diff options
author | Hansjürg Wenger <hansjuerg.wenger@bfh.ch> | 2021-01-07 11:45:01 +0100 |
---|---|---|
committer | Hansjürg Wenger <hansjuerg.wenger@bfh.ch> | 2021-01-07 11:45:01 +0100 |
commit | 42c8e91228e8d6488d9d0c1762ad913c797c68ca (patch) | |
tree | 9d0bff7f9dc3b7e31ac3da1fb802fb9ffb5d9c46 | |
parent | 281db4fe1abb0fc2189222950e95d50a3429afc0 (diff) | |
download | woocommerce-taler-42c8e91228e8d6488d9d0c1762ad913c797c68ca.tar.gz woocommerce-taler-42c8e91228e8d6488d9d0c1762ad913c797c68ca.tar.bz2 woocommerce-taler-42c8e91228e8d6488d9d0c1762ad913c797c68ca.zip |
add client-build
-rw-r--r-- | client-build/00-README | 44 | ||||
-rwxr-xr-x | client-build/01-make-iso.sh | 66 | ||||
-rwxr-xr-x | client-build/02-setup-system.sh | 34 | ||||
-rwxr-xr-x | client-build/03-run-system.sh | 18 | ||||
-rw-r--r-- | client-build/chromium.cfg | 9 | ||||
-rw-r--r-- | client-build/iso/grub.cfg | 155 | ||||
-rw-r--r-- | client-build/iso/isolinux.cfg | 7 | ||||
-rw-r--r-- | client-build/iso/menu.cfg | 53 | ||||
-rw-r--r-- | client-build/iso/syslinux.cfg | 2 | ||||
-rw-r--r-- | client-build/iso/txt.cfg | 4 | ||||
-rw-r--r-- | client-build/profiles/default.preseed | 192 | ||||
-rw-r--r-- | client-build/profiles/wooclient.description | 1 | ||||
-rw-r--r-- | client-build/profiles/wooclient.packages | 7 | ||||
-rwxr-xr-x | client-build/profiles/wooclient.postinst | 86 | ||||
-rw-r--r-- | client-build/profiles/wooclient.preseed | 453 | ||||
-rw-r--r-- | client-build/profiles/wooclient.udebs | 2 | ||||
-rw-r--r-- | client-build/ssh.cfg | 6 |
17 files changed, 1139 insertions, 0 deletions
diff --git a/client-build/00-README b/client-build/00-README new file mode 100644 index 0000000..45087f0 --- /dev/null +++ b/client-build/00-README @@ -0,0 +1,44 @@ +This directory contains some scripts and associated files to +create a Debian image with a GNUnet (docker) and a chromium +web browser. + +We use simple-cdd to non-interactively run the Debian installer, +and have a profile 'wooclient' with our specifications. + +Dependencies: +============= + +* debian-archive-keyring +* qemu, qemu-system, qemu-kvm +* xorriso +* bsdtar +* simple-cdd + +Make sure the user using the scripts is in the 'kvm' group. +The scripts are only written for AMD64/x86_64 CPUs. + + +How to use: +=========== + +First run: + +$ ./01-make-iso.sh + +to create the "installer.iso". + +Then run: + +$ ./02-setup-system.sh + +to run the Debian installer to create the 'wooclient.img'. +wait until the script is done, this takes approx. 15-20 minutes! + +Next, boot the final image using: + +$ ./03-run-system.sh + +A chromium browser should start in the VM. + +You then have to install the chromium extensions +"re:claimID" and "GNU Taler Wallet" diff --git a/client-build/01-make-iso.sh b/client-build/01-make-iso.sh new file mode 100755 index 0000000..baefd9b --- /dev/null +++ b/client-build/01-make-iso.sh @@ -0,0 +1,66 @@ +#!/bin/sh + +# Shell script to build the ISO. +# We use simple-cdd, but then need to patch the resulting +# ISO to avoid GRUB/isolinux prompting for the installation +# method and to avoid the Debian installer from asking questions +# about the language (which it does before reading the preseed +# file with the configuration, so those MUST be passed via +# kernel parameters. Badly documented!). + +# What does not yet work: +# - Debian installer asks for the 'wooclient' profile. +# (not sure which option to set in profiles/wooclient.preseed, +# or if using 'profiles' is the wrong approach entirely here) + +set -eu + +ISO=installer.iso + +if [ -f $ISO ] +then + echo "Confirm removal of existing '$ISO' by pressing 'y':" + rm -i $ISO + if [ -f $ISO ] + then + echo "'$ISO' already exists, exiting..." + exit 0 + fi +fi + +# Will create images/debian-10-amd64-CD-1.iso +export KERNEL_PARAMS="preseed/file=/cdrom/simple-cdd/default.preseed locale=en_US.UTF-8 keymap=us language=en country=US" + +build-simple-cdd --force-root --verbose --profiles wooclient --auto-profiles wooclient --dist buster + +# Use shell variable, in case the above changes in the future... +IMG=images/debian-10-amd64-CD-1.iso + +# Create directory for unpacking the ISO +rm -rf cd/ +mkdir cd/ +bsdtar -C cd/ -xf $IMG +chmod -R +w cd/ + +# Modify ISO + +# This may seem to have no effect, as GRUB is usually not used to boot the ISO. +# But, just better be safe. +# Make sure to also adjust kernel parameters here! +cp iso/grub.cfg cd/boot/grub/ + +# Change 'timeout' to 2 to ensure we boot non-interactively +cp iso/isolinux.cfg cd/isolinux/ +# Remove graphical installer option from menu, so text-based is first +cp iso/menu.cfg cd/isolinux/ +# Adds kernel parameters to setup language in Debian installer +cp iso/txt.cfg cd/isolinux/ + + +# Finally, pack the ISO +# Extract header from original ISO +dd if=$IMG bs=1 count=432 of=isohdpfx.bin +xorriso -as mkisofs -o $ISO -isohybrid-mbr isohdpfx.bin -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table ./cd + +# Delete temporary files +rm isohdpfx.bin -r cd/ diff --git a/client-build/02-setup-system.sh b/client-build/02-setup-system.sh new file mode 100755 index 0000000..709333b --- /dev/null +++ b/client-build/02-setup-system.sh @@ -0,0 +1,34 @@ +#!/bin/sh +# Run QEMU with the installer.iso image (created via make-iso.sh) to +# create a system image "talerwoo.img". +# + +TARGET=wooclient.img + +if [ -f $TARGET ] +then + echo "Confirm removal of existing $TARGET by pressing \"y\":" + rm -i $TARGET + if [ -f $TARGET ] + then + echo "proceed with installation (see 00-README)" + exit 0 + fi +fi + +# Create target image file. Note: Debian has a minimum +# size for automatic partitioning >= 10G these days! +qemu-img create -q -f qcow2 $TARGET 32G > /dev/null 2>&1 + +echo "installing system - please be patient (approx. 5-10 minutes)!" + +qemu-system-x86_64 -m 4G -enable-kvm -hda $TARGET \ + -display none -cdrom installer.iso > /dev/null 2>&1 + +echo "run system (first run) - please be patient (approx 10-15 minutes)!" + +qemu-system-x86_64 -m 4G -enable-kvm -net nic,model=rtl8139 \ + -net user,hostfwd=tcp::2222-:22,hostfwd=tcp::7776-:7776 \ + -display none -hda $TARGET > /dev/null 2>&1 + +echo "proceed with installation (see 00-README)" diff --git a/client-build/03-run-system.sh b/client-build/03-run-system.sh new file mode 100755 index 0000000..ba11bda --- /dev/null +++ b/client-build/03-run-system.sh @@ -0,0 +1,18 @@ +#!/bin/sh +# Run QEMU with the talerwoo.img (create via setup-system.sh) + +TARGET=wooclient.img + +echo "start the system.." +# Run qemu +qemu-system-x86_64 -m 4G -enable-kvm -net nic,model=rtl8139 \ + -net user,hostfwd=tcp::2222-:22,hostfwd=tcp::7776-:7776 \ + -display none -hda $TARGET > /dev/null 2>&1 & + +echo ".. and wait some time until it is ready!" +# wait for system to boot up +sleep 15 + +# now start chromium in the VM +echo "now start 'chromium' in the VM" +ssh -F ./chromium.cfg localhost diff --git a/client-build/chromium.cfg b/client-build/chromium.cfg new file mode 100644 index 0000000..c8cd2ff --- /dev/null +++ b/client-build/chromium.cfg @@ -0,0 +1,9 @@ +Host localhost + User testuser + Port 2222 + LogLevel ERROR + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null + ForwardX11 yes + ForwardX11Trusted yes + RemoteCommand chromium diff --git a/client-build/iso/grub.cfg b/client-build/iso/grub.cfg new file mode 100644 index 0000000..3d970b3 --- /dev/null +++ b/client-build/iso/grub.cfg @@ -0,0 +1,155 @@ +if loadfont $prefix/font.pf2 ; then + set gfxmode=800x600 + set gfxpayload=keep + insmod efi_gop + insmod efi_uga + insmod video_bochs + insmod video_cirrus + insmod gfxterm + insmod png + terminal_output gfxterm +fi + +if background_image /isolinux/splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +elif background_image /splash.png; then + set color_normal=light-gray/black + set color_highlight=white/black +else + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue +fi + +insmod play +play 960 440 1 0 4 440 1 +set theme=/boot/grub/theme/1 +menuentry --hotkey=i 'Install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 --- quiet locale=en_US.UTF-8 keymap=us language=en country=US + initrd /install.amd/initrd.gz +} +menuentry --hotkey=g 'Graphical install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 --- quiet + initrd /install.amd/gtk/initrd.gz +} +submenu --hotkey=a 'Advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set theme=/boot/grub/theme/1-1 + menuentry '... Graphical expert install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 --- + initrd /install.amd/gtk/initrd.gz + } + menuentry '... Graphical rescue mode' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry '... Graphical automated install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry --hotkey=x '... Expert install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 --- + initrd /install.amd/initrd.gz + } + menuentry --hotkey=r '... Rescue mode' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true --- quiet + initrd /install.amd/initrd.gz + } + menuentry --hotkey=a '... Automated install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 --- quiet + initrd /install.amd/initrd.gz + } + submenu --hotkey=s '... Speech-enabled advanced options ...' { + set menu_color_normal=cyan/blue + set menu_color_highlight=white/blue + set theme=/boot/grub/theme/1-1-1 + menuentry --hotkey=x '... Expert speech install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 speakup.synth=soft --- + initrd /install.amd/gtk/initrd.gz + } + menuentry --hotkey=r '... Rescue speech mode' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true speakup.synth=soft --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry --hotkey=a '... Automated speech install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 speakup.synth=soft --- quiet + initrd /install.amd/gtk/initrd.gz + } + } +} +submenu --hotkey=d 'Accessible dark contrast installer menu ...' { + set menu_color_normal=white/black + set menu_color_highlight=yellow/black + set color_normal=white/black + set color_highlight=yellow/black + background_image + set theme=/boot/grub/theme/dark-1-2 + menuentry --hotkey=g '... Graphical install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 theme=dark --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry --hotkey=i '... Install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 theme=dark --- quiet + initrd /install.amd/initrd.gz + } + submenu --hotkey=a '... Advanced options ...' { + set menu_color_normal=white/black + set menu_color_highlight=yellow/black + set color_normal=white/black + set color_highlight=yellow/black + background_image + set theme=/boot/grub/theme/dark-1-2-1 + menuentry '... Graphical expert install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 theme=dark --- + initrd /install.amd/gtk/initrd.gz + } + menuentry '... Graphical rescue mode' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true theme=dark --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry '... Graphical automated install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 theme=dark --- quiet + initrd /install.amd/gtk/initrd.gz + } + menuentry --hotkey=x '... Expert install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 theme=dark --- + initrd /install.amd/initrd.gz + } + menuentry --hotkey=r '... Rescue mode' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true theme=dark --- quiet + initrd /install.amd/initrd.gz + } + menuentry --hotkey=a '... Automated install' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 theme=dark --- quiet + initrd /install.amd/initrd.gz + } + } +} +menuentry --hotkey=s 'Install with speech synthesis' { + set background_color=black + linux /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 speakup.synth=soft --- quiet + initrd /install.amd/gtk/initrd.gz +} + +set default="0" +set timeout=2
\ No newline at end of file diff --git a/client-build/iso/isolinux.cfg b/client-build/iso/isolinux.cfg new file mode 100644 index 0000000..84b1659 --- /dev/null +++ b/client-build/iso/isolinux.cfg @@ -0,0 +1,7 @@ +# D-I config version 2.0 +# search path for the c32 support libraries (libcom32, libutil etc.) +path +include menu.cfg +default vesamenu.c32 +prompt 0 +timeout 2 diff --git a/client-build/iso/menu.cfg b/client-build/iso/menu.cfg new file mode 100644 index 0000000..a91a860 --- /dev/null +++ b/client-build/iso/menu.cfg @@ -0,0 +1,53 @@ +menu hshift 4menu width 70 + +menu title Debian GNU/Linux installer menu (BIOS mode) +include stdmenu.cfg +include txt.cfg +menu begin advanced + menu label ^Advanced options + menu title Advanced options + include stdmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include adgtk.cfg + include adtxt.cfg + include adspkgtk.cfg + include adspk.cfg +menu end +menu begin dark + menu label Accessible ^dark contrast installer menu + menu title Accessible dark contrast option + include drkmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include drkgtk.cfg + include drk.cfg + menu begin advanced + menu label ^Advanced options + menu title Advanced options + include drkmenu.cfg + label mainmenu + menu label ^Back.. + menu exit + include addrkgtk.cfg + include addrk.cfg + menu end + include x86drkme.cfg + label help + menu label ^Help + text help + Display help screens; type 'menu' at boot prompt to return to this menu + endtext + config prompt.cfg +menu end +include x86menu.cfg +label help + menu label ^Help + text help + Display help screens; type 'menu' at boot prompt to return to this menu + endtext + config prompt.cfg +include spkgtk.cfg +include spk.cfg diff --git a/client-build/iso/syslinux.cfg b/client-build/iso/syslinux.cfg new file mode 100644 index 0000000..d484735 --- /dev/null +++ b/client-build/iso/syslinux.cfg @@ -0,0 +1,2 @@ +default vmlinuz +append locale=en_US.UTF-8 keymap=us language=en country=US diff --git a/client-build/iso/txt.cfg b/client-build/iso/txt.cfg new file mode 100644 index 0000000..66699d6 --- /dev/null +++ b/client-build/iso/txt.cfg @@ -0,0 +1,4 @@ +label install + menu label ^Install + kernel /install.amd/vmlinuz + append preseed/file=/cdrom/simple-cdd/default.preseed vga=788 initrd=/install.amd/initrd.gz --- quiet locale=en_US.UTF-8 keymap=us language=en country=US diff --git a/client-build/profiles/default.preseed b/client-build/profiles/default.preseed new file mode 100644 index 0000000..207d6db --- /dev/null +++ b/client-build/profiles/default.preseed @@ -0,0 +1,192 @@ +# these are the basic debconf pre-seeding items needed for a miminal +# interaction debian etch install using debian-installer + +# this example pre-seeding file was largely based on +# http://d-i.alioth.debian.org/manual/example-preseed.txt +# +# for more explanation of the options, see: +# http://d-i.alioth.debian.org/manual/en.mips/apbs04.html + +## simple-cdd options + +# automatically select simple-cdd profiles +# NOTE: profile "default" is now automatically included, and should not be +# specified here. +#simple-cdd simple-cdd/profiles multiselect ltsp +#simple-cdd simple-cdd/profiles multiselect ltsp, x-basic + +# Profile selection +simple-cdd simple-cdd/profiles multiselect wooclient + +###### Package selection. + +# You can choose to install any combination of tasks that are available. +# Available tasks as of this writing include: Desktop environment, +# Web server, Print server, DNS server, File server, Mail server, +# SQL database, manual package selection. The last of those will run +# aptitude. You can also choose to install no tasks, and force the +# installation of a set of packages in some other way. + +# don't install any tasks +tasksel tasksel/first multiselect +#tasksel tasksel/first multiselect Desktop environment +#tasksel tasksel/first multiselect Web server, Mail server, DNS server + + +###### Time zone setup. + +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# Many countries have only one time zone. If you told the installer you're +# in one of those countries, you can choose its standard time zone via this +# question. +base-config tzconfig/choose_country_zone_single boolean true +#d-i time/zone select US/Pacific + + +### keyboard configuration + +# don't mess with the keymap +console-common console-data/keymap/policy select Don't touch keymap +console-data console-data/keymap/policy select Don't touch keymap + +# keyboard layouts +#console-data console-data/keymap/qwerty/layout select US american +#console-data console-data/keymap/family select qwerty +#console-common console-data/keymap/family select qwerty + + +###### Account setup. + +# To preseed the root password, you have to put it in the clear in this +# file. That is not a very good idea, use caution! +#passwd passwd/root-password password r00tme +#passwd passwd/root-password-again password r00tme + +# If you want to skip creation of a normal user account. +#passwd passwd/make-user boolean false +# Alternatively, you can preseed the user's name and login. +#passwd passwd/user-fullname string Debian User +#passwd passwd/username string debian +# And their password, but use caution! +#passwd passwd/user-password password insecure +#passwd passwd/user-password-again password insecure + + +#### Network configuration. + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# Note that any hostname and domain names assigned from dhcp take +# precidence over values set here. However, setting the values still +# prevents the questions from being shown even if values come from dhcp. +d-i netcfg/get_hostname string unassigned +d-i netcfg/get_domain string unassigned +# to set the domain to empty: +#d-i netcfg/get_domain string + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string + + +### Partitioning. + +# you can specify a disk to partition. The device name can be given in either +# devfs or traditional non-devfs format. For example, to use the first disk +# devfs knows of: +## NOTE: disabled for lenny, as it seemed to cause issues +#d-i partman-auto/disk string /dev/discs/disc0/disc + +# In addition, you'll need to specify the method to use. +# The presently available methods are: "regular", "lvm" and "crypto" +d-i partman-auto/method string regular + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +#d-i partman-auto/purge_lvm_from_device boolean true +# And the same goes for the confirmation to write the lvm partitions. +#d-i partman-lvm/confirm boolean true + +# Alternately, If the system has free space you can choose to only partition +# that space. +#d-i partman-auto/init_automatically_partition select Use the largest continuous free space +#d-i partman-auto/init_automatically_partition select Guided - use entire disk + +# You can choose from any of the predefined partitioning recipes: +d-i partman-auto/choose_recipe select All files in one partition (recommended for new users) +#d-i partman-auto/choose_recipe select Desktop machine +#d-i partman-auto/choose_recipe select Multi-user workstation + +# uncomment the following three values to makes partman automatically partition +# without confirmation. +#d-i partman/confirm_write_new_label boolean true +d-i partman/choose_partition select Finish partitioning and write changes to disk +#d-i partman/confirm boolean true + +#### Boot loader installation. + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true +# This one makes grub-installer install to the MBR if if finds some other OS +# too, which is less safe as it might not be able to boot that other OS. +d-i grub-installer/with_other_os boolean true + + +###### Apt setup. + +# automatically set the CD as the installation media. +#base-config apt-setup/uri_type select http +#base-config apt-setup/uri_type select cdrom +# only scan the first CD by default +#base-config apt-setup/cd/another boolean false +# don't ask to use additional mirrors +#base-config apt-setup/another boolean false +# Use a network mirror? +# apt-mirror-setup apt-setup/use_mirror boolean false + +# Select individual apt repositories +#d-i apt-setup/services-select multiselect security, updates, backports +# Disable extra apt repositories +#d-i apt-setup/services-select multiselect + +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true + + +###### Mailer configuration. + +# During a normal install, exim asks only two questions. Here's how to +# avoid even those. More complicated preseeding is possible. +exim4-config exim4/dc_eximconfig_configtype select no configuration at this time +# It's a good idea to set this to whatever user account you choose to +# create. Leaving the value blank results in postmaster mail going to +# /var/mail/mail. +exim4-config exim4/dc_postmaster string + + +### skip some annoying installation status notes + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note +# Avoid the introductory message. +base-config base-config/intro note +# Avoid the final message. +base-config base-config/login note + +#d-i popularity-contest/participate boolean false + + +### simple-cdd commands + +# you may add to the following commands by including a ";" followed by your +# shell commands. + +# loads the simple-cdd-profiles udeb to which asks for which profiles to use, +# load the debconf preseeding and queue packages for installation. +d-i preseed/early_command string anna-install simple-cdd-profiles diff --git a/client-build/profiles/wooclient.description b/client-build/profiles/wooclient.description new file mode 100644 index 0000000..cef6573 --- /dev/null +++ b/client-build/profiles/wooclient.description @@ -0,0 +1 @@ +Installer to automatically build the wooclient VM. diff --git a/client-build/profiles/wooclient.packages b/client-build/profiles/wooclient.packages new file mode 100644 index 0000000..b85bd26 --- /dev/null +++ b/client-build/profiles/wooclient.packages @@ -0,0 +1,7 @@ +wget +sudo +uuid +screen +docker +docker.io +runc diff --git a/client-build/profiles/wooclient.postinst b/client-build/profiles/wooclient.postinst new file mode 100755 index 0000000..2fd4d15 --- /dev/null +++ b/client-build/profiles/wooclient.postinst @@ -0,0 +1,86 @@ +#!/bin/bash + +set -eu + +cat > /etc/systemd/system/firstboot-wooclient.service <<EOF +[Unit] +After=mariadb.service network-online.target +Wants=network-online.target +Description="Logic to install wooclient on first boot" + +[Service] +ExecStart=/usr/local/bin/firstboot-script.sh + +[Install] +WantedBy=default.target +EOF + +cat > /etc/systemd/system/gnunet-docker.service <<EOF +[Unit] +Description=GNUnet Container +Requires=docker.service +After=docker.service + +[Service] +Restart=always +ExecStart=/usr/bin/docker start -a gnunet-docker +ExecStop=/usr/bin/docker stop -t 2 gnunet-docker + +[Install] +WantedBy=default.target +EOF + +cat > /usr/share/chromium/initial_bookmarks.html <<EOF +<!DOCTYPE NETSCAPE-Bookmark-file-1> +<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8"> +<TITLE>Bookmarks</TITLE> +<H1>Bookmarks</H1> +<DL><p> + <DT><H3 PERSONAL_TOOLBAR_FOLDER="true">Bookmarks Bar</H3> + <DL><p> + <DT><A HREF="https://woo.nslab.ch/">WooCommerce@nslab.ch</A> + <DT><A HREF="https://reclaim.gnunet.org/">re:claimID</A> + <DT><A HREF="https://chrome.google.com/webstore/detail/reclaimid/jiogompmdejcnacmlnjhnaicgkefcfll">Get re:claimID</A> + <DT><A HREF="https://taler.net/">GNU Taler</A> + <DT><A HREF="https://chrome.google.com/webstore/detail/gnu-taler-wallet/millncjiddlpgdmkklmhfadpacifaonc">Get GNU Taler Wallet</A> + </DL><p> +</DL><p> +EOF + +cat > /usr/local/bin/firstboot-script.sh <<EOF +#!/bin/bash + +set -eu + +echo "Giving system time to complete setup" +sleep 60 + +echo "Enable root login with password" + +# Permit root login with passwd +echo "PermitRootLogin yes" >> /etc/ssh/sshd_config +systemctl restart sshd + +# run gnunet-docker +/usr/bin/docker run -v /root/.local/share/gnunet:/root/.local/share/gnunet -p 7776:7776 -td --name gnunet-docker reclaimid/gnunet-docker + +# enable gnunet-docker service +systemctl enable gnunet-docker + +# Remove self from boot sequence +rm /etc/systemd/system/firstboot-wooclient.service + +echo "Postinstall script done, shutdown system" + +shutdown -h now "firstboot installation done, shutdown system" + +EOF + +chmod +x /usr/local/bin/firstboot-script.sh + +echo "Enabling firstboot-wooclient" + +systemctl daemon-reload +systemctl enable firstboot-wooclient + +echo "wooclient postinstall finished" diff --git a/client-build/profiles/wooclient.preseed b/client-build/profiles/wooclient.preseed new file mode 100644 index 0000000..eabd5fa --- /dev/null +++ b/client-build/profiles/wooclient.preseed @@ -0,0 +1,453 @@ +#### Contents of the preconfiguration file (for jessie) + + +# Profile selection +simple-cdd simple-cdd/profiles multiselect wooclient + + +### Localization +# Preseeding only locale sets language, country and locale. +d-i debian-installer/locale string en_US + +# The values can also be preseeded individually for greater flexibility. +d-i debian-installer/language string en +d-i debian-installer/country string CH +d-i debian-installer/locale string en_US.UTF-8 +# Optionally specify additional locales to be generated. +d-i localechooser/supported-locales multiselect en_GB.UTF-8, de_DE.UTF-8 + +# Keyboard selection. +d-i keyboard-configuration/xkb-keymap select us +# d-i keyboard-configuration/toggle select No toggling + +### Network configuration +d-i netcfg/enable boolean true + +# netcfg will choose an interface that has link if possible. This makes it +# skip displaying a list if there is more than one interface. +d-i netcfg/choose_interface select auto + +# To pick a particular interface instead: +#d-i netcfg/choose_interface select eth1 + +# To set a different link detection timeout (default is 3 seconds). +# Values are interpreted as seconds. +#d-i netcfg/link_wait_timeout string 10 + +# If you have a slow dhcp server and the installer times out waiting for +# it, this might be useful. +#d-i netcfg/dhcp_timeout string 60 +#d-i netcfg/dhcpv6_timeout string 60 + +# If you prefer to configure the network manually, uncomment this line and +# the static network configuration below. +#d-i netcfg/disable_autoconfig boolean true + +# If you want the preconfiguration file to work on systems both with and +# without a dhcp server, uncomment these lines and the static network +# configuration below. +#d-i netcfg/dhcp_failed note +#d-i netcfg/dhcp_options select Configure network manually + +# Static network configuration. +# +# IPv4 example +#d-i netcfg/get_ipaddress string 192.168.1.42 +#d-i netcfg/get_netmask string 255.255.255.0 +#d-i netcfg/get_gateway string 192.168.1.1 +#d-i netcfg/get_nameservers string 192.168.1.1 +#d-i netcfg/confirm_static boolean true +# +# IPv6 example +#d-i netcfg/get_ipaddress string fc00::2 +#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff:: +#d-i netcfg/get_gateway string fc00::1 +#d-i netcfg/get_nameservers string fc00::1 +#d-i netcfg/confirm_static boolean true + +# Any hostname and domain names assigned from dhcp take precedence over +# values set here. However, setting the values still prevents the questions +# from being shown, even if values come from dhcp. +#d-i netcfg/get_hostname string unassigned-hostname +#d-i netcfg/get_domain string unassigned-domain +d-i netcfg/get_hostname string wooclient +d-i netcfg/get_domain string wooclient + +# If you want to force a hostname, regardless of what either the DHCP +# server returns or what the reverse DNS entry for the IP is, uncomment +# and adjust the following line. +#d-i netcfg/hostname string somehost + +# Disable that annoying WEP key dialog. +d-i netcfg/wireless_wep string +# The wacky dhcp hostname that some ISPs use as a password of sorts. +#d-i netcfg/dhcp_hostname string radish + +# If non-free firmware is needed for the network or other hardware, you can +# configure the installer to always try to load it, without prompting. Or +# change to false to disable asking. +#d-i hw-detect/load_firmware boolean true + +### Network console +# Use the following settings if you wish to make use of the network-console +# component for remote installation over SSH. This only makes sense if you +# intend to perform the remainder of the installation manually. +#d-i anna/choose_modules string network-console +#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key +#d-i network-console/password password r00tme +#d-i network-console/password-again password r00tme + +### Mirror settings +# If you select ftp, the mirror/country string does not need to be set. +#d-i mirror/protocol string ftp +d-i mirror/country string manual +d-i mirror/http/hostname string ftp.ch.debian.org +d-i mirror/http/directory string /debian +d-i mirror/http/proxy string + +# Suite to install. +d-i mirror/suite string stable +# Suite to use for loading installer components (optional). +#d-i mirror/udeb/suite string testing + +### Account setup +d-i passwd/root-login boolean true +# Alternatively, to skip creation of a normal user account. +#d-i passwd/make-user boolean false + +# Root password, either in clear text +d-i passwd/root-password password wooclient +d-i passwd/root-password-again password wooclient +# or encrypted using an MD5 hash. +#d-i passwd/root-password-crypted password [MD5 hash] + +# To create a normal user account. +#d-i passwd/user-fullname string Debian User +d-i passwd/user-fullname string Test User +#d-i passwd/username string debian +d-i passwd/username string testuser +# Normal user's password, either in clear text +#d-i passwd/user-password password insecure +d-i passwd/user-password password test$us3r +#d-i passwd/user-password-again password insecure +d-i passwd/user-password-again password test$us3r +# or encrypted using an MD5 hash. +#d-i passwd/user-password-crypted password [MD5 hash] +# Create the first user with the specified UID instead of the default. +#d-i passwd/user-uid string 1010 + +# The user account will be added to some standard initial groups. To +# override that, use this. +#d-i passwd/user-default-groups string audio cdrom video + +### Clock and time zone setup +# Controls whether or not the hardware clock is set to UTC. +d-i clock-setup/utc boolean true + +# You may set this to any valid setting for $TZ; see the contents of +# /usr/share/zoneinfo/ for valid values. +d-i time/zone string UTC + +# Controls whether to use NTP to set the clock during the install +d-i clock-setup/ntp boolean true +# NTP server to use. The default is almost always fine here. +#d-i clock-setup/ntp-server string ntp.example.com + +### Partitioning +## Partitioning example +# If the system has free space you can choose to only partition that space. +# This is only honoured if partman-auto/method (below) is not set. +d-i partman-auto/init_automatically_partition select biggest_free + +# Alternatively, you may specify a disk to partition. If the system has only +# one disk the installer will default to using that, but otherwise the device +# name must be given in traditional, non-devfs format (so e.g. /dev/sda +# and not e.g. /dev/discs/disc0/disc). +# For example, to use the first SCSI/SATA hard disk: +#d-i partman-auto/disk string /dev/sda +# In addition, you'll need to specify the method to use. +# The presently available methods are: +# - regular: use the usual partition types for your architecture +# - lvm: use LVM to partition the disk +# - crypto: use LVM within an encrypted partition +#d-i partman-auto/method string regular + +# If one of the disks that are going to be automatically partitioned +# contains an old LVM configuration, the user will normally receive a +# warning. This can be preseeded away... +d-i partman-lvm/device_remove_lvm boolean true +# The same applies to pre-existing software RAID array: +d-i partman-md/device_remove_md boolean true +# And the same goes for the confirmation to write the lvm partitions. +d-i partman-lvm/confirm boolean true +d-i partman-lvm/confirm_nooverwrite boolean true + +# You can choose one of the three predefined partitioning recipes: +# - atomic: all files in one partition +# - home: separate /home partition +# - multi: separate /home, /var, and /tmp partitions +d-i partman-auto/choose_recipe select atomic + +# Or provide a recipe of your own... +# If you have a way to get a recipe file into the d-i environment, you can +# just point at it. +#d-i partman-auto/expert_recipe_file string /hd-media/recipe + +# If not, you can put an entire recipe into the preconfiguration file in one +# (logical) line. This example creates a small /boot partition, suitable +# swap, and uses the rest of the space for the root partition: +#d-i partman-auto/expert_recipe string \ +# boot-root :: \ +# 40 50 100 ext3 \ +# $primary{ } $bootable{ } \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ /boot } \ +# . \ +# 500 10000 1000000000 ext3 \ +# method{ format } format{ } \ +# use_filesystem{ } filesystem{ ext3 } \ +# mountpoint{ / } \ +# . \ +# 64 512 300% linux-swap \ +# method{ swap } format{ } \ +# . + +# The full recipe format is documented in the file partman-auto-recipe.txt +# included in the 'debian-installer' package or available from D-I source +# repository. This also documents how to specify settings such as file +# system labels, volume group names and which physical devices to include +# in a volume group. + +# This makes partman automatically partition without confirmation, provided +# that you told it what to do using one of the methods above. +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +## Partitioning using RAID +# The method should be set to "raid". +#d-i partman-auto/method string raid +# Specify the disks to be partitioned. They will all get the same layout, +# so this will only work if the disks are the same size. +#d-i partman-auto/disk string /dev/sda /dev/sdb + +# Next you need to specify the physical partitions that will be used. +#d-i partman-auto/expert_recipe string \ +# multiraid :: \ +# 1000 5000 4000 raid \ +# $primary{ } method{ raid } \ +# . \ +# 64 512 300% raid \ +# method{ raid } \ +# . \ +# 500 10000 1000000000 raid \ +# method{ raid } \ +# . + +# Last you need to specify how the previously defined partitions will be +# used in the RAID setup. Remember to use the correct partition numbers +# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported; +# devices are separated using "#". +# Parameters are: +# <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \ +# <devices> <sparedevices> + +#d-i partman-auto-raid/recipe string \ +# 1 2 0 ext3 / \ +# /dev/sda1#/dev/sdb1 \ +# . \ +# 1 2 0 swap - \ +# /dev/sda5#/dev/sdb5 \ +# . \ +# 0 2 0 ext3 /home \ +# /dev/sda6#/dev/sdb6 \ +# . + +# For additional information see the file partman-auto-raid-recipe.txt +# included in the 'debian-installer' package or available from D-I source +# repository. + +# This makes partman automatically partition without confirmation. +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true + +## Controlling how partitions are mounted +# The default is to mount by UUID, but you can also choose "traditional" to +# use traditional device names, or "label" to try filesystem labels before +# falling back to UUIDs. +#d-i partman/mount_style select uuid + +### Base system installation +# Configure APT to not install recommended packages by default. Use of this +# option can result in an incomplete system and should only be used by very +# experienced users. +#d-i base-installer/install-recommends boolean false + +# The kernel image (meta) package to be installed; "none" can be used if no +# kernel is to be installed. +#d-i base-installer/kernel/image string linux-image-586 + +# Disable prompting for another CD +base-config apt-setup/cd/another boolean false +d-i apt-setup/cdrom/set-first boolean false +d-i apt-setup/cdrom/set-next boolean false +d-i apt-setup/cdrom/set-failed boolean false +apt-cdrom-setup apt-setup/cdrom/set-next boolean false + +### Apt setup +# You can choose to install non-free and contrib software. +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true +# Uncomment this if you don't want to use a network mirror. +#d-i apt-setup/use_mirror boolean false +# Select which update services to use; define the mirrors to be used. +# Values shown below are the normal defaults. +# d-i apt-setup/services-select multiselect security, updates +# d-i apt-setup/security_host string security.debian.org + +# Additional repositories, local[0-9] available +#d-i apt-setup/local0/repository string \ +# http://local.server/debian stable main +#d-i apt-setup/local0/comment string local server +# Enable deb-src lines +#d-i apt-setup/local0/source boolean true +# URL to the public key of the local repository; you must provide a key or +# apt will complain about the unauthenticated repository and so the +# sources.list line will be left commented out +#d-i apt-setup/local0/key string http://local.server/key + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +#d-i debian-installer/allow_unauthenticated boolean true + +# Uncomment this to add multiarch configuration for i386 +#d-i apt-setup/multiarch string i386 + + +### Package selection + +# don't install any tasks: +tasksel tasksel/first multiselect +#standard, web-server, kde-desktop +#tasksel tasksel/first multiselect desktop +#tasksel tasksel/desktop multiselect task-xfce-desktop + +# Individual additional packages to install +d-i pkgsel/include string git openssh-server chromium +# Whether to upgrade packages after debootstrap. +# Allowed values: none, safe-upgrade, full-upgrade +d-i pkgsel/upgrade select none + +d-i pkgsel/install-language-support boolean false + + +# Policy for applying updates. May be "none" (no automatic updates), +# "unattended-upgrades" (install security updates automatically), or +# "landscape" (manage system with Landscape). +d-i pkgsel/update-policy select none + +# Some versions of the installer can report back on what software you have +# installed, and what software you use. The default is not to report back, +# but sending reports helps the project determine what software is most +# popular and include it on CDs. +popularity-contest popularity-contest/participate boolean false + +### Boot loader installation +# Grub is the default boot loader (for x86). If you want lilo installed +# instead, uncomment this: +#d-i grub-installer/skip boolean true +# To also skip installing lilo, and install no bootloader, uncomment this +# too: +#d-i lilo-installer/skip boolean true + + +# This is fairly safe to set, it makes grub install automatically to the MBR +# if no other operating system is detected on the machine. +d-i grub-installer/only_debian boolean true + +# This one makes grub-installer install to the MBR if it also finds some other +# OS, which is less safe as it might not be able to boot that other OS. +# d-i grub-installer/with_other_os boolean true + +# Due notably to potential USB sticks, the location of the MBR can not be +# determined safely in general, so this needs to be specified: +d-i grub-installer/bootdev string /dev/sda +# To install to the first device (assuming it is not a USB stick): +# d-i grub-installer/bootdev string default + +# Alternatively, if you want to install to a location other than the mbr, +# uncomment and edit these lines: +# d-i grub-installer/only_debian boolean true +#d-i grub-installer/with_other_os boolean false +#d-i grub-installer/bootdev string (hd0,1) +# To install grub to multiple disks: +#d-i grub-installer/bootdev string (hd0,1) (hd1,1) (hd2,1) + +# Optional password for grub, either in clear text +#d-i grub-installer/password password r00tme +#d-i grub-installer/password-again password r00tme +# or encrypted using an MD5 hash, see grub-md5-crypt(8). +#d-i grub-installer/password-crypted password [MD5 hash] + +# Use the following option to add additional boot parameters for the +# installed system (if supported by the bootloader installer). +# Note: options passed to the installer will be added automatically. +#d-i debian-installer/add-kernel-opts string nousb + +### Finishing up the installation +# During installations from serial console, the regular virtual consoles +# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next +# line to prevent this. +#d-i finish-install/keep-consoles boolean true + +# Avoid that last message about the install being complete. +d-i finish-install/reboot_in_progress note + +# This will prevent the installer from ejecting the CD during the reboot, +# which is useful in some situations. +#d-i cdrom-detect/eject boolean false + +# This is how to make the installer shutdown when finished, but not +# reboot into the installed system. +#d-i debian-installer/exit/halt boolean true +# This will power off the machine instead of just halting it. +d-i debian-installer/exit/poweroff boolean true + +### Preseeding other packages +# Depending on what software you choose to install, or if things go wrong +# during the installation process, it's possible that other questions may +# be asked. You can preseed those too, of course. To get a list of every +# possible question that could be asked during an install, do an +# installation, and then run these commands: +# debconf-get-selections --installer > file +# debconf-get-selections >> file + + +#### Advanced options +### Running custom commands during the installation +# d-i preseeding is inherently not secure. Nothing in the installer checks +# for attempts at buffer overflows or other exploits of the values of a +# preconfiguration file like this one. Only use preconfiguration files from +# trusted locations! To drive that home, and because it's generally useful, +# here's a way to run any shell command you'd like inside the installer, +# automatically. + +# This first command is run as early as possible, just after +# preseeding is read. +#d-i preseed/early_command string anna-install some-udeb +# This command is run immediately before the partitioner starts. It may be +# useful to apply dynamic partitioner preseeding that depends on the state +# of the disks (which may not be visible when preseed/early_command runs). +#d-i partman/early_command \ +# string debconf-set partman-auto/disk "$(list-devices disk | head -n1)" +# This command is run just before the install finishes, but when there is +# still a usable /target directory. You can chroot to /target and use it +# directly, or use the apt-install and in-target commands to easily install +# packages and run commands in the target system. +#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh diff --git a/client-build/profiles/wooclient.udebs b/client-build/profiles/wooclient.udebs new file mode 100644 index 0000000..9fd0035 --- /dev/null +++ b/client-build/profiles/wooclient.udebs @@ -0,0 +1,2 @@ +# the udeb needed for simple-cdd +simple-cdd-profiles diff --git a/client-build/ssh.cfg b/client-build/ssh.cfg new file mode 100644 index 0000000..d269483 --- /dev/null +++ b/client-build/ssh.cfg @@ -0,0 +1,6 @@ +Host localhost + User root + Port 2222 + LogLevel ERROR + StrictHostKeyChecking no + UserKnownHostsFile=/dev/null |