From d174c70b0de888c90046cbfe7bd3adf1679de8c1 Mon Sep 17 00:00:00 2001 From: xf0r3m Date: Sat, 18 Apr 2026 19:23:02 +0200 Subject: [PATCH 1/1] =?utf8?q?Przes=C5=82anie=20plik=C3=B3w=20na=20repozyt?= =?utf8?q?orium.?= MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit --- dependencies.txt | 1 + hostname/immudex-hostname | 58 +++++++++ hostname/immudex-hostname.1 | 53 ++++++++ hostname/immudex-hostname.service | 9 ++ immudex-branch | 47 +++++++ immudex-branch.1 | 48 ++++++++ immudex-import-gpgkeys | 46 +++++++ immudex-import-gpgkeys.1 | 51 ++++++++ immudex-import-sshkeys | 63 ++++++++++ immudex-import-sshkeys.1 | 54 ++++++++ immudex-install | 196 ++++++++++++++++++++++++++++++ immudex-install.1 | 56 +++++++++ immudex-padlock | 120 ++++++++++++++++++ immudex-padlock.1 | 65 ++++++++++ immudex-run | 51 ++++++++ immudex-run.1 | 46 +++++++ immudex-secured-firefox | 43 +++++++ immudex-secured-firefox.1 | 41 +++++++ immudex-secured-librewolf | 44 +++++++ immudex-secured-librewolf.1 | 41 +++++++ immudex-upgrade | 125 +++++++++++++++++++ immudex-version | 4 + library.sh | 59 +++++++++ 23 files changed, 1321 insertions(+) create mode 100644 dependencies.txt create mode 100755 hostname/immudex-hostname create mode 100644 hostname/immudex-hostname.1 create mode 100644 hostname/immudex-hostname.service create mode 100755 immudex-branch create mode 100644 immudex-branch.1 create mode 100755 immudex-import-gpgkeys create mode 100644 immudex-import-gpgkeys.1 create mode 100755 immudex-import-sshkeys create mode 100644 immudex-import-sshkeys.1 create mode 100755 immudex-install create mode 100644 immudex-install.1 create mode 100755 immudex-padlock create mode 100644 immudex-padlock.1 create mode 100755 immudex-run create mode 100644 immudex-run.1 create mode 100755 immudex-secured-firefox create mode 100644 immudex-secured-firefox.1 create mode 100755 immudex-secured-librewolf create mode 100644 immudex-secured-librewolf.1 create mode 100755 immudex-upgrade create mode 100755 immudex-version create mode 100755 library.sh diff --git a/dependencies.txt b/dependencies.txt new file mode 100644 index 0000000..6cb5fd1 --- /dev/null +++ b/dependencies.txt @@ -0,0 +1 @@ +immudex-padlock: gnome-icon-theme diff --git a/hostname/immudex-hostname b/hostname/immudex-hostname new file mode 100755 index 0000000..0788fc7 --- /dev/null +++ b/hostname/immudex-hostname @@ -0,0 +1,58 @@ +#!/bin/bash + +function help() { + echo "immudex-hostname it's a main executional script for immudex-hostname"; + echo "service. The script job is to change set appropriate name for this"; + echo "host based on computer chassis and 7 last chars from boot ID." + echo; + echo "Usage: immudex-hostname [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights." + echo; + echo "Examples:"; + echo " immudex-hostname Set apropriate hostname, usually executed by systemd."; + echo " immudex-hostname --help Print this message."; + echo " immudex-hostname --version Print information about version, author and copyrights."; + echo; + echo "Files:"; + echo " /usr/lib/systemd/system/immudex-hostname.service Systemd unit file, to run immudex-hostname script as a service."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-hostname 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; + +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else + if [ $UID -ne 0 ]; then + echo "Permission denied!"; + exit 1; + fi + + bootID=$(sed 's/-//g' /proc/sys/kernel/random/boot_id | cut -c 26-33); + if hostnamectl > /dev/null 2>&1; then + hName="$(hostnamectl | grep 'Chassis' | cut -d ":" -f 2 | awk '{printf $1}')-${bootID}"; + else + hName="$(dmidecode -s chassis-type | head -1 | tr [A-Z] [a-z])-${bootID}"; + fi + + hostnamectl set-hostname $hName; + sed -i "s/immudex/${hName}/g" /etc/hosts; + echo $hName | sudo tee /etc/hostname > /dev/null; +fi diff --git a/hostname/immudex-hostname.1 b/hostname/immudex-hostname.1 new file mode 100644 index 0000000..8782d43 --- /dev/null +++ b/hostname/immudex-hostname.1 @@ -0,0 +1,53 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-HOSTNAME "1" "March 2026" "immudex-hostname 1.0" "User Commands" +.SH NAME +immudex-hostname \- it's a main executional script for immudex-hostname service. +.SH SYNOPSIS +.B immudex-hostname +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +immudex\-hostname it's a main executional script for immudex\-hostname +service. The script job is to change set appropriate name for this +host based on computer chassis and 7 last chars from boot ID. +.SH OPTIONS +.TP +\fB\-\-help\fR +Print this message. +.TP +\fB\-\-version\fR +Print information about version, author and copyrights. +.SH FILES +.TP +\fI\,/usr/lib/systemd/system/immudex\-hostname.service\/\fP +Systemd unit file, to run immudex\-hostname script as a service. +.SH EXAMPLES +.TP +immudex\-hostname +Set apropriate hostname, usually executed by systemd. +.TP +immudex\-hostname \-\-help +Print this message. +.TP +immudex\-hostname \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-hostname +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-hostname +programs are properly installed at your site, the command +.IP +.B info immudex-hostname +.PP +should give you access to the complete manual. diff --git a/hostname/immudex-hostname.service b/hostname/immudex-hostname.service new file mode 100644 index 0000000..c65f2e3 --- /dev/null +++ b/hostname/immudex-hostname.service @@ -0,0 +1,9 @@ +[Unit] +Description=Set hostname based on Hardware model +Before=display-manager.service +[Service] +Type=OneShot +ExecStart=/usr/local/sbin/immudex-hostname +RemainAfterExit=yes +[Install] +WantedBy=multi-user.target diff --git a/immudex-branch b/immudex-branch new file mode 100755 index 0000000..0c0c876 --- /dev/null +++ b/immudex-branch @@ -0,0 +1,47 @@ +#!/bin/bash + +function help() { + echo "immudex-branch it's a conky helper script, which returns Debian version"; + echo "used for build immudex. This information is used in 'Info:' section"; + echo "in conky widget as complement in name of immudex version."; + echo; + echo "Usage: immudex-branch [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Examples:"; + echo " immudex-branch Prints version of Debian used for immudex build with hyphen on start of." + echo " immudex-branch --help Prints this message."; + echo " immudex-branch --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-branch 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; + +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else + if grep -q 'forky' /etc/os-release; then + echo -n '-testing'; + elif grep -q 'trixie' /etc/os-release; then + echo -n '-stable'; + else + echo -n '-oldstable'; + fi +fi diff --git a/immudex-branch.1 b/immudex-branch.1 new file mode 100644 index 0000000..b745972 --- /dev/null +++ b/immudex-branch.1 @@ -0,0 +1,48 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-BRANCH "1" "March 2026" "immudex-branch 1.0" "User Commands" +.SH NAME +immudex-branch \- it's a conky helper script, which returns Debian version used for build immudex. +.SH SYNOPSIS +.B immudex-branch +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +immudex\-branch it's a conky helper script, which returns Debian version +used for build immudex. This information is used in 'Info:' section +in conky widget as complement in name of immudex version. +.SH OPTIONS +.TP +\fB\-\-help\fR +Print this message. +.HP +\fB\-\-version\fR Print information about version, author and copyrights. +.SH EXAMPLES +.TP +immudex\-branch +Prints version of Debian used for immudex build with hyphen on start of. +.TP +immudex\-branch \-\-help +Prints this message. +.TP +immudex\-branch \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-branch +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-branch +programs are properly installed at your site, the command +.IP +.B info immudex-branch +.PP +should give you access to the complete manual. diff --git a/immudex-import-gpgkeys b/immudex-import-gpgkeys new file mode 100755 index 0000000..89b6773 --- /dev/null +++ b/immudex-import-gpgkeys @@ -0,0 +1,46 @@ +#!/bin/bash + +function help() { + echo "it's a script for import GPG keys and owner trust. GPG keys can be used"; + echo "by 'pass' - POSIX compatibile password manager or signing. It's very"; + echo "helpful, when your keys are in files in encrypted datastore."; + echo "Script requires to store GPG keys in home dir or change home dir before"; + echo "execute a script."; + echo; + echo "Usage: immudex-import-gpgkeys [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights"; + echo; + echo "Examples:"; + echo " immudex-import-gpgkeys Import GPG keys and owner trust."; + echo " immudex-import-gpgkeys --help Print this message."; + echo " immudex-import-gpgkeys --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-import-gpgkeys 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else + if [ -f ~/public.gpg ] && [ -f ~/private.gpg ] && [ -f ~/otrust.txt ]; then + gpg --import ~/public.gpg + gpg --import ~/private.gpg + gpg --import-ownertrust ~/otrust.txt + fi +fi diff --git a/immudex-import-gpgkeys.1 b/immudex-import-gpgkeys.1 new file mode 100644 index 0000000..55b4dfa --- /dev/null +++ b/immudex-import-gpgkeys.1 @@ -0,0 +1,51 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-IMPORT-GPGKEYS "1" "March 2026" "immudex-import-gpgkeys 1.0" "User Commands" +.SH NAME +immudex-import-gpgkeys \- it's a script for import GPG keys and owner trust. +.SH SYNOPSIS +.B immudex-import-gpgkeys +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +it's a script for import GPG keys and owner trust. GPG keys can be used +by 'pass' \- POSIX compatibile password manager or signing. It's very +helpful, when your keys are in files in encrypted datastore. +Script requires to store GPG keys in home dir or change home dir before +execute a script. +.SH OPTIONS +.TP +\fB\-\-help\fR +Print this message. +.TP +\fB\-\-version\fR +Print information about version, author and copyrights +.SH EXAMPLES +.TP +immudex\-import\-gpgkeys +Import GPG keys and owner trust. +.TP +immudex\-import\-gpgkeys \-\-help +Print this message. +.TP +immudex\-import\-gpgkeys \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-import-gpgkeys +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-import-gpgkeys +programs are properly installed at your site, the command +.IP +.B info immudex-import-gpgkeys +.PP +should give you access to the complete manual. diff --git a/immudex-import-sshkeys b/immudex-import-sshkeys new file mode 100755 index 0000000..91e1c2b --- /dev/null +++ b/immudex-import-sshkeys @@ -0,0 +1,63 @@ +#!/bin/bash + +function help() { + echo "it's a script for copying OpenSSH client files such as keys and config file into user native home directory."; + echo "This command should be run in other home directory, where ssh keys are stored."; + echo; + echo "Usage: immudex-import-sshkeys [--import-hosts] [--help] [--version]"; + echo; + echo "Options:"; + echo " --import-hosts Import hostnames and adresses to /etc/host file (sudo required) from SSH config file if exist."; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Examples:"; + echo " immudex-import-sshkeys Import OpenSSH client files into user native home dir."; + echo " immudex-import-sshkeys --import-hosts Import OpenSSH client files and create DNS resolve database in /etc/hosts by taking data from OpenSSH client config file, if exist."; + echo " immudex-import-sshkeys --help Print this message."; + echo " immudex-import-sshkeys --version Print information about version, author and copyrights." + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-import-sshkeys 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else +if $(ls $HOME | grep -q '.*_rsa.*'); then + if [ -d /home/$USER/.ssh ]; then + cp -v ~/*_rsa* /home/$USER/.ssh; + else + mkdir /home/$USER/.ssh; + chmod 700 /home/$USER/.ssh; + cp -v ~/*_rsa* /home/$USER/.ssh; + fi +fi +if $(ls -w1 $HOME | grep -q '^config$'); then + cp -v ~/config /home/$USER/.ssh; + if [ "$1" ] && [ "$1" = "--import-hosts" ]; then + i=1; + hostsCount=$(grep -o "Host .*" ~/config | wc -l); + while [ $i -le $hostsCount ]; do + host=$(grep -o "Host .*" ~/config | sed -n "${i}p" | awk '{printf $2}'); + hostName=$(grep -o "HostName .*" ~/config | sed -n "${i}p" | awk '{printf $2}'); + echo -e "${host}\t${hostName}" | sudo tee -a /etc/hosts; + i=$(expr $i + 1); + done + fi + chmod 600 /home/$USER/.ssh/config; +fi +fi diff --git a/immudex-import-sshkeys.1 b/immudex-import-sshkeys.1 new file mode 100644 index 0000000..e393703 --- /dev/null +++ b/immudex-import-sshkeys.1 @@ -0,0 +1,54 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-IMPORT-SSHKEYS "1" "March 2026" "immudex-import-sshkeys 1.0" "User Commands" +.SH NAME +immudex-import-sshkeys \- it's a script for copying OpenSSH client files such as keys and config file into user native home directory. +.SH SYNOPSIS +.B immudex-import-sshkeys +[\fI\,--import-hosts\/\fR] [\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +it's a script for copying OpenSSH client files such as keys and config file into user native home directory. +This command should be run in other home directory, where ssh keys are stored. +.SH OPTIONS +.TP +\fB\-\-import\-hosts\fR +Import hostnames and adresses to \fI\,/etc/host\/\fP file (sudo required) from SSH config file if exist. +.TP +\fB\-\-help\fR +Print this message. +.TP +\fB\-\-version\fR +Print information about version, author and copyrights. +.SH EXAMPLES +.TP +immudex\-import\-sshkeys +Import OpenSSH client files into user native home dir. +.TP +immudex\-import\-sshkeys \-\-import\-hosts +Import OpenSSH client files and create DNS resolve database in /etc/hosts by taking data from OpenSSH client config file, if exist. +.TP +immudex\-import\-sshkeys \-\-help +Print this message. +.TP +immudex\-import\-sshkeys \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-import-sshkeys +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-import-sshkeys +programs are properly installed at your site, the command +.IP +.B info immudex-import-sshkeys +.PP +should give you access to the complete manual. diff --git a/immudex-install b/immudex-install new file mode 100755 index 0000000..fc07577 --- /dev/null +++ b/immudex-install @@ -0,0 +1,196 @@ +#!/bin/bash + +RED="\e[31m"; +GREEN="\e[32m"; +ENDCOLOR="\e[0m"; + +function help() { + echo "it's a script for installation immudex LiveCD images on computer hard"; + echo "disk. This program runs interactivly and the one thing you need to do"; + echo "is choose a right disk for installation. That's all, but if you using"; + echo "custom images, you may need change partition size for immudex image." + echo "It's hard to imagine, how it's possible to create images bigger than 3"; + echo "GB. It would happens. More space in this partition is also needed for"; + echo "upgrades tasks. So if your image is bigger than 2 GiB, you need to "; + echo "change size of this partition before you start instalation."; + echo "Recomended size is 3 times the image size."; + echo "This script requires superuser (root) privileges."; + echo; + echo "Usage: immudex-install [--help] [--version]"; + echo; + echo "Options:"; + echo " --help Print this message."; + echo " --version Print information about version, author and copyrights."; + echo; + echo "Examples:"; + echo " immudex-install Standard execution, instalation immudex LiveCD on computer hard disk."; + echo " immudex-install --help Print this message."; + echo " immudex-install --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version() { + echo "immudex-install 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; + +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else +if [ $UID -ne 0 ]; then + echo "Permission denied!"; + exit 1; +fi + +while [ true ]; do + echo -e "${RED}This script will install immudex on first disk on your machine.${ENDCOLOR}"; + echo -e "${RED}It could be destructive for data placed on this disk${ENDCOLR}"; + echo -en "${RED}Are you sure that you want contiune? (y/n): ${ENDCOLOR}"; + read ans; + if [ "$ans" = "y" ]; then break; + elif [ "$ans" = "n" ]; then exit 1; + fi +done + +set -e + +function selectDisk() { + disks=$(lsblk | grep 'disk' | awk '{printf $1" "}'); + if [ $(echo $disks | wc -w) -gt 1 ]; then + select drive in $disks; do + echo $drive; + break; + done + else + echo $disks | awk '{printf $1}'; + fi +} + +if $(sudo efibootmgr > /dev/null 2>&1); then +#uefi installation + #partitioning + echo -n "Installation immudex in EFI mode ... "; + disk=$(selectDisk); + originDisk=$disk; + if [ ! "$disk" ]; then exit 1; fi + + dd if=/dev/zero bs=1M of=/dev/$disk count=1 2> /dev/null + + parted /dev/$disk mklabel msdos > /dev/null 2>&1; + parted /dev/$disk mkpart primary 1 101M > /dev/null 2>&1; + parted /dev/$disk set 1 boot on > /dev/null 2>&1; + parted /dev/$disk mkpart primary 101M 3G > /dev/null 2>&1; + + if $(echo $disk | egrep -qo "mmc|nvme"); then disk="${disk}p"; fi + + #formatting + mkfs.vfat -F32 /dev/${disk}1 > /dev/null 2>&1; + mkfs.ext4 /dev/${disk}2 > /dev/null 2>&1; + + #Setting label for partition + e2label /dev/${disk}2 "immudex" > /dev/null 2>&1; + + #mount root partition + mount /dev/${disk}2 /media > /dev/null 2>&1; + + #creating directories for efi partition + mkdir -p /media/boot/efi > /dev/null 2>&1; + + #mount efi partition + mount /dev/${disk}1 /media/boot/efi > /dev/null 2>&1; + + #mount iso image in /mnt directory + #sudo mount /dev/sr0 /mnt > /dev/null 2>&1; + + #copying whole iso image to the second partition + cp -rvv /run/live/medium/* /media > /dev/null 2>&1; + + sed -i '/set\ timeout=/ s/30/5/' /media/boot/grub/grub.cfg; + sed -i 's/bootfrom=removable //g' /media/boot/grub/grub.cfg; + + #removing unnecessary directories from second partition + rm -rf /media/isolinux > /dev/null 2>&1; + rm -rf /media/EFI > /dev/null 2>&1; + + #GRUB Installation + if [ -f /usr/lib/live/mount/medium/EFI/BOOT/BOOTIA32.EFI ]; then + target="i386-efi"; + else + target="x86_64-efi"; + fi + grub-install --target=${target} --root-directory=/media --boot-directory=/media/boot --efi-directory=/media/boot/efi --bootloader-id=debian --removable > /dev/null 2>&1; + + #Adding entry to EFI Firmware + efibootmgr -c -d /dev/${originDisk} -p 1 -L "Debian" -l '\EFI\BOOT\grubx64.efi' > /dev/null 2>&1; + + #Umount all mounted filesystems + umount -R /media > /dev/null 2>&1; + + if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + +else +#mbr installation + echo -n "Installation immudex in BIOS mode ... "; + + #partitioning + disk=$(selectDisk); + if [ ! "$disk" ]; then exit 1; fi + + dd if=/dev/zero bs=1M of=/dev/$disk count=1 2> /dev/null + + parted /dev/$disk mklabel msdos > /dev/null 2>&1; + parted /dev/$disk mkpart primary 1 3G > /dev/null 2>&1; + parted /dev/$disk set 1 boot on > /dev/null 2>&1; + + if $(echo $disk | egrep -qo "mmc|nvme"); then disk="${disk}p"; fi + + #formatting + mkfs.ext4 /dev/${disk}1 > /dev/null 2>&1; + + #Setting label for partition is necessary for extlinux bootloader + e2label /dev/${disk}1 "immudex" > /dev/null 2>&1; + + #mount partition in /media directory + mount /dev/${disk}1 /media > /dev/null 2>&1; + + #Creating directory for extlinux + mkdir /media/extlinux > /dev/null 2>&1; + + #Instalation extlinux files in abovementioned directory + extlinux --install /media/extlinux > /dev/null 2>&1; + + #mount iso image in /mnt directory + #sudo mount /dev/sr0 /mnt > /dev/null 2>&1; + + #copying live directory from iso image to partition + cp -rvv /run/live/medium/live /media > /dev/null; 2>&1; + + #installation extlinux MBR on first sector of hard drive (whole device) + dd if=/usr/lib/EXTLINUX/mbr.bin of=/dev/${disk} > /dev/null 2>&1; + + #creating extlinux configuration file + cat > extlinux.conf < /dev/null 2>&1; + rm extlinux.conf; + + #Unmounting filesystems + umount /media > /dev/null 2>&1; + if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi +fi +fi diff --git a/immudex-install.1 b/immudex-install.1 new file mode 100644 index 0000000..39cad64 --- /dev/null +++ b/immudex-install.1 @@ -0,0 +1,56 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-INSTALL "1" "March 2026" "immudex-install 1.0" "User Commands" +.SH NAME +immudex-install \- it's a script for installation immudex LiveCD images on computer hard disk. +.SH SYNOPSIS +.B immudex-install +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +it's a script for installation immudex LiveCD images on computer hard +disk. This program runs interactivly and the one thing you need to do +is choose a right disk for installation. That's all, but if you using +custom images, you may need change partition size for immudex image. +It's hard to imagine, how it's possible to create images bigger than 3 +GB. It would happens. More space in this partition is also needed for +upgrades tasks. So if your image is bigger than 2 GiB, you need to +change size of this partition before you start instalation. +Recomended size is 3 times the image size. +This script requires superuser (root) privileges. +.SH OPTIONS +.TP +\fB\-\-help\fR +Print this message. +.TP +\fB\-\-version\fR +Print information about version, author and copyrights. +.SH EXAMPLES +.TP +immudex\-install +Standard execution, instalation immudex LiveCD on computer hard disk. +.TP +immudex\-install \-\-help +Print this message. +.TP +immudex\-install \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-install +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-install +programs are properly installed at your site, the command +.IP +.B info immudex-install +.PP +should give you access to the complete manual. diff --git a/immudex-padlock b/immudex-padlock new file mode 100755 index 0000000..802addf --- /dev/null +++ b/immudex-padlock @@ -0,0 +1,120 @@ +#!/bin/bash + +function help(){ + echo "it's a switch script. This script, if there is more than one cryptdisk"; + echo "gives a change to choose a cryptdisk and starts opening him. After"; + echo "sucessful opening, it spawns a terminal window with CWD sets up on"; + echo "choosed cryptdisk mountpoint and change the launcher icon in the bottom"; + echo "panel, which informs user, there are a opened cryptdisks. When user,"; + echo "execute script once again, he close all opened cryptdisk either that"; + echo "not open with this script. At least he tries. In some cases it will be"; + echo "impossible, because there are processes which using this cryptdisk or"; + echo "inside this mount point there is other mount point. This is signaled,"; + echo "by apropriate notification."; + echo "This script needs superuser (root) privileges, but using sudo command"; + echo "is implemented inside the script, you don't needed to launch this"; + echo "via sudo."; + echo; + echo "Usage: immudex-padlock [--help] [--version]"; + echo; + echo "Example:"; + echo " immudex-padlock Standard script execution, explained above."; + echo " immudex-padlock --help Print this message."; + echo " immudex-padlock --version Print information about version, author and copyrights."; + echo; + echo "Files:"; + echo " /usr/share/icons/padlock-icon.png Symlink, original launcher icon."; + echo " /usr/share/icons/changes-prevent.png Original, closed padlock icon."; + echo " /usr/share/icons/changes-allow.png Original, open padlock icon."; + echo " /etc/skel/.config/xfce4/panel/launcher-14/16844255236.desktop XFCE4 bottom panel script activator."; + echo; + echo "Report bugs to "; +} + +function version(){ + echo "immudex-padlock 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +launcher="/home/${USER}/.config/xfce4/panel/launcher-14/16844255236.desktop"; + +function main_unlock() { + sudo /usr/local/sbin/immudex-crypt open $1; + index=$(basename $(sudo /usr/local/sbin/immudex-crypt list | grep "$1" | head -1 | awk '{printf $2}' | grep -o '[0-9]')); + #sudo mkdir -p /media/${USER}/$devName; + #sudo mount /dev/mapper/$devName /media/${USER}/$devName; + + xfce4-terminal --default-working-directory=/ic${index}; + sed -i 's/padlock-icon/changes-allow/' ${launcher}; + #sudo rm /usr/share/icons/padlock-icon.png; + #sudo ln -s /usr/share/icons/changes-allow.png /usr/share/icons/padlock-icon.png; + +} + +function unlock() { + + cryptParts=$(sudo blkid | grep 'LUKS' | sed 's/://g' | awk '{printf $1" "}'); + if [ "$cryptParts" ]; then + if [ $(echo $cryptParts | wc -w) -gt 1 ]; then + select cryptPart in $cryptParts; do + main_unlock $cryptPart; + break; + done + else + main_unlock $cryptParts; + fi + else + echo -e "\e[31mThere is no LUKS partition to open.\e[0m"; + sleep 3; + fi +} + +function lock() { + + mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}'); + + if [ "$mapperDeviceList" ]; then + for dmDevice in $mapperDeviceList; do + if sudo cryptsetup status /dev/mapper/${dmDevice} > /dev/null 2>&1; then + mountPoint=$(df --output=source,target /dev/mapper/${dmDevice} | tail -n 1 | awk '{printf $2}'); + if [ "$mountPoint" ]; then + if $(sudo lsof $mountPoint > /dev/null 2>&1); then + notify-send "Padlock" "The /dev/mapper/${dmDevice} cannot be unmount, because there are opened file or running proceses." --icon=dialog-error; + else + sudo umount $mountPoint; + if [ $? -ne 0 ]; then + notify-send "Padlock" "The /dev/mapper/${dmDevice} cannot be unmount, because there are other filesystem is mounted in." --icon=dialog-error; + fi + sudo cryptsetup close /dev/mapper/${dmDevice}; + fi + else + sudo cryptsetup close /dev/mapper/${dmDevice}; + fi + fi + done + fi + if ! $(df -h | grep -q '/dev/mapper'); then + sed -i 's/changes-allow/padlock-icon/' ${launcher}; + #sudo rm /usr/share/icons/padlock-icon.png; + #sudo ln -s /usr/share/icons/changes-prevent.png /usr/share/icons/padlock-icon.png; + fi +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + elif [ "$1" = "--version" ]; then + version; + fi +else + mapperDeviceList=$(ls /dev/mapper | grep 'immudex-*' | awk '{printf $1" "}'); + + if [ "$mapperDeviceList" ]; then lock; + else unlock; + fi +fi diff --git a/immudex-padlock.1 b/immudex-padlock.1 new file mode 100644 index 0000000..766b588 --- /dev/null +++ b/immudex-padlock.1 @@ -0,0 +1,65 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-PADLOCK "1" "March 2026" "immudex-padlock 1.0" "User Commands" +.SH NAME +immudex-padlock \- it's a switch script. This script, if there is more than one cryptdisk gives a change to choose a cryptdisk and starts opening him. +.SH SYNOPSIS +.B immudex-padlock +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +it's a switch script. This script, if there is more than one cryptdisk +gives a change to choose a cryptdisk and starts opening him. After +sucessful opening, it spawns a terminal window with CWD sets up on +choosed cryptdisk mountpoint and change the launcher icon in the bottom +panel, which informs user, there are a opened cryptdisks. When user, +execute script once again, he close all opened cryptdisk either that +not open with this script. At least he tries. In some cases it will be +impossible, because there are processes which using this cryptdisk or +inside this mount point there is other mount point. This is signaled, +by apropriate notification. +This script needs superuser (root) privileges, but using sudo command +is implemented inside the script, you don't needed to launch this +via sudo. +.SS "Example:" +.TP +immudex\-padlock +Standard script execution, explained above. +.TP +immudex\-padlock \fB\-\-help\fR +Print this message. +.TP +immudex\-padlock \fB\-\-version\fR +Print information about version, author and copyrights. +.SH FILES +.TP +\fI\,/usr/share/icons/padlock\-icon.png\/\fP +Symlink, original launcher icon. +.TP +\fI\,/usr/share/icons/changes\-prevent.png\/\fP +Original, closed padlock icon. +.TP +\fI\,/usr/share/icons/changes\-allow.png\/\fP +Original, open padlock icon. +.TP +/etc/skel/.config/xfce4/panel/launcher\-14/16844255236.desktop +XFCE4 bottom panel script activator. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-padlock +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-padlock +programs are properly installed at your site, the command +.IP +.B info immudex-padlock +.PP +should give you access to the complete manual. diff --git a/immudex-run b/immudex-run new file mode 100755 index 0000000..c0fa3e4 --- /dev/null +++ b/immudex-run @@ -0,0 +1,51 @@ +#!/bin/bash + +function help() { + echo "This script allows to run a program with pointed home dir on first"; + echo "opened LUKS partition via immudex-crypt tool. The most programs in"; + echo "Linux write some data in users home dirs. Doing this persistentaly"; + echo "in immudex is imposible, because all default users home dirs came back"; + echo "to state from image and wroted date are gone. Running programs via this"; + echo "scripts makes possible to save this date on first 'crypt'."; + echo "This script can be use to make your own activators easlly."; + echo; + echo "Usage: immudex-run [--help] [--version] program_name [program_args]"; + echo; + echo "Examples:"; + echo " immudex-run firefox-esr Run given program"; + echo " immudex-run --help Print this message"; + echo " immudex-run --version Print information about version, author and copyrights"; + echo; + echo "Report bugs to "; +} + +function version(){ + echo "immudex-run 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit 0; + elif [ "$1" = "--version" ]; then + version; + exit 0; + fi +fi + +export HOME=/ic0; +export XDG_CONFIG_HOME=/ic0; +export XDG_CACHE_HOME=/ic0/.cache; +export XDG_CONFIG_DIRS=/ic0/.config; + +program=$1; +shift; +args="$@"; + +$(which $program) ${args}; diff --git a/immudex-run.1 b/immudex-run.1 new file mode 100644 index 0000000..c59ae35 --- /dev/null +++ b/immudex-run.1 @@ -0,0 +1,46 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-RUN "1" "April 2026" "immudex-run 1.0" "User Commands" +.SH NAME +immudex-run \- Script for run a program in changed user home dir. +.SH SYNOPSIS +.B immudex-run +[\fI\,--help\/\fR] [\fI\,--version\/\fR] \fI\,program_name \/\fR[\fI\,program_args\/\fR] +.SH DESCRIPTION +This script allows to run a program with pointed home dir on first +opened LUKS partition via immudex\-crypt tool. The most programs in +Linux write some data in users home dirs. Doing this persistentaly +in immudex is imposible, because all default users home dirs came back +to state from image and wroted date are gone. Running programs via this +scripts makes possible to save this date on first 'crypt'. +This script can be use to make your own activators easlly. +.SH EXAMPLES +.TP +immudex\-run firefox\-esr +Run given program +.TP +immudex\-run \-\-help +Print this message +.TP +immudex\-run \-\-version +Print information about version, author and copyrights +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-run +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-run +programs are properly installed at your site, the command +.IP +.B info immudex-run +.PP +should give you access to the complete manual. diff --git a/immudex-secured-firefox b/immudex-secured-firefox new file mode 100755 index 0000000..32720aa --- /dev/null +++ b/immudex-secured-firefox @@ -0,0 +1,43 @@ +#!/bin/bash + +function help() { + echo "This tool running up a Firefox browser via firejail with sandboxing "; + echo "and forcing network interface to that we use to internet connection."; + echo; + echo "Usage: immudex-secured-firefox [--help] [--version]"; + echo; + echo "Exaples:"; + echo " immudex-secured-firefox Run secured browser."; + echo " immudex-secured-firefox --help Print this message."; + echo " immudex-secured-firefox --version Print information about version, author and copyrights"; + echo; + echo "Report bugs to "; +} + +function version(){ + echo "immudex-secured-firefox 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit 0; + elif [ "$1" = "--version" ]; then + version; + exit 0; + fi +fi + +if [ ! -d /tmp/${USER} ]; then + mkdir /tmp/${USER} + cp -prvv /home/${USER}/.mozilla /tmp/${USER} +fi + +eth0=$(ip route show | grep 'default' | awk '{printf $5}'); +firejail --private=/tmp/${USER} --net=$eth0 /usr/lib/firefox-esr/firefox-esr diff --git a/immudex-secured-firefox.1 b/immudex-secured-firefox.1 new file mode 100644 index 0000000..e8b1447 --- /dev/null +++ b/immudex-secured-firefox.1 @@ -0,0 +1,41 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-SECURED-FIREFOX "1" "April 2026" "immudex-secured-firefox 1.0" "User Commands" +.SH NAME +immudex-secured-firefox \- Run secured firefox. +.SH SYNOPSIS +.B immudex-secured-firefox +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +This tool running up a Firefox browser via firejail with sandboxing +and forcing network interface to that we use to internet connection. +.SS "Exaples:" +.TP +immudex\-secured\-firefox +Run secured browser. +.TP +immudex\-secured\-firefox \fB\-\-help\fR +Print this message. +.TP +immudex\-secured\-firefox \fB\-\-version\fR +Print information about version, author and copyrights +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-secured-firefox +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-secured-firefox +programs are properly installed at your site, the command +.IP +.B info immudex-secured-firefox +.PP +should give you access to the complete manual. diff --git a/immudex-secured-librewolf b/immudex-secured-librewolf new file mode 100755 index 0000000..30d65ee --- /dev/null +++ b/immudex-secured-librewolf @@ -0,0 +1,44 @@ +#!/bin/bash + +function help() { + echo "immudex-secured-librewolf, support for LibreWolf version. LibreWolf isn't"; + echo "part of immudex, but this tool officialy existed as a part of project."; + echo; + echo "Usage: immudex-secured-librewolf [--help] [--version]"; + echo; + echo "Examples:"; + echo " immudex-secured-librewolf Run sandboxed LibreWolf browser." + echo " immudex-secured-librewolf --help Print this messages." + echo " immudex-secured-librewolf --version Print information about version, author and copyrights."; + echo; + echo "Report bugs to "; +} + +function version(){ + echo "immudex-secured-librewolf 1.0"; + echo; + echo "Copyright (C) 2026 morketsmerke.org"; + echo "This is free software; see the source for copying conditions. There is NO"; + echo "warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."; + echo; + echo "Written by xf0r3m."; +} + +if [ "$1" ]; then + if [ "$1" = "--help" ]; then + help; + exit; + elif [ "$1" = "--version" ]; then + version; + exit; + fi +fi + + +if [ ! -d /tmp/${USER} ]; then + mkdir /tmp/${USER} + cp -prvv /home/${USER}/.librewolf /tmp/${USER} +fi + +eth0=$(ip route show | grep 'default' | awk '{printf $5}'); +firejail --private=/tmp/${USER} --net=$eth0 /usr/bin/librewolf diff --git a/immudex-secured-librewolf.1 b/immudex-secured-librewolf.1 new file mode 100644 index 0000000..552864b --- /dev/null +++ b/immudex-secured-librewolf.1 @@ -0,0 +1,41 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH IMMUDEX-SECURED-LIBREWOLF "1" "April 2026" "immudex-secured-librewolf 1.0" "User Commands" +.SH NAME +immudex-secured-librewolf \- Run secured LibreWolf. +.SH SYNOPSIS +.B immudex-secured-librewolf +[\fI\,--help\/\fR] [\fI\,--version\/\fR] +.SH DESCRIPTION +immudex\-secured\-librewolf, support for LibreWolf version. LibreWolf isn't +part of immudex, but this tool officialy existed as a part of project. +.SH EXAMPLES +.TP +immudex\-secured\-librewolf +Run sandboxed LibreWolf browser. +.TP +immudex\-secured\-librewolf \-\-help +Print this messages. +.TP +immudex\-secured\-librewolf \-\-version +Print information about version, author and copyrights. +.SH AUTHOR +Written by xf0r3m. +.SH "REPORTING BUGS" +Report bugs to +.SH COPYRIGHT +Copyright \(co 2026 morketsmerke.org +.br +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +.SH "SEE ALSO" +The full documentation for +.B immudex-secured-librewolf +is maintained as a Texinfo manual. If the +.B info +and +.B immudex-secured-librewolf +programs are properly installed at your site, the command +.IP +.B info immudex-secured-librewolf +.PP +should give you access to the complete manual. diff --git a/immudex-upgrade b/immudex-upgrade new file mode 100755 index 0000000..c1507fa --- /dev/null +++ b/immudex-upgrade @@ -0,0 +1,125 @@ +#!/bin/bash + +set -e + +source library.sh + +RED="\e[31m"; +GREEN="\e[32m"; +YELLOW="\e[33m"; +ENDCOLOR="\e[0m"; +root="/run/live/medium"; + +function help() { + echo "immudex-upgrade - script for searching upgrades and upgrade immudex"; + echo "@ 2024 morketsmerke.org"; + echo "Superuser (root) privileges are required."; + echo "Options:"; + echo " --check - check there are upgrades for immudex"; + echo " --upgrade - upgrade immudex from given source"; + #echo " --myversion - prints images current commit message"; + echo " --myversion - prints image details"; + echo " --compilation-date - prints date of image creation"; + echo " --packages-upgradable [--security] - updates apt (packages) list and"; + echo " prints available to upgrade packages, with --security modificator"; + echo " prints only pacakages from security repository branch"; +} + +if [ $UID -ne 0 ]; then + echo "Permission denied!"; + help; + exit 1; +fi + +if [ "$1" ]; then + if [ "$1" ] && [ "$1" = "--check" ]; then + if check_distro_commit; then + echo -e "${GREEN}This${ENDCOLOR} is the latest version of immudex"; + else + echo -e "There is a ${RED}new${ENDCOLOR} version of immudex:"; + echo "==================================================="; + check_distro_commit --print; + fi + elif [ "$1" ] && [ "$1" = "--upgrade" ]; then + part=$(blkid | grep 'LABEL="immudex"' | awk '{printf $1}' | cut -d ":" -f 1); + if mount | grep -q "$part"; then + echo -n "Mounting iso image..."; + mount $2 /mnt > /dev/null 2>&1; + if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + mountPointList=$(mount | grep "$part" | awk '{printf $3" "}'); + for mountPoint in $mountPointList; do + echo -n "Unlocking $mountPoint ..."; + mount $part $mountPoint -o remount,rw > /dev/null 2>&1; + if [ $? -eq 0 ]; then + echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; + else + echo -e "[ ${RED}FAIL${ENDCOLOR} ]"; + fi + done + echo "Copying immudex files to the disk..."; + cp -vv /mnt/live/* ${mountPoint}/live; + if [ $? -eq 0 ]; then + echo -e "Copying immudex files to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + else + echo -e "Copying immudex files to the disk...[ ${RED}FAIL${ENDCOLOR} ]"; + fi + else + echo -n "Mounting immudex partition..."; + mount $part /mnt >> /dev/null 2>&1; + if [ $? -eq 0 ]; then echo -e "[ ${GREEN}OK${ENDCOLOR} ]"; fi + echo "Copying immudex files to the disk..."; + cp -vv /run/live/medium/live/* /mnt/live; + if [ $? -eq 0 ]; then + echo -e "Copying immudex files to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + else + echo -e "Copying immudex files to the disk...[ ${RED}FAIL${ENDCOLOR} ]"; + fi + fi + if $(sudo efibootmgr > /dev/null 2>&1); then + echo "Copying grub config to the disk..."; + if [ "$mountPoint" ]; then + cp -vv /mnt/boot/grub/grub.cfg ${mountPoint}/boot/grub/grub.cfg; + if [ $? -eq 0 ]; then + echo -e "Copying grub config to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + sed -i '/set\ timeout=/ s/30/5/' ${mountPoint}/boot/grub/grub.cfg; + sed -i 's/bootfrom=removable //g' ${mountPoint}/boot/grub/grub.cfg; + else + echo -e "Copying grub config to the disk...[ ${RED}FAIL${ENDCOLOR} ]"; + fi + else + cp -vv /run/live/medium/boot/grub/grub.cfg /mnt/boot/grub/grub.cfg; + if [ $? -eq 0 ]; then + echo -e "Copying grub config to the disk...[ ${GREEN}OK${ENDCOLOR} ]"; + sed -i '/set\ timeout=/ s/30/5/' /mnt/boot/grub/grub.cfg; + sed -i 's/bootfrom=removable //g' /mnt/boot/grub/grub.cfg; + else + echo -e "Copying grub config to the disk...[ ${RED}FAIL${ENDCOLOR} ]"; + fi + fi + fi + elif [ "$1" ] && [ "$1" = "--myversion" ]; then + #if [ -d /tmp/immudex ]; then + # (cd /tmp/immudex && git pull > /dev/null 2>&1) + #else + # git clone https://github.com/xf0r3m/immudex /tmp/immudex; + #fi + #(cd /tmp/immudex && git show $(cat /run/live/medium/live/version)) + cat /run/live/medium/live/changelog; + elif [ "$1" ] && [ "$1" = "--packages-upgradable" ]; then + apt update; + if [ "$2" ] && [ "$2" = "--security" ]; then + apt list --upgradable | grep 'security'; + else + apt list --upgradable; + fi + elif [ "$1" ] && [ "$1" = "--compilation-date" ]; then + eval $(grep '^COMPILATION_DATE' /run/live/medium/live/changelog); + echo "Image was created: $COMPILATION_DATE"; + else + help; + exit 1; + fi +else + help; + exit 1; +fi diff --git a/immudex-version b/immudex-version new file mode 100755 index 0000000..67be301 --- /dev/null +++ b/immudex-version @@ -0,0 +1,4 @@ +#!/bin/bash + +eval $(grep '^COMMIT' /run/live/medium/live/changelog) +echo $COMMIT | awk '{printf $1}' | cut -c 1-7 diff --git a/library.sh b/library.sh new file mode 100755 index 0000000..2e50210 --- /dev/null +++ b/library.sh @@ -0,0 +1,59 @@ +#!/bin/bash + +function get_debian_branch() { + if grep -q 'trixie' /etc/os-release; then + echo "testing"; + elif grep -q 'bookworm' /etc/os-release; then + echo "stable"; + else + echo "oldstable"; + fi +} + +function get_machine_arch() { + arch=$(uname -m); + if [ "$arch" = "i686" ]; then + echo "32"; + else + echo "64"; + fi +} + +function check_distro_commit() { + versionFile="/run/live/medium/live/version"; + if [ -f $versionFile ]; then + localVersion=$(cat $versionFile); + if [ -d /tmp/immudex ]; then + $(cd /tmp/immudex && git pull -q); + else + git clone -q https://github.com/xf0r3m/immudex /tmp/immudex; + fi + latestVersion=$(cd /tmp/immudex && git log --pretty=oneline | head -1 | cut -d " " -f 1); + if [ "$1" ] && [ "$1" == "--print" ]; then + echo "$(cd /tmp/immudex && git log ${localVersion}..${latestVersion})"; + fi + if [ "$localVersion" = "$latestVersion" ]; then + return 0; + else + return 1; + fi + else + return 255; + fi +} + +function ascii_colors() { + + BLUE="\e[1;94m"; + RED="\e[1;91m"; + CYAN="\e[1;96m"; + ENDCOLOR="\e[0m"; + + echo -e "${BLUE} _ ${RED} _ ${CYAN} ${ENDCOLOR}"; + echo -e "${BLUE}(_)_ __ ___ _ __ ___ _ _ ${RED} __| | ___${CYAN}__ __${ENDCOLOR}"; + echo -e "${BLUE}| | '_ \` _ \| '_ \` _ \| | | |${RED}/ _\` |/ _ \\\\${CYAN} \/ /${ENDCOLOR}"; + echo -e "${BLUE}| | | | | | | | | | | | |_| |${RED} (_| | __/${CYAN}> < ${ENDCOLOR}"; + echo -e "${BLUE}|_|_| |_| |_|_| |_| |_|\__,_|${RED}\__,_|\___/${CYAN}_/\_\\"; + echo -e "${ENDCOLOR}"; + +} -- 2.39.5