From e6b2d2446f29a1cb3bc5e01164ed264ebd910cf0 Mon Sep 17 00:00:00 2001 From: Neowutran Date: Fri, 24 Jan 2020 11:23:02 +0100 Subject: [PATCH] add archlinux building script --- code/OS-administration/build-archlinux.sh | 71 +++++++++++++++++++++++ code/README.md | 3 +- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 code/OS-administration/build-archlinux.sh diff --git a/code/OS-administration/build-archlinux.sh b/code/OS-administration/build-archlinux.sh new file mode 100644 index 0000000..703954c --- /dev/null +++ b/code/OS-administration/build-archlinux.sh @@ -0,0 +1,71 @@ +#!/bin/bash +BASE="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +directory=$BASE/qubes-builder +sudo rm -Rf "$directory" +sudo dnf install wget make git qubes-gpg-split +git clone "https://github.com/QubesOS/qubes-builder.git" + +key1=$(curl -s https://keys.qubes-os.org/keys/qubes-master-signing-key.asc | sha512sum | cut -d " " -f 1) +key2=$(sha512sum /usr/share/qubes/qubes-master-key.asc | cut -d " " -f 1) + +if [ "$key1" != "$key2" ]; then + echo "CRITICAL SECURITY FAILURE: qubes master signing key is not the same on different source (local and official qubes os website)" >&2 + exit 1 +fi + +gpg --import /usr/share/qubes/qubes-master-key.asc +echo "Check the key, if it is good for you, set the trust to 5 and exit" +echo "fpr" | gpg --edit-key 0x427F11FD0FAA4B080123F01CDDFA1A3E36879494 + +wget https://keys.qubes-os.org/keys/qubes-developers-keys.asc +gpg --import qubes-developers-keys.asc + +commit_data=$(cd "$directory" && git tag -v $(git describe) 2>&1 | grep "gpg: ") +echo "$commit_data" +echo "$commit_data" | tail -n 1 | grep "Good signature from " +success=$? + +if (( $success == 1 )); then + echo "CRITICAL SECURITY FAILURE: last commit from qubes-builder is not signed with an approved gpg key" >&2 + exit 1 +fi + +echo "Does this seems good to you ?" +read trash + +cp $directory/example-configs/qubes-os-r4.0.conf $directory/builder.conf +sed -i 's/DISTS_VM ?=.*/DISTS_VM ?= archlinux+minimal/' $directory/builder.conf +sed -i 's/#COMPONENTS += builder-archlinux/COMPONENTS += builder-archlinux/g' $directory/builder.conf +sed -i 's/#BUILDER_PLUGINS += builder-archlinux/BUILDER_PLUGINS += builder-archlinux/g' $directory/builder.conf + +( cd "$directory" && make get-sources ) +( cd "$directory" && make install-deps ) + +# If you need to use some custom version, you can do a copy and replace like the +# line below +# cp -R ~/qubes-gui-agent-linux "$directory/qubes-src/gui-agent-linux" +# This is really usefull when the template building fail and that you are trying +# fixes to make it work +rm -Rf "$directory/qubes-src/gui-agent-linux/" +cp -R ~/qubes-gui-agent-linux "$directory/qubes-src/gui-agent-linux" + +cd "$directory" +make qubes-vm +make template + +# At this point, the packages and the template have been build and are ready to +be used. +# The code below will sign everything with your GPG key then copy the result to another VM +# The goal is to create a archlinux repository, to update the +# qubes specific packages using "pacman -Syu". +# My personal webserver hosting the package I compile is here: https://neowutran.ovh/qubes/vm-archlinux/ + +echo "Read to type your password ? " +read trash + +$directory/qubes-src/builder-archlinux/update-remote-repo.sh +rpmfile=$(ls -1 $directory/qubes-src/linux-template-builder/rpm/noarch/*.rpm | head -n 1) +qubes-gpg-client-wrapper --detach-sign $rpmfile > $rpmfile.sig +qvm-copy $rpmfile +qvm-copy $rpmfile.sig +qvm-copy $directory/qubes-packages-mirror-repo/vm-archlinux/pkgs/ diff --git a/code/README.md b/code/README.md index db23e18..0eeeb38 100644 --- a/code/README.md +++ b/code/README.md @@ -6,7 +6,8 @@ - R4-universal-update-script.sh: bash script to automate VM updates - ![](/_res/l.png) [findpref](https://github.com/tasket/Qubes-scripts/blob/master/findpref): find all VMs that match a pref value and optionally set new values for them ([readme](https://github.com/tasket/Qubes-scripts#findpref)) - ![](/_res/l.png) [qvm-portfwd-iptables](https://gist.github.com/Joeviocoe/6c4dc0c283f6d6c5b1a3f5af8793292b): port forwarding to allow external connections, see usage notes at bottom -- ![](/_res/l.png) [mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh): mount lvm image to a newly created disp VM +- ![](/_res/l.png) [mount_lvm_image.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/mount_lvm_image.sh): mount lvm image to a newly created DisposableVM +- ![](/_res/l.png) [build-archlinux.sh](https://github.com/Qubes-Community/Contents/blob/master/code/OS-administration/build-archlinux.sh): build the archlinux template **`monitoring`** - ls-qubes.sh: outputs the nb. of running qubes + total memory used; the output can be fed into a panel text applet (see comments in the script).