This commit is contained in:
emdee 2024-01-09 15:39:19 +00:00
parent 6b4fca0353
commit ddb600ead2
34 changed files with 770 additions and 343 deletions

View File

@ -0,0 +1,28 @@
#!/bin/sh
ROLE=gpgkey
cd /usr/local/share/genkernel/overlay
[ -d dev ] || mkdir dev
cd dev
[ -e urandom ] || mknod urandom c 1 9
chmod 666 urandom
cd ..
[ -d sbin ] || mkdir sbin
cd sbin
[ -f staticgpggrid ] || cp -p /usr/local/bin/staticgpggrid .
[ -f staticgpg ] || cp -p /usr/local/bin/staticgpg .
chmod 755 static*
cd ..
cd /
cat /usr/local/share/genkernel/overlay.list | \
tar cf - -T - \
tar xvf - -C /usr/local/share/genkernel/overlay
find -L /usr/local/share/genkernel/overlay -type l
exit 0

View File

@ -0,0 +1,43 @@
bin/busybox
bin/keyctl
bin/kmod
bin/lsmod
bin/nano
etc/conf.d/keymaps
etc/keymaps/linux-with-altgr.inc
etc/keymaps/us.map
etc/modprobe.d/blacklist.conf
lib/ld-linux.so.2
lib64/ld-linux-x86-64.so.2
lib64/libacl.so.1
lib64/libacl.so.1.1.2301
lib64/libblkid.so.1
lib64/libblkid.so.1.1.0
lib64/libc.so.6
lib64/libcap.so.2
lib64/libcap.so.2.65
lib64/libkmod.so.2
lib64/libkmod.so.2.4.0
lib64/liblzma.so.5
lib64/liblzma.so.5.2.5
lib64/libm.so.6
lib64/libpthread.so.0
lib64/libz.so.1
lib64/libz.so.1.2.12
lib64/libzstd.so.1
lib64/libzstd.so.1.5.2
sbin/e2label
sbin/fdisk
sbin/modprobe
sbin/tune2fs
usr/bin/clear
usr/bin/mg
usr/bin/ntfs-3g
usr/local/bin/gridfire.pyi
usr/local/bin/staticgpg
usr/local/bin/staticgpggrid
usr/share/consolefonts/ter-v24b.psf.gz
usr/share/consolefonts/ter-v28b.psf.gz
usr/share/keymaps/i386/include/euro.map.gz
usr/share/keymaps/i386/include/qwerty-layout.inc
usr/share/keymaps/include/compose.latin

View File

@ -3,6 +3,7 @@
prog=$( basename $0 .bash ) prog=$( basename $0 .bash )
ROLE=base ROLE=base
PYVER=3
LOG_DIR=/usr/local/var/logs/portage LOG_DIR=/usr/local/var/logs/portage
[ -d $LOG_DIR ] || mkdir -p $LOG_DIR [ -d $LOG_DIR ] || mkdir -p $LOG_DIR
@ -37,15 +38,16 @@ LARGS="$LARGS --noreplace"
# LARGS="$LARGS --exclude " # LARGS="$LARGS --exclude "
LOG=$LOG_DIR/$LOG LOG=$LOG_DIR/$LOG
export PYTHONPATH= export PYTHONPATH=
echo INFO: $LARGS $ARGS >> $LOG 2>&1 echo INFO: emerge $LARGS $ARGS |tee -a $LOG >&2
nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 nice python$PYVER $( which emerge ) $LARGS $ARGS >> $LOG 2>&1
[ $? -ne 0 ] && exit $? retval=$?
[ $retval -ne 0 ] && echo ERROR: $retval $LOG && tail $LOG && exit $retval
if grep ImportError $LOG ; then if grep ImportError $LOG ; then
echo ERROR: ImportError $ARGS && exit 10 echo ERROR: ImportError $LOG && exit 10
elif grep ParseError $LOG ; then elif grep ParseError $LOG ; then
echo ERROR: ParseError $ARGS && exit 11 echo ERROR: ParseError $LOG && exit 11
elif grep 'Your current profile is invalid' $LOG ; then elif grep 'Your current profile is invalid' $LOG ; then
echo ERROR: Your current profile is invalid $ARGS && exit 12 echo ERROR: Your current profile is invalid $LOG && exit 12
fi fi
exit 0 exit 0

View File

@ -27,7 +27,7 @@ gpg2 --verify --keyring $keyf $BASE_PORTDIR/Manifest >/tmp/K$$.log 2>&1 || exit
grep 'using RSA key' /tmp/K$$.log || exit 4 grep 'using RSA key' /tmp/K$$.log || exit 4
grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5 grep 'Primary key fingerprint:' /tmp/K$$.log | sed -e 's/.*: //' -e 's/ //g' > /tmp/K$$.key || exit 5
if route | grep -q ^default ; then if grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
. /root/bin/tor.sh . /root/bin/tor.sh
wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0 wget -O /tmp/K$$.html https://www.gentoo.org/downloads/signatures/ || exit 0
grep "`cat /tmp/K$$.key`" /tmp/K$$.html || { grep "`cat /tmp/K$$.key`" /tmp/K$$.html || {

View File

@ -0,0 +1,28 @@
#!/bin/sh
ROLE=gpgkey
cd /usr/local/share/genkernel/overlay
[ -d dev ] || mkdir dev
cd dev
[ -e urandom ] || mknod urandom c 1 9
chmod 666 urandom
cd ..
[ -d sbin ] || mkdir sbin
cd sbin
[ -f staticgpggrid ] || cp -p /usr/local/bin/staticgpggrid .
[ -f staticgpg ] || cp -p /usr/local/bin/staticgpg .
chmod 755 static*
cd ..
cd /
cat /usr/local/share/genkernel/overlay.list | \
tar cf - -T - \
tar xvf - -C /usr/local/share/genkernel/overlay
find -L /usr/local/share/genkernel/overlay -type l
exit 0

View File

@ -0,0 +1,43 @@
bin/busybox
bin/keyctl
bin/kmod
bin/lsmod
bin/nano
etc/conf.d/keymaps
etc/keymaps/linux-with-altgr.inc
etc/keymaps/us.map
etc/modprobe.d/blacklist.conf
lib/ld-linux.so.2
lib64/ld-linux-x86-64.so.2
lib64/libacl.so.1
lib64/libacl.so.1.1.2301
lib64/libblkid.so.1
lib64/libblkid.so.1.1.0
lib64/libc.so.6
lib64/libcap.so.2
lib64/libcap.so.2.65
lib64/libkmod.so.2
lib64/libkmod.so.2.4.0
lib64/liblzma.so.5
lib64/liblzma.so.5.2.5
lib64/libm.so.6
lib64/libpthread.so.0
lib64/libz.so.1
lib64/libz.so.1.2.12
lib64/libzstd.so.1
lib64/libzstd.so.1.5.2
sbin/e2label
sbin/fdisk
sbin/modprobe
sbin/tune2fs
usr/bin/clear
usr/bin/mg
usr/bin/ntfs-3g
usr/local/bin/gridfire.pyi
usr/local/bin/staticgpg
usr/local/bin/staticgpggrid
usr/share/consolefonts/ter-v24b.psf.gz
usr/share/consolefonts/ter-v28b.psf.gz
usr/share/keymaps/i386/include/euro.map.gz
usr/share/keymaps/i386/include/qwerty-layout.inc
usr/share/keymaps/include/compose.latin

View File

@ -0,0 +1,52 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
# retval on stdout - messages on stderr
. /usr/local/bin/usr_local_tput.bash
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=base
AnsI=AnsI
# quiet
[ "$#" -eq 0 ] && exit 1
VARIABLE=$1
shift
[ "$#" -eq 0 ] && base=`hostname` || base=$1
base=gentoo1
[ -f $PREFIX/etc/testforge/testforge.bash ] && . $PREFIX/etc/testforge/testforge.bash
[ -n "$PLAY_ANSIBLE_SRC" ] || PLAY_ANSIBLE_SRC=$BASE_ANSIBLE_SRC
[ -z "$PLAY_ANSIBLE_SRC" ] && ERROR export "PLAY_ANSIBLE_SRC" >&2 && exit 3
[ ! -d "$PLAY_ANSIBLE_SRC" ] && ERROR ! -d "PLAY_ANSIBLE_SRC" >&2 && exit 4
[ ! -f "$PLAY_ANSIBLE_SRC"/hosts.yml ] && ERROR ! -f "PLAY_ANSIBLE_SRC"/hosts.yml >&2 && exit 4
DBUG ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$PLAY_ANSIBLE_SRC \
--host=$base >&2
ansible-inventory -i $PLAY_ANSIBLE_SRC/hosts.yml \
--playbook-dir=$PLAY_ANSIBLE_SRC \
--host=$base >> /tmp/${AnsI}$$.json 2> /tmp/${AnsI}$$.err
retval=$?
if [ $retval -eq 0 ] ; then
[ ! -s /tmp/${AnsI}$$.json ] && ERROR empty /tmp/${AnsI}$$.json >&2 && exit 4
#!? export
VALUE=`jq .$VARIABLE < /tmp/${AnsI}$$.json | sed -e 's/,//'|xargs echo`
jretval=$?
if [ $jretval -eq 0 ] ; then
[ -n "$DEBUG" ] && DBUG "$prog base=$base VALUE=$VALUE" >&2
[ "$VALUE" = "null" ] && VALUE=""
echo -n "$VALUE"
else
WARN $VARIABLE jretval=$jretval /tmp/${AnsI}$$.json >&2
fi
else
ERROR $VARIABLE retval=$retval /tmp/${AnsI}$$.json /tmp/${AnsI}$$.err >&2
cat /tmp/${AnsI}$$.err >&2
exit 8
fi
# rm -f /tmp/${AnsI}$$.json
exit 0

View File

@ -0,0 +1,9 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; coding: utf-8-unix -*-
ROLE=base
prog=$( basename $0 .bash )
export ANSIBLE_CONFIG=/o/data/TestForge/src/ansible
/usr/local/bin/python3.sh /usr/local/bin/ansible "$@"

View File

@ -86,5 +86,5 @@ python$PYMAJ $PREFIX/$LIB/python$PYTHON_MINOR/site-packages/sitecustomize.py ||
exit 0 exit 0
# [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2 # [ $( python2.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python2.sh ] || exit 2
# [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3 # [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = {{BASE_USR_LOCAL}}/bin/python3.sh ] || exit 3
# [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python2.bash ] || exit 22 # [ $( python2.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON2_MINOR}}/site-packages/sitecustomize.py ) = $PREFIX/bin/python2.bash ] || exit 22
# [ $( python3.bash {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = /var/local/bin/python3.bash ] || exit 33 # [ $( python3.sh {{BASE_USR_LOCAL}}/$LIB/python{{BASE_PYTHON3_MINOR}}/site-packages/sitecustomize.py ) = $PREFIX/bin/python3.sh ] || exit 33

View File

@ -17,7 +17,7 @@ for elt in $PATH ; do
done done
IFS=' ' IFS=' '
elt=/var/local/bin elt=$PREFIX/bin
[[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt" [[ "$N" =~ (^|:)"${elt}"(:|$) ]] || N="$N:$elt"
echo $N echo $N

View File

@ -74,8 +74,8 @@ done
elt=doctest3 elt=doctest3
if [ $MYID -ne 0 ] ; then if [ $MYID -ne 0 ] ; then
/var/local/bin/testforge_python_doctest3.bash \ $PREFIX/bin/testforge_python_doctest3.bash \
/var/local/share/doc/txt/base3.txt \ $PREFIX/share/doc/txt/base3.txt \
> "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG > "$LOG_DIR"/$elt$$.log 2>&1 || ERROR $elt >> $ELOG
fi fi

View File

@ -25,7 +25,7 @@ find $LOG_DIR/*${prog}_${ly}*.log -ctime +2 -delete
ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG ansible-inventory 2>> $WLOG || ERROR ansible-inventory $? >> $ELOG
if ip route | grep -v ^def ; then if ip route | grep -q ^def ; then
gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$? gpg-connect-agent --dirmngr 'keyserver --hosttable' /bye || exit 3$?
dirmngr-client -v --ping </dev/null || exit 4$? dirmngr-client -v --ping </dev/null || exit 4$?
fi fi

View File

@ -44,7 +44,7 @@ PKGS=
ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@") ARGS=$(getopt --options $SHORTOPTS --longoptions $LONGOPTS -- "$@")
[ $? != 0 ] && exitWithErrMsg 1 "Aborting." [ $? != 0 ] && exitWithErrMsg 1 "Aborting."
route | grep -q ^default || exitWithErrMsg 2 "We are not connected: Aborting." grep -q "^wlan[1-9][ ]00000000" /proc/net/route || exitWithErrMsg 2 "We are not connected: Aborting."
eval set -- "$ARGS" eval set -- "$ARGS"

View File

@ -3,7 +3,7 @@
shopt -s nullglob || { ERROR use bash ; exit 1 ; } shopt -s nullglob || { ERROR use bash ; exit 1 ; }
. /usr/local/bin/usr_local_tput.bash || exit 2 . /usr/local/bin/usr_local_tput.bash || exit 2
. /usr/local/bin/usr_local_base.bash || exit 3 # . /usr/local/bin/usr_local_base.bash || exit 3
ROLE=base ROLE=base
PREFIX=/usr/local PREFIX=/usr/local
@ -14,10 +14,10 @@ if [ -f /usr/local/etc/testforge/testforge.bash ] ; then
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1 . /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR" P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)" PYTHON_MINOR="$(eval echo \$$P)"
fi else
[ -n "$PYTHON_MINOR" ] || \ [ -n "$PYTHON_MINOR" ] || \
PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' ) PYTHON_MINOR=$( python$PYVER --version 2>&1| sed -e 's@^.* @@' -e 's@\.[0-9]*$@@' )
fi
[ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib [ -z "$LIB" -a -d $PREFIX/lib/python$PYTHON_MINOR/site-packages ] && LIB=lib
[ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64 [ -z "$LIB" -a -d $PREFIX/lib64/python$PYTHON_MINOR/site-packages ] && LIB=lib64
@ -63,7 +63,8 @@ fi
[[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS" [[ "$*" =~ "--timeout" ]] || [[ $LARGS =~ "--timeout" ]] || LARGS="--timeout=30 $LARGS"
[[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS" [[ "$*" =~ '--disable-pip-version-check' ]] || LARGS="--disable-pip-version-check $LARGS"
[[ "$*" =~ '--proxy' ]] || LARGS="$LARGS --proxy http://localhost:3128" [[ "$*" =~ '--proxy' ]] || [ -z "$https_proxy" ] || \
LARGS="$LARGS --proxy $https_proxy"
MYID=$( id -u ) MYID=$( id -u )
if [ "$1" = 'uninstall' ] ; then if [ "$1" = 'uninstall' ] ; then
@ -74,7 +75,7 @@ elif [ "$1" = 'install' ] ; then
shift shift
RARGS="$RARGS --progress-bar=off" RARGS="$RARGS --progress-bar=off"
# LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh" # LARGS="$LARGS --python=/usr/local/bin/python$PYTHON_MINOR.sh"
/usr/local/bin/proxy_ping_test.bash wifi # || exit 3$? # /usr/local/bin/proxy_ping_test.bash wifi # || exit 3$?
# Can not combine '--user' and '--prefix' # Can not combine '--user' and '--prefix'
if true ; then # >9.0.1 if true ; then # >9.0.1
if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then if [[ $RARGS =~ "--prefix=$PREFIX" ]] ; then

View File

@ -11,7 +11,10 @@ PYVER=3
. /usr/local/bin/proxy_ping_lib.bash || \ . /usr/local/bin/proxy_ping_lib.bash || \
{ ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; } { ERROR loading /usr/local/bin/proxy_ping_lib.bash ; exit 6; }
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
PL=/usr/local/bin/proxy_libvirt_lib.bash PL=/usr/local/bin/proxy_libvirt_lib.bash
declare -a tests declare -a tests
which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0 which traceroute 2>/dev/null >/dev/null && HAVE_TRACEROUTE=1 || HAVE_TRACEROUTE=0
@ -20,22 +23,19 @@ which nslookup 2>/dev/null >/dev/null && HAVE_NSLOOKUP=1 || HAVE_NSLOOKUP=0
which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0 which tor-resolve 2>/dev/null >/dev/null && HAVE_TOR_RESOLVE=1 || HAVE_TOR_RESOLVE=0
[ -z "$prog" ] || prog=proxy_ping_test [ -z "$prog" ] || prog=proxy_ping_test
proxy_ping_get_socks >/dev/null SOCKS_PAIR=`proxy_ping_get_socks`
[ -z "$SOCKS_HOST" ] && SOCKS_HOST=127.0.0.1 [ -z "$SOCKS_HOST" ] && SOCKS_HOST=`echo $SOCKS_PAIR|sed -e 's/:.*//'`
[ -z "$SOCKS_PORT" ] && SOCKS_PORT=9050 [ -z "$SOCKS_PORT" ] && SOCKS_PORT=`echo $SOCKS_PAIR|sed -e 's/.*://'`
[ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053 [ -z "$SOCKS_DNS" ] && SOCKS_DNS=9053
HTTPS_PORT=9128 HTTPS_PORT=`echo $HTTPS_PAIR|sed -e 's/.*://'`
HTTPS_HOST=127.0.0.1 HTTPS_HOST=`echo $HTTPS_PAIR|sed -e 's/:.*//'`
proxy_ping_get_https >/dev/null HTTPS_PAIR=`proxy_ping_get_https`
[ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1 [ -z "$HTTPS_HOST" ] && HTTPS_HOST=127.0.0.1
HTTP_PORT=3128 HTTP_PAIR=`proxy_ping_get_http`
HTTP_PROXY_HOST=127.0.0.1 HTTP_PORT=`echo $HTTP_PAIR|sed -e 's/.*://'`
proxy_ping_get_http >/dev/null HTTP_HOST=`echo $HTTP_PAIR|sed -e 's/:.*//'`
[ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1 [ -z "$HTTP_HOST" ] && HTTP_HOST=127.0.0.1
[ -f $PREFIX/etc/testforge/testforge.bash ] && \
. /usr/local/etc/testforge/testforge.bash >/dev/null || exit 1
P="BASE_PYTHON${PYVER}_MINOR" P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)" PYTHON_MINOR="$(eval echo \$$P)"
[ -n "$PYTHON_MINOR" ] || \ [ -n "$PYTHON_MINOR" ] || \
@ -65,14 +65,14 @@ TIMEOUT=30
[ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway" [ -n "$GATEW_DOM" ] || GATEW_DOM="Whonix-Gateway"
DNS_HOST1="208.67.220.220" DNS_HOST1="208.67.220.220"
DNS_HOST2="8.8.8.8"ggggg DNS_HOST2="1.1.1.1"
[ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39 [ -n "$DNS_TARGET" ] || DNS_TARGET=www.whatismypublicip.com # 108.160.151.39
[ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39 [ -n "$HTTP_TARGET" ] || HTTP_TARGET=www.whatismypublicip.com # 108.160.151.39
HTTP_TARGET=www.whatismypublicip.com HTTP_TARGET=www.whatismypublicip.com
# time.nist.gov 132.163.97.3 # time.nist.gov 132.163.97.3
NTP_HOST1=132.163.97.3 NTP_HOST1=132.163.97.3
# pool.ntp.org 78.46.53.2 # pool.ntp.org 78.46.53.2 205.206.70.7
NTP_HOST2=78.46.53.2 NTP_HOST2=78.46.53.2
# --no-check-certificate # --no-check-certificate
WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null" WGET="wget --tries=1 --max-redirect=0 --timeout=$TIMEOUT -O /dev/null"
@ -103,6 +103,113 @@ DNS_HOST=$SOCKS_HOST
[ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin [ -z "$PRIV_BIN_OWNER" ] && PRIV_BIN_OWNER=bin
[ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 ) [ -z "$PRIV_BIN_GID" ] && PRIV_BIN_GID=$( grep ^$PRIV_BIN_OWNER /etc/passwd|cut -d: -f 4 )
PROXY_GPG_KEYSERVER=keys.openpgp.org
declare -a GPG_KEYSERVERS=(
hkp://$PROXY_GPG_KEYSERVER
hkp://gpg.mit.edu
hkp://keys.gnupg.net
)
## proxy_test_dirmngr
proxy_test_dirmngr () {
[ $# -eq 0 ] && set -- "${GPG_KEYSERVERS[@]}"
DBUG proxy_test_dirmngr MODE=$MODE $* ;
# shellcheck disable=SC2154
[ -z "$ELOG" ] && ELOG=/tmp/proxy_test_dirmngr$$.err
# shellcheck disable=SC2154
[ -z "$WLOG" ] && WLOG=/tmp/proxy_test_dirmngr$$.log
[ -h /usr/bin/dirmngr ] || {
WARN /usr/bin/dirmngr not a symlink
#fixed? return 2
}
grep ^hkp-cacert /etc/dirmngr/dirmngr.conf | while read a b; do
[ -f $b ] || WARN file not found $b in /etc/dirmngr/dirmngr.conf
done
/usr/bin/dirmngr --version </dev/null >/dev/null && \
INFO /usr/bin/dirmngr working --version || {
ERROR /usr/bin/dirmngr not working --version
return 3
}
# grep ^OK
DM=`grep ' keyserver ' /etc/dirmngr/dirmngr.conf | head -1 | sed -e 's/.* //'`
grep -q "^wlan[1-9][ ]00000000" /proc/net/route || {
DBUG not connected
return 0
}
echo 'loadswdb --force' /bye | \
gpg-connect-agent --dirmngr \
>/tmp/GpgL$$.tmp 2>&1
retval=$?
[ $retval -ne 0 ] && \
WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye /tmp/GpgL$$.tmp && \
cat /tmp/GpgL$$.tmp && \
# return 5$retval
! grep -q OK /tmp/GpgL$$.tmp && \
WARN gpg-connect-agent --dirmngr 'loadswdb --force' /bye OK not found /tmp/GpgL$$.tmp && \
# return 6$retval
INFO elt=gpg-connect-agent --dirmngr 'loadswdb --force' OK
rm -f /tmp/GpgL$$.tmp
# gpg-connect-agent --dirmngr 'help keyserver' /bye
echo 'keyserver --resolve' /bye | \
gpg-connect-agent --dirmngr \
>/tmp/GpgG$$.tmp 2>&1
retval=$?
grep 'ERR\|failed:' /tmp/GpgG$$.tmp >> $ELOG && \
ERROR gpg-connect-agent $elt `tail -1 $ELOG` && \
return 10
grep -q ^S /tmp/GpgG$$.tmp || { \
WARN gpg-connect-agent 'keyserver' no S /tmp/GpgG$$.tmp && \
return 8$retval
}
INFO elt=gpg-connect-agent 'keyserver --resolve' S
cat /tmp/GpgG$$.tmp
rm -f /tmp/GpgG$$.tmp
if [ ! -d /root/.emacs.d/elpa/gnupg ] || \
! ps ax | grep -q -e '--homedir /root/.emacs.d/elpa/gnupg' ; then
WARN no running /root/.emacs.d/elpa/gnupg agent
else
INFO running /root/.emacs.d/elpa/gnupg agent
echo keyserver --resolve | \
gpg-connect-agent --dirmngr \
--homedir /root/.emacs.d/elpa/gnupg \
>/tmp/GpgC$$.tmp 2>&1
retval=$?
if grep 'ERR\|failed:' /tmp/GpgC$$.tmp >> $ELOG ; then
WARN /root/.emacs.d/elpa/gnupg gpg-connect-agent `tail -1 $ELOG` && \
cat /tmp/GpgC$$.tmp
else
INFO elt=gpg-connect-agent
cat /tmp/GpgC$$.tmp
rm -f /tmp/GpgC$$.tmp
fi
fi
return 0
}
## proxy_test_privoxy_test
proxy_test_privoxy_test () { DBUG proxy_test_privoxy_test $* ;
return 0
/etc/init.d/privoxy status || /etc/init.d/privoxy start
/etc/init.d/privoxy status && \
DBUG /etc/init.d/privoxy running || {
WARN /etc/init.d/privoxy not running $PROXY_HTTP_PROXY_PORT
}
# /usr/local/bin/proxy_ping_test.bash 3128
netstat -nlpe4 | grep -q :$PROXY_HTTP_PROXY_PORT || {
ERROR /etc/init.d/privoxy not working $PROXY_HTTP_PROXY_PORT
return 4
}
INFO elt=/etc/init.d/privoxy working $PROXY_HTTP_PROXY_PORT
return 0
}
## proxy_test_netstat_dns ## proxy_test_netstat_dns
proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ; proxy_test_netstat_dns () { DBUG proxy_test_netstat_dns $* ;
$NETS | grep -q ":53" $NETS | grep -q ":53"
@ -119,7 +226,7 @@ proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
retval=$? retval=$?
[ $retval -eq 0 ] && return 0 [ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval traceroute --icmp $PROXY_WLAN_GW
[ -z "$ALL" ] && exit $ARG$retval || return 1 [ -z "$ALL" ] && exit "$ARG$retval" || return 1
# works # works
GREP="-i icmp" GREP="-i icmp"
return 0 return 0
@ -128,7 +235,7 @@ proxy_test_traceroute_icmp_gw () { DBUG proxy_test_traceroute_icmp_gw $* ;
## proxy_test_dig_direct ## proxy_test_dig_direct
proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ; proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
dig @$DNS_HOST1 pool.ntp.org +timeout=$TIMEOUT >/dev/null dig @$DNS_HOST1 $NTP_HOST2 +timeout=$TIMEOUT >/dev/null
retval=$? retval=$?
[ $retval -eq 0 ] && return 0 [ $retval -eq 0 ] && return 0
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1 ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig @$DNS_HOST1
@ -140,8 +247,8 @@ proxy_test_dig_direct () { DBUG proxy_test_dig_direct $* ;
return 0 return 0
} }
## proxy_test_curl_firewall_bin ## proxy_test_curl_firewall_asbin
proxy_test_curl_firewall_bin () { DBUG proxy_test_curl_firewall_bin $* ; proxy_test_curl_firewall_asbin () { DBUG proxy_test_curl_firewall_asbin $* ;
su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null su -c "$CURL -k --noproxy '*' https://$HTTP_TARGET" -s /bin/sh $PRIV_BIN_OWNER >/dev/null
retval=$? retval=$?
[ $retval -eq 0 ] && return 0 [ $retval -eq 0 ] && return 0
@ -164,7 +271,7 @@ proxy_ping_curl () { DBUG proxy_ping_curl $* ;
## proxy_ping_make_help ## proxy_ping_make_help
proxy_ping_make_help () { proxy_ping_make_help () {
grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \ grep 'tests\[[0-9][0-9]*\]=' /usr/local/bin/proxy_ping_test.bash \
> /tmp/proxy_ping_test.hlp > /tmp/proxy_ping_test-$USER.hlp
return 0 return 0
} }
@ -260,7 +367,7 @@ proxy_test_pretest_exit () {
{ WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; } { WARN $prog proxy_ping_test_resolv=$? 'echo nameserver 127.0.0.1 > /etc/resolv.conf' ; exit 4 ; }
proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; } proxy_ping_firewall_start || { ERROR "proxy_ping_firewall_start ret=$?" ; exit 5 ; }
elif [ "$1" = nat ] ; then elif [ "$1" = nat ] ; then
: proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; } proxy_route_test || { ERROR $prog route not connected ; exit 1$? ; }
else else
proxy_do_ping || exit 4$? proxy_do_ping || exit 4$?
proxy_ping_test_resolv $MODE || \ proxy_ping_test_resolv $MODE || \
@ -276,19 +383,19 @@ proxy_test_help_args () {
declare -a elts=() declare -a elts=()
declare -a ret=() declare -a ret=()
local elt local elt
if [ "$1" = selektor -o "$1" = whonix -o "$1" = torhost ] ; then if [ "$1" = selektor -o "$1" = torhost ] ; then
elts=($1 socks http dns https tordns firefail) elts=($1 socks dns http https dirmngr tordns firefail)
elif [ "$1" = torlibvirthost ] ; then elif [ "$1" = torlibvirthost -o "$1" = whonix ] ; then
elts=($1 libvirthost socks http https tordns firefail) elts=(libvirthost socks http https dirmngr tordns firefail)
elts+=($MODE) elts+=($MODE)
elif [ "$1" = gateway ] ; then elif [ "$1" = gateway -o "$1" = nat ] ; then
elts=($1 libvirtguest socks dns http https firefail) elts=($1 libvirtguest socks dns http https dirmngr firefail)
else else
elts=($1) elts=($1)
fi fi
for elt in "${elts[@]}" ; do for elt in "${elts[@]}" ; do
# DBUG proxy_test_help_args $elt $1 >&2 # DBUG proxy_test_help_args $elt $1 >&2
ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test.hlp | \ ret+=( $(grep " -.* $elt " /tmp/proxy_ping_test-$USER.hlp | \
sed -e 's/.=.*//' -e 's/.*tests.//') ) sed -e 's/.=.*//' -e 's/.*tests.//') )
done done
DBUG proxy_test_help_args "${ret[@]}" >&2 DBUG proxy_test_help_args "${ret[@]}" >&2
@ -302,22 +409,17 @@ proxy_ping_test_set_args () {
local args="$@" local args="$@"
local val="$@" local val="$@"
declare -a aret=() declare -a aret=()
rm -f /tmp/proxy_ping_test.hlp rm -f /tmp/proxy_ping_test-$USER.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help [ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help
## to_tor - tor with the firewall host side client setup tor server - call tor,dns,ntp in addition
## to_tor - tor with the firewall host side client setup tor server - gateway
[ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] && [ "$1" = to_tor -o "$1" = test_tor -o "$1" = test_to ] &&
aret=( 6 13 16 ) && \ aret=( 6 13 16 ) && \
! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv ! proxy_ping_test_env && WARN to_tor and no proxy in env - use noenv
## vda - through the Gateway with the firewall - also polipo,panic - uses env
[ "$1" = vda ] &&
aret=( 35 3 20 ) #
## kick - open firewall with tor running - call dns,polipo +tor in addition ## kick - open firewall with tor running - call dns,polipo +tor in addition
[ "$1" = kick -o "$1" = host ] && [ "$1" = kick -o "$1" = host ] &&
aret=( 24 31 13 16 6 )# 30 24 31 6 13 16 aret=( 24 31 13 16 6 )# 30 24 31 6 13 16
## gateway - on the Gateway, trans firewall with tor running - call dns in addition
[ "$1" = gateway ] &&
aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
# aliases # aliases
# socks defines http as the target of a user using socks # socks defines http as the target of a user using socks
@ -331,37 +433,64 @@ proxy_ping_test_set_args () {
# tordns defines http as the target of a user using tordns # tordns defines http as the target of a user using tordns
[ "$1" = "9053" ] && set -- tordns [ "$1" = "9053" ] && set -- tordns
# old aliases
[ "$1" = scan ] && set -- iwlist [ "$1" = scan ] && set -- iwlist
[ "$1" = panic ] && set -- firewall [ "$1" = panic ] && set -- firewall
[ "$1" = asbin ] && set -- firewall
[ "$1" = to_gateway ] && set -- whonix [ "$1" = to_gateway ] && set -- whonix
[ "$1" = from_tor ] && set -- whonix [ "$1" = from_tor ] && set -- whonix
[ "$1" = from_gateway ] && set -- gateway [ "$1" = from_gateway ] && set -- gateway
[ "$1" = to_tor ] && set -- gateway
[ "$1" = workstation ] && set -- ws
[ "$1" = traceroute ] && set -- = trace [ "$1" = traceroute ] && set -- = trace
[ "$1" = connected ] && set -- wifi [ "$1" = connected ] && set -- wifi
[ "$1" = clear ] && set -- direct [ "$1" = clear ] && set -- direct
[ "$1" = tor ] && set -- torhost
# scenarios - modes: nat selektor # scenarios - modes: nat selektor
## nat - through the Gateway via the nat
[ "$1" = nat ] && \
set -- ping dns socks http https tordns firefail libvirtguest
# wifi? # wifi?
[ "$1" = whonix ] && \ ## nat - through the Gateway via the nat
set -- ping tordns dns socks http https torhost tordns firefail gw if [ "$1" = nat ] ; then
[ "$1" = tor -o "$1" = selektor ] && \ set -- $1 ping dns socks http https dirmngr tordns firefail libvirtguest
set -- ping tordns dns trace torhost nmap gw [ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## torhost implies - ## vda - through the Gateway with the firewall - also polipo,panic - uses env
## ws - through the Gateway with the firewall - it is a vda
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
elif [ "$1" = vda -o "$1" = ws ] ; then
# Fixme - guessing
# was aret=( 35 3 20 )
set -- ping dns socks http https dirmngr tordns firefail libvirtguest
## gateway - ssh to the whonix gateway from the torhost
elif [ "$1" = gateway ] ; then
## gateway - on the Gateway, trans firewall with tor running -
#? looks like it had direct in gateway;
#? aret=( 23 25 4 5 30 24 17 3 21 ) # 31 6 16
set -- ping dns socks http https dirmngr tordns firefail libvirtguest
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## whonix - whonix torhost with libvirt container running gateway behind firewa
elif [ "$1" = whonix ] ; then
set -- ping libvirtguest tordns dns socks http https dirmngr torhost tordns firefail gw
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
## torhost - running tor with the firewall
[ "$1" = torhost -o "$1" = selektor ] && \
set -- ping torhost tordns dns trace nmap gw
[ -n "$SOCKS_PORT" ] || WARN empty "$SOCKS_PORT"
#? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition #? tor with the firewall to test the host side tor server - call to_tor,dns,ntp in addition
[ "$1" = direct -o "$1" = '' ] && \ ## direct - assume no firewall and no proxy - but may work depend on env
elif [ "$1" = direct -o "$1" = '' ] ; then
set -- ping dns trace nmap gw set -- ping dns trace nmap gw
## all - all tests not stopping on the first error ## all - all tests not stopping on the first error
[ "$1" = all ] && ALL=1 elif [ "$1" = all ] ; then
ALL=1
# aret="${#tests[@]}" # aret="${#tests[@]}"
fi
## gw - test if we are connected to the gateway ## gw - test if we are connected to the gateway
## env - from the cmdline with a properly setup env ## env - from the cmdline with a properly setup env
## firefail - test the proxy without env vars to expect failure ## firefail - test the proxy without env vars to expect failure
## torhost - running tor with the firewall
## http - assumes torhost or whonix and env setup ## http - assumes torhost or whonix and env setup
## https - assumes torhost or whonix and env setup ## https - assumes torhost or whonix and env setup
## socks - assumes torhost or whonix and env setup ## socks - assumes torhost or whonix and env setup
@ -373,23 +502,21 @@ proxy_ping_test_set_args () {
## iwlist - wlan scan of a wifi host ## iwlist - wlan scan of a wifi host
## firewall - test that the firewall blocks ## firewall - test that the firewall blocks
## virbr1 - looks for virbr1 on a libvirt host torhost or whonix ## virbr1 - looks for virbr1 on a libvirt host torhost or whonix
## gateway - ssh to the whonix gateway from the torhost
## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda ## trace - traceroute to DNSHOST - icmp is allowed by the firewall, except on vda
## wifi - test if we are connected - call scan in addition ## wifi - test if we are connected - call scan in addition
## libvirthost - hosting a libvirt container ## libvirthost - hosting a libvirt container
## libvirtguest - in a libvirt container ## libvirtguest - in a libvirt container
## whonix - whonix torhost with libvirt container running gateway behind firewall - aliases: to_gateway from_tor
## direct - assume no firewall and no proxy - but may work depend on env
for elt in "$@" ; do for elt in "$@" ; do
if [ "$elt" = gw -o "$elt" = '' -o "$elt" = env -o \ if [ "$elt" = gw -o "$elt" = env -o \
"$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \ "$elt" = https -o "$elt" = http -o "$elt" = socks -o "$elt" = dns -o \
"$elt" = torhost -o "$elt" = tordns -o "$elt" = whonix -o \ "$elt" = torhost -o "$elt" = 'nat' -o "$elt" = whonix -o "$elt" = selektor -o \
"$elt" = tordns -o \
"$elt" = libvirthost -o "$elt" = torlibvirthost -o \ "$elt" = libvirthost -o "$elt" = torlibvirthost -o \
"$elt" = libvirtguest -o "$elt" = virbr1 -o \ "$elt" = libvirtguest -o "$elt" = virbr1 -o \
"$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \ "$elt" = ping -o "$elt" = trace -o "$elt" = ntp -o "$elt" = nmap -o \
"$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \ "$elt" = iwlist -o "$elt" = firefail -o "$elt" = direct -o \
"$elt" = trace -o "$elt" = wifi -o "$elt" = '' -o "$elt" = '' \ "$elt" = trace -o "$elt" = wifi -o "$elt" = 'dirmngr' -o "$elt" = 'test' \
] ; then ] ; then
aret+=( `proxy_test_help_args $elt` ) aret+=( `proxy_test_help_args $elt` )
else else
@ -407,21 +534,23 @@ if [ "$#" = 0 ] ; then
# default to mode # default to mode
set -- $MODE set -- $MODE
fi fi
if [ $1 = '-h' -o $1 = '--help' ] ; then if [ "$1" = '-h' -o $1 = '--help' ] ; then
echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g' echo USAGE: $USAGE | sed -e 's/[0-9][0-9]*)/\n&/g'
grep '^## [a-oq-z]' $0 | sed -e 's/^## / /' grep '^## [a-oq-z]' $0 | sed -e 's/^## / /'
exit 0 exit 0
elif [ "$1" = 0 ] ; then elif [ "$1" = 0 ] ; then
INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE INFO $prog PROXY_WLAN=$PROXY_WLAN MODE=$MODE
echo 0 help /tmp/proxy_ping_test.hlp echo 0 help /tmp/proxy_ping_test-$USER.hlp
[ -f /tmp/proxy_ping_test.hlp ] || proxy_ping_make_help [ -f /tmp/proxy_ping_test-$USER.hlp ] || proxy_ping_make_help
. /tmp/proxy_ping_test.hlp . /tmp/proxy_ping_test-$USER.hlp
for elt in "${!tests[@]}" ; do for elt in "${!tests[@]}" ; do
echo $elt "${tests[$elt]}" echo $elt "${tests[$elt]}"
done done
exit 0 exit 0
elif [[ $1 =~ ^[0-9] ]] ; then elif [[ $1 =~ ^[0-9] ]] ; then
: passthrough : passthrough
elif [ $1 = 'test' -o $1 = '--test' ] ; then
set -- 99
else else
set -- `proxy_ping_test_set_args "$@"` set -- `proxy_ping_test_set_args "$@"`
DBUG running tests numbered "$@" DBUG running tests numbered "$@"
@ -459,7 +588,7 @@ while [ "$#" -gt 0 ] ; do
tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https " tests[1]="wget_https_as_user wget ${HTTPS_PORT} - https "
[ -n "$https_proxy" ] && LARGS="" || \ [ -n "$https_proxy" ] && LARGS="" || \
LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}" LARGS="env https_proxy=https://${HTTPS_HOST}:${HTTPS_PORT}"
$LARGS $WGET https://$HTTP_TARGET $LARGS $WGET https://$HTTP_TARGET 2>/dev/null
retval=$? retval=$?
if [ $retval -eq 8 -o $retval -eq 0 ] ; then if [ $retval -eq 8 -o $retval -eq 0 ] ; then
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -547,9 +676,9 @@ while [ "$#" -gt 0 ] ; do
GREP="$SOCKS_DNS" GREP="$SOCKS_DNS"
elif [ $ARG -eq 6 ] ; then elif [ $ARG -eq 6 ] ; then
tests[6]="curl_https_as_user - https "
proxy=`proxy_ping_get_https` proxy=`proxy_ping_get_https`
desc="curl --proxy http://${proxy}" desc="curl --proxy http://${proxy}"
tests[6]="curl_https_as_user - https "
proxy_ping_curl --proxy http://${proxy} \ proxy_ping_curl --proxy http://${proxy} \
--proxy-insecure https://$HTTP_TARGET || { \ --proxy-insecure https://$HTTP_TARGET || { \
retval=$? retval=$?
@ -630,7 +759,6 @@ while [ "$#" -gt 0 ] ; do
tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct " tests[12]="nmap_dns_as_root --privileged --send-eth -Pn -sU -p U:53 $DNS_HOST1 - nmap direct "
[ $USER = root ] || continue [ $USER = root ] || continue
which nmap 2>/dev/null >/dev/null || continue which nmap 2>/dev/null >/dev/null || continue
[ -z "$DNS_HOST1" ] && DNS_HOST1="208.67.220.220"
nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \ nmap --privileged --send-eth -Pn -sU -p U:53 "$DNS_HOST1" || { \
retval=$? retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53 ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval nmap 53
@ -641,9 +769,9 @@ while [ "$#" -gt 0 ] ; do
GREP="53" GREP="53"
elif [ $ARG -eq 13 ] ; then elif [ $ARG -eq 13 ] ; then
tests[13]="curl_firewall_bin - wifi " tests[13]="curl_firewall_bin - firewall "
[ $USER = root ] || continue [ $USER = root ] || continue
proxy_test_curl_firewall_bin || continue proxy_test_curl_firewall_asbin || continue
INFO $prog test=$ARG "${tests[$ARG]}" curl bin INFO $prog test=$ARG "${tests[$ARG]}" curl bin
# works # works
GREP="443" GREP="443"
@ -664,7 +792,7 @@ while [ "$#" -gt 0 ] ; do
INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct INFO $prog test=$ARG "${tests[$ARG]}" proxy_test_dig_direct
elif [ $ARG -eq 16 ] ; then elif [ $ARG -eq 16 ] ; then
tests[16]="nslookup_as_root nslookup $PRIV_BIN_OWNER - torhost " tests[16]="nslookup_as_root nslookup ${DNS_HOST1} $PRIV_BIN_OWNER - firewall "
[ $USER = root ] || continue [ $USER = root ] || continue
[ $HAVE_NSLOOKUP = 1 ] || continue [ $HAVE_NSLOOKUP = 1 ] || continue
su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \ su -c "$NSL $DNS_TARGET $DNS_HOST1" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
@ -705,7 +833,8 @@ while [ "$#" -gt 0 ] ; do
GREP="123" GREP="123"
elif [ $ARG -eq 19 ] ; then elif [ $ARG -eq 19 ] ; then
tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail " tests[19]="curl_noproxy_http_as_user curl raw noproxy - firefail "
proxy_ping_curl --noproxy "'*.*'" --connect-timeout $TIMEOUT \ timeout -k $TIMEOUT $TIMEOUT env - $CURL \
--noproxy "'*.*'" --connect-timeout $TIMEOUT \
http://$HTTP_TARGET >/dev/null && { http://$HTTP_TARGET >/dev/null && {
retval=$? retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" curl raw --noproxy
@ -782,7 +911,7 @@ while [ "$#" -gt 0 ] ; do
[ $HAVE_NSLOOKUP = 1 ] || continue [ $HAVE_NSLOOKUP = 1 ] || continue
# noenv with or without proxy # noenv with or without proxy
# @$DNS_HOST1 should fail for firewall unless dnsmasq is working # @$DNS_HOST1 should fail for firewall unless dnsmasq is working
$NSL >/dev/null $DNS_TARGET || { \ $NSL >/dev/null $DNS_TARGET ${DNS_HOST} || { \
retval=$? retval=$?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval nslookup $DNS_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
@ -832,7 +961,7 @@ while [ "$#" -gt 0 ] ; do
elif [ $ARG -eq 30 ] ; then elif [ $ARG -eq 30 ] ; then
tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost " tests[30]="tor_bootstrap_check_as_root tor_bootstrap_check.py - torhost "
[ $MODE = tor -o $MODE = whonix -o $MODE = selektor ] || { [ $MODE = tor -o $MODE = whonix -o $MODE = gateway -o $MODE = selektor ] || {
# are there other roles that run tor? # are there other roles that run tor?
WARN $prog MODE != tor test=$ARG WARN $prog MODE != tor test=$ARG
} }
@ -856,9 +985,10 @@ while [ "$#" -gt 0 ] ; do
elif [ $ARG -eq 31 ] ; then elif [ $ARG -eq 31 ] ; then
tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http " tests[31]="curl_noproxy_as_root polipo http pages $HTTP_PORT - direct http "
proxy_ping_curl --noproxy http://${HTTP_HOST}:$HTTP_PORT && { \ timeout -k $TIMEOUT $TIMEOUT env - $CURL \
--noproxy '*' http://${HTTP_TARGET} && { \
retval=$? retval=$?
ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval http to $HTTP_PORT ERROR PANIC: $prog test=$ARG "${tests[$ARG]}" retval=$retval $HTTP_TARGET
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -908,9 +1038,9 @@ while [ "$#" -gt 0 ] ; do
[ $USER = root ] || continue [ $USER = root ] || continue
[ $HAVE_DIG = 1 ] || continue [ $HAVE_DIG = 1 ] || continue
# @$DNS_HOST1 # @$DNS_HOST1
su -c "dig pool.ntp.org +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \ su -c "dig $NTP_HOST2 +timeout=$TIMEOUT" -s /bin/sh $PRIV_BIN_OWNER >/dev/null || { \
retval=$? retval=$?
ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig pool.ntp.org $PRIV_BIN_OWNER ERROR $prog test=$ARG "${tests[$ARG]}" retval=$retval dig $NTP_HOST2 $PRIV_BIN_OWNER
[ -z "$ALL" ] && exit $ARG$retval || continue [ -z "$ALL" ] && exit $ARG$retval || continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -918,12 +1048,12 @@ while [ "$#" -gt 0 ] ; do
GREP="53" GREP="53"
elif [ $ARG -eq 36 ] ; then elif [ $ARG -eq 36 ] ; then
tests[36]="tor_resolve_as_user tor-resolve pool.ntp.org - tordns " tests[36]="tor_resolve_as_user tor-resolve $NTP_HOST2 - tordns "
[ $HAVE_TOR_RESOLVE = 1 ] || continue [ $HAVE_TOR_RESOLVE = 1 ] || continue
tor-resolve pool.ntp.org >/dev/null || { \ tor-resolve $NTP_HOST2 >/dev/null || { \
retval=$? retval=$?
# dunno Failed parsing SOCKS5 response conf? # dunno Failed parsing SOCKS5 response conf?
WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve pool.ntp.org WARN $prog test=$ARG "${tests[$ARG]}" retval=$retval tor-resolve $NTP_HOST2
continue continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
@ -931,7 +1061,7 @@ while [ "$#" -gt 0 ] ; do
GREP="9053" GREP="9053"
elif [ $ARG -eq 37 ] ; then elif [ $ARG -eq 37 ] ; then
tests[37]="qemu-guest-agent and ports - libvirtguest " tests[37]="qemu_guest_agent_ports - libvirtguest "
ser=qemu-guest-agent ser=qemu-guest-agent
proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start proxy_rc_service $ser status >/dev/null || proxy_rc_service $ser start
proxy_rc_service $ser status >/dev/null || { \ proxy_rc_service $ser status >/dev/null || { \
@ -946,8 +1076,9 @@ while [ "$#" -gt 0 ] ; do
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
GREP="" GREP=""
elif [ $ARG -eq 38 ] ; then elif [ $ARG -eq 38 ] ; then
tests[38]="qemu-guest-agent and ports - libvirthost " tests[38]="check_libvirt_running - libvirthost "
[ $USER = root ] || continue [ $USER = root ] || continue
$PL proxy_libvirt_list $PL proxy_libvirt_list
aret=$? aret=$?
@ -958,11 +1089,41 @@ while [ "$#" -gt 0 ] ; do
else else
# was $GATEW_DOM but now can be gentoo_vm-2 etc # was $GATEW_DOM but now can be gentoo_vm-2 etc
$PL proxy_libvirt_list 2>&1| grep -q "running" || { $PL proxy_libvirt_list 2>&1| grep -q "running" || {
WARN MODE=$MODE and nothing libvirt running ; WARN MODE=$MODE and nothing libvirt running
continue continue
} }
INFO $prog test=$ARG "${tests[$ARG]}" INFO $prog test=$ARG "${tests[$ARG]}"
fi fi
elif [ $ARG -eq 39 ] ; then
tests[39]="proxy_test_dirmngr - dirmngr "
[ $USER = root ] || continue
proxy_test_dirmngr
elif [ $ARG -eq 99 ] ; then
tests[99]="test_all_modes unfinished not sure"
[ $USER = root ] || continue
for elt in vda selektor ws gateway nat tor whonix; do
INFO testing $elt
if [ "$MODE" = vda ] ; then
: vda
elif [ "$MODE" = selektor ] ; then
: selektor
elif [ "$MODE" = ws ] ; then
: ws
elif [ "$MODE" = gateway ] ; then
: gateway
elif [ "$MODE" = nat ] ; then
: nat
elif [ "$MODE" = tor ] ; then
: tor
elif [ "$MODE" = whonix ] ; then
: whonix
else
WARN unrecognized mode MODE=$elt
fi
done
elif false ; then elif false ; then
if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then if ! grep -q '10.152.152.10\|127.0.0.1' /etc/resolv.conf ; then
$NETS | grep -q :53 || { $NETS | grep -q :53 || {
@ -977,21 +1138,3 @@ while [ "$#" -gt 0 ] ; do
done done
exit 0 exit 0
1)
env https_proxy=http://${SOCKS_HOST}:${HTTPS_PORT} wget $D -O - --no-check-certificate
2)
curl $D -k --proxy
3)
curl $D -k --proxy socks5://${SOCKS_HOST}:$SOCKS_PORT --proxy-insecure
6)
curl -k --proxy $HTTP_PORT
16)
nslookup $PRIV_BIN_OWNER
18)
ntpdate as sroot
19)
curl raw noproxy
0)
usage

View File

@ -1,32 +1,25 @@
#!/bin/bash #!/bin/bash
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
# this should be unused
[ -z "$prog" ] && prog=`basename $0 .bash` [ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un ) [ -z "$USER" ] && USER=$( id -un )
ROLE=base
[ -f /usr/local/bin/usr_local_tput.bash ] && \ [ -f /usr/local/bin/usr_local_tput.bash ] && \
. /usr/local/bin/usr_local_tput.bash . /usr/local/bin/usr_local_tput.bash
. /usr/local/src/usr_local_src.bash
## box_gentoo_emerge
box_gentoo_emerge () {
[ "$#" -lt 1 ] && return 0
local elt
declare -a ARGS
for elt in "$@" ; do
[ -z "$elt" ] && continue
grep -q "^$elt$" /var/lib/portage/world && continue
ls /var/db/pkg/"$elt"-[0-9]* 2>/dev/null >/dev/null && continue
qlist -IsS "$elt" | grep -q "^$elt" && continue
equery l -f "^$elt$" | grep '^.I' && continue
ARGS+=($elt)
done
[ "${#ARGS[@]}" -eq 0 ] && exit 0
INFO "${ARGS[@]}"
/usr/local/sbin/box_gentoo_emerge.bash "${ARGS[@]}" || return $?
return 0
}
base=usr_local_base base=usr_local_base
# DBUG 0=$0 # DBUG 0=$0
## box_gentoo_emerge - unused?
box_gentoo_emerge () {
msys_gentoo_emerge "$@"
return $?
}
if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then if [ -x /usr/bin/basename ] && [ $( /usr/bin/basename -- $0 ) = $base'.bash' -o $( basename -- $0 ) = $base'.sh' ] ; then
[ "$#" -eq 0 ] && exit 0 [ "$#" -eq 0 ] && exit 0
[ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \ [ "$#" -eq 1 ] && [ "$1" = '-h' -o "$1" = '--help' ] && \

View File

@ -1,10 +1,26 @@
#!/bin/sh #!/bin/sh
# -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*- # -*- mode: sh; fill-column: 75; tab-width: 8; coding: utf-8-unix -*-
[ -z "$TERM" ] && exit 0
[ -z "$prog" ] && prog=`basename $0 .bash` [ -z "$prog" ] && prog=`basename $0 .bash`
[ -z "$USER" ] && USER=$( id -un ) [ -z "$USER" ] && USER=$( id -un )
[ -z "$DEBUG" ] && DEBUG=0 [ -z "$DEBUG" ] && DEBUG=0
if [ -z "$TERM" ] || [ "`tty`" == '' ] ; then
USAGE () { echo "USAGE: " $* ; exit 0 ; }
ERROR () { echo "ERROR: $prog" $* ; }
WARN () { echo "WARN: $prog" $* ; }
INFO () { echo "INFO: $prog" $* ; }
DBUG () { echo "DBUG: $prog" $* ; }
PANIC () { echo "PANIC: $prog" $* ; exit 1; }
FATL () { echo "PANIC: $prog" $* ; exit 1; }
usage () { echo "USAGE: " $* >&2 ; exit 0 >&2 ; }
error () { echo "ERROR: $prog" $* >&2 ; }
warn () { echo "WARN: $prog" $* >&2 ; }
info () { echo "INFO: $prog" $* >&2 ; }
dbug () { echo "DBUG: $prog" $* >&2 ; }
panic () { echo "PANIC: $prog" $* >&2 ; exit 1; }
fatl () { echo "PANIC: $prog" $* >&2 ; exit 1; }
else
if [ -n "$TERM" ] ; then if [ -n "$TERM" ] ; then
# vars that can be used to change font color # vars that can be used to change font color
@ -47,13 +63,6 @@ WARN () {
} }
warn () { WARN >&2 $* ; } warn () { WARN >&2 $* ; }
USAGE () {
echo ${yellow}USAGE:${normal} $*
return 0
}
usage () { USAGE >&2 $* ; }
INFO () { INFO () {
echo ${green}INFO:${normal} $* echo ${green}INFO:${normal} $*
return 0 return 0
@ -67,11 +76,12 @@ DBUG () {
dbug () { DBUG >&2 $* ; } dbug () { DBUG >&2 $* ; }
debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; } debug () { [ "$DEBUG" = "1" ] && echo >&2 ${cyan}DBUG:${normal} $* ; return 0 ; }
usage () { USAGE () {
echo ${yellow}USAGE:${normal} $* echo ${yellow}USAGE:${normal} $*
return 0 return 0
} }
USAGE () { usage $* ; } usage () { USAGE >&2 $* ; }
fi
ols_are_we_connected () { route | grep -q ^default ; return $? ; } msys_are_we_connected () { grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; return $? ; }

View File

@ -100,7 +100,7 @@ fi
[ -d /etc/portage -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=vagrant [ -d /etc/portage -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=vagrant
[ -d /etc/apt -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=devuan [ -d /etc/apt -a -z "$BOX_USER_NAME" ] && BOX_USER_NAME=devuan
[ -z "$BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME [ -z "$BOX_USER_HOME" -o ! -d "$BOX_USER_HOME" ] && BOX_USER_HOME=/home/$BOX_USER_NAME
[ -z "$BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm [ -z "$BOX_ALSO_GROUP" ] && BOX_ALSO_GROUP=adm
[ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp [ -z "$LOGDIR" ] && LOGDIR=$PREFIX/tmp
@ -148,20 +148,20 @@ fi
if [ -d $UPTMP/boxuser_pip_cache ] ; then if [ -d $UPTMP/boxuser_pip_cache ] ; then
bootstrap_mkdir $BOX_USER_HOME/.cache/ && \ bootstrap_mkdir $BOX_USER_HOME/.cache/ && \
cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \ cp -rip $UPTMP/boxuser_pip_cache $BOX_USER_HOME/.cache/pip && \
chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \ #? chown -R ${BOX_USER_NAME}.{BOX_ALSO_GROUP} $BOX_USER_HOME/.cache/pip && \
chmod -R g+rw $BOX_USER_HOME/.cache/pip && \ chmod -R g+rw $BOX_USER_HOME/.cache/pip && \
chmod -R o-w $BOX_USER_HOME/.cache/pip chmod -R o-w $BOX_USER_HOME/.cache/pip
fi fi
if [ -d $UPTMP/root_pip_cache ] ; then if [ -d $UPTMP/root_pip_cache ] ; then
bootstrap_mkdir /root/.cache/ && \ bootstrap_mkdir /root/.cache/ && \
cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \ cp -rip $UPTMP/root_pip_cache /root/.cache/pip && \
chown -R root.root /root/.cache/pip && \ #? chown -R ${BOX_USER_NAME}:{BOX_ALSO_GROUP} /root/.cache/pip && \
chmod -R g+rw /root/.cache/pip && \ chmod -R g+rw /root/.cache/pip && \
chmod -R o-w /root/.cache/pip chmod -R o-w /root/.cache/pip
fi fi
if [ -d /etc/apt ] ; then if [ -d /etc/apt ] ; then
if ! route | grep -q ^default ; then if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
DBUG "Not connected; skipping apt-get update" DBUG "Not connected; skipping apt-get update"
elif [ ! -f /var/log/dpkg.log ] ; then elif [ ! -f /var/log/dpkg.log ] ; then
apt-get update # || exit 4 apt-get update # || exit 4
@ -332,7 +332,7 @@ EOF
fi fi
# dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert # dont use -CAfile $UPTMP/cacert.pem - we want it to fail if we need the cert
if ! route | grep -q ^default ; then if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
DBUG "Not connected; skipping SSL Certificate Authority chain" DBUG "Not connected; skipping SSL Certificate Authority chain"
elif [ -n "$https_proxy" ] ; then elif [ -n "$https_proxy" ] ; then
proxy=`echo "$https_proxy" | sed -e 's/https*:\/*//'` proxy=`echo "$https_proxy" | sed -e 's/https*:\/*//'`
@ -486,7 +486,7 @@ if ! $PREFIX/bin/python$PYVER.bash -c 'import curl' 2>/dev/null ; then
[ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl [ -x /usr/bin/curl ] || which curl 2>/dev/null || emerge -vb curl
fi fi
#? --allow-unverified pycurl #? --allow-unverified pycurl
if ! route | grep -q ^default ; then if ! grep -q "^wlan[1-9][ ]00000000" /proc/net/route ; then
INFO "Not connected; not installing pycurl" INFO "Not connected; not installing pycurl"
elif $PREFIX/bin/pip$PYVER.sh install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then elif $PREFIX/bin/pip$PYVER.sh install $PIP_INSTALL_ARGS pycurl >> $LOGDIR/pip_install_pycurl.log 2>&1 ; then
INFO "Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS" INFO "Installed pycurl from pip with $PREFIX/bin/pip install $PIP_INSTALL_ARGS"

View File

@ -3,6 +3,7 @@
prog=$( basename $0 .bash ) prog=$( basename $0 .bash )
ROLE=base ROLE=base
PYVER=3
LOG_DIR=/usr/local/var/logs/portage LOG_DIR=/usr/local/var/logs/portage
[ -d $LOG_DIR ] || mkdir -p $LOG_DIR [ -d $LOG_DIR ] || mkdir -p $LOG_DIR
@ -37,15 +38,16 @@ LARGS="$LARGS --noreplace"
# LARGS="$LARGS --exclude " # LARGS="$LARGS --exclude "
LOG=$LOG_DIR/$LOG LOG=$LOG_DIR/$LOG
export PYTHONPATH= export PYTHONPATH=
echo INFO: $LARGS $ARGS >> $LOG 2>&1 echo INFO: emerge $LARGS $ARGS |tee -a $LOG >&2
nice python$BASE_PYTHON3_MINOR $( which emerge ) $LARGS $ARGS >> $LOG 2>&1 nice python$PYVER $( which emerge ) $LARGS $ARGS >> $LOG 2>&1
[ $? -ne 0 ] && exit $? retval=$?
[ $retval -ne 0 ] && echo ERROR: $retval $LOG && tail $LOG && exit $retval
if grep ImportError $LOG ; then if grep ImportError $LOG ; then
echo ERROR: ImportError $ARGS && exit 10 echo ERROR: ImportError $LOG && exit 10
elif grep ParseError $LOG ; then elif grep ParseError $LOG ; then
echo ERROR: ParseError $ARGS && exit 11 echo ERROR: ParseError $LOG && exit 11
elif grep 'Your current profile is invalid' $LOG ; then elif grep 'Your current profile is invalid' $LOG ; then
echo ERROR: Your current profile is invalid $ARGS && exit 12 echo ERROR: Your current profile is invalid $LOG && exit 12
fi fi
exit 0 exit 0

View File

@ -4,9 +4,10 @@
ROLE=proxy ROLE=proxy
PREFIX=/usr/local PREFIX=/usr/local
# should be usable per user # should be usable per user or by root as a user
. /usr/local/src/usr_local_src.bash || exit 2 . /usr/local/src/usr_local_src.bash || exit 2
ols_check_site_py >/dev/null || exit 3$? msys_check_site_py >/dev/null || exit 3$?
DESC="" DESC=""
export LOG_DIR=$PREFIX/var/log/$ROLE export LOG_DIR=$PREFIX/var/log/$ROLE

View File

@ -56,6 +56,20 @@ if [ "$#" -eq 0 ] ; then
done done
exit 0 exit 0
elif [ "$1" = check ] ; then
msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then
# sudo chown -R 1000:4 /usr/local/var/log/testforge/shellcheck
msys_var_local_src_prog_key $1 || exit 20$?
# ols_run_tests_shellcheck $ROLE || exit 21$?
# ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then
msys_var_local_src_prog_key $1 || exit 51$?
fi fi
#? FixMe: sed *sed - just /var/local #? FixMe: sed *sed - just /var/local

View File

@ -4,7 +4,7 @@
- name: "/usr/local/etc/local.d/Whonix-Lati.rc" - name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile: blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc"
create: yes create: yes
mode: 0770 mode: 0770
owner: "{{ BOX_USER_NAME }}" owner: "{{ BOX_USER_NAME }}"

View File

@ -4,7 +4,7 @@
- name: "/usr/local/etc/local.d/Whonix-Lati.rc" - name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile: blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc"
create: yes create: yes
mode: 0770 mode: 0770
owner: "{{ BOX_USER_NAME }}" owner: "{{ BOX_USER_NAME }}"

View File

@ -11,7 +11,7 @@
- name: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python" - name: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python"
file: file:
# Its on the PATH in portage/.../.../temp/environment ahead of # Its on the PATH in portage/.../.../temp/environment ahead of
# .../usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:... # ...{{USR_LOCAL}}/sbin:{{USR_LOCAL}}/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:...
src: "/usr/bin/python{{BASE_PORTAGE_PYTHON_MINOR}}" src: "/usr/bin/python{{BASE_PORTAGE_PYTHON_MINOR}}"
dest: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python" dest: "/usr/lib/portage/python{{BASE_PORTAGE_PYTHON_MINOR}}/ebuild-helpers/python"
state: link state: link
@ -22,6 +22,9 @@
- name: "/etc/portage/make.conf base Gentoo GPSD_PROTOCOLS" - name: "/etc/portage/make.conf base Gentoo GPSD_PROTOCOLS"
blockinfile: blockinfile:
dest: /etc/portage/make.conf dest: /etc/portage/make.conf
owner: "portage"
group: "portage"
mode: "0644"
create: false create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [GPSD_PROTOCOLS]" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [GPSD_PROTOCOLS]"
block: | block: |
@ -30,6 +33,9 @@
- name: "/etc/portage/make.conf base Gentoo PORTAGE_PYTHON" - name: "/etc/portage/make.conf base Gentoo PORTAGE_PYTHON"
blockinfile: blockinfile:
dest: /etc/portage/make.conf dest: /etc/portage/make.conf
owner: "portage"
group: "portage"
mode: "0644"
create: false create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PORTAGE_PYTHON]" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PORTAGE_PYTHON]"
block: | block: |
@ -252,7 +258,7 @@
create: false create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PKG_CONFIG_PATH]" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [PKG_CONFIG_PATH]"
block: | block: |
PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig:/usr/local/lib/pkgconfig/" PKG_CONFIG_PATH="/usr/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig:{{USR_LOCAL}}/lib/pkgconfig/"
- assert: - assert:
that: that:
- "'{{ BOX_OS_FLAVOR }}' != 'Funtoo'" - "'{{ BOX_OS_FLAVOR }}' != 'Funtoo'"
@ -269,6 +275,9 @@
dest: /etc/portage/repos.conf/default.conf dest: /etc/portage/repos.conf/default.conf
create: yes create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK base" marker: "# {mark} ANSIBLE MANAGED BLOCK base"
owner: "portage"
group: "portage"
mode: "0644"
block: | block: |
[DEFAULT] [DEFAULT]
# /usr/share/portage/config/repos.conf # /usr/share/portage/config/repos.conf
@ -294,6 +303,9 @@
blockinfile: blockinfile:
dest: /etc/portage/profile/package.provided dest: /etc/portage/profile/package.provided
create: yes create: yes
owner: "portage"
group: "portage"
mode: "0644"
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo"
block: | block: |
# /etc/portage/profile/package.provided # /etc/portage/profile/package.provided
@ -312,6 +324,9 @@
blockinfile: blockinfile:
dest: /etc/portage/make.conf dest: /etc/portage/make.conf
create: false create: false
owner: "portage"
group: "portage"
mode: "0644"
marker: "# {mark} Ansible Managed Block base Gentoo.yml GRUB_PLATFORMS" marker: "# {mark} Ansible Managed Block base Gentoo.yml GRUB_PLATFORMS"
block: | block: |
# added 2019-07 # added 2019-07
@ -322,6 +337,9 @@
- name: "/etc/portage/make.conf base Gentoo ACCEPT_LICENSE" - name: "/etc/portage/make.conf base Gentoo ACCEPT_LICENSE"
blockinfile: blockinfile:
dest: /etc/portage/make.conf dest: /etc/portage/make.conf
owner: "portage"
group: "portage"
mode: "0644"
create: false create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [ACCEPT_LICENSE]" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml [ACCEPT_LICENSE]"
block: | block: |
@ -330,6 +348,9 @@
- name: "/etc/portage/make.conf base Gentoo VERIFY_SIG_OPENPGP_KEY_REFRESH" - name: "/etc/portage/make.conf base Gentoo VERIFY_SIG_OPENPGP_KEY_REFRESH"
blockinfile: blockinfile:
dest: /etc/portage/make.conf dest: /etc/portage/make.conf
owner: "portage"
group: "portage"
mode: "0644"
create: false create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml VERIFY_SIG_OPENPGP_KEY_REFRESH" marker: "# {mark} ANSIBLE MANAGED BLOCK base Gentoo.yml VERIFY_SIG_OPENPGP_KEY_REFRESH"
block: | block: |

View File

@ -389,14 +389,6 @@
block: | block: |
dev-libs/libpcre2 pcre16 static-libs dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre2"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2020-01_readline.txt" - name: "/etc/portage/package.use/2020-01_readline.txt"
blockinfile: blockinfile:
dest: /etc/portage/package.use/2020-01_readline.txt dest: /etc/portage/package.use/2020-01_readline.txt
@ -501,14 +493,6 @@
block: | block: |
dev-libs/libpcre2 pcre16 static-libs dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2017-10_world.txt"
blockinfile:
dest: /etc/portage/package.use/2017-10_world.txt
create: true
marker: "# {mark} Ansible Managed Block base libpcre"
block: |
dev-libs/libpcre2 pcre16 static-libs
- name: "/etc/portage/package.use/2018-01_qt.txt" - name: "/etc/portage/package.use/2018-01_qt.txt"
blockinfile: blockinfile:
dest: /etc/portage/package.use/2018-01_qt.txt dest: /etc/portage/package.use/2018-01_qt.txt

View File

@ -35,10 +35,10 @@
# either way - make sure there is only one. # either way - make sure there is only one.
for elt in {{BASE_PYTHON2_MINOR}} {{BASE_PYTHON3_MINOR}} ; do for elt in {{BASE_PYTHON2_MINOR}} {{BASE_PYTHON3_MINOR}} ; do
[ -d /usr/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue [ -d /usr/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue
[ -d /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue [ -d {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources ] || continue
rm -rf /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad rm -rf {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad
mv /usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources/ \ mv {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources/ \
/usr/local/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad {{USR_LOCAL}}/{{BASE_LIB}}/python$elt/site-packages/pkg_resources.bad
done done
exit 0 exit 0

View File

@ -14,7 +14,7 @@
- name: Assemble from fragments from a directory - name: Assemble from fragments from a directory
assemble: assemble:
src: /usr/local/etc/ansible/ansible.cfg src: "{{USR_LOCAL}}/etc/ansible/ansible.cfg"
regexp: "cfg$" regexp: "cfg$"
dest: "{{BASE_SRC_ANSIBLE}}/ansible.cfg" dest: "{{BASE_SRC_ANSIBLE}}/ansible.cfg"
ignore_errors: true ignore_errors: true

View File

@ -54,32 +54,34 @@
- name: base /usr/local/src/usr_local_src.bash - name: base /usr/local/src/usr_local_src.bash
copy: copy:
src: /usr/local/src/usr_local_src.bash src: "{{USR_LOCAL}}/src/usr_local_src.bash"
dest: /usr/local/src/usr_local_src.bash dest: "{{USR_LOCAL}}/src/usr_local_src.bash"
mode: '0755' mode: '0755'
when:
- ansible_virtualization_role|replace('NA', 'host') != 'host'
- block: - block:
- name: /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} - name: /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}}
shell: | shell: |
[ -e /usr/local/bin/base_check_site_py.bash ] || exit 0 [ -e {{USR_LOCAL}}/bin/base_check_site_py.bash ] || exit 0
export PYTHONPATH='' export PYTHONPATH=''
/usr/local/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} || exit 3$? {{USR_LOCAL}}/bin/base_check_site_py.bash {{BASE_PYTHON3_MINOR}} || exit 3$?
when: when:
- "BASE_PYTHON3_MINOR != ''" - "BASE_PYTHON3_MINOR != ''"
- name: base /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} - name: base /usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}}
shell: | shell: |
[ -e /usr/local/bin/base_check_site_py.bash ] || exit 0 [ -e {{USR_LOCAL}}/bin/base_check_site_py.bash ] || exit 0
export PYTHONPATH='' export PYTHONPATH=''
/usr/local/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} || exit 2$? {{USR_LOCAL}}/bin/base_check_site_py.bash {{BASE_PYTHON2_MINOR}} || exit 2$?
when: when:
- "BASE_PYTHON2_MINOR != ''" - "BASE_PYTHON2_MINOR != ''"
# wierd error - fails under ansible but not at the command line # wierd error - fails under ansible but not at the command line
rescue: rescue:
- debug: - debug:
msg: "ERROR: WTF /usr/local/bin/base_check_site_py.bash" msg: "ERROR: RESCUE WTF {{USR_LOCAL}}/bin/base_check_site_py.bash"
check_mode: false check_mode: false
tags: tags:
- always - always
@ -261,7 +263,7 @@
- name: "are we connected? - base_get_if.bash" - name: "are we connected? - base_get_if.bash"
shell: | shell: |
ip route | grep -q ^default || exit 1$? ip route | grep -q ^default || exit 1$?
wlan=`/usr/local/bin/base_get_if.bash` || exit 3 wlan=`{{USR_LOCAL}}/bin/base_get_if.bash` || exit 3
if [ -n "$wlan" ] ; then if [ -n "$wlan" ] ; then
ifconfig "$wlan" | grep -q UP && echo $wlan || true ifconfig "$wlan" | grep -q UP && echo $wlan || true
else else
@ -279,8 +281,8 @@
- name: "are we connected? - new wifi" - name: "are we connected? - new wifi"
shell: | shell: |
ip route | grep -q ^default || exit 1$? ip route | grep -q ^default || exit 1$?
/usr/local/bin/proxy_ping_test.bash wifi || exit 2$? {{USR_LOCAL}}/bin/proxy_ping_test.bash wifi || exit 2$?
wlan=`/usr/local/bin/base_get_if.bash` wlan=`{{USR_LOCAL}}/bin/base_get_if.bash`
echo $wlan echo $wlan
register: wlan_up_no register: wlan_up_no
failed_when: false failed_when: false
@ -366,7 +368,7 @@
shell: | shell: |
export BASE_PYTHON2_MINOR={{BASE_PYTHON2_MINOR}} export BASE_PYTHON2_MINOR={{BASE_PYTHON2_MINOR}}
export PYVER=2 export PYVER=2
/usr/local/bin/pyver.sh {{USR_LOCAL}}/bin/pyver.sh
# sitecustomize is not getting made on 3.8 # sitecustomize is not getting made on 3.8
@ -374,7 +376,7 @@
shell: | shell: |
export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}} export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}}
export PYVER=3 export PYVER=3
/usr/local/bin/pyver.sh {{USR_LOCAL}}/bin/pyver.sh
# only site - not dist on Ubuntu? # only site - not dist on Ubuntu?
- name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py" - name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py"
@ -406,7 +408,7 @@
shell: | shell: |
export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}} export BASE_PYTHON3_MINOR={{BASE_PYTHON3_MINOR}}
export PYVER=3 export PYVER=3
/usr/local/bin/pyver.sh {{USR_LOCAL}}/bin/pyver.sh
# only site - not dist on Ubuntu? # only site - not dist on Ubuntu?
- name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py" - name: "make lib64/python{{BASE_PYTHON2_MINOR}}/site-packages/__init__.py"
@ -476,7 +478,7 @@
- name: "/usr/local/etc/local.d/Whonix-Lati.rc" - name: "/usr/local/etc/local.d/Whonix-Lati.rc"
lineinfile: lineinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc"
create: yes create: yes
mode: 0770 mode: 0770
insertafter: BOF insertafter: BOF
@ -485,7 +487,7 @@
- name: "/usr/local/etc/local.d/Whonix-Lati.rc" - name: "/usr/local/etc/local.d/Whonix-Lati.rc"
blockinfile: blockinfile:
dest: /usr/local/etc/local.d/Whonix-Lati.rc dest: "{{USR_LOCAL}}/etc/local.d/Whonix-Lati.rc"
create: yes create: yes
mode: 0770 mode: 0770
marker: "# {mark} ANSIBLE MANAGED BLOCK base initctl" marker: "# {mark} ANSIBLE MANAGED BLOCK base initctl"
@ -506,7 +508,7 @@
cd $src || exit 1 cd $src || exit 1
[ -e "python{{ BASE_PYTHON2_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON2_MINOR }}" . [ -e "python{{ BASE_PYTHON2_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON2_MINOR }}" .
[ -e "python{{ BASE_PYTHON3_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON3_MINOR }}" . [ -e "python{{ BASE_PYTHON3_MINOR }}" ] || ln -s "../{{LIB}}/python{{ BASE_PYTHON3_MINOR }}" .
# our model is that user and group adm can pip install into /usr/local # our model is that user and group adm can pip install into {{USR_LOCAL}}
# failsafe but often required and not covered elsewhere # failsafe but often required and not covered elsewhere
chown -R "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" $src/python* $dest/python* chown -R "{{ BOX_USER_NAME }}"."{{ BOX_ALSO_GROUP }}" $src/python* $dest/python*
chmod -R g+rw $src/python* $dest/python* chmod -R g+rw $src/python* $dest/python*
@ -522,7 +524,7 @@
i=$( expr $i + 1 ) i=$( expr $i + 1 )
[ -e /dev/loop$i ] && continue [ -e /dev/loop$i ] && continue
mknod /dev/loop$i b 7 $i mknod /dev/loop$i b 7 $i
chown root.disk /dev/loop$i chown root:disk /dev/loop$i
chmod 660 /dev/loop$i chmod 660 /dev/loop$i
done done
exit 0 exit 0
@ -541,11 +543,6 @@
- tmp - tmp
check_mode: false check_mode: false
- name: base /usr/local/src/usr_local_base.bash
copy:
src: /usr/local/src/usr_local_base.bash
dest: /usr/local/src/usr_local_base.bash
mode: '755'
# FixMe: change this to a user.yml; this should be run as vagrant and per sytem_user # FixMe: change this to a user.yml; this should be run as vagrant and per sytem_user
- name: "/usr/local/src/usr_local_base.sh" - name: "/usr/local/src/usr_local_base.sh"
@ -585,10 +582,11 @@
args: args:
chdir: "{{BASE_USR_LOCAL}}/src" chdir: "{{BASE_USR_LOCAL}}/src"
creates: creates:
- "{{BASE_USR_LOCAL}}/bin/python2.sh"
- "{{BASE_USR_LOCAL}}/bin/python3.sh" - "{{BASE_USR_LOCAL}}/bin/python3.sh"
become: yes become: yes
become_user: "{{ BOX_USER_NAME }}" become_user: "{{ BOX_USER_NAME }}"
# FixMe
ignore_errors: true
# FixMe: pip doesnt buy this # FixMe: pip doesnt buy this
- name: "make /usr/local/net/Cache/Pip" - name: "make /usr/local/net/Cache/Pip"

View File

@ -115,7 +115,7 @@
PYTHON_MINOR="$(eval echo \$$P)" PYTHON_MINOR="$(eval echo \$$P)"
grep -q $PYTHON_MINOR python$PYVER.conf || \ grep -q $PYTHON_MINOR python$PYVER.conf || \
echo $PYTHON_MINOR >> python$PYVER.conf echo $PYTHON_MINOR >> python$PYVER.conf
cat /usr/local/etc/python-exec/python$PYVER-*.lis | while read file ; do cat {{USR_LOCAL}}/etc/python-exec/python$PYVER-*.lis | while read file ; do
[ -e $file.conf ] && continue [ -e $file.conf ] && continue
ln -s python$PYVER.conf $file.conf ln -s python$PYVER.conf $file.conf
done done

View File

@ -1,7 +1,7 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*- # -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
--- ---
- name: "base base_proxy.yml BOX_OS_FLAVOR={{BOX_OS_FLAVOR}}" - name: "base base_proxy.yml"
debug: debug:
# verbosity: 1 # verbosity: 1
msg: "base base_proxy.yml http_proxy={{http_proxy}} https_proxy={{https_proxy}} socks_proxy={{socks_proxy}}" msg: "base base_proxy.yml http_proxy={{http_proxy}} https_proxy={{https_proxy}} socks_proxy={{socks_proxy}}"
@ -14,7 +14,7 @@
socks_proxy: "socks5://127.0.0.1:9999" socks_proxy: "socks5://127.0.0.1:9999"
ftp_proxy: "socks5://127.0.0.1:9999" ftp_proxy: "socks5://127.0.0.1:9999"
no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost') }}" no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost') }}"
SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}" SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem') }}"
RSYNC_PROXY: "127.0.0.1:9999" RSYNC_PROXY: "127.0.0.1:9999"
TERM: linux TERM: linux
@ -74,7 +74,7 @@
ftp_proxy: "socks5://{{external_out.stdout}}:3128" ftp_proxy: "socks5://{{external_out.stdout}}:3128"
# this network should come from inventory # this network should come from inventory
no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost,10.0.2.0/24') }}" no_proxy: "{{ NO_PROXY|default('127.0.0.1,localhost,10.0.2.0/24') }}"
SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('/usr/local/etc/ssl/cacert-testforge.pem') }}" SSL_CERT_FILE: "{{ SSL_CERT_FILE|default('{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem') }}"
RSYNC_PROXY: "{{external_out.stdout}}:3128" RSYNC_PROXY: "{{external_out.stdout}}:3128"
when: when:
- external_out.rc|default(1) == 0 - external_out.rc|default(1) == 0

View File

@ -13,9 +13,9 @@
- name: boostrap bootstrap_chroot_kicksecure.bash - name: boostrap bootstrap_chroot_kicksecure.bash
shell: | shell: |
/usr/local/sbin/bootstrap_chroot_kicksecure.bash {{USR_LOCAL}}/sbin/bootstrap_chroot_kicksecure.bash
args: args:
creates: /usr/local/etc/ssl/cacert-testforge.pem creates: "{{USR_LOCAL}}/etc/ssl/cacert-testforge.pem"
delegate_to: localhost delegate_to: localhost
when: when:
- ansible_connection|default('') == 'chroot' - ansible_connection|default('') == 'chroot'
@ -45,9 +45,9 @@
if [ -x {{VAR_LOCAL}}/sbin/update_chroot.bash ]; then if [ -x {{VAR_LOCAL}}/sbin/update_chroot.bash ]; then
{{VAR_LOCAL}}/sbin/update_chroot.bash "$root/" pwd || \ {{VAR_LOCAL}}/sbin/update_chroot.bash "$root/" pwd || \
{ echo ERROR: {{VAR_LOCAL}}/sbin/update_chroot.bash $root/ pwd $? ; exit 3 ; } { echo ERROR: {{VAR_LOCAL}}/sbin/update_chroot.bash $root/ pwd $? ; exit 3 ; }
elif [ -x /usr/local/sbin/base_chroot.bash ]; then elif [ -x {{USR_LOCAL}}/sbin/base_chroot.bash ]; then
/usr/local/sbin/base_chroot.bash "$root/" pwd || \ {{USR_LOCAL}}/sbin/base_chroot.bash "$root/" pwd || \
{ echo ERROR: /usr/local/sbin/base_chroot.bash "$root/" pwd $? ; exit 4 ; } { echo ERROR: {{USR_LOCAL}}/sbin/base_chroot.bash "$root/" pwd $? ; exit 4 ; }
fi fi
i=$( df -a | sed -e 's/.* //'| sort -u | grep -c "$root" ) i=$( df -a | sed -e 's/.* //'| sort -u | grep -c "$root" )
@ -95,8 +95,8 @@
- name: boostrap bootstrap_wheels.bash - name: boostrap bootstrap_wheels.bash
copy: copy:
src: /usr/local/sbin/bootstrap_wheels.bash src: "{{USR_LOCAL}}/sbin/bootstrap_wheels.bash"
dest: /usr/local/sbin/bootstrap_wheels.bash dest: "{{USR_LOCAL}}/sbin/bootstrap_wheels.bash"
mode: '0755' mode: '0755'
- name: boostrap bootstrap_wheels.bash raw - name: boostrap bootstrap_wheels.bash raw

View File

@ -63,10 +63,38 @@
state: directory state: directory
mode: 01777 mode: 01777
with_items: with_items:
- /run/tmp
- /var/tmp/.ansible - /var/tmp/.ansible
- "{{BASE_LOG_DIR}}/pip" - "{{BASE_LOG_DIR}}/pip"
- "{{BASE_LOG_DIR}}/pip/pip2" - "{{BASE_LOG_DIR}}/pip/pip2"
- "{{BASE_LOG_DIR}}/pip/pip3" - "{{BASE_LOG_DIR}}/pip/pip3"
- /usr/local/share/genkernel/overlay/bin
- name: "/usr/local/etc/testforge/testforge.ini BOF"
lineinfile:
dest: "/usr/local/etc/testforge/testforge.ini"
insertbefore: BOF
mode: 0755
owner: "{{BOX_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
create: yes
regexp: "# -.- mode: sh; tab-width: 0; coding: utf-8-unix -.-"
line: "# -*- mode: sh; tab-width: 0; coding: utf-8-unix -*-"
- name: /usr/local/etc/testforge/testforge.ini proxy
blockinfile:
dest: /usr/local/etc/testforge/testforge.ini
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK ini [base]"
block: |
[base]
BASE_USER_NAME: "{{ BOX_USER_NAME }}"
BASE_USER_HOME: "{{ BOX_USER_HOME }}"
BASE_ALSO_GROUP: "{{ BOX_ALSO_GROUP }}"
BASE_ALSO_USERS: "{{BOX_ALSO_USERS}}"
BASE_USER_CONFIG_DIR: ".config/testforge"
BASE_PYTHON2_MINOR: "{{BASE_PYTHON2_MINOR}}"
BASE_PYTHON3_MINOR: "{{BASE_PYTHON3_MINOR}}"
- name: "rsync base root_overlay" - name: "rsync base root_overlay"
synchronize: synchronize:
@ -134,24 +162,24 @@
cd /usr/local/src cd /usr/local/src
[ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \ [ ! -d "ansible-{{BOX_ANSIBLE_VERSION}}" ] && \
[ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \ [ ! -f "ansible-{{BOX_ANSIBLE_VERSION}}/setup.py" ] && \
[ -f /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \ [ -f {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz ] && \
tar xvfz /usr/local/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \ tar xvfz {{USR_LOCAL}}/tmp/wheels/ansible-{{BOX_ANSIBLE_VERSION}}.tar.gz && \
chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}} chown -R {{BOX_USER_GROUP}}.{{BOX_USER_GROUP}} ansible-{{BOX_ANSIBLE_VERSION}}
exit 0 exit 0
- name: "patch /usr/local/" - name: "patch /usr/local/"
environment: "{{ shell_env }}" environment: "{{ shell_env }}"
shell: | shell: |
cd /usr/local/patches/base || exit 1 cd {{USR_LOCAL}}/patches/base || exit 1
# this vacuumns all diff files below the root # this vacuumns all diff files below the root
{{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}} {{ BASE_SCRIPT_DIR }}/base_patch_from_diff.bash {{item}}
when: when:
- item != '' - item != ''
- not ansible_check_mode - not ansible_check_mode
- false # FixMe not up to date
with_items: with_items:
- usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}} - usr/local/src/ansible-{{BOX_ANSIBLE_VERSION}}
- name: chown vagrant ~vagrant - name: chown vagrant ~vagrant
environment: "{{ shell_env }}" environment: "{{ shell_env }}"
shell: | shell: |
@ -167,6 +195,55 @@
- "{{ base_system_users }}" - "{{ base_system_users }}"
check_mode: false check_mode: false
- block:
- name: "make vagrant RO directories base"
file:
path: "{{ item|expanduser }}"
state: directory
owner: "{{ BOX_USER_NAME }}"
mode: 0700
with_items:
- "{{ BOX_USER_HOME }}/.cache"
- "{{ BOX_USER_HOME }}/.config"
- "{{ BOX_USER_HOME }}/.gpg"
- "{{ BOX_USER_HOME }}/.local/lib"
- "{{ BOX_USER_HOME }}/.ssh"
- name: "I think this is right make .local symlinks lib dirs"
file:
src: "{{ item.src | expanduser }}"
dest: "{{ item.dest | expanduser }}"
state: link
with_items:
- dest: "{{ BOX_USER_HOME }}/.local/lib64"
src: "{{ BOX_USER_HOME }}/.local/lib"
mode: "0755"
- dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON3_MINOR}}"
src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON3_MINOR}}"
mode: "0755"
- dest: "{{ BOX_USER_HOME }}/.local/lib/python{{BASE_PYTHON2_MINOR}}"
src: "{{ USR_LOCAL }}/lib/python{{BASE_PYTHON2_MINOR}}"
mode: "0755"
ignore_errors: true
- name: "make vagrant RO files base"
copy:
dest: "{{ BOX_USER_HOME }}/{{ item }}"
src: "{{ lookup('env','HOME') }}/{{ item }}"
force: no
mode: 0600
with_items:
- ".bashrc"
- ".bash_profile"
ignore_errors: true
# template or skel this
when:
- not ansible_check_mode
# libvirt become is not working?
- name: openssl.cnf cacert.pem - name: openssl.cnf cacert.pem
# FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt # FixMe: PLAY_CA_CERT or /etc/ssl/certs/ca-certificates.crt
environment: "{{ shell_env }}" environment: "{{ shell_env }}"

View File

@ -79,5 +79,5 @@
rescue: rescue:
- debug: - debug:
msg: "WARN: error including ~/QeRcUser.yaml" msg: "WARN: RESCUE error including ~/QeRcUser.yaml"

View File

@ -21,7 +21,6 @@
# msg: Unexpected failure during module execution. # msg: Unexpected failure during module execution.
ignore_errors: true ignore_errors: true
- name: ln -s 1777 /var/tmp/.ansible - name: ln -s 1777 /var/tmp/.ansible
shell: | shell: |
[ ! -d /var/tmp/.ansible ] && mkdir /var/tmp/.ansible && chmod 1777 /var/tmp/.ansible [ ! -d /var/tmp/.ansible ] && mkdir /var/tmp/.ansible && chmod 1777 /var/tmp/.ansible
@ -47,19 +46,11 @@
- "~{{LOOP_USER}}/.config" - "~{{LOOP_USER}}/.config"
- "~{{LOOP_USER}}/.gpg" - "~{{LOOP_USER}}/.gpg"
- "~{{LOOP_USER}}/.local" - "~{{LOOP_USER}}/.local"
- "~{{LOOP_USER}}/.local/lib"
- "~{{LOOP_USER}}/.ssh" - "~{{LOOP_USER}}/.ssh"
- name: "make vagrant RO files base" # - name: "make vagrant RO files base"
copy:
dest: "{{ item|expanduser }}"
src: "{{ item|expanduser }}"
force: yes
mode: 0600
with_items:
- "~{{LOOP_USER}}/.bashrc"
- "~{{LOOP_USER}}/.bash_profile"
# template or skel this # template or skel this
when: false
- block: - block:
@ -162,7 +153,7 @@
# and TESTFORGE_VERSION|default('') != '' # and TESTFORGE_VERSION|default('') != ''
rescue: rescue:
- debug: - debug:
msg: "ERROR: reading in testforge_user_yml_file " msg: "ERROR: RESCUE reading in testforge_user_yml_file "
check_mode: false check_mode: false
@ -185,30 +176,16 @@
dest: "{{ item.dest | expanduser }}" dest: "{{ item.dest | expanduser }}"
state: link state: link
with_items: with_items:
- src: "/usr/local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}" - src: "{{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON2_MINOR}}"
dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}" dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON2_MINOR}}"
- src: "/usr/local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}" - src: "{{USR_LOCAL}}/{{LIB}}/python{{BASE_PYTHON3_MINOR}}"
dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}" dest: "~{{LOOP_USER}}/.local/{{LIB}}/python{{BASE_PYTHON3_MINOR}}"
- src: "/usr/local/bin" - src: "{{USR_LOCAL}}/bin"
dest: "~{{LOOP_USER}}/.local/bin" dest: "~{{LOOP_USER}}/.local/bin"
when: when:
- not ansible_check_mode - not ansible_check_mode
- name: "I think this is right make .local symlinks lib64 dirs" - name: "I think this is right"
file:
src: "{{ item.src | expanduser }}"
dest: "{{ item.dest | expanduser }}"
state: link
with_items:
- dest: "~{{LOOP_USER}}/.local/lib"
src: "~{{LOOP_USER}}/.local/lib64"
mode: "0755"
ignore_errors: true
when:
- not ansible_check_mode
- "BASE_LIB == 'lib64'"
- name: "I think this is right make .local symlinks lib dirs"
file: file:
src: "{{ item.src | expanduser }}" src: "{{ item.src | expanduser }}"
dest: "{{ item.dest | expanduser }}" dest: "{{ item.dest | expanduser }}"
@ -220,4 +197,5 @@
ignore_errors: true ignore_errors: true
when: when:
- not ansible_check_mode - not ansible_check_mode
- "BASE_LIB == 'lib'" - "BASE_LIB == 'lib64'"