forge/qubes-builder-alpine
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases 14 Packages 3 Wiki Activity Actions

Ported rest of scripts for use by linux-template-builder

Browse source
This commit is contained in:
Antoine Martin 2023-08-25 17:44:09 -04:00
parent cd96dcb95a
commit c97f16d5ba
Signed by: forge
GPG key ID: D62A472A4AA7D541
10 changed files with 95 additions and 206 deletions
Download patch file Download diff file Expand all files Collapse all files

88
scripts/04_install_qubes.sh
View file

@ -1,77 +1,35 @@
#!/bin/bash -e
# vim: set ts=4 sw=4 sts=4 et :
### 04_install_qubes.sh : Prepare chroot instance as a Qubes template
echo "--> Archlinux 04_install_qubes.sh"
echo "--> Alpine linux 04_install_qubes.sh"
PACMAN_CACHE_DIR="${CACHEDIR}/pacman_cache"
PACMAN_CUSTOM_REPO_DIR="${PWD}/pkgs-for-template/${DIST}"
export PACMAN_CACHE_DIR PACMAN_CUSTOM_REPO_DIR "ALL_PROXY=$REPO_PROXY"
APKTOOLS_CACHE_DIR="${CACHEDIR}/apk_cache"
APK_CUSTOM_REPO_DIR="${PWD}/pkgs-for-template/${DIST}"
export APK_CACHE_DIR APK_CUSTOM_REPO_DIR "ALL_PROXY=$REPO_PROXY"
set -e
if [ "$VERBOSE" -ge 2 ] || [ "$DEBUG" -gt 0 ]; then
set -x
fi
echo " --> Enabling x86 repos..."
su -c "echo '[multilib]' >> $INSTALLDIR/etc/pacman.conf"
su -c "echo 'SigLevel = PackageRequired' >> $INSTALLDIR/etc/pacman.conf"
su -c "echo 'Include = /etc/pacman.d/mirrorlist' >> $INSTALLDIR/etc/pacman.conf"
sudo sed -Ei 's,^#(Server *= *https://mirrors\.kernel\.org/),\1,' "$INSTALLDIR/etc/pacman.d/mirrorlist"
echo " --> Updating Qubes custom repository..."
# Repo Add need packages to be added in the right version number order as it only keeps the last entered package version
# shellcheck disable=SC2016
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
'cd /tmp/qubes-packages-mirror-repo; for pkg in `ls -v pkgs/*.pkg.tar.zst`; do repo-add pkgs/qubes.db.tar.gz "$pkg"; done;'
chown -R --reference="$PACMAN_CUSTOM_REPO_DIR" "$PACMAN_CUSTOM_REPO_DIR"
echo " --> Registering Qubes custom repository..."
# shellcheck disable=SC2016
su -c 'echo "[qubes] " >> $INSTALLDIR/etc/pacman.conf'
# shellcheck disable=SC2016
su -c 'echo "SigLevel = Never " >> $INSTALLDIR/etc/pacman.conf'
# shellcheck disable=SC2016
su -c 'echo "Server = file:///tmp/qubes-packages-mirror-repo/pkgs " >> $INSTALLDIR/etc/pacman.conf'
echo " --> Adding Qubes custom repository..."
su -c "echo 'https://lab.ilot.io/ayakael/repo-apk/-/raw/v3.18/qubes/r4.1' >> $INSTALLDIR/etc/apk/repositories"
wget "https://lab.ilot.io/ayakael/repo-apk/-/raw/v3.18/antoine.martin@protonmail.com-5b3109ad.rsa.pub" -P "$INSTALLDIR"/etc/apk/keys
echo " --> Synchronize resolv.conf..."
cp /etc/resolv.conf "${INSTALLDIR}/etc/resolv.conf"
echo " --> Updating pacman sources..."
echo " --> Updating apk repos..."
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"until http_proxy='${REPO_PROXY}' pacman -Syu; do sleep 1; done"
echo " --> Checking available qubes packages (for debugging only)..."
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"until http_proxy='${REPO_PROXY}' pacman -Ss qubes; do sleep 1; done"
if [ -n "$USE_QUBES_REPO_VERSION" ]; then
# we don't check specific value here, assume correct branch of
# meta-packages component
echo " --> Installing repository qubes package..."
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-repo"
if [ "0$USE_QUBES_REPO_TESTING" -gt 0 ]; then
echo " --> Enabling current-testing repository..."
ln -s "90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf.disabled" \
"$INSTALLDIR/etc/pacman.d/90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf"
# abort if the file doesn't exist
if ! [ -f "$INSTALLDIR/etc/pacman.d/90-qubes-${USE_QUBES_REPO_VERSION}-current-testing.conf" ]; then
ls -l "$INSTALLDIR/etc/pacman.d/"
exit 1
fi
fi
echo " --> Updating pacman sources..."
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"until http_proxy='${REPO_PROXY}' pacman -Syu; do sleep 1; done"
fi
"apk update; apk upgrade"
echo " --> Installing mandatory qubes packages..."
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"until http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-dependencies; do sleep 1; done"
"apk add qubes-vm-dependencies"
echo " --> Installing recommended qubes apps"
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" /bin/sh -c \
"until http_proxy='${REPO_PROXY}' pacman -S --noconfirm qubes-vm-recommended; do sleep 1; done"
"apk add qubes-vm-recommended"
echo " --> Updating template fstab file..."
cat >> "${INSTALLDIR}/etc/fstab" <<EOF
@ -90,23 +48,15 @@ cat >> "${INSTALLDIR}/etc/fstab" <<EOF
# Template Customizations
tmpfs /dev/shm tmpfs defaults,size=1G 0 0
# This MUST be a ramfs, not a tmpfs! The data here is incredibly sensitive
# (allows root access) and must not be leaked to disk.
tmpfs /etc/pacman.d/gnupg/private-keys-v1.d ramfs defaults,noexec,nosuid,nodev,mode=600 0 0
EOF
echo " --> Configuring system to our preferences..."
# Name network devices using simple names (ethX)
ln -s /dev/null "${INSTALLDIR}/etc/udev/rules.d/80-net-name-slot.rules"
# Enable some locales (incl. UTF-8)
sed 's/#en_US/en_US/g' -i "${INSTALLDIR}/etc/locale.gen"
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" locale-gen
echo 'LANG=en_US.UTF-8' > "${INSTALLDIR}/etc/locale.conf"
# Creating a random file in /lib/modules to ensure that the directory in never deleted when packages are removed
mkdir -p "${INSTALLDIR}/lib/modules"
touch "${INSTALLDIR}/lib/modules/QUBES_NODELETE"
# Remove qubes local repository definition
sed '/\[qubes]/,+2 d' -i "${INSTALLDIR}/etc/pacman.conf"
# add hcv0 to inittab
echo "hvc0::respawn:/sbin/getty -L hvc0 115200 vt220" >> "$INSTALLDIR"/etc/inittap
# add user:user
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" adduser -D -S user
# enable services
for i in udev udev-trigger xendriverdomain qubes-qrexec-agent qubes-db qubes-meminfo-writer qubes-sysinit qubes-core-early qubes-core qubes-gui-agent; do
"${SCRIPTSDIR}/alpine-chroot" "$INSTALLDIR" rc-update add $i
done