parent
050c409f4c
commit
52c7530e80
|
@ -0,0 +1,116 @@
|
||||||
|
UPSTREAM_ISO_NAME=tails-i386-1.2.iso
|
||||||
|
WORK_DIR=work
|
||||||
|
CHROOT_DIR=${WORK_DIR}/chroot
|
||||||
|
ISOLINUX_DIR=${WORK_DIR}/cd/isolinux
|
||||||
|
|
||||||
|
setup:
|
||||||
|
mkdir -p ${CHROOT_DIR} ${WORK_DIR}/cd
|
||||||
|
|
||||||
|
mkdir -p ${WORK_DIR}/mountpoint
|
||||||
|
mount -o loop upstream/${UPSTREAM_ISO_NAME} ${WORK_DIR}/mountpoint
|
||||||
|
rsync --exclude=/live/filesystem.squashfs -a ${WORK_DIR}/mountpoint/ ${WORK_DIR}/cd
|
||||||
|
|
||||||
|
mkdir -p ${WORK_DIR}/squashfs
|
||||||
|
mount -t squashfs -o loop ${WORK_DIR}/mountpoint/live/filesystem.squashfs ${WORK_DIR}/squashfs
|
||||||
|
cp -a ${WORK_DIR}/squashfs/* ${CHROOT_DIR}
|
||||||
|
umount ${WORK_DIR}/squashfs
|
||||||
|
rmdir ${WORK_DIR}/squashfs
|
||||||
|
|
||||||
|
umount ${WORK_DIR}/mountpoint
|
||||||
|
rmdir ${WORK_DIR}/mountpoint
|
||||||
|
|
||||||
|
# TODO: move setup here, teardown to target 'image'
|
||||||
|
|
||||||
|
chroot:
|
||||||
|
mount --bind /dev ${CHROOT_DIR}/dev
|
||||||
|
mount --bind /dev/pts ${CHROOT_DIR}/dev/pts
|
||||||
|
mount --bind /proc ${CHROOT_DIR}/proc
|
||||||
|
|
||||||
|
cp /etc/resolv.conf /etc/hosts ${CHROOT_DIR}/etc/
|
||||||
|
|
||||||
|
# boot menu
|
||||||
|
cp isolinux/clearnet486.cfg ${ISOLINUX_DIR}/
|
||||||
|
cp isolinux/clearnetamd64.cfg ${ISOLINUX_DIR}/
|
||||||
|
cp isolinux/live486.cfg ${ISOLINUX_DIR}/
|
||||||
|
cp isolinux/liveamd64.cfg ${ISOLINUX_DIR}/
|
||||||
|
|
||||||
|
# for chroot work
|
||||||
|
cp Makefile.guest ${CHROOT_DIR}/Makefile
|
||||||
|
mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled
|
||||||
|
echo 'rootfs / rootfs rw 0 0' > ${CHROOT_DIR}/etc/mtab
|
||||||
|
|
||||||
|
mkdir -p ${CHROOT_DIR}/etc/openvpn
|
||||||
|
# prep for openvpn testing
|
||||||
|
cp openvpn/test.crt ${CHROOT_DIR}/etc/openvpn/ca.crt
|
||||||
|
|
||||||
|
cp openvpn/client.conf ${CHROOT_DIR}/etc/openvpn/ # TODO: move to Makefile.guest
|
||||||
|
cp ferm-clear.conf ${CHROOT_DIR}/etc/ferm/
|
||||||
|
cp unfermify ${CHROOT_DIR}/etc/init.d/
|
||||||
|
cp untorify ${CHROOT_DIR}/etc/init.d/
|
||||||
|
cp environment.clean ${CHROOT_DIR}/etc/ # required by untorify
|
||||||
|
|
||||||
|
chroot ${CHROOT_DIR} apt-get update
|
||||||
|
chroot ${CHROOT_DIR} apt-get install -y make
|
||||||
|
chroot ${CHROOT_DIR} make
|
||||||
|
|
||||||
|
# launchers
|
||||||
|
cp yokai-openvpn-launcher ${CHROOT_DIR}/usr/local/bin/
|
||||||
|
cp yokai-sshuttle-launcher ${CHROOT_DIR}/usr/local/bin/
|
||||||
|
cp yokai-launcher ${CHROOT_DIR}/usr/local/bin/
|
||||||
|
cp yokai-launcher-nosudo ${CHROOT_DIR}/usr/local/bin/
|
||||||
|
cp 60-yokai-launcher.sh ${CHROOT_DIR}/etc/NetworkManager/dispatcher.d/
|
||||||
|
|
||||||
|
#chroot ${CHROOT_DIR} /bin/bash
|
||||||
|
|
||||||
|
# reverse the adjustments made for chroot
|
||||||
|
rm ${CHROOT_DIR}/etc/mtab
|
||||||
|
mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
|
||||||
|
rm ${CHROOT_DIR}/Makefile
|
||||||
|
|
||||||
|
umount ${CHROOT_DIR}/proc
|
||||||
|
umount ${CHROOT_DIR}/dev/pts
|
||||||
|
umount ${CHROOT_DIR}/dev
|
||||||
|
|
||||||
|
justchroot:
|
||||||
|
mount --bind /dev ${CHROOT_DIR}/dev
|
||||||
|
mount --bind /dev/pts ${CHROOT_DIR}/dev/pts
|
||||||
|
mount --bind /proc ${CHROOT_DIR}/proc
|
||||||
|
|
||||||
|
cp /etc/resolv.conf /etc/hosts ${CHROOT_DIR}/etc/
|
||||||
|
|
||||||
|
# setup
|
||||||
|
cp Makefile.guest ${CHROOT_DIR}/Makefile
|
||||||
|
mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled
|
||||||
|
echo 'rootfs / rootfs rw 0 0' | sudo tee ${CHROOT_DIR}/etc/mtab > /dev/null
|
||||||
|
|
||||||
|
chroot ${CHROOT_DIR} /bin/bash
|
||||||
|
|
||||||
|
# teardown
|
||||||
|
rm ${CHROOT_DIR}/etc/mtab
|
||||||
|
mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
|
||||||
|
rm ${CHROOT_DIR}/Makefile
|
||||||
|
|
||||||
|
umount ${CHROOT_DIR}/proc
|
||||||
|
umount ${CHROOT_DIR}/dev/pts
|
||||||
|
umount ${CHROOT_DIR}/dev
|
||||||
|
|
||||||
|
unfail:
|
||||||
|
# teardown
|
||||||
|
rm ${CHROOT_DIR}/etc/mtab
|
||||||
|
mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
|
||||||
|
rm ${CHROOT_DIR}/Makefile
|
||||||
|
|
||||||
|
umount ${CHROOT_DIR}/proc
|
||||||
|
umount ${CHROOT_DIR}/dev/pts
|
||||||
|
umount ${CHROOT_DIR}/dev
|
||||||
|
|
||||||
|
image:
|
||||||
|
mksquashfs ${CHROOT_DIR} work/cd/live/filesystem.squashfs -noappend
|
||||||
|
genisoimage -r -V "TAILS-Custom" -b isolinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -l -no-emul-boot -boot-load-size 4 -boot-info-table -o work/tails-custom.iso work/cd
|
||||||
|
isohybrid work/heads.iso --entry 4 --type 0x1c
|
||||||
|
|
||||||
|
imagecopy:
|
||||||
|
cp work/heads.iso heads-`date +%Y%m%d%H%M`.iso
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf ${WORK_DIR}
|
|
@ -0,0 +1,26 @@
|
||||||
|
default:
|
||||||
|
#apt-get upgrade -y --force-yes # Note: DumbIdea(tm)
|
||||||
|
apt-get install -y openvpn
|
||||||
|
touch /etc/openvpn/credentials
|
||||||
|
apt-get install -y ssh-askpass-gnome
|
||||||
|
#apt-get install -y network-manager-openvpn-gnome # XXX testing new approach
|
||||||
|
git clone https://github.com/apenwarr/sshuttle.git /opt/sshuttle
|
||||||
|
|
||||||
|
# XXX: for testing
|
||||||
|
apt-get install -y midori
|
||||||
|
|
||||||
|
# start ferm on 2 3 4 5 instead of S (allows for unfermify)
|
||||||
|
sed -i '/Default-Start/s/\<S\>/2 3 4 5/' /etc/init.d/ferm
|
||||||
|
insserv -r ferm
|
||||||
|
insserv ferm
|
||||||
|
# disable polipo on 3 4 5
|
||||||
|
sed -i '/Default-Start/s/2 3 4 5/2/' /etc/init.d/polipo
|
||||||
|
insserv -r polipo
|
||||||
|
insserv polipo
|
||||||
|
#insserv # update rc* after copying /etc/init.d/unfermify
|
||||||
|
|
||||||
|
insserv unfermify
|
||||||
|
insserv untorify
|
||||||
|
|
||||||
|
# fix the .ICEauthority bug
|
||||||
|
sed -i 's/^exit 0/chown -R Debian-gdm:Debian-gdm \/var\/lib\/gdm3\nexit 0/' /etc/rc.local
|
10
README
10
README
|
@ -14,9 +14,13 @@ to unpack the Tails image into work/ (automatically created). Then
|
||||||
$ sudo make chroot
|
$ sudo make chroot
|
||||||
to make changes to the image. Finally, do
|
to make changes to the image. Finally, do
|
||||||
$ sudo make image
|
$ sudo make image
|
||||||
to build the new ISO from the working dir. ISO should appear as
|
to build the new ISO from the working dir. It should appear as
|
||||||
heads-TIMESTAMP.iso.
|
work/heads.iso. To get the timestamped version, do
|
||||||
|
$ sudo make imagecopy
|
||||||
|
(simply copies the image to ./heads-TIMESTAMP.iso).
|
||||||
|
|
||||||
Known issues
|
Known issues
|
||||||
------------
|
------------
|
||||||
WIP
|
(Work in progress)
|
||||||
|
- unhack the tor-browser to provide working Iceweasel experience in
|
||||||
|
VPN/SSH/direct modes
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
client
|
||||||
|
auth-user-pass /etc/openvpn/credentials
|
||||||
|
dev tun
|
||||||
|
proto udp
|
||||||
|
remote hackerspace.pl 20001
|
||||||
|
resolv-retry infinite
|
||||||
|
nobind
|
||||||
|
|
||||||
|
log /var/log/openvpn.client.log
|
||||||
|
|
||||||
|
#user nobody
|
||||||
|
#group nobody
|
||||||
|
|
||||||
|
persist-key
|
||||||
|
persist-tun
|
||||||
|
|
||||||
|
ca /etc/openvpn/ca.crt
|
||||||
|
|
||||||
|
ns-cert-type server
|
||||||
|
|
||||||
|
comp-lzo
|
||||||
|
|
||||||
|
script-security 2
|
||||||
|
up /etc/openvpn/update-resolv-conf
|
||||||
|
down /etc/openvpn/update-resolv-conf
|
||||||
|
|
||||||
|
verb 3
|
||||||
|
|
||||||
|
redirect-gateway def1
|
|
@ -0,0 +1,24 @@
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEATCCA2qgAwIBAgIJAOeMKeXDIl0cMA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD
|
||||||
|
VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxETAPBgNVBAcTCFdhcnN6YXdh
|
||||||
|
MR0wGwYDVQQKExRIYWNrZXJzcGFjZSBXYXJzemF3YTEPMA0GA1UECxMGaXRhbmlj
|
||||||
|
MQ8wDQYDVQQDEwZpdGFuaWMxDzANBgNVBCkTBml0YW5pYzEoMCYGCSqGSIb3DQEJ
|
||||||
|
ARYZaG9zdG1hc3RlckBoYWNrZXJzcGFjZS5wbDAeFw0xMjAzMDgwMDE4NDBaFw0y
|
||||||
|
MjAzMDYwMDE4NDBaMIGyMQswCQYDVQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNr
|
||||||
|
aWUxETAPBgNVBAcTCFdhcnN6YXdhMR0wGwYDVQQKExRIYWNrZXJzcGFjZSBXYXJz
|
||||||
|
emF3YTEPMA0GA1UECxMGaXRhbmljMQ8wDQYDVQQDEwZpdGFuaWMxDzANBgNVBCkT
|
||||||
|
Bml0YW5pYzEoMCYGCSqGSIb3DQEJARYZaG9zdG1hc3RlckBoYWNrZXJzcGFjZS5w
|
||||||
|
bDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4s7pSdaNEzc7dh5YYgBtSa8v
|
||||||
|
TOPOjPVMBbfdqVQerTrG9Vg9mc2p+v630yCaxUrXYu6oNYlFkq/4qB5wosACyhIp
|
||||||
|
DUwaDdwlBCF26dBBFtVvLEoWkvBaZCYJqcqoPwuk9Ws4Db0tbbOPgVi7mwG4y7dd
|
||||||
|
j7F3tzn/yqhQFJSabv8CAwEAAaOCARswggEXMB0GA1UdDgQWBBSBVgtOU89it/lb
|
||||||
|
sBzRQa0u5DKaATCB5wYDVR0jBIHfMIHcgBSBVgtOU89it/lbsBzRQa0u5DKaAaGB
|
||||||
|
uKSBtTCBsjELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMREwDwYD
|
||||||
|
VQQHEwhXYXJzemF3YTEdMBsGA1UEChMUSGFja2Vyc3BhY2UgV2Fyc3phd2ExDzAN
|
||||||
|
BgNVBAsTBml0YW5pYzEPMA0GA1UEAxMGaXRhbmljMQ8wDQYDVQQpEwZpdGFuaWMx
|
||||||
|
KDAmBgkqhkiG9w0BCQEWGWhvc3RtYXN0ZXJAaGFja2Vyc3BhY2UucGyCCQDnjCnl
|
||||||
|
wyJdHDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADD3Hqnp6rXTa74L
|
||||||
|
Zx/uhm5VemwpYZGbsI2BA80FFIJcMiG/9154aT+dWXrkDKuZPeiPHD1uBfFDIQas
|
||||||
|
/aFBWII9q9mZdr74wdSsZg93jKn0xT4+1ioATUvVNSRCxfARfFVR+AfszhlKpZFl
|
||||||
|
yfpMKmVpmJl0F8qf4pj/VmCshyOY
|
||||||
|
-----END CERTIFICATE-----
|
Loading…
Reference in New Issue