wiki:doc/TorBOX/Dev/Debootstrap
#!/bin/bash
# Save as ~/TorBOX_src/TorBOX-debootstrap
# WTFPL JUNE 2012 Version 0.2.0 NO WARRANTY expressed or implied!
# Homepage: https://trac.torproject.org/projects/tor/wiki/doc/TorBOX

script_help() {
echo \
"
############################################################################
#       ASSUMPTIONS                                                        #
# You need to run the script as root (sudo)                                #
# HOST: Ubuntu                                                             #
# No Loopback devices are currently in use                                 #
# (sudo losetup -a must not return anything)                               #
#                                                                          #
#       CHOOSE ONE OF THE FOLLOWING FLAGS                                  #
# -tg                                                                      #
#  TorBOX-Gateway                                                          #
# -tw                                                                      #
#  TorBOX-Workstation                                                      #
# NOT TESTED AT ALL                                                        # 
############################################################################
"
}

# TODO:
# Grub error on boot up: error: no suitable mode found. (Everything still seems to work but it looks bad, not tested: grub menu on kernel update, system crash/unclean shutdown)
#  - fixed?
#  - - (proper) Screen blacks out fast like always. I do not see any errors.
# Currently, everything is run with root privileges!
#  - "sudo -u \#1000" should be sane on all ubuntu systems.
# How to best run debootstrap build through tor? How to make sure there are no leaks?
#  - Currently only building in a torified VM is considered secure. I hope we can lift that requirement and build directly on a (torified) host.
# Several packages require user input during installation (debconf) (select default values, except for grub, see below)
#  - ubuntuforums.org/showpost.php?p=9961387&postcount=3

######################################################
# Variables
######################################################
RELEASE="precise"

# Get set in -tw/-tg:
# IMAGENAME= 
# IMAGESIZE= 
# LOOPDISK=
# LOOPPART=



root_check() {
######################################################
# Checking script environment
######################################################
# Check if we are root
if [ "$(id -u)" != "0" ]; then
     echo "ERROR: This must be run as root (sudo)!"
     exit 1
else
     echo "INFO: Script running as root."
fi

# TODO: only check for /dev/loop2-5
LOOPBACK_AVAILABLE=`losetup -a`
if [ "$LOOPBACK_AVAILABLE" != "" ]; then
echo "Loopback device(s) occupied!"
echo $LOOPBACK_AVAILABLE
exit 1
fi
}



config_host() {
######################################################
# Prepare the Host
######################################################

# If you use a grsec kernel on the host:
echo "0" > /proc/sys/kernel/grsecurity/chroot_deny_chmod
echo "0" > /proc/sys/kernel/grsecurity/chroot_caps

apt-get install --yes debootstrap kpartx

# change into our source folder, no matter how we are started
SCRIPTPATH="`readlink -f "$0"`"
SCRIPTDIR="`dirname "$SCRIPTPATH"`"
cd "$SCRIPTDIR"

# create build dir and change into it
sudo -u \#1000 mkdir -p ../TorBOX_build
cd ../TorBOX_build

sudo -u \#1000 mkdir -p build_"$IMAGENAME"
cd build_"$IMAGENAME"
}



config_virtualimage() {
######################################################
# configure virtualimage
######################################################
# TODO: Needs error handling. Abort if disk is full or check free
#       space before start.
echo "Creating empty image for "$IMAGENAME", this can take a while."
dd if=/dev/zero of="$IMAGENAME".img bs=20480 count="$IMAGESIZE"

# device node for virtual disk
losetup /dev/$LOOPDISK "$IMAGENAME".img

# Create partition(s)
echo "n
p
1


w" | fdisk /dev/"$LOOPDISK"

# device node for virtual partition
kpartx -av /dev/"$LOOPDISK"
losetup /dev/"$LOOPPART" /dev/mapper/"$LOOPDISK"p1
# losetup /dev/"$LOOPPART2" /dev/mapper/"$LOOPDISK"p2 ?

mkfs.ext4 /dev/"$LOOPPART"
tune2fs /dev/"$LOOPPART" -U 26ada0c0-1165-4098-884d-aafd2220c2c6
}



prepare_chroot() {
######################################################
# prepare_chroot
######################################################
sudo -u \#1000 mkdir -p "$IMAGENAME"_chroot
mount /dev/"$LOOPPART" "$IMAGENAME"_chroot
debootstrap --variant=minbase --arch i386 "$RELEASE" "$IMAGENAME"_chroot http://archive.ubuntu.com/ubuntu/
cd "$IMAGENAME"_chroot

mkdir -p proc/
mount -t proc none proc/

# TODO possibly problematic? It get's overwritten later.
#      (proper) Is it required or can it be omitted?
cp /etc/resolv.conf etc/resolv.conf

# This is default sources.list of Ubuntu 12.04
echo "# 

# deb cdrom:[Ubuntu-Server 12.04 LTS _Precise Pangolin_ - Release i386 (20120424.1)]/ precise main restricted

#deb cdrom:[Ubuntu-Server 12.04 LTS _Precise Pangolin_ - Release i386 (20120424.1)]/ precise main restricted

# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://us.archive.ubuntu.com/ubuntu/ precise main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ precise main restricted

## Major bug fix updates produced after the final release of the
## distribution.
deb http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates main restricted

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ precise universe
deb-src http://us.archive.ubuntu.com/ubuntu/ precise universe
deb http://us.archive.ubuntu.com/ubuntu/ precise-updates universe
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates universe

## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu 
## team, and may not be under a free licence. Please satisfy yourself as to 
## your rights to use the software. Also, please note that software in 
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://us.archive.ubuntu.com/ubuntu/ precise multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise multiverse
deb http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-updates multiverse

## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse
deb-src http://us.archive.ubuntu.com/ubuntu/ precise-backports main restricted universe multiverse

deb http://security.ubuntu.com/ubuntu precise-security main restricted
deb-src http://security.ubuntu.com/ubuntu precise-security main restricted
deb http://security.ubuntu.com/ubuntu precise-security universe
deb-src http://security.ubuntu.com/ubuntu precise-security universe
deb http://security.ubuntu.com/ubuntu precise-security multiverse
deb-src http://security.ubuntu.com/ubuntu precise-security multiverse

## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu precise partner
# deb-src http://archive.canonical.com/ubuntu precise partner

## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://extras.ubuntu.com/ubuntu precise main
# deb-src http://extras.ubuntu.com/ubuntu precise main

"> etc/apt/sources.list

chmod +x "$SCRIPTDIR"/TorBOX-*
chmod +x "$SCRIPTDIR"/torcheck
cp "$SCRIPTDIR"/TorBOX-chroot usr/local/bin
cp "$SCRIPTDIR"/TorBOX-Gateway usr/local/bin
cp "$SCRIPTDIR"/TorBOX-Workstation usr/local/bin
cp "$SCRIPTDIR"/torcheck usr/local/bin

# TODO Is this correct?
echo "127.0.0.1       localhost
127.0.0.1       ubuntu" > etc/hosts
}



config_grub() {
######################################################
# GRUB
######################################################
umount proc/
mount --bind /dev dev/

mkdir -p boot/grub

# thanks goes to http://superuser.com/questions/130955/how-to-install-grub-into-an-img-file
cat > boot/grub/device.map <<EOF
(hd0)   /dev/$LOOPDISK
(hd0,1) /dev/$LOOPPART
EOF

chroot . grub-mkconfig -o /boot/grub/grub.cfg
grub-install --no-floppy --grub-mkdevicemap=boot/grub/device.map --root-directory=. /dev/"$LOOPDISK"
}



unmount_image() {
######################################################
# unmount_image
######################################################
umount dev
cd ../

umount "$IMAGENAME"_chroot

losetup -d /dev/"$LOOPPART"
sleep 5
kpartx -v -d /dev/"$LOOPDISK"
losetup -d /dev/"$LOOPDISK"

rmdir "$IMAGENAME"_chroot
}



################################################################ 
# -tg                                                         #
################################################################ 
if [[ "$1" = "-tg" ]]; then

IMAGENAME="TorBOX-Gateway"
IMAGESIZE="100000"
LOOPDISK="loop2"
LOOPPART="loop3"

root_check
config_host
config_virtualimage
prepare_chroot
chroot . /bin/sh -c "su - -c TorBOX-chroot"
chroot . /bin/sh -c "su - -c 'TorBOX-Gateway -vm'"
config_grub
unmount_image

exit 0
fi



################################################################ 
# -tw                                                         #
################################################################ 
if [[ "$1" = "-tw" ]]; then

IMAGENAME="TorBOX-Workstation"
IMAGESIZE="400000"
LOOPDISK="loop4"
LOOPPART="loop5"

root_check
config_host
config_virtualimage
prepare_chroot
chroot . /bin/sh -c "su - -c TorBOX-chroot"
chroot . /bin/sh -c "su - -c 'TorBOX-Workstation -install'"
config_grub
unmount_image

exit 0
fi



################################################################ 
# help                                                         #
################################################################ 
if [[ "$1" = "-help" ]]; then
script_help
exit 0
fi



################################################################ 
# no option chosen                                             # 
################################################################ 
if [[ "$1" = "" ]]; then 
echo "
INFO: No option chosen.

Please append -help to find out more.
"

exit 0
fi
Last modified 6 years ago Last modified on Jun 27, 2012, 4:05:46 PM