Git-Mirrors/haveno
1
0
Fork 0
mirror of https://github.com/haveno-dex/haveno.git synced 2024-10-01 01:35:48 -04:00
Code Issues Packages Projects Releases Wiki Activity

update installation process for tails

Browse Source 
Co-authored-by: anonymous
This commit is contained in:
woodser 2024-09-07 17:57:22 -04:00
parent e4f0277326
commit 33c9f8881b
7 changed files with 320 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
scripts/install_tails/README.md
View File

@ -1,11 +1,19 @@
# Steps to use (This has serious security concerns to tails threat model only run when you need to access haveno)
# Install Haveno on Tails
## 1. Enable persistent storage and admin password before starting tails
Install Haveno on Tails by following these steps:
## 2. Get your haveno deb file in persistent storage (amd64 version for tails)
## 3. Edit the path to the haveno deb file if necessary then run ```sudo ./haveno-install.sh```
## 4. As amnesia run ```source ~/.bashrc```
## 5. Start haveno using ```haveno-tails```
## You will need to run this script after each reset, but your data will be saved persistently in /home/amnesia/Persistence/Haveno
1. Enable persistent storage dotfiles and admin password before starting tails.
2. Download [haveno-install.sh](haveno-install.sh).
3. Execute installation script:
```
bash haveno-install.sh "<REPLACE_WITH_BINARY_ZIP_URL>" "<REPLACE_WITH_PGP_FINGERPRINT>"
```
For example:
```
bash haveno-install.sh "https://github.com/havenoexample/haveno-example/releases/download/v1.0.11/haveno_amd64_deb-latest.zip" "FAA2 4D87 8B8D 36C9 0120 A897 CA02 DAC1 2DAE 2D0F"
```
4. Upon successful execution of the script (no errors), the Haveno release will be installed to persistent storage and can be launched via the desktop shortcut in the 'Other' section of the start menu.

52
scripts/install_tails/assets/exec.sh Normal file
View File

@ -0,0 +1,52 @@
#!/bin/bash
# This script serves as the execution entry point for the Haveno application from a desktop menu icon,
# specifically tailored for use in the Tails OS. It is intended to be linked as the 'Exec' command
# in a .desktop file, enabling users to start Haveno directly from the desktop interface.
#
# FUNCTIONAL OVERVIEW:
# - Automatic installation and configuration of Haveno if not already set up.
# - Linking Haveno data directories to persistent storage to preserve user data across sessions.
#
# NOTE:
# This script assumes that Haveno's related utility scripts and files are correctly placed and accessible
# in the specified directories.
# Function to print messages in blue
echo_blue() {
if [ -t 1 ]; then
# If File descriptor 1 (stdout) is open and refers to a terminal
echo -e "\033[1;34m$1\033[0m"
else
# If stdout is not a terminal, send a desktop notification
notify-send -i "/home/amnesia/Persistent/haveno/App/utils/icon.png" "Starting Haveno" "$1"
fi
}
# Function to print error messages in red
echo_red() {
if [ -t 1 ]; then
# If File descriptor 1 (stdout) is open and refers to a terminal
echo -e "\033[0;31m$1\033[0m"
else
# If stdout is not a terminal, send a desktop notification
notify-send -u critical -i "error" "Staring Haveno" "$1\nExiting..."
fi
}
# Define file locations
persistence_dir="/home/amnesia/Persistent"
data_dir="${persistence_dir}/haveno/Data"
# Check if Haveno is already installed and configured
if [ ! -f "/opt/haveno/bin/Haveno" ] || [ ! -f "/etc/onion-grater.d/haveno.yml" ]; then
echo_blue "Installing Haveno and configuring system..."
pkexec "${persistence_dir}/haveno/App/utils/install.sh"
# Redirect user data to Tails Persistent Storage
ln -s $data_dir /home/amnesia/.local/share/Haveno
else
echo_blue "Haveno is already installed and configured."
fi
echo_blue "Starting Haveno..."
/opt/haveno/bin/Haveno --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth --userDataDir=${data_dir} --useTorForXmr=on --socks5ProxyXmrAddress=127.0.0.1:9050

9
scripts/install_tails/assets/haveno.desktop Normal file
View File

@ -0,0 +1,9 @@
[Desktop Entry]
Name=Haveno
Comment=A decentralized monero exchange network.
Exec=/home/amnesia/Persistent/haveno/App/utils/exec.sh
Icon=/home/amnesia/Persistent/haveno/App/utils/icon.png
Terminal=false
Type=Application
Categories=Other
MimeType=

56
scripts/install_tails/assets/haveno.yml Normal file
View File

@ -0,0 +1,56 @@
---
- apparmor-profiles:
- '/opt/haveno/bin/Haveno'
users:
- 'amnesia'
commands:
AUTHCHALLENGE:
- 'SAFECOOKIE .*'
SETEVENTS:
- 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
GETINFO:
- pattern: 'status/bootstrap-phase'
response:
- pattern: '250-status/bootstrap-phase=*'
replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
- 'net/listeners/socks'
ADD_ONION:
- pattern: 'NEW:(\S+) Port=9999,(\S+)'
replacement: 'NEW:{} Port=9999,{client-address}:{}'
- pattern: '(\S+):(\S+) Port=9999,(\S+)'
replacement: '{}:{} Port=9999,{client-address}:{}'
DEL_ONION:
- '.+'
HSFETCH:
- '.+'
events:
CIRC:
suppress: true
ORCONN:
suppress: true
INFO:
suppress: true
NOTICE:
suppress: true
WARN:
suppress: true
ERR:
suppress: true
HS_DESC:
response:
- pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
- pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
- pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+'
replacement: '650 HS_DESC UPLOADED {} {} redacted'
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH'
replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
- pattern: '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
- pattern: '.*'
replacement: ''
HS_DESC_CONTENT:
suppress: true

BIN
scripts/install_tails/assets/icon.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

69
scripts/install_tails/assets/install.sh Normal file
View File

@ -0,0 +1,69 @@
#!/bin/bash
# This script automates the installation and configuration of Haveno on a Tails OS system,
#
# FUNCTIONAL OVERVIEW:
# - Verification of the Haveno installer's presence.
# - Installation of the Haveno application with dpkg.
# - Removal of automatically created desktop icons to clean up after installation.
# - Deployment of Tor configuration for Haveno.
# - Restart of the onion-grater service to apply new configurations.
#
# The script requires administrative privileges to perform system modifications.
# Function to print messages in blue
echo_blue() {
if [ -t 1 ]; then
# If File descriptor 1 (stdout) is open and refers to a terminal
echo -e "\033[1;34m$1\033[0m"
else
# If stdout is not a terminal, send a desktop notification
notify-send -i "/home/amnesia/Persistent/haveno/App/utils/icon.png" "Starting Haveno" "$1"
fi
}
# Function to print error messages in red
echo_red() {
if [ -t 1 ]; then
# If File descriptor 1 (stdout) is open and refers to a terminal
echo -e "\033[0;31m$1\033[0m"
else
# If stdout is not a terminal, send a desktop notification
notify-send -u critical -i "error" "Staring Haveno" "$1\nExiting..."
fi
}
# Define version and file locations
VERSION="1.9.17"
persistence_dir="/home/amnesia/Persistent"
haveno_installer="${persistence_dir}/haveno/haveno.deb"
# Check if the Haveno installer exists
if [ ! -f "${haveno_installer}" ]; then
echo_red "Haveno installer not found at ${haveno_installer}."
exit 1
fi
# Install Haveno
echo_blue "Installing Haveno..."
dpkg -i "${haveno_installer}" || { echo_red "Failed to install Haveno."; exit 1; }
# Remove installed desktop menu icon
rm -f /usr/share/applications/haveno-Haveno.desktop
# Change access rights for Tor control cookie
echo_blue "Changing access rights for Tor control cookie..."
chmod o+r /var/run/tor/control.authcookie || { echo_red "Failed to change access rights for Tor control cookie."; exit 1; }
# Assume haveno.yml is in the same directory as the script
HAVENO_CONFIG_FILE="$(dirname "$0")/haveno.yml"
# Copy haveno.yml configuration file
echo_blue "Copying Tor onion-grater configuration to /etc/onion-grater.d/..."
cp "${HAVENO_CONFIG_FILE}" /etc/onion-grater.d/haveno.yml || { echo_red "Failed to copy haveno.yml."; exit 1; }
# Restart onion-grater service
echo_blue "Restarting onion-grater service..."
systemctl restart onion-grater.service || { echo_red "Failed to restart onion-grater service."; exit 1; }
echo_blue "Haveno installation and configuration complete."

189
scripts/install_tails/haveno-install.sh
View File

@ -1,77 +1,122 @@
#!/bin/bash
#############################################################################
# Written by BrandyJson, with heavy inspiration from bisq.wiki tails script #
#############################################################################
echo "Installing dpkg from persistent, (1.07-1, if this is out of date change the deb path in the script or manually install after running"
dpkg -i "/home/amnesia/Persistent/haveno_1.0.7-1_amd64.deb"
echo -e "Allowing amnesia to read tor control port cookie, only run this script when you actually want to use haveno\n\n!!! not secure !!!\n"
chmod o+r /var/run/tor/control.authcookie
echo "Updating apparmor-profile"
echo "---
- apparmor-profiles:
- '/opt/haveno/bin/Haveno'
users:
- 'amnesia'
commands:
AUTHCHALLENGE:
- 'SAFECOOKIE .*'
SETEVENTS:
- 'CIRC ORCONN INFO NOTICE WARN ERR HS_DESC HS_DESC_CONTENT'
GETINFO:
- pattern: 'status/bootstrap-phase'
response:
- pattern: '250-status/bootstrap-phase=*'
replacement: '250-status/bootstrap-phase=NOTICE BOOTSTRAP PROGRESS=100 TAG=done SUMMARY="Done"'
- 'net/listeners/socks'
ADD_ONION:
- pattern: 'NEW:(\S+) Port=9999,(\S+)'
replacement: 'NEW:{} Port=9999,{client-address}:{}'
- pattern: '(\S+):(\S+) Port=9999,(\S+)'
replacement: '{}:{} Port=9999,{client-address}:{}'
DEL_ONION:
- '.+'
HSFETCH:
- '.+'
events:
CIRC:
suppress: true
ORCONN:
suppress: true
INFO:
suppress: true
NOTICE:
suppress: true
WARN:
suppress: true
ERR:
suppress: true
HS_DESC:
response:
- pattern: '650 HS_DESC CREATED (\S+) (\S+) (\S+) \S+ (.+)'
replacement: '650 HS_DESC CREATED {} {} {} redacted {}'
- pattern: '650 HS_DESC UPLOAD (\S+) (\S+) .*'
replacement: '650 HS_DESC UPLOAD {} {} redacted redacted'
- pattern: '650 HS_DESC UPLOADED (\S+) (\S+) .+'
replacement: '650 HS_DESC UPLOADED {} {} redacted'
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH'
replacement: '650 HS_DESC REQUESTED {} NO_AUTH'
- pattern: '650 HS_DESC REQUESTED (\S+) NO_AUTH \S+ \S+'
replacement: '650 HS_DESC REQUESTED {} NO_AUTH redacted redacted'
- pattern: '650 HS_DESC RECEIVED (\S+) NO_AUTH \S+ \S+'
replacement: '650 HS_DESC RECEIVED {} NO_AUTH redacted redacted'
- pattern: '.*'
replacement: ''
HS_DESC_CONTENT:
suppress: true" > /etc/onion-grater.d/haveno.yml
echo "Adding rule to iptables to allow for monero-wallet-rpc to work"
iptables -I OUTPUT 2 -p tcp -d 127.0.0.1 -m tcp --dport 18081 -m owner --uid-owner 1855 -j ACCEPT
echo "Updating torsocks to allow for inbound connection"
sed -i 's/#AllowInbound/AllowInbound/g' /etc/tor/torsocks.conf
# This script facilitates the setup and installation of the Haveno application on Tails OS.
#
# FUNCTIONAL OVERVIEW:
# - Creating necessary persistent directories and copying utility files.
# - Downloading Haveno binary, signature file, and GPG key for verification.
# - Importing and verifying the GPG key to ensure the authenticity of the download.
# - Setting up desktop icons in both local and persistent directories.
echo "Restarting onion-grater service"
# Function to print messages in blue
echo_blue() {
echo -e "\033[1;34m$1\033[0m"
}
systemctl restart onion-grater.service
# Function to print error messages in red
echo_red() {
echo -e "\033[0;31m$1\033[0m"
}
echo "alias haveno-tails='torsocks /opt/haveno/bin/Haveno --torControlPort 951 --torControlCookieFile=/var/run/tor/control.authcookie --torControlUseSafeCookieAuth --useTorForXmr=ON --userDataDir=/home/amnesia/Persistent/'" >> /home/amnesia/.bashrc
echo -e "Everything is set up just run\n\nsource ~/.bashrc\n\nThen you can start haveno using haveno-tails"
# Define version and file locations
user_url=$1
base_url=$(printf ${user_url} | awk -F'/' -v OFS='/' '{$NF=""}1')
expected_fingerprint=$2
binary_filename=$(awk -F'/' '{ print $NF }' <<< "$user_url")
package_filename="haveno.deb"
signature_filename="${binary_filename}.sig"
key_filename="$(printf "$expected_fingerprint" | tr -d ' ' | sed -E 's/.*(................)/\1/' )".asc
persistence_dir="/home/amnesia/Persistent"
dotfiles_dir="/live/persistence/TailsData_unlocked/dotfiles"
persistent_desktop_dir="$dotfiles_dir/.local/share/applications"
local_desktop_dir="/home/amnesia/.local/share/applications"
assets_dir=/tmp/assets
# Remove stale resources
rm -rf ${assets_dir}
# Install dependencies
echo_blue "Installing dependencies ..."
sudo apt update && sudo apt install -y curl unzip
# Create temp location for downloads
echo_blue "Creating temporary directory for Haveno resources ..."
mkdir ${assets_dir} || { echo_red "Failed to create directory /tmp/assets"; exit 1; }
# Download resources
echo_blue "Downloading resources for Haveno on Tails ..."
curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/exec.sh https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/exec.sh || { echo_red "Failed to download resource (exec.sh)."; exit 1; }
curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/install.sh https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/install.sh || { echo_red "Failed to download resource (install.sh)."; exit 1; }
curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/haveno.desktop https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/haveno.desktop || { echo_red "Failed to resource (haveno.desktop)."; exit 1; }
curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/icon.png https://raw.githubusercontent.com/haveno-dex/haveno/master/scripts/install_tails/assets/icon.png || { echo_red "Failed to download resource (icon.png)."; exit 1; }
curl --retry 10 --retry-delay 5 -fsSLo /tmp/assets/haveno.yml https://github.com/haveno-dex/haveno/raw/master/scripts/install_tails/assets/haveno.yml || { echo_red "Failed to download resource (haveno.yml)."; exit 1; }
echo_blue "Creating persistent directory for Haveno ..."
mkdir -p ${persistence_dir}/haveno/App || { echo_red "Failed to create directory $persistence_dir/haveno/App"; exit 1; }
# Copy utility files to persistent storage and make scripts executable
echo_blue "Copying haveno utility files to persistent storage ..."
rsync -av $assets_dir/ $persistence_dir/haveno/App/utils/ || { echo_red "Failed to rsync files to $persistence_dir/haveno/App/utils"; exit 1; }
find $persistence_dir/haveno/App/utils -type f -name "*.sh" -exec chmod +x {} \; || { echo_red "Failed to make scripts executable"; exit 1; }
echo_blue "Creating desktop menu icon ..."
# Create desktop directories
mkdir -p "${local_desktop_dir}"
mkdir -p "$persistent_desktop_dir"
# Copy .desktop file to persistent directory
cp "$assets_dir/haveno.desktop" "$persistent_desktop_dir" || { echo_red "Failed to copy .desktop file to persistent directory $persistent_desktop_dir"; exit 1; }
# Create a symbolic link to it in the local .desktop directory, if it doesn't exist
if [ ! -L "$local_desktop_dir/haveno.desktop" ]; then
ln -s "$persistent_desktop_dir/haveno.desktop" "$local_desktop_dir/haveno.desktop" || { echo_red "Failed to create symbolic link for .desktop file"; exit 1; }
fi
# Download Haveno binary
echo_blue "Downloading Haveno from URL provided ..."
curl --retry 10 --retry-delay 5 -L -o "${binary_filename}" "${user_url}" || { echo_red "Failed to download Haveno binary."; exit 1; }
# Download Haveno signature file
echo_blue "Downloading Haveno signature ..."
curl --retry 10 --retry-delay 5 -L -o "${signature_filename}" "${base_url}""${signature_filename}" || { echo_red "Failed to download Haveno signature."; exit 1; }
# Download the GPG key
echo_blue "Downloading signing GPG key ..."
curl --retry 10 --retry-delay 5 -L -o "${key_filename}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$(echo "$expected_fingerprint" | tr -d ' ')" || { echo_red "Failed to download GPG key."; exit 1; }
# Import the GPG key
echo_blue "Importing the GPG key ..."
gpg --import "${key_filename}" || { echo_red "Failed to import GPG key."; exit 1; }
# Extract imported fingerprints
imported_fingerprints=$(gpg --with-colons --fingerprint | grep -A 1 'pub' | grep 'fpr' | cut -d: -f10 | tr -d '\n')
# Remove spaces from the expected fingerprint for comparison
formatted_expected_fingerprint=$(echo "$expected_fingerprint" | tr -d ' ')
# Check if the expected fingerprint is in the list of imported fingerprints
if [[ ! "$imported_fingerprints" =~ $formatted_expected_fingerprint ]]; then
echo_red "The imported GPG key fingerprint does not match the expected fingerprint."
exit 1
fi
# Verify the downloaded binary with the signature
echo_blue "Verifying the signature of the downloaded file ..."
OUTPUT=$(gpg --digest-algo SHA256 --verify "${signature_filename}" "${binary_filename}" 2>&1)
if ! echo "$OUTPUT" | grep -q "Good signature from"; then
echo_red "Verification failed: $OUTPUT"
exit 1;
else unzip "${binary_filename}" && mv haveno*.deb "${package_filename}"
fi
echo_blue "Haveno binaries have been successfully verified."
# Move the binary and its signature to the persistent directory
mkdir -p "${persistence_dir}/haveno"
# Delete old Haveno binaries
rm -f "${persistence_dir}/haveno/"*.deb*
mv "${binary_filename}" "${package_filename}" "${key_filename}" "${signature_filename}" "${persistence_dir}/haveno/"
echo_blue "Files moved to persistent directory ${persistence_dir}/haveno/"
echo_blue "Haveno installation setup completed successfully."