2022-03-04 19:33:13 +00:00
|
|
|
#!/bin/bash -e
|
|
|
|
# vim: set ts=4 sw=4 sts=4 et :
|
|
|
|
### 04_install_qubes.sh : Prepare chroot instance as a Qubes template
|
2023-08-25 21:44:09 +00:00
|
|
|
echo "--> Alpine linux 04_install_qubes.sh"
|
2022-03-04 19:33:13 +00:00
|
|
|
|
2023-08-26 21:14:13 +00:00
|
|
|
DIST_NAME="alpinelinux"
|
|
|
|
DIST_VER="v${DIST#alpine}"
|
|
|
|
DIST_VER="${DIST_VER/3/3.}"
|
|
|
|
|
|
|
|
if [ -z "${DIST_NAME}" ]; then
|
|
|
|
error "Please provide DIST_NAME in environment."
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -z "${DIST_VER}" ]; then
|
|
|
|
error "Please provide DIST_VER in environment."
|
|
|
|
fi
|
|
|
|
|
2023-08-25 21:44:09 +00:00
|
|
|
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
|
2023-08-26 21:14:13 +00:00
|
|
|
ALPINELINUX_VERSION=${DIST_VER:-latest-stable}
|
2024-08-21 19:02:08 +00:00
|
|
|
QUBESALPINE_MIRROR="${QUBESALPINE_MIRROR:-https://ayakael.net/api/packages/forge/alpine}"
|
|
|
|
QUBESALPINE_KEYFILE="${QUBESALPINE_KEYFILE:-https://ayakael.net/api/packages/forge/alpine/key}"
|
2024-02-08 16:09:50 +00:00
|
|
|
QUBES_REL="${QUBES_REL:-r4.2}"
|
2023-08-26 03:00:57 +00:00
|
|
|
export APK_CACHE_DIR
|
2022-03-04 19:33:13 +00:00
|
|
|
|
|
|
|
set -e
|
|
|
|
if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
|
|
|
|
set -x
|
|
|
|
fi
|
|
|
|
|
2023-08-25 21:44:09 +00:00
|
|
|
echo " --> Adding Qubes custom repository..."
|
2024-08-21 19:02:08 +00:00
|
|
|
su -c "echo '$QUBESALPINE_MIRROR/$ALPINELINUX_VERSION/qubes-$QUBES_REL' >> $INSTALLDIR/etc/apk/repositories"
|
|
|
|
pushd "$INSTALLDIR"/etc/apk/keys
|
|
|
|
curl -JO "$QUBESALPINE_KEYFILE"
|
|
|
|
popd
|
2022-03-04 19:33:13 +00:00
|
|
|
|
|
|
|
echo " --> Synchronize resolv.conf..."
|
|
|
|
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
|
|
|
|
2023-08-25 21:44:09 +00:00
|
|
|
echo " --> Updating apk repos..."
|
2023-08-26 03:00:57 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
2023-08-25 21:44:09 +00:00
|
|
|
"apk update; apk upgrade"
|
2022-03-04 19:33:13 +00:00
|
|
|
|
|
|
|
echo " --> Installing mandatory qubes packages..."
|
2023-08-26 03:00:57 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
2023-08-25 21:44:09 +00:00
|
|
|
"apk add qubes-vm-dependencies"
|
2022-03-04 19:33:13 +00:00
|
|
|
|
|
|
|
echo " --> Installing recommended qubes apps"
|
2023-08-26 03:00:57 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
2023-08-26 23:26:29 +00:00
|
|
|
"apk add qubes-vm-recommended qubes-vm-passwordless-root"
|
2022-03-04 19:33:13 +00:00
|
|
|
|
|
|
|
echo " --> Updating template fstab file..."
|
2023-08-26 19:36:16 +00:00
|
|
|
cat > "${INSTALLDIR}/etc/fstab" <<EOF
|
2022-03-04 19:33:13 +00:00
|
|
|
#
|
|
|
|
# /etc/fstab: static file system information
|
|
|
|
#
|
|
|
|
|
|
|
|
# Templates Directories
|
|
|
|
/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1
|
|
|
|
/dev/xvdb /rw auto noauto,defaults,discard 1 2
|
|
|
|
/dev/xvdc1 swap swap defaults 0 0
|
|
|
|
|
|
|
|
# Template Binds
|
|
|
|
/rw/home /home none noauto,bind,defaults 0 0
|
|
|
|
/rw/usrlocal /usr/local none noauto,bind,defaults 0 0
|
|
|
|
|
|
|
|
# Template Customizations
|
|
|
|
tmpfs /dev/shm tmpfs defaults,size=1G 0 0
|
|
|
|
|
|
|
|
EOF
|
|
|
|
|
|
|
|
echo " --> Configuring system to our preferences..."
|
2023-08-25 21:44:09 +00:00
|
|
|
# add hcv0 to inittab
|
2023-08-26 03:00:57 +00:00
|
|
|
echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/inittab
|
2023-08-26 19:36:16 +00:00
|
|
|
|
|
|
|
# user and groups
|
2023-08-26 03:00:57 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup qubes
|
2023-08-26 19:36:16 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup user
|
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" adduser -D user -G user -s /bin/bash
|
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" addgroup user qubes
|
|
|
|
|
|
|
|
# create /lib/modules for qubes-kernel module mount
|
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" mkdir /lib/modules
|
2023-08-26 03:00:57 +00:00
|
|
|
|
2023-12-08 01:16:14 +00:00
|
|
|
# lo device
|
|
|
|
cat > "${INSTALLDIR}/etc/network/interfaces" <<EOF
|
|
|
|
auto lo
|
|
|
|
iface lo inet loopback
|
|
|
|
EOF
|
|
|
|
|
|
|
|
|
2023-08-25 21:44:09 +00:00
|
|
|
# enable services
|
2024-02-08 15:57:52 +00:00
|
|
|
for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent qubes-updates-proxy-forwarder crond acpid; do
|
2023-08-26 03:00:57 +00:00
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i default
|
2023-08-25 21:44:09 +00:00
|
|
|
done
|
2023-08-26 19:36:16 +00:00
|
|
|
for i in bootmisc hostname hwclock loadkmap modules networking seedrng swap sysctl syslog; do
|
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i boot
|
|
|
|
done
|
|
|
|
for i in devfs dmesg hwdrivers mdev; do
|
|
|
|
"${TEMPLATE_CONTENT_DIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i sysinit
|
|
|
|
done
|