#!/bin/bash # -*-mode: sh; tab-width: 8; coding: utf-8-unix -*- set -o pipefail || exit 1 # was in /usr/lib/whonix-libvirt/install # unlike that one, this should be idempotent # [ -f /var/lib/whonix-libvirt/install.done ] && exit 0 prog=$( basename $0 .bash ) PREFIX=/usr/local ROLE=base . /usr/local/bin/usr_local_tput.bash GATEW=1 # for testforge use we only need the Gateway WORKS= [ -f $PREFIX/etc/testforge/testforge.bash ] && . /usr/local/etc/testforge/testforge.bash . /usr/local/bin/proxy_ping_lib.bash || \ { echo ERROR: loading /usr/local/bin/proxy_ping_lib.bash ; exit 1; } . /usr/local/bin/usr_local_base.bash || exit 2 MODE=`proxy_ping_mode` [ $MODE = whonix ] || exit 0 #? echo ERROR: avoiding $prog proxy_whonix-libvirt-install.bash ; exit 10 [ -x /usr/local/bin/proxy_libvirt_hook_network.bash ] || exit 12 /usr/local/bin/proxy_libvirt_hook_network.bash || exit 13 [ -d /usr/local/var/log ] || mkdir /usr/local/var/log || exit 14 chmod 1777 /usr/local/var/log [ -f /etc/firewall.conf.whonix ] || \ cp -p /usr/local/etc/firewall.conf.* /etc/ || exit 15 [ -f /etc/firewall.conf ] || \ cp -p /etc/firewall.conf.whonix /etc/firewall.conf || exit 16 # ERROR: proxy_ping_firewall_check /etc/firewall.conf empty [ -x /etc/libvirt/hooks/network ] || cat > /etc/libvirt/hooks/network << \EOF #!/bin/sh [ -d /usr/local/var/log ] || mkdir /usr/local/var/log echo INFO: hooks/network $* > /usr/local/var/log/libvirt_network.log bash /usr/local/bin/proxy_libvirt_hook_network.bash "$@" \ >> /usr/local/var/log/libvirt_network.log 2>&1 EOF [ -x /etc/libvirt/hooks/network ] || chmod a+x /etc/libvirt/hooks/network /etc/libvirt/hooks/network || exit 16 ## Copyright (C) 2019 - 2020 ENCRYPTED SUPPORT LP ## See the file COPYING for copying conditions. set -e ## {{ Taken from qemu-system-common.postinst. # Add the kvm group unless it's already there if ! getent group kvm >/dev/null; then addgroup --quiet --system kvm || true fi ## }} Taken from qemu-system-common.postinst. ## {{ Taken from libvirt-bin.postinst. if ! getent group libvirt >/dev/null; then addgroup --system libvirt fi ## }} Taken from libvirt-bin.postinst. ## Existence of user "user" is not guaranteed at this point. if grep -q ^user /etc/passwd ; then grep -q ^kvm /etc/group || addgroup user kvm grep -q ^libvirt /etc/group || addgroup user libvirt fi ## Create shared directory and adjust permissions [ -d /mnt/gateway-shared ] || mkdir --parents /mnt/gateway-shared [ -n "$WORKS" ] && [ -d /mnt/workstation-shared ] || mkdir --parents /mnt/workstation-shared chmod 1777 /mnt/gateway-shared [ -n "$WORKS" ] && chmod 1777 /mnt/workstation-shared ## networks proxy_virsh net-list --all | grep -q default || \ virsh -c qemu:///system net-autostart "default" || exit 1$? #? virsh -c qemu:///system net-start "default" || exit 2$? proxy_virsh net-list --all | grep -q Whonix-External || \ virsh -c qemu:///system net-define "/usr/local/etc/libvirt/qemu/networks/Whonix-External.xml" \ || exit 3$? proxy_virsh net-list --all | grep -q Whonix-Internal || \ virsh -c qemu:///system net-define "/usr/local/etc/libvirt/qemu/networks/Whonix-Internal.xml" \ || exit 4$? #no virsh -c qemu:///system net-autostart "Whonix-External" proxy_virsh net-list | grep -q Whonix-External || \ virsh -c qemu:///system net-start "Whonix-External" || exit 5$? # no virsh -c qemu:///system net-autostart "Whonix-Internal" proxy_virsh net-list | grep -q Whonix-Internal || \ virsh -c qemu:///system net-start "Whonix-Internal" || exit 6$? lsmod | grep -q kvm||modprobe kvm || exit 7 temp_dir=/usr/local/etc/libvirt/qemu if virsh capabilities | grep -q "