summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/setup-tails-builder
blob: d3291747cdf20216b496174e2f56abd24d3427fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
#!/bin/sh

set -e

export DEBIAN_FRONTEND=noninteractive

# Do not use virtual machine proxy before apt-cacher-ng is installed
if [ "$http_proxy" = "http://$(hostname -f):3142" ] &&
   ! [ -f /etc/apt-cacher-ng/acng.conf ]; then
	LOCAL_HTTP_PROXY="$http_proxy"
	http_proxy=''
fi

rm -f /etc/apt/preferences.d/* /etc/apt/sources.list.d/*

# Add our builder-jessie repository for live-build, and pin it low
echo 'deb http://deb.tails.boum.org/ builder-jessie main' > /etc/apt/sources.list.d/tails.list
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/tails <<EOF
	Package: *
	Pin: origin deb.tails.boum.org
	Pin-Priority: 99
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/discount <<EOF
	Package: discount libmarkdown2 libmarkdown2-dev
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/ikiwiki <<EOF
	Package: ikiwiki
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/live-build <<EOF
	Package: live-build
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/syslinux-utils <<EOF
	Package: syslinux-utils
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF

# We don't want to use apt-cacher-ng for gpg
http_proxy="" gpg --keyserver hkps.pool.sks-keyservers.net --recv-key C7988EA7A358D82E
gpg --export C7988EA7A358D82E | sudo apt-key add -

# We need a newer version of debootstrap for saving the list of
# packages used when building Tails (#6297).
echo 'deb http://ftp.us.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/jessie-backports.list

# Ensure that the apt-cacher-ng cache disk is formated and mounted
if [ ! -b /dev/vdb1 ]; then
	echo '1,,83' | sfdisk /dev/vdb
	mkfs.ext4 /dev/vdb1
fi

[ -d /var/cache/apt-cacher-ng/ ] || \
	adduser --quiet --system --group --home /var/cache/apt-cacher-ng apt-cacher-ng

if ! mountpoint -q /var/cache/apt-cacher-ng; then
	mount /dev/vdb1 /var/cache/apt-cacher-ng
	chown -R apt-cacher-ng:apt-cacher-ng /var/cache/apt-cacher-ng
fi

apt-get update
apt-get -o Dpkg::Options::="--force-confold" -y install apt-cacher-ng

# Install custom configuration for apt-cacher-ng and restart
install -o root -g root -m 644 /vagrant/provision/assets/acng.conf /etc/apt-cacher-ng/acng.conf
service apt-cacher-ng restart

# Restore local HTTP proxy if needed
if [ "$LOCAL_HTTP_PROXY" ]; then
	http_proxy="$LOCAL_HTTP_PROXY"
fi

# Upgrade if needed
apt-get -y dist-upgrade

# Those are needed to build Tails
apt-get -y install \
        debootstrap/jessie-backports \
        dpkg-dev \
        eatmydata \
        gettext \
        git \
        ikiwiki \
        intltool \
        libfile-slurp-perl \
        liblist-moreutils-perl \
        live-build \
        rsync \
        syslinux-utils \
        time \
        whois

# Be sure to get all the modules we need for our Ikiwiki
apt-get -y --no-install-recommends install \
        libfile-chdir-perl \
        libhtml-scrubber-perl \
        libhtml-template-perl \
        libtext-multimarkdown-perl \
        libtimedate-perl \
        liburi-perl libhtml-parser-perl \
        libxml-simple-perl \
        libyaml-libyaml-perl po4a \
        libyaml-perl \
        libyaml-syck-perl \
        perlmagick \
        wdg-html-validator

# Add build script
install -o root -g root -m 755 /vagrant/provision/assets/build-tails /usr/local/bin

disable_live_build_conf()
{
	local var="$1"

	[ -e /etc/live/build.conf ] || return 0
	sed -e "/^[[:space:]]*$var=/d" -i /etc/live/build.conf
}

# Force live-build to use the mirrors configured in auto/config
for prefix in MIRROR PARENT_MIRROR ; do
	for target in BOOTSTRAP BINARY CHROOT ; do
		for archive in '' BACKPORTS SECURITY UPDATES VOLATILE ; do
			if [ -z "$archive" ] ; then
				archive_suffix=''
			else
				archive_suffix="_${archive}"
			fi
			var="LB_${prefix}_${target}${archive_suffix}"
			disable_live_build_conf "$var"
		done
	done
done

# Clean up
apt-get -y autoremove
apt-get -y clean
perl /usr/lib/apt-cacher-ng/expire-caller.pl || echo "The clean-up of apt-cacher-ng's cache failed: this is not fatal and most likely just means that some disk space could not be reclaimed -- in order to fix that situation you need to manually investigate /var/log/apt-cacher-ng/main_*.html " >&2

# XXX: Remove this once we generate a basebox > 20160226
if grep -q "^AcceptEnv" /etc/ssh/sshd_config; then
    sed -i 's/^AcceptEnv/#AcceptEnv/' /etc/ssh/sshd_config
    systemctl reload ssh.service
fi

# Necessary so that vagrant can merge the base branch
git config --global user.name vagrant
git config --global user.email vagrant@tailsbuilder