add client-build

17 files changed, 1139 insertions, 0 deletions

diff --git a/client-build/00-README b/client-build/00-README
new file mode 100644
index 0000000..45087f0
--- /dev/null
+++ b/client-build/00-README
@@ -0,0 +1,44 @@
+This directory contains some scripts and associated files to
+create a Debian image with a GNUnet (docker) and a chromium
+web browser.
+
+We use simple-cdd to non-interactively run the Debian installer,
+and have a profile 'wooclient' with our specifications.
+
+Dependencies:
+=============
+
+* debian-archive-keyring
+* qemu, qemu-system, qemu-kvm
+* xorriso
+* bsdtar
+* simple-cdd
+
+Make sure the user using the scripts is in the 'kvm' group.
+The scripts are only written for AMD64/x86_64 CPUs.
+
+
+How to use:
+===========
+
+First run:
+
+$ ./01-make-iso.sh
+
+to create the "installer.iso".
+
+Then run:
+
+$ ./02-setup-system.sh
+
+to run the Debian installer to create the 'wooclient.img'.
+wait until the script is done, this takes approx. 15-20 minutes!
+
+Next, boot the final image using:
+
+$ ./03-run-system.sh
+
+A chromium browser should start in the VM.
+
+You then have to install the chromium extensions
+"re:claimID" and "GNU Taler Wallet"
diff --git a/client-build/01-make-iso.sh b/client-build/01-make-iso.sh
new file mode 100755
index 0000000..baefd9b
--- /dev/null
+++ b/client-build/01-make-iso.sh
@@ -0,0 +1,66 @@
+#!/bin/sh
+
+# Shell script to build the ISO.
+# We use simple-cdd, but then need to patch the resulting
+# ISO to avoid GRUB/isolinux prompting for the installation
+# method and to avoid the Debian installer from asking questions
+# about the language (which it does before reading the preseed
+# file with the configuration, so those MUST be passed via
+# kernel parameters. Badly documented!).
+
+# What does not yet work:
+# - Debian installer asks for the 'wooclient' profile.
+#   (not sure which option to set in profiles/wooclient.preseed,
+#    or if using 'profiles' is the wrong approach entirely here)
+
+set -eu
+
+ISO=installer.iso
+
+if [ -f $ISO ]
+then
+	echo "Confirm removal of existing '$ISO' by pressing 'y':"
+	rm -i $ISO
+	if [ -f $ISO ]
+	then
+		echo "'$ISO' already exists, exiting..."
+		exit 0
+	fi
+fi
+
+# Will create images/debian-10-amd64-CD-1.iso
+export KERNEL_PARAMS="preseed/file=/cdrom/simple-cdd/default.preseed locale=en_US.UTF-8 keymap=us language=en country=US"
+
+build-simple-cdd --force-root --verbose --profiles wooclient --auto-profiles wooclient --dist buster
+
+# Use shell variable, in case the above changes in the future...
+IMG=images/debian-10-amd64-CD-1.iso
+
+# Create directory for unpacking the ISO
+rm -rf cd/
+mkdir cd/
+bsdtar -C cd/ -xf $IMG
+chmod -R +w cd/
+
+# Modify ISO
+
+# This may seem to have no effect, as GRUB is usually not used to boot the ISO.
+# But, just better be safe.
+# Make sure to also adjust kernel parameters here!
+cp iso/grub.cfg cd/boot/grub/
+
+# Change 'timeout' to 2 to ensure we boot non-interactively
+cp iso/isolinux.cfg cd/isolinux/
+# Remove graphical installer option from menu, so text-based is first
+cp iso/menu.cfg cd/isolinux/
+# Adds kernel parameters to setup language in Debian installer
+cp iso/txt.cfg cd/isolinux/
+
+
+# Finally, pack the ISO
+# Extract header from original ISO
+dd if=$IMG bs=1 count=432 of=isohdpfx.bin
+xorriso -as mkisofs -o $ISO -isohybrid-mbr isohdpfx.bin -c isolinux/boot.cat -b isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table ./cd
+
+# Delete temporary files
+rm isohdpfx.bin -r cd/
diff --git a/client-build/02-setup-system.sh b/client-build/02-setup-system.sh
new file mode 100755
index 0000000..709333b
--- /dev/null
+++ b/client-build/02-setup-system.sh
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Run QEMU with the installer.iso image (created via make-iso.sh) to
+# create a system image "talerwoo.img".
+#
+
+TARGET=wooclient.img
+
+if [ -f $TARGET ]
+then
+	echo "Confirm removal of existing $TARGET by pressing \"y\":"
+	rm -i $TARGET
+	if [ -f $TARGET ]
+	then
+		echo "proceed with installation (see 00-README)"
+		exit 0
+	fi
+fi
+
+# Create target image file.  Note: Debian has a minimum
+# size for automatic partitioning >= 10G these days!
+qemu-img create -q -f qcow2 $TARGET 32G > /dev/null 2>&1
+
+echo "installing system - please be patient (approx. 5-10 minutes)!"
+
+qemu-system-x86_64 -m 4G -enable-kvm -hda $TARGET \
+	-display none -cdrom installer.iso > /dev/null 2>&1
+
+echo "run system (first run) - please be patient (approx 10-15 minutes)!"
+
+qemu-system-x86_64 -m 4G -enable-kvm -net nic,model=rtl8139 \
+	-net user,hostfwd=tcp::2222-:22,hostfwd=tcp::7776-:7776 \
+	-display none -hda $TARGET > /dev/null 2>&1
+
+echo "proceed with installation (see 00-README)"
diff --git a/client-build/03-run-system.sh b/client-build/03-run-system.sh
new file mode 100755
index 0000000..ba11bda
--- /dev/null
+++ b/client-build/03-run-system.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+# Run QEMU with the talerwoo.img (create via setup-system.sh)
+
+TARGET=wooclient.img
+
+echo "start the system.."
+# Run qemu
+qemu-system-x86_64 -m 4G -enable-kvm -net nic,model=rtl8139 \
+	-net user,hostfwd=tcp::2222-:22,hostfwd=tcp::7776-:7776 \
+	-display none -hda $TARGET > /dev/null 2>&1 &
+
+echo ".. and wait some time until it is ready!"
+# wait for system to boot up
+sleep 15
+
+# now start chromium in the VM 
+echo "now start 'chromium' in the VM"
+ssh -F ./chromium.cfg localhost
diff --git a/client-build/chromium.cfg b/client-build/chromium.cfg
new file mode 100644
index 0000000..c8cd2ff
--- /dev/null
+++ b/client-build/chromium.cfg
@@ -0,0 +1,9 @@
+Host localhost
+   User testuser
+   Port 2222
+   LogLevel ERROR
+   StrictHostKeyChecking no
+   UserKnownHostsFile=/dev/null
+   ForwardX11 yes
+   ForwardX11Trusted yes
+   RemoteCommand chromium
diff --git a/client-build/iso/grub.cfg b/client-build/iso/grub.cfg
new file mode 100644
index 0000000..3d970b3
--- /dev/null
+++ b/client-build/iso/grub.cfg
@@ -0,0 +1,155 @@
+if loadfont $prefix/font.pf2 ; then
+  set gfxmode=800x600
+  set gfxpayload=keep
+  insmod efi_gop
+  insmod efi_uga
+  insmod video_bochs
+  insmod video_cirrus
+  insmod gfxterm
+  insmod png
+  terminal_output gfxterm
+fi
+
+if background_image /isolinux/splash.png; then
+  set color_normal=light-gray/black
+  set color_highlight=white/black
+elif background_image /splash.png; then
+  set color_normal=light-gray/black
+  set color_highlight=white/black
+else
+  set menu_color_normal=cyan/blue
+  set menu_color_highlight=white/blue
+fi
+
+insmod play
+play 960 440 1 0 4 440 1
+set theme=/boot/grub/theme/1
+menuentry --hotkey=i 'Install' {
+    set background_color=black
+    linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788  --- quiet locale=en_US.UTF-8 keymap=us language=en country=US
+    initrd   /install.amd/initrd.gz
+}
+menuentry --hotkey=g 'Graphical install' {
+    set background_color=black
+    linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 --- quiet
+    initrd   /install.amd/gtk/initrd.gz
+}
+submenu --hotkey=a 'Advanced options ...' {
+    set menu_color_normal=cyan/blue
+    set menu_color_highlight=white/blue
+    set theme=/boot/grub/theme/1-1
+    menuentry '... Graphical expert install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 ---
+        initrd   /install.amd/gtk/initrd.gz
+    }
+    menuentry '... Graphical rescue mode' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true --- quiet
+        initrd   /install.amd/gtk/initrd.gz
+    }
+    menuentry '... Graphical automated install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 --- quiet
+        initrd   /install.amd/gtk/initrd.gz
+    }
+    menuentry --hotkey=x '... Expert install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 ---
+        initrd   /install.amd/initrd.gz
+    }
+    menuentry --hotkey=r '... Rescue mode' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true --- quiet
+        initrd   /install.amd/initrd.gz
+    }
+    menuentry --hotkey=a '... Automated install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 --- quiet
+        initrd   /install.amd/initrd.gz
+    }
+    submenu --hotkey=s '... Speech-enabled advanced options ...' {
+        set menu_color_normal=cyan/blue
+        set menu_color_highlight=white/blue
+        set theme=/boot/grub/theme/1-1-1
+        menuentry --hotkey=x '... Expert speech install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 speakup.synth=soft ---
+            initrd   /install.amd/gtk/initrd.gz
+        }
+        menuentry --hotkey=r '... Rescue speech mode' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true speakup.synth=soft --- quiet
+            initrd   /install.amd/gtk/initrd.gz
+        }
+        menuentry --hotkey=a '... Automated speech install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 speakup.synth=soft --- quiet
+            initrd   /install.amd/gtk/initrd.gz
+        }
+    }
+}
+submenu --hotkey=d 'Accessible dark contrast installer menu ...' {
+    set menu_color_normal=white/black
+    set menu_color_highlight=yellow/black
+    set color_normal=white/black
+    set color_highlight=yellow/black
+    background_image
+    set theme=/boot/grub/theme/dark-1-2
+    menuentry --hotkey=g '... Graphical install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 theme=dark --- quiet
+        initrd   /install.amd/gtk/initrd.gz
+    }
+    menuentry --hotkey=i '... Install' {
+        set background_color=black
+        linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 theme=dark --- quiet
+        initrd   /install.amd/initrd.gz
+    }
+    submenu --hotkey=a '... Advanced options ...' {
+        set menu_color_normal=white/black
+        set menu_color_highlight=yellow/black
+        set color_normal=white/black
+        set color_highlight=yellow/black
+        background_image
+        set theme=/boot/grub/theme/dark-1-2-1
+        menuentry '... Graphical expert install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 theme=dark ---
+            initrd   /install.amd/gtk/initrd.gz
+        }
+        menuentry '... Graphical rescue mode' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true theme=dark --- quiet
+            initrd   /install.amd/gtk/initrd.gz
+        }
+        menuentry '... Graphical automated install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 theme=dark --- quiet
+            initrd   /install.amd/gtk/initrd.gz
+        }
+        menuentry --hotkey=x '... Expert install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed priority=low vga=788 theme=dark ---
+            initrd   /install.amd/initrd.gz
+        }
+        menuentry --hotkey=r '... Rescue mode' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 rescue/enable=true theme=dark --- quiet
+            initrd   /install.amd/initrd.gz
+        }
+        menuentry --hotkey=a '... Automated install' {
+            set background_color=black
+            linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed auto=true priority=critical vga=788 theme=dark --- quiet
+            initrd   /install.amd/initrd.gz
+        }
+    }
+}
+menuentry --hotkey=s 'Install with speech synthesis' {
+    set background_color=black
+    linux    /install.amd/vmlinuz preseed/file=/cdrom/simple-cdd/default.preseed vga=788 speakup.synth=soft --- quiet
+    initrd   /install.amd/gtk/initrd.gz
+}
+
+set default="0"
+set timeout=2
\ No newline at end of file
diff --git a/client-build/iso/isolinux.cfg b/client-build/iso/isolinux.cfg
new file mode 100644
index 0000000..84b1659
--- /dev/null
+++ b/client-build/iso/isolinux.cfg
@@ -0,0 +1,7 @@
+# D-I config version 2.0
+# search path for the c32 support libraries (libcom32, libutil etc.)
+path 
+include menu.cfg
+default vesamenu.c32
+prompt 0
+timeout 2
diff --git a/client-build/iso/menu.cfg b/client-build/iso/menu.cfg
new file mode 100644
index 0000000..a91a860
--- /dev/null
+++ b/client-build/iso/menu.cfg
@@ -0,0 +1,53 @@
+menu hshift 4menu width 70
+
+menu title Debian GNU/Linux installer menu (BIOS mode)
+include stdmenu.cfg
+include txt.cfg
+menu begin advanced
+    menu label ^Advanced options
+	menu title Advanced options
+	include stdmenu.cfg
+	label mainmenu
+		menu label ^Back..
+		menu exit
+	include adgtk.cfg
+	include adtxt.cfg
+	include adspkgtk.cfg
+	include adspk.cfg
+menu end
+menu begin dark
+    menu label Accessible ^dark contrast installer menu
+	menu title Accessible dark contrast option
+	include drkmenu.cfg
+	label mainmenu
+		menu label ^Back..
+		menu exit
+	include drkgtk.cfg
+	include drk.cfg
+	menu begin advanced
+	    menu label ^Advanced options
+		menu title Advanced options
+		include drkmenu.cfg
+		label mainmenu
+			menu label ^Back..
+			menu exit
+		include addrkgtk.cfg
+		include addrk.cfg
+	menu end
+	include x86drkme.cfg
+	label help
+		menu label ^Help
+		text help
+   Display help screens; type 'menu' at boot prompt to return to this menu
+		endtext
+		config prompt.cfg
+menu end
+include x86menu.cfg
+label help
+	menu label ^Help
+	text help
+   Display help screens; type 'menu' at boot prompt to return to this menu
+	endtext
+	config prompt.cfg
+include spkgtk.cfg
+include spk.cfg
diff --git a/client-build/iso/syslinux.cfg b/client-build/iso/syslinux.cfg
new file mode 100644
index 0000000..d484735
--- /dev/null
+++ b/client-build/iso/syslinux.cfg
@@ -0,0 +1,2 @@
+default vmlinuz
+append locale=en_US.UTF-8 keymap=us language=en country=US
diff --git a/client-build/iso/txt.cfg b/client-build/iso/txt.cfg
new file mode 100644
index 0000000..66699d6
--- /dev/null
+++ b/client-build/iso/txt.cfg
@@ -0,0 +1,4 @@
+label install
+	menu label ^Install
+	kernel /install.amd/vmlinuz
+	append preseed/file=/cdrom/simple-cdd/default.preseed vga=788 initrd=/install.amd/initrd.gz --- quiet locale=en_US.UTF-8 keymap=us language=en country=US
diff --git a/client-build/profiles/default.preseed b/client-build/profiles/default.preseed
new file mode 100644
index 0000000..207d6db
--- /dev/null
+++ b/client-build/profiles/default.preseed
@@ -0,0 +1,192 @@
+# these are the basic debconf pre-seeding items needed for a miminal
+# interaction debian etch install using debian-installer
+
+# this example pre-seeding file was largely based on
+# http://d-i.alioth.debian.org/manual/example-preseed.txt
+#
+# for more explanation of the options, see:
+# http://d-i.alioth.debian.org/manual/en.mips/apbs04.html
+
+## simple-cdd options
+
+# automatically select simple-cdd profiles
+# NOTE: profile "default" is now automatically included, and should not be
+# specified here.
+#simple-cdd simple-cdd/profiles multiselect ltsp
+#simple-cdd simple-cdd/profiles multiselect ltsp, x-basic
+
+# Profile selection
+simple-cdd simple-cdd/profiles multiselect wooclient
+
+###### Package selection.
+
+# You can choose to install any combination of tasks that are available.
+# Available tasks as of this writing include: Desktop environment,
+# Web server, Print server, DNS server, File server, Mail server,
+# SQL database, manual package selection. The last of those will run
+# aptitude. You can also choose to install no tasks, and force the
+# installation of a set of packages in some other way.
+
+# don't install any tasks
+tasksel   tasksel/first multiselect
+#tasksel   tasksel/first multiselect Desktop environment
+#tasksel  tasksel/first multiselect Web server, Mail server, DNS server
+
+
+###### Time zone setup.
+
+# Controls whether or not the hardware clock is set to UTC.
+d-i clock-setup/utc boolean true
+
+# Many countries have only one time zone. If you told the installer you're
+# in one of those countries, you can choose its standard time zone via this
+# question.
+base-config tzconfig/choose_country_zone_single boolean true
+#d-i     time/zone       select  US/Pacific
+
+
+### keyboard configuration
+
+# don't mess with the keymap
+console-common  console-data/keymap/policy      select  Don't touch keymap
+console-data    console-data/keymap/policy      select  Don't touch keymap
+
+# keyboard layouts
+#console-data console-data/keymap/qwerty/layout select US american
+#console-data console-data/keymap/family select qwerty
+#console-common console-data/keymap/family select qwerty
+
+
+###### Account setup.
+
+# To preseed the root password, you have to put it in the clear in this
+# file. That is not a very good idea, use caution!
+#passwd   passwd/root-password    password r00tme
+#passwd   passwd/root-password-again  password r00tme
+
+# If you want to skip creation of a normal user account.
+#passwd   passwd/make-user    boolean false
+# Alternatively, you can preseed the user's name and login.
+#passwd   passwd/user-fullname    string Debian User
+#passwd   passwd/username     string debian
+# And their password, but use caution!
+#passwd   passwd/user-password    password insecure
+#passwd   passwd/user-password-again  password insecure
+
+
+#### Network configuration.
+
+# netcfg will choose an interface that has link if possible. This makes it
+# skip displaying a list if there is more than one interface.
+d-i netcfg/choose_interface select auto
+
+# Note that any hostname and domain names assigned from dhcp take
+# precidence over values set here. However, setting the values still
+# prevents the questions from being shown even if values come from dhcp.
+d-i netcfg/get_hostname string unassigned
+d-i netcfg/get_domain string unassigned
+# to set the domain to empty:
+#d-i netcfg/get_domain string
+
+# Disable that annoying WEP key dialog.
+d-i netcfg/wireless_wep string
+
+
+### Partitioning.
+
+# you can specify a disk to partition. The device name can be given in either
+# devfs or traditional non-devfs format.  For example, to use the first disk
+# devfs knows of:
+## NOTE: disabled for lenny, as it seemed to cause issues
+#d-i partman-auto/disk string /dev/discs/disc0/disc
+
+# In addition, you'll need to specify the method to use.
+# The presently available methods are: "regular", "lvm" and "crypto"
+d-i partman-auto/method string regular
+
+# If one of the disks that are going to be automatically partitioned
+# contains an old LVM configuration, the user will normally receive a
+# warning. This can be preseeded away...
+#d-i partman-auto/purge_lvm_from_device boolean true
+# And the same goes for the confirmation to write the lvm partitions.
+#d-i partman-lvm/confirm boolean true
+
+# Alternately, If the system has free space you can choose to only partition
+# that space.
+#d-i  partman-auto/init_automatically_partition select Use the largest continuous free space
+#d-i partman-auto/init_automatically_partition       select  Guided - use entire disk
+
+# You can choose from any of the predefined partitioning recipes:
+d-i partman-auto/choose_recipe  select All files in one partition (recommended for new users)
+#d-i  partman-auto/choose_recipe  select Desktop machine
+#d-i  partman-auto/choose_recipe  select Multi-user workstation
+
+# uncomment the following three values to makes partman automatically partition
+# without confirmation.
+#d-i partman/confirm_write_new_label boolean true
+d-i partman/choose_partition  select Finish partitioning and write changes to disk
+#d-i partman/confirm     boolean true
+
+#### Boot loader installation.
+
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+d-i grub-installer/only_debian  boolean true
+# This one makes grub-installer install to the MBR if if finds some other OS
+# too, which is less safe as it might not be able to boot that other OS.
+d-i grub-installer/with_other_os  boolean true
+
+
+###### Apt setup.
+
+# automatically set the CD as the installation media.
+#base-config apt-setup/uri_type  select http
+#base-config apt-setup/uri_type  select cdrom
+# only scan the first CD by default
+#base-config apt-setup/cd/another  boolean false
+# don't ask to use additional mirrors
+#base-config apt-setup/another boolean false
+# Use a network mirror?
+# apt-mirror-setup        apt-setup/use_mirror    boolean false
+
+# Select individual apt repositories
+#d-i apt-setup/services-select multiselect security, updates, backports
+# Disable extra apt repositories
+#d-i apt-setup/services-select multiselect
+
+# You can choose to install non-free and contrib software.
+#d-i apt-setup/non-free  boolean true
+#d-i apt-setup/contrib boolean true
+
+
+###### Mailer configuration.
+
+# During a normal install, exim asks only two questions. Here's how to
+# avoid even those. More complicated preseeding is possible.
+exim4-config  exim4/dc_eximconfig_configtype  select no configuration at this time
+# It's a good idea to set this to whatever user account you choose to
+# create. Leaving the value blank results in postmaster mail going to
+# /var/mail/mail.
+exim4-config  exim4/dc_postmaster   string
+
+
+### skip some annoying installation status notes
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+# Avoid the introductory message.
+base-config base-config/intro note
+# Avoid the final message.
+base-config base-config/login note
+
+#d-i     popularity-contest/participate  boolean false
+
+
+### simple-cdd commands
+
+# you may add to the following commands by including a ";" followed by your
+# shell commands.
+
+# loads the simple-cdd-profiles udeb to which asks for which profiles to use,
+# load the debconf preseeding and queue packages for installation.
+d-i preseed/early_command string anna-install simple-cdd-profiles
diff --git a/client-build/profiles/wooclient.description b/client-build/profiles/wooclient.description
new file mode 100644
index 0000000..cef6573
--- /dev/null
+++ b/client-build/profiles/wooclient.description
@@ -0,0 +1 @@
+Installer to automatically build the wooclient VM.
diff --git a/client-build/profiles/wooclient.packages b/client-build/profiles/wooclient.packages
new file mode 100644
index 0000000..b85bd26
--- /dev/null
+++ b/client-build/profiles/wooclient.packages
@@ -0,0 +1,7 @@
+wget
+sudo
+uuid
+screen
+docker
+docker.io
+runc
diff --git a/client-build/profiles/wooclient.postinst b/client-build/profiles/wooclient.postinst
new file mode 100755
index 0000000..2fd4d15
--- /dev/null
+++ b/client-build/profiles/wooclient.postinst
@@ -0,0 +1,86 @@
+#!/bin/bash
+
+set -eu
+
+cat > /etc/systemd/system/firstboot-wooclient.service <<EOF
+[Unit]
+After=mariadb.service network-online.target
+Wants=network-online.target
+Description="Logic to install wooclient on first boot"
+
+[Service]
+ExecStart=/usr/local/bin/firstboot-script.sh
+
+[Install]
+WantedBy=default.target
+EOF
+
+cat > /etc/systemd/system/gnunet-docker.service <<EOF
+[Unit]
+Description=GNUnet Container
+Requires=docker.service
+After=docker.service
+
+[Service]
+Restart=always
+ExecStart=/usr/bin/docker start -a gnunet-docker
+ExecStop=/usr/bin/docker stop -t 2 gnunet-docker
+
+[Install]
+WantedBy=default.target
+EOF
+
+cat > /usr/share/chromium/initial_bookmarks.html <<EOF
+<!DOCTYPE NETSCAPE-Bookmark-file-1>
+<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UTF-8">
+<TITLE>Bookmarks</TITLE>
+<H1>Bookmarks</H1>
+<DL><p>
+    <DT><H3 PERSONAL_TOOLBAR_FOLDER="true">Bookmarks Bar</H3>
+    <DL><p>
+        <DT><A HREF="https://woo.nslab.ch/">WooCommerce@nslab.ch</A>
+        <DT><A HREF="https://reclaim.gnunet.org/">re:claimID</A>
+        <DT><A HREF="https://chrome.google.com/webstore/detail/reclaimid/jiogompmdejcnacmlnjhnaicgkefcfll">Get re:claimID</A>
+        <DT><A HREF="https://taler.net/">GNU Taler</A>
+        <DT><A HREF="https://chrome.google.com/webstore/detail/gnu-taler-wallet/millncjiddlpgdmkklmhfadpacifaonc">Get GNU Taler Wallet</A>
+    </DL><p>
+</DL><p>
+EOF
+
+cat > /usr/local/bin/firstboot-script.sh <<EOF
+#!/bin/bash
+
+set -eu
+
+echo "Giving system time to complete setup"
+sleep 60
+
+echo "Enable root login with password"
+
+# Permit root login with passwd
+echo "PermitRootLogin yes" >> /etc/ssh/sshd_config
+systemctl restart sshd
+
+# run gnunet-docker
+/usr/bin/docker run -v /root/.local/share/gnunet:/root/.local/share/gnunet -p 7776:7776 -td --name gnunet-docker reclaimid/gnunet-docker
+
+# enable gnunet-docker service
+systemctl enable gnunet-docker
+
+# Remove self from boot sequence
+rm /etc/systemd/system/firstboot-wooclient.service
+
+echo "Postinstall script done, shutdown system"
+
+shutdown -h now "firstboot installation done, shutdown system"
+
+EOF
+
+chmod +x /usr/local/bin/firstboot-script.sh
+
+echo "Enabling firstboot-wooclient"
+
+systemctl daemon-reload
+systemctl enable firstboot-wooclient
+
+echo "wooclient postinstall finished"
diff --git a/client-build/profiles/wooclient.preseed b/client-build/profiles/wooclient.preseed
new file mode 100644
index 0000000..eabd5fa
--- /dev/null
+++ b/client-build/profiles/wooclient.preseed
@@ -0,0 +1,453 @@
+#### Contents of the preconfiguration file (for jessie)
+
+
+# Profile selection
+simple-cdd simple-cdd/profiles multiselect wooclient
+
+
+### Localization
+# Preseeding only locale sets language, country and locale.
+d-i debian-installer/locale string en_US
+
+# The values can also be preseeded individually for greater flexibility.
+d-i debian-installer/language string en
+d-i debian-installer/country string CH
+d-i debian-installer/locale string en_US.UTF-8
+# Optionally specify additional locales to be generated.
+d-i localechooser/supported-locales multiselect en_GB.UTF-8, de_DE.UTF-8
+
+# Keyboard selection.
+d-i keyboard-configuration/xkb-keymap select us
+# d-i keyboard-configuration/toggle select No toggling
+
+### Network configuration
+d-i netcfg/enable boolean true
+
+# netcfg will choose an interface that has link if possible. This makes it
+# skip displaying a list if there is more than one interface.
+d-i netcfg/choose_interface select auto
+
+# To pick a particular interface instead:
+#d-i netcfg/choose_interface select eth1
+
+# To set a different link detection timeout (default is 3 seconds).
+# Values are interpreted as seconds.
+#d-i netcfg/link_wait_timeout string 10
+
+# If you have a slow dhcp server and the installer times out waiting for
+# it, this might be useful.
+#d-i netcfg/dhcp_timeout string 60
+#d-i netcfg/dhcpv6_timeout string 60
+
+# If you prefer to configure the network manually, uncomment this line and
+# the static network configuration below.
+#d-i netcfg/disable_autoconfig boolean true
+
+# If you want the preconfiguration file to work on systems both with and
+# without a dhcp server, uncomment these lines and the static network
+# configuration below.
+#d-i netcfg/dhcp_failed note
+#d-i netcfg/dhcp_options select Configure network manually
+
+# Static network configuration.
+#
+# IPv4 example
+#d-i netcfg/get_ipaddress string 192.168.1.42
+#d-i netcfg/get_netmask string 255.255.255.0
+#d-i netcfg/get_gateway string 192.168.1.1
+#d-i netcfg/get_nameservers string 192.168.1.1
+#d-i netcfg/confirm_static boolean true
+#
+# IPv6 example
+#d-i netcfg/get_ipaddress string fc00::2
+#d-i netcfg/get_netmask string ffff:ffff:ffff:ffff::
+#d-i netcfg/get_gateway string fc00::1
+#d-i netcfg/get_nameservers string fc00::1
+#d-i netcfg/confirm_static boolean true
+
+# Any hostname and domain names assigned from dhcp take precedence over
+# values set here. However, setting the values still prevents the questions
+# from being shown, even if values come from dhcp.
+#d-i netcfg/get_hostname string unassigned-hostname
+#d-i netcfg/get_domain string unassigned-domain
+d-i netcfg/get_hostname string wooclient
+d-i netcfg/get_domain string wooclient
+
+# If you want to force a hostname, regardless of what either the DHCP
+# server returns or what the reverse DNS entry for the IP is, uncomment
+# and adjust the following line.
+#d-i netcfg/hostname string somehost
+
+# Disable that annoying WEP key dialog.
+d-i netcfg/wireless_wep string
+# The wacky dhcp hostname that some ISPs use as a password of sorts.
+#d-i netcfg/dhcp_hostname string radish
+
+# If non-free firmware is needed for the network or other hardware, you can
+# configure the installer to always try to load it, without prompting. Or
+# change to false to disable asking.
+#d-i hw-detect/load_firmware boolean true
+
+### Network console
+# Use the following settings if you wish to make use of the network-console
+# component for remote installation over SSH. This only makes sense if you
+# intend to perform the remainder of the installation manually.
+#d-i anna/choose_modules string network-console
+#d-i network-console/authorized_keys_url string http://10.0.0.1/openssh-key
+#d-i network-console/password password r00tme
+#d-i network-console/password-again password r00tme
+
+### Mirror settings
+# If you select ftp, the mirror/country string does not need to be set.
+#d-i mirror/protocol string ftp
+d-i mirror/country string manual
+d-i mirror/http/hostname string ftp.ch.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+
+# Suite to install.
+d-i mirror/suite string stable
+# Suite to use for loading installer components (optional).
+#d-i mirror/udeb/suite string testing
+
+### Account setup
+d-i passwd/root-login boolean true
+# Alternatively, to skip creation of a normal user account.
+#d-i passwd/make-user boolean false
+
+# Root password, either in clear text
+d-i passwd/root-password password wooclient
+d-i passwd/root-password-again password wooclient
+# or encrypted using an MD5 hash.
+#d-i passwd/root-password-crypted password [MD5 hash]
+
+# To create a normal user account.
+#d-i passwd/user-fullname string Debian User
+d-i passwd/user-fullname string Test User
+#d-i passwd/username string debian
+d-i passwd/username string testuser
+# Normal user's password, either in clear text
+#d-i passwd/user-password password insecure
+d-i passwd/user-password password test$us3r
+#d-i passwd/user-password-again password insecure
+d-i passwd/user-password-again password test$us3r
+# or encrypted using an MD5 hash.
+#d-i passwd/user-password-crypted password [MD5 hash]
+# Create the first user with the specified UID instead of the default.
+#d-i passwd/user-uid string 1010
+
+# The user account will be added to some standard initial groups. To
+# override that, use this.
+#d-i passwd/user-default-groups string audio cdrom video
+
+### Clock and time zone setup
+# Controls whether or not the hardware clock is set to UTC.
+d-i clock-setup/utc boolean true
+
+# You may set this to any valid setting for $TZ; see the contents of
+# /usr/share/zoneinfo/ for valid values.
+d-i time/zone string UTC
+
+# Controls whether to use NTP to set the clock during the install
+d-i clock-setup/ntp boolean true
+# NTP server to use. The default is almost always fine here.
+#d-i clock-setup/ntp-server string ntp.example.com
+
+### Partitioning
+## Partitioning example
+# If the system has free space you can choose to only partition that space.
+# This is only honoured if partman-auto/method (below) is not set.
+d-i partman-auto/init_automatically_partition select biggest_free
+
+# Alternatively, you may specify a disk to partition. If the system has only
+# one disk the installer will default to using that, but otherwise the device
+# name must be given in traditional, non-devfs format (so e.g. /dev/sda
+# and not e.g. /dev/discs/disc0/disc).
+# For example, to use the first SCSI/SATA hard disk:
+#d-i partman-auto/disk string /dev/sda
+# In addition, you'll need to specify the method to use.
+# The presently available methods are:
+# - regular: use the usual partition types for your architecture
+# - lvm:     use LVM to partition the disk
+# - crypto:  use LVM within an encrypted partition
+#d-i partman-auto/method string regular
+
+# If one of the disks that are going to be automatically partitioned
+# contains an old LVM configuration, the user will normally receive a
+# warning. This can be preseeded away...
+d-i partman-lvm/device_remove_lvm boolean true
+# The same applies to pre-existing software RAID array:
+d-i partman-md/device_remove_md boolean true
+# And the same goes for the confirmation to write the lvm partitions.
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+
+# You can choose one of the three predefined partitioning recipes:
+# - atomic: all files in one partition
+# - home:   separate /home partition
+# - multi:  separate /home, /var, and /tmp partitions
+d-i partman-auto/choose_recipe select atomic
+
+# Or provide a recipe of your own...
+# If you have a way to get a recipe file into the d-i environment, you can
+# just point at it.
+#d-i partman-auto/expert_recipe_file string /hd-media/recipe
+
+# If not, you can put an entire recipe into the preconfiguration file in one
+# (logical) line. This example creates a small /boot partition, suitable
+# swap, and uses the rest of the space for the root partition:
+#d-i partman-auto/expert_recipe string                         \
+#      boot-root ::                                            \
+#              40 50 100 ext3                                  \
+#                      $primary{ } $bootable{ }                \
+#                      method{ format } format{ }              \
+#                      use_filesystem{ } filesystem{ ext3 }    \
+#                      mountpoint{ /boot }                     \
+#              .                                               \
+#              500 10000 1000000000 ext3                       \
+#                      method{ format } format{ }              \
+#                      use_filesystem{ } filesystem{ ext3 }    \
+#                      mountpoint{ / }                         \
+#              .                                               \
+#              64 512 300% linux-swap                          \
+#                      method{ swap } format{ }                \
+#              .
+
+# The full recipe format is documented in the file partman-auto-recipe.txt
+# included in the 'debian-installer' package or available from D-I source
+# repository. This also documents how to specify settings such as file
+# system labels, volume group names and which physical devices to include
+# in a volume group.
+
+# This makes partman automatically partition without confirmation, provided
+# that you told it what to do using one of the methods above.
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+## Partitioning using RAID
+# The method should be set to "raid".
+#d-i partman-auto/method string raid
+# Specify the disks to be partitioned. They will all get the same layout,
+# so this will only work if the disks are the same size.
+#d-i partman-auto/disk string /dev/sda /dev/sdb
+
+# Next you need to specify the physical partitions that will be used.
+#d-i partman-auto/expert_recipe string \
+#      multiraid ::                                         \
+#              1000 5000 4000 raid                          \
+#                      $primary{ } method{ raid }           \
+#              .                                            \
+#              64 512 300% raid                             \
+#                      method{ raid }                       \
+#              .                                            \
+#              500 10000 1000000000 raid                    \
+#                      method{ raid }                       \
+#              .
+
+# Last you need to specify how the previously defined partitions will be
+# used in the RAID setup. Remember to use the correct partition numbers
+# for logical partitions. RAID levels 0, 1, 5, 6 and 10 are supported;
+# devices are separated using "#".
+# Parameters are:
+# <raidtype> <devcount> <sparecount> <fstype> <mountpoint> \
+#          <devices> <sparedevices>
+
+#d-i partman-auto-raid/recipe string \
+#    1 2 0 ext3 /                    \
+#          /dev/sda1#/dev/sdb1       \
+#    .                               \
+#    1 2 0 swap -                    \
+#          /dev/sda5#/dev/sdb5       \
+#    .                               \
+#    0 2 0 ext3 /home                \
+#          /dev/sda6#/dev/sdb6       \
+#    .
+
+# For additional information see the file partman-auto-raid-recipe.txt
+# included in the 'debian-installer' package or available from D-I source
+# repository.
+
+# This makes partman automatically partition without confirmation.
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+
+## Controlling how partitions are mounted
+# The default is to mount by UUID, but you can also choose "traditional" to
+# use traditional device names, or "label" to try filesystem labels before
+# falling back to UUIDs.
+#d-i partman/mount_style select uuid
+
+### Base system installation
+# Configure APT to not install recommended packages by default. Use of this
+# option can result in an incomplete system and should only be used by very
+# experienced users.
+#d-i base-installer/install-recommends boolean false
+
+# The kernel image (meta) package to be installed; "none" can be used if no
+# kernel is to be installed.
+#d-i base-installer/kernel/image string linux-image-586
+
+# Disable prompting for another CD
+base-config apt-setup/cd/another boolean false
+d-i apt-setup/cdrom/set-first boolean false
+d-i apt-setup/cdrom/set-next boolean false
+d-i apt-setup/cdrom/set-failed boolean false
+apt-cdrom-setup apt-setup/cdrom/set-next    boolean false
+
+### Apt setup
+# You can choose to install non-free and contrib software.
+#d-i apt-setup/non-free boolean true
+#d-i apt-setup/contrib boolean true
+# Uncomment this if you don't want to use a network mirror.
+#d-i apt-setup/use_mirror boolean false
+# Select which update services to use; define the mirrors to be used.
+# Values shown below are the normal defaults.
+# d-i apt-setup/services-select multiselect security, updates
+# d-i apt-setup/security_host string security.debian.org
+
+# Additional repositories, local[0-9] available
+#d-i apt-setup/local0/repository string \
+#       http://local.server/debian stable main
+#d-i apt-setup/local0/comment string local server
+# Enable deb-src lines
+#d-i apt-setup/local0/source boolean true
+# URL to the public key of the local repository; you must provide a key or
+# apt will complain about the unauthenticated repository and so the
+# sources.list line will be left commented out
+#d-i apt-setup/local0/key string http://local.server/key
+
+# By default the installer requires that repositories be authenticated
+# using a known gpg key. This setting can be used to disable that
+# authentication. Warning: Insecure, not recommended.
+#d-i debian-installer/allow_unauthenticated boolean true
+
+# Uncomment this to add multiarch configuration for i386
+#d-i apt-setup/multiarch string i386
+
+
+### Package selection
+
+# don't install any tasks:
+tasksel tasksel/first multiselect
+#standard, web-server, kde-desktop
+#tasksel tasksel/first multiselect desktop
+#tasksel tasksel/desktop multiselect task-xfce-desktop
+
+# Individual additional packages to install
+d-i pkgsel/include string git openssh-server chromium
+# Whether to upgrade packages after debootstrap.
+# Allowed values: none, safe-upgrade, full-upgrade
+d-i pkgsel/upgrade select none
+
+d-i pkgsel/install-language-support boolean false
+
+
+# Policy for applying updates. May be "none" (no automatic updates),
+# "unattended-upgrades" (install security updates automatically), or
+# "landscape" (manage system with Landscape).
+d-i pkgsel/update-policy select none
+
+# Some versions of the installer can report back on what software you have
+# installed, and what software you use. The default is not to report back,
+# but sending reports helps the project determine what software is most
+# popular and include it on CDs.
+popularity-contest popularity-contest/participate boolean false
+
+### Boot loader installation
+# Grub is the default boot loader (for x86). If you want lilo installed
+# instead, uncomment this:
+#d-i grub-installer/skip boolean true
+# To also skip installing lilo, and install no bootloader, uncomment this
+# too:
+#d-i lilo-installer/skip boolean true
+
+
+# This is fairly safe to set, it makes grub install automatically to the MBR
+# if no other operating system is detected on the machine.
+d-i grub-installer/only_debian boolean true
+
+# This one makes grub-installer install to the MBR if it also finds some other
+# OS, which is less safe as it might not be able to boot that other OS.
+# d-i grub-installer/with_other_os boolean true
+
+# Due notably to potential USB sticks, the location of the MBR can not be
+# determined safely in general, so this needs to be specified:
+d-i grub-installer/bootdev  string /dev/sda
+# To install to the first device (assuming it is not a USB stick):
+# d-i grub-installer/bootdev  string default
+
+# Alternatively, if you want to install to a location other than the mbr,
+# uncomment and edit these lines:
+# d-i grub-installer/only_debian boolean true
+#d-i grub-installer/with_other_os boolean false
+#d-i grub-installer/bootdev  string (hd0,1)
+# To install grub to multiple disks:
+#d-i grub-installer/bootdev  string (hd0,1) (hd1,1) (hd2,1)
+
+# Optional password for grub, either in clear text
+#d-i grub-installer/password password r00tme
+#d-i grub-installer/password-again password r00tme
+# or encrypted using an MD5 hash, see grub-md5-crypt(8).
+#d-i grub-installer/password-crypted password [MD5 hash]
+
+# Use the following option to add additional boot parameters for the
+# installed system (if supported by the bootloader installer).
+# Note: options passed to the installer will be added automatically.
+#d-i debian-installer/add-kernel-opts string nousb
+
+### Finishing up the installation
+# During installations from serial console, the regular virtual consoles
+# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next
+# line to prevent this.
+#d-i finish-install/keep-consoles boolean true
+
+# Avoid that last message about the install being complete.
+d-i finish-install/reboot_in_progress note
+
+# This will prevent the installer from ejecting the CD during the reboot,
+# which is useful in some situations.
+#d-i cdrom-detect/eject boolean false
+
+# This is how to make the installer shutdown when finished, but not
+# reboot into the installed system.
+#d-i debian-installer/exit/halt boolean true
+# This will power off the machine instead of just halting it.
+d-i debian-installer/exit/poweroff boolean true
+
+### Preseeding other packages
+# Depending on what software you choose to install, or if things go wrong
+# during the installation process, it's possible that other questions may
+# be asked. You can preseed those too, of course. To get a list of every
+# possible question that could be asked during an install, do an
+# installation, and then run these commands:
+#   debconf-get-selections --installer > file
+#   debconf-get-selections >> file
+
+
+#### Advanced options
+### Running custom commands during the installation
+# d-i preseeding is inherently not secure. Nothing in the installer checks
+# for attempts at buffer overflows or other exploits of the values of a
+# preconfiguration file like this one. Only use preconfiguration files from
+# trusted locations! To drive that home, and because it's generally useful,
+# here's a way to run any shell command you'd like inside the installer,
+# automatically.
+
+# This first command is run as early as possible, just after
+# preseeding is read.
+#d-i preseed/early_command string anna-install some-udeb
+# This command is run immediately before the partitioner starts. It may be
+# useful to apply dynamic partitioner preseeding that depends on the state
+# of the disks (which may not be visible when preseed/early_command runs).
+#d-i partman/early_command \
+#       string debconf-set partman-auto/disk "$(list-devices disk | head -n1)"
+# This command is run just before the install finishes, but when there is
+# still a usable /target directory. You can chroot to /target and use it
+# directly, or use the apt-install and in-target commands to easily install
+# packages and run commands in the target system.
+#d-i preseed/late_command string apt-install zsh; in-target chsh -s /bin/zsh
diff --git a/client-build/profiles/wooclient.udebs b/client-build/profiles/wooclient.udebs
new file mode 100644
index 0000000..9fd0035
--- /dev/null
+++ b/client-build/profiles/wooclient.udebs
@@ -0,0 +1,2 @@
+# the udeb needed for simple-cdd
+simple-cdd-profiles
diff --git a/client-build/ssh.cfg b/client-build/ssh.cfg
new file mode 100644
index 0000000..d269483
--- /dev/null
+++ b/client-build/ssh.cfg
@@ -0,0 +1,6 @@
+Host localhost
+   User root
+   Port 2222
+   LogLevel ERROR
+   StrictHostKeyChecking no
+   UserKnownHostsFile=/dev/null