summaryrefslogtreecommitdiffstats
path: root/config/chroot_local-includes/usr
diff options
context:
space:
mode:
Diffstat (limited to 'config/chroot_local-includes/usr')
-rwxr-xr-xconfig/chroot_local-includes/usr/local/sbin/do_not_ever_run_me36
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/Changelog119
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/README37
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE45
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/TODO92
-rwxr-xr-xconfig/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup7
-rw-r--r--config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf47
7 files changed, 383 insertions, 0 deletions
diff --git a/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
new file mode 100755
index 0000000..4a42367
--- /dev/null
+++ b/config/chroot_local-includes/usr/local/sbin/do_not_ever_run_me
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# This script fully disables the iptables firewall, and thus the
+# transparent forwarding thru Tor of all non-local network
+# connections... which defeats the whole purpose of this OS, hence
+# this script's name.
+
+IPT=/sbin/iptables
+
+[ -x "$IPT" ] || exit 67
+
+$IPT -P INPUT ACCEPT
+$IPT -P FORWARD ACCEPT
+$IPT -P OUTPUT ACCEPT
+
+$IPT -t nat -P PREROUTING ACCEPT
+$IPT -t nat -P POSTROUTING ACCEPT
+$IPT -t nat -P OUTPUT ACCEPT
+
+$IPT -t mangle -P PREROUTING ACCEPT
+$IPT -t mangle -P INPUT ACCEPT
+$IPT -t mangle -P FORWARD ACCEPT
+$IPT -t mangle -P OUTPUT ACCEPT
+$IPT -t mangle -P POSTROUTING ACCEPT
+
+$IPT -F
+$IPT -t nat -F
+$IPT -t mangle -F
+
+$IPT -X
+$IPT -t nat -X
+$IPT -t mangle -X
+
+echo "You might want to unset http_proxy and HTTP_PROXY environment variables as well:"
+echo " unset http_proxy"
+echo " unset HTTP_PROXY"
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/Changelog b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
new file mode 100644
index 0000000..8070c43
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/Changelog
@@ -0,0 +1,119 @@
+2009 06 20 - dev
+
+ * hardware support:
+ - install firmware-linux from backports.org
+ - install system-config-printer
+ * APT/pinning: give backports.org priority 200, so that we track
+ upgrades of packages installed from there.
+ * build system: allow building several images at once
+
+2009 06 19 - dev
+
+ * Tor: added a "Restart Tor" launcher to the Gnome panel,
+ that runs "/etc/init.d/tor restart"
+ * APT: re-configure pinning and sources to use squeeze rather than
+ unstable to fetch newer or not-in-Lenny software
+ * hardware support: added instructions in README.eCAFE to support the
+ Hercules eCAFÉ™ EC-800 netbook
+ * release: include the Changelog and TODO in the generated images,
+ in the /usr/share/doc/amnesia/ directory
+ * torbutton: install newer version from Squeeze
+
+2009 06 18 - dev
+
+ * software: install gnomebaker when building Gnome-based live OS, to
+ easily clone myself when running from CD
+
+2009 06 17 - dev
+
+ * Tor vs. Network Manager: added a restart tor hook to if-up.d (used by
+ Network Manager as well), so that Tor does work immediately even if
+ the network cable was plugged late in/after the boot process
+ * build system cleanup
+ - migrated most of lh_config invocations to scripts/config
+ - append "noprompt" so that halting/rebooting work with splashy
+ - moved our own variables to config/amnesia, using the namespace
+ $AMNESIA_*
+ * APT: configure pinning to support installing chosen packages from sid;
+ the APT source for unstable is hardcoded in chroot_sources/sid, since
+ there is no way to use $LH_CHROOT_MIRROR there: the chroot_local-hooks
+ have no access to such configuration variables :/
+ * iceweasel: install NoScript plugin from Debian sid
+
+2009 06 16 - dev
+
+ * iceweasel: delete urlclassifier3.sqlite on $HOME refresh: as we
+ disabled "safebrowsing", this huge file is of no use
+ * build system
+ - rely on standard live-initramfs adduser to do our user setup
+ (including sudo vs. Gnome/KDE, etc.)
+ - stop "supporting" KDE
+ * linux: removed non-686 kernel flavours when building i386 images
+ * compatibility: append "live-media=removable live-media-timeout=15", to
+ prevent blindly booting another debian-live installed on the hard disk
+ * software: install scribus
+
+2009 XX XX - dev
+
+ * Forked Privatix 9.03.15, by Markus Mandalka:
+ http://mandalka.name/privatix/index.html.en
+ Everything has since been rewritten or so heavily changed that nothing
+ remains from the original code... apart of a bunch of Gnome settings.
+ * iceweasel
+ - default search engine is now Scroogle SSL, configured to search pages
+ in French language; the English one is also installed
+ - never ask to save passwords or forms content
+ - configured the torbutton extension to use polipo
+ - installed the CACert root certificate
+ - installed the SSL Blacklist extension and the blacklist data
+ - installed the FireGPG extension
+ - installed the CS Lite extension
+ - installed the NoScript extension
+ - NoScript, CS Lite: replaced the default whitelists with a list of
+ trusted, non-commercial Internet Service Providers
+ - configure extensions (add to prefs.js):
+ user_pref("extensions.torbutton.startup", true);
+ user_pref("extensions.torbutton.startup_state", 1);
+ user_pref("extensions.torbutton.tor_enabled", true);
+ user_pref("noscript.notify.hide", true);
+ user_pref("capability.policy.maonoscript.sites", "about:
+ about:blank about:certerror about:config about:credits
+ about:neterror about:plugins about:privatebrowsing
+ about:sessionrestore chrome: resource:");
+ user_pref("extensions.firegpg.no_updates", true);
+ * Tor
+ - enable the transparent proxy, the DNS resolver, and the control port
+ - save authentication cookie to /tmp/control_auth_cookie, so that the
+ live user can use Tork and co.
+ - autostart Tork with Gnome
+ - Tork: installed, disabled most notifications and startup tips
+ * build system
+ - build i386 images when the build host is amd64
+ - added a version file: /etc/amnesia/version
+ - use snapshot live-* packages inside the images
+ - setup timezone depending on the chosen build locale
+ * $HOME
+ - added a nautilus-script to wipe files and directories
+ - bash with working completion for the live user
+ * software: added
+ - gnome-app-install
+ - iwconfig
+ - cryptkeeper: Gnome system tray applet to encrypt files with EncFS
+ - kvkbd: virtual keyboard (installed from backports.org)
+ - sshfs (and added live user to the fuse group)
+ - less, secure-delete, wipe, seahorse, sshfs, ntfs-3g
+ * polipo: install and configure this HTTP proxy to forward requests
+ through Tor
+ * DNS: install and configure pdnsd to forward any DNS request through
+ the Tor resolver
+ * firewall: force every outgoing TCP connection through the Tor
+ transparent proxy, discard any outgoing UDP connection
+ * hardware support
+ - install a bunch of non-free wifi firmwares
+ - install xsane and add the live user to the scanner group
+ - install aircrack-ng
+ - install xserver-xorg-video-geode on i386 (eCafe support)
+ - install xserver-xorg-video-all
+ * misc
+ - set syslinux timeout to 4 seconds
+ - use splashy for more user-friendly boot/halt sequences
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README b/config/chroot_local-includes/usr/share/doc/amnesia/README
new file mode 100644
index 0000000..79a79df
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/README
@@ -0,0 +1,37 @@
+-*- mode: markdown; -*-
+
+Building an image
+=================
+
+Customization
+-------------
+
+The settings that can be customized can be found in `config/amnesia`;
+e.g. images types to build, desktop environment.
+
+You'd better never directly edit this file: rather put your custom
+variable assignments in a new `config/amnesia.local` file. The values
+found in the `.local` file will override the ones from the
+upstream one.
+
+These configuration files are actually shell scripts, and are sourced
+by various other scripts.
+
+How to build
+------------
+
+All following commands must be run as `root`, at the root of the
+source directory: a Git checkout, an extracted tarball.
+
+Initialize the Live system's configuration with `lh_config`:
+
+ lh_config
+
+Optionally set your preferred language for the generated images; only
+"fr" is currently fully supported, but other languages are still worth
+trying:
+
+ lh_config --language fr
+
+You can then use the standard live-helper commands to build the chosen
+images (`lh build`) and to cleanup the build directory (`lh clean`).
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE
new file mode 100644
index 0000000..f1592a3
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/README.eCAFE
@@ -0,0 +1,45 @@
+-*- mode: markdown; -*-
+
+Hercules eCAFÉ™ EC-800
+======================
+
+Linux kernel
+------------
+
+`lh_config --linux-flavours 486`
+
+X.Org
+-----
+
+### Custom configuration file
+
+- copy, and optionally adapt, the custom `./examples/eCAFE/xorg.conf`
+ to `config/chroot_local-includes/etc/X11/` ; beware of the
+ permissions, non-root users must have read access to the including
+ X11 directory and to the `xorg.conf` file
+
+### Disable automatic X.Org configuration
+
+In `config/privatix`, add `noxautoconfig` to the `PRIVATIX_APPEND`
+boot parameters list.
+
+### Weird bugfix
+
+Probably due to a bug in `live-helper` or `live-initramfs`, one also has
+to create in the chroot:
+- the `/etc/X11` directory
+- the `/etc/X11/X` symbolic link.
+
+This can be easily achieved by copying `./examples/eCAFE/X11_fixup` to
+`config/chroot_local-hooks`. The copied file must have executable
+permissions set.
+
+Console frame buffer
+--------------------
+
+In `config/privatix`, edit the `PRIVATIX_APPEND` boot parameters list
+to:
+- remove `vga=791`
+- add `video=lxfb:800x480@60`
+
+
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/TODO b/config/chroot_local-includes/usr/share/doc/amnesia/TODO
new file mode 100644
index 0000000..6ade95c
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/TODO
@@ -0,0 +1,92 @@
+-*- mode: markdown; -*-
+
+release
+=======
+
+- add copyright
+- setup Git repository
+- setup web site
+
+build system
+============
+
+- bundle (and maybe adapt) home-refresh in the generated images
+
+hardware support
+================
+
+PowerPC
+-------
+
+- http://machine-cycle.blogspot.com/2009/05/running-debian-on-qemu-powerpc.html
+- /usr/share/doc/qemu/README.Debian
+- http://mac-on-linux.svn.sourceforge.net/viewvc/mac-on-linux/trunk/mollib/drivers/
+
+install/upgrade
+===============
+
+- install on (optionally encrypted) USB from CD
+- install on CD from USB?
+- clone the source directory to /usr/local/src/, and allow easy
+ remastering from the live system itself?
+- add 2nd encrypted data partition
+- USB: allow upgrading only the live system, not touching the other
+ partitions (use the iso + grub trick ? tar image + cp?)
+
+documentation
+=============
+
+- copy and adapt the privatix documentation
+- write documentation for install/upgrade
+
+iceweasel
+=========
+
+- do *not* ask to remember passwords
+- install some trusted, non-commercial SSL certificates (e.g.
+ Autistici/Inventati)
+- easily build a live system with a custom JavaScript/cookies
+ whitelist
+- remove *.sqlite *.db ?
+
+switch to Debian-packaged extensions
+------------------------------------
+
+- mozilla-noscript: done, deinstall + remove from $HOME
+- torbutton: done, deinstall + remove from $HOME
+- CS Lite: is another nice cookie manager already packaged?
+- SSL Blacklist: serious licensing problem, see thread on
+ pkg-mozext-maintainers@lists.alioth.debian.org, could be solved
+
+FireGPG
+-------
+
+- disable the buggy auto-detection feature
+- disable link to firegpg's homepage in generated pgp messages
+
+Pidgin
+======
+
+- base config?
+- add irc.indymedia.org + SSL certificate
+
+usecases
+========
+
+switch between use cases in syslinux menu
+- Tor enforcement
+- persistence
+
+steal some Incognito tricks
+===========================
+
+- look at `fsscript.sh` (Tor auth cookie, Tork user config, etc.)
+- smem
+- macchanger
+
+Misc.
+=====
+
+- fix TorK iconify on startup
+- is `allow-user-other` necessary for sshfs? (`/etc/fuse.conf`)
+- install seahorse-plugins (e.g. for Gedit) which is not in Lenny
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup
new file mode 100755
index 0000000..52b9a3b
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/X11_fixup
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+if [ ! -d /etc/X11 ]; then
+ mkdir /etc/X11
+ chmod 755 /etc/X11
+fi
+ln -s --force /usr/bin/Xorg /etc/X11/X
diff --git a/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf
new file mode 100644
index 0000000..37e2f6d
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/doc/amnesia/examples/eCAFE/xorg.conf
@@ -0,0 +1,47 @@
+# xorg.conf (X.Org X Window System server configuration file)
+
+Section "InputDevice"
+ Identifier "Generic Keyboard"
+ Driver "kbd"
+ Option "XkbRules" "xorg"
+ Option "XkbModel" "pc105"
+ Option "XkbLayout" "fr"
+EndSection
+
+Section "InputDevice"
+ Identifier "Configured Mouse"
+ Driver "mouse"
+EndSection
+
+Section "Device"
+ Identifier "Configured Video Device"
+ Driver "geode"
+ BusID "PCI:0:1:1"
+ Option "UseFBDev" "true"
+ Option "PanelGeometry" "800x480"
+EndSection
+
+Section "Monitor"
+ Identifier "Configured Monitor"
+ Option "DPMS"
+ HorizSync 25 - 50
+ VertRefresh 50.0 - 75.0
+ Modeline "800x480" 33.45 800 840 968 1056 480 490 492 525 -hsync -vsync
+ Modeline "1024x600" 48.96 1024 1064 1168 1312 600 601 604 622 -hsync +vsync
+ Modeline "1024x768" 64.56 1024 1056 1296 1328 768 783 791 807 -hsync +vsync
+ DisplaySize 255 150
+EndSection
+
+Section "Screen"
+ Identifier "Default Screen"
+ Monitor "Configured Monitor"
+ Device "Configured Video Device"
+ DefaultDepth 16
+ SubSection "Display"
+ Depth 16
+ Modes "800x480"
+ Viewport 0 0
+ EndSubSection
+ #Virtual 1024 768
+EndSection
+