summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorczesiek <czesiek@hackerspace.pl>2014-11-01 18:48:56 +0100
committerczesiek <czesiek@hackerspace.pl>2014-11-01 18:48:56 +0100
commit52c7530e806df0603a7ea0164eb54ef4b4035b22 (patch)
treefefe737367958af20f4b8dd6222351aeed844d0a
parent050c409f4cbdc9dec6a13bcc755a44706730a238 (diff)
downloadheads-52c7530e806df0603a7ea0164eb54ef4b4035b22.tar.gz
heads-52c7530e806df0603a7ea0164eb54ef4b4035b22.tar.bz2
heads-52c7530e806df0603a7ea0164eb54ef4b4035b22.zip
Added the OpenVPN files and Makefile, Makefile.guest.
Updated the README.
-rw-r--r--Makefile116
-rw-r--r--Makefile.guest26
-rw-r--r--README10
-rw-r--r--openvpn/client.conf29
-rw-r--r--openvpn/test.crt24
5 files changed, 202 insertions, 3 deletions
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..9ad59b3
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,116 @@
+UPSTREAM_ISO_NAME=tails-i386-1.2.iso
+WORK_DIR=work
+CHROOT_DIR=${WORK_DIR}/chroot
+ISOLINUX_DIR=${WORK_DIR}/cd/isolinux
+
+setup:
+ mkdir -p ${CHROOT_DIR} ${WORK_DIR}/cd
+
+ mkdir -p ${WORK_DIR}/mountpoint
+ mount -o loop upstream/${UPSTREAM_ISO_NAME} ${WORK_DIR}/mountpoint
+ rsync --exclude=/live/filesystem.squashfs -a ${WORK_DIR}/mountpoint/ ${WORK_DIR}/cd
+
+ mkdir -p ${WORK_DIR}/squashfs
+ mount -t squashfs -o loop ${WORK_DIR}/mountpoint/live/filesystem.squashfs ${WORK_DIR}/squashfs
+ cp -a ${WORK_DIR}/squashfs/* ${CHROOT_DIR}
+ umount ${WORK_DIR}/squashfs
+ rmdir ${WORK_DIR}/squashfs
+
+ umount ${WORK_DIR}/mountpoint
+ rmdir ${WORK_DIR}/mountpoint
+
+ # TODO: move setup here, teardown to target 'image'
+
+chroot:
+ mount --bind /dev ${CHROOT_DIR}/dev
+ mount --bind /dev/pts ${CHROOT_DIR}/dev/pts
+ mount --bind /proc ${CHROOT_DIR}/proc
+
+ cp /etc/resolv.conf /etc/hosts ${CHROOT_DIR}/etc/
+
+ # boot menu
+ cp isolinux/clearnet486.cfg ${ISOLINUX_DIR}/
+ cp isolinux/clearnetamd64.cfg ${ISOLINUX_DIR}/
+ cp isolinux/live486.cfg ${ISOLINUX_DIR}/
+ cp isolinux/liveamd64.cfg ${ISOLINUX_DIR}/
+
+ # for chroot work
+ cp Makefile.guest ${CHROOT_DIR}/Makefile
+ mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled
+ echo 'rootfs / rootfs rw 0 0' > ${CHROOT_DIR}/etc/mtab
+
+ mkdir -p ${CHROOT_DIR}/etc/openvpn
+ # prep for openvpn testing
+ cp openvpn/test.crt ${CHROOT_DIR}/etc/openvpn/ca.crt
+
+ cp openvpn/client.conf ${CHROOT_DIR}/etc/openvpn/ # TODO: move to Makefile.guest
+ cp ferm-clear.conf ${CHROOT_DIR}/etc/ferm/
+ cp unfermify ${CHROOT_DIR}/etc/init.d/
+ cp untorify ${CHROOT_DIR}/etc/init.d/
+ cp environment.clean ${CHROOT_DIR}/etc/ # required by untorify
+
+ chroot ${CHROOT_DIR} apt-get update
+ chroot ${CHROOT_DIR} apt-get install -y make
+ chroot ${CHROOT_DIR} make
+
+ # launchers
+ cp yokai-openvpn-launcher ${CHROOT_DIR}/usr/local/bin/
+ cp yokai-sshuttle-launcher ${CHROOT_DIR}/usr/local/bin/
+ cp yokai-launcher ${CHROOT_DIR}/usr/local/bin/
+ cp yokai-launcher-nosudo ${CHROOT_DIR}/usr/local/bin/
+ cp 60-yokai-launcher.sh ${CHROOT_DIR}/etc/NetworkManager/dispatcher.d/
+
+ #chroot ${CHROOT_DIR} /bin/bash
+
+ # reverse the adjustments made for chroot
+ rm ${CHROOT_DIR}/etc/mtab
+ mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
+ rm ${CHROOT_DIR}/Makefile
+
+ umount ${CHROOT_DIR}/proc
+ umount ${CHROOT_DIR}/dev/pts
+ umount ${CHROOT_DIR}/dev
+
+justchroot:
+ mount --bind /dev ${CHROOT_DIR}/dev
+ mount --bind /dev/pts ${CHROOT_DIR}/dev/pts
+ mount --bind /proc ${CHROOT_DIR}/proc
+
+ cp /etc/resolv.conf /etc/hosts ${CHROOT_DIR}/etc/
+
+ # setup
+ cp Makefile.guest ${CHROOT_DIR}/Makefile
+ mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled
+ echo 'rootfs / rootfs rw 0 0' | sudo tee ${CHROOT_DIR}/etc/mtab > /dev/null
+
+ chroot ${CHROOT_DIR} /bin/bash
+
+ # teardown
+ rm ${CHROOT_DIR}/etc/mtab
+ mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
+ rm ${CHROOT_DIR}/Makefile
+
+ umount ${CHROOT_DIR}/proc
+ umount ${CHROOT_DIR}/dev/pts
+ umount ${CHROOT_DIR}/dev
+
+unfail:
+ # teardown
+ rm ${CHROOT_DIR}/etc/mtab
+ mv ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy.disabled ${CHROOT_DIR}/etc/apt/apt.conf.d/0000runtime-proxy
+ rm ${CHROOT_DIR}/Makefile
+
+ umount ${CHROOT_DIR}/proc
+ umount ${CHROOT_DIR}/dev/pts
+ umount ${CHROOT_DIR}/dev
+
+image:
+ mksquashfs ${CHROOT_DIR} work/cd/live/filesystem.squashfs -noappend
+ genisoimage -r -V "TAILS-Custom" -b isolinux/isolinux.bin -c isolinux/boot.cat -cache-inodes -J -l -no-emul-boot -boot-load-size 4 -boot-info-table -o work/tails-custom.iso work/cd
+ isohybrid work/heads.iso --entry 4 --type 0x1c
+
+imagecopy:
+ cp work/heads.iso heads-`date +%Y%m%d%H%M`.iso
+
+clean:
+ rm -rf ${WORK_DIR}
diff --git a/Makefile.guest b/Makefile.guest
new file mode 100644
index 0000000..872d6ae
--- /dev/null
+++ b/Makefile.guest
@@ -0,0 +1,26 @@
+default:
+ #apt-get upgrade -y --force-yes # Note: DumbIdea(tm)
+ apt-get install -y openvpn
+ touch /etc/openvpn/credentials
+ apt-get install -y ssh-askpass-gnome
+ #apt-get install -y network-manager-openvpn-gnome # XXX testing new approach
+ git clone https://github.com/apenwarr/sshuttle.git /opt/sshuttle
+
+ # XXX: for testing
+ apt-get install -y midori
+
+ # start ferm on 2 3 4 5 instead of S (allows for unfermify)
+ sed -i '/Default-Start/s/\<S\>/2 3 4 5/' /etc/init.d/ferm
+ insserv -r ferm
+ insserv ferm
+ # disable polipo on 3 4 5
+ sed -i '/Default-Start/s/2 3 4 5/2/' /etc/init.d/polipo
+ insserv -r polipo
+ insserv polipo
+ #insserv # update rc* after copying /etc/init.d/unfermify
+
+ insserv unfermify
+ insserv untorify
+
+ # fix the .ICEauthority bug
+ sed -i 's/^exit 0/chown -R Debian-gdm:Debian-gdm \/var\/lib\/gdm3\nexit 0/' /etc/rc.local
diff --git a/README b/README
index 6dadea0..d05b9a8 100644
--- a/README
+++ b/README
@@ -14,9 +14,13 @@ to unpack the Tails image into work/ (automatically created). Then
$ sudo make chroot
to make changes to the image. Finally, do
$ sudo make image
-to build the new ISO from the working dir. ISO should appear as
-heads-TIMESTAMP.iso.
+to build the new ISO from the working dir. It should appear as
+work/heads.iso. To get the timestamped version, do
+ $ sudo make imagecopy
+(simply copies the image to ./heads-TIMESTAMP.iso).
Known issues
------------
-WIP
+(Work in progress)
+ - unhack the tor-browser to provide working Iceweasel experience in
+ VPN/SSH/direct modes
diff --git a/openvpn/client.conf b/openvpn/client.conf
new file mode 100644
index 0000000..b43e3db
--- /dev/null
+++ b/openvpn/client.conf
@@ -0,0 +1,29 @@
+client
+auth-user-pass /etc/openvpn/credentials
+dev tun
+proto udp
+remote hackerspace.pl 20001
+resolv-retry infinite
+nobind
+
+log /var/log/openvpn.client.log
+
+#user nobody
+#group nobody
+
+persist-key
+persist-tun
+
+ca /etc/openvpn/ca.crt
+
+ns-cert-type server
+
+comp-lzo
+
+script-security 2
+up /etc/openvpn/update-resolv-conf
+down /etc/openvpn/update-resolv-conf
+
+verb 3
+
+redirect-gateway def1
diff --git a/openvpn/test.crt b/openvpn/test.crt
new file mode 100644
index 0000000..3bff449
--- /dev/null
+++ b/openvpn/test.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEATCCA2qgAwIBAgIJAOeMKeXDIl0cMA0GCSqGSIb3DQEBBQUAMIGyMQswCQYD
+VQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNraWUxETAPBgNVBAcTCFdhcnN6YXdh
+MR0wGwYDVQQKExRIYWNrZXJzcGFjZSBXYXJzemF3YTEPMA0GA1UECxMGaXRhbmlj
+MQ8wDQYDVQQDEwZpdGFuaWMxDzANBgNVBCkTBml0YW5pYzEoMCYGCSqGSIb3DQEJ
+ARYZaG9zdG1hc3RlckBoYWNrZXJzcGFjZS5wbDAeFw0xMjAzMDgwMDE4NDBaFw0y
+MjAzMDYwMDE4NDBaMIGyMQswCQYDVQQGEwJQTDEUMBIGA1UECBMLTWF6b3dpZWNr
+aWUxETAPBgNVBAcTCFdhcnN6YXdhMR0wGwYDVQQKExRIYWNrZXJzcGFjZSBXYXJz
+emF3YTEPMA0GA1UECxMGaXRhbmljMQ8wDQYDVQQDEwZpdGFuaWMxDzANBgNVBCkT
+Bml0YW5pYzEoMCYGCSqGSIb3DQEJARYZaG9zdG1hc3RlckBoYWNrZXJzcGFjZS5w
+bDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4s7pSdaNEzc7dh5YYgBtSa8v
+TOPOjPVMBbfdqVQerTrG9Vg9mc2p+v630yCaxUrXYu6oNYlFkq/4qB5wosACyhIp
+DUwaDdwlBCF26dBBFtVvLEoWkvBaZCYJqcqoPwuk9Ws4Db0tbbOPgVi7mwG4y7dd
+j7F3tzn/yqhQFJSabv8CAwEAAaOCARswggEXMB0GA1UdDgQWBBSBVgtOU89it/lb
+sBzRQa0u5DKaATCB5wYDVR0jBIHfMIHcgBSBVgtOU89it/lbsBzRQa0u5DKaAaGB
+uKSBtTCBsjELMAkGA1UEBhMCUEwxFDASBgNVBAgTC01hem93aWVja2llMREwDwYD
+VQQHEwhXYXJzemF3YTEdMBsGA1UEChMUSGFja2Vyc3BhY2UgV2Fyc3phd2ExDzAN
+BgNVBAsTBml0YW5pYzEPMA0GA1UEAxMGaXRhbmljMQ8wDQYDVQQpEwZpdGFuaWMx
+KDAmBgkqhkiG9w0BCQEWGWhvc3RtYXN0ZXJAaGFja2Vyc3BhY2UucGyCCQDnjCnl
+wyJdHDAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4GBADD3Hqnp6rXTa74L
+Zx/uhm5VemwpYZGbsI2BA80FFIJcMiG/9154aT+dWXrkDKuZPeiPHD1uBfFDIQas
+/aFBWII9q9mZdr74wdSsZg93jKn0xT4+1ioATUvVNSRCxfARfFVR+AfszhlKpZFl
+yfpMKmVpmJl0F8qf4pj/VmCshyOY
+-----END CERTIFICATE-----