second

overlay/Linux/usr/local/share/doc/txt/gitconfig3.txt

@@ -0,0 +1,93 @@
+# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
+
+== testserver box testing ==
+
+    >>> import os # doctest: +REPORT_ONLY_FIRST_FAILURE
+
+This is a Python doctest file that is executable documentation.
+It is built to run in the host against a Vagranted VirtualBox, and is run
+from the directory that contains the box's {{{.vagrant}}} subdirectory.
+
+    >>> import subprocess
+    >>> import sys
+    >>> import time
+
+And, now run tests against the box.
+
+    >>> sys.stderr.write("Running tests against box" +'\n')
+    26
+
+=== Box settings ===
+
+We'll need the settings defined in  {{{/usr/local/etc/testforge/testforge.yml}}}
+
+    >>> import yaml
+    >>> sFacts = open('/usr/local/etc/testforge/testforge.yml', 'rt').read()
+    >>> assert sFacts
+    >>> dFacts = yaml.safe_load(sFacts)
+
+=== .gitconfig ===
+
+We have a .gitconfig file in this directory that has our template
+of what we need up in the box to checkout from https://git.example.com
+You can edit the file and customize it, and we will use it as a
+Python string template, so look out for the {{{%()s}}} template fields.
+
+    >>> sDir =  os.path.dirname(__file__)
+    >>> sFile = os.path.join(sDir, example.gitconfig')
+    >>> assert os.path.isfile(sFile), "ERROR: File not found " +sFile
+    >>> sGitConfig = open(sFile, 'r').read()
+    >>> assert sGitConfig, "ERROR: Nothing in " +sFile
+    
+We will look for the environment variables:
+* {{{AAA_CERT}}} for the filename of your example certificate
+* {{{AAA_KEY}}} for the filename of your example key
+
+    >>> sCertFile = os.environ.get('AAA_CERT')
+    >>> assert sCertFile, "ERROR: we need AAA_CERT set in the environment"
+    >>> assert os.path.isfile(sCertFile), "ERROR: the AAA_CERT in the environment is not a file"
+
+    >>> sKeyFile = os.environ.get('AAA_KEY')
+    >>> assert sKeyFile, "ERROR: we need AAA_KEY set in the environment"
+    >>> assert os.path.isfile(sKeyFile), "ERROR: the AAA_KEY in the environment is not a file"
+
+    >>> sIdentityFile = os.path.expandvars('$HOME/.ssh/id_rsa')
+    >>> assert os.path.isfile(sIdentityFile), "ERROR: the file ~/.ssh/id_rsa is not a file"
+
+
+The directory we push to should have been created by Ansible.
+
+    >>> sBoxHome = dFacts['BOX_HOME']
+    >>> sDir = sBoxHome +'/etc/ssl/keys'
+    >>> run( "[ -d " +sDir +" ] || mkdir -p " +sDir) or None
+
+We will push these files up to the box so that we can use them.
+
+    >>> sUser = os.environ.get('USERNAME') or os.environ.get('USER')
+    >>> sTo = 'dd of=%s/%s@example.com-nodes.key' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sKeyFile) or None
+    >>> sTo = 'dd of=%s/%s@example.com-clcerts.key' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sCertFile) or None
+    >>> sTo = 'dd of=%s/%s@example.com-id_rsa' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sIdentityFile) or None
+    >>> sToDir = '%s/%s@*' % (sDir, sUser,)
+    >>> run( "chown 600 " +sToDir) or None
+
+Now we have the cert and key up we can write our templated {{{~/.gitconfig}}}
+
+    >>> sTempDir = os.environ.get('temp') or os.environ.get('TMP') or '/tmp'
+    >>> assert os.path.isdir(sTempDir)
+    >>> sFile = os.path.join(sTempDir, '.gitconfig')
+    >>> oFile = open(sFile, 'w')
+    >>> sGitConfig = sGitConfig % dict(USER=sUser, KEYSDIR=sDir,
+    ...               BOX_HOME=sBoxHome)
+    >>> try:
+    ...   oFile.write(sGitConfig)
+    ... finally:
+    ...   oFile.close()
+    >>> assert os.path.isfile(sFile)
+    >>> sTo = sBoxHome +'/.gitconfig'
+    >>> ssh_run_with_stdin('dd of=' +sTo, sFile) or None
+    >>> sys.stderr.write("Wrote templated .gitconfig to " +sFile +'\n')
+
+QED.

overlay/Linux/usr/local/share/doc/txt/gitconfigV.txt

@@ -0,0 +1,93 @@
+# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
+
+== testserver box testing ==
+
+    >>> import os # doctest: +REPORT_ONLY_FIRST_FAILURE
+
+This is a Python doctest file that is executable documentation.
+It is built to run in the host against a Vagranted VirtualBox, and is run
+from the directory that contains the box's {{{.vagrant}}} subdirectory.
+
+    >>> import subprocess
+    >>> import sys
+    >>> import time
+
+And, now run tests locally
+
+    >>> sys.stderr.write("Running tests locally" +'\n')
+    22
+
+=== Box settings ===
+
+We'll need the settings defined in  {{{/usr/local/etc/testforge/testforge.yml}}}
+
+    >>> import yaml
+    >>> sFacts = open('/usr/local/etc/testforge/testforge.yml', 'rt').read()
+    >>> assert sFacts
+    >>> dFacts = yaml.safe_load(sFacts)
+
+=== .gitconfig ===
+
+We have a .gitconfig file in this directory that has our template
+of what we need up in the box to checkout from https://git.example.com
+You can edit the file and customize it, and we will use it as a
+Python string template, so look out for the {{{%()s}}} template fields.
+
+    >>> sDir =  '/var/local/share/doc/txt'
+    >>> sFile = os.path.join(sDir, 'example.gitconfig')
+    >>> assert os.path.isfile(sFile), "ERROR: File not found " +sFile
+    >>> sGitConfig = open(sFile, 'r').read()
+    >>> assert sGitConfig, "ERROR: Nothing in " +sFile
+    
+We will look for the environment variables:
+* {{{AAA_CERT}}} for the filename of your example certificate
+* {{{AAA_KEY}}} for the filename of your example key
+
+    >>> sCertFile = os.environ.get('AAA_CERT')
+    >>> assert sCertFile, "ERROR: we need AAA_CERT set in the environment"
+    >>> assert os.path.isfile(sCertFile), "ERROR: the AAA_CERT in the environment is not a file"
+
+    >>> sKeyFile = os.environ.get('AAA_KEY')
+    >>> assert sKeyFile, "ERROR: we need AAA_KEY set in the environment"
+    >>> assert os.path.isfile(sKeyFile), "ERROR: the AAA_KEY in the environment is not a file"
+
+    >>> sIdentityFile = os.path.expandvars('$HOME/.ssh/id_rsa')
+    >>> assert os.path.isfile(sIdentityFile), "ERROR: the file ~/.ssh/id_rsa is not a file"
+
+
+The directory we push to should have been created by Ansible.
+
+    >>> sBoxHome = dFacts['BOX_HOME']
+    >>> sDir = sBoxHome +'/etc/ssl/keys'
+    >>> run( "[ -d " +sDir +" ] || mkdir -p " +sDir) or None
+
+We will push these files up to the box so that we can use them.
+
+    >>> sUser = os.environ.get('USERNAME') or os.environ.get('USER')
+    >>> sTo = 'dd of=%s/%s@example.com-nodes.key' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sKeyFile) or None
+    >>> sTo = 'dd of=%s/%s@example.com-clcerts.key' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sCertFile) or None
+    >>> sTo = 'dd of=%s/%s@example.com-id_rsa' % (sDir, sUser,)
+    >>> ssh_run_with_stdin(sTo, sIdentityFile) or None
+    >>> sToDir = '%s/%s@*' % (sDir, sUser,)
+    >>> run( "chown 600 " +sToDir) or None
+
+Now we have the cert and key up we can write our templated {{{~/.gitconfig}}}
+
+    >>> sTempDir = os.environ.get('temp') or os.environ.get('TMP') or '/tmp'
+    >>> assert os.path.isdir(sTempDir)
+    >>> sFile = os.path.join(sTempDir, '.gitconfig')
+    >>> oFile = open(sFile, 'w')
+    >>> sGitConfig = sGitConfig % dict(USER=sUser, KEYSDIR=sDir,
+    ...               BOX_HOME=sBoxHome)
+    >>> try:
+    ...   oFile.write(sGitConfig)
+    ... finally:
+    ...   oFile.close()
+    >>> assert os.path.isfile(sFile)
+    >>> sTo = sBoxHome +'/.gitconfig'
+    >>> ssh_run_with_stdin('dd of=' +sTo, sFile) or None
+    >>> sys.stderr.write("Wrote templated .gitconfig to " +sFile +'\n')
+
+QED.

overlay/Linux/usr/local/share/doc/txt/proxy2.txt

@@ -0,0 +1,21 @@
+# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
+
+== proxy box testing ==
+
+This is a Python doctest file that is executable documentation.
+It is built to run against a Vagranted VirtualBox, and is run from the
+directory that contains the box's {{{.vagrant}}} subdirectory.
+
+    >>> import subprocess
+    >>> import sys
+    >>> import time
+
+And, now run tests against the box.
+
+    >>> print("Running tests against box", file=sys.stderr)
+
+We should be able to get a page from our proxy
+
+    >>> sUrl = 'http://' +myip +':3128/'
+    >>> print ssh_run('wget -O - -q %s | grep Polipo | head -1' % (sUrl,))
+    <title>Welcome to Polipo</title>

overlay/Linux/usr/local/share/doc/txt/proxy3.txt

@@ -0,0 +1,47 @@
+#!/var/local/bin/testforge_run_doctest3.bash
+# -*-mode: doctest; tab-width: 0; py-indent-offset: 4; coding: utf-8-unix -*-
+
+== proxy testing ==
+
+This is a Python doctest file that is executable documentation.
+
+    >>> import os,sys # doctest: +REPORT_ONLY_FIRST_FAILURE
+
+And, now run tests against the box.
+
+    >>> sys.stderr.write("Running tests against box" +'\n')
+    2...
+
+=== Box settings ===
+
+We'll need the settings defined in  {{{/usr/local/etc/testforge/testforge.yml}}}
+
+    >>> import yaml
+    >>> sFacts = run('cat /usr/local/etc/testforge/testforge.yml')
+    >>> assert sFacts
+    >>> dFacts = yaml.safe_load(sFacts)
+
+=== /var/local/bin/proxy_hourly.bash ===
+
+    >>> os.system("/usr/local/bin/proxy_hourly.bash")
+    0
+
+=== /var/local/src check ===
+
+    >>> os.chdir ('/usr/local/src')
+    >>> os.system('sh usr_local_proxy.bash check')
+    0
+
+=== /var/local/src test ===
+
+    >>> os.chdir ('/usr/local/src')
+    >>> os.system('sh usr_local_proxy.bash test')
+    0
+
+=== /var/local/src lint ===
+
+    >>> os.chdir ('/usr/local/src')
+    >>> os.system('sh usr_local_proxy.bash lint')
+    0
+
+

overlay/Linux/usr/local/share/sed/fact_to_bash.sed

@@ -0,0 +1,7 @@
+# ROLE=proxy
+s@u*'@@g
+s@^ *@@
+s@\[@"@
+s@\]@"@
+s@, @ @g
+s@^@export @

overlay/Linux/usr/local/share/whonix-libvirt/xml/Kicksecure.xml

@@ -0,0 +1,80 @@
+<domain type='kvm'>
+  <name>Kicksecure</name>
+  <description>Do not change any settings if you do not understand the consequences! Learn more: https://www.whonix.org/wiki/KVM#XML_Settings</description>
+  <genid/>
+  <memory dumpCore='off' unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <memoryBacking>
+    <allocation mode='ondemand'/>
+    <discard/>
+    <nosharepages/>
+  </memoryBacking>
+  <blkiotune>
+    <weight>250</weight>
+  </blkiotune>
+  <vcpu placement='static' cpuset='1'>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <hap/>
+    <pvspinlock state='on'/>
+    <pmu state='off'/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough'/>
+  <clock offset='utc'>
+    <timer name='rtc' present='no'/>
+    <timer name='kvmclock' present='no'/>
+    <timer name='pit' present='no'/>
+    <timer name='hpet' present='no'/>
+    <timer name='hypervclock' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/Kicksecure.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <interface type='network'>
+      <source network='default'/>
+      <model type='virtio'/>
+      <driver name='qemu'/>
+    </interface>
+    <controller type='virtio-serial' index='0'/>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <graphics type='spice' autoport='yes'>
+      <clipboard copypaste='no'/>
+      <filetransfer enable='no'/>
+      <gl enable='no'/>
+    </graphics>
+    <sound model='ich6'>
+      <codec type='output'/>
+    </sound>
+    <video>
+      <model type='virtio' heads='1' primary='yes'/>
+    </video>
+    <memballoon model='none'/>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
+  </devices>
+</domain>

overlay/Linux/usr/local/share/whonix-libvirt/xml/Whonix-Custom-Workstation.xml

@@ -0,0 +1,80 @@
+<domain type='kvm'>
+  <name>Whonix-Custom-Workstation</name>
+  <description>Do not change any settings if you do not understand the consequences! Learn more: https://www.whonix.org/wiki/KVM#XML_Settings</description>
+  <genid/>
+  <memory dumpCore='off' unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <memoryBacking>
+    <allocation mode='ondemand'/>
+    <discard/>
+    <nosharepages/>
+  </memoryBacking>
+  <blkiotune>
+    <weight>250</weight>
+  </blkiotune>
+  <vcpu placement='static' cpuset='1'>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <hap/>
+    <pvspinlock state='on'/>
+    <pmu state='off'/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough'/>
+  <clock offset='utc'>
+    <timer name='rtc' present='no'/>
+    <timer name='kvmclock' present='no'/>
+    <timer name='pit' present='no'/>
+    <timer name='hpet' present='no'/>
+    <timer name='hypervclock' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/Whonix-Custom-Workstation.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <interface type='network'>
+      <source network='Whonix-Internal'/>
+      <model type='virtio'/>
+      <driver name='qemu'/>
+    </interface>
+    <controller type='virtio-serial' index='0'/>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <graphics type='spice' autoport='yes'>
+      <clipboard copypaste='no'/>
+      <filetransfer enable='no'/>
+      <gl enable='no'/>
+    </graphics>
+    <sound model='ich6'>
+      <codec type='output'/>
+    </sound>
+    <video>
+      <model type='virtio' heads='1' primary='yes'/>
+    </video>
+    <memballoon model='none'/>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
+  </devices>
+</domain>

overlay/Linux/usr/local/share/whonix-libvirt/xml/Whonix-External.xml

@@ -0,0 +1,6 @@
+<network>
+  <name>Whonix-External</name>
+  <forward mode='nat'/>
+  <bridge name='virbr1' stp='on' delay='0'/>
+  <ip address='10.0.2.2' netmask='255.255.255.0'/>
+</network>

overlay/Linux/usr/local/share/whonix-libvirt/xml/Whonix-Gateway.xml

@@ -0,0 +1,82 @@
+<domain type='kvm'>
+  <name>Whonix-Gateway</name>
+  <description>Do not change any settings if you do not understand the consequences! Learn more: https://www.whonix.org/wiki/KVM#XML_Settings</description>
+  <genid/>
+  <memory dumpCore='off' unit='KiB'>524288</memory>
+  <currentMemory unit='KiB'>524288</currentMemory>
+  <memoryBacking>
+    <allocation mode='ondemand'/>
+    <discard/>
+    <nosharepages/>
+  </memoryBacking>
+  <blkiotune>
+    <weight>250</weight>
+  </blkiotune>
+  <vcpu placement='static' cpuset='0'>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <hap/>
+    <pvspinlock state='on'/>
+    <pmu state='off'/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough'/>
+  <clock offset='utc'>
+    <timer name='rtc' tickpolicy='catchup' track='guest'/>
+    <timer name='kvmclock' present='yes'/>
+    <timer name='pit' present='no'/>
+    <timer name='hpet' present='no'/>
+    <timer name='hypervclock' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/Whonix-Gateway.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <interface type='network'>
+      <source network='Whonix-External'/>
+      <model type='virtio'/>
+      <driver name='qemu'/>
+    </interface>
+    <interface type='network'>
+      <source network='Whonix-Internal'/>
+      <model type='virtio'/>
+      <driver name='qemu'/>
+    </interface>
+    <controller type='virtio-serial' index='0'/>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <graphics type='spice' autoport='yes'>
+      <clipboard copypaste='yes'/>
+      <filetransfer enable='no'/>
+      <gl enable='no'/>
+    </graphics>
+    <video>
+      <model type='virtio' heads='1' primary='yes'/>
+    </video>
+    <memballoon model='none'/>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
+  </devices>
+</domain>

overlay/Linux/usr/local/share/whonix-libvirt/xml/Whonix-Internal.xml

@@ -0,0 +1,4 @@
+<network>
+  <name>Whonix-Internal</name>
+  <bridge name='virbr2' stp='on' delay='0'/>
+</network>

overlay/Linux/usr/local/share/whonix-libvirt/xml/Whonix-Workstation.xml

@@ -0,0 +1,80 @@
+<domain type='kvm'>
+  <name>Whonix-Workstation</name>
+  <description>Do not change any settings if you do not understand the consequences! Learn more: https://www.whonix.org/wiki/KVM#XML_Settings</description>
+  <genid/>
+  <memory dumpCore='off' unit='KiB'>2097152</memory>
+  <currentMemory unit='KiB'>2097152</currentMemory>
+  <memoryBacking>
+    <allocation mode='ondemand'/>
+    <discard/>
+    <nosharepages/>
+  </memoryBacking>
+  <blkiotune>
+    <weight>250</weight>
+  </blkiotune>
+  <vcpu placement='static' cpuset='1'>1</vcpu>
+  <os>
+    <type>hvm</type>
+    <boot dev='hd'/>
+  </os>
+  <features>
+    <acpi/>
+    <hap/>
+    <pvspinlock state='on'/>
+    <pmu state='off'/>
+    <vmport state='off'/>
+  </features>
+  <cpu mode='host-passthrough'/>
+  <clock offset='utc'>
+    <timer name='rtc' present='no'/>
+    <timer name='kvmclock' present='no'/>
+    <timer name='pit' present='no'/>
+    <timer name='hpet' present='no'/>
+    <timer name='hypervclock' present='no'/>
+  </clock>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <pm>
+    <suspend-to-mem enabled='no'/>
+    <suspend-to-disk enabled='no'/>
+  </pm>
+  <devices>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2'/>
+      <source file='/var/lib/libvirt/images/Whonix-Workstation.qcow2'/>
+      <target dev='vda' bus='virtio'/>
+    </disk>
+    <interface type='network'>
+      <source network='Whonix-Internal'/>
+      <model type='virtio'/>
+      <driver name='qemu'/>
+    </interface>
+    <controller type='virtio-serial' index='0'/>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+    <channel type='spicevmc'>
+      <target type='virtio' name='com.redhat.spice.0'/>
+      <address type='virtio-serial' controller='0' bus='0' port='1'/>
+    </channel>
+    <graphics type='spice' autoport='yes'>
+      <clipboard copypaste='no'/>
+      <filetransfer enable='no'/>
+      <gl enable='no'/>
+    </graphics>
+    <sound model='ich6'>
+      <codec type='output'/>
+    </sound>
+    <video>
+      <model type='virtio' heads='1' primary='yes'/>
+    </video>
+    <memballoon model='none'/>
+    <rng model='virtio'>
+      <backend model='random'>/dev/urandom</backend>
+    </rng>
+  </devices>
+</domain>