diff options
14 files changed, 57 insertions, 135 deletions
@@ -1,124 +1,21 @@ # -# Sample kvmx file - https://kvmx.fluxo.info +# Trashman kvmx file - https://kvmx.fluxo.info # # Which base box you should use. Leave unconfigured to use kvmx-create instead. basebox="dev" -# First user name -user="user" - -# First user password -password="`head -c 20 /dev/urandom | base64`" - # Set this is you want to be able to share a single folder between host and guest. shared_folder="." -#shared_folder_mountpoint="/home/$user/code/$VM" shared_folder_mountpoint="/srv/kvmx" -#shared_folder_mountpoint="/vagrant" - -# Set this is you want to be able to share multiple folders between host and guest. -# Format: <id1>:<host-folder1>:<guest-mountpoint1>,<id2>:<host-folder2>:<guest-mountpoint2>[,...] -#shared_folders="shared1:.:/home/$user/code/$VM,shared2:$HOME/.local/share/app:/home/$user/.local/share/app" - -# Folder to sync during provisioning in the format "/host/folder /guest/folder". -#provision_rsync="$KVMX_BASE/share/provision/ /usr/local/share/kvmx/provision/" -#provision_rsync="puppet/ /etc/puppet/" - -# Options for provision_rsync -#provision_rsync_opts="--exclude=somefolder" # Absolute path for a provision script located inside the guest. -#provision_command="/usr/local/share/kvmx/provision/debian/development && /etc/puppet/bin/provision && /etc/puppet/bin/deploy" -#provision_command="/usr/local/share/kvmx/provision/debian/development && /etc/puppet/bin/deploy" -#provision_command="/usr/local/share/kvmx/provision/debian/development && /home/$user/code/$VM/bin/custom-provisioner" provision_command="/usr/local/share/kvmx/provision/debian/development" -#provision_command="/usr/local/share/kvmx/provision/debian/desktop-basic" - -# Graphics -# See https://wiki.archlinux.org/index.php/QEMU#Graphics -#graphics="-vga std -nographic -vnc :$GUEST_DISPLAY" -graphics="-vga qxl" - -# VNC Client -#vnc_client="xtightvncviewer" -#vnc_client="xvnc4viewer" -#vnc_client="xvncviewer" -vnc_client="virt-viewer" - -# Set this if you want to attach an spice client when the machine boots. -run_spice_client="0" - -# SPICE client -spice_client="spicec" - -# Set this if you want to start an xpra session when the machine boots. -run_xpra="0" - -# Set this if you want to start an xephyr session when the machine boots. -run_xephyr="0" - -# Set screen resolution -#resolution="1280x785" - -# Set additional hostfwd mappings -#port_mapping="hostfwd=tcp:127.0.0.1:8080-:80,hostfwd=tcp:127.0.0.1:8443-:443" - -# Where the guest image is stored -#image="$HOME/.local/share/kvmx/$VM/box.img" - -# Image size -size="10G" - -# Image format: raw or qcow2 -format="qcow2" - -# Image compression (qcow2 only) -qcow2_compression="1" # Memory memory="512" -# Bootstrap method: custom or vmdeboostrap -method="custom" - -# Hostname -hostname="trashman" - -# Domain -domain="example.org" - -# System arch -arch="amd64" - -# Box distribution when bootstraping a new image -version="stretch" - -# Debian mirror -mirror="http://http.debian.net/debian/" - # Enables remote administration using SSH. With this configuration enabled, # kvmx will be able to administer a running virtual machine using SSH access # inside the virtual machine. ssh_support="y" - -# Use a custom, per-virtual-machine generated SSH keypair. If you disable this -# configuration but still want guest administration using SSH, the default -# insecure keypair will be used. -# -# Please note that this setting won't take effect if you're using a basebox. -# In that case the basebox keypair will be used if it exists, otherwise kvmx -# fallsback to the default insecure keypair. -# -# This setting is used during virtual machine bootstrapping by kvmx-create. -ssh_custom="y" - -# Bootloader (used only during bootstrapping by kvmx-create). -bootloader="grub" - -# Drive interface -# Needed by some systems like NetBSD and FreeBSD -#drive_interface="ide" - -# See http://www.reactos.org/wiki/QEMU#Setting_up_network -#nic_model="ne2k_pci" diff --git a/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha1 b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha1 new file mode 100644 index 0000000..2755155 --- /dev/null +++ b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha1 @@ -0,0 +1 @@ +17c3617110ccf25a718ba7dff51fbd850e08d32a IRPF2024Linux-x86_64v1.1.0.1.sh.bin diff --git a/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha256 b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha256 new file mode 100644 index 0000000..dd13c9d --- /dev/null +++ b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha256 @@ -0,0 +1 @@ +5e7363cbdf29971a0f8a8c41e5ac307d48f255642840e86d11026cab5aa1aa6b IRPF2024Linux-x86_64v1.1.0.1.sh.bin diff --git a/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha512 b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha512 new file mode 100644 index 0000000..e52495e --- /dev/null +++ b/share/hoarder/irpf/unix/linux/hashes/IRPF2024Linux-x86_64v1.1.0.1.sh.bin.sha512 @@ -0,0 +1 @@ +c3a1fe45112b6c84dff5b5afba19b3f9e0caed003b8ec9c2028bc53b5cd8146f64d430a9b5931e1bb8f66b2e076b34d7b1244d25c7be41d2987461485ade1d45 IRPF2024Linux-x86_64v1.1.0.1.sh.bin diff --git a/share/hoarder/irpf/unix/linux/install b/share/hoarder/irpf/unix/linux/install index 513f36b..5a5957f 100755 --- a/share/hoarder/irpf/unix/linux/install +++ b/share/hoarder/irpf/unix/linux/install @@ -16,8 +16,8 @@ LIB="$2" CWD="`pwd`" WORK="`mktemp -d`" -YEAR="2023" -VERSION="1.1" +YEAR="2024" +VERSION="1.1.0.1" FILE="IRPF${YEAR}Linux-x86_64v${VERSION}.sh.bin" # Download diff --git a/share/trashman/brave-browser/unix/linux/debian/install b/share/trashman/brave-browser/unix/linux/debian/install index c9fc290..2b9d2f9 100755 --- a/share/trashman/brave-browser/unix/linux/debian/install +++ b/share/trashman/brave-browser/unix/linux/debian/install @@ -6,7 +6,7 @@ # Parameters SHARE="$1" LIB="$2" -REQUIREMENTS="curl apt-transport-https" +REQUIREMENTS="curl" # Include basic functions . $LIB/trashman/functions || exit 1 diff --git a/share/trashman/docker/unix/linux/debian/install b/share/trashman/docker/unix/linux/debian/install index c82e136..94242a4 100755 --- a/share/trashman/docker/unix/linux/debian/install +++ b/share/trashman/docker/unix/linux/debian/install @@ -16,7 +16,7 @@ ARCH="`trashman_debian_arch`" RELEASE="`trashman_distro_release`" # Install requirements -apt-get update && trashman_apt_install curl apt-transport-https +apt-get update && trashman_apt_install curl # Install pubkey #trashman_install_apt_key $SHARE/docker/unix/linux/$DISTRO/pubkey.gpg docker.gpg diff --git a/share/trashman/php7/unix/linux/debian/install b/share/trashman/php7/unix/linux/debian/install index 489d38c..7d4168a 100755 --- a/share/trashman/php7/unix/linux/debian/install +++ b/share/trashman/php7/unix/linux/debian/install @@ -11,7 +11,7 @@ VERSION="7.3" . $SHARE/trashman/functions || exit 1 # Requirements -trashman_require wget lsb-release apt-transport-https ca-certificates +trashman_require wget lsb-release ca-certificates # Install #wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg diff --git a/share/trashman/signal-desktop/unix/linux/debian/install b/share/trashman/signal-desktop/unix/linux/debian/install index aa291f6..29744e9 100755 --- a/share/trashman/signal-desktop/unix/linux/debian/install +++ b/share/trashman/signal-desktop/unix/linux/debian/install @@ -11,7 +11,7 @@ SHARE="$1" . $SHARE/trashman/debian || exit 1 # Install requirements -trashman_apt_install curl apt-transport-https +trashman_apt_install curl # Setup Signal repository #curl -s https://updates.signal.org/desktop/apt/keys.asc | apt-key add - diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables index 2cc227b..e007337 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/etc/network/if-pre-up.d/iptables @@ -26,16 +26,16 @@ $IPTABLES -F OUTPUT || exit $IPTABLES -t nat -F || exit # Transproxy rules for Tor -$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit +$IPTABLES -t nat -A OUTPUT ! -d 127.0.0.1 -m owner ! --uid-owner $TOR_UID -p tcp -j REDIRECT --to-ports 9040 || exit $IPTABLES -t nat -A OUTPUT -p udp -m owner ! --uid-owner $TOR_UID -m udp --dport 53 -j REDIRECT --to-ports 5353 || exit # Allow Tor, _apt, root and the network user -$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit -$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit -$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit -$IPTABLES -A OUTPUT -j DROP || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $TOR_UID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner $NETWORK_USER_ID -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner root -j ACCEPT || exit +$IPTABLES -A OUTPUT -m owner --uid-owner _apt -j ACCEPT || exit +$IPTABLES -A INPUT -j LOG --log-prefix "OUTPUT DROPPED: " --log-uid || exit +$IPTABLES -A OUTPUT ! -d 127.0.0.1 -j DROP || exit # Allow SSH $IPTABLES -A INPUT -p tcp --dport ssh -j ACCEPT || exit diff --git a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js index f8d9c0d..027e908 100644 --- a/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js +++ b/share/trashman/tor-transproxy/unix/linux/debian/files/tbb/user.js @@ -1,7 +1,7 @@ // Preferences for system-installed Tor Browser // Needs either // -// * Setting TOR_CONTROL_PASSWORD at ~/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +// * Setting TOR_CONTROL_PASSWORD at $TOR_BROWSER_PATH/start-tor-browser // * Passing TOR_CONTROL_PASSWORD to start-tor-browser via the command line // // See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ diff --git a/share/trashman/tor-transproxy/unix/linux/debian/install b/share/trashman/tor-transproxy/unix/linux/debian/install index 9508091..0a4b377 100755 --- a/share/trashman/tor-transproxy/unix/linux/debian/install +++ b/share/trashman/tor-transproxy/unix/linux/debian/install @@ -6,6 +6,9 @@ # Parameters SHARE="$1" +# Additional parameters +ARCH="`uname -m`" + # Include basic functions . $SHARE/trashman/functions || exit 1 . $SHARE/trashman/debian || exit 1 @@ -25,11 +28,11 @@ echo "nameserver 127.0.0.1" | tee /etc/resolv.conf > /dev/null # Ensure only the local DNS resolver is used (Tor) # Some systems need this additional configuration so the DNS returned by the # DHCP server is NOT used -#cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null -#allow-hotplug ens3 -#iface ens3 inet dhcp -# post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf -#EOF +cat <<EOF | sudo tee /etc/network/interfaces.d/ens3 > /dev/null +allow-hotplug ens3 +iface ens3 inet dhcp + post-up echo "nameserver 127.0.0.1" > /etc/resolv.conf +EOF # Tor config cp $SHARE/tor-transproxy/unix/linux/debian/files/etc/tor/torrc /etc/tor/torrc @@ -38,11 +41,18 @@ service tor restart # Tor Browser config to use the system-installed tor daemon # Use this to configure your regular user account # See https://trac.torproject.org/projects/tor/wiki/TorBrowserBundleSAQ -#if [ -e "$HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser" ]; then +# +# Tor Browser path depends on wheter it's installed using hoarder or using +# torbrowser-launcher from https://github.com/micahflee/torbrowser-launcher +# (also at https://tracker.debian.org/torbrowser-launcher). +# +#TOR_BROWSER_PATH="$HOME/.local/share/torbrowser/tbb/$ARCH/tor-browser_en-US/Browser" +#TOR_BROWSER_PATH="$HOME/.local/share/tor-browser/$ARCH/latest/Browser" +#if [ -e "$TOR_BROWSER_PATH" ]; then # # Force about:config preferences -# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/profile.default/user.js +# cp $SHARE/tor-transproxy/unix/linux/debian/files/tbb/user.js $TOR_BROWSER_PATH/TorBrowser/Data/Browser/profile.default/user.js # # # Hard code control port password into the start-tor-browser script # sed -i -e "s/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"secret\"'/setControlPortPasswd \${TOR_CONTROL_PASSWD:='\"\"'}/" \ -# $HOME/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/start-tor-browser +# $TOR_BROWSER_PATH/start-tor-browser #fi diff --git a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg Binary files differindex 7614b20..738ef5d 100644 --- a/share/trashman/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg +++ b/share/trashman/tor/unix/linux/debian/files/usr/share/keyrings/deb.torproject.org-keyring.gpg diff --git a/share/trashman/tor/unix/linux/debian/install b/share/trashman/tor/unix/linux/debian/install index 6676c8d..597551c 100755 --- a/share/trashman/tor/unix/linux/debian/install +++ b/share/trashman/tor/unix/linux/debian/install @@ -6,7 +6,8 @@ # Parameters SHARE="$1" LIB="$2" -REQUIREMENTS="apt-transport-https wget gnupg" +REQUIREMENTS="wget gnupg" +KEYRING="/usr/share/keyrings/deb.torproject.org-keyring.gpg" # Include basic functions . $LIB/trashman/functions || exit 1 @@ -19,16 +20,27 @@ trashman_apt_install $REQUIREMENTS DISTRIBUTION="`trashman_debian_major_version_name`" cat <<-EOF > /etc/apt/sources.list.d/tor.list - deb [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main - deb-src [signed-by=/etc/apt/trusted.gpg.d/torproject.org.gpg] https://deb.torproject.org/torproject.org $DISTRIBUTION main +deb [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main +deb-src [signed-by=${KEYRING}] https://deb.torproject.org/torproject.org $DISTRIBUTION main EOF -# Remove key from old location +# Remove key from old locations rm -f /usr/share/keyrings/tor-archive-keyring.gpg - -#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | tee /usr/share/keyrings/tor-archive-keyring.gpg >/dev/null -cp $SHARE/tor/unix/linux/debian/files/etc/apt/trusted.gpg.d/torproject.org.gpg /etc/apt/trusted.gpg.d/ - -apt update && apt install -y tor deb.torproject.org-keyring +rm -f /etc/apt/trusted.gpg.d/torproject.org.gpg + +# Install keyring only if it does not already exists +# Details at https://support.torproject.org/apt/tor-deb-repo/ +#wget -O- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | \ +# gpg --dearmor | tee /usr/share/keyrings/deb.torproject.org-keyring.gpg > /dev/null +if [ ! -e "${KEYRING}" ]; then + cp $SHARE/tor/unix/linux/debian/files/${KEYRING} ${KEYRING} +fi + +# Now that we have the config and the keyring, leave it to be managed by +# deb.torproject.org-keyring package. +# +# Do an upgrade first to make sure we have the latest keyring package +# installed if that's not the first time this script is running. +apt update && apt upgrade -y && apt install -y tor deb.torproject.org-keyring #rm -rf /var/lib/apt/lists/* |