summaryrefslogtreecommitdiffstats
path: root/vagrant/provision/setup-tails-builder
blob: 406650b6951e36563305e94cc059bef10f861c66 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/sh

set -e

# Do not use virtual machine proxy before apt-cacher-ng is installed
if [ "$http_proxy" = "http://$(hostname -f):3142" ] &&
   ! [ -f /etc/apt-cacher-ng/acng.conf ]; then
	LOCAL_HTTP_PROXY="$http_proxy"
	http_proxy=''
fi

# Uninstall custom Ikiwiki in case the build directory is still there
if [ -d /home/vagrant/ikiwiki ]; then
	rm -f /usr/local/bin/ikiwiki*
	rm -rf /usr/local/lib/perl/5.10.1/auto/IkiWiki
	rm -rf /usr/local/share/perl/5.10.1/
	rm -rf /home/vagrant/ikiwiki
fi

rm -f /etc/apt/preferences.d/* /etc/apt/sources.list.d/*

# Add our builder-wheezy repository for live-build, and pin it low
echo 'deb http://deb.tails.boum.org/ builder-wheezy main' > /etc/apt/sources.list.d/tails.list
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/tails <<EOF
	Package: *
	Pin: origin deb.tails.boum.org
	Pin-Priority: 99
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/live-build <<EOF
	Package: live-build
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/syslinux-utils <<EOF
	Package: syslinux-utils
	Pin: origin deb.tails.boum.org
	Pin-Priority: 500
EOF

# We don't want to use apt-cacher-ng for gpg
http_proxy="" gpg --keyserver hkps.pool.sks-keyservers.net --recv-key C7988EA7A358D82E
gpg --export C7988EA7A358D82E | sudo apt-key add -

# Add unstable repository for ikiwiki, and pin it low
echo 'deb http://ftp.us.debian.org/debian unstable main' > /etc/apt/sources.list.d/unstable.list
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/unstable <<EOF
	Package: *
	Pin: release a=unstable
	Pin-Priority: 99
EOF
sed -e 's/^[[:blank:]]*//' > /etc/apt/preferences.d/ikiwiki <<EOF
	Package: ikiwiki
	Pin: release a=unstable
	Pin-Priority: 500
EOF

# Add wheezy-backports for apt-cacher-ng. The version in wheezy has problems
# with redirects to https, which we need when fetching the TBB tarballs
echo 'deb http://ftp.us.debian.org/debian wheezy-backports main' > /etc/apt/sources.list.d/wheezy-backports.list

apt-get update
apt-get -o Dpkg::Options::="--force-confold" -y -t wheezy-backports install apt-cacher-ng

# Install custom configuration for apt-cacher-ng and restart
install -o root -g root -m 644 /vagrant/provision/assets/acng.conf /etc/apt-cacher-ng/acng.conf
service apt-cacher-ng restart

# Restore local HTTP proxy if needed
if [ "$LOCAL_HTTP_PROXY" ]; then
	http_proxy="$LOCAL_HTTP_PROXY"
fi

# Upgrade if needed
apt-get -y dist-upgrade

# Those are needed to build Tails
apt-get -y install \
	live-build \
	syslinux-utils \
	eatmydata/wheezy-backports \
	time whois \
	dpkg-dev \
	git \
	aufs-tools \
	ikiwiki \
	intltool \
	gettext/wheezy-backports

# Be sure to get all the modules we need for our Ikiwiki
apt-get -y --no-install-recommends install \
       libyaml-perl libyaml-libyaml-perl po4a perlmagick libyaml-syck-perl \
       libfile-chdir-perl liburi-perl libhtml-parser-perl wdg-html-validator \
       libhtml-scrubber-perl libhtml-template-perl libtimedate-perl \
       libxml-simple-perl libtext-multimarkdown-perl

# Add build script
install -o root -g root -m 755 /vagrant/provision/assets/build-tails /usr/local/bin

disable_live_build_conf()
{
	local var="$1"

	[ -e /etc/live/build.conf ] || return 0
	sed -e "/^[[:space:]]*$var=/d" -i /etc/live/build.conf
}

# Force live-build to use the mirrors configured in auto/config
for prefix in MIRROR PARENT_MIRROR ; do
	for target in BOOTSTRAP BINARY CHROOT ; do
		for archive in '' BACKPORTS SECURITY UPDATES VOLATILE ; do
			if [ -z "$archive" ] ; then
				archive_suffix=''
			else
				archive_suffix="_${archive}"
			fi
			var="LB_${prefix}_${target}${archive_suffix}"
			disable_live_build_conf "$var"
		done
	done
done