Git-Mirrors/haveno
1
0
Fork 0
mirror of https://github.com/haveno-dex/haveno.git synced 2025-10-31 03:19:09 -04:00
Code Issues Projects Releases Packages Wiki Activity

initiale

Browse source
This commit is contained in:
PromptPunksFauxCough 2025-03-02 20:18:34 +00:00 committed by GitHub
parent 31b0edca22
commit b705c69aa5
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
9 changed files with 1105 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

414
docs/external-tor-usage.md Normal file
View file

@ -0,0 +1,414 @@
# **Using External `tor` with `Haveno`**
## *[How to install little-t-`tor`?](https://support.torproject.org/little-t-tor/#little-t-tor_install-little-t-tor)*
The following `tor` installation instructions have are presented here for convenience.
* **For the most complete, up-to-date & authoritative steps, readers are encouraged to refer the [Tor Project's Official Homepage](https://www.torproject.org) linked in the header**
* **Notes:**
For optimum compatibility with `Haveno` the running `tor` version should match that of the internal `Haveno` `tor` version
For best results, use a version of `tor` which supports the [Onion Service Proof of Work](https://onionservices.torproject.org/technology/security/pow) (`PoW`) mechanism
* (IE: `GNU` build ot `tor`)
---
* **Note Regarding Admin Access:**
To install `tor` you need root privileges. Below all commands that need to be run as `root` user like `apt` and `dpkg` are prepended with `#`, while commands to be run as user with `$` resembling the standard prompt in a terminal.
### macOS
#### Install a Package Manager
Two of the most popular package managers for `macOS` are:
[`Homebrew`](https://brew.sh)
and
[`Macports`](https://www.macports.org)
(You can use the package manager of your choice)
+ Install [`Homebrew`](https://brew.sh)
Follow the instructions on [brew.sh](https://brew.sh)
+ Install [`Macports`](https://www.macports.org)
Follow the instructions on [macports.org](https://www.macports.org)
#### Package Installation
##### [`Homebrew`](https://brew.sh)
```shell
# brew update && brew install tor
```
##### [`Macports`](https://www.macports.org)
```shell
# port sync && port install tor
```
### Debian / Ubuntu
* *Do **not** use the packages in Ubuntu's universe. In the past they have not reliably been updated. That means you could be missing stability and security fixes.*
* Configure the [Official `Tor` Package Repository](https://deb.torproject.org/torproject.org)
Enable the [Official `Tor` Package Repository](https://deb.torproject.org/torproject.org) following these [instructions](https://support.torproject.org/apt/tor-deb-repo/)
#### Package Installation
```shell
# apt update && apt install tor
```
### Fedora
* Configure the [Official `Tor` Package Repository](https://rpm.torproject.org/fedora)
Enable the [Official `Tor` Package Repository](https://rpm.torproject.org/fedora) by following these [instructions](https://support.torproject.org/rpm/tor-rpm-install)
#### Package Installation
```
# dnf update && dnf install tor
```
### Arch Linux
#### Package Installation
```shell
# pacman -Fy && pacman -Syu tor
```
### Installing `tor` from source
#### Download Latest Release & Dependencies
The latest release of `tor` can be found on the [download](https://www.torproject.org/download/tor) page
* When building from source:
*First* install `libevent`,`openssl` & `zlib`
*(Including the -devel packages when applicable)*
#### Install `tor`
```shell
$ tar -xzf tor-<version>.tar.gz; cd tor-<version>
```
* Replace \<version\> with the latest version of `tor`
> For example, `tor-0.4.8.12`
```shell
$ ./configure && make
```
* Now you can run `tor` (0.4.3.x and Later) locally like this:
```shell
$ ./src/app/tor
```
Or, you can run `make install` (as `root` if necessary) to install it globally into `/usr/local/`
* Now you can run `tor` directly without absolute path like this:
```shell
$ tor
```
### Windows
#### Download
* Download the `Windows Expert Bundle` from the [Official `Tor` Project's Download page](https://www.torproject.org/download/tor)
#### Extract
* Extract Archive to Disk
#### Open Terminal
* Open PowerShell with Admin Privileges
#### Change to Location of Extracted Archive
* Navigate to `Tor` Directory
#### Package Installation
* v10
```powershell
PS C:\Tor\> tor.exe -service install
```
* v11
```powershell
PS C:\Tor\> tor.exe -service install
```
#### Create Service
```powershell
PS C:\Tor\> sc create tor start=auto binPath="<PATH TO>\Tor\tor.exe -nt-service"
```
#### Start Service
```powershell
PS C:\Tor\> sc start tor
```
### \* ***Optional*** \*
#### [Set Up Your Onion Service](https://community.torproject.org/onion-services/setup)
While not a *strict* requirement for use with `Haveno`, some users may wish to configure an [Onion Service](https://community.torproject.org/onion-services)
* ***Only Required When Using The `--hiddenServiceAddress` Option***
Please see the [Official `Tor` Project's Documentation](https://community.torproject.org/onion-services/setup) for more information about configuration and usage of these services
---
## *`Haveno`'s Natively Aware `tor` Options*
`Haveno` is a natively `tor` aware application and offers **many** flexible configuration options for use by privacy conscious users.
While some are mutually exclusive, many are cross-applicable.
Users are encouraged to experiment with options before use to determine which options best fit their personal threat profile.
### Options
#### `--hiddenServiceAddress`
* Function:
This option configures a *static* Hidden Service Address to listen on
* Expected Input Format:
`<String>`
(`ed25519`)
* Acceptable Values
`<v3 Onion Address Value>`
* Default value:
`null`
#### `--socks5ProxyXmrAddress`
* Function:
A proxy address to be used for `monero` network
* Expected Input Format:
`<String>`
* Acceptable Values
`<Host:Port Value>`
* Default value:
`null`
#### `--torrcFile`
* Function:
An existing `torrc`-file to be sourced for `tor`
**Note:**
`torrc`-entries which are critical to `Haveno`'s flawless operation (`torrc` options line, `torrc` option, ...) **can not** be overwritten
* Expected Input Format:
`<String>`
* Acceptable Values
`<Local File Location Value>`
* Default value:
`null`
#### `--torrcOptions`
* Function:
A list of `torrc`-entries to amend to `Haveno`'s `torrc`
**Note:**
*`torrc`-entries which are critical to `Haveno`'s flawless operation (`torrc` options line, `torrc` option, ...) can **not** be overwritten*
* Expected Input Format:
`<String>`
* Acceptable Values
`<^([^\s,]+\s[^,]+,?\s*)+$>`
* Default value:
`null`
#### `--torControlHost`
+ Function
The control `hostname` or `IP` of an already running `tor` service to be used by `Haveno`
* Expected Input Format
`<String>`
(`hostname`, `IPv4` or `IPv6`)
* Acceptable Values
`<TorControl Host Value>`
* Default Value
`null`
#### `--torControlPort`
+ Function
The control port of an already running `tor` service to be used by `Haveno`
* Expected Input Format
`<Numeric String>`
* Acceptable Values
`<TorControlPort Value>`
* Default Value
`-1`
#### `--torControlPassword`
+ Function
The password for controlling the already running `tor` service
* Expected Input Format
`<Alpha-Numeric-Special String>`
* Acceptable Values
`<Passphrase Value>`
* Default Value
`null`
#### `--torControlCookieFile`
+ Function
The cookie file for authenticating against the already running `tor` service
* Used in conjunction with `--torControlUseSafeCookieAuth` option
* Expected Input Format
`<Alpha-Numeric-Special String>`
* Acceptable Values
`<Local File Location>`
* Default Value
`null`
#### `--torControlUseSafeCookieAuth`
+ Function
Use the `SafeCookie` method when authenticating to the already running `tor` service
* Expected Input Format
`null`
* Acceptable Values
`none`
* Default Value
`off`
#### `--torStreamIsolation`
+ Function
Use stream isolation for Tor
* This option is currently considered ***experimental***
* Expected Input Format
`<Alpha String>`
* Acceptable Values
`<on|off>`
* Default Value
`off`
#### `--useTorForXmr`
+ Function
Configure `tor` for `monero` connections with ***either***:
* after_sync
**or**
* off
**or**
* on
* Expected Input Format
`<Alpha String>`
* Acceptable Values
`<AFTER_SYNC|OFF|ON>`
* Default Value
`AFTER_SYNC`
#### `--socks5DiscoverMode`
+ Function
Specify discovery mode for `monero` nodes
* Expected Input Format
`<mode[,...]>`
* Acceptable Values
`ADDR, DNS, ONION, ALL`
One or more comma separated.
*(Will be **OR**'d together)*
* Default Value
`ALL`
---
## *Examples*
### Dynamic Onion Assignment via `--torControlPort`
```shell
$ /opt/haveno/bin/Haveno --torControlPort='9051' --torControlCookieFile='/var/run/tor/control.authcookie' --torControlUseSafeCookieAuth --useTorForXmr='on' --socks5ProxyXmrAddress='127.0.0.1:9050'
```
### Static Onion Assignment via `--hiddenServiceAddress`
```shell
$ /opt/haveno/bin/Haveno --socks5ProxyXmrAddress='127.0.0.1:9050' --useTorForXmr='on' --hiddenServiceAddress='2gzyxa5ihm7nsggfxnu52rck2vv4rvmdlkiu3zzui5du4xyclen53wid.onion'
```

386
scripts/install_whonix_qubes/README.md Normal file
View file

@ -0,0 +1,386 @@
# Haveno on Qubes/Whonix
## **Conventions:**
+ \# Requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
+ $ or % Requires given linux commands to be executed as a regular non-privileged user
+ \<VAR> Used to indicate user supplied variable
---
## **Installation - Scripted & Manual (GUI + CLI):**
### *Acquire release files:*
#### In `dispXXXX` AppVM:
##### Clone repository
```shell
% git clone --depth=1 https://github.com/haveno-dex/haveno
```
---
### **Create TemplateVM, NetVM & AppVM:**
#### Scripted
##### In `dispXXXX` AppVM:
###### Prepare files for transfer to `dom0`
```shell
% tar -C haveno/scripts/install_qubes/scripts/0-dom0 -zcvf /tmp/haveno.tgz .
```
##### In `dom0`:
###### Copy files to `dom0`
```shell
$ mkdir -p /tmp/haveno && qvm-run -p dispXXXX 'cat /tmp/haveno.tgz' > /tmp/haveno.tgz && tar -C /tmp/haveno -zxfv /tmp/haveno.tgz
$ bash /tmp/haveno/0.0-dom0.sh && bash /tmp/haveno/0.1-dom0.sh && bash /tmp/haveno/0.2-dom0.sh
```
#### GUI
##### TemplateVM
###### Via `Qubes Manager`:
+ Locate & highlight whonix-workstation-17 (TemplateVM)
+ Right-Click "whonix-workstation-17" and select "Clone qube" from Drop-Down
+ Enter "haveno-template" in "Name"
+ Click OK Button
##### NetVM
###### Via `Qubes Manager`:
+ Click "New qube" Button
+ Enter "sys-haveno" for "Name and label"
+ Click the Button Beside "Name and label" and Select "orange"
+ Select "whonix-gateway-17" from "Template" Drop-Down
+ Select "sys-firewall" from "Networking" Drop-Down
+ Tick "Launch settings after creation" Radio-Box
+ Click OK
+ Click "Advanced" Tab
+ Enter "512" for "Initial memory"
<p style="text-align: center;"><em>(Within reason, can adjust to personal preference)</em></p>
+ Enter "512" for "Max memory"
<p style="text-align: center;"><em>(Within reason, can adjust to personal preference)</em></p>
+ Tick "Provides network" Radio-Box
+ Click "Apply" Button
+ Click "OK" Button
##### AppVM
###### Via `Qubes Manager`:
+ Click "New qube" Button
+ Enter "haveno" for "Name and label"
+ Click the Button Beside "Name and label" and Select "orange"
+ Select "haveno-template" from "Template" Drop-Down
+ Select "sys-haveno" from "Networking" Drop-Down
+ Tick "Launch settings after creation" Radio-Box
+ Click OK
+ Click "Advanced" Tab
+ Enter "2048" for "Initial memory"
<p style="text-align: center;"><em>(Within reason, can adjust to personal preference)</em></p>
+ Enter "4096" for "Max memory"
<p style="text-align: center;"><em>(Within reason, can adjust to personal preference)</em></p>
+ Click "Apply" Button
+ Click "OK" Button
#### CLI
##### TemplateVM
###### In `dom0`:
```shell
$ qvm-clone whonix-workstation-17 haveno-template
```
##### NetVM
##### In `dom0`:
```shell
$ qvm-create --template whonix-gateway-17 --class AppVM --label=orange --property memory=512 --property maxmem=512 --property netvm=sys-firewall sys-haveno && qvm-prefs --set sys-haveno provides_network True
```
#### AppVM
##### In `dom0`:
```shell
$ qvm-create --template haveno-template --class AppVM --label=orange --property memory=2048 --property maxmem=4096 --property netvm=sys-haveno haveno
$ printf 'haveno-Haveno.desktop' | qvm-appmenus --set-whitelist haveno
```
---
### **Build TemplateVM, NetVM & AppVM:**
#### *TemplateVM (Scripted)*
##### In `dispXXXX` AppVM:
```shell
% qvm-copy haveno/scripts/install_qubes/scripts/1-TemplateVM/1.0-haveno-templatevm.sh
```
+ Select "haveno-template" for "Target" of Pop-Up
+ Click OK
##### In `haveno-template` TemplateVM:
```shell
% sudo bash QubesIncoming/dispXXXX/1.0-haveno-templatevm.sh "<PACKAGE_ARCHIVE_URL>" "<PACKAGE_PGP_FINGERPRINT>"
```
<p style="text-align: center;">Example:</p>
```shell
$ sudo bash QubesIncoming/dispXXXX/1.0-haveno-templatevm.sh "https://github.com/nacho/repo/releases/download/v1.0.18/haveno-linux-deb.zip" "ABAF11C65A2970B130ABE3C479BE3E4300411886"
```
#### *TemplateVM (CLI)*
##### In `haveno-template` TemplateVM:
###### Download & Import Project PGP Key
<p style="text-align: center;">For Whonix On Qubes OS:</p>
```shell
# export https_proxy=http://127.0.0.1:8082
# export KEY_SEARCH="<PACKAGE_PGP_FINGERPRINT>"
# curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_SEARCH" | gpg --import
```
<p style="text-align: center;">Example:</p>
```shell
# export https_proxy=http://127.0.0.1:8082
# export KEY_SEARCH="ABAF11C65A2970B130ABE3C479BE3E4300411886"
# curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_SEARCH" | gpg --import
```
<p style="text-align: center;">For Whonix On Anything Other Than Qubes OS:</p>
```shell
# export KEY_SEARCH="<PACKAGE_PGP_FINGERPRINT>"
# curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_SEARCH" | gpg --import
```
<p style="text-align: center;">Example:</p>
```shell
# export KEY_SEARCH="ABAF11C65A2970B130ABE3C479BE3E4300411886"
# curl -sL "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$KEY_SEARCH" | gpg --import
```
###### Download Release Files
<p style="text-align: center;">For Whonix On Qubes OS:</p>
```shell
# export https_proxy=http://127.0.0.1:8082
# curl -sSLo /tmp/hashes.txt https://github.com/nacho/repo/releases/download/v1.0.18/1.0.18-hashes.txt
# curl -sSLo /tmp/hashes.txt.sig https://github.com/nacho/repo/releases/download/v1.0.18/1.0.18-hashes.txt.sig
# curl -sSLo /tmp/haveno.zip https://github.com/nacho/repo/releases/download/v1.0.18/haveno_amd64_deb-latest.zip
# curl -sSLo /tmp/haveno.zip.sig https://github.com/nacho/repo/releases/download/v1.0.18/haveno_amd64_deb-latest.zip.sig
```
<p style="text-align: center;">Note:</p>
<p style="text-align: center;"><em>Above are dummy URLS which MUST be replaced with actual working URLs</em></p>
<p style="text-align: center;">For Whonix On Anything Other Than Qubes OS:</p>
```shell
# curl -sSLo /tmp/hashes.txt https://github.com/nacho/repo/releases/download/v1.0.18/1.0.18-hashes.txt
# curl -sSLo /tmp/hashes.txt.sig https://github.com/nacho/repo/releases/download/v1.0.18/1.0.18-hashes.txt.sig
# curl -sSLo /tmp/haveno.zip https://github.com/nacho/repo/releases/download/v1.0.18/haveno_amd64_deb-latest.zip
# curl -sSLo /tmp/haveno.zip.sig https://github.com/nacho/repo/releases/download/v1.0.18/haveno_amd64_deb-latest.zip.sig
```
<p style="text-align: center;">Note:</p>
<p style="text-align: center;"><em>Above are dummy URLS which MUST be replaced with actual working URLs</em></p>
###### Verify Release Files
```shell
# if [[ $(gpg --digest-algo SHA256 --verify /tmp/hashes.txt.sig /tmp/hashes.txt 2>&1) =~ 'Good signature' ]]; then printf $'SHASUM file has a VALID signature!\n'; else printf $'SHASUMS failed signature check\n' && exit; fi
```
###### Verify Hash, Unpack & Install Package
```shell
# if [[ $(cat /tmp/hashes.txt) =~ $(sha512sum /tmp/haveno*.zip | awk '{ print $1 }') ]] ; then printf $'SHA Hash IS valid!\n' && mkdir -p /usr/share/desktop-directories && cd /tmp && unzip /tmp/haveno*.zip && apt install -y /tmp/haveno*.deb; else printf $'WARNING: Bad Hash!\n' && exit; fi
```
###### Verify Jar
```shell
# if [[ $(cat /tmp/desktop*.SHA-256) =~ $(sha256sum /opt/haveno/lib/app/desktop*.jar | awk '{ print $1 }') ]] ; then printf $'SHA Hash IS valid!\n' && printf 'Happy trading!\n'; else printf $'WARNING: Bad Hash!\n' && exit; fi
```
#### *NetVM (Scripted)*
##### In `dispXXXX` AppVM:
```shell
$ qvm-copy haveno/scripts/install_qubes/scripts/2-NetVM/2.0-haveno-netvm.sh
```
+ Select "sys-haveno" for "Target" Within Pop-Up
+ Click "OK" Button
##### In `sys-haveno` NetVM:
(Allow bootstrap process to complete)
```shell
% sudo zsh QubesIncoming/dispXXXX/2.0-haveno-netvm.sh
```
#### *NetVM (CLI)*
##### In `sys-haveno` NetVM:
###### Add `onion-grater` Profile
```shell
# onion-grater-add 40_haveno
```
###### Restart `onion-grater` Service
```shell
# systemctl restart onion-grater.service
# poweroff
```
#### *AppVM (Scripted)*
##### In `dispXXXX` AppVM:
```shell
$ qvm-copy haveno/scripts/install_qubes/scripts/3-AppVM/3.0-haveno-appvm.sh
```
+ Select "haveno" for "Target" of Pop-Up
+ Click OK
##### In `haveno` AppVM:
```shell
% sudo zsh QubesIncoming/dispXXXX/3.0-haveno-appvm.sh
```
#### *AppVM (CLI)*
##### In `haveno` AppVM:
###### Adjust `sdwdate` Configuration
```shell
# mkdir /usr/local/etc/sdwdate-gui.d
# printf "gateway=sys-haveno\n" > /usr/local/etc/sdwdate-gui.d/50_user.conf
# systemctl restart sdwdate
```
###### Prepare Firewall Settings via `/rw/config/rc.local`
```shell
# printf "\n# Prepare Local FW Settings\nmkdir -p /usr/local/etc/whonix_firewall.d\n" >> /rw/config/rc.local
# printf "\n# Poke FW\nprintf \"EXTERNAL_OPEN_PORTS+=\\\\\" 9999 \\\\\"\\\n\" | tee /usr/local/etc/whonix_firewall.d/50_user.conf\n" >> /rw/config/rc.local
# printf "\n# Restart FW\nwhonix_firewall\n\n" >> /rw/config/rc.local
```
###### View & Verify Change
```shell
# tail /rw/config/rc.local
```
<p style="text-align: center;"><b>Confirm output contains:</b></p>
> # Poke FW
> printf "EXTERNAL_OPEN_PORTS+=\" 9999 \"\n" | tee /usr/local/etc/whonix_firewall.d/50_user.conf
>
> # Restart FW
> whonix_firewall
###### Restart `whonix_firewall`
```shell
# whonix_firewall
```
###### Create `haveno-Haveno.desktop`
```shell
# mkdir -p /home/$(ls /home)/\.local/share/applications
# sed 's|/opt/haveno/bin/Haveno|/opt/haveno/bin/Haveno --torControlPort=9051 --socks5ProxyXmrAddress=127.0.0.1:9050 --useTorForXmr=on|g' /opt/haveno/lib/haveno-Haveno.desktop > /home/$(ls /home)/.local/share/applications/haveno-Haveno.desktop
# chown -R $(ls /home):$(ls /home) /home/$(ls /home)/.local/share/applications
```
###### View & Verify Change
```shell
# tail /home/$(ls /home)/.local/share/applications/haveno-Haveno.desktop
```
<p style="text-align: center;"><b>Confirm output contains:</b></p>
> [Desktop Entry]
> Name=Haveno
> Comment=Haveno
> Exec=/opt/haveno/bin/Haveno --torControlPort=9051 --socks5ProxyXmrAddress=127.0.0.1:9050 --useTorForXmr=on
> Icon=/opt/haveno/lib/Haveno.png
> Terminal=false
> Type=Application
> Categories=Network
> MimeType=
###### Poweroff
```shell
# poweroff
```
### **Remove TemplateVM, NetVM & AppVM:**
#### Scripted
##### In `dom0`:
```shell
$ bash /tmp/haveno/0.3-dom0.sh
```
#### GUI
##### Via `Qubes Manager`:
+ Highlight "haveno" (AppVM)
+ Click "Delete qube"
+ Enter "haveno"
+ Click "OK" Button
+ Highlight "haveno-template" (TemplateVM)
+ Click "Delete qube"
+ Enter "haveno-template"
+ Click "OK" Button
+ Highlight "sys-haveno" (NetVM)
+ Click "Delete qube"
+ Enter "sys-haveno"
+ Click "OK" Button
#### CLI
##### In `dom0`:
```shell
$ qvm-shutdown --force --quiet haveno haveno-template sys-haveno && qvm-remove --force --quiet haveno haveno-template sys-haveno
```
-------
## *If this helped you, you know what to do*:
### **XMR**:
***85mRPDHW9SuGTDUoMJvt9W4u16Yp1j1SFDrcbfKH2vP1b59nZ62aKVqjfLoyxXrMZYMkNBGzAsuvCCDHPo4AHGx4K8Zmet6***

6
scripts/install_whonix_qubes/scripts/0-dom0/0.0-dom0.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
## ./haveno-on-qubes/scripts/0.0-dom0.sh
## Create Haveno TemplateVM:
qvm-clone whonix-workstation-17 haveno-template

6
scripts/install_whonix_qubes/scripts/0-dom0/0.1-dom0.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
## ./haveno-on-qubes/scripts/0.1-dom0.sh
## Create Haveno NetVM:
qvm-create --template whonix-gateway-17 --class AppVM --label=orange --property memory=512 --property maxmem=512 --property netvm=sys-firewall sys-haveno && qvm-prefs --set sys-haveno provides_network True

7
scripts/install_whonix_qubes/scripts/0-dom0/0.2-dom0.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
## ./haveno-on-qubes/scripts/0.2-dom0.sh
## Create Haveno AppVM:
qvm-create --template haveno-template --class AppVM --label=orange --property memory=2048 --property maxmem=4096 --property netvm=sys-haveno haveno
printf 'haveno-Haveno.desktop' | qvm-appmenus --set-whitelist - haveno

6
scripts/install_whonix_qubes/scripts/0-dom0/0.3-dom0.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/bash
## ./haveno-on-qubes/scripts/0.3-dom0.sh
## Remove Haveno GuestVMs
qvm-shutdown --force --quiet haveno haveno-template sys-haveno && qvm-remove --force --quiet haveno haveno-template sys-haveno

189
scripts/install_whonix_qubes/scripts/1-TemplateVM/1.0-haveno-templatevm.sh Normal file
View file

@ -0,0 +1,189 @@
#!/bin/bash
## ./haveno-on-qubes/scripts/1.1-haveno-templatevm_maker.sh
function remote {
if [[ -z $PRECOMPILED_URL || -z $FINGERPRINT ]]; then
printf "\nNo arguments provided!\n\nThis script requires two arguments to be provided:\nBinary URL & PGP Fingerprint\n\nPlease review documentation and try again.\n\nExiting now ...\n"
exit 1
fi
## Update & Upgrade
apt update && apt upgrade -y
## Install wget
apt install -y wget
## Function to print messages in blue:
echo_blue() {
echo -e "\033[1;34m$1\033[0m"
}
# Function to print error messages in red:
echo_red() {
echo -e "\033[0;31m$1\033[0m"
}
## Sweep for old release files
rm *.asc desktop-*-SNAPSHOT-all.jar.SHA-256 haveno*
## Define URL & PGP Fingerprint etc. vars:
user_url=$PRECOMPILED_URL
base_url=$(printf ${user_url} | awk -F'/' -v OFS='/' '{$NF=""}1')
expected_fingerprint=$FINGERPRINT
binary_filename=$(awk -F'/' '{ print $NF }' <<< "$user_url")
package_filename="haveno.deb"
signature_filename="${binary_filename}.sig"
key_filename="$(printf "$expected_fingerprint" | tr -d ' ' | sed -E 's/.*(................)/\1/' )".asc
wget_flags="--tries=10 --timeout=10 --waitretry=5 --retry-connrefused --show-progress"
## Debug:
printf "\nUser URL=$user_url\n"
printf "\nBase URL=$base_url\n"
printf "\nFingerprint=$expected_fingerprint\n"
printf "\nBinary Name=$binary_filename\n"
printf "\nPackage Name=$package_filename\n"
printf "\nSig Filename=$signature_filename\n"
printf "\nKey Filename=$key_filename\n"
## Configure for tinyproxy:
export https_proxy=http://127.0.0.1:8082
## Download Haveno binary:
echo_blue "Downloading Haveno from URL provided ..."
wget "${wget_flags}" -cq "${user_url}" || { echo_red "Failed to download Haveno binary."; exit 1; }
## Download Haveno signature file:
echo_blue "Downloading Haveno signature ..."
wget "${wget_flags}" -cq "${base_url}""${signature_filename}" || { echo_red "Failed to download Haveno signature."; exit 1; }
## Download the GPG key:
echo_blue "Downloading signing GPG key ..."
wget "${wget_flags}" -cqO "${key_filename}" "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x$(echo "$expected_fingerprint" | tr -d ' ')" || { echo_red "Failed to download GPG key."; exit 1; }
## Import the GPG key:
echo_blue "Importing the GPG key ..."
gpg --import "${key_filename}" || { echo_red "Failed to import GPG key."; exit 1; }
## Extract imported fingerprints:
imported_fingerprints=$(gpg --with-colons --fingerprint | grep -A 1 'pub' | grep 'fpr' | cut -d: -f10 | tr -d '\n')
## Remove spaces from the expected fingerprint for comparison:
formatted_expected_fingerprint=$(echo "${expected_fingerprint}" | tr -d ' ')
## Check if the expected fingerprint is in the list of imported fingerprints:
if [[ ! "${imported_fingerprints}" =~ "${formatted_expected_fingerprint}" ]]; then
echo_red "The imported GPG key fingerprint does not match the expected fingerprint."
exit 1
fi
## Verify the downloaded binary with the signature:
echo_blue "Verifying the signature of the downloaded file ..."
OUTPUT=$(gpg --digest-algo SHA256 --verify "${signature_filename}" "${binary_filename}" 2>&1)
if ! echo "$OUTPUT" | grep -q "Good signature from"; then
echo_red "Verification failed: $OUTPUT"
exit 1;
else 7z x "${binary_filename}" && mv haveno*.deb "${package_filename}"
fi
echo_blue "Haveno binaries have been successfully verified."
# Install Haveno:
echo_blue "Installing Haveno ..."
apt install -y ./"${package_filename}" || { echo_red "Failed to install Haveno."; exit 1; }
## Finalize
echo_blue "Haveno TemplateVM installation and configuration complete."
printf "%s \n" "Press [ENTER] to complete ..."
read ans
#exit
poweroff
}
function build {
if [[ -z $JAVA_URL || -z $JAVA_SHA1 || -z $SOURCE_URL ]]; then
printf "\nNo arguments provided!\n\nThis script requires three argument to be provided:\n\nURL for Java 21 JDK Debian Package\n\nSHA1 Hash for Java 21 JDK Debian Package\n\nURL for Remote Git Source Repository\n\nPlease review documentation and try again.\n\nExiting now ...\n"
exit 1
fi
# Dependancies
sudo apt install -y make git expect fakeroot
# Java
curl -fsSLo jdk21.deb ${JAVA_URL}
if [[ $(shasum ./jdk21.deb | awk '{ print $1 }') == ${JAVA_SHA1} ]] ; then printf $'SHA Hash IS valid!\n'; else printf $'WARNING: Bad Hash!\n' && exit; fi
sudo apt install -y ./jdk21.deb
# Build
git clone --depth=1 $SOURCE_URL
cd haveno
git checkout master
sed -i 's|XMR_STAGENET|XMR_MAINNET|g' desktop/package/package.gradle
./gradlew clean build --refresh-keys --refresh-dependencies
# Package
# Expect
cat <<DONE >> /tmp/haveno_package_deb.exp
set send_slow {1 .1}
proc send {ignore arg} {
sleep 1.1
exp_send -s -- \$arg
}
set timeout -1
spawn ./gradlew packageInstallers --console=plain
match_max 100000
expect -exact ""
send -- "y\r"
expect -exact ""
send -- "y\r"
expect -exact ""
send -- "y\r"
expect -exact "app-image"
send -- ""
expect eof
DONE
# Package
expect -f /tmp/haveno_package_deb.exp && find ./ -name '*.deb' -exec qvm-copy {} \;
}
if [[ $# -eq 2 ]] ; then
PRECOMPILED_URL=$1
FINGERPRINT=$2
fi
if [[ $# -eq 3 ]] ; then
JAVA_URL=$1
JAVA_SHA1=$2
SOURCE_URL=$3
fi
read -p $'Do you want to:\nInstall precompiled binary from remote git repository? (r)\n\n\t\tOR\n\nBuild source from remote git repository? (b)\n\n' rb
case $rb in
[rR] ) remote;;
[bB] ) build;;
* ) printf "\nInvalid Input.\n\nPlease Try again.\n";
# exit 1;;
esac
printf "\nCheers m8!\n"

30
scripts/install_whonix_qubes/scripts/2-NetVM/2.0-haveno-netvm.sh Normal file
View file

@ -0,0 +1,30 @@
#!/bin/zsh
## ./haveno-on-qubes/scripts/2.0-haveno-netvm_taker.sh
## Function to print messages in blue:
echo_blue() {
echo -e "\033[1;34m$1\033[0m"
}
# Function to print error messages in red:
echo_red() {
echo -e "\033[0;31m$1\033[0m"
}
## onion-grater
# Add onion-grater Profile
echo_blue "\nAdding onion-grater Profile ..."
onion-grater-add 40_haveno
# Restart onion-grater
echo_blue "\nRestarting onion-grater Service ..."
systemctl restart onion-grater.service
echo_blue "Haveno NetVM configuration complete."
printf "%s \n" "Press [ENTER] to complete ..."
read ans
#exit
poweroff

61
scripts/install_whonix_qubes/scripts/3-AppVM/3.0-haveno-appvm.sh Normal file
View file

@ -0,0 +1,61 @@
#!/bin/zsh
## ./haveno-on-qubes/scripts/3.0-haveno-appvm_taker.sh
## Function to print messages in blue:
echo_blue() {
echo -e "\033[1;34m$1\033[0m"
}
# Function to print error messages in red:
echo_red() {
echo -e "\033[0;31m$1\033[0m"
}
## Adjust sdwdate Configuration
mkdir -p /usr/local/etc/sdwdate-gui.d
printf "gateway=sys-haveno\n" > /usr/local/etc/sdwdate-gui.d/50_user.conf
systemctl restart sdwdate
## Prepare Firewall Settings
echo_blue "\nConfiguring FW ..."
printf "\n# Prepare Local FW Settings\nmkdir -p /usr/local/etc/whonix_firewall.d\n" >> /rw/config/rc.local
printf "\n# Poke FW\nprintf \"EXTERNAL_OPEN_PORTS+=\\\\\" 9999 \\\\\"\\\n\" | tee /usr/local/etc/whonix_firewall.d/50_user.conf\n" >> /rw/config/rc.local
printf "\n# Restart FW\nwhonix_firewall\n\n" >> /rw/config/rc.local
## View & Verify Change
echo_blue "\nReview the following output and be certain in matches documentation!\n"
tail /rw/config/rc.local
printf "%s \n" "Press [ENTER] to continue ..."
read ans
:
## Restart FW
echo_blue "\nRestarting Whonix FW ..."
whonix_firewall
### Create Desktop Launcher:
echo_blue "Creating desktop launcher ..."
mkdir -p /home/$(ls /home)/\.local/share/applications
sed 's|/opt/haveno/bin/Haveno|/opt/haveno/bin/Haveno --torControlPort=9051 --socks5ProxyXmrAddress=127.0.0.1:9050 --useTorForXmr=on|g' /opt/haveno/lib/haveno-Haveno.desktop > /home/$(ls /home)/.local/share/applications/haveno-Haveno.desktop
chown -R $(ls /home):$(ls /home) /home/$(ls /home)/.local/share/applications/haveno-Haveno.desktop
## View & Verify Change
echo_blue "\nReview the following output and be certain in matches documentation!\n"
tail /home/$(ls /home)/.local/share/applications/haveno-Haveno.desktop
printf "%s \n" "Press [ENTER] to continue ..."
read ans
:
echo_blue "Haveno AppVM configuration complete."
echo_blue "Refresh applications via Qubes Manager GUI now."
printf "%s \n" "Press [ENTER] to complete ..."
read ans
#exit
poweroff