From: xf0r3m <jakubstasinski@protonmail.com>
Date: Wed, 13 Mar 2024 16:54:37 +0000 (+0100)
Subject: Synchronizacja public -> priv
X-Git-Url: https://gitweb.morketsmerke.org/?a=commitdiff_plain;h=aa41b7129ef365ab82932b1199e9dfe5b6293cfa;p=immudex.git

Synchronizacja public -> priv
---

diff --git a/README.md b/README.md
index a540db1..17ede2e 100644
--- a/README.md
+++ b/README.md
@@ -10,22 +10,30 @@ tej dystrybucji znajdujÄ siÄ pod adresem:
 
 [https://morketsmerke.github.io/articles/immudex/immudex.html](https://morketsmerke.github.io/articles/immudex/immudex.html)
 
+### Dodawanie zmian do obrazu pÅyty:
+
+Aby doÅÄczyÄ jakiekolwiek zmiany do obrazu pÅyty naleÅ¼y przed rozpoczÄciem
+procesu tworzenia obrazu pÅyty umieÅciÄ modyfikacje, przed poleceniem `tidy` w
+pliku *versions/base.sh*.
+
+### Zmiany jakich naleÅ¼y dokonaÄ przed stworzeniem obrazu pÅyty:
+
+Obecnie superuÅ¼ytkownik posiada losowe haslo oraz zablokowana
+jest moÅ¼liwoÅÄ zalogowania siÄ na niego. DostÄp do 'root' moÅ¼emy
+uzyskaÄ za pomocÄ polecenia 'sudo su'.
+Podstawowy uÅ¼ytkownik (z uprawnieniami sudo)
+jest tworzony podczas budowania obrazu. Podejmowanie czynnoÅci
+przed stworzeniem obrazu pÅyty nie jest pÃ³ki co wymagane.
+
 ### Tworzenie obrazu pÅyty dystrybucji:
   
   ```
   $ git clone https://github.com/xf0r3m/immudex
-  $ cd immudex-testing
+  $ cd immudex
   $ ./immudex-build --<amd64/i386> --<testing/stable/oldstable>
   ```
 
-### Dodawanie zmian do obrazu pÅyty:
-
-Aby doÅÄczyÄ jakiekolwiek zmiany do obrazu pÅyty naleÅ¼y przed rozpoczÄciem
-procesu tworzenia obrazu pÅyty umieÅciÄ modyfikacje, przed poleceniem `tidy` w
-pliku *versions/base.sh*.
-
 ### ZastrzeÅ¼enia i uznanie autorstwa:
 
 immudex is not affiliated with Debian. Debian is a registered trademark owned 
 by Software in the Public Interest, Inc.
-
diff --git a/addons/lampstack b/addons/lampstack
index 08d7ddf..fbb1239 100644
--- a/addons/lampstack
+++ b/addons/lampstack
@@ -2,22 +2,22 @@
 
 baseVersion=$(head -1 /etc/apt/sources.list | awk '{print $3}')
 
-apt install lsb-release -y;
-wget https://dev.mysql.com/get/mysql-apt-config_0.8.25-1_all.deb;
-dpkg -i mysql-apt-config_0.8.25-1_all.deb;
+apt install lsb-release gnupg -y;
+wget https://dev.mysql.com/get/mysql-apt-config_0.8.29-1_all.deb
+dpkg -i mysql-apt-config_0.8.29-1_all.deb;
 
-sed -i "s/$baseVersion/bullseye/g" /etc/apt/sources.list;
+sed -i "s/$baseVersion/bookworm/g" /etc/apt/sources.list;
 
 apt update;
 apt install mysql-server -y
 apt-get install --fix-missing
 apt-mark hold libmecab2 libssl1.1 mecab-ipadic mecab-ipadic-utf8 mecab-utils mysql-client mysql-common mysql-community-client mysql-community-client-core mysql-community-client-plugins mysql-community-server mysql-community-server-core
 
-sed -i "s/bullseye/$baseVersion/g" /etc/apt/sources.list; 
+sed -i "s/bookworm/$baseVersion/g" /etc/apt/sources.list; 
 apt update
 apt install apache2 libapache2-mod-php php php-mysql -y;
 apt autoremove;
 apt autoclean;
 apt clean;
 
-rm mysql-apt-config_0.8.25-1_all.deb;
+rm mysql-apt-config_0.8.29-1_all.deb;
diff --git a/addons/nvidiaLatest b/addons/nvidiaLatest
index 799a25a..e53ed42 100644
--- a/addons/nvidiaLatest
+++ b/addons/nvidiaLatest
@@ -14,7 +14,5 @@ else
   cp -vv /etc/apt/sources.list /etc/apt/sources.list.d/nvidia.list;
   sed -e 's/main/contrib non-free non-free-firmware/g' -i /etc/apt/sources.list.d/nvidia.list;
   apt update;
-  apt install -y build-essential dkms linux-headers-\$(uname -r);
-  apt install -y nvidia-detect;
-  apt install -y nvidia-driver;
+  apt install -y build-essential dkms linux-headers-amd64 nvidia-detect nvidia-driver;
 fi
diff --git a/files/mozilla.tgz b/files/mozilla.tgz
index be64c98..540acda 100644
Binary files a/files/mozilla.tgz and b/files/mozilla.tgz differ
diff --git a/immudex-build b/immudex-build
index 2fabc72..2dca94b 100755
--- a/immudex-build
+++ b/immudex-build
@@ -45,9 +45,10 @@ if [ ! -f /sbin/debootstrap ]; then
   create_enviroment 
 fi
 
+#Removing old immudex build directory structure:
 if [ -d ${HOME}/build/immudex-${debver}/${arch} ]; then
   echo -n "Removing old immudex build directory structure...";
-  sudo rm -rvf ${HOME}/build/immudex-${debver} >> immudex_build.log 2>&1;
+  sudo rm -rvf ${HOME}/build/immudex-${debver}/${arch} >> immudex_build.log 2>&1;
   if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
 fi
 
@@ -96,10 +97,18 @@ if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
 echo "-==Setting version for immudex image: $(date)==-" >> immudex_build.log;
 echo -n "Setting version for this immudex image...";
 (cd ${HOME}/immudex && git log --pretty=oneline) | head -1 | awk '{printf $1}' | tee ${HOME}/build/immudex-${debver}/${arch}/staging/live/version >> immudex_build.log 2>&1;
+echo >> immudex_build.log;
 versionShort=$(cut -c 1-7 ${HOME}/build/immudex-${debver}/${arch}/staging/live/version);
 if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
 
+#Setting compilation date for this image:
+echo "-==Setting compilaztion date for immudex image: $(date)==-" >> immudex_build.log;
+echo -n "Setting compilation date for this immudex image...";
+date | tee ${HOME}/build/immudex-${debver}/${arch}/staging/live/compilation_date >> immudex_build.log 2>&1;
+if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi
+
 #Getting and copying bootloader files
+echo "-==Getting and copying bootloader files: $(date)==-" >> immudex_build.log;
 echo -n "Copying bootloader files...";
 arch2=$(echo $1 | sed 's/-//g');
 cp -v ${HOME}/immudex/isolinux/${arch2}/* ${HOME}/build/immudex-${debver}/${arch}/staging/isolinux >> immudex_build.log 2>&1;
diff --git a/tools/sbin/immudex-create-media b/tools/sbin/immudex-create-media
index 37a4c53..37c0d58 100755
--- a/tools/sbin/immudex-create-media
+++ b/tools/sbin/immudex-create-media
@@ -6,7 +6,8 @@ ENDCOLOR="\e[0m";
 
 function help() {
   echo "immudex-create-media - script used for write iso image to usb drive(mainly)";
-  echo "@ 2023 morketsmerke.org";
+  echo "@ 2024 morketsmerke.org";
+  echo "Superuser (root) privileges are required.";
   echo "Options:";
   echo "  --i386-efi - creating 32-bit EFI usb drive with iso image";
   echo "  (comapatible with immudex only iso images)";
@@ -15,6 +16,12 @@ function help() {
   echo "  $ immudex-create-media [--i386-efi] [--nuke] <usb_disk> [iso_image]";
 }
 
+if [ $UID -ne 0 ]; then
+  echo "Permission denied!";
+  help;
+  exit 1;
+fi
+
 if [ "$1" ] && [ "$1" = "--i386-efi" ]; then target="i386-efi"; shift; fi
 if [ "$1" ] && [ "$1" = "--nuke" ]; then target="nuke"; shift; fi
 if [ "$1" ] && echo $1 | grep -Eq '/dev/(sd[a-z]|vd[a-z]|mmcblk[0-9])'; then
diff --git a/tools/sbin/immudex-crypt b/tools/sbin/immudex-crypt
index d966fff..b163379 100755
--- a/tools/sbin/immudex-crypt
+++ b/tools/sbin/immudex-crypt
@@ -3,7 +3,7 @@
 function help() {
 
   echo "immudex-crypt - script used for listing, open and close crypt_LUKS ppartitions";
-  echo "@ 2023 morketsmerke.org";
+  echo "@ 2024 morketsmerke.org";
   echo "Superuser (root) privileges are required.";
   echo "Options:";
   echo "  list - displaing list of opened and available crypt_LUKS devices";
@@ -151,8 +151,6 @@ if [ "$1" ]; then
     exit 1;
   fi
  
-  #immudexCryptPID=$$;
-  #parentProcessPID=$((immudexCryptPID - 1));
   #immudex-crypt RUID is EUID of sudo, which spawning immudex-crypt
   export RUID=$(grep '^Uid:' /proc/$(pidof -s sudo)/status | awk '{printf $2}');
   export USER=$(grep "$RUID" /etc/passwd | cut -d ":" -f1);
diff --git a/tools/sbin/immudex-hostname b/tools/sbin/immudex-hostname
index 673397f..f461568 100755
--- a/tools/sbin/immudex-hostname
+++ b/tools/sbin/immudex-hostname
@@ -1,5 +1,10 @@
 #!/bin/bash
 
+if [ $UID -ne 0 ]; then
+  echo "Permission denied!";
+  exit 1;
+fi
+
 bootID=$(sed 's/-//g' /proc/sys/kernel/random/boot_id | cut -c 26-33);
 if hostnamectl > /dev/null 2>&1; then
 	hName="$(hostnamectl | grep 'Chassis' | cut -d ":" -f 2 | awk '{printf $1}')-${bootID}";
diff --git a/tools/sbin/immudex-install b/tools/sbin/immudex-install
index c2332d6..0b0391b 100755
--- a/tools/sbin/immudex-install
+++ b/tools/sbin/immudex-install
@@ -4,6 +4,11 @@ RED="\e[31m";
 GREEN="\e[32m";
 ENDCOLOR="\e[0m";
 
+if [ $UID -ne 0 ]; then
+  echo "Permission denied!";
+  exit 1;
+fi
+
 while [ true ]; do
   echo -e "${RED}This script will install immudex on first disk on your machine.${ENDCOLOR}";
   echo -e "${RED}It could be destructive for data placed on this disk${ENDCOLR}";
diff --git a/tools/sbin/immudex-upgrade b/tools/sbin/immudex-upgrade
index 9d59bde..80ef41d 100755
--- a/tools/sbin/immudex-upgrade
+++ b/tools/sbin/immudex-upgrade
@@ -12,12 +12,24 @@ root="/run/live/medium";
 
 function help() {
   echo "immudex-upgrade - script for searching upgrades and upgrade immudex";
-  echo "@ 2023 morketsmerke.org";
+  echo "@ 2024 morketsmerke.org";
+  echo "Superuser (root) privileges are required.";
   echo "Options:";
   echo " --check - check there are upgrades for immudex";
   echo " --upgrade - upgrade immudex from given source";
+  echo " --myversion - prints images current commit message";
+  echo " --compilation-date - prints date of image creation";
+  echo " --packages-upgradable [--security] - updates apt (packages) list and";
+  echo "   prints available to upgrade packages, with --security modificator";
+  echo "   prints only pacakages from security repository branch";
 }
 
+if [ $UID -ne 0 ]; then
+  echo "Permission denied!";
+  help;
+  exit 1;
+fi
+
 if [ "$1" ]; then
   if [ "$1" ] && [ "$1" = "--check" ]; then
     if check_distro_commit; then 
@@ -61,9 +73,18 @@ if [ "$1" ]; then
     if [ -d /tmp/immudex ]; then 
       (cd /tmp/immudex && git pull > /dev/null 2>&1)
     else
-      git clone https://github.com/xf0r3m/immudex /tmp;
+      git clone https://github.com/xf0r3m/immudex /tmp/immudex;
     fi
     (cd /tmp/immudex && git show $(cat /run/live/medium/live/version))
+  elif [ "$1" ] && [ "$1" = "--packages-upgradable" ]; then
+    apt update;
+    if [ "$2" ] && [ "$2" = "--security" ]; then
+      apt list --upgradable | grep 'security';
+    else
+      apt list --upgradable;
+    fi
+  elif [ "$1" ] && [ "$1" = "--compilation-date" ]; then
+    echo "Image was created: $(cat /run/live/medium/live/compilation_date)";
   else
     help;
     exit 1;
diff --git a/versions/base.sh b/versions/base.sh
index fbc77d1..19553c8 100644
--- a/versions/base.sh
+++ b/versions/base.sh
@@ -12,8 +12,8 @@ else
 fi
 
 cd;
-if [ -x /usr/bin/git ]; then git clone https://git.morketsmerke.org/git/immudex;
-else apt install git -y && git clone https://git.morketsmerke.org/git/immudex;
+if [ -x /usr/bin/git ]; then git clone https://github.com/xf0r3m/immudex;
+else apt install git -y && git clone https://github.com/xf0r3m/immudex;
 
 fi
 source ~/immudex/versions/template.sh;
@@ -61,8 +61,8 @@ ln -s /usr/bin/yt-dlp /usr/bin/youtube-dl;
 
 cd;
 
-git clone https://git.morketsmerke.org/git/xfcedebian-d13;
-cd xfcedebian-d13;
+git clone https://github.com/xf0r3m/xfcedebian;
+cd xfcedebian;
 bash install.sh;
 
 cd;
@@ -130,7 +130,8 @@ chmod u+s /usr/bin/ping;
 
 /usr/sbin/ufw default deny incoming;
 /usr/sbin/ufw default allow outgoing;
-/usr/sbin/ufw enable;
+#/usr/sbin/ufw enable;
+sed -i '/^ENABLED=/s/ENABLED=no/ENABLED=yes/' /etc/ufw/ufw.conf
 
 echo "immudex" > /etc/hostname;
 echo "127.0.1.1   immudex" >> /etc/hosts;
@@ -153,9 +154,5 @@ rm random;
 echo "root:${rootPassword}" | chpasswd;
 usermod -L root;
 
-#recreate_users;
-#echo "user ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers;
-#echo "xf0r3m ALL=(ALL:ALL) NOPASSWD:ALL" >> /etc/sudoers;
-
 # Miejsce na twoje zmiany, przed poleceniem 'tidy'
 tidy;