Its on the PATH in portage/.../.../temp/environment ahead of - # .../usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:... + # ...{{USR_LOCAL}}/sbin:{{USR_LOCAL}}/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:... src: "/usr/bin/python{{BASE_PORTAGE_PYTHON_MINOR}}" dest: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python" state: link @@ -22,6 +22,9 @@ - name: "/etc/portage/make.conf base Gentoo GPSD_PROTOCOLS" blockinfile: dest: /etc/portage/make.conf + owner: "portage" + group: "portage" + mode: "0644" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [GPSD_PROTOCOLS]" block: | @@ -30,6 +33,9 @@ - name: "/etc/portage/make.conf base Gentoo PORTAGE_PYTHON" blockinfile: dest: /etc/portage/make.conf + owner: "portage" + group: "portage" + mode: "0644" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PORTAGE_PYTHON]" block: | @@ -252,7 +258,7 @@ create: false marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PKG_CONFIG_PATH]" block: | - PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig:/usr/local/lib/pkgconfig/" + PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig:{{USR_LOCAL}}/lib/pkgconfig/" - assert: that: - "'{{ BOX_OS_FLAVOR }}' != 'Funtoo'" @@ -269,6 +275,9 @@ dest: /etc/portage/repos.conf/default.conf create: yes marker: "# {mark} ANSIBLE MANAGED BLOCK base" + owner: "portage" + group: "portage" + mode: "0644" block: | [DEFAULT] # /usr/share/portage/config/repos.conf @@ -294,6 +303,9 @@ blockinfile: dest: /etc/portage/profile/package.provided create: yes + owner: "portage" + group: "portage" + mode: "0644" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo" block: | # /etc/portage/profile/package.provided @@ -312,6 +324,9 @@ blockinfile: dest: /etc/portage/make.conf create: false + owner: "portage" + group: "portage" + mode: "0644" marker: "# {mark} Ansible Managed Block base Gentoo.yml GRUB_PLATFORMS" block: | # added 2019-07 @@ -322,6 +337,9 @@ - name: "/etc/portage/make.conf base Gentoo ACCEPT_LICENSE" blockinfile: dest: /etc/portage/make.conf + owner: "portage" + group: "portage" + mode: "0644" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [ACCEPT_LICENSE]" block: | @@ -330,6 +348,9 @@ - name: "/etc/portage/make.conf base Gentoo VERIFY_SIG_OPENPGP_KEY_REFRESH" blockinfile: dest: /etc/portage/make.conf + owner: "portage" + group: "portage" + mode: "0644" create: false marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml VERIFY_SIG_OPENPGP_KEY_REFRESH" block: | diff --git a/tasks/Gentoo/Pentoo/use.yml b/tasks/Gentoo/Pentoo/use.yml index 99ddc10..5d44317 100644 --- a/tasks/Gentoo/Pentoo/use.yml +++ b/tasks/Gentoo/Pentoo/use.yml @@ -389,14 +389,6 @@ block: | dev-libs/libpcre2 pcre16 static-libs -- name: "/etc/portage/package.use/2017-10_world.txt" - blockinfile: - dest: /etc/portage/package.use/2017-10_world.txt - create: true - marker: "# {mark} Ansible Managed Block base libpcre2" - block: | - dev-libs/libpcre2 pcre16 static-libs - - name: "/etc/portage/package.use/2020-01_readline.txt" blockinfile: dest: /etc/portage/package.use/2020-01_readline.txt @@ -501,14 +493,6 @@ block: | dev-libs/libpcre2 pcre16 static-libs -- name: "/etc/portage/package.use/2017-10_world.txt" - blockinfile: - dest: /etc/portage/package.use/2017-10_world.txt - create: true - marker: "# {mark} Ansible Managed Block base libpcre" - block: | - dev-libs/libpcre2 pcre16 static-libs - - name: "/etc/portage/package.use/2018-01_qt.txt" blockinfile: dest: /etc/portage/package.use/2018-01_qt.txt diff --git a/tasks/Lati.yml b/tasks/Lati.yml index 50388fb..ca0fbdd 100755 --- a/tasks/Lati.yml +++ b/tasks/Lati.yml @@ -35,10 +35,10 @@ # either way - make sure there is only one. for elt in {{BASE_PYTHON2_MINOR}} {{BASE_PYTHON3_MINOR}} ; do [ -d /usr/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue - [ -d /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue - rm -rf /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad - mv /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources/ \ - /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad + [ -d {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue + rm -rf {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad + mv {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources/ \ + {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad done exit 0 diff --git a/tasks/ansible.yml b/tasks/ansible.yml index 282e9c6..7a1f053 100644 --- a/tasks/ansible.yml +++ b/tasks/ansible.yml @@ -14,7 +14,7 @@ - name: Assemble from fragments from a directory assemble: - src: /usr/local/etc/ansible/ansible.cfg + src: "{{USR_LOCAL}}/etc/ansible/ansible.cfg" regexp: "cfg$" dest: "{{BASE_SRC_ANSIBLE}}/ansible.cfg" ignore_errors: true diff --git a/tasks/base.yml b/tasks/base.yml index f661bbf..5b14918 100755 --- a/tasks/base.yml +++ b/tasks/base.yml @@ -54,32 +54,34 @@ - name: base /usr/local/src/usr_local_src.bash copy: - src: /usr/local/src/usr_local_src.bash - dest: /usr/local/src/usr_local_src.bash + src: "{{USR_LOCAL}}/src/usr_local_src.bash" + dest: "{{USR_LOCAL}}/src/usr_local_src.bash" mode: '0755' - + when: + - ansible_virtualization_role|replace('NA', 'host') != 'host' + - block: - name: /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} shell: | - [ -e /usr/local/bin/base_check_site_py.bash ] || exit 0 + [ -e {{USR_LOCAL}}/bin/base_check_site_py.bash ] || exit 0 export PYTHONPATH='' - /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} || exit 3$? + {{USR_LOCAL}}/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} || exit 3$? when: - "BASE_PYTHON3_MINOR != ''" - name: base /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} shell: | - [ -e /usr/local/bin/base_check_site_py.bash ] || exit 0 + [ -e {{USR_LOCAL}}/bin/base_check_site_py.bash ] || exit 0 export PYTHONPATH='' - /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} || exit 2$? + {{USR_LOCAL}}/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} || exit 2$? when: - "BASE_PYTHON2_MINOR != ''" # wierd error - fails under ansible but not at the command line rescue: - debug: - msg: "ERROR: WTF /usr/local/bin/base_check_site_py.bash" + msg: "ERROR: RESCUE WTF {{USR_LOCAL}}/bin/base_check_site_py.bash" check_mode: false tags: - always @@ -261,7 +263,7 @@ - name: "are we connected? - base_get_if.bash" shell: | ip route | grep -q ^default || exit 1$? - wlan=`/usr/local/bin/base_get_if.bash` || exit 3 + wlan=`{{USR_LOCAL}}/bin/base_get_if.bash` || exit 3 if [ -n "$wlan" ] ; then ifconfig "$wlan" | grep -q UP && echo $wlan || true else @@ -279,8 +281,8 @@ - name: "are we connected? - new wifi" shell: | ip route | grep -q ^default || exit 1$? - /usr/local/bin/proxy_ping_test.bash wifi || exit 2$? - wlan=`/usr/local/bin/base_get_if.bash` + {{USR_LOCAL}}/bin/proxy_ping_test.bash wifi || exit 2$? + wlan=`{{USR_LOCAL}}/bin/base_get_if.bash` echo $wlan register: wlan_up_no failed_when: false @@ -366,7 +368,7 @@ shell: | export BASE_PYTHON2_MINOR={{BASE_PYTHON2_MINOR}} export PYVER=2 - /usr/local/bin/pyver.sh + {{USR_LOCAL}}/bin/pyver.sh # sitecustomize is not getting made on 3.8 @@ -374,7 +376,7 @@ shell: | export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}} export PYVER=3 - /usr/local/bin/pyver.sh + {{USR_LOCAL}}/bin/pyver.sh # only site - not dist on Ubuntu? - name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py" @@ -406,7 +408,7 @@ shell: | export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}} export PYVER=3 - /usr/local/bin/pyver.sh + {{USR_LOCAL}}/bin/pyver.sh # only site - not dist on Ubuntu? - name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py" @@ -476,7 +478,7 @@ - name: "/usr/local/etc/local.d/Whonix-Lati.rc" lineinfile: - dest: /usr/local/etc/local.d/Whonix-Lati.rc + dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc" create: yes mode: 0770 insertafter: BOF @@ -485,7 +487,7 @@ - name: "/usr/local/etc/local.d/Whonix-Lati.rc" blockinfile: - dest: /usr/local/etc/local.d/Whonix-Lati.rc + dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc" create: yes mode: 0770 marker: "# {mark} ANSIBLE MANAGED BLOCK base initctl" @@ -506,7 +508,7 @@ cd $src || exit 1 [ -e "python{{ BASE_PYTHON2_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON2_MINOR }}" . [ -e "python{{ BASE_PYTHON3_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON3_MINOR }}" . - # our model is that user and group adm can pip install into /usr/local + # our model is that user and group adm can pip install into {{USR_LOCAL}} # failsafe but often required and not covered elsewhere chown -R "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" $src/python* $dest/python* chmod -R g+rw $src/python* $dest/python* @@ -522,7 +524,7 @@ i=$( expr $i + 1 ) [ -e /dev/loop$i ] && continue mknod /dev/loop$i b 7 $i - chown root.disk /dev/loop$i + chown root:disk /dev/loop$i chmod 660 /dev/loop$i done exit 0 @@ -541,11 +543,6 @@ - tmp check_mode: false - - name: base /usr/local/src/usr_local_base.bash - copy: - src: /usr/local/src/usr_local_base.bash - dest: /usr/local/src/usr_local_base.bash - mode: '755' # FixMe: change this to a user.yml; this should be run as vagrant and per sytem_user - name: "/usr/local/src/usr_local_base.sh" @@ -585,10 +582,11 @@ args: chdir: "{{BASE_USR_LOCAL}}/src" creates: - - "{{BASE_USR_LOCAL}}/bin/python2.sh" - "{{BASE_USR_LOCAL}}/bin/python3.sh" become: yes become_user: "{{ BOX_USER_NAME }}" + # FixMe + ignore_errors: true # FixMe: pip doesnt buy this - name: "make /usr/local/net/Cache/Pip" diff --git a/tasks/base_Gentoo.yml b/tasks/base_Gentoo.yml index 0c1873e..25fa24c 100755 --- a/tasks/base_Gentoo.yml +++ b/tasks/base_Gentoo.yml @@ -115,7 +115,7 @@ PYTHON_MINOR="$(eval echo \$$P)" grep -q $PYTHON_MINOR python$PYVER.conf || \ echo $PYTHON_MINOR >> python$PYVER.conf - cat /usr/local/etc/python-exec/python$PYVER-*.lis | while read file ; do + cat {{USR_LOCAL}}/etc/python-exec/python$PYVER-*.lis | while read file ; do [ -e $file.conf ] && continue ln -s python$PYVER.conf $file.conf done diff --git a/tasks/base_proxy.yml b/tasks/base_proxy.yml index 42dec06..2568816 100755 --- a/tasks/base_proxy.yml +++ b/tasks/base_proxy.yml @@ -1,7 +1,7 @@ # -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- --- -- name: "base base_proxy.yml BOX_OS_FLAVOR={{BOX_OS_FLAVOR}}" +- name: "base base_proxy.yml" debug: # verbosity: 1 msg: "base base_proxy.yml http_proxy={{http_proxy}} https_proxy={{https_proxy}} socks_proxy={{socks_proxy}}" @@ -14,7 +14,7 @@ socks_proxy: "socks5://127.0.0.1:9999" ftp_proxy: "socks5://127.0.0.1:9999" no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost') }}" - SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}" + SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem') }}" RSYNC_PROXY: "127.0.0.1:9999" TERM: linux @@ -74,7 +74,7 @@ ftp_proxy: "socks5://{{external_out.stdout}}:3128" # this network should come from inventory no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost,10.0.2.0/24') }}" - SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}" + SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem') }}" RSYNC_PROXY: "{{external_out.stdout}}:3128" when: - external_out.rc|default(1) == 0 diff --git a/tasks/bootstrap.yml b/tasks/bootstrap.yml index 86e9b3d..6cf620e 100755 --- a/tasks/bootstrap.yml +++ b/tasks/bootstrap.yml @@ -13,9 +13,9 @@ - name: boostrap bootstrap_chroot_kicksecure.bash shell: | - /usr/local/sbin/bootstrap_chroot_kicksecure.bash + {{USR_LOCAL}}/sbin/bootstrap_chroot_kicksecure.bash args: - creates: /usr/local/etc/ssl/cacert-testforge.pem + creates: "{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem" delegate_to: localhost when: - ansible_connection|default('') == 'chroot' @@ -45,9 +45,9 @@ if [ -x {{VAR_LOCAL}}/sbin/update_chroot.bash ]; then {{VAR_LOCAL}}/sbin/update_chroot.bash "$root/" pwd || \ { echo ERROR: {{VAR_LOCAL}}/sbin/update_chroot.bash $root/ pwd $? ; exit 3 ; } - elif [ -x /usr/local/sbin/base_chroot.bash ]; then - /usr/local/sbin/base_chroot.bash "$root/" pwd || \ - { echo ERROR: /usr/local/sbin/base_chroot.bash "$root/" pwd $? ; exit 4 ; } + elif [ -x {{USR_LOCAL}}/sbin/base_chroot.bash ]; then + {{USR_LOCAL}}/sbin/base_chroot.bash "$root/" pwd || \ + { echo ERROR: {{USR_LOCAL}}/sbin/base_chroot.bash "$root/" pwd $? ; exit 4 ; } fi i=$( df -a | sed -e 's/.* //'| sort -u | grep -c "$root" ) @@ -95,8 +95,8 @@ - name: boostrap bootstrap_wheels.bash copy: - src: /usr/local/sbin/bootstrap_wheels.bash - dest: /usr/local/sbin/bootstrap_wheels.bash + src: "{{USR_LOCAL}}/sbin/bootstrap_wheels.bash" + dest: "{{USR_LOCAL}}/sbin/bootstrap_wheels.bash" mode: '0755' - name: boostrap bootstrap_wheels.bash raw diff --git a/tasks/main.yml b/tasks/main.yml index b16c999..bf47e95 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -63,10 +63,38 @@ state: directory mode: 01777 with_items: + - /run/tmp - /var/tmp/.ansible - "{{BASE_LOG_DIR}}/pip" - "{{BASE_LOG_DIR}}/pip/pip2" - "{{BASE_LOG_DIR}}/pip/pip3" + - /usr/local/share/genkernel/overlay/bin + +- name: "/usr/local/etc/testforge/testforge.ini BOF" + lineinfile: + dest: "/usr/local/etc/testforge/testforge.ini" + insertbefore: BOF + mode: 0755 + owner: "{{BOX_ROOT_USER}}" + group: "{{BOX_ROOT_GROUP}}" + create: yes + regexp: "# -.- mode: sh; tab-width: 0; coding: utf-8-unix -.-" + line: "# -*- mode: sh; tab-width: 0; coding: utf-8-unix -*-" + +- name: /usr/local/etc/testforge/testforge.ini proxy + blockinfile: + dest: /usr/local/etc/testforge/testforge.ini + create: yes + marker: "# {mark} ANSIBLE MANAGED BLOCK ini [base]" + block: | + [base] + BASE_USER_NAME: "{{ BOX_USER_NAME }}" + BASE_USER_HOME: "{{ BOX_USER_HOME }}" + BASE_ALSO_GROUP: "{{ BOX_ALSO_GROUP }}" + BASE_ALSO_USERS: "{{BOX_ALSO_USERS}}" + BASE_USER_CONFIG_DIR: ".config/testforge" + BASE_PYTHON2_MINOR: "{{BASE_PYTHON2_MINOR}}" + BASE_PYTHON3_MINOR: "{{BASE_PYTHON3_MINOR}}" - name: "rsync base root_overlay" synchronize: @@ -134,24 +162,24 @@ cd /usr/local/src [ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \ [ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \ - [ -f /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \ - tar xvfz /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \ + [ -f {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \ + tar xvfz {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \ chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}} exit 0 - name: "patch /usr/local/" environment: "{{ shell_env }}" shell: | - cd /usr/local/patches/base || exit 1 + cd {{USR_LOCAL}}/patches/base || exit 1 # this vacuumns all diff files below the root {{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}} when: - item != '' - not ansible_check_mode + - false # FixMe not up to date with_items: - usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}} - - name: chown vagrant ~vagrant environment: "{{ shell_env }}" shell: | @@ -166,6 +194,55 @@ # not root - "{{ base_system_users }}" check_mode: false + +- block: + + - name: "make vagrant RO directories base" + file: + path: "{{ item|expanduser }}" + state: directory + owner: "{{ BOX_USER_NAME }}" + mode: 0700 + with_items: + - "{{ BOX_USER_HOME }}/.cache" + - "{{ BOX_USER_HOME }}/.config" + - "{{ BOX_USER_HOME }}/.gpg" + - "{{ BOX_USER_HOME }}/.local/lib" + - "{{ BOX_USER_HOME }}/.ssh" + + - name: "I think this is right make .local symlinks lib dirs" + file: + src: "{{ item.src | expanduser }}" + dest: "{{ item.dest | expanduser }}" + state: link + with_items: + - dest: "{{ BOX_USER_HOME }}/.local/lib64" + src: "{{ BOX_USER_HOME }}/.local/lib" + mode: "0755" + - dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON3_MINOR}}" + src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON3_MINOR}}" + mode: "0755" + - dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON2_MINOR}}" + src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON2_MINOR}}" + mode: "0755" + ignore_errors: true + + - name: "make vagrant RO files base" + copy: + dest: "{{ BOX_USER_HOME }}/{{ item }}" + src: "{{ lookup('env','HOME') }}/{{ item }}" + force: no + mode: 0600 + with_items: + - ".bashrc" + - ".bash_profile" + ignore_errors: true + # template or skel this + + when: + - not ansible_check_mode + + # libvirt become is not working? - name: openssl.cnf cacert.pem # FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt diff --git a/tasks/qerc_user.yml b/tasks/qerc_user.yml index a856d03..8ba0927 100644 --- a/tasks/qerc_user.yml +++ b/tasks/qerc_user.yml @@ -79,5 +79,5 @@ rescue: - debug: - msg: "WARN: error including ~/QeRcUser.yaml" + msg: "WARN: RESCUE error including ~/QeRcUser.yaml" diff --git a/tasks/users.yml b/tasks/users.yml index f7b084a..7c895bc 100644 --- a/tasks/users.yml +++ b/tasks/users.yml @@ -21,7 +21,6 @@ # msg: Unexpected failure during module execution. ignore_errors: true - - name: ln -s 1777 /var/tmp/.ansible shell: | [ ! -d /var/tmp/.ansible ] && mkdir /var/tmp/.ansible && chmod 1777 /var/tmp/.ansible @@ -47,19 +46,11 @@ - "~{{LOOP_USER}}/.config" - "~{{LOOP_USER}}/.gpg" - "~{{LOOP_USER}}/.local" + - "~{{LOOP_USER}}/.local/lib" - "~{{LOOP_USER}}/.ssh" - - name: "make vagrant RO files base" - copy: - dest: "{{ item|expanduser }}" - src: "{{ item|expanduser }}" - force: yes - mode: 0600 - with_items: - - "~{{LOOP_USER}}/.bashrc" - - "~{{LOOP_USER}}/.bash_profile" - # template or skel this - when: false +# - name: "make vagrant RO files base" +# template or skel this - block: @@ -162,7 +153,7 @@ # and TESTFORGE_VERSION|default('') != '' rescue: - debug: - msg: "ERROR: reading in testforge_user_yml_file " + msg: "ERROR: RESCUE reading in testforge_user_yml_file " check_mode: false @@ -185,30 +176,16 @@ dest: "{{ item.dest | expanduser }}" state: link with_items: - - src: "/usr/local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}" + - src: "{{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON2_MINOR}}" dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}" - - src: "/usr/local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}" + - src: "{{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON3_MINOR}}" dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}" - - src: "/usr/local/bin" + - src: "{{USR_LOCAL}}/bin" dest: "~{{LOOP_USER}}/.local/bin" when: - not ansible_check_mode -- name: "I think this is right make .local symlinks lib64 dirs" - file: - src: "{{ item.src | expanduser }}" - dest: "{{ item.dest | expanduser }}" - state: link - with_items: - - dest: "~{{LOOP_USER}}/.local/lib" - src: "~{{LOOP_USER}}/.local/lib64" - mode: "0755" - ignore_errors: true - when: - - not ansible_check_mode - - "BASE_LIB == 'lib64'" - -- name: "I think this is right make .local symlinks lib dirs" +- name: "I think this is right" file: src: "{{ item.src | expanduser }}" dest: "{{ item.dest | expanduser }}" @@ -220,4 +197,5 @@ ignore_errors: true when: - not ansible_check_mode - - "BASE_LIB == 'lib'" + - "BASE_LIB == 'lib64'" +