113 lines
4.9 KiB
Bash
113 lines
4.9 KiB
Bash
|
#!/bin/bash -e
|
||
|
|
# vim: set ts=4 sw=4 sts=4 et :
|
||
|
|
### 04_install_qubes.sh : Prepare chroot instance as a Qubes template
|
||
|
|
echo "--> Archlinux 04_install_qubes.sh"
|
||
|
|
|
||
|
|
PACMAN_CACHE_DIR="${CACHEDIR}/pacman_cache"
|
||
|
|
PACMAN_CUSTOM_REPO_DIR="${PWD}/pkgs-for-template/${DIST}"
|
||
|
|
export PACMAN_CACHE_DIR PACMAN_CUSTOM_REPO_DIR "ALL_PROXY=$REPO_PROXY"
|
||
|
|
|
||
|
|
set -e
|
||
|
|
if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
|
||
|
|
set -x
|
||
|
|
fi
|
||
|
|
|
||
|
|
echo " --> Enabling x86 repos..."
|
||
|
|
su -c "echo '[multilib]' >> $INSTALLDIR/etc/pacman.conf"
|
||
|
|
su -c "echo 'SigLevel = PackageRequired' >> $INSTALLDIR/etc/pacman.conf"
|
||
|
|
su -c "echo 'Include = /etc/pacman.d/mirrorlist' >> $INSTALLDIR/etc/pacman.conf"
|
||
|
|
sudo sed -Ei 's,^#(Server *= *https://mirrors\.kernel\.org/),\1,' "$INSTALLDIR/etc/pacman.d/mirrorlist"
|
||
|
|
|
||
|
|
echo " --> Updating Qubes custom repository..."
|
||
|
|
# Repo Add need packages to be added in the right version number order as it only keeps the last entered package version
|
||
|
|
# shellcheck disable=SC2016
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
'cd /tmp/qubes-packages-mirror-repo; for pkg in `ls -v pkgs/*.pkg.tar.zst`; do repo-add pkgs/qubes.db.tar.gz "$pkg"; done;'
|
||
|
|
chown -R --reference="$PACMAN_CUSTOM_REPO_DIR" "$PACMAN_CUSTOM_REPO_DIR"
|
||
|
|
|
||
|
|
echo " --> Registering Qubes custom repository..."
|
||
|
|
# shellcheck disable=SC2016
|
||
|
|
su -c 'echo "[qubes] " >> $INSTALLDIR/etc/pacman.conf'
|
||
|
|
# shellcheck disable=SC2016
|
||
|
|
su -c 'echo "SigLevel = Never " >> $INSTALLDIR/etc/pacman.conf'
|
||
|
|
# shellcheck disable=SC2016
|
||
|
|
su -c 'echo "Server = file:///tmp/qubes-packages-mirror-repo/pkgs " >> $INSTALLDIR/etc/pacman.conf'
|
||
|
|
|
||
|
|
echo " --> Synchronize resolv.conf..."
|
||
|
|
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
|
||
|
|
|
||
|
|
echo " --> Updating pacman sources..."
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"until http_proxy='${REPO_PROXY}' pacman -Syu; do sleep 1; done"
|
||
|
|
|
||
|
|
echo " --> Checking available qubes packages (for debugging only)..."
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"until http_proxy='${REPO_PROXY}' pacman -Ss qubes; do sleep 1; done"
|
||
|
|
|
||
|
|
if [ -n "$USE_QUBES_REPO_VERSION" ]; then
|
||
|
|
# we don't check specific value here, assume correct branch of
|
||
|
|
# meta-packages component
|
||
|
|
echo " --> Installing repository qubes package..."
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-repo"
|
||
|
|
if [ "0$USE_QUBES_REPO_TESTING" -gt 0 ]; then
|
||
|
|
echo " --> Enabling current-testing repository..."
|
||
|
|
ln -s "90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf.disabled" \
|
||
|
|
"$INSTALLDIR/etc/pacman.d/90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf"
|
||
|
|
# abort if the file doesn't exist
|
||
|
|
if ! [ -f "$INSTALLDIR/etc/pacman.d/90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf" ]; then
|
||
|
|
ls -l "$INSTALLDIR/etc/pacman.d/"
|
||
|
|
exit 1
|
||
|
|
fi
|
||
|
|
fi
|
||
|
|
echo " --> Updating pacman sources..."
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"until http_proxy='${REPO_PROXY}' pacman -Syu; do sleep 1; done"
|
||
|
|
fi
|
||
|
|
|
||
|
|
echo " --> Installing mandatory qubes packages..."
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"until http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-dependencies; do sleep 1; done"
|
||
|
|
|
||
|
|
echo " --> Installing recommended qubes apps"
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
|
||
|
|
"until http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-recommended; do sleep 1; done"
|
||
|
|
|
||
|
|
echo " --> Updating template fstab file..."
|
||
|
|
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
|
||
|
|
#
|
||
|
|
# /etc/fstab: static file system information
|
||
|
|
#
|
||
|
|
|
||
|
|
# Templates Directories
|
||
|
|
/dev/mapper/dmroot / ext4 defaults,discard,noatime 1 1
|
||
|
|
/dev/xvdb /rw auto noauto,defaults,discard 1 2
|
||
|
|
/dev/xvdc1 swap swap defaults 0 0
|
||
|
|
|
||
|
|
# Template Binds
|
||
|
|
/rw/home /home none noauto,bind,defaults 0 0
|
||
|
|
/rw/usrlocal /usr/local none noauto,bind,defaults 0 0
|
||
|
|
|
||
|
|
# Template Customizations
|
||
|
|
tmpfs /dev/shm tmpfs defaults,size=1G 0 0
|
||
|
|
# This MUST be a ramfs, not a tmpfs! The data here is incredibly sensitive
|
||
|
|
# (allows root access) and must not be leaked to disk.
|
||
|
|
tmpfs /etc/pacman.d/gnupg/private-keys-v1.d ramfs defaults,noexec,nosuid,nodev,mode=600 0 0
|
||
|
|
|
||
|
|
EOF
|
||
|
|
|
||
|
|
echo " --> Configuring system to our preferences..."
|
||
|
|
# Name network devices using simple names (ethX)
|
||
|
|
ln -s /dev/null "${INSTALLDIR}/etc/udev/rules.d/80-net-name-slot.rules"
|
||
|
|
# Enable some locales (incl. UTF-8)
|
||
|
|
sed 's/#en_US/en_US/g' -i "${INSTALLDIR}/etc/locale.gen"
|
||
|
|
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" locale-gen
|
||
|
|
echo 'LANG=en_US.UTF-8' > "${INSTALLDIR}/etc/locale.conf"
|
||
|
|
|
||
|
|
# Creating a random file in /lib/modules to ensure that the directory in never deleted when packages are removed
|
||
|
|
mkdir -p "${INSTALLDIR}/lib/modules"
|
||
|
|
touch "${INSTALLDIR}/lib/modules/QUBES_NODELETE"
|
||
|
|
|
||
|
|
# Remove qubes local repository definition
|
||
|
|
sed '/\[qubes]/,+2 d' -i "${INSTALLDIR}/etc/pacman.conf"
|