summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--.gitignore14
l---------Changelog1
l---------TODO1
-rw-r--r--config/amnesia47
-rw-r--r--config/amnesia.local4
-rw-r--r--config/chroot_apt/apt.conf1
-rw-r--r--config/chroot_apt/preferences19
-rwxr-xr-xconfig/chroot_local-hooks/01-password11
-rwxr-xr-xconfig/chroot_local-hooks/02-loopback4
-rwxr-xr-xconfig/chroot_local-hooks/03-noswap4
-rwxr-xr-xconfig/chroot_local-hooks/10-splashy4
-rwxr-xr-xconfig/chroot_local-hooks/20-remove_packages3
-rwxr-xr-xconfig/chroot_local-hooks/30-home_permissions4
-rwxr-xr-xconfig/chroot_local-hooks/99-resolv24
-rw-r--r--config/chroot_local-includes/etc/amnesia/version1
-rw-r--r--config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease1
-rw-r--r--config/chroot_local-includes/etc/apt/preferences19
-rw-r--r--config/chroot_local-includes/etc/default/pdnsd6
-rw-r--r--config/chroot_local-includes/etc/dhcp3/dhclient.conf55
-rw-r--r--config/chroot_local-includes/etc/environment4
-rw-r--r--config/chroot_local-includes/etc/firewall.conf43
-rwxr-xr-xconfig/chroot_local-includes/etc/network/if-up.d/000firewall12
-rwxr-xr-xconfig/chroot_local-includes/etc/network/if-up.d/600tor4
-rw-r--r--config/chroot_local-includes/etc/pdnsd.conf52
-rw-r--r--config/chroot_local-includes/etc/polipo/config164
-rw-r--r--config/chroot_local-includes/etc/tor/tor-tsocks.conf19
-rw-r--r--config/chroot_local-includes/etc/tor/torrc172
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/do_not_ever_run_me36
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/Changelog119
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/README37
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE45
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/TODO92
-rwxr-xr-xconfig/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup7
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf47
-rw-r--r--config/chroot_local-packageslists/amnesia-common83
-rw-r--r--config/chroot_local-packageslists/amnesia-de10
-rw-r--r--config/chroot_local-packageslists/amnesia-fr12
-rw-r--r--config/chroot_local-packageslists/amnesia-gnome10
-rw-r--r--config/chroot_local-packageslists/amnesia-xfce3
-rw-r--r--config/chroot_local-preseed/firmware3
-rw-r--r--config/chroot_local-preseed/user1
l---------config/chroot_sources/backports.binary1
l---------config/chroot_sources/backports.binary.gpg1
-rw-r--r--config/chroot_sources/backports.chroot1
-rw-r--r--config/chroot_sources/backports.chroot.gpg33
l---------config/chroot_sources/live-snapshots.binary1
l---------config/chroot_sources/live-snapshots.binary.gpg1
-rw-r--r--config/chroot_sources/live-snapshots.chroot1
-rw-r--r--config/chroot_sources/live-snapshots.chroot.gpg31
l---------config/chroot_sources/squeeze.binary1
-rw-r--r--config/chroot_sources/squeeze.chroot1
l---------doc1
-rwxr-xr-xhome-refresh29
-rwxr-xr-xscripts/build68
-rwxr-xr-xscripts/clean22
-rwxr-xr-xscripts/config65
56 files changed, 1455 insertions, 0 deletions
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..36d18d1
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,14 @@
+/*.img
+/*.iso
+/*.list
+/*.packages
+/binary
+/cache
+/chroot/
+/config/binary
+/config/bootstrap
+/config/chroot
+/config/common
+/config/source
+/.stage
+/source
diff --git a/Changelog b/Changelog
new file mode 120000
index 0000000..d0812d2
--- /dev/null
+++ b/Changelog
@@ -0,0 +1 @@
+config/chroot_local-includes/usr/share/doc/amnesia/Changelog \ No newline at end of file
diff --git a/TODO b/TODO
new file mode 120000
index 0000000..21c5004
--- /dev/null
+++ b/TODO
@@ -0,0 +1 @@
+config/chroot_local-includes/usr/share/doc/amnesia/TODO \ No newline at end of file
diff --git a/config/amnesia b/config/amnesia
new file mode 100644
index 0000000..2b7a18e
--- /dev/null
+++ b/config/amnesia
@@ -0,0 +1,47 @@
+# -*- mode: sh; -*-
+
+# Configuration file for the Amnesia live system
+#
+# You'd better never directly edit this file: rather put your custom
+# variable assignments in a new file called 'amnesia.local', in the
+# same directory as this one. The values found in the '.local' file
+# will override the ones from this one.
+#
+# These configuration files are actually shell scripts, and are
+# sourced by various other scripts.
+
+# Supported: gnome|xfce
+# Default: gnome
+AMNESIA_BASE="gnome"
+
+# Images types to build, as a space-separated list.
+# Every element of this list must be a valid argument for "lh_config -b".
+# Only iso, usb-hdd and tar are currently supported.
+AMNESIA_IMAGES="iso"
+
+# Base for the string that will be passed to "lh_config --bootappend-live"
+AMNESIA_APPEND="quiet splash vga=791 live-media=removable live-media-timeout=15 noprompt"
+
+# Refresh the live user's $HOME directory by copying the build system's
+# /home/amnesia. See also AMNESIA_HOME_EXCLUDES.
+# Supported: yes|no
+# Default: no
+AMNESIA_REFRESH_HOME="no"
+
+# Patterns to exclude when refreshing /home/amnesia
+AMNESIA_HOME_EXCLUDES="/home/amnesia/.bash_history \
+ /home/amnesia/.dbus/session-bus/* \
+ /home/amnesia/.gconf/desktop/gnome/peripherals/keyboard/host-* \
+ /home/amnesia/.kde/cache-* \
+ /home/amnesia/.kde/socket-* \
+ /home/amnesia/.kde/tmp-* \
+ /home/amnesia/.mozilla/firefox/*/bookmarkbackups/* \
+ /home/amnesia/.mozilla/firefox/*/urlclassifier3.sqlite \
+ /home/amnesia/.nautilus/metafiles/ \
+ /home/amnesia/.nautilus/saved-session-* \
+ /home/amnesia/.xsession-errors"
+
+### You should not have to change anything bellow this line ####################
+
+# Compute the current Amnesia's version once for all
+AMNESIA_TODAY="`date '+%Y%m%d'`"
diff --git a/config/amnesia.local b/config/amnesia.local
new file mode 100644
index 0000000..2721d3c
--- /dev/null
+++ b/config/amnesia.local
@@ -0,0 +1,4 @@
+# -*- mode: sh; -*-
+
+#AMNESIA_IMAGES="iso tar usb-hdd"
+AMNESIA_IMAGES="tar"
diff --git a/config/chroot_apt/apt.conf b/config/chroot_apt/apt.conf
new file mode 100644
index 0000000..4143a94
--- /dev/null
+++ b/config/chroot_apt/apt.conf
@@ -0,0 +1 @@
+APT::Default-Release "stable";
diff --git a/config/chroot_apt/preferences b/config/chroot_apt/preferences
new file mode 100644
index 0000000..574fb56
--- /dev/null
+++ b/config/chroot_apt/preferences
@@ -0,0 +1,19 @@
+Package: firmware-linux
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: kvkbd
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: *
+Pin: release a=stable
+Pin-Priority: 900
+
+Package: *
+Pin: release a=lenny-backports
+Pin-Priority: 200
+
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/config/chroot_local-hooks/01-password b/config/chroot_local-hooks/01-password
new file mode 100755
index 0000000..eb5316d
--- /dev/null
+++ b/config/chroot_local-hooks/01-password
@@ -0,0 +1,11 @@
+#! /bin/sh
+
+# Change the root password to "amnesia"
+echo "I: update password"
+echo "root:amnesia" | chpasswd
+
+# Change the autogenerated user password to "amnesia"
+plain_password="amnesia"
+password=$(echo "${plain_password}" | mkpasswd -s)
+sed -i -e 's/\(user_crypted=\)\(.*\)\( #.*\)/\1\"'${password}'\"\3/' /usr/share/initramfs-tools/scripts/live-bottom/10adduser
+update-initramfs -tu -kall
diff --git a/config/chroot_local-hooks/02-loopback b/config/chroot_local-hooks/02-loopback
new file mode 100755
index 0000000..653d794
--- /dev/null
+++ b/config/chroot_local-hooks/02-loopback
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+echo "
+iface lo inet loopback" >>/etc/network/interfaces
diff --git a/config/chroot_local-hooks/03-noswap b/config/chroot_local-hooks/03-noswap
new file mode 100755
index 0000000..cbb27d7
--- /dev/null
+++ b/config/chroot_local-hooks/03-noswap
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# We don't want to swap to the local machine
+rm -f /usr/share/initramfs-tools/scripts/live-bottom/13swap
diff --git a/config/chroot_local-hooks/10-splashy b/config/chroot_local-hooks/10-splashy
new file mode 100755
index 0000000..3861f73
--- /dev/null
+++ b/config/chroot_local-hooks/10-splashy
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+splashy_config --set-theme moreblue-orbit
+update-initramfs -u -k all
diff --git a/config/chroot_local-hooks/20-remove_packages b/config/chroot_local-hooks/20-remove_packages
new file mode 100755
index 0000000..9941cf1
--- /dev/null
+++ b/config/chroot_local-hooks/20-remove_packages
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+apt-get remove --yes --purge epiphany-browser epiphany-browser-data epiphany-extensions epiphany-gecko \ No newline at end of file
diff --git a/config/chroot_local-hooks/30-home_permissions b/config/chroot_local-hooks/30-home_permissions
new file mode 100755
index 0000000..a260ac0
--- /dev/null
+++ b/config/chroot_local-hooks/30-home_permissions
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+chown -R 1000:1000 /home/amnesia
+
diff --git a/config/chroot_local-hooks/99-resolv b/config/chroot_local-hooks/99-resolv
new file mode 100755
index 0000000..1e798b3
--- /dev/null
+++ b/config/chroot_local-hooks/99-resolv
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+# Nota bene: if the custom /etc/resolv.conf file was in
+# chroot_local-includes, it would be installed inside the chroot
+# before our chroot_local-hooks run. Some of these scripts, needing
+# a working networking setup, would then awfully break.
+
+# Including common functions
+. "${LH_BASE:-/usr/share/live-helper}"/functions.sh
+
+# Setting static variables
+DESCRIPTION="$(Echo 'setup custom /etc/resolv.conf')"
+HELP=""
+USAGE="${PROGRAM}"
+
+# Reading configuration files
+Read_conffiles config/all config/common config/chroot
+Set_defaults
+
+Echo_message "Configuring file /etc/resolv.conf"
+echo 'nameserver 127.0.0.1' > /etc/resolv.conf
+# make sure lh_chroot_resolv will not overwrite our nice,
+# custom /etc/resolv.conf with a random .orig one
+echo 'nameserver 127.0.0.1' > /etc/resolv.conf.orig
diff --git a/config/chroot_local-includes/etc/amnesia/version b/config/chroot_local-includes/etc/amnesia/version
new file mode 100644
index 0000000..5798f6f
--- /dev/null
+++ b/config/chroot_local-includes/etc/amnesia/version
@@ -0,0 +1 @@
+20090620
diff --git a/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease
new file mode 100644
index 0000000..4143a94
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/apt.conf.d/00defaultrelease
@@ -0,0 +1 @@
+APT::Default-Release "stable";
diff --git a/config/chroot_local-includes/etc/apt/preferences b/config/chroot_local-includes/etc/apt/preferences
new file mode 100644
index 0000000..574fb56
--- /dev/null
+++ b/config/chroot_local-includes/etc/apt/preferences
@@ -0,0 +1,19 @@
+Package: firmware-linux
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: kvkbd
+Pin: release a=lenny-backports
+Pin-Priority: 999
+
+Package: *
+Pin: release a=stable
+Pin-Priority: 900
+
+Package: *
+Pin: release a=lenny-backports
+Pin-Priority: 200
+
+Package: *
+Pin: release o=Debian
+Pin-Priority: -10
diff --git a/config/chroot_local-includes/etc/default/pdnsd b/config/chroot_local-includes/etc/default/pdnsd
new file mode 100644
index 0000000..6350dda
--- /dev/null
+++ b/config/chroot_local-includes/etc/default/pdnsd
@@ -0,0 +1,6 @@
+# do we start pdnsd ?
+START_DAEMON=yes
+# auto-mode, overrides /etc/pdsnd.conf if set [see /usr/share/pdnsd/]
+AUTO_MODE=
+# optional CLI options to pass to pdnsd(8)
+START_OPTIONS=
diff --git a/config/chroot_local-includes/etc/dhcp3/dhclient.conf b/config/chroot_local-includes/etc/dhcp3/dhclient.conf
new file mode 100644
index 0000000..dc80d93
--- /dev/null
+++ b/config/chroot_local-includes/etc/dhcp3/dhclient.conf
@@ -0,0 +1,55 @@
+# Configuration file for /sbin/dhclient, which is included in Debian's
+# dhcp3-client package.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+# man page for more information about the syntax of this file
+# and a more comprehensive list of the parameters understood by
+# dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+# not leave anything out (like the domain name, for example), then
+# few changes must be made to this file, if any.
+#
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+send host-name "titanic";
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+request subnet-mask, broadcast-address, time-offset, routers,
+ domain-name, domain-name-servers, domain-search, host-name,
+ netbios-name-servers, netbios-scope, interface-mtu,
+ rfc3442-classless-static-routes;
+supersede domain-name-servers 127.0.0.1;
+supersede domain-name "localdomain";
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/etc/dhcp3/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+#alias {
+# interface "eth0";
+# fixed-address 192.5.5.213;
+# option subnet-mask 255.255.255.255;
+#}
+
+#lease {
+# interface "eth0";
+# fixed-address 192.33.137.200;
+# medium "link0 link1";
+# option host-name "andare.swiftmedia.com";
+# option subnet-mask 255.255.255.0;
+# option broadcast-address 192.33.137.255;
+# option routers 192.33.137.250;
+# option domain-name-servers 127.0.0.1;
+# renew 2 2000/1/12 00:00:01;
+# rebind 2 2000/1/12 00:00:01;
+# expire 2 2000/1/12 00:00:01;
+#}
diff --git a/config/chroot_local-includes/etc/environment b/config/chroot_local-includes/etc/environment
new file mode 100644
index 0000000..2460f1e
--- /dev/null
+++ b/config/chroot_local-includes/etc/environment
@@ -0,0 +1,4 @@
+http_proxy=http://localhost:8118
+HTTP_PROXY=http://localhost:8118
+SOCKS_SERVER=localhost:9050
+SOCKS5_SERVER=localhost:9050
diff --git a/config/chroot_local-includes/etc/firewall.conf b/config/chroot_local-includes/etc/firewall.conf
new file mode 100644
index 0000000..f8c9e11
--- /dev/null
+++ b/config/chroot_local-includes/etc/firewall.conf
@@ -0,0 +1,43 @@
+*filter
+:INPUT ACCEPT [0:0]
+:FORWARD ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# Established connections are accepted.
+[0:0] -A OUTPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
+
+# Local network connections should not fo through Tor.
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j ACCEPT
+[0:0] -A OUTPUT -d 127.0.0.0/255.0.0.0 -j ACCEPT
+
+# Tor is allowed to do anything it wants to, everything else is dropped.
+[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j ACCEPT
+[0:0] -A OUTPUT -j REJECT --reject-with icmp-port-unreachable
+
+COMMIT
+
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+
+# Local network connections should not fo through Tor. Note that we
+# exclude the VirtualAddrNetwork used for .onion:s here.
+[0:0] -A OUTPUT -d 192.168.0.0/255.255.0.0 -j RETURN
+[0:0] -A OUTPUT -d 10.0.0.0/255.0.0.0 -j RETURN
+[0:0] -A OUTPUT -d 172.16.0.0/255.240.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.0.0.0/255.128.0.0 -j RETURN
+[0:0] -A OUTPUT -d 127.128.0.0/255.192.0.0 -j RETURN
+
+# Tor is allowed to do anything it wants to.
+[0:0] -A OUTPUT -m owner --uid-owner debian-tor -j RETURN
+
+# .onion mapped addresses redirection to Tor.
+[0:0] -A OUTPUT -d 127.192.0.0/255.192.0.0 -p tcp -m tcp -j DNAT --to-destination 127.0.0.1:9040
+
+# Redirect all remaining TCP traffic to Tor.
+[0:0] -A OUTPUT -o ! lo -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j DNAT --to-destination 127.0.0.1:9040
+
+COMMIT
diff --git a/config/chroot_local-includes/etc/network/if-up.d/000firewall b/config/chroot_local-includes/etc/network/if-up.d/000firewall
new file mode 100755
index 0000000..f57681e
--- /dev/null
+++ b/config/chroot_local-includes/etc/network/if-up.d/000firewall
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+# Exit if lo interface
+[ "$METHOD" = "loopback" ] && exit 0
+
+IPTABLES_RULES=/etc/firewall.conf
+
+[ -x /sbin/iptables-restore ] || exit 2
+[ -n "$IPTABLES_RULES" ] || exit 3
+[ -r "$IPTABLES_RULES" ] || exit 4
+
+/sbin/iptables-restore < "$IPTABLES_RULES"
diff --git a/config/chroot_local-includes/etc/network/if-up.d/600tor b/config/chroot_local-includes/etc/network/if-up.d/600tor
new file mode 100755
index 0000000..6f1341f
--- /dev/null
+++ b/config/chroot_local-includes/etc/network/if-up.d/600tor
@@ -0,0 +1,4 @@
+#! /bin/sh
+
+/etc/init.d/tor restart
+
diff --git a/config/chroot_local-includes/etc/pdnsd.conf b/config/chroot_local-includes/etc/pdnsd.conf
new file mode 100644
index 0000000..19197dd
--- /dev/null
+++ b/config/chroot_local-includes/etc/pdnsd.conf
@@ -0,0 +1,52 @@
+// Read the pdnsd.conf(5) manpage for an explanation of the options.
+
+/* Note: this file is overriden by automatic config files when
+ /etc/default/pdnsd AUTO_MODE is set and that
+ /usr/share/pdnsd/pdnsd-$AUTO_MODE.conf exists
+ */
+
+global {
+ perm_cache=2048;
+ cache_dir="/var/cache/pdnsd";
+ run_as="pdnsd";
+ server_ip = 127.0.0.1; // Use eth0 here if you want to allow other
+ // machines on your network to query pdnsd.
+ status_ctl = on;
+// paranoid=on;
+// query_method=tcp_udp; // pdnsd must be compiled with tcp
+ // query support for this to work.
+ min_ttl=15m; // Retain cached entries at least 15 minutes.
+ max_ttl=1w; // One week.
+ timeout=120; // Global timeout option (10 seconds).
+
+ // Don't enable if you don't recurse yourself, can lead to problems
+ // delegation_only="com","net";
+}
+
+# Tor DNS resolver
+server {
+ label = "tor";
+ ip = 127.0.0.1;
+ port = 8853;
+ uptest = none;
+ exclude=".invalid";
+ policy=included;
+ proxy_only = on;
+ lean_query = on;
+}
+
+source {
+ owner=localhost;
+// serve_aliases=on;
+ file="/etc/hosts";
+}
+
+rr {
+ name=localhost;
+ reverse=on;
+ a=127.0.0.1;
+ owner=localhost;
+ soa=localhost,root.localhost,42,86400,900,86400,86400;
+}
+
+/* vim:set ft=c: */
diff --git a/config/chroot_local-includes/etc/polipo/config b/config/chroot_local-includes/etc/polipo/config
new file mode 100644
index 0000000..883f775
--- /dev/null
+++ b/config/chroot_local-includes/etc/polipo/config
@@ -0,0 +1,164 @@
+# Sample configuration file for Polipo. -*-sh-*-
+
+# You should not need to edit this configuration file; all configuration
+# variables have reasonable defaults.
+
+# This file only contains some of the configuration variables; see the
+# list given by ``polipo -v'' and the manual for more.
+
+
+### Basic configuration
+### *******************
+
+# Uncomment one of these if you want to allow remote clients to
+# connect:
+
+# proxyAddress = "::0" # both IPv4 and IPv6
+# proxyAddress = "0.0.0.0" # IPv4 only
+proxyAddress = "127.0.0.1" # IPv4 only
+proxyPort = 8118
+
+# If you are enabling 'proxyAddress' above, then you want to enable the
+# 'allowedClients' variable to the address of your network, e.g.
+# allowedClients = 127.0.0.1, 192.168.42.0/24
+
+# allowedClients = 127.0.0.1
+
+# Uncomment this if you want your Polipo to identify itself by
+# something else than the host name:
+
+proxyName = "localhost"
+
+# Uncomment this if there's only one user using this instance of Polipo:
+
+cacheIsShared = false
+
+# Uncomment this if you want to use a parent proxy:
+
+# parentProxy = "squid.example.org:3128"
+
+# Uncomment this if you want to use a parent SOCKS proxy:
+
+socksParentProxy = "localhost:9050"
+socksProxyType = socks5
+
+
+### Memory
+### ******
+
+# Uncomment this if you want Polipo to use a ridiculously small amount
+# of memory (a hundred C-64 worth or so):
+
+# chunkHighMark = 819200
+# objectHighMark = 128
+
+# Uncomment this if you've got plenty of memory:
+
+# chunkHighMark = 50331648
+# objectHighMark = 16384
+
+
+### On-disk data
+### ************
+
+# Uncomment this if you want to disable the on-disk cache:
+
+diskCacheRoot = ""
+
+# Uncomment this if you want to put the on-disk cache in a
+# non-standard location:
+
+# diskCacheRoot = "~/.polipo-cache/"
+
+# Uncomment this if you want to disable the local web server:
+
+# localDocumentRoot = ""
+
+# Uncomment this if you want to enable the pages under /polipo/index?
+# and /polipo/servers?. This is a serious privacy leak if your proxy
+# is shared.
+
+# disableIndexing = false
+# disableServersList = false
+
+disableLocalInterface = true
+
+### Domain Name System
+### ******************
+
+# Uncomment this if you want to contact IPv4 hosts only (and make DNS
+# queries somewhat faster):
+
+# dnsQueryIPv6 = no
+
+# Uncomment this if you want Polipo to prefer IPv4 to IPv6 for
+# double-stack hosts:
+
+# dnsQueryIPv6 = reluctantly
+
+# Uncomment this to disable Polipo's DNS resolver and use the system's
+# default resolver instead. If you do that, Polipo will freeze during
+# every DNS query:
+
+# dnsUseGethostbyname = yes
+
+
+### HTTP
+### ****
+
+# Uncomment this if you want to enable detection of proxy loops.
+# This will cause your hostname (or whatever you put into proxyName
+# above) to be included in every request:
+
+disableVia = true
+
+# Uncomment this if you want to slightly reduce the amount of
+# information that you leak about yourself:
+
+censoredHeaders = from, accept-language, x-pad
+censorReferer = maybe
+
+# Uncomment this if you're paranoid. This will break a lot of sites,
+# though:
+
+# censoredHeaders = set-cookie, cookie, cookie2, from, accept-language
+# censorReferer = true
+
+# Uncomment this if you want to use Poor Man's Multiplexing; increase
+# the sizes if you're on a fast line. They should each amount to a few
+# seconds' worth of transfer; if pmmSize is small, you'll want
+# pmmFirstSize to be larger.
+
+# Note that PMM is somewhat unreliable.
+
+# pmmFirstSize = 16384
+# pmmSize = 8192
+
+# Uncomment this if your user-agent does something reasonable with
+# Warning headers (most don't):
+
+# relaxTransparency = maybe
+
+# Uncomment this if you never want to revalidate instances for which
+# data is available (this is not a good idea):
+
+# relaxTransparency = yes
+
+# Uncomment this if you have no network:
+
+# proxyOffline = yes
+
+# Uncomment this if you want to avoid revalidating instances with a
+# Vary header (this is not a good idea):
+
+# mindlesslyCacheVary = true
+
+### Tor-specific configuration
+### **************************
+
+serverSlots = 2
+serverMaxSlots = 8
+allowedPorts = 1-65535
+tunnelAllowedPorts = 1-65535
+maxConnectionAge = 5m
+maxConnectionRequests = 120
diff --git a/config/chroot_local-includes/etc/tor/tor-tsocks.conf b/config/chroot_local-includes/etc/tor/tor-tsocks.conf
new file mode 100644
index 0000000..dd58d8b
--- /dev/null
+++ b/config/chroot_local-includes/etc/tor/tor-tsocks.conf
@@ -0,0 +1,19 @@
+# This is the configuration for libtsocks (transparent socks) for use
+# with tor, which is providing a socks server on port 9050 by default.
+#
+# See tsocks.conf(5) and torify(1) manpages.
+
+server = 127.0.0.1
+server_port = 9050
+
+# We specify local as 127.0.0.0 - 127.191.255.255 because the
+# Tor MAPADDRESS virtual IP range is the rest of net 127.
+local = 127.0.0.0/255.128.0.0
+local = 127.128.0.0/255.192.0.0
+
+
+# My local networks
+local = 10.0.0.0/255.0.0.0
+local = 172.16.0.0/255.255.0.0
+local = 192.168.0.0/255.255.0.0
+
diff --git a/config/chroot_local-includes/etc/tor/torrc b/config/chroot_local-includes/etc/tor/torrc
new file mode 100644
index 0000000..9da08e2
--- /dev/null
+++ b/config/chroot_local-includes/etc/tor/torrc
@@ -0,0 +1,172 @@
+## Configuration file for a typical Tor user
+## Last updated 22 December 2007 for Tor 0.2.0.14-alpha.
+## (May or may not work for much older or much newer versions of Tor.)
+##
+## Lines that begin with "## " try to explain what's going on. Lines
+## that begin with just "#" are disabled commands: you can enable them
+## by removing the "#" symbol.
+##
+## See the man page, or https://www.torproject.org/tor-manual-dev.html,
+## for more options you can use in this file.
+##
+## Tor will look for this file in various places based on your platform:
+## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#torrc
+
+
+## Replace this with "SocksPort 0" if you plan to run Tor only as a
+## server, and not make any local application connections yourself.
+SocksPort 9050 # what port to open for local application connections
+SocksListenAddress 127.0.0.1 # accept connections only from localhost
+#SocksListenAddress 192.168.0.1:9100 # listen on this IP:port also
+
+## Entry policies to allow/deny SOCKS requests based on IP address.
+## First entry that matches wins. If no SocksPolicy is set, we accept
+## all (and only) requests from SocksListenAddress.
+#SocksPolicy accept 192.168.0.0/16
+#SocksPolicy reject *
+
+## Logs go to stdout at level "notice" unless redirected by something
+## else, like one of the below lines. You can have as many Log lines as
+## you want.
+##
+## We advise using "notice" in most cases, since anything more verbose
+## may provide sensitive information to an attacker who obtains the logs.
+##
+## Send all messages of level 'notice' or higher to /var/log/tor/notices.log
+#Log notice file /var/log/tor/notices.log
+## Send every possible message to /var/log/tor/debug.log
+#Log debug file /var/log/tor/debug.log
+## Use the system log instead of Tor's logfiles
+#Log notice syslog
+## To send all messages to stderr:
+#Log debug stderr
+
+## Uncomment this to start the process in the background... or use
+## --runasdaemon 1 on the command line. This is ignored on Windows;
+## see the FAQ entry if you want Tor to run as an NT service.
+#RunAsDaemon 1
+
+## The directory for keeping all the keys/etc. By default, we store
+## things in $HOME/.tor on Unix, and in Application Data\tor on Windows.
+#DataDirectory /var/lib/tor
+
+## The port on which Tor will listen for local connections from Tor
+## controller applications, as documented in control-spec.txt.
+ControlPort 9051
+ControlListenAddress 127.0.0.1
+
+## Tor unconditionnally chmod's DataDirectory (/var/lib/tor) at startup,
+## and the debian-tor group can thus not access it, so we have it put
+## the auth cookie elsewhere.
+CookieAuthentication 1
+CookieAuthFile /tmp/control_auth_cookie
+CookieAuthFileGroupReadable 1
+
+############### This section is just for location-hidden services ###
+
+## Once you have configured a hidden service, you can look at the
+## contents of the file ".../hidden_service/hostname" for the address
+## to tell people.
+##
+## HiddenServicePort x y:z says to redirect requests on port x to the
+## address y:z.
+
+#HiddenServiceDir /var/lib/tor/hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+
+#HiddenServiceDir /var/lib/tor/other_hidden_service/
+#HiddenServicePort 80 127.0.0.1:80
+#HiddenServicePort 22 127.0.0.1:22
+
+################ This section is just for relays #####################
+#
+## See https://www.torproject.org/docs/tor-doc-relay for details.
+
+## A unique handle for your server.
+#Nickname ididnteditheconfig
+
+## The IP or FQDN for your server. Leave commented out and Tor will guess.
+#Address noname.example.com
+
+## Define these to limit the bandwidth usage of relayed (server)
+## traffic. Your own traffic is still unthrottled.
+## Note that RelayBandwidthRate must be at least 20 KB.
+#RelayBandwidthRate 100 KBytes # Throttle traffic to 100KB/s (800Kbps)
+#RelayBandwidthBurst 200 KBytes # But allow bursts up to 200KB/s (1600Kbps)
+
+## Contact info to be published in the directory, so we can contact you
+## if your server is misconfigured or something else goes wrong.
+#ContactInfo Random Person <nobody AT example dot com>
+## You might also include your PGP or GPG fingerprint if you have one:
+#ContactInfo 1234D/FFFFFFFF Random Person <nobody AT example dot com>
+
+## Required: what port to advertise for Tor connections.
+#ORPort 9001
+## If you need to listen on a port other than the one advertised
+## in ORPort (e.g. to advertise 443 but bind to 9090), uncomment the
+## line below too. You'll need to do ipchains or other port forwarding
+## yourself to make this work.
+#ORListenAddress 0.0.0.0:9090
+
+## Uncomment this to mirror directory information for others. Please do
+## if you have enough bandwidth.
+#DirPort 9030 # what port to advertise for directory connections
+## If you need to listen on a port other than the one advertised
+## in DirPort (e.g. to advertise 80 but bind to 9091), uncomment the line
+## below too. You'll need to do ipchains or other port forwarding yourself
+## to make this work.
+#DirListenAddress 0.0.0.0:9091
+
+## Uncomment this if you run more than one Tor server, and add the
+## nickname of each Tor server you control, even if they're on different
+## networks. You declare it here so Tor clients can avoid using more than
+## one of your servers in a single circuit. See
+## http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#MultipleServers
+#MyFamily nickname1,nickname2,...
+
+## A comma-separated list of exit policies. They're considered first
+## to last, and the first match wins. If you want to _replace_
+## the default exit policy, end this with either a reject *:* or an
+## accept *:*. Otherwise, you're _augmenting_ (prepending to) the
+## default exit policy. Leave commented to just use the default, which is
+## available in the man page or at https://www.torproject.org/documentation.html
+##
+## Look at https://www.torproject.org/faq-abuse.html#TypicalAbuses
+## for issues you might encounter if you use the default exit policy.
+##
+## If certain IPs and ports are blocked externally, e.g. by your firewall,
+## you should update your exit policy to reflect this -- otherwise Tor
+## users will be told that those destinations are down.
+##
+#ExitPolicy accept *:6660-6667,reject *:* # allow irc ports but no more
+#ExitPolicy accept *:119 # accept nntp as well as default exit policy
+#ExitPolicy reject *:* # no exits allowed
+#
+################ This section is just for bridge relays ##############
+#
+## Bridge relays (or "bridges" ) are Tor relays that aren't listed in the
+## main directory. Since there is no complete public list of them, even if an
+## ISP is filtering connections to all the known Tor relays, they probably
+## won't be able to block all the bridges. Unlike running an exit relay,
+## running a bridge relay just passes data to and from the Tor network --
+## so it shouldn't expose the operator to abuse complaints.
+
+#ORPort 443
+#BridgeRelay 1
+#RelayBandwidthRate 50KBytes
+#ExitPolicy reject *:*
+
+
+################ Local settings ########################################
+
+## Torified DNS
+DNSPort 8853
+AutomapHostsOnResolve 1
+AutomapHostsSuffixes .exit,.onion
+
+## Transparent proxy
+TransPort 9040
+TransListenAddress 127.0.0.1
+
+## Misc
+AvoidDiskWrites 1
diff --git a/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
new file mode 100755
index 0000000..4a42367
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# This script fully disables the iptables firewall, and thus the
+# transparent forwarding thru Tor of all non-local network
+# connections... which defeats the whole purpose of this OS, hence
+# this script's name.
+
+IPT=/sbin/iptables
+
+[ -x "$IPT" ] || exit 67
+
+$IPT -P INPUT ACCEPT
+$IPT -P FORWARD ACCEPT
+$IPT -P OUTPUT ACCEPT
+
+$IPT -t nat -P PREROUTING ACCEPT
+$IPT -t nat -P POSTROUTING ACCEPT
+$IPT -t nat -P OUTPUT ACCEPT
+
+$IPT -t mangle -P PREROUTING ACCEPT
+$IPT -t mangle -P INPUT ACCEPT
+$IPT -t mangle -P FORWARD ACCEPT
+$IPT -t mangle -P OUTPUT ACCEPT
+$IPT -t mangle -P POSTROUTING ACCEPT
+
+$IPT -F
+$IPT -t nat -F
+$IPT -t mangle -F
+
+$IPT -X
+$IPT -t nat -X
+$IPT -t mangle -X
+
+echo "You might want to unset http_proxy and HTTP_PROXY environment variables as well:"
+echo " unset http_proxy"
+echo " unset HTTP_PROXY"
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/Changelog b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
new file mode 100644
index 0000000..8070c43
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
@@ -0,0 +1,119 @@
+2009 06 20 - dev
+
+ * hardware support:
+ - install firmware-linux from backports.org
+ - install system-config-printer
+ * APT/pinning: give backports.org priority 200, so that we track
+ upgrades of packages installed from there.
+ * build system: allow building several images at once
+
+2009 06 19 - dev
+
+ * Tor: added a "Restart Tor" launcher to the Gnome panel,
+ that runs "/etc/init.d/tor restart"
+ * APT: re-configure pinning and sources to use squeeze rather than
+ unstable to fetch newer or not-in-Lenny software
+ * hardware support: added instructions in README.eCAFE to support the
+ Hercules eCAFÉ™ EC-800 netbook
+ * release: include the Changelog and TODO in the generated images,
+ in the /usr/share/doc/amnesia/ directory
+ * torbutton: install newer version from Squeeze
+
+2009 06 18 - dev
+
+ * software: install gnomebaker when building Gnome-based live OS, to
+ easily clone myself when running from CD
+
+2009 06 17 - dev
+
+ * Tor vs. Network Manager: added a restart tor hook to if-up.d (used by
+ Network Manager as well), so that Tor does work immediately even if
+ the network cable was plugged late in/after the boot process
+ * build system cleanup
+ - migrated most of lh_config invocations to scripts/config
+ - append "noprompt" so that halting/rebooting work with splashy
+ - moved our own variables to config/amnesia, using the namespace
+ $AMNESIA_*
+ * APT: configure pinning to support installing chosen packages from sid;
+ the APT source for unstable is hardcoded in chroot_sources/sid, since
+ there is no way to use $LH_CHROOT_MIRROR there: the chroot_local-hooks
+ have no access to such configuration variables :/
+ * iceweasel: install NoScript plugin from Debian sid
+
+2009 06 16 - dev
+
+ * iceweasel: delete urlclassifier3.sqlite on $HOME refresh: as we
+ disabled "safebrowsing", this huge file is of no use
+ * build system
+ - rely on standard live-initramfs adduser to do our user setup
+ (including sudo vs. Gnome/KDE, etc.)
+ - stop "supporting" KDE
+ * linux: removed non-686 kernel flavours when building i386 images
+ * compatibility: append "live-media=removable live-media-timeout=15", to
+ prevent blindly booting another debian-live installed on the hard disk
+ * software: install scribus
+
+2009 XX XX - dev
+
+ * Forked Privatix 9.03.15, by Markus Mandalka:
+ http://mandalka.name/privatix/index.html.en
+ Everything has since been rewritten or so heavily changed that nothing
+ remains from the original code... apart of a bunch of Gnome settings.
+ * iceweasel
+ - default search engine is now Scroogle SSL, configured to search pages
+ in French language; the English one is also installed
+ - never ask to save passwords or forms content
+ - configured the torbutton extension to use polipo
+ - installed the CACert root certificate
+ - installed the SSL Blacklist extension and the blacklist data
+ - installed the FireGPG extension
+ - installed the CS Lite extension
+ - installed the NoScript extension
+ - NoScript, CS Lite: replaced the default whitelists with a list of
+ trusted, non-commercial Internet Service Providers
+ - configure extensions (add to prefs.js):
+ user_pref("extensions.torbutton.startup", true);
+ user_pref("extensions.torbutton.startup_state", 1);
+ user_pref("extensions.torbutton.tor_enabled", true);
+ user_pref("noscript.notify.hide", true);
+ user_pref("capability.policy.maonoscript.sites", "about:
+ about:blank about:certerror about:config about:credits
+ about:neterror about:plugins about:privatebrowsing
+ about:sessionrestore chrome: resource:");
+ user_pref("extensions.firegpg.no_updates", true);
+ * Tor
+ - enable the transparent proxy, the DNS resolver, and the control port
+ - save authentication cookie to /tmp/control_auth_cookie, so that the
+ live user can use Tork and co.
+ - autostart Tork with Gnome
+ - Tork: installed, disabled most notifications and startup tips
+ * build system
+ - build i386 images when the build host is amd64
+ - added a version file: /etc/amnesia/version
+ - use snapshot live-* packages inside the images
+ - setup timezone depending on the chosen build locale
+ * $HOME
+ - added a nautilus-script to wipe files and directories
+ - bash with working completion for the live user
+ * software: added
+ - gnome-app-install
+ - iwconfig
+ - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
+ - kvkbd: virtual keyboard (installed from backports.org)
+ - sshfs (and added live user to the fuse group)
+ - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
+ * polipo: install and configure this HTTP proxy to forward requests
+ through Tor
+ * DNS: install and configure pdnsd to forward any DNS request through
+ the Tor resolver
+ * firewall: force every outgoing TCP connection through the Tor
+ transparent proxy, discard any outgoing UDP connection
+ * hardware support
+ - install a bunch of non-free wifi firmwares
+ - install xsane and add the live user to the scanner group
+ - install aircrack-ng
+ - install xserver-xorg-video-geode on i386 (eCafe support)
+ - install xserver-xorg-video-all
+ * misc
+ - set syslinux timeout to 4 seconds
+ - use splashy for more user-friendly boot/halt sequences
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README b/config/chroot_local-includes/usr/share/doc/amnesia/README
new file mode 100644
index 0000000..79a79df
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/README
@@ -0,0 +1,37 @@
+-*- mode: markdown; -*-
+
+Building an image
+=================
+
+Customization
+-------------
+
+The settings that can be customized can be found in `config/amnesia`;
+e.g. images types to build, desktop environment.
+
+You'd better never directly edit this file: rather put your custom
+variable assignments in a new `config/amnesia.local` file. The values
+found in the `.local` file will override the ones from the
+upstream one.
+
+These configuration files are actually shell scripts, and are sourced
+by various other scripts.
+
+How to build
+------------
+
+All following commands must be run as `root`, at the root of the
+source directory: a Git checkout, an extracted tarball.
+
+Initialize the Live system's configuration with `lh_config`:
+
+ lh_config
+
+Optionally set your preferred language for the generated images; only
+"fr" is currently fully supported, but other languages are still worth
+trying:
+
+ lh_config --language fr
+
+You can then use the standard live-helper commands to build the chosen
+images (`lh build`) and to cleanup the build directory (`lh clean`).
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE
new file mode 100644
index 0000000..f1592a3
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE
@@ -0,0 +1,45 @@
+-*- mode: markdown; -*-
+
+Hercules eCAFÉ™ EC-800
+======================
+
+Linux kernel
+------------
+
+`lh_config --linux-flavours 486`
+
+X.Org
+-----
+
+### Custom configuration file
+
+- copy, and optionally adapt, the custom `./examples/eCAFE/xorg.conf`
+ to `config/chroot_local-includes/etc/X11/` ; beware of the
+ permissions, non-root users must have read access to the including
+ X11 directory and to the `xorg.conf` file
+
+### Disable automatic X.Org configuration
+
+In `config/privatix`, add `noxautoconfig` to the `PRIVATIX_APPEND`
+boot parameters list.
+
+### Weird bugfix
+
+Probably due to a bug in `live-helper` or `live-initramfs`, one also has
+to create in the chroot:
+- the `/etc/X11` directory
+- the `/etc/X11/X` symbolic link.
+
+This can be easily achieved by copying `./examples/eCAFE/X11_fixup` to
+`config/chroot_local-hooks`. The copied file must have executable
+permissions set.
+
+Console frame buffer
+--------------------
+
+In `config/privatix`, edit the `PRIVATIX_APPEND` boot parameters list
+to:
+- remove `vga=791`
+- add `video=lxfb:800x480@60`
+
+
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/TODO b/config/chroot_local-includes/usr/share/doc/amnesia/TODO
new file mode 100644
index 0000000..6ade95c
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/TODO
@@ -0,0 +1,92 @@
+-*- mode: markdown; -*-
+
+release
+=======
+
+- add copyright
+- setup Git repository
+- setup web site
+
+build system
+============
+
+- bundle (and maybe adapt) home-refresh in the generated images
+
+hardware support
+================
+
+PowerPC
+-------
+
+- http://machine-cycle.blogspot.com/2009/05/running-debian-on-qemu-powerpc.html
+- /usr/share/doc/qemu/README.Debian
+- http://mac-on-linux.svn.sourceforge.net/viewvc/mac-on-linux/trunk/mollib/drivers/
+
+install/upgrade
+===============
+
+- install on (optionally encrypted) USB from CD
+- install on CD from USB?
+- clone the source directory to /usr/local/src/, and allow easy
+ remastering from the live system itself?
+- add 2nd encrypted data partition
+- USB: allow upgrading only the live system, not touching the other
+ partitions (use the iso + grub trick ? tar image + cp?)
+
+documentation
+=============
+
+- copy and adapt the privatix documentation
+- write documentation for install/upgrade
+
+iceweasel
+=========
+
+- do *not* ask to remember passwords
+- install some trusted, non-commercial SSL certificates (e.g.
+ Autistici/Inventati)
+- easily build a live system with a custom JavaScript/cookies
+ whitelist
+- remove *.sqlite *.db ?
+
+switch to Debian-packaged extensions
+------------------------------------
+
+- mozilla-noscript: done, deinstall + remove from $HOME
+- torbutton: done, deinstall + remove from $HOME
+- CS Lite: is another nice cookie manager already packaged?
+- SSL Blacklist: serious licensing problem, see thread on
+ pkg-mozext-maintainers@lists.alioth.debian.org, could be solved
+
+FireGPG
+-------
+
+- disable the buggy auto-detection feature
+- disable link to firegpg's homepage in generated pgp messages
+
+Pidgin
+======
+
+- base config?
+- add irc.indymedia.org + SSL certificate
+
+usecases
+========
+
+switch between use cases in syslinux menu
+- Tor enforcement
+- persistence
+
+steal some Incognito tricks
+===========================
+
+- look at `fsscript.sh` (Tor auth cookie, Tork user config, etc.)
+- smem
+- macchanger
+
+Misc.
+=====
+
+- fix TorK iconify on startup
+- is `allow-user-other` necessary for sshfs? (`/etc/fuse.conf`)
+- install seahorse-plugins (e.g. for Gedit) which is not in Lenny
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup
new file mode 100755
index 0000000..52b9a3b
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ ! -d /etc/X11 ]; then
+ mkdir /etc/X11
+ chmod 755 /etc/X11
+fi
+ln -s --force /usr/bin/Xorg /etc/X11/X
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf
new file mode 100644
index 0000000..37e2f6d
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf
@@ -0,0 +1,47 @@
+# xorg.conf (X.Org X Window System server configuration file)
+
+Section "InputDevice"
+ Identifier "Generic Keyboard"
+ Driver "kbd"
+ Option "XkbRules" "xorg"
+ Option "XkbModel" "pc105"
+ Option "XkbLayout" "fr"
+EndSection
+
+Section "InputDevice"
+ Identifier "Configured Mouse"
+ Driver "mouse"
+EndSection
+
+Section "Device"
+ Identifier "Configured Video Device"
+ Driver "geode"
+ BusID "PCI:0:1:1"
+ Option "UseFBDev" "true"
+ Option "PanelGeometry" "800x480"
+EndSection
+
+Section "Monitor"
+ Identifier "Configured Monitor"
+ Option "DPMS"
+ HorizSync 25 - 50
+ VertRefresh 50.0 - 75.0
+ Modeline "800x480" 33.45 800 840 968 1056 480 490 492 525 -hsync -vsync
+ Modeline "1024x600" 48.96 1024 1064 1168 1312 600 601 604 622 -hsync +vsync
+ Modeline "1024x768" 64.56 1024 1056 1296 1328 768 783 791 807 -hsync +vsync
+ DisplaySize 255 150
+EndSection
+
+Section "Screen"
+ Identifier "Default Screen"
+ Monitor "Configured Monitor"
+ Device "Configured Video Device"
+ DefaultDepth 16
+ SubSection "Display"
+ Depth 16
+ Modes "800x480"
+ Viewport 0 0
+ EndSubSection
+ #Virtual 1024 768
+EndSection
+
diff --git a/config/chroot_local-packageslists/amnesia-common b/config/chroot_local-packageslists/amnesia-common
new file mode 100644
index 0000000..ba0a5b3
--- /dev/null
+++ b/config/chroot_local-packageslists/amnesia-common
@@ -0,0 +1,83 @@
+# Self-installer
+bash
+cryptsetup
+dialog
+dosfstools
+e2fsprogs
+grep
+grub
+initramfs-tools
+live-helper
+mkisofs
+parted
+pv
+util-linux
+xdialog
+xterm
+
+# Self-bla
+# contains mkpasswd, needed in chroot_local-hooks/01-password
+whois
+
+# Software
+mc
+rsync
+aircrack-ng
+bash-completion
+enigmail
+evince
+exiv2
+file-roller
+gcalctool
+gimp
+gstreamer0.10-ffmpeg
+gstreamer0.10-plugins-base
+gstreamer0.10-plugins-good
+gstreamer0.10-plugins-ugly
+icedove
+iceweasel
+iceweasel-torbutton/testing
+iptables
+kvkbd
+less
+macchanger
+mozilla-noscript/testing
+network-manager-gnome
+network-manager-openvpn
+network-manager-openvpn-gnome
+ntfs-3g
+openoffice.org
+openoffice.org-hyphenation-en-us
+openoffice.org-thesaurus-en-us
+openssh-client
+pidgin
+pidgin-otr
+pmount
+polipo
+pppoeconf
+scribus
+seahorse
+secure-delete
+splashy
+sshfs
+system-config-printer
+tor
+pdnsd
+tork
+totem-gstreamer
+wireless-tools
+wipe
+xsane
+
+# Firmwares
+firmware-ipw2x00
+firmware-iwlwifi
+firmware-linux
+firmware-ralink
+zd1211-firmware
+
+# Xorg
+#if ARCHITECTURE i386
+xserver-xorg-video-geode
+#endif
+xserver-xorg-video-all
diff --git a/config/chroot_local-packageslists/amnesia-de b/config/chroot_local-packageslists/amnesia-de
new file mode 100644
index 0000000..9ba5cd3
--- /dev/null
+++ b/config/chroot_local-packageslists/amnesia-de
@@ -0,0 +1,10 @@
+# Locales
+icedove-l10n-de
+iceweasel-l10n-de
+openoffice.org-l10n-de
+openoffice.org-help-de
+openoffice.org-hyphenation-de
+openoffice.org-thesaurus-de
+
+# Tork translation, at least
+kde-i18n-de
diff --git a/config/chroot_local-packageslists/amnesia-fr b/config/chroot_local-packageslists/amnesia-fr
new file mode 100644
index 0000000..a3028d7
--- /dev/null
+++ b/config/chroot_local-packageslists/amnesia-fr
@@ -0,0 +1,12 @@
+# Locales
+icedove-l10n-fr
+iceweasel-l10n-fr
+openoffice.org-l10n-fr
+openoffice.org-help-fr
+
+# not in Lenny
+# openoffice.org-hyphenation-fr
+# openoffice.org-thesaurus-fr
+
+# Tork translation, at least
+kde-i18n-fr
diff --git a/config/chroot_local-packageslists/amnesia-gnome b/config/chroot_local-packageslists/amnesia-gnome
new file mode 100644
index 0000000..b1978da
--- /dev/null
+++ b/config/chroot_local-packageslists/amnesia-gnome
@@ -0,0 +1,10 @@
+#include <gnome>
+
+cryptkeeper
+gnomebaker
+hunspell
+hunspell-en-us
+icedove-gnome-support
+iceweasel-gnome-support
+nautilus-actions
+openoffice.org-gnome
diff --git a/config/chroot_local-packageslists/amnesia-xfce b/config/chroot_local-packageslists/amnesia-xfce
new file mode 100644
index 0000000..d08d3eb
--- /dev/null
+++ b/config/chroot_local-packageslists/amnesia-xfce
@@ -0,0 +1,3 @@
+#include <xfce>
+
+xfce4-xfapplet-plugin
diff --git a/config/chroot_local-preseed/firmware b/config/chroot_local-preseed/firmware
new file mode 100644
index 0000000..0fce95d4
--- /dev/null
+++ b/config/chroot_local-preseed/firmware
@@ -0,0 +1,3 @@
+firmware-ipw2x00 firmware-ipw2x00/license/accepted boolean true
+firmware-iwlwifi firmware-iwlwifi/license/accepted boolean true
+firmware-ralink firmware-ralink/license/accepted boolean true
diff --git a/config/chroot_local-preseed/user b/config/chroot_local-preseed/user
new file mode 100644
index 0000000..7568578
--- /dev/null
+++ b/config/chroot_local-preseed/user
@@ -0,0 +1 @@
+debconf passwd/user-default-groups string audio cdrom dialout floppy video plugdev netdev powerdev fuse debian-tor scanner \ No newline at end of file
diff --git a/config/chroot_sources/backports.binary b/config/chroot_sources/backports.binary
new file mode 120000
index 0000000..112607a
--- /dev/null
+++ b/config/chroot_sources/backports.binary
@@ -0,0 +1 @@
+backports.chroot \ No newline at end of file
diff --git a/config/chroot_sources/backports.binary.gpg b/config/chroot_sources/backports.binary.gpg
new file mode 120000
index 0000000..1266993
--- /dev/null
+++ b/config/chroot_sources/backports.binary.gpg
@@ -0,0 +1 @@
+backports.chroot.gpg \ No newline at end of file
diff --git a/config/chroot_sources/backports.chroot b/config/chroot_sources/backports.chroot
new file mode 100644
index 0000000..22c24f5
--- /dev/null
+++ b/config/chroot_sources/backports.chroot
@@ -0,0 +1 @@
+deb http://www.backports.org/debian lenny-backports main non-free
diff --git a/config/chroot_sources/backports.chroot.gpg b/config/chroot_sources/backports.chroot.gpg
new file mode 100644
index 0000000..6e66404
--- /dev/null
+++ b/config/chroot_sources/backports.chroot.gpg
@@ -0,0 +1,33 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.3 (GNU/Linux)
+
+mQGiBEMIgw4RBADueqAzlq+rQT9JYSSWnNzo6C+9crI8lzW/fcl2Q3PO97MOQTOx
+Qsf/lOh0Ku7O+VdBa+BwVPuUkSw6wTY5Ku1y/6r1BQzJ9oHkryDDJXsHzKhpdyFc
+/lD4hNGqRkiNg5ulwAI0O1eqffPWDmeR9ZzSsqM40f1U4TNLfPAu1viWxwCgnbWz
+onY6RqSYlRsDQaPsNTwieVEEAJeX2FGgNepD1SvfEremAkWCrYYlSZI76iTIf6bd
+kGkWqIT0vJyE2MNenhDJ2ebbHJVFmL9x8S3m1daC4Zwnacm7aoCY/QgMJ+Js1Fex
+Acev48W9KHgpVbFMd1t8KAwRbmFcQf0C/FZUbE7xScpTxS4z3SsMOuRyfnGpDOi6
+m/SnA/9wpquf3pPwbPykzKWNJEDouiJgt0zaFLauKDPeyTWeJ6htaAPDglArewdq
+bJ9M8QgLFtzjhg/fBQlRRUk7YP4OYtp1OdPkg2D/1rPQNySWlDf21T3N/K8ydKhR
+bYi+AsPuJLQUi3d+lVTFOebaL9felePvDC2/Eod7PSD1/rnkZ7Q0QmFja3BvcnRz
+Lm9yZyBBcmNoaXZlIEtleSA8ZnRwLW1hc3RlckBiYWNrcG9ydHMub3JnPohGBBAR
+AgAGBQJDgImkAAoJEHFe1qB+e4rJ2x4An2oI4xJpDvOx8uDIo9ihG1M0MpUqAJ9S
+cqVUmiyYSPtu8MwcZecy9kmOIYheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AniaEBvlr4oVFMrGgPiye7iE/jv68AJ48
+OkIfwcKJt7N8ImPAboeimFvWgIheBBMRAgAeBQJDCIMOAhsDBgsJCAcDAgMVAgMD
+FgIBAh4BAheAAAoJEOqOiyEWuhNsDt4AnjdB14rGa/rzz1ohwsi1oEnDRYuyAJ44
+Nv8MTPjOaeEZArQ0flg8OXwF37kCDQRDCIMREAgAzXu6DGSDAz4JH+mlthtiQwNZ
+FU8bjWanGT3DL6zubxwc3ZQmRaMOiVuvJUuaJv8fdGRSvp09dP2/x5mzq2rACiEn
+DwZssNSK5sigxgy2W9zeO9bOtg6bhqZLwlsL8Y2xZhyGL3qGeP4zL1QbXZ1QdJuO
+90Xu7GWYS6Wsj+Y6dUsZFYvTZwSiLkEmgFUTxkNue3DQtZ/KNkwoKc+aqU+S7gDN
+StQDvTNtR6IV11KbKcY1iQ0B2bkh4zShWwloIr83V6huAhfH8GA7UW6saRJAof5D
+JWUb+PRmU2TAOOlyZoM4nMH+sFFDPOeG8fbecwlox5BRTMqcCB5ELbQXoVZT+wAD
+BQf/ffI9R53f9USQkhsSak+k82JjRo9hqKAvPwBv3fDhMYqX3XRmwgNeax2y6Ub0
+AQkDhIC6eJILP5hTb2gjpmYYP7YE/7F1h37lUg7dDYeyPQF54mUXPnIg3uQ/V9HB
+TY+ZW8rsVe1KRvPAuVFU77FfCvIFdLSXVi1HSUcGv9Y7Kk4Tkr7vzKshlcIp6zZr
+O0Y3t/+ekBwTTQqEoUylVYkCSt3z6bjpVWbepkL88rbqJnPueTATw9shjbFYaND8
+cXZox9tQmlOIZ6gDeH1YvFf7ObRLxULm7C6hwik6agtXWkNABVXSxM6MB4hcP9QC
++FEhK6y/7wC3SyNRBuFujDG1aohJBBgRAgAJBQJDCIMRAhsMAAoJEOqOiyEWuhNs
+VVMAoJ1gbL0PHVf7yDwMjO3HuJBErxLdAJ4v9ojJnvJu2yUl4W586soBm+wsLg==
+=fBrI
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/config/chroot_sources/live-snapshots.binary b/config/chroot_sources/live-snapshots.binary
new file mode 120000
index 0000000..40be6d9
--- /dev/null
+++ b/config/chroot_sources/live-snapshots.binary
@@ -0,0 +1 @@
+live-snapshots.chroot \ No newline at end of file
diff --git a/config/chroot_sources/live-snapshots.binary.gpg b/config/chroot_sources/live-snapshots.binary.gpg
new file mode 120000
index 0000000..24646fd
--- /dev/null
+++ b/config/chroot_sources/live-snapshots.binary.gpg
@@ -0,0 +1 @@
+live-snapshots.chroot.gpg \ No newline at end of file
diff --git a/config/chroot_sources/live-snapshots.chroot b/config/chroot_sources/live-snapshots.chroot
new file mode 100644
index 0000000..908d111
--- /dev/null
+++ b/config/chroot_sources/live-snapshots.chroot
@@ -0,0 +1 @@
+deb http://live.debian.net/debian/ ./
diff --git a/config/chroot_sources/live-snapshots.chroot.gpg b/config/chroot_sources/live-snapshots.chroot.gpg
new file mode 100644
index 0000000..de6088d
--- /dev/null
+++ b/config/chroot_sources/live-snapshots.chroot.gpg
@@ -0,0 +1,31 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1.4.9 (GNU/Linux)
+
+mQGiBEl/CO4RBACcpjLvmL+j4QL7FaYK8VuQKu8jNflLCwAU6glCHOGpLRiXboFN
+A6Z1rQHAoQTUiIva7ZH0M5glIItqjivZDFZknUlEbEWzTYIzbiOyjU0lACy+qJXA
+jl2M5Eh+9mCIn1vWI4NP4EZSZ3PmZnZHI9V8mV4Nz+fKt2oZ9qdOloXN8wCg+qZt
+pGzHy7angIsZSP0olc+Nt6ED/1oZtrqIpcu9VDldPnK30lQM+IkQ1XJ6Vptm0TWv
+pmbRDdtvPaoFRx0XmI+2NR7RAIZ9/t+qEdO0lSf4FJJ7u5Sb5as1fUglB9e0+p87
+9gByiERFw+c5NsX6ZjohSd2vvYuZowPTaiyQMI+/ksLL2kRxakK+igF+66IbhXVf
+FV1IA/4ky3xuZziUnOEYdydxmYN5rN81u02tZ8VrDt8CmX+c5ADejetFjhqw98tf
+fUrtTCnljwkjsjupbv4yBsP3XJVCHkWGzzrdi67rO1wsWCIRjxxr7v8Mddv1Q42+
+C9SnloHCasBfVYKMlI8ubQTtCWVER2nkpGKRc/eYWG7/wdb3cLRYRGViaWFuIFVu
+b2ZmaWNpYWwgQXJjaGl2ZSBBdXRvbWF0aWMgU2lnbmluZyBLZXkgKDIwMDkpIDxm
+dHBtYXN0ZXJAZGViaWFuLXVub2ZmaWNpYWwub3JnPohmBBMRAgAmBQJJfwjuAhsD
+BQkB58sABgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQIsrkBFB8zktuMACePy/o
+gXyOdQ2JeLnKFOBAlb2YQooAoKCG1cRMVqNzcBb4nxfeK5sauzLluQINBEl/CO4Q
+CADJ5BP5ftcUz9LWNCa0DNtzWNBNg3tTsiFO5V9zOdQn/DLczg5u0GSmEPpa6CGv
+/oOANkq32TKmiP2XgqUyhGj1sTkM2MCqj1dzfDKBsV+pvJ3+5irsbCQyP/JywD/X
+cdAo/GkieCpth4ZOyjAYQ8AaGDtBFWd1SBl5+ybtk3z1/Uxcubhz8U6Jgar93O+z
+a+YW+4sG/Zfcej30Fus4HKFR6HUBSNDxUmnQ9XT74cjWVGn33vHiCZofhmHWlqEx
+roI6fHDP/6yyHiqHxRJ34IN3/sD0ksHMK7HOZvzfL6B4YfgtUkUAC447QtdWsIYl
+xJaD8GrcdREIl0Ojd/9OLar7AAMFB/0UpsmEYdv/AkG6rd4l2Yrdilx/Q5sIqKQU
+BOlJfh5I5x9JUfBwgofXSjIXwDRKl6P9MXWDidPFgqyQGpURoellX33mhFkA42JH
+Qkix6ASr//cfwszVe7j3VG4dHZklC/AxjuObY+52k+/PFuhYxRZ7F4jLGOcr6IdS
+9ViwE6fhP/oQkb6i9SbM15gnmZZ/Ul0wbku5kuf+jIUjhmooYydamPxceuqyKf6v
+Bbopg5YpZL7Lw2MwCgrV7DhqqDRXUyZCw/+bc5dBW52g4I3UGjPqam+Xi1A93jOb
+su+J/dTy7vTobhCrOmkmlsgpYlyTRfMrqjhkQImHCUk2Z8MBSm1iiE8EGBECAA8F
+Akl/CO4CGwwFCQHnywAACgkQIsrkBFB8zkt5RwCg8R9IakCa0mhKa3/wA8Qukjet
+5bcAoOc+kLVMJpMjVgLxdX1sQfTUg3l6
+=3ZYD
+-----END PGP PUBLIC KEY BLOCK-----
diff --git a/config/chroot_sources/squeeze.binary b/config/chroot_sources/squeeze.binary
new file mode 120000
index 0000000..7a0a945
--- /dev/null
+++ b/config/chroot_sources/squeeze.binary
@@ -0,0 +1 @@
+squeeze.chroot \ No newline at end of file
diff --git a/config/chroot_sources/squeeze.chroot b/config/chroot_sources/squeeze.chroot
new file mode 100644
index 0000000..5d8a69d
--- /dev/null
+++ b/config/chroot_sources/squeeze.chroot
@@ -0,0 +1 @@
+deb http://ftp.fr.debian.org/debian/ squeeze main
diff --git a/doc b/doc
new file mode 120000
index 0000000..6dc5f3d
--- /dev/null
+++ b/doc
@@ -0,0 +1 @@
+config/chroot_local-includes/usr/share/doc/amnesia \ No newline at end of file
diff --git a/home-refresh b/home-refresh
new file mode 100755
index 0000000..02164f2
--- /dev/null
+++ b/home-refresh
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+. config/amnesia
+if [ -e config/amnesia.local ] ; then
+ . config/amnesia.local
+fi
+
+# How to use $TAR_OPTS:
+# - $TAR_OPTS should be used unquoted
+# - 'set -o noglob' has to be run before any $TAR_OPTS use
+# - 'set +o noglob' has to be run after any $TAR_OPTS use
+TAR_OPTS=""
+set -o noglob
+for pattern in $AMNESIA_HOME_EXCLUDES; do
+ TAR_OPTS="$TAR_OPTS --exclude=$pattern"
+done
+set +o noglob
+
+echo "Deleting old home.tar.bz2"
+rm home/home.tar.bz2
+
+echo "Creating new home.tar.bz2"
+set -o noglob
+tar \
+ jcf home/home.tar.bz2 \
+ --atime-preserve --same-owner --numeric-owner --same-permissions \
+ $TAR_OPTS \
+ /home/amnesia
+set +o noglob
diff --git a/scripts/build b/scripts/build
new file mode 100755
index 0000000..94333ec
--- /dev/null
+++ b/scripts/build
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# set -x
+
+BASEDIR="`dirname $0`/.."
+. "${BASEDIR}/config/amnesia"
+if [ -e "${BASEDIR}/config/amnesia.local" ] ; then
+ . "${BASEDIR}/config/amnesia.local"
+fi
+
+extract_home () {
+ tar \
+ jxf home/home.tar.bz2 \
+ --atime-preserve --same-permissions \
+ --directory="config/chroot_local-includes/"
+}
+
+# a clean starting point
+rm -rf cache/stages_rootfs
+
+# home
+[ "${AMNESIA_REFRESH_HOME}" = "no" ] || ./home-refresh
+
+# build all configured image types
+for BUILD_TYPE in ${AMNESIA_IMAGES} ; do
+
+ case "$BUILD_TYPE" in
+ iso)
+ BUILD_FILENAME_EXT=iso
+ BUILD_FILENAME=binary
+ ;;
+ tar)
+ BUILD_FILENAME_EXT=tar.gz
+ BUILD_FILENAME=binary-tar
+ ;;
+ usb-hdd)
+ BUILD_FILENAME_EXT=img
+ BUILD_FILENAME=binary
+ ;;
+ *)
+ echo "Image type ${BUILD_TYPE} is not supported." >&2
+ exit 1
+ ;;
+ esac
+ . config/chroot # get LH_LANGUAGE
+ BUILD_BASENAME="amnesia-${AMNESIA_BASE}-${LH_LANGUAGE}-${AMNESIA_TODAY}"
+ BUILD_DEST_FILENAME="${BUILD_BASENAME}.${BUILD_FILENAME_EXT}"
+ BUILD_LOG="build-${BUILD_BASENAME}.log"
+
+ echo "Cleaning binary stage..."
+ lh clean noautoconfig --binary
+
+ echo "Running lh config..."
+ lh config noautoconfig --binary-images "${BUILD_TYPE}"
+
+ echo "Extracting home.tar.bz2 to chroot ..."
+ extract_home
+
+ echo "Building $BUILD_TYPE image ${BUILD_BASENAME}..."
+ if lh build noautoconfig ${@} 2>&1 | tee "${BUILD_LOG}" ; then
+ echo "Image was successfully created, moving it to ${BUILD_DEST_FILENAME}"
+ mv -i "${BUILD_FILENAME}.${BUILD_FILENAME_EXT}" "${BUILD_DEST_FILENAME}"
+ else
+ echo "lh build failed." >&2
+ exit 1
+ fi
+
+done
diff --git a/scripts/clean b/scripts/clean
new file mode 100755
index 0000000..78885b6
--- /dev/null
+++ b/scripts/clean
@@ -0,0 +1,22 @@
+#!/bin/sh
+
+for dir in chroot/{dev/pts,proc,sys} ; do
+ if mountpoint -q "$dir" ; then
+ umount "$dir"
+ fi
+done
+
+lh clean noautoconfig ${@}
+
+# rm -f build-*.log
+
+# Remove generated files
+rm -f config/binary config/bootstrap config/chroot config/common config/source
+
+# Remove empty directories in config tree
+if ls config/*/ > /dev/null 2>&1 ; then
+ rmdir --ignore-fail-on-non-empty config/*/
+fi
+
+# Remove unpacked /home/amnesia
+rm -rf config/chroot_local-includes/home/
diff --git a/scripts/config b/scripts/config
new file mode 100755
index 0000000..69e83e3
--- /dev/null
+++ b/scripts/config
@@ -0,0 +1,65 @@
+#! /bin/sh
+# automatically run by lh_config
+
+BASEDIR="`dirname $0`/.."
+. "${BASEDIR}/config/amnesia"
+if [ -e "${BASEDIR}/config/amnesia.local" ] ; then
+ . "${BASEDIR}/config/amnesia.local"
+fi
+
+RUN_LH_CONFIG="lh config noautoconfig"
+
+# init config/ with defaults
+$RUN_LH_CONFIG ${@}
+
+# set Amnesia's general options
+$RUN_LH_CONFIG \
+ --apt-recommends disabled \
+ --cache-stages "bootstrap rootfs" \
+ --categories "main non-free" \
+ --distribution lenny \
+ --hostname="amnesia" \
+ --iso-application="Amnesia live system" \
+ --iso-publisher="https://amnesia.boum.org/" \
+ --iso-volume="Amnesia ${AMNESIA_TODAY}" \
+ --memtest none \
+ --username="amnesia" \
+ --syslinux-timeout 4 \
+ ${@}
+
+# build i386 images on amd64 as well,
+# include only 686 kernel when building for i386
+hw_arch="`dpkg --print-architecture`"
+if [ "$hw_arch" = i386 -o "$hw_arch" = amd64 ]; then
+ $RUN_LH_CONFIG \
+ --architecture i386 \
+ --linux-flavours 686 \
+ ${@}
+fi
+
+# locale-dependent configuration
+. "${BASEDIR}/config/chroot"
+case "${LH_LANGUAGE}" in
+ de)
+ AMNESIA_APPEND="${AMNESIA_APPEND} locale=de_DE.UTF-8 keyb=de timezone=Europe/Berlin"
+ ;;
+ fr)
+ AMNESIA_APPEND="${AMNESIA_APPEND} locale=fr_FR.UTF-8 keyb=fr timezone=Europe/Paris"
+ ;;
+ *)
+ ;;
+esac
+$RUN_LH_CONFIG --bootappend-live "${AMNESIA_APPEND}" ${@}
+
+case "${LH_LANGUAGE}" in
+ de|fr)
+ PACKAGES_LISTS="standard amnesia-common amnesia-${AMNESIA_BASE} amnesia-${LH_LANGUAGE}"
+ ;;
+ *)
+ PACKAGES_LISTS="standard amnesia-common amnesia-${AMNESIA_BASE}"
+ ;;
+esac
+$RUN_LH_CONFIG --packages-lists="$PACKAGES_LISTS" ${@}
+
+# version
+echo "${AMNESIA_TODAY}" > "${BASEDIR}/config/chroot_local-includes/etc/amnesia/version"