From: xf0r3m Date: Fri, 1 May 2026 19:07:36 +0000 (+0200) Subject: Próba dostosowania immudex-sdk do wersji immudex 3.0. X-Git-Url: https://gitweb.morketsmerke.org/?a=commitdiff_plain;h=d50770635d6168dcc5d50b02a2003881f4ff3993;p=immudex-sdk.git Próba dostosowania immudex-sdk do wersji immudex 3.0. --- diff --git a/README.md b/README.md index ef466e3..e7c0042 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,7 @@ # IMMutable DEbian with Xfce - SDK LiveCD -## GNU/LINUX Debian stable (bookworm) +## GNU/LINUX Debian stable To repozytorium zawiera pliki służące do tworzenia specjalnego obrazu płyty dostarczającego SDK do budowania dystrybucji immudex. @@ -16,7 +16,7 @@ tej dystrybucji znajdują się pod adresem: ``` $ git clone https://github.com/xf0r3m/immudex-sdk $ cd immudex-sdk - $ ./immudex-build -- + $ ./immudex-build -- - ``` ### Dodawanie zmian do obrazu płyty: @@ -36,6 +36,25 @@ są takie systemy plików tak: EXT4 oraz systemy rodziny FAT. Wymagana ilość dostępnego miejsca na dysku: 10G ``` +### Instalacja oraz aktualizacja sieciowa + +Od wersji 12.11 istnieje możliwość zainstalowania immudex lub jego aktualizacji +przez internet przy użyciu obrazu immudex-sdk. Należy wówczas pliki takie jak +jądro, plik `initrd`, plik changelogu oraz plik `.squashfs` umieścić w folderze +na serwerze WWW, tak aby był osiągalnym przez protokoł HTTP/HTTPS dla +immudex-sdk. Do instalacji należy skorzystać z poniższego polecenia: + + ``` + # immudex-install + ``` + +Po wydaniu tego polecenia postępujemy zgodnie z komunikatami wyświetlanymi +przez ten skrypt. W celach aktualizacji używamy poniższego polecenia: + + ``` + # immudex-upgrade + ``` + ### Zastrzeżenia i uznanie autorstwa: immudex is not affiliated with Debian. Debian is a registered trademark owned diff --git a/files/conkyrc b/files/conkyrc index c2b5b0a..4b39f8d 100644 --- a/files/conkyrc +++ b/files/conkyrc @@ -35,7 +35,7 @@ conky.config = { }; conky.text = [[ -${color green}Info:$color ${scroll 32 immudex-sdk ${cat /run/live/medium/live/version} - $sysname $nodename $kernel $machine} +${color green}Info:$color ${scroll 32 immudex${exec immudex-branch} ${exec immudex-version} - $sysname $nodename $kernel $machine} $hr ${color green}Uptime:$color $uptime ${color green}Frequency (in MHz):$color $freq @@ -49,7 +49,8 @@ $hr ${color green}File systems: / $color${fs_used /}/${fs_size /} ${fs_bar 6 /} ${color green}Networking: -Up:$color ${upspeed} ${color green} - Down:$color ${downspeed} +IP:$color ${execp ip addr show $(sed -n '2p' /proc/net/route | awk '{printf $1}') | grep 'inet\ ' | awk '{printf $2"\n"}'} +${color green}Up:$color ${upspeed ${gw_iface}} ${color green} - Down:$color ${downspeed ${gw_iface}} $hr ${color green}Name PID CPU% MEM% ${color red} ${top name 1} ${top pid 1} ${top cpu 1} ${top mem 1} diff --git a/files/icewm/preferences b/files/icewm/preferences index a53d840..8c02caf 100644 --- a/files/icewm/preferences +++ b/files/icewm/preferences @@ -1454,7 +1454,7 @@ WorkspaceStatusTime=0 # [0-2500] # DesktopBackgroundColor="" # Desktop background image(s) -# DesktopBackgroundImage="" +DesktopBackgroundImage="/usr/share/images/desktop-base/d13_wallpaper.png" # Paint the background image over all multihead monitors combined. # DesktopBackgroundMultihead=0 # 0/1 diff --git a/files/icewm/startup b/files/icewm/startup new file mode 100755 index 0000000..6ffbb46 --- /dev/null +++ b/files/icewm/startup @@ -0,0 +1,3 @@ +#!/bin/sh + +sleep 1 && xterm -bg black -fg white -geometry 80x24 -e bash /usr/local/bin/immudex-build-menu & diff --git a/files/lightdm-autologin b/files/lightdm-autologin new file mode 100644 index 0000000..52a08d7 --- /dev/null +++ b/files/lightdm-autologin @@ -0,0 +1,37 @@ +#%PAM-1.0 + +# Block login if they are globally disabled +auth requisite pam_nologin.so + +# Load environment from /etc/environment and ~/.pam_environment +session required pam_env.so readenv=1 +session required pam_env.so readenv=1 envfile=/etc/default/locale + +# Allow access without authentication +#auth required pam_succeed_if.so user != root quiet_success +auth required pam_permit.so + +@include common-account + +# SELinux needs to be the first session rule. This ensures that any +# lingering context has been cleared. Without out this it is possible +# that a module could execute code in the wrong domain. +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close + +session required pam_limits.so +session required pam_loginuid.so +@include common-session + +# SELinux needs to intervene at login time to ensure that the process +# starts in the proper default security context. Only sessions which are +# intended to run in the user's context should be run after this. +session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open +# When the module is present, "required" would be sufficient (When SELinux +# is disabled, this returns success.) + +# Can't change password +password required pam_deny.so + +@include common-password diff --git a/files/lightdm-gtk-greeter.conf b/files/lightdm-gtk-greeter.conf index b8b17c3..d51f85e 100644 --- a/files/lightdm-gtk-greeter.conf +++ b/files/lightdm-gtk-greeter.conf @@ -1,5 +1,5 @@ [greeter] -background = /usr/share/images/desktop-base/lightdm_wallpaper.jpg +background = /usr/share/images/desktop-base/d13_wallpaper.png theme-name = Adwaita-dark icon-theme-name = Adwaita default-user-image = /usr/share/images/desktop-base/immudex_xfce_greeter_logo.png diff --git a/files/lightdm.conf b/files/lightdm.conf new file mode 100644 index 0000000..161644a --- /dev/null +++ b/files/lightdm.conf @@ -0,0 +1,169 @@ +# +# General configuration +# +# start-default-seat = True to always start one seat if none are defined in the configuration +# greeter-user = User to run greeter as +# minimum-display-number = Minimum display number to use for X servers +# minimum-vt = First VT to run displays on +# lock-memory = True to prevent memory from being paged to disk +# user-authority-in-system-dir = True if session authority should be in the system location +# guest-account-script = Script to be run to setup guest account +# logind-check-graphical = True to on start seats that are marked as graphical by logind +# log-directory = Directory to log information to +# run-directory = Directory to put running state in +# cache-directory = Directory to cache to +# sessions-directory = Directory to find sessions +# remote-sessions-directory = Directory to find remote sessions +# greeters-directory = Directory to find greeters +# backup-logs = True to move add a .old suffix to old log files when opening new ones +# dbus-service = True if LightDM provides a D-Bus service to control it +# +[LightDM] +#start-default-seat=true +#greeter-user=lightdm +#minimum-display-number=0 +#minimum-vt=7 +#lock-memory=true +#user-authority-in-system-dir=false +#guest-account-script=guest-account +#logind-check-graphical=false +#log-directory=/var/log/lightdm +#run-directory=/var/run/lightdm +#cache-directory=/var/cache/lightdm +#sessions-directory=/usr/share/lightdm/sessions:/usr/share/xsessions:/usr/share/wayland-sessions +#remote-sessions-directory=/usr/share/lightdm/remote-sessions +#greeters-directory=$XDG_DATA_DIRS/lightdm/greeters:$XDG_DATA_DIRS/xgreeters +#backup-logs=true +#dbus-service=true + +# +# Seat configuration +# +# Seat configuration is matched against the seat name glob in the section, for example: +# [Seat:*] matches all seats and is applied first. +# [Seat:seat0] matches the seat named "seat0". +# [Seat:seat-thin-client*] matches all seats that have names that start with "seat-thin-client". +# +# type = Seat type (local, xremote, unity) +# pam-service = PAM service to use for login +# pam-autologin-service = PAM service to use for autologin +# pam-greeter-service = PAM service to use for greeters +# xserver-backend = X backend to use (mir) +# xserver-command = X server command to run (can also contain arguments e.g. X -special-option) +# xmir-command = Xmir server command to run (can also contain arguments e.g. Xmir -special-option) +# xserver-config = Config file to pass to X server +# xserver-layout = Layout to pass to X server +# xserver-allow-tcp = True if TCP/IP connections are allowed to this X server +# xserver-share = True if the X server is shared for both greeter and session +# xserver-hostname = Hostname of X server (only for type=xremote) +# xserver-display-number = Display number of X server (only for type=xremote) +# xdmcp-manager = XDMCP manager to connect to (implies xserver-allow-tcp=true) +# xdmcp-port = XDMCP UDP/IP port to communicate on +# xdmcp-key = Authentication key to use for XDM-AUTHENTICATION-1 (stored in keys.conf) +# unity-compositor-command = Unity compositor command to run (can also contain arguments e.g. unity-system-compositor -special-option) +# unity-compositor-timeout = Number of seconds to wait for compositor to start +# greeter-session = Session to load for greeter +# greeter-hide-users = True to hide the user list +# greeter-allow-guest = True if the greeter should show a guest login option +# greeter-show-manual-login = True if the greeter should offer a manual login option +# greeter-show-remote-login = True if the greeter should offer a remote login option +# user-session = Session to load for users +# allow-user-switching = True if allowed to switch users +# allow-guest = True if guest login is allowed +# guest-session = Session to load for guests (overrides user-session) +# session-wrapper = Wrapper script to run session with +# greeter-wrapper = Wrapper script to run greeter with +# guest-wrapper = Wrapper script to run guest sessions with +# display-setup-script = Script to run when starting a greeter session (runs as root) +# display-stopped-script = Script to run after stopping the display server (runs as root) +# greeter-setup-script = Script to run when starting a greeter (runs as root) +# session-setup-script = Script to run when starting a user session (runs as root) +# session-cleanup-script = Script to run when quitting a user session (runs as root) +# autologin-guest = True to log in as guest by default +# autologin-user = User to log in with by default (overrides autologin-guest) +# autologin-user-timeout = Number of seconds to wait before loading default user +# autologin-session = Session to load for automatic login (overrides user-session) +# autologin-in-background = True if autologin session should not be immediately activated +# exit-on-failure = True if the daemon should exit if this seat fails +# +[Seat:*] +#type=local +pam-service=lightdm +pam-autologin-service=lightdm-autologin +#pam-greeter-service=lightdm-greeter +#xserver-backend= +#xserver-command=X +#xmir-command=Xmir +#xserver-config= +#xserver-layout= +#xserver-allow-tcp=false +#xserver-share=true +#xserver-hostname= +#xserver-display-number= +#xdmcp-manager= +#xdmcp-port=177 +#xdmcp-key= +#unity-compositor-command=unity-system-compositor +#unity-compositor-timeout=60 +greeter-session=lightdm-gtk-greeter +greeter-hide-users=false +#greeter-allow-guest=true +greeter-show-manual-login=false +#greeter-show-remote-login=true +#user-session=niko +#allow-user-switching=true +#allow-guest=true +#guest-session= +#session-wrapper=lightdm-session +#greeter-wrapper= +#guest-wrapper= +#display-setup-script= +#display-stopped-script= +#greeter-setup-script= +#session-setup-script= +#session-cleanup-script= +#autologin-guest=false +autologin-user=root +#autologin-user-timeout=0 +#autologin-in-background=false +#autologin-session= +#exit-on-failure=false + +# +# XDMCP Server configuration +# +# enabled = True if XDMCP connections should be allowed +# port = UDP/IP port to listen for connections on +# listen-address = Host/address to listen for XDMCP connections (use all addresses if not present) +# key = Authentication key to use for XDM-AUTHENTICATION-1 or blank to not use authentication (stored in keys.conf) +# hostname = Hostname to report to XDMCP clients (defaults to system hostname if unset) +# +# The authentication key is a 56 bit DES key specified in hex as 0xnnnnnnnnnnnnnn. Alternatively +# it can be a word and the first 7 characters are used as the key. +# +[XDMCPServer] +#enabled=false +#port=177 +#listen-address= +#key= +#hostname= + +# +# VNC Server configuration +# +# enabled = True if VNC connections should be allowed +# command = Command to run Xvnc server with +# port = TCP/IP port to listen for connections on +# listen-address = Host/address to listen for VNC connections (use all addresses if not present) +# width = Width of display to use +# height = Height of display to use +# depth = Color depth of display to use +# +[VNCServer] +#enabled=false +#command=Xvnc +#port=5900 +#listen-address= +#width=1024 +#height=768 +#depth=8 diff --git a/files/vimrc b/files/vimrc index a9a1363..f7a789c 100644 --- a/files/vimrc +++ b/files/vimrc @@ -58,3 +58,4 @@ set colorcolumn=80 set tabstop=2 set shiftwidth=2 set expandtab +colorscheme evening diff --git a/files/xinitrc b/files/xinitrc index 6786165..e1270d8 100644 --- a/files/xinitrc +++ b/files/xinitrc @@ -1,5 +1,4 @@ xscreensaver -no-splash & -icewmbg --scaled=1 -p -i /usr/share/images/desktop-base/d13_wallpaper.png & conky & - +icewmbg --scaled=1 exec icewm-session diff --git a/images/d13_wallpaper.png b/images/d13_wallpaper.png index e634eea..d45bde4 100644 Binary files a/images/d13_wallpaper.png and b/images/d13_wallpaper.png differ diff --git a/images/lightdm_wallpaper.jpg b/images/lightdm_wallpaper.jpg deleted file mode 100755 index 6f7c3fe..0000000 Binary files a/images/lightdm_wallpaper.jpg and /dev/null differ diff --git a/immudex-build b/immudex-build index ed72bb2..e2fc6c2 100755 --- a/immudex-build +++ b/immudex-build @@ -52,7 +52,7 @@ if [ ! -d ${HOME}/build/immudex-sdk/${arch} ]; then fi #Fetching testing vanilla Debian base system files: -echo -n "Fetching testing vanilla Debian base system files..."; +echo -n "Fetching vanilla Debian stable base system files..."; sudo /sbin/debootstrap --arch=$(echo $1 | sed 's/-//g') --variant=minbase stable ${HOME}/build/immudex-sdk/${arch}/chroot http://deb.debian.org/debian >> immudex-sdk_build.log 2>&1; if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi @@ -61,9 +61,19 @@ echo -n "Copying chroot script to chroot directory..."; sudo cp -vv ${HOME}/immudex-sdk/versions/base.sh ${HOME}/build/immudex-sdk/${arch}/chroot >> immudex-sdk_build.log 2>&1; if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi +#Mount system interfaces - required for build some addons. +for i in /dev /dev/pts /proc /run /sys; do + sudo mount -B $i ${HOME}/build/immudex-sdk/${arch}/chroot$i; +done + #Executing chroot script, at least i trying: sudo chroot ${HOME}/build/immudex-sdk/${arch}/chroot /bin/bash /base.sh $arch; +#Try to umount system interfaces it may fail. +for i in /dev/pts /proc /run /sys /dev; do + sudo umount -f ${HOME}/build/immudex-sdk/${arch}/chroot$i; +done + #Removing chroot script. echo -n "Remove chroot script..."; sudo rm -vf ${HOME}/build/immudex-sdk/${arch}/chroot/base.sh >> immudex-sdk_build.log 2>&1; @@ -146,5 +156,20 @@ if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi #Create iso image: cd $oldcwd; echo -n "Creating iso image..."; -xorriso as mkisofs -iso-level 3 -o "immudex-sdk_${version}_${arch2}.iso" -full-iso9660-filenames -volid "idxSdk{version}${arch2}" -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -eltorito-boot isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table --eltorito-catalog isolinux/isolinux.cat -eltorito-alt-boot -e /boot/grub/efiboot.img -no-emul-boot -isohybrid-gpt-basdat -append_partition 2 0xef ${HOME}/build/immudex-sdk/${arch}/staging/boot/grub/efiboot.img ${HOME}/build/immudex-sdk/${arch}/staging >> immudex-sdk_build.log 2>&1; +xorriso as mkisofs -iso-level 3 -o "immudex-sdk_${version}_${arch2}.iso" -full-iso9660-filenames -volid "immudex-sdk_${version}_${arch2}" -isohybrid-mbr /usr/lib/ISOLINUX/isohdpfx.bin -eltorito-boot isolinux/isolinux.bin -no-emul-boot -boot-load-size 4 -boot-info-table --eltorito-catalog isolinux/isolinux.cat -eltorito-alt-boot -e /boot/grub/efiboot.img -no-emul-boot -isohybrid-gpt-basdat -append_partition 2 0xef ${HOME}/build/immudex-sdk/${arch}/staging/boot/grub/efiboot.img ${HOME}/build/immudex-sdk/${arch}/staging >> immudex-sdk_build.log 2>&1; +if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + +#Counting SHA1 sum for iso image: +echo -n "Counting SHA1 sum for iso image..."; +sha1sum immudex-sdk_${version}_${arch2}.iso > immudex-sdk_${version}_${arch2}_sha1.txt; +if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + +#Counting CRC for iso image: +echo -n "Counting CRC sum for iso image..."; +cksum immudex-sdk_${version}_${arch2}.iso > immudex-sdk_${version}_${arch2}_crc.txt; +if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + +#Write version info to the file: +echo -n "Write version info the file..."; +echo $version > version.txt; if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi diff --git a/tools/bin/immudex-branch b/tools/bin/immudex-branch new file mode 100755 index 0000000..0c0c876 --- /dev/null +++ b/tools/bin/immudex-branch @@ -0,0 +1,47 @@ +#!/bin/bash + +function help() { + echo "immudex-branch it's a conky helper script, which returns Debian version"; + echo "used for build immudex. This information is used in 'Info:' section"; + echo "in conky widget as complement in name of immudex version."; + echo; + echo "Usage: immudex-branch [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Examples:"; + echo " immudex-branch Prints version of Debian used for immudex build with hyphen on start of." + echo " immudex-branch --help Prints this message."; + echo " immudex-branch --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-branch 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; + +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else + if grep -q 'forky' /etc/os-release; then + echo -n '-testing'; + elif grep -q 'trixie' /etc/os-release; then + echo -n '-stable'; + else + echo -n '-oldstable'; + fi +fi diff --git a/tools/bin/immudex-build-menu b/tools/bin/immudex-build-menu new file mode 100755 index 0000000..30028c4 --- /dev/null +++ b/tools/bin/immudex-build-menu @@ -0,0 +1,181 @@ +#!/bin/bash + +GREEN="\e[32m" +ENDCOLOR="\e[0m" + +function help() { + echo "This script takes information from user about target computer"; + echo "architecture, debian version, extra packages, addons and commands for"; + echo "base file. At the end script ask user for optional image common name "; + echo "and version. After collecting needed information script starts a main"; + echo "command: immudex-build."; + echo; + echo "Usage: immudex-build-menu [--help] [--version]"; + echo; + echo "Options: "; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-build-menu 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit; + elif [ "$1" = "--version" ]; then + version; + exit; + else + help; + exit 1; + fi +fi + + +function yesNo() { + PS3="YES/NO: "; + select y0 in yes no; do + if [ "$y0" = "yes" ]; then + echo -n 1; + fi + break; + done +} + +echo -en "\e[1m"; echo "immudex" | /usr/bin/figlet | lolcat; echo -en "\e[0m"; + +lsblk; + +echo -n "Put a disk device (name) with required space (10GB): "; +read diskDevice; + +diskDeviceName=$(basename $diskDevice); +mountPoint="/media/sdk/${diskDeviceName}"; +mkdir -p $mountPoint; + +if $(echo $diskDevice | grep -q '/dev'); then + mount $diskDevice $mountPoint; +else + mount /dev/${diskDevice} $mountPoint; +fi + +cd $mountPoint; +export HOME=$(pwd); + +echo -n "Getting immudex project repository..."; +if [ -d ~/immudex ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; +else + git clone https://github.com/xf0r3m/immudex >> /dev/null 2>&1; + if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi +fi + +PS3="ARCH: "; +echo "Chose a destination machine architecture:"; +select a in amd64 i386; do + ARCH=$a; + break; +done; + +PS3="DEBIAN: "; +echo "Chose a Debian base version:"; +select d in oldstable stable testing; do + DEBIAN=$d; + break; +done; + +echo 'Do you wanna add some extra packages?'; +eP=$(yesNo); +if [ "$eP" ]; then + echo -n "Put space separated packages name list: "; + read extraPackagesList; + baseFilePath="${HOME}/immudex/versions/base.sh"; + tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1); + installationCommand="install_packages ${extraPackagesList};" + sed -i "${tidyCommandLocation}i\ ${installationCommand}" $baseFilePath; +fi + +echo "Do you wanna add some extra addons?"; +eA=$(yesNo); +if [ "$eA" ]; then + echo -n "Put space sparated addons name: "; + read extraAddonsList; + baseFilePath="${HOME}/immudex/versions/base.sh"; + for addonName in $extraAddonsList; do + tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1); + extraAddonInstallationCommand="bash ~/immudex/addons/${addonName}"; + sed -i "${tidyCommandLocation}i\ ${extraAddonInstallationCommand}" $baseFilePath; + done +fi + +echo "Do you wanna add some extra commands to base file?"; +eS=$(yesNo); +if [ "$eS" ]; then + echo -n "Put script filepath: "; + read scriptFilePath; + baseFilePath="${HOME}/immudex/versions/base.sh"; + tidyCommandLocation=$(grep -n 'tidy' $baseFilePath | tail -1 | cut -d ":" -f 1); + tidyCommandLocation=$(expr $tidyCommandLocation - 1); + if $(head -1 $scriptFilePath | grep -q '#!/bin/bash'); then + sed -n '2,$p' $scriptFilePath > /tmp/scriptSnippet.txt; + sed -i "${tidyCommandLocation}r /tmp/scriptSnippet.txt" $baseFilePath; + else + sed -i "${tidyCommandLocation}r ${scriptFilePath}" $baseFilePath; + fi +fi + +echo "Do you wanna name this immudex image?"; +cN=$(yesNo); +if [ "$cN" ]; then + echo -n "Type your image name: "; + read canonicalName; +fi + +echo "Do you wanna add version number?"; +vER=$(yesNo); +if [ "$vER" ]; then + echo -n "Type version of this image: "; + if ! [ "$canonicalName" ]; then + read canonicalName; + else + read version; + fi +fi + + + +#CMD="~/immudex/immudex-build --${ARCH} --${DEBIAN}"; +#echo $CMD; + +cat >> ${HOME}/XTerm <"; +} + +function version() { + echo "immudex-build-show-log 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit; + elif [ "$1" = "--version" ]; then + version; + exit; + fi +fi + + +IDX_PATH=$1; +while [ ! -f ${IDX_PATH}/immudex_build.log ]; do + sleep 1; +done +tail -f ${IDX_PATH}/immudex_build.log; diff --git a/tools/bin/immudex-motd b/tools/bin/immudex-motd new file mode 100755 index 0000000..cbec9c8 --- /dev/null +++ b/tools/bin/immudex-motd @@ -0,0 +1,107 @@ +#!/bin/bash + + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + echo "immudex-motd prints configurable message of the day."; + echo "Information and its quantity can be changed via the configuration file."; + echo "Script using figlet basic font and lolcat for print header of message."; + echo; + echo "Usage: immudex-motd [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyright"; + echo; + echo "Files:"; + echo " /etc/motd.conf Script configuration file."; + echo " /usr/share/doc/immudex-motd/motd.conf.sample Example configuration file."; + echo; + echo "Examples:"; + echo " immudex-motd Run a script."; + echo; + echo "Report bugs to "; + exit 0; + fi + if [ "$1" = "--version" ]; then + echo "immudex-motd 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; + exit 0; + fi +fi + +if [ -f /etc/motd.conf ]; then + source /etc/motd.conf; +else + source /usr/share/doc/immudex-motd/motd.conf.sample; +fi + +echo -en "\e[1m"; echo "$(hostname)" | /usr/bin/figlet | lolcat; echo -en "\e[0m"; +echo; +echo "Today is: $(date)"; +echo; +echo "System summary: "; +cpuIdle=$(vmstat | tail -1 | awk '{printf $15}'); +cpuUsage=$((100 - $cpuIdle)); +echo -e " \tCPU: ${cpuUsage}%"; +echo -e " \tMEM: $(free -h | sed -n '2p' | awk '{printf $7}' | sed 's/i//') Free"; +if [ "$MOUNT_POINTS" ]; then + echo -e " \tMount points:\tFree/Total\t(Usage%)"; + for mountPoint in $MOUNT_POINTS; do + if $(df -h 2>/dev/null | grep -q "${mountPoint}"); then + diskSize=$(df -h 2> /dev/null | grep "${mountPoint}" | awk '{printf $2}'); + diskFree=$(df -h 2> /dev/null | grep "${mountPoint}" | awk '{printf $4}'); + diskUsage_perc=$(df -h 2> /dev/null | grep "${mountPoint}" | sed 's/%//' | awk '{printf $5}'); + echo -e "\t$(echo $mountPoint | sed 's,\$,,'):\t\t${diskFree}/${diskSize}\t(${diskUsage_perc}%)"; + fi + done +fi +if $(echo $OPTIONS | grep -q 'cryptparts'); then + if $(df -h 2> /dev/null | grep -q '/dev/mapper'); then + i=1; + echo -e " \tCRYPT_PARTi: Free/Total (Usage%)"; + amountOfDisks=$(df -h 2> /dev/null | grep '/dev/mapper' | wc -l | awk '{printf $1}'); + while [ $i -le $amountOfDisks ]; do + diskSize=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $2}'); + diskFree=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $4}'); + diskUsage_perc=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | sed 's/%//' | awk '{printf $5}'); + #FCP = First Crypt Partition + echo -e " \tCRYPT_PART${i}: ${diskFree}/${diskSize} (${diskUsage_perc}%)"; + i=$((i + 1)); + done + else + echo -e " \tCRYPT_PART: N/A"; + fi +fi +echo -e " \tIP: $(ip addr show $(sed -n '2p' /proc/net/route | awk '{printf $1}') | grep 'inet\ ' | awk '{printf $2"\n"}')"; +echo -e " \tPROCESSES: $(ps -aux | wc -l | awk '{printf $1}')"; +if $(uptime | grep -q 'day'); then + utime=$(uptime | awk '{printf $3" "$4" "$5}' | sed -e 's/\,$//' -e 's,:,h ,'); + echo -e "\tUPTIME: ${utime}m"; +else + utime=$(uptime | awk '{printf $3}' | sed -e 's/,//' -e 's,:,h ,'); + if $(echo $utime | grep -q "h"); then + echo -e " \tUPTIME: ${utime}m"; + else + echo -e " \tUPTIME: 0h ${utime}m"; + fi +fi +echo -e " \t$(uptime | grep -o "load.*$" | tr [a-z] [A-Z])"; +echo; +if [ -x /usr/local/bin/immudex-meteo ]; then +echo "Weather:"; + if [ "$LOCATION" ]; then + /usr/local/bin/immudex-meteo --micro $LOCATION; + fi +fi +echo; +if [ "$FOOTER" ]; then + echo -e "$FOOTER"; +fi +echo; +echo "===================================================================="; diff --git a/tools/bin/immudex-upgrade b/tools/bin/immudex-upgrade new file mode 100755 index 0000000..586f838 --- /dev/null +++ b/tools/bin/immudex-upgrade @@ -0,0 +1,91 @@ +#!/bin/bash + +set -e + +RED="\e[31m"; +GREEN="\e[32m"; +YELLOW="\e[33m"; +ENDCOLOR="\e[0m"; + +function help() { + echo "This is SDK version of upgrade script. It allows to network immudex "; + echo "upgrade via downloading kernel, initrd and squashfs file from web "; + echo "server."; + echo; + echo "Usage: immudex-upgrade [--help] [--version] "; + echo; + echo "Options: "; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-upgrade (SDK version) 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit; + elif [ "$1" = "--version" ]; then + version; + exit; + fi +fi + +echo "Upgrading immudex..."; +part=$(blkid | grep 'LABEL="immudex"' | awk '{printf $1}' | cut -d ":" -f 1); + +echo -n " Mounting immudex partition..."; +mount $part /mnt >> /dev/null 2>&1; +if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + +if [ "$1" ] && $(echo "$1" | grep -q '^http'); then + URL="$1"; + wget ${URL}/live/vmlinuz -O /mnt/live/vmlinuz 2>/dev/null; + if [ $? -eq 0 ]; then + echo -e " Copying immudex kernel to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + wget ${URL}/live/initrd -O /mnt/live/initrd 2>/dev/null; + if [ $? -eq 0 ]; then + echo -e " Copying immudex initrd to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + wget ${URL}/live/filesystem.squashfs -O /mnt/live/filesystem.squashfs 2>/dev/null; + if [ $? -eq 0 ]; then + echo -e " Copying immudex filesystem.squashfs to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + wget ${URL}/live/changelog -O /mnt/live/changelog 2>/dev/null; + if [ $? -eq 0 ]; then + echo -e " Copying immudex changelog file to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + + if $(sudo efibootmgr > /dev/null 2>&1); then + echo " Copying grub config to the disk..."; + if [ "$1" ] && $(echo "$1" | grep -q '^http'); then + wget ${URL}/live/grub.cfg -O /mnt/boot/grub/grub.cfg 2>/dev/null; + if [ $? -eq 0 ]; then + echo -e " Downloading immudex GRUB config...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + echo -e " Copying grub config to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + sed -i '/set\ timeout=/ s/30/5/' /mnt/boot/grub/grub.cfg; + sed -i 's/bootfrom=removable //g' /mnt/boot/grub/grub.cfg; + fi + + umount -R /mnt; + if [ $? -eq 0 ]; then + echo -e " Unmount immudex partition...[ ${GREEN}OK${ENDCOLOR} ]"; + fi + echo -e "Upgrading immudex...[ ${GREEN}OK${ENDCOLOR} ]"; +else + help; + exit 1; +fi diff --git a/tools/bin/library.sh b/tools/bin/library.sh new file mode 100755 index 0000000..1ba9ed8 --- /dev/null +++ b/tools/bin/library.sh @@ -0,0 +1,100 @@ +#!/bin/bash + + +#function help() { +# echo "This script does noting. It's a collection of functions uses by"; +# echo "other tools, by import this file into it self. Man page for this script"; +# echo "can be usefull for describe above mentioned functions."; +# echo; +# echo "Notes:"; +# echo -e " get_debian_branch() Can be used for convert Debian codename for Debian branch name\n"; +# echo -e " get_machine_arch() Used for getting information is this 32 or 64-bit architecture.\n"; +# echo -e " check_distro_commit() Is used for decide that you use a latest version immudex if there are commit ahead your image, this script returns 0, otherwise 1.\n"; +# echo -e " ascii_colors() Prints immudex name in ASCII manuali.\n"; +# echo; +# echo "Usage: source /usr/local/bin/library.sh"; +# echo; +# echo "Options:"; +# echo " There is no options... Function help and version are used only for generate man page file and will be comment out after this."; +# echo; +# echo "Report bugs to "; +#} + +#function version(){ +# echo "library.sh 1.0"; +# echo; +# echo "Copyright (C) 2026 morketsmerke.org"; +# echo "This is free software; see the source for copying conditions. There is NO"; +# echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; +# echo; +# echo "Written by xf0r3m."; +#} + + +function get_debian_branch() { + if grep -q 'trixie' /etc/os-release; then + echo "testing"; + elif grep -q 'bookworm' /etc/os-release; then + echo "stable"; + else + echo "oldstable"; + fi +} + +function get_machine_arch() { + arch=$(uname -m); + if [ "$arch" = "i686" ]; then + echo "32"; + else + echo "64"; + fi +} + +function check_distro_commit() { + versionFile="/run/live/medium/live/version"; + if [ -f $versionFile ]; then + localVersion=$(cat $versionFile); + if [ -d /tmp/immudex ]; then + $(cd /tmp/immudex && git pull -q); + else + git clone -q https://github.com/xf0r3m/immudex /tmp/immudex; + fi + latestVersion=$(cd /tmp/immudex && git log --pretty=oneline | head -1 | cut -d " " -f 1); + if [ "$1" ] && [ "$1" == "--print" ]; then + echo "$(cd /tmp/immudex && git log ${localVersion}..${latestVersion})"; + fi + if [ "$localVersion" = "$latestVersion" ]; then + return 0; + else + return 1; + fi + else + return 255; + fi +} + +function ascii_colors() { + + BLUE="\e[1;94m"; + RED="\e[1;91m"; + CYAN="\e[1;96m"; + ENDCOLOR="\e[0m"; + + echo -e "${BLUE} _ ${RED} _ ${CYAN} ${ENDCOLOR}"; + echo -e "${BLUE}(_)_ __ ___ _ __ ___ _ _ ${RED} __| | ___${CYAN}__ __${ENDCOLOR}"; + echo -e "${BLUE}| | '_ \` _ \| '_ \` _ \| | | |${RED}/ _\` |/ _ \\\\${CYAN} \/ /${ENDCOLOR}"; + echo -e "${BLUE}| | | | | | | | | | | | |_| |${RED} (_| | __/${CYAN}> < ${ENDCOLOR}"; + echo -e "${BLUE}|_|_| |_| |_|_| |_| |_|\__,_|${RED}\__,_|\___/${CYAN}_/\_\\"; + echo -e "${ENDCOLOR}"; + +} + +#if [ "$1" ]; then +# if [ "$1" = "--help" ]; then +# help; +# exit 0; +# elif [ "$1" = "--version" ]; then +# version; +# exit 0; +# fi +#fi diff --git a/tools/immudex-motd2 b/tools/immudex-motd2 deleted file mode 100755 index da11dcc..0000000 --- a/tools/immudex-motd2 +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash - -/usr/bin/figlet immudex; -echo; -echo "Today is: $(date)"; -echo; -echo "System summary: "; -cpuIdle=$(vmstat | tail -1 | awk '{printf $15}'); -cpuUsage=$((100 - $cpuIdle)); -echo -e " \tCPU: ${cpuUsage}%"; -echo -e " \tMEM: $(free -h | sed -n '2p' | awk '{printf $7}' | sed 's/i//') Free"; -if $(df -h 2> /dev/null | grep -q '/dev/mapper'); then - i=1; - echo -e " \tCRYPT_PARTi: Free/Total (Usage%)"; - amountOfDisks=$(df -h 2> /dev/null | grep '/dev/mapper' | wc -l | awk '{printf $1}'); - while [ $i -le $amountOfDisks ]; do - diskSize=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $2}'); - diskFree=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $4}'); - diskUsage_perc=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | sed 's/%//' | awk '{printf $5}'); - #FCP = First Crypt Partition - echo -e " \tCRYPT_PART${i}: ${diskFree}/${diskSize} (${diskUsage_perc}%)"; - i=$((i + 1)); - done -else - echo -e " \tCRYPT_PART: N/A"; -fi -echo -e " \tPROCESSES: $(ps -aux | wc -l | awk '{printf $1}')"; -utime=$(uptime | awk '{printf $3}' | sed 's/,//'); -if $(echo $utime | grep -q ":"); then - echo -e " \tUPTIME: ${utime}"; -else - echo -e " \tUPTIME: 0:${utime}"; -fi -echo -e " \t$(uptime | grep -o "load.*$" | tr [a-z] [A-Z])"; -echo; -echo -e "morketsmerke.org @ 2023 https://github.com/xf0r3m/immudex"; -echo; -#/usr/local/bin/immudex_upgrade --check --print; -#if [ $? -ne 0 ]; then -# echo -e "\e[31mThere is no internet connection or internal error.\e[0m"; -# if [ -f /tmp/feed.xml ] && [ ! -s /tmp/feed.xml ]; then -# rm -f /tmp/feed.xml; -# fi -#else -# if [ "$USER" = "xf0r3m" ]; then -# sudo apt update > /tmp/update.log 2>&1 && tail -1 /tmp/update.log; -# fi -#fi -echo "===================================================================="; diff --git a/tools/man/immudex-branch.1.gz b/tools/man/immudex-branch.1.gz new file mode 100644 index 0000000..57ac8d4 Binary files /dev/null and b/tools/man/immudex-branch.1.gz differ diff --git a/tools/man/immudex-build-menu.1.gz b/tools/man/immudex-build-menu.1.gz new file mode 100644 index 0000000..60b8a0f Binary files /dev/null and b/tools/man/immudex-build-menu.1.gz differ diff --git a/tools/man/immudex-build-show-log.1.gz b/tools/man/immudex-build-show-log.1.gz new file mode 100644 index 0000000..f65a13d Binary files /dev/null and b/tools/man/immudex-build-show-log.1.gz differ diff --git a/tools/man/immudex-crypt.1.gz b/tools/man/immudex-crypt.1.gz new file mode 100644 index 0000000..74e1112 Binary files /dev/null and b/tools/man/immudex-crypt.1.gz differ diff --git a/tools/man/immudex-motd.1.gz b/tools/man/immudex-motd.1.gz new file mode 100644 index 0000000..d10fa8b Binary files /dev/null and b/tools/man/immudex-motd.1.gz differ diff --git a/tools/man/immudex-upgrade.1.gz b/tools/man/immudex-upgrade.1.gz new file mode 100644 index 0000000..3e5a956 Binary files /dev/null and b/tools/man/immudex-upgrade.1.gz differ diff --git a/tools/man/library.sh.1.gz b/tools/man/library.sh.1.gz new file mode 100644 index 0000000..ad0785f Binary files /dev/null and b/tools/man/library.sh.1.gz differ diff --git a/tools/misc/motd.conf b/tools/misc/motd.conf new file mode 100644 index 0000000..1b62c4c --- /dev/null +++ b/tools/misc/motd.conf @@ -0,0 +1,18 @@ + +#MOUNT_POINTS - turning on file system space level monitoring. Mount points +#puted to variable must separated with space and $ on end up."; +MOUNT_POINTS="/$ /home$"; + +#OPTIONS - storage triggers for additional jobs, which script can do. At this +#moment we have: +#cryptparts - file system space level monitoring for LUKS parted disks, +#weather - put one line current weather status for declared location. It's +#requires LOCATION option configured. +OPTIONS="cryptparts weather"; + +#FOOTER - custom information printed before script end his execution. It could +#be anything. +FOOTER="morketsmerke.org @ 2026 https://github.com/xf0r3m/immudex" + +#LOCATION - not required option, it will be used to prints weather information +LOCATION="Warszawa"; diff --git a/versions/base.sh b/versions/base.sh index b129a70..604d571 100644 --- a/versions/base.sh +++ b/versions/base.sh @@ -2,8 +2,8 @@ ARCH=$(dpkg --print-architecture); cd; -if [ -x /usr/bin/git ]; then git clone https://git.morketsmerke.org/git/immudex-sdk; -else apt install git -y && git clone https://git.morketsmerke.org/git/immudex-sdk; +if [ -x /usr/bin/git ]; then git clone https://github.com/xf0r3m/immudex-sdk; +else apt install git -y && git clone https://github.com/xf0r3m/immudex-sdk; fi source ~/immudex-sdk/versions/template.sh; @@ -23,16 +23,23 @@ else install_packages --no-install-recommends linux-image-686-pae live-boot systemd-sysv -y; fi -install_packages --no-install-recommends network-manager net-tools iproute2 wireless-tools wget openssh-client alsa-utils firefox-esr icewm xserver-xorg-core xserver-xorg xinit xterm vim geany iputils-ping man man-db texinfo less ranger feh dosfstools isc-dhcp-client whiptail locales keyboard-configuration console-setup curl xfe lightdm rsync git conky cryptsetup debootstrap squashfs-tools xorriso isolinux syslinux-efi grub-pc-bin grub-efi-amd64-bin mtools figlet file gnome-themes-extra sudo +install_packages --no-install-recommends network-manager net-tools iproute2 wireless-tools wget openssh-client alsa-utils firefox-esr icewm xserver-xorg-core xserver-xorg xinit xterm vim geany iputils-ping man man-db texinfo less ranger feh isc-dhcp-client whiptail locales keyboard-configuration console-setup curl xfe lightdm rsync git conky-all cryptsetup figlet file gnome-themes-extra sudo lolcat parted e2fsprogs; +install_packages debootstrap squashfs-tools xorriso isolinux syslinux-efi grub-pc-bin grub-efi-amd64-bin mtools dosfstools openssh-server extlinux grub-efi-amd64; + +ln -s /usr/games/lolcat /usr/bin; cp -vv ~/immudex-sdk/files/lightdm-gtk-greeter.conf /etc/lightdm if [ ! -d /usr/share/images/desktop-base ]; then mkdir -p /usr/share/images/desktop-base; fi +if [ ! -d /usr/share/desktop-base/active-theme/wallpaper/contents/images ]; then + mkdir -p /usr/share/desktop-base/active-theme/wallpaper/contents/images; +fi cp -vv ~/immudex-sdk/images/d13_wallpaper.png /usr/share/images/desktop-base; +ln -s /usr/share/images/desktop-base/d13_wallpaper.png /usr/share/desktop-base/active-theme/wallpaper/contents/images/1920x1080.svg; cp -vv ~/immudex-sdk/images/immudex_xfce_greeter_logo.png /usr/share/images/desktop-base; -cp -vv ~/immudex-sdk/images/lightdm_wallpaper.jpg /usr/share/images/desktop-base; +#cp -vv ~/immudex-sdk/images/lightdm_wallpaper.jpg /usr/share/images/desktop-base; cp -vv ~/immudex-sdk/images/immudex-sdk.xpm /usr/share/images/desktop-base; cp -rvv ~/immudex-sdk/files/icewm /root/.icewm; @@ -41,12 +48,22 @@ cp -vv ~/immudex-sdk/files/vimrc /root/.vimrc; cp -vv ~/immudex-sdk/files/xinitrc /root/.xinitrc; ln /root/.xinitrc /root/.xsession; cp -vv ~/immudex-sdk/files/XTerm /root/XTerm; +cp -vv ~/immudex-sdk/files/lightdm.conf /etc/lightdm; +cp -vv ~/immudex-sdk/files/lightdm-autologin /etc/pam.d; + +cp -vv ~/immudex-sdk/tools/bin/* /usr/local/bin; +chmod +x /usr/local/bin/*; + +if [ -d /usr/share/man/man1 ]; then + cp -vv ~/immudex-sdk/tools/man/* /usr/share/man/man1; +fi -cp -vv ~/immudex-sdk/tools/immudex-motd2 /usr/local/bin; +mkdir /usr/share/doc/immudex-motd; +cp -vv ~/immudex-sdk/tools/misc/motd.conf /usr/share/doc/immudex-motd/motd.conf.sample; cat >> /etc/bash.bashrc << EOL if [ ! -f /tmp/.motd ]; then -/usr/local/bin/immudex-motd2 +/usr/local/bin/immudex-motd touch /tmp/.motd; fi EOL @@ -54,6 +71,12 @@ EOL echo "alias immudex-chhome='export HOME=\$(pwd)'" >> /etc/bash.bashrc; echo "root:toor" | chpasswd; + echo "immudex-sdk" > /etc/hostname echo "127.0.1.1 immudex-sdk" >> /etc/hosts + +sed -i '/^#PermitRootLogin/s/#//' /etc/ssh/sshd_config +sed -i '/^PermitRootLogin/s/prohibit-password/yes/' /etc/ssh/sshd_config +systemctl disable ssh.service; + tidy;