add roles/toxcore

This commit is contained in:
emdee 2024-01-08 12:51:06 +00:00
parent c8610f9ded
commit 7e491f4b8c
51 changed files with 1665 additions and 770 deletions

View File

@ -2,7 +2,7 @@ ROLES=base proxy toxcore
SHELLCHECK_OPTS=SC2003,SC2006,SC2010,SC2039,SC2181,SC2046,SC2086,SC2048,SC2162,SC2034,SC2030,SC2166,SC2242,SC2223,SC2319,SC3009,SC3011,SC3030,SC3043,SC3054,SC2009,SC1090,SC2164,SC3044 SHELLCHECK_OPTS=SC2003,SC2006,SC2010,SC2039,SC2181,SC2046,SC2086,SC2048,SC2162,SC2034,SC2030,SC2166,SC2242,SC2223,SC2319,SC3009,SC3011,SC3030,SC3043,SC3054,SC2009,SC1090,SC2164,SC3044
# FixMe # FixMe
ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible-2.9.22-py3.11.egg/ansible/plugins ANSIBLE_PLUGINS=/usr/local/lib/python3.11/site-packages/ansible/plugins/connection/
# Edit this to be one of pentoo or devuan depending on your host platform # Edit this to be one of pentoo or devuan depending on your host platform
# Find the corresponding host in hosts.yml and edit the settings, then # Find the corresponding host in hosts.yml and edit the settings, then
@ -42,7 +42,7 @@ install:: lint
# file:///usr/local/src/community.general ) # file:///usr/local/src/community.general )
[ -e $(ANSIBLE_PLUGINS)/connection/libvirt_qemu.py ] \ [ -e $(ANSIBLE_PLUGINS)/connection/libvirt_qemu.py ] \
|| ln -s ${PWD}/lib/plugins/libvirt_qemu.py \ || ln -s ${PWD}/lib/plugins/libvirt_qemu.py \
$(ANSIBLE_PLUGINS)/connection/q || true $(ANSIBLE_PLUGINS)/connection/ || true
@[ -f ${BOX_NBD_BASE_QCOW} ] || { \ @[ -f ${BOX_NBD_BASE_QCOW} ] || { \
echo ERROR: not created BOX_NBD_DEV="${BOX_NBD_DEV}" - use ; \ echo ERROR: not created BOX_NBD_DEV="${BOX_NBD_DEV}" - use ; \
echo qemu-img create -f qcow2 "${BOX_NBD_BASE_QCOW}" 20G ; \ echo qemu-img create -f qcow2 "${BOX_NBD_BASE_QCOW}" 20G ; \
@ -243,6 +243,7 @@ test_vm:: install_vm
-l ${VM_HOSTS_NAME} -c libvirt_qemu \ -l ${VM_HOSTS_NAME} -c libvirt_qemu \
--verbose ${VERBOSE} -t daily \ --verbose ${VERBOSE} -t daily \
$(ROLES) > .$@-${LOCALHOST} 2>&1 $(ROLES) > .$@-${LOCALHOST} 2>&1
# ${VERBOSE}
veryclean:: clean veryclean:: clean
rm -f .run* .check* rm -f .run* .check*
@ -251,3 +252,6 @@ clean::
find . -name \*~ -delete find . -name \*~ -delete
rm roles/*/vars/*.txt rm roles/*/vars/*.txt
rm -rf roles/toxcore/overlay/Linux/usr/local/src/_Old rm -rf roles/toxcore/overlay/Linux/usr/local/src/_Old
test::
DEBUG=1 sudo bash -x /usr/local/sbin/toxcore_libvirt_test_ga.bash gentoo_vm-2 ls /

View File

@ -1,5 +1,5 @@
[defaults] [defaults]
log_path = var/tmp/2024/01/05/gentoo_vm-2/base_proxy_toxcore.log log_path = var/tmp/2024/01/08/gentoo_vm-2/base_proxy_toxcore.log
callback_plugins = ./lib/plugins/ callback_plugins = ./lib/plugins/
# /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html # /i/data/DevOps/net/Http/docs.ansible.com/ansible/intro_configuration.html
# http://docs.ansible.com/ansible/intro_configuration.html#command-warnings # http://docs.ansible.com/ansible/intro_configuration.html#command-warnings
@ -36,3 +36,5 @@ nocows = 0
roles_path = ./roles roles_path = ./roles
handler_includes_static = True handler_includes_static = True
timeout = 60 timeout = 60
# added
libvirt_timeout = 14

View File

@ -1,446 +0,0 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8 -*-
# use double quotes exclusively around strings and
# use single quotes exclusively with lists - for bash post-processing
all:
children:
vbox_winrm_group:
hosts:
y_UEFI_MediCat_VHD_DW:
# /var/lib/libvirt/qemu/channel/target/domain-37-y_UEFI_MediCat_VHD_D/org.qemu.guest_agent.0
# doesnt work: ansible_connection: "libvirt_qemu"
BOX_SERVICE_MGR: "win11"
BOX_HOST_NAME: "y_UEFI_MediCat_VHD_DW"
UPD_WINRM_CRT_PASSWORD: ""
UPD_WINRM_CRT_NAME: "WINRM_WIN11VBOX cert for "
UPD_WINRM_FILE_BASE: "winrm-win11vbox"
UPD_WINRM_KEY_BITS: 4096
UPD_WINRM_HOST_NAME: "y_UEFI_MediCat_VHD_D"
UPD_WINRM_HOST_DEV: "vboxnet0"
UPD_WINRM_ADMIN_NAME: "administrator"
UPD_WINRM_ADMIN_PASS: "<get from vault>"
# NOT remote_addr:
ansible_winrm_host: "192.168.56.1"
# remote_user
ansible_winrm_user: "administrator"
BOX_DEFAULT_OUTPUT_IF: fixme
UPD_WINRM_WINRM_ADMIN_NAME: "winrmadmin"
UPD_WINRM_WINRM_ADMIN_PASS: "winrmadmin"
# List of winrm transports to attempt to to use (ssl, plaintext, kerberos, etc)
# python2 -c 'import winrm;print winrm.FEATURE_SUPPORTED_AUTHTYPES'
# ['basic', 'certificate', 'ntlm', 'kerberos', 'plaintext', 'ssl', 'credssp']
# FixMe: which one works?
UPD_WINRM_WINRM_TRANSPORT: "basic"
# Lati sda Disk identifier: 0A00A495-684B-425E-823F-60257EBD6D3B
vars:
#maybe ansible_connection: "winrm"
BOX_ANSIBLE_CONNECTIONS: ["libvirt_qemu"]
ansible_winrm_port: 5985
ansible_winrm_scheme: http
ansible_winrm_transport: ['basic', 'plaintext', 'certificate', 'ssl']
# NOT remote_user
# ansible_user
ansible_winrm_user: "Administrator"
#? ansible_password: ""
ansible_winrm_server_cert_validation: ignore
validate_certs: false
# NO proxy from environment - or ensure no_proxy
no_proxy: "localhost,127.0.0.1,192.168.56.1"
linux_unix_group:
children:
linux_local_group:
hosts:
pentoo:
ansible_remote_addr: "/mnt/linuxPen19"
BOX_HOST_NAME: "pentoo"
BOX_SERVICE_MGR: "openrc"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "users"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Pentoo"
BOX_USR_LIB: lib
BOX_DEFAULT_OUTPUT_IF: wlan4
BOX_PROXY_MODE: selektor
BOX_WHONIX_PROXY_HOST: ""
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
# /usr/lib/jvm/openjdk-bin-*/conf/net.properties
BOX_ALSO_USERS:
- pentoo
BOX_PORTAGE_PYTHON_MINOR: "3.11"
BOX_PYTHON2_MINOR: "2.7"
BOX_PYTHON3_MINOR: "3.11"
BOX_GENTOO_FROM_MP: "/"
devuan:
ansible_remote_addr: "/mnt/linuxDev4" #ignored for local
BOX_HOST_NAME: "devuan"
BOX_SERVICE_MGR: "sysvinit"
BOX_USER_NAME: "devuan"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/devuan"
BOX_OS_FAMILY: Debian
BOX_OS_NAME: Devuan
BOX_OS_FLAVOR: "Devuan"
BOX_USR_LIB: lib
BOX_DEFAULT_OUTPUT_IF: wlan6
BOX_DEVUAN5_VAR_APT_ARCHIVES: "/mnt/o/Cache/Devuan/5/var/cache/apt/archives"
BOX_ALSO_USERS: []
BOX_PORTAGE_PYTHON_MINOR: "3.11"
BOX_PYTHON2_MINOR: "2.7"
BOX_PYTHON3_MINOR: "3.11"
BOX_JAVA_NET_PROPERTIES: /etc/java-11-openjdk/net.properties
BOX_WHONIX_PROXY_HOST: ""
BOX_PROXY_MODE: tor
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
vars:
BOX_ANSIBLE_CONNECTIONS: ["local"]
BOX_REMOTE_MOUNTS: ['/mnt/h', '/mnt/j','/mnt/i', '/mnt/o', '/mnt/mnt/linuxPen19']
BOX_BASE_FEATURES: ['insecure_sudo']
BOX_PROXY_FEATURES: ['run_dnsmasq', 'run_privoxy']
BOX_TOXCORE_FEATURES: []
# libvirt_group could also be ssh_group
linux_libvirt_group:
hosts:
gentoo1:
ansible_remote_addr: "gentoo1"
ansible_host: "gentoo1"
ansible_ssh_user: "gentoo"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "gentoo1"
BOX_USER_NAME: "gentoo"
BOX_USER_GROUP: "adm"
BOX_ALSO_GROUP: "adm"
BOX_USER_HOME: "/home/gentoo"
BOX_OS_NAME: Gentoo
BOX_OS_FAMILY: Gentoo
BOX_OS_FLAVOR: "Gentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: eth0
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.11"
BASE_PORTAGE_PYTHON_MINOR: 3.11
BOX_HOST_CONTAINER_MOUNTS: []
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_BASE_FEATURES: []
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
ubuntu18.04:
# /mnt
ansible_remote_addr: "ubuntu18.04"
# this is what the libvirt-qemu connector uses
ansible_host: "ubuntu18.04"
ansible_ssh_user: "vagrant"
BOX_SERVICE_MGR: systemd
BOX_HOST_NAME: "Ubuntu18.04"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "users"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Debian
BOX_OS_NAME: Ubuntu
BOX_OS_FLAVOR: "Ubuntu18"
BOX_USR_LIB: lib
BOX_DEFAULT_OUTPUT_IF: eth0
BOX_UBUNTU16_VAR_APT_ARCHIVES: "/o/Cache/Apt/Ubuntu/18/var/cache/apt/archives"
ansible_python_interpreter: "/usr/bin/python3.6"
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.6"
BOX_REMOTE_MOUNTS: ['/mnt/o']
# BOX_WHONIX_PROXY_HOST: "Whonix-Gateway"
# BOX_PROXY_MODE: ws
# FixMe
base_system_users: ['vagrant']
BOX_TOXCORE_FEATURES: ['libvirt', 'docker']
vars:
BOX_ANSIBLE_CONNECTIONS: ["ssh", "libvirt_qemu"]
# proxy from environment
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
# ansible_ssh_host: "127.0.0.1"
BOX_ROOT_GROUP: root
BOX_PROXY_MODE: client
http_proxy: "http://127.0.0.1:3128"
https_proxy: "http://127.0.0.1:9128"
socks_proxy: "socks5://127.0.0.1:9050"
no_proxy: "localhost,127.0.0.1,127.0.0.1"
linux_chroot_group :
hosts:
linuxGentoo:
ansible_remote_addr: "/mnt/gentoo"
# required
ansible_host: "/mnt/gentoo"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "gentoo"
BOX_USER_NAME: "gentoo"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/gentoo"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Gentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: wlan6
BASE_PORTAGE_PYTHON_MINOR: 3.11
ansible_python_interpreter: "/usr/bin/python3.11"
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/linuxPen19/usr/portage/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
BOX_GENTOO_FROM_MP: "/mnt/linuxPen19"
linuxPen19:
ansible_remote_addr: "/mnt/linuxPen19"
# required
ansible_host: "/mnt/linuxPen19"
BOX_SERVICE_MGR: "openrc"
BOX_HOST_NAME: "linuxPen19"
BOX_USER_NAME: "vagrant"
BOX_USER_GROUP: "adm"
BOX_USER_HOME: "/home/vagrant"
BOX_OS_FAMILY: Gentoo
BOX_OS_NAME: gentoo
BOX_OS_FLAVOR: "Pentoo"
BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: wlan6
BASE_PORTAGE_PYTHON_MINOR: 3.11
ansible_python_interpreter: "/usr/bin/python3.11"
BOX_GENTOO_DISTFILES_ARCHIVES: "/mnt/i/net/Http/distfiles.gentoo.org/distfiles"
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_ALSO_USERS:
- gentoo
BOX_BASE_FEATURES: []
BOX_TOXCORE_FEATURES: ['nbd', 'libvirt', 'docker']
BOX_PROXY_MODE: "{{lookup('env', 'MODE'|default('tor'}}"
# linux_chroot_group vars
vars:
BOX_ANSIBLE_CONNECTIONS: ["local", "chroot"]
# ignored? chroot_connection/exe in ansible.cfg?
ansible_chroot_exe: "/usr/local/sbin/base_chroot.bash"
#? ansible_ssh_common_args: "/usr/bin/env -i CHROOT=1"
# -i "PATH"
# -i "http_proxy https_proxy socks_proxy no_proxy"
#? -l
# for a non-root login: ansible_ssh_extra_args: "--userspec=foo:adm"
vars: # linux_unix_group
# toxcore
BOX_NBD_DEV: nbd1
BOX_NBD_MP: /mnt/gentoo
BOX_NBD_OVERLAY_NAME: "gentoo1"
BOX_NBD_FILES: "/i/data/Agile/tmp/Topics/GentooImgr"
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
BOX_NBD_KERNEL_DIR: /usr/src/linux
BOX_NBD_BASE_PROFILE: openrc
BOX_NBD_BASE_DIR: "/a/tmp/GentooImgr"
BOX_NBD_BASE_QCOW: "{{BOX_NBD_BASE_DIR}}/gentoo.qcow2"
BOX_NBD_OVERLAY_QCOW: "/o/var/lib/libvirt/images/gentoo1.qcow2"
BOX_NBD_BASE_PUBKEY: "/root/.ssh/id_rsa-ansible.pub"
# libvirt overlay
BOX_NBD_OVERLAY_DIR: "/a/tmp/GentooImgr/create-vm"
BOX_NBD_LOGLEVEL: 10
BOX_NBD_OVERLAY_GB: "20"
BOX_NBD_OVERLAY_CPUS: 1
BOX_NBD_OVERLAY_RAM: 2048
BOX_NBD_OVERLAY_BR: virbr1
# unused?
BOX_NBD_OVERLAY_NETWORK: default
# plaintext
BOX_NBD_OVERLAY_PASS: "gentoo"
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
vars:
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml
http_proxy: ""
https_proxy: ""
socks_proxy: ""
ftp_proxy: ""
no_proxy: "localhost,127.0.0.1"
SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
RSYNC_PROXY: ""
BOX_OS_FAMILY: ""
BOX_OS_NAME: ""
BOX_OS_FLAVOR: ""
BOX_DEFAULT_OUTPUT_IF: ""
BOX_ALSO_GROUP: "adm"
# only common to local and vagrant because /mnt/j is remote mounted - need a linux_group
BOX_ROOT_PIP_CACHE: "/mnt/o/Cache/Pip"
BOX_BOXUSER_PIP_CACHE: "/mnt/o/Cache/Pip"
HOST_MOUNT_SYMLINKS: []
HOST_MOUNT_SYMLINK_CONTENTS: {}
LXD_TRUST_PASSWORD: sekret
BOX_HOST_CONTAINER_MOUNTS:
- /mnt/l
- /mnt/e
- /mnt/h
- /mnt/i
- /mnt/j
- /mnt/q
- /mnt/w
- /mnt/o
BOX_DOS_SCAN_DIRS:
- /mnt/h
- /mnt/i
- /mnt/j
- /mnt/e
- /mnt/q
- /mnt/w
- /mnt/c
# These will fluctuate with what's been started - it's safe to open them all
# FixMe: should these go on no_proxy systematically
PRIV_TOR_LOCAL_NETS:
- "192.168.56.0/24"
BOX_ALSO_USERS: []
BOX_PYTHON2_MINOR: ""
BOX_PYTHON3_MINOR: "3.11"
BOX_BASH_SHELL: /bin/bash
BOX_IPV6_DISABLE: 1
BOX_EMACS_VERSION: 27
BOX_ROOT_USER: root
BOX_ROOT_GROUP: root
BOX_BYPASS_PROXY_GROUP: tor
BOX_FIREWALL_ALLOW_TRANS: false
BOX_PROXY_JAVA_NET_PROPERTIES: /etc/java-config-2/current-system-vm/jre/lib/net.properties
BOX_BASE_FEATURES: []
BOX_LOGG_FEATURES: []
BOX_KEYS_FEATURES: ['tpm2'] # truecrypt
BOX_HARDEN_FEATURES: ['bubblewrap', 'sysctl', 'jabber'] # 'clamscan', firejail
# libvirt means 'qemu'
BOX_HOSTVMS_FEATURES: []
BOX_MISP_FEATURES: [] # 'kitchen'
BOX_W3AF_FEATURES: [] # 'kitchen'
BOX_MISP_GPG_PASS: gpg_pass_to_change_fast
BOX_timezone: UTC
BOX_hwclock_local: false
BOX_hwclock_systohc: true
BOX_hwclock_hctosys: false
BOX_PROXY_MODE: ""
BOX_DNS_PROXY: dnsmasq
BOX_TIME_DAEMON: ntpd
BOX_NTP_GROUP: ntp
BOX_NET_MANAGER: "networkmanager"
BOX_HTTP_PROXY: privoxy
# toxcore
BOX_NBD_DEV: ""
BOX_NBD_MP: ""
BOX_NBD_FILES: ""
BOX_NBD_LOGLEVEL: 20
BOX_NBD_PORTAGE_FILE: "{{AGI_NBD_FILES}}/portage-20231223.tar.xz"
BOX_NBD_STAGE3_FILE: "{{AGI_NBD_FILES}}/stage3-amd64-openrc-20231217T170203Z.tar.xz"
BOX_NBD_KERNEL_DIR: /usr/src/linux
BOX_NBD_BASE_PROFILE: openrc
BOX_NBD_BASE_DIR: ""
BOX_NBD_BASE_QCOW: ""
BOX_NBD_BASE_PUBKEY: ""
# libvirt overlay
BOX_NBD_OVERLAY_QCOW: ""
BOX_NBD_OVERLAY_DIR: ""
BOX_NBD_OVERLAY_BR: ""
BOX_NBD_OVERLAY_GB: "20"
BOX_NBD_OVERLAY_NAME: ""
BOX_NBD_OVERLAY_CPUS: 1
BOX_NBD_OVERLAY_RAM: 2048
# plaintext
BOX_NBD_OVERLAY_PASS: ""
BOX_GENTOOIMGR_CONFIGFILE: ""
# Controls what compression method is used for new-style ansible modules when
# they are sent to the remote system. The compression types depend on having
# support compiled into both the controller's python and the client's python.
# The names should match with the python Zipfile compression types:
# * ZIP_STORED (no compression. available everywhere)
# * ZIP_DEFLATED (uses zlib, the default)
# These values may be set per host via the ansible_module_compression inventory variable.
#
ansible_module_compression: "ZIP_STORED"
ansible_python_interpreter: "/usr/local/bin/python3.sh"
BOX_ANSIBLE_VERSION: "2.9.22"
# Cannot communicate securely with peer: no common encryption algorithm(s).
# git.kernel.org/ sslversion = tlsv1.3
BOX_TLS_VERSION: "1.3"
BOX_SSL_GIT_SSLVERSION: "1.3"
# unused so far - needed by src/ansible_gentooimgr/gentooimgr/
BOX_ARCHITECTURE: amd64
BOX_SUBTYPE: -hardened
# https://distfiles.gentoo.org/releases/amd64/autobuilds/latest-stage3-amd64-hardened-openrc.txt
GENTOO_BASE_STAGE_OPENRC_TXT_URL: "https://distfiles.gentoo.org/releases/{{BOX_ARCHITECTURE}}/autobuilds/latest-stage3-{{BOX_ARCHITECTURE}}{{BOX_SUBTYPE}}-openrc.txt"
# plus .gpgsig and .md5sum
GENTOO_BASE_PORTAGE_URL: "https://distfiles.gentoo.org/snapshots/portage-latest.tar.xz"
BOX_GENTOO_DISTFILES_ARCHIVES: "/i/net/Http/distfiles.gentoo.org/distfiles"
#? Gentoo specific?
# unused so far
# missing HOSTVMS_LXD_TRUST_PASSWORD base_passwords_database
# /mnt/o/data/TestForge/src/ansible/roles/hostvms/tasks/vms.yml
box_passwords_database: "{{ lookup('env', 'USER')}}/Passwords.kdbx"
BOX_WHONIX_PROXY_HOST: ""
BOX_PROXY_FEATURES: []
BOX_GPG_SERVER: "keys.gnupg.net"
BOX_USR_LIB: lib
# if you are on a Gentoo, then / else the mp of a Gentoo if you have one, else ''
BOX_GENTOO_FROM_MP: ''
# bc
MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}"
# # These are inventory overridden for connection = chroot in base_proxy.yml
# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}"
# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}"
# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}"
# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}"

View File

@ -170,6 +170,7 @@ all:
BOX_OS_NAME: Gentoo BOX_OS_NAME: Gentoo
BOX_OS_FAMILY: Gentoo BOX_OS_FAMILY: Gentoo
BOX_OS_FLAVOR: "Gentoo" BOX_OS_FLAVOR: "Gentoo"
BOX_PROXY_MODE: nat
BOX_USR_LIB: lib64 BOX_USR_LIB: lib64
BOX_DEFAULT_OUTPUT_IF: eth0 BOX_DEFAULT_OUTPUT_IF: eth0
BOX_PYTHON2_MINOR: "" BOX_PYTHON2_MINOR: ""
@ -218,7 +219,13 @@ all:
# proxy from environment # proxy from environment
# ansible_ssh_extra_args: "-o StrictHostKeyChecking=no" # ansible_ssh_extra_args: "-o StrictHostKeyChecking=no"
# ansible_ssh_host: "127.0.0.1" # ansible_ssh_host: "127.0.0.1"
BOX_ROOT_GROUP: root BOX_NBD_OVERLAY_EXTERNAL: "0.0.0.0"
HTTP_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
HTTPS_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:9128"
SOCKS_PROXY: "socks5://{{BOX_NBD_OVERLAY_EXTERNAL}}:9050"
FTP_PROXY: ""
RSYNC_PROXY: "http://{{BOX_NBD_OVERLAY_EXTERNAL}}:3128"
NO_PROXY: "localhost,127.0.0.1"
linux_chroot_group : linux_chroot_group :
@ -304,21 +311,21 @@ all:
BOX_NBD_OVERLAY_CPUS: 1 BOX_NBD_OVERLAY_CPUS: 1
BOX_NBD_OVERLAY_RAM: 2048 BOX_NBD_OVERLAY_RAM: 2048
BOX_NBD_OVERLAY_BR: virbr1 BOX_NBD_OVERLAY_BR: virbr1
# unused? BOX_NBD_OVERLAY_SUBNET: 10.0.2.0
BOX_NBD_OVERLAY_NETWORK: default BOX_NBD_OVERLAY_NETWORK: External
# plaintext # plaintext
BOX_NBD_OVERLAY_PASS: "gentoo" BOX_NBD_OVERLAY_PASS: "gentoo"
BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json" BOX_GENTOOIMGR_CONFIGFILE: "/g/Agile/tmp/Topics/GentooImgr/base.json"
vars: vars:
# These come from the inventory overridden for connection = local,chroot in base_proxy.yml # These come from the inventory overridden for connection = local,chroot in base_proxy.yml
http_proxy: "" HTTP_PROXY: ""
https_proxy: "" HTTPS_PROXY: ""
socks_proxy: "" SOCKS_PROXY: ""
ftp_proxy: "" FTP_PROXY: ""
no_proxy: "localhost,127.0.0.1"
SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
RSYNC_PROXY: "" RSYNC_PROXY: ""
NO_PROXY: "localhost,127.0.0.1"
SSL_CERT_FILE: "/usr/local/etc/ssl/cacert-testforge.pem"
BOX_OS_FAMILY: "" BOX_OS_FAMILY: ""
BOX_OS_NAME: "" BOX_OS_NAME: ""
@ -464,7 +471,7 @@ all:
MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}" MOUNT_GENTOO_DISTFILES_ARCHIVES: "{{BOX_GENTOO_DISTFILES_ARCHIVES}}"
# # These are inventory overridden for connection = chroot in base_proxy.yml # # These are inventory overridden for connection = chroot in base_proxy.yml
# http_proxy: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}" # HTTP_PROXY: "{{ lookup('env', 'http_proxy')|default('http://127.0.0.1:3128') }}"
# https_proxy: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}" # HTTPS_PROXY: "{{ lookup('env', 'https_proxy')|default('http://10.0.2.15:9128') }}"
# socks_proxy: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}" # SOCKS_PROXY: "{{ lookup('env', 'socks_proxy')|default('socks5://10.0.2.15:9050') }}"
# no_proxy: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}" # NO_PROXY: "{{ lookup('env', 'no_proxy')|default('10.0.2.15,127.0.0.1,localhost') }}"

View File

@ -39,10 +39,17 @@ DOCUMENTATION = """
vars: vars:
- name: ansible_libvirt_uri - name: ansible_libvirt_uri
timeout: timeout:
description: timeout for libvirt to connect to access the virtual machine description: timeout for libvirt to connect to access the VM
required: false ini:
- section: defaults
key: libvirt_timeout
env:
- name: ANSIBLE_LIBVIRT_TIMEOUT
vars:
- name: timeout
type: int type: int
default: 10 default: 5
required: false
""" """
import base64 import base64
@ -64,7 +71,7 @@ from os.path import exists, getsize
display = Display() display = Display()
iMAX_WAIT = 10 # sec. iMAX_WAIT = 15 # sec.
REQUIRED_CAPABILITIES = [ REQUIRED_CAPABILITIES = [
{'enabled': True, 'name': 'guest-exec', 'success-response': True}, {'enabled': True, 'name': 'guest-exec', 'success-response': True},
@ -89,6 +96,7 @@ class Connection(ConnectionBase):
super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs) super(Connection, self).__init__(play_context, new_stdin, *args, **kwargs)
self._host = self._play_context.remote_addr self._host = self._play_context.remote_addr
self._play_context = play_context
# Windows operates differently from a POSIX connection/shell plugin, # Windows operates differently from a POSIX connection/shell plugin,
# we need to set various properties to ensure SSH on Windows continues # we need to set various properties to ensure SSH on Windows continues
@ -98,7 +106,7 @@ class Connection(ConnectionBase):
self.always_pipeline_modules = True self.always_pipeline_modules = True
self.module_implementation_preferences = ('.ps1', '.exe', '') self.module_implementation_preferences = ('.ps1', '.exe', '')
self.allow_executable = False self.allow_executable = False
self._timeout = self.get_option('timeout', 10) self._timeout = self.get_option('timeout', iMAX_WAIT)
def _connect(self): def _connect(self):
''' connect to the virtual machine; nothing to do here ''' ''' connect to the virtual machine; nothing to do here '''
@ -156,6 +164,15 @@ class Connection(ConnectionBase):
cmd_args_list = self._shell._encode_script(cmd, as_list=True, strict_mode=False, preserve_rc=False) cmd_args_list = self._shell._encode_script(cmd, as_list=True, strict_mode=False, preserve_rc=False)
# TODO(odyssey4me): # TODO(odyssey4me):
cmd_list = cmd_args_list[0]
if self._play_context.become and \
self._play_context.become_user not in ['', 'root']:
cmd_args_list = [self._play_context.become_exe, '-u',
self._play_context.become_user] + \
self._play_context.become_flags.split(' ') + \
cmd_args_list
# pl = f"cmd_args_list={cmd_args_list} become_flags={self._play_context.become_flags}"
# display.vv(u"BECOMME {0} CONNECTION".format(pl), host=self._host)
# Implement buffering much like the other connection plugins # Implement buffering much like the other connection plugins
# Implement 'env' for the environment settings # Implement 'env' for the environment settings
# Implement 'input-data' for whatever it might be useful for # Implement 'input-data' for whatever it might be useful for
@ -169,7 +186,7 @@ class Connection(ConnectionBase):
} }
request_exec_json = json.dumps(request_exec) request_exec_json = json.dumps(request_exec)
display.vvv("GA send: {0}".format(request_exec_json), host=self._host) display.vvvv("GA send: {0}".format(request_exec_json), host=self._host)
# sys.stderr.write("GA send: {0}\n".format(request_exec_json)) # sys.stderr.write("GA send: {0}\n".format(request_exec_json))
command_start = time.clock_gettime(time.CLOCK_MONOTONIC) command_start = time.clock_gettime(time.CLOCK_MONOTONIC)
# TODO(odyssey4me): # TODO(odyssey4me):
@ -183,7 +200,7 @@ class Connection(ConnectionBase):
self._connected = False self._connected = False
raise AnsibleConnectionFailure(to_native(err)) raise AnsibleConnectionFailure(to_native(err))
display.vvv(u"GA return: {0}".format(result_exec), host=self._host) display.vvvv(u"GA return: {0}".format(result_exec), host=self._host)
request_status = { request_status = {
'execute': 'guest-exec-status', 'execute': 'guest-exec-status',
@ -193,11 +210,11 @@ class Connection(ConnectionBase):
} }
request_status_json = json.dumps(request_status) request_status_json = json.dumps(request_status)
display.vvv(u"GA send: {0}".format(request_status_json), host=self._host) display.vvvv(u"GA send: {0}".format(request_status_json), host=self._host)
# TODO(odyssey4me): # TODO(odyssey4me):
# Work out a better way to wait until the command has exited # Work out a better way to wait until the command has exited
max_time = iMAX_WAIT + time.clock_gettime(time.CLOCK_MONOTONIC) max_time = timeout + time.clock_gettime(time.CLOCK_MONOTONIC)
result_status = { result_status = {
'return': dict(exited=False), 'return': dict(exited=False),
} }
@ -219,12 +236,12 @@ class Connection(ConnectionBase):
self._connected = False self._connected = False
raise AnsibleConnectionFailure(to_native(err)) raise AnsibleConnectionFailure(to_native(err))
display.vvv(u"GA return: {0}".format(result_status), host=self._host) display.vvvv(u"GA return: {0}".format(result_status), host=self._host)
while not result_status['return']['exited']: while not result_status['return']['exited']:
result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0)) result_status = json.loads(libvirt_qemu.qemuAgentCommand(self.domain, request_status_json, self._timeout, 0))
display.vvv(u"GA return: {0}".format(result_status), host=self._host) display.vvvv(u"GA return: {0}".format(result_status), host=self._host)
if result_status['return'].get('out-data'): if result_status['return'].get('out-data'):
stdout = base64.b64decode(result_status['return']['out-data']) stdout = base64.b64decode(result_status['return']['out-data'])

View File

@ -32,21 +32,24 @@ AGI_install_syslog_daemon: syslog-ng # sysklogd
AGI_install_cron_daemon: cronie # AGI_install_cron_daemon: cronie #
AGI_install_bootloader: syslinux # grub:2 AGI_install_bootloader: syslinux # grub:2
AGI_install_syslinux_kernel_line: AGI_syslinux_date: 2023_09_30
# this is required I think AGI_syslinux_vmlinuz: vmlinuz-6.1.52-pentoo
- console=tty1 AGI_syslinux_initramfs: initramfs-pentoo-x86_64-6.1.52-pentoo
# this is required I think AGI_syslinux_vga: "0x037f" # 0x37f?
- text AGI_syslinux_ipv6disable: 1
# adjust these to suit AGI_syslinux_cmdline:
- lang=en
- keymap=us
- rootfstype=ext2 - rootfstype=ext2
# remove this if you want IPV6
- ipv6.disable=1
# fsck should NOT be done by the bootloader # fsck should NOT be done by the bootloader
- rd.skipfsck=1 - rd.skipfsck=1
# =0x37f works too # remove this if you want IPV6
- vga=789 - ipv6.disable=1
# this is required I think
- console=ttyS0
- lang=en
- keymap=us
- vga={{AGI_syslinux_vga}}
# this is required I think
- text
# these may not all be needed or useful in a container # these may not all be needed or useful in a container
# - pti=on # - pti=on
# - iommu=pt # - iommu=pt

View File

@ -20,39 +20,6 @@
- name: setup syslinux - name: setup syslinux
shell: | shell: |
[ -d /boot/syslinux ] || mkdir /boot/syslinux [ -d /boot/syslinux ] || mkdir /boot/syslinux
[ -f /boot/syslinux/syslinux.cfg ] || \
cat > /boot/syslinux/syslinux.cfg << EOF
# -*-mode: sh; tab-width: 8; coding: utf-8-dos -*-
default vesamenu.c32
prompt 0
# timeout 150
menu title nbd2
menu background splash.png
menu color title 1;36;44 #c0ffffff #00000000 std
menu color sel 7;37;40 #e0000000 #20ECEAC7 all
menu rows 15
menu tabmsgrow 21
menu timeoutrow 23
menu helpmsgrow 23
# drm.debug=0xe
# rd.shell rd.debug
label pentoo2019-Pen19-6.1.52-pentoo_2023_09_30_0x037f
menu label pentoo2019_Pen19_6.1.52-pentoo_2023_09_30_0x037f
menu default
kernel /vmlinuz-6.1.52-pentoo_2023_09_30
INITRD /initramfs-pentoo-x86_64-6.1.52-pentoo_2023_09_30.img
# was vga=0x315
APPEND root=LABEL=root {{''.join(AGI_install_syslinux_kernel_commands)}}
label MAIN hd0 MBR
menu label MAIN hd0 0
com32 chain.c32
APPEND hd0
EOF
[ ! -d /usr/share/syslinux/ ] || \ [ ! -d /usr/share/syslinux/ ] || \
for elt in {{' '.join(AGI_install_syslinux_c32)}}; do for elt in {{' '.join(AGI_install_syslinux_c32)}}; do
[ -f /boot/syslinux/$elt ] && continue [ -f /boot/syslinux/$elt ] && continue
@ -60,6 +27,15 @@
done done
exit 0 exit 0
- name: setup syslinux.cfg
template: |
dest: /boot/syslinux/syslinux.cfg
src: boot/syslinux/syslinux.cfg
force: no
newline_sequence: '\r\n'
owner: root
mode: '0644'
- name: do syslinux install manually - name: do syslinux install manually
shell: | shell: |
df | grep {{AGI_install_disk}} && \ df | grep {{AGI_install_disk}} && \
@ -122,6 +98,8 @@
dest: /etc/default/grub dest: /etc/default/grub
line: '{{item.from}}="{{item.to}}"' line: '{{item.from}}="{{item.to}}"'
regexp: '^#*{{item.from}}=.*' regexp: '^#*{{item.from}}=.*'
owner: root
mode: '0644'
with_items: with_items:
# Append parameters to the linux kernel command line for non-recovery entries # Append parameters to the linux kernel command line for non-recovery entries
- from: GRUB_CMDLINE_LINUX_DEFAULT - from: GRUB_CMDLINE_LINUX_DEFAULT
@ -138,6 +116,18 @@
- from: GRUB_DISABLE_LINUX_UUID - from: GRUB_DISABLE_LINUX_UUID
to: true to: true
- name: grub.cfg from roles/ansible-gentoo_install/tasks/
shell: |
LINE="{{' '.join(AGI_install_syslinux_kernel_line)}}"
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
grep /boot /etc/fstab || exit 1
df | grep /boot || mount /boot || exit 2
[ -d /boot/grub ] || exit 3
[ -f /boot/grub/grub.cfg ] || exit 4
[ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
ignore_errors: true
when: AGI_install_bootloader == 'grub:2' when: AGI_install_bootloader == 'grub:2'
- name: fstab root - name: fstab root
@ -145,24 +135,32 @@
dest: /etc/fstab dest: /etc/fstab
line: '{{AGI_container_disk}}3 / ext4 defaults,noatime 0 1' line: '{{AGI_container_disk}}3 / ext4 defaults,noatime 0 1'
regexp: '^{{AGI_container_disk}}3' regexp: '^{{AGI_container_disk}}3'
owner: root
mode: '0644'
- name: fstab boot - name: fstab boot
lineinfile: lineinfile:
dest: /etc/fstab dest: /etc/fstab
line: '{{AGI_container_disk}}1 /boot ext3 defaults,noatime 0 1' line: '{{AGI_container_disk}}1 /boot ext3 defaults,noatime 0 1'
regexp: '^{{AGI_container_disk}}3' regexp: '^{{AGI_container_disk}}3'
owner: root
mode: '0644'
- name: fstab swap - name: fstab swap
lineinfile: lineinfile:
dest: /etc/fstab dest: /etc/fstab
line: '{{AGI_container_disk}}2 none swap nofail,sw 0 0' line: '{{AGI_container_disk}}2 none swap nofail,sw 0 0'
regexp: '^{{AGI_container_disk}}2' regexp: '^{{AGI_container_disk}}2'
owner: root
mode: '0644'
- name: fstab shm - name: fstab shm
lineinfile: lineinfile:
dest: /etc/fstab dest: /etc/fstab
line: 'tmpfs /run/shm tmpfs defaults,noexec,size=5% 0 0' line: 'tmpfs /run/shm tmpfs defaults,noexec,size=5% 0 0'
regexp: '^tmpfs */run/shm' regexp: '^tmpfs */run/shm'
owner: root
mode: '0644'
# linuxPen19 /mnt/linuxPen19 virtiofs defaults,dirsync 0 0 # linuxPen19 /mnt/linuxPen19 virtiofs defaults,dirsync 0 0
@ -171,18 +169,24 @@
dest: /etc/security/passwdqc.conf dest: /etc/security/passwdqc.conf
line: 'enforce=none' line: 'enforce=none'
regexp: '^enforce=.*' regexp: '^enforce=.*'
owner: root
mode: '0644'
- name: /etc/security/passwdqc.conf - name: /etc/security/passwdqc.conf
lineinfile: lineinfile:
dest: /etc/security/passwdqc.conf dest: /etc/security/passwdqc.conf
line: 'enforce=none' line: 'enforce=none'
regexp: '^enforce=.*' regexp: '^enforce=.*'
owner: root
mode: '0644'
- name: /etc/conf.d/consolefont - name: /etc/conf.d/consolefont
lineinfile: lineinfile:
dest: /etc/conf.d/consolefont dest: /etc/conf.d/consolefont
line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"' line: 'consolefont="ter-v{{AGI_consolefont_font_size}}b"'
regexp: '^consolefont=.*' regexp: '^consolefont=.*'
owner: root
mode: '0644'
- name: consolefont - name: consolefont
shell: | shell: |
@ -193,7 +197,7 @@
/etc/init.d consolefont start /etc/init.d consolefont start
# these are right for ter-v28b consolefont # these are right for ter-v28b consolefont
if tty|grep -q /dev/ttyS0 ; then if tty|grep -q /dev/ttyS0 ; then
stty cols 80 rows 35 stty cols 80 rows 34
elif tty|grep -q /dev/tty[1-6] ; then elif tty|grep -q /dev/tty[1-6] ; then
stty cols 80 rows 22 stty cols 80 rows 22
fi fi

View File

@ -17,7 +17,8 @@
done done
# 700 files from ansible umask # 700 files from ansible umask
find /usr/local/*bin/ /usr/local/etc/ -name '*sh' -exec chmod 755 {} \; find /usr/local/*bin/ /usr/local/etc/ -name '*sh' -exec chmod 755 {} \;
find /usr/local/ -type f -exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \; find /usr/local/{src,bin,share,etc} -type f \
-exec chown ${BOX_USER_NAME}:${BOX_USER_GROUP} {} \;
exit 0 exit 0
when: AGI_bootstrap_mountpoints|default([])|length > 0 when: AGI_bootstrap_mountpoints|default([])|length > 0

View File

@ -0,0 +1,30 @@
# -*-mode: sh; tab-width: 8; coding: utf-8-dos -*-
default vesamenu.c32
##? SERIAL 0 115200
##? CONSOLE 0
prompt 0
timeout 150
menu title {{BOX_NBD_DEV}} TAB to edit RETURN to boot
menu color title 1;36;44 #c0ffffff #00000000 std
menu color sel 7;37;40 #e0000000 #20ECEAC7 all
menu rows 15
menu tabmsgrow 21
menu timeoutrow 23
menu helpmsgrow 23
# rd.shell rd.debug
label {{AGI_syslinux_vmlinuz}}_{{AGI_syslinux_date}}_{{AGI_syslinux_vga}}
menu label {{AGI_syslinux_vmlinuz}}_{{AGI_syslinux_date}}_{{AGI_syslinux_vga}}
menu default
kernel /{{AGI_syslinux_vmlinuz}}
INITRD /{{AGI_syslinux_initramfs}}
# was vga=0x315
APPEND root=LABEL=root rootfstype=ext2 console=ttyS0 pti=on rd.skipfsck=1 ipv6.disable={{AGI_syslinux_disable}} lang=en keymap=us vga={{AGI_syslinux_vga}} text
label MAIN hd0 MBR
menu label MAIN hd0 0
com32 chain.c32
APPEND hd0

1
roles/base Symbolic link
View File

@ -0,0 +1 @@
/o/data/TestForge/src/ansible/roles/base

1
roles/proxy Symbolic link
View File

@ -0,0 +1 @@
/o/data/TestForge/src/ansible/roles/proxy

View File

@ -10,6 +10,7 @@ ROLE=toxcore
MYID=`id -u` MYID=`id -u`
# or use sudo? or just diagnostics? $prog should be run as root $MYID # or use sudo? or just diagnostics? $prog should be run as root $MYID
[ $MYID -eq 0 ] && sudo= || sudo=sudo # "WARN as root - sudo" [ $MYID -eq 0 ] && sudo= || sudo=sudo # "WARN as root - sudo"
TOXCORE_LOG_DIR=$PREFIX/var/log
grep -q iommu=pt /proc/cmdline || WARN 'iommu=pt not on command line' grep -q iommu=pt /proc/cmdline || WARN 'iommu=pt not on command line'
grep -q intel_iommu=on /proc/cmdline || WARN 'intel_iommu=on not on command line' grep -q intel_iommu=on /proc/cmdline || WARN 'intel_iommu=on not on command line'
@ -72,7 +73,7 @@ lsmod | sort > /tmp/$$.lsmod
# selectively activate runtime features # selectively activate runtime features
[ "$#" -eq 0 ] && exit 0 [ "$#" -eq 0 ] && exit 0
if [ "$1" = "libvirt" ] ; then if [ "$1" = "libvirt" -i "$1" = "libvirt_qemu" ] ; then
if [ ! -d /dev/virtio-ports ] ; then if [ ! -d /dev/virtio-ports ] ; then
# firewall - should depend on mode # firewall - should depend on mode
for mod in "${MODS[@]}" ; do for mod in "${MODS[@]}" ; do

View File

@ -29,6 +29,8 @@ ELOG="$TOXCORE_LOG_DIR"/$ly/E$prog$$.log
#?ols_make_testforge_logs $TOXCORE_LOG_DIR #?ols_make_testforge_logs $TOXCORE_LOG_DIR
find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete find "$TOXCORE_LOG_DIR"/$ly/ -type f -name W${prog}*.log -o -name E${prog}*.log -mtime +1 -delete
[ -d /var/lib/libvirt/dnsmasq/ ] && \
sudo find /var/lib/libvirt/dnsmasq/ -mtime +1 -empty -delete
if virsh list | grep -q Whonix-Gateway ; then if virsh list | grep -q Whonix-Gateway ; then
/usr/local/bin/toxcore_libvirt_test_ga.bash /usr/local/bin/toxcore_libvirt_test_ga.bash

View File

@ -0,0 +1,22 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/var/local
. /usr/local/etc/testforge/testforge.bash
ROLE=testforge
PYVER=3
P="BASE_PYTHON${PYVER}_MINOR"
PYTHON_MINOR="$(eval echo \$$P)"
PYTHON_EXE_MSYS=$PREFIX/bin/python$PYVER.bash
PYTHON_EXE=$PYTHON_EXE_MSYS
# doctest.py
# NORMALIZE_WHITESPACE = register_optionflag('NORMALIZE_WHITESPACE')
# ELLIPSIS = register_optionflag('ELLIPSIS')
LOPTS="-o ELLIPSIS --fail-fast"
for file in "$@" ; do
/var/local/bin/python$PYVER.bash -m doctest $LOPTS "$file"
done

View File

@ -0,0 +1,169 @@
# ---> Python
# Byte-compiled / optimized / DLL files
__pycache__/
*.py[cod]
*$py.class
*.diff
.pylint.*
*~
# C extensions
*.so
# Distribution / packaging
.Python
build/
develop-eggs/
dist/
downloads/
eggs/
.eggs/
lib/
lib64/
parts/
sdist/
var/
wheels/
share/python-wheels/
*.egg-info/
.installed.cfg
*.egg
MANIFEST
# PyInstaller
# Usually these files are written by a python script from a template
# before PyInstaller builds the exe, so as to inject date/other infos into it.
*.manifest
*.spec
# Installer logs
pip-log.txt
pip-delete-this-directory.txt
# Unit test / coverage reports
htmlcov/
.tox/
.nox/
.coverage
.coverage.*
.cache
nosetests.xml
coverage.xml
*.cover
*.py,cover
.hypothesis/
.pytest_cache/
cover/
# Translations
*.mo
*.pot
# Django stuff:
*.log
local_settings.py
db.sqlite3
db.sqlite3-journal
# Flask stuff:
instance/
.webassets-cache
# Scrapy stuff:
.scrapy
# Sphinx documentation
docs/_build/
# PyBuilder
.pybuilder/
target/
# Jupyter Notebook
.ipynb_checkpoints
# IPython
profile_default/
ipython_config.py
# pyenv
# For a library or package, you might want to ignore these files since the code is
# intended to run in multiple environments; otherwise, check them in:
# .python-version
# pipenv
# According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
# However, in case of collaboration, if having platform-specific dependencies or dependencies
# having no cross-platform support, pipenv may install dependencies that don't work, or not
# install all needed dependencies.
#Pipfile.lock
# poetry
# Similar to Pipfile.lock, it is generally recommended to include poetry.lock in version control.
# This is especially recommended for binary packages to ensure reproducibility, and is more
# commonly ignored for libraries.
# https://python-poetry.org/docs/basic-usage/#commit-your-poetrylock-file-to-version-control
#poetry.lock
# pdm
# Similar to Pipfile.lock, it is generally recommended to include pdm.lock in version control.
#pdm.lock
# pdm stores project-wide configurations in .pdm.toml, but it is recommended to not include it
# in version control.
# https://pdm.fming.dev/#use-with-ide
.pdm.toml
# PEP 582; used by e.g. github.com/David-OConnor/pyflow and github.com/pdm-project/pdm
__pypackages__/
# Celery stuff
celerybeat-schedule
celerybeat.pid
# SageMath parsed files
*.sage.py
# Environments
.env
.venv
env/
venv/
ENV/
env.bak/
venv.bak/
# Spyder project settings
.spyderproject
.spyproject
# Rope project settings
.ropeproject
# mkdocs documentation
/site
# mypy
.mypy_cache/
.dmypy.json
dmypy.json
# Pyre type checker
.pyre/
# pytype static type analyzer
.pytype/
# Cython debug symbols
cython_debug/
# PyCharm
# JetBrains specific template is maintained in a separate JetBrains.gitignore that can
# be found at https://github.com/github/gitignore/blob/main/Global/JetBrains.gitignore
# and can be added to the global gitignore or merged into this file. For a more nuclear
# option (not recommended) you can uncomment the following to ignore the entire idea folder.
#.idea/
.pylint.err
.pylint.log

View File

@ -11,7 +11,7 @@
prog=`basename $0 .bash` prog=`basename $0 .bash`
PREFIX=/usr/local PREFIX=/usr/local
ROLE=hostvms ROLE=toxcore
#[ $# -eq 0 ] && set - Whonix-Gateway /bin/cat /proc/cmdline #[ $# -eq 0 ] && set - Whonix-Gateway /bin/cat /proc/cmdline
[ $# -eq 0 ] && set - Whonix-Gateway /bin/netstat -lnp4 [ $# -eq 0 ] && set - Whonix-Gateway /bin/netstat -lnp4
@ -112,14 +112,12 @@ elif [ $RCMD = guest-exec ] ; then
#b64=`jq '.return.out_data' < /tmp/R$$.out` #b64=`jq '.return.out_data' < /tmp/R$$.out`
DBUG rc=$rc /tmp/R$$.out DBUG rc=$rc /tmp/R$$.out
if grep -q err-data /tmp/R$$.out ; then if grep -q err-data /tmp/R$$.out ; then
b64_err=`sed -e 's/{"return":{"exitcode":[0-9]*,"err-data":"//' -e 's/",".*//' /tmp/R$$.out` sed -e 's/{"return":{"exitcode":[0-9]*,"err-data":"//' -e 's/",".*//' /tmp/R$$.out | base64 -d - 2>/dev/null
errrc=$? # [ $? -eq 0 ] && WARN $b64_err
WARN `echo $b64_err | base64 -d -`
fi fi
if grep -q out-data /tmp/R$$.out ; then if grep -q out-data /tmp/R$$.out ; then
b64_out=`sed -e 's/{"return":{"exitcode":[0-9]*,"out-data":"//' -e 's/",".*//' /tmp/R$$.out` sed -e 's/{"return":{"exitcode":[0-9]*,"out-data":"//' -e 's/",".*//' /tmp/R$$.out | base64 -d - 2>/dev/null
outrc=$? # [ $? -eq 0 ] && INFO $b64_out
INFO `echo $b64_out | base64 -d - `
fi fi
#b64=`jq '.return.out_data' < /tmp/R$$.out` #b64=`jq '.return.out_data' < /tmp/R$$.out`

View File

@ -73,7 +73,7 @@ if [ "$#" -eq 0 ] ; then
elif [ "$1" = 'check' ] ; then elif [ "$1" = 'check' ] ; then
"$PYTHON_EXE" -c "import $MOD" || exit 10 "$PYTHON_EXE" -c "import $MOD" || exit 10
# ols_run_checks_requirements # msys_run_checks_requirements
elif [ $1 = 'test' ] ; then elif [ $1 = 'test' ] ; then
cd $PREFIX/src/$DIR || exit 50 cd $PREFIX/src/$DIR || exit 50

View File

@ -0,0 +1,279 @@
#!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
prog=`basename $0 .bash`
PREFIX=/usr/local
ROLE=toxcore
PKG=dracut
VER=050
DIR=${PKG}-$VER
URL=distfiles.gentoo.org/distfiles/$DIR.tar.xz
URI="https://www.kernel.org/pub/linux/utils/boot/${VER}/${DIR}.tar.xz"
cd $PREFIX/src || exit 2
WD=$PWD
if [ -d /etc/apt -a $USER = root ] ; then
# old_debian_requires asciidoc libkmod-dev libkmod-dev xsltproc
which xsltproc 2>/dev/null || apt-get install xsltproc || exit 2
which asciidoc 2>/dev/null || apt-get install asciidoc || exit 2
elif [ -d /etc/portage -a $USER = root ] ; then
which cpio >/dev/null || emerge -fp app-arch/cpio || exit 2
[ -f /usr/lib64/libkmod.so ] || emerge -fp '>=sys-apps/kmod-23[tools]' || exit 2
fi
if [ ! -f $DIR/dracut-initramfs-restore ] ; then
if [ -e $PREFIX/net/Http/$URL ] ; then
ip route|grep -q ^default || { echo "DEBUG: $0 not connected" ; exit 0 ; }
wget -xc -P $PREFIX/net/Http https://$URL
fi
tar xvfJ $PREFIX/net/Http/$URL
fi
cd $DIR || exit 3
true || \
grep -q ^prefix=$PREFIX configure || \
sed -e 's/^KMOD_LIBS.*/KMOD_LIBS ?= -lkmod/' \
-e 's@^ exit 1@# exit 1@' \
-e "s@^prefix=/usr$@prefix=$PREFIX@" -i configure
src_configure() {
local PV=$VER
# tc-export CC PKG_CONFIG
sed -e "s@^prefix=/usr\$@prefix=$PREFIX@" -i configure
./configure \
--disable-documentation \
--prefix="${PREFIX}" \
--sysconfdir="${PREFIX}/etc" \
|| return 1
# --bashcompletiondir="$(get_bashcompdir)"
# --systemdsystemunitdir="$(systemd_get_systemunitdir)"
if [ ! -f dracut-version.sh ] ; then
# Source tarball from github doesn't include this file
echo "DRACUT_VERSION=${PV}" > dracut-version.sh
fi
return 0
}
if [ "$#" -eq 0 ] ; then
if [ ! -f dracut-initramfs-restore.sh.dst ] ; then
false && \
if [ -d /usr/local/patches/$ROLE/usr/local/src/$DIR/files ] ; then
find /usr/local/patches/$ROLE/usr/local/src/$DIR/files -type f -name \*.patch | \
while read file ; do
root=`echo $file | sed -e 's/.patch//' -e "s@$PREFIX/patches/$ROLE/usr/local/src/$DIR/@@"`
[ -f $root.dst ] && continue
patch -b -z.dst $root < $file
done || exit 5
fi
# patches
if [ -d /usr/local/patches/$ROLE/usr/local/src/$DIR/ ] ; then
find /usr/local/patches/$ROLE/usr/local/src/$DIR/ -type f -name \*.diff | \
while read file ; do
root=$( echo $file | sed -e 's/.diff//' \
-e "s@$PREFIX/patches/$ROLE/usr/local/src/$DIR/@@" )
[ -f $root.dst ] && continue
patch -b -z.dst $root < $file
done || exit 5
fi
find * -type f -name \*sh -exec grep -q /usr/lib/dracut {} \; -print | \
while read file ; do
[ -f $file.dst ] || cp -p $file $file.dst
sed -e "s@/usr/lib/dracut@$PREFIX/lib/dracut@" $file
chmod 755 $file
done
fi
[ -f Makefile.inc ] || \
src_configure || exit 6
grep -q systemdsystemunitdir Makefile.inc || \
cat >> Makefile.inc << EOF
systemdsystemunitdir ?= /usr/local/lib/systemd
EOF
grep -v =$ dracut-version.sh && sed -e "s/=/=$VER/" dracut-version.sh
[ -x install/dracut-install ] || make >> make.log 2>&1 || exit 7
[ -x $PREFIX/lib/dracut/dracut-install -a \
$PREFIX/lib/dracut/dracut-install -nt install/dracut-install ] || \
make install >> install.log 2>&1 || exit 8
elif [ "$1" = 'test' ] ; then
$PREFIX/bin/$PKG --help || exit 30
# Has tests
elif [ "$1" = 'refresh' ] ; then # 6*
cd $WD/$DIR || exit 6
find * -name \*.dst | while read file ; do
base=`echo $file |sed -e 's/.dst//'`
[ -f $base.diff -a $base.diff -nt $base ] && continue
diff -c -C 5 $file $base>$base.diff
done
find * -name \*.diff | tar cf - -T - | \
tar xfBv - -C ../../patches/gpgkey/usr/local/src/dracut-050/
fi
exit 0
cp -p install/dracut-install $PREFIX/bin
rm -f -- "lsinitrd.1.xml"
asciidoc -d manpage -b docbook -o "lsinitrd.1.xml" lsinitrd.1.asc
rm -f -- "lsinitrd.1"
xsltproc -o "lsinitrd.1" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl lsinitrd.1.xml
rm -f -- "dracut.conf.5.xml"
asciidoc -d manpage -b docbook -o "dracut.conf.5.xml" dracut.conf.5.asc
rm -f -- "dracut.conf.5"
xsltproc -o "dracut.conf.5" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.conf.5.xml
rm -f -- "dracut.cmdline.7.xml"
asciidoc -d manpage -b docbook -o "dracut.cmdline.7.xml" dracut.cmdline.7.asc
rm -f -- "dracut.cmdline.7"
xsltproc -o "dracut.cmdline.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.cmdline.7.xml
rm -f -- "dracut.bootup.7.xml"
asciidoc -d manpage -b docbook -o "dracut.bootup.7.xml" dracut.bootup.7.asc
rm -f -- "dracut.bootup.7"
xsltproc -o "dracut.bootup.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.bootup.7.xml
rm -f -- "dracut.modules.7.xml"
asciidoc -d manpage -b docbook -o "dracut.modules.7.xml" dracut.modules.7.asc
rm -f -- "dracut.modules.7"
xsltproc -o "dracut.modules.7" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.modules.7.xml
rm -f -- "dracut.8.xml"
asciidoc -d manpage -b docbook -o "dracut.8.xml" dracut.8.asc
rm -f -- "dracut.8"
xsltproc -o "dracut.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut.8.xml
rm -f -- "dracut-catimages.8.xml"
asciidoc -d manpage -b docbook -o "dracut-catimages.8.xml" dracut-catimages.8.asc
rm -f -- "dracut-catimages.8"
xsltproc -o "dracut-catimages.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl dracut-catimages.8.xml
rm -f -- "mkinitrd.8.xml"
asciidoc -d manpage -b docbook -o "mkinitrd.8.xml" mkinitrd.8.asc
rm -f -- "mkinitrd.8"
xsltproc -o "mkinitrd.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl mkinitrd.8.xml
rm -f -- "mkinitrd-suse.8.xml"
asciidoc -d manpage -b docbook -o "mkinitrd-suse.8.xml" mkinitrd-suse.8.asc
rm -f -- "mkinitrd-suse.8"
xsltproc -o "mkinitrd-suse.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl mkinitrd-suse.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-cmdline.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-cmdline.service.8.xml" modules.d/98dracut-systemd/dracut-cmdline.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-cmdline.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-cmdline.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-cmdline.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-initqueue.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-initqueue.service.8.xml" modules.d/98dracut-systemd/dracut-initqueue.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-initqueue.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-initqueue.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-initqueue.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-mount.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-mount.service.8.xml" modules.d/98dracut-systemd/dracut-mount.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-mount.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-mount.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-mount.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-shutdown.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-shutdown.service.8.xml" modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-shutdown.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-shutdown.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-shutdown.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml" modules.d/98dracut-systemd/dracut-pre-mount.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-pre-mount.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-pre-mount.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml" modules.d/98dracut-systemd/dracut-pre-pivot.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-pre-pivot.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-pre-pivot.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml" modules.d/98dracut-systemd/dracut-pre-trigger.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-pre-trigger.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-pre-trigger.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml
rm -f -- "modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml"
asciidoc -d manpage -b docbook -o "modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml" modules.d/98dracut-systemd/dracut-pre-udev.service.8.asc
rm -f -- "modules.d/98dracut-systemd/dracut-pre-udev.service.8"
xsltproc -o "modules.d/98dracut-systemd/dracut-pre-udev.service.8" -nonet http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml
rm -f -- dracut.xml
asciidoc -a numbered -d book -b docbook -o dracut.xml dracut.asc
rm -f -- dracut.html
xsltproc -o dracut.html --xinclude -nonet \
--stringparam custom.css.source dracut.css \
--stringparam generate.css.header 1 \
http://docbook.sourceforge.net/release/xsl/current/xhtml/docbook.xsl dracut.xml
rm -f -- dracut.xml
[ -d /usr/lib/dracut ] || mkdir -p /usr/lib/dracut
mkdir -p /usr/lib/dracut/modules.d
mkdir -p /usr/share/man/man1 /usr/share/man/man5 /usr/share/man/man7 /usr/share/man/man8
install -m 0755 dracut.sh /usr/bin/dracut
install -m 0755 dracut-catimages.sh /usr/bin/dracut-catimages
install -m 0755 mkinitrd-dracut.sh /usr/bin/mkinitrd
install -m 0755 lsinitrd.sh /usr/bin/lsinitrd
install -m 0644 dracut.conf /usr/etc/dracut.conf
mkdir -p /usr/etc/dracut.conf.d
mkdir -p /usr/lib/dracut/dracut.conf.d
install -m 0755 dracut-init.sh /usr/lib/dracut/dracut-init.sh
install -m 0755 dracut-functions.sh /usr/lib/dracut/dracut-functions.sh
install -m 0755 dracut-version.sh /usr/lib/dracut/dracut-version.sh
ln -fs dracut-functions.sh /usr/lib/dracut/dracut-functions
install -m 0755 dracut-logger.sh /usr/lib/dracut/dracut-logger.sh
install -m 0755 dracut-initramfs-restore.sh /usr/lib/dracut/dracut-initramfs-restore
cp -arx modules.d /usr/lib/dracut
for i in lsinitrd.1; do install -m 0644 $i /usr/share/man/man1/${i##*/}; done
for i in dracut.conf.5; do install -m 0644 $i /usr/share/man/man5/${i##*/}; done
for i in dracut.cmdline.7 dracut.bootup.7 dracut.modules.7; do install -m 0644 $i /usr/share/man/man7/${i##*/}; done
for i in dracut.8 dracut-catimages.8 mkinitrd.8 mkinitrd-suse.8 modules.d/98dracut-systemd/dracut-cmdline.service.8 modules.d/98dracut-systemd/dracut-initqueue.service.8 modules.d/98dracut-systemd/dracut-mount.service.8 modules.d/98dracut-systemd/dracut-shutdown.service.8 modules.d/98dracut-systemd/dracut-pre-mount.service.8 modules.d/98dracut-systemd/dracut-pre-pivot.service.8 modules.d/98dracut-systemd/dracut-pre-trigger.service.8 modules.d/98dracut-systemd/dracut-pre-udev.service.8; do install -m 0644 $i /usr/share/man/man8/${i##*/}; done
ln -fs dracut.cmdline.7 /usr/share/man/man7/dracut.kernel.7
if [ -n "" ]; then \
mkdir -p ; \
ln -srf /usr/lib/dracut/modules.d/98dracut-systemd/dracut-shutdown.service /dracut-shutdown.service; \
mkdir -p /sysinit.target.wants; \
ln -s ../dracut-shutdown.service \
/sysinit.target.wants/dracut-shutdown.service; \
mkdir -p /initrd.target.wants; \
for i in \
dracut-cmdline.service \
dracut-initqueue.service \
dracut-mount.service \
dracut-pre-mount.service \
dracut-pre-pivot.service \
dracut-pre-trigger.service \
dracut-pre-udev.service \
; do \
ln -srf /usr/lib/dracut/modules.d/98dracut-systemd/$i ; \
ln -s ../$i \
/initrd.target.wants/$i; \
done \
fi
if [ -f install/dracut-install ]; then \
install -m 0755 install/dracut-install /usr/lib/dracut/dracut-install; \
fi
if [ -f skipcpio/skipcpio ]; then \
install -m 0755 skipcpio/skipcpio /usr/lib/dracut/skipcpio; \
fi
mkdir -p /usr/lib/kernel/install.d
install -m 0755 50-dracut.install /usr/lib/kernel/install.d/50-dracut.install
install -m 0755 51-dracut-rescue.install /usr/lib/kernel/install.d/51-dracut-rescue.install
mkdir -p /usr/share/bash-completion/completions
install -m 0644 dracut-bash-completion.sh /usr/share/bash-completion/completions/dracut
install -m 0644 lsinitrd-bash-completion.sh /usr/share/bash-completion/completions/lsinitrd
mkdir -p /usr/share/pkgconfig
install -m 0644 dracut.pc /usr/share/pkgconfig/dracut.pc
rm dracut.8.xml dracut.cmdline.7.xml modules.d/98dracut-systemd/dracut-mount.service.8.xml dracut.bootup.7.xml modules.d/98dracut-systemd/dracut-pre-mount.service.8.xml modules.d/98dracut-systemd/dracut-initqueue.service.8.xml mkinitrd.8.xml modules.d/98dracut-systemd/dracut-pre-pivot.service.8.xml dracut.modules.7.xml dracut.conf.5.xml lsinitrd.1.xml modules.d/98dracut-systemd/dracut-cmdline.service.8.xml dracut-catimages.8.xml modules.d/98dracut-systemd/dracut-pre-udev.service.8.xml modules.d/98dracut-systemd/dracut-pre-trigger.service.8.xml mkinitrd-suse.8.xml modules.d/98dracut-systemd/dracut-shutdown.service.8.xml
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=text
ROLE=testing
ROLE=pydev
ROLE=logging
ROLE=gpgkey
ROLE=harden
ROLE=privacy
ROLE=hostvms
ROLE=pentest
ROLE=update

View File

@ -0,0 +1,9 @@
lineend=linux
style=linux
indent=spaces=8
convert-tabs
min-conditional-indent=0
max-instatement-indent=120
align-pointer=name
max-code-length=120

View File

@ -0,0 +1,25 @@
; Directory Local Variables
; For more information see (info "(emacs) Directory Variables")
; Sets emacs variables based on mode.
; A list of (major-mode . ((var1 . value1) (var2 . value2)))
; Mode can be nil, which gives default values.
; Characters width is set to 109 for .c and XML but for everything else 79.
; If you update this file make sure to update .vimrc and .editorconfig too.
((c-mode . ((fill-column . 109)
(c-basic-offset . 8)
(eval . (c-set-offset 'substatement-open 0))
(eval . (c-set-offset 'statement-case-open 0))
(eval . (c-set-offset 'case-label 0))
(eval . (c-set-offset 'arglist-intro '++))
(eval . (c-set-offset 'arglist-close 0))
(eval . (c-set-offset 'arglist-cont-nonempty '(c-lineup-gcc-asm-reg c-lineup-arglist)))))
(nxml-mode . ((nxml-child-indent . 2)
(fill-column . 109)))
(meson-mode . ((meson-indent-basic . 8)))
(sh-mode . ((sh-basic-offset . 4)
(sh-indentation . 4)))
(awk-mode . ((c-basic-offset . 8)))
(nil . ((indent-tabs-mode . nil)
(tab-width . 4)
(fill-column . 79))) )

View File

@ -0,0 +1,39 @@
# EditorConfig configuration for dracut
# http://EditorConfig.org
# If you update this file make sure to update .dir-locals.el and .vimrc too.
# Top-most EditorConfig file
root = true
# Unix-style newlines with a newline ending every file, utf-8 charset
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
charset = utf-8
indent_style = space
indent_size = 4
switch_case_indent = true
function_next_line = false
binary_next_line = true
space_redirects = true
# Match config files, set indent to spaces with width of eight.
[*.{c,h}]
indent_style = space
indent_size = 8
# Match config files, set indent to spaces with width of four.
[*.sh]
indent_style = space
indent_size = 4
switch_case_indent = true
function_next_line = false
binary_next_line = true
space_redirects = true
# Match xml man pages, set indent to spaces with width of two.
[man/*.xml]
indent_style = space
indent_size = 2

View File

@ -0,0 +1,27 @@
/Makefile.inc
/dracut.8
/dracut-catimages.8
/dracut.conf.5
/dracut.conf.d/*.conf
/dracut-gencmdline.8
/dracut.html
/dracut.kernel.7
/dracut.pc
/dracut-install
/modules.d/99base/switch_root
/test/*/test.log
/test/*/.testdir
test*.img
/.buildpath
/.project
/dracut-version.sh
/install/dracut-install
/*.rpm
/*.[0-9]
/modules.d/98dracut-systemd/*.service.8
/*.sign
*.o
skipcpio/skipcpio
/util/util
/dracut-util
.idea/

View File

@ -0,0 +1 @@
kate: space-indent on; tab-width 4; indent-width 4; replace-tabs on; eol unix;

View File

@ -0,0 +1,9 @@
{
"name": "Dracut"
, "files": [ { "git": 1 } ]
, "build": {
"directory": "./"
, "build": "make -j $(getconf _NPROCESSORS_ONLN) all"
, "clean": "make clean"
}
}

View File

@ -0,0 +1,37 @@
Philippe Seewer <philippe.seewer@bfh.ch> <philippe.seewer-omB+W0Dpw2o@public.gmane.org>
Seewer Philippe <philippe.seewer@bfh.ch> <philippe.seewer@bfh.ch>
Philippe Seewer <philippe.seewer@bfh.ch> <philippe.seewer@bfh.ch>
Victor Lowther <victor.lowther@gmail.com> <victor.lowther-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org>
Harald Hoyer <harald@redhat.com> <harald-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
Harald Hoyer <harald@redhat.com> <harald@eeepc.(none)>
Harald Hoyer <harald@redhat.com> <harald@hoyer.xyz>
Mike Snitzer <snitzer@redhat.com> <msnitzer@redhat.com>
Amerigo Wang <amwang@redhat.com> <xiyou.wangcong@gmail.com>
Andrey Borzenkov <arvidjaar@gmail.com> <arvidjaar@mail.ru>
Dan Horák <dhorak@redhat.com> <dan@danny.cz>
John Reiser <jreiser@bitwagon.com> <jreiser@BitWagon.com>
Luca Berra <bluca@vodka.it> <bluca@comedia.it>
Dave Young <dyoung@redhat.com> <dyoung@redhat.com>
Dave Young <dyoung@redhat.com> <dave@redhat.com>
Frederick Grose <fgrose@sugarlabs.org> <fgrose@gmail.com>
Frederic Crozat <fcrozat@suse.com> <fcrozat@mandriva.com>
Shawn W Dunn <sfalken@opensuse.org> <sfalken@opensuse.org>
Kyle McMartin <kmcmarti@redhat.com> <kyle@redhat.com>
Angelo "pallotron" Failla <pallotron@fb.com> <pallotron@fb.com>
Yu Watanabe <watanabe.yu+github@gmail.com>
Martin Wilck <mwilck@suse.de> <mwilck@suse.com>
Thomas Renninger <trenn@suse.com> <trenn@suse.de>
Andrey Borzenkov <arvidjaar@gmail.com>
Cristian Rodríguez <crrodriguez@opensuse.org>
Daniel Drake <drake@endlessm.com> <dsd@laptop.org>
Fabian Vogt <fvogt@suse.com>
Hannes Reinecke <hare@suse.com> <hare@suse.de>
Julian Wolf <juwolf@suse.com> <juwolf@suse.de>
Lidong Zhong <lidong.zhong@suse.com> <lzhong@suse.com>
Nikoli <nikoli@gmx.us> <nikoli@lavabit.com>
Peter Robinson <pbrobinson@fedoraproject.org> <pbrobinson@gmail.com>
Xunlei Pang <xlpang@redhat.com> <xpang@redhat.com>
Daniel Molkentin <daniel.molkentin@suse.com> <dmolkentin@suse.com>
Thomas Blume <thomas.blume@suse.com> <Thomas.Blume@suse.com>
Brian C. Lane <bcl@redhat.com> <bcl@brianlane.com>
Tomasz Paweł Gajc <tpgxyz@gmail.com> <tpgxyz@gmail.com>

View File

@ -0,0 +1,55 @@
# This file is part of dracut.
# SPDX-License-Identifier: GPL-2.0-or-later
# The name of the upstream package
upstream_package_name: dracut
# The upstream tag versioning scheme
upstream_tag_template: "{version}"
# The URL of the upstream project
upstream_project_url: https://github.com/dracutdevs/dracut
# Relative path to a spec file within the upstream repository
specfile_path: pkgbuild/dracut.spec
# Name of the downstream package
downstream_package_name: dracut
# The URL of the downstream project
dist_git_base_url: https://src.fedoraproject.org/
# Sync file(s) from upstream repo to dist-git
synced_files:
# The dracut spec file is maintained upstream so we sync it downstream.
- dracut.spec
# We sync the packit file downstream be able to optionally use the sync-from-downstream command
- .packit.yaml
# We want new releases to be automatically built on rawhide and have few jobs
# on copr.
create_pr: false
jobs:
- job: propose_downstream
trigger: release
metadata:
dist_git_branches: main
- job: tests
trigger: pull_request
metadata:
targets:
- fedora-rawhide
- job: copr_build
trigger: pull_request
metadata:
targets:
- fedora-development
- job: copr_build
trigger: commit
metadata:
targets:
- fedora-all
- fedora-development

View File

@ -0,0 +1,34 @@
# SC2039: In POSIX sh, 'local' is undefined.
# https://github.com/koalaman/shellcheck/wiki/SC2039
disable=SC2039
# SC2166: Prefer [ p ] || [ q ] as [ p -o q ] is not well defined.
# https://github.com/koalaman/shellcheck/wiki/SC2166
disable=SC2166
# SC2154: Variable is referenced but not assigned
# https://github.com/koalaman/shellcheck/wiki/SC2154
disable=SC2154
# SC1091: Not following <file>
# https://github.com/koalaman/shellcheck/wiki/SC1091
disable=SC1091
# SC2174: When used with -p, -m only applies to the deepest directory.
# https://github.com/koalaman/shellcheck/wiki/SC2174
disable=SC2174
# SC3043: In POSIX sh, 'local' is undefined.
# https://github.com/koalaman/shellcheck/wiki/SC3043
# ... but dash supports it
disable=SC3043
# SC3013: In POSIX sh, -ef is undefined.
# https://github.com/koalaman/shellcheck/wiki/SC3013
# ... but dash supports it
disable=SC3013
# SC3045: In POSIX sh, read -p is undefined.
# https://github.com/koalaman/shellcheck/wiki/SC3045
# ... but dash supports it
disable=SC3045

View File

@ -0,0 +1,15 @@
" Vim can use per directory configuration files like this.
" To enable that feature two lines are needed in your ~/.vimrc
" set exrc " enables per-directory .vimrc files
" set secure " disable unsafe commands in local .vimrc files
" Characters width is set to 109 for .c and XML but for everything else 79.
" If you update this file make sure to update .dir-locals.el & .editorconfig
set tabstop=4
set shiftwidth=4
set expandtab
set makeprg=GCC_COLORS=\ make
set tw=79
au BufRead,BufNewFile *.xml set tw=109 shiftwidth=2 smarttab
au FileType sh set tw=80 shiftwidth=4 smarttab
au FileType c set tw=109 shiftwidth=8 tabstop=8 smarttab expandtab

View File

@ -0,0 +1 @@
kate: space-indent on; tab-width 8; indent-width 8; replace-tabs on; eol unix;

View File

@ -0,0 +1,2 @@
(setq c-basic-offset 8)
(setq indent-tabs-mode nil)

View File

@ -0,0 +1 @@
kate: space-indent on; tab-width 8; indent-width 8; replace-tabs on; eol unix;

View File

@ -12,7 +12,7 @@ GIT_USER=reid-k
GIT_DIR=gridfire GIT_DIR=gridfire
DESC="" DESC=""
[ -f /usr/local/src/var_local_src.bash ] && \ [ -f /usr/local/src/usr_local_src.bash ] && \
. /usr/local/src/usr_local_src.bash . /usr/local/src/usr_local_src.bash
cd $PREFIX/src || exit 2 cd $PREFIX/src || exit 2
@ -23,7 +23,7 @@ if [ "$#" -eq 0 ] ; then
if [ ! -e $MOD.py ] ; then if [ ! -e $MOD.py ] ; then
route|grep -q ^default || exit 0 route|grep -q ^default || exit 0
ols_wget_c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py wget -c https://raw.githubusercontent.com/$GIT_USER/$GIT_DIR/master/$MOD.py
fi fi
#[ -f $MOD.sh ] || \ #[ -f $MOD.sh ] || \
@ -36,7 +36,7 @@ if [ "$#" -eq 0 ] ; then
cat > $PREFIX/bin/$MOD$VER.bash << EOF cat > $PREFIX/bin/$MOD$VER.bash << EOF
#!/bin/sh #!/bin/sh
# -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*- # -*- mode: sh; tab-width: 8; encoding: utf-8-unix -*-
ROLE=proxy ROLE=$ROLE
# https://$GIT_HUB/$GIT_USER/$GIT_DIR/ # https://$GIT_HUB/$GIT_USER/$GIT_DIR/
exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@" exec $PYTHON_EXE_MSYS $PREFIX/src/$DIR/$MOD.py "\$@"
EOF EOF

View File

@ -0,0 +1,4 @@
AUTHORS
build
__pycache__
*.pyc

View File

@ -0,0 +1 @@
W. Trevor King <wking@tremily.us> <wking@drexel.edu>

View File

@ -0,0 +1,18 @@
[project]
name: pyassuan
vcs: Git
[files]
authors: yes
files: yes
ignored: COPYING | README | .update-copyright.conf | .git*
[copyright]
short: {project} comes with ABSOLUTELY NO WARRANTY and is licensed under the GNU General Public License.
long: This file is part of {project}.
{project} is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
{project} is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with {project}. If not, see <http://www.gnu.org/licenses/>.

View File

@ -117,19 +117,15 @@ elif [ "$1" = check ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0 [ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash || exit 10 . /var/local/src/var_local_src.bash || exit 10
ols_run_tests_exit $1 || exit 10$? msys_var_local_src_prog_key $1 || exit 10$?
elif [ "$1" = 'lint' ] ; then elif [ "$1" = 'lint' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0 [ -f /var/local/src/var_local_src.bash ] || exit 0
. /var/local/src/var_local_src.bash . /var/local/src/var_local_src.bash
ols_run_tests_exit $1 || exit 20$? msys_var_local_src_prog_key $1 || exit 20$?
ols_run_tests_shellcheck $ROLE || exit 21$? ols_run_tests_shellcheck $ROLE || exit 21$?
ols_run_tests_pylint || exit 22$? ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then elif [ "$1" = 'test' ] ; then
[ -f /var/local/src/var_local_src.bash ] || exit 0 msys_var_local_src_prog_key $1 || exit 51$?
. /var/local/src/var_local_src.bash || exit 50
ols_run_tests_exit $1 || exit 51$?
ols_test_srcs test || exit 52$?
fi fi

View File

@ -32,20 +32,21 @@ if [ "$#" -eq 0 ] ; then
elif [ "$1" = 'check' ] ; then elif [ "$1" = 'check' ] ; then
exit 0 exit 0
ols_run_checks_pip3 msys_run_checks_pip3
ols_run_tests_exit check || exit 10$? msys_var_local_src_prog_key check || exit 10$?
exit $? exit $?
elif [ "$1" = 'lint' ] ; then elif [ "$1" = 'lint' ] ; then
exit 0 exit 0
ols_run_tests_shellcheck $ROLE || exit 2$? ols_run_tests_shellcheck $ROLE || exit 2$?
ols_run_tests_exit $1 || exit 21$? msys_var_local_src_prog_key $1 || exit 21$?
ols_run_tests_pylint || exit 22$? # ols_run_tests_pylint || exit 22$?
elif [ "$1" = 'test' ] ; then elif [ "$1" = 'test' ] ; then
exit 0 exit 0
ols_run_tests_exit $1 || exit 30$? msys_var_local_src_prog_key $1 || exit 30$?
ols_gentoo_test_imports || exit 32$? msys_check_pips_inst
msys_gentoo_test_imports || exit 32$?
#hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$? #hangs /usr/bin/expect gpgkey_test_gpg.exp foobar || exit 31$?
fi fi

View File

@ -8,38 +8,6 @@
# - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}" # - "{{ ansible_distribution }}/{{ BOX_SERVICE_MGR }}"
- name: install toxcore packages
environment: "{{ portage_proxy_env }}"
shell: |
role=toxcore
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst }} \
{{ toxcore_qemu_pkgs_inst if 'qemu' in TOXCORE_FEATURES else '' }} \
{{ toxcore_qemu_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_libvirt_pkgs_inst if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ toxcore_docker_pkgs_inst if 'docker' in TOXCORE_FEATURES else '' }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: install toxcore packages GUEST
environment: "{{ portage_proxy_env }}"
shell: |
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/bin/usr_local_base.bash box_gentoo_emerge \
{{proxy_pkgs_bootstrap}} \
{{ toxcore_pkgs_inst_guest }} \
|| exit $?
[ -z "{{AGI_bootstrap_pips3}}" ] || pip3.sh install {{AGI_bootstrap_pips3}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"
- name: /etc/conf.d/consolefont - name: /etc/conf.d/consolefont
blockinfile: blockinfile:
dest: "/etc/{{ETC_CONF_D}}/consolefont" dest: "/etc/{{ETC_CONF_D}}/consolefont"
@ -185,3 +153,33 @@
when: when:
- "{{ ansible_virtualization_role|replace('NA', 'host') != 'host' }}" - "{{ ansible_virtualization_role|replace('NA', 'host') != 'host' }}"
- name: EMERGE toxcore packages
environment: "{{ portage_proxy_env }}"
shell: |
role=toxcore
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/sbin/box_gentoo_emerge.bash \
{{ ' '.join(toxcore_pkgs_inst) }} \
{{ ' '.join(toxcore_qemu_pkgs_inst) if 'qemu' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_qemu_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_libvirt_pkgs_inst) if 'libvirt' in TOXCORE_FEATURES else '' }} \
{{ ' '.join(toxcore_docker_pkgs_inst) if 'docker' in TOXCORE_FEATURES else '' }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: EMERGE toxcore packages GUEST
environment: "{{ portage_proxy_env }}"
shell: |
cd {{ BASE_ROOT_LOG_DIR }} || exit 2
/usr/local/sbin/box_gentoo_emerge.bash \
{{ ' '.join(proxy_pkgs_bootstrap) }} \
{{ ' '.join(toxcore_pkgs_inst_guest) }} \
|| exit $?
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"

View File

@ -0,0 +1,2 @@
- include_tasks: Gentoo/Pentoo/use.yml
- include_tasks: Gentoo/Pentoo/mask.yml

View File

@ -0,0 +1,47 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.2
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.0
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
=app-emulation/qemu-guest-agent-8.0.3
- name: "/etc/portage/package.mask/2023_BROKEN.txt"
blockinfile:
dest: /etc/portage/package.mask/2023_BROKEN.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
=app-emulation/libvirt-9.4.0-r1
- name: "/etc/portage/package.mask/2022_BLOCKED.txt"
blockinfile:
dest: /etc/portage/package.mask/2022_BLOCKED.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore docker"
block: |
app-containers/docker-compose

View File

@ -0,0 +1,359 @@
# -*- mode: yaml; tab-width: 0; coding: utf-8-unix -*-
# This is an automatically generated file: do not edit
---
- name: "/etc/portage/package.use/2020-03_jq.txt"
blockinfile:
dest: /etc/portage/package.use/2020-03_jq.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore jq"
block: |
app-misc/jq oniguruma
- name: "/etc/portage/package.use/2017-01_git.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_git.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore git"
block: |
dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
- name: "/etc/portage/package.use/2017-01-01_libguestfs.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01-01_libguestfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore iptables"
block: |
net-firewall/iptables nftables ipv6
- name: "/etc/portage/package.use/2017-01_git.txt"
blockinfile:
dest: /etc/portage/package.use/2017-01_git.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore git"
block: |
dev-vcs/git -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
- name: "/etc/portage/package.use/2017-08_testdisk.txt"
blockinfile:
dest: /etc/portage/package.use/2017-08_testdisk.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore testdisk"
block: |
app-admin/testdisk ntfs qt5 -ewf
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zstd"
block: |
app-arch/zstd static-libs
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libsodium"
block: |
dev-libs/libsodium verify-sig
- name: "/etc/portage/package.use/2016-11_world.txt"
blockinfile:
dest: /etc/portage/package.use/2016-11_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx svc
- name: "/etc/portage/package.use/2019-02_electron.txt"
blockinfile:
dest: /etc/portage/package.use/2019-02_electron.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx postproc svc
- name: "/etc/portage/package.use/2013-07-cryptsetup.txt"
blockinfile:
dest: /etc/portage/package.use/2013-07-cryptsetup.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore argon2"
block: |
app-crypt/argon2 static-libs
- name: "/etc/portage/package.use/2020-01_static-libs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_static-libs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore argon2"
block: |
app-crypt/argon2 static-libs
- name: "/etc/portage/package.use/2016-11_world.txt"
blockinfile:
dest: /etc/portage/package.use/2016-11_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx svc
- name: "/etc/portage/package.use/2019-02_electron.txt"
blockinfile:
dest: /etc/portage/package.use/2019-02_electron.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvpx"
block: |
media-libs/libvpx postproc svc
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxcb"
block: |
x11-libs/libxcb xkb
- name: "/etc/portage/package.use/2018-01_qt.txt"
blockinfile:
dest: /etc/portage/package.use/2018-01_qt.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxkbcommon"
block: |
x11-libs/libxkbcommon X tools
- name: "/etc/portage/package.use/2020-01_readline.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_readline.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2 -readline
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2:2 verify-sig
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libxml2"
block: |
dev-libs/libxml2 python icu ipv6 lzma
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2021-08_wafw00f.txt"
blockinfile:
dest: /etc/portage/package.use/2021-08_wafw00f.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore requests"
block: |
dev-python/requests socks5
- name: "/etc/portage/package.use/2020-00_dbus.txt"
blockinfile:
dest: /etc/portage/package.use/2020-00_dbus.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore dbus"
block: |
sys-apps/dbus X elogind -systemd
- name: "/etc/portage/package.use/2020-01_dbus.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_dbus.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore dbus"
block: |
sys-apps/dbus X elogind -systemd
- name: "/etc/portage/package.use/2021-01_wayland.txt"
blockinfile:
dest: /etc/portage/package.use/2021-01_wayland.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore gtk+"
block: |
x11-libs/gtk+ X -wayland
- name: "/etc/portage/package.use/2021-04_world.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_world.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore vte"
block: |
x11-libs/vte crypt -icu introspection vala -debug -gtk-doc -systemd -vanilla
- name: "/etc/portage/package.use/2022-01_xterms.txt"
blockinfile:
dest: /etc/portage/package.use/2022-01_xterms.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore vte"
block: |
x11-libs/vte vanilla
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs-kmod"
block: |
sys-fs/zfs-kmod verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs"
block: |
sys-fs/zfs verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore zfs"
block: |
sys-fs/zfs-kmod verify-sig
- name: "/etc/portage/package.use/2020-01_nls.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_nls.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu -nls
- name: "/etc/portage/package.use/2021-04_qemu.txt"
blockinfile:
dest: /etc/portage/package.use/2021-04_qemu.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore qemu"
block: |
app-emulation/qemu python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
- name: "/etc/portage/package.use/2019-09_spice-gtk.txt"
blockinfile:
dest: /etc/portage/package.use/2019-09_spice-gtk.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
block: |
>=net-misc/spice-gtk-0.35 usbredir
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore spice-gtk"
block: |
net-misc/spice-gtk policykit
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt apparmor audit -bash-completion caps -dbus -dtrace -firewalld fuse -glusterfs -iscsi -iscsi-direct libssh libvirtd lvm lxc -macvtap -nfs -nls numa -openvz parted pcap -policykit qemu -rbd -sasl -selinux udev vepa verify-sig virt-network virtualbox -wireshark-plugins -xen -zfs
- name: "/etc/portage/package.use/2020-10_nfs.txt"
blockinfile:
dest: /etc/portage/package.use/2020-10_nfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt -nfs
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
app-emulation/libvirt verify-sig
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2020-01_polkit.txt"
blockinfile:
dest: /etc/portage/package.use/2020-01_polkit.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore virt-manager"
block: |
app-emulation/virt-manager gtk -policykit virtualbox libvirtd caps dbus fuse libssh lxc macvtap numa parted pcap policykit qemu vepa virt-network
- name: "/etc/portage/package.use/2019-11_qxl.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_qxl.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore xf86-video-qxl"
block: |
x11-drivers/xf86-video-qxl xspice
- name: "/etc/portage/package.use/2019-11_libguestfs.txt"
blockinfile:
dest: /etc/portage/package.use/2019-11_libguestfs.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libguestfs"
block: |
app-emulation/libguestfs parted virtualbox libvirt -erlang -lua perl fuse gtk inspect-icons introspection -ocaml python -ruby
- name: "/etc/portage/package.use/2023-00_python-3.11.txt"
blockinfile:
dest: /etc/portage/package.use/2023-00_python-3.11.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libguestfs"
block: |
app-emulation/libguestfs python_single_target_python3_11
- name: "/etc/portage/package.use/2021-00_verify-sig.txt"
blockinfile:
dest: /etc/portage/package.use/2021-00_verify-sig.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore libvirt-python"
block: |
dev-python/libvirt-python verify-sig
- name: "/etc/portage/package.use/2017-02_docker.txt"
blockinfile:
dest: /etc/portage/package.use/2017-02_docker.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore tini"
block: |
sys-process/tini static args
- name: "/etc/portage/package.use/2017-02_docker.txt"
blockinfile:
dest: /etc/portage/package.use/2017-02_docker.txt
create: true
marker: "# {mark} Ansible Managed Block toxcore docker"
block: |
app-containers/docker btrfs

View File

@ -29,6 +29,8 @@
echo "INFO: toxcore_log_daily {{HARDEN_LOG_DIR}}" echo "INFO: toxcore_log_daily {{HARDEN_LOG_DIR}}"
cd {{USR_LOCAL}}/bin cd {{USR_LOCAL}}/bin
toxcore_daily.bash toxcore_daily.bash
become: yes
become_user: "{{ BOX_USER_NAME }}"
register: toxcore_log_daily register: toxcore_log_daily
notify: summary of logs notify: summary of logs
ignore_errors: true ignore_errors: true

View File

@ -0,0 +1,122 @@
# -*- mode: yaml; indent-tabs-mode: nil; tab-width: 2; coding: utf-8-unix -*-
---
- name: "proxy libvirt.yml"
debug:
verbosity: 1
msg: "proxy libvirt.yml BOX_TOXCORE_FEATURES={{BOX_TOXCORE_FEATURES}}"
# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy
# from Gateway
- block:
- name: "/etc/libvirt/virtlogd.conf"
lineinfile:
path: /etc/libvirt/virtlogd.conf
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: log_filters
val: "1:logging 4:object 4:json 4:event 1:util"
- key: log_outputs
val: "3:file:/var/log/libvirt/virtlogd.log"
# /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a
- name: /usr/local/etc/init.d/libvirtd.openrc
shell: |
cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd
chmod 755 /etc/init.d/libvirtd
args:
creates: /etc/init.d/libvirtd
when: false # where is virtlogd
- name: "/etc/libvirt/qemu.conf"
blockinfile:
dest: "/etc/libvirt/qemu.conf"
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = {{ item.val }}
with_items:
- { name: 'migration_address', val: '"0.0.0.0"' }
- { name: 'user', val: '"root"' }
#? why qemu - serverfault sez must be root for passthrough
# root is not enough for passthorugh mounting rw
- { name: 'group', val: '"root"' }
#? why
- { name: 'dynamic_ownership', val: '1' }
#?? why
# error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
# - { name: 'swtpm_user', val: '"tss"' }
#?? why
# error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss'
# - { name: 'swtpm_group', val: '"tss"' }
# - { name: '', val: '' }
ignore_errors: true
# required
when: not ansible_check_mode
- name: "/etc/libvirt/libvirtd.conf"
blockinfile:
dest: /etc/libvirt/libvirtd.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK toxcore vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = "{{ item.val }}"
with_items:
#listen_addr = "192.168.0.1"
- { name: "listen_addr", val: "127.0.0.1" }
#_sock_group = "libvirt"
- { name: "unix_sock_group", val: "libvirt" }
- { name: "unix_sock_ro_perms", val: "0750" }
- { name: "unix_sock_rw_perms", val: "0770" }
#ca_file = "/etc/pki/CA/cacert.pem"
- { name: "ca_file", val: "{{ PLAY_CA_CERT }}" }
- { name: "auth_unix_ro", val: "none" }
- { name: "auth_unix_rw", val: "none" }
- { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" }
- { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" }
#
# - { name: "", val: "" }
ignore_errors: true
# required
when: not ansible_check_mode
notify: restart libvirtd
- name: /etc/modprobe.d/nbd.conf"
shell: |
file="/etc/modprobe.d/nbd.conf"
[ -f $file ] || echo >$file options nbd max_part=16
args:
creates: /etc/modprobe.d/nbd.conf
- name: "/etc/default/libvirt-guests"
lineinfile:
path: /etc/default/libvirt-guests
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: ON_BOOT
val: ignore
when:
- "ansible_distribution == 'Debian'"
- name: /usr/local/sbin/proxy_libvirt_install.bash
shell: |
/usr/local/sbin/proxy_libvirt_install.bash
when: false
when:
- "'libvirt' in BOX_TOXCORE_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"

View File

@ -12,7 +12,7 @@
shell: | shell: |
base="hulahoop" base="hulahoop"
URL="www.whonix.org/$base" URL="www.whonix.org/$base"
dir="{{HARDEN_VAR_LOCAL}}/net/Http/" dir="{{TOXCORE_USR_LOCAL}}/net/Http/"
[ -d $dir ] || mkdir $dir [ -d $dir ] || mkdir $dir
[ -f $dir/$URL.asc ] || wget {{BASE_WGET_ARGS}} -xc -P $dir https://$URL.asc || exit 3 [ -f $dir/$URL.asc ] || wget {{BASE_WGET_ARGS}} -xc -P $dir https://$URL.asc || exit 3
# FixMe: # FixMe:
@ -21,32 +21,12 @@
grep 'imported: 1' /tmp/V$$.out grep 'imported: 1' /tmp/V$$.out
exit 0 exit 0
args: args:
creates: "{{HARDEN_VAR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc" creates: "{{TOXCORE_USR_LOCAL}}/net/Http/www.whonix.org/hulahoop.asc"
when: when:
- not ansible_check_mode - not ansible_check_mode
- BASE_ARE_CONNECTED|default('') != '' - BASE_ARE_CONNECTED|default('') != ''
ignore_errors: true ignore_errors: true
- block:
- name: "/etc/libvirt/virtlogd.conf"
lineinfile:
path: /etc/libvirt/virtlogd.conf
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: log_filters
val: "1:logging 4:object 4:json 4:event 1:util"
- key: log_outputs
val: "3:file:/var/log/libvirt/virtlogd.log"
when:
- "'libvirt' in BOX_HOSTVMS_FEATURES or BOX_WHONIX_PROXY_HOST != ''"
- "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- name: /etc/sysctl.d/70_testforge_libvirt.conf - name: /etc/sysctl.d/70_testforge_libvirt.conf
blockinfile: blockinfile:
dest: /etc/sysctl.d/70_testforge_libvirt.conf dest: /etc/sysctl.d/70_testforge_libvirt.conf
@ -176,100 +156,3 @@
- false # use xml instead - false # use xml instead
- "ansible_virtualization_role|replace('NA', 'host') == 'host'" - "ansible_virtualization_role|replace('NA', 'host') == 'host'"
# console=tty0 console=ttyS0,115200n8 spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy
# from Gateway
- block:
# /usr/portage/app-emulation/libvirt/files/libvirtd.init-r19 after livirt-7.2.0a
- name: /usr/local/sbin/proxy_whonix-libvirt-install.bash
shell: |
cp -p /usr/local/etc/init.d/libvirtd.openrc /etc/init.d/livirtd
chmod 755 /etc/init.d/libvirtd
args:
creates: /etc/init.d/libvirtd
- name: "/etc/libvirt/qemu.conf"
blockinfile:
dest: "/etc/libvirt/qemu.conf"
create: false
marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = {{ item.val }}
with_items:
- { name: 'migration_address', val: '"0.0.0.0"' }
- { name: 'user', val: '"root"' }
#? why qemu - serverfault sez must be root for passthrough
# root is not enough for passthorugh mounting rw
- { name: 'group', val: '"root"' }
#? why
- { name: 'dynamic_ownership', val: '1' }
#?? why
# error : virGetUserID:1041 : invalid argument: Failed to parse user 'tss'
# - { name: 'swtpm_user', val: '"tss"' }
#?? why
# error : virGetGroupID:1124 : invalid argument: Failed to parse group 'tss'
# - { name: 'swtpm_group', val: '"tss"' }
# - { name: '', val: '' }
ignore_errors: true
# required
when: not ansible_check_mode
- name: "/etc/libvirt/libvirtd.conf"
blockinfile:
dest: /etc/libvirt/libvirtd.conf
create: yes
marker: "# {mark} ANSIBLE MANAGED BLOCK hostvms vms {{item.name}}"
insertafter: '^#* *{{item.name}}.*'
block: |
{{ item.name }} = "{{ item.val }}"
with_items:
#listen_addr = "192.168.0.1"
- { name: "listen_addr", val: "127.0.0.1" }
#_sock_group = "libvirt"
- { name: "unix_sock_group", val: "libvirt" }
- { name: "unix_sock_ro_perms", val: "0750" }
- { name: "unix_sock_rw_perms", val: "0770" }
#ca_file = "/etc/pki/CA/cacert.pem"
- { name: "ca_file", val: "{{ PLAY_CA_CERT }}" }
- { name: "auth_unix_ro", val: "none" }
- { name: "auth_unix_rw", val: "none" }
- { name: "log_filters", val: "1:qemu 1:libvirt 4:object 4:json 4:event 1:util" }
- { name: "log_outputs", val: "3:file:/var/log/libvirtd.log" }
#
# - { name: "", val: "" }
ignore_errors: true
# required
when: not ansible_check_mode
notify: restart libvirtd
- name: /etc/modprobe.d/nbd.conf"
shell: |
file="/etc/modprobe.d/nbd.conf"
[ -f $file ] || echo >$file options nbd max_part=16
args:
creates: /etc/modprobe.d/nbd.conf
- name: "/etc/default/libvirt-guests"
lineinfile:
path: /etc/default/libvirt-guests
create: yes
mode: 0755
insertafter: BOF
line: '{{item.key}}="{{item.val}}"'
regexp: "^#{{item.key}}.*"
with_items:
- key: ON_BOOT
val: ignore
when:
- "ansible_distribution == 'Debian'"
- name: /usr/local/sbin/proxy_whonix-libvirt-install.bash
shell: |
/usr/local/sbin/proxy_whonix-libvirt-install.bash
args:
creates: /etc/libvirt/qemu/Whonix-Gateway.xml
when:
- ansible_virtualization_role|replace('NA', 'host') == 'host'

View File

@ -106,19 +106,6 @@
- name: include by-platform tasks - name: include by-platform tasks
include_tasks: "{{ ansible_distribution }}.yml" include_tasks: "{{ ansible_distribution }}.yml"
- name: grub.cfg from roles/ansible-gentoo_install/tasks/
shell: |
LINE="rd.skipfsck=1 ipv6.disable=1 console=tty1 lang=en keymap=us"
# LINE="$LINE pti=on doscsi iommu=pt amd_iommu=on debugfs=off efi=disable_early_pci_dma extra_latent_entropy init_on_free=1 kvm.nx_huge_pages=force l1tf=full,force mce=0 mds=full,nosmt nosmt=force page_alloc.shuffle=1 pti=on random.trust_cpu=off slab_nomerge slub_debug=FZ spec_store_bypass_disable=on spectre_v2=on tsx_async_abort=full,nosmt vsyscall=none "
LINE="$LINE intel_iommu=on vga=0x315 text"
grep /boot /etc/fstab || exit 1
df | grep /boot || mount /boot || exit 2
[ -d /boot/grub ] || exit 3
[ -f /boot/grub/grub.cfg ] || exit 4
[ -f /boot/grub/grub.cfg.dst ] || cp -p /boot/grub/grub.cfg /boot/grub/grub.cfg.dst
sed -e 's@ ro *$@ '"$LINE"' ro@' -i /boot/grub/grub.cfg
ignore_errors: true
- name: add standard_users to groups - name: add standard_users to groups
user: user:
name: "{{ item.0 }}" name: "{{ item.0 }}"
@ -126,12 +113,15 @@
groups: "{{ item.1 }}" groups: "{{ item.1 }}"
when: when:
- item != '' - item != ''
- "len(toxcore_system_users) > 0"
# some groups may not be there # some groups may not be there
ignore_errors: true ignore_errors: true
with_nested: with_nested:
- "{{ base_system_users }}" -
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}" - "{{ toxcore_system_users }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}" -
- "{{ toxcore_standard_users_groups_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_standard_users_groups_guest if ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
- name: "make a directory for /data/Vms" - name: "make a directory for /data/Vms"
file: file:
@ -156,6 +146,7 @@
when: when:
- toxcore_gpg_keys_system|length > 0 - toxcore_gpg_keys_system|length > 0
- BASE_ARE_CONNECTED|default('') != '' - BASE_ARE_CONNECTED|default('') != ''
- false # none yet
ignore_errors: true ignore_errors: true
- name: "toxcore gpg keys gentoo" - name: "toxcore gpg keys gentoo"
@ -182,13 +173,12 @@
environment: "{{ shell_proxy_env }}" environment: "{{ shell_proxy_env }}"
shell: | shell: |
umask 0002 umask 0002
sudo -u "{{ BOX_USER_NAME }}" \
bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \ bash {{TOXCORE_USR_LOCAL}}/src/usr_local_toxcore.bash \
{{ 'check' if ansible_check_mode }} {{ 'check' if ansible_check_mode }}
exit 0 exit 0
args: args:
chdir: "{{TOXCORE_USR_LOCAL}}/src" chdir: "{{TOXCORE_USR_LOCAL}}/src"
become: yes
become_user: "{{ BOX_USER_NAME }}"
ignore_errors: true ignore_errors: true
check_mode: false check_mode: false
@ -201,26 +191,32 @@
- LOOP_ITEM != '' and LOOP_ITEM != [] - LOOP_ITEM != '' and LOOP_ITEM != []
with_items: with_items:
- "vms" - "vms"
- "{{ 'libvirt_whonix' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_HOSTVMS_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}" - "{{ 'libvirt' if (BOX_WHONIX_PROXY_HOST != '' or 'libvirt' in BOX_TOXCORE_FEATURES or 'whonix' in BOX_TOXCORE_FEATURES) else [] }}"
loop_control: loop_control:
loop_var: LOOP_ITEM loop_var: LOOP_ITEM
- name: "include_tasks toxcore users on the command host"
include_tasks: - name: install toxcore pips HOST
file: "{{ LOOP_USER_F[1] }}" environment: "{{ portage_proxy_env }}"
apply: shell: |
environment: "{{ proxy_env }}" sudo -u "{{ BOX_USER_NAME }}" \
become_user: "{{ LOOP_USER_F[0] }}" pip3.sh install {{' '.join(toxcore_pips3_inst_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_pips3_inst_guest)}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when: when:
- "LOOP_USER_F[1] != ''" - BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') == 'host'" - "ansible_virtualization_role|replace('NA', 'host') == 'host'"
with_nested: - "len(toxcore_pips3_inst) > 0"
-
- "{{ toxcore_system_users }}" - name: install toxcore pips GUEST
- environment: "{{ portage_proxy_env }}"
- users.yml shell: |
loop_control: [ -z "{{' '.join(toxcore_pips3_inst_guest)}}" ] || \
loop_var: LOOP_USER_F sudo -u "{{ BOX_USER_NAME }}" \
pip3.sh install {{' '.join(toxcore_pips3_inst_guest)}}
ignore_errors: "{{ BASE_PKG_IGNORE_ERRORS }}"
when:
- BASE_ARE_CONNECTED|default('') != ''
- "ansible_virtualization_role|replace('NA', 'host') != 'host'"
- name: "include_tasks toxcore users as user" - name: "include_tasks toxcore users as user"
include_tasks: include_tasks:
@ -233,7 +229,6 @@
- "ansible_virtualization_role|replace('NA', 'host') == 'host'" - "ansible_virtualization_role|replace('NA', 'host') == 'host'"
- false - false
with_nested: with_nested:
- "{{ toxcore_system_users }}"
- -
#no - users #no - users
- "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}" - "{{ 'libvirt_users' if 'libvirt' in TOXCORE_FEATURES else '' }}"
@ -250,8 +245,7 @@
when: when:
- "item != ''" - "item != ''"
- ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS - ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
- "toxcore_services_enabled|length > 0" with_items: "{{ toxcore_services_enabled_host if ansible_virtualization_role|replace('NA', 'host') == 'host' else toxcore_services_enabled_guest }}"
with_items: "{{ toxcore_services_enabled }}"
ignore_errors: true ignore_errors: true
- name: start toxcore services - name: start toxcore services
@ -375,22 +369,22 @@
- name: ansible-keepassxc - name: ansible-keepassxc
ansible-keepassxc: ansible-keepassxc:
database: "{{ base_passwords_database }}" database: "{{ base_passwords_database }}"
entry: "HOSTVMS_LXD_TRUST_PASSWORD" entry: "TOXCORE_LXD_TRUST_PASSWORD"
group: "/Ansible/hostvms" group: "/Ansible/toxcore"
password: "{{ base_passwords_password }}" password: "{{ base_passwords_password }}"
no_log: False no_log: False
register: hostvms_lxd_trust_password register: toxcore_lxd_trust_password
- debug: - debug:
verbosity: 1 verbosity: 1
var: hostvms_lxd_trust_password var: toxcore_lxd_trust_password
check_mode: false check_mode: false
rescue: rescue:
- debug: - debug:
verbosity: 1 verbosity: 1
msg: "hostvms vms.yml WARN undefined or missing base_passwords_database " msg: "toxcore vms.yml WARN RESCUE undefined or missing base_passwords_database "
- set_fact: - set_fact:
base_passwords_password: "{{HOSTVMS_LXD_TRUST_PASSWORD}}" base_passwords_password: "{{TOXCORE_LXD_TRUST_PASSWORD}}"
when: false when: false

View File

@ -7,6 +7,14 @@
verbosity: 1 verbosity: 1
msg: "toxcore users.yml LOOP_USER_F={{LOOP_USER_F[0]}}" msg: "toxcore users.yml LOOP_USER_F={{LOOP_USER_F[0]}}"
- name: "make ro directories"
file:
path: "{{ item.dest|expanduser }}"
state: directory
mode: 0750
with_items:
- "~/.gpg"
- block: - block:
# https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git # https://stackoverflow.com/questions/13114268/passing-ciphers-to-libcurl-through-git
@ -148,7 +156,7 @@
HTTPS_PROXY={{HTTPS_PROXYTYPE}}://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}} HTTPS_PROXY={{HTTPS_PROXYTYPE}}://{{HTTPS_PROXYHOST}}:{{HTTPS_PROXYPORT}}
when: when:
- "'docker' in HOSTVMS_FEATURES|default([])" - "'docker' in TOXCORE_FEATURES|default([])"
- name: Run c-toxcore ctest on the tester - name: Run c-toxcore ctest on the tester
delegate_to: localhost delegate_to: localhost

View File

@ -25,6 +25,30 @@
# see /etc/libvirt/qemu.conf # see /etc/libvirt/qemu.conf
- "{{ '/etc/pki/qemu' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}" - "{{ '/etc/pki/qemu' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}"
- name: "make a directory 775"
file:
path: "{{item }}"
state: directory
owner: "{{BOX_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
mode: 0775
when:
- "item != ''"
with_items:
- /etc/sysctl.conf.d
- name: "make a directory 1777"
file:
path: "{{item }}"
state: directory
owner: "{{BOX_ROOT_USER}}"
group: "{{BOX_ROOT_GROUP}}"
mode: 01777
when:
- "item != ''"
with_items:
- /run/tmp
- block: - block:
- name: increase fs.inotify.max_user_instances (default 128) - name: increase fs.inotify.max_user_instances (default 128)
@ -38,11 +62,6 @@
net.ipv4.ip_forward = 1 net.ipv4.ip_forward = 1
# NB this is per user # NB this is per user
- name: check ulimit
shell: |
[ `ulimit -n` -lt 4913709 ]
register: ulimit_retval
# Kernel ulimit is less than the expected value! This might induce RC test # Kernel ulimit is less than the expected value! This might induce RC test
- name: /etc/security/limits.conf - name: /etc/security/limits.conf
blockinfile: blockinfile:
@ -72,7 +91,7 @@
# need this in libvirt guest. # need this in libvirt guest.
when: when:
# do this anyway for tor and everybody else # do this anyway for tor and everybody else
- true or ulimit_retval.rc|default(1) == 0 - true
when: when:
- true or ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS - true or ansible_connection|default('') not in PLAY_CHROOT_CONNECTIONS
@ -101,16 +120,18 @@
check_mode: false check_mode: false
- name: /etc/sysctl.conf.d/20_hugepages.conf - name: /etc/sysctl.conf.d/20_hugepages.conf
check_mode: false
lineinfile: lineinfile:
dest: /etc/sysctl.conf.d/20_hugepages.conf dest: /etc/sysctl.conf.d/20_hugepages.conf
regexp: '^#* *{{item.key}}.*' regexp: '^#* *{{item.key}}.*'
line: "{{item.key}} = {{item.val}}" line: "{{item.key}} = {{item.val}}"
state: present state: present
create: yes
with_items: with_items:
# https://wiki.archlinux.org/title/KVM#Enabling_huge_pages # https://wiki.archlinux.org/title/KVM#Enabling_huge_pages
# boot cmdline hugepages= # boot cmdline hugepages=
- { key: "vm.nr_hugepages", val: "550" } - { key: "vm.nr_hugepages", val: "550" }
check_mode: false
ignore_errors: true
when: when:
- ansible_virtualization_role|replace('NA', 'host') == 'host' or - ansible_virtualization_role|replace('NA', 'host') == 'host' or
@ -119,7 +140,7 @@
rescue: rescue:
- debug: - debug:
verbosity: 1 verbosity: 1
msg: "Ignoring error" msg: "INFO: RESCUE vms Ignoring error"
#libvirt #libvirt
- block: - block:

View File

@ -14,15 +14,29 @@ toxcore_standard_users_groups_host:
- "{{ 'kvm' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}" - "{{ 'kvm' if ( 'qemu' in TOXCORE_FEATURES or 'libvirt' in TOXCORE_FEATURES ) else '' }}"
- "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}" - "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}"
toxcore_libvirt_services: toxcore_libvirt_services_host:
- libvirtd - libvirtd
# - qemu-guest-agent
toxcore_pkgs_inst_guest: [] toxcore_libvirt_services_guest:
- agetty
- qemu-guest-agent
toxcore_pkgs_inst_guest:
- dev-python/pip
- app-misc/jq
# install
- app-misc/jq
- dev-vcs/git
- net-vpn/corkscrew
- net-analyzer/openbsd-netcat
- net-firewall/iptables
toxcore_pkgs_inst: toxcore_pkgs_inst:
- net-firewall/iptables - dev-vcs/git
- app-portage/gentoolkit - gpg
- python3-yaml
- xmlstarlet
# - app-portage/gentoolkit
- sys-apps/gptfdisk - sys-apps/gptfdisk
- app-admin/testdisk - app-admin/testdisk
- app-arch/zstd - app-arch/zstd
@ -30,11 +44,16 @@ toxcore_pkgs_inst:
- net-misc/bridge-utils - net-misc/bridge-utils
- sys-apps/sdparm - sys-apps/sdparm
- sys-apps/hdparm - sys-apps/hdparm
# install # toxcore
- app-misc/jq - virtual/pkgconfig
- dev-vcs/git - dev-libs/libsodium # [asm,urandom,-minimal]
- net-vpn/corkscrew - dev-libs/libconfig
- net-analyzer/openbsd-netcat - media-libs/opus
- media-libs/libvpx
- app-crypt/argon2
- media-gfx/qrencode
- dev-cpp/gtest
- dev-util/meson
### virt-manager ### virt-manager
- media-libs/libvpx - media-libs/libvpx
- net-libs/libpsl - net-libs/libpsl
@ -95,7 +114,11 @@ toxcore_docker_pkgs_inst:
toxcore_pips2_inst: [] toxcore_pips2_inst: []
toxcore_pips3_inst: # AGI_bootstrap_pips3
toxcore_pips3_inst_guest:
- negotiator-guest
toxcore_pips3_inst_host:
- pycrypto - pycrypto
- pywinrm - pywinrm
- requests-unixsocket - requests-unixsocket
@ -104,4 +127,48 @@ toxcore_pips3_inst:
- pysha3 - pysha3
- pycryptodomex - pycryptodomex
- pyanalyze - pyanalyze
- negotiator-host - negotiator-toxcore
# host
# - libconfig-dev
# - libgtest-dev
# - ninja-build
# - pkg-config
# - autotools-dev
# - autoconf
# - automake
# - bc
# - rsync
# - cmake
# - pkg-config
# - libtool
# - ssh
# - gzip
# - coreutils
# - libavutil-dev
# - libffms2-4
# - libgpac10
# - libx264-dev
# - x264
# - libv4lconvert0
# - libv4l-dev
# - libv4l-dev
# - libv4l2rds0
# - v4l-conf
# - v4l-utils
# - libv4l-dev
# - libtool
# - autotools-dev
# - automake
# - checkinstall
# - check
# - yasm
# - libv4lconvert0
# - libv4l-dev
# - libopus-dev
# - libvpx-dev
# - pkg-config
# - libx264-dev
# - libavcodec-dev
# - libavdevice-dev

View File

@ -24,14 +24,17 @@ toxcore_gpg_keys_system:
name: "Daniel Robbins (metro:node) <drobbins@funtoo.org>" name: "Daniel Robbins (metro:node) <drobbins@funtoo.org>"
key: "9266C4FA11FD00FD" key: "9266C4FA11FD00FD"
toxcore_services_enabled: []
# - qemu-guest-agent
toxcore_services_started: toxcore_services_started:
- "{{ toxcore_libvirt_services if 'libvirt' in TOXCORE_FEATURES else [] }}" - "{{ toxcore_libvirt_services_host if 'libvirt' in TOXCORE_FEATURES and ansible_virtualization_role|replace('NA', 'host') == 'host' else [] }}"
- "{{ toxcore_libvirt_services_guest if 'libvirt' in TOXCORE_FEATURES and ansible_virtualization_role|replace('NA', 'host') != 'host' else [] }}"
# not on Gentoo 5 # not on Gentoo 5
#? - "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}" #? - "{{ 'docker' if 'docker' in TOXCORE_FEATURES else '' }}"
toxcore_services_enabled_host: "{{toxcore_services_started}}"
toxcore_services_enabled_guest:
- qemu-quest-agent
toxcore_services_stopped: toxcore_services_stopped:
- "{{ toxcore_libvirt_services if 'libvirt' not in TOXCORE_FEATURES else [] }}" - "{{ toxcore_libvirt_services if 'libvirt' not in TOXCORE_FEATURES else [] }}"

View File

@ -1,15 +1,36 @@
# /etc/portage/package.use/2020-03_jq.txt jq
app-misc/jq% oniguruma
# /etc/portage/package.use/2017-01_git.txt git
dev-vcs/git% -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
# /etc/portage/package.use/2017-01-01_libguestfs.txt iptables # /etc/portage/package.use/2017-01-01_libguestfs.txt iptables
net-firewall/iptables% nftables ipv6 net-firewall/iptables% nftables ipv6
# /etc/portage/package.use/2017-01_git.txt git
dev-vcs/git% -gnupg -subversion -perl -pcre-jit -pcre -nls tk -gtk emacs
# /etc/portage/package.use/2017-08_testdisk.txt testdisk # /etc/portage/package.use/2017-08_testdisk.txt testdisk
app-admin/testdisk% ntfs qt5 -ewf app-admin/testdisk% ntfs qt5 -ewf
# /etc/portage/package.use/2020-01_static-libs.txt zstd # /etc/portage/package.use/2020-01_static-libs.txt zstd
app-arch/zstd% static-libs app-arch/zstd% static-libs
# /etc/portage/package.use/2020-03_jq.txt jq # /etc/portage/package.use/2021-00_verify-sig.txt libsodium
app-misc/jq% oniguruma dev-libs/libsodium% verify-sig
# /etc/portage/package.use/2016-11_world.txt libvpx
media-libs/libvpx% svc
# /etc/portage/package.use/2019-02_electron.txt libvpx
media-libs/libvpx% postproc svc
# /etc/portage/package.use/2013-07-cryptsetup.txt argon2
app-crypt/argon2% static-libs
# /etc/portage/package.use/2020-01_static-libs.txt argon2
app-crypt/argon2% static-libs
# /etc/portage/package.use/2016-11_world.txt libvpx # /etc/portage/package.use/2016-11_world.txt libvpx
media-libs/libvpx% svc media-libs/libvpx% svc
@ -69,10 +90,7 @@
app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd # app-emulation/qemu% -accessibility aio alsa bzip2 caps -capstone curl -debug doc fdt filecaps -fuse -glusterfs gnutls gtk -infiniband -io-uring -iscsi -jack -jemalloc jpeg lzo -multipath ncurses -nfs -nls numa opengl -oss pin-upstream-blobs plugins png -pulseaudio python -rbd sasl sdl sdl-image seccomp -selinux -slirp -smartcard snappy spice ssh -static -static-user -systemtap -test -udev usb usbredir vde vhost-net vhost-user-fs virgl virtfs vnc vte xattr -xen xfs zstd #
# /etc/portage/package.use/2023-00_python-3.11.txt qemu # /etc/portage/package.use/2023-00_python-3.11.txt qemu
app-emulation/qemu% -python_single_target_python3_10 python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10 app-emulation/qemu% python_single_target_python3_11 python_single_target_python3_11 -python_single_target_python3_10
# /etc/portage/package.use/2019-11_aqemu.txt aqemu
app-emulation/aqemu% vnc
# /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk # /etc/portage/package.use/2019-09_spice-gtk.txt spice-gtk
>=net-misc/spice-gtk-0.35% usbredir >=net-misc/spice-gtk-0.35% usbredir