# IMMutable DEbian with Xfce - SDK LiveCD
-## GNU/LINUX Debian stable (bookworm)
+## GNU/LINUX Debian stable
To repozytorium zawiera pliki służące do tworzenia specjalnego obrazu płyty
dostarczającego SDK do budowania dystrybucji immudex.
```
$ git clone https://github.com/xf0r3m/immudex-sdk
$ cd immudex-sdk
- $ ./immudex-build --<amd64/i386>
+ $ ./immudex-build --<amd64/i386> <wersja_Debiana>-<wersja_zmian_immudex>
```
### Dodawanie zmian do obrazu płyty:
Wymagana ilość dostępnego miejsca na dysku: 10G
```
+### Instalacja oraz aktualizacja sieciowa
+
+Od wersji 12.11 istnieje możliwość zainstalowania immudex lub jego aktualizacji
+przez internet przy użyciu obrazu immudex-sdk. Należy wówczas pliki takie jak
+jądro, plik `initrd`, plik changelogu oraz plik `.squashfs` umieścić w folderze
+na serwerze WWW, tak aby był osiągalnym przez protokoł HTTP/HTTPS dla
+immudex-sdk. Do instalacji należy skorzystać z poniższego polecenia:
+
+ ```
+ # immudex-install <URL>
+ ```
+
+Po wydaniu tego polecenia postępujemy zgodnie z komunikatami wyświetlanymi
+przez ten skrypt. W celach aktualizacji używamy poniższego polecenia:
+
+ ```
+ # immudex-upgrade <URL>
+ ```
+
### Zastrzeżenia i uznanie autorstwa:
immudex is not affiliated with Debian. Debian is a registered trademark owned
};
conky.text = [[
-${color green}Info:$color ${scroll 32 immudex-sdk ${cat /run/live/medium/live/version} - $sysname $nodename $kernel $machine}
+${color green}Info:$color ${scroll 32 immudex${exec immudex-branch} ${exec immudex-version} - $sysname $nodename $kernel $machine}
$hr
${color green}Uptime:$color $uptime
${color green}Frequency (in MHz):$color $freq
${color green}File systems:
/ $color${fs_used /}/${fs_size /} ${fs_bar 6 /}
${color green}Networking:
-Up:$color ${upspeed} ${color green} - Down:$color ${downspeed}
+IP:$color ${execp ip addr show $(sed -n '2p' /proc/net/route | awk '{printf $1}') | grep 'inet\ ' | awk '{printf $2"\n"}'}
+${color green}Up:$color ${upspeed ${gw_iface}} ${color green} - Down:$color ${downspeed ${gw_iface}}
$hr
${color green}Name PID CPU% MEM%
${color red} ${top name 1} ${top pid 1} ${top cpu 1} ${top mem 1}
# DesktopBackgroundColor=""
# Desktop background image(s)
-# DesktopBackgroundImage=""
+DesktopBackgroundImage="/usr/share/images/desktop-base/d13_wallpaper.png"
# Paint the background image over all multihead monitors combined.
# DesktopBackgroundMultihead=0 # 0/1
--- /dev/null
+#!/bin/sh
+
+sleep 1 && xterm -bg black -fg white -geometry 80x24 -e bash /usr/local/bin/immudex-build-menu &
--- /dev/null
+#%PAM-1.0
+
+# Block login if they are globally disabled
+auth requisite pam_nologin.so
+
+# Load environment from /etc/environment and ~/.pam_environment
+session required pam_env.so readenv=1
+session required pam_env.so readenv=1 envfile=/etc/default/locale
+
+# Allow access without authentication
+#auth required pam_succeed_if.so user != root quiet_success
+auth required pam_permit.so
+
+@include common-account
+
+# SELinux needs to be the first session rule. This ensures that any
+# lingering context has been cleared. Without out this it is possible
+# that a module could execute code in the wrong domain.
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
+
+session required pam_limits.so
+session required pam_loginuid.so
+@include common-session
+
+# SELinux needs to intervene at login time to ensure that the process
+# starts in the proper default security context. Only sessions which are
+# intended to run in the user's context should be run after this.
+session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
+# When the module is present, "required" would be sufficient (When SELinux
+# is disabled, this returns success.)
+
+# Can't change password
+password required pam_deny.so
+
+@include common-password
[greeter]
-background = /usr/share/images/desktop-base/lightdm_wallpaper.jpg
+background = /usr/share/images/desktop-base/d13_wallpaper.png
theme-name = Adwaita-dark
icon-theme-name = Adwaita
default-user-image = /usr/share/images/desktop-base/immudex_xfce_greeter_logo.png
--- /dev/null
+#
+# General configuration
+#
+# start-default-seat = True to always start one seat if none are defined in the configuration
+# greeter-user = User to run greeter as
+# minimum-display-number = Minimum display number to use for X servers
+# minimum-vt = First VT to run displays on
+# lock-memory = True to prevent memory from being paged to disk
+# user-authority-in-system-dir = True if session authority should be in the system location
+# guest-account-script = Script to be run to setup guest account
+# logind-check-graphical = True to on start seats that are marked as graphical by logind
+# log-directory = Directory to log information to
+# run-directory = Directory to put running state in
+# cache-directory = Directory to cache to
+# sessions-directory = Directory to find sessions
+# remote-sessions-directory = Directory to find remote sessions
+# greeters-directory = Directory to find greeters
+# backup-logs = True to move add a .old suffix to old log files when opening new ones
+# dbus-service = True if LightDM provides a D-Bus service to control it
+#
+[LightDM]
+#start-default-seat=true
+#greeter-user=lightdm
+#minimum-display-number=0
+#minimum-vt=7
+#lock-memory=true
+#user-authority-in-system-dir=false
+#guest-account-script=guest-account
+#logind-check-graphical=false
+#log-directory=/var/log/lightdm
+#run-directory=/var/run/lightdm
+#cache-directory=/var/cache/lightdm
+#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions
+#remote-sessions-directory=/usr/share/lightdm/remote-sessions
+#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters
+#backup-logs=true
+#dbus-service=true
+
+#
+# Seat configuration
+#
+# Seat configuration is matched against the seat name glob in the section, for example:
+# [Seat:*] matches all seats and is applied first.
+# [Seat:seat0] matches the seat named "seat0".
+# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client".
+#
+# type = Seat type (local, xremote, unity)
+# pam-service = PAM service to use for login
+# pam-autologin-service = PAM service to use for autologin
+# pam-greeter-service = PAM service to use for greeters
+# xserver-backend = X backend to use (mir)
+# xserver-command = X server command to run (can also contain arguments e.g. X -special-option)
+# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option)
+# xserver-config = Config file to pass to X server
+# xserver-layout = Layout to pass to X server
+# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server
+# xserver-share = True if the X server is shared for both greeter and session
+# xserver-hostname = Hostname of X server (only for type=xremote)
+# xserver-display-number = Display number of X server (only for type=xremote)
+# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true)
+# xdmcp-port = XDMCP UDP/IP port to communicate on
+# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf)
+# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option)
+# unity-compositor-timeout = Number of seconds to wait for compositor to start
+# greeter-session = Session to load for greeter
+# greeter-hide-users = True to hide the user list
+# greeter-allow-guest = True if the greeter should show a guest login option
+# greeter-show-manual-login = True if the greeter should offer a manual login option
+# greeter-show-remote-login = True if the greeter should offer a remote login option
+# user-session = Session to load for users
+# allow-user-switching = True if allowed to switch users
+# allow-guest = True if guest login is allowed
+# guest-session = Session to load for guests (overrides user-session)
+# session-wrapper = Wrapper script to run session with
+# greeter-wrapper = Wrapper script to run greeter with
+# guest-wrapper = Wrapper script to run guest sessions with
+# display-setup-script = Script to run when starting a greeter session (runs as root)
+# display-stopped-script = Script to run after stopping the display server (runs as root)
+# greeter-setup-script = Script to run when starting a greeter (runs as root)
+# session-setup-script = Script to run when starting a user session (runs as root)
+# session-cleanup-script = Script to run when quitting a user session (runs as root)
+# autologin-guest = True to log in as guest by default
+# autologin-user = User to log in with by default (overrides autologin-guest)
+# autologin-user-timeout = Number of seconds to wait before loading default user
+# autologin-session = Session to load for automatic login (overrides user-session)
+# autologin-in-background = True if autologin session should not be immediately activated
+# exit-on-failure = True if the daemon should exit if this seat fails
+#
+[Seat:*]
+#type=local
+pam-service=lightdm
+pam-autologin-service=lightdm-autologin
+#pam-greeter-service=lightdm-greeter
+#xserver-backend=
+#xserver-command=X
+#xmir-command=Xmir
+#xserver-config=
+#xserver-layout=
+#xserver-allow-tcp=false
+#xserver-share=true
+#xserver-hostname=
+#xserver-display-number=
+#xdmcp-manager=
+#xdmcp-port=177
+#xdmcp-key=
+#unity-compositor-command=unity-system-compositor
+#unity-compositor-timeout=60
+greeter-session=lightdm-gtk-greeter
+greeter-hide-users=false
+#greeter-allow-guest=true
+greeter-show-manual-login=false
+#greeter-show-remote-login=true
+#user-session=niko
+#allow-user-switching=true
+#allow-guest=true
+#guest-session=
+#session-wrapper=lightdm-session
+#greeter-wrapper=
+#guest-wrapper=
+#display-setup-script=
+#display-stopped-script=
+#greeter-setup-script=
+#session-setup-script=
+#session-cleanup-script=
+#autologin-guest=false
+autologin-user=root
+#autologin-user-timeout=0
+#autologin-in-background=false
+#autologin-session=
+#exit-on-failure=false
+
+#
+# XDMCP Server configuration
+#
+# enabled = True if XDMCP connections should be allowed
+# port = UDP/IP port to listen for connections on
+# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present)
+# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf)
+# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset)
+#
+# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively
+# it can be a word and the first 7 characters are used as the key.
+#
+[XDMCPServer]
+#enabled=false
+#port=177
+#listen-address=
+#key=
+#hostname=
+
+#
+# VNC Server configuration
+#
+# enabled = True if VNC connections should be allowed
+# command = Command to run Xvnc server with
+# port = TCP/IP port to listen for connections on
+# listen-address = Host/address to listen for VNC connections (use all addresses if not present)
+# width = Width of display to use
+# height = Height of display to use
+# depth = Color depth of display to use
+#
+[VNCServer]
+#enabled=false
+#command=Xvnc
+#port=5900
+#listen-address=
+#width=1024
+#height=768
+#depth=8
set tabstop=2
set shiftwidth=2
set expandtab
+colorscheme evening
xscreensaver -no-splash &
-icewmbg --scaled=1 -p -i /usr/share/images/desktop-base/d13_wallpaper.png &
conky &
-
+icewmbg --scaled=1
exec icewm-session
fi
#Fetching testing vanilla Debian base system files:
-echo -n "Fetching testing vanilla Debian base system files...";
+echo -n "Fetching vanilla Debian stable base system files...";
sudo /sbin/debootstrap --arch=$(echo $1 | sed 's/-//g') --variant=minbase stable ${HOME}/build/immudex-sdk/${arch}/chroot http://deb.debian.org/debian >> immudex-sdk_build.log 2>&1;
if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
sudo cp -vv ${HOME}/immudex-sdk/versions/base.sh ${HOME}/build/immudex-sdk/${arch}/chroot >> immudex-sdk_build.log 2>&1;
if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+#Mount system interfaces - required for build some addons.
+for i in /dev /dev/pts /proc /run /sys; do
+ sudo mount -B $i ${HOME}/build/immudex-sdk/${arch}/chroot$i;
+done
+
#Executing chroot script, at least i trying:
sudo chroot ${HOME}/build/immudex-sdk/${arch}/chroot /bin/bash /base.sh $arch;
+#Try to umount system interfaces it may fail.
+for i in /dev/pts /proc /run /sys /dev; do
+ sudo umount -f ${HOME}/build/immudex-sdk/${arch}/chroot$i;
+done
+
#Removing chroot script.
echo -n "Remove chroot script...";
sudo rm -vf ${HOME}/build/immudex-sdk/${arch}/chroot/base.sh >> immudex-sdk_build.log 2>&1;
#Create iso image:
cd $oldcwd;
echo -n "Creating iso image...";
-xorriso as mkisofs -iso-level 3 -o "immudex-sdk_${version}_${arch2}.iso" -full-iso9660-filenames -volid "idxSdk{version}${arch2}" -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -eltorito-boot isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table --eltorito-catalog isolinux/isolinux.cat -eltorito-alt-boot -e /boot/grub/efiboot.img -no-emul-boot -isohybrid-gpt-basdat -append_partition 2 0xef ${HOME}/build/immudex-sdk/${arch}/staging/boot/grub/efiboot.img ${HOME}/build/immudex-sdk/${arch}/staging >> immudex-sdk_build.log 2>&1;
+xorriso as mkisofs -iso-level 3 -o "immudex-sdk_${version}_${arch2}.iso" -full-iso9660-filenames -volid "immudex-sdk_${version}_${arch2}" -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -eltorito-boot isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table --eltorito-catalog isolinux/isolinux.cat -eltorito-alt-boot -e /boot/grub/efiboot.img -no-emul-boot -isohybrid-gpt-basdat -append_partition 2 0xef ${HOME}/build/immudex-sdk/${arch}/staging/boot/grub/efiboot.img ${HOME}/build/immudex-sdk/${arch}/staging >> immudex-sdk_build.log 2>&1;
+if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+
+#Counting SHA1 sum for iso image:
+echo -n "Counting SHA1 sum for iso image...";
+sha1sum immudex-sdk_${version}_${arch2}.iso > immudex-sdk_${version}_${arch2}_sha1.txt;
+if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+
+#Counting CRC for iso image:
+echo -n "Counting CRC sum for iso image...";
+cksum immudex-sdk_${version}_${arch2}.iso > immudex-sdk_${version}_${arch2}_crc.txt;
+if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+
+#Write version info to the file:
+echo -n "Write version info the file...";
+echo $version > version.txt;
if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
--- /dev/null
+#!/bin/bash
+
+function help() {
+ echo "immudex-branch it's a conky helper script, which returns Debian version";
+ echo "used for build immudex. This information is used in 'Info:' section";
+ echo "in conky widget as complement in name of immudex version.";
+ echo;
+ echo "Usage: immudex-branch [--help] [--version]";
+ echo;
+ echo "Options:";
+ echo " --help Print this message.";
+ echo " --version Print information about version, author and copyrights.";
+ echo;
+ echo "Examples:";
+ echo " immudex-branch Prints version of Debian used for immudex build with hyphen on start of."
+ echo " immudex-branch --help Prints this message.";
+ echo " immudex-branch --version Print information about version, author and copyrights.";
+ echo;
+ echo "Report bugs to <xf0r3m@gmail.com>";
+}
+
+function version() {
+ echo "immudex-branch 1.0";
+ echo;
+ echo "Copyright (C) 2026 morketsmerke.org";
+ echo "This is free software; see the source for copying conditions. There is NO";
+ echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+ echo;
+ echo "Written by xf0r3m.";
+
+}
+
+if [ "$1" ]; then
+ if [ "$1" = "--help" ]; then
+ help;
+ elif [ "$1" = "--version" ]; then
+ version;
+ fi
+else
+ if grep -q 'forky' /etc/os-release; then
+ echo -n '-testing';
+ elif grep -q 'trixie' /etc/os-release; then
+ echo -n '-stable';
+ else
+ echo -n '-oldstable';
+ fi
+fi
--- /dev/null
+#!/bin/bash
+
+GREEN="\e[32m"
+ENDCOLOR="\e[0m"
+
+function help() {
+ echo "This script takes information from user about target computer";
+ echo "architecture, debian version, extra packages, addons and commands for";
+ echo "base file. At the end script ask user for optional image common name ";
+ echo "and version. After collecting needed information script starts a main";
+ echo "command: immudex-build.";
+ echo;
+ echo "Usage: immudex-build-menu [--help] [--version]";
+ echo;
+ echo "Options: ";
+ echo " --help Print this message.";
+ echo " --version Print information about version, author and copyrights.";
+ echo;
+ echo "Report bugs to <xf0r3m@gmail.com>";
+}
+
+function version() {
+ echo "immudex-build-menu 1.0";
+ echo;
+ echo "Copyright (C) 2026 morketsmerke.org";
+ echo "This is free software; see the source for copying conditions. There is NO";
+ echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+ echo;
+ echo "Written by xf0r3m.";
+}
+
+if [ "$1" ]; then
+ if [ "$1" = "--help" ]; then
+ help;
+ exit;
+ elif [ "$1" = "--version" ]; then
+ version;
+ exit;
+ else
+ help;
+ exit 1;
+ fi
+fi
+
+
+function yesNo() {
+ PS3="YES/NO: ";
+ select y0 in yes no; do
+ if [ "$y0" = "yes" ]; then
+ echo -n 1;
+ fi
+ break;
+ done
+}
+
+echo -en "\e[1m"; echo "immudex" | /usr/bin/figlet | lolcat; echo -en "\e[0m";
+
+lsblk;
+
+echo -n "Put a disk device (name) with required space (10GB): ";
+read diskDevice;
+
+diskDeviceName=$(basename $diskDevice);
+mountPoint="/media/sdk/${diskDeviceName}";
+mkdir -p $mountPoint;
+
+if $(echo $diskDevice | grep -q '/dev'); then
+ mount $diskDevice $mountPoint;
+else
+ mount /dev/${diskDevice} $mountPoint;
+fi
+
+cd $mountPoint;
+export HOME=$(pwd);
+
+echo -n "Getting immudex project repository...";
+if [ -d ~/immudex ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]";
+else
+ git clone https://github.com/xf0r3m/immudex >> /dev/null 2>&1;
+ if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+fi
+
+PS3="ARCH: ";
+echo "Chose a destination machine architecture:";
+select a in amd64 i386; do
+ ARCH=$a;
+ break;
+done;
+
+PS3="DEBIAN: ";
+echo "Chose a Debian base version:";
+select d in oldstable stable testing; do
+ DEBIAN=$d;
+ break;
+done;
+
+echo 'Do you wanna add some extra packages?';
+eP=$(yesNo);
+if [ "$eP" ]; then
+ echo -n "Put space separated packages name list: ";
+ read extraPackagesList;
+ baseFilePath="${HOME}/immudex/versions/base.sh";
+ tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1);
+ installationCommand="install_packages ${extraPackagesList};"
+ sed -i "${tidyCommandLocation}i\ ${installationCommand}" $baseFilePath;
+fi
+
+echo "Do you wanna add some extra addons?";
+eA=$(yesNo);
+if [ "$eA" ]; then
+ echo -n "Put space sparated addons name: ";
+ read extraAddonsList;
+ baseFilePath="${HOME}/immudex/versions/base.sh";
+ for addonName in $extraAddonsList; do
+ tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1);
+ extraAddonInstallationCommand="bash ~/immudex/addons/${addonName}";
+ sed -i "${tidyCommandLocation}i\ ${extraAddonInstallationCommand}" $baseFilePath;
+ done
+fi
+
+echo "Do you wanna add some extra commands to base file?";
+eS=$(yesNo);
+if [ "$eS" ]; then
+ echo -n "Put script filepath: ";
+ read scriptFilePath;
+ baseFilePath="${HOME}/immudex/versions/base.sh";
+ tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1);
+ tidyCommandLocation=$(expr $tidyCommandLocation - 1);
+ if $(head -1 $scriptFilePath | grep -q '#!/bin/bash'); then
+ sed -n '2,$p' $scriptFilePath > /tmp/scriptSnippet.txt;
+ sed -i "${tidyCommandLocation}r /tmp/scriptSnippet.txt" $baseFilePath;
+ else
+ sed -i "${tidyCommandLocation}r ${scriptFilePath}" $baseFilePath;
+ fi
+fi
+
+echo "Do you wanna name this immudex image?";
+cN=$(yesNo);
+if [ "$cN" ]; then
+ echo -n "Type your image name: ";
+ read canonicalName;
+fi
+
+echo "Do you wanna add version number?";
+vER=$(yesNo);
+if [ "$vER" ]; then
+ echo -n "Type version of this image: ";
+ if ! [ "$canonicalName" ]; then
+ read canonicalName;
+ else
+ read version;
+ fi
+fi
+
+
+
+#CMD="~/immudex/immudex-build --${ARCH} --${DEBIAN}";
+#echo $CMD;
+
+cat >> ${HOME}/XTerm <<EOF
+xterm*faceName: Monospace
+xterm*faceSize: 10
+EOF
+
+if [ "$DISPLAY" ]; then
+ xterm -fg white -bg black -geometry 80x24 -e bash /usr/local/bin/immudex-build-show-log $HOME &
+else
+ echo "# The Logs preview isn't available. Your X server isn't running in this console. #";
+ echo "# Logs are available in text file: ${HOME}/immudex_build.log #";
+fi
+
+if [ "$canonicalName" ] && [ "$version" ]; then
+ ${HOME}/immudex/immudex-build --${ARCH} --${DEBIAN} $canonicalName $version;
+elif [ "$canonicalName" ]; then
+ ${HOME}/immudex/immudex-build --${ARCH} --${DEBIAN} $canonicalName;
+else
+ ${HOME}/immudex/immudex-build --${ARCH} --${DEBIAN};
+fi
+
+
+
--- /dev/null
+#!/bin/bash
+
+function help() {
+ echo "It's alias for open immudex_build.log file in one command.";
+ echo "This few line, allows to open file via tail -f in other xterm session.";
+ echo;
+ echo "Usage: immudex-build-show-log [--help] [--version]";
+ echo;
+ echo "Options: ";
+ echo " --help Print this message.";
+ echo " --version Print information about version, author and copyrights.";
+ echo;
+ echo "Report bugs to <xf0r3m@gmail.com>";
+}
+
+function version() {
+ echo "immudex-build-show-log 1.0";
+ echo;
+ echo "Copyright (C) 2026 morketsmerke.org";
+ echo "This is free software; see the source for copying conditions. There is NO";
+ echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+ echo;
+ echo "Written by xf0r3m.";
+}
+
+if [ "$1" ]; then
+ if [ "$1" = "--help" ]; then
+ help;
+ exit;
+ elif [ "$1" = "--version" ]; then
+ version;
+ exit;
+ fi
+fi
+
+
+IDX_PATH=$1;
+while [ ! -f ${IDX_PATH}/immudex_build.log ]; do
+ sleep 1;
+done
+tail -f ${IDX_PATH}/immudex_build.log;
--- /dev/null
+#!/bin/bash
+
+
+if [ "$1" ]; then
+ if [ "$1" = "--help" ]; then
+ echo "immudex-motd prints configurable message of the day.";
+ echo "Information and its quantity can be changed via the configuration file.";
+ echo "Script using figlet basic font and lolcat for print header of message.";
+ echo;
+ echo "Usage: immudex-motd [--help] [--version]";
+ echo;
+ echo "Options:";
+ echo " --help Print this message.";
+ echo " --version Print information about version, author and copyright";
+ echo;
+ echo "Files:";
+ echo " /etc/motd.conf Script configuration file.";
+ echo " /usr/share/doc/immudex-motd/motd.conf.sample Example configuration file.";
+ echo;
+ echo "Examples:";
+ echo " immudex-motd Run a script.";
+ echo;
+ echo "Report bugs to <xf0r3m@gmail.com>";
+ exit 0;
+ fi
+ if [ "$1" = "--version" ]; then
+ echo "immudex-motd 1.0";
+ echo;
+ echo "Copyright (C) 2026 morketsmerke.org";
+ echo "This is free software; see the source for copying conditions. There is NO";
+ echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+ echo;
+ echo "Written by xf0r3m.";
+ exit 0;
+ fi
+fi
+
+if [ -f /etc/motd.conf ]; then
+ source /etc/motd.conf;
+else
+ source /usr/share/doc/immudex-motd/motd.conf.sample;
+fi
+
+echo -en "\e[1m"; echo "$(hostname)" | /usr/bin/figlet | lolcat; echo -en "\e[0m";
+echo;
+echo "Today is: $(date)";
+echo;
+echo "System summary: ";
+cpuIdle=$(vmstat | tail -1 | awk '{printf $15}');
+cpuUsage=$((100 - $cpuIdle));
+echo -e " \tCPU: ${cpuUsage}%";
+echo -e " \tMEM: $(free -h | sed -n '2p' | awk '{printf $7}' | sed 's/i//') Free";
+if [ "$MOUNT_POINTS" ]; then
+ echo -e " \tMount points:\tFree/Total\t(Usage%)";
+ for mountPoint in $MOUNT_POINTS; do
+ if $(df -h 2>/dev/null | grep -q "${mountPoint}"); then
+ diskSize=$(df -h 2> /dev/null | grep "${mountPoint}" | awk '{printf $2}');
+ diskFree=$(df -h 2> /dev/null | grep "${mountPoint}" | awk '{printf $4}');
+ diskUsage_perc=$(df -h 2> /dev/null | grep "${mountPoint}" | sed 's/%//' | awk '{printf $5}');
+ echo -e "\t$(echo $mountPoint | sed 's,\$,,'):\t\t${diskFree}/${diskSize}\t(${diskUsage_perc}%)";
+ fi
+ done
+fi
+if $(echo $OPTIONS | grep -q 'cryptparts'); then
+ if $(df -h 2> /dev/null | grep -q '/dev/mapper'); then
+ i=1;
+ echo -e " \tCRYPT_PARTi: Free/Total (Usage%)";
+ amountOfDisks=$(df -h 2> /dev/null | grep '/dev/mapper' | wc -l | awk '{printf $1}');
+ while [ $i -le $amountOfDisks ]; do
+ diskSize=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $2}');
+ diskFree=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $4}');
+ diskUsage_perc=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | sed 's/%//' | awk '{printf $5}');
+ #FCP = First Crypt Partition
+ echo -e " \tCRYPT_PART${i}: ${diskFree}/${diskSize} (${diskUsage_perc}%)";
+ i=$((i + 1));
+ done
+ else
+ echo -e " \tCRYPT_PART: N/A";
+ fi
+fi
+echo -e " \tIP: $(ip addr show $(sed -n '2p' /proc/net/route | awk '{printf $1}') | grep 'inet\ ' | awk '{printf $2"\n"}')";
+echo -e " \tPROCESSES: $(ps -aux | wc -l | awk '{printf $1}')";
+if $(uptime | grep -q 'day'); then
+ utime=$(uptime | awk '{printf $3" "$4" "$5}' | sed -e 's/\,$//' -e 's,:,h ,');
+ echo -e "\tUPTIME: ${utime}m";
+else
+ utime=$(uptime | awk '{printf $3}' | sed -e 's/,//' -e 's,:,h ,');
+ if $(echo $utime | grep -q "h"); then
+ echo -e " \tUPTIME: ${utime}m";
+ else
+ echo -e " \tUPTIME: 0h ${utime}m";
+ fi
+fi
+echo -e " \t$(uptime | grep -o "load.*$" | tr [a-z] [A-Z])";
+echo;
+if [ -x /usr/local/bin/immudex-meteo ]; then
+echo "Weather:";
+ if [ "$LOCATION" ]; then
+ /usr/local/bin/immudex-meteo --micro $LOCATION;
+ fi
+fi
+echo;
+if [ "$FOOTER" ]; then
+ echo -e "$FOOTER";
+fi
+echo;
+echo "====================================================================";
--- /dev/null
+#!/bin/bash
+
+set -e
+
+RED="\e[31m";
+GREEN="\e[32m";
+YELLOW="\e[33m";
+ENDCOLOR="\e[0m";
+
+function help() {
+ echo "This is SDK version of upgrade script. It allows to network immudex ";
+ echo "upgrade via downloading kernel, initrd and squashfs file from web ";
+ echo "server.";
+ echo;
+ echo "Usage: immudex-upgrade [--help] [--version] <URL>";
+ echo;
+ echo "Options: ";
+ echo " --help Print this message.";
+ echo " --version Print information about version, author and copyrights.";
+ echo;
+ echo "Report bugs to <xf0r3m@gmail.com>";
+}
+
+function version() {
+ echo "immudex-upgrade (SDK version) 1.0";
+ echo;
+ echo "Copyright (C) 2026 morketsmerke.org";
+ echo "This is free software; see the source for copying conditions. There is NO";
+ echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+ echo;
+ echo "Written by xf0r3m.";
+}
+
+if [ "$1" ]; then
+ if [ "$1" = "--help" ]; then
+ help;
+ exit;
+ elif [ "$1" = "--version" ]; then
+ version;
+ exit;
+ fi
+fi
+
+echo "Upgrading immudex...";
+part=$(blkid | grep 'LABEL="immudex"' | awk '{printf $1}' | cut -d ":" -f 1);
+
+echo -n " Mounting immudex partition...";
+mount $part /mnt >> /dev/null 2>&1;
+if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+
+if [ "$1" ] && $(echo "$1" | grep -q '^http'); then
+ URL="$1";
+ wget ${URL}/live/vmlinuz -O /mnt/live/vmlinuz 2>/dev/null;
+ if [ $? -eq 0 ]; then
+ echo -e " Copying immudex kernel to the disk...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ wget ${URL}/live/initrd -O /mnt/live/initrd 2>/dev/null;
+ if [ $? -eq 0 ]; then
+ echo -e " Copying immudex initrd to the disk...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ wget ${URL}/live/filesystem.squashfs -O /mnt/live/filesystem.squashfs 2>/dev/null;
+ if [ $? -eq 0 ]; then
+ echo -e " Copying immudex filesystem.squashfs to the disk...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ wget ${URL}/live/changelog -O /mnt/live/changelog 2>/dev/null;
+ if [ $? -eq 0 ]; then
+ echo -e " Copying immudex changelog file to the disk...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+
+ if $(sudo efibootmgr > /dev/null 2>&1); then
+ echo " Copying grub config to the disk...";
+ if [ "$1" ] && $(echo "$1" | grep -q '^http'); then
+ wget ${URL}/live/grub.cfg -O /mnt/boot/grub/grub.cfg 2>/dev/null;
+ if [ $? -eq 0 ]; then
+ echo -e " Downloading immudex GRUB config...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ echo -e " Copying grub config to the disk...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ sed -i '/set\ timeout=/ s/30/5/' /mnt/boot/grub/grub.cfg;
+ sed -i 's/bootfrom=removable //g' /mnt/boot/grub/grub.cfg;
+ fi
+
+ umount -R /mnt;
+ if [ $? -eq 0 ]; then
+ echo -e " Unmount immudex partition...[ ${GREEN}OK${ENDCOLOR} ]";
+ fi
+ echo -e "Upgrading immudex...[ ${GREEN}OK${ENDCOLOR} ]";
+else
+ help;
+ exit 1;
+fi
--- /dev/null
+#!/bin/bash
+
+
+#function help() {
+# echo "This script does noting. It's a collection of functions uses by";
+# echo "other tools, by import this file into it self. Man page for this script";
+# echo "can be usefull for describe above mentioned functions.";
+# echo;
+# echo "Notes:";
+# echo -e " get_debian_branch() Can be used for convert Debian codename for Debian branch name\n";
+# echo -e " get_machine_arch() Used for getting information is this 32 or 64-bit architecture.\n";
+# echo -e " check_distro_commit() Is used for decide that you use a latest version immudex if there are commit ahead your image, this script returns 0, otherwise 1.\n";
+# echo -e " ascii_colors() Prints immudex name in ASCII manuali.\n";
+# echo;
+# echo "Usage: source /usr/local/bin/library.sh";
+# echo;
+# echo "Options:";
+# echo " There is no options... Function help and version are used only for generate man page file and will be comment out after this.";
+# echo;
+# echo "Report bugs to <xf0r3m@gmail.com>";
+#}
+
+#function version(){
+# echo "library.sh 1.0";
+# echo;
+# echo "Copyright (C) 2026 morketsmerke.org";
+# echo "This is free software; see the source for copying conditions. There is NO";
+# echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.";
+# echo;
+# echo "Written by xf0r3m.";
+#}
+
+
+function get_debian_branch() {
+ if grep -q 'trixie' /etc/os-release; then
+ echo "testing";
+ elif grep -q 'bookworm' /etc/os-release; then
+ echo "stable";
+ else
+ echo "oldstable";
+ fi
+}
+
+function get_machine_arch() {
+ arch=$(uname -m);
+ if [ "$arch" = "i686" ]; then
+ echo "32";
+ else
+ echo "64";
+ fi
+}
+
+function check_distro_commit() {
+ versionFile="/run/live/medium/live/version";
+ if [ -f $versionFile ]; then
+ localVersion=$(cat $versionFile);
+ if [ -d /tmp/immudex ]; then
+ $(cd /tmp/immudex && git pull -q);
+ else
+ git clone -q https://github.com/xf0r3m/immudex /tmp/immudex;
+ fi
+ latestVersion=$(cd /tmp/immudex && git log --pretty=oneline | head -1 | cut -d " " -f 1);
+ if [ "$1" ] && [ "$1" == "--print" ]; then
+ echo "$(cd /tmp/immudex && git log ${localVersion}..${latestVersion})";
+ fi
+ if [ "$localVersion" = "$latestVersion" ]; then
+ return 0;
+ else
+ return 1;
+ fi
+ else
+ return 255;
+ fi
+}
+
+function ascii_colors() {
+
+ BLUE="\e[1;94m";
+ RED="\e[1;91m";
+ CYAN="\e[1;96m";
+ ENDCOLOR="\e[0m";
+
+ echo -e "${BLUE} _ ${RED} _ ${CYAN} ${ENDCOLOR}";
+ echo -e "${BLUE}(_)_ __ ___ _ __ ___ _ _ ${RED} __| | ___${CYAN}__ __${ENDCOLOR}";
+ echo -e "${BLUE}| | '_ \` _ \| '_ \` _ \| | | |${RED}/ _\` |/ _ \\\\${CYAN} \/ /${ENDCOLOR}";
+ echo -e "${BLUE}| | | | | | | | | | | | |_| |${RED} (_| | __/${CYAN}> < ${ENDCOLOR}";
+ echo -e "${BLUE}|_|_| |_| |_|_| |_| |_|\__,_|${RED}\__,_|\___/${CYAN}_/\_\\";
+ echo -e "${ENDCOLOR}";
+
+}
+
+#if [ "$1" ]; then
+# if [ "$1" = "--help" ]; then
+# help;
+# exit 0;
+# elif [ "$1" = "--version" ]; then
+# version;
+# exit 0;
+# fi
+#fi
+++ /dev/null
-#!/bin/bash
-
-/usr/bin/figlet immudex;
-echo;
-echo "Today is: $(date)";
-echo;
-echo "System summary: ";
-cpuIdle=$(vmstat | tail -1 | awk '{printf $15}');
-cpuUsage=$((100 - $cpuIdle));
-echo -e " \tCPU: ${cpuUsage}%";
-echo -e " \tMEM: $(free -h | sed -n '2p' | awk '{printf $7}' | sed 's/i//') Free";
-if $(df -h 2> /dev/null | grep -q '/dev/mapper'); then
- i=1;
- echo -e " \tCRYPT_PARTi: Free/Total (Usage%)";
- amountOfDisks=$(df -h 2> /dev/null | grep '/dev/mapper' | wc -l | awk '{printf $1}');
- while [ $i -le $amountOfDisks ]; do
- diskSize=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $2}');
- diskFree=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $4}');
- diskUsage_perc=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | sed 's/%//' | awk '{printf $5}');
- #FCP = First Crypt Partition
- echo -e " \tCRYPT_PART${i}: ${diskFree}/${diskSize} (${diskUsage_perc}%)";
- i=$((i + 1));
- done
-else
- echo -e " \tCRYPT_PART: N/A";
-fi
-echo -e " \tPROCESSES: $(ps -aux | wc -l | awk '{printf $1}')";
-utime=$(uptime | awk '{printf $3}' | sed 's/,//');
-if $(echo $utime | grep -q ":"); then
- echo -e " \tUPTIME: ${utime}";
-else
- echo -e " \tUPTIME: 0:${utime}";
-fi
-echo -e " \t$(uptime | grep -o "load.*$" | tr [a-z] [A-Z])";
-echo;
-echo -e "morketsmerke.org @ 2023 https://github.com/xf0r3m/immudex";
-echo;
-#/usr/local/bin/immudex_upgrade --check --print;
-#if [ $? -ne 0 ]; then
-# echo -e "\e[31mThere is no internet connection or internal error.\e[0m";
-# if [ -f /tmp/feed.xml ] && [ ! -s /tmp/feed.xml ]; then
-# rm -f /tmp/feed.xml;
-# fi
-#else
-# if [ "$USER" = "xf0r3m" ]; then
-# sudo apt update > /tmp/update.log 2>&1 && tail -1 /tmp/update.log;
-# fi
-#fi
-echo "====================================================================";
--- /dev/null
+
+#MOUNT_POINTS - turning on file system space level monitoring. Mount points
+#puted to variable must separated with space and $ on end up.";
+MOUNT_POINTS="/$ /home$";
+
+#OPTIONS - storage triggers for additional jobs, which script can do. At this
+#moment we have:
+#cryptparts - file system space level monitoring for LUKS parted disks,
+#weather - put one line current weather status for declared location. It's
+#requires LOCATION option configured.
+OPTIONS="cryptparts weather";
+
+#FOOTER - custom information printed before script end his execution. It could
+#be anything.
+FOOTER="morketsmerke.org @ 2026 https://github.com/xf0r3m/immudex"
+
+#LOCATION - not required option, it will be used to prints weather information
+LOCATION="Warszawa";
ARCH=$(dpkg --print-architecture);
cd;
-if [ -x /usr/bin/git ]; then git clone https://git.morketsmerke.org/git/immudex-sdk;
-else apt install git -y && git clone https://git.morketsmerke.org/git/immudex-sdk;
+if [ -x /usr/bin/git ]; then git clone https://github.com/xf0r3m/immudex-sdk;
+else apt install git -y && git clone https://github.com/xf0r3m/immudex-sdk;
fi
source ~/immudex-sdk/versions/template.sh;
install_packages --no-install-recommends linux-image-686-pae live-boot systemd-sysv -y;
fi
-install_packages --no-install-recommends network-manager net-tools iproute2 wireless-tools wget openssh-client alsa-utils firefox-esr icewm xserver-xorg-core xserver-xorg xinit xterm vim geany iputils-ping man man-db texinfo less ranger feh dosfstools isc-dhcp-client whiptail locales keyboard-configuration console-setup curl xfe lightdm rsync git conky cryptsetup debootstrap squashfs-tools xorriso isolinux syslinux-efi grub-pc-bin grub-efi-amd64-bin mtools figlet file gnome-themes-extra sudo
+install_packages --no-install-recommends network-manager net-tools iproute2 wireless-tools wget openssh-client alsa-utils firefox-esr icewm xserver-xorg-core xserver-xorg xinit xterm vim geany iputils-ping man man-db texinfo less ranger feh isc-dhcp-client whiptail locales keyboard-configuration console-setup curl xfe lightdm rsync git conky-all cryptsetup figlet file gnome-themes-extra sudo lolcat parted e2fsprogs;
+install_packages debootstrap squashfs-tools xorriso isolinux syslinux-efi grub-pc-bin grub-efi-amd64-bin mtools dosfstools openssh-server extlinux grub-efi-amd64;
+
+ln -s /usr/games/lolcat /usr/bin;
cp -vv ~/immudex-sdk/files/lightdm-gtk-greeter.conf /etc/lightdm
if [ ! -d /usr/share/images/desktop-base ]; then
mkdir -p /usr/share/images/desktop-base;
fi
+if [ ! -d /usr/share/desktop-base/active-theme/wallpaper/contents/images ]; then
+ mkdir -p /usr/share/desktop-base/active-theme/wallpaper/contents/images;
+fi
cp -vv ~/immudex-sdk/images/d13_wallpaper.png /usr/share/images/desktop-base;
+ln -s /usr/share/images/desktop-base/d13_wallpaper.png /usr/share/desktop-base/active-theme/wallpaper/contents/images/1920x1080.svg;
cp -vv ~/immudex-sdk/images/immudex_xfce_greeter_logo.png /usr/share/images/desktop-base;
-cp -vv ~/immudex-sdk/images/lightdm_wallpaper.jpg /usr/share/images/desktop-base;
+#cp -vv ~/immudex-sdk/images/lightdm_wallpaper.jpg /usr/share/images/desktop-base;
cp -vv ~/immudex-sdk/images/immudex-sdk.xpm /usr/share/images/desktop-base;
cp -rvv ~/immudex-sdk/files/icewm /root/.icewm;
cp -vv ~/immudex-sdk/files/xinitrc /root/.xinitrc;
ln /root/.xinitrc /root/.xsession;
cp -vv ~/immudex-sdk/files/XTerm /root/XTerm;
+cp -vv ~/immudex-sdk/files/lightdm.conf /etc/lightdm;
+cp -vv ~/immudex-sdk/files/lightdm-autologin /etc/pam.d;
+
+cp -vv ~/immudex-sdk/tools/bin/* /usr/local/bin;
+chmod +x /usr/local/bin/*;
+
+if [ -d /usr/share/man/man1 ]; then
+ cp -vv ~/immudex-sdk/tools/man/* /usr/share/man/man1;
+fi
-cp -vv ~/immudex-sdk/tools/immudex-motd2 /usr/local/bin;
+mkdir /usr/share/doc/immudex-motd;
+cp -vv ~/immudex-sdk/tools/misc/motd.conf /usr/share/doc/immudex-motd/motd.conf.sample;
cat >> /etc/bash.bashrc << EOL
if [ ! -f /tmp/.motd ]; then
-/usr/local/bin/immudex-motd2
+/usr/local/bin/immudex-motd
touch /tmp/.motd;
fi
EOL
echo "alias immudex-chhome='export HOME=\$(pwd)'" >> /etc/bash.bashrc;
echo "root:toor" | chpasswd;
+
echo "immudex-sdk" > /etc/hostname
echo "127.0.1.1 immudex-sdk" >> /etc/hosts
+
+sed -i '/^#PermitRootLogin/s/#//' /etc/ssh/sshd_config
+sed -i '/^PermitRootLogin/s/prohibit-password/yes/' /etc/ssh/sshd_config
+systemctl disable ssh.service;
+
tidy;
projects / immudex-sdk.git / commitdiff
