From: xf0r3m Date: Fri, 13 Oct 2023 11:35:38 +0000 (+0200) Subject: Synchronizacja public -> priv X-Git-Url: https://gitweb.morketsmerke.org/?a=commitdiff_plain;p=immudex-lhe.git Synchronizacja public -> priv --- diff --git a/README.md b/README.md index afa5de2..b8bb075 100644 --- a/README.md +++ b/README.md @@ -1,58 +1,19 @@ ![Image](https://i.ibb.co/NxtyJ3T/immudex2.png) -# IMMutable DEbian with Xfce - Testing +# IMMutable DEbian with Xfce - Low Hardware Edition -## GNU/LINUX Debian testing (bookworm) +## GNU/LINUX Debian oldoldstable (buster) -Immudex to wersja GNU/Linux Debian zawierająca niezmienne środowisko pracy. Wykorzystuje -ona bowiem archiwum .squashfs znane z LiveCD. Przyczym pozwala ona na pełen -dostęp do partycji zawierające archiwum, w razie aktualizacji. Tak przygotowana -wersja popularnego systemu operacyjnego pozwoli bezpieczniejsze korzystanie -z komputera oraz zasobów internetu. Jeśli coś się stanie, wystarczy uruchomić -komputer ponownie. +To repozytorium zawiera pliki służące do tworzenia dystrybucji immudex. +Zawiera ono wiele ciekawych informacji, jednak podstawowe infomacje na temat +tej dystrybucji (wraz z adresami do serwerów lustrzanych z obrazmi płyt) +znajdują się pod adresem: -Immudex nastawiowny jest na wykorzystanie do przechowywania danych szyfrowanych -partycji za pomocą mechanizmu LUKS. Dodatkowy mechanizm pozwala na -zabezpieczenie danych składowanych na tego typu partycjach, na przykład jeśli -mamy otwarte jakieś pliki na zaszyfrowanej partycji przeglądarka się nie -uruchomi. Musimy wówczas zamknąć wszystkie pliki oraz opuścić punkt montowania -szyfrowanej partycji, wtenczas zostanie ona odmontowana szyfrowany wolumin -zostanie zamknięty. Po tych czynnościach przeglądarką uruchomi się -samodzielnie. W ramach bezpieczeństwa dostępny jest również sandboxer FireJail, -zablokowano również wszelkie sieciowe połączenia przychodzące. +[https://morketsmerke.github.io/articles/immudex/immudex.html](https://morketsmerke.github.io/articles/immudex/immudex.html) -Immudex domyślnie korzysta z wolnego oprogramowania, nie zainstalowano na nim -niewolnych pakietów, w konfiguracji nie ma również niewolnych repozytoriów. -Do dyspozycji mamy: - * Standardowe środowisko XFCE dostępne na Debian Testing - * Odtwarzacz muzyki QMMP - * Odtwarzacz multimedialny VLC - * virt-manager (KVM) - -**Uwaga! Od wersji 0.2.3, immudex-testing będzie wymagać min. 6GB wolnego -miejsca na dysku** - -Obraz płyty znajduje się na dedykowanym serwisie WWW. Poniżej znajduje się -odnośniki. - -Tygodniowy build: 27.05.2023 - - * 64-bit: [https://ftp.morketsmerke.org/immudex/testing/iso/0.2.4/immudex-testing64.iso](https://ftp.morketsmerke.org/immudex/testing/iso/0.2.4/immudex-testing64.iso) - - CRC: 2613063575 SHA1: d6ed9eeb58f8d33d51d931df1ff162011ffc6738 - * 32-bit: [https://ftp.morketsmerke.org/immudex/testing/iso/0.2.4/immudex-testing32.iso](https://ftp.morketsmerke.org/immudex/testing/iso/0.2.4/immudex-testing32.iso) - - CRC: 1749988155 SHA1: bda3443e306dafe8b50ad0ecb43896044f8a7994 - -Domyślnym użytkownikiem jest user, dostęp to niego uzyskujemy za pomocą hasła -user1. Możemy również skorzystać z konta superużytkownika root z hasłem toor. - -Dokumentacja systemu znajduje się pod [tym](https://morketsmerke.github.io/articles/immudex/index.html) adresem. immudex is not affiliated with Debian. Debian is a registered trademark owned by Software in the Public Interest, Inc. -[Lock icons created by Freepik - Flaticon](https://www.flaticon.com/free-icons/lock) - [Rss icons created by Freepik - Flaticon](https://www.flaticon.com/free-icons/rss) diff --git a/changelogs/0.0.0.txt b/changelogs/0.0.0.txt new file mode 100644 index 0000000..9fc2ead --- /dev/null +++ b/changelogs/0.0.0.txt @@ -0,0 +1,20 @@ +immudex-lhe 0.0.0 - wydanie początkowe + + 1. Wydanie odchudzonej wersji immudex, zmienione zostało: + - wersja bazowa z Debian 12 Bookworm (stable) na Debian 10 Buster + (oldoldstable), + - środowisko graficzne XFCE zastąpił X.org z menedżerem okiem Ratpoison, + - Mendżer wyświetlania LightDM zastąpił klasyczny XDM, + - Większość programów (okienkowych) zostało zastąpione terminalowymi + odpowiednikami za wyjątkiem programu MPV. + - Firefox w gałęzi ESR, zastąpił GNU IceCat. + - Bez zmian pozostały narzędzia autorskie immudex, jak np. immudex_crypt + czy pl. + - Ładny emulator terminala zastąpiono, surowym program XTerm o klasyczym, + domyślnym kroju czcionki. + - NetworkManagera zastąpiono klasycznym dla GNU/Linux Debian rozwiązaniem + ifupdown, połączenia bezprzewodowe wspierane są przez daemona IWD od + firmy Intel. + - System w stanie spoczynku pobiera 100MB pamięci RAM. + - Zablokowano również dostęp do superużytkownika. Uprawnienia + administratora uzyskuje się za pomocą polecenia 'sudo'. diff --git a/files/001/librewolf.tgz b/files/001/librewolf.tgz new file mode 100644 index 0000000..1194919 Binary files /dev/null and b/files/001/librewolf.tgz differ diff --git a/files/001/sync.sh/sync.conf b/files/001/sync.sh/sync.conf new file mode 100644 index 0000000..15861c1 --- /dev/null +++ b/files/001/sync.sh/sync.conf @@ -0,0 +1,11 @@ +#!/bin/bash + +#Config file: +LDIR=""; +RDIR=""; +RUSER=""; +RSERVER=""; +KEYFILE=""; +SSHOPTS="-i ${KEYFILE}"; +export GIT_SSH_COMMAND="ssh ${SSHOPTS}"; + diff --git a/tools/101/idle-clic b/tools/101/idle-clic new file mode 100755 index 0000000..706b14a --- /dev/null +++ b/tools/101/idle-clic @@ -0,0 +1,48 @@ +#!/bin/bash + +function help() { + echo 'idle-cli - Inter-Distribution Linux Environment CLI'; + echo '@ 2023 morketsmerke.org'; + echo; + echo "Options:"; + echo " list-distros - listing available containers with Linux distros on this server"; + echo " shell - bring up the shell of given distro"; + echo " check-commmand - verify is given command exists in given distro"; + echo " apropos - finds commmands match to given keywords"; + echo " pkgsearch - check is given package is ready to install in given distro"; + echo; + echo " - pointing only one distro, but you can use also:" + echo " :"; + echo " --deb - .deb packages using distros (debian,kali,ubuntu)"; + echo " --rpm - .rpm packages using distros (fedora,rocky,opensuse)"; + echo " --other - other distros don't match to above (alpine,archlinux,gentoo,void)"; + echo " or <--all> - all 10 available distros (warning, output could be large, use some of pager)"; + echo; + echo 'Usage:'; + echo ' $ idle-clic list-distros'; + echo ' $ idle-clic shell rocky'; + echo ' $ idle-clic check-command netstat'; + echo ' $ idle-clic apropos zip'; + echo ' $ idle-clic pkgsearch "intel sound"'; + echo; + echo 'IDLE Configuration:'; + echo 'In ~/.idle/.idle.conf file (example of this file: /usr/share/idle/idle.conf)'; + echo ' RUSER="user";'; + echo ' IDLESERVER="idle.example.org";'; + echo ' SSH_OPTS="-p 10022 -i ~/id_rsa"; #OPTIONAL'; +} + +if [ -f ~/.idle/idle.conf ]; then + source ~/.idle/idle.conf; + echo "IDLE Server response:"; + if echo $@ | grep -q 'shell'; then + ssh -t ${SSH_OPTS} ${RUSER}@${IDLESERVER} "idle-clis $@"; + else + ssh ${SSH_OPTS} ${RUSER}@${IDLESERVER} "idle-clis $@"; + fi + if [ $? -eq 1 ]; then help; exit 1; fi +else + echo "There is no IDLE config file. Exiting..."; + help; + exit 1; +fi diff --git a/tools/101/library.sh b/tools/101/library.sh new file mode 100755 index 0000000..2faa2ad --- /dev/null +++ b/tools/101/library.sh @@ -0,0 +1,65 @@ +#!/bin/bash + +function get_debian_branch() { + if grep -q 'trixie' /etc/os-release; then + echo "testing"; + else + echo "stable"; + fi +} + +function get_machine_arch() { + arch=$(uname -m); + if [ "$arch" = "i686" ]; then + echo "32"; + else + echo "64"; + fi +} + +function check_distro_version() { + set -e + root="/run/live/medium"; + if [ -d ${root}/live ]; then + if [ -f ${root}/live/version ]; then + version=$(cat ${root}/live/version | sed 's/\.//g'); + else version="000"; + fi + BRANCH=$(get_debian_branch); + ARCH=$(get_machine_arch); + if [ ! -f /tmp/ltver ]; then + wget -q https://ftp.morketsmerke.org/immudex/${BRANCH}/upgrades/latest/${ARCH}/version -O /tmp/ltver; + fi + if [ ! -s /tmp/ltver ]; then sudo rm /tmp/ltver; return 255; fi; + newVersionTxt=$(cat /tmp/ltver); + newVersionInt=$(echo $newVersionTxt | sed 's/\.//g'); + if [ $version -lt $newVersionInt ]; then + exitcode=0; + else + exitcode=1; + fi + else + exitcode=255; + fi + if [ "$1" ] && [ "$1" = "--print" ]; then + echo $newVersionTxt; + return 0; + fi + return $exitcode; +} + +function ascii_colors() { + + BLUE="\e[1;94m"; + RED="\e[1;91m"; + CYAN="\e[1;96m"; + ENDCOLOR="\e[0m"; + + echo -e "${BLUE} _ ${RED} _ ${CYAN} ${ENDCOLOR}"; + echo -e "${BLUE}(_)_ __ ___ _ __ ___ _ _ ${RED} __| | ___${CYAN}__ __${ENDCOLOR}"; + echo -e "${BLUE}| | '_ \` _ \| '_ \` _ \| | | |${RED}/ _\` |/ _ \\\\${CYAN} \/ /${ENDCOLOR}"; + echo -e "${BLUE}| | | | | | | | | | | | |_| |${RED} (_| | __/${CYAN}> < ${ENDCOLOR}"; + echo -e "${BLUE}|_|_| |_| |_|_| |_| |_|\__,_|${RED}\__,_|\___/${CYAN}_/\_\\"; + echo -e "${ENDCOLOR}"; + +} diff --git a/tools/101/motd2 b/tools/101/motd2 new file mode 100755 index 0000000..8918b71 --- /dev/null +++ b/tools/101/motd2 @@ -0,0 +1,45 @@ +#!/bin/bash + +#/usr/bin/figlet immudex; +source /usr/local/bin/library.sh; +ascii_colors; +echo; +echo "Today is: $(date)"; +echo; +echo "System summary: "; +cpuIdle=$(vmstat | tail -1 | awk '{printf $15}'); +cpuUsage=$((100 - $cpuIdle)); +echo -e " \tCPU: ${cpuUsage}%"; +echo -e " \tMEM: $(free -h | sed -n '2p' | awk '{printf $7}' | sed 's/i//') Free"; +if $(df -h 2> /dev/null | grep -q '/dev/mapper'); then + i=1; + echo -e " \tCRYPT_PARTi: Free/Total (Usage%)"; + amountOfDisks=$(df -h 2> /dev/null | grep '/dev/mapper' | wc -l | awk '{printf $1}'); + while [ $i -le $amountOfDisks ]; do + diskSize=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $2}'); + diskFree=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | awk '{printf $4}'); + diskUsage_perc=$(df -h 2> /dev/null | grep '/dev/mapper' | sed -n "${i}p" | sed 's/%//' | awk '{printf $5}'); + #FCP = First Crypt Partition + echo -e " \tCRYPT_PART${i}: ${diskFree}/${diskSize} (${diskUsage_perc}%)"; + i=$((i + 1)); + done +else + echo -e " \tCRYPT_PART: N/A"; +fi +echo -e " \tPROCESSES: $(ps -aux | wc -l | awk '{printf $1}')"; +if $(uptime | grep -q 'day'); then + utime=$(uptime | awk '{printf $3" "$4" "$5}' | sed -e 's/\,$//' -e 's,:,h ,'); + echo -e "\tUPTIME: ${utime}m"; +else + utime=$(uptime | awk '{printf $3}' | sed -e 's/,//' -e 's,:,h ,'); + if $(echo $utime | grep -q "h"); then + echo -e " \tUPTIME: ${utime}m"; + else + echo -e " \tUPTIME: 0h ${utime}m"; + fi +fi +echo -e " \t$(uptime | grep -o "load.*$" | tr [a-z] [A-Z])"; +echo; +echo -e "morketsmerke.org @ 2023 https://github.com/xf0r3m/immudex"; +echo; +echo "===================================================================="; diff --git a/tools/101/newsfeed b/tools/101/newsfeed new file mode 100755 index 0000000..fddc38d --- /dev/null +++ b/tools/101/newsfeed @@ -0,0 +1,177 @@ +#!/bin/bash + +function createBufferFile() { + count=0; + for mark in $markList; do + if [ $count -gt 0 ]; then + sed -i "s,$mark,${mark}\n,g" ${1}.buffer; + else + sed "s,$mark,${mark}\n,g" $1 > ${1}.buffer; + count=$((count + 1)); + fi; + done +} + +function descSanitize() { + desc=$(echo $@ | sed -e 's,,,' -e 's,\]\]>,,' -e 's,,,' -e 's,,,' -e 's,<,<,g' -e 's,>,>,g' -e 's,

,,g' -e 's,,,' -e 's,,,' -e 's,

,,' -e 's/^[[:space:]]*//g'); + echo -n $desc; +} + +function titleSanitize() { + title=$(echo $@ | sed -e 's,,,' -e 's,,,' -e 's,",",g' -e 's/^[[:space:]]*//g'); + echo -n $title; +} + +function pubDateSanitize() { + pubDate=$(echo $@ | sed -e 's,,,' -e 's,,,' -e 's/^[[:space:]]*//g'); + echo -n $pubDate; +} + +function linkSanitize() { + link=$(echo $@ | sed -e 's,,,' -e 's,,,' -e 's/^[[:space:]]*//g'); + echo -n $link; +} + +function show() { + bufferFile="${1}.buffer"; + if grep -q '' $bufferFile; then + sed -i -e 's,,,g' -e 's,,,g' $bufferFile; + fi + if [ ! "$2" ]; then + newsCount=$(grep -o '.*' $bufferFile | wc -l | awk '{printf $1}'); + count=1 + else + count=$(expr $2 + 1); + newsCount=$count; + fi + while [ $count -le $newsCount ]; do + t=$(grep -o '.*' $bufferFile | sed -n "${count}p"); + title=$(titleSanitize $t); + pD=$(grep -o '.*' $bufferFile | sed -n "${count}p") + pubDate=$(pubDateSanitize $pD); + d=$(grep -o '.*' $bufferFile | sed -n "${count}p") + desc=$(descSanitize $d); + echo -e "\t$((count - 1)) (Link ID: $count): $title"; + echo -e "\t -> $pubDate"; + echo -e "\t >>> $desc"; + echo; + count=$((count + 1)) + done +} + +function getLink() { + bufferFile="${1}.buffer"; + newsNumber=$2; + linkLine=$(grep -o '.*' $bufferFile | sed -n "${newsNumber}p"); + link=$(linkSanitize $linkLine); + echo -n $link; +} + +function executeCreateBufferFile() { + fname=$1; + export markList=$(grep -o '' $fname | sort | uniq | awk '{printf $1" "}'); + createBufferFile $fname; +} + +function help() { + echo "immudex-newsfeed - fetch and browse news feed from rss and atom channels"; + echo "@ 2023 morketsmerke.org"; + echo; + echo "Options:"; + echo " --list - shows numbered list of names, saved in ~/.newsfeed names and"; + echo " URL of rss channels"; + echo " --check [--show-one] - fetching new rss channel file from source"; + echo " [ and show first news from channel (as a notification) ]"; + echo " --show - shows numbered list of news titles."; + echo " Number of channel you can get from --list option."; + echo " --open - open web browser on link, which are under"; + echo " titles of news on rss channel. Number of title you can get"; + echo " from --show option. This option based on the last showed rss"; + echo " channel feed."; + echo; + echo "The ~/.newsfeed file:"; + echo " This file is simple csv (semicolon separated values) file which"; + echo " store rss channels in one line. One by one. The one line"; + echo " contains: name and URL of rss feed. For example:"; + echo; + echo " News Feed;https://newsfeed.example.org/rss"; +} + +if [ ! -s ~/.newsfeed ]; then + help; + exit 1; +else + if [ ! "$1" ] || ([ "$1" != "--list" ] && \ + [ "$1" != "--check" ] && \ + [ "$1" != "--show" ] && \ + [ "$1" != "--open" ]); then + help; + exit 1; + fi + amountOfSubscriptions=$(cat ~/.newsfeed | wc -l); + i=1; + while [ $i -le $amountOfSubscriptions ]; do + newsfeedLine=$(sed -n "${i}p" ~/.newsfeed); + nameOfSubscription=$(echo $newsfeedLine | cut -d ";" -f 1); + rssLink=$(echo $newsfeedLine | cut -d ";" -f 2); + if [ "$1" ] && [ "$1" = "--list" ]; then + echo -e "${i}. ${nameOfSubscription}"; + elif [ "$1" ] && [ "$1" = "--check" ]; then + echo -e "${i}. ${nameOfSubscription}"; + echo -n "Getting news feed..."; + wget $rssLink -O /tmp/new_newsfeed_${i}.xml 2>/dev/null; + if [ $? -eq 0 ]; then echo "[ OK ]"; + else echo -e "\nThere is no Internet connection"; exit 1; fi + if [ -s /tmp/newsfeed_${i}.xml ]; then + executeCreateBufferFile /tmp/new_newsfeed_${i}.xml; + amountOfNewNewses=$(diff /tmp/new_newsfeed_${i}.xml.buffer /tmp/newsfeed_${i}.xml.buffer | grep '' | wc -l); + if [ $amountOfNewNewses -gt 0 ]; then + notify-send "$nameOfSubscription" "New $amountOfNewNewses newses" --icon=/usr/share/icons/rss.png; + mv /tmp/new_newsfeed_${i}.xml /tmp/newsfeed_${i}.xml; + executeCreateBufferFile /tmp/newsfeed_${i}.xml; + news=$(show /tmp/newsfeed_${i}.xml 1); + notify-send "newsfeed" "${nameOfSubscription}:\n${news}" -t ${i}0000 --icon=/usr/share/icons/rss.png; + #j=1; + #sleep 1; + #while [ $j -le 1 ]; do + # news=$(diff /tmp/new_newsfeed_${i}.xml /tmp/newsfeed_${i}.xml | \ + # grep '<title>' | sed -n "${j}p" | sed 's/<title>//' | \ + # sed 's/<\/title>//' | sed 's/[<>]//' | \ + # sed 's/^[[:space:]]*//g'); + # notify-send "newsfeed" "${nameOfSubscription}: ${news}" -t 10000 --icon=/usr/share/icons/rss.png; + # sleep 1; + # j=$((j + 1)); + #done + fi + else + mv /tmp/new_newsfeed_${i}.xml /tmp/newsfeed_${i}.xml; + amountOfNews=$(grep '<title>' /tmp/newsfeed_${i}.xml | sed -n '2,$p' | wc -l); + if [ $amountOfNews -eq 0 ]; then + compressed=1; + amountOfNews=$(sed 's/<\/title>/\n/g' /tmp/newsfeed_${i}.xml | sed 's/<item>/\n/g' | grep '<title>' | wc -l) + fi + notify-send "$nameOfSubscription" "New $amountOfNews newses" --icon=/usr/share/icons/rss.png; + executeCreateBufferFile /tmp/newsfeed_${i}.xml; + if [ "$2" ] && [ "--show-one" ]; then + news=$(show /tmp/newsfeed_${i}.xml 1); + notify-send "newsfeed" "${nameOfSubscription}:\n${news}" -t ${i}0000 --icon=/usr/share/icons/rss.png; + fi + fi + fi + i=$((i + 1)); + done + if [ "$1" ] && [ "$1" = "--show" ] && [ "$2" ] && [ $2 -gt 0 ]; then + + #Parsing + #Thanks to the linuxhint.com for command: + #sed 's/^[[:space]]*//g' + #https://linuxhint.com/trim_string_bash + show /tmp/newsfeed_${2}.xml | less + echo $2 > /tmp/lastShowedNewsFeed; + elif [ "$1" ] && [ "$1" = "--open" ] && [ "$2" ] && [ $2 -gt 0 ]; then + subscriptionNumber=$(cat /tmp/lastShowedNewsFeed); + fname="/tmp/newsfeed_${subscriptionNumber}.xml"; + link=$(getLink $fname $2); + exo-open --launch WebBrowser "$link"; + fi +fi diff --git a/tools/101/pl b/tools/101/pl new file mode 100755 index 0000000..7f08f4f --- /dev/null +++ b/tools/101/pl @@ -0,0 +1,80 @@ +#!/bin/bash + +GREEN="\e[32m"; +RED="\e[31m"; +ENDCOLOR="\e[0m"; + +if [ "$1" ] && [ $1 = "--video" ]; then + video=1; + shift; + if [ $# -gt 1 ]; then format="--ytdl-format=$1"; shift; file=$1; + else format="--ytdl-forma=best"; file=$1; fi +else + file=$1; +fi + +function help() { + echo "pl - Play Links. Skrypt to odtwarzania multimediów z listy linków"; + echo "morketsmerke.org; COPYLEFT; 2023"; + echo; + echo "Opcje:"; + echo; + echo -e "\t--video [format] - możliwość odtwarzania linków jako filmów. Format"; + echo -e "\tjest opcjonalny, w przypadku jego braku, domyślnym formatem jest"; + echo -e "\t'best'."; + echo; + echo "Użycie:"; + echo -e "\t$ pl sciezka/do/listy/linkow"; + echo; + echo "Format listy:"; + echo -e "\tnazwa linku: https://youtube.com/..."; +} + +if echo $file | grep -q 'http'; then + echo -n "Getting link list..."; + wget -q $file -O /tmp/playlist.txt; + if [ $? -eq 0 ]; then + echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; + file="/tmp/playlist.txt"; + else + echo -e "[ ${RED}FAIL${ENDCOLOR} ]"; + help; + exit 1; + fi +fi + +if [ "$file" ]; then + PS3="Link: "; + linkNames=$(cut -d ":" -f 1 $file | sed 's/\ /_/g' | awk '{printf $1" "}') + select name in $linkNames; do + if [ "$MPVPID" ]; then kill $MPVPID; fi + if [ ! "$name" ]; then break; fi + link=$(grep "$name" $file | cut -d ":" -f 2-); + if [ ! "$link" ]; then + linkName=$(echo $name | sed 's/_/\ /g'); + link=$(grep "$linkName" $file | cut -d ":" -f 2-); + fi + if echo $link | grep -q "youtube"; then + link=$(echo $link | sed 's/\ //g'); + if [ "$video" ]; then + #ytplay -v $link -f $format + mpv $format ytdl://$link > /dev/null 2>&1 & MPVPID=$! + else + #ytplay -a $link -f best[height=360] + format="--no-video --ytdl-format=best[height=360]"; + mpv $format ytdl://$link > /dev/null 2>&1 & MPVPID=$! + fi + else + mpv --no-video $link > /tmp/pl.log 2>&1 & MPVPID=$!; + tail -f /tmp/pl.log | grep "icy-title" & + fi + #echo "MPV: $MPVPID"; + done +else + help; + exit 1; +fi + +if [ -f /tmp/playlist.txt ]; then + rm /tmp/playlist.txt; +fi diff --git a/tools/101/sync.sh b/tools/101/sync.sh new file mode 100644 index 0000000..f1855ec --- /dev/null +++ b/tools/101/sync.sh @@ -0,0 +1,195 @@ +#!/bin/bash + +#Config file: +source ~/.sync.d/sync.conf; + +#Script file: + +# Check there is a notify-send program installed on the system +which notify-send +isNotifySend=$? + +#Function section: + +# Check is local directory is a Git repository +function is_ldir_a_git_repo() { + cd ${LDIR} + git status > /dev/null 2>&1; + return $?; +} + +# Check is local directory is a clone of remote directory (just git clone) +function is_ldir_a_rdir_clone() { + cd ${LDIR}; + git remote get-url origin | grep -q ${RDIR} + return $?; +} + +# Push changes to remote repo +function update_rdir() { + cd ${LDIR}; + git add --all; + git commit -m "Pushing changes."; + git push -u origin main; + if [ $? -eq 0 ]; then + output "Remote directory is now up to date." "ok"; + return 0; + else + output "Problem ocurred when trying update remote directory" "warn"; + return 1; + fi +} + +# Create git repo on local directory +function initialize_ldir_git() { + cd ${LDIR}; + git init -b main; + git remote add origin ssh://${RUSER}@${RSERVER}${RDIR}; + return $?; +} + +# Clone local directory from remote repo. Just clone. +function clone_rdir() { + git clone ssh://${RUSER}@${RSERVER}${RDIR} ${LDIR} + if [ $? -eq 0 ]; then + output "Local directory was already cloned from remote directory." "ok"; + else + output "Problem ocurred when trying to clone remote directory." "warn"; + fi +} + +# Getting info about local dir updates, before pull +function get_update_info() { + cd ${LDIR}; + git remote update > /dev/null 2>&1; +} + +# Determining on git status hints, there updates for local directory +function is_ldir_need_to_update() { + cd ${LDIR}; + git status | grep -q 'git pull'; + return $?; +} + +# Here is the same as above, but to other side +function is_rdir_need_to_update() { + cd ${LDIR}; + git status | grep -Eq 'git add|git push' + return $?; +} + +# Pulling commits from remote repo +function update_ldir() { + cd ${LDIR}; + git pull > /dev/null 2>&1; + if [ $? -eq 0 ]; then + output "Local directory now is up to date." "ok"; + else + output "Problem occured when trying update local directory." "warn"; + fi +} + +# Hard to get this, if u using repos in normal way. The most popular way to get +# this isn't even implemented in this script. For future use, maybe. +function is_ther_conflict() { + cd ${LDIR}; + git push -u origin main | grep -q 'rejected'; + if [ $? -eq 0 ]; then + output "Conflict ocurred. There are significant diffrences betwen local and remote dirs. Move changes outside local directory and delete him. Try synchronize dirs once again and put changes back" "bad"; + else + output "Problem ocurred when trying update remote directory." "warn"; + fi +} + +# Simple way to comunicate with user. If u have notify-send command, you get +# notifications, if not just type messages in stdout in terminal. +function output() { + argv1=$@; + icon=$(echo $argv1 | sed 's,\ ,\n,g' | tail -1); + msg=$(echo $argv1 | sed -e "s,\ $icon,,g" -e 's/^[[:space:]]*//g'); + + if [ "$icon" = "ok" ]; then + nsIcon="emblem-synchronizing"; + elif [ "$icon" = "warn" ]; then + nsIcon="dialog-warning"; + elif [ "$icon" = "bad" ]; then + nsIcon="process-stop"; + fi + + if [ $isNotifySend -eq 0 ]; then + notify-send "Sync" "$msg" --icon=$nsIcon + else + echo "$msg"; + fi +} + +# Authentication with PKI is required, for this script, so if don't point any +# key in config file, script will generate one pair and try upload them to the +# server. +if [ ! "$KEYFILE" ]; then + ssh-keygen -f ${HOME}/id_rsa + ssh-copy-id ${SSHOPTS} -i ${HOME}/id_rsa ${RUSER}@${RSERVER} +fi + +# Check there is a remote directory +ssh ${SSHOPTS} ${RUSER}@${RSERVER} "[ -d ${RDIR} ]"; +if [ $? -ne 0 ]; then + # If not, create the hole path and initialize remote dir as Git repository. + ssh ${SSHOPTS} ${RUSER}@${RSERVER} "mkdir -p ${RDIR}" + ssh ${SSHOPTS} ${RUSER}@${RSERVER} "cd ${RDIR} && git init --bare -b main"; + # Empty repo flag + empty=0 +fi + +# Initializing local directory +if [ ! -d ${LDIR} ] && [ "$empty" ]; then + # Just create dir structures and initialize them as git repos + mkdir -p ${LDIR} + initialize_ldir_git; + output "Local directory was already created. Remote directory seems to be empty. Nothing to do. Exiting." "warn"; + exit 0; +elif [ -d ${LDIR} ] && [ "$empty" ]; then + # Local dir already exist + is_ldir_a_git_repo; + if [ $? -eq 0 ]; then + # Local dir is git repo + is_ldir_a_rdir_clone; + if [ $? -eq 0 ]; then + # Local dir is remote repo clone. Push dir content to remote repo. + update_rdir; + exit 0; + else + # Local dir is other repo. Refusing to use it. + output "Local directory is other repository than remote directory." "bad"; + exit 1; + fi + else + # Local dir isn't a repo, initialize them and push first commit. + initialize_ldir_git; + update_rdir; + exit 0; + fi +elif [ ! -d ${LDIR} ] && [ ! "$empty" ]; then + # Local directory doesn't exist, but remote dir isn't empty. Clone them. + clone_rdir; + exit 0; +fi +# Getting update info from remote repo +get_update_info; +# Determining that need to pull commits +is_ldir_need_to_update; +ldir_update=$?; +# or push to remote +is_rdir_need_to_update; +rdir_update=$?; +if [ $ldir_update -eq 0 ]; then + update_ldir; +elif [ $rdir_update -eq 0 ]; then + update_rdir; + if [ $? -ne 0 ]; then + is_ther_conflict; + fi +else + # If everything is up to date, nothing to do. + output "Everything is up to date." "ok"; +fi diff --git a/tools/101/unlock-ds b/tools/101/unlock-ds new file mode 100755 index 0000000..2d139a0 --- /dev/null +++ b/tools/101/unlock-ds @@ -0,0 +1,86 @@ +#!/bin/bash + +function help() { +echo "immudex-unlock-ds - Shell script for unlocking data store (cryptfs)."; +echo "@ 2023 morketsmerke.org" +echo; +echo "This script will unmount every file system mounted in cryptfs. If FS is"; +echo "locked then will kill every process that have opened file in that FS and"; +echo "finally in cryptfs unlocking him also. So use wisely."; +echo; +echo "Options: "; +echo " -h - This message"; +} + +# Function that getting PID of processes that have open file in DS +function getPids() { + sudo lsof 2>/dev/null | grep "$@" | awk '{printf $2"\n"}' | sort | uniq | awk '{printf $1" "}'; +} + +# Reading argv[1] to get help message"; +if [ "$1" ] && [ "$1" = "-h" ]; then + help; + exit 1; +fi + +# Disclaimer and question about continuing +echo "This script will unmount every file system mounted in cryptfs. If FS is"; +echo "locked then will kill every process that have opened file in that FS and"; +echo "finally in cryptfs unlocking him also. So use wisely."; +echo -n "Do you wish to contiue? (y/n):"; +read -n 1 cont; +if [ "$cont" != "y" ]; then exit 1; fi + + +dataStoresMountPoints=$(immudex-crypt list | grep 'immudex-crypt[0-9]*' | awk '{printf $3" "}'); +for dataStoreMountPoint in $dataStoresMountPoints; do + # Check is there any file system mounted inside data store. + mountPointsInDS=$(df | grep "${dataStoreMountPoint}/.*" | awk '{printf $6" "}'); + for mountPoint in $mountPointsInDS; do + # Try to umount FS in DS + sudo umount $mountPoint >> /dev/null 2>&1; + if [ $? -ne 0 ]; then + # Try to unlock mounted FS by killing processes that have open files + # inside mount point. + sudo kill $(getPids $mountPoint); + # Try umount FS once again. + sudo umount $mountPoint >> /dev/null 2>&1; + if [ $? -ne 0 ]; then + # FS are still mounted. Try to send a SIGKILL signal to them. + sudo kill -9 $(getPids $mountPoint); + # Try umount once again. + sudo umount $mountPoint >> /dev/null 2>&1; + if [ $? -ne 0 ]; then + echo "File systems mounted in data store are still lock. Needs user intervention"; + exit 1; + else + echo "The $mountPoint was unmounted."; + fi + else + echo "The $mountPoint was unmounted."; + fi + else + echo "The $mountPoint was unmounted."; + fi + done + # Check there are processes that have opened file from data store. + pidsList=$(getPids $dataStoreMountPoint); + if [ $(echo $pidsList | wc -w) -gt 0 ]; then + sudo kill $pidsList; + # Refresh pidsList + pidsList=$(getPids $dataStoreMountPoint); + if [ $(echo $pidsList | wc -w) -gt 0 ]; then + sudo kill -9 $pidsList; + pidsList=$(getPids $dataStoreMountPoint); + if [ $(echo $pidsList | wc -w) -eq 0 ]; then + echo "Data store: $dataStoreMountPoint is unlocked."; + else + echo "Data store: $dataStoreMountPoint is still locked. Needs user intervention"; + fi + else + echo "Data store: $dataStoreMountPoint is unlocked."; + fi + else + echo "Data store: $dataStoreMountPoint isn't locked. Nothing to do."; + fi +done diff --git a/versions/001.sh b/versions/001.sh new file mode 100644 index 0000000..d8d915f --- /dev/null +++ b/versions/001.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +export VERSION=$(echo $0 | cut -d "." -f 1); + +dhclient; +cd +if [ -x /usr/bin/git ]; then git clone https://github.com/xf0r3m/immudex-lhe; +else apt install git && git clone https://github.com/xf0r3m/immudex-lhe; +fi +source ~/immudex-lhe/versions/template.sh; + +update_packages; + +wget https://github.com/yt-dlp/yt-dlp/releases/download/2023.10.07/yt-dlp -O /usr/bin/youtube-dl; + +install_packages firejail; +cp -vv ~/immudex/files/${VERSION}/firejail.config /etc/firejail; + +wget https://ftp.morketsmerke.org/immudex/testing/software/librewolf/librewolf-118.0.1-1.en-US.linux-i686.tar.bz2; +tar -xf librewolf-118.0.1-1.en-US.linux-i686.tar.bz2 -C /usr/lib; +rm librewolf-118.0.1-1.en-US.linux-i686.tar.bz2; +ln -s /usr/lib/librewolf/librewolf /usr/bin/librewolf; +update-alternatives --remove icecat /usr/bin/icecat; +update-alternatives --install /usr/bin/x-www-browser librewolf /usr/bin/librewolf 100; +rm -v /usr/bin/icecat; +rm -rfv /usr/lib/icecat; +tar -xf ~/immudex-lhe/files/${VERSION}/librewolf.tgz -C /etc/skel; + + +cp -vv ~/immudex-lhe/${VERSION}/idle-clic /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/pl /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/secure-firefox /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/library.sh /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/motd2 /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/newsfeed /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/sync.sh /usr/local/bin; +cp -vv ~/immudex-lhe/${VERSION}/unlock-ds /usr/local/bin; + +chmod +x /usr/local/bin/*; + +cp -rvv ~/immudex-lhe/${VERSION}/files/sync.sh /usr/share/; + +recreate_user; + +tidy; +